From patchwork Sat Dec 11 20:19:22 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shirish Pargaonkar X-Patchwork-Id: 400102 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter1.kernel.org (8.14.4/8.14.3) with ESMTP id oBBKOTGm001447 for ; Sat, 11 Dec 2010 20:24:29 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751874Ab0LKUY2 (ORCPT ); Sat, 11 Dec 2010 15:24:28 -0500 Received: from mail-gx0-f180.google.com ([209.85.161.180]:49960 "EHLO mail-gx0-f180.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751779Ab0LKUY1 (ORCPT ); Sat, 11 Dec 2010 15:24:27 -0500 Received: by gxk19 with SMTP id 19so3106252gxk.11 for ; Sat, 11 Dec 2010 12:24:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:cc:subject:date :message-id:x-mailer; bh=4yVMv2iowI/ZJJqvEyHymMvY+mf7I2UFsI03r4YvLFI=; b=ABgyxBIj80CDzmVcq4ActckDZ7Ng8wJUgteg8h5F2c6QEtalyTGhkbAQ58FE69nELk y1STxUaCwmIRtpynHBcEWEHorBbk6qR1Q2qDC7sQOrMXtm6KzFzBWIDoVSH9KQETLpA+ FWkMhNwO6W3xgCPCs4CY0Lzzd6C2CHN1NLIHs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:cc:subject:date:message-id:x-mailer; b=jl8ueINmmp1x5QTMCTjKyumJMzBzPogZVUv2zZ6yKaKVLh3WO3pRdDmgbHSkUbAone vLBtmCDe8qRdT4J+lMBhzb+WtBT8FO87W541b/vqBEYaYVQRoc292KFnaAu2wQmGPJNJ ieCBC2mw0zqvycWubx7a23b9usb3hSKwKa5SY= Received: by 10.151.149.18 with SMTP id b18mr3540365ybo.197.1292099067165; Sat, 11 Dec 2010 12:24:27 -0800 (PST) Received: from localhost ([32.97.110.58]) by mx.google.com with ESMTPS id u10sm1325635yba.13.2010.12.11.12.24.25 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 11 Dec 2010 12:24:26 -0800 (PST) From: shirishpargaonkar@gmail.com To: smfrench@gmail.com Cc: linux-cifs@vger.kernel.org, Shirish Pargaonkar Subject: [PATCH] cifs: Support NTLM2 session security during NTLMSSP authentication [try #5] Date: Sat, 11 Dec 2010 14:19:22 -0600 Message-Id: <1292098762-16076-1-git-send-email-shirishpargaonkar@gmail.com> X-Mailer: git-send-email 1.6.0.2 Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.3 (demeter1.kernel.org [140.211.167.41]); Sat, 11 Dec 2010 20:24:29 +0000 (UTC) diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index 7b01d3f..54d9f76 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c @@ -431,13 +431,14 @@ static void build_ntlmssp_negotiate_blob(unsigned char *pbuffer, NEGOTIATE_MESSAGE *sec_blob = (NEGOTIATE_MESSAGE *)pbuffer; __u32 flags; + memset(pbuffer, 0, sizeof(NEGOTIATE_MESSAGE)); memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8); sec_blob->MessageType = NtLmNegotiate; /* BB is NTLMV2 session security format easier to use here? */ flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE | - NTLMSSP_NEGOTIATE_NTLM; + NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC; if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) { flags |= NTLMSSP_NEGOTIATE_SIGN; @@ -446,7 +447,7 @@ static void build_ntlmssp_negotiate_blob(unsigned char *pbuffer, NTLMSSP_NEGOTIATE_EXTENDED_SEC; } - sec_blob->NegotiateFlags |= cpu_to_le32(flags); + sec_blob->NegotiateFlags = cpu_to_le32(flags); sec_blob->WorkstationName.BufferOffset = 0; sec_blob->WorkstationName.Length = 0; @@ -477,7 +478,7 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer, flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO | NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE | - NTLMSSP_NEGOTIATE_NTLM; + NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC; if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) flags |= NTLMSSP_NEGOTIATE_SIGN; @@ -485,7 +486,7 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer, flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN; tmp = pbuffer + sizeof(AUTHENTICATE_MESSAGE); - sec_blob->NegotiateFlags |= cpu_to_le32(flags); + sec_blob->NegotiateFlags = cpu_to_le32(flags); sec_blob->LmChallengeResponse.BufferOffset = cpu_to_le32(sizeof(AUTHENTICATE_MESSAGE)); @@ -544,8 +545,9 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer, sec_blob->WorkstationName.MaximumLength = 0; tmp += 2; - if ((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) && - !calc_seckey(ses)) { + if (((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) || + (ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_EXTENDED_SEC)) + && !calc_seckey(ses)) { memcpy(tmp, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE); sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer); sec_blob->SessionKey.Length = cpu_to_le16(CIFS_CPHTXT_SIZE); @@ -562,16 +564,6 @@ setup_ntlmv2_ret: *buflen = tmp - pbuffer; return rc; } - - -static void setup_ntlmssp_neg_req(SESSION_SETUP_ANDX *pSMB, - struct cifsSesInfo *ses) -{ - build_ntlmssp_negotiate_blob(&pSMB->req.SecurityBlob[0], ses); - pSMB->req.SecurityBlobLength = cpu_to_le16(sizeof(NEGOTIATE_MESSAGE)); - - return; -} #endif int @@ -828,16 +820,19 @@ ssetup_ntlmssp_authenticate: capabilities |= CAP_EXTENDED_SECURITY; pSMB->req.Capabilities |= cpu_to_le32(capabilities); if (phase == NtLmNegotiate) { - setup_ntlmssp_neg_req(pSMB, ses); + build_ntlmssp_negotiate_blob( + pSMB->req.SecurityBlob, ses); iov[1].iov_len = sizeof(NEGOTIATE_MESSAGE); - iov[1].iov_base = &pSMB->req.SecurityBlob[0]; + iov[1].iov_base = pSMB->req.SecurityBlob; + pSMB->req.SecurityBlobLength = + cpu_to_le16(sizeof(NEGOTIATE_MESSAGE)); } else if (phase == NtLmAuthenticate) { /* 5 is an empirical value, large enought to * hold authenticate message, max 10 of * av paris, doamin,user,workstation mames, * flags etc.. */ - ntlmsspblob = kmalloc( + ntlmsspblob = kzalloc( 5*sizeof(struct _AUTHENTICATE_MESSAGE), GFP_KERNEL); if (!ntlmsspblob) {