diff options
Diffstat (limited to 'fs/cifs/cifsencrypt.c')
| -rw-r--r-- | fs/cifs/cifsencrypt.c | 40 |
1 files changed, 24 insertions, 16 deletions
diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c index fc6f4f3a1a9d..4934347321d3 100644 --- a/fs/cifs/cifsencrypt.c +++ b/fs/cifs/cifsencrypt.c | |||
| @@ -548,7 +548,13 @@ static int | |||
| 548 | CalcNTLMv2_response(const struct cifs_ses *ses, char *ntlmv2_hash) | 548 | CalcNTLMv2_response(const struct cifs_ses *ses, char *ntlmv2_hash) |
| 549 | { | 549 | { |
| 550 | int rc; | 550 | int rc; |
| 551 | unsigned int offset = CIFS_SESS_KEY_SIZE + 8; | 551 | struct ntlmv2_resp *ntlmv2 = (struct ntlmv2_resp *) |
| 552 | (ses->auth_key.response + CIFS_SESS_KEY_SIZE); | ||
| 553 | unsigned int hash_len; | ||
| 554 | |||
| 555 | /* The MD5 hash starts at challenge_key.key */ | ||
| 556 | hash_len = ses->auth_key.len - (CIFS_SESS_KEY_SIZE + | ||
| 557 | offsetof(struct ntlmv2_resp, challenge.key[0])); | ||
| 552 | 558 | ||
| 553 | if (!ses->server->secmech.sdeschmacmd5) { | 559 | if (!ses->server->secmech.sdeschmacmd5) { |
| 554 | cifs_dbg(VFS, "%s: can't generate ntlmv2 hash\n", __func__); | 560 | cifs_dbg(VFS, "%s: can't generate ntlmv2 hash\n", __func__); |
| @@ -556,7 +562,7 @@ CalcNTLMv2_response(const struct cifs_ses *ses, char *ntlmv2_hash) | |||
| 556 | } | 562 | } |
| 557 | 563 | ||
| 558 | rc = crypto_shash_setkey(ses->server->secmech.hmacmd5, | 564 | rc = crypto_shash_setkey(ses->server->secmech.hmacmd5, |
| 559 | ntlmv2_hash, CIFS_HMAC_MD5_HASH_SIZE); | 565 | ntlmv2_hash, CIFS_HMAC_MD5_HASH_SIZE); |
| 560 | if (rc) { | 566 | if (rc) { |
| 561 | cifs_dbg(VFS, "%s: Could not set NTLMV2 Hash as a key\n", | 567 | cifs_dbg(VFS, "%s: Could not set NTLMV2 Hash as a key\n", |
| 562 | __func__); | 568 | __func__); |
| @@ -570,20 +576,21 @@ CalcNTLMv2_response(const struct cifs_ses *ses, char *ntlmv2_hash) | |||
| 570 | } | 576 | } |
| 571 | 577 | ||
| 572 | if (ses->server->negflavor == CIFS_NEGFLAVOR_EXTENDED) | 578 | if (ses->server->negflavor == CIFS_NEGFLAVOR_EXTENDED) |
| 573 | memcpy(ses->auth_key.response + offset, | 579 | memcpy(ntlmv2->challenge.key, |
| 574 | ses->ntlmssp->cryptkey, CIFS_SERVER_CHALLENGE_SIZE); | 580 | ses->ntlmssp->cryptkey, CIFS_SERVER_CHALLENGE_SIZE); |
| 575 | else | 581 | else |
| 576 | memcpy(ses->auth_key.response + offset, | 582 | memcpy(ntlmv2->challenge.key, |
| 577 | ses->server->cryptkey, CIFS_SERVER_CHALLENGE_SIZE); | 583 | ses->server->cryptkey, CIFS_SERVER_CHALLENGE_SIZE); |
| 578 | rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash, | 584 | rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash, |
| 579 | ses->auth_key.response + offset, ses->auth_key.len - offset); | 585 | ntlmv2->challenge.key, hash_len); |
| 580 | if (rc) { | 586 | if (rc) { |
| 581 | cifs_dbg(VFS, "%s: Could not update with response\n", __func__); | 587 | cifs_dbg(VFS, "%s: Could not update with response\n", __func__); |
