cifs: have decode_negTokenInit set flags in server struct

...rather than the secType. This allows us to get rid of the MSKerberos securityEnum. The client just makes a decision at upcall time. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>

cifs: have decode_negTokenInit set flags in server struct
...rather than the secType. This allows us to get rid of the MSKerberos securityEnum. The client just makes a decision at upcall time. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
Jeff Layton · Steve French
1 parent 198b568278
Showing 6 changed files with 26 additions and 30 deletions Side-by-side Diff
fs/cifs/asn1.c
fs/cifs/cifs_spnego.c
fs/cifs/cifsglob.h
fs/cifs/cifsproto.h
fs/cifs/cifssmb.c
fs/cifs/sess.c
@@ -492,17 +492,13 @@
  
 int
 decode_negTokenInit(unsigned char *security_blob, int length,
-		    enum securityEnum *secType)
+		    struct TCP_Server_Info *server)
 {
 	struct asn1_ctx ctx;
 	unsigned char *end;
 	unsigned char *sequence_end;
 	unsigned long *oid = NULL;
 	unsigned int cls, con, tag, oidlen, rc;
-	bool use_ntlmssp = false;
-	bool use_kerberos = false;
-	bool use_kerberosu2u = false;
-	bool use_mskerberos = false;
  
 	/* cifs_dump_mem(" Received SecBlob ", security_blob, length); */
  
  
  
  
@@ -599,20 +595,17 @@
 					*(oid + 1), *(oid + 2), *(oid + 3));
  
 				if (compare_oid(oid, oidlen, MSKRB5_OID,
-						MSKRB5_OID_LEN) &&
-						!use_mskerberos)
-					use_mskerberos = true;
+						MSKRB5_OID_LEN))
+					server->sec_mskerberos = true;
 				else if (compare_oid(oid, oidlen, KRB5U2U_OID,
-						     KRB5U2U_OID_LEN) &&
-						     !use_kerberosu2u)
-					use_kerberosu2u = true;
+						     KRB5U2U_OID_LEN))
+					server->sec_kerberosu2u = true;
 				else if (compare_oid(oid, oidlen, KRB5_OID,
-						     KRB5_OID_LEN) &&
-						     !use_kerberos)
-					use_kerberos = true;
+						     KRB5_OID_LEN))
+					server->sec_kerberos = true;
 				else if (compare_oid(oid, oidlen, NTLMSSP_OID,
 						     NTLMSSP_OID_LEN))
-					use_ntlmssp = true;
+					server->sec_ntlmssp = true;
  
 				kfree(oid);
 			}
@@ -669,13 +662,6 @@
 	cFYI(1, "Need to call asn1_octets_decode() function for %s",
 		ctx.pointer);	/* is this UTF-8 or ASCII? */
 decode_negtoken_exit:
-	if (use_kerberos)
-		*secType = Kerberos;
-	else if (use_mskerberos)
-		*secType = MSKerberos;
-	else if (use_ntlmssp)
-		*secType = RawNTLMSSP;
-
 	return 1;
 }
@@ -133,9 +133,9 @@
 	dp = description + strlen(description);
  
 	/* for now, only sec=krb5 and sec=mskrb5 are valid */
-	if (server->secType == Kerberos)
+	if (server->sec_kerberos)
 		sprintf(dp, ";sec=krb5");
-	else if (server->secType == MSKerberos)
+	else if (server->sec_mskerberos)
 		sprintf(dp, ";sec=mskrb5");
 	else
 		goto out;
@@ -87,7 +87,6 @@
 	RawNTLMSSP,		/* NTLMSSP without SPNEGO, NTLMv2 hash */
 /*	NTLMSSP, */ /* can use rawNTLMSSP instead of NTLMSSP via SPNEGO */
 	Kerberos,		/* Kerberos via SPNEGO */
-	MSKerberos,		/* MS Kerberos via SPNEGO */
 };
  
 enum protocolEnum {
@@ -186,6 +185,11 @@
 	char ntlmv2_hash[16];
 	unsigned long lstrp; /* when we got last response from this server */
 	u16 dialect; /* dialect index that server chose */
+	/* extended security flavors that server supports */
+	bool	sec_kerberos;		/* supports plain Kerberos */
+	bool	sec_mskerberos;		/* supports legacy MS Kerberos */
+	bool	sec_kerberosu2u;	/* supports U2U Kerberos */
+	bool	sec_ntlmssp;		/* supports NTLMSSP */
 };
  
