On Sun, Sep 12, 2010 at 7:52 AM, Jeff Layton <jlayton@xxxxxxxxx> wrote: > On Thu, 9 Sep 2010 13:12:40 -0500 > shirishpargaonkar@xxxxxxxxx wrote: > >> From: Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx> >> >> To calculate ntlmv2 response we need ti/av pair blob. >> >> For sec mech like ntlmssp, the blob is plucked from type 2 response from >> the server. From this blob, netbios name of the domain is retrieved, >> if user has not already provided, to be included in the Target String >> as part of ntlmv2 hash calculations. >> >> For sec mech like ntlmv2, create a minimal, two av pair blob. >> >> The allocated blob is freed in case of error. In case there is no error, >> this blob is used in calculating ntlmv2 response (in CalcNTLMv2_response) >> and is also copied on the response to the server, and then freed. >> >> The type 3 ntlmssp response is prepared on a buffer, >> 5 * sizeof of struct _AUTHENTICATE_MESSAGE, an empirical value large >> enough to hold _AUTHENTICATE_MESSAGE plus a blob with max possible >> 10 values as part of ntlmv2 response and lmv2 keys and domain, user, >> workstation names etc. >> >> Also, kerberos gets selected as a default mechanism if server supports it, >> over the other security mechanisms. >> >> The reason mac_key was changed to session key is, this structure does not hold >> message authentication code, it holds the session key (for ntlmv2, ntlmv1 etc.). >> mac is generated as a signature in cifs_calc* functions. >> >> >> Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx> >> --- >> fs/cifs/cifsencrypt.c | 58 +++++++++++++++++++++++------- >> fs/cifs/cifsglob.h | 4 +- >> fs/cifs/cifsproto.h | 6 ++-- >> fs/cifs/cifssmb.c | 16 +++++---- >> fs/cifs/sess.c | 93 ++++++++++++++++++++++++++++++++++-------------- >> fs/cifs/transport.c | 6 ++-- >> 6 files changed, 128 insertions(+), 55 deletions(-) >> >> diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c >> index 346fb64..7e15cd0 100644 >> --- a/fs/cifs/cifsencrypt.c >> +++ b/fs/cifs/cifsencrypt.c >> @@ -43,7 +43,8 @@ extern void SMBencrypt(unsigned char *passwd, const unsigned char *c8, >> unsigned char *p24); >> >> static int cifs_calculate_signature(const struct smb_hdr *cifs_pdu, >> - const struct mac_key *key, char *signature) >> + const struct session_key *key, >> + char *signature) >> { >> struct MD5Context context; >> >> @@ -79,7 +80,7 @@ int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server, >> server->sequence_number++; >> spin_unlock(&GlobalMid_Lock); >> >> - rc = cifs_calculate_signature(cifs_pdu, &server->mac_signing_key, >> + rc = cifs_calculate_signature(cifs_pdu, &server->session_key, >> smb_signature); >> if (rc) >> memset(cifs_pdu->Signature.SecuritySignature, 0, 8); >> @@ -90,7 +91,7 @@ int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server, >> } >> >> static int cifs_calc_signature2(const struct kvec *iov, int n_vec, >> - const struct mac_key *key, char *signature) >> + const struct session_key *key, char *signature) >> { >> struct MD5Context context; >> int i; >> @@ -146,7 +147,7 @@ int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server, >> server->sequence_number++; >> spin_unlock(&GlobalMid_Lock); >> >> - rc = cifs_calc_signature2(iov, n_vec, &server->mac_signing_key, >> + rc = cifs_calc_signature2(iov, n_vec, &server->session_key, >> smb_signature); >> if (rc) >> memset(cifs_pdu->Signature.SecuritySignature, 0, 8); >> @@ -157,14 +158,14 @@ int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server, >> } >> >> int cifs_verify_signature(struct smb_hdr *cifs_pdu, >> - const struct mac_key *mac_key, >> + const struct session_key *session_key, >> __u32 expected_sequence_number) >> { >> unsigned int rc; >> char server_response_sig[8]; >> char what_we_think_sig_should_be[20]; >> >> - if ((cifs_pdu == NULL) || (mac_key == NULL)) >> + if (cifs_pdu == NULL || session_key == NULL) >> return -EINVAL; >> >> if (cifs_pdu->Command == SMB_COM_NEGOTIATE) >> @@ -193,7 +194,7 @@ int cifs_verify_signature(struct smb_hdr *cifs_pdu, >> cpu_to_le32(expected_sequence_number); >> cifs_pdu->Signature.Sequence.Reserved = 0; >> >> - rc = cifs_calculate_signature(cifs_pdu, mac_key, >> + rc = cifs_calculate_signature(cifs_pdu, session_key, >> what_we_think_sig_should_be); >> >> if (rc) >> @@ -210,7 +211,7 @@ int cifs_verify_signature(struct smb_hdr *cifs_pdu, >> } >> >> /* We fill in key by putting in 40 byte array which was allocated by caller */ >> -int cifs_calculate_mac_key(struct mac_key *key, const char *rn, >> +int cifs_calculate_session_key(struct session_key *key, const char *rn, >> const char *password) >> { >> char temp_key[16]; >> @@ -395,7 +396,8 @@ calc_exit_2: >> return rc; >> } >> >> -void setup_ntlmv2_rsp(struct cifsSesInfo *ses, char *resp_buf, >> +int >> +setup_ntlmv2_rsp(struct cifsSesInfo *ses, char *resp_buf, >> const struct nls_table *nls_cp) >> { >> int rc; >> @@ -408,20 +410,46 @@ void setup_ntlmv2_rsp(struct cifsSesInfo *ses, char *resp_buf, >> get_random_bytes(&buf->client_chal, sizeof(buf->client_chal)); >> buf->reserved2 = 0; >> >> + if (ses->server->secType == RawNTLMSSP) { >> + if (!ses->domainName) { >> + rc = find_domain_name(ses); >> + if (rc) { >> + cERROR(1, "error %d finding domain name", rc); >> + goto setup_ntlmv2_rsp_ret; >> + } >> + } >> + } else { >> + rc = build_avpair_blob(ses); >> + if (rc) { >> + cERROR(1, "error %d building av pair blob", rc); >> + return rc; >> + } >> + } >> + >> /* calculate buf->ntlmv2_hash */ >> rc = calc_ntlmv2_hash(ses, nls_cp); >> - if (rc) >> + if (rc) { >> cERROR(1, "could not get v2 hash rc %d", rc); >> + goto setup_ntlmv2_rsp_ret; >> + } >> CalcNTLMv2_response(ses, resp_buf); >> >> /* now calculate the MAC key for NTLMv2 */ >> hmac_md5_init_limK_to_64(ses->server->ntlmv2_hash, 16, &context); >> hmac_md5_update(resp_buf, 16, &context); >> - hmac_md5_final(ses->server->mac_signing_key.data.ntlmv2.key, &context); >> + hmac_md5_final(ses->server->session_key.data.ntlmv2.key, &context); >> >> - memcpy(&ses->server->mac_signing_key.data.ntlmv2.resp, resp_buf, >> + memcpy(&ses->server->session_key.data.ntlmv2.resp, resp_buf, >> sizeof(struct ntlmv2_resp)); >> - ses->server->mac_signing_key.len = 16 + sizeof(struct ntlmv2_resp); >> + ses->server->session_key.len = 16 + sizeof(struct ntlmv2_resp); >> + >> + return 0; >> + >> +setup_ntlmv2_rsp_ret: >> + kfree(ses->tiblob); >> + ses->tilen = 0; >> + >> + return rc; >> } >> >> void CalcNTLMv2_response(const struct cifsSesInfo *ses, >> @@ -435,6 +463,10 @@ void CalcNTLMv2_response(const struct cifsSesInfo *ses, >> hmac_md5_update(v2_session_response+8, >> sizeof(struct ntlmv2_resp) - 8, &context); >> >> + if (ses->tilen) >> + hmac_md5_update(ses->tiblob, >> + ses->tilen, &context); >> + >> hmac_md5_final(v2_session_response, &context); >> /* cifs_dump_mem("v2_sess_rsp: ", v2_session_response, 32); */ >> } >> diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h >> index 2bfe682..c68f31c 100644 >> --- a/fs/cifs/cifsglob.h >> +++ b/fs/cifs/cifsglob.h >> @@ -97,7 +97,7 @@ enum protocolEnum { >> /* Netbios frames protocol not supported at this time */ >> }; >> >> -struct mac_key { >> +struct session_key { >> unsigned int len; >> union { >> char ntlm[CIFS_SESS_KEY_SIZE + 16]; >> @@ -182,7 +182,7 @@ struct TCP_Server_Info { >> /* 16th byte of RFC1001 workstation name is always null */ >> char workstation_RFC1001_name[RFC1001_NAME_LEN_WITH_NULL]; >> __u32 sequence_number; /* needed for CIFS PDU signature */ >> - struct mac_key mac_signing_key; >> + struct session_key session_key; >> char ntlmv2_hash[16]; >> unsigned long lstrp; /* when we got last response from this server */ >> u16 dialect; /* dialect index that server chose */ >> diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h >> index 1d60c65..c155479 100644 >> --- a/fs/cifs/cifsproto.h >> +++ b/fs/cifs/cifsproto.h >> @@ -362,12 +362,12 @@ extern int cifs_sign_smb(struct smb_hdr *, struct TCP_Server_Info *, __u32 *); >> extern int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *, >> __u32 *); >> extern int cifs_verify_signature(struct smb_hdr *, >> - const struct mac_key *mac_key, >> + const struct session_key *session_key, >> __u32 expected_sequence_number); >> -extern int cifs_calculate_mac_key(struct mac_key *key, const char *rn, >> +extern int cifs_calculate_session_key(struct session_key *key, const char *rn, >> const char *pass); >> extern void CalcNTLMv2_response(const struct cifsSesInfo *, char *); >> -extern void setup_ntlmv2_rsp(struct cifsSesInfo *, char *, >> +extern int setup_ntlmv2_rsp(struct cifsSesInfo *, char *, >> const struct nls_table *); >> #ifdef CONFIG_CIFS_WEAK_PW_HASH >> extern void calc_lanman_hash(const char *password, const char *cryptkey, >> diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c >> index c65c341..13c854e 100644 >> --- a/fs/cifs/cifssmb.c >> +++ b/fs/cifs/cifssmb.c >> @@ -603,13 +603,15 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses) >> rc = 0; >> else >> rc = -EINVAL; >> - >> - if (server->sec_kerberos || server->sec_mskerberos) >> - server->secType = Kerberos; >> - else if (server->sec_ntlmssp) >> - server->secType = RawNTLMSSP; >> - else >> - rc = -EOPNOTSUPP; >> + if (server->secType == Kerberos) { >> + if (!server->sec_kerberos && >> + !server->sec_mskerberos) >> + rc = -EOPNOTSUPP; >> + } else if (server->secType == RawNTLMSSP) { >> + if (!server->sec_ntlmssp) >> + rc = -EOPNOTSUPP; >> + } else >> + rc = -EOPNOTSUPP; > ^^^^^^^^^^^^^^ > This was a separate patch before. It probably ought to remain > one. This was added here because without this patch, sec=ntlmsspi option would fail against a server like Windows 2003, so it seemed logical to make this change here, along with other authentication specific changes. > >> } >> } else >> server->capabilities &= ~CAP_EXTENDED_SECURITY; >> diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c >> index 2de5f08..8f44fde 100644 >> --- a/fs/cifs/sess.c >> +++ b/fs/cifs/sess.c >> @@ -440,7 +440,7 @@ static void build_ntlmssp_negotiate_blob(unsigned char *pbuffer, >> /* BB is NTLMV2 session security format easier to use here? */ >> flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET | >> NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE | >> - NTLMSSP_NEGOTIATE_NT_ONLY | NTLMSSP_NEGOTIATE_NTLM; >> + NTLMSSP_NEGOTIATE_NTLM; >> if (ses->server->secMode & >> (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) >> flags |= NTLMSSP_NEGOTIATE_SIGN; >> @@ -466,10 +466,12 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer, >> struct cifsSesInfo *ses, >> const struct nls_table *nls_cp, bool first) >> { >> + int rc; >> + unsigned int size; >> AUTHENTICATE_MESSAGE *sec_blob = (AUTHENTICATE_MESSAGE *)pbuffer; >> __u32 flags; >> unsigned char *tmp; >> - char ntlm_session_key[CIFS_SESS_KEY_SIZE]; >> + struct ntlmv2_resp ntlmv2_response = {}; >> >> memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8); >> sec_blob->MessageType = NtLmAuthenticate; >> @@ -477,7 +479,7 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer, >> flags = NTLMSSP_NEGOTIATE_56 | >> NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO | >> NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE | >> - NTLMSSP_NEGOTIATE_NT_ONLY | NTLMSSP_NEGOTIATE_NTLM; >> + NTLMSSP_NEGOTIATE_NTLM; >> if (ses->server->secMode & >> (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) >> flags |= NTLMSSP_NEGOTIATE_SIGN; >> @@ -492,19 +494,26 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer, >> sec_blob->LmChallengeResponse.Length = 0; >> sec_blob->LmChallengeResponse.MaximumLength = 0; >> >> - /* calculate session key, BB what about adding similar ntlmv2 path? */ >> - SMBNTencrypt(ses->password, ses->server->cryptKey, ntlm_session_key); >> - if (first) >> - cifs_calculate_mac_key(&ses->server->mac_signing_key, >> - ntlm_session_key, ses->password); >> - >> - memcpy(tmp, ntlm_session_key, CIFS_SESS_KEY_SIZE); >> sec_blob->NtChallengeResponse.BufferOffset = cpu_to_le32(tmp - pbuffer); >> - sec_blob->NtChallengeResponse.Length = cpu_to_le16(CIFS_SESS_KEY_SIZE); >> - sec_blob->NtChallengeResponse.MaximumLength = >> - cpu_to_le16(CIFS_SESS_KEY_SIZE); >> + rc = setup_ntlmv2_rsp(ses, (char *)&ntlmv2_response, nls_cp); >> + if (rc) { >> + cERROR(1, "Error %d during NTLMSSP authentication", rc); >> + goto setup_ntlmv2_ret; >> + } >> + size = sizeof(struct ntlmv2_resp); >> + memcpy(tmp, (char *)&ntlmv2_response, size); >> + tmp += size; >> + if (ses->tilen > 0) { >> + memcpy(tmp, ses->tiblob, ses->tilen); >> + tmp += ses->tilen; >> + } >> >> - tmp += CIFS_SESS_KEY_SIZE; >> + sec_blob->NtChallengeResponse.Length = cpu_to_le16(size + >> + ses->tilen); >> + sec_blob->NtChallengeResponse.MaximumLength = >> + cpu_to_le16(size + ses->tilen); >> + kfree(ses->tiblob); >> + ses->tilen = 0; >> >> if (ses->domainName == NULL) { >> sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - pbuffer); >> @@ -516,7 +525,6 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer, >> len = cifs_strtoUCS((__le16 *)tmp, ses->domainName, >> MAX_USERNAME_SIZE, nls_cp); >> len *= 2; /* unicode is 2 bytes each */ >> - len += 2; /* trailing null */ >> sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - pbuffer); >> sec_blob->DomainName.Length = cpu_to_le16(len); >> sec_blob->DomainName.MaximumLength = cpu_to_le16(len); >> @@ -533,7 +541,6 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer, >> len = cifs_strtoUCS((__le16 *)tmp, ses->userName, >> MAX_USERNAME_SIZE, nls_cp); >> len *= 2; /* unicode is 2 bytes each */ >> - len += 2; /* trailing null */ >> sec_blob->UserName.BufferOffset = cpu_to_le32(tmp - pbuffer); >> sec_blob->UserName.Length = cpu_to_le16(len); >> sec_blob->UserName.MaximumLength = cpu_to_le16(len); >> @@ -548,6 +555,8 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer, >> sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer); >> sec_blob->SessionKey.Length = 0; >> sec_blob->SessionKey.MaximumLength = 0; >> + >> +setup_ntlmv2_ret: >> return tmp - pbuffer; >> } >> >> @@ -561,15 +570,14 @@ static void setup_ntlmssp_neg_req(SESSION_SETUP_ANDX *pSMB, >> return; >> } >> >> -static int setup_ntlmssp_auth_req(SESSION_SETUP_ANDX *pSMB, >> +static int setup_ntlmssp_auth_req(char *ntlmsspblob, >> struct cifsSesInfo *ses, >> const struct nls_table *nls, bool first_time) >> { >> int bloblen; >> >> - bloblen = build_ntlmssp_auth_blob(&pSMB->req.SecurityBlob[0], ses, nls, >> + bloblen = build_ntlmssp_auth_blob(ntlmsspblob, ses, nls, >> first_time); >> - pSMB->req.SecurityBlobLength = cpu_to_le16(bloblen); >> >> return bloblen; >> } >> @@ -705,7 +713,7 @@ ssetup_ntlmssp_authenticate: >> >> if (first_time) /* should this be moved into common code >> with similar ntlmv2 path? */ >> - cifs_calculate_mac_key(&ses->server->mac_signing_key, >> + cifs_calculate_session_key(&ses->server->session_key, >> ntlm_session_key, ses->password); >> /* copy session key */ >> >> @@ -744,12 +752,23 @@ ssetup_ntlmssp_authenticate: >> cpu_to_le16(sizeof(struct ntlmv2_resp)); >> >> /* calculate session key */ >> - setup_ntlmv2_rsp(ses, v2_sess_key, nls_cp); >> - /* FIXME: calculate MAC key */ >> + rc = setup_ntlmv2_rsp(ses, v2_sess_key, nls_cp); >> + if (rc) { >> + cERROR(1, "Error %d during NTLMv2 authentication", rc); >> + kfree(v2_sess_key); >> + goto ssetup_exit; >> + } >> memcpy(bcc_ptr, (char *)v2_sess_key, >> sizeof(struct ntlmv2_resp)); >> bcc_ptr += sizeof(struct ntlmv2_resp); >> kfree(v2_sess_key); >> + if (ses->tilen > 0) { >> + memcpy(bcc_ptr, ses->tiblob, >> + ses->tilen); >> + bcc_ptr += ses->tilen; >> + kfree(ses->tiblob); >> + ses->tilen = 0; >> + } >> if (ses->capabilities & CAP_UNICODE) { >> if (iov[0].iov_len % 2) { >> *bcc_ptr = 0; >> @@ -780,15 +799,15 @@ ssetup_ntlmssp_authenticate: >> } >> /* bail out if key is too long */ >> if (msg->sesskey_len > >> - sizeof(ses->server->mac_signing_key.data.krb5)) { >> + sizeof(ses->server->session_key.data.krb5)) { >> cERROR(1, "Kerberos signing key too long (%u bytes)", >> msg->sesskey_len); >> rc = -EOVERFLOW; >> goto ssetup_exit; >> } >> if (first_time) { >> - ses->server->mac_signing_key.len = msg->sesskey_len; >> - memcpy(ses->server->mac_signing_key.data.krb5, >> + ses->server->session_key.len = msg->sesskey_len; >> + memcpy(ses->server->session_key.data.krb5, >> msg->data, msg->sesskey_len); >> } >> pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC; >> @@ -830,12 +849,33 @@ ssetup_ntlmssp_authenticate: >> if (phase == NtLmNegotiate) { >> setup_ntlmssp_neg_req(pSMB, ses); >> iov[1].iov_len = sizeof(NEGOTIATE_MESSAGE); >> + iov[1].iov_base = &pSMB->req.SecurityBlob[0]; >> } else if (phase == NtLmAuthenticate) { >> int blob_len; >> - blob_len = setup_ntlmssp_auth_req(pSMB, ses, >> + char *ntlmsspblob; >> + >> + /* 5 is an empirical value, large enought to >> + * hold authenticate message, max 10 of >> + * av paris, doamin,user,workstation mames, >> + * flags etc.. >> + */ >> + ntlmsspblob = kmalloc(5 * >> + sizeof(struct _AUTHENTICATE_MESSAGE), >> + GFP_KERNEL); >> + if (!ntlmsspblob) { >> + cERROR(1, "Can't allocate NTLMSSP"); >> + rc = -ENOMEM; >> + goto ssetup_exit; >> + } >> + >> + blob_len = setup_ntlmssp_auth_req(ntlmsspblob, >> + ses, >> nls_cp, >> first_time); >> iov[1].iov_len = blob_len; >> + iov[1].iov_base = ntlmsspblob; >> + pSMB->req.SecurityBlobLength = >> + cpu_to_le16(blob_len); >> /* Make sure that we tell the server that we >> are using the uid that it just gave us back >> on the response (challenge) */ >> @@ -845,7 +885,6 @@ ssetup_ntlmssp_authenticate: >> rc = -ENOSYS; >> goto ssetup_exit; >> } >> - iov[1].iov_base = &pSMB->req.SecurityBlob[0]; >> /* unicode strings must be word aligned */ >> if ((iov[0].iov_len + iov[1].iov_len) % 2) { >> *bcc_ptr = 0; >> diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c >> index 82f78c4..a66c91e 100644 >> --- a/fs/cifs/transport.c >> +++ b/fs/cifs/transport.c >> @@ -543,7 +543,7 @@ SendReceive2(const unsigned int xid, struct cifsSesInfo *ses, >> (ses->server->secMode & (SECMODE_SIGN_REQUIRED | >> SECMODE_SIGN_ENABLED))) { >> rc = cifs_verify_signature(midQ->resp_buf, >> - &ses->server->mac_signing_key, >> + &ses->server->session_key, >> midQ->sequence_number+1); >> if (rc) { >> cERROR(1, "Unexpected SMB signature"); >> @@ -731,7 +731,7 @@ SendReceive(const unsigned int xid, struct cifsSesInfo *ses, >> (ses->server->secMode & (SECMODE_SIGN_REQUIRED | >> SECMODE_SIGN_ENABLED))) { >> rc = cifs_verify_signature(out_buf, >> - &ses->server->mac_signing_key, >> + &ses->server->session_key, >> midQ->sequence_number+1); >> if (rc) { >> cERROR(1, "Unexpected SMB signature"); >> @@ -981,7 +981,7 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifsTconInfo *tcon, >> (ses->server->secMode & (SECMODE_SIGN_REQUIRED | >> SECMODE_SIGN_ENABLED))) { >> rc = cifs_verify_signature(out_buf, >> - &ses->server->mac_signing_key, >> + &ses->server->session_key, >> midQ->sequence_number+1); >> if (rc) { >> cERROR(1, "Unexpected SMB signature"); > > > Would it be reasonable to split the simple mac_key to session_key > rename part into a separate patch from the ones that actually change > behavior? OK. But I am not sure what we are trying to achieve here churning these patches so many times for a simple change. Not sure who the audience is. > > -- > Jeff Layton <jlayton@xxxxxxxxx> > -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html