3 files changed, 26 insertions, 13 deletions
diff --git a/fs/cifs/asn1.c b/fs/cifs/asn1.c
index 2a01f3ef96a0..bcda2c6b6a04 100644
--- a/fs/cifs/asn1.c
+++ b/fs/cifs/asn1.c
@@ -77,8 +77,12 @@
 #define SPNEGO_OID_LEN 7
 #define NTLMSSP_OID_LEN  10
+#define KRB5_OID_LEN  7
+#define MSKRB5_OID_LEN  7
 static unsigned long SPNEGO_OID[7] = { 1, 3, 6, 1, 5, 5, 2 };
 static unsigned long NTLMSSP_OID[10] = { 1, 3, 6, 1, 4, 1, 311, 2, 2, 10 };
+static unsigned long KRB5_OID[7] = { 1, 2, 840, 113554, 1, 2, 2 };
+static unsigned long MSKRB5_OID[7] = { 1, 2, 840, 48018, 1, 2, 2 };
 /*
 * ASN.1 context.
@@ -457,6 +461,7 @@ decode_negTokenInit(unsigned char *security_blob, int length,
        unsigned long *oid = NULL;
        unsigned int cls, con, tag, oidlen, rc;
        int use_ntlmssp = FALSE;
+        int use_kerberos = FALSE;
        *secType = NTLM; /* BB eventually make Kerberos or NLTMSSP the default*/
@@ -545,18 +550,28 @@ decode_negTokenInit(unsigned char *security_blob, int length,
                                return 0;
                        }
                        if ((tag == ASN1_OJI) && (con == ASN1_PRI)) {
-                                rc = asn1_oid_decode(&ctx, end, &oid, &oidlen);
+                                if (asn1_oid_decode(&ctx, end, &oid, &oidlen)) {
-                                if (rc) {
                                        cFYI(1,
                                          ("OID len = %d oid = 0x%lx 0x%lx "
                                           "0x%lx 0x%lx",
                                           oidlen, *oid, *(oid + 1),
                                           *(oid + 2), *(oid + 3)));
-                                        rc = compare_oid(oid, oidlen,
-                                                 NTLMSSP_OID, NTLMSSP_OID_LEN);
+                                        if (compare_oid(oid, oidlen,
-                                        kfree(oid);
+                                                        MSKRB5_OID,
-                                        if (rc)
+                                                        MSKRB5_OID_LEN))
+                                                use_kerberos = TRUE;
+                                        else if (compare_oid(oid, oidlen,
+                                                             KRB5_OID,
+                                                             KRB5_OID_LEN))
+                                                use_kerberos = TRUE;
+                                        else if (compare_oid(oid, oidlen,
+                                                             NTLMSSP_OID,
+                                                             NTLMSSP_OID_LEN))
                                                use_ntlmssp = TRUE;
+                                        kfree(oid);
                                }
                        } else {
                                cFYI(1, ("Should be an oid what is going on?"));
@@ -609,12 +624,10 @@ decode_negTokenInit(unsigned char *security_blob, int length,
                         ctx.pointer)); /* is this UTF-8 or ASCII? */
        }
-        /* if (use_kerberos)
+        if (use_kerberos)
-           *secType = Kerberos
+                *secType = Kerberos;
-           else */
+        else if (use_ntlmssp)
-        if (use_ntlmssp) {
                *secType = NTLMSSP;
-        }
        return 1;
 }
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
index 94c0f55d7669..416dc9fe8961 100644
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -44,6 +44,7 @@
 #include "cifs_fs_sb.h"
 #include <linux/mm.h>
 #include <linux/key-type.h>
+#include "cifs_spnego.h"
 #define CIFS_MAGIC_NUMBER 0xFF534D42    /* the first four bytes of SMB PDUs */
 #ifdef CONFIG_CIFS_QUOTA
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index 0bb3e431ee01..59d7b7c037ad 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -647,8 +647,7 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
                                                 count - 16,
                                                 &server->secType);
                        if (rc == 1) {
-                        /* BB Need to fill struct for sessetup here */
+                                rc = 0;
-                                rc = -EOPNOTSUPP;
                        } else {
                                rc = -EINVAL;
                        }

diff --git a/fs/cifs/asn1.c b/fs/cifs/asn1.c index 2a01f3ef96a0..bcda2c6b6a04 100644 --- a/fs/cifs/asn1.c +++ b/fs/cifs/asn1.c
@@ -77,8 +77,12 @@
77		77
78	#define SPNEGO_OID_LEN 7	78	#define SPNEGO_OID_LEN 7
79	#define NTLMSSP_OID_LEN 10	79	#define NTLMSSP_OID_LEN 10
		80	#define KRB5_OID_LEN 7
		81	#define MSKRB5_OID_LEN 7
80	static unsigned long SPNEGO_OID[7] = { 1, 3, 6, 1, 5, 5, 2 };	82	static unsigned long SPNEGO_OID[7] = { 1, 3, 6, 1, 5, 5, 2 };
81	static unsigned long NTLMSSP_OID[10] = { 1, 3, 6, 1, 4, 1, 311, 2, 2, 10 };	83	static unsigned long NTLMSSP_OID[10] = { 1, 3, 6, 1, 4, 1, 311, 2, 2, 10 };
		84	static unsigned long KRB5_OID[7] = { 1, 2, 840, 113554, 1, 2, 2 };
		85	static unsigned long MSKRB5_OID[7] = { 1, 2, 840, 48018, 1, 2, 2 };
82		86
83	/*	87	/*
84	* ASN.1 context.	88	* ASN.1 context.
@@ -457,6 +461,7 @@ decode_negTokenInit(unsigned char *security_blob, int length,
457	unsigned long *oid = NULL;	461	unsigned long *oid = NULL;
458	unsigned int cls, con, tag, oidlen, rc;	462	unsigned int cls, con, tag, oidlen, rc;
459	int use_ntlmssp = FALSE;	463	int use_ntlmssp = FALSE;
		464	int use_kerberos = FALSE;
460		465
461	secType = NTLM; / BB eventually make Kerberos or NLTMSSP the default*/	466	secType = NTLM; / BB eventually make Kerberos or NLTMSSP the default*/
462		467
@@ -545,18 +550,28 @@ decode_negTokenInit(unsigned char *security_blob, int length,
545	return 0;	550	return 0;
546	}	551	}
547	if ((tag == ASN1_OJI) && (con == ASN1_PRI)) {	552	if ((tag == ASN1_OJI) && (con == ASN1_PRI)) {
548	rc = asn1_oid_decode(&ctx, end, &oid, &oidlen);	553	if (asn1_oid_decode(&ctx, end, &oid, &oidlen)) {
549	if (rc) {	554
550	cFYI(1,	555	cFYI(1,
551	("OID len = %d oid = 0x%lx 0x%lx "	556	("OID len = %d oid = 0x%lx 0x%lx "
552	"0x%lx 0x%lx",	557	"0x%lx 0x%lx",
553	oidlen, oid, (oid + 1),	558	oidlen, oid, (oid + 1),
554	(oid + 2), (oid + 3)));	559	(oid + 2), (oid + 3)));
555	rc = compare_oid(oid, oidlen,	560
556	NTLMSSP_OID, NTLMSSP_OID_LEN);	561	if (compare_oid(oid, oidlen,
557	kfree(oid);	562	MSKRB5_OID,
558	if (rc)	563	MSKRB5_OID_LEN))
		564	use_kerberos = TRUE;
		565	else if (compare_oid(oid, oidlen,
		566	KRB5_OID,
		567	KRB5_OID_LEN))
		568	use_kerberos = TRUE;
		569	else if (compare_oid(oid, oidlen,
		570	NTLMSSP_OID,
		571	NTLMSSP_OID_LEN))
559	use_ntlmssp = TRUE;	572	use_ntlmssp = TRUE;
		573
		574	kfree(oid);
560	}	575	}
561	} else {	576	} else {
562	cFYI(1, ("Should be an oid what is going on?"));	577	cFYI(1, ("Should be an oid what is going on?"));
@@ -609,12 +624,10 @@ decode_negTokenInit(unsigned char *security_blob, int length,
609	ctx.pointer)); /* is this UTF-8 or ASCII? */	624	ctx.pointer)); /* is this UTF-8 or ASCII? */
610	}	625	}
611		626
612	/* if (use_kerberos)	627	if (use_kerberos)
613	*secType = Kerberos	628	*secType = Kerberos;
614	else */	629	else if (use_ntlmssp)
615	if (use_ntlmssp) {
616	*secType = NTLMSSP;	630	*secType = NTLMSSP;
617	}
618		631
619	return 1;	632	return 1;
620	}	633	}


diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c index 94c0f55d7669..416dc9fe8961 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c
@@ -44,6 +44,7 @@
44	#include "cifs_fs_sb.h"	44	#include "cifs_fs_sb.h"
45	#include <linux/mm.h>	45	#include <linux/mm.h>
46	#include <linux/key-type.h>	46	#include <linux/key-type.h>
		47	#include "cifs_spnego.h"
47	#define CIFS_MAGIC_NUMBER 0xFF534D42 /* the first four bytes of SMB PDUs */	48	#define CIFS_MAGIC_NUMBER 0xFF534D42 /* the first four bytes of SMB PDUs */
48		49
49	#ifdef CONFIG_CIFS_QUOTA	50	#ifdef CONFIG_CIFS_QUOTA


diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index 0bb3e431ee01..59d7b7c037ad 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c
@@ -647,8 +647,7 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
647	count - 16,	647	count - 16,
648	&server->secType);	648	&server->secType);
649	if (rc == 1) {	649	if (rc == 1) {
650	/* BB Need to fill struct for sessetup here */	650	rc = 0;
651	rc = -EOPNOTSUPP;
652	} else {	651	} else {
653	rc = -EINVAL;	652	rc = -EINVAL;
654	}	653	}