• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  *   fs/cifs/smb2transport.c
3  *
4  *   Copyright (C) International Business Machines  Corp., 2002, 2011
5  *                 Etersoft, 2012
6  *   Author(s): Steve French (sfrench@us.ibm.com)
7  *              Jeremy Allison (jra@samba.org) 2006
8  *              Pavel Shilovsky (pshilovsky@samba.org) 2012
9  *
10  *   This library is free software; you can redistribute it and/or modify
11  *   it under the terms of the GNU Lesser General Public License as published
12  *   by the Free Software Foundation; either version 2.1 of the License, or
13  *   (at your option) any later version.
14  *
15  *   This library is distributed in the hope that it will be useful,
16  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
17  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
18  *   the GNU Lesser General Public License for more details.
19  *
20  *   You should have received a copy of the GNU Lesser General Public License
21  *   along with this library; if not, write to the Free Software
22  *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23  */
24 
25 #include <linux/fs.h>
26 #include <linux/list.h>
27 #include <linux/wait.h>
28 #include <linux/net.h>
29 #include <linux/delay.h>
30 #include <linux/uaccess.h>
31 #include <asm/processor.h>
32 #include <linux/mempool.h>
33 #include <linux/highmem.h>
34 #include "smb2pdu.h"
35 #include "cifsglob.h"
36 #include "cifsproto.h"
37 #include "smb2proto.h"
38 #include "cifs_debug.h"
39 #include "smb2status.h"
40 #include "smb2glob.h"
41 
42 static int
smb2_crypto_shash_allocate(struct TCP_Server_Info * server)43 smb2_crypto_shash_allocate(struct TCP_Server_Info *server)
44 {
45 	int rc;
46 	unsigned int size;
47 
48 	if (server->secmech.sdeschmacsha256 != NULL)
49 		return 0; /* already allocated */
50 
51 	server->secmech.hmacsha256 = crypto_alloc_shash("hmac(sha256)", 0, 0);
52 	if (IS_ERR(server->secmech.hmacsha256)) {
53 		cifs_dbg(VFS, "could not allocate crypto hmacsha256\n");
54 		rc = PTR_ERR(server->secmech.hmacsha256);
55 		server->secmech.hmacsha256 = NULL;
56 		return rc;
57 	}
58 
59 	size = sizeof(struct shash_desc) +
60 			crypto_shash_descsize(server->secmech.hmacsha256);
61 	server->secmech.sdeschmacsha256 = kmalloc(size, GFP_KERNEL);
62 	if (!server->secmech.sdeschmacsha256) {
63 		crypto_free_shash(server->secmech.hmacsha256);
64 		server->secmech.hmacsha256 = NULL;
65 		return -ENOMEM;
66 	}
67 	server->secmech.sdeschmacsha256->shash.tfm = server->secmech.hmacsha256;
68 	server->secmech.sdeschmacsha256->shash.flags = 0x0;
69 
70 	return 0;
71 }
72 
73 static int
smb3_crypto_shash_allocate(struct TCP_Server_Info * server)74 smb3_crypto_shash_allocate(struct TCP_Server_Info *server)
75 {
76 	unsigned int size;
77 	int rc;
78 
79 	if (server->secmech.sdesccmacaes != NULL)
80 		return 0;  /* already allocated */
81 
82 	rc = smb2_crypto_shash_allocate(server);
83 	if (rc)
84 		return rc;
85 
86 	server->secmech.cmacaes = crypto_alloc_shash("cmac(aes)", 0, 0);
87 	if (IS_ERR(server->secmech.cmacaes)) {
88 		cifs_dbg(VFS, "could not allocate crypto cmac-aes");
89 		kfree(server->secmech.sdeschmacsha256);
90 		server->secmech.sdeschmacsha256 = NULL;
91 		crypto_free_shash(server->secmech.hmacsha256);
92 		server->secmech.hmacsha256 = NULL;
93 		rc = PTR_ERR(server->secmech.cmacaes);
94 		server->secmech.cmacaes = NULL;
95 		return rc;
96 	}
97 
98 	size = sizeof(struct shash_desc) +
99 			crypto_shash_descsize(server->secmech.cmacaes);
100 	server->secmech.sdesccmacaes = kmalloc(size, GFP_KERNEL);
101 	if (!server->secmech.sdesccmacaes) {
102 		cifs_dbg(VFS, "%s: Can't alloc cmacaes\n", __func__);
103 		kfree(server->secmech.sdeschmacsha256);
104 		server->secmech.sdeschmacsha256 = NULL;
105 		crypto_free_shash(server->secmech.hmacsha256);
106 		crypto_free_shash(server->secmech.cmacaes);
107 		server->secmech.hmacsha256 = NULL;
108 		server->secmech.cmacaes = NULL;
109 		return -ENOMEM;
110 	}
111 	server->secmech.sdesccmacaes->shash.tfm = server->secmech.cmacaes;
112 	server->secmech.sdesccmacaes->shash.flags = 0x0;
113 
114 	return 0;
115 }
116 
117 static struct cifs_ses *
smb2_find_smb_ses_unlocked(struct TCP_Server_Info * server,__u64 ses_id)118 smb2_find_smb_ses_unlocked(struct TCP_Server_Info *server, __u64 ses_id)
119 {
120 	struct cifs_ses *ses;
121 
122 	list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
123 		if (ses->Suid != ses_id)
124 			continue;
125 		return ses;
126 	}
127 
128 	return NULL;
129 }
130 
131 struct cifs_ses *
smb2_find_smb_ses(struct TCP_Server_Info * server,__u64 ses_id)132 smb2_find_smb_ses(struct TCP_Server_Info *server, __u64 ses_id)
133 {
134 	struct cifs_ses *ses;
135 
136 	spin_lock(&cifs_tcp_ses_lock);
137 	ses = smb2_find_smb_ses_unlocked(server, ses_id);
138 	spin_unlock(&cifs_tcp_ses_lock);
139 
140 	return ses;
141 }
142 
143 static struct cifs_tcon *
smb2_find_smb_sess_tcon_unlocked(struct cifs_ses * ses,__u32 tid)144 smb2_find_smb_sess_tcon_unlocked(struct cifs_ses *ses, __u32  tid)
145 {
146 	struct cifs_tcon *tcon;
147 
148 	list_for_each_entry(tcon, &ses->tcon_list, tcon_list) {
149 		if (tcon->tid != tid)
150 			continue;
151 		++tcon->tc_count;
152 		return tcon;
153 	}
154 
155 	return NULL;
156 }
157 
158 /*
159  * Obtain tcon corresponding to the tid in the given
160  * cifs_ses
161  */
162 
163 struct cifs_tcon *
smb2_find_smb_tcon(struct TCP_Server_Info * server,__u64 ses_id,__u32 tid)164 smb2_find_smb_tcon(struct TCP_Server_Info *server, __u64 ses_id, __u32 tid)
165 {
166 	struct cifs_ses *ses;
167 	struct cifs_tcon *tcon;
168 
169 	spin_lock(&cifs_tcp_ses_lock);
170 	ses = smb2_find_smb_ses_unlocked(server, ses_id);
171 	if (!ses) {
172 		spin_unlock(&cifs_tcp_ses_lock);
173 		return NULL;
174 	}
175 	tcon = smb2_find_smb_sess_tcon_unlocked(ses, tid);
176 	spin_unlock(&cifs_tcp_ses_lock);
177 
178 	return tcon;
179 }
180 
181 int
smb2_calc_signature(struct smb_rqst * rqst,struct TCP_Server_Info * server)182 smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
183 {
184 	int rc;
185 	unsigned char smb2_signature[SMB2_HMACSHA256_SIZE];
186 	unsigned char *sigptr = smb2_signature;
187 	struct kvec *iov = rqst->rq_iov;
188 	struct smb2_hdr *smb2_pdu = (struct smb2_hdr *)iov[0].iov_base;
189 	struct cifs_ses *ses;
190 
191 	ses = smb2_find_smb_ses(server, smb2_pdu->SessionId);
192 	if (!ses) {
193 		cifs_dbg(VFS, "%s: Could not find session\n", __func__);
194 		return 0;
195 	}
196 
197 	memset(smb2_signature, 0x0, SMB2_HMACSHA256_SIZE);
198 	memset(smb2_pdu->Signature, 0x0, SMB2_SIGNATURE_SIZE);
199 
200 	rc = smb2_crypto_shash_allocate(server);
201 	if (rc) {
202 		cifs_dbg(VFS, "%s: shah256 alloc failed\n", __func__);
203 		return rc;
204 	}
205 
206 	rc = crypto_shash_setkey(server->secmech.hmacsha256,
207 		ses->auth_key.response, SMB2_NTLMV2_SESSKEY_SIZE);
208 	if (rc) {
209 		cifs_dbg(VFS, "%s: Could not update with response\n", __func__);
210 		return rc;
211 	}
212 
213 	rc = crypto_shash_init(&server->secmech.sdeschmacsha256->shash);
214 	if (rc) {
215 		cifs_dbg(VFS, "%s: Could not init sha256", __func__);
216 		return rc;
217 	}
218 
219 	rc = __cifs_calc_signature(rqst, server, sigptr,
220 		&server->secmech.sdeschmacsha256->shash);
221 
222 	if (!rc)
223 		memcpy(smb2_pdu->Signature, sigptr, SMB2_SIGNATURE_SIZE);
224 
225 	return rc;
226 }
227 
generate_key(struct cifs_ses * ses,struct kvec label,struct kvec context,__u8 * key,unsigned int key_size)228 static int generate_key(struct cifs_ses *ses, struct kvec label,
229 			struct kvec context, __u8 *key, unsigned int key_size)
230 {
231 	unsigned char zero = 0x0;
232 	__u8 i[4] = {0, 0, 0, 1};
233 	__u8 L[4] = {0, 0, 0, 128};
234 	int rc = 0;
235 	unsigned char prfhash[SMB2_HMACSHA256_SIZE];
236 	unsigned char *hashptr = prfhash;
237 
238 	memset(prfhash, 0x0, SMB2_HMACSHA256_SIZE);
239 	memset(key, 0x0, key_size);
240 
241 	rc = smb3_crypto_shash_allocate(ses->server);
242 	if (rc) {
243 		cifs_dbg(VFS, "%s: crypto alloc failed\n", __func__);
244 		goto smb3signkey_ret;
245 	}
246 
247 	rc = crypto_shash_setkey(ses->server->secmech.hmacsha256,
248 		ses->auth_key.response, SMB2_NTLMV2_SESSKEY_SIZE);
249 	if (rc) {
250 		cifs_dbg(VFS, "%s: Could not set with session key\n", __func__);
251 		goto smb3signkey_ret;
252 	}
253 
254 	rc = crypto_shash_init(&ses->server->secmech.sdeschmacsha256->shash);
255 	if (rc) {
256 		cifs_dbg(VFS, "%s: Could not init sign hmac\n", __func__);
257 		goto smb3signkey_ret;
258 	}
259 
260 	rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash,
261 				i, 4);
262 	if (rc) {
263 		cifs_dbg(VFS, "%s: Could not update with n\n", __func__);
264 		goto smb3signkey_ret;
265 	}
266 
267 	rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash,
268 				label.iov_base, label.iov_len);
269 	if (rc) {
270 		cifs_dbg(VFS, "%s: Could not update with label\n", __func__);
271 		goto smb3signkey_ret;
272 	}
273 
274 	rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash,
275 				&zero, 1);
276 	if (rc) {
277 		cifs_dbg(VFS, "%s: Could not update with zero\n", __func__);
278 		goto smb3signkey_ret;
279 	}
280 
281 	rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash,
282 				context.iov_base, context.iov_len);
283 	if (rc) {
284 		cifs_dbg(VFS, "%s: Could not update with context\n", __func__);
