fs/smb/server/auth.c
Source file repositories/reference/linux-study-clean/fs/smb/server/auth.c
File Facts
- System
- Linux kernel
- Corpus path
fs/smb/server/auth.c- Extension
.c- Size
- 24654 bytes
- Lines
- 914
- Domain
- Core OS
- Bucket
- VFS And Filesystem Core
- Inferred role
- Core OS: implementation source
- Status
- source implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Allocates kernel memory; connect allocation flags and lifetime to context constraints.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/kernel.hlinux/fs.hlinux/uaccess.hlinux/backing-dev.hlinux/writeback.hlinux/uio.hlinux/xattr.hcrypto/aead.hcrypto/aes-cbc-macs.hcrypto/md5.hcrypto/sha2.hcrypto/utils.hlinux/random.hlinux/scatterlist.hauth.hglob.hlinux/fips.hcrypto/arc4.hcrypto/des.hserver.hsmb_common.hconnection.hmgmt/user_session.hmgmt/user_config.hcrypto_ctx.htransport_ipc.h
Detected Declarations
struct derivationstruct derivation_twinfunction ksmbd_copy_gss_neg_headerfunction calc_ntlmv2_hashfunction ksmbd_auth_ntlmv2function ksmbd_decode_ntlmssp_auth_blobfunction ksmbd_decode_ntlmssp_neg_blobfunction ksmbd_build_ntlmssp_challenge_blobfunction ksmbd_krb5_authenticatefunction ksmbd_krb5_authenticatefunction ksmbd_sign_smb2_pdufunction ksmbd_sign_smb3_pdufunction generate_keyfunction generate_smb3signingkeyfunction ksmbd_gen_smb30_signingkeyfunction ksmbd_gen_smb311_signingkeyfunction generate_smb3encryptionkeyfunction ksmbd_gen_smb30_encryptionkeyfunction ksmbd_gen_smb311_encryptionkeyfunction ksmbd_gen_preauth_integrity_hashfunction ksmbd_get_encryption_keyfunction smb2_sg_set_buffunction ksmbd_crypt_message
Annotated Snippet
struct derivation {
struct kvec label;
struct kvec context;
bool binding;
};
static void generate_key(struct ksmbd_conn *conn, struct ksmbd_session *sess,
struct kvec label, struct kvec context, __u8 *key,
unsigned int key_size)
{
unsigned char zero = 0x0;
__u8 i[4] = {0, 0, 0, 1};
__u8 L128[4] = {0, 0, 0, 128};
__u8 L256[4] = {0, 0, 1, 0};
unsigned char prfhash[SMB2_HMACSHA256_SIZE];
struct hmac_sha256_ctx ctx;
hmac_sha256_init_usingrawkey(&ctx, sess->sess_key,
SMB2_NTLMV2_SESSKEY_SIZE);
hmac_sha256_update(&ctx, i, 4);
hmac_sha256_update(&ctx, label.iov_base, label.iov_len);
hmac_sha256_update(&ctx, &zero, 1);
hmac_sha256_update(&ctx, context.iov_base, context.iov_len);
if (key_size == SMB3_ENC_DEC_KEY_SIZE &&
(conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||
conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
hmac_sha256_update(&ctx, L256, 4);
else
hmac_sha256_update(&ctx, L128, 4);
hmac_sha256_final(&ctx, prfhash);
memcpy(key, prfhash, key_size);
}
static int generate_smb3signingkey(struct ksmbd_session *sess,
struct ksmbd_conn *conn,
const struct derivation *signing)
{
struct channel *chann;
char *key;
chann = lookup_chann_list(sess, conn);
if (!chann)
return 0;
if (conn->dialect >= SMB30_PROT_ID && signing->binding)
key = chann->smb3signingkey;
else
key = sess->smb3signingkey;
generate_key(conn, sess, signing->label, signing->context, key,
SMB3_SIGN_KEY_SIZE);
if (!(conn->dialect >= SMB30_PROT_ID && signing->binding))
memcpy(chann->smb3signingkey, key, SMB3_SIGN_KEY_SIZE);
ksmbd_debug(AUTH, "generated SMB3 signing key\n");
ksmbd_debug(AUTH, "Session Id %llu\n", sess->id);
return 0;
}
int ksmbd_gen_smb30_signingkey(struct ksmbd_session *sess,
struct ksmbd_conn *conn)
{
struct derivation d;
d.label.iov_base = "SMB2AESCMAC";
d.label.iov_len = 12;
d.context.iov_base = "SmbSign";
d.context.iov_len = 8;
d.binding = conn->binding;
return generate_smb3signingkey(sess, conn, &d);
}
int ksmbd_gen_smb311_signingkey(struct ksmbd_session *sess,
struct ksmbd_conn *conn)
{
struct derivation d;
d.label.iov_base = "SMBSigningKey";
d.label.iov_len = 14;
if (conn->binding) {
struct preauth_session *preauth_sess;
preauth_sess = ksmbd_preauth_session_lookup(conn, sess->id);
if (!preauth_sess)
return -ENOENT;
d.context.iov_base = preauth_sess->Preauth_HashValue;
Annotation
- Immediate include surface: `linux/kernel.h`, `linux/fs.h`, `linux/uaccess.h`, `linux/backing-dev.h`, `linux/writeback.h`, `linux/uio.h`, `linux/xattr.h`, `crypto/aead.h`.
- Detected declarations: `struct derivation`, `struct derivation_twin`, `function ksmbd_copy_gss_neg_header`, `function calc_ntlmv2_hash`, `function ksmbd_auth_ntlmv2`, `function ksmbd_decode_ntlmssp_auth_blob`, `function ksmbd_decode_ntlmssp_neg_blob`, `function ksmbd_build_ntlmssp_challenge_blob`, `function ksmbd_krb5_authenticate`, `function ksmbd_krb5_authenticate`.
- Atlas domain: Core OS / VFS And Filesystem Core.
- Implementation status: source implementation candidate.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.