cifsd: decoding gss token using lib/asn1_decoder.c

Decode gss token of SMB2_SESSSION_SETUP using lib/asn1_decoder.c Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>

cifsd: decoding gss token using lib/asn1_decoder.c
Decode gss token of SMB2_SESSSION_SETUP using lib/asn1_decoder.c Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com> Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com>
fad4161b · Hyunchul Lee · Namjae Jeon · bcd62a36 · fad4161b · fad4161b
Commit fad4161b authored Apr 19, 2021 by Hyunchul Lee Committed by Namjae Jeon May 11, 2021
6 changed files
--- a/fs/cifsd/Kconfig
+++ b/fs/cifsd/Kconfig
@@ -17,6 +17,7 @@ config SMB_SERVER
 	select CRYPTO_AEAD2
 	select CRYPTO_CCM
 	select CRYPTO_GCM
+	select ASN1
 	default n
 	help
 	  Choose Y here if you want to allow SMB3 compliant clients

--- a/fs/cifsd/Makefile
+++ b/fs/cifsd/Makefile
@@ -9,5 +9,6 @@ ksmbd-y :=	unicode.o auth.o vfs.o vfs_cache.o server.o buffer_pool.o \
 		mgmt/ksmbd_ida.o mgmt/user_config.o mgmt/share_config.o \
 		mgmt/tree_connect.o mgmt/user_session.o smb_common.o \
 		transport_tcp.o transport_ipc.o smbacl.o smb2pdu.o \
-		smb2ops.o smb2misc.o asn1.o ndr.o
+		smb2ops.o smb2misc.o spnego_negtokeninit.asn1.o \
+		spnego_negtokentarg.asn1.o asn1.o ndr.o
 ksmbd-$(CONFIG_SMB_SERVER_SMBDIRECT) += transport_rdma.o
--- a/fs/cifsd/asn1.c
+++ b/fs/cifsd/asn1.c
--- a/fs/cifsd/smb2pdu.c
+++ b/fs/cifsd/smb2pdu.c
@@ -1194,8 +1194,8 @@ static int decode_negotiation_token(struct ksmbd_work *work,
 	req = work->request_buf;
 	sz = le16_to_cpu(req->SecurityBufferLength);
-	if (!ksmbd_decode_negTokenInit((char *)negblob, sz, conn)) {
+	if (ksmbd_decode_negTokenInit((char *)negblob, sz, conn)) {
-		if (!ksmbd_decode_negTokenTarg((char *)negblob, sz, conn)) {
+		if (ksmbd_decode_negTokenTarg((char *)negblob, sz, conn)) {
 			conn->auth_mechs |= KSMBD_AUTH_NTLMSSP;
 			conn->preferred_auth_mech = KSMBD_AUTH_NTLMSSP;
 			conn->use_spnego = false;

--- a/fs/cifsd/spnego_negtokeninit.asn1
+++ b/fs/cifsd/spnego_negtokeninit.asn1
+GSSAPI ::=
+	[APPLICATION 0] IMPLICIT SEQUENCE {
+		thisMech
+			OBJECT IDENTIFIER ({gssapi_this_mech}),
+		negotiationToken
+			NegotiationToken
+	}
+MechType ::= OBJECT IDENTIFIER ({neg_token_init_mech_type})
+MechTypeList ::= SEQUENCE OF MechType
+NegTokenInit ::=
+	SEQUENCE {
+		mechTypes
+			[0] MechTypeList,
+		reqFlags
+			[1] BIT STRING OPTIONAL,
+		mechToken
+			[2] OCTET STRING OPTIONAL ({neg_token_init_mech_token}),
+		mechListMIC
+			[3] OCTET STRING OPTIONAL
+	}
+NegTokenTarg ::=
+	SEQUENCE {
+		negResult
+			[0] ENUMERATED OPTIONAL,
+		supportedMech
+			[1] OBJECT IDENTIFIER OPTIONAL,
+		responseToken
+			[2] OCTET STRING OPTIONAL ({neg_token_targ_resp_token}),
+		mechListMIC
+			[3] OCTET STRING OPTIONAL
+	}
+NegotiationToken ::=
+	CHOICE {
+		negTokenInit
+			[0] NegTokenInit,
+		negTokenTarg
+			[1] ANY
+	}
--- a/fs/cifsd/spnego_negtokentarg.asn1
+++ b/fs/cifsd/spnego_negtokentarg.asn1
+GSSAPI ::=
+	CHOICE {
+		negTokenInit
+			[0] ANY,
+		negTokenTarg
+			[1] NegTokenTarg
+	}
+NegTokenTarg ::=
+	SEQUENCE {
+		negResult
+			[0] ENUMERATED OPTIONAL,
+		supportedMech
+			[1] OBJECT IDENTIFIER OPTIONAL,
+		responseToken
+			[2] OCTET STRING OPTIONAL ({neg_token_targ_resp_token}),
+		mechListMIC
+			[3] OCTET STRING OPTIONAL
+	}