285 		goto smb3signkey_ret;
286 	}
287 
288 	rc = crypto_shash_update(&ses->server->secmech.sdeschmacsha256->shash,
289 				L, 4);
290 	if (rc) {
291 		cifs_dbg(VFS, "%s: Could not update with L\n", __func__);
292 		goto smb3signkey_ret;
293 	}
294 
295 	rc = crypto_shash_final(&ses->server->secmech.sdeschmacsha256->shash,
296 				hashptr);
297 	if (rc) {
298 		cifs_dbg(VFS, "%s: Could not generate sha256 hash\n", __func__);
299 		goto smb3signkey_ret;
300 	}
301 
302 	memcpy(key, hashptr, key_size);
303 
304 smb3signkey_ret:
305 	return rc;
306 }
307 
308 struct derivation {
309 	struct kvec label;
310 	struct kvec context;
311 };
312 
313 struct derivation_triplet {
314 	struct derivation signing;
315 	struct derivation encryption;
316 	struct derivation decryption;
317 };
318 
319 static int
generate_smb3signingkey(struct cifs_ses * ses,const struct derivation_triplet * ptriplet)320 generate_smb3signingkey(struct cifs_ses *ses,
321 			const struct derivation_triplet *ptriplet)
322 {
323 	int rc;
324 
325 	rc = generate_key(ses, ptriplet->signing.label,
326 			  ptriplet->signing.context, ses->smb3signingkey,
327 			  SMB3_SIGN_KEY_SIZE);
328 	if (rc)
329 		return rc;
330 
331 	rc = generate_key(ses, ptriplet->encryption.label,
332 			  ptriplet->encryption.context, ses->smb3encryptionkey,
333 			  SMB3_SIGN_KEY_SIZE);
334 	if (rc)
335 		return rc;
336 
337 	return generate_key(ses, ptriplet->decryption.label,
338 			    ptriplet->decryption.context,
339 			    ses->smb3decryptionkey, SMB3_SIGN_KEY_SIZE);
340 }
341 
342 int
generate_smb30signingkey(struct cifs_ses * ses)343 generate_smb30signingkey(struct cifs_ses *ses)
344 
345 {
346 	struct derivation_triplet triplet;
347 	struct derivation *d;
348 
349 	d = &triplet.signing;
350 	d->label.iov_base = "SMB2AESCMAC";
351 	d->label.iov_len = 12;
352 	d->context.iov_base = "SmbSign";
353 	d->context.iov_len = 8;
354 
355 	d = &triplet.encryption;
356 	d->label.iov_base = "SMB2AESCCM";
357 	d->label.iov_len = 11;
358 	d->context.iov_base = "ServerIn ";
359 	d->context.iov_len = 10;
360 
361 	d = &triplet.decryption;
362 	d->label.iov_base = "SMB2AESCCM";
363 	d->label.iov_len = 11;
364 	d->context.iov_base = "ServerOut";
365 	d->context.iov_len = 10;
366 
367 	return generate_smb3signingkey(ses, &triplet);
368 }
369 
370 int
generate_smb311signingkey(struct cifs_ses * ses)371 generate_smb311signingkey(struct cifs_ses *ses)
372 
373 {
374 	struct derivation_triplet triplet;
375 	struct derivation *d;
376 
377 	d = &triplet.signing;
378 	d->label.iov_base = "SMB2AESCMAC";
379 	d->label.iov_len = 12;
380 	d->context.iov_base = "SmbSign";
381 	d->context.iov_len = 8;
382 
383 	d = &triplet.encryption;
384 	d->label.iov_base = "SMB2AESCCM";
385 	d->label.iov_len = 11;
386 	d->context.iov_base = "ServerIn ";
387 	d->context.iov_len = 10;
388 
389 	d = &triplet.decryption;
390 	d->label.iov_base = "SMB2AESCCM";
391 	d->label.iov_len = 11;
392 	d->context.iov_base = "ServerOut";
393 	d->context.iov_len = 10;
394 
395 	return generate_smb3signingkey(ses, &triplet);
396 }
397 
398 int
smb3_calc_signature(struct smb_rqst * rqst,struct TCP_Server_Info * server)399 smb3_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
400 {
401 	int rc = 0;
402 	unsigned char smb3_signature[SMB2_CMACAES_SIZE];
403 	unsigned char *sigptr = smb3_signature;
404 	struct kvec *iov = rqst->rq_iov;
405 	struct smb2_hdr *smb2_pdu = (struct smb2_hdr *)iov[0].iov_base;
406 	struct cifs_ses *ses;
407 
408 	ses = smb2_find_smb_ses(server, smb2_pdu->SessionId);
409 	if (!ses) {
410 		cifs_dbg(VFS, "%s: Could not find session\n", __func__);
411 		return 0;
412 	}
413 
414 	memset(smb3_signature, 0x0, SMB2_CMACAES_SIZE);
415 	memset(smb2_pdu->Signature, 0x0, SMB2_SIGNATURE_SIZE);
416 
417 	rc = crypto_shash_setkey(server->secmech.cmacaes,
418 		ses->smb3signingkey, SMB2_CMACAES_SIZE);
419 
420 	if (rc) {
421 		cifs_dbg(VFS, "%s: Could not set key for cmac aes\n", __func__);
422 		return rc;
423 	}
424 
425 	/*
426 	 * we already allocate sdesccmacaes when we init smb3 signing key,
427 	 * so unlike smb2 case we do not have to check here if secmech are
428 	 * initialized
429 	 */
430 	rc = crypto_shash_init(&server->secmech.sdesccmacaes->shash);
431 	if (rc) {
432 		cifs_dbg(VFS, "%s: Could not init cmac aes\n", __func__);
433 		return rc;
434 	}
435 
436 	rc = __cifs_calc_signature(rqst, server, sigptr,
437 				   &server->secmech.sdesccmacaes->shash);
438 
439 	if (!rc)
440 		memcpy(smb2_pdu->Signature, sigptr, SMB2_SIGNATURE_SIZE);
441 
442 	return rc;
443 }
444 
445 /* must be called with server->srv_mutex held */
446 static int
smb2_sign_rqst(struct smb_rqst * rqst,struct TCP_Server_Info * server)447 smb2_sign_rqst(struct smb_rqst *rqst, struct TCP_Server_Info *server)
448 {
449 	int rc = 0;
450 	struct smb2_hdr *smb2_pdu = rqst->rq_iov[0].iov_base;
451 
452 	if (!(smb2_pdu->Flags & SMB2_FLAGS_SIGNED) ||
453 	    server->tcpStatus == CifsNeedNegotiate)
454 		return rc;
455 
456 	if (!server->session_estab) {
457 		strncpy(smb2_pdu->Signature, "BSRSPYL", 8);
458 		return rc;
459 	}
460 
461 	rc = server->ops->calc_signature(rqst, server);
462 
463 	return rc;
464 }
465 
466 int
smb2_verify_signature(struct smb_rqst * rqst,struct TCP_Server_Info * server)467 smb2_verify_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server)
468 {
469 	unsigned int rc;
470 	char server_response_sig[16];
471 	struct smb2_hdr *smb2_pdu = (struct smb2_hdr *)rqst->rq_iov[0].iov_base;
472 
473 	if ((smb2_pdu->Command == SMB2_NEGOTIATE) ||
474 	    (smb2_pdu->Command == SMB2_SESSION_SETUP) ||
475 	    (smb2_pdu->Command == SMB2_OPLOCK_BREAK) ||
476 	    (!server->session_estab))
477 		return 0;
478 
479 	/*
480 	 * BB what if signatures are supposed to be on for session but
481 	 * server does not send one? BB
482 	 */
483 
484 	/* Do not need to verify session setups with signature "BSRSPYL " */
485 	if (memcmp(smb2_pdu->Signature, "BSRSPYL ", 8) == 0)
486 		cifs_dbg(FYI, "dummy signature received for smb command 0x%x\n",
487 			 smb2_pdu->Command);
488 
489 	/*
490 	 * Save off the origiginal signature so we can modify the smb and check
491 	 * our calculated signature against what the server sent.
492 	 */
493 	memcpy(server_response_sig, smb2_pdu->Signature, SMB2_SIGNATURE_SIZE);
494 
495 	memset(smb2_pdu->Signature, 0, SMB2_SIGNATURE_SIZE);
496 
497 	mutex_lock(&server->srv_mutex);
498 	rc = server->ops->calc_signature(rqst, server);
499 	mutex_unlock(&server->srv_mutex);
500 
501 	if (rc)
502 		return rc;
503 
504 	if (memcmp(server_response_sig, smb2_pdu->Signature,
505 		   SMB2_SIGNATURE_SIZE))
506 		return -EACCES;
507 	else
508 		return 0;
509 }
510 
511 /*
512  * Set message id for the request. Should be called after wait_for_free_request
513  * and when srv_mutex is held.
514  */
515 static inline void
smb2_seq_num_into_buf(struct TCP_Server_Info * server,struct smb2_hdr * hdr)516 smb2_seq_num_into_buf(struct TCP_Server_Info *server, struct smb2_hdr *hdr)
517 {
518 	unsigned int i, num = le16_to_cpu(hdr->CreditCharge);
519 
520 	hdr->MessageId = get_next_mid64(server);
521 	/* skip message numbers according to CreditCharge field */
522 	for (i = 1; i < num; i++)
523 		get_next_mid(server);
524 }
525 
526 static struct mid_q_entry *
smb2_mid_entry_alloc(const struct smb2_hdr * smb_buffer,struct TCP_Server_Info * server)527 smb2_mid_entry_alloc(const struct smb2_hdr *smb_buffer,
528 		     struct TCP_Server_Info *server)
529 {
530 	struct mid_q_entry *temp;
531 
532 	if (server == NULL) {
533 		cifs_dbg(VFS, "Null TCP session in smb2_mid_entry_alloc\n");
534 		return NULL;
535 	}
536 
537 	temp = mempool_alloc(cifs_mid_poolp, GFP_NOFS);
538 	if (temp == NULL)
539 		return temp;
540 	else {
541 		memset(temp, 0, sizeof(struct mid_q_entry));
542 		temp->mid = le64_to_cpu(smb_buffer->MessageId);
543 		temp->pid = current->pid;
544 		temp->command = smb_buffer->Command;	/* Always LE */
545 		temp->when_alloc = jiffies;
546 		temp->server = server;
547 
548 		/*
549 		 * The default is for the mid to be synchronous, so the
550 		 * default callback just wakes up the current task.
