blob: f230571a7ab30d1c7d809eafbfdf9cb5724c2dd3 [file] [log] [blame]
Steve French39798772006-05-31 22:40:51 +00001/*
2 * fs/cifs/sess.c
3 *
4 * SMB/CIFS session setup handling routines
5 *
Steve Frenchd185cda2009-04-30 17:45:10 +00006 * Copyright (c) International Business Machines Corp., 2006, 2009
Steve French39798772006-05-31 22:40:51 +00007 * Author(s): Steve French (sfrench@us.ibm.com)
8 *
9 * This library is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Lesser General Public License as published
11 * by the Free Software Foundation; either version 2.1 of the License, or
12 * (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
17 * the GNU Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public License
20 * along with this library; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 */
23
24#include "cifspdu.h"
25#include "cifsglob.h"
26#include "cifsproto.h"
27#include "cifs_unicode.h"
28#include "cifs_debug.h"
29#include "ntlmssp.h"
30#include "nterr.h"
Steve French9c535882006-06-01 05:09:10 +000031#include <linux/utsname.h>
Tejun Heo5a0e3ad2010-03-24 17:04:11 +090032#include <linux/slab.h>
Steve French24424212007-11-16 23:37:35 +000033#include "cifs_spnego.h"
Steve French39798772006-05-31 22:40:51 +000034
Jeff Laytonebe6aa52010-04-24 07:57:47 -040035/*
36 * Checks if this is the first smb session to be reconnected after
37 * the socket has been reestablished (so we know whether to use vc 0).
38 * Called while holding the cifs_tcp_ses_lock, so do not block
39 */
Steve French96daf2b2011-05-27 04:34:02 +000040static bool is_first_ses_reconnect(struct cifs_ses *ses)
Steve Frencheca6acf2009-02-20 05:43:09 +000041{
42 struct list_head *tmp;
Steve French96daf2b2011-05-27 04:34:02 +000043 struct cifs_ses *tmp_ses;
Steve Frencheca6acf2009-02-20 05:43:09 +000044
45 list_for_each(tmp, &ses->server->smb_ses_list) {
Steve French96daf2b2011-05-27 04:34:02 +000046 tmp_ses = list_entry(tmp, struct cifs_ses,
Steve Frencheca6acf2009-02-20 05:43:09 +000047 smb_ses_list);
48 if (tmp_ses->need_reconnect == false)
49 return false;
50 }
51 /* could not find a session that was already connected,
52 this must be the first one we are reconnecting */
53 return true;
54}
55
56/*
57 * vc number 0 is treated specially by some servers, and should be the
58 * first one we request. After that we can use vcnumbers up to maxvcs,
59 * one for each smb session (some Windows versions set maxvcs incorrectly
60 * so maxvc=1 can be ignored). If we have too many vcs, we can reuse
61 * any vc but zero (some servers reset the connection on vcnum zero)
62 *
63 */
Steve French96daf2b2011-05-27 04:34:02 +000064static __le16 get_next_vcnum(struct cifs_ses *ses)
Steve Frencheca6acf2009-02-20 05:43:09 +000065{
66 __u16 vcnum = 0;
67 struct list_head *tmp;
Steve French96daf2b2011-05-27 04:34:02 +000068 struct cifs_ses *tmp_ses;
Steve Frencheca6acf2009-02-20 05:43:09 +000069 __u16 max_vcs = ses->server->max_vcs;
70 __u16 i;
71 int free_vc_found = 0;
72
73 /* Quoting the MS-SMB specification: "Windows-based SMB servers set this
74 field to one but do not enforce this limit, which allows an SMB client
75 to establish more virtual circuits than allowed by this value ... but
76 other server implementations can enforce this limit." */
77 if (max_vcs < 2)
78 max_vcs = 0xFFFF;
79
Suresh Jayaraman3f9bcca2010-10-18 23:29:37 +053080 spin_lock(&cifs_tcp_ses_lock);
Steve Frencheca6acf2009-02-20 05:43:09 +000081 if ((ses->need_reconnect) && is_first_ses_reconnect(ses))
82 goto get_vc_num_exit; /* vcnum will be zero */
83 for (i = ses->server->srv_count - 1; i < max_vcs; i++) {
84 if (i == 0) /* this is the only connection, use vc 0 */
85 break;
86
87 free_vc_found = 1;
88
89 list_for_each(tmp, &ses->server->smb_ses_list) {
Steve French96daf2b2011-05-27 04:34:02 +000090 tmp_ses = list_entry(tmp, struct cifs_ses,
Steve Frencheca6acf2009-02-20 05:43:09 +000091 smb_ses_list);
92 if (tmp_ses->vcnum == i) {
93 free_vc_found = 0;
94 break; /* found duplicate, try next vcnum */
95 }
96 }
97 if (free_vc_found)
98 break; /* we found a vcnumber that will work - use it */
99 }
100
101 if (i == 0)
102 vcnum = 0; /* for most common case, ie if one smb session, use
103 vc zero. Also for case when no free vcnum, zero
104 is safest to send (some clients only send zero) */
105 else if (free_vc_found == 0)
106 vcnum = 1; /* we can not reuse vc=0 safely, since some servers
107 reset all uids on that, but 1 is ok. */
108 else
109 vcnum = i;
110 ses->vcnum = vcnum;
111get_vc_num_exit:
Suresh Jayaraman3f9bcca2010-10-18 23:29:37 +0530112 spin_unlock(&cifs_tcp_ses_lock);
Steve Frencheca6acf2009-02-20 05:43:09 +0000113
Steve French051a2a02009-05-01 16:21:04 +0000114 return cpu_to_le16(vcnum);
Steve Frencheca6acf2009-02-20 05:43:09 +0000115}
116
Steve French96daf2b2011-05-27 04:34:02 +0000117static __u32 cifs_ssetup_hdr(struct cifs_ses *ses, SESSION_SETUP_ANDX *pSMB)
Steve French39798772006-05-31 22:40:51 +0000118{
119 __u32 capabilities = 0;
120
121 /* init fields common to all four types of SessSetup */
Steve Frencheca6acf2009-02-20 05:43:09 +0000122 /* Note that offsets for first seven fields in req struct are same */
123 /* in CIFS Specs so does not matter which of 3 forms of struct */
124 /* that we use in next few lines */
125 /* Note that header is initialized to zero in header_assemble */
Steve French39798772006-05-31 22:40:51 +0000126 pSMB->req.AndXCommand = 0xFF;
Jeff Laytonc974bef2011-10-11 06:41:32 -0400127 pSMB->req.MaxBufferSize = cpu_to_le16(min_t(u32,
128 CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4,
129 USHRT_MAX));
Steve French39798772006-05-31 22:40:51 +0000130 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
Steve Frencheca6acf2009-02-20 05:43:09 +0000131 pSMB->req.VcNumber = get_next_vcnum(ses);
Steve French39798772006-05-31 22:40:51 +0000132
133 /* Now no need to set SMBFLG_CASELESS or obsolete CANONICAL PATH */
134
Steve French790fe572007-07-07 19:25:05 +0000135 /* BB verify whether signing required on neg or just on auth frame
Steve French39798772006-05-31 22:40:51 +0000136 (and NTLM case) */
137
138 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
139 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
