summaryrefslogtreecommitdiffstats
path: root/fs/cifs/ntlmssp.h
AgeCommit message (Collapse)AuthorFilesLines
2016-06-23cifs: dynamic allocation of ntlmssp blobJerome Marchand1-1/+1
In sess_auth_rawntlmssp_authenticate(), the ntlmssp blob is allocated statically and its size is an "empirical" 5*sizeof(struct _AUTHENTICATE_MESSAGE) (320B on x86_64). I don't know where this value comes from or if it was ever appropriate, but it is currently insufficient: the user and domain name in UTF16 could take 1kB by themselves. Because of that, build_ntlmssp_auth_blob() might corrupt memory (out-of-bounds write). The size of ntlmssp_blob in SMB2_sess_setup() is too small too (sizeof(struct _NEGOTIATE_MESSAGE) + 500). This patch allocates the blob dynamically in build_ntlmssp_auth_blob(). Signed-off-by: Jerome Marchand <jmarchan@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com> CC: Stable <stable@vger.kernel.org>
2012-07-24CIFS: Add session setup/logoff capability for SMB2Pavel Shilovsky1-0/+10
Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru> Signed-off-by: Steve French <smfrench@gmail.com>
2010-09-29cifs NTLMv2/NTLMSSP ntlmv2 within ntlmssp autentication codeShirish Pargaonkar1-0/+15
Attribue Value (AV) pairs or Target Info (TI) pairs are part of ntlmv2 authentication. Structure ntlmv2_resp had only definition for two av pairs. So removed it, and now allocation of av pairs is dynamic. For servers like Windows 7/2008, av pairs sent by server in challege packet (type 2 in the ntlmssp exchange/negotiation) can vary. Server sends them during ntlmssp negotiation. So when ntlmssp is used as an authentication mechanism, type 2 challenge packet from server has this information. Pluck it and use the entire blob for authenticaiton purpose. If user has not specified, extract (netbios) domain name from the av pairs which is used to calculate ntlmv2 hash. Servers like Windows 7 are particular about the AV pair blob. Servers like Windows 2003, are not very strict about the contents of av pair blob used during ntlmv2 authentication. So when security mechanism such as ntlmv2 is used (not ntlmv2 in ntlmssp), there is no negotiation and so genereate a minimal blob that gets used in ntlmv2 authentication as well as gets sent. Fields tilen and tilbob are session specific. AV pair values are defined. To calculate ntlmv2 response we need ti/av pair blob. For sec mech like ntlmssp, the blob is plucked from type 2 response from the server. From this blob, netbios name of the domain is retrieved, if user has not already provided, to be included in the Target String as part of ntlmv2 hash calculations. For sec mech like ntlmv2, create a minimal, two av pair blob. The allocated blob is freed in case of error. In case there is no error, this blob is used in calculating ntlmv2 response (in CalcNTLMv2_response) and is also copied on the response to the server, and then freed. The type 3 ntlmssp response is prepared on a buffer, 5 * sizeof of struct _AUTHENTICATE_MESSAGE, an empirical value large enough to hold _AUTHENTICATE_MESSAGE plus a blob with max possible 10 values as part of ntlmv2 response and lmv2 keys and domain, user, workstation names etc. Also, kerberos gets selected as a default mechanism if server supports it, over the other security mechanisms. Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
2010-09-08Revert "[CIFS] Fix ntlmv2 auth with ntlmssp"Steve French1-13/+0
This reverts commit 9fbc590860e75785bdaf8b83e48fabfe4d4f7d58. The change to kernel crypto and fixes to ntlvm2 and ntlmssp series, introduced a regression. Deferring this patch series to 2.6.37 after Shirish fixes it. Signed-off-by: Steve French <sfrench@us.ibm.com> Acked-by: Jeff Layton <jlayton@redhat.com> CC: Shirish Pargaonkar <shirishp@us.ibm.com>
2010-08-20[CIFS] Fix ntlmv2 auth with ntlmsspSteve French1-0/+13
Make ntlmv2 as an authentication mechanism within ntlmssp instead of ntlmv1. Parse type 2 response in ntlmssp negotiation to pluck AV pairs and use them to calculate ntlmv2 response token. Also, assign domain name from the sever response in type 2 packet of ntlmssp and use that (netbios) domain name in calculation of response. Enable cifs/smb signing using rc4 and md5. Changed name of the structure mac_key to session_key to reflect the type of key it holds. Use kernel crypto_shash_* APIs instead of the equivalent cifs functions. Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Steve French <sfrench@us.ibm.com>
2009-05-01[CIFS] Add remaining ntlmssp flags and standardize field namesSteve French1-26/+42
Signed-off-by: Steve French <sfrench@us.ibm.com>
2008-05-13[CIFS] cleanup old checkpatch warningsSteve French1-2/+2
Signed-off-by: Steve French <sfrench@us.ibm.com>
2007-07-06[CIFS] whitespace cleanupSteve French1-1/+1
Signed-off-by: Steve French <sfrench@us.ibm.com>
2007-06-28[CIFS] whitespace fixesSteve French1-10/+10
This changeset brought to you ... by patchcheck.pl Signed-off-by: Steve French <sfrench@us.ibm.com>
2006-02-09[CIFS] Cleanup NTLMSSP session setup handlingSteve French1-1/+1
Fix to hash NTLMv2 properly will follow. Signed-off-by: Steve French <sfrench@us.ibm.com>
2005-10-27[CIFS] Change pragma pack(1) to attribute(packed) to allow cifs on arm to accessSteve French1-8/+4
unaligned structures coming in off the wire gcc on arm processors generates very odd code with pragma pack specified - although it does pack the structures in some sense - it does not allow you to access unaligned elements in nested structures at the right offset as other architectures do. Oddly enough though, specifying the structures as packed the long way - one by one with the packed attribute does work. Rather than fighting over whether this is a gcc bug or some obscure side effect of pragma pack, it is easier to do what most (all but 96 other places in the kernel) do - and replace pragma pack with dozens of attribute(packed) structure qualifiers. Much more verbose ... but at least it works. Signed-off-by: David Kleikamp <shaggy@austin.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com> CG: -----------------------------------------------------------------------
2005-04-16Linux-2.6.12-rc2v2.6.12-rc2Linus Torvalds1-0/+101
Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip!