s***@public.gmane.org
2014-02-04 22:57:40 UTC
From: Shirish Pargaonkar <spargaonkar-IBi9RG/***@public.gmane.org>
Since cifs client does not support NTLM2 Session Security, do not set
bit NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY in Negotiate and
Authenticate messages of the NTLMSSP exchange during session setup.
Send EncryptedRandomSessionKey in an Authenticate message of NTLMSSP exchange
based only on whether server set NTLMSSP_NEGOTIATE_KEY_EXCH in the
Challenge message of the NTLMSSP exchange.
Reported-by: Ben Greear <greearb-my8/4N5VtI7c+***@public.gmane.org>
Signed-off-by: Shirish Pargaonkar <spargaonkar-IBi9RG/***@public.gmane.org>
---
fs/cifs/sess.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index e87387d..cdc57be 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -343,7 +343,7 @@ void build_ntlmssp_negotiate_blob(unsigned char *pbuffer,
/* BB is NTLMV2 session security format easier to use here? */
flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET |
NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
- NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;
+ NTLMSSP_NEGOTIATE_NTLM;
if (ses->server->sign) {
flags |= NTLMSSP_NEGOTIATE_SIGN;
if (!ses->server->session_estab ||
@@ -382,7 +382,7 @@ int build_ntlmssp_auth_blob(unsigned char *pbuffer,
flags = NTLMSSP_NEGOTIATE_56 |
NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO |
NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
- NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;
+ NTLMSSP_NEGOTIATE_NTLM;
if (ses->server->sign) {
flags |= NTLMSSP_NEGOTIATE_SIGN;
if (!ses->server->session_estab ||
@@ -450,8 +450,7 @@ int build_ntlmssp_auth_blob(unsigned char *pbuffer,
sec_blob->WorkstationName.MaximumLength = 0;
tmp += 2;
- if (((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) ||
- (ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
+ if ((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH)
&& !calc_seckey(ses)) {
memcpy(tmp, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE);
sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);
Since cifs client does not support NTLM2 Session Security, do not set
bit NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY in Negotiate and
Authenticate messages of the NTLMSSP exchange during session setup.
Send EncryptedRandomSessionKey in an Authenticate message of NTLMSSP exchange
based only on whether server set NTLMSSP_NEGOTIATE_KEY_EXCH in the
Challenge message of the NTLMSSP exchange.
Reported-by: Ben Greear <greearb-my8/4N5VtI7c+***@public.gmane.org>
Signed-off-by: Shirish Pargaonkar <spargaonkar-IBi9RG/***@public.gmane.org>
---
fs/cifs/sess.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index e87387d..cdc57be 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -343,7 +343,7 @@ void build_ntlmssp_negotiate_blob(unsigned char *pbuffer,
/* BB is NTLMV2 session security format easier to use here? */
flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET |
NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
- NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;
+ NTLMSSP_NEGOTIATE_NTLM;
if (ses->server->sign) {
flags |= NTLMSSP_NEGOTIATE_SIGN;
if (!ses->server->session_estab ||
@@ -382,7 +382,7 @@ int build_ntlmssp_auth_blob(unsigned char *pbuffer,
flags = NTLMSSP_NEGOTIATE_56 |
NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO |
NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
- NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;
+ NTLMSSP_NEGOTIATE_NTLM;
if (ses->server->sign) {
flags |= NTLMSSP_NEGOTIATE_SIGN;
if (!ses->server->session_estab ||
@@ -450,8 +450,7 @@ int build_ntlmssp_auth_blob(unsigned char *pbuffer,
sec_blob->WorkstationName.MaximumLength = 0;
tmp += 2;
- if (((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) ||
- (ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
+ if ((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH)
&& !calc_seckey(ses)) {
memcpy(tmp, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE);
sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);
--
1.8.3.2
1.8.3.2