summaryrefslogtreecommitdiff
path: root/fs/cifs/connect.c
diff options
context:
space:
mode:
authorSteve French <smfrench@gmail.com>2012-11-25 00:07:44 -0600
committerSteve French <smfrench@gmail.com>2012-12-05 13:07:13 -0600
commit81bcd8b795229c70d7244898efe282846e3b14ce (patch)
treebc33b84ee0714960b7900dae48b1f55f67018854 /fs/cifs/connect.c
parent27d7c2a006a81c04fab00b8cd81b99af3b32738d (diff)
downloadlinux-3.10-81bcd8b795229c70d7244898efe282846e3b14ce.tar.gz
linux-3.10-81bcd8b795229c70d7244898efe282846e3b14ce.tar.bz2
linux-3.10-81bcd8b795229c70d7244898efe282846e3b14ce.zip
default authentication needs to be at least ntlmv2 security for cifs mounts
We had planned to upgrade to ntlmv2 security a few releases ago, and have been warning users in dmesg on mount about the impending upgrade, but had to make a change (to use nltmssp with ntlmv2) due to testing issues with some non-Windows, non-Samba servers. The approach in this patch is simpler than earlier patches, and changes the default authentication mechanism to ntlmv2 password hashes (encapsulated in ntlmssp) from ntlm (ntlm is too weak for current use and ntlmv2 has been broadly supported for many, many years). Signed-off-by: Steve French <smfrench@gmail.com> Acked-by: Jeff Layton <jlayton@redhat.com>
Diffstat (limited to 'fs/cifs/connect.c')
-rw-r--r--fs/cifs/connect.c10
1 files changed, 0 insertions, 10 deletions
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 5c670b998ff..32fb50e7932 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -2397,8 +2397,6 @@ cifs_set_cifscreds(struct smb_vol *vol __attribute__((unused)),
}
#endif /* CONFIG_KEYS */
-static bool warned_on_ntlm; /* globals init to false automatically */
-
static struct cifs_ses *
cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb_vol *volume_info)
{
@@ -2475,14 +2473,6 @@ cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb_vol *volume_info)
ses->cred_uid = volume_info->cred_uid;
ses->linux_uid = volume_info->linux_uid;
- /* ntlmv2 is much stronger than ntlm security, and has been broadly
- supported for many years, time to update default security mechanism */
- if ((volume_info->secFlg == 0) && warned_on_ntlm == false) {
- warned_on_ntlm = true;
- cERROR(1, "default security mechanism requested. The default "
- "security mechanism will be upgraded from ntlm to "
- "ntlmv2 in kernel release 3.3");
- }
ses->overrideSecFlg = volume_info->secFlg;
mutex_lock(&ses->session_mutex);