[linux-cifs-client] Re: [RFC/PATCH: 2/2]: CIFS: Add kernel warning
if password length exceeds limit
Steve French
smfrench at gmail.com
Thu Jan 24 16:38:53 GMT 2008
With sec=lanman, mount should not fail if the password is too long, as
long as we only hash the first 14 bytes of it. Even if you don't have
a Windows 9x or OS/2 test server, you could simulate this to current
Windows servers by turning off support for all but the LANMAN dialect
in Linux cifs client's negprot.
On Jan 23, 2008 10:33 PM, Suresh Jayaraman <sjayaraman at suse.de> wrote:
> Steve French wrote:
> > On Jan 23, 2008 8:46 AM, Suresh Jayaraman <sjayaraman at suse.de> wrote:
> >> Add a kernel warning if password length exceeds 16 bytes in case of
> >> "sec=lanman". Also, add password length check as Windows passwords
> >> are limited to 127 bytes.
> >
> > You can define passwords longer than 127 bytes in Windows, and the 16 byte
> > length check is not correct for lanman (it is 14 for lanman).
> > See below example of adding a user (cut from Windows XP command prompt)
>
> Good catch. I think I was misled by the Windows help/Documentation which
> says: "Windows passwords can be upto 127 characters long." Thanks for
> confirming this.
>
> > I have mixed feelings about giving any information on the password
> > length, but I agree that mount.cifs should not restrict it.
>
> Do you consider this printk has a potential information leak?
>
> printk(KERN_WARNING "CIFS: password too" "long for lanman sec
> mode\n");
>
> Or may be we should just say:
>
> printk(KERN_WARNING "CIFS: password too long\n");
>
> Or making it as a debug messages (cFYI) would be better?
> But, I think if we don't let the use know somehow that the password is
> long, he will have no clue why mount is failing in case of sec=lanman.
>
>
> Thanks,
>
> --
> Suresh Jayaraman
>
--
Thanks,
Steve
More information about the linux-cifs-client
mailing list