diff options
| author | Shirish Pargaonkar <shirishpargaonkar@gmail.com> | 2010-10-13 19:15:00 -0400 |
|---|---|---|
| committer | Steve French <sfrench@us.ibm.com> | 2010-10-14 14:05:19 -0400 |
| commit | 5d0d28824c76409f0d1a645bf0ae81318c8ffa42 (patch) | |
| tree | 592838282fc891dc9a51424e0f57c0694ad31075 /fs/cifs/connect.c | |
| parent | d7c86ff8cd00abc730fe5d031f43dc9138b6324e (diff) | |
NTLM authentication and signing - Calculate auth response per smb session
Start calculation auth response within a session. Move/Add pertinet
data structures like session key, server challenge and ntlmv2_hash in
a session structure. We should do the calculations within a session
before copying session key and response over to server data
structures because a session setup can fail.
Only after a very first smb session succeeds, it copies/makes its
session key, session key of smb connection. This key stays with
the smb connection throughout its life.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs/cifs/connect.c')
| -rw-r--r-- | fs/cifs/connect.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 4944fc84d5ef..019f00380d12 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c | |||
| @@ -173,6 +173,8 @@ cifs_reconnect(struct TCP_Server_Info *server) | |||
| 173 | sock_release(server->ssocket); | 173 | sock_release(server->ssocket); |
| 174 | server->ssocket = NULL; | 174 | server->ssocket = NULL; |
| 175 | } | 175 | } |
| 176 | server->sequence_number = 0; | ||
| 177 | server->session_estab = false; | ||
| 176 | 178 | ||
| 177 | spin_lock(&GlobalMid_Lock); | 179 | spin_lock(&GlobalMid_Lock); |
| 178 | list_for_each(tmp, &server->pending_mid_q) { | 180 | list_for_each(tmp, &server->pending_mid_q) { |
| @@ -205,7 +207,6 @@ cifs_reconnect(struct TCP_Server_Info *server) | |||
| 205 | spin_lock(&GlobalMid_Lock); | 207 | spin_lock(&GlobalMid_Lock); |
| 206 | if (server->tcpStatus != CifsExiting) | 208 | if (server->tcpStatus != CifsExiting) |
| 207 | server->tcpStatus = CifsGood; | 209 | server->tcpStatus = CifsGood; |
| 208 | server->sequence_number = 0; | ||
| 209 | spin_unlock(&GlobalMid_Lock); | 210 | spin_unlock(&GlobalMid_Lock); |
| 210 | /* atomic_set(&server->inFlight,0);*/ | 211 | /* atomic_set(&server->inFlight,0);*/ |
| 211 | wake_up(&server->response_q); | 212 | wake_up(&server->response_q); |
| @@ -1631,6 +1632,7 @@ cifs_get_tcp_session(struct smb_vol *volume_info) | |||
| 1631 | volume_info->source_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL); | 1632 | volume_info->source_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL); |
| 1632 | memcpy(tcp_ses->server_RFC1001_name, | 1633 | memcpy(tcp_ses->server_RFC1001_name, |
| 1633 | volume_info->target_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL); | 1634 | volume_info->target_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL); |
| 1635 | tcp_ses->session_estab = false; | ||
| 1634 | tcp_ses->sequence_number = 0; | 1636 | tcp_ses->sequence_number = 0; |
| 1635 | INIT_LIST_HEAD(&tcp_ses->tcp_ses_list); | 1637 | INIT_LIST_HEAD(&tcp_ses->tcp_ses_list); |
| 1636 | INIT_LIST_HEAD(&tcp_ses->smb_ses_list); | 1638 | INIT_LIST_HEAD(&tcp_ses->smb_ses_list); |
| @@ -2983,14 +2985,13 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses, | |||
| 2983 | #ifdef CONFIG_CIFS_WEAK_PW_HASH | 2985 | #ifdef CONFIG_CIFS_WEAK_PW_HASH |
| 2984 | if ((global_secflags & CIFSSEC_MAY_LANMAN) && | 2986 | if ((global_secflags & CIFSSEC_MAY_LANMAN) && |
| 2985 | (ses->server->secType == LANMAN)) | 2987 | (ses->server->secType == LANMAN)) |
| 2986 | calc_lanman_hash(tcon->password, ses->server->cryptKey, | 2988 | calc_lanman_hash(tcon->password, ses->cryptKey, |
| 2987 | ses->server->secMode & | 2989 | ses->server->secMode & |
| 2988 | SECMODE_PW_ENCRYPT ? true : false, | 2990 | SECMODE_PW_ENCRYPT ? true : false, |
| 2989 | bcc_ptr); | 2991 | bcc_ptr); |
| 2990 | else | 2992 | else |
| 2991 | #endif /* CIFS_WEAK_PW_HASH */ | 2993 | #endif /* CIFS_WEAK_PW_HASH */ |
| 2992 | SMBNTencrypt(tcon->password, ses->server->cryptKey, | 2994 | SMBNTencrypt(tcon->password, ses->cryptKey, bcc_ptr); |
| 2993 | bcc_ptr); | ||
| 2994 | 2995 | ||
| 2995 | bcc_ptr += CIFS_SESS_KEY_SIZE; | 2996 | bcc_ptr += CIFS_SESS_KEY_SIZE; |
| 2996 | if (ses->capabilities & CAP_UNICODE) { | 2997 | if (ses->capabilities & CAP_UNICODE) { |
| @@ -3175,6 +3176,15 @@ int cifs_setup_session(unsigned int xid, struct cifsSesInfo *ses, | |||
| 3175 | if (rc) { | 3176 | if (rc) { |
| 3176 | cERROR(1, "Send error in SessSetup = %d", rc); | 3177 | cERROR(1, "Send error in SessSetup = %d", rc); |
| 3177 | } else { | 3178 | } else { |
| 3179 | mutex_lock(&ses->server->srv_mutex); | ||
| 3180 | if (!server->session_estab) { | ||
| 3181 | memcpy(&server->session_key.data, | ||
| 3182 | &ses->auth_key.data, ses->auth_key.len); | ||
| 3183 | server->session_key.len = ses->auth_key.len; | ||
| 3184 | ses->server->session_estab = true; | ||
| 3185 | } | ||
| 3186 | mutex_unlock(&server->srv_mutex); | ||
| 3187 | |||
| 3178 | cFYI(1, "CIFS Session Established successfully"); | 3188 | cFYI(1, "CIFS Session Established successfully"); |
| 3179 | spin_lock(&GlobalMid_Lock); | 3189 | spin_lock(&GlobalMid_Lock); |
| 3180 | ses->status = CifsGood; | 3190 | ses->status = CifsGood; |