Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
64a522c3
Commit
64a522c3
authored
Jul 07, 2003
by
Steve French
Browse files
Options
Browse Files
Download
Plain Diff
Merge
bk://linux.bkbits.net/linux-2.5
into hostme.bitkeeper.com:/repos/c/cifs/linux-2.5cifs
parents
a35d0e11
34f773cd
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
89 additions
and
83 deletions
+89
-83
fs/cifs/cifsencrypt.c
fs/cifs/cifsencrypt.c
+53
-2
fs/cifs/cifsproto.h
fs/cifs/cifsproto.h
+2
-2
fs/cifs/connect.c
fs/cifs/connect.c
+34
-24
fs/cifs/smbencrypt.c
fs/cifs/smbencrypt.c
+0
-55
No files found.
fs/cifs/cifsencrypt.c
View file @
64a522c3
...
@@ -24,6 +24,7 @@
...
@@ -24,6 +24,7 @@
#include "cifsglob.h"
#include "cifsglob.h"
#include "cifs_debug.h"
#include "cifs_debug.h"
#include "md5.h"
#include "md5.h"
#include "cifs_unicode.h"
/* Calculate and return the CIFS signature based on the mac key and the smb pdu */
/* Calculate and return the CIFS signature based on the mac key and the smb pdu */
/* the 16 byte signature must be allocated by the caller */
/* the 16 byte signature must be allocated by the caller */
...
@@ -133,8 +134,58 @@ int cifs_calculate_mac_key(char * key, const char * rn, const char * password)
...
@@ -133,8 +134,58 @@ int cifs_calculate_mac_key(char * key, const char * rn, const char * password)
if
((
key
==
NULL
)
||
(
rn
==
NULL
)
||
(
password
==
NULL
))
if
((
key
==
NULL
)
||
(
rn
==
NULL
)
||
(
password
==
NULL
))
return
-
EINVAL
;
return
-
EINVAL
;
E_md4hash
(
password
,
temp_key
);
/* BB may have to do another md4 of it */
E_md4hash
(
password
,
temp_key
);
mdfour
(
key
,
temp_key
,
16
);
mdfour
(
key
,
temp_key
,
16
);
memcpy
(
key
+
16
,
rn
,
CIFS_SESSION_KEY_SIZE
);
memcpy
(
key
+
16
,
rn
,
CIFS_SESSION_KEY_SIZE
);
return
0
;
return
0
;
}
}
int
CalcNTLMv2_partial_mac_key
(
struct
cifsSesInfo
*
ses
,
struct
nls_table
*
nls_info
)
{
char
temp_key
[
16
];
struct
HMACMD5Context
ctx
;
char
*
ucase_buf
;
wchar_t
*
unicode_buf
;
unsigned
int
i
,
user_len
,
dom_len
;
if
(
ses
)
return
-
EINVAL
;
E_md4hash
(
ses
->
password_with_pad
,
temp_key
);
hmac_md5_init_limK_to_64
(
temp_key
,
16
,
&
ctx
);
user_len
=
strlen
(
ses
->
userName
);
if
(
user_len
>
MAX_USERNAME_SIZE
)
return
-
EINVAL
;
dom_len
=
strlen
(
ses
->
domainName
);
if
(
dom_len
>
MAX_USERNAME_SIZE
)
return
-
EINVAL
;
ucase_buf
=
kmalloc
((
MAX_USERNAME_SIZE
+
1
),
GFP_KERNEL
);
unicode_buf
=
kmalloc
((
MAX_USERNAME_SIZE
+
1
)
*
2
,
GFP_KERNEL
);
for
(
i
=
0
;
i
<
user_len
;
i
++
)
ucase_buf
[
i
]
=
nls_info
->
charset2upper
[(
int
)
ses
->
userName
[
i
]];
ucase_buf
[
i
]
=
0
;
user_len
=
cifs_strtoUCS
(
unicode_buf
,
ucase_buf
,
MAX_USERNAME_SIZE
*
2
,
nls_info
);
/* BB inc user_len + 2 or 2 for trailing nulls? */
/* Add call to hmac md5 user BB */
for
(
i
=
0
;
i
<
dom_len
;
i
++
)
ucase_buf
[
i
]
=
nls_info
->
charset2upper
[(
int
)
ses
->
domainName
[
i
]];
ucase_buf
[
i
]
=
0
;
dom_len
=
cifs_strtoUCS
(
unicode_buf
,
ucase_buf
,
MAX_USERNAME_SIZE
*
2
,
nls_info
);
/* BB inc dom_len + 1 or 2 for trailing nulls? */
/* Add call to hmac md5 domain */
/* BB add hmac md5 final BB */
kfree
(
ucase_buf
);
kfree
(
unicode_buf
);
return
0
;
}
fs/cifs/cifsproto.h
View file @
64a522c3
...
