smb3: on kerberos mount if server doesn't specify auth type use krb5 commit 926674de6705f0f1dbf29a62fd758d0977f535d6 upstream. Some servers (e.g. Azure) do not include a spnego blob in the SMB3 negotiate protocol response, so on kerberos mounts ("sec=krb5") we can fail, as we expected the server to list its supported auth types (OIDs in the spnego blob in the negprot response). Change this so that on krb5 mounts we default to trying krb5 if the server doesn't list its supported protocol mechanisms. Signed-off-by: Steve French <stfrench@microsoft.com> Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com> CC: Stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

commit: 8ad964c6cfb7cf3475606d2f87291798361e5bca [log] [tgz]
author: Steve French <stfrench@microsoft.com> Sun Oct 28 13:13:23 2018 -0500
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Tue Nov 13 11:17:01 2018 -0800
tree: 552d6ff173c6e565796ac03739bb1315637e810f
parent: 883f97972394cac488b532c900bd9b4dc83bd6a0 [diff]
diff --git a/fs/cifs/cifs_spnego.c b/fs/cifs/cifs_spnego.c
index b611fc2..7f01c6e 100644
--- a/fs/cifs/cifs_spnego.c
+++ b/fs/cifs/cifs_spnego.c

@@ -147,8 +147,10 @@
 		sprintf(dp, ";sec=krb5");
 	else if (server->sec_mskerberos)
 		sprintf(dp, ";sec=mskrb5");
-	else
-		goto out;
+	else {
+		cifs_dbg(VFS, "unknown or missing server auth type, use krb5\n");
+		sprintf(dp, ";sec=krb5");
+	}
 
 	dp = description + strlen(description);
 	sprintf(dp, ";uid=0x%x",
commit	8ad964c6cfb7cf3475606d2f87291798361e5bca	[log] [tgz]
author	Steve French <stfrench@microsoft.com>	Sun Oct 28 13:13:23 2018 -0500
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	Tue Nov 13 11:17:01 2018 -0800
tree	552d6ff173c6e565796ac03739bb1315637e810f
parent	883f97972394cac488b532c900bd9b4dc83bd6a0 [diff]