[linux-cifs-client] [PATCH 0/2] cifs: parse mechListMIC out of
SPNEGO blob and send it to upcall
Jeff Layton
jlayton at redhat.com
Fri Aug 22 11:30:49 GMT 2008
These two patches have the client parse the mechListMIC field out of the
SPNEGO blob and send it to userspace. In "typical" SPNEGO auth, this
field is intended to hold a signature that serves as a way to verify
the integrity of the mechList. Bugs in early MS KRB5 implementations,
however caused them to put the server's principal in this field. This
information may be useful to the upcall. The idea is to try and use
this as a principal first and then fall back to constructing the
principal from the hostname if that fails.
The only substantive difference between this set and the earlier
patchset submitted to do this is that we keep around the mechListMIC
until the session is torn down in case it's useful for reconnection
attempts.
Signed-off-by: Jeff Layton <jlayton at redhat.com>
Jeff Layton (2):
cifs: parse mechListMIC out of SecurityBlob and attach to
TCP_Server_Info
cifs: add mechListMIC string to SPNEGO upcall key description
fs/cifs/asn1.c | 36 ++++++++++++++++++++++--------------
fs/cifs/cifs_spnego.c | 16 +++++++++++++++-
fs/cifs/cifsglob.h | 1 +
fs/cifs/cifsproto.h | 3 ++-
fs/cifs/cifssmb.c | 3 ++-
fs/cifs/connect.c | 1 +
6 files changed, 43 insertions(+), 17 deletions(-)
More information about the linux-cifs-client
mailing list