4 * Copyright (C) International Business Machines Corp., 2002,2008
5 * Author(s): Steve French (sfrench@us.ibm.com)
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/ipv6.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/kthread.h>
34 #include <linux/pagevec.h>
35 #include <linux/freezer.h>
36 #include <asm/uaccess.h>
37 #include <asm/processor.h>
40 #include "cifsproto.h"
41 #include "cifs_unicode.h"
42 #include "cifs_debug.h"
43 #include "cifs_fs_sb.h"
46 #include "rfc1002pdu.h"
50 #define RFC1001_PORT 139
52 extern void SMBNTencrypt(unsigned char *passwd
, unsigned char *c8
,
55 extern mempool_t
*cifs_req_poolp
;
63 char *in6_addr
; /* ipv6 address as human readable form of in6_addr */
64 char *iocharset
; /* local code page for mapping to and from Unicode */
65 char source_rfc1001_name
[16]; /* netbios name of client */
66 char target_rfc1001_name
[16]; /* netbios name of server for Win9x/ME */
80 bool no_psx_acl
:1; /* set if posix acl support should be disabled */
82 bool no_xattr
:1; /* set if xattr (EA) support should be disabled*/
83 bool server_ino
:1; /* use inode numbers from server ie UniqueId */
85 bool remap
:1; /* set to remap seven reserved chars in filenames */
86 bool posix_paths
:1; /* unset to not ask for posix pathnames. */
89 bool nullauth
:1; /* attempt to authenticate with null user */
90 bool nocase
:1; /* request case insensitive filenames */
91 bool nobrl
:1; /* disable sending byte range locks to srv */
92 bool seal
:1; /* request transport encryption on share */
93 bool nodfs
:1; /* Do not request DFS, even if available */
94 bool local_lease
:1; /* check leases only on local system, not remote */
100 unsigned short int port
;
104 static int ipv4_connect(struct sockaddr_in
*psin_server
,
105 struct socket
**csocket
,
107 char *server_netb_name
,
109 bool nosndbuf
); /* ipv6 never set sndbuf size */
110 static int ipv6_connect(struct sockaddr_in6
*psin_server
,
111 struct socket
**csocket
, bool noblocksnd
);
115 * cifs tcp session reconnection
117 * mark tcp session as reconnecting so temporarily locked
118 * mark all smb sessions as reconnecting for tcp session
119 * reconnect tcp session
120 * wake up waiters on reconnection? - (not needed currently)
124 cifs_reconnect(struct TCP_Server_Info
*server
)
127 struct list_head
*tmp
;
128 struct cifsSesInfo
*ses
;
129 struct cifsTconInfo
*tcon
;
130 struct mid_q_entry
*mid_entry
;
132 spin_lock(&GlobalMid_Lock
);
133 if (server
->tcpStatus
== CifsExiting
) {
134 /* the demux thread will exit normally
135 next time through the loop */
136 spin_unlock(&GlobalMid_Lock
);
139 server
->tcpStatus
= CifsNeedReconnect
;
140 spin_unlock(&GlobalMid_Lock
);
143 cFYI(1, ("Reconnecting tcp session"));
145 /* before reconnecting the tcp session, mark the smb session (uid)
146 and the tid bad so they are not used until reconnected */
147 read_lock(&GlobalSMBSeslock
);
148 list_for_each(tmp
, &GlobalSMBSessionList
) {
149 ses
= list_entry(tmp
, struct cifsSesInfo
, cifsSessionList
);
151 if (ses
->server
== server
) {
152 ses
->need_reconnect
= true;
156 /* else tcp and smb sessions need reconnection */
158 list_for_each(tmp
, &GlobalTreeConnectionList
) {
159 tcon
= list_entry(tmp
, struct cifsTconInfo
, cifsConnectionList
);
160 if ((tcon
->ses
) && (tcon
->ses
->server
== server
))
161 tcon
->need_reconnect
= true;
163 read_unlock(&GlobalSMBSeslock
);
164 /* do not want to be sending data on a socket we are freeing */
165 down(&server
->tcpSem
);
166 if (server
->ssocket
) {
167 cFYI(1, ("State: 0x%x Flags: 0x%lx", server
->ssocket
->state
,
168 server
->ssocket
->flags
));
169 kernel_sock_shutdown(server
->ssocket
, SHUT_WR
);
170 cFYI(1, ("Post shutdown state: 0x%x Flags: 0x%lx",
171 server
->ssocket
->state
,
172 server
->ssocket
->flags
));
173 sock_release(server
->ssocket
);
174 server
->ssocket
= NULL
;
177 spin_lock(&GlobalMid_Lock
);
178 list_for_each(tmp
, &server
->pending_mid_q
) {
179 mid_entry
= list_entry(tmp
, struct
182 if (mid_entry
->midState
== MID_REQUEST_SUBMITTED
) {
183 /* Mark other intransit requests as needing
184 retry so we do not immediately mark the
185 session bad again (ie after we reconnect
186 below) as they timeout too */
187 mid_entry
->midState
= MID_RETRY_NEEDED
;
190 spin_unlock(&GlobalMid_Lock
);
193 while ((server
->tcpStatus
!= CifsExiting
) &&
194 (server
->tcpStatus
!= CifsGood
)) {
196 if (server
->addr
.sockAddr6
.sin6_family
== AF_INET6
) {
197 rc
= ipv6_connect(&server
->addr
.sockAddr6
,
198 &server
->ssocket
, server
->noautotune
);
200 rc
= ipv4_connect(&server
->addr
.sockAddr
,
202 server
->workstation_RFC1001_name
,
203 server
->server_RFC1001_name
,
204 server
->noblocksnd
, server
->noautotune
);
207 cFYI(1, ("reconnect error %d", rc
));
210 atomic_inc(&tcpSesReconnectCount
);
211 spin_lock(&GlobalMid_Lock
);
212 if (server
->tcpStatus
!= CifsExiting
)
213 server
->tcpStatus
= CifsGood
;
214 server
->sequence_number
= 0;
215 spin_unlock(&GlobalMid_Lock
);
216 /* atomic_set(&server->inFlight,0);*/
217 wake_up(&server
->response_q
);
225 0 not a transact2, or all data present
226 >0 transact2 with that much data missing
227 -EINVAL = invalid transact2
230 static int check2ndT2(struct smb_hdr
*pSMB
, unsigned int maxBufSize
)
232 struct smb_t2_rsp
*pSMBt
;
234 int data_in_this_rsp
;
237 if (pSMB
->Command
!= SMB_COM_TRANSACTION2
)
240 /* check for plausible wct, bcc and t2 data and parm sizes */
241 /* check for parm and data offset going beyond end of smb */
242 if (pSMB
->WordCount
!= 10) { /* coalesce_t2 depends on this */
243 cFYI(1, ("invalid transact2 word count"));
247 pSMBt
= (struct smb_t2_rsp
*)pSMB
;
249 total_data_size
= le16_to_cpu(pSMBt
->t2_rsp
.TotalDataCount
);
250 data_in_this_rsp
= le16_to_cpu(pSMBt
->t2_rsp
.DataCount
);
252 remaining
= total_data_size
- data_in_this_rsp
;
256 else if (remaining
< 0) {
257 cFYI(1, ("total data %d smaller than data in frame %d",
258 total_data_size
, data_in_this_rsp
));
261 cFYI(1, ("missing %d bytes from transact2, check next response",
263 if (total_data_size
> maxBufSize
) {
264 cERROR(1, ("TotalDataSize %d is over maximum buffer %d",
265 total_data_size
, maxBufSize
));
272 static int coalesce_t2(struct smb_hdr
*psecond
, struct smb_hdr
*pTargetSMB
)
274 struct smb_t2_rsp
*pSMB2
= (struct smb_t2_rsp
*)psecond
;
275 struct smb_t2_rsp
*pSMBt
= (struct smb_t2_rsp
*)pTargetSMB
;
280 char *data_area_of_target
;
281 char *data_area_of_buf2
;
284 total_data_size
= le16_to_cpu(pSMBt
->t2_rsp
.TotalDataCount
);
286 if (total_data_size
!= le16_to_cpu(pSMB2
->t2_rsp
.TotalDataCount
)) {
287 cFYI(1, ("total data size of primary and secondary t2 differ"));
290 total_in_buf
= le16_to_cpu(pSMBt
->t2_rsp
.DataCount
);
292 remaining
= total_data_size
- total_in_buf
;
297 if (remaining
== 0) /* nothing to do, ignore */
300 total_in_buf2
= le16_to_cpu(pSMB2
->t2_rsp
.DataCount
);
301 if (remaining
< total_in_buf2
) {
302 cFYI(1, ("transact2 2nd response contains too much data"));
305 /* find end of first SMB data area */
306 data_area_of_target
= (char *)&pSMBt
->hdr
.Protocol
+
307 le16_to_cpu(pSMBt
->t2_rsp
.DataOffset
);
308 /* validate target area */
310 data_area_of_buf2
= (char *) &pSMB2
->hdr
.Protocol
+
311 le16_to_cpu(pSMB2
->t2_rsp
.DataOffset
);
313 data_area_of_target
+= total_in_buf
;
315 /* copy second buffer into end of first buffer */
316 memcpy(data_area_of_target
, data_area_of_buf2
, total_in_buf2
);
317 total_in_buf
+= total_in_buf2
;
318 pSMBt
->t2_rsp
.DataCount
= cpu_to_le16(total_in_buf
);
319 byte_count
= le16_to_cpu(BCC_LE(pTargetSMB
));
320 byte_count
+= total_in_buf2
;
321 BCC_LE(pTargetSMB
) = cpu_to_le16(byte_count
);
323 byte_count
= pTargetSMB
->smb_buf_length
;
324 byte_count
+= total_in_buf2
;
326 /* BB also add check that we are not beyond maximum buffer size */
328 pTargetSMB
->smb_buf_length
= byte_count
;
330 if (remaining
== total_in_buf2
) {
331 cFYI(1, ("found the last secondary response"));
332 return 0; /* we are done */
333 } else /* more responses to go */
339 cifs_demultiplex_thread(struct TCP_Server_Info
*server
)
342 unsigned int pdu_length
, total_read
;
343 struct smb_hdr
*smb_buffer
= NULL
;
344 struct smb_hdr
*bigbuf
= NULL
;
345 struct smb_hdr
*smallbuf
= NULL
;
346 struct msghdr smb_msg
;
348 struct socket
*csocket
= server
->ssocket
;
349 struct list_head
*tmp
;
350 struct cifsSesInfo
*ses
;
351 struct task_struct
*task_to_wake
= NULL
;
352 struct mid_q_entry
*mid_entry
;
354 bool isLargeBuf
= false;
358 current
->flags
|= PF_MEMALLOC
;
359 cFYI(1, ("Demultiplex PID: %d", task_pid_nr(current
)));
361 length
= atomic_inc_return(&tcpSesAllocCount
);
363 mempool_resize(cifs_req_poolp
, length
+ cifs_min_rcv
,
367 while (server
->tcpStatus
!= CifsExiting
) {
370 if (bigbuf
== NULL
) {
371 bigbuf
= cifs_buf_get();
373 cERROR(1, ("No memory for large SMB response"));
375 /* retry will check if exiting */
378 } else if (isLargeBuf
) {
379 /* we are reusing a dirty large buf, clear its start */
380 memset(bigbuf
, 0, sizeof(struct smb_hdr
));
383 if (smallbuf
== NULL
) {
384 smallbuf
= cifs_small_buf_get();
386 cERROR(1, ("No memory for SMB response"));
388 /* retry will check if exiting */
391 /* beginning of smb buffer is cleared in our buf_get */
392 } else /* if existing small buf clear beginning */
393 memset(smallbuf
, 0, sizeof(struct smb_hdr
));
397 smb_buffer
= smallbuf
;
398 iov
.iov_base
= smb_buffer
;
400 smb_msg
.msg_control
= NULL
;
401 smb_msg
.msg_controllen
= 0;
402 pdu_length
= 4; /* enough to get RFC1001 header */
405 kernel_recvmsg(csocket
, &smb_msg
,
406 &iov
, 1, pdu_length
, 0 /* BB other flags? */);
408 if (server
->tcpStatus
== CifsExiting
) {
410 } else if (server
->tcpStatus
== CifsNeedReconnect
) {
411 cFYI(1, ("Reconnect after server stopped responding"));
412 cifs_reconnect(server
);
413 cFYI(1, ("call to reconnect done"));
414 csocket
= server
->ssocket
;
416 } else if ((length
== -ERESTARTSYS
) || (length
== -EAGAIN
)) {
417 msleep(1); /* minimum sleep to prevent looping
418 allowing socket to clear and app threads to set
419 tcpStatus CifsNeedReconnect if server hung */
420 if (pdu_length
< 4) {
421 iov
.iov_base
= (4 - pdu_length
) +
423 iov
.iov_len
= pdu_length
;
424 smb_msg
.msg_control
= NULL
;
425 smb_msg
.msg_controllen
= 0;
429 } else if (length
<= 0) {
430 if (server
->tcpStatus
== CifsNew
) {
431 cFYI(1, ("tcp session abend after SMBnegprot"));
432 /* some servers kill the TCP session rather than
433 returning an SMB negprot error, in which
434 case reconnecting here is not going to help,
435 and so simply return error to mount */
438 if (!try_to_freeze() && (length
== -EINTR
)) {
439 cFYI(1, ("cifsd thread killed"));
442 cFYI(1, ("Reconnect after unexpected peek error %d",
444 cifs_reconnect(server
);
445 csocket
= server
->ssocket
;
446 wake_up(&server
->response_q
);
448 } else if (length
< pdu_length
) {
449 cFYI(1, ("requested %d bytes but only got %d bytes",
450 pdu_length
, length
));
451 pdu_length
-= length
;
456 /* The right amount was read from socket - 4 bytes */
457 /* so we can now interpret the length field */
459 /* the first byte big endian of the length field,
460 is actually not part of the length but the type
461 with the most common, zero, as regular data */
462 temp
= *((char *) smb_buffer
);
464 /* Note that FC 1001 length is big endian on the wire,
465 but we convert it here so it is always manipulated
466 as host byte order */
467 pdu_length
= be32_to_cpu((__force __be32
)smb_buffer
->smb_buf_length
);
468 smb_buffer
->smb_buf_length
= pdu_length
;
470 cFYI(1, ("rfc1002 length 0x%x", pdu_length
+4));
472 if (temp
== (char) RFC1002_SESSION_KEEP_ALIVE
) {
474 } else if (temp
== (char)RFC1002_POSITIVE_SESSION_RESPONSE
) {
475 cFYI(1, ("Good RFC 1002 session rsp"));
477 } else if (temp
== (char)RFC1002_NEGATIVE_SESSION_RESPONSE
) {
478 /* we get this from Windows 98 instead of
479 an error on SMB negprot response */
480 cFYI(1, ("Negative RFC1002 Session Response Error 0x%x)",
482 if (server
->tcpStatus
== CifsNew
) {
483 /* if nack on negprot (rather than
484 ret of smb negprot error) reconnecting
485 not going to help, ret error to mount */
488 /* give server a second to
489 clean up before reconnect attempt */
491 /* always try 445 first on reconnect
492 since we get NACK on some if we ever
493 connected to port 139 (the NACK is
494 since we do not begin with RFC1001
495 session initialize frame) */
496 server
->addr
.sockAddr
.sin_port
=
498 cifs_reconnect(server
);
499 csocket
= server
->ssocket
;
500 wake_up(&server
->response_q
);
503 } else if (temp
!= (char) 0) {
504 cERROR(1, ("Unknown RFC 1002 frame"));
505 cifs_dump_mem(" Received Data: ", (char *)smb_buffer
,
507 cifs_reconnect(server
);
508 csocket
= server
->ssocket
;
512 /* else we have an SMB response */
513 if ((pdu_length
> CIFSMaxBufSize
+ MAX_CIFS_HDR_SIZE
- 4) ||
514 (pdu_length
< sizeof(struct smb_hdr
) - 1 - 4)) {
515 cERROR(1, ("Invalid size SMB length %d pdu_length %d",
516 length
, pdu_length
+4));
517 cifs_reconnect(server
);
518 csocket
= server
->ssocket
;
519 wake_up(&server
->response_q
);
526 if (pdu_length
> MAX_CIFS_SMALL_BUFFER_SIZE
- 4) {
528 memcpy(bigbuf
, smallbuf
, 4);
532 iov
.iov_base
= 4 + (char *)smb_buffer
;
533 iov
.iov_len
= pdu_length
;
534 for (total_read
= 0; total_read
< pdu_length
;
535 total_read
+= length
) {
536 length
= kernel_recvmsg(csocket
, &smb_msg
, &iov
, 1,
537 pdu_length
- total_read
, 0);
538 if ((server
->tcpStatus
== CifsExiting
) ||
539 (length
== -EINTR
)) {
543 } else if (server
->tcpStatus
== CifsNeedReconnect
) {
544 cifs_reconnect(server
);
545 csocket
= server
->ssocket
;
546 /* Reconnect wakes up rspns q */
547 /* Now we will reread sock */
550 } else if ((length
== -ERESTARTSYS
) ||
551 (length
== -EAGAIN
)) {
552 msleep(1); /* minimum sleep to prevent looping,
553 allowing socket to clear and app
554 threads to set tcpStatus
555 CifsNeedReconnect if server hung*/
558 } else if (length
<= 0) {
559 cERROR(1, ("Received no data, expecting %d",
560 pdu_length
- total_read
));
561 cifs_reconnect(server
);
562 csocket
= server
->ssocket
;
569 else if (reconnect
== 1)
572 length
+= 4; /* account for rfc1002 hdr */
575 dump_smb(smb_buffer
, length
);
576 if (checkSMB(smb_buffer
, smb_buffer
->Mid
, total_read
+4)) {
577 cifs_dump_mem("Bad SMB: ", smb_buffer
, 48);
583 spin_lock(&GlobalMid_Lock
);
584 list_for_each(tmp
, &server
->pending_mid_q
) {
585 mid_entry
= list_entry(tmp
, struct mid_q_entry
, qhead
);
587 if ((mid_entry
->mid
== smb_buffer
->Mid
) &&
588 (mid_entry
->midState
== MID_REQUEST_SUBMITTED
) &&
589 (mid_entry
->command
== smb_buffer
->Command
)) {
590 if (check2ndT2(smb_buffer
,server
->maxBuf
) > 0) {
591 /* We have a multipart transact2 resp */
593 if (mid_entry
->resp_buf
) {
594 /* merge response - fix up 1st*/
595 if (coalesce_t2(smb_buffer
,
596 mid_entry
->resp_buf
)) {
597 mid_entry
->multiRsp
=
601 /* all parts received */
602 mid_entry
->multiEnd
=
608 cERROR(1,("1st trans2 resp needs bigbuf"));
609 /* BB maybe we can fix this up, switch
610 to already allocated large buffer? */
612 /* Have first buffer */
613 mid_entry
->resp_buf
=
615 mid_entry
->largeBuf
=
622 mid_entry
->resp_buf
= smb_buffer
;
623 mid_entry
->largeBuf
= isLargeBuf
;
625 task_to_wake
= mid_entry
->tsk
;
626 mid_entry
->midState
= MID_RESPONSE_RECEIVED
;
627 #ifdef CONFIG_CIFS_STATS2
628 mid_entry
->when_received
= jiffies
;
630 /* so we do not time out requests to server
631 which is still responding (since server could
632 be busy but not dead) */
633 server
->lstrp
= jiffies
;
637 spin_unlock(&GlobalMid_Lock
);
639 /* Was previous buf put in mpx struct for multi-rsp? */
641 /* smb buffer will be freed by user thread */
647 wake_up_process(task_to_wake
);
648 } else if (!is_valid_oplock_break(smb_buffer
, server
) &&
650 cERROR(1, ("No task to wake, unknown frame received! "
651 "NumMids %d", midCount
.counter
));
652 cifs_dump_mem("Received Data is: ", (char *)smb_buffer
,
653 sizeof(struct smb_hdr
));
654 #ifdef CONFIG_CIFS_DEBUG2
655 cifs_dump_detail(smb_buffer
);
656 cifs_dump_mids(server
);
657 #endif /* CIFS_DEBUG2 */
660 } /* end while !EXITING */
662 spin_lock(&GlobalMid_Lock
);
663 server
->tcpStatus
= CifsExiting
;
664 spin_unlock(&GlobalMid_Lock
);
665 wake_up_all(&server
->response_q
);
667 /* check if we have blocked requests that need to free */
668 /* Note that cifs_max_pending is normally 50, but
669 can be set at module install time to as little as two */
670 spin_lock(&GlobalMid_Lock
);
671 if (atomic_read(&server
->inFlight
) >= cifs_max_pending
)
672 atomic_set(&server
->inFlight
, cifs_max_pending
- 1);
673 /* We do not want to set the max_pending too low or we
674 could end up with the counter going negative */
675 spin_unlock(&GlobalMid_Lock
);
676 /* Although there should not be any requests blocked on
677 this queue it can not hurt to be paranoid and try to wake up requests
678 that may haven been blocked when more than 50 at time were on the wire
679 to the same server - they now will see the session is in exit state
680 and get out of SendReceive. */
681 wake_up_all(&server
->request_q
);
682 /* give those requests time to exit */
685 if (server
->ssocket
) {
686 sock_release(csocket
);
687 server
->ssocket
= NULL
;
689 /* buffer usuallly freed in free_mid - need to free it here on exit */
690 cifs_buf_release(bigbuf
);
691 if (smallbuf
) /* no sense logging a debug message if NULL */
692 cifs_small_buf_release(smallbuf
);
694 read_lock(&GlobalSMBSeslock
);
695 if (list_empty(&server
->pending_mid_q
)) {
696 /* loop through server session structures attached to this and
698 list_for_each(tmp
, &GlobalSMBSessionList
) {
700 list_entry(tmp
, struct cifsSesInfo
,
702 if (ses
->server
== server
) {
703 ses
->status
= CifsExiting
;
707 read_unlock(&GlobalSMBSeslock
);
709 /* although we can not zero the server struct pointer yet,
710 since there are active requests which may depnd on them,
711 mark the corresponding SMB sessions as exiting too */
712 list_for_each(tmp
, &GlobalSMBSessionList
) {
713 ses
= list_entry(tmp
, struct cifsSesInfo
,
715 if (ses
->server
== server
)
716 ses
->status
= CifsExiting
;
719 spin_lock(&GlobalMid_Lock
);
720 list_for_each(tmp
, &server
->pending_mid_q
) {
721 mid_entry
= list_entry(tmp
, struct mid_q_entry
, qhead
);
722 if (mid_entry
->midState
== MID_REQUEST_SUBMITTED
) {
723 cFYI(1, ("Clearing Mid 0x%x - waking up ",
725 task_to_wake
= mid_entry
->tsk
;
727 wake_up_process(task_to_wake
);
730 spin_unlock(&GlobalMid_Lock
);
731 read_unlock(&GlobalSMBSeslock
);
732 /* 1/8th of sec is more than enough time for them to exit */
736 if (!list_empty(&server
->pending_mid_q
)) {
737 /* mpx threads have not exited yet give them
738 at least the smb send timeout time for long ops */
739 /* due to delays on oplock break requests, we need
740 to wait at least 45 seconds before giving up
741 on a request getting a response and going ahead
743 cFYI(1, ("Wait for exit from demultiplex thread"));
745 /* if threads still have not exited they are probably never
746 coming home not much else we can do but free the memory */
749 /* last chance to mark ses pointers invalid
750 if there are any pointing to this (e.g
751 if a crazy root user tried to kill cifsd
752 kernel thread explicitly this might happen) */
753 write_lock(&GlobalSMBSeslock
);
754 list_for_each(tmp
, &GlobalSMBSessionList
) {
755 ses
= list_entry(tmp
, struct cifsSesInfo
,
757 if (ses
->server
== server
)
760 write_unlock(&GlobalSMBSeslock
);
762 kfree(server
->hostname
);
763 task_to_wake
= xchg(&server
->tsk
, NULL
);
766 length
= atomic_dec_return(&tcpSesAllocCount
);
768 mempool_resize(cifs_req_poolp
, length
+ cifs_min_rcv
,
771 /* if server->tsk was NULL then wait for a signal before exiting */
773 set_current_state(TASK_INTERRUPTIBLE
);
774 while (!signal_pending(current
)) {
776 set_current_state(TASK_INTERRUPTIBLE
);
778 set_current_state(TASK_RUNNING
);
784 /* extract the host portion of the UNC string */
786 extract_hostname(const char *unc
)
792 /* skip double chars at beginning of string */
793 /* BB: check validity of these bytes? */
796 /* delimiter between hostname and sharename is always '\\' now */
797 delim
= strchr(src
, '\\');
799 return ERR_PTR(-EINVAL
);
802 dst
= kmalloc((len
+ 1), GFP_KERNEL
);
804 return ERR_PTR(-ENOMEM
);
806 memcpy(dst
, src
, len
);
813 cifs_parse_mount_options(char *options
, const char *devname
,
818 unsigned int temp_len
, i
, j
;
824 if (Local_System_Name
[0] != 0)
825 memcpy(vol
->source_rfc1001_name
, Local_System_Name
, 15);
827 char *nodename
= utsname()->nodename
;
828 int n
= strnlen(nodename
, 15);
829 memset(vol
->source_rfc1001_name
, 0x20, 15);
830 for (i
= 0; i
< n
; i
++) {
831 /* does not have to be perfect mapping since field is
832 informational, only used for servers that do not support
833 port 445 and it can be overridden at mount time */
834 vol
->source_rfc1001_name
[i
] = toupper(nodename
[i
]);
837 vol
->source_rfc1001_name
[15] = 0;
838 /* null target name indicates to use *SMBSERVR default called name
839 if we end up sending RFC1001 session initialize */
840 vol
->target_rfc1001_name
[0] = 0;
841 vol
->linux_uid
= current
->uid
; /* current->euid instead? */
842 vol
->linux_gid
= current
->gid
;
843 vol
->dir_mode
= S_IRWXUGO
;
844 /* 2767 perms indicate mandatory locking support */
845 vol
->file_mode
= (S_IRWXUGO
| S_ISGID
) & (~S_IXGRP
);
847 /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
849 /* default is always to request posix paths. */
850 vol
->posix_paths
= 1;
855 if (strncmp(options
, "sep=", 4) == 0) {
856 if (options
[4] != 0) {
857 separator
[0] = options
[4];
860 cFYI(1, ("Null separator not allowed"));
864 while ((data
= strsep(&options
, separator
)) != NULL
) {
867 if ((value
= strchr(data
, '=')) != NULL
)
870 /* Have to parse this before we parse for "user" */
871 if (strnicmp(data
, "user_xattr", 10) == 0) {
873 } else if (strnicmp(data
, "nouser_xattr", 12) == 0) {
875 } else if (strnicmp(data
, "user", 4) == 0) {
878 "CIFS: invalid or missing username\n");
879 return 1; /* needs_arg; */
880 } else if (!*value
) {
881 /* null user, ie anonymous, authentication */
884 if (strnlen(value
, 200) < 200) {
885 vol
->username
= value
;
887 printk(KERN_WARNING
"CIFS: username too long\n");
890 } else if (strnicmp(data
, "pass", 4) == 0) {
892 vol
->password
= NULL
;
894 } else if (value
[0] == 0) {
895 /* check if string begins with double comma
896 since that would mean the password really
897 does start with a comma, and would not
898 indicate an empty string */
899 if (value
[1] != separator
[0]) {
900 vol
->password
= NULL
;
904 temp_len
= strlen(value
);
905 /* removed password length check, NTLM passwords
906 can be arbitrarily long */
908 /* if comma in password, the string will be
909 prematurely null terminated. Commas in password are
910 specified across the cifs mount interface by a double
911 comma ie ,, and a comma used as in other cases ie ','
912 as a parameter delimiter/separator is single and due
913 to the strsep above is temporarily zeroed. */
915 /* NB: password legally can have multiple commas and
916 the only illegal character in a password is null */
918 if ((value
[temp_len
] == 0) &&
919 (value
[temp_len
+1] == separator
[0])) {
921 value
[temp_len
] = separator
[0];
922 temp_len
+= 2; /* move after second comma */
923 while (value
[temp_len
] != 0) {
924 if (value
[temp_len
] == separator
[0]) {
925 if (value
[temp_len
+1] ==
927 /* skip second comma */
930 /* single comma indicating start
937 if (value
[temp_len
] == 0) {
941 /* point option to start of next parm */
942 options
= value
+ temp_len
+ 1;
944 /* go from value to value + temp_len condensing
945 double commas to singles. Note that this ends up
946 allocating a few bytes too many, which is ok */
947 vol
->password
= kzalloc(temp_len
, GFP_KERNEL
);
948 if (vol
->password
== NULL
) {
949 printk(KERN_WARNING
"CIFS: no memory "
953 for (i
= 0, j
= 0; i
< temp_len
; i
++, j
++) {
954 vol
->password
[j
] = value
[i
];
955 if (value
[i
] == separator
[0]
956 && value
[i
+1] == separator
[0]) {
957 /* skip second comma */
961 vol
->password
[j
] = 0;
963 vol
->password
= kzalloc(temp_len
+1, GFP_KERNEL
);
964 if (vol
->password
== NULL
) {
965 printk(KERN_WARNING
"CIFS: no memory "
969 strcpy(vol
->password
, value
);
971 } else if (strnicmp(data
, "ip", 2) == 0) {
972 if (!value
|| !*value
) {
974 } else if (strnlen(value
, 35) < 35) {
977 printk(KERN_WARNING
"CIFS: ip address "
981 } else if (strnicmp(data
, "sec", 3) == 0) {
982 if (!value
|| !*value
) {
983 cERROR(1, ("no security value specified"));
985 } else if (strnicmp(value
, "krb5i", 5) == 0) {
986 vol
->secFlg
|= CIFSSEC_MAY_KRB5
|
988 } else if (strnicmp(value
, "krb5p", 5) == 0) {
989 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
991 cERROR(1, ("Krb5 cifs privacy not supported"));
993 } else if (strnicmp(value
, "krb5", 4) == 0) {
994 vol
->secFlg
|= CIFSSEC_MAY_KRB5
;
995 } else if (strnicmp(value
, "ntlmv2i", 7) == 0) {
996 vol
->secFlg
|= CIFSSEC_MAY_NTLMV2
|
998 } else if (strnicmp(value
, "ntlmv2", 6) == 0) {
999 vol
->secFlg
|= CIFSSEC_MAY_NTLMV2
;
1000 } else if (strnicmp(value
, "ntlmi", 5) == 0) {
1001 vol
->secFlg
|= CIFSSEC_MAY_NTLM
|
1003 } else if (strnicmp(value
, "ntlm", 4) == 0) {
1004 /* ntlm is default so can be turned off too */
1005 vol
->secFlg
|= CIFSSEC_MAY_NTLM
;
1006 } else if (strnicmp(value
, "nontlm", 6) == 0) {
1007 /* BB is there a better way to do this? */
1008 vol
->secFlg
|= CIFSSEC_MAY_NTLMV2
;
1009 #ifdef CONFIG_CIFS_WEAK_PW_HASH
1010 } else if (strnicmp(value
, "lanman", 6) == 0) {
1011 vol
->secFlg
|= CIFSSEC_MAY_LANMAN
;
1013 } else if (strnicmp(value
, "none", 4) == 0) {
1016 cERROR(1, ("bad security option: %s", value
));
1019 } else if ((strnicmp(data
, "unc", 3) == 0)
1020 || (strnicmp(data
, "target", 6) == 0)
1021 || (strnicmp(data
, "path", 4) == 0)) {
1022 if (!value
|| !*value
) {
1023 printk(KERN_WARNING
"CIFS: invalid path to "
1024 "network resource\n");
1025 return 1; /* needs_arg; */
1027 if ((temp_len
= strnlen(value
, 300)) < 300) {
1028 vol
->UNC
= kmalloc(temp_len
+1, GFP_KERNEL
);
1029 if (vol
->UNC
== NULL
)
1031 strcpy(vol
->UNC
, value
);
1032 if (strncmp(vol
->UNC
, "//", 2) == 0) {
1035 } else if (strncmp(vol
->UNC
, "\\\\", 2) != 0) {
1037 "CIFS: UNC Path does not begin "
1038 "with // or \\\\ \n");
1042 printk(KERN_WARNING
"CIFS: UNC name too long\n");
1045 } else if ((strnicmp(data
, "domain", 3) == 0)
1046 || (strnicmp(data
, "workgroup", 5) == 0)) {
1047 if (!value
|| !*value
) {
1048 printk(KERN_WARNING
"CIFS: invalid domain name\n");
1049 return 1; /* needs_arg; */
1051 /* BB are there cases in which a comma can be valid in
1052 a domain name and need special handling? */
1053 if (strnlen(value
, 256) < 256) {
1054 vol
->domainname
= value
;
1055 cFYI(1, ("Domain name set"));
1057 printk(KERN_WARNING
"CIFS: domain name too "
1061 } else if (strnicmp(data
, "prefixpath", 10) == 0) {
1062 if (!value
|| !*value
) {
1064 "CIFS: invalid path prefix\n");
1065 return 1; /* needs_argument */
1067 if ((temp_len
= strnlen(value
, 1024)) < 1024) {
1068 if (value
[0] != '/')
1069 temp_len
++; /* missing leading slash */
1070 vol
->prepath
= kmalloc(temp_len
+1, GFP_KERNEL
);
1071 if (vol
->prepath
== NULL
)
1073 if (value
[0] != '/') {
1074 vol
->prepath
[0] = '/';
1075 strcpy(vol
->prepath
+1, value
);
1077 strcpy(vol
->prepath
, value
);
1078 cFYI(1, ("prefix path %s", vol
->prepath
));
1080 printk(KERN_WARNING
"CIFS: prefix too long\n");
1083 } else if (strnicmp(data
, "iocharset", 9) == 0) {
1084 if (!value
|| !*value
) {
1085 printk(KERN_WARNING
"CIFS: invalid iocharset "
1087 return 1; /* needs_arg; */
1089 if (strnlen(value
, 65) < 65) {
1090 if (strnicmp(value
, "default", 7))
1091 vol
->iocharset
= value
;
1092 /* if iocharset not set then load_nls_default
1093 is used by caller */
1094 cFYI(1, ("iocharset set to %s", value
));
1096 printk(KERN_WARNING
"CIFS: iocharset name "
1100 } else if (strnicmp(data
, "uid", 3) == 0) {
1101 if (value
&& *value
) {
1103 simple_strtoul(value
, &value
, 0);
1104 vol
->override_uid
= 1;
1106 } else if (strnicmp(data
, "gid", 3) == 0) {
1107 if (value
&& *value
) {
1109 simple_strtoul(value
, &value
, 0);
1110 vol
->override_gid
= 1;
1112 } else if (strnicmp(data
, "file_mode", 4) == 0) {
1113 if (value
&& *value
) {
1115 simple_strtoul(value
, &value
, 0);
1117 } else if (strnicmp(data
, "dir_mode", 4) == 0) {
1118 if (value
&& *value
) {
1120 simple_strtoul(value
, &value
, 0);
1122 } else if (strnicmp(data
, "dirmode", 4) == 0) {
1123 if (value
&& *value
) {
1125 simple_strtoul(value
, &value
, 0);
1127 } else if (strnicmp(data
, "port", 4) == 0) {
1128 if (value
&& *value
) {
1130 simple_strtoul(value
, &value
, 0);
1132 } else if (strnicmp(data
, "rsize", 5) == 0) {
1133 if (value
&& *value
) {
1135 simple_strtoul(value
, &value
, 0);
1137 } else if (strnicmp(data
, "wsize", 5) == 0) {
1138 if (value
&& *value
) {
1140 simple_strtoul(value
, &value
, 0);
1142 } else if (strnicmp(data
, "sockopt", 5) == 0) {
1143 if (value
&& *value
) {
1145 simple_strtoul(value
, &value
, 0);
1147 } else if (strnicmp(data
, "netbiosname", 4) == 0) {
1148 if (!value
|| !*value
|| (*value
== ' ')) {
1149 cFYI(1, ("invalid (empty) netbiosname"));
1151 memset(vol
->source_rfc1001_name
, 0x20, 15);
1152 for (i
= 0; i
< 15; i
++) {
1153 /* BB are there cases in which a comma can be
1154 valid in this workstation netbios name (and need
1155 special handling)? */
1157 /* We do not uppercase netbiosname for user */
1161 vol
->source_rfc1001_name
[i
] =
1164 /* The string has 16th byte zero still from
1165 set at top of the function */
1166 if ((i
== 15) && (value
[i
] != 0))
1167 printk(KERN_WARNING
"CIFS: netbiosname"
1168 " longer than 15 truncated.\n");
1170 } else if (strnicmp(data
, "servern", 7) == 0) {
1171 /* servernetbiosname specified override *SMBSERVER */
1172 if (!value
|| !*value
|| (*value
== ' ')) {
1173 cFYI(1, ("empty server netbiosname specified"));
1175 /* last byte, type, is 0x20 for servr type */
1176 memset(vol
->target_rfc1001_name
, 0x20, 16);
1178 for (i
= 0; i
< 15; i
++) {
1179 /* BB are there cases in which a comma can be
1180 valid in this workstation netbios name
1181 (and need special handling)? */
1183 /* user or mount helper must uppercase
1188 vol
->target_rfc1001_name
[i
] =
1191 /* The string has 16th byte zero still from
1192 set at top of the function */
1193 if ((i
== 15) && (value
[i
] != 0))
1194 printk(KERN_WARNING
"CIFS: server net"
1195 "biosname longer than 15 truncated.\n");
1197 } else if (strnicmp(data
, "credentials", 4) == 0) {
1199 } else if (strnicmp(data
, "version", 3) == 0) {
1201 } else if (strnicmp(data
, "guest", 5) == 0) {
1203 } else if (strnicmp(data
, "rw", 2) == 0) {
1205 } else if (strnicmp(data
, "noblocksend", 11) == 0) {
1206 vol
->noblocksnd
= 1;
1207 } else if (strnicmp(data
, "noautotune", 10) == 0) {
1208 vol
->noautotune
= 1;
1209 } else if ((strnicmp(data
, "suid", 4) == 0) ||
1210 (strnicmp(data
, "nosuid", 6) == 0) ||
1211 (strnicmp(data
, "exec", 4) == 0) ||
1212 (strnicmp(data
, "noexec", 6) == 0) ||
1213 (strnicmp(data
, "nodev", 5) == 0) ||
1214 (strnicmp(data
, "noauto", 6) == 0) ||
1215 (strnicmp(data
, "dev", 3) == 0)) {
1216 /* The mount tool or mount.cifs helper (if present)
1217 uses these opts to set flags, and the flags are read
1218 by the kernel vfs layer before we get here (ie
1219 before read super) so there is no point trying to
1220 parse these options again and set anything and it
1221 is ok to just ignore them */
1223 } else if (strnicmp(data
, "ro", 2) == 0) {
1225 } else if (strnicmp(data
, "hard", 4) == 0) {
1227 } else if (strnicmp(data
, "soft", 4) == 0) {
1229 } else if (strnicmp(data
, "perm", 4) == 0) {
1231 } else if (strnicmp(data
, "noperm", 6) == 0) {
1233 } else if (strnicmp(data
, "mapchars", 8) == 0) {
1235 } else if (strnicmp(data
, "nomapchars", 10) == 0) {
1237 } else if (strnicmp(data
, "sfu", 3) == 0) {
1239 } else if (strnicmp(data
, "nosfu", 5) == 0) {
1241 } else if (strnicmp(data
, "nodfs", 5) == 0) {
1243 } else if (strnicmp(data
, "posixpaths", 10) == 0) {
1244 vol
->posix_paths
= 1;
1245 } else if (strnicmp(data
, "noposixpaths", 12) == 0) {
1246 vol
->posix_paths
= 0;
1247 } else if (strnicmp(data
, "nounix", 6) == 0) {
1248 vol
->no_linux_ext
= 1;
1249 } else if (strnicmp(data
, "nolinux", 7) == 0) {
1250 vol
->no_linux_ext
= 1;
1251 } else if ((strnicmp(data
, "nocase", 6) == 0) ||
1252 (strnicmp(data
, "ignorecase", 10) == 0)) {
1254 } else if (strnicmp(data
, "brl", 3) == 0) {
1256 } else if ((strnicmp(data
, "nobrl", 5) == 0) ||
1257 (strnicmp(data
, "nolock", 6) == 0)) {
1259 /* turn off mandatory locking in mode
1260 if remote locking is turned off since the
1261 local vfs will do advisory */
1262 if (vol
->file_mode
==
1263 (S_IALLUGO
& ~(S_ISUID
| S_IXGRP
)))
1264 vol
->file_mode
= S_IALLUGO
;
1265 } else if (strnicmp(data
, "setuids", 7) == 0) {
1267 } else if (strnicmp(data
, "nosetuids", 9) == 0) {
1269 } else if (strnicmp(data
, "dynperm", 7) == 0) {
1270 vol
->dynperm
= true;
1271 } else if (strnicmp(data
, "nodynperm", 9) == 0) {
1272 vol
->dynperm
= false;
1273 } else if (strnicmp(data
, "nohard", 6) == 0) {
1275 } else if (strnicmp(data
, "nosoft", 6) == 0) {
1277 } else if (strnicmp(data
, "nointr", 6) == 0) {
1279 } else if (strnicmp(data
, "intr", 4) == 0) {
1281 } else if (strnicmp(data
, "serverino", 7) == 0) {
1282 vol
->server_ino
= 1;
1283 } else if (strnicmp(data
, "noserverino", 9) == 0) {
1284 vol
->server_ino
= 0;
1285 } else if (strnicmp(data
, "cifsacl", 7) == 0) {
1287 } else if (strnicmp(data
, "nocifsacl", 9) == 0) {
1289 } else if (strnicmp(data
, "acl", 3) == 0) {
1290 vol
->no_psx_acl
= 0;
1291 } else if (strnicmp(data
, "noacl", 5) == 0) {
1292 vol
->no_psx_acl
= 1;
1293 #ifdef CONFIG_CIFS_EXPERIMENTAL
1294 } else if (strnicmp(data
, "locallease", 6) == 0) {
1295 vol
->local_lease
= 1;
1297 } else if (strnicmp(data
, "sign", 4) == 0) {
1298 vol
->secFlg
|= CIFSSEC_MUST_SIGN
;
1299 } else if (strnicmp(data
, "seal", 4) == 0) {
1300 /* we do not do the following in secFlags because seal
1301 is a per tree connection (mount) not a per socket
1302 or per-smb connection option in the protocol */
1303 /* vol->secFlg |= CIFSSEC_MUST_SEAL; */
1305 } else if (strnicmp(data
, "direct", 6) == 0) {
1307 } else if (strnicmp(data
, "forcedirectio", 13) == 0) {
1309 } else if (strnicmp(data
, "in6_addr", 8) == 0) {
1310 if (!value
|| !*value
) {
1311 vol
->in6_addr
= NULL
;
1312 } else if (strnlen(value
, 49) == 48) {
1313 vol
->in6_addr
= value
;
1315 printk(KERN_WARNING
"CIFS: ip v6 address not "
1316 "48 characters long\n");
1319 } else if (strnicmp(data
, "noac", 4) == 0) {
1320 printk(KERN_WARNING
"CIFS: Mount option noac not "
1321 "supported. Instead set "
1322 "/proc/fs/cifs/LookupCacheEnabled to 0\n");
1324 printk(KERN_WARNING
"CIFS: Unknown mount option %s\n",
1327 if (vol
->UNC
== NULL
) {
1328 if (devname
== NULL
) {
1329 printk(KERN_WARNING
"CIFS: Missing UNC name for mount "
1333 if ((temp_len
= strnlen(devname
, 300)) < 300) {
1334 vol
->UNC
= kmalloc(temp_len
+1, GFP_KERNEL
);
1335 if (vol
->UNC
== NULL
)
1337 strcpy(vol
->UNC
, devname
);
1338 if (strncmp(vol
->UNC
, "//", 2) == 0) {
1341 } else if (strncmp(vol
->UNC
, "\\\\", 2) != 0) {
1342 printk(KERN_WARNING
"CIFS: UNC Path does not "
1343 "begin with // or \\\\ \n");
1346 value
= strpbrk(vol
->UNC
+2, "/\\");
1350 printk(KERN_WARNING
"CIFS: UNC name too long\n");
1354 if (vol
->UNCip
== NULL
)
1355 vol
->UNCip
= &vol
->UNC
[2];
1360 static struct cifsSesInfo
*
1361 cifs_find_tcp_session(struct in_addr
*target_ip_addr
,
1362 struct in6_addr
*target_ip6_addr
,
1363 char *userName
, struct TCP_Server_Info
**psrvTcp
)
1365 struct list_head
*tmp
;
1366 struct cifsSesInfo
*ses
;
1370 read_lock(&GlobalSMBSeslock
);
1371 list_for_each(tmp
, &GlobalSMBSessionList
) {
1372 ses
= list_entry(tmp
, struct cifsSesInfo
, cifsSessionList
);
1376 if (target_ip_addr
&&
1377 ses
->server
->addr
.sockAddr
.sin_addr
.s_addr
!= target_ip_addr
->s_addr
)
1379 else if (target_ip6_addr
&&
1380 memcmp(&ses
->server
->addr
.sockAddr6
.sin6_addr
,
1381 target_ip6_addr
, sizeof(*target_ip6_addr
)))
1383 /* BB lock server and tcp session; increment use count here?? */
1385 /* found a match on the TCP session */
1386 *psrvTcp
= ses
->server
;
1388 /* BB check if reconnection needed */
1389 if (strncmp(ses
->userName
, userName
, MAX_USERNAME_SIZE
) == 0) {
1390 read_unlock(&GlobalSMBSeslock
);
1391 /* Found exact match on both TCP and
1395 /* else tcp and smb sessions need reconnection */
1397 read_unlock(&GlobalSMBSeslock
);
1402 static struct cifsTconInfo
*
1403 find_unc(__be32 new_target_ip_addr
, char *uncName
, char *userName
)
1405 struct list_head
*tmp
;
1406 struct cifsTconInfo
*tcon
;
1409 read_lock(&GlobalSMBSeslock
);
1411 list_for_each(tmp
, &GlobalTreeConnectionList
) {
1412 cFYI(1, ("Next tcon"));
1413 tcon
= list_entry(tmp
, struct cifsTconInfo
, cifsConnectionList
);
1414 if (!tcon
->ses
|| !tcon
->ses
->server
)
1417 old_ip
= tcon
->ses
->server
->addr
.sockAddr
.sin_addr
.s_addr
;
1418 cFYI(1, ("old ip addr: %x == new ip %x ?",
1419 old_ip
, new_target_ip_addr
));
1421 if (old_ip
!= new_target_ip_addr
)
1424 /* BB lock tcon, server, tcp session and increment use count? */
1425 /* found a match on the TCP session */
1426 /* BB check if reconnection needed */
1427 cFYI(1, ("IP match, old UNC: %s new: %s",
1428 tcon
->treeName
, uncName
));
1430 if (strncmp(tcon
->treeName
, uncName
, MAX_TREE_SIZE
))
1433 cFYI(1, ("and old usr: %s new: %s",
1434 tcon
->treeName
, uncName
));
1436 if (strncmp(tcon
->ses
->userName
, userName
, MAX_USERNAME_SIZE
))
1439 /* matched smb session (user name) */
1440 read_unlock(&GlobalSMBSeslock
);
1444 read_unlock(&GlobalSMBSeslock
);
1449 get_dfs_path(int xid
, struct cifsSesInfo
*pSesInfo
, const char *old_path
,
1450 const struct nls_table
*nls_codepage
, unsigned int *pnum_referrals
,
1451 struct dfs_info3_param
**preferrals
, int remap
)
1456 *pnum_referrals
= 0;
1459 if (pSesInfo