| 582 | return rc; | 588 | return rc; |
| 583 | } | 589 | } |
| 584 | 590 | ||
| 591 | /* Note that the MD5 digest over writes anon.challenge_key.key */ | ||
| 585 | rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash, | 592 | rc = crypto_shash_final(&ses->server->secmech.sdeschmacmd5->shash, |
| 586 | ses->auth_key.response + CIFS_SESS_KEY_SIZE); | 593 | ntlmv2->ntlmv2_hash); |
| 587 | if (rc) | 594 | if (rc) |
| 588 | cifs_dbg(VFS, "%s: Could not generate md5 hash\n", __func__); | 595 | cifs_dbg(VFS, "%s: Could not generate md5 hash\n", __func__); |
| 589 | 596 | ||
| @@ -627,7 +634,7 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp) | |||
| 627 | int rc; | 634 | int rc; |
| 628 | int baselen; | 635 | int baselen; |
| 629 | unsigned int tilen; | 636 | unsigned int tilen; |
| 630 | struct ntlmv2_resp *buf; | 637 | struct ntlmv2_resp *ntlmv2; |
| 631 | char ntlmv2_hash[16]; | 638 | char ntlmv2_hash[16]; |
| 632 | unsigned char *tiblob = NULL; /* target info blob */ | 639 | unsigned char *tiblob = NULL; /* target info blob */ |
| 633 | 640 | ||
| @@ -660,13 +667,14 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp) | |||
| 660 | } | 667 | } |
| 661 | ses->auth_key.len += baselen; | 668 | ses->auth_key.len += baselen; |
| 662 | 669 | ||
| 663 | buf = (struct ntlmv2_resp *) | 670 | ntlmv2 = (struct ntlmv2_resp *) |
| 664 | (ses->auth_key.response + CIFS_SESS_KEY_SIZE); | 671 | (ses->auth_key.response + CIFS_SESS_KEY_SIZE); |
| 665 | buf->blob_signature = cpu_to_le32(0x00000101); | 672 | ntlmv2->blob_signature = cpu_to_le32(0x00000101); |
| 666 | buf->reserved = 0; | 673 | ntlmv2->reserved = 0; |
| 667 | buf->time = cpu_to_le64(cifs_UnixTimeToNT(CURRENT_TIME)); | 674 | /* Must be within 5 minutes of the server */ |
| 668 | get_random_bytes(&buf->client_chal, sizeof(buf->client_chal)); | 675 | ntlmv2->time = cpu_to_le64(cifs_UnixTimeToNT(CURRENT_TIME)); |
| 669 | buf->reserved2 = 0; | 676 | get_random_bytes(&ntlmv2->client_chal, sizeof(ntlmv2->client_chal)); |
| 677 | ntlmv2->reserved2 = 0; | ||
| 670 | 678 | ||
| 671 | memcpy(ses->auth_key.response + baselen, tiblob, tilen); | 679 | memcpy(ses->auth_key.response + baselen, tiblob, tilen); |
| 672 | 680 | ||
| @@ -706,7 +714,7 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp) | |||
| 706 | } | 714 | } |
| 707 | 715 | ||
| 708 | rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash, | 716 | rc = crypto_shash_update(&ses->server->secmech.sdeschmacmd5->shash, |
| 709 | ses->auth_key.response + CIFS_SESS_KEY_SIZE, | 717 | ntlmv2->ntlmv2_hash, |
| 710 | CIFS_HMAC_MD5_HASH_SIZE); | 718 | CIFS_HMAC_MD5_HASH_SIZE); |
| 711 | if (rc) { | 719 | if (rc) { |
| 712 | cifs_dbg(VFS, "%s: Could not update with response\n", __func__); | 720 | cifs_dbg(VFS, "%s: Could not update with response\n", __func__); |