[CIFS] Fix ntlmv2 auth with ntlmssp

Make ntlmv2 as an authentication mechanism within ntlmssp instead of ntlmv1. Parse type 2 response in ntlmssp negotiation to pluck AV pairs and use them to calculate ntlmv2 response token. Also, assign domain name from the sever response in type 2 packet of ntlmssp and use that (netbios) domain name in calculation of response. Enable cifs/smb signing using rc4 and md5. Changed name of the structure mac_key to session_key to reflect the type of key it holds. Use kernel crypto_shash_* APIs instead of the equivalent cifs functions. Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Steve French <sfrench@us.ibm.com>
author: Steve French <sfrench@us.ibm.com> 2010-08-20 16:42:26 -0400
committer: Steve French <sfrench@us.ibm.com> 2010-08-20 16:42:26 -0400
commit: 9fbc590860e75785bdaf8b83e48fabfe4d4f7d58 (patch)
tree: dccc154927cf1e12c702537b5bc028158b938e21 /fs/cifs/cifsglob.h
parent: bf4f12113812ac5be76c5590c6f50c8346f784a4 (diff)
1 files changed, 16 insertions, 2 deletions
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index 0cdfb8c32ac6..49563e0c1725 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -25,6 +25,9 @@
 #include <linux/workqueue.h>
 #include "cifs_fs_sb.h"
 #include "cifsacl.h"
+#include <crypto/internal/hash.h>
+#include <linux/scatterlist.h>
 /*
 * The sizes of various internal tables and strings
 */
@@ -97,7 +100,7 @@ enum protocolEnum {
        /* Netbios frames protocol not supported at this time */
 };
-struct mac_key {
+struct session_key {
        unsigned int len;
        union {
                char ntlm[CIFS_SESS_KEY_SIZE + 16];
@@ -120,6 +123,14 @@ struct cifs_cred {
        struct cifs_ace *aces;
 };
+struct ntlmssp_auth {
+        __u32 client_flags;
+        __u32 server_flags;
+        unsigned char ciphertext[CIFS_CPHTXT_SIZE];
+        struct crypto_shash *hmacmd5;
+        struct crypto_shash *md5;
+};
 /*
 *****************************************************************
 * Except the CIFS PDUs themselves all the
@@ -182,11 +193,14 @@ struct TCP_Server_Info {
        /* 16th byte of RFC1001 workstation name is always null */
        char workstation_RFC1001_name[RFC1001_NAME_LEN_WITH_NULL];
        __u32 sequence_number; /* needed for CIFS PDU signature */
-        struct mac_key mac_signing_key;
+        struct session_key session_key;
        char ntlmv2_hash[16];
        unsigned long lstrp; /* when we got last response from this server */
        u16 dialect; /* dialect index that server chose */
        /* extended security flavors that server supports */
+        unsigned int tilen; /* length of the target info blob */
+        unsigned char *tiblob; /* target info blob in challenge response */
+        struct ntlmssp_auth ntlmssp; /* various keys, ciphers, flags */
        bool    sec_kerberos;           /* supports plain Kerberos */
        bool    sec_mskerberos;         /* supports legacy MS Kerberos */
        bool    sec_kerberosu2u;        /* supports U2U Kerberos */
author	Steve French <sfrench@us.ibm.com>	2010-08-20 16:42:26 -0400
committer	Steve French <sfrench@us.ibm.com>	2010-08-20 16:42:26 -0400
commit	9fbc590860e75785bdaf8b83e48fabfe4d4f7d58 (patch)
tree	dccc154927cf1e12c702537b5bc028158b938e21 /fs/cifs/cifsglob.h
parent	bf4f12113812ac5be76c5590c6f50c8346f784a4 (diff)