1 // SPDX-License-Identifier: LGPL-2.1 2 /* 3 * 4 * SMB/CIFS session setup handling routines 5 * 6 * Copyright (c) International Business Machines Corp., 2006, 2009 7 * Author(s): Steve French (sfrench@us.ibm.com) 8 * 9 */ 10 11 #include "cifspdu.h" 12 #include "cifsglob.h" 13 #include "cifsproto.h" 14 #include "cifs_unicode.h" 15 #include "cifs_debug.h" 16 #include "ntlmssp.h" 17 #include "nterr.h" 18 #include <linux/utsname.h> 19 #include <linux/slab.h> 20 #include <linux/version.h> 21 #include "cifsfs.h" 22 #include "cifs_spnego.h" 23 #include "smb2proto.h" 24 #include "fs_context.h" 25 26 static int 27 cifs_ses_add_channel(struct cifs_ses *ses, 28 struct cifs_server_iface *iface); 29 30 bool 31 is_server_using_iface(struct TCP_Server_Info *server, 32 struct cifs_server_iface *iface) 33 { 34 struct sockaddr_in *i4 = (struct sockaddr_in *)&iface->sockaddr; 35 struct sockaddr_in6 *i6 = (struct sockaddr_in6 *)&iface->sockaddr; 36 struct sockaddr_in *s4 = (struct sockaddr_in *)&server->dstaddr; 37 struct sockaddr_in6 *s6 = (struct sockaddr_in6 *)&server->dstaddr; 38 39 if (server->dstaddr.ss_family != iface->sockaddr.ss_family) 40 return false; 41 if (server->dstaddr.ss_family == AF_INET) { 42 if (s4->sin_addr.s_addr != i4->sin_addr.s_addr) 43 return false; 44 } else if (server->dstaddr.ss_family == AF_INET6) { 45 if (memcmp(&s6->sin6_addr, &i6->sin6_addr, 46 sizeof(i6->sin6_addr)) != 0) 47 return false; 48 } else { 49 /* unknown family.. */ 50 return false; 51 } 52 return true; 53 } 54 55 bool is_ses_using_iface(struct cifs_ses *ses, struct cifs_server_iface *iface) 56 { 57 int i; 58 59 spin_lock(&ses->chan_lock); 60 for (i = 0; i < ses->chan_count; i++) { 61 if (ses->chans[i].iface == iface) { 62 spin_unlock(&ses->chan_lock); 63 return true; 64 } 65 } 66 spin_unlock(&ses->chan_lock); 67 return false; 68 } 69 70 /* channel helper functions. assumed that chan_lock is held by caller. */ 71 72 unsigned int 73 cifs_ses_get_chan_index(struct cifs_ses *ses, 74 struct TCP_Server_Info *server) 75 { 76 unsigned int i; 77 78 for (i = 0; i < ses->chan_count; i++) { 79 if (ses->chans[i].server == server) 80 return i; 81 } 82 83 /* If we didn't find the channel, it is likely a bug */ 84 if (server) 85 cifs_dbg(VFS, "unable to get chan index for server: 0x%llx", 86 server->conn_id); 87 WARN_ON(1); 88 return 0; 89 } 90 91 void 92 cifs_chan_set_in_reconnect(struct cifs_ses *ses, 93 struct TCP_Server_Info *server) 94 { 95 unsigned int chan_index = cifs_ses_get_chan_index(ses, server); 96 97 ses->chans[chan_index].in_reconnect = true; 98 } 99 100 void 101 cifs_chan_clear_in_reconnect(struct cifs_ses *ses, 102 struct TCP_Server_Info *server) 103 { 104 unsigned int chan_index = cifs_ses_get_chan_index(ses, server); 105 106 ses->chans[chan_index].in_reconnect = false; 107 } 108 109 bool 110 cifs_chan_in_reconnect(struct cifs_ses *ses, 111 struct TCP_Server_Info *server) 112 { 113 unsigned int chan_index = cifs_ses_get_chan_index(ses, server); 114 115 return CIFS_CHAN_IN_RECONNECT(ses, chan_index); 116 } 117 118 void 119 cifs_chan_set_need_reconnect(struct cifs_ses *ses, 120 struct TCP_Server_Info *server) 121 { 122 unsigned int chan_index = cifs_ses_get_chan_index(ses, server); 123 124 set_bit(chan_index, &ses->chans_need_reconnect); 125 cifs_dbg(FYI, "Set reconnect bitmask for chan %u; now 0x%lx\n", 126 chan_index, ses->chans_need_reconnect); 127 } 128 129 void 130 cifs_chan_clear_need_reconnect(struct cifs_ses *ses, 131 struct TCP_Server_Info *server) 132 { 133 unsigned int chan_index = cifs_ses_get_chan_index(ses, server); 134 135 clear_bit(chan_index, &ses->chans_need_reconnect); 136 cifs_dbg(FYI, "Cleared reconnect bitmask for chan %u; now 0x%lx\n", 137 chan_index, ses->chans_need_reconnect); 138 } 139 140 bool 141 cifs_chan_needs_reconnect(struct cifs_ses *ses, 142 struct TCP_Server_Info *server) 143 { 144 unsigned int chan_index = cifs_ses_get_chan_index(ses, server); 145 146 return CIFS_CHAN_NEEDS_RECONNECT(ses, chan_index); 147 } 148 149 bool 150 cifs_chan_is_iface_active(struct cifs_ses *ses, 151 struct TCP_Server_Info *server) 152 { 153 unsigned int chan_index = cifs_ses_get_chan_index(ses, server); 154 155 return ses->chans[chan_index].iface && 156 ses->chans[chan_index].iface->is_active; 157 } 158 159 /* returns number of channels added */ 160 int cifs_try_adding_channels(struct cifs_ses *ses) 161 { 162 struct TCP_Server_Info *server = ses->server; 163 int old_chan_count, new_chan_count; 164 int left; 165 int rc = 0; 166 int tries = 0; 167 struct cifs_server_iface *iface = NULL, *niface = NULL; 168 169 spin_lock(&ses->chan_lock); 170 171 new_chan_count = old_chan_count = ses->chan_count; 172 left = ses->chan_max - ses->chan_count; 173 174 if (left <= 0) { 175 spin_unlock(&ses->chan_lock); 176 cifs_dbg(FYI, 177 "ses already at max_channels (%zu), nothing to open\n", 178 ses->chan_max); 179 return 0; 180 } 181 182 if (server->dialect < SMB30_PROT_ID) { 183 spin_unlock(&ses->chan_lock); 184 cifs_dbg(VFS, "multichannel is not supported on this protocol version, use 3.0 or above\n"); 185 return 0; 186 } 187 188 if (!(server->capabilities & SMB2_GLOBAL_CAP_MULTI_CHANNEL)) { 189 spin_unlock(&ses->chan_lock); 190 cifs_server_dbg(VFS, "no multichannel support\n"); 191 return 0; 192 } 193 spin_unlock(&ses->chan_lock); 194 195 /* 196 * Keep connecting to same, fastest, iface for all channels as 197 * long as its RSS. Try next fastest one if not RSS or channel 198 * creation fails. 199 */ 200 spin_lock(&ses->iface_lock); 201 iface = list_first_entry(&ses->iface_list, struct cifs_server_iface, 202 iface_head); 203 spin_unlock(&ses->iface_lock); 204 205 while (left > 0) { 206 207 tries++; 208 if (tries > 3*ses->chan_max) { 209 cifs_dbg(FYI, "too many channel open attempts (%d channels left to open)\n", 210 left); 211 break; 212 } 213 214 spin_lock(&ses->iface_lock); 215 if (!ses->iface_count) { 216 spin_unlock(&ses->iface_lock); 217 break; 218 } 219 220 list_for_each_entry_safe_from(iface, niface, &ses->iface_list, 221 iface_head) { 222 /* skip ifaces that are unusable */ 223 if (!iface->is_active || 224 (is_ses_using_iface(ses, iface) && 225 !iface->rss_capable)) { 226 continue; 227 } 228 229 /* take ref before unlock */ 230 kref_get(&iface->refcount); 231 232 spin_unlock(&ses->iface_lock); 233 rc = cifs_ses_add_channel(ses, iface); 234 spin_lock(&ses->iface_lock); 235 236 if (rc) { 237 cifs_dbg(VFS, "failed to open extra channel on iface:%pIS rc=%d\n", 238 &iface->sockaddr, 239 rc); 240 kref_put(&iface->refcount, release_iface); 241 continue; 242 } 243 244 cifs_dbg(FYI, "successfully opened new channel on iface:%pIS\n", 245 &iface->sockaddr); 246 break; 247 } 248 spin_unlock(&ses->iface_lock); 249 250 left--; 251 new_chan_count++; 252 } 253 254 return new_chan_count - old_chan_count; 255 } 256 257 /* 258 * update the iface for the channel if necessary. 259 * will return 0 when iface is updated, 1 if removed, 2 otherwise 260 * Must be called with chan_lock held. 261 */ 262 int 263 cifs_chan_update_iface(struct cifs_ses *ses, struct TCP_Server_Info *server) 264 { 265 unsigned int chan_index; 266 struct cifs_server_iface *iface = NULL; 267 struct cifs_server_iface *old_iface = NULL; 268 int rc = 0; 269 270 spin_lock(&ses->chan_lock); 271 chan_index = cifs_ses_get_chan_index(ses, server); 272 if (!chan_index) { 273 spin_unlock(&ses->chan_lock); 274 return 0; 275 } 276 277 if (ses->chans[chan_index].iface) { 278 old_iface = ses->chans[chan_index].iface; 279 if (old_iface->is_active) { 280 spin_unlock(&ses->chan_lock); 281 return 1; 282 } 283 } 284 spin_unlock(&ses->chan_lock); 285 286 spin_lock(&ses->iface_lock); 287 /* then look for a new one */ 288 list_for_each_entry(iface, &ses->iface_list, iface_head) { 289 if (!iface->is_active || 290 (is_ses_using_iface(ses, iface) && 291 !iface->rss_capable)) { 292 continue; 293 } 294 kref_get(&iface->refcount); 295 break; 296 } 297 298 if (list_entry_is_head(iface, &ses->iface_list, iface_head)) { 299 rc = 1; 300 iface = NULL; 301 cifs_dbg(FYI, "unable to find a suitable iface\n"); 302 } 303 304 /* now drop the ref to the current iface */ 305 if (old_iface && iface) { 306 cifs_dbg(FYI, "replacing iface: %pIS with %pIS\n", 307 &old_iface->sockaddr, 308 &iface->sockaddr); 309 kref_put(&old_iface->refcount, release_iface); 310 } else if (old_iface) { 311 cifs_dbg(FYI, "releasing ref to iface: %pIS\n", 312 &old_iface->sockaddr); 313 kref_put(&old_iface->refcount, release_iface); 314 } else { 315 WARN_ON(!iface); 316 cifs_dbg(FYI, "adding new iface: %pIS\n", &iface->sockaddr); 317 } 318 spin_unlock(&ses->iface_lock); 319 320 spin_lock(&ses->chan_lock); 321 chan_index = cifs_ses_get_chan_index(ses, server); 322 ses->chans[chan_index].iface = iface; 323 324 /* No iface is found. if secondary chan, drop connection */ 325 if (!iface && SERVER_IS_CHAN(server)) 326 ses->chans[chan_index].server = NULL; 327 328 spin_unlock(&ses->chan_lock); 329 330 if (!iface && SERVER_IS_CHAN(server)) 331 cifs_put_tcp_session(server, false); 332 333 return rc; 334 } 335 336 /* 337 * If server is a channel of ses, return the corresponding enclosing 338 * cifs_chan otherwise return NULL. 339 */ 340 struct cifs_chan * 341 cifs_ses_find_chan(struct cifs_ses *ses, struct TCP_Server_Info *server) 342 { 343 int i; 344 345 spin_lock(&ses->chan_lock); 346 for (i = 0; i < ses->chan_count; i++) { 347 if (ses->chans[i].server == server) { 348 spin_unlock(&ses->chan_lock); 349 return &ses->chans[i]; 350 } 351 } 352 spin_unlock(&ses->chan_lock); 353 return NULL; 354 } 355 356 static int 357 cifs_ses_add_channel(struct cifs_ses *ses, 358 struct cifs_server_iface *iface) 359 { 360 struct TCP_Server_Info *chan_server; 361 struct cifs_chan *chan; 362 struct smb3_fs_context *ctx; 363 static const char unc_fmt[] = "\\%s\\foo"; 364 struct sockaddr_in *ipv4 = (struct sockaddr_in *)&iface->sockaddr; 365 struct sockaddr_in6 *ipv6 = (struct sockaddr_in6 *)&iface->sockaddr; 366 size_t len; 367 int rc; 368 unsigned int xid = get_xid(); 369 370 if (iface->sockaddr.ss_family == AF_INET) 371 cifs_dbg(FYI, "adding channel to ses %p (speed:%zu bps rdma:%s ip:%pI4)\n", 372 ses, iface->speed, iface->rdma_capable ? "yes" : "no", 373 &ipv4->sin_addr); 374 else 375 cifs_dbg(FYI, "adding channel to ses %p (speed:%zu bps rdma:%s ip:%pI6)\n", 376 ses, iface->speed, iface->rdma_capable ? "yes" : "no", 377 &ipv6->sin6_addr); 378 379 /* 380 * Setup a ctx with mostly the same info as the existing 381 * session and overwrite it with the requested iface data. 382 * 383 * We need to setup at least the fields used for negprot and 384 * sesssetup. 385 * 386 * We only need the ctx here, so we can reuse memory from 387 * the session and server without caring about memory 388 * management. 389 */ 390 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); 391 if (!ctx) { 392 rc = -ENOMEM; 393 goto out_free_xid; 394 } 395 396 /* Always make new connection for now (TODO?) */ 397 ctx->nosharesock = true; 398 399 /* Auth */ 400 ctx->domainauto = ses->domainAuto; 401 ctx->domainname = ses->domainName; 402 403 /* no hostname for extra channels */ 404 ctx->server_hostname = ""; 405 406 ctx->username = ses->user_name; 407 ctx->password = ses->password; 408 ctx->sectype = ses->sectype; 409 ctx->sign = ses->sign; 410 411 /* UNC and paths */ 412 /* XXX: Use ses->server->hostname? */ 413 len = sizeof(unc_fmt) + SERVER_NAME_LEN_WITH_NULL; 414 ctx->UNC = kzalloc(len, GFP_KERNEL); 415 if (!ctx->UNC) { 416 rc = -ENOMEM; 417 goto out_free_ctx; 418 } 419 scnprintf(ctx->UNC, len, unc_fmt, ses->ip_addr); 420 ctx->prepath = ""; 421 422 /* Reuse same version as master connection */ 423 ctx->vals = ses->server->vals; 424 ctx->ops = ses->server->ops; 425 426 ctx->noblocksnd = ses->server->noblocksnd; 427 ctx->noautotune = ses->server->noautotune; 428 ctx->sockopt_tcp_nodelay = ses->server->tcp_nodelay; 429 ctx->echo_interval = ses->server->echo_interval / HZ; 430 ctx->max_credits = ses->server->max_credits; 431 432 /* 433 * This will be used for encoding/decoding user/domain/pw 434 * during sess setup auth. 435 */ 436 ctx->local_nls = ses->local_nls; 437 438 /* Use RDMA if possible */ 439 ctx->rdma = iface->rdma_capable; 440 memcpy(&ctx->dstaddr, &iface->sockaddr, sizeof(ctx->dstaddr)); 441 442 /* reuse master con client guid */ 443 memcpy(&ctx->client_guid, ses->server->client_guid, 444 sizeof(ctx->client_guid)); 445 ctx->use_client_guid = true; 446 447 chan_server = cifs_get_tcp_session(ctx, ses->server); 448 449 spin_lock(&ses->chan_lock); 450 chan = &ses->chans[ses->chan_count]; 451 chan->server = chan_server; 452 if (IS_ERR(chan->server)) { 453 rc = PTR_ERR(chan->server); 454 chan->server = NULL; 455 spin_unlock(&ses->chan_lock); 456 goto out; 457 } 458 chan->iface = iface; 459 ses->chan_count++; 460 atomic_set(&ses->chan_seq, 0); 461 462 /* Mark this channel as needing connect/setup */ 463 cifs_chan_set_need_reconnect(ses, chan->server); 464 465 spin_unlock(&ses->chan_lock); 466 467 mutex_lock(&ses->session_mutex); 468 /* 469 * We need to allocate the server crypto now as we will need 470 * to sign packets before we generate the channel signing key 471 * (we sign with the session key) 472 */ 473 rc = smb311_crypto_shash_allocate(chan->server); 474 if (rc) { 475 cifs_dbg(VFS, "%s: crypto alloc failed\n", __func__); 476 mutex_unlock(&ses->session_mutex); 477 goto out; 478 } 479 480 rc = cifs_negotiate_protocol(xid, ses, chan->server); 481 if (!rc) 482 rc = cifs_setup_session(xid, ses, chan->server, ses->local_nls); 483 484 mutex_unlock(&ses->session_mutex); 485 486 out: 487 if (rc && chan->server) { 488 /* 489 * we should avoid race with these delayed works before we 490 * remove this channel 491 */ 492 cancel_delayed_work_sync(&chan->server->echo); 493 cancel_delayed_work_sync(&chan->server->reconnect); 494 495 spin_lock(&ses->chan_lock); 496 /* we rely on all bits beyond chan_count to be clear */ 497 cifs_chan_clear_need_reconnect(ses, chan->server); 498 ses->chan_count--; 499 /* 500 * chan_count should never reach 0 as at least the primary 501 * channel is always allocated 502 */ 503 WARN_ON(ses->chan_count < 1); 504 spin_unlock(&ses->chan_lock); 505 506 cifs_put_tcp_session(chan->server, 0); 507 } 508 509 kfree(ctx->UNC); 510 out_free_ctx: 511 kfree(ctx); 512 out_free_xid: 513 free_xid(xid); 514 return rc; 515 } 516 517 #ifdef CONFIG_CIFS_ALLOW_INSECURE_LEGACY 518 static __u32 cifs_ssetup_hdr(struct cifs_ses *ses, 519 struct TCP_Server_Info *server, 520 SESSION_SETUP_ANDX *pSMB) 521 { 522 __u32 capabilities = 0; 523 524 /* init fields common to all four types of SessSetup */ 525 /* Note that offsets for first seven fields in req struct are same */ 526 /* in CIFS Specs so does not matter which of 3 forms of struct */ 527 /* that we use in next few lines */ 528 /* Note that header is initialized to zero in header_assemble */ 529 pSMB->req.AndXCommand = 0xFF; 530 pSMB->req.MaxBufferSize = cpu_to_le16(min_t(u32, 531 CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4, 532 USHRT_MAX)); 533 pSMB->req.MaxMpxCount = cpu_to_le16(server->maxReq); 534 pSMB->req.VcNumber = cpu_to_le16(1); 535 536 /* Now no need to set SMBFLG_CASELESS or obsolete CANONICAL PATH */ 537 538 /* BB verify whether signing required on neg or just on auth frame 539 (and NTLM case) */ 540 541 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS | 542 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X; 543 544 if (server->sign) 545 pSMB->req.hdr.Flags2 |= SMBFLG2_SECURITY_SIGNATURE; 546 547 if (ses->capabilities & CAP_UNICODE) { 548 pSMB->req.hdr.Flags2 |= SMBFLG2_UNICODE; 549 capabilities |= CAP_UNICODE; 550 } 551 if (ses->capabilities & CAP_STATUS32) { 552 pSMB->req.hdr.Flags2 |= SMBFLG2_ERR_STATUS; 553 capabilities |= CAP_STATUS32; 554 } 555 if (ses->capabilities & CAP_DFS) { 556 pSMB->req.hdr.Flags2 |= SMBFLG2_DFS; 557 capabilities |= CAP_DFS; 558 } 559 if (ses->capabilities & CAP_UNIX) 560 capabilities |= CAP_UNIX; 561 562 return capabilities; 563 } 564 565 static void 566 unicode_oslm_strings(char **pbcc_area, const struct nls_table *nls_cp) 567 { 568 char *bcc_ptr = *pbcc_area; 569 int bytes_ret = 0; 570 571 /* Copy OS version */ 572 bytes_ret = cifs_strtoUTF16((__le16 *)bcc_ptr, "Linux version ", 32, 573 nls_cp); 574 bcc_ptr += 2 * bytes_ret; 575 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, init_utsname()->release, 576 32, nls_cp); 577 bcc_ptr += 2 * bytes_ret; 578 bcc_ptr += 2; /* trailing null */ 579 580 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS, 581 32, nls_cp); 582 bcc_ptr += 2 * bytes_ret; 583 bcc_ptr += 2; /* trailing null */ 584 585 *pbcc_area = bcc_ptr; 586 } 587 588 static void unicode_domain_string(char **pbcc_area, struct cifs_ses *ses, 589 const struct nls_table *nls_cp) 590 { 591 char *bcc_ptr = *pbcc_area; 592 int bytes_ret = 0; 593 594 /* copy domain */ 595 if (ses->domainName == NULL) { 596 /* Sending null domain better than using a bogus domain name (as 597 we did briefly in 2.6.18) since server will use its default */ 598 *bcc_ptr = 0; 599 *(bcc_ptr+1) = 0; 600 bytes_ret = 0; 601 } else 602 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, ses->domainName, 603 CIFS_MAX_DOMAINNAME_LEN, nls_cp); 604 bcc_ptr += 2 * bytes_ret; 605 bcc_ptr += 2; /* account for null terminator */ 606 607 *pbcc_area = bcc_ptr; 608 } 609 610 static void unicode_ssetup_strings(char **pbcc_area, struct cifs_ses *ses, 611 const struct nls_table *nls_cp) 612 { 613 char *bcc_ptr = *pbcc_area; 614 int bytes_ret = 0; 615 616 /* BB FIXME add check that strings total less 617 than 335 or will need to send them as arrays */ 618 619 /* copy user */ 620 if (ses->user_name == NULL) { 621 /* null user mount */ 622 *bcc_ptr = 0; 623 *(bcc_ptr+1) = 0; 624 } else { 625 bytes_ret = cifs_strtoUTF16((__le16 *) bcc_ptr, ses->user_name, 626 CIFS_MAX_USERNAME_LEN, nls_cp); 627 } 628 bcc_ptr += 2 * bytes_ret; 629 bcc_ptr += 2; /* account for null termination */ 630 631 unicode_domain_string(&bcc_ptr, ses, nls_cp); 632 unicode_oslm_strings(&bcc_ptr, nls_cp); 633 634 *pbcc_area = bcc_ptr; 635 } 636 637 static void ascii_ssetup_strings(char **pbcc_area, struct cifs_ses *ses, 638 const struct nls_table *nls_cp) 639 { 640 char *bcc_ptr = *pbcc_area; 641 int len; 642 643 /* copy user */ 644 /* BB what about null user mounts - check that we do this BB */ 645 /* copy user */ 646 if (ses->user_name != NULL) { 647 len = strscpy(bcc_ptr, ses->user_name, CIFS_MAX_USERNAME_LEN); 648 if (WARN_ON_ONCE(len < 0)) 649 len = CIFS_MAX_USERNAME_LEN - 1; 650 bcc_ptr += len; 651 } 652 /* else null user mount */ 653 *bcc_ptr = 0; 654 bcc_ptr++; /* account for null termination */ 655 656 /* copy domain */ 657 if (ses->domainName != NULL) { 658 len = strscpy(bcc_ptr, ses->domainName, CIFS_MAX_DOMAINNAME_LEN); 659 if (WARN_ON_ONCE(len < 0)) 660 len = CIFS_MAX_DOMAINNAME_LEN - 1; 661 bcc_ptr += len; 662 } /* else we will send a null domain name 663 so the server will default to its own domain */ 664 *bcc_ptr = 0; 665 bcc_ptr++; 666 667 /* BB check for overflow here */ 668 669 strcpy(bcc_ptr, "Linux version "); 670 bcc_ptr += strlen("Linux version "); 671 strcpy(bcc_ptr, init_utsname()->release); 672 bcc_ptr += strlen(init_utsname()->release) + 1; 673 674 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS); 675 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1; 676 677 *pbcc_area = bcc_ptr; 678 } 679 680 static void 681 decode_unicode_ssetup(char **pbcc_area, int bleft, struct cifs_ses *ses, 682 const struct nls_table *nls_cp) 683 { 684 int len; 685 char *data = *pbcc_area; 686 687 cifs_dbg(FYI, "bleft %d\n", bleft); 688 689 kfree(ses->serverOS); 690 ses->serverOS = cifs_strndup_from_utf16(data, bleft, true, nls_cp); 691 cifs_dbg(FYI, "serverOS=%s\n", ses->serverOS); 692 len = (UniStrnlen((wchar_t *) data, bleft / 2) * 2) + 2; 693 data += len; 694 bleft -= len; 695 if (bleft <= 0) 696 return; 697 698 kfree(ses->serverNOS); 699 ses->serverNOS = cifs_strndup_from_utf16(data, bleft, true, nls_cp); 700 cifs_dbg(FYI, "serverNOS=%s\n", ses->serverNOS); 701 len = (UniStrnlen((wchar_t *) data, bleft / 2) * 2) + 2; 702 data += len; 703 bleft -= len; 704 if (bleft <= 0) 705 return; 706 707 kfree(ses->serverDomain); 708 ses->serverDomain = cifs_strndup_from_utf16(data, bleft, true, nls_cp); 709 cifs_dbg(FYI, "serverDomain=%s\n", ses->serverDomain); 710 711 return; 712 } 713 714 static void decode_ascii_ssetup(char **pbcc_area, __u16 bleft, 715 struct cifs_ses *ses, 716 const struct nls_table *nls_cp) 717 { 718 int len; 719 char *bcc_ptr = *pbcc_area; 720 721 cifs_dbg(FYI, "decode sessetup ascii. bleft %d\n", bleft); 722 723 len = strnlen(bcc_ptr, bleft); 724 if (len >= bleft) 725 return; 726 727 kfree(ses->serverOS); 728 729 ses->serverOS = kmalloc(len + 1, GFP_KERNEL); 730 if (ses->serverOS) { 731 memcpy(ses->serverOS, bcc_ptr, len); 732 ses->serverOS[len] = 0; 733 if (strncmp(ses->serverOS, "OS/2", 4) == 0) 734 cifs_dbg(FYI, "OS/2 server\n"); 735 } 736 737 bcc_ptr += len + 1; 738 bleft -= len + 1; 739 740 len = strnlen(bcc_ptr, bleft); 741 if (len >= bleft) 742 return; 743 744 kfree(ses->serverNOS); 745 746 ses->serverNOS = kmalloc(len + 1, GFP_KERNEL); 747 if (ses->serverNOS) { 748 memcpy(ses->serverNOS, bcc_ptr, len); 749 ses->serverNOS[len] = 0; 750 } 751 752 bcc_ptr += len + 1; 753 bleft -= len + 1; 754 755 len = strnlen(bcc_ptr, bleft); 756 if (len > bleft) 757 return; 758 759 /* No domain field in LANMAN case. Domain is 760 returned by old servers in the SMB negprot response */ 761 /* BB For newer servers which do not support Unicode, 762 but thus do return domain here we could add parsing 763 for it later, but it is not very important */ 764 cifs_dbg(FYI, "ascii: bytes left %d\n", bleft); 765 } 766 #endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */ 767 768 int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len, 769 struct cifs_ses *ses) 770 { 771 unsigned int tioffset; /* challenge message target info area */ 772 unsigned int tilen; /* challenge message target info area length */ 773 CHALLENGE_MESSAGE *pblob = (CHALLENGE_MESSAGE *)bcc_ptr; 774 __u32 server_flags; 775 776 if (blob_len < sizeof(CHALLENGE_MESSAGE)) { 777 cifs_dbg(VFS, "challenge blob len %d too small\n", blob_len); 778 return -EINVAL; 779 } 780 781 if (memcmp(pblob->Signature, "NTLMSSP", 8)) { 782 cifs_dbg(VFS, "blob signature incorrect %s\n", 783 pblob->Signature); 784 return -EINVAL; 785 } 786 if (pblob->MessageType != NtLmChallenge) { 787 cifs_dbg(VFS, "Incorrect message type %d\n", 788 pblob->MessageType); 789 return -EINVAL; 790 } 791 792 server_flags = le32_to_cpu(pblob->NegotiateFlags); 793 cifs_dbg(FYI, "%s: negotiate=0x%08x challenge=0x%08x\n", __func__, 794 ses->ntlmssp->client_flags, server_flags); 795 796 if ((ses->ntlmssp->client_flags & (NTLMSSP_NEGOTIATE_SEAL | NTLMSSP_NEGOTIATE_SIGN)) && 797 (!(server_flags & NTLMSSP_NEGOTIATE_56) && !(server_flags & NTLMSSP_NEGOTIATE_128))) { 798 cifs_dbg(VFS, "%s: requested signing/encryption but server did not return either 56-bit or 128-bit session key size\n", 799 __func__); 800 return -EINVAL; 801 } 802 if (!(server_flags & NTLMSSP_NEGOTIATE_NTLM) && !(server_flags & NTLMSSP_NEGOTIATE_EXTENDED_SEC)) { 803 cifs_dbg(VFS, "%s: server does not seem to support either NTLMv1 or NTLMv2\n", __func__); 804 return -EINVAL; 805 } 806 if (ses->server->sign && !(server_flags & NTLMSSP_NEGOTIATE_SIGN)) { 807 cifs_dbg(VFS, "%s: forced packet signing but server does not seem to support it\n", 808 __func__); 809 return -EOPNOTSUPP; 810 } 811 if ((ses->ntlmssp->client_flags & NTLMSSP_NEGOTIATE_KEY_XCH) && 812 !(server_flags & NTLMSSP_NEGOTIATE_KEY_XCH)) 813 pr_warn_once("%s: authentication has been weakened as server does not support key exchange\n", 814 __func__); 815 816 ses->ntlmssp->server_flags = server_flags; 817 818 memcpy(ses->ntlmssp->cryptkey, pblob->Challenge, CIFS_CRYPTO_KEY_SIZE); 819 /* In particular we can examine sign flags */ 820 /* BB spec says that if AvId field of MsvAvTimestamp is populated then 821 we must set the MIC field of the AUTHENTICATE_MESSAGE */ 822 823 tioffset = le32_to_cpu(pblob->TargetInfoArray.BufferOffset); 824 tilen = le16_to_cpu(pblob->TargetInfoArray.Length); 825 if (tioffset > blob_len || tioffset + tilen > blob_len) { 826 cifs_dbg(VFS, "tioffset + tilen too high %u + %u\n", 827 tioffset, tilen); 828 return -EINVAL; 829 } 830 if (tilen) { 831 kfree_sensitive(ses->auth_key.response); 832 ses->auth_key.response = kmemdup(bcc_ptr + tioffset, tilen, 833 GFP_KERNEL); 834 if (!ses->auth_key.response) { 835 cifs_dbg(VFS, "Challenge target info alloc failure\n"); 836 return -ENOMEM; 837 } 838 ses->auth_key.len = tilen; 839 } 840 841 return 0; 842 } 843 844 static int size_of_ntlmssp_blob(struct cifs_ses *ses, int base_size) 845 { 846 int sz = base_size + ses->auth_key.len 847 - CIFS_SESS_KEY_SIZE + CIFS_CPHTXT_SIZE + 2; 848 849 if (ses->domainName) 850 sz += sizeof(__le16) * strnlen(ses->domainName, CIFS_MAX_DOMAINNAME_LEN); 851 else 852 sz += sizeof(__le16); 853 854 if (ses->user_name) 855 sz += sizeof(__le16) * strnlen(ses->user_name, CIFS_MAX_USERNAME_LEN); 856 else 857 sz += sizeof(__le16); 858 859 if (ses->workstation_name[0]) 860 sz += sizeof(__le16) * strnlen(ses->workstation_name, 861 ntlmssp_workstation_name_size(ses)); 862 else 863 sz += sizeof(__le16); 864 865 return sz; 866 } 867 868 static inline void cifs_security_buffer_from_str(SECURITY_BUFFER *pbuf, 869 char *str_value, 870 int str_length, 871 unsigned char *pstart, 872 unsigned char **pcur, 873 const struct nls_table *nls_cp) 874 { 875 unsigned char *tmp = pstart; 876 int len; 877 878 if (!pbuf) 879 return; 880 881 if (!pcur) 882 pcur = &tmp; 883 884 if (!str_value) { 885 pbuf->BufferOffset = cpu_to_le32(*pcur - pstart); 886 pbuf->Length = 0; 887 pbuf->MaximumLength = 0; 888 *pcur += sizeof(__le16); 889 } else { 890 len = cifs_strtoUTF16((__le16 *)*pcur, 891 str_value, 892 str_length, 893 nls_cp); 894 len *= sizeof(__le16); 895 pbuf->BufferOffset = cpu_to_le32(*pcur - pstart); 896 pbuf->Length = cpu_to_le16(len); 897 pbuf->MaximumLength = cpu_to_le16(len); 898 *pcur += len; 899 } 900 } 901 902 /* BB Move to ntlmssp.c eventually */ 903 904 int build_ntlmssp_negotiate_blob(unsigned char **pbuffer, 905 u16 *buflen, 906 struct cifs_ses *ses, 907 struct TCP_Server_Info *server, 908 const struct nls_table *nls_cp) 909 { 910 int rc = 0; 911 NEGOTIATE_MESSAGE *sec_blob; 912 __u32 flags; 913 unsigned char *tmp; 914 int len; 915 916 len = size_of_ntlmssp_blob(ses, sizeof(NEGOTIATE_MESSAGE)); 917 *pbuffer = kmalloc(len, GFP_KERNEL); 918 if (!*pbuffer) { 919 rc = -ENOMEM; 920 cifs_dbg(VFS, "Error %d during NTLMSSP allocation\n", rc); 921 *buflen = 0; 922 goto setup_ntlm_neg_ret; 923 } 924 sec_blob = (NEGOTIATE_MESSAGE *)*pbuffer; 925 926 memset(*pbuffer, 0, sizeof(NEGOTIATE_MESSAGE)); 927 memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8); 928 sec_blob->MessageType = NtLmNegotiate; 929 930 /* BB is NTLMV2 session security format easier to use here? */ 931 flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET | 932 NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE | 933 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC | 934 NTLMSSP_NEGOTIATE_ALWAYS_SIGN | NTLMSSP_NEGOTIATE_SEAL | 935 NTLMSSP_NEGOTIATE_SIGN; 936 if (!server->session_estab || ses->ntlmssp->sesskey_per_smbsess) 937 flags |= NTLMSSP_NEGOTIATE_KEY_XCH; 938 939 tmp = *pbuffer + sizeof(NEGOTIATE_MESSAGE); 940 ses->ntlmssp->client_flags = flags; 941 sec_blob->NegotiateFlags = cpu_to_le32(flags); 942 943 /* these fields should be null in negotiate phase MS-NLMP 3.1.5.1.1 */ 944 cifs_security_buffer_from_str(&sec_blob->DomainName, 945 NULL, 946 CIFS_MAX_DOMAINNAME_LEN, 947 *pbuffer, &tmp, 948 nls_cp); 949 950 cifs_security_buffer_from_str(&sec_blob->WorkstationName, 951 NULL, 952 CIFS_MAX_WORKSTATION_LEN, 953 *pbuffer, &tmp, 954 nls_cp); 955 956 *buflen = tmp - *pbuffer; 957 setup_ntlm_neg_ret: 958 return rc; 959 } 960 961 /* 962 * Build ntlmssp blob with additional fields, such as version, 963 * supported by modern servers. For safety limit to SMB3 or later 964 * See notes in MS-NLMP Section 2.2.2.1 e.g. 965 */ 966 int build_ntlmssp_smb3_negotiate_blob(unsigned char **pbuffer, 967 u16 *buflen, 968 struct cifs_ses *ses, 969 struct TCP_Server_Info *server, 970 const struct nls_table *nls_cp) 971 { 972 int rc = 0; 973 struct negotiate_message *sec_blob; 974 __u32 flags; 975 unsigned char *tmp; 976 int len; 977 978 len = size_of_ntlmssp_blob(ses, sizeof(struct negotiate_message)); 979 *pbuffer = kmalloc(len, GFP_KERNEL); 980 if (!*pbuffer) { 981 rc = -ENOMEM; 982 cifs_dbg(VFS, "Error %d during NTLMSSP allocation\n", rc); 983 *buflen = 0; 984 goto setup_ntlm_smb3_neg_ret; 985 } 986 sec_blob = (struct negotiate_message *)*pbuffer; 987 988 memset(*pbuffer, 0, sizeof(struct negotiate_message)); 989 memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8); 990 sec_blob->MessageType = NtLmNegotiate; 991 992 /* BB is NTLMV2 session security format easier to use here? */ 993 flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET | 994 NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE | 995 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC | 996 NTLMSSP_NEGOTIATE_ALWAYS_SIGN | NTLMSSP_NEGOTIATE_SEAL | 997 NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_VERSION; 998 if (!server->session_estab || ses->ntlmssp->sesskey_per_smbsess) 999 flags |= NTLMSSP_NEGOTIATE_KEY_XCH; 1000 1001 sec_blob->Version.ProductMajorVersion = LINUX_VERSION_MAJOR; 1002 sec_blob->Version.ProductMinorVersion = LINUX_VERSION_PATCHLEVEL; 1003 sec_blob->Version.ProductBuild = cpu_to_le16(SMB3_PRODUCT_BUILD); 1004 sec_blob->Version.NTLMRevisionCurrent = NTLMSSP_REVISION_W2K3; 1005 1006 tmp = *pbuffer + sizeof(struct negotiate_message); 1007 ses->ntlmssp->client_flags = flags; 1008 sec_blob->NegotiateFlags = cpu_to_le32(flags); 1009 1010 /* these fields should be null in negotiate phase MS-NLMP 3.1.5.1.1 */ 1011 cifs_security_buffer_from_str(&sec_blob->DomainName, 1012 NULL, 1013 CIFS_MAX_DOMAINNAME_LEN, 1014 *pbuffer, &tmp, 1015 nls_cp); 1016 1017 cifs_security_buffer_from_str(&sec_blob->WorkstationName, 1018 NULL, 1019 CIFS_MAX_WORKSTATION_LEN, 1020 *pbuffer, &tmp, 1021 nls_cp); 1022 1023 *buflen = tmp - *pbuffer; 1024 setup_ntlm_smb3_neg_ret: 1025 return rc; 1026 } 1027 1028 1029 /* See MS-NLMP 2.2.1.3 */ 1030 int build_ntlmssp_auth_blob(unsigned char **pbuffer, 1031 u16 *buflen, 1032 struct cifs_ses *ses, 1033 struct TCP_Server_Info *server, 1034 const struct nls_table *nls_cp) 1035 { 1036 int rc; 1037 AUTHENTICATE_MESSAGE *sec_blob; 1038 __u32 flags; 1039 unsigned char *tmp; 1040 int len; 1041 1042 rc = setup_ntlmv2_rsp(ses, nls_cp); 1043 if (rc) { 1044 cifs_dbg(VFS, "Error %d during NTLMSSP authentication\n", rc); 1045 *buflen = 0; 1046 goto setup_ntlmv2_ret; 1047 } 1048 1049 len = size_of_ntlmssp_blob(ses, sizeof(AUTHENTICATE_MESSAGE)); 1050 *pbuffer = kmalloc(len, GFP_KERNEL); 1051 if (!*pbuffer) { 1052 rc = -ENOMEM; 1053 cifs_dbg(VFS, "Error %d during NTLMSSP allocation\n", rc); 1054 *buflen = 0; 1055 goto setup_ntlmv2_ret; 1056 } 1057 sec_blob = (AUTHENTICATE_MESSAGE *)*pbuffer; 1058 1059 memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8); 1060 sec_blob->MessageType = NtLmAuthenticate; 1061 1062 flags = ses->ntlmssp->server_flags | NTLMSSP_REQUEST_TARGET | 1063 NTLMSSP_NEGOTIATE_TARGET_INFO | NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED; 1064 /* we only send version information in ntlmssp negotiate, so do not set this flag */ 1065 flags = flags & ~NTLMSSP_NEGOTIATE_VERSION; 1066 tmp = *pbuffer + sizeof(AUTHENTICATE_MESSAGE); 1067 sec_blob->NegotiateFlags = cpu_to_le32(flags); 1068 1069 sec_blob->LmChallengeResponse.BufferOffset = 1070 cpu_to_le32(sizeof(AUTHENTICATE_MESSAGE)); 1071 sec_blob->LmChallengeResponse.Length = 0; 1072 sec_blob->LmChallengeResponse.MaximumLength = 0; 1073 1074 sec_blob->NtChallengeResponse.BufferOffset = 1075 cpu_to_le32(tmp - *pbuffer); 1076 if (ses->user_name != NULL) { 1077 memcpy(tmp, ses->auth_key.response + CIFS_SESS_KEY_SIZE, 1078 ses->auth_key.len - CIFS_SESS_KEY_SIZE); 1079 tmp += ses->auth_key.len - CIFS_SESS_KEY_SIZE; 1080 1081 sec_blob->NtChallengeResponse.Length = 1082 cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE); 1083 sec_blob->NtChallengeResponse.MaximumLength = 1084 cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE); 1085 } else { 1086 /* 1087 * don't send an NT Response for anonymous access 1088 */ 1089 sec_blob->NtChallengeResponse.Length = 0; 1090 sec_blob->NtChallengeResponse.MaximumLength = 0; 1091 } 1092 1093 cifs_security_buffer_from_str(&sec_blob->DomainName, 1094 ses->domainName, 1095 CIFS_MAX_DOMAINNAME_LEN, 1096 *pbuffer, &tmp, 1097 nls_cp); 1098 1099 cifs_security_buffer_from_str(&sec_blob->UserName, 1100 ses->user_name, 1101 CIFS_MAX_USERNAME_LEN, 1102 *pbuffer, &tmp, 1103 nls_cp); 1104 1105 cifs_security_buffer_from_str(&sec_blob->WorkstationName, 1106 ses->workstation_name, 1107 ntlmssp_workstation_name_size(ses), 1108 *pbuffer, &tmp, 1109 nls_cp); 1110 1111 if ((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) && 1112 (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess) && 1113 !calc_seckey(ses)) { 1114 memcpy(tmp, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE); 1115 sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - *pbuffer); 1116 sec_blob->SessionKey.Length = cpu_to_le16(CIFS_CPHTXT_SIZE); 1117 sec_blob->SessionKey.MaximumLength = 1118 cpu_to_le16(CIFS_CPHTXT_SIZE); 1119 tmp += CIFS_CPHTXT_SIZE; 1120 } else { 1121 sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - *pbuffer); 1122 sec_blob->SessionKey.Length = 0; 1123 sec_blob->SessionKey.MaximumLength = 0; 1124 } 1125 1126 *buflen = tmp - *pbuffer; 1127 setup_ntlmv2_ret: 1128 return rc; 1129 } 1130 1131 enum securityEnum 1132 cifs_select_sectype(struct TCP_Server_Info *server, enum securityEnum requested) 1133 { 1134 switch (server->negflavor) { 1135 case CIFS_NEGFLAVOR_EXTENDED: 1136 switch (requested) { 1137 case Kerberos: 1138 case RawNTLMSSP: 1139 return requested; 1140 case Unspecified: 1141 if (server->sec_ntlmssp && 1142 (global_secflags & CIFSSEC_MAY_NTLMSSP)) 1143 return RawNTLMSSP; 1144 if ((server->sec_kerberos || server->sec_mskerberos) && 1145 (global_secflags & CIFSSEC_MAY_KRB5)) 1146 return Kerberos; 1147 fallthrough; 1148 default: 1149 return Unspecified; 1150 } 1151 case CIFS_NEGFLAVOR_UNENCAP: 1152 switch (requested) { 1153 case NTLMv2: 1154 return requested; 1155 case Unspecified: 1156 if (global_secflags & CIFSSEC_MAY_NTLMV2) 1157 return NTLMv2; 1158 break; 1159 default: 1160 break; 1161 } 1162 fallthrough; 1163 default: 1164 return Unspecified; 1165 } 1166 } 1167 1168 struct sess_data { 1169 unsigned int xid; 1170 struct cifs_ses *ses; 1171 struct TCP_Server_Info *server; 1172 struct nls_table *nls_cp; 1173 void (*func)(struct sess_data *); 1174 int result; 1175 1176 /* we will send the SMB in three pieces: 1177 * a fixed length beginning part, an optional 1178 * SPNEGO blob (which can be zero length), and a 1179 * last part which will include the strings 1180 * and rest of bcc area. This allows us to avoid 1181 * a large buffer 17K allocation 1182 */ 1183 int buf0_type; 1184 struct kvec iov[3]; 1185 }; 1186 1187 #ifdef CONFIG_CIFS_ALLOW_INSECURE_LEGACY 1188 static int 1189 sess_alloc_buffer(struct sess_data *sess_data, int wct) 1190 { 1191 int rc; 1192 struct cifs_ses *ses = sess_data->ses; 1193 struct smb_hdr *smb_buf; 1194 1195 rc = small_smb_init_no_tc(SMB_COM_SESSION_SETUP_ANDX, wct, ses, 1196 (void **)&smb_buf); 1197 1198 if (rc) 1199 return rc; 1200 1201 sess_data->iov[0].iov_base = (char *)smb_buf; 1202 sess_data->iov[0].iov_len = be32_to_cpu(smb_buf->smb_buf_length) + 4; 1203 /* 1204 * This variable will be used to clear the buffer 1205 * allocated above in case of any error in the calling function. 1206 */ 1207 sess_data->buf0_type = CIFS_SMALL_BUFFER; 1208 1209 /* 2000 big enough to fit max user, domain, NOS name etc. */ 1210 sess_data->iov[2].iov_base = kmalloc(2000, GFP_KERNEL); 1211 if (!sess_data->iov[2].iov_base) { 1212 rc = -ENOMEM; 1213 goto out_free_smb_buf; 1214 } 1215 1216 return 0; 1217 1218 out_free_smb_buf: 1219 cifs_small_buf_release(smb_buf); 1220 sess_data->iov[0].iov_base = NULL; 1221 sess_data->iov[0].iov_len = 0; 1222 sess_data->buf0_type = CIFS_NO_BUFFER; 1223 return rc; 1224 } 1225 1226 static void 1227 sess_free_buffer(struct sess_data *sess_data) 1228 { 1229 struct kvec *iov = sess_data->iov; 1230 1231 /* 1232 * Zero the session data before freeing, as it might contain sensitive info (keys, etc). 1233 * Note that iov[1] is already freed by caller. 1234 */ 1235 if (sess_data->buf0_type != CIFS_NO_BUFFER && iov[0].iov_base) 1236 memzero_explicit(iov[0].iov_base, iov[0].iov_len); 1237 1238 free_rsp_buf(sess_data->buf0_type, iov[0].iov_base); 1239 sess_data->buf0_type = CIFS_NO_BUFFER; 1240 kfree_sensitive(iov[2].iov_base); 1241 } 1242 1243 static int 1244 sess_establish_session(struct sess_data *sess_data) 1245 { 1246 struct cifs_ses *ses = sess_data->ses; 1247 struct TCP_Server_Info *server = sess_data->server; 1248 1249 cifs_server_lock(server); 1250 if (!server->session_estab) { 1251 if (server->sign) { 1252 server->session_key.response = 1253 kmemdup(ses->auth_key.response, 1254 ses->auth_key.len, GFP_KERNEL); 1255 if (!server->session_key.response) { 1256 cifs_server_unlock(server); 1257 return -ENOMEM; 1258 } 1259 server->session_key.len = 1260 ses->auth_key.len; 1261 } 1262 server->sequence_number = 0x2; 1263 server->session_estab = true; 1264 } 1265 cifs_server_unlock(server); 1266 1267 cifs_dbg(FYI, "CIFS session established successfully\n"); 1268 return 0; 1269 } 1270 1271 static int 1272 sess_sendreceive(struct sess_data *sess_data) 1273 { 1274 int rc; 1275 struct smb_hdr *smb_buf = (struct smb_hdr *) sess_data->iov[0].iov_base; 1276 __u16 count; 1277 struct kvec rsp_iov = { NULL, 0 }; 1278 1279 count = sess_data->iov[1].iov_len + sess_data->iov[2].iov_len; 1280 be32_add_cpu(&smb_buf->smb_buf_length, count); 1281 put_bcc(count, smb_buf); 1282 1283 rc = SendReceive2(sess_data->xid, sess_data->ses, 1284 sess_data->iov, 3 /* num_iovecs */, 1285 &sess_data->buf0_type, 1286 CIFS_LOG_ERROR, &rsp_iov); 1287 cifs_small_buf_release(sess_data->iov[0].iov_base); 1288 memcpy(&sess_data->iov[0], &rsp_iov, sizeof(struct kvec)); 1289 1290 return rc; 1291 } 1292 1293 static void 1294 sess_auth_ntlmv2(struct sess_data *sess_data) 1295 { 1296 int rc = 0; 1297 struct smb_hdr *smb_buf; 1298 SESSION_SETUP_ANDX *pSMB; 1299 char *bcc_ptr; 1300 struct cifs_ses *ses = sess_data->ses; 1301 struct TCP_Server_Info *server = sess_data->server; 1302 __u32 capabilities; 1303 __u16 bytes_remaining; 1304 1305 /* old style NTLM sessionsetup */ 1306 /* wct = 13 */ 1307 rc = sess_alloc_buffer(sess_data, 13); 1308 if (rc) 1309 goto out; 1310 1311 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base; 1312 bcc_ptr = sess_data->iov[2].iov_base; 1313 capabilities = cifs_ssetup_hdr(ses, server, pSMB); 1314 1315 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities); 1316 1317 /* LM2 password would be here if we supported it */ 1318 pSMB->req_no_secext.CaseInsensitivePasswordLength = 0; 1319 1320 if (ses->user_name != NULL) { 1321 /* calculate nlmv2 response and session key */ 1322 rc = setup_ntlmv2_rsp(ses, sess_data->nls_cp); 1323 if (rc) { 1324 cifs_dbg(VFS, "Error %d during NTLMv2 authentication\n", rc); 1325 goto out; 1326 } 1327 1328 memcpy(bcc_ptr, ses->auth_key.response + CIFS_SESS_KEY_SIZE, 1329 ses->auth_key.len - CIFS_SESS_KEY_SIZE); 1330 bcc_ptr += ses->auth_key.len - CIFS_SESS_KEY_SIZE; 1331 1332 /* set case sensitive password length after tilen may get 1333 * assigned, tilen is 0 otherwise. 1334 */ 1335 pSMB->req_no_secext.CaseSensitivePasswordLength = 1336 cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE); 1337 } else { 1338 pSMB->req_no_secext.CaseSensitivePasswordLength = 0; 1339 } 1340 1341 if (ses->capabilities & CAP_UNICODE) { 1342 if (!IS_ALIGNED(sess_data->iov[0].iov_len, 2)) { 1343 *bcc_ptr = 0; 1344 bcc_ptr++; 1345 } 1346 unicode_ssetup_strings(&bcc_ptr, ses, sess_data->nls_cp); 1347 } else { 1348 ascii_ssetup_strings(&bcc_ptr, ses, sess_data->nls_cp); 1349 } 1350 1351 1352 sess_data->iov[2].iov_len = (long) bcc_ptr - 1353 (long) sess_data->iov[2].iov_base; 1354 1355 rc = sess_sendreceive(sess_data); 1356 if (rc) 1357 goto out; 1358 1359 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base; 1360 smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base; 1361 1362 if (smb_buf->WordCount != 3) { 1363 rc = -EIO; 1364 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount); 1365 goto out; 1366 } 1367 1368 if (le16_to_cpu(pSMB->resp.Action) & GUEST_LOGIN) 1369 cifs_dbg(FYI, "Guest login\n"); /* BB mark SesInfo struct? */ 1370 1371 ses->Suid = smb_buf->Uid; /* UID left in wire format (le) */ 1372 cifs_dbg(FYI, "UID = %llu\n", ses->Suid); 1373 1374 bytes_remaining = get_bcc(smb_buf); 1375 bcc_ptr = pByteArea(smb_buf); 1376 1377 /* BB check if Unicode and decode strings */ 1378 if (bytes_remaining == 0) { 1379 /* no string area to decode, do nothing */ 1380 } else if (smb_buf->Flags2 & SMBFLG2_UNICODE) { 1381 /* unicode string area must be word-aligned */ 1382 if (!IS_ALIGNED((unsigned long)bcc_ptr - (unsigned long)smb_buf, 2)) { 1383 ++bcc_ptr; 1384 --bytes_remaining; 1385 } 1386 decode_unicode_ssetup(&bcc_ptr, bytes_remaining, ses, 1387 sess_data->nls_cp); 1388 } else { 1389 decode_ascii_ssetup(&bcc_ptr, bytes_remaining, ses, 1390 sess_data->nls_cp); 1391 } 1392 1393 rc = sess_establish_session(sess_data); 1394 out: 1395 sess_data->result = rc; 1396 sess_data->func = NULL; 1397 sess_free_buffer(sess_data); 1398 kfree_sensitive(ses->auth_key.response); 1399 ses->auth_key.response = NULL; 1400 } 1401 1402 #ifdef CONFIG_CIFS_UPCALL 1403 static void 1404 sess_auth_kerberos(struct sess_data *sess_data) 1405 { 1406 int rc = 0; 1407 struct smb_hdr *smb_buf; 1408 SESSION_SETUP_ANDX *pSMB; 1409 char *bcc_ptr; 1410 struct cifs_ses *ses = sess_data->ses; 1411 struct TCP_Server_Info *server = sess_data->server; 1412 __u32 capabilities; 1413 __u16 bytes_remaining; 1414 struct key *spnego_key = NULL; 1415 struct cifs_spnego_msg *msg; 1416 u16 blob_len; 1417 1418 /* extended security */ 1419 /* wct = 12 */ 1420 rc = sess_alloc_buffer(sess_data, 12); 1421 if (rc) 1422 goto out; 1423 1424 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base; 1425 bcc_ptr = sess_data->iov[2].iov_base; 1426 capabilities = cifs_ssetup_hdr(ses, server, pSMB); 1427 1428 spnego_key = cifs_get_spnego_key(ses, server); 1429 if (IS_ERR(spnego_key)) { 1430 rc = PTR_ERR(spnego_key); 1431 spnego_key = NULL; 1432 goto out; 1433 } 1434 1435 msg = spnego_key->payload.data[0]; 1436 /* 1437 * check version field to make sure that cifs.upcall is 1438 * sending us a response in an expected form 1439 */ 1440 if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) { 1441 cifs_dbg(VFS, "incorrect version of cifs.upcall (expected %d but got %d)\n", 1442 CIFS_SPNEGO_UPCALL_VERSION, msg->version); 1443 rc = -EKEYREJECTED; 1444 goto out_put_spnego_key; 1445 } 1446 1447 kfree_sensitive(ses->auth_key.response); 1448 ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len, 1449 GFP_KERNEL); 1450 if (!ses->auth_key.response) { 1451 cifs_dbg(VFS, "Kerberos can't allocate (%u bytes) memory\n", 1452 msg->sesskey_len); 1453 rc = -ENOMEM; 1454 goto out_put_spnego_key; 1455 } 1456 ses->auth_key.len = msg->sesskey_len; 1457 1458 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC; 1459 capabilities |= CAP_EXTENDED_SECURITY; 1460 pSMB->req.Capabilities = cpu_to_le32(capabilities); 1461 sess_data->iov[1].iov_base = msg->data + msg->sesskey_len; 1462 sess_data->iov[1].iov_len = msg->secblob_len; 1463 pSMB->req.SecurityBlobLength = cpu_to_le16(sess_data->iov[1].iov_len); 1464 1465 if (ses->capabilities & CAP_UNICODE) { 1466 /* unicode strings must be word aligned */ 1467 if (!IS_ALIGNED(sess_data->iov[0].iov_len + sess_data->iov[1].iov_len, 2)) { 1468 *bcc_ptr = 0; 1469 bcc_ptr++; 1470 } 1471 unicode_oslm_strings(&bcc_ptr, sess_data->nls_cp); 1472 unicode_domain_string(&bcc_ptr, ses, sess_data->nls_cp); 1473 } else { 1474 /* BB: is this right? */ 1475 ascii_ssetup_strings(&bcc_ptr, ses, sess_data->nls_cp); 1476 } 1477 1478 sess_data->iov[2].iov_len = (long) bcc_ptr - 1479 (long) sess_data->iov[2].iov_base; 1480 1481 rc = sess_sendreceive(sess_data); 1482 if (rc) 1483 goto out_put_spnego_key; 1484 1485 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base; 1486 smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base; 1487 1488 if (smb_buf->WordCount != 4) { 1489 rc = -EIO; 1490 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount); 1491 goto out_put_spnego_key; 1492 } 1493 1494 if (le16_to_cpu(pSMB->resp.Action) & GUEST_LOGIN) 1495 cifs_dbg(FYI, "Guest login\n"); /* BB mark SesInfo struct? */ 1496 1497 ses->Suid = smb_buf->Uid; /* UID left in wire format (le) */ 1498 cifs_dbg(FYI, "UID = %llu\n", ses->Suid); 1499 1500 bytes_remaining = get_bcc(smb_buf); 1501 bcc_ptr = pByteArea(smb_buf); 1502 1503 blob_len = le16_to_cpu(pSMB->resp.SecurityBlobLength); 1504 if (blob_len > bytes_remaining) { 1505 cifs_dbg(VFS, "bad security blob length %d\n", 1506 blob_len); 1507 rc = -EINVAL; 1508 goto out_put_spnego_key; 1509 } 1510 bcc_ptr += blob_len; 1511 bytes_remaining -= blob_len; 1512 1513 /* BB check if Unicode and decode strings */ 1514 if (bytes_remaining == 0) { 1515 /* no string area to decode, do nothing */ 1516 } else if (smb_buf->Flags2 & SMBFLG2_UNICODE) { 1517 /* unicode string area must be word-aligned */ 1518 if (!IS_ALIGNED((unsigned long)bcc_ptr - (unsigned long)smb_buf, 2)) { 1519 ++bcc_ptr; 1520 --bytes_remaining; 1521 } 1522 decode_unicode_ssetup(&bcc_ptr, bytes_remaining, ses, 1523 sess_data->nls_cp); 1524 } else { 1525 decode_ascii_ssetup(&bcc_ptr, bytes_remaining, ses, 1526 sess_data->nls_cp); 1527 } 1528 1529 rc = sess_establish_session(sess_data); 1530 out_put_spnego_key: 1531 key_invalidate(spnego_key); 1532 key_put(spnego_key); 1533 out: 1534 sess_data->result = rc; 1535 sess_data->func = NULL; 1536 sess_free_buffer(sess_data); 1537 kfree_sensitive(ses->auth_key.response); 1538 ses->auth_key.response = NULL; 1539 } 1540 1541 #endif /* ! CONFIG_CIFS_UPCALL */ 1542 1543 /* 1544 * The required kvec buffers have to be allocated before calling this 1545 * function. 1546 */ 1547 static int 1548 _sess_auth_rawntlmssp_assemble_req(struct sess_data *sess_data) 1549 { 1550 SESSION_SETUP_ANDX *pSMB; 1551 struct cifs_ses *ses = sess_data->ses; 1552 struct TCP_Server_Info *server = sess_data->server; 1553 __u32 capabilities; 1554 char *bcc_ptr; 1555 1556 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base; 1557 1558 capabilities = cifs_ssetup_hdr(ses, server, pSMB); 1559 if ((pSMB->req.hdr.Flags2 & SMBFLG2_UNICODE) == 0) { 1560 cifs_dbg(VFS, "NTLMSSP requires Unicode support\n"); 1561 return -ENOSYS; 1562 } 1563 1564 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC; 1565 capabilities |= CAP_EXTENDED_SECURITY; 1566 pSMB->req.Capabilities |= cpu_to_le32(capabilities); 1567 1568 bcc_ptr = sess_data->iov[2].iov_base; 1569 /* unicode strings must be word aligned */ 1570 if (!IS_ALIGNED(sess_data->iov[0].iov_len + sess_data->iov[1].iov_len, 2)) { 1571 *bcc_ptr = 0; 1572 bcc_ptr++; 1573 } 1574 unicode_oslm_strings(&bcc_ptr, sess_data->nls_cp); 1575 1576 sess_data->iov[2].iov_len = (long) bcc_ptr - 1577 (long) sess_data->iov[2].iov_base; 1578 1579 return 0; 1580 } 1581 1582 static void 1583 sess_auth_rawntlmssp_authenticate(struct sess_data *sess_data); 1584 1585 static void 1586 sess_auth_rawntlmssp_negotiate(struct sess_data *sess_data) 1587 { 1588 int rc; 1589 struct smb_hdr *smb_buf; 1590 SESSION_SETUP_ANDX *pSMB; 1591 struct cifs_ses *ses = sess_data->ses; 1592 struct TCP_Server_Info *server = sess_data->server; 1593 __u16 bytes_remaining; 1594 char *bcc_ptr; 1595 unsigned char *ntlmsspblob = NULL; 1596 u16 blob_len; 1597 1598 cifs_dbg(FYI, "rawntlmssp session setup negotiate phase\n"); 1599 1600 /* 1601 * if memory allocation is successful, caller of this function 1602 * frees it. 1603 */ 1604 ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL); 1605 if (!ses->ntlmssp) { 1606 rc = -ENOMEM; 1607 goto out; 1608 } 1609 ses->ntlmssp->sesskey_per_smbsess = false; 1610 1611 /* wct = 12 */ 1612 rc = sess_alloc_buffer(sess_data, 12); 1613 if (rc) 1614 goto out; 1615 1616 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base; 1617 1618 /* Build security blob before we assemble the request */ 1619 rc = build_ntlmssp_negotiate_blob(&ntlmsspblob, 1620 &blob_len, ses, server, 1621 sess_data->nls_cp); 1622 if (rc) 1623 goto out_free_ntlmsspblob; 1624 1625 sess_data->iov[1].iov_len = blob_len; 1626 sess_data->iov[1].iov_base = ntlmsspblob; 1627 pSMB->req.SecurityBlobLength = cpu_to_le16(blob_len); 1628 1629 rc = _sess_auth_rawntlmssp_assemble_req(sess_data); 1630 if (rc) 1631 goto out_free_ntlmsspblob; 1632 1633 rc = sess_sendreceive(sess_data); 1634 1635 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base; 1636 smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base; 1637 1638 /* If true, rc here is expected and not an error */ 1639 if (sess_data->buf0_type != CIFS_NO_BUFFER && 1640 smb_buf->Status.CifsError == 1641 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED)) 1642 rc = 0; 1643 1644 if (rc) 1645 goto out_free_ntlmsspblob; 1646 1647 cifs_dbg(FYI, "rawntlmssp session setup challenge phase\n"); 1648 1649 if (smb_buf->WordCount != 4) { 1650 rc = -EIO; 1651 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount); 1652 goto out_free_ntlmsspblob; 1653 } 1654 1655 ses->Suid = smb_buf->Uid; /* UID left in wire format (le) */ 1656 cifs_dbg(FYI, "UID = %llu\n", ses->Suid); 1657 1658 bytes_remaining = get_bcc(smb_buf); 1659 bcc_ptr = pByteArea(smb_buf); 1660 1661 blob_len = le16_to_cpu(pSMB->resp.SecurityBlobLength); 1662 if (blob_len > bytes_remaining) { 1663 cifs_dbg(VFS, "bad security blob length %d\n", 1664 blob_len); 1665 rc = -EINVAL; 1666 goto out_free_ntlmsspblob; 1667 } 1668 1669 rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses); 1670 1671 out_free_ntlmsspblob: 1672 kfree_sensitive(ntlmsspblob); 1673 out: 1674 sess_free_buffer(sess_data); 1675 1676 if (!rc) { 1677 sess_data->func = sess_auth_rawntlmssp_authenticate; 1678 return; 1679 } 1680 1681 /* Else error. Cleanup */ 1682 kfree_sensitive(ses->auth_key.response); 1683 ses->auth_key.response = NULL; 1684 kfree_sensitive(ses->ntlmssp); 1685 ses->ntlmssp = NULL; 1686 1687 sess_data->func = NULL; 1688 sess_data->result = rc; 1689 } 1690 1691 static void 1692 sess_auth_rawntlmssp_authenticate(struct sess_data *sess_data) 1693 { 1694 int rc; 1695 struct smb_hdr *smb_buf; 1696 SESSION_SETUP_ANDX *pSMB; 1697 struct cifs_ses *ses = sess_data->ses; 1698 struct TCP_Server_Info *server = sess_data->server; 1699 __u16 bytes_remaining; 1700 char *bcc_ptr; 1701 unsigned char *ntlmsspblob = NULL; 1702 u16 blob_len; 1703 1704 cifs_dbg(FYI, "rawntlmssp session setup authenticate phase\n"); 1705 1706 /* wct = 12 */ 1707 rc = sess_alloc_buffer(sess_data, 12); 1708 if (rc) 1709 goto out; 1710 1711 /* Build security blob before we assemble the request */ 1712 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base; 1713 smb_buf = (struct smb_hdr *)pSMB; 1714 rc = build_ntlmssp_auth_blob(&ntlmsspblob, 1715 &blob_len, ses, server, 1716 sess_data->nls_cp); 1717 if (rc) 1718 goto out_free_ntlmsspblob; 1719 sess_data->iov[1].iov_len = blob_len; 1720 sess_data->iov[1].iov_base = ntlmsspblob; 1721 pSMB->req.SecurityBlobLength = cpu_to_le16(blob_len); 1722 /* 1723 * Make sure that we tell the server that we are using 1724 * the uid that it just gave us back on the response 1725 * (challenge) 1726 */ 1727 smb_buf->Uid = ses->Suid; 1728 1729 rc = _sess_auth_rawntlmssp_assemble_req(sess_data); 1730 if (rc) 1731 goto out_free_ntlmsspblob; 1732 1733 rc = sess_sendreceive(sess_data); 1734 if (rc) 1735 goto out_free_ntlmsspblob; 1736 1737 pSMB = (SESSION_SETUP_ANDX *)sess_data->iov[0].iov_base; 1738 smb_buf = (struct smb_hdr *)sess_data->iov[0].iov_base; 1739 if (smb_buf->WordCount != 4) { 1740 rc = -EIO; 1741 cifs_dbg(VFS, "bad word count %d\n", smb_buf->WordCount); 1742 goto out_free_ntlmsspblob; 1743 } 1744 1745 if (le16_to_cpu(pSMB->resp.Action) & GUEST_LOGIN) 1746 cifs_dbg(FYI, "Guest login\n"); /* BB mark SesInfo struct? */ 1747 1748 if (ses->Suid != smb_buf->Uid) { 1749 ses->Suid = smb_buf->Uid; 1750 cifs_dbg(FYI, "UID changed! new UID = %llu\n", ses->Suid); 1751 } 1752 1753 bytes_remaining = get_bcc(smb_buf); 1754 bcc_ptr = pByteArea(smb_buf); 1755 blob_len = le16_to_cpu(pSMB->resp.SecurityBlobLength); 1756 if (blob_len > bytes_remaining) { 1757 cifs_dbg(VFS, "bad security blob length %d\n", 1758 blob_len); 1759 rc = -EINVAL; 1760 goto out_free_ntlmsspblob; 1761 } 1762 bcc_ptr += blob_len; 1763 bytes_remaining -= blob_len; 1764 1765 1766 /* BB check if Unicode and decode strings */ 1767 if (bytes_remaining == 0) { 1768 /* no string area to decode, do nothing */ 1769 } else if (smb_buf->Flags2 & SMBFLG2_UNICODE) { 1770 /* unicode string area must be word-aligned */ 1771 if (!IS_ALIGNED((unsigned long)bcc_ptr - (unsigned long)smb_buf, 2)) { 1772 ++bcc_ptr; 1773 --bytes_remaining; 1774 } 1775 decode_unicode_ssetup(&bcc_ptr, bytes_remaining, ses, 1776 sess_data->nls_cp); 1777 } else { 1778 decode_ascii_ssetup(&bcc_ptr, bytes_remaining, ses, 1779 sess_data->nls_cp); 1780 } 1781 1782 out_free_ntlmsspblob: 1783 kfree_sensitive(ntlmsspblob); 1784 out: 1785 sess_free_buffer(sess_data); 1786 1787 if (!rc) 1788 rc = sess_establish_session(sess_data); 1789 1790 /* Cleanup */ 1791 kfree_sensitive(ses->auth_key.response); 1792 ses->auth_key.response = NULL; 1793 kfree_sensitive(ses->ntlmssp); 1794 ses->ntlmssp = NULL; 1795 1796 sess_data->func = NULL; 1797 sess_data->result = rc; 1798 } 1799 1800 static int select_sec(struct sess_data *sess_data) 1801 { 1802 int type; 1803 struct cifs_ses *ses = sess_data->ses; 1804 struct TCP_Server_Info *server = sess_data->server; 1805 1806 type = cifs_select_sectype(server, ses->sectype); 1807 cifs_dbg(FYI, "sess setup type %d\n", type); 1808 if (type == Unspecified) { 1809 cifs_dbg(VFS, "Unable to select appropriate authentication method!\n"); 1810 return -EINVAL; 1811 } 1812 1813 switch (type) { 1814 case NTLMv2: 1815 sess_data->func = sess_auth_ntlmv2; 1816 break; 1817 case Kerberos: 1818 #ifdef CONFIG_CIFS_UPCALL 1819 sess_data->func = sess_auth_kerberos; 1820 break; 1821 #else 1822 cifs_dbg(VFS, "Kerberos negotiated but upcall support disabled!\n"); 1823 return -ENOSYS; 1824 #endif /* CONFIG_CIFS_UPCALL */ 1825 case RawNTLMSSP: 1826 sess_data->func = sess_auth_rawntlmssp_negotiate; 1827 break; 1828 default: 1829 cifs_dbg(VFS, "secType %d not supported!\n", type); 1830 return -ENOSYS; 1831 } 1832 1833 return 0; 1834 } 1835 1836 int CIFS_SessSetup(const unsigned int xid, struct cifs_ses *ses, 1837 struct TCP_Server_Info *server, 1838 const struct nls_table *nls_cp) 1839 { 1840 int rc = 0; 1841 struct sess_data *sess_data; 1842 1843 if (ses == NULL) { 1844 WARN(1, "%s: ses == NULL!", __func__); 1845 return -EINVAL; 1846 } 1847 1848 sess_data = kzalloc(sizeof(struct sess_data), GFP_KERNEL); 1849 if (!sess_data) 1850 return -ENOMEM; 1851 1852 sess_data->xid = xid; 1853 sess_data->ses = ses; 1854 sess_data->server = server; 1855 sess_data->buf0_type = CIFS_NO_BUFFER; 1856 sess_data->nls_cp = (struct nls_table *) nls_cp; 1857 1858 rc = select_sec(sess_data); 1859 if (rc) 1860 goto out; 1861 1862 while (sess_data->func) 1863 sess_data->func(sess_data); 1864 1865 /* Store result before we free sess_data */ 1866 rc = sess_data->result; 1867 1868 out: 1869 kfree_sensitive(sess_data); 1870 return rc; 1871 } 1872 #endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */ 1873