diff options
author | Steve French <sfrench@us.ibm.com> | 2008-08-25 20:37:14 -0400 |
---|---|---|
committer | Steve French <sfrench@us.ibm.com> | 2008-08-25 20:37:14 -0400 |
commit | 6ce5eecb9cd3ac97b952c50309b87c31488a45e9 (patch) | |
tree | 5d28ff051283462f6c927ae87c094b568fb5b1e9 | |
parent | 3d2af3465e91335bd1dbf36b19e92079d901409f (diff) |
[CIFS] check version in spnego upcall response
Currently, we don't check the version in the SPNEGO upcall response
even though one is provided. Jeff and Q have made the corresponding
change to the Samba client (cifs.upcall).
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
-rw-r--r-- | fs/cifs/CHANGES | 6 | ||||
-rw-r--r-- | fs/cifs/cifs_spnego.h | 2 | ||||
-rw-r--r-- | fs/cifs/sess.c | 9 |
3 files changed, 15 insertions, 2 deletions
diff --git a/fs/cifs/CHANGES b/fs/cifs/CHANGES index f5d0083e09fa..526041a52d35 100644 --- a/fs/cifs/CHANGES +++ b/fs/cifs/CHANGES | |||
@@ -4,7 +4,11 @@ Fix premature write failure on congested networks (we would give up | |||
4 | on EAGAIN from the socket too quickly on large writes). | 4 | on EAGAIN from the socket too quickly on large writes). |
5 | Cifs_mkdir and cifs_create now respect the setgid bit on parent dir. | 5 | Cifs_mkdir and cifs_create now respect the setgid bit on parent dir. |
6 | Fix endian problems in acl (mode from/to cifs acl) on bigendian | 6 | Fix endian problems in acl (mode from/to cifs acl) on bigendian |
7 | architectures. | 7 | architectures. Fix problems with preserving timestamps on copying open |
8 | files (e.g. "cp -a") to Windows servers. For mkdir and create honor setgid bit | ||
9 | on parent directory when server supports Unix Extensions but not POSIX | ||
10 | create. Update cifs.upcall version to handle new Kerberos sec flags | ||
11 | (this requires update of cifs.upcall program from Samba). | ||
8 | 12 | ||
9 | Version 1.53 | 13 | Version 1.53 |
10 | ------------ | 14 | ------------ |
diff --git a/fs/cifs/cifs_spnego.h b/fs/cifs/cifs_spnego.h index 05a34b17a1ab..e4041ec4d712 100644 --- a/fs/cifs/cifs_spnego.h +++ b/fs/cifs/cifs_spnego.h | |||
@@ -23,7 +23,7 @@ | |||
23 | #ifndef _CIFS_SPNEGO_H | 23 | #ifndef _CIFS_SPNEGO_H |
24 | #define _CIFS_SPNEGO_H | 24 | #define _CIFS_SPNEGO_H |
25 | 25 | ||
26 | #define CIFS_SPNEGO_UPCALL_VERSION 1 | 26 | #define CIFS_SPNEGO_UPCALL_VERSION 2 |
27 | 27 | ||
28 | /* | 28 | /* |
29 | * The version field should always be set to CIFS_SPNEGO_UPCALL_VERSION. | 29 | * The version field should always be set to CIFS_SPNEGO_UPCALL_VERSION. |
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index 3188e4d9cddb..b537fad3bf50 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c | |||
@@ -516,6 +516,15 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time, | |||
516 | } | 516 | } |
517 | 517 | ||
518 | msg = spnego_key->payload.data; | 518 | msg = spnego_key->payload.data; |
519 | /* check version field to make sure that cifs.upcall is | ||
520 | sending us a response in an expected form */ | ||
521 | if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) { | ||
522 | cERROR(1, ("incorrect version of cifs.upcall (expected" | ||
523 | " %d but got %d)", | ||
524 | CIFS_SPNEGO_UPCALL_VERSION, msg->version)); | ||
525 | rc = -EKEYREJECTED; | ||
526 | goto ssetup_exit; | ||
527 | } | ||
519 | /* bail out if key is too long */ | 528 | /* bail out if key is too long */ |
520 | if (msg->sesskey_len > | 529 | if (msg->sesskey_len > |
521 | sizeof(ses->server->mac_signing_key.data.krb5)) { | 530 | sizeof(ses->server->mac_signing_key.data.krb5)) { |