diff options
author | Shirish Pargaonkar <shirishpargaonkar@gmail.com> | 2010-09-18 23:01:58 -0400 |
---|---|---|
committer | Steve French <sfrench@us.ibm.com> | 2010-09-29 15:04:29 -0400 |
commit | 5f98ca9afb9c004f8948c0d40920503de447918a (patch) | |
tree | b9b59bb6a8226925c42c8bbbef85de95e86a9133 | |
parent | aa91c7e4ab9b0842b7d7a7cbf8cca18b20df89b5 (diff) |
cifs NTLMv2/NTLMSSP Change variable name mac_key to session key to reflect the key it holds
Change name of variable mac_key to session key.
The reason mac_key was changed to session key is, this structure does not
hold message authentication code, it holds the session key (for ntlmv2,
ntlmv1 etc.). mac is generated as a signature in cifs_calc* functions.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
-rw-r--r-- | fs/cifs/cifsencrypt.c | 22 | ||||
-rw-r--r-- | fs/cifs/cifsglob.h | 4 | ||||
-rw-r--r-- | fs/cifs/cifsproto.h | 4 | ||||
-rw-r--r-- | fs/cifs/sess.c | 10 | ||||
-rw-r--r-- | fs/cifs/transport.c | 6 |
5 files changed, 23 insertions, 23 deletions
diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c index 35042d8f7338..eed70cae1275 100644 --- a/fs/cifs/cifsencrypt.c +++ b/fs/cifs/cifsencrypt.c | |||
@@ -42,7 +42,7 @@ extern void SMBencrypt(unsigned char *passwd, const unsigned char *c8, | |||
42 | unsigned char *p24); | 42 | unsigned char *p24); |
43 | 43 | ||
44 | static int cifs_calculate_signature(const struct smb_hdr *cifs_pdu, | 44 | static int cifs_calculate_signature(const struct smb_hdr *cifs_pdu, |
45 | const struct mac_key *key, char *signature) | 45 | const struct session_key *key, char *signature) |
46 | { | 46 | { |
47 | struct MD5Context context; | 47 | struct MD5Context context; |
48 | 48 | ||
@@ -78,7 +78,7 @@ int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server, | |||
78 | server->sequence_number++; | 78 | server->sequence_number++; |
79 | spin_unlock(&GlobalMid_Lock); | 79 | spin_unlock(&GlobalMid_Lock); |
80 | 80 | ||
81 | rc = cifs_calculate_signature(cifs_pdu, &server->mac_signing_key, | 81 | rc = cifs_calculate_signature(cifs_pdu, &server->session_key, |
82 | smb_signature); | 82 | smb_signature); |
83 | if (rc) | 83 | if (rc) |
84 | memset(cifs_pdu->Signature.SecuritySignature, 0, 8); | 84 | memset(cifs_pdu->Signature.SecuritySignature, 0, 8); |
@@ -89,7 +89,7 @@ int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server, | |||
89 | } | 89 | } |
90 | 90 | ||
91 | static int cifs_calc_signature2(const struct kvec *iov, int n_vec, | 91 | static int cifs_calc_signature2(const struct kvec *iov, int n_vec, |
92 | const struct mac_key *key, char *signature) | 92 | const struct session_key *key, char *signature) |
93 | { | 93 | { |
94 | struct MD5Context context; | 94 | struct MD5Context context; |
95 | int i; | 95 | int i; |
@@ -145,7 +145,7 @@ int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server, | |||
145 | server->sequence_number++; | 145 | server->sequence_number++; |
146 | spin_unlock(&GlobalMid_Lock); | 146 | spin_unlock(&GlobalMid_Lock); |
147 | 147 | ||
148 | rc = cifs_calc_signature2(iov, n_vec, &server->mac_signing_key, | 148 | rc = cifs_calc_signature2(iov, n_vec, &server->session_key, |
149 | smb_signature); | 149 | smb_signature); |
150 | if (rc) | 150 | if (rc) |
151 | memset(cifs_pdu->Signature.SecuritySignature, 0, 8); | 151 | memset(cifs_pdu->Signature.SecuritySignature, 0, 8); |
@@ -156,14 +156,14 @@ int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server, | |||
156 | } | 156 | } |
