diff options
Diffstat (limited to 'source3/client')
| -rw-r--r-- | source3/client/cifs.upcall.c | 21 | ||||
| -rw-r--r-- | source3/client/cifs_spnego.h | 2 | ||||
| -rw-r--r-- | source3/client/mount.cifs.c | 3 |
3 files changed, 18 insertions, 8 deletions
diff --git a/source3/client/cifs.upcall.c b/source3/client/cifs.upcall.c index aa5eb57310..7cb51660d7 100644 --- a/source3/client/cifs.upcall.c +++ b/source3/client/cifs.upcall.c @@ -29,7 +29,7 @@ create dns_resolver * * /usr/local/sbin/cifs.upcall %k #include "cifs_spnego.h" -const char *CIFSSPNEGO_VERSION = "1.1"; +const char *CIFSSPNEGO_VERSION = "1.2"; static const char *prog = "cifs.upcall"; typedef enum _secType { KRB5, @@ -73,7 +73,7 @@ int handle_krb5_mech(const char *oid, const char *principal, tkt_wrapped = spnego_gen_krb5_wrap(tkt, TOK_ID_KRB_AP_REQ); /* and wrap that in a shiny SPNEGO wrapper */ - *secblob = gen_negTokenInit(OID_KERBEROS5, tkt_wrapped); + *secblob = gen_negTokenInit(oid, tkt_wrapped); data_blob_free(&tkt_wrapped); data_blob_free(&tkt); @@ -118,6 +118,9 @@ int decode_key_description(const char *desc, int *ver, secType_t * sec, if (strncmp(tkn + 4, "krb5", 4) == 0) { retval |= DKD_HAVE_SEC; *sec = KRB5; + } else if (strncmp(tkn + 4, "mskrb5", 6) == 0) { + retval |= DKD_HAVE_SEC; + *sec = MS_KRB5; } } else if (strncmp(tkn, "uid=", 4) == 0) { errno = 0; @@ -220,6 +223,7 @@ int main(const int argc, char *const argv[]) int kernel_upcall_version; int c, use_cifs_service_prefix = 0; char *buf, *hostname = NULL; + const char *oid; openlog(prog, 0, LOG_DAEMON); @@ -280,7 +284,7 @@ int main(const int argc, char *const argv[]) } SAFE_FREE(buf); - if (kernel_upcall_version != CIFS_SPNEGO_UPCALL_VERSION) { + if (kernel_upcall_version > CIFS_SPNEGO_UPCALL_VERSION) { syslog(LOG_WARNING, "incompatible kernel upcall version: 0x%x", kernel_upcall_version); @@ -301,6 +305,7 @@ int main(const int argc, char *const argv[]) // do mech specific authorization switch (sectype) { + case MS_KRB5: case KRB5:{ char *princ; size_t len; @@ -319,8 +324,12 @@ int main(const int argc, char *const argv[]) } strlcpy(princ + 5, hostname, len - 5); - rc = handle_krb5_mech(OID_KERBEROS5, princ, - &secblob, &sess_key); + if (sectype == MS_KRB5) + oid = OID_KERBEROS5_OLD; + else + oid = OID_KERBEROS5; + + rc = handle_krb5_mech(oid, princ, &secblob, &sess_key); SAFE_FREE(princ); break; } @@ -344,7 +353,7 @@ int main(const int argc, char *const argv[]) rc = 1; goto out; } - keydata->version = CIFS_SPNEGO_UPCALL_VERSION; + keydata->version = kernel_upcall_version; keydata->flags = 0; keydata->sesskey_len = sess_key.length; keydata->secblob_len = secblob.length; diff --git a/source3/client/cifs_spnego.h b/source3/client/cifs_spnego.h index 13909dd505..f8753a7d59 100644 --- a/source3/client/cifs_spnego.h +++ b/source3/client/cifs_spnego.h @@ -23,7 +23,7 @@ #ifndef _CIFS_SPNEGO_H #define _CIFS_SPNEGO_H -#define CIFS_SPNEGO_UPCALL_VERSION 1 +#define CIFS_SPNEGO_UPCALL_VERSION 2 /* * The version field should always be set to CIFS_SPNEGO_UPCALL_VERSION. diff --git a/source3/client/mount.cifs.c b/source3/client/mount.cifs.c index c7009e306c..dd878aa07b 100644 --- a/source3/client/mount.cifs.c +++ b/source3/client/mount.cifs.c @@ -473,7 +473,8 @@ static int parse_options(char ** optionsp, int * filesys_flags) } } else if (strncmp(data, "sec", 3) == 0) { if (value) { - if (!strcmp(value, "none")) + if (!strncmp(value, "none", 4) || + !strncmp(value, "krb5", 4)) got_password = 1; } } else if (strncmp(data, "ip", 2) == 0) { |