1 // SPDX-License-Identifier: LGPL-2.1
4 * SMB/CIFS session setup handling routines
6 * Copyright (c) International Business Machines Corp., 2006, 2009
7 * Author(s): Steve French (sfrench@us.ibm.com)
13 #include "cifsproto.h"
14 #include "cifs_unicode.h"
15 #include "cifs_debug.h"
18 #include <linux/utsname.h>
19 #include <linux/slab.h>
20 #include "cifs_spnego.h"
21 #include "smb2proto.h"
22 #include "fs_context.h"
25 cifs_ses_add_channel(struct cifs_sb_info *cifs_sb, struct cifs_ses *ses,
26 struct cifs_server_iface *iface);
29 is_server_using_iface(struct TCP_Server_Info *server,
30 struct cifs_server_iface *iface)
32 struct sockaddr_in *i4 = (struct sockaddr_in *)&iface->sockaddr;
33 struct sockaddr_in6 *i6 = (struct sockaddr_in6 *)&iface->sockaddr;
34 struct sockaddr_in *s4 = (struct sockaddr_in *)&server->dstaddr;
35 struct sockaddr_in6 *s6 = (struct sockaddr_in6 *)&server->dstaddr;
37 if (server->dstaddr.ss_family != iface->sockaddr.ss_family)
39 if (server->dstaddr.ss_family == AF_INET) {
40 if (s4->sin_addr.s_addr != i4->sin_addr.s_addr)
42 } else if (server->dstaddr.ss_family == AF_INET6) {
43 if (memcmp(&s6->sin6_addr, &i6->sin6_addr,
44 sizeof(i6->sin6_addr)) != 0)
47 /* unknown family.. */
53 bool is_ses_using_iface(struct cifs_ses *ses, struct cifs_server_iface *iface)
57 spin_lock(&ses->chan_lock);
58 for (i = 0; i < ses->chan_count; i++) {
59 if (is_server_using_iface(ses->chans[i].server, iface)) {
60 spin_unlock(&ses->chan_lock);
64 spin_unlock(&ses->chan_lock);
69 cifs_ses_get_chan_index(struct cifs_ses *ses,
70 struct TCP_Server_Info *server)
74 for (i = 0; i < ses->chan_count; i++) {
75 if (ses->chans[i].server == server)
79 /* If we didn't find the channel, it is likely a bug */
85 cifs_chan_set_need_reconnect(struct cifs_ses *ses,
86 struct TCP_Server_Info *server)
88 unsigned int chan_index = cifs_ses_get_chan_index(ses, server);
90 set_bit(chan_index, &ses->chans_need_reconnect);
91 cifs_dbg(FYI, "Set reconnect bitmask for chan %u; now 0x%lx\n",
92 chan_index, ses->chans_need_reconnect);
96 cifs_chan_clear_need_reconnect(struct cifs_ses *ses,
97 struct TCP_Server_Info *server)
99 unsigned int chan_index = cifs_ses_get_chan_index(ses, server);
101 clear_bit(chan_index, &ses->chans_need_reconnect);
102 cifs_dbg(FYI, "Cleared reconnect bitmask for chan %u; now 0x%lx\n",
103 chan_index, ses->chans_need_reconnect);
107 cifs_chan_needs_reconnect(struct cifs_ses *ses,
108 struct TCP_Server_Info *server)
110 unsigned int chan_index = cifs_ses_get_chan_index(ses, server);
112 return CIFS_CHAN_NEEDS_RECONNECT(ses, chan_index);
115 /* returns number of channels added */
116 int cifs_try_adding_channels(struct cifs_sb_info *cifs_sb, struct cifs_ses *ses)
118 int old_chan_count, new_chan_count;
123 struct cifs_server_iface *ifaces = NULL;
126 if (ses->server->dialect < SMB30_PROT_ID) {
127 cifs_dbg(VFS, "multichannel is not supported on this protocol version, use 3.0 or above\n");
131 spin_lock(&ses->chan_lock);
133 new_chan_count = old_chan_count = ses->chan_count;
134 left = ses->chan_max - ses->chan_count;
138 "ses already at max_channels (%zu), nothing to open\n",
140 spin_unlock(&ses->chan_lock);
144 if (!(ses->server->capabilities & SMB2_GLOBAL_CAP_MULTI_CHANNEL)) {
146 spin_unlock(&ses->chan_lock);
147 cifs_dbg(VFS, "server %s does not support multichannel\n", ses->server->hostname);
150 spin_unlock(&ses->chan_lock);
153 * Make a copy of the iface list at the time and use that
154 * instead so as to not hold the iface spinlock for opening
157 spin_lock(&ses->iface_lock);
158 iface_count = ses->iface_count;
159 if (iface_count <= 0) {
160 spin_unlock(&ses->iface_lock);
161 cifs_dbg(VFS, "no iface list available to open channels\n");
164 ifaces = kmemdup(ses->iface_list, iface_count*sizeof(*ifaces),
167 spin_unlock(&ses->iface_lock);
170 spin_unlock(&ses->iface_lock);
173 * Keep connecting to same, fastest, iface for all channels as
174 * long as its RSS. Try next fastest one if not RSS or channel
178 struct cifs_server_iface *iface;
181 if (tries > 3*ses->chan_max) {
182 cifs_dbg(FYI, "too many channel open attempts (%d channels left to open)\n",
188 if (is_ses_using_iface(ses, iface) && !iface->rss_capable) {
189 i = (i+1) % iface_count;
193 rc = cifs_ses_add_channel(cifs_sb, ses, iface);
195 cifs_dbg(FYI, "failed to open extra channel on iface#%d rc=%d\n",
197 i = (i+1) % iface_count;
201 cifs_dbg(FYI, "successfully opened new channel on iface#%d\n",
208 return new_chan_count - old_chan_count;
212 * If server is a channel of ses, return the corresponding enclosing
213 * cifs_chan otherwise return NULL.
216 cifs_ses_find_chan(struct cifs_ses *ses, struct TCP_Server_Info *server)
220 spin_lock(&ses->chan_lock);
221 for (i = 0; i < ses->chan_count; i++) {
222 if (ses->chans[i].server == server) {
223 spin_unlock(&ses->chan_lock);
224 return &ses->chans[i];
227 spin_unlock(&ses->chan_lock);
232 cifs_ses_add_channel(struct cifs_sb_info *cifs_sb, struct cifs_ses *ses,
233 struct cifs_server_iface *iface)
235 struct TCP_Server_Info *chan_server;
236 struct cifs_chan *chan;
237 struct smb3_fs_context ctx = {NULL};
238 static const char unc_fmt[] = "\\%s\\foo";
239 char unc[sizeof(unc_fmt)+SERVER_NAME_LEN_WITH_NULL] = {0};
240 struct sockaddr_in *ipv4 = (struct sockaddr_in *)&iface->sockaddr;
241 struct sockaddr_in6 *ipv6 = (struct sockaddr_in6 *)&iface->sockaddr;
243 unsigned int xid = get_xid();
245 if (iface->sockaddr.ss_family == AF_INET)
246 cifs_dbg(FYI, "adding channel to ses %p (speed:%zu bps rdma:%s ip:%pI4)\n",
247 ses, iface->speed, iface->rdma_capable ? "yes" : "no",
250 cifs_dbg(FYI, "adding channel to ses %p (speed:%zu bps rdma:%s ip:%pI6)\n",
251 ses, iface->speed, iface->rdma_capable ? "yes" : "no",
255 * Setup a ctx with mostly the same info as the existing
256 * session and overwrite it with the requested iface data.
258 * We need to setup at least the fields used for negprot and
261 * We only need the ctx here, so we can reuse memory from
262 * the session and server without caring about memory
266 /* Always make new connection for now (TODO?) */
267 ctx.nosharesock = true;
270 ctx.domainauto = ses->domainAuto;
271 ctx.domainname = ses->domainName;
272 ctx.server_hostname = ses->server->hostname;
273 ctx.username = ses->user_name;
274 ctx.password = ses->password;
275 ctx.sectype = ses->sectype;
276 ctx.sign = ses->sign;
279 /* XXX: Use ses->server->hostname? */
280 sprintf(unc, unc_fmt, ses->ip_addr);
284 /* Reuse same version as master connection */
285 ctx.vals = ses->server->vals;
286 ctx.ops = ses->server->ops;
288 ctx.noblocksnd = ses->server->noblocksnd;
289 ctx.noautotune = ses->server->noautotune;
290 ctx.sockopt_tcp_nodelay = ses->server->tcp_nodelay;
291 ctx.echo_interval = ses->server->echo_interval / HZ;
292 ctx.max_credits = ses->server->max_credits;
295 * This will be used for encoding/decoding user/domain/pw
296 * during sess setup auth.
298 ctx.local_nls = cifs_sb->local_nls;
300 /* Use RDMA if possible */
301 ctx.rdma = iface->rdma_capable;
302 memcpy(&ctx.dstaddr, &iface->sockaddr, sizeof(struct sockaddr_storage));
304 /* reuse master con client guid */
305 memcpy(&ctx.client_guid, ses->server->client_guid,
306 SMB2_CLIENT_GUID_SIZE);
307 ctx.use_client_guid = true;
309 chan_server = cifs_get_tcp_session(&ctx, ses->server);
311 mutex_lock(&ses->session_mutex);
312 spin_lock(&ses->chan_lock);
313 chan = &ses->chans[ses->chan_count];
314 chan->server = chan_server;
315 if (IS_ERR(chan->server)) {
316 rc = PTR_ERR(chan->server);
318 spin_unlock(&ses->chan_lock);
322 atomic_set(&ses->chan_seq, 0);
324 /* Mark this channel as needing connect/setup */
325 cifs_chan_set_need_reconnect(ses, chan->server);
327 spin_unlock(&ses->chan_lock);
330 * We need to allocate the server crypto now as we will need
331 * to sign packets before we generate the channel signing key
332 * (we sign with the session key)
334 rc = smb311_crypto_shash_allocate(chan->server);
336 cifs_dbg(VFS, "%s: crypto alloc failed\n", __func__);
340 rc = cifs_negotiate_protocol(xid, ses, chan->server);
342 rc = cifs_setup_session(xid, ses, chan->server, cifs_sb->local_nls);
345 if (rc && chan->server) {
346 spin_lock(&ses->chan_lock);
347 /* we rely on all bits beyond chan_count to be clear */
348 cifs_chan_clear_need_reconnect(ses, chan->server);
351 * chan_count should never reach 0 as at least the primary
352 * channel is always allocated
354 WARN_ON(ses->chan_count < 1);
355 spin_unlock(&ses->chan_lock);
358 mutex_unlock(&ses->session_mutex);
360 if (rc && chan->server)
361 cifs_put_tcp_session(chan->server, 0);
366 /* Mark all session channels for reconnect */
367 void cifs_ses_mark_for_reconnect(struct cifs_ses *ses)
371 for (i = 0; i < ses->chan_count; i++) {
372 spin_lock(&cifs_tcp_ses_lock);
373 if (ses->chans[i].server->tcpStatus != CifsExiting)
374 ses->chans[i].server->tcpStatus = CifsNeedReconnect;
375 spin_unlock(&cifs_tcp_ses_lock);
379 static __u32 cifs_ssetup_hdr(struct cifs_ses *ses,
380 struct TCP_Server_Info *server,
381 SESSION_SETUP_ANDX *pSMB)
383 __u32 capabilities = 0;
385 /* init fields common to all four types of SessSetup */
386 /* Note that offsets for first seven fields in req struct are same */
387 /* in CIFS Specs so does not matter which of 3 forms of struct */
388 /* that we use in next few lines */
389 /* Note that header is initialized to zero in header_assemble */
390 pSMB->req.AndXCommand = 0xFF;
391 pSMB->req.MaxBufferSize = cpu_to_le16(min_t(u32,
392 CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4,
394 pSMB->req.MaxMpxCount = cpu_to_le16(server->maxReq);
395 pSMB->req.VcNumber = cpu_to_le16(1);
397 /* Now no need to set SMBFLG_CASELESS or obsolete CANONICAL PATH */
399 /* BB verify whether signing required on neg or just on auth frame
402 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
403 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
406 pSMB->req.hdr.Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
408 if (ses->capabilities & CAP_UNICODE) {
409 pSMB->req.hdr.Flags2 |= SMBFLG2_UNICODE;
410 capabilities |= CAP_UNICODE;
412 if (ses->capabilities & CAP_STATUS32) {
413 pSMB->req.hdr.Flags2 |= SMBFLG2_ERR_STATUS;
414 capabilities |= CAP_STATUS32;
416 if (ses->capabilities & CAP_DFS) {
417 pSMB->req.hdr.Flags2 |= SMBFLG2_DFS;
418 capabilities |= CAP_DFS;
420 if (ses->capabilities & CAP_UNIX)
421 capabilities |= CAP_UNIX;
427 unicode_oslm_strings(char **pbcc_area, const struct nls_table *nls_cp)
429 char *bcc_ptr = *pbcc_area;
432 /* Copy OS version */
433 bytes_ret = cifs_strtoUTF16((__le16 *)bcc_ptr, "Linux version ", 32,
435 bcc_ptr += 2 * bytes_ret;
436 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, init_utsname()->release,
438 bcc_ptr += 2 * bytes_ret;
439 bcc_ptr += 2; /* trailing null */
441 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
443 bcc_ptr += 2 * bytes_ret;
444 bcc_ptr += 2; /* trailing null */
446 *pbcc_area = bcc_ptr;
449 static void unicode_domain_string(char **pbcc_area, struct cifs_ses *ses,
450 const struct nls_table *nls_cp)
452 char *bcc_ptr = *pbcc_area;
456 if (ses->domainName == NULL) {
457 /* Sending null domain better than using a bogus domain name (as
458 we did briefly in 2.6.18) since server will use its default */
463 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, ses->domainName,
464 CIFS_MAX_DOMAINNAME_LEN, nls_cp);
465 bcc_ptr += 2 * bytes_ret;
466 bcc_ptr += 2; /* account for null terminator */
468 *pbcc_area = bcc_ptr;
472 static void unicode_ssetup_strings(char **pbcc_area, struct cifs_ses *ses,
473 const struct nls_table *nls_cp)
475 char *bcc_ptr = *pbcc_area;
478 /* BB FIXME add check that strings total less
479 than 335 or will need to send them as arrays */
481 /* unicode strings, must be word aligned before the call */
482 /* if ((long) bcc_ptr % 2) {
487 if (ses->user_name == NULL) {
488 /* null user mount */
492 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, ses->user_name,
493 CIFS_MAX_USERNAME_LEN, nls_cp);
495 bcc_ptr += 2 * bytes_ret;
496 bcc_ptr += 2; /* account for null termination */
498 unicode_domain_string(&bcc_ptr, ses, nls_cp);
499 unicode_oslm_strings(&bcc_ptr, nls_cp);
501 *pbcc_area = bcc_ptr;
504 static void ascii_ssetup_strings(char **pbcc_area, struct cifs_ses *ses,
505 const struct nls_table *nls_cp)
507 char *bcc_ptr = *pbcc_area;
511 /* BB what about null user mounts - check that we do this BB */
513 if (ses->user_name != NULL) {
514 len = strscpy(bcc_ptr, ses->user_name, CIFS_MAX_USERNAME_LEN);
515 if (WARN_ON_ONCE(len < 0))
516 len = CIFS_MAX_USERNAME_LEN - 1;
519 /* else null user mount */
521 bcc_ptr++; /* account for null termination */
524 if (ses->domainName != NULL) {
525 len = strscpy(bcc_ptr, ses->domainName, CIFS_MAX_DOMAINNAME_LEN);
526 if (WARN_ON_ONCE(len < 0))
527 len = CIFS_MAX_DOMAINNAME_LEN - 1;
529 } /* else we will send a null domain name
530 so the server will default to its own domain */
534 /* BB check for overflow here */
536 strcpy(bcc_ptr, "Linux version ");
537 bcc_ptr += strlen("Linux version ");
538 strcpy(bcc_ptr, init_utsname()->release);
539 bcc_ptr += strlen(init_utsname()->release) + 1;
541 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
542 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
544 *pbcc_area = bcc_ptr;
548 decode_unicode_ssetup(char **pbcc_area, int bleft, struct cifs_ses *ses,
549 const struct nls_table *nls_cp)
552 char *data = *pbcc_area;
554 cifs_dbg(FYI, "bleft %d\n", bleft);
556 kfree(ses->serverOS);
557 ses->serverOS = cifs_strndup_from_utf16(data, bleft, true, nls_cp);
558 cifs_dbg(FYI, "serverOS=%s\n", ses->serverOS);
559 len = (UniStrnlen((wchar_t *) data, bleft / 2) * 2) + 2;
565 kfree(ses->serverNOS);
566 ses->serverNOS = cifs_strndup_from_utf16(data, bleft, true, nls_cp);
567 cifs_dbg(FYI, "serverNOS=%s\n", ses->serverNOS);
568 len = (UniStrnlen((wchar_t *) data, bleft / 2) * 2) + 2;
574 kfree(ses->serverDomain);
575 ses->serverDomain = cifs_strndup_from_utf16(data, bleft, true, nls_cp);
576 cifs_dbg(FYI, "serverDomain=%s\n", ses->serverDomain);
581 static void decode_ascii_ssetup(char **pbcc_area, __u16 bleft,
582 struct cifs_ses *ses,
583 const struct nls_table *nls_cp)
586 char *bcc_ptr = *pbcc_area;
588 cifs_dbg(FYI, "decode sessetup ascii. bleft %d\n", bleft);
590 len = strnlen(bcc_ptr, bleft);
594 kfree(ses->serverOS);
596 ses->serverOS = kmalloc(len + 1, GFP_KERNEL);
598 memcpy(ses->serverOS, bcc_ptr, len);
599 ses->serverOS[len] = 0;
600 if (strncmp(ses->serverOS, "OS/2", 4) == 0)
601 cifs_dbg(FYI, "OS/2 server\n");
607 len = strnlen(bcc_ptr, bleft);
611 kfree(ses->serverNOS);
613 ses->serverNOS = kmalloc(len + 1, GFP_KERNEL);
614 if (ses->serverNOS) {
615 memcpy(ses->serverNOS, bcc_ptr, len);
616 ses->serverNOS[len] = 0;
622 len = strnlen(bcc_ptr, bleft);
626 /* No domain field in LANMAN case. Domain is
627 returned by old servers in the SMB negprot response */
628 /* BB For newer servers which do not support Unicode,
629 but thus do return domain here we could add parsing
630 for it later, but it is not very important */
631 cifs_dbg(FYI, "ascii: bytes left %d\n", bleft);
634 int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len,
635 struct cifs_ses *ses)
637 unsigned int tioffset; /* challenge message target info area */
638 unsigned int tilen; /* challenge message target info area length */
639 CHALLENGE_MESSAGE *pblob = (CHALLENGE_MESSAGE *)bcc_ptr;
642 if (blob_len < sizeof(CHALLENGE_MESSAGE)) {
643 cifs_dbg(VFS, "challenge blob len %d too small\n", blob_len);
647 if (memcmp(pblob->Signature, "NTLMSSP", 8)) {
648 cifs_dbg(VFS, "blob signature incorrect %s\n",
652 if (pblob->MessageType != NtLmChallenge) {
653 cifs_dbg(VFS, "Incorrect message type %d\n",
658 server_flags = le32_to_cpu(pblob->NegotiateFlags);
659 cifs_dbg(FYI, "%s: negotiate=0x%08x challenge=0x%08x\n", __func__,
660 ses->ntlmssp->client_flags, server_flags);
662 if ((ses->ntlmssp->client_flags & (NTLMSSP_NEGOTIATE_SEAL | NTLMSSP_NEGOTIATE_SIGN)) &&
663 (!(server_flags & NTLMSSP_NEGOTIATE_56) && !(server_flags & NTLMSSP_NEGOTIATE_128))) {
664 cifs_dbg(VFS, "%s: requested signing/encryption but server did not return either 56-bit or 128-bit session key size\n",
668 if (!(server_flags & NTLMSSP_NEGOTIATE_NTLM) && !(server_flags & NTLMSSP_NEGOTIATE_EXTENDED_SEC)) {
669 cifs_dbg(VFS, "%s: server does not seem to support either NTLMv1 or NTLMv2\n", __func__);
672 if (ses->server->sign && !(server_flags & NTLMSSP_NEGOTIATE_SIGN)) {
673 cifs_dbg(VFS, "%s: forced packet signing but server does not seem to support it\n",
677 if ((ses->ntlmssp->client_flags & NTLMSSP_NEGOTIATE_KEY_XCH) &&
678 !(server_flags & NTLMSSP_NEGOTIATE_KEY_XCH))
679 pr_warn_once("%s: authentication has been weakened as server does not support key exchange\n",
682 ses->ntlmssp->server_flags = server_flags;
684 memcpy(ses->ntlmssp->cryptkey, pblob->Challenge, CIFS_CRYPTO_KEY_SIZE);
685 /* In particular we can examine sign flags */
686 /* BB spec says that if AvId field of MsvAvTimestamp is populated then
687 we must set the MIC field of the AUTHENTICATE_MESSAGE */
689 tioffset = le32_to_cpu(pblob->TargetInfoArray.BufferOffset);
690 tilen = le16_to_cpu(pblob->TargetInfoArray.Length);
691 if (tioffset > blob_len || tioffset + tilen > blob_len) {
692 cifs_dbg(VFS, "tioffset + tilen too high %u + %u\n",
697 ses->auth_key.response = kmemdup(bcc_ptr + tioffset, tilen,
699 if (!ses->auth_key.response) {
700 cifs_dbg(VFS, "Challenge target info alloc failure\n");
703 ses->auth_key.len = tilen;
709 static int size_of_ntlmssp_blob(struct cifs_ses *ses, int base_size)
711 int sz = base_size + ses->auth_key.len
712 - CIFS_SESS_KEY_SIZE + CIFS_CPHTXT_SIZE + 2;
715 sz += sizeof(__le16) * strnlen(ses->domainName, CIFS_MAX_DOMAINNAME_LEN);
717 sz += sizeof(__le16);
720 sz += sizeof(__le16) * strnlen(ses->user_name, CIFS_MAX_USERNAME_LEN);
722 sz += sizeof(__le16);
724 sz += sizeof(__le16) * strnlen(ses->workstation_name, CIFS_MAX_WORKSTATION_LEN);
729 static inline void cifs_security_buffer_from_str(SECURITY_BUFFER *pbuf,
732 unsigned char *pstart,
733 unsigned char **pcur,
734 const struct nls_table *nls_cp)
736 unsigned char *tmp = pstart;
746 pbuf->BufferOffset = cpu_to_le32(*pcur - pstart);
748 pbuf->MaximumLength = 0;
749 *pcur += sizeof(__le16);
751 len = cifs_strtoUTF16((__le16 *)*pcur,
755 len *= sizeof(__le16);
756 pbuf->BufferOffset = cpu_to_le32(*pcur - pstart);
757 pbuf->Length = cpu_to_le16(len);
758 pbuf->MaximumLength = cpu_to_le16(len);
763 /* BB Move to ntlmssp.c eventually */
765 int build_ntlmssp_negotiate_blob(unsigned char **pbuffer,
767 struct cifs_ses *ses,
768 struct TCP_Server_Info *server,
769 const struct nls_table *nls_cp)
772 NEGOTIATE_MESSAGE *sec_blob;
777 len = size_of_ntlmssp_blob(ses, sizeof(NEGOTIATE_MESSAGE));
778 *pbuffer = kmalloc(len, GFP_KERNEL);
781 cifs_dbg(VFS, "Error %d during NTLMSSP allocation\n", rc);
783 goto setup_ntlm_neg_ret;
785 sec_blob = (NEGOTIATE_MESSAGE *)*pbuffer;
787 memset(*pbuffer, 0, sizeof(NEGOTIATE_MESSAGE));
788 memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8);
789 sec_blob->MessageType = NtLmNegotiate;
