The Samba-Bugzilla – Attachment 12090 Details for
Bug 11913
Regression: Samba 4.4.3 breaks guest authentication
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Possible but completely untested patches for linux master
samba-bug-11913.linux-master-01.patches.txt (text/plain), 9.56 KB, created by
Stefan Metzmacher
on 2016-05-09 16:10:58 UTC
(
hide
)
Description:
Possible but completely untested patches for linux master
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2016-05-09 16:10:58 UTC
Size:
9.56 KB
patch
obsolete
>From cb1ccca7b2eaedabc44f652578391c9e60661c08 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 3 May 2016 10:52:30 +0200 >Subject: [PATCH 1/4] fs/cifs: correctly to anonymous authentication via > NTLMSSP > >See [MS-NLMP] 3.2.5.1.2 Server Receives an AUTHENTICATE_MESSAGE from the Client: > > ... > Set NullSession to FALSE > If (AUTHENTICATE_MESSAGE.UserNameLen == 0 AND > AUTHENTICATE_MESSAGE.NtChallengeResponse.Length == 0 AND > (AUTHENTICATE_MESSAGE.LmChallengeResponse == Z(1) > OR > AUTHENTICATE_MESSAGE.LmChallengeResponse.Length == 0)) > -- Special case: client requested anonymous authentication > Set NullSession to TRUE > ... > >Only server which map unknown users to guest will allow >access using a non-null NTChallengeResponse. > >For Samba it's the "map to guest = bad user" option. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11913 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >--- > fs/cifs/sess.c | 32 ++++++++++++++++++++------------ > 1 file changed, 20 insertions(+), 12 deletions(-) > >diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c >index 59727e3..09b0201 100644 >--- a/fs/cifs/sess.c >+++ b/fs/cifs/sess.c >@@ -400,19 +400,27 @@ int build_ntlmssp_auth_blob(unsigned char *pbuffer, > sec_blob->LmChallengeResponse.MaximumLength = 0; > > sec_blob->NtChallengeResponse.BufferOffset = cpu_to_le32(tmp - pbuffer); >- rc = setup_ntlmv2_rsp(ses, nls_cp); >- if (rc) { >- cifs_dbg(VFS, "Error %d during NTLMSSP authentication\n", rc); >- goto setup_ntlmv2_ret; >+ if (ses->user_name != NULL) { >+ rc = setup_ntlmv2_rsp(ses, nls_cp); >+ if (rc) { >+ cifs_dbg(VFS, "Error %d during NTLMSSP authentication\n", rc); >+ goto setup_ntlmv2_ret; >+ } >+ memcpy(tmp, ses->auth_key.response + CIFS_SESS_KEY_SIZE, >+ ses->auth_key.len - CIFS_SESS_KEY_SIZE); >+ tmp += ses->auth_key.len - CIFS_SESS_KEY_SIZE; >+ >+ sec_blob->NtChallengeResponse.Length = >+ cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE); >+ sec_blob->NtChallengeResponse.MaximumLength = >+ cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE); >+ } else { >+ /* >+ * don't send an NT Response for anonymous access >+ */ >+ sec_blob->NtChallengeResponse.Length = 0; >+ sec_blob->NtChallengeResponse.MaximumLength = 0; > } >- memcpy(tmp, ses->auth_key.response + CIFS_SESS_KEY_SIZE, >- ses->auth_key.len - CIFS_SESS_KEY_SIZE); >- tmp += ses->auth_key.len - CIFS_SESS_KEY_SIZE; >- >- sec_blob->NtChallengeResponse.Length = >- cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE); >- sec_blob->NtChallengeResponse.MaximumLength = >- cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE); > > if (ses->domainName == NULL) { > sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - pbuffer); >-- >1.9.1 > > >From a3dddc89789e4b5ba49290b114a3eed927e3d3e3 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 3 May 2016 10:52:30 +0200 >Subject: [PATCH 2/4] fs/cifs: correctly to anonymous authentication for the > LANMAN authentication > >Only server which map unknown users to guest will allow >access using a non-null LMChallengeResponse. > >For Samba it's the "map to guest = bad user" option. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11913 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >--- > fs/cifs/sess.c | 28 ++++++++++++++++------------ > 1 file changed, 16 insertions(+), 12 deletions(-) > >diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c >index 09b0201..b9e2cc1 100644 >--- a/fs/cifs/sess.c >+++ b/fs/cifs/sess.c >@@ -678,20 +678,24 @@ sess_auth_lanman(struct sess_data *sess_data) > > pSMB->req.hdr.Flags2 &= ~SMBFLG2_UNICODE; > >- /* no capabilities flags in old lanman negotiation */ >- pSMB->old_req.PasswordLength = cpu_to_le16(CIFS_AUTH_RESP_SIZE); >+ if (ses->user_name != NULL) { >+ /* no capabilities flags in old lanman negotiation */ >+ pSMB->old_req.PasswordLength = cpu_to_le16(CIFS_AUTH_RESP_SIZE); > >- /* Calculate hash with password and copy into bcc_ptr. >- * Encryption Key (stored as in cryptkey) gets used if the >- * security mode bit in Negottiate Protocol response states >- * to use challenge/response method (i.e. Password bit is 1). >- */ >- rc = calc_lanman_hash(ses->password, ses->server->cryptkey, >- ses->server->sec_mode & SECMODE_PW_ENCRYPT ? >- true : false, lnm_session_key); >+ /* Calculate hash with password and copy into bcc_ptr. >+ * Encryption Key (stored as in cryptkey) gets used if the >+ * security mode bit in Negottiate Protocol response states >+ * to use challenge/response method (i.e. Password bit is 1). >+ */ >+ rc = calc_lanman_hash(ses->password, ses->server->cryptkey, >+ ses->server->sec_mode & SECMODE_PW_ENCRYPT ? >+ true : false, lnm_session_key); > >- memcpy(bcc_ptr, (char *)lnm_session_key, CIFS_AUTH_RESP_SIZE); >- bcc_ptr += CIFS_AUTH_RESP_SIZE; >+ memcpy(bcc_ptr, (char *)lnm_session_key, CIFS_AUTH_RESP_SIZE); >+ bcc_ptr += CIFS_AUTH_RESP_SIZE; >+ } else { >+ pSMB->old_req.PasswordLength = 0; >+ } > > /* > * can not sign if LANMAN negotiated so no need >-- >1.9.1 > > >From 4c49840f20708cf90ff109b56172b44e66b38332 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 3 May 2016 10:52:30 +0200 >Subject: [PATCH 3/4] fs/cifs: correctly to anonymous authentication for the > NTLM(v1) authentication > >Only server which map unknown users to guest will allow >access using a non-null NTChallengeResponse. > >For Samba it's the "map to guest = bad user" option. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11913 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >--- > fs/cifs/sess.c | 41 +++++++++++++++++++++++------------------ > 1 file changed, 23 insertions(+), 18 deletions(-) > >diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c >index b9e2cc1..5d5d11e 100644 >--- a/fs/cifs/sess.c >+++ b/fs/cifs/sess.c >@@ -781,26 +781,31 @@ sess_auth_ntlm(struct sess_data *sess_data) > capabilities = cifs_ssetup_hdr(ses, pSMB); > > pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities); >- pSMB->req_no_secext.CaseInsensitivePasswordLength = >- cpu_to_le16(CIFS_AUTH_RESP_SIZE); >- pSMB->req_no_secext.CaseSensitivePasswordLength = >- cpu_to_le16(CIFS_AUTH_RESP_SIZE); >+ if (ses->user_name != NULL) { >+ pSMB->req_no_secext.CaseInsensitivePasswordLength = >+ cpu_to_le16(CIFS_AUTH_RESP_SIZE); >+ pSMB->req_no_secext.CaseSensitivePasswordLength = >+ cpu_to_le16(CIFS_AUTH_RESP_SIZE); > >- /* calculate ntlm response and session key */ >- rc = setup_ntlm_response(ses, sess_data->nls_cp); >- if (rc) { >- cifs_dbg(VFS, "Error %d during NTLM authentication\n", >- rc); >- goto out; >- } >+ /* calculate ntlm response and session key */ >+ rc = setup_ntlm_response(ses, sess_data->nls_cp); >+ if (rc) { >+ cifs_dbg(VFS, "Error %d during NTLM authentication\n", >+ rc); >+ goto out; >+ } > >- /* copy ntlm response */ >- memcpy(bcc_ptr, ses->auth_key.response + CIFS_SESS_KEY_SIZE, >- CIFS_AUTH_RESP_SIZE); >- bcc_ptr += CIFS_AUTH_RESP_SIZE; >- memcpy(bcc_ptr, ses->auth_key.response + CIFS_SESS_KEY_SIZE, >- CIFS_AUTH_RESP_SIZE); >- bcc_ptr += CIFS_AUTH_RESP_SIZE; >+ /* copy ntlm response */ >+ memcpy(bcc_ptr, ses->auth_key.response + CIFS_SESS_KEY_SIZE, >+ CIFS_AUTH_RESP_SIZE); >+ bcc_ptr += CIFS_AUTH_RESP_SIZE; >+ memcpy(bcc_ptr, ses->auth_key.response + CIFS_SESS_KEY_SIZE, >+ CIFS_AUTH_RESP_SIZE); >+ bcc_ptr += CIFS_AUTH_RESP_SIZE; >+ } else { >+ pSMB->req_no_secext.CaseInsensitivePasswordLength = 0; >+ pSMB->req_no_secext.CaseSensitivePasswordLength = 0; >+ } > > if (ses->capabilities & CAP_UNICODE) { > /* unicode strings must be word aligned */ >-- >1.9.1 > > >From c8165dab49dcd163540652fa2d27a2436d952ba3 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 3 May 2016 10:52:30 +0200 >Subject: [PATCH 4/4] fs/cifs: correctly to anonymous authentication for the > NTLM(v2) authentication > >Only server which map unknown users to guest will allow >access using a non-null NTLMv2_Response. > >For Samba it's the "map to guest = bad user" option. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11913 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >--- > fs/cifs/sess.c | 32 ++++++++++++++++++-------------- > 1 file changed, 18 insertions(+), 14 deletions(-) > >diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c >index 5d5d11e..af0ec2d 100644 >--- a/fs/cifs/sess.c >+++ b/fs/cifs/sess.c >@@ -895,22 +895,26 @@ sess_auth_ntlmv2(struct sess_data *sess_data) > /* LM2 password would be here if we supported it */ > pSMB->req_no_secext.CaseInsensitivePasswordLength = 0; > >- /* calculate nlmv2 response and session key */ >- rc = setup_ntlmv2_rsp(ses, sess_data->nls_cp); >- if (rc) { >- cifs_dbg(VFS, "Error %d during NTLMv2 authentication\n", rc); >- goto out; >- } >+ if (ses->user_name != NULL) { >+ /* calculate nlmv2 response and session key */ >+ rc = setup_ntlmv2_rsp(ses, sess_data->nls_cp); >+ if (rc) { >+ cifs_dbg(VFS, "Error %d during NTLMv2 authentication\n", rc); >+ goto out; >+ } > >- memcpy(bcc_ptr, ses->auth_key.response + CIFS_SESS_KEY_SIZE, >- ses->auth_key.len - CIFS_SESS_KEY_SIZE); >- bcc_ptr += ses->auth_key.len - CIFS_SESS_KEY_SIZE; >+ memcpy(bcc_ptr, ses->auth_key.response + CIFS_SESS_KEY_SIZE, >+ ses->auth_key.len - CIFS_SESS_KEY_SIZE); >+ bcc_ptr += ses->auth_key.len - CIFS_SESS_KEY_SIZE; > >- /* set case sensitive password length after tilen may get >- * assigned, tilen is 0 otherwise. >- */ >- pSMB->req_no_secext.CaseSensitivePasswordLength = >- cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE); >+ /* set case sensitive password length after tilen may get >+ * assigned, tilen is 0 otherwise. >+ */ >+ pSMB->req_no_secext.CaseSensitivePasswordLength = >+ cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE); >+ } else { >+ pSMB->req_no_secext.CaseSensitivePasswordLength = 0; >+ } > > if (ses->capabilities & CAP_UNICODE) { > if (sess_data->iov[0].iov_len % 2) { >-- >1.9.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 11913
: 12090