From: Steve French <smfrench-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: "linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Fwd: [PATCH] SMB2: Enforce sec= mount option
Date: Tue, 10 Jan 2017 14:23:09 -0600 [thread overview]
Message-ID: <CAH2r5mvcuhR+C==5ouB1XUUK-7JEc=SH3tt=96g50eEmuVd24A@mail.gmail.com> (raw)
In-Reply-To: <CAH2r5msW1Z1j3J+c3RF7NAH9ChKxy2GajKNp7AUxF4sfeZPXUA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
---------- Forwarded message ----------
From: Steve French <smfrench-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Date: Tue, Jan 10, 2017 at 2:21 PM
Subject: Re: [PATCH] SMB2: Enforce sec= mount option
To: Sachin Prabhu <sprabhu-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: linux-cifs <linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Thinking about this a little more - the only minor correction I would
suggest is that NTLMv2 might as well continue to map to RawNTLMSSP
(since they have similar meanings, ie ntlmv2 hash) - but we could
error out on the others (other than krb5)
On Thu, Dec 8, 2016 at 12:46 AM, Sachin Prabhu <sprabhu-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> wrote:
>
> If the security type specified using a mount option is not supported,
> the SMB2 session setup code changes the security type to RawNTLMSSP. We
> should instead fail the mount and return an error.
>
> Signed-off-by: Sachin Prabhu <sprabhu-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> ---
> fs/cifs/smb2pdu.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
> index 5ca5ea46..e66fad6 100644
> --- a/fs/cifs/smb2pdu.c
> +++ b/fs/cifs/smb2pdu.c
> @@ -955,7 +955,8 @@ SMB2_sess_auth_rawntlmssp_authenticate(struct SMB2_sess_data *sess_data)
> static int
> SMB2_select_sec(struct cifs_ses *ses, struct SMB2_sess_data *sess_data)
> {
> - if (ses->sectype != Kerberos && ses->sectype != RawNTLMSSP)
> + /* Default sec type is set to RawNTLMSSP */
> + if (ses->sectype == Unspecified)
> ses->sectype = RawNTLMSSP;
>
> switch (ses->sectype) {
> --
> 2.7.4
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Thanks,
Steve
--
Thanks,
Steve
next prev parent reply other threads:[~2017-01-10 20:23 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-08 6:46 [PATCH] SMB2: Enforce sec= mount option Sachin Prabhu
[not found] ` <CAH2r5msW1Z1j3J+c3RF7NAH9ChKxy2GajKNp7AUxF4sfeZPXUA@mail.gmail.com>
[not found] ` <CAH2r5msW1Z1j3J+c3RF7NAH9ChKxy2GajKNp7AUxF4sfeZPXUA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-01-10 20:23 ` Steve French [this message]
[not found] ` <1481179577-15995-1-git-send-email-sprabhu-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-12-08 8:06 ` Scott Lovenberg
[not found] ` <CAFB9KM0oPPm4bYyKd75Yjy-2kCZ=0UTpwn=ONCRo0g5waNa6AA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-12-08 9:03 ` Sachin Prabhu
[not found] ` <1481187800.4195.19.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-12-08 9:14 ` Scott Lovenberg
2017-01-11 11:45 ` Germano Percossi
[not found] ` <c0748fb1-4161-ea0f-3f6d-b0705bb83a9d-Sxgqhf6Nn4DQT0dZR+AlfA@public.gmane.org>
2017-01-11 12:17 ` Sachin Prabhu
[not found] ` <1484137071.29387.9.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-01-11 17:48 ` Scott Lovenberg
[not found] ` <CAH2r5mvU4_O_epw8tTPOHV3UVRyi9eNmE85cFPGVDGR8twQiZg@mail.gmail.com>
[not found] ` <CAH2r5mvU4_O_epw8tTPOHV3UVRyi9eNmE85cFPGVDGR8twQiZg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-01-11 17:59 ` Fwd: " Steve French
2017-01-10 23:11 ` L A Walsh
[not found] ` <58756A3D.6000705-gT3AUAsYRbTYtjvyW6yDsg@public.gmane.org>
2017-01-11 10:46 ` Aurélien Aptel
2017-01-11 21:02 ` Scott Lovenberg
[not found] ` <CAFB9KM3S+p3sU26LKGwqaZ_3g4gkPPzEFzohwAFOa-PZPqZTAQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-01-12 4:23 ` Steve French
2017-01-12 10:33 ` L A Walsh
2017-01-16 5:49 ` Sachin Prabhu
2017-01-10 23:30 ` L A Walsh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAH2r5mvcuhR+C==5ouB1XUUK-7JEc=SH3tt=96g50eEmuVd24A@mail.gmail.com' \
--to=smfrench-re5jqeeqqe8avxtiumwx3w@public.gmane.org \
--cc=linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.