140
Steve French96daf2b2011-05-27 04:34:02 +0000141 if (ses->server->sec_mode &
Steve French790fe572007-07-07 19:25:05 +0000142 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
Steve French39798772006-05-31 22:40:51 +0000143 pSMB->req.hdr.Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
144
145 if (ses->capabilities & CAP_UNICODE) {
146 pSMB->req.hdr.Flags2 |= SMBFLG2_UNICODE;
147 capabilities |= CAP_UNICODE;
148 }
149 if (ses->capabilities & CAP_STATUS32) {
150 pSMB->req.hdr.Flags2 |= SMBFLG2_ERR_STATUS;
151 capabilities |= CAP_STATUS32;
152 }
153 if (ses->capabilities & CAP_DFS) {
154 pSMB->req.hdr.Flags2 |= SMBFLG2_DFS;
155 capabilities |= CAP_DFS;
156 }
Steve French26f57362007-08-30 22:09:15 +0000157 if (ses->capabilities & CAP_UNIX)
Steve French39798772006-05-31 22:40:51 +0000158 capabilities |= CAP_UNIX;
Steve French39798772006-05-31 22:40:51 +0000159
Steve French39798772006-05-31 22:40:51 +0000160 return capabilities;
161}
162
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000163static void
164unicode_oslm_strings(char **pbcc_area, const struct nls_table *nls_cp)
165{
166 char *bcc_ptr = *pbcc_area;
167 int bytes_ret = 0;
168
169 /* Copy OS version */
Steve Frenchacbbb762012-01-18 22:32:33 -0600170 bytes_ret = cifs_strtoUTF16((__le16 *)bcc_ptr, "Linux version ", 32,
171 nls_cp);
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000172 bcc_ptr += 2 * bytes_ret;
Steve Frenchacbbb762012-01-18 22:32:33 -0600173 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, init_utsname()->release,
174 32, nls_cp);
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000175 bcc_ptr += 2 * bytes_ret;
176 bcc_ptr += 2; /* trailing null */
177
Steve Frenchacbbb762012-01-18 22:32:33 -0600178 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
179 32, nls_cp);
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000180 bcc_ptr += 2 * bytes_ret;
181 bcc_ptr += 2; /* trailing null */
182
183 *pbcc_area = bcc_ptr;
184}
185
Steve French96daf2b2011-05-27 04:34:02 +0000186static void unicode_domain_string(char **pbcc_area, struct cifs_ses *ses,
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000187 const struct nls_table *nls_cp)
188{
189 char *bcc_ptr = *pbcc_area;
190 int bytes_ret = 0;
191
192 /* copy domain */
193 if (ses->domainName == NULL) {
194 /* Sending null domain better than using a bogus domain name (as
195 we did briefly in 2.6.18) since server will use its default */
196 *bcc_ptr = 0;
197 *(bcc_ptr+1) = 0;
198 bytes_ret = 0;
199 } else
Steve Frenchacbbb762012-01-18 22:32:33 -0600200 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, ses->domainName,
201 256, nls_cp);
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000202 bcc_ptr += 2 * bytes_ret;
203 bcc_ptr += 2; /* account for null terminator */
204
205 *pbcc_area = bcc_ptr;
206}
207
208
Steve French96daf2b2011-05-27 04:34:02 +0000209static void unicode_ssetup_strings(char **pbcc_area, struct cifs_ses *ses,
Steve French790fe572007-07-07 19:25:05 +0000210 const struct nls_table *nls_cp)
Steve French39798772006-05-31 22:40:51 +0000211{
Steve French790fe572007-07-07 19:25:05 +0000212 char *bcc_ptr = *pbcc_area;
Steve French39798772006-05-31 22:40:51 +0000213 int bytes_ret = 0;
214
215 /* BB FIXME add check that strings total less
216 than 335 or will need to send them as arrays */
217
Steve French0223cf02006-06-27 19:50:57 +0000218 /* unicode strings, must be word aligned before the call */
219/* if ((long) bcc_ptr % 2) {
Steve French39798772006-05-31 22:40:51 +0000220 *bcc_ptr = 0;
221 bcc_ptr++;
Steve French0223cf02006-06-27 19:50:57 +0000222 } */
Steve French39798772006-05-31 22:40:51 +0000223 /* copy user */
Steve French8727c8a2011-02-25 01:11:56 -0600224 if (ses->user_name == NULL) {
Steve French6e659c62006-11-08 23:10:46 +0000225 /* null user mount */
226 *bcc_ptr = 0;
227 *(bcc_ptr+1) = 0;
Steve French301a6a32010-02-06 07:08:53 +0000228 } else {
Steve Frenchacbbb762012-01-18 22:32:33 -0600229 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, ses->user_name,
230 MAX_USERNAME_SIZE, nls_cp);
Steve French39798772006-05-31 22:40:51 +0000231 }
232 bcc_ptr += 2 * bytes_ret;
233 bcc_ptr += 2; /* account for null termination */
Steve French39798772006-05-31 22:40:51 +0000234
Jeff Layton0d3a01f2007-10-16 17:32:19 +0000235 unicode_domain_string(&bcc_ptr, ses, nls_cp);
236 unicode_oslm_strings(&bcc_ptr, nls_cp);
Steve French39798772006-05-31 22:40:51 +0000237
238 *pbcc_area = bcc_ptr;
239}
240
Steve French96daf2b2011-05-27 04:34:02 +0000241static void ascii_ssetup_strings(char **pbcc_area, struct cifs_ses *ses,
Steve French790fe572007-07-07 19:25:05 +0000242 const struct nls_table *nls_cp)
Steve French39798772006-05-31 22:40:51 +0000243{
Steve French790fe572007-07-07 19:25:05 +0000244 char *bcc_ptr = *pbcc_area;
Steve French39798772006-05-31 22:40:51 +0000245
246 /* copy user */
247 /* BB what about null user mounts - check that we do this BB */
Steve French790fe572007-07-07 19:25:05 +0000248 /* copy user */
Shirish Pargaonkarde47a412012-02-02 15:28:28 -0600249 if (ses->user_name != NULL) {
Steve French8727c8a2011-02-25 01:11:56 -0600250 strncpy(bcc_ptr, ses->user_name, MAX_USERNAME_SIZE);
Shirish Pargaonkarde47a412012-02-02 15:28:28 -0600251 bcc_ptr += strnlen(ses->user_name, MAX_USERNAME_SIZE);
252 }
Steve French8727c8a2011-02-25 01:11:56 -0600253 /* else null user mount */
Steve French39798772006-05-31 22:40:51 +0000254 *bcc_ptr = 0;
Steve French790fe572007-07-07 19:25:05 +0000255 bcc_ptr++; /* account for null termination */
Steve French39798772006-05-31 22:40:51 +0000256
Steve French790fe572007-07-07 19:25:05 +0000257 /* copy domain */
Steve French790fe572007-07-07 19:25:05 +0000258 if (ses->domainName != NULL) {
259 strncpy(bcc_ptr, ses->domainName, 256);
Steve French39798772006-05-31 22:40:51 +0000260 bcc_ptr += strnlen(ses->domainName, 256);
Steve French790fe572007-07-07 19:25:05 +0000261 } /* else we will send a null domain name
Steve French6e659c62006-11-08 23:10:46 +0000262 so the server will default to its own domain */
Steve French39798772006-05-31 22:40:51 +0000263 *bcc_ptr = 0;
264 bcc_ptr++;
265
266 /* BB check for overflow here */
267
268 strcpy(bcc_ptr, "Linux version ");
269 bcc_ptr += strlen("Linux version ");
Serge E. Hallyn96b644b2006-10-02 02:18:13 -0700270 strcpy(bcc_ptr, init_utsname()->release);
271 bcc_ptr += strlen(init_utsname()->release) + 1;
Steve French39798772006-05-31 22:40:51 +0000272
273 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
274 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
275
Steve French790fe572007-07-07 19:25:05 +0000276 *pbcc_area = bcc_ptr;
Steve French39798772006-05-31 22:40:51 +0000277}
278
Jeff Layton59140792009-04-30 07:16:21 -0400279static void
Steve French96daf2b2011-05-27 04:34:02 +0000280decode_unicode_ssetup(char **pbcc_area, int bleft, struct cifs_ses *ses,
Jeff Layton59140792009-04-30 07:16:21 -0400281 const struct nls_table *nls_cp)
Steve French39798772006-05-31 22:40:51 +0000282{
Jeff Layton59140792009-04-30 07:16:21 -0400283 int len;
Steve French790fe572007-07-07 19:25:05 +0000284 char *data = *pbcc_area;
Steve French39798772006-05-31 22:40:51 +0000285
Joe Perchesf96637b2013-05-04 22:12:25 -0500286 cifs_dbg(FYI, "bleft %d\n", bleft);
Steve French39798772006-05-31 22:40:51 +0000287
Steve French26f57362007-08-30 22:09:15 +0000288 kfree(ses->serverOS);
Steve Frenchacbbb762012-01-18 22:32:33 -0600289 ses->serverOS = cifs_strndup_from_utf16(data, bleft, true, nls_cp);
Joe Perchesf96637b2013-05-04 22:12:25 -0500290 cifs_dbg(FYI, "serverOS=%s\n", ses->serverOS);
Jeff Layton59140792009-04-30 07:16:21 -0400291 len = (UniStrnlen((wchar_t *) data, bleft / 2) * 2) + 2;
292 data += len;
293 bleft -= len;
294 if (bleft <= 0)
295 return;
Steve French39798772006-05-31 22:40:51 +0000296
Steve French26f57362007-08-30 22:09:15 +0000297 kfree(ses->serverNOS);
Steve Frenchacbbb762012-01-18 22:32:33 -0600298 ses->serverNOS = cifs_strndup_from_utf16(data, bleft, true, nls_cp);
Joe Perchesf96637b2013-05-04 22:12:25 -0500299 cifs_dbg(FYI, "serverNOS=%s\n", ses->serverNOS);
Jeff Layton59140792009-04-30 07:16:21 -0400300 len = (UniStrnlen((wchar_t *) data, bleft / 2) * 2) + 2;
301 data += len;
302 bleft -= len;
303 if (bleft <= 0)
304 return;
Steve French39798772006-05-31 22:40:51 +0000305
Steve French26f57362007-08-30 22:09:15 +0000306 kfree(ses->serverDomain);
Steve Frenchacbbb762012-01-18 22:32:33 -0600307 ses->serverDomain = cifs_strndup_from_utf16(data, bleft, true, nls_cp);
Joe Perchesf96637b2013-05-04 22:12:25 -0500308 cifs_dbg(FYI, "serverDomain=%s\n", ses->serverDomain);
Steve French790fe572007-07-07 19:25:05 +0000309
Jeff Layton59140792009-04-30 07:16:21 -0400310 return;
Steve French39798772006-05-31 22:40:51 +0000311}
312
Jeff Layton690c5222011-01-20 13:36:51 -0500313static int decode_ascii_ssetup(char **pbcc_area, __u16 bleft,
Steve French96daf2b2011-05-27 04:34:02 +0000314 struct cifs_ses *ses,
Steve French790fe572007-07-07 19:25:05 +0000315 const struct nls_table *nls_cp)
Steve French39798772006-05-31 22:40:51 +0000316{
317 int rc = 0;
318 int len;
Steve French790fe572007-07-07 19:25:05 +0000319 char *bcc_ptr = *pbcc_area;
Steve French39798772006-05-31 22:40:51 +0000320
Joe Perchesf96637b2013-05-04 22:12:25 -0500321 cifs_dbg(FYI, "decode sessetup ascii. bleft %d\n", bleft);
Steve French50c2f752007-07-13 00:33:32 +0000322
Steve French39798772006-05-31 22:40:51 +0000323 len = strnlen(bcc_ptr, bleft);
Steve French790fe572007-07-07 19:25:05 +0000324 if (len >= bleft)
Steve French39798772006-05-31 22:40:51 +0000325 return rc;
Steve French50c2f752007-07-13 00:33:32 +0000326
Steve French26f57362007-08-30 22:09:15 +0000327 kfree(ses->serverOS);
Steve French39798772006-05-31 22:40:51 +0000328
329 ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
Steve French790fe572007-07-07 19:25:05 +0000330 if (ses->serverOS)
Steve French39798772006-05-31 22:40:51 +0000331 strncpy(ses->serverOS, bcc_ptr, len);
Steve French790fe572007-07-07 19:25:05 +0000332 if (strncmp(ses->serverOS, "OS/2", 4) == 0) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500333 cifs_dbg(FYI, "OS/2 server\n");
Steve French9ac00b72006-09-30 04:13:17 +0000334 ses->flags |= CIFS_SES_OS2;
335 }
Steve French39798772006-05-31 22:40:51 +0000336
337 bcc_ptr += len + 1;
338 bleft -= len + 1;
339
340 len = strnlen(bcc_ptr, bleft);
Steve French790fe572007-07-07 19:25:05 +0000341 if (len >= bleft)
Steve French39798772006-05-31 22:40:51 +0000342 return rc;
343
Steve French26f57362007-08-30 22:09:15 +0000344 kfree(ses->serverNOS);
Steve French39798772006-05-31 22:40:51 +0000345
346 ses->serverNOS = kzalloc(len + 1, GFP_KERNEL);
Steve French790fe572007-07-07 19:25:05 +0000347 if (ses->serverNOS)
Steve French39798772006-05-31 22:40:51 +0000348 strncpy(ses->serverNOS, bcc_ptr, len);
349
350 bcc_ptr += len + 1;
351 bleft -= len + 1;
352
Steve French790fe572007-07-07 19:25:05 +0000353 len = strnlen(bcc_ptr, bleft);
354 if (len > bleft)
355 return rc;
Steve French39798772006-05-31 22:40:51 +0000356
Steve French9ac00b72006-09-30 04:13:17 +0000357 /* No domain field in LANMAN case. Domain is
358 returned by old servers in the SMB negprot response */
359 /* BB For newer servers which do not support Unicode,
360 but thus do return domain here we could add parsing
361 for it later, but it is not very important */
Joe Perchesf96637b2013-05-04 22:12:25 -0500362 cifs_dbg(FYI, "ascii: bytes left %d\n", bleft);
Steve French39798772006-05-31 22:40:51 +0000363
364 return rc;
365}
366
Pavel Shilovsky5478f9b2011-12-27 16:22:00 +0400367int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len,
Steve French96daf2b2011-05-27 04:34:02 +0000368 struct cifs_ses *ses)
Steve French0b3cc8582009-05-04 08:37:12 +0000369{
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500370 unsigned int tioffset; /* challenge message target info area */
371 unsigned int tilen; /* challenge message target info area length */
372
Steve French0b3cc8582009-05-04 08:37:12 +0000373 CHALLENGE_MESSAGE *pblob = (CHALLENGE_MESSAGE *)bcc_ptr;
374
375 if (blob_len < sizeof(CHALLENGE_MESSAGE)) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500376 cifs_dbg(VFS, "challenge blob len %d too small\n", blob_len);
Steve French0b3cc8582009-05-04 08:37:12 +0000377 return -EINVAL;
378 }
379
380 if (memcmp(pblob->Signature, "NTLMSSP", 8)) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500381 cifs_dbg(VFS, "blob signature incorrect %s\n",
382 pblob->Signature);
Steve French0b3cc8582009-05-04 08:37:12 +0000383 return -EINVAL;
384 }
385 if (pblob->MessageType != NtLmChallenge) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500386 cifs_dbg(VFS, "Incorrect message type %d\n",
387 pblob->MessageType);
Steve French0b3cc8582009-05-04 08:37:12 +0000388 return -EINVAL;
389 }
390
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500391 memcpy(ses->ntlmssp->cryptkey, pblob->Challenge, CIFS_CRYPTO_KEY_SIZE);
Steve French0b3cc8582009-05-04 08:37:12 +0000392 /* BB we could decode pblob->NegotiateFlags; some may be useful */
393 /* In particular we can examine sign flags */
394 /* BB spec says that if AvId field of MsvAvTimestamp is populated then
395 we must set the MIC field of the AUTHENTICATE_MESSAGE */
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500396 ses->ntlmssp->server_flags = le32_to_cpu(pblob->NegotiateFlags);
Steve French5443d132011-03-13 05:08:25 +0000397 tioffset = le32_to_cpu(pblob->TargetInfoArray.BufferOffset);
398 tilen = le16_to_cpu(pblob->TargetInfoArray.Length);
Dan Carpenter4991a5f2012-01-31 11:52:01 +0300399 if (tioffset > blob_len || tioffset + tilen > blob_len) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500400 cifs_dbg(VFS, "tioffset + tilen too high %u + %u",
401 tioffset, tilen);
Dan Carpenter4991a5f2012-01-31 11:52:01 +0300402 return -EINVAL;
403 }
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500404 if (tilen) {
Silviu-Mihai Popescuf7f7c182013-03-11 18:22:32 +0200405 ses->auth_key.response = kmemdup(bcc_ptr + tioffset, tilen,
406 GFP_KERNEL);
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500407 if (!ses->auth_key.response) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500408 cifs_dbg(VFS, "Challenge target info alloc failure");
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500409 return -ENOMEM;
410 }
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500411 ses->auth_key.len = tilen;
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500412 }
413
Steve French0b3cc8582009-05-04 08:37:12 +0000414 return 0;
415}
416
Steve French0b3cc8582009-05-04 08:37:12 +0000417/* BB Move to ntlmssp.c eventually */
418
419/* We do not malloc the blob, it is passed in pbuffer, because
420 it is fixed size, and small, making this approach cleaner */
Pavel Shilovsky5478f9b2011-12-27 16:22:00 +0400421void build_ntlmssp_negotiate_blob(unsigned char *pbuffer,
Steve French96daf2b2011-05-27 04:34:02 +0000422 struct cifs_ses *ses)
Steve French0b3cc8582009-05-04 08:37:12 +0000423{
424 NEGOTIATE_MESSAGE *sec_blob = (NEGOTIATE_MESSAGE *)pbuffer;
425 __u32 flags;
426
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600427 memset(pbuffer, 0, sizeof(NEGOTIATE_MESSAGE));
Steve French0b3cc8582009-05-04 08:37:12 +0000428 memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8);
429 sec_blob->MessageType = NtLmNegotiate;
430
431 /* BB is NTLMV2 session security format easier to use here? */
432 flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET |
433 NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600434 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;
Steve French96daf2b2011-05-27 04:34:02 +0000435 if (ses->server->sec_mode &
Shirish Pargaonkard2b91522010-10-21 14:25:08 -0500436 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) {
Steve French745e5072010-09-08 21:09:27 +0000437 flags |= NTLMSSP_NEGOTIATE_SIGN;
Shirish Pargaonkard2b91522010-10-21 14:25:08 -0500438 if (!ses->server->session_estab)
Shirish Pargaonkar62411ab2011-07-10 06:55:32 -0500439 flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
Shirish Pargaonkard2b91522010-10-21 14:25:08 -0500440 }
Steve French0b3cc8582009-05-04 08:37:12 +0000441
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600442 sec_blob->NegotiateFlags = cpu_to_le32(flags);
Steve French0b3cc8582009-05-04 08:37:12 +0000443
444 sec_blob->WorkstationName.BufferOffset = 0;
445 sec_blob->WorkstationName.Length = 0;
446 sec_blob->WorkstationName.MaximumLength = 0;
447
448 /* Domain name is sent on the Challenge not Negotiate NTLMSSP request */
449 sec_blob->DomainName.BufferOffset = 0;
450 sec_blob->DomainName.Length = 0;
451 sec_blob->DomainName.MaximumLength = 0;
452}
453
454/* We do not malloc the blob, it is passed in pbuffer, because its
455 maximum possible size is fixed and small, making this approach cleaner.
456 This function returns the length of the data in the blob */
Pavel Shilovsky5478f9b2011-12-27 16:22:00 +0400457int build_ntlmssp_auth_blob(unsigned char *pbuffer,
Shirish Pargaonkar89f150f2010-10-19 11:47:52 -0500458 u16 *buflen,
Steve French96daf2b2011-05-27 04:34:02 +0000459 struct cifs_ses *ses,
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500460 const struct nls_table *nls_cp)
Steve French0b3cc8582009-05-04 08:37:12 +0000461{
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500462 int rc;
Steve French0b3cc8582009-05-04 08:37:12 +0000463 AUTHENTICATE_MESSAGE *sec_blob = (AUTHENTICATE_MESSAGE *)pbuffer;
464 __u32 flags;
465 unsigned char *tmp;
Steve French0b3cc8582009-05-04 08:37:12 +0000466
467 memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8);
468 sec_blob->MessageType = NtLmAuthenticate;
469
470 flags = NTLMSSP_NEGOTIATE_56 |
471 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO |
472 NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600473 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;
Steve French96daf2b2011-05-27 04:34:02 +0000474 if (ses->server->sec_mode &
Shirish Pargaonkar62411ab2011-07-10 06:55:32 -0500475 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) {
Steve French0b3cc8582009-05-04 08:37:12 +0000476 flags |= NTLMSSP_NEGOTIATE_SIGN;
Shirish Pargaonkar62411ab2011-07-10 06:55:32 -0500477 if (!ses->server->session_estab)
478 flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
479 }
Steve French0b3cc8582009-05-04 08:37:12 +0000480
481 tmp = pbuffer + sizeof(AUTHENTICATE_MESSAGE);
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600482 sec_blob->NegotiateFlags = cpu_to_le32(flags);
Steve French0b3cc8582009-05-04 08:37:12 +0000483
484 sec_blob->LmChallengeResponse.BufferOffset =
485 cpu_to_le32(sizeof(AUTHENTICATE_MESSAGE));
