[PATCH 3.14 04/20] fs/cifs: correctly to anonymous authentication via NTLMSSP

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Stefan Metzmacher <metze@samba.org>,
	Steve French <smfrench@gmail.com>
Subject: [PATCH 3.14 04/20] fs/cifs: correctly to anonymous authentication via NTLMSSP
Date: Mon, 30 May 2016 13:49:35 -0700	[thread overview]
Message-ID: <20160530204934.477474669@linuxfoundation.org> (raw)
In-Reply-To: <20160530204934.262210466@linuxfoundation.org>

3.14-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Stefan Metzmacher <metze@samba.org>

commit cfda35d98298131bf38fbad3ce4cd5ecb3cf18db upstream.

See [MS-NLMP] 3.2.5.1.2 Server Receives an AUTHENTICATE_MESSAGE from the Client:

   ...
   Set NullSession to FALSE
   If (AUTHENTICATE_MESSAGE.UserNameLen == 0 AND
      AUTHENTICATE_MESSAGE.NtChallengeResponse.Length == 0 AND
      (AUTHENTICATE_MESSAGE.LmChallengeResponse == Z(1)
       OR
       AUTHENTICATE_MESSAGE.LmChallengeResponse.Length == 0))
       -- Special case: client requested anonymous authentication
       Set NullSession to TRUE
   ...

Only server which map unknown users to guest will allow
access using a non-null NTChallengeResponse.

For Samba it's the "map to guest = bad user" option.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11913

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/cifs/sess.c |   32 ++++++++++++++++++++------------
 1 file changed, 20 insertions(+), 12 deletions(-)

--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -399,19 +399,27 @@ int build_ntlmssp_auth_blob(unsigned cha
 	sec_blob->LmChallengeResponse.MaximumLength = 0;
 
 	sec_blob->NtChallengeResponse.BufferOffset = cpu_to_le32(tmp - pbuffer);
-	rc = setup_ntlmv2_rsp(ses, nls_cp);
-	if (rc) {
-		cifs_dbg(VFS, "Error %d during NTLMSSP authentication\n", rc);
-		goto setup_ntlmv2_ret;
-	}
-	memcpy(tmp, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
-			ses->auth_key.len - CIFS_SESS_KEY_SIZE);
-	tmp += ses->auth_key.len - CIFS_SESS_KEY_SIZE;
+	if (ses->user_name != NULL) {
+		rc = setup_ntlmv2_rsp(ses, nls_cp);
+		if (rc) {
+			cifs_dbg(VFS, "Error %d during NTLMSSP authentication\n", rc);
+			goto setup_ntlmv2_ret;
+		}
+		memcpy(tmp, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
+				ses->auth_key.len - CIFS_SESS_KEY_SIZE);
+		tmp += ses->auth_key.len - CIFS_SESS_KEY_SIZE;
 
-	sec_blob->NtChallengeResponse.Length =
-			cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
-	sec_blob->NtChallengeResponse.MaximumLength =
-			cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
+		sec_blob->NtChallengeResponse.Length =
+				cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
+		sec_blob->NtChallengeResponse.MaximumLength =
+				cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
+	} else {
+		/*
+		 * don't send an NT Response for anonymous access
+		 */
+		sec_blob->NtChallengeResponse.Length = 0;
+		sec_blob->NtChallengeResponse.MaximumLength = 0;
+	}
 
 	if (ses->domainName == NULL) {
 		sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - pbuffer);

next prev parent reply	other threads:[~2016-05-30 22:10 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-05-30 20:49 [PATCH 3.14 00/20] 3.14.71-stable review Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 01/20] Btrfs: dont use src fd for printk Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 02/20] arm/arm64: KVM: Enforce Break-Before-Make on Stage-2 page tables Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 03/20] remove directory incorrectly tries to set delete on close on non-empty directories Greg Kroah-Hartman
2016-05-30 20:49 ` Greg Kroah-Hartman [this message]
2016-05-30 20:49 ` [PATCH 3.14 05/20] ring-buffer: Use long for nr_pages to avoid overflow failures Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 06/20] ring-buffer: Prevent overflow of size in ring_buffer_resize() Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 07/20] crypto: caam - fix caam_jr_alloc() ret code Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 08/20] mfd: omap-usb-tll: Fix scheduling while atomic BUG Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 09/20] mmc: mmc: Fix partition switch timeout for some eMMCs Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 10/20] ACPI / osi: Fix an issue that acpi_osi=!* cannot disable ACPICA internal strings Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 11/20] mmc: longer timeout for long read time quirk Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 12/20] Bluetooth: vhci: purge unhandled skbs Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 13/20] USB: serial: mxuport: fix use-after-free in probe error path Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 14/20] USB: serial: keyspan: " Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 15/20] USB: serial: quatech2: " Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 16/20] USB: serial: io_edgeport: fix memory leaks in attach " Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 17/20] USB: serial: io_edgeport: fix memory leaks in probe " Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 18/20] USB: serial: option: add support for Cinterion PH8 and AHxx Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 19/20] tty: vt, return error when con_startup fails Greg Kroah-Hartman
2016-05-30 20:49 ` [PATCH 3.14 20/20] serial: samsung: Reorder the sequence of clock control when call s3c24xx_serial_set_termios() Greg Kroah-Hartman
2016-06-01  5:23 ` [PATCH 3.14 00/20] 3.14.71-stable review Guenter Roeck
2016-06-01 14:19 ` Shuah Khan
2016-06-01 16:16   ` Greg Kroah-Hartman
     [not found] ` <574e993f.92981c0a.59c4b.ffff8936@mx.google.com>
2016-06-01 16:17   ` Greg Kroah-Hartman
2016-06-01 17:38     ` Kevin Hilman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160530204934.477474669@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=metze@samba.org \
    --cc=smfrench@gmail.com \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.