[PATCH] cifs: Fix multiuser packet signing to use the right sequence number and mac session key (ad009ac9) · Commits · git / linux-net

fs/cifs/CHANGES

+2 −1

Original line number	Diff line number	Diff line
		@@ -5,7 +5,8 @@ transact response for an SMB request and search entry split across two frames.
		Add support for lsattr (getting ext2/ext3/reiserfs attr flags from the server)
		as new protocol extensions. Do not send Get/Set calls for POSIX ACLs
		unless server explicitly claims to support them in CIFS Unix extensions
		POSIX ACL capability bit.
		POSIX ACL capability bit. Fix packet signing when multiuser mounting with
		different users from the same client to the same server.

		Version 1.31
		------------

fs/cifs/cifsencrypt.c

+8 −8

Original line number	Diff line number	Diff line
		@@ -50,7 +50,7 @@ static int cifs_calculate_signature(const struct smb_hdr * cifs_pdu, const char
		return 0;
		}

		int cifs_sign_smb(struct smb_hdr * cifs_pdu, struct cifsSesInfo * ses,
		int cifs_sign_smb(struct smb_hdr * cifs_pdu, struct TCP_Server_Info * server,
		__u32 * pexpected_response_sequence_number)
		{
		int rc = 0;
		@@ -59,21 +59,21 @@ int cifs_sign_smb(struct smb_hdr * cifs_pdu, struct cifsSesInfo * ses,
		/* BB remember to initialize sequence number elsewhere and initialize mac_signing key elsewhere BB */
		/* BB remember to add code to save expected sequence number in midQ entry BB */

		if((cifs_pdu == NULL) \|\| (ses == NULL))
		if((cifs_pdu == NULL) \|\| (server == NULL))
		return -EINVAL;

		if((cifs_pdu->Flags2 & SMBFLG2_SECURITY_SIGNATURE) == 0)
		return rc;

		spin_lock(&GlobalMid_Lock);
		cifs_pdu->Signature.Sequence.SequenceNumber = cpu_to_le32(ses->sequence_number);
		cifs_pdu->Signature.Sequence.SequenceNumber = cpu_to_le32(server->sequence_number);
		cifs_pdu->Signature.Sequence.Reserved = 0;

		*pexpected_response_sequence_number = ses->sequence_number++;
		ses->sequence_number++;
		*pexpected_response_sequence_number = server->sequence_number++;
		server->sequence_number++;
		spin_unlock(&GlobalMid_Lock);

		rc = cifs_calculate_signature(cifs_pdu, ses->mac_signing_key,smb_signature);
		rc = cifs_calculate_signature(cifs_pdu, server->mac_signing_key,smb_signature);
		if(rc)
		memset(cifs_pdu->Signature.SecuritySignature, 0, 8);
		else
		@@ -190,7 +190,7 @@ int CalcNTLMv2_partial_mac_key(struct cifsSesInfo * ses, struct nls_table * nls_
		hmac_md5_update((const unsigned char *) unicode_buf,
		(user_name_len+dom_name_len)*2,&ctx);

		hmac_md5_final(ses->mac_signing_key,&ctx);
		hmac_md5_final(ses->server->mac_signing_key,&ctx);
		kfree(ucase_buf);
		kfree(unicode_buf);
		return 0;
		@@ -200,7 +200,7 @@ void CalcNTLMv2_response(const struct cifsSesInfo * ses,char * v2_session_respon
		struct HMACMD5Context context;
		memcpy(v2_session_response + 8, ses->server->cryptKey,8);
		/* gen_blob(v2_session_response + 16); */
		hmac_md5_init_limK_to_64(ses->mac_signing_key, 16, &context);
		hmac_md5_init_limK_to_64(ses->server->mac_signing_key, 16, &context);

		hmac_md5_update(ses->server->cryptKey,8,&context);
		/* hmac_md5_update(v2_session_response+16)client thing,8,&context); / / BB fix */

fs/cifs/cifsglob.h

+6 −5

Original line number	Diff line number	Diff line
		@@ -149,6 +149,8 @@ struct TCP_Server_Info {
		__u16 timeZone;
		char cryptKey[CIFS_CRYPTO_KEY_SIZE];
		char workstation_RFC1001_name[16]; /* 16th byte is always zero */
		__u32 sequence_number; /* needed for CIFS PDU signature */
		char mac_signing_key[CIFS_SESSION_KEY_SIZE + 16];
		};

