tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag '6.10-rc7-smb3-client-fix' of git://git.samba.org/sfrench/cifs-2.6

Pull smb client fix from Steve French:
"Small fix, also for stable"

* tag '6.10-rc7-smb3-client-fix' of git://git.samba.org/sfrench/cifs-2.6:
cifs: fix setting SecurityFlags to true

Linus Torvalds d0d0cd38 528dd46d

+12 -26
+10 -24
Documentation/admin-guide/cifs/usage.rst
··· 723 723 ======================= ======================================================= 724 724 SecurityFlags Flags which control security negotiation and 725 725 also packet signing. Authentication (may/must) 726 - flags (e.g. for NTLM and/or NTLMv2) may be combined with 726 + flags (e.g. for NTLMv2) may be combined with 727 727 the signing flags. Specifying two different password 728 728 hashing mechanisms (as "must use") on the other hand 729 729 does not make much sense. Default flags are:: 730 730 731 - 0x07007 731 + 0x00C5 732 732 733 - (NTLM, NTLMv2 and packet signing allowed). The maximum 734 - allowable flags if you want to allow mounts to servers 735 - using weaker password hashes is 0x37037 (lanman, 736 - plaintext, ntlm, ntlmv2, signing allowed). Some 737 - SecurityFlags require the corresponding menuconfig 738 - options to be enabled. Enabling plaintext 739 - authentication currently requires also enabling 740 - lanman authentication in the security flags 741 - because the cifs module only supports sending 742 - laintext passwords using the older lanman dialect 743 - form of the session setup SMB. (e.g. for authentication 744 - using plain text passwords, set the SecurityFlags 745 - to 0x30030):: 733 + (NTLMv2 and packet signing allowed). Some SecurityFlags 734 + may require enabling a corresponding menuconfig option. 746 735 747 736 may use packet signing 0x00001 748 737 must use packet signing 0x01001 749 - may use NTLM (most common password hash) 0x00002 750 - must use NTLM 0x02002 751 738 may use NTLMv2 0x00004 752 739 must use NTLMv2 0x04004 753 - may use Kerberos security 0x00008 754 - must use Kerberos 0x08008 755 - may use lanman (weak) password hash 0x00010 756 - must use lanman password hash 0x10010 757 - may use plaintext passwords 0x00020 758 - must use plaintext passwords 0x20020 759 - (reserved for future packet encryption) 0x00040 740 + may use Kerberos security (krb5) 0x00008 741 + must use Kerberos 0x08008 742 + may use NTLMSSP 0x00080 743 + must use NTLMSSP 0x80080 744 + seal (packet encryption) 0x00040 745 + must seal (not implemented yet) 0x40040 760 746 761 747 cifsFYI If set to non-zero value, additional debug information 762 748 will be logged to the system error log. This field
+2 -2
fs/smb/client/cifsglob.h
··· 1918 1918 #define CIFSSEC_MUST_SEAL 0x40040 /* not supported yet */ 1919 1919 #define CIFSSEC_MUST_NTLMSSP 0x80080 /* raw ntlmssp with ntlmv2 */ 1920 1920 1921 - #define CIFSSEC_DEF (CIFSSEC_MAY_SIGN | CIFSSEC_MAY_NTLMV2 | CIFSSEC_MAY_NTLMSSP) 1922 - #define CIFSSEC_MAX (CIFSSEC_MUST_NTLMV2) 1921 + #define CIFSSEC_DEF (CIFSSEC_MAY_SIGN | CIFSSEC_MAY_NTLMV2 | CIFSSEC_MAY_NTLMSSP | CIFSSEC_MAY_SEAL) 1922 + #define CIFSSEC_MAX (CIFSSEC_MAY_SIGN | CIFSSEC_MUST_KRB5 | CIFSSEC_MAY_SEAL) 1923 1923 #define CIFSSEC_AUTH_MASK (CIFSSEC_MAY_NTLMV2 | CIFSSEC_MAY_KRB5 | CIFSSEC_MAY_NTLMSSP) 1924 1924 /* 1925 1925 *****************************************************************