summaryrefslogtreecommitdiffstats
path: root/fs/cifs/cifsglob.h
diff options
context:
space:
mode:
authorSteve French <sfrench@us.ibm.com>2009-05-06 04:16:04 +0000
committerSteve French <sfrench@us.ibm.com>2009-05-06 04:16:04 +0000
commitac68392460ffefed13020967bae04edc4d3add06 (patch)
tree9b5e43db83752e8927ee5e449dfafefe12ae1f7d /fs/cifs/cifsglob.h
parent844823cb822932d2c599abf38692e3d6a5b5a320 (diff)
[CIFS] Allow raw ntlmssp code to be enabled with sec=ntlmssp
On mount, "sec=ntlmssp" can now be specified to allow "rawntlmssp" security to be enabled during CIFS session establishment/authentication (ntlmssp used to require specifying krb5 which was counterintuitive). Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs/cifs/cifsglob.h')
-rw-r--r--fs/cifs/cifsglob.h16
1 files changed, 9 insertions, 7 deletions
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index df40ab64cd9..a61ab772c6f 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -82,8 +82,8 @@ enum securityEnum {
LANMAN, /* Legacy LANMAN auth */
NTLM, /* Legacy NTLM012 auth with NTLM hash */
NTLMv2, /* Legacy NTLM auth with NTLMv2 hash */
- RawNTLMSSP, /* NTLMSSP without SPNEGO */
- NTLMSSP, /* NTLMSSP via SPNEGO */
+ RawNTLMSSP, /* NTLMSSP without SPNEGO, NTLMv2 hash */
+ NTLMSSP, /* NTLMSSP via SPNEGO, NTLMv2 hash */
Kerberos, /* Kerberos via SPNEGO */
MSKerberos, /* MS Kerberos via SPNEGO */
};
@@ -531,6 +531,7 @@ static inline void free_dfs_info_array(struct dfs_info3_param *param,
#define CIFSSEC_MAY_PLNTXT 0
#endif /* weak passwords */
#define CIFSSEC_MAY_SEAL 0x00040 /* not supported yet */
+#define CIFSSEC_MAY_NTLMSSP 0x00080 /* raw ntlmssp with ntlmv2 */
#define CIFSSEC_MUST_SIGN 0x01001
/* note that only one of the following can be set so the
@@ -543,22 +544,23 @@ require use of the stronger protocol */
#define CIFSSEC_MUST_LANMAN 0x10010
#define CIFSSEC_MUST_PLNTXT 0x20020
#ifdef CONFIG_CIFS_UPCALL
-#define CIFSSEC_MASK 0x3F03F /* allows weak security but also krb5 */
+#define CIFSSEC_MASK 0xAF0AF /* allows weak security but also krb5 */
#else
-#define CIFSSEC_MASK 0x37037 /* current flags supported if weak */
+#define CIFSSEC_MASK 0xA70A7 /* current flags supported if weak */
#endif /* UPCALL */
#else /* do not allow weak pw hash */
#ifdef CONFIG_CIFS_UPCALL
-#define CIFSSEC_MASK 0x0F00F /* flags supported if no weak allowed */
+#define CIFSSEC_MASK 0x8F08F /* flags supported if no weak allowed */
#else
-#define CIFSSEC_MASK 0x07007 /* flags supported if no weak allowed */
+#define CIFSSEC_MASK 0x87087 /* flags supported if no weak allowed */
#endif /* UPCALL */
#endif /* WEAK_PW_HASH */
#define CIFSSEC_MUST_SEAL 0x40040 /* not supported yet */
+#define CIFSSEC_MUST_NTLMSSP 0x80080 /* raw ntlmssp with ntlmv2 */
#define CIFSSEC_DEF (CIFSSEC_MAY_SIGN | CIFSSEC_MAY_NTLM | CIFSSEC_MAY_NTLMV2)
#define CIFSSEC_MAX (CIFSSEC_MUST_SIGN | CIFSSEC_MUST_NTLMV2)
-#define CIFSSEC_AUTH_MASK (CIFSSEC_MAY_NTLM | CIFSSEC_MAY_NTLMV2 | CIFSSEC_MAY_LANMAN | CIFSSEC_MAY_PLNTXT | CIFSSEC_MAY_KRB5)
+#define CIFSSEC_AUTH_MASK (CIFSSEC_MAY_NTLM | CIFSSEC_MAY_NTLMV2 | CIFSSEC_MAY_LANMAN | CIFSSEC_MAY_PLNTXT | CIFSSEC_MAY_KRB5 | CIFSSEC_MAY_NTLMSSP)
/*
*****************************************************************
* All constants go here