[CIFS] check version in spnego upcall response

Currently, we don't check the version in the SPNEGO upcall response
even though one is provided. Jeff and Q have made the corresponding
change to the Samba client (cifs.upcall).

Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
This commit is contained in:
Steve French 2008-08-26 00:37:14 +00:00
parent 3d2af3465e
commit 6ce5eecb9c
3 changed files with 15 additions and 2 deletions

View file

@ -4,7 +4,11 @@ Fix premature write failure on congested networks (we would give up
on EAGAIN from the socket too quickly on large writes).
Cifs_mkdir and cifs_create now respect the setgid bit on parent dir.
Fix endian problems in acl (mode from/to cifs acl) on bigendian
architectures.
architectures. Fix problems with preserving timestamps on copying open
files (e.g. "cp -a") to Windows servers. For mkdir and create honor setgid bit
on parent directory when server supports Unix Extensions but not POSIX
create. Update cifs.upcall version to handle new Kerberos sec flags
(this requires update of cifs.upcall program from Samba).
Version 1.53
------------

View file

@ -23,7 +23,7 @@
#ifndef _CIFS_SPNEGO_H
#define _CIFS_SPNEGO_H
#define CIFS_SPNEGO_UPCALL_VERSION 1
#define CIFS_SPNEGO_UPCALL_VERSION 2
/*
* The version field should always be set to CIFS_SPNEGO_UPCALL_VERSION.

View file

@ -516,6 +516,15 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
}
msg = spnego_key->payload.data;
/* check version field to make sure that cifs.upcall is
sending us a response in an expected form */
if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) {
cERROR(1, ("incorrect version of cifs.upcall (expected"
" %d but got %d)",
CIFS_SPNEGO_UPCALL_VERSION, msg->version));
rc = -EKEYREJECTED;
goto ssetup_exit;
}
/* bail out if key is too long */
if (msg->sesskey_len >
sizeof(ses->server->mac_signing_key.data.krb5)) {