diff options
author | Jeff Layton <jlayton@redhat.com> | 2007-11-03 01:11:06 -0400 |
---|---|---|
committer | Steve French <sfrench@us.ibm.com> | 2007-11-03 01:11:06 -0400 |
commit | e545937a51fe0cc78cea55752764daabb81ec96d (patch) | |
tree | 82cfeae6a78f11dea850153f7a3e849c01f5d8d0 | |
parent | 84a15b935481fa651cc6ec60aed015312b67adda (diff) |
[CIFS] add OIDs for KRB5 and MSKRB5 to ASN1 parsing routines
Also, fix the parser to recognize them and set the secType
accordingly. Make CIFSSMBNegotiate not error out automatically
after parsing the securityBlob.
Also thanks to Q (Igor) and Simo for their help on this
set of kerberos patches (and Dave Howells for help on the
upcall).
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
-rw-r--r-- | fs/cifs/asn1.c | 35 | ||||
-rw-r--r-- | fs/cifs/cifsfs.c | 1 | ||||
-rw-r--r-- | fs/cifs/cifssmb.c | 3 |
3 files changed, 26 insertions, 13 deletions
diff --git a/fs/cifs/asn1.c b/fs/cifs/asn1.c index 2a01f3ef96a0..bcda2c6b6a04 100644 --- a/fs/cifs/asn1.c +++ b/fs/cifs/asn1.c | |||
@@ -77,8 +77,12 @@ | |||
77 | 77 | ||
78 | #define SPNEGO_OID_LEN 7 | 78 | #define SPNEGO_OID_LEN 7 |
79 | #define NTLMSSP_OID_LEN 10 | 79 | #define NTLMSSP_OID_LEN 10 |
80 | #define KRB5_OID_LEN 7 | ||
81 | #define MSKRB5_OID_LEN 7 | ||
80 | static unsigned long SPNEGO_OID[7] = { 1, 3, 6, 1, 5, 5, 2 }; | 82 | static unsigned long SPNEGO_OID[7] = { 1, 3, 6, 1, 5, 5, 2 }; |
81 | static unsigned long NTLMSSP_OID[10] = { 1, 3, 6, 1, 4, 1, 311, 2, 2, 10 }; | 83 | static unsigned long NTLMSSP_OID[10] = { 1, 3, 6, 1, 4, 1, 311, 2, 2, 10 }; |
84 | static unsigned long KRB5_OID[7] = { 1, 2, 840, 113554, 1, 2, 2 }; | ||
85 | static unsigned long MSKRB5_OID[7] = { 1, 2, 840, 48018, 1, 2, 2 }; | ||
82 | 86 | ||
83 | /* | 87 | /* |
84 | * ASN.1 context. | 88 | * ASN.1 context. |
@@ -457,6 +461,7 @@ decode_negTokenInit(unsigned char *security_blob, int length, | |||
457 | unsigned long *oid = NULL; | 461 | unsigned long *oid = NULL; |
458 | unsigned int cls, con, tag, oidlen, rc; | 462 | unsigned int cls, con, tag, oidlen, rc; |
459 | int use_ntlmssp = FALSE; | 463 | int use_ntlmssp = FALSE; |
464 | int use_kerberos = FALSE; | ||
460 | 465 | ||
461 | *secType = NTLM; /* BB eventually make Kerberos or NLTMSSP the default*/ | 466 | *secType = NTLM; /* BB eventually make Kerberos or NLTMSSP the default*/ |
462 | 467 | ||
@@ -545,18 +550,28 @@ decode_negTokenInit(unsigned char *security_blob, int length, | |||
545 | return 0; | 550 | return 0; |
546 | } | 551 | } |
547 | if ((tag == ASN1_OJI) && (con == ASN1_PRI)) { | 552 | if ((tag == ASN1_OJI) && (con == ASN1_PRI)) { |
548 | rc = asn1_oid_decode(&ctx, end, &oid, &oidlen); | 553 | if (asn1_oid_decode(&ctx, end, &oid, &oidlen)) { |
549 | if (rc) { | 554 | |
