• Shirish Pargaonkar's avatar
    cifs NTLMv2/NTLMSSP ntlmv2 within ntlmssp autentication code · 2b149f11
    Shirish Pargaonkar authored
    Attribue Value (AV) pairs or Target Info (TI) pairs are part of
    ntlmv2 authentication.
    Structure ntlmv2_resp had only definition for two av pairs.
    So removed it, and now allocation of av pairs is dynamic.
    For servers like Windows 7/2008, av pairs sent by server in
    challege packet (type 2 in the ntlmssp exchange/negotiation) can
    vary.
    
    Server sends them during ntlmssp negotiation. So when ntlmssp is used
    as an authentication mechanism, type 2 challenge packet from server
    has this information.  Pluck it and use the entire blob for
    authenticaiton purpose.  If user has not specified, extract
    (netbios) domain name from the av pairs which is used to calculate
    ntlmv2 hash.  Servers like Windows 7 are particular about the AV pair
    blob.
    
    Servers like Windows 2003, are not very strict about the contents
    of av pair blob used during ntlmv2 authentication.
    So when security mechanism such as ntlmv2 is used (not ntlmv2 in ntlmssp),
    there is no negotiation and so genereate a minimal blob that gets
    used in ntlmv2 authentication as well as gets sent.
    
    Fields tilen and tilbob are session specific.  AV pair values are defined.
    
    To calculate ntlmv2 response we need ti/av pair blob.
    
    For sec mech like ntlmssp, the blob is plucked from type 2 response from
    the server.  From this blob, netbios name of the domain is retrieved,
    if user has not already provided, to be included in the Target String
    as part of ntlmv2 hash calculations.
    
    For sec mech like ntlmv2, create a minimal, two av pair blob.
    
    The allocated blob is freed in case of error.  In case there is no error,
    this blob is used in calculating ntlmv2 response (in CalcNTLMv2_response)
    and is also copied on the response to the server, and then freed.
    
    The type 3 ntlmssp response is prepared on a buffer,
    5 * sizeof of struct _AUTHENTICATE_MESSAGE, an empirical value large
    enough to hold _AUTHENTICATE_MESSAGE plus a blob with max possible
    10 values as part of ntlmv2 response and lmv2 keys and domain, user,
    workstation  names etc.
    
    Also, kerberos gets selected as a default mechanism if server supports it,
    over the other security mechanisms.
    Signed-off-by: default avatarShirish Pargaonkar <shirishpargaonkar@gmail.com>
    Signed-off-by: default avatarSteve French <sfrench@us.ibm.com>
    2b149f11
ntlmssp.h 5.3 KB