]> err.no Git - linux-2.6/blobdiff - fs/cifs/sess.c
projects / linux-2.6 / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'master' of /pub/scm/linux/kernel/git/torvalds/linux-2.6
[linux-2.6] / fs / cifs / sess.c
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index d0cb469daab7337b8285abc907e2740a5ef3abd8..b537fad3bf50684c2b3405df74a69ea9dd9e29a3 100644 (file)
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -417,10 +417,6 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
 
                calc_lanman_hash(ses, lnm_session_key);
                ses->flags |= CIFS_SES_LANMAN;
-/* #ifdef CONFIG_CIFS_DEBUG2
-               cifs_dump_mem("cryptkey: ",ses->server->cryptKey,
-                       CIFS_SESS_KEY_SIZE);
-#endif */
                memcpy(bcc_ptr, (char *)lnm_session_key, CIFS_SESS_KEY_SIZE);
                bcc_ptr += CIFS_SESS_KEY_SIZE;
 
@@ -509,7 +505,7 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
                        unicode_ssetup_strings(&bcc_ptr, ses, nls_cp);
                } else
                        ascii_ssetup_strings(&bcc_ptr, ses, nls_cp);
-       } else if (type == Kerberos) {
+       } else if (type == Kerberos || type == MSKerberos) {
 #ifdef CONFIG_CIFS_UPCALL
                struct cifs_spnego_msg *msg;
                spnego_key = cifs_get_spnego_key(ses);
@@ -520,6 +516,15 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
                }
 
                msg = spnego_key->payload.data;
+               /* check version field to make sure that cifs.upcall is
+                  sending us a response in an expected form */
+               if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) {
+                       cERROR(1, ("incorrect version of cifs.upcall (expected"
+                                  " %d but got %d)",
+                                  CIFS_SPNEGO_UPCALL_VERSION, msg->version));
+                       rc = -EKEYREJECTED;
+                       goto ssetup_exit;
+               }
                /* bail out if key is too long */
                if (msg->sesskey_len >
                    sizeof(ses->server->mac_signing_key.data.krb5)) {
@@ -528,9 +533,11 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
                        rc = -EOVERFLOW;
                        goto ssetup_exit;
                }
-               ses->server->mac_signing_key.len = msg->sesskey_len;
-               memcpy(ses->server->mac_signing_key.data.krb5, msg->data,
-                       msg->sesskey_len);
+               if (first_time) {
+                       ses->server->mac_signing_key.len = msg->sesskey_len;
+                       memcpy(ses->server->mac_signing_key.data.krb5,
+                               msg->data, msg->sesskey_len);
+               }
                pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
                capabilities |= CAP_EXTENDED_SECURITY;
                pSMB->req.Capabilities = cpu_to_le32(capabilities);
@@ -540,7 +547,7 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
 
                if (ses->capabilities & CAP_UNICODE) {
                        /* unicode strings must be word aligned */
-                       if (iov[0].iov_len % 2) {
+                       if ((iov[0].iov_len + iov[1].iov_len) % 2) {
                                *bcc_ptr = 0;
                                bcc_ptr++;
                        }
Linux 2.6 source tree