Changeset 204 for branches/samba-3.2.x/source/client/cifs.upcall.c

Timestamp:

May 20, 2009, 6:46:53 PM (16 years ago)

Author:

Herwig Bauernfeind

Message:

Update 3.2 branch to 3.2.4

File:

• branches/samba-3.2.x/source/client/cifs.upcall.c (modified) (12 diffs)

branches/samba-3.2.x/source/client/cifs.upcall.c

@@ -30 +30 @@
 #include "cifs_spnego.h"
 
-const char *CIFSSPNEGO_VERSION = "1.1";
+const char *CIFSSPNEGO_VERSION = "1.2";
 static const char *prog = "cifs.upcall";
 typedef enum _secType {
+        NONE = 0,
         KRB5,
         MS_KRB5
@@ -57 +58 @@
  * ret: 0 - success, others - failure
 */
-int handle_krb5_mech(const char *oid, const char *principal,
+static int
+handle_krb5_mech(const char *oid, const char *principal,
                      DATA_BLOB * secblob, DATA_BLOB * sess_key)
 {
@@ -74 +76 @@
 
         /* and wrap that in a shiny SPNEGO wrapper */
-        *secblob = gen_negTokenInit(OID_KERBEROS5, tkt_wrapped);
+        *secblob = gen_negTokenInit(oid, tkt_wrapped);
 
         data_blob_free(&tkt_wrapped);
@@ -89 +91 @@
 #define DKD_MUSTHAVE_SET (DKD_HAVE_HOSTNAME|DKD_HAVE_VERSION|DKD_HAVE_SEC)
 
-int decode_key_description(const char *desc, int *ver, secType_t * sec,
+static int
+decode_key_description(const char *desc, int *ver, secType_t * sec,
                            char **hostname, uid_t * uid)
 {
@@ -119 +122 @@
                                 retval |= DKD_HAVE_SEC;
                                 *sec = KRB5;
+                        } else if (strncmp(tkn + 4, "mskrb5", 6) == 0) {
+                                retval |= DKD_HAVE_SEC;
+                                *sec = MS_KRB5;
                         }
                 } else if (strncmp(tkn, "uid=", 4) == 0) {
@@ -149 +155 @@
 }
 
-int cifs_resolver(const key_serial_t key, const char *key_descr)
+static int
+cifs_resolver(const key_serial_t key, const char *key_descr)
 {
         int c;
@@ -201 +208 @@
 }
 
-void
+static void
 usage(void)
 {
@@ -213 +220 @@
         DATA_BLOB secblob = data_blob_null;
         DATA_BLOB sess_key = data_blob_null;
-        secType_t sectype;
+        secType_t sectype = NONE;
         key_serial_t key = 0;
         size_t datalen;
         long rc = 1;
-        uid_t uid;
-        int kernel_upcall_version;
+        uid_t uid = 0;
+        int kernel_upcall_version = 0;
         int c, use_cifs_service_prefix = 0;
         char *buf, *hostname = NULL;
+        const char *oid;
 
         openlog(prog, 0, LOG_DAEMON);
@@ -281 +289 @@
         SAFE_FREE(buf);
 
-        if (kernel_upcall_version != CIFS_SPNEGO_UPCALL_VERSION) {
+        if (kernel_upcall_version > CIFS_SPNEGO_UPCALL_VERSION) {
                 syslog(LOG_WARNING,
                        "incompatible kernel upcall version: 0x%x",
@@ -302 +310 @@
         // do mech specific authorization
         switch (sectype) {
+        case MS_KRB5:
         case KRB5:{
                         char *princ;
@@ -320 +329 @@
                         strlcpy(princ + 5, hostname, len - 5);
 
-                        rc = handle_krb5_mech(OID_KERBEROS5, princ,
-                                              &secblob, &sess_key);
+                        if (sectype == MS_KRB5)
+                                oid = OID_KERBEROS5_OLD;
+                        else
+                                oid = OID_KERBEROS5;
+
+                        rc = handle_krb5_mech(oid, princ, &secblob, &sess_key);
                         SAFE_FREE(princ);
                         break;
@@ -345 +358 @@
                 goto out;
         }
-        keydata->version = CIFS_SPNEGO_UPCALL_VERSION;
+        keydata->version = kernel_upcall_version;
         keydata->flags = 0;
         keydata->sesskey_len = sess_key.length;