aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteve French <sfrench@us.ibm.com>2006-02-09 16:12:47 -0500
committerSteve French <sfrench@us.ibm.com>2006-02-09 16:12:47 -0500
commit12b3b8ffb5fd591df41f658d6068b76f7a58e710 (patch)
tree7034f4aed6f90d00cd24d8548c6df229aae2d22c
parente3f749c4af69c4344d89f11e2293e3790eb4eaca (diff)
[CIFS] Cleanup NTLMSSP session setup handling
Fix to hash NTLMv2 properly will follow. Signed-off-by: Steve French <sfrench@us.ibm.com>
-rw-r--r--fs/cifs/CHANGES6
-rw-r--r--fs/cifs/cifsencrypt.c5
-rw-r--r--fs/cifs/cifsfs.h2
-rw-r--r--fs/cifs/cifsproto.h2
-rw-r--r--fs/cifs/cifssmb.c27
-rw-r--r--fs/cifs/connect.c42
-rw-r--r--fs/cifs/ntlmssp.h2
7 files changed, 53 insertions, 33 deletions
diff --git a/fs/cifs/CHANGES b/fs/cifs/CHANGES
index d335015473a5..a9cf779cf35e 100644
--- a/fs/cifs/CHANGES
+++ b/fs/cifs/CHANGES
@@ -1,3 +1,9 @@
1Version 1.41
2------------
3Fix NTLMv2 security (can be enabled in /proc/fs/cifs) so customers can
4configure stronger authentication. Fix sfu symlinks so they can
5be followed (not just recognized).
6
1Version 1.40 7Version 1.40
2------------ 8------------
3Use fsuid (fsgid) more consistently instead of uid (gid). Improve performance 9Use fsuid (fsgid) more consistently instead of uid (gid). Improve performance
diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
index a2c24858d40f..41d08d9fef79 100644
--- a/fs/cifs/cifsencrypt.c
+++ b/fs/cifs/cifsencrypt.c
@@ -1,7 +1,7 @@
1/* 1/*
2 * fs/cifs/cifsencrypt.c 2 * fs/cifs/cifsencrypt.c
3 * 3 *
4 * Copyright (C) International Business Machines Corp., 2005 4 * Copyright (C) International Business Machines Corp., 2005,2006
5 * Author(s): Steve French (sfrench@us.ibm.com) 5 * Author(s): Steve French (sfrench@us.ibm.com)
6 * 6 *
7 * This library is free software; you can redistribute it and/or modify 7 * This library is free software; you can redistribute it and/or modify
@@ -36,7 +36,8 @@
36extern void mdfour(unsigned char *out, unsigned char *in, int n); 36extern void mdfour(unsigned char *out, unsigned char *in, int n);
37extern void E_md4hash(const unsigned char *passwd, unsigned char *p16); 37extern void E_md4hash(const unsigned char *passwd, unsigned char *p16);
38 38
39static int cifs_calculate_signature(const struct smb_hdr * cifs_pdu, const char * key, char * signature) 39static int cifs_calculate_signature(const struct smb_hdr * cifs_pdu,
40 const char * key, char * signature)
40{ 41{
41 struct MD5Context context; 42 struct MD5Context context;
42 43
diff --git a/fs/cifs/cifsfs.h b/fs/cifs/cifsfs.h
index 821a8eb22559..4cf10f23cda9 100644
--- a/fs/cifs/cifsfs.h
+++ b/fs/cifs/cifsfs.h
@@ -99,5 +99,5 @@ extern ssize_t cifs_getxattr(struct dentry *, const char *, void *, size_t);
99extern ssize_t cifs_listxattr(struct dentry *, char *, size_t); 99extern ssize_t cifs_listxattr(struct dentry *, char *, size_t);
100extern int cifs_ioctl (struct inode * inode, struct file * filep, 100extern int cifs_ioctl (struct inode * inode, struct file * filep,
101 unsigned int command, unsigned long arg); 101 unsigned int command, unsigned long arg);
102#define CIFS_VERSION "1.40" 102#define CIFS_VERSION "1.41"
103#endif /* _CIFSFS_H */ 103#endif /* _CIFSFS_H */
diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h
index 3c03aadaff0c..6c00acc29cd9 100644
--- a/fs/cifs/cifsproto.h
+++ b/fs/cifs/cifsproto.h
@@ -64,6 +64,8 @@ extern int map_smb_to_linux_error(struct smb_hdr *smb);
64extern void header_assemble(struct smb_hdr *, char /* command */ , 64extern void header_assemble(struct smb_hdr *, char /* command */ ,
65 const struct cifsTconInfo *, int /* length of 65 const struct cifsTconInfo *, int /* length of
