aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteve French <sfrench@us.ibm.com>2008-08-25 20:37:14 -0400
committerSteve French <sfrench@us.ibm.com>2008-08-25 20:37:14 -0400
commit6ce5eecb9cd3ac97b952c50309b87c31488a45e9 (patch)
tree5d28ff051283462f6c927ae87c094b568fb5b1e9
parent3d2af3465e91335bd1dbf36b19e92079d901409f (diff)
[CIFS] check version in spnego upcall response
Currently, we don't check the version in the SPNEGO upcall response even though one is provided. Jeff and Q have made the corresponding change to the Samba client (cifs.upcall). Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
-rw-r--r--fs/cifs/CHANGES6
-rw-r--r--fs/cifs/cifs_spnego.h2
-rw-r--r--fs/cifs/sess.c9
3 files changed, 15 insertions, 2 deletions
diff --git a/fs/cifs/CHANGES b/fs/cifs/CHANGES
index f5d0083e09fa..526041a52d35 100644
--- a/fs/cifs/CHANGES
+++ b/fs/cifs/CHANGES
@@ -4,7 +4,11 @@ Fix premature write failure on congested networks (we would give up
4on EAGAIN from the socket too quickly on large writes). 4on EAGAIN from the socket too quickly on large writes).
5Cifs_mkdir and cifs_create now respect the setgid bit on parent dir. 5Cifs_mkdir and cifs_create now respect the setgid bit on parent dir.
6Fix endian problems in acl (mode from/to cifs acl) on bigendian 6Fix endian problems in acl (mode from/to cifs acl) on bigendian
7architectures. 7architectures. Fix problems with preserving timestamps on copying open
8files (e.g. "cp -a") to Windows servers. For mkdir and create honor setgid bit
9on parent directory when server supports Unix Extensions but not POSIX
10create. Update cifs.upcall version to handle new Kerberos sec flags
11(this requires update of cifs.upcall program from Samba).
8 12
9Version 1.53 13Version 1.53
10------------ 14------------
diff --git a/fs/cifs/cifs_spnego.h b/fs/cifs/cifs_spnego.h
index 05a34b17a1ab..e4041ec4d712 100644
--- a/fs/cifs/cifs_spnego.h
+++ b/fs/cifs/cifs_spnego.h
@@ -23,7 +23,7 @@
23#ifndef _CIFS_SPNEGO_H 23#ifndef _CIFS_SPNEGO_H
24#define _CIFS_SPNEGO_H 24#define _CIFS_SPNEGO_H
25 25
26#define CIFS_SPNEGO_UPCALL_VERSION 1 26#define CIFS_SPNEGO_UPCALL_VERSION 2
27 27
28/* 28/*
29 * The version field should always be set to CIFS_SPNEGO_UPCALL_VERSION. 29 * The version field should always be set to CIFS_SPNEGO_UPCALL_VERSION.
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index 3188e4d9cddb..b537fad3bf50 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -516,6 +516,15 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
516 } 516 }
517 517
518 msg = spnego_key->payload.data; 518 msg = spnego_key->payload.data;
519 /* check version field to make sure that cifs.upcall is
520 sending us a response in an expected form */
521 if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) {
522 cERROR(1, ("incorrect version of cifs.upcall (expected"
523 " %d but got %d)",
524 CIFS_SPNEGO_UPCALL_VERSION, msg->version));
525 rc = -EKEYREJECTED;
526 goto ssetup_exit;
527 }
519 /* bail out if key is too long */ 528 /* bail out if key is too long */
520 if (msg->sesskey_len > 529 if (msg->sesskey_len >
521 sizeof(ses->server->mac_signing_key.data.krb5)) { 530 sizeof(ses->server->mac_signing_key.data.krb5)) {