[CIFS] add OIDs for KRB5 and MSKRB5 to ASN1 parsing routines
Jeff Layton [Sat, 3 Nov 2007 05:11:06 +0000 (05:11 +0000)]
Also, fix the parser to recognize them and set the secType
accordingly. Make CIFSSMBNegotiate not error out automatically
after parsing the securityBlob.

Also thanks to Q (Igor) and Simo for their help on this
set of kerberos patches (and Dave Howells for help on the
upcall).

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>

fs/cifs/asn1.c
fs/cifs/cifsfs.c
fs/cifs/cifssmb.c

index 2a01f3e..bcda2c6 100644 (file)
 
 #define SPNEGO_OID_LEN 7
 #define NTLMSSP_OID_LEN  10
+#define KRB5_OID_LEN  7
+#define MSKRB5_OID_LEN  7
 static unsigned long SPNEGO_OID[7] = { 1, 3, 6, 1, 5, 5, 2 };
 static unsigned long NTLMSSP_OID[10] = { 1, 3, 6, 1, 4, 1, 311, 2, 2, 10 };
+static unsigned long KRB5_OID[7] = { 1, 2, 840, 113554, 1, 2, 2 };
+static unsigned long MSKRB5_OID[7] = { 1, 2, 840, 48018, 1, 2, 2 };
 
 /*
  * ASN.1 context.
@@ -457,6 +461,7 @@ decode_negTokenInit(unsigned char *security_blob, int length,
        unsigned long *oid = NULL;
        unsigned int cls, con, tag, oidlen, rc;
        int use_ntlmssp = FALSE;
+       int use_kerberos = FALSE;
 
        *secType = NTLM; /* BB eventually make Kerberos or NLTMSSP the default*/
 
@@ -545,18 +550,28 @@ decode_negTokenInit(unsigned char *security_blob, int length,
                                return 0;
                        }
                        if ((tag == ASN1_OJI) && (con == ASN1_PRI)) {
-                               rc = asn1_oid_decode(&ctx, end, &oid, &oidlen);
-                               if (rc) {
+                               if (asn1_oid_decode(&ctx, end, &oid, &oidlen)) {
+
                                        cFYI(1,
                                          ("OID len = %d oid = 0x%lx 0x%lx "
                                           "0x%lx 0x%lx",
                                           oidlen, *oid, *(oid + 1),
                                           *(oid + 2), *(oid + 3)));
-                                       rc = compare_oid(oid, oidlen,
-                                                NTLMSSP_OID, NTLMSSP_OID_LEN);
-                                       kfree(oid);
-                                       if (rc)
+
+                                       if (compare_oid(oid, oidlen,
+                                                       MSKRB5_OID,
+                                                       MSKRB5_OID_LEN))
+                                               use_kerberos = TRUE;
+                                       else if (compare_oid(oid, oidlen,
+                                                            KRB5_OID,
+                                                            KRB5_OID_LEN))
+                                               use_kerberos = TRUE;
+                                       else if (compare_oid(oid, oidlen,
+                                                            NTLMSSP_OID,
+                                                            NTLMSSP_OID_LEN))
                                                use_ntlmssp = TRUE;
+
+                                       kfree(oid);
                                }
                        } else {
                                cFYI(1, ("Should be an oid what is going on?"));
@@ -609,12 +624,10 @@ decode_negTokenInit(unsigned char *security_blob, int length,
                         ctx.pointer)); /* is this UTF-8 or ASCII? */
        }
 
-       /* if (use_kerberos)
-          *secType = Kerberos
-          else */
-       if (use_ntlmssp) {
+       if (use_kerberos)
+               *secType = Kerberos;
+       else if (use_ntlmssp)
                *secType = NTLMSSP;
-       }
 
        return 1;
 }
index 94c0f55..416dc9f 100644 (file)
@@ -44,6 +44,7 @@
 #include "cifs_fs_sb.h"
 #include <linux/mm.h>
 #include <linux/key-type.h>
+#include "cifs_spnego.h"
 #define CIFS_MAGIC_NUMBER 0xFF534D42   /* the first four bytes of SMB PDUs */
 
 #ifdef CONFIG_CIFS_QUOTA
index 0bb3e43..59d7b7c 100644 (file)
@@ -647,8 +647,7 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
                                                 count - 16,
                                                 &server->secType);
                        if (rc == 1) {
-                       /* BB Need to fill struct for sessetup here */
-                               rc = -EOPNOTSUPP;
+                               rc = 0;
                        } else {
                                rc = -EINVAL;
                        }