Commit 4e53a3fb authored by Jeff Layton's avatar Jeff Layton Committed by Steve French

cifs: have calc_lanman_hash take more granular args

cifs: have calc_lanman_hash take more granular args

We need to use this routine to encrypt passwords associated with the
tcon too. Don't assume that the password will be attached to the
smb_session.

Also, make some of the values in the lower encryption functions
const since they aren't changed.
Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
Signed-off-by: default avatarSteve French <sfrench@us.ibm.com>
parent 55162dec
...@@ -37,7 +37,7 @@ ...@@ -37,7 +37,7 @@
extern void mdfour(unsigned char *out, unsigned char *in, int n); extern void mdfour(unsigned char *out, unsigned char *in, int n);
extern void E_md4hash(const unsigned char *passwd, unsigned char *p16); extern void E_md4hash(const unsigned char *passwd, unsigned char *p16);
extern void SMBencrypt(unsigned char *passwd, unsigned char *c8, extern void SMBencrypt(unsigned char *passwd, const unsigned char *c8,
unsigned char *p24); unsigned char *p24);
static int cifs_calculate_signature(const struct smb_hdr *cifs_pdu, static int cifs_calculate_signature(const struct smb_hdr *cifs_pdu,
...@@ -280,25 +280,22 @@ int CalcNTLMv2_partial_mac_key(struct cifsSesInfo *ses, ...@@ -280,25 +280,22 @@ int CalcNTLMv2_partial_mac_key(struct cifsSesInfo *ses,
} }
#ifdef CONFIG_CIFS_WEAK_PW_HASH #ifdef CONFIG_CIFS_WEAK_PW_HASH
void calc_lanman_hash(struct cifsSesInfo *ses, char *lnm_session_key) void calc_lanman_hash(const char *password, const char *cryptkey, bool encrypt,
char *lnm_session_key)
{ {
int i; int i;
char password_with_pad[CIFS_ENCPWD_SIZE]; char password_with_pad[CIFS_ENCPWD_SIZE];
if (ses->server == NULL)
return;
memset(password_with_pad, 0, CIFS_ENCPWD_SIZE); memset(password_with_pad, 0, CIFS_ENCPWD_SIZE);
if (ses->password) if (password)
strncpy(password_with_pad, ses->password, CIFS_ENCPWD_SIZE); strncpy(password_with_pad, password, CIFS_ENCPWD_SIZE);
if ((ses->server->secMode & SECMODE_PW_ENCRYPT) == 0) if (!encrypt && extended_security & CIFSSEC_MAY_PLNTXT) {
if (extended_security & CIFSSEC_MAY_PLNTXT) { memset(lnm_session_key, 0, CIFS_SESS_KEY_SIZE);
memset(lnm_session_key, 0, CIFS_SESS_KEY_SIZE); memcpy(lnm_session_key, password_with_pad,
memcpy(lnm_session_key, password_with_pad, CIFS_ENCPWD_SIZE);
CIFS_ENCPWD_SIZE); return;
return; }
}
/* calculate old style session key */ /* calculate old style session key */
/* calling toupper is less broken than repeatedly /* calling toupper is less broken than repeatedly
...@@ -314,7 +311,8 @@ void calc_lanman_hash(struct cifsSesInfo *ses, char *lnm_session_key) ...@@ -314,7 +311,8 @@ void calc_lanman_hash(struct cifsSesInfo *ses, char *lnm_session_key)
for (i = 0; i < CIFS_ENCPWD_SIZE; i++) for (i = 0; i < CIFS_ENCPWD_SIZE; i++)
password_with_pad[i] = toupper(password_with_pad[i]); password_with_pad[i] = toupper(password_with_pad[i]);
SMBencrypt(password_with_pad, ses->server->cryptKey, lnm_session_key); SMBencrypt(password_with_pad, cryptkey, lnm_session_key);
/* clear password before we return/free memory */ /* clear password before we return/free memory */
memset(password_with_pad, 0, CIFS_ENCPWD_SIZE); memset(password_with_pad, 0, CIFS_ENCPWD_SIZE);
} }
......
...@@ -26,7 +26,8 @@ ...@@ -26,7 +26,8 @@
extern void mdfour(unsigned char *out, unsigned char *in, int n); extern void mdfour(unsigned char *out, unsigned char *in, int n);
/* smbdes.c */ /* smbdes.c */
extern void E_P16(unsigned char *p14, unsigned char *p16); extern void E_P16(unsigned char *p14, unsigned char *p16);
extern void E_P24(unsigned char *p21, unsigned char *c8, unsigned char *p24); extern void E_P24(unsigned char *p21, const unsigned char *c8,
unsigned char *p24);
...@@ -330,7 +330,8 @@ extern void CalcNTLMv2_response(const struct cifsSesInfo *, char *); ...@@ -330,7 +330,8 @@ extern void CalcNTLMv2_response(const struct cifsSesInfo *, char *);
extern void setup_ntlmv2_rsp(struct cifsSesInfo *, char *, extern void setup_ntlmv2_rsp(struct cifsSesInfo *, char *,
const struct nls_table *); const struct nls_table *);
#ifdef CONFIG_CIFS_WEAK_PW_HASH #ifdef CONFIG_CIFS_WEAK_PW_HASH
extern void calc_lanman_hash(struct cifsSesInfo *ses, char *lnm_session_key); extern void calc_lanman_hash(const char *password, const char *cryptkey,
bool encrypt, char *lnm_session_key);