486 sec_blob->LmChallengeResponse.Length = 0;
487 sec_blob->LmChallengeResponse.MaximumLength = 0;
488
Steve Frenchc8e56f12010-09-08 21:10:58 +0000489 sec_blob->NtChallengeResponse.BufferOffset = cpu_to_le32(tmp - pbuffer);
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500490 rc = setup_ntlmv2_rsp(ses, nls_cp);
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500491 if (rc) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500492 cifs_dbg(VFS, "Error %d during NTLMSSP authentication\n", rc);
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500493 goto setup_ntlmv2_ret;
494 }
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500495 memcpy(tmp, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
496 ses->auth_key.len - CIFS_SESS_KEY_SIZE);
497 tmp += ses->auth_key.len - CIFS_SESS_KEY_SIZE;
Steve Frenchc8e56f12010-09-08 21:10:58 +0000498
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500499 sec_blob->NtChallengeResponse.Length =
500 cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500501 sec_blob->NtChallengeResponse.MaximumLength =
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500502 cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
Steve French0b3cc8582009-05-04 08:37:12 +0000503
504 if (ses->domainName == NULL) {
505 sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - pbuffer);
506 sec_blob->DomainName.Length = 0;
507 sec_blob->DomainName.MaximumLength = 0;
508 tmp += 2;
509 } else {
510 int len;
Steve Frenchacbbb762012-01-18 22:32:33 -0600511 len = cifs_strtoUTF16((__le16 *)tmp, ses->domainName,
512 MAX_USERNAME_SIZE, nls_cp);
Steve French0b3cc8582009-05-04 08:37:12 +0000513 len *= 2; /* unicode is 2 bytes each */
Steve French0b3cc8582009-05-04 08:37:12 +0000514 sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - pbuffer);
515 sec_blob->DomainName.Length = cpu_to_le16(len);
516 sec_blob->DomainName.MaximumLength = cpu_to_le16(len);
517 tmp += len;
518 }
519
Steve French8727c8a2011-02-25 01:11:56 -0600520 if (ses->user_name == NULL) {
Steve French0b3cc8582009-05-04 08:37:12 +0000521 sec_blob->UserName.BufferOffset = cpu_to_le32(tmp - pbuffer);
522 sec_blob->UserName.Length = 0;
523 sec_blob->UserName.MaximumLength = 0;
524 tmp += 2;
525 } else {
526 int len;
Steve Frenchacbbb762012-01-18 22:32:33 -0600527 len = cifs_strtoUTF16((__le16 *)tmp, ses->user_name,
528 MAX_USERNAME_SIZE, nls_cp);
Steve French0b3cc8582009-05-04 08:37:12 +0000529 len *= 2; /* unicode is 2 bytes each */
Steve French0b3cc8582009-05-04 08:37:12 +0000530 sec_blob->UserName.BufferOffset = cpu_to_le32(tmp - pbuffer);
531 sec_blob->UserName.Length = cpu_to_le16(len);
532 sec_blob->UserName.MaximumLength = cpu_to_le16(len);
533 tmp += len;
534 }
535
536 sec_blob->WorkstationName.BufferOffset = cpu_to_le32(tmp - pbuffer);
537 sec_blob->WorkstationName.Length = 0;
538 sec_blob->WorkstationName.MaximumLength = 0;
539 tmp += 2;
540
Shirish Pargaonkardf8fbc242010-12-11 14:19:22 -0600541 if (((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) ||
542 (ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_EXTENDED_SEC))
543 && !calc_seckey(ses)) {
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500544 memcpy(tmp, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE);
Shirish Pargaonkard2b91522010-10-21 14:25:08 -0500545 sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);
546 sec_blob->SessionKey.Length = cpu_to_le16(CIFS_CPHTXT_SIZE);
547 sec_blob->SessionKey.MaximumLength =
548 cpu_to_le16(CIFS_CPHTXT_SIZE);
549 tmp += CIFS_CPHTXT_SIZE;
550 } else {
551 sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);
552 sec_blob->SessionKey.Length = 0;
553 sec_blob->SessionKey.MaximumLength = 0;
554 }
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500555
556setup_ntlmv2_ret:
Shirish Pargaonkar89f150f2010-10-19 11:47:52 -0500557 *buflen = tmp - pbuffer;
558 return rc;
Steve French0b3cc8582009-05-04 08:37:12 +0000559}
Steve French0b3cc8582009-05-04 08:37:12 +0000560
Steve French790fe572007-07-07 19:25:05 +0000561int
Pavel Shilovsky58c45c52012-05-25 10:54:49 +0400562CIFS_SessSetup(const unsigned int xid, struct cifs_ses *ses,
Jeff Laytonebe6aa52010-04-24 07:57:47 -0400563 const struct nls_table *nls_cp)
Steve French39798772006-05-31 22:40:51 +0000564{
565 int rc = 0;
566 int wct;
Steve French39798772006-05-31 22:40:51 +0000567 struct smb_hdr *smb_buf;
568 char *bcc_ptr;
Steve French750d1152006-06-27 06:28:30 +0000569 char *str_area;
Steve French39798772006-05-31 22:40:51 +0000570 SESSION_SETUP_ANDX *pSMB;
571 __u32 capabilities;
Jeff Layton690c5222011-01-20 13:36:51 -0500572 __u16 count;
Steve French24424212007-11-16 23:37:35 +0000573 int resp_buf_type;
574 struct kvec iov[3];
Steve French39798772006-05-31 22:40:51 +0000575 enum securityEnum type;
Jeff Layton690c5222011-01-20 13:36:51 -0500576 __u16 action, bytes_remaining;
Steve French24424212007-11-16 23:37:35 +0000577 struct key *spnego_key = NULL;
Steve French0b3cc8582009-05-04 08:37:12 +0000578 __le32 phase = NtLmNegotiate; /* NTLMSSP, if needed, is multistage */
Shirish Pargaonkar89f150f2010-10-19 11:47:52 -0500579 u16 blob_len;
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500580 char *ntlmsspblob = NULL;
Steve French254e55e2006-06-04 05:53:15 +0000581
Steve French790fe572007-07-07 19:25:05 +0000582 if (ses == NULL)
Steve French39798772006-05-31 22:40:51 +0000583 return -EINVAL;
584
585 type = ses->server->secType;
Joe Perchesf96637b2013-05-04 22:12:25 -0500586 cifs_dbg(FYI, "sess setup type %d\n", type);
Shirish Pargaonkard3686d52010-10-28 09:53:07 -0500587 if (type == RawNTLMSSP) {
588 /* if memory allocation is successful, caller of this function
589 * frees it.
590 */
591 ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL);
592 if (!ses->ntlmssp)
593 return -ENOMEM;
594 }
595
Steve French0b3cc8582009-05-04 08:37:12 +0000596ssetup_ntlmssp_authenticate:
597 if (phase == NtLmChallenge)
598 phase = NtLmAuthenticate; /* if ntlmssp, now final phase */
599
Steve French790fe572007-07-07 19:25:05 +0000600 if (type == LANMAN) {
Steve French39798772006-05-31 22:40:51 +0000601#ifndef CONFIG_CIFS_WEAK_PW_HASH
602 /* LANMAN and plaintext are less secure and off by default.
