lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87r15910c1.fsf@cjr.nz>
Date:   Wed, 04 May 2022 17:58:54 -0300
From:   Paulo Alcantara <pc@....nz>
To:     Tom Talpey <tom@...pey.com>, Steven French <sfrench@...ba.org>,
        Byron Stanoszek <gandalf@...ds.org>,
        Shyam Prasad N <nspmangalore@...il.com>
Cc:     linux-cifs@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: CIFS regression mounting vers=1.0 NTLMSSP when hostname is too
 long

Tom Talpey <tom@...pey.com> writes:

> I think the most conservative and spec-compliant choice should be made.
> SMB1 should not be pushing the envelope of interoperability, in this day
> and age.

OK.

> I believe the NetBIOS name is a fixed array of 16 octets, right? So, if
> the nodename is shorter, it needs to be padded with 0's.

Right.

> Did this code change recently? Why???

We used to not send the WorkstationName during NTLMSSP until recent
patch from Shyam:

	commit 49bd49f983b5026e4557d31c5d737d9657c4113e
	Author: Shyam Prasad N <sprasad@...rosoft.com>
	Date:   Fri Nov 5 19:03:57 2021 +0000
	
	    cifs: send workstation name during ntlmssp session setup
	
	    During the ntlmssp session setup (authenticate phases)
	    send the client workstation info. This can make debugging easier on
	    servers.
	
	    Signed-off-by: Shyam Prasad N <sprasad@...rosoft.com>
	    Reviewed-by: Paulo Alcantara (SUSE) <pc@....nz>
	    Reviewed-by: Enzo Matsumiya <ematsumiya@...e.de>
	    Signed-off-by: Steve French <stfrench@...rosoft.com>

Unfortunately some servers did not seem to enforce it to be 16 bytes
long, so the reason why we didn't catch it earlier.

Steve, Shyam, let me know if it does make sense to you and then I can
work on a patch to fix it properly.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