2012/8/1 Jeff Layton <jlayton@xxxxxxxxxxxxxxx>:
> On Fri, 13 Jul 2012 11:53:29 +0400
> Pavel Shilovsky <pshilovsky@xxxxxxxxx> wrote:
>
>> From: Pavel Shilovsky <piastry@xxxxxxxxxxx>
>>
>> Signed-off-by: Pavel Shilovsky <piastry@xxxxxxxxxxx>
>> ---
>> fs/cifs/cifsglob.h | 3 +
>> fs/cifs/ntlmssp.h | 10 +++
>> fs/cifs/sess.c | 6 +-
>> fs/cifs/smb2misc.c | 5 +
>> fs/cifs/smb2ops.c | 2 +
>> fs/cifs/smb2pdu.c | 221 +++++++++++++++++++++++++++++++++++++++++++++++++++
>> fs/cifs/smb2pdu.h | 37 +++++++++
>> fs/cifs/smb2proto.h | 3 +
>> 8 files changed, 284 insertions(+), 3 deletions(-)
>>
>> diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
>> index 2d48f88..0d78bc4 100644
>> --- a/fs/cifs/cifsglob.h
>> +++ b/fs/cifs/cifsglob.h
>> @@ -504,6 +504,9 @@ struct cifs_ses {
>> struct session_key auth_key;
>> struct ntlmssp_auth *ntlmssp; /* ciphertext, flags, server challenge */
>> bool need_reconnect:1; /* connection reset, uid now invalid */
>> +#ifdef CONFIG_CIFS_SMB2
>> + __u16 session_flags;
>> +#endif /* CONFIG_CIFS_SMB2 */
>> };
>> /* no more than one of the following three session flags may be set */
>> #define CIFS_SES_NT4 1
>> diff --git a/fs/cifs/ntlmssp.h b/fs/cifs/ntlmssp.h
>> index 5d52e4a..848249f 100644
>> --- a/fs/cifs/ntlmssp.h
>> +++ b/fs/cifs/ntlmssp.h
>> @@ -126,3 +126,13 @@ typedef struct _AUTHENTICATE_MESSAGE {
>> do not set the version is present flag */
>> char UserString[0];
>> } __attribute__((packed)) AUTHENTICATE_MESSAGE, *PAUTHENTICATE_MESSAGE;
>> +
>> +/*
>> + * Size of the session key (crypto key encrypted with the password
>> + */
>> +
>> +int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len, struct cifs_ses *ses);
>> +void build_ntlmssp_negotiate_blob(unsigned char *pbuffer, struct cifs_ses *ses);
>> +int build_ntlmssp_auth_blob(unsigned char *pbuffer, u16 *buflen,
>> + struct cifs_ses *ses,
>> + const struct nls_table *nls_cp);
>> diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
>> index e25b312..b298d27 100644
>> --- a/fs/cifs/sess.c
>> +++ b/fs/cifs/sess.c
>> @@ -364,7 +364,7 @@ static int decode_ascii_ssetup(char **pbcc_area, __u16 bleft,
>> return rc;
>> }
>>
>> -static int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len,
>> +int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len,
>> struct cifs_ses *ses)
>> {
>> unsigned int tioffset; /* challenge message target info area */
>> @@ -415,7 +415,7 @@ static int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len,
>>
>> /* We do not malloc the blob, it is passed in pbuffer, because
>> it is fixed size, and small, making this approach cleaner */
>> -static void build_ntlmssp_negotiate_blob(unsigned char *pbuffer,
>> +void build_ntlmssp_negotiate_blob(unsigned char *pbuffer,
>> struct cifs_ses *ses)
>> {
>> NEGOTIATE_MESSAGE *sec_blob = (NEGOTIATE_MESSAGE *)pbuffer;
>> @@ -451,7 +451,7 @@ static void build_ntlmssp_negotiate_blob(unsigned char *pbuffer,
>> /* We do not malloc the blob, it is passed in pbuffer, because its
>> maximum possible size is fixed and small, making this approach cleaner.
