Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6ce5eecb authored by Steve French's avatar Steve French
Browse files

[CIFS] check version in spnego upcall response 



Currently, we don't check the version in the SPNEGO upcall response
even though one is provided. Jeff and Q have made the corresponding
change to the Samba client (cifs.upcall).

Acked-by: default avatarJeff Layton <jlayton@redhat.com>
Signed-off-by: default avatarSteve French <sfrench@us.ibm.com>
parent 3d2af346

fs/cifs/CHANGES

+5 −1
Original line number Diff line number Diff line
@@ -4,7 +4,11 @@ Fix premature write failure on congested networks (we would give up 
on EAGAIN from the socket too quickly on large writes).

Cifs_mkdir and cifs_create now respect the setgid bit on parent dir.

Fix endian problems in acl (mode from/to cifs acl) on bigendian

architectures.

architectures.  Fix problems with preserving timestamps on copying open

files (e.g. "cp -a") to Windows servers.  For mkdir and create honor setgid bit

on parent directory when server supports Unix Extensions but not POSIX

create. Update cifs.upcall version to handle new Kerberos sec flags

(this requires update of cifs.upcall program from Samba).



Version 1.53

------------

fs/cifs/cifs_spnego.h

+1 −1
Original line number Diff line number Diff line
@@ -23,7 +23,7 @@ 
#ifndef _CIFS_SPNEGO_H

#define _CIFS_SPNEGO_H



#define CIFS_SPNEGO_UPCALL_VERSION 1

#define CIFS_SPNEGO_UPCALL_VERSION 2



/*

 * The version field should always be set to CIFS_SPNEGO_UPCALL_VERSION.

fs/cifs/sess.c

+9 −0
Original line number Diff line number Diff line
@@ -516,6 +516,15 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time, 
		}



		msg = spnego_key->payload.data;

		/* check version field to make sure that cifs.upcall is

		   sending us a response in an expected form */

		if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) {

			cERROR(1, ("incorrect version of cifs.upcall (expected"

				   " %d but got %d)",

				   CIFS_SPNEGO_UPCALL_VERSION, msg->version));

			rc = -EKEYREJECTED;

			goto ssetup_exit;

		}

		/* bail out if key is too long */

		if (msg->sesskey_len >

		    sizeof(ses->server->mac_signing_key.data.krb5)) {