[PATCH] smb3: on kerberos mount if server doesn't specify auth type use krb5
ronnie sahlberg
ronniesahlberg at gmail.com
Sun Oct 28 20:06:28 UTC 2018
Reviewed-by: Ronnie Sahlberg <lsahlber at redhat.com>
On Mon, Oct 29, 2018 at 4:26 AM Steve French via samba-technical
<samba-technical at lists.samba.org> wrote:
>
> Some servers (e.g. Azure) do not include a spnego blob in the SMB3
> negotiate protocol response, so on kerberos mounts ("sec=krb5")
> we can fail, as we expected the server to list its supported
> auth types (OIDs in the spnego blob in the negprot response).
> Change this so that on krb5 mounts we default to trying krb5 if the
> server doesn't list its supported protocol mechanisms.
>
> Signed-off-by: Steve French <stfrench at microsoft.com>
> ---
> fs/cifs/cifs_spnego.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/fs/cifs/cifs_spnego.c b/fs/cifs/cifs_spnego.c
> index b611fc2e8984..7f01c6e60791 100644
> --- a/fs/cifs/cifs_spnego.c
> +++ b/fs/cifs/cifs_spnego.c
> @@ -147,8 +147,10 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo)
> sprintf(dp, ";sec=krb5");
> else if (server->sec_mskerberos)
> sprintf(dp, ";sec=mskrb5");
> - else
> - goto out;
> + else {
> + cifs_dbg(VFS, "unknown or missing server auth type, use krb5\n");
> + sprintf(dp, ";sec=krb5");
> + }
>
> dp = description + strlen(description);
> sprintf(dp, ";uid=0x%x",
>
> --
> Thanks,
>
> Steve
More information about the samba-technical
mailing list