diff options
Diffstat (limited to 'fs')
-rw-r--r-- | fs/cifs/asn1.c | 30 | ||||
-rw-r--r-- | fs/cifs/cifs_spnego.c | 4 | ||||
-rw-r--r-- | fs/cifs/cifsglob.h | 6 | ||||
-rw-r--r-- | fs/cifs/cifsproto.h | 2 | ||||
-rw-r--r-- | fs/cifs/cifssmb.c | 12 | ||||
-rw-r--r-- | fs/cifs/sess.c | 2 |
6 files changed, 26 insertions, 30 deletions
diff --git a/fs/cifs/asn1.c b/fs/cifs/asn1.c index 6d555c05dba9..cfd1ce34e0bc 100644 --- a/fs/cifs/asn1.c +++ b/fs/cifs/asn1.c | |||
@@ -492,17 +492,13 @@ compare_oid(unsigned long *oid1, unsigned int oid1len, | |||
492 | 492 | ||
493 | int | 493 | int |
494 | decode_negTokenInit(unsigned char *security_blob, int length, | 494 | decode_negTokenInit(unsigned char *security_blob, int length, |
495 | enum securityEnum *secType) | 495 | struct TCP_Server_Info *server) |
496 | { | 496 | { |
497 | struct asn1_ctx ctx; | 497 | struct asn1_ctx ctx; |
498 | unsigned char *end; | 498 | unsigned char *end; |
499 | unsigned char *sequence_end; | 499 | unsigned char *sequence_end; |
500 | unsigned long *oid = NULL; | 500 | unsigned long *oid = NULL; |
501 | unsigned int cls, con, tag, oidlen, rc; | 501 | unsigned int cls, con, tag, oidlen, rc; |
502 | bool use_ntlmssp = false; | ||
503 | bool use_kerberos = false; | ||
504 | bool use_kerberosu2u = false; | ||
505 | bool use_mskerberos = false; | ||
506 | 502 | ||
507 | /* cifs_dump_mem(" Received SecBlob ", security_blob, length); */ | 503 | /* cifs_dump_mem(" Received SecBlob ", security_blob, length); */ |
508 | 504 | ||
@@ -599,20 +595,17 @@ decode_negTokenInit(unsigned char *security_blob, int length, | |||
599 | *(oid + 1), *(oid + 2), *(oid + 3)); | 595 | *(oid + 1), *(oid + 2), *(oid + 3)); |
600 | 596 | ||
601 | if (compare_oid(oid, oidlen, MSKRB5_OID, | 597 | if (compare_oid(oid, oidlen, MSKRB5_OID, |
602 | MSKRB5_OID_LEN) && | 598 | MSKRB5_OID_LEN)) |
603 | !use_mskerberos) | 599 | server->sec_mskerberos = true; |
604 | use_mskerberos = true; | ||
605 | else if (compare_oid(oid, oidlen, KRB5U2U_OID, | 600 | else if (compare_oid(oid, oidlen, KRB5U2U_OID, |
606 | KRB5U2U_OID_LEN) && | 601 | KRB5U2U_OID_LEN)) |
607 | !use_kerberosu2u) | 602 | server->sec_kerberosu2u = true; |
608 | use_kerberosu2u = true; | ||
609 | else if (compare_oid(oid, oidlen, KRB5_OID, | 603 | else if (compare_oid(oid, oidlen, KRB5_OID, |
610 | KRB5_OID_LEN) && | 604 | KRB5_OID_LEN)) |
611 | !use_kerberos) | 605 | server->sec_kerberos = true; |
612 | use_kerberos = true; | ||
613 | else if (compare_oid(oid, oidlen, NTLMSSP_OID, | 606 | else if (compare_oid(oid, oidlen, NTLMSSP_OID, |
614 | NTLMSSP_OID_LEN)) | 607 | NTLMSSP_OID_LEN)) |
615 | use_ntlmssp = true; | 608 | server->sec_ntlmssp = true; |
616 | 609 | ||
617 | kfree(oid); | 610 | kfree(oid); |
618 | } | 611 | } |
@@ -669,12 +662,5 @@ decode_negTokenInit(unsigned char *security_blob, int length, | |||
669 | cFYI(1, "Need to call asn1_octets_decode() function for %s", | 662 | cFYI(1, "Need to call asn1_octets_decode() function for %s", |
670 | ctx.pointer); /* is this UTF-8 or ASCII? */ | 663 | ctx.pointer); /* is this UTF-8 or ASCII? */ |
671 | decode_negtoken_exit: | 664 | decode_negtoken_exit: |
672 | if (use_kerberos) | ||
673 | *secType = Kerberos; | ||
674 | else if (use_mskerberos) | ||
675 | *secType = MSKerberos; | ||
676 | else if (use_ntlmssp) | ||
677 | *secType = RawNTLMSSP; | ||
678 | |||
679 | return 1; | 665 | return 1; |
680 | } | 666 | } |
diff --git a/fs/cifs/cifs_spnego.c b/fs/cifs/cifs_spnego.c index c53587b83309..379bd7d9c05f 100644 --- a/fs/cifs/cifs_spnego.c +++ b/fs/cifs/cifs_spnego.c | |||
@@ -133,9 +133,9 @@ cifs_get_spnego_key(struct cifsSesInfo *sesInfo) | |||
133 | dp = description + strlen(description); | 133 | dp = description + strlen(description); |
134 | 134 | ||
135 | /* for now, only sec=krb5 and sec=mskrb5 are valid */ | 135 | /* for now, only sec=krb5 and sec=mskrb5 are valid */ |
136 | if (server->secType == Kerberos) | 136 | if (server->sec_kerberos) |
137 | sprintf(dp, ";sec=krb5"); | 137 | sprintf(dp, ";sec=krb5"); |
138 | else if (server->secType == MSKerberos) | 138 | else if (server->sec_mskerberos) |
139 | sprintf(dp, ";sec=mskrb5"); | 139 | sprintf(dp, ";sec=mskrb5"); |
140 | else | 140 | else |
141 | goto out; | 141 | goto out; |
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index c412568b4a1a..4a99487400f3 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h | |||
@@ -87,7 +87,6 @@ enum securityEnum { | |||
87 | RawNTLMSSP, /* NTLMSSP without SPNEGO, NTLMv2 hash */ | 87 | RawNTLMSSP, /* NTLMSSP without SPNEGO, NTLMv2 hash */ |
88 | /* NTLMSSP, */ /* can use rawNTLMSSP instead of NTLMSSP via SPNEGO */ | 88 | /* NTLMSSP, */ /* can use rawNTLMSSP instead of NTLMSSP via SPNEGO */ |
89 | Kerberos, /* Kerberos via SPNEGO */ | 89 | Kerberos, /* Kerberos via SPNEGO */ |
90 | MSKerberos, /* MS Kerberos via SPNEGO */ | ||
91 | }; | 90 | }; |
92 | 91 | ||
93 | enum protocolEnum { | 92 | enum protocolEnum { |
@@ -186,6 +185,11 @@ struct TCP_Server_Info { | |||
186 | char ntlmv2_hash[16]; | 185 | char ntlmv2_hash[16]; |
187 | unsigned long lstrp; /* when we got last response from this server */ | 186 | unsigned long lstrp; /* when we got last response from this server */ |
188 | u16 dialect; /* dialect index that server chose */ | 187 | u16 dialect; /* dialect index that server chose */ |
188 | /* extended security flavors that server supports */ | ||
189 | bool sec_kerberos; /* supports plain Kerberos */ | ||
190 | bool sec_mskerberos; /* supports legacy MS Kerberos */ | ||
191 | bool sec_kerberosu2u; /* supports U2U Kerberos */ | ||
192 | bool sec_ntlmssp; /* supports NTLMSSP */ | ||
189 | }; | 193 | }; |
190 | 194 | ||
191 | /* | 195 | /* |
diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h index 6fa808ec7e36..2e07da9a46fa 100644 --- a/fs/cifs/cifsproto.h +++ b/fs/cifs/cifsproto.h | |||
