Commit | Line | Data |
---|---|---|
2dc7e1c0 PS |
1 | /* |
2 | * fs/cifs/smb2transport.c | |
3 | * | |
4 | * Copyright (C) International Business Machines Corp., 2002, 2011 | |
5 | * Etersoft, 2012 | |
6 | * Author(s): Steve French (sfrench@us.ibm.com) | |
7 | * Jeremy Allison (jra@samba.org) 2006 | |
8 | * Pavel Shilovsky (pshilovsky@samba.org) 2012 | |
9 | * | |
10 | * This library is free software; you can redistribute it and/or modify | |
11 | * it under the terms of the GNU Lesser General Public License as published | |
12 | * by the Free Software Foundation; either version 2.1 of the License, or | |
13 | * (at your option) any later version. | |
14 | * | |
15 | * This library is distributed in the hope that it will be useful, | |
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See | |
18 | * the GNU Lesser General Public License for more details. | |
19 | * | |
20 | * You should have received a copy of the GNU Lesser General Public License | |
21 | * along with this library; if not, write to the Free Software | |
22 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
23 | */ | |
24 | ||
25 | #include <linux/fs.h> | |
26 | #include <linux/list.h> | |
27 | #include <linux/wait.h> | |
28 | #include <linux/net.h> | |
29 | #include <linux/delay.h> | |
30 | #include <linux/uaccess.h> | |
31 | #include <asm/processor.h> | |
32 | #include <linux/mempool.h> | |
fb308a6f | 33 | #include <linux/highmem.h> |
2dc7e1c0 PS |
34 | #include "smb2pdu.h" |
35 | #include "cifsglob.h" | |
36 | #include "cifsproto.h" | |
37 | #include "smb2proto.h" | |
38 | #include "cifs_debug.h" | |
39 | #include "smb2status.h" | |
3c1bf7e4 PS |
40 | #include "smb2glob.h" |
41 | ||
95dc8dd1 SF |
42 | static int |
43 | smb2_crypto_shash_allocate(struct TCP_Server_Info *server) | |
44 | { | |
ba482029 | 45 | int rc; |
95dc8dd1 SF |
46 | unsigned int size; |
47 | ||
48 | if (server->secmech.sdeschmacsha256 != NULL) | |
49 | return 0; /* already allocated */ | |
50 | ||
51 | server->secmech.hmacsha256 = crypto_alloc_shash("hmac(sha256)", 0, 0); | |
52 | if (IS_ERR(server->secmech.hmacsha256)) { | |
53 | cifs_dbg(VFS, "could not allocate crypto hmacsha256\n"); | |
ba482029 JL |
54 | rc = PTR_ERR(server->secmech.hmacsha256); |
55 | server->secmech.hmacsha256 = NULL; | |
56 | return rc; | |
95dc8dd1 SF |
57 | } |
58 | ||
59 | size = sizeof(struct shash_desc) + | |
60 | crypto_shash_descsize(server->secmech.hmacsha256); | |
61 | server->secmech.sdeschmacsha256 = kmalloc(size, GFP_KERNEL); | |
62 | if (!server->secmech.sdeschmacsha256) { | |
63 | crypto_free_shash(server->secmech.hmacsha256); | |
64 | server->secmech.hmacsha256 = NULL; | |
65 | return -ENOMEM; | |
66 | } | |
67 | server->secmech.sdeschmacsha256->shash.tfm = server->secmech.hmacsha256; | |
68 | server->secmech.sdeschmacsha256->shash.flags = 0x0; | |
69 | ||
70 | return 0; | |
71 | } | |
72 | ||
73 | static int | |
74 | smb3_crypto_shash_allocate(struct TCP_Server_Info *server) | |
75 | { | |
76 | unsigned int size; | |
77 | int rc; | |
78 | ||
79 | if (server->secmech.sdesccmacaes != NULL) | |
80 | return 0; /* already allocated */ | |
81 | ||
82 | rc = smb2_crypto_shash_allocate(server); | |
83 | if (rc) | |
84 | return rc; | |
85 | ||
86 | server->secmech.cmacaes = crypto_alloc_shash("cmac(aes)", 0, 0); | |
87 | if (IS_ERR(server->secmech.cmacaes)) { | |
88 | cifs_dbg(VFS, "could not allocate crypto cmac-aes"); | |
89 | kfree(server->secmech.sdeschmacsha256); | |
90 | server->secmech.sdeschmacsha256 = NULL; | |
91 | crypto_free_shash(server->secmech.hmacsha256); | |
92 | server->secmech.hmacsha256 = NULL; | |
ba482029 JL |
93 | rc = PTR_ERR(server->secmech.cmacaes); |
94 | server->secmech.cmacaes = NULL; | |
95 | return rc; | |
95dc8dd1 SF |
96 | } |
97 | ||
98 | size = sizeof(struct shash_desc) + | |
99 | crypto_shash_descsize(server->secmech.cmacaes); | |
100 | server->secmech.sdesccmacaes = kmalloc(size, GFP_KERNEL); | |
101 | if (!server->secmech.sdesccmacaes) { | |
102 | cifs_dbg(VFS, "%s: Can't alloc cmacaes\n", __func__); | |
103 | kfree(server->secmech.sdeschmacsha256); | |
104 | server->secmech.sdeschmacsha256 = NULL; | |
105 | crypto_free_shash(server->secmech.hmacsha256); | |
106 | crypto_free_shash(server->secmech.cmacaes); | |
107 | server->secmech.hmacsha256 = NULL; | |
108 | server->secmech.cmacaes = NULL; | |
109 | return -ENOMEM; | |
110 | } | |
111 | server->secmech.sdesccmacaes->shash.tfm = server->secmech.cmacaes; | |
112 | server->secmech.sdesccmacaes->shash.flags = 0x0; | |
113 | ||
114 | return 0; | |
115 | } | |
116 | ||
32811d24 SP |
117 | static struct cifs_ses * |
118 | smb2_find_smb_ses(struct smb2_hdr *smb2hdr, struct TCP_Server_Info *server) | |
119 | { | |
120 | struct cifs_ses *ses; | |
121 | ||
122 | spin_lock(&cifs_tcp_ses_lock); | |
123 | list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) { | |
124 | if (ses->Suid != smb2hdr->SessionId) | |
125 | continue; | |
126 | spin_unlock(&cifs_tcp_ses_lock); | |
127 | return ses; | |
128 | } | |
129 | spin_unlock(&cifs_tcp_ses_lock); | |
130 | ||
131 | return NULL; | |
132 | } | |
133 | ||
95dc8dd1 | 134 | |
38107d45 | 135 | int |
0b688cfc | 136 | smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server) |
3c1bf7e4 PS |
137 | { |
138 | int i, rc; | |
139 | unsigned char smb2_signature[SMB2_HMACSHA256_SIZE]; | |
140 | unsigned char *sigptr = smb2_signature; | |
0b688cfc JL |
141 | struct kvec *iov = rqst->rq_iov; |
142 | int n_vec = rqst->rq_nvec; | |
3c1bf7e4 | 143 | struct smb2_hdr *smb2_pdu = (struct smb2_hdr *)iov[0].iov_base; |
32811d24 SP |
144 | struct cifs_ses *ses; |
145 | ||
146 | ses = smb2_find_smb_ses(smb2_pdu, server); | |
147 | if (!ses) { | |
148 | cifs_dbg(VFS, "%s: Could not find session\n", __func__); | |
149 | return 0; | |
150 | } | |
3c1bf7e4 PS |
151 | |
152 | memset(smb2_signature, 0x0, SMB2_HMACSHA256_SIZE); | |
153 | memset(smb2_pdu->Signature, 0x0, SMB2_SIGNATURE_SIZE); | |
154 | ||
95dc8dd1 SF |
155 | rc = smb2_crypto_shash_allocate(server); |
156 | if (rc) { | |
157 | cifs_dbg(VFS, "%s: shah256 alloc failed\n", __func__); | |
158 | return rc; | |
159 | } | |
160 | ||
3c1bf7e4 | 161 | rc = crypto_shash_setkey(server->secmech.hmacsha256, |
32811d24 | 162 | ses->auth_key.response, SMB2_NTLMV2_SESSKEY_SIZE); |
3c1bf7e4 | 163 | if (rc) { |
f96637be | 164 | cifs_dbg(VFS, "%s: Could not update with response\n", __func__); |
3c1bf7e4 PS |
165 | return rc; |
166 | } | |
167 | ||
168 | rc = crypto_shash_init(&server->secmech.sdeschmacsha256->shash); | |
169 | if (rc) { | |
95dc8dd1 | 170 | cifs_dbg(VFS, "%s: Could not init sha256", __func__); |
3c1bf7e4 PS |
171 | return rc; |
172 | } | |
173 | ||
174 | for (i = 0; i < n_vec; i++) { | |
175 | if (iov[i].iov_len == 0) | |
176 | continue; | |
177 | if (iov[i].iov_base == NULL) { | |
f96637be | 178 | cifs_dbg(VFS, "null iovec entry\n"); |
3c1bf7e4 PS |
179 | return -EIO; |
180 | } | |
181 | /* | |
182 | * The first entry includes a length field (which does not get | |
183 | * signed that occupies the first 4 bytes before the header). | |
184 | */ | |
185 | if (i == 0) { | |
186 | if (iov[0].iov_len <= 8) /* cmd field at offset 9 */ | |
187 | break; /* nothing to sign or corrupt header */ | |
188 | rc = | |
189 | crypto_shash_update( | |
190 | &server->secmech.sdeschmacsha256->shash, | |
191 | iov[i].iov_base + 4, iov[i].iov_len - 4); | |
192 | } else { | |
193 | rc = | |
194 | crypto_shash_update( | |
195 | &server->secmech.sdeschmacsha256->shash, | |
196 | iov[i].iov_base, iov[i].iov_len); | |
197 | } | |
198 | if (rc) { | |
f96637be JP |
199 | cifs_dbg(VFS, "%s: Could not update with payload\n", |
200 | __func__); | |
3c1bf7e4 PS |
201 | return rc; |
202 | } | |
203 | } | |
204 | ||
fb308a6f JL |
205 | /* now hash over the rq_pages array */ |
206 | for (i = 0; i < rqst->rq_npages; i++) { | |
207 | struct kvec p_iov; | |
208 | ||
209 | cifs_rqst_page_to_kvec(rqst, i, &p_iov); | |
210 | crypto_shash_update(&server->secmech.sdeschmacsha256->shash, | |
211 | p_iov.iov_base, p_iov.iov_len); | |
212 | kunmap(rqst->rq_pages[i]); | |
213 | } | |
214 | ||
3c1bf7e4 PS |
215 | rc = crypto_shash_final(&server->secmech.sdeschmacsha256->shash, |
216 | sigptr); | |
217 | if (rc) | |
f96637be | 218 | cifs_dbg(VFS, "%s: Could not generate sha256 hash\n", __func__); |
3c1bf7e4 PS |
219 | |
220 | memcpy(smb2_pdu->Signature, sigptr, SMB2_SIGNATURE_SIZE); | |
221 | ||
222 | return rc; | |
223 | } | |
224 | ||
373512ec SF |
225 | static int generate_key(struct cifs_ses *ses, struct kvec label, |
226 | struct kvec context, __u8 *key, unsigned int key_size) | |
429b46f4 SF |
227 | { |
228 | unsigned char zero = 0x0; | |
229 | __u8 i[4] = {0, 0, 0, 1}; | |
230 | __u8 L[4] = {0, 0, 0, 128}; | |
231 | int rc = 0; | |
232 | unsigned char prfhash[SMB2_HMACSHA256_SIZE]; | |
233 | unsigned char *hashptr = prfhash; | |
234 | ||
235 | memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE); | |
373512ec | 236 | memset(key, 0x0, key_size); |
429b46f4 | 237 | |
32811d24 | 238 | rc = smb3_crypto_shash_allocate(ses->server); |
95dc8dd1 SF |
239 | if (rc) { |
240 | cifs_dbg(VFS, "%s: crypto alloc failed\n", __func__); | |
241 | goto smb3signkey_ret; | |
242 | } | |
243 | ||
32811d24 SP |
244 | rc = crypto_shash_setkey(ses->server->secmech.hmacsha256, |
245 | ses->auth_key.response, SMB2_NTLMV2_SESSKEY_SIZE); | |
429b46f4 SF |
246 | if (rc) { |
247 | cifs_dbg(VFS, "%s: Could not set with session key\n", __func__); | |
248 | goto smb3signkey_ret; | |
249 | } | |
250 | ||
