Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 299932 Details for
Bug 440082
NTLMv2 authentication fails
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Patch for kernel 2.6.9-67.0.7
vcpt_cifs_ntlmv2i.patch (text/plain), 12.52 KB, created by
Lenny Maiorani
on 2008-04-01 17:28:30 UTC
(
hide
)
Description:
Patch for kernel 2.6.9-67.0.7
Filename:
MIME Type:
Creator:
Lenny Maiorani
Created:
2008-04-01 17:28:30 UTC
Size:
12.52 KB
patch
obsolete
>Only in linux-2.6.9/fs/cifs: asn1.o >Only in linux-2.6.9/fs/cifs: .asn1.o.cmd >Only in linux-2.6.9/fs/cifs: built-in.o >Only in linux-2.6.9/fs/cifs: .built-in.o.cmd >Only in linux-2.6.9/fs/cifs: cifs_debug.o >Only in linux-2.6.9/fs/cifs: .cifs_debug.o.cmd >diff -ur linux-2.6.9-orig/fs/cifs/cifsencrypt.c linux-2.6.9/fs/cifs/cifsencrypt.c >--- linux-2.6.9-orig/fs/cifs/cifsencrypt.c 2008-04-01 09:12:03.000000000 -0600 >+++ linux-2.6.9/fs/cifs/cifsencrypt.c 2008-03-31 13:55:56.000000000 -0600 >@@ -41,15 +41,15 @@ > unsigned char *p24); > > static int cifs_calculate_signature(const struct smb_hdr * cifs_pdu, >- const char * key, char * signature) >+ const struct mac_key *key, char *signature) > { > struct MD5Context context; > >- if((cifs_pdu == NULL) || (signature == NULL)) >+ if ((cifs_pdu == NULL) || (signature == NULL) || (key == NULL)) > return -EINVAL; > > MD5Init(&context); >- MD5Update(&context,key,CIFS_SESS_KEY_SIZE+16); >+ MD5Update(&context, (char *)&key->data, key->len); > MD5Update(&context,cifs_pdu->Protocol,cifs_pdu->smb_buf_length); > MD5Final(signature,&context); > return 0; >@@ -75,7 +75,7 @@ > server->sequence_number++; > spin_unlock(&GlobalMid_Lock); > >- rc = cifs_calculate_signature(cifs_pdu, server->mac_signing_key,smb_signature); >+ rc = cifs_calculate_signature(cifs_pdu, &server->mac_signing_key,smb_signature); > if(rc) > memset(cifs_pdu->Signature.SecuritySignature, 0, 8); > else >@@ -85,16 +85,16 @@ > } > > static int cifs_calc_signature2(const struct kvec * iov, int n_vec, >- const char * key, char * signature) >+ const struct mac_key *key, char *signature) > { > struct MD5Context context; > int i; > >- if((iov == NULL) || (signature == NULL)) >+ if ((iov == NULL) || (signature == NULL) || (key == NULL)) > return -EINVAL; > > MD5Init(&context); >- MD5Update(&context,key,CIFS_SESS_KEY_SIZE+16); >+ MD5Update(&context, (char *)&key->data, key->len); > for(i=0;i<n_vec;i++) { > if(iov[i].iov_base == NULL) { > cERROR(1,("null iovec entry")); >@@ -139,8 +139,8 @@ > server->sequence_number++; > spin_unlock(&GlobalMid_Lock); > >- rc = cifs_calc_signature2(iov, n_vec, server->mac_signing_key, >- smb_signature); >+ rc = cifs_calc_signature2(iov, n_vec, &server->mac_signing_key, >+ smb_signature); > if(rc) > memset(cifs_pdu->Signature.SecuritySignature, 0, 8); > else >@@ -150,8 +150,9 @@ > > } > >-int cifs_verify_signature(struct smb_hdr * cifs_pdu, const char * mac_key, >- __u32 expected_sequence_number) >+int cifs_verify_signature(struct smb_hdr *cifs_pdu, >+ const struct mac_key *mac_key, >+ __u32 expected_sequence_number) > { > unsigned int rc; > char server_response_sig[8]; >@@ -200,15 +201,17 @@ > } > > /* We fill in key by putting in 40 byte array which was allocated by caller */ >-int cifs_calculate_mac_key(char * key, const char * rn, const char * password) >+int cifs_calculate_mac_key(struct mac_key *key, const char *rn, >+ const char *password) > { > char temp_key[16]; > if ((key == NULL) || (rn == NULL)) > return -EINVAL; > > E_md4hash(password, temp_key); >- mdfour(key,temp_key,16); >- memcpy(key+16,rn, CIFS_SESS_KEY_SIZE); >+ mdfour(key->data.ntlm, temp_key, 16); >+ memcpy(key->data.ntlm+16, rn, CIFS_SESS_KEY_SIZE); >+ key->len = 40; > return 0; > } > >@@ -261,7 +264,7 @@ > hmac_md5_update((const unsigned char *) unicode_buf, > (user_name_len+dom_name_len)*2,&ctx); > >- hmac_md5_final(ses->server->mac_signing_key,&ctx); >+ hmac_md5_final(ses->server->ntlmv2_hash,&ctx); > kfree(ucase_buf); > kfree(unicode_buf); > return 0; >@@ -345,7 +348,10 @@ > if(domain == NULL) > goto calc_exit_1; > len = cifs_strtoUCS(domain, ses->domainName, len, nls_cp); >- UniStrupr(domain); >+ /* the following line was removed since it didn't work well >+ with lower cased domain name that passed as an option. >+ Maybe converting the domain name earlier makes sense */ >+ /* UniStrupr(domain); */ > > hmac_md5_update((char *)domain, 2*len, pctxt); > >@@ -356,7 +362,7 @@ > calc_exit_2: > /* BB FIXME what about bytes 24 through 40 of the signing key? > compare with the NTLM example */ >- hmac_md5_final(ses->server->mac_signing_key, pctxt); >+ hmac_md5_final(ses->server->ntlmv2_hash, pctxt); > > return rc; > } >@@ -366,6 +372,7 @@ > { > int rc; > struct ntlmv2_resp * buf = (struct ntlmv2_resp *)resp_buf; >+ struct HMACMD5Context context; > > buf->blob_signature = cpu_to_le32(0x00000101); > buf->reserved = 0; >@@ -382,6 +389,15 @@ > if(rc) > cERROR(1,("could not get v2 hash rc %d",rc)); > CalcNTLMv2_response(ses, resp_buf); >+ >+ /* now calculate the MAC key for NTLMv2 */ >+ hmac_md5_init_limK_to_64(ses->server->ntlmv2_hash, 16, &context); >+ hmac_md5_update(resp_buf, 16, &context); >+ hmac_md5_final(ses->server->mac_signing_key.data.ntlmv2.key, &context); >+ >+ memcpy(&ses->server->mac_signing_key.data.ntlmv2.resp, resp_buf, >+ sizeof(struct ntlmv2_resp)); >+ ses->server->mac_signing_key.len = 16 + sizeof(struct ntlmv2_resp); > } > > void CalcNTLMv2_response(const struct cifsSesInfo * ses, char * v2_session_response) >@@ -389,7 +405,7 @@ > struct HMACMD5Context context; > /* rest of v2 struct already generated */ > memcpy(v2_session_response + 8, ses->server->cryptKey,8); >- hmac_md5_init_limK_to_64(ses->server->mac_signing_key, 16, &context); >+ hmac_md5_init_limK_to_64(ses->server->ntlmv2_hash, 16, &context); > > hmac_md5_update(v2_session_response+8, > sizeof(struct ntlmv2_resp) - 8, &context); >Only in linux-2.6.9/fs/cifs: cifsencrypt.o >Only in linux-2.6.9/fs/cifs: .cifsencrypt.o.cmd >Only in linux-2.6.9/fs/cifs: cifsfs.o >Only in linux-2.6.9/fs/cifs: .cifsfs.o.cmd >diff -ur linux-2.6.9-orig/fs/cifs/cifsglob.h linux-2.6.9/fs/cifs/cifsglob.h >--- linux-2.6.9-orig/fs/cifs/cifsglob.h 2008-04-01 09:12:03.000000000 -0600 >+++ linux-2.6.9/fs/cifs/cifsglob.h 2008-03-31 13:37:52.000000000 -0600 >@@ -113,6 +113,17 @@ > /* Netbios frames protocol not supported at this time */ > }; > >+struct mac_key { >+ unsigned int len; >+ union { >+ char ntlm[CIFS_SESS_KEY_SIZE + 16]; >+ struct { >+ char key[16]; >+ struct ntlmv2_resp resp; >+ } ntlmv2; >+ } data; >+}; >+ > /* > ***************************************************************** > * Except the CIFS PDUs themselves all the >@@ -168,7 +179,8 @@ > /* 16th byte of RFC1001 workstation name is always null */ > char workstation_RFC1001_name[SERVER_NAME_LEN_WITH_NULL]; > __u32 sequence_number; /* needed for CIFS PDU signature */ >- char mac_signing_key[CIFS_SESS_KEY_SIZE + 16]; >+ struct mac_key mac_signing_key; >+ char ntlmv2_hash[16]; > unsigned long lstrp; /* when we got last response from this server */ > }; > >Only in linux-2.6.9/fs/cifs: cifs.ko >Only in linux-2.6.9/fs/cifs: .cifs.ko.cmd >Only in linux-2.6.9/fs/cifs: cifs.mod.c >Only in linux-2.6.9/fs/cifs: cifs.mod.o >Only in linux-2.6.9/fs/cifs: .cifs.mod.o.cmd >Only in linux-2.6.9/fs/cifs: cifs.o >Only in linux-2.6.9/fs/cifs: .cifs.o.cmd >diff -ur linux-2.6.9-orig/fs/cifs/cifsproto.h linux-2.6.9/fs/cifs/cifsproto.h >--- linux-2.6.9-orig/fs/cifs/cifsproto.h 2008-04-01 09:12:03.000000000 -0600 >+++ linux-2.6.9/fs/cifs/cifsproto.h 2008-03-31 13:37:52.000000000 -0600 >@@ -318,9 +318,11 @@ > extern int cifs_sign_smb(struct smb_hdr *, struct TCP_Server_Info *,__u32 *); > extern int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *, > __u32 *); >-extern int cifs_verify_signature(struct smb_hdr *, const char * mac_key, >- __u32 expected_sequence_number); >-extern int cifs_calculate_mac_key(char * key,const char * rn,const char * pass); >+extern int cifs_verify_signature(struct smb_hdr *, >+ const struct mac_key *mac_key, >+ __u32 expected_sequence_number); >+extern int cifs_calculate_mac_key(struct mac_key *key, const char *rn, >+ const char *pass); > extern int CalcNTLMv2_partial_mac_key(struct cifsSesInfo *, > const struct nls_table *); > extern void CalcNTLMv2_response(const struct cifsSesInfo *, char * ); >Only in linux-2.6.9/fs/cifs: cifssmb.o >Only in linux-2.6.9/fs/cifs: .cifssmb.o.cmd >Only in linux-2.6.9/fs/cifs: cifs_unicode.o >Only in linux-2.6.9/fs/cifs: .cifs_unicode.o.cmd >diff -ur linux-2.6.9-orig/fs/cifs/connect.c linux-2.6.9/fs/cifs/connect.c >--- linux-2.6.9-orig/fs/cifs/connect.c 2008-04-01 09:12:03.000000000 -0600 >+++ linux-2.6.9/fs/cifs/connect.c 2008-03-31 13:37:52.000000000 -0600 >@@ -3487,7 +3487,7 @@ > CalcNTLMv2_response(pSesInfo,v2_response); > /* if(first_time) > cifs_calculate_ntlmv2_mac_key( >- pSesInfo->server->mac_signing_key, >+ &pSesInfo->server->mac_signing_key, > response, ntlm_session_key, */ > kfree(v2_response); > /* BB Put dummy sig in SessSetup PDU? */ >@@ -3503,7 +3503,7 @@ > > if(first_time) > cifs_calculate_mac_key( >- pSesInfo->server->mac_signing_key, >+ &pSesInfo->server->mac_signing_key, > ntlm_session_key, > pSesInfo->password); > } >@@ -3523,7 +3523,7 @@ > > if(first_time) > cifs_calculate_mac_key( >- pSesInfo->server->mac_signing_key, >+ &pSesInfo->server->mac_signing_key, > ntlm_session_key, pSesInfo->password); > > rc = CIFSSessSetup(xid, pSesInfo, >Only in linux-2.6.9/fs/cifs: connect.o >Only in linux-2.6.9/fs/cifs: .connect.o.cmd >Only in linux-2.6.9/fs/cifs: dir.o >Only in linux-2.6.9/fs/cifs: .dir.o.cmd >Only in linux-2.6.9/fs/cifs: export.o >Only in linux-2.6.9/fs/cifs: .export.o.cmd >Only in linux-2.6.9/fs/cifs: fcntl.o >Only in linux-2.6.9/fs/cifs: .fcntl.o.cmd >Only in linux-2.6.9/fs/cifs: file.o >Only in