[CIFS] add OIDs for KRB5 and MSKRB5 to ASN1 parsing routines

Also, fix the parser to recognize them and set the secType accordingly. Make CIFSSMBNegotiate not error out automatically after parsing the securityBlob. Also thanks to Q (Igor) and Simo for their help on this set of kerberos patches (and Dave Howells for help on the upcall). Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
author: Jeff Layton <jlayton@redhat.com> 2007-11-03 01:11:06 -0400
committer: Steve French <sfrench@us.ibm.com> 2007-11-03 01:11:06 -0400
commit: e545937a51fe0cc78cea55752764daabb81ec96d (patch)
tree: 82cfeae6a78f11dea850153f7a3e849c01f5d8d0
parent: 84a15b935481fa651cc6ec60aed015312b67adda (diff)
3 files changed, 26 insertions, 13 deletions
diff --git a/fs/cifs/asn1.c b/fs/cifs/asn1.c
index 2a01f3ef96a0..bcda2c6b6a04 100644
--- a/fs/cifs/asn1.c
+++ b/fs/cifs/asn1.c
@@ -77,8 +77,12 @@
 #define SPNEGO_OID_LEN 7
 #define NTLMSSP_OID_LEN  10
+#define KRB5_OID_LEN  7
+#define MSKRB5_OID_LEN  7
 static unsigned long SPNEGO_OID[7] = { 1, 3, 6, 1, 5, 5, 2 };
 static unsigned long NTLMSSP_OID[10] = { 1, 3, 6, 1, 4, 1, 311, 2, 2, 10 };
+static unsigned long KRB5_OID[7] = { 1, 2, 840, 113554, 1, 2, 2 };
+static unsigned long MSKRB5_OID[7] = { 1, 2, 840, 48018, 1, 2, 2 };
 /*
 * ASN.1 context.
@@ -457,6 +461,7 @@ decode_negTokenInit(unsigned char *security_blob, int length,
        unsigned long *oid = NULL;
        unsigned int cls, con, tag, oidlen, rc;
        int use_ntlmssp = FALSE;
+        int use_kerberos = FALSE;
        *secType = NTLM; /* BB eventually make Kerberos or NLTMSSP the default*/
@@ -545,18 +550,28 @@ decode_negTokenInit(unsigned char *security_blob, int length,
                                return 0;
                        }
                        if ((tag == ASN1_OJI) && (con == ASN1_PRI)) {
-                                rc = asn1_oid_decode(&ctx, end, &oid, &oidlen);
+                                if (asn1_oid_decode(&ctx, end, &oid, &oidlen)) {
-                                if (rc) {
                                        cFYI(1,
                                          ("OID len = %d oid = 0x%lx 0x%lx "
                                           "0x%lx 0x%lx",
                                           oidlen, *oid, *(oid + 1),
                                           *(oid + 2), *(oid + 3)));
-                                        rc = compare_oid(oid, oidlen,
-                                                 NTLMSSP_OID, NTLMSSP_OID_LEN);
+                                        if (compare_oid(oid, oidlen,
-                                        kfree(oid);
+                                                        MSKRB5_OID,
-                                        if (rc)
+                                                        MSKRB5_OID_LEN))
+                                                use_kerberos = TRUE;
+                                        else if (compare_oid(oid, oidlen,
+                                                             KRB5_OID,
+                                                             KRB5_OID_LEN))
+                                                use_kerberos = TRUE;
+                                        else if (compare_oid(oid, oidlen,
+                                                             NTLMSSP_OID,
+                                                             NTLMSSP_OID_LEN))
                                                use_ntlmssp = TRUE;
+                                        kfree(oid);
                                }
                        } else {
                                cFYI(1, ("Should be an oid what is going on?"));
@@ -609,12 +624,10 @@ decode_negTokenInit(unsigned char *security_blob, int length,
                         ctx.pointer)); /* is this UTF-8 or ASCII? */
        }
-        /* if (use_kerberos)
+        if (use_kerberos)
-           *secType = Kerberos
+                *secType = Kerberos;
-           else */
+        else if (use_ntlmssp)
-        if (use_ntlmssp) {
                *secType = NTLMSSP;
-        }
        return 1;
 }
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
index 94c0f55d7669..416dc9fe8961 100644
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -44,6 +44,7 @@
 #include "cifs_fs_sb.h"
 #include <linux/mm.h>
 #include <linux/key-type.h>
+#include "cifs_spnego.h"
 #define CIFS_MAGIC_NUMBER 0xFF534D42    /* the first four bytes of SMB PDUs */
 #ifdef CONFIG_CIFS_QUOTA
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index 0bb3e431ee01..59d7b7c037ad 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -647,8 +647,7 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
                                                 count - 16,
                                                 &server->secType);
                        if (rc == 1) {
-                        /* BB Need to fill struct for sessetup here */
+                                rc = 0;
-                                rc = -EOPNOTSUPP;
                        } else {
                                rc = -EINVAL;
                        }
author	Jeff Layton <jlayton@redhat.com>	2007-11-03 01:11:06 -0400
committer	Steve French <sfrench@us.ibm.com>	2007-11-03 01:11:06 -0400
commit	e545937a51fe0cc78cea55752764daabb81ec96d (patch)
tree	82cfeae6a78f11dea850153f7a3e849c01f5d8d0
parent	84a15b935481fa651cc6ec60aed015312b67adda (diff)

diff --git a/fs/cifs/asn1.c b/fs/cifs/asn1.c index 2a01f3ef96a0..bcda2c6b6a04 100644 --- a/fs/cifs/asn1.c +++ b/fs/cifs/asn1.c
@@ -77,8 +77,12 @@
77		77
78	#define SPNEGO_OID_LEN 7	78	#define SPNEGO_OID_LEN 7
79	#define NTLMSSP_OID_LEN 10	79	#define NTLMSSP_OID_LEN 10
		80	#define KRB5_OID_LEN 7
		81	#define MSKRB5_OID_LEN 7
80	static unsigned long SPNEGO_OID[7] = { 1, 3, 6, 1, 5, 5, 2 };	82	static unsigned long SPNEGO_OID[7] = { 1, 3, 6, 1, 5, 5, 2 };
81	static unsigned long NTLMSSP_OID[10] = { 1, 3, 6, 1, 4, 1, 311, 2, 2, 10 };	83	static unsigned long NTLMSSP_OID[10] = { 1, 3, 6, 1, 4, 1, 311, 2, 2, 10 };
		84	static unsigned long KRB5_OID[7] = { 1, 2, 840, 113554, 1, 2, 2 };
		85	static unsigned long MSKRB5_OID[7] = { 1, 2, 840, 48018, 1, 2, 2 };
82		86
83	/*	87	/*
84	* ASN.1 context.	88	* ASN.1 context.
@@ -457,6 +461,7 @@ decode_negTokenInit(unsigned char *security_blob, int length,
457	unsigned long *oid = NULL;	461	unsigned long *oid = NULL;
458	unsigned int cls, con, tag, oidlen, rc;	462	unsigned int cls, con, tag, oidlen, rc;
459	int use_ntlmssp = FALSE;	463	int use_ntlmssp = FALSE;
		464	int use_kerberos = FALSE;
460		465
461	secType = NTLM; / BB eventually make Kerberos or NLTMSSP the default*/	466	secType = NTLM; / BB eventually make Kerberos or NLTMSSP the default*/
462		467
@@ -545,18 +550,28 @@ decode_negTokenInit(unsigned char *security_blob, int length,
545	return 0;	550	return 0;
546	}	551	}
547	if ((tag == ASN1_OJI) && (con == ASN1_PRI)) {	552	if ((tag == ASN1_OJI) && (con == ASN1_PRI)) {
548	rc = asn1_oid_decode(&ctx, end, &oid, &oidlen);	553	if (asn1_oid_decode(&ctx, end, &oid, &oidlen)) {
549	if (rc) {	554
550	cFYI(1,	555	cFYI(1,
551	("OID len = %d oid = 0x%lx 0x%lx "	556	("OID len = %d oid = 0x%lx 0x%lx "
552	"0x%lx 0x%lx",	557	"0x%lx 0x%lx",
553	oidlen, oid, (oid + 1),	558	oidlen, oid, (oid + 1),
554	(oid + 2), (oid + 3)));	559	(oid + 2), (oid + 3)));
555	rc = compare_oid(oid, oidlen,	560
556	NTLMSSP_OID, NTLMSSP_OID_LEN);	561	if (compare_oid(oid, oidlen,
557	kfree(oid);	562	MSKRB5_OID,
558	if (rc)	563	MSKRB5_OID_LEN))
		564	use_kerberos = TRUE;
		565	else if (compare_oid(oid, oidlen,
		566	KRB5_OID,
		567	KRB5_OID_LEN))
		568	use_kerberos = TRUE;
		569	else if (compare_oid(oid, oidlen,
		570	NTLMSSP_OID,
		571	NTLMSSP_OID_LEN))
559	use_ntlmssp = TRUE;	572	use_ntlmssp = TRUE;
		573
		574	kfree(oid);
560	}	575	}
561	} else {	576	} else {
562	cFYI(1, ("Should be an oid what is going on?"));	577	cFYI(1, ("Should be an oid what is going on?"));
@@ -609,12 +624,10 @@ decode_negTokenInit(unsigned char *security_blob, int length,
609	ctx.pointer)); /* is this UTF-8 or ASCII? */	624	ctx.pointer)); /* is this UTF-8 or ASCII? */
610	}	625	}
611		626
612	/* if (use_kerberos)	627	if (use_kerberos)
613	*secType = Kerberos	628	*secType = Kerberos;
614	else */	629	else if (use_ntlmssp)
615	if (use_ntlmssp) {
616	*secType = NTLMSSP;	630	*secType = NTLMSSP;
617	}
618		631
619	return 1;	632	return 1;
620	}	633	}


diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c index 94c0f55d7669..416dc9fe8961 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c
@@ -44,6 +44,7 @@
44	#include "cifs_fs_sb.h"	44	#include "cifs_fs_sb.h"
45	#include <linux/mm.h>	45	#include <linux/mm.h>
46	#include <linux/key-type.h>	46	#include <linux/key-type.h>
		47	#include "cifs_spnego.h"
47	#define CIFS_MAGIC_NUMBER 0xFF534D42 /* the first four bytes of SMB PDUs */	48	#define CIFS_MAGIC_NUMBER 0xFF534D42 /* the first four bytes of SMB PDUs */
48		49
49	#ifdef CONFIG_CIFS_QUOTA	50	#ifdef CONFIG_CIFS_QUOTA


diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index 0bb3e431ee01..59d7b7c037ad 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c
@@ -647,8 +647,7 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
647	count - 16,	647	count - 16,
648	&server->secType);	648	&server->secType);
649	if (rc == 1) {	649	if (rc == 1) {
650	/* BB Need to fill struct for sessetup here */	650	rc = 0;
651	rc = -EOPNOTSUPP;
652	} else {	651	} else {
653	rc = -EINVAL;	652	rc = -EINVAL;
654	}	653	}