Commit 34f773cd authored by Steve French's avatar Steve French

NTLMv2 password support and NTLMSSP signing part 1

parent c7b0b16d
...@@ -24,6 +24,7 @@ ...@@ -24,6 +24,7 @@
#include "cifsglob.h" #include "cifsglob.h"
#include "cifs_debug.h" #include "cifs_debug.h"
#include "md5.h" #include "md5.h"
#include "cifs_unicode.h"
/* Calculate and return the CIFS signature based on the mac key and the smb pdu */ /* Calculate and return the CIFS signature based on the mac key and the smb pdu */
/* the 16 byte signature must be allocated by the caller */ /* the 16 byte signature must be allocated by the caller */
...@@ -133,8 +134,58 @@ int cifs_calculate_mac_key(char * key, const char * rn, const char * password) ...@@ -133,8 +134,58 @@ int cifs_calculate_mac_key(char * key, const char * rn, const char * password)
if ((key == NULL) || (rn == NULL) || (password == NULL)) if ((key == NULL) || (rn == NULL) || (password == NULL))
return -EINVAL; return -EINVAL;
E_md4hash(password, temp_key); /* BB may have to do another md4 of it */ E_md4hash(password, temp_key);
mdfour(key,temp_key,16); mdfour(key,temp_key,16);
memcpy(key+16,rn, CIFS_SESSION_KEY_SIZE); memcpy(key+16,rn, CIFS_SESSION_KEY_SIZE);
return 0; return 0;
} }
int CalcNTLMv2_partial_mac_key(struct cifsSesInfo * ses, struct nls_table * nls_info)
{
char temp_key[16];
struct HMACMD5Context ctx;
char * ucase_buf;
wchar_t * unicode_buf;
unsigned int i,user_len,dom_len;
if(ses)
return -EINVAL;
E_md4hash(ses->password_with_pad, temp_key);
hmac_md5_init_limK_to_64(temp_key, 16, &ctx);
user_len = strlen(ses->userName);
if(user_len > MAX_USERNAME_SIZE)
return -EINVAL;
dom_len = strlen(ses->domainName);
if(dom_len > MAX_USERNAME_SIZE)
return -EINVAL;
ucase_buf = kmalloc((MAX_USERNAME_SIZE+1), GFP_KERNEL);
unicode_buf = kmalloc((MAX_USERNAME_SIZE+1)*2, GFP_KERNEL);
for(i=0;i<user_len;i++)
ucase_buf[i] = nls_info->charset2upper[(int)ses->userName[i]];
ucase_buf[i] = 0;
user_len = cifs_strtoUCS(unicode_buf, ucase_buf, MAX_USERNAME_SIZE*2, nls_info);
/* BB inc user_len + 2 or 2 for trailing nulls? */
/* Add call to hmac md5 user BB */
for(i=0;i<dom_len;i++)
ucase_buf[i] = nls_info->charset2upper[(int)ses->domainName[i]];
ucase_buf[i] = 0;
dom_len = cifs_strtoUCS(unicode_buf, ucase_buf, MAX_USERNAME_SIZE*2, nls_info);
/* BB inc dom_len + 1 or 2 for trailing nulls? */
/* Add call to hmac md5 domain */
/* BB add hmac md5 final BB */
kfree(ucase_buf);
kfree(unicode_buf);
return 0;
}
...@@ -88,8 +88,7 @@ extern int CIFSNTLMSSPNegotiateSessSetup(unsigned int xid, ...@@ -88,8 +88,7 @@ extern int CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
const struct nls_table *); const struct nls_table *);
extern int CIFSNTLMSSPAuthSessSetup(unsigned int xid, extern int CIFSNTLMSSPAuthSessSetup(unsigned int xid,
struct cifsSesInfo *ses, char *ntlm_session_key, struct cifsSesInfo *ses, char *ntlm_session_key,
char *lanman_session_key,int ntlmv2_flag, int ntlmv2_flag, const struct nls_table *);
const struct nls_table *);
extern int CIFSTCon(unsigned int xid, struct cifsSesInfo *ses, extern int CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
const char *tree, struct cifsTconInfo *tcon, const char *tree, struct cifsTconInfo *tcon,
...@@ -229,6 +228,7 @@ extern int cifs_sign_smb(struct smb_hdr *, struct cifsSesInfo *,__u32 *); ...@@ -229,6 +228,7 @@ extern int cifs_sign_smb(struct smb_hdr *, struct cifsSesInfo *,__u32 *);
extern int cifs_verify_signature(const struct smb_hdr *, const char * mac_key, extern int cifs_verify_signature(const struct smb_hdr *, const char * mac_key,
__u32 expected_sequence_number); __u32 expected_sequence_number);
extern int cifs_calculate_mac_key(char * key,const char * rn,const char * pass); extern int cifs_calculate_mac_key(char * key,const char * rn,const char * pass);
extern void CalcNTLMv2_partial_mac_key(struct cifsSesInfo *, struct nls_table *);
/* BB routines below not implemented yet BB */ /* BB routines below not implemented yet BB */
......
...@@ -634,7 +634,6 @@ get_dfs_path(int xid, struct cifsSesInfo *pSesInfo, ...@@ -634,7 +634,6 @@ get_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
int setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo, struct nls_table * nls_info) int setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo, struct nls_table * nls_info)
{ {
int rc = 0; int rc = 0;
char session_key[CIFS_SESSION_KEY_SIZE];
char ntlm_session_key[CIFS_SESSION_KEY_SIZE]; char ntlm_session_key[CIFS_SESSION_KEY_SIZE];
int ntlmv2_flag = FALSE; int ntlmv2_flag = FALSE;
...@@ -666,35 +665,38 @@ int setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo, struct nls_tab ...@@ -666,35 +665,38 @@ int setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo, struct nls_tab
nls_info); nls_info);
if (!rc) { if (!rc) {
if(ntlmv2_flag) { if(ntlmv2_flag) {
cFYI(1,("Able to use the more secure NTLM version 2 password hash")); cFYI(1,("Can use more secure NTLM version 2 password hash"));
/* SMBNTv2encrypt( ...); */ /* BB fix this up - /* SMBNTv2encrypt( ...); */ /* BB fix this up */
and note that Samba client equivalent looks wrong */ CalcNTLMv2_partial_mac_key(pSesInfo,
} else nls_info);
SMBNTencrypt(pSesInfo->password_with_pad, /* cifs_calculate_ntlmv2_mac_key(pSesInfo->mac_signing_key, ntlm_session_key, */
pSesInfo->server->cryptKey,ntlm_session_key); /* BB Put dummy sig in SessSetup PDU? */
/* BB add call to save MAC key here BB */ } else {
SMBNTencrypt(pSesInfo->password_with_pad,
pSesInfo->server->cryptKey,
ntlm_session_key);
/* for better security the weaker lanman hash not sent cifs_calculate_mac_key(pSesInfo->mac_signing_key,
in AuthSessSetup so why bother calculating it */ ntlm_session_key,
/* toUpper(nls_info, pSesInfo->password_with_pad);
password_with_pad); }
SMBencrypt(password_with_pad, /* for better security the weaker lanman hash not sent
pSesInfo->server->cryptKey, session_key); */ in AuthSessSetup so we no longer calculate it */
rc = CIFSNTLMSSPAuthSessSetup(xid, rc = CIFSNTLMSSPAuthSessSetup(xid,
pSesInfo, pSesInfo,
ntlm_session_key, ntlm_session_key,
session_key, ntlmv2_flag,
ntlmv2_flag, nls_info);
nls_info);
} }
} else { /* old style NTLM 0.12 session setup */ } else { /* old style NTLM 0.12 session setup */
SMBNTencrypt(pSesInfo->password_with_pad, SMBNTencrypt(pSesInfo->password_with_pad,
pSesInfo->server->cryptKey, pSesInfo->server->cryptKey,
ntlm_session_key); ntlm_session_key);
cifs_calculate_mac_key(pSesInfo->mac_signing_key, ntlm_session_key, pSesInfo->password_with_pad); cifs_calculate_mac_key(pSesInfo->mac_signing_key,
ntlm_session_key, pSesInfo->password_with_pad);
rc = CIFSSessSetup(xid, pSesInfo, rc = CIFSSessSetup(xid, pSesInfo,
ntlm_session_key, nls_info); ntlm_session_key, nls_info);
} }
...@@ -1297,7 +1299,7 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses, ...@@ -1297,7 +1299,7 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
int bytes_returned = 0; int bytes_returned = 0;
int len; int len;
cFYI(1, ("In v2 sesssetup ")); cFYI(1, ("In spnego sesssetup "));
smb_buffer = buf_get(); smb_buffer = buf_get();
if (smb_buffer == 0) { if (smb_buffer == 0) {
...@@ -1605,7 +1607,9 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid, ...@@ -1605,7 +1607,9 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
SecurityBlob->NegotiateFlags = SecurityBlob->NegotiateFlags =
NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM | NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM | 0x80000000 | NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM | 0x80000000 |
NTLMSSP_NEGOTIATE_ALWAYS_SIGN | NTLMSSP_NEGOTIATE_128; /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
if(sign_CIFS_PDUs)
SecurityBlob->NegotiateFlags |= NTLMSSP_NEGOTIATE_SIGN;
if(ntlmv2_support) if(ntlmv2_support)
