[CIFS] Warn on requesting default security (ntlm) on mount (d9b94201) · Commits · 戴 / test

Warn once if default security (ntlm) requested. We will update the default to the stronger security mechanism (ntlmv2) in 2.6.41. Kerberos is also stronger than ntlm, but more servers support ntlmv2 and ntlmv2 does not require an upcall, so ntlmv2 is a better default. Reviewed-by:

Jeff Layton <jlayton@redhat.com> CC: Suresh Jayaraman <sjayaraman@suse.de> Reviewed-by:

Shirish Pargaonkar <shirishp@us.ibm.com> Signed-off-by:

Steve French <sfrench@us.ibm.com>

fs/cifs/connect.c

+11 −0

Original line number	Diff line number	Diff line
		@@ -1854,6 +1854,8 @@ cifs_put_smb_ses(struct cifsSesInfo *ses)
		cifs_put_tcp_session(server);
		}

		static bool warned_on_ntlm; /* globals init to false automatically */

		static struct cifsSesInfo *
		cifs_get_smb_ses(struct TCP_Server_Info server, struct smb_vol volume_info)
		{
		@@ -1928,6 +1930,15 @@ cifs_get_smb_ses(struct TCP_Server_Info server, struct smb_vol volume_info)
		}
		ses->cred_uid = volume_info->cred_uid;
		ses->linux_uid = volume_info->linux_uid;

		/* ntlmv2 is much stronger than ntlm security, and has been broadly
		supported for many years, time to update default security mechanism */
		if ((volume_info->secFlg == 0) && warned_on_ntlm == false) {
		warned_on_ntlm = true;
		cERROR(1, "default security mechanism requested. The default "
		"security mechanism will be upgraded from ntlm to "
		"ntlmv2 in kernel release 2.6.41");
		}
		ses->overrideSecFlg = volume_info->secFlg;

		mutex_lock(&ses->session_mutex);

Admin message