]> Git Repo - linux.git/blob - fs/cifs/sess.c
projects / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
PCI/portdrv: Don't disable AER reporting in get_port_device_capability()
[linux.git] / fs / cifs / sess.c
1 // SPDX-License-Identifier: LGPL-2.1
2 /*
3  *
4  *   SMB/CIFS session setup handling routines
5  *
6  *   Copyright (c) International Business Machines  Corp., 2006, 2009
7  *   Author(s): Steve French ([email protected])
8  *
9  */
10
11 #include "cifspdu.h"
12 #include "cifsglob.h"
13 #include "cifsproto.h"
14 #include "cifs_unicode.h"
15 #include "cifs_debug.h"
16 #include "ntlmssp.h"
17 #include "nterr.h"
18 #include <linux/utsname.h>
19 #include <linux/slab.h>
20 #include <linux/version.h>
21 #include "cifsfs.h"
22 #include "cifs_spnego.h"
23 #include "smb2proto.h"
24 #include "fs_context.h"
25
26 static int
27 cifs_ses_add_channel(struct cifs_sb_info *cifs_sb, struct cifs_ses *ses,
28                      struct cifs_server_iface *iface);
29
30 bool
31 is_server_using_iface(struct TCP_Server_Info *server,
32                       struct cifs_server_iface *iface)
33 {
34         struct sockaddr_in *i4 = (struct sockaddr_in *)&iface->sockaddr;
35         struct sockaddr_in6 *i6 = (struct sockaddr_in6 *)&iface->sockaddr;
36         struct sockaddr_in *s4 = (struct sockaddr_in *)&server->dstaddr;
37         struct sockaddr_in6 *s6 = (struct sockaddr_in6 *)&server->dstaddr;
38
39         if (server->dstaddr.ss_family != iface->sockaddr.ss_family)
40                 return false;
41         if (server->dstaddr.ss_family == AF_INET) {
42                 if (s4->sin_addr.s_addr != i4->sin_addr.s_addr)
43                         return false;
44         } else if (server->dstaddr.ss_family == AF_INET6) {
45                 if (memcmp(&s6->sin6_addr, &i6->sin6_addr,
46                            sizeof(i6->sin6_addr)) != 0)
47                         return false;
48         } else {
49                 /* unknown family.. */
50                 return false;
51         }
52         return true;
53 }
54
55 bool is_ses_using_iface(struct cifs_ses *ses, struct cifs_server_iface *iface)
56 {
57         int i;
58
59         spin_lock(&ses->chan_lock);
60         for (i = 0; i < ses->chan_count; i++) {
61                 if (is_server_using_iface(ses->chans[i].server, iface)) {
62                         spin_unlock(&ses->chan_lock);
63                         return true;
64                 }
65         }
66         spin_unlock(&ses->chan_lock);
67         return false;
68 }
69
70 /* channel helper functions. assumed that chan_lock is held by caller. */
71
72 unsigned int
73 cifs_ses_get_chan_index(struct cifs_ses *ses,
74                         struct TCP_Server_Info *server)
75 {
76         unsigned int i;
77
78         for (i = 0; i < ses->chan_count; i++) {
79                 if (ses->chans[i].server == server)
80                         return i;
81         }
82
83         /* If we didn't find the channel, it is likely a bug */
84         WARN_ON(1);
85         return 0;
86 }
87
88 void
89 cifs_chan_set_in_reconnect(struct cifs_ses *ses,
90                              struct TCP_Server_Info *server)
91 {
92         unsigned int chan_index = cifs_ses_get_chan_index(ses, server);
93
94         ses->chans[chan_index].in_reconnect = true;
95 }
96
97 void
98 cifs_chan_clear_in_reconnect(struct cifs_ses *ses,
99                              struct TCP_Server_Info *server)
100 {
101         unsigned int chan_index = cifs_ses_get_chan_index(ses, server);
102
103         ses->chans[chan_index].in_reconnect = false;
104 }
105
106 bool
107 cifs_chan_in_reconnect(struct cifs_ses *ses,
108                           struct TCP_Server_Info *server)
109 {
110         unsigned int chan_index = cifs_ses_get_chan_index(ses, server);
111
112         return CIFS_CHAN_IN_RECONNECT(ses, chan_index);
113 }
114
115 void
116 cifs_chan_set_need_reconnect(struct cifs_ses *ses,
117                              struct TCP_Server_Info *server)
118 {
119         unsigned int chan_index = cifs_ses_get_chan_index(ses, server);
120
121         set_bit(chan_index, &ses->chans_need_reconnect);
122         cifs_dbg(FYI, "Set reconnect bitmask for chan %u; now 0x%lx\n",
123                  chan_index, ses->chans_need_reconnect);
124 }
125
126 void
127 cifs_chan_clear_need_reconnect(struct cifs_ses *ses,
128                                struct TCP_Server_Info *server)
129 {
130         unsigned int chan_index = cifs_ses_get_chan_index(ses, server);
131
132         clear_bit(chan_index, &ses->chans_need_reconnect);
133         cifs_dbg(FYI, "Cleared reconnect bitmask for chan %u; now 0x%lx\n",
134                  chan_index, ses->chans_need_reconnect);
135 }
136
137 bool
138 cifs_chan_needs_reconnect(struct cifs_ses *ses,
139                           struct TCP_Server_Info *server)
140 {
141         unsigned int chan_index = cifs_ses_get_chan_index(ses, server);
142
143         return CIFS_CHAN_NEEDS_RECONNECT(ses, chan_index);
144 }
145
146 /* returns number of channels added */
147 int cifs_try_adding_channels(struct cifs_sb_info *cifs_sb, struct cifs_ses *ses)
148 {
149         int old_chan_count, new_chan_count;
150         int left;
151         int i = 0;
152         int rc = 0;
153         int tries = 0;
154         struct cifs_server_iface *ifaces = NULL;
155         size_t iface_count;
156
157         spin_lock(&ses->chan_lock);
158
159         new_chan_count = old_chan_count = ses->chan_count;
160         left = ses->chan_max - ses->chan_count;
161
162         if (left <= 0) {
163                 spin_unlock(&ses->chan_lock);
164                 cifs_dbg(FYI,
165                          "ses already at max_channels (%zu), nothing to open\n",
166                          ses->chan_max);
167                 return 0;
168         }
169
170         if (ses->server->dialect < SMB30_PROT_ID) {
171                 spin_unlock(&ses->chan_lock);
172                 cifs_dbg(VFS, "multichannel is not supported on this protocol version, use 3.0 or above\n");
173                 return 0;
174         }
175
176         if (!(ses->server->capabilities & SMB2_GLOBAL_CAP_MULTI_CHANNEL)) {
177                 ses->chan_max = 1;
178                 spin_unlock(&ses->chan_lock);
179                 cifs_dbg(VFS, "server %s does not support multichannel\n", ses->server->hostname);
180                 return 0;
181         }
182         spin_unlock(&ses->chan_lock);
183
184         /*
185          * Make a copy of the iface list at the time and use that
186          * instead so as to not hold the iface spinlock for opening
187          * channels
188          */
189         spin_lock(&ses->iface_lock);
190         iface_count = ses->iface_count;
191         if (iface_count <= 0) {
192                 spin_unlock(&ses->iface_lock);
193                 cifs_dbg(VFS, "no iface list available to open channels\n");
194                 return 0;
195         }
196         ifaces = kmemdup(ses->iface_list, iface_count*sizeof(*ifaces),
197                          GFP_ATOMIC);
198         if (!ifaces) {
199                 spin_unlock(&ses->iface_lock);
200                 return 0;
201         }
202         spin_unlock(&ses->iface_lock);
203
204         /*
205          * Keep connecting to same, fastest, iface for all channels as
206          * long as its RSS. Try next fastest one if not RSS or channel
207          * creation fails.
208          */
209         while (left > 0) {
210                 struct cifs_server_iface *iface;
211
212                 tries++;
213                 if (tries > 3*ses->chan_max) {
214                         cifs_dbg(FYI, "too many channel open attempts (%d channels left to open)\n",
215                                  left);
216                         break;
217                 }
218
219                 iface = &ifaces[i];
220                 if (is_ses_using_iface(ses, iface) && !iface->rss_capable) {
221                         i = (i+1) % iface_count;
222                         continue;
223                 }
224
225                 rc = cifs_ses_add_channel(cifs_sb, ses, iface);
226                 if (rc) {
227                         cifs_dbg(FYI, "failed to open extra channel on iface#%d rc=%d\n",
228                                  i, rc);
229                         i = (i+1) % iface_count;
230                         continue;
231                 }
232
233                 cifs_dbg(FYI, "successfully opened new channel on iface#%d\n",
234                          i);
235                 left--;
236                 new_chan_count++;
237         }
238
239         kfree(ifaces);
240         return new_chan_count - old_chan_count;
241 }
242
243 /*
244  * If server is a channel of ses, return the corresponding enclosing
245  * cifs_chan otherwise return NULL.
246  */
247 struct cifs_chan *
248 cifs_ses_find_chan(struct cifs_ses *ses, struct TCP_Server_Info *server)
249 {
250         int i;
251
252         spin_lock(&ses->chan_lock);
253         for (i = 0; i < ses->chan_count; i++) {
254                 if (ses->chans[i].server == server) {
255                         spin_unlock(&ses->chan_lock);
256                         return &ses->chans[i];
257                 }
258         }
259         spin_unlock(&ses->chan_lock);
260         return NULL;
261 }
262
263 static int
264 cifs_ses_add_channel(struct cifs_sb_info *cifs_sb, struct cifs_ses *ses,
265                      struct cifs_server_iface *iface)
266 {
267         struct TCP_Server_Info *chan_server;
268         struct cifs_chan *chan;
269         struct smb3_fs_context ctx = {NULL};
270         static const char unc_fmt[] = "\\%s\\foo";
271         char unc[sizeof(unc_fmt)+SERVER_NAME_LEN_WITH_NULL] = {0};
272         struct sockaddr_in *ipv4 = (struct sockaddr_in *)&iface->sockaddr;
273         struct sockaddr_in6 *ipv6 = (struct sockaddr_in6 *)&iface->sockaddr;
274         int rc;
275         unsigned int xid = get_xid();
276
277         if (iface->sockaddr.ss_family == AF_INET)
278                 cifs_dbg(FYI, "adding channel to ses %p (speed:%zu bps rdma:%s ip:%pI4)\n",
279                          ses, iface->speed, iface->rdma_capable ? "yes" : "no",
280                          &ipv4->sin_addr);
281         else
282                 cifs_dbg(FYI, "adding channel to ses %p (speed:%zu bps rdma:%s ip:%pI6)\n",
283                          ses, iface->speed, iface->rdma_capable ? "yes" : "no",
284                          &ipv6->sin6_addr);
285
286         /*
287          * Setup a ctx with mostly the same info as the existing
288          * session and overwrite it with the requested iface data.
289          *
290          * We need to setup at least the fields used for negprot and
291          * sesssetup.
292          *
293          * We only need the ctx here, so we can reuse memory from
294          * the session and server without caring about memory
295          * management.
296          */
297
298         /* Always make new connection for now (TODO?) */
299         ctx.nosharesock = true;
300
301         /* Auth */
302         ctx.domainauto = ses->domainAuto;
303         ctx.domainname = ses->domainName;
304         ctx.server_hostname = ses->server->hostname;
305         ctx.username = ses->user_name;
306         ctx.password = ses->password;
307         ctx.sectype = ses->sectype;
308         ctx.sign = ses->sign;
309
310         /* UNC and paths */
311         /* XXX: Use ses->server->hostname? */
312         sprintf(unc, unc_fmt, ses->ip_addr);
313         ctx.UNC = unc;
314         ctx.prepath = "";
315
316         /* Reuse same version as master connection */
317         ctx.vals = ses->server->vals;
318         ctx.ops = ses->server->ops;
319
320         ctx.noblocksnd = ses->server->noblocksnd;
321         ctx.noautotune = ses->server->noautotune;
322         ctx.sockopt_tcp_nodelay = ses->server->tcp_nodelay;
323         ctx.echo_interval = ses->server->echo_interval / HZ;
324         ctx.max_credits = ses->server->max_credits;
325
326         /*
327          * This will be used for encoding/decoding user/domain/pw
328          * during sess setup auth.
329          */
330         ctx.local_nls = cifs_sb->local_nls;
331
332         /* Use RDMA if possible */
333         ctx.rdma = iface->rdma_capable;
334         memcpy(&ctx.dstaddr, &iface->sockaddr, sizeof(struct sockaddr_storage));
335
336         /* reuse master con client guid */
337         memcpy(&ctx.client_guid, ses->server->client_guid,
338                SMB2_CLIENT_GUID_SIZE);
339         ctx.use_client_guid = true;
340
341         chan_server = cifs_get_tcp_session(&ctx, ses->server);
342
343         spin_lock(&ses->chan_lock);
344         chan = &ses->chans[ses->chan_count];
345         chan->server = chan_server;
346         if (IS_ERR(chan->server)) {
347                 rc = PTR_ERR(chan->server);
348                 chan->server = NULL;
349                 spin_unlock(&ses->chan_lock);
350                 goto out;
351         }
352         ses->chan_count++;
353         atomic_set(&ses->chan_seq, 0);
354
355         /* Mark this channel as needing connect/setup */
356         cifs_chan_set_need_reconnect(ses, chan->server);
357
358         spin_unlock(&ses->chan_lock);
359
360         mutex_lock(&ses->session_mutex);
361         /*
362          * We need to allocate the server crypto now as we will need
363          * to sign packets before we generate the channel signing key
364          * (we sign with the session key)
365          */
366         rc = smb311_crypto_shash_allocate(chan->server);
367         if (rc) {
368                 cifs_dbg(VFS, "%s: crypto alloc failed\n", __func__);
369                 mutex_unlock(&ses->session_mutex);
370                 goto out;
371         }
372
373         rc = cifs_negotiate_protocol(xid, ses, chan->server);
374         if (!rc)
375                 rc = cifs_setup_session(xid, ses, chan->server, cifs_sb->local_nls);
376
377         mutex_unlock(&ses->session_mutex);
378
379 out:
380         if (rc && chan->server) {
381                 spin_lock(&ses->chan_lock);
382                 /* we rely on all bits beyond chan_count to be clear */
383                 cifs_chan_clear_need_reconnect(ses, chan->server);
384                 ses->chan_count--;
385                 /*
386                  * chan_count should never reach 0 as at least the primary
387                  * channel is always allocated
388                  */
389                 WARN_ON(ses->chan_count < 1);
390                 spin_unlock(&ses->chan_lock);
391         }
392
393         if (rc && chan->server)
394                 cifs_put_tcp_session(chan->server, 0);
395
396         return rc;
397 }
398
399 static __u32 cifs_ssetup_hdr(struct cifs_ses *ses,
400                              struct TCP_Server_Info *server,
401                              SESSION_SETUP_ANDX *pSMB)
402 {
403         __u32 capabilities = 0;
404
405         /* init fields common to all four types of SessSetup */
406         /* Note that offsets for first seven fields in req struct are same  */
407         /*      in CIFS Specs so does not matter which of 3 forms of struct */
408         /*      that we use in next few lines                               */
409         /* Note that header is initialized to zero in header_assemble */
410         pSMB->req.AndXCommand = 0xFF;
411         pSMB->req.MaxBufferSize = cpu_to_le16(min_t(u32,
412                                         CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4,
413                                         USHRT_MAX));
414         pSMB->req.MaxMpxCount = cpu_to_le16(server->maxReq);
415         pSMB->req.VcNumber = cpu_to_le16(1);
416
417         /* Now no need to set SMBFLG_CASELESS or obsolete CANONICAL PATH */
418
419         /* BB verify whether signing required on neg or just on auth frame
420            (and NTLM case) */
421
422         capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
423                         CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
424
425         if (server->sign)
426                 pSMB->req.hdr.Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
427
428         if (ses->capabilities & CAP_UNICODE) {
429                 pSMB->req.hdr.Flags2 |= SMBFLG2_UNICODE;
430                 capabilities |= CAP_UNICODE;
431         }
432         if (ses->capabilities & CAP_STATUS32) {
433                 pSMB->req.hdr.Flags2 |= SMBFLG2_ERR_STATUS;
434                 capabilities |= CAP_STATUS32;
435         }
436         if (ses->capabilities & CAP_DFS) {
437                 pSMB->req.hdr.Flags2 |= SMBFLG2_DFS;
438                 capabilities |= CAP_DFS;
439         }
440         if (ses->capabilities & CAP_UNIX)
441                 capabilities |= CAP_UNIX;
442
443         return capabilities;
444 }
445
446 static void
447 unicode_oslm_strings(char **pbcc_area, const struct nls_table *nls_cp)
448 {
449         char *bcc_ptr = *pbcc_area;
450         int bytes_ret = 0;
451
452         /* Copy OS version */
453         bytes_ret = cifs_strtoUTF16((__le16 *)bcc_ptr, "Linux version ", 32,
454                                     nls_cp);
455         bcc_ptr += 2 * bytes_ret;
456         bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, init_utsname()->release,
457                                     32, nls_cp);
458         bcc_ptr += 2 * bytes_ret;
459         bcc_ptr += 2; /* trailing null */
460
461         bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
462                                     32, nls_cp);
463         bcc_ptr += 2 * bytes_ret;
464         bcc_ptr += 2; /* trailing null */
465
466         *pbcc_area = bcc_ptr;
467 }
468
469 static void unicode_domain_string(char **pbcc_area, struct cifs_ses *ses,
470                                    const struct nls_table *nls_cp)
471 {
472         char *bcc_ptr = *pbcc_area;
473         int bytes_ret = 0;
474
475         /* copy domain */
476         if (ses->domainName == NULL) {
477                 /* Sending null domain better than using a bogus domain name (as
478                 we did briefly in 2.6.18) since server will use its default */
479                 *bcc_ptr = 0;
480                 *(bcc_ptr+1) = 0;
481                 bytes_ret = 0;
482         } else
483                 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, ses->domainName,
484                                             CIFS_MAX_DOMAINNAME_LEN, nls_cp);
485         bcc_ptr += 2 * bytes_ret;
486         bcc_ptr += 2;  /* account for null terminator */
487
488         *pbcc_area = bcc_ptr;
489 }
490
491
492 static void unicode_ssetup_strings(char **pbcc_area, struct cifs_ses *ses,
493                                    const struct nls_table *nls_cp)
494 {
495         char *bcc_ptr = *pbcc_area;
496         int bytes_ret = 0;
497
498         /* BB FIXME add check that strings total less
499         than 335 or will need to send them as arrays */
500
501         /* unicode strings, must be word aligned before the call */
502 /*      if ((long) bcc_ptr % 2) {
503                 *bcc_ptr = 0;
504                 bcc_ptr++;
505         } */
506         /* copy user */
507         if (ses->user_name == NULL) {
508                 /* null user mount */
509                 *bcc_ptr = 0;
510                 *(bcc_ptr+1) = 0;
511         } else {
512                 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, ses->user_name,
513                                             CIFS_MAX_USERNAME_LEN, nls_cp);
514         }
515         bcc_ptr += 2 * bytes_ret;
516         bcc_ptr += 2; /* account for null termination */
517
518         unicode_domain_string(&bcc_ptr, ses, nls_cp);
519         unicode_oslm_strings(&bcc_ptr, nls_cp);
520
521         *pbcc_area = bcc_ptr;
522 }
523
524 static void ascii_ssetup_strings(char **pbcc_area, struct cifs_ses *ses,
525                                  const struct nls_table *nls_cp)
526 {
527         char *bcc_ptr = *pbcc_area;
528         int len;
529
530         /* copy user */
531         /* BB what about null user mounts - check that we do this BB */
532         /* copy user */
533         if (ses->user_name != NULL) {
534                 len = strscpy(bcc_ptr, ses->user_name, CIFS_MAX_USERNAME_LEN);
535                 if (WARN_ON_ONCE(len < 0))
536                         len = CIFS_MAX_USERNAME_LEN - 1;
537                 bcc_ptr += len;
538         }
539         /* else null user mount */
540         *bcc_ptr = 0;
541         bcc_ptr++; /* account for null termination */
542
543         /* copy domain */
544         if (ses->domainName != NULL) {
545                 len = strscpy(bcc_ptr, ses->domainName, CIFS_MAX_DOMAINNAME_LEN);
546                 if (WARN_ON_ONCE(len < 0))
547                         len = CIFS_MAX_DOMAINNAME_LEN - 1;
548                 bcc_ptr += len;
549         } /* else we will send a null domain name
550              so the server will default to its own domain */
551         *bcc_ptr = 0;
552         bcc_ptr++;
553
554         /* BB check for overflow here */
555
556         strcpy(bcc_ptr, "Linux version ");
557         bcc_ptr += strlen("Linux version ");
558         strcpy(bcc_ptr, init_utsname()->release);
559         bcc_ptr += strlen(init_utsname()->release) + 1;
560
561         strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
562         bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
563
564         *pbcc_area = bcc_ptr;
565 }
566
567 static void
568 decode_unicode_ssetup(char **pbcc_area, int bleft, struct cifs_ses *ses,
569                       const struct nls_table *nls_cp)
570 {
571         int len;
572         char *data = *pbcc_area;
573
574         cifs_dbg(FYI, "bleft %d\n", bleft);
575
576         kfree(ses->serverOS);
577         ses->serverOS = cifs_strndup_from_utf16(data, bleft, true, nls_cp);
578         cifs_dbg(FYI, "serverOS=%s\n", ses->serverOS);
579         len = (UniStrnlen((wchar_t *) data, bleft / 2) * 2) + 2;
580         data += len;
581         bleft -= len;
582         if (bleft <= 0)
583                 return;
584
585         kfree(ses->serverNOS);
586         ses->serverNOS = cifs_strndup_from_utf16(data, bleft, true, nls_cp);
587         cifs_dbg(FYI, "serverNOS=%s\n", ses->serverNOS);
588         len = (UniStrnlen((wchar_t *) data, bleft / 2) * 2) + 2;
589         data += len;
590         bleft -= len;
591         if (bleft <= 0)
592                 return;
593
594         kfree(ses->serverDomain);
595         ses->serverDomain = cifs_strndup_from_utf16(data, bleft, true, nls_cp);
596         cifs_dbg(FYI, "serverDomain=%s\n", ses->serverDomain);
597
598         return;
599 }
600
601 static void decode_ascii_ssetup(char **pbcc_area, __u16 bleft,
602                                 struct cifs_ses *ses,
603                                 const struct nls_table *nls_cp)
604 {
605         int len;
606         char *bcc_ptr = *pbcc_area;
607
608         cifs_dbg(FYI, "decode sessetup ascii. bleft %d\n", bleft);
609
610         len = strnlen(bcc_ptr, bleft);
611         if (len >= bleft)
612                 return;
613
614         kfree(ses->serverOS);
615
616         ses->serverOS = kmalloc(len + 1, GFP_KERNEL);
617         if (ses->serverOS) {
618                 memcpy(ses->serverOS, bcc_ptr, len);
619                 ses->serverOS[len] = 0;
620                 if (strncmp(ses->serverOS, "OS/2", 4) == 0)
621                         cifs_dbg(FYI, "OS/2 server\n");
622         }
623
624         bcc_ptr += len + 1;
625         bleft -= len + 1;
626
627         len = strnlen(bcc_ptr, bleft);
628         if (len >= bleft)
629                 return;
630
631         kfree(ses->serverNOS);
632
633         ses->serverNOS = kmalloc(len + 1, GFP_KERNEL);
634         if (ses->serverNOS) {
635                 memcpy(ses->serverNOS, bcc_ptr, len);
636                 ses->serverNOS[len] = 0;
637         }
638
639         bcc_ptr += len + 1;
640         bleft -= len + 1;
641
642         len = strnlen(bcc_ptr, bleft);
643         if (len > bleft)
644                 return;
645
646         /* No domain field in LANMAN case. Domain is
647            returned by old servers in the SMB negprot response */
648         /* BB For newer servers which do not support Unicode,
649            but thus do return domain here we could add parsing
650            for it later, but it is not very important */
651         cifs_dbg(FYI, "ascii: bytes left %d\n", bleft);
652 }
653
654 int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len,
655                                     struct cifs_ses *ses)
656 {
657         unsigned int tioffset; /* challenge message target info area */
658         unsigned int tilen; /* challenge message target info area length  */
659         CHALLENGE_MESSAGE *pblob = (CHALLENGE_MESSAGE *)bcc_ptr;
660         __u32 server_flags;
661
662         if (blob_len < sizeof(CHALLENGE_MESSAGE)) {
663                 cifs_dbg(VFS, "challenge blob len %d too small\n", blob_len);
664                 return -EINVAL;
665         }
666
667         if (memcmp(pblob->Signature, "NTLMSSP", 8)) {
668                 cifs_dbg(VFS, "blob signature incorrect %s\n",
669                          pblob->Signature);
670                 return -EINVAL;
671         }
672         if (pblob->MessageType != NtLmChallenge) {
673                 cifs_dbg(VFS, "Incorrect message type %d\n",
674                          pblob->MessageType);
675                 return -EINVAL;
676         }
677
678         server_flags = le32_to_cpu(pblob->NegotiateFlags);
679         cifs_dbg(FYI, "%s: negotiate=0x%08x challenge=0x%08x\n", __func__,
680                  ses->ntlmssp->client_flags, server_flags);
681
682         if ((ses->ntlmssp->client_flags & (NTLMSSP_NEGOTIATE_SEAL | NTLMSSP_NEGOTIATE_SIGN)) &&
683             (!(server_flags & NTLMSSP_NEGOTIATE_56) && !(server_flags & NTLMSSP_NEGOTIATE_128))) {
684                 cifs_dbg(VFS, "%s: requested signing/encryption but server did not return either 56-bit or 128-bit session key size\n",
685                          __func__);
686                 return -EINVAL;
687         }
688         if (!(server_flags & NTLMSSP_NEGOTIATE_NTLM) && !(server_flags & NTLMSSP_NEGOTIATE_EXTENDED_SEC)) {
689                 cifs_dbg(VFS, "%s: server does not seem to support either NTLMv1 or NTLMv2\n", __func__);
690                 return -EINVAL;
691         }
692         if (ses->server->sign && !(server_flags & NTLMSSP_NEGOTIATE_SIGN)) {
693                 cifs_dbg(VFS, "%s: forced packet signing but server does not seem to support it\n",
694                          __func__);
695                 return -EOPNOTSUPP;
696         }
697         if ((ses->ntlmssp->client_flags & NTLMSSP_NEGOTIATE_KEY_XCH) &&
698             !(server_flags & NTLMSSP_NEGOTIATE_KEY_XCH))
699                 pr_warn_once("%s: authentication has been weakened as server does not support key exchange\n",
700                              __func__);
701
702         ses->ntlmssp->server_flags = server_flags;
703
704         memcpy(ses->ntlmssp->cryptkey, pblob->Challenge, CIFS_CRYPTO_KEY_SIZE);
705         /* In particular we can examine sign flags */
706         /* BB spec says that if AvId field of MsvAvTimestamp is populated then
707                 we must set the MIC field of the AUTHENTICATE_MESSAGE */
708
709         tioffset = le32_to_cpu(pblob->TargetInfoArray.BufferOffset);
710         tilen = le16_to_cpu(pblob->TargetInfoArray.Length);
711         if (tioffset > blob_len || tioffset + tilen > blob_len) {
712                 cifs_dbg(VFS, "tioffset + tilen too high %u + %u\n",
713                          tioffset, tilen);
714                 return -EINVAL;
715         }
716         if (tilen) {
717                 ses->auth_key.response = kmemdup(bcc_ptr + tioffset, tilen,
718                                                  GFP_KERNEL);
719                 if (!ses->auth_key.response) {
720                         cifs_dbg(VFS, "Challenge target info alloc failure\n");
721                         return -ENOMEM;
722                 }
723                 ses->auth_key.len = tilen;
724         }
725
726         return 0;
727 }
728
729 static int size_of_ntlmssp_blob(struct cifs_ses *ses, int base_size)
730 {
731         int sz = base_size + ses->auth_key.len
732                 - CIFS_SESS_KEY_SIZE + CIFS_CPHTXT_SIZE + 2;
733
734         if (ses->domainName)
735                 sz += sizeof(__le16) * strnlen(ses->domainName, CIFS_MAX_DOMAINNAME_LEN);
736         else
737                 sz += sizeof(__le16);
738
739         if (ses->user_name)
740                 sz += sizeof(__le16) * strnlen(ses->user_name, CIFS_MAX_USERNAME_LEN);
741         else
742                 sz += sizeof(__le16);
743
744         if (ses->workstation_name[0])
745                 sz += sizeof(__le16) * strnlen(ses->workstation_name,
746                                                ntlmssp_workstation_name_size(ses));
747         else
748                 sz += sizeof(__le16);
749
750         return sz;
751 }
752
753 static inline void cifs_security_buffer_from_str(SECURITY_BUFFER *pbuf,
754                                                  char *str_value,
755                                                  int str_length,
756                                                  unsigned char *pstart,
757                                                  unsigned char **pcur,
758                                                  const struct nls_table *nls_cp)
759 {
760         unsigned char *tmp = pstart;
761         int len;
762
763         if (!pbuf)
764                 return;
765
766         if (!pcur)
767                 pcur = &tmp;
768
769         if (!str_value) {
770                 pbuf->BufferOffset = cpu_to_le32(*pcur - pstart);
771                 pbuf->Length = 0;
772                 pbuf->MaximumLength = 0;
773                 *pcur += sizeof(__le16);
774         } else {
775                 len = cifs_strtoUTF16((__le16 *)*pcur,
776                                       str_value,
777                                       str_length,
778                                       nls_cp);
779                 len *= sizeof(__le16);
780                 pbuf->BufferOffset = cpu_to_le32(*pcur - pstart);
781                 pbuf->Length = cpu_to_le16(len);
782                 pbuf->MaximumLength = cpu_to_le16(len);
783                 *pcur += len;
784         }
785 }
786
787 /* BB Move to ntlmssp.c eventually */
788
789 int build_ntlmssp_negotiate_blob(unsigned char **pbuffer,
790                                  u16 *buflen,
791                                  struct cifs_ses *ses,
792                                  struct TCP_Server_Info *server,
793                                  const struct nls_table *nls_cp)
794 {
795         int rc = 0;
796         NEGOTIATE_MESSAGE *sec_blob;
797         __u32 flags;
798         unsigned char *tmp;
799         int len;
800
801         len = size_of_ntlmssp_blob(ses, sizeof(NEGOTIATE_MESSAGE));
802         *pbuffer = kmalloc(len, GFP_KERNEL);
803         if (!*pbuffer) {
804                 rc = -ENOMEM;
805                 cifs_dbg(VFS, "Error %d during NTLMSSP allocation\n", rc);
806                 *buflen = 0;
807                 goto setup_ntlm_neg_ret;
808         }
809         sec_blob = (NEGOTIATE_MESSAGE *)*pbuffer;
810
811         memset(*pbuffer, 0, sizeof(NEGOTIATE_MESSAGE));
812         memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8);
813         sec_blob->MessageType = NtLmNegotiate;
814
815         /* BB is NTLMV2 session security format easier to use here? */
816         flags = NTLMSSP_NEGOTIATE_56 |  NTLMSSP_REQUEST_TARGET |
817                 NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
818                 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC |
819                 NTLMSSP_NEGOTIATE_ALWAYS_SIGN | NTLMSSP_NEGOTIATE_SEAL |
820                 NTLMSSP_NEGOTIATE_SIGN;
821         if (!server->session_estab || ses->ntlmssp->sesskey_per_smbsess)
822                 flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
823
824         tmp = *pbuffer + sizeof(NEGOTIATE_MESSAGE);
825         ses->ntlmssp->client_flags = flags;
826         sec_blob->NegotiateFlags = cpu_to_le32(flags);
827
828         /* these fields should be null in negotiate phase MS-NLMP 3.1.5.1.1 */
829         cifs_security_buffer_from_str(&sec_blob->DomainName,
830                                       NULL,
831                                       CIFS_MAX_DOMAINNAME_LEN,
832                                       *pbuffer, &tmp,
833                                       nls_cp);
834
835         cifs_security_buffer_from_str(&sec_blob->WorkstationName,
836                                       NULL,
837                                       CIFS_MAX_WORKSTATION_LEN,
838                                       *pbuffer, &tmp,
839                                       nls_cp);
840
841         *buflen = tmp - *pbuffer;
842 setup_ntlm_neg_ret:
843         return rc;
844 }
845
846 /*
847  * Build ntlmssp blob with additional fields, such as version,
848  * supported by modern servers. For safety limit to SMB3 or later
849  * See notes in MS-NLMP Section 2.2.2.1 e.g.
850  */
851 int build_ntlmssp_smb3_negotiate_blob(unsigned char **pbuffer,
852                                  u16 *buflen,
853                                  struct cifs_ses *ses,
854                                  struct TCP_Server_Info *server,
855                                  const struct nls_table *nls_cp)
856 {
857         int rc = 0;
858         struct negotiate_message *sec_blob;
859         __u32 flags;
860         unsigned char *tmp;
861         int len;
862
863         len = size_of_ntlmssp_blob(ses, sizeof(struct negotiate_message));
864         *pbuffer = kmalloc(len, GFP_KERNEL);
865         if (!*pbuffer) {
866                 rc = -ENOMEM;
867                 cifs_dbg(VFS, "Error %d during NTLMSSP allocation\n", rc);
868                 *buflen = 0;
869                 goto setup_ntlm_smb3_neg_ret;
870         }
871         sec_blob = (struct negotiate_message *)*pbuffer;
872
873         memset(*pbuffer, 0, sizeof(struct negotiate_message));
874         memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8);
875         sec_blob->MessageType = NtLmNegotiate;
876
877         /* BB is NTLMV2 session security format easier to use here? */
878         flags = NTLMSSP_NEGOTIATE_56 |  NTLMSSP_REQUEST_TARGET |
879                 NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
880                 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC |
881                 NTLMSSP_NEGOTIATE_ALWAYS_SIGN | NTLMSSP_NEGOTIATE_SEAL |
882                 NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_VERSION;
883         if (!server->session_estab || ses->ntlmssp->sesskey_per_smbsess)
884                 flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
885
886         sec_blob->Version.ProductMajorVersion = LINUX_VERSION_MAJOR;
887         sec_blob->Version.ProductMinorVersion = LINUX_VERSION_PATCHLEVEL;
888         sec_blob->Version.ProductBuild = cpu_to_le16(SMB3_PRODUCT_BUILD);
889         sec_blob->Version.NTLMRevisionCurrent = NTLMSSP_REVISION_W2K3;
890
891         tmp = *pbuffer + sizeof(struct negotiate_message);
892         ses->ntlmssp->client_flags = flags;
893         sec_blob->NegotiateFlags = cpu_to_le32(flags);
894
895         /* these fields should be null in negotiate phase MS-NLMP 3.1.5.1.1 */
896         cifs_security_buffer_from_str(&sec_blob->DomainName,
897                                       NULL,
898                                       CIFS_MAX_DOMAINNAME_LEN,
899                                       *pbuffer, &tmp,
900                                       nls_cp);
901
902         cifs_security_buffer_from_str(&sec_blob->WorkstationName,
903                                       NULL,
904                                       CIFS_MAX_WORKSTATION_LEN,
905                                       *pbuffer, &tmp,
906                                       nls_cp);
907
908         *buflen = tmp - *pbuffer;
909 setup_ntlm_smb3_neg_ret:
910         return rc;
911 }
912
913
914 int build_ntlmssp_auth_blob(unsigned char **pbuffer,
915                                         u16 *buflen,
916                                    struct cifs_ses *ses,
917                                    struct TCP_Server_Info *server,
918                                    const struct nls_table *nls_cp)
919 {
920         int rc;
921         AUTHENTICATE_MESSAGE *sec_blob;
922         __u32 flags;
923         unsigned char *tmp;
924         int len;
925
926         rc = setup_ntlmv2_rsp(ses, nls_cp);
927         if (rc) {
928                 cifs_dbg(VFS, "Error %d during NTLMSSP authentication\n", rc);
929                 *buflen = 0;
930                 goto setup_ntlmv2_ret;
931         }
932
933         len = size_of_ntlmssp_blob(ses, sizeof(AUTHENTICATE_MESSAGE));
934         *pbuffer = kmalloc(len, GFP_KERNEL);
935         if (!*pbuffer) {
936                 rc = -ENOMEM;
937                 cifs_dbg(VFS, "Error %d during NTLMSSP allocation\n", rc);
938                 *buflen = 0;
939                 goto setup_ntlmv2_ret;
940         }
941         sec_blob = (AUTHENTICATE_MESSAGE *)*pbuffer;
942
943         memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8);
944         sec_blob->MessageType = NtLmAuthenticate;
945
946         flags = ses->ntlmssp->server_flags | NTLMSSP_REQUEST_TARGET |
947                 NTLMSSP_NEGOTIATE_TARGET_INFO | NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED;
948
949         tmp = *pbuffer + sizeof(AUTHENTICATE_MESSAGE);
950         sec_blob->NegotiateFlags = cpu_to_le32(flags);
951
952         sec_blob->LmChallengeResponse.BufferOffset =
953                                 cpu_to_le32(sizeof(AUTHENTICATE_MESSAGE));
954         sec_blob->LmChallengeResponse.Length = 0;
955         sec_blob->LmChallengeResponse.MaximumLength = 0;
956
957         sec_blob->NtChallengeResponse.BufferOffset =
958                                 cpu_to_le32(tmp - *pbuffer);
959         if (ses->user_name != NULL) {
960                 memcpy(tmp, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
961                                 ses->auth_key.len - CIFS_SESS_KEY_SIZE);
962                 tmp += ses->auth_key.len - CIFS_SESS_KEY_SIZE;
963
964                 sec_blob->NtChallengeResponse.Length =
965                                 cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
966                 sec_blob->NtChallengeResponse.MaximumLength =
967                                 cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
968         } else {
969                 /*
970                  * don't send an NT Response for anonymous access
971                  */
972                 sec_blob->NtChallengeResponse.Length = 0;
973                 sec_blob->NtChallengeResponse.MaximumLength = 0;
974         }
975
976         cifs_security_buffer_from_str(&sec_blob->DomainName,
977                                       ses->domainName,
978                                       CIFS_MAX_DOMAINNAME_LEN,
979                                       *pbuffer, &tmp,
980                                       nls_cp);
981
982         cifs_security_buffer_from_str(&sec_blob->UserName,
983                                       ses->user_name,
984                                       CIFS_MAX_USERNAME_LEN,
985                                       *pbuffer, &tmp,
986                                       nls_cp);
987
988         cifs_security_buffer_from_str(&sec_blob->WorkstationName,
989                                       ses->workstation_name,
990                                       ntlmssp_workstation_name_size(ses),
991                                       *pbuffer, &tmp,
992                                       nls_cp);
993
994         if ((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) &&
995             (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess) &&
996             !calc_seckey(ses)) {
997                 memcpy(tmp, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE);
998                 sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - *pbuffer);
999                 sec_blob->SessionKey.Length = cpu_to_le16(CIFS_CPHTXT_SIZE);
1000                 sec_blob->SessionKey.MaximumLength =
1001                                 cpu_to_le16(CIFS_CPHTXT_SIZE);
1002                 tmp += CIFS_CPHTXT_SIZE;
1003         } else {
1004                 sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - *pbuffer);
1005                 sec_blob->SessionKey.Length = 0;
1006                 sec_blob->SessionKey.MaximumLength = 0;
1007         }
1008
1009         *buflen = tmp - *pbuffer;
1010 setup_ntlmv2_ret:
1011         return rc;
1012 }
1013
1014 enum securityEnum
1015 cifs_select_sectype(struct TCP_Server_Info *server, enum securityEnum requested)
1016 {
1017         switch (server->negflavor) {
1018         case CIFS_NEGFLAVOR_EXTENDED:
1019                 switch (requested) {
1020                 case Kerberos:
1021                 case RawNTLMSSP:
1022                         return requested;
1023                 case Unspecified:
1024                         if (server->sec_ntlmssp &&
1025                             (global_secflags & CIFSSEC_MAY_NTLMSSP))
1026                                 return RawNTLMSSP;
1027                         if ((server->sec_kerberos || server->sec_mskerberos) &&
1028                             (global_secflags & CIFSSEC_MAY_KRB5))
1029                                 return Kerberos;
1030                         fallthrough;
1031                 default:
1032                         return Unspecified;
1033                 }
1034         case CIFS_NEGFLAVOR_UNENCAP:
1035                 switch (requested) {
1036                 case NTLMv2:
1037                         return requested;
1038                 case Unspecified:
1039                         if (global_secflags & CIFSSEC_MAY_NTLMV2)
1040                                 return NTLMv2;
1041                         break;
1042                 default:
1043                         break;
1044                 }
1045                 fallthrough;
1046         default:
1047                 return Unspecified;
1048         }
1049 }
1050
1051 struct sess_data {
1052         unsigned int xid;
1053         struct cifs_ses *ses;
1054         struct TCP_Server_Info *server;
1055         struct nls_table *nls_cp;
1056         void (*func)(struct sess_data *);
1057         int result;
1058
1059         /* we will send the SMB in three pieces:
1060          * a fixed length beginning part, an optional
1061          * SPNEGO blob (which can be zero length), and a
1062          * last part which will include the strings
1063          * and rest of bcc area. This allows us to avoid
1064          * a large buffer 17K allocation
1065          */
1066         int buf0_type;
1067         struct kvec iov[3];
1068 };
1069
1070 static int
1071 sess_alloc_buffer(struct sess_data *sess_data, int wct)
1072 {
1073         int rc;
1074         struct cifs_ses *ses = sess_data->ses;
1075         struct smb_hdr *smb_buf;
1076
1077         rc = small_smb_init_no_tc(SMB_COM_SESSION_SETUP_ANDX, wct, ses,
1078                                   (void **)&smb_buf);
1079
1080         if (rc)
1081                 return rc;
1082
1083         sess_data->iov[0].iov_base = (char *)smb_buf;
1084         sess_data->iov[0].iov_len = be32_to_cpu(smb_buf->smb_buf_length) + 4;
1085         /*
1086          * This variable will be used to clear the buffer
1087          * allocated above in case of any error in the calling function.
1088          */
1089         sess_data->buf0_type = CIFS_SMALL_BUFFER;
1090
1091         /* 2000 big enough to fit max user, domain, NOS name etc. */
1092         sess_data->iov[2].iov_base = kmalloc(2000, GFP_KERNEL);
1093         if (!sess_data->iov[2].iov_base) {
1094                 rc = -ENOMEM;
1095                 goto out_free_smb_buf;
1096         }
1097
1098         return 0;
1099
1100 out_free_smb_buf:
1101         cifs_small_buf_release(smb_buf);
1102         sess_data->iov[0].iov_base = NULL;
1103         sess_data->iov[0].iov_len = 0;
1104         sess_data->buf0_type = CIFS_NO_BUFFER;
1105         return rc;
1106 }
1107
1108 static void
1109 sess_free_buffer(struct sess_data *sess_data)
1110 {
1111
1112         free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
1113         sess_data->buf0_type = CIFS_NO_BUFFER;
1114         kfree(sess_data->iov[2].iov_base);
1115 }
1116
1117 static int
1118 sess_establish_session(struct sess_data *sess_data)
1119 {
1120         struct cifs_ses *ses = sess_data->ses;
1121         struct TCP_Server_Info *server = sess_data->server;
1122
1123         cifs_server_lock(server);
1124         if (!server->session_estab) {
1125                 if (server->sign) {
1126                         server->session_key.response =
1127                                 kmemdup(ses->auth_key.response,
1128                                 ses->auth_key.len, GFP_KERNEL);
1129                         if (!server->session_key.response) {
1130                                 cifs_server_unlock(server);
1131                                 return -ENOMEM;
1132                         }
1133                         server->session_key.len =
1134                                                 ses->auth_key.len;
1135                 }
1136                 server->sequence_number = 0x2;
1137                 server->session_estab = true;
1138         }
1139         cifs_server_unlock(server);
1140
1141         cifs_dbg(FYI, "CIFS session established successfully\n");
1142         return 0;
1143 }
1144
1145 static int
1146 sess_sendreceive(struct sess_data *sess_data)
1147 {
1148         int rc;
1149         struct smb_hdr *smb_buf = (struct smb_hdr *) sess_data->iov[0].iov_base;
1150         __u16 count;
1151         struct kvec rsp_iov = { NULL, 0 };
1152
1153         count = sess_data->iov[1].iov_len + sess_data->iov[2].iov_len;
1154         be32_add_cpu(&smb_buf->smb_buf_length, count);
1155         put_bcc(count, smb_buf);
1156
1157         rc = SendReceive2(sess_data->xid, sess_data->ses,
1158                           sess_data->iov, 3 /* num_iovecs */,
1159                           &sess_data->buf0_type,
1160                           CIFS_LOG_ERROR, &rsp_iov);
1161         cifs_small_buf_release(sess_data->iov[0].iov_base);
1162         memcpy(&sess_data->iov[0], &rsp_iov, sizeof(struct kvec));
1163
1164         return rc;
1165 }
1166
1167 static void
1168 sess_auth_ntlmv2(struct sess_data *sess_data)
1169 {
1170         int rc = 0;
1171         struct smb_hdr *smb_buf;
1172         SESSION_SETUP_ANDX *pSMB;
1173         char *bcc_ptr;
1174         struct cifs_ses *ses = sess_data->ses;
1175         struct TCP_Server_Info *server = sess_data->server;
1176         __u32 capabilities;
1177         __u16 bytes_remaining;
1178
1179         /* old style NTLM sessionsetup */
1180         /* wct = 13 */
1181         rc = sess_alloc_buffer(sess_data, 13);
1182         if (rc)
1183                 goto out;
1184
1185         pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1186         bcc_ptr = sess_data->iov[2].iov_base;
1187         capabilities = cifs_ssetup_hdr(ses, server, pSMB);
1188
1189         pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
1190
1191         /* LM2 password would be here if we supported it */
1192         pSMB->req_no_secext.CaseInsensitivePasswordLength = 0;
1193
1194         if (ses->user_name != NULL) {
1195                 /* calculate nlmv2 response and session key */
1196                 rc = setup_ntlmv2_rsp(ses, sess_data->nls_cp);
1197                 if (rc) {
1198                         cifs_dbg(VFS, "Error %d during NTLMv2 authentication\n", rc);
1199                         goto out;
1200                 }
1201
1202                 memcpy(bcc_ptr, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
1203                                 ses->auth_key.len - CIFS_SESS_KEY_SIZE);
1204                 bcc_ptr += ses->auth_key.len - CIFS_SESS_KEY_SIZE;
1205
1206                 /* set case sensitive password length after tilen may get
1207                  * assigned, tilen is 0 otherwise.
1208                  */
1209                 pSMB->req_no_secext.CaseSensitivePasswordLength =
1210                         cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
1211         } else {
1212                 pSMB->req_no_secext.CaseSensitivePasswordLength = 0;
1213         }
1214
1215         if (ses->capabilities & CAP_UNICODE) {
1216                 if (sess_data->iov[0].iov_len % 2) {
1217                         *bcc_ptr = 0;
1218                         bcc_ptr++;
1219                 }
1220                 unicode_ssetup_strings(&bcc_ptr, ses, sess_data->nls_cp);
1221         } else {
1222                 ascii_ssetup_strings(&bcc_ptr, ses, sess_data->nls_cp);
1223         }
1224
1225
1226         sess_data->iov[2].iov_len = (long) bcc_ptr -
1227                         (long) sess_data->iov[2].iov_base;
1228
1229         rc = sess_sendreceive(sess_data);
1230         if (rc)
1231                 goto out;
1232
1233         pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1234         smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base;
1235
1236         if (smb_buf->WordCount != 3) {
1237                 rc = -EIO;
1238                 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount);
1239                 goto out;
1240         }
1241
1242         if (le16_to_cpu(pSMB->resp.Action) & GUEST_LOGIN)
1243                 cifs_dbg(FYI, "Guest login\n"); /* BB mark SesInfo struct? */
1244
1245         ses->Suid = smb_buf->Uid;   /* UID left in wire format (le) */
1246         cifs_dbg(FYI, "UID = %llu\n", ses->Suid);
1247
1248         bytes_remaining = get_bcc(smb_buf);
1249         bcc_ptr = pByteArea(smb_buf);
1250
1251         /* BB check if Unicode and decode strings */
1252         if (bytes_remaining == 0) {
1253                 /* no string area to decode, do nothing */
1254         } else if (smb_buf->Flags2 & SMBFLG2_UNICODE) {
1255                 /* unicode string area must be word-aligned */
1256                 if (((unsigned long) bcc_ptr - (unsigned long) smb_buf) % 2) {
1257                         ++bcc_ptr;
1258                         --bytes_remaining;
1259                 }
1260                 decode_unicode_ssetup(&bcc_ptr, bytes_remaining, ses,
1261                                       sess_data->nls_cp);
1262         } else {
1263                 decode_ascii_ssetup(&bcc_ptr, bytes_remaining, ses,
1264                                     sess_data->nls_cp);
1265         }
1266
1267         rc = sess_establish_session(sess_data);
1268 out:
1269         sess_data->result = rc;
1270         sess_data->func = NULL;
1271         sess_free_buffer(sess_data);
1272         kfree(ses->auth_key.response);
1273         ses->auth_key.response = NULL;
1274 }
1275
1276 #ifdef CONFIG_CIFS_UPCALL
1277 static void
1278 sess_auth_kerberos(struct sess_data *sess_data)
1279 {
1280         int rc = 0;
1281         struct smb_hdr *smb_buf;
1282         SESSION_SETUP_ANDX *pSMB;
1283         char *bcc_ptr;
1284         struct cifs_ses *ses = sess_data->ses;
1285         struct TCP_Server_Info *server = sess_data->server;
1286         __u32 capabilities;
1287         __u16 bytes_remaining;
1288         struct key *spnego_key = NULL;
1289         struct cifs_spnego_msg *msg;
1290         u16 blob_len;
1291
1292         /* extended security */
1293         /* wct = 12 */
1294         rc = sess_alloc_buffer(sess_data, 12);
1295         if (rc)
1296                 goto out;
1297
1298         pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1299         bcc_ptr = sess_data->iov[2].iov_base;
1300         capabilities = cifs_ssetup_hdr(ses, server, pSMB);
1301
1302         spnego_key = cifs_get_spnego_key(ses, server);
1303         if (IS_ERR(spnego_key)) {
1304                 rc = PTR_ERR(spnego_key);
1305                 spnego_key = NULL;
1306                 goto out;
1307         }
1308
1309         msg = spnego_key->payload.data[0];
1310         /*
1311          * check version field to make sure that cifs.upcall is
1312          * sending us a response in an expected form
1313          */
1314         if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) {
1315                 cifs_dbg(VFS, "incorrect version of cifs.upcall (expected %d but got %d)\n",
1316                          CIFS_SPNEGO_UPCALL_VERSION, msg->version);
1317                 rc = -EKEYREJECTED;
1318                 goto out_put_spnego_key;
1319         }
1320
1321         ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len,
1322                                          GFP_KERNEL);
1323         if (!ses->auth_key.response) {
1324                 cifs_dbg(VFS, "Kerberos can't allocate (%u bytes) memory\n",
1325                          msg->sesskey_len);
1326                 rc = -ENOMEM;
1327                 goto out_put_spnego_key;
1328         }
1329         ses->auth_key.len = msg->sesskey_len;
1330
1331         pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
1332         capabilities |= CAP_EXTENDED_SECURITY;
1333         pSMB->req.Capabilities = cpu_to_le32(capabilities);
1334         sess_data->iov[1].iov_base = msg->data + msg->sesskey_len;
1335         sess_data->iov[1].iov_len = msg->secblob_len;
1336         pSMB->req.SecurityBlobLength = cpu_to_le16(sess_data->iov[1].iov_len);
1337
1338         if (ses->capabilities & CAP_UNICODE) {
1339                 /* unicode strings must be word aligned */
1340                 if ((sess_data->iov[0].iov_len
1341                         + sess_data->iov[1].iov_len) % 2) {
1342                         *bcc_ptr = 0;
1343                         bcc_ptr++;
1344                 }
1345                 unicode_oslm_strings(&bcc_ptr, sess_data->nls_cp);
1346                 unicode_domain_string(&bcc_ptr, ses, sess_data->nls_cp);
1347         } else {
1348                 /* BB: is this right? */
1349                 ascii_ssetup_strings(&bcc_ptr, ses, sess_data->nls_cp);
1350         }
1351
1352         sess_data->iov[2].iov_len = (long) bcc_ptr -
1353                         (long) sess_data->iov[2].iov_base;
1354
1355         rc = sess_sendreceive(sess_data);
1356         if (rc)
1357                 goto out_put_spnego_key;
1358
1359         pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1360         smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base;
1361
1362         if (smb_buf->WordCount != 4) {
1363                 rc = -EIO;
1364                 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount);
1365                 goto out_put_spnego_key;
1366         }
1367
1368         if (le16_to_cpu(pSMB->resp.Action) & GUEST_LOGIN)
1369                 cifs_dbg(FYI, "Guest login\n"); /* BB mark SesInfo struct? */
1370
1371         ses->Suid = smb_buf->Uid;   /* UID left in wire format (le) */
1372         cifs_dbg(FYI, "UID = %llu\n", ses->Suid);
1373
1374         bytes_remaining = get_bcc(smb_buf);
1375         bcc_ptr = pByteArea(smb_buf);
1376
1377         blob_len = le16_to_cpu(pSMB->resp.SecurityBlobLength);
1378         if (blob_len > bytes_remaining) {
1379                 cifs_dbg(VFS, "bad security blob length %d\n",
1380                                 blob_len);
1381                 rc = -EINVAL;
1382                 goto out_put_spnego_key;
1383         }
1384         bcc_ptr += blob_len;
1385         bytes_remaining -= blob_len;
1386
1387         /* BB check if Unicode and decode strings */
1388         if (bytes_remaining == 0) {
1389                 /* no string area to decode, do nothing */
1390         } else if (smb_buf->Flags2 & SMBFLG2_UNICODE) {
1391                 /* unicode string area must be word-aligned */
1392                 if (((unsigned long) bcc_ptr - (unsigned long) smb_buf) % 2) {
1393                         ++bcc_ptr;
1394                         --bytes_remaining;
1395                 }
1396                 decode_unicode_ssetup(&bcc_ptr, bytes_remaining, ses,
1397                                       sess_data->nls_cp);
1398         } else {
1399                 decode_ascii_ssetup(&bcc_ptr, bytes_remaining, ses,
1400                                     sess_data->nls_cp);
1401         }
1402
1403         rc = sess_establish_session(sess_data);
1404 out_put_spnego_key:
1405         key_invalidate(spnego_key);
1406         key_put(spnego_key);
1407 out:
1408         sess_data->result = rc;
1409         sess_data->func = NULL;
1410         sess_free_buffer(sess_data);
1411         kfree(ses->auth_key.response);
1412         ses->auth_key.response = NULL;
1413 }
1414
1415 #endif /* ! CONFIG_CIFS_UPCALL */
1416
1417 /*
1418  * The required kvec buffers have to be allocated before calling this
1419  * function.
1420  */
1421 static int
1422 _sess_auth_rawntlmssp_assemble_req(struct sess_data *sess_data)
1423 {
1424         SESSION_SETUP_ANDX *pSMB;
1425         struct cifs_ses *ses = sess_data->ses;
1426         struct TCP_Server_Info *server = sess_data->server;
1427         __u32 capabilities;
1428         char *bcc_ptr;
1429
1430         pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1431
1432         capabilities = cifs_ssetup_hdr(ses, server, pSMB);
1433         if ((pSMB->req.hdr.Flags2 & SMBFLG2_UNICODE) == 0) {
1434                 cifs_dbg(VFS, "NTLMSSP requires Unicode support\n");
1435                 return -ENOSYS;
1436         }
1437
1438         pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
1439         capabilities |= CAP_EXTENDED_SECURITY;
1440         pSMB->req.Capabilities |= cpu_to_le32(capabilities);
1441
1442         bcc_ptr = sess_data->iov[2].iov_base;
1443         /* unicode strings must be word aligned */
1444         if ((sess_data->iov[0].iov_len + sess_data->iov[1].iov_len) % 2) {
1445                 *bcc_ptr = 0;
1446                 bcc_ptr++;
1447         }
1448         unicode_oslm_strings(&bcc_ptr, sess_data->nls_cp);
1449
1450         sess_data->iov[2].iov_len = (long) bcc_ptr -
1451                                         (long) sess_data->iov[2].iov_base;
1452
1453         return 0;
1454 }
1455
1456 static void
1457 sess_auth_rawntlmssp_authenticate(struct sess_data *sess_data);
1458
1459 static void
1460 sess_auth_rawntlmssp_negotiate(struct sess_data *sess_data)
1461 {
1462         int rc;
1463         struct smb_hdr *smb_buf;
1464         SESSION_SETUP_ANDX *pSMB;
1465         struct cifs_ses *ses = sess_data->ses;
1466         struct TCP_Server_Info *server = sess_data->server;
1467         __u16 bytes_remaining;
1468         char *bcc_ptr;
1469         unsigned char *ntlmsspblob = NULL;
1470         u16 blob_len;
1471
1472         cifs_dbg(FYI, "rawntlmssp session setup negotiate phase\n");
1473
1474         /*
1475          * if memory allocation is successful, caller of this function
1476          * frees it.
1477          */
1478         ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL);
1479         if (!ses->ntlmssp) {
1480                 rc = -ENOMEM;
1481                 goto out;
1482         }
1483         ses->ntlmssp->sesskey_per_smbsess = false;
1484
1485         /* wct = 12 */
1486         rc = sess_alloc_buffer(sess_data, 12);
1487         if (rc)
1488                 goto out;
1489
1490         pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1491
1492         /* Build security blob before we assemble the request */
1493         rc = build_ntlmssp_negotiate_blob(&ntlmsspblob,
1494                                      &blob_len, ses, server,
1495                                      sess_data->nls_cp);
1496         if (rc)
1497                 goto out_free_ntlmsspblob;
1498
1499         sess_data->iov[1].iov_len = blob_len;
1500         sess_data->iov[1].iov_base = ntlmsspblob;
1501         pSMB->req.SecurityBlobLength = cpu_to_le16(blob_len);
1502
1503         rc = _sess_auth_rawntlmssp_assemble_req(sess_data);
1504         if (rc)
1505                 goto out_free_ntlmsspblob;
1506
1507         rc = sess_sendreceive(sess_data);
1508
1509         pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1510         smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base;
1511
1512         /* If true, rc here is expected and not an error */
1513         if (sess_data->buf0_type != CIFS_NO_BUFFER &&
1514             smb_buf->Status.CifsError ==
1515                         cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
1516                 rc = 0;
1517
1518         if (rc)
1519                 goto out_free_ntlmsspblob;
1520
1521         cifs_dbg(FYI, "rawntlmssp session setup challenge phase\n");
1522
1523         if (smb_buf->WordCount != 4) {
1524                 rc = -EIO;
1525                 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount);
1526                 goto out_free_ntlmsspblob;
1527         }
1528
1529         ses->Suid = smb_buf->Uid;   /* UID left in wire format (le) */
1530         cifs_dbg(FYI, "UID = %llu\n", ses->Suid);
1531
1532         bytes_remaining = get_bcc(smb_buf);
1533         bcc_ptr = pByteArea(smb_buf);
1534
1535         blob_len = le16_to_cpu(pSMB->resp.SecurityBlobLength);
1536         if (blob_len > bytes_remaining) {
1537                 cifs_dbg(VFS, "bad security blob length %d\n",
1538                                 blob_len);
1539                 rc = -EINVAL;
1540                 goto out_free_ntlmsspblob;
1541         }
1542
1543         rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
1544
1545 out_free_ntlmsspblob:
1546         kfree(ntlmsspblob);
1547 out:
1548         sess_free_buffer(sess_data);
1549
1550         if (!rc) {
1551                 sess_data->func = sess_auth_rawntlmssp_authenticate;
1552                 return;
1553         }
1554
1555         /* Else error. Cleanup */
1556         kfree(ses->auth_key.response);
1557         ses->auth_key.response = NULL;
1558         kfree(ses->ntlmssp);
1559         ses->ntlmssp = NULL;
1560
1561         sess_data->func = NULL;
1562         sess_data->result = rc;
1563 }
1564
1565 static void
1566 sess_auth_rawntlmssp_authenticate(struct sess_data *sess_data)
1567 {
1568         int rc;
1569         struct smb_hdr *smb_buf;
1570         SESSION_SETUP_ANDX *pSMB;
1571         struct cifs_ses *ses = sess_data->ses;
1572         struct TCP_Server_Info *server = sess_data->server;
1573         __u16 bytes_remaining;
1574         char *bcc_ptr;
1575         unsigned char *ntlmsspblob = NULL;
1576         u16 blob_len;
1577
1578         cifs_dbg(FYI, "rawntlmssp session setup authenticate phase\n");
1579
1580         /* wct = 12 */
1581         rc = sess_alloc_buffer(sess_data, 12);
1582         if (rc)
1583                 goto out;
1584
1585         /* Build security blob before we assemble the request */
1586         pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1587         smb_buf = (struct smb_hdr *)pSMB;
1588         rc = build_ntlmssp_auth_blob(&ntlmsspblob,
1589                                         &blob_len, ses, server,
1590                                         sess_data->nls_cp);
1591         if (rc)
1592                 goto out_free_ntlmsspblob;
1593         sess_data->iov[1].iov_len = blob_len;
1594         sess_data->iov[1].iov_base = ntlmsspblob;
1595         pSMB->req.SecurityBlobLength = cpu_to_le16(blob_len);
1596         /*
1597          * Make sure that we tell the server that we are using
1598          * the uid that it just gave us back on the response
1599          * (challenge)
1600          */
1601         smb_buf->Uid = ses->Suid;
1602
1603         rc = _sess_auth_rawntlmssp_assemble_req(sess_data);
1604         if (rc)
1605                 goto out_free_ntlmsspblob;
1606
1607         rc = sess_sendreceive(sess_data);
1608         if (rc)
1609                 goto out_free_ntlmsspblob;
1610
1611         pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1612         smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base;
1613         if (smb_buf->WordCount != 4) {
1614                 rc = -EIO;
1615                 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount);
1616                 goto out_free_ntlmsspblob;
1617         }
1618
1619         if (le16_to_cpu(pSMB->resp.Action) & GUEST_LOGIN)
1620                 cifs_dbg(FYI, "Guest login\n"); /* BB mark SesInfo struct? */
1621
1622         if (ses->Suid != smb_buf->Uid) {
1623                 ses->Suid = smb_buf->Uid;
1624                 cifs_dbg(FYI, "UID changed! new UID = %llu\n", ses->Suid);
1625         }
1626
1627         bytes_remaining = get_bcc(smb_buf);
1628         bcc_ptr = pByteArea(smb_buf);
1629         blob_len = le16_to_cpu(pSMB->resp.SecurityBlobLength);
1630         if (blob_len > bytes_remaining) {
1631                 cifs_dbg(VFS, "bad security blob length %d\n",
1632                                 blob_len);
1633                 rc = -EINVAL;
1634                 goto out_free_ntlmsspblob;
1635         }
1636         bcc_ptr += blob_len;
1637         bytes_remaining -= blob_len;
1638
1639
1640         /* BB check if Unicode and decode strings */
1641         if (bytes_remaining == 0) {
1642                 /* no string area to decode, do nothing */
1643         } else if (smb_buf->Flags2 & SMBFLG2_UNICODE) {
1644                 /* unicode string area must be word-aligned */
1645                 if (((unsigned long) bcc_ptr - (unsigned long) smb_buf) % 2) {
1646                         ++bcc_ptr;
1647                         --bytes_remaining;
1648                 }
1649                 decode_unicode_ssetup(&bcc_ptr, bytes_remaining, ses,
1650                                       sess_data->nls_cp);
1651         } else {
1652                 decode_ascii_ssetup(&bcc_ptr, bytes_remaining, ses,
1653                                     sess_data->nls_cp);
1654         }
1655
1656 out_free_ntlmsspblob:
1657         kfree(ntlmsspblob);
1658 out:
1659         sess_free_buffer(sess_data);
1660
1661         if (!rc)
1662                 rc = sess_establish_session(sess_data);
1663
1664         /* Cleanup */
1665         kfree(ses->auth_key.response);
1666         ses->auth_key.response = NULL;
1667         kfree(ses->ntlmssp);
1668         ses->ntlmssp = NULL;
1669
1670         sess_data->func = NULL;
1671         sess_data->result = rc;
1672 }
1673
1674 static int select_sec(struct sess_data *sess_data)
1675 {
1676         int type;
1677         struct cifs_ses *ses = sess_data->ses;
1678         struct TCP_Server_Info *server = sess_data->server;
1679
1680         type = cifs_select_sectype(server, ses->sectype);
1681         cifs_dbg(FYI, "sess setup type %d\n", type);
1682         if (type == Unspecified) {
1683                 cifs_dbg(VFS, "Unable to select appropriate authentication method!\n");
1684                 return -EINVAL;
1685         }
1686
1687         switch (type) {
1688         case NTLMv2:
1689                 sess_data->func = sess_auth_ntlmv2;
1690                 break;
1691         case Kerberos:
1692 #ifdef CONFIG_CIFS_UPCALL
1693                 sess_data->func = sess_auth_kerberos;
1694                 break;
1695 #else
1696                 cifs_dbg(VFS, "Kerberos negotiated but upcall support disabled!\n");
1697                 return -ENOSYS;
1698 #endif /* CONFIG_CIFS_UPCALL */
1699         case RawNTLMSSP:
1700                 sess_data->func = sess_auth_rawntlmssp_negotiate;
1701                 break;
1702         default:
1703                 cifs_dbg(VFS, "secType %d not supported!\n", type);
1704                 return -ENOSYS;
1705         }
1706
1707         return 0;
1708 }
1709
1710 int CIFS_SessSetup(const unsigned int xid, struct cifs_ses *ses,
1711                    struct TCP_Server_Info *server,
1712                    const struct nls_table *nls_cp)
1713 {
1714         int rc = 0;
1715         struct sess_data *sess_data;
1716
1717         if (ses == NULL) {
1718                 WARN(1, "%s: ses == NULL!", __func__);
1719                 return -EINVAL;
1720         }
1721
1722         sess_data = kzalloc(sizeof(struct sess_data), GFP_KERNEL);
1723         if (!sess_data)
1724                 return -ENOMEM;
1725
1726         sess_data->xid = xid;
1727         sess_data->ses = ses;
1728         sess_data->server = server;
1729         sess_data->buf0_type = CIFS_NO_BUFFER;
1730         sess_data->nls_cp = (struct nls_table *) nls_cp;
1731
1732         rc = select_sec(sess_data);
1733         if (rc)
1734                 goto out;
1735
1736         while (sess_data->func)
1737                 sess_data->func(sess_data);
1738
1739         /* Store result before we free sess_data */
1740         rc = sess_data->result;
1741
1742 out:
1743         kfree(sess_data);
1744         return rc;
1745 }
Empty description
This page took 0.12914 seconds and 4 git commands to generate.