diff options
author | Steve French <sfrench@us.ibm.com> | 2008-08-26 00:37:14 +0000 |
---|---|---|
committer | Steve French <sfrench@us.ibm.com> | 2008-08-26 00:37:14 +0000 |
commit | 6ce5eecb9cd3ac97b952c50309b87c31488a45e9 (patch) | |
tree | 5d28ff051283462f6c927ae87c094b568fb5b1e9 | |
parent | 3d2af3465e91335bd1dbf36b19e92079d901409f (diff) | |
download | op-kernel-dev-6ce5eecb9cd3ac97b952c50309b87c31488a45e9.zip op-kernel-dev-6ce5eecb9cd3ac97b952c50309b87c31488a45e9.tar.gz |
[CIFS] check version in spnego upcall response
Currently, we don't check the version in the SPNEGO upcall response
even though one is provided. Jeff and Q have made the corresponding
change to the Samba client (cifs.upcall).
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
-rw-r--r-- | fs/cifs/CHANGES | 6 | ||||
-rw-r--r-- | fs/cifs/cifs_spnego.h | 2 | ||||
-rw-r--r-- | fs/cifs/sess.c | 9 |
3 files changed, 15 insertions, 2 deletions
diff --git a/fs/cifs/CHANGES b/fs/cifs/CHANGES index f5d0083..526041a5 100644 --- a/fs/cifs/CHANGES +++ b/fs/cifs/CHANGES @@ -4,7 +4,11 @@ Fix premature write failure on congested networks (we would give up on EAGAIN from the socket too quickly on large writes). Cifs_mkdir and cifs_create now respect the setgid bit on parent dir. Fix endian problems in acl (mode from/to cifs acl) on bigendian -architectures. +architectures. Fix problems with preserving timestamps on copying open +files (e.g. "cp -a") to Windows servers. For mkdir and create honor setgid bit +on parent directory when server supports Unix Extensions but not POSIX +create. Update cifs.upcall version to handle new Kerberos sec flags +(this requires update of cifs.upcall program from Samba). Version 1.53 ------------ diff --git a/fs/cifs/cifs_spnego.h b/fs/cifs/cifs_spnego.h index 05a34b1..e4041ec 100644 --- a/fs/cifs/cifs_spnego.h +++ b/fs/cifs/cifs_spnego.h @@ -23,7 +23,7 @@ #ifndef _CIFS_SPNEGO_H #define _CIFS_SPNEGO_H -#define CIFS_SPNEGO_UPCALL_VERSION 1 +#define CIFS_SPNEGO_UPCALL_VERSION 2 /* * The version field should always be set to CIFS_SPNEGO_UPCALL_VERSION. diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index 3188e4d..b537fad 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c @@ -516,6 +516,15 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time, } msg = spnego_key->payload.data; + /* check version field to make sure that cifs.upcall is + sending us a response in an expected form */ + if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) { + cERROR(1, ("incorrect version of cifs.upcall (expected" + " %d but got %d)", + CIFS_SPNEGO_UPCALL_VERSION, msg->version)); + rc = -EKEYREJECTED; + goto ssetup_exit; + } /* bail out if key is too long */ if (msg->sesskey_len > sizeof(ses->server->mac_signing_key.data.krb5)) { |