157 | 157 | ||
158 | int cifs_verify_signature(struct smb_hdr *cifs_pdu, | 158 | int cifs_verify_signature(struct smb_hdr *cifs_pdu, |
159 | const struct mac_key *mac_key, | 159 | const struct session_key *session_key, |
160 | __u32 expected_sequence_number) | 160 | __u32 expected_sequence_number) |
161 | { | 161 | { |
162 | unsigned int rc; | 162 | unsigned int rc; |
163 | char server_response_sig[8]; | 163 | char server_response_sig[8]; |
164 | char what_we_think_sig_should_be[20]; | 164 | char what_we_think_sig_should_be[20]; |
165 | 165 | ||
166 | if ((cifs_pdu == NULL) || (mac_key == NULL)) | 166 | if (cifs_pdu == NULL || session_key == NULL) |
167 | return -EINVAL; | 167 | return -EINVAL; |
168 | 168 | ||
169 | if (cifs_pdu->Command == SMB_COM_NEGOTIATE) | 169 | if (cifs_pdu->Command == SMB_COM_NEGOTIATE) |
@@ -192,7 +192,7 @@ int cifs_verify_signature(struct smb_hdr *cifs_pdu, | |||
192 | cpu_to_le32(expected_sequence_number); | 192 | cpu_to_le32(expected_sequence_number); |
193 | cifs_pdu->Signature.Sequence.Reserved = 0; | 193 | cifs_pdu->Signature.Sequence.Reserved = 0; |
194 | 194 | ||
195 | rc = cifs_calculate_signature(cifs_pdu, mac_key, | 195 | rc = cifs_calculate_signature(cifs_pdu, session_key, |
196 | what_we_think_sig_should_be); | 196 | what_we_think_sig_should_be); |
197 | 197 | ||
198 | if (rc) | 198 | if (rc) |
@@ -209,7 +209,7 @@ int cifs_verify_signature(struct smb_hdr *cifs_pdu, | |||
209 | } | 209 | } |
210 | 210 | ||
211 | /* We fill in key by putting in 40 byte array which was allocated by caller */ | 211 | /* We fill in key by putting in 40 byte array which was allocated by caller */ |
212 | int cifs_calculate_mac_key(struct mac_key *key, const char *rn, | 212 | int cifs_calculate_session_key(struct session_key *key, const char *rn, |
213 | const char *password) | 213 | const char *password) |
214 | { | 214 | { |
215 | char temp_key[16]; | 215 | char temp_key[16]; |
@@ -347,11 +347,11 @@ void setup_ntlmv2_rsp(struct cifsSesInfo *ses, char *resp_buf, | |||
347 | /* now calculate the MAC key for NTLMv2 */ | 347 | /* now calculate the MAC key for NTLMv2 */ |
348 | hmac_md5_init_limK_to_64(ses->server->ntlmv2_hash, 16, &context); | 348 | hmac_md5_init_limK_to_64(ses->server->ntlmv2_hash, 16, &context); |
349 | hmac_md5_update(resp_buf, 16, &context); | 349 | hmac_md5_update(resp_buf, 16, &context); |
350 | hmac_md5_final(ses->server->mac_signing_key.data.ntlmv2.key, &context); | 350 | hmac_md5_final(ses->server->session_key.data.ntlmv2.key, &context); |
351 | 351 | ||
352 | memcpy(&ses->server->mac_signing_key.data.ntlmv2.resp, resp_buf, | 352 | memcpy(&ses->server->session_key.data.ntlmv2.resp, resp_buf, |
353 | sizeof(struct ntlmv2_resp)); | 353 | sizeof(struct ntlmv2_resp)); |
354 | ses->server->mac_signing_key.len = 16 + sizeof(struct ntlmv2_resp); | 354 | ses->server->session_key.len = 16 + sizeof(struct ntlmv2_resp); |
355 | } | 355 | } |
356 | 356 | ||
357 | void CalcNTLMv2_response(const struct cifsSesInfo *ses, | 357 | void CalcNTLMv2_response(const struct cifsSesInfo *ses, |
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index 0cdfb8c32ac6..14dfa9a067e5 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h | |||
@@ -97,7 +97,7 @@ enum protocolEnum { | |||
97 | /* Netbios frames protocol not supported at this time */ | 97 | /* Netbios frames protocol not supported at this time */ |
98 | }; | 98 | }; |
99 | 99 | ||
100 | struct mac_key { | 100 | struct session_key { |
101 | unsigned int len; | 101 | unsigned int len; |
102 | union { | 102 | union { |
103 | char ntlm[CIFS_SESS_KEY_SIZE + 16]; | 103 | char ntlm[CIFS_SESS_KEY_SIZE + 16]; |
@@ -182,7 +182,7 @@ struct TCP_Server_Info { | |||
182 | /* 16th byte of RFC1001 workstation name is always null */ | 182 | /* 16th byte of RFC1001 workstation name is always null */ |
183 | char workstation_RFC1001_name[RFC1001_NAME_LEN_WITH_NULL]; | 183 | char workstation_RFC1001_name[RFC1001_NAME_LEN_WITH_NULL]; |
184 | __u32 sequence_number; /* needed for CIFS PDU signature */ | 184 | __u32 sequence_number; /* needed for CIFS PDU signature */ |
185 | struct mac_key mac_signing_key; | 185 | struct session_key session_key; |
186 | char ntlmv2_hash[16]; | 186 | char ntlmv2_hash[16]; |
187 | unsigned long lstrp; /* when we got last response from this server */ | 187 | unsigned long lstrp; /* when we got last response from this server */ |
188 | u16 dialect; /* dialect index that server chose */ | 188 | u16 dialect; /* dialect index that server chose */ |
diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h index f110e0e7e947..099fd6173e01 100644 --- a/fs/cifs/cifsproto.h +++ b/fs/cifs/cifsproto.h | |||
@@ -363,9 +363,9 @@ extern int cifs_sign_smb(struct smb_hdr *, struct TCP_Server_Info *, __u32 *); | |||
363 | extern int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *, | 363 | extern int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *, |
364 | __u32 *); | 364 | __u32 *); |
365 | extern int cifs_verify_signature(struct smb_hdr *, | 365 | extern int cifs_verify_signature(struct smb_hdr *, |
366 | const struct mac_key *mac_key, | 366 | const struct session_key *session_key, |
367 | __u32 expected_sequence_number); | 367 | __u32 expected_sequence_number); |
368 | extern int cifs_calculate_mac_key(struct mac_key *key, const char *rn, | 368 | extern int cifs_calculate_session_key(struct session_key *key, const char *rn, |
369 | const char *pass); | 369 | const char *pass); |
370 | extern void CalcNTLMv2_response(const struct cifsSesInfo *, char *); | 370 | extern void CalcNTLMv2_response(const struct cifsSesInfo *, char *); |
371 | extern void setup_ntlmv2_rsp(struct cifsSesInfo *, char *, | 371 | extern void setup_ntlmv2_rsp(struct cifsSesInfo *, char *, |
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index 0a57cb7db5dd..88820127650e 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c | |||
@@ -480,7 +480,7 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer, | |||
480 | /* calculate session key, BB what about adding similar ntlmv2 path? */ | 480 | /* calculate session key, BB what about adding similar ntlmv2 path? */ |
481 | SMBNTencrypt(ses->password, ses->server->cryptKey, ntlm_session_key); | 481 | SMBNTencrypt(ses->password, ses->server->cryptKey, ntlm_session_key); |
482 | if (first) | 482 | if (first) |
483 | cifs_calculate_mac_key(&ses->server->mac_signing_key, | 483 | cifs_calculate_session_key(&ses->server->session_key, |
484 | ntlm_session_key, ses->password); | 484 | ntlm_session_key, ses->password); |
485 | 485 | ||
486 | memcpy(tmp, ntlm_session_key, CIFS_SESS_KEY_SIZE); | 486 | memcpy(tmp, ntlm_session_key, CIFS_SESS_KEY_SIZE); |
@@ -690,7 +690,7 @@ ssetup_ntlmssp_authenticate: | |||
690 | 690 | ||
691 | if (first_time) /* should this be moved into common code | 691 | if (first_time) /* should this be moved into common code |
692 | with similar ntlmv2 path? */ | 692 | with similar ntlmv2 path? */ |
