On Mon, 6 Sep 2010 22:31:36 -0500
[email protected] wrote:
> From: Shirish Pargaonkar <[email protected]>
>
> Signed-off-by: Shirish Pargaonkar <[email protected]>
A better description would be nice here. "define data structures"
doesn't tell me much. What are these data structures you're defining
and how will they be used?
> ---
> fs/cifs/cifsencrypt.c | 13 +++++++------
> fs/cifs/cifsglob.h | 25 +++++++++++++++++++++++--
> fs/cifs/cifspdu.h | 7 +++++++
> fs/cifs/cifsproto.h | 4 ++--
> fs/cifs/ntlmssp.h | 13 +++++++++++++
> 5 files changed, 52 insertions(+), 10 deletions(-)
>
> diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
> index 847628d..86e33cc 100644
> --- a/fs/cifs/cifsencrypt.c
> +++ b/fs/cifs/cifsencrypt.c
> @@ -42,7 +42,8 @@ extern void SMBencrypt(unsigned char *passwd, const
> unsigned char *c8,
> unsigned char *p24);
>
> static int cifs_calculate_signature(const struct smb_hdr *cifs_pdu,
> - const struct mac_key *key, char *signature)
> + const struct session_key *key,
> + char *signature)
> {
> struct MD5Context context;
>
> @@ -89,7 +90,7 @@ int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct
> TCP_Server_Info *server,
> }
>
> static int cifs_calc_signature2(const struct kvec *iov, int n_vec,
> - const struct mac_key *key, char *signature)
> + const struct session_key *key, char *signature)
> {
> struct MD5Context context;
> int i;
> @@ -156,14 +157,14 @@ int cifs_sign_smb2(struct kvec *iov, int n_vec, struct
> TCP_Server_Info *server,
> }
>
> int cifs_verify_signature(struct smb_hdr *cifs_pdu,
> - const struct mac_key *mac_key,
> + const struct session_key *session_key,
> __u32 expected_sequence_number)
> {
> unsigned int rc;
> char server_response_sig[8];
> char what_we_think_sig_should_be[20];
>
> - if ((cifs_pdu == NULL) || (mac_key == NULL))
> + if ((cifs_pdu == NULL) || (session_key == NULL))
^^^ extra parens aren't needed here
> return -EINVAL;
>
> if (cifs_pdu->Command == SMB_COM_NEGOTIATE)
> @@ -192,7 +193,7 @@ int cifs_verify_signature(struct smb_hdr *cifs_pdu,
> cpu_to_le32(expected_sequence_number);
> cifs_pdu->Signature.Sequence.Reserved = 0;
>
> - rc = cifs_calculate_signature(cifs_pdu, mac_key,
> + rc = cifs_calculate_signature(cifs_pdu, session_key,
> what_we_think_sig_should_be);
>
> if (rc)
> @@ -209,7 +210,7 @@ int cifs_verify_signature(struct smb_hdr *cifs_pdu,
> }
>
> /* We fill in key by putting in 40 byte array which was allocated by caller
> */
> -int cifs_calculate_mac_key(struct mac_key *key, const char *rn,
> +int cifs_calculate_mac_key(struct session_key *key, const char *rn,
> const char *password)
> {
> char temp_key[16];
> diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
> index 0cdfb8c..6e35655 100644
> --- a/fs/cifs/cifsglob.h
> +++ b/fs/cifs/cifsglob.h
> @@ -25,6 +25,9 @@
> #include <linux/workqueue.h>
> #include "cifs_fs_sb.h"
> #include "cifsacl.h"
> +#include <crypto/internal/hash.h>
> +#include <linux/scatterlist.h>
> +
> /*
> * The sizes of various internal tables and strings
> */
> @@ -97,7 +100,7 @@ enum protocolEnum {
> /* Netbios frames protocol not supported at this time */
> };
>
> -struct mac_key {
> +struct session_key {
^^^ why rename this to "session_key"? The rationale for this
ought to be in the patch description.
