cifs: have calc_lanman_hash take more granular args
cifs: have calc_lanman_hash take more granular args We need to use this routine to encrypt passwords associated with the tcon too. Don't assume that the password will be attached to the smb_session. Also, make some of the values in the lower encryption functions const since they aren't changed. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
This commit is contained in:
Jeff Layton
Steve French
parent
55162dec93
commit
4e53a3fb98
|
|
@ -37,7 +37,7 @@
|
||||||
|
|
||||||
extern void mdfour(unsigned char *out, unsigned char *in, int n);
|
extern void mdfour(unsigned char *out, unsigned char *in, int n);
|
||||||
extern void E_md4hash(const unsigned char *passwd, unsigned char *p16);
|
extern void E_md4hash(const unsigned char *passwd, unsigned char *p16);
|
||||||
extern void SMBencrypt(unsigned char *passwd, unsigned char *c8,
|
extern void SMBencrypt(unsigned char *passwd, const unsigned char *c8,
|
||||||
unsigned char *p24);
|
unsigned char *p24);
|
||||||
|
|
||||||
static int cifs_calculate_signature(const struct smb_hdr *cifs_pdu,
|
static int cifs_calculate_signature(const struct smb_hdr *cifs_pdu,
|
||||||
|
|
@ -280,25 +280,22 @@ int CalcNTLMv2_partial_mac_key(struct cifsSesInfo *ses,
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_CIFS_WEAK_PW_HASH
|
#ifdef CONFIG_CIFS_WEAK_PW_HASH
|
||||||
void calc_lanman_hash(struct cifsSesInfo *ses, char *lnm_session_key)
|
void calc_lanman_hash(const char *password, const char *cryptkey, bool encrypt,
|
||||||
|
char *lnm_session_key)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
char password_with_pad[CIFS_ENCPWD_SIZE];
|
char password_with_pad[CIFS_ENCPWD_SIZE];
|
||||||
|
|
||||||
if (ses->server == NULL)
|
|
||||||
return;
|
|
||||||
|
|
||||||
memset(password_with_pad, 0, CIFS_ENCPWD_SIZE);
|
memset(password_with_pad, 0, CIFS_ENCPWD_SIZE);
|
||||||
if (ses->password)
|
if (password)
|
||||||
strncpy(password_with_pad, ses->password, CIFS_ENCPWD_SIZE);
|
strncpy(password_with_pad, password, CIFS_ENCPWD_SIZE);
|
||||||
|
|
||||||
if ((ses->server->secMode & SECMODE_PW_ENCRYPT) == 0)
|
if (!encrypt && extended_security & CIFSSEC_MAY_PLNTXT) {
|
||||||
if (extended_security & CIFSSEC_MAY_PLNTXT) {
|
memset(lnm_session_key, 0, CIFS_SESS_KEY_SIZE);
|
||||||
memset(lnm_session_key, 0, CIFS_SESS_KEY_SIZE);
|
memcpy(lnm_session_key, password_with_pad,
|
||||||
memcpy(lnm_session_key, password_with_pad,
|
CIFS_ENCPWD_SIZE);
|
||||||
CIFS_ENCPWD_SIZE);
|
return;
|
||||||
return;
|
}
|
||||||
}
|
|
||||||
|
|
||||||
/* calculate old style session key */
|
/* calculate old style session key */
|
||||||
/* calling toupper is less broken than repeatedly
|
/* calling toupper is less broken than repeatedly
|
||||||
|
|
@ -314,7 +311,8 @@ void calc_lanman_hash(struct cifsSesInfo *ses, char *lnm_session_key)
|
||||||
for (i = 0; i < CIFS_ENCPWD_SIZE; i++)
|
for (i = 0; i < CIFS_ENCPWD_SIZE; i++)
|
||||||
password_with_pad[i] = toupper(password_with_pad[i]);
|
password_with_pad[i] = toupper(password_with_pad[i]);
|
||||||
|
|
||||||
SMBencrypt(password_with_pad, ses->server->cryptKey, lnm_session_key);
|
SMBencrypt(password_with_pad, cryptkey, lnm_session_key);
|
||||||
|
|
||||||
/* clear password before we return/free memory */
|
/* clear password before we return/free memory */
|
||||||
memset(password_with_pad, 0, CIFS_ENCPWD_SIZE);
|
memset(password_with_pad, 0, CIFS_ENCPWD_SIZE);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -26,7 +26,8 @@
|
||||||
extern void mdfour(unsigned char *out, unsigned char *in, int n);
|
extern void mdfour(unsigned char *out, unsigned char *in, int n);
|
||||||
/* smbdes.c */
|
/* smbdes.c */
|
||||||
extern void E_P16(unsigned char *p14, unsigned char *p16);
|
extern void E_P16(unsigned char *p14, unsigned char *p16);
|
||||||
extern void E_P24(unsigned char *p21, unsigned char *c8, unsigned char *p24);
|
extern void E_P24(unsigned char *p21, const unsigned char *c8,
|
||||||
|
unsigned char *p24);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -330,7 +330,8 @@ extern void CalcNTLMv2_response(const struct cifsSesInfo *, char *);
|
||||||
extern void setup_ntlmv2_rsp(struct cifsSesInfo *, char *,
|
extern void setup_ntlmv2_rsp(struct cifsSesInfo *, char *,
|
||||||
const struct nls_table *);
|
const struct nls_table *);
|
||||||
#ifdef CONFIG_CIFS_WEAK_PW_HASH
|
#ifdef CONFIG_CIFS_WEAK_PW_HASH
|
||||||
extern void calc_lanman_hash(struct cifsSesInfo *ses, char *lnm_session_key);
|
extern void calc_lanman_hash(const char *password, const char *cryptkey,
|
||||||
|
bool encrypt, char *lnm_session_key);
|
||||||
#endif /* CIFS_WEAK_PW_HASH */
|
#endif /* CIFS_WEAK_PW_HASH */
|
||||||
extern int CIFSSMBCopy(int xid,
|
extern int CIFSSMBCopy(int xid,
|
||||||
struct cifsTconInfo *source_tcon,
|
struct cifsTconInfo *source_tcon,
|
||||||
|
|
|
||||||
|
|
@ -3533,7 +3533,10 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
|
||||||
#ifdef CONFIG_CIFS_WEAK_PW_HASH
|
#ifdef CONFIG_CIFS_WEAK_PW_HASH
|
||||||
if ((extended_security & CIFSSEC_MAY_LANMAN) &&
|
if ((extended_security & CIFSSEC_MAY_LANMAN) &&
|
||||||
(ses->server->secType == LANMAN))
|
(ses->server->secType == LANMAN))
|
||||||
calc_lanman_hash(ses, bcc_ptr);
|
calc_lanman_hash(ses->password, ses->server->cryptKey,
|
||||||
|
ses->server->secMode &
|
||||||
|
SECMODE_PW_ENCRYPT ? true : false,
|
||||||
|
bcc_ptr);
|
||||||
else
|
else
|
||||||
#endif /* CIFS_WEAK_PW_HASH */
|
#endif /* CIFS_WEAK_PW_HASH */
|
||||||
SMBNTencrypt(ses->password,
|
SMBNTencrypt(ses->password,
|
||||||
|
|
|
||||||
|
|
@ -417,7 +417,10 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
|
||||||
/* BB calculate hash with password */
|
/* BB calculate hash with password */
|
||||||
/* and copy into bcc */
|
/* and copy into bcc */
|
||||||
|
|
||||||
calc_lanman_hash(ses, lnm_session_key);
|
calc_lanman_hash(ses->password, ses->server->cryptKey,
|
||||||
|
ses->server->secMode & SECMODE_PW_ENCRYPT ?