603 So we make this explicitly be turned on in kconfig (in the
604 build) and turned on at runtime (changed from the default)
605 in proc/fs/cifs or via mount parm. Unfortunately this is
606 needed for old Win (e.g. Win95), some obscure NAS and OS/2 */
607 return -EOPNOTSUPP;
608#endif
609 wct = 10; /* lanman 2 style sessionsetup */
Steve French790fe572007-07-07 19:25:05 +0000610 } else if ((type == NTLM) || (type == NTLMv2)) {
Steve French9312f672006-06-04 22:21:07 +0000611 /* For NTLMv2 failures eventually may need to retry NTLM */
Steve French39798772006-05-31 22:40:51 +0000612 wct = 13; /* old style NTLM sessionsetup */
Steve French790fe572007-07-07 19:25:05 +0000613 } else /* same size: negotiate or auth, NTLMSSP or extended security */
Steve French39798772006-05-31 22:40:51 +0000614 wct = 12;
615
616 rc = small_smb_init_no_tc(SMB_COM_SESSION_SETUP_ANDX, wct, ses,
617 (void **)&smb_buf);
Steve French790fe572007-07-07 19:25:05 +0000618 if (rc)
Steve French39798772006-05-31 22:40:51 +0000619 return rc;
620
621 pSMB = (SESSION_SETUP_ANDX *)smb_buf;
622
623 capabilities = cifs_ssetup_hdr(ses, pSMB);
Steve French750d1152006-06-27 06:28:30 +0000624
Steve French24424212007-11-16 23:37:35 +0000625 /* we will send the SMB in three pieces:
626 a fixed length beginning part, an optional
627 SPNEGO blob (which can be zero length), and a
628 last part which will include the strings
629 and rest of bcc area. This allows us to avoid
630 a large buffer 17K allocation */
Steve French790fe572007-07-07 19:25:05 +0000631 iov[0].iov_base = (char *)pSMB;
Steve Frenchbe8e3b02011-04-29 05:40:20 +0000632 iov[0].iov_len = be32_to_cpu(smb_buf->smb_buf_length) + 4;
Steve French750d1152006-06-27 06:28:30 +0000633
Steve French24424212007-11-16 23:37:35 +0000634 /* setting this here allows the code at the end of the function
635 to free the request buffer if there's an error */
636 resp_buf_type = CIFS_SMALL_BUFFER;
637
Steve French750d1152006-06-27 06:28:30 +0000638 /* 2000 big enough to fit max user, domain, NOS name etc. */
639 str_area = kmalloc(2000, GFP_KERNEL);
Cyrill Gorcunov5e6e6232007-08-18 00:15:20 +0000640 if (str_area == NULL) {
Steve French24424212007-11-16 23:37:35 +0000641 rc = -ENOMEM;
642 goto ssetup_exit;
Cyrill Gorcunov5e6e6232007-08-18 00:15:20 +0000643 }
Steve French750d1152006-06-27 06:28:30 +0000644 bcc_ptr = str_area;
Steve French39798772006-05-31 22:40:51 +0000645
Steve French9ac00b72006-09-30 04:13:17 +0000646 ses->flags &= ~CIFS_SES_LANMAN;
647
Steve French24424212007-11-16 23:37:35 +0000648 iov[1].iov_base = NULL;
649 iov[1].iov_len = 0;
650
Steve French790fe572007-07-07 19:25:05 +0000651 if (type == LANMAN) {
Steve French39798772006-05-31 22:40:51 +0000652#ifdef CONFIG_CIFS_WEAK_PW_HASH
Shirish Pargaonkar5e640922011-02-17 14:38:31 -0600653 char lnm_session_key[CIFS_AUTH_RESP_SIZE];
Steve French39798772006-05-31 22:40:51 +0000654
Steve Frenchc76da9d2008-08-28 15:32:22 +0000655 pSMB->req.hdr.Flags2 &= ~SMBFLG2_UNICODE;
656
Steve French39798772006-05-31 22:40:51 +0000657 /* no capabilities flags in old lanman negotiation */
658
Shirish Pargaonkar5e640922011-02-17 14:38:31 -0600659 pSMB->old_req.PasswordLength = cpu_to_le16(CIFS_AUTH_RESP_SIZE);
Steve French39798772006-05-31 22:40:51 +0000660
Shirish Pargaonkard3ba50b2010-10-27 15:20:36 -0500661 /* Calculate hash with password and copy into bcc_ptr.
662 * Encryption Key (stored as in cryptkey) gets used if the
663 * security mode bit in Negottiate Protocol response states
664 * to use challenge/response method (i.e. Password bit is 1).
665 */
666
Steve French43988d72011-04-19 18:23:31 +0000667 rc = calc_lanman_hash(ses->password, ses->server->cryptkey,
Steve French96daf2b2011-05-27 04:34:02 +0000668 ses->server->sec_mode & SECMODE_PW_ENCRYPT ?
Jeff Layton4e53a3f2008-12-05 20:41:21 -0500669 true : false, lnm_session_key);
670
Steve French790fe572007-07-07 19:25:05 +0000671 ses->flags |= CIFS_SES_LANMAN;
Shirish Pargaonkar5e640922011-02-17 14:38:31 -0600672 memcpy(bcc_ptr, (char *)lnm_session_key, CIFS_AUTH_RESP_SIZE);
673 bcc_ptr += CIFS_AUTH_RESP_SIZE;
Steve French39798772006-05-31 22:40:51 +0000674
675 /* can not sign if LANMAN negotiated so no need
676 to calculate signing key? but what if server
677 changed to do higher than lanman dialect and
678 we reconnected would we ever calc signing_key? */
679
Joe Perchesf96637b2013-05-04 22:12:25 -0500680 cifs_dbg(FYI, "Negotiating LANMAN setting up strings\n");
Steve French39798772006-05-31 22:40:51 +0000681 /* Unicode not allowed for LANMAN dialects */
682 ascii_ssetup_strings(&bcc_ptr, ses, nls_cp);
Steve French790fe572007-07-07 19:25:05 +0000683#endif
Steve French39798772006-05-31 22:40:51 +0000684 } else if (type == NTLM) {
Steve French39798772006-05-31 22:40:51 +0000685 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
686 pSMB->req_no_secext.CaseInsensitivePasswordLength =
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500687 cpu_to_le16(CIFS_AUTH_RESP_SIZE);
Steve French39798772006-05-31 22:40:51 +0000688 pSMB->req_no_secext.CaseSensitivePasswordLength =
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500689 cpu_to_le16(CIFS_AUTH_RESP_SIZE);
Steve French50c2f752007-07-13 00:33:32 +0000690
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500691 /* calculate ntlm response and session key */
Shirish Pargaonkar9ef59922011-10-20 13:21:59 -0500692 rc = setup_ntlm_response(ses, nls_cp);
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500693 if (rc) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500694 cifs_dbg(VFS, "Error %d during NTLM authentication\n",
695 rc);
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500696 goto ssetup_exit;
697 }
Steve French39798772006-05-31 22:40:51 +0000698
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500699 /* copy ntlm response */
700 memcpy(bcc_ptr, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
701 CIFS_AUTH_RESP_SIZE);
702 bcc_ptr += CIFS_AUTH_RESP_SIZE;
703 memcpy(bcc_ptr, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
704 CIFS_AUTH_RESP_SIZE);
705 bcc_ptr += CIFS_AUTH_RESP_SIZE;
706
Steve French790fe572007-07-07 19:25:05 +0000707 if (ses->capabilities & CAP_UNICODE) {
Steve French0223cf02006-06-27 19:50:57 +0000708 /* unicode strings must be word aligned */
709 if (iov[0].iov_len % 2) {
710 *bcc_ptr = 0;
Steve French790fe572007-07-07 19:25:05 +0000711 bcc_ptr++;
712 }
Steve French7c7b25b2006-06-01 19:20:10 +0000713 unicode_ssetup_strings(&bcc_ptr, ses, nls_cp);
Steve French0223cf02006-06-27 19:50:57 +0000714 } else
Steve French7c7b25b2006-06-01 19:20:10 +0000715 ascii_ssetup_strings(&bcc_ptr, ses, nls_cp);
716 } else if (type == NTLMv2) {
Steve French7c7b25b2006-06-01 19:20:10 +0000717 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
718
719 /* LM2 password would be here if we supported it */
720 pSMB->req_no_secext.CaseInsensitivePasswordLength = 0;
Steve French7c7b25b2006-06-01 19:20:10 +0000721
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500722 /* calculate nlmv2 response and session key */
723 rc = setup_ntlmv2_rsp(ses, nls_cp);
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500724 if (rc) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500725 cifs_dbg(VFS, "Error %d during NTLMv2 authentication\n",
726 rc);
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500727 goto ssetup_exit;
728 }
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500729 memcpy(bcc_ptr, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
730 ses->auth_key.len - CIFS_SESS_KEY_SIZE);
731 bcc_ptr += ses->auth_key.len - CIFS_SESS_KEY_SIZE;
732
Shirish Pargaonkarc9928f72010-10-04 19:56:13 -0500733 /* set case sensitive password length after tilen may get
734 * assigned, tilen is 0 otherwise.
735 */
736 pSMB->req_no_secext.CaseSensitivePasswordLength =
Shirish Pargaonkarf7c5445a2010-10-26 18:10:24 -0500737 cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
Shirish Pargaonkarc9928f72010-10-04 19:56:13 -0500738
Steve French790fe572007-07-07 19:25:05 +0000739 if (ses->capabilities & CAP_UNICODE) {
740 if (iov[0].iov_len % 2) {
Steve French0223cf02006-06-27 19:50:57 +0000741 *bcc_ptr = 0;
Steve French26f57362007-08-30 22:09:15 +0000742 bcc_ptr++;
743 }
Steve French39798772006-05-31 22:40:51 +0000744 unicode_ssetup_strings(&bcc_ptr, ses, nls_cp);
Steve French0223cf02006-06-27 19:50:57 +0000745 } else
Steve French39798772006-05-31 22:40:51 +0000746 ascii_ssetup_strings(&bcc_ptr, ses, nls_cp);
Jeff Layton26efa0b2010-04-24 07:57:49 -0400747 } else if (type == Kerberos) {
Steve French24424212007-11-16 23:37:35 +0000748#ifdef CONFIG_CIFS_UPCALL
749 struct cifs_spnego_msg *msg;
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500750
Steve French24424212007-11-16 23:37:35 +0000751 spnego_key = cifs_get_spnego_key(ses);
752 if (IS_ERR(spnego_key)) {
753 rc = PTR_ERR(spnego_key);
754 spnego_key = NULL;
755 goto ssetup_exit;
756 }
757
758 msg = spnego_key->payload.data;
Steve French6ce5eec2008-08-26 00:37:14 +0000759 /* check version field to make sure that cifs.upcall is
760 sending us a response in an expected form */
761 if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500762 cifs_dbg(VFS, "incorrect version of cifs.upcall "
763 "expected %d but got %d)",
Joe Perchesb6b38f72010-04-21 03:50:45 +0000764 CIFS_SPNEGO_UPCALL_VERSION, msg->version);
Steve French6ce5eec2008-08-26 00:37:14 +0000765 rc = -EKEYREJECTED;
766 goto ssetup_exit;
767 }
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500768
Silviu-Mihai Popescuf7f7c182013-03-11 18:22:32 +0200769 ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len,
770 GFP_KERNEL);
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500771 if (!ses->auth_key.response) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500772 cifs_dbg(VFS, "Kerberos can't allocate (%u bytes) memory",
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500773 msg->sesskey_len);
774 rc = -ENOMEM;
Steve French24424212007-11-16 23:37:35 +0000775 goto ssetup_exit;
776 }
Shirish Pargaonkar5d0d2882010-10-13 18:15:00 -0500777 ses->auth_key.len = msg->sesskey_len;
Shirish Pargaonkar21e73392010-10-21 06:42:55 -0500778
Steve French39798772006-05-31 22:40:51 +0000779 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
780 capabilities |= CAP_EXTENDED_SECURITY;
781 pSMB->req.Capabilities = cpu_to_le32(capabilities);
Steve French24424212007-11-16 23:37:35 +0000782 iov[1].iov_base = msg->data + msg->sesskey_len;
783 iov[1].iov_len = msg->secblob_len;
784 pSMB->req.SecurityBlobLength = cpu_to_le16(iov[1].iov_len);
785
786 if (ses->capabilities & CAP_UNICODE) {
787 /* unicode strings must be word aligned */
Jeff Layton28c5a022007-12-31 04:56:21 +0000788 if ((iov[0].iov_len + iov[1].iov_len) % 2) {
Steve French24424212007-11-16 23:37:35 +0000789 *bcc_ptr = 0;
790 bcc_ptr++;
791 }
792 unicode_oslm_strings(&bcc_ptr, nls_cp);
793 unicode_domain_string(&bcc_ptr, ses, nls_cp);
794 } else
795 /* BB: is this right? */
796 ascii_ssetup_strings(&bcc_ptr, ses, nls_cp);
797#else /* ! CONFIG_CIFS_UPCALL */
Joe Perchesf96637b2013-05-04 22:12:25 -0500798 cifs_dbg(VFS, "Kerberos negotiated but upcall support disabled!\n");
Steve French24424212007-11-16 23:37:35 +0000799 rc = -ENOSYS;
800 goto ssetup_exit;
801#endif /* CONFIG_CIFS_UPCALL */
Jeff Laytonb4d6fcf2011-01-07 11:30:28 -0500802 } else if (type == RawNTLMSSP) {
803 if ((pSMB->req.hdr.Flags2 & SMBFLG2_UNICODE) == 0) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500804 cifs_dbg(VFS, "NTLMSSP requires Unicode support\n");
Steve French0b3cc8582009-05-04 08:37:12 +0000805 rc = -ENOSYS;
806 goto ssetup_exit;
807 }
Jeff Laytonb4d6fcf2011-01-07 11:30:28 -0500808
Joe Perchesf96637b2013-05-04 22:12:25 -0500809 cifs_dbg(FYI, "ntlmssp session setup phase %d\n", phase);
Jeff Laytonb4d6fcf2011-01-07 11:30:28 -0500810 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
811 capabilities |= CAP_EXTENDED_SECURITY;
812 pSMB->req.Capabilities |= cpu_to_le32(capabilities);
813 switch(phase) {
814 case NtLmNegotiate:
815 build_ntlmssp_negotiate_blob(
816 pSMB->req.SecurityBlob, ses);
817 iov[1].iov_len = sizeof(NEGOTIATE_MESSAGE);
818 iov[1].iov_base = pSMB->req.SecurityBlob;
819 pSMB->req.SecurityBlobLength =
820 cpu_to_le16(sizeof(NEGOTIATE_MESSAGE));
821 break;
822 case NtLmAuthenticate:
823 /*
824 * 5 is an empirical value, large enough to hold
825 * authenticate message plus max 10 of av paris,
826 * domain, user, workstation names, flags, etc.
