@@ -88,6 +88,9 @@ struct key_type cifs_spnego_key_type = {
/* strlen of ";user=" */
#define USER_KEY_LEN 6
+/* strlen of ";credinfo=" */
+#define USER_CREDINFO_LEN 10
+
/* get a key struct with a SPNEGO security blob, suitable for session setup */
struct key *
cifs_get_spnego_key(struct cifsSesInfo *sesInfo)
@@ -105,7 +108,8 @@ cifs_get_spnego_key(struct cifsSesInfo *sesInfo)
IP_KEY_LEN + MAX_IPV6_ADDR_LEN +
MAX_MECH_STR_LEN +
UID_KEY_LEN + (sizeof(uid_t) * 2) +
- USER_KEY_LEN + strlen(sesInfo->userName) + 1;
+ USER_KEY_LEN + strlen(sesInfo->userName) + 1 +
+ USER_CREDINFO_LEN + strlen(sesInfo->password + 1);
spnego_key = ERR_PTR(-ENOMEM);
description = kzalloc(desc_len, GFP_KERNEL);
@@ -143,6 +147,11 @@ cifs_get_spnego_key(struct cifsSesInfo *sesInfo)
dp = description + strlen(description);
sprintf(dp, ";user=%s", sesInfo->userName);
+ if (sesInfo->password) {
+ dp = description + strlen(description);
+ sprintf(dp, ";credinfo=%s", sesInfo->password);
+ }
+
cFYI(1, ("key description = %s", description));
spnego_key = request_key(&cifs_spnego_key_type, description, "");
We don't currently use the password field in sesInfo for krb5 auth. Hijack it in that case by treating it as a generic credential info field. For krb5 we can use it to pass $KRB5CCNAME to the upcall. To properly use this will require support in both mount.cifs and cifs.upcall. Signed-off-by: Jeff Layton <jlayton@redhat.com> --- fs/cifs/cifs_spnego.c | 11 ++++++++++- 1 files changed, 10 insertions(+), 1 deletions(-)