diff options
author | Steve French <sfrench@us.ibm.com> | 2008-08-19 15:35:33 -0400 |
---|---|---|
committer | Steve French <sfrench@us.ibm.com> | 2008-08-19 15:35:33 -0400 |
commit | c16fefa56334e8d0197492607e473fdbb813073f (patch) | |
tree | 8dc227ea6a712939ce216dd93746dc9baa4ee13f /fs/cifs/asn1.c | |
parent | cb7691b648bddbfaf6dd8d8068273dbb18d2484c (diff) |
[CIFS] distinguish between Kerberos and MSKerberos in upcall
Properly handle MSKRB5 by passing sec=mskrb5 to the upcall so that the
spengo blob can be generated appropriately. Also, make
decode_negTokenInit prefer whichever mechanism is first in the list.
Needed for some NetApp servers, and possibly some older
versions of Windows which treat the two KRB5 mechanisms differently.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs/cifs/asn1.c')
-rw-r--r-- | fs/cifs/asn1.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/fs/cifs/asn1.c b/fs/cifs/asn1.c index 5fabd2caf93c..1b09f1670061 100644 --- a/fs/cifs/asn1.c +++ b/fs/cifs/asn1.c | |||
@@ -476,6 +476,7 @@ decode_negTokenInit(unsigned char *security_blob, int length, | |||
476 | unsigned int cls, con, tag, oidlen, rc; | 476 | unsigned int cls, con, tag, oidlen, rc; |
477 | bool use_ntlmssp = false; | 477 | bool use_ntlmssp = false; |
478 | bool use_kerberos = false; | 478 | bool use_kerberos = false; |
479 | bool use_mskerberos = false; | ||
479 | 480 | ||
480 | *secType = NTLM; /* BB eventually make Kerberos or NLTMSSP the default*/ | 481 | *secType = NTLM; /* BB eventually make Kerberos or NLTMSSP the default*/ |
481 | 482 | ||
@@ -574,10 +575,12 @@ decode_negTokenInit(unsigned char *security_blob, int length, | |||
574 | *(oid + 1), *(oid + 2), *(oid + 3))); | 575 | *(oid + 1), *(oid + 2), *(oid + 3))); |
575 | 576 | ||
576 | if (compare_oid(oid, oidlen, MSKRB5_OID, | 577 | if (compare_oid(oid, oidlen, MSKRB5_OID, |
577 | MSKRB5_OID_LEN)) | 578 | MSKRB5_OID_LEN) && |
578 | use_kerberos = true; | 579 | !use_kerberos) |
580 | use_mskerberos = true; | ||
579 | else if (compare_oid(oid, oidlen, KRB5_OID, | 581 | else if (compare_oid(oid, oidlen, KRB5_OID, |
580 | KRB5_OID_LEN)) | 582 | KRB5_OID_LEN) && |
583 | !use_mskerberos) | ||
581 | use_kerberos = true; | 584 | use_kerberos = true; |
582 | else if (compare_oid(oid, oidlen, NTLMSSP_OID, | 585 | else if (compare_oid(oid, oidlen, NTLMSSP_OID, |
583 | NTLMSSP_OID_LEN)) | 586 | NTLMSSP_OID_LEN)) |
@@ -630,6 +633,8 @@ decode_negTokenInit(unsigned char *security_blob, int length, | |||
630 | 633 | ||
631 | if (use_kerberos) | 634 | if (use_kerberos) |
632 | *secType = Kerberos; | 635 | *secType = Kerberos; |
636 | else if (use_mskerberos) | ||
637 | *secType = MSKerberos; | ||
633 | else if (use_ntlmssp) | 638 | else if (use_ntlmssp) |
634 | *secType = NTLMSSP; | 639 | *secType = NTLMSSP; |
635 | 640 | ||