1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * The ASB.1/BER parsing code is derived from ip_nat_snmp_basic.c which was in
4 * turn derived from the gxsnmp package by Gregory McLean & Jochen Friedrich
6 * Copyright (c) 2000 RP Internet (www.rpi.net.au).
9 #include <linux/module.h>
10 #include <linux/types.h>
11 #include <linux/kernel.h>
13 #include <linux/slab.h>
14 #include <linux/oid_registry.h>
19 #include "connection.h"
21 #include "ksmbd_spnego_negtokeninit.asn1.h"
22 #include "ksmbd_spnego_negtokentarg.asn1.h"
24 #define SPNEGO_OID_LEN 7
25 #define NTLMSSP_OID_LEN 10
26 #define KRB5_OID_LEN 7
27 #define KRB5U2U_OID_LEN 8
28 #define MSKRB5_OID_LEN 7
29 static unsigned long SPNEGO_OID[7] = { 1, 3, 6, 1, 5, 5, 2 };
30 static unsigned long NTLMSSP_OID[10] = { 1, 3, 6, 1, 4, 1, 311, 2, 2, 10 };
31 static unsigned long KRB5_OID[7] = { 1, 2, 840, 113554, 1, 2, 2 };
32 static unsigned long KRB5U2U_OID[8] = { 1, 2, 840, 113554, 1, 2, 2, 3 };
33 static unsigned long MSKRB5_OID[7] = { 1, 2, 840, 48018, 1, 2, 2 };
35 static char NTLMSSP_OID_STR[NTLMSSP_OID_LEN] = { 0x2b, 0x06, 0x01, 0x04, 0x01,
36 0x82, 0x37, 0x02, 0x02, 0x0a };
39 asn1_subid_decode(const unsigned char **begin, const unsigned char *end,
42 const unsigned char *ptr = *begin;
54 } while ((ch & 0x80) == 0x80);
60 static bool asn1_oid_decode(const unsigned char *value, size_t vlen,
61 unsigned long **oid, size_t *oidlen)
63 const unsigned char *iptr = value, *end = value + vlen;
68 if (vlen < 2 || vlen > UINT_MAX / sizeof(unsigned long))
71 *oid = kmalloc(vlen * sizeof(unsigned long), GFP_KERNEL);
77 if (!asn1_subid_decode(&iptr, end, &subid))
83 } else if (subid < 80) {
95 if (++(*oidlen) > vlen)
98 if (!asn1_subid_decode(&iptr, end, optr++))
110 static bool oid_eq(unsigned long *oid1, unsigned int oid1len,
111 unsigned long *oid2, unsigned int oid2len)
113 if (oid1len != oid2len)
116 return memcmp(oid1, oid2, oid1len) == 0;
120 ksmbd_decode_negTokenInit(unsigned char *security_blob, int length,
121 struct ksmbd_conn *conn)
123 return asn1_ber_decoder(&ksmbd_spnego_negtokeninit_decoder, conn,
124 security_blob, length);
128 ksmbd_decode_negTokenTarg(unsigned char *security_blob, int length,
129 struct ksmbd_conn *conn)
131 return asn1_ber_decoder(&ksmbd_spnego_negtokentarg_decoder, conn,
132 security_blob, length);
135 static int compute_asn_hdr_len_bytes(int len)
139 else if (len > 0xFFFF)
149 static void encode_asn_tag(char *buf, unsigned int *ofs, char tag, char seq,
154 char hdr_len = compute_asn_hdr_len_bytes(length);
155 int len = length + 2 + hdr_len;
163 buf[index++] = 0x80 | hdr_len;
164 for (i = hdr_len - 1; i >= 0; i--)
165 buf[index++] = (len >> (i * 8)) & 0xFF;
169 len = len - (index - *ofs);
175 buf[index++] = 0x80 | hdr_len;
176 for (i = hdr_len - 1; i >= 0; i--)
177 buf[index++] = (len >> (i * 8)) & 0xFF;
180 *ofs += (index - *ofs);
183 int build_spnego_ntlmssp_neg_blob(unsigned char **pbuffer, u16 *buflen,
184 char *ntlm_blob, int ntlm_blob_len)
187 unsigned int ofs = 0;
188 int neg_result_len = 4 + compute_asn_hdr_len_bytes(1) * 2 + 1;
