diff options
author | Steve French <sfrench@us.ibm.com> | 2008-08-26 02:37:14 +0200 |
---|---|---|
committer | Steve French <sfrench@us.ibm.com> | 2008-08-26 02:37:14 +0200 |
commit | 6ce5eecb9cd3ac97b952c50309b87c31488a45e9 (patch) | |
tree | 5d28ff051283462f6c927ae87c094b568fb5b1e9 /fs/cifs/sess.c | |
parent | [CIFS] Kerberos support not considered experimental anymore (diff) | |
download | linux-6ce5eecb9cd3ac97b952c50309b87c31488a45e9.tar.xz linux-6ce5eecb9cd3ac97b952c50309b87c31488a45e9.zip |
[CIFS] check version in spnego upcall response
Currently, we don't check the version in the SPNEGO upcall response
even though one is provided. Jeff and Q have made the corresponding
change to the Samba client (cifs.upcall).
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs/cifs/sess.c')
-rw-r--r-- | fs/cifs/sess.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index 3188e4d9cddb..b537fad3bf50 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c @@ -516,6 +516,15 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time, } msg = spnego_key->payload.data; + /* check version field to make sure that cifs.upcall is + sending us a response in an expected form */ + if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) { + cERROR(1, ("incorrect version of cifs.upcall (expected" + " %d but got %d)", + CIFS_SPNEGO_UPCALL_VERSION, msg->version)); + rc = -EKEYREJECTED; + goto ssetup_exit; + } /* bail out if key is too long */ if (msg->sesskey_len > sizeof(ses->server->mac_signing_key.data.krb5)) { |