On Mon,  6 Sep 2010 22:31:36 -0500
[email protected] wrote:

> From: Shirish Pargaonkar <[email protected]>
> 
> Signed-off-by: Shirish Pargaonkar <[email protected]>

A better description would be nice here. "define data structures"
doesn't tell me much. What are these data structures you're defining
and how will they be used?
 
> ---
>  fs/cifs/cifsencrypt.c |   13 +++++++------
>  fs/cifs/cifsglob.h    |   25 +++++++++++++++++++++++--
>  fs/cifs/cifspdu.h     |    7 +++++++
>  fs/cifs/cifsproto.h   |    4 ++--
>  fs/cifs/ntlmssp.h     |   13 +++++++++++++
>  5 files changed, 52 insertions(+), 10 deletions(-)
> 
> diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
> index 847628d..86e33cc 100644
> --- a/fs/cifs/cifsencrypt.c
> +++ b/fs/cifs/cifsencrypt.c
> @@ -42,7 +42,8 @@ extern void SMBencrypt(unsigned char *passwd, const 
> unsigned char *c8,
>                      unsigned char *p24);
>  
>  static int cifs_calculate_signature(const struct smb_hdr *cifs_pdu,
> -                                 const struct mac_key *key, char *signature)
> +                                 const struct session_key *key,
> +                                     char *signature)
>  {
>       struct  MD5Context context;
>  
> @@ -89,7 +90,7 @@ int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct 
> TCP_Server_Info *server,
>  }
>  
>  static int cifs_calc_signature2(const struct kvec *iov, int n_vec,
> -                             const struct mac_key *key, char *signature)
> +                             const struct session_key *key, char *signature)
>  {
>       struct  MD5Context context;
>       int i;
> @@ -156,14 +157,14 @@ int cifs_sign_smb2(struct kvec *iov, int n_vec, struct 
> TCP_Server_Info *server,
>  }
>  
>  int cifs_verify_signature(struct smb_hdr *cifs_pdu,
> -                       const struct mac_key *mac_key,
> +                       const struct session_key *session_key,
>                         __u32 expected_sequence_number)
>  {
>       unsigned int rc;
>       char server_response_sig[8];
>       char what_we_think_sig_should_be[20];
>  
> -     if ((cifs_pdu == NULL) || (mac_key == NULL))
> +     if ((cifs_pdu == NULL) || (session_key == NULL))

                ^^^ extra parens aren't needed here

>               return -EINVAL;
>  
>       if (cifs_pdu->Command == SMB_COM_NEGOTIATE)
> @@ -192,7 +193,7 @@ int cifs_verify_signature(struct smb_hdr *cifs_pdu,
>                                       cpu_to_le32(expected_sequence_number);
>       cifs_pdu->Signature.Sequence.Reserved = 0;
>  
> -     rc = cifs_calculate_signature(cifs_pdu, mac_key,
> +     rc = cifs_calculate_signature(cifs_pdu, session_key,
>               what_we_think_sig_should_be);
>  
>       if (rc)
> @@ -209,7 +210,7 @@ int cifs_verify_signature(struct smb_hdr *cifs_pdu,
>  }
>  
>  /* We fill in key by putting in 40 byte array which was allocated by caller 
> */
> -int cifs_calculate_mac_key(struct mac_key *key, const char *rn,
> +int cifs_calculate_mac_key(struct session_key *key, const char *rn,
>                          const char *password)
>  {
>       char temp_key[16];
> diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
> index 0cdfb8c..6e35655 100644
> --- a/fs/cifs/cifsglob.h
> +++ b/fs/cifs/cifsglob.h
> @@ -25,6 +25,9 @@
>  #include <linux/workqueue.h>
>  #include "cifs_fs_sb.h"
>  #include "cifsacl.h"
> +#include <crypto/internal/hash.h>
> +#include <linux/scatterlist.h>
> +
>  /*
>   * The sizes of various internal tables and strings
>   */
> @@ -97,7 +100,7 @@ enum protocolEnum {
>       /* Netbios frames protocol not supported at this time */
>  };
>  
> -struct mac_key {
> +struct session_key {

        ^^^ why rename this to "session_key"? The rationale for this
        ought to be in the patch description.

>       unsigned int len;
>       union {
>               char ntlm[CIFS_SESS_KEY_SIZE + 16];
> @@ -120,6 +123,20 @@ struct cifs_cred {
>       struct cifs_ace *aces;
>  };
>  
> +struct sdesc {
> +     struct shash_desc shash;
> +     char ctx[];
> +};
> +
> +struct ntlmssp_auth {
> +     __u32 client_flags; /* sent by client in type 1 ntlmsssp exchange */
> +     __u32 server_flags; /* sent by server in type 2 ntlmssp exchange */
> +     unsigned char sec_key[CIFS_CPHTXT_SIZE]; /* nonce client generates */
> +     unsigned char ciphertext[CIFS_CPHTXT_SIZE]; /* sent to server */
> +     struct crypto_shash *hmacmd5; /* to generate ntlmv2 hash, CR1 etc. */
> +     struct crypto_shash *md5; /* to generate cifs/smb signature */
> +};
> +
>  /*
>   *****************************************************************
>   * Except the CIFS PDUs themselves all the
> @@ -182,11 +199,15 @@ struct TCP_Server_Info {
>       /* 16th byte of RFC1001 workstation name is always null */
>       char workstation_RFC1001_name[RFC1001_NAME_LEN_WITH_NULL];
>       __u32 sequence_number; /* needed for CIFS PDU signature */
> -     struct mac_key mac_signing_key;
> +     struct session_key mac_signing_key;
>       char ntlmv2_hash[16];
>       unsigned long lstrp; /* when we got last response from this server */
>       u16 dialect; /* dialect index that server chose */
>       /* extended security flavors that server supports */
> +     unsigned int tilen; /* length of the target info blob */
> +     unsigned char *tiblob; /* target info blob in challenge response */
> +     struct ntlmssp_auth ntlmssp; /* various keys, ciphers, flags */
> +     bool    cphready;               /* ciphertext is calculated */
>       bool    sec_kerberos;           /* supports plain Kerberos */
>       bool    sec_mskerberos;         /* supports legacy MS Kerberos */
>       bool    sec_kerberosu2u;        /* supports U2U Kerberos */
> diff --git a/fs/cifs/cifspdu.h b/fs/cifs/cifspdu.h
> index 14d036d..f5c78fb 100644
> --- a/fs/cifs/cifspdu.h
> +++ b/fs/cifs/cifspdu.h
> @@ -134,6 +134,13 @@
>   * Size of the session key (crypto key encrypted with the password
>   */
>  #define CIFS_SESS_KEY_SIZE (24)
> +#define CIFS_CLIENT_CHALLENGE_SIZE (8)
> +#define CIFS_SERVER_CHALLENGE_SIZE (8)
> +#define CIFS_HMAC_MD5_HASH_SIZE (16)
> +#define CIFS_CPHTXT_SIZE (16)
> +#define CIFS_NTLMV2_SESSKEY_SIZE (16)
> +#define CIFS_NTHASH_SIZE (16)
> +
>  
>  /*
>   * Maximum user name length
> diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h
> index 1f54508..8d63406 100644
> --- a/fs/cifs/cifsproto.h
> +++ b/fs/cifs/cifsproto.h
> @@ -361,9 +361,9 @@ extern int cifs_sign_smb(struct smb_hdr *, struct 
> TCP_Server_Info *, __u32 *);
>  extern int cifs_sign_smb2(struct kvec *iov, int n_vec, struct 
> TCP_Server_Info *,
>                         __u32 *);
>  extern int cifs_verify_signature(struct smb_hdr *,
> -                              const struct mac_key *mac_key,
> +                              const struct session_key *session_key,
>                               __u32 expected_sequence_number);
> -extern int cifs_calculate_mac_key(struct mac_key *key, const char *rn,
> +extern int cifs_calculate_mac_key(struct session_key *key, const char *rn,
>                                const char *pass);
>  extern int CalcNTLMv2_partial_mac_key(struct cifsSesInfo *,
>                       const struct nls_table *);
> diff --git a/fs/cifs/ntlmssp.h b/fs/cifs/ntlmssp.h
> index 49c9a4e..3c8c6c1 100644
> --- a/fs/cifs/ntlmssp.h
> +++ b/fs/cifs/ntlmssp.h
> @@ -61,6 +61,19 @@
>  #define NTLMSSP_NEGOTIATE_KEY_XCH   0x40000000
>  #define NTLMSSP_NEGOTIATE_56        0x80000000
>  
> +/* Define AV Pair Field IDs */
> +#define NTLMSSP_AV_EOL                 0
> +#define NTLMSSP_AV_NB_COMPUTER_NAME    1
> +#define NTLMSSP_AV_NB_DOMAIN_NAME      2
> +#define NTLMSSP_AV_DNS_COMPUTER_NAME   3
> +#define NTLMSSP_AV_DNS_DOMAIN_NAME     4
> +#define NTLMSSP_AV_DNS_TREE_NAME       5
> +#define NTLMSSP_AV_FLAGS               6
> +#define NTLMSSP_AV_TIMESTAMP           7
> +#define NTLMSSP_AV_RESTRICTION         8
> +#define NTLMSSP_AV_TARGET_NAME         9
> +#define NTLMSSP_AV_CHANNEL_BINDINGS    10
> +
>  /* Although typedefs are not commonly used for structure definitions */
>  /* in the Linux kernel, in this particular case they are useful      */
>  /* to more closely match the standards document for NTLMSSP from     */


-- 
Jeff Layton <[email protected]>
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to