32811d24 | 251 | rc = crypto_shash_init(&ses->server->secmech.sdeschmacsha256->shash); |
429b46f4 SF |
252 | if (rc) { |
253 | cifs_dbg(VFS, "%s: Could not init sign hmac\n", __func__); | |
254 | goto smb3signkey_ret; | |
255 | } | |
256 | ||
32811d24 | 257 | rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash, |
429b46f4 SF |
258 | i, 4); |
259 | if (rc) { | |
260 | cifs_dbg(VFS, "%s: Could not update with n\n", __func__); | |
261 | goto smb3signkey_ret; | |
262 | } | |
263 | ||
32811d24 | 264 | rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash, |
373512ec | 265 | label.iov_base, label.iov_len); |
429b46f4 SF |
266 | if (rc) { |
267 | cifs_dbg(VFS, "%s: Could not update with label\n", __func__); | |
268 | goto smb3signkey_ret; | |
269 | } | |
270 | ||
32811d24 | 271 | rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash, |
429b46f4 SF |
272 | &zero, 1); |
273 | if (rc) { | |
274 | cifs_dbg(VFS, "%s: Could not update with zero\n", __func__); | |
275 | goto smb3signkey_ret; | |
276 | } | |
277 | ||
32811d24 | 278 | rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash, |
373512ec | 279 | context.iov_base, context.iov_len); |
429b46f4 SF |
280 | if (rc) { |
281 | cifs_dbg(VFS, "%s: Could not update with context\n", __func__); | |
282 | goto smb3signkey_ret; | |
283 | } | |
284 | ||
32811d24 | 285 | rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash, |
429b46f4 SF |
286 | L, 4); |
287 | if (rc) { | |
288 | cifs_dbg(VFS, "%s: Could not update with L\n", __func__); | |
289 | goto smb3signkey_ret; | |
290 | } | |
291 | ||
32811d24 | 292 | rc = crypto_shash_final(&ses->server->secmech.sdeschmacsha256->shash, |
429b46f4 SF |
293 | hashptr); |
294 | if (rc) { | |
295 | cifs_dbg(VFS, "%s: Could not generate sha256 hash\n", __func__); | |
296 | goto smb3signkey_ret; | |
297 | } | |
298 | ||
373512ec | 299 | memcpy(key, hashptr, key_size); |
429b46f4 SF |
300 | |
301 | smb3signkey_ret: | |
32811d24 | 302 | return rc; |
429b46f4 SF |
303 | } |
304 | ||
373512ec SF |
305 | struct derivation { |
306 | struct kvec label; | |
307 | struct kvec context; | |
308 | }; | |
309 | ||
310 | struct derivation_triplet { | |
311 | struct derivation signing; | |
312 | struct derivation encryption; | |
313 | struct derivation decryption; | |
314 | }; | |
315 | ||
316 | static int | |
317 | generate_smb3signingkey(struct cifs_ses *ses, | |
318 | const struct derivation_triplet *ptriplet) | |
319 | { | |
320 | int rc; | |
321 | ||
322 | rc = generate_key(ses, ptriplet->signing.label, | |
323 | ptriplet->signing.context, ses->smb3signingkey, | |
324 | SMB3_SIGN_KEY_SIZE); | |
325 | if (rc) | |
326 | return rc; | |
327 | ||
328 | rc = generate_key(ses, ptriplet->encryption.label, | |
329 | ptriplet->encryption.context, ses->smb3encryptionkey, | |
330 | SMB3_SIGN_KEY_SIZE); | |
331 | if (rc) | |
332 | return rc; | |
333 | ||
334 | return generate_key(ses, ptriplet->decryption.label, | |
335 | ptriplet->decryption.context, | |
336 | ses->smb3decryptionkey, SMB3_SIGN_KEY_SIZE); | |
337 | } | |
338 | ||
339 | int | |
340 | generate_smb30signingkey(struct cifs_ses *ses) | |
341 | ||
342 | { | |
343 | struct derivation_triplet triplet; | |
344 | struct derivation *d; | |
345 | ||
346 | d = &triplet.signing; | |
347 | d->label.iov_base = "SMB2AESCMAC"; | |
348 | d->label.iov_len = 12; | |
349 | d->context.iov_base = "SmbSign"; | |
350 | d->context.iov_len = 8; | |
351 | ||
352 | d = &triplet.encryption; | |
353 | d->label.iov_base = "SMB2AESCCM"; | |
354 | d->label.iov_len = 11; | |
355 | d->context.iov_base = "ServerIn "; | |
356 | d->context.iov_len = 10; | |
357 | ||
358 | d = &triplet.decryption; | |
359 | d->label.iov_base = "SMB2AESCCM"; | |
360 | d->label.iov_len = 11; | |
361 | d->context.iov_base = "ServerOut"; | |
362 | d->context.iov_len = 10; | |
363 | ||
364 | return generate_smb3signingkey(ses, &triplet); | |
365 | } | |
366 | ||
367 | int | |
368 | generate_smb311signingkey(struct cifs_ses *ses) | |
369 | ||
370 | { | |
371 | struct derivation_triplet triplet; | |
372 | struct derivation *d; | |
373 | ||
374 | d = &triplet.signing; | |
375 | d->label.iov_base = "SMB2AESCMAC"; | |
376 | d->label.iov_len = 12; | |
377 | d->context.iov_base = "SmbSign"; | |
378 | d->context.iov_len = 8; | |
379 | ||
380 | d = &triplet.encryption; | |
381 | d->label.iov_base = "SMB2AESCCM"; | |
382 | d->label.iov_len = 11; | |
383 | d->context.iov_base = "ServerIn "; | |
384 | d->context.iov_len = 10; | |
385 | ||
386 | d = &triplet.decryption; | |
387 | d->label.iov_base = "SMB2AESCCM"; | |
388 | d->label.iov_len = 11; | |
389 | d->context.iov_base = "ServerOut"; | |
390 | d->context.iov_len = 10; | |
391 | ||
392 | return generate_smb3signingkey(ses, &triplet); | |
393 | } | |
394 | ||
38107d45 SF |
395 | int |
396 | smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server) | |
397 | { | |
32811d24 SP |
398 | int i; |
399 | int rc = 0; | |
429b46f4 SF |
400 | unsigned char smb3_signature[SMB2_CMACAES_SIZE]; |
401 | unsigned char *sigptr = smb3_signature; | |
402 | struct kvec *iov = rqst->rq_iov; | |
403 | int n_vec = rqst->rq_nvec; | |
404 | struct smb2_hdr *smb2_pdu = (struct smb2_hdr *)iov[0].iov_base; | |
32811d24 SP |
405 | struct cifs_ses *ses; |
406 | ||
407 | ses = smb2_find_smb_ses(smb2_pdu, server); | |
408 | if (!ses) { | |
409 | cifs_dbg(VFS, "%s: Could not find session\n", __func__); | |
410 | return 0; | |
411 | } | |
429b46f4 SF |
412 | |
413 | memset(smb3_signature, 0x0, SMB2_CMACAES_SIZE); | |
414 | memset(smb2_pdu->Signature, 0x0, SMB2_SIGNATURE_SIZE); | |
415 | ||
416 | rc = crypto_shash_setkey(server->secmech.cmacaes, | |
32811d24 SP |
417 | ses->smb3signingkey, SMB2_CMACAES_SIZE); |
418 | ||
429b46f4 SF |
419 | if (rc) { |
420 | cifs_dbg(VFS, "%s: Could not set key for cmac aes\n", __func__); | |
421 | return rc; | |
422 | } | |
423 | ||
95dc8dd1 SF |
424 | /* |
425 | * we already allocate sdesccmacaes when we init smb3 signing key, | |
426 | * so unlike smb2 case we do not have to check here if secmech are | |
427 | * initialized | |
428 | */ | |
429b46f4 SF |
429 | rc = crypto_shash_init(&server->secmech.sdesccmacaes->shash); |
430 | if (rc) { | |
431 | cifs_dbg(VFS, "%s: Could not init cmac aes\n", __func__); | |
432 | return rc; | |
433 | } | |
434 | ||
435 | for (i = 0; i < n_vec; i++) { | |
436 | if (iov[i].iov_len == 0) | |
437 | continue; | |
438 | if (iov[i].iov_base == NULL) { | |
439 | cifs_dbg(VFS, "null iovec entry"); | |
440 | return -EIO; | |
441 | } | |
442 | /* | |
443 | * The first entry includes a length field (which does not get | |
444 | * signed that occupies the first 4 bytes before the header). | |
445 | */ | |
446 | if (i == 0) { | |
447 | if (iov[0].iov_len <= 8) /* cmd field at offset 9 */ | |
448 | break; /* nothing to sign or corrupt header */ | |
449 | rc = | |
450 | crypto_shash_update( | |
451 | &server->secmech.sdesccmacaes->shash, | |
452 | iov[i].iov_base + 4, iov[i].iov_len - 4); | |
453 | } else { | |
454 | rc = | |
455 | crypto_shash_update( | |
456 | &server->secmech.sdesccmacaes->shash, | |
457 | iov[i].iov_base, iov[i].iov_len); | |
458 | } | |
459 | if (rc) { | |
460 | cifs_dbg(VFS, "%s: Couldn't update cmac aes with payload\n", | |
461 | __func__); | |
462 | return rc; | |
463 | } | |
464 | } | |
465 | ||
466 | /* now hash over the rq_pages array */ | |
467 | for (i = 0; i < rqst->rq_npages; i++) { | |
468 | struct kvec p_iov; | |
469 | ||
470 | cifs_rqst_page_to_kvec(rqst, i, &p_iov); | |
471 | crypto_shash_update(&server->secmech.sdesccmacaes->shash, | |
472 | p_iov.iov_base, p_iov.iov_len); | |
473 | kunmap(rqst->rq_pages[i]); | |
474 | } | |
475 | ||
476 | rc = crypto_shash_final(&server->secmech.sdesccmacaes->shash, | |
477 | sigptr); | |
478 | if (rc) | |
479 | cifs_dbg(VFS, "%s: Could not generate cmac aes\n", __func__); | |
480 | ||
481 | memcpy(smb2_pdu->Signature, sigptr, SMB2_SIGNATURE_SIZE); | |
482 | ||
483 | return rc; | |
38107d45 SF |
484 | } |
485 | ||
3c1bf7e4 PS |
486 | /* must be called with server->srv_mutex held */ |
487 | static int | |
0b688cfc | 488 | smb2_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server) |
3c1bf7e4 PS |
489 | { |
490 | int rc = 0; | |
0b688cfc | 491 | struct smb2_hdr *smb2_pdu = rqst->rq_iov[0].iov_base; |
3c1bf7e4 PS |
492 | |
493 | if (!(smb2_pdu->Flags & SMB2_FLAGS_SIGNED) || | |
494 | server->tcpStatus == CifsNeedNegotiate) | |
495 | return rc; | |
496 | ||
497 | if (!server->session_estab) { | |
498 | strncpy(smb2_pdu->Signature, "BSRSPYL", 8); | |
499 | return rc; | |
500 | } | |
501 | ||
38107d45 | 502 | rc = server->ops->calc_signature(rqst, server); |
3c1bf7e4 PS |
503 | |
504 | return rc; | |
505 | } | |
506 | ||
507 | int | |
0b688cfc | 508 | smb2_verify_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server) |
3c1bf7e4 PS |
509 | { |
510 | unsigned int rc; | |
511 | char server_response_sig[16]; | |
0b688cfc | 512 | struct smb2_hdr *smb2_pdu = (struct smb2_hdr *)rqst->rq_iov[0].iov_base; |
3c1bf7e4 PS |
513 | |
514 | if ((smb2_pdu->Command == SMB2_NEGOTIATE) || | |
32811d24 | 515 | (smb2_pdu->Command == SMB2_SESSION_SETUP) || |
3c1bf7e4 PS |
516 | (smb2_pdu->Command == SMB2_OPLOCK_BREAK) || |
517 | (!server->session_estab)) | |
518 | return 0; | |
519 | ||
520 | /* | |
521 | * BB what if signatures are supposed to be on for session but | |
522 | * server does not send one? BB | |
523 | */ | |
524 | ||
525 | /* Do not need to verify session setups with signature "BSRSPYL " */ | |
526 | if (memcmp(smb2_pdu->Signature, "BSRSPYL ", 8) == 0) | |
