[CIFS] Have CIFS_SessSetup build correct SPNEGO SessionSetup request

Have CIFS_SessSetup call cifs_get_spnego_key when Kerberos is
negotiated. Use the info in the key payload to build a session
setup request packet. Also clean up how the request buffer in
the function is freed on error.

With appropriate user space helper (in samba/source/client). Kerberos
support (secure session establishment can be done now via Kerberos,
previously users would have to use NTLMv2 instead for more secure
session setup).

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>

diff --git a/fs/cifs/CHANGES b/fs/cifs/CHANGES
index 64dd222..e31aa74 100644 (file)
--- a/fs/cifs/CHANGES
+++ b/fs/cifs/CHANGES
@@ -1,6 +1,7 @@
 Version 1.52
 ------------
 Fix oops on second mount to server when null auth is used.
+Enable experimental Kerberos support
 
 Version 1.51
 ------------

diff --git a/fs/cifs/TODO b/fs/cifs/TODO
index 29d4b27..a8852c2 100644 (file)
--- a/fs/cifs/TODO
+++ b/fs/cifs/TODO
@@ -16,7 +16,7 @@ SecurityDescriptors
 c) Better pam/winbind integration (e.g. to handle uid mapping
 better)
 
-d) Kerberos/SPNEGO session setup support - (started)
+d) Verify that Kerberos signing works
 
 e) Cleanup now unneeded SessSetup code in
 fs/cifs/connect.c and add back in NTLMSSP code if any servers

diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index 3525082..1fde219 100644 (file)
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -110,6 +110,7 @@ struct mac_key {
        unsigned int len;
        union {
                char ntlm[CIFS_SESS_KEY_SIZE + 16];
+               char krb5[CIFS_SESS_KEY_SIZE + 16]; /* BB: length correct? */
                struct {
                        char key[16];
                        struct ntlmv2_resp resp;

diff --cc fs/cifs/sess.c
Simple merge