aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeff Layton <jlayton@redhat.com>2007-11-03 01:11:06 -0400
committerSteve French <sfrench@us.ibm.com>2007-11-03 01:11:06 -0400
commite545937a51fe0cc78cea55752764daabb81ec96d (patch)
tree82cfeae6a78f11dea850153f7a3e849c01f5d8d0
parent84a15b935481fa651cc6ec60aed015312b67adda (diff)
[CIFS] add OIDs for KRB5 and MSKRB5 to ASN1 parsing routines
Also, fix the parser to recognize them and set the secType accordingly. Make CIFSSMBNegotiate not error out automatically after parsing the securityBlob. Also thanks to Q (Igor) and Simo for their help on this set of kerberos patches (and Dave Howells for help on the upcall). Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
-rw-r--r--fs/cifs/asn1.c35
-rw-r--r--fs/cifs/cifsfs.c1
-rw-r--r--fs/cifs/cifssmb.c3
3 files changed, 26 insertions, 13 deletions
diff --git a/fs/cifs/asn1.c b/fs/cifs/asn1.c
index 2a01f3ef96a0..bcda2c6b6a04 100644
--- a/fs/cifs/asn1.c
+++ b/fs/cifs/asn1.c
@@ -77,8 +77,12 @@
77 77
78#define SPNEGO_OID_LEN 7 78#define SPNEGO_OID_LEN 7
79#define NTLMSSP_OID_LEN 10 79#define NTLMSSP_OID_LEN 10
80#define KRB5_OID_LEN 7
81#define MSKRB5_OID_LEN 7
80static unsigned long SPNEGO_OID[7] = { 1, 3, 6, 1, 5, 5, 2 }; 82static unsigned long SPNEGO_OID[7] = { 1, 3, 6, 1, 5, 5, 2 };
81static unsigned long NTLMSSP_OID[10] = { 1, 3, 6, 1, 4, 1, 311, 2, 2, 10 }; 83static unsigned long NTLMSSP_OID[10] = { 1, 3, 6, 1, 4, 1, 311, 2, 2, 10 };
84static unsigned long KRB5_OID[7] = { 1, 2, 840, 113554, 1, 2, 2 };
85static unsigned long MSKRB5_OID[7] = { 1, 2, 840, 48018, 1, 2, 2 };
82 86
83/* 87/*
84 * ASN.1 context. 88 * ASN.1 context.
@@ -457,6 +461,7 @@ decode_negTokenInit(unsigned char *security_blob, int length,
457 unsigned long *oid = NULL; 461 unsigned long *oid = NULL;
458 unsigned int cls, con, tag, oidlen, rc; 462 unsigned int cls, con, tag, oidlen, rc;
459 int use_ntlmssp = FALSE; 463 int use_ntlmssp = FALSE;
464 int use_kerberos = FALSE;
460 465
461 *secType = NTLM; /* BB eventually make Kerberos or NLTMSSP the default*/ 466 *secType = NTLM; /* BB eventually make Kerberos or NLTMSSP the default*/
462 467
@@ -545,18 +550,28 @@ decode_negTokenInit(unsigned char *security_blob, int length,
545 return 0; 550 return 0;
546 } 551 }
547 if ((tag == ASN1_OJI) && (con == ASN1_PRI)) { 552 if ((tag == ASN1_OJI) && (con == ASN1_PRI)) {
548 rc = asn1_oid_decode(&ctx, end, &oid, &oidlen); 553 if (asn1_oid_decode(&ctx, end, &oid, &oidlen)) {
549 if (rc) { 554
550 cFYI(1, 555 cFYI(1,
551 ("OID len = %d oid = 0x%lx 0x%lx " 556 ("OID len = %d oid = 0x%lx 0x%lx "
552 "0x%lx 0x%lx", 557 "0x%lx 0x%lx",
553 oidlen, *oid, *(oid + 1), 558 oidlen, *oid, *(oid + 1),
554 *(oid + 2), *(oid + 3))); 559 *(oid + 2), *(oid + 3)));
555 rc = compare_oid(oid, oidlen, 560
556 NTLMSSP_OID, NTLMSSP_OID_LEN); 561 if (compare_oid(oid, oidlen,
557 kfree(oid); 562 MSKRB5_OID,
558 if (rc) 563 MSKRB5_OID_LEN))
564 use_kerberos = TRUE;
565 else if (compare_oid(oid, oidlen,
566 KRB5_OID,
567 KRB5_OID_LEN))
568 use_kerberos = TRUE;
569 else if (compare_oid(oid, oidlen,
570 NTLMSSP_OID,
571 NTLMSSP_OID_LEN))
559 use_ntlmssp = TRUE; 572 use_ntlmssp = TRUE;
573
574 kfree(oid);
560 } 575 }
561 } else { 576 } else {
562 cFYI(1, ("Should be an oid what is going on?")); 577 cFYI(1, ("Should be an oid what is going on?"));
@@ -609,12 +624,10 @@ decode_negTokenInit(unsigned char *security_blob, int length,
609 ctx.pointer)); /* is this UTF-8 or ASCII? */ 624 ctx.pointer)); /* is this UTF-8 or ASCII? */
610 } 625 }
611 626
612 /* if (use_kerberos) 627 if (use_kerberos)
613 *secType = Kerberos 628 *secType = Kerberos;
614 else */ 629 else if (use_ntlmssp)
615 if (use_ntlmssp) {
616 *secType = NTLMSSP; 630 *secType = NTLMSSP;
617 }
618 631
619 return 1; 632 return 1;
620} 633}
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
index 94c0f55d7669..416dc9fe8961 100644
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -44,6 +44,7 @@
44#include "cifs_fs_sb.h" 44#include "cifs_fs_sb.h"
45#include <linux/mm.h> 45#include <linux/mm.h>
46#include <linux/key-type.h> 46#include <linux/key-type.h>
47#include "cifs_spnego.h"
47#define CIFS_MAGIC_NUMBER 0xFF534D42 /* the first four bytes of SMB PDUs */ 48#define CIFS_MAGIC_NUMBER 0xFF534D42 /* the first four bytes of SMB PDUs */
48 49
49#ifdef CONFIG_CIFS_QUOTA 50#ifdef CONFIG_CIFS_QUOTA
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index 0bb3e431ee01..59d7b7c037ad 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -647,8 +647,7 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
647 count - 16, 647 count - 16,
648 &server->secType); 648 &server->secType);
649 if (rc == 1) { 649 if (rc == 1) {
650 /* BB Need to fill struct for sessetup here */ 650 rc = 0;
651 rc = -EOPNOTSUPP;
652 } else { 651 } else {
653 rc = -EINVAL; 652 rc = -EINVAL;
654 } 653 }