Commit 9daa42e2 authored by Shirish Pargaonkar's avatar Shirish Pargaonkar Committed by Steve French

CIFS ntlm authentication and signing - Build a proper av/ti pair blob for...

CIFS ntlm authentication and signing - Build a proper av/ti pair blob for ntlmv2 without extended security authentication

Build an av pair blob as part of ntlmv2 (without extended security) auth
request.  Include netbios and dns names for domain and server and
a timestamp in the blob.
Signed-off-by: default avatarShirish Pargaonkar <shirishpargaonkar@gmail.com>
Reviewed-by: default avatarJeff Layton <jlayton@samba.org>
Signed-off-by: default avatarSteve French <sfrench@us.ibm.com>
parent 0dd12c21
...@@ -263,27 +263,85 @@ void calc_lanman_hash(const char *password, const char *cryptkey, bool encrypt, ...@@ -263,27 +263,85 @@ void calc_lanman_hash(const char *password, const char *cryptkey, bool encrypt,
} }
#endif /* CIFS_WEAK_PW_HASH */ #endif /* CIFS_WEAK_PW_HASH */
/* This is just a filler for ntlmv2 type of security mechanisms. /* Build a proper attribute value/target info pairs blob.
* Older servers are not very particular about the contents of av pairs * Fill in netbios and dns domain name and workstation name
* in the blob and for sec mechs like ntlmv2, there is no negotiation * and client time (total five av pairs and + one end of fields indicator.
* as in ntlmssp, so unless domain and server netbios and dns names * Allocate domain name which gets freed when session struct is deallocated.
* are specified, there is no way to obtain name. In case of ntlmssp,
* server provides that info in type 2 challenge packet
*/ */
static int static int
build_avpair_blob(struct cifsSesInfo *ses) build_avpair_blob(struct cifsSesInfo *ses, const struct nls_table *nls_cp)
{ {
unsigned int dlen;
unsigned int wlen;
unsigned int size = 6 * sizeof(struct ntlmssp2_name);
__le64 curtime;
char *defdmname = "WORKGROUP";
unsigned char *blobptr;
struct ntlmssp2_name *attrptr; struct ntlmssp2_name *attrptr;
ses->tilen = 2 * sizeof(struct ntlmssp2_name); if (!ses->domainName) {
ses->domainName = kstrdup(defdmname, GFP_KERNEL);
if (!ses->domainName)
return -ENOMEM;
}
dlen = strlen(ses->domainName);
wlen = strlen(ses->server->hostname);
/* The length of this blob is a size which is
* six times the size of a structure which holds name/size +
* two times the unicode length of a domain name +
* two times the unicode length of a server name +
* size of a timestamp (which is 8 bytes).
*/
ses->tilen = size + 2 * (2 * dlen) + 2 * (2 * wlen) + 8;
ses->tiblob = kzalloc(ses->tilen, GFP_KERNEL); ses->tiblob = kzalloc(ses->tilen, GFP_KERNEL);
if (!ses->tiblob) { if (!ses->tiblob) {
ses->tilen = 0; ses->tilen = 0;
cERROR(1, "Challenge target info allocation failure"); cERROR(1, "Challenge target info allocation failure");
return -ENOMEM; return -ENOMEM;
} }
attrptr = (struct ntlmssp2_name *) ses->tiblob;
attrptr->type = cpu_to_le16(NTLMSSP_DOMAIN_TYPE); blobptr = ses->tiblob;
attrptr = (struct ntlmssp2_name *) blobptr;
attrptr->type = cpu_to_le16(NTLMSSP_AV_NB_DOMAIN_NAME);
attrptr->length = cpu_to_le16(2 * dlen);
blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name);
cifs_strtoUCS((__le16 *)blobptr, ses->domainName, dlen, nls_cp);
blobptr += 2 * dlen;
attrptr = (struct ntlmssp2_name *) blobptr;
attrptr->type = cpu_to_le16(NTLMSSP_AV_NB_COMPUTER_NAME);
attrptr->length = cpu_to_le16(2 * wlen);
blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name);
cifs_strtoUCS((__le16 *)blobptr, ses->server->hostname, wlen, nls_cp);
blobptr += 2 * wlen;
attrptr = (struct ntlmssp2_name *) blobptr;
attrptr->type = cpu_to_le16(NTLMSSP_AV_DNS_DOMAIN_NAME);
attrptr->length = cpu_to_le16(2 * dlen);
blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name);
cifs_strtoUCS((__le16 *)blobptr, ses->domainName, dlen, nls_cp);
blobptr += 2 * dlen;
attrptr = (struct ntlmssp2_name *) blobptr;
attrptr->type = cpu_to_le16(NTLMSSP_AV_DNS_COMPUTER_NAME);
attrptr->length = cpu_to_le16(2 * wlen);
blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name);
cifs_strtoUCS((__le16 *)blobptr, ses->server->hostname, wlen, nls_cp);
blobptr += 2 * wlen;
attrptr = (struct ntlmssp2_name *) blobptr;
attrptr->type = cpu_to_le16(NTLMSSP_AV_TIMESTAMP);
attrptr->length = cpu_to_le16(sizeof(__le64));
blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name);
curtime = cpu_to_le64(cifs_UnixTimeToNT(CURRENT_TIME));
memcpy(blobptr, &curtime, sizeof(__le64));
return 0; return 0;
} }
...@@ -429,7 +487,7 @@ setup_ntlmv2_rsp(struct cifsSesInfo *ses, char *resp_buf, ...@@ -429,7 +487,7 @@ setup_ntlmv2_rsp(struct cifsSesInfo *ses, char *resp_buf,
} }
} }
} else { } else {
rc = build_avpair_blob(ses); rc = build_avpair_blob(ses, nls_cp);
if (rc) { if (rc) {
cERROR(1, "error %d building av pair blob", rc); cERROR(1, "error %d building av pair blob", rc);
return rc; return rc;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment