smb3: on kerberos mount if server doesn't specify auth type use krb5
authorSteve French <stfrench@microsoft.com>
Sun, 28 Oct 2018 18:13:23 +0000 (13:13 -0500)
committerSteve French <stfrench@microsoft.com>
Fri, 2 Nov 2018 19:09:41 +0000 (14:09 -0500)
Some servers (e.g. Azure) do not include a spnego blob in the SMB3
negotiate protocol response, so on kerberos mounts ("sec=krb5")
we can fail, as we expected the server to list its supported
auth types (OIDs in the spnego blob in the negprot response).
Change this so that on krb5 mounts we default to trying krb5 if the
server doesn't list its supported protocol mechanisms.

Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
CC: Stable <stable@vger.kernel.org>
fs/cifs/cifs_spnego.c

index b611fc2e8984e0fce26c08367b1306764685054a..7f01c6e607918d4e1356a9e7d305113777910089 100644 (file)
@@ -147,8 +147,10 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo)
                sprintf(dp, ";sec=krb5");
        else if (server->sec_mskerberos)
                sprintf(dp, ";sec=mskrb5");
-       else
-               goto out;
+       else {
+               cifs_dbg(VFS, "unknown or missing server auth type, use krb5\n");
+               sprintf(dp, ";sec=krb5");
+       }
 
        dp = description + strlen(description);
        sprintf(dp, ";uid=0x%x",