• Peter Seiderer's avatar
    cifs: use server timestamp for ntlmv2 authentication · 90bba09c
    Peter Seiderer authored
    commit 98ce94c8 upstream.
    
    Linux cifs mount with ntlmssp against an Mac OS X (Yosemite
    10.10.5) share fails in case the clocks differ more than +/-2h:
    
    digest-service: digest-request: od failed with 2 proto=ntlmv2
    digest-service: digest-request: kdc failed with -1561745592 proto=ntlmv2
    
    Fix this by (re-)using the given server timestamp for the
    ntlmv2 authentication (as Windows 7 does).
    
    A related problem was also reported earlier by Namjae Jaen (see below):
    
    Windows machine has extended security feature which refuse to allow
    authentication when there is time difference between server time and
    client time when ntlmv2 negotiation is used. This problem is prevalent
    in embedded enviornment where system time is set to default 1970.
    
    Modern servers send the server timestamp in the TargetInfo Av_Pair
    structure in the challenge message [see MS-NLMP 2.2.2.1]
    In [MS-NLMP 3.1.5.1.2] it is explicitly mentioned that the client must
    use the server provided timestamp if present OR current time if it is
    not
    Reported-by: default avatarNamjae Jeon <namjae.jeon@samsung.com>
    Signed-off-by: default avatarPeter Seiderer <ps.report@gmx.net>
    Signed-off-by: default avatarSteve French <smfrench@gmail.com>
    [bwh: Backported to 3.2: adjust context]
    Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
    90bba09c
cifsencrypt.c 22.1 KB