sync hh.org
[hh.org.git] / fs / cifs / sess.c
blobbbdda99dce610364b71b5218cb061b3dfc577cd9
1 /*
2 * fs/cifs/sess.c
4 * SMB/CIFS session setup handling routines
6 * Copyright (c) International Business Machines Corp., 2006
7 * Author(s): Steve French (sfrench@us.ibm.com)
9 * This library is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Lesser General Public License as published
11 * by the Free Software Foundation; either version 2.1 of the License, or
12 * (at your option) any later version.
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
17 * the GNU Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public License
20 * along with this library; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24 #include "cifspdu.h"
25 #include "cifsglob.h"
26 #include "cifsproto.h"
27 #include "cifs_unicode.h"
28 #include "cifs_debug.h"
29 #include "ntlmssp.h"
30 #include "nterr.h"
31 #include <linux/utsname.h>
33 extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
34 unsigned char *p24);
36 static __u32 cifs_ssetup_hdr(struct cifsSesInfo *ses, SESSION_SETUP_ANDX *pSMB)
38 __u32 capabilities = 0;
40 /* init fields common to all four types of SessSetup */
41 /* note that header is initialized to zero in header_assemble */
42 pSMB->req.AndXCommand = 0xFF;
43 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
44 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
46 /* Now no need to set SMBFLG_CASELESS or obsolete CANONICAL PATH */
48 /* BB verify whether signing required on neg or just on auth frame
49 (and NTLM case) */
51 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
52 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
54 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
55 pSMB->req.hdr.Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
57 if (ses->capabilities & CAP_UNICODE) {
58 pSMB->req.hdr.Flags2 |= SMBFLG2_UNICODE;
59 capabilities |= CAP_UNICODE;
61 if (ses->capabilities & CAP_STATUS32) {
62 pSMB->req.hdr.Flags2 |= SMBFLG2_ERR_STATUS;
63 capabilities |= CAP_STATUS32;
65 if (ses->capabilities & CAP_DFS) {
66 pSMB->req.hdr.Flags2 |= SMBFLG2_DFS;
67 capabilities |= CAP_DFS;
69 if (ses->capabilities & CAP_UNIX) {
70 capabilities |= CAP_UNIX;
73 /* BB check whether to init vcnum BB */
74 return capabilities;
77 static void unicode_ssetup_strings(char ** pbcc_area, struct cifsSesInfo *ses,
78 const struct nls_table * nls_cp)
80 char * bcc_ptr = *pbcc_area;
81 int bytes_ret = 0;
83 /* BB FIXME add check that strings total less
84 than 335 or will need to send them as arrays */
86 /* unicode strings, must be word aligned before the call */
87 /* if ((long) bcc_ptr % 2) {
88 *bcc_ptr = 0;
89 bcc_ptr++;
90 } */
91 /* copy user */
92 if(ses->userName == NULL) {
93 /* null user mount */
94 *bcc_ptr = 0;
95 *(bcc_ptr+1) = 0;
96 } else { /* 300 should be long enough for any conceivable user name */
97 bytes_ret = cifs_strtoUCS((__le16 *) bcc_ptr, ses->userName,
98 300, nls_cp);
100 bcc_ptr += 2 * bytes_ret;
101 bcc_ptr += 2; /* account for null termination */
102 /* copy domain */
103 if(ses->domainName == NULL) {
104 /* Sending null domain better than using a bogus domain name (as
105 we did briefly in 2.6.18) since server will use its default */
106 *bcc_ptr = 0;
107 *(bcc_ptr+1) = 0;
108 bytes_ret = 0;
109 } else
110 bytes_ret = cifs_strtoUCS((__le16 *) bcc_ptr, ses->domainName,
111 256, nls_cp);
112 bcc_ptr += 2 * bytes_ret;
113 bcc_ptr += 2; /* account for null terminator */
115 /* Copy OS version */
116 bytes_ret = cifs_strtoUCS((__le16 *)bcc_ptr, "Linux version ", 32,
117 nls_cp);
118 bcc_ptr += 2 * bytes_ret;
119 bytes_ret = cifs_strtoUCS((__le16 *) bcc_ptr, init_utsname()->release,
120 32, nls_cp);
121 bcc_ptr += 2 * bytes_ret;
122 bcc_ptr += 2; /* trailing null */
124 bytes_ret = cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
125 32, nls_cp);
126 bcc_ptr += 2 * bytes_ret;
127 bcc_ptr += 2; /* trailing null */
129 *pbcc_area = bcc_ptr;
132 static void ascii_ssetup_strings(char ** pbcc_area, struct cifsSesInfo *ses,
133 const struct nls_table * nls_cp)
135 char * bcc_ptr = *pbcc_area;
137 /* copy user */
138 /* BB what about null user mounts - check that we do this BB */
139 /* copy user */
140 if(ses->userName == NULL) {
141 /* BB what about null user mounts - check that we do this BB */
142 } else { /* 300 should be long enough for any conceivable user name */
143 strncpy(bcc_ptr, ses->userName, 300);
145 /* BB improve check for overflow */
146 bcc_ptr += strnlen(ses->userName, 300);
147 *bcc_ptr = 0;
148 bcc_ptr++; /* account for null termination */
150 /* copy domain */
152 if(ses->domainName != NULL) {
153 strncpy(bcc_ptr, ses->domainName, 256);
154 bcc_ptr += strnlen(ses->domainName, 256);
155 } /* else we will send a null domain name
156 so the server will default to its own domain */
157 *bcc_ptr = 0;
158 bcc_ptr++;
160 /* BB check for overflow here */
162 strcpy(bcc_ptr, "Linux version ");
163 bcc_ptr += strlen("Linux version ");
164 strcpy(bcc_ptr, init_utsname()->release);
165 bcc_ptr += strlen(init_utsname()->release) + 1;
167 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
168 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
170 *pbcc_area = bcc_ptr;
173 static int decode_unicode_ssetup(char ** pbcc_area, int bleft, struct cifsSesInfo *ses,
174 const struct nls_table * nls_cp)
176 int rc = 0;
177 int words_left, len;
178 char * data = *pbcc_area;
182 cFYI(1,("bleft %d",bleft));
185 /* word align, if bytes remaining is not even */
186 if(bleft % 2) {
187 bleft--;
188 data++;
190 words_left = bleft / 2;
192 /* save off server operating system */
193 len = UniStrnlen((wchar_t *) data, words_left);
195 /* We look for obvious messed up bcc or strings in response so we do not go off
196 the end since (at least) WIN2K and Windows XP have a major bug in not null
197 terminating last Unicode string in response */
198 if(len >= words_left)
199 return rc;
201 if(ses->serverOS)
202 kfree(ses->serverOS);
203 /* UTF-8 string will not grow more than four times as big as UCS-16 */
204 ses->serverOS = kzalloc(4 * len, GFP_KERNEL);
205 if(ses->serverOS != NULL) {
206 cifs_strfromUCS_le(ses->serverOS, (__le16 *)data, len,
207 nls_cp);
209 data += 2 * (len + 1);
210 words_left -= len + 1;
212 /* save off server network operating system */
213 len = UniStrnlen((wchar_t *) data, words_left);
215 if(len >= words_left)
216 return rc;
218 if(ses->serverNOS)
219 kfree(ses->serverNOS);
220 ses->serverNOS = kzalloc(4 * len, GFP_KERNEL); /* BB this is wrong length FIXME BB */
221 if(ses->serverNOS != NULL) {
222 cifs_strfromUCS_le(ses->serverNOS, (__le16 *)data, len,
223 nls_cp);
224 if(strncmp(ses->serverNOS, "NT LAN Manager 4",16) == 0) {
225 cFYI(1,("NT4 server"));
226 ses->flags |= CIFS_SES_NT4;
229 data += 2 * (len + 1);
230 words_left -= len + 1;
232 /* save off server domain */
233 len = UniStrnlen((wchar_t *) data, words_left);
235 if(len > words_left)
236 return rc;
238 if(ses->serverDomain)
239 kfree(ses->serverDomain);
240 ses->serverDomain = kzalloc(2 * (len + 1), GFP_KERNEL); /* BB FIXME wrong length */
241 if(ses->serverDomain != NULL) {
242 cifs_strfromUCS_le(ses->serverDomain, (__le16 *)data, len,
243 nls_cp);
244 ses->serverDomain[2*len] = 0;
245 ses->serverDomain[(2*len) + 1] = 0;
247 data += 2 * (len + 1);
248 words_left -= len + 1;
250 cFYI(1,("words left: %d",words_left));
252 return rc;
255 static int decode_ascii_ssetup(char ** pbcc_area, int bleft, struct cifsSesInfo *ses,
256 const struct nls_table * nls_cp)
258 int rc = 0;
259 int len;
260 char * bcc_ptr = *pbcc_area;
262 cFYI(1,("decode sessetup ascii. bleft %d", bleft));
264 len = strnlen(bcc_ptr, bleft);
265 if(len >= bleft)
266 return rc;
268 if(ses->serverOS)
269 kfree(ses->serverOS);
271 ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
272 if(ses->serverOS)
273 strncpy(ses->serverOS, bcc_ptr, len);
274 if(strncmp(ses->serverOS, "OS/2",4) == 0) {
275 cFYI(1,("OS/2 server"));
276 ses->flags |= CIFS_SES_OS2;
279 bcc_ptr += len + 1;
280 bleft -= len + 1;
282 len = strnlen(bcc_ptr, bleft);
283 if(len >= bleft)
284 return rc;
286 if(ses->serverNOS)
287 kfree(ses->serverNOS);
289 ses->serverNOS = kzalloc(len + 1, GFP_KERNEL);
290 if(ses->serverNOS)
291 strncpy(ses->serverNOS, bcc_ptr, len);
293 bcc_ptr += len + 1;
294 bleft -= len + 1;
296 len = strnlen(bcc_ptr, bleft);
297 if(len > bleft)
298 return rc;
300 /* No domain field in LANMAN case. Domain is
301 returned by old servers in the SMB negprot response */
302 /* BB For newer servers which do not support Unicode,
303 but thus do return domain here we could add parsing
304 for it later, but it is not very important */
305 cFYI(1,("ascii: bytes left %d",bleft));
307 return rc;
310 int
311 CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
312 const struct nls_table *nls_cp)
314 int rc = 0;
315 int wct;
316 struct smb_hdr *smb_buf;
317 char *bcc_ptr;
318 char *str_area;
319 SESSION_SETUP_ANDX *pSMB;
320 __u32 capabilities;
321 int count;
322 int resp_buf_type = 0;
323 struct kvec iov[2];
324 enum securityEnum type;
325 __u16 action;
326 int bytes_remaining;
328 if(ses == NULL)
329 return -EINVAL;
331 type = ses->server->secType;
333 cFYI(1,("sess setup type %d",type));
334 if(type == LANMAN) {
335 #ifndef CONFIG_CIFS_WEAK_PW_HASH
336 /* LANMAN and plaintext are less secure and off by default.
337 So we make this explicitly be turned on in kconfig (in the
338 build) and turned on at runtime (changed from the default)
339 in proc/fs/cifs or via mount parm. Unfortunately this is
340 needed for old Win (e.g. Win95), some obscure NAS and OS/2 */
341 return -EOPNOTSUPP;
342 #endif
343 wct = 10; /* lanman 2 style sessionsetup */
344 } else if((type == NTLM) || (type == NTLMv2)) {
345 /* For NTLMv2 failures eventually may need to retry NTLM */
346 wct = 13; /* old style NTLM sessionsetup */
347 } else /* same size for negotiate or auth, NTLMSSP or extended security */
348 wct = 12;
350 rc = small_smb_init_no_tc(SMB_COM_SESSION_SETUP_ANDX, wct, ses,
351 (void **)&smb_buf);
352 if(rc)
353 return rc;
355 pSMB = (SESSION_SETUP_ANDX *)smb_buf;
357 capabilities = cifs_ssetup_hdr(ses, pSMB);
359 /* we will send the SMB in two pieces,
360 a fixed length beginning part, and a
361 second part which will include the strings
362 and rest of bcc area, in order to avoid having
363 to do a large buffer 17K allocation */
364 iov[0].iov_base = (char *)pSMB;
365 iov[0].iov_len = smb_buf->smb_buf_length + 4;
367 /* 2000 big enough to fit max user, domain, NOS name etc. */
368 str_area = kmalloc(2000, GFP_KERNEL);
369 bcc_ptr = str_area;
371 ses->flags &= ~CIFS_SES_LANMAN;
373 if(type == LANMAN) {
374 #ifdef CONFIG_CIFS_WEAK_PW_HASH
375 char lnm_session_key[CIFS_SESS_KEY_SIZE];
377 /* no capabilities flags in old lanman negotiation */
379 pSMB->old_req.PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);
380 /* BB calculate hash with password */
381 /* and copy into bcc */
383 calc_lanman_hash(ses, lnm_session_key);
384 ses->flags |= CIFS_SES_LANMAN;
385 /* #ifdef CONFIG_CIFS_DEBUG2
386 cifs_dump_mem("cryptkey: ",ses->server->cryptKey,
387 CIFS_SESS_KEY_SIZE);
388 #endif */
389 memcpy(bcc_ptr, (char *)lnm_session_key, CIFS_SESS_KEY_SIZE);
390 bcc_ptr += CIFS_SESS_KEY_SIZE;
392 /* can not sign if LANMAN negotiated so no need
393 to calculate signing key? but what if server
394 changed to do higher than lanman dialect and
395 we reconnected would we ever calc signing_key? */
397 cFYI(1,("Negotiating LANMAN setting up strings"));
398 /* Unicode not allowed for LANMAN dialects */
399 ascii_ssetup_strings(&bcc_ptr, ses, nls_cp);
400 #endif
401 } else if (type == NTLM) {
402 char ntlm_session_key[CIFS_SESS_KEY_SIZE];
404 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
405 pSMB->req_no_secext.CaseInsensitivePasswordLength =
406 cpu_to_le16(CIFS_SESS_KEY_SIZE);
407 pSMB->req_no_secext.CaseSensitivePasswordLength =
408 cpu_to_le16(CIFS_SESS_KEY_SIZE);
410 /* calculate session key */
411 SMBNTencrypt(ses->password, ses->server->cryptKey,
412 ntlm_session_key);
414 if(first_time) /* should this be moved into common code
415 with similar ntlmv2 path? */
416 cifs_calculate_mac_key(ses->server->mac_signing_key,
417 ntlm_session_key, ses->password);
418 /* copy session key */
420 memcpy(bcc_ptr, (char *)ntlm_session_key,CIFS_SESS_KEY_SIZE);
421 bcc_ptr += CIFS_SESS_KEY_SIZE;
422 memcpy(bcc_ptr, (char *)ntlm_session_key,CIFS_SESS_KEY_SIZE);
423 bcc_ptr += CIFS_SESS_KEY_SIZE;
424 if(ses->capabilities & CAP_UNICODE) {
425 /* unicode strings must be word aligned */
426 if (iov[0].iov_len % 2) {
427 *bcc_ptr = 0;
428 bcc_ptr++;
430 unicode_ssetup_strings(&bcc_ptr, ses, nls_cp);
431 } else
432 ascii_ssetup_strings(&bcc_ptr, ses, nls_cp);
433 } else if (type == NTLMv2) {
434 char * v2_sess_key =