@@ -85,7 +85,7 @@ extern struct cifsFileInfo *find_readable_file(struct cifsInodeInfo *); | |||
85 | extern unsigned int smbCalcSize(struct smb_hdr *ptr); | 85 | extern unsigned int smbCalcSize(struct smb_hdr *ptr); |
86 | extern unsigned int smbCalcSize_LE(struct smb_hdr *ptr); | 86 | extern unsigned int smbCalcSize_LE(struct smb_hdr *ptr); |
87 | extern int decode_negTokenInit(unsigned char *security_blob, int length, | 87 | extern int decode_negTokenInit(unsigned char *security_blob, int length, |
88 | enum securityEnum *secType); | 88 | struct TCP_Server_Info *server); |
89 | extern int cifs_convert_address(char *src, void *dst); | 89 | extern int cifs_convert_address(char *src, void *dst); |
90 | extern int map_smb_to_linux_error(struct smb_hdr *smb, int logErr); | 90 | extern int map_smb_to_linux_error(struct smb_hdr *smb, int logErr); |
91 | extern void header_assemble(struct smb_hdr *, char /* command */ , | 91 | extern void header_assemble(struct smb_hdr *, char /* command */ , |
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index 30742d8eef14..c65c3419dd37 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c | |||
@@ -597,13 +597,19 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses) | |||
597 | server->secType = RawNTLMSSP; | 597 | server->secType = RawNTLMSSP; |
598 | } else { | 598 | } else { |
599 | rc = decode_negTokenInit(pSMBr->u.extended_response. | 599 | rc = decode_negTokenInit(pSMBr->u.extended_response. |
600 | SecurityBlob, | 600 | SecurityBlob, count - 16, |
601 | count - 16, | 601 | server); |
602 | &server->secType); | ||
603 | if (rc == 1) | 602 | if (rc == 1) |
604 | rc = 0; | 603 | rc = 0; |
605 | else | 604 | else |
606 | rc = -EINVAL; | 605 | rc = -EINVAL; |
606 | |||
607 | if (server->sec_kerberos || server->sec_mskerberos) | ||
608 | server->secType = Kerberos; | ||
609 | else if (server->sec_ntlmssp) | ||
610 | server->secType = RawNTLMSSP; | ||
611 | else | ||
612 | rc = -EOPNOTSUPP; | ||
607 | } | 613 | } |
608 | } else | 614 | } else |
609 | server->capabilities &= ~CAP_EXTENDED_SECURITY; | 615 | server->capabilities &= ~CAP_EXTENDED_SECURITY; |
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index 84b92dfaf84c..7707389bdf2c 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c | |||
@@ -751,7 +751,7 @@ ssetup_ntlmssp_authenticate: | |||
751 | unicode_ssetup_strings(&bcc_ptr, ses, nls_cp); | 751 | unicode_ssetup_strings(&bcc_ptr, ses, nls_cp); |
752 | } else | 752 | } else |
753 | ascii_ssetup_strings(&bcc_ptr, ses, nls_cp); | 753 | ascii_ssetup_strings(&bcc_ptr, ses, nls_cp); |
754 | } else if (type == Kerberos || type == MSKerberos) { | 754 | } else if (type == Kerberos) { |
755 | #ifdef CONFIG_CIFS_UPCALL | 755 | #ifdef CONFIG_CIFS_UPCALL |
756 | struct cifs_spnego_msg *msg; | 756 | struct cifs_spnego_msg *msg; |
757 | spnego_key = cifs_get_spnego_key(ses); | 757 | spnego_key = cifs_get_spnego_key(ses); |