diff options
| author | Shirish Pargaonkar <shirishpargaonkar@gmail.com> | 2010-10-28 10:53:07 -0400 |
|---|---|---|
| committer | Steve French <sfrench@us.ibm.com> | 2010-10-28 21:47:33 -0400 |
| commit | d3686d54c7902a303bd65d751226aa1647319863 (patch) | |
| tree | b4acd7dfc6c5ec2f254608a2f0ef11ef274861b8 /fs/cifs/sess.c | |
| parent | d3ba50b17aa7a391bb5b3dcd8d6ba7a02c4f031c (diff) | |
cifs: Cleanup and thus reduce smb session structure and fields used during authentication
Removed following fields from smb session structure
cryptkey, ntlmv2_hash, tilen, tiblob
and ntlmssp_auth structure is allocated dynamically only if the auth mech
in NTLMSSP.
response field within a session_key structure is used to initially store the
target info (either plucked from type 2 challenge packet in case of NTLMSSP
or fabricated in case of NTLMv2 without extended security) and then to store
Message Authentication Key (mak) (session key + client response).
Server challenge or cryptkey needed during a NTLMSSP authentication
is now part of ntlmssp_auth structure which gets allocated and freed
once authenticaiton process is done.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs/cifs/sess.c')
| -rw-r--r-- | fs/cifs/sess.c | 29 |
1 files changed, 18 insertions, 11 deletions
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index f74c5a88dd4c..7b01d3f6eed6 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c | |||
| @@ -399,23 +399,22 @@ static int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len, | |||
| 399 | return -EINVAL; | 399 | return -EINVAL; |
| 400 | } | 400 | } |
| 401 | 401 | ||
| 402 | memcpy(ses->cryptkey, pblob->Challenge, CIFS_CRYPTO_KEY_SIZE); | 402 | memcpy(ses->ntlmssp->cryptkey, pblob->Challenge, CIFS_CRYPTO_KEY_SIZE); |
| 403 | /* BB we could decode pblob->NegotiateFlags; some may be useful */ | 403 | /* BB we could decode pblob->NegotiateFlags; some may be useful */ |
| 404 | /* In particular we can examine sign flags */ | 404 | /* In particular we can examine sign flags */ |
| 405 | /* BB spec says that if AvId field of MsvAvTimestamp is populated then | 405 | /* BB spec says that if AvId field of MsvAvTimestamp is populated then |
| 406 | we must set the MIC field of the AUTHENTICATE_MESSAGE */ | 406 | we must set the MIC field of the AUTHENTICATE_MESSAGE */ |
| 407 | ses->ntlmssp.server_flags = le32_to_cpu(pblob->NegotiateFlags); | 407 | ses->ntlmssp->server_flags = le32_to_cpu(pblob->NegotiateFlags); |
| 408 | tioffset = cpu_to_le16(pblob->TargetInfoArray.BufferOffset); | 408 | tioffset = cpu_to_le16(pblob->TargetInfoArray.BufferOffset); |
| 409 | tilen = cpu_to_le16(pblob->TargetInfoArray.Length); | 409 | tilen = cpu_to_le16(pblob->TargetInfoArray.Length); |
| 410 | ses->tilen = tilen; | 410 | if (tilen) { |
| 411 | if (ses->tilen) { | 411 | ses->auth_key.response = kmalloc(tilen, GFP_KERNEL); |
| 412 | ses->tiblob = kmalloc(tilen, GFP_KERNEL); | 412 | if (!ses->auth_key.response) { |
| 413 | if (!ses->tiblob) { | ||
| 414 | cERROR(1, "Challenge target info allocation failure"); | 413 | cERROR(1, "Challenge target info allocation failure"); |
| 415 | ses->tilen = 0; | ||
| 416 | return -ENOMEM; | 414 | return -ENOMEM; |
| 417 | } | 415 | } |
| 418 | memcpy(ses->tiblob, bcc_ptr + tioffset, ses->tilen); | 416 | memcpy(ses->auth_key.response, bcc_ptr + tioffset, tilen); |
| 417 | ses->auth_key.len = tilen; | ||
| 419 | } | 418 | } |
| 420 | 419 | ||
| 421 | return 0; | 420 | return 0; |
| @@ -545,9 +544,9 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer, | |||
| 545 | sec_blob->WorkstationName.MaximumLength = 0; | 544 | sec_blob->WorkstationName.MaximumLength = 0; |
| 546 | tmp += 2; | 545 | tmp += 2; |
| 547 | 546 | ||
| 548 | if ((ses->ntlmssp.server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) && | 547 | if ((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) && |
| 549 | !calc_seckey(ses)) { | 548 | !calc_seckey(ses)) { |
| 550 | memcpy(tmp, ses->ntlmssp.ciphertext, CIFS_CPHTXT_SIZE); | 549 | memcpy(tmp, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE); |
| 551 | sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer); | 550 | sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer); |
| 552 | sec_blob->SessionKey.Length = cpu_to_le16(CIFS_CPHTXT_SIZE); | 551 | sec_blob->SessionKey.Length = cpu_to_le16(CIFS_CPHTXT_SIZE); |
| 553 | sec_blob->SessionKey.MaximumLength = | 552 | sec_blob->SessionKey.MaximumLength = |
| @@ -601,8 +600,16 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, | |||
| 601 | return -EINVAL; | 600 | return -EINVAL; |
| 602 | 601 | ||
| 603 | type = ses->server->secType; | 602 | type = ses->server->secType; |
| 604 | |||
| 605 | cFYI(1, "sess setup type %d", type); | 603 | cFYI(1, "sess setup type %d", type); |
| 604 | if (type == RawNTLMSSP) { | ||
| 605 | /* if memory allocation is successful, caller of this function | ||
| 606 | * frees it. | ||
| 607 | */ | ||
| 608 | ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL); | ||
| 609 | if (!ses->ntlmssp) | ||
| 610 | return -ENOMEM; | ||
| 611 | } | ||
| 612 | |||
| 606 | ssetup_ntlmssp_authenticate: | 613 | ssetup_ntlmssp_authenticate: |
| 607 | if (phase == NtLmChallenge) | 614 | if (phase == NtLmChallenge) |
| 608 | phase = NtLmAuthenticate; /* if ntlmssp, now final phase */ | 615 | phase = NtLmAuthenticate; /* if ntlmssp, now final phase */ |