435 kmalloc(sizeof(struct ntlmv2_resp), GFP_KERNEL);
437 /* BB FIXME change all users of v2_sess_key to
438 struct ntlmv2_resp */
440 if(v2_sess_key == NULL) {
441 cifs_small_buf_release(smb_buf);
442 return -ENOMEM;
445 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
447 /* LM2 password would be here if we supported it */
448 pSMB->req_no_secext.CaseInsensitivePasswordLength = 0;
449 /* cpu_to_le16(LM2_SESS_KEY_SIZE); */
451 pSMB->req_no_secext.CaseSensitivePasswordLength =
452 cpu_to_le16(sizeof(struct ntlmv2_resp));
454 /* calculate session key */
455 setup_ntlmv2_rsp(ses, v2_sess_key, nls_cp);
456 if(first_time) /* should this be moved into common code
457 with similar ntlmv2 path? */
458 /* cifs_calculate_ntlmv2_mac_key(ses->server->mac_signing_key,
459 response BB FIXME, v2_sess_key); */
461 /* copy session key */
463 /* memcpy(bcc_ptr, (char *)ntlm_session_key,LM2_SESS_KEY_SIZE);
464 bcc_ptr += LM2_SESS_KEY_SIZE; */
465 memcpy(bcc_ptr, (char *)v2_sess_key, sizeof(struct ntlmv2_resp));
466 bcc_ptr += sizeof(struct ntlmv2_resp);
467 kfree(v2_sess_key);
468 if(ses->capabilities & CAP_UNICODE) {
469 if(iov[0].iov_len % 2) {
470 *bcc_ptr = 0;
471 } bcc_ptr++;
472 unicode_ssetup_strings(&bcc_ptr, ses, nls_cp);
473 } else
474 ascii_ssetup_strings(&bcc_ptr, ses, nls_cp);
475 } else /* NTLMSSP or SPNEGO */ {
476 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
477 capabilities |= CAP_EXTENDED_SECURITY;
478 pSMB->req.Capabilities = cpu_to_le32(capabilities);
479 /* BB set password lengths */
482 count = (long) bcc_ptr - (long) str_area;
483 smb_buf->smb_buf_length += count;
485 BCC_LE(smb_buf) = cpu_to_le16(count);
487 iov[1].iov_base = str_area;
488 iov[1].iov_len = count;
489 rc = SendReceive2(xid, ses, iov, 2 /* num_iovecs */, &resp_buf_type, 0);
490 /* SMB request buf freed in SendReceive2 */
492 cFYI(1,("ssetup rc from sendrecv2 is %d",rc));
493 if(rc)
494 goto ssetup_exit;
496 pSMB = (SESSION_SETUP_ANDX *)iov[0].iov_base;
497 smb_buf = (struct smb_hdr *)iov[0].iov_base;
499 if((smb_buf->WordCount != 3) && (smb_buf->WordCount != 4)) {
500 rc = -EIO;
501 cERROR(1,("bad word count %d", smb_buf->WordCount));
502 goto ssetup_exit;
504 action = le16_to_cpu(pSMB->resp.Action);
505 if (action & GUEST_LOGIN)
506 cFYI(1, ("Guest login")); /* BB mark SesInfo struct? */
507 ses->Suid = smb_buf->Uid; /* UID left in wire format (le) */
508 cFYI(1, ("UID = %d ", ses->Suid));
509 /* response can have either 3 or 4 word count - Samba sends 3 */
510 /* and lanman response is 3 */
511 bytes_remaining = BCC(smb_buf);
512 bcc_ptr = pByteArea(smb_buf);
514 if(smb_buf->WordCount == 4) {
515 __u16 blob_len;
516 blob_len = le16_to_cpu(pSMB->resp.SecurityBlobLength);
517 bcc_ptr += blob_len;
518 if(blob_len > bytes_remaining) {
519 cERROR(1,("bad security blob length %d", blob_len));
520 rc = -EINVAL;
521 goto ssetup_exit;
523 bytes_remaining -= blob_len;
526 /* BB check if Unicode and decode strings */
527 if(smb_buf->Flags2 & SMBFLG2_UNICODE)
528 rc = decode_unicode_ssetup(&bcc_ptr, bytes_remaining,
529 ses, nls_cp);
530 else
531 rc = decode_ascii_ssetup(&bcc_ptr, bytes_remaining, ses,nls_cp);
533 ssetup_exit:
534 kfree(str_area);
535 if(resp_buf_type == CIFS_SMALL_BUFFER) {
536 cFYI(1,("ssetup freeing small buf %p", iov[0].iov_base));
537 cifs_small_buf_release(iov[0].iov_base);
538 } else if(resp_buf_type == CIFS_LARGE_BUFFER)
539 cifs_buf_release(iov[0].iov_base);
541 return rc;