2021-06-18 00:31:49 -05:00
/* SPDX-License-Identifier: LGPL-2.1 */
2005-04-16 15:20:36 -07:00
/*
*
2007-06-28 19:44:13 +00:00
* Copyright ( c ) International Business Machines Corp . , 2002 , 2007
2005-04-16 15:20:36 -07:00
* Author ( s ) : Steve French ( sfrench @ us . ibm . com )
*
*/
# define NTLMSSP_SIGNATURE "NTLMSSP"
/* Message Types */
# define NtLmNegotiate cpu_to_le32(1)
# define NtLmChallenge cpu_to_le32(2)
# define NtLmAuthenticate cpu_to_le32(3)
# define UnknownMessage cpu_to_le32(8)
/* Negotiate Flags */
2009-05-01 04:37:43 +00:00
# define NTLMSSP_NEGOTIATE_UNICODE 0x01 /* Text strings are unicode */
# define NTLMSSP_NEGOTIATE_OEM 0x02 /* Text strings are in OEM */
# define NTLMSSP_REQUEST_TARGET 0x04 /* Srv returns its auth realm */
/* define reserved9 0x08 */
# define NTLMSSP_NEGOTIATE_SIGN 0x0010 /* Request signing capability */
# define NTLMSSP_NEGOTIATE_SEAL 0x0020 /* Request confidentiality */
# define NTLMSSP_NEGOTIATE_DGRAM 0x0040
# define NTLMSSP_NEGOTIATE_LM_KEY 0x0080 /* Use LM session key */
/* defined reserved 8 0x0100 */
# define NTLMSSP_NEGOTIATE_NTLM 0x0200 /* NTLM authentication */
# define NTLMSSP_NEGOTIATE_NT_ONLY 0x0400 /* Lanman not allowed */
# define NTLMSSP_ANONYMOUS 0x0800
# define NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED 0x1000 /* reserved6 */
2005-04-16 15:20:36 -07:00
# define NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED 0x2000
2009-05-01 04:37:43 +00:00
# define NTLMSSP_NEGOTIATE_LOCAL_CALL 0x4000 /* client/server same machine */
# define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x8000 /* Sign. All security levels */
# define NTLMSSP_TARGET_TYPE_DOMAIN 0x10000
# define NTLMSSP_TARGET_TYPE_SERVER 0x20000
# define NTLMSSP_TARGET_TYPE_SHARE 0x40000
# define NTLMSSP_NEGOTIATE_EXTENDED_SEC 0x80000 /* NB:not related to NTLMv2 pwd*/
/* #define NTLMSSP_REQUEST_INIT_RESP 0x100000 */
# define NTLMSSP_NEGOTIATE_IDENTIFY 0x100000
# define NTLMSSP_REQUEST_ACCEPT_RESP 0x200000 /* reserved5 */
# define NTLMSSP_REQUEST_NON_NT_KEY 0x400000
2005-04-16 15:20:36 -07:00
# define NTLMSSP_NEGOTIATE_TARGET_INFO 0x800000
2009-05-01 04:37:43 +00:00
/* #define reserved4 0x1000000 */
# define NTLMSSP_NEGOTIATE_VERSION 0x2000000 /* we do not set */
/* #define reserved3 0x4000000 */
/* #define reserved2 0x8000000 */
/* #define reserved1 0x10000000 */
# define NTLMSSP_NEGOTIATE_128 0x20000000
# define NTLMSSP_NEGOTIATE_KEY_XCH 0x40000000
# define NTLMSSP_NEGOTIATE_56 0x80000000
2005-04-16 15:20:36 -07:00
cifs NTLMv2/NTLMSSP ntlmv2 within ntlmssp autentication code
Attribue Value (AV) pairs or Target Info (TI) pairs are part of
ntlmv2 authentication.
Structure ntlmv2_resp had only definition for two av pairs.
So removed it, and now allocation of av pairs is dynamic.
For servers like Windows 7/2008, av pairs sent by server in
challege packet (type 2 in the ntlmssp exchange/negotiation) can
vary.
Server sends them during ntlmssp negotiation. So when ntlmssp is used
as an authentication mechanism, type 2 challenge packet from server
has this information. Pluck it and use the entire blob for
authenticaiton purpose. If user has not specified, extract
(netbios) domain name from the av pairs which is used to calculate
ntlmv2 hash. Servers like Windows 7 are particular about the AV pair
blob.
Servers like Windows 2003, are not very strict about the contents
of av pair blob used during ntlmv2 authentication.
So when security mechanism such as ntlmv2 is used (not ntlmv2 in ntlmssp),
there is no negotiation and so genereate a minimal blob that gets
used in ntlmv2 authentication as well as gets sent.
Fields tilen and tilbob are session specific. AV pair values are defined.
To calculate ntlmv2 response we need ti/av pair blob.
For sec mech like ntlmssp, the blob is plucked from type 2 response from
the server. From this blob, netbios name of the domain is retrieved,
if user has not already provided, to be included in the Target String
as part of ntlmv2 hash calculations.
For sec mech like ntlmv2, create a minimal, two av pair blob.
The allocated blob is freed in case of error. In case there is no error,
this blob is used in calculating ntlmv2 response (in CalcNTLMv2_response)
and is also copied on the response to the server, and then freed.
The type 3 ntlmssp response is prepared on a buffer,
5 * sizeof of struct _AUTHENTICATE_MESSAGE, an empirical value large
enough to hold _AUTHENTICATE_MESSAGE plus a blob with max possible
10 values as part of ntlmv2 response and lmv2 keys and domain, user,
workstation names etc.
Also, kerberos gets selected as a default mechanism if server supports it,
over the other security mechanisms.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
2010-09-18 22:02:18 -05:00
/* Define AV Pair Field IDs */
enum av_field_type {
NTLMSSP_AV_EOL = 0 ,
NTLMSSP_AV_NB_COMPUTER_NAME ,
NTLMSSP_AV_NB_DOMAIN_NAME ,
NTLMSSP_AV_DNS_COMPUTER_NAME ,
NTLMSSP_AV_DNS_DOMAIN_NAME ,
NTLMSSP_AV_DNS_TREE_NAME ,
NTLMSSP_AV_FLAGS ,
NTLMSSP_AV_TIMESTAMP ,
NTLMSSP_AV_RESTRICTION ,
NTLMSSP_AV_TARGET_NAME ,
NTLMSSP_AV_CHANNEL_BINDINGS
} ;
2005-04-16 15:20:36 -07:00
/* Although typedefs are not commonly used for structure definitions */
/* in the Linux kernel, in this particular case they are useful */
/* to more closely match the standards document for NTLMSSP from */
/* OpenGroup and to make the code more closely match the standard in */
/* appearance */
typedef struct _SECURITY_BUFFER {
__le16 Length ;
__le16 MaximumLength ;
2009-05-01 04:37:43 +00:00
__le32 BufferOffset ; /* offset to buffer */
2005-10-27 13:55:12 -07:00
} __attribute__ ( ( packed ) ) SECURITY_BUFFER ;
2005-04-16 15:20:36 -07:00
typedef struct _NEGOTIATE_MESSAGE {
2008-05-13 04:54:12 +00:00
__u8 Signature [ sizeof ( NTLMSSP_SIGNATURE ) ] ;
2009-05-01 04:37:43 +00:00
__le32 MessageType ; /* NtLmNegotiate = 1 */
2005-04-16 15:20:36 -07:00
__le32 NegotiateFlags ;
SECURITY_BUFFER DomainName ; /* RFC 1001 style and ASCII */
SECURITY_BUFFER WorkstationName ; /* RFC 1001 and ASCII */
2009-05-01 04:37:43 +00:00
/* SECURITY_BUFFER for version info not present since we
do not set the version is present flag */
2005-04-16 15:20:36 -07:00
char DomainString [ 0 ] ;
/* followed by WorkstationString */
2005-10-27 13:55:12 -07:00
} __attribute__ ( ( packed ) ) NEGOTIATE_MESSAGE , * PNEGOTIATE_MESSAGE ;
2005-04-16 15:20:36 -07:00
typedef struct _CHALLENGE_MESSAGE {
2008-05-13 04:54:12 +00:00
__u8 Signature [ sizeof ( NTLMSSP_SIGNATURE ) ] ;
2009-05-01 04:37:43 +00:00
__le32 MessageType ; /* NtLmChallenge = 2 */
2005-04-16 15:20:36 -07:00
SECURITY_BUFFER TargetName ;
__le32 NegotiateFlags ;
__u8 Challenge [ CIFS_CRYPTO_KEY_SIZE ] ;
__u8 Reserved [ 8 ] ;
SECURITY_BUFFER TargetInfoArray ;
2009-05-01 04:37:43 +00:00
/* SECURITY_BUFFER for version info not present since we
do not set the version is present flag */
2005-10-27 13:55:12 -07:00
} __attribute__ ( ( packed ) ) CHALLENGE_MESSAGE , * PCHALLENGE_MESSAGE ;
2005-04-16 15:20:36 -07:00
typedef struct _AUTHENTICATE_MESSAGE {
2009-05-01 04:37:43 +00:00
__u8 Signature [ sizeof ( NTLMSSP_SIGNATURE ) ] ;
__le32 MessageType ; /* NtLmsAuthenticate = 3 */
2005-04-16 15:20:36 -07:00
SECURITY_BUFFER LmChallengeResponse ;
SECURITY_BUFFER NtChallengeResponse ;
SECURITY_BUFFER DomainName ;
SECURITY_BUFFER UserName ;
SECURITY_BUFFER WorkstationName ;
SECURITY_BUFFER SessionKey ;
__le32 NegotiateFlags ;
2009-05-01 04:37:43 +00:00
/* SECURITY_BUFFER for version info not present since we
do not set the version is present flag */
2005-04-16 15:20:36 -07:00
char UserString [ 0 ] ;
2005-10-27 13:55:12 -07:00
} __attribute__ ( ( packed ) ) AUTHENTICATE_MESSAGE , * PAUTHENTICATE_MESSAGE ;
2011-12-27 16:22:00 +04:00
/*
* Size of the session key ( crypto key encrypted with the password
*/
int decode_ntlmssp_challenge ( char * bcc_ptr , int blob_len , struct cifs_ses * ses ) ;
void build_ntlmssp_negotiate_blob ( unsigned char * pbuffer , struct cifs_ses * ses ) ;
2016-05-26 11:52:25 +02:00
int build_ntlmssp_auth_blob ( unsigned char * * pbuffer , u16 * buflen ,
2011-12-27 16:22:00 +04:00
struct cifs_ses * ses ,
const struct nls_table * nls_cp ) ;