diff mbox series

smb3: on kerberos mount if server doesn't specify auth type use krb5

Message ID CAH2r5mu+hvUegGSHGBaW4GZJK1KZE1Xot2UFVp8CSB8nxVDtjA@mail.gmail.com (mailing list archive)
State New, archived
Headers show
Series smb3: on kerberos mount if server doesn't specify auth type use krb5 | expand

Commit Message

Steve French Oct. 28, 2018, 6:24 p.m. UTC
Some servers (e.g. Azure) do not include a spnego blob in the SMB3
negotiate protocol response, so on kerberos mounts ("sec=krb5")
we can fail, as we expected the server to list its supported
auth types (OIDs in the spnego blob in the negprot response).
Change this so that on krb5 mounts we default to trying krb5 if the
server doesn't list its supported protocol mechanisms.

Signed-off-by: Steve French <stfrench@microsoft.com>
---
 fs/cifs/cifs_spnego.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)


--
Thanks,

Steve

Comments

ronnie sahlberg Oct. 28, 2018, 8:06 p.m. UTC | #1
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
On Mon, Oct 29, 2018 at 4:26 AM Steve French via samba-technical
<samba-technical@lists.samba.org> wrote:
>
> Some servers (e.g. Azure) do not include a spnego blob in the SMB3
> negotiate protocol response, so on kerberos mounts ("sec=krb5")
> we can fail, as we expected the server to list its supported
> auth types (OIDs in the spnego blob in the negprot response).
> Change this so that on krb5 mounts we default to trying krb5 if the
> server doesn't list its supported protocol mechanisms.
>
> Signed-off-by: Steve French <stfrench@microsoft.com>
> ---
>  fs/cifs/cifs_spnego.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/fs/cifs/cifs_spnego.c b/fs/cifs/cifs_spnego.c
> index b611fc2e8984..7f01c6e60791 100644
> --- a/fs/cifs/cifs_spnego.c
> +++ b/fs/cifs/cifs_spnego.c
> @@ -147,8 +147,10 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo)
>          sprintf(dp, ";sec=krb5");
>      else if (server->sec_mskerberos)
>          sprintf(dp, ";sec=mskrb5");
> -    else
> -        goto out;
> +    else {
> +        cifs_dbg(VFS, "unknown or missing server auth type, use krb5\n");
> +        sprintf(dp, ";sec=krb5");
> +    }
>
>      dp = description + strlen(description);
>      sprintf(dp, ";uid=0x%x",
>
> --
> Thanks,
>
> Steve
diff mbox series

Patch

diff --git a/fs/cifs/cifs_spnego.c b/fs/cifs/cifs_spnego.c
index b611fc2e8984..7f01c6e60791 100644
--- a/fs/cifs/cifs_spnego.c
+++ b/fs/cifs/cifs_spnego.c
@@ -147,8 +147,10 @@  cifs_get_spnego_key(struct cifs_ses *sesInfo)
         sprintf(dp, ";sec=krb5");
     else if (server->sec_mskerberos)
         sprintf(dp, ";sec=mskrb5");
-    else
-        goto out;
+    else {
+        cifs_dbg(VFS, "unknown or missing server auth type, use krb5\n");
+        sprintf(dp, ";sec=krb5");
+    }

     dp = description + strlen(description);
     sprintf(dp, ";uid=0x%x",