diff options
| author | Namjae Jeon <namjae.jeon@samsung.com> | 2021-03-16 10:49:09 +0900 |
|---|---|---|
| committer | Steve French <stfrench@microsoft.com> | 2021-05-10 19:15:15 -0500 |
| commit | e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 (patch) | |
| tree | c4fedd560b6e0ebfd0af9aac959207ecb65e58f4 /fs/cifsd/auth.h | |
| parent | 0626e6641f6b467447c81dd7678a69c66f7746cf (diff) | |
| download | lwn-e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9.tar.gz lwn-e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9.zip | |
cifsd: add server-side procedures for SMB3
This adds smb3 engine, NTLM/NTLMv2/Kerberos authentication, oplock/lease
cache mechanism for cifsd.
Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com>
Acked-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to 'fs/cifsd/auth.h')
| -rw-r--r-- | fs/cifsd/auth.h | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/fs/cifsd/auth.h b/fs/cifsd/auth.h new file mode 100644 index 000000000000..6fcfad5e7e1f --- /dev/null +++ b/fs/cifsd/auth.h @@ -0,0 +1,90 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2018 Samsung Electronics Co., Ltd. + */ + +#ifndef __AUTH_H__ +#define __AUTH_H__ + +#include "ntlmssp.h" + +#ifdef CONFIG_SMB_SERVER_KERBEROS5 +#define AUTH_GSS_LENGTH 96 +#define AUTH_GSS_PADDING 0 +#else +#define AUTH_GSS_LENGTH 74 +#define AUTH_GSS_PADDING 6 +#endif + +#define CIFS_HMAC_MD5_HASH_SIZE (16) +#define CIFS_NTHASH_SIZE (16) + +/* + * Size of the ntlm client response + */ +#define CIFS_AUTH_RESP_SIZE 24 +#define CIFS_SMB1_SIGNATURE_SIZE 8 +#define CIFS_SMB1_SESSKEY_SIZE 16 + +#define KSMBD_AUTH_NTLMSSP 0x0001 +#define KSMBD_AUTH_KRB5 0x0002 +#define KSMBD_AUTH_MSKRB5 0x0004 +#define KSMBD_AUTH_KRB5U2U 0x0008 + +struct ksmbd_session; +struct ksmbd_conn; +struct kvec; + +int ksmbd_crypt_message(struct ksmbd_conn *conn, + struct kvec *iov, + unsigned int nvec, + int enc); + +void ksmbd_copy_gss_neg_header(void *buf); + +int ksmbd_auth_ntlm(struct ksmbd_session *sess, + char *pw_buf); + +int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, + struct ntlmv2_resp *ntlmv2, + int blen, + char *domain_name); + +int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob, + int blob_len, + struct ksmbd_session *sess); + +int ksmbd_decode_ntlmssp_neg_blob(struct negotiate_message *negblob, + int blob_len, + struct ksmbd_session *sess); + +unsigned int +ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob, + struct ksmbd_session *sess); + +int ksmbd_krb5_authenticate(struct ksmbd_session *sess, + char *in_blob, int in_len, + char *out_blob, int *out_len); + +int ksmbd_sign_smb2_pdu(struct ksmbd_conn *conn, + char *key, + struct kvec *iov, + int n_vec, + char *sig); +int ksmbd_sign_smb3_pdu(struct ksmbd_conn *conn, + char *key, + struct kvec *iov, + int n_vec, + char *sig); + +int ksmbd_gen_smb30_signingkey(struct ksmbd_session *sess); +int ksmbd_gen_smb311_signingkey(struct ksmbd_session *sess); +int ksmbd_gen_smb30_encryptionkey(struct ksmbd_session *sess); +int ksmbd_gen_smb311_encryptionkey(struct ksmbd_session *sess); + +int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, + char *buf, + __u8 *pi_hash); +int ksmbd_gen_sd_hash(struct ksmbd_conn *conn, char *sd_buf, int len, + __u8 *pi_hash); +#endif |