[deliverable/linux.git] / fs / cifs / smb2transport.c

/*
 *   fs/cifs/smb2transport.c
 *
 *   Copyright (C) International Business Machines  Corp., 2002, 2011
 *                 Etersoft, 2012
 *   Author(s): Steve French (sfrench@us.ibm.com)
 *              Jeremy Allison (jra@samba.org) 2006
 *              Pavel Shilovsky (pshilovsky@samba.org) 2012
 *
 *   This library is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU Lesser General Public License as published
 *   by the Free Software Foundation; either version 2.1 of the License, or
 *   (at your option) any later version.
 *
 *   This library is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
 *   the GNU Lesser General Public License for more details.
 *
 *   You should have received a copy of the GNU Lesser General Public License
 *   along with this library; if not, write to the Free Software
 *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 */

#include <linux/fs.h>
#include <linux/list.h>
#include <linux/wait.h>
#include <linux/net.h>
#include <linux/delay.h>
#include <linux/uaccess.h>
#include <asm/processor.h>
#include <linux/mempool.h>
#include "smb2pdu.h"
#include "cifsglob.h"
#include "cifsproto.h"
#include "smb2proto.h"
#include "cifs_debug.h"
#include "smb2status.h"
#include "smb2glob.h"

static int
smb2_calc_signature2(const struct kvec *iov, int n_vec,
		     struct TCP_Server_Info *server)
{
	int i, rc;
	unsigned char smb2_signature[SMB2_HMACSHA256_SIZE];
	unsigned char *sigptr = smb2_signature;
	struct smb2_hdr *smb2_pdu = (struct smb2_hdr *)iov[0].iov_base;

	memset(smb2_signature, 0x0, SMB2_HMACSHA256_SIZE);
	memset(smb2_pdu->Signature, 0x0, SMB2_SIGNATURE_SIZE);

	rc = crypto_shash_setkey(server->secmech.hmacsha256,
		server->session_key.response, SMB2_NTLMV2_SESSKEY_SIZE);
	if (rc) {
		cERROR(1, "%s: Could not update with response\n", __func__);
		return rc;
	}

	rc = crypto_shash_init(&server->secmech.sdeschmacsha256->shash);
	if (rc) {
		cERROR(1, "%s: Could not init md5\n", __func__);
		return rc;
	}

	for (i = 0; i < n_vec; i++) {
		if (iov[i].iov_len == 0)
			continue;
		if (iov[i].iov_base == NULL) {
			cERROR(1, "null iovec entry");
			return -EIO;
		}
		/*
		 * The first entry includes a length field (which does not get
		 * signed that occupies the first 4 bytes before the header).
		 */
		if (i == 0) {
			if (iov[0].iov_len <= 8) /* cmd field at offset 9 */
				break; /* nothing to sign or corrupt header */
			rc =
			crypto_shash_update(
				&server->secmech.sdeschmacsha256->shash,
				iov[i].iov_base + 4, iov[i].iov_len - 4);
		} else {
			rc =
			crypto_shash_update(
				&server->secmech.sdeschmacsha256->shash,
				iov[i].iov_base, iov[i].iov_len);
		}
		if (rc) {
			cERROR(1, "%s: Could not update with payload\n",
							__func__);
			return rc;
		}
	}

	rc = crypto_shash_final(&server->secmech.sdeschmacsha256->shash,
				sigptr);
	if (rc)
		cERROR(1, "%s: Could not generate sha256 hash\n", __func__);

	memcpy(smb2_pdu->Signature, sigptr, SMB2_SIGNATURE_SIZE);

	return rc;
}

/* must be called with server->srv_mutex held */
static int
smb2_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server)
{
	int rc = 0;
	struct smb2_hdr *smb2_pdu = iov[0].iov_base;

	if (!(smb2_pdu->Flags & SMB2_FLAGS_SIGNED) ||
	    server->tcpStatus == CifsNeedNegotiate)
		return rc;

	if (!server->session_estab) {
		strncpy(smb2_pdu->Signature, "BSRSPYL", 8);
		return rc;
	}

	rc = smb2_calc_signature2(iov, n_vec, server);

	return rc;
}

int
smb2_verify_signature2(struct kvec *iov, unsigned int n_vec,
		       struct TCP_Server_Info *server)
{
	unsigned int rc;
	char server_response_sig[16];
	struct smb2_hdr *smb2_pdu = (struct smb2_hdr *)iov[0].iov_base;

	if ((smb2_pdu->Command == SMB2_NEGOTIATE) ||
	    (smb2_pdu->Command == SMB2_OPLOCK_BREAK) ||
	    (!server->session_estab))
		return 0;

	/*
	 * BB what if signatures are supposed to be on for session but
	 * server does not send one? BB
	 */

	/* Do not need to verify session setups with signature "BSRSPYL " */
	if (memcmp(smb2_pdu->Signature, "BSRSPYL ", 8) == 0)
		cFYI(1, "dummy signature received for smb command 0x%x",
			smb2_pdu->Command);

	/*
	 * Save off the origiginal signature so we can modify the smb and check
	 * our calculated signature against what the server sent.
	 */
	memcpy(server_response_sig, smb2_pdu->Signature, SMB2_SIGNATURE_SIZE);

	memset(smb2_pdu->Signature, 0, SMB2_SIGNATURE_SIZE);

	mutex_lock(&server->srv_mutex);
	rc = smb2_calc_signature2(iov, n_vec, server);
	mutex_unlock(&server->srv_mutex);

	if (rc)
		return rc;

	if (memcmp(server_response_sig, smb2_pdu->Signature,
		   SMB2_SIGNATURE_SIZE))
		return -EACCES;
	else
		return 0;
}

static int
smb2_verify_signature(struct smb2_hdr *smb2_pdu, struct TCP_Server_Info *server)
{
	struct kvec iov;

	iov.iov_base = (char *)smb2_pdu;
	iov.iov_len = get_rfc1002_length(smb2_pdu) + 4;
	return smb2_verify_signature2(&iov, 1, server);
}

/*
 * Set message id for the request. Should be called after wait_for_free_request
 * and when srv_mutex is held.
 */
static inline void
smb2_seq_num_into_buf(struct TCP_Server_Info *server, struct smb2_hdr *hdr)
{
	hdr->MessageId = get_next_mid(server);
}

static struct mid_q_entry *
smb2_mid_entry_alloc(const struct smb2_hdr *smb_buffer,
		     struct TCP_Server_Info *server)
{
	struct mid_q_entry *temp;

	if (server == NULL) {
		cERROR(1, "Null TCP session in smb2_mid_entry_alloc");
		return NULL;
	}

	temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
	if (temp == NULL)
		return temp;
	else {
		memset(temp, 0, sizeof(struct mid_q_entry));
		temp->mid = smb_buffer->MessageId;	/* always LE */
		temp->pid = current->pid;
		temp->command = smb_buffer->Command;	/* Always LE */
		temp->when_alloc = jiffies;
		temp->server = server;

		/*
		 * The default is for the mid to be synchronous, so the
		 * default callback just wakes up the current task.
		 */
		temp->callback = cifs_wake_up_task;
		temp->callback_data = current;
	}

	atomic_inc(&midCount);
	temp->mid_state = MID_REQUEST_ALLOCATED;
	return temp;
}

static int
smb2_get_mid_entry(struct cifs_ses *ses, struct smb2_hdr *buf,
		   struct mid_q_entry **mid)
{
	if (ses->server->tcpStatus == CifsExiting)
		return -ENOENT;

	if (ses->server->tcpStatus == CifsNeedReconnect) {
		cFYI(1, "tcp session dead - return to caller to retry");
		return -EAGAIN;
	}

	if (ses->status != CifsGood) {
		/* check if SMB2 session is bad because we are setting it up */
		if ((buf->Command != SMB2_SESSION_SETUP) &&
		    (buf->Command != SMB2_NEGOTIATE))
			return -EAGAIN;
		/* else ok - we are setting up session */
	}
	*mid = smb2_mid_entry_alloc(buf, ses->server);
	if (*mid == NULL)
		return -ENOMEM;
	spin_lock(&GlobalMid_Lock);
	list_add_tail(&(*mid)->qhead, &ses->server->pending_mid_q);
	spin_unlock(&GlobalMid_Lock);
	return 0;
}

int
smb2_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
		   bool log_error)
{
	unsigned int len = get_rfc1002_length(mid->resp_buf);

	dump_smb(mid->resp_buf, min_t(u32, 80, len));
	/* convert the length into a more usable form */
	if ((len > 24) &&
	    (server->sec_mode & (SECMODE_SIGN_REQUIRED|SECMODE_SIGN_ENABLED))) {
		int rc;

		rc = smb2_verify_signature(mid->resp_buf, server);
		if (rc)
			cERROR(1, "SMB signature verification returned error = "
			       "%d", rc);
	}

	return map_smb2_to_linux_error(mid->resp_buf, log_error);
}

int
smb2_setup_request(struct cifs_ses *ses, struct kvec *iov,
		   unsigned int nvec, struct mid_q_entry **ret_mid)
{
	int rc;
	struct smb2_hdr *hdr = (struct smb2_hdr *)iov[0].iov_base;
	struct mid_q_entry *mid;

	smb2_seq_num_into_buf(ses->server, hdr);

	rc = smb2_get_mid_entry(ses, hdr, &mid);
	if (rc)
		return rc;
	rc = smb2_sign_smb2(iov, nvec, ses->server);
	if (rc)
		cifs_delete_mid(mid);
	*ret_mid = mid;
	return rc;
}

int
smb2_setup_async_request(struct TCP_Server_Info *server, struct kvec *iov,
			 unsigned int nvec, struct mid_q_entry **ret_mid)
{
	int rc = 0;
	struct smb2_hdr *hdr = (struct smb2_hdr *)iov[0].iov_base;
	struct mid_q_entry *mid;

	smb2_seq_num_into_buf(server, hdr);

	mid = smb2_mid_entry_alloc(hdr, server);
	if (mid == NULL)
		return -ENOMEM;

	rc = smb2_sign_smb2(iov, nvec, server);
	if (rc) {
		DeleteMidQEntry(mid);
		return rc;
	}

	*ret_mid = mid;
	return rc;
}
Commit	Line	Data
2dc7e1c0 PS	1	/*
	2	* fs/cifs/smb2transport.c
	3	*
	4	* Copyright (C) International Business Machines Corp., 2002, 2011
	5	* Etersoft, 2012
	6	* Author(s): Steve French (sfrench@us.ibm.com)
	7	* Jeremy Allison (jra@samba.org) 2006
	8	* Pavel Shilovsky (pshilovsky@samba.org) 2012
	9	*
	10	* This library is free software; you can redistribute it and/or modify
	11	* it under the terms of the GNU Lesser General Public License as published
	12	* by the Free Software Foundation; either version 2.1 of the License, or
	13	* (at your option) any later version.
	14	*
	15	* This library is distributed in the hope that it will be useful,
	16	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	17	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
	18	* the GNU Lesser General Public License for more details.
	19	*
	20	* You should have received a copy of the GNU Lesser General Public License
	21	* along with this library; if not, write to the Free Software
	22	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	23	*/
	24
	25	#include <linux/fs.h>
	26	#include <linux/list.h>
	27	#include <linux/wait.h>
	28	#include <linux/net.h>
	29	#include <linux/delay.h>
	30	#include <linux/uaccess.h>
	31	#include <asm/processor.h>
	32	#include <linux/mempool.h>
	33	#include "smb2pdu.h"
	34	#include "cifsglob.h"
	35	#include "cifsproto.h"
	36	#include "smb2proto.h"
	37	#include "cifs_debug.h"
	38	#include "smb2status.h"
3c1bf7e4 PS	39	#include "smb2glob.h"
	40
	41	static int
	42	smb2_calc_signature2(const struct kvec *iov, int n_vec,
	43	struct TCP_Server_Info *server)
	44	{
	45	int i, rc;
	46	unsigned char smb2_signature[SMB2_HMACSHA256_SIZE];
	47	unsigned char *sigptr = smb2_signature;
	48	struct smb2_hdr smb2_pdu = (struct smb2_hdr )iov[0].iov_base;
	49
	50	memset(smb2_signature, 0x0, SMB2_HMACSHA256_SIZE);
	51	memset(smb2_pdu->Signature, 0x0, SMB2_SIGNATURE_SIZE);
	52
	53	rc = crypto_shash_setkey(server->secmech.hmacsha256,
	54	server->session_key.response, SMB2_NTLMV2_SESSKEY_SIZE);
	55	if (rc) {
	56	cERROR(1, "%s: Could not update with response\n", __func__);
	57	return rc;
	58	}
	59
	60	rc = crypto_shash_init(&server->secmech.sdeschmacsha256->shash);
	61	if (rc) {
	62	cERROR(1, "%s: Could not init md5\n", __func__);
	63	return rc;
	64	}
	65
	66	for (i = 0; i < n_vec; i++) {
	67	if (iov[i].iov_len == 0)
	68	continue;
	69	if (iov[i].iov_base == NULL) {
	70	cERROR(1, "null iovec entry");
	71	return -EIO;
	72	}
	73	/*
	74	* The first entry includes a length field (which does not get
	75	* signed that occupies the first 4 bytes before the header).
	76	*/
	77	if (i == 0) {
	78	if (iov[0].iov_len <= 8) /* cmd field at offset 9 */
	79	break; /* nothing to sign or corrupt header */
	80	rc =
	81	crypto_shash_update(
	82	&server->secmech.sdeschmacsha256->shash,
	83	iov[i].iov_base + 4, iov[i].iov_len - 4);
	84	} else {
	85	rc =
	86	crypto_shash_update(
	87	&server->secmech.sdeschmacsha256->shash,
	88	iov[i].iov_base, iov[i].iov_len);
	89	}
	90	if (rc) {
	91	cERROR(1, "%s: Could not update with payload\n",
	92	__func__);
	93	return rc;
	94	}
	95	}
	96
	97	rc = crypto_shash_final(&server->secmech.sdeschmacsha256->shash,
	98	sigptr);
	99	if (rc)
	100	cERROR(1, "%s: Could not generate sha256 hash\n", __func__);
	101
	102	memcpy(smb2_pdu->Signature, sigptr, SMB2_SIGNATURE_SIZE);
103
104	return rc;
105	}
106
107	/* must be called with server->srv_mutex held */
108	static int
109	smb2_sign_smb2(struct kvec iov, int n_vec, struct TCP_Server_Info server)
110	{
111	int rc = 0;
112	struct smb2_hdr *smb2_pdu = iov[0].iov_base;
113
114	if (!(smb2_pdu->Flags & SMB2_FLAGS_SIGNED) \|\|
115	server->tcpStatus == CifsNeedNegotiate)
116	return rc;
117
118	if (!server->session_estab) {
119	strncpy(smb2_pdu->Signature, "BSRSPYL", 8);
120	return rc;
121	}
122
123	rc = smb2_calc_signature2(iov, n_vec, server);
124
125	return rc;
126	}
127
128	int
129	smb2_verify_signature2(struct kvec *iov, unsigned int n_vec,
130	struct TCP_Server_Info *server)
131	{
132	unsigned int rc;
133	char server_response_sig[16];
134	struct smb2_hdr smb2_pdu = (struct smb2_hdr )iov[0].iov_base;
135
136	if ((smb2_pdu->Command == SMB2_NEGOTIATE) \|\|
137	(smb2_pdu->Command == SMB2_OPLOCK_BREAK) \|\|
138	(!server->session_estab))
139	return 0;
140
141	/*
142	* BB what if signatures are supposed to be on for session but
143	* server does not send one? BB
144	*/
145
146	/* Do not need to verify session setups with signature "BSRSPYL " */
147	if (memcmp(smb2_pdu->Signature, "BSRSPYL ", 8) == 0)
148	cFYI(1, "dummy signature received for smb command 0x%x",
149	smb2_pdu->Command);
150
151	/*
152	* Save off the origiginal signature so we can modify the smb and check
153	* our calculated signature against what the server sent.
154	*/
155	memcpy(server_response_sig, smb2_pdu->Signature, SMB2_SIGNATURE_SIZE);
156
157	memset(smb2_pdu->Signature, 0, SMB2_SIGNATURE_SIZE);
158
159	mutex_lock(&server->srv_mutex);
160	rc = smb2_calc_signature2(iov, n_vec, server);
161	mutex_unlock(&server->srv_mutex);
162
163	if (rc)
164	return rc;
165
166	if (memcmp(server_response_sig, smb2_pdu->Signature,
167	SMB2_SIGNATURE_SIZE))
168	return -EACCES;
169	else
170	return 0;
171	}
172
173	static int
174	smb2_verify_signature(struct smb2_hdr smb2_pdu, struct TCP_Server_Info server)
175	{
176	struct kvec iov;
177
178	iov.iov_base = (char *)smb2_pdu;
179	iov.iov_len = get_rfc1002_length(smb2_pdu) + 4;
180	return smb2_verify_signature2(&iov, 1, server);
181	}
2dc7e1c0 PS	182
	183	/*
	184	* Set message id for the request. Should be called after wait_for_free_request
	185	* and when srv_mutex is held.
	186	*/
	187	static inline void
	188	smb2_seq_num_into_buf(struct TCP_Server_Info server, struct smb2_hdr hdr)
	189	{
	190	hdr->MessageId = get_next_mid(server);
	191	}
	192
	193	static struct mid_q_entry *
	194	smb2_mid_entry_alloc(const struct smb2_hdr *smb_buffer,
	195	struct TCP_Server_Info *server)
	196	{
	197	struct mid_q_entry *temp;
	198
	199	if (server == NULL) {
	200	cERROR(1, "Null TCP session in smb2_mid_entry_alloc");
	201	return NULL;
	202	}
	203
	204	temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
	205	if (temp == NULL)
	206	return temp;
	207	else {
	208	memset(temp, 0, sizeof(struct mid_q_entry));
	209	temp->mid = smb_buffer->MessageId; /* always LE */
	210	temp->pid = current->pid;
	211	temp->command = smb_buffer->Command; /* Always LE */
	212	temp->when_alloc = jiffies;
	213	temp->server = server;
	214
	215	/*
	216	* The default is for the mid to be synchronous, so the
	217	* default callback just wakes up the current task.
	218	*/
	219	temp->callback = cifs_wake_up_task;
	220	temp->callback_data = current;
	221	}
	222
	223	atomic_inc(&midCount);
	224	temp->mid_state = MID_REQUEST_ALLOCATED;
	225	return temp;
	226	}
	227
	228	static int
	229	smb2_get_mid_entry(struct cifs_ses ses, struct smb2_hdr buf,
	230	struct mid_q_entry **mid)
	231	{
	232	if (ses->server->tcpStatus == CifsExiting)
	233	return -ENOENT;
	234
	235	if (ses->server->tcpStatus == CifsNeedReconnect) {
	236	cFYI(1, "tcp session dead - return to caller to retry");
	237	return -EAGAIN;
	238	}
	239
	240	if (ses->status != CifsGood) {
	241	/* check if SMB2 session is bad because we are setting it up */
	242	if ((buf->Command != SMB2_SESSION_SETUP) &&
	243	(buf->Command != SMB2_NEGOTIATE))
	244	return -EAGAIN;
	245	/* else ok - we are setting up session */
246	}
247	*mid = smb2_mid_entry_alloc(buf, ses->server);
248	if (*mid == NULL)
249	return -ENOMEM;
250	spin_lock(&GlobalMid_Lock);
251	list_add_tail(&(*mid)->qhead, &ses->server->pending_mid_q);
252	spin_unlock(&GlobalMid_Lock);
253	return 0;
254	}
255
256	int
257	smb2_check_receive(struct mid_q_entry mid, struct TCP_Server_Info server,
258	bool log_error)
259	{
260	unsigned int len = get_rfc1002_length(mid->resp_buf);
261
262	dump_smb(mid->resp_buf, min_t(u32, 80, len));
263	/* convert the length into a more usable form */
3c1bf7e4	264	if ((len > 24) &&
2dc7e1c0	265	(server->sec_mode & (SECMODE_SIGN_REQUIRED\|SECMODE_SIGN_ENABLED))) {
3c1bf7e4 PS	266	int rc;
	267
	268	rc = smb2_verify_signature(mid->resp_buf, server);
	269	if (rc)
	270	cERROR(1, "SMB signature verification returned error = "
	271	"%d", rc);
	272	}
2dc7e1c0 PS	273
	274	return map_smb2_to_linux_error(mid->resp_buf, log_error);
	275	}
	276
	277	int
	278	smb2_setup_request(struct cifs_ses ses, struct kvec iov,
	279	unsigned int nvec, struct mid_q_entry **ret_mid)
	280	{
	281	int rc;
	282	struct smb2_hdr hdr = (struct smb2_hdr )iov[0].iov_base;
	283	struct mid_q_entry *mid;
	284
	285	smb2_seq_num_into_buf(ses->server, hdr);
	286
	287	rc = smb2_get_mid_entry(ses, hdr, &mid);
	288	if (rc)
	289	return rc;
3c1bf7e4	290	rc = smb2_sign_smb2(iov, nvec, ses->server);
2dc7e1c0	291	if (rc)
3c1bf7e4	292	cifs_delete_mid(mid);
2dc7e1c0 PS	293	*ret_mid = mid;
	294	return rc;
	295	}
	296
c95b8eed PS	297	int
	298	smb2_setup_async_request(struct TCP_Server_Info server, struct kvec iov,
	299	unsigned int nvec, struct mid_q_entry **ret_mid)
	300	{
	301	int rc = 0;
	302	struct smb2_hdr hdr = (struct smb2_hdr )iov[0].iov_base;
	303	struct mid_q_entry *mid;
	304
	305	smb2_seq_num_into_buf(server, hdr);
	306
	307	mid = smb2_mid_entry_alloc(hdr, server);
	308	if (mid == NULL)
	309	return -ENOMEM;
	310
3c1bf7e4	311	rc = smb2_sign_smb2(iov, nvec, server);
c95b8eed PS	312	if (rc) {
	313	DeleteMidQEntry(mid);
	314	return rc;
3c1bf7e4 PS	315	}
3c1bf7e4 PS	316
c95b8eed PS	317	*ret_mid = mid;
	318	return rc;
	319	}