aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--fs/cifs/cifsencrypt.c10
-rw-r--r--fs/cifs/cifsglob.h3
-rw-r--r--fs/cifs/cifssmb.c4
-rw-r--r--fs/cifs/connect.c4
-rw-r--r--fs/cifs/sess.c12
5 files changed, 21 insertions, 12 deletions
diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
index 17d603ad5e34..ef95a272f73d 100644
--- a/fs/cifs/cifsencrypt.c
+++ b/fs/cifs/cifsencrypt.c
@@ -249,7 +249,7 @@ int setup_ntlm_response(struct cifsSesInfo *ses)
249 } 249 }
250 ses->auth_key.len = temp_len; 250 ses->auth_key.len = temp_len;
251 251
252 SMBNTencrypt(ses->password, ses->cryptKey, 252 SMBNTencrypt(ses->password, ses->server->cryptkey,
253 ses->auth_key.response + CIFS_SESS_KEY_SIZE); 253 ses->auth_key.response + CIFS_SESS_KEY_SIZE);
254 254
255 E_md4hash(ses->password, temp_key); 255 E_md4hash(ses->password, temp_key);
@@ -537,8 +537,12 @@ CalcNTLMv2_response(const struct cifsSesInfo *ses)
537 return rc; 537 return rc;
538 } 538 }
539 539
540 memcpy(ses->auth_key.response + offset, 540 if (ses->server->secType == RawNTLMSSP)
541 ses->cryptKey, CIFS_SERVER_CHALLENGE_SIZE); 541 memcpy(ses->auth_key.response + offset,
542 ses->cryptkey, CIFS_SERVER_CHALLENGE_SIZE);
543 else
544 memcpy(ses->auth_key.response + offset,
545 ses->server->cryptkey, CIFS_SERVER_CHALLENGE_SIZE);
542 crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash, 546 crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash,
543 ses->auth_key.response + offset, ses->auth_key.len - offset); 547 ses->auth_key.response + offset, ses->auth_key.len - offset);
544 548
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index 67d6a2280a01..b73695176467 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -196,6 +196,7 @@ struct TCP_Server_Info {
196 int capabilities; /* allow selective disabling of caps by smb sess */ 196 int capabilities; /* allow selective disabling of caps by smb sess */
197 int timeAdj; /* Adjust for difference in server time zone in sec */ 197 int timeAdj; /* Adjust for difference in server time zone in sec */
198 __u16 CurrentMid; /* multiplex id - rotating counter */ 198 __u16 CurrentMid; /* multiplex id - rotating counter */
199 char cryptkey[CIFS_CRYPTO_KEY_SIZE]; /* used by ntlm, ntlmv2 etc */
199 /* 16th byte of RFC1001 workstation name is always null */ 200 /* 16th byte of RFC1001 workstation name is always null */
200 char workstation_RFC1001_name[RFC1001_NAME_LEN_WITH_NULL]; 201 char workstation_RFC1001_name[RFC1001_NAME_LEN_WITH_NULL];
201 __u32 sequence_number; /* needed for CIFS PDU signature */ 202 __u32 sequence_number; /* needed for CIFS PDU signature */
@@ -240,7 +241,7 @@ struct cifsSesInfo {
240 char userName[MAX_USERNAME_SIZE + 1]; 241 char userName[MAX_USERNAME_SIZE + 1];
241 char *domainName; 242 char *domainName;
242 char *password; 243 char *password;
243 char cryptKey[CIFS_CRYPTO_KEY_SIZE]; 244 char cryptkey[CIFS_CRYPTO_KEY_SIZE]; /* used by ntlmssp */
244 struct session_key auth_key; 245 struct session_key auth_key;
245 char ntlmv2_hash[16]; 246 char ntlmv2_hash[16];
246 unsigned int tilen; /* length of the target info blob */ 247 unsigned int tilen; /* length of the target info blob */
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index e98f1f317b15..2f2632b6df5a 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -503,7 +503,7 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
503 503
504 if (rsp->EncryptionKeyLength == 504 if (rsp->EncryptionKeyLength ==
505 cpu_to_le16(CIFS_CRYPTO_KEY_SIZE)) { 505 cpu_to_le16(CIFS_CRYPTO_KEY_SIZE)) {
506 memcpy(ses->cryptKey, rsp->EncryptionKey, 506 memcpy(ses->server->cryptkey, rsp->EncryptionKey,
507 CIFS_CRYPTO_KEY_SIZE); 507 CIFS_CRYPTO_KEY_SIZE);
508 } else if (server->secMode & SECMODE_PW_ENCRYPT) { 508 } else if (server->secMode & SECMODE_PW_ENCRYPT) {
509 rc = -EIO; /* need cryptkey unless plain text */ 509 rc = -EIO; /* need cryptkey unless plain text */
@@ -574,7 +574,7 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
574 server->timeAdj = (int)(__s16)le16_to_cpu(pSMBr->ServerTimeZone); 574 server->timeAdj = (int)(__s16)le16_to_cpu(pSMBr->ServerTimeZone);
575 server->timeAdj *= 60; 575 server->timeAdj *= 60;
576 if (pSMBr->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) { 576 if (pSMBr->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) {
577 memcpy(ses->cryptKey, pSMBr->u.EncryptionKey, 577 memcpy(ses->server->cryptkey, pSMBr->u.EncryptionKey,
578 CIFS_CRYPTO_KEY_SIZE); 578 CIFS_CRYPTO_KEY_SIZE);
579 } else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC) 579 } else if ((pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC)
580 && (pSMBr->EncryptionKeyLength == 0)) { 580 && (pSMBr->EncryptionKeyLength == 0)) {
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 469c3ddba463..4d8004ce5834 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -3002,13 +3002,13 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3002#ifdef CONFIG_CIFS_WEAK_PW_HASH 3002#ifdef CONFIG_CIFS_WEAK_PW_HASH
3003 if ((global_secflags & CIFSSEC_MAY_LANMAN) && 3003 if ((global_secflags & CIFSSEC_MAY_LANMAN) &&
3004 (ses->server->secType == LANMAN)) 3004 (ses->server->secType == LANMAN))
3005 calc_lanman_hash(tcon->password, ses->cryptKey, 3005 calc_lanman_hash(tcon->password, ses->server->cryptkey,
3006 ses->server->secMode & 3006 ses->server->secMode &
3007 SECMODE_PW_ENCRYPT ? true : false, 3007 SECMODE_PW_ENCRYPT ? true : false,
3008 bcc_ptr); 3008 bcc_ptr);
3009 else 3009 else
3010#endif /* CIFS_WEAK_PW_HASH */ 3010#endif /* CIFS_WEAK_PW_HASH */
3011 SMBNTencrypt(tcon->password, ses->cryptKey, bcc_ptr); 3011 SMBNTencrypt(tcon->password, ses->server->cryptkey, bcc_ptr);
3012 3012
3013 bcc_ptr += CIFS_SESS_KEY_SIZE; 3013 bcc_ptr += CIFS_SESS_KEY_SIZE;
3014 if (ses->capabilities & CAP_UNICODE) { 3014 if (ses->capabilities & CAP_UNICODE) {
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index e0515a62715d..f74c5a88dd4c 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -399,7 +399,7 @@ static int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len,
399 return -EINVAL; 399 return -EINVAL;
400 } 400 }
401 401
402 memcpy(ses->cryptKey, pblob->Challenge, CIFS_CRYPTO_KEY_SIZE); 402 memcpy(ses->cryptkey, pblob->Challenge, CIFS_CRYPTO_KEY_SIZE);
403 /* BB we could decode pblob->NegotiateFlags; some may be useful */ 403 /* BB we could decode pblob->NegotiateFlags; some may be useful */
404 /* In particular we can examine sign flags */ 404 /* In particular we can examine sign flags */
405 /* BB spec says that if AvId field of MsvAvTimestamp is populated then 405 /* BB spec says that if AvId field of MsvAvTimestamp is populated then
@@ -667,10 +667,14 @@ ssetup_ntlmssp_authenticate:
667 /* no capabilities flags in old lanman negotiation */ 667 /* no capabilities flags in old lanman negotiation */
668 668
669 pSMB->old_req.PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE); 669 pSMB->old_req.PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);
670 /* BB calculate hash with password */
671 /* and copy into bcc */
672 670
673 calc_lanman_hash(ses->password, ses->cryptKey, 671 /* Calculate hash with password and copy into bcc_ptr.
672 * Encryption Key (stored as in cryptkey) gets used if the
673 * security mode bit in Negottiate Protocol response states
674 * to use challenge/response method (i.e. Password bit is 1).
675 */
676
677 calc_lanman_hash(ses->password, ses->server->cryptkey,
674 ses->server->secMode & SECMODE_PW_ENCRYPT ? 678 ses->server->secMode & SECMODE_PW_ENCRYPT ?
675 true : false, lnm_session_key); 679 true : false, lnm_session_key);
676 680
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-26 11:51:20 -0500