 /*
@@ -85,7 +85,7 @@
 extern unsigned int smbCalcSize(struct smb_hdr *ptr);
 extern unsigned int smbCalcSize_LE(struct smb_hdr *ptr);
 extern int decode_negTokenInit(unsigned char *security_blob, int length,
-			enum securityEnum *secType);
+			struct TCP_Server_Info *server);
 extern int cifs_convert_address(char *src, void *dst);
 extern int map_smb_to_linux_error(struct smb_hdr *smb, int logErr);
 extern void header_assemble(struct smb_hdr *, char /* command */ ,
@@ -597,13 +597,19 @@
 			server->secType = RawNTLMSSP;
 		} else {
 			rc = decode_negTokenInit(pSMBr->u.extended_response.
-						 SecurityBlob,
-						 count - 16,
-						 &server->secType);
+						 SecurityBlob, count - 16,
+						 server);
 			if (rc == 1)
 				rc = 0;
 			else
 				rc = -EINVAL;
+
+			if (server->sec_kerberos || server->sec_mskerberos)
+				server->secType = Kerberos;
+			else if (server->sec_ntlmssp)
+				server->secType = RawNTLMSSP;
+			else
+				rc = -EOPNOTSUPP;
 		}
 	} else
 		server->capabilities &= ~CAP_EXTENDED_SECURITY;
@@ -751,7 +751,7 @@
 			unicode_ssetup_strings(&bcc_ptr, ses, nls_cp);
 		} else
 			ascii_ssetup_strings(&bcc_ptr, ses, nls_cp);
-	} else if (type == Kerberos || type == MSKerberos) {
+	} else if (type == Kerberos) {
 #ifdef CONFIG_CIFS_UPCALL
 		struct cifs_spnego_msg *msg;
 		spnego_key = cifs_get_spnego_key(ses);
...	...	@@ -492,17 +492,13 @@
492	492
493	493	int
494	494	decode_negTokenInit(unsigned char *security_blob, int length,
495		- enum securityEnum *secType)
	495	+ struct TCP_Server_Info *server)
496	496	{
497	497	struct asn1_ctx ctx;
498	498	unsigned char *end;
499	499	unsigned char *sequence_end;
500	500	unsigned long *oid = NULL;
501	501	unsigned int cls, con, tag, oidlen, rc;
502		- bool use_ntlmssp = false;
503		- bool use_kerberos = false;
504		- bool use_kerberosu2u = false;
505		- bool use_mskerberos = false;
506	502
507	503	/* cifs_dump_mem(" Received SecBlob ", security_blob, length); */
508	504
509	505
510	506
511	507
...	...	@@ -599,20 +595,17 @@
599	595	(oid + 1), (oid + 2), *(oid + 3));
600	596
601	597	if (compare_oid(oid, oidlen, MSKRB5_OID,
602		- MSKRB5_OID_LEN) &&
603		- !use_mskerberos)
604		- use_mskerberos = true;
	598	+ MSKRB5_OID_LEN))
	599	+ server->sec_mskerberos = true;
605	600	else if (compare_oid(oid, oidlen, KRB5U2U_OID,
606		- KRB5U2U_OID_LEN) &&
607		- !use_kerberosu2u)
608		- use_kerberosu2u = true;
	601	+ KRB5U2U_OID_LEN))
	602	+ server->sec_kerberosu2u = true;
609	603	else if (compare_oid(oid, oidlen, KRB5_OID,
610		- KRB5_OID_LEN) &&
611		- !use_kerberos)
612		- use_kerberos = true;
	604	+ KRB5_OID_LEN))
	605	+ server->sec_kerberos = true;
613	606	else if (compare_oid(oid, oidlen, NTLMSSP_OID,
614	607	NTLMSSP_OID_LEN))
615		- use_ntlmssp = true;
	608	+ server->sec_ntlmssp = true;
616	609
617	610	kfree(oid);
618	611	}
...	...	@@ -669,13 +662,6 @@
669	662	cFYI(1, "Need to call asn1_octets_decode() function for %s",
670	663	ctx.pointer); /* is this UTF-8 or ASCII? */