->ipc_tid
== 0) {
1460 temp_unc
= kmalloc(2 /* for slashes */ +
1461 strnlen(pSesInfo
->serverName
,
1462 SERVER_NAME_LEN_WITH_NULL
* 2)
1463 + 1 + 4 /* slash IPC$ */ + 2,
1465 if (temp_unc
== NULL
)
1469 strcpy(temp_unc
+ 2, pSesInfo
->serverName
);
1470 strcpy(temp_unc
+ 2 + strlen(pSesInfo
->serverName
), "\\IPC$");
1471 rc
= CIFSTCon(xid
, pSesInfo
, temp_unc
, NULL
, nls_codepage
);
1473 ("CIFS Tcon rc = %d ipc_tid = %d", rc
, pSesInfo
->ipc_tid
));
1477 rc
= CIFSGetDFSRefer(xid
, pSesInfo
, old_path
, preferrals
,
1478 pnum_referrals
, nls_codepage
, remap
);
1479 /* BB map targetUNCs to dfs_info3 structures, here or
1480 in CIFSGetDFSRefer BB */
1485 #ifdef CONFIG_DEBUG_LOCK_ALLOC
1486 static struct lock_class_key cifs_key
[2];
1487 static struct lock_class_key cifs_slock_key
[2];
1490 cifs_reclassify_socket4(struct socket
*sock
)
1492 struct sock
*sk
= sock
->sk
;
1493 BUG_ON(sock_owned_by_user(sk
));
1494 sock_lock_init_class_and_name(sk
, "slock-AF_INET-CIFS",
1495 &cifs_slock_key
[0], "sk_lock-AF_INET-CIFS", &cifs_key
[0]);
1499 cifs_reclassify_socket6(struct socket
*sock
)
1501 struct sock
*sk
= sock
->sk
;
1502 BUG_ON(sock_owned_by_user(sk
));
1503 sock_lock_init_class_and_name(sk
, "slock-AF_INET6-CIFS",
1504 &cifs_slock_key
[1], "sk_lock-AF_INET6-CIFS", &cifs_key
[1]);
1508 cifs_reclassify_socket4(struct socket
*sock
)
1513 cifs_reclassify_socket6(struct socket
*sock
)
1518 /* See RFC1001 section 14 on representation of Netbios names */
1519 static void rfc1002mangle(char *target
, char *source
, unsigned int length
)
1523 for (i
= 0, j
= 0; i
< (length
); i
++) {
1524 /* mask a nibble at a time and encode */
1525 target
[j
] = 'A' + (0x0F & (source
[i
] >> 4));
1526 target
[j
+1] = 'A' + (0x0F & source
[i
]);
1534 ipv4_connect(struct sockaddr_in
*psin_server
, struct socket
**csocket
,
1535 char *netbios_name
, char *target_name
,
1536 bool noblocksnd
, bool noautotune
)
1540 __be16 orig_port
= 0;
1542 if (*csocket
== NULL
) {
1543 rc
= sock_create_kern(PF_INET
, SOCK_STREAM
,
1544 IPPROTO_TCP
, csocket
);
1546 cERROR(1, ("Error %d creating socket", rc
));
1550 /* BB other socket options to set KEEPALIVE, NODELAY? */
1551 cFYI(1, ("Socket created"));
1552 (*csocket
)->sk
->sk_allocation
= GFP_NOFS
;
1553 cifs_reclassify_socket4(*csocket
);
1557 psin_server
->sin_family
= AF_INET
;
1558 if (psin_server
->sin_port
) { /* user overrode default port */
1559 rc
= (*csocket
)->ops
->connect(*csocket
,
1560 (struct sockaddr
*) psin_server
,
1561 sizeof(struct sockaddr_in
), 0);
1567 /* save original port so we can retry user specified port
1568 later if fall back ports fail this time */
1569 orig_port
= psin_server
->sin_port
;
1571 /* do not retry on the same port we just failed on */
1572 if (psin_server
->sin_port
!= htons(CIFS_PORT
)) {
1573 psin_server
->sin_port
= htons(CIFS_PORT
);
1575 rc
= (*csocket
)->ops
->connect(*csocket
,
1576 (struct sockaddr
*) psin_server
,
1577 sizeof(struct sockaddr_in
), 0);
1583 psin_server
->sin_port
= htons(RFC1001_PORT
);
1584 rc
= (*csocket
)->ops
->connect(*csocket
, (struct sockaddr
*)
1586 sizeof(struct sockaddr_in
), 0);
1591 /* give up here - unless we want to retry on different
1592 protocol families some day */
1595 psin_server
->sin_port
= orig_port
;
1596 cFYI(1, ("Error %d connecting to server via ipv4", rc
));
1597 sock_release(*csocket
);
1601 /* Eventually check for other socket options to change from
1602 the default. sock_setsockopt not used because it expects
1603 user space buffer */
1604 cFYI(1, ("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",
1605 (*csocket
)->sk
->sk_sndbuf
,
1606 (*csocket
)->sk
->sk_rcvbuf
, (*csocket
)->sk
->sk_rcvtimeo
));
1607 (*csocket
)->sk
->sk_rcvtimeo
= 7 * HZ
;
1609 (*csocket
)->sk
->sk_sndtimeo
= 3 * HZ
;
1611 /* make the bufsizes depend on wsize/rsize and max requests */
1613 if ((*csocket
)->sk
->sk_sndbuf
< (200 * 1024))
1614 (*csocket
)->sk
->sk_sndbuf
= 200 * 1024;
1615 if ((*csocket
)->sk
->sk_rcvbuf
< (140 * 1024))
1616 (*csocket
)->sk
->sk_rcvbuf
= 140 * 1024;
1619 /* send RFC1001 sessinit */
1620 if (psin_server
->sin_port
== htons(RFC1001_PORT
)) {
1621 /* some servers require RFC1001 sessinit before sending
1622 negprot - BB check reconnection in case where second
1623 sessinit is sent but no second negprot */
1624 struct rfc1002_session_packet
*ses_init_buf
;
1625 struct smb_hdr
*smb_buf
;
1626 ses_init_buf
= kzalloc(sizeof(struct rfc1002_session_packet
),
1629 ses_init_buf
->trailer
.session_req
.called_len
= 32;
1630 if (target_name
&& (target_name
[0] != 0)) {
1631 rfc1002mangle(ses_init_buf
->trailer
.session_req
.called_name
,
1634 rfc1002mangle(ses_init_buf
->trailer
.session_req
.called_name
,
1635 DEFAULT_CIFS_CALLED_NAME
, 16);
1638 ses_init_buf
->trailer
.session_req
.calling_len
= 32;
1639 /* calling name ends in null (byte 16) from old smb
1641 if (netbios_name
&& (netbios_name
[0] != 0)) {
1642 rfc1002mangle(ses_init_buf
->trailer
.session_req
.calling_name
,
1645 rfc1002mangle(ses_init_buf
->trailer
.session_req
.calling_name
,
1646 "LINUX_CIFS_CLNT", 16);
1648 ses_init_buf
->trailer
.session_req
.scope1
= 0;
1649 ses_init_buf
->trailer
.session_req
.scope2
= 0;
1650 smb_buf
= (struct smb_hdr
*)ses_init_buf
;
1651 /* sizeof RFC1002_SESSION_REQUEST with no scope */
1652 smb_buf
->smb_buf_length
= 0x81000044;
1653 rc
= smb_send(*csocket
, smb_buf
, 0x44,
1654 (struct sockaddr
*)psin_server
, noblocksnd
);
1655 kfree(ses_init_buf
);
1656 msleep(1); /* RFC1001 layer in at least one server
1657 requires very short break before negprot
1658 presumably because not expecting negprot
1659 to follow so fast. This is a simple
1660 solution that works without
1661 complicating the code and causes no
1662 significant slowing down on mount
1663 for everyone else */
1665 /* else the negprot may still work without this
1666 even though malloc failed */
1674 ipv6_connect(struct sockaddr_in6
*psin_server
, struct socket
**csocket
,
1679 __be16 orig_port
= 0;
1681 if (*csocket
== NULL
) {
1682 rc
= sock_create_kern(PF_INET6
, SOCK_STREAM
,
1683 IPPROTO_TCP
, csocket
);
1685 cERROR(1, ("Error %d creating ipv6 socket", rc
));
1689 /* BB other socket options to set KEEPALIVE, NODELAY? */
1690 cFYI(1, ("ipv6 Socket created"));
1691 (*csocket
)->sk
->sk_allocation
= GFP_NOFS
;
1692 cifs_reclassify_socket6(*csocket
);
1696 psin_server
->sin6_family
= AF_INET6
;
1698 if (psin_server
->sin6_port
) { /* user overrode default port */
1699 rc
= (*csocket
)->ops
->connect(*csocket
,
1700 (struct sockaddr
*) psin_server
,
1701 sizeof(struct sockaddr_in6
), 0);
1707 /* save original port so we can retry user specified port
1708 later if fall back ports fail this time */
1710 orig_port
= psin_server
->sin6_port
;
1711 /* do not retry on the same port we just failed on */
1712 if (psin_server
->sin6_port
!= htons(CIFS_PORT
)) {
1713 psin_server
->sin6_port
= htons(CIFS_PORT
);
1715 rc
= (*csocket
)->ops
->connect(*csocket
,
1716 (struct sockaddr
*) psin_server
,
1717 sizeof(struct sockaddr_in6
), 0);
1723 psin_server
->sin6_port
= htons(RFC1001_PORT
);
1724 rc
= (*csocket
)->ops
->connect(*csocket
, (struct sockaddr
*)
1725 psin_server
, sizeof(struct sockaddr_in6
), 0);
1730 /* give up here - unless we want to retry on different
1731 protocol families some day */
1734 psin_server
->sin6_port
= orig_port
;
1735 cFYI(1, ("Error %d connecting to server via ipv6", rc
));
1736 sock_release(*csocket
);
1740 /* Eventually check for other socket options to change from
1741 the default. sock_setsockopt not used because it expects
1742 user space buffer */
1743 (*csocket
)->sk
->sk_rcvtimeo
= 7 * HZ
;
1745 (*csocket
)->sk
->sk_sndtimeo
= 3 * HZ
;
1751 void reset_cifs_unix_caps(int xid
, struct cifsTconInfo
*tcon
,
1752 struct super_block
*sb
, struct smb_vol
*vol_info
)
1754 /* if we are reconnecting then should we check to see if
1755 * any requested capabilities changed locally e.g. via
1756 * remount but we can not do much about it here
1757 * if they have (even if we could detect it by the following)
1758 * Perhaps we could add a backpointer to array of sb from tcon
1759 * or if we change to make all sb to same share the same
1760 * sb as NFS - then we only have one backpointer to sb.
1761 * What if we wanted to mount the server share twice once with
1762 * and once without posixacls or posix paths? */
1763 __u64 saved_cap
= le64_to_cpu(tcon
->fsUnixInfo
.Capability
);
1765 if (vol_info
&& vol_info
->no_linux_ext
) {
1766 tcon
->fsUnixInfo
.Capability
= 0;
1767 tcon
->unix_ext
= 0; /* Unix Extensions disabled */
1768 cFYI(1, ("Linux protocol extensions disabled"));
1770 } else if (vol_info
)
1771 tcon
->unix_ext
= 1; /* Unix Extensions supported */
1773 if (tcon
->unix_ext
== 0) {
1774 cFYI(1, ("Unix extensions disabled so not set on reconnect"));
1778 if (!CIFSSMBQFSUnixInfo(xid
, tcon
)) {
1779 __u64 cap
= le64_to_cpu(tcon
->fsUnixInfo
.Capability
);
1781 /* check for reconnect case in which we do not
1782 want to change the mount behavior if we can avoid it */
1783 if (vol_info
== NULL
) {
1784 /* turn off POSIX ACL and PATHNAMES if not set
1785 originally at mount time */
1786 if ((saved_cap
& CIFS_UNIX_POSIX_ACL_CAP
) == 0)
1787 cap
&= ~CIFS_UNIX_POSIX_ACL_CAP
;
1788 if ((saved_cap
& CIFS_UNIX_POSIX_PATHNAMES_CAP
) == 0) {
1789 if (cap
& CIFS_UNIX_POSIX_PATHNAMES_CAP
)
1790 cERROR(1, ("POSIXPATH support change"));
1791 cap
&= ~CIFS_UNIX_POSIX_PATHNAMES_CAP
;
1792 } else if ((cap
& CIFS_UNIX_POSIX_PATHNAMES_CAP
) == 0) {
1793 cERROR(1, ("possible reconnect error"));
1795 ("server disabled POSIX path support"));
1799 cap
&= CIFS_UNIX_CAP_MASK
;
1800 if (vol_info
&& vol_info
->no_psx_acl
)
1801 cap
&= ~CIFS_UNIX_POSIX_ACL_CAP
;
1802 else if (CIFS_UNIX_POSIX_ACL_CAP
& cap
) {
1803 cFYI(1, ("negotiated posix acl support"));
1805 sb
->s_flags
|= MS_POSIXACL
;
1808 if (vol_info
&& vol_info
->posix_paths
== 0)
1809 cap
&= ~CIFS_UNIX_POSIX_PATHNAMES_CAP
;
1810 else if (cap
& CIFS_UNIX_POSIX_PATHNAMES_CAP
) {
1811 cFYI(1, ("negotiate posix pathnames"));
1813 CIFS_SB(sb
)->mnt_cifs_flags
|=
1814 CIFS_MOUNT_POSIX_PATHS
;
1817 /* We might be setting the path sep back to a different
1818 form if we are reconnecting and the server switched its
1819 posix path capability for this share */
1820 if (sb
&& (CIFS_SB(sb
)->prepathlen
> 0))
1821 CIFS_SB(sb
)->prepath
[0] = CIFS_DIR_SEP(CIFS_SB(sb
));
1823 if (sb
&& (CIFS_SB(sb
)->rsize
> 127 * 1024)) {
1824 if ((cap
& CIFS_UNIX_LARGE_READ_CAP
) == 0) {
1825 CIFS_SB(sb
)->rsize
= 127 * 1024;
1827 ("larger reads not supported by srv"));
1832 cFYI(1, ("Negotiate caps 0x%x", (int)cap
));
1833 #ifdef CONFIG_CIFS_DEBUG2
1834 if (cap
& CIFS_UNIX_FCNTL_CAP
)
1835 cFYI(1, ("FCNTL cap"));
1836 if (cap
& CIFS_UNIX_EXTATTR_CAP
)
1837 cFYI(1, ("EXTATTR cap"));
1838 if (cap
& CIFS_UNIX_POSIX_PATHNAMES_CAP
)
1839 cFYI(1, ("POSIX path cap"));
1840 if (cap
& CIFS_UNIX_XATTR_CAP
)
1841 cFYI(1, ("XATTR cap"));
1842 if (cap
& CIFS_UNIX_POSIX_ACL_CAP
)
1843 cFYI(1, ("POSIX ACL cap"));
1844 if (cap
& CIFS_UNIX_LARGE_READ_CAP
)
1845 cFYI(1, ("very large read cap"));
1846 if (cap
& CIFS_UNIX_LARGE_WRITE_CAP
)
1847 cFYI(1, ("very large write cap"));
1848 #endif /* CIFS_DEBUG2 */
1849 if (CIFSSMBSetFSUnixInfo(xid
, tcon
, cap
)) {
1850 if (vol_info
== NULL
) {
1851 cFYI(1, ("resetting capabilities failed"));
1853 cERROR(1, ("Negotiating Unix capabilities "
1854 "with the server failed. Consider "
1855 "mounting with the Unix Extensions\n"
1856 "disabled, if problems are found, "
1857 "by specifying the nounix mount "
1865 convert_delimiter(char *path
, char delim
)
1878 for (i
= 0; path
[i
] != '\0'; i
++) {
1879 if (path
[i
] == old_delim
)
1885 kill_cifsd(struct TCP_Server_Info
*server
)
1887 struct task_struct
*task
;
1889 task
= xchg(&server
->tsk
, NULL
);
1891 force_sig(SIGKILL
, task
);
1894 static void setup_cifs_sb(struct smb_vol
*pvolume_info
,
1895 struct cifs_sb_info
*cifs_sb
)
1897 if (pvolume_info
->rsize
> CIFSMaxBufSize
) {
1898 cERROR(1, ("rsize %d too large, using MaxBufSize",
1899 pvolume_info
->rsize
));
1900 cifs_sb
->rsize
= CIFSMaxBufSize
;
1901 } else if ((pvolume_info
->rsize
) &&
1902 (pvolume_info
->rsize
<= CIFSMaxBufSize
))
1903 cifs_sb
->rsize
= pvolume_info
->rsize
;
1905 cifs_sb
->rsize
= CIFSMaxBufSize
;
1907 if (pvolume_info
->wsize
> PAGEVEC_SIZE
* PAGE_CACHE_SIZE
) {
1908 cERROR(1, ("wsize %d too large, using 4096 instead",
1909 pvolume_info
->wsize
));
1910 cifs_sb
->wsize
= 4096;
1911 } else if (pvolume_info
->wsize
)
1912 cifs_sb
->wsize
= pvolume_info
->wsize
;
1914 cifs_sb
->wsize
= min_t(const int,
1915 PAGEVEC_SIZE
* PAGE_CACHE_SIZE
,
1917 /* old default of CIFSMaxBufSize was too small now
1918 that SMB Write2 can send multiple pages in kvec.
1919 RFC1001 does not describe what happens when frame
1920 bigger than 128K is sent so use that as max in
1921 conjunction with 52K kvec constraint on arch with 4K
1924 if (cifs_sb
->rsize
< 2048) {
1925 cifs_sb
->rsize
= 2048;
1926 /* Windows ME may prefer this */
1927 cFYI(1, ("readsize set to minimum: 2048"));
1929 /* calculate prepath */
1930 cifs_sb
->prepath
= pvolume_info
->prepath
;
1931 if (cifs_sb
->prepath
) {
1932 cifs_sb
->prepathlen
= strlen(cifs_sb
->prepath
);
1933 /* we can not convert the / to \ in the path
1934 separators in the prefixpath yet because we do not
1935 know (until reset_cifs_unix_caps is called later)
1936 whether POSIX PATH CAP is available. We normalize
1937 the / to \ after reset_cifs_unix_caps is called */
1938 pvolume_info
->prepath
= NULL
;
1940 cifs_sb
->prepathlen
= 0;
1941 cifs_sb
->mnt_uid
= pvolume_info
->linux_uid
;
1942 cifs_sb
->mnt_gid
= pvolume_info
->linux_gid
;
1943 cifs_sb
->mnt_file_mode
= pvolume_info
->file_mode
;
1944 cifs_sb
->mnt_dir_mode
= pvolume_info
->dir_mode
;
1945 cFYI(1, ("file mode: 0x%x dir mode: 0x%x",
1946 cifs_sb
->mnt_file_mode
, cifs_sb
->mnt_dir_mode
));
1948 if (pvolume_info
->noperm
)
1949 cifs_sb
->mnt_cifs_flags
|= CIFS_MOUNT_NO_PERM
;
1950 if (pvolume_info
->setuids
)
1951 cifs_sb
->mnt_cifs_flags
|= CIFS_MOUNT_SET_UID
;
1952 if (pvolume_info
->server_ino
)
1953 cifs_sb
->mnt_cifs_flags
|= CIFS_MOUNT_SERVER_INUM
;
1954 if (pvolume_info
->remap
)
1955 cifs_sb
->mnt_cifs_flags
|= CIFS_MOUNT_MAP_SPECIAL_CHR
;
1956 if (pvolume_info
->no_xattr
)
1957 cifs_sb
->mnt_cifs_flags
|= CIFS_MOUNT_NO_XATTR
;
1958 if (pvolume_info
->sfu_emul
)
1959 cifs_sb
->mnt_cifs_flags
|= CIFS_MOUNT_UNX_EMUL
;
1960 if (pvolume_info
->nobrl
)
1961 cifs_sb
->mnt_cifs_flags
|= CIFS_MOUNT_NO_BRL
;
1962 if (pvolume_info
->cifs_acl
)
1963 cifs_sb
->mnt_cifs_flags
|= CIFS_MOUNT_CIFS_ACL
;
1964 if (pvolume_info
->override_uid
)
1965 cifs_sb
->mnt_cifs_flags
|= CIFS_MOUNT_OVERR_UID
;
1966 if (pvolume_info
->override_gid
)
1967 cifs_sb
->mnt_cifs_flags
|= CIFS_MOUNT_OVERR_GID
;
1968 if (pvolume_info
->dynperm
)
1969 cifs_sb
->mnt_cifs_flags
|= CIFS_MOUNT_DYNPERM
;
1970 if (pvolume_info
->direct_io
) {
1971 cFYI(1, ("mounting share using direct i/o"));
1972 cifs_sb
->mnt_cifs_flags
|= CIFS_MOUNT_DIRECT_IO
;
1975 if ((pvolume_info
->cifs_acl
) && (pvolume_info
->dynperm
))
1976 cERROR(1, ("mount option dynperm ignored if cifsacl "
1977 "mount option supported"));
1981 cifs_mount(struct super_block
*sb
, struct cifs_sb_info
*cifs_sb
,
1982 char *mount_data
, const char *devname
)
1986 struct socket
*csocket
= NULL
;
1987 struct sockaddr addr
;
1988 struct sockaddr_in
*sin_server
= (struct sockaddr_in
*) &addr
;
1989 struct sockaddr_in6
*sin_server6
= (struct sockaddr_in6
*) &addr
;
1990 struct smb_vol volume_info
;
1991 struct cifsSesInfo
*pSesInfo
= NULL
;
1992 struct cifsSesInfo
*existingCifsSes
= NULL
;
1993 struct cifsTconInfo
*tcon
= NULL
;
1994 struct TCP_Server_Info
*srvTcp
= NULL
;
1998 /* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */
2000 memset(&addr
, 0, sizeof(struct sockaddr
));
2001 memset(&volume_info
, 0, sizeof(struct smb_vol
));
2002 if (cifs_parse_mount_options(mount_data
, devname
, &volume_info
)) {
2007 if (volume_info
.nullauth
) {
2008 cFYI(1, ("null user"));
2009 volume_info
.username
= "";
2010 } else if (volume_info
.username
) {
2011 /* BB fixme parse for domain name here */
2012 cFYI(1, ("Username: %s", volume_info
.username
));
2014 cifserror("No username specified");
2015 /* In userspace mount helper we can get user name from alternate
2016 locations such as env variables and files on disk */
2021 if (volume_info
.UNCip
&& volume_info
.UNC
) {
2022 rc
= cifs_inet_pton(AF_INET
, volume_info
.UNCip
,
2023 &sin_server
->sin_addr
.s_addr
);
2026 /* not ipv4 address, try ipv6 */
2027 rc
= cifs_inet_pton(AF_INET6
, volume_info
.UNCip
,
2028 &sin_server6
->sin6_addr
.in6_u
);
2030 addr
.sa_family
= AF_INET6
;
2032 addr
.sa_family
= AF_INET
;
2036 /* we failed translating address */
2041 cFYI(1, ("UNC: %s ip: %s", volume_info
.UNC
, volume_info
.UNCip
));
2044 } else if (volume_info
.UNCip
) {
2045 /* BB using ip addr as server name to connect to the
2047 cERROR(1, ("Connecting to DFS root not implemented yet"));
2050 } else /* which servers DFS root would we conect to */ {
2052 ("CIFS mount error: No UNC path (e.g. -o "
2053 "unc=//192.168.1.100/public) specified"));
2058 /* this is needed for ASCII cp to Unicode converts */
2059 if (volume_info
.iocharset
== NULL
) {
2060 cifs_sb
->local_nls
= load_nls_default();
2061 /* load_nls_default can not return null */
2063 cifs_sb
->local_nls
= load_nls(volume_info
.iocharset
);
2064 if (cifs_sb
->local_nls
== NULL
) {
2065 cERROR(1, ("CIFS mount error: iocharset %s not found",
2066 volume_info
.iocharset
));
2072 if (addr
.sa_family
== AF_INET
)
2073 existingCifsSes
= cifs_find_tcp_session(&sin_server
->sin_addr
,
2074 NULL
/* no ipv6 addr */,
2075 volume_info
.username
, &srvTcp
);
2076 else if (addr
.sa_family
== AF_INET6
) {
2077 cFYI(1, ("looking for ipv6 address"));
2078 existingCifsSes
= cifs_find_tcp_session(NULL
/* no ipv4 addr */,
2079 &sin_server6
->sin6_addr
,
2080 volume_info
.username
, &srvTcp
);
2087 if (addr
.sa_family
== AF_INET6
) {
2088 cFYI(1, ("attempting ipv6 connect"));
2089 /* BB should we allow ipv6 on port 139? */
2090 /* other OS never observed in Wild doing 139 with v6 */
2091 sin_server6
->sin6_port
= htons(volume_info
.port
);
2092 rc
= ipv6_connect(sin_server6
, &csocket
,
2093 volume_info
.noblocksnd
);
2095 sin_server
->sin_port
= htons(volume_info
.port
);
2096 rc
= ipv4_connect(sin_server
, &csocket
,
2097 volume_info
.source_rfc1001_name
,
2098 volume_info
.target_rfc1001_name
,
2099 volume_info
.noblocksnd
,
2100 volume_info
.noautotune
);
2103 cERROR(1, ("Error connecting to socket. "
2104 "Aborting operation"));
2105 if (csocket
!= NULL
)
2106 sock_release(csocket
);
2110 srvTcp
= kzalloc(sizeof(struct TCP_Server_Info
), GFP_KERNEL
);
2113 sock_release(csocket
);
2116 srvTcp
->noblocksnd
= volume_info
.noblocksnd
;
2117 srvTcp
->noautotune
= volume_info
.noautotune
;
2118 if (addr
.sa_family
== AF_INET6
)
2119 memcpy(&srvTcp
->addr
.sockAddr6
, sin_server6
,
2120 sizeof(struct sockaddr_in6
));
2122 memcpy(&srvTcp
->addr
.sockAddr
, sin_server
,
2123 sizeof(struct sockaddr_in
));
2124 atomic_set(&srvTcp
->inFlight
, 0);
2125 /* BB Add code for ipv6 case too */
2126 srvTcp
->ssocket
= csocket
;
2127 srvTcp
->hostname
= extract_hostname(volume_info
.UNC
);
2128 if (IS_ERR(srvTcp
->hostname
)) {
2129 rc
= PTR_ERR(srvTcp
->hostname
);
2130 sock_release(csocket
);
2133 init_waitqueue_head(&srvTcp
->response_q
);
2134 init_waitqueue_head(&srvTcp
->request_q
);
2135 INIT_LIST_HEAD(&srvTcp
->pending_mid_q
);
2136 /* at this point we are the only ones with the pointer
2137 to the struct since the kernel thread not created yet
2138 so no need to spinlock this init of tcpStatus */
2139 srvTcp
->tcpStatus
= CifsNew
;
2140 init_MUTEX(&srvTcp
->tcpSem
);
2141 srvTcp
->tsk
= kthread_run((void *)(void *)cifs_demultiplex_thread
, srvTcp
, "cifsd");
2142 if (IS_ERR(srvTcp
->tsk
)) {
2143 rc
= PTR_ERR(srvTcp
->tsk
);
2144 cERROR(1, ("error %d create cifsd thread", rc
));
2146 sock_release(csocket
);
2147 kfree(srvTcp
->hostname
);
2151 memcpy(srvTcp
->workstation_RFC1001_name
,
2152 volume_info
.source_rfc1001_name
, 16);
2153 memcpy(srvTcp
->server_RFC1001_name
,
2154 volume_info
.target_rfc1001_name
, 16);
2155 srvTcp
->sequence_number
= 0;
2159 if (existingCifsSes
) {
2160 pSesInfo
= existingCifsSes
;
2161 cFYI(1, ("Existing smb sess found (status=%d)",
2163 down(&pSesInfo
->sesSem
);
2164 if (pSesInfo
->need_reconnect
) {
2165 cFYI(1, ("Session needs reconnect"));
2166 rc
= cifs_setup_session(xid
, pSesInfo
,
2167 cifs_sb
->local_nls
);
2169 up(&pSesInfo
->sesSem
);
2171 cFYI(1, ("Existing smb sess not found"));
2172 pSesInfo
= sesInfoAlloc();
2173 if (pSesInfo
== NULL
)
2176 pSesInfo
->server
= srvTcp
;
2177 sprintf(pSesInfo
->serverName
, "%u.%u.%u.%u",
2178 NIPQUAD(sin_server
->sin_addr
.s_addr
));
2182 /* volume_info.password freed at unmount */
2183 if (volume_info
.password
) {
2184 pSesInfo
->password
= volume_info
.password
;
2185 /* set to NULL to prevent freeing on exit */
2186 volume_info
.password
= NULL
;
2188 if (volume_info
.username
)
2189 strncpy(pSesInfo
->userName
,
2190 volume_info
.username
,
2192 if (volume_info
.domainname
) {
2193 int len
= strlen(volume_info
.domainname
);
2194 pSesInfo
->domainName
=
2195 kmalloc(len
+ 1, GFP_KERNEL
);
2196 if (pSesInfo
->domainName
)
2197 strcpy(pSesInfo
->domainName
,
2198 volume_info
.domainname
);
2200 pSesInfo
->linux_uid
= volume_info
.linux_uid
;
2201 pSesInfo
->overrideSecFlg
= volume_info
.secFlg
;
2202 down(&pSesInfo
->sesSem
);
2203 /* BB FIXME need to pass vol->secFlgs BB */
2204 rc
= cifs_setup_session(xid
, pSesInfo
,
2205 cifs_sb
->local_nls
);
2206 up(&pSesInfo
->sesSem
);
2208 atomic_inc(&srvTcp
->socketUseCount
);
2212 /* search for existing tcon to this server share */
2214 setup_cifs_sb(&volume_info
, cifs_sb
);
2217 find_unc(sin_server
->sin_addr
.s_addr
, volume_info
.UNC
,
2218 volume_info
.username
);
2220 cFYI(1, ("Found match on UNC path"));
2221 if (tcon
->seal
!= volume_info
.seal
)
2222 cERROR(1, ("transport encryption setting "
2223 "conflicts with existing tid"));
2225 tcon
= tconInfoAlloc();
2228 goto mount_fail_check
;
2231 /* check for null share name ie connect to dfs root */
2233 /* BB check if works for exactly length 3 strings */
2234 if ((strchr(volume_info
.UNC
+ 3, '\\') == NULL
)
2235 && (strchr(volume_info
.UNC
+ 3, '/') == NULL
)) {
2236 /* rc = connect_to_dfs_path(...) */
2237 cFYI(1, ("DFS root not supported"));
2239 goto mount_fail_check
;
2241 /* BB Do we need to wrap sesSem around
2242 * this TCon call and Unix SetFS as
2243 * we do on SessSetup and reconnect? */
2244 rc
= CIFSTCon(xid
, pSesInfo
, volume_info
.UNC
,
2245 tcon
, cifs_sb
->local_nls
);
2246 cFYI(1, ("CIFS Tcon rc = %d", rc
));
2247 if (volume_info
.nodfs
) {
2248 tcon
->Flags
&= ~SMB_SHARE_IS_IN_DFS
;
2249 cFYI(1, ("DFS disabled (%d)",
2254 atomic_inc(&pSesInfo
->inUse
);
2255 tcon
->seal
= volume_info
.seal
;
2257 goto mount_fail_check
;
2260 /* we can have only one retry value for a connection
2261 to a share so for resources mounted more than once
2262 to the same server share the last value passed in
2263 for the retry flag is used */
2264 tcon
->retry
= volume_info
.retry
;
2265 tcon
->nocase
= volume_info
.nocase
;
2266 tcon
->local_lease
= volume_info
.local_lease
;
2269 if (pSesInfo
->capabilities
& CAP_LARGE_FILES
) {
2270 sb
->s_maxbytes
= (u64
) 1 << 63;
2272 sb
->s_maxbytes
= (u64
) 1 << 31; /* 2 GB */
2275 /* BB FIXME fix time_gran to be larger for LANMAN sessions */
2276 sb
->s_time_gran
= 100;
2278 /* on error free sesinfo and tcon struct if needed */
2281 /* if session setup failed, use count is zero but
2282 we still need to free cifsd thread */
2283 if (atomic_read(&srvTcp
->socketUseCount
) == 0) {
2284 spin_lock(&GlobalMid_Lock
);
2285 srvTcp
->tcpStatus
= CifsExiting
;
2286 spin_unlock(&GlobalMid_Lock
);
2289 /* If find_unc succeeded then rc == 0 so we can not end */
2290 if (tcon
) /* up accidently freeing someone elses tcon struct */
2292 if (existingCifsSes
== NULL
) {
2294 if ((pSesInfo
->server
) &&
2295 (pSesInfo
->status
== CifsGood
)) {
2297 temp_rc
= CIFSSMBLogoff(xid
, pSesInfo
);
2298 /* if the socketUseCount is now zero */
2299 if ((temp_rc
== -ESHUTDOWN
) &&
2301 kill_cifsd(pSesInfo
->server
);
2303 cFYI(1, ("No session or bad tcon"));
2304 if (pSesInfo
->server
) {
2305 spin_lock(&GlobalMid_Lock
);
2306 srvTcp
->tcpStatus
= CifsExiting
;
2307 spin_unlock(&GlobalMid_Lock
);
2308 kill_cifsd(pSesInfo
->server
);
2311 sesInfoFree(pSesInfo
);
2312 /* pSesInfo = NULL; */
2316 atomic_inc(&tcon
->useCount
);
2317 cifs_sb
->tcon
= tcon
;
2318 tcon
->ses
= pSesInfo
;
2320 /* do not care if following two calls succeed - informational */
2322 CIFSSMBQFSDeviceInfo(xid
, tcon
);
2323 CIFSSMBQFSAttributeInfo(xid
, tcon
);
2326 /* tell server which Unix caps we support */
2327 if (tcon
->ses
->capabilities
& CAP_UNIX
)
2328 /* reset of caps checks mount to see if unix extensions
2329 disabled for just this mount */
2330 reset_cifs_unix_caps(xid
, tcon
, sb
, &volume_info
);
2332 tcon
->unix_ext
= 0; /* server does not support them */
2334 /* convert forward to back slashes in prepath here if needed */
2335 if ((cifs_sb