@@ -88,8 +88,7 @@ extern int CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
...
@@ -88,8 +88,7 @@ extern int CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
const
struct
nls_table
*
);
const
struct
nls_table
*
);
extern
int
CIFSNTLMSSPAuthSessSetup
(
unsigned
int
xid
,
extern
int
CIFSNTLMSSPAuthSessSetup
(
unsigned
int
xid
,
struct
cifsSesInfo
*
ses
,
char
*
ntlm_session_key
,
struct
cifsSesInfo
*
ses
,
char
*
ntlm_session_key
,
char
*
lanman_session_key
,
int
ntlmv2_flag
,
int
ntlmv2_flag
,
const
struct
nls_table
*
);
const
struct
nls_table
*
);
extern
int
CIFSTCon
(
unsigned
int
xid
,
struct
cifsSesInfo
*
ses
,
extern
int
CIFSTCon
(
unsigned
int
xid
,
struct
cifsSesInfo
*
ses
,
const
char
*
tree
,
struct
cifsTconInfo
*
tcon
,
const
char
*
tree
,
struct
cifsTconInfo
*
tcon
,
...
@@ -229,6 +228,7 @@ extern int cifs_sign_smb(struct smb_hdr *, struct cifsSesInfo *,__u32 *);
...
@@ -229,6 +228,7 @@ extern int cifs_sign_smb(struct smb_hdr *, struct cifsSesInfo *,__u32 *);
extern
int
cifs_verify_signature
(
const
struct
smb_hdr
*
,
const
char
*
mac_key
,
extern
int
cifs_verify_signature
(
const
struct
smb_hdr
*
,
const
char
*
mac_key
,
__u32
expected_sequence_number
);
__u32
expected_sequence_number
);
extern
int
cifs_calculate_mac_key
(
char
*
key
,
const
char
*
rn
,
const
char
*
pass
);
extern
int
cifs_calculate_mac_key
(
char
*
key
,
const
char
*
rn
,
const
char
*
pass
);
extern
void
CalcNTLMv2_partial_mac_key
(
struct
cifsSesInfo
*
,
struct
nls_table
*
);
/* BB routines below not implemented yet BB */
/* BB routines below not implemented yet BB */
...
...
fs/cifs/connect.c
View file @
64a522c3
...
@@ -634,7 +634,6 @@ get_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
...
@@ -634,7 +634,6 @@ get_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
int
setup_session
(
unsigned
int
xid
,
struct
cifsSesInfo
*
pSesInfo
,
struct
nls_table
*
nls_info
)
int
setup_session
(
unsigned
int
xid
,
struct
cifsSesInfo
*
pSesInfo
,
struct
nls_table
*
nls_info
)
{
{
int
rc
=
0
;
int
rc
=
0
;
char
session_key
[
CIFS_SESSION_KEY_SIZE
];
char
ntlm_session_key
[
CIFS_SESSION_KEY_SIZE
];
char
ntlm_session_key
[
CIFS_SESSION_KEY_SIZE
];
int
ntlmv2_flag
=
FALSE
;
int
ntlmv2_flag
=
FALSE
;
...
@@ -666,35 +665,38 @@ int setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo, struct nls_tab
...
@@ -666,35 +665,38 @@ int setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo, struct nls_tab
nls_info
);
nls_info
);
if
(
!
rc
)
{
if
(
!
