Merge tag '5.20-rc-ksmbd-server-fixes' of git://git.samba.org/ksmbd

L:	linux-cifs@vger.kernel.org

S:	Maintained

T:	git git://git.samba.org/ksmbd.git

F:	Documentation/filesystems/cifs/ksmbd.rst

F:	fs/ksmbd/

F:	fs/smbfs_common/

	return rc;

}

static int calc_ntlmv2_hash(struct ksmbd_session *sess, char *ntlmv2_hash,

			    char *dname)

static int calc_ntlmv2_hash(struct ksmbd_conn *conn, struct ksmbd_session *sess,

			    char *ntlmv2_hash, char *dname)

{

	int ret, len, conv_len;

	wchar_t *domain = NULL;

	}

	conv_len = smb_strtoUTF16(uniname, user_name(sess->user), len,

				  sess->conn->local_nls);

				  conn->local_nls);

	if (conv_len < 0 || conv_len > len) {

		ret = -EINVAL;

		goto out;

	}

	conv_len = smb_strtoUTF16((__le16 *)domain, dname, len,

				  sess->conn->local_nls);

				  conn->local_nls);

	if (conv_len < 0 || conv_len > len) {

		ret = -EINVAL;

		goto out;

 *

 * Return:	0 on success, error number on error

 */

int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2,

		      int blen, char *domain_name, char *cryptkey)

int ksmbd_auth_ntlmv2(struct ksmbd_conn *conn, struct ksmbd_session *sess,

		      struct ntlmv2_resp *ntlmv2, int blen, char *domain_name,

		      char *cryptkey)

{

	char ntlmv2_hash[CIFS_ENCPWD_SIZE];

	char ntlmv2_rsp[CIFS_HMAC_MD5_HASH_SIZE];

		return -ENOMEM;

	}

	rc = calc_ntlmv2_hash(sess, ntlmv2_hash, domain_name);

	rc = calc_ntlmv2_hash(conn, sess, ntlmv2_hash, domain_name);

	if (rc) {

		ksmbd_debug(AUTH, "could not get v2 hash rc %d\n", rc);

		goto out;

	/* process NTLMv2 authentication */

	ksmbd_debug(AUTH, "decode_ntlmssp_authenticate_blob dname%s\n",

		    domain_name);

	ret = ksmbd_auth_ntlmv2(sess, (struct ntlmv2_resp *)((char *)authblob + nt_off),

	ret = ksmbd_auth_ntlmv2(conn, sess,

				(struct ntlmv2_resp *)((char *)authblob + nt_off),

				nt_len - CIFS_ENCPWD_SIZE,

				domain_name, conn->ntlmssp.cryptkey);

	kfree(domain_name);

	bool binding;

};

static int generate_key(struct ksmbd_session *sess, struct kvec label,

			struct kvec context, __u8 *key, unsigned int key_size)

static int generate_key(struct ksmbd_conn *conn, struct ksmbd_session *sess,

			struct kvec label, struct kvec context, __u8 *key,

			unsigned int key_size)

{

	unsigned char zero = 0x0;

	__u8 i[4] = {0, 0, 0, 1};

		goto smb3signkey_ret;

	}

	if (sess->conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||

	    sess->conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)

	if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||

	    conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM)

		rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L256, 4);

	else

		rc = crypto_shash_update(CRYPTO_HMACSHA256(ctx), L128, 4);

	if (!chann)

		return 0;

	if (sess->conn->dialect >= SMB30_PROT_ID && signing->binding)

	if (conn->dialect >= SMB30_PROT_ID && signing->binding)

		key = chann->smb3signingkey;

	else

		key = sess->smb3signingkey;

	rc = generate_key(sess, signing->label, signing->context, key,

	rc = generate_key(conn, sess, signing->label, signing->context, key,

			  SMB3_SIGN_KEY_SIZE);

	if (rc)

		return rc;

	if (!(sess->conn->dialect >= SMB30_PROT_ID && signing->binding))

	if (!(conn->dialect >= SMB30_PROT_ID && signing->binding))

		memcpy(chann->smb3signingkey, key, SMB3_SIGN_KEY_SIZE);

	ksmbd_debug(AUTH, "dumping generated AES signing keys\n");

	struct derivation decryption;

};

static int generate_smb3encryptionkey(struct ksmbd_session *sess,

static int generate_smb3encryptionkey(struct ksmbd_conn *conn,

				      struct ksmbd_session *sess,

				      const struct derivation_twin *ptwin)

{

	int rc;

	rc = generate_key(sess, ptwin->encryption.label,

	rc = generate_key(conn, sess, ptwin->encryption.label,

			  ptwin->encryption.context, sess->smb3encryptionkey,

			  SMB3_ENC_DEC_KEY_SIZE);

	if (rc)

		return rc;

	rc = generate_key(sess, ptwin->decryption.label,

	rc = generate_key(conn, sess, ptwin->decryption.label,

			  ptwin->decryption.context,

			  sess->smb3decryptionkey, SMB3_ENC_DEC_KEY_SIZE);

	if (rc)

		return rc;

	ksmbd_debug(AUTH, "dumping generated AES encryption keys\n");

	ksmbd_debug(AUTH, "Cipher type   %d\n", sess->conn->cipher_type);

	ksmbd_debug(AUTH, "Cipher type   %d\n", conn->cipher_type);

	ksmbd_debug(AUTH, "Session Id    %llu\n", sess->id);

	ksmbd_debug(AUTH, "Session Key   %*ph\n",

		    SMB2_NTLMV2_SESSKEY_SIZE, sess->sess_key);

	if (sess->conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||

	    sess->conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {

	if (conn->cipher_type == SMB2_ENCRYPTION_AES256_CCM ||

	    conn->cipher_type == SMB2_ENCRYPTION_AES256_GCM) {

		ksmbd_debug(AUTH, "ServerIn Key  %*ph\n",

			    SMB3_GCM256_CRYPTKEY_SIZE, sess->smb3encryptionkey);

		ksmbd_debug(AUTH, "ServerOut Key %*ph\n",

	return 0;

