Skip to content

Commit

Permalink
ksmbd: add support for key exchange
Browse files Browse the repository at this point in the history 
When mounting cifs client, can see the following warning message.

CIFS: decode_ntlmssp_challenge: authentication has been weakened as server
does not support key exchange

To remove this warning message, Add support for key exchange feature to
ksmbd. This patch decrypts 16-byte ciphertext value sent by the client
using RC4 with session key. The decrypted value is the recovered secondary
key that will use instead of the session key for signing and sealing.

Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
  • Loading branch information
Namjae Jeon authored and Steve French committed Feb 4, 2022
1 parent deae24b commit f9929ef
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 2 deletions.
4 changes: 2 additions & 2 deletions fs/Kconfig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -369,8 +369,8 @@ source "fs/ksmbd/Kconfig"

config SMBFS_COMMON
tristate
default y if CIFS=y
default m if CIFS=m
default y if CIFS=y || SMB_SERVER=y
default m if CIFS=m || SMB_SERVER=m

source "fs/coda/Kconfig"
source "fs/afs/Kconfig"
Expand Down
27 changes: 27 additions & 0 deletions fs/ksmbd/auth.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
#include "mgmt/user_config.h"
#include "crypto_ctx.h"
#include "transport_ipc.h"
#include "../smbfs_common/arc4.h"

/*
* Fixed format data defining GSS header and fixed string
Expand Down Expand Up @@ -336,6 +337,29 @@ int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob,
nt_len - CIFS_ENCPWD_SIZE,
domain_name, conn->ntlmssp.cryptkey);
kfree(domain_name);

/* The recovered secondary session key */
if (conn->ntlmssp.client_flags & NTLMSSP_NEGOTIATE_KEY_XCH) {
struct arc4_ctx *ctx_arc4;
unsigned int sess_key_off, sess_key_len;

sess_key_off = le32_to_cpu(authblob->SessionKey.BufferOffset);
sess_key_len = le16_to_cpu(authblob->SessionKey.Length);

if (blob_len < (u64)sess_key_off + sess_key_len)
return -EINVAL;

ctx_arc4 = kmalloc(sizeof(*ctx_arc4), GFP_KERNEL);
if (!ctx_arc4)
return -ENOMEM;

cifs_arc4_setkey(ctx_arc4, sess->sess_key,
SMB2_NTLMV2_SESSKEY_SIZE);
cifs_arc4_crypt(ctx_arc4, sess->sess_key,
(char *)authblob + sess_key_off, sess_key_len);
kfree_sensitive(ctx_arc4);
}

return ret;
}

Expand Down Expand Up @@ -408,6 +432,9 @@ ksmbd_build_ntlmssp_challenge_blob(struct challenge_message *chgblob,
(cflags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
flags |= NTLMSSP_NEGOTIATE_EXTENDED_SEC;

if (cflags & NTLMSSP_NEGOTIATE_KEY_XCH)
flags |= NTLMSSP_NEGOTIATE_KEY_XCH;

chgblob->NegotiateFlags = cpu_to_le32(flags);
len = strlen(ksmbd_netbios_name());
name = kmalloc(2 + UNICODE_LEN(len), GFP_KERNEL);
Expand Down

0 comments on commit f9929ef

Please sign in to comment.