Attachment 708387 Details for Bug 919084 – cifs: ignore everything in SPNEGO blob after mechTypes

[patch] cifs: ignore everything in SPNEGO blob after mechTypes

0001-cifs-ignore-everything-in-SPNEGO-blob-after-mechType.patch (text/plain), 3.29 KB, created by Jeff Layton on 2013-03-11 13:50:28 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Jeff Layton

Created: 2013-03-11 13:50:28 UTC

Size: 3.29 KB

patch

obsolete

>From 777824bbf3bcabca5bb25edf5581bdac55ffaf4f Mon Sep 17 00:00:00 2001
>From: Jeff Layton <jlayton@redhat.com>
>Date: Mon, 11 Mar 2013 09:11:38 -0400
>Subject: [PATCH] cifs: ignore everything in SPNEGO blob after mechTypes
>
>We've had several reports of people attempting to mount Windows 8 shares
>and getting failures with a return code of -EINVAL. The default sec=
>mode changed recently to sec=ntlmssp. With that, we expect and parse a
>SPNEGO blob from the server in the NEGOTIATE reply.
>
>The current decode_negTokenInit function first parses all of the
>mechTypes and then tries to parse the rest of the negTokenInit reply.
>The parser however currently expects a mechListMIC or nothing to follow the
>mechTypes, but Windows 8 puts a mechToken field there instead to carry
>some info for the new NegoEx stuff.
>
>In practice, we don't do anything with the fields after the mechTypes
>anyway so I don't see any real benefit in continuing to parse them.
>This patch just has the kernel ignore the fields after the mechTypes.
>We'll probably need to reinstate some of this if we ever want to support
>NegoEx.
>
>Signed-off-by: Jeff Layton <jlayton@redhat.com>
>---
> fs/cifs/asn1.c | 53 +++++------------------------------------------------
> 1 file changed, 5 insertions(+), 48 deletions(-)
>
>diff --git a/fs/cifs/asn1.c b/fs/cifs/asn1.c
>index cfd1ce3..1d36db1 100644
>--- a/fs/cifs/asn1.c
>+++ b/fs/cifs/asn1.c
>@@ -614,53 +614,10 @@ decode_negTokenInit(unsigned char *security_blob, int length,
> 		}
> 	}
> 
>-	/* mechlistMIC */
>-	if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
>-		/* Check if we have reached the end of the blob, but with
>-		   no mechListMic (e.g. NTLMSSP instead of KRB5) */
>-		if (ctx.error == ASN1_ERR_DEC_EMPTY)
>-			goto decode_negtoken_exit;
>-		cFYI(1, "Error decoding last part negTokenInit exit3");
>-		return 0;
>-	} else if ((cls != ASN1_CTX) || (con != ASN1_CON)) {
>-		/* tag = 3 indicating mechListMIC */
>-		cFYI(1, "Exit 4 cls = %d con = %d tag = %d end = %p (%d)",
>-			cls, con, tag, end, *end);
>-		return 0;
>-	}
>-
>-	/* sequence */
>-	if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
>-		cFYI(1, "Error decoding last part negTokenInit exit5");
>-		return 0;
>-	} else if ((cls != ASN1_UNI) || (con != ASN1_CON)
>-		   || (tag != ASN1_SEQ)) {
>-		cFYI(1, "cls = %d con = %d tag = %d end = %p (%d)",
>-			cls, con, tag, end, *end);
>-	}
>-
>-	/* sequence of */
>-	if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
>-		cFYI(1, "Error decoding last part negTokenInit exit 7");
>-		return 0;
>-	} else if ((cls != ASN1_CTX) || (con != ASN1_CON)) {
>-		cFYI(1, "Exit 8 cls = %d con = %d tag = %d end = %p (%d)",
>-			cls, con, tag, end, *end);
>-		return 0;
>-	}
>-
>-	/* general string */
>-	if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {
>-		cFYI(1, "Error decoding last part negTokenInit exit9");
>-		return 0;
>-	} else if ((cls != ASN1_UNI) || (con != ASN1_PRI)
>-		   || (tag != ASN1_GENSTR)) {
>-		cFYI(1, "Exit10 cls = %d con = %d tag = %d end = %p (%d)",
>-			cls, con, tag, end, *end);
>-		return 0;
>-	}
>-	cFYI(1, "Need to call asn1_octets_decode() function for %s",
>-		ctx.pointer);	/* is this UTF-8 or ASCII? */
>-decode_negtoken_exit:
>+	/*
>+	 * We currently ignore anything at the end of the SPNEGO blob after
>+	 * the mechTypes have been parsed, since none of that info is
>+	 * used at the moment.
>+	 */
> 	return 1;
> }
>-- 
>1.7.11.7
>

Actions: View | Diff

Attachments on bug 919084: 708387