[PATCH] smb3: on kerberos mount if server doesn't specify auth type use krb5

ronnie sahlberg ronniesahlberg at gmail.com
Sun Oct 28 20:06:28 UTC 2018


Reviewed-by: Ronnie Sahlberg <lsahlber at redhat.com>
On Mon, Oct 29, 2018 at 4:26 AM Steve French via samba-technical
<samba-technical at lists.samba.org> wrote:
>
> Some servers (e.g. Azure) do not include a spnego blob in the SMB3
> negotiate protocol response, so on kerberos mounts ("sec=krb5")
> we can fail, as we expected the server to list its supported
> auth types (OIDs in the spnego blob in the negprot response).
> Change this so that on krb5 mounts we default to trying krb5 if the
> server doesn't list its supported protocol mechanisms.
>
> Signed-off-by: Steve French <stfrench at microsoft.com>
> ---
>  fs/cifs/cifs_spnego.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/fs/cifs/cifs_spnego.c b/fs/cifs/cifs_spnego.c
> index b611fc2e8984..7f01c6e60791 100644
> --- a/fs/cifs/cifs_spnego.c
> +++ b/fs/cifs/cifs_spnego.c
> @@ -147,8 +147,10 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo)
>          sprintf(dp, ";sec=krb5");
>      else if (server->sec_mskerberos)
>          sprintf(dp, ";sec=mskrb5");
> -    else
> -        goto out;
> +    else {
> +        cifs_dbg(VFS, "unknown or missing server auth type, use krb5\n");
> +        sprintf(dp, ";sec=krb5");
> +    }
>
>      dp = description + strlen(description);
>      sprintf(dp, ";uid=0x%x",
>
> --
> Thanks,
>
> Steve



More information about the samba-technical mailing list