> unsigned int len;
> union {
> char ntlm[CIFS_SESS_KEY_SIZE + 16];
> @@ -120,6 +123,20 @@ struct cifs_cred {
> struct cifs_ace *aces;
> };
>
> +struct sdesc {
> + struct shash_desc shash;
> + char ctx[];
> +};
> +
> +struct ntlmssp_auth {
> + __u32 client_flags; /* sent by client in type 1 ntlmsssp exchange */
> + __u32 server_flags; /* sent by server in type 2 ntlmssp exchange */
> + unsigned char sec_key[CIFS_CPHTXT_SIZE]; /* nonce client generates */
> + unsigned char ciphertext[CIFS_CPHTXT_SIZE]; /* sent to server */
> + struct crypto_shash *hmacmd5; /* to generate ntlmv2 hash, CR1 etc. */
> + struct crypto_shash *md5; /* to generate cifs/smb signature */
> +};
> +
> /*
> *****************************************************************
> * Except the CIFS PDUs themselves all the
> @@ -182,11 +199,15 @@ struct TCP_Server_Info {
> /* 16th byte of RFC1001 workstation name is always null */
> char workstation_RFC1001_name[RFC1001_NAME_LEN_WITH_NULL];
> __u32 sequence_number; /* needed for CIFS PDU signature */
> - struct mac_key mac_signing_key;
> + struct session_key mac_signing_key;
> char ntlmv2_hash[16];
> unsigned long lstrp; /* when we got last response from this server */
> u16 dialect; /* dialect index that server chose */
> /* extended security flavors that server supports */
> + unsigned int tilen; /* length of the target info blob */
> + unsigned char *tiblob; /* target info blob in challenge response */
> + struct ntlmssp_auth ntlmssp; /* various keys, ciphers, flags */
> + bool cphready; /* ciphertext is calculated */
> bool sec_kerberos; /* supports plain Kerberos */
> bool sec_mskerberos; /* supports legacy MS Kerberos */
> bool sec_kerberosu2u; /* supports U2U Kerberos */
> diff --git a/fs/cifs/cifspdu.h b/fs/cifs/cifspdu.h
> index 14d036d..f5c78fb 100644
> --- a/fs/cifs/cifspdu.h
> +++ b/fs/cifs/cifspdu.h
> @@ -134,6 +134,13 @@
> * Size of the session key (crypto key encrypted with the password
> */
> #define CIFS_SESS_KEY_SIZE (24)
> +#define CIFS_CLIENT_CHALLENGE_SIZE (8)
> +#define CIFS_SERVER_CHALLENGE_SIZE (8)
> +#define CIFS_HMAC_MD5_HASH_SIZE (16)
> +#define CIFS_CPHTXT_SIZE (16)
> +#define CIFS_NTLMV2_SESSKEY_SIZE (16)
> +#define CIFS_NTHASH_SIZE (16)
> +
>
> /*
> * Maximum user name length
> diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h
> index 1f54508..8d63406 100644
> --- a/fs/cifs/cifsproto.h
> +++ b/fs/cifs/cifsproto.h
> @@ -361,9 +361,9 @@ extern int cifs_sign_smb(struct smb_hdr *, struct
> TCP_Server_Info *, __u32 *);
> extern int cifs_sign_smb2(struct kvec *iov, int n_vec, struct
> TCP_Server_Info *,
> __u32 *);
> extern int cifs_verify_signature(struct smb_hdr *,
> - const struct mac_key *mac_key,
> + const struct session_key *session_key,
> __u32 expected_sequence_number);
> -extern int cifs_calculate_mac_key(struct mac_key *key, const char *rn,
> +extern int cifs_calculate_mac_key(struct session_key *key, const char *rn,
> const char *pass);
> extern int CalcNTLMv2_partial_mac_key(struct cifsSesInfo *,
> const struct nls_table *);
> diff --git a/fs/cifs/ntlmssp.h b/fs/cifs/ntlmssp.h
> index 49c9a4e..3c8c6c1 100644
> --- a/fs/cifs/ntlmssp.h
> +++ b/fs/cifs/ntlmssp.h
> @@ -61,6 +61,19 @@
> #define NTLMSSP_NEGOTIATE_KEY_XCH 0x40000000
> #define NTLMSSP_NEGOTIATE_56 0x80000000
>
> +/* Define AV Pair Field IDs */
> +#define NTLMSSP_AV_EOL 0
> +#define NTLMSSP_AV_NB_COMPUTER_NAME 1
> +#define NTLMSSP_AV_NB_DOMAIN_NAME 2
> +#define NTLMSSP_AV_DNS_COMPUTER_NAME 3
> +#define NTLMSSP_AV_DNS_DOMAIN_NAME 4
> +#define NTLMSSP_AV_DNS_TREE_NAME 5
> +#define NTLMSSP_AV_FLAGS 6
> +#define NTLMSSP_AV_TIMESTAMP 7
> +#define NTLMSSP_AV_RESTRICTION 8
> +#define NTLMSSP_AV_TARGET_NAME 9
> +#define NTLMSSP_AV_CHANNEL_BINDINGS 10
> +
> /* Although typedefs are not commonly used for structure definitions */
> /* in the Linux kernel, in this particular case they are useful */
> /* to more closely match the standards document for NTLMSSP from */
--
Jeff Layton <[email protected]>
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html