projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
[deliverable/linux.git] / fs / cifs / connect.c
1 /*
2 * fs/cifs/connect.c
3 *
4 * Copyright (C) International Business Machines Corp., 2002,2008
5 * Author(s): Steve French (sfrench@us.ibm.com)
6 *
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
21 #include <linux/fs.h>
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/ipv6.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/kthread.h>
34 #include <linux/pagevec.h>
35 #include <linux/freezer.h>
36 #include <asm/uaccess.h>
37 #include <asm/processor.h>
38 #include "cifspdu.h"
39 #include "cifsglob.h"
40 #include "cifsproto.h"
41 #include "cifs_unicode.h"
42 #include "cifs_debug.h"
43 #include "cifs_fs_sb.h"
44 #include "ntlmssp.h"
45 #include "nterr.h"
46 #include "rfc1002pdu.h"
47 #include "cn_cifs.h"
48
49 #define CIFS_PORT 445
50 #define RFC1001_PORT 139
51
52 extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
53 unsigned char *p24);
54
55 extern mempool_t *cifs_req_poolp;
56
57 struct smb_vol {
58 char *username;
59 char *password;
60 char *domainname;
61 char *UNC;
62 char *UNCip;
63 char *in6_addr; /* ipv6 address as human readable form of in6_addr */
64 char *iocharset; /* local code page for mapping to and from Unicode */
65 char source_rfc1001_name[16]; /* netbios name of client */
66 char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
67 uid_t linux_uid;
68 gid_t linux_gid;
69 mode_t file_mode;
70 mode_t dir_mode;
71 unsigned secFlg;
72 bool rw:1;
73 bool retry:1;
74 bool intr:1;
75 bool setuids:1;
76 bool override_uid:1;
77 bool override_gid:1;
78 bool dynperm:1;
79 bool noperm:1;
80 bool no_psx_acl:1; /* set if posix acl support should be disabled */
81 bool cifs_acl:1;
82 bool no_xattr:1; /* set if xattr (EA) support should be disabled*/
83 bool server_ino:1; /* use inode numbers from server ie UniqueId */
84 bool direct_io:1;
85 bool remap:1; /* set to remap seven reserved chars in filenames */
86 bool posix_paths:1; /* unset to not ask for posix pathnames. */
87 bool no_linux_ext:1;
88 bool sfu_emul:1;
89 bool nullauth:1; /* attempt to authenticate with null user */
90 bool nocase:1; /* request case insensitive filenames */
91 bool nobrl:1; /* disable sending byte range locks to srv */
92 bool seal:1; /* request transport encryption on share */
93 bool nodfs:1; /* Do not request DFS, even if available */
94 bool local_lease:1; /* check leases only on local system, not remote */
95 unsigned int rsize;
96 unsigned int wsize;
97 unsigned int sockopt;
98 unsigned short int port;
99 char *prepath;
100 };
101
102 static int ipv4_connect(struct sockaddr_in *psin_server,
103 struct socket **csocket,
104 char *netb_name,
105 char *server_netb_name);
106 static int ipv6_connect(struct sockaddr_in6 *psin_server,
107 struct socket **csocket);
108
109
110 /*
111 * cifs tcp session reconnection
112 *
113 * mark tcp session as reconnecting so temporarily locked
114 * mark all smb sessions as reconnecting for tcp session
115 * reconnect tcp session
116 * wake up waiters on reconnection? - (not needed currently)
117 */
118
119 static int
120 cifs_reconnect(struct TCP_Server_Info *server)
121 {
122 int rc = 0;
123 struct list_head *tmp;
124 struct cifsSesInfo *ses;
125 struct cifsTconInfo *tcon;
126 struct mid_q_entry *mid_entry;
127
128 spin_lock(&GlobalMid_Lock);
129 if (server->tcpStatus == CifsExiting) {
130 /* the demux thread will exit normally
131 next time through the loop */
132 spin_unlock(&GlobalMid_Lock);
133 return rc;
134 } else
135 server->tcpStatus = CifsNeedReconnect;
136 spin_unlock(&GlobalMid_Lock);
137 server->maxBuf = 0;
138
139 cFYI(1, ("Reconnecting tcp session"));
140
141 /* before reconnecting the tcp session, mark the smb session (uid)
142 and the tid bad so they are not used until reconnected */
143 read_lock(&GlobalSMBSeslock);
144 list_for_each(tmp, &GlobalSMBSessionList) {
145 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
146 if (ses->server) {
147 if (ses->server == server) {
148 ses->status = CifsNeedReconnect;
149 ses->ipc_tid = 0;
150 }
151 }
152 /* else tcp and smb sessions need reconnection */
153 }
154 list_for_each(tmp, &GlobalTreeConnectionList) {
155 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
156 if ((tcon->ses) && (tcon->ses->server == server))
157 tcon->tidStatus = CifsNeedReconnect;
158 }
159 read_unlock(&GlobalSMBSeslock);
160 /* do not want to be sending data on a socket we are freeing */
161 down(&server->tcpSem);
162 if (server->ssocket) {
163 cFYI(1, ("State: 0x%x Flags: 0x%lx", server->ssocket->state,
164 server->ssocket->flags));
165 kernel_sock_shutdown(server->ssocket, SHUT_WR);
166 cFYI(1, ("Post shutdown state: 0x%x Flags: 0x%lx",
167 server->ssocket->state,
168 server->ssocket->flags));
169 sock_release(server->ssocket);
170 server->ssocket = NULL;
171 }
172
173 spin_lock(&GlobalMid_Lock);
174 list_for_each(tmp, &server->pending_mid_q) {
175 mid_entry = list_entry(tmp, struct
176 mid_q_entry,
177 qhead);
178 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
179 /* Mark other intransit requests as needing
180 retry so we do not immediately mark the
181 session bad again (ie after we reconnect
182 below) as they timeout too */
183 mid_entry->midState = MID_RETRY_NEEDED;
184 }
185 }
186 spin_unlock(&GlobalMid_Lock);
187 up(&server->tcpSem);
188
189 while ((server->tcpStatus != CifsExiting) &&
190 (server->tcpStatus != CifsGood)) {
191 try_to_freeze();
192 if (server->protocolType == IPV6) {
193 rc = ipv6_connect(&server->addr.sockAddr6,
194 &server->ssocket);
195 } else {
196 rc = ipv4_connect(&server->addr.sockAddr,
197 &server->ssocket,
198 server->workstation_RFC1001_name,
199 server->server_RFC1001_name);
200 }
201 if (rc) {
202 cFYI(1, ("reconnect error %d", rc));
203 msleep(3000);
204 } else {
205 atomic_inc(&tcpSesReconnectCount);
206 spin_lock(&GlobalMid_Lock);
207 if (server->tcpStatus != CifsExiting)
208 server->tcpStatus = CifsGood;
209 server->sequence_number = 0;
210 spin_unlock(&GlobalMid_Lock);
211 /* atomic_set(&server->inFlight,0);*/
212 wake_up(&server->response_q);
213 }
214 }
215 return rc;
216 }
217
218 /*
219 return codes:
220 0 not a transact2, or all data present
221 >0 transact2 with that much data missing
222 -EINVAL = invalid transact2
223
224 */
225 static int check2ndT2(struct smb_hdr *pSMB, unsigned int maxBufSize)
226 {
227 struct smb_t2_rsp *pSMBt;
228 int total_data_size;
229 int data_in_this_rsp;
230 int remaining;
231
232 if (pSMB->Command != SMB_COM_TRANSACTION2)
233 return 0;
234
235 /* check for plausible wct, bcc and t2 data and parm sizes */
236 /* check for parm and data offset going beyond end of smb */
237 if (pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
238 cFYI(1, ("invalid transact2 word count"));
239 return -EINVAL;
240 }
241
242 pSMBt = (struct smb_t2_rsp *)pSMB;
243
244 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
245 data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
246
247 remaining = total_data_size - data_in_this_rsp;
248
249 if (remaining == 0)
250 return 0;
251 else if (remaining < 0) {
252 cFYI(1, ("total data %d smaller than data in frame %d",
253 total_data_size, data_in_this_rsp));
254 return -EINVAL;
255 } else {
256 cFYI(1, ("missing %d bytes from transact2, check next response",
257 remaining));
258 if (total_data_size > maxBufSize) {
259 cERROR(1, ("TotalDataSize %d is over maximum buffer %d",
260 total_data_size, maxBufSize));
261 return -EINVAL;
262 }
263 return remaining;
264 }
265 }
266
267 static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
268 {
269 struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
270 struct smb_t2_rsp *pSMBt = (struct smb_t2_rsp *)pTargetSMB;
271 int total_data_size;
272 int total_in_buf;
273 int remaining;
274 int total_in_buf2;
275 char *data_area_of_target;
276 char *data_area_of_buf2;
277 __u16 byte_count;
278
279 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
280
281 if (total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
282 cFYI(1, ("total data size of primary and secondary t2 differ"));
283 }
284
285 total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
286
287 remaining = total_data_size - total_in_buf;
288
289 if (remaining < 0)
290 return -EINVAL;
291
292 if (remaining == 0) /* nothing to do, ignore */
293 return 0;
294
295 total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
296 if (remaining < total_in_buf2) {
297 cFYI(1, ("transact2 2nd response contains too much data"));
298 }
299
300 /* find end of first SMB data area */
301 data_area_of_target = (char *)&pSMBt->hdr.Protocol +
302 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
303 /* validate target area */
304
305 data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
306 le16_to_cpu(pSMB2->t2_rsp.DataOffset);
307
308 data_area_of_target += total_in_buf;
309
310 /* copy second buffer into end of first buffer */
311 memcpy(data_area_of_target, data_area_of_buf2, total_in_buf2);
312 total_in_buf += total_in_buf2;
313 pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
314 byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
315 byte_count += total_in_buf2;
316 BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
317
318 byte_count = pTargetSMB->smb_buf_length;
319 byte_count += total_in_buf2;
320
321 /* BB also add check that we are not beyond maximum buffer size */
322
323 pTargetSMB->smb_buf_length = byte_count;
324
325 if (remaining == total_in_buf2) {
326 cFYI(1, ("found the last secondary response"));
327 return 0; /* we are done */
328 } else /* more responses to go */
329 return 1;
330
331 }
332
333 static int
334 cifs_demultiplex_thread(struct TCP_Server_Info *server)
335 {
336 int length;
337 unsigned int pdu_length, total_read;
338 struct smb_hdr *smb_buffer = NULL;
339 struct smb_hdr *bigbuf = NULL;
340 struct smb_hdr *smallbuf = NULL;
341 struct msghdr smb_msg;
342 struct kvec iov;
343 struct socket *csocket = server->ssocket;
344 struct list_head *tmp;
345 struct cifsSesInfo *ses;
346 struct task_struct *task_to_wake = NULL;
347 struct mid_q_entry *mid_entry;
348 char temp;
349 bool isLargeBuf = false;
350 bool isMultiRsp;
351 int reconnect;
352
353 current->flags |= PF_MEMALLOC;
354 cFYI(1, ("Demultiplex PID: %d", task_pid_nr(current)));
355
356 length = atomic_inc_return(&tcpSesAllocCount);
357 if (length > 1)
358 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
359 GFP_KERNEL);
360
361 set_freezable();
362 while (server->tcpStatus != CifsExiting) {
363 if (try_to_freeze())
364 continue;
365 if (bigbuf == NULL) {
366 bigbuf = cifs_buf_get();
367 if (!bigbuf) {
368 cERROR(1, ("No memory for large SMB response"));
369 msleep(3000);
370 /* retry will check if exiting */
371 continue;
372 }
373 } else if (isLargeBuf) {
374 /* we are reusing a dirty large buf, clear its start */
375 memset(bigbuf, 0, sizeof(struct smb_hdr));
376 }
377
378 if (smallbuf == NULL) {
379 smallbuf = cifs_small_buf_get();
380 if (!smallbuf) {
381 cERROR(1, ("No memory for SMB response"));
382 msleep(1000);
383 /* retry will check if exiting */
384 continue;
385 }
386 /* beginning of smb buffer is cleared in our buf_get */
387 } else /* if existing small buf clear beginning */
388 memset(smallbuf, 0, sizeof(struct smb_hdr));
389
390 isLargeBuf = false;
391 isMultiRsp = false;
392 smb_buffer = smallbuf;
393 iov.iov_base = smb_buffer;
394 iov.iov_len = 4;
395 smb_msg.msg_control = NULL;
396 smb_msg.msg_controllen = 0;
397 pdu_length = 4; /* enough to get RFC1001 header */
398 incomplete_rcv:
399 length =
400 kernel_recvmsg(csocket, &smb_msg,
401 &iov, 1, pdu_length, 0 /* BB other flags? */);
402
403 if (server->tcpStatus == CifsExiting) {
404 break;
405 } else if (server->tcpStatus == CifsNeedReconnect) {
406 cFYI(1, ("Reconnect after server stopped responding"));
407 cifs_reconnect(server);
408 cFYI(1, ("call to reconnect done"));
409 csocket = server->ssocket;
410 continue;
411 } else if ((length == -ERESTARTSYS) || (length == -EAGAIN)) {
412 msleep(1); /* minimum sleep to prevent looping
413 allowing socket to clear and app threads to set
414 tcpStatus CifsNeedReconnect if server hung */
415 if (pdu_length < 4)
416 goto incomplete_rcv;
417 else
418 continue;
419 } else if (length <= 0) {
420 if (server->tcpStatus == CifsNew) {
421 cFYI(1, ("tcp session abend after SMBnegprot"));
422 /* some servers kill the TCP session rather than
423 returning an SMB negprot error, in which
424 case reconnecting here is not going to help,
425 and so simply return error to mount */
426 break;
427 }
428 if (!try_to_freeze() && (length == -EINTR)) {
429 cFYI(1, ("cifsd thread killed"));
430 break;
431 }
432 cFYI(1, ("Reconnect after unexpected peek error %d",
433 length));
434 cifs_reconnect(server);
435 csocket = server->ssocket;
436 wake_up(&server->response_q);
437 continue;
438 } else if (length < pdu_length) {
439 cFYI(1, ("requested %d bytes but only got %d bytes",
440 pdu_length, length));
441 pdu_length -= length;
442 msleep(1);
443 goto incomplete_rcv;
444 }
445
446 /* The right amount was read from socket - 4 bytes */
447 /* so we can now interpret the length field */
448
449 /* the first byte big endian of the length field,
450 is actually not part of the length but the type
451 with the most common, zero, as regular data */
452 temp = *((char *) smb_buffer);
453
454 /* Note that FC 1001 length is big endian on the wire,
455 but we convert it here so it is always manipulated
456 as host byte order */
457 pdu_length = be32_to_cpu((__force __be32)smb_buffer->smb_buf_length);
458 smb_buffer->smb_buf_length = pdu_length;
459
460 cFYI(1, ("rfc1002 length 0x%x", pdu_length+4));
461
462 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
463 continue;
464 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
465 cFYI(1, ("Good RFC 1002 session rsp"));
466 continue;
467 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
468 /* we get this from Windows 98 instead of
469 an error on SMB negprot response */
470 cFYI(1, ("Negative RFC1002 Session Response Error 0x%x)",
471 pdu_length));
472 if (server->tcpStatus == CifsNew) {
473 /* if nack on negprot (rather than
474 ret of smb negprot error) reconnecting
475 not going to help, ret error to mount */
476 break;
477 } else {
478 /* give server a second to
479 clean up before reconnect attempt */
480 msleep(1000);
481 /* always try 445 first on reconnect
482 since we get NACK on some if we ever
483 connected to port 139 (the NACK is
484 since we do not begin with RFC1001
485 session initialize frame) */
486 server->addr.sockAddr.sin_port =
487 htons(CIFS_PORT);
488 cifs_reconnect(server);
489 csocket = server->ssocket;
490 wake_up(&server->response_q);
491 continue;
492 }
493 } else if (temp != (char) 0) {
