[linux-cifs-client] Re: [PATCH 5/5] cifs: distinguish between
Kerberos and MSKerberos in upcall
Steve French
smfrench at gmail.com
Tue Aug 19 19:37:18 GMT 2008
Merged after resolving merge conflict.
On Mon, Aug 18, 2008 at 2:41 PM, Jeff Layton <jlayton at redhat.com> wrote:
> Properly handle MSKRB5 by passing sec=mskrb5 to the upcall so that the
> spengo blob can be generated appropriately. Also, make
> decode_negTokenInit prefer whichever mechanism is first in the list.
>
> Signed-off-by: Jeff Layton <jlayton at redhat.com>
> ---
> fs/cifs/asn1.c | 15 ++++++++++-----
> fs/cifs/cifs_spnego.c | 4 +++-
> fs/cifs/cifsglob.h | 3 ++-
> fs/cifs/sess.c | 2 +-
> 4 files changed, 16 insertions(+), 8 deletions(-)
>
> diff --git a/fs/cifs/asn1.c b/fs/cifs/asn1.c
> index 72a99b9..616d8c2 100644
> --- a/fs/cifs/asn1.c
> +++ b/fs/cifs/asn1.c
> @@ -477,6 +477,7 @@ decode_negTokenInit(unsigned char *security_blob, int length,
> unsigned int cls, con, tag, len, rc;
> bool use_ntlmssp = false;
> bool use_kerberos = false;
> + bool use_mskerberos = false;
>
> *secType = NTLM; /* BB eventually make Kerberos or NLTMSSP the default*/
>
> @@ -575,14 +576,16 @@ decode_negTokenInit(unsigned char *security_blob, int length,
> *(oid + 1), *(oid + 2), *(oid + 3)));
>
> if (compare_oid(oid, len, MSKRB5_OID,
> - MSKRB5_OID_LEN))
> - use_kerberos = true;
> + MSKRB5_OID_LEN) &&
> + !use_kerberos)
> + use_mskerberos = true;
> else if (compare_oid(oid, len, KRB5_OID,
> - KRB5_OID_LEN))
> - use_kerberos = true;
> + KRB5_OID_LEN) &&
> + !use_mskerberos)
> + use_kerberos = true;
> else if (compare_oid(oid, len, NTLMSSP_OID,
> NTLMSSP_OID_LEN))
> - use_ntlmssp = true;
> + use_ntlmssp = true;
>
> kfree(oid);
> }
> @@ -637,6 +640,8 @@ decode_negTokenInit(unsigned char *security_blob, int length,
>
> if (use_kerberos)
> *secType = Kerberos;
> + else if (use_mskerberos)
> + *secType = MSKerberos;
> else if (use_ntlmssp)
> *secType = NTLMSSP;
>
> diff --git a/fs/cifs/cifs_spnego.c b/fs/cifs/cifs_spnego.c
> index 5a2ef2d..9b477b2 100644
> --- a/fs/cifs/cifs_spnego.c
> +++ b/fs/cifs/cifs_spnego.c
> @@ -116,9 +116,11 @@ cifs_get_spnego_key(struct cifsSesInfo *sesInfo)
>
> dp = description + strlen(description);
>
> - /* for now, only sec=krb5 is valid */
> + /* for now, only sec=krb5 and sec=mskrb5 are valid */
> if (server->secType == Kerberos)
> sprintf(dp, ";sec=krb5");
> + else if (server->secType == MSKerberos)
> + sprintf(dp, ";sec=mskrb5");
> else
> goto out;
>
> diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
> index 00879c4..d806718 100644
> --- a/fs/cifs/cifsglob.h
> +++ b/fs/cifs/cifsglob.h
> @@ -80,7 +80,8 @@ enum securityEnum {
> NTLMv2, /* Legacy NTLM auth with NTLMv2 hash */
> RawNTLMSSP, /* NTLMSSP without SPNEGO */
> NTLMSSP, /* NTLMSSP via SPNEGO */
> - Kerberos /* Kerberos via SPNEGO */
> + Kerberos, /* Kerberos via SPNEGO */
> + MSKerberos, /* MS Kerberos via SPNEGO */
> };
>
> enum protocolEnum {
> diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
> index ed150ef..3188e4d 100644
> --- a/fs/cifs/sess.c
> +++ b/fs/cifs/sess.c
> @@ -505,7 +505,7 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
> unicode_ssetup_strings(&bcc_ptr, ses, nls_cp);
> } else
> ascii_ssetup_strings(&bcc_ptr, ses, nls_cp);
> - } else if (type == Kerberos) {
> + } else if (type == Kerberos || type == MSKerberos) {
> #ifdef CONFIG_CIFS_UPCALL
> struct cifs_spnego_msg *msg;
> spnego_key = cifs_get_spnego_key(ses);
> --
> 1.5.5.1
>
>
--
Thanks,
Steve
More information about the linux-cifs-client
mailing list