4 * SMB/CIFS session setup handling routines
6 * Copyright (c) International Business Machines Corp., 2006, 2009
9 * This library is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Lesser General Public License as published
11 * by the Free Software Foundation; either version 2.1 of the License, or
12 * (at your option) any later version.
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
17 * the GNU Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public License
20 * along with this library; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26 #include "cifsproto.h"
27 #include "cifs_unicode.h"
28 #include "cifs_debug.h"
31 #include <linux/utsname.h>
32 #include <linux/slab.h>
33 #include "cifs_spnego.h"
34 #include "smb2proto.h"
37 is_server_using_iface(struct TCP_Server_Info *server,
38 struct cifs_server_iface *iface)
40 struct sockaddr_in *i4 = (struct sockaddr_in *)&iface->sockaddr;
41 struct sockaddr_in6 *i6 = (struct sockaddr_in6 *)&iface->sockaddr;
42 struct sockaddr_in *s4 = (struct sockaddr_in *)&server->dstaddr;
43 struct sockaddr_in6 *s6 = (struct sockaddr_in6 *)&server->dstaddr;
45 if (server->dstaddr.ss_family != iface->sockaddr.ss_family)
47 if (server->dstaddr.ss_family == AF_INET) {
48 if (s4->sin_addr.s_addr != i4->sin_addr.s_addr)
50 } else if (server->dstaddr.ss_family == AF_INET6) {
51 if (memcmp(&s6->sin6_addr, &i6->sin6_addr,
52 sizeof(i6->sin6_addr)) != 0)
55 /* unknown family.. */
61 bool is_ses_using_iface(struct cifs_ses *ses, struct cifs_server_iface *iface)
65 for (i = 0; i < ses->chan_count; i++) {
66 if (is_server_using_iface(ses->chans[i].server, iface))
72 /* returns number of channels added */
73 int cifs_try_adding_channels(struct cifs_ses *ses)
75 int old_chan_count = ses->chan_count;
76 int left = ses->chan_max - ses->chan_count;
83 "ses already at max_channels (%zu), nothing to open\n",
88 if (ses->server->dialect < SMB30_PROT_ID) {
89 cifs_dbg(VFS, "multichannel is not supported on this protocol version, use 3.0 or above\n");
94 * Keep connecting to same, fastest, iface for all channels as
95 * long as its RSS. Try next fastest one if not RSS or channel
99 struct cifs_server_iface *iface;
102 if (tries > 3*ses->chan_max) {
103 cifs_dbg(FYI, "too many attempt at opening channels (%d channels left to open)\n",
108 iface = &ses->iface_list[i];
109 if (is_ses_using_iface(ses, iface) && !iface->rss_capable) {
110 i = (i+1) % ses->iface_count;
114 rc = cifs_ses_add_channel(ses, iface);
116 cifs_dbg(FYI, "failed to open extra channel on iface#%d rc=%d\n",
118 i = (i+1) % ses->iface_count;
122 cifs_dbg(FYI, "successfully opened new channel on iface#%d\n",
127 return ses->chan_count - old_chan_count;
131 cifs_ses_add_channel(struct cifs_ses *ses, struct cifs_server_iface *iface)
133 struct cifs_chan *chan;
134 struct smb_vol vol = {NULL};
135 static const char unc_fmt[] = "\\%s\\foo";
136 char unc[sizeof(unc_fmt)+SERVER_NAME_LEN_WITH_NULL] = {0};
137 struct sockaddr_in *ipv4 = (struct sockaddr_in *)&iface->sockaddr;
138 struct sockaddr_in6 *ipv6 = (struct sockaddr_in6 *)&iface->sockaddr;
140 unsigned int xid = get_xid();
142 cifs_dbg(FYI, "adding channel to ses %p (speed:%zu bps rdma:%s ",
143 ses, iface->speed, iface->rdma_capable ? "yes" : "no");
144 if (iface->sockaddr.ss_family == AF_INET)
145 cifs_dbg(FYI, "ip:%pI4)\n", &ipv4->sin_addr);
147 cifs_dbg(FYI, "ip:%pI6)\n", &ipv6->sin6_addr);
150 * Setup a smb_vol with mostly the same info as the existing
151 * session and overwrite it with the requested iface data.
153 * We need to setup at least the fields used for negprot and
156 * We only need the volume here, so we can reuse memory from
157 * the session and server without caring about memory
161 /* Always make new connection for now (TODO?) */
162 vol.nosharesock = true;
165 vol.domainauto = ses->domainAuto;
166 vol.domainname = ses->domainName;
167 vol.username = ses->user_name;
168 vol.password = ses->password;
169 vol.sectype = ses->sectype;
170 vol.sign = ses->sign;
173 /* XXX: Use ses->server->hostname? */
174 sprintf(unc, unc_fmt, ses->serverName);
178 /* Re-use same version as master connection */
179 vol.vals = ses->server->vals;
180 vol.ops = ses->server->ops;
182 vol.noblocksnd = ses->server->noblocksnd;
183 vol.noautotune = ses->server->noautotune;
184 vol.sockopt_tcp_nodelay = ses->server->tcp_nodelay;
185 vol.echo_interval = ses->server->echo_interval / HZ;
188 * This will be used for encoding/decoding user/domain/pw
189 * during sess setup auth.
191 * XXX: We use the default for simplicity but the proper way
192 * would be to use the one that ses used, which is not
193 * stored. This might break when dealing with non-ascii
196 vol.local_nls = load_nls_default();
198 /* Use RDMA if possible */
199 vol.rdma = iface->rdma_capable;
200 memcpy(&vol.dstaddr, &iface->sockaddr, sizeof(struct sockaddr_storage));
202 /* reuse master con client guid */
203 memcpy(&vol.client_guid, ses->server->client_guid,
204 SMB2_CLIENT_GUID_SIZE);
205 vol.use_client_guid = true;
207 mutex_lock(&ses->session_mutex);
209 chan = &ses->chans[ses->chan_count];
210 chan->server = cifs_get_tcp_session(&vol);
211 if (IS_ERR(chan->server)) {
212 rc = PTR_ERR(chan->server);
218 * We need to allocate the server crypto now as we will need
219 * to sign packets before we generate the channel signing key
220 * (we sign with the session key)
222 rc = smb311_crypto_shash_allocate(chan->server);
224 cifs_dbg(VFS, "%s: crypto alloc failed\n", __func__);
229 rc = cifs_negotiate_protocol(xid, ses);
233 rc = cifs_setup_session(xid, ses, vol.local_nls);
237 /* success, put it on the list
238 * XXX: sharing ses between 2 tcp server is not possible, the
239 * way "internal" linked lists works in linux makes element
240 * only able to belong to one list
242 * the binding session is already established so the rest of
243 * the code should be able to look it up, no need to add the
244 * ses to the new server.
248 atomic_set(&ses->chan_seq, 0);
250 ses->binding = false;
251 mutex_unlock(&ses->session_mutex);
253 if (rc && chan->server)
254 cifs_put_tcp_session(chan->server, 0);
255 unload_nls(vol.local_nls);
260 static __u32 cifs_ssetup_hdr(struct cifs_ses *ses, SESSION_SETUP_ANDX *pSMB)
262 __u32 capabilities = 0;
264 /* init fields common to all four types of SessSetup */
265 /* Note that offsets for first seven fields in req struct are same */
266 /* in CIFS Specs so does not matter which of 3 forms of struct */
267 /* that we use in next few lines */
268 /* Note that header is initialized to zero in header_assemble */
269 pSMB->req.AndXCommand = 0xFF;
270 pSMB->req.MaxBufferSize = cpu_to_le16(min_t(u32,
271 CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4,
273 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
274 pSMB->req.VcNumber = cpu_to_le16(1);
276 /* Now no need to set SMBFLG_CASELESS or obsolete CANONICAL PATH */
278 /* BB verify whether signing required on neg or just on auth frame
281 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
282 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
284 if (ses->server->sign)
285 pSMB->req.hdr.Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
287 if (ses->capabilities & CAP_UNICODE) {
288 pSMB->req.hdr.Flags2 |= SMBFLG2_UNICODE;
289 capabilities |= CAP_UNICODE;
291 if (ses->capabilities & CAP_STATUS32) {
292 pSMB->req.hdr.Flags2 |= SMBFLG2_ERR_STATUS;
293 capabilities |= CAP_STATUS32;
295 if (ses->capabilities & CAP_DFS) {
296 pSMB->req.hdr.Flags2 |= SMBFLG2_DFS;
297 capabilities |= CAP_DFS;
299 if (ses->capabilities & CAP_UNIX)
300 capabilities |= CAP_UNIX;
306 unicode_oslm_strings(char **pbcc_area, const struct nls_table *nls_cp)
308 char *bcc_ptr = *pbcc_area;
311 /* Copy OS version */
312 bytes_ret = cifs_strtoUTF16((__le16 *)bcc_ptr, "Linux version ", 32,
314 bcc_ptr += 2 * bytes_ret;
315 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, init_utsname()->release,
317 bcc_ptr += 2 * bytes_ret;
318 bcc_ptr += 2; /* trailing null */
320 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
322 bcc_ptr += 2 * bytes_ret;
323 bcc_ptr += 2; /* trailing null */
325 *pbcc_area = bcc_ptr;
328 static void unicode_domain_string(char **pbcc_area, struct cifs_ses *ses,
329 const struct nls_table *nls_cp)
331 char *bcc_ptr = *pbcc_area;
335 if (ses->domainName == NULL) {
336 /* Sending null domain better than using a bogus domain name (as
337 we did briefly in 2.6.18) since server will use its default */
342 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, ses->domainName,
343 CIFS_MAX_DOMAINNAME_LEN, nls_cp);
344 bcc_ptr += 2 * bytes_ret;
345 bcc_ptr += 2; /* account for null terminator */
347 *pbcc_area = bcc_ptr;
351 static void unicode_ssetup_strings(char **pbcc_area, struct cifs_ses *ses,
352 const struct nls_table *nls_cp)
354 char *bcc_ptr = *pbcc_area;
357 /* BB FIXME add check that strings total less
358 than 335 or will need to send them as arrays */
360 /* unicode strings, must be word aligned before the call */
361 /* if ((long) bcc_ptr % 2) {
366 if (ses->user_name == NULL) {
367 /* null user mount */
371 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, ses->user_name,
372 CIFS_MAX_USERNAME_LEN, nls_cp);
374 bcc_ptr += 2 * bytes_ret;
375 bcc_ptr += 2; /* account for null termination */
377 unicode_domain_string(&bcc_ptr, ses, nls_cp);
378 unicode_oslm_strings(&bcc_ptr, nls_cp);
380 *pbcc_area = bcc_ptr;
383 static void ascii_ssetup_strings(char **pbcc_area, struct cifs_ses *ses,
384 const struct nls_table *nls_cp)
386 char *bcc_ptr = *pbcc_area;
390 /* BB what about null user mounts - check that we do this BB */
392 if (ses->user_name != NULL) {
393 len = strscpy(bcc_ptr, ses->user_name, CIFS_MAX_USERNAME_LEN);
394 if (WARN_ON_ONCE(len < 0))
395 len = CIFS_MAX_USERNAME_LEN - 1;
398 /* else null user mount */
400 bcc_ptr++; /* account for null termination */
403 if (ses->domainName != NULL) {
404 len = strscpy(bcc_ptr, ses->domainName, CIFS_MAX_DOMAINNAME_LEN);
405 if (WARN_ON_ONCE(len < 0))
406 len = CIFS_MAX_DOMAINNAME_LEN - 1;
408 } /* else we will send a null domain name
409 so the server will default to its own domain */
413 /* BB check for overflow here */
415 strcpy(bcc_ptr, "Linux version ");
416 bcc_ptr += strlen("Linux version ");
417 strcpy(bcc_ptr, init_utsname()->release);
418 bcc_ptr += strlen(init_utsname()->release) + 1;
420 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
421 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
423 *pbcc_area = bcc_ptr;
427 decode_unicode_ssetup(char **pbcc_area, int bleft, struct cifs_ses *ses,
428 const struct nls_table *nls_cp)
431 char *data = *pbcc_area;
433 cifs_dbg(FYI, "bleft %d\n", bleft);
435 kfree(ses->serverOS);
436 ses->serverOS = cifs_strndup_from_utf16(data, bleft, true, nls_cp);
437 cifs_dbg(FYI, "serverOS=%s\n", ses->serverOS);
438 len = (UniStrnlen((wchar_t *) data, bleft / 2) * 2) + 2;
444 kfree(ses->serverNOS);
445 ses->serverNOS = cifs_strndup_from_utf16(data, bleft, true, nls_cp);
446 cifs_dbg(FYI, "serverNOS=%s\n", ses->serverNOS);
447 len = (UniStrnlen((wchar_t *) data, bleft / 2) * 2) + 2;
453 kfree(ses->serverDomain);
454 ses->serverDomain = cifs_strndup_from_utf16(data, bleft, true, nls_cp);
455 cifs_dbg(FYI, "serverDomain=%s\n", ses->serverDomain);
460 static void decode_ascii_ssetup(char **pbcc_area, __u16 bleft,
461 struct cifs_ses *ses,
462 const struct nls_table *nls_cp)
465 char *bcc_ptr = *pbcc_area;
467 cifs_dbg(FYI, "decode sessetup ascii. bleft %d\n", bleft);
469 len = strnlen(bcc_ptr, bleft);
473 kfree(ses->serverOS);
475 ses->serverOS = kmalloc(len + 1, GFP_KERNEL);
477 memcpy(ses->serverOS, bcc_ptr, len);
478 ses->serverOS[len] = 0;
479 if (strncmp(ses->serverOS, "OS/2", 4) == 0)
480 cifs_dbg(FYI, "OS/2 server\n");
486 len = strnlen(bcc_ptr, bleft);
490 kfree(ses->serverNOS);
492 ses->serverNOS = kmalloc(len + 1, GFP_KERNEL);
493 if (ses->serverNOS) {
494 memcpy(ses->serverNOS, bcc_ptr, len);
495 ses->serverNOS[len] = 0;
501 len = strnlen(bcc_ptr, bleft);
505 /* No domain field in LANMAN case. Domain is
506 returned by old servers in the SMB negprot response */
507 /* BB For newer servers which do not support Unicode,
508 but thus do return domain here we could add parsing
509 for it later, but it is not very important */
510 cifs_dbg(FYI, "ascii: bytes left %d\n", bleft);
513 int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len,
514 struct cifs_ses *ses)
516 unsigned int tioffset; /* challenge message target info area */
517 unsigned int tilen; /* challenge message target info area length */
519 CHALLENGE_MESSAGE *pblob = (CHALLENGE_MESSAGE *)bcc_ptr;
521 if (blob_len < sizeof(CHALLENGE_MESSAGE)) {
522 cifs_dbg(VFS, "challenge blob len %d too small\n", blob_len);
526 if (memcmp(pblob->Signature, "NTLMSSP", 8)) {
527 cifs_dbg(VFS, "blob signature incorrect %s\n",
531 if (pblob->MessageType != NtLmChallenge) {
532 cifs_dbg(VFS, "Incorrect message type %d\n",
537 memcpy(ses->ntlmssp->cryptkey, pblob->Challenge, CIFS_CRYPTO_KEY_SIZE);
538 /* BB we could decode pblob->NegotiateFlags; some may be useful */
539 /* In particular we can examine sign flags */
540 /* BB spec says that if AvId field of MsvAvTimestamp is populated then
541 we must set the MIC field of the AUTHENTICATE_MESSAGE */
542 ses->ntlmssp->server_flags = le32_to_cpu(pblob->NegotiateFlags);
543 tioffset = le32_to_cpu(pblob->TargetInfoArray.BufferOffset);
544 tilen = le16_to_cpu(pblob->TargetInfoArray.Length);
545 if (tioffset > blob_len || tioffset + tilen > blob_len) {
546 cifs_dbg(VFS, "tioffset + tilen too high %u + %u",
551 ses->auth_key.response = kmemdup(bcc_ptr + tioffset, tilen,
553 if (!ses->auth_key.response) {
554 cifs_dbg(VFS, "Challenge target info alloc failure");
557 ses->auth_key.len = tilen;
563 /* BB Move to ntlmssp.c eventually */
565 /* We do not malloc the blob, it is passed in pbuffer, because
566 it is fixed size, and small, making this approach cleaner */
567 void build_ntlmssp_negotiate_blob(unsigned char *pbuffer,
568 struct cifs_ses *ses)
570 struct TCP_Server_Info *server = cifs_ses_server(ses);
571 NEGOTIATE_MESSAGE *sec_blob = (NEGOTIATE_MESSAGE *)pbuffer;
574 memset(pbuffer, 0, sizeof(NEGOTIATE_MESSAGE));
575 memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8);
576 sec_blob->MessageType = NtLmNegotiate;
578 /* BB is NTLMV2 session security format easier to use here? */
579 flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET |
580 NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
581 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC |
582 NTLMSSP_NEGOTIATE_SEAL;
584 flags |= NTLMSSP_NEGOTIATE_SIGN;
585 if (!server->session_estab || ses->ntlmssp->sesskey_per_smbsess)
586 flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
588 sec_blob->NegotiateFlags = cpu_to_le32(flags);
590 sec_blob->WorkstationName.BufferOffset = 0;
591 sec_blob->WorkstationName.Length = 0;
592 sec_blob->WorkstationName.MaximumLength = 0;
594 /* Domain name is sent on the Challenge not Negotiate NTLMSSP request */
595 sec_blob->DomainName.BufferOffset = 0;
596 sec_blob->DomainName.Length = 0;
597 sec_blob->DomainName.MaximumLength = 0;
600 static int size_of_ntlmssp_blob(struct cifs_ses *ses)
602 int sz = sizeof(AUTHENTICATE_MESSAGE) + ses->auth_key.len
603 - CIFS_SESS_KEY_SIZE + CIFS_CPHTXT_SIZE + 2;
606 sz += 2 * strnlen(ses->domainName, CIFS_MAX_DOMAINNAME_LEN);
611 sz += 2 * strnlen(ses->user_name, CIFS_MAX_USERNAME_LEN);
618 int build_ntlmssp_auth_blob(unsigned char **pbuffer,
620 struct cifs_ses *ses,
621 const struct nls_table *nls_cp)
624 AUTHENTICATE_MESSAGE *sec_blob;
628 rc = setup_ntlmv2_rsp(ses, nls_cp);
630 cifs_dbg(VFS, "Error %d during NTLMSSP authentication\n", rc);
632 goto setup_ntlmv2_ret;
634 *pbuffer = kmalloc(size_of_ntlmssp_blob(ses), GFP_KERNEL);
637 cifs_dbg(VFS, "Error %d during NTLMSSP allocation\n", rc);
639 goto setup_ntlmv2_ret;
641 sec_blob = (AUTHENTICATE_MESSAGE *)*pbuffer;
643 memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8);
644 sec_blob->MessageType = NtLmAuthenticate;
646 flags = NTLMSSP_NEGOTIATE_56 |
647 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO |
648 NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
649 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC |
650 NTLMSSP_NEGOTIATE_SEAL;
651 if (ses->server->sign)
652 flags |= NTLMSSP_NEGOTIATE_SIGN;
653 if (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess)
654 flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
656 tmp = *pbuffer + sizeof(AUTHENTICATE_MESSAGE);
657 sec_blob->NegotiateFlags = cpu_to_le32(flags);
659 sec_blob->LmChallengeResponse.BufferOffset =
660 cpu_to_le32(sizeof(AUTHENTICATE_MESSAGE));
661 sec_blob->LmChallengeResponse.Length = 0;
662 sec_blob->LmChallengeResponse.MaximumLength = 0;
664 sec_blob->NtChallengeResponse.BufferOffset =
665 cpu_to_le32(tmp - *pbuffer);
666 if (ses->user_name != NULL) {
667 memcpy(tmp, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
668 ses->auth_key.len - CIFS_SESS_KEY_SIZE);
669 tmp += ses->auth_key.len - CIFS_SESS_KEY_SIZE;
671 sec_blob->NtChallengeResponse.Length =
672 cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
673 sec_blob->NtChallengeResponse.MaximumLength =
674 cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
677 * don't send an NT Response for anonymous access
679 sec_blob->NtChallengeResponse.Length = 0;
680 sec_blob->NtChallengeResponse.MaximumLength = 0;
683 if (ses->domainName == NULL) {
684 sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - *pbuffer);
685 sec_blob->DomainName.Length = 0;
686 sec_blob->DomainName.MaximumLength = 0;
690 len = cifs_strtoUTF16((__le16 *)tmp, ses->domainName,
691 CIFS_MAX_DOMAINNAME_LEN, nls_cp);
692 len *= 2; /* unicode is 2 bytes each */
693 sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - *pbuffer);
694 sec_blob->DomainName.Length = cpu_to_le16(len);
695 sec_blob->DomainName.MaximumLength = cpu_to_le16(len);
699 if (ses->user_name == NULL) {
700 sec_blob->UserName.BufferOffset = cpu_to_le32(tmp - *pbuffer);
701 sec_blob->UserName.Length = 0;
702 sec_blob->UserName.MaximumLength = 0;
706 len = cifs_strtoUTF16((__le16 *)tmp, ses->user_name,
707 CIFS_MAX_USERNAME_LEN, nls_cp);
708 len *= 2; /* unicode is 2 bytes each */
709 sec_blob->UserName.BufferOffset = cpu_to_le32(tmp - *pbuffer);
710 sec_blob->UserName.Length = cpu_to_le16(len);
711 sec_blob->UserName.MaximumLength = cpu_to_le16(len);
715 sec_blob->WorkstationName.BufferOffset = cpu_to_le32(tmp - *pbuffer);
716 sec_blob->WorkstationName.Length = 0;
717 sec_blob->WorkstationName.MaximumLength = 0;
720 if (((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) ||
721 (ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
722 && !calc_seckey(ses)) {
723 memcpy(tmp, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE);
724 sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - *pbuffer);
725 sec_blob->SessionKey.Length = cpu_to_le16(CIFS_CPHTXT_SIZE);
726 sec_blob->SessionKey.MaximumLength =
727 cpu_to_le16(CIFS_CPHTXT_SIZE);
728 tmp += CIFS_CPHTXT_SIZE;
730 sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - *pbuffer);
731 sec_blob->SessionKey.Length = 0;
732 sec_blob->SessionKey.MaximumLength = 0;
735 *buflen = tmp - *pbuffer;
741 cifs_select_sectype(struct TCP_Server_Info *server, enum securityEnum requested)
743 switch (server->negflavor) {
744 case CIFS_NEGFLAVOR_EXTENDED:
750 if (server->sec_ntlmssp &&
751 (global_secflags & CIFSSEC_MAY_NTLMSSP))
753 if ((server->sec_kerberos || server->sec_mskerberos) &&
754 (global_secflags & CIFSSEC_MAY_KRB5))
760 case CIFS_NEGFLAVOR_UNENCAP:
766 if (global_secflags & CIFSSEC_MAY_NTLMV2)
768 if (global_secflags & CIFSSEC_MAY_NTLM)
773 /* Fallthrough - to attempt LANMAN authentication next */
774 case CIFS_NEGFLAVOR_LANMAN:
779 if (global_secflags & CIFSSEC_MAY_LANMAN)
792 struct cifs_ses *ses;
793 struct nls_table *nls_cp;
794 void (*func)(struct sess_data *);
797 /* we will send the SMB in three pieces:
798 * a fixed length beginning part, an optional
799 * SPNEGO blob (which can be zero length), and a
800 * last part which will include the strings
801 * and rest of bcc area. This allows us to avoid
802 * a large buffer 17K allocation
809 sess_alloc_buffer(struct sess_data *sess_data, int wct)
812 struct cifs_ses *ses = sess_data->ses;
813 struct smb_hdr *smb_buf;
815 rc = small_smb_init_no_tc(SMB_COM_SESSION_SETUP_ANDX, wct, ses,
821 sess_data->iov[0].iov_base = (char *)smb_buf;
822 sess_data->iov[0].iov_len = be32_to_cpu(smb_buf->smb_buf_length) + 4;
824 * This variable will be used to clear the buffer
825 * allocated above in case of any error in the calling function.
827 sess_data->buf0_type = CIFS_SMALL_BUFFER;
829 /* 2000 big enough to fit max user, domain, NOS name etc. */
830 sess_data->iov[2].iov_base = kmalloc(2000, GFP_KERNEL);
831 if (!sess_data->iov[2].iov_base) {
833 goto out_free_smb_buf;
840 sess_data->iov[0].iov_base = NULL;
841 sess_data->iov[0].iov_len = 0;
842 sess_data->buf0_type = CIFS_NO_BUFFER;
847 sess_free_buffer(struct sess_data *sess_data)
850 free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
851 sess_data->buf0_type = CIFS_NO_BUFFER;
852 kfree(sess_data->iov[2].iov_base);
856 sess_establish_session(struct sess_data *sess_data)
858 struct cifs_ses *ses = sess_data->ses;
860 mutex_lock(&ses->server->srv_mutex);
861 if (!ses->server->session_estab) {
862 if (ses->server->sign) {
863 ses->server->session_key.response =
864 kmemdup(ses->auth_key.response,
865 ses->auth_key.len, GFP_KERNEL);
866 if (!ses->server->session_key.response) {
867 mutex_unlock(&ses->server->srv_mutex);
870 ses->server->session_key.len =
873 ses->server->sequence_number = 0x2;
874 ses->server->session_estab = true;
876 mutex_unlock(&ses->server->srv_mutex);
878 cifs_dbg(FYI, "CIFS session established successfully\n");
879 spin_lock(&GlobalMid_Lock);
880 ses->status = CifsGood;
881 ses->need_reconnect = false;
882 spin_unlock(&GlobalMid_Lock);
888 sess_sendreceive(struct sess_data *sess_data)
891 struct smb_hdr *smb_buf = (struct smb_hdr *) sess_data->iov[0].iov_base;
893 struct kvec rsp_iov = { NULL, 0 };
895 count = sess_data->iov[1].iov_len + sess_data->iov[2].iov_len;
896 smb_buf->smb_buf_length =
897 cpu_to_be32(be32_to_cpu(smb_buf->smb_buf_length) + count);
898 put_bcc(count, smb_buf);
900 rc = SendReceive2(sess_data->xid, sess_data->ses,
901 sess_data->iov, 3 /* num_iovecs */,
902 &sess_data->buf0_type,
903 CIFS_LOG_ERROR, &rsp_iov);
904 cifs_small_buf_release(sess_data->iov[0].iov_base);
905 memcpy(&sess_data->iov[0], &rsp_iov, sizeof(struct kvec));
911 * LANMAN and plaintext are less secure and off by default.
912 * So we make this explicitly be turned on in kconfig (in the
913 * build) and turned on at runtime (changed from the default)
914 * in proc/fs/cifs or via mount parm. Unfortunately this is
915 * needed for old Win (e.g. Win95), some obscure NAS and OS/2
917 #ifdef CONFIG_CIFS_WEAK_PW_HASH
919 sess_auth_lanman(struct sess_data *sess_data)
922 struct smb_hdr *smb_buf;
923 SESSION_SETUP_ANDX *pSMB;
925 struct cifs_ses *ses = sess_data->ses;
926 char lnm_session_key[CIFS_AUTH_RESP_SIZE];
927 __u16 bytes_remaining;
929 /* lanman 2 style sessionsetup */
931 rc = sess_alloc_buffer(sess_data, 10);
935 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
936 bcc_ptr = sess_data->iov[2].iov_base;
937 (void)cifs_ssetup_hdr(ses, pSMB);
939 pSMB->req.hdr.Flags2 &= ~SMBFLG2_UNICODE;
941 if (ses->user_name != NULL) {
942 /* no capabilities flags in old lanman negotiation */
943 pSMB->old_req.PasswordLength = cpu_to_le16(CIFS_AUTH_RESP_SIZE);
945 /* Calculate hash with password and copy into bcc_ptr.
946 * Encryption Key (stored as in cryptkey) gets used if the
947 * security mode bit in Negottiate Protocol response states
948 * to use challenge/response method (i.e. Password bit is 1).
950 rc = calc_lanman_hash(ses->password, ses->server->cryptkey,
951 ses->server->sec_mode & SECMODE_PW_ENCRYPT ?
952 true : false, lnm_session_key);
956 memcpy(bcc_ptr, (char *)lnm_session_key, CIFS_AUTH_RESP_SIZE);
957 bcc_ptr += CIFS_AUTH_RESP_SIZE;
959 pSMB->old_req.PasswordLength = 0;
963 * can not sign if LANMAN negotiated so no need
964 * to calculate signing key? but what if server
965 * changed to do higher than lanman dialect and
966 * we reconnected would we ever calc signing_key?
969 cifs_dbg(FYI, "Negotiating LANMAN setting up strings\n");
970 /* Unicode not allowed for LANMAN dialects */
971 ascii_ssetup_strings(&bcc_ptr, ses, sess_data->nls_cp);
973 sess_data->iov[2].iov_len = (long) bcc_ptr -
974 (long) sess_data->iov[2].iov_base;
976 rc = sess_sendreceive(sess_data);
980 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
981 smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base;
983 /* lanman response has a word count of 3 */
984 if (smb_buf->WordCount != 3) {
986 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount);
990 if (le16_to_cpu(pSMB->resp.Action) & GUEST_LOGIN)
991 cifs_dbg(FYI, "Guest login\n"); /* BB mark SesInfo struct? */
993 ses->Suid = smb_buf->Uid; /* UID left in wire format (le) */
994 cifs_dbg(FYI, "UID = %llu\n", ses->Suid);
996 bytes_remaining = get_bcc(smb_buf);
997 bcc_ptr = pByteArea(smb_buf);
999 /* BB check if Unicode and decode strings */
1000 if (bytes_remaining == 0) {
1001 /* no string area to decode, do nothing */
1002 } else if (smb_buf->Flags2 & SMBFLG2_UNICODE) {
1003 /* unicode string area must be word-aligned */
1004 if (((unsigned long) bcc_ptr - (unsigned long) smb_buf) % 2) {
1008 decode_unicode_ssetup(&bcc_ptr, bytes_remaining, ses,
1011 decode_ascii_ssetup(&bcc_ptr, bytes_remaining, ses,
1015 rc = sess_establish_session(sess_data);
1017 sess_data->result = rc;
1018 sess_data->func = NULL;
1019 sess_free_buffer(sess_data);
1025 sess_auth_ntlm(struct sess_data *sess_data)
1028 struct smb_hdr *smb_buf;
1029 SESSION_SETUP_ANDX *pSMB;
1031 struct cifs_ses *ses = sess_data->ses;
1033 __u16 bytes_remaining;
1035 /* old style NTLM sessionsetup */
1037 rc = sess_alloc_buffer(sess_data, 13);
1041 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1042 bcc_ptr = sess_data->iov[2].iov_base;
1043 capabilities = cifs_ssetup_hdr(ses, pSMB);
1045 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
1046 if (ses->user_name != NULL) {
1047 pSMB->req_no_secext.CaseInsensitivePasswordLength =
1048 cpu_to_le16(CIFS_AUTH_RESP_SIZE);
1049 pSMB->req_no_secext.CaseSensitivePasswordLength =
1050 cpu_to_le16(CIFS_AUTH_RESP_SIZE);
1052 /* calculate ntlm response and session key */
1053 rc = setup_ntlm_response(ses, sess_data->nls_cp);
1055 cifs_dbg(VFS, "Error %d during NTLM authentication\n",
1060 /* copy ntlm response */
1061 memcpy(bcc_ptr, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
1062 CIFS_AUTH_RESP_SIZE);
1063 bcc_ptr += CIFS_AUTH_RESP_SIZE;
1064 memcpy(bcc_ptr, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
1065 CIFS_AUTH_RESP_SIZE);
1066 bcc_ptr += CIFS_AUTH_RESP_SIZE;
1068 pSMB->req_no_secext.CaseInsensitivePasswordLength = 0;
1069 pSMB->req_no_secext.CaseSensitivePasswordLength = 0;
1072 if (ses->capabilities & CAP_UNICODE) {
1073 /* unicode strings must be word aligned */
1074 if (sess_data->iov[0].iov_len % 2) {
1078 unicode_ssetup_strings(&bcc_ptr, ses, sess_data->nls_cp);
1080 ascii_ssetup_strings(&bcc_ptr, ses, sess_data->nls_cp);
1084 sess_data->iov[2].iov_len = (long) bcc_ptr -
1085 (long) sess_data->iov[2].iov_base;
1087 rc = sess_sendreceive(sess_data);
1091 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1092 smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base;
1094 if (smb_buf->WordCount != 3) {
1096 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount);
1100 if (le16_to_cpu(pSMB->resp.Action) & GUEST_LOGIN)
1101 cifs_dbg(FYI, "Guest login\n"); /* BB mark SesInfo struct? */
1103 ses->Suid = smb_buf->Uid; /* UID left in wire format (le) */
1104 cifs_dbg(FYI, "UID = %llu\n", ses->Suid);
1106 bytes_remaining = get_bcc(smb_buf);
1107 bcc_ptr = pByteArea(smb_buf);
1109 /* BB check if Unicode and decode strings */
1110 if (bytes_remaining == 0) {
1111 /* no string area to decode, do nothing */
1112 } else if (smb_buf->Flags2 & SMBFLG2_UNICODE) {
1113 /* unicode string area must be word-aligned */
1114 if (((unsigned long) bcc_ptr - (unsigned long) smb_buf) % 2) {
1118 decode_unicode_ssetup(&bcc_ptr, bytes_remaining, ses,
1121 decode_ascii_ssetup(&bcc_ptr, bytes_remaining, ses,
1125 rc = sess_establish_session(sess_data);
1127 sess_data->result = rc;
1128 sess_data->func = NULL;
1129 sess_free_buffer(sess_data);
1130 kfree(ses->auth_key.response);
1131 ses->auth_key.response = NULL;
1135 sess_auth_ntlmv2(struct sess_data *sess_data)
1138 struct smb_hdr *smb_buf;
1139 SESSION_SETUP_ANDX *pSMB;
1141 struct cifs_ses *ses = sess_data->ses;
1143 __u16 bytes_remaining;
1145 /* old style NTLM sessionsetup */
1147 rc = sess_alloc_buffer(sess_data, 13);
1151 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1152 bcc_ptr = sess_data->iov[2].iov_base;
1153 capabilities = cifs_ssetup_hdr(ses, pSMB);
1155 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
1157 /* LM2 password would be here if we supported it */
1158 pSMB->req_no_secext.CaseInsensitivePasswordLength = 0;
1160 if (ses->user_name != NULL) {
1161 /* calculate nlmv2 response and session key */
1162 rc = setup_ntlmv2_rsp(ses, sess_data->nls_cp);
1164 cifs_dbg(VFS, "Error %d during NTLMv2 authentication\n", rc);
1168 memcpy(bcc_ptr, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
1169 ses->auth_key.len - CIFS_SESS_KEY_SIZE);
1170 bcc_ptr += ses->auth_key.len - CIFS_SESS_KEY_SIZE;
1172 /* set case sensitive password length after tilen may get
1173 * assigned, tilen is 0 otherwise.
1175 pSMB->req_no_secext.CaseSensitivePasswordLength =
1176 cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
1178 pSMB->req_no_secext.CaseSensitivePasswordLength = 0;
1181 if (ses->capabilities & CAP_UNICODE) {
1182 if (sess_data->iov[0].iov_len % 2) {
1186 unicode_ssetup_strings(&bcc_ptr, ses, sess_data->nls_cp);
1188 ascii_ssetup_strings(&bcc_ptr, ses, sess_data->nls_cp);
1192 sess_data->iov[2].iov_len = (long) bcc_ptr -
1193 (long) sess_data->iov[2].iov_base;
1195 rc = sess_sendreceive(sess_data);
1199 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1200 smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base;
1202 if (smb_buf->WordCount != 3) {
1204 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount);
1208 if (le16_to_cpu(pSMB->resp.Action) & GUEST_LOGIN)
1209 cifs_dbg(FYI, "Guest login\n"); /* BB mark SesInfo struct? */
1211 ses->Suid = smb_buf->Uid; /* UID left in wire format (le) */
1212 cifs_dbg(FYI, "UID = %llu\n", ses->Suid);
1214 bytes_remaining = get_bcc(smb_buf);
1215 bcc_ptr = pByteArea(smb_buf);
1217 /* BB check if Unicode and decode strings */
1218 if (bytes_remaining == 0) {
1219 /* no string area to decode, do nothing */
1220 } else if (smb_buf->Flags2 & SMBFLG2_UNICODE) {
1221 /* unicode string area must be word-aligned */
1222 if (((unsigned long) bcc_ptr - (unsigned long) smb_buf) % 2) {
1226 decode_unicode_ssetup(&bcc_ptr, bytes_remaining, ses,
1229 decode_ascii_ssetup(&bcc_ptr, bytes_remaining, ses,
1233 rc = sess_establish_session(sess_data);
1235 sess_data->result = rc;
1236 sess_data->func = NULL;
1237 sess_free_buffer(sess_data);
1238 kfree(ses->auth_key.response);
1239 ses->auth_key.response = NULL;
1242 #ifdef CONFIG_CIFS_UPCALL
1244 sess_auth_kerberos(struct sess_data *sess_data)
1247 struct smb_hdr *smb_buf;
1248 SESSION_SETUP_ANDX *pSMB;
1250 struct cifs_ses *ses = sess_data->ses;
1252 __u16 bytes_remaining;
1253 struct key *spnego_key = NULL;
1254 struct cifs_spnego_msg *msg;
1257 /* extended security */
1259 rc = sess_alloc_buffer(sess_data, 12);
1263 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1264 bcc_ptr = sess_data->iov[2].iov_base;
1265 capabilities = cifs_ssetup_hdr(ses, pSMB);
1267 spnego_key = cifs_get_spnego_key(ses);
1268 if (IS_ERR(spnego_key)) {
1269 rc = PTR_ERR(spnego_key);
1274 msg = spnego_key->payload.data[0];
1276 * check version field to make sure that cifs.upcall is
1277 * sending us a response in an expected form
1279 if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) {
1281 "incorrect version of cifs.upcall (expected %d but got %d)",
1282 CIFS_SPNEGO_UPCALL_VERSION, msg->version);
1284 goto out_put_spnego_key;
1287 ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len,
1289 if (!ses->auth_key.response) {
1290 cifs_dbg(VFS, "Kerberos can't allocate (%u bytes) memory",
1293 goto out_put_spnego_key;
1295 ses->auth_key.len = msg->sesskey_len;
1297 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
1298 capabilities |= CAP_EXTENDED_SECURITY;
1299 pSMB->req.Capabilities = cpu_to_le32(capabilities);
1300 sess_data->iov[1].iov_base = msg->data + msg->sesskey_len;
1301 sess_data->iov[1].iov_len = msg->secblob_len;
1302 pSMB->req.SecurityBlobLength = cpu_to_le16(sess_data->iov[1].iov_len);
1304 if (ses->capabilities & CAP_UNICODE) {
1305 /* unicode strings must be word aligned */
1306 if ((sess_data->iov[0].iov_len
1307 + sess_data->iov[1].iov_len) % 2) {
1311 unicode_oslm_strings(&bcc_ptr, sess_data->nls_cp);
1312 unicode_domain_string(&bcc_ptr, ses, sess_data->nls_cp);
1314 /* BB: is this right? */
1315 ascii_ssetup_strings(&bcc_ptr, ses, sess_data->nls_cp);
1318 sess_data->iov[2].iov_len = (long) bcc_ptr -
1319 (long) sess_data->iov[2].iov_base;
1321 rc = sess_sendreceive(sess_data);
1323 goto out_put_spnego_key;
1325 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1326 smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base;
1328 if (smb_buf->WordCount != 4) {
1330 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount);
1331 goto out_put_spnego_key;
1334 if (le16_to_cpu(pSMB->resp.Action) & GUEST_LOGIN)
1335 cifs_dbg(FYI, "Guest login\n"); /* BB mark SesInfo struct? */
1337 ses->Suid = smb_buf->Uid; /* UID left in wire format (le) */
1338 cifs_dbg(FYI, "UID = %llu\n", ses->Suid);
1340 bytes_remaining = get_bcc(smb_buf);
1341 bcc_ptr = pByteArea(smb_buf);
1343 blob_len = le16_to_cpu(pSMB->resp.SecurityBlobLength);
1344 if (blob_len > bytes_remaining) {
1345 cifs_dbg(VFS, "bad security blob length %d\n",
1348 goto out_put_spnego_key;
1350 bcc_ptr += blob_len;
1351 bytes_remaining -= blob_len;
1353 /* BB check if Unicode and decode strings */
1354 if (bytes_remaining == 0) {
1355 /* no string area to decode, do nothing */
1356 } else if (smb_buf->Flags2 & SMBFLG2_UNICODE) {
1357 /* unicode string area must be word-aligned */
1358 if (((unsigned long) bcc_ptr - (unsigned long) smb_buf) % 2) {
1362 decode_unicode_ssetup(&bcc_ptr, bytes_remaining, ses,
1365 decode_ascii_ssetup(&bcc_ptr, bytes_remaining, ses,
1369 rc = sess_establish_session(sess_data);
1371 key_invalidate(spnego_key);
1372 key_put(spnego_key);
1374 sess_data->result = rc;
1375 sess_data->func = NULL;
1376 sess_free_buffer(sess_data);
1377 kfree(ses->auth_key.response);
1378 ses->auth_key.response = NULL;
1381 #endif /* ! CONFIG_CIFS_UPCALL */
1384 * The required kvec buffers have to be allocated before calling this
1388 _sess_auth_rawntlmssp_assemble_req(struct sess_data *sess_data)
1390 SESSION_SETUP_ANDX *pSMB;
1391 struct cifs_ses *ses = sess_data->ses;
1395 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1397 capabilities = cifs_ssetup_hdr(ses, pSMB);
1398 if ((pSMB->req.hdr.Flags2 & SMBFLG2_UNICODE) == 0) {
1399 cifs_dbg(VFS, "NTLMSSP requires Unicode support\n");
1403 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
1404 capabilities |= CAP_EXTENDED_SECURITY;
1405 pSMB->req.Capabilities |= cpu_to_le32(capabilities);
1407 bcc_ptr = sess_data->iov[2].iov_base;
1408 /* unicode strings must be word aligned */
1409 if ((sess_data->iov[0].iov_len + sess_data->iov[1].iov_len) % 2) {
1413 unicode_oslm_strings(&bcc_ptr, sess_data->nls_cp);
1415 sess_data->iov[2].iov_len = (long) bcc_ptr -
1416 (long) sess_data->iov[2].iov_base;
1422 sess_auth_rawntlmssp_authenticate(struct sess_data *sess_data);
1425 sess_auth_rawntlmssp_negotiate(struct sess_data *sess_data)
1428 struct smb_hdr *smb_buf;
1429 SESSION_SETUP_ANDX *pSMB;
1430 struct cifs_ses *ses = sess_data->ses;
1431 __u16 bytes_remaining;
1435 cifs_dbg(FYI, "rawntlmssp session setup negotiate phase\n");
1438 * if memory allocation is successful, caller of this function
1441 ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL);
1442 if (!ses->ntlmssp) {
1446 ses->ntlmssp->sesskey_per_smbsess = false;
1449 rc = sess_alloc_buffer(sess_data, 12);
1453 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1455 /* Build security blob before we assemble the request */
1456 build_ntlmssp_negotiate_blob(pSMB->req.SecurityBlob, ses);
1457 sess_data->iov[1].iov_len = sizeof(NEGOTIATE_MESSAGE);
1458 sess_data->iov[1].iov_base = pSMB->req.SecurityBlob;
1459 pSMB->req.SecurityBlobLength = cpu_to_le16(sizeof(NEGOTIATE_MESSAGE));
1461 rc = _sess_auth_rawntlmssp_assemble_req(sess_data);
1465 rc = sess_sendreceive(sess_data);
1467 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1468 smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base;
1470 /* If true, rc here is expected and not an error */
1471 if (sess_data->buf0_type != CIFS_NO_BUFFER &&
1472 smb_buf->Status.CifsError ==
1473 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
1479 cifs_dbg(FYI, "rawntlmssp session setup challenge phase\n");
1481 if (smb_buf->WordCount != 4) {
1483 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount);
1487 ses->Suid = smb_buf->Uid; /* UID left in wire format (le) */
1488 cifs_dbg(FYI, "UID = %llu\n", ses->Suid);
1490 bytes_remaining = get_bcc(smb_buf);
1491 bcc_ptr = pByteArea(smb_buf);
1493 blob_len = le16_to_cpu(pSMB->resp.SecurityBlobLength);
1494 if (blob_len > bytes_remaining) {
1495 cifs_dbg(VFS, "bad security blob length %d\n",
1501 rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
1503 sess_free_buffer(sess_data);
1506 sess_data->func = sess_auth_rawntlmssp_authenticate;
1510 /* Else error. Cleanup */
1511 kfree(ses->auth_key.response);
1512 ses->auth_key.response = NULL;
1513 kfree(ses->ntlmssp);
1514 ses->ntlmssp = NULL;
1516 sess_data->func = NULL;
1517 sess_data->result = rc;
1521 sess_auth_rawntlmssp_authenticate(struct sess_data *sess_data)
1524 struct smb_hdr *smb_buf;
1525 SESSION_SETUP_ANDX *pSMB;
1526 struct cifs_ses *ses = sess_data->ses;
1527 __u16 bytes_remaining;
1529 unsigned char *ntlmsspblob = NULL;
1532 cifs_dbg(FYI, "rawntlmssp session setup authenticate phase\n");
1535 rc = sess_alloc_buffer(sess_data, 12);
1539 /* Build security blob before we assemble the request */
1540 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1541 smb_buf = (struct smb_hdr *)pSMB;
1542 rc = build_ntlmssp_auth_blob(&ntlmsspblob,
1543 &blob_len, ses, sess_data->nls_cp);
1545 goto out_free_ntlmsspblob;
1546 sess_data->iov[1].iov_len = blob_len;
1547 sess_data->iov[1].iov_base = ntlmsspblob;
1548 pSMB->req.SecurityBlobLength = cpu_to_le16(blob_len);
1550 * Make sure that we tell the server that we are using
1551 * the uid that it just gave us back on the response
1554 smb_buf->Uid = ses->Suid;
1556 rc = _sess_auth_rawntlmssp_assemble_req(sess_data);
1558 goto out_free_ntlmsspblob;
1560 rc = sess_sendreceive(sess_data);
1562 goto out_free_ntlmsspblob;
1564 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1565 smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base;
1566 if (smb_buf->WordCount != 4) {
1568 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount);
1569 goto out_free_ntlmsspblob;
1572 if (le16_to_cpu(pSMB->resp.Action) & GUEST_LOGIN)
1573 cifs_dbg(FYI, "Guest login\n"); /* BB mark SesInfo struct? */
1575 if (ses->Suid != smb_buf->Uid) {
1576 ses->Suid = smb_buf->Uid;
1577 cifs_dbg(FYI, "UID changed! new UID = %llu\n", ses->Suid);
1580 bytes_remaining = get_bcc(smb_buf);
1581 bcc_ptr = pByteArea(smb_buf);
1582 blob_len = le16_to_cpu(pSMB->resp.SecurityBlobLength);
1583 if (blob_len > bytes_remaining) {
1584 cifs_dbg(VFS, "bad security blob length %d\n",
1587 goto out_free_ntlmsspblob;
1589 bcc_ptr += blob_len;
1590 bytes_remaining -= blob_len;
1593 /* BB check if Unicode and decode strings */
1594 if (bytes_remaining == 0) {
1595 /* no string area to decode, do nothing */
1596 } else if (smb_buf->Flags2 & SMBFLG2_UNICODE) {
1597 /* unicode string area must be word-aligned */
1598 if (((unsigned long) bcc_ptr - (unsigned long) smb_buf) % 2) {
1602 decode_unicode_ssetup(&bcc_ptr, bytes_remaining, ses,
1605 decode_ascii_ssetup(&bcc_ptr, bytes_remaining, ses,
1609 out_free_ntlmsspblob:
1612 sess_free_buffer(sess_data);
1615 rc = sess_establish_session(sess_data);
1618 kfree(ses->auth_key.response);
1619 ses->auth_key.response = NULL;
1620 kfree(ses->ntlmssp);
1621 ses->ntlmssp = NULL;
1623 sess_data->func = NULL;
1624 sess_data->result = rc;
1627 static int select_sec(struct cifs_ses *ses, struct sess_data *sess_data)
1631 type = cifs_select_sectype(ses->server, ses->sectype);
1632 cifs_dbg(FYI, "sess setup type %d\n", type);
1633 if (type == Unspecified) {
1635 "Unable to select appropriate authentication method!");
1641 /* LANMAN and plaintext are less secure and off by default.
1642 * So we make this explicitly be turned on in kconfig (in the
1643 * build) and turned on at runtime (changed from the default)
1644 * in proc/fs/cifs or via mount parm. Unfortunately this is
1645 * needed for old Win (e.g. Win95), some obscure NAS and OS/2 */
1646 #ifdef CONFIG_CIFS_WEAK_PW_HASH
1647 sess_data->func = sess_auth_lanman;
1653 sess_data->func = sess_auth_ntlm;
1656 sess_data->func = sess_auth_ntlmv2;
1659 #ifdef CONFIG_CIFS_UPCALL
1660 sess_data->func = sess_auth_kerberos;
1663 cifs_dbg(VFS, "Kerberos negotiated but upcall support disabled!\n");
1666 #endif /* CONFIG_CIFS_UPCALL */
1668 sess_data->func = sess_auth_rawntlmssp_negotiate;
1671 cifs_dbg(VFS, "secType %d not supported!\n", type);
1678 int CIFS_SessSetup(const unsigned int xid, struct cifs_ses *ses,
1679 const struct nls_table *nls_cp)
1682 struct sess_data *sess_data;
1685 WARN(1, "%s: ses == NULL!", __func__);
1689 sess_data = kzalloc(sizeof(struct sess_data), GFP_KERNEL);
1693 rc = select_sec(ses, sess_data);
1697 sess_data->xid = xid;
1698 sess_data->ses = ses;
1699 sess_data->buf0_type = CIFS_NO_BUFFER;
1700 sess_data->nls_cp = (struct nls_table *) nls_cp;
1702 while (sess_data->func)
1703 sess_data->func(sess_data);
1705 /* Store result before we free sess_data */
1706 rc = sess_data->result;
projects / linux.git / blob