>> This function returns the length of the data in the blob */
>> -static int build_ntlmssp_auth_blob(unsigned char *pbuffer,
>> +int build_ntlmssp_auth_blob(unsigned char *pbuffer,
>> u16 *buflen,
>> struct cifs_ses *ses,
>> const struct nls_table *nls_cp)
>> diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c
>> index e4dede4..10729a7 100644
>> --- a/fs/cifs/smb2misc.c
>> +++ b/fs/cifs/smb2misc.c
>> @@ -224,6 +224,11 @@ smb2_get_data_area_len(int *off, int *len, struct smb2_hdr *hdr)
>> ((struct smb2_negotiate_rsp *)hdr)->SecurityBufferLength);
>> break;
>> case SMB2_SESSION_SETUP:
>> + *off = le16_to_cpu(
>> + ((struct smb2_sess_setup_rsp *)hdr)->SecurityBufferOffset);
>> + *len = le16_to_cpu(
>> + ((struct smb2_sess_setup_rsp *)hdr)->SecurityBufferLength);
>> + break;
>> case SMB2_CREATE:
>> case SMB2_READ:
>> case SMB2_QUERY_INFO:
>> diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
>> index 2b5232b..0057861 100644
>> --- a/fs/cifs/smb2ops.c
>> +++ b/fs/cifs/smb2ops.c
>> @@ -170,6 +170,8 @@ struct smb_version_operations smb21_operations = {
>> .dump_detail = smb2_dump_detail,
>> .need_neg = smb2_need_neg,
>> .negotiate = smb2_negotiate,
>> + .sess_setup = SMB2_sess_setup,
>> + .logoff = SMB2_logoff,
>> };
>>
>> struct smb_version_values smb21_values = {
>> diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
>> index 719e4c4..2165f0d 100644
>> --- a/fs/cifs/smb2pdu.c
>> +++ b/fs/cifs/smb2pdu.c
>> @@ -328,3 +328,224 @@ neg_exit:
>> free_rsp_buf(resp_buftype, rsp);
>> return rc;
>> }
>> +
>> +int
>> +SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses,
>> + const struct nls_table *nls_cp)
>> +{
>> + struct smb2_sess_setup_req *req;
>> + struct smb2_sess_setup_rsp *rsp = NULL;
>> + struct kvec iov[2];
>> + int rc = 0;
>> + int resp_buftype;
>> + __le32 phase = NtLmNegotiate; /* NTLMSSP, if needed, is multistage */
>> + struct TCP_Server_Info *server;
>> + unsigned int sec_flags;
>> + u8 temp = 0;
>> + u16 blob_length = 0;
>> + char *security_blob;
>> + char *ntlmssp_blob = NULL;
>> + bool use_spnego = false; /* else use raw ntlmssp */
>> +
>> + cFYI(1, "Session Setup");
>> +
>> + if (ses->server)
>> + server = ses->server;
>> + else {
>> + rc = -EIO;
>> + return rc;
>> + }
>> +
>> + /*
>> + * If memory allocation is successful, caller of this function
>> + * frees it.
>> + */
>> + ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL);
>> + if (!ses->ntlmssp)
>> + return -ENOMEM;
>> +
>> + ses->server->secType = RawNTLMSSP;
>> +
>> +ssetup_ntlmssp_authenticate:
>> + if (phase == NtLmChallenge)
>> + phase = NtLmAuthenticate; /* if ntlmssp, now final phase */
>> +
>> + rc = small_smb2_init(SMB2_SESSION_SETUP, NULL, (void **) &req);
>> + if (rc)
>> + return rc;
>> +
>> + /* if any of auth flags (ie not sign or seal) are overriden use them */
>> + if (ses->overrideSecFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL)))
>> + sec_flags = ses->overrideSecFlg; /* BB FIXME fix sign flags?*/
>> + else /* if override flags set only sign/seal OR them with global auth */
>> + sec_flags = global_secflags | ses->overrideSecFlg;
>> +
>> + cFYI(1, "sec_flags 0x%x", sec_flags);
>> +
>> + req->hdr.SessionId = 0; /* First session, not a reauthenticate */
>> + req->VcNumber = 0; /* MBZ */
>> + /* to enable echos and oplocks */
>> + req->hdr.CreditRequest = cpu_to_le16(3);
>> +
>> + /* only one of SMB2 signing flags may be set in SMB2 request */
>> + if ((sec_flags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN)
>> + temp = SMB2_NEGOTIATE_SIGNING_REQUIRED;
>> + else if (ses->server->sec_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED)
>> + temp = SMB2_NEGOTIATE_SIGNING_REQUIRED;
>> + else if (sec_flags & CIFSSEC_MAY_SIGN) /* MAY_SIGN is a single flag */
>> + temp = SMB2_NEGOTIATE_SIGNING_ENABLED;
>> +
>> + req->SecurityMode = temp;
> ^^^^
> Endianness?
