Re: [PATCH] cifs: Add client version details to NTLM authenticate message

Steve French <smfrench@xxxxxxxxx> · Wed, 4 Oct 2023 12:14:17 -0500



tentatively merged into cifs-2.6.git for-next pending review/testing

On Wed, Oct 4, 2023 at 6:18 AM <meetakshisetiyaoss@xxxxxxxxx> wrote:
>
> From: Meetakshi Setiya <msetiya@xxxxxxxxxxxxx>
>
> The NTLM authenticate message currently sets the NTLMSSP_NEGOTIATE_VERSION
> flag but does not populate the VERSION structure. This commit fixes this
> bug by ensuring that the flag is set and the version details are included
> in the message.
>
> Signed-off-by: Meetakshi Setiya <msetiya@xxxxxxxxxxxxx>
> ---
>  fs/smb/client/ntlmssp.h |  4 ++--
>  fs/smb/client/sess.c    | 12 +++++++++---
>  2 files changed, 11 insertions(+), 5 deletions(-)
>
> diff --git a/fs/smb/client/ntlmssp.h b/fs/smb/client/ntlmssp.h
> index 2c5dde2ece58..875de43b72de 100644
> --- a/fs/smb/client/ntlmssp.h
> +++ b/fs/smb/client/ntlmssp.h
> @@ -133,8 +133,8 @@ typedef struct _AUTHENTICATE_MESSAGE {
>         SECURITY_BUFFER WorkstationName;
>         SECURITY_BUFFER SessionKey;
>         __le32 NegotiateFlags;
> -       /* SECURITY_BUFFER for version info not present since we
> -          do not set the version is present flag */
> +       struct  ntlmssp_version Version;
> +       /* SECURITY_BUFFER */
>         char UserString[];
>  } __attribute__((packed)) AUTHENTICATE_MESSAGE, *PAUTHENTICATE_MESSAGE;
>
> diff --git a/fs/smb/client/sess.c b/fs/smb/client/sess.c
> index 79f26c560edf..919ace2d13d4 100644
> --- a/fs/smb/client/sess.c
> +++ b/fs/smb/client/sess.c
> @@ -1060,10 +1060,16 @@ int build_ntlmssp_auth_blob(unsigned char **pbuffer,
>         memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8);
>         sec_blob->MessageType = NtLmAuthenticate;
>
> +       /* send version information in ntlmssp authenticate also */
>         flags = ses->ntlmssp->server_flags | NTLMSSP_REQUEST_TARGET |
> -               NTLMSSP_NEGOTIATE_TARGET_INFO | NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED;
> -       /* we only send version information in ntlmssp negotiate, so do not set this flag */
> -       flags = flags & ~NTLMSSP_NEGOTIATE_VERSION;
> +               NTLMSSP_NEGOTIATE_TARGET_INFO | NTLMSSP_NEGOTIATE_VERSION |
> +               NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED;
> +
> +       sec_blob->Version.ProductMajorVersion = LINUX_VERSION_MAJOR;
> +       sec_blob->Version.ProductMinorVersion = LINUX_VERSION_PATCHLEVEL;
> +       sec_blob->Version.ProductBuild = cpu_to_le16(SMB3_PRODUCT_BUILD);
> +       sec_blob->Version.NTLMRevisionCurrent = NTLMSSP_REVISION_W2K3;
> +
>         tmp = *pbuffer + sizeof(AUTHENTICATE_MESSAGE);
>         sec_blob->NegotiateFlags = cpu_to_le32(flags);
>
> --
> 2.39.2
>


-- 
Thanks,

Steve