791 /* BB is NTLMV2 session security format easier to use here? */
792 flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET |
793 NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
794 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC |
795 NTLMSSP_NEGOTIATE_ALWAYS_SIGN | NTLMSSP_NEGOTIATE_SEAL |
796 NTLMSSP_NEGOTIATE_SIGN;
797 if (!server->session_estab || ses->ntlmssp->sesskey_per_smbsess)
798 flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
800 tmp = *pbuffer + sizeof(NEGOTIATE_MESSAGE);
801 ses->ntlmssp->client_flags = flags;
802 sec_blob->NegotiateFlags = cpu_to_le32(flags);
804 /* these fields should be null in negotiate phase MS-NLMP 3.1.5.1.1 */
805 cifs_security_buffer_from_str(&sec_blob->DomainName,
807 CIFS_MAX_DOMAINNAME_LEN,
811 cifs_security_buffer_from_str(&sec_blob->WorkstationName,
813 CIFS_MAX_WORKSTATION_LEN,
817 *buflen = tmp - *pbuffer;
822 int build_ntlmssp_auth_blob(unsigned char **pbuffer,
824 struct cifs_ses *ses,
825 struct TCP_Server_Info *server,
826 const struct nls_table *nls_cp)
829 AUTHENTICATE_MESSAGE *sec_blob;
834 rc = setup_ntlmv2_rsp(ses, nls_cp);
836 cifs_dbg(VFS, "Error %d during NTLMSSP authentication\n", rc);
838 goto setup_ntlmv2_ret;
841 len = size_of_ntlmssp_blob(ses, sizeof(AUTHENTICATE_MESSAGE));
842 *pbuffer = kmalloc(len, GFP_KERNEL);
845 cifs_dbg(VFS, "Error %d during NTLMSSP allocation\n", rc);
847 goto setup_ntlmv2_ret;
849 sec_blob = (AUTHENTICATE_MESSAGE *)*pbuffer;
851 memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8);
852 sec_blob->MessageType = NtLmAuthenticate;
854 flags = ses->ntlmssp->server_flags | NTLMSSP_REQUEST_TARGET |
855 NTLMSSP_NEGOTIATE_TARGET_INFO | NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED;
857 tmp = *pbuffer + sizeof(AUTHENTICATE_MESSAGE);
858 sec_blob->NegotiateFlags = cpu_to_le32(flags);
860 sec_blob->LmChallengeResponse.BufferOffset =
861 cpu_to_le32(sizeof(AUTHENTICATE_MESSAGE));
862 sec_blob->LmChallengeResponse.Length = 0;
863 sec_blob->LmChallengeResponse.MaximumLength = 0;
865 sec_blob->NtChallengeResponse.BufferOffset =
866 cpu_to_le32(tmp - *pbuffer);
867 if (ses->user_name != NULL) {
868 memcpy(tmp, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
869 ses->auth_key.len - CIFS_SESS_KEY_SIZE);
870 tmp += ses->auth_key.len - CIFS_SESS_KEY_SIZE;
872 sec_blob->NtChallengeResponse.Length =
873 cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
874 sec_blob->NtChallengeResponse.MaximumLength =
875 cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
878 * don't send an NT Response for anonymous access
880 sec_blob->NtChallengeResponse.Length = 0;
881 sec_blob->NtChallengeResponse.MaximumLength = 0;
884 cifs_security_buffer_from_str(&sec_blob->DomainName,
886 CIFS_MAX_DOMAINNAME_LEN,
890 cifs_security_buffer_from_str(&sec_blob->UserName,
892 CIFS_MAX_USERNAME_LEN,
896 cifs_security_buffer_from_str(&sec_blob->WorkstationName,
897 ses->workstation_name,
898 CIFS_MAX_WORKSTATION_LEN,
902 if ((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) &&
903 (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess) &&
905 memcpy(tmp, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE);
906 sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - *pbuffer);
907 sec_blob->SessionKey.Length = cpu_to_le16(CIFS_CPHTXT_SIZE);
908 sec_blob->SessionKey.MaximumLength =
909 cpu_to_le16(CIFS_CPHTXT_SIZE);
910 tmp += CIFS_CPHTXT_SIZE;
912 sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - *pbuffer);
913 sec_blob->SessionKey.Length = 0;
914 sec_blob->SessionKey.MaximumLength = 0;
917 *buflen = tmp - *pbuffer;
923 cifs_select_sectype(struct TCP_Server_Info *server, enum securityEnum requested)
925 switch (server->negflavor) {
926 case CIFS_NEGFLAVOR_EXTENDED:
932 if (server->sec_ntlmssp &&
933 (global_secflags & CIFSSEC_MAY_NTLMSSP))
935 if ((server->sec_kerberos || server->sec_mskerberos) &&
936 (global_secflags & CIFSSEC_MAY_KRB5))
942 case CIFS_NEGFLAVOR_UNENCAP:
947 if (global_secflags & CIFSSEC_MAY_NTLMV2)
961 struct cifs_ses *ses;
962 struct TCP_Server_Info *server;
963 struct nls_table *nls_cp;
964 void (*func)(struct sess_data *);
967 /* we will send the SMB in three pieces:
968 * a fixed length beginning part, an optional
969 * SPNEGO blob (which can be zero length), and a
970 * last part which will include the strings
971 * and rest of bcc area. This allows us to avoid
972 * a large buffer 17K allocation
979 sess_alloc_buffer(struct sess_data *sess_data, int wct)
982 struct cifs_ses *ses = sess_data->ses;
983 struct smb_hdr *smb_buf;
985 rc = small_smb_init_no_tc(SMB_COM_SESSION_SETUP_ANDX, wct, ses,
991 sess_data->iov[0].iov_base = (char *)smb_buf;
992 sess_data->iov[0].iov_len = be32_to_cpu(smb_buf->smb_buf_length) + 4;
994 * This variable will be used to clear the buffer
995 * allocated above in case of any error in the calling function.
