Re: Possible regression: unable to mount CIFS 1.0 shares from older machines since 76a3c92ec9e0668e4cd0e9ff1782eb68f61a179c
From: Thorsten Leemhuis
Date: Mon Jan 10 2022 - 07:16:05 EST
Hi, this is your Linux kernel regression tracker speaking.
On 10.01.22 06:53, Davyd McColl wrote:
>
> I'm following advice from the thread at
> https://bugzilla.kernel.org/show_bug.cgi?id=215375
> <https://bugzilla.kernel.org/show_bug.cgi?id=215375> as to how to report
> this, so please bear with me and redirect me as necessary.
>
> Since commit 76a3c92ec9e0668e4cd0e9ff1782eb68f61a179c,
FWIW, that is "cifs: remove support for NTLM and weaker authentication
algorithms"
> I'm unable to
> mount a CIFS 1.0 share ( from a media player: mede8er med600x3d, which
> runs some older linux). Apparently I'm not the only one, according to
> that thread, though the other affected party there is windows-based.
>
> I first logged this in the Gentoo bugtracker
> (https://bugs.gentoo.org/821895 <https://bugs.gentoo.org/821895>) and a
> reversion patch is available there for the time being.
>
> I understand that some of the encryption methods upon which the original
> feature relied are to be removed and, as such, the ability to mount
> these older shares was removed. This is sure to affect anyone running
> older Windows virtual machines (or older, internally-visible windows
> hosts) in addition to anyone attempting to connect to shares from
> esoteric devices like mine.
> Whilst I understand the desire to clean up code and remove dead
> branches, I'd really appreciate it if this particular feature remains
> available either by kernel configuration (which suits me fine, but is
> likely to be a hassle for anyone running a binary distribution) or via
> boot parameters. In the mean-time, I'm updating my own sync software to
> support this older device because if I can't sync media to the player,
> the device is not very useful to me.
>From my point of view this afaics looks like one of those issues where
the "no regressions" rule gets tricky. But I told Davyd to bring it
forward here to get it discussed in the open. I also wonder if some
middle-ground solution could be found in this particular case -- e.g.
one where the commit stated above gets reverted and the code then
slightly changed to only allow weaker authentication if the user
manually requests in somehow, for example using a module parameter or
something in /proc or /sys.
Ciao, Thorsten
P.S.: Anyway, getting this tracked:
#regzbot ^introduced 76a3c92ec9e0668e4cd0e9ff1782eb68f61a179c
#regzbot title cifs: unable to shares that require NTLM or weaker
authentication algorithms
#regzbot link: https://bugzilla.kernel.org/show_bug.cgi?id=215375