cifs: have decode_negTokenInit set flags in server struct
...rather than the secType. This allows us to get rid of the MSKerberos securityEnum. The client just makes a decision at upcall time. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
This commit is contained in:
parent
198b568278
commit
26efa0bac9
|
@ -492,17 +492,13 @@ compare_oid(unsigned long *oid1, unsigned int oid1len,
|
|||
|
||||
int
|
||||
decode_negTokenInit(unsigned char *security_blob, int length,
|
||||
enum securityEnum *secType)
|
||||
struct TCP_Server_Info *server)
|
||||
{
|
||||
struct asn1_ctx ctx;
|
||||
unsigned char *end;
|
||||
unsigned char *sequence_end;
|
||||
unsigned long *oid = NULL;
|
||||
unsigned int cls, con, tag, oidlen, rc;
|
||||
bool use_ntlmssp = false;
|
||||
bool use_kerberos = false;
|
||||
bool use_kerberosu2u = false;
|
||||
bool use_mskerberos = false;
|
||||
|
||||
/* cifs_dump_mem(" Received SecBlob ", security_blob, length); */
|
||||
|
||||
|
@ -599,20 +595,17 @@ decode_negTokenInit(unsigned char *security_blob, int length,
|
|||
*(oid + 1), *(oid + 2), *(oid + 3));
|
||||
|
||||
if (compare_oid(oid, oidlen, MSKRB5_OID,
|
||||
MSKRB5_OID_LEN) &&
|
||||
!use_mskerberos)
|
||||
use_mskerberos = true;
|
||||
MSKRB5_OID_LEN))
|
||||
server->sec_mskerberos = true;
|
||||
else if (compare_oid(oid, oidlen, KRB5U2U_OID,
|
||||
KRB5U2U_OID_LEN) &&
|
||||
!use_kerberosu2u)
|
||||
use_kerberosu2u = true;
|
||||
KRB5U2U_OID_LEN))
|
||||
server->sec_kerberosu2u = true;
|
||||
else if (compare_oid(oid, oidlen, KRB5_OID,
|
||||
KRB5_OID_LEN) &&
|
||||
!use_kerberos)
|
||||
use_kerberos = true;
|
||||
KRB5_OID_LEN))
|
||||
server->sec_kerberos = true;
|
||||
else if (compare_oid(oid, oidlen, NTLMSSP_OID,
|
||||
NTLMSSP_OID_LEN))
|
||||
use_ntlmssp = true;
|
||||
server->sec_ntlmssp = true;
|
||||
|
||||
kfree(oid);
|
||||
}
|
||||
|
@ -669,12 +662,5 @@ decode_negTokenInit(unsigned char *security_blob, int length,
|
|||
cFYI(1, "Need to call asn1_octets_decode() function for %s",
|
||||
ctx.pointer); /* is this UTF-8 or ASCII? */
|
||||
decode_negtoken_exit:
|
||||
if (use_kerberos)
|
||||
*secType = Kerberos;
|
||||
else if (use_mskerberos)
|
||||
*secType = MSKerberos;
|
||||
else if (use_ntlmssp)
|
||||
*secType = RawNTLMSSP;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -133,9 +133,9 @@ cifs_get_spnego_key(struct cifsSesInfo *sesInfo)
|
|||
dp = description + strlen(description);
|
||||
|
||||
/* for now, only sec=krb5 and sec=mskrb5 are valid */
|
||||
if (server->secType == Kerberos)
|
||||
if (server->sec_kerberos)
|
||||
sprintf(dp, ";sec=krb5");
|
||||
else if (server->secType == MSKerberos)
|
||||
else if (server->sec_mskerberos)
|
||||
sprintf(dp, ";sec=mskrb5");
|
||||
else
|
||||
goto out;
|
||||
|
|
|
@ -87,7 +87,6 @@ enum securityEnum {
|
|||
RawNTLMSSP, /* NTLMSSP without SPNEGO, NTLMv2 hash */
|
||||
/* NTLMSSP, */ /* can use rawNTLMSSP instead of NTLMSSP via SPNEGO */
|
||||
Kerberos, /* Kerberos via SPNEGO */
|
||||
MSKerberos, /* MS Kerberos via SPNEGO */
|
||||
};
|
||||
|
||||
enum protocolEnum {
|
||||
|
@ -186,6 +185,11 @@ struct TCP_Server_Info {
|
|||
char ntlmv2_hash[16];
|
||||
unsigned long lstrp; /* when we got last response from this server */
|
||||
u16 dialect; /* dialect index that server chose */
|
||||
/* extended security flavors that server supports */
|
||||
bool sec_kerberos; /* supports plain Kerberos */
|
||||
bool sec_mskerberos; /* supports legacy MS Kerberos */
|
||||
bool sec_kerberosu2u; /* supports U2U Kerberos */
|
||||
bool sec_ntlmssp; /* supports NTLMSSP */
|
||||
};
|
||||
|
||||
/*
|
||||
|
|
|
@ -85,7 +85,7 @@ extern struct cifsFileInfo *find_readable_file(struct cifsInodeInfo *);
|
|||
extern unsigned int smbCalcSize(struct smb_hdr *ptr);
|
||||
extern unsigned int smbCalcSize_LE(struct smb_hdr *ptr);
|
||||
extern int decode_negTokenInit(unsigned char *security_blob, int length,
|
||||
enum securityEnum *secType);
|
||||
struct TCP_Server_Info *server);
|
||||
extern int cifs_convert_address(char *src, void *dst);
|
||||
extern int map_smb_to_linux_error(struct smb_hdr *smb, int logErr);
|
||||
extern void header_assemble(struct smb_hdr *, char /* command */ ,
|
||||
|
|
|
@ -597,13 +597,19 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
|
|||
server->secType = RawNTLMSSP;
|
||||
} else {
|
||||
rc = decode_negTokenInit(pSMBr->u.extended_response.
|
||||
SecurityBlob,
|
||||
count - 16,
|
||||
&server->secType);
|
||||
SecurityBlob, count - 16,
|
||||
server);
|
||||
if (rc == 1)
|
||||
rc = 0;
|
||||
else
|
||||
rc = -EINVAL;
|
||||
|
||||
if (server->sec_kerberos || server->sec_mskerberos)
|
||||
server->secType = Kerberos;
|
||||
else if (server->sec_ntlmssp)
|
||||
server->secType = RawNTLMSSP;
|
||||
else
|
||||
rc = -EOPNOTSUPP;
|
||||
}
|
||||
} else
|
||||
server->capabilities &= ~CAP_EXTENDED_SECURITY;
|
||||
|
|
|
@ -751,7 +751,7 @@ ssetup_ntlmssp_authenticate:
|
|||
unicode_ssetup_strings(&bcc_ptr, ses, nls_cp);
|
||||
} else
|
||||
ascii_ssetup_strings(&bcc_ptr, ses, nls_cp);
|
||||
} else if (type == Kerberos || type == MSKerberos) {
|
||||
} else if (type == Kerberos) {
|
||||
#ifdef CONFIG_CIFS_UPCALL
|
||||
struct cifs_spnego_msg *msg;
|
||||
spnego_key = cifs_get_spnego_key(ses);
|
||||
|
|
Loading…
Reference in New Issue