4 * Copyright (C) International Business Machines Corp., 2009, 2011
6 * Author(s): Steve French (sfrench@us.ibm.com)
7 * Pavel Shilovsky (pshilovsky@samba.org) 2012
9 * Contains the routines for constructing the SMB2 PDUs themselves
11 * This library is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU Lesser General Public License as published
13 * by the Free Software Foundation; either version 2.1 of the License, or
14 * (at your option) any later version.
16 * This library is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
19 * the GNU Lesser General Public License for more details.
21 * You should have received a copy of the GNU Lesser General Public License
22 * along with this library; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26 /* SMB2 PDU handling routines here - except for leftovers (eg session setup) */
27 /* Note that there are handle based routines which must be */
28 /* treated slightly differently for reconnection purposes since we never */
29 /* want to reuse a stale file handle and only the caller knows the file info */
32 #include <linux/kernel.h>
33 #include <linux/vfs.h>
34 #include <linux/uaccess.h>
35 #include <linux/xattr.h>
39 #include "cifsproto.h"
40 #include "smb2proto.h"
41 #include "cifs_unicode.h"
42 #include "cifs_debug.h"
44 #include "smb2status.h"
47 * The following table defines the expected "StructureSize" of SMB2 requests
48 * in order by SMB2 command. This is similar to "wct" in SMB/CIFS requests.
50 * Note that commands are defined in smb2pdu.h in le16 but the array below is
51 * indexed by command in host byte order.
53 static const int smb2_req_struct_sizes
[NUMBER_OF_SMB2_COMMANDS
] = {
54 /* SMB2_NEGOTIATE */ 36,
55 /* SMB2_SESSION_SETUP */ 25,
57 /* SMB2_TREE_CONNECT */ 9,
58 /* SMB2_TREE_DISCONNECT */ 4,
68 /* SMB2_QUERY_DIRECTORY */ 33,
69 /* SMB2_CHANGE_NOTIFY */ 32,
70 /* SMB2_QUERY_INFO */ 41,
71 /* SMB2_SET_INFO */ 33,
72 /* SMB2_OPLOCK_BREAK */ 24 /* BB this is 36 for LEASE_BREAK variant */
77 smb2_hdr_assemble(struct smb2_hdr
*hdr
, __le16 smb2_cmd
/* command */ ,
78 const struct cifs_tcon
*tcon
)
80 struct smb2_pdu
*pdu
= (struct smb2_pdu
*)hdr
;
81 char *temp
= (char *)hdr
;
82 /* lookup word count ie StructureSize from table */
83 __u16 parmsize
= smb2_req_struct_sizes
[le16_to_cpu(smb2_cmd
)];
86 * smaller than SMALL_BUFFER_SIZE but bigger than fixed area of
87 * largest operations (Create)
91 /* Note this is only network field converted to big endian */
92 hdr
->smb2_buf_length
= cpu_to_be32(parmsize
+ sizeof(struct smb2_hdr
)
93 - 4 /* RFC 1001 length field itself not counted */);
95 hdr
->ProtocolId
[0] = 0xFE;
96 hdr
->ProtocolId
[1] = 'S';
97 hdr
->ProtocolId
[2] = 'M';
98 hdr
->ProtocolId
[3] = 'B';
99 hdr
->StructureSize
= cpu_to_le16(64);
100 hdr
->Command
= smb2_cmd
;
101 hdr
->CreditRequest
= cpu_to_le16(2); /* BB make this dynamic */
102 hdr
->ProcessId
= cpu_to_le32((__u16
)current
->tgid
);
107 hdr
->TreeId
= tcon
->tid
;
108 /* Uid is not converted */
110 hdr
->SessionId
= tcon
->ses
->Suid
;
111 /* BB check following DFS flags BB */
112 /* BB do we have to add check for SHI1005_FLAGS_DFS_ROOT too? */
113 if (tcon
->share_flags
& SHI1005_FLAGS_DFS
)
114 hdr
->Flags
|= SMB2_FLAGS_DFS_OPERATIONS
;
115 /* BB how does SMB2 do case sensitive? */
117 hdr->Flags |= SMBFLG_CASELESS; */
118 /* if (tcon->ses && tcon->ses->server &&
119 (tcon->ses->server->sec_mode & SECMODE_SIGN_REQUIRED))
120 hdr->Flags |= SMB2_FLAGS_SIGNED; */
122 pdu
->StructureSize2
= cpu_to_le16(parmsize
);
127 smb2_reconnect(__le16 smb2_command
, struct cifs_tcon
*tcon
)
130 struct nls_table
*nls_codepage
;
131 struct cifs_ses
*ses
;
132 struct TCP_Server_Info
*server
;
135 * SMB2s NegProt, SessSetup, Logoff do not have tcon yet so
136 * check for tcp and smb session status done differently
137 * for those three - in the calling routine.
142 if (smb2_command
== SMB2_TREE_CONNECT
)
145 if (tcon
->tidStatus
== CifsExiting
) {
147 * only tree disconnect, open, and write,
148 * (and ulogoff which does not have tcon)
149 * are allowed as we start force umount.
151 if ((smb2_command
!= SMB2_WRITE
) &&
152 (smb2_command
!= SMB2_CREATE
) &&
153 (smb2_command
!= SMB2_TREE_DISCONNECT
)) {
154 cFYI(1, "can not send cmd %d while umounting",
159 if ((!tcon
->ses
) || (tcon
->ses
->status
== CifsExiting
) ||
160 (!tcon
->ses
->server
))
164 server
= ses
->server
;
167 * Give demultiplex thread up to 10 seconds to reconnect, should be
168 * greater than cifs socket timeout which is 7 seconds
170 while (server
->tcpStatus
== CifsNeedReconnect
) {
172 * Return to caller for TREE_DISCONNECT and LOGOFF and CLOSE
173 * here since they are implicitly done when session drops.
175 switch (smb2_command
) {
177 * BB Should we keep oplock break and add flush to exceptions?
179 case SMB2_TREE_DISCONNECT
:
182 case SMB2_OPLOCK_BREAK
:
186 wait_event_interruptible_timeout(server
->response_q
,
187 (server
->tcpStatus
!= CifsNeedReconnect
), 10 * HZ
);
189 /* are we still trying to reconnect? */
190 if (server
->tcpStatus
!= CifsNeedReconnect
)
194 * on "soft" mounts we wait once. Hard mounts keep
195 * retrying until process is killed or server comes
199 cFYI(1, "gave up waiting on reconnect in smb_init");
204 if (!tcon
->ses
->need_reconnect
&& !tcon
->need_reconnect
)
207 nls_codepage
= load_nls_default();
210 * need to prevent multiple threads trying to simultaneously reconnect
211 * the same SMB session
213 mutex_lock(&tcon
->ses
->session_mutex
);
214 rc
= cifs_negotiate_protocol(0, tcon
->ses
);
215 if (!rc
&& tcon
->ses
->need_reconnect
)
216 rc
= cifs_setup_session(0, tcon
->ses
, nls_codepage
);
218 if (rc
|| !tcon
->need_reconnect
) {
219 mutex_unlock(&tcon
->ses
->session_mutex
);
223 cifs_mark_open_files_invalid(tcon
);
224 rc
= SMB2_tcon(0, tcon
->ses
, tcon
->treeName
, tcon
, nls_codepage
);
225 mutex_unlock(&tcon
->ses
->session_mutex
);
226 cFYI(1, "reconnect tcon rc = %d", rc
);
229 atomic_inc(&tconInfoReconnectCount
);
231 * BB FIXME add code to check if wsize needs update due to negotiated
232 * smb buffer size shrinking.
236 * Check if handle based operation so we know whether we can continue
237 * or not without returning to caller to reset file handle.
240 * BB Is flush done by server on drop of tcp session? Should we special
241 * case it and skip above?
243 switch (smb2_command
) {
249 case SMB2_QUERY_DIRECTORY
:
250 case SMB2_CHANGE_NOTIFY
:
251 case SMB2_QUERY_INFO
:
255 unload_nls(nls_codepage
);
260 * Allocate and return pointer to an SMB request hdr, and set basic
261 * SMB information in the SMB header. If the return code is zero, this
262 * function must have filled in request_buf pointer.
265 small_smb2_init(__le16 smb2_command
, struct cifs_tcon
*tcon
,
270 rc
= smb2_reconnect(smb2_command
, tcon
);
274 /* BB eventually switch this to SMB2 specific small buf size */
275 *request_buf
= cifs_small_buf_get();
276 if (*request_buf
== NULL
) {
277 /* BB should we add a retry in here if not a writepage? */
281 smb2_hdr_assemble((struct smb2_hdr
*) *request_buf
, smb2_command
, tcon
);
284 #ifdef CONFIG_CIFS_STATS2
285 uint16_t com_code
= le16_to_cpu(smb2_command
);
286 cifs_stats_inc(&tcon
->stats
.smb2_stats
.smb2_com_sent
[com_code
]);
288 cifs_stats_inc(&tcon
->num_smbs_sent
);
295 free_rsp_buf(int resp_buftype
, void *rsp
)
297 if (resp_buftype
== CIFS_SMALL_BUFFER
)
298 cifs_small_buf_release(rsp
);
299 else if (resp_buftype
== CIFS_LARGE_BUFFER
)
300 cifs_buf_release(rsp
);
303 #define SMB2_NUM_PROT 1
307 #define BAD_PROT 0xFFFF
309 #define SMB2_PROT_ID 0x0202
310 #define SMB21_PROT_ID 0x0210
311 #define BAD_PROT_ID 0xFFFF
316 } smb2protocols
[] = {
317 {SMB2_PROT
, cpu_to_le16(SMB2_PROT_ID
)},
318 {SMB21_PROT
, cpu_to_le16(SMB21_PROT_ID
)},
319 {BAD_PROT
, cpu_to_le16(BAD_PROT_ID
)}
324 * SMB2 Worker functions follow:
326 * The general structure of the worker functions is:
327 * 1) Call smb2_init (assembles SMB2 header)
328 * 2) Initialize SMB2 command specific fields in fixed length area of SMB
329 * 3) Call smb_sendrcv2 (sends request on socket and waits for response)
330 * 4) Decode SMB2 command specific fields in the fixed length area
331 * 5) Decode variable length data area (if any for this SMB2 command type)
332 * 6) Call free smb buffer
338 SMB2_negotiate(const unsigned int xid
, struct cifs_ses
*ses
)
340 struct smb2_negotiate_req
*req
;
341 struct smb2_negotiate_rsp
*rsp
;
345 struct TCP_Server_Info
*server
;
346 unsigned int sec_flags
;
349 int blob_offset
, blob_length
;
351 int flags
= CIFS_NEG_OP
;
353 cFYI(1, "Negotiate protocol");
356 server
= ses
->server
;
362 rc
= small_smb2_init(SMB2_NEGOTIATE
, NULL
, (void **) &req
);
366 /* if any of auth flags (ie not sign or seal) are overriden use them */
367 if (ses
->overrideSecFlg
& (~(CIFSSEC_MUST_SIGN
| CIFSSEC_MUST_SEAL
)))
368 sec_flags
= ses
->overrideSecFlg
; /* BB FIXME fix sign flags?*/
369 else /* if override flags set only sign/seal OR them with global auth */
370 sec_flags
= global_secflags
| ses
->overrideSecFlg
;
372 cFYI(1, "sec_flags 0x%x", sec_flags
);
374 req
->hdr
.SessionId
= 0;
376 for (i
= 0; i
< SMB2_NUM_PROT
; i
++)
377 req
->Dialects
[i
] = smb2protocols
[i
].name
;
379 req
->DialectCount
= cpu_to_le16(i
);
380 inc_rfc1001_len(req
, i
* 2);
382 /* only one of SMB2 signing flags may be set in SMB2 request */
383 if ((sec_flags
& CIFSSEC_MUST_SIGN
) == CIFSSEC_MUST_SIGN
)
384 temp
= SMB2_NEGOTIATE_SIGNING_REQUIRED
;
385 else if (sec_flags
& CIFSSEC_MAY_SIGN
) /* MAY_SIGN is a single flag */
386 temp
= SMB2_NEGOTIATE_SIGNING_ENABLED
;
388 req
->SecurityMode
= cpu_to_le16(temp
);
390 req
->Capabilities
= cpu_to_le32(SMB2_GLOBAL_CAP_DFS
);
392 iov
[0].iov_base
= (char *)req
;
393 /* 4 for rfc1002 length field */
394 iov
[0].iov_len
= get_rfc1002_length(req
) + 4;
396 rc
= SendReceive2(xid
, ses
, iov
, 1, &resp_buftype
, flags
);
398 rsp
= (struct smb2_negotiate_rsp
*)iov
[0].iov_base
;
400 * No tcon so can't do
401 * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]);
411 cFYI(1, "mode 0x%x", rsp
->SecurityMode
);
413 if (rsp
->DialectRevision
== smb2protocols
[SMB21_PROT
].name
)
414 cFYI(1, "negotiated smb2.1 dialect");
415 else if (rsp
->DialectRevision
== smb2protocols
[SMB2_PROT
].name
)
416 cFYI(1, "negotiated smb2 dialect");
418 cERROR(1, "Illegal dialect returned by server %d",
419 le16_to_cpu(rsp
->DialectRevision
));
423 server
->dialect
= le16_to_cpu(rsp
->DialectRevision
);
425 server
->maxBuf
= le32_to_cpu(rsp
->MaxTransactSize
);
426 server
->max_read
= le32_to_cpu(rsp
->MaxReadSize
);
427 server
->max_write
= le32_to_cpu(rsp
->MaxWriteSize
);
428 /* BB Do we need to validate the SecurityMode? */
429 server
->sec_mode
= le16_to_cpu(rsp
->SecurityMode
);
430 server
->capabilities
= le32_to_cpu(rsp
->Capabilities
);
432 server
->capabilities
|= SMB2_NT_FIND
| SMB2_LARGE_FILES
;
434 security_blob
= smb2_get_data_area_len(&blob_offset
, &blob_length
,
436 if (blob_length
== 0) {
437 cERROR(1, "missing security blob on negprot");
441 #ifdef CONFIG_SMB2_ASN1 /* BB REMOVEME when updated asn1.c ready */
442 rc
= decode_neg_token_init(security_blob
, blob_length
,
453 free_rsp_buf(resp_buftype
, rsp
);
458 SMB2_sess_setup(const unsigned int xid
, struct cifs_ses
*ses
,
459 const struct nls_table
*nls_cp
)
461 struct smb2_sess_setup_req
*req
;
462 struct smb2_sess_setup_rsp
*rsp
= NULL
;
466 __le32 phase
= NtLmNegotiate
; /* NTLMSSP, if needed, is multistage */
467 struct TCP_Server_Info
*server
;
468 unsigned int sec_flags
;
472 char *ntlmssp_blob
= NULL
;
473 bool use_spnego
= false; /* else use raw ntlmssp */
475 cFYI(1, "Session Setup");
478 server
= ses
->server
;
485 * If memory allocation is successful, caller of this function
488 ses
->ntlmssp
= kmalloc(sizeof(struct ntlmssp_auth
), GFP_KERNEL
);
492 ses
->server
->secType
= RawNTLMSSP
;
494 ssetup_ntlmssp_authenticate
:
495 if (phase
== NtLmChallenge
)
496 phase
= NtLmAuthenticate
; /* if ntlmssp, now final phase */
498 rc
= small_smb2_init(SMB2_SESSION_SETUP
, NULL
, (void **) &req
);
502 /* if any of auth flags (ie not sign or seal) are overriden use them */
503 if (ses
->overrideSecFlg
& (~(CIFSSEC_MUST_SIGN
| CIFSSEC_MUST_SEAL
)))
504 sec_flags
= ses
->overrideSecFlg
; /* BB FIXME fix sign flags?*/
505 else /* if override flags set only sign/seal OR them with global auth */
506 sec_flags
= global_secflags
| ses
->overrideSecFlg
;
508 cFYI(1, "sec_flags 0x%x", sec_flags
);
510 req
->hdr
.SessionId
= 0; /* First session, not a reauthenticate */
511 req
->VcNumber
= 0; /* MBZ */
512 /* to enable echos and oplocks */
513 req
->hdr
.CreditRequest
= cpu_to_le16(3);
515 /* only one of SMB2 signing flags may be set in SMB2 request */
516 if ((sec_flags
& CIFSSEC_MUST_SIGN
) == CIFSSEC_MUST_SIGN
)
517 temp
= SMB2_NEGOTIATE_SIGNING_REQUIRED
;
518 else if (ses
->server
->sec_mode
& SMB2_NEGOTIATE_SIGNING_REQUIRED
)
519 temp
= SMB2_NEGOTIATE_SIGNING_REQUIRED
;
520 else if (sec_flags
& CIFSSEC_MAY_SIGN
) /* MAY_SIGN is a single flag */
521 temp
= SMB2_NEGOTIATE_SIGNING_ENABLED
;
523 req
->SecurityMode
= temp
;
524 req
->Capabilities
= 0;
525 req
->Channel
= 0; /* MBZ */
527 iov
[0].iov_base
= (char *)req
;
528 /* 4 for rfc1002 length field and 1 for pad */
529 iov
[0].iov_len
= get_rfc1002_length(req
) + 4 - 1;
530 if (phase
== NtLmNegotiate
) {
531 ntlmssp_blob
= kmalloc(sizeof(struct _NEGOTIATE_MESSAGE
),
533 if (ntlmssp_blob
== NULL
) {
537 build_ntlmssp_negotiate_blob(ntlmssp_blob
, ses
);
539 /* blob_length = build_spnego_ntlmssp_blob(
541 sizeof(struct _NEGOTIATE_MESSAGE),
543 /* BB eventually need to add this */
544 cERROR(1, "spnego not supported for SMB2 yet");
549 blob_length
= sizeof(struct _NEGOTIATE_MESSAGE
);
550 /* with raw NTLMSSP we don't encapsulate in SPNEGO */
551 security_blob
= ntlmssp_blob
;
553 } else if (phase
== NtLmAuthenticate
) {
554 req
->hdr
.SessionId
= ses
->Suid
;
555 ntlmssp_blob
= kzalloc(sizeof(struct _NEGOTIATE_MESSAGE
) + 500,
557 if (ntlmssp_blob
== NULL
) {
558 cERROR(1, "failed to malloc ntlmssp blob");
562 rc
= build_ntlmssp_auth_blob(ntlmssp_blob
, &blob_length
, ses
,
565 cFYI(1, "build_ntlmssp_auth_blob failed %d", rc
);
566 goto ssetup_exit
; /* BB double check error handling */
569 /* blob_length = build_spnego_ntlmssp_blob(
573 cERROR(1, "spnego not supported for SMB2 yet");
578 security_blob
= ntlmssp_blob
;
581 cERROR(1, "illegal ntlmssp phase");
586 /* Testing shows that buffer offset must be at location of Buffer[0] */
587 req
->SecurityBufferOffset
=
588 cpu_to_le16(sizeof(struct smb2_sess_setup_req
) -
589 1 /* pad */ - 4 /* rfc1001 len */);
590 req
->SecurityBufferLength
= cpu_to_le16(blob_length
);
591 iov
[1].iov_base
= security_blob
;
592 iov
[1].iov_len
= blob_length
;
594 inc_rfc1001_len(req
, blob_length
- 1 /* pad */);
596 /* BB add code to build os and lm fields */
598 rc
= SendReceive2(xid
, ses
, iov
, 2, &resp_buftype
, CIFS_LOG_ERROR
);
600 kfree(security_blob
);
601 rsp
= (struct smb2_sess_setup_rsp
*)iov
[0].iov_base
;
602 if (rsp
->hdr
.Status
== STATUS_MORE_PROCESSING_REQUIRED
) {
603 if (phase
!= NtLmNegotiate
) {
604 cERROR(1, "Unexpected more processing error");
607 if (offsetof(struct smb2_sess_setup_rsp
, Buffer
) - 4 !=
608 le16_to_cpu(rsp
->SecurityBufferOffset
)) {
609 cERROR(1, "Invalid security buffer offset %d",
610 le16_to_cpu(rsp
->SecurityBufferOffset
));
615 /* NTLMSSP Negotiate sent now processing challenge (response) */
616 phase
= NtLmChallenge
; /* process ntlmssp challenge */
617 rc
= 0; /* MORE_PROCESSING is not an error here but expected */
618 ses
->Suid
= rsp
->hdr
.SessionId
;
619 rc
= decode_ntlmssp_challenge(rsp
->Buffer
,
620 le16_to_cpu(rsp
->SecurityBufferLength
), ses
);
624 * BB eventually add code for SPNEGO decoding of NtlmChallenge blob,
625 * but at least the raw NTLMSSP case works.
628 * No tcon so can't do
629 * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]);
639 ses
->session_flags
= le16_to_cpu(rsp
->SessionFlags
);
641 free_rsp_buf(resp_buftype
, rsp
);
643 /* if ntlmssp, and negotiate succeeded, proceed to authenticate phase */
644 if ((phase
== NtLmChallenge
) && (rc
== 0))
645 goto ssetup_ntlmssp_authenticate
;
650 SMB2_logoff(const unsigned int xid
, struct cifs_ses
*ses
)
652 struct smb2_logoff_req
*req
; /* response is also trivial struct */
654 struct TCP_Server_Info
*server
;
656 cFYI(1, "disconnect session %p", ses
);
658 if (ses
&& (ses
->server
))
659 server
= ses
->server
;
663 rc
= small_smb2_init(SMB2_LOGOFF
, NULL
, (void **) &req
);
667 /* since no tcon, smb2_init can not do this, so do here */
668 req
->hdr
.SessionId
= ses
->Suid
;
670 rc
= SendReceiveNoRsp(xid
, ses
, (char *) &req
->hdr
, 0);
672 * No tcon so can't do
673 * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]);
678 static inline void cifs_stats_fail_inc(struct cifs_tcon
*tcon
, uint16_t code
)
680 cifs_stats_inc(&tcon
->stats
.smb2_stats
.smb2_com_failed
[code
]);
683 #define MAX_SHARENAME_LENGTH (255 /* server */ + 80 /* share */ + 1 /* NULL */)
686 SMB2_tcon(const unsigned int xid
, struct cifs_ses
*ses
, const char *tree
,
687 struct cifs_tcon
*tcon
, const struct nls_table
*cp
)
689 struct smb2_tree_connect_req
*req
;
690 struct smb2_tree_connect_rsp
*rsp
= NULL
;
695 struct TCP_Server_Info
*server
;
696 __le16
*unc_path
= NULL
;
700 if ((ses
->server
) && tree
)
701 server
= ses
->server
;
705 if (tcon
&& tcon
->bad_network_name
)
708 unc_path
= kmalloc(MAX_SHARENAME_LENGTH
* 2, GFP_KERNEL
);
709 if (unc_path
== NULL
)
712 unc_path_len
= cifs_strtoUTF16(unc_path
, tree
, strlen(tree
), cp
) + 1;
714 if (unc_path_len
< 2) {
719 rc
= small_smb2_init(SMB2_TREE_CONNECT
, tcon
, (void **) &req
);
726 /* since no tcon, smb2_init can not do this, so do here */
727 req
->hdr
.SessionId
= ses
->Suid
;
728 /* if (ses->server->sec_mode & SECMODE_SIGN_REQUIRED)
729 req->hdr.Flags |= SMB2_FLAGS_SIGNED; */
732 iov
[0].iov_base
= (char *)req
;
733 /* 4 for rfc1002 length field and 1 for pad */
734 iov
[0].iov_len
= get_rfc1002_length(req
) + 4 - 1;
736 /* Testing shows that buffer offset must be at location of Buffer[0] */
737 req
->PathOffset
= cpu_to_le16(sizeof(struct smb2_tree_connect_req
)
738 - 1 /* pad */ - 4 /* do not count rfc1001 len field */);
739 req
->PathLength
= cpu_to_le16(unc_path_len
- 2);
740 iov
[1].iov_base
= unc_path
;
741 iov
[1].iov_len
= unc_path_len
;
743 inc_rfc1001_len(req
, unc_path_len
- 1 /* pad */);
745 rc
= SendReceive2(xid
, ses
, iov
, 2, &resp_buftype
, 0);
746 rsp
= (struct smb2_tree_connect_rsp
*)iov
[0].iov_base
;
750 cifs_stats_fail_inc(tcon
, SMB2_TREE_CONNECT_HE
);
751 tcon
->need_reconnect
= true;
753 goto tcon_error_exit
;
762 ses
->ipc_tid
= rsp
->hdr
.TreeId
;
766 if (rsp
->ShareType
& SMB2_SHARE_TYPE_DISK
)
767 cFYI(1, "connection to disk share");
768 else if (rsp
->ShareType
& SMB2_SHARE_TYPE_PIPE
) {
770 cFYI(1, "connection to pipe share");
771 } else if (rsp
->ShareType
& SMB2_SHARE_TYPE_PRINT
) {
773 cFYI(1, "connection to printer");
775 cERROR(1, "unknown share type %d", rsp
->ShareType
);
777 goto tcon_error_exit
;
780 tcon
->share_flags
= le32_to_cpu(rsp
->ShareFlags
);
781 tcon
->maximal_access
= le32_to_cpu(rsp
->MaximalAccess
);
782 tcon
->tidStatus
= CifsGood
;
783 tcon
->need_reconnect
= false;
784 tcon
->tid
= rsp
->hdr
.TreeId
;
785 strncpy(tcon
->treeName
, tree
, MAX_TREE_SIZE
);
787 if ((rsp
->Capabilities
& SMB2_SHARE_CAP_DFS
) &&
788 ((tcon
->share_flags
& SHI1005_FLAGS_DFS
) == 0))
789 cERROR(1, "DFS capability contradicts DFS flag");
792 free_rsp_buf(resp_buftype
, rsp
);
797 if (rsp
->hdr
.Status
== STATUS_BAD_NETWORK_NAME
) {
798 cERROR(1, "BAD_NETWORK_NAME: %s", tree
);
799 tcon
->bad_network_name
= true;
805 SMB2_tdis(const unsigned int xid
, struct cifs_tcon
*tcon
)
807 struct smb2_tree_disconnect_req
*req
; /* response is trivial */
809 struct TCP_Server_Info
*server
;
810 struct cifs_ses
*ses
= tcon
->ses
;
812 cFYI(1, "Tree Disconnect");
814 if (ses
&& (ses
->server
))
815 server
= ses
->server
;
819 if ((tcon
->need_reconnect
) || (tcon
->ses
->need_reconnect
))
822 rc
= small_smb2_init(SMB2_TREE_DISCONNECT
, tcon
, (void **) &req
);
826 rc
= SendReceiveNoRsp(xid
, ses
, (char *)&req
->hdr
, 0);
828 cifs_stats_fail_inc(tcon
, SMB2_TREE_DISCONNECT_HE
);
834 SMB2_open(const unsigned int xid
, struct cifs_tcon
*tcon
, __le16
*path
,
835 u64
*persistent_fid
, u64
*volatile_fid
, __u32 desired_access
,
836 __u32 create_disposition
, __u32 file_attributes
, __u32 create_options
)
838 struct smb2_create_req
*req
;
839 struct smb2_create_rsp
*rsp
;
840 struct TCP_Server_Info
*server
;
841 struct cifs_ses
*ses
= tcon
->ses
;
848 cFYI(1, "create/open");
850 if (ses
&& (ses
->server
))
851 server
= ses
->server
;
855 rc
= small_smb2_init(SMB2_CREATE
, tcon
, (void **) &req
);
860 req
->RequestedOplockLevel
= SMB2_OPLOCK_LEVEL_BATCH
;
862 req
->RequestedOplockLevel
= SMB2_OPLOCK_LEVEL_NONE
;
863 req
->ImpersonationLevel
= IL_IMPERSONATION
;
864 req
->DesiredAccess
= cpu_to_le32(desired_access
);
865 /* File attributes ignored on open (used in create though) */
866 req
->FileAttributes
= cpu_to_le32(file_attributes
);
867 req
->ShareAccess
= FILE_SHARE_ALL_LE
;
868 req
->CreateDisposition
= cpu_to_le32(create_disposition
);
869 req
->CreateOptions
= cpu_to_le32(create_options
);
870 uni_path_len
= (2 * UniStrnlen((wchar_t *)path
, PATH_MAX
)) + 2;
871 req
->NameOffset
= cpu_to_le16(sizeof(struct smb2_create_req
)
872 - 1 /* pad */ - 4 /* do not count rfc1001 len field */);
874 iov
[0].iov_base
= (char *)req
;
875 /* 4 for rfc1002 length field */
876 iov
[0].iov_len
= get_rfc1002_length(req
) + 4;
878 /* MUST set path len (NameLength) to 0 opening root of share */
879 if (uni_path_len
>= 4) {
880 req
->NameLength
= cpu_to_le16(uni_path_len
- 2);
881 /* -1 since last byte is buf[0] which is sent below (path) */
883 iov
[1].iov_len
= uni_path_len
;
884 iov
[1].iov_base
= path
;
886 * -1 since last byte is buf[0] which was counted in
889 inc_rfc1001_len(req
, uni_path_len
- 1);
895 rc
= SendReceive2(xid
, ses
, iov
, num_iovecs
, &resp_buftype
, 0);
896 rsp
= (struct smb2_create_rsp
*)iov
[0].iov_base
;
899 cifs_stats_fail_inc(tcon
, SMB2_CREATE_HE
);
907 *persistent_fid
= rsp
->PersistentFileId
;
908 *volatile_fid
= rsp
->VolatileFileId
;
910 free_rsp_buf(resp_buftype
, rsp
);
915 SMB2_close(const unsigned int xid
, struct cifs_tcon
*tcon
,
916 u64 persistent_fid
, u64 volatile_fid
)
918 struct smb2_close_req
*req
;
919 struct smb2_close_rsp
*rsp
;
920 struct TCP_Server_Info
*server
;
921 struct cifs_ses
*ses
= tcon
->ses
;
928 if (ses
&& (ses
->server
))
929 server
= ses
->server
;
933 rc
= small_smb2_init(SMB2_CLOSE
, tcon
, (void **) &req
);
937 req
->PersistentFileId
= persistent_fid
;
938 req
->VolatileFileId
= volatile_fid
;
940 iov
[0].iov_base
= (char *)req
;
941 /* 4 for rfc1002 length field */
942 iov
[0].iov_len
= get_rfc1002_length(req
) + 4;
944 rc
= SendReceive2(xid
, ses
, iov
, 1, &resp_buftype
, 0);
945 rsp
= (struct smb2_close_rsp
*)iov
[0].iov_base
;
949 cifs_stats_fail_inc(tcon
, SMB2_CLOSE_HE
);
958 /* BB FIXME - decode close response, update inode for caching */
961 free_rsp_buf(resp_buftype
, rsp
);
966 validate_buf(unsigned int offset
, unsigned int buffer_length
,
967 struct smb2_hdr
*hdr
, unsigned int min_buf_size
)
970 unsigned int smb_len
= be32_to_cpu(hdr
->smb2_buf_length
);
971 char *end_of_smb
= smb_len
+ 4 /* RFC1001 length field */ + (char *)hdr
;
972 char *begin_of_buf
= 4 /* RFC1001 len field */ + offset
+ (char *)hdr
;
973 char *end_of_buf
= begin_of_buf
+ buffer_length
;
976 if (buffer_length
< min_buf_size
) {
977 cERROR(1, "buffer length %d smaller than minimum size %d",
978 buffer_length
, min_buf_size
);
982 /* check if beyond RFC1001 maximum length */
983 if ((smb_len
> 0x7FFFFF) || (buffer_length
> 0x7FFFFF)) {
984 cERROR(1, "buffer length %d or smb length %d too large",
985 buffer_length
, smb_len
);
989 if ((begin_of_buf
> end_of_smb
) || (end_of_buf
> end_of_smb
)) {
990 cERROR(1, "illegal server response, bad offset to data");
998 * If SMB buffer fields are valid, copy into temporary buffer to hold result.
999 * Caller must free buffer.
1002 validate_and_copy_buf(unsigned int offset
, unsigned int buffer_length
,
1003 struct smb2_hdr
*hdr
, unsigned int minbufsize
,
1007 char *begin_of_buf
= 4 /* RFC1001 len field */ + offset
+ (char *)hdr
;
1013 rc
= validate_buf(offset
, buffer_length
, hdr
, minbufsize
);
1017 memcpy(data
, begin_of_buf
, buffer_length
);
1023 SMB2_query_info(const unsigned int xid
, struct cifs_tcon
*tcon
,
1024 u64 persistent_fid
, u64 volatile_fid
,
1025 struct smb2_file_all_info
*data
)
1027 struct smb2_query_info_req
*req
;
1028 struct smb2_query_info_rsp
*rsp
= NULL
;
1032 struct TCP_Server_Info
*server
;
1033 struct cifs_ses
*ses
= tcon
->ses
;
1035 cFYI(1, "Query Info");
1037 if (ses
&& (ses
->server
))
1038 server
= ses
->server
;
1042 rc
= small_smb2_init(SMB2_QUERY_INFO
, tcon
, (void **) &req
);
1046 req
->InfoType
= SMB2_O_INFO_FILE
;
1047 req
->FileInfoClass
= FILE_ALL_INFORMATION
;
1048 req
->PersistentFileId
= persistent_fid
;
1049 req
->VolatileFileId
= volatile_fid
;
1050 /* 4 for rfc1002 length field and 1 for Buffer */
1051 req
->InputBufferOffset
=
1052 cpu_to_le16(sizeof(struct smb2_query_info_req
) - 1 - 4);
1053 req
->OutputBufferLength
=
1054 cpu_to_le32(sizeof(struct smb2_file_all_info
) + MAX_NAME
* 2);
1056 iov
[0].iov_base
= (char *)req
;
1057 /* 4 for rfc1002 length field */
1058 iov
[0].iov_len
= get_rfc1002_length(req
) + 4;
1060 rc
= SendReceive2(xid
, ses
, iov
, 1, &resp_buftype
, 0);
1062 cifs_stats_fail_inc(tcon
, SMB2_QUERY_INFO_HE
);
1066 rsp
= (struct smb2_query_info_rsp
*)iov
[0].iov_base
;
1068 rc
= validate_and_copy_buf(le16_to_cpu(rsp
->OutputBufferOffset
),
1069 le32_to_cpu(rsp
->OutputBufferLength
),
1070 &rsp
->hdr
, sizeof(struct smb2_file_all_info
),
1074 free_rsp_buf(resp_buftype
, rsp
);
1079 * This is a no-op for now. We're not really interested in the reply, but
1080 * rather in the fact that the server sent one and that server->lstrp
1083 * FIXME: maybe we should consider checking that the reply matches request?
1086 smb2_echo_callback(struct mid_q_entry
*mid
)
1088 struct TCP_Server_Info
*server
= mid
->callback_data
;
1089 struct smb2_echo_rsp
*smb2
= (struct smb2_echo_rsp
*)mid
->resp_buf
;
1090 unsigned int credits_received
= 1;
1092 if (mid
->mid_state
== MID_RESPONSE_RECEIVED
)
1093 credits_received
= le16_to_cpu(smb2
->hdr
.CreditRequest
);
1095 DeleteMidQEntry(mid
);
1096 add_credits(server
, credits_received
, CIFS_ECHO_OP
);
1100 SMB2_echo(struct TCP_Server_Info
*server
)
1102 struct smb2_echo_req
*req
;
1106 cFYI(1, "In echo request");
1108 rc
= small_smb2_init(SMB2_ECHO
, NULL
, (void **)&req
);
1112 req
->hdr
.CreditRequest
= cpu_to_le16(1);
1114 iov
.iov_base
= (char *)req
;
1115 /* 4 for rfc1002 length field */
1116 iov
.iov_len
= get_rfc1002_length(req
) + 4;
1118 rc
= cifs_call_async(server
, &iov
, 1, NULL
, smb2_echo_callback
, server
,
1121 cFYI(1, "Echo request failed: %d", rc
);
1123 cifs_small_buf_release(req
);