[linux-cifs-client] ASN support functions

Steve French smfrench at gmail.com
Fri Jun 26 18:06:09 GMT 2009


Current cifs code uses asn decoding which is loosely related to that
used by the kernel NAT code.   There are various things I find hard to
read in that, e.g. the bit flags for "primitive vs. constructed" and
tag and class all start at 0 instead of being defined using their true
values (so they have to be bit shifted back and forth). There is a
much smaller distinct implementation used by SunRPC but that is too
small to be useful.   Samba also has a (GPLv3) version, which is very
complete, but that has some user space Samba library function
dependencies, and is overly general for the narrow needs of SPNEGO
(RFC 4178) and some may find the push/pop context hard to use.  In an
earlier version of the smb2 prototype, I rewrote the asn support code,
and added support for some tags which are defined in the ASN/DER
standards documents but were missing in the other implementations, but
decided it probably wasn't worth the trouble since the missing pieces
of ASN support (primarily needed for encoding/decoding the Kerberos
blob in SessionSetup, which currently we have to do in user space) are
not that important.   With the addition of a new default security
mechanism, "Negoex" in Windows 7 (see draft rfc
http://tools.ietf.org/html/draft-zhu-negoex-01), I am not sure if we
will need additional ASN/DER parsing yet (if we even want to support
this mechanism ... no one seems to know much about it) and whether it
is worth replacing the ancient ASN parsing.



-- 
Thanks,

Steve


More information about the linux-cifs-client mailing list