aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorShirish Pargaonkar <shirishpargaonkar@gmail.com>2010-09-18 23:01:58 -0400
committerSteve French <sfrench@us.ibm.com>2010-09-29 15:04:29 -0400
commit5f98ca9afb9c004f8948c0d40920503de447918a (patch)
treeb9b59bb6a8226925c42c8bbbef85de95e86a9133 /fs
parentaa91c7e4ab9b0842b7d7a7cbf8cca18b20df89b5 (diff)
cifs NTLMv2/NTLMSSP Change variable name mac_key to session key to reflect the key it holds
Change name of variable mac_key to session key. The reason mac_key was changed to session key is, this structure does not hold message authentication code, it holds the session key (for ntlmv2, ntlmv1 etc.). mac is generated as a signature in cifs_calc* functions. Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs')
-rw-r--r--fs/cifs/cifsencrypt.c22
-rw-r--r--fs/cifs/cifsglob.h4
-rw-r--r--fs/cifs/cifsproto.h4
-rw-r--r--fs/cifs/sess.c10
-rw-r--r--fs/cifs/transport.c6
5 files changed, 23 insertions, 23 deletions
diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
index 35042d8f7338..eed70cae1275 100644
--- a/fs/cifs/cifsencrypt.c
+++ b/fs/cifs/cifsencrypt.c
@@ -42,7 +42,7 @@ extern void SMBencrypt(unsigned char *passwd, const unsigned char *c8,
42 unsigned char *p24); 42 unsigned char *p24);
43 43
44static int cifs_calculate_signature(const struct smb_hdr *cifs_pdu, 44static int cifs_calculate_signature(const struct smb_hdr *cifs_pdu,
45 const struct mac_key *key, char *signature) 45 const struct session_key *key, char *signature)
46{ 46{
47 struct MD5Context context; 47 struct MD5Context context;
48 48
@@ -78,7 +78,7 @@ int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server,
78 server->sequence_number++; 78 server->sequence_number++;
79 spin_unlock(&GlobalMid_Lock); 79 spin_unlock(&GlobalMid_Lock);
80 80
81 rc = cifs_calculate_signature(cifs_pdu, &server->mac_signing_key, 81 rc = cifs_calculate_signature(cifs_pdu, &server->session_key,
82 smb_signature); 82 smb_signature);
83 if (rc) 83 if (rc)
84 memset(cifs_pdu->Signature.SecuritySignature, 0, 8); 84 memset(cifs_pdu->Signature.SecuritySignature, 0, 8);
@@ -89,7 +89,7 @@ int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server,
89} 89}
90 90
91static int cifs_calc_signature2(const struct kvec *iov, int n_vec, 91static int cifs_calc_signature2(const struct kvec *iov, int n_vec,
92 const struct mac_key *key, char *signature) 92 const struct session_key *key, char *signature)
93{ 93{
94 struct MD5Context context; 94 struct MD5Context context;
95 int i; 95 int i;
@@ -145,7 +145,7 @@ int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server,
145 server->sequence_number++; 145 server->sequence_number++;
146 spin_unlock(&GlobalMid_Lock); 146 spin_unlock(&GlobalMid_Lock);
147 147
148 rc = cifs_calc_signature2(iov, n_vec, &server->mac_signing_key, 148 rc = cifs_calc_signature2(iov, n_vec, &server->session_key,
149 smb_signature); 149 smb_signature);
150 if (rc) 150 if (rc)
151 memset(cifs_pdu->Signature.SecuritySignature, 0, 8); 151 memset(cifs_pdu->Signature.SecuritySignature, 0, 8);
@@ -156,14 +156,14 @@ int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server,
156} 156}
157 157
158int cifs_verify_signature(struct smb_hdr *cifs_pdu, 158int cifs_verify_signature(struct smb_hdr *cifs_pdu,
159 const struct mac_key *mac_key, 159 const struct session_key *session_key,
160 __u32 expected_sequence_number) 160 __u32 expected_sequence_number)
161{ 161{
162 unsigned int rc; 162 unsigned int rc;
163 char server_response_sig[8]; 163 char server_response_sig[8];
164 char what_we_think_sig_should_be[20]; 164 char what_we_think_sig_should_be[20];
165 165
166 if ((cifs_pdu == NULL) || (mac_key == NULL)) 166 if (cifs_pdu == NULL || session_key == NULL)
167 return -EINVAL; 167 return -EINVAL;
168 168
169 if (cifs_pdu->Command == SMB_COM_NEGOTIATE) 169 if (cifs_pdu->Command == SMB_COM_NEGOTIATE)
@@ -192,7 +192,7 @@ int cifs_verify_signature(struct smb_hdr *cifs_pdu,
192 cpu_to_le32(expected_sequence_number); 192 cpu_to_le32(expected_sequence_number);
193 cifs_pdu->Signature.Sequence.Reserved = 0; 193 cifs_pdu->Signature.Sequence.Reserved = 0;
194 194
195 rc = cifs_calculate_signature(cifs_pdu, mac_key, 195 rc = cifs_calculate_signature(cifs_pdu, session_key,
196 what_we_think_sig_should_be); 196 what_we_think_sig_should_be);
197 197
198 if (rc) 198 if (rc)
@@ -209,7 +209,7 @@ int cifs_verify_signature(struct smb_hdr *cifs_pdu,
209} 209}
210 210
211/* We fill in key by putting in 40 byte array which was allocated by caller */ 211/* We fill in key by putting in 40 byte array which was allocated by caller */
212int cifs_calculate_mac_key(struct mac_key *key, const char *rn, 212int cifs_calculate_session_key(struct session_key *key, const char *rn,
213 const char *password) 213 const char *password)
214{ 214{
215 char temp_key[16]; 215 char temp_key[16];
@@ -347,11 +347,11 @@ void setup_ntlmv2_rsp(struct cifsSesInfo *ses, char *resp_buf,
347 /* now calculate the MAC key for NTLMv2 */ 347 /* now calculate the MAC key for NTLMv2 */
348 hmac_md5_init_limK_to_64(ses->server->ntlmv2_hash, 16, &context); 348 hmac_md5_init_limK_to_64(ses->server->ntlmv2_hash, 16, &context);
349 hmac_md5_update(resp_buf, 16, &context); 349 hmac_md5_update(resp_buf, 16, &context);
350 hmac_md5_final(ses->server->mac_signing_key.data.ntlmv2.key, &context); 350 hmac_md5_final(ses->server->session_key.data.ntlmv2.key, &context);
351 351
352 memcpy(&ses->server->mac_signing_key.data.ntlmv2.resp, resp_buf, 352 memcpy(&ses->server->session_key.data.ntlmv2.resp, resp_buf,
353 sizeof(struct ntlmv2_resp)); 353 sizeof(struct ntlmv2_resp));
354 ses->server->mac_signing_key.len = 16 + sizeof(struct ntlmv2_resp); 354 ses->server->session_key.len = 16 + sizeof(struct ntlmv2_resp);
355} 355}
356 356
357void CalcNTLMv2_response(const struct cifsSesInfo *ses, 357void CalcNTLMv2_response(const struct cifsSesInfo *ses,
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index 0cdfb8c32ac6..14dfa9a067e5 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -97,7 +97,7 @@ enum protocolEnum {
97 /* Netbios frames protocol not supported at this time */ 97 /* Netbios frames protocol not supported at this time */
98}; 98};
99 99
100struct mac_key { 100struct session_key {
101 unsigned int len; 101 unsigned int len;
102 union { 102 union {
103 char ntlm[CIFS_SESS_KEY_SIZE + 16]; 103 char ntlm[CIFS_SESS_KEY_SIZE + 16];
@@ -182,7 +182,7 @@ struct TCP_Server_Info {
182 /* 16th byte of RFC1001 workstation name is always null */ 182 /* 16th byte of RFC1001 workstation name is always null */
183 char workstation_RFC1001_name[RFC1001_NAME_LEN_WITH_NULL]; 183 char workstation_RFC1001_name[RFC1001_NAME_LEN_WITH_NULL];
184 __u32 sequence_number; /* needed for CIFS PDU signature */ 184 __u32 sequence_number; /* needed for CIFS PDU signature */
185 struct mac_key mac_signing_key; 185 struct session_key session_key;
186 char ntlmv2_hash[16]; 186 char ntlmv2_hash[16];
187 unsigned long lstrp; /* when we got last response from this server */ 187 unsigned long lstrp; /* when we got last response from this server */
188 u16 dialect; /* dialect index that server chose */ 188 u16 dialect; /* dialect index that server chose */
diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h
index f110e0e7e947..099fd6173e01 100644
--- a/fs/cifs/cifsproto.h
+++ b/fs/cifs/cifsproto.h
@@ -363,9 +363,9 @@ extern int cifs_sign_smb(struct smb_hdr *, struct TCP_Server_Info *, __u32 *);
363extern int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *, 363extern int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *,
364 __u32 *); 364 __u32 *);
365extern int cifs_verify_signature(struct smb_hdr *, 365extern int cifs_verify_signature(struct smb_hdr *,
366 const struct mac_key *mac_key, 366 const struct session_key *session_key,
367 __u32 expected_sequence_number); 367 __u32 expected_sequence_number);
368extern int cifs_calculate_mac_key(struct mac_key *key, const char *rn, 368extern int cifs_calculate_session_key(struct session_key *key, const char *rn,
369 const char *pass); 369 const char *pass);
370extern void CalcNTLMv2_response(const struct cifsSesInfo *, char *); 370extern void CalcNTLMv2_response(const struct cifsSesInfo *, char *);
371extern void setup_ntlmv2_rsp(struct cifsSesInfo *, char *, 371extern void setup_ntlmv2_rsp(struct cifsSesInfo *, char *,
