Fwd: [PATCH] cifs: Fix broken sec=ntlmv2/i sec mount option for Samba server

Tue Aug 23 19:41:12 MDT 2011

Wonder why we had the time in that field if Samba doesn't accept it
but Windows does - is this a server bug?


---------- Forwarded message ----------
From:  <shirishpargaonkar at gmail.com>
Date: Tue, Aug 23, 2011 at 8:16 PM
Subject: [PATCH] cifs: Fix broken sec=ntlmv2/i sec mount option for Samba server
To: smfrench at gmail.com
Cc: linux-cifs at vger.kernel.org, Shirish Pargaonkar <shirishpargaonkar at gmail.com>


From: Shirish Pargaonkar <shirishpargaonkar at gmail.com>


Fix sec=ntlmv2/i authentication option during mount of Samba shares.

Samba server does not like timestamp field as one of the av pair
elements during raw ntlmv2 authentication.
Windows servers do not care whether that av pair field is used in the
blob for NTLMv2 authentication.

For sec=ntlmsspi, build_av_pair is not used, a blob is plucked from
type 2 response sent by the server to use in authentication.

I tested sec=ntlmv2/i and sec=ntlmssp/i mount options against
Samba (3.6) and Windows - XP, 2003 Server and 7.
They all worked.


Signed-off-by: Shirish Pargaonkar <shirishpargaonkar at gmail.com>
---
 fs/cifs/cifsencrypt.c |    9 +--------
 1 files changed, 1 insertions(+), 8 deletions(-)

diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
index e76bfeb..90f85af 100644
--- a/fs/cifs/cifsencrypt.c
+++ b/fs/cifs/cifsencrypt.c
@@ -353,7 +353,6 @@ build_avpair_blob(struct cifs_ses *ses, const
struct nls_table *nls_cp)
       unsigned int dlen;
       unsigned int wlen;
       unsigned int size = 6 * sizeof(struct ntlmssp2_name);
-       __le64  curtime;
       char *defdmname = "WORKGROUP";
       unsigned char *blobptr;
       struct ntlmssp2_name *attrptr;
@@ -373,7 +372,7 @@ build_avpair_blob(struct cifs_ses *ses, const
struct nls_table *nls_cp)
        * two times the unicode length of a server name +
        * size of a timestamp (which is 8 bytes).
        */
-       ses->auth_key.len = size + 2 * (2 * dlen) + 2 * (2 * wlen) + 8;
+       ses->auth_key.len = size + 2 * (2 * dlen) + 2 * (2 * wlen);
       ses->auth_key.response = kzalloc(ses->auth_key.len, GFP_KERNEL);
       if (!ses->auth_key.response) {
               ses->auth_key.len = 0;
@@ -416,12 +415,6 @@ build_avpair_blob(struct cifs_ses *ses, const
struct nls_table *nls_cp)
       blobptr += 2 * wlen;
       attrptr = (struct ntlmssp2_name *) blobptr;

-       attrptr->type = cpu_to_le16(NTLMSSP_AV_TIMESTAMP);
-       attrptr->length = cpu_to_le16(sizeof(__le64));
-       blobptr = (unsigned char *)attrptr + sizeof(struct ntlmssp2_name);
-       curtime = cpu_to_le64(cifs_UnixTimeToNT(CURRENT_TIME));
-       memcpy(blobptr, &curtime, sizeof(__le64));
-
       return 0;
 }

--
1.6.0.2




-- 
Thanks,

Steve
