On Sat, 11 Dec 2010 14:19:22 -0600 [email protected] wrote: > From: Shirish Pargaonkar <[email protected]> > > > Indicate to the server a capability of NTLM2 session security (NTLM2 Key) > during ntlmssp protocol exchange in one of the bits of the flags field. > If server supports this capability, send NTLM2 key even if signing is not > required on the server. > > If the server requires signing, the session keys exchanged for NTLMv2 > and NTLM2 session security in auth packet of the nlmssp exchange are same. > > Send the same flags in authenticate message (type 3) that client sent in > negotiate message (type 1). > > Remove function setup_ntlmssp_neg_req > > Make sure ntlmssp negotiate and authenticate messages are zero'ed > before they are built. > > > Reported-and-Tested-by: Robbert Kouprie <[email protected]> > Signed-off-by: Shirish Pargaonkar <[email protected]> > --- > fs/cifs/sess.c | 33 ++++++++++++++------------------- > 1 files changed, 14 insertions(+), 19 deletions(-) > > diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c > index 7b01d3f..54d9f76 100644 > --- a/fs/cifs/sess.c > +++ b/fs/cifs/sess.c > @@ -431,13 +431,14 @@ static void build_ntlmssp_negotiate_blob(unsigned char > *pbuffer, > NEGOTIATE_MESSAGE *sec_blob = (NEGOTIATE_MESSAGE *)pbuffer; > __u32 flags; > > + memset(pbuffer, 0, sizeof(NEGOTIATE_MESSAGE)); > memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8); > sec_blob->MessageType = NtLmNegotiate; > > /* BB is NTLMV2 session security format easier to use here? */ > flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET | > NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE | > - NTLMSSP_NEGOTIATE_NTLM; > + NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC; > if (ses->server->secMode & > (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) { > flags |= NTLMSSP_NEGOTIATE_SIGN; > @@ -446,7 +447,7 @@ static void build_ntlmssp_negotiate_blob(unsigned char > *pbuffer, > NTLMSSP_NEGOTIATE_EXTENDED_SEC; > } > > - sec_blob->NegotiateFlags |= cpu_to_le32(flags); > + sec_blob->NegotiateFlags = cpu_to_le32(flags); > > sec_blob->WorkstationName.BufferOffset = 0; > sec_blob->WorkstationName.Length = 0; > @@ -477,7 +478,7 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer, > flags = NTLMSSP_NEGOTIATE_56 | > NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO | > NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE | > - NTLMSSP_NEGOTIATE_NTLM; > + NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC; > if (ses->server->secMode & > (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) > flags |= NTLMSSP_NEGOTIATE_SIGN; > @@ -485,7 +486,7 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer, > flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN; > > tmp = pbuffer + sizeof(AUTHENTICATE_MESSAGE); > - sec_blob->NegotiateFlags |= cpu_to_le32(flags); > + sec_blob->NegotiateFlags = cpu_to_le32(flags); > > sec_blob->LmChallengeResponse.BufferOffset = > cpu_to_le32(sizeof(AUTHENTICATE_MESSAGE)); > @@ -544,8 +545,9 @@ static int build_ntlmssp_auth_blob(unsigned char *pbuffer, > sec_blob->WorkstationName.MaximumLength = 0; > tmp += 2; > > - if ((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) && > - !calc_seckey(ses)) { > + if (((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) || > + (ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_EXTENDED_SEC)) > + && !calc_seckey(ses)) { > memcpy(tmp, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE); > sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer); > sec_blob->SessionKey.Length = cpu_to_le16(CIFS_CPHTXT_SIZE); > @@ -562,16 +564,6 @@ setup_ntlmv2_ret: > *buflen = tmp - pbuffer; > return rc; > } > - > - > -static void setup_ntlmssp_neg_req(SESSION_SETUP_ANDX *pSMB, > - struct cifsSesInfo *ses) > -{ > - build_ntlmssp_negotiate_blob(&pSMB->req.SecurityBlob[0], ses); > - pSMB->req.SecurityBlobLength = cpu_to_le16(sizeof(NEGOTIATE_MESSAGE)); > - > - return; > -} > #endif > > int > @@ -828,16 +820,19 @@ ssetup_ntlmssp_authenticate: > capabilities |= CAP_EXTENDED_SECURITY; > pSMB->req.Capabilities |= cpu_to_le32(capabilities); > if (phase == NtLmNegotiate) { > - setup_ntlmssp_neg_req(pSMB, ses); > + build_ntlmssp_negotiate_blob( > + pSMB->req.SecurityBlob, ses); > iov[1].iov_len = sizeof(NEGOTIATE_MESSAGE); > - iov[1].iov_base = &pSMB->req.SecurityBlob[0]; > + iov[1].iov_base = pSMB->req.SecurityBlob; > + pSMB->req.SecurityBlobLength = > + cpu_to_le16(sizeof(NEGOTIATE_MESSAGE)); > } else if (phase == NtLmAuthenticate) { > /* 5 is an empirical value, large enought to > * hold authenticate message, max 10 of > * av paris, doamin,user,workstation mames, > * flags etc.. > */ > - ntlmsspblob = kmalloc( > + ntlmsspblob = kzalloc( > 5*sizeof(struct _AUTHENTICATE_MESSAGE), > GFP_KERNEL); > if (!ntlmsspblob) {
Acked-by: Jeff Layton <[email protected]> -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