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index 0a57cb7db5dd..88820127650e 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -480,7 +480,7 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer,
480 /* calculate session key, BB what about adding similar ntlmv2 path? */ 480 /* calculate session key, BB what about adding similar ntlmv2 path? */
481 SMBNTencrypt(ses->password, ses->server->cryptKey, ntlm_session_key); 481 SMBNTencrypt(ses->password, ses->server->cryptKey, ntlm_session_key);
482 if (first) 482 if (first)
483 cifs_calculate_mac_key(&ses->server->mac_signing_key, 483 cifs_calculate_session_key(&ses->server->session_key,
484 ntlm_session_key, ses->password); 484 ntlm_session_key, ses->password);
485 485
486 memcpy(tmp, ntlm_session_key, CIFS_SESS_KEY_SIZE); 486 memcpy(tmp, ntlm_session_key, CIFS_SESS_KEY_SIZE);
@@ -690,7 +690,7 @@ ssetup_ntlmssp_authenticate:
690 690
691 if (first_time) /* should this be moved into common code 691 if (first_time) /* should this be moved into common code
692 with similar ntlmv2 path? */ 692 with similar ntlmv2 path? */
693 cifs_calculate_mac_key(&ses->server->mac_signing_key, 693 cifs_calculate_session_key(&ses->server->session_key,
694 ntlm_session_key, ses->password); 694 ntlm_session_key, ses->password);
695 /* copy session key */ 695 /* copy session key */
696 696
@@ -765,15 +765,15 @@ ssetup_ntlmssp_authenticate:
765 } 765 }
766 /* bail out if key is too long */ 766 /* bail out if key is too long */
767 if (msg->sesskey_len > 767 if (msg->sesskey_len >
768 sizeof(ses->server->mac_signing_key.data.krb5)) { 768 sizeof(ses->server->session_key.data.krb5)) {
769 cERROR(1, "Kerberos signing key too long (%u bytes)", 769 cERROR(1, "Kerberos signing key too long (%u bytes)",
770 msg->sesskey_len); 770 msg->sesskey_len);
771 rc = -EOVERFLOW; 771 rc = -EOVERFLOW;
772 goto ssetup_exit; 772 goto ssetup_exit;
773 } 773 }
774 if (first_time) { 774 if (first_time) {
775 ses->server->mac_signing_key.len = msg->sesskey_len; 775 ses->server->session_key.len = msg->sesskey_len;
776 memcpy(ses->server->mac_signing_key.data.krb5, 776 memcpy(ses->server->session_key.data.krb5,
777 msg->data, msg->sesskey_len); 777 msg->data, msg->sesskey_len);
778 } 778 }
779 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC; 779 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c
index 82f78c4d6978..a66c91eb6eb4 100644
--- a/fs/cifs/transport.c
+++ b/fs/cifs/transport.c
@@ -543,7 +543,7 @@ SendReceive2(const unsigned int xid, struct cifsSesInfo *ses,
543 (ses->server->secMode & (SECMODE_SIGN_REQUIRED | 543 (ses->server->secMode & (SECMODE_SIGN_REQUIRED |
544 SECMODE_SIGN_ENABLED))) { 544 SECMODE_SIGN_ENABLED))) {
545 rc = cifs_verify_signature(midQ->resp_buf, 545 rc = cifs_verify_signature(midQ->resp_buf,
546 &ses->server->mac_signing_key, 546 &ses->server->session_key,
547 midQ->sequence_number+1); 547 midQ->sequence_number+1);
548 if (rc) { 548 if (rc) {
549 cERROR(1, "Unexpected SMB signature"); 549 cERROR(1, "Unexpected SMB signature");
@@ -731,7 +731,7 @@ SendReceive(const unsigned int xid, struct cifsSesInfo *ses,
731 (ses->server->secMode & (SECMODE_SIGN_REQUIRED | 731 (ses->server->secMode & (SECMODE_SIGN_REQUIRED |
732 SECMODE_SIGN_ENABLED))) { 732 SECMODE_SIGN_ENABLED))) {
733 rc = cifs_verify_signature(out_buf, 733 rc = cifs_verify_signature(out_buf,
734 &ses->server->mac_signing_key, 734 &ses->server->session_key,
735 midQ->sequence_number+1); 735 midQ->sequence_number+1);
736 if (rc) { 736 if (rc) {
737 cERROR(1, "Unexpected SMB signature"); 737 cERROR(1, "Unexpected SMB signature");
@@ -981,7 +981,7 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifsTconInfo *tcon,
981 (ses->server->secMode & (SECMODE_SIGN_REQUIRED | 981 (ses->server->secMode & (SECMODE_SIGN_REQUIRED |
982 SECMODE_SIGN_ENABLED))) { 982 SECMODE_SIGN_ENABLED))) {
983 rc = cifs_verify_signature(out_buf, 983 rc = cifs_verify_signature(out_buf,
984 &ses->server->mac_signing_key, 984 &ses->server->session_key,
985 midQ->sequence_number+1); 985 midQ->sequence_number+1);
986 if (rc) { 986 if (rc) {
987 cERROR(1, "Unexpected SMB signature"); 987 cERROR(1, "Unexpected SMB signature");