[CIFS] Support for setting up SMB sessions to legacy lanman servers part 2
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index da3154f..6b5be6d 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -438,12 +438,19 @@
goto neg_err_exit;
} else if((pSMBr->hdr.WordCount == 13) &&
(pSMBr->DialectIndex == LANMAN_PROT)) {
+#ifdef CONFIG_CIFS_WEAK_PW_HASH
struct lanman_neg_rsp * rsp =
(struct lanman_neg_rsp *)pSMBr;
-
- /* BB Mark ses struct as negotiated lanman level BB */
- server->secType = LANMAN;
+ if((extended_security & CIFSSEC_MAY_LANMAN) ||
+ (extended_security & CIFSSEC_MAY_PLNTXT))
+ server->secType = LANMAN;
+ else {
+ cERROR(1, ("mount failed weak security disabled"
+ " in /proc/fs/cifs/SecurityFlags"));
+ rc = -EOPNOTSUPP;
+ goto neg_err_exit;
+ }
server->secMode = (__u8)le16_to_cpu(rsp->SecurityMode);
server->maxReq = le16_to_cpu(rsp->MaxMpxCount);
server->maxBuf = min((__u32)le16_to_cpu(rsp->MaxBufSize),
@@ -469,6 +476,11 @@
}
cFYI(1,("LANMAN negotiated")); /* BB removeme BB */
+#else /* weak security disabled */
+ cERROR(1,("mount failed, cifs module not built with "
+ "CIFS_WEAK_PW_HASH support"));
+ rc = -EOPNOTSUPP;
+#endif /* WEAK_PW_HASH */
goto neg_err_exit;
} else if(pSMBr->hdr.WordCount != 17) {
/* unknown wct */
@@ -479,8 +491,13 @@
server->secMode = pSMBr->SecurityMode;
if((server->secMode & SECMODE_USER) == 0)
cFYI(1,("share mode security"));
- server->secType = NTLM; /* BB override default for
- NTLMv2 or kerberos v5 */
+
+ if(extended_security & CIFSSEC_MUST_NTLMV2)
+ server->secType = NTLMv2;
+ else
+ server->secType = NTLM;
+ /* else krb5 ... */
+
/* one byte - no need to convert this or EncryptionKeyLen
from little endian */
server->maxReq = le16_to_cpu(pSMBr->MaxMpxCount);