SecurityBlob->NegotiateFlags |= NTLMSSP_NEGOTIATE_NTLMV2; SecurityBlob->NegotiateFlags |= NTLMSSP_NEGOTIATE_NTLMV2;
/* setup pointers to domain name and workstation name */ /* setup pointers to domain name and workstation name */
...@@ -1725,6 +1729,10 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid, ...@@ -1725,6 +1729,10 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
CIFS_CRYPTO_KEY_SIZE); CIFS_CRYPTO_KEY_SIZE);
if(SecurityBlob2->NegotiateFlags & NTLMSSP_NEGOTIATE_NTLMV2) if(SecurityBlob2->NegotiateFlags & NTLMSSP_NEGOTIATE_NTLMV2)
*pNTLMv2_flag = TRUE; *pNTLMv2_flag = TRUE;
/* if(SecurityBlob2->NegotiateFlags & NTLMSSP_NEGOTIATE_SIGN)
always sign */ /* BB FIXME BB */
if (smb_buffer->Flags2 &= SMBFLG2_UNICODE) { if (smb_buffer->Flags2 &= SMBFLG2_UNICODE) {
if ((long) (bcc_ptr) % 2) { if ((long) (bcc_ptr) % 2) {
remaining_words = remaining_words =
...@@ -1868,7 +1876,7 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid, ...@@ -1868,7 +1876,7 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
int int
CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses, CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
char *ntlm_session_key, char *lanman_session_key, int ntlmv2_flag, char *ntlm_session_key, int ntlmv2_flag,
const struct nls_table *nls_codepage) const struct nls_table *nls_codepage)
{ {
struct smb_hdr *smb_buffer; struct smb_hdr *smb_buffer;
...@@ -1934,7 +1942,9 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses, ...@@ -1934,7 +1942,9 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
SecurityBlob->NegotiateFlags = SecurityBlob->NegotiateFlags =
NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO | NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
0x80000000 | NTLMSSP_NEGOTIATE_ALWAYS_SIGN | NTLMSSP_NEGOTIATE_128; 0x80000000 | NTLMSSP_NEGOTIATE_128;
if(sign_CIFS_PDUs)
SecurityBlob->NegotiateFlags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
if(ntlmv2_flag) if(ntlmv2_flag)
SecurityBlob->NegotiateFlags |= NTLMSSP_NEGOTIATE_NTLMV2; SecurityBlob->NegotiateFlags |= NTLMSSP_NEGOTIATE_NTLMV2;
......
...@@ -470,58 +470,3 @@ int SMBNTLMv2encrypt(const char *user, const char *domain, const char *password, ...@@ -470,58 +470,3 @@ int SMBNTLMv2encrypt(const char *user, const char *domain, const char *password,
return TRUE; return TRUE;
} }
/***********************************************************
SMB signing - setup the MAC key.
************************************************************/
void
cli_calculate_mac_key(__u8 * mac_key, int *pmac_key_len,
const char *ntpasswd, const unsigned char resp[24])
{
/* Get first 16 bytes. */
E_md4hash(ntpasswd, mac_key);
memcpy(mac_key + 16, resp, 24);
*pmac_key_len = 40;
/* Reset the sequence number in case we had a previous (aborted) attempt */
/* cli->sign_info.send_seq_num = 0; */
}
/***********************************************************
SMB signing - calculate a MAC to send.
************************************************************/
void
cli_caclulate_sign_mac(struct smb_hdr *outbuf, __u8 * mac_key,
int mac_key_len, __u32 * send_seq_num,
__u32 * reply_seq_num)
{
unsigned char calc_md5_mac[16];
struct MD5Context md5_ctx;
/* if (!cli->sign_info.use_smb_signing) {
return;
} */
/*
* Firstly put the sequence number into the first 4 bytes.
* and zero out the next 4 bytes.
*/
/*
SIVAL(outbuf, smb_ss_field, *send_seq_num);
SIVAL(outbuf, smb_ss_field + 4, 0); */
/* Calculate the 16 byte MAC and place first 8 bytes into the field. */
MD5Init(&md5_ctx);
MD5Update(&md5_ctx, mac_key, mac_key_len);
MD5Update(&md5_ctx, outbuf->Protocol,
be32_to_cpu(outbuf->smb_buf_length));
MD5Final(calc_md5_mac, &md5_ctx);
memcpy(outbuf->Signature.SecuritySignature, calc_md5_mac, 8);
(*send_seq_num)++;
*reply_seq_num = *send_seq_num;
(*send_seq_num)++;
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment