summaryrefslogtreecommitdiff
path: root/source3/client/cifs.upcall.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/client/cifs.upcall.c')
-rw-r--r--source3/client/cifs.upcall.c21
1 files changed, 15 insertions, 6 deletions
diff --git a/source3/client/cifs.upcall.c b/source3/client/cifs.upcall.c
index aa5eb57310..7cb51660d7 100644
--- a/source3/client/cifs.upcall.c
+++ b/source3/client/cifs.upcall.c
@@ -29,7 +29,7 @@ create dns_resolver * * /usr/local/sbin/cifs.upcall %k
#include "cifs_spnego.h"
-const char *CIFSSPNEGO_VERSION = "1.1";
+const char *CIFSSPNEGO_VERSION = "1.2";
static const char *prog = "cifs.upcall";
typedef enum _secType {
KRB5,
@@ -73,7 +73,7 @@ int handle_krb5_mech(const char *oid, const char *principal,
tkt_wrapped = spnego_gen_krb5_wrap(tkt, TOK_ID_KRB_AP_REQ);
/* and wrap that in a shiny SPNEGO wrapper */
- *secblob = gen_negTokenInit(OID_KERBEROS5, tkt_wrapped);
+ *secblob = gen_negTokenInit(oid, tkt_wrapped);
data_blob_free(&tkt_wrapped);
data_blob_free(&tkt);
@@ -118,6 +118,9 @@ int decode_key_description(const char *desc, int *ver, secType_t * sec,
if (strncmp(tkn + 4, "krb5", 4) == 0) {
retval |= DKD_HAVE_SEC;
*sec = KRB5;
+ } else if (strncmp(tkn + 4, "mskrb5", 6) == 0) {
+ retval |= DKD_HAVE_SEC;
+ *sec = MS_KRB5;
}
} else if (strncmp(tkn, "uid=", 4) == 0) {
errno = 0;
@@ -220,6 +223,7 @@ int main(const int argc, char *const argv[])
int kernel_upcall_version;
int c, use_cifs_service_prefix = 0;
char *buf, *hostname = NULL;
+ const char *oid;
openlog(prog, 0, LOG_DAEMON);
@@ -280,7 +284,7 @@ int main(const int argc, char *const argv[])
}
SAFE_FREE(buf);
- if (kernel_upcall_version != CIFS_SPNEGO_UPCALL_VERSION) {
+ if (kernel_upcall_version > CIFS_SPNEGO_UPCALL_VERSION) {
syslog(LOG_WARNING,
"incompatible kernel upcall version: 0x%x",
kernel_upcall_version);
@@ -301,6 +305,7 @@ int main(const int argc, char *const argv[])
// do mech specific authorization
switch (sectype) {
+ case MS_KRB5:
case KRB5:{
char *princ;
size_t len;
@@ -319,8 +324,12 @@ int main(const int argc, char *const argv[])
}
strlcpy(princ + 5, hostname, len - 5);
- rc = handle_krb5_mech(OID_KERBEROS5, princ,
- &secblob, &sess_key);
+ if (sectype == MS_KRB5)
+ oid = OID_KERBEROS5_OLD;
+ else
+ oid = OID_KERBEROS5;
+
+ rc = handle_krb5_mech(oid, princ, &secblob, &sess_key);
SAFE_FREE(princ);
break;
}
@@ -344,7 +353,7 @@ int main(const int argc, char *const argv[])
rc = 1;
goto out;
}
- keydata->version = CIFS_SPNEGO_UPCALL_VERSION;
+ keydata->version = kernel_upcall_version;
keydata->flags = 0;
keydata->sesskey_len = sess_key.length;
keydata->secblob_len = secblob.length;
generated by cgit (git 2.34.1) at 2025-03-06 21:02:44 +0000