f96637be JP |
527 | cifs_dbg(FYI, "dummy signature received for smb command 0x%x\n", |
528 | smb2_pdu->Command); | |
3c1bf7e4 PS |
529 | |
530 | /* | |
531 | * Save off the origiginal signature so we can modify the smb and check | |
532 | * our calculated signature against what the server sent. | |
533 | */ | |
534 | memcpy(server_response_sig, smb2_pdu->Signature, SMB2_SIGNATURE_SIZE); | |
535 | ||
536 | memset(smb2_pdu->Signature, 0, SMB2_SIGNATURE_SIZE); | |
537 | ||
538 | mutex_lock(&server->srv_mutex); | |
38107d45 | 539 | rc = server->ops->calc_signature(rqst, server); |
3c1bf7e4 PS |
540 | mutex_unlock(&server->srv_mutex); |
541 | ||
542 | if (rc) | |
543 | return rc; | |
544 | ||
545 | if (memcmp(server_response_sig, smb2_pdu->Signature, | |
546 | SMB2_SIGNATURE_SIZE)) | |
547 | return -EACCES; | |
548 | else | |
549 | return 0; | |
550 | } | |
551 | ||
2dc7e1c0 PS |
552 | /* |
553 | * Set message id for the request. Should be called after wait_for_free_request | |
554 | * and when srv_mutex is held. | |
555 | */ | |
556 | static inline void | |
557 | smb2_seq_num_into_buf(struct TCP_Server_Info *server, struct smb2_hdr *hdr) | |
558 | { | |
cb7e9eab PS |
559 | unsigned int i, num = le16_to_cpu(hdr->CreditCharge); |
560 | ||
3d378d3f | 561 | hdr->MessageId = get_next_mid64(server); |
cb7e9eab PS |
562 | /* skip message numbers according to CreditCharge field */ |
563 | for (i = 1; i < num; i++) | |
564 | get_next_mid(server); | |
2dc7e1c0 PS |
565 | } |
566 | ||
567 | static struct mid_q_entry * | |
568 | smb2_mid_entry_alloc(const struct smb2_hdr *smb_buffer, | |
569 | struct TCP_Server_Info *server) | |
570 | { | |
571 | struct mid_q_entry *temp; | |
572 | ||
573 | if (server == NULL) { | |
f96637be | 574 | cifs_dbg(VFS, "Null TCP session in smb2_mid_entry_alloc\n"); |
2dc7e1c0 PS |
575 | return NULL; |
576 | } | |
577 | ||
578 | temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS); | |
579 | if (temp == NULL) | |
580 | return temp; | |
581 | else { | |
582 | memset(temp, 0, sizeof(struct mid_q_entry)); | |
9235d098 | 583 | temp->mid = le64_to_cpu(smb_buffer->MessageId); |
2dc7e1c0 PS |
584 | temp->pid = current->pid; |
585 | temp->command = smb_buffer->Command; /* Always LE */ | |
586 | temp->when_alloc = jiffies; | |
587 | temp->server = server; | |
588 | ||
589 | /* | |
590 | * The default is for the mid to be synchronous, so the | |
591 | * default callback just wakes up the current task. | |
592 | */ | |
593 | temp->callback = cifs_wake_up_task; | |
594 | temp->callback_data = current; | |
595 | } | |
596 | ||
597 | atomic_inc(&midCount); | |
598 | temp->mid_state = MID_REQUEST_ALLOCATED; | |
599 | return temp; | |
600 | } | |
601 | ||
602 | static int | |
603 | smb2_get_mid_entry(struct cifs_ses *ses, struct smb2_hdr *buf, | |
604 | struct mid_q_entry **mid) | |
605 | { | |
606 | if (ses->server->tcpStatus == CifsExiting) | |
607 | return -ENOENT; | |
608 | ||
609 | if (ses->server->tcpStatus == CifsNeedReconnect) { | |
f96637be | 610 | cifs_dbg(FYI, "tcp session dead - return to caller to retry\n"); |
2dc7e1c0 PS |
611 | return -EAGAIN; |
612 | } | |
613 | ||
