From patchwork Wed Sep 8 04:46:25 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shirish Pargaonkar X-Patchwork-Id: 162861 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter1.kernel.org (8.14.4/8.14.3) with ESMTP id o884ktFN003235 for ; Wed, 8 Sep 2010 04:51:03 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751241Ab0IHEvD (ORCPT ); Wed, 8 Sep 2010 00:51:03 -0400 Received: from mail-iw0-f174.google.com ([209.85.214.174]:58839 "EHLO mail-iw0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751167Ab0IHEvC (ORCPT ); Wed, 8 Sep 2010 00:51:02 -0400 Received: by iwn5 with SMTP id 5so5992039iwn.19 for ; Tue, 07 Sep 2010 21:51:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:cc:subject:date :message-id:x-mailer; bh=NUBPnjgVrh/aRdy5jX7ChYC47Jh4leCZ45hnauR+B1Y=; b=b40JgbAtpSFj5LS18aA0AxfqLX2Yti+Ae/AMJaD3+YffDb5LKnZ7VR7QB61ystiZdz MgdpZohNnJigQZzECxUu/Wld95qgemYC1dGtcAO4cnaTreU5dI2T7B6PfHmH570xcTO3 tpD2GrDKDqus5UDdS3IKiMFPfmb34HQbJburg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:cc:subject:date:message-id:x-mailer; b=YseyZmc4yelEFKTOgbsYo0oDwa9BFmCxEgG0E77dy+wdg+i79QdBDyIbYwuO6qzeb6 NRpNXYrkhR/I6CzoyjJeQZTJTQPiVDqcllEW3ovpW1XeHmIbikrzXXgL/hMGen7bdgSD o0VIfX9LlfI26vT18kJ2Bd6OyTAvrczz+gY5s= Received: by 10.231.148.85 with SMTP id o21mr9195158ibv.26.1283921460842; Tue, 07 Sep 2010 21:51:00 -0700 (PDT) Received: from localhost ([32.97.110.58]) by mx.google.com with ESMTPS id g31sm7869022ibh.4.2010.09.07.21.50.59 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 07 Sep 2010 21:51:00 -0700 (PDT) From: shirishpargaonkar@gmail.com To: smfrench@gmail.com Cc: linux-cifs@vger.kernel.org, Shirish Pargaonkar Subject: [PATCH 5/8] ntlmv2/ntlmssp functions to either extract or create av pair/ti info blob Date: Tue, 7 Sep 2010 23:46:25 -0500 Message-Id: <1283921185-13114-1-git-send-email-shirishpargaonkar@gmail.com> X-Mailer: git-send-email 1.6.0.2 Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.3 (demeter1.kernel.org [140.211.167.41]); Wed, 08 Sep 2010 04:51:04 +0000 (UTC) diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c index 4772c4d..e53fbeb 100644 --- a/fs/cifs/cifsencrypt.c +++ b/fs/cifs/cifsencrypt.c @@ -27,6 +27,7 @@ #include "md5.h" #include "cifs_unicode.h" #include "cifsproto.h" +#include "ntlmssp.h" #include #include @@ -263,6 +264,78 @@ void calc_lanman_hash(const char *password, const char *cryptkey, bool encrypt, } #endif /* CIFS_WEAK_PW_HASH */ +/* This is just a filler for ntlmv2 type of security mechanisms. + * Older servers are not very particular about the contents of av pairs + * in the blob and for sec mechs like ntlmv2, there is no negotiation + * as in ntlmssp, so unless domain and server netbios and dns names + * are specified, there is no way to obtain name. In case of ntlmssp, + * server provides that info in type 2 challenge packet + */ + +static int +build_avpair_blob(struct cifsSesInfo *ses) +{ + struct ntlmssp2_name *attrptr; + + ses->tilen = 2 * sizeof(struct ntlmssp2_name); + ses->tiblob = kzalloc(ses->tilen, GFP_KERNEL); + if (!ses->tiblob) { + ses->tilen = 0; + cERROR(1, "Challenge target info allocation failure"); + return -ENOMEM; + } + attrptr = (struct ntlmssp2_name *) ses->tiblob; + attrptr->type = cpu_to_le16(NTLMSSP_DOMAIN_TYPE); + + return 0; +} + +/* Server has provided av pairs/target info in the type 2 challenge + * packet and we have plucked it and stored within smb connection. + * We parse that blob here to find netbios domain name to be used + * as part of ntlmv2 authentication, if not already specified on + * the command line + */ + +static int +find_domain_name(struct cifsSesInfo *ses) +{ + int rc = 0; + unsigned int attrsize; + unsigned int type; + unsigned char *blobptr; + struct ntlmssp2_name *attrptr; + + if (ses->tiblob) { + blobptr = ses->tiblob; + attrptr = (struct ntlmssp2_name *) blobptr; + + while ((type = attrptr->type) != 0) { + blobptr += 2; /* advance attr type */ + attrsize = attrptr->length; + blobptr += 2; /* advance attr size */ + if (type == NTLMSSP_AV_NB_DOMAIN_NAME) { + if (!ses->domainName) { + ses->domainName = + kmalloc(attrptr->length + 1, + GFP_KERNEL); + if (!ses->domainName) + return -ENOMEM; + cifs_from_ucs2(ses->domainName, + (__le16 *)blobptr, + attrptr->length, + attrptr->length, + load_nls_default(), false); + } + } + blobptr += attrsize; /* advance attr value */ + attrptr = (struct ntlmssp2_name *) blobptr; + } + } + + return rc; +} + static int calc_ntlmv2_hash(struct cifsSesInfo *ses, const struct nls_table *nls_cp) { @@ -334,10 +407,6 @@ void setup_ntlmv2_rsp(struct cifsSesInfo *ses, char *resp_buf, buf->time = cpu_to_le64(cifs_UnixTimeToNT(CURRENT_TIME)); get_random_bytes(&buf->client_chal, sizeof(buf->client_chal)); buf->reserved2 = 0; - buf->names[0].type = cpu_to_le16(NTLMSSP_DOMAIN_TYPE); - buf->names[0].length = 0; - buf->names[1].type = 0; - buf->names[1].length = 0; /* calculate buf->ntlmv2_hash */ rc = calc_ntlmv2_hash(ses, nls_cp); diff --git a/fs/cifs/cifspdu.h b/fs/cifs/cifspdu.h index f5c78fb..dc90a36 100644 --- a/fs/cifs/cifspdu.h +++ b/fs/cifs/cifspdu.h @@ -670,7 +670,6 @@ struct ntlmv2_resp { __le64 time; __u64 client_chal; /* random */ __u32 reserved2; - struct ntlmssp2_name names[2]; /* array of name entries could follow ending in minimum 4 byte struct */ } __attribute__((packed)); diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index f5369e7..0621a72 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -1768,6 +1768,8 @@ cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb_vol *volume_info) if (ses == NULL) goto get_ses_fail; + ses->tilen = 0; + ses->tiblob = NULL; /* new SMB session uses our server ref */ ses->server = server; if (server->addr.sockAddr6.sin6_family == AF_INET6) diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index 0a57cb7..756f410 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c @@ -383,6 +383,9 @@ static int decode_ascii_ssetup(char **pbcc_area, int bleft, static int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len, struct cifsSesInfo *ses) { + unsigned int tioffset; /* challenge message target info area */ + unsigned int tilen; /* challenge message target info area length */ + CHALLENGE_MESSAGE *pblob = (CHALLENGE_MESSAGE *)bcc_ptr; if (blob_len < sizeof(CHALLENGE_MESSAGE)) { @@ -405,6 +408,20 @@ static int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len, /* BB spec says that if AvId field of MsvAvTimestamp is populated then we must set the MIC field of the AUTHENTICATE_MESSAGE */ + ses->server->ntlmssp.server_flags = le32_to_cpu(pblob->NegotiateFlags); + + tioffset = cpu_to_le16(pblob->TargetInfoArray.BufferOffset); + tilen = cpu_to_le16(pblob->TargetInfoArray.Length); + ses->tilen = tilen; + if (ses->tilen) { + ses->tiblob = kmalloc(tilen, GFP_KERNEL); + if (!ses->tiblob) { + cERROR(1, "Challenge target info allocation failure"); + return -ENOMEM; + } + memcpy(ses->tiblob, bcc_ptr + tioffset, ses->tilen); + } + return 0; } @@ -533,6 +550,7 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer, sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer); sec_blob->SessionKey.Length = 0; sec_blob->SessionKey.MaximumLength = 0; + return tmp - pbuffer; }