827 */
828 ntlmsspblob = kzalloc(
829 5*sizeof(struct _AUTHENTICATE_MESSAGE),
830 GFP_KERNEL);
831 if (!ntlmsspblob) {
Jeff Laytonb4d6fcf2011-01-07 11:30:28 -0500832 rc = -ENOMEM;
833 goto ssetup_exit;
834 }
835
836 rc = build_ntlmssp_auth_blob(ntlmsspblob,
837 &blob_len, ses, nls_cp);
838 if (rc)
839 goto ssetup_exit;
840 iov[1].iov_len = blob_len;
841 iov[1].iov_base = ntlmsspblob;
842 pSMB->req.SecurityBlobLength = cpu_to_le16(blob_len);
843 /*
844 * Make sure that we tell the server that we are using
845 * the uid that it just gave us back on the response
846 * (challenge)
847 */
848 smb_buf->Uid = ses->Suid;
849 break;
850 default:
Joe Perchesf96637b2013-05-04 22:12:25 -0500851 cifs_dbg(VFS, "invalid phase %d\n", phase);
Jeff Laytonb4d6fcf2011-01-07 11:30:28 -0500852 rc = -ENOSYS;
853 goto ssetup_exit;
854 }
855 /* unicode strings must be word aligned */
856 if ((iov[0].iov_len + iov[1].iov_len) % 2) {
857 *bcc_ptr = 0;
858 bcc_ptr++;
859 }
860 unicode_oslm_strings(&bcc_ptr, nls_cp);
861 } else {
Joe Perchesf96637b2013-05-04 22:12:25 -0500862 cifs_dbg(VFS, "secType %d not supported!\n", type);
Steve French24424212007-11-16 23:37:35 +0000863 rc = -ENOSYS;
864 goto ssetup_exit;
Steve French39798772006-05-31 22:40:51 +0000865 }
866
Steve French24424212007-11-16 23:37:35 +0000867 iov[2].iov_base = str_area;
868 iov[2].iov_len = (long) bcc_ptr - (long) str_area;
869
870 count = iov[1].iov_len + iov[2].iov_len;
Steve Frenchbe8e3b02011-04-29 05:40:20 +0000871 smb_buf->smb_buf_length =
872 cpu_to_be32(be32_to_cpu(smb_buf->smb_buf_length) + count);
Steve French39798772006-05-31 22:40:51 +0000873
Jeff Layton820a8032011-05-04 08:05:26 -0400874 put_bcc(count, smb_buf);
Steve French39798772006-05-31 22:40:51 +0000875
Steve French24424212007-11-16 23:37:35 +0000876 rc = SendReceive2(xid, ses, iov, 3 /* num_iovecs */, &resp_buf_type,
Jeff Layton77499812011-01-11 07:24:23 -0500877 CIFS_LOG_ERROR);
Steve French39798772006-05-31 22:40:51 +0000878 /* SMB request buf freed in SendReceive2 */
879
Steve French39798772006-05-31 22:40:51 +0000880 pSMB = (SESSION_SETUP_ANDX *)iov[0].iov_base;
881 smb_buf = (struct smb_hdr *)iov[0].iov_base;
882
Pavel Shilovskyf065fd02012-09-25 11:00:08 +0400883 if ((type == RawNTLMSSP) && (resp_buf_type != CIFS_NO_BUFFER) &&
884 (smb_buf->Status.CifsError ==
Steve French0b3cc8582009-05-04 08:37:12 +0000885 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))) {
886 if (phase != NtLmNegotiate) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500887 cifs_dbg(VFS, "Unexpected more processing error\n");
Steve French0b3cc8582009-05-04 08:37:12 +0000888 goto ssetup_exit;
889 }
890 /* NTLMSSP Negotiate sent now processing challenge (response) */
891 phase = NtLmChallenge; /* process ntlmssp challenge */
892 rc = 0; /* MORE_PROC rc is not an error here, but expected */
893 }
894 if (rc)
895 goto ssetup_exit;
896
Steve French790fe572007-07-07 19:25:05 +0000897 if ((smb_buf->WordCount != 3) && (smb_buf->WordCount != 4)) {
Steve French39798772006-05-31 22:40:51 +0000898 rc = -EIO;
Joe Perchesf96637b2013-05-04 22:12:25 -0500899 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount);
Steve French39798772006-05-31 22:40:51 +0000900 goto ssetup_exit;
901 }
902 action = le16_to_cpu(pSMB->resp.Action);
903 if (action & GUEST_LOGIN)
Joe Perchesf96637b2013-05-04 22:12:25 -0500904 cifs_dbg(FYI, "Guest login\n"); /* BB mark SesInfo struct? */
Steve French39798772006-05-31 22:40:51 +0000905 ses->Suid = smb_buf->Uid; /* UID left in wire format (le) */
Joe Perchesf96637b2013-05-04 22:12:25 -0500906 cifs_dbg(FYI, "UID = %llu\n", ses->Suid);
Steve French39798772006-05-31 22:40:51 +0000907 /* response can have either 3 or 4 word count - Samba sends 3 */
908 /* and lanman response is 3 */
Jeff Layton690c5222011-01-20 13:36:51 -0500909 bytes_remaining = get_bcc(smb_buf);
Steve French39798772006-05-31 22:40:51 +0000910 bcc_ptr = pByteArea(smb_buf);
911
Steve French790fe572007-07-07 19:25:05 +0000912 if (smb_buf->WordCount == 4) {
Steve French39798772006-05-31 22:40:51 +0000913 blob_len = le16_to_cpu(pSMB->resp.SecurityBlobLength);
Steve French790fe572007-07-07 19:25:05 +0000914 if (blob_len > bytes_remaining) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500915 cifs_dbg(VFS, "bad security blob length %d\n",
916 blob_len);
Steve French39798772006-05-31 22:40:51 +0000917 rc = -EINVAL;
918 goto ssetup_exit;
919 }
Steve French0b3cc8582009-05-04 08:37:12 +0000920 if (phase == NtLmChallenge) {
921 rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
922 /* now goto beginning for ntlmssp authenticate phase */
923 if (rc)
924 goto ssetup_exit;
925 }
926 bcc_ptr += blob_len;
Steve French39798772006-05-31 22:40:51 +0000927 bytes_remaining -= blob_len;
Steve French790fe572007-07-07 19:25:05 +0000928 }
Steve French39798772006-05-31 22:40:51 +0000929
930 /* BB check if Unicode and decode strings */
Jeff Laytonfcda7f42011-04-27 13:25:51 -0400931 if (bytes_remaining == 0) {
932 /* no string area to decode, do nothing */
933 } else if (smb_buf->Flags2 & SMBFLG2_UNICODE) {
Jeff Layton27b87fe2009-04-14 11:00:53 -0400934 /* unicode string area must be word-aligned */
935 if (((unsigned long) bcc_ptr - (unsigned long) smb_buf) % 2) {
936 ++bcc_ptr;
937 --bytes_remaining;
938 }
Jeff Layton59140792009-04-30 07:16:21 -0400939 decode_unicode_ssetup(&bcc_ptr, bytes_remaining, ses, nls_cp);
Jeff Layton27b87fe2009-04-14 11:00:53 -0400940 } else {
Steve French63135e02007-07-17 17:34:02 +0000941 rc = decode_ascii_ssetup(&bcc_ptr, bytes_remaining,
942 ses, nls_cp);
Jeff Layton27b87fe2009-04-14 11:00:53 -0400943 }
Steve French50c2f752007-07-13 00:33:32 +0000944
Steve French39798772006-05-31 22:40:51 +0000945ssetup_exit:
Jeff Laytondfd15c42008-09-24 11:32:59 -0400946 if (spnego_key) {
Jeff Layton00401ff2012-07-23 13:14:28 -0400947 key_invalidate(spnego_key);
Steve French24424212007-11-16 23:37:35 +0000948 key_put(spnego_key);
Jeff Laytondfd15c42008-09-24 11:32:59 -0400949 }
Steve French750d1152006-06-27 06:28:30 +0000950 kfree(str_area);
Shirish Pargaonkar2b149f12010-09-18 22:02:18 -0500951 kfree(ntlmsspblob);
952 ntlmsspblob = NULL;
Steve French790fe572007-07-07 19:25:05 +0000953 if (resp_buf_type == CIFS_SMALL_BUFFER) {
Joe Perchesf96637b2013-05-04 22:12:25 -0500954 cifs_dbg(FYI, "ssetup freeing small buf %p\n", iov[0].iov_base);
Steve French39798772006-05-31 22:40:51 +0000955 cifs_small_buf_release(iov[0].iov_base);
Steve French790fe572007-07-07 19:25:05 +0000956 } else if (resp_buf_type == CIFS_LARGE_BUFFER)
Steve French39798772006-05-31 22:40:51 +0000957 cifs_buf_release(iov[0].iov_base);
958
Steve French0b3cc8582009-05-04 08:37:12 +0000959 /* if ntlmssp, and negotiate succeeded, proceed to authenticate phase */
960 if ((phase == NtLmChallenge) && (rc == 0))
961 goto ssetup_ntlmssp_authenticate;
962
Steve French39798772006-05-31 22:40:51 +0000963 return rc;
964}