->mnt_cifs_flags
& CIFS_MOUNT_POSIX_PATHS
) == 0)
2336 convert_delimiter(cifs_sb
->prepath
,
2337 CIFS_DIR_SEP(cifs_sb
));
2339 if ((tcon
->unix_ext
== 0) && (cifs_sb
->rsize
> (1024 * 127))) {
2340 cifs_sb
->rsize
= 1024 * 127;
2342 ("no very large read support, rsize now 127K"));
2344 if (!(tcon
->ses
->capabilities
& CAP_LARGE_WRITE_X
))
2345 cifs_sb
->wsize
= min(cifs_sb
->wsize
,
2346 (tcon
->ses
->server
->maxBuf
-
2347 MAX_CIFS_HDR_SIZE
));
2348 if (!(tcon
->ses
->capabilities
& CAP_LARGE_READ_X
))
2349 cifs_sb
->rsize
= min(cifs_sb
->rsize
,
2350 (tcon
->ses
->server
->maxBuf
-
2351 MAX_CIFS_HDR_SIZE
));
2354 /* volume_info.password is freed above when existing session found
2355 (in which case it is not needed anymore) but when new sesion is created
2356 the password ptr is put in the new session structure (in which case the
2357 password will be freed at unmount time) */
2359 /* zero out password before freeing */
2360 if (volume_info
.password
!= NULL
) {
2361 memset(volume_info
.password
, 0, strlen(volume_info
.password
));
2362 kfree(volume_info
.password
);
2364 kfree(volume_info
.UNC
);
2365 kfree(volume_info
.prepath
);
2371 CIFSSessSetup(unsigned int xid
, struct cifsSesInfo
*ses
,
2372 char session_key
[CIFS_SESS_KEY_SIZE
],
2373 const struct nls_table
*nls_codepage
)
2375 struct smb_hdr
*smb_buffer
;
2376 struct smb_hdr
*smb_buffer_response
;
2377 SESSION_SETUP_ANDX
*pSMB
;
2378 SESSION_SETUP_ANDX
*pSMBr
;
2383 int remaining_words
= 0;
2384 int bytes_returned
= 0;
2389 cFYI(1, ("In sesssetup"));
2392 user
= ses
->userName
;
2393 domain
= ses
->domainName
;
2394 smb_buffer
= cifs_buf_get();
2396 if (smb_buffer
== NULL
)
2399 smb_buffer_response
= smb_buffer
;
2400 pSMBr
= pSMB
= (SESSION_SETUP_ANDX
*) smb_buffer
;
2402 /* send SMBsessionSetup here */
2403 header_assemble(smb_buffer
, SMB_COM_SESSION_SETUP_ANDX
,
2404 NULL
/* no tCon exists yet */ , 13 /* wct */ );
2406 smb_buffer
->Mid
= GetNextMid(ses
->server
);
2407 pSMB
->req_no_secext
.AndXCommand
= 0xFF;
2408 pSMB
->req_no_secext
.MaxBufferSize
= cpu_to_le16(ses
->server
->maxBuf
);
2409 pSMB
->req_no_secext
.MaxMpxCount
= cpu_to_le16(ses
->server
->maxReq
);
2411 if (ses
->server
->secMode
&
2412 (SECMODE_SIGN_REQUIRED
| SECMODE_SIGN_ENABLED
))
2413 smb_buffer
->Flags2
|= SMBFLG2_SECURITY_SIGNATURE
;
2415 capabilities
= CAP_LARGE_FILES
| CAP_NT_SMBS
| CAP_LEVEL_II_OPLOCKS
|
2416 CAP_LARGE_WRITE_X
| CAP_LARGE_READ_X
;
2417 if (ses
->capabilities
& CAP_UNICODE
) {
2418 smb_buffer
->Flags2
|= SMBFLG2_UNICODE
;
2419 capabilities
|= CAP_UNICODE
;
2421 if (ses
->capabilities
& CAP_STATUS32
) {
2422 smb_buffer
->Flags2
|= SMBFLG2_ERR_STATUS
;
2423 capabilities
|= CAP_STATUS32
;
2425 if (ses
->capabilities
& CAP_DFS
) {
2426 smb_buffer
->Flags2
|= SMBFLG2_DFS
;
2427 capabilities
|= CAP_DFS
;
2429 pSMB
->req_no_secext
.Capabilities
= cpu_to_le32(capabilities
);
2431 pSMB
->req_no_secext
.CaseInsensitivePasswordLength
=
2432 cpu_to_le16(CIFS_SESS_KEY_SIZE
);
2434 pSMB
->req_no_secext
.CaseSensitivePasswordLength
=
2435 cpu_to_le16(CIFS_SESS_KEY_SIZE
);
2436 bcc_ptr
= pByteArea(smb_buffer
);
2437 memcpy(bcc_ptr
, (char *) session_key
, CIFS_SESS_KEY_SIZE
);
2438 bcc_ptr
+= CIFS_SESS_KEY_SIZE
;
2439 memcpy(bcc_ptr
, (char *) session_key
, CIFS_SESS_KEY_SIZE
);
2440 bcc_ptr
+= CIFS_SESS_KEY_SIZE
;
2442 if (ses
->capabilities
& CAP_UNICODE
) {
2443 if ((long) bcc_ptr
% 2) { /* must be word aligned for Unicode */
2448 bytes_returned
= 0; /* skip null user */
2451 cifs_strtoUCS((__le16
*) bcc_ptr
, user
, 100,
2453 /* convert number of 16 bit words to bytes */
2454 bcc_ptr
+= 2 * bytes_returned
;
2455 bcc_ptr
+= 2; /* trailing null */
2458 cifs_strtoUCS((__le16
*) bcc_ptr
,
2459 "CIFS_LINUX_DOM", 32, nls_codepage
);
2462 cifs_strtoUCS((__le16
*) bcc_ptr
, domain
, 64,
2464 bcc_ptr
+= 2 * bytes_returned
;
2467 cifs_strtoUCS((__le16
*) bcc_ptr
, "Linux version ",
2469 bcc_ptr
+= 2 * bytes_returned
;
2471 cifs_strtoUCS((__le16
*) bcc_ptr
, utsname()->release
,
2473 bcc_ptr
+= 2 * bytes_returned
;
2476 cifs_strtoUCS((__le16
*) bcc_ptr
, CIFS_NETWORK_OPSYS
,
2478 bcc_ptr
+= 2 * bytes_returned
;
2482 strncpy(bcc_ptr
, user
, 200);
2483 bcc_ptr
+= strnlen(user
, 200);
2487 if (domain
== NULL
) {
2488 strcpy(bcc_ptr
, "CIFS_LINUX_DOM");
2489 bcc_ptr
+= strlen("CIFS_LINUX_DOM") + 1;
2491 strncpy(bcc_ptr
, domain
, 64);
2492 bcc_ptr
+= strnlen(domain
, 64);
2496 strcpy(bcc_ptr
, "Linux version ");
2497 bcc_ptr
+= strlen("Linux version ");
2498 strcpy(bcc_ptr
, utsname()->release
);
2499 bcc_ptr
+= strlen(utsname()->release
) + 1;
2500 strcpy(bcc_ptr
, CIFS_NETWORK_OPSYS
);
2501 bcc_ptr
+= strlen(CIFS_NETWORK_OPSYS
) + 1;
2503 count
= (long) bcc_ptr
- (long) pByteArea(smb_buffer
);
2504 smb_buffer
->smb_buf_length
+= count
;
2505 pSMB
->req_no_secext
.ByteCount
= cpu_to_le16(count
);
2507 rc
= SendReceive(xid
, ses
, smb_buffer
, smb_buffer_response
,
2508 &bytes_returned
, CIFS_LONG_OP
);
2510 /* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2511 } else if ((smb_buffer_response
->WordCount
== 3)
2512 || (smb_buffer_response
->WordCount
== 4)) {
2513 __u16 action
= le16_to_cpu(pSMBr
->resp
.Action
);
2514 __u16 blob_len
= le16_to_cpu(pSMBr
->resp
.SecurityBlobLength
);
2515 if (action
& GUEST_LOGIN
)
2516 cFYI(1, (" Guest login")); /* BB mark SesInfo struct? */
2517 ses
->Suid
= smb_buffer_response
->Uid
; /* UID left in wire format
2519 cFYI(1, ("UID = %d ", ses
->Suid
));
2520 /* response can have either 3 or 4 word count - Samba sends 3 */
2521 bcc_ptr
= pByteArea(smb_buffer_response
);
2522 if ((pSMBr
->resp
.hdr
.WordCount
== 3)
2523 || ((pSMBr
->resp
.hdr
.WordCount
== 4)
2524 && (blob_len
< pSMBr
->resp
.ByteCount
))) {
2525 if (pSMBr
->resp
.hdr
.WordCount
== 4)
2526 bcc_ptr
+= blob_len
;
2528 if (smb_buffer
->Flags2
& SMBFLG2_UNICODE
) {
2529 if ((long) (bcc_ptr
) % 2) {
2531 (BCC(smb_buffer_response
) - 1) / 2;
2532 /* Unicode strings must be word
2537 BCC(smb_buffer_response
) / 2;
2540 UniStrnlen((wchar_t *) bcc_ptr
,
2541 remaining_words
- 1);
2542 /* We look for obvious messed up bcc or strings in response so we do not go off
2543 the end since (at least) WIN2K and Windows XP have a major bug in not null
2544 terminating last Unicode string in response */
2546 kfree(ses
->serverOS
);
2547 ses
->serverOS
= kzalloc(2 * (len
+ 1),
2549 if (ses
->serverOS
== NULL
)
2550 goto sesssetup_nomem
;
2551 cifs_strfromUCS_le(ses
->serverOS
,
2554 bcc_ptr
+= 2 * (len
+ 1);
2555 remaining_words
-= len
+ 1;
2556 ses
->serverOS
[2 * len
] = 0;
2557 ses
->serverOS
[1 + (2 * len
)] = 0;
2558 if (remaining_words
> 0) {
2559 len
= UniStrnlen((wchar_t *)bcc_ptr
,
2561 kfree(ses
->serverNOS
);
2562 ses
->serverNOS
= kzalloc(2 * (len
+ 1),
2564 if (ses
->serverNOS
== NULL
)
2565 goto sesssetup_nomem
;
2566 cifs_strfromUCS_le(ses
->serverNOS
,
2569 bcc_ptr
+= 2 * (len
+ 1);
2570 ses
->serverNOS
[2 * len
] = 0;
2571 ses
->serverNOS
[1 + (2 * len
)] = 0;
2572 if (strncmp(ses
->serverNOS
,
2573 "NT LAN Manager 4", 16) == 0) {
2574 cFYI(1, ("NT4 server"));
2575 ses
->flags
|= CIFS_SES_NT4
;
2577 remaining_words
-= len
+ 1;
2578 if (remaining_words
> 0) {
2579 len
= UniStrnlen((wchar_t *) bcc_ptr
, remaining_words
);
2580 /* last string is not always null terminated
2581 (for e.g. for Windows XP & 2000) */
2582 if (ses
->serverDomain
)
2583 kfree(ses
->serverDomain
);
2587 if (ses
->serverDomain
== NULL
)
2588 goto sesssetup_nomem
;
2589 cifs_strfromUCS_le(ses
->serverDomain
,
2592 bcc_ptr
+= 2 * (len
+ 1);
2593 ses
->serverDomain
[2*len
] = 0;
2594 ses
->serverDomain
[1+(2*len
)] = 0;
2595 } else { /* else no more room so create
2596 dummy domain string */
2597 if (ses
->serverDomain
)
2598 kfree(ses
->serverDomain
);
2600 kzalloc(2, GFP_KERNEL
);
2602 } else { /* no room so create dummy domain
2605 /* if these kcallocs fail not much we
2606 can do, but better to not fail the
2608 kfree(ses
->serverDomain
);
2610 kzalloc(2, GFP_KERNEL
);
2611 kfree(ses
->serverNOS
);
2613 kzalloc(2, GFP_KERNEL
);
2615 } else { /* ASCII */
2616 len
= strnlen(bcc_ptr
, 1024);
2617 if (((long) bcc_ptr
+ len
) - (long)
2618 pByteArea(smb_buffer_response
)
2619 <= BCC(smb_buffer_response
)) {
2620 kfree(ses
->serverOS
);
2621 ses
->serverOS
= kzalloc(len
+ 1,
2623 if (ses
->serverOS
== NULL
)
2624 goto sesssetup_nomem
;
2625 strncpy(ses
->serverOS
, bcc_ptr
, len
);
2628 /* null terminate the string */
2632 len
= strnlen(bcc_ptr
, 1024);
2633 kfree(ses
->serverNOS
);
2634 ses
->serverNOS
= kzalloc(len
+ 1,
2636 if (ses
->serverNOS
== NULL
)
2637 goto sesssetup_nomem
;
2638 strncpy(ses
->serverNOS
, bcc_ptr
, len
);
2643 len
= strnlen(bcc_ptr
, 1024);
2644 if (ses
->serverDomain
)
2645 kfree(ses
->serverDomain
);
2646 ses
->serverDomain
= kzalloc(len
+ 1,
2648 if (ses
->serverDomain
== NULL
)
2649 goto sesssetup_nomem
;
2650 strncpy(ses
->serverDomain
, bcc_ptr
,
2657 ("Variable field of length %d "
2658 "extends beyond end of smb ",
2663 (" Security Blob Length extends beyond "
2668 (" Invalid Word count %d: ",
2669 smb_buffer_response
->WordCount
));
2672 sesssetup_nomem
: /* do not return an error on nomem for the info strings,
2673 since that could make reconnection harder, and
2674 reconnection might be needed to free memory */
2675 cifs_buf_release(smb_buffer
);
2681 CIFSNTLMSSPNegotiateSessSetup(unsigned int xid
,
2682 struct cifsSesInfo
*ses
, bool *pNTLMv2_flag
,
2683 const struct nls_table
*nls_codepage
)
2685 struct smb_hdr
*smb_buffer
;
2686 struct smb_hdr
*smb_buffer_response
;
2687 SESSION_SETUP_ANDX
*pSMB
;
2688 SESSION_SETUP_ANDX
*pSMBr
;
2692 int remaining_words
= 0;
2693 int bytes_returned
= 0;
2695 int SecurityBlobLength
= sizeof(NEGOTIATE_MESSAGE
);
2696 PNEGOTIATE_MESSAGE SecurityBlob
;
2697 PCHALLENGE_MESSAGE SecurityBlob2
;
2698 __u32 negotiate_flags
, capabilities
;
2701 cFYI(1, ("In NTLMSSP sesssetup (negotiate)"));
2704 domain
= ses
->domainName
;
2705 *pNTLMv2_flag
= false;
2706 smb_buffer
= cifs_buf_get();
2707 if (smb_buffer
== NULL
) {
2710 smb_buffer_response
= smb_buffer
;
2711 pSMB
= (SESSION_SETUP_ANDX
*) smb_buffer
;
2712 pSMBr
= (SESSION_SETUP_ANDX
*) smb_buffer_response
;
2714 /* send SMBsessionSetup here */
2715 header_assemble(smb_buffer
, SMB_COM_SESSION_SETUP_ANDX
,
2716 NULL
/* no tCon exists yet */ , 12 /* wct */ );
2718 smb_buffer
->Mid
= GetNextMid(ses
->server
);
2719 pSMB
->req
.hdr
.Flags2
|= SMBFLG2_EXT_SEC
;
2720 pSMB
->req
.hdr
.Flags
|= (SMBFLG_CASELESS
| SMBFLG_CANONICAL_PATH_FORMAT
);
2722 pSMB
->req
.AndXCommand
= 0xFF;
2723 pSMB
->req
.MaxBufferSize
= cpu_to_le16(ses
->server
->maxBuf
);
2724 pSMB
->req
.MaxMpxCount
= cpu_to_le16(ses
->server
->maxReq
);
2726 if (ses
->server
->secMode
& (SECMODE_SIGN_REQUIRED
| SECMODE_SIGN_ENABLED
))
2727 smb_buffer
->Flags2
|= SMBFLG2_SECURITY_SIGNATURE
;
2729 capabilities
= CAP_LARGE_FILES
| CAP_NT_SMBS
| CAP_LEVEL_II_OPLOCKS
|
2730 CAP_EXTENDED_SECURITY
;
2731 if (ses
->capabilities
& CAP_UNICODE
) {
2732 smb_buffer
->Flags2
|= SMBFLG2_UNICODE
;
2733 capabilities
|= CAP_UNICODE
;
2735 if (ses
->capabilities
& CAP_STATUS32
) {
2736 smb_buffer
->Flags2
|= SMBFLG2_ERR_STATUS
;
2737 capabilities
|= CAP_STATUS32
;
2739 if (ses
->capabilities
& CAP_DFS
) {
2740 smb_buffer
->Flags2
|= SMBFLG2_DFS
;
2741 capabilities
|= CAP_DFS
;
2743 pSMB
->req
.Capabilities
= cpu_to_le32(capabilities
);
2745 bcc_ptr
= (char *) &pSMB
->req
.SecurityBlob
;
2746 SecurityBlob
= (PNEGOTIATE_MESSAGE
) bcc_ptr
;
2747 strncpy(SecurityBlob
->Signature
, NTLMSSP_SIGNATURE
, 8);
2748 SecurityBlob
->MessageType
= NtLmNegotiate
;
2750 NTLMSSP_NEGOTIATE_UNICODE
| NTLMSSP_NEGOTIATE_OEM
|
2751 NTLMSSP_REQUEST_TARGET
| NTLMSSP_NEGOTIATE_NTLM
|
2752 NTLMSSP_NEGOTIATE_56
|
2753 /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128
;
2755 negotiate_flags
|= NTLMSSP_NEGOTIATE_SIGN
;
2756 /* if (ntlmv2_support)
2757 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;*/
2758 /* setup pointers to domain name and workstation name */
2759 bcc_ptr
+= SecurityBlobLength
;
2761 SecurityBlob
->WorkstationName
.Buffer
= 0;
2762 SecurityBlob
->WorkstationName
.Length
= 0;
2763 SecurityBlob
->WorkstationName
.MaximumLength
= 0;
2765 /* Domain not sent on first Sesssetup in NTLMSSP, instead it is sent
2766 along with username on auth request (ie the response to challenge) */
2767 SecurityBlob
->DomainName
.Buffer
= 0;
2768 SecurityBlob
->DomainName
.Length
= 0;
2769 SecurityBlob
->DomainName
.MaximumLength
= 0;
2770 if (ses
->capabilities
& CAP_UNICODE
) {
2771 if ((long) bcc_ptr
% 2) {
2777 cifs_strtoUCS((__le16
