diff options
| -rw-r--r-- | fs/cifs/cifsencrypt.c | 16 | ||||
| -rw-r--r-- | fs/cifs/cifsglob.h | 6 | ||||
| -rw-r--r-- | fs/cifs/cifssmb.c | 4 | ||||
| -rw-r--r-- | fs/cifs/connect.c | 18 | ||||
| -rw-r--r-- | fs/cifs/sess.c | 28 |
5 files changed, 36 insertions, 36 deletions
diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c index e3edd8a6840b..7ac0056294cf 100644 --- a/fs/cifs/cifsencrypt.c +++ b/fs/cifs/cifsencrypt.c | |||
| @@ -458,7 +458,7 @@ calc_exit_1: | |||
| 458 | calc_exit_2: | 458 | calc_exit_2: |
| 459 | /* BB FIXME what about bytes 24 through 40 of the signing key? | 459 | /* BB FIXME what about bytes 24 through 40 of the signing key? |
| 460 | compare with the NTLM example */ | 460 | compare with the NTLM example */ |
| 461 | hmac_md5_final(ses->server->ntlmv2_hash, pctxt); | 461 | hmac_md5_final(ses->ntlmv2_hash, pctxt); |
| 462 | 462 | ||
| 463 | kfree(pctxt); | 463 | kfree(pctxt); |
| 464 | return rc; | 464 | return rc; |
| @@ -502,14 +502,14 @@ setup_ntlmv2_rsp(struct cifsSesInfo *ses, char *resp_buf, | |||
| 502 | } | 502 | } |
| 503 | CalcNTLMv2_response(ses, resp_buf); | 503 | CalcNTLMv2_response(ses, resp_buf); |
| 504 | 504 | ||
| 505 | /* now calculate the MAC key for NTLMv2 */ | 505 | /* now calculate the session key for NTLMv2 */ |
| 506 | hmac_md5_init_limK_to_64(ses->server->ntlmv2_hash, 16, &context); | 506 | hmac_md5_init_limK_to_64(ses->ntlmv2_hash, 16, &context); |
| 507 | hmac_md5_update(resp_buf, 16, &context); | 507 | hmac_md5_update(resp_buf, 16, &context); |
| 508 | hmac_md5_final(ses->server->session_key.data.ntlmv2.key, &context); | 508 | hmac_md5_final(ses->auth_key.data.ntlmv2.key, &context); |
| 509 | 509 | ||
| 510 | memcpy(&ses->server->session_key.data.ntlmv2.resp, resp_buf, | 510 | memcpy(&ses->auth_key.data.ntlmv2.resp, resp_buf, |
| 511 | sizeof(struct ntlmv2_resp)); | 511 | sizeof(struct ntlmv2_resp)); |
| 512 | ses->server->session_key.len = 16 + sizeof(struct ntlmv2_resp); | 512 | ses->auth_key.len = 16 + sizeof(struct ntlmv2_resp); |
| 513 | 513 | ||
| 514 | return 0; | 514 | return 0; |
| 515 | 515 | ||
| @@ -526,8 +526,8 @@ void CalcNTLMv2_response(const struct cifsSesInfo *ses, | |||
| 526 | { | 526 | { |
| 527 | struct HMACMD5Context context; | 527 | struct HMACMD5Context context; |
| 528 | /* rest of v2 struct already generated */ | 528 | /* rest of v2 struct already generated */ |
| 529 | memcpy(v2_session_response + 8, ses->server->cryptKey, 8); | 529 | memcpy(v2_session_response + 8, ses->cryptKey, 8); |
| 530 | hmac_md5_init_limK_to_64(ses->server->ntlmv2_hash, 16, &context); | 530 | hmac_md5_init_limK_to_64(ses->ntlmv2_hash, 16, &context); |
| 531 | 531 | ||
| 532 | hmac_md5_update(v2_session_response+8, | 532 | hmac_md5_update(v2_session_response+8, |
| 533 | sizeof(struct ntlmv2_resp) - 8, &context); | 533 | sizeof(struct ntlmv2_resp) - 8, &context); |
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index e2b760ef22ff..6c69bd762498 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h | |||
| @@ -179,12 +179,10 @@ struct TCP_Server_Info { | |||
| 179 | int capabilities; /* allow selective disabling of caps by smb sess */ | 179 | int capabilities; /* allow selective disabling of caps by smb sess */ |
| 180 | int timeAdj; /* Adjust for difference in server time zone in sec */ | 180 | int timeAdj; /* Adjust for difference in server time zone in sec */ |
| 181 | __u16 CurrentMid; /* multiplex id - rotating counter */ | 181 | __u16 CurrentMid; /* multiplex id - rotating counter */ |
| 182 | char cryptKey[CIFS_CRYPTO_KEY_SIZE]; | ||
| 183 | /* 16th byte of RFC1001 workstation name is always null */ | 182 | /* 16th byte of RFC1001 workstation name is always null */ |
| 184 | char workstation_RFC1001_name[RFC1001_NAME_LEN_WITH_NULL]; | 183 | char workstation_RFC1001_name[RFC1001_NAME_LEN_WITH_NULL]; |
| 185 | __u32 sequence_number; /* needed for CIFS PDU signature */ | 184 | __u32 sequence_number; /* needed for CIFS PDU signature */ |
| 186 | struct session_key session_key; | 185 | struct session_key session_key; |
| 187 | char ntlmv2_hash[16]; | ||
| 188 | unsigned long lstrp; /* when we got last response from this server */ | 186 | unsigned long lstrp; /* when we got last response from this server */ |
| 189 | u16 dialect; /* dialect index that server chose */ | 187 | u16 dialect; /* dialect index that server chose */ |
| 190 | /* extended security flavors that server supports */ | 188 | /* extended security flavors that server supports */ |
| @@ -192,6 +190,7 @@ struct TCP_Server_Info { | |||
| 192 | bool sec_mskerberos; /* supports legacy MS Kerberos */ | 190 | bool sec_mskerberos; /* supports legacy MS Kerberos */ |
| 193 | bool sec_kerberosu2u; /* supports U2U Kerberos */ | 191 | bool sec_kerberosu2u; /* supports U2U Kerberos */ |
| 194 | bool sec_ntlmssp; /* supports NTLMSSP */ | 192 | bool sec_ntlmssp; /* supports NTLMSSP */ |
| 193 | bool session_estab; /* mark when very first sess is established */ | ||
| 195 | #ifdef CONFIG_CIFS_FSCACHE | 194 | #ifdef CONFIG_CIFS_FSCACHE |
| 196 | struct fscache_cookie *fscache; /* client index cache cookie */ | 195 | struct fscache_cookie *fscache; /* client index cache cookie */ |
| 197 | #endif | 196 | #endif |
| @@ -223,6 +222,9 @@ struct cifsSesInfo { | |||
| 223 | char userName[MAX_USERNAME_SIZE + 1]; | 222 | char userName[MAX_USERNAME_SIZE + 1]; |
| 224 | char *domainName; | 223 | char *domainName; |
| 225 | char *password; | 224 | char *password; |
| 225 | char cryptKey[CIFS_CRYPTO_KEY_SIZE]; | ||
| 226 | struct session_key auth_key; | ||
| 227 | char ntlmv2_hash[16]; | ||
| 226 | unsigned int tilen; /* length of the target info blob */ | 228 | unsigned int tilen; /* length of the target info blob */ |
| 227 | unsigned char *tiblob; /* target info blob in challenge response */ | 229 | unsigned char *tiblob; /* target info blob in challenge response */ |
| 228 | bool need_reconnect:1; /* connection reset, uid now invalid */ | 230 | bool need_reconnect:1; /* connection reset, uid now invalid */ |
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index 54bd83af772c..a420c7b08522 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c | |||
| @@ -503,7 +503,7 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses) | |||
| 503 | 503 | ||
| 504 | if (rsp->EncryptionKeyLength == | 504 | if (rsp->EncryptionKeyLength == |
| 505 | cpu_to_le16(CIFS_CRYPTO_KEY_SIZE)) { | 505 | cpu_to_le16(CIFS_CRYPTO_KEY_SIZE)) { |
| 506 | memcpy(server->cryptKey, rsp->EncryptionKey, | 506 | memcpy(ses->cryptKey, rsp->EncryptionKey, |
| 507 | CIFS_CRYPTO_KEY_SIZE); | 507 | CIFS_CRYPTO_KEY_SIZE); |
| 508 | } else if (server->secMode & SECMODE_PW_ENCRYPT) { | 508 | } else if (server->secMode & SECMODE_PW_ENCRYPT) { |
| 509 | rc = -EIO; /* need cryptkey unless plain text */ | 509 | rc = -EIO; /* need cryptkey unless plain text */ |
| @@ -574,7 +574,7 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses) | |||
| 574 | server->timeAdj = (int)(__s16)le16_to_cpu(pSMBr->ServerTimeZone); | 574 | server->timeAdj = (int)(__s16)le16_to_cpu(pSMBr->ServerTimeZone); |
| 575 | server->timeAdj *= 60; | 575 | server->timeAdj *= 60; |
| 576 | if (pSMBr->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) { | 576 | if (pSMBr->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) { |
| 577 | memcpy(server->cryptKey, pSMBr->u.EncryptionKey, | 577 | memcpy(ses->cryptKey, pSMBr->u.EncryptionKey, |
| 578 | CIFS_CRYPTO_KEY_SIZE); | 578 | CIFS_CRYPTO_KEY_SIZE); |
| 579 | } else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC) | 579 | } else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC) |
| 580 | && (pSMBr->EncryptionKeyLength == 0)) { | 580 | && (pSMBr->EncryptionKeyLength == 0)) { |
