blob: 0d0fe38f66a2293a6964f9a53a337c2ecc0a0ad3 [file] [log] [blame]
Steve French39798772006-05-31 22:40:51 +00001/*
2 * fs/cifs/sess.c
3 *
4 * SMB/CIFS session setup handling routines
5 *
Steve Frenchd185cda2009-04-30 17:45:10 +00006 * Copyright (c) International Business Machines Corp., 2006, 2009
Steve French39798772006-05-31 22:40:51 +00007 * Author(s): Steve French (sfrench@us.ibm.com)
8 *
9 * This library is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Lesser General Public License as published
11 * by the Free Software Foundation; either version 2.1 of the License, or
12 * (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
17 * the GNU Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public License
20 * along with this library; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 */
23
24#include "cifspdu.h"
25#include "cifsglob.h"
26#include "cifsproto.h"
27#include "cifs_unicode.h"
28#include "cifs_debug.h"
29#include "ntlmssp.h"
30#include "nterr.h"
Steve French9c535882006-06-01 05:09:10 +000031#include <linux/utsname.h>
Tejun Heo5a0e3ad2010-03-24 17:04:11 +090032#include <linux/slab.h>
Steve French24424212007-11-16 23:37:35 +000033#include "cifs_spnego.h"
Steve French39798772006-05-31 22:40:51 +000034
Jeff Laytonebe6aa52010-04-24 07:57:47 -040035/*
36 * Checks if this is the first smb session to be reconnected after
37 * the socket has been reestablished (so we know whether to use vc 0).
38 * Called while holding the cifs_tcp_ses_lock, so do not block
39 */
Steve French96daf2b2011-05-27 04:34:02 +000040static bool is_first_ses_reconnect(struct cifs_ses *ses)
Steve Frencheca6acf2009-02-20 05:43:09 +000041{
42 struct list_head *tmp;
Steve French96daf2b2011-05-27 04:34:02 +000043 struct cifs_ses *tmp_ses;
Steve Frencheca6acf2009-02-20 05:43:09 +000044
45 list_for_each(tmp, &ses->server->smb_ses_list) {
Steve French96daf2b2011-05-27 04:34:02 +000046 tmp_ses = list_entry(tmp, struct cifs_ses,
Steve Frencheca6acf2009-02-20 05:43:09 +000047 smb_ses_list);
48 if (tmp_ses->need_reconnect == false)
49 return false;
50 }
51 /* could not find a session that was already connected,
52 this must be the first one we are reconnecting */
53 return true;
54}
55
56/*
57 * vc number 0 is treated specially by some servers, and should be the
58 * first one we request. After that we can use vcnumbers up to maxvcs,
59 * one for each smb session (some Windows versions set maxvcs incorrectly
60 * so maxvc=1 can be ignored). If we have too many vcs, we can reuse
61 * any vc but zero (some servers reset the connection on vcnum zero)
62 *
63 */
Steve French96daf2b2011-05-27 04:34:02 +000064static __le16 get_next_vcnum(struct cifs_ses *ses)
Steve Frencheca6acf2009-02-20 05:43:09 +000065{
66 __u16 vcnum = 0;
67 struct list_head *tmp;
Steve French96daf2b2011-05-27 04:34:02 +000068 struct cifs_ses *tmp_ses;
Steve Frencheca6acf2009-02-20 05:43:09 +000069 __u16 max_vcs = ses->server->max_vcs;
70 __u16 i;
71 int free_vc_found = 0;
72
73 /* Quoting the MS-SMB specification: "Windows-based SMB servers set this
74 field to one but do not enforce this limit, which allows an SMB client
75 to establish more virtual circuits than allowed by this value ... but
76 other server implementations can enforce this limit." */
77 if (max_vcs < 2)
78 max_vcs = 0xFFFF;
79
Suresh Jayaraman3f9bcca2010-10-18 23:29:37 +053080 spin_lock(&cifs_tcp_ses_lock);
Steve Frencheca6acf2009-02-20 05:43:09 +000081 if ((ses->need_reconnect) && is_first_ses_reconnect(ses))
82 goto get_vc_num_exit; /* vcnum will be zero */
83 for (i = ses->server->srv_count - 1; i < max_vcs; i++) {
84 if (i == 0) /* this is the only connection, use vc 0 */
85 break;
86
87 free_vc_found = 1;
88
89 list_for_each(tmp, &ses->server->smb_ses_list) {
Steve French96daf2b2011-05-27 04:34:02 +000090 tmp_ses = list_entry(tmp, struct cifs_ses,
Steve Frencheca6acf2009-02-20 05:43:09 +000091 smb_ses_list);
92 if (tmp_ses->vcnum == i) {
93 free_vc_found = 0;
94 break; /* found duplicate, try next vcnum */
95 }
96 }
97 if (free_vc_found)
98 break; /* we found a vcnumber that will work - use it */
99 }
100
101 if (i == 0)
102 vcnum = 0; /* for most common case, ie if one smb session, use
103 vc zero. Also for case when no free vcnum, zero
104 is safest to send (some clients only send zero) */
105 else if (free_vc_found == 0)
106 vcnum = 1; /* we can not reuse vc=0 safely, since some servers
107 reset all uids on that, but 1 is ok. */
108 else
109 vcnum = i;
110 ses->vcnum = vcnum;
111get_vc_num_exit:
Suresh Jayaraman3f9bcca2010-10-18 23:29:37 +0530112 spin_unlock(&cifs_tcp_ses_lock);
Steve Frencheca6acf2009-02-20 05:43:09 +0000113
Steve French051a2a02009-05-01 16:21:04 +0000114 return cpu_to_le16(vcnum);
Steve Frencheca6acf2009-02-20 05:43:09 +0000115}
116
Steve French96daf2b2011-05-27 04:34:02 +0000117static __u32 cifs_ssetup_hdr(struct cifs_ses *ses, SESSION_SETUP_ANDX *pSMB)
Steve French39798772006-05-31 22:40:51 +0000118{
119 __u32 capabilities = 0;
120
121 /* init fields common to all four types of SessSetup */
Steve Frencheca6acf2009-02-20 05:43:09 +0000122 /* Note that offsets for first seven fields in req struct are same */
123 /* in CIFS Specs so does not matter which of 3 forms of struct */
124 /* that we use in next few lines */
125 /* Note that header is initialized to zero in header_assemble */
Steve French39798772006-05-31 22:40:51 +0000126 pSMB->req.AndXCommand = 0xFF;
Jeff Laytonc974bef2011-10-11 06:41:32 -0400127 pSMB->req.MaxBufferSize = cpu_to_le16(min_t(u32,
128 CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4,
129 USHRT_MAX));
Steve French39798772006-05-31 22:40:51 +0000130 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
Steve Frencheca6acf2009-02-20 05:43:09 +0000131 pSMB->req.VcNumber = get_next_vcnum(ses);
Steve French39798772006-05-31 22:40:51 +0000132
133 /* Now no need to set SMBFLG_CASELESS or obsolete CANONICAL PATH */
134
Steve French790fe572007-07-07 19:25:05 +0000135 /* BB verify whether signing required on neg or just on auth frame
Steve French39798772006-05-31 22:40:51 +0000136 (and NTLM case) */
137
138 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
139 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
140
Steve French96daf2b2011-05-27 04:34:02 +0000141 if (ses->server->sec_mode &
Steve French790fe572007-07-07 19:25:05 +0000142 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
Steve French39798772006-05-31 22:40:51 +0000143 pSMB->req.hdr.Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
144
145 if (ses->capabilities & CAP_UNICODE) {
146 pSMB->req.hdr.Flags2 |= SMBFLG2_UNICODE;
147 capabilities |= CAP_UNICODE;
148 }
149 if (ses->capabilities & CAP_STATUS32) {
150 pSMB->req.hdr.Flags2 |= SMBFLG2_ERR_STATUS;
151 capabilities |= CAP_STATUS32;
152 }
153 if (ses->capabilities & CAP_DFS) {
154 pSMB->req.hdr.Flags2 |= SMBFLG2_DFS;
155 capabilities |= CAP_DFS;
156 }
Steve French26f57362007-08-30 22:09:15 +0000157 if (ses->capabilities & CAP_UNIX)
Steve French39798772006-05-31 22:40:51 +0000158 capabilities |= CAP_UNIX;
Steve French39798772006-05-31 22:40:51 +0000159
Steve French39798772006-05-31 22:40:51 +0000160 return capabilities;
161}
162
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000163static void
164unicode_oslm_strings(char **pbcc_area, const struct nls_table *nls_cp)
165{
166 char *bcc_ptr = *pbcc_area;
167 int bytes_ret = 0;
168
169 /* Copy OS version */
Steve Frenchacbbb762012-01-18 22:32:33 -0600170 bytes_ret = cifs_strtoUTF16((__le16 *)bcc_ptr, "Linux version ", 32,
171 nls_cp);
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000172 bcc_ptr += 2 * bytes_ret;
Steve Frenchacbbb762012-01-18 22:32:33 -0600173 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, init_utsname()->release,
174 32, nls_cp);
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000175 bcc_ptr += 2 * bytes_ret;
176 bcc_ptr += 2; /* trailing null */
177
Steve Frenchacbbb762012-01-18 22:32:33 -0600178 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
179 32, nls_cp);
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000180 bcc_ptr += 2 * bytes_ret;
181 bcc_ptr += 2; /* trailing null */
182
183 *pbcc_area = bcc_ptr;
184}
185
Steve French96daf2b2011-05-27 04:34:02 +0000186static void unicode_domain_string(char **pbcc_area, struct cifs_ses *ses,
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000187 const struct nls_table *nls_cp)
188{
189 char *bcc_ptr = *pbcc_area;
190 int bytes_ret = 0;
191
192 /* copy domain */
193 if (ses->domainName == NULL) {
194 /* Sending null domain better than using a bogus domain name (as
195 we did briefly in 2.6.18) since server will use its default */
196 *bcc_ptr = 0;
197 *(bcc_ptr+1) = 0;
198 bytes_ret = 0;
199 } else
Steve Frenchacbbb762012-01-18 22:32:33 -0600200 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, ses->domainName,
201 256, nls_cp);
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000202 bcc_ptr += 2 * bytes_ret;
203 bcc_ptr += 2; /* account for null terminator */
204
205 *pbcc_area = bcc_ptr;
206}
207
208
Steve French96daf2b2011-05-27 04:34:02 +0000209static void unicode_ssetup_strings(char **pbcc_area, struct cifs_ses *ses,
Steve French790fe572007-07-07 19:25:05 +0000210 const struct nls_table *nls_cp)
Steve French39798772006-05-31 22:40:51 +0000211{
Steve French790fe572007-07-07 19:25:05 +0000212 char *bcc_ptr = *pbcc_area;
Steve French39798772006-05-31 22:40:51 +0000213 int bytes_ret = 0;
214
215 /* BB FIXME add check that strings total less
216 than 335 or will need to send them as arrays */
217
Steve French0223cf02006-06-27 19:50:57 +0000218 /* unicode strings, must be word aligned before the call */
219/* if ((long) bcc_ptr % 2) {
Steve French39798772006-05-31 22:40:51 +0000220 *bcc_ptr = 0;
221 bcc_ptr++;
Steve French0223cf02006-06-27 19:50:57 +0000222 } */
Steve French39798772006-05-31 22:40:51 +0000223 /* copy user */
Steve French8727c8a2011-02-25 01:11:56 -0600224 if (ses->user_name == NULL) {
Steve French6e659c62006-11-08 23:10:46 +0000225 /* null user mount */
226 *bcc_ptr = 0;
227 *(bcc_ptr+1) = 0;
Steve French301a6a32010-02-06 07:08:53 +0000228 } else {
Steve Frenchacbbb762012-01-18 22:32:33 -0600229 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, ses->user_name,
230 MAX_USERNAME_SIZE, nls_cp);
Steve French39798772006-05-31 22:40:51 +0000231 }
232 bcc_ptr += 2 * bytes_ret;
233 bcc_ptr += 2; /* account for null termination */
Steve French39798772006-05-31 22:40:51 +0000234
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000235 unicode_domain_string(&bcc_ptr, ses, nls_cp);
236 unicode_oslm_strings(&bcc_ptr, nls_cp);
Steve French39798772006-05-31 22:40:51 +0000237
238 *pbcc_area = bcc_ptr;
239}
240
Steve French96daf2b2011-05-27 04:34:02 +0000241static void ascii_ssetup_strings(char **pbcc_area, struct cifs_ses *ses,
Steve French790fe572007-07-07 19:25:05 +0000242 const struct nls_table *nls_cp)
Steve French39798772006-05-31 22:40:51 +0000243{
Steve French790fe572007-07-07 19:25:05 +0000244 char *bcc_ptr = *pbcc_area;
Steve French39798772006-05-31 22:40:51 +0000245
246 /* copy user */
247 /* BB what about null user mounts - check that we do this BB */
Steve French790fe572007-07-07 19:25:05 +0000248 /* copy user */
Shirish Pargaonkarde47a412012-02-02 15:28:28 -0600249 if (ses->user_name != NULL) {
Steve French8727c8a2011-02-25 01:11:56 -0600250 strncpy(bcc_ptr, ses->user_name, MAX_USERNAME_SIZE);
Shirish Pargaonkarde47a412012-02-02 15:28:28 -0600251 bcc_ptr += strnlen(ses->user_name, MAX_USERNAME_SIZE);
252 }
Steve French8727c8a2011-02-25 01:11:56 -0600253 /* else null user mount */
Steve French39798772006-05-31 22:40:51 +0000254 *bcc_ptr = 0;
Steve French790fe572007-07-07 19:25:05 +0000255 bcc_ptr++; /* account for null termination */
Steve French39798772006-05-31 22:40:51 +0000256
Steve French790fe572007-07-07 19:25:05 +0000257 /* copy domain */
Steve French790fe572007-07-07 19:25:05 +0000258 if (ses->domainName != NULL) {
259 strncpy(bcc_ptr, ses->domainName, 256);
Steve French39798772006-05-31 22:40:51 +0000260 bcc_ptr += strnlen(ses->domainName, 256);
Steve French790fe572007-07-07 19:25:05 +0000261 } /* else we will send a null domain name
Steve French6e659c62006-11-08 23:10:46 +0000262 so the server will default to its own domain */
Steve French39798772006-05-31 22:40:51 +0000263 *bcc_ptr = 0;
264 bcc_ptr++;
265
266 /* BB check for overflow here */
267
268 strcpy(bcc_ptr, "Linux version ");
269 bcc_ptr += strlen("Linux version ");
Serge E. Hallyn96b644b2006-10-02 02:18:13 -0700270 strcpy(bcc_ptr, init_utsname()->release);
271 bcc_ptr += strlen(init_utsname()->release) + 1;
Steve French39798772006-05-31 22:40:51 +0000272
273 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
274 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
275
Steve French790fe572007-07-07 19:25:05 +0000276 *pbcc_area = bcc_ptr;
Steve French39798772006-05-31 22:40:51 +0000277}
278
Jeff Layton59140792009-04-30 07:16:21 -0400279static void
Steve French96daf2b2011-05-27 04:34:02 +0000280decode_unicode_ssetup(char **pbcc_area, int bleft, struct cifs_ses *ses,
Jeff Layton59140792009-04-30 07:16:21 -0400281 const struct nls_table *nls_cp)
Steve French39798772006-05-31 22:40:51 +0000282{
Jeff Layton59140792009-04-30 07:16:21 -0400283 int len;
Steve French790fe572007-07-07 19:25:05 +0000284 char *data = *pbcc_area;
Steve French39798772006-05-31 22:40:51 +0000285
Joe Perchesf96637b2013-05-04 22:12:25 -0500286 cifs_dbg(FYI, "bleft %d\n", bleft);
Steve French39798772006-05-31 22:40:51 +0000287
Steve French26f57362007-08-30 22:09:15 +0000288 kfree(ses->serverOS);
Steve Frenchacbbb762012-01-18 22:32:33 -0600289 ses->serverOS = cifs_strndup_from_utf16(data, bleft, true, nls_cp);
Joe Perchesf96637b2013-05-04 22:12:25 -0500290 cifs_dbg(FYI, "serverOS=%s\n", ses->serverOS);
Jeff Layton59140792009-04-30 07:16:21 -0400291 len = (UniStrnlen((wchar_t *) data, bleft / 2) * 2) + 2;
292 data += len;
293 bleft -= len;
294 if (bleft <= 0)
295 return;
Steve French39798772006-05-31 22:40:51 +0000296
Steve French26f57362007-08-30 22:09:15 +0000297 kfree(ses->serverNOS);
Steve Frenchacbbb762012-01-18 22:32:33 -0600298 ses->serverNOS = cifs_strndup_from_utf16(data, bleft, true, nls_cp);
Joe Perchesf96637b2013-05-04 22:12:25 -0500299 cifs_dbg(FYI, "serverNOS=%s\n", ses->serverNOS);
Jeff Layton59140792009-04-30 07:16:21 -0400300 len = (UniStrnlen((wchar_t *) data, bleft / 2) * 2) + 2;
301 data += len;
302 bleft -= len;
303 if (bleft <= 0)
304 return;
Steve French39798772006-05-31 22:40:51 +0000305
Steve French26f57362007-08-30 22:09:15 +0000306 kfree(ses->serverDomain);
Steve Frenchacbbb762012-01-18 22:32:33 -0600307 ses->serverDomain = cifs_strndup_from_utf16(data, bleft, true, nls_cp);
Joe Perchesf96637b2013-05-04 22:12:25 -0500308 cifs_dbg(FYI, "serverDomain=%s\n", ses->serverDomain);
Steve French790fe572007-07-07 19:25:05 +0000309
Jeff Layton59140792009-04-30 07:16:21 -0400310 return;
Steve French39798772006-05-31 22:40:51 +0000311}
312
Jeff Layton7d066452013-05-24 07:41:00 -0400313static void decode_ascii_ssetup(char **pbcc_area, __u16 bleft,
314 struct cifs_ses *ses,
315 const struct nls_table *nls_cp)
Steve French39798772006-05-31 22:40:51 +0000316{
Steve French39798772006-05-31 22:40:51 +0000317 int len;
Steve French790fe572007-07-07 19:25:05 +0000318 char *bcc_ptr = *pbcc_area;
Steve French39798772006-05-31 22:40:51 +0000319
Joe Perchesf96637b2013-05-04 22:12:25 -0500320 cifs_dbg(FYI, "decode sessetup ascii. bleft %d\n", bleft);
Steve French50c2f752007-07-13 00:33:32 +0000321
Steve French39798772006-05-31 22:40:51 +0000322 len = strnlen(bcc_ptr, bleft);
Steve French790fe572007-07-07 19:25:05 +0000323 if (len >= bleft)
Jeff Layton7d066452013-05-24 07:41:00 -0400324 return;
Steve French50c2f752007-07-13 00:33:32 +0000325
Steve French26f57362007-08-30 22:09:15 +0000326 kfree(ses->serverOS);
Steve French39798772006-05-31 22:40:51 +0000327
328 ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
Steve French790fe572007-07-07 19:25:05 +0000329 if (ses->serverOS)
Steve French39798772006-05-31 22:40:51 +0000330 strncpy(ses->serverOS, bcc_ptr, len);
Jeff Layton281e2e72013-05-26 07:00:56 -0400331 if (strncmp(ses->serverOS, "OS/2", 4) == 0)
Joe Perchesf96637b2013-05-04 22:12:25 -0500332 cifs_dbg(FYI, "OS/2 server\n");
Steve French39798772006-05-31 22:40:51 +0000333
334 bcc_ptr += len + 1;
335 bleft -= len + 1;
336
337 len = strnlen(bcc_ptr, bleft);
Steve French790fe572007-07-07 19:25:05 +0000338 if (len >= bleft)
Jeff Layton7d066452013-05-24 07:41:00 -0400339 return;
Steve French39798772006-05-31 22:40:51 +0000340
Steve French26f57362007-08-30 22:09:15 +0000341 kfree(ses->serverNOS);
Steve French39798772006-05-31 22:40:51 +0000342
343 ses->serverNOS = kzalloc(len + 1, GFP_KERNEL);
Steve French790fe572007-07-07 19:25:05 +0000344 if (ses->serverNOS)
Steve French39798772006-05-31 22:40:51 +0000345 strncpy(ses->serverNOS, bcc_ptr, len);
346
347 bcc_ptr += len + 1;
348 bleft -= len + 1;
349
Steve French790fe572007-07-07 19:25:05 +0000350 len = strnlen(bcc_ptr, bleft);
351 if (len > bleft)
Jeff Layton7d066452013-05-24 07:41:00 -0400352 return;
Steve French39798772006-05-31 22:40:51 +0000353
Steve French9ac00b72006-09-30 04:13:17 +0000354 /* No domain field in LANMAN case. Domain is
355 returned by old servers in the SMB negprot response */
356 /* BB For newer servers which do not support Unicode,
357 but thus do return domain here we could add parsing
358 for it later, but it is not very important */
Joe Perchesf96637b2013-05-04 22:12:25 -0500359 cifs_dbg(FYI, "ascii: bytes left %d\n", bleft);
Steve French39798772006-05-31 22:40:51 +0000360}
361
Pavel Shilovsky5478f9b2011-12-27 16:22:00 +0400362int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len,
Steve French96daf2b2011-05-27 04:34:02 +0000363 struct cifs_ses *ses)
Steve French0b3cc8582009-05-04 08:37:12 +0000364{
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500365 unsigned int tioffset; /* challenge message target info area */
366 unsigned int tilen; /* challenge message target info area length */
367
Steve French0b3cc8582009-05-04 08:37:12 +0000368 CHALLENGE_MESSAGE *pblob = (CHALLENGE_MESSAGE *)bcc_ptr;
369
370 if (blob_len < sizeof(CHALLENGE_MESSAGE)) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500371 cifs_dbg(VFS, "challenge blob len %d too small\n", blob_len);
Steve French0b3cc8582009-05-04 08:37:12 +0000372 return -EINVAL;
373 }
374
375 if (memcmp(pblob->Signature, "NTLMSSP", 8)) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500376 cifs_dbg(VFS, "blob signature incorrect %s\n",
377 pblob->Signature);
Steve French0b3cc8582009-05-04 08:37:12 +0000378 return -EINVAL;
379 }
380 if (pblob->MessageType != NtLmChallenge) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500381 cifs_dbg(VFS, "Incorrect message type %d\n",
382 pblob->MessageType);
Steve French0b3cc8582009-05-04 08:37:12 +0000383 return -EINVAL;
384 }
385
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500386 memcpy(ses->ntlmssp->cryptkey, pblob->Challenge, CIFS_CRYPTO_KEY_SIZE);
Steve French0b3cc8582009-05-04 08:37:12 +0000387 /* BB we could decode pblob->NegotiateFlags; some may be useful */
388 /* In particular we can examine sign flags */
389 /* BB spec says that if AvId field of MsvAvTimestamp is populated then
390 we must set the MIC field of the AUTHENTICATE_MESSAGE */
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500391 ses->ntlmssp->server_flags = le32_to_cpu(pblob->NegotiateFlags);
Steve French5443d132011-03-13 05:08:25 +0000392 tioffset = le32_to_cpu(pblob->TargetInfoArray.BufferOffset);
393 tilen = le16_to_cpu(pblob->TargetInfoArray.Length);
Dan Carpenter4991a5f2012-01-31 11:52:01 +0300394 if (tioffset > blob_len || tioffset + tilen > blob_len) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500395 cifs_dbg(VFS, "tioffset + tilen too high %u + %u",
396 tioffset, tilen);
Dan Carpenter4991a5f2012-01-31 11:52:01 +0300397 return -EINVAL;
398 }
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500399 if (tilen) {
Silviu-Mihai Popescuf7f7c182013-03-11 18:22:32 +0200400 ses->auth_key.response = kmemdup(bcc_ptr + tioffset, tilen,
401 GFP_KERNEL);
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500402 if (!ses->auth_key.response) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500403 cifs_dbg(VFS, "Challenge target info alloc failure");
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500404 return -ENOMEM;
405 }
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500406 ses->auth_key.len = tilen;
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500407 }
408
Steve French0b3cc8582009-05-04 08:37:12 +0000409 return 0;
410}
411
Steve French0b3cc8582009-05-04 08:37:12 +0000412/* BB Move to ntlmssp.c eventually */
413
414/* We do not malloc the blob, it is passed in pbuffer, because
415 it is fixed size, and small, making this approach cleaner */
Pavel Shilovsky5478f9b2011-12-27 16:22:00 +0400416void build_ntlmssp_negotiate_blob(unsigned char *pbuffer,
Steve French96daf2b2011-05-27 04:34:02 +0000417 struct cifs_ses *ses)
Steve French0b3cc8582009-05-04 08:37:12 +0000418{
419 NEGOTIATE_MESSAGE *sec_blob = (NEGOTIATE_MESSAGE *)pbuffer;
420 __u32 flags;
421
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600422 memset(pbuffer, 0, sizeof(NEGOTIATE_MESSAGE));
Steve French0b3cc8582009-05-04 08:37:12 +0000423 memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8);
424 sec_blob->MessageType = NtLmNegotiate;
425
426 /* BB is NTLMV2 session security format easier to use here? */
427 flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET |
428 NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600429 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;
Steve French96daf2b2011-05-27 04:34:02 +0000430 if (ses->server->sec_mode &
Shirish Pargaonkard2b91522010-10-21 14:25:08 -0500431 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) {
Steve French745e5072010-09-08 21:09:27 +0000432 flags |= NTLMSSP_NEGOTIATE_SIGN;
Shirish Pargaonkard2b91522010-10-21 14:25:08 -0500433 if (!ses->server->session_estab)
Shirish Pargaonkar62411ab2011-07-10 06:55:32 -0500434 flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
Shirish Pargaonkard2b91522010-10-21 14:25:08 -0500435 }
Steve French0b3cc8582009-05-04 08:37:12 +0000436
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600437 sec_blob->NegotiateFlags = cpu_to_le32(flags);
Steve French0b3cc8582009-05-04 08:37:12 +0000438
439 sec_blob->WorkstationName.BufferOffset = 0;
440 sec_blob->WorkstationName.Length = 0;
441 sec_blob->WorkstationName.MaximumLength = 0;
442
443 /* Domain name is sent on the Challenge not Negotiate NTLMSSP request */
444 sec_blob->DomainName.BufferOffset = 0;
445 sec_blob->DomainName.Length = 0;
446 sec_blob->DomainName.MaximumLength = 0;
447}
448
449/* We do not malloc the blob, it is passed in pbuffer, because its
450 maximum possible size is fixed and small, making this approach cleaner.
451 This function returns the length of the data in the blob */
Pavel Shilovsky5478f9b2011-12-27 16:22:00 +0400452int build_ntlmssp_auth_blob(unsigned char *pbuffer,
Shirish Pargaonkar89f150f2010-10-19 11:47:52 -0500453 u16 *buflen,
Steve French96daf2b2011-05-27 04:34:02 +0000454 struct cifs_ses *ses,
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500455 const struct nls_table *nls_cp)
Steve French0b3cc8582009-05-04 08:37:12 +0000456{
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500457 int rc;
Steve French0b3cc8582009-05-04 08:37:12 +0000458 AUTHENTICATE_MESSAGE *sec_blob = (AUTHENTICATE_MESSAGE *)pbuffer;
459 __u32 flags;
460 unsigned char *tmp;
Steve French0b3cc8582009-05-04 08:37:12 +0000461
462 memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8);
463 sec_blob->MessageType = NtLmAuthenticate;
464
465 flags = NTLMSSP_NEGOTIATE_56 |
466 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO |
467 NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600468 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;
Steve French96daf2b2011-05-27 04:34:02 +0000469 if (ses->server->sec_mode &
Shirish Pargaonkar62411ab2011-07-10 06:55:32 -0500470 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) {
Steve French0b3cc8582009-05-04 08:37:12 +0000471 flags |= NTLMSSP_NEGOTIATE_SIGN;
Shirish Pargaonkar62411ab2011-07-10 06:55:32 -0500472 if (!ses->server->session_estab)
473 flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
474 }
Steve French0b3cc8582009-05-04 08:37:12 +0000475
476 tmp = pbuffer + sizeof(AUTHENTICATE_MESSAGE);
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600477 sec_blob->NegotiateFlags = cpu_to_le32(flags);
Steve French0b3cc8582009-05-04 08:37:12 +0000478
479 sec_blob->LmChallengeResponse.BufferOffset =
480 cpu_to_le32(sizeof(AUTHENTICATE_MESSAGE));
481 sec_blob->LmChallengeResponse.Length = 0;
482 sec_blob->LmChallengeResponse.MaximumLength = 0;
483
Steve Frenchc8e56f12010-09-08 21:10:58 +0000484 sec_blob->NtChallengeResponse.BufferOffset = cpu_to_le32(tmp - pbuffer);
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500485 rc = setup_ntlmv2_rsp(ses, nls_cp);
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500486 if (rc) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500487 cifs_dbg(VFS, "Error %d during NTLMSSP authentication\n", rc);
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500488 goto setup_ntlmv2_ret;
489 }
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500490 memcpy(tmp, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
491 ses->auth_key.len - CIFS_SESS_KEY_SIZE);
492 tmp += ses->auth_key.len - CIFS_SESS_KEY_SIZE;
Steve Frenchc8e56f12010-09-08 21:10:58 +0000493
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500494 sec_blob->NtChallengeResponse.Length =
495 cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500496 sec_blob->NtChallengeResponse.MaximumLength =
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500497 cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
Steve French0b3cc8582009-05-04 08:37:12 +0000498
499 if (ses->domainName == NULL) {
500 sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - pbuffer);
501 sec_blob->DomainName.Length = 0;
502 sec_blob->DomainName.MaximumLength = 0;
503 tmp += 2;
504 } else {
505 int len;
Steve Frenchacbbb762012-01-18 22:32:33 -0600506 len = cifs_strtoUTF16((__le16 *)tmp, ses->domainName,
507 MAX_USERNAME_SIZE, nls_cp);
Steve French0b3cc8582009-05-04 08:37:12 +0000508 len *= 2; /* unicode is 2 bytes each */
Steve French0b3cc8582009-05-04 08:37:12 +0000509 sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - pbuffer);
510 sec_blob->DomainName.Length = cpu_to_le16(len);
511 sec_blob->DomainName.MaximumLength = cpu_to_le16(len);
512 tmp += len;
513 }
514
Steve French8727c8a2011-02-25 01:11:56 -0600515 if (ses->user_name == NULL) {
Steve French0b3cc8582009-05-04 08:37:12 +0000516 sec_blob->UserName.BufferOffset = cpu_to_le32(tmp - pbuffer);
517 sec_blob->UserName.Length = 0;
518 sec_blob->UserName.MaximumLength = 0;
519 tmp += 2;
520 } else {
521 int len;
Steve Frenchacbbb762012-01-18 22:32:33 -0600522 len = cifs_strtoUTF16((__le16 *)tmp, ses->user_name,
523 MAX_USERNAME_SIZE, nls_cp);
Steve French0b3cc8582009-05-04 08:37:12 +0000524 len *= 2; /* unicode is 2 bytes each */
Steve French0b3cc8582009-05-04 08:37:12 +0000525 sec_blob->UserName.BufferOffset = cpu_to_le32(tmp - pbuffer);
526 sec_blob->UserName.Length = cpu_to_le16(len);
527 sec_blob->UserName.MaximumLength = cpu_to_le16(len);
528 tmp += len;
529 }
530
531 sec_blob->WorkstationName.BufferOffset = cpu_to_le32(tmp - pbuffer);
532 sec_blob->WorkstationName.Length = 0;
533 sec_blob->WorkstationName.MaximumLength = 0;
534 tmp += 2;
535
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600536 if (((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) ||
537 (ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
538 && !calc_seckey(ses)) {
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500539 memcpy(tmp, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE);
Shirish Pargaonkard2b91522010-10-21 14:25:08 -0500540 sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);
541 sec_blob->SessionKey.Length = cpu_to_le16(CIFS_CPHTXT_SIZE);
542 sec_blob->SessionKey.MaximumLength =
543 cpu_to_le16(CIFS_CPHTXT_SIZE);
544 tmp += CIFS_CPHTXT_SIZE;
545 } else {
546 sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);
547 sec_blob->SessionKey.Length = 0;
548 sec_blob->SessionKey.MaximumLength = 0;
549 }
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500550
551setup_ntlmv2_ret:
Shirish Pargaonkar89f150f2010-10-19 11:47:52 -0500552 *buflen = tmp - pbuffer;
553 return rc;
Steve French0b3cc8582009-05-04 08:37:12 +0000554}
Steve French0b3cc8582009-05-04 08:37:12 +0000555
Steve French790fe572007-07-07 19:25:05 +0000556int
Pavel Shilovsky58c45c52012-05-25 10:54:49 +0400557CIFS_SessSetup(const unsigned int xid, struct cifs_ses *ses,
Jeff Laytonebe6aa52010-04-24 07:57:47 -0400558 const struct nls_table *nls_cp)
Steve French39798772006-05-31 22:40:51 +0000559{
560 int rc = 0;
561 int wct;
Steve French39798772006-05-31 22:40:51 +0000562 struct smb_hdr *smb_buf;
563 char *bcc_ptr;
Steve French750d1152006-06-27 06:28:30 +0000564 char *str_area;
Steve French39798772006-05-31 22:40:51 +0000565 SESSION_SETUP_ANDX *pSMB;
566 __u32 capabilities;
Jeff Layton690c5222011-01-20 13:36:51 -0500567 __u16 count;
Steve French24424212007-11-16 23:37:35 +0000568 int resp_buf_type;
569 struct kvec iov[3];
Steve French39798772006-05-31 22:40:51 +0000570 enum securityEnum type;
Jeff Layton690c5222011-01-20 13:36:51 -0500571 __u16 action, bytes_remaining;
Steve French24424212007-11-16 23:37:35 +0000572 struct key *spnego_key = NULL;
Steve French0b3cc8582009-05-04 08:37:12 +0000573 __le32 phase = NtLmNegotiate; /* NTLMSSP, if needed, is multistage */
Shirish Pargaonkar89f150f2010-10-19 11:47:52 -0500574 u16 blob_len;
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500575 char *ntlmsspblob = NULL;
Steve French254e55e2006-06-04 05:53:15 +0000576
Jeff Layton3534b852013-05-24 07:41:01 -0400577 if (ses == NULL) {
578 WARN(1, "%s: ses == NULL!", __func__);
Steve French39798772006-05-31 22:40:51 +0000579 return -EINVAL;
Jeff Layton3534b852013-05-24 07:41:01 -0400580 }
Steve French39798772006-05-31 22:40:51 +0000581
582 type = ses->server->secType;
Joe Perchesf96637b2013-05-04 22:12:25 -0500583 cifs_dbg(FYI, "sess setup type %d\n", type);
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500584 if (type == RawNTLMSSP) {
585 /* if memory allocation is successful, caller of this function
586 * frees it.
587 */
588 ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL);
589 if (!ses->ntlmssp)
590 return -ENOMEM;
591 }
592
Steve French0b3cc8582009-05-04 08:37:12 +0000593ssetup_ntlmssp_authenticate:
594 if (phase == NtLmChallenge)
595 phase = NtLmAuthenticate; /* if ntlmssp, now final phase */
596
Steve French790fe572007-07-07 19:25:05 +0000597 if (type == LANMAN) {
Steve French39798772006-05-31 22:40:51 +0000598#ifndef CONFIG_CIFS_WEAK_PW_HASH
599 /* LANMAN and plaintext are less secure and off by default.
600 So we make this explicitly be turned on in kconfig (in the
601 build) and turned on at runtime (changed from the default)
602 in proc/fs/cifs or via mount parm. Unfortunately this is
603 needed for old Win (e.g. Win95), some obscure NAS and OS/2 */
604 return -EOPNOTSUPP;
605#endif
606 wct = 10; /* lanman 2 style sessionsetup */
Steve French790fe572007-07-07 19:25:05 +0000607 } else if ((type == NTLM) || (type == NTLMv2)) {
Steve French9312f672006-06-04 22:21:07 +0000608 /* For NTLMv2 failures eventually may need to retry NTLM */
Steve French39798772006-05-31 22:40:51 +0000609 wct = 13; /* old style NTLM sessionsetup */
Steve French790fe572007-07-07 19:25:05 +0000610 } else /* same size: negotiate or auth, NTLMSSP or extended security */
Steve French39798772006-05-31 22:40:51 +0000611 wct = 12;
612
613 rc = small_smb_init_no_tc(SMB_COM_SESSION_SETUP_ANDX, wct, ses,
614 (void **)&smb_buf);
Steve French790fe572007-07-07 19:25:05 +0000615 if (rc)
Steve French39798772006-05-31 22:40:51 +0000616 return rc;
617
618 pSMB = (SESSION_SETUP_ANDX *)smb_buf;
619
620 capabilities = cifs_ssetup_hdr(ses, pSMB);
Steve French750d1152006-06-27 06:28:30 +0000621
Steve French24424212007-11-16 23:37:35 +0000622 /* we will send the SMB in three pieces:
623 a fixed length beginning part, an optional
624 SPNEGO blob (which can be zero length), and a
625 last part which will include the strings
626 and rest of bcc area. This allows us to avoid
627 a large buffer 17K allocation */
Steve French790fe572007-07-07 19:25:05 +0000628 iov[0].iov_base = (char *)pSMB;
Steve Frenchbe8e3b02011-04-29 05:40:20 +0000629 iov[0].iov_len = be32_to_cpu(smb_buf->smb_buf_length) + 4;
Steve French750d1152006-06-27 06:28:30 +0000630
Steve French24424212007-11-16 23:37:35 +0000631 /* setting this here allows the code at the end of the function
632 to free the request buffer if there's an error */
633 resp_buf_type = CIFS_SMALL_BUFFER;
634
Steve French750d1152006-06-27 06:28:30 +0000635 /* 2000 big enough to fit max user, domain, NOS name etc. */
636 str_area = kmalloc(2000, GFP_KERNEL);
Cyrill Gorcunov5e6e6232007-08-18 00:15:20 +0000637 if (str_area == NULL) {
Steve French24424212007-11-16 23:37:35 +0000638 rc = -ENOMEM;
639 goto ssetup_exit;
Cyrill Gorcunov5e6e6232007-08-18 00:15:20 +0000640 }
Steve French750d1152006-06-27 06:28:30 +0000641 bcc_ptr = str_area;
Steve French39798772006-05-31 22:40:51 +0000642
Steve French24424212007-11-16 23:37:35 +0000643 iov[1].iov_base = NULL;
644 iov[1].iov_len = 0;
645
Steve French790fe572007-07-07 19:25:05 +0000646 if (type == LANMAN) {
Steve French39798772006-05-31 22:40:51 +0000647#ifdef CONFIG_CIFS_WEAK_PW_HASH
Shirish Pargaonkar5e640922011-02-17 14:38:31 -0600648 char lnm_session_key[CIFS_AUTH_RESP_SIZE];
Steve French39798772006-05-31 22:40:51 +0000649
Steve Frenchc76da9d2008-08-28 15:32:22 +0000650 pSMB->req.hdr.Flags2 &= ~SMBFLG2_UNICODE;
651
Steve French39798772006-05-31 22:40:51 +0000652 /* no capabilities flags in old lanman negotiation */
653
Shirish Pargaonkar5e640922011-02-17 14:38:31 -0600654 pSMB->old_req.PasswordLength = cpu_to_le16(CIFS_AUTH_RESP_SIZE);
Steve French39798772006-05-31 22:40:51 +0000655
Shirish Pargaonkard3ba50b2010-10-27 15:20:36 -0500656 /* Calculate hash with password and copy into bcc_ptr.
657 * Encryption Key (stored as in cryptkey) gets used if the
658 * security mode bit in Negottiate Protocol response states
659 * to use challenge/response method (i.e. Password bit is 1).
660 */
661
Steve French43988d72011-04-19 18:23:31 +0000662 rc = calc_lanman_hash(ses->password, ses->server->cryptkey,
Steve French96daf2b2011-05-27 04:34:02 +0000663 ses->server->sec_mode & SECMODE_PW_ENCRYPT ?
Jeff Layton4e53a3f2008-12-05 20:41:21 -0500664 true : false, lnm_session_key);
665
Shirish Pargaonkar5e640922011-02-17 14:38:31 -0600666 memcpy(bcc_ptr, (char *)lnm_session_key, CIFS_AUTH_RESP_SIZE);
667 bcc_ptr += CIFS_AUTH_RESP_SIZE;
Steve French39798772006-05-31 22:40:51 +0000668
669 /* can not sign if LANMAN negotiated so no need
670 to calculate signing key? but what if server
671 changed to do higher than lanman dialect and
672 we reconnected would we ever calc signing_key? */
673
Joe Perchesf96637b2013-05-04 22:12:25 -0500674 cifs_dbg(FYI, "Negotiating LANMAN setting up strings\n");
Steve French39798772006-05-31 22:40:51 +0000675 /* Unicode not allowed for LANMAN dialects */
676 ascii_ssetup_strings(&bcc_ptr, ses, nls_cp);
Steve French790fe572007-07-07 19:25:05 +0000677#endif
Steve French39798772006-05-31 22:40:51 +0000678 } else if (type == NTLM) {
Steve French39798772006-05-31 22:40:51 +0000679 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
680 pSMB->req_no_secext.CaseInsensitivePasswordLength =
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500681 cpu_to_le16(CIFS_AUTH_RESP_SIZE);
Steve French39798772006-05-31 22:40:51 +0000682 pSMB->req_no_secext.CaseSensitivePasswordLength =
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500683 cpu_to_le16(CIFS_AUTH_RESP_SIZE);
Steve French50c2f752007-07-13 00:33:32 +0000684
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500685 /* calculate ntlm response and session key */
Shirish Pargaonkar9ef59922011-10-20 13:21:59 -0500686 rc = setup_ntlm_response(ses, nls_cp);
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500687 if (rc) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500688 cifs_dbg(VFS, "Error %d during NTLM authentication\n",
689 rc);
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500690 goto ssetup_exit;
691 }
Steve French39798772006-05-31 22:40:51 +0000692
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500693 /* copy ntlm response */
694 memcpy(bcc_ptr, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
695 CIFS_AUTH_RESP_SIZE);
696 bcc_ptr += CIFS_AUTH_RESP_SIZE;
697 memcpy(bcc_ptr, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
698 CIFS_AUTH_RESP_SIZE);
699 bcc_ptr += CIFS_AUTH_RESP_SIZE;
700
Steve French790fe572007-07-07 19:25:05 +0000701 if (ses->capabilities & CAP_UNICODE) {
Steve French0223cf02006-06-27 19:50:57 +0000702 /* unicode strings must be word aligned */
703 if (iov[0].iov_len % 2) {
704 *bcc_ptr = 0;
Steve French790fe572007-07-07 19:25:05 +0000705 bcc_ptr++;
706 }
Steve French7c7b25b2006-06-01 19:20:10 +0000707 unicode_ssetup_strings(&bcc_ptr, ses, nls_cp);
Steve French0223cf02006-06-27 19:50:57 +0000708 } else
Steve French7c7b25b2006-06-01 19:20:10 +0000709 ascii_ssetup_strings(&bcc_ptr, ses, nls_cp);
710 } else if (type == NTLMv2) {
Steve French7c7b25b2006-06-01 19:20:10 +0000711 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
712
713 /* LM2 password would be here if we supported it */
714 pSMB->req_no_secext.CaseInsensitivePasswordLength = 0;
Steve French7c7b25b2006-06-01 19:20:10 +0000715
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500716 /* calculate nlmv2 response and session key */
717 rc = setup_ntlmv2_rsp(ses, nls_cp);
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500718 if (rc) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500719 cifs_dbg(VFS, "Error %d during NTLMv2 authentication\n",
720 rc);
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500721 goto ssetup_exit;
722 }
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500723 memcpy(bcc_ptr, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
724 ses->auth_key.len - CIFS_SESS_KEY_SIZE);
725 bcc_ptr += ses->auth_key.len - CIFS_SESS_KEY_SIZE;
726
Shirish Pargaonkarc9928f72010-10-04 19:56:13 -0500727 /* set case sensitive password length after tilen may get
728 * assigned, tilen is 0 otherwise.
729 */
730 pSMB->req_no_secext.CaseSensitivePasswordLength =
Shirish Pargaonkarf7c5445a2010-10-26 18:10:24 -0500731 cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
Shirish Pargaonkarc9928f72010-10-04 19:56:13 -0500732
Steve French790fe572007-07-07 19:25:05 +0000733 if (ses->capabilities & CAP_UNICODE) {
734 if (iov[0].iov_len % 2) {
Steve French0223cf02006-06-27 19:50:57 +0000735 *bcc_ptr = 0;
Steve French26f57362007-08-30 22:09:15 +0000736 bcc_ptr++;
737 }
Steve French39798772006-05-31 22:40:51 +0000738 unicode_ssetup_strings(&bcc_ptr, ses, nls_cp);
Steve French0223cf02006-06-27 19:50:57 +0000739 } else
Steve French39798772006-05-31 22:40:51 +0000740 ascii_ssetup_strings(&bcc_ptr, ses, nls_cp);
Jeff Layton26efa0b2010-04-24 07:57:49 -0400741 } else if (type == Kerberos) {
Steve French24424212007-11-16 23:37:35 +0000742#ifdef CONFIG_CIFS_UPCALL
743 struct cifs_spnego_msg *msg;
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500744
Steve French24424212007-11-16 23:37:35 +0000745 spnego_key = cifs_get_spnego_key(ses);
746 if (IS_ERR(spnego_key)) {
747 rc = PTR_ERR(spnego_key);
748 spnego_key = NULL;
749 goto ssetup_exit;
750 }
751
752 msg = spnego_key->payload.data;
Steve French6ce5eec2008-08-26 00:37:14 +0000753 /* check version field to make sure that cifs.upcall is
754 sending us a response in an expected form */
755 if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500756 cifs_dbg(VFS, "incorrect version of cifs.upcall "
757 "expected %d but got %d)",
Joe Perchesb6b38f72010-04-21 03:50:45 +0000758 CIFS_SPNEGO_UPCALL_VERSION, msg->version);
Steve French6ce5eec2008-08-26 00:37:14 +0000759 rc = -EKEYREJECTED;
760 goto ssetup_exit;
761 }
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500762
Silviu-Mihai Popescuf7f7c182013-03-11 18:22:32 +0200763 ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len,
764 GFP_KERNEL);
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500765 if (!ses->auth_key.response) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500766 cifs_dbg(VFS, "Kerberos can't allocate (%u bytes) memory",
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500767 msg->sesskey_len);
768 rc = -ENOMEM;
Steve French24424212007-11-16 23:37:35 +0000769 goto ssetup_exit;
770 }
Shirish Pargaonkar5d0d2882010-10-13 18:15:00 -0500771 ses->auth_key.len = msg->sesskey_len;
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500772
Steve French39798772006-05-31 22:40:51 +0000773 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
774 capabilities |= CAP_EXTENDED_SECURITY;
775 pSMB->req.Capabilities = cpu_to_le32(capabilities);
Steve French24424212007-11-16 23:37:35 +0000776 iov[1].iov_base = msg->data + msg->sesskey_len;
777 iov[1].iov_len = msg->secblob_len;
778 pSMB->req.SecurityBlobLength = cpu_to_le16(iov[1].iov_len);
779
780 if (ses->capabilities & CAP_UNICODE) {
781 /* unicode strings must be word aligned */
Jeff Layton28c5a022007-12-31 04:56:21 +0000782 if ((iov[0].iov_len + iov[1].iov_len) % 2) {
Steve French24424212007-11-16 23:37:35 +0000783 *bcc_ptr = 0;
784 bcc_ptr++;
785 }
786 unicode_oslm_strings(&bcc_ptr, nls_cp);
787 unicode_domain_string(&bcc_ptr, ses, nls_cp);
788 } else
789 /* BB: is this right? */
790 ascii_ssetup_strings(&bcc_ptr, ses, nls_cp);
791#else /* ! CONFIG_CIFS_UPCALL */
Joe Perchesf96637b2013-05-04 22:12:25 -0500792 cifs_dbg(VFS, "Kerberos negotiated but upcall support disabled!\n");
Steve French24424212007-11-16 23:37:35 +0000793 rc = -ENOSYS;
794 goto ssetup_exit;
795#endif /* CONFIG_CIFS_UPCALL */
Jeff Laytonb4d6fcf2011-01-07 11:30:28 -0500796 } else if (type == RawNTLMSSP) {
797 if ((pSMB->req.hdr.Flags2 & SMBFLG2_UNICODE) == 0) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500798 cifs_dbg(VFS, "NTLMSSP requires Unicode support\n");
Steve French0b3cc8582009-05-04 08:37:12 +0000799 rc = -ENOSYS;
800 goto ssetup_exit;
801 }
Jeff Laytonb4d6fcf2011-01-07 11:30:28 -0500802
Joe Perchesf96637b2013-05-04 22:12:25 -0500803 cifs_dbg(FYI, "ntlmssp session setup phase %d\n", phase);
Jeff Laytonb4d6fcf2011-01-07 11:30:28 -0500804 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
805 capabilities |= CAP_EXTENDED_SECURITY;
806 pSMB->req.Capabilities |= cpu_to_le32(capabilities);
807 switch(phase) {
808 case NtLmNegotiate:
809 build_ntlmssp_negotiate_blob(
810 pSMB->req.SecurityBlob, ses);
811 iov[1].iov_len = sizeof(NEGOTIATE_MESSAGE);
812 iov[1].iov_base = pSMB->req.SecurityBlob;
813 pSMB->req.SecurityBlobLength =
814 cpu_to_le16(sizeof(NEGOTIATE_MESSAGE));
815 break;
816 case NtLmAuthenticate:
817 /*
818 * 5 is an empirical value, large enough to hold
819 * authenticate message plus max 10 of av paris,
820 * domain, user, workstation names, flags, etc.
