Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6

	tristate "CIFS support (advanced network filesystem, SMBFS successor)"

	depends on INET

	select NLS

	select CRYPTO_MD5

	select CRYPTO_ARC4

	help

	  This is the client VFS module for the Common Internet File System

	  (CIFS) protocol which is the successor to the Server Message Block

				if (compare_oid(oid, oidlen, MSKRB5_OID,

						MSKRB5_OID_LEN))

					server->sec_mskerberos = true;

				else if (compare_oid(oid, oidlen, KRB5U2U_OID,

				if (compare_oid(oid, oidlen, KRB5U2U_OID,

						     KRB5U2U_OID_LEN))

					server->sec_kerberosu2u = true;

				else if (compare_oid(oid, oidlen, KRB5_OID,

				if (compare_oid(oid, oidlen, KRB5_OID,

						     KRB5_OID_LEN))

					server->sec_kerberos = true;

				else if (compare_oid(oid, oidlen, NTLMSSP_OID,

				if (compare_oid(oid, oidlen, NTLMSSP_OID,

						     NTLMSSP_OID_LEN))

					server->sec_ntlmssp = true;

 *     This is a compressed table of upper and lower case conversion.

 *

 */

#ifndef _CIFS_UNICODE_H

#define _CIFS_UNICODE_H

#include <asm/byteorder.h>

#include <linux/types.h>

#endif				/* UNIUPR_NOUPPER */

#ifndef UNIUPR_NOLOWER

extern signed char UniLowerTable[512];

extern struct UniCaseRange UniLowerRange[];

extern signed char CifsUniLowerTable[512];

extern const struct UniCaseRange CifsUniLowerRange[];

#endif				/* UNIUPR_NOLOWER */

#ifdef __KERNEL__

 * UniTolower:  Convert a unicode character to lower case

 */

static inline wchar_t

UniTolower(wchar_t uc)

UniTolower(register wchar_t uc)

{

	register struct UniCaseRange *rp;

	register const struct UniCaseRange *rp;

	if (uc < sizeof(UniLowerTable)) {

	if (uc < sizeof(CifsUniLowerTable)) {

		/* Latin characters */

		return uc + UniLowerTable[uc];	/* Use base tables */

		return uc + CifsUniLowerTable[uc];	/* Use base tables */

	} else {

		rp = UniLowerRange;	/* Use range tables */

		rp = CifsUniLowerRange;	/* Use range tables */

		while (rp->start) {

			if (uc < rp->start)	/* Before start of range */

				return uc;	/* Uppercase = input */

}

#endif

#endif /* _CIFS_UNICODE_H */

/*

 * Latin lower case

 */

static signed char CifsUniLowerTable[512] = {

signed char CifsUniLowerTable[512] = {

	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,	/* 000-00f */

	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,	/* 010-01f */

	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,	/* 020-02f */

/*

 * Lower Case Range

 */

static const struct UniCaseRange CifsUniLowerRange[] = {

	0x0380, 0x03ab, UniCaseRangeL0380,

	0x0400, 0x042f, UniCaseRangeL0400,

	0x0490, 0x04cb, UniCaseRangeL0490,

	0x1e00, 0x1ff7, UniCaseRangeL1e00,

	0xff20, 0xff3a, UniCaseRangeLff20,

	0, 0, 0

const struct UniCaseRange CifsUniLowerRange[] = {

	{0x0380, 0x03ab, UniCaseRangeL0380},

	{0x0400, 0x042f, UniCaseRangeL0400},

	{0x0490, 0x04cb, UniCaseRangeL0490},

	{0x1e00, 0x1ff7, UniCaseRangeL1e00},

	{0xff20, 0xff3a, UniCaseRangeLff20},

	{0}

};

#endif

#include "md5.h"

#include "cifs_unicode.h"

#include "cifsproto.h"

#include "ntlmssp.h"

#include <linux/ctype.h>

#include <linux/random.h>

		       unsigned char *p24);

static int cifs_calculate_signature(const struct smb_hdr *cifs_pdu,

				    const struct mac_key *key, char *signature)

			struct TCP_Server_Info *server, char *signature)

{

	struct	MD5Context context;

	int rc;

	if ((cifs_pdu == NULL) || (signature == NULL) || (key == NULL))

	if (cifs_pdu == NULL || server == NULL || signature == NULL)

		return -EINVAL;

	cifs_MD5_init(&context);

	cifs_MD5_update(&context, (char *)&key->data, key->len);

	cifs_MD5_update(&context, cifs_pdu->Protocol, cifs_pdu->smb_buf_length);

	if (!server->ntlmssp.sdescmd5) {

		cERROR(1,

			"cifs_calculate_signature: can't generate signature\n");

		return -1;

	}

	cifs_MD5_final(signature, &context);

	return 0;

	rc = crypto_shash_init(&server->ntlmssp.sdescmd5->shash);

	if (rc) {

		cERROR(1, "cifs_calculate_signature: oould not init md5\n");

		return rc;

	}

	if (server->secType == RawNTLMSSP)

		crypto_shash_update(&server->ntlmssp.sdescmd5->shash,

			server->session_key.data.ntlmv2.key,

			CIFS_NTLMV2_SESSKEY_SIZE);

	else

		crypto_shash_update(&server->ntlmssp.sdescmd5->shash,

			(char *)&server->session_key.data,

			server->session_key.len);

	crypto_shash_update(&server->ntlmssp.sdescmd5->shash,

			cifs_pdu->Protocol, cifs_pdu->smb_buf_length);

	rc = crypto_shash_final(&server->ntlmssp.sdescmd5->shash, signature);

	return rc;

}

int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server,

		  __u32 *pexpected_response_sequence_number)

{

	server->sequence_number++;

	spin_unlock(&GlobalMid_Lock);

	rc = cifs_calculate_signature(cifs_pdu, &server->mac_signing_key,

				      smb_signature);

	rc = cifs_calculate_signature(cifs_pdu, server, smb_signature);

	if (rc)

		memset(cifs_pdu->Signature.SecuritySignature, 0, 8);

	else

}

static int cifs_calc_signature2(const struct kvec *iov, int n_vec,

				const struct mac_key *key, char *signature)

			struct TCP_Server_Info *server, char *signature)

{

	struct  MD5Context context;

	int i;

	int rc;

	if ((iov == NULL) || (signature == NULL) || (key == NULL))

	if (iov == NULL || server == NULL || signature == NULL)

		return -EINVAL;

	cifs_MD5_init(&context);

	cifs_MD5_update(&context, (char *)&key->data, key->len);

	if (!server->ntlmssp.sdescmd5) {

		cERROR(1, "cifs_calc_signature2: can't generate signature\n");

		return -1;

	}

	rc = crypto_shash_init(&server->ntlmssp.sdescmd5->shash);

	if (rc) {

		cERROR(1, "cifs_calc_signature2: oould not init md5\n");

		return rc;

	}

	if (server->secType == RawNTLMSSP)

		crypto_shash_update(&server->ntlmssp.sdescmd5->shash,

			server->session_key.data.ntlmv2.key,

			CIFS_NTLMV2_SESSKEY_SIZE);

	else

		crypto_shash_update(&server->ntlmssp.sdescmd5->shash,

			(char *)&server->session_key.data,

			server->session_key.len);

	for (i = 0; i < n_vec; i++) {

		if (iov[i].iov_len == 0)

			continue;

		if (iov[i].iov_base == NULL) {

			cERROR(1, "null iovec entry");

			cERROR(1, "cifs_calc_signature2: null iovec entry");

			return -EIO;

		}

		/* The first entry includes a length field (which does not get

		if (i == 0) {

			if (iov[0].iov_len <= 8) /* cmd field at offset 9 */

				break; /* nothing to sign or corrupt header */

			cifs_MD5_update(&context, iov[0].iov_base+4,

				  iov[0].iov_len-4);

			crypto_shash_update(&server->ntlmssp.sdescmd5->shash,

				iov[i].iov_base + 4, iov[i].iov_len - 4);

		} else

			cifs_MD5_update(&context, iov[i].iov_base, iov[i].iov_len);

			crypto_shash_update(&server->ntlmssp.sdescmd5->shash,

				iov[i].iov_base, iov[i].iov_len);

	}

	cifs_MD5_final(signature, &context);

	rc = crypto_shash_final(&server->ntlmssp.sdescmd5->shash, signature);

	return 0;

	return rc;

}

int cifs_sign_smb2(struct kvec *iov, int n_vec, struct TCP_Server_Info *server,

		   __u32 *pexpected_response_sequence_number)

{

	server->sequence_number++;

	spin_unlock(&GlobalMid_Lock);

	rc = cifs_calc_signature2(iov, n_vec, &server->mac_signing_key,

				      smb_signature);

	rc = cifs_calc_signature2(iov, n_vec, server, smb_signature);

	if (rc)

		memset(cifs_pdu->Signature.SecuritySignature, 0, 8);

	else

}

int cifs_verify_signature(struct smb_hdr *cifs_pdu,

			  const struct mac_key *mac_key,

			  struct TCP_Server_Info *server,

			  __u32 expected_sequence_number)

{

	unsigned int rc;

	int rc;

	char server_response_sig[8];

	char what_we_think_sig_should_be[20];

	if ((cifs_pdu == NULL) || (mac_key == NULL))

	if (cifs_pdu == NULL || server == NULL)

		return -EINVAL;

	if (cifs_pdu->Command == SMB_COM_NEGOTIATE)

					cpu_to_le32(expected_sequence_number);

	cifs_pdu->Signature.Sequence.Reserved = 0;

	rc = cifs_calculate_signature(cifs_pdu, mac_key,

	rc = cifs_calculate_signature(cifs_pdu, server,

		what_we_think_sig_should_be);

	if (rc)

}

/* We fill in key by putting in 40 byte array which was allocated by caller */

int cifs_calculate_mac_key(struct mac_key *key, const char *rn,

int cifs_calculate_session_key(struct session_key *key, const char *rn,

			   const char *password)

{

	char temp_key[16];

	return 0;

}

int CalcNTLMv2_partial_mac_key(struct cifsSesInfo *ses,

			       const struct nls_table *nls_info)

{

	char temp_hash[16];

	struct HMACMD5Context ctx;

	char *ucase_buf;

	__le16 *unicode_buf;

	unsigned int i, user_name_len, dom_name_len;

	if (ses == NULL)

		return -EINVAL;

	E_md4hash(ses->password, temp_hash);

	hmac_md5_init_limK_to_64(temp_hash, 16, &ctx);

	user_name_len = strlen(ses->userName);

	if (user_name_len > MAX_USERNAME_SIZE)

		return -EINVAL;

	if (ses->domainName == NULL)

		return -EINVAL; /* BB should we use CIFS_LINUX_DOM */

	dom_name_len = strlen(ses->domainName);

	if (dom_name_len > MAX_USERNAME_SIZE)

		return -EINVAL;

	ucase_buf = kmalloc((MAX_USERNAME_SIZE+1), GFP_KERNEL);

	if (ucase_buf == NULL)

		return -ENOMEM;

	unicode_buf = kmalloc((MAX_USERNAME_SIZE+1)*4, GFP_KERNEL);

	if (unicode_buf == NULL) {

		kfree(ucase_buf);

		return -ENOMEM;

	}

	for (i = 0; i < user_name_len; i++)

		ucase_buf[i] = nls_info->charset2upper[(int)ses->userName[i]];

	ucase_buf[i] = 0;

	user_name_len = cifs_strtoUCS(unicode_buf, ucase_buf,

				      MAX_USERNAME_SIZE*2, nls_info);

	unicode_buf[user_name_len] = 0;

	user_name_len++;

	for (i = 0; i < dom_name_len; i++)

		ucase_buf[i] = nls_info->charset2upper[(int)ses->domainName[i]];

	ucase_buf[i] = 0;

	dom_name_len = cifs_strtoUCS(unicode_buf+user_name_len, ucase_buf,

				     MAX_USERNAME_SIZE*2, nls_info);

	unicode_buf[user_name_len + dom_name_len] = 0;

	hmac_md5_update((const unsigned char *) unicode_buf,

		(user_name_len+dom_name_len)*2, &ctx);

	hmac_md5_final(ses->server->ntlmv2_hash, &ctx);

	kfree(ucase_buf);

	kfree(unicode_buf);

	return 0;

}

#ifdef CONFIG_CIFS_WEAK_PW_HASH

void calc_lanman_hash(const char *password, const char *cryptkey, bool encrypt,

			char *lnm_session_key)

{

	int rc = 0;

	int len;

	char nt_hash[16];

	struct HMACMD5Context *pctxt;

	char nt_hash[CIFS_NTHASH_SIZE];

	wchar_t *user;

	wchar_t *domain;

	wchar_t *server;

	pctxt = kmalloc(sizeof(struct HMACMD5Context), GFP_KERNEL);

	if (pctxt == NULL)

		return -ENOMEM;

	if (!ses->server->ntlmssp.sdeschmacmd5) {

		cERROR(1, "calc_ntlmv2_hash: can't generate ntlmv2 hash\n");

		return -1;

	}

	/* calculate md4 hash of password */

	E_md4hash(ses->password, nt_hash);

	/* convert Domainname to unicode and uppercase */

	hmac_md5_init_limK_to_64(nt_hash, 16, pctxt);

	crypto_shash_setkey(ses->server->ntlmssp.hmacmd5, nt_hash,

				CIFS_NTHASH_SIZE);

	rc = crypto_shash_init(&ses->server->ntlmssp.sdeschmacmd5->shash);

	if (rc) {

		cERROR(1, "calc_ntlmv2_hash: could not init hmacmd5\n");

		return rc;

	}

	/* convert ses->userName to unicode and uppercase */

	len = strlen(ses->userName);

	user = kmalloc(2 + (len * 2), GFP_KERNEL);

	if (user == NULL)

	if (user == NULL) {

		cERROR(1, "calc_ntlmv2_hash: user mem alloc failure\n");

		rc = -ENOMEM;

		goto calc_exit_2;

	}

	len = cifs_strtoUCS((__le16 *)user, ses->userName, len, nls_cp);

	UniStrupr(user);

	hmac_md5_update((char *)user, 2*len, pctxt);

	crypto_shash_update(&ses->server->ntlmssp.sdeschmacmd5->shash,

				(char *)user, 2 * len);

	/* convert ses->domainName to unicode and uppercase */

	if (ses->domainName) {

		len = strlen(ses->domainName);

		domain = kmalloc(2 + (len * 2), GFP_KERNEL);

		if (domain == NULL)

		if (domain == NULL) {

			cERROR(1, "calc_ntlmv2_hash: domain mem alloc failure");

			rc = -ENOMEM;

			goto calc_exit_1;

		}

		len = cifs_strtoUCS((__le16 *)domain, ses->domainName, len,

					nls_cp);

		/* the following line was removed since it didn't work well

		   Maybe converting the domain name earlier makes sense */

		/* UniStrupr(domain); */

		hmac_md5_update((char *)domain, 2*len, pctxt);

		crypto_shash_update(&ses->server->ntlmssp.sdeschmacmd5->shash,

					(char *)domain, 2 * len);

		kfree(domain);

	} else if (ses->serverName) {

		len = strlen(ses->serverName);

		server = kmalloc(2 + (len * 2), GFP_KERNEL);

		if (server == NULL) {

			cERROR(1, "calc_ntlmv2_hash: server mem alloc failure");

			rc = -ENOMEM;

			goto calc_exit_1;

		}

		len = cifs_strtoUCS((__le16 *)server, ses->serverName, len,

					nls_cp);

		/* the following line was removed since it didn't work well

		   with lower cased domain name that passed as an option.

		   Maybe converting the domain name earlier makes sense */

		/* UniStrupr(domain); */

		crypto_shash_update(&ses->server->ntlmssp.sdeschmacmd5->shash,

					(char *)server, 2 * len);

		kfree(server);

	}

	rc = crypto_shash_final(&ses->server->ntlmssp.sdeschmacmd5->shash,

					ses->server->ntlmv2_hash);

calc_exit_1:

	kfree(user);

calc_exit_2:

	/* BB FIXME what about bytes 24 through 40 of the signing key?

	   compare with the NTLM example */

	hmac_md5_final(ses->server->ntlmv2_hash, pctxt);

	kfree(pctxt);

	return rc;

}

void setup_ntlmv2_rsp(struct cifsSesInfo *ses, char *resp_buf,

		      const struct nls_table *nls_cp)

static int

find_domain_name(struct cifsSesInfo *ses)

