On Wed, Dec 8, 2010 at 10:06 AM, Jeff Layton <[email protected]> wrote:
> On Wed, 8 Dec 2010 09:41:05 -0600
> [email protected] wrote:
>
>> From: Shirish Pargaonkar <[email protected]>
>>
>>
>> Indicate to the server a capability of NTLM2 session security (NTLM2 Key)
>> during ntlmssp protocol exchange in one of the bits of the flags field.
>> If server supports this capability, send NTLM2 key even if signing is not
>> required on the server.
>> If the server requires signing, the sesison keys exchanged for NTLMv2
>> and NTLM2 session security in auth packet of the nlmssp exchange are same.
>>
>>
>> Signed-off-by: Shirish Pargaonkar <[email protected]>
>> ---
>> fs/cifs/sess.c | 7 ++++---
>> 1 files changed, 4 insertions(+), 3 deletions(-)
>>
>> diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
>> index 7b01d3f..122ad31 100644
>> --- a/fs/cifs/sess.c
>> +++ b/fs/cifs/sess.c
>> @@ -437,7 +437,7 @@ static void build_ntlmssp_negotiate_blob(unsigned char
>> *pbuffer,
>> /* BB is NTLMV2 session security format easier to use here? */
>> flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET |
>> NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
>> - NTLMSSP_NEGOTIATE_NTLM;
>> + NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;
>> if (ses->server->secMode &
>> (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) {
>> flags |= NTLMSSP_NEGOTIATE_SIGN;
>> @@ -544,8 +544,9 @@ static int build_ntlmssp_auth_blob(unsigned char
>> *pbuffer,
>> sec_blob->WorkstationName.MaximumLength = 0;
>> tmp += 2;
>>
>> - if ((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) &&
>> - !calc_seckey(ses)) {
>> + if (((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) ||
>> + ((ses->ntlmssp->server_flags &
>> NTLMSSP_NEGOTIATE_EXTENDED_SEC)))
> ^^^
> You can (and should) eliminate a set of parenthesis here.
Sure.
>
>> + && !calc_seckey(ses)) {
>> memcpy(tmp, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE);
>> sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);
>> sec_blob->SessionKey.Length = cpu_to_le16(CIFS_CPHTXT_SIZE);
>
> Other than that, it looks reasonable to me. I'll have to take your
> word for it that this is the right thing to do as I find the NTLMSSP
> spec really difficult to comprehend.
>
> It also might be nice to add:
>
> Reported-and-Tested-by: Robbert Kouprie <[email protected]>
>
> ...since he did help track this down.
>
> --
> Jeff Layton <[email protected]>
>
Sure, I will respin it. Sorry for the omission Robbert.
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
