Re: [PATCH 2/3] cifs: Add a variable specific to NTLMSSP for key exchange.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 29 Aug 2013 08:35:10 -0500
Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx> wrote:

> Add a variable specific to NTLMSSP authentication to determine
> whether to exchange keys during negotiation and authentication phases.
> 
> Since session key for smb1 is per smb connection, once a very first
> sesion is established, there is no need for key exchange during
> subsequent session setups. As a result, smb1 session setup code sets this
> variable as false.
> 
> Since session key for smb2 and smb3 is per smb connection, we need to
> exchange keys to generate session key for every sesion being established.
> As a result, smb2/3 session setup code sets this variable as true.
> ---
>  fs/cifs/cifsglob.h | 1 +
>  fs/cifs/sess.c     | 8 ++++++--
>  fs/cifs/smb2pdu.c  | 1 +
>  3 files changed, 8 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
> index 52ca861..cce26a8 100644
> --- a/fs/cifs/cifsglob.h
> +++ b/fs/cifs/cifsglob.h
> @@ -135,6 +135,7 @@ struct cifs_secmech {
>  
>  /* per smb session structure/fields */
>  struct ntlmssp_auth {
> +	bool sesskey_per_smbsess; /* whether session key is per smb session */
>  	__u32 client_flags; /* sent by client in type 1 ntlmsssp exchange */
>  	__u32 server_flags; /* sent by server in type 2 ntlmssp exchange */
>  	unsigned char ciphertext[CIFS_CPHTXT_SIZE]; /* sent to server */
> diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
> index 7afd54a..d7907c4 100644
> --- a/fs/cifs/sess.c
> +++ b/fs/cifs/sess.c
> @@ -428,7 +428,8 @@ void build_ntlmssp_negotiate_blob(unsigned char *pbuffer,
>  		NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;
>  	if (ses->server->sign) {
>  		flags |= NTLMSSP_NEGOTIATE_SIGN;
> -		if (!ses->server->session_estab)
> +		if (!ses->server->session_estab ||
> +				ses->ntlmssp->sesskey_per_smbsess)
>  			flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
>  	}
>  
> @@ -466,7 +467,8 @@ int build_ntlmssp_auth_blob(unsigned char *pbuffer,
>  		NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;
>  	if (ses->server->sign) {
>  		flags |= NTLMSSP_NEGOTIATE_SIGN;
> -		if (!ses->server->session_estab)
> +		if (!ses->server->session_estab ||
> +				ses->ntlmssp->sesskey_per_smbsess)
>  			flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
>  	}
>  
> @@ -641,6 +643,8 @@ CIFS_SessSetup(const unsigned int xid, struct cifs_ses *ses,
>  		ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL);
>  		if (!ses->ntlmssp)
>  			return -ENOMEM;
> +		ses->ntlmssp->sesskey_per_smbsess = false;
> +
>  	}
>  
>  ssetup_ntlmssp_authenticate:
> diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
> index 05a0186..28083b4 100644
> --- a/fs/cifs/smb2pdu.c
> +++ b/fs/cifs/smb2pdu.c
> @@ -491,6 +491,7 @@ SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses,
>  	ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL);
>  	if (!ses->ntlmssp)
>  		return -ENOMEM;
> +	ses->ntlmssp->sesskey_per_smbsess = true;
>  
>  	/* FIXME: allow for other auth types besides NTLMSSP (e.g. krb5) */
>  	ses->sectype = RawNTLMSSP;

Acked-by: Jeff Layton <jlayton@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux