[linux-cifs-client] [PATCH 2/2] cifs: add mechListMIC string to
SPNEGO upcall key description
Jeff Layton
jlayton at redhat.com
Fri Aug 22 11:30:51 GMT 2008
Signed-off-by: Jeff Layton <jlayton at redhat.com>
---
fs/cifs/cifs_spnego.c | 16 +++++++++++++++-
1 files changed, 15 insertions(+), 1 deletions(-)
diff --git a/fs/cifs/cifs_spnego.c b/fs/cifs/cifs_spnego.c
index 117ef4b..ae697a0 100644
--- a/fs/cifs/cifs_spnego.c
+++ b/fs/cifs/cifs_spnego.c
@@ -88,7 +88,9 @@ cifs_get_spnego_key(struct cifsSesInfo *sesInfo)
5 /* len of ";ipv4=" */ + MAX_IPV6_ADDR_LEN +
MAX_MECH_STR_LEN +
7 /* len of ";uid=0x" */ + (sizeof(uid_t) * 2) +
- 6 /* len of ";user=" */ + strlen(sesInfo->userName) + 1;
+ 6 /* len of ";user=" */ + strlen(sesInfo->userName) +
+ 5 /* len of ";mic=" */ + strlen(server->mechListMIC) +
+ 1 /* terminating NULL */;
spnego_key = ERR_PTR(-ENOMEM);
description = kzalloc(desc_len, GFP_KERNEL);
@@ -128,6 +130,18 @@ cifs_get_spnego_key(struct cifsSesInfo *sesInfo)
dp = description + strlen(description);
sprintf(dp, ";user=%s", sesInfo->userName);
+ /*
+ * Early MS KRB5 implementations had a bug that caused them to
+ * hijack the mechListMIC field and stuff the server's principal
+ * in it. Later versions have carried this bug for compatibility
+ * reasons. We pass this string to the upcall in case it turns
+ * out to be useful in situations where DNS isn't correct.
+ */
+ if (server->mechListMIC) {
+ dp = description + strlen(description);
+ sprintf(dp, ";mic=%s", server->mechListMIC);
+ }
+
cFYI(1, ("key description = %s", description));
spnego_key = request_key(&cifs_spnego_key_type, description, "");
--
1.5.5.1
More information about the linux-cifs-client
mailing list