cifs.upcall: handle MSKRB5 OID properly

[sfrench/samba-autobuild/.git] / source3 / client / cifs.upcall.c
diff --git a/source3/client/cifs.upcall.c b/source3/client/cifs.upcall.c

index aa5eb57310a9e2bb823519451ce23e4df99accbe..fd3ed17d2dd2c1b28dda23c7fa622ee2c050dd79 100644 (file)
--- a/source3/client/cifs.upcall.c
+++ b/source3/client/cifs.upcall.c
@@ -29,7 +29,7 @@ create dns_resolver * * /usr/local/sbin/cifs.upcall %k
  
  #include "cifs_spnego.h"
  
  
  #include "cifs_spnego.h"
  
-const char *CIFSSPNEGO_VERSION = "1.1";
+const char *CIFSSPNEGO_VERSION = "1.2";
  static const char *prog = "cifs.upcall";
  typedef enum _secType {
         KRB5,
  static const char *prog = "cifs.upcall";
  typedef enum _secType {
         KRB5,
@@ -73,7 +73,7 @@ int handle_krb5_mech(const char *oid, const char *principal,
         tkt_wrapped = spnego_gen_krb5_wrap(tkt, TOK_ID_KRB_AP_REQ);
  
         /* and wrap that in a shiny SPNEGO wrapper */
         tkt_wrapped = spnego_gen_krb5_wrap(tkt, TOK_ID_KRB_AP_REQ);
  
         /* and wrap that in a shiny SPNEGO wrapper */
-       *secblob = gen_negTokenInit(OID_KERBEROS5, tkt_wrapped);
+       *secblob = gen_negTokenInit(oid, tkt_wrapped);
  
         data_blob_free(&tkt_wrapped);
         data_blob_free(&tkt);
  
         data_blob_free(&tkt_wrapped);
         data_blob_free(&tkt);
@@ -118,6 +118,9 @@ int decode_key_description(const char *desc, int *ver, secType_t * sec,
                         if (strncmp(tkn + 4, "krb5", 4) == 0) {
                                 retval |= DKD_HAVE_SEC;
                                 *sec = KRB5;
                         if (strncmp(tkn + 4, "krb5", 4) == 0) {
                                 retval |= DKD_HAVE_SEC;
                                 *sec = KRB5;
+                       } else if (strncmp(tkn + 4, "mskrb5", 6) == 0) {
+                               retval |= DKD_HAVE_SEC;
+                               *sec = MS_KRB5;
                         }
                 } else if (strncmp(tkn, "uid=", 4) == 0) {
                         errno = 0;
                         }
                 } else if (strncmp(tkn, "uid=", 4) == 0) {
                         errno = 0;
@@ -219,7 +222,7 @@ int main(const int argc, char *const argv[])
         uid_t uid;
         int kernel_upcall_version;
         int c, use_cifs_service_prefix = 0;
         uid_t uid;
         int kernel_upcall_version;
         int c, use_cifs_service_prefix = 0;
-       char *buf, *hostname = NULL;
+       char *buf, *oid, *hostname = NULL;
  
         openlog(prog, 0, LOG_DAEMON);
  
  
         openlog(prog, 0, LOG_DAEMON);
  
@@ -301,6 +304,7 @@ int main(const int argc, char *const argv[])
  
         // do mech specific authorization
         switch (sectype) {
  
         // do mech specific authorization
         switch (sectype) {
+       case MS_KRB5:
         case KRB5:{
                         char *princ;
                         size_t len;
         case KRB5:{
                         char *princ;
                         size_t len;
@@ -319,8 +323,12 @@ int main(const int argc, char *const argv[])
                         }
                         strlcpy(princ + 5, hostname, len - 5);
  
                         }
                         strlcpy(princ + 5, hostname, len - 5);
  
-                       rc = handle_krb5_mech(OID_KERBEROS5, princ,
-                                             &secblob, &sess_key);
+                       if (sectype == MS_KRB5)
+                               oid = OID_KERBEROS5_OLD;
+                       else
+                               oid = OID_KERBEROS5;
+
+                       rc = handle_krb5_mech(oid, princ, &secblob, &sess_key);
                         SAFE_FREE(princ);
                         break;
                 }
                         SAFE_FREE(princ);
                         break;
                 }