From patchwork Wed Aug 20 10:39:01 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Namjae Jeon X-Patchwork-Id: 4748871 Return-Path: X-Original-To: patchwork-cifs-client@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id E31ECC0338 for ; Wed, 20 Aug 2014 10:39:07 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 0694020155 for ; Wed, 20 Aug 2014 10:39:07 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id E859F2014A for ; Wed, 20 Aug 2014 10:39:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752260AbaHTKjF (ORCPT ); Wed, 20 Aug 2014 06:39:05 -0400 Received: from mailout1.samsung.com ([203.254.224.24]:15049 "EHLO mailout1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752258AbaHTKjD (ORCPT ); Wed, 20 Aug 2014 06:39:03 -0400 Received: from epcpsbgr2.samsung.com (u142.gpu120.samsung.co.kr [203.254.230.142]) by mailout1.samsung.com (Oracle Communications Messaging Server 7u4-24.01 (7.0.4.24.0) 64bit (built Nov 17 2011)) with ESMTP id <0NAL008K6PL1R7B0@mailout1.samsung.com> for linux-cifs@vger.kernel.org; Wed, 20 Aug 2014 19:39:01 +0900 (KST) Received: from epcpsbgm1.samsung.com ( [172.20.52.112]) by epcpsbgr2.samsung.com (EPCPMTA) with SMTP id F2.DF.19786.5CA74F35; Wed, 20 Aug 2014 19:39:01 +0900 (KST) X-AuditID: cbfee68e-b7fab6d000004d4a-58-53f47ac5c7e4 Received: from epmmp2 ( [203.254.227.17]) by epcpsbgm1.samsung.com (EPCPMTA) with SMTP id AE.C4.04943.5CA74F35; Wed, 20 Aug 2014 19:39:01 +0900 (KST) Received: from DONAMJAEJEO06 ([10.88.104.63]) by mmp2.samsung.com (Oracle Communications Messaging Server 7u4-24.01 (7.0.4.24.0) 64bit (built Nov 17 2011)) with ESMTPA id <0NAL00L21PL1N950@mmp2.samsung.com>; Wed, 20 Aug 2014 19:39:01 +0900 (KST) From: Namjae Jeon To: 'Steve French' Cc: 'Shirish Pargaonkar' , 'Pavel Shilovsky' , linux-cifs@vger.kernel.org, Ashish Sangwan Subject: [PATCH 1/7] cifs: Bypass windows extended security for ntlmv2 negotiate Date: Wed, 20 Aug 2014 19:39:01 +0900 Message-id: <003401cfbc62$f505f920$df11eb60$@samsung.com> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7bit X-Mailer: Microsoft Outlook 14.0 Thread-index: Ac+8YqFbT8Ywh20kTvCBBHnOY/BaJQ== Content-language: ko X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrBIsWRmVeSWpSXmKPExsWyRsSkQPdo1Zdggy2nDC2WTrzEbPHi/y5m i3N7WS1ezGlgtHjz4jCbA6vHzll32T3m7upj9OjbsorR4/MmuQCWKC6blNSczLLUIn27BK6M 5T/mMRbslqj4c3YXWwPjQpEuRk4OCQETic23XjBB2GISF+6tZwOxhQSWMkosvOIGUzPz0WWg OBdQfDqjxNNPx6Gcv4wS9971MHcxcnCwCWhL/NkiCtIgIqAu8Xn5X2YQm1lgBaPEo18mICXC AgES7/8mgoRZBFQlbv7rYQGxeQUsJb72b2WEsAUlfky+xwLRqiWxfudxJghbXmLzmrfMEPco SOw4+5oRYpWexNvtFxkhakQk9r14xwhymoTANnaJv8+PMkMsE5D4NvkQC8gNEgKyEpsOQM2R lDi44gbLBEaxWUhWz0KyehaS1bOQrFjAyLKKUTS1ILmgOCm9yEivODG3uDQvXS85P3cTIzDW Tv971reD8eYB60OMyUDrJzJLiSbnA2M1ryTe0NjMyMLUxNTYyNzSjDRhJXHeRQ+TgoQE0hNL UrNTUwtSi+KLSnNSiw8xMnFwSjUwWgbuOT1/0l3T+V7nkh6GM2bvkLu+hW/nv3+frDNm3jyx 4V73p09W7svvGC6Pq2LgYO3aom/zLmvqZVH/hbmTW86t3NB0lOcsU1YVi+bSc6uYjs7YPHfn bsW3dcrPpi+ZN/tkp7L+t4o7W2Pd2C7WtTNZuTxOD5VqePz4TvyFKTpZJ39PsS1z71ViKc5I NNRiLipOBAB+2/thywIAAA== X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrBIsWRmVeSWpSXmKPExsVy+t9jQd2jVV+CDbb2aVosnXiJ2eLF/13M Fuf2slq8mNPAaPHmxWE2B1aPnbPusnvM3dXH6NG3ZRWjx+dNcgEsUQ2MNhmpiSmpRQqpecn5 KZl56bZK3sHxzvGmZgaGuoaWFuZKCnmJuam2Si4+AbpumTlAe5UUyhJzSoFCAYnFxUr6dpgm hIa46VrANEbo+oYEwfUYGaCBhDWMGct/zGMs2C1R8efsLrYGxoUiXYycHBICJhIzH11mg7DF JC7cWw9kc3EICUxnlHj66TiU85dR4t67HuYuRg4ONgFtiT9bREEaRATUJT4v/8sMYjMLrGCU ePTLBKREWCBA4v3fRJAwi4CqxM1/PSwgNq+ApcTX/q2MELagxI/J91ggWrUk1u88zgRhy0ts