		/*
		@@ -174,17 +176,16 @@ struct cifsSesInfo {
		struct TCP_Server_Info server; / pointer to server info */
		atomic_t inUse; /* # of mounts (tree connections) on this ses */
		enum statusEnum status;
		__u32 sequence_number; /* needed for CIFS PDU signature */
		__u16 ipc_tid; /* special tid for connection to IPC share */
		__u16 flags;
		char mac_signing_key[CIFS_SESSION_KEY_SIZE + 16];
		char serverOS; / name of operating system underlying the server */
		char serverNOS; / name of network operating system that the server is running */
		char serverOS; / name of operating system underlying server */
		char serverNOS; / name of network operating system of server */
		char serverDomain; / security realm of server */
		int Suid; /* remote smb uid */
		uid_t linux_uid; /* local Linux uid */
		int capabilities;
		char serverName[SERVER_NAME_LEN_WITH_NULL * 2]; /* BB make bigger for tcp names - will ipv6 and sctp addresses fit here?? */
		char serverName[SERVER_NAME_LEN_WITH_NULL * 2]; /* BB make bigger for
		TCP names - will ipv6 and sctp addresses fit? */
		char userName[MAX_USERNAME_SIZE + 1];
		char domainName[MAX_USERNAME_SIZE + 1];
		char * password;

fs/cifs/cifsproto.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -230,7 +230,7 @@ extern void tconInfoFree(struct cifsTconInfo *);

		extern int cifs_reconnect(struct TCP_Server_Info *server);

		extern int cifs_sign_smb(struct smb_hdr , struct cifsSesInfo ,__u32 *);
		extern int cifs_sign_smb(struct smb_hdr , struct TCP_Server_Info ,__u32 *);
		extern int cifs_verify_signature(struct smb_hdr , const char mac_key,
		__u32 expected_sequence_number);
		extern int cifs_calculate_mac_key(char * key,const char * rn,const char * pass);

fs/cifs/connect.c

+20 −8

Original line number	Diff line number	Diff line
		@@ -182,6 +182,7 @@ cifs_reconnect(struct TCP_Server_Info *server)
		spin_lock(&GlobalMid_Lock);
		if(server->tcpStatus != CifsExiting)
		server->tcpStatus = CifsGood;
		server->sequence_number = 0;
		spin_unlock(&GlobalMid_Lock);
		/* atomic_set(&server->inFlight,0);*/
		wake_up(&server->response_q);
		@@ -1352,6 +1353,7 @@ cifs_mount(struct super_block sb, struct cifs_sb_info cifs_sb,
		} else
		rc = 0;
		memcpy(srvTcp->workstation_RFC1001_name, volume_info.source_rfc1001_name,16);
		srvTcp->sequence_number = 0;
		}
		}

		@@ -2959,6 +2961,7 @@ int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
		int rc = 0;
		char ntlm_session_key[CIFS_SESSION_KEY_SIZE];
		int ntlmv2_flag = FALSE;
		int first_time = 0;

		/* what if server changes its buffer size after dropping the session? */
		if(pSesInfo->server->maxBuf == 0) /* no need to send on reconnect */ {
		@@ -2977,12 +2980,13 @@ int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
		spin_unlock(&GlobalMid_Lock);

		}
		first_time = 1;
		}
		if (!rc) {
		pSesInfo->capabilities = pSesInfo->server->capabilities;
		if(linuxExtEnabled == 0)
		pSesInfo->capabilities &= (~CAP_UNIX);
		pSesInfo->sequence_number = 0;
		/* pSesInfo->sequence_number = 0;*/
		cFYI(1,("Security Mode: 0x%x Capabilities: 0x%x Time Zone: %d",
		pSesInfo->server->secMode,
		pSesInfo->server->capabilities,
		@@ -3015,7 +3019,10 @@ int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
		v2_response = kmalloc(16 + 64 /* blob */, GFP_KERNEL);
		if(v2_response) {
		CalcNTLMv2_response(pSesInfo,v2_response);
		/* cifs_calculate_ntlmv2_mac_key(pSesInfo->mac_signing_key, response, ntlm_session_key, */
		/* if(first_time)
		cifs_calculate_ntlmv2_mac_key(
		pSesInfo->server->mac_signing_key,
		response, ntlm_session_key, */
		kfree(v2_response);
		/* BB Put dummy sig in SessSetup PDU? */
		} else {
		@@ -3028,7 +3035,9 @@ int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
		pSesInfo->server->cryptKey,
		ntlm_session_key);

		cifs_calculate_mac_key(pSesInfo->mac_signing_key,
		if(first_time)
		cifs_calculate_mac_key(
		pSesInfo->server->mac_signing_key,
		ntlm_session_key,
		pSesInfo->password);
		}
		@@ -3046,8 +3055,11 @@ int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
		pSesInfo->server->cryptKey,
		ntlm_session_key);

		cifs_calculate_mac_key(pSesInfo->mac_signing_key,
		if(first_time)
		cifs_calculate_mac_key(
		pSesInfo->server->mac_signing_key,
		ntlm_session_key, pSesInfo->password);

		rc = CIFSSessSetup(xid, pSesInfo,
		ntlm_session_key, nls_info);
		}