blob: acea6c4ded471a23de995b2b0e55187473db739f [file] [log] [blame]
Steve French39798772006-05-31 22:40:51 +00001/*
2 * fs/cifs/sess.c
3 *
4 * SMB/CIFS session setup handling routines
5 *
Steve Frenchd185cda2009-04-30 17:45:10 +00006 * Copyright (c) International Business Machines Corp., 2006, 2009
Steve French39798772006-05-31 22:40:51 +00007 * Author(s): Steve French (sfrench@us.ibm.com)
8 *
9 * This library is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Lesser General Public License as published
11 * by the Free Software Foundation; either version 2.1 of the License, or
12 * (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
17 * the GNU Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public License
20 * along with this library; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 */
23
24#include "cifspdu.h"
25#include "cifsglob.h"
26#include "cifsproto.h"
27#include "cifs_unicode.h"
28#include "cifs_debug.h"
29#include "ntlmssp.h"
30#include "nterr.h"
Steve French9c535882006-06-01 05:09:10 +000031#include <linux/utsname.h>
Tejun Heo5a0e3ad2010-03-24 17:04:11 +090032#include <linux/slab.h>
Steve French24424212007-11-16 23:37:35 +000033#include "cifs_spnego.h"
Steve French39798772006-05-31 22:40:51 +000034
Jeff Laytonebe6aa52010-04-24 07:57:47 -040035/*
36 * Checks if this is the first smb session to be reconnected after
37 * the socket has been reestablished (so we know whether to use vc 0).
38 * Called while holding the cifs_tcp_ses_lock, so do not block
39 */
Steve French96daf2b2011-05-27 04:34:02 +000040static bool is_first_ses_reconnect(struct cifs_ses *ses)
Steve Frencheca6acf2009-02-20 05:43:09 +000041{
42 struct list_head *tmp;
Steve French96daf2b2011-05-27 04:34:02 +000043 struct cifs_ses *tmp_ses;
Steve Frencheca6acf2009-02-20 05:43:09 +000044
45 list_for_each(tmp, &ses->server->smb_ses_list) {
Steve French96daf2b2011-05-27 04:34:02 +000046 tmp_ses = list_entry(tmp, struct cifs_ses,
Steve Frencheca6acf2009-02-20 05:43:09 +000047 smb_ses_list);
48 if (tmp_ses->need_reconnect == false)
49 return false;
50 }
51 /* could not find a session that was already connected,
52 this must be the first one we are reconnecting */
53 return true;
54}
55
56/*
57 * vc number 0 is treated specially by some servers, and should be the
58 * first one we request. After that we can use vcnumbers up to maxvcs,
59 * one for each smb session (some Windows versions set maxvcs incorrectly
60 * so maxvc=1 can be ignored). If we have too many vcs, we can reuse
61 * any vc but zero (some servers reset the connection on vcnum zero)
62 *
63 */
Steve French96daf2b2011-05-27 04:34:02 +000064static __le16 get_next_vcnum(struct cifs_ses *ses)
Steve Frencheca6acf2009-02-20 05:43:09 +000065{
66 __u16 vcnum = 0;
67 struct list_head *tmp;
Steve French96daf2b2011-05-27 04:34:02 +000068 struct cifs_ses *tmp_ses;
Steve Frencheca6acf2009-02-20 05:43:09 +000069 __u16 max_vcs = ses->server->max_vcs;
70 __u16 i;
71 int free_vc_found = 0;
72
73 /* Quoting the MS-SMB specification: "Windows-based SMB servers set this
74 field to one but do not enforce this limit, which allows an SMB client
75 to establish more virtual circuits than allowed by this value ... but
76 other server implementations can enforce this limit." */
77 if (max_vcs < 2)
78 max_vcs = 0xFFFF;
79
Suresh Jayaraman3f9bcca2010-10-18 23:29:37 +053080 spin_lock(&cifs_tcp_ses_lock);
Steve Frencheca6acf2009-02-20 05:43:09 +000081 if ((ses->need_reconnect) && is_first_ses_reconnect(ses))
82 goto get_vc_num_exit; /* vcnum will be zero */
83 for (i = ses->server->srv_count - 1; i < max_vcs; i++) {
84 if (i == 0) /* this is the only connection, use vc 0 */
85 break;
86
87 free_vc_found = 1;
88
89 list_for_each(tmp, &ses->server->smb_ses_list) {
Steve French96daf2b2011-05-27 04:34:02 +000090 tmp_ses = list_entry(tmp, struct cifs_ses,
Steve Frencheca6acf2009-02-20 05:43:09 +000091 smb_ses_list);
92 if (tmp_ses->vcnum == i) {
93 free_vc_found = 0;
94 break; /* found duplicate, try next vcnum */
95 }
96 }
97 if (free_vc_found)
98 break; /* we found a vcnumber that will work - use it */
99 }
100
101 if (i == 0)
102 vcnum = 0; /* for most common case, ie if one smb session, use
103 vc zero. Also for case when no free vcnum, zero
104 is safest to send (some clients only send zero) */
105 else if (free_vc_found == 0)
106 vcnum = 1; /* we can not reuse vc=0 safely, since some servers
107 reset all uids on that, but 1 is ok. */
108 else
109 vcnum = i;
110 ses->vcnum = vcnum;
111get_vc_num_exit:
Suresh Jayaraman3f9bcca2010-10-18 23:29:37 +0530112 spin_unlock(&cifs_tcp_ses_lock);
Steve Frencheca6acf2009-02-20 05:43:09 +0000113
Steve French051a2a02009-05-01 16:21:04 +0000114 return cpu_to_le16(vcnum);
Steve Frencheca6acf2009-02-20 05:43:09 +0000115}
116
Steve French96daf2b2011-05-27 04:34:02 +0000117static __u32 cifs_ssetup_hdr(struct cifs_ses *ses, SESSION_SETUP_ANDX *pSMB)
Steve French39798772006-05-31 22:40:51 +0000118{
119 __u32 capabilities = 0;
120
121 /* init fields common to all four types of SessSetup */
Steve Frencheca6acf2009-02-20 05:43:09 +0000122 /* Note that offsets for first seven fields in req struct are same */
123 /* in CIFS Specs so does not matter which of 3 forms of struct */
124 /* that we use in next few lines */
125 /* Note that header is initialized to zero in header_assemble */
Steve French39798772006-05-31 22:40:51 +0000126 pSMB->req.AndXCommand = 0xFF;
Jeff Laytonc974bef2011-10-11 06:41:32 -0400127 pSMB->req.MaxBufferSize = cpu_to_le16(min_t(u32,
128 CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4,
129 USHRT_MAX));
Steve French39798772006-05-31 22:40:51 +0000130 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
Steve Frencheca6acf2009-02-20 05:43:09 +0000131 pSMB->req.VcNumber = get_next_vcnum(ses);
Steve French39798772006-05-31 22:40:51 +0000132
133 /* Now no need to set SMBFLG_CASELESS or obsolete CANONICAL PATH */
134
Steve French790fe572007-07-07 19:25:05 +0000135 /* BB verify whether signing required on neg or just on auth frame
Steve French39798772006-05-31 22:40:51 +0000136 (and NTLM case) */
137
138 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
139 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
140
Jeff Layton38d77c52013-05-26 07:01:00 -0400141 if (ses->server->sign)
Steve French39798772006-05-31 22:40:51 +0000142 pSMB->req.hdr.Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
143
144 if (ses->capabilities & CAP_UNICODE) {
145 pSMB->req.hdr.Flags2 |= SMBFLG2_UNICODE;
146 capabilities |= CAP_UNICODE;
147 }
148 if (ses->capabilities & CAP_STATUS32) {
149 pSMB->req.hdr.Flags2 |= SMBFLG2_ERR_STATUS;
150 capabilities |= CAP_STATUS32;
151 }
152 if (ses->capabilities & CAP_DFS) {
153 pSMB->req.hdr.Flags2 |= SMBFLG2_DFS;
154 capabilities |= CAP_DFS;
155 }
Steve French26f57362007-08-30 22:09:15 +0000156 if (ses->capabilities & CAP_UNIX)
Steve French39798772006-05-31 22:40:51 +0000157 capabilities |= CAP_UNIX;
Steve French39798772006-05-31 22:40:51 +0000158
Steve French39798772006-05-31 22:40:51 +0000159 return capabilities;
160}
161
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000162static void
163unicode_oslm_strings(char **pbcc_area, const struct nls_table *nls_cp)
164{
165 char *bcc_ptr = *pbcc_area;
166 int bytes_ret = 0;
167
168 /* Copy OS version */
Steve Frenchacbbb762012-01-18 22:32:33 -0600169 bytes_ret = cifs_strtoUTF16((__le16 *)bcc_ptr, "Linux version ", 32,
170 nls_cp);
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000171 bcc_ptr += 2 * bytes_ret;
Steve Frenchacbbb762012-01-18 22:32:33 -0600172 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, init_utsname()->release,
173 32, nls_cp);
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000174 bcc_ptr += 2 * bytes_ret;
175 bcc_ptr += 2; /* trailing null */
176
Steve Frenchacbbb762012-01-18 22:32:33 -0600177 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
178 32, nls_cp);
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000179 bcc_ptr += 2 * bytes_ret;
180 bcc_ptr += 2; /* trailing null */
181
182 *pbcc_area = bcc_ptr;
183}
184
Steve French96daf2b2011-05-27 04:34:02 +0000185static void unicode_domain_string(char **pbcc_area, struct cifs_ses *ses,
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000186 const struct nls_table *nls_cp)
187{
188 char *bcc_ptr = *pbcc_area;
189 int bytes_ret = 0;
190
191 /* copy domain */
192 if (ses->domainName == NULL) {
193 /* Sending null domain better than using a bogus domain name (as
194 we did briefly in 2.6.18) since server will use its default */
195 *bcc_ptr = 0;
196 *(bcc_ptr+1) = 0;
197 bytes_ret = 0;
198 } else
Steve Frenchacbbb762012-01-18 22:32:33 -0600199 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, ses->domainName,
Chen Gang057d6332013-07-19 09:01:36 +0800200 CIFS_MAX_DOMAINNAME_LEN, nls_cp);
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000201 bcc_ptr += 2 * bytes_ret;
202 bcc_ptr += 2; /* account for null terminator */
203
204 *pbcc_area = bcc_ptr;
205}
206
207
Steve French96daf2b2011-05-27 04:34:02 +0000208static void unicode_ssetup_strings(char **pbcc_area, struct cifs_ses *ses,
Steve French790fe572007-07-07 19:25:05 +0000209 const struct nls_table *nls_cp)
Steve French39798772006-05-31 22:40:51 +0000210{
Steve French790fe572007-07-07 19:25:05 +0000211 char *bcc_ptr = *pbcc_area;
Steve French39798772006-05-31 22:40:51 +0000212 int bytes_ret = 0;
213
214 /* BB FIXME add check that strings total less
215 than 335 or will need to send them as arrays */
216
Steve French0223cf02006-06-27 19:50:57 +0000217 /* unicode strings, must be word aligned before the call */
218/* if ((long) bcc_ptr % 2) {
Steve French39798772006-05-31 22:40:51 +0000219 *bcc_ptr = 0;
220 bcc_ptr++;
Steve French0223cf02006-06-27 19:50:57 +0000221 } */
Steve French39798772006-05-31 22:40:51 +0000222 /* copy user */
Steve French8727c8a2011-02-25 01:11:56 -0600223 if (ses->user_name == NULL) {
Steve French6e659c62006-11-08 23:10:46 +0000224 /* null user mount */
225 *bcc_ptr = 0;
226 *(bcc_ptr+1) = 0;
Steve French301a6a32010-02-06 07:08:53 +0000227 } else {
Steve Frenchacbbb762012-01-18 22:32:33 -0600228 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, ses->user_name,
Scott Lovenberg8c3a2b42013-08-09 08:47:17 -0400229 CIFS_MAX_USERNAME_LEN, nls_cp);
Steve French39798772006-05-31 22:40:51 +0000230 }
231 bcc_ptr += 2 * bytes_ret;
232 bcc_ptr += 2; /* account for null termination */
Steve French39798772006-05-31 22:40:51 +0000233
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000234 unicode_domain_string(&bcc_ptr, ses, nls_cp);
235 unicode_oslm_strings(&bcc_ptr, nls_cp);
Steve French39798772006-05-31 22:40:51 +0000236
237 *pbcc_area = bcc_ptr;
238}
239
Steve French96daf2b2011-05-27 04:34:02 +0000240static void ascii_ssetup_strings(char **pbcc_area, struct cifs_ses *ses,
Steve French790fe572007-07-07 19:25:05 +0000241 const struct nls_table *nls_cp)
Steve French39798772006-05-31 22:40:51 +0000242{
Steve French790fe572007-07-07 19:25:05 +0000243 char *bcc_ptr = *pbcc_area;
Steve French39798772006-05-31 22:40:51 +0000244
245 /* copy user */
246 /* BB what about null user mounts - check that we do this BB */
Steve French790fe572007-07-07 19:25:05 +0000247 /* copy user */
Shirish Pargaonkarde47a412012-02-02 15:28:28 -0600248 if (ses->user_name != NULL) {
Scott Lovenberg8c3a2b42013-08-09 08:47:17 -0400249 strncpy(bcc_ptr, ses->user_name, CIFS_MAX_USERNAME_LEN);
250 bcc_ptr += strnlen(ses->user_name, CIFS_MAX_USERNAME_LEN);
Shirish Pargaonkarde47a412012-02-02 15:28:28 -0600251 }
Steve French8727c8a2011-02-25 01:11:56 -0600252 /* else null user mount */
Steve French39798772006-05-31 22:40:51 +0000253 *bcc_ptr = 0;
Steve French790fe572007-07-07 19:25:05 +0000254 bcc_ptr++; /* account for null termination */
Steve French39798772006-05-31 22:40:51 +0000255
Steve French790fe572007-07-07 19:25:05 +0000256 /* copy domain */
Steve French790fe572007-07-07 19:25:05 +0000257 if (ses->domainName != NULL) {
Chen Gang057d6332013-07-19 09:01:36 +0800258 strncpy(bcc_ptr, ses->domainName, CIFS_MAX_DOMAINNAME_LEN);
259 bcc_ptr += strnlen(ses->domainName, CIFS_MAX_DOMAINNAME_LEN);
Steve French790fe572007-07-07 19:25:05 +0000260 } /* else we will send a null domain name
Steve French6e659c62006-11-08 23:10:46 +0000261 so the server will default to its own domain */
Steve French39798772006-05-31 22:40:51 +0000262 *bcc_ptr = 0;
263 bcc_ptr++;
264
265 /* BB check for overflow here */
266
267 strcpy(bcc_ptr, "Linux version ");
268 bcc_ptr += strlen("Linux version ");
Serge E. Hallyn96b644b2006-10-02 02:18:13 -0700269 strcpy(bcc_ptr, init_utsname()->release);
270 bcc_ptr += strlen(init_utsname()->release) + 1;
Steve French39798772006-05-31 22:40:51 +0000271
272 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
273 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
274
Steve French790fe572007-07-07 19:25:05 +0000275 *pbcc_area = bcc_ptr;
Steve French39798772006-05-31 22:40:51 +0000276}
277
Jeff Layton59140792009-04-30 07:16:21 -0400278static void
Steve French96daf2b2011-05-27 04:34:02 +0000279decode_unicode_ssetup(char **pbcc_area, int bleft, struct cifs_ses *ses,
Jeff Layton59140792009-04-30 07:16:21 -0400280 const struct nls_table *nls_cp)
Steve French39798772006-05-31 22:40:51 +0000281{
Jeff Layton59140792009-04-30 07:16:21 -0400282 int len;
Steve French790fe572007-07-07 19:25:05 +0000283 char *data = *pbcc_area;
Steve French39798772006-05-31 22:40:51 +0000284
Joe Perchesf96637b2013-05-04 22:12:25 -0500285 cifs_dbg(FYI, "bleft %d\n", bleft);
Steve French39798772006-05-31 22:40:51 +0000286
Steve French26f57362007-08-30 22:09:15 +0000287 kfree(ses->serverOS);
Steve Frenchacbbb762012-01-18 22:32:33 -0600288 ses->serverOS = cifs_strndup_from_utf16(data, bleft, true, nls_cp);
Joe Perchesf96637b2013-05-04 22:12:25 -0500289 cifs_dbg(FYI, "serverOS=%s\n", ses->serverOS);
Jeff Layton59140792009-04-30 07:16:21 -0400290 len = (UniStrnlen((wchar_t *) data, bleft / 2) * 2) + 2;
291 data += len;
292 bleft -= len;
293 if (bleft <= 0)
294 return;
Steve French39798772006-05-31 22:40:51 +0000295
Steve French26f57362007-08-30 22:09:15 +0000296 kfree(ses->serverNOS);
Steve Frenchacbbb762012-01-18 22:32:33 -0600297 ses->serverNOS = cifs_strndup_from_utf16(data, bleft, true, nls_cp);
Joe Perchesf96637b2013-05-04 22:12:25 -0500298 cifs_dbg(FYI, "serverNOS=%s\n", ses->serverNOS);
Jeff Layton59140792009-04-30 07:16:21 -0400299 len = (UniStrnlen((wchar_t *) data, bleft / 2) * 2) + 2;
300 data += len;
301 bleft -= len;
302 if (bleft <= 0)
303 return;
Steve French39798772006-05-31 22:40:51 +0000304
Steve French26f57362007-08-30 22:09:15 +0000305 kfree(ses->serverDomain);
Steve Frenchacbbb762012-01-18 22:32:33 -0600306 ses->serverDomain = cifs_strndup_from_utf16(data, bleft, true, nls_cp);
Joe Perchesf96637b2013-05-04 22:12:25 -0500307 cifs_dbg(FYI, "serverDomain=%s\n", ses->serverDomain);
Steve French790fe572007-07-07 19:25:05 +0000308
Jeff Layton59140792009-04-30 07:16:21 -0400309 return;
Steve French39798772006-05-31 22:40:51 +0000310}
311
Jeff Layton7d066452013-05-24 07:41:00 -0400312static void decode_ascii_ssetup(char **pbcc_area, __u16 bleft,
313 struct cifs_ses *ses,
314 const struct nls_table *nls_cp)
Steve French39798772006-05-31 22:40:51 +0000315{
Steve French39798772006-05-31 22:40:51 +0000316 int len;
Steve French790fe572007-07-07 19:25:05 +0000317 char *bcc_ptr = *pbcc_area;
Steve French39798772006-05-31 22:40:51 +0000318
Joe Perchesf96637b2013-05-04 22:12:25 -0500319 cifs_dbg(FYI, "decode sessetup ascii. bleft %d\n", bleft);
Steve French50c2f752007-07-13 00:33:32 +0000320
Steve French39798772006-05-31 22:40:51 +0000321 len = strnlen(bcc_ptr, bleft);
Steve French790fe572007-07-07 19:25:05 +0000322 if (len >= bleft)
Jeff Layton7d066452013-05-24 07:41:00 -0400323 return;
Steve French50c2f752007-07-13 00:33:32 +0000324
Steve French26f57362007-08-30 22:09:15 +0000325 kfree(ses->serverOS);
Steve French39798772006-05-31 22:40:51 +0000326
327 ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
Steve French790fe572007-07-07 19:25:05 +0000328 if (ses->serverOS)
Steve French39798772006-05-31 22:40:51 +0000329 strncpy(ses->serverOS, bcc_ptr, len);
Jeff Layton281e2e72013-05-26 07:00:56 -0400330 if (strncmp(ses->serverOS, "OS/2", 4) == 0)
Joe Perchesf96637b2013-05-04 22:12:25 -0500331 cifs_dbg(FYI, "OS/2 server\n");
Steve French39798772006-05-31 22:40:51 +0000332
333 bcc_ptr += len + 1;
334 bleft -= len + 1;
335
336 len = strnlen(bcc_ptr, bleft);
Steve French790fe572007-07-07 19:25:05 +0000337 if (len >= bleft)
Jeff Layton7d066452013-05-24 07:41:00 -0400338 return;
Steve French39798772006-05-31 22:40:51 +0000339
Steve French26f57362007-08-30 22:09:15 +0000340 kfree(ses->serverNOS);
Steve French39798772006-05-31 22:40:51 +0000341
342 ses->serverNOS = kzalloc(len + 1, GFP_KERNEL);
Steve French790fe572007-07-07 19:25:05 +0000343 if (ses->serverNOS)
Steve French39798772006-05-31 22:40:51 +0000344 strncpy(ses->serverNOS, bcc_ptr, len);
345
346 bcc_ptr += len + 1;
347 bleft -= len + 1;
348
Steve French790fe572007-07-07 19:25:05 +0000349 len = strnlen(bcc_ptr, bleft);
350 if (len > bleft)
Jeff Layton7d066452013-05-24 07:41:00 -0400351 return;
Steve French39798772006-05-31 22:40:51 +0000352
Steve French9ac00b72006-09-30 04:13:17 +0000353 /* No domain field in LANMAN case. Domain is
354 returned by old servers in the SMB negprot response */
355 /* BB For newer servers which do not support Unicode,
356 but thus do return domain here we could add parsing
357 for it later, but it is not very important */
Joe Perchesf96637b2013-05-04 22:12:25 -0500358 cifs_dbg(FYI, "ascii: bytes left %d\n", bleft);
Steve French39798772006-05-31 22:40:51 +0000359}
360
Pavel Shilovsky5478f9b2011-12-27 16:22:00 +0400361int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len,
Steve French96daf2b2011-05-27 04:34:02 +0000362 struct cifs_ses *ses)
Steve French0b3cc8582009-05-04 08:37:12 +0000363{
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500364 unsigned int tioffset; /* challenge message target info area */
365 unsigned int tilen; /* challenge message target info area length */
366
Steve French0b3cc8582009-05-04 08:37:12 +0000367 CHALLENGE_MESSAGE *pblob = (CHALLENGE_MESSAGE *)bcc_ptr;
368
369 if (blob_len < sizeof(CHALLENGE_MESSAGE)) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500370 cifs_dbg(VFS, "challenge blob len %d too small\n", blob_len);
Steve French0b3cc8582009-05-04 08:37:12 +0000371 return -EINVAL;
372 }
373
374 if (memcmp(pblob->Signature, "NTLMSSP", 8)) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500375 cifs_dbg(VFS, "blob signature incorrect %s\n",
376 pblob->Signature);
Steve French0b3cc8582009-05-04 08:37:12 +0000377 return -EINVAL;
378 }
379 if (pblob->MessageType != NtLmChallenge) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500380 cifs_dbg(VFS, "Incorrect message type %d\n",
381 pblob->MessageType);
Steve French0b3cc8582009-05-04 08:37:12 +0000382 return -EINVAL;
383 }
384
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500385 memcpy(ses->ntlmssp->cryptkey, pblob->Challenge, CIFS_CRYPTO_KEY_SIZE);
Steve French0b3cc8582009-05-04 08:37:12 +0000386 /* BB we could decode pblob->NegotiateFlags; some may be useful */
387 /* In particular we can examine sign flags */
388 /* BB spec says that if AvId field of MsvAvTimestamp is populated then
389 we must set the MIC field of the AUTHENTICATE_MESSAGE */
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500390 ses->ntlmssp->server_flags = le32_to_cpu(pblob->NegotiateFlags);
Steve French5443d132011-03-13 05:08:25 +0000391 tioffset = le32_to_cpu(pblob->TargetInfoArray.BufferOffset);
392 tilen = le16_to_cpu(pblob->TargetInfoArray.Length);
Dan Carpenter4991a5f2012-01-31 11:52:01 +0300393 if (tioffset > blob_len || tioffset + tilen > blob_len) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500394 cifs_dbg(VFS, "tioffset + tilen too high %u + %u",
395 tioffset, tilen);
Dan Carpenter4991a5f2012-01-31 11:52:01 +0300396 return -EINVAL;
397 }
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500398 if (tilen) {
Silviu-Mihai Popescuf7f7c182013-03-11 18:22:32 +0200399 ses->auth_key.response = kmemdup(bcc_ptr + tioffset, tilen,
400 GFP_KERNEL);
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500401 if (!ses->auth_key.response) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500402 cifs_dbg(VFS, "Challenge target info alloc failure");
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500403 return -ENOMEM;
404 }
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500405 ses->auth_key.len = tilen;
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500406 }
407
Steve French0b3cc8582009-05-04 08:37:12 +0000408 return 0;
409}
410
Steve French0b3cc8582009-05-04 08:37:12 +0000411/* BB Move to ntlmssp.c eventually */
412
413/* We do not malloc the blob, it is passed in pbuffer, because
414 it is fixed size, and small, making this approach cleaner */
Pavel Shilovsky5478f9b2011-12-27 16:22:00 +0400415void build_ntlmssp_negotiate_blob(unsigned char *pbuffer,
Steve French96daf2b2011-05-27 04:34:02 +0000416 struct cifs_ses *ses)
Steve French0b3cc8582009-05-04 08:37:12 +0000417{
418 NEGOTIATE_MESSAGE *sec_blob = (NEGOTIATE_MESSAGE *)pbuffer;
419 __u32 flags;
420
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600421 memset(pbuffer, 0, sizeof(NEGOTIATE_MESSAGE));
Steve French0b3cc8582009-05-04 08:37:12 +0000422 memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8);
423 sec_blob->MessageType = NtLmNegotiate;
424
425 /* BB is NTLMV2 session security format easier to use here? */
426 flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET |
427 NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600428 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;
Jeff Layton38d77c52013-05-26 07:01:00 -0400429 if (ses->server->sign) {
Steve French745e5072010-09-08 21:09:27 +0000430 flags |= NTLMSSP_NEGOTIATE_SIGN;
Shirish Pargaonkard2b91522010-10-21 14:25:08 -0500431 if (!ses->server->session_estab)
Shirish Pargaonkar62411ab2011-07-10 06:55:32 -0500432 flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
Shirish Pargaonkard2b91522010-10-21 14:25:08 -0500433 }
Steve French0b3cc8582009-05-04 08:37:12 +0000434
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600435 sec_blob->NegotiateFlags = cpu_to_le32(flags);
Steve French0b3cc8582009-05-04 08:37:12 +0000436
437 sec_blob->WorkstationName.BufferOffset = 0;
438 sec_blob->WorkstationName.Length = 0;
439 sec_blob->WorkstationName.MaximumLength = 0;
440
441 /* Domain name is sent on the Challenge not Negotiate NTLMSSP request */
442 sec_blob->DomainName.BufferOffset = 0;
443 sec_blob->DomainName.Length = 0;
444 sec_blob->DomainName.MaximumLength = 0;
445}
446
447/* We do not malloc the blob, it is passed in pbuffer, because its
448 maximum possible size is fixed and small, making this approach cleaner.
449 This function returns the length of the data in the blob */
Pavel Shilovsky5478f9b2011-12-27 16:22:00 +0400450int build_ntlmssp_auth_blob(unsigned char *pbuffer,
Shirish Pargaonkar89f150f2010-10-19 11:47:52 -0500451 u16 *buflen,
Steve French96daf2b2011-05-27 04:34:02 +0000452 struct cifs_ses *ses,
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500453 const struct nls_table *nls_cp)
Steve French0b3cc8582009-05-04 08:37:12 +0000454{
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500455 int rc;
Steve French0b3cc8582009-05-04 08:37:12 +0000456 AUTHENTICATE_MESSAGE *sec_blob = (AUTHENTICATE_MESSAGE *)pbuffer;
457 __u32 flags;
458 unsigned char *tmp;
Steve French0b3cc8582009-05-04 08:37:12 +0000459
460 memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8);
461 sec_blob->MessageType = NtLmAuthenticate;
462
463 flags = NTLMSSP_NEGOTIATE_56 |
464 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO |
465 NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600466 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;
Jeff Layton38d77c52013-05-26 07:01:00 -0400467 if (ses->server->sign) {
Steve French0b3cc8582009-05-04 08:37:12 +0000468 flags |= NTLMSSP_NEGOTIATE_SIGN;
Shirish Pargaonkar62411ab2011-07-10 06:55:32 -0500469 if (!ses->server->session_estab)
470 flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
471 }
Steve French0b3cc8582009-05-04 08:37:12 +0000472
473 tmp = pbuffer + sizeof(AUTHENTICATE_MESSAGE);
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600474 sec_blob->NegotiateFlags = cpu_to_le32(flags);
Steve French0b3cc8582009-05-04 08:37:12 +0000475
476 sec_blob->LmChallengeResponse.BufferOffset =
477 cpu_to_le32(sizeof(AUTHENTICATE_MESSAGE));
478 sec_blob->LmChallengeResponse.Length = 0;
479 sec_blob->LmChallengeResponse.MaximumLength = 0;
480
Steve Frenchc8e56f12010-09-08 21:10:58 +0000481 sec_blob->NtChallengeResponse.BufferOffset = cpu_to_le32(tmp - pbuffer);
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500482 rc = setup_ntlmv2_rsp(ses, nls_cp);
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500483 if (rc) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500484 cifs_dbg(VFS, "Error %d during NTLMSSP authentication\n", rc);
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500485 goto setup_ntlmv2_ret;
486 }
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500487 memcpy(tmp, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
488 ses->auth_key.len - CIFS_SESS_KEY_SIZE);
489 tmp += ses->auth_key.len - CIFS_SESS_KEY_SIZE;
Steve Frenchc8e56f12010-09-08 21:10:58 +0000490
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500491 sec_blob->NtChallengeResponse.Length =
492 cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500493 sec_blob->NtChallengeResponse.MaximumLength =
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500494 cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
Steve French0b3cc8582009-05-04 08:37:12 +0000495
496 if (ses->domainName == NULL) {
497 sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - pbuffer);
498 sec_blob->DomainName.Length = 0;
499 sec_blob->DomainName.MaximumLength = 0;
500 tmp += 2;
501 } else {
502 int len;
Steve Frenchacbbb762012-01-18 22:32:33 -0600503 len = cifs_strtoUTF16((__le16 *)tmp, ses->domainName,
Scott Lovenberg8c3a2b42013-08-09 08:47:17 -0400504 CIFS_MAX_USERNAME_LEN, nls_cp);
Steve French0b3cc8582009-05-04 08:37:12 +0000505 len *= 2; /* unicode is 2 bytes each */
Steve French0b3cc8582009-05-04 08:37:12 +0000506 sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - pbuffer);
507 sec_blob->DomainName.Length = cpu_to_le16(len);
508 sec_blob->DomainName.MaximumLength = cpu_to_le16(len);
509 tmp += len;
510 }
511
Steve French8727c8a2011-02-25 01:11:56 -0600512 if (ses->user_name == NULL) {
Steve French0b3cc8582009-05-04 08:37:12 +0000513 sec_blob->UserName.BufferOffset = cpu_to_le32(tmp - pbuffer);
514 sec_blob->UserName.Length = 0;
515 sec_blob->UserName.MaximumLength = 0;
516 tmp += 2;
517 } else {
518 int len;
Steve Frenchacbbb762012-01-18 22:32:33 -0600519 len = cifs_strtoUTF16((__le16 *)tmp, ses->user_name,
Scott Lovenberg8c3a2b42013-08-09 08:47:17 -0400520 CIFS_MAX_USERNAME_LEN, nls_cp);
Steve French0b3cc8582009-05-04 08:37:12 +0000521 len *= 2; /* unicode is 2 bytes each */
Steve French0b3cc8582009-05-04 08:37:12 +0000522 sec_blob->UserName.BufferOffset = cpu_to_le32(tmp - pbuffer);
523 sec_blob->UserName.Length = cpu_to_le16(len);
524 sec_blob->UserName.MaximumLength = cpu_to_le16(len);
525 tmp += len;
526 }
527
528 sec_blob->WorkstationName.BufferOffset = cpu_to_le32(tmp - pbuffer);
529 sec_blob->WorkstationName.Length = 0;
530 sec_blob->WorkstationName.MaximumLength = 0;
531 tmp += 2;
532
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600533 if (((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) ||
534 (ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
535 && !calc_seckey(ses)) {
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500536 memcpy(tmp, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE);
Shirish Pargaonkard2b91522010-10-21 14:25:08 -0500537 sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);
538 sec_blob->SessionKey.Length = cpu_to_le16(CIFS_CPHTXT_SIZE);
539 sec_blob->SessionKey.MaximumLength =
540 cpu_to_le16(CIFS_CPHTXT_SIZE);
541 tmp += CIFS_CPHTXT_SIZE;
542 } else {
543 sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);
544 sec_blob->SessionKey.Length = 0;
545 sec_blob->SessionKey.MaximumLength = 0;
546 }
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500547
548setup_ntlmv2_ret:
Shirish Pargaonkar89f150f2010-10-19 11:47:52 -0500549 *buflen = tmp - pbuffer;
550 return rc;
Steve French0b3cc8582009-05-04 08:37:12 +0000551}
Steve French0b3cc8582009-05-04 08:37:12 +0000552
Jeff Layton3f618222013-06-12 19:52:14 -0500553enum securityEnum
554select_sectype(struct TCP_Server_Info *server, enum securityEnum requested)
555{
556 switch (server->negflavor) {
557 case CIFS_NEGFLAVOR_EXTENDED:
558 switch (requested) {
559 case Kerberos:
560 case RawNTLMSSP:
561 return requested;
562 case Unspecified:
563 if (server->sec_ntlmssp &&
564 (global_secflags & CIFSSEC_MAY_NTLMSSP))
565 return RawNTLMSSP;
566 if ((server->sec_kerberos || server->sec_mskerberos) &&
567 (global_secflags & CIFSSEC_MAY_KRB5))
568 return Kerberos;
569 /* Fallthrough */
570 default:
571 return Unspecified;
572 }
573 case CIFS_NEGFLAVOR_UNENCAP:
574 switch (requested) {
575 case NTLM:
576 case NTLMv2:
577 return requested;
578 case Unspecified:
579 if (global_secflags & CIFSSEC_MAY_NTLMV2)
580 return NTLMv2;
581 if (global_secflags & CIFSSEC_MAY_NTLM)
582 return NTLM;
583 /* Fallthrough */
584 default:
585 return Unspecified;
586 }
587 case CIFS_NEGFLAVOR_LANMAN:
588 switch (requested) {
589 case LANMAN:
590 return requested;
591 case Unspecified:
592 if (global_secflags & CIFSSEC_MAY_LANMAN)
593 return LANMAN;
594 /* Fallthrough */
595 default:
596 return Unspecified;
597 }
598 default:
599 return Unspecified;
600 }
601}
602
Steve French790fe572007-07-07 19:25:05 +0000603int
Pavel Shilovsky58c45c52012-05-25 10:54:49 +0400604CIFS_SessSetup(const unsigned int xid, struct cifs_ses *ses,
Jeff Laytonebe6aa52010-04-24 07:57:47 -0400605 const struct nls_table *nls_cp)
Steve French39798772006-05-31 22:40:51 +0000606{
607 int rc = 0;
608 int wct;
Steve French39798772006-05-31 22:40:51 +0000609 struct smb_hdr *smb_buf;
610 char *bcc_ptr;
Steve French750d1152006-06-27 06:28:30 +0000611 char *str_area;
Steve French39798772006-05-31 22:40:51 +0000612 SESSION_SETUP_ANDX *pSMB;
613 __u32 capabilities;
Jeff Layton690c5222011-01-20 13:36:51 -0500614 __u16 count;
Steve French24424212007-11-16 23:37:35 +0000615 int resp_buf_type;
616 struct kvec iov[3];
Steve French39798772006-05-31 22:40:51 +0000617 enum securityEnum type;
Jeff Layton690c5222011-01-20 13:36:51 -0500618 __u16 action, bytes_remaining;
Steve French24424212007-11-16 23:37:35 +0000619 struct key *spnego_key = NULL;
Steve French0b3cc8582009-05-04 08:37:12 +0000620 __le32 phase = NtLmNegotiate; /* NTLMSSP, if needed, is multistage */
Shirish Pargaonkar89f150f2010-10-19 11:47:52 -0500621 u16 blob_len;
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500622 char *ntlmsspblob = NULL;
Steve French254e55e2006-06-04 05:53:15 +0000623
Jeff Layton3534b852013-05-24 07:41:01 -0400624 if (ses == NULL) {
625 WARN(1, "%s: ses == NULL!", __func__);
Steve French39798772006-05-31 22:40:51 +0000626 return -EINVAL;
Jeff Layton3534b852013-05-24 07:41:01 -0400627 }
Steve French39798772006-05-31 22:40:51 +0000628
Jeff Layton3f618222013-06-12 19:52:14 -0500629 type = select_sectype(ses->server, ses->sectype);
Joe Perchesf96637b2013-05-04 22:12:25 -0500630 cifs_dbg(FYI, "sess setup type %d\n", type);
Jeff Layton3f618222013-06-12 19:52:14 -0500631 if (type == Unspecified) {
Shirish Pargaonkard4e63bd2013-08-29 08:35:09 -0500632 cifs_dbg(VFS,
633 "Unable to select appropriate authentication method!");
Jeff Layton3f618222013-06-12 19:52:14 -0500634 return -EINVAL;
635 }
636
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500637 if (type == RawNTLMSSP) {
638 /* if memory allocation is successful, caller of this function
639 * frees it.
640 */
641 ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL);
642 if (!ses->ntlmssp)
643 return -ENOMEM;
644 }
645
Steve French0b3cc8582009-05-04 08:37:12 +0000646ssetup_ntlmssp_authenticate:
647 if (phase == NtLmChallenge)
648 phase = NtLmAuthenticate; /* if ntlmssp, now final phase */
649
Steve French790fe572007-07-07 19:25:05 +0000650 if (type == LANMAN) {
Steve French39798772006-05-31 22:40:51 +0000651#ifndef CONFIG_CIFS_WEAK_PW_HASH
652 /* LANMAN and plaintext are less secure and off by default.
653 So we make this explicitly be turned on in kconfig (in the
654 build) and turned on at runtime (changed from the default)
655 in proc/fs/cifs or via mount parm. Unfortunately this is
656 needed for old Win (e.g. Win95), some obscure NAS and OS/2 */
657 return -EOPNOTSUPP;
658#endif
659 wct = 10; /* lanman 2 style sessionsetup */
Steve French790fe572007-07-07 19:25:05 +0000660 } else if ((type == NTLM) || (type == NTLMv2)) {
Steve French9312f672006-06-04 22:21:07 +0000661 /* For NTLMv2 failures eventually may need to retry NTLM */
Steve French39798772006-05-31 22:40:51 +0000662 wct = 13; /* old style NTLM sessionsetup */
Steve French790fe572007-07-07 19:25:05 +0000663 } else /* same size: negotiate or auth, NTLMSSP or extended security */
Steve French39798772006-05-31 22:40:51 +0000664 wct = 12;
665
666 rc = small_smb_init_no_tc(SMB_COM_SESSION_SETUP_ANDX, wct, ses,
667 (void **)&smb_buf);
Steve French790fe572007-07-07 19:25:05 +0000668 if (rc)
Steve French39798772006-05-31 22:40:51 +0000669 return rc;
670
671 pSMB = (SESSION_SETUP_ANDX *)smb_buf;
672
673 capabilities = cifs_ssetup_hdr(ses, pSMB);
Steve French750d1152006-06-27 06:28:30 +0000674
Steve French24424212007-11-16 23:37:35 +0000675 /* we will send the SMB in three pieces:
676 a fixed length beginning part, an optional
677 SPNEGO blob (which can be zero length), and a
678 last part which will include the strings
679 and rest of bcc area. This allows us to avoid
680 a large buffer 17K allocation */
Steve French790fe572007-07-07 19:25:05 +0000681 iov[0].iov_base = (char *)pSMB;
Steve Frenchbe8e3b02011-04-29 05:40:20 +0000682 iov[0].iov_len = be32_to_cpu(smb_buf->smb_buf_length) + 4;
Steve French750d1152006-06-27 06:28:30 +0000683
Steve French24424212007-11-16 23:37:35 +0000684 /* setting this here allows the code at the end of the function
685 to free the request buffer if there's an error */
686 resp_buf_type = CIFS_SMALL_BUFFER;
687
Steve French750d1152006-06-27 06:28:30 +0000688 /* 2000 big enough to fit max user, domain, NOS name etc. */
689 str_area = kmalloc(2000, GFP_KERNEL);
Cyrill Gorcunov5e6e6232007-08-18 00:15:20 +0000690 if (str_area == NULL) {
Steve French24424212007-11-16 23:37:35 +0000691 rc = -ENOMEM;
692 goto ssetup_exit;
Cyrill Gorcunov5e6e6232007-08-18 00:15:20 +0000693 }
Steve French750d1152006-06-27 06:28:30 +0000694 bcc_ptr = str_area;
Steve French39798772006-05-31 22:40:51 +0000695
Steve French24424212007-11-16 23:37:35 +0000696 iov[1].iov_base = NULL;
697 iov[1].iov_len = 0;
698
Steve French790fe572007-07-07 19:25:05 +0000699 if (type == LANMAN) {
Steve French39798772006-05-31 22:40:51 +0000700#ifdef CONFIG_CIFS_WEAK_PW_HASH
Shirish Pargaonkar5e640922011-02-17 14:38:31 -0600701 char lnm_session_key[CIFS_AUTH_RESP_SIZE];
Steve French39798772006-05-31 22:40:51 +0000702
Steve Frenchc76da9d2008-08-28 15:32:22 +0000703 pSMB->req.hdr.Flags2 &= ~SMBFLG2_UNICODE;
704
Steve French39798772006-05-31 22:40:51 +0000705 /* no capabilities flags in old lanman negotiation */
706
Shirish Pargaonkar5e640922011-02-17 14:38:31 -0600707 pSMB->old_req.PasswordLength = cpu_to_le16(CIFS_AUTH_RESP_SIZE);
Steve French39798772006-05-31 22:40:51 +0000708
Shirish Pargaonkard3ba50b2010-10-27 15:20:36 -0500709 /* Calculate hash with password and copy into bcc_ptr.
710 * Encryption Key (stored as in cryptkey) gets used if the
711 * security mode bit in Negottiate Protocol response states
712 * to use challenge/response method (i.e. Password bit is 1).
713 */
714
Steve French43988d72011-04-19 18:23:31 +0000715 rc = calc_lanman_hash(ses->password, ses->server->cryptkey,
Steve French96daf2b2011-05-27 04:34:02 +0000716 ses->server->sec_mode & SECMODE_PW_ENCRYPT ?
Jeff Layton4e53a3f2008-12-05 20:41:21 -0500717 true : false, lnm_session_key);
718
Shirish Pargaonkar5e640922011-02-17 14:38:31 -0600719 memcpy(bcc_ptr, (char *)lnm_session_key, CIFS_AUTH_RESP_SIZE);
720 bcc_ptr += CIFS_AUTH_RESP_SIZE;
Steve French39798772006-05-31 22:40:51 +0000721
722 /* can not sign if LANMAN negotiated so no need
723 to calculate signing key? but what if server
724 changed to do higher than lanman dialect and
725 we reconnected would we ever calc signing_key? */
726
Joe Perchesf96637b2013-05-04 22:12:25 -0500727 cifs_dbg(FYI, "Negotiating LANMAN setting up strings\n");
Steve French39798772006-05-31 22:40:51 +0000728 /* Unicode not allowed for LANMAN dialects */
729 ascii_ssetup_strings(&bcc_ptr, ses, nls_cp);
Steve French790fe572007-07-07 19:25:05 +0000730#endif
Steve French39798772006-05-31 22:40:51 +0000731 } else if (type == NTLM) {
Steve French39798772006-05-31 22:40:51 +0000732 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
733 pSMB->req_no_secext.CaseInsensitivePasswordLength =
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500734 cpu_to_le16(CIFS_AUTH_RESP_SIZE);
Steve French39798772006-05-31 22:40:51 +0000735 pSMB->req_no_secext.CaseSensitivePasswordLength =
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500736 cpu_to_le16(CIFS_AUTH_RESP_SIZE);
Steve French50c2f752007-07-13 00:33:32 +0000737
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500738 /* calculate ntlm response and session key */
Shirish Pargaonkar9ef59922011-10-20 13:21:59 -0500739 rc = setup_ntlm_response(ses, nls_cp);
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500740 if (rc) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500741 cifs_dbg(VFS, "Error %d during NTLM authentication\n",
742 rc);
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500743 goto ssetup_exit;
744 }
Steve French39798772006-05-31 22:40:51 +0000745
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500746 /* copy ntlm response */
747 memcpy(bcc_ptr, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
748 CIFS_AUTH_RESP_SIZE);
749 bcc_ptr += CIFS_AUTH_RESP_SIZE;
750 memcpy(bcc_ptr, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
751 CIFS_AUTH_RESP_SIZE);
752 bcc_ptr += CIFS_AUTH_RESP_SIZE;
753
Steve French790fe572007-07-07 19:25:05 +0000754 if (ses->capabilities & CAP_UNICODE) {
Steve French0223cf02006-06-27 19:50:57 +0000755 /* unicode strings must be word aligned */
756 if (iov[0].iov_len % 2) {
757 *bcc_ptr = 0;
Steve French790fe572007-07-07 19:25:05 +0000758 bcc_ptr++;
759 }
Steve French7c7b25b2006-06-01 19:20:10 +0000760 unicode_ssetup_strings(&bcc_ptr, ses, nls_cp);
Steve French0223cf02006-06-27 19:50:57 +0000761 } else
Steve French7c7b25b2006-06-01 19:20:10 +0000762 ascii_ssetup_strings(&bcc_ptr, ses, nls_cp);
763 } else if (type == NTLMv2) {
Steve French7c7b25b2006-06-01 19:20:10 +0000764 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
765
766 /* LM2 password would be here if we supported it */
767 pSMB->req_no_secext.CaseInsensitivePasswordLength = 0;
Steve French7c7b25b2006-06-01 19:20:10 +0000768
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500769 /* calculate nlmv2 response and session key */
770 rc = setup_ntlmv2_rsp(ses, nls_cp);
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500771 if (rc) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500772 cifs_dbg(VFS, "Error %d during NTLMv2 authentication\n",
773 rc);
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500774 goto ssetup_exit;
775 }
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500776 memcpy(bcc_ptr, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
777 ses->auth_key.len - CIFS_SESS_KEY_SIZE);
778 bcc_ptr += ses->auth_key.len - CIFS_SESS_KEY_SIZE;
779
Shirish Pargaonkarc9928f72010-10-04 19:56:13 -0500780 /* set case sensitive password length after tilen may get
781 * assigned, tilen is 0 otherwise.
782 */
783 pSMB->req_no_secext.CaseSensitivePasswordLength =
Shirish Pargaonkarf7c54452010-10-26 18:10:24 -0500784 cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
Shirish Pargaonkarc9928f72010-10-04 19:56:13 -0500785
Steve French790fe572007-07-07 19:25:05 +0000786 if (ses->capabilities & CAP_UNICODE) {
787 if (iov[0].iov_len % 2) {
Steve French0223cf02006-06-27 19:50:57 +0000788 *bcc_ptr = 0;
Steve French26f57362007-08-30 22:09:15 +0000789 bcc_ptr++;
790 }
Steve French39798772006-05-31 22:40:51 +0000791 unicode_ssetup_strings(&bcc_ptr, ses, nls_cp);
Steve French0223cf02006-06-27 19:50:57 +0000792 } else
Steve French39798772006-05-31 22:40:51 +0000793 ascii_ssetup_strings(&bcc_ptr, ses, nls_cp);
Jeff Layton26efa0b2010-04-24 07:57:49 -0400794 } else if (type == Kerberos) {
Steve French24424212007-11-16 23:37:35 +0000795#ifdef CONFIG_CIFS_UPCALL
796 struct cifs_spnego_msg *msg;
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500797
Steve French24424212007-11-16 23:37:35 +0000798 spnego_key = cifs_get_spnego_key(ses);
799 if (IS_ERR(spnego_key)) {
800 rc = PTR_ERR(spnego_key);
801 spnego_key = NULL;
802 goto ssetup_exit;
803 }
804
805 msg = spnego_key->payload.data;
Steve French6ce5eec2008-08-26 00:37:14 +0000806 /* check version field to make sure that cifs.upcall is
807 sending us a response in an expected form */
808 if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500809 cifs_dbg(VFS, "incorrect version of cifs.upcall "
810 "expected %d but got %d)",
Joe Perchesb6b38f72010-04-21 03:50:45 +0000811 CIFS_SPNEGO_UPCALL_VERSION, msg->version);
Steve French6ce5eec2008-08-26 00:37:14 +0000812 rc = -EKEYREJECTED;
813 goto ssetup_exit;
814 }
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500815
Silviu-Mihai Popescuf7f7c182013-03-11 18:22:32 +0200816 ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len,
817 GFP_KERNEL);
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500818 if (!ses->auth_key.response) {
Shirish Pargaonkard4e63bd2013-08-29 08:35:09 -0500819 cifs_dbg(VFS,
820 "Kerberos can't allocate (%u bytes) memory",
821 msg->sesskey_len);
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500822 rc = -ENOMEM;
Steve French24424212007-11-16 23:37:35 +0000823 goto ssetup_exit;
824 }
Shirish Pargaonkar5d0d2882010-10-13 18:15:00 -0500825 ses->auth_key.len = msg->sesskey_len;
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500826
Steve French39798772006-05-31 22:40:51 +0000827 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
828 capabilities |= CAP_EXTENDED_SECURITY;
829 pSMB->req.Capabilities = cpu_to_le32(capabilities);
Steve French24424212007-11-16 23:37:35 +0000830 iov[1].iov_base = msg->data + msg->sesskey_len;
831 iov[1].iov_len = msg->secblob_len;
832 pSMB->req.SecurityBlobLength = cpu_to_le16(iov[1].iov_len);
833
834 if (ses->capabilities & CAP_UNICODE) {
835 /* unicode strings must be word aligned */
Jeff Layton28c5a022007-12-31 04:56:21 +0000836 if ((iov[0].iov_len + iov[1].iov_len) % 2) {
Steve French24424212007-11-16 23:37:35 +0000837 *bcc_ptr = 0;
838 bcc_ptr++;
839 }
840 unicode_oslm_strings(&bcc_ptr, nls_cp);
841 unicode_domain_string(&bcc_ptr, ses, nls_cp);
842 } else
843 /* BB: is this right? */
844 ascii_ssetup_strings(&bcc_ptr, ses, nls_cp);
845#else /* ! CONFIG_CIFS_UPCALL */
Joe Perchesf96637b2013-05-04 22:12:25 -0500846 cifs_dbg(VFS, "Kerberos negotiated but upcall support disabled!\n");
Steve French24424212007-11-16 23:37:35 +0000847 rc = -ENOSYS;
848 goto ssetup_exit;
849#endif /* CONFIG_CIFS_UPCALL */
Jeff Laytonb4d6fcf2011-01-07 11:30:28 -0500850 } else if (type == RawNTLMSSP) {
851 if ((pSMB->req.hdr.Flags2 & SMBFLG2_UNICODE) == 0) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500852 cifs_dbg(VFS, "NTLMSSP requires Unicode support\n");
Steve French0b3cc8582009-05-04 08:37:12 +0000853 rc = -ENOSYS;
854 goto ssetup_exit;
855 }
Jeff Laytonb4d6fcf2011-01-07 11:30:28 -0500856
Joe Perchesf96637b2013-05-04 22:12:25 -0500857 cifs_dbg(FYI, "ntlmssp session setup phase %d\n", phase);
Jeff Laytonb4d6fcf2011-01-07 11:30:28 -0500858 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
859 capabilities |= CAP_EXTENDED_SECURITY;
860 pSMB->req.Capabilities |= cpu_to_le32(capabilities);
861 switch(phase) {
862 case NtLmNegotiate:
863 build_ntlmssp_negotiate_blob(
864 pSMB->req.SecurityBlob, ses);
865 iov[1].iov_len = sizeof(NEGOTIATE_MESSAGE);
866 iov[1].iov_base = pSMB->req.SecurityBlob;
867 pSMB->req.SecurityBlobLength =
868 cpu_to_le16(sizeof(NEGOTIATE_MESSAGE));
869 break;
870 case NtLmAuthenticate:
871 /*
872 * 5 is an empirical value, large enough to hold
873 * authenticate message plus max 10 of av paris,
874 * domain, user, workstation names, flags, etc.
875 */
876 ntlmsspblob = kzalloc(
877 5*sizeof(struct _AUTHENTICATE_MESSAGE),
878 GFP_KERNEL);
879 if (!ntlmsspblob) {
Jeff Laytonb4d6fcf2011-01-07 11:30:28 -0500880 rc = -ENOMEM;
881 goto ssetup_exit;
882 }
883
884 rc = build_ntlmssp_auth_blob(ntlmsspblob,
885 &blob_len, ses, nls_cp);
886 if (rc)
887 goto ssetup_exit;
888 iov[1].iov_len = blob_len;
889 iov[1].iov_base = ntlmsspblob;
890 pSMB->req.SecurityBlobLength = cpu_to_le16(blob_len);
891 /*
892 * Make sure that we tell the server that we are using
893 * the uid that it just gave us back on the response
894 * (challenge)
895 */
896 smb_buf->Uid = ses->Suid;
897 break;
898 default:
Joe Perchesf96637b2013-05-04 22:12:25 -0500899 cifs_dbg(VFS, "invalid phase %d\n", phase);
Jeff Laytonb4d6fcf2011-01-07 11:30:28 -0500900 rc = -ENOSYS;
901 goto ssetup_exit;
902 }
903 /* unicode strings must be word aligned */
904 if ((iov[0].iov_len + iov[1].iov_len) % 2) {
905 *bcc_ptr = 0;
906 bcc_ptr++;
907 }
908 unicode_oslm_strings(&bcc_ptr, nls_cp);
909 } else {
Joe Perchesf96637b2013-05-04 22:12:25 -0500910 cifs_dbg(VFS, "secType %d not supported!\n", type);
Steve French24424212007-11-16 23:37:35 +0000911 rc = -ENOSYS;
912 goto ssetup_exit;
Steve French39798772006-05-31 22:40:51 +0000913 }
914
Steve French24424212007-11-16 23:37:35 +0000915 iov[2].iov_base = str_area;
916 iov[2].iov_len = (long) bcc_ptr - (long) str_area;
917
918 count = iov[1].iov_len + iov[2].iov_len;
Steve Frenchbe8e3b02011-04-29 05:40:20 +0000919 smb_buf->smb_buf_length =
920 cpu_to_be32(be32_to_cpu(smb_buf->smb_buf_length) + count);
Steve French39798772006-05-31 22:40:51 +0000921
Jeff Layton820a8032011-05-04 08:05:26 -0400922 put_bcc(count, smb_buf);
Steve French39798772006-05-31 22:40:51 +0000923
Steve French24424212007-11-16 23:37:35 +0000924 rc = SendReceive2(xid, ses, iov, 3 /* num_iovecs */, &resp_buf_type,
Jeff Layton77499812011-01-11 07:24:23 -0500925 CIFS_LOG_ERROR);
Steve French39798772006-05-31 22:40:51 +0000926 /* SMB request buf freed in SendReceive2 */
927
Steve French39798772006-05-31 22:40:51 +0000928 pSMB = (SESSION_SETUP_ANDX *)iov[0].iov_base;
929 smb_buf = (struct smb_hdr *)iov[0].iov_base;
930
Pavel Shilovskyf065fd02012-09-25 11:00:08 +0400931 if ((type == RawNTLMSSP) && (resp_buf_type != CIFS_NO_BUFFER) &&
932 (smb_buf->Status.CifsError ==
Steve French0b3cc8582009-05-04 08:37:12 +0000933 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))) {
934 if (phase != NtLmNegotiate) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500935 cifs_dbg(VFS, "Unexpected more processing error\n");
Steve French0b3cc8582009-05-04 08:37:12 +0000936 goto ssetup_exit;
937 }
938 /* NTLMSSP Negotiate sent now processing challenge (response) */
939 phase = NtLmChallenge; /* process ntlmssp challenge */
940 rc = 0; /* MORE_PROC rc is not an error here, but expected */
941 }
942 if (rc)
943 goto ssetup_exit;
944
Steve French790fe572007-07-07 19:25:05 +0000945 if ((smb_buf->WordCount != 3) && (smb_buf->WordCount != 4)) {
Steve French39798772006-05-31 22:40:51 +0000946 rc = -EIO;
Joe Perchesf96637b2013-05-04 22:12:25 -0500947 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount);
Steve French39798772006-05-31 22:40:51 +0000948 goto ssetup_exit;
949 }
950 action = le16_to_cpu(pSMB->resp.Action);
951 if (action & GUEST_LOGIN)
Joe Perchesf96637b2013-05-04 22:12:25 -0500952 cifs_dbg(FYI, "Guest login\n"); /* BB mark SesInfo struct? */
Steve French39798772006-05-31 22:40:51 +0000953 ses->Suid = smb_buf->Uid; /* UID left in wire format (le) */
Joe Perchesf96637b2013-05-04 22:12:25 -0500954 cifs_dbg(FYI, "UID = %llu\n", ses->Suid);
Steve French39798772006-05-31 22:40:51 +0000955 /* response can have either 3 or 4 word count - Samba sends 3 */
956 /* and lanman response is 3 */
Jeff Layton690c5222011-01-20 13:36:51 -0500957 bytes_remaining = get_bcc(smb_buf);
Steve French39798772006-05-31 22:40:51 +0000958 bcc_ptr = pByteArea(smb_buf);
959
Steve French790fe572007-07-07 19:25:05 +0000960 if (smb_buf->WordCount == 4) {
Steve French39798772006-05-31 22:40:51 +0000961 blob_len = le16_to_cpu(pSMB->resp.SecurityBlobLength);
Steve French790fe572007-07-07 19:25:05 +0000962 if (blob_len > bytes_remaining) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500963 cifs_dbg(VFS, "bad security blob length %d\n",
964 blob_len);
Steve French39798772006-05-31 22:40:51 +0000965 rc = -EINVAL;
966 goto ssetup_exit;
967 }
Steve French0b3cc8582009-05-04 08:37:12 +0000968 if (phase == NtLmChallenge) {
969 rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
970 /* now goto beginning for ntlmssp authenticate phase */
971 if (rc)
972 goto ssetup_exit;
973 }
974 bcc_ptr += blob_len;
Steve French39798772006-05-31 22:40:51 +0000975 bytes_remaining -= blob_len;
Steve French790fe572007-07-07 19:25:05 +0000976 }
Steve French39798772006-05-31 22:40:51 +0000977
978 /* BB check if Unicode and decode strings */
Jeff Laytonfcda7f42011-04-27 13:25:51 -0400979 if (bytes_remaining == 0) {
980 /* no string area to decode, do nothing */
981 } else if (smb_buf->Flags2 & SMBFLG2_UNICODE) {
Jeff Layton27b87fe2009-04-14 11:00:53 -0400982 /* unicode string area must be word-aligned */
983 if (((unsigned long) bcc_ptr - (unsigned long) smb_buf) % 2) {
984 ++bcc_ptr;
985 --bytes_remaining;
986 }
Jeff Layton59140792009-04-30 07:16:21 -0400987 decode_unicode_ssetup(&bcc_ptr, bytes_remaining, ses, nls_cp);
Jeff Layton27b87fe2009-04-14 11:00:53 -0400988 } else {
Jeff Layton7d066452013-05-24 07:41:00 -0400989 decode_ascii_ssetup(&bcc_ptr, bytes_remaining, ses, nls_cp);
Jeff Layton27b87fe2009-04-14 11:00:53 -0400990 }
Steve French50c2f752007-07-13 00:33:32 +0000991
Steve French39798772006-05-31 22:40:51 +0000992ssetup_exit:
Jeff Laytondfd15c42008-09-24 11:32:59 -0400993 if (spnego_key) {
Jeff Layton00401ff2012-07-23 13:14:28 -0400994 key_invalidate(spnego_key);
Steve French24424212007-11-16 23:37:35 +0000995 key_put(spnego_key);
Jeff Laytondfd15c42008-09-24 11:32:59 -0400996 }
Steve French750d1152006-06-27 06:28:30 +0000997 kfree(str_area);
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500998 kfree(ntlmsspblob);
999 ntlmsspblob = NULL;
Steve French790fe572007-07-07 19:25:05 +00001000 if (resp_buf_type == CIFS_SMALL_BUFFER) {
Joe Perchesf96637b2013-05-04 22:12:25 -05001001 cifs_dbg(FYI, "ssetup freeing small buf %p\n", iov[0].iov_base);
Steve French39798772006-05-31 22:40:51 +00001002 cifs_small_buf_release(iov[0].iov_base);
Steve French790fe572007-07-07 19:25:05 +00001003 } else if (resp_buf_type == CIFS_LARGE_BUFFER)
Steve French39798772006-05-31 22:40:51 +00001004 cifs_buf_release(iov[0].iov_base);
1005
Steve French0b3cc8582009-05-04 08:37:12 +00001006 /* if ntlmssp, and negotiate succeeded, proceed to authenticate phase */
1007 if ((phase == NtLmChallenge) && (rc == 0))
1008 goto ssetup_ntlmssp_authenticate;
1009
Shirish Pargaonkard4e63bd2013-08-29 08:35:09 -05001010 if (!rc) {
1011 mutex_lock(&ses->server->srv_mutex);
1012 if (!ses->server->session_estab) {
1013 if (ses->server->sign) {
1014 ses->server->session_key.response =
1015 kmemdup(ses->auth_key.response,
1016 ses->auth_key.len, GFP_KERNEL);
1017 if (!ses->server->session_key.response) {
1018 rc = -ENOMEM;
1019 mutex_unlock(&ses->server->srv_mutex);
1020 goto keycp_exit;
1021 }
1022 ses->server->session_key.len =
1023 ses->auth_key.len;
1024 }
1025 ses->server->sequence_number = 0x2;
1026 ses->server->session_estab = true;
1027 }
1028 mutex_unlock(&ses->server->srv_mutex);
1029
1030 cifs_dbg(FYI, "CIFS session established successfully\n");
1031 spin_lock(&GlobalMid_Lock);
1032 ses->status = CifsGood;
1033 ses->need_reconnect = false;
1034 spin_unlock(&GlobalMid_Lock);
1035 }
1036
1037keycp_exit:
1038 kfree(ses->auth_key.response);
1039 ses->auth_key.response = NULL;
1040 kfree(ses->ntlmssp);
1041
Steve French39798772006-05-31 22:40:51 +00001042 return rc;
1043}