693 | cifs_calculate_mac_key(&ses->server->mac_signing_key, | 693 | cifs_calculate_session_key(&ses->server->session_key, |
694 | ntlm_session_key, ses->password); | 694 | ntlm_session_key, ses->password); |
695 | /* copy session key */ | 695 | /* copy session key */ |
696 | 696 | ||
@@ -765,15 +765,15 @@ ssetup_ntlmssp_authenticate: | |||
765 | } | 765 | } |
766 | /* bail out if key is too long */ | 766 | /* bail out if key is too long */ |
767 | if (msg->sesskey_len > | 767 | if (msg->sesskey_len > |
768 | sizeof(ses->server->mac_signing_key.data.krb5)) { | 768 | sizeof(ses->server->session_key.data.krb5)) { |
769 | cERROR(1, "Kerberos signing key too long (%u bytes)", | 769 | cERROR(1, "Kerberos signing key too long (%u bytes)", |
770 | msg->sesskey_len); | 770 | msg->sesskey_len); |
771 | rc = -EOVERFLOW; | 771 | rc = -EOVERFLOW; |
772 | goto ssetup_exit; | 772 | goto ssetup_exit; |
773 | } | 773 | } |
774 | if (first_time) { | 774 | if (first_time) { |
775 | ses->server->mac_signing_key.len = msg->sesskey_len; | 775 | ses->server->session_key.len = msg->sesskey_len; |
776 | memcpy(ses->server->mac_signing_key.data.krb5, | 776 | memcpy(ses->server->session_key.data.krb5, |
777 | msg->data, msg->sesskey_len); | 777 | msg->data, msg->sesskey_len); |
778 | } | 778 | } |
779 | pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC; | 779 | pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC; |
diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c index 82f78c4d6978..a66c91eb6eb4 100644 --- a/fs/cifs/transport.c +++ b/fs/cifs/transport.c | |||
@@ -543,7 +543,7 @@ SendReceive2(const unsigned int xid, struct cifsSesInfo *ses, | |||
543 | (ses->server->secMode & (SECMODE_SIGN_REQUIRED | | 543 | (ses->server->secMode & (SECMODE_SIGN_REQUIRED | |
544 | SECMODE_SIGN_ENABLED))) { | 544 | SECMODE_SIGN_ENABLED))) { |
545 | rc = cifs_verify_signature(midQ->resp_buf, | 545 | rc = cifs_verify_signature(midQ->resp_buf, |
546 | &ses->server->mac_signing_key, | 546 | &ses->server->session_key, |
547 | midQ->sequence_number+1); | 547 | midQ->sequence_number+1); |
548 | if (rc) { | 548 | if (rc) { |
549 | cERROR(1, "Unexpected SMB signature"); | 549 | cERROR(1, "Unexpected SMB signature"); |
@@ -731,7 +731,7 @@ SendReceive(const unsigned int xid, struct cifsSesInfo *ses, | |||
731 | (ses->server->secMode & (SECMODE_SIGN_REQUIRED | | 731 | (ses->server->secMode & (SECMODE_SIGN_REQUIRED | |
732 | SECMODE_SIGN_ENABLED))) { | 732 | SECMODE_SIGN_ENABLED))) { |
733 | rc = cifs_verify_signature(out_buf, | 733 | rc = cifs_verify_signature(out_buf, |
734 | &ses->server->mac_signing_key, | 734 | &ses->server->session_key, |
735 | midQ->sequence_number+1); | 735 | midQ->sequence_number+1); |
736 | if (rc) { | 736 | if (rc) { |
737 | cERROR(1, "Unexpected SMB signature"); | 737 | cERROR(1, "Unexpected SMB signature"); |
@@ -981,7 +981,7 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifsTconInfo *tcon, | |||
981 | (ses->server->secMode & (SECMODE_SIGN_REQUIRED | | 981 | (ses->server->secMode & (SECMODE_SIGN_REQUIRED | |
982 | SECMODE_SIGN_ENABLED))) { | 982 | SECMODE_SIGN_ENABLED))) { |
983 | rc = cifs_verify_signature(out_buf, | 983 | rc = cifs_verify_signature(out_buf, |
984 | &ses->server->mac_signing_key, | 984 | &ses->server->session_key, |
985 | midQ->sequence_number+1); | 985 | midQ->sequence_number+1); |
986 | if (rc) { | 986 | if (rc) { |
987 | cERROR(1, "Unexpected SMB signature"); | 987 | cERROR(1, "Unexpected SMB signature"); |