ksmbd: fix racy issue while destroying session on multichannel

	return rc;

}

static int calc_ntlmv2_hash(struct ksmbd_session *sess, char *ntlmv2_hash,

			    char *dname)

static int calc_ntlmv2_hash(struct ksmbd_conn *conn, struct ksmbd_session *sess,

			    char *ntlmv2_hash, char *dname)

{

	int ret, len, conv_len;

	wchar_t *domain = NULL;

	}

	conv_len = smb_strtoUTF16(uniname, user_name(sess->user), len,

				  sess->conn->local_nls);

				  conn->local_nls);

	if (conv_len < 0 || conv_len > len) {

		ret = -EINVAL;

		goto out;

	}

	conv_len = smb_strtoUTF16((__le16 *)domain, dname, len,

				  sess->conn->local_nls);

				  conn->local_nls);

	if (conv_len < 0 || conv_len > len) {

		ret = -EINVAL;

		goto out;

 *

 * Return:	0 on success, error number on error

 */

int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2,

		      int blen, char *domain_name, char *cryptkey)

int ksmbd_auth_ntlmv2(struct ksmbd_conn *conn, struct ksmbd_session *sess,

		      struct ntlmv2_resp *ntlmv2, int blen, char *domain_name,

		      char *cryptkey)

{

	char ntlmv2_hash[CIFS_ENCPWD_SIZE];

	char ntlmv2_rsp[CIFS_HMAC_MD5_HASH_SIZE];

		return -ENOMEM;

	}

	rc = calc_ntlmv2_hash(sess, ntlmv2_hash, domain_name);

	rc = calc_ntlmv2_hash(conn, sess, ntlmv2_hash, domain_name);

	if (rc) {

		ksmbd_debug(AUTH, "could not get v2 hash rc %d\n", rc);

		goto out;

	/* process NTLMv2 authentication */

	ksmbd_debug(AUTH, "decode_ntlmssp_authenticate_blob dname%s\n",

		    domain_name);

	ret = ksmbd_auth_ntlmv2(sess, (struct ntlmv2_resp *)((char *)authblob + nt_off),

	ret = ksmbd_auth_ntlmv2(conn, sess,

				(struct ntlmv2_resp *)((char *)authblob + nt_off),

				nt_len - CIFS_ENCPWD_SIZE,

				domain_name, conn->ntlmssp.cryptkey);

	kfree(domain_name);

	bool binding;

};

static int generate_key(struct ksmbd_session *sess, struct kvec label,

			struct kvec context, __u8 *key, unsigned int key_size)

static int generate_key(struct ksmbd_conn *conn, struct ksmbd_session *sess,

			struct kvec label, struct kvec context, __u8 *key,

			unsigned int key_size)

{

	unsigned char zero = 0x0;

	__u8 i[4] = {0, 0, 0, 1};

		goto smb3signkey_ret;

	}

	if (sess->conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||

	    sess->conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)

	if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||

	    conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)

		rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L256, 4);

	else

		rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L128, 4);

	if (!chann)

		return 0;

	if (sess->conn->dialect >= SMB30_PROT_ID && signing->binding)

	if (conn->dialect >= SMB30_PROT_ID && signing->binding)

		key = chann->smb3signingkey;

	else

		key = sess->smb3signingkey;

	rc = generate_key(sess, signing->label, signing->context, key,

	rc = generate_key(conn, sess, signing->label, signing->context, key,

			  SMB3_SIGN_KEY_SIZE);

	if (rc)

		return rc;

	if (!(sess->conn->dialect >= SMB30_PROT_ID && signing->binding))

	if (!(conn->dialect >= SMB30_PROT_ID && signing->binding))

		memcpy(chann->smb3signingkey, key, SMB3_SIGN_KEY_SIZE);

	ksmbd_debug(AUTH, "dumping generated AES signing keys\n");

	struct derivation decryption;

};

static int generate_smb3encryptionkey(struct ksmbd_session *sess,

static int generate_smb3encryptionkey(struct ksmbd_conn *conn,

				      struct ksmbd_session *sess,

				      const struct derivation_twin *ptwin)

{

	int rc;

	rc = generate_key(sess, ptwin->encryption.label,

	rc = generate_key(conn, sess, ptwin->encryption.label,

			  ptwin->encryption.context, sess->smb3encryptionkey,

			  SMB3_ENC_DEC_KEY_SIZE);

	if (rc)

		return rc;

	rc = generate_key(sess, ptwin->decryption.label,

	rc = generate_key(conn, sess, ptwin->decryption.label,

			  ptwin->decryption.context,

			  sess->smb3decryptionkey, SMB3_ENC_DEC_KEY_SIZE);

	if (rc)

		return rc;

	ksmbd_debug(AUTH, "dumping generated AES encryption keys\n");

	ksmbd_debug(AUTH, "Cipher type   %d\n", sess->conn->cipher_type);

	ksmbd_debug(AUTH, "Cipher type   %d\n", conn->cipher_type);

	ksmbd_debug(AUTH, "Session Id    %llu\n", sess->id);

	ksmbd_debug(AUTH, "Session Key   %*ph\n",

		    SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);

	if (sess->conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||

	    sess->conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {

	if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||

	    conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {

		ksmbd_debug(AUTH, "ServerIn Key  %*ph\n",

			    SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3encryptionkey);

		ksmbd_debug(AUTH, "ServerOut Key %*ph\n",

	return 0;

}

int ksmbd_gen_smb30_encryptionkey(struct ksmbd_session *sess)

int ksmbd_gen_smb30_encryptionkey(struct ksmbd_conn *conn,

				  struct ksmbd_session *sess)

{

	struct derivation_twin twin;

	struct derivation *d;

	d->context.iov_base = "ServerIn ";

	d->context.iov_len = 10;

	return generate_smb3encryptionkey(sess, &twin);

	return generate_smb3encryptionkey(conn, sess, &twin);

}

int ksmbd_gen_smb311_encryptionkey(struct ksmbd_session *sess)

int ksmbd_gen_smb311_encryptionkey(struct ksmbd_conn *conn,

				   struct ksmbd_session *sess)

{

	struct derivation_twin twin;

	struct derivation *d;

	d->context.iov_base = sess->Preauth_HashValue;

	d->context.iov_len = 64;

	return generate_smb3encryptionkey(sess, &twin);

	return generate_smb3encryptionkey(conn, sess, &twin);

}

int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf,

int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov,

			unsigned int nvec, int enc);

void ksmbd_copy_gss_neg_header(void *buf);

int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2,

		      int blen, char *domain_name, char *cryptkey);

int ksmbd_auth_ntlmv2(struct ksmbd_conn *conn, struct ksmbd_session *sess,

		      struct ntlmv2_resp *ntlmv2, int blen, char *domain_name,

		      char *cryptkey);

int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob,

				   int blob_len, struct ksmbd_conn *conn,

				   struct ksmbd_session *sess);

			       struct ksmbd_conn *conn);

int ksmbd_gen_smb311_signingkey(struct ksmbd_session *sess,

				struct ksmbd_conn *conn);

int ksmbd_gen_smb30_encryptionkey(struct ksmbd_session *sess);

int ksmbd_gen_smb311_encryptionkey(struct ksmbd_session *sess);

int ksmbd_gen_smb30_encryptionkey(struct ksmbd_conn *conn,

				  struct ksmbd_session *sess);

int ksmbd_gen_smb311_encryptionkey(struct ksmbd_conn *conn,

				   struct ksmbd_session *sess);

int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf,

				     __u8 *pi_hash);

int ksmbd_gen_sd_hash(struct ksmbd_conn *conn, char *sd_buf, int len,

#define KSMBD_SOCKET_BACKLOG		16

/*

 * WARNING

 *

 * This is nothing but a HACK. Session status should move to channel

 * or to session. As of now we have 1 tcp_conn : 1 ksmbd_session, but

 * we need to change it to 1 tcp_conn : N ksmbd_sessions.

 */

enum {

	KSMBD_SESS_NEW = 0,

	KSMBD_SESS_GOOD,

#include "user_session.h"

struct ksmbd_tree_conn_status

ksmbd_tree_conn_connect(struct ksmbd_session *sess, char *share_name)

ksmbd_tree_conn_connect(struct ksmbd_conn *conn, struct ksmbd_session *sess,

			char *share_name)

{

	struct ksmbd_tree_conn_status status = {-EINVAL, NULL};

	struct ksmbd_tree_connect_response *resp = NULL;

		goto out_error;

	}

	peer_addr = KSMBD_TCP_PEER_SOCKADDR(sess->conn);

	peer_addr = KSMBD_TCP_PEER_SOCKADDR(conn);

	resp = ksmbd_ipc_tree_connect_request(sess,

					      sc,

					      tree_conn,

struct ksmbd_share_config;

struct ksmbd_user;

struct ksmbd_conn;

struct ksmbd_tree_connect {

	int				id;

struct ksmbd_session;

struct ksmbd_tree_conn_status

ksmbd_tree_conn_connect(struct ksmbd_session *sess, char *share_name);

ksmbd_tree_conn_connect(struct ksmbd_conn *conn, struct ksmbd_session *sess,

			char *share_name);

int ksmbd_tree_conn_disconnect(struct ksmbd_session *sess,

			       struct ksmbd_tree_connect *tree_conn);