On Mon, 2014-08-25 at 14:29 +0900, Namjae Jeon wrote:
> Windows machine has extended security feature which refuse to allow
> authentication when there is time difference between server time and
> client time when ntlmv2 negotiation is used. This problem is prevalent
> in embedded enviornment where system time is set to default 1970.
>
> Modern servers send the server timestamp in the TargetInfo Av_Pair
> structure in the challenge message [see MS-NLMP 2.2.2.1]
> In [MS-NLMP 3.1.5.1.2] it is explicitly mentioned that the client must
> use the server provided timestamp if present OR current time if it is
> not.
>
> Cc: Simo <simo@xxxxxxxxx>
> Signed-off-by: Namjae Jeon <namjae.jeon@xxxxxxxxxxx>
> Signed-off-by: Ashish Sangwan <a.sangwan@xxxxxxxxxxx>
> ---
> fs/cifs/cifsencrypt.c | 6 ++++--
> fs/cifs/cifsglob.h | 2 ++
> fs/cifs/sess.c | 21 +++++++++++++++++++++
> 3 files changed, 27 insertions(+), 2 deletions(-)
>
> diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
> index 4934347..3ec44f8 100644
> --- a/fs/cifs/cifsencrypt.c
> +++ b/fs/cifs/cifsencrypt.c
> @@ -671,8 +671,10 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp)
> (ses->auth_key.response + CIFS_SESS_KEY_SIZE);
> ntlmv2->blob_signature = cpu_to_le32(0x00000101);
> ntlmv2->reserved = 0;
> - /* Must be within 5 minutes of the server */
> - ntlmv2->time = cpu_to_le64(cifs_UnixTimeToNT(CURRENT_TIME));
> + if (ses->serverTime)
> + ntlmv2->time = ses->serverTime;
> + else
> + ntlmv2->time = cpu_to_le64(cifs_UnixTimeToNT(CURRENT_TIME));
> get_random_bytes(&ntlmv2->client_chal, sizeof(ntlmv2->client_chal));
> ntlmv2->reserved2 = 0;
>
> diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
> index ce24c1f..1102822 100644
> --- a/fs/cifs/cifsglob.h
> +++ b/fs/cifs/cifsglob.h
> @@ -796,6 +796,8 @@ struct cifs_ses {
> enum securityEnum sectype; /* what security flavor was specified? */
> bool sign; /* is signing required? */
> bool need_reconnect:1; /* connection reset, uid now invalid */
> + __u64 serverTime; /* Keeps a track of server time sent by server
> + during NTLM challenge in little endian */
> #ifdef CONFIG_CIFS_SMB2
> __u16 session_flags;
> char smb3signingkey[SMB3_SIGN_KEY_SIZE]; /* for signing smb3 packets */
> diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
> index 07fe97a..0762377 100644
> --- a/fs/cifs/sess.c
> +++ b/fs/cifs/sess.c
> @@ -277,6 +277,26 @@ static void decode_ascii_ssetup(char **pbcc_area, __u16 bleft,
> cifs_dbg(FYI, "ascii: bytes left %d\n", bleft);
> }
>
> +static void
> +get_ntlmv2_server_time(struct cifs_ses *ses)
> +{
> +#define MsvAvEOL 0x0000
> +#define MsvAvTimestamp 0x0007
> + char *payload = ses->auth_key.response;
> + u16 AvId, AvLen;
> +
> + do {
> + AvId = le16_to_cpu(*payload);
> + AvLen = le16_to_cpu(*(payload + sizeof(u16)));
> + payload += AvLen + (2 * sizeof(u16));
> + } while (AvId != MsvAvTimestamp && AvId != MsvAvEOL);
> +
> + if (AvId == MsvAvTimestamp)
> + memcpy(&(ses->serverTime), (payload - AvLen), sizeof(__u64));
> + else
> + ses->serverTime = 0;
> +}
> +
> int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len,
> struct cifs_ses *ses)
> {
> @@ -322,6 +342,7 @@ int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len,
> return -ENOMEM;
> }
> ses->auth_key.len = tilen;
> + get_ntlmv2_server_time(ses);
> }
>
> return 0;
I'll let a cifs maintainer ack or nack the implementation, but from a
logic pov it looks good.
Simo.
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
