Browse Source

cifs: have decode_negTokenInit set flags in server struct

...rather than the secType. This allows us to get rid of the MSKerberos
securityEnum. The client just makes a decision at upcall time.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
master
Jeff Layton 12 years ago
committed by Steve French
parent
commit
26efa0bac9
  1. 30
      fs/cifs/asn1.c
  2. 4
      fs/cifs/cifs_spnego.c
  3. 6
      fs/cifs/cifsglob.h
  4. 2
      fs/cifs/cifsproto.h
  5. 12
      fs/cifs/cifssmb.c
  6. 2
      fs/cifs/sess.c

30
fs/cifs/asn1.c

@ -492,17 +492,13 @@ compare_oid(unsigned long *oid1, unsigned int oid1len,
int
decode_negTokenInit(unsigned char *security_blob, int length,
enum securityEnum *secType)
struct TCP_Server_Info *server)
{
struct asn1_ctx ctx;
unsigned char *end;
unsigned char *sequence_end;
unsigned long *oid = NULL;
unsigned int cls, con, tag, oidlen, rc;
bool use_ntlmssp = false;
bool use_kerberos = false;
bool use_kerberosu2u = false;
bool use_mskerberos = false;
/* cifs_dump_mem(" Received SecBlob ", security_blob, length); */
@ -599,20 +595,17 @@ decode_negTokenInit(unsigned char *security_blob, int length,
*(oid + 1), *(oid + 2), *(oid + 3));
if (compare_oid(oid, oidlen, MSKRB5_OID,
MSKRB5_OID_LEN) &&
!use_mskerberos)
use_mskerberos = true;
MSKRB5_OID_LEN))
server->sec_mskerberos = true;
else if (compare_oid(oid, oidlen, KRB5U2U_OID,
KRB5U2U_OID_LEN) &&
!use_kerberosu2u)
use_kerberosu2u = true;
KRB5U2U_OID_LEN))
server->sec_kerberosu2u = true;
else if (compare_oid(oid, oidlen, KRB5_OID,
KRB5_OID_LEN) &&
!use_kerberos)
use_kerberos = true;
KRB5_OID_LEN))
server->sec_kerberos = true;
else if (compare_oid(oid, oidlen, NTLMSSP_OID,
NTLMSSP_OID_LEN))
use_ntlmssp = true;
server->sec_ntlmssp = true;
kfree(oid);
}
@ -669,12 +662,5 @@ decode_negTokenInit(unsigned char *security_blob, int length,
cFYI(1, "Need to call asn1_octets_decode() function for %s",
ctx.pointer); /* is this UTF-8 or ASCII? */
decode_negtoken_exit:
if (use_kerberos)
*secType = Kerberos;
else if (use_mskerberos)
*secType = MSKerberos;
else if (use_ntlmssp)
*secType = RawNTLMSSP;
return 1;
}

4
fs/cifs/cifs_spnego.c

@ -133,9 +133,9 @@ cifs_get_spnego_key(struct cifsSesInfo *sesInfo)
dp = description + strlen(description);
/* for now, only sec=krb5 and sec=mskrb5 are valid */
if (server->secType == Kerberos)
if (server->sec_kerberos)
sprintf(dp, ";sec=krb5");
else if (server->secType == MSKerberos)
else if (server->sec_mskerberos)
sprintf(dp, ";sec=mskrb5");
else
goto out;

6
fs/cifs/cifsglob.h

@ -87,7 +87,6 @@ enum securityEnum {
RawNTLMSSP, /* NTLMSSP without SPNEGO, NTLMv2 hash */
/* NTLMSSP, */ /* can use rawNTLMSSP instead of NTLMSSP via SPNEGO */
Kerberos, /* Kerberos via SPNEGO */
MSKerberos, /* MS Kerberos via SPNEGO */
};
enum protocolEnum {
@ -186,6 +185,11 @@ struct TCP_Server_Info {
char ntlmv2_hash[16];
unsigned long lstrp; /* when we got last response from this server */
u16 dialect; /* dialect index that server chose */
/* extended security flavors that server supports */
bool sec_kerberos; /* supports plain Kerberos */
bool sec_mskerberos; /* supports legacy MS Kerberos */
bool sec_kerberosu2u; /* supports U2U Kerberos */
bool sec_ntlmssp; /* supports NTLMSSP */
};
/*

2
fs/cifs/cifsproto.h

@ -85,7 +85,7 @@ extern struct cifsFileInfo *find_readable_file(struct cifsInodeInfo *);
extern unsigned int smbCalcSize(struct smb_hdr *ptr);
extern unsigned int smbCalcSize_LE(struct smb_hdr *ptr);
extern int decode_negTokenInit(unsigned char *security_blob, int length,
enum securityEnum *secType);
struct TCP_Server_Info *server);
extern int cifs_convert_address(char *src, void *dst);
extern int map_smb_to_linux_error(struct smb_hdr *smb, int logErr);
extern void header_assemble(struct smb_hdr *, char /* command */ ,

12
fs/cifs/cifssmb.c

@ -597,13 +597,19 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
server->secType = RawNTLMSSP;
} else {
rc = decode_negTokenInit(pSMBr->u.extended_response.
SecurityBlob,
count - 16,
&server->secType);
SecurityBlob, count - 16,
server);
if (rc == 1)
rc = 0;
else
rc = -EINVAL;
if (server->sec_kerberos || server->sec_mskerberos)
server->secType = Kerberos;
else if (server->sec_ntlmssp)
server->secType = RawNTLMSSP;
else
rc = -EOPNOTSUPP;
}
} else
server->capabilities &= ~CAP_EXTENDED_SECURITY;

2
fs/cifs/sess.c

@ -751,7 +751,7 @@ ssetup_ntlmssp_authenticate:
unicode_ssetup_strings(&bcc_ptr, ses, nls_cp);
} else
ascii_ssetup_strings(&bcc_ptr, ses, nls_cp);
} else if (type == Kerberos || type == MSKerberos) {
} else if (type == Kerberos) {
#ifdef CONFIG_CIFS_UPCALL
struct cifs_spnego_msg *msg;
spnego_key = cifs_get_spnego_key(ses);

Loading…
Cancel
Save