Commit 5f98ca9a authored by Shirish Pargaonkar's avatar Shirish Pargaonkar Committed by Steve French

cifs NTLMv2/NTLMSSP Change variable name mac_key to session key to reflect the key it holds

Change name of variable mac_key to session key.
The reason mac_key was changed to session key is, this structure does not
hold message authentication code, it holds the session key (for ntlmv2,
ntlmv1 etc.).  mac is generated as a signature in cifs_calc* functions.
Signed-off-by: default avatarShirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: default avatarSteve French <sfrench@us.ibm.com>
parent aa91c7e4
...@@ -42,7 +42,7 @@ extern void SMBencrypt(unsigned char *passwd, const unsigned char *c8, ...@@ -42,7 +42,7 @@ extern void SMBencrypt(unsigned char *passwd, const unsigned char *c8,
unsigned char *p24); unsigned char *p24);
static int cifs_calculate_signature(const struct smb_hdr *cifs_pdu, static int cifs_calculate_signature(const struct smb_hdr *cifs_pdu,
const struct mac_key *key, char *signature) const struct session_key *key, char *signature)
{ {
struct MD5Context context; struct MD5Context context;
...@@ -78,7 +78,7 @@ int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server, ...@@ -78,7 +78,7 @@ int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server,
server->sequence_number++; server->sequence_number++;
spin_unlock(&GlobalMid_Lock); spin_unlock(&GlobalMid_Lock);
rc = cifs_calculate_signature(cifs_pdu, &server->mac_signing_key, rc = cifs_calculate_signature(cifs_pdu, &server->session_key,
smb_signature); smb_signature);
if (rc) if (rc)
memset(cifs_pdu->Signature.SecuritySignature, 0, 8); memset(cifs_pdu->Signature.SecuritySignature, 0, 8);
...@@ -89,7 +89,7 @@ int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server, ...@@ -89,7 +89,7 @@ int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server,
} }
static int cifs_calc_signature2(const struct kvec *iov, int n_vec, static int cifs_calc_signature2(const struct kvec *iov, int n_vec,
const struct mac_key *key, char *signature) const struct session_key *key, char *signature)
{ {
struct MD5Context context; struct MD5Context context;
int i; int i;
...@@ -145,7 +145,7 @@ int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server, ...@@ -145,7 +145,7 @@ int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server,
server->sequence_number++; server->sequence_number++;
spin_unlock(&GlobalMid_Lock); spin_unlock(&GlobalMid_Lock);
rc = cifs_calc_signature2(iov, n_vec, &server->mac_signing_key, rc = cifs_calc_signature2(iov, n_vec, &server->session_key,
smb_signature); smb_signature);
if (rc) if (rc)
memset(cifs_pdu->Signature.SecuritySignature, 0, 8); memset(cifs_pdu->Signature.SecuritySignature, 0, 8);
...@@ -156,14 +156,14 @@ int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server, ...@@ -156,14 +156,14 @@ int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server,
} }
int cifs_verify_signature(struct smb_hdr *cifs_pdu, int cifs_verify_signature(struct smb_hdr *cifs_pdu,
const struct mac_key *mac_key, const struct session_key *session_key,
__u32 expected_sequence_number) __u32 expected_sequence_number)
{ {
unsigned int rc; unsigned int rc;
char server_response_sig[8]; char server_response_sig[8];
char what_we_think_sig_should_be[20]; char what_we_think_sig_should_be[20];
if ((cifs_pdu == NULL) || (mac_key == NULL)) if (cifs_pdu == NULL || session_key == NULL)
return -EINVAL; return -EINVAL;
if (cifs_pdu->Command == SMB_COM_NEGOTIATE) if (cifs_pdu->Command == SMB_COM_NEGOTIATE)
...@@ -192,7 +192,7 @@ int cifs_verify_signature(struct smb_hdr *cifs_pdu, ...@@ -192,7 +192,7 @@ int cifs_verify_signature(struct smb_hdr *cifs_pdu,
cpu_to_le32(expected_sequence_number); cpu_to_le32(expected_sequence_number);
cifs_pdu->Signature.Sequence.Reserved = 0; cifs_pdu->Signature.Sequence.Reserved = 0;
rc = cifs_calculate_signature(cifs_pdu, mac_key, rc = cifs_calculate_signature(cifs_pdu, session_key,
what_we_think_sig_should_be); what_we_think_sig_should_be);
if (rc) if (rc)
...@@ -209,7 +209,7 @@ int cifs_verify_signature(struct smb_hdr *cifs_pdu, ...@@ -209,7 +209,7 @@ int cifs_verify_signature(struct smb_hdr *cifs_pdu,
} }
/* We fill in key by putting in 40 byte array which was allocated by caller */ /* We fill in key by putting in 40 byte array which was allocated by caller */
int cifs_calculate_mac_key(struct mac_key *key, const char *rn, int cifs_calculate_session_key(struct session_key *key, const char *rn,
const char *password) const char *password)
{ {
char temp_key[16]; char temp_key[16];
...@@ -347,11 +347,11 @@ void setup_ntlmv2_rsp(struct cifsSesInfo *ses, char *resp_buf, ...@@ -347,11 +347,11 @@ void setup_ntlmv2_rsp(struct cifsSesInfo *ses, char *resp_buf,
/* now calculate the MAC key for NTLMv2 */ /* now calculate the MAC key for NTLMv2 */
hmac_md5_init_limK_to_64(ses->server->ntlmv2_hash, 16, &context); hmac_md5_init_limK_to_64(ses->server->ntlmv2_hash, 16, &context);
hmac_md5_update(resp_buf, 16, &context); hmac_md5_update(resp_buf, 16, &context);
hmac_md5_final(ses->server->mac_signing_key.data.ntlmv2.key, &context); hmac_md5_final(ses->server->session_key.data.ntlmv2.key, &context);
memcpy(&ses->server->mac_signing_key.data.ntlmv2.resp, resp_buf, memcpy(&ses->server->session_key.data.ntlmv2.resp, resp_buf,
sizeof(struct ntlmv2_resp)); sizeof(struct ntlmv2_resp));
ses->server->mac_signing_key.len = 16 + sizeof(struct ntlmv2_resp); ses->server->session_key.len = 16 + sizeof(struct ntlmv2_resp);
} }
void CalcNTLMv2_response(const struct cifsSesInfo *ses, void CalcNTLMv2_response(const struct cifsSesInfo *ses,
......
...@@ -97,7 +97,7 @@ enum protocolEnum { ...@@ -97,7 +97,7 @@ enum protocolEnum {
/* Netbios frames protocol not supported at this time */ /* Netbios frames protocol not supported at this time */
}; };
struct mac_key { struct session_key {
unsigned int len; unsigned int len;
union { union {
char ntlm[CIFS_SESS_KEY_SIZE + 16]; char ntlm[CIFS_SESS_KEY_SIZE + 16];
...@@ -182,7 +182,7 @@ struct TCP_Server_Info { ...@@ -182,7 +182,7 @@ struct TCP_Server_Info {
/* 16th byte of RFC1001 workstation name is always null */ /* 16th byte of RFC1001 workstation name is always null */
char workstation_RFC1001_name[RFC1001_NAME_LEN_WITH_NULL]; char workstation_RFC1001_name[RFC1001_NAME_LEN_WITH_NULL];
__u32 sequence_number; /* needed for CIFS PDU signature */ __u32 sequence_number; /* needed for CIFS PDU signature */
struct mac_key mac_signing_key; struct session_key session_key;
char ntlmv2_hash[16]; char ntlmv2_hash[16];
unsigned long lstrp; /* when we got last response from this server */ unsigned long lstrp; /* when we got last response from this server */
u16 dialect; /* dialect index that server chose */ u16 dialect; /* dialect index that server chose */
......
...@@ -363,9 +363,9 @@ extern int cifs_sign_smb(struct smb_hdr *, struct TCP_Server_Info *, __u32 *); ...@@ -363,9 +363,9 @@ extern int cifs_sign_smb(struct smb_hdr *, struct TCP_Server_Info *, __u32 *);
extern int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *, extern int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *,
__u32 *); __u32 *);
extern int cifs_verify_signature(struct smb_hdr *, extern int cifs_verify_signature(struct smb_hdr *,
const struct mac_key *mac_key, const struct session_key *session_key,
__u32 expected_sequence_number); __u32 expected_sequence_number);
extern int cifs_calculate_mac_key(struct mac_key *key, const char *rn, extern int cifs_calculate_session_key(struct session_key *key, const char *rn,
const char *pass); const char *pass);
extern void CalcNTLMv2_response(const struct cifsSesInfo *, char *); extern void CalcNTLMv2_response(const struct cifsSesInfo *, char *);
extern void setup_ntlmv2_rsp(struct cifsSesInfo *, char *, extern void setup_ntlmv2_rsp(struct cifsSesInfo *, char *,
......