551 		 */
552 		temp->callback = cifs_wake_up_task;
553 		temp->callback_data = current;
554 	}
555 
556 	atomic_inc(&midCount);
557 	temp->mid_state = MID_REQUEST_ALLOCATED;
558 	return temp;
559 }
560 
561 static int
smb2_get_mid_entry(struct cifs_ses * ses,struct smb2_hdr * buf,struct mid_q_entry ** mid)562 smb2_get_mid_entry(struct cifs_ses *ses, struct smb2_hdr *buf,
563 		   struct mid_q_entry **mid)
564 {
565 	if (ses->server->tcpStatus == CifsExiting)
566 		return -ENOENT;
567 
568 	if (ses->server->tcpStatus == CifsNeedReconnect) {
569 		cifs_dbg(FYI, "tcp session dead - return to caller to retry\n");
570 		return -EAGAIN;
571 	}
572 
573 	if (ses->status == CifsNew) {
574 		if ((buf->Command != SMB2_SESSION_SETUP) &&
575 		    (buf->Command != SMB2_NEGOTIATE))
576 			return -EAGAIN;
577 		/* else ok - we are setting up session */
578 	}
579 
580 	if (ses->status == CifsExiting) {
581 		if (buf->Command != SMB2_LOGOFF)
582 			return -EAGAIN;
583 		/* else ok - we are shutting down the session */
584 	}
585 
586 	*mid = smb2_mid_entry_alloc(buf, ses->server);
587 	if (*mid == NULL)
588 		return -ENOMEM;
589 	spin_lock(&GlobalMid_Lock);
590 	list_add_tail(&(*mid)->qhead, &ses->server->pending_mid_q);
591 	spin_unlock(&GlobalMid_Lock);
592 	return 0;
593 }
594 
595 int
smb2_check_receive(struct mid_q_entry * mid,struct TCP_Server_Info * server,bool log_error)596 smb2_check_receive(struct mid_q_entry *mid, struct TCP_Server_Info *server,
597 		   bool log_error)
598 {
599 	unsigned int len = get_rfc1002_length(mid->resp_buf);
600 	struct kvec iov;
601 	struct smb_rqst rqst = { .rq_iov = &iov,
602 				 .rq_nvec = 1 };
603 
604 	iov.iov_base = (char *)mid->resp_buf;
605 	iov.iov_len = get_rfc1002_length(mid->resp_buf) + 4;
606 
607 	dump_smb(mid->resp_buf, min_t(u32, 80, len));
608 	/* convert the length into a more usable form */
609 	if (len > 24 && server->sign) {
610 		int rc;
611 
612 		rc = smb2_verify_signature(&rqst, server);
613 		if (rc)
614 			cifs_dbg(VFS, "SMB signature verification returned error = %d\n",
615 				 rc);
616 	}
617 
618 	return map_smb2_to_linux_error(mid->resp_buf, log_error);
619 }
620 
621 struct mid_q_entry *
smb2_setup_request(struct cifs_ses * ses,struct smb_rqst * rqst)622 smb2_setup_request(struct cifs_ses *ses, struct smb_rqst *rqst)
623 {
624 	int rc;
625 	struct smb2_hdr *hdr = (struct smb2_hdr *)rqst->rq_iov[0].iov_base;
626 	struct mid_q_entry *mid;
627 
628 	smb2_seq_num_into_buf(ses->server, hdr);
629 
630 	rc = smb2_get_mid_entry(ses, hdr, &mid);
631 	if (rc)
632 		return ERR_PTR(rc);
633 	rc = smb2_sign_rqst(rqst, ses->server);
634 	if (rc) {
635 		cifs_delete_mid(mid);
636 		return ERR_PTR(rc);
637 	}
638 	return mid;
639 }
640 
641 struct mid_q_entry *
smb2_setup_async_request(struct TCP_Server_Info * server,struct smb_rqst * rqst)642 smb2_setup_async_request(struct TCP_Server_Info *server, struct smb_rqst *rqst)
643 {
644 	int rc;
645 	struct smb2_hdr *hdr = (struct smb2_hdr *)rqst->rq_iov[0].iov_base;
646 	struct mid_q_entry *mid;
647 
648 	smb2_seq_num_into_buf(server, hdr);
649 
650 	mid = smb2_mid_entry_alloc(hdr, server);
651 	if (mid == NULL)
652 		return ERR_PTR(-ENOMEM);
653 
654 	rc = smb2_sign_rqst(rqst, server);
655 	if (rc) {
656 		DeleteMidQEntry(mid);
657 		return ERR_PTR(rc);
658 	}
659 
660 	return mid;
661 }
662