{

	int rc = 0;

	unsigned int attrsize;

	unsigned int type;

	unsigned char *blobptr;

	struct ntlmssp2_name *attrptr;

	if (ses->server->tiblob) {

		blobptr = ses->server->tiblob;

		attrptr = (struct ntlmssp2_name *) blobptr;

		while ((type = attrptr->type) != 0) {

			blobptr += 2; /* advance attr type */

			attrsize = attrptr->length;

			blobptr += 2; /* advance attr size */

			if (type == NTLMSSP_AV_NB_DOMAIN_NAME) {

				if (!ses->domainName) {

					ses->domainName =

						kmalloc(attrptr->length + 1,

								GFP_KERNEL);

					if (!ses->domainName)

							return -ENOMEM;

					cifs_from_ucs2(ses->domainName,

						(__le16 *)blobptr,

						attrptr->length,

						attrptr->length,

						load_nls_default(), false);

				}

			}

			blobptr += attrsize; /* advance attr  value */

			attrptr = (struct ntlmssp2_name *) blobptr;

		}

	} else {

		ses->server->tilen = 2 * sizeof(struct ntlmssp2_name);

		ses->server->tiblob = kmalloc(ses->server->tilen, GFP_KERNEL);

		if (!ses->server->tiblob) {

			ses->server->tilen = 0;

			cERROR(1, "Challenge target info allocation failure");

			return -ENOMEM;

		}

		memset(ses->server->tiblob, 0x0, ses->server->tilen);

		attrptr = (struct ntlmssp2_name *) ses->server->tiblob;

		attrptr->type = cpu_to_le16(NTLMSSP_DOMAIN_TYPE);

	}

	return rc;

}

static int

CalcNTLMv2_response(const struct TCP_Server_Info *server,

			 char *v2_session_response)

{

	int rc;

	if (!server->ntlmssp.sdeschmacmd5) {

		cERROR(1, "calc_ntlmv2_hash: can't generate ntlmv2 hash\n");

		return -1;

	}

	crypto_shash_setkey(server->ntlmssp.hmacmd5, server->ntlmv2_hash,

		CIFS_HMAC_MD5_HASH_SIZE);

	rc = crypto_shash_init(&server->ntlmssp.sdeschmacmd5->shash);

	if (rc) {

		cERROR(1, "CalcNTLMv2_response: could not init hmacmd5");

		return rc;

	}

	memcpy(v2_session_response + CIFS_SERVER_CHALLENGE_SIZE,

		server->cryptKey, CIFS_SERVER_CHALLENGE_SIZE);

	crypto_shash_update(&server->ntlmssp.sdeschmacmd5->shash,

		v2_session_response + CIFS_SERVER_CHALLENGE_SIZE,

		sizeof(struct ntlmv2_resp) - CIFS_SERVER_CHALLENGE_SIZE);

	if (server->tilen)

		crypto_shash_update(&server->ntlmssp.sdeschmacmd5->shash,

					server->tiblob, server->tilen);

	rc = crypto_shash_final(&server->ntlmssp.sdeschmacmd5->shash,

					v2_session_response);

	return rc;

}

int

setup_ntlmv2_rsp(struct cifsSesInfo *ses, char *resp_buf,

		      const struct nls_table *nls_cp)

{

	int rc = 0;

	struct ntlmv2_resp *buf = (struct ntlmv2_resp *)resp_buf;

	struct HMACMD5Context context;

	buf->blob_signature = cpu_to_le32(0x00000101);

	buf->reserved = 0;

	buf->time = cpu_to_le64(cifs_UnixTimeToNT(CURRENT_TIME));

	get_random_bytes(&buf->client_chal, sizeof(buf->client_chal));

	buf->reserved2 = 0;

	buf->names[0].type = cpu_to_le16(NTLMSSP_DOMAIN_TYPE);

	buf->names[0].length = 0;

	buf->names[1].type = 0;

	buf->names[1].length = 0;

	if (!ses->domainName) {

		rc = find_domain_name(ses);

		if (rc) {

			cERROR(1, "could not get domain/server name rc %d", rc);

			return rc;

		}

	}

	/* calculate buf->ntlmv2_hash */

	rc = calc_ntlmv2_hash(ses, nls_cp);

	if (rc)

	if (rc) {

		cERROR(1, "could not get v2 hash rc %d", rc);

		return rc;

	}

	rc = CalcNTLMv2_response(ses->server, resp_buf);

	if (rc) {

		cERROR(1, "could not get v2 hash rc %d", rc);

	CalcNTLMv2_response(ses, resp_buf);

		return rc;

	}

	if (!ses->server->ntlmssp.sdeschmacmd5) {