rc
)
{
if
(
ntlmv2_flag
)
{
if
(
ntlmv2_flag
)
{
cFYI
(
1
,(
"
Able to use th
e more secure NTLM version 2 password hash"
));
cFYI
(
1
,(
"
Can us
e more secure NTLM version 2 password hash"
));
/* SMBNTv2encrypt( ...); */
/* BB fix this up
-
/* SMBNTv2encrypt( ...); */
/* BB fix this up
*/
and note that Samba client equivalent looks wrong */
CalcNTLMv2_partial_mac_key
(
pSesInfo
,
}
else
nls_info
);
SMBNTencrypt
(
pSesInfo
->
password_with_pad
,
/* cifs_calculate_ntlmv2_mac_key(pSesInfo->mac_signing_key, ntlm_session_key, */
pSesInfo
->
server
->
cryptKey
,
ntlm_session_key
);
/* BB Put dummy sig in SessSetup PDU? */
/* BB add call to save MAC key here BB */
}
else
{
SMBNTencrypt
(
pSesInfo
->
password_with_pad
,
pSesInfo
->
server
->
cryptKey
,
ntlm_session_key
);
/* for better security the weaker lanman hash not sent
cifs_calculate_mac_key
(
pSesInfo
->
mac_signing_key
,
in AuthSessSetup so why bother calculating it */
ntlm_session_key
,
/* toUpper(nls_info,
pSesInfo
->
password_with_pad
);
password_with_pad);
}
SMBencrypt(password_with_pad,
/* for better security the weaker lanman hash not sent
pSesInfo->server->cryptKey, session_key);
*/
in AuthSessSetup so we no longer calculate it
*/
rc
=
CIFSNTLMSSPAuthSessSetup
(
xid
,
rc
=
CIFSNTLMSSPAuthSessSetup
(
xid
,
pSesInfo
,
pSesInfo
,
ntlm_session_key
,
ntlm_session_key
,
session_key
,
ntlmv2_flag
,
ntlmv2_flag
,
nls_info
);
nls_info
);
}
}
}
else
{
/* old style NTLM 0.12 session setup */
}
else
{
/* old style NTLM 0.12 session setup */
SMBNTencrypt
(
pSesInfo
->
password_with_pad
,
SMBNTencrypt
(
pSesInfo
->
password_with_pad
,
pSesInfo
->
server
->
cryptKey
,
pSesInfo
->
server
->
cryptKey
,
ntlm_session_key
);
ntlm_session_key
);
cifs_calculate_mac_key
(
pSesInfo
->
mac_signing_key
,
ntlm_session_key
,
pSesInfo
->
password_with_pad
);
cifs_calculate_mac_key
(
pSesInfo
->
mac_signing_key
,
ntlm_session_key
,
pSesInfo
->
password_with_pad
);
rc
=
CIFSSessSetup
(
xid
,
pSesInfo
,
rc
=
CIFSSessSetup
(
xid
,
pSesInfo
,
ntlm_session_key
,
nls_info
);
ntlm_session_key
,
nls_info
);
}
}
...
@@ -1297,7 +1299,7 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
...
@@ -1297,7 +1299,7 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
int
bytes_returned
=
0
;
int
bytes_returned
=
0
;
int
len
;
int
len
;
cFYI
(
1
,
(
"In
v2
sesssetup "
));
cFYI
(
1
,
(
"In
spnego
sesssetup "
));
smb_buffer
=
buf_get
();
smb_buffer
=
buf_get
();
if
(
smb_buffer
==
0
)
{
if
(
smb_buffer
==
0
)
{
...
@@ -1605,7 +1607,9 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
...
@@ -1605,7 +1607,9 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
SecurityBlob
->
NegotiateFlags
=
SecurityBlob
->
NegotiateFlags
=
NTLMSSP_NEGOTIATE_UNICODE
|
NTLMSSP_NEGOTIATE_OEM
|
NTLMSSP_NEGOTIATE_UNICODE
|
NTLMSSP_NEGOTIATE_OEM
|
NTLMSSP_REQUEST_TARGET
|
NTLMSSP_NEGOTIATE_NTLM
|
0x80000000
|
NTLMSSP_REQUEST_TARGET
|
NTLMSSP_NEGOTIATE_NTLM
|
0x80000000
|
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
|
NTLMSSP_NEGOTIATE_128
;
/* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */
NTLMSSP_NEGOTIATE_128
;
if
(
sign_CIFS_PDUs
)
SecurityBlob
->
NegotiateFlags
|=
NTLMSSP_NEGOTIATE_SIGN
;
if
(
ntlmv2_support
)
if
(
ntlmv2_support
)
SecurityBlob
->
NegotiateFlags
|=
NTLMSSP_NEGOTIATE_NTLMV2
;
SecurityBlob
->
NegotiateFlags
|=
NTLMSSP_NEGOTIATE_NTLMV2
;
/* setup pointers to domain name and workstation name */
/* setup pointers to domain name and workstation name */
...
@@ -1725,6 +1729,10 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
...
@@ -1725,6 +1729,10 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
CIFS_CRYPTO_KEY_SIZE
);
CIFS_CRYPTO_KEY_SIZE
);
if
(
SecurityBlob2
->
NegotiateFlags
&
NTLMSSP_NEGOTIATE_NTLMV2
)
if
(
SecurityBlob2
->
NegotiateFlags
&
NTLMSSP_NEGOTIATE_NTLMV2
)
*
pNTLMv2_flag
=
TRUE
;
*
pNTLMv2_flag
=
TRUE
;
/* if(SecurityBlob2->NegotiateFlags & NTLMSSP_NEGOTIATE_SIGN)
always sign */
/* BB FIXME BB */
if
(
smb_buffer
->
Flags2
&=
SMBFLG2_UNICODE
)
{
if
(
smb_buffer
->
Flags2
&=
SMBFLG2_UNICODE
)
{
if
((
long
)
(
bcc_ptr
)
%
2
)
{
if
((
long
)
(
bcc_ptr
)
%
2
)
{
remaining_words
=
remaining_words
=
...
@@ -1868,7 +1876,7 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
...
@@ -1868,7 +1876,7 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
int
int
CIFSNTLMSSPAuthSessSetup
(
unsigned
int
xid
,
struct
cifsSesInfo
*
ses
,
CIFSNTLMSSPAuthSessSetup
(
unsigned
int
xid
,
struct
cifsSesInfo
*
ses
,
char
*
ntlm_session_key
,
char
*
lanman_session_key
,
int
ntlmv2_flag
,
char
*
ntlm_session_key
,
int
ntlmv2_flag
,
const
struct
nls_table
*
nls_codepage
)
const
struct
nls_table
*
nls_codepage
)
{
{
struct
smb_hdr
*
smb_buffer
;
struct
smb_hdr
*
smb_buffer
;
...
@@ -1934,7 +1942,9 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
...
@@ -1934,7 +1942,9 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
SecurityBlob
->
NegotiateFlags
=
SecurityBlob
->
NegotiateFlags
=
NTLMSSP_NEGOTIATE_UNICODE
|
NTLMSSP_REQUEST_TARGET
|
NTLMSSP_NEGOTIATE_UNICODE
|
NTLMSSP_REQUEST_TARGET
|
NTLMSSP_NEGOTIATE_NTLM
|
NTLMSSP_NEGOTIATE_TARGET_INFO
|
NTLMSSP_NEGOTIATE_NTLM
|
NTLMSSP_NEGOTIATE_TARGET_INFO
|
0x80000000
|
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
|
NTLMSSP_NEGOTIATE_128
;
0x80000000
|
NTLMSSP_NEGOTIATE_128
;
if
(
sign_CIFS_PDUs
)
SecurityBlob
->
NegotiateFlags
|=
/* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/
NTLMSSP_NEGOTIATE_SIGN
;
if
(
ntlmv2_flag
)
if
(
ntlmv2_flag
)
SecurityBlob
->
NegotiateFlags
|=
NTLMSSP_NEGOTIATE_NTLMV2
;
SecurityBlob
->
NegotiateFlags
|=
NTLMSSP_NEGOTIATE_NTLMV2
;
...
...
fs/cifs/smbencrypt.c
View file @
64a522c3
...
@@ -470,58 +470,3 @@ int SMBNTLMv2encrypt(const char *user, const char *domain, const char *password,
...
@@ -470,58 +470,3 @@ int SMBNTLMv2encrypt(const char *user, const char *domain, const char *password,
return
TRUE
;
return
TRUE
;
}
}
/***********************************************************
SMB signing - setup the MAC key.
************************************************************/
void
cli_calculate_mac_key
(
__u8
*
mac_key
,
int
*
pmac_key_len
,
const
char
*
ntpasswd
,
const
unsigned
char
resp
[
24
])
{
/* Get first 16 bytes. */
E_md4hash
(
ntpasswd
,
mac_key
);
memcpy
(
mac_key
+
16
,
resp
,
24
);
*
pmac_key_len
=
40
;
/* Reset the sequence number in case we had a previous (aborted) attempt */
/* cli->sign_info.send_seq_num = 0; */
}
/***********************************************************
SMB signing - calculate a MAC to send.
************************************************************/
void
cli_caclulate_sign_mac
(
struct
smb_hdr
*
outbuf
,
__u8
*
mac_key
,
int
mac_key_len
,
__u32
*
send_seq_num
,
__u32
*
reply_seq_num
)
{
unsigned
char
calc_md5_mac
[
16
];
struct
MD5Context
md5_ctx
;
/* if (!cli->sign_info.use_smb_signing) {
return;
} */
/*
* Firstly put the sequence number into the first 4 bytes.
* and zero out the next 4 bytes.
*/
/*
SIVAL(outbuf, smb_ss_field, *send_seq_num);
SIVAL(outbuf, smb_ss_field + 4, 0); */
/* Calculate the 16 byte MAC and place first 8 bytes into the field. */
MD5Init
(
&
md5_ctx
);
MD5Update
(
&
md5_ctx
,
mac_key
,
mac_key_len
);
MD5Update
(
&
md5_ctx
,
outbuf
->
Protocol
,
be32_to_cpu
(
outbuf
->
smb_buf_length
));
MD5Final
(
calc_md5_mac
,
&
md5_ctx
);
memcpy
(
outbuf
->
Signature
.
SecuritySignature
,
calc_md5_mac
,
8
);
(
*
send_seq_num
)
++
;
*
reply_seq_num
=
*
send_seq_num
;
(
*
send_seq_num
)
++
;
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment