NTLMv2 password support and NTLMSSP signing part 1

34f773cd · Steve French · c7b0b16d · 34f773cd · 34f773cd · 34f773cd
Commit 34f773cd authored Jul 07, 2003 by Steve French
Showing with 89 additions and 83 deletions

fs/cifs/cifsencrypt.c fs/cifs/cifsencrypt.c +53 -2

fs/cifs/cifsproto.h fs/cifs/cifsproto.h +2 -2

fs/cifs/connect.c fs/cifs/connect.c +34 -24

fs/cifs/smbencrypt.c fs/cifs/smbencrypt.c +0 -55

No files found.
--- a/fs/cifs/cifsencrypt.c
+++ b/fs/cifs/cifsencrypt.c
@@ -24,6 +24,7 @@
 #include "cifsglob.h" 
 #include "cifs_debug.h"
 #include "md5.h"
+#include "cifs_unicode.h"

 /* Calculate and return the CIFS signature based on the mac key and the smb pdu */
 /* the 16 byte signature must be allocated by the caller  */
@@ -133,8 +134,58 @@ int cifs_calculate_mac_key(char * key, const char * rn, const char * password)
 	if ((key == NULL) || (rn == NULL) || (password == NULL))
 		return -EINVAL;

-	E_md4hash(password, temp_key);  /* BB may have to do another md4 of it */
+	E_md4hash(password, temp_key);
 	mdfour(key,temp_key,16);
 	memcpy(key+16,rn, CIFS_SESSION_KEY_SIZE);
 	return 0;
 }
+
+int CalcNTLMv2_partial_mac_key(struct cifsSesInfo * ses, struct nls_table * nls_info)
+{
+	char temp_key[16];
+	struct HMACMD5Context ctx;
+	char * ucase_buf;
+	wchar_t * unicode_buf;
+	unsigned int i,user_len,dom_len;
+
+	if(ses)
+		return -EINVAL;
+
+	E_md4hash(ses->password_with_pad, temp_key);
+
+	hmac_md5_init_limK_to_64(temp_key, 16, &ctx);
+	user_len = strlen(ses->userName);
+	if(user_len > MAX_USERNAME_SIZE)
+		return -EINVAL;
+	dom_len = strlen(ses->domainName);
+	if(dom_len > MAX_USERNAME_SIZE)
+		return -EINVAL;
+
+	
+	ucase_buf = kmalloc((MAX_USERNAME_SIZE+1), GFP_KERNEL);
+        unicode_buf = kmalloc((MAX_USERNAME_SIZE+1)*2, GFP_KERNEL);
+	
+	for(i=0;i<user_len;i++)
+		ucase_buf[i] = nls_info->charset2upper[(int)ses->userName[i]];
+	ucase_buf[i] = 0;
+        user_len = cifs_strtoUCS(unicode_buf, ucase_buf, MAX_USERNAME_SIZE*2, nls_info);
+	/* BB inc user_len + 2 or 2 for trailing nulls? */
+
+	/* Add call to hmac md5 user BB */
+
+        for(i=0;i<dom_len;i++)
+                ucase_buf[i] = nls_info->charset2upper[(int)ses->domainName[i]];
+        ucase_buf[i] = 0;
+        dom_len = cifs_strtoUCS(unicode_buf, ucase_buf, MAX_USERNAME_SIZE*2, nls_info);
+
+	/* BB inc dom_len + 1 or 2 for trailing nulls? */
+
+	/* Add call to hmac md5 domain */
+
+	/* BB add hmac md5 final BB */
+
+	kfree(ucase_buf);
+	kfree(unicode_buf);
+	return 0;
+}
+ 
--- a/fs/cifs/cifsproto.h
+++ b/fs/cifs/cifsproto.h
@@ -88,8 +88,7 @@ extern int CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
 			const struct nls_table *);
 extern int CIFSNTLMSSPAuthSessSetup(unsigned int xid,
 			struct cifsSesInfo *ses, char *ntlm_session_key,
-			char *lanman_session_key,int ntlmv2_flag,
-			const struct nls_table *);
+			int ntlmv2_flag, const struct nls_table *);

 extern int CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
 			const char *tree, struct cifsTconInfo *tcon,
@@ -229,6 +228,7 @@ extern int cifs_sign_smb(struct smb_hdr *, struct cifsSesInfo *,__u32 *);
 extern int cifs_verify_signature(const struct smb_hdr *, const char * mac_key,
 	__u32 expected_sequence_number);
 extern int cifs_calculate_mac_key(char * key,const char * rn,const char * pass);
+extern void CalcNTLMv2_partial_mac_key(struct cifsSesInfo *, struct nls_table *);

 /* BB routines below not implemented yet BB */


--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -634,7 +634,6 @@ get_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
 int setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo, struct nls_table * nls_info)
 {
 	int rc = 0;
-	char session_key[CIFS_SESSION_KEY_SIZE];
 	char ntlm_session_key[CIFS_SESSION_KEY_SIZE];
 	int ntlmv2_flag = FALSE;

@@ -666,26 +665,28 @@ int setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo, struct nls_tab
 						nls_info);
 			if (!rc) {
 				if(ntlmv2_flag) {
-					cFYI(1,("Able to use the more secure NTLM version 2 password hash"));
-			/* SMBNTv2encrypt( ...);  */ /* BB fix this up - 
-			   and note that Samba client equivalent looks wrong */
-				} else
-					SMBNTencrypt(pSesInfo->password_with_pad,
-						pSesInfo->server->cryptKey,ntlm_session_key);
+					cFYI(1,("Can use more secure NTLM version 2 password hash"));
+			/* SMBNTv2encrypt( ...);  */ /* BB fix this up */
+					CalcNTLMv2_partial_mac_key(pSesInfo, 
+						nls_info);
+/*					cifs_calculate_ntlmv2_mac_key(pSesInfo->mac_signing_key, ntlm_session_key, */
+					/* BB Put dummy sig in SessSetup PDU? */

-				/* BB add call to save MAC key here BB */
+				} else {
+					SMBNTencrypt(pSesInfo->password_with_pad,
+						pSesInfo->server->cryptKey,
+						ntlm_session_key);

+					cifs_calculate_mac_key(pSesInfo->mac_signing_key,
+						ntlm_session_key,
+						pSesInfo->password_with_pad);
+				}
 			/* for better security the weaker lanman hash not sent
-				   in AuthSessSetup so why bother calculating it */
-				/* toUpper(nls_info,
-					password_with_pad);
-				SMBencrypt(password_with_pad,
-					   pSesInfo->server->cryptKey, session_key); */
+			   in AuthSessSetup so we no longer calculate it */

 				rc = CIFSNTLMSSPAuthSessSetup(xid,
 					pSesInfo,
 					ntlm_session_key,
-						session_key,
 					ntlmv2_flag,
 					nls_info);
 			}
@@ -694,7 +695,8 @@ int setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo, struct nls_tab
 				pSesInfo->server->cryptKey,
 				ntlm_session_key);

-			cifs_calculate_mac_key(pSesInfo->mac_signing_key, ntlm_session_key, pSesInfo->password_with_pad);
+			cifs_calculate_mac_key(pSesInfo->mac_signing_key, 
+				ntlm_session_key, pSesInfo->password_with_pad);
 			rc = CIFSSessSetup(xid, pSesInfo,
 				ntlm_session_key, nls_info);
 		}
@@ -1297,7 +1299,7 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
 	int bytes_returned = 0;
 	int len;

-	cFYI(1, ("In v2 sesssetup "));
+	cFYI(1, ("In spnego sesssetup "));

 	smb_buffer = buf_get();
 	if (smb_buffer == 0) {
@@ -1605,7 +1607,9 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
 	SecurityBlob->NegotiateFlags =
 	    NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
 	    NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM | 0x80000000 |
-	    NTLMSSP_NEGOTIATE_ALWAYS_SIGN | NTLMSSP_NEGOTIATE_128;
+	    /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
+	if(sign_CIFS_PDUs)
+		SecurityBlob->NegotiateFlags |= NTLMSSP_NEGOTIATE_SIGN;
 	if(ntlmv2_support)
 		SecurityBlob->NegotiateFlags |= NTLMSSP_NEGOTIATE_NTLMV2;
 	/* setup pointers to domain name and workstation name */
@@ -1725,6 +1729,10 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
 				       CIFS_CRYPTO_KEY_SIZE);
 				if(SecurityBlob2->NegotiateFlags & NTLMSSP_NEGOTIATE_NTLMV2)
 					*pNTLMv2_flag = TRUE;
+
+/*				if(SecurityBlob2->NegotiateFlags & NTLMSSP_NEGOTIATE_SIGN)
+					always sign */ /* BB FIXME BB */
+
 				if (smb_buffer->Flags2 &= SMBFLG2_UNICODE) {
 					if ((long) (bcc_ptr) % 2) {
 						remaining_words =
@@ -1868,7 +1876,7 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,

 int
 CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
-		char *ntlm_session_key, char *lanman_session_key, int ntlmv2_flag,
+		char *ntlm_session_key, int ntlmv2_flag,
 		const struct nls_table *nls_codepage)
 {
 	struct smb_hdr *smb_buffer;
@@ -1934,7 +1942,9 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
 	SecurityBlob->NegotiateFlags =
 	    NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
 	    NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
-	    0x80000000 | NTLMSSP_NEGOTIATE_ALWAYS_SIGN | NTLMSSP_NEGOTIATE_128;
+	    0x80000000 | NTLMSSP_NEGOTIATE_128;
+	if(sign_CIFS_PDUs)
+		SecurityBlob->NegotiateFlags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
 	if(ntlmv2_flag)
 		SecurityBlob->NegotiateFlags |= NTLMSSP_NEGOTIATE_NTLMV2;


--- a/fs/cifs/smbencrypt.c
+++ b/fs/cifs/smbencrypt.c
@@ -470,58 +470,3 @@ int SMBNTLMv2encrypt(const char *user, const char *domain, const char *password,

        return TRUE;
 }
-
-
-/***********************************************************
- SMB signing - setup the MAC key.
-************************************************************/
-
-void
-cli_calculate_mac_key(__u8 * mac_key, int *pmac_key_len,
-		      const char *ntpasswd, const unsigned char resp[24])
-{
-	/* Get first 16 bytes. */
-	E_md4hash(ntpasswd, mac_key);
-	memcpy(mac_key + 16, resp, 24);
-	*pmac_key_len = 40;
-
-	/* Reset the sequence number in case we had a previous (aborted) attempt */
-/*	cli->sign_info.send_seq_num = 0; */
-}
-
-/***********************************************************
- SMB signing - calculate a MAC to send.
-************************************************************/
-
-void
-cli_caclulate_sign_mac(struct smb_hdr *outbuf, __u8 * mac_key,
-		       int mac_key_len, __u32 * send_seq_num,
-		       __u32 * reply_seq_num)
-{
-	unsigned char calc_md5_mac[16];
-	struct MD5Context md5_ctx;
-
-/*	if (!cli->sign_info.use_smb_signing) {
-		return;
-	} */
-
-	/*
-	 * Firstly put the sequence number into the first 4 bytes.
-	 * and zero out the next 4 bytes.
-	 */
-/*
-	SIVAL(outbuf, smb_ss_field, *send_seq_num);
-	SIVAL(outbuf, smb_ss_field + 4, 0); */
-
-	/* Calculate the 16 byte MAC and place first 8 bytes into the field. */
-	MD5Init(&md5_ctx);
-	MD5Update(&md5_ctx, mac_key, mac_key_len);
-	MD5Update(&md5_ctx, outbuf->Protocol,
-		  be32_to_cpu(outbuf->smb_buf_length));
-	MD5Final(calc_md5_mac, &md5_ctx);
-
-	memcpy(outbuf->Signature.SecuritySignature, calc_md5_mac, 8);
-	(*send_seq_num)++;
-	*reply_seq_num = *send_seq_num;
-	(*send_seq_num)++;
-}