[PATCH]: mount.cifs: Allows passwords of length upto 127 bytes

Suresh Jayaraman sjayaraman at suse.de
Thu Feb 28 06:24:46 GMT 2008

Andrew Bartlett wrote:
> On Wed, 2008-02-27 at 23:14 +0530, Suresh Jayaraman wrote:

>> However, the Windows versions above Windows 98 (Windows 2000, XP and
>> above including Samba), support passwords up to 127 characters. NTLM
>> passwords are limited only in GUI
> Only in the GUI on NT4 as I understand it. 

Yes, only in NT4.
>> The above patch was already discussed in linux-cifs-client mailing
>> list. But, Steve was little unsure about the associated kernel patch
>> which adds a kernel warning if the length exceeds. Re-posting the 
>> mount.cifs patch alone (Ccing samba-technical as well).
> It seems entirely reasonable not to have any limit here, except to
> prevent abuse.  If MD4 can handle it, then it's a valid password.  
> If you were so silly as to force lanman encryption with the long
> password, only the first 14 DOS bytes would be used, so Samba just
> disables that weak encryption in this case (as it makes no sense). 

Exactly. This was why the kernel patch posted along with this in previous
try, added a warning (but still allows mount to proceed) like the one

@@ -988,6 +988,9 @@ cifs_parse_mount_options(char *options, const char *devname,
 				vol->secFlg |= CIFSSEC_MAY_NTLMV2;
 			} else if (strnicmp(value, "lanman", 6) == 0) {
+				if (strnlen(vol->password, 15) >= 15)
+					printk(KERN_WARNING "CIFS: password "
+					       "longer than 14, truncated\n");
 				vol->secFlg |= CIFSSEC_MAY_LANMAN;

However, Steve French wrote:

>> I have mixed feelings about giving any information on the password
>> length, but I agree that mount.cifs should not restrict it.

I'm wondering whether the right thing to do here is to warn the user about
this or just be silent and don't provide any information on password length.

Would appreciate any inputs, suggestions. 


Suresh Jayaraman

More information about the samba-technical mailing list