When we added the ability for the kernel to send sec=mskrb5 to the
upcall, we subtly broke old cifs.upcall versions that don't understand
it. Bump the spnego message version to 2 to make this clear. Also,
change cifs.upcall to not reject requests with a version that's lower
than the current one, and to send the reply with the same version that
the request sent. The idea is to try and keep cifs.upcall backward
compatible with old kernels.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
}
SAFE_FREE(buf);
- if (kernel_upcall_version != CIFS_SPNEGO_UPCALL_VERSION) {
+ if (kernel_upcall_version > CIFS_SPNEGO_UPCALL_VERSION) {
syslog(LOG_WARNING,
"incompatible kernel upcall version: 0x%x",
kernel_upcall_version);
rc = 1;
goto out;
}
- keydata->version = CIFS_SPNEGO_UPCALL_VERSION;
+ keydata->version = kernel_upcall_version;
keydata->flags = 0;
keydata->sesskey_len = sess_key.length;
keydata->secblob_len = secblob.length;
#ifndef _CIFS_SPNEGO_H
#define _CIFS_SPNEGO_H
-#define CIFS_SPNEGO_UPCALL_VERSION 1
+#define CIFS_SPNEGO_UPCALL_VERSION 2
/*
* The version field should always be set to CIFS_SPNEGO_UPCALL_VERSION.