494 cERROR(1, ("Unknown RFC 1002 frame"));
495 cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
496 length);
497 cifs_reconnect(server);
498 csocket = server->ssocket;
499 continue;
500 }
501
502 /* else we have an SMB response */
503 if ((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
504 (pdu_length < sizeof(struct smb_hdr) - 1 - 4)) {
505 cERROR(1, ("Invalid size SMB length %d pdu_length %d",
506 length, pdu_length+4));
507 cifs_reconnect(server);
508 csocket = server->ssocket;
509 wake_up(&server->response_q);
510 continue;
511 }
512
513 /* else length ok */
514 reconnect = 0;
515
516 if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
517 isLargeBuf = true;
518 memcpy(bigbuf, smallbuf, 4);
519 smb_buffer = bigbuf;
520 }
521 length = 0;
522 iov.iov_base = 4 + (char *)smb_buffer;
523 iov.iov_len = pdu_length;
524 for (total_read = 0; total_read < pdu_length;
525 total_read += length) {
526 length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
527 pdu_length - total_read, 0);
528 if ((server->tcpStatus == CifsExiting) ||
529 (length == -EINTR)) {
530 /* then will exit */
531 reconnect = 2;
532 break;
533 } else if (server->tcpStatus == CifsNeedReconnect) {
534 cifs_reconnect(server);
535 csocket = server->ssocket;
536 /* Reconnect wakes up rspns q */
537 /* Now we will reread sock */
538 reconnect = 1;
539 break;
540 } else if ((length == -ERESTARTSYS) ||
541 (length == -EAGAIN)) {
542 msleep(1); /* minimum sleep to prevent looping,
543 allowing socket to clear and app
544 threads to set tcpStatus
545 CifsNeedReconnect if server hung*/
546 length = 0;
547 continue;
548 } else if (length <= 0) {
549 cERROR(1, ("Received no data, expecting %d",
550 pdu_length - total_read));
551 cifs_reconnect(server);
552 csocket = server->ssocket;
553 reconnect = 1;
554 break;
555 }
556 }
557 if (reconnect == 2)
558 break;
559 else if (reconnect == 1)
560 continue;
561
562 length += 4; /* account for rfc1002 hdr */
563
564
565 dump_smb(smb_buffer, length);
566 if (checkSMB(smb_buffer, smb_buffer->Mid, total_read+4)) {
567 cifs_dump_mem("Bad SMB: ", smb_buffer, 48);
568 continue;
569 }
570
571
572 task_to_wake = NULL;
573 spin_lock(&GlobalMid_Lock);
574 list_for_each(tmp, &server->pending_mid_q) {
575 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
576
577 if ((mid_entry->mid == smb_buffer->Mid) &&
578 (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
579 (mid_entry->command == smb_buffer->Command)) {
580 if (check2ndT2(smb_buffer,server->maxBuf) > 0) {
581 /* We have a multipart transact2 resp */
582 isMultiRsp = true;
583 if (mid_entry->resp_buf) {
584 /* merge response - fix up 1st*/
585 if (coalesce_t2(smb_buffer,
586 mid_entry->resp_buf)) {
587 mid_entry->multiRsp =
588 true;
589 break;
590 } else {
591 /* all parts received */
592 mid_entry->multiEnd =
593 true;
594 goto multi_t2_fnd;
595 }
596 } else {
597 if (!isLargeBuf) {
598 cERROR(1,("1st trans2 resp needs bigbuf"));
599 /* BB maybe we can fix this up, switch
600 to already allocated large buffer? */
601 } else {
602 /* Have first buffer */
603 mid_entry->resp_buf =
604 smb_buffer;
605 mid_entry->largeBuf =
606 true;
607 bigbuf = NULL;
608 }
609 }
610 break;
611 }
612 mid_entry->resp_buf = smb_buffer;
613 mid_entry->largeBuf = isLargeBuf;
614 multi_t2_fnd:
615 task_to_wake = mid_entry->tsk;
616 mid_entry->midState = MID_RESPONSE_RECEIVED;
617 #ifdef CONFIG_CIFS_STATS2
618 mid_entry->when_received = jiffies;
619 #endif
620 /* so we do not time out requests to server
621 which is still responding (since server could
622 be busy but not dead) */
623 server->lstrp = jiffies;
624 break;
625 }
626 }
627 spin_unlock(&GlobalMid_Lock);
628 if (task_to_wake) {
629 /* Was previous buf put in mpx struct for multi-rsp? */
630 if (!isMultiRsp) {
631 /* smb buffer will be freed by user thread */
632 if (isLargeBuf)
633 bigbuf = NULL;
634 else
635 smallbuf = NULL;
636 }
637 wake_up_process(task_to_wake);
638 } else if (!is_valid_oplock_break(smb_buffer, server) &&
639 !isMultiRsp) {
640 cERROR(1, ("No task to wake, unknown frame received! "
641 "NumMids %d", midCount.counter));
642 cifs_dump_mem("Received Data is: ", (char *)smb_buffer,
643 sizeof(struct smb_hdr));
644 #ifdef CONFIG_CIFS_DEBUG2
645 cifs_dump_detail(smb_buffer);
646 cifs_dump_mids(server);
647 #endif /* CIFS_DEBUG2 */
648
649 }
650 } /* end while !EXITING */
651
652 spin_lock(&GlobalMid_Lock);
653 server->tcpStatus = CifsExiting;
654 spin_unlock(&GlobalMid_Lock);
655 wake_up_all(&server->response_q);
656
657 /* check if we have blocked requests that need to free */
658 /* Note that cifs_max_pending is normally 50, but
659 can be set at module install time to as little as two */
660 spin_lock(&GlobalMid_Lock);
661 if (atomic_read(&server->inFlight) >= cifs_max_pending)
662 atomic_set(&server->inFlight, cifs_max_pending - 1);
663 /* We do not want to set the max_pending too low or we
664 could end up with the counter going negative */
665 spin_unlock(&GlobalMid_Lock);
666 /* Although there should not be any requests blocked on
667 this queue it can not hurt to be paranoid and try to wake up requests
668 that may haven been blocked when more than 50 at time were on the wire
669 to the same server - they now will see the session is in exit state
670 and get out of SendReceive. */
671 wake_up_all(&server->request_q);
672 /* give those requests time to exit */
673 msleep(125);
674
675 if (server->ssocket) {
676 sock_release(csocket);
677 server->ssocket = NULL;
678 }
679 /* buffer usuallly freed in free_mid - need to free it here on exit */
680 cifs_buf_release(bigbuf);
681 if (smallbuf) /* no sense logging a debug message if NULL */
682 cifs_small_buf_release(smallbuf);
683
684 read_lock(&GlobalSMBSeslock);
685 if (list_empty(&server->pending_mid_q)) {
686 /* loop through server session structures attached to this and
687 mark them dead */
688 list_for_each(tmp, &GlobalSMBSessionList) {
689 ses =
690 list_entry(tmp, struct cifsSesInfo,
691 cifsSessionList);
692 if (ses->server == server) {
693 ses->status = CifsExiting;
694 ses->server = NULL;
695 }
696 }
697 read_unlock(&GlobalSMBSeslock);
698 } else {
699 /* although we can not zero the server struct pointer yet,
700 since there are active requests which may depnd on them,
701 mark the corresponding SMB sessions as exiting too */
702 list_for_each(tmp, &GlobalSMBSessionList) {
703 ses = list_entry(tmp, struct cifsSesInfo,
704 cifsSessionList);
705 if (ses->server == server)
706 ses->status = CifsExiting;
707 }
708
709 spin_lock(&GlobalMid_Lock);
710 list_for_each(tmp, &server->pending_mid_q) {
711 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
712 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
713 cFYI(1, ("Clearing Mid 0x%x - waking up ",
714 mid_entry->mid));
715 task_to_wake = mid_entry->tsk;
716 if (task_to_wake)
717 wake_up_process(task_to_wake);
718 }
719 }
720 spin_unlock(&GlobalMid_Lock);
721 read_unlock(&GlobalSMBSeslock);
722 /* 1/8th of sec is more than enough time for them to exit */
723 msleep(125);
724 }
725
726 if (!list_empty(&server->pending_mid_q)) {
727 /* mpx threads have not exited yet give them
728 at least the smb send timeout time for long ops */
729 /* due to delays on oplock break requests, we need
730 to wait at least 45 seconds before giving up
731 on a request getting a response and going ahead
732 and killing cifsd */
733 cFYI(1, ("Wait for exit from demultiplex thread"));
734 msleep(46000);
735 /* if threads still have not exited they are probably never
736 coming home not much else we can do but free the memory */
737 }
738
739 /* last chance to mark ses pointers invalid
740 if there are any pointing to this (e.g
741 if a crazy root user tried to kill cifsd
742 kernel thread explicitly this might happen) */
743 write_lock(&GlobalSMBSeslock);
744 list_for_each(tmp, &GlobalSMBSessionList) {
745 ses = list_entry(tmp, struct cifsSesInfo,
746 cifsSessionList);
747 if (ses->server == server)
748 ses->server = NULL;
749 }
750 write_unlock(&GlobalSMBSeslock);
751
752 kfree(server->hostname);
753 task_to_wake = xchg(&server->tsk, NULL);
754 kfree(server);
755
756 length = atomic_dec_return(&tcpSesAllocCount);
757 if (length > 0)
758 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
759 GFP_KERNEL);
760
761 /* if server->tsk was NULL then wait for a signal before exiting */
762 if (!task_to_wake) {
763 set_current_state(TASK_INTERRUPTIBLE);
764 while (!signal_pending(current)) {
765 schedule();
766 set_current_state(TASK_INTERRUPTIBLE);
767 }
768 set_current_state(TASK_RUNNING);
769 }
770
771 return 0;
772 }
773
774 /* extract the host portion of the UNC string */
775 static char *
776 extract_hostname(const char *unc)
777 {
778 const char *src;
779 char *dst, *delim;
780 unsigned int len;
781
782 /* skip double chars at beginning of string */
783 /* BB: check validity of these bytes? */
784 src = unc + 2;
785
786 /* delimiter between hostname and sharename is always '\\' now */
787 delim = strchr(src, '\\');
788 if (!delim)
789 return ERR_PTR(-EINVAL);
790
791 len = delim - src;
792 dst = kmalloc((len + 1), GFP_KERNEL);
793 if (dst == NULL)
794 return ERR_PTR(-ENOMEM);
795
796 memcpy(dst, src, len);
797 dst[len] = '\0';
798
799 return dst;
800 }
801
802 static int
803 cifs_parse_mount_options(char *options, const char *devname,
804 struct smb_vol *vol)
805 {
806 char *value;
807 char *data;
808 unsigned int temp_len, i, j;
809 char separator[2];
810
811 separator[0] = ',';
812 separator[1] = 0;
813
814 if (Local_System_Name[0] != 0)
815 memcpy(vol->source_rfc1001_name, Local_System_Name, 15);
816 else {
817 char *nodename = utsname()->nodename;
818 int n = strnlen(nodename, 15);
819 memset(vol->source_rfc1001_name, 0x20, 15);
820 for (i = 0; i < n; i++) {
821 /* does not have to be perfect mapping since field is
822 informational, only used for servers that do not support
823 port 445 and it can be overridden at mount time */
824 vol->source_rfc1001_name[i] = toupper(nodename[i]);
825 }
826 }
827 vol->source_rfc1001_name[15] = 0;
828 /* null target name indicates to use *SMBSERVR default called name
829 if we end up sending RFC1001 session initialize */
830 vol->target_rfc1001_name[0] = 0;
831 vol->linux_uid = current->uid; /* current->euid instead? */
832 vol->linux_gid = current->gid;
833 vol->dir_mode = S_IRWXUGO;
834 /* 2767 perms indicate mandatory locking support */
835 vol->file_mode = (S_IRWXUGO | S_ISGID) & (~S_IXGRP);
836
837 /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
838 vol->rw = true;
839 /* default is always to request posix paths. */
840 vol->posix_paths = 1;
841
842 if (!options)
843 return 1;
844
845 if (strncmp(options, "sep=", 4) == 0) {
846 if (options[4] != 0) {
847 separator[0] = options[4];
848 options += 5;
849 } else {
850 cFYI(1, ("Null separator not allowed"));
851 }
852 }
853
854 while ((data = strsep(&options, separator)) != NULL) {
855 if (!*data)
856 continue;
857 if ((value = strchr(data, '=')) != NULL)
858 *value++ = '\0';
859
860 /* Have to parse this before we parse for "user" */
861 if (strnicmp(data, "user_xattr", 10) == 0) {
862 vol->no_xattr = 0;
863 } else if (strnicmp(data, "nouser_xattr", 12) == 0) {
864 vol->no_xattr = 1;
865 } else if (strnicmp(data, "user", 4) == 0) {
866 if (!value) {
867 printk(KERN_WARNING
868 "CIFS: invalid or missing username\n");
869 return 1; /* needs_arg; */
870 } else if (!*value) {
871 /* null user, ie anonymous, authentication */
872 vol->nullauth = 1;
873 }
874 if (strnlen(value, 200) < 200) {
875 vol->username = value;
876 } else {
877 printk(KERN_WARNING "CIFS: username too long\n");
878 return 1;
879 }
880 } else if (strnicmp(data, "pass", 4) == 0) {
881 if (!value) {
882 vol->password = NULL;
883 continue;
884 } else if (value[0] == 0) {
885 /* check if string begins with double comma
886 since that would mean the password really
887 does start with a comma, and would not
888 indicate an empty string */
889 if (value[1] != separator[0]) {
890 vol->password = NULL;
891 continue;
892 }
893 }
894 temp_len = strlen(value);
895 /* removed password length check, NTLM passwords
896 can be arbitrarily long */
897
898 /* if comma in password, the string will be
899 prematurely null terminated. Commas in password are
900 specified across the cifs mount interface by a double
901 comma ie ,, and a comma used as in other cases ie ','
902 as a parameter delimiter/separator is single and due
903 to the strsep above is temporarily zeroed. */
904
905 /* NB: password legally can have multiple commas and
906 the only illegal character in a password is null */
907
908 if ((value[temp_len] == 0) &&
909 (value[temp_len+1] == separator[0])) {
910 /* reinsert comma */
911 value[temp_len] = separator[0];
912 temp_len += 2; /* move after second comma */
913 while (value[temp_len] != 0) {
914 if (value[temp_len] == separator[0]) {
915 if (value[temp_len+1] ==
916 separator[0]) {
917 /* skip second comma */
918 temp_len++;
919 } else {
920 /* single comma indicating start
921 of next parm */
922 break;
923 }
924 }
925 temp_len++;
926 }
927 if (value[temp_len] == 0) {
928 options = NULL;
929 } else {
930 value[temp_len] = 0;
931 /* point option to start of next parm */
932 options = value + temp_len + 1;
933 }
934 /* go from value to value + temp_len condensing
935 double commas to singles. Note that this ends up
936 allocating a few bytes too many, which is ok */
937 vol->password = kzalloc(temp_len, GFP_KERNEL);
938 if (vol->password == NULL) {
939 printk(KERN_WARNING "CIFS: no memory "
940 "for password\n");
941 return 1;
942 }
943 for (i = 0, j = 0; i < temp_len; i++, j++) {
944 vol->password[j] = value[i];
945 if (value[i] == separator[0]
946 && value[i+1] == separator[0]) {
947 /* skip second comma */
948 i++;
949 }
950 }
951 vol->password[j] = 0;
952 } else {
953 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
954 if (vol->password == NULL) {
955 printk(KERN_WARNING "CIFS: no memory "
956 "for password\n");
957 return 1;
958 }
959 strcpy(vol->password, value);
960 }
961 } else if (strnicmp(data, "ip", 2) == 0) {
962 if (!value || !*value) {
963 vol->UNCip = NULL;
964 } else if (strnlen(value, 35) < 35) {
965 vol->UNCip = value;
966 } else {
967 printk(KERN_WARNING "CIFS: ip address "
968 "too long\n");
969 return 1;
970 }
971 } else if (strnicmp(data, "sec", 3) == 0) {
972 if (!value || !*value) {
973 cERROR(1, ("no security value specified"));
974 continue;
975 } else if (strnicmp(value, "krb5i", 5) == 0) {
976 vol->secFlg |= CIFSSEC_MAY_KRB5 |
977 CIFSSEC_MUST_SIGN;
978 } else if (strnicmp(value, "krb5p", 5) == 0) {
979 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
980 CIFSSEC_MAY_KRB5; */
981 cERROR(1, ("Krb5 cifs privacy not supported"));
982 return 1;
983 } else if (strnicmp(value, "krb5", 4) == 0) {
984 vol->secFlg |= CIFSSEC_MAY_KRB5;
985 } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
986 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
987 CIFSSEC_MUST_SIGN;
988 } else if (strnicmp(value, "ntlmv2", 6) == 0) {
989 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
990 } else if (strnicmp(value, "ntlmi", 5) == 0) {
991 vol->secFlg |= CIFSSEC_MAY_NTLM |
992 CIFSSEC_MUST_SIGN;
993 } else if (strnicmp(value, "ntlm", 4) == 0) {
994 /* ntlm is default so can be turned off too */
995 vol->secFlg |= CIFSSEC_MAY_NTLM;
996 } else if (strnicmp(value, "nontlm", 6) == 0) {
997 /* BB is there a better way to do this? */
998 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
999 #ifdef CONFIG_CIFS_WEAK_PW_HASH
1000 } else if (strnicmp(value, "lanman", 6) == 0) {
1001 vol->secFlg |= CIFSSEC_MAY_LANMAN;
1002 #endif
1003 } else if (strnicmp(value, "none", 4) == 0) {
1004 vol->nullauth = 1;
1005 } else {
1006 cERROR(1, ("bad security option: %s", value));
1007 return 1;
1008 }
1009 } else if ((strnicmp(data, "unc", 3) == 0)
1010 || (strnicmp(data, "target", 6) == 0)
1011 || (strnicmp(data, "path", 4) == 0)) {
1012 if (!value || !*value) {
1013 printk(KERN_WARNING "CIFS: invalid path to "
1014 "network resource\n");
1015 return 1; /* needs_arg; */
1016 }
1017 if ((temp_len = strnlen(value, 300)) < 300) {
1018 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1019 if (vol->UNC == NULL)
1020 return 1;
1021 strcpy(vol->UNC, value);
1022 if (strncmp(vol->UNC, "//", 2) == 0) {
1023 vol->UNC[0] = '\\';
1024 vol->UNC[1] = '\\';
1025 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1026 printk(KERN_WARNING
1027 "CIFS: UNC Path does not begin "
1028 "with // or \\\\ \n");
1029 return 1;
1030 }
1031 } else {
1032 printk(KERN_WARNING "CIFS: UNC name too long\n");
1033 return 1;
1034 }
1035 } else if ((strnicmp(data, "domain", 3) == 0)
1036 || (strnicmp(data, "workgroup", 5) == 0)) {
1037 if (!value || !*value) {
1038 printk(KERN_WARNING "CIFS: invalid domain name\n");
1039 return 1; /* needs_arg; */
1040 }
1041 /* BB are there cases in which a comma can be valid in
1042 a domain name and need special handling? */
1043 if (strnlen(value, 256) < 256) {
1044 vol->domainname = value;
1045 cFYI(1, ("Domain name set"));
1046 } else {
1047 printk(KERN_WARNING "CIFS: domain name too "
1048 "long\n");
1049 return 1;
1050 }
1051 } else if (strnicmp(data, "prefixpath", 10) == 0) {
1052 if (!value || !*value) {
1053 printk(KERN_WARNING
1054 "CIFS: invalid path prefix\n");
1055 return 1; /* needs_argument */
1056 }
1057 if ((temp_len = strnlen(value, 1024)) < 1024) {
1058 if (value[0] != '/')
1059 temp_len++; /* missing leading slash */
1060 vol->prepath = kmalloc(temp_len+1, GFP_KERNEL);
1061 if (vol->prepath == NULL)
1062 return 1;
1063 if (value[0] != '/') {
1064 vol->prepath[0] = '/';
1065 strcpy(vol->prepath+1, value);
1066 } else
1067 strcpy(vol->prepath, value);
1068 cFYI(1, ("prefix path %s", vol->prepath));
1069 } else {
1070 printk(KERN_WARNING "CIFS: prefix too long\n");
1071 return 1;
1072 }
1073 } else if (strnicmp(data, "iocharset", 9) == 0) {
1074 if (!value || !*value) {
1075 printk(KERN_WARNING "CIFS: invalid iocharset "
1076 "specified\n");
1077 return 1; /* needs_arg; */
1078 }
1079 if (strnlen(value, 65) < 65) {
1080 if (strnicmp(value, "default", 7))
1081 vol->iocharset = value;
1082 /* if iocharset not set then load_nls_default
1083 is used by caller */
1084 cFYI(1, ("iocharset set to %s", value));
1085 } else {
1086 printk(KERN_WARNING "CIFS: iocharset name "
1087 "too long.\n");
1088 return 1;
1089 }
1090 } else if (strnicmp(data, "uid", 3) == 0) {
1091 if (value && *value) {
1092 vol->linux_uid =
1093 simple_strtoul(value, &value, 0);
1094 vol->override_uid = 1;
1095 }
1096 } else if (strnicmp(data, "gid", 3) == 0) {
1097 if (value && *value) {
1098 vol->linux_gid =
1099 simple_strtoul(value, &value, 0);
1100 vol->override_gid = 1;
1101 }
1102 } else if (strnicmp(data, "file_mode", 4) == 0) {
1103 if (value && *value) {
1104 vol->file_mode =
1105 simple_strtoul(value, &value, 0);
1106 }
1107 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1108 if (value && *value) {
1109 vol->dir_mode =
1110 simple_strtoul(value, &value, 0);
1111 }
1112 } else if (strnicmp(data, "dirmode", 4) == 0) {
1113 if (value && *value) {
1114 vol->dir_mode =
1115 simple_strtoul(value, &value, 0);
1116 }
1117 } else if (strnicmp(data, "port", 4) == 0) {
1118 if (value && *value) {
1119 vol->port =
1120 simple_strtoul(value, &value, 0);
1121 }
1122 } else if (strnicmp(data, "rsize", 5) == 0) {
1123 if (value && *value) {
1124 vol->rsize =
1125 simple_strtoul(value, &value, 0);
1126 }
1127 } else if (strnicmp(data, "wsize", 5) == 0) {
1128 if (value && *value) {
1129 vol->wsize =
1130 simple_strtoul(value, &value, 0);
1131 }
1132 } else if (strnicmp(data, "sockopt", 5) == 0) {
1133 if (value && *value) {
1134 vol->sockopt =
1135 simple_strtoul(value, &value, 0);
1136 }
1137 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1138 if (!value || !*value || (*value == ' ')) {
1139 cFYI(1, ("invalid (empty) netbiosname"));
1140 } else {
1141 memset(vol->source_rfc1001_name, 0x20, 15);
1142 for (i = 0; i < 15; i++) {
1143 /* BB are there cases in which a comma can be
1144 valid in this workstation netbios name (and need
1145 special handling)? */
1146
1147 /* We do not uppercase netbiosname for user */
1148 if (value[i] == 0)
1149 break;
1150 else
1151 vol->source_rfc1001_name[i] =
1152 value[i];
1153 }
1154 /* The string has 16th byte zero still from
1155 set at top of the function */
1156 if ((i == 15) && (value[i] != 0))
1157 printk(KERN_WARNING "CIFS: netbiosname"
1158 " longer than 15 truncated.\n");
1159 }
1160 } else if (strnicmp(data, "servern", 7) == 0) {
1161 /* servernetbiosname specified override *SMBSERVER */
1162 if (!value || !*value || (*value == ' ')) {
1163 cFYI(1, ("empty server netbiosname specified"));
1164 } else {
1165 /* last byte, type, is 0x20 for servr type */
1166 memset(vol->target_rfc1001_name, 0x20, 16);
1167
1168 for (i = 0; i < 15; i++) {
1169 /* BB are there cases in which a comma can be
1170 valid in this workstation netbios name
1171 (and need special handling)? */
1172
1173 /* user or mount helper must uppercase
1174 the netbiosname */
1175 if (value[i] == 0)
1176 break;
1177 else
1178 vol->target_rfc1001_name[i] =
1179 value[i];
1180 }
1181 /* The string has 16th byte zero still from
1182 set at top of the function */
1183 if ((i == 15) && (value[i] != 0))
1184 printk(KERN_WARNING "CIFS: server net"
1185 "biosname longer than 15 truncated.\n");
1186 }
1187 } else if (strnicmp(data, "credentials", 4) == 0) {
1188 /* ignore */
1189 } else if (strnicmp(data, "version", 3) == 0) {
1190 /* ignore */
1191 } else if (strnicmp(data, "guest", 5) == 0) {
1192 /* ignore */
1193 } else if (strnicmp(data, "rw", 2) == 0) {
1194 vol->rw = true;
1195 } else if ((strnicmp(data, "suid", 4) == 0) ||
1196 (strnicmp(data, "nosuid", 6) == 0) ||
1197 (strnicmp(data, "exec", 4) == 0) ||
1198 (strnicmp(data, "noexec", 6) == 0) ||
1199 (strnicmp(data, "nodev", 5) == 0) ||
1200 (strnicmp(data, "noauto", 6) == 0) ||
1201 (strnicmp(data, "dev", 3) == 0)) {
1202 /* The mount tool or mount.cifs helper (if present)
1203 uses these opts to set flags, and the flags are read
1204 by the kernel vfs layer before we get here (ie
1205 before read super) so there is no point trying to
1206 parse these options again and set anything and it
1207 is ok to just ignore them */
1208 continue;
1209 } else if (strnicmp(data, "ro", 2) == 0) {
1210 vol->rw = false;
1211 } else if (strnicmp(data, "hard", 4) == 0) {
1212 vol->retry = 1;
1213 } else if (strnicmp(data, "soft", 4) == 0) {
1214 vol->retry = 0;
1215 } else if (strnicmp(data, "perm", 4) == 0) {
1216 vol->noperm = 0;
1217 } else if (strnicmp(data, "noperm", 6) == 0) {
1218 vol->noperm = 1;
1219 } else if (strnicmp(data, "mapchars", 8) == 0) {
1220 vol->remap = 1;
1221 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1222 vol->remap = 0;
1223 } else if (strnicmp(data, "sfu", 3) == 0) {
1224 vol->sfu_emul = 1;
1225 } else if (strnicmp(data, "nosfu", 5) == 0) {
1226 vol->sfu_emul = 0;
1227 } else if (strnicmp(data, "nodfs", 5) == 0) {
1228 vol->nodfs = 1;
1229 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1230 vol->posix_paths = 1;
1231 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1232 vol->posix_paths = 0;
1233 } else if (strnicmp(data, "nounix", 6) == 0) {
1234 vol->no_linux_ext = 1;
1235 } else if (strnicmp(data, "nolinux", 7) == 0) {
1236 vol->no_linux_ext = 1;
1237 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1238 (strnicmp(data, "ignorecase", 10) == 0)) {
1239 vol->nocase = 1;
1240 } else if (strnicmp(data, "brl", 3) == 0) {
1241 vol->nobrl = 0;
1242 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1243 (strnicmp(data, "nolock", 6) == 0)) {
1244 vol->nobrl = 1;
1245 /* turn off mandatory locking in mode
1246 if remote locking is turned off since the
1247 local vfs will do advisory */
1248 if (vol->file_mode ==
1249 (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1250 vol->file_mode = S_IALLUGO;
1251 } else if (strnicmp(data, "setuids", 7) == 0) {
1252 vol->setuids = 1;
1253 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1254 vol->setuids = 0;
1255 } else if (strnicmp(data, "dynperm", 7) == 0) {
1256 vol->dynperm = true;
1257 } else if (strnicmp(data, "nodynperm", 9) == 0) {
1258 vol->dynperm = false;
1259 } else if (strnicmp(data, "nohard", 6) == 0) {
1260 vol->retry = 0;
1261 } else if (strnicmp(data, "nosoft", 6) == 0) {
1262 vol->retry = 1;
1263 } else if (strnicmp(data, "nointr", 6) == 0) {
1264 vol->intr = 0;
1265 } else if (strnicmp(data, "intr", 4) == 0) {
1266 vol->intr = 1;
1267 } else if (strnicmp(data, "serverino", 7) == 0) {
1268 vol->server_ino = 1;
1269 } else if (strnicmp(data, "noserverino", 9) == 0) {
1270 vol->server_ino = 0;
1271 } else if (strnicmp(data, "cifsacl", 7) == 0) {
1272 vol->cifs_acl = 1;
1273 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1274 vol->cifs_acl = 0;
1275 } else if (strnicmp(data, "acl", 3) == 0) {
1276 vol->no_psx_acl = 0;
1277 } else if (strnicmp(data, "noacl", 5) == 0) {
1278 vol->no_psx_acl = 1;
1279 #ifdef CONFIG_CIFS_EXPERIMENTAL
1280 } else if (strnicmp(data, "locallease", 6) == 0) {
1281 vol->local_lease = 1;
1282 #endif
1283 } else if (strnicmp(data, "sign", 4) == 0) {
1284 vol->secFlg |= CIFSSEC_MUST_SIGN;
1285 } else if (strnicmp(data, "seal", 4) == 0) {
1286 /* we do not do the following in secFlags because seal
1287 is a per tree connection (mount) not a per socket
1288 or per-smb connection option in the protocol */
1289 /* vol->secFlg |= CIFSSEC_MUST_SEAL; */
1290 vol->seal = 1;
1291 } else if (strnicmp(data, "direct", 6) == 0) {
1292 vol->direct_io = 1;
1293 } else if (strnicmp(data, "forcedirectio", 13) == 0) {
1294 vol->direct_io = 1;
1295 } else if (strnicmp(data, "in6_addr", 8) == 0) {
1296 if (!value || !*value) {
1297 vol->in6_addr = NULL;
1298 } else if (strnlen(value, 49) == 48) {
1299 vol->in6_addr = value;
1300 } else {
1301 printk(KERN_WARNING "CIFS: ip v6 address not "
1302 "48 characters long\n");
1303 return 1;
1304 }
1305 } else if (strnicmp(data, "noac", 4) == 0) {
1306 printk(KERN_WARNING "CIFS: Mount option noac not "
1307 "supported. Instead set "
1308 "/proc/fs/cifs/LookupCacheEnabled to 0\n");
1309 } else
1310 printk(KERN_WARNING "CIFS: Unknown mount option %s\n",
1311 data);
1312 }
1313 if (vol->UNC == NULL) {
1314 if (devname == NULL) {
1315 printk(KERN_WARNING "CIFS: Missing UNC name for mount "
1316 "target\n");
1317 return 1;
1318 }
1319 if ((temp_len = strnlen(devname, 300)) < 300) {
1320 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1321 if (vol->UNC == NULL)
1322 return 1;
1323 strcpy(vol->UNC, devname);
1324 if (strncmp(vol->UNC, "//", 2) == 0) {
1325 vol->UNC[0] = '\\';
1326 vol->UNC[1] = '\\';
1327 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1328 printk(KERN_WARNING "CIFS: UNC Path does not "
1329 "begin with // or \\\\ \n");
1330 return 1;
1331 }
1332 value = strpbrk(vol->UNC+2, "/\\");
1333 if (value)
1334 *value = '\\';
1335 } else {
1336 printk(KERN_WARNING "CIFS: UNC name too long\n");
1337 return 1;
1338 }
1339 }
1340 if (vol->UNCip == NULL)
1341 vol->UNCip = &vol->UNC[2];
1342
1343 return 0;
1344 }
1345
1346 static struct cifsSesInfo *
1347 cifs_find_tcp_session(struct in_addr *target_ip_addr,
1348 struct in6_addr *target_ip6_addr,
1349 char *userName, struct TCP_Server_Info **psrvTcp)
1350 {
1351 struct list_head *tmp;
1352 struct cifsSesInfo *ses;
1353
1354 *psrvTcp = NULL;
1355
1356 read_lock(&GlobalSMBSeslock);
1357 list_for_each(tmp, &GlobalSMBSessionList) {
1358 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
1359 if (!ses->server)
1360 continue;
1361
1362 if (target_ip_addr &&
1363 ses->server->addr.sockAddr.sin_addr.s_addr != target_ip_addr->s_addr)
1364 continue;
1365 else if (target_ip6_addr &&
1366 memcmp(&ses->server->addr.sockAddr6.sin6_addr,
1367 target_ip6_addr, sizeof(*target_ip6_addr)))
1368 continue;
1369 /* BB lock server and tcp session; increment use count here?? */
1370
1371 /* found a match on the TCP session */
1372 *psrvTcp = ses->server;
1373
1374 /* BB check if reconnection needed */
1375 if (strncmp(ses->userName, userName, MAX_USERNAME_SIZE) == 0) {
1376 read_unlock(&GlobalSMBSeslock);
1377 /* Found exact match on both TCP and
1378 SMB sessions */
1379 return ses;
1380 }
1381 /* else tcp and smb sessions need reconnection */
1382 }
1383 read_unlock(&GlobalSMBSeslock);
1384
1385 return NULL;
1386 }
1387
1388 static struct cifsTconInfo *
1389 find_unc(__be32 new_target_ip_addr, char *uncName, char *userName)
1390 {
1391 struct list_head *tmp;
1392 struct cifsTconInfo *tcon;
1393 __be32 old_ip;
1394
1395 read_lock(&GlobalSMBSeslock);
1396
1397 list_for_each(tmp, &GlobalTreeConnectionList) {
1398 cFYI(1, ("Next tcon"));
1399 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
1400 if (!tcon->ses || !tcon->ses->server)
1401 continue;
1402
1403 old_ip = tcon->ses->server->addr.sockAddr.sin_addr.s_addr;
1404 cFYI(1, ("old ip addr: %x == new ip %x ?",
1405 old_ip, new_target_ip_addr));
1406
1407 if (old_ip != new_target_ip_addr)
1408 continue;
1409
1410 /* BB lock tcon, server, tcp session and increment use count? */
1411 /* found a match on the TCP session */
1412 /* BB check if reconnection needed */
1413 cFYI(1, ("IP match, old UNC: %s new: %s",
1414 tcon->treeName, uncName));
1415
1416 if (strncmp(tcon->treeName, uncName, MAX_TREE_SIZE))
1417 continue;
1418
1419 cFYI(1, ("and old usr: %s new: %s",
1420 tcon->treeName, uncName));
1421
1422 if (strncmp(tcon->ses->userName, userName, MAX_USERNAME_SIZE))
1423 continue;
1424
1425 /* matched smb session (user name) */
1426 read_unlock(&GlobalSMBSeslock);
1427 return tcon;
1428 }
1429
1430 read_unlock(&GlobalSMBSeslock);
1431 return NULL;
1432 }
1433
1434 int
1435 get_dfs_path(int xid, struct cifsSesInfo *pSesInfo, const char *old_path,
1436 const struct nls_table *nls_codepage, unsigned int *pnum_referrals,
1437 struct dfs_info3_param **preferrals, int remap)
1438 {
1439 char *temp_unc;
1440 int rc = 0;
1441
1442 *pnum_referrals = 0;
1443 *preferrals = NULL;
1444
1445 if (pSesInfo->ipc_tid == 0) {
1446 temp_unc = kmalloc(2 /* for slashes */ +
1447 strnlen(pSesInfo->serverName,
1448 SERVER_NAME_LEN_WITH_NULL * 2)
1449 + 1 + 4 /* slash IPC$ */ + 2,
1450 GFP_KERNEL);
1451 if (temp_unc == NULL)
1452 return -ENOMEM;
1453 temp_unc[0] = '\\';
1454 temp_unc[1] = '\\';
1455 strcpy(temp_unc + 2, pSesInfo->serverName);
1456 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
1457 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
1458 cFYI(1,
1459 ("CIFS Tcon rc = %d ipc_tid = %d", rc, pSesInfo->ipc_tid));
1460 kfree(temp_unc);
1461 }
1462 if (rc == 0)
1463 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
1464 pnum_referrals, nls_codepage, remap);
1465 /* BB map targetUNCs to dfs_info3 structures, here or
1466 in CIFSGetDFSRefer BB */
1467
1468 return rc;
1469 }
1470
1471 #ifdef CONFIG_DEBUG_LOCK_ALLOC
1472 static struct lock_class_key cifs_key[2];
1473 static struct lock_class_key cifs_slock_key[2];
1474
1475 static inline void
1476 cifs_reclassify_socket4(struct socket *sock)
1477 {
1478 struct sock *sk = sock->sk;
1479 BUG_ON(sock_owned_by_user(sk));
1480 sock_lock_init_class_and_name(sk, "slock-AF_INET-CIFS",
1481 &cifs_slock_key[0], "sk_lock-AF_INET-CIFS", &cifs_key[0]);
1482 }
1483
1484 static inline void
1485 cifs_reclassify_socket6(struct socket *sock)
1486 {
1487 struct sock *sk = sock->sk;
1488 BUG_ON(sock_owned_by_user(sk));
1489 sock_lock_init_class_and_name(sk, "slock-AF_INET6-CIFS",
1490 &cifs_slock_key[1], "sk_lock-AF_INET6-CIFS", &cifs_key[1]);
1491 }
1492 #else
1493 static inline void
1494 cifs_reclassify_socket4(struct socket *sock)
1495 {
1496 }
1497
1498 static inline void
1499 cifs_reclassify_socket6(struct socket *sock)
1500 {
1501 }
1502 #endif
1503
1504 /* See RFC1001 section 14 on representation of Netbios names */
1505 static void rfc1002mangle(char *target, char *source, unsigned int length)
1506 {
1507 unsigned int i, j;
1508
1509 for (i = 0, j = 0; i < (length); i++) {
1510 /* mask a nibble at a time and encode */
1511 target[j] = 'A' + (0x0F & (source[i] >> 4));
1512 target[j+1] = 'A' + (0x0F & source[i]);
1513 j += 2;
1514 }
1515
1516 }
1517
1518
1519 static int
1520 ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket,
1521 char *netbios_name, char *target_name)
1522 {
1523 int rc = 0;
1524 int connected = 0;
1525 __be16 orig_port = 0;
1526
1527 if (*csocket == NULL) {
1528 rc = sock_create_kern(PF_INET, SOCK_STREAM,
1529 IPPROTO_TCP, csocket);
1530 if (rc < 0) {
1531 cERROR(1, ("Error %d creating socket", rc));
1532 *csocket = NULL;
1533 return rc;
1534 } else {
1535 /* BB other socket options to set KEEPALIVE, NODELAY? */
1536 cFYI(1, ("Socket created"));
1537 (*csocket)->sk->sk_allocation = GFP_NOFS;
1538 cifs_reclassify_socket4(*csocket);
1539 }
1540 }
1541
1542 psin_server->sin_family = AF_INET;
1543 if (psin_server->sin_port) { /* user overrode default port */
1544 rc = (*csocket)->ops->connect(*csocket,
1545 (struct sockaddr *) psin_server,
1546 sizeof(struct sockaddr_in), 0);
1547 if (rc >= 0)
1548 connected = 1;
1549 }
1550
1551 if (!connected) {
1552 /* save original port so we can retry user specified port
1553 later if fall back ports fail this time */
1554 orig_port = psin_server->sin_port;
1555
1556 /* do not retry on the same port we just failed on */
1557 if (psin_server->sin_port != htons(CIFS_PORT)) {
1558 psin_server->sin_port = htons(CIFS_PORT);
1559
1560 rc = (*csocket)->ops->connect(*csocket,
1561 (struct sockaddr *) psin_server,
1562 sizeof(struct sockaddr_in), 0);
1563 if (rc >= 0)
1564 connected = 1;
1565 }
1566 }
1567 if (!connected) {
1568 psin_server->sin_port = htons(RFC1001_PORT);
1569 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1570 psin_server,
1571 sizeof(struct sockaddr_in), 0);
1572 if (rc >= 0)
1573 connected = 1;
1574 }
1575
1576 /* give up here - unless we want to retry on different
1577 protocol families some day */
1578 if (!connected) {
1579 if (orig_port)
1580 psin_server->sin_port = orig_port;
1581 cFYI(1, ("Error %d connecting to server via ipv4", rc));
1582 sock_release(*csocket);
1583 *csocket = NULL;
1584 return rc;
1585 }
1586 /* Eventually check for other socket options to change from
1587 the default. sock_setsockopt not used because it expects
1588 user space buffer */
1589 cFYI(1, ("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",
1590 (*csocket)->sk->sk_sndbuf,
1591 (*csocket)->sk->sk_rcvbuf, (*csocket)->sk->sk_rcvtimeo));
1592 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1593 /* make the bufsizes depend on wsize/rsize and max requests */
1594 if ((*csocket)->sk->sk_sndbuf < (200 * 1024))
1595 (*csocket)->sk->sk_sndbuf = 200 * 1024;
1596 if ((*csocket)->sk->sk_rcvbuf < (140 * 1024))
1597 (*csocket)->sk->sk_rcvbuf = 140 * 1024;
1598
1599 /* send RFC1001 sessinit */
1600 if (psin_server->sin_port == htons(RFC1001_PORT)) {
1601 /* some servers require RFC1001 sessinit before sending
1602 negprot - BB check reconnection in case where second
1603 sessinit is sent but no second negprot */
1604 struct rfc1002_session_packet *ses_init_buf;
1605 struct smb_hdr *smb_buf;
1606 ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet),
1607 GFP_KERNEL);
1608 if (ses_init_buf) {
1609 ses_init_buf->trailer.session_req.called_len = 32;
1610 if (target_name && (target_name[0] != 0)) {
1611 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1612 target_name, 16);
1613 } else {
1614 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1615 DEFAULT_CIFS_CALLED_NAME, 16);
1616 }
1617
1618 ses_init_buf->trailer.session_req.calling_len = 32;
1619 /* calling name ends in null (byte 16) from old smb
1620 convention. */
1621 if (netbios_name && (netbios_name[0] != 0)) {
1622 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1623 netbios_name, 16);
1624 } else {
1625 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1626 "LINUX_CIFS_CLNT", 16);
1627 }
1628 ses_init_buf->trailer.session_req.scope1 = 0;
1629 ses_init_buf->trailer.session_req.scope2 = 0;
1630 smb_buf = (struct smb_hdr *)ses_init_buf;
1631 /* sizeof RFC1002_SESSION_REQUEST with no scope */
1632 smb_buf->smb_buf_length = 0x81000044;
1633 rc = smb_send(*csocket, smb_buf, 0x44,
1634 (struct sockaddr *)psin_server);
1635 kfree(ses_init_buf);
1636 msleep(1); /* RFC1001 layer in at least one server
1637 requires very short break before negprot
1638 presumably because not expecting negprot
1639 to follow so fast. This is a simple
1640 solution that works without
1641 complicating the code and causes no
1642 significant slowing down on mount
1643 for everyone else */
1644 }
1645 /* else the negprot may still work without this
1646 even though malloc failed */
1647
1648 }
1649
1650 return rc;
1651 }
1652
1653 static int
1654 ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket)
1655 {
1656 int rc = 0;
1657 int connected = 0;
1658 __be16 orig_port = 0;
1659
1660 if (*csocket == NULL) {
1661 rc = sock_create_kern(PF_INET6, SOCK_STREAM,
1662 IPPROTO_TCP, csocket);
1663 if (rc < 0) {
1664 cERROR(1, ("Error %d creating ipv6 socket", rc));
1665 *csocket = NULL;
1666 return rc;
1667 } else {
1668 /* BB other socket options to set KEEPALIVE, NODELAY? */
1669 cFYI(1, ("ipv6 Socket created"));
1670 (*csocket)->sk->sk_allocation = GFP_NOFS;
1671 cifs_reclassify_socket6(*csocket);
1672 }
1673 }
1674
1675 psin_server->sin6_family = AF_INET6;
1676
1677 if (psin_server->sin6_port) { /* user overrode default port */
1678 rc = (*csocket)->ops->connect(*csocket,
1679 (struct sockaddr *) psin_server,
1680 sizeof(struct sockaddr_in6), 0);
1681 if (rc >= 0)
1682 connected = 1;
1683 }
1684
1685 if (!connected) {
1686 /* save original port so we can retry user specified port
1687 later if fall back ports fail this time */
1688
1689 orig_port = psin_server->sin6_port;
1690 /* do not retry on the same port we just failed on */
1691 if (psin_server->sin6_port != htons(CIFS_PORT)) {
1692 psin_server->sin6_port = htons(CIFS_PORT);
1693
1694 rc = (*csocket)->ops->connect(*csocket,
1695 (struct sockaddr *) psin_server,
1696 sizeof(struct sockaddr_in6), 0);
1697 if (rc >= 0)
1698 connected = 1;
1699 }
1700 }
1701 if (!connected) {
1702 psin_server->sin6_port = htons(RFC1001_PORT);
1703 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1704 psin_server, sizeof(struct sockaddr_in6), 0);
1705 if (rc >= 0)
1706 connected = 1;
1707 }
1708
1709 /* give up here - unless we want to retry on different
1710 protocol families some day */
1711 if (!connected) {
1712 if (orig_port)
1713 psin_server->sin6_port = orig_port;
1714 cFYI(1, ("Error %d connecting to server via ipv6", rc));
1715 sock_release(*csocket);
1716 *csocket = NULL;
1717 return rc;
1718 }
1719 /* Eventually check for other socket options to change from
1720 the default. sock_setsockopt not used because it expects
1721 user space buffer */
1722 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1723
1724 return rc;
1725 }
1726
1727 void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon,
1728 struct super_block *sb, struct smb_vol *vol_info)
1729 {
1730 /* if we are reconnecting then should we check to see if
1731 * any requested capabilities changed locally e.g. via
1732 * remount but we can not do much about it here
1733 * if they have (even if we could detect it by the following)
1734 * Perhaps we could add a backpointer to array of sb from tcon
1735 * or if we change to make all sb to same share the same
1736 * sb as NFS - then we only have one backpointer to sb.
1737 * What if we wanted to mount the server share twice once with
1738 * and once without posixacls or posix paths? */
1739 __u64 saved_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
1740
1741 if (vol_info && vol_info->no_linux_ext) {
1742 tcon->fsUnixInfo.Capability = 0;
1743 tcon->unix_ext = 0; /* Unix Extensions disabled */
1744 cFYI(1, ("Linux protocol extensions disabled"));
1745 return;
1746 } else if (vol_info)
1747 tcon->unix_ext = 1; /* Unix Extensions supported */
1748
1749 if (tcon->unix_ext == 0) {
1750 cFYI(1, ("Unix extensions disabled so not set on reconnect"));
1751 return;
1752 }
1753
1754 if (!CIFSSMBQFSUnixInfo(xid, tcon)) {
1755 __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
1756
1757 /* check for reconnect case in which we do not
1758 want to change the mount behavior if we can avoid it */
1759 if (vol_info == NULL) {
1760 /* turn off POSIX ACL and PATHNAMES if not set
1761 originally at mount time */
1762 if ((saved_cap & CIFS_UNIX_POSIX_ACL_CAP) == 0)
1763 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
1764 if ((saved_cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
1765 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
1766 cERROR(1, ("POSIXPATH support change"));
1767 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
1768 } else if ((cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
1769 cERROR(1, ("possible reconnect error"));
1770 cERROR(1,
1771 ("server disabled POSIX path support"));
1772 }
1773 }
1774
1775 cap &= CIFS_UNIX_CAP_MASK;
1776 if (vol_info && vol_info->no_psx_acl)
1777 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
1778 else if (CIFS_UNIX_POSIX_ACL_CAP & cap) {
1779 cFYI(1, ("negotiated posix acl support"));
1780 if (sb)
1781 sb->s_flags |= MS_POSIXACL;
1782 }
1783
1784 if (vol_info && vol_info->posix_paths == 0)
1785 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
1786 else if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
1787 cFYI(1, ("negotiate posix pathnames"));
1788 if (sb)
1789 CIFS_SB(sb)->mnt_cifs_flags |=
1790 CIFS_MOUNT_POSIX_PATHS;
1791 }
1792
1793 /* We might be setting the path sep back to a different
1794 form if we are reconnecting and the server switched its
1795 posix path capability for this share */
1796 if (sb && (CIFS_SB(sb)->prepathlen > 0))
1797 CIFS_SB(sb)->prepath[0] = CIFS_DIR_SEP(CIFS_SB(sb));
1798
1799 if (sb && (CIFS_SB(sb)->rsize > 127 * 1024)) {
1800 if ((cap & CIFS_UNIX_LARGE_READ_CAP) == 0) {
1801 CIFS_SB(sb)->rsize = 127 * 1024;
1802 cFYI(DBG2,
1803 ("larger reads not supported by srv"));
1804 }
1805 }
1806
1807
1808 cFYI(1, ("Negotiate caps 0x%x", (int)cap));
1809 #ifdef CONFIG_CIFS_DEBUG2
1810 if (cap & CIFS_UNIX_FCNTL_CAP)
1811 cFYI(1, ("FCNTL cap"));
1812 if (cap & CIFS_UNIX_EXTATTR_CAP)
1813 cFYI(1, ("EXTATTR cap"));
1814 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
1815 cFYI(1, ("POSIX path cap"));
1816 if (cap & CIFS_UNIX_XATTR_CAP)
1817 cFYI(1, ("XATTR cap"));
1818 if (cap & CIFS_UNIX_POSIX_ACL_CAP)
1819 cFYI(1, ("POSIX ACL cap"));
1820 if (cap & CIFS_UNIX_LARGE_READ_CAP)
1821 cFYI(1, ("very large read cap"));
1822 if (cap & CIFS_UNIX_LARGE_WRITE_CAP)
1823 cFYI(1, ("very large write cap"));
1824 #endif /* CIFS_DEBUG2 */
1825 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
1826 if (vol_info == NULL) {
1827 cFYI(1, ("resetting capabilities failed"));
1828 } else
1829 cERROR(1, ("Negotiating Unix capabilities "
1830 "with the server failed. Consider "
1831 "mounting with the Unix Extensions\n"
1832 "disabled, if problems are found, "
1833 "by specifying the nounix mount "
1834 "option."));
1835
1836 }
1837 }
1838 }
1839
1840 static void
1841 convert_delimiter(char *path, char delim)
1842 {
1843 int i;
1844 char old_delim;
1845
1846 if (path == NULL)
1847 return;
1848
1849 if (delim == '/')
1850 old_delim = '\\';
1851 else
1852 old_delim = '/';
1853
1854 for (i = 0; path[i] != '\0'; i++) {
1855 if (path[i] == old_delim)
1856 path[i] = delim;
1857 }
1858 }
1859
1860 static void
1861 kill_cifsd(struct TCP_Server_Info *server)
1862 {
1863 struct task_struct *task;
1864
1865 task = xchg(&server->tsk, NULL);
1866 if (task)
1867 force_sig(SIGKILL, task);
1868 }
1869
1870 int
1871 cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
1872 char *mount_data, const char *devname)
1873 {
1874 int rc = 0;
1875 int xid;
1876 int address_type = AF_INET;
1877 struct socket *csocket = NULL;
1878 struct sockaddr_in sin_server;
1879 struct sockaddr_in6 sin_server6;
1880 struct smb_vol volume_info;
1881 struct cifsSesInfo *pSesInfo = NULL;
1882 struct cifsSesInfo *existingCifsSes = NULL;
1883 struct cifsTconInfo *tcon = NULL;
1884 struct TCP_Server_Info *srvTcp = NULL;
1885
1886 xid = GetXid();
1887
1888 /* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */
1889
1890 memset(&volume_info, 0, sizeof(struct smb_vol));
1891 if (cifs_parse_mount_options(mount_data, devname, &volume_info)) {
1892 rc = -EINVAL;
1893 goto out;
1894 }
1895
1896 if (volume_info.nullauth) {
1897 cFYI(1, ("null user"));
1898 volume_info.username = "";
1899 } else if (volume_info.username) {
1900 /* BB fixme parse for domain name here */
1901 cFYI(1, ("Username: %s", volume_info.username));
1902 } else {
1903 cifserror("No username specified");
1904 /* In userspace mount helper we can get user name from alternate
1905 locations such as env variables and files on disk */
1906 rc = -EINVAL;
1907 goto out;
1908 }
1909
1910 if (volume_info.UNCip && volume_info.UNC) {
1911 rc = cifs_inet_pton(AF_INET, volume_info.UNCip,
1912 &sin_server.sin_addr.s_addr);
1913
1914 if (rc <= 0) {
1915 /* not ipv4 address, try ipv6 */
1916 rc = cifs_inet_pton(AF_INET6, volume_info.UNCip,
1917 &sin_server6.sin6_addr.in6_u);
1918 if (rc > 0)
1919 address_type = AF_INET6;
1920 } else {
1921 address_type = AF_INET;
1922 }
1923
1924 if (rc <= 0) {
1925 /* we failed translating address */
1926 rc = -EINVAL;
1927 goto out;
1928 }
1929
1930 cFYI(1, ("UNC: %s ip: %s", volume_info.UNC, volume_info.UNCip));
1931 /* success */
1932 rc = 0;
1933 } else if (volume_info.UNCip) {
1934 /* BB using ip addr as server name to connect to the
1935 DFS root below */
1936 cERROR(1, ("Connecting to DFS root not implemented yet"));
1937 rc = -EINVAL;
1938 goto out;
1939 } else /* which servers DFS root would we conect to */ {
1940 cERROR(1,
1941 ("CIFS mount error: No UNC path (e.g. -o "
1942 "unc=//192.168.1.100/public) specified"));
1943 rc = -EINVAL;
1944 goto out;
1945 }
1946
1947 /* this is needed for ASCII cp to Unicode converts */
1948 if (volume_info.iocharset == NULL) {
1949 cifs_sb->local_nls = load_nls_default();
1950 /* load_nls_default can not return null */
1951 } else {
1952 cifs_sb->local_nls = load_nls(volume_info.iocharset);
1953 if (cifs_sb->local_nls == NULL) {
1954 cERROR(1, ("CIFS mount error: iocharset %s not found",
1955 volume_info.iocharset));
1956 rc = -ELIBACC;
1957 goto out;
1958 }
1959 }
1960
1961 if (address_type == AF_INET)
1962 existingCifsSes = cifs_find_tcp_session(&sin_server.sin_addr,
1963 NULL /* no ipv6 addr */,
1964 volume_info.username, &srvTcp);
1965 else if (address_type == AF_INET6) {
1966 cFYI(1, ("looking for ipv6 address"));
1967 existingCifsSes = cifs_find_tcp_session(NULL /* no ipv4 addr */,
1968 &sin_server6.sin6_addr,
1969 volume_info.username, &srvTcp);
1970 } else {
1971 rc = -EINVAL;
1972 goto out;
1973 }
1974
1975 if (srvTcp) {
1976 cFYI(1, ("Existing tcp session with server found"));
1977 } else { /* create socket */
1978 if (volume_info.port)
1979 sin_server.sin_port = htons(volume_info.port);
1980 else
1981 sin_server.sin_port = 0;
1982 if (address_type == AF_INET6) {
1983 cFYI(1, ("attempting ipv6 connect"));
1984 /* BB should we allow ipv6 on port 139? */
1985 /* other OS never observed in Wild doing 139 with v6 */
1986 rc = ipv6_connect(&sin_server6, &csocket);
1987 } else
1988 rc = ipv4_connect(&sin_server, &csocket,
1989 volume_info.source_rfc1001_name,
1990 volume_info.target_rfc1001_name);
1991 if (rc < 0) {
1992 cERROR(1, ("Error connecting to IPv4 socket. "
1993 "Aborting operation"));
1994 if (csocket != NULL)
1995 sock_release(csocket);
1996 goto out;
1997 }
1998
1999 srvTcp = kzalloc(sizeof(struct TCP_Server_Info), GFP_KERNEL);
2000 if (!srvTcp) {
2001 rc = -ENOMEM;
2002 sock_release(csocket);
2003 goto out;
2004 } else {
2005 memcpy(&srvTcp->addr.sockAddr, &sin_server,
2006 sizeof(struct sockaddr_in));
2007 atomic_set(&srvTcp->inFlight, 0);
2008 /* BB Add code for ipv6 case too */
2009 srvTcp->ssocket = csocket;
2010 srvTcp->protocolType = IPV4;
2011 srvTcp->hostname = extract_hostname(volume_info.UNC);
2012 if (IS_ERR(srvTcp->hostname)) {
2013 rc = PTR_ERR(srvTcp->hostname);
2014 sock_release(csocket);
2015 goto out;
2016 }
2017 init_waitqueue_head(&srvTcp->response_q);
2018 init_waitqueue_head(&srvTcp->request_q);
2019 INIT_LIST_HEAD(&srvTcp->pending_mid_q);
2020 /* at this point we are the only ones with the pointer
2021 to the struct since the kernel thread not created yet
2022 so no need to spinlock this init of tcpStatus */
2023 srvTcp->tcpStatus = CifsNew;
2024 init_MUTEX(&srvTcp->tcpSem);
2025 srvTcp->tsk = kthread_run((void *)(void *)cifs_demultiplex_thread, srvTcp, "cifsd");
2026 if (IS_ERR(srvTcp->tsk)) {
2027 rc = PTR_ERR(srvTcp->tsk);
2028 cERROR(1, ("error %d create cifsd thread", rc));
2029 srvTcp->tsk = NULL;
2030 sock_release(csocket);
2031 kfree(srvTcp->hostname);
2032 goto out;
2033 }
2034 rc = 0;
2035 memcpy(srvTcp->workstation_RFC1001_name,
2036 volume_info.source_rfc1001_name, 16);
2037 memcpy(srvTcp->server_RFC1001_name,
2038 volume_info.target_rfc1001_name, 16);
2039 srvTcp->sequence_number = 0;
2040 }
2041 }
2042
2043 if (existingCifsSes) {
2044 pSesInfo = existingCifsSes;
2045 cFYI(1, ("Existing smb sess found (status=%d)",
2046 pSesInfo->status));
2047 down(&pSesInfo->sesSem);
2048 if (pSesInfo->status == CifsNeedReconnect) {
2049 cFYI(1, ("Session needs reconnect"));
2050 rc = cifs_setup_session(xid, pSesInfo,
2051 cifs_sb->local_nls);
2052 }
2053 up(&pSesInfo->sesSem);
2054 } else if (!rc) {
2055 cFYI(1, ("Existing smb sess not found"));
2056 pSesInfo = sesInfoAlloc();
2057 if (pSesInfo == NULL)
2058 rc = -ENOMEM;
2059 else {
2060 pSesInfo->server = srvTcp;
2061 sprintf(pSesInfo->serverName, "%u.%u.%u.%u",
2062 NIPQUAD(sin_server.sin_addr.s_addr));
2063 }
2064
2065 if (!rc) {
2066 /* volume_info.password freed at unmount */
2067 if (volume_info.password) {
2068 pSesInfo->password = volume_info.password;
2069 /* set to NULL to prevent freeing on exit */
2070 volume_info.password = NULL;
2071 }
2072 if (volume_info.username)
2073 strncpy(pSesInfo->userName,
2074 volume_info.username,
2075 MAX_USERNAME_SIZE);
2076 if (volume_info.domainname) {
2077 int len = strlen(volume_info.domainname);
2078 pSesInfo->domainName =
2079 kmalloc(len + 1, GFP_KERNEL);
2080 if (pSesInfo->domainName)
2081 strcpy(pSesInfo->domainName,
2082 volume_info.domainname);
2083 }
2084 pSesInfo->linux_uid = volume_info.linux_uid;
2085 pSesInfo->overrideSecFlg = volume_info.secFlg;
2086 down(&pSesInfo->sesSem);
2087 /* BB FIXME need to pass vol->secFlgs BB */
2088 rc = cifs_setup_session(xid, pSesInfo,
2089 cifs_sb->local_nls);
2090 up(&pSesInfo->sesSem);
2091 if (!rc)
2092 atomic_inc(&srvTcp->socketUseCount);
2093 }
2094 }
2095
2096 /* search for existing tcon to this server share */
2097 if (!rc) {
2098 if (volume_info.rsize > CIFSMaxBufSize) {
2099 cERROR(1, ("rsize %d too large, using MaxBufSize",
2100 volume_info.rsize));
2101 cifs_sb->rsize = CIFSMaxBufSize;
2102 } else if ((volume_info.rsize) &&
2103 (volume_info.rsize <= CIFSMaxBufSize))
2104 cifs_sb->rsize = volume_info.rsize;
2105 else /* default */
2106 cifs_sb->rsize = CIFSMaxBufSize;
2107
2108 if (volume_info.wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
2109 cERROR(1, ("wsize %d too large, using 4096 instead",
2110 volume_info.wsize));
2111 cifs_sb->wsize = 4096;
2112 } else if (volume_info.wsize)
2113 cifs_sb->wsize = volume_info.wsize;
2114 else
2115 cifs_sb->wsize =
2116 min_t(const int, PAGEVEC_SIZE * PAGE_CACHE_SIZE,
2117 127*1024);
2118 /* old default of CIFSMaxBufSize was too small now
2119 that SMB Write2 can send multiple pages in kvec.
2120 RFC1001 does not describe what happens when frame
2121 bigger than 128K is sent so use that as max in
2122 conjunction with 52K kvec constraint on arch with 4K
2123 page size */
2124
2125 if (cifs_sb->rsize < 2048) {
2126 cifs_sb->rsize = 2048;
2127 /* Windows ME may prefer this */
2128 cFYI(1, ("readsize set to minimum: 2048"));
2129 }
2130 /* calculate prepath */
2131 cifs_sb->prepath = volume_info.prepath;
2132 if (cifs_sb->prepath) {
2133 cifs_sb->prepathlen = strlen(cifs_sb->prepath);
2134 /* we can not convert the / to \ in the path
2135 separators in the prefixpath yet because we do not
2136 know (until reset_cifs_unix_caps is called later)
2137 whether POSIX PATH CAP is available. We normalize
2138 the / to \ after reset_cifs_unix_caps is called */
2139 volume_info.prepath = NULL;
2140 } else
2141 cifs_sb->prepathlen = 0;
2142 cifs_sb->mnt_uid = volume_info.linux_uid;
2143 cifs_sb->mnt_gid = volume_info.linux_gid;
2144 cifs_sb->mnt_file_mode = volume_info.file_mode;
2145 cifs_sb->mnt_dir_mode = volume_info.dir_mode;
2146 cFYI(1, ("file mode: 0x%x dir mode: 0x%x",
2147 cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode));
2148
2149 if (volume_info.noperm)
2150 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
2151 if (volume_info.setuids)
2152 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
2153 if (volume_info.server_ino)
2154 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
2155 if (volume_info.remap)
2156 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
2157 if (volume_info.no_xattr)
2158 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
2159 if (volume_info.sfu_emul)
2160 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
2161 if (volume_info.nobrl)
2162 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
2163 if (volume_info.cifs_acl)
2164 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
2165 if (volume_info.override_uid)
2166 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
2167 if (volume_info.override_gid)
2168 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
2169 if (volume_info.dynperm)
2170 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DYNPERM;
2171 if (volume_info.direct_io) {
2172 cFYI(1, ("mounting share using direct i/o"));
2173 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
2174 }
2175
2176 if ((volume_info.cifs_acl) && (volume_info.dynperm))
2177 cERROR(1, ("mount option dynperm ignored if cifsacl "
2178 "mount option supported"));
2179
2180 tcon =
2181 find_unc(sin_server.sin_addr.s_addr, volume_info.UNC,
2182 volume_info.username);
2183 if (tcon) {
2184 cFYI(1, ("Found match on UNC path"));
2185 /* we can have only one retry value for a connection
2186 to a share so for resources mounted more than once
2187 to the same server share the last value passed in
2188 for the retry flag is used */
2189 tcon->retry = volume_info.retry;
2190 tcon->nocase = volume_info.nocase;
2191 tcon->local_lease = volume_info.local_lease;
2192 if (tcon->seal != volume_info.seal)
2193 cERROR(1, ("transport encryption setting "
2194 "conflicts with existing tid"));
2195 } else {
2196 tcon = tconInfoAlloc();
2197 if (tcon == NULL)
2198 rc = -ENOMEM;
2199 else {
2200 /* check for null share name ie connecting to
2201 * dfs root */
2202
2203 /* BB check if this works for exactly length
2204 * three strings */
2205 if ((strchr(volume_info.UNC + 3, '\\') == NULL)
2206 && (strchr(volume_info.UNC + 3, '/') ==
2207 NULL)) {
2208 /* rc = connect_to_dfs_path(xid, pSesInfo,
2209 "", cifs_sb->local_nls,
2210 cifs_sb->mnt_cifs_flags &
2211 CIFS_MOUNT_MAP_SPECIAL_CHR);*/
2212 cFYI(1, ("DFS root not supported"));
2213 rc = -ENODEV;
2214 goto out;
2215 } else {
2216 /* BB Do we need to wrap sesSem around
2217 * this TCon call and Unix SetFS as
2218 * we do on SessSetup and reconnect? */
2219 rc = CIFSTCon(xid, pSesInfo,
2220 volume_info.UNC,
2221 tcon, cifs_sb->local_nls);
2222 cFYI(1, ("CIFS Tcon rc = %d", rc));
2223 if (volume_info.nodfs) {
2224 tcon->Flags &=
2225 ~SMB_SHARE_IS_IN_DFS;
2226 cFYI(1, ("DFS disabled (%d)",
2227 tcon->Flags));
2228 }
2229 }
2230 if (!rc) {
2231 atomic_inc(&pSesInfo->inUse);
2232 tcon->retry = volume_info.retry;
2233 tcon->nocase = volume_info.nocase;
2234 tcon->seal = volume_info.seal;
2235 }
2236 }
2237 }
2238 }
2239 if (pSesInfo) {
2240 if (pSesInfo->capabilities & CAP_LARGE_FILES) {
2241 sb->s_maxbytes = (u64) 1 << 63;
2242 } else
2243 sb->s_maxbytes = (u64) 1 << 31; /* 2 GB */
2244 }
2245
2246 /* BB FIXME fix time_gran to be larger for LANMAN sessions */
2247 sb->s_time_gran = 100;
2248
2249 /* on error free sesinfo and tcon struct if needed */
2250 if (rc) {
2251 /* if session setup failed, use count is zero but
2252 we still need to free cifsd thread */
2253 if (atomic_read(&srvTcp->socketUseCount) == 0) {
2254 spin_lock(&GlobalMid_Lock);
2255 srvTcp->tcpStatus = CifsExiting;
2256 spin_unlock(&GlobalMid_Lock);
2257 kill_cifsd(srvTcp);
2258 }
2259 /* If find_unc succeeded then rc == 0 so we can not end */
2260 if (tcon) /* up accidently freeing someone elses tcon struct */
2261 tconInfoFree(tcon);
2262 if (existingCifsSes == NULL) {
2263 if (pSesInfo) {
2264 if ((pSesInfo->server) &&
2265 (pSesInfo->status == CifsGood)) {
2266 int temp_rc;
2267 temp_rc = CIFSSMBLogoff(xid, pSesInfo);
2268 /* if the socketUseCount is now zero */
2269 if ((temp_rc == -ESHUTDOWN) &&
2270 (pSesInfo->server))
2271 kill_cifsd(pSesInfo->server);
2272 } else {
2273 cFYI(1, ("No session or bad tcon"));
2274 if (pSesInfo->server) {
2275 spin_lock(&GlobalMid_Lock);
2276 srvTcp->tcpStatus = CifsExiting;
2277 spin_unlock(&GlobalMid_Lock);
2278 kill_cifsd(pSesInfo->server);
2279 }
2280 }
2281 sesInfoFree(pSesInfo);
2282 /* pSesInfo = NULL; */
2283 }
2284 }
2285 } else {
2286 atomic_inc(&tcon->useCount);
2287 cifs_sb->tcon = tcon;
2288 tcon->ses = pSesInfo;
2289
2290 /* do not care if following two calls succeed - informational */
2291 if (!tcon->ipc) {
2292 CIFSSMBQFSDeviceInfo(xid, tcon);
2293 CIFSSMBQFSAttributeInfo(xid, tcon);
2294 }
2295
2296 /* tell server which Unix caps we support */
2297 if (tcon->ses->capabilities & CAP_UNIX)
2298 /* reset of caps checks mount to see if unix extensions
2299 disabled for just this mount */
2300 reset_cifs_unix_caps(xid, tcon, sb, &volume_info);
2301 else
2302 tcon->unix_ext = 0; /* server does not support them */
2303
2304 /* convert forward to back slashes in prepath here if needed */
2305 if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0)
2306 convert_delimiter(cifs_sb->prepath,
2307 CIFS_DIR_SEP(cifs_sb));
2308
2309 if ((tcon->unix_ext == 0) && (cifs_sb->rsize > (1024 * 127))) {
2310 cifs_sb->rsize = 1024 * 127;
2311 cFYI(DBG2,
2312 ("no very large read support, rsize now 127K"));
2313 }
2314 if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
2315 cifs_sb->wsize = min(cifs_sb->wsize,
2316 (tcon->ses->server->maxBuf -
2317 MAX_CIFS_HDR_SIZE));
2318 if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
2319 cifs_sb->rsize = min(cifs_sb->rsize,
2320 (tcon->ses->server->maxBuf -
2321 MAX_CIFS_HDR_SIZE));
2322 }
2323
2324 /* volume_info.password is freed above when existing session found
2325 (in which case it is not needed anymore) but when new sesion is created
2326 the password ptr is put in the new session structure (in which case the