...@@ -480,7 +480,7 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer, ...@@ -480,7 +480,7 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer,
/* calculate session key, BB what about adding similar ntlmv2 path? */ /* calculate session key, BB what about adding similar ntlmv2 path? */
SMBNTencrypt(ses->password, ses->server->cryptKey, ntlm_session_key); SMBNTencrypt(ses->password, ses->server->cryptKey, ntlm_session_key);
if (first) if (first)
cifs_calculate_mac_key(&ses->server->mac_signing_key, cifs_calculate_session_key(&ses->server->session_key,
ntlm_session_key, ses->password); ntlm_session_key, ses->password);
memcpy(tmp, ntlm_session_key, CIFS_SESS_KEY_SIZE); memcpy(tmp, ntlm_session_key, CIFS_SESS_KEY_SIZE);
...@@ -690,7 +690,7 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, ...@@ -690,7 +690,7 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses,
if (first_time) /* should this be moved into common code if (first_time) /* should this be moved into common code
with similar ntlmv2 path? */ with similar ntlmv2 path? */
cifs_calculate_mac_key(&ses->server->mac_signing_key, cifs_calculate_session_key(&ses->server->session_key,
ntlm_session_key, ses->password); ntlm_session_key, ses->password);
/* copy session key */ /* copy session key */
...@@ -765,15 +765,15 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, ...@@ -765,15 +765,15 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses,
} }
/* bail out if key is too long */ /* bail out if key is too long */
if (msg->sesskey_len > if (msg->sesskey_len >
sizeof(ses->server->mac_signing_key.data.krb5)) { sizeof(ses->server->session_key.data.krb5)) {
cERROR(1, "Kerberos signing key too long (%u bytes)", cERROR(1, "Kerberos signing key too long (%u bytes)",
msg->sesskey_len); msg->sesskey_len);
rc = -EOVERFLOW; rc = -EOVERFLOW;
goto ssetup_exit; goto ssetup_exit;
} }
if (first_time) { if (first_time) {
ses->server->mac_signing_key.len = msg->sesskey_len; ses->server->session_key.len = msg->sesskey_len;
memcpy(ses->server->mac_signing_key.data.krb5, memcpy(ses->server->session_key.data.krb5,
msg->data, msg->sesskey_len); msg->data, msg->sesskey_len);
} }
pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC; pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
......
...@@ -543,7 +543,7 @@ SendReceive2(const unsigned int xid, struct cifsSesInfo *ses, ...@@ -543,7 +543,7 @@ SendReceive2(const unsigned int xid, struct cifsSesInfo *ses,
(ses->server->secMode & (SECMODE_SIGN_REQUIRED | (ses->server->secMode & (SECMODE_SIGN_REQUIRED |
SECMODE_SIGN_ENABLED))) { SECMODE_SIGN_ENABLED))) {
rc = cifs_verify_signature(midQ->resp_buf, rc = cifs_verify_signature(midQ->resp_buf,
&ses->server->mac_signing_key, &ses->server->session_key,
midQ->sequence_number+1); midQ->sequence_number+1);
if (rc) { if (rc) {
cERROR(1, "Unexpected SMB signature"); cERROR(1, "Unexpected SMB signature");
...@@ -731,7 +731,7 @@ SendReceive(const unsigned int xid, struct cifsSesInfo *ses, ...@@ -731,7 +731,7 @@ SendReceive(const unsigned int xid, struct cifsSesInfo *ses,
(ses->server->secMode & (SECMODE_SIGN_REQUIRED | (ses->server->secMode & (SECMODE_SIGN_REQUIRED |
SECMODE_SIGN_ENABLED))) { SECMODE_SIGN_ENABLED))) {
rc = cifs_verify_signature(out_buf, rc = cifs_verify_signature(out_buf,
&ses->server->mac_signing_key, &ses->server->session_key,
midQ->sequence_number+1); midQ->sequence_number+1);
if (rc) { if (rc) {
cERROR(1, "Unexpected SMB signature"); cERROR(1, "Unexpected SMB signature");
...@@ -981,7 +981,7 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifsTconInfo *tcon, ...@@ -981,7 +981,7 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifsTconInfo *tcon,
(ses->server->secMode & (SECMODE_SIGN_REQUIRED | (ses->server->secMode & (SECMODE_SIGN_REQUIRED |
SECMODE_SIGN_ENABLED))) { SECMODE_SIGN_ENABLED))) {
rc = cifs_verify_signature(out_buf, rc = cifs_verify_signature(out_buf,
&ses->server->mac_signing_key, &ses->server->session_key,
midQ->sequence_number+1); midQ->sequence_number+1);
if (rc) { if (rc) {
cERROR(1, "Unexpected SMB signature"); cERROR(1, "Unexpected SMB signature");
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment