Re: Linux CIFS NTLMSSP mount failing against win2k8

Re: Linux CIFS NTLMSSP mount failing against win2k8

[Jeff Layton]

[-- Attachment #1: Type: text/plain, Size: 2801 bytes --]

On Wed, 30 Jun 2010 09:25:10 +1000
Andrew Bartlett <abartlet-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org> wrote:

> On Sat, 2010-04-10 at 23:09 -0500, Shirish Pargaonkar wrote:
> > On Sat, Apr 10, 2010 at 5:17 PM, Jeff Layton <jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org> wrote:
> > > I've been playing with NTLMSSP today in CIFS, and have run across a
> > > problem. The Session Setup using Raw NTLMSSP succeeds, but then afterward
> > > the tree connect fails with STATUS_ACCESS_DENIED. The odd thing is that
> > > if authenticate as the same user using krb5, then it works fine.
> > > smbclient does SPNEGO encapsulated NTLMSSP and the tree connect it does
> > > works fine as well.
> > >
> > > Attached is a capture that shows two "mount attempts". The first one
> > > fails (that the Linux CIFS one). The second succeeds -- that's the
> > > Linux CIFS one.
> > >
> > > The code I'm using is slightly modified so that the tree connect is
> > > closer to identical to what smbclient does. That doesn't get around the
> > > problem though. I assume that there must be something wrong with the
> > > session setup, but since it succeeds it seems like it ought to work...
> > >
> > > Does anyone have any clue as to what the problem is? Or does anyone
> > > know how to make win2k8 tell me why it's refusing the tree connect? The
> > > event viewer seems to be pretty useless for this, but maybe I'm just
> > > not looking in the right place?
> > >
> > > --
> > > Jeff Layton <jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
> > >
> > 
> > Jeff,
> > 
> > You can see if this code change,
> >   cifs_MD5_update(&context, (char *)&key->data, 16);
> > insetead of
> >  cifs_MD5_update(&context, (char *)&key->data, key->len);
> > in function cifs_calculate_signature() works.
> 
> If I had some context, I would be able to advise if this is correct.  If
> this is the application of the 'session key' to the SMB singing (the MD5
> with the actual packet), then this is important, but only for Kerberos,
> not NTLMSSP, which for all versions returns a 16 byte key. 
> 

(dropping old linux-cifs-client list and adding new one to cc list)

Unfortunately, I haven't had time to spend on this in a while so I
haven't really given it the time it deserves.  My gut feeling is that
there are enough questionable portions of this code in CIFS that it
really needs an overhaul from "first principles" -- starting by making
the encryption algorithms use the standard kernel crypto libs and a
review of what NTLMSSP flags are being set in the negotation. Some of
that may just be my lack of familiarity with the code, but a lot of the
unicode conversion in smbencrypt.c looks questionable.

-- 
Jeff Layton <jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: Linux CIFS NTLMSSP mount failing against win2k8

[Steve French]

On Wed, Jun 30, 2010 at 6:55 AM, Jeff Layton <jlayton@samba.org> wrote:
> On Wed, 30 Jun 2010 09:25:10 +1000
> Andrew Bartlett <abartlet@samba.org> wrote:
>
>> On Sat, 2010-04-10 at 23:09 -0500, Shirish Pargaonkar wrote:
>> > On Sat, Apr 10, 2010 at 5:17 PM, Jeff Layton <jlayton@samba.org> wrote:
>> > > I've been playing with NTLMSSP today in CIFS, and have run across a
>> > > problem. The Session Setup using Raw NTLMSSP succeeds, but then afterward
>> > > the tree connect fails with STATUS_ACCESS_DENIED. The odd thing is that
>> > > if authenticate as the same user using krb5, then it works fine.
>> > > smbclient does SPNEGO encapsulated NTLMSSP and the tree connect it does
>> > > works fine as well.
>> > >
>> > > Attached is a capture that shows two "mount attempts". The first one
>> > > fails (that the Linux CIFS one). The second succeeds -- that's the
>> > > Linux CIFS one.
>> > >
>> > > The code I'm using is slightly modified so that the tree connect is
>> > > closer to identical to what smbclient does. That doesn't get around the
>> > > problem though. I assume that there must be something wrong with the
>> > > session setup, but since it succeeds it seems like it ought to work...
>> > >
>> > > Does anyone have any clue as to what the problem is? Or does anyone
>> > > know how to make win2k8 tell me why it's refusing the tree connect? The
>> > > event viewer seems to be pretty useless for this, but maybe I'm just
>> > > not looking in the right place?
>> > >
>> > > --
>> > > Jeff Layton <jlayton@samba.org>
>> > >
>> >
>> > Jeff,
>> >
>> > You can see if this code change,
>> >   cifs_MD5_update(&context, (char *)&key->data, 16);
>> > insetead of
>> >  cifs_MD5_update(&context, (char *)&key->data, key->len);
>> > in function cifs_calculate_signature() works.
>>
>> If I had some context, I would be able to advise if this is correct.  If
>> this is the application of the 'session key' to the SMB singing (the MD5
>> with the actual packet), then this is important, but only for Kerberos,
>> not NTLMSSP, which for all versions returns a 16 byte key.
>>
>
> (dropping old linux-cifs-client list and adding new one to cc list)
>
> Unfortunately, I haven't had time to spend on this in a while so I
> haven't really given it the time it deserves.  My gut feeling is that
> there are enough questionable portions of this code in CIFS that it
> really needs an overhaul from "first principles" -- starting by making
> the encryption algorithms use the standard kernel crypto libs and a
> review of what NTLMSSP flags are being set in the negotation. Some of
> that may just be my lack of familiarity with the code, but a lot of the
> unicode conversion in smbencrypt.c looks questionable.

I would like to make some simplifying assumptions, e.g.
the number of NTLMSSP flags we use.  For SMB2 it
is easier because we can limit support to only
two auth mechanisms: krb5 in spnego and ntlmv2 in ntlmssp -
and only one signing mechanism (the new SHA256 one),
but for cifs we have old servers that won't support those.

The originals for a few key pieces of the old came from Samba,
so it probably had some of the same problems with Unicode
that you noted.  Converting the RC4-MD5-HMAC to kernel crypto libs is harder
than it seems.  Shirish had some trouble with the kernel crypto (as did I a
few years ago when I tried it - the code got uglier/bigger using those
interfaces).

The documentation for this is harder than it seems to wade through
(due to lack of examples).

-- 
Thanks,

Steve

Re: [linux-cifs-client] Linux CIFS NTLMSSP mount failing against win2k8

[Shirish Pargaonkar]

On Mon, Jun 28, 2010 at 6:25 PM, Andrew Bartlett <abartlet-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org> wrote:
> On Mon, 2010-06-28 at 17:47 -0500, Shirish Pargaonkar wrote:
>
>> When I look at Windows - Windows smb2 traces, the (16 bytes) signature
>> looks nothing like
>> version (which is 1), ciphertext of 8 bytes of hmac-md5, sequence number
>
> SMB2 SMB Signing does not use the NTLMSSP packet signing algorithm.
> Instead, like SMB, it takes the session key already calculated and
> applies a unique-to-SMB2 algorithm to it.  This involves sha256 I
> think.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett                                http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
> Samba Developer, Cisco Inc.
>


I have had luck with some kernel crypto apis while working on this code.
I have been able to use arc4 and md5 hash apis successfully while
not being able to figure out hmac-md5 apis and I had not even
looked at sha, which I will.

What is confusing to me is, current cifs code using ntlmv2 within
ntlmssp authenticates and signs against Windows 2003 server
successfully/

But it does not against Windows 7 and Windows 2008 (I do not have
a Windows Vista installation). I am currently changing to code and
I am sure I would be able to authenticate using ntlmv2 within ntlmssp.
singing is what is confusing.

With smb2 client also, I can authenticate against Windows 7 and
Windows 2008 but signing fails.

So I am confused about what algorithm to use for cifs to sign
against Windows 7 and Windows 2008 server for ntlmv2 within ntlmssp
and what algorithm to use for smb2 to sign against a Windows 7
and Windows 2008 server for ntlmv2 within ntlmssp.

I have been reading and following MS-NLMP and
http://davenport.sourceforge.net/ntlm.html

Re: [linux-cifs-client] Linux CIFS NTLMSSP mount failing against win2k8

[Andrew Bartlett]

[-- Attachment #1: Type: text/plain, Size: 2383 bytes --]

On Thu, 2010-07-01 at 12:22 -0500, Shirish Pargaonkar wrote:
> On Mon, Jun 28, 2010 at 6:25 PM, Andrew Bartlett <abartlet@samba.org> wrote:
> > On Mon, 2010-06-28 at 17:47 -0500, Shirish Pargaonkar wrote:
> >
> >> When I look at Windows - Windows smb2 traces, the (16 bytes) signature
> >> looks nothing like
> >> version (which is 1), ciphertext of 8 bytes of hmac-md5, sequence number
> >
> > SMB2 SMB Signing does not use the NTLMSSP packet signing algorithm.
> > Instead, like SMB, it takes the session key already calculated and
> > applies a unique-to-SMB2 algorithm to it.  This involves sha256 I
> > think.
> >
> > Andrew Bartlett
> >
> > --
> > Andrew Bartlett                                http://samba.org/~abartlet/
> > Authentication Developer, Samba Team           http://samba.org
> > Samba Developer, Cisco Inc.
> >
> 
> 
> I have had luck with some kernel crypto apis while working on this code.
> I have been able to use arc4 and md5 hash apis successfully while
> not being able to figure out hmac-md5 apis and I had not even
> looked at sha, which I will.
> 
> What is confusing to me is, current cifs code using ntlmv2 within
> ntlmssp authenticates and signs against Windows 2003 server
> successfully/
> 
> But it does not against Windows 7 and Windows 2008 (I do not have
> a Windows Vista installation). I am currently changing to code and
> I am sure I would be able to authenticate using ntlmv2 within ntlmssp.
> singing is what is confusing.
> 
> With smb2 client also, I can authenticate against Windows 7 and
> Windows 2008 but signing fails.
> 
> So I am confused about what algorithm to use for cifs to sign
> against Windows 7 and Windows 2008 server for ntlmv2 within ntlmssp
> and what algorithm to use for smb2 to sign against a Windows 7
> and Windows 2008 server for ntlmv2 within ntlmssp.
> 
> I have been reading and following MS-NLMP and
> http://davenport.sourceforge.net/ntlm.html

The trick here is only to follow these up to the point at which the
master key is generated, not the signing or sealing keys.  The master
key (16 bytes) is the input the special SMB and SMB2 signing algorithms.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 190 bytes --]