66 fixed section (word count) in two byte units */); 66 fixed section (word count) in two byte units */);
67extern int small_smb_init_no_tc(int smb_cmd, int wct, struct cifsSesInfo *ses,
68 void ** request_buf);
67extern __u16 GetNextMid(struct TCP_Server_Info *server); 69extern __u16 GetNextMid(struct TCP_Server_Info *server);
68extern struct oplock_q_entry * AllocOplockQEntry(struct inode *, u16, 70extern struct oplock_q_entry * AllocOplockQEntry(struct inode *, u16,
69 struct cifsTconInfo *); 71 struct cifsTconInfo *);
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index 217323b0c896..d69b835c12ec 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -1,7 +1,7 @@
1/* 1/*
2 * fs/cifs/cifssmb.c 2 * fs/cifs/cifssmb.c
3 * 3 *
4 * Copyright (C) International Business Machines Corp., 2002,2005 4 * Copyright (C) International Business Machines Corp., 2002,2006
5 * Author(s): Steve French (sfrench@us.ibm.com) 5 * Author(s): Steve French (sfrench@us.ibm.com)
6 * 6 *
7 * Contains the routines for constructing the SMB PDUs themselves 7 * Contains the routines for constructing the SMB PDUs themselves
@@ -187,6 +187,31 @@ small_smb_init(int smb_command, int wct, struct cifsTconInfo *tcon,
187 187
188 return rc; 188 return rc;
189} 189}
190int
191small_smb_init_no_tcon(int smb_command, int wct, struct cifsSesInfo *ses,
192 void **request_buf)
193{
194 int rc;
195 struct smb_hdr * buffer;
196
197 rc = small_smb_init(smb_command, wct, 0, request_buf);
198 if(rc)
199 return rc;
200
201 buffer->Mid = GetNextMid(ses->server);
202 if (ses->capabilities & CAP_UNICODE)
203 buffer->Flags2 |= SMBFLG2_UNICODE;
204 if (ses->capabilities & CAP_STATUS32) {
205 buffer->Flags2 |= SMBFLG2_ERR_STATUS;
206
207 /* uid, tid can stay at zero as set in header assemble */
208
209 /* BB add support for turning on the signing when
210 this function is used after 1st of session setup requests */
211
212 return rc;
213}
214
190 215
191/* If the return code is zero, this function must fill in request_buf pointer */ 216/* If the return code is zero, this function must fill in request_buf pointer */
192static int 217static int
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index e488603fb1e7..05aa651ea3da 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -2525,7 +2525,7 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2525 __u32 negotiate_flags, capabilities; 2525 __u32 negotiate_flags, capabilities;
2526 __u16 count; 2526 __u16 count;
2527 2527
2528 cFYI(1, ("In NTLMSSP sesssetup (negotiate) ")); 2528 cFYI(1, ("In NTLMSSP sesssetup (negotiate)"));
2529 if(ses == NULL) 2529 if(ses == NULL)
2530 return -EINVAL; 2530 return -EINVAL;
2531 domain = ses->domainName; 2531 domain = ses->domainName;
@@ -2575,7 +2575,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2575 SecurityBlob->MessageType = NtLmNegotiate; 2575 SecurityBlob->MessageType = NtLmNegotiate;
2576 negotiate_flags = 2576 negotiate_flags =
2577 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM | 2577 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
2578 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM | 0x80000000 | 2578 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM |
2579 NTLMSSP_NEGOTIATE_56 |
2579 /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128; 2580 /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
2580 if(sign_CIFS_PDUs) 2581 if(sign_CIFS_PDUs)
2581 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN; 2582 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
@@ -2588,26 +2589,11 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2588 SecurityBlob->WorkstationName.Length = 0; 2589 SecurityBlob->WorkstationName.Length = 0;
2589 SecurityBlob->WorkstationName.MaximumLength = 0; 2590 SecurityBlob->WorkstationName.MaximumLength = 0;
2590 2591
2591 if (domain == NULL) { 2592 /* Domain not sent on first Sesssetup in NTLMSSP, instead it is sent
2592 SecurityBlob->DomainName.Buffer = 0; 2593 along with username on auth request (ie the response to challenge) */
2593 SecurityBlob->DomainName.Length = 0; 2594 SecurityBlob->DomainName.Buffer = 0;
2594 SecurityBlob->DomainName.MaximumLength = 0; 2595 SecurityBlob->DomainName.Length = 0;
2595 } else { 2596 SecurityBlob->DomainName.MaximumLength = 0;
2596 __u16 len;
2597 negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
2598 strncpy(bcc_ptr, domain, 63);
2599 len = strnlen(domain, 64);
2600 SecurityBlob->DomainName.MaximumLength =
2601 cpu_to_le16(len);
2602 SecurityBlob->DomainName.Buffer =
2603 cpu_to_le32((long) &SecurityBlob->
2604 DomainString -
2605 (long) &SecurityBlob->Signature);
2606 bcc_ptr += len;
2607 SecurityBlobLength += len;
2608 SecurityBlob->DomainName.Length =
2609 cpu_to_le16(len);
2610 }
2611 if (ses->capabilities & CAP_UNICODE) { 2597 if (ses->capabilities & CAP_UNICODE) {
2612 if ((long) bcc_ptr % 2) { 2598 if ((long) bcc_ptr % 2) {
2613 *bcc_ptr = 0; 2599 *bcc_ptr = 0;
@@ -2677,7 +2663,7 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2677 SecurityBlob2->MessageType)); 2663 SecurityBlob2->MessageType));
2678 } else if (ses) { 2664 } else if (ses) {
2679 ses->Suid = smb_buffer_response->Uid; /* UID left in le format */ 2665 ses->Suid = smb_buffer_response->Uid; /* UID left in le format */
2680 cFYI(1, ("UID = %d ", ses->Suid)); 2666 cFYI(1, ("UID = %d", ses->Suid));
2681 if ((pSMBr->resp.hdr.WordCount == 3) 2667 if ((pSMBr->resp.hdr.WordCount == 3)
2682 || ((pSMBr->resp.hdr.WordCount == 4) 2668 || ((pSMBr->resp.hdr.WordCount == 4)
2683 && (blob_len < 2669 && (blob_len <
@@ -2685,17 +2671,17 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2685 2671
2686 if (pSMBr->resp.hdr.WordCount == 4) { 2672 if (pSMBr->resp.hdr.WordCount == 4) {
2687 bcc_ptr += blob_len; 2673 bcc_ptr += blob_len;
2688 cFYI(1, 2674 cFYI(1, ("Security Blob Length %d",
2689 ("Security Blob Length %d ",
2690 blob_len)); 2675 blob_len));
2691 } 2676 }
2692 2677
2693 cFYI(1, ("NTLMSSP Challenge rcvd ")); 2678 cFYI(1, ("NTLMSSP Challenge rcvd"));
2694 2679
2695 memcpy(ses->server->cryptKey, 2680 memcpy(ses->server->cryptKey,
2696 SecurityBlob2->Challenge, 2681 SecurityBlob2->Challenge,
2697 CIFS_CRYPTO_KEY_SIZE); 2682 CIFS_CRYPTO_KEY_SIZE);
2698 if(SecurityBlob2->NegotiateFlags & cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2)) 2683 if(SecurityBlob2->NegotiateFlags &
2684 cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
2699 *pNTLMv2_flag = TRUE; 2685 *pNTLMv2_flag = TRUE;
2700 2686
2701 if((SecurityBlob2->NegotiateFlags & 2687 if((SecurityBlob2->NegotiateFlags &
@@ -2818,7 +2804,7 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2818 bcc_ptr++; 2804 bcc_ptr++;
2819 } else 2805 } else
2820 cFYI(1, 2806 cFYI(1,
2821 ("Variable field of length %d extends beyond end of smb ", 2807 ("Variable field of length %d extends beyond end of smb",
2822 len)); 2808 len));
2823 } 2809 }
2824 } else { 2810 } else {
diff --git a/fs/cifs/ntlmssp.h b/fs/cifs/ntlmssp.h
index 803389b64a2c..d39b712a11c5 100644
--- a/fs/cifs/ntlmssp.h
+++ b/fs/cifs/ntlmssp.h
@@ -1,7 +1,7 @@
1/* 1/*
2 * fs/cifs/ntlmssp.h 2 * fs/cifs/ntlmssp.h
3 * 3 *
4 * Copyright (c) International Business Machines Corp., 2002 4 * Copyright (c) International Business Machines Corp., 2002,2006
5 * Author(s): Steve French (sfrench@us.ibm.com) 5 * Author(s): Steve French (sfrench@us.ibm.com)
6 * 6 *
7 * This library is free software; you can redistribute it and/or modify 7 * This library is free software; you can redistribute it and/or modify