sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-09 08:58:35 +03:00
Code

cifs.upcall: handle MSKRB5 OID properly

Browse Source 
When the kernel sends the upcall a sec=mskrb5 parameter, that means
the the MSKRB5 OID is preferred by the server. This patch fixes the
upcall to use that OID in place of the "normal" krb5 OID when it
gets a sec=mskrb5 parameter.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Steve French <smfrench@gmail.com>
(This used to be commit 6287e13b34efeaa8fd94c7c6d99468350ce6172e)
This commit is contained in:
Jeff Layton 2008-08-19 21:29:41 -04:00
parent 3be3dac17d
commit 6cbebac514
1 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
source3/client/cifs.upcall.c
View File

@ -29,7 +29,7 @@ create dns_resolver * * /usr/local/sbin/cifs.upcall %k
#include "cifs_spnego.h"
const char *CIFSSPNEGO_VERSION = "1.1";
const char *CIFSSPNEGO_VERSION = "1.2";
static const char *prog = "cifs.upcall";
typedef enum _secType {
KRB5,
@ -73,7 +73,7 @@ int handle_krb5_mech(const char *oid, const char *principal,
tkt_wrapped = spnego_gen_krb5_wrap(tkt, TOK_ID_KRB_AP_REQ);
/* and wrap that in a shiny SPNEGO wrapper */
*secblob = gen_negTokenInit(OID_KERBEROS5, tkt_wrapped);
*secblob = gen_negTokenInit(oid, tkt_wrapped);
data_blob_free(&tkt_wrapped);
data_blob_free(&tkt);
@ -118,6 +118,9 @@ int decode_key_description(const char *desc, int *ver, secType_t * sec,
if (strncmp(tkn + 4, "krb5", 4) == 0) {
retval |= DKD_HAVE_SEC;
*sec = KRB5;
} else if (strncmp(tkn + 4, "mskrb5", 6) == 0) {
retval |= DKD_HAVE_SEC;
*sec = MS_KRB5;
}
} else if (strncmp(tkn, "uid=", 4) == 0) {
errno = 0;
@ -219,7 +222,7 @@ int main(const int argc, char *const argv[])
uid_t uid;
int kernel_upcall_version;
int c, use_cifs_service_prefix = 0;
char *buf, *hostname = NULL;
char *buf, *oid, *hostname = NULL;
openlog(prog, 0, LOG_DAEMON);
@ -301,6 +304,7 @@ int main(const int argc, char *const argv[])
// do mech specific authorization
switch (sectype) {
case MS_KRB5:
case KRB5:{
char *princ;
size_t len;
@ -319,8 +323,12 @@ int main(const int argc, char *const argv[])
}
strlcpy(princ + 5, hostname, len - 5);
rc = handle_krb5_mech(OID_KERBEROS5, princ,
&secblob, &sess_key);
if (sectype == MS_KRB5)
oid = OID_KERBEROS5_OLD;
else
oid = OID_KERBEROS5;
rc = handle_krb5_mech(oid, princ, &secblob, &sess_key);
SAFE_FREE(princ);
break;
}