}

int ksmbd_gen_smb30_encryptionkey(struct ksmbd_session *sess)

int ksmbd_gen_smb30_encryptionkey(struct ksmbd_conn *conn,

				  struct ksmbd_session *sess)

{

	struct derivation_twin twin;

	struct derivation *d;

	d->context.iov_base = "ServerIn ";

	d->context.iov_len = 10;

	return generate_smb3encryptionkey(sess, &twin);

	return generate_smb3encryptionkey(conn, sess, &twin);

}

int ksmbd_gen_smb311_encryptionkey(struct ksmbd_session *sess)

int ksmbd_gen_smb311_encryptionkey(struct ksmbd_conn *conn,

				   struct ksmbd_session *sess)

{

	struct derivation_twin twin;

	struct derivation *d;

	d->context.iov_base = sess->Preauth_HashValue;

	d->context.iov_len = 64;

	return generate_smb3encryptionkey(sess, &twin);

	return generate_smb3encryptionkey(conn, sess, &twin);

}

int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf,

int ksmbd_crypt_message(struct ksmbd_conn *conn, struct kvec *iov,

			unsigned int nvec, int enc);

void ksmbd_copy_gss_neg_header(void *buf);

int ksmbd_auth_ntlmv2(struct ksmbd_session *sess, struct ntlmv2_resp *ntlmv2,

		      int blen, char *domain_name, char *cryptkey);

int ksmbd_auth_ntlmv2(struct ksmbd_conn *conn, struct ksmbd_session *sess,

		      struct ntlmv2_resp *ntlmv2, int blen, char *domain_name,

		      char *cryptkey);

int ksmbd_decode_ntlmssp_auth_blob(struct authenticate_message *authblob,

				   int blob_len, struct ksmbd_conn *conn,

				   struct ksmbd_session *sess);

			       struct ksmbd_conn *conn);

int ksmbd_gen_smb311_signingkey(struct ksmbd_session *sess,

				struct ksmbd_conn *conn);

int ksmbd_gen_smb30_encryptionkey(struct ksmbd_session *sess);

int ksmbd_gen_smb311_encryptionkey(struct ksmbd_session *sess);

int ksmbd_gen_smb30_encryptionkey(struct ksmbd_conn *conn,

				  struct ksmbd_session *sess);

int ksmbd_gen_smb311_encryptionkey(struct ksmbd_conn *conn,

				   struct ksmbd_session *sess);

int ksmbd_gen_preauth_integrity_hash(struct ksmbd_conn *conn, char *buf,

				     __u8 *pi_hash);

int ksmbd_gen_sd_hash(struct ksmbd_conn *conn, char *sd_buf, int len,

	list_del(&conn->conns_list);

	write_unlock(&conn_list_lock);

	xa_destroy(&conn->sessions);

	kvfree(conn->request_buf);

	kfree(conn->preauth_info);

	kfree(conn);

	conn->outstanding_credits = 0;

	init_waitqueue_head(&conn->req_running_q);

	init_waitqueue_head(&conn->r_count_q);

	INIT_LIST_HEAD(&conn->conns_list);

	INIT_LIST_HEAD(&conn->sessions);

	INIT_LIST_HEAD(&conn->requests);

	INIT_LIST_HEAD(&conn->async_requests);

	spin_lock_init(&conn->request_lock);

	spin_lock_init(&conn->credits_lock);

	ida_init(&conn->async_ida);

	xa_init(&conn->sessions);

	spin_lock_init(&conn->llist_lock);

	INIT_LIST_HEAD(&conn->lock_list);

	struct kvec iov[3];

	int iov_idx = 0;

	ksmbd_conn_try_dequeue_request(work);

	if (!work->response_buf) {

		pr_err("NULL response header\n");

		return -EINVAL;

out:

	/* Wait till all reference dropped to the Server object*/

	while (atomic_read(&conn->r_count) > 0)

		schedule_timeout(HZ);

	wait_event(conn->r_count_q, atomic_read(&conn->r_count) == 0);

	unload_nls(conn->local_nls);

	if (default_conn_ops.terminate_fn)

#define KSMBD_SOCKET_BACKLOG		16

/*

 * WARNING

 *

 * This is nothing but a HACK. Session status should move to channel

 * or to session. As of now we have 1 tcp_conn : 1 ksmbd_session, but

 * we need to change it to 1 tcp_conn : N ksmbd_sessions.

 */

enum {

	KSMBD_SESS_NEW = 0,

	KSMBD_SESS_GOOD,

	struct nls_table		*local_nls;

	struct list_head		conns_list;

	/* smb session 1 per user */

	struct list_head		sessions;

	struct xarray			sessions;

	unsigned long			last_active;

	/* How many request are running currently */

	atomic_t			req_running;

	unsigned int			outstanding_credits;

	spinlock_t			credits_lock;

	wait_queue_head_t		req_running_q;

	wait_queue_head_t		r_count_q;

	/* Lock to protect requests list*/

	spinlock_t			request_lock;

	struct list_head		requests;