diff options
| author | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-11-12 14:11:39 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-11-12 14:11:39 -0500 |
| commit | 46015977e70f672ae6b20a1b5fb1e361208365ba (patch) | |
| tree | e3be0785eff90cc8023cd1ea03fc22d3dcf37f41 /fs/cifs/asn1.c | |
| parent | 92d140e21f1ce8cf99320afbbcad73879128e6dc (diff) | |
| parent | 9b8f5f573770f33b28c45255ac82e6457278c782 (diff) | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6: (21 commits)
[CIFS] fix oops on second mount to same server when null auth is used
[CIFS] Fix stale mode after readdir when cifsacl specified
[CIFS] add mode to acl conversion helper function
[CIFS] Fix incorrect mode when ACL had deny access control entries
[CIFS] Add uid to key description so krb can handle user mounts
[CIFS] Fix walking out end of cifs dacl
[CIFS] Add upcall files for cifs to use spnego/kerberos
[CIFS] add OIDs for KRB5 and MSKRB5 to ASN1 parsing routines
[CIFS] Register and unregister cifs_spnego_key_type on module init/exit
[CIFS] implement upcalls for SPNEGO blob via keyctl API
[CIFS] allow cifs_calc_signature2 to deal with a zero length iovec
[CIFS] If no Access Control Entries, set mode perm bits to zero
[CIFS] when mount helper missing fix slash wrong direction in share
[CIFS] Don't request too much permission when reading an ACL
[CIFS] enable get mode from ACL when cifsacl mount option specified
[CIFS] ACL support part 8
[CIFS] acl support part 7
[CIFS] acl support part 6
[CIFS] acl support part 6
[CIFS] remove unused funtion compile warning when experimental off
...
Diffstat (limited to 'fs/cifs/asn1.c')
| -rw-r--r-- | fs/cifs/asn1.c | 35 |
1 files changed, 24 insertions, 11 deletions
diff --git a/fs/cifs/asn1.c b/fs/cifs/asn1.c index 2a01f3ef96a0..bcda2c6b6a04 100644 --- a/fs/cifs/asn1.c +++ b/fs/cifs/asn1.c | |||
| @@ -77,8 +77,12 @@ | |||
| 77 | 77 | ||
| 78 | #define SPNEGO_OID_LEN 7 | 78 | #define SPNEGO_OID_LEN 7 |
| 79 | #define NTLMSSP_OID_LEN 10 | 79 | #define NTLMSSP_OID_LEN 10 |
| 80 | #define KRB5_OID_LEN 7 | ||
| 81 | #define MSKRB5_OID_LEN 7 | ||
| 80 | static unsigned long SPNEGO_OID[7] = { 1, 3, 6, 1, 5, 5, 2 }; | 82 | static unsigned long SPNEGO_OID[7] = { 1, 3, 6, 1, 5, 5, 2 }; |
| 81 | static unsigned long NTLMSSP_OID[10] = { 1, 3, 6, 1, 4, 1, 311, 2, 2, 10 }; | 83 | static unsigned long NTLMSSP_OID[10] = { 1, 3, 6, 1, 4, 1, 311, 2, 2, 10 }; |
| 84 | static unsigned long KRB5_OID[7] = { 1, 2, 840, 113554, 1, 2, 2 }; | ||
| 85 | static unsigned long MSKRB5_OID[7] = { 1, 2, 840, 48018, 1, 2, 2 }; | ||
| 82 | 86 | ||
| 83 | /* | 87 | /* |
| 84 | * ASN.1 context. | 88 | * ASN.1 context. |
| @@ -457,6 +461,7 @@ decode_negTokenInit(unsigned char *security_blob, int length, | |||
| 457 | unsigned long *oid = NULL; | 461 | unsigned long *oid = NULL; |
| 458 | unsigned int cls, con, tag, oidlen, rc; | 462 | unsigned int cls, con, tag, oidlen, rc; |
| 459 | int use_ntlmssp = FALSE; | 463 | int use_ntlmssp = FALSE; |
| 464 | int use_kerberos = FALSE; | ||
| 460 | 465 | ||
| 461 | *secType = NTLM; /* BB eventually make Kerberos or NLTMSSP the default*/ | 466 | *secType = NTLM; /* BB eventually make Kerberos or NLTMSSP the default*/ |
| 462 | 467 | ||
| @@ -545,18 +550,28 @@ decode_negTokenInit(unsigned char *security_blob, int length, | |||
| 545 | return 0; | 550 | return 0; |
| 546 | } | 551 | } |
| 547 | if ((tag == ASN1_OJI) && (con == ASN1_PRI)) { | 552 | if ((tag == ASN1_OJI) && (con == ASN1_PRI)) { |
| 548 | rc = asn1_oid_decode(&ctx, end, &oid, &oidlen); | 553 | if (asn1_oid_decode(&ctx, end, &oid, &oidlen)) { |
| 549 | if (rc) { | 554 | |
| 550 | cFYI(1, | 555 | cFYI(1, |
| 551 | ("OID len = %d oid = 0x%lx 0x%lx " | 556 | ("OID len = %d oid = 0x%lx 0x%lx " |
| 552 | "0x%lx 0x%lx", | 557 | "0x%lx 0x%lx", |
| 553 | oidlen, *oid, *(oid + 1), | 558 | oidlen, *oid, *(oid + 1), |
| 554 | *(oid + 2), *(oid + 3))); | 559 | *(oid + 2), *(oid + 3))); |
| 555 | rc = compare_oid(oid, oidlen, | 560 | |
| 556 | NTLMSSP_OID, NTLMSSP_OID_LEN); | 561 | if (compare_oid(oid, oidlen, |
| 557 | kfree(oid); | 562 | MSKRB5_OID, |
| 558 | if (rc) | 563 | MSKRB5_OID_LEN)) |
| 564 | use_kerberos = TRUE; | ||
| 565 | else if (compare_oid(oid, oidlen, | ||
| 566 | KRB5_OID, | ||
| 567 | KRB5_OID_LEN)) | ||
| 568 | use_kerberos = TRUE; | ||
| 569 | else if (compare_oid(oid, oidlen, | ||
| 570 | NTLMSSP_OID, | ||
| 571 | NTLMSSP_OID_LEN)) | ||
| 559 | use_ntlmssp = TRUE; | 572 | use_ntlmssp = TRUE; |
| 573 | |||
| 574 | kfree(oid); | ||
| 560 | } | 575 | } |
| 561 | } else { | 576 | } else { |
| 562 | cFYI(1, ("Should be an oid what is going on?")); | 577 | cFYI(1, ("Should be an oid what is going on?")); |
| @@ -609,12 +624,10 @@ decode_negTokenInit(unsigned char *security_blob, int length, | |||
| 609 | ctx.pointer)); /* is this UTF-8 or ASCII? */ | 624 | ctx.pointer)); /* is this UTF-8 or ASCII? */ |
| 610 | } | 625 | } |
| 611 | 626 | ||
| 612 | /* if (use_kerberos) | 627 | if (use_kerberos) |
| 613 | *secType = Kerberos | 628 | *secType = Kerberos; |
| 614 | else */ | 629 | else if (use_ntlmssp) |
| 615 | if (use_ntlmssp) { | ||
| 616 | *secType = NTLMSSP; | 630 | *secType = NTLMSSP; |
| 617 | } | ||
| 618 | 631 | ||
| 619 | return 1; | 632 | return 1; |
| 620 | } | 633 | } |