*) bcc_ptr
, "Linux version ",
2779 bcc_ptr
+= 2 * bytes_returned
;
2781 cifs_strtoUCS((__le16
*) bcc_ptr
, utsname()->release
, 32,
2783 bcc_ptr
+= 2 * bytes_returned
;
2784 bcc_ptr
+= 2; /* null terminate Linux version */
2786 cifs_strtoUCS((__le16
*) bcc_ptr
, CIFS_NETWORK_OPSYS
,
2788 bcc_ptr
+= 2 * bytes_returned
;
2791 bcc_ptr
+= 2; /* null terminate network opsys string */
2794 bcc_ptr
+= 2; /* null domain */
2795 } else { /* ASCII */
2796 strcpy(bcc_ptr
, "Linux version ");
2797 bcc_ptr
+= strlen("Linux version ");
2798 strcpy(bcc_ptr
, utsname()->release
);
2799 bcc_ptr
+= strlen(utsname()->release
) + 1;
2800 strcpy(bcc_ptr
, CIFS_NETWORK_OPSYS
);
2801 bcc_ptr
+= strlen(CIFS_NETWORK_OPSYS
) + 1;
2802 bcc_ptr
++; /* empty domain field */
2805 SecurityBlob
->NegotiateFlags
= cpu_to_le32(negotiate_flags
);
2806 pSMB
->req
.SecurityBlobLength
= cpu_to_le16(SecurityBlobLength
);
2807 count
= (long) bcc_ptr
- (long) pByteArea(smb_buffer
);
2808 smb_buffer
->smb_buf_length
+= count
;
2809 pSMB
->req
.ByteCount
= cpu_to_le16(count
);
2811 rc
= SendReceive(xid
, ses
, smb_buffer
, smb_buffer_response
,
2812 &bytes_returned
, CIFS_LONG_OP
);
2814 if (smb_buffer_response
->Status
.CifsError
==
2815 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED
))
2819 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2820 } else if ((smb_buffer_response
->WordCount
== 3)
2821 || (smb_buffer_response
->WordCount
== 4)) {
2822 __u16 action
= le16_to_cpu(pSMBr
->resp
.Action
);
2823 __u16 blob_len
= le16_to_cpu(pSMBr
->resp
.SecurityBlobLength
);
2825 if (action
& GUEST_LOGIN
)
2826 cFYI(1, (" Guest login"));
2827 /* Do we want to set anything in SesInfo struct when guest login? */
2829 bcc_ptr
= pByteArea(smb_buffer_response
);
2830 /* response can have either 3 or 4 word count - Samba sends 3 */
2832 SecurityBlob2
= (PCHALLENGE_MESSAGE
) bcc_ptr
;
2833 if (SecurityBlob2
->MessageType
!= NtLmChallenge
) {
2835 ("Unexpected NTLMSSP message type received %d",
2836 SecurityBlob2
->MessageType
));
2838 ses
->Suid
= smb_buffer_response
->Uid
; /* UID left in le format */
2839 cFYI(1, ("UID = %d", ses
->Suid
));
2840 if ((pSMBr
->resp
.hdr
.WordCount
== 3)
2841 || ((pSMBr
->resp
.hdr
.WordCount
== 4)
2843 pSMBr
->resp
.ByteCount
))) {
2845 if (pSMBr
->resp
.hdr
.WordCount
== 4) {
2846 bcc_ptr
+= blob_len
;
2847 cFYI(1, ("Security Blob Length %d",
2851 cFYI(1, ("NTLMSSP Challenge rcvd"));
2853 memcpy(ses
->server
->cryptKey
,
2854 SecurityBlob2
->Challenge
,
2855 CIFS_CRYPTO_KEY_SIZE
);
2856 if (SecurityBlob2
->NegotiateFlags
&
2857 cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2
))
2858 *pNTLMv2_flag
= true;
2860 if ((SecurityBlob2
->NegotiateFlags
&
2861 cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN
))
2862 || (sign_CIFS_PDUs
> 1))
2863 ses
->server
->secMode
|=
2864 SECMODE_SIGN_REQUIRED
;
2865 if ((SecurityBlob2
->NegotiateFlags
&
2866 cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN
)) && (sign_CIFS_PDUs
))
2867 ses
->server
->secMode
|=
2868 SECMODE_SIGN_ENABLED
;
2870 if (smb_buffer
->Flags2
& SMBFLG2_UNICODE
) {
2871 if ((long) (bcc_ptr
) % 2) {
2873 (BCC(smb_buffer_response
)
2875 /* Must word align unicode strings */
2880 (smb_buffer_response
) / 2;
2883 UniStrnlen((wchar_t *) bcc_ptr
,
2884 remaining_words
- 1);
2885 /* We look for obvious messed up bcc or strings in response so we do not go off
2886 the end since (at least) WIN2K and Windows XP have a major bug in not null
2887 terminating last Unicode string in response */
2889 kfree(ses
->serverOS
);
2891 kzalloc(2 * (len
+ 1), GFP_KERNEL
);
2892 cifs_strfromUCS_le(ses
->serverOS
,
2896 bcc_ptr
+= 2 * (len
+ 1);
2897 remaining_words
-= len
+ 1;
2898 ses
->serverOS
[2 * len
] = 0;
2899 ses
->serverOS
[1 + (2 * len
)] = 0;
2900 if (remaining_words
> 0) {
2901 len
= UniStrnlen((wchar_t *)
2905 kfree(ses
->serverNOS
);
2907 kzalloc(2 * (len
+ 1),
2909 cifs_strfromUCS_le(ses
->
2915 bcc_ptr
+= 2 * (len
+ 1);
2916 ses
->serverNOS
[2 * len
] = 0;
2919 remaining_words
-= len
+ 1;
2920 if (remaining_words
> 0) {
2921 len
= UniStrnlen((wchar_t *) bcc_ptr
, remaining_words
);
2922 /* last string not always null terminated
2923 (for e.g. for Windows XP & 2000) */
2924 kfree(ses
->serverDomain
);
2936 ses
->serverDomain
[2*len
]
2941 } /* else no more room so create dummy domain string */
2943 kfree(ses
->serverDomain
);
2948 } else { /* no room so create dummy domain and NOS string */
2949 kfree(ses
->serverDomain
);
2951 kzalloc(2, GFP_KERNEL
);
2952 kfree(ses
->serverNOS
);
2954 kzalloc(2, GFP_KERNEL
);
2956 } else { /* ASCII */
2957 len
= strnlen(bcc_ptr
, 1024);
2958 if (((long) bcc_ptr
+ len
) - (long)
2959 pByteArea(smb_buffer_response
)
2960 <= BCC(smb_buffer_response
)) {
2962 kfree(ses
->serverOS
);
2966 strncpy(ses
->serverOS
,
2970 bcc_ptr
[0] = 0; /* null terminate string */
2973 len
= strnlen(bcc_ptr
, 1024);
2974 kfree(ses
->serverNOS
);
2978 strncpy(ses
->serverNOS
, bcc_ptr
, len
);
2983 len
= strnlen(bcc_ptr
, 1024);
2984 kfree(ses
->serverDomain
);
2988 strncpy(ses
->serverDomain
,
2995 ("field of length %d "
2996 "extends beyond end of smb",
3000 cERROR(1, ("Security Blob Length extends beyond"
3004 cERROR(1, ("No session structure passed in."));
3008 (" Invalid Word count %d:",
3009 smb_buffer_response
->WordCount
));
3013 cifs_buf_release(smb_buffer
);
3018 CIFSNTLMSSPAuthSessSetup(unsigned int xid
, struct cifsSesInfo
*ses
,
3019 char *ntlm_session_key
, bool ntlmv2_flag
,
3020 const struct nls_table
*nls_codepage
)
3022 struct smb_hdr
*smb_buffer
;
3023 struct smb_hdr
*smb_buffer_response
;
3024 SESSION_SETUP_ANDX
*pSMB
;
3025 SESSION_SETUP_ANDX
*pSMBr
;
3030 int remaining_words
= 0;
3031 int bytes_returned
= 0;
3033 int SecurityBlobLength
= sizeof(AUTHENTICATE_MESSAGE
);
3034 PAUTHENTICATE_MESSAGE SecurityBlob
;
3035 __u32 negotiate_flags
, capabilities
;
3038 cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
3041 user
= ses
->userName
;
3042 domain
= ses
->domainName
;
3043 smb_buffer
= cifs_buf_get();
3044 if (smb_buffer
== NULL
) {
3047 smb_buffer_response
= smb_buffer
;
3048 pSMB
= (SESSION_SETUP_ANDX
*)smb_buffer
;
3049 pSMBr
= (SESSION_SETUP_ANDX
*)smb_buffer_response
;
3051 /* send SMBsessionSetup here */
3052 header_assemble(smb_buffer
, SMB_COM_SESSION_SETUP_ANDX
,
3053 NULL
/* no tCon exists yet */ , 12 /* wct */ );
3055 smb_buffer
->Mid
= GetNextMid(ses
->server
);
3056 pSMB
->req
.hdr
.Flags
|= (SMBFLG_CASELESS
| SMBFLG_CANONICAL_PATH_FORMAT
);
3057 pSMB
->req
.hdr
.Flags2
|= SMBFLG2_EXT_SEC
;
3058 pSMB
->req
.AndXCommand
= 0xFF;
3059 pSMB
->req
.MaxBufferSize
= cpu_to_le16(ses
->server
->maxBuf
);
3060 pSMB
->req
.MaxMpxCount
= cpu_to_le16(ses
->server
->maxReq
);
3062 pSMB
->req
.hdr
.Uid
= ses
->Suid
;
3064 if (ses
->server
->secMode
& (SECMODE_SIGN_REQUIRED
| SECMODE_SIGN_ENABLED
))
3065 smb_buffer
->Flags2
|= SMBFLG2_SECURITY_SIGNATURE
;
3067 capabilities
= CAP_LARGE_FILES
| CAP_NT_SMBS
| CAP_LEVEL_II_OPLOCKS
|
3068 CAP_EXTENDED_SECURITY
;
3069 if (ses
->capabilities
& CAP_UNICODE
) {
3070 smb_buffer
->Flags2
|= SMBFLG2_UNICODE
;
3071 capabilities
|= CAP_UNICODE
;
3073 if (ses
->capabilities
& CAP_STATUS32
) {
3074 smb_buffer
->Flags2
|= SMBFLG2_ERR_STATUS
;
3075 capabilities
|= CAP_STATUS32
;
3077 if (ses
->capabilities
& CAP_DFS
) {
3078 smb_buffer
->Flags2
|= SMBFLG2_DFS
;
3079 capabilities
|= CAP_DFS
;
3081 pSMB
->req
.Capabilities
= cpu_to_le32(capabilities
);
3083 bcc_ptr
= (char *)&pSMB
->req
.SecurityBlob
;
3084 SecurityBlob
= (PAUTHENTICATE_MESSAGE
)bcc_ptr
;
3085 strncpy(SecurityBlob
->Signature
, NTLMSSP_SIGNATURE
, 8);
3086 SecurityBlob
->MessageType
= NtLmAuthenticate
;
3087 bcc_ptr
+= SecurityBlobLength
;
3088 negotiate_flags
= NTLMSSP_NEGOTIATE_UNICODE
| NTLMSSP_REQUEST_TARGET
|
3089 NTLMSSP_NEGOTIATE_NTLM
| NTLMSSP_NEGOTIATE_TARGET_INFO
|
3090 0x80000000 | NTLMSSP_NEGOTIATE_128
;
3092 negotiate_flags
|= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN
;
3094 negotiate_flags
|= NTLMSSP_NEGOTIATE_NTLMV2
;
3096 /* setup pointers to domain name and workstation name */
3098 SecurityBlob
->WorkstationName
.Buffer
= 0;
3099 SecurityBlob
->WorkstationName
.Length
= 0;
3100 SecurityBlob
->WorkstationName
.MaximumLength
= 0;
3101 SecurityBlob
->SessionKey
.Length
= 0;
3102 SecurityBlob
->SessionKey
.MaximumLength
= 0;
3103 SecurityBlob
->SessionKey
.Buffer
= 0;
3105 SecurityBlob
->LmChallengeResponse
.Length
= 0;
3106 SecurityBlob
->LmChallengeResponse
.MaximumLength
= 0;
3107 SecurityBlob
->LmChallengeResponse
.Buffer
= 0;
3109 SecurityBlob
->NtChallengeResponse
.Length
=
3110 cpu_to_le16(CIFS_SESS_KEY_SIZE
);
3111 SecurityBlob
->NtChallengeResponse
.MaximumLength
=
3112 cpu_to_le16(CIFS_SESS_KEY_SIZE
);
3113 memcpy(bcc_ptr
, ntlm_session_key
, CIFS_SESS_KEY_SIZE
);
3114 SecurityBlob
->NtChallengeResponse
.Buffer
=
3115 cpu_to_le32(SecurityBlobLength
);
3116 SecurityBlobLength
+= CIFS_SESS_KEY_SIZE
;
3117 bcc_ptr
+= CIFS_SESS_KEY_SIZE
;
3119 if (ses
->capabilities
& CAP_UNICODE
) {
3120 if (domain
== NULL
) {
3121 SecurityBlob
->DomainName
.Buffer
= 0;
3122 SecurityBlob
->DomainName
.Length
= 0;
3123 SecurityBlob
->DomainName
.MaximumLength
= 0;
3125 __u16 ln
= cifs_strtoUCS((__le16
*) bcc_ptr
, domain
, 64,
3128 SecurityBlob
->DomainName
.MaximumLength
=
3130 SecurityBlob
->DomainName
.Buffer
=
3131 cpu_to_le32(SecurityBlobLength
);
3133 SecurityBlobLength
+= ln
;
3134 SecurityBlob
->DomainName
.Length
= cpu_to_le16(ln
);
3137 SecurityBlob
->UserName
.Buffer
= 0;
3138 SecurityBlob
->UserName
.Length
= 0;
3139 SecurityBlob
->UserName
.MaximumLength
= 0;
3141 __u16 ln
= cifs_strtoUCS((__le16
*) bcc_ptr
, user
, 64,
3144 SecurityBlob
->UserName
.MaximumLength
=
3146 SecurityBlob
->UserName
.Buffer
=
3147 cpu_to_le32(SecurityBlobLength
);
3149 SecurityBlobLength
+= ln
;
3150 SecurityBlob
->UserName
.Length
= cpu_to_le16(ln
);
3153 /* SecurityBlob->WorkstationName.Length =
3154 cifs_strtoUCS((__le16 *) bcc_ptr, "AMACHINE",64, nls_codepage);
3155 SecurityBlob->WorkstationName.Length *= 2;
3156 SecurityBlob->WorkstationName.MaximumLength =
3157 cpu_to_le16(SecurityBlob->WorkstationName.Length);
3158 SecurityBlob->WorkstationName.Buffer =
3159 cpu_to_le32(SecurityBlobLength);
3160 bcc_ptr += SecurityBlob->WorkstationName.Length;
3161 SecurityBlobLength += SecurityBlob->WorkstationName.Length;
3162 SecurityBlob->WorkstationName.Length =
3163 cpu_to_le16(SecurityBlob->WorkstationName.Length); */
3165 if ((long) bcc_ptr
% 2) {
3170 cifs_strtoUCS((__le16
*) bcc_ptr
, "Linux version ",
3172 bcc_ptr
+= 2 * bytes_returned
;
3174 cifs_strtoUCS((__le16
*) bcc_ptr
, utsname()->release
, 32,
3176 bcc_ptr
+= 2 * bytes_returned
;
3177 bcc_ptr
+= 2; /* null term version string */
3179 cifs_strtoUCS((__le16
*) bcc_ptr
, CIFS_NETWORK_OPSYS
,
3181 bcc_ptr
+= 2 * bytes_returned
;
3184 bcc_ptr
+= 2; /* null terminate network opsys string */
3187 bcc_ptr
+= 2; /* null domain */
3188 } else { /* ASCII */
3189 if (domain
== NULL
) {
3190 SecurityBlob
->DomainName
.Buffer
= 0;
3191 SecurityBlob
->DomainName
.Length
= 0;
3192 SecurityBlob
->DomainName
.MaximumLength
= 0;
3195 negotiate_flags
|= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED
;
3196 strncpy(bcc_ptr
, domain
, 63);
3197 ln
= strnlen(domain
, 64);
3198 SecurityBlob
->DomainName
.MaximumLength
=
3200 SecurityBlob
->DomainName
.Buffer
=
3201 cpu_to_le32(SecurityBlobLength
);
3203 SecurityBlobLength
+= ln
;
3204 SecurityBlob
->DomainName
.Length
= cpu_to_le16(ln
);
3207 SecurityBlob
->UserName
.Buffer
= 0;
3208 SecurityBlob
->UserName
.Length
= 0;
3209 SecurityBlob
->UserName
.MaximumLength
= 0;
3212 strncpy(bcc_ptr
, user
, 63);
3213 ln
= strnlen(user
, 64);
3214 SecurityBlob
->UserName
.MaximumLength
= cpu_to_le16(ln
);
3215 SecurityBlob
->UserName
.Buffer
=
3216 cpu_to_le32(SecurityBlobLength
);
3218 SecurityBlobLength
+= ln
;
3219 SecurityBlob
->UserName
.Length
= cpu_to_le16(ln
);
3221 /* BB fill in our workstation name if known BB */
3223 strcpy(bcc_ptr
, "Linux version ");
3224 bcc_ptr
+= strlen("Linux version ");
3225 strcpy(bcc_ptr
, utsname()->release
);
3226 bcc_ptr
+= strlen(utsname()->release
) + 1;
3227 strcpy(bcc_ptr
, CIFS_NETWORK_OPSYS
);
3228 bcc_ptr
+= strlen(CIFS_NETWORK_OPSYS
) + 1;
3229 bcc_ptr
++; /* null domain */
3232 SecurityBlob
->NegotiateFlags
= cpu_to_le32(negotiate_flags
);
3233 pSMB
->req
.SecurityBlobLength
= cpu_to_le16(SecurityBlobLength
);
3234 count
= (long) bcc_ptr
- (long) pByteArea(smb_buffer
);
3235 smb_buffer
->smb_buf_length
+= count
;
3236 pSMB
->req
.ByteCount
= cpu_to_le16(count
);
3238 rc
= SendReceive(xid
, ses
, smb_buffer
, smb_buffer_response
,
3239 &bytes_returned
, CIFS_LONG_OP
);
3241 /* rc = map_smb_to_linux_error(smb_buffer_response) done in SendReceive now */
3242 } else if ((smb_buffer_response
->WordCount
== 3) ||
3243 (smb_buffer_response
->WordCount
== 4)) {
3244 __u16 action
= le16_to_cpu(pSMBr
->resp
.Action
);
3245 __u16 blob_len
= le16_to_cpu(pSMBr
->resp
.SecurityBlobLength
);
3246 if (action
& GUEST_LOGIN
)
3247 cFYI(1, (" Guest login")); /* BB Should we set anything
3248 in SesInfo struct ? */
3249 /* if (SecurityBlob2->MessageType != NtLm??) {
3250 cFYI("Unexpected message type on auth response is %d"));
3255 ("Check challenge UID %d vs auth response UID %d",
3256 ses
->Suid
, smb_buffer_response
->Uid
));
3257 /* UID left in wire format */
3258 ses
->Suid
= smb_buffer_response
->Uid
;
3259 bcc_ptr
= pByteArea(smb_buffer_response
);
3260 /* response can have either 3 or 4 word count - Samba sends 3 */
3261 if ((pSMBr
->resp
.hdr
.WordCount
== 3)
3262 || ((pSMBr
->resp
.hdr
.WordCount
== 4)
3264 pSMBr
->resp
.ByteCount
))) {
3265 if (pSMBr
->resp
.hdr
.WordCount
== 4) {
3269 ("Security Blob Length %d ",
3274 ("NTLMSSP response to Authenticate "));
3276 if (smb_buffer
->Flags2
& SMBFLG2_UNICODE
) {
3277 if ((long) (bcc_ptr
) % 2) {
3279 (BCC(smb_buffer_response
)
3281 bcc_ptr
++; /* Unicode strings must be word aligned */
3283 remaining_words
= BCC(smb_buffer_response
) / 2;
3285 len
= UniStrnlen((wchar_t *) bcc_ptr
,
3286 remaining_words
- 1);
3287 /* We look for obvious messed up bcc or strings in response so we do not go off
3288 the end since (at least) WIN2K and Windows XP have a major bug in not null
3289 terminating last Unicode string in response */
3291 kfree(ses
->serverOS
);
3293 kzalloc(2 * (len
+ 1), GFP_KERNEL
);
3294 cifs_strfromUCS_le(ses
->serverOS
,
3298 bcc_ptr
+= 2 * (len
+ 1);
3299 remaining_words
-= len
+ 1;
3300 ses
->serverOS
[2 * len
] = 0;
3301 ses
->serverOS
[1 + (2 * len
)] = 0;
3302 if (remaining_words
> 0) {
3303 len
= UniStrnlen((wchar_t *)
3307 kfree(ses
->serverNOS
);
3309 kzalloc(2 * (len
+ 1),
3311 cifs_strfromUCS_le(ses
->
3317 bcc_ptr
+= 2 * (len
+ 1);
3318 ses
->serverNOS
[2 * len
] = 0;
3319 ses
->serverNOS
[1+(2*len
)] = 0;
3320 remaining_words
-= len
+ 1;
3321 if (remaining_words
> 0) {
3322 len
= UniStrnlen((wchar_t *) bcc_ptr
, remaining_words
);
3323 /* last string not always null terminated (e.g. for Windows XP & 2000) */
3324 if (ses
->serverDomain
)
3325 kfree(ses
->serverDomain
);
3350 } /* else no more room so create dummy domain string */
3352 if (ses
->serverDomain
)
3353 kfree(ses
->serverDomain
);
3354 ses
->serverDomain
= kzalloc(2,GFP_KERNEL
);
3356 } else { /* no room so create dummy domain and NOS string */
3357 if (ses
->serverDomain
)
3358 kfree(ses
->serverDomain
);
3359 ses
->serverDomain
= kzalloc(2, GFP_KERNEL
);
3360 kfree(ses
->serverNOS
);
3361 ses
->serverNOS
= kzalloc(2, GFP_KERNEL
);
3363 } else { /* ASCII */
3364 len
= strnlen(bcc_ptr
, 1024);
3365 if (((long) bcc_ptr
+ len
) -
3366 (long) pByteArea(smb_buffer_response
)
3367 <= BCC(smb_buffer_response
)) {
3369 kfree(ses
->serverOS
);
3370 ses
->serverOS
= kzalloc(len
+ 1, GFP_KERNEL
);
3371 strncpy(ses
->serverOS
,bcc_ptr
, len
);
3374 bcc_ptr
[0] = 0; /* null terminate the string */
3377 len
= strnlen(bcc_ptr
, 1024);
3378 kfree(ses
->serverNOS
);
3379 ses
->serverNOS
= kzalloc(len
+1,
3381 strncpy(ses
->serverNOS
,
3387 len
= strnlen(bcc_ptr
, 1024);
3388 if (ses
->serverDomain
)
3389 kfree(ses
->serverDomain
);
3393 strncpy(ses
->serverDomain
,
3399 cFYI(1, ("field of length %d "
3400 "extends beyond end of smb ",
3404 cERROR(1, ("Security Blob extends beyond end "
3408 cERROR(1, ("No session structure passed in."));
3411 cERROR(1, ("Invalid Word count %d: ",
3412 smb_buffer_response
->WordCount
));
3416 cifs_buf_release(smb_buffer
);
3422 CIFSTCon(unsigned int xid
, struct cifsSesInfo
*ses
,
3423 const char *tree
, struct cifsTconInfo
*tcon
,
3424 const struct nls_table
*nls_codepage
)
3426 struct smb_hdr
*smb_buffer
;
3427 struct smb_hdr
*smb_buffer_response
;
3430 unsigned char *bcc_ptr
;
3438 smb_buffer
= cifs_buf_get();
3439 if (smb_buffer
== NULL
) {
3442 smb_buffer_response
= smb_buffer
;
3444 header_assemble(smb_buffer
, SMB_COM_TREE_CONNECT_ANDX
,
3445 NULL
/*no tid */ , 4 /*wct */ );
3447 smb_buffer
->Mid
= GetNextMid(ses
->server
);
3448 smb_buffer
->Uid
= ses
->Suid
;
3449 pSMB
= (TCONX_REQ
*) smb_buffer
;
3450 pSMBr
= (TCONX_RSP
*) smb_buffer_response
;
3452 pSMB
->AndXCommand
= 0xFF;
3453 pSMB
->Flags
= cpu_to_le16(TCON_EXTENDED_SECINFO
);
3454 bcc_ptr
= &pSMB
->Password
[0];
3455 if ((ses
->server
->secMode
) & SECMODE_USER
) {
3456 pSMB
->PasswordLength
= cpu_to_le16(1); /* minimum */
3457 *bcc_ptr
= 0; /* password is null byte */
3458 bcc_ptr
++; /* skip password */
3459 /* already aligned so no need to do it below */
3461 pSMB
->PasswordLength
= cpu_to_le16(CIFS_SESS_KEY_SIZE
);
3462 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3463 specified as required (when that support is added to
3464 the vfs in the future) as only NTLM or the much
3465 weaker LANMAN (which we do not send by default) is accepted
3466 by Samba (not sure whether other servers allow
3467 NTLMv2 password here) */
3468 #ifdef CONFIG_CIFS_WEAK_PW_HASH
3469 if ((extended_security
& CIFSSEC_MAY_LANMAN
) &&
3470 (ses
->server
->secType
== LANMAN
))
3471 calc_lanman_hash(ses
, bcc_ptr
);
3473 #endif /* CIFS_WEAK_PW_HASH */
3474 SMBNTencrypt(ses
->password
,
3475 ses
->server
->cryptKey
,
3478 bcc_ptr
+= CIFS_SESS_KEY_SIZE
;
3479 if (ses
->capabilities
& CAP_UNICODE
) {
3480 /* must align unicode strings */
3481 *bcc_ptr
= 0; /* null byte password */
3486 if (ses
->server
->secMode
&
3487 (SECMODE_SIGN_REQUIRED
| SECMODE_SIGN_ENABLED
))
3488 smb_buffer
->Flags2
|= SMBFLG2_SECURITY_SIGNATURE
;
3490 if (ses
->capabilities
& CAP_STATUS32
) {
3491 smb_buffer
->Flags2
|= SMBFLG2_ERR_STATUS
;
3493 if (ses
->capabilities
& CAP_DFS
) {
3494 smb_buffer
->Flags2
|= SMBFLG2_DFS
;
3496 if (ses
->capabilities
& CAP_UNICODE
) {
3497 smb_buffer
->Flags2
|= SMBFLG2_UNICODE
;
3499 cifs_strtoUCS((__le16
*) bcc_ptr
, tree
,
3500 6 /* max utf8 char length in bytes */ *
3501 (/* server len*/ + 256 /* share len */), nls_codepage
);
3502 bcc_ptr
+= 2 * length
; /* convert num 16 bit words to bytes */
3503 bcc_ptr
+= 2; /* skip trailing null */
3504 } else { /* ASCII */
3505 strcpy(bcc_ptr
, tree
);
3506 bcc_ptr
+= strlen(tree
) + 1;
3508 strcpy(bcc_ptr
, "?????");
3509 bcc_ptr
+= strlen("?????");
3511 count
= bcc_ptr
- &pSMB
->Password
[0];
3512 pSMB
->hdr
.smb_buf_length
+= count
;
3513 pSMB
->ByteCount
= cpu_to_le16(count
);
3515 rc
= SendReceive(xid
, ses
, smb_buffer
, smb_buffer_response
, &length
,
3518 /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3519 /* above now done in SendReceive */
3520 if ((rc
== 0) && (tcon
!= NULL
)) {
3521 tcon
->tidStatus
= CifsGood
;
3522 tcon
->need_reconnect
= false;
3523 tcon
->tid
= smb_buffer_response
->Tid
;
3524 bcc_ptr
= pByteArea(smb_buffer_response
);
3525 length
= strnlen(bcc_ptr
, BCC(smb_buffer_response
) - 2);
3526 /* skip service field (NB: this field is always ASCII) */
3528 if ((bcc_ptr
[0] == 'I') && (bcc_ptr
[1] == 'P') &&
3529 (bcc_ptr
[2] == 'C')) {
3530 cFYI(1, ("IPC connection"));
3533 } else if (length
== 2) {
3534 if ((bcc_ptr
[0] == 'A') && (bcc_ptr
[1] == ':')) {
3535 /* the most common case */
3536 cFYI(1, ("disk share connection"));
3539 bcc_ptr
+= length
+ 1;
3540 strncpy(tcon
->treeName
, tree
, MAX_TREE_SIZE
);
3541 if (smb_buffer
->Flags2
& SMBFLG2_UNICODE
) {
3542 length
= UniStrnlen((wchar_t *) bcc_ptr
, 512);
3543 if ((bcc_ptr
+ (2 * length
)) -
3544 pByteArea(smb_buffer_response
) <=
3545 BCC(smb_buffer_response
)) {
3546 kfree(tcon
->nativeFileSystem
);
3547 tcon
->nativeFileSystem
=
3548 kzalloc(length
+ 2, GFP_KERNEL
);
3549 if (tcon
->nativeFileSystem
)
3551 tcon
->nativeFileSystem
,
3553 length
, nls_codepage
);
3554 bcc_ptr
+= 2 * length
;
3555 bcc_ptr
[0] = 0; /* null terminate the string */
3559 /* else do not bother copying these information fields*/
3561 length
= strnlen(bcc_ptr
, 1024);
3562 if ((bcc_ptr
+ length
) -
3563 pByteArea(smb_buffer_response
) <=
3564 BCC(smb_buffer_response
)) {
3565 kfree(tcon
->nativeFileSystem
);
3566 tcon
->nativeFileSystem
=
3567 kzalloc(length
+ 1, GFP_KERNEL
);
3568 if (tcon
->nativeFileSystem
)
3569 strncpy(tcon
->nativeFileSystem
, bcc_ptr
,
3572 /* else do not bother copying these information fields*/
3574 if ((smb_buffer_response
->WordCount
== 3) ||
3575 (smb_buffer_response
->WordCount
== 7))
3576 /* field is in same location */
3577 tcon
->Flags
= le16_to_cpu(pSMBr
->OptionalSupport
);
3580 cFYI(1, ("Tcon flags: 0x%x ", tcon
->Flags
));
3581 } else if ((rc
== 0) && tcon
== NULL
) {
3582 /* all we need to save for IPC$ connection */
3583 ses
->ipc_tid
= smb_buffer_response
->Tid
;
3586 cifs_buf_release(smb_buffer
);
3591 cifs_umount(struct super_block
*sb
, struct cifs_sb_info
*cifs_sb
)
3595 struct cifsSesInfo
*ses
= NULL
;
3600 if (cifs_sb
->tcon
) {
3601 ses
= cifs_sb
->tcon
->ses
; /* save ptr to ses before delete tcon!*/
3602 rc
= CIFSSMBTDis(xid
, cifs_sb
->tcon
);
3607 DeleteTconOplockQEntries(cifs_sb
->tcon
);
3608 tconInfoFree(cifs_sb
->tcon
);
3609 if ((ses
) && (ses
->server
)) {
3610 /* save off task so we do not refer to ses later */
3611 cFYI(1, ("About to do SMBLogoff "));
3612 rc
= CIFSSMBLogoff(xid
, ses
);
3616 } else if (rc
== -ESHUTDOWN
) {
3617 cFYI(1, ("Waking up socket by sending signal"));
3619 kill_cifsd(ses
->server
);
3621 } /* else - we have an smb session
3622 left on this socket do not kill cifsd */
3624 cFYI(1, ("No session or bad tcon"));
3627 cifs_sb
->tcon
= NULL
;
3628 tmp
= cifs_sb
->prepath
;
3629 cifs_sb
->prepathlen
= 0;
3630 cifs_sb
->prepath
= NULL
;
3639 int cifs_setup_session(unsigned int xid
, struct cifsSesInfo
*pSesInfo
,
3640 struct nls_table
*nls_info
)
3643 char ntlm_session_key
[CIFS_SESS_KEY_SIZE
];
3644 bool ntlmv2_flag
= false;
3646 struct TCP_Server_Info
*server
= pSesInfo
->server
;
3648 /* what if server changes its buffer size after dropping the session? */
3649 if (server
->maxBuf
== 0) /* no need to send on reconnect */ {
3650 rc
= CIFSSMBNegotiate(xid
, pSesInfo
);
3651 if (rc
== -EAGAIN
) {
3652 /* retry only once on 1st time connection */
3653 rc
= CIFSSMBNegotiate(xid
, pSesInfo
);
3658 spin_lock(&GlobalMid_Lock
);
3659 if (server
->tcpStatus
!= CifsExiting
)
3660 server
->tcpStatus
= CifsGood
;
3663 spin_unlock(&GlobalMid_Lock
);
3672 pSesInfo
->flags
= 0;
3673 pSesInfo
->capabilities
= server
->capabilities
;
3674 if (linuxExtEnabled
== 0)
3675 pSesInfo
->capabilities
&= (~CAP_UNIX
);
3676 /* pSesInfo->sequence_number = 0;*/
3677 cFYI(1, ("Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d",
3678 server
->secMode
, server
->capabilities
, server
->timeAdj
));
3680 if (experimEnabled
< 2)
3681 rc
= CIFS_SessSetup(xid
, pSesInfo
, first_time
, nls_info
);
3682 else if (extended_security
3683 && (pSesInfo
->capabilities
& CAP_EXTENDED_SECURITY
)
3684 && (server
->secType
== NTLMSSP
)) {
3686 } else if (extended_security
3687 && (pSesInfo
->capabilities
& CAP_EXTENDED_SECURITY
)
3688 && (server
->secType
== RawNTLMSSP
)) {
3689 cFYI(1, ("NTLMSSP sesssetup"));
3690 rc
= CIFSNTLMSSPNegotiateSessSetup(xid
, pSesInfo
, &ntlmv2_flag
,
3695 cFYI(1, ("more secure NTLM ver2 hash"));
3696 if (CalcNTLMv2_partial_mac_key(pSesInfo
,
3701 v2_response
= kmalloc(16 + 64 /* blob*/,
3704 CalcNTLMv2_response(pSesInfo
,
3707 cifs_calculate_ntlmv2_mac_key */
3709 /* BB Put dummy sig in SessSetup PDU? */
3716 SMBNTencrypt(pSesInfo
->password
,
3721 cifs_calculate_mac_key(
3722 &server
->mac_signing_key
,
3724 pSesInfo
->password
);
3726 /* for better security the weaker lanman hash not sent
3727 in AuthSessSetup so we no longer calculate it */
3729 rc
= CIFSNTLMSSPAuthSessSetup(xid
, pSesInfo
,
3734 } else { /* old style NTLM 0.12 session setup */
3735 SMBNTencrypt(pSesInfo
->password
, server
->cryptKey
,
3739 cifs_calculate_mac_key(&server
->mac_signing_key
,
3741 pSesInfo
->password
);
3743 rc
= CIFSSessSetup(xid
, pSesInfo
, ntlm_session_key
, nls_info
);
3746 cERROR(1, ("Send error in SessSetup = %d", rc
));
3748 cFYI(1, ("CIFS Session Established successfully"));
3749 spin_lock(&GlobalMid_Lock
);
3750 pSesInfo
->status
= CifsGood
;
3751 pSesInfo
->need_reconnect
= false;
3752 spin_unlock(&GlobalMid_Lock
);