2327 password will be freed at unmount time) */
2328 out:
2329 /* zero out password before freeing */
2330 if (volume_info.password != NULL) {
2331 memset(volume_info.password, 0, strlen(volume_info.password));
2332 kfree(volume_info.password);
2333 }
2334 kfree(volume_info.UNC);
2335 kfree(volume_info.prepath);
2336 FreeXid(xid);
2337 return rc;
2338 }
2339
2340 static int
2341 CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2342 char session_key[CIFS_SESS_KEY_SIZE],
2343 const struct nls_table *nls_codepage)
2344 {
2345 struct smb_hdr *smb_buffer;
2346 struct smb_hdr *smb_buffer_response;
2347 SESSION_SETUP_ANDX *pSMB;
2348 SESSION_SETUP_ANDX *pSMBr;
2349 char *bcc_ptr;
2350 char *user;
2351 char *domain;
2352 int rc = 0;
2353 int remaining_words = 0;
2354 int bytes_returned = 0;
2355 int len;
2356 __u32 capabilities;
2357 __u16 count;
2358
2359 cFYI(1, ("In sesssetup"));
2360 if (ses == NULL)
2361 return -EINVAL;
2362 user = ses->userName;
2363 domain = ses->domainName;
2364 smb_buffer = cifs_buf_get();
2365
2366 if (smb_buffer == NULL)
2367 return -ENOMEM;
2368
2369 smb_buffer_response = smb_buffer;
2370 pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2371
2372 /* send SMBsessionSetup here */
2373 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2374 NULL /* no tCon exists yet */ , 13 /* wct */ );
2375
2376 smb_buffer->Mid = GetNextMid(ses->server);
2377 pSMB->req_no_secext.AndXCommand = 0xFF;
2378 pSMB->req_no_secext.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2379 pSMB->req_no_secext.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2380
2381 if (ses->server->secMode &
2382 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2383 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2384
2385 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2386 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
2387 if (ses->capabilities & CAP_UNICODE) {
2388 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2389 capabilities |= CAP_UNICODE;
2390 }
2391 if (ses->capabilities & CAP_STATUS32) {
2392 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2393 capabilities |= CAP_STATUS32;
2394 }
2395 if (ses->capabilities & CAP_DFS) {
2396 smb_buffer->Flags2 |= SMBFLG2_DFS;
2397 capabilities |= CAP_DFS;
2398 }
2399 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
2400
2401 pSMB->req_no_secext.CaseInsensitivePasswordLength =
2402 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2403
2404 pSMB->req_no_secext.CaseSensitivePasswordLength =
2405 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2406 bcc_ptr = pByteArea(smb_buffer);
2407 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2408 bcc_ptr += CIFS_SESS_KEY_SIZE;
2409 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2410 bcc_ptr += CIFS_SESS_KEY_SIZE;
2411
2412 if (ses->capabilities & CAP_UNICODE) {
2413 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode */
2414 *bcc_ptr = 0;
2415 bcc_ptr++;
2416 }
2417 if (user == NULL)
2418 bytes_returned = 0; /* skip null user */
2419 else
2420 bytes_returned =
2421 cifs_strtoUCS((__le16 *) bcc_ptr, user, 100,
2422 nls_codepage);
2423 /* convert number of 16 bit words to bytes */
2424 bcc_ptr += 2 * bytes_returned;
2425 bcc_ptr += 2; /* trailing null */
2426 if (domain == NULL)
2427 bytes_returned =
2428 cifs_strtoUCS((__le16 *) bcc_ptr,
2429 "CIFS_LINUX_DOM", 32, nls_codepage);
2430 else
2431 bytes_returned =
2432 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2433 nls_codepage);
2434 bcc_ptr += 2 * bytes_returned;
2435 bcc_ptr += 2;
2436 bytes_returned =
2437 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2438 32, nls_codepage);
2439 bcc_ptr += 2 * bytes_returned;
2440 bytes_returned =
2441 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release,
2442 32, nls_codepage);
2443 bcc_ptr += 2 * bytes_returned;
2444 bcc_ptr += 2;
2445 bytes_returned =
2446 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2447 64, nls_codepage);
2448 bcc_ptr += 2 * bytes_returned;
2449 bcc_ptr += 2;
2450 } else {
2451 if (user != NULL) {
2452 strncpy(bcc_ptr, user, 200);
2453 bcc_ptr += strnlen(user, 200);
2454 }
2455 *bcc_ptr = 0;
2456 bcc_ptr++;
2457 if (domain == NULL) {
2458 strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2459 bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2460 } else {
2461 strncpy(bcc_ptr, domain, 64);
2462 bcc_ptr += strnlen(domain, 64);
2463 *bcc_ptr = 0;
2464 bcc_ptr++;
2465 }
2466 strcpy(bcc_ptr, "Linux version ");
2467 bcc_ptr += strlen("Linux version ");
2468 strcpy(bcc_ptr, utsname()->release);
2469 bcc_ptr += strlen(utsname()->release) + 1;
2470 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2471 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2472 }
2473 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2474 smb_buffer->smb_buf_length += count;
2475 pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
2476
2477 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2478 &bytes_returned, CIFS_LONG_OP);
2479 if (rc) {
2480 /* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2481 } else if ((smb_buffer_response->WordCount == 3)
2482 || (smb_buffer_response->WordCount == 4)) {
2483 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2484 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2485 if (action & GUEST_LOGIN)
2486 cFYI(1, (" Guest login")); /* BB mark SesInfo struct? */
2487 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format
2488 (little endian) */
2489 cFYI(1, ("UID = %d ", ses->Suid));
2490 /* response can have either 3 or 4 word count - Samba sends 3 */
2491 bcc_ptr = pByteArea(smb_buffer_response);
2492 if ((pSMBr->resp.hdr.WordCount == 3)
2493 || ((pSMBr->resp.hdr.WordCount == 4)
2494 && (blob_len < pSMBr->resp.ByteCount))) {
2495 if (pSMBr->resp.hdr.WordCount == 4)
2496 bcc_ptr += blob_len;
2497
2498 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2499 if ((long) (bcc_ptr) % 2) {
2500 remaining_words =
2501 (BCC(smb_buffer_response) - 1) / 2;
2502 /* Unicode strings must be word
2503 aligned */
2504 bcc_ptr++;
2505 } else {
2506 remaining_words =
2507 BCC(smb_buffer_response) / 2;
2508 }
2509 len =
2510 UniStrnlen((wchar_t *) bcc_ptr,
2511 remaining_words - 1);
2512 /* We look for obvious messed up bcc or strings in response so we do not go off
2513 the end since (at least) WIN2K and Windows XP have a major bug in not null
2514 terminating last Unicode string in response */
2515 if (ses->serverOS)
2516 kfree(ses->serverOS);
2517 ses->serverOS = kzalloc(2 * (len + 1),
2518 GFP_KERNEL);
2519 if (ses->serverOS == NULL)
2520 goto sesssetup_nomem;
2521 cifs_strfromUCS_le(ses->serverOS,
2522 (__le16 *)bcc_ptr,
2523 len, nls_codepage);
2524 bcc_ptr += 2 * (len + 1);
2525 remaining_words -= len + 1;
2526 ses->serverOS[2 * len] = 0;
2527 ses->serverOS[1 + (2 * len)] = 0;
2528 if (remaining_words > 0) {
2529 len = UniStrnlen((wchar_t *)bcc_ptr,
2530 remaining_words-1);
2531 kfree(ses->serverNOS);
2532 ses->serverNOS = kzalloc(2 * (len + 1),
2533 GFP_KERNEL);
2534 if (ses->serverNOS == NULL)
2535 goto sesssetup_nomem;
2536 cifs_strfromUCS_le(ses->serverNOS,
2537 (__le16 *)bcc_ptr,
2538 len, nls_codepage);
2539 bcc_ptr += 2 * (len + 1);
2540 ses->serverNOS[2 * len] = 0;
2541 ses->serverNOS[1 + (2 * len)] = 0;
2542 if (strncmp(ses->serverNOS,
2543 "NT LAN Manager 4", 16) == 0) {
2544 cFYI(1, ("NT4 server"));
2545 ses->flags |= CIFS_SES_NT4;
2546 }
2547 remaining_words -= len + 1;
2548 if (remaining_words > 0) {
2549 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2550 /* last string is not always null terminated
2551 (for e.g. for Windows XP & 2000) */
2552 if (ses->serverDomain)
2553 kfree(ses->serverDomain);
2554 ses->serverDomain =
2555 kzalloc(2*(len+1),
2556 GFP_KERNEL);
2557 if (ses->serverDomain == NULL)
2558 goto sesssetup_nomem;
2559 cifs_strfromUCS_le(ses->serverDomain,
2560 (__le16 *)bcc_ptr,
2561 len, nls_codepage);
2562 bcc_ptr += 2 * (len + 1);
2563 ses->serverDomain[2*len] = 0;
2564 ses->serverDomain[1+(2*len)] = 0;
2565 } else { /* else no more room so create
2566 dummy domain string */
2567 if (ses->serverDomain)
2568 kfree(ses->serverDomain);
2569 ses->serverDomain =
2570 kzalloc(2, GFP_KERNEL);
2571 }
2572 } else { /* no room so create dummy domain
2573 and NOS string */
2574
2575 /* if these kcallocs fail not much we
2576 can do, but better to not fail the
2577 sesssetup itself */
2578 kfree(ses->serverDomain);
2579 ses->serverDomain =
2580 kzalloc(2, GFP_KERNEL);
2581 kfree(ses->serverNOS);
2582 ses->serverNOS =
2583 kzalloc(2, GFP_KERNEL);
2584 }
2585 } else { /* ASCII */
2586 len = strnlen(bcc_ptr, 1024);
2587 if (((long) bcc_ptr + len) - (long)
2588 pByteArea(smb_buffer_response)
2589 <= BCC(smb_buffer_response)) {
2590 kfree(ses->serverOS);
2591 ses->serverOS = kzalloc(len + 1,
2592 GFP_KERNEL);
2593 if (ses->serverOS == NULL)
2594 goto sesssetup_nomem;
2595 strncpy(ses->serverOS, bcc_ptr, len);
2596
2597 bcc_ptr += len;
2598 /* null terminate the string */
2599 bcc_ptr[0] = 0;
2600 bcc_ptr++;
2601
2602 len = strnlen(bcc_ptr, 1024);
2603 kfree(ses->serverNOS);
2604 ses->serverNOS = kzalloc(len + 1,
2605 GFP_KERNEL);
2606 if (ses->serverNOS == NULL)
2607 goto sesssetup_nomem;
2608 strncpy(ses->serverNOS, bcc_ptr, len);
2609 bcc_ptr += len;
2610 bcc_ptr[0] = 0;
2611 bcc_ptr++;
2612
2613 len = strnlen(bcc_ptr, 1024);
2614 if (ses->serverDomain)
2615 kfree(ses->serverDomain);
2616 ses->serverDomain = kzalloc(len + 1,
2617 GFP_KERNEL);
2618 if (ses->serverDomain == NULL)
2619 goto sesssetup_nomem;
2620 strncpy(ses->serverDomain, bcc_ptr,
2621 len);
2622 bcc_ptr += len;
2623 bcc_ptr[0] = 0;
2624 bcc_ptr++;
2625 } else
2626 cFYI(1,
2627 ("Variable field of length %d "
2628 "extends beyond end of smb ",
2629 len));
2630 }
2631 } else {
2632 cERROR(1,
2633 (" Security Blob Length extends beyond "
2634 "end of SMB"));
2635 }
2636 } else {
2637 cERROR(1,
2638 (" Invalid Word count %d: ",
2639 smb_buffer_response->WordCount));
2640 rc = -EIO;
2641 }
2642 sesssetup_nomem: /* do not return an error on nomem for the info strings,
2643 since that could make reconnection harder, and
2644 reconnection might be needed to free memory */
2645 cifs_buf_release(smb_buffer);
2646
2647 return rc;
2648 }
2649
2650 static int
2651 CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2652 struct cifsSesInfo *ses, bool *pNTLMv2_flag,
2653 const struct nls_table *nls_codepage)
2654 {
2655 struct smb_hdr *smb_buffer;
2656 struct smb_hdr *smb_buffer_response;
2657 SESSION_SETUP_ANDX *pSMB;
2658 SESSION_SETUP_ANDX *pSMBr;
2659 char *bcc_ptr;
2660 char *domain;
2661 int rc = 0;
2662 int remaining_words = 0;
2663 int bytes_returned = 0;
2664 int len;
2665 int SecurityBlobLength = sizeof(NEGOTIATE_MESSAGE);
2666 PNEGOTIATE_MESSAGE SecurityBlob;
2667 PCHALLENGE_MESSAGE SecurityBlob2;
2668 __u32 negotiate_flags, capabilities;
2669 __u16 count;
2670
2671 cFYI(1, ("In NTLMSSP sesssetup (negotiate)"));
2672 if (ses == NULL)
2673 return -EINVAL;
2674 domain = ses->domainName;
2675 *pNTLMv2_flag = false;
2676 smb_buffer = cifs_buf_get();
2677 if (smb_buffer == NULL) {
2678 return -ENOMEM;
2679 }
2680 smb_buffer_response = smb_buffer;
2681 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2682 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2683
2684 /* send SMBsessionSetup here */
2685 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2686 NULL /* no tCon exists yet */ , 12 /* wct */ );
2687
2688 smb_buffer->Mid = GetNextMid(ses->server);
2689 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2690 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2691
2692 pSMB->req.AndXCommand = 0xFF;
2693 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2694 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2695
2696 if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2697 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2698
2699 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2700 CAP_EXTENDED_SECURITY;
2701 if (ses->capabilities & CAP_UNICODE) {
2702 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2703 capabilities |= CAP_UNICODE;
2704 }
2705 if (ses->capabilities & CAP_STATUS32) {
2706 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2707 capabilities |= CAP_STATUS32;
2708 }
2709 if (ses->capabilities & CAP_DFS) {
2710 smb_buffer->Flags2 |= SMBFLG2_DFS;
2711 capabilities |= CAP_DFS;
2712 }
2713 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2714
2715 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2716 SecurityBlob = (PNEGOTIATE_MESSAGE) bcc_ptr;
2717 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2718 SecurityBlob->MessageType = NtLmNegotiate;
2719 negotiate_flags =
2720 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
2721 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM |
2722 NTLMSSP_NEGOTIATE_56 |
2723 /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
2724 if (sign_CIFS_PDUs)
2725 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
2726 /* if (ntlmv2_support)
2727 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;*/
2728 /* setup pointers to domain name and workstation name */
2729 bcc_ptr += SecurityBlobLength;
2730
2731 SecurityBlob->WorkstationName.Buffer = 0;
2732 SecurityBlob->WorkstationName.Length = 0;
2733 SecurityBlob->WorkstationName.MaximumLength = 0;
2734
2735 /* Domain not sent on first Sesssetup in NTLMSSP, instead it is sent
2736 along with username on auth request (ie the response to challenge) */
2737 SecurityBlob->DomainName.Buffer = 0;
2738 SecurityBlob->DomainName.Length = 0;
2739 SecurityBlob->DomainName.MaximumLength = 0;
2740 if (ses->capabilities & CAP_UNICODE) {
2741 if ((long) bcc_ptr % 2) {
2742 *bcc_ptr = 0;
2743 bcc_ptr++;
2744 }
2745
2746 bytes_returned =
2747 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2748 32, nls_codepage);
2749 bcc_ptr += 2 * bytes_returned;
2750 bytes_returned =
2751 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
2752 nls_codepage);
2753 bcc_ptr += 2 * bytes_returned;
2754 bcc_ptr += 2; /* null terminate Linux version */
2755 bytes_returned =
2756 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2757 64, nls_codepage);
2758 bcc_ptr += 2 * bytes_returned;
2759 *(bcc_ptr + 1) = 0;
2760 *(bcc_ptr + 2) = 0;
2761 bcc_ptr += 2; /* null terminate network opsys string */
2762 *(bcc_ptr + 1) = 0;
2763 *(bcc_ptr + 2) = 0;
2764 bcc_ptr += 2; /* null domain */
2765 } else { /* ASCII */
2766 strcpy(bcc_ptr, "Linux version ");
2767 bcc_ptr += strlen("Linux version ");
2768 strcpy(bcc_ptr, utsname()->release);
2769 bcc_ptr += strlen(utsname()->release) + 1;
2770 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2771 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2772 bcc_ptr++; /* empty domain field */
2773 *bcc_ptr = 0;
2774 }
2775 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2776 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2777 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2778 smb_buffer->smb_buf_length += count;
2779 pSMB->req.ByteCount = cpu_to_le16(count);
2780
2781 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2782 &bytes_returned, CIFS_LONG_OP);
2783
2784 if (smb_buffer_response->Status.CifsError ==
2785 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
2786 rc = 0;
2787
2788 if (rc) {
2789 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2790 } else if ((smb_buffer_response->WordCount == 3)
2791 || (smb_buffer_response->WordCount == 4)) {
2792 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2793 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2794
2795 if (action & GUEST_LOGIN)
2796 cFYI(1, (" Guest login"));
2797 /* Do we want to set anything in SesInfo struct when guest login? */
2798
2799 bcc_ptr = pByteArea(smb_buffer_response);
2800 /* response can have either 3 or 4 word count - Samba sends 3 */
2801
2802 SecurityBlob2 = (PCHALLENGE_MESSAGE) bcc_ptr;
2803 if (SecurityBlob2->MessageType != NtLmChallenge) {
2804 cFYI(1,
2805 ("Unexpected NTLMSSP message type received %d",
2806 SecurityBlob2->MessageType));
2807 } else if (ses) {
2808 ses->Suid = smb_buffer_response->Uid; /* UID left in le format */
2809 cFYI(1, ("UID = %d", ses->Suid));
2810 if ((pSMBr->resp.hdr.WordCount == 3)
2811 || ((pSMBr->resp.hdr.WordCount == 4)
2812 && (blob_len <
2813 pSMBr->resp.ByteCount))) {
2814
2815 if (pSMBr->resp.hdr.WordCount == 4) {
2816 bcc_ptr += blob_len;
2817 cFYI(1, ("Security Blob Length %d",
2818 blob_len));
2819 }
2820
2821 cFYI(1, ("NTLMSSP Challenge rcvd"));
2822
2823 memcpy(ses->server->cryptKey,
2824 SecurityBlob2->Challenge,
2825 CIFS_CRYPTO_KEY_SIZE);
2826 if (SecurityBlob2->NegotiateFlags &
2827 cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
2828 *pNTLMv2_flag = true;
2829
2830 if ((SecurityBlob2->NegotiateFlags &
2831 cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN))
2832 || (sign_CIFS_PDUs > 1))
2833 ses->server->secMode |=
2834 SECMODE_SIGN_REQUIRED;
2835 if ((SecurityBlob2->NegotiateFlags &
2836 cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN)) && (sign_CIFS_PDUs))
2837 ses->server->secMode |=
2838 SECMODE_SIGN_ENABLED;
2839
2840 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2841 if ((long) (bcc_ptr) % 2) {
2842 remaining_words =
2843 (BCC(smb_buffer_response)
2844 - 1) / 2;
2845 /* Must word align unicode strings */
2846 bcc_ptr++;
2847 } else {
2848 remaining_words =
2849 BCC
2850 (smb_buffer_response) / 2;
2851 }
2852 len =
2853 UniStrnlen((wchar_t *) bcc_ptr,
2854 remaining_words - 1);
2855 /* We look for obvious messed up bcc or strings in response so we do not go off
2856 the end since (at least) WIN2K and Windows XP have a major bug in not null
2857 terminating last Unicode string in response */
2858 if (ses->serverOS)
2859 kfree(ses->serverOS);
2860 ses->serverOS =
2861 kzalloc(2 * (len + 1), GFP_KERNEL);
2862 cifs_strfromUCS_le(ses->serverOS,
2863 (__le16 *)
2864 bcc_ptr, len,
2865 nls_codepage);
2866 bcc_ptr += 2 * (len + 1);
2867 remaining_words -= len + 1;
2868 ses->serverOS[2 * len] = 0;
2869 ses->serverOS[1 + (2 * len)] = 0;
2870 if (remaining_words > 0) {
2871 len = UniStrnlen((wchar_t *)
2872 bcc_ptr,
2873 remaining_words
2874 - 1);
2875 kfree(ses->serverNOS);
2876 ses->serverNOS =
2877 kzalloc(2 * (len + 1),
2878 GFP_KERNEL);
2879 cifs_strfromUCS_le(ses->
2880 serverNOS,
2881 (__le16 *)
2882 bcc_ptr,
2883 len,
2884 nls_codepage);
2885 bcc_ptr += 2 * (len + 1);
2886 ses->serverNOS[2 * len] = 0;
2887 ses->serverNOS[1 +
2888 (2 * len)] = 0;
2889 remaining_words -= len + 1;
2890 if (remaining_words > 0) {
2891 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2892 /* last string not always null terminated
2893 (for e.g. for Windows XP & 2000) */
2894 kfree(ses->serverDomain);
2895 ses->serverDomain =
2896 kzalloc(2 *
2897 (len +
2898 1),
2899 GFP_KERNEL);
2900 cifs_strfromUCS_le
2901 (ses->serverDomain,
2902 (__le16 *)bcc_ptr,
2903 len, nls_codepage);
2904 bcc_ptr +=
2905 2 * (len + 1);
2906 ses->serverDomain[2*len]
2907 = 0;
2908 ses->serverDomain
2909 [1 + (2 * len)]
2910 = 0;
2911 } /* else no more room so create dummy domain string */
2912 else {
2913 kfree(ses->serverDomain);
2914 ses->serverDomain =
2915 kzalloc(2,
2916 GFP_KERNEL);
2917 }
2918 } else { /* no room so create dummy domain and NOS string */
2919 kfree(ses->serverDomain);
2920 ses->serverDomain =
2921 kzalloc(2, GFP_KERNEL);
2922 kfree(ses->serverNOS);
2923 ses->serverNOS =
2924 kzalloc(2, GFP_KERNEL);
2925 }
2926 } else { /* ASCII */
2927 len = strnlen(bcc_ptr, 1024);
2928 if (((long) bcc_ptr + len) - (long)
2929 pByteArea(smb_buffer_response)
2930 <= BCC(smb_buffer_response)) {
2931 if (ses->serverOS)
2932 kfree(ses->serverOS);
2933 ses->serverOS =
2934 kzalloc(len + 1,
2935 GFP_KERNEL);
2936 strncpy(ses->serverOS,
2937 bcc_ptr, len);
2938
2939 bcc_ptr += len;
2940 bcc_ptr[0] = 0; /* null terminate string */
2941 bcc_ptr++;
2942
2943 len = strnlen(bcc_ptr, 1024);
2944 kfree(ses->serverNOS);
2945 ses->serverNOS =
2946 kzalloc(len + 1,
2947 GFP_KERNEL);
2948 strncpy(ses->serverNOS, bcc_ptr, len);
2949 bcc_ptr += len;
2950 bcc_ptr[0] = 0;
2951 bcc_ptr++;
2952
2953 len = strnlen(bcc_ptr, 1024);
2954 kfree(ses->serverDomain);
2955 ses->serverDomain =
2956 kzalloc(len + 1,
2957 GFP_KERNEL);
2958 strncpy(ses->serverDomain,
2959 bcc_ptr, len);
2960 bcc_ptr += len;
2961 bcc_ptr[0] = 0;
2962 bcc_ptr++;
2963 } else
2964 cFYI(1,
2965 ("field of length %d "
2966 "extends beyond end of smb",
2967 len));
2968 }
2969 } else {
2970 cERROR(1, ("Security Blob Length extends beyond"
2971 " end of SMB"));
2972 }
2973 } else {
2974 cERROR(1, ("No session structure passed in."));
2975 }
2976 } else {
2977 cERROR(1,
2978 (" Invalid Word count %d:",
2979 smb_buffer_response->WordCount));
2980 rc = -EIO;
2981 }
2982
2983 cifs_buf_release(smb_buffer);
2984
2985 return rc;
2986 }
2987 static int
2988 CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2989 char *ntlm_session_key, bool ntlmv2_flag,
2990 const struct nls_table *nls_codepage)
2991 {
2992 struct smb_hdr *smb_buffer;
2993 struct smb_hdr *smb_buffer_response;
2994 SESSION_SETUP_ANDX *pSMB;
2995 SESSION_SETUP_ANDX *pSMBr;
2996 char *bcc_ptr;
2997 char *user;
2998 char *domain;
2999 int rc = 0;
3000 int remaining_words = 0;
3001 int bytes_returned = 0;
3002 int len;
3003 int SecurityBlobLength = sizeof(AUTHENTICATE_MESSAGE);
3004 PAUTHENTICATE_MESSAGE SecurityBlob;
3005 __u32 negotiate_flags, capabilities;
3006 __u16 count;
3007
3008 cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
3009 if (ses == NULL)
3010 return -EINVAL;
3011 user = ses->userName;
3012 domain = ses->domainName;
3013 smb_buffer = cifs_buf_get();
3014 if (smb_buffer == NULL) {
3015 return -ENOMEM;
3016 }
3017 smb_buffer_response = smb_buffer;
3018 pSMB = (SESSION_SETUP_ANDX *)smb_buffer;
3019 pSMBr = (SESSION_SETUP_ANDX *)smb_buffer_response;
3020
3021 /* send SMBsessionSetup here */
3022 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
3023 NULL /* no tCon exists yet */ , 12 /* wct */ );
3024
3025 smb_buffer->Mid = GetNextMid(ses->server);
3026 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
3027 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
3028 pSMB->req.AndXCommand = 0xFF;
3029 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
3030 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
3031
3032 pSMB->req.hdr.Uid = ses->Suid;
3033
3034 if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3035 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3036
3037 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
3038 CAP_EXTENDED_SECURITY;
3039 if (ses->capabilities & CAP_UNICODE) {
3040 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3041 capabilities |= CAP_UNICODE;
3042 }
3043 if (ses->capabilities & CAP_STATUS32) {
3044 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3045 capabilities |= CAP_STATUS32;
3046 }
3047 if (ses->capabilities & CAP_DFS) {
3048 smb_buffer->Flags2 |= SMBFLG2_DFS;
3049 capabilities |= CAP_DFS;
3050 }
3051 pSMB->req.Capabilities = cpu_to_le32(capabilities);
3052
3053 bcc_ptr = (char *)&pSMB->req.SecurityBlob;
3054 SecurityBlob = (PAUTHENTICATE_MESSAGE)bcc_ptr;
3055 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
3056 SecurityBlob->MessageType = NtLmAuthenticate;
3057 bcc_ptr += SecurityBlobLength;
3058 negotiate_flags = NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
3059 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
3060 0x80000000 | NTLMSSP_NEGOTIATE_128;
3061 if (sign_CIFS_PDUs)
3062 negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
3063 if (ntlmv2_flag)
3064 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
3065
3066 /* setup pointers to domain name and workstation name */
3067
3068 SecurityBlob->WorkstationName.Buffer = 0;
3069 SecurityBlob->WorkstationName.Length = 0;
3070 SecurityBlob->WorkstationName.MaximumLength = 0;
3071 SecurityBlob->SessionKey.Length = 0;
3072 SecurityBlob->SessionKey.MaximumLength = 0;
3073 SecurityBlob->SessionKey.Buffer = 0;
3074
3075 SecurityBlob->LmChallengeResponse.Length = 0;
3076 SecurityBlob->LmChallengeResponse.MaximumLength = 0;
3077 SecurityBlob->LmChallengeResponse.Buffer = 0;
3078
3079 SecurityBlob->NtChallengeResponse.Length =
3080 cpu_to_le16(CIFS_SESS_KEY_SIZE);
3081 SecurityBlob->NtChallengeResponse.MaximumLength =
3082 cpu_to_le16(CIFS_SESS_KEY_SIZE);
3083 memcpy(bcc_ptr, ntlm_session_key, CIFS_SESS_KEY_SIZE);
3084 SecurityBlob->NtChallengeResponse.Buffer =
3085 cpu_to_le32(SecurityBlobLength);
3086 SecurityBlobLength += CIFS_SESS_KEY_SIZE;
3087 bcc_ptr += CIFS_SESS_KEY_SIZE;
3088
3089 if (ses->capabilities & CAP_UNICODE) {
3090 if (domain == NULL) {
3091 SecurityBlob->DomainName.Buffer = 0;
3092 SecurityBlob->DomainName.Length = 0;
3093 SecurityBlob->DomainName.MaximumLength = 0;
3094 } else {
3095 __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
3096 nls_codepage);
3097 ln *= 2;
3098 SecurityBlob->DomainName.MaximumLength =
3099 cpu_to_le16(ln);
3100 SecurityBlob->DomainName.Buffer =
3101 cpu_to_le32(SecurityBlobLength);
3102 bcc_ptr += ln;
3103 SecurityBlobLength += ln;
3104 SecurityBlob->DomainName.Length = cpu_to_le16(ln);
3105 }
3106 if (user == NULL) {
3107 SecurityBlob->UserName.Buffer = 0;
3108 SecurityBlob->UserName.Length = 0;
3109 SecurityBlob->UserName.MaximumLength = 0;
3110 } else {
3111 __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, user, 64,
3112 nls_codepage);
3113 ln *= 2;
3114 SecurityBlob->UserName.MaximumLength =
3115 cpu_to_le16(ln);
3116 SecurityBlob->UserName.Buffer =
3117 cpu_to_le32(SecurityBlobLength);
3118 bcc_ptr += ln;
3119 SecurityBlobLength += ln;
3120 SecurityBlob->UserName.Length = cpu_to_le16(ln);
3121 }
3122
3123 /* SecurityBlob->WorkstationName.Length =
3124 cifs_strtoUCS((__le16 *) bcc_ptr, "AMACHINE",64, nls_codepage);
3125 SecurityBlob->WorkstationName.Length *= 2;
3126 SecurityBlob->WorkstationName.MaximumLength =
3127 cpu_to_le16(SecurityBlob->WorkstationName.Length);
3128 SecurityBlob->WorkstationName.Buffer =
3129 cpu_to_le32(SecurityBlobLength);
3130 bcc_ptr += SecurityBlob->WorkstationName.Length;
3131 SecurityBlobLength += SecurityBlob->WorkstationName.Length;
3132 SecurityBlob->WorkstationName.Length =
3133 cpu_to_le16(SecurityBlob->WorkstationName.Length); */
3134
3135 if ((long) bcc_ptr % 2) {
3136 *bcc_ptr = 0;
3137 bcc_ptr++;
3138 }
3139 bytes_returned =
3140 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
3141 32, nls_codepage);
3142 bcc_ptr += 2 * bytes_returned;
3143 bytes_returned =
3144 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
3145 nls_codepage);
3146 bcc_ptr += 2 * bytes_returned;
3147 bcc_ptr += 2; /* null term version string */
3148 bytes_returned =
3149 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
3150 64, nls_codepage);
3151 bcc_ptr += 2 * bytes_returned;
3152 *(bcc_ptr + 1) = 0;
3153 *(bcc_ptr + 2) = 0;
3154 bcc_ptr += 2; /* null terminate network opsys string */
3155 *(bcc_ptr + 1) = 0;
3156 *(bcc_ptr + 2) = 0;
3157 bcc_ptr += 2; /* null domain */
3158 } else { /* ASCII */
3159 if (domain == NULL) {
3160 SecurityBlob->DomainName.Buffer = 0;
3161 SecurityBlob->DomainName.Length = 0;
3162 SecurityBlob->DomainName.MaximumLength = 0;
3163 } else {
3164 __u16 ln;
3165 negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
3166 strncpy(bcc_ptr, domain, 63);
3167 ln = strnlen(domain, 64);
3168 SecurityBlob->DomainName.MaximumLength =
3169 cpu_to_le16(ln);
3170 SecurityBlob->DomainName.Buffer =
3171 cpu_to_le32(SecurityBlobLength);
3172 bcc_ptr += ln;
3173 SecurityBlobLength += ln;
3174 SecurityBlob->DomainName.Length = cpu_to_le16(ln);
3175 }
3176 if (user == NULL) {
3177 SecurityBlob->UserName.Buffer = 0;
3178 SecurityBlob->UserName.Length = 0;
3179 SecurityBlob->UserName.MaximumLength = 0;
3180 } else {
3181 __u16 ln;
3182 strncpy(bcc_ptr, user, 63);
3183 ln = strnlen(user, 64);
3184 SecurityBlob->UserName.MaximumLength = cpu_to_le16(ln);
3185 SecurityBlob->UserName.Buffer =
3186 cpu_to_le32(SecurityBlobLength);
3187 bcc_ptr += ln;
3188 SecurityBlobLength += ln;
3189 SecurityBlob->UserName.Length = cpu_to_le16(ln);
3190 }
3191 /* BB fill in our workstation name if known BB */
3192
3193 strcpy(bcc_ptr, "Linux version ");
3194 bcc_ptr += strlen("Linux version ");
3195 strcpy(bcc_ptr, utsname()->release);
3196 bcc_ptr += strlen(utsname()->release) + 1;
3197 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
3198 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
3199 bcc_ptr++; /* null domain */
3200 *bcc_ptr = 0;
3201 }
3202 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
3203 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
3204 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
3205 smb_buffer->smb_buf_length += count;
3206 pSMB->req.ByteCount = cpu_to_le16(count);
3207
3208 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
3209 &bytes_returned, CIFS_LONG_OP);
3210 if (rc) {
3211 /* rc = map_smb_to_linux_error(smb_buffer_response) done in SendReceive now */
3212 } else if ((smb_buffer_response->WordCount == 3) ||
3213 (smb_buffer_response->WordCount == 4)) {
3214 __u16 action = le16_to_cpu(pSMBr->resp.Action);
3215 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
3216 if (action & GUEST_LOGIN)
3217 cFYI(1, (" Guest login")); /* BB Should we set anything
3218 in SesInfo struct ? */
3219 /* if (SecurityBlob2->MessageType != NtLm??) {
3220 cFYI("Unexpected message type on auth response is %d"));
3221 } */
3222
3223 if (ses) {
3224 cFYI(1,
3225 ("Check challenge UID %d vs auth response UID %d",
3226 ses->Suid, smb_buffer_response->Uid));
3227 /* UID left in wire format */
3228 ses->Suid = smb_buffer_response->Uid;
3229 bcc_ptr = pByteArea(smb_buffer_response);
3230 /* response can have either 3 or 4 word count - Samba sends 3 */
3231 if ((pSMBr->resp.hdr.WordCount == 3)
3232 || ((pSMBr->resp.hdr.WordCount == 4)
3233 && (blob_len <
3234 pSMBr->resp.ByteCount))) {
3235 if (pSMBr->resp.hdr.WordCount == 4) {
3236 bcc_ptr +=
3237 blob_len;
3238 cFYI(1,
3239 ("Security Blob Length %d ",
3240 blob_len));
3241 }
3242
3243 cFYI(1,
3244 ("NTLMSSP response to Authenticate "));
3245
3246 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3247 if ((long) (bcc_ptr) % 2) {
3248 remaining_words =
3249 (BCC(smb_buffer_response)
3250 - 1) / 2;
3251 bcc_ptr++; /* Unicode strings must be word aligned */
3252 } else {
3253 remaining_words = BCC(smb_buffer_response) / 2;
3254 }
3255 len = UniStrnlen((wchar_t *) bcc_ptr,
3256 remaining_words - 1);
3257 /* We look for obvious messed up bcc or strings in response so we do not go off
3258 the end since (at least) WIN2K and Windows XP have a major bug in not null
3259 terminating last Unicode string in response */
3260 if (ses->serverOS)
3261 kfree(ses->serverOS);
3262 ses->serverOS =
3263 kzalloc(2 * (len + 1), GFP_KERNEL);
3264 cifs_strfromUCS_le(ses->serverOS,
3265 (__le16 *)
3266 bcc_ptr, len,
3267 nls_codepage);
3268 bcc_ptr += 2 * (len + 1);
3269 remaining_words -= len + 1;
3270 ses->serverOS[2 * len] = 0;
3271 ses->serverOS[1 + (2 * len)] = 0;
3272 if (remaining_words > 0) {
3273 len = UniStrnlen((wchar_t *)
3274 bcc_ptr,
3275 remaining_words
3276 - 1);
3277 kfree(ses->serverNOS);
3278 ses->serverNOS =
3279 kzalloc(2 * (len + 1),
3280 GFP_KERNEL);
3281 cifs_strfromUCS_le(ses->
3282 serverNOS,
3283 (__le16 *)
3284 bcc_ptr,
3285 len,
3286 nls_codepage);
3287 bcc_ptr += 2 * (len + 1);
3288 ses->serverNOS[2 * len] = 0;
3289 ses->serverNOS[1+(2*len)] = 0;
3290 remaining_words -= len + 1;
3291 if (remaining_words > 0) {
3292 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
3293 /* last string not always null terminated (e.g. for Windows XP & 2000) */
3294 if (ses->serverDomain)
3295 kfree(ses->serverDomain);
3296 ses->serverDomain =
3297 kzalloc(2 *
3298 (len +
3299 1),
3300 GFP_KERNEL);
3301 cifs_strfromUCS_le
3302 (ses->
3303 serverDomain,
3304 (__le16 *)
3305 bcc_ptr, len,
3306 nls_codepage);
3307 bcc_ptr +=
3308 2 * (len + 1);
3309 ses->
3310 serverDomain[2
3311 * len]
3312 = 0;
3313 ses->
3314 serverDomain[1
3315 +
3316 (2
3317 *
3318 len)]
3319 = 0;
3320 } /* else no more room so create dummy domain string */
3321 else {
3322 if (ses->serverDomain)
3323 kfree(ses->serverDomain);
3324 ses->serverDomain = kzalloc(2,GFP_KERNEL);
3325 }
3326 } else { /* no room so create dummy domain and NOS string */
3327 if (ses->serverDomain)
3328 kfree(ses->serverDomain);
3329 ses->serverDomain = kzalloc(2, GFP_KERNEL);
3330 kfree(ses->serverNOS);
3331 ses->serverNOS = kzalloc(2, GFP_KERNEL);
3332 }
3333 } else { /* ASCII */
3334 len = strnlen(bcc_ptr, 1024);
3335 if (((long) bcc_ptr + len) -
3336 (long) pByteArea(smb_buffer_response)
3337 <= BCC(smb_buffer_response)) {
3338 if (ses->serverOS)
3339 kfree(ses->serverOS);
3340 ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
3341 strncpy(ses->serverOS,bcc_ptr, len);
3342
3343 bcc_ptr += len;
3344 bcc_ptr[0] = 0; /* null terminate the string */
3345 bcc_ptr++;
3346
3347 len = strnlen(bcc_ptr, 1024);
3348 kfree(ses->serverNOS);
3349 ses->serverNOS = kzalloc(len+1,
3350 GFP_KERNEL);
3351 strncpy(ses->serverNOS,
3352 bcc_ptr, len);
3353 bcc_ptr += len;
3354 bcc_ptr[0] = 0;
3355 bcc_ptr++;
3356
3357 len = strnlen(bcc_ptr, 1024);
3358 if (ses->serverDomain)
3359 kfree(ses->serverDomain);
3360 ses->serverDomain =
3361 kzalloc(len+1,
3362 GFP_KERNEL);
3363 strncpy(ses->serverDomain,
3364 bcc_ptr, len);
3365 bcc_ptr += len;
3366 bcc_ptr[0] = 0;
3367 bcc_ptr++;
3368 } else
3369 cFYI(1, ("field of length %d "
3370 "extends beyond end of smb ",
3371 len));
3372 }
3373 } else {
3374 cERROR(1, ("Security Blob extends beyond end "
3375 "of SMB"));
3376 }
3377 } else {
3378 cERROR(1, ("No session structure passed in."));
3379 }
3380 } else {
3381 cERROR(1, ("Invalid Word count %d: ",
3382 smb_buffer_response->WordCount));
3383 rc = -EIO;
3384 }
3385
3386 cifs_buf_release(smb_buffer);
3387
3388 return rc;
3389 }
3390
3391 int
3392 CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3393 const char *tree, struct cifsTconInfo *tcon,
3394 const struct nls_table *nls_codepage)
3395 {
3396 struct smb_hdr *smb_buffer;
3397 struct smb_hdr *smb_buffer_response;
3398 TCONX_REQ *pSMB;
3399 TCONX_RSP *pSMBr;
3400 unsigned char *bcc_ptr;
3401 int rc = 0;
3402 int length;
3403 __u16 count;
3404
3405 if (ses == NULL)
3406 return -EIO;
3407
3408 smb_buffer = cifs_buf_get();
3409 if (smb_buffer == NULL) {
3410 return -ENOMEM;
3411 }
3412 smb_buffer_response = smb_buffer;
3413
3414 header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3415 NULL /*no tid */ , 4 /*wct */ );
3416
3417 smb_buffer->Mid = GetNextMid(ses->server);
3418 smb_buffer->Uid = ses->Suid;
3419 pSMB = (TCONX_REQ *) smb_buffer;
3420 pSMBr = (TCONX_RSP *) smb_buffer_response;
3421
3422 pSMB->AndXCommand = 0xFF;
3423 pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
3424 bcc_ptr = &pSMB->Password[0];
3425 if ((ses->server->secMode) & SECMODE_USER) {
3426 pSMB->PasswordLength = cpu_to_le16(1); /* minimum */
3427 *bcc_ptr = 0; /* password is null byte */
3428 bcc_ptr++; /* skip password */
3429 /* already aligned so no need to do it below */
3430 } else {
3431 pSMB->PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);
3432 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3433 specified as required (when that support is added to
3434 the vfs in the future) as only NTLM or the much
3435 weaker LANMAN (which we do not send by default) is accepted
3436 by Samba (not sure whether other servers allow
3437 NTLMv2 password here) */
3438 #ifdef CONFIG_CIFS_WEAK_PW_HASH
3439 if ((extended_security & CIFSSEC_MAY_LANMAN) &&
3440 (ses->server->secType == LANMAN))
3441 calc_lanman_hash(ses, bcc_ptr);
3442 else
3443 #endif /* CIFS_WEAK_PW_HASH */
3444 SMBNTencrypt(ses->password,
3445 ses->server->cryptKey,
3446 bcc_ptr);
3447
3448 bcc_ptr += CIFS_SESS_KEY_SIZE;
3449 if (ses->capabilities & CAP_UNICODE) {
3450 /* must align unicode strings */
3451 *bcc_ptr = 0; /* null byte password */
3452 bcc_ptr++;
3453 }
3454 }
3455
3456 if (ses->server->secMode &
3457 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3458 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3459
3460 if (ses->capabilities & CAP_STATUS32) {
3461 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3462 }
3463 if (ses->capabilities & CAP_DFS) {
3464 smb_buffer->Flags2 |= SMBFLG2_DFS;
3465 }
3466 if (ses->capabilities & CAP_UNICODE) {
3467 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3468 length =
3469 cifs_strtoUCS((__le16 *) bcc_ptr, tree,
3470 6 /* max utf8 char length in bytes */ *
3471 (/* server len*/ + 256 /* share len */), nls_codepage);
3472 bcc_ptr += 2 * length; /* convert num 16 bit words to bytes */
3473 bcc_ptr += 2; /* skip trailing null */
3474 } else { /* ASCII */
3475 strcpy(bcc_ptr, tree);
3476 bcc_ptr += strlen(tree) + 1;
3477 }
3478 strcpy(bcc_ptr, "?????");
3479 bcc_ptr += strlen("?????");
3480 bcc_ptr += 1;
3481 count = bcc_ptr - &pSMB->Password[0];
3482 pSMB->hdr.smb_buf_length += count;
3483 pSMB->ByteCount = cpu_to_le16(count);
3484
3485 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length,
3486 CIFS_STD_OP);
3487
3488 /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3489 /* above now done in SendReceive */
3490 if ((rc == 0) && (tcon != NULL)) {
3491 tcon->tidStatus = CifsGood;
3492 tcon->tid = smb_buffer_response->Tid;
3493 bcc_ptr = pByteArea(smb_buffer_response);
3494 length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2);
3495 /* skip service field (NB: this field is always ASCII) */
3496 if (length == 3) {
3497 if ((bcc_ptr[0] == 'I') && (bcc_ptr[1] == 'P') &&
3498 (bcc_ptr[2] == 'C')) {
3499 cFYI(1, ("IPC connection"));
3500 tcon->ipc = 1;
3501 }
3502 } else if (length == 2) {
3503 if ((bcc_ptr[0] == 'A') && (bcc_ptr[1] == ':')) {
3504 /* the most common case */
3505 cFYI(1, ("disk share connection"));
3506 }
3507 }
3508 bcc_ptr += length + 1;
3509 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3510 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3511 length = UniStrnlen((wchar_t *) bcc_ptr, 512);
3512 if ((bcc_ptr + (2 * length)) -
3513 pByteArea(smb_buffer_response) <=
3514 BCC(smb_buffer_response)) {
3515 kfree(tcon->nativeFileSystem);
3516 tcon->nativeFileSystem =
3517 kzalloc(length + 2, GFP_KERNEL);
3518 if (tcon->nativeFileSystem)
3519 cifs_strfromUCS_le(
3520 tcon->nativeFileSystem,
3521 (__le16 *) bcc_ptr,
3522 length, nls_codepage);
3523 bcc_ptr += 2 * length;
3524 bcc_ptr[0] = 0; /* null terminate the string */
3525 bcc_ptr[1] = 0;
3526 bcc_ptr += 2;
3527 }
3528 /* else do not bother copying these information fields*/
3529 } else {
3530 length = strnlen(bcc_ptr, 1024);
3531 if ((bcc_ptr + length) -
3532 pByteArea(smb_buffer_response) <=
3533 BCC(smb_buffer_response)) {
3534 kfree(tcon->nativeFileSystem);
3535 tcon->nativeFileSystem =
3536 kzalloc(length + 1, GFP_KERNEL);
3537 if (tcon->nativeFileSystem)
3538 strncpy(tcon->nativeFileSystem, bcc_ptr,
3539 length);
3540 }
3541 /* else do not bother copying these information fields*/
3542 }
3543 if ((smb_buffer_response->WordCount == 3) ||
3544 (smb_buffer_response->WordCount == 7))
3545 /* field is in same location */
3546 tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3547 else
3548 tcon->Flags = 0;
3549 cFYI(1, ("Tcon flags: 0x%x ", tcon->Flags));
3550 } else if ((rc == 0) && tcon == NULL) {
3551 /* all we need to save for IPC$ connection */
3552 ses->ipc_tid = smb_buffer_response->Tid;
3553 }
3554
3555 cifs_buf_release(smb_buffer);
3556 return rc;
3557 }
3558
3559 int
3560 cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3561 {
3562 int rc = 0;
3563 int xid;
3564 struct cifsSesInfo *ses = NULL;
3565 char *tmp;
3566
3567 xid = GetXid();
3568
3569 if (cifs_sb->tcon) {
3570 ses = cifs_sb->tcon->ses; /* save ptr to ses before delete tcon!*/
3571 rc = CIFSSMBTDis(xid, cifs_sb->tcon);
3572 if (rc == -EBUSY) {
3573 FreeXid(xid);
3574 return 0;
3575 }
3576 DeleteTconOplockQEntries(cifs_sb->tcon);
3577 tconInfoFree(cifs_sb->tcon);
3578 if ((ses) && (ses->server)) {
3579 /* save off task so we do not refer to ses later */
3580 cFYI(1, ("About to do SMBLogoff "));
3581 rc = CIFSSMBLogoff(xid, ses);
3582 if (rc == -EBUSY) {
3583 FreeXid(xid);
3584 return 0;
3585 } else if (rc == -ESHUTDOWN) {
3586 cFYI(1, ("Waking up socket by sending signal"));
3587 if (ses->server)
3588 kill_cifsd(ses->server);
3589 rc = 0;
3590 } /* else - we have an smb session
3591 left on this socket do not kill cifsd */
3592 } else
3593 cFYI(1, ("No session or bad tcon"));
3594 }
3595
3596 cifs_sb->tcon = NULL;
3597 tmp = cifs_sb->prepath;
3598 cifs_sb->prepathlen = 0;
3599 cifs_sb->prepath = NULL;
3600 kfree(tmp);
3601 if (ses)
3602 sesInfoFree(ses);
3603
3604 FreeXid(xid);
3605 return rc;
3606 }
3607
3608 int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
3609 struct nls_table *nls_info)
3610 {
3611 int rc = 0;
3612 char ntlm_session_key[CIFS_SESS_KEY_SIZE];
3613 bool ntlmv2_flag = false;
3614 int first_time = 0;
3615 struct TCP_Server_Info *server = pSesInfo->server;
3616
3617 /* what if server changes its buffer size after dropping the session? */
3618 if (server->maxBuf == 0) /* no need to send on reconnect */ {
3619 rc = CIFSSMBNegotiate(xid, pSesInfo);
3620 if (rc == -EAGAIN) {
3621 /* retry only once on 1st time connection */
3622 rc = CIFSSMBNegotiate(xid, pSesInfo);
3623 if (rc == -EAGAIN)
3624 rc = -EHOSTDOWN;
3625 }
3626 if (rc == 0) {
3627 spin_lock(&GlobalMid_Lock);
3628 if (server->tcpStatus != CifsExiting)
3629 server->tcpStatus = CifsGood;
3630 else
3631 rc = -EHOSTDOWN;
3632 spin_unlock(&GlobalMid_Lock);
3633
3634 }
3635 first_time = 1;
3636 }
3637
3638 if (rc)
3639 goto ss_err_exit;
3640
3641 pSesInfo->flags = 0;
3642 pSesInfo->capabilities = server->capabilities;
3643 if (linuxExtEnabled == 0)
3644 pSesInfo->capabilities &= (~CAP_UNIX);
3645 /* pSesInfo->sequence_number = 0;*/
3646 cFYI(1, ("Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d",
3647 server->secMode, server->capabilities, server->timeAdj));
3648
3649 if (experimEnabled < 2)
3650 rc = CIFS_SessSetup(xid, pSesInfo, first_time, nls_info);
3651 else if (extended_security
3652 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3653 && (server->secType == NTLMSSP)) {
3654 rc = -EOPNOTSUPP;
3655 } else if (extended_security
3656 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3657 && (server->secType == RawNTLMSSP)) {
3658 cFYI(1, ("NTLMSSP sesssetup"));
3659 rc = CIFSNTLMSSPNegotiateSessSetup(xid, pSesInfo, &ntlmv2_flag,
3660 nls_info);
3661 if (!rc) {
3662 if (ntlmv2_flag) {
3663 char *v2_response;
3664 cFYI(1, ("more secure NTLM ver2 hash"));
3665 if (CalcNTLMv2_partial_mac_key(pSesInfo,
3666 nls_info)) {
3667 rc = -ENOMEM;
3668 goto ss_err_exit;
3669 } else
3670 v2_response = kmalloc(16 + 64 /* blob*/,
3671 GFP_KERNEL);
3672 if (v2_response) {
3673 CalcNTLMv2_response(pSesInfo,
3674 v2_response);
3675 /* if (first_time)
3676 cifs_calculate_ntlmv2_mac_key */
3677 kfree(v2_response);
3678 /* BB Put dummy sig in SessSetup PDU? */
3679 } else {
3680 rc = -ENOMEM;
3681 goto ss_err_exit;
3682 }
3683
3684 } else {
3685 SMBNTencrypt(pSesInfo->password,
3686 server->cryptKey,
3687 ntlm_session_key);
3688
3689 if (first_time)
3690 cifs_calculate_mac_key(
3691 &server->mac_signing_key,
3692 ntlm_session_key,
3693 pSesInfo->password);
3694 }
3695 /* for better security the weaker lanman hash not sent
3696 in AuthSessSetup so we no longer calculate it */
3697
3698 rc = CIFSNTLMSSPAuthSessSetup(xid, pSesInfo,
3699 ntlm_session_key,
3700 ntlmv2_flag,
3701 nls_info);
3702 }
3703 } else { /* old style NTLM 0.12 session setup */
3704 SMBNTencrypt(pSesInfo->password, server->cryptKey,
3705 ntlm_session_key);
3706
3707 if (first_time)
3708 cifs_calculate_mac_key(&server->mac_signing_key,
3709 ntlm_session_key,
3710 pSesInfo->password);
3711
3712 rc = CIFSSessSetup(xid, pSesInfo, ntlm_session_key, nls_info);
3713 }
3714 if (rc) {
3715 cERROR(1, ("Send error in SessSetup = %d", rc));
3716 } else {
3717 cFYI(1, ("CIFS Session Established successfully"));
3718 spin_lock(&GlobalMid_Lock);
3719 pSesInfo->status = CifsGood;
3720 spin_unlock(&GlobalMid_Lock);
3721 }
3722
3723 ss_err_exit:
3724 return rc;
3725 }
3726
Linux kernel - Deliverables
This page took 0.192861 seconds and 6 git commands to generate.