blob: a1118e30e7c71f6020014f7cfeff08f43a7213f1 [file] [log] [blame]
Steve French39798772006-05-31 22:40:51 +00001/*
2 * fs/cifs/sess.c
3 *
4 * SMB/CIFS session setup handling routines
5 *
Steve Frenchd185cda2009-04-30 17:45:10 +00006 * Copyright (c) International Business Machines Corp., 2006, 2009
Steve French39798772006-05-31 22:40:51 +00007 * Author(s): Steve French (sfrench@us.ibm.com)
8 *
9 * This library is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Lesser General Public License as published
11 * by the Free Software Foundation; either version 2.1 of the License, or
12 * (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
17 * the GNU Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public License
20 * along with this library; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 */
23
24#include "cifspdu.h"
25#include "cifsglob.h"
26#include "cifsproto.h"
27#include "cifs_unicode.h"
28#include "cifs_debug.h"
29#include "ntlmssp.h"
30#include "nterr.h"
Steve French9c535882006-06-01 05:09:10 +000031#include <linux/utsname.h>
Tejun Heo5a0e3ad2010-03-24 17:04:11 +090032#include <linux/slab.h>
Steve French24424212007-11-16 23:37:35 +000033#include "cifs_spnego.h"
Steve French39798772006-05-31 22:40:51 +000034
Steve French96daf2b2011-05-27 04:34:02 +000035static __u32 cifs_ssetup_hdr(struct cifs_ses *ses, SESSION_SETUP_ANDX *pSMB)
Steve French39798772006-05-31 22:40:51 +000036{
37 __u32 capabilities = 0;
38
39 /* init fields common to all four types of SessSetup */
Steve Frencheca6acf2009-02-20 05:43:09 +000040 /* Note that offsets for first seven fields in req struct are same */
41 /* in CIFS Specs so does not matter which of 3 forms of struct */
42 /* that we use in next few lines */
43 /* Note that header is initialized to zero in header_assemble */
Steve French39798772006-05-31 22:40:51 +000044 pSMB->req.AndXCommand = 0xFF;
Jeff Laytonc974bef2011-10-11 06:41:32 -040045 pSMB->req.MaxBufferSize = cpu_to_le16(min_t(u32,
46 CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4,
47 USHRT_MAX));
Steve French39798772006-05-31 22:40:51 +000048 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
Fabian Frederickbc09d142014-12-10 15:41:15 -080049 pSMB->req.VcNumber = cpu_to_le16(1);
Steve French39798772006-05-31 22:40:51 +000050
51 /* Now no need to set SMBFLG_CASELESS or obsolete CANONICAL PATH */
52
Steve French790fe572007-07-07 19:25:05 +000053 /* BB verify whether signing required on neg or just on auth frame
Steve French39798772006-05-31 22:40:51 +000054 (and NTLM case) */
55
56 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
57 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
58
Jeff Layton38d77c52013-05-26 07:01:00 -040059 if (ses->server->sign)
Steve French39798772006-05-31 22:40:51 +000060 pSMB->req.hdr.Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
61
62 if (ses->capabilities & CAP_UNICODE) {
63 pSMB->req.hdr.Flags2 |= SMBFLG2_UNICODE;
64 capabilities |= CAP_UNICODE;
65 }
66 if (ses->capabilities & CAP_STATUS32) {
67 pSMB->req.hdr.Flags2 |= SMBFLG2_ERR_STATUS;
68 capabilities |= CAP_STATUS32;
69 }
70 if (ses->capabilities & CAP_DFS) {
71 pSMB->req.hdr.Flags2 |= SMBFLG2_DFS;
72 capabilities |= CAP_DFS;
73 }
Steve French26f57362007-08-30 22:09:15 +000074 if (ses->capabilities & CAP_UNIX)
Steve French39798772006-05-31 22:40:51 +000075 capabilities |= CAP_UNIX;
Steve French39798772006-05-31 22:40:51 +000076
Steve French39798772006-05-31 22:40:51 +000077 return capabilities;
78}
79
Jeff Layton0d3a01f2007-10-16 17:32:19 +000080static void
81unicode_oslm_strings(char **pbcc_area, const struct nls_table *nls_cp)
82{
83 char *bcc_ptr = *pbcc_area;
84 int bytes_ret = 0;
85
86 /* Copy OS version */
Steve Frenchacbbb762012-01-18 22:32:33 -060087 bytes_ret = cifs_strtoUTF16((__le16 *)bcc_ptr, "Linux version ", 32,
88 nls_cp);
Jeff Layton0d3a01f2007-10-16 17:32:19 +000089 bcc_ptr += 2 * bytes_ret;
Steve Frenchacbbb762012-01-18 22:32:33 -060090 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, init_utsname()->release,
91 32, nls_cp);
Jeff Layton0d3a01f2007-10-16 17:32:19 +000092 bcc_ptr += 2 * bytes_ret;
93 bcc_ptr += 2; /* trailing null */
94
Steve Frenchacbbb762012-01-18 22:32:33 -060095 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
96 32, nls_cp);
Jeff Layton0d3a01f2007-10-16 17:32:19 +000097 bcc_ptr += 2 * bytes_ret;
98 bcc_ptr += 2; /* trailing null */
99
100 *pbcc_area = bcc_ptr;
101}
102
Steve French96daf2b2011-05-27 04:34:02 +0000103static void unicode_domain_string(char **pbcc_area, struct cifs_ses *ses,
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000104 const struct nls_table *nls_cp)
105{
106 char *bcc_ptr = *pbcc_area;
107 int bytes_ret = 0;
108
109 /* copy domain */
110 if (ses->domainName == NULL) {
111 /* Sending null domain better than using a bogus domain name (as
112 we did briefly in 2.6.18) since server will use its default */
113 *bcc_ptr = 0;
114 *(bcc_ptr+1) = 0;
115 bytes_ret = 0;
116 } else
Steve Frenchacbbb762012-01-18 22:32:33 -0600117 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, ses->domainName,
Chen Gang057d6332013-07-19 09:01:36 +0800118 CIFS_MAX_DOMAINNAME_LEN, nls_cp);
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000119 bcc_ptr += 2 * bytes_ret;
120 bcc_ptr += 2; /* account for null terminator */
121
122 *pbcc_area = bcc_ptr;
123}
124
125
Steve French96daf2b2011-05-27 04:34:02 +0000126static void unicode_ssetup_strings(char **pbcc_area, struct cifs_ses *ses,
Steve French790fe572007-07-07 19:25:05 +0000127 const struct nls_table *nls_cp)
Steve French39798772006-05-31 22:40:51 +0000128{
Steve French790fe572007-07-07 19:25:05 +0000129 char *bcc_ptr = *pbcc_area;
Steve French39798772006-05-31 22:40:51 +0000130 int bytes_ret = 0;
131
132 /* BB FIXME add check that strings total less
133 than 335 or will need to send them as arrays */
134
Steve French0223cf02006-06-27 19:50:57 +0000135 /* unicode strings, must be word aligned before the call */
136/* if ((long) bcc_ptr % 2) {
Steve French39798772006-05-31 22:40:51 +0000137 *bcc_ptr = 0;
138 bcc_ptr++;
Steve French0223cf02006-06-27 19:50:57 +0000139 } */
Steve French39798772006-05-31 22:40:51 +0000140 /* copy user */
Steve French8727c8a2011-02-25 01:11:56 -0600141 if (ses->user_name == NULL) {
Steve French6e659c62006-11-08 23:10:46 +0000142 /* null user mount */
143 *bcc_ptr = 0;
144 *(bcc_ptr+1) = 0;
Steve French301a6a32010-02-06 07:08:53 +0000145 } else {
Steve Frenchacbbb762012-01-18 22:32:33 -0600146 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, ses->user_name,
Scott Lovenberg8c3a2b42013-08-09 08:47:17 -0400147 CIFS_MAX_USERNAME_LEN, nls_cp);
Steve French39798772006-05-31 22:40:51 +0000148 }
149 bcc_ptr += 2 * bytes_ret;
150 bcc_ptr += 2; /* account for null termination */
Steve French39798772006-05-31 22:40:51 +0000151
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000152 unicode_domain_string(&bcc_ptr, ses, nls_cp);
153 unicode_oslm_strings(&bcc_ptr, nls_cp);
Steve French39798772006-05-31 22:40:51 +0000154
155 *pbcc_area = bcc_ptr;
156}
157
Steve French96daf2b2011-05-27 04:34:02 +0000158static void ascii_ssetup_strings(char **pbcc_area, struct cifs_ses *ses,
Steve French790fe572007-07-07 19:25:05 +0000159 const struct nls_table *nls_cp)
Steve French39798772006-05-31 22:40:51 +0000160{
Steve French790fe572007-07-07 19:25:05 +0000161 char *bcc_ptr = *pbcc_area;
Steve French39798772006-05-31 22:40:51 +0000162
163 /* copy user */
164 /* BB what about null user mounts - check that we do this BB */
Steve French790fe572007-07-07 19:25:05 +0000165 /* copy user */
Shirish Pargaonkarde47a412012-02-02 15:28:28 -0600166 if (ses->user_name != NULL) {
Scott Lovenberg8c3a2b42013-08-09 08:47:17 -0400167 strncpy(bcc_ptr, ses->user_name, CIFS_MAX_USERNAME_LEN);
168 bcc_ptr += strnlen(ses->user_name, CIFS_MAX_USERNAME_LEN);
Shirish Pargaonkarde47a412012-02-02 15:28:28 -0600169 }
Steve French8727c8a2011-02-25 01:11:56 -0600170 /* else null user mount */
Steve French39798772006-05-31 22:40:51 +0000171 *bcc_ptr = 0;
Steve French790fe572007-07-07 19:25:05 +0000172 bcc_ptr++; /* account for null termination */
Steve French39798772006-05-31 22:40:51 +0000173
Steve French790fe572007-07-07 19:25:05 +0000174 /* copy domain */
Steve French790fe572007-07-07 19:25:05 +0000175 if (ses->domainName != NULL) {
Chen Gang057d6332013-07-19 09:01:36 +0800176 strncpy(bcc_ptr, ses->domainName, CIFS_MAX_DOMAINNAME_LEN);
177 bcc_ptr += strnlen(ses->domainName, CIFS_MAX_DOMAINNAME_LEN);
Steve French790fe572007-07-07 19:25:05 +0000178 } /* else we will send a null domain name
Steve French6e659c62006-11-08 23:10:46 +0000179 so the server will default to its own domain */
Steve French39798772006-05-31 22:40:51 +0000180 *bcc_ptr = 0;
181 bcc_ptr++;
182
183 /* BB check for overflow here */
184
185 strcpy(bcc_ptr, "Linux version ");
186 bcc_ptr += strlen("Linux version ");
Serge E. Hallyn96b644b2006-10-02 02:18:13 -0700187 strcpy(bcc_ptr, init_utsname()->release);
188 bcc_ptr += strlen(init_utsname()->release) + 1;
Steve French39798772006-05-31 22:40:51 +0000189
190 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
191 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
192
Steve French790fe572007-07-07 19:25:05 +0000193 *pbcc_area = bcc_ptr;
Steve French39798772006-05-31 22:40:51 +0000194}
195
Jeff Layton59140792009-04-30 07:16:21 -0400196static void
Steve French96daf2b2011-05-27 04:34:02 +0000197decode_unicode_ssetup(char **pbcc_area, int bleft, struct cifs_ses *ses,
Jeff Layton59140792009-04-30 07:16:21 -0400198 const struct nls_table *nls_cp)
Steve French39798772006-05-31 22:40:51 +0000199{
Jeff Layton59140792009-04-30 07:16:21 -0400200 int len;
Steve French790fe572007-07-07 19:25:05 +0000201 char *data = *pbcc_area;
Steve French39798772006-05-31 22:40:51 +0000202
Joe Perchesf96637b2013-05-04 22:12:25 -0500203 cifs_dbg(FYI, "bleft %d\n", bleft);
Steve French39798772006-05-31 22:40:51 +0000204
Steve French26f57362007-08-30 22:09:15 +0000205 kfree(ses->serverOS);
Steve Frenchacbbb762012-01-18 22:32:33 -0600206 ses->serverOS = cifs_strndup_from_utf16(data, bleft, true, nls_cp);
Joe Perchesf96637b2013-05-04 22:12:25 -0500207 cifs_dbg(FYI, "serverOS=%s\n", ses->serverOS);
Jeff Layton59140792009-04-30 07:16:21 -0400208 len = (UniStrnlen((wchar_t *) data, bleft / 2) * 2) + 2;
209 data += len;
210 bleft -= len;
211 if (bleft <= 0)
212 return;
Steve French39798772006-05-31 22:40:51 +0000213
Steve French26f57362007-08-30 22:09:15 +0000214 kfree(ses->serverNOS);
Steve Frenchacbbb762012-01-18 22:32:33 -0600215 ses->serverNOS = cifs_strndup_from_utf16(data, bleft, true, nls_cp);
Joe Perchesf96637b2013-05-04 22:12:25 -0500216 cifs_dbg(FYI, "serverNOS=%s\n", ses->serverNOS);
Jeff Layton59140792009-04-30 07:16:21 -0400217 len = (UniStrnlen((wchar_t *) data, bleft / 2) * 2) + 2;
218 data += len;
219 bleft -= len;
220 if (bleft <= 0)
221 return;
Steve French39798772006-05-31 22:40:51 +0000222
Steve French26f57362007-08-30 22:09:15 +0000223 kfree(ses->serverDomain);
Steve Frenchacbbb762012-01-18 22:32:33 -0600224 ses->serverDomain = cifs_strndup_from_utf16(data, bleft, true, nls_cp);
Joe Perchesf96637b2013-05-04 22:12:25 -0500225 cifs_dbg(FYI, "serverDomain=%s\n", ses->serverDomain);
Steve French790fe572007-07-07 19:25:05 +0000226
Jeff Layton59140792009-04-30 07:16:21 -0400227 return;
Steve French39798772006-05-31 22:40:51 +0000228}
229
Jeff Layton7d066452013-05-24 07:41:00 -0400230static void decode_ascii_ssetup(char **pbcc_area, __u16 bleft,
231 struct cifs_ses *ses,
232 const struct nls_table *nls_cp)
Steve French39798772006-05-31 22:40:51 +0000233{
Steve French39798772006-05-31 22:40:51 +0000234 int len;
Steve French790fe572007-07-07 19:25:05 +0000235 char *bcc_ptr = *pbcc_area;
Steve French39798772006-05-31 22:40:51 +0000236
Joe Perchesf96637b2013-05-04 22:12:25 -0500237 cifs_dbg(FYI, "decode sessetup ascii. bleft %d\n", bleft);
Steve French50c2f752007-07-13 00:33:32 +0000238
Steve French39798772006-05-31 22:40:51 +0000239 len = strnlen(bcc_ptr, bleft);
Steve French790fe572007-07-07 19:25:05 +0000240 if (len >= bleft)
Jeff Layton7d066452013-05-24 07:41:00 -0400241 return;
Steve French50c2f752007-07-13 00:33:32 +0000242
Steve French26f57362007-08-30 22:09:15 +0000243 kfree(ses->serverOS);
Steve French39798772006-05-31 22:40:51 +0000244
245 ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
Namjae Jeon27b7edc2014-08-20 19:39:28 +0900246 if (ses->serverOS) {
Steve French39798772006-05-31 22:40:51 +0000247 strncpy(ses->serverOS, bcc_ptr, len);
Namjae Jeon27b7edc2014-08-20 19:39:28 +0900248 if (strncmp(ses->serverOS, "OS/2", 4) == 0)
249 cifs_dbg(FYI, "OS/2 server\n");
250 }
Steve French39798772006-05-31 22:40:51 +0000251
252 bcc_ptr += len + 1;
253 bleft -= len + 1;
254
255 len = strnlen(bcc_ptr, bleft);
Steve French790fe572007-07-07 19:25:05 +0000256 if (len >= bleft)
Jeff Layton7d066452013-05-24 07:41:00 -0400257 return;
Steve French39798772006-05-31 22:40:51 +0000258
Steve French26f57362007-08-30 22:09:15 +0000259 kfree(ses->serverNOS);
Steve French39798772006-05-31 22:40:51 +0000260
261 ses->serverNOS = kzalloc(len + 1, GFP_KERNEL);
Steve French790fe572007-07-07 19:25:05 +0000262 if (ses->serverNOS)
Steve French39798772006-05-31 22:40:51 +0000263 strncpy(ses->serverNOS, bcc_ptr, len);
264
265 bcc_ptr += len + 1;
266 bleft -= len + 1;
267
Steve French790fe572007-07-07 19:25:05 +0000268 len = strnlen(bcc_ptr, bleft);
269 if (len > bleft)
Jeff Layton7d066452013-05-24 07:41:00 -0400270 return;
Steve French39798772006-05-31 22:40:51 +0000271
Steve French9ac00b72006-09-30 04:13:17 +0000272 /* No domain field in LANMAN case. Domain is
273 returned by old servers in the SMB negprot response */
274 /* BB For newer servers which do not support Unicode,
275 but thus do return domain here we could add parsing
276 for it later, but it is not very important */
Joe Perchesf96637b2013-05-04 22:12:25 -0500277 cifs_dbg(FYI, "ascii: bytes left %d\n", bleft);
Steve French39798772006-05-31 22:40:51 +0000278}
279
Pavel Shilovsky5478f9b2011-12-27 16:22:00 +0400280int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len,
Steve French96daf2b2011-05-27 04:34:02 +0000281 struct cifs_ses *ses)
Steve French0b3cc8582009-05-04 08:37:12 +0000282{
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500283 unsigned int tioffset; /* challenge message target info area */
284 unsigned int tilen; /* challenge message target info area length */
285
Steve French0b3cc8582009-05-04 08:37:12 +0000286 CHALLENGE_MESSAGE *pblob = (CHALLENGE_MESSAGE *)bcc_ptr;
287
288 if (blob_len < sizeof(CHALLENGE_MESSAGE)) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500289 cifs_dbg(VFS, "challenge blob len %d too small\n", blob_len);
Steve French0b3cc8582009-05-04 08:37:12 +0000290 return -EINVAL;
291 }
292
293 if (memcmp(pblob->Signature, "NTLMSSP", 8)) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500294 cifs_dbg(VFS, "blob signature incorrect %s\n",
295 pblob->Signature);
Steve French0b3cc8582009-05-04 08:37:12 +0000296 return -EINVAL;
297 }
298 if (pblob->MessageType != NtLmChallenge) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500299 cifs_dbg(VFS, "Incorrect message type %d\n",
300 pblob->MessageType);
Steve French0b3cc8582009-05-04 08:37:12 +0000301 return -EINVAL;
302 }
303
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500304 memcpy(ses->ntlmssp->cryptkey, pblob->Challenge, CIFS_CRYPTO_KEY_SIZE);
Steve French0b3cc8582009-05-04 08:37:12 +0000305 /* BB we could decode pblob->NegotiateFlags; some may be useful */
306 /* In particular we can examine sign flags */
307 /* BB spec says that if AvId field of MsvAvTimestamp is populated then
308 we must set the MIC field of the AUTHENTICATE_MESSAGE */
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500309 ses->ntlmssp->server_flags = le32_to_cpu(pblob->NegotiateFlags);
Steve French5443d132011-03-13 05:08:25 +0000310 tioffset = le32_to_cpu(pblob->TargetInfoArray.BufferOffset);
311 tilen = le16_to_cpu(pblob->TargetInfoArray.Length);
Dan Carpenter4991a5f2012-01-31 11:52:01 +0300312 if (tioffset > blob_len || tioffset + tilen > blob_len) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500313 cifs_dbg(VFS, "tioffset + tilen too high %u + %u",
314 tioffset, tilen);
Dan Carpenter4991a5f2012-01-31 11:52:01 +0300315 return -EINVAL;
316 }
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500317 if (tilen) {
Silviu-Mihai Popescuf7f7c182013-03-11 18:22:32 +0200318 ses->auth_key.response = kmemdup(bcc_ptr + tioffset, tilen,
319 GFP_KERNEL);
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500320 if (!ses->auth_key.response) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500321 cifs_dbg(VFS, "Challenge target info alloc failure");
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500322 return -ENOMEM;
323 }
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500324 ses->auth_key.len = tilen;
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500325 }
326
Steve French0b3cc8582009-05-04 08:37:12 +0000327 return 0;
328}
329
Steve French0b3cc8582009-05-04 08:37:12 +0000330/* BB Move to ntlmssp.c eventually */
331
332/* We do not malloc the blob, it is passed in pbuffer, because
333 it is fixed size, and small, making this approach cleaner */
Pavel Shilovsky5478f9b2011-12-27 16:22:00 +0400334void build_ntlmssp_negotiate_blob(unsigned char *pbuffer,
Steve French96daf2b2011-05-27 04:34:02 +0000335 struct cifs_ses *ses)
Steve French0b3cc8582009-05-04 08:37:12 +0000336{
337 NEGOTIATE_MESSAGE *sec_blob = (NEGOTIATE_MESSAGE *)pbuffer;
338 __u32 flags;
339
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600340 memset(pbuffer, 0, sizeof(NEGOTIATE_MESSAGE));
Steve French0b3cc8582009-05-04 08:37:12 +0000341 memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8);
342 sec_blob->MessageType = NtLmNegotiate;
343
344 /* BB is NTLMV2 session security format easier to use here? */
345 flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET |
346 NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600347 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;
Jeff Layton38d77c52013-05-26 07:01:00 -0400348 if (ses->server->sign) {
Steve French745e5072010-09-08 21:09:27 +0000349 flags |= NTLMSSP_NEGOTIATE_SIGN;
Shirish Pargaonkar5c234aa2013-08-29 08:35:10 -0500350 if (!ses->server->session_estab ||
351 ses->ntlmssp->sesskey_per_smbsess)
Shirish Pargaonkar62411ab2011-07-10 06:55:32 -0500352 flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
Shirish Pargaonkard2b91522010-10-21 14:25:08 -0500353 }
Steve French0b3cc8582009-05-04 08:37:12 +0000354
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600355 sec_blob->NegotiateFlags = cpu_to_le32(flags);
Steve French0b3cc8582009-05-04 08:37:12 +0000356
357 sec_blob->WorkstationName.BufferOffset = 0;
358 sec_blob->WorkstationName.Length = 0;
359 sec_blob->WorkstationName.MaximumLength = 0;
360
361 /* Domain name is sent on the Challenge not Negotiate NTLMSSP request */
362 sec_blob->DomainName.BufferOffset = 0;
363 sec_blob->DomainName.Length = 0;
364 sec_blob->DomainName.MaximumLength = 0;
365}
366
Jerome Marchandb8da3442016-05-26 11:52:25 +0200367static int size_of_ntlmssp_blob(struct cifs_ses *ses)
368{
369 int sz = sizeof(AUTHENTICATE_MESSAGE) + ses->auth_key.len
370 - CIFS_SESS_KEY_SIZE + CIFS_CPHTXT_SIZE + 2;
371
372 if (ses->domainName)
373 sz += 2 * strnlen(ses->domainName, CIFS_MAX_DOMAINNAME_LEN);
374 else
375 sz += 2;
376
377 if (ses->user_name)
378 sz += 2 * strnlen(ses->user_name, CIFS_MAX_USERNAME_LEN);
379 else
380 sz += 2;
381
382 return sz;
383}
384
385int build_ntlmssp_auth_blob(unsigned char **pbuffer,
Shirish Pargaonkar89f150f2010-10-19 11:47:52 -0500386 u16 *buflen,
Steve French96daf2b2011-05-27 04:34:02 +0000387 struct cifs_ses *ses,
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500388 const struct nls_table *nls_cp)
Steve French0b3cc8582009-05-04 08:37:12 +0000389{
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500390 int rc;
Jerome Marchandb8da3442016-05-26 11:52:25 +0200391 AUTHENTICATE_MESSAGE *sec_blob;
Steve French0b3cc8582009-05-04 08:37:12 +0000392 __u32 flags;
393 unsigned char *tmp;
Steve French0b3cc8582009-05-04 08:37:12 +0000394
Jerome Marchandb8da3442016-05-26 11:52:25 +0200395 rc = setup_ntlmv2_rsp(ses, nls_cp);
396 if (rc) {
397 cifs_dbg(VFS, "Error %d during NTLMSSP authentication\n", rc);
398 *buflen = 0;
399 goto setup_ntlmv2_ret;
400 }
401 *pbuffer = kmalloc(size_of_ntlmssp_blob(ses), GFP_KERNEL);
402 sec_blob = (AUTHENTICATE_MESSAGE *)*pbuffer;
403
Steve French0b3cc8582009-05-04 08:37:12 +0000404 memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8);
405 sec_blob->MessageType = NtLmAuthenticate;
406
407 flags = NTLMSSP_NEGOTIATE_56 |
408 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO |
409 NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600410 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;
Jeff Layton38d77c52013-05-26 07:01:00 -0400411 if (ses->server->sign) {
Steve French0b3cc8582009-05-04 08:37:12 +0000412 flags |= NTLMSSP_NEGOTIATE_SIGN;
Shirish Pargaonkar5c234aa2013-08-29 08:35:10 -0500413 if (!ses->server->session_estab ||
414 ses->ntlmssp->sesskey_per_smbsess)
Shirish Pargaonkar62411ab2011-07-10 06:55:32 -0500415 flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
416 }
Steve French0b3cc8582009-05-04 08:37:12 +0000417
Jerome Marchandb8da3442016-05-26 11:52:25 +0200418 tmp = *pbuffer + sizeof(AUTHENTICATE_MESSAGE);
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600419 sec_blob->NegotiateFlags = cpu_to_le32(flags);
Steve French0b3cc8582009-05-04 08:37:12 +0000420
421 sec_blob->LmChallengeResponse.BufferOffset =
422 cpu_to_le32(sizeof(AUTHENTICATE_MESSAGE));
423 sec_blob->LmChallengeResponse.Length = 0;
424 sec_blob->LmChallengeResponse.MaximumLength = 0;
425
Jerome Marchandb8da3442016-05-26 11:52:25 +0200426 sec_blob->NtChallengeResponse.BufferOffset =
427 cpu_to_le32(tmp - *pbuffer);
Stefan Metzmachercfda35d2016-05-03 10:52:30 +0200428 if (ses->user_name != NULL) {
Stefan Metzmachercfda35d2016-05-03 10:52:30 +0200429 memcpy(tmp, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
430 ses->auth_key.len - CIFS_SESS_KEY_SIZE);
431 tmp += ses->auth_key.len - CIFS_SESS_KEY_SIZE;
Steve Frenchc8e56f12010-09-08 21:10:58 +0000432
Stefan Metzmachercfda35d2016-05-03 10:52:30 +0200433 sec_blob->NtChallengeResponse.Length =
434 cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
435 sec_blob->NtChallengeResponse.MaximumLength =
436 cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
437 } else {
438 /*
439 * don't send an NT Response for anonymous access
440 */
441 sec_blob->NtChallengeResponse.Length = 0;
442 sec_blob->NtChallengeResponse.MaximumLength = 0;
443 }
Steve French0b3cc8582009-05-04 08:37:12 +0000444
445 if (ses->domainName == NULL) {
Jerome Marchandb8da3442016-05-26 11:52:25 +0200446 sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - *pbuffer);
Steve French0b3cc8582009-05-04 08:37:12 +0000447 sec_blob->DomainName.Length = 0;
448 sec_blob->DomainName.MaximumLength = 0;
449 tmp += 2;
450 } else {
451 int len;
Steve Frenchacbbb762012-01-18 22:32:33 -0600452 len = cifs_strtoUTF16((__le16 *)tmp, ses->domainName,
Jerome Marchand202d7722016-05-26 11:52:24 +0200453 CIFS_MAX_DOMAINNAME_LEN, nls_cp);
Steve French0b3cc8582009-05-04 08:37:12 +0000454 len *= 2; /* unicode is 2 bytes each */
Jerome Marchandb8da3442016-05-26 11:52:25 +0200455 sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - *pbuffer);
Steve French0b3cc8582009-05-04 08:37:12 +0000456 sec_blob->DomainName.Length = cpu_to_le16(len);
457 sec_blob->DomainName.MaximumLength = cpu_to_le16(len);
458 tmp += len;
459 }
460
Steve French8727c8a2011-02-25 01:11:56 -0600461 if (ses->user_name == NULL) {
Jerome Marchandb8da3442016-05-26 11:52:25 +0200462 sec_blob->UserName.BufferOffset = cpu_to_le32(tmp - *pbuffer);
Steve French0b3cc8582009-05-04 08:37:12 +0000463 sec_blob->UserName.Length = 0;
464 sec_blob->UserName.MaximumLength = 0;
465 tmp += 2;
466 } else {
467 int len;
Steve Frenchacbbb762012-01-18 22:32:33 -0600468 len = cifs_strtoUTF16((__le16 *)tmp, ses->user_name,
Scott Lovenberg8c3a2b42013-08-09 08:47:17 -0400469 CIFS_MAX_USERNAME_LEN, nls_cp);
Steve French0b3cc8582009-05-04 08:37:12 +0000470 len *= 2; /* unicode is 2 bytes each */
Jerome Marchandb8da3442016-05-26 11:52:25 +0200471 sec_blob->UserName.BufferOffset = cpu_to_le32(tmp - *pbuffer);
Steve French0b3cc8582009-05-04 08:37:12 +0000472 sec_blob->UserName.Length = cpu_to_le16(len);
473 sec_blob->UserName.MaximumLength = cpu_to_le16(len);
474 tmp += len;
475 }
476
Jerome Marchandb8da3442016-05-26 11:52:25 +0200477 sec_blob->WorkstationName.BufferOffset = cpu_to_le32(tmp - *pbuffer);
Steve French0b3cc8582009-05-04 08:37:12 +0000478 sec_blob->WorkstationName.Length = 0;
479 sec_blob->WorkstationName.MaximumLength = 0;
480 tmp += 2;
481
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600482 if (((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) ||
483 (ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
484 && !calc_seckey(ses)) {
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500485 memcpy(tmp, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE);
Jerome Marchandb8da3442016-05-26 11:52:25 +0200486 sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - *pbuffer);
Shirish Pargaonkard2b91522010-10-21 14:25:08 -0500487 sec_blob->SessionKey.Length = cpu_to_le16(CIFS_CPHTXT_SIZE);
488 sec_blob->SessionKey.MaximumLength =
489 cpu_to_le16(CIFS_CPHTXT_SIZE);
490 tmp += CIFS_CPHTXT_SIZE;
491 } else {
Jerome Marchandb8da3442016-05-26 11:52:25 +0200492 sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - *pbuffer);
Shirish Pargaonkard2b91522010-10-21 14:25:08 -0500493 sec_blob->SessionKey.Length = 0;
494 sec_blob->SessionKey.MaximumLength = 0;
495 }
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500496
Jerome Marchandb8da3442016-05-26 11:52:25 +0200497 *buflen = tmp - *pbuffer;
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500498setup_ntlmv2_ret:
Shirish Pargaonkar89f150f2010-10-19 11:47:52 -0500499 return rc;
Steve French0b3cc8582009-05-04 08:37:12 +0000500}
Steve French0b3cc8582009-05-04 08:37:12 +0000501
Jeff Layton3f618222013-06-12 19:52:14 -0500502enum securityEnum
503select_sectype(struct TCP_Server_Info *server, enum securityEnum requested)
504{
505 switch (server->negflavor) {
506 case CIFS_NEGFLAVOR_EXTENDED:
507 switch (requested) {
508 case Kerberos:
509 case RawNTLMSSP:
510 return requested;
511 case Unspecified:
512 if (server->sec_ntlmssp &&
513 (global_secflags & CIFSSEC_MAY_NTLMSSP))
514 return RawNTLMSSP;
515 if ((server->sec_kerberos || server->sec_mskerberos) &&
516 (global_secflags & CIFSSEC_MAY_KRB5))
517 return Kerberos;
518 /* Fallthrough */
519 default:
520 return Unspecified;
521 }
522 case CIFS_NEGFLAVOR_UNENCAP:
523 switch (requested) {
524 case NTLM:
525 case NTLMv2:
526 return requested;
527 case Unspecified:
528 if (global_secflags & CIFSSEC_MAY_NTLMV2)
529 return NTLMv2;
530 if (global_secflags & CIFSSEC_MAY_NTLM)
531 return NTLM;
Jeff Layton3f618222013-06-12 19:52:14 -0500532 default:
Sachin Prabhudde23562013-09-27 18:35:42 +0100533 /* Fallthrough to attempt LANMAN authentication next */
534 break;
Jeff Layton3f618222013-06-12 19:52:14 -0500535 }
536 case CIFS_NEGFLAVOR_LANMAN:
537 switch (requested) {
538 case LANMAN:
539 return requested;
540 case Unspecified:
541 if (global_secflags & CIFSSEC_MAY_LANMAN)
542 return LANMAN;
543 /* Fallthrough */
544 default:
545 return Unspecified;
546 }
547 default:
548 return Unspecified;
549 }
550}
551
Sachin Prabhu80a0e632014-06-16 15:35:25 +0100552struct sess_data {
553 unsigned int xid;
554 struct cifs_ses *ses;
555 struct nls_table *nls_cp;
556 void (*func)(struct sess_data *);
557 int result;
558
559 /* we will send the SMB in three pieces:
560 * a fixed length beginning part, an optional
561 * SPNEGO blob (which can be zero length), and a
562 * last part which will include the strings
563 * and rest of bcc area. This allows us to avoid
564 * a large buffer 17K allocation
565 */
566 int buf0_type;
567 struct kvec iov[3];
568};
569
570static int
571sess_alloc_buffer(struct sess_data *sess_data, int wct)
572{
573 int rc;
574 struct cifs_ses *ses = sess_data->ses;
575 struct smb_hdr *smb_buf;
576
577 rc = small_smb_init_no_tc(SMB_COM_SESSION_SETUP_ANDX, wct, ses,
578 (void **)&smb_buf);
579
580 if (rc)
581 return rc;
582
583 sess_data->iov[0].iov_base = (char *)smb_buf;
584 sess_data->iov[0].iov_len = be32_to_cpu(smb_buf->smb_buf_length) + 4;
585 /*
586 * This variable will be used to clear the buffer
587 * allocated above in case of any error in the calling function.
588 */
589 sess_data->buf0_type = CIFS_SMALL_BUFFER;
590
591 /* 2000 big enough to fit max user, domain, NOS name etc. */
592 sess_data->iov[2].iov_base = kmalloc(2000, GFP_KERNEL);
593 if (!sess_data->iov[2].iov_base) {
594 rc = -ENOMEM;
595 goto out_free_smb_buf;
596 }
597
598 return 0;
599
600out_free_smb_buf:
601 kfree(smb_buf);
602 sess_data->iov[0].iov_base = NULL;
603 sess_data->iov[0].iov_len = 0;
604 sess_data->buf0_type = CIFS_NO_BUFFER;
605 return rc;
606}
607
608static void
609sess_free_buffer(struct sess_data *sess_data)
610{
611
612 free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
613 sess_data->buf0_type = CIFS_NO_BUFFER;
614 kfree(sess_data->iov[2].iov_base);
615}
616
617static int
618sess_establish_session(struct sess_data *sess_data)
619{
620 struct cifs_ses *ses = sess_data->ses;
621
622 mutex_lock(&ses->server->srv_mutex);
623 if (!ses->server->session_estab) {
624 if (ses->server->sign) {
625 ses->server->session_key.response =
626 kmemdup(ses->auth_key.response,
627 ses->auth_key.len, GFP_KERNEL);
628 if (!ses->server->session_key.response) {
629 mutex_unlock(&ses->server->srv_mutex);
630 return -ENOMEM;
631 }
632 ses->server->session_key.len =
633 ses->auth_key.len;
634 }
635 ses->server->sequence_number = 0x2;
636 ses->server->session_estab = true;
637 }
638 mutex_unlock(&ses->server->srv_mutex);
639
640 cifs_dbg(FYI, "CIFS session established successfully\n");
641 spin_lock(&GlobalMid_Lock);
642 ses->status = CifsGood;
643 ses->need_reconnect = false;
644 spin_unlock(&GlobalMid_Lock);
645
646 return 0;
647}
648
649static int
650sess_sendreceive(struct sess_data *sess_data)
651{
652 int rc;
653 struct smb_hdr *smb_buf = (struct smb_hdr *) sess_data->iov[0].iov_base;
654 __u16 count;
Pavel Shilovskyda502f72016-10-25 11:38:47 -0700655 struct kvec rsp_iov = { NULL, 0 };
Sachin Prabhu80a0e632014-06-16 15:35:25 +0100656
657 count = sess_data->iov[1].iov_len + sess_data->iov[2].iov_len;
658 smb_buf->smb_buf_length =
659 cpu_to_be32(be32_to_cpu(smb_buf->smb_buf_length) + count);
660 put_bcc(count, smb_buf);
661
662 rc = SendReceive2(sess_data->xid, sess_data->ses,
663 sess_data->iov, 3 /* num_iovecs */,
664 &sess_data->buf0_type,
Pavel Shilovskyda502f72016-10-25 11:38:47 -0700665 CIFS_LOG_ERROR, &rsp_iov);
666 cifs_small_buf_release(sess_data->iov[0].iov_base);
667 memcpy(&sess_data->iov[0], &rsp_iov, sizeof(struct kvec));
Sachin Prabhu80a0e632014-06-16 15:35:25 +0100668
669 return rc;
670}
671
672/*
673 * LANMAN and plaintext are less secure and off by default.
674 * So we make this explicitly be turned on in kconfig (in the
675 * build) and turned on at runtime (changed from the default)
676 * in proc/fs/cifs or via mount parm. Unfortunately this is
677 * needed for old Win (e.g. Win95), some obscure NAS and OS/2
678 */
679#ifdef CONFIG_CIFS_WEAK_PW_HASH
680static void
681sess_auth_lanman(struct sess_data *sess_data)
682{
683 int rc = 0;
684 struct smb_hdr *smb_buf;
685 SESSION_SETUP_ANDX *pSMB;
686 char *bcc_ptr;
687 struct cifs_ses *ses = sess_data->ses;
688 char lnm_session_key[CIFS_AUTH_RESP_SIZE];
689 __u32 capabilities;
690 __u16 bytes_remaining;
691
692 /* lanman 2 style sessionsetup */
693 /* wct = 10 */
694 rc = sess_alloc_buffer(sess_data, 10);
695 if (rc)
696 goto out;
697
698 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
699 bcc_ptr = sess_data->iov[2].iov_base;
700 capabilities = cifs_ssetup_hdr(ses, pSMB);
701
702 pSMB->req.hdr.Flags2 &= ~SMBFLG2_UNICODE;
703
Stefan Metzmacherfa8f3a32016-05-03 10:52:30 +0200704 if (ses->user_name != NULL) {
705 /* no capabilities flags in old lanman negotiation */
706 pSMB->old_req.PasswordLength = cpu_to_le16(CIFS_AUTH_RESP_SIZE);
Sachin Prabhu80a0e632014-06-16 15:35:25 +0100707
Stefan Metzmacherfa8f3a32016-05-03 10:52:30 +0200708 /* Calculate hash with password and copy into bcc_ptr.
709 * Encryption Key (stored as in cryptkey) gets used if the
710 * security mode bit in Negottiate Protocol response states
711 * to use challenge/response method (i.e. Password bit is 1).
712 */
713 rc = calc_lanman_hash(ses->password, ses->server->cryptkey,
714 ses->server->sec_mode & SECMODE_PW_ENCRYPT ?
715 true : false, lnm_session_key);
Luis de Bethencourta6b6bef2016-06-08 17:02:32 +0100716 if (rc)
717 goto out;
Sachin Prabhu80a0e632014-06-16 15:35:25 +0100718
Stefan Metzmacherfa8f3a32016-05-03 10:52:30 +0200719 memcpy(bcc_ptr, (char *)lnm_session_key, CIFS_AUTH_RESP_SIZE);
720 bcc_ptr += CIFS_AUTH_RESP_SIZE;
721 } else {
722 pSMB->old_req.PasswordLength = 0;
723 }
Sachin Prabhu80a0e632014-06-16 15:35:25 +0100724
725 /*
726 * can not sign if LANMAN negotiated so no need
727 * to calculate signing key? but what if server
728 * changed to do higher than lanman dialect and
729 * we reconnected would we ever calc signing_key?
730 */
731
732 cifs_dbg(FYI, "Negotiating LANMAN setting up strings\n");
733 /* Unicode not allowed for LANMAN dialects */
734 ascii_ssetup_strings(&bcc_ptr, ses, sess_data->nls_cp);
735
736 sess_data->iov[2].iov_len = (long) bcc_ptr -
737 (long) sess_data->iov[2].iov_base;
738
739 rc = sess_sendreceive(sess_data);
740 if (rc)
741 goto out;
742
743 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
744 smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base;
745
746 /* lanman response has a word count of 3 */
747 if (smb_buf->WordCount != 3) {
748 rc = -EIO;
749 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount);
750 goto out;
751 }
752
753 if (le16_to_cpu(pSMB->resp.Action) & GUEST_LOGIN)
754 cifs_dbg(FYI, "Guest login\n"); /* BB mark SesInfo struct? */
755
756 ses->Suid = smb_buf->Uid; /* UID left in wire format (le) */
757 cifs_dbg(FYI, "UID = %llu\n", ses->Suid);
758
759 bytes_remaining = get_bcc(smb_buf);
760 bcc_ptr = pByteArea(smb_buf);
761
762 /* BB check if Unicode and decode strings */
763 if (bytes_remaining == 0) {
764 /* no string area to decode, do nothing */
765 } else if (smb_buf->Flags2 & SMBFLG2_UNICODE) {
766 /* unicode string area must be word-aligned */
767 if (((unsigned long) bcc_ptr - (unsigned long) smb_buf) % 2) {
768 ++bcc_ptr;
769 --bytes_remaining;
770 }
771 decode_unicode_ssetup(&bcc_ptr, bytes_remaining, ses,
772 sess_data->nls_cp);
773 } else {
774 decode_ascii_ssetup(&bcc_ptr, bytes_remaining, ses,
775 sess_data->nls_cp);
776 }
777
778 rc = sess_establish_session(sess_data);
779out:
780 sess_data->result = rc;
781 sess_data->func = NULL;
782 sess_free_buffer(sess_data);
783}
784
Sachin Prabhu80a0e632014-06-16 15:35:25 +0100785#endif
786
Sachin Prabhu583cf7a2014-06-16 15:35:26 +0100787static void
788sess_auth_ntlm(struct sess_data *sess_data)
789{
790 int rc = 0;
791 struct smb_hdr *smb_buf;
792 SESSION_SETUP_ANDX *pSMB;
793 char *bcc_ptr;
794 struct cifs_ses *ses = sess_data->ses;
795 __u32 capabilities;
796 __u16 bytes_remaining;
797
798 /* old style NTLM sessionsetup */
799 /* wct = 13 */
800 rc = sess_alloc_buffer(sess_data, 13);
801 if (rc)
802 goto out;
803
804 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
805 bcc_ptr = sess_data->iov[2].iov_base;
806 capabilities = cifs_ssetup_hdr(ses, pSMB);
807
808 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
Stefan Metzmacher777f69b2016-05-03 10:52:30 +0200809 if (ses->user_name != NULL) {
810 pSMB->req_no_secext.CaseInsensitivePasswordLength =
811 cpu_to_le16(CIFS_AUTH_RESP_SIZE);
812 pSMB->req_no_secext.CaseSensitivePasswordLength =
813 cpu_to_le16(CIFS_AUTH_RESP_SIZE);
Sachin Prabhu583cf7a2014-06-16 15:35:26 +0100814
Stefan Metzmacher777f69b2016-05-03 10:52:30 +0200815 /* calculate ntlm response and session key */
816 rc = setup_ntlm_response(ses, sess_data->nls_cp);
817 if (rc) {
818 cifs_dbg(VFS, "Error %d during NTLM authentication\n",
819 rc);
820 goto out;
821 }
822
823 /* copy ntlm response */
824 memcpy(bcc_ptr, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
825 CIFS_AUTH_RESP_SIZE);
826 bcc_ptr += CIFS_AUTH_RESP_SIZE;
827 memcpy(bcc_ptr, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
828 CIFS_AUTH_RESP_SIZE);
829 bcc_ptr += CIFS_AUTH_RESP_SIZE;
830 } else {
831 pSMB->req_no_secext.CaseInsensitivePasswordLength = 0;
832 pSMB->req_no_secext.CaseSensitivePasswordLength = 0;
Sachin Prabhu583cf7a2014-06-16 15:35:26 +0100833 }
834
Sachin Prabhu583cf7a2014-06-16 15:35:26 +0100835 if (ses->capabilities & CAP_UNICODE) {
836 /* unicode strings must be word aligned */
837 if (sess_data->iov[0].iov_len % 2) {
838 *bcc_ptr = 0;
839 bcc_ptr++;
840 }
841 unicode_ssetup_strings(&bcc_ptr, ses, sess_data->nls_cp);
842 } else {
843 ascii_ssetup_strings(&bcc_ptr, ses, sess_data->nls_cp);
844 }
845
846
847 sess_data->iov[2].iov_len = (long) bcc_ptr -
848 (long) sess_data->iov[2].iov_base;
849
850 rc = sess_sendreceive(sess_data);
851 if (rc)
852 goto out;
853
854 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
855 smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base;
856
857 if (smb_buf->WordCount != 3) {
858 rc = -EIO;
859 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount);
860 goto out;
861 }
862
863 if (le16_to_cpu(pSMB->resp.Action) & GUEST_LOGIN)
864 cifs_dbg(FYI, "Guest login\n"); /* BB mark SesInfo struct? */
865
866 ses->Suid = smb_buf->Uid; /* UID left in wire format (le) */
867 cifs_dbg(FYI, "UID = %llu\n", ses->Suid);
868
869 bytes_remaining = get_bcc(smb_buf);
870 bcc_ptr = pByteArea(smb_buf);
871
872 /* BB check if Unicode and decode strings */
873 if (bytes_remaining == 0) {
874 /* no string area to decode, do nothing */
875 } else if (smb_buf->Flags2 & SMBFLG2_UNICODE) {
876 /* unicode string area must be word-aligned */
877 if (((unsigned long) bcc_ptr - (unsigned long) smb_buf) % 2) {
878 ++bcc_ptr;
879 --bytes_remaining;
880 }
881 decode_unicode_ssetup(&bcc_ptr, bytes_remaining, ses,
882 sess_data->nls_cp);
883 } else {
884 decode_ascii_ssetup(&bcc_ptr, bytes_remaining, ses,
885 sess_data->nls_cp);
886 }
887
888 rc = sess_establish_session(sess_data);
889out:
890 sess_data->result = rc;
891 sess_data->func = NULL;
892 sess_free_buffer(sess_data);
893 kfree(ses->auth_key.response);
894 ses->auth_key.response = NULL;
895}
896
897static void
898sess_auth_ntlmv2(struct sess_data *sess_data)
899{
900 int rc = 0;
901 struct smb_hdr *smb_buf;
902 SESSION_SETUP_ANDX *pSMB;
903 char *bcc_ptr;
904 struct cifs_ses *ses = sess_data->ses;
905 __u32 capabilities;
906 __u16 bytes_remaining;
907
908 /* old style NTLM sessionsetup */
909 /* wct = 13 */
910 rc = sess_alloc_buffer(sess_data, 13);
911 if (rc)
912 goto out;
913
914 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
915 bcc_ptr = sess_data->iov[2].iov_base;
916 capabilities = cifs_ssetup_hdr(ses, pSMB);
917
918 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
919
920 /* LM2 password would be here if we supported it */
921 pSMB->req_no_secext.CaseInsensitivePasswordLength = 0;
922
Stefan Metzmacher1a967d62016-05-03 10:52:30 +0200923 if (ses->user_name != NULL) {
924 /* calculate nlmv2 response and session key */
925 rc = setup_ntlmv2_rsp(ses, sess_data->nls_cp);
926 if (rc) {
927 cifs_dbg(VFS, "Error %d during NTLMv2 authentication\n", rc);
928 goto out;
929 }
930
931 memcpy(bcc_ptr, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
932 ses->auth_key.len - CIFS_SESS_KEY_SIZE);
933 bcc_ptr += ses->auth_key.len - CIFS_SESS_KEY_SIZE;
934
935 /* set case sensitive password length after tilen may get
936 * assigned, tilen is 0 otherwise.
937 */
938 pSMB->req_no_secext.CaseSensitivePasswordLength =
939 cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
940 } else {
941 pSMB->req_no_secext.CaseSensitivePasswordLength = 0;
Sachin Prabhu583cf7a2014-06-16 15:35:26 +0100942 }
943
Sachin Prabhu583cf7a2014-06-16 15:35:26 +0100944 if (ses->capabilities & CAP_UNICODE) {
945 if (sess_data->iov[0].iov_len % 2) {
946 *bcc_ptr = 0;
947 bcc_ptr++;
948 }
949 unicode_ssetup_strings(&bcc_ptr, ses, sess_data->nls_cp);
950 } else {
951 ascii_ssetup_strings(&bcc_ptr, ses, sess_data->nls_cp);
952 }
953
954
955 sess_data->iov[2].iov_len = (long) bcc_ptr -
956 (long) sess_data->iov[2].iov_base;
957
958 rc = sess_sendreceive(sess_data);
959 if (rc)
960 goto out;
961
962 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
963 smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base;
964
965 if (smb_buf->WordCount != 3) {
966 rc = -EIO;
967 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount);
968 goto out;
969 }
970
971 if (le16_to_cpu(pSMB->resp.Action) & GUEST_LOGIN)
972 cifs_dbg(FYI, "Guest login\n"); /* BB mark SesInfo struct? */
973
974 ses->Suid = smb_buf->Uid; /* UID left in wire format (le) */
975 cifs_dbg(FYI, "UID = %llu\n", ses->Suid);
976
977 bytes_remaining = get_bcc(smb_buf);
978 bcc_ptr = pByteArea(smb_buf);
979
980 /* BB check if Unicode and decode strings */
981 if (bytes_remaining == 0) {
982 /* no string area to decode, do nothing */
983 } else if (smb_buf->Flags2 & SMBFLG2_UNICODE) {
984 /* unicode string area must be word-aligned */
985 if (((unsigned long) bcc_ptr - (unsigned long) smb_buf) % 2) {
986 ++bcc_ptr;
987 --bytes_remaining;
988 }
989 decode_unicode_ssetup(&bcc_ptr, bytes_remaining, ses,
990 sess_data->nls_cp);
991 } else {
992 decode_ascii_ssetup(&bcc_ptr, bytes_remaining, ses,
993 sess_data->nls_cp);
994 }
995
996 rc = sess_establish_session(sess_data);
997out:
998 sess_data->result = rc;
999 sess_data->func = NULL;
1000 sess_free_buffer(sess_data);
1001 kfree(ses->auth_key.response);
1002 ses->auth_key.response = NULL;
1003}
1004
Sachin Prabhuee03c642014-06-16 15:35:27 +01001005#ifdef CONFIG_CIFS_UPCALL
1006static void
1007sess_auth_kerberos(struct sess_data *sess_data)
1008{
1009 int rc = 0;
1010 struct smb_hdr *smb_buf;
1011 SESSION_SETUP_ANDX *pSMB;
1012 char *bcc_ptr;
1013 struct cifs_ses *ses = sess_data->ses;
1014 __u32 capabilities;
1015 __u16 bytes_remaining;
1016 struct key *spnego_key = NULL;
1017 struct cifs_spnego_msg *msg;
1018 u16 blob_len;
1019
1020 /* extended security */
1021 /* wct = 12 */
1022 rc = sess_alloc_buffer(sess_data, 12);
1023 if (rc)
1024 goto out;
1025
1026 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1027 bcc_ptr = sess_data->iov[2].iov_base;
1028 capabilities = cifs_ssetup_hdr(ses, pSMB);
1029
1030 spnego_key = cifs_get_spnego_key(ses);
1031 if (IS_ERR(spnego_key)) {
1032 rc = PTR_ERR(spnego_key);
1033 spnego_key = NULL;
1034 goto out;
1035 }
1036
David Howells146aa8b2015-10-21 14:04:48 +01001037 msg = spnego_key->payload.data[0];
Sachin Prabhuee03c642014-06-16 15:35:27 +01001038 /*
1039 * check version field to make sure that cifs.upcall is
1040 * sending us a response in an expected form
1041 */
1042 if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) {
1043 cifs_dbg(VFS,
1044 "incorrect version of cifs.upcall (expected %d but got %d)",
1045 CIFS_SPNEGO_UPCALL_VERSION, msg->version);
1046 rc = -EKEYREJECTED;
1047 goto out_put_spnego_key;
1048 }
1049
1050 ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len,
1051 GFP_KERNEL);
1052 if (!ses->auth_key.response) {
1053 cifs_dbg(VFS, "Kerberos can't allocate (%u bytes) memory",
1054 msg->sesskey_len);
1055 rc = -ENOMEM;
1056 goto out_put_spnego_key;
1057 }
1058 ses->auth_key.len = msg->sesskey_len;
1059
1060 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
1061 capabilities |= CAP_EXTENDED_SECURITY;
1062 pSMB->req.Capabilities = cpu_to_le32(capabilities);
1063 sess_data->iov[1].iov_base = msg->data + msg->sesskey_len;
1064 sess_data->iov[1].iov_len = msg->secblob_len;
1065 pSMB->req.SecurityBlobLength = cpu_to_le16(sess_data->iov[1].iov_len);
1066
1067 if (ses->capabilities & CAP_UNICODE) {
1068 /* unicode strings must be word aligned */
1069 if ((sess_data->iov[0].iov_len
1070 + sess_data->iov[1].iov_len) % 2) {
1071 *bcc_ptr = 0;
1072 bcc_ptr++;
1073 }
1074 unicode_oslm_strings(&bcc_ptr, sess_data->nls_cp);
1075 unicode_domain_string(&bcc_ptr, ses, sess_data->nls_cp);
1076 } else {
1077 /* BB: is this right? */
1078 ascii_ssetup_strings(&bcc_ptr, ses, sess_data->nls_cp);
1079 }
1080
1081 sess_data->iov[2].iov_len = (long) bcc_ptr -
1082 (long) sess_data->iov[2].iov_base;
1083
1084 rc = sess_sendreceive(sess_data);
1085 if (rc)
1086 goto out_put_spnego_key;
1087
1088 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1089 smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base;
1090
1091 if (smb_buf->WordCount != 4) {
1092 rc = -EIO;
1093 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount);
1094 goto out_put_spnego_key;
1095 }
1096
1097 if (le16_to_cpu(pSMB->resp.Action) & GUEST_LOGIN)
1098 cifs_dbg(FYI, "Guest login\n"); /* BB mark SesInfo struct? */
1099
1100 ses->Suid = smb_buf->Uid; /* UID left in wire format (le) */
1101 cifs_dbg(FYI, "UID = %llu\n", ses->Suid);
1102
1103 bytes_remaining = get_bcc(smb_buf);
1104 bcc_ptr = pByteArea(smb_buf);
1105
1106 blob_len = le16_to_cpu(pSMB->resp.SecurityBlobLength);
1107 if (blob_len > bytes_remaining) {
1108 cifs_dbg(VFS, "bad security blob length %d\n",
1109 blob_len);
1110 rc = -EINVAL;
1111 goto out_put_spnego_key;
1112 }
1113 bcc_ptr += blob_len;
1114 bytes_remaining -= blob_len;
1115
1116 /* BB check if Unicode and decode strings */
1117 if (bytes_remaining == 0) {
1118 /* no string area to decode, do nothing */
1119 } else if (smb_buf->Flags2 & SMBFLG2_UNICODE) {
1120 /* unicode string area must be word-aligned */
1121 if (((unsigned long) bcc_ptr - (unsigned long) smb_buf) % 2) {
1122 ++bcc_ptr;
1123 --bytes_remaining;
1124 }
1125 decode_unicode_ssetup(&bcc_ptr, bytes_remaining, ses,
1126 sess_data->nls_cp);
1127 } else {
1128 decode_ascii_ssetup(&bcc_ptr, bytes_remaining, ses,
1129 sess_data->nls_cp);
1130 }
1131
1132 rc = sess_establish_session(sess_data);
1133out_put_spnego_key:
1134 key_invalidate(spnego_key);
1135 key_put(spnego_key);
1136out:
1137 sess_data->result = rc;
1138 sess_data->func = NULL;
1139 sess_free_buffer(sess_data);
1140 kfree(ses->auth_key.response);
1141 ses->auth_key.response = NULL;
1142}
1143
Sachin Prabhuee03c642014-06-16 15:35:27 +01001144#endif /* ! CONFIG_CIFS_UPCALL */
Sachin Prabhu583cf7a2014-06-16 15:35:26 +01001145
Sachin Prabhucc87c472014-06-16 15:35:28 +01001146/*
1147 * The required kvec buffers have to be allocated before calling this
1148 * function.
1149 */
1150static int
1151_sess_auth_rawntlmssp_assemble_req(struct sess_data *sess_data)
Steve French39798772006-05-31 22:40:51 +00001152{
Steve French39798772006-05-31 22:40:51 +00001153 struct smb_hdr *smb_buf;
Steve French39798772006-05-31 22:40:51 +00001154 SESSION_SETUP_ANDX *pSMB;
Sachin Prabhucc87c472014-06-16 15:35:28 +01001155 struct cifs_ses *ses = sess_data->ses;
Steve French39798772006-05-31 22:40:51 +00001156 __u32 capabilities;
Sachin Prabhucc87c472014-06-16 15:35:28 +01001157 char *bcc_ptr;
Steve French254e55e2006-06-04 05:53:15 +00001158
Sachin Prabhucc87c472014-06-16 15:35:28 +01001159 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1160 smb_buf = (struct smb_hdr *)pSMB;
1161
1162 capabilities = cifs_ssetup_hdr(ses, pSMB);
1163 if ((pSMB->req.hdr.Flags2 & SMBFLG2_UNICODE) == 0) {
1164 cifs_dbg(VFS, "NTLMSSP requires Unicode support\n");
1165 return -ENOSYS;
Jeff Layton3534b852013-05-24 07:41:01 -04001166 }
Steve French39798772006-05-31 22:40:51 +00001167
Sachin Prabhucc87c472014-06-16 15:35:28 +01001168 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
1169 capabilities |= CAP_EXTENDED_SECURITY;
1170 pSMB->req.Capabilities |= cpu_to_le32(capabilities);
1171
1172 bcc_ptr = sess_data->iov[2].iov_base;
1173 /* unicode strings must be word aligned */
1174 if ((sess_data->iov[0].iov_len + sess_data->iov[1].iov_len) % 2) {
1175 *bcc_ptr = 0;
1176 bcc_ptr++;
1177 }
1178 unicode_oslm_strings(&bcc_ptr, sess_data->nls_cp);
1179
1180 sess_data->iov[2].iov_len = (long) bcc_ptr -
1181 (long) sess_data->iov[2].iov_base;
1182
1183 return 0;
1184}
1185
1186static void
1187sess_auth_rawntlmssp_authenticate(struct sess_data *sess_data);
1188
1189static void
1190sess_auth_rawntlmssp_negotiate(struct sess_data *sess_data)
1191{
1192 int rc;
1193 struct smb_hdr *smb_buf;
1194 SESSION_SETUP_ANDX *pSMB;
1195 struct cifs_ses *ses = sess_data->ses;
1196 __u16 bytes_remaining;
1197 char *bcc_ptr;
1198 u16 blob_len;
1199
1200 cifs_dbg(FYI, "rawntlmssp session setup negotiate phase\n");
1201
1202 /*
1203 * if memory allocation is successful, caller of this function
1204 * frees it.
1205 */
1206 ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL);
1207 if (!ses->ntlmssp) {
1208 rc = -ENOMEM;
1209 goto out;
1210 }
1211 ses->ntlmssp->sesskey_per_smbsess = false;
1212
1213 /* wct = 12 */
1214 rc = sess_alloc_buffer(sess_data, 12);
1215 if (rc)
1216 goto out;
1217
1218 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1219
1220 /* Build security blob before we assemble the request */
1221 build_ntlmssp_negotiate_blob(pSMB->req.SecurityBlob, ses);
1222 sess_data->iov[1].iov_len = sizeof(NEGOTIATE_MESSAGE);
1223 sess_data->iov[1].iov_base = pSMB->req.SecurityBlob;
1224 pSMB->req.SecurityBlobLength = cpu_to_le16(sizeof(NEGOTIATE_MESSAGE));
1225
1226 rc = _sess_auth_rawntlmssp_assemble_req(sess_data);
1227 if (rc)
1228 goto out;
1229
1230 rc = sess_sendreceive(sess_data);
1231
1232 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1233 smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base;
1234
1235 /* If true, rc here is expected and not an error */
1236 if (sess_data->buf0_type != CIFS_NO_BUFFER &&
1237 smb_buf->Status.CifsError ==
1238 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
1239 rc = 0;
1240
1241 if (rc)
1242 goto out;
1243
1244 cifs_dbg(FYI, "rawntlmssp session setup challenge phase\n");
1245
1246 if (smb_buf->WordCount != 4) {
1247 rc = -EIO;
1248 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount);
1249 goto out;
1250 }
1251
1252 ses->Suid = smb_buf->Uid; /* UID left in wire format (le) */
1253 cifs_dbg(FYI, "UID = %llu\n", ses->Suid);
1254
1255 bytes_remaining = get_bcc(smb_buf);
1256 bcc_ptr = pByteArea(smb_buf);
1257
1258 blob_len = le16_to_cpu(pSMB->resp.SecurityBlobLength);
1259 if (blob_len > bytes_remaining) {
1260 cifs_dbg(VFS, "bad security blob length %d\n",
1261 blob_len);
1262 rc = -EINVAL;
1263 goto out;
1264 }
1265
1266 rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
1267out:
1268 sess_free_buffer(sess_data);
1269
1270 if (!rc) {
1271 sess_data->func = sess_auth_rawntlmssp_authenticate;
1272 return;
1273 }
1274
1275 /* Else error. Cleanup */
1276 kfree(ses->auth_key.response);
1277 ses->auth_key.response = NULL;
1278 kfree(ses->ntlmssp);
1279 ses->ntlmssp = NULL;
1280
1281 sess_data->func = NULL;
1282 sess_data->result = rc;
1283}
1284
1285static void
1286sess_auth_rawntlmssp_authenticate(struct sess_data *sess_data)
1287{
1288 int rc;
1289 struct smb_hdr *smb_buf;
1290 SESSION_SETUP_ANDX *pSMB;
1291 struct cifs_ses *ses = sess_data->ses;
1292 __u16 bytes_remaining;
1293 char *bcc_ptr;
Jerome Marchandb8da3442016-05-26 11:52:25 +02001294 unsigned char *ntlmsspblob = NULL;
Sachin Prabhucc87c472014-06-16 15:35:28 +01001295 u16 blob_len;
1296
1297 cifs_dbg(FYI, "rawntlmssp session setup authenticate phase\n");
1298
1299 /* wct = 12 */
1300 rc = sess_alloc_buffer(sess_data, 12);
1301 if (rc)
1302 goto out;
