From mboxrd@z Thu Jan 1 00:00:00 1970 From: L A Walsh Subject: Re: SMB2: Enforce sec= mount option Date: Thu, 12 Jan 2017 02:33:08 -0800 Message-ID: <58775B64.2030205@tlinx.org> References: <1481179577-15995-1-git-send-email-sprabhu@redhat.com> <58756A3D.6000705@tlinx.org> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit To: Scott Lovenberg , linux-cifs Return-path: In-Reply-To: Sender: linux-cifs-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org List-ID: Scott Lovenberg wrote: > It'd take a tiny bit of messing with the command line parser, but I'd > be for that. As a gesture of good faith, since I raised the issue, > I'd be willing to submit the patch set for mount.cifs to support this > if everyone is on board. I'd suggest staying away from '<' and '>' --- Yeah, the '<' sent a shiver as I wrote it. find uses "-5" means '<=5', but the minus bothered me a bit, but perhaps less than the '<'. Was looking at samba's switches they allow specifying "min" and "max" for protocols, that could be written compactly with "proto=+smb1,-smb2.1", or any number of more verbose options. The options for auth+security seem a bit less regular than always specifying a range, like some options automatically disable lower security options -- I suppose specifying a 'max' isn't needed, since if once side offers a higher level that is too high for the other, the other can just NACK during the negotiation. Better get back to lurking now... ;-)