997 sess_data->buf0_type = CIFS_SMALL_BUFFER;
999 /* 2000 big enough to fit max user, domain, NOS name etc. */
1000 sess_data->iov[2].iov_base = kmalloc(2000, GFP_KERNEL);
1001 if (!sess_data->iov[2].iov_base) {
1003 goto out_free_smb_buf;
1009 cifs_small_buf_release(smb_buf);
1010 sess_data->iov[0].iov_base = NULL;
1011 sess_data->iov[0].iov_len = 0;
1012 sess_data->buf0_type = CIFS_NO_BUFFER;
1017 sess_free_buffer(struct sess_data *sess_data)
1020 free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
1021 sess_data->buf0_type = CIFS_NO_BUFFER;
1022 kfree(sess_data->iov[2].iov_base);
1026 sess_establish_session(struct sess_data *sess_data)
1028 struct cifs_ses *ses = sess_data->ses;
1029 struct TCP_Server_Info *server = sess_data->server;
1031 mutex_lock(&server->srv_mutex);
1032 if (!server->session_estab) {
1034 server->session_key.response =
1035 kmemdup(ses->auth_key.response,
1036 ses->auth_key.len, GFP_KERNEL);
1037 if (!server->session_key.response) {
1038 mutex_unlock(&server->srv_mutex);
1041 server->session_key.len =
1044 server->sequence_number = 0x2;
1045 server->session_estab = true;
1047 mutex_unlock(&server->srv_mutex);
1049 cifs_dbg(FYI, "CIFS session established successfully\n");
1050 spin_lock(&ses->chan_lock);
1051 cifs_chan_clear_need_reconnect(ses, server);
1052 spin_unlock(&ses->chan_lock);
1054 /* Even if one channel is active, session is in good state */
1055 spin_lock(&cifs_tcp_ses_lock);
1056 ses->status = CifsGood;
1057 spin_unlock(&cifs_tcp_ses_lock);
1063 sess_sendreceive(struct sess_data *sess_data)
1066 struct smb_hdr *smb_buf = (struct smb_hdr *) sess_data->iov[0].iov_base;
1068 struct kvec rsp_iov = { NULL, 0 };
1070 count = sess_data->iov[1].iov_len + sess_data->iov[2].iov_len;
1071 be32_add_cpu(&smb_buf->smb_buf_length, count);
1072 put_bcc(count, smb_buf);
1074 rc = SendReceive2(sess_data->xid, sess_data->ses,
1075 sess_data->iov, 3 /* num_iovecs */,
1076 &sess_data->buf0_type,
1077 CIFS_LOG_ERROR, &rsp_iov);
1078 cifs_small_buf_release(sess_data->iov[0].iov_base);
1079 memcpy(&sess_data->iov[0], &rsp_iov, sizeof(struct kvec));
1085 sess_auth_ntlmv2(struct sess_data *sess_data)
1088 struct smb_hdr *smb_buf;
1089 SESSION_SETUP_ANDX *pSMB;
1091 struct cifs_ses *ses = sess_data->ses;
1092 struct TCP_Server_Info *server = sess_data->server;
1094 __u16 bytes_remaining;
1096 /* old style NTLM sessionsetup */
1098 rc = sess_alloc_buffer(sess_data, 13);
1102 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1103 bcc_ptr = sess_data->iov[2].iov_base;
1104 capabilities = cifs_ssetup_hdr(ses, server, pSMB);
1106 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
1108 /* LM2 password would be here if we supported it */
1109 pSMB->req_no_secext.CaseInsensitivePasswordLength = 0;
1111 if (ses->user_name != NULL) {
1112 /* calculate nlmv2 response and session key */
1113 rc = setup_ntlmv2_rsp(ses, sess_data->nls_cp);
1115 cifs_dbg(VFS, "Error %d during NTLMv2 authentication\n", rc);
1119 memcpy(bcc_ptr, ses->auth_key.response + CIFS_SESS_KEY_SIZE,
1120 ses->auth_key.len - CIFS_SESS_KEY_SIZE);
1121 bcc_ptr += ses->auth_key.len - CIFS_SESS_KEY_SIZE;
1123 /* set case sensitive password length after tilen may get
1124 * assigned, tilen is 0 otherwise.
1126 pSMB->req_no_secext.CaseSensitivePasswordLength =
1127 cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE);
1129 pSMB->req_no_secext.CaseSensitivePasswordLength = 0;
1132 if (ses->capabilities & CAP_UNICODE) {
1133 if (sess_data->iov[0].iov_len % 2) {
1137 unicode_ssetup_strings(&bcc_ptr, ses, sess_data->nls_cp);
1139 ascii_ssetup_strings(&bcc_ptr, ses, sess_data->nls_cp);
1143 sess_data->iov[2].iov_len = (long) bcc_ptr -
1144 (long) sess_data->iov[2].iov_base;
1146 rc = sess_sendreceive(sess_data);
1150 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1151 smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base;
1153 if (smb_buf->WordCount != 3) {
1155 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount);
1159 if (le16_to_cpu(pSMB->resp.Action) & GUEST_LOGIN)
1160 cifs_dbg(FYI, "Guest login\n"); /* BB mark SesInfo struct? */
1162 ses->Suid = smb_buf->Uid; /* UID left in wire format (le) */
1163 cifs_dbg(FYI, "UID = %llu\n", ses->Suid);
1165 bytes_remaining = get_bcc(smb_buf);
1166 bcc_ptr = pByteArea(smb_buf);
1168 /* BB check if Unicode and decode strings */
1169 if (bytes_remaining == 0) {
1170 /* no string area to decode, do nothing */
1171 } else if (smb_buf->Flags2 & SMBFLG2_UNICODE) {
1172 /* unicode string area must be word-aligned */
1173 if (((unsigned long) bcc_ptr - (unsigned long) smb_buf) % 2) {
1177 decode_unicode_ssetup(&bcc_ptr, bytes_remaining, ses,
1180 decode_ascii_ssetup(&bcc_ptr, bytes_remaining, ses,
1184 rc = sess_establish_session(sess_data);
1186 sess_data->result = rc;
1187 sess_data->func = NULL;
1188 sess_free_buffer(sess_data);
1189 kfree(ses->auth_key.response);
1190 ses->auth_key.response = NULL;
1193 #ifdef CONFIG_CIFS_UPCALL
1195 sess_auth_kerberos(struct sess_data *sess_data)
1198 struct smb_hdr *smb_buf;
1199 SESSION_SETUP_ANDX *pSMB;
1201 struct cifs_ses *ses = sess_data->ses;
1202 struct TCP_Server_Info *server = sess_data->server;
1204 __u16 bytes_remaining;
1205 struct key *spnego_key = NULL;
1206 struct cifs_spnego_msg *msg;
1209 /* extended security */
1211 rc = sess_alloc_buffer(sess_data, 12);
1215 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1216 bcc_ptr = sess_data->iov[2].iov_base;
1217 capabilities = cifs_ssetup_hdr(ses, server, pSMB);
1219 spnego_key = cifs_get_spnego_key(ses, server);
1220 if (IS_ERR(spnego_key)) {
1221 rc = PTR_ERR(spnego_key);
1226 msg = spnego_key->payload.data[0];
1228 * check version field to make sure that cifs.upcall is
1229 * sending us a response in an expected form
1231 if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) {
1232 cifs_dbg(VFS, "incorrect version of cifs.upcall (expected %d but got %d)\n",
1233 CIFS_SPNEGO_UPCALL_VERSION, msg->version);
1235 goto out_put_spnego_key;
1238 ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len,
1240 if (!ses->auth_key.response) {
1241 cifs_dbg(VFS, "Kerberos can't allocate (%u bytes) memory\n",
1244 goto out_put_spnego_key;
1246 ses->auth_key.len = msg->sesskey_len;
1248 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
1249 capabilities |= CAP_EXTENDED_SECURITY;
1250 pSMB->req.Capabilities = cpu_to_le32(capabilities);
1251 sess_data->iov[1].iov_base = msg->data + msg->sesskey_len;
1252 sess_data->iov[1].iov_len = msg->secblob_len;
1253 pSMB->req.SecurityBlobLength = cpu_to_le16(sess_data->iov[1].iov_len);
1255 if (ses->capabilities & CAP_UNICODE) {
1256 /* unicode strings must be word aligned */
1257 if ((sess_data->iov[0].iov_len
1258 + sess_data->iov[1].iov_len) % 2) {
1262 unicode_oslm_strings(&bcc_ptr, sess_data->nls_cp);
1263 unicode_domain_string(&bcc_ptr, ses, sess_data->nls_cp);
1265 /* BB: is this right? */
1266 ascii_ssetup_strings(&bcc_ptr, ses, sess_data->nls_cp);
1269 sess_data->iov[2].iov_len = (long) bcc_ptr -
1270 (long) sess_data->iov[2].iov_base;
1272 rc = sess_sendreceive(sess_data);
1274 goto out_put_spnego_key;
1276 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1277 smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base;
1279 if (smb_buf->WordCount != 4) {
1281 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount);
1282 goto out_put_spnego_key;
1285 if (le16_to_cpu(pSMB->resp.Action) & GUEST_LOGIN)
1286 cifs_dbg(FYI, "Guest login\n"); /* BB mark SesInfo struct? */
1288 ses->Suid = smb_buf->Uid; /* UID left in wire format (le) */
1289 cifs_dbg(FYI, "UID = %llu\n", ses->Suid);
1291 bytes_remaining = get_bcc(smb_buf);
1292 bcc_ptr = pByteArea(smb_buf);
1294 blob_len = le16_to_cpu(pSMB->resp.SecurityBlobLength);
1295 if (blob_len > bytes_remaining) {
1296 cifs_dbg(VFS, "bad security blob length %d\n",
1299 goto out_put_spnego_key;
1301 bcc_ptr += blob_len;
1302 bytes_remaining -= blob_len;
1304 /* BB check if Unicode and decode strings */
1305 if (bytes_remaining == 0) {
1306 /* no string area to decode, do nothing */
1307 } else if (smb_buf->Flags2 & SMBFLG2_UNICODE) {
1308 /* unicode string area must be word-aligned */
1309 if (((unsigned long) bcc_ptr - (unsigned long) smb_buf) % 2) {
1313 decode_unicode_ssetup(&bcc_ptr, bytes_remaining, ses,
1316 decode_ascii_ssetup(&bcc_ptr, bytes_remaining, ses,
1320 rc = sess_establish_session(sess_data);
1322 key_invalidate(spnego_key);
1323 key_put(spnego_key);
1325 sess_data->result = rc;
1326 sess_data->func = NULL;
1327 sess_free_buffer(sess_data);
1328 kfree(ses->auth_key.response);
1329 ses->auth_key.response = NULL;
1332 #endif /* ! CONFIG_CIFS_UPCALL */
1335 * The required kvec buffers have to be allocated before calling this
1339 _sess_auth_rawntlmssp_assemble_req(struct sess_data *sess_data)
1341 SESSION_SETUP_ANDX *pSMB;
1342 struct cifs_ses *ses = sess_data->ses;
1343 struct TCP_Server_Info *server = sess_data->server;
1347 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1349 capabilities = cifs_ssetup_hdr(ses, server, pSMB);
1350 if ((pSMB->req.hdr.Flags2 & SMBFLG2_UNICODE) == 0) {
1351 cifs_dbg(VFS, "NTLMSSP requires Unicode support\n");
1355 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
1356 capabilities |= CAP_EXTENDED_SECURITY;
1357 pSMB->req.Capabilities |= cpu_to_le32(capabilities);
1359 bcc_ptr = sess_data->iov[2].iov_base;
1360 /* unicode strings must be word aligned */
1361 if ((sess_data->iov[0].iov_len + sess_data->iov[1].iov_len) % 2) {
1365 unicode_oslm_strings(&bcc_ptr, sess_data->nls_cp);
1367 sess_data->iov[2].iov_len = (long) bcc_ptr -
1368 (long) sess_data->iov[2].iov_base;
1374 sess_auth_rawntlmssp_authenticate(struct sess_data *sess_data);
1377 sess_auth_rawntlmssp_negotiate(struct sess_data *sess_data)
1380 struct smb_hdr *smb_buf;
1381 SESSION_SETUP_ANDX *pSMB;
1382 struct cifs_ses *ses = sess_data->ses;
1383 struct TCP_Server_Info *server = sess_data->server;
1384 __u16 bytes_remaining;
1386 unsigned char *ntlmsspblob = NULL;
1389 cifs_dbg(FYI, "rawntlmssp session setup negotiate phase\n");
1392 * if memory allocation is successful, caller of this function
1395 ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL);
1396 if (!ses->ntlmssp) {
1400 ses->ntlmssp->sesskey_per_smbsess = false;
1403 rc = sess_alloc_buffer(sess_data, 12);
1407 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1409 /* Build security blob before we assemble the request */
1410 rc = build_ntlmssp_negotiate_blob(&ntlmsspblob,
1411 &blob_len, ses, server,
1416 sess_data->iov[1].iov_len = blob_len;
1417 sess_data->iov[1].iov_base = ntlmsspblob;
1418 pSMB->req.SecurityBlobLength = cpu_to_le16(blob_len);
