From: Steve French Date: Fri, 16 Nov 2007 23:37:35 +0000 (+0000) Subject: [CIFS] Have CIFS_SessSetup build correct SPNEGO SessionSetup request X-Git-Tag: v2.6.24-rc4~100^2~5 X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2442421b176420eca7cb68c575fc221332f488d8;p=pandora-kernel.git [CIFS] Have CIFS_SessSetup build correct SPNEGO SessionSetup request Have CIFS_SessSetup call cifs_get_spnego_key when Kerberos is negotiated. Use the info in the key payload to build a session setup request packet. Also clean up how the request buffer in the function is freed on error. With appropriate user space helper (in samba/source/client). Kerberos support (secure session establishment can be done now via Kerberos, previously users would have to use NTLMv2 instead for more secure session setup). Signed-off-by: Jeff Layton Signed-off-by: Steve French --- diff --git a/fs/cifs/CHANGES b/fs/cifs/CHANGES index 64dd22239b21..e31aa74f7d9e 100644 --- a/fs/cifs/CHANGES +++ b/fs/cifs/CHANGES @@ -1,6 +1,7 @@ Version 1.52 ------------ Fix oops on second mount to server when null auth is used. +Enable experimental Kerberos support Version 1.51 ------------ diff --git a/fs/cifs/TODO b/fs/cifs/TODO index 29d4b2715254..a8852c200728 100644 --- a/fs/cifs/TODO +++ b/fs/cifs/TODO @@ -16,7 +16,7 @@ SecurityDescriptors c) Better pam/winbind integration (e.g. to handle uid mapping better) -d) Kerberos/SPNEGO session setup support - (started) +d) Verify that Kerberos signing works e) Cleanup now unneeded SessSetup code in fs/cifs/connect.c and add back in NTLMSSP code if any servers diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index 3525082f5e58..1fde2197ad76 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -110,6 +110,7 @@ struct mac_key { unsigned int len; union { char ntlm[CIFS_SESS_KEY_SIZE + 16]; + char krb5[CIFS_SESS_KEY_SIZE + 16]; /* BB: length correct? */ struct { char key[16]; struct ntlmv2_resp resp; Reading git-diff-tree failed