From patchwork Fri Dec 10 16:30:47 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
X-Patchwork-Id: 398962
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by demeter1.kernel.org (8.14.4/8.14.3) with ESMTP id oBAGZxiC020321
	for <patchwork-linux-cifs@patchwork.kernel.org>;
	Fri, 10 Dec 2010 16:35:59 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1756572Ab0LJQf6 (ORCPT
	<rfc822;patchwork-linux-cifs@patchwork.kernel.org>);
	Fri, 10 Dec 2010 11:35:58 -0500
Received: from mail-qw0-f46.google.com ([209.85.216.46]:64401 "EHLO
	mail-qw0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1756543Ab0LJQf6 (ORCPT
	<rfc822; linux-cifs@vger.kernel.org>); Fri, 10 Dec 2010 11:35:58 -0500
Received: by qwa26 with SMTP id 26so4040107qwa.19
	for <linux-cifs@vger.kernel.org>;
	Fri, 10 Dec 2010 08:35:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:from:to:cc:subject:date
	:message-id:x-mailer;
	bh=WKS7p3whK/azustvbQFAbvvOj5GktQoP7cVnboWJLc4=;
	b=dcEahoOBtuCR0K9a2hh9lqpXIffnTH08IXunjebBVE/3BvIF5sxog110WmS0DhML44
	3mGmPmXNdLpGgBLHpOVvA1hfhawzc5/rXDw+53nMZ3Z1O++8wqzFMJwxoMKmbVWv5/R+
	RSQ25jYm8YBvII1BXl8pZS6ikoNgy4WzsTieA=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=from:to:cc:subject:date:message-id:x-mailer;
	b=DVsfeZ+5sCVLD28uQI8hvlnrpOIplOFRr30VJ0ck4pJNdBvZEo6ushE0b62HmrBIC/
	heRxf+1bLXWuyv4GdOUu91xXXUny4/SEbyXDE1xGM9I2ewe/jro4Fsf8Q/JtpRuO4YR4
	JyM/b/1YZdxmAj0CX6E5fS+YI2Na0HvVMbjNc=
Received: by 10.224.11.74 with SMTP id s10mr901519qas.317.1291998957427;
	Fri, 10 Dec 2010 08:35:57 -0800 (PST)
Received: from localhost ([32.97.110.58]) by mx.google.com with ESMTPS id
	mz11sm2080959qcb.15.2010.12.10.08.35.56
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Fri, 10 Dec 2010 08:35:56 -0800 (PST)
From: shirishpargaonkar@gmail.com
To: smfrench@gmail.com
Cc: linux-cifs@vger.kernel.org,
	Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Subject: [PATCH] cifs: Support NTLM2 session security during NTLMSSP
	authentication [try #4]
Date: Fri, 10 Dec 2010 10:30:47 -0600
Message-Id: <1291998647-10763-1-git-send-email-shirishpargaonkar@gmail.com>
X-Mailer: git-send-email 1.6.0.2
Sender: linux-cifs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-cifs.vger.kernel.org>
X-Mailing-List: linux-cifs@vger.kernel.org
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by
	milter-greylist-4.2.3 (demeter1.kernel.org [140.211.167.41]);
	Fri, 10 Dec 2010 16:35:59 +0000 (UTC)


diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index 7b01d3f..56e945a 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -425,7 +425,7 @@ static int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len,
 
 /* We do not malloc the blob, it is passed in pbuffer, because
    it is fixed size, and small, making this approach cleaner */
-static void build_ntlmssp_negotiate_blob(unsigned char *pbuffer,
+static void build_ntlmssp_negotiate_blob(char *pbuffer,
 					 struct cifsSesInfo *ses)
 {
 	NEGOTIATE_MESSAGE *sec_blob = (NEGOTIATE_MESSAGE *)pbuffer;
@@ -437,7 +437,7 @@ static void build_ntlmssp_negotiate_blob(unsigned char *pbuffer,
 	/* BB is NTLMV2 session security format easier to use here? */
 	flags = NTLMSSP_NEGOTIATE_56 |	NTLMSSP_REQUEST_TARGET |
 		NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
-		NTLMSSP_NEGOTIATE_NTLM;
+		NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;
 	if (ses->server->secMode &
 			(SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) {
 		flags |= NTLMSSP_NEGOTIATE_SIGN;
@@ -446,7 +446,7 @@ static void build_ntlmssp_negotiate_blob(unsigned char *pbuffer,
 				NTLMSSP_NEGOTIATE_EXTENDED_SEC;
 	}
 
