We've had a request recently to allow cifs.upcall to use AD-style
service principals. While trying to nail down what they need, I asked
Simo his opinion on how best to pick a service principal for a given
hostname. His suggestion was:
INPUT: fooo
TRY in order:
FOOO$@REALM
cifs/fooo.<guessed domain ?>@REALM
host/fooo.<guessed domain ?>@REALM
INPUT: bar.example.com
TRY in order:
cifs/bar.example.com@REALM
BAR$@REALM
host/bar.example.com@REALM
This patchset attempts to embody that logic.
Suggestions welcome. Those reviewing it, please pay particular attention
to the scheme for guessing a domain name. I want to make certain that
we're not opening up any security holes with that scheme.
Jeff Layton (3):
cifs.upcall: move to an on-stack princ buffer
cifs.upcall: move to Simo's suggested algorithm for picking a
principal
cifs.upcall: try and guess the domain name on unqualified names
cifs.upcall.c | 143 ++++++++++++++++++++++++++++++++++++++++++++++----------
1 files changed, 117 insertions(+), 26 deletions(-)
--
1.7.6.4
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
