[PATCH] smb3: on kerberos mount if server doesn't specify auth type use krb5

Steve French smfrench at gmail.com
Sun Oct 28 18:24:34 UTC 2018

Some servers (e.g. Azure) do not include a spnego blob in the SMB3
negotiate protocol response, so on kerberos mounts ("sec=krb5")
we can fail, as we expected the server to list its supported
auth types (OIDs in the spnego blob in the negprot response).
Change this so that on krb5 mounts we default to trying krb5 if the
server doesn't list its supported protocol mechanisms.

Signed-off-by: Steve French <stfrench at microsoft.com>
 fs/cifs/cifs_spnego.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/fs/cifs/cifs_spnego.c b/fs/cifs/cifs_spnego.c
index b611fc2e8984..7f01c6e60791 100644
--- a/fs/cifs/cifs_spnego.c
+++ b/fs/cifs/cifs_spnego.c
@@ -147,8 +147,10 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo)
         sprintf(dp, ";sec=krb5");
     else if (server->sec_mskerberos)
         sprintf(dp, ";sec=mskrb5");
-    else
-        goto out;
+    else {
+        cifs_dbg(VFS, "unknown or missing server auth type, use krb5\n");
+        sprintf(dp, ";sec=krb5");
+    }

     dp = description + strlen(description);
     sprintf(dp, ";uid=0x%x",


-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-smb3-on-kerberos-mount-if-server-doesn-t-specify-aut.patch
Type: application/x-patch
Size: 1291 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20181028/4a5cd4ad/0001-smb3-on-kerberos-mount-if-server-doesn-t-specify-aut.bin>

More information about the samba-technical mailing list