diff options
| author | Shirish Pargaonkar <shirishpargaonkar@gmail.com> | 2010-10-13 18:15:00 -0500 |
|---|---|---|
| committer | Steve French <sfrench@us.ibm.com> | 2010-10-14 18:05:19 +0000 |
| commit | 5d0d28824c76409f0d1a645bf0ae81318c8ffa42 (patch) | |
| tree | 592838282fc891dc9a51424e0f57c0694ad31075 /fs/cifs/sess.c | |
| parent | d7c86ff8cd00abc730fe5d031f43dc9138b6324e (diff) | |
NTLM authentication and signing - Calculate auth response per smb session
Start calculation auth response within a session. Move/Add pertinet
data structures like session key, server challenge and ntlmv2_hash in
a session structure. We should do the calculations within a session
before copying session key and response over to server data
structures because a session setup can fail.
Only after a very first smb session succeeds, it copies/makes its
session key, session key of smb connection. This key stays with
the smb connection throughout its life.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs/cifs/sess.c')
| -rw-r--r-- | fs/cifs/sess.c | 28 |
1 files changed, 8 insertions, 20 deletions
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index c926e6c7c0c..2111bed71b1 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c @@ -402,7 +402,7 @@ static int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len, return -EINVAL; } - memcpy(ses->server->cryptKey, pblob->Challenge, CIFS_CRYPTO_KEY_SIZE); + memcpy(ses->cryptKey, pblob->Challenge, CIFS_CRYPTO_KEY_SIZE); /* BB we could decode pblob->NegotiateFlags; some may be useful */ /* In particular we can examine sign flags */ /* BB spec says that if AvId field of MsvAvTimestamp is populated then @@ -591,17 +591,12 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int bytes_remaining; struct key *spnego_key = NULL; __le32 phase = NtLmNegotiate; /* NTLMSSP, if needed, is multistage */ - bool first_time; int blob_len; char *ntlmsspblob = NULL; if (ses == NULL) return -EINVAL; - read_lock(&cifs_tcp_ses_lock); - first_time = is_first_ses_reconnect(ses); - read_unlock(&cifs_tcp_ses_lock); - type = ses->server->secType; cFYI(1, "sess setup type %d", type); @@ -672,7 +667,7 @@ ssetup_ntlmssp_authenticate: /* BB calculate hash with password */ /* and copy into bcc */ - calc_lanman_hash(ses->password, ses->server->cryptKey, + calc_lanman_hash(ses->password, ses->cryptKey, ses->server->secMode & SECMODE_PW_ENCRYPT ? true : false, lnm_session_key); @@ -699,15 +694,11 @@ ssetup_ntlmssp_authenticate: cpu_to_le16(CIFS_SESS_KEY_SIZE); /* calculate session key */ - SMBNTencrypt(ses->password, ses->server->cryptKey, - ntlm_session_key); + SMBNTencrypt(ses->password, ses->cryptKey, ntlm_session_key); - if (first_time) /* should this be moved into common code - with similar ntlmv2 path? */ - cifs_calculate_session_key(&ses->server->session_key, - ntlm_session_key, ses->password); + cifs_calculate_session_key(&ses->auth_key, + ntlm_session_key, ses->password); /* copy session key */ - memcpy(bcc_ptr, (char *)ntlm_session_key, CIFS_SESS_KEY_SIZE); bcc_ptr += CIFS_SESS_KEY_SIZE; memcpy(bcc_ptr, (char *)ntlm_session_key, CIFS_SESS_KEY_SIZE); @@ -794,17 +785,14 @@ ssetup_ntlmssp_authenticate: } /* bail out if key is too long */ if (msg->sesskey_len > - sizeof(ses->server->session_key.data.krb5)) { + sizeof(ses->auth_key.data.krb5)) { cERROR(1, "Kerberos signing key too long (%u bytes)", msg->sesskey_len); rc = -EOVERFLOW; goto ssetup_exit; } - if (first_time) { - ses->server->session_key.len = msg->sesskey_len; - memcpy(ses->server->session_key.data.krb5, - msg->data, msg->sesskey_len); - } + ses->auth_key.len = msg->sesskey_len; + memcpy(ses->auth_key.data.krb5, msg->data, msg->sesskey_len); pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC; capabilities |= CAP_EXTENDED_SECURITY; pSMB->req.Capabilities = cpu_to_le32(capabilities); |