From: Shirish Pargaonkar <[email protected]>

Signed-off-by: Shirish Pargaonkar <[email protected]>
---
 fs/cifs/cifsencrypt.c |   41 +++++++++++++++++++++++++++++++++++++++++
 fs/cifs/cifsproto.h   |    1 +
 fs/cifs/connect.c     |    1 +
 fs/cifs/sess.c        |   24 ++++++++++++++++++------
 4 files changed, 61 insertions(+), 6 deletions(-)

diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
index 5fbd19b..0c1e9f2 100644
--- a/fs/cifs/cifsencrypt.c
+++ b/fs/cifs/cifsencrypt.c
@@ -435,6 +435,47 @@ void CalcNTLMv2_response(const struct cifsSesInfo *ses,
 /*     cifs_dump_mem("v2_sess_rsp: ", v2_session_response, 32); */
 }
 
+int
+calc_seckey(struct TCP_Server_Info *server)
+{
+       int rc;
+       struct crypto_blkcipher *tfm_arc4;
+       struct scatterlist sgin, sgout;
+       struct blkcipher_desc desc;
+
+       if (!server) {
+               cERROR(1, "%s: Can't determine ciphertext key\n", __func__);
+               return 1;
+       }
+
+       if (server->cphready)
+               return 0;
+
+       get_random_bytes(server->ntlmssp.sec_key, CIFS_NTLMV2_SESSKEY_SIZE);
+
+       tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)",
+                                               0, CRYPTO_ALG_ASYNC);
+       if (!tfm_arc4 || IS_ERR(tfm_arc4)) {
+               cERROR(1, "could not allocate " "master crypto API arc4\n");
+               return 1;
+       }
+
+       desc.tfm = tfm_arc4;
+
+       crypto_blkcipher_setkey(tfm_arc4,
+               server->session_key.data.ntlmv2.key, CIFS_CPHTXT_SIZE);
+       sg_init_one(&sgin, server->ntlmssp.sec_key, CIFS_CPHTXT_SIZE);
+       sg_init_one(&sgout, server->ntlmssp.ciphertext, CIFS_CPHTXT_SIZE);
+       rc = crypto_blkcipher_encrypt(&desc, &sgout, &sgin, CIFS_CPHTXT_SIZE);
+
+       crypto_free_blkcipher(tfm_arc4);
+
+       server->sequence_number = 0;
+       server->cphready = true;
+
+       return 0;
+}
+
 void
 cifs_crypto_shash_release(struct TCP_Server_Info *server)
 {
diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h
index d1b9bc4..7c115a8 100644
--- a/fs/cifs/cifsproto.h
+++ b/fs/cifs/cifsproto.h
@@ -372,6 +372,7 @@ extern int setup_ntlmv2_rsp(struct cifsSesInfo *, char *,
                             const struct nls_table *);
 extern int cifs_crypto_shash_allocate(struct TCP_Server_Info *);
 extern void cifs_crypto_shash_release(struct TCP_Server_Info *);
+extern int calc_seckey(struct TCP_Server_Info *);
 #ifdef CONFIG_CIFS_WEAK_PW_HASH
 extern void calc_lanman_hash(const char *password, const char *cryptkey,
                                bool encrypt, char *lnm_session_key);
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 47b51eb..3da32aa 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -1589,6 +1589,7 @@ cifs_get_tcp_session(struct smb_vol *volume_info)
                goto out_err2;
        }
 
+       tcp_ses->cphready = false;
        tcp_ses->noblocksnd = volume_info->noblocksnd;
        tcp_ses->noautotune = volume_info->noautotune;
        tcp_ses->tcp_nodelay = volume_info->sockopt_tcp_nodelay;
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index f7fc3dc..238d5cb 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -444,10 +444,12 @@ static void build_ntlmssp_negotiate_blob(unsigned char 
*pbuffer,
                NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
                NTLMSSP_NEGOTIATE_NTLM;
        if (ses->server->secMode &
-          (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
+                       (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) {
                flags |= NTLMSSP_NEGOTIATE_SIGN;
-       if (ses->server->secMode & SECMODE_SIGN_REQUIRED)
-               flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
+               if (!ses->server->cphready)
+                       flags |= NTLMSSP_NEGOTIATE_KEY_XCH |
+                               NTLMSSP_NEGOTIATE_EXTENDED_SEC;
+       }
 
        sec_blob->NegotiateFlags |= cpu_to_le32(flags);
 
@@ -553,9 +555,19 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer,
        sec_blob->WorkstationName.MaximumLength = 0;
        tmp += 2;
 
-       sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);
-       sec_blob->SessionKey.Length = 0;
-       sec_blob->SessionKey.MaximumLength = 0;
+       if ((ses->server->ntlmssp.server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) &&
+                       !calc_seckey(ses->server)) {
+               memcpy(tmp, ses->server->ntlmssp.ciphertext, CIFS_CPHTXT_SIZE);
+               sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);
+               sec_blob->SessionKey.Length = cpu_to_le16(CIFS_CPHTXT_SIZE);
+               sec_blob->SessionKey.MaximumLength =
+                       cpu_to_le16(CIFS_CPHTXT_SIZE);
+               tmp += CIFS_CPHTXT_SIZE;
+       } else {
+               sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);
+               sec_blob->SessionKey.Length = 0;
+               sec_blob->SessionKey.MaximumLength = 0;
+       }
 
 setup_ntlmv2_ret:
        if (ses->server->tilen > 0)
-- 
1.6.0.2

--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to