diff options
author | Shirish Pargaonkar <shirishpargaonkar@gmail.com> | 2010-10-27 15:20:36 -0500 |
---|---|---|
committer | Steve French <sfrench@us.ibm.com> | 2010-10-29 01:47:30 +0000 |
commit | d3ba50b17aa7a391bb5b3dcd8d6ba7a02c4f031c (patch) | |
tree | 452ddaeb1d52387a852d0c3cf46c4253347d0a27 /fs/cifs/sess.c | |
parent | 6b03590412c977ae8fa1635c9b80854ab19a5b78 (diff) | |
download | linux-d3ba50b17aa7a391bb5b3dcd8d6ba7a02c4f031c.tar.gz linux-d3ba50b17aa7a391bb5b3dcd8d6ba7a02c4f031c.tar.bz2 linux-d3ba50b17aa7a391bb5b3dcd8d6ba7a02c4f031c.zip |
NTLM auth and sign - Use appropriate server challenge
Need to have cryptkey or server challenge in smb connection
(struct TCP_Server_Info) for ntlm and ntlmv2 auth types for which
cryptkey (Encryption Key) is supplied just once in Negotiate Protocol
response during an smb connection setup for all the smb sessions over
that smb connection.
For ntlmssp, cryptkey or server challenge is provided for every
smb session in type 2 packet of ntlmssp negotiation, the cryptkey
provided during Negotiation Protocol response before smb connection
does not count.
Rename cryptKey to cryptkey and related changes.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs/cifs/sess.c')
-rw-r--r-- | fs/cifs/sess.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index e0515a62715d..f74c5a88dd4c 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c @@ -399,7 +399,7 @@ static int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len, return -EINVAL; } - memcpy(ses->cryptKey, pblob->Challenge, CIFS_CRYPTO_KEY_SIZE); + memcpy(ses->cryptkey, pblob->Challenge, CIFS_CRYPTO_KEY_SIZE); /* BB we could decode pblob->NegotiateFlags; some may be useful */ /* In particular we can examine sign flags */ /* BB spec says that if AvId field of MsvAvTimestamp is populated then @@ -667,10 +667,14 @@ ssetup_ntlmssp_authenticate: /* no capabilities flags in old lanman negotiation */ pSMB->old_req.PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE); - /* BB calculate hash with password */ - /* and copy into bcc */ - calc_lanman_hash(ses->password, ses->cryptKey, + /* Calculate hash with password and copy into bcc_ptr. + * Encryption Key (stored as in cryptkey) gets used if the + * security mode bit in Negottiate Protocol response states + * to use challenge/response method (i.e. Password bit is 1). + */ + + calc_lanman_hash(ses->password, ses->server->cryptkey, ses->server->secMode & SECMODE_PW_ENCRYPT ? true : false, lnm_session_key); |