The branch, v3-3-test has been updated via c30d73035dd202d0055ed7ede243e1703c4e9450 (commit) from cbc6b89feee81710f77c87bb7ce429fb4156ce07 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log ----------------------------------------------------------------- commit c30d73035dd202d0055ed7ede243e1703c4e9450 Author: Jeff Layton <[EMAIL PROTECTED]> Date: Tue Aug 19 21:29:41 2008 -0400 cifs.upcall: handle MSKRB5 OID properly When the kernel sends the upcall a sec=mskrb5 parameter, that means the the MSKRB5 OID is preferred by the server. This patch fixes the upcall to use that OID in place of the "normal" krb5 OID when it gets a sec=mskrb5 parameter. Signed-off-by: Jeff Layton <[EMAIL PROTECTED]> Acked-by: Steve French <[EMAIL PROTECTED]> ----------------------------------------------------------------------- Summary of changes: source/client/cifs.upcall.c | 18 +++++++++++++----- 1 files changed, 13 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source/client/cifs.upcall.c b/source/client/cifs.upcall.c index aa5eb57..fd3ed17 100644 --- a/source/client/cifs.upcall.c +++ b/source/client/cifs.upcall.c @@ -29,7 +29,7 @@ create dns_resolver * * /usr/local/sbin/cifs.upcall %k #include "cifs_spnego.h" -const char *CIFSSPNEGO_VERSION = "1.1"; +const char *CIFSSPNEGO_VERSION = "1.2"; static const char *prog = "cifs.upcall"; typedef enum _secType { KRB5, @@ -73,7 +73,7 @@ int handle_krb5_mech(const char *oid, const char *principal, tkt_wrapped = spnego_gen_krb5_wrap(tkt, TOK_ID_KRB_AP_REQ); /* and wrap that in a shiny SPNEGO wrapper */ - *secblob = gen_negTokenInit(OID_KERBEROS5, tkt_wrapped); + *secblob = gen_negTokenInit(oid, tkt_wrapped); data_blob_free(&tkt_wrapped); data_blob_free(&tkt); @@ -118,6 +118,9 @@ int decode_key_description(const char *desc, int *ver, secType_t * sec, if (strncmp(tkn + 4, "krb5", 4) == 0) { retval |= DKD_HAVE_SEC; *sec = KRB5; + } else if (strncmp(tkn + 4, "mskrb5", 6) == 0) { + retval |= DKD_HAVE_SEC; + *sec = MS_KRB5; } } else if (strncmp(tkn, "uid=", 4) == 0) { errno = 0; @@ -219,7 +222,7 @@ int main(const int argc, char *const argv[]) uid_t uid; int kernel_upcall_version; int c, use_cifs_service_prefix = 0; - char *buf, *hostname = NULL; + char *buf, *oid, *hostname = NULL; openlog(prog, 0, LOG_DAEMON); @@ -301,6 +304,7 @@ int main(const int argc, char *const argv[]) // do mech specific authorization switch (sectype) { + case MS_KRB5: case KRB5:{ char *princ; size_t len; @@ -319,8 +323,12 @@ int main(const int argc, char *const argv[]) } strlcpy(princ + 5, hostname, len - 5); - rc = handle_krb5_mech(OID_KERBEROS5, princ, - &secblob, &sess_key); + if (sectype == MS_KRB5) + oid = OID_KERBEROS5_OLD; + else + oid = OID_KERBEROS5; + + rc = handle_krb5_mech(oid, princ, &secblob, &sess_key); SAFE_FREE(princ); break; } -- Samba Shared Repository