linux-2.6.9/fs/cifs: .file.o.cmd >Only in linux-2.6.9/fs/cifs: inode.o >Only in linux-2.6.9/fs/cifs: .inode.o.cmd >Only in linux-2.6.9/fs/cifs: ioctl.o >Only in linux-2.6.9/fs/cifs: .ioctl.o.cmd >Only in linux-2.6.9/fs/cifs: link.o >Only in linux-2.6.9/fs/cifs: .link.o.cmd >Only in linux-2.6.9/fs/cifs: md4.o >Only in linux-2.6.9/fs/cifs: .md4.o.cmd >Only in linux-2.6.9/fs/cifs: md5.o >Only in linux-2.6.9/fs/cifs: .md5.o.cmd >Only in linux-2.6.9/fs/cifs: misc.o >Only in linux-2.6.9/fs/cifs: .misc.o.cmd >Only in linux-2.6.9/fs/cifs: netmisc.o >Only in linux-2.6.9/fs/cifs: .netmisc.o.cmd >Only in linux-2.6.9/fs/cifs: nterr.o >Only in linux-2.6.9/fs/cifs: .nterr.o.cmd >Only in linux-2.6.9/fs/cifs: readdir.o >Only in linux-2.6.9/fs/cifs: .readdir.o.cmd >diff -ur linux-2.6.9-orig/fs/cifs/sess.c linux-2.6.9/fs/cifs/sess.c >--- linux-2.6.9-orig/fs/cifs/sess.c 2008-04-01 09:12:03.000000000 -0600 >+++ linux-2.6.9/fs/cifs/sess.c 2008-03-31 13:37:52.000000000 -0600 >@@ -427,7 +427,7 @@ > > if(first_time) /* should this be moved into common code > with similar ntlmv2 path? */ >- cifs_calculate_mac_key(ses->server->mac_signing_key, >+ cifs_calculate_mac_key(&ses->server->mac_signing_key, > ntlm_session_key, ses->password); > /* copy session key */ > >@@ -469,7 +469,7 @@ > setup_ntlmv2_rsp(ses, v2_sess_key, nls_cp); > if(first_time) /* should this be moved into common code > with similar ntlmv2 path? */ >- /* cifs_calculate_ntlmv2_mac_key(ses->server->mac_signing_key, >+ /* cifs_calculate_ntlmv2_mac_key(&ses->server->mac_signing_key, > response BB FIXME, v2_sess_key); */ > > /* copy session key */ >Only in linux-2.6.9/fs/cifs: sess.o >Only in linux-2.6.9/fs/cifs: .sess.o.cmd >Only in linux-2.6.9/fs/cifs: smbdes.o >Only in linux-2.6.9/fs/cifs: .smbdes.o.cmd >Only in linux-2.6.9/fs/cifs: smbencrypt.o >Only in linux-2.6.9/fs/cifs: .smbencrypt.o.cmd >diff -ur linux-2.6.9-orig/fs/cifs/transport.c linux-2.6.9/fs/cifs/transport.c >--- linux-2.6.9-orig/fs/cifs/transport.c 2008-04-01 09:12:03.000000000 -0600 >+++ linux-2.6.9/fs/cifs/transport.c 2008-03-31 13:37:52.000000000 -0600 >@@ -615,7 +615,7 @@ > (ses->server->secMode & (SECMODE_SIGN_REQUIRED | > SECMODE_SIGN_ENABLED))) { > rc = cifs_verify_signature(midQ->resp_buf, >- ses->server->mac_signing_key, >+ &ses->server->mac_signing_key, > midQ->sequence_number+1); > if(rc) { > cERROR(1,("Unexpected SMB signature")); >@@ -794,7 +794,7 @@ > (ses->server->secMode & (SECMODE_SIGN_REQUIRED | > SECMODE_SIGN_ENABLED))) { > rc = cifs_verify_signature(out_buf, >- ses->server->mac_signing_key, >+ &ses->server->mac_signing_key, > midQ->sequence_number+1); > if(rc) { > cERROR(1,("Unexpected SMB signature")); >@@ -1038,7 +1038,7 @@ > (ses->server->secMode & (SECMODE_SIGN_REQUIRED | > SECMODE_SIGN_ENABLED))) { > rc = cifs_verify_signature(out_buf, >- ses->server->mac_signing_key, >+ &ses->server->mac_signing_key, > midQ->sequence_number+1); > if(rc) { > cERROR(1,("Unexpected SMB signature")); >Only in linux-2.6.9/fs/cifs: transport.o >Only in linux-2.6.9/fs/cifs: .transport.o.cmd >Only in linux-2.6.9/fs/cifs: xattr.o >Only in linux-2.6.9/fs/cifs: .xattr.o.cmd
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=299932">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 440082
: 299932