projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
cifs: move allocation of new TCP_Server_Info into separate function
[deliverable/linux.git] / fs / cifs / connect.c
1 /*
2 * fs/cifs/connect.c
3 *
4 * Copyright (C) International Business Machines Corp., 2002,2008
5 * Author(s): Steve French (sfrench@us.ibm.com)
6 *
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
21 #include <linux/fs.h>
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/ipv6.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/kthread.h>
34 #include <linux/pagevec.h>
35 #include <linux/freezer.h>
36 #include <asm/uaccess.h>
37 #include <asm/processor.h>
38 #include "cifspdu.h"
39 #include "cifsglob.h"
40 #include "cifsproto.h"
41 #include "cifs_unicode.h"
42 #include "cifs_debug.h"
43 #include "cifs_fs_sb.h"
44 #include "ntlmssp.h"
45 #include "nterr.h"
46 #include "rfc1002pdu.h"
47 #include "cn_cifs.h"
48
49 #define CIFS_PORT 445
50 #define RFC1001_PORT 139
51
52 extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
53 unsigned char *p24);
54
55 extern mempool_t *cifs_req_poolp;
56
57 struct smb_vol {
58 char *username;
59 char *password;
60 char *domainname;
61 char *UNC;
62 char *UNCip;
63 char *in6_addr; /* ipv6 address as human readable form of in6_addr */
64 char *iocharset; /* local code page for mapping to and from Unicode */
65 char source_rfc1001_name[16]; /* netbios name of client */
66 char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
67 uid_t linux_uid;
68 gid_t linux_gid;
69 mode_t file_mode;
70 mode_t dir_mode;
71 unsigned secFlg;
72 bool rw:1;
73 bool retry:1;
74 bool intr:1;
75 bool setuids:1;
76 bool override_uid:1;
77 bool override_gid:1;
78 bool dynperm:1;
79 bool noperm:1;
80 bool no_psx_acl:1; /* set if posix acl support should be disabled */
81 bool cifs_acl:1;
82 bool no_xattr:1; /* set if xattr (EA) support should be disabled*/
83 bool server_ino:1; /* use inode numbers from server ie UniqueId */
84 bool direct_io:1;
85 bool remap:1; /* set to remap seven reserved chars in filenames */
86 bool posix_paths:1; /* unset to not ask for posix pathnames. */
87 bool no_linux_ext:1;
88 bool sfu_emul:1;
89 bool nullauth:1; /* attempt to authenticate with null user */
90 bool nocase:1; /* request case insensitive filenames */
91 bool nobrl:1; /* disable sending byte range locks to srv */
92 bool seal:1; /* request transport encryption on share */
93 bool nodfs:1; /* Do not request DFS, even if available */
94 bool local_lease:1; /* check leases only on local system, not remote */
95 bool noblocksnd:1;
96 bool noautotune:1;
97 unsigned int rsize;
98 unsigned int wsize;
99 unsigned int sockopt;
100 unsigned short int port;
101 char *prepath;
102 };
103
104 static int ipv4_connect(struct sockaddr_in *psin_server,
105 struct socket **csocket,
106 char *netb_name,
107 char *server_netb_name,
108 bool noblocksnd,
109 bool nosndbuf); /* ipv6 never set sndbuf size */
110 static int ipv6_connect(struct sockaddr_in6 *psin_server,
111 struct socket **csocket, bool noblocksnd);
112
113
114 /*
115 * cifs tcp session reconnection
116 *
117 * mark tcp session as reconnecting so temporarily locked
118 * mark all smb sessions as reconnecting for tcp session
119 * reconnect tcp session
120 * wake up waiters on reconnection? - (not needed currently)
121 */
122
123 static int
124 cifs_reconnect(struct TCP_Server_Info *server)
125 {
126 int rc = 0;
127 struct list_head *tmp, *tmp2;
128 struct cifsSesInfo *ses;
129 struct cifsTconInfo *tcon;
130 struct mid_q_entry *mid_entry;
131
132 spin_lock(&GlobalMid_Lock);
133 if (server->tcpStatus == CifsExiting) {
134 /* the demux thread will exit normally
135 next time through the loop */
136 spin_unlock(&GlobalMid_Lock);
137 return rc;
138 } else
139 server->tcpStatus = CifsNeedReconnect;
140 spin_unlock(&GlobalMid_Lock);
141 server->maxBuf = 0;
142
143 cFYI(1, ("Reconnecting tcp session"));
144
145 /* before reconnecting the tcp session, mark the smb session (uid)
146 and the tid bad so they are not used until reconnected */
147 read_lock(&cifs_tcp_ses_lock);
148 list_for_each(tmp, &server->smb_ses_list) {
149 ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
150 ses->need_reconnect = true;
151 ses->ipc_tid = 0;
152 list_for_each(tmp2, &ses->tcon_list) {
153 tcon = list_entry(tmp2, struct cifsTconInfo, tcon_list);
154 tcon->need_reconnect = true;
155 }
156 }
157 read_unlock(&cifs_tcp_ses_lock);
158 /* do not want to be sending data on a socket we are freeing */
159 mutex_lock(&server->srv_mutex);
160 if (server->ssocket) {
161 cFYI(1, ("State: 0x%x Flags: 0x%lx", server->ssocket->state,
162 server->ssocket->flags));
163 kernel_sock_shutdown(server->ssocket, SHUT_WR);
164 cFYI(1, ("Post shutdown state: 0x%x Flags: 0x%lx",
165 server->ssocket->state,
166 server->ssocket->flags));
167 sock_release(server->ssocket);
168 server->ssocket = NULL;
169 }
170
171 spin_lock(&GlobalMid_Lock);
172 list_for_each(tmp, &server->pending_mid_q) {
173 mid_entry = list_entry(tmp, struct
174 mid_q_entry,
175 qhead);
176 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
177 /* Mark other intransit requests as needing
178 retry so we do not immediately mark the
179 session bad again (ie after we reconnect
180 below) as they timeout too */
181 mid_entry->midState = MID_RETRY_NEEDED;
182 }
183 }
184 spin_unlock(&GlobalMid_Lock);
185 mutex_unlock(&server->srv_mutex);
186
187 while ((server->tcpStatus != CifsExiting) &&
188 (server->tcpStatus != CifsGood)) {
189 try_to_freeze();
190 if (server->addr.sockAddr6.sin6_family == AF_INET6) {
191 rc = ipv6_connect(&server->addr.sockAddr6,
192 &server->ssocket, server->noautotune);
193 } else {
194 rc = ipv4_connect(&server->addr.sockAddr,
195 &server->ssocket,
196 server->workstation_RFC1001_name,
197 server->server_RFC1001_name,
198 server->noblocksnd, server->noautotune);
199 }
200 if (rc) {
201 cFYI(1, ("reconnect error %d", rc));
202 msleep(3000);
203 } else {
204 atomic_inc(&tcpSesReconnectCount);
205 spin_lock(&GlobalMid_Lock);
206 if (server->tcpStatus != CifsExiting)
207 server->tcpStatus = CifsGood;
208 server->sequence_number = 0;
209 spin_unlock(&GlobalMid_Lock);
210 /* atomic_set(&server->inFlight,0);*/
211 wake_up(&server->response_q);
212 }
213 }
214 return rc;
215 }
216
217 /*
218 return codes:
219 0 not a transact2, or all data present
220 >0 transact2 with that much data missing
221 -EINVAL = invalid transact2
222
223 */
224 static int check2ndT2(struct smb_hdr *pSMB, unsigned int maxBufSize)
225 {
226 struct smb_t2_rsp *pSMBt;
227 int total_data_size;
228 int data_in_this_rsp;
229 int remaining;
230
231 if (pSMB->Command != SMB_COM_TRANSACTION2)
232 return 0;
233
234 /* check for plausible wct, bcc and t2 data and parm sizes */
235 /* check for parm and data offset going beyond end of smb */
236 if (pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
237 cFYI(1, ("invalid transact2 word count"));
238 return -EINVAL;
239 }
240
241 pSMBt = (struct smb_t2_rsp *)pSMB;
242
243 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
244 data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
245
246 remaining = total_data_size - data_in_this_rsp;
247
248 if (remaining == 0)
249 return 0;
250 else if (remaining < 0) {
251 cFYI(1, ("total data %d smaller than data in frame %d",
252 total_data_size, data_in_this_rsp));
253 return -EINVAL;
254 } else {
255 cFYI(1, ("missing %d bytes from transact2, check next response",
256 remaining));
257 if (total_data_size > maxBufSize) {
258 cERROR(1, ("TotalDataSize %d is over maximum buffer %d",
259 total_data_size, maxBufSize));
260 return -EINVAL;
261 }
262 return remaining;
263 }
264 }
265
266 static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
267 {
268 struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
269 struct smb_t2_rsp *pSMBt = (struct smb_t2_rsp *)pTargetSMB;
270 int total_data_size;
271 int total_in_buf;
272 int remaining;
273 int total_in_buf2;
274 char *data_area_of_target;
275 char *data_area_of_buf2;
276 __u16 byte_count;
277
278 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
279
280 if (total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
281 cFYI(1, ("total data size of primary and secondary t2 differ"));
282 }
283
284 total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
285
286 remaining = total_data_size - total_in_buf;
287
288 if (remaining < 0)
289 return -EINVAL;
290
291 if (remaining == 0) /* nothing to do, ignore */
292 return 0;
293
294 total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
295 if (remaining < total_in_buf2) {
296 cFYI(1, ("transact2 2nd response contains too much data"));
297 }
298
299 /* find end of first SMB data area */
300 data_area_of_target = (char *)&pSMBt->hdr.Protocol +
301 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
302 /* validate target area */
303
304 data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
305 le16_to_cpu(pSMB2->t2_rsp.DataOffset);
306
307 data_area_of_target += total_in_buf;
308
309 /* copy second buffer into end of first buffer */
310 memcpy(data_area_of_target, data_area_of_buf2, total_in_buf2);
311 total_in_buf += total_in_buf2;
312 pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
313 byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
314 byte_count += total_in_buf2;
315 BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
316
317 byte_count = pTargetSMB->smb_buf_length;
318 byte_count += total_in_buf2;
319
320 /* BB also add check that we are not beyond maximum buffer size */
321
322 pTargetSMB->smb_buf_length = byte_count;
323
324 if (remaining == total_in_buf2) {
325 cFYI(1, ("found the last secondary response"));
326 return 0; /* we are done */
327 } else /* more responses to go */
328 return 1;
329
330 }
331
332 static int
333 cifs_demultiplex_thread(struct TCP_Server_Info *server)
334 {
335 int length;
336 unsigned int pdu_length, total_read;
337 struct smb_hdr *smb_buffer = NULL;
338 struct smb_hdr *bigbuf = NULL;
339 struct smb_hdr *smallbuf = NULL;
340 struct msghdr smb_msg;
341 struct kvec iov;
342 struct socket *csocket = server->ssocket;
343 struct list_head *tmp;
344 struct cifsSesInfo *ses;
345 struct task_struct *task_to_wake = NULL;
346 struct mid_q_entry *mid_entry;
347 char temp;
348 bool isLargeBuf = false;
349 bool isMultiRsp;
350 int reconnect;
351
352 current->flags |= PF_MEMALLOC;
353 cFYI(1, ("Demultiplex PID: %d", task_pid_nr(current)));
354
355 length = atomic_inc_return(&tcpSesAllocCount);
356 if (length > 1)
357 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
358 GFP_KERNEL);
359
360 set_freezable();
361 while (server->tcpStatus != CifsExiting) {
362 if (try_to_freeze())
363 continue;
364 if (bigbuf == NULL) {
365 bigbuf = cifs_buf_get();
366 if (!bigbuf) {
367 cERROR(1, ("No memory for large SMB response"));
368 msleep(3000);
369 /* retry will check if exiting */
370 continue;
371 }
372 } else if (isLargeBuf) {
373 /* we are reusing a dirty large buf, clear its start */
374 memset(bigbuf, 0, sizeof(struct smb_hdr));
375 }
376
377 if (smallbuf == NULL) {
378 smallbuf = cifs_small_buf_get();
379 if (!smallbuf) {
380 cERROR(1, ("No memory for SMB response"));
381 msleep(1000);
382 /* retry will check if exiting */
383 continue;
384 }
385 /* beginning of smb buffer is cleared in our buf_get */
386 } else /* if existing small buf clear beginning */
387 memset(smallbuf, 0, sizeof(struct smb_hdr));
388
389 isLargeBuf = false;
390 isMultiRsp = false;
391 smb_buffer = smallbuf;
392 iov.iov_base = smb_buffer;
393 iov.iov_len = 4;
394 smb_msg.msg_control = NULL;
395 smb_msg.msg_controllen = 0;
396 pdu_length = 4; /* enough to get RFC1001 header */
397 incomplete_rcv:
398 length =
399 kernel_recvmsg(csocket, &smb_msg,
400 &iov, 1, pdu_length, 0 /* BB other flags? */);
401
402 if (server->tcpStatus == CifsExiting) {
403 break;
404 } else if (server->tcpStatus == CifsNeedReconnect) {
405 cFYI(1, ("Reconnect after server stopped responding"));
406 cifs_reconnect(server);
407 cFYI(1, ("call to reconnect done"));
408 csocket = server->ssocket;
409 continue;
410 } else if ((length == -ERESTARTSYS) || (length == -EAGAIN)) {
411 msleep(1); /* minimum sleep to prevent looping
412 allowing socket to clear and app threads to set
413 tcpStatus CifsNeedReconnect if server hung */
414 if (pdu_length < 4) {
415 iov.iov_base = (4 - pdu_length) +
416 (char *)smb_buffer;
417 iov.iov_len = pdu_length;
418 smb_msg.msg_control = NULL;
419 smb_msg.msg_controllen = 0;
420 goto incomplete_rcv;
421 } else
422 continue;
423 } else if (length <= 0) {
424 if (server->tcpStatus == CifsNew) {
425 cFYI(1, ("tcp session abend after SMBnegprot"));
426 /* some servers kill the TCP session rather than
427 returning an SMB negprot error, in which
428 case reconnecting here is not going to help,
429 and so simply return error to mount */
430 break;
431 }
432 if (!try_to_freeze() && (length == -EINTR)) {
433 cFYI(1, ("cifsd thread killed"));
434 break;
435 }
436 cFYI(1, ("Reconnect after unexpected peek error %d",
437 length));
438 cifs_reconnect(server);
439 csocket = server->ssocket;
440 wake_up(&server->response_q);
441 continue;
442 } else if (length < pdu_length) {
443 cFYI(1, ("requested %d bytes but only got %d bytes",
444 pdu_length, length));
445 pdu_length -= length;
446 msleep(1);
447 goto incomplete_rcv;
448 }
449
450 /* The right amount was read from socket - 4 bytes */
451 /* so we can now interpret the length field */
452
453 /* the first byte big endian of the length field,
454 is actually not part of the length but the type
455 with the most common, zero, as regular data */
456 temp = *((char *) smb_buffer);
457
458 /* Note that FC 1001 length is big endian on the wire,
459 but we convert it here so it is always manipulated
460 as host byte order */
461 pdu_length = be32_to_cpu((__force __be32)smb_buffer->smb_buf_length);
462 smb_buffer->smb_buf_length = pdu_length;
463
464 cFYI(1, ("rfc1002 length 0x%x", pdu_length+4));
465
466 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
467 continue;
468 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
469 cFYI(1, ("Good RFC 1002 session rsp"));
470 continue;
471 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
472 /* we get this from Windows 98 instead of
473 an error on SMB negprot response */
474 cFYI(1, ("Negative RFC1002 Session Response Error 0x%x)",
475 pdu_length));
476 if (server->tcpStatus == CifsNew) {
477 /* if nack on negprot (rather than
478 ret of smb negprot error) reconnecting
479 not going to help, ret error to mount */
480 break;
481 } else {
482 /* give server a second to
483 clean up before reconnect attempt */
484 msleep(1000);
485 /* always try 445 first on reconnect
486 since we get NACK on some if we ever
487 connected to port 139 (the NACK is
488 since we do not begin with RFC1001
489 session initialize frame) */
490 server->addr.sockAddr.sin_port =
491 htons(CIFS_PORT);
492 cifs_reconnect(server);
493 csocket = server->ssocket;
494 wake_up(&server->response_q);
495 continue;
496 }
497 } else if (temp != (char) 0) {
498 cERROR(1, ("Unknown RFC 1002 frame"));
499 cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
500 length);
501 cifs_reconnect(server);
502 csocket = server->ssocket;
503 continue;
504 }
505
506 /* else we have an SMB response */
507 if ((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
508 (pdu_length < sizeof(struct smb_hdr) - 1 - 4)) {
509 cERROR(1, ("Invalid size SMB length %d pdu_length %d",
510 length, pdu_length+4));
511 cifs_reconnect(server);
512 csocket = server->ssocket;
513 wake_up(&server->response_q);
514 continue;
515 }
516
517 /* else length ok */
518 reconnect = 0;
519
520 if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
521 isLargeBuf = true;
522 memcpy(bigbuf, smallbuf, 4);
523 smb_buffer = bigbuf;
524 }
525 length = 0;
526 iov.iov_base = 4 + (char *)smb_buffer;
527 iov.iov_len = pdu_length;
528 for (total_read = 0; total_read < pdu_length;
529 total_read += length) {
530 length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
531 pdu_length - total_read, 0);
532 if ((server->tcpStatus == CifsExiting) ||
533 (length == -EINTR)) {
534 /* then will exit */
535 reconnect = 2;
536 break;
537 } else if (server->tcpStatus == CifsNeedReconnect) {
538 cifs_reconnect(server);
539 csocket = server->ssocket;
540 /* Reconnect wakes up rspns q */
541 /* Now we will reread sock */
542 reconnect = 1;
543 break;
544 } else if ((length == -ERESTARTSYS) ||
545 (length == -EAGAIN)) {
546 msleep(1); /* minimum sleep to prevent looping,
547 allowing socket to clear and app
548 threads to set tcpStatus
549 CifsNeedReconnect if server hung*/
550 length = 0;
551 continue;
552 } else if (length <= 0) {
553 cERROR(1, ("Received no data, expecting %d",
554 pdu_length - total_read));
555 cifs_reconnect(server);
556 csocket = server->ssocket;
557 reconnect = 1;
558 break;
559 }
560 }
561 if (reconnect == 2)
562 break;
563 else if (reconnect == 1)
564 continue;
565
566 length += 4; /* account for rfc1002 hdr */
567
568
569 dump_smb(smb_buffer, length);
570 if (checkSMB(smb_buffer, smb_buffer->Mid, total_read+4)) {
571 cifs_dump_mem("Bad SMB: ", smb_buffer, 48);
572 continue;
573 }
574
575
576 task_to_wake = NULL;
577 spin_lock(&GlobalMid_Lock);
578 list_for_each(tmp, &server->pending_mid_q) {
579 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
580
581 if ((mid_entry->mid == smb_buffer->Mid) &&
582 (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
583 (mid_entry->command == smb_buffer->Command)) {
584 if (check2ndT2(smb_buffer,server->maxBuf) > 0) {
585 /* We have a multipart transact2 resp */
586 isMultiRsp = true;
587 if (mid_entry->resp_buf) {
588 /* merge response - fix up 1st*/
589 if (coalesce_t2(smb_buffer,
590 mid_entry->resp_buf)) {
591 mid_entry->multiRsp =
592 true;
593 break;
594 } else {
595 /* all parts received */
596 mid_entry->multiEnd =
597 true;
598 goto multi_t2_fnd;
599 }
600 } else {
601 if (!isLargeBuf) {
602 cERROR(1,("1st trans2 resp needs bigbuf"));
603 /* BB maybe we can fix this up, switch
604 to already allocated large buffer? */
605 } else {
606 /* Have first buffer */
607 mid_entry->resp_buf =
608 smb_buffer;
609 mid_entry->largeBuf =
610 true;
611 bigbuf = NULL;
612 }
613 }
614 break;
615 }
616 mid_entry->resp_buf = smb_buffer;
617 mid_entry->largeBuf = isLargeBuf;
618 multi_t2_fnd:
619 task_to_wake = mid_entry->tsk;
620 mid_entry->midState = MID_RESPONSE_RECEIVED;
621 #ifdef CONFIG_CIFS_STATS2
622 mid_entry->when_received = jiffies;
623 #endif
624 /* so we do not time out requests to server
625 which is still responding (since server could
626 be busy but not dead) */
627 server->lstrp = jiffies;
628 break;
629 }
630 }
631 spin_unlock(&GlobalMid_Lock);
632 if (task_to_wake) {
633 /* Was previous buf put in mpx struct for multi-rsp? */
634 if (!isMultiRsp) {
635 /* smb buffer will be freed by user thread */
636 if (isLargeBuf)
637 bigbuf = NULL;
638 else
639 smallbuf = NULL;
640 }
641 wake_up_process(task_to_wake);
642 } else if (!is_valid_oplock_break(smb_buffer, server) &&
643 !isMultiRsp) {
644 cERROR(1, ("No task to wake, unknown frame received! "
645 "NumMids %d", midCount.counter));
646 cifs_dump_mem("Received Data is: ", (char *)smb_buffer,
647 sizeof(struct smb_hdr));
648 #ifdef CONFIG_CIFS_DEBUG2
649 cifs_dump_detail(smb_buffer);
650 cifs_dump_mids(server);
651 #endif /* CIFS_DEBUG2 */
652
653 }
654 } /* end while !EXITING */
655
656 /* take it off the list, if it's not already */
657 write_lock(&cifs_tcp_ses_lock);
658 list_del_init(&server->tcp_ses_list);
659 write_unlock(&cifs_tcp_ses_lock);
660
661 spin_lock(&GlobalMid_Lock);
662 server->tcpStatus = CifsExiting;
663 spin_unlock(&GlobalMid_Lock);
664 wake_up_all(&server->response_q);
665
666 /* check if we have blocked requests that need to free */
667 /* Note that cifs_max_pending is normally 50, but
668 can be set at module install time to as little as two */
669 spin_lock(&GlobalMid_Lock);
670 if (atomic_read(&server->inFlight) >= cifs_max_pending)
671 atomic_set(&server->inFlight, cifs_max_pending - 1);
672 /* We do not want to set the max_pending too low or we
673 could end up with the counter going negative */
674 spin_unlock(&GlobalMid_Lock);
675 /* Although there should not be any requests blocked on
676 this queue it can not hurt to be paranoid and try to wake up requests
677 that may haven been blocked when more than 50 at time were on the wire
678 to the same server - they now will see the session is in exit state
679 and get out of SendReceive. */
680 wake_up_all(&server->request_q);
681 /* give those requests time to exit */
682 msleep(125);
683
684 if (server->ssocket) {
685 sock_release(csocket);
686 server->ssocket = NULL;
687 }
688 /* buffer usuallly freed in free_mid - need to free it here on exit */
689 cifs_buf_release(bigbuf);
690 if (smallbuf) /* no sense logging a debug message if NULL */
691 cifs_small_buf_release(smallbuf);
692
693 /*
694 * BB: we shouldn't have to do any of this. It shouldn't be
695 * possible to exit from the thread with active SMB sessions
696 */
697 read_lock(&cifs_tcp_ses_lock);
698 if (list_empty(&server->pending_mid_q)) {
699 /* loop through server session structures attached to this and
700 mark them dead */
701 list_for_each(tmp, &server->smb_ses_list) {
702 ses = list_entry(tmp, struct cifsSesInfo,
703 smb_ses_list);
704 ses->status = CifsExiting;
705 ses->server = NULL;
706 }
707 read_unlock(&cifs_tcp_ses_lock);
708 } else {
709 /* although we can not zero the server struct pointer yet,
710 since there are active requests which may depnd on them,
711 mark the corresponding SMB sessions as exiting too */
712 list_for_each(tmp, &server->smb_ses_list) {
713 ses = list_entry(tmp, struct cifsSesInfo,
714 smb_ses_list);
715 ses->status = CifsExiting;
716 }
717
718 spin_lock(&GlobalMid_Lock);
719 list_for_each(tmp, &server->pending_mid_q) {
720 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
721 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
722 cFYI(1, ("Clearing Mid 0x%x - waking up ",
723 mid_entry->mid));
724 task_to_wake = mid_entry->tsk;
725 if (task_to_wake)
726 wake_up_process(task_to_wake);
727 }
728 }
729 spin_unlock(&GlobalMid_Lock);
730 read_unlock(&cifs_tcp_ses_lock);
731 /* 1/8th of sec is more than enough time for them to exit */
732 msleep(125);
733 }
734
735 if (!list_empty(&server->pending_mid_q)) {
736 /* mpx threads have not exited yet give them
737 at least the smb send timeout time for long ops */
738 /* due to delays on oplock break requests, we need
739 to wait at least 45 seconds before giving up
740 on a request getting a response and going ahead
741 and killing cifsd */
742 cFYI(1, ("Wait for exit from demultiplex thread"));
743 msleep(46000);
744 /* if threads still have not exited they are probably never
745 coming home not much else we can do but free the memory */
746 }
747
748 /* last chance to mark ses pointers invalid
749 if there are any pointing to this (e.g
750 if a crazy root user tried to kill cifsd
751 kernel thread explicitly this might happen) */
752 /* BB: This shouldn't be necessary, see above */
753 read_lock(&cifs_tcp_ses_lock);
754 list_for_each(tmp, &server->smb_ses_list) {
755 ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
756 ses->server = NULL;
757 }
758 read_unlock(&cifs_tcp_ses_lock);
759
760 kfree(server->hostname);
761 task_to_wake = xchg(&server->tsk, NULL);
762 kfree(server);
763
764 length = atomic_dec_return(&tcpSesAllocCount);
765 if (length > 0)
766 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
767 GFP_KERNEL);
768
769 /* if server->tsk was NULL then wait for a signal before exiting */
770 if (!task_to_wake) {
771 set_current_state(TASK_INTERRUPTIBLE);
772 while (!signal_pending(current)) {
773 schedule();
774 set_current_state(TASK_INTERRUPTIBLE);
775 }
776 set_current_state(TASK_RUNNING);
777 }
778
779 module_put_and_exit(0);
780 }
781
782 /* extract the host portion of the UNC string */
783 static char *
784 extract_hostname(const char *unc)
785 {
786 const char *src;
787 char *dst, *delim;
788 unsigned int len;
789
790 /* skip double chars at beginning of string */
791 /* BB: check validity of these bytes? */
792 src = unc + 2;
793
794 /* delimiter between hostname and sharename is always '\\' now */
795 delim = strchr(src, '\\');
796 if (!delim)
797 return ERR_PTR(-EINVAL);
798
799 len = delim - src;
800 dst = kmalloc((len + 1), GFP_KERNEL);
801 if (dst == NULL)
802 return ERR_PTR(-ENOMEM);
803
804 memcpy(dst, src, len);
805 dst[len] = '\0';
806
807 return dst;
808 }
809
810 static int
811 cifs_parse_mount_options(char *options, const char *devname,
812 struct smb_vol *vol)
813 {
814 char *value;
815 char *data;
816 unsigned int temp_len, i, j;
817 char separator[2];
818
819 separator[0] = ',';
820 separator[1] = 0;
821
822 if (Local_System_Name[0] != 0)
823 memcpy(vol->source_rfc1001_name, Local_System_Name, 15);
824 else {
825 char *nodename = utsname()->nodename;
826 int n = strnlen(nodename, 15);
827 memset(vol->source_rfc1001_name, 0x20, 15);
828 for (i = 0; i < n; i++) {
829 /* does not have to be perfect mapping since field is
830 informational, only used for servers that do not support
831 port 445 and it can be overridden at mount time */
832 vol->source_rfc1001_name[i] = toupper(nodename[i]);
833 }
834 }
835 vol->source_rfc1001_name[15] = 0;
836 /* null target name indicates to use *SMBSERVR default called name
837 if we end up sending RFC1001 session initialize */
838 vol->target_rfc1001_name[0] = 0;
839 vol->linux_uid = current->uid; /* current->euid instead? */
840 vol->linux_gid = current->gid;
841 vol->dir_mode = S_IRWXUGO;
842 /* 2767 perms indicate mandatory locking support */
843 vol->file_mode = (S_IRWXUGO | S_ISGID) & (~S_IXGRP);
844
845 /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
846 vol->rw = true;
847 /* default is always to request posix paths. */
848 vol->posix_paths = 1;
849
850 if (!options)
851 return 1;
852
853 if (strncmp(options, "sep=", 4) == 0) {
854 if (options[4] != 0) {
855 separator[0] = options[4];
856 options += 5;
857 } else {
858 cFYI(1, ("Null separator not allowed"));
859 }
860 }
861
862 while ((data = strsep(&options, separator)) != NULL) {
863 if (!*data)
864 continue;
865 if ((value = strchr(data, '=')) != NULL)
866 *value++ = '\0';
867
868 /* Have to parse this before we parse for "user" */
869 if (strnicmp(data, "user_xattr", 10) == 0) {
870 vol->no_xattr = 0;
871 } else if (strnicmp(data, "nouser_xattr", 12) == 0) {
872 vol->no_xattr = 1;
873 } else if (strnicmp(data, "user", 4) == 0) {
874 if (!value) {
875 printk(KERN_WARNING
876 "CIFS: invalid or missing username\n");
877 return 1; /* needs_arg; */
878 } else if (!*value) {
879 /* null user, ie anonymous, authentication */
880 vol->nullauth = 1;
881 }
882 if (strnlen(value, 200) < 200) {
883 vol->username = value;
884 } else {
885 printk(KERN_WARNING "CIFS: username too long\n");
886 return 1;
887 }
888 } else if (strnicmp(data, "pass", 4) == 0) {
889 if (!value) {
890 vol->password = NULL;
891 continue;
892 } else if (value[0] == 0) {
893 /* check if string begins with double comma
894 since that would mean the password really
895 does start with a comma, and would not
896 indicate an empty string */
897 if (value[1] != separator[0]) {
898 vol->password = NULL;
899 continue;
900 }
901 }
902 temp_len = strlen(value);
903 /* removed password length check, NTLM passwords
904 can be arbitrarily long */
905
906 /* if comma in password, the string will be
907 prematurely null terminated. Commas in password are
908 specified across the cifs mount interface by a double
909 comma ie ,, and a comma used as in other cases ie ','
910 as a parameter delimiter/separator is single and due
911 to the strsep above is temporarily zeroed. */
912
913 /* NB: password legally can have multiple commas and
914 the only illegal character in a password is null */
915
916 if ((value[temp_len] == 0) &&
917 (value[temp_len+1] == separator[0])) {
918 /* reinsert comma */
919 value[temp_len] = separator[0];
920 temp_len += 2; /* move after second comma */
921 while (value[temp_len] != 0) {
922 if (value[temp_len] == separator[0]) {
923 if (value[temp_len+1] ==
924 separator[0]) {
925 /* skip second comma */
926 temp_len++;
927 } else {
928 /* single comma indicating start
929 of next parm */
930 break;
931 }
932 }
933 temp_len++;
934 }
935 if (value[temp_len] == 0) {
936 options = NULL;
937 } else {
938 value[temp_len] = 0;
939 /* point option to start of next parm */
940 options = value + temp_len + 1;
941 }
942 /* go from value to value + temp_len condensing
943 double commas to singles. Note that this ends up
944 allocating a few bytes too many, which is ok */
945 vol->password = kzalloc(temp_len, GFP_KERNEL);
946 if (vol->password == NULL) {
947 printk(KERN_WARNING "CIFS: no memory "
948 "for password\n");
949 return 1;
950 }
951 for (i = 0, j = 0; i < temp_len; i++, j++) {
952 vol->password[j] = value[i];
953 if (value[i] == separator[0]
954 && value[i+1] == separator[0]) {
955 /* skip second comma */
956 i++;
957 }
958 }
959 vol->password[j] = 0;
960 } else {
961 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
962 if (vol->password == NULL) {
963 printk(KERN_WARNING "CIFS: no memory "
964 "for password\n");
965 return 1;
966 }
967 strcpy(vol->password, value);
968 }
969 } else if (strnicmp(data, "ip", 2) == 0) {
970 if (!value || !*value) {
971 vol->UNCip = NULL;
972 } else if (strnlen(value, 35) < 35) {
973 vol->UNCip = value;
974 } else {
975 printk(KERN_WARNING "CIFS: ip address "
976 "too long\n");
977 return 1;
978 }
979 } else if (strnicmp(data, "sec", 3) == 0) {
980 if (!value || !*value) {
981 cERROR(1, ("no security value specified"));
982 continue;
983 } else if (strnicmp(value, "krb5i", 5) == 0) {
984 vol->secFlg |= CIFSSEC_MAY_KRB5 |
985 CIFSSEC_MUST_SIGN;
986 } else if (strnicmp(value, "krb5p", 5) == 0) {
987 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
988 CIFSSEC_MAY_KRB5; */
989 cERROR(1, ("Krb5 cifs privacy not supported"));
990 return 1;
991 } else if (strnicmp(value, "krb5", 4) == 0) {
992 vol->secFlg |= CIFSSEC_MAY_KRB5;
993 } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
994 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
995 CIFSSEC_MUST_SIGN;
996 } else if (strnicmp(value, "ntlmv2", 6) == 0) {
997 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
998 } else if (strnicmp(value, "ntlmi", 5) == 0) {
999 vol->secFlg |= CIFSSEC_MAY_NTLM |
1000 CIFSSEC_MUST_SIGN;
1001 } else if (strnicmp(value, "ntlm", 4) == 0) {
1002 /* ntlm is default so can be turned off too */
1003 vol->secFlg |= CIFSSEC_MAY_NTLM;
1004 } else if (strnicmp(value, "nontlm", 6) == 0) {
1005 /* BB is there a better way to do this? */
1006 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
1007 #ifdef CONFIG_CIFS_WEAK_PW_HASH
1008 } else if (strnicmp(value, "lanman", 6) == 0) {
1009 vol->secFlg |= CIFSSEC_MAY_LANMAN;
1010 #endif
1011 } else if (strnicmp(value, "none", 4) == 0) {
1012 vol->nullauth = 1;
1013 } else {
1014 cERROR(1, ("bad security option: %s", value));
1015 return 1;
1016 }
1017 } else if ((strnicmp(data, "unc", 3) == 0)
1018 || (strnicmp(data, "target", 6) == 0)
1019 || (strnicmp(data, "path", 4) == 0)) {
1020 if (!value || !*value) {
1021 printk(KERN_WARNING "CIFS: invalid path to "
1022 "network resource\n");
1023 return 1; /* needs_arg; */
1024 }
1025 if ((temp_len = strnlen(value, 300)) < 300) {
1026 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1027 if (vol->UNC == NULL)
1028 return 1;
1029 strcpy(vol->UNC, value);
1030 if (strncmp(vol->UNC, "//", 2) == 0) {
1031 vol->UNC[0] = '\\';
1032 vol->UNC[1] = '\\';
1033 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1034 printk(KERN_WARNING
1035 "CIFS: UNC Path does not begin "
1036 "with // or \\\\ \n");
1037 return 1;
1038 }
1039 } else {
1040 printk(KERN_WARNING "CIFS: UNC name too long\n");
1041 return 1;
1042 }
1043 } else if ((strnicmp(data, "domain", 3) == 0)
1044 || (strnicmp(data, "workgroup", 5) == 0)) {
1045 if (!value || !*value) {
1046 printk(KERN_WARNING "CIFS: invalid domain name\n");
1047 return 1; /* needs_arg; */
1048 }
1049 /* BB are there cases in which a comma can be valid in
1050 a domain name and need special handling? */
1051 if (strnlen(value, 256) < 256) {
1052 vol->domainname = value;
1053 cFYI(1, ("Domain name set"));
1054 } else {
1055 printk(KERN_WARNING "CIFS: domain name too "
1056 "long\n");
1057 return 1;
1058 }
1059 } else if (strnicmp(data, "prefixpath", 10) == 0) {
1060 if (!value || !*value) {
1061 printk(KERN_WARNING
1062 "CIFS: invalid path prefix\n");
1063 return 1; /* needs_argument */
1064 }
1065 if ((temp_len = strnlen(value, 1024)) < 1024) {
1066 if (value[0] != '/')
1067 temp_len++; /* missing leading slash */
1068 vol->prepath = kmalloc(temp_len+1, GFP_KERNEL);
1069 if (vol->prepath == NULL)
1070 return 1;
1071 if (value[0] != '/') {
1072 vol->prepath[0] = '/';
1073 strcpy(vol->prepath+1, value);
1074 } else
1075 strcpy(vol->prepath, value);
1076 cFYI(1, ("prefix path %s", vol->prepath));
1077 } else {
1078 printk(KERN_WARNING "CIFS: prefix too long\n");
1079 return 1;
1080 }
1081 } else if (strnicmp(data, "iocharset", 9) == 0) {
1082 if (!value || !*value) {
1083 printk(KERN_WARNING "CIFS: invalid iocharset "
1084 "specified\n");
1085 return 1; /* needs_arg; */
1086 }
1087 if (strnlen(value, 65) < 65) {
1088 if (strnicmp(value, "default", 7))
1089 vol->iocharset = value;
1090 /* if iocharset not set then load_nls_default
1091 is used by caller */
1092 cFYI(1, ("iocharset set to %s", value));
1093 } else {
1094 printk(KERN_WARNING "CIFS: iocharset name "
1095 "too long.\n");
1096 return 1;
1097 }
1098 } else if (strnicmp(data, "uid", 3) == 0) {
1099 if (value && *value) {
1100 vol->linux_uid =
1101 simple_strtoul(value, &value, 0);
1102 vol->override_uid = 1;
1103 }
1104 } else if (strnicmp(data, "gid", 3) == 0) {
1105 if (value && *value) {
1106 vol->linux_gid =
1107 simple_strtoul(value, &value, 0);
1108 vol->override_gid = 1;
1109 }
1110 } else if (strnicmp(data, "file_mode", 4) == 0) {
1111 if (value && *value) {
1112 vol->file_mode =
1113 simple_strtoul(value, &value, 0);
1114 }
1115 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1116 if (value && *value) {
1117 vol->dir_mode =
1118 simple_strtoul(value, &value, 0);
1119 }
1120 } else if (strnicmp(data, "dirmode", 4) == 0) {
1121 if (value && *value) {
1122 vol->dir_mode =
1123 simple_strtoul(value, &value, 0);
1124 }
1125 } else if (strnicmp(data, "port", 4) == 0) {
1126 if (value && *value) {
1127 vol->port =
1128 simple_strtoul(value, &value, 0);
1129 }
1130 } else if (strnicmp(data, "rsize", 5) == 0) {
1131 if (value && *value) {
1132 vol->rsize =
1133 simple_strtoul(value, &value, 0);
1134 }
1135 } else if (strnicmp(data, "wsize", 5) == 0) {
1136 if (value && *value) {
1137 vol->wsize =
1138 simple_strtoul(value, &value, 0);
1139 }
1140 } else if (strnicmp(data, "sockopt", 5) == 0) {
1141 if (value && *value) {
1142 vol->sockopt =
1143 simple_strtoul(value, &value, 0);
1144 }
1145 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1146 if (!value || !*value || (*value == ' ')) {
1147 cFYI(1, ("invalid (empty) netbiosname"));
1148 } else {
1149 memset(vol->source_rfc1001_name, 0x20, 15);
1150 for (i = 0; i < 15; i++) {
1151 /* BB are there cases in which a comma can be
1152 valid in this workstation netbios name (and need
1153 special handling)? */
1154
1155 /* We do not uppercase netbiosname for user */
1156 if (value[i] == 0)
1157 break;
1158 else
1159 vol->source_rfc1001_name[i] =
1160 value[i];
1161 }
1162 /* The string has 16th byte zero still from
1163 set at top of the function */
1164 if ((i == 15) && (value[i] != 0))
1165 printk(KERN_WARNING "CIFS: netbiosname"
1166 " longer than 15 truncated.\n");
1167 }
1168 } else if (strnicmp(data, "servern", 7) == 0) {
1169 /* servernetbiosname specified override *SMBSERVER */
1170 if (!value || !*value || (*value == ' ')) {
1171 cFYI(1, ("empty server netbiosname specified"));
1172 } else {
1173 /* last byte, type, is 0x20 for servr type */
1174 memset(vol->target_rfc1001_name, 0x20, 16);
1175
1176 for (i = 0; i < 15; i++) {
1177 /* BB are there cases in which a comma can be
1178 valid in this workstation netbios name
1179 (and need special handling)? */
1180
1181 /* user or mount helper must uppercase
1182 the netbiosname */
1183 if (value[i] == 0)
1184 break;
1185 else
1186 vol->target_rfc1001_name[i] =
1187 value[i];
1188 }
1189 /* The string has 16th byte zero still from
1190 set at top of the function */
1191 if ((i == 15) && (value[i] != 0))
1192 printk(KERN_WARNING "CIFS: server net"
1193 "biosname longer than 15 truncated.\n");
1194 }
1195 } else if (strnicmp(data, "credentials", 4) == 0) {
1196 /* ignore */
1197 } else if (strnicmp(data, "version", 3) == 0) {
1198 /* ignore */
1199 } else if (strnicmp(data, "guest", 5) == 0) {
1200 /* ignore */
1201 } else if (strnicmp(data, "rw", 2) == 0) {
1202 vol->rw = true;
1203 } else if (strnicmp(data, "noblocksend", 11) == 0) {
1204 vol->noblocksnd = 1;
1205 } else if (strnicmp(data, "noautotune", 10) == 0) {
1206 vol->noautotune = 1;
1207 } else if ((strnicmp(data, "suid", 4) == 0) ||
1208 (strnicmp(data, "nosuid", 6) == 0) ||
1209 (strnicmp(data, "exec", 4) == 0) ||
1210 (strnicmp(data, "noexec", 6) == 0) ||
1211 (strnicmp(data, "nodev", 5) == 0) ||
1212 (strnicmp(data, "noauto", 6) == 0) ||
1213 (strnicmp(data, "dev", 3) == 0)) {
1214 /* The mount tool or mount.cifs helper (if present)
1215 uses these opts to set flags, and the flags are read
1216 by the kernel vfs layer before we get here (ie
1217 before read super) so there is no point trying to
1218 parse these options again and set anything and it
1219 is ok to just ignore them */
1220 continue;
1221 } else if (strnicmp(data, "ro", 2) == 0) {
1222 vol->rw = false;
1223 } else if (strnicmp(data, "hard", 4) == 0) {
1224 vol->retry = 1;
1225 } else if (strnicmp(data, "soft", 4) == 0) {
1226 vol->retry = 0;
1227 } else if (strnicmp(data, "perm", 4) == 0) {
1228 vol->noperm = 0;
1229 } else if (strnicmp(data, "noperm", 6) == 0) {
1230 vol->noperm = 1;
1231 } else if (strnicmp(data, "mapchars", 8) == 0) {
1232 vol->remap = 1;
1233 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1234 vol->remap = 0;
1235 } else if (strnicmp(data, "sfu", 3) == 0) {
1236 vol->sfu_emul = 1;
1237 } else if (strnicmp(data, "nosfu", 5) == 0) {
1238 vol->sfu_emul = 0;
1239 } else if (strnicmp(data, "nodfs", 5) == 0) {
1240 vol->nodfs = 1;
1241 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1242 vol->posix_paths = 1;
1243 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1244 vol->posix_paths = 0;
1245 } else if (strnicmp(data, "nounix", 6) == 0) {
1246 vol->no_linux_ext = 1;
1247 } else if (strnicmp(data, "nolinux", 7) == 0) {
1248 vol->no_linux_ext = 1;
1249 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1250 (strnicmp(data, "ignorecase", 10) == 0)) {
1251 vol->nocase = 1;
1252 } else if (strnicmp(data, "brl", 3) == 0) {
1253 vol->nobrl = 0;
1254 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1255 (strnicmp(data, "nolock", 6) == 0)) {
1256 vol->nobrl = 1;
1257 /* turn off mandatory locking in mode
1258 if remote locking is turned off since the
1259 local vfs will do advisory */
1260 if (vol->file_mode ==
1261 (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1262 vol->file_mode = S_IALLUGO;
1263 } else if (strnicmp(data, "setuids", 7) == 0) {
1264 vol->setuids = 1;
1265 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1266 vol->setuids = 0;
1267 } else if (strnicmp(data, "dynperm", 7) == 0) {
1268 vol->dynperm = true;
1269 } else if (strnicmp(data, "nodynperm", 9) == 0) {
1270 vol->dynperm = false;
1271 } else if (strnicmp(data, "nohard", 6) == 0) {
1272 vol->retry = 0;
1273 } else if (strnicmp(data, "nosoft", 6) == 0) {
1274 vol->retry = 1;
1275 } else if (strnicmp(data, "nointr", 6) == 0) {
1276 vol->intr = 0;
1277 } else if (strnicmp(data, "intr", 4) == 0) {
1278 vol->intr = 1;
1279 } else if (strnicmp(data, "serverino", 7) == 0) {
1280 vol->server_ino = 1;
1281 } else if (strnicmp(data, "noserverino", 9) == 0) {
1282 vol->server_ino = 0;
1283 } else if (strnicmp(data, "cifsacl", 7) == 0) {
1284 vol->cifs_acl = 1;
1285 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1286 vol->cifs_acl = 0;
1287 } else if (strnicmp(data, "acl", 3) == 0) {
1288 vol->no_psx_acl = 0;
1289 } else if (strnicmp(data, "noacl", 5) == 0) {
1290 vol->no_psx_acl = 1;
1291 #ifdef CONFIG_CIFS_EXPERIMENTAL
1292 } else if (strnicmp(data, "locallease", 6) == 0) {
1293 vol->local_lease = 1;
1294 #endif
1295 } else if (strnicmp(data, "sign", 4) == 0) {
1296 vol->secFlg |= CIFSSEC_MUST_SIGN;
1297 } else if (strnicmp(data, "seal", 4) == 0) {
1298 /* we do not do the following in secFlags because seal
1299 is a per tree connection (mount) not a per socket
1300 or per-smb connection option in the protocol */
1301 /* vol->secFlg |= CIFSSEC_MUST_SEAL; */
1302 vol->seal = 1;
1303 } else if (strnicmp(data, "direct", 6) == 0) {
1304 vol->direct_io = 1;
1305 } else if (strnicmp(data, "forcedirectio", 13) == 0) {
1306 vol->direct_io = 1;
1307 } else if (strnicmp(data, "in6_addr", 8) == 0) {
1308 if (!value || !*value) {
1309 vol->in6_addr = NULL;
1310 } else if (strnlen(value, 49) == 48) {
1311 vol->in6_addr = value;
1312 } else {
1313 printk(KERN_WARNING "CIFS: ip v6 address not "
1314 "48 characters long\n");
1315 return 1;
1316 }
1317 } else if (strnicmp(data, "noac", 4) == 0) {
1318 printk(KERN_WARNING "CIFS: Mount option noac not "
1319 "supported. Instead set "
1320 "/proc/fs/cifs/LookupCacheEnabled to 0\n");
1321 } else
1322 printk(KERN_WARNING "CIFS: Unknown mount option %s\n",
1323 data);
1324 }
1325 if (vol->UNC == NULL) {
1326 if (devname == NULL) {
1327 printk(KERN_WARNING "CIFS: Missing UNC name for mount "
1328 "target\n");
1329 return 1;
1330 }
1331 if ((temp_len = strnlen(devname, 300)) < 300) {
1332 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1333 if (vol->UNC == NULL)
1334 return 1;
1335 strcpy(vol->UNC, devname);
1336 if (strncmp(vol->UNC, "//", 2) == 0) {
1337 vol->UNC[0] = '\\';
1338 vol->UNC[1] = '\\';
1339 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1340 printk(KERN_WARNING "CIFS: UNC Path does not "
1341 "begin with // or \\\\ \n");
1342 return 1;
1343 }
1344 value = strpbrk(vol->UNC+2, "/\\");
1345 if (value)
1346 *value = '\\';
1347 } else {
1348 printk(KERN_WARNING "CIFS: UNC name too long\n");
1349 return 1;
1350 }
1351 }
1352 if (vol->UNCip == NULL)
1353 vol->UNCip = &vol->UNC[2];
1354
1355 return 0;
1356 }
1357
1358 static struct TCP_Server_Info *
1359 cifs_find_tcp_session(struct sockaddr *addr)
1360 {
1361 struct list_head *tmp;
1362 struct TCP_Server_Info *server;
1363 struct sockaddr_in *addr4 = (struct sockaddr_in *) addr;
1364 struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) addr;
1365
1366 write_lock(&cifs_tcp_ses_lock);
1367 list_for_each(tmp, &cifs_tcp_ses_list) {
1368 server = list_entry(tmp, struct TCP_Server_Info,
1369 tcp_ses_list);
1370 /*
1371 * the demux thread can exit on its own while still in CifsNew
1372 * so don't accept any sockets in that state. Since the
1373 * tcpStatus never changes back to CifsNew it's safe to check
1374 * for this without a lock.
1375 */
1376 if (server->tcpStatus == CifsNew)
1377 continue;
1378
1379 if (addr->sa_family == AF_INET &&
1380 (addr4->sin_addr.s_addr !=
1381 server->addr.sockAddr.sin_addr.s_addr))
1382 continue;
1383 else if (addr->sa_family == AF_INET6 &&
1384 memcmp(&server->addr.sockAddr6.sin6_addr,
1385 &addr6->sin6_addr, sizeof(addr6->sin6_addr)))
1386 continue;
1387
1388 ++server->srv_count;
1389 write_unlock(&cifs_tcp_ses_lock);
1390 cFYI(1, ("Existing tcp session with server found"));
1391 return server;
1392 }
1393 write_unlock(&cifs_tcp_ses_lock);
1394 return NULL;
1395 }
1396
1397 static void
1398 cifs_put_tcp_session(struct TCP_Server_Info *server)
1399 {
1400 struct task_struct *task;
1401
1402 write_lock(&cifs_tcp_ses_lock);
1403 if (--server->srv_count > 0) {
1404 write_unlock(&cifs_tcp_ses_lock);
1405 return;
1406 }
1407
1408 list_del_init(&server->tcp_ses_list);
1409 write_unlock(&cifs_tcp_ses_lock);
1410
1411 spin_lock(&GlobalMid_Lock);
1412 server->tcpStatus = CifsExiting;
1413 spin_unlock(&GlobalMid_Lock);
1414
1415 task = xchg(&server->tsk, NULL);
1416 if (task)
1417 force_sig(SIGKILL, task);
1418 }
1419
1420 static struct TCP_Server_Info *
1421 cifs_get_tcp_session(struct smb_vol *volume_info)
1422 {
1423 struct TCP_Server_Info *tcp_ses = NULL;
1424 struct sockaddr addr;
1425 struct sockaddr_in *sin_server = (struct sockaddr_in *) &addr;
1426 struct sockaddr_in6 *sin_server6 = (struct sockaddr_in6 *) &addr;
1427 int rc;
1428
1429 memset(&addr, 0, sizeof(struct sockaddr));
1430
1431 if (volume_info->UNCip && volume_info->UNC) {
1432 rc = cifs_inet_pton(AF_INET, volume_info->UNCip,
1433 &sin_server->sin_addr.s_addr);
1434
1435 if (rc <= 0) {
1436 /* not ipv4 address, try ipv6 */
1437 rc = cifs_inet_pton(AF_INET6, volume_info->UNCip,
1438 &sin_server6->sin6_addr.in6_u);
1439 if (rc > 0)
1440 addr.sa_family = AF_INET6;
1441 } else {
1442 addr.sa_family = AF_INET;
1443 }
1444
1445 if (rc <= 0) {
1446 /* we failed translating address */
1447 rc = -EINVAL;
1448 goto out_err;
1449 }
1450
1451 cFYI(1, ("UNC: %s ip: %s", volume_info->UNC,
1452 volume_info->UNCip));
1453 } else if (volume_info->UNCip) {
1454 /* BB using ip addr as tcp_ses name to connect to the
1455 DFS root below */
1456 cERROR(1, ("Connecting to DFS root not implemented yet"));
1457 rc = -EINVAL;
1458 goto out_err;
1459 } else /* which tcp_sess DFS root would we conect to */ {
1460 cERROR(1,
1461 ("CIFS mount error: No UNC path (e.g. -o "
1462 "unc=//192.168.1.100/public) specified"));
1463 rc = -EINVAL;
1464 goto out_err;
1465 }
1466
1467 /* see if we already have a matching tcp_ses */
1468 tcp_ses = cifs_find_tcp_session(&addr);
1469 if (tcp_ses)
1470 return tcp_ses;
1471
1472 tcp_ses = kzalloc(sizeof(struct TCP_Server_Info), GFP_KERNEL);
1473 if (!tcp_ses) {
1474 rc = -ENOMEM;
1475 goto out_err;
1476 }
1477
1478 tcp_ses->hostname = extract_hostname(volume_info->UNC);
1479 if (IS_ERR(tcp_ses->hostname)) {
1480 rc = PTR_ERR(tcp_ses->hostname);
1481 goto out_err;
1482 }
1483
1484 tcp_ses->noblocksnd = volume_info->noblocksnd;
1485 tcp_ses->noautotune = volume_info->noautotune;
1486 atomic_set(&tcp_ses->inFlight, 0);
1487 init_waitqueue_head(&tcp_ses->response_q);
1488 init_waitqueue_head(&tcp_ses->request_q);
1489 INIT_LIST_HEAD(&tcp_ses->pending_mid_q);
1490 mutex_init(&tcp_ses->srv_mutex);
1491 memcpy(tcp_ses->workstation_RFC1001_name,
1492 volume_info->source_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1493 memcpy(tcp_ses->server_RFC1001_name,
1494 volume_info->target_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1495 tcp_ses->sequence_number = 0;
1496 INIT_LIST_HEAD(&tcp_ses->tcp_ses_list);
1497 INIT_LIST_HEAD(&tcp_ses->smb_ses_list);
1498
1499 /*
1500 * at this point we are the only ones with the pointer
1501 * to the struct since the kernel thread not created yet
1502 * no need to spinlock this init of tcpStatus or srv_count
1503 */
1504 tcp_ses->tcpStatus = CifsNew;
1505 ++tcp_ses->srv_count;
1506
1507 if (addr.sa_family == AF_INET6) {
1508 cFYI(1, ("attempting ipv6 connect"));
1509 /* BB should we allow ipv6 on port 139? */
1510 /* other OS never observed in Wild doing 139 with v6 */
1511 memcpy(&tcp_ses->addr.sockAddr6, sin_server6,
1512 sizeof(struct sockaddr_in6));
1513 sin_server6->sin6_port = htons(volume_info->port);
1514 rc = ipv6_connect(sin_server6, &tcp_ses->ssocket,
1515 volume_info->noblocksnd);
1516 } else {
1517 memcpy(&tcp_ses->addr.sockAddr, sin_server,
1518 sizeof(struct sockaddr_in));
1519 sin_server->sin_port = htons(volume_info->port);
1520 rc = ipv4_connect(sin_server, &tcp_ses->ssocket,
1521 volume_info->source_rfc1001_name,
1522 volume_info->target_rfc1001_name,
1523 volume_info->noblocksnd,
1524 volume_info->noautotune);
1525 }
1526 if (rc < 0) {
1527 cERROR(1, ("Error connecting to socket. Aborting operation"));
1528 goto out_err;
1529 }
1530
1531 /*
1532 * since we're in a cifs function already, we know that
1533 * this will succeed. No need for try_module_get().
1534 */
1535 __module_get(THIS_MODULE);
1536 tcp_ses->tsk = kthread_run((void *)(void *)cifs_demultiplex_thread,
1537 tcp_ses, "cifsd");
1538 if (IS_ERR(tcp_ses->tsk)) {
1539 rc = PTR_ERR(tcp_ses->tsk);
1540 cERROR(1, ("error %d create cifsd thread", rc));
1541 module_put(THIS_MODULE);
1542 goto out_err;
1543 }
1544
1545 /* thread spawned, put it on the list */
1546 write_lock(&cifs_tcp_ses_lock);
1547 list_add(&tcp_ses->tcp_ses_list, &cifs_tcp_ses_list);
1548 write_unlock(&cifs_tcp_ses_lock);
1549
1550 return tcp_ses;
1551
1552 out_err:
1553 if (tcp_ses) {
1554 kfree(tcp_ses->hostname);
1555 if (tcp_ses->ssocket)
1556 sock_release(tcp_ses->ssocket);
1557 kfree(tcp_ses);
1558 }
1559 return ERR_PTR(rc);
1560 }
1561
1562 static struct cifsSesInfo *
1563 cifs_find_smb_ses(struct TCP_Server_Info *server, char *username)
1564 {
1565 struct list_head *tmp;
1566 struct cifsSesInfo *ses;
1567
1568 write_lock(&cifs_tcp_ses_lock);
1569 list_for_each(tmp, &server->smb_ses_list) {
1570 ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
1571 if (strncmp(ses->userName, username, MAX_USERNAME_SIZE))
1572 continue;
1573
1574 ++ses->ses_count;
1575 write_unlock(&cifs_tcp_ses_lock);
1576 return ses;
1577 }
1578 write_unlock(&cifs_tcp_ses_lock);
1579 return NULL;
1580 }
1581
1582 static void
1583 cifs_put_smb_ses(struct cifsSesInfo *ses)
1584 {
1585 int xid;
1586 struct TCP_Server_Info *server = ses->server;
1587
1588 write_lock(&cifs_tcp_ses_lock);
1589 if (--ses->ses_count > 0) {
1590 write_unlock(&cifs_tcp_ses_lock);
1591 return;
1592 }
1593
1594 list_del_init(&ses->smb_ses_list);
1595 write_unlock(&cifs_tcp_ses_lock);
1596
1597 if (ses->status == CifsGood) {
1598 xid = GetXid();
1599 CIFSSMBLogoff(xid, ses);
1600 _FreeXid(xid);
1601 }
1602 sesInfoFree(ses);
1603 cifs_put_tcp_session(server);
1604 }
1605
1606 static struct cifsTconInfo *
1607 cifs_find_tcon(struct cifsSesInfo *ses, const char *unc)
1608 {
1609 struct list_head *tmp;
1610 struct cifsTconInfo *tcon;
1611
1612 write_lock(&cifs_tcp_ses_lock);
1613 list_for_each(tmp, &ses->tcon_list) {
1614 tcon = list_entry(tmp, struct cifsTconInfo, tcon_list);
1615 if (tcon->tidStatus == CifsExiting)
1616 continue;
1617 if (strncmp(tcon->treeName, unc, MAX_TREE_SIZE))
1618 continue;
1619
1620 ++tcon->tc_count;
1621 write_unlock(&cifs_tcp_ses_lock);
1622 return tcon;
1623 }
1624 write_unlock(&cifs_tcp_ses_lock);
1625 return NULL;
1626 }
1627
1628 static void
1629 cifs_put_tcon(struct cifsTconInfo *tcon)
1630 {
1631 int xid;
1632 struct cifsSesInfo *ses = tcon->ses;
1633
1634 write_lock(&cifs_tcp_ses_lock);
1635 if (--tcon->tc_count > 0) {
1636 write_unlock(&cifs_tcp_ses_lock);
1637 return;
1638 }
1639
1640 list_del_init(&tcon->tcon_list);
1641 write_unlock(&cifs_tcp_ses_lock);
1642
1643 xid = GetXid();
1644 CIFSSMBTDis(xid, tcon);
1645 _FreeXid(xid);
1646
1647 DeleteTconOplockQEntries(tcon);
1648 tconInfoFree(tcon);
1649 cifs_put_smb_ses(ses);
1650 }
1651
1652 int
1653 get_dfs_path(int xid, struct cifsSesInfo *pSesInfo, const char *old_path,
1654 const struct nls_table *nls_codepage, unsigned int *pnum_referrals,
1655 struct dfs_info3_param **preferrals, int remap)
1656 {
1657 char *temp_unc;
1658 int rc = 0;
1659
1660 *pnum_referrals = 0;
1661 *preferrals = NULL;
1662
1663 if (pSesInfo->ipc_tid == 0) {
1664 temp_unc = kmalloc(2 /* for slashes */ +
1665 strnlen(pSesInfo->serverName,
1666 SERVER_NAME_LEN_WITH_NULL * 2)
1667 + 1 + 4 /* slash IPC$ */ + 2,
1668 GFP_KERNEL);
1669 if (temp_unc == NULL)
1670 return -ENOMEM;
1671 temp_unc[0] = '\\';
1672 temp_unc[1] = '\\';
1673 strcpy(temp_unc + 2, pSesInfo->serverName);
1674 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
1675 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
1676 cFYI(1,
1677 ("CIFS Tcon rc = %d ipc_tid = %d", rc, pSesInfo->ipc_tid));
1678 kfree(temp_unc);
1679 }
1680 if (rc == 0)
1681 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
1682 pnum_referrals, nls_codepage, remap);
1683 /* BB map targetUNCs to dfs_info3 structures, here or
1684 in CIFSGetDFSRefer BB */
1685
1686 return rc;
1687 }
1688
1689 #ifdef CONFIG_DEBUG_LOCK_ALLOC
1690 static struct lock_class_key cifs_key[2];
1691 static struct lock_class_key cifs_slock_key[2];
1692
1693 static inline void
1694 cifs_reclassify_socket4(struct socket *sock)
1695 {
1696 struct sock *sk = sock->sk;
1697 BUG_ON(sock_owned_by_user(sk));
1698 sock_lock_init_class_and_name(sk, "slock-AF_INET-CIFS",
1699 &cifs_slock_key[0], "sk_lock-AF_INET-CIFS", &cifs_key[0]);
1700 }
1701
1702 static inline void
1703 cifs_reclassify_socket6(struct socket *sock)
1704 {
1705 struct sock *sk = sock->sk;
1706 BUG_ON(sock_owned_by_user(sk));
1707 sock_lock_init_class_and_name(sk, "slock-AF_INET6-CIFS",
1708 &cifs_slock_key[1], "sk_lock-AF_INET6-CIFS", &cifs_key[1]);
1709 }
1710 #else
1711 static inline void
1712 cifs_reclassify_socket4(struct socket *sock)
1713 {
1714 }
1715
1716 static inline void
1717 cifs_reclassify_socket6(struct socket *sock)
1718 {
1719 }
1720 #endif
1721
1722 /* See RFC1001 section 14 on representation of Netbios names */
1723 static void rfc1002mangle(char *target, char *source, unsigned int length)
1724 {
1725 unsigned int i, j;
1726
1727 for (i = 0, j = 0; i < (length); i++) {
1728 /* mask a nibble at a time and encode */
1729 target[j] = 'A' + (0x0F & (source[i] >> 4));
1730 target[j+1] = 'A' + (0x0F & source[i]);
1731 j += 2;
1732 }
1733
1734 }
1735
1736
1737 static int
1738 ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket,
1739 char *netbios_name, char *target_name,
1740 bool noblocksnd, bool noautotune)
1741 {
1742 int rc = 0;
1743 int connected = 0;
1744 __be16 orig_port = 0;
1745
1746 if (*csocket == NULL) {
1747 rc = sock_create_kern(PF_INET, SOCK_STREAM,
1748 IPPROTO_TCP, csocket);
1749 if (rc < 0) {
1750 cERROR(1, ("Error %d creating socket", rc));
1751 *csocket = NULL;
1752 return rc;
1753 } else {
1754 /* BB other socket options to set KEEPALIVE, NODELAY? */
1755 cFYI(1, ("Socket created"));
1756 (*csocket)->sk->sk_allocation = GFP_NOFS;
1757 cifs_reclassify_socket4(*csocket);
1758 }
1759 }
1760
1761 psin_server->sin_family = AF_INET;
1762 if (psin_server->sin_port) { /* user overrode default port */
1763 rc = (*csocket)->ops->connect(*csocket,
1764 (struct sockaddr *) psin_server,
1765 sizeof(struct sockaddr_in), 0);
1766 if (rc >= 0)
1767 connected = 1;
1768 }
1769
1770 if (!connected) {
1771 /* save original port so we can retry user specified port
1772 later if fall back ports fail this time */
1773 orig_port = psin_server->sin_port;
1774
1775 /* do not retry on the same port we just failed on */
1776 if (psin_server->sin_port != htons(CIFS_PORT)) {
1777 psin_server->sin_port = htons(CIFS_PORT);
1778
1779 rc = (*csocket)->ops->connect(*csocket,
1780 (struct sockaddr *) psin_server,
1781 sizeof(struct sockaddr_in), 0);
1782 if (rc >= 0)
1783 connected = 1;
1784 }
1785 }
1786 if (!connected) {
1787 psin_server->sin_port = htons(RFC1001_PORT);
1788 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1789 psin_server,
1790 sizeof(struct sockaddr_in), 0);
1791 if (rc >= 0)
1792 connected = 1;
1793 }
1794
1795 /* give up here - unless we want to retry on different
1796 protocol families some day */
1797 if (!connected) {
1798 if (orig_port)
1799 psin_server->sin_port = orig_port;
1800 cFYI(1, ("Error %d connecting to server via ipv4", rc));
1801 sock_release(*csocket);
1802 *csocket = NULL;
1803 return rc;
1804 }
1805 /* Eventually check for other socket options to change from
1806 the default. sock_setsockopt not used because it expects
1807 user space buffer */
1808 cFYI(1, ("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",
1809 (*csocket)->sk->sk_sndbuf,
1810 (*csocket)->sk->sk_rcvbuf, (*csocket)->sk->sk_rcvtimeo));
1811 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1812 if (!noblocksnd)
1813 (*csocket)->sk->sk_sndtimeo = 3 * HZ;
1814
1815 /* make the bufsizes depend on wsize/rsize and max requests */
1816 if (noautotune) {
1817 if ((*csocket)->sk->sk_sndbuf < (200 * 1024))
1818 (*csocket)->sk->sk_sndbuf = 200 * 1024;
1819 if ((*csocket)->sk->sk_rcvbuf < (140 * 1024))
1820 (*csocket)->sk->sk_rcvbuf = 140 * 1024;
1821 }
1822
1823 /* send RFC1001 sessinit */
1824 if (psin_server->sin_port == htons(RFC1001_PORT)) {
1825 /* some servers require RFC1001 sessinit before sending
1826 negprot - BB check reconnection in case where second
1827 sessinit is sent but no second negprot */
1828 struct rfc1002_session_packet *ses_init_buf;
1829 struct smb_hdr *smb_buf;
1830 ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet),
1831 GFP_KERNEL);
1832 if (ses_init_buf) {
1833 ses_init_buf->trailer.session_req.called_len = 32;
1834 if (target_name && (target_name[0] != 0)) {
1835 rfc1002mangle(ses_init_buf->trailer.
1836 session_req.called_name,
1837 target_name,
1838 RFC1001_NAME_LEN_WITH_NULL);
1839 } else {
1840 rfc1002mangle(ses_init_buf->trailer.
1841 session_req.called_name,
1842 DEFAULT_CIFS_CALLED_NAME,
1843 RFC1001_NAME_LEN_WITH_NULL);
1844 }
1845
1846 ses_init_buf->trailer.session_req.calling_len = 32;
1847 /* calling name ends in null (byte 16) from old smb
1848 convention. */
1849 if (netbios_name && (netbios_name[0] != 0)) {
1850 rfc1002mangle(ses_init_buf->trailer.
1851 session_req.calling_name,
1852 netbios_name,
1853 RFC1001_NAME_LEN_WITH_NULL);
1854 } else {
1855 rfc1002mangle(ses_init_buf->trailer.
1856 session_req.calling_name,
1857 "LINUX_CIFS_CLNT",
1858 RFC1001_NAME_LEN_WITH_NULL);
1859 }
1860 ses_init_buf->trailer.session_req.scope1 = 0;
1861 ses_init_buf->trailer.session_req.scope2 = 0;
1862 smb_buf = (struct smb_hdr *)ses_init_buf;
1863 /* sizeof RFC1002_SESSION_REQUEST with no scope */
1864 smb_buf->smb_buf_length = 0x81000044;
1865 rc = smb_send(*csocket, smb_buf, 0x44,
1866 (struct sockaddr *)psin_server, noblocksnd);
1867 kfree(ses_init_buf);
1868 msleep(1); /* RFC1001 layer in at least one server
1869 requires very short break before negprot
1870 presumably because not expecting negprot
1871 to follow so fast. This is a simple
1872 solution that works without
1873 complicating the code and causes no
1874 significant slowing down on mount
1875 for everyone else */
1876 }
1877 /* else the negprot may still work without this
1878 even though malloc failed */
1879
1880 }
1881
1882 return rc;
1883 }
1884
1885 static int
1886 ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket,
1887 bool noblocksnd)
1888 {
1889 int rc = 0;
1890 int connected = 0;
1891 __be16 orig_port = 0;
1892
1893 if (*csocket == NULL) {
1894 rc = sock_create_kern(PF_INET6, SOCK_STREAM,
1895 IPPROTO_TCP, csocket);
1896 if (rc < 0) {
1897 cERROR(1, ("Error %d creating ipv6 socket", rc));
1898 *csocket = NULL;
1899 return rc;
1900 } else {
1901 /* BB other socket options to set KEEPALIVE, NODELAY? */
1902 cFYI(1, ("ipv6 Socket created"));
1903 (*csocket)->sk->sk_allocation = GFP_NOFS;
1904 cifs_reclassify_socket6(*csocket);
1905 }
1906 }
1907
1908 psin_server->sin6_family = AF_INET6;
1909
1910 if (psin_server->sin6_port) { /* user overrode default port */
1911 rc = (*csocket)->ops->connect(*csocket,
1912 (struct sockaddr *) psin_server,
1913 sizeof(struct sockaddr_in6), 0);
1914 if (rc >= 0)
1915 connected = 1;
1916 }
1917
1918 if (!connected) {
1919 /* save original port so we can retry user specified port
1920 later if fall back ports fail this time */
1921
1922 orig_port = psin_server->sin6_port;
1923 /* do not retry on the same port we just failed on */
1924 if (psin_server->sin6_port != htons(CIFS_PORT)) {
1925 psin_server->sin6_port = htons(CIFS_PORT);
1926
1927 rc = (*csocket)->ops->connect(*csocket,
1928 (struct sockaddr *) psin_server,
1929 sizeof(struct sockaddr_in6), 0);
1930 if (rc >= 0)
1931 connected = 1;
1932 }
1933 }
1934 if (!connected) {
1935 psin_server->sin6_port = htons(RFC1001_PORT);
1936 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1937 psin_server, sizeof(struct sockaddr_in6), 0);
1938 if (rc >= 0)
1939 connected = 1;
1940 }
1941
1942 /* give up here - unless we want to retry on different
1943 protocol families some day */
1944 if (!connected) {
1945 if (orig_port)
1946 psin_server->sin6_port = orig_port;
1947 cFYI(1, ("Error %d connecting to server via ipv6", rc));
1948 sock_release(*csocket);
1949 *csocket = NULL;
1950 return rc;
1951 }
1952 /* Eventually check for other socket options to change from
1953 the default. sock_setsockopt not used because it expects
1954 user space buffer */
1955 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1956 if (!noblocksnd)
1957 (*csocket)->sk->sk_sndtimeo = 3 * HZ;
1958
1959
1960 return rc;
1961 }
1962
1963 void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon,
1964 struct super_block *sb, struct smb_vol *vol_info)
1965 {
1966 /* if we are reconnecting then should we check to see if
1967 * any requested capabilities changed locally e.g. via
1968 * remount but we can not do much about it here
1969 * if they have (even if we could detect it by the following)
1970 * Perhaps we could add a backpointer to array of sb from tcon
1971 * or if we change to make all sb to same share the same
1972 * sb as NFS - then we only have one backpointer to sb.
1973 * What if we wanted to mount the server share twice once with
1974 * and once without posixacls or posix paths? */
1975 __u64 saved_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
1976
1977 if (vol_info && vol_info->no_linux_ext) {
1978 tcon->fsUnixInfo.Capability = 0;
1979 tcon->unix_ext = 0; /* Unix Extensions disabled */
1980 cFYI(1, ("Linux protocol extensions disabled"));
1981 return;
1982 } else if (vol_info)
1983 tcon->unix_ext = 1; /* Unix Extensions supported */
1984
1985 if (tcon->unix_ext == 0) {
1986 cFYI(1, ("Unix extensions disabled so not set on reconnect"));
1987 return;
1988 }
1989
1990 if (!CIFSSMBQFSUnixInfo(xid, tcon)) {
1991 __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
1992
1993 /* check for reconnect case in which we do not
1994 want to change the mount behavior if we can avoid it */
1995 if (vol_info == NULL) {
1996 /* turn off POSIX ACL and PATHNAMES if not set
1997 originally at mount time */
1998 if ((saved_cap & CIFS_UNIX_POSIX_ACL_CAP) == 0)
1999 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2000 if ((saved_cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2001 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2002 cERROR(1, ("POSIXPATH support change"));
2003 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2004 } else if ((cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2005 cERROR(1, ("possible reconnect error"));
2006 cERROR(1,
2007 ("server disabled POSIX path support"));
2008 }
2009 }
2010
2011 cap &= CIFS_UNIX_CAP_MASK;
2012 if (vol_info && vol_info->no_psx_acl)
2013 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2014 else if (CIFS_UNIX_POSIX_ACL_CAP & cap) {
2015 cFYI(1, ("negotiated posix acl support"));
2016 if (sb)
2017 sb->s_flags |= MS_POSIXACL;
2018 }
2019
2020 if (vol_info && vol_info->posix_paths == 0)
2021 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2022 else if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
2023 cFYI(1, ("negotiate posix pathnames"));
2024 if (sb)
2025 CIFS_SB(sb)->mnt_cifs_flags |=
2026 CIFS_MOUNT_POSIX_PATHS;
2027 }
2028
2029 /* We might be setting the path sep back to a different
2030 form if we are reconnecting and the server switched its
2031 posix path capability for this share */
2032 if (sb && (CIFS_SB(sb)->prepathlen > 0))
2033 CIFS_SB(sb)->prepath[0] = CIFS_DIR_SEP(CIFS_SB(sb));
2034
2035 if (sb && (CIFS_SB(sb)->rsize > 127 * 1024)) {
2036 if ((cap & CIFS_UNIX_LARGE_READ_CAP) == 0) {
2037 CIFS_SB(sb)->rsize = 127 * 1024;
2038 cFYI(DBG2,
2039 ("larger reads not supported by srv"));
2040 }
2041 }
2042
2043
2044 cFYI(1, ("Negotiate caps 0x%x", (int)cap));
2045 #ifdef CONFIG_CIFS_DEBUG2
2046 if (cap & CIFS_UNIX_FCNTL_CAP)
2047 cFYI(1, ("FCNTL cap"));
2048 if (cap & CIFS_UNIX_EXTATTR_CAP)
2049 cFYI(1, ("EXTATTR cap"));
2050 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2051 cFYI(1, ("POSIX path cap"));
2052 if (cap & CIFS_UNIX_XATTR_CAP)
2053 cFYI(1, ("XATTR cap"));
2054 if (cap & CIFS_UNIX_POSIX_ACL_CAP)
2055 cFYI(1, ("POSIX ACL cap"));
2056 if (cap & CIFS_UNIX_LARGE_READ_CAP)
2057 cFYI(1, ("very large read cap"));
2058 if (cap & CIFS_UNIX_LARGE_WRITE_CAP)
2059 cFYI(1, ("very large write cap"));
2060 #endif /* CIFS_DEBUG2 */
2061 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
2062 if (vol_info == NULL) {
2063 cFYI(1, ("resetting capabilities failed"));
2064 } else
2065 cERROR(1, ("Negotiating Unix capabilities "
2066 "with the server failed. Consider "
2067 "mounting with the Unix Extensions\n"
2068 "disabled, if problems are found, "
2069 "by specifying the nounix mount "
2070 "option."));
2071
2072 }
2073 }
2074 }
2075
2076 static void
2077 convert_delimiter(char *path, char delim)
2078 {
2079 int i;
2080 char old_delim;
2081
2082 if (path == NULL)
2083 return;
2084
2085 if (delim == '/')
2086 old_delim = '\\';
2087 else
2088 old_delim = '/';
2089
2090 for (i = 0; path[i] != '\0'; i++) {
2091 if (path[i] == old_delim)
2092 path[i] = delim;
2093 }
2094 }
2095
2096 static void setup_cifs_sb(struct smb_vol *pvolume_info,
2097 struct cifs_sb_info *cifs_sb)
2098 {
2099 if (pvolume_info->rsize > CIFSMaxBufSize) {
2100 cERROR(1, ("rsize %d too large, using MaxBufSize",
2101 pvolume_info->rsize));
2102 cifs_sb->rsize = CIFSMaxBufSize;
2103 } else if ((pvolume_info->rsize) &&
2104 (pvolume_info->rsize <= CIFSMaxBufSize))
2105 cifs_sb->rsize = pvolume_info->rsize;
2106 else /* default */
2107 cifs_sb->rsize = CIFSMaxBufSize;
2108
2109 if (pvolume_info->wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
2110 cERROR(1, ("wsize %d too large, using 4096 instead",
2111 pvolume_info->wsize));
2112 cifs_sb->wsize = 4096;
2113 } else if (pvolume_info->wsize)
2114 cifs_sb->wsize = pvolume_info->wsize;
2115 else
2116 cifs_sb->wsize = min_t(const int,
2117 PAGEVEC_SIZE * PAGE_CACHE_SIZE,
2118 127*1024);
2119 /* old default of CIFSMaxBufSize was too small now
2120 that SMB Write2 can send multiple pages in kvec.
2121 RFC1001 does not describe what happens when frame
2122 bigger than 128K is sent so use that as max in
2123 conjunction with 52K kvec constraint on arch with 4K
2124 page size */
2125
2126 if (cifs_sb->rsize < 2048) {
2127 cifs_sb->rsize = 2048;
2128 /* Windows ME may prefer this */
2129 cFYI(1, ("readsize set to minimum: 2048"));
2130 }
2131 /* calculate prepath */
2132 cifs_sb->prepath = pvolume_info->prepath;
2133 if (cifs_sb->prepath) {
2134 cifs_sb->prepathlen = strlen(cifs_sb->prepath);
2135 /* we can not convert the / to \ in the path
2136 separators in the prefixpath yet because we do not
2137 know (until reset_cifs_unix_caps is called later)
2138 whether POSIX PATH CAP is available. We normalize
2139 the / to \ after reset_cifs_unix_caps is called */
2140 pvolume_info->prepath = NULL;
2141 } else
2142 cifs_sb->prepathlen = 0;
2143 cifs_sb->mnt_uid = pvolume_info->linux_uid;
2144 cifs_sb->mnt_gid = pvolume_info->linux_gid;
2145 cifs_sb->mnt_file_mode = pvolume_info->file_mode;
2146 cifs_sb->mnt_dir_mode = pvolume_info->dir_mode;
2147 cFYI(1, ("file mode: 0x%x dir mode: 0x%x",
2148 cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode));
2149
2150 if (pvolume_info->noperm)
2151 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
2152 if (pvolume_info->setuids)
2153 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
2154 if (pvolume_info->server_ino)
2155 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
2156 if (pvolume_info->remap)
2157 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
2158 if (pvolume_info->no_xattr)
2159 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
2160 if (pvolume_info->sfu_emul)
2161 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
2162 if (pvolume_info->nobrl)
2163 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
2164 if (pvolume_info->cifs_acl)
2165 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
2166 if (pvolume_info->override_uid)
2167 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
2168 if (pvolume_info->override_gid)
2169 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
2170 if (pvolume_info->dynperm)
2171 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DYNPERM;
2172 if (pvolume_info->direct_io) {
2173 cFYI(1, ("mounting share using direct i/o"));
2174 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
2175 }
2176
2177 if ((pvolume_info->cifs_acl) && (pvolume_info->dynperm))
2178 cERROR(1, ("mount option dynperm ignored if cifsacl "
2179 "mount option supported"));
2180 }
2181
2182 int
2183 cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
2184 char *mount_data, const char *devname)
2185 {
2186 int rc = 0;
2187 int xid;
2188 struct smb_vol volume_info;
2189 struct cifsSesInfo *pSesInfo = NULL;
2190 struct cifsTconInfo *tcon = NULL;
2191 struct TCP_Server_Info *srvTcp = NULL;
2192
2193 xid = GetXid();
2194
2195 /* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */
2196
2197 memset(&volume_info, 0, sizeof(struct smb_vol));
2198 if (cifs_parse_mount_options(mount_data, devname, &volume_info)) {
2199 rc = -EINVAL;
2200 goto out;
2201 }
2202
2203 if (volume_info.nullauth) {
2204 cFYI(1, ("null user"));
2205 volume_info.username = "";
2206 } else if (volume_info.username) {
2207 /* BB fixme parse for domain name here */
2208 cFYI(1, ("Username: %s", volume_info.username));
2209 } else {
2210 cifserror("No username specified");
2211 /* In userspace mount helper we can get user name from alternate
2212 locations such as env variables and files on disk */
2213 rc = -EINVAL;
2214 goto out;
2215 }
2216
2217
2218 /* this is needed for ASCII cp to Unicode converts */
2219 if (volume_info.iocharset == NULL) {
2220 cifs_sb->local_nls = load_nls_default();
2221 /* load_nls_default can not return null */
2222 } else {
2223 cifs_sb->local_nls = load_nls(volume_info.iocharset);
2224 if (cifs_sb->local_nls == NULL) {
2225 cERROR(1, ("CIFS mount error: iocharset %s not found",
2226 volume_info.iocharset));
2227 rc = -ELIBACC;
2228 goto out;
2229 }
2230 }
2231
2232 /* get a reference to a tcp session */
2233 srvTcp = cifs_get_tcp_session(&volume_info);
2234 if (IS_ERR(srvTcp)) {
2235 rc = PTR_ERR(srvTcp);
2236 goto out;
2237 }
2238
2239 pSesInfo = cifs_find_smb_ses(srvTcp, volume_info.username);
2240 if (pSesInfo) {
2241 cFYI(1, ("Existing smb sess found (status=%d)",
2242 pSesInfo->status));
2243 /*
2244 * The existing SMB session already has a reference to srvTcp,
2245 * so we can put back the extra one we got before
2246 */
2247 cifs_put_tcp_session(srvTcp);
2248
2249 down(&pSesInfo->sesSem);
2250 if (pSesInfo->need_reconnect) {
2251 cFYI(1, ("Session needs reconnect"));
2252 rc = cifs_setup_session(xid, pSesInfo,
2253 cifs_sb->local_nls);
2254 }
2255 up(&pSesInfo->sesSem);
2256 } else if (!rc) {
2257 cFYI(1, ("Existing smb sess not found"));
2258 pSesInfo = sesInfoAlloc();
2259 if (pSesInfo == NULL) {
2260 rc = -ENOMEM;
2261 goto mount_fail_check;
2262 }
2263
2264 /* new SMB session uses our srvTcp ref */
2265 pSesInfo->server = srvTcp;
2266 if (srvTcp->addr.sockAddr6.sin6_family == AF_INET6)
2267 sprintf(pSesInfo->serverName, NIP6_FMT,
2268 NIP6(srvTcp->addr.sockAddr6.sin6_addr));
2269 else
2270 sprintf(pSesInfo->serverName, NIPQUAD_FMT,
2271 NIPQUAD(srvTcp->addr.sockAddr.sin_addr.s_addr));
2272
2273 write_lock(&cifs_tcp_ses_lock);
2274 list_add(&pSesInfo->smb_ses_list, &srvTcp->smb_ses_list);
2275 write_unlock(&cifs_tcp_ses_lock);
2276
2277 /* volume_info.password freed at unmount */
2278 if (volume_info.password) {
2279 pSesInfo->password = volume_info.password;
2280 /* set to NULL to prevent freeing on exit */
2281 volume_info.password = NULL;
2282 }
2283 if (volume_info.username)
2284 strncpy(pSesInfo->userName, volume_info.username,
2285 MAX_USERNAME_SIZE);
2286 if (volume_info.domainname) {
2287 int len = strlen(volume_info.domainname);
2288 pSesInfo->domainName = kmalloc(len + 1, GFP_KERNEL);
2289 if (pSesInfo->domainName)
2290 strcpy(pSesInfo->domainName,
2291 volume_info.domainname);
2292 }
2293 pSesInfo->linux_uid = volume_info.linux_uid;
2294 pSesInfo->overrideSecFlg = volume_info.secFlg;
2295 down(&pSesInfo->sesSem);
2296
2297 /* BB FIXME need to pass vol->secFlgs BB */
2298 rc = cifs_setup_session(xid, pSesInfo,
2299 cifs_sb->local_nls);
2300 up(&pSesInfo->sesSem);
2301 }
2302
2303 /* search for existing tcon to this server share */
2304 if (!rc) {
2305 setup_cifs_sb(&volume_info, cifs_sb);
2306
2307 tcon = cifs_find_tcon(pSesInfo, volume_info.UNC);
2308 if (tcon) {
2309 cFYI(1, ("Found match on UNC path"));
2310 /* existing tcon already has a reference */
2311 cifs_put_smb_ses(pSesInfo);
2312 if (tcon->seal != volume_info.seal)
2313 cERROR(1, ("transport encryption setting "
2314 "conflicts with existing tid"));
2315 } else {
2316 tcon = tconInfoAlloc();
2317 if (tcon == NULL) {
2318 rc = -ENOMEM;
2319 goto mount_fail_check;
2320 }
2321 tcon->ses = pSesInfo;
2322
2323 /* check for null share name ie connect to dfs root */
2324 if ((strchr(volume_info.UNC + 3, '\\') == NULL)
2325 && (strchr(volume_info.UNC + 3, '/') == NULL)) {
2326 /* rc = connect_to_dfs_path(...) */
2327 cFYI(1, ("DFS root not supported"));
2328 rc = -ENODEV;
2329 goto mount_fail_check;
2330 } else {
2331 /* BB Do we need to wrap sesSem around
2332 * this TCon call and Unix SetFS as
2333 * we do on SessSetup and reconnect? */
2334 rc = CIFSTCon(xid, pSesInfo, volume_info.UNC,
2335 tcon, cifs_sb->local_nls);
2336 cFYI(1, ("CIFS Tcon rc = %d", rc));
2337 if (volume_info.nodfs) {
2338 tcon->Flags &= ~SMB_SHARE_IS_IN_DFS;
2339 cFYI(1, ("DFS disabled (%d)",
2340 tcon->Flags));
2341 }
2342 }
2343 if (rc)
2344 goto mount_fail_check;
2345 tcon->seal = volume_info.seal;
2346 write_lock(&cifs_tcp_ses_lock);
2347 list_add(&tcon->tcon_list, &pSesInfo->tcon_list);
2348 write_unlock(&cifs_tcp_ses_lock);
2349 }
2350
2351 /* we can have only one retry value for a connection
2352 to a share so for resources mounted more than once
2353 to the same server share the last value passed in
2354 for the retry flag is used */
2355 tcon->retry = volume_info.retry;
2356 tcon->nocase = volume_info.nocase;
2357 tcon->local_lease = volume_info.local_lease;
2358 }
2359 if (pSesInfo) {
2360 if (pSesInfo->capabilities & CAP_LARGE_FILES) {
2361 sb->s_maxbytes = (u64) 1 << 63;
2362 } else
2363 sb->s_maxbytes = (u64) 1 << 31; /* 2 GB */
2364 }
2365
2366 /* BB FIXME fix time_gran to be larger for LANMAN sessions */
2367 sb->s_time_gran = 100;
2368
2369 mount_fail_check:
2370 /* on error free sesinfo and tcon struct if needed */
2371 if (rc) {
2372 /* If find_unc succeeded then rc == 0 so we can not end */
2373 /* up accidently freeing someone elses tcon struct */
2374 if (tcon)
2375 cifs_put_tcon(tcon);
2376 else if (pSesInfo)
2377 cifs_put_smb_ses(pSesInfo);
2378 else
2379 cifs_put_tcp_session(srvTcp);
2380 goto out;
2381 }
2382 cifs_sb->tcon = tcon;
2383
2384 /* do not care if following two calls succeed - informational */
2385 if (!tcon->ipc) {
2386 CIFSSMBQFSDeviceInfo(xid, tcon);
2387 CIFSSMBQFSAttributeInfo(xid, tcon);
2388 }
2389
2390 /* tell server which Unix caps we support */
2391 if (tcon->ses->capabilities & CAP_UNIX)
2392 /* reset of caps checks mount to see if unix extensions
2393 disabled for just this mount */
2394 reset_cifs_unix_caps(xid, tcon, sb, &volume_info);
2395 else
2396 tcon->unix_ext = 0; /* server does not support them */
2397
2398 /* convert forward to back slashes in prepath here if needed */
2399 if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0)
2400 convert_delimiter(cifs_sb->prepath, CIFS_DIR_SEP(cifs_sb));
2401
2402 if ((tcon->unix_ext == 0) && (cifs_sb->rsize > (1024 * 127))) {
2403 cifs_sb->rsize = 1024 * 127;
2404 cFYI(DBG2, ("no very large read support, rsize now 127K"));
2405 }
2406 if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
2407 cifs_sb->wsize = min(cifs_sb->wsize,
2408 (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE));
2409 if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
2410 cifs_sb->rsize = min(cifs_sb->rsize,
2411 (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE));
2412
2413 /* volume_info.password is freed above when existing session found
2414 (in which case it is not needed anymore) but when new sesion is created
2415 the password ptr is put in the new session structure (in which case the
2416 password will be freed at unmount time) */
2417 out:
2418 /* zero out password before freeing */
2419 if (volume_info.password != NULL) {
2420 memset(volume_info.password, 0, strlen(volume_info.password));
2421 kfree(volume_info.password);
2422 }
2423 kfree(volume_info.UNC);
2424 kfree(volume_info.prepath);
2425 FreeXid(xid);
2426 return rc;
2427 }
2428
2429 static int
2430 CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2431 char session_key[CIFS_SESS_KEY_SIZE],
2432 const struct nls_table *nls_codepage)
2433 {
2434 struct smb_hdr *smb_buffer;
2435 struct smb_hdr *smb_buffer_response;
2436 SESSION_SETUP_ANDX *pSMB;
2437 SESSION_SETUP_ANDX *pSMBr;
2438 char *bcc_ptr;
2439 char *user;
2440 char *domain;
2441 int rc = 0;
2442 int remaining_words = 0;
2443 int bytes_returned = 0;
2444 int len;
2445 __u32 capabilities;
2446 __u16 count;
2447
2448 cFYI(1, ("In sesssetup"));
2449 if (ses == NULL)
2450 return -EINVAL;
2451 user = ses->userName;
2452 domain = ses->domainName;
2453 smb_buffer = cifs_buf_get();
2454
2455 if (smb_buffer == NULL)
2456 return -ENOMEM;
2457
2458 smb_buffer_response = smb_buffer;
2459 pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2460
2461 /* send SMBsessionSetup here */
2462 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2463 NULL /* no tCon exists yet */ , 13 /* wct */ );
2464
2465 smb_buffer->Mid = GetNextMid(ses->server);
2466 pSMB->req_no_secext.AndXCommand = 0xFF;
2467 pSMB->req_no_secext.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2468 pSMB->req_no_secext.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2469
2470 if (ses->server->secMode &
2471 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2472 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2473
2474 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2475 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
2476 if (ses->capabilities & CAP_UNICODE) {
2477 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2478 capabilities |= CAP_UNICODE;
2479 }
2480 if (ses->capabilities & CAP_STATUS32) {
2481 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2482 capabilities |= CAP_STATUS32;
2483 }
2484 if (ses->capabilities & CAP_DFS) {
2485 smb_buffer->Flags2 |= SMBFLG2_DFS;
2486 capabilities |= CAP_DFS;
2487 }
2488 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
2489
2490 pSMB->req_no_secext.CaseInsensitivePasswordLength =
2491 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2492
2493 pSMB->req_no_secext.CaseSensitivePasswordLength =
2494 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2495 bcc_ptr = pByteArea(smb_buffer);
2496 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2497 bcc_ptr += CIFS_SESS_KEY_SIZE;
2498 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2499 bcc_ptr += CIFS_SESS_KEY_SIZE;
2500
2501 if (ses->capabilities & CAP_UNICODE) {
2502 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode */
2503 *bcc_ptr = 0;
2504 bcc_ptr++;
2505 }
2506 if (user == NULL)
2507 bytes_returned = 0; /* skip null user */
2508 else
2509 bytes_returned =
2510 cifs_strtoUCS((__le16 *) bcc_ptr, user, 100,
2511 nls_codepage);
2512 /* convert number of 16 bit words to bytes */
2513 bcc_ptr += 2 * bytes_returned;
2514 bcc_ptr += 2; /* trailing null */
2515 if (domain == NULL)
2516 bytes_returned =
2517 cifs_strtoUCS((__le16 *) bcc_ptr,
2518 "CIFS_LINUX_DOM", 32, nls_codepage);
2519 else
2520 bytes_returned =
2521 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2522 nls_codepage);
2523 bcc_ptr += 2 * bytes_returned;
2524 bcc_ptr += 2;
2525 bytes_returned =
2526 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2527 32, nls_codepage);
2528 bcc_ptr += 2 * bytes_returned;
2529 bytes_returned =
2530 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release,
2531 32, nls_codepage);
2532 bcc_ptr += 2 * bytes_returned;
2533 bcc_ptr += 2;
2534 bytes_returned =
2535 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2536 64, nls_codepage);
2537 bcc_ptr += 2 * bytes_returned;
2538 bcc_ptr += 2;
2539 } else {
2540 if (user != NULL) {
2541 strncpy(bcc_ptr, user, 200);
2542 bcc_ptr += strnlen(user, 200);
2543 }
2544 *bcc_ptr = 0;
2545 bcc_ptr++;
2546 if (domain == NULL) {
2547 strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2548 bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2549 } else {
2550 strncpy(bcc_ptr, domain, 64);
2551 bcc_ptr += strnlen(domain, 64);
2552 *bcc_ptr = 0;
2553 bcc_ptr++;
2554 }
2555 strcpy(bcc_ptr, "Linux version ");
2556 bcc_ptr += strlen("Linux version ");
2557 strcpy(bcc_ptr, utsname()->release);
2558 bcc_ptr += strlen(utsname()->release) + 1;
2559 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2560 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2561 }
2562 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2563 smb_buffer->smb_buf_length += count;
2564 pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
2565
2566 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2567 &bytes_returned, CIFS_LONG_OP);
2568 if (rc) {
2569 /* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2570 } else if ((smb_buffer_response->WordCount == 3)
2571 || (smb_buffer_response->WordCount == 4)) {
2572 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2573 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2574 if (action & GUEST_LOGIN)
2575 cFYI(1, (" Guest login")); /* BB mark SesInfo struct? */
2576 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format
2577 (little endian) */
2578 cFYI(1, ("UID = %d ", ses->Suid));
2579 /* response can have either 3 or 4 word count - Samba sends 3 */
2580 bcc_ptr = pByteArea(smb_buffer_response);
2581 if ((pSMBr->resp.hdr.WordCount == 3)
2582 || ((pSMBr->resp.hdr.WordCount == 4)
2583 && (blob_len < pSMBr->resp.ByteCount))) {
2584 if (pSMBr->resp.hdr.WordCount == 4)
2585 bcc_ptr += blob_len;
2586
2587 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2588 if ((long) (bcc_ptr) % 2) {
2589 remaining_words =
2590 (BCC(smb_buffer_response) - 1) / 2;
2591 /* Unicode strings must be word
2592 aligned */
2593 bcc_ptr++;
2594 } else {
2595 remaining_words =
2596 BCC(smb_buffer_response) / 2;
2597 }
2598 len =
2599 UniStrnlen((wchar_t *) bcc_ptr,
2600 remaining_words - 1);
2601 /* We look for obvious messed up bcc or strings in response so we do not go off
2602 the end since (at least) WIN2K and Windows XP have a major bug in not null
2603 terminating last Unicode string in response */
2604 if (ses->serverOS)
2605 kfree(ses->serverOS);
2606 ses->serverOS = kzalloc(2 * (len + 1),
2607 GFP_KERNEL);
2608 if (ses->serverOS == NULL)
2609 goto sesssetup_nomem;
2610 cifs_strfromUCS_le(ses->serverOS,
2611 (__le16 *)bcc_ptr,
2612 len, nls_codepage);
2613 bcc_ptr += 2 * (len + 1);
2614 remaining_words -= len + 1;
2615 ses->serverOS[2 * len] = 0;
2616 ses->serverOS[1 + (2 * len)] = 0;
2617 if (remaining_words > 0) {
2618 len = UniStrnlen((wchar_t *)bcc_ptr,
2619 remaining_words-1);
2620 kfree(ses->serverNOS);
2621 ses->serverNOS = kzalloc(2 * (len + 1),
2622 GFP_KERNEL);
2623 if (ses->serverNOS == NULL)
2624 goto sesssetup_nomem;
2625 cifs_strfromUCS_le(ses->serverNOS,
2626 (__le16 *)bcc_ptr,
2627 len, nls_codepage);
2628 bcc_ptr += 2 * (len + 1);
2629 ses->serverNOS[2 * len] = 0;
2630 ses->serverNOS[1 + (2 * len)] = 0;
2631 if (strncmp(ses->serverNOS,
2632 "NT LAN Manager 4", 16) == 0) {
2633 cFYI(1, ("NT4 server"));
2634 ses->flags |= CIFS_SES_NT4;
2635 }
2636 remaining_words -= len + 1;
2637 if (remaining_words > 0) {
2638 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2639 /* last string is not always null terminated
2640 (for e.g. for Windows XP & 2000) */
2641 if (ses->serverDomain)
2642 kfree(ses->serverDomain);
2643 ses->serverDomain =
2644 kzalloc(2*(len+1),
2645 GFP_KERNEL);
2646 if (ses->serverDomain == NULL)
2647 goto sesssetup_nomem;
2648 cifs_strfromUCS_le(ses->serverDomain,
2649 (__le16 *)bcc_ptr,
2650 len, nls_codepage);
2651 bcc_ptr += 2 * (len + 1);
2652 ses->serverDomain[2*len] = 0;
2653 ses->serverDomain[1+(2*len)] = 0;
2654 } else { /* else no more room so create
2655 dummy domain string */
2656 if (ses->serverDomain)
2657 kfree(ses->serverDomain);
2658 ses->serverDomain =
2659 kzalloc(2, GFP_KERNEL);
2660 }
2661 } else { /* no room so create dummy domain
2662 and NOS string */
2663
2664 /* if these kcallocs fail not much we
2665 can do, but better to not fail the
2666 sesssetup itself */
2667 kfree(ses->serverDomain);
2668 ses->serverDomain =
2669 kzalloc(2, GFP_KERNEL);
2670 kfree(ses->serverNOS);
2671 ses->serverNOS =
2672 kzalloc(2, GFP_KERNEL);
2673 }
2674 } else { /* ASCII */
2675 len = strnlen(bcc_ptr, 1024);
2676 if (((long) bcc_ptr + len) - (long)
2677 pByteArea(smb_buffer_response)
2678 <= BCC(smb_buffer_response)) {
2679 kfree(ses->serverOS);
2680 ses->serverOS = kzalloc(len + 1,
2681 GFP_KERNEL);
2682 if (ses->serverOS == NULL)
2683 goto sesssetup_nomem;
2684 strncpy(ses->serverOS, bcc_ptr, len);
2685
2686 bcc_ptr += len;
2687 /* null terminate the string */
2688 bcc_ptr[0] = 0;
2689 bcc_ptr++;
2690
2691 len = strnlen(bcc_ptr, 1024);
2692 kfree(ses->serverNOS);
2693 ses->serverNOS = kzalloc(len + 1,
2694 GFP_KERNEL);
2695 if (ses->serverNOS == NULL)
2696 goto sesssetup_nomem;
2697 strncpy(ses->serverNOS, bcc_ptr, len);
2698 bcc_ptr += len;
2699 bcc_ptr[0] = 0;
2700 bcc_ptr++;
2701
2702 len = strnlen(bcc_ptr, 1024);
2703 if (ses->serverDomain)
2704 kfree(ses->serverDomain);
2705 ses->serverDomain = kzalloc(len + 1,
2706 GFP_KERNEL);
2707 if (ses->serverDomain == NULL)
2708 goto sesssetup_nomem;
2709 strncpy(ses->serverDomain, bcc_ptr,
2710 len);
2711 bcc_ptr += len;
2712 bcc_ptr[0] = 0;
2713 bcc_ptr++;
2714 } else
2715 cFYI(1,
2716 ("Variable field of length %d "
2717 "extends beyond end of smb ",
2718 len));
2719 }
2720 } else {
2721 cERROR(1,
2722 (" Security Blob Length extends beyond "
2723 "end of SMB"));
2724 }
2725 } else {
2726 cERROR(1,
2727 (" Invalid Word count %d: ",
2728 smb_buffer_response->WordCount));
2729 rc = -EIO;
2730 }
2731 sesssetup_nomem: /* do not return an error on nomem for the info strings,
2732 since that could make reconnection harder, and
2733 reconnection might be needed to free memory */
2734 cifs_buf_release(smb_buffer);
2735
2736 return rc;
2737 }
2738
2739 static int
2740 CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2741 struct cifsSesInfo *ses, bool *pNTLMv2_flag,
2742 const struct nls_table *nls_codepage)
2743 {
2744 struct smb_hdr *smb_buffer;
2745 struct smb_hdr *smb_buffer_response;
2746 SESSION_SETUP_ANDX *pSMB;
2747 SESSION_SETUP_ANDX *pSMBr;
2748 char *bcc_ptr;
2749 char *domain;
2750 int rc = 0;
2751 int remaining_words = 0;
2752 int bytes_returned = 0;
2753 int len;
2754 int SecurityBlobLength = sizeof(NEGOTIATE_MESSAGE);
2755 PNEGOTIATE_MESSAGE SecurityBlob;
2756 PCHALLENGE_MESSAGE SecurityBlob2;
2757 __u32 negotiate_flags, capabilities;
2758 __u16 count;
2759
2760 cFYI(1, ("In NTLMSSP sesssetup (negotiate)"));
2761 if (ses == NULL)
2762 return -EINVAL;
2763 domain = ses->domainName;
2764 *pNTLMv2_flag = false;
2765 smb_buffer = cifs_buf_get();
2766 if (smb_buffer == NULL) {
2767 return -ENOMEM;
2768 }
2769 smb_buffer_response = smb_buffer;
2770 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2771 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2772
2773 /* send SMBsessionSetup here */
2774 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2775 NULL /* no tCon exists yet */ , 12 /* wct */ );
2776
2777 smb_buffer->Mid = GetNextMid(ses->server);
2778 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2779 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2780
2781 pSMB->req.AndXCommand = 0xFF;
2782 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2783 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2784
2785 if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2786 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2787
2788 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2789 CAP_EXTENDED_SECURITY;
2790 if (ses->capabilities & CAP_UNICODE) {
2791 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2792 capabilities |= CAP_UNICODE;
2793 }
2794 if (ses->capabilities & CAP_STATUS32) {
2795 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2796 capabilities |= CAP_STATUS32;
2797 }
2798 if (ses->capabilities & CAP_DFS) {
2799 smb_buffer->Flags2 |= SMBFLG2_DFS;
2800 capabilities |= CAP_DFS;
2801 }
2802 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2803
2804 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2805 SecurityBlob = (PNEGOTIATE_MESSAGE) bcc_ptr;
2806 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2807 SecurityBlob->MessageType = NtLmNegotiate;
2808 negotiate_flags =
2809 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
2810 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM |
2811 NTLMSSP_NEGOTIATE_56 |
2812 /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
2813 if (sign_CIFS_PDUs)
2814 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
2815 /* if (ntlmv2_support)
2816 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;*/
2817 /* setup pointers to domain name and workstation name */
2818 bcc_ptr += SecurityBlobLength;
2819
2820 SecurityBlob->WorkstationName.Buffer = 0;
2821 SecurityBlob->WorkstationName.Length = 0;
2822 SecurityBlob->WorkstationName.MaximumLength = 0;
2823
2824 /* Domain not sent on first Sesssetup in NTLMSSP, instead it is sent
2825 along with username on auth request (ie the response to challenge) */
2826 SecurityBlob->DomainName.Buffer = 0;
2827 SecurityBlob->DomainName.Length = 0;
2828 SecurityBlob->DomainName.MaximumLength = 0;
2829 if (ses->capabilities & CAP_UNICODE) {
2830 if ((long) bcc_ptr % 2) {
2831 *bcc_ptr = 0;
2832 bcc_ptr++;
2833 }
2834
2835 bytes_returned =
2836 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2837 32, nls_codepage);
2838 bcc_ptr += 2 * bytes_returned;
2839 bytes_returned =
2840 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
2841 nls_codepage);
2842 bcc_ptr += 2 * bytes_returned;
2843 bcc_ptr += 2; /* null terminate Linux version */
2844 bytes_returned =
2845 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2846 64, nls_codepage);
2847 bcc_ptr += 2 * bytes_returned;
2848 *(bcc_ptr + 1) = 0;
2849 *(bcc_ptr + 2) = 0;
2850 bcc_ptr += 2; /* null terminate network opsys string */
2851 *(bcc_ptr + 1) = 0;
2852 *(bcc_ptr + 2) = 0;
2853 bcc_ptr += 2; /* null domain */
2854 } else { /* ASCII */
2855 strcpy(bcc_ptr, "Linux version ");
2856 bcc_ptr += strlen("Linux version ");
2857 strcpy(bcc_ptr, utsname()->release);
2858 bcc_ptr += strlen(utsname()->release) + 1;
2859 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2860 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2861 bcc_ptr++; /* empty domain field */
2862 *bcc_ptr = 0;
2863 }
2864 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2865 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2866 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2867 smb_buffer->smb_buf_length += count;
2868 pSMB->req.ByteCount = cpu_to_le16(count);
2869
2870 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2871 &bytes_returned, CIFS_LONG_OP);
2872
2873 if (smb_buffer_response->Status.CifsError ==
2874 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
2875 rc = 0;
2876
2877 if (rc) {
2878 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2879 } else if ((smb_buffer_response->WordCount == 3)
2880 || (smb_buffer_response->WordCount == 4)) {
2881 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2882 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2883
2884 if (action & GUEST_LOGIN)
2885 cFYI(1, (" Guest login"));
2886 /* Do we want to set anything in SesInfo struct when guest login? */
2887
2888 bcc_ptr = pByteArea(smb_buffer_response);
2889 /* response can have either 3 or 4 word count - Samba sends 3 */
2890
2891 SecurityBlob2 = (PCHALLENGE_MESSAGE) bcc_ptr;
2892 if (SecurityBlob2->MessageType != NtLmChallenge) {
2893 cFYI(1,
2894 ("Unexpected NTLMSSP message type received %d",
2895 SecurityBlob2->MessageType));
2896 } else if (ses) {
2897 ses->Suid = smb_buffer_response->Uid; /* UID left in le format */
2898 cFYI(1, ("UID = %d", ses->Suid));
2899 if ((pSMBr->resp.hdr.WordCount == 3)
2900 || ((pSMBr->resp.hdr.WordCount == 4)
2901 && (blob_len <
2902 pSMBr->resp.ByteCount))) {
2903
2904 if (pSMBr->resp.hdr.WordCount == 4) {
2905 bcc_ptr += blob_len;
2906 cFYI(1, ("Security Blob Length %d",
2907 blob_len));
2908 }
2909
2910 cFYI(1, ("NTLMSSP Challenge rcvd"));
2911
2912 memcpy(ses->server->cryptKey,
2913 SecurityBlob2->Challenge,
2914 CIFS_CRYPTO_KEY_SIZE);
2915 if (SecurityBlob2->NegotiateFlags &
2916 cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
2917 *pNTLMv2_flag = true;
2918
2919 if ((SecurityBlob2->NegotiateFlags &
2920 cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN))
2921 || (sign_CIFS_PDUs > 1))
2922 ses->server->secMode |=
2923 SECMODE_SIGN_REQUIRED;
2924 if ((SecurityBlob2->NegotiateFlags &
2925 cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN)) && (sign_CIFS_PDUs))
2926 ses->server->secMode |=
2927 SECMODE_SIGN_ENABLED;
2928
2929 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2930 if ((long) (bcc_ptr) % 2) {
2931 remaining_words =
2932 (BCC(smb_buffer_response)
2933 - 1) / 2;
2934 /* Must word align unicode strings */
2935 bcc_ptr++;
2936 } else {
2937 remaining_words =
2938 BCC
2939 (smb_buffer_response) / 2;
2940 }
2941 len =
2942 UniStrnlen((wchar_t *) bcc_ptr,
2943 remaining_words - 1);
2944 /* We look for obvious messed up bcc or strings in response so we do not go off
2945 the end since (at least) WIN2K and Windows XP have a major bug in not null
2946 terminating last Unicode string in response */
2947 if (ses->serverOS)
2948 kfree(ses->serverOS);
2949 ses->serverOS =
2950 kzalloc(2 * (len + 1), GFP_KERNEL);
2951 cifs_strfromUCS_le(ses->serverOS,
2952 (__le16 *)
2953 bcc_ptr, len,
2954 nls_codepage);
2955 bcc_ptr += 2 * (len + 1);
2956 remaining_words -= len + 1;
2957 ses->serverOS[2 * len] = 0;
2958 ses->serverOS[1 + (2 * len)] = 0;
2959 if (remaining_words > 0) {
2960 len = UniStrnlen((wchar_t *)
2961 bcc_ptr,
2962 remaining_words
2963 - 1);
2964 kfree(ses->serverNOS);
2965 ses->serverNOS =
2966 kzalloc(2 * (len + 1),
2967 GFP_KERNEL);
2968 cifs_strfromUCS_le(ses->
2969 serverNOS,
2970 (__le16 *)
2971 bcc_ptr,
2972 len,
2973 nls_codepage);
2974 bcc_ptr += 2 * (len + 1);
2975 ses->serverNOS[2 * len] = 0;
2976 ses->serverNOS[1 +
2977 (2 * len)] = 0;
2978 remaining_words -= len + 1;
2979 if (remaining_words > 0) {
2980 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2981 /* last string not always null terminated
2982 (for e.g. for Windows XP & 2000) */
2983 kfree(ses->serverDomain);
2984 ses->serverDomain =
2985 kzalloc(2 *
2986 (len +
2987 1),
2988 GFP_KERNEL);
2989 cifs_strfromUCS_le
2990 (ses->serverDomain,
2991 (__le16 *)bcc_ptr,
2992 len, nls_codepage);
2993 bcc_ptr +=
2994 2 * (len + 1);
2995 ses->serverDomain[2*len]
2996 = 0;
2997 ses->serverDomain
2998 [1 + (2 * len)]
2999 = 0;
3000 } /* else no more room so create dummy domain string */
3001 else {
3002 kfree(ses->serverDomain);
3003 ses->serverDomain =
3004 kzalloc(2,
3005 GFP_KERNEL);
3006 }
3007 } else { /* no room so create dummy domain and NOS string */
3008 kfree(ses->serverDomain);
3009 ses->serverDomain =
3010 kzalloc(2, GFP_KERNEL);
3011 kfree(ses->serverNOS);
3012 ses->serverNOS =
3013 kzalloc(2, GFP_KERNEL);
3014 }
3015 } else { /* ASCII */
3016 len = strnlen(bcc_ptr, 1024);
3017 if (((long) bcc_ptr + len) - (long)
3018 pByteArea(smb_buffer_response)
3019 <= BCC(smb_buffer_response)) {
3020 if (ses->serverOS)
3021 kfree(ses->serverOS);
3022 ses->serverOS =
3023 kzalloc(len + 1,
3024 GFP_KERNEL);
3025 strncpy(ses->serverOS,
3026 bcc_ptr, len);
3027
3028 bcc_ptr += len;
3029 bcc_ptr[0] = 0; /* null terminate string */
3030 bcc_ptr++;
3031
3032 len = strnlen(bcc_ptr, 1024);
3033 kfree(ses->serverNOS);
3034 ses->serverNOS =
3035 kzalloc(len + 1,
3036 GFP_KERNEL);
3037 strncpy(ses->serverNOS, bcc_ptr, len);
3038 bcc_ptr += len;
3039 bcc_ptr[0] = 0;
3040 bcc_ptr++;
3041
3042 len = strnlen(bcc_ptr, 1024);
3043 kfree(ses->serverDomain);
3044 ses->serverDomain =
3045 kzalloc(len + 1,
3046 GFP_KERNEL);
3047 strncpy(ses->serverDomain,
3048 bcc_ptr, len);
3049 bcc_ptr += len;
3050 bcc_ptr[0] = 0;
3051 bcc_ptr++;
3052 } else
3053 cFYI(1,
3054 ("field of length %d "
3055 "extends beyond end of smb",
3056 len));
3057 }
3058 } else {
3059 cERROR(1, ("Security Blob Length extends beyond"
3060 " end of SMB"));
3061 }
3062 } else {
3063 cERROR(1, ("No session structure passed in."));
3064 }
3065 } else {
3066 cERROR(1,
3067 (" Invalid Word count %d:",
3068 smb_buffer_response->WordCount));
3069 rc = -EIO;
3070 }
3071
3072 cifs_buf_release(smb_buffer);
3073
3074 return rc;
3075 }
3076 static int
3077 CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
3078 char *ntlm_session_key, bool ntlmv2_flag,
3079 const struct nls_table *nls_codepage)
3080 {
3081 struct smb_hdr *smb_buffer;
3082 struct smb_hdr *smb_buffer_response;
3083 SESSION_SETUP_ANDX *pSMB;
3084 SESSION_SETUP_ANDX *pSMBr;
3085 char *bcc_ptr;
3086 char *user;
3087 char *domain;
3088 int rc = 0;
3089 int remaining_words = 0;
3090 int bytes_returned = 0;
3091 int len;
3092 int SecurityBlobLength = sizeof(AUTHENTICATE_MESSAGE);
3093 PAUTHENTICATE_MESSAGE SecurityBlob;
3094 __u32 negotiate_flags, capabilities;
3095 __u16 count;
3096
3097 cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
3098 if (ses == NULL)
3099 return -EINVAL;
3100 user = ses->userName;
3101 domain = ses->domainName;
3102 smb_buffer = cifs_buf_get();
3103 if (smb_buffer == NULL) {
3104 return -ENOMEM;
3105 }
3106 smb_buffer_response = smb_buffer;
3107 pSMB = (SESSION_SETUP_ANDX *)smb_buffer;
3108 pSMBr = (SESSION_SETUP_ANDX *)smb_buffer_response;
3109
3110 /* send SMBsessionSetup here */
3111 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
3112 NULL /* no tCon exists yet */ , 12 /* wct */ );
3113
3114 smb_buffer->Mid = GetNextMid(ses->server);
3115 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
3116 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
3117 pSMB->req.AndXCommand = 0xFF;
3118 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
3119 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
3120
3121 pSMB->req.hdr.Uid = ses->Suid;
3122
3123 if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3124 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3125
3126 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
3127 CAP_EXTENDED_SECURITY;
3128 if (ses->capabilities & CAP_UNICODE) {
3129 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3130 capabilities |= CAP_UNICODE;
3131 }
3132 if (ses->capabilities & CAP_STATUS32) {
3133 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3134 capabilities |= CAP_STATUS32;
3135 }
3136 if (ses->capabilities & CAP_DFS) {
3137 smb_buffer->Flags2 |= SMBFLG2_DFS;
3138 capabilities |= CAP_DFS;
3139 }
3140 pSMB->req.Capabilities = cpu_to_le32(capabilities);
3141
3142 bcc_ptr = (char *)&pSMB->req.SecurityBlob;
3143 SecurityBlob = (PAUTHENTICATE_MESSAGE)bcc_ptr;
3144 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
3145 SecurityBlob->MessageType = NtLmAuthenticate;
3146 bcc_ptr += SecurityBlobLength;
3147 negotiate_flags = NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
3148 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
3149 0x80000000 | NTLMSSP_NEGOTIATE_128;
3150 if (sign_CIFS_PDUs)
3151 negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
3152 if (ntlmv2_flag)
3153 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
3154
3155 /* setup pointers to domain name and workstation name */
3156
3157 SecurityBlob->WorkstationName.Buffer = 0;
3158 SecurityBlob->WorkstationName.Length = 0;
3159 SecurityBlob->WorkstationName.MaximumLength = 0;
3160 SecurityBlob->SessionKey.Length = 0;
3161 SecurityBlob->SessionKey.MaximumLength = 0;
3162 SecurityBlob->SessionKey.Buffer = 0;
3163
3164 SecurityBlob->LmChallengeResponse.Length = 0;
3165 SecurityBlob->LmChallengeResponse.MaximumLength = 0;
3166 SecurityBlob->LmChallengeResponse.Buffer = 0;
3167
3168 SecurityBlob->NtChallengeResponse.Length =
3169 cpu_to_le16(CIFS_SESS_KEY_SIZE);
3170 SecurityBlob->NtChallengeResponse.MaximumLength =
3171 cpu_to_le16(CIFS_SESS_KEY_SIZE);
3172 memcpy(bcc_ptr, ntlm_session_key, CIFS_SESS_KEY_SIZE);
3173 SecurityBlob->NtChallengeResponse.Buffer =
3174 cpu_to_le32(SecurityBlobLength);
3175 SecurityBlobLength += CIFS_SESS_KEY_SIZE;
3176 bcc_ptr += CIFS_SESS_KEY_SIZE;
3177
3178 if (ses->capabilities & CAP_UNICODE) {
3179 if (domain == NULL) {
3180 SecurityBlob->DomainName.Buffer = 0;
3181 SecurityBlob->DomainName.Length = 0;
3182 SecurityBlob->DomainName.MaximumLength = 0;
3183 } else {
3184 __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
3185 nls_codepage);
3186 ln *= 2;
3187 SecurityBlob->DomainName.MaximumLength =
3188 cpu_to_le16(ln);
3189 SecurityBlob->DomainName.Buffer =
3190 cpu_to_le32(SecurityBlobLength);
3191 bcc_ptr += ln;
3192 SecurityBlobLength += ln;
3193 SecurityBlob->DomainName.Length = cpu_to_le16(ln);
3194 }
3195 if (user == NULL) {
3196 SecurityBlob->UserName.Buffer = 0;
3197 SecurityBlob->UserName.Length = 0;
3198 SecurityBlob->UserName.MaximumLength = 0;
3199 } else {
3200 __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, user, 64,
3201 nls_codepage);
3202 ln *= 2;
3203 SecurityBlob->UserName.MaximumLength =
3204 cpu_to_le16(ln);
3205 SecurityBlob->UserName.Buffer =
3206 cpu_to_le32(SecurityBlobLength);
3207 bcc_ptr += ln;
3208 SecurityBlobLength += ln;
3209 SecurityBlob->UserName.Length = cpu_to_le16(ln);
3210 }
3211
3212 /* SecurityBlob->WorkstationName.Length =
3213 cifs_strtoUCS((__le16 *) bcc_ptr, "AMACHINE",64, nls_codepage);
3214 SecurityBlob->WorkstationName.Length *= 2;
3215 SecurityBlob->WorkstationName.MaximumLength =
3216 cpu_to_le16(SecurityBlob->WorkstationName.Length);
3217 SecurityBlob->WorkstationName.Buffer =
3218 cpu_to_le32(SecurityBlobLength);
3219 bcc_ptr += SecurityBlob->WorkstationName.Length;
3220 SecurityBlobLength += SecurityBlob->WorkstationName.Length;
3221 SecurityBlob->WorkstationName.Length =
3222 cpu_to_le16(SecurityBlob->WorkstationName.Length); */
3223
3224 if ((long) bcc_ptr % 2) {
3225 *bcc_ptr = 0;
3226 bcc_ptr++;
3227 }
3228 bytes_returned =
3229 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
3230 32, nls_codepage);
3231 bcc_ptr += 2 * bytes_returned;
3232 bytes_returned =
3233 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
3234 nls_codepage);
3235 bcc_ptr += 2 * bytes_returned;
3236 bcc_ptr += 2; /* null term version string */
3237 bytes_returned =
3238 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
3239 64, nls_codepage);
3240 bcc_ptr += 2 * bytes_returned;
3241 *(bcc_ptr + 1) = 0;
3242 *(bcc_ptr + 2) = 0;
3243 bcc_ptr += 2; /* null terminate network opsys string */
3244 *(bcc_ptr + 1) = 0;
3245 *(bcc_ptr + 2) = 0;
3246 bcc_ptr += 2; /* null domain */
3247 } else { /* ASCII */
3248 if (domain == NULL) {
3249 SecurityBlob->DomainName.Buffer = 0;
3250 SecurityBlob->DomainName.Length = 0;
3251 SecurityBlob->DomainName.MaximumLength = 0;
3252 } else {
3253 __u16 ln;
3254 negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
3255 strncpy(bcc_ptr, domain, 63);
3256 ln = strnlen(domain, 64);
3257 SecurityBlob->DomainName.MaximumLength =
3258 cpu_to_le16(ln);
3259 SecurityBlob->DomainName.Buffer =
3260 cpu_to_le32(SecurityBlobLength);
3261 bcc_ptr += ln;
3262 SecurityBlobLength += ln;
3263 SecurityBlob->DomainName.Length = cpu_to_le16(ln);
3264 }
3265 if (user == NULL) {
3266 SecurityBlob->UserName.Buffer = 0;
3267 SecurityBlob->UserName.Length = 0;
3268 SecurityBlob->UserName.MaximumLength = 0;
3269 } else {
3270 __u16 ln;
3271 strncpy(bcc_ptr, user, 63);
3272 ln = strnlen(user, 64);
3273 SecurityBlob->UserName.MaximumLength = cpu_to_le16(ln);
3274 SecurityBlob->UserName.Buffer =
3275 cpu_to_le32(SecurityBlobLength);
3276 bcc_ptr += ln;
3277 SecurityBlobLength += ln;
3278 SecurityBlob->UserName.Length = cpu_to_le16(ln);
3279 }
3280 /* BB fill in our workstation name if known BB */
3281
3282 strcpy(bcc_ptr, "Linux version ");
3283 bcc_ptr += strlen("Linux version ");
3284 strcpy(bcc_ptr, utsname()->release);
3285 bcc_ptr += strlen(utsname()->release) + 1;
3286 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
3287 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
3288 bcc_ptr++; /* null domain */
3289 *bcc_ptr = 0;
3290 }
3291 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
3292 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
3293 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
3294 smb_buffer->smb_buf_length += count;
3295 pSMB->req.ByteCount = cpu_to_le16(count);
3296
3297 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
3298 &bytes_returned, CIFS_LONG_OP);
3299 if (rc) {
3300 /* rc = map_smb_to_linux_error(smb_buffer_response) done in SendReceive now */
3301 } else if ((smb_buffer_response->WordCount == 3) ||
3302 (smb_buffer_response->WordCount == 4)) {
3303 __u16 action = le16_to_cpu(pSMBr->resp.Action);
3304 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
3305 if (action & GUEST_LOGIN)
3306 cFYI(1, (" Guest login")); /* BB Should we set anything
3307 in SesInfo struct ? */
3308 /* if (SecurityBlob2->MessageType != NtLm??) {
3309 cFYI("Unexpected message type on auth response is %d"));
3310 } */
3311
3312 if (ses) {
3313 cFYI(1,
3314 ("Check challenge UID %d vs auth response UID %d",
3315 ses->Suid, smb_buffer_response->Uid));
3316 /* UID left in wire format */
3317 ses->Suid = smb_buffer_response->Uid;
3318 bcc_ptr = pByteArea(smb_buffer_response);
3319 /* response can have either 3 or 4 word count - Samba sends 3 */
3320 if ((pSMBr->resp.hdr.WordCount == 3)
3321 || ((pSMBr->resp.hdr.WordCount == 4)
3322 && (blob_len <
3323 pSMBr->resp.ByteCount))) {
3324 if (pSMBr->resp.hdr.WordCount == 4) {
3325 bcc_ptr +=
3326 blob_len;
3327 cFYI(1,
3328 ("Security Blob Length %d ",
3329 blob_len));
3330 }
3331
3332 cFYI(1,
3333 ("NTLMSSP response to Authenticate "));
3334
3335 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3336 if ((long) (bcc_ptr) % 2) {
3337 remaining_words =
3338 (BCC(smb_buffer_response)
3339 - 1) / 2;
3340 bcc_ptr++; /* Unicode strings must be word aligned */
3341 } else {
3342 remaining_words = BCC(smb_buffer_response) / 2;
3343 }
3344 len = UniStrnlen((wchar_t *) bcc_ptr,
3345 remaining_words - 1);
3346 /* We look for obvious messed up bcc or strings in response so we do not go off
3347 the end since (at least) WIN2K and Windows XP have a major bug in not null
3348 terminating last Unicode string in response */
3349 if (ses->serverOS)
3350 kfree(ses->serverOS);
3351 ses->serverOS =
3352 kzalloc(2 * (len + 1), GFP_KERNEL);
3353 cifs_strfromUCS_le(ses->serverOS,
3354 (__le16 *)
3355 bcc_ptr, len,
3356 nls_codepage);
3357 bcc_ptr += 2 * (len + 1);
3358 remaining_words -= len + 1;
3359 ses->serverOS[2 * len] = 0;
3360 ses->serverOS[1 + (2 * len)] = 0;
3361 if (remaining_words > 0) {
3362 len = UniStrnlen((wchar_t *)
3363 bcc_ptr,
3364 remaining_words
3365 - 1);
3366 kfree(ses->serverNOS);
3367 ses->serverNOS =
3368 kzalloc(2 * (len + 1),
3369 GFP_KERNEL);
3370 cifs_strfromUCS_le(ses->
3371 serverNOS,
3372 (__le16 *)
3373 bcc_ptr,
3374 len,
3375 nls_codepage);
3376 bcc_ptr += 2 * (len + 1);
3377 ses->serverNOS[2 * len] = 0;
3378 ses->serverNOS[1+(2*len)] = 0;
3379 remaining_words -= len + 1;
3380 if (remaining_words > 0) {
3381 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
3382 /* last string not always null terminated (e.g. for Windows XP & 2000) */
3383 if (ses->serverDomain)
3384 kfree(ses->serverDomain);
3385 ses->serverDomain =
3386 kzalloc(2 *
3387 (len +
3388 1),
3389 GFP_KERNEL);
3390 cifs_strfromUCS_le
3391 (ses->
3392 serverDomain,
3393 (__le16 *)
3394 bcc_ptr, len,
3395 nls_codepage);
3396 bcc_ptr +=
3397 2 * (len + 1);
3398 ses->
3399 serverDomain[2
3400 * len]
3401 = 0;
3402 ses->
3403 serverDomain[1
3404 +
3405 (2
3406 *
3407 len)]
3408 = 0;
3409 } /* else no more room so create dummy domain string */
3410 else {
3411 if (ses->serverDomain)
3412 kfree(ses->serverDomain);
3413 ses->serverDomain = kzalloc(2,GFP_KERNEL);
3414 }
3415 } else { /* no room so create dummy domain and NOS string */
3416 if (ses->serverDomain)
3417 kfree(ses->serverDomain);
3418 ses->serverDomain = kzalloc(2, GFP_KERNEL);
3419 kfree(ses->serverNOS);
3420 ses->serverNOS = kzalloc(2, GFP_KERNEL);
3421 }
3422 } else { /* ASCII */
3423 len = strnlen(bcc_ptr, 1024);
3424 if (((long) bcc_ptr + len) -
3425 (long) pByteArea(smb_buffer_response)
3426 <= BCC(smb_buffer_response)) {
3427 if (ses->serverOS)
3428 kfree(ses->serverOS);
3429 ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
3430 strncpy(ses->serverOS,bcc_ptr, len);
3431
3432 bcc_ptr += len;
3433 bcc_ptr[0] = 0; /* null terminate the string */
3434 bcc_ptr++;
3435
3436 len = strnlen(bcc_ptr, 1024);
3437 kfree(ses->serverNOS);
3438 ses->serverNOS = kzalloc(len+1,
3439 GFP_KERNEL);
3440 strncpy(ses->serverNOS,
3441 bcc_ptr, len);
3442 bcc_ptr += len;
3443 bcc_ptr[0] = 0;
3444 bcc_ptr++;
3445
3446 len = strnlen(bcc_ptr, 1024);
3447 if (ses->serverDomain)
3448 kfree(ses->serverDomain);
3449 ses->serverDomain =
3450 kzalloc(len+1,
3451 GFP_KERNEL);
3452 strncpy(ses->serverDomain,
3453 bcc_ptr, len);
3454 bcc_ptr += len;
3455 bcc_ptr[0] = 0;
3456 bcc_ptr++;
3457 } else
3458 cFYI(1, ("field of length %d "
3459 "extends beyond end of smb ",
3460 len));
3461 }
3462 } else {
3463 cERROR(1, ("Security Blob extends beyond end "
3464 "of SMB"));
3465 }
3466 } else {
3467 cERROR(1, ("No session structure passed in."));
3468 }
3469 } else {
3470 cERROR(1, ("Invalid Word count %d: ",
3471 smb_buffer_response->WordCount));
3472 rc = -EIO;
3473 }
3474
3475 cifs_buf_release(smb_buffer);
3476
3477 return rc;
3478 }
3479
3480 int
3481 CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3482 const char *tree, struct cifsTconInfo *tcon,
3483 const struct nls_table *nls_codepage)
3484 {
3485 struct smb_hdr *smb_buffer;
3486 struct smb_hdr *smb_buffer_response;
3487 TCONX_REQ *pSMB;
3488 TCONX_RSP *pSMBr;
3489 unsigned char *bcc_ptr;
3490 int rc = 0;
3491 int length;
3492 __u16 count;
3493
3494 if (ses == NULL)
3495 return -EIO;
3496
3497 smb_buffer = cifs_buf_get();
3498 if (smb_buffer == NULL) {
3499 return -ENOMEM;
3500 }
3501 smb_buffer_response = smb_buffer;
3502
3503 header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3504 NULL /*no tid */ , 4 /*wct */ );
3505
3506 smb_buffer->Mid = GetNextMid(ses->server);
3507 smb_buffer->Uid = ses->Suid;
3508 pSMB = (TCONX_REQ *) smb_buffer;
3509 pSMBr = (TCONX_RSP *) smb_buffer_response;
3510
3511 pSMB->AndXCommand = 0xFF;
3512 pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
3513 bcc_ptr = &pSMB->Password[0];
3514 if ((ses->server->secMode) & SECMODE_USER) {
3515 pSMB->PasswordLength = cpu_to_le16(1); /* minimum */
3516 *bcc_ptr = 0; /* password is null byte */
3517 bcc_ptr++; /* skip password */
3518 /* already aligned so no need to do it below */
3519 } else {
3520 pSMB->PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);
3521 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3522 specified as required (when that support is added to
3523 the vfs in the future) as only NTLM or the much
3524 weaker LANMAN (which we do not send by default) is accepted
3525 by Samba (not sure whether other servers allow
3526 NTLMv2 password here) */
3527 #ifdef CONFIG_CIFS_WEAK_PW_HASH
3528 if ((extended_security & CIFSSEC_MAY_LANMAN) &&
3529 (ses->server->secType == LANMAN))
3530 calc_lanman_hash(ses, bcc_ptr);
3531 else
3532 #endif /* CIFS_WEAK_PW_HASH */
3533 SMBNTencrypt(ses->password,
3534 ses->server->cryptKey,
3535 bcc_ptr);
3536
3537 bcc_ptr += CIFS_SESS_KEY_SIZE;
3538 if (ses->capabilities & CAP_UNICODE) {
3539 /* must align unicode strings */
3540 *bcc_ptr = 0; /* null byte password */
3541 bcc_ptr++;
3542 }
3543 }
3544
3545 if (ses->server->secMode &
3546 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3547 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3548
3549 if (ses->capabilities & CAP_STATUS32) {
3550 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3551 }
3552 if (ses->capabilities & CAP_DFS) {
3553 smb_buffer->Flags2 |= SMBFLG2_DFS;
3554 }
3555 if (ses->capabilities & CAP_UNICODE) {
3556 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3557 length =
3558 cifs_strtoUCS((__le16 *) bcc_ptr, tree,
3559 6 /* max utf8 char length in bytes */ *
3560 (/* server len*/ + 256 /* share len */), nls_codepage);
3561 bcc_ptr += 2 * length; /* convert num 16 bit words to bytes */
3562 bcc_ptr += 2; /* skip trailing null */
3563 } else { /* ASCII */
3564 strcpy(bcc_ptr, tree);
3565 bcc_ptr += strlen(tree) + 1;
3566 }
3567 strcpy(bcc_ptr, "?????");
3568 bcc_ptr += strlen("?????");
3569 bcc_ptr += 1;
3570 count = bcc_ptr - &pSMB->Password[0];
3571 pSMB->hdr.smb_buf_length += count;
3572 pSMB->ByteCount = cpu_to_le16(count);
3573
3574 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length,
3575 CIFS_STD_OP);
3576
3577 /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3578 /* above now done in SendReceive */
3579 if ((rc == 0) && (tcon != NULL)) {
3580 tcon->tidStatus = CifsGood;
3581 tcon->need_reconnect = false;
3582 tcon->tid = smb_buffer_response->Tid;
3583 bcc_ptr = pByteArea(smb_buffer_response);
3584 length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2);
3585 /* skip service field (NB: this field is always ASCII) */
3586 if (length == 3) {
3587 if ((bcc_ptr[0] == 'I') && (bcc_ptr[1] == 'P') &&
3588 (bcc_ptr[2] == 'C')) {
3589 cFYI(1, ("IPC connection"));
3590 tcon->ipc = 1;
3591 }
3592 } else if (length == 2) {
3593 if ((bcc_ptr[0] == 'A') && (bcc_ptr[1] == ':')) {
3594 /* the most common case */
3595 cFYI(1, ("disk share connection"));
3596 }
3597 }
3598 bcc_ptr += length + 1;
3599 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3600 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3601 length = UniStrnlen((wchar_t *) bcc_ptr, 512);
3602 if ((bcc_ptr + (2 * length)) -
3603 pByteArea(smb_buffer_response) <=
3604 BCC(smb_buffer_response)) {
3605 kfree(tcon->nativeFileSystem);
3606 tcon->nativeFileSystem =
3607 kzalloc(length + 2, GFP_KERNEL);
3608 if (tcon->nativeFileSystem)
3609 cifs_strfromUCS_le(
3610 tcon->nativeFileSystem,
3611 (__le16 *) bcc_ptr,
3612 length, nls_codepage);
3613 bcc_ptr += 2 * length;
3614 bcc_ptr[0] = 0; /* null terminate the string */
3615 bcc_ptr[1] = 0;
3616 bcc_ptr += 2;
3617 }
3618 /* else do not bother copying these information fields*/
3619 } else {
3620 length = strnlen(bcc_ptr, 1024);
3621 if ((bcc_ptr + length) -
3622 pByteArea(smb_buffer_response) <=
3623 BCC(smb_buffer_response)) {
3624 kfree(tcon->nativeFileSystem);
3625 tcon->nativeFileSystem =
3626 kzalloc(length + 1, GFP_KERNEL);
3627 if (tcon->nativeFileSystem)
3628 strncpy(tcon->nativeFileSystem, bcc_ptr,
3629 length);
3630 }
3631 /* else do not bother copying these information fields*/
3632 }
3633 if ((smb_buffer_response->WordCount == 3) ||
3634 (smb_buffer_response->WordCount == 7))
3635 /* field is in same location */
3636 tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3637 else
3638 tcon->Flags = 0;
3639 cFYI(1, ("Tcon flags: 0x%x ", tcon->Flags));
3640 } else if ((rc == 0) && tcon == NULL) {
3641 /* all we need to save for IPC$ connection */
3642 ses->ipc_tid = smb_buffer_response->Tid;
3643 }
3644
3645 cifs_buf_release(smb_buffer);
3646 return rc;
3647 }
3648
3649 int
3650 cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3651 {
3652 int rc = 0;
3653 char *tmp;
3654
3655 if (cifs_sb->tcon)
3656 cifs_put_tcon(cifs_sb->tcon);
3657
3658 cifs_sb->tcon = NULL;
3659 tmp = cifs_sb->prepath;
3660 cifs_sb->prepathlen = 0;
3661 cifs_sb->prepath = NULL;
3662 kfree(tmp);
3663
3664 return rc;
3665 }
3666
3667 int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
3668 struct nls_table *nls_info)
3669 {
3670 int rc = 0;
3671 char ntlm_session_key[CIFS_SESS_KEY_SIZE];
3672 bool ntlmv2_flag = false;
3673 int first_time = 0;
3674 struct TCP_Server_Info *server = pSesInfo->server;
3675
3676 /* what if server changes its buffer size after dropping the session? */
3677 if (server->maxBuf == 0) /* no need to send on reconnect */ {
3678 rc = CIFSSMBNegotiate(xid, pSesInfo);
3679 if (rc == -EAGAIN) {
3680 /* retry only once on 1st time connection */
3681 rc = CIFSSMBNegotiate(xid, pSesInfo);
3682 if (rc == -EAGAIN)
3683 rc = -EHOSTDOWN;
3684 }
3685 if (rc == 0) {
3686 spin_lock(&GlobalMid_Lock);
3687 if (server->tcpStatus != CifsExiting)
3688 server->tcpStatus = CifsGood;
3689 else
3690 rc = -EHOSTDOWN;
3691 spin_unlock(&GlobalMid_Lock);
3692
3693 }
3694 first_time = 1;
3695 }
3696
3697 if (rc)
3698 goto ss_err_exit;
3699
3700 pSesInfo->flags = 0;
3701 pSesInfo->capabilities = server->capabilities;
3702 if (linuxExtEnabled == 0)
3703 pSesInfo->capabilities &= (~CAP_UNIX);
3704 /* pSesInfo->sequence_number = 0;*/
3705 cFYI(1, ("Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d",
3706 server->secMode, server->capabilities, server->timeAdj));
3707
3708 if (experimEnabled < 2)
3709 rc = CIFS_SessSetup(xid, pSesInfo, first_time, nls_info);
3710 else if (extended_security
3711 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3712 && (server->secType == NTLMSSP)) {
3713 rc = -EOPNOTSUPP;
3714 } else if (extended_security
3715 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3716 && (server->secType == RawNTLMSSP)) {
3717 cFYI(1, ("NTLMSSP sesssetup"));
3718 rc = CIFSNTLMSSPNegotiateSessSetup(xid, pSesInfo, &ntlmv2_flag,
3719 nls_info);
3720 if (!rc) {
3721 if (ntlmv2_flag) {
3722 char *v2_response;
3723 cFYI(1, ("more secure NTLM ver2 hash"));
3724 if (CalcNTLMv2_partial_mac_key(pSesInfo,
3725 nls_info)) {
3726 rc = -ENOMEM;
3727 goto ss_err_exit;
3728 } else
3729 v2_response = kmalloc(16 + 64 /* blob*/,
3730 GFP_KERNEL);
3731 if (v2_response) {
3732 CalcNTLMv2_response(pSesInfo,
3733 v2_response);
3734 /* if (first_time)
3735 cifs_calculate_ntlmv2_mac_key */
3736 kfree(v2_response);
3737 /* BB Put dummy sig in SessSetup PDU? */
3738 } else {
3739 rc = -ENOMEM;
3740 goto ss_err_exit;
3741 }
3742
3743 } else {
3744 SMBNTencrypt(pSesInfo->password,
3745 server->cryptKey,
3746 ntlm_session_key);
3747
3748 if (first_time)
3749 cifs_calculate_mac_key(
3750 &server->mac_signing_key,
3751 ntlm_session_key,
3752 pSesInfo->password);
3753 }
3754 /* for better security the weaker lanman hash not sent
3755 in AuthSessSetup so we no longer calculate it */
3756
3757 rc = CIFSNTLMSSPAuthSessSetup(xid, pSesInfo,
3758 ntlm_session_key,
3759 ntlmv2_flag,
3760 nls_info);
3761 }
3762 } else { /* old style NTLM 0.12 session setup */
3763 SMBNTencrypt(pSesInfo->password, server->cryptKey,
3764 ntlm_session_key);
3765
3766 if (first_time)
3767 cifs_calculate_mac_key(&server->mac_signing_key,
3768 ntlm_session_key,
3769 pSesInfo->password);
3770
3771 rc = CIFSSessSetup(xid, pSesInfo, ntlm_session_key, nls_info);
3772 }
3773 if (rc) {
3774 cERROR(1, ("Send error in SessSetup = %d", rc));
3775 } else {
3776 cFYI(1, ("CIFS Session Established successfully"));
3777 spin_lock(&GlobalMid_Lock);
3778 pSesInfo->status = CifsGood;
3779 pSesInfo->need_reconnect = false;
3780 spin_unlock(&GlobalMid_Lock);
3781 }
3782
3783 ss_err_exit:
3784 return rc;
3785 }
3786
Linux kernel - Deliverables
This page took 0.111519 seconds and 5 git commands to generate.