|
||||||
|
true : false, lnm_session_key);
|
||||||
|
|
||||||
ses->flags |= CIFS_SES_LANMAN;
|
ses->flags |= CIFS_SES_LANMAN;
|
||||||
memcpy(bcc_ptr, (char *)lnm_session_key, CIFS_SESS_KEY_SIZE);
|
memcpy(bcc_ptr, (char *)lnm_session_key, CIFS_SESS_KEY_SIZE);
|
||||||
bcc_ptr += CIFS_SESS_KEY_SIZE;
|
bcc_ptr += CIFS_SESS_KEY_SIZE;
|
||||||
|
|
|
||||||
|
|
@ -318,7 +318,8 @@ str_to_key(unsigned char *str, unsigned char *key)
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
smbhash(unsigned char *out, unsigned char *in, unsigned char *key, int forw)
|
smbhash(unsigned char *out, const unsigned char *in, unsigned char *key,
|
||||||
|
int forw)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
char *outb; /* outb[64] */
|
char *outb; /* outb[64] */
|
||||||
|
|
@ -363,7 +364,7 @@ E_P16(unsigned char *p14, unsigned char *p16)
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
E_P24(unsigned char *p21, unsigned char *c8, unsigned char *p24)
|
E_P24(unsigned char *p21, const unsigned char *c8, unsigned char *p24)
|
||||||
{
|
{
|
||||||
smbhash(p24, c8, p21, 1);
|
smbhash(p24, c8, p21, 1);
|
||||||
smbhash(p24 + 8, c8, p21 + 7, 1);
|
smbhash(p24 + 8, c8, p21 + 7, 1);
|
||||||
|
|
|
||||||
|
|
@ -49,9 +49,10 @@
|
||||||
|
|
||||||
/*The following definitions come from libsmb/smbencrypt.c */
|
/*The following definitions come from libsmb/smbencrypt.c */
|
||||||
|
|
||||||
void SMBencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24);
|
void SMBencrypt(unsigned char *passwd, const unsigned char *c8,
|
||||||
|
unsigned char *p24);
|
||||||
void E_md4hash(const unsigned char *passwd, unsigned char *p16);
|
void E_md4hash(const unsigned char *passwd, unsigned char *p16);
|
||||||
static void SMBOWFencrypt(unsigned char passwd[16], unsigned char *c8,
|
static void SMBOWFencrypt(unsigned char passwd[16], const unsigned char *c8,
|
||||||
unsigned char p24[24]);
|
unsigned char p24[24]);
|
||||||
void SMBNTencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24);
|
void SMBNTencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24);
|
||||||
|
|
||||||
|
|
@ -61,7 +62,7 @@ void SMBNTencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24);
|
||||||
encrypted password into p24 */
|
encrypted password into p24 */
|
||||||
/* Note that password must be uppercased and null terminated */
|
/* Note that password must be uppercased and null terminated */
|
||||||
void
|
void
|
||||||
SMBencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24)
|
SMBencrypt(unsigned char *passwd, const unsigned char *c8, unsigned char *p24)
|
||||||
{
|
{
|
||||||
unsigned char p14[15], p21[21];
|
unsigned char p14[15], p21[21];
|
||||||
|
|
||||||
|
|
@ -212,7 +213,7 @@ ntv2_owf_gen(const unsigned char owf[16], const char *user_n,
|
||||||
|
|
||||||
/* Does the des encryption from the NT or LM MD4 hash. */
|
/* Does the des encryption from the NT or LM MD4 hash. */
|
||||||
static void
|
static void
|
||||||
SMBOWFencrypt(unsigned char passwd[16], unsigned char *c8,
|
SMBOWFencrypt(unsigned char passwd[16], const unsigned char *c8,
|
||||||
unsigned char p24[24])
|
unsigned char p24[24])
|
||||||
{
|
{
|
||||||
unsigned char p21[21];
|
unsigned char p21[21];
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue