Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 27b7edcf1ce03a3eddda24d4d271a9b29572a78b / . / fs / cifs / sess.c
blob: 3a5e83317683d1c16156c4511ab7657940b48d97 [file] [log] [blame]
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]1/*
2 * fs/cifs/sess.c
3 *
4 * SMB/CIFS session setup handling routines
5 *
Steve Frenchd185cda2009-04-30 17:45:10 +0000[diff] [blame]6 * Copyright (c) International Business Machines Corp., 2006, 2009
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]7 * Author(s): Steve French (sfrench@us.ibm.com)
8 *
9 * This library is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Lesser General Public License as published
11 * by the Free Software Foundation; either version 2.1 of the License, or
12 * (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
17 * the GNU Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public License
20 * along with this library; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 */
23
24#include "cifspdu.h"
25#include "cifsglob.h"
26#include "cifsproto.h"
27#include "cifs_unicode.h"
28#include "cifs_debug.h"
29#include "ntlmssp.h"
30#include "nterr.h"
Steve French9c535882006-06-01 05:09:10 +0000[diff] [blame]31#include <linux/utsname.h>
Tejun Heo5a0e3ad2010-03-24 17:04:11 +0900[diff] [blame]32#include <linux/slab.h>
Steve French24424212007-11-16 23:37:35 +0000[diff] [blame]33#include "cifs_spnego.h"
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]34
Steve French96daf2b2011-05-27 04:34:02 +0000[diff] [blame]35static __u32 cifs_ssetup_hdr(struct cifs_ses *ses, SESSION_SETUP_ANDX *pSMB)
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]36{
37 __u32 capabilities = 0;
38
39 /* init fields common to all four types of SessSetup */
Steve Frencheca6acf2009-02-20 05:43:09 +0000[diff] [blame]40 /* Note that offsets for first seven fields in req struct are same */
41 /* in CIFS Specs so does not matter which of 3 forms of struct */
42 /* that we use in next few lines */
43 /* Note that header is initialized to zero in header_assemble */
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]44 pSMB->req.AndXCommand = 0xFF;
Jeff Laytonc974bef2011-10-11 06:41:32 -0400[diff] [blame]45 pSMB->req.MaxBufferSize = cpu_to_le16(min_t(u32,
46 CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4,
47 USHRT_MAX));
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]48 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
Jeff Layton9ae6cf62013-09-16 11:23:45 -0400[diff] [blame]49 pSMB->req.VcNumber = __constant_cpu_to_le16(1);
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]50
51 /* Now no need to set SMBFLG_CASELESS or obsolete CANONICAL PATH */
52
Steve French790fe572007-07-07 19:25:05 +0000[diff] [blame]53 /* BB verify whether signing required on neg or just on auth frame
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]54 (and NTLM case) */
55
56 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
57 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
58
Jeff Layton38d77c52013-05-26 07:01:00 -0400[diff] [blame]59 if (ses->server->sign)
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]60 pSMB->req.hdr.Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
61
62 if (ses->capabilities & CAP_UNICODE) {
63 pSMB->req.hdr.Flags2 |= SMBFLG2_UNICODE;
64 capabilities |= CAP_UNICODE;
65 }
66 if (ses->capabilities & CAP_STATUS32) {
67 pSMB->req.hdr.Flags2 |= SMBFLG2_ERR_STATUS;
68 capabilities |= CAP_STATUS32;
69 }
70 if (ses->capabilities & CAP_DFS) {
71 pSMB->req.hdr.Flags2 |= SMBFLG2_DFS;
72 capabilities |= CAP_DFS;
73 }
Steve French26f57362007-08-30 22:09:15 +0000[diff] [blame]74 if (ses->capabilities & CAP_UNIX)
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]75 capabilities |= CAP_UNIX;
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]76
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]77 return capabilities;
78}
79
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000[diff] [blame]80static void
81unicode_oslm_strings(char **pbcc_area, const struct nls_table *nls_cp)
82{
83 char *bcc_ptr = *pbcc_area;
84 int bytes_ret = 0;
85
86 /* Copy OS version */
Steve Frenchacbbb762012-01-18 22:32:33 -0600[diff] [blame]87 bytes_ret = cifs_strtoUTF16((__le16 *)bcc_ptr, "Linux version ", 32,
88 nls_cp);
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000[diff] [blame]89 bcc_ptr += 2 * bytes_ret;
Steve Frenchacbbb762012-01-18 22:32:33 -0600[diff] [blame]90 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, init_utsname()->release,
91 32, nls_cp);
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000[diff] [blame]92 bcc_ptr += 2 * bytes_ret;
93 bcc_ptr += 2; /* trailing null */
94
Steve Frenchacbbb762012-01-18 22:32:33 -0600[diff] [blame]95 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
96 32, nls_cp);
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000[diff] [blame]97 bcc_ptr += 2 * bytes_ret;
98 bcc_ptr += 2; /* trailing null */
99
100 *pbcc_area = bcc_ptr;
101}
102
Steve French96daf2b2011-05-27 04:34:02 +0000[diff] [blame]103static void unicode_domain_string(char **pbcc_area, struct cifs_ses *ses,
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000[diff] [blame]104 const struct nls_table *nls_cp)
105{
106 char *bcc_ptr = *pbcc_area;
107 int bytes_ret = 0;
108
109 /* copy domain */
110 if (ses->domainName == NULL) {
111 /* Sending null domain better than using a bogus domain name (as
112 we did briefly in 2.6.18) since server will use its default */
113 *bcc_ptr = 0;
114 *(bcc_ptr+1) = 0;
115 bytes_ret = 0;
116 } else
Steve Frenchacbbb762012-01-18 22:32:33 -0600[diff] [blame]117 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, ses->domainName,
Chen Gang057d6332013-07-19 09:01:36 +0800[diff] [blame]118 CIFS_MAX_DOMAINNAME_LEN, nls_cp);
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000[diff] [blame]119 bcc_ptr += 2 * bytes_ret;
120 bcc_ptr += 2; /* account for null terminator */
121
122 *pbcc_area = bcc_ptr;
123}
124
125
Steve French96daf2b2011-05-27 04:34:02 +0000[diff] [blame]126static void unicode_ssetup_strings(char **pbcc_area, struct cifs_ses *ses,
Steve French790fe572007-07-07 19:25:05 +0000[diff] [blame]127 const struct nls_table *nls_cp)
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]128{
Steve French790fe572007-07-07 19:25:05 +0000[diff] [blame]129 char *bcc_ptr = *pbcc_area;
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]130 int bytes_ret = 0;
131
132 /* BB FIXME add check that strings total less
133 than 335 or will need to send them as arrays */
134
Steve French0223cf02006-06-27 19:50:57 +0000[diff] [blame]135 /* unicode strings, must be word aligned before the call */
136/* if ((long) bcc_ptr % 2) {
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]137 *bcc_ptr = 0;
138 bcc_ptr++;
Steve French0223cf02006-06-27 19:50:57 +0000[diff] [blame]139 } */
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]140 /* copy user */
Steve French8727c8a2011-02-25 01:11:56 -0600[diff] [blame]141 if (ses->user_name == NULL) {
Steve French6e659c62006-11-08 23:10:46 +0000[diff] [blame]142 /* null user mount */
143 *bcc_ptr = 0;
144 *(bcc_ptr+1) = 0;
Steve French301a6a32010-02-06 07:08:53 +0000[diff] [blame]145 } else {
Steve Frenchacbbb762012-01-18 22:32:33 -0600[diff] [blame]146 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, ses->user_name,
Scott Lovenberg8c3a2b42013-08-09 08:47:17 -0400[diff] [blame]147 CIFS_MAX_USERNAME_LEN, nls_cp);
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]148 }
149 bcc_ptr += 2 * bytes_ret;
150 bcc_ptr += 2; /* account for null termination */
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]151
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000[diff] [blame]152 unicode_domain_string(&bcc_ptr, ses, nls_cp);
153 unicode_oslm_strings(&bcc_ptr, nls_cp);
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]154
155 *pbcc_area = bcc_ptr;
156}
157
Steve French96daf2b2011-05-27 04:34:02 +0000[diff] [blame]158static void ascii_ssetup_strings(char **pbcc_area, struct cifs_ses *ses,
Steve French790fe572007-07-07 19:25:05 +0000[diff] [blame]159 const struct nls_table *nls_cp)
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]160{
Steve French790fe572007-07-07 19:25:05 +0000[diff] [blame]161 char *bcc_ptr = *pbcc_area;
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]162
163 /* copy user */
164 /* BB what about null user mounts - check that we do this BB */
Steve French790fe572007-07-07 19:25:05 +0000[diff] [blame]165 /* copy user */
Shirish Pargaonkarde47a412012-02-02 15:28:28 -0600[diff] [blame]166 if (ses->user_name != NULL) {
Scott Lovenberg8c3a2b42013-08-09 08:47:17 -0400[diff] [blame]167 strncpy(bcc_ptr, ses->user_name, CIFS_MAX_USERNAME_LEN);
168 bcc_ptr += strnlen(ses->user_name, CIFS_MAX_USERNAME_LEN);
Shirish Pargaonkarde47a412012-02-02 15:28:28 -0600[diff] [blame]169 }
Steve French8727c8a2011-02-25 01:11:56 -0600[diff] [blame]170 /* else null user mount */
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]171 *bcc_ptr = 0;
Steve French790fe572007-07-07 19:25:05 +0000[diff] [blame]172 bcc_ptr++; /* account for null termination */
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]173
Steve French790fe572007-07-07 19:25:05 +0000[diff] [blame]174 /* copy domain */
Steve French790fe572007-07-07 19:25:05 +0000[diff] [blame]175 if (ses->domainName != NULL) {
Chen Gang057d6332013-07-19 09:01:36 +0800[diff] [blame]176 strncpy(bcc_ptr, ses->domainName, CIFS_MAX_DOMAINNAME_LEN);
177 bcc_ptr += strnlen(ses->domainName, CIFS_MAX_DOMAINNAME_LEN);
Steve French790fe572007-07-07 19:25:05 +0000[diff] [blame]178 } /* else we will send a null domain name
Steve French6e659c62006-11-08 23:10:46 +0000[diff] [blame]179 so the server will default to its own domain */
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]180 *bcc_ptr = 0;
181 bcc_ptr++;
182
183 /* BB check for overflow here */
184
185 strcpy(bcc_ptr, "Linux version ");
186 bcc_ptr += strlen("Linux version ");
Serge E. Hallyn96b644b2006-10-02 02:18:13 -0700[diff] [blame]187 strcpy(bcc_ptr, init_utsname()->release);
188 bcc_ptr += strlen(init_utsname()->release) + 1;
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]189
190 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
191 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
192
Steve French790fe572007-07-07 19:25:05 +0000[diff] [blame]193 *pbcc_area = bcc_ptr;
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]194}
195
Jeff Layton59140792009-04-30 07:16:21 -0400[diff] [blame]196static void
Steve French96daf2b2011-05-27 04:34:02 +0000[diff] [blame]197decode_unicode_ssetup(char **pbcc_area, int bleft, struct cifs_ses *ses,
Jeff Layton59140792009-04-30 07:16:21 -0400[diff] [blame]198 const struct nls_table *nls_cp)
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]199{
Jeff Layton59140792009-04-30 07:16:21 -0400[diff] [blame]200 int len;
Steve French790fe572007-07-07 19:25:05 +0000[diff] [blame]201 char *data = *pbcc_area;
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]202
Joe Perchesf96637b2013-05-04 22:12:25 -0500[diff] [blame]203 cifs_dbg(FYI, "bleft %d\n", bleft);
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]204
Steve French26f57362007-08-30 22:09:15 +0000[diff] [blame]205 kfree(ses->serverOS);
Steve Frenchacbbb762012-01-18 22:32:33 -0600[diff] [blame]206 ses->serverOS = cifs_strndup_from_utf16(data, bleft, true, nls_cp);
Joe Perchesf96637b2013-05-04 22:12:25 -0500[diff] [blame]207 cifs_dbg(FYI, "serverOS=%s\n", ses->serverOS);
Jeff Layton59140792009-04-30 07:16:21 -0400[diff] [blame]208 len = (UniStrnlen((wchar_t *) data, bleft / 2) * 2) + 2;
209 data += len;
210 bleft -= len;
211 if (bleft <= 0)
212 return;
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]213
Steve French26f57362007-08-30 22:09:15 +0000[diff] [blame]214 kfree(ses->serverNOS);
Steve Frenchacbbb762012-01-18 22:32:33 -0600[diff] [blame]215 ses->serverNOS = cifs_strndup_from_utf16(data, bleft, true, nls_cp);
Joe Perchesf96637b2013-05-04 22:12:25 -0500[diff] [blame]216 cifs_dbg(FYI, "serverNOS=%s\n", ses->serverNOS);
Jeff Layton59140792009-04-30 07:16:21 -0400[diff] [blame]217 len = (UniStrnlen((wchar_t *) data, bleft / 2) * 2) + 2;
218 data += len;
219 bleft -= len;
220 if (bleft <= 0)
221 return;
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]222
Steve French26f57362007-08-30 22:09:15 +0000[diff] [blame]223 kfree(ses->serverDomain);
Steve Frenchacbbb762012-01-18 22:32:33 -0600[diff] [blame]224 ses->serverDomain = cifs_strndup_from_utf16(data, bleft, true, nls_cp);
Joe Perchesf96637b2013-05-04 22:12:25 -0500[diff] [blame]225 cifs_dbg(FYI, "serverDomain=%s\n", ses->serverDomain);
Steve French790fe572007-07-07 19:25:05 +0000[diff] [blame]226
Jeff Layton59140792009-04-30 07:16:21 -0400[diff] [blame]227 return;
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]228}
229
Jeff Layton7d066452013-05-24 07:41:00 -0400[diff] [blame]230static void decode_ascii_ssetup(char **pbcc_area, __u16 bleft,
231 struct cifs_ses *ses,
232 const struct nls_table *nls_cp)
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]233{
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]234 int len;
Steve French790fe572007-07-07 19:25:05 +0000[diff] [blame]235 char *bcc_ptr = *pbcc_area;
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]236
Joe Perchesf96637b2013-05-04 22:12:25 -0500[diff] [blame]237 cifs_dbg(FYI, "decode sessetup ascii. bleft %d\n", bleft);
Steve French50c2f752007-07-13 00:33:32 +0000[diff] [blame]238
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]239 len = strnlen(bcc_ptr, bleft);
Steve French790fe572007-07-07 19:25:05 +0000[diff] [blame]240 if (len >= bleft)
Jeff Layton7d066452013-05-24 07:41:00 -0400[diff] [blame]241 return;
Steve French50c2f752007-07-13 00:33:32 +0000[diff] [blame]242
Steve French26f57362007-08-30 22:09:15 +0000[diff] [blame]243 kfree(ses->serverOS);
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]244
245 ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
Namjae Jeon27b7edc2014-08-20 19:39:28 +0900[diff] [blame^]246 if (ses->serverOS) {
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]247 strncpy(ses->serverOS, bcc_ptr, len);
Namjae Jeon27b7edc2014-08-20 19:39:28 +0900[diff] [blame^]248 if (strncmp(ses->serverOS, "OS/2", 4) == 0)
249 cifs_dbg(FYI, "OS/2 server\n");
250 }
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]251
252 bcc_ptr += len + 1;
253 bleft -= len + 1;
254
255 len = strnlen(bcc_ptr, bleft);
Steve French790fe572007-07-07 19:25:05 +0000[diff] [blame]256 if (len >= bleft)
Jeff Layton7d066452013-05-24 07:41:00 -0400[diff] [blame]257 return;
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]258
Steve French26f57362007-08-30 22:09:15 +0000[diff] [blame]259 kfree(ses->serverNOS);
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]260
261 ses->serverNOS = kzalloc(len + 1, GFP_KERNEL);
Steve French790fe572007-07-07 19:25:05 +0000[diff] [blame]262 if (ses->serverNOS)
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]263 strncpy(ses->serverNOS, bcc_ptr, len);
264
265 bcc_ptr += len + 1;
266 bleft -= len + 1;
267
Steve French790fe572007-07-07 19:25:05 +0000[diff] [blame]268 len = strnlen(bcc_ptr, bleft);
269 if (len > bleft)
Jeff Layton7d066452013-05-24 07:41:00 -0400[diff] [blame]270 return;
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]271
Steve French9ac00b72006-09-30 04:13:17 +0000[diff] [blame]272 /* No domain field in LANMAN case. Domain is
273 returned by old servers in the SMB negprot response */
274 /* BB For newer servers which do not support Unicode,
275 but thus do return domain here we could add parsing
276 for it later, but it is not very important */
Joe Perchesf96637b2013-05-04 22:12:25 -0500[diff] [blame]277 cifs_dbg(FYI, "ascii: bytes left %d\n", bleft);
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]278}
279
Pavel Shilovsky5478f9b2011-12-27 16:22:00 +0400[diff] [blame]280int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len,
Steve French96daf2b2011-05-27 04:34:02 +0000[diff] [blame]281 struct cifs_ses *ses)
Steve French0b3cc8582009-05-04 08:37:12 +0000[diff] [blame]282{
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500[diff] [blame]283 unsigned int tioffset; /* challenge message target info area */
284 unsigned int tilen; /* challenge message target info area length */
285
Steve French0b3cc8582009-05-04 08:37:12 +0000[diff] [blame]286 CHALLENGE_MESSAGE *pblob = (CHALLENGE_MESSAGE *)bcc_ptr;
287
288 if (blob_len < sizeof(CHALLENGE_MESSAGE)) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500[diff] [blame]289 cifs_dbg(VFS, "challenge blob len %d too small\n", blob_len);
Steve French0b3cc8582009-05-04 08:37:12 +0000[diff] [blame]290 return -EINVAL;
291 }
292
293 if (memcmp(pblob->Signature, "NTLMSSP", 8)) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500[diff] [blame]294 cifs_dbg(VFS, "blob signature incorrect %s\n",
295 pblob->Signature);
Steve French0b3cc8582009-05-04 08:37:12 +0000[diff] [blame]296 return -EINVAL;
297 }
298 if (pblob->MessageType != NtLmChallenge) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500[diff] [blame]299 cifs_dbg(VFS, "Incorrect message type %d\n",
300 pblob->MessageType);
Steve French0b3cc8582009-05-04 08:37:12 +0000[diff] [blame]301 return -EINVAL;
302 }
303
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500[diff] [blame]304 memcpy(ses->ntlmssp->cryptkey, pblob->Challenge, CIFS_CRYPTO_KEY_SIZE);
Steve French0b3cc8582009-05-04 08:37:12 +0000[diff] [blame]305 /* BB we could decode pblob->NegotiateFlags; some may be useful */
306 /* In particular we can examine sign flags */
307 /* BB spec says that if AvId field of MsvAvTimestamp is populated then
308 we must set the MIC field of the AUTHENTICATE_MESSAGE */
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500[diff] [blame]309 ses->ntlmssp->server_flags = le32_to_cpu(pblob->NegotiateFlags);
Steve French5443d132011-03-13 05:08:25 +0000[diff] [blame]310 tioffset = le32_to_cpu(pblob->TargetInfoArray.BufferOffset);
311 tilen = le16_to_cpu(pblob->TargetInfoArray.Length);
Dan Carpenter4991a5f2012-01-31 11:52:01 +0300[diff] [blame]312 if (tioffset > blob_len || tioffset + tilen > blob_len) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500[diff] [blame]313 cifs_dbg(VFS, "tioffset + tilen too high %u + %u",
314 tioffset, tilen);
Dan Carpenter4991a5f2012-01-31 11:52:01 +0300[diff] [blame]315 return -EINVAL;
316 }
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500[diff] [blame]317 if (tilen) {
Silviu-Mihai Popescuf7f7c182013-03-11 18:22:32 +0200[diff] [blame]318 ses->auth_key.response = kmemdup(bcc_ptr + tioffset, tilen,
319 GFP_KERNEL);
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500[diff] [blame]320 if (!ses->auth_key.response) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500[diff] [blame]321 cifs_dbg(VFS, "Challenge target info alloc failure");
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500[diff] [blame]322 return -ENOMEM;
323 }
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500[diff] [blame]324 ses->auth_key.len = tilen;
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500[diff] [blame]325 }
326
Steve French0b3cc8582009-05-04 08:37:12 +0000[diff] [blame]327 return 0;
328}
329
Steve French0b3cc8582009-05-04 08:37:12 +0000[diff] [blame]330/* BB Move to ntlmssp.c eventually */
331
332/* We do not malloc the blob, it is passed in pbuffer, because
333 it is fixed size, and small, making this approach cleaner */
Pavel Shilovsky5478f9b2011-12-27 16:22:00 +0400[diff] [blame]334void build_ntlmssp_negotiate_blob(unsigned char *pbuffer,
Steve French96daf2b2011-05-27 04:34:02 +0000[diff] [blame]335 struct cifs_ses *ses)
Steve French0b3cc8582009-05-04 08:37:12 +0000[diff] [blame]336{
337 NEGOTIATE_MESSAGE *sec_blob = (NEGOTIATE_MESSAGE *)pbuffer;
338 __u32 flags;
339
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600[diff] [blame]340 memset(pbuffer, 0, sizeof(NEGOTIATE_MESSAGE));
Steve French0b3cc8582009-05-04 08:37:12 +0000[diff] [blame]341 memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8);
342 sec_blob->MessageType = NtLmNegotiate;
343
344 /* BB is NTLMV2 session security format easier to use here? */
345 flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET |
346 NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600[diff] [blame]347 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;
Jeff Layton38d77c52013-05-26 07:01:00 -0400[diff] [blame]348 if (ses->server->sign) {
Steve French745e5072010-09-08 21:09:27 +0000[diff] [blame]349 flags |= NTLMSSP_NEGOTIATE_SIGN;
Shirish Pargaonkar5c234aa2013-08-29 08:35:10 -0500[diff] [blame]350 if (!ses->server->session_estab ||
351 ses->ntlmssp->sesskey_per_smbsess)
Shirish Pargaonkar62411ab2011-07-10 06:55:32 -0500[diff] [blame]352 flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
Shirish Pargaonkard2b91522010-10-21 14:25:08 -0500[diff] [blame]353 }
Steve French0b3cc8582009-05-04 08:37:12 +0000[diff] [blame]354
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600[diff] [blame]355 sec_blob->NegotiateFlags = cpu_to_le32(flags);
Steve French0b3cc8582009-05-04 08:37:12 +0000[diff] [blame]356
357 sec_blob->WorkstationName.BufferOffset = 0;
358 sec_blob->WorkstationName.Length = 0;
359 sec_blob->WorkstationName.MaximumLength = 0;
360
361 /* Domain name is sent on the Challenge not Negotiate NTLMSSP request */
362 sec_blob->DomainName.BufferOffset = 0;
363 sec_blob->DomainName.Length = 0;
364 sec_blob->DomainName.MaximumLength = 0;
365}
366
367/* We do not malloc the blob, it is passed in pbuffer, because its
368 maximum possible size is fixed and small, making this approach cleaner.
369 This function returns the length of the data in the blob */
Pavel Shilovsky5478f9b2011-12-27 16:22:00 +0400[diff] [blame]370int build_ntlmssp_auth_blob(unsigned char *pbuffer,
Shirish Pargaonkar89f150f2010-10-19 11:47:52 -0500[diff] [blame]371 u16 *buflen,
Steve French96daf2b2011-05-27 04:34:02 +0000[diff] [blame]372 struct cifs_ses *ses,
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500[diff] [blame]373 const struct nls_table *nls_cp)
Steve French0b3cc8582009-05-04 08:37:12 +0000[diff] [blame]374{
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500[diff] [blame]375 int rc;
Steve French0b3cc8582009-05-04 08:37:12 +0000[diff] [blame]376 AUTHENTICATE_MESSAGE *sec_blob = (AUTHENTICATE_MESSAGE *)pbuffer;
377 __u32 flags;
378 unsigned char *tmp;
Steve French0b3cc8582009-05-04 08:37:12 +0000[diff] [blame]379
380 memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8);
381 sec_blob->MessageType = NtLmAuthenticate;
382
383 flags = NTLMSSP_NEGOTIATE_56 |
384 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO |
385 NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600[diff] [blame]386 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;
Jeff Layton38d77c52013-05-26 07:01:00 -0400[diff] [blame]387 if (ses->server->sign) {
Steve French0b3cc8582009-05-04 08:37:12 +0000[diff] [blame]388 flags |= NTLMSSP_NEGOTIATE_SIGN;
Shirish Pargaonkar5c234aa2013-08-29 08:35:10 -0500[diff] [blame]389 if (!ses->server->session_estab ||
390 ses->ntlmssp->sesskey_per_smbsess)
Shirish Pargaonkar62411ab2011-07-10 06:55:32 -0500[diff] [blame]391 flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
392 }
Steve French0b3cc8582009-05-04 08:37:12 +0000[diff] [blame]393
394 tmp = pbuffer + sizeof(AUTHENTICATE_MESSAGE);
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600[diff] [blame]395 sec_blob->NegotiateFlags = cpu_to_le32(flags);
Steve French0b3cc8582009-05-04 08:37:12 +0000[diff] [blame]396
397 sec_blob->LmChallengeResponse.BufferOffset =
398 cpu_to_le32(sizeof(AUTHENTICATE_MESSAGE));
399 sec_blob->LmChallengeResponse.Length = 0;
400 sec_blob->LmChallengeResponse.MaximumLength = 0;
401
Steve Frenchc8e56f12010-09-08 21:10:58 +0000[diff] [blame]402 sec_blob->NtChallengeResponse.BufferOffset = cpu_to_le32(tmp - pbuffer);
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500[diff] [blame]403 rc = setup_ntlmv2_rsp(ses, nls_cp);
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500[diff] [blame]404 if (rc) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500[diff] [blame]405 cifs_dbg(VFS, "Error %d during NTLMSSP authentication\n", rc);
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500[diff] [blame]406 goto setup_ntlmv2_ret;
407 }
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500[diff] [blame]408 memcpy(tmp, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
409 ses->auth_key.len - CIFS_SESS_KEY_SIZE);
410 tmp += ses->auth_key.len - CIFS_SESS_KEY_SIZE;
Steve Frenchc8e56f12010-09-08 21:10:58 +0000[diff] [blame]411
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500[diff] [blame]412 sec_blob->NtChallengeResponse.Length =
413 cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500[diff] [blame]414 sec_blob->NtChallengeResponse.MaximumLength =
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500[diff] [blame]415 cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
Steve French0b3cc8582009-05-04 08:37:12 +0000[diff] [blame]416
417 if (ses->domainName == NULL) {
418 sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - pbuffer);
419 sec_blob->DomainName.Length = 0;
420 sec_blob->DomainName.MaximumLength = 0;
421 tmp += 2;
422 } else {
423 int len;
Steve Frenchacbbb762012-01-18 22:32:33 -0600[diff] [blame]424 len = cifs_strtoUTF16((__le16 *)tmp, ses->domainName,
Scott Lovenberg8c3a2b42013-08-09 08:47:17 -0400[diff] [blame]425 CIFS_MAX_USERNAME_LEN, nls_cp);
Steve French0b3cc8582009-05-04 08:37:12 +0000[diff] [blame]426 len *= 2; /* unicode is 2 bytes each */
Steve French0b3cc8582009-05-04 08:37:12 +0000[diff] [blame]427 sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - pbuffer);
428 sec_blob->DomainName.Length = cpu_to_le16(len);
429 sec_blob->DomainName.MaximumLength = cpu_to_le16(len);
430 tmp += len;
431 }
432
Steve French8727c8a2011-02-25 01:11:56 -0600[diff] [blame]433 if (ses->user_name == NULL) {
Steve French0b3cc8582009-05-04 08:37:12 +0000[diff] [blame]434 sec_blob->UserName.BufferOffset = cpu_to_le32(tmp - pbuffer);
435 sec_blob->UserName.Length = 0;
436 sec_blob->UserName.MaximumLength = 0;
437 tmp += 2;
438 } else {
439 int len;
Steve Frenchacbbb762012-01-18 22:32:33 -0600[diff] [blame]440 len = cifs_strtoUTF16((__le16 *)tmp, ses->user_name,
Scott Lovenberg8c3a2b42013-08-09 08:47:17 -0400[diff] [blame]441 CIFS_MAX_USERNAME_LEN, nls_cp);
Steve French0b3cc8582009-05-04 08:37:12 +0000[diff] [blame]442 len *= 2; /* unicode is 2 bytes each */
Steve French0b3cc8582009-05-04 08:37:12 +0000[diff] [blame]443 sec_blob->UserName.BufferOffset = cpu_to_le32(tmp - pbuffer);
444 sec_blob->UserName.Length = cpu_to_le16(len);
445 sec_blob->UserName.MaximumLength = cpu_to_le16(len);
446 tmp += len;
447 }
448
449 sec_blob->WorkstationName.BufferOffset = cpu_to_le32(tmp - pbuffer);
450 sec_blob->WorkstationName.Length = 0;
451 sec_blob->WorkstationName.MaximumLength = 0;
452 tmp += 2;
453
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600[diff] [blame]454 if (((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) ||
455 (ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
456 && !calc_seckey(ses)) {
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500[diff] [blame]457 memcpy(tmp, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE);
Shirish Pargaonkard2b91522010-10-21 14:25:08 -0500[diff] [blame]458 sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);
459 sec_blob->SessionKey.Length = cpu_to_le16(CIFS_CPHTXT_SIZE);
460 sec_blob->SessionKey.MaximumLength =
461 cpu_to_le16(CIFS_CPHTXT_SIZE);
462 tmp += CIFS_CPHTXT_SIZE;
463 } else {
464 sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);
465 sec_blob->SessionKey.Length = 0;
466 sec_blob->SessionKey.MaximumLength = 0;
467 }
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500[diff] [blame]468
469setup_ntlmv2_ret:
Shirish Pargaonkar89f150f2010-10-19 11:47:52 -0500[diff] [blame]470 *buflen = tmp - pbuffer;
471 return rc;
Steve French0b3cc8582009-05-04 08:37:12 +0000[diff] [blame]472}
Steve French0b3cc8582009-05-04 08:37:12 +0000[diff] [blame]473
Jeff Layton3f618222013-06-12 19:52:14 -0500[diff] [blame]474enum securityEnum
475select_sectype(struct TCP_Server_Info *server, enum securityEnum requested)
476{
477 switch (server->negflavor) {
478 case CIFS_NEGFLAVOR_EXTENDED:
479 switch (requested) {
480 case Kerberos:
481 case RawNTLMSSP:
482 return requested;
483 case Unspecified:
484 if (server->sec_ntlmssp &&
485 (global_secflags & CIFSSEC_MAY_NTLMSSP))
486 return RawNTLMSSP;
487 if ((server->sec_kerberos || server->sec_mskerberos) &&
488 (global_secflags & CIFSSEC_MAY_KRB5))
489 return Kerberos;
490 /* Fallthrough */
491 default:
492 return Unspecified;
493 }
494 case CIFS_NEGFLAVOR_UNENCAP:
495 switch (requested) {
496 case NTLM:
497 case NTLMv2:
498 return requested;
499 case Unspecified:
500 if (global_secflags & CIFSSEC_MAY_NTLMV2)
501 return NTLMv2;
502 if (global_secflags & CIFSSEC_MAY_NTLM)
503 return NTLM;
Jeff Layton3f618222013-06-12 19:52:14 -0500[diff] [blame]504 default:
Sachin Prabhudde23562013-09-27 18:35:42 +0100[diff] [blame]505 /* Fallthrough to attempt LANMAN authentication next */
506 break;
Jeff Layton3f618222013-06-12 19:52:14 -0500[diff] [blame]507 }
508 case CIFS_NEGFLAVOR_LANMAN:
509 switch (requested) {
510 case LANMAN:
511 return requested;
512 case Unspecified:
513 if (global_secflags & CIFSSEC_MAY_LANMAN)
514 return LANMAN;
515 /* Fallthrough */
516 default:
517 return Unspecified;
518 }
519 default:
520 return Unspecified;
521 }
522}
523
Sachin Prabhu80a0e632014-06-16 15:35:25 +0100[diff] [blame]524struct sess_data {
525 unsigned int xid;
526 struct cifs_ses *ses;
527 struct nls_table *nls_cp;
528 void (*func)(struct sess_data *);
529 int result;
530
531 /* we will send the SMB in three pieces:
532 * a fixed length beginning part, an optional
533 * SPNEGO blob (which can be zero length), and a
534 * last part which will include the strings
535 * and rest of bcc area. This allows us to avoid
536 * a large buffer 17K allocation
537 */
538 int buf0_type;
539 struct kvec iov[3];
540};
541
542static int
543sess_alloc_buffer(struct sess_data *sess_data, int wct)
544{
545 int rc;
546 struct cifs_ses *ses = sess_data->ses;
547 struct smb_hdr *smb_buf;
548
549 rc = small_smb_init_no_tc(SMB_COM_SESSION_SETUP_ANDX, wct, ses,
550 (void **)&smb_buf);
551
552 if (rc)
553 return rc;
554
555 sess_data->iov[0].iov_base = (char *)smb_buf;
556 sess_data->iov[0].iov_len = be32_to_cpu(smb_buf->smb_buf_length) + 4;
557 /*
558 * This variable will be used to clear the buffer
559 * allocated above in case of any error in the calling function.
560 */
561 sess_data->buf0_type = CIFS_SMALL_BUFFER;
562
563 /* 2000 big enough to fit max user, domain, NOS name etc. */
564 sess_data->iov[2].iov_base = kmalloc(2000, GFP_KERNEL);
565 if (!sess_data->iov[2].iov_base) {
566 rc = -ENOMEM;
567 goto out_free_smb_buf;
568 }
569
570 return 0;
571
572out_free_smb_buf:
573 kfree(smb_buf);
574 sess_data->iov[0].iov_base = NULL;
575 sess_data->iov[0].iov_len = 0;
576 sess_data->buf0_type = CIFS_NO_BUFFER;
577 return rc;
578}
579
580static void
581sess_free_buffer(struct sess_data *sess_data)
582{
583
584 free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
585 sess_data->buf0_type = CIFS_NO_BUFFER;
586 kfree(sess_data->iov[2].iov_base);
587}
588
589static int
590sess_establish_session(struct sess_data *sess_data)
591{
592 struct cifs_ses *ses = sess_data->ses;
593
594 mutex_lock(&ses->server->srv_mutex);
595 if (!ses->server->session_estab) {
596 if (ses->server->sign) {
597 ses->server->session_key.response =
598 kmemdup(ses->auth_key.response,
599 ses->auth_key.len, GFP_KERNEL);
600 if (!ses->server->session_key.response) {
601 mutex_unlock(&ses->server->srv_mutex);
602 return -ENOMEM;
603 }
604 ses->server->session_key.len =
605 ses->auth_key.len;
606 }
607 ses->server->sequence_number = 0x2;
608 ses->server->session_estab = true;
609 }
610 mutex_unlock(&ses->server->srv_mutex);
611
612 cifs_dbg(FYI, "CIFS session established successfully\n");
613 spin_lock(&GlobalMid_Lock);
614 ses->status = CifsGood;
615 ses->need_reconnect = false;
616 spin_unlock(&GlobalMid_Lock);
617
618 return 0;
619}
620
621static int
622sess_sendreceive(struct sess_data *sess_data)
623{
624 int rc;
625 struct smb_hdr *smb_buf = (struct smb_hdr *) sess_data->iov[0].iov_base;
626 __u16 count;
627
628 count = sess_data->iov[1].iov_len + sess_data->iov[2].iov_len;
629 smb_buf->smb_buf_length =
630 cpu_to_be32(be32_to_cpu(smb_buf->smb_buf_length) + count);
631 put_bcc(count, smb_buf);
632
633 rc = SendReceive2(sess_data->xid, sess_data->ses,
634 sess_data->iov, 3 /* num_iovecs */,
635 &sess_data->buf0_type,
636 CIFS_LOG_ERROR);
637
638 return rc;
639}
640
641/*
642 * LANMAN and plaintext are less secure and off by default.
643 * So we make this explicitly be turned on in kconfig (in the
644 * build) and turned on at runtime (changed from the default)
645 * in proc/fs/cifs or via mount parm. Unfortunately this is
646 * needed for old Win (e.g. Win95), some obscure NAS and OS/2
647 */
648#ifdef CONFIG_CIFS_WEAK_PW_HASH
649static void
650sess_auth_lanman(struct sess_data *sess_data)
651{
652 int rc = 0;
653 struct smb_hdr *smb_buf;
654 SESSION_SETUP_ANDX *pSMB;
655 char *bcc_ptr;
656 struct cifs_ses *ses = sess_data->ses;
657 char lnm_session_key[CIFS_AUTH_RESP_SIZE];
658 __u32 capabilities;
659 __u16 bytes_remaining;
660
661 /* lanman 2 style sessionsetup */
662 /* wct = 10 */
663 rc = sess_alloc_buffer(sess_data, 10);
664 if (rc)
665 goto out;
666
667 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
668 bcc_ptr = sess_data->iov[2].iov_base;
669 capabilities = cifs_ssetup_hdr(ses, pSMB);
670
671 pSMB->req.hdr.Flags2 &= ~SMBFLG2_UNICODE;
672
673 /* no capabilities flags in old lanman negotiation */
674 pSMB->old_req.PasswordLength = cpu_to_le16(CIFS_AUTH_RESP_SIZE);
675
676 /* Calculate hash with password and copy into bcc_ptr.
677 * Encryption Key (stored as in cryptkey) gets used if the
678 * security mode bit in Negottiate Protocol response states
679 * to use challenge/response method (i.e. Password bit is 1).
680 */
681 rc = calc_lanman_hash(ses->password, ses->server->cryptkey,
682 ses->server->sec_mode & SECMODE_PW_ENCRYPT ?
683 true : false, lnm_session_key);
684
685 memcpy(bcc_ptr, (char *)lnm_session_key, CIFS_AUTH_RESP_SIZE);
686 bcc_ptr += CIFS_AUTH_RESP_SIZE;
687
688 /*
689 * can not sign if LANMAN negotiated so no need
690 * to calculate signing key? but what if server
691 * changed to do higher than lanman dialect and
692 * we reconnected would we ever calc signing_key?
693 */
694
695 cifs_dbg(FYI, "Negotiating LANMAN setting up strings\n");
696 /* Unicode not allowed for LANMAN dialects */
697 ascii_ssetup_strings(&bcc_ptr, ses, sess_data->nls_cp);
698
699 sess_data->iov[2].iov_len = (long) bcc_ptr -
700 (long) sess_data->iov[2].iov_base;
701
702 rc = sess_sendreceive(sess_data);
703 if (rc)
704 goto out;
705
706 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
707 smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base;
708
709 /* lanman response has a word count of 3 */
710 if (smb_buf->WordCount != 3) {
711 rc = -EIO;
712 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount);
713 goto out;
714 }
715
716 if (le16_to_cpu(pSMB->resp.Action) & GUEST_LOGIN)
717 cifs_dbg(FYI, "Guest login\n"); /* BB mark SesInfo struct? */
718
719 ses->Suid = smb_buf->Uid; /* UID left in wire format (le) */
720 cifs_dbg(FYI, "UID = %llu\n", ses->Suid);
721
722 bytes_remaining = get_bcc(smb_buf);
723 bcc_ptr = pByteArea(smb_buf);
724
725 /* BB check if Unicode and decode strings */
726 if (bytes_remaining == 0) {
727 /* no string area to decode, do nothing */
728 } else if (smb_buf->Flags2 & SMBFLG2_UNICODE) {
729 /* unicode string area must be word-aligned */
730 if (((unsigned long) bcc_ptr - (unsigned long) smb_buf) % 2) {
731 ++bcc_ptr;
732 --bytes_remaining;
733 }
734 decode_unicode_ssetup(&bcc_ptr, bytes_remaining, ses,
735 sess_data->nls_cp);
736 } else {
737 decode_ascii_ssetup(&bcc_ptr, bytes_remaining, ses,
738 sess_data->nls_cp);
739 }
740
741 rc = sess_establish_session(sess_data);
742out:
743 sess_data->result = rc;
744 sess_data->func = NULL;
745 sess_free_buffer(sess_data);
746}
747
748#else
749
750static void
751sess_auth_lanman(struct sess_data *sess_data)
752{
753 sess_data->result = -EOPNOTSUPP;
754 sess_data->func = NULL;
755}
756#endif
757
Sachin Prabhu583cf7a2014-06-16 15:35:26 +0100[diff] [blame]758static void
759sess_auth_ntlm(struct sess_data *sess_data)
760{
761 int rc = 0;
762 struct smb_hdr *smb_buf;
763 SESSION_SETUP_ANDX *pSMB;
764 char *bcc_ptr;
765 struct cifs_ses *ses = sess_data->ses;
766 __u32 capabilities;
767 __u16 bytes_remaining;
768
769 /* old style NTLM sessionsetup */
770 /* wct = 13 */
771 rc = sess_alloc_buffer(sess_data, 13);
772 if (rc)
773 goto out;
774
775 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
776 bcc_ptr = sess_data->iov[2].iov_base;
777 capabilities = cifs_ssetup_hdr(ses, pSMB);
778
779 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
780 pSMB->req_no_secext.CaseInsensitivePasswordLength =
781 cpu_to_le16(CIFS_AUTH_RESP_SIZE);
782 pSMB->req_no_secext.CaseSensitivePasswordLength =
783 cpu_to_le16(CIFS_AUTH_RESP_SIZE);
784
785 /* calculate ntlm response and session key */
786 rc = setup_ntlm_response(ses, sess_data->nls_cp);
787 if (rc) {
788 cifs_dbg(VFS, "Error %d during NTLM authentication\n",
789 rc);
790 goto out;
791 }
792
793 /* copy ntlm response */
794 memcpy(bcc_ptr, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
795 CIFS_AUTH_RESP_SIZE);
796 bcc_ptr += CIFS_AUTH_RESP_SIZE;
797 memcpy(bcc_ptr, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
798 CIFS_AUTH_RESP_SIZE);
799 bcc_ptr += CIFS_AUTH_RESP_SIZE;
800
801 if (ses->capabilities & CAP_UNICODE) {
802 /* unicode strings must be word aligned */
803 if (sess_data->iov[0].iov_len % 2) {
804 *bcc_ptr = 0;
805 bcc_ptr++;
806 }
807 unicode_ssetup_strings(&bcc_ptr, ses, sess_data->nls_cp);
808 } else {
809 ascii_ssetup_strings(&bcc_ptr, ses, sess_data->nls_cp);
810 }
811
812
813 sess_data->iov[2].iov_len = (long) bcc_ptr -
814 (long) sess_data->iov[2].iov_base;
815
816 rc = sess_sendreceive(sess_data);
817 if (rc)
818 goto out;
819
820 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
821 smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base;
822
823 if (smb_buf->WordCount != 3) {
824 rc = -EIO;
825 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount);
826 goto out;
827 }
828
829 if (le16_to_cpu(pSMB->resp.Action) & GUEST_LOGIN)
830 cifs_dbg(FYI, "Guest login\n"); /* BB mark SesInfo struct? */
831
832 ses->Suid = smb_buf->Uid; /* UID left in wire format (le) */
833 cifs_dbg(FYI, "UID = %llu\n", ses->Suid);
834
835 bytes_remaining = get_bcc(smb_buf);
836 bcc_ptr = pByteArea(smb_buf);
837
838 /* BB check if Unicode and decode strings */
839 if (bytes_remaining == 0) {
840 /* no string area to decode, do nothing */
841 } else if (smb_buf->Flags2 & SMBFLG2_UNICODE) {
842 /* unicode string area must be word-aligned */
843 if (((unsigned long) bcc_ptr - (unsigned long) smb_buf) % 2) {
844 ++bcc_ptr;
845 --bytes_remaining;
846 }
847 decode_unicode_ssetup(&bcc_ptr, bytes_remaining, ses,
848 sess_data->nls_cp);
849 } else {
850 decode_ascii_ssetup(&bcc_ptr, bytes_remaining, ses,
851 sess_data->nls_cp);
852 }
853
854 rc = sess_establish_session(sess_data);
855out:
856 sess_data->result = rc;
857 sess_data->func = NULL;
858 sess_free_buffer(sess_data);
859 kfree(ses->auth_key.response);
860 ses->auth_key.response = NULL;
861}
862
863static void
864sess_auth_ntlmv2(struct sess_data *sess_data)
865{
866 int rc = 0;
867 struct smb_hdr *smb_buf;
868 SESSION_SETUP_ANDX *pSMB;
869 char *bcc_ptr;
870 struct cifs_ses *ses = sess_data->ses;
871 __u32 capabilities;
872 __u16 bytes_remaining;
873
874 /* old style NTLM sessionsetup */
875 /* wct = 13 */
876 rc = sess_alloc_buffer(sess_data, 13);
877 if (rc)
878 goto out;
879
880 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
881 bcc_ptr = sess_data->iov[2].iov_base;
882 capabilities = cifs_ssetup_hdr(ses, pSMB);
883
884 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
885
886 /* LM2 password would be here if we supported it */
887 pSMB->req_no_secext.CaseInsensitivePasswordLength = 0;
888
889 /* calculate nlmv2 response and session key */
890 rc = setup_ntlmv2_rsp(ses, sess_data->nls_cp);
891 if (rc) {
892 cifs_dbg(VFS, "Error %d during NTLMv2 authentication\n", rc);
893 goto out;
894 }
895
896 memcpy(bcc_ptr, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
897 ses->auth_key.len - CIFS_SESS_KEY_SIZE);
898 bcc_ptr += ses->auth_key.len - CIFS_SESS_KEY_SIZE;
899
900 /* set case sensitive password length after tilen may get
901 * assigned, tilen is 0 otherwise.
902 */
903 pSMB->req_no_secext.CaseSensitivePasswordLength =
904 cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
905
906 if (ses->capabilities & CAP_UNICODE) {
907 if (sess_data->iov[0].iov_len % 2) {
908 *bcc_ptr = 0;
909 bcc_ptr++;
910 }
911 unicode_ssetup_strings(&bcc_ptr, ses, sess_data->nls_cp);
912 } else {
913 ascii_ssetup_strings(&bcc_ptr, ses, sess_data->nls_cp);
914 }
915
916
917 sess_data->iov[2].iov_len = (long) bcc_ptr -
918 (long) sess_data->iov[2].iov_base;
919
920 rc = sess_sendreceive(sess_data);
921 if (rc)
922 goto out;
923
924 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
925 smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base;
926
927 if (smb_buf->WordCount != 3) {
928 rc = -EIO;
929 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount);
930 goto out;
931 }
932
933 if (le16_to_cpu(pSMB->resp.Action) & GUEST_LOGIN)
934 cifs_dbg(FYI, "Guest login\n"); /* BB mark SesInfo struct? */
935
936 ses->Suid = smb_buf->Uid; /* UID left in wire format (le) */
937 cifs_dbg(FYI, "UID = %llu\n", ses->Suid);
938
939 bytes_remaining = get_bcc(smb_buf);
940 bcc_ptr = pByteArea(smb_buf);
941
942 /* BB check if Unicode and decode strings */
943 if (bytes_remaining == 0) {
944 /* no string area to decode, do nothing */
945 } else if (smb_buf->Flags2 & SMBFLG2_UNICODE) {
946 /* unicode string area must be word-aligned */
947 if (((unsigned long) bcc_ptr - (unsigned long) smb_buf) % 2) {
948 ++bcc_ptr;
949 --bytes_remaining;
950 }
951 decode_unicode_ssetup(&bcc_ptr, bytes_remaining, ses,
952 sess_data->nls_cp);
953 } else {
954 decode_ascii_ssetup(&bcc_ptr, bytes_remaining, ses,
955 sess_data->nls_cp);
956 }
957
958 rc = sess_establish_session(sess_data);
959out:
960 sess_data->result = rc;
961 sess_data->func = NULL;
962 sess_free_buffer(sess_data);
963 kfree(ses->auth_key.response);
964 ses->auth_key.response = NULL;
965}
966
Sachin Prabhuee03c642014-06-16 15:35:27 +0100[diff] [blame]967#ifdef CONFIG_CIFS_UPCALL
968static void
969sess_auth_kerberos(struct sess_data *sess_data)
970{
971 int rc = 0;
972 struct smb_hdr *smb_buf;
973 SESSION_SETUP_ANDX *pSMB;
974 char *bcc_ptr;
975 struct cifs_ses *ses = sess_data->ses;
976 __u32 capabilities;
977 __u16 bytes_remaining;
978 struct key *spnego_key = NULL;
979 struct cifs_spnego_msg *msg;
980 u16 blob_len;
981
982 /* extended security */
983 /* wct = 12 */
984 rc = sess_alloc_buffer(sess_data, 12);
985 if (rc)
986 goto out;
987
988 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
989 bcc_ptr = sess_data->iov[2].iov_base;
990 capabilities = cifs_ssetup_hdr(ses, pSMB);
991
992 spnego_key = cifs_get_spnego_key(ses);
993 if (IS_ERR(spnego_key)) {
994 rc = PTR_ERR(spnego_key);
995 spnego_key = NULL;
996 goto out;
997 }
998
999 msg = spnego_key->payload.data;
1000 /*
1001 * check version field to make sure that cifs.upcall is
1002 * sending us a response in an expected form
1003 */
1004 if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) {
1005 cifs_dbg(VFS,
1006 "incorrect version of cifs.upcall (expected %d but got %d)",
1007 CIFS_SPNEGO_UPCALL_VERSION, msg->version);
1008 rc = -EKEYREJECTED;
1009 goto out_put_spnego_key;
1010 }
1011
1012 ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len,
1013 GFP_KERNEL);
1014 if (!ses->auth_key.response) {
1015 cifs_dbg(VFS, "Kerberos can't allocate (%u bytes) memory",
1016 msg->sesskey_len);
1017 rc = -ENOMEM;
1018 goto out_put_spnego_key;
1019 }
1020 ses->auth_key.len = msg->sesskey_len;
1021
1022 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
1023 capabilities |= CAP_EXTENDED_SECURITY;
1024 pSMB->req.Capabilities = cpu_to_le32(capabilities);
1025 sess_data->iov[1].iov_base = msg->data + msg->sesskey_len;
1026 sess_data->iov[1].iov_len = msg->secblob_len;
1027 pSMB->req.SecurityBlobLength = cpu_to_le16(sess_data->iov[1].iov_len);
1028
1029 if (ses->capabilities & CAP_UNICODE) {
1030 /* unicode strings must be word aligned */
1031 if ((sess_data->iov[0].iov_len
1032 + sess_data->iov[1].iov_len) % 2) {
1033 *bcc_ptr = 0;
1034 bcc_ptr++;
1035 }
1036 unicode_oslm_strings(&bcc_ptr, sess_data->nls_cp);
1037 unicode_domain_string(&bcc_ptr, ses, sess_data->nls_cp);
1038 } else {
1039 /* BB: is this right? */
1040 ascii_ssetup_strings(&bcc_ptr, ses, sess_data->nls_cp);
1041 }
1042
1043 sess_data->iov[2].iov_len = (long) bcc_ptr -
1044 (long) sess_data->iov[2].iov_base;
1045
1046 rc = sess_sendreceive(sess_data);
1047 if (rc)
1048 goto out_put_spnego_key;
1049
1050 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1051 smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base;
1052
1053 if (smb_buf->WordCount != 4) {
1054 rc = -EIO;
1055 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount);
1056 goto out_put_spnego_key;
1057 }
1058
1059 if (le16_to_cpu(pSMB->resp.Action) & GUEST_LOGIN)
1060 cifs_dbg(FYI, "Guest login\n"); /* BB mark SesInfo struct? */
1061
1062 ses->Suid = smb_buf->Uid; /* UID left in wire format (le) */
1063 cifs_dbg(FYI, "UID = %llu\n", ses->Suid);
1064
1065 bytes_remaining = get_bcc(smb_buf);
1066 bcc_ptr = pByteArea(smb_buf);
1067
1068 blob_len = le16_to_cpu(pSMB->resp.SecurityBlobLength);
1069 if (blob_len > bytes_remaining) {
1070 cifs_dbg(VFS, "bad security blob length %d\n",
1071 blob_len);
1072 rc = -EINVAL;
1073 goto out_put_spnego_key;
1074 }
1075 bcc_ptr += blob_len;
1076 bytes_remaining -= blob_len;
1077
1078 /* BB check if Unicode and decode strings */
1079 if (bytes_remaining == 0) {
1080 /* no string area to decode, do nothing */
1081 } else if (smb_buf->Flags2 & SMBFLG2_UNICODE) {
1082 /* unicode string area must be word-aligned */
1083 if (((unsigned long) bcc_ptr - (unsigned long) smb_buf) % 2) {
1084 ++bcc_ptr;
1085 --bytes_remaining;
1086 }
1087 decode_unicode_ssetup(&bcc_ptr, bytes_remaining, ses,
1088 sess_data->nls_cp);
1089 } else {
1090 decode_ascii_ssetup(&bcc_ptr, bytes_remaining, ses,
1091 sess_data->nls_cp);
1092 }
1093
1094 rc = sess_establish_session(sess_data);
1095out_put_spnego_key:
1096 key_invalidate(spnego_key);
1097 key_put(spnego_key);
1098out:
1099 sess_data->result = rc;
1100 sess_data->func = NULL;
1101 sess_free_buffer(sess_data);
1102 kfree(ses->auth_key.response);
1103 ses->auth_key.response = NULL;
1104}
1105
1106#else
1107
1108static void
1109sess_auth_kerberos(struct sess_data *sess_data)
1110{
1111 cifs_dbg(VFS, "Kerberos negotiated but upcall support disabled!\n");
1112 sess_data->result = -ENOSYS;
1113 sess_data->func = NULL;
1114}
1115#endif /* ! CONFIG_CIFS_UPCALL */
Sachin Prabhu583cf7a2014-06-16 15:35:26 +0100[diff] [blame]1116
Sachin Prabhucc87c472014-06-16 15:35:28 +0100[diff] [blame]1117/*
1118 * The required kvec buffers have to be allocated before calling this
1119 * function.
1120 */
1121static int
1122_sess_auth_rawntlmssp_assemble_req(struct sess_data *sess_data)
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]1123{
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]1124 struct smb_hdr *smb_buf;
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]1125 SESSION_SETUP_ANDX *pSMB;
Sachin Prabhucc87c472014-06-16 15:35:28 +0100[diff] [blame]1126 struct cifs_ses *ses = sess_data->ses;
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]1127 __u32 capabilities;
Sachin Prabhucc87c472014-06-16 15:35:28 +0100[diff] [blame]1128 char *bcc_ptr;
Steve French254e55e2006-06-04 05:53:15 +0000[diff] [blame]1129
Sachin Prabhucc87c472014-06-16 15:35:28 +0100[diff] [blame]1130 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1131 smb_buf = (struct smb_hdr *)pSMB;
1132
1133 capabilities = cifs_ssetup_hdr(ses, pSMB);
1134 if ((pSMB->req.hdr.Flags2 & SMBFLG2_UNICODE) == 0) {
1135 cifs_dbg(VFS, "NTLMSSP requires Unicode support\n");
1136 return -ENOSYS;
Jeff Layton3534b852013-05-24 07:41:01 -0400[diff] [blame]1137 }
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]1138
Sachin Prabhucc87c472014-06-16 15:35:28 +0100[diff] [blame]1139 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
1140 capabilities |= CAP_EXTENDED_SECURITY;
1141 pSMB->req.Capabilities |= cpu_to_le32(capabilities);
1142
1143 bcc_ptr = sess_data->iov[2].iov_base;
1144 /* unicode strings must be word aligned */
1145 if ((sess_data->iov[0].iov_len + sess_data->iov[1].iov_len) % 2) {
1146 *bcc_ptr = 0;
1147 bcc_ptr++;
1148 }
1149 unicode_oslm_strings(&bcc_ptr, sess_data->nls_cp);
1150
1151 sess_data->iov[2].iov_len = (long) bcc_ptr -
1152 (long) sess_data->iov[2].iov_base;
1153
1154 return 0;
1155}
1156
1157static void
1158sess_auth_rawntlmssp_authenticate(struct sess_data *sess_data);
1159
1160static void
1161sess_auth_rawntlmssp_negotiate(struct sess_data *sess_data)
1162{
1163 int rc;
1164 struct smb_hdr *smb_buf;
1165 SESSION_SETUP_ANDX *pSMB;
1166 struct cifs_ses *ses = sess_data->ses;
1167 __u16 bytes_remaining;
1168 char *bcc_ptr;
1169 u16 blob_len;
1170
1171 cifs_dbg(FYI, "rawntlmssp session setup negotiate phase\n");
1172
1173 /*
1174 * if memory allocation is successful, caller of this function
1175 * frees it.
1176 */
1177 ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL);
1178 if (!ses->ntlmssp) {
1179 rc = -ENOMEM;
1180 goto out;
1181 }
1182 ses->ntlmssp->sesskey_per_smbsess = false;
1183
1184 /* wct = 12 */
1185 rc = sess_alloc_buffer(sess_data, 12);
1186 if (rc)
1187 goto out;
1188
1189 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1190
1191 /* Build security blob before we assemble the request */
1192 build_ntlmssp_negotiate_blob(pSMB->req.SecurityBlob, ses);
1193 sess_data->iov[1].iov_len = sizeof(NEGOTIATE_MESSAGE);
1194 sess_data->iov[1].iov_base = pSMB->req.SecurityBlob;
1195 pSMB->req.SecurityBlobLength = cpu_to_le16(sizeof(NEGOTIATE_MESSAGE));
1196
1197 rc = _sess_auth_rawntlmssp_assemble_req(sess_data);
1198 if (rc)
1199 goto out;
1200
1201 rc = sess_sendreceive(sess_data);
1202
1203 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1204 smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base;
1205
1206 /* If true, rc here is expected and not an error */
1207 if (sess_data->buf0_type != CIFS_NO_BUFFER &&
1208 smb_buf->Status.CifsError ==
1209 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
1210 rc = 0;
1211
1212 if (rc)
1213 goto out;
1214
1215 cifs_dbg(FYI, "rawntlmssp session setup challenge phase\n");
1216
1217 if (smb_buf->WordCount != 4) {
1218 rc = -EIO;
1219 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount);
1220 goto out;
1221 }
1222
1223 ses->Suid = smb_buf->Uid; /* UID left in wire format (le) */
1224 cifs_dbg(FYI, "UID = %llu\n", ses->Suid);
1225
1226 bytes_remaining = get_bcc(smb_buf);
1227 bcc_ptr = pByteArea(smb_buf);
1228
1229 blob_len = le16_to_cpu(pSMB->resp.SecurityBlobLength);
1230 if (blob_len > bytes_remaining) {
1231 cifs_dbg(VFS, "bad security blob length %d\n",
1232 blob_len);
1233 rc = -EINVAL;
1234 goto out;
1235 }
1236
1237 rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
1238out:
1239 sess_free_buffer(sess_data);
1240
1241 if (!rc) {
1242 sess_data->func = sess_auth_rawntlmssp_authenticate;
1243 return;
1244 }
1245
1246 /* Else error. Cleanup */
1247 kfree(ses->auth_key.response);
1248 ses->auth_key.response = NULL;
1249 kfree(ses->ntlmssp);
1250 ses->ntlmssp = NULL;
1251
1252 sess_data->func = NULL;
1253 sess_data->result = rc;
1254}
1255
1256static void
1257sess_auth_rawntlmssp_authenticate(struct sess_data *sess_data)
1258{
1259 int rc;
1260 struct smb_hdr *smb_buf;
1261 SESSION_SETUP_ANDX *pSMB;
1262 struct cifs_ses *ses = sess_data->ses;
1263 __u16 bytes_remaining;
1264 char *bcc_ptr;
1265 char *ntlmsspblob = NULL;
1266 u16 blob_len;
1267
1268 cifs_dbg(FYI, "rawntlmssp session setup authenticate phase\n");
1269
1270 /* wct = 12 */
1271 rc = sess_alloc_buffer(sess_data, 12);
1272 if (rc)
1273 goto out;
1274
1275 /* Build security blob before we assemble the request */
1276 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1277 smb_buf = (struct smb_hdr *)pSMB;
1278 /*
1279 * 5 is an empirical value, large enough to hold
1280 * authenticate message plus max 10 of av paris,
1281 * domain, user, workstation names, flags, etc.
1282 */
1283 ntlmsspblob = kzalloc(5*sizeof(struct _AUTHENTICATE_MESSAGE),
1284 GFP_KERNEL);
1285 if (!ntlmsspblob) {
1286 rc = -ENOMEM;
1287 goto out;
1288 }
1289
1290 rc = build_ntlmssp_auth_blob(ntlmsspblob,
1291 &blob_len, ses, sess_data->nls_cp);
1292 if (rc)
1293 goto out_free_ntlmsspblob;
1294 sess_data->iov[1].iov_len = blob_len;
1295 sess_data->iov[1].iov_base = ntlmsspblob;
1296 pSMB->req.SecurityBlobLength = cpu_to_le16(blob_len);
1297 /*
1298 * Make sure that we tell the server that we are using
1299 * the uid that it just gave us back on the response
1300 * (challenge)
1301 */
1302 smb_buf->Uid = ses->Suid;
1303
1304 rc = _sess_auth_rawntlmssp_assemble_req(sess_data);
1305 if (rc)
1306 goto out_free_ntlmsspblob;
1307
1308 rc = sess_sendreceive(sess_data);
1309 if (rc)
1310 goto out_free_ntlmsspblob;
1311
1312 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1313 smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base;
1314 if (smb_buf->WordCount != 4) {
1315 rc = -EIO;
1316 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount);
1317 goto out_free_ntlmsspblob;
1318 }
1319
1320 if (le16_to_cpu(pSMB->resp.Action) & GUEST_LOGIN)
1321 cifs_dbg(FYI, "Guest login\n"); /* BB mark SesInfo struct? */
1322
1323 bytes_remaining = get_bcc(smb_buf);
1324 bcc_ptr = pByteArea(smb_buf);
1325 blob_len = le16_to_cpu(pSMB->resp.SecurityBlobLength);
1326 if (blob_len > bytes_remaining) {
1327 cifs_dbg(VFS, "bad security blob length %d\n",
1328 blob_len);
1329 rc = -EINVAL;
1330 goto out_free_ntlmsspblob;
1331 }
1332 bcc_ptr += blob_len;
1333 bytes_remaining -= blob_len;
1334
1335
1336 /* BB check if Unicode and decode strings */
1337 if (bytes_remaining == 0) {
1338 /* no string area to decode, do nothing */
1339 } else if (smb_buf->Flags2 & SMBFLG2_UNICODE) {
1340 /* unicode string area must be word-aligned */
1341 if (((unsigned long) bcc_ptr - (unsigned long) smb_buf) % 2) {
1342 ++bcc_ptr;
1343 --bytes_remaining;
1344 }
1345 decode_unicode_ssetup(&bcc_ptr, bytes_remaining, ses,
1346 sess_data->nls_cp);
1347 } else {
1348 decode_ascii_ssetup(&bcc_ptr, bytes_remaining, ses,
1349 sess_data->nls_cp);
1350 }
1351
1352out_free_ntlmsspblob:
1353 kfree(ntlmsspblob);
1354out:
1355 sess_free_buffer(sess_data);
1356
1357 if (!rc)
1358 rc = sess_establish_session(sess_data);
1359
1360 /* Cleanup */
1361 kfree(ses->auth_key.response);
1362 ses->auth_key.response = NULL;
1363 kfree(ses->ntlmssp);
1364 ses->ntlmssp = NULL;
1365
1366 sess_data->func = NULL;
1367 sess_data->result = rc;
1368}
1369
Steve French27924072014-07-11 07:47:01 -0500[diff] [blame]1370static int select_sec(struct cifs_ses *ses, struct sess_data *sess_data)
Sachin Prabhucc87c472014-06-16 15:35:28 +0100[diff] [blame]1371{
1372 int type;
Sachin Prabhu80a0e632014-06-16 15:35:25 +0100[diff] [blame]1373
Jeff Layton3f618222013-06-12 19:52:14 -0500[diff] [blame]1374 type = select_sectype(ses->server, ses->sectype);
Joe Perchesf96637b2013-05-04 22:12:25 -0500[diff] [blame]1375 cifs_dbg(FYI, "sess setup type %d\n", type);
Jeff Layton3f618222013-06-12 19:52:14 -0500[diff] [blame]1376 if (type == Unspecified) {
Shirish Pargaonkard4e63bd2013-08-29 08:35:09 -0500[diff] [blame]1377 cifs_dbg(VFS,
1378 "Unable to select appropriate authentication method!");
Jeff Layton3f618222013-06-12 19:52:14 -0500[diff] [blame]1379 return -EINVAL;
1380 }
1381
Sachin Prabhu80a0e632014-06-16 15:35:25 +0100[diff] [blame]1382 switch (type) {
1383 case LANMAN:
Sachin Prabhucc87c472014-06-16 15:35:28 +0100[diff] [blame]1384 /* LANMAN and plaintext are less secure and off by default.
1385 * So we make this explicitly be turned on in kconfig (in the
1386 * build) and turned on at runtime (changed from the default)
1387 * in proc/fs/cifs or via mount parm. Unfortunately this is
1388 * needed for old Win (e.g. Win95), some obscure NAS and OS/2 */
1389#ifdef CONFIG_CIFS_WEAK_PW_HASH
1390 sess_data->func = sess_auth_lanman;
1391 break;
1392#else
1393 return -EOPNOTSUPP;
1394#endif
Sachin Prabhu583cf7a2014-06-16 15:35:26 +0100[diff] [blame]1395 case NTLM:
Sachin Prabhucc87c472014-06-16 15:35:28 +0100[diff] [blame]1396 sess_data->func = sess_auth_ntlm;
1397 break;
Sachin Prabhu583cf7a2014-06-16 15:35:26 +0100[diff] [blame]1398 case NTLMv2:
Sachin Prabhucc87c472014-06-16 15:35:28 +0100[diff] [blame]1399 sess_data->func = sess_auth_ntlmv2;
1400 break;
Sachin Prabhuee03c642014-06-16 15:35:27 +0100[diff] [blame]1401 case Kerberos:
Sachin Prabhucc87c472014-06-16 15:35:28 +0100[diff] [blame]1402#ifdef CONFIG_CIFS_UPCALL
1403 sess_data->func = sess_auth_kerberos;
1404 break;
1405#else
1406 cifs_dbg(VFS, "Kerberos negotiated but upcall support disabled!\n");
1407 return -ENOSYS;
1408 break;
1409#endif /* CONFIG_CIFS_UPCALL */
1410 case RawNTLMSSP:
1411 sess_data->func = sess_auth_rawntlmssp_negotiate;
1412 break;
Sachin Prabhu80a0e632014-06-16 15:35:25 +0100[diff] [blame]1413 default:
Joe Perchesf96637b2013-05-04 22:12:25 -0500[diff] [blame]1414 cifs_dbg(VFS, "secType %d not supported!\n", type);
Sachin Prabhucc87c472014-06-16 15:35:28 +0100[diff] [blame]1415 return -ENOSYS;
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]1416 }
1417
Sachin Prabhucc87c472014-06-16 15:35:28 +0100[diff] [blame]1418 return 0;
1419}
Steve French24424212007-11-16 23:37:35 +0000[diff] [blame]1420
Sachin Prabhucc87c472014-06-16 15:35:28 +0100[diff] [blame]1421int CIFS_SessSetup(const unsigned int xid, struct cifs_ses *ses,
1422 const struct nls_table *nls_cp)
1423{
1424 int rc = 0;
1425 struct sess_data *sess_data;
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]1426
Sachin Prabhucc87c472014-06-16 15:35:28 +0100[diff] [blame]1427 if (ses == NULL) {
1428 WARN(1, "%s: ses == NULL!", __func__);
1429 return -EINVAL;
Steve French0b3cc8582009-05-04 08:37:12 +0000[diff] [blame]1430 }
Sachin Prabhucc87c472014-06-16 15:35:28 +0100[diff] [blame]1431
1432 sess_data = kzalloc(sizeof(struct sess_data), GFP_KERNEL);
1433 if (!sess_data)
1434 return -ENOMEM;
1435
1436 rc = select_sec(ses, sess_data);
Steve French0b3cc8582009-05-04 08:37:12 +0000[diff] [blame]1437 if (rc)
Sachin Prabhucc87c472014-06-16 15:35:28 +0100[diff] [blame]1438 goto out;
Steve French0b3cc8582009-05-04 08:37:12 +0000[diff] [blame]1439
Sachin Prabhucc87c472014-06-16 15:35:28 +0100[diff] [blame]1440 sess_data->xid = xid;
1441 sess_data->ses = ses;
1442 sess_data->buf0_type = CIFS_NO_BUFFER;
1443 sess_data->nls_cp = (struct nls_table *) nls_cp;
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]1444
Sachin Prabhucc87c472014-06-16 15:35:28 +0100[diff] [blame]1445 while (sess_data->func)
1446 sess_data->func(sess_data);
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]1447
Sachin Prabhucc87c472014-06-16 15:35:28 +0100[diff] [blame]1448 /* Store result before we free sess_data */
1449 rc = sess_data->result;
Sachin Prabhu80a0e632014-06-16 15:35:25 +0100[diff] [blame]1450
1451out:
Sachin Prabhu80a0e632014-06-16 15:35:25 +0100[diff] [blame]1452 kfree(sess_data);
1453 return rc;
Steve French39798772006-05-31 22:40:51 +0000[diff] [blame]1454}