it is one byte only:
__u8 SecurityMode;
>
>> + req->Capabilities = 0;
>> + req->Channel = 0; /* MBZ */
>> +
>> + iov[0].iov_base = (char *)req;
>> + /* 4 for rfc1002 length field and 1 for pad */
>> + iov[0].iov_len = get_rfc1002_length(req) + 4 - 1;
>> + if (phase == NtLmNegotiate) {
>> + ntlmssp_blob = kmalloc(sizeof(struct _NEGOTIATE_MESSAGE),
>> + GFP_KERNEL);
>> + if (ntlmssp_blob == NULL) {
>> + rc = -ENOMEM;
>> + goto ssetup_exit;
>> + }
>> + build_ntlmssp_negotiate_blob(ntlmssp_blob, ses);
>> + if (use_spnego) {
>> + /* blob_length = build_spnego_ntlmssp_blob(
>> + &security_blob,
>> + sizeof(struct _NEGOTIATE_MESSAGE),
>> + ntlmssp_blob); */
>> + /* BB eventually need to add this */
>> + cERROR(1, "spnego not supported for SMB2 yet");
>> + rc = -EOPNOTSUPP;
>> + kfree(ntlmssp_blob);
>> + goto ssetup_exit;
>> + } else {
>> + blob_length = sizeof(struct _NEGOTIATE_MESSAGE);
>> + /* with raw NTLMSSP we don't encapsulate in SPNEGO */
>> + security_blob = ntlmssp_blob;
>> + }
>> + } else if (phase == NtLmAuthenticate) {
>> + req->hdr.SessionId = ses->Suid;
>> + ntlmssp_blob = kzalloc(sizeof(struct _NEGOTIATE_MESSAGE) + 500,
>> + GFP_KERNEL);
>> + if (ntlmssp_blob == NULL) {
>> + cERROR(1, "failed to malloc ntlmssp blob");
>> + rc = -ENOMEM;
>> + goto ssetup_exit;
>> + }
>> + rc = build_ntlmssp_auth_blob(ntlmssp_blob, &blob_length, ses,
>> + nls_cp);
>> + if (rc) {
>> + cFYI(1, "build_ntlmssp_auth_blob failed %d", rc);
>> + goto ssetup_exit; /* BB double check error handling */
>> + }
>> + if (use_spnego) {
>> + /* blob_length = build_spnego_ntlmssp_blob(
>> + &security_blob,
>> + blob_length,
>> + ntlmssp_blob); */
>> + cERROR(1, "spnego not supported for SMB2 yet");
>> + rc = -EOPNOTSUPP;
>> + kfree(ntlmssp_blob);
>> + goto ssetup_exit;
>> + } else {
>> + security_blob = ntlmssp_blob;
>> + }
>> + } else {
>> + cERROR(1, "illegal ntlmssp phase");
>> + rc = -EIO;
>> + goto ssetup_exit;
>> + }
>> +
>> + /* Testing shows that buffer offset must be at location of Buffer[0] */
>> + req->SecurityBufferOffset =
>> + cpu_to_le16(sizeof(struct smb2_sess_setup_req) -
>> + 1 /* pad */ - 4 /* rfc1001 len */);
>> + req->SecurityBufferLength = cpu_to_le16(blob_length);
>> + iov[1].iov_base = security_blob;
>> + iov[1].iov_len = blob_length;
>> +
>> + inc_rfc1001_len(req, blob_length - 1 /* pad */);
>> +
>> + /* BB add code to build os and lm fields */
>> +
>> + rc = SendReceive2(xid, ses, iov, 2, &resp_buftype, CIFS_LOG_ERROR);
>> +
>> + kfree(security_blob);
>> + rsp = (struct smb2_sess_setup_rsp *)iov[0].iov_base;
>> + if (rsp->hdr.Status == STATUS_MORE_PROCESSING_REQUIRED) {
>> + if (phase != NtLmNegotiate) {
>> + cERROR(1, "Unexpected more processing error");
>> + goto ssetup_exit;
>> + }
>> + if (offsetof(struct smb2_sess_setup_rsp, Buffer) - 4 !=
>> + le16_to_cpu(rsp->SecurityBufferOffset)) {
>> + cERROR(1, "Invalid security buffer offset %d",
>> + le16_to_cpu(rsp->SecurityBufferOffset));
>> + rc = -EIO;
>> + goto ssetup_exit;
>> + }
>> +
>> + /* NTLMSSP Negotiate sent now processing challenge (response) */
>> + phase = NtLmChallenge; /* process ntlmssp challenge */
>> + rc = 0; /* MORE_PROCESSING is not an error here but expected */
>> + ses->Suid = rsp->hdr.SessionId;
>> + rc = decode_ntlmssp_challenge(rsp->Buffer,
>> + le16_to_cpu(rsp->SecurityBufferLength), ses);
>> + }
>> +
>> + /*
>> + * BB eventually add code for SPNEGO decoding of NtlmChallenge blob,
>> + * but at least the raw NTLMSSP case works.
