From: Pavel Shilovsky Date: Wed, 12 Apr 2017 20:32:07 +0000 (-0700) Subject: CIFS: Fix SMB3 mount without specifying a security mechanism X-Git-Tag: v4.11-rc7~18^2 X-Git-Url: https://git.kernelconcepts.de/?a=commitdiff_plain;h=67dbea2ce6873f8ba57988ba3e608e8bf61c347f;p=karo-tx-linux.git CIFS: Fix SMB3 mount without specifying a security mechanism Commit ef65aaede23f ("smb2: Enforce sec= mount option") changed the behavior of a mount command to enforce a specified security mechanism during mounting. On another hand according to the spec if SMB3 server doesn't respond with a security context it implies that it supports NTLMSSP. The current code doesn't keep it in mind and fails a mount for such servers if no security mechanism is specified. Fix this by indicating that a server supports NTLMSSP if a security context isn't returned during negotiate phase. This allows the code to use NTLMSSP by default for SMB3 mounts. Signed-off-by: Pavel Shilovsky Signed-off-by: Steve French --- diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 1bd5d3033fc8..02da648041fc 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -562,8 +562,10 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses) * but for time being this is our only auth choice so doesn't matter. * We just found a server which sets blob length to zero expecting raw. */ - if (blob_length == 0) + if (blob_length == 0) { cifs_dbg(FYI, "missing security blob on negprot\n"); + server->sec_ntlmssp = true; + } rc = cifs_enable_signing(server, ses->sign); if (rc)