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 4944fc84d5ef..019f00380d12 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c | |||
| @@ -173,6 +173,8 @@ cifs_reconnect(struct TCP_Server_Info *server) | |||
| 173 | sock_release(server->ssocket); | 173 | sock_release(server->ssocket); |
| 174 | server->ssocket = NULL; | 174 | server->ssocket = NULL; |
| 175 | } | 175 | } |
| 176 | server->sequence_number = 0; | ||
| 177 | server->session_estab = false; | ||
| 176 | 178 | ||
| 177 | spin_lock(&GlobalMid_Lock); | 179 | spin_lock(&GlobalMid_Lock); |
| 178 | list_for_each(tmp, &server->pending_mid_q) { | 180 | list_for_each(tmp, &server->pending_mid_q) { |
| @@ -205,7 +207,6 @@ cifs_reconnect(struct TCP_Server_Info *server) | |||
| 205 | spin_lock(&GlobalMid_Lock); | 207 | spin_lock(&GlobalMid_Lock); |
| 206 | if (server->tcpStatus != CifsExiting) | 208 | if (server->tcpStatus != CifsExiting) |
| 207 | server->tcpStatus = CifsGood; | 209 | server->tcpStatus = CifsGood; |
| 208 | server->sequence_number = 0; | ||
| 209 | spin_unlock(&GlobalMid_Lock); | 210 | spin_unlock(&GlobalMid_Lock); |
| 210 | /* atomic_set(&server->inFlight,0);*/ | 211 | /* atomic_set(&server->inFlight,0);*/ |
| 211 | wake_up(&server->response_q); | 212 | wake_up(&server->response_q); |
| @@ -1631,6 +1632,7 @@ cifs_get_tcp_session(struct smb_vol *volume_info) | |||
| 1631 | volume_info->source_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL); | 1632 | volume_info->source_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL); |
| 1632 | memcpy(tcp_ses->server_RFC1001_name, | 1633 | memcpy(tcp_ses->server_RFC1001_name, |
| 1633 | volume_info->target_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL); | 1634 | volume_info->target_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL); |
| 1635 | tcp_ses->session_estab = false; | ||
| 1634 | tcp_ses->sequence_number = 0; | 1636 | tcp_ses->sequence_number = 0; |
| 1635 | INIT_LIST_HEAD(&tcp_ses->tcp_ses_list); | 1637 | INIT_LIST_HEAD(&tcp_ses->tcp_ses_list); |
| 1636 | INIT_LIST_HEAD(&tcp_ses->smb_ses_list); | 1638 | INIT_LIST_HEAD(&tcp_ses->smb_ses_list); |
| @@ -2983,14 +2985,13 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses, | |||
| 2983 | #ifdef CONFIG_CIFS_WEAK_PW_HASH | 2985 | #ifdef CONFIG_CIFS_WEAK_PW_HASH |
| 2984 | if ((global_secflags & CIFSSEC_MAY_LANMAN) && | 2986 | if ((global_secflags & CIFSSEC_MAY_LANMAN) && |
| 2985 | (ses->server->secType == LANMAN)) | 2987 | (ses->server->secType == LANMAN)) |
| 2986 | calc_lanman_hash(tcon->password, ses->server->cryptKey, | 2988 | calc_lanman_hash(tcon->password, ses->cryptKey, |
| 2987 | ses->server->secMode & | 2989 | ses->server->secMode & |
| 2988 | SECMODE_PW_ENCRYPT ? true : false, | 2990 | SECMODE_PW_ENCRYPT ? true : false, |
| 2989 | bcc_ptr); | 2991 | bcc_ptr); |
| 2990 | else | 2992 | else |
| 2991 | #endif /* CIFS_WEAK_PW_HASH */ | 2993 | #endif /* CIFS_WEAK_PW_HASH */ |
| 2992 | SMBNTencrypt(tcon->password, ses->server->cryptKey, | 2994 | SMBNTencrypt(tcon->password, ses->cryptKey, bcc_ptr); |
| 2993 | bcc_ptr); | ||
| 2994 | 2995 | ||
| 2995 | bcc_ptr += CIFS_SESS_KEY_SIZE; | 2996 | bcc_ptr += CIFS_SESS_KEY_SIZE; |
| 2996 | if (ses->capabilities & CAP_UNICODE) { | 2997 | if (ses->capabilities & CAP_UNICODE) { |
| @@ -3175,6 +3176,15 @@ int cifs_setup_session(unsigned int xid, struct cifsSesInfo *ses, | |||
| 3175 | if (rc) { | 3176 | if (rc) { |
| 3176 | cERROR(1, "Send error in SessSetup = %d", rc); | 3177 | cERROR(1, "Send error in SessSetup = %d", rc); |
| 3177 | } else { | 3178 | } else { |
| 3179 | mutex_lock(&ses->server->srv_mutex); | ||
| 3180 | if (!server->session_estab) { | ||
| 3181 | memcpy(&server->session_key.data, | ||
| 3182 | &ses->auth_key.data, ses->auth_key.len); | ||
| 3183 | server->session_key.len = ses->auth_key.len; | ||
| 3184 | ses->server->session_estab = true; | ||
| 3185 | } | ||
| 3186 | mutex_unlock(&server->srv_mutex); | ||
| 3187 | |||