550 | cFYI(1, | 555 | cFYI(1, |
551 | ("OID len = %d oid = 0x%lx 0x%lx " | 556 | ("OID len = %d oid = 0x%lx 0x%lx " |
552 | "0x%lx 0x%lx", | 557 | "0x%lx 0x%lx", |
553 | oidlen, *oid, *(oid + 1), | 558 | oidlen, *oid, *(oid + 1), |
554 | *(oid + 2), *(oid + 3))); | 559 | *(oid + 2), *(oid + 3))); |
555 | rc = compare_oid(oid, oidlen, | 560 | |
556 | NTLMSSP_OID, NTLMSSP_OID_LEN); | 561 | if (compare_oid(oid, oidlen, |
557 | kfree(oid); | 562 | MSKRB5_OID, |
558 | if (rc) | 563 | MSKRB5_OID_LEN)) |
564 | use_kerberos = TRUE; | ||
565 | else if (compare_oid(oid, oidlen, | ||
566 | KRB5_OID, | ||
567 | KRB5_OID_LEN)) | ||
568 | use_kerberos = TRUE; | ||
569 | else if (compare_oid(oid, oidlen, | ||
570 | NTLMSSP_OID, | ||
571 | NTLMSSP_OID_LEN)) | ||
559 | use_ntlmssp = TRUE; | 572 | use_ntlmssp = TRUE; |
573 | |||
574 | kfree(oid); | ||
560 | } | 575 | } |
561 | } else { | 576 | } else { |
562 | cFYI(1, ("Should be an oid what is going on?")); | 577 | cFYI(1, ("Should be an oid what is going on?")); |
@@ -609,12 +624,10 @@ decode_negTokenInit(unsigned char *security_blob, int length, | |||
609 | ctx.pointer)); /* is this UTF-8 or ASCII? */ | 624 | ctx.pointer)); /* is this UTF-8 or ASCII? */ |
610 | } | 625 | } |
611 | 626 | ||
612 | /* if (use_kerberos) | 627 | if (use_kerberos) |
613 | *secType = Kerberos | 628 | *secType = Kerberos; |
614 | else */ | 629 | else if (use_ntlmssp) |
615 | if (use_ntlmssp) { | ||
616 | *secType = NTLMSSP; | 630 | *secType = NTLMSSP; |
617 | } | ||
618 | 631 | ||
619 | return 1; | 632 | return 1; |
620 | } | 633 | } |
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c index 94c0f55d7669..416dc9fe8961 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c | |||
@@ -44,6 +44,7 @@ | |||
44 | #include "cifs_fs_sb.h" | 44 | #include "cifs_fs_sb.h" |
45 | #include <linux/mm.h> | 45 | #include <linux/mm.h> |
46 | #include <linux/key-type.h> | 46 | #include <linux/key-type.h> |
47 | #include "cifs_spnego.h" | ||
47 | #define CIFS_MAGIC_NUMBER 0xFF534D42 /* the first four bytes of SMB PDUs */ | 48 | #define CIFS_MAGIC_NUMBER 0xFF534D42 /* the first four bytes of SMB PDUs */ |
48 | 49 | ||
49 | #ifdef CONFIG_CIFS_QUOTA | 50 | #ifdef CONFIG_CIFS_QUOTA |
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index 0bb3e431ee01..59d7b7c037ad 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c | |||
@@ -647,8 +647,7 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses) | |||
647 | count - 16, | 647 | count - 16, |
648 | &server->secType); | 648 | &server->secType); |
649 | if (rc == 1) { | 649 | if (rc == 1) { |
650 | /* BB Need to fill struct for sessetup here */ | 650 | rc = 0; |
651 | rc = -EOPNOTSUPP; | ||
652 | } else { | 651 | } else { |
653 | rc = -EINVAL; | 652 | rc = -EINVAL; |
654 | } | 653 | } |