#endif /* CIFS_WEAK_PW_HASH */ #endif /* CIFS_WEAK_PW_HASH */
extern int CIFSSMBCopy(int xid, extern int CIFSSMBCopy(int xid,
struct cifsTconInfo *source_tcon, struct cifsTconInfo *source_tcon,
......
...@@ -3533,7 +3533,10 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses, ...@@ -3533,7 +3533,10 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
#ifdef CONFIG_CIFS_WEAK_PW_HASH #ifdef CONFIG_CIFS_WEAK_PW_HASH
if ((extended_security & CIFSSEC_MAY_LANMAN) && if ((extended_security & CIFSSEC_MAY_LANMAN) &&
(ses->server->secType == LANMAN)) (ses->server->secType == LANMAN))
calc_lanman_hash(ses, bcc_ptr); calc_lanman_hash(ses->password, ses->server->cryptKey,
ses->server->secMode &
SECMODE_PW_ENCRYPT ? true : false,
bcc_ptr);
else else
#endif /* CIFS_WEAK_PW_HASH */ #endif /* CIFS_WEAK_PW_HASH */
SMBNTencrypt(ses->password, SMBNTencrypt(ses->password,
......
...@@ -417,7 +417,10 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time, ...@@ -417,7 +417,10 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
/* BB calculate hash with password */ /* BB calculate hash with password */
/* and copy into bcc */ /* and copy into bcc */
calc_lanman_hash(ses, lnm_session_key); calc_lanman_hash(ses->password, ses->server->cryptKey,
ses->server->secMode & SECMODE_PW_ENCRYPT ?
true : false, lnm_session_key);
ses->flags |= CIFS_SES_LANMAN; ses->flags |= CIFS_SES_LANMAN;
memcpy(bcc_ptr, (char *)lnm_session_key, CIFS_SESS_KEY_SIZE); memcpy(bcc_ptr, (char *)lnm_session_key, CIFS_SESS_KEY_SIZE);
bcc_ptr += CIFS_SESS_KEY_SIZE; bcc_ptr += CIFS_SESS_KEY_SIZE;
......
...@@ -318,7 +318,8 @@ str_to_key(unsigned char *str, unsigned char *key) ...@@ -318,7 +318,8 @@ str_to_key(unsigned char *str, unsigned char *key)
} }
static void static void
smbhash(unsigned char *out, unsigned char *in, unsigned char *key, int forw) smbhash(unsigned char *out, const unsigned char *in, unsigned char *key,
int forw)
{ {
int i; int i;
char *outb; /* outb[64] */ char *outb; /* outb[64] */
...@@ -363,7 +364,7 @@ E_P16(unsigned char *p14, unsigned char *p16) ...@@ -363,7 +364,7 @@ E_P16(unsigned char *p14, unsigned char *p16)
} }
void void
E_P24(unsigned char *p21, unsigned char *c8, unsigned char *p24) E_P24(unsigned char *p21, const unsigned char *c8, unsigned char *p24)
{ {
smbhash(p24, c8, p21, 1); smbhash(p24, c8, p21, 1);
smbhash(p24 + 8, c8, p21 + 7, 1); smbhash(p24 + 8, c8, p21 + 7, 1);
......
...@@ -49,9 +49,10 @@ ...@@ -49,9 +49,10 @@
/*The following definitions come from libsmb/smbencrypt.c */ /*The following definitions come from libsmb/smbencrypt.c */
void SMBencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24); void SMBencrypt(unsigned char *passwd, const unsigned char *c8,
unsigned char *p24);
void E_md4hash(const unsigned char *passwd, unsigned char *p16); void E_md4hash(const unsigned char *passwd, unsigned char *p16);
static void SMBOWFencrypt(unsigned char passwd[16], unsigned char *c8, static void SMBOWFencrypt(unsigned char passwd[16], const unsigned char *c8,
unsigned char p24[24]); unsigned char p24[24]);
void SMBNTencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24); void SMBNTencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24);
...@@ -61,7 +62,7 @@ void SMBNTencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24); ...@@ -61,7 +62,7 @@ void SMBNTencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24);
encrypted password into p24 */ encrypted password into p24 */
/* Note that password must be uppercased and null terminated */ /* Note that password must be uppercased and null terminated */
void void
SMBencrypt(unsigned char *passwd, unsigned char *c8, unsigned char *p24) SMBencrypt(unsigned char *passwd, const unsigned char *c8, unsigned char *p24)
{ {
unsigned char p14[15], p21[21]; unsigned char p14[15], p21[21];
...@@ -212,7 +213,7 @@ ntv2_owf_gen(const unsigned char owf[16], const char *user_n, ...@@ -212,7 +213,7 @@ ntv2_owf_gen(const unsigned char owf[16], const char *user_n,
/* Does the des encryption from the NT or LM MD4 hash. */ /* Does the des encryption from the NT or LM MD4 hash. */
static void static void
SMBOWFencrypt(unsigned char passwd[16], unsigned char *c8, SMBOWFencrypt(unsigned char passwd[16], const unsigned char *c8,
unsigned char p24[24]) unsigned char p24[24])
{ {
unsigned char p21[21]; unsigned char p21[21];
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment