From patchwork Wed Aug 20 10:39:01 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Namjae Jeon <namjae.jeon@samsung.com>
X-Patchwork-Id: 4748871
Return-Path: <linux-cifs-owner@kernel.org>
X-Original-To: patchwork-cifs-client@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id E31ECC0338
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Wed, 20 Aug 2014 10:39:07 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 0694020155
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Wed, 20 Aug 2014 10:39:07 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id E859F2014A
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Wed, 20 Aug 2014 10:39:05 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752260AbaHTKjF (ORCPT
	<rfc822;patchwork-cifs-client@patchwork.kernel.org>);
	Wed, 20 Aug 2014 06:39:05 -0400
Received: from mailout1.samsung.com ([203.254.224.24]:15049 "EHLO
	mailout1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752258AbaHTKjD (ORCPT
	<rfc822; linux-cifs@vger.kernel.org>); Wed, 20 Aug 2014 06:39:03 -0400
Received: from epcpsbgr2.samsung.com
	(u142.gpu120.samsung.co.kr [203.254.230.142])
	by mailout1.samsung.com (Oracle Communications Messaging Server
	7u4-24.01 (7.0.4.24.0) 64bit (built Nov 17 2011))
	with ESMTP id <0NAL008K6PL1R7B0@mailout1.samsung.com> for
	linux-cifs@vger.kernel.org; Wed, 20 Aug 2014 19:39:01 +0900 (KST)
Received: from epcpsbgm1.samsung.com ( [172.20.52.112])
	by epcpsbgr2.samsung.com (EPCPMTA) with SMTP id F2.DF.19786.5CA74F35;
	Wed, 20 Aug 2014 19:39:01 +0900 (KST)
X-AuditID: cbfee68e-b7fab6d000004d4a-58-53f47ac5c7e4
Received: from epmmp2 ( [203.254.227.17])	by epcpsbgm1.samsung.com (EPCPMTA)
	with SMTP id AE.C4.04943.5CA74F35;
	Wed, 20 Aug 2014 19:39:01 +0900 (KST)
Received: from DONAMJAEJEO06 ([10.88.104.63])
	by mmp2.samsung.com (Oracle Communications Messaging Server 7u4-24.01
	(7.0.4.24.0) 64bit (built Nov 17 2011))
	with ESMTPA id <0NAL00L21PL1N950@mmp2.samsung.com>; Wed,
	20 Aug 2014 19:39:01 +0900 (KST)
From: Namjae Jeon <namjae.jeon@samsung.com>
To: 'Steve French' <smfrench@gmail.com>
Cc: 'Shirish Pargaonkar' <shirishpargaonkar@gmail.com>,
	'Pavel Shilovsky' <pshilovsky@samba.org>,
	linux-cifs@vger.kernel.org, Ashish Sangwan <a.sangwan@samsung.com>
Subject: [PATCH 1/7] cifs: Bypass windows extended security for ntlmv2
	negotiate
Date: Wed, 20 Aug 2014 19:39:01 +0900
Message-id: <003401cfbc62$f505f920$df11eb60$@samsung.com>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-index: Ac+8YqFbT8Ywh20kTvCBBHnOY/BaJQ==
Content-language: ko
X-Brightmail-Tracker: 
 H4sIAAAAAAAAA+NgFtrBIsWRmVeSWpSXmKPExsWyRsSkQPdo1Zdggy2nDC2WTrzEbPHi/y5m
	i3N7WS1ezGlgtHjz4jCbA6vHzll32T3m7upj9OjbsorR4/MmuQCWKC6blNSczLLUIn27BK6M
	5T/mMRbslqj4c3YXWwPjQpEuRk4OCQETic23XjBB2GISF+6tZwOxhQSWMkosvOIGUzPz0WWg
	OBdQfDqjxNNPx6Gcv4wS9971MHcxcnCwCWhL/NkiCtIgIqAu8Xn5X2YQm1lgBaPEo18mICXC
	AgES7/8mgoRZBFQlbv7rYQGxeQUsJb72b2WEsAUlfky+xwLRqiWxfudxJghbXmLzmrfMEPco
	SOw4+5oRYpWexNvtFxkhakQk9r14xwhymoTANnaJv8+PMkMsE5D4NvkQC8gNEgKyEpsOQM2R
	lDi44gbLBEaxWUhWz0KyehaS1bOQrFjAyLKKUTS1ILmgOCm9yEivODG3uDQvXS85P3cTIzDW
	Tv971reD8eYB60OMyUDrJzJLiSbnA2M1ryTe0NjMyMLUxNTYyNzSjDRhJXHeRQ+TgoQE0hNL
	UrNTUwtSi+KLSnNSiw8xMnFwSjUwWgbuOT1/0l3T+V7nkh6GM2bvkLu+hW/nv3+frDNm3jyx
	4V73p09W7svvGC6Pq2LgYO3aom/zLmvqZVH/hbmTW86t3NB0lOcsU1YVi+bSc6uYjs7YPHfn
	bsW3dcrPpi+ZN/tkp7L+t4o7W2Pd2C7WtTNZuTxOD5VqePz4TvyFKTpZJ39PsS1z71ViKc5I
	NNRiLipOBAB+2/thywIAAA==
X-Brightmail-Tracker: 
 H4sIAAAAAAAAA+NgFnrBIsWRmVeSWpSXmKPExsVy+t9jQd2jVV+CDbb2aVosnXiJ2eLF/13M
	Fuf2slq8mNPAaPHmxWE2B1aPnbPusnvM3dXH6NG3ZRWjx+dNcgEsUQ2MNhmpiSmpRQqpecn5
	KZl56bZK3sHxzvGmZgaGuoaWFuZKCnmJuam2Si4+AbpumTlAe5UUyhJzSoFCAYnFxUr6dpgm
	hIa46VrANEbo+oYEwfUYGaCBhDWMGct/zGMs2C1R8efsLrYGxoUiXYycHBICJhIzH11mg7DF
	JC7cWw9kc3EICUxnlHj66TiU85dR4t67HuYuRg4ONgFtiT9bREEaRATUJT4v/8sMYjMLrGCU
	ePTLBKREWCBA4v3fRJAwi4CqxM1/PSwgNq+ApcTX/q2MELagxI/J91ggWrUk1u88zgRhy0ts
	XvOWGeIeBYkdZ18zQqzSk3i7/SIjRI2IxL4X7xgnMArMQjJqFpJRs5CMmoWkZQEjyypG0dSC
	5ILipPRcQ73ixNzi0rx0veT83E2M4Fh+JrWDcWWDxSFGAQ5GJR5ehezPwUKsiWXFlbmHGCU4
	mJVEeH1yvwQL8aYkVlalFuXHF5XmpBYfYjQF+nQis5Rocj4wzeSVxBsam5gZWRqZG1oYGZsr
	ifMeaLUOFBJITyxJzU5NLUgtgulj4uCUamA8v/iV83Whu6tm6P9N3n1PXnjqeSl5MV3maZcl
	3gi32u9Tm/V6rqhS/vflW5lN1fNWLj207HbpYcbEyI9TvmYInzuts+eqk8+lVnvvHn/nSY/z
	jpw+nVmk/1739+qeWZruWuWVjLZL5y9k3RnOfejfzlkPN4umbdBd8043/sbeHoa2CBmL+KnB
	SizFGYmGWsxFxYkAudVbBfsCAAA=
DLP-Filter: Pass
X-MTR: 20000000000000000@CPGS
X-CFilter-Loop: Reflected
Sender: linux-cifs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-cifs.vger.kernel.org>
X-Mailing-List: linux-cifs@vger.kernel.org
X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	RP_MATCHES_RCVD,
	UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Windows machine has extended security feature which refuse to allow
authentication when there is time difference between server time and
client time when ntlmv2 negotiation is used. This problem is prevalent
in embedded enviornment where system time is set to default 1970.

We don't know yet the exact threshold for the time difference at which
the connection is refused but one comment in cifs code suggest that it
is around 5 minutes.

This patch tries to solve this problem by sending the received server
time during negotiate process as the current client time.

Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Ashish Sangwan <a.sangwan@samsung.com>
---
 fs/cifs/cifsencrypt.c |    4 ++--
 fs/cifs/cifsglob.h    |    2 ++
 fs/cifs/cifssmb.c     |    2 ++
 fs/cifs/smb2pdu.c     |    1 +
 4 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
index 4934347..d5cec81 100644
--- a/fs/cifs/cifsencrypt.c
+++ b/fs/cifs/cifsencrypt.c
@@ -671,8 +671,8 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp)
 			(ses->auth_key.response + CIFS_SESS_KEY_SIZE);
 	ntlmv2->blob_signature = cpu_to_le32(0x00000101);
 	ntlmv2->reserved = 0;
-	/* Must be within 5 minutes of the server */
-	ntlmv2->time = cpu_to_le64(cifs_UnixTimeToNT(CURRENT_TIME));
+	/* Hack to get around windows extended security */
+	ntlmv2->time = cpu_to_le64(ses->serverTime);
 	get_random_bytes(&ntlmv2->client_chal, sizeof(ntlmv2->client_chal));
 	ntlmv2->reserved2 = 0;
 
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index ce24c1f..9344c94 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -796,6 +796,8 @@ struct cifs_ses {
 	enum securityEnum sectype; /* what security flavor was specified? */
 	bool sign;		/* is signing required? */
 	bool need_reconnect:1; /* connection reset, uid now invalid */
+	__u64   serverTime;	/* Keeps a track of server time sent by server
+				   during negotiate response */
 #ifdef CONFIG_CIFS_SMB2
 	__u16 session_flags;
 	char smb3signingkey[SMB3_SIGN_KEY_SIZE]; /* for signing smb3 packets */
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index 86a2aa5..ead2da0 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -584,6 +584,8 @@ CIFSSMBNegotiate(const unsigned int xid, struct cifs_ses *ses)
 	if (rc != 0)
 		goto neg_err_exit;
 
+	ses->serverTime = le32_to_cpu(pSMBr->SystemTimeLow);
+	ses->serverTime |= ((__u64)le32_to_cpu(pSMBr->SystemTimeHigh) << 32);
 	server->dialect = le16_to_cpu(pSMBr->DialectIndex);
 	cifs_dbg(FYI, "Dialect: %d\n", server->dialect);
 	/* Check wct = 1 error case */
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index ed42234..a40f492 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -381,6 +381,7 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses)
 	if (rc != 0)
 		goto neg_exit;
 
+	ses->serverTime = le64_to_cpu(rsp->SystemTime);
 	cifs_dbg(FYI, "mode 0x%x\n", rsp->SecurityMode);
 
 	/* BB we may eventually want to match the negotiated vs. requested