aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--fs/cifs/asn1.c30
-rw-r--r--fs/cifs/cifs_spnego.c4
-rw-r--r--fs/cifs/cifsglob.h6
-rw-r--r--fs/cifs/cifsproto.h2
-rw-r--r--fs/cifs/cifssmb.c12
-rw-r--r--fs/cifs/sess.c2
6 files changed, 26 insertions, 30 deletions
diff --git a/fs/cifs/asn1.c b/fs/cifs/asn1.c
index 6d555c05dba9..cfd1ce34e0bc 100644
--- a/fs/cifs/asn1.c
+++ b/fs/cifs/asn1.c
@@ -492,17 +492,13 @@ compare_oid(unsigned long *oid1, unsigned int oid1len,
492 492
493int 493int
494decode_negTokenInit(unsigned char *security_blob, int length, 494decode_negTokenInit(unsigned char *security_blob, int length,
495 enum securityEnum *secType) 495 struct TCP_Server_Info *server)
496{ 496{
497 struct asn1_ctx ctx; 497 struct asn1_ctx ctx;
498 unsigned char *end; 498 unsigned char *end;
499 unsigned char *sequence_end; 499 unsigned char *sequence_end;
500 unsigned long *oid = NULL; 500 unsigned long *oid = NULL;
501 unsigned int cls, con, tag, oidlen, rc; 501 unsigned int cls, con, tag, oidlen, rc;
502 bool use_ntlmssp = false;
503 bool use_kerberos = false;
504 bool use_kerberosu2u = false;
505 bool use_mskerberos = false;
506 502
507 /* cifs_dump_mem(" Received SecBlob ", security_blob, length); */ 503 /* cifs_dump_mem(" Received SecBlob ", security_blob, length); */
508 504
@@ -599,20 +595,17 @@ decode_negTokenInit(unsigned char *security_blob, int length,
599 *(oid + 1), *(oid + 2), *(oid + 3)); 595 *(oid + 1), *(oid + 2), *(oid + 3));
600 596
601 if (compare_oid(oid, oidlen, MSKRB5_OID, 597 if (compare_oid(oid, oidlen, MSKRB5_OID,
602 MSKRB5_OID_LEN) && 598 MSKRB5_OID_LEN))
603 !use_mskerberos) 599 server->sec_mskerberos = true;
604 use_mskerberos = true;
605 else if (compare_oid(oid, oidlen, KRB5U2U_OID, 600 else if (compare_oid(oid, oidlen, KRB5U2U_OID,
606 KRB5U2U_OID_LEN) && 601 KRB5U2U_OID_LEN))
607 !use_kerberosu2u) 602 server->sec_kerberosu2u = true;
608 use_kerberosu2u = true;
609 else if (compare_oid(oid, oidlen, KRB5_OID, 603 else if (compare_oid(oid, oidlen, KRB5_OID,
610 KRB5_OID_LEN) && 604 KRB5_OID_LEN))
611 !use_kerberos) 605 server->sec_kerberos = true;
612 use_kerberos = true;
613 else if (compare_oid(oid, oidlen, NTLMSSP_OID, 606 else if (compare_oid(oid, oidlen, NTLMSSP_OID,
614 NTLMSSP_OID_LEN)) 607 NTLMSSP_OID_LEN))
615 use_ntlmssp = true; 608 server->sec_ntlmssp = true;
616 609
617 kfree(oid); 610 kfree(oid);
618 } 611 }
@@ -669,12 +662,5 @@ decode_negTokenInit(unsigned char *security_blob, int length,
669 cFYI(1, "Need to call asn1_octets_decode() function for %s", 662 cFYI(1, "Need to call asn1_octets_decode() function for %s",
670 ctx.pointer); /* is this UTF-8 or ASCII? */ 663 ctx.pointer); /* is this UTF-8 or ASCII? */
671decode_negtoken_exit: 664decode_negtoken_exit:
672 if (use_kerberos)
673 *secType = Kerberos;
674 else if (use_mskerberos)
675 *secType = MSKerberos;
676 else if (use_ntlmssp)
677 *secType = RawNTLMSSP;
678
679 return 1; 665 return 1;
680} 666}
diff --git a/fs/cifs/cifs_spnego.c b/fs/cifs/cifs_spnego.c
index c53587b83309..379bd7d9c05f 100644
--- a/fs/cifs/cifs_spnego.c
+++ b/fs/cifs/cifs_spnego.c
@@ -133,9 +133,9 @@ cifs_get_spnego_key(struct cifsSesInfo *sesInfo)
133 dp = description + strlen(description); 133 dp = description + strlen(description);
134 134
135 /* for now, only sec=krb5 and sec=mskrb5 are valid */ 135 /* for now, only sec=krb5 and sec=mskrb5 are valid */
136 if (server->secType == Kerberos) 136 if (server->sec_kerberos)
137 sprintf(dp, ";sec=krb5"); 137 sprintf(dp, ";sec=krb5");
138 else if (server->secType == MSKerberos) 138 else if (server->sec_mskerberos)
139 sprintf(dp, ";sec=mskrb5"); 139 sprintf(dp, ";sec=mskrb5");
140 else 140 else
141 goto out; 141 goto out;
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index c412568b4a1a..4a99487400f3 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -87,7 +87,6 @@ enum securityEnum {
