Commit 26efa0bac9dc3587ee8892c06642735bcded59e5
Committed by
Steve French
1 parent
198b568278
Exists in
master
and in
4 other branches
cifs: have decode_negTokenInit set flags in server struct
...rather than the secType. This allows us to get rid of the MSKerberos securityEnum. The client just makes a decision at upcall time. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
Showing 6 changed files with 26 additions and 30 deletions Side-by-side Diff
fs/cifs/asn1.c
... | ... | @@ -492,17 +492,13 @@ |
492 | 492 | |
493 | 493 | int |
494 | 494 | decode_negTokenInit(unsigned char *security_blob, int length, |
495 | - enum securityEnum *secType) | |
495 | + struct TCP_Server_Info *server) | |
496 | 496 | { |
497 | 497 | struct asn1_ctx ctx; |
498 | 498 | unsigned char *end; |
499 | 499 | unsigned char *sequence_end; |
500 | 500 | unsigned long *oid = NULL; |
501 | 501 | unsigned int cls, con, tag, oidlen, rc; |
502 | - bool use_ntlmssp = false; | |
503 | - bool use_kerberos = false; | |
504 | - bool use_kerberosu2u = false; | |
505 | - bool use_mskerberos = false; | |
506 | 502 | |
507 | 503 | /* cifs_dump_mem(" Received SecBlob ", security_blob, length); */ |
508 | 504 | |
509 | 505 | |
510 | 506 | |
511 | 507 | |
... | ... | @@ -599,20 +595,17 @@ |
599 | 595 | *(oid + 1), *(oid + 2), *(oid + 3)); |
600 | 596 | |
601 | 597 | if (compare_oid(oid, oidlen, MSKRB5_OID, |
602 | - MSKRB5_OID_LEN) && | |
603 | - !use_mskerberos) | |
604 | - use_mskerberos = true; | |
598 | + MSKRB5_OID_LEN)) | |
599 | + server->sec_mskerberos = true; | |
605 | 600 | else if (compare_oid(oid, oidlen, KRB5U2U_OID, |
606 | - KRB5U2U_OID_LEN) && | |
607 | - !use_kerberosu2u) | |
608 | - use_kerberosu2u = true; | |
601 | + KRB5U2U_OID_LEN)) | |
602 | + server->sec_kerberosu2u = true; | |
609 | 603 | else if (compare_oid(oid, oidlen, KRB5_OID, |
610 | - KRB5_OID_LEN) && | |
611 | - !use_kerberos) | |
612 | - use_kerberos = true; | |
604 | + KRB5_OID_LEN)) | |
605 | + server->sec_kerberos = true; | |
613 | 606 | else if (compare_oid(oid, oidlen, NTLMSSP_OID, |
614 | 607 | NTLMSSP_OID_LEN)) |
615 | - use_ntlmssp = true; | |
608 | + server->sec_ntlmssp = true; | |
616 | 609 | |
617 | 610 | kfree(oid); |
618 | 611 | } |
... | ... | @@ -669,13 +662,6 @@ |
669 | 662 | cFYI(1, "Need to call asn1_octets_decode() function for %s", |
670 | 663 | ctx.pointer); /* is this UTF-8 or ASCII? */ |
671 | 664 | decode_negtoken_exit: |
672 | - if (use_kerberos) | |
673 | - *secType = Kerberos; | |
674 | - else if (use_mskerberos) | |
675 | - *secType = MSKerberos; | |
676 | - else if (use_ntlmssp) | |
677 | - *secType = RawNTLMSSP; | |
678 | - | |
679 | 665 | return 1; |
680 | 666 | } |
fs/cifs/cifs_spnego.c
... | ... | @@ -133,9 +133,9 @@ |
133 | 133 | dp = description + strlen(description); |
134 | 134 | |
135 | 135 | /* for now, only sec=krb5 and sec=mskrb5 are valid */ |
136 | - if (server->secType == Kerberos) | |
136 | + if (server->sec_kerberos) | |