671	664	decode_negtoken_exit:
672		- if (use_kerberos)
673		- *secType = Kerberos;
674		- else if (use_mskerberos)
675		- *secType = MSKerberos;
676		- else if (use_ntlmssp)
677		- *secType = RawNTLMSSP;
678		-
679	665	return 1;
680	666	}
...	...	@@ -133,9 +133,9 @@
133	133	dp = description + strlen(description);
134	134
135	135	/* for now, only sec=krb5 and sec=mskrb5 are valid */
136		- if (server->secType == Kerberos)
	136	+ if (server->sec_kerberos)
137	137	sprintf(dp, ";sec=krb5");
138		- else if (server->secType == MSKerberos)
	138	+ else if (server->sec_mskerberos)
139	139	sprintf(dp, ";sec=mskrb5");
140	140	else
141	141	goto out;
...	...	@@ -87,7 +87,6 @@
87	87	RawNTLMSSP, /* NTLMSSP without SPNEGO, NTLMv2 hash */
88	88	/* NTLMSSP, / / can use rawNTLMSSP instead of NTLMSSP via SPNEGO */
89	89	Kerberos, /* Kerberos via SPNEGO */
90		- MSKerberos, /* MS Kerberos via SPNEGO */
91	90	};
92	91
93	92	enum protocolEnum {
...	...	@@ -186,6 +185,11 @@
186	185	char ntlmv2_hash[16];
187	186	unsigned long lstrp; /* when we got last response from this server */
188	187	u16 dialect; /* dialect index that server chose */
	188	+ /* extended security flavors that server supports */
	189	+ bool sec_kerberos; /* supports plain Kerberos */
	190	+ bool sec_mskerberos; /* supports legacy MS Kerberos */
	191	+ bool sec_kerberosu2u; /* supports U2U Kerberos */
	192	+ bool sec_ntlmssp; /* supports NTLMSSP */
189	193	};
190	194
191	195	/*
...	...	@@ -85,7 +85,7 @@
85	85	extern unsigned int smbCalcSize(struct smb_hdr *ptr);
86	86	extern unsigned int smbCalcSize_LE(struct smb_hdr *ptr);
87	87	extern int decode_negTokenInit(unsigned char *security_blob, int length,
88		- enum securityEnum *secType);
	88	+ struct TCP_Server_Info *server);
89	89	extern int cifs_convert_address(char src, void dst);
90	90	extern int map_smb_to_linux_error(struct smb_hdr *smb, int logErr);
91	91	extern void header_assemble(struct smb_hdr , char / command */ ,
...	...	@@ -597,13 +597,19 @@
597	597	server->secType = RawNTLMSSP;
598	598	} else {
599	599	rc = decode_negTokenInit(pSMBr->u.extended_response.
600		- SecurityBlob,
601		- count - 16,
602		- &server->secType);
	600	+ SecurityBlob, count - 16,
	601	+ server);
603	602	if (rc == 1)
604	603	rc = 0;
605	604	else
606	605	rc = -EINVAL;
	606	+
	607	+ if (server->sec_kerberos \|\| server->sec_mskerberos)
	608	+ server->secType = Kerberos;
	609	+ else if (server->sec_ntlmssp)
	610	+ server->secType = RawNTLMSSP;
	611	+ else
	612	+ rc = -EOPNOTSUPP;
607	613	}
608	614	} else
609	615	server->capabilities &= ~CAP_EXTENDED_SECURITY;
...	...	@@ -751,7 +751,7 @@
751	751	unicode_ssetup_strings(&bcc_ptr, ses, nls_cp);
752	752	} else
753	753	ascii_ssetup_strings(&bcc_ptr, ses, nls_cp);
754		- } else if (type == Kerberos \|\| type == MSKerberos) {
	754	+ } else if (type == Kerberos) {
755	755	#ifdef CONFIG_CIFS_UPCALL
756	756	struct cifs_spnego_msg *msg;
757	757	spnego_key = cifs_get_spnego_key(ses);