XvOWGeIeBYkdZ18zQqzSk3i7/SIjRI2IxL4X7xgnMArMQjJqFpJRs5CMmoWkZQEjyypG0dSC 5ILipPRcQ73ixNzi0rx0veT83E2M4Fh+JrWDcWWDxSFGAQ5GJR5ehezPwUKsiWXFlbmHGCU4 mJVEeH1yvwQL8aYkVlalFuXHF5XmpBYfYjQF+nQis5Rocj4wzeSVxBsam5gZWRqZG1oYGZsr ifMeaLUOFBJITyxJzU5NLUgtgulj4uCUamA8v/iV83Whu6tm6P9N3n1PXnjqeSl5MV3maZcl 3gi32u9Tm/V6rqhS/vflW5lN1fNWLj207HbpYcbEyI9TvmYInzuts+eqk8+lVnvvHn/nSY/z jpw+nVmk/1739+qeWZruWuWVjLZL5y9k3RnOfejfzlkPN4umbdBd8043/sbeHoa2CBmL+KnB SizFGYmGWsxFxYkAudVbBfsCAAA= DLP-Filter: Pass X-MTR: 20000000000000000@CPGS X-CFilter-Loop: Reflected Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Windows machine has extended security feature which refuse to allow authentication when there is time difference between server time and client time when ntlmv2 negotiation is used. This problem is prevalent in embedded enviornment where system time is set to default 1970. We don't know yet the exact threshold for the time difference at which the connection is refused but one comment in cifs code suggest that it is around 5 minutes. This patch tries to solve this problem by sending the received server time during negotiate process as the current client time. Signed-off-by: Namjae Jeon Signed-off-by: Ashish Sangwan --- fs/cifs/cifsencrypt.c | 4 ++-- fs/cifs/cifsglob.h | 2 ++ fs/cifs/cifssmb.c | 2 ++ fs/cifs/smb2pdu.c | 1 + 4 files changed, 7 insertions(+), 2 deletions(-) diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c index 4934347..d5cec81 100644 --- a/fs/cifs/cifsencrypt.c +++ b/fs/cifs/cifsencrypt.c @@ -671,8 +671,8 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp) (ses->auth_key.response + CIFS_SESS_KEY_SIZE); ntlmv2->blob_signature = cpu_to_le32(0x00000101); ntlmv2->reserved = 0; - /* Must be within 5 minutes of the server */ - ntlmv2->time = cpu_to_le64(cifs_UnixTimeToNT(CURRENT_TIME)); + /* Hack to get around windows extended security */ + ntlmv2->time = cpu_to_le64(ses->serverTime); get_random_bytes(&ntlmv2->client_chal, sizeof(ntlmv2->client_chal)); ntlmv2->reserved2 = 0; diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index ce24c1f..9344c94 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -796,6 +796,8 @@ struct cifs_ses { enum securityEnum sectype; /* what security flavor was specified? */ bool sign; /* is signing required? */ bool need_reconnect:1; /* connection reset, uid now invalid */ + __u64 serverTime; /* Keeps a track of server time sent by server + during negotiate response */ #ifdef CONFIG_CIFS_SMB2 __u16 session_flags; char smb3signingkey[SMB3_SIGN_KEY_SIZE]; /* for signing smb3 packets */ diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index 86a2aa5..ead2da0 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c @@ -584,6 +584,8 @@ CIFSSMBNegotiate(const unsigned int xid, struct cifs_ses *ses) if (rc != 0) goto neg_err_exit; + ses->serverTime = le32_to_cpu(pSMBr->SystemTimeLow); + ses->serverTime |= ((__u64)le32_to_cpu(pSMBr->SystemTimeHigh) << 32); server->dialect = le16_to_cpu(pSMBr->DialectIndex); cifs_dbg(FYI, "Dialect: %d\n", server->dialect); /* Check wct = 1 error case */ diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index ed42234..a40f492 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -381,6 +381,7 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses) if (rc != 0) goto neg_exit; + ses->serverTime = le64_to_cpu(rsp->SystemTime); cifs_dbg(FYI, "mode 0x%x\n", rsp->SecurityMode); /* BB we may eventually want to match the negotiated vs. requested