-	sec_blob->NegotiateFlags |= cpu_to_le32(flags);
+	sec_blob->NegotiateFlags = cpu_to_le32(flags);
 
 	sec_blob->WorkstationName.BufferOffset = 0;
 	sec_blob->WorkstationName.Length = 0;
@@ -477,7 +477,7 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer,
 	flags = NTLMSSP_NEGOTIATE_56 |
 		NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO |
 		NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
-		NTLMSSP_NEGOTIATE_NTLM;
+		NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;
 	if (ses->server->secMode &
 	   (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
 		flags |= NTLMSSP_NEGOTIATE_SIGN;
@@ -485,7 +485,7 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer,
 		flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
 
 	tmp = pbuffer + sizeof(AUTHENTICATE_MESSAGE);
-	sec_blob->NegotiateFlags |= cpu_to_le32(flags);
+	sec_blob->NegotiateFlags = cpu_to_le32(flags);
 
 	sec_blob->LmChallengeResponse.BufferOffset =
 				cpu_to_le32(sizeof(AUTHENTICATE_MESSAGE));
@@ -544,8 +544,9 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer,
 	sec_blob->WorkstationName.MaximumLength = 0;
 	tmp += 2;
 
-	if ((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) &&
-			!calc_seckey(ses)) {
+	if (((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) ||
+		(ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
+			&& !calc_seckey(ses)) {
 		memcpy(tmp, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE);
 		sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);
 		sec_blob->SessionKey.Length = cpu_to_le16(CIFS_CPHTXT_SIZE);
@@ -562,16 +563,6 @@ setup_ntlmv2_ret:
 	*buflen = tmp - pbuffer;
 	return rc;
 }
-
-
-static void setup_ntlmssp_neg_req(SESSION_SETUP_ANDX *pSMB,
-				 struct cifsSesInfo *ses)
-{
-	build_ntlmssp_negotiate_blob(&pSMB->req.SecurityBlob[0], ses);
-	pSMB->req.SecurityBlobLength = cpu_to_le16(sizeof(NEGOTIATE_MESSAGE));
-
-	return;
-}
 #endif
 
 int
@@ -595,6 +586,7 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses,
 	__le32 phase = NtLmNegotiate; /* NTLMSSP, if needed, is multistage */
 	u16 blob_len;
 	char *ntlmsspblob = NULL;
+	char *ntlmsspnblob = NULL;
 
 	if (ses == NULL)
 		return -EINVAL;
@@ -828,16 +820,26 @@ ssetup_ntlmssp_authenticate:
 			capabilities |= CAP_EXTENDED_SECURITY;
 			pSMB->req.Capabilities |= cpu_to_le32(capabilities);
 			if (phase == NtLmNegotiate) {
-				setup_ntlmssp_neg_req(pSMB, ses);
+				ntlmsspnblob = kzalloc(
+					sizeof(struct _NEGOTIATE_MESSAGE),
+					GFP_KERNEL);
+				if (!ntlmsspnblob) {
+					cERROR(1, "Can't allocate NTLMSSPN");
+					rc = -ENOMEM;
+					goto ssetup_exit;
+				}
+				build_ntlmssp_negotiate_blob(ntlmsspnblob, ses);
 				iov[1].iov_len = sizeof(NEGOTIATE_MESSAGE);
-				iov[1].iov_base = &pSMB->req.SecurityBlob[0];
+				iov[1].iov_base = ntlmsspnblob;
+				pSMB->req.SecurityBlobLength =
+					cpu_to_le16(sizeof(NEGOTIATE_MESSAGE));
 			} else if (phase == NtLmAuthenticate) {
-				/* 5 is an empirical value, large enought to
+				/* 5 is an empirical value, large enough to
 				 * hold authenticate message, max 10 of
 				 * av paris, doamin,user,workstation mames,
 				 * flags etc..
 				 */
-				ntlmsspblob = kmalloc(
+				ntlmsspblob = kzalloc(
 					5*sizeof(struct _AUTHENTICATE_MESSAGE),
 					GFP_KERNEL);
 				if (!ntlmsspblob) {
@@ -960,6 +962,8 @@ ssetup_exit:
 		key_put(spnego_key);
 	}
 	kfree(str_area);
+	kfree(ntlmsspnblob);
+	ntlmsspnblob = NULL;
 	kfree(ntlmsspblob);
 	ntlmsspblob = NULL;
 	if (resp_buf_type == CIFS_SMALL_BUFFER) {