[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-2938-g3d96409

Wed Aug 20 01:39:43 GMT 2008

The branch, v3-2-test has been updated
       via  3d96409c115b3ad4ef29ff75e40b39a26e316afe (commit)
      from  4ac537d1b78c915fe25c219958312cf22f3cba80 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -----------------------------------------------------------------
commit 3d96409c115b3ad4ef29ff75e40b39a26e316afe
Author: Jeff Layton <jlayton at redhat.com>
Date:   Tue Aug 19 21:35:35 2008 -0400

    cifs.upcall: handle MSKRB5 OID properly
    
    When the kernel sends the upcall a sec=mskrb5 parameter, that means
    the the MSKRB5 OID is preferred by the server. This patch fixes the
    upcall to use that OID in place of the "normal" krb5 OID when it
    gets a sec=mskrb5 parameter.
    
    Signed-off-by: Jeff Layton <jlayton at redhat.com>
    Acked-by: Steve French <smfrench at gmail.com>

-----------------------------------------------------------------------

Summary of changes:
 source/client/cifs.upcall.c |   18 +++++++++++++-----
 1 files changed, 13 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/client/cifs.upcall.c b/source/client/cifs.upcall.c
index aa5eb57..fd3ed17 100644
--- a/source/client/cifs.upcall.c
+++ b/source/client/cifs.upcall.c
@@ -29,7 +29,7 @@ create dns_resolver * * /usr/local/sbin/cifs.upcall %k
 
 #include "cifs_spnego.h"
 
-const char *CIFSSPNEGO_VERSION = "1.1";
+const char *CIFSSPNEGO_VERSION = "1.2";
 static const char *prog = "cifs.upcall";
 typedef enum _secType {
 	KRB5,
@@ -73,7 +73,7 @@ int handle_krb5_mech(const char *oid, const char *principal,
 	tkt_wrapped = spnego_gen_krb5_wrap(tkt, TOK_ID_KRB_AP_REQ);
 
 	/* and wrap that in a shiny SPNEGO wrapper */
-	*secblob = gen_negTokenInit(OID_KERBEROS5, tkt_wrapped);
+	*secblob = gen_negTokenInit(oid, tkt_wrapped);
 
 	data_blob_free(&tkt_wrapped);
 	data_blob_free(&tkt);
@@ -118,6 +118,9 @@ int decode_key_description(const char *desc, int *ver, secType_t * sec,
 			if (strncmp(tkn + 4, "krb5", 4) == 0) {
 				retval |= DKD_HAVE_SEC;
 				*sec = KRB5;
+			} else if (strncmp(tkn + 4, "mskrb5", 6) == 0) {
+				retval |= DKD_HAVE_SEC;
+				*sec = MS_KRB5;
 			}
 		} else if (strncmp(tkn, "uid=", 4) == 0) {
 			errno = 0;
@@ -219,7 +222,7 @@ int main(const int argc, char *const argv[])
 	uid_t uid;
 	int kernel_upcall_version;
 	int c, use_cifs_service_prefix = 0;
-	char *buf, *hostname = NULL;
+	char *buf, *oid, *hostname = NULL;
 
 	openlog(prog, 0, LOG_DAEMON);
 
@@ -301,6 +304,7 @@ int main(const int argc, char *const argv[])
 
 	// do mech specific authorization
 	switch (sectype) {
+	case MS_KRB5:
 	case KRB5:{
 			char *princ;
 			size_t len;
@@ -319,8 +323,12 @@ int main(const int argc, char *const argv[])
 			}
 			strlcpy(princ + 5, hostname, len - 5);
 
-			rc = handle_krb5_mech(OID_KERBEROS5, princ,
-					      &secblob, &sess_key);
+			if (sectype == MS_KRB5)
+				oid = OID_KERBEROS5_OLD;
+			else
+				oid = OID_KERBEROS5;
+
+			rc = handle_krb5_mech(oid, princ, &secblob, &sess_key);
 			SAFE_FREE(princ);
 			break;
 		}


-- 
Samba Shared Repository