1303
1304 /* Build security blob before we assemble the request */
1305 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1306 smb_buf = (struct smb_hdr *)pSMB;
Jerome Marchandb8da3442016-05-26 11:52:25 +02001307 rc = build_ntlmssp_auth_blob(&ntlmsspblob,
Sachin Prabhucc87c472014-06-16 15:35:28 +01001308 &blob_len, ses, sess_data->nls_cp);
1309 if (rc)
1310 goto out_free_ntlmsspblob;
1311 sess_data->iov[1].iov_len = blob_len;
1312 sess_data->iov[1].iov_base = ntlmsspblob;
1313 pSMB->req.SecurityBlobLength = cpu_to_le16(blob_len);
1314 /*
1315 * Make sure that we tell the server that we are using
1316 * the uid that it just gave us back on the response
1317 * (challenge)
1318 */
1319 smb_buf->Uid = ses->Suid;
1320
1321 rc = _sess_auth_rawntlmssp_assemble_req(sess_data);
1322 if (rc)
1323 goto out_free_ntlmsspblob;
1324
1325 rc = sess_sendreceive(sess_data);
1326 if (rc)
1327 goto out_free_ntlmsspblob;
1328
1329 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1330 smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base;
1331 if (smb_buf->WordCount != 4) {
1332 rc = -EIO;
1333 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount);
1334 goto out_free_ntlmsspblob;
1335 }
1336
1337 if (le16_to_cpu(pSMB->resp.Action) & GUEST_LOGIN)
1338 cifs_dbg(FYI, "Guest login\n"); /* BB mark SesInfo struct? */
1339
Sachin Prabhuee9bbf42014-12-03 12:26:36 +00001340 if (ses->Suid != smb_buf->Uid) {
1341 ses->Suid = smb_buf->Uid;
1342 cifs_dbg(FYI, "UID changed! new UID = %llu\n", ses->Suid);
1343 }
1344
Sachin Prabhucc87c472014-06-16 15:35:28 +01001345 bytes_remaining = get_bcc(smb_buf);
1346 bcc_ptr = pByteArea(smb_buf);
1347 blob_len = le16_to_cpu(pSMB->resp.SecurityBlobLength);
1348 if (blob_len > bytes_remaining) {
1349 cifs_dbg(VFS, "bad security blob length %d\n",
1350 blob_len);
1351 rc = -EINVAL;
1352 goto out_free_ntlmsspblob;
1353 }
1354 bcc_ptr += blob_len;
1355 bytes_remaining -= blob_len;
1356
1357
1358 /* BB check if Unicode and decode strings */
1359 if (bytes_remaining == 0) {
1360 /* no string area to decode, do nothing */
1361 } else if (smb_buf->Flags2 & SMBFLG2_UNICODE) {
1362 /* unicode string area must be word-aligned */
1363 if (((unsigned long) bcc_ptr - (unsigned long) smb_buf) % 2) {
1364 ++bcc_ptr;
1365 --bytes_remaining;
1366 }
1367 decode_unicode_ssetup(&bcc_ptr, bytes_remaining, ses,
1368 sess_data->nls_cp);
1369 } else {
1370 decode_ascii_ssetup(&bcc_ptr, bytes_remaining, ses,
1371 sess_data->nls_cp);
1372 }
1373
1374out_free_ntlmsspblob:
1375 kfree(ntlmsspblob);
1376out:
1377 sess_free_buffer(sess_data);
1378
1379 if (!rc)
1380 rc = sess_establish_session(sess_data);
1381
1382 /* Cleanup */
1383 kfree(ses->auth_key.response);
1384 ses->auth_key.response = NULL;
1385 kfree(ses->ntlmssp);
1386 ses->ntlmssp = NULL;
1387
1388 sess_data->func = NULL;
1389 sess_data->result = rc;
1390}
1391
Steve French27924072014-07-11 07:47:01 -05001392static int select_sec(struct cifs_ses *ses, struct sess_data *sess_data)
Sachin Prabhucc87c472014-06-16 15:35:28 +01001393{
1394 int type;
Sachin Prabhu80a0e632014-06-16 15:35:25 +01001395
Jeff Layton3f618222013-06-12 19:52:14 -05001396 type = select_sectype(ses->server, ses->sectype);
Joe Perchesf96637b2013-05-04 22:12:25 -05001397 cifs_dbg(FYI, "sess setup type %d\n", type);
Jeff Layton3f618222013-06-12 19:52:14 -05001398 if (type == Unspecified) {
Shirish Pargaonkard4e63bd2013-08-29 08:35:09 -05001399 cifs_dbg(VFS,
1400 "Unable to select appropriate authentication method!");
Jeff Layton3f618222013-06-12 19:52:14 -05001401 return -EINVAL;
1402 }
1403
Sachin Prabhu80a0e632014-06-16 15:35:25 +01001404 switch (type) {
1405 case LANMAN:
Sachin Prabhucc87c472014-06-16 15:35:28 +01001406 /* LANMAN and plaintext are less secure and off by default.
1407 * So we make this explicitly be turned on in kconfig (in the
1408 * build) and turned on at runtime (changed from the default)
1409 * in proc/fs/cifs or via mount parm. Unfortunately this is
1410 * needed for old Win (e.g. Win95), some obscure NAS and OS/2 */
1411#ifdef CONFIG_CIFS_WEAK_PW_HASH
1412 sess_data->func = sess_auth_lanman;
1413 break;
1414#else
1415 return -EOPNOTSUPP;
1416#endif
Sachin Prabhu583cf7a2014-06-16 15:35:26 +01001417 case NTLM:
Sachin Prabhucc87c472014-06-16 15:35:28 +01001418 sess_data->func = sess_auth_ntlm;
1419 break;
Sachin Prabhu583cf7a2014-06-16 15:35:26 +01001420 case NTLMv2:
Sachin Prabhucc87c472014-06-16 15:35:28 +01001421 sess_data->func = sess_auth_ntlmv2;
1422 break;
Sachin Prabhuee03c642014-06-16 15:35:27 +01001423 case Kerberos:
Sachin Prabhucc87c472014-06-16 15:35:28 +01001424#ifdef CONFIG_CIFS_UPCALL
1425 sess_data->func = sess_auth_kerberos;
1426 break;
1427#else
1428 cifs_dbg(VFS, "Kerberos negotiated but upcall support disabled!\n");
1429 return -ENOSYS;
1430 break;
1431#endif /* CONFIG_CIFS_UPCALL */
1432 case RawNTLMSSP:
1433 sess_data->func = sess_auth_rawntlmssp_negotiate;
1434 break;
Sachin Prabhu80a0e632014-06-16 15:35:25 +01001435 default:
Joe Perchesf96637b2013-05-04 22:12:25 -05001436 cifs_dbg(VFS, "secType %d not supported!\n", type);
Sachin Prabhucc87c472014-06-16 15:35:28 +01001437 return -ENOSYS;
Steve French39798772006-05-31 22:40:51 +00001438 }
1439
Sachin Prabhucc87c472014-06-16 15:35:28 +01001440 return 0;
1441}
Steve French24424212007-11-16 23:37:35 +00001442
Sachin Prabhucc87c472014-06-16 15:35:28 +01001443int CIFS_SessSetup(const unsigned int xid, struct cifs_ses *ses,
1444 const struct nls_table *nls_cp)
1445{
1446 int rc = 0;
1447 struct sess_data *sess_data;
Steve French39798772006-05-31 22:40:51 +00001448
Sachin Prabhucc87c472014-06-16 15:35:28 +01001449 if (ses == NULL) {
1450 WARN(1, "%s: ses == NULL!", __func__);
1451 return -EINVAL;
Steve French0b3cc8582009-05-04 08:37:12 +00001452 }
Sachin Prabhucc87c472014-06-16 15:35:28 +01001453
1454 sess_data = kzalloc(sizeof(struct sess_data), GFP_KERNEL);
1455 if (!sess_data)
1456 return -ENOMEM;
1457
1458 rc = select_sec(ses, sess_data);
Steve French0b3cc8582009-05-04 08:37:12 +00001459 if (rc)
Sachin Prabhucc87c472014-06-16 15:35:28 +01001460 goto out;
Steve French0b3cc8582009-05-04 08:37:12 +00001461
Sachin Prabhucc87c472014-06-16 15:35:28 +01001462 sess_data->xid = xid;
1463 sess_data->ses = ses;
1464 sess_data->buf0_type = CIFS_NO_BUFFER;
1465 sess_data->nls_cp = (struct nls_table *) nls_cp;
Steve French39798772006-05-31 22:40:51 +00001466
Sachin Prabhucc87c472014-06-16 15:35:28 +01001467 while (sess_data->func)
1468 sess_data->func(sess_data);
Steve French39798772006-05-31 22:40:51 +00001469
Sachin Prabhucc87c472014-06-16 15:35:28 +01001470 /* Store result before we free sess_data */
1471 rc = sess_data->result;
Sachin Prabhu80a0e632014-06-16 15:35:25 +01001472
1473out:
Sachin Prabhu80a0e632014-06-16 15:35:25 +01001474 kfree(sess_data);
1475 return rc;
Steve French39798772006-05-31 22:40:51 +00001476}