1420 rc = _sess_auth_rawntlmssp_assemble_req(sess_data);
1424 rc = sess_sendreceive(sess_data);
1426 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1427 smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base;
1429 /* If true, rc here is expected and not an error */
1430 if (sess_data->buf0_type != CIFS_NO_BUFFER &&
1431 smb_buf->Status.CifsError ==
1432 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
1438 cifs_dbg(FYI, "rawntlmssp session setup challenge phase\n");
1440 if (smb_buf->WordCount != 4) {
1442 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount);
1446 ses->Suid = smb_buf->Uid; /* UID left in wire format (le) */
1447 cifs_dbg(FYI, "UID = %llu\n", ses->Suid);
1449 bytes_remaining = get_bcc(smb_buf);
1450 bcc_ptr = pByteArea(smb_buf);
1452 blob_len = le16_to_cpu(pSMB->resp.SecurityBlobLength);
1453 if (blob_len > bytes_remaining) {
1454 cifs_dbg(VFS, "bad security blob length %d\n",
1460 rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
1462 sess_free_buffer(sess_data);
1465 sess_data->func = sess_auth_rawntlmssp_authenticate;
1469 /* Else error. Cleanup */
1470 kfree(ses->auth_key.response);
1471 ses->auth_key.response = NULL;
1472 kfree(ses->ntlmssp);
1473 ses->ntlmssp = NULL;
1475 sess_data->func = NULL;
1476 sess_data->result = rc;
1480 sess_auth_rawntlmssp_authenticate(struct sess_data *sess_data)
1483 struct smb_hdr *smb_buf;
1484 SESSION_SETUP_ANDX *pSMB;
1485 struct cifs_ses *ses = sess_data->ses;
1486 struct TCP_Server_Info *server = sess_data->server;
1487 __u16 bytes_remaining;
1489 unsigned char *ntlmsspblob = NULL;
1492 cifs_dbg(FYI, "rawntlmssp session setup authenticate phase\n");
1495 rc = sess_alloc_buffer(sess_data, 12);
1499 /* Build security blob before we assemble the request */
1500 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1501 smb_buf = (struct smb_hdr *)pSMB;
1502 rc = build_ntlmssp_auth_blob(&ntlmsspblob,
1503 &blob_len, ses, server,
1506 goto out_free_ntlmsspblob;
1507 sess_data->iov[1].iov_len = blob_len;
1508 sess_data->iov[1].iov_base = ntlmsspblob;
1509 pSMB->req.SecurityBlobLength = cpu_to_le16(blob_len);
1511 * Make sure that we tell the server that we are using
1512 * the uid that it just gave us back on the response
1515 smb_buf->Uid = ses->Suid;
1517 rc = _sess_auth_rawntlmssp_assemble_req(sess_data);
1519 goto out_free_ntlmsspblob;
1521 rc = sess_sendreceive(sess_data);
1523 goto out_free_ntlmsspblob;
1525 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base;
1526 smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base;
1527 if (smb_buf->WordCount != 4) {
1529 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount);
1530 goto out_free_ntlmsspblob;
1533 if (le16_to_cpu(pSMB->resp.Action) & GUEST_LOGIN)
1534 cifs_dbg(FYI, "Guest login\n"); /* BB mark SesInfo struct? */
1536 if (ses->Suid != smb_buf->Uid) {
1537 ses->Suid = smb_buf->Uid;
1538 cifs_dbg(FYI, "UID changed! new UID = %llu\n", ses->Suid);
1541 bytes_remaining = get_bcc(smb_buf);
1542 bcc_ptr = pByteArea(smb_buf);
1543 blob_len = le16_to_cpu(pSMB->resp.SecurityBlobLength);
1544 if (blob_len > bytes_remaining) {
1545 cifs_dbg(VFS, "bad security blob length %d\n",
1548 goto out_free_ntlmsspblob;
1550 bcc_ptr += blob_len;
1551 bytes_remaining -= blob_len;
1554 /* BB check if Unicode and decode strings */
1555 if (bytes_remaining == 0) {
1556 /* no string area to decode, do nothing */
1557 } else if (smb_buf->Flags2 & SMBFLG2_UNICODE) {
1558 /* unicode string area must be word-aligned */
1559 if (((unsigned long) bcc_ptr - (unsigned long) smb_buf) % 2) {
1563 decode_unicode_ssetup(&bcc_ptr, bytes_remaining, ses,
1566 decode_ascii_ssetup(&bcc_ptr, bytes_remaining, ses,
1570 out_free_ntlmsspblob:
1573 sess_free_buffer(sess_data);
1576 rc = sess_establish_session(sess_data);
1579 kfree(ses->auth_key.response);
1580 ses->auth_key.response = NULL;
1581 kfree(ses->ntlmssp);
1582 ses->ntlmssp = NULL;
1584 sess_data->func = NULL;
1585 sess_data->result = rc;
1588 static int select_sec(struct sess_data *sess_data)
1591 struct cifs_ses *ses = sess_data->ses;
1592 struct TCP_Server_Info *server = sess_data->server;
1594 type = cifs_select_sectype(server, ses->sectype);
1595 cifs_dbg(FYI, "sess setup type %d\n", type);
1596 if (type == Unspecified) {
1597 cifs_dbg(VFS, "Unable to select appropriate authentication method!\n");
1603 sess_data->func = sess_auth_ntlmv2;
1606 #ifdef CONFIG_CIFS_UPCALL
1607 sess_data->func = sess_auth_kerberos;
1610 cifs_dbg(VFS, "Kerberos negotiated but upcall support disabled!\n");
1612 #endif /* CONFIG_CIFS_UPCALL */
1614 sess_data->func = sess_auth_rawntlmssp_negotiate;
1617 cifs_dbg(VFS, "secType %d not supported!\n", type);
1624 int CIFS_SessSetup(const unsigned int xid, struct cifs_ses *ses,
1625 struct TCP_Server_Info *server,
1626 const struct nls_table *nls_cp)
1629 struct sess_data *sess_data;
1632 WARN(1, "%s: ses == NULL!", __func__);
1636 sess_data = kzalloc(sizeof(struct sess_data), GFP_KERNEL);
1640 sess_data->xid = xid;
1641 sess_data->ses = ses;
1642 sess_data->server = server;
1643 sess_data->buf0_type = CIFS_NO_BUFFER;
1644 sess_data->nls_cp = (struct nls_table *) nls_cp;
1646 rc = select_sec(sess_data);
1650 while (sess_data->func)
1651 sess_data->func(sess_data);
1653 /* Store result before we free sess_data */
1654 rc = sess_data->result;