cifs: have decode_negTokenInit set flags in server struct
authorJeff Layton <jlayton@redhat.com>
Sat, 24 Apr 2010 11:57:49 +0000 (07:57 -0400)
committerSteve French <sfrench@us.ibm.com>
Wed, 5 May 2010 23:24:11 +0000 (23:24 +0000)
...rather than the secType. This allows us to get rid of the MSKerberos
securityEnum. The client just makes a decision at upcall time.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
fs/cifs/asn1.c
fs/cifs/cifs_spnego.c
fs/cifs/cifsglob.h
fs/cifs/cifsproto.h
fs/cifs/cifssmb.c
fs/cifs/sess.c

index 6d555c05dba9b456aeb4264e9e6bdff97b3c4448..cfd1ce34e0bc7b8c4794c81e1aa937e7f009ca75 100644 (file)
@@ -492,17 +492,13 @@ compare_oid(unsigned long *oid1, unsigned int oid1len,
 
 int
 decode_negTokenInit(unsigned char *security_blob, int length,
-                   enum securityEnum *secType)
+                   struct TCP_Server_Info *server)
 {
        struct asn1_ctx ctx;
        unsigned char *end;
        unsigned char *sequence_end;
        unsigned long *oid = NULL;
        unsigned int cls, con, tag, oidlen, rc;
-       bool use_ntlmssp = false;
-       bool use_kerberos = false;
-       bool use_kerberosu2u = false;
-       bool use_mskerberos = false;
 
        /* cifs_dump_mem(" Received SecBlob ", security_blob, length); */
 
@@ -599,20 +595,17 @@ decode_negTokenInit(unsigned char *security_blob, int length,
                                        *(oid + 1), *(oid + 2), *(oid + 3));
 
                                if (compare_oid(oid, oidlen, MSKRB5_OID,
-                                               MSKRB5_OID_LEN) &&
-                                               !use_mskerberos)
-                                       use_mskerberos = true;
+                                               MSKRB5_OID_LEN))
+                                       server->sec_mskerberos = true;
                                else if (compare_oid(oid, oidlen, KRB5U2U_OID,
-                                                    KRB5U2U_OID_LEN) &&
-                                                    !use_kerberosu2u)
-                                       use_kerberosu2u = true;
+                                                    KRB5U2U_OID_LEN))
+                                       server->sec_kerberosu2u = true;
                                else if (compare_oid(oid, oidlen, KRB5_OID,
-                                                    KRB5_OID_LEN) &&
-                                                    !use_kerberos)
-                                       use_kerberos = true;
+                                                    KRB5_OID_LEN))
+                                       server->sec_kerberos = true;
                                else if (compare_oid(oid, oidlen, NTLMSSP_OID,
                                                     NTLMSSP_OID_LEN))
-                                       use_ntlmssp = true;
+                                       server->sec_ntlmssp = true;
 
                                kfree(oid);
                        }
@@ -669,12 +662,5 @@ decode_negTokenInit(unsigned char *security_blob, int length,
        cFYI(1, "Need to call asn1_octets_decode() function for %s",
                ctx.pointer);   /* is this UTF-8 or ASCII? */
 decode_negtoken_exit:
-       if (use_kerberos)
-               *secType = Kerberos;
-       else if (use_mskerberos)
-               *secType = MSKerberos;
-       else if (use_ntlmssp)
-               *secType = RawNTLMSSP;
-
        return 1;
 }
index c53587b83309d40a85bbb43f0d72667f938f9a62..379bd7d9c05f8ade3045f6c19a17f81b089c7a5a 100644 (file)
@@ -133,9 +133,9 @@ cifs_get_spnego_key(struct cifsSesInfo *sesInfo)
        dp = description + strlen(description);
 
        /* for now, only sec=krb5 and sec=mskrb5 are valid */
-       if (server->secType == Kerberos)
+       if (server->sec_kerberos)
                sprintf(dp, ";sec=krb5");
-       else if (server->secType == MSKerberos)
+       else if (server->sec_mskerberos)
                sprintf(dp, ";sec=mskrb5");
        else
                goto out;
index c412568b4a1a86d11b2181f2d00de9afa0d6d931..4a99487400f361527c41de72048821d80a67d25b 100644 (file)
@@ -87,7 +87,6 @@ enum securityEnum {
        RawNTLMSSP,             /* NTLMSSP without SPNEGO, NTLMv2 hash */
 /*     NTLMSSP, */ /* can use rawNTLMSSP instead of NTLMSSP via SPNEGO */
        Kerberos,               /* Kerberos via SPNEGO */
-       MSKerberos,             /* MS Kerberos via SPNEGO */
 };
 
 enum protocolEnum {
@@ -186,6 +185,11 @@ struct TCP_Server_Info {
        char ntlmv2_hash[16];
        unsigned long lstrp; /* when we got last response from this server */
        u16 dialect; /* dialect index that server chose */
+       /* extended security flavors that server supports */
+       bool    sec_kerberos;           /* supports plain Kerberos */
+       bool    sec_mskerberos;         /* supports legacy MS Kerberos */
+       bool    sec_kerberosu2u;        /* supports U2U Kerberos */
+       bool    sec_ntlmssp;            /* supports NTLMSSP */
 };
 
 /*
index 6fa808ec7e3691bf33c0bedf8a2872cc34062ce2..2e07da9a46fa5887acb7ab9a62c0cf570f8f2d39 100644 (file)
@@ -85,7 +85,7 @@ extern struct cifsFileInfo *find_readable_file(struct cifsInodeInfo *);
 extern unsigned int smbCalcSize(struct smb_hdr *ptr);
 extern unsigned int smbCalcSize_LE(struct smb_hdr *ptr);
 extern int decode_negTokenInit(unsigned char *security_blob, int length,
-                       enum securityEnum *secType);
+                       struct TCP_Server_Info *server);
 extern int cifs_convert_address(char *src, void *dst);
 extern int map_smb_to_linux_error(struct smb_hdr *smb, int logErr);
 extern void header_assemble(struct smb_hdr *, char /* command */ ,
index 30742d8eef1474f80ff677eabb0a80a717d95cd5..c65c3419dd3703f12bb4994e9333c085c907ecfa 100644 (file)
@@ -597,13 +597,19 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
                        server->secType = RawNTLMSSP;
                } else {
                        rc = decode_negTokenInit(pSMBr->u.extended_response.
-                                                SecurityBlob,
-                                                count - 16,
-                                                &server->secType);
+                                                SecurityBlob, count - 16,
+                                                server);
                        if (rc == 1)
                                rc = 0;
                        else
                                rc = -EINVAL;
+
+                       if (server->sec_kerberos || server->sec_mskerberos)
+                               server->secType = Kerberos;
+                       else if (server->sec_ntlmssp)
+                               server->secType = RawNTLMSSP;
+                       else
+                               rc = -EOPNOTSUPP;
                }
        } else
                server->capabilities &= ~CAP_EXTENDED_SECURITY;
index 84b92dfaf84c201b4588135843fd1930f5e2e263..7707389bdf2c21643e5ad979e44a24ac59057f30 100644 (file)
@@ -751,7 +751,7 @@ ssetup_ntlmssp_authenticate:
                        unicode_ssetup_strings(&bcc_ptr, ses, nls_cp);
                } else
                        ascii_ssetup_strings(&bcc_ptr, ses, nls_cp);
-       } else if (type == Kerberos || type == MSKerberos) {
+       } else if (type == Kerberos) {
 #ifdef CONFIG_CIFS_UPCALL
                struct cifs_spnego_msg *msg;
                spnego_key = cifs_get_spnego_key(ses);