189 int oid_len = 4 + compute_asn_hdr_len_bytes(NTLMSSP_OID_LEN) * 2 +
191 int ntlmssp_len = 4 + compute_asn_hdr_len_bytes(ntlm_blob_len) * 2 +
193 int total_len = 4 + compute_asn_hdr_len_bytes(neg_result_len +
194 oid_len + ntlmssp_len) * 2 +
195 neg_result_len + oid_len + ntlmssp_len;
197 buf = kmalloc(total_len, GFP_KERNEL);
201 /* insert main gss header */
202 encode_asn_tag(buf, &ofs, 0xa1, 0x30, neg_result_len + oid_len +
205 /* insert neg result */
206 encode_asn_tag(buf, &ofs, 0xa0, 0x0a, 1);
210 encode_asn_tag(buf, &ofs, 0xa1, 0x06, NTLMSSP_OID_LEN);
211 memcpy(buf + ofs, NTLMSSP_OID_STR, NTLMSSP_OID_LEN);
212 ofs += NTLMSSP_OID_LEN;
214 /* insert response token - ntlmssp blob */
215 encode_asn_tag(buf, &ofs, 0xa2, 0x04, ntlm_blob_len);
216 memcpy(buf + ofs, ntlm_blob, ntlm_blob_len);
217 ofs += ntlm_blob_len;
224 int build_spnego_ntlmssp_auth_blob(unsigned char **pbuffer, u16 *buflen,
228 unsigned int ofs = 0;
229 int neg_result_len = 4 + compute_asn_hdr_len_bytes(1) * 2 + 1;
230 int total_len = 4 + compute_asn_hdr_len_bytes(neg_result_len) * 2 +
233 buf = kmalloc(total_len, GFP_KERNEL);
237 /* insert main gss header */
238 encode_asn_tag(buf, &ofs, 0xa1, 0x30, neg_result_len);
240 /* insert neg result */
241 encode_asn_tag(buf, &ofs, 0xa0, 0x0a, 1);
252 int ksmbd_gssapi_this_mech(void *context, size_t hdrlen, unsigned char tag,
253 const void *value, size_t vlen)
259 if (!asn1_oid_decode(value, vlen, &oid, &oidlen)) {
264 if (!oid_eq(oid, oidlen, SPNEGO_OID, SPNEGO_OID_LEN))
271 sprint_oid(value, vlen, buf, sizeof(buf));
272 ksmbd_debug(AUTH, "Unexpected OID: %s\n", buf);
277 int ksmbd_neg_token_init_mech_type(void *context, size_t hdrlen,
278 unsigned char tag, const void *value,
281 struct ksmbd_conn *conn = context;
287 if (!asn1_oid_decode(value, vlen, &oid, &oidlen))
290 if (oid_eq(oid, oidlen, NTLMSSP_OID, NTLMSSP_OID_LEN))
291 mech_type = KSMBD_AUTH_NTLMSSP;
292 else if (oid_eq(oid, oidlen, MSKRB5_OID, MSKRB5_OID_LEN))
293 mech_type = KSMBD_AUTH_MSKRB5;
294 else if (oid_eq(oid, oidlen, KRB5_OID, KRB5_OID_LEN))
295 mech_type = KSMBD_AUTH_KRB5;
296 else if (oid_eq(oid, oidlen, KRB5U2U_OID, KRB5U2U_OID_LEN))
297 mech_type = KSMBD_AUTH_KRB5U2U;
301 conn->auth_mechs |= mech_type;
302 if (conn->preferred_auth_mech == 0)
303 conn->preferred_auth_mech = mech_type;
310 sprint_oid(value, vlen, buf, sizeof(buf));
311 ksmbd_debug(AUTH, "Unexpected OID: %s\n", buf);
315 int ksmbd_neg_token_init_mech_token(void *context, size_t hdrlen,
316 unsigned char tag, const void *value,
319 struct ksmbd_conn *conn = context;
321 conn->mechToken = kmalloc(vlen + 1, GFP_KERNEL);
322 if (!conn->mechToken)
325 memcpy(conn->mechToken, value, vlen);
326 conn->mechToken[vlen] = '\0';
330 int ksmbd_neg_token_targ_resp_token(void *context, size_t hdrlen,
331 unsigned char tag, const void *value,
334 struct ksmbd_conn *conn = context;
336 conn->mechToken = kmalloc(vlen + 1, GFP_KERNEL);
337 if (!conn->mechToken)
340 memcpy(conn->mechToken, value, vlen);
341 conn->mechToken[vlen] = '\0';