821 */
822 ntlmsspblob = kzalloc(
823 5*sizeof(struct _AUTHENTICATE_MESSAGE),
824 GFP_KERNEL);
825 if (!ntlmsspblob) {
Jeff Laytonb4d6fcf2011-01-07 11:30:28 -0500826 rc = -ENOMEM;
827 goto ssetup_exit;
828 }
829
830 rc = build_ntlmssp_auth_blob(ntlmsspblob,
831 &blob_len, ses, nls_cp);
832 if (rc)
833 goto ssetup_exit;
834 iov[1].iov_len = blob_len;
835 iov[1].iov_base = ntlmsspblob;
836 pSMB->req.SecurityBlobLength = cpu_to_le16(blob_len);
837 /*
838 * Make sure that we tell the server that we are using
839 * the uid that it just gave us back on the response
840 * (challenge)
841 */
842 smb_buf->Uid = ses->Suid;
843 break;
844 default:
Joe Perchesf96637b2013-05-04 22:12:25 -0500845 cifs_dbg(VFS, "invalid phase %d\n", phase);
Jeff Laytonb4d6fcf2011-01-07 11:30:28 -0500846 rc = -ENOSYS;
847 goto ssetup_exit;
848 }
849 /* unicode strings must be word aligned */
850 if ((iov[0].iov_len + iov[1].iov_len) % 2) {
851 *bcc_ptr = 0;
852 bcc_ptr++;
853 }
854 unicode_oslm_strings(&bcc_ptr, nls_cp);
855 } else {
Joe Perchesf96637b2013-05-04 22:12:25 -0500856 cifs_dbg(VFS, "secType %d not supported!\n", type);
Steve French24424212007-11-16 23:37:35 +0000857 rc = -ENOSYS;
858 goto ssetup_exit;
Steve French39798772006-05-31 22:40:51 +0000859 }
860
Steve French24424212007-11-16 23:37:35 +0000861 iov[2].iov_base = str_area;
862 iov[2].iov_len = (long) bcc_ptr - (long) str_area;
863
864 count = iov[1].iov_len + iov[2].iov_len;
Steve Frenchbe8e3b02011-04-29 05:40:20 +0000865 smb_buf->smb_buf_length =
866 cpu_to_be32(be32_to_cpu(smb_buf->smb_buf_length) + count);
Steve French39798772006-05-31 22:40:51 +0000867
Jeff Layton820a8032011-05-04 08:05:26 -0400868 put_bcc(count, smb_buf);
Steve French39798772006-05-31 22:40:51 +0000869
Steve French24424212007-11-16 23:37:35 +0000870 rc = SendReceive2(xid, ses, iov, 3 /* num_iovecs */, &resp_buf_type,
Jeff Layton77499812011-01-11 07:24:23 -0500871 CIFS_LOG_ERROR);
Steve French39798772006-05-31 22:40:51 +0000872 /* SMB request buf freed in SendReceive2 */
873
Steve French39798772006-05-31 22:40:51 +0000874 pSMB = (SESSION_SETUP_ANDX *)iov[0].iov_base;
875 smb_buf = (struct smb_hdr *)iov[0].iov_base;
876
Pavel Shilovskyf065fd02012-09-25 11:00:08 +0400877 if ((type == RawNTLMSSP) && (resp_buf_type != CIFS_NO_BUFFER) &&
878 (smb_buf->Status.CifsError ==
Steve French0b3cc8582009-05-04 08:37:12 +0000879 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))) {
880 if (phase != NtLmNegotiate) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500881 cifs_dbg(VFS, "Unexpected more processing error\n");
Steve French0b3cc8582009-05-04 08:37:12 +0000882 goto ssetup_exit;
883 }
884 /* NTLMSSP Negotiate sent now processing challenge (response) */
885 phase = NtLmChallenge; /* process ntlmssp challenge */
886 rc = 0; /* MORE_PROC rc is not an error here, but expected */
887 }
888 if (rc)
889 goto ssetup_exit;
890
Steve French790fe572007-07-07 19:25:05 +0000891 if ((smb_buf->WordCount != 3) && (smb_buf->WordCount != 4)) {
Steve French39798772006-05-31 22:40:51 +0000892 rc = -EIO;
Joe Perchesf96637b2013-05-04 22:12:25 -0500893 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount);
Steve French39798772006-05-31 22:40:51 +0000894 goto ssetup_exit;
895 }
896 action = le16_to_cpu(pSMB->resp.Action);
897 if (action & GUEST_LOGIN)
Joe Perchesf96637b2013-05-04 22:12:25 -0500898 cifs_dbg(FYI, "Guest login\n"); /* BB mark SesInfo struct? */
Steve French39798772006-05-31 22:40:51 +0000899 ses->Suid = smb_buf->Uid; /* UID left in wire format (le) */
Joe Perchesf96637b2013-05-04 22:12:25 -0500900 cifs_dbg(FYI, "UID = %llu\n", ses->Suid);
Steve French39798772006-05-31 22:40:51 +0000901 /* response can have either 3 or 4 word count - Samba sends 3 */
902 /* and lanman response is 3 */
Jeff Layton690c5222011-01-20 13:36:51 -0500903 bytes_remaining = get_bcc(smb_buf);
Steve French39798772006-05-31 22:40:51 +0000904 bcc_ptr = pByteArea(smb_buf);
905
Steve French790fe572007-07-07 19:25:05 +0000906 if (smb_buf->WordCount == 4) {
Steve French39798772006-05-31 22:40:51 +0000907 blob_len = le16_to_cpu(pSMB->resp.SecurityBlobLength);
Steve French790fe572007-07-07 19:25:05 +0000908 if (blob_len > bytes_remaining) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500909 cifs_dbg(VFS, "bad security blob length %d\n",
910 blob_len);
Steve French39798772006-05-31 22:40:51 +0000911 rc = -EINVAL;
912 goto ssetup_exit;
913 }
Steve French0b3cc8582009-05-04 08:37:12 +0000914 if (phase == NtLmChallenge) {
915 rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
916 /* now goto beginning for ntlmssp authenticate phase */
917 if (rc)
918 goto ssetup_exit;
919 }
920 bcc_ptr += blob_len;
Steve French39798772006-05-31 22:40:51 +0000921 bytes_remaining -= blob_len;
Steve French790fe572007-07-07 19:25:05 +0000922 }
Steve French39798772006-05-31 22:40:51 +0000923
924 /* BB check if Unicode and decode strings */
Jeff Laytonfcda7f42011-04-27 13:25:51 -0400925 if (bytes_remaining == 0) {
926 /* no string area to decode, do nothing */
927 } else if (smb_buf->Flags2 & SMBFLG2_UNICODE) {
Jeff Layton27b87fe2009-04-14 11:00:53 -0400928 /* unicode string area must be word-aligned */
929 if (((unsigned long) bcc_ptr - (unsigned long) smb_buf) % 2) {
930 ++bcc_ptr;
931 --bytes_remaining;
932 }
Jeff Layton59140792009-04-30 07:16:21 -0400933 decode_unicode_ssetup(&bcc_ptr, bytes_remaining, ses, nls_cp);
Jeff Layton27b87fe2009-04-14 11:00:53 -0400934 } else {
Jeff Layton7d066452013-05-24 07:41:00 -0400935 decode_ascii_ssetup(&bcc_ptr, bytes_remaining, ses, nls_cp);
Jeff Layton27b87fe2009-04-14 11:00:53 -0400936 }
Steve French50c2f752007-07-13 00:33:32 +0000937
Steve French39798772006-05-31 22:40:51 +0000938ssetup_exit:
Jeff Laytondfd15c42008-09-24 11:32:59 -0400939 if (spnego_key) {
Jeff Layton00401ff2012-07-23 13:14:28 -0400940 key_invalidate(spnego_key);
Steve French24424212007-11-16 23:37:35 +0000941 key_put(spnego_key);
Jeff Laytondfd15c42008-09-24 11:32:59 -0400942 }
Steve French750d1152006-06-27 06:28:30 +0000943 kfree(str_area);
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500944 kfree(ntlmsspblob);
945 ntlmsspblob = NULL;
Steve French790fe572007-07-07 19:25:05 +0000946 if (resp_buf_type == CIFS_SMALL_BUFFER) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500947 cifs_dbg(FYI, "ssetup freeing small buf %p\n", iov[0].iov_base);
Steve French39798772006-05-31 22:40:51 +0000948 cifs_small_buf_release(iov[0].iov_base);
Steve French790fe572007-07-07 19:25:05 +0000949 } else if (resp_buf_type == CIFS_LARGE_BUFFER)
Steve French39798772006-05-31 22:40:51 +0000950 cifs_buf_release(iov[0].iov_base);
951
Steve French0b3cc8582009-05-04 08:37:12 +0000952 /* if ntlmssp, and negotiate succeeded, proceed to authenticate phase */
953 if ((phase == NtLmChallenge) && (rc == 0))
954 goto ssetup_ntlmssp_authenticate;
955
Steve French39798772006-05-31 22:40:51 +0000956 return rc;
957}