Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d9b94201 authored by Steve French's avatar Steve French
Browse files

[CIFS] Warn on requesting default security (ntlm) on mount 



Warn once if default security (ntlm) requested. We will
update the default to the stronger security mechanism
(ntlmv2) in 2.6.41.  Kerberos is also stronger than
ntlm, but more servers support ntlmv2 and ntlmv2
does not require an upcall, so ntlmv2 is a better
default.

Reviewed-by: default avatarJeff Layton <jlayton@redhat.com>
CC: Suresh Jayaraman <sjayaraman@suse.de>
Reviewed-by: default avatarShirish Pargaonkar <shirishp@us.ibm.com>
Signed-off-by: default avatarSteve French <sfrench@us.ibm.com>
parent fd88ce93

fs/cifs/connect.c

+11 −0
Original line number Diff line number Diff line
@@ -1854,6 +1854,8 @@ cifs_put_smb_ses(struct cifsSesInfo *ses) 
	cifs_put_tcp_session(server);

}



static bool warned_on_ntlm;  /* globals init to false automatically */



static struct cifsSesInfo *

cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb_vol *volume_info)

{
@@ -1928,6 +1930,15 @@ cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb_vol *volume_info) 
	}

	ses->cred_uid = volume_info->cred_uid;

	ses->linux_uid = volume_info->linux_uid;



	/* ntlmv2 is much stronger than ntlm security, and has been broadly

	supported for many years, time to update default security mechanism */

	if ((volume_info->secFlg == 0) && warned_on_ntlm == false) {

		warned_on_ntlm = true;

		cERROR(1, "default security mechanism requested.  The default "

			"security mechanism will be upgraded from ntlm to "

			"ntlmv2 in kernel release 2.6.41");

	}

	ses->overrideSecFlg = volume_info->secFlg;



	mutex_lock(&ses->session_mutex);