mirror of
https://github.com/adulau/aha.git
synced 2024-12-27 03:06:10 +00:00
[CIFS] check version in spnego upcall response
Currently, we don't check the version in the SPNEGO upcall response even though one is provided. Jeff and Q have made the corresponding change to the Samba client (cifs.upcall). Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
This commit is contained in:
parent
3d2af3465e
commit
6ce5eecb9c
3 changed files with 15 additions and 2 deletions
|
@ -4,7 +4,11 @@ Fix premature write failure on congested networks (we would give up
|
|||
on EAGAIN from the socket too quickly on large writes).
|
||||
Cifs_mkdir and cifs_create now respect the setgid bit on parent dir.
|
||||
Fix endian problems in acl (mode from/to cifs acl) on bigendian
|
||||
architectures.
|
||||
architectures. Fix problems with preserving timestamps on copying open
|
||||
files (e.g. "cp -a") to Windows servers. For mkdir and create honor setgid bit
|
||||
on parent directory when server supports Unix Extensions but not POSIX
|
||||
create. Update cifs.upcall version to handle new Kerberos sec flags
|
||||
(this requires update of cifs.upcall program from Samba).
|
||||
|
||||
Version 1.53
|
||||
------------
|
||||
|
|
|
@ -23,7 +23,7 @@
|
|||
#ifndef _CIFS_SPNEGO_H
|
||||
#define _CIFS_SPNEGO_H
|
||||
|
||||
#define CIFS_SPNEGO_UPCALL_VERSION 1
|
||||
#define CIFS_SPNEGO_UPCALL_VERSION 2
|
||||
|
||||
/*
|
||||
* The version field should always be set to CIFS_SPNEGO_UPCALL_VERSION.
|
||||
|
|
|
@ -516,6 +516,15 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
|
|||
}
|
||||
|
||||
msg = spnego_key->payload.data;
|
||||
/* check version field to make sure that cifs.upcall is
|
||||
sending us a response in an expected form */
|
||||
if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) {
|
||||
cERROR(1, ("incorrect version of cifs.upcall (expected"
|
||||
" %d but got %d)",
|
||||
CIFS_SPNEGO_UPCALL_VERSION, msg->version));
|
||||
rc = -EKEYREJECTED;
|
||||
goto ssetup_exit;
|
||||
}
|
||||
/* bail out if key is too long */
|
||||
if (msg->sesskey_len >
|
||||
sizeof(ses->server->mac_signing_key.data.krb5)) {
|
||||
|
|
Loading…
Reference in a new issue