7f48558e | 614 | if (ses->status == CifsNew) { |
2dc7e1c0 PS |
615 | if ((buf->Command != SMB2_SESSION_SETUP) && |
616 | (buf->Command != SMB2_NEGOTIATE)) | |
617 | return -EAGAIN; | |
618 | /* else ok - we are setting up session */ | |
619 | } | |
7f48558e SP |
620 | |
621 | if (ses->status == CifsExiting) { | |
622 | if (buf->Command != SMB2_LOGOFF) | |
623 | return -EAGAIN; | |
624 | /* else ok - we are shutting down the session */ | |
625 | } | |
626 | ||
2dc7e1c0 PS |
627 | *mid = smb2_mid_entry_alloc(buf, ses->server); |
628 | if (*mid == NULL) | |
629 | return -ENOMEM; | |
630 | spin_lock(&GlobalMid_Lock); | |
631 | list_add_tail(&(*mid)->qhead, &ses->server->pending_mid_q); | |
632 | spin_unlock(&GlobalMid_Lock); | |
633 | return 0; | |
634 | } | |
635 | ||
636 | int | |
637 | smb2_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server, | |
638 | bool log_error) | |
639 | { | |
640 | unsigned int len = get_rfc1002_length(mid->resp_buf); | |
0b688cfc JL |
641 | struct kvec iov; |
642 | struct smb_rqst rqst = { .rq_iov = &iov, | |
643 | .rq_nvec = 1 }; | |
644 | ||
645 | iov.iov_base = (char *)mid->resp_buf; | |
646 | iov.iov_len = get_rfc1002_length(mid->resp_buf) + 4; | |
2dc7e1c0 PS |
647 | |
648 | dump_smb(mid->resp_buf, min_t(u32, 80, len)); | |
649 | /* convert the length into a more usable form */ | |
38d77c50 | 650 | if (len > 24 && server->sign) { |
3c1bf7e4 PS |
651 | int rc; |
652 | ||
0b688cfc | 653 | rc = smb2_verify_signature(&rqst, server); |
3c1bf7e4 | 654 | if (rc) |
f96637be JP |
655 | cifs_dbg(VFS, "SMB signature verification returned error = %d\n", |
656 | rc); | |
3c1bf7e4 | 657 | } |
2dc7e1c0 PS |
658 | |
659 | return map_smb2_to_linux_error(mid->resp_buf, log_error); | |
660 | } | |
661 | ||
fec344e3 JL |
662 | struct mid_q_entry * |
663 | smb2_setup_request(struct cifs_ses *ses, struct smb_rqst *rqst) | |
2dc7e1c0 PS |
664 | { |
665 | int rc; | |
fec344e3 | 666 | struct smb2_hdr *hdr = (struct smb2_hdr *)rqst->rq_iov[0].iov_base; |
2dc7e1c0 PS |
667 | struct mid_q_entry *mid; |
668 | ||
669 | smb2_seq_num_into_buf(ses->server, hdr); | |
670 | ||
671 | rc = smb2_get_mid_entry(ses, hdr, &mid); | |
672 | if (rc) | |
fec344e3 JL |
673 | return ERR_PTR(rc); |
674 | rc = smb2_sign_rqst(rqst, ses->server); | |
675 | if (rc) { | |
3c1bf7e4 | 676 | cifs_delete_mid(mid); |
fec344e3 JL |
677 | return ERR_PTR(rc); |
678 | } | |
679 | return mid; | |
2dc7e1c0 PS |
680 | } |
681 | ||
fec344e3 JL |
682 | struct mid_q_entry * |
683 | smb2_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst) | |
c95b8eed | 684 | { |
fec344e3 JL |
685 | int rc; |
686 | struct smb2_hdr *hdr = (struct smb2_hdr *)rqst->rq_iov[0].iov_base; | |
c95b8eed PS |
687 | struct mid_q_entry *mid; |
688 | ||
689 | smb2_seq_num_into_buf(server, hdr); | |
690 | ||
691 | mid = smb2_mid_entry_alloc(hdr, server); | |
692 | if (mid == NULL) | |
fec344e3 | 693 | return ERR_PTR(-ENOMEM); |
c95b8eed | 694 | |
fec344e3 | 695 | rc = smb2_sign_rqst(rqst, server); |
c95b8eed PS |
696 | if (rc) { |
697 | DeleteMidQEntry(mid); | |
fec344e3 | 698 | return ERR_PTR(rc); |
3c1bf7e4 PS |
699 | } |
700 | ||
fec344e3 | 701 | return mid; |
c95b8eed | 702 | } |