87 RawNTLMSSP, /* NTLMSSP without SPNEGO, NTLMv2 hash */ 87 RawNTLMSSP, /* NTLMSSP without SPNEGO, NTLMv2 hash */
88/* NTLMSSP, */ /* can use rawNTLMSSP instead of NTLMSSP via SPNEGO */ 88/* NTLMSSP, */ /* can use rawNTLMSSP instead of NTLMSSP via SPNEGO */
89 Kerberos, /* Kerberos via SPNEGO */ 89 Kerberos, /* Kerberos via SPNEGO */
90 MSKerberos, /* MS Kerberos via SPNEGO */
91}; 90};
92 91
93enum protocolEnum { 92enum protocolEnum {
@@ -186,6 +185,11 @@ struct TCP_Server_Info {
186 char ntlmv2_hash[16]; 185 char ntlmv2_hash[16];
187 unsigned long lstrp; /* when we got last response from this server */ 186 unsigned long lstrp; /* when we got last response from this server */
188 u16 dialect; /* dialect index that server chose */ 187 u16 dialect; /* dialect index that server chose */
188 /* extended security flavors that server supports */
189 bool sec_kerberos; /* supports plain Kerberos */
190 bool sec_mskerberos; /* supports legacy MS Kerberos */
191 bool sec_kerberosu2u; /* supports U2U Kerberos */
192 bool sec_ntlmssp; /* supports NTLMSSP */
189}; 193};
190 194
191/* 195/*
diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h
index 6fa808ec7e36..2e07da9a46fa 100644
--- a/fs/cifs/cifsproto.h
+++ b/fs/cifs/cifsproto.h
@@ -85,7 +85,7 @@ extern struct cifsFileInfo *find_readable_file(struct cifsInodeInfo *);
85extern unsigned int smbCalcSize(struct smb_hdr *ptr); 85extern unsigned int smbCalcSize(struct smb_hdr *ptr);
86extern unsigned int smbCalcSize_LE(struct smb_hdr *ptr); 86extern unsigned int smbCalcSize_LE(struct smb_hdr *ptr);
87extern int decode_negTokenInit(unsigned char *security_blob, int length, 87extern int decode_negTokenInit(unsigned char *security_blob, int length,
88 enum securityEnum *secType); 88 struct TCP_Server_Info *server);
89extern int cifs_convert_address(char *src, void *dst); 89extern int cifs_convert_address(char *src, void *dst);
90extern int map_smb_to_linux_error(struct smb_hdr *smb, int logErr); 90extern int map_smb_to_linux_error(struct smb_hdr *smb, int logErr);
91extern void header_assemble(struct smb_hdr *, char /* command */ , 91extern void header_assemble(struct smb_hdr *, char /* command */ ,
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index 30742d8eef14..c65c3419dd37 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -597,13 +597,19 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
597 server->secType = RawNTLMSSP; 597 server->secType = RawNTLMSSP;
598 } else { 598 } else {
599 rc = decode_negTokenInit(pSMBr->u.extended_response. 599 rc = decode_negTokenInit(pSMBr->u.extended_response.
600 SecurityBlob, 600 SecurityBlob, count - 16,
601 count - 16, 601 server);
602 &server->secType);
603 if (rc == 1) 602 if (rc == 1)
604 rc = 0; 603 rc = 0;
605 else 604 else
606 rc = -EINVAL; 605 rc = -EINVAL;
606
607 if (server->sec_kerberos || server->sec_mskerberos)
608 server->secType = Kerberos;
609 else if (server->sec_ntlmssp)
610 server->secType = RawNTLMSSP;
611 else
612 rc = -EOPNOTSUPP;
607 } 613 }
608 } else 614 } else
609 server->capabilities &= ~CAP_EXTENDED_SECURITY; 615 server->capabilities &= ~CAP_EXTENDED_SECURITY;
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index 84b92dfaf84c..7707389bdf2c 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -751,7 +751,7 @@ ssetup_ntlmssp_authenticate:
751 unicode_ssetup_strings(&bcc_ptr, ses, nls_cp); 751 unicode_ssetup_strings(&bcc_ptr, ses, nls_cp);
752 } else 752 } else
753 ascii_ssetup_strings(&bcc_ptr, ses, nls_cp); 753 ascii_ssetup_strings(&bcc_ptr, ses, nls_cp);
754 } else if (type == Kerberos || type == MSKerberos) { 754 } else if (type == Kerberos) {
755#ifdef CONFIG_CIFS_UPCALL 755#ifdef CONFIG_CIFS_UPCALL
756 struct cifs_spnego_msg *msg; 756 struct cifs_spnego_msg *msg;
757 spnego_key = cifs_get_spnego_key(ses); 757 spnego_key = cifs_get_spnego_key(ses);
generated by cgit v1.2.2 (git 2.25.0) at 2025-11-19 02:50:22 -0500