137 | 137 | sprintf(dp, ";sec=krb5"); |
138 | - else if (server->secType == MSKerberos) | |
138 | + else if (server->sec_mskerberos) | |
139 | 139 | sprintf(dp, ";sec=mskrb5"); |
140 | 140 | else |
141 | 141 | goto out; |
fs/cifs/cifsglob.h
... | ... | @@ -87,7 +87,6 @@ |
87 | 87 | RawNTLMSSP, /* NTLMSSP without SPNEGO, NTLMv2 hash */ |
88 | 88 | /* NTLMSSP, */ /* can use rawNTLMSSP instead of NTLMSSP via SPNEGO */ |
89 | 89 | Kerberos, /* Kerberos via SPNEGO */ |
90 | - MSKerberos, /* MS Kerberos via SPNEGO */ | |
91 | 90 | }; |
92 | 91 | |
93 | 92 | enum protocolEnum { |
... | ... | @@ -186,6 +185,11 @@ |
186 | 185 | char ntlmv2_hash[16]; |
187 | 186 | unsigned long lstrp; /* when we got last response from this server */ |
188 | 187 | u16 dialect; /* dialect index that server chose */ |
188 | + /* extended security flavors that server supports */ | |
189 | + bool sec_kerberos; /* supports plain Kerberos */ | |
190 | + bool sec_mskerberos; /* supports legacy MS Kerberos */ | |
191 | + bool sec_kerberosu2u; /* supports U2U Kerberos */ | |
192 | + bool sec_ntlmssp; /* supports NTLMSSP */ | |
189 | 193 | }; |
190 | 194 | |
191 | 195 | /* |
fs/cifs/cifsproto.h
... | ... | @@ -85,7 +85,7 @@ |
85 | 85 | extern unsigned int smbCalcSize(struct smb_hdr *ptr); |
86 | 86 | extern unsigned int smbCalcSize_LE(struct smb_hdr *ptr); |
87 | 87 | extern int decode_negTokenInit(unsigned char *security_blob, int length, |
88 | - enum securityEnum *secType); | |
88 | + struct TCP_Server_Info *server); | |
89 | 89 | extern int cifs_convert_address(char *src, void *dst); |
90 | 90 | extern int map_smb_to_linux_error(struct smb_hdr *smb, int logErr); |
91 | 91 | extern void header_assemble(struct smb_hdr *, char /* command */ , |
fs/cifs/cifssmb.c
... | ... | @@ -597,13 +597,19 @@ |
597 | 597 | server->secType = RawNTLMSSP; |
598 | 598 | } else { |
599 | 599 | rc = decode_negTokenInit(pSMBr->u.extended_response. |
600 | - SecurityBlob, | |
601 | - count - 16, | |
602 | - &server->secType); | |
600 | + SecurityBlob, count - 16, | |
601 | + server); | |
603 | 602 | if (rc == 1) |
604 | 603 | rc = 0; |
605 | 604 | else |
606 | 605 | rc = -EINVAL; |
606 | + | |
607 | + if (server->sec_kerberos || server->sec_mskerberos) | |
608 | + server->secType = Kerberos; | |
609 | + else if (server->sec_ntlmssp) | |
610 | + server->secType = RawNTLMSSP; | |
611 | + else | |
612 | + rc = -EOPNOTSUPP; | |
607 | 613 | } |
608 | 614 | } else |
609 | 615 | server->capabilities &= ~CAP_EXTENDED_SECURITY; |
fs/cifs/sess.c
... | ... | @@ -751,7 +751,7 @@ |
751 | 751 | unicode_ssetup_strings(&bcc_ptr, ses, nls_cp); |
752 | 752 | } else |
753 | 753 | ascii_ssetup_strings(&bcc_ptr, ses, nls_cp); |
754 | - } else if (type == Kerberos || type == MSKerberos) { | |
754 | + } else if (type == Kerberos) { | |
755 | 755 | #ifdef CONFIG_CIFS_UPCALL |
756 | 756 | struct cifs_spnego_msg *msg; |
757 | 757 | spnego_key = cifs_get_spnego_key(ses); |