>> + */
>> + /*
>> + * No tcon so can't do
>> + * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]);
>> + */
>> + if (rc != 0)
>> + goto ssetup_exit;
>> +
>> + if (rsp == NULL) {
>> + rc = -EIO;
>> + goto ssetup_exit;
>> + }
>> +
>> + ses->session_flags = le16_to_cpu(rsp->SessionFlags);
>> +ssetup_exit:
>> + free_rsp_buf(resp_buftype, rsp);
>> +
>> + /* if ntlmssp, and negotiate succeeded, proceed to authenticate phase */
>> + if ((phase == NtLmChallenge) && (rc == 0))
>> + goto ssetup_ntlmssp_authenticate;
>> + return rc;
>> +}
>> +
>> +int
>> +SMB2_logoff(const unsigned int xid, struct cifs_ses *ses)
>> +{
>> + struct smb2_logoff_req *req; /* response is also trivial struct */
>> + int rc = 0;
>> + struct TCP_Server_Info *server;
>> +
>> + cFYI(1, "disconnect session %p", ses);
>> +
>> + if (ses && (ses->server))
>> + server = ses->server;
>> + else
>> + return -EIO;
>> +
>> + rc = small_smb2_init(SMB2_LOGOFF, NULL, (void **) &req);
>> + if (rc)
>> + return rc;
>> +
>> + /* since no tcon, smb2_init can not do this, so do here */
>> + req->hdr.SessionId = ses->Suid;
>> +
>> + rc = SendReceiveNoRsp(xid, ses, (char *) &req->hdr, 0);
>> + /*
>> + * No tcon so can't do
>> + * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]);
>> + */
>> + return rc;
>> +}
>> diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h
>> index ef8dae2..26af68b 100644
>> --- a/fs/cifs/smb2pdu.h
>> +++ b/fs/cifs/smb2pdu.h
>> @@ -187,4 +187,41 @@ struct smb2_negotiate_rsp {
>> __u8 Buffer[1]; /* variable length GSS security buffer */
>> } __packed;
>>
>> +struct smb2_sess_setup_req {
>> + struct smb2_hdr hdr;
>> + __le16 StructureSize; /* Must be 25 */
>> + __u8 VcNumber;
>> + __u8 SecurityMode;
>> + __le32 Capabilities;
>> + __le32 Channel;
>> + __le16 SecurityBufferOffset;
>> + __le16 SecurityBufferLength;
>> + __le64 PreviousSessionId;
>> + __u8 Buffer[1]; /* variable length GSS security buffer */
>> +} __packed;
>> +
>> +/* Currently defined SessionFlags */
>> +#define SMB2_SESSION_FLAG_IS_GUEST 0x0001
>> +#define SMB2_SESSION_FLAG_IS_NULL 0x0002
>> +struct smb2_sess_setup_rsp {
>> + struct smb2_hdr hdr;
>> + __le16 StructureSize; /* Must be 9 */
>> + __le16 SessionFlags;
>> + __le16 SecurityBufferOffset;
>> + __le16 SecurityBufferLength;
>> + __u8 Buffer[1]; /* variable length GSS security buffer */
>> +} __packed;
>> +
>> +struct smb2_logoff_req {
>> + struct smb2_hdr hdr;
>> + __le16 StructureSize; /* Must be 4 */
>> + __le16 Reserved;
>> +} __packed;
>> +
>> +struct smb2_logoff_rsp {
>> + struct smb2_hdr hdr;
>> + __le16 StructureSize; /* Must be 4 */
>> + __le16 Reserved;
>> +} __packed;
>> +
>> #endif /* _SMB2PDU_H */
>> diff --git a/fs/cifs/smb2proto.h b/fs/cifs/smb2proto.h
>> index 8817670..9364fbc 100644
>> --- a/fs/cifs/smb2proto.h
>> +++ b/fs/cifs/smb2proto.h
>> @@ -47,5 +47,8 @@ extern int smb2_setup_request(struct cifs_ses *ses, struct kvec *iov,
>> * are contained within these calls.
>> */
>> extern int SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses);
>> +extern int SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses,
>> + const struct nls_table *nls_cp);
>> +extern int SMB2_logoff(const unsigned int xid, struct cifs_ses *ses);
>>
>> #endif /* _SMB2PROTO_H */
>
>
> --
> Jeff Layton <jlayton@xxxxxxxxxxxxxxx>
--
Best regards,
Pavel Shilovsky.
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
