Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / cb8be64084e6294fcb9e558188fe104050b94f0b / . / fs / cifs / connect.c
blob: f784b70abfeb5b95597d0a9f40c6b1952322930b [file] [log] [blame]
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1/*
2 * fs/cifs/connect.c
3 *
Steve Frenchb8643e12005-04-28 22:41:07 -0700[diff] [blame]4 * Copyright (C) International Business Machines Corp., 2002,2005
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]5 * Author(s): Steve French (sfrench@us.ibm.com)
6 *
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
21#include <linux/fs.h>
22#include <linux/net.h>
23#include <linux/string.h>
24#include <linux/list.h>
25#include <linux/wait.h>
26#include <linux/ipv6.h>
27#include <linux/pagemap.h>
28#include <linux/ctype.h>
29#include <linux/utsname.h>
30#include <linux/mempool.h>
Steve Frenchb8643e12005-04-28 22:41:07 -0700[diff] [blame]31#include <linux/delay.h>
Steve Frenchf1914012005-08-18 09:37:34 -0700[diff] [blame]32#include <linux/completion.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]33#include <asm/uaccess.h>
34#include <asm/processor.h>
35#include "cifspdu.h"
36#include "cifsglob.h"
37#include "cifsproto.h"
38#include "cifs_unicode.h"
39#include "cifs_debug.h"
40#include "cifs_fs_sb.h"
41#include "ntlmssp.h"
42#include "nterr.h"
43#include "rfc1002pdu.h"
44
45#define CIFS_PORT 445
46#define RFC1001_PORT 139
47
Steve Frenchf1914012005-08-18 09:37:34 -0700[diff] [blame]48static DECLARE_COMPLETION(cifsd_complete);
49
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]50extern void SMBencrypt(unsigned char *passwd, unsigned char *c8,
51 unsigned char *p24);
52extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
53 unsigned char *p24);
54
55extern mempool_t *cifs_req_poolp;
56
57struct smb_vol {
58 char *username;
59 char *password;
60 char *domainname;
61 char *UNC;
62 char *UNCip;
63 char *in6_addr; /* ipv6 address as human readable form of in6_addr */
64 char *iocharset; /* local code page for mapping to and from Unicode */
65 char source_rfc1001_name[16]; /* netbios name of client */
Steve Frencha10faeb22005-08-22 21:38:31 -0700[diff] [blame]66 char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]67 uid_t linux_uid;
68 gid_t linux_gid;
69 mode_t file_mode;
70 mode_t dir_mode;
71 unsigned rw:1;
72 unsigned retry:1;
73 unsigned intr:1;
74 unsigned setuids:1;
75 unsigned noperm:1;
76 unsigned no_psx_acl:1; /* set if posix acl support should be disabled */
77 unsigned no_xattr:1; /* set if xattr (EA) support should be disabled*/
78 unsigned server_ino:1; /* use inode numbers from server ie UniqueId */
79 unsigned direct_io:1;
Steve French6a0b4822005-04-28 22:41:05 -0700[diff] [blame]80 unsigned remap:1; /* set to remap seven reserved chars in filenames */
Jeremy Allisonac670552005-06-22 17:26:35 -0700[diff] [blame]81 unsigned posix_paths:1; /* unset to not ask for posix pathnames. */
Steve Frenchd7245c22005-07-14 18:25:12 -0500[diff] [blame]82 unsigned sfu_emul:1;
Steve Frenchc46fa8a2005-08-18 20:49:57 -0700[diff] [blame]83 unsigned nocase; /* request case insensitive filenames */
84 unsigned nobrl; /* disable sending byte range locks to srv */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]85 unsigned int rsize;
86 unsigned int wsize;
87 unsigned int sockopt;
88 unsigned short int port;
89};
90
91static int ipv4_connect(struct sockaddr_in *psin_server,
92 struct socket **csocket,
Steve Frencha10faeb22005-08-22 21:38:31 -0700[diff] [blame]93 char * netb_name,
94 char * server_netb_name);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]95static int ipv6_connect(struct sockaddr_in6 *psin_server,
96 struct socket **csocket);
97
98
99 /*
100 * cifs tcp session reconnection
101 *
102 * mark tcp session as reconnecting so temporarily locked
103 * mark all smb sessions as reconnecting for tcp session
104 * reconnect tcp session
105 * wake up waiters on reconnection? - (not needed currently)
106 */
107
108int
109cifs_reconnect(struct TCP_Server_Info *server)
110{
111 int rc = 0;
112 struct list_head *tmp;
113 struct cifsSesInfo *ses;
114 struct cifsTconInfo *tcon;
115 struct mid_q_entry * mid_entry;
116
117 spin_lock(&GlobalMid_Lock);
118 if(server->tcpStatus == CifsExiting) {
119 /* the demux thread will exit normally
120 next time through the loop */
121 spin_unlock(&GlobalMid_Lock);
122 return rc;
123 } else
124 server->tcpStatus = CifsNeedReconnect;
125 spin_unlock(&GlobalMid_Lock);
126 server->maxBuf = 0;
127
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]128 cFYI(1, ("Reconnecting tcp session"));
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]129
130 /* before reconnecting the tcp session, mark the smb session (uid)
131 and the tid bad so they are not used until reconnected */
132 read_lock(&GlobalSMBSeslock);
133 list_for_each(tmp, &GlobalSMBSessionList) {
134 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
135 if (ses->server) {
136 if (ses->server == server) {
137 ses->status = CifsNeedReconnect;
138 ses->ipc_tid = 0;
139 }
140 }
141 /* else tcp and smb sessions need reconnection */
142 }
143 list_for_each(tmp, &GlobalTreeConnectionList) {
144 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
145 if((tcon) && (tcon->ses) && (tcon->ses->server == server)) {
146 tcon->tidStatus = CifsNeedReconnect;
147 }
148 }
149 read_unlock(&GlobalSMBSeslock);
150 /* do not want to be sending data on a socket we are freeing */
151 down(&server->tcpSem);
152 if(server->ssocket) {
153 cFYI(1,("State: 0x%x Flags: 0x%lx", server->ssocket->state,
154 server->ssocket->flags));
155 server->ssocket->ops->shutdown(server->ssocket,SEND_SHUTDOWN);
156 cFYI(1,("Post shutdown state: 0x%x Flags: 0x%lx", server->ssocket->state,
157 server->ssocket->flags));
158 sock_release(server->ssocket);
159 server->ssocket = NULL;
160 }
161
162 spin_lock(&GlobalMid_Lock);
163 list_for_each(tmp, &server->pending_mid_q) {
164 mid_entry = list_entry(tmp, struct
165 mid_q_entry,
166 qhead);
167 if(mid_entry) {
168 if(mid_entry->midState == MID_REQUEST_SUBMITTED) {
Steve French09d1db52005-04-28 22:41:08 -0700[diff] [blame]169 /* Mark other intransit requests as needing
170 retry so we do not immediately mark the
171 session bad again (ie after we reconnect
172 below) as they timeout too */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]173 mid_entry->midState = MID_RETRY_NEEDED;
174 }
175 }
176 }
177 spin_unlock(&GlobalMid_Lock);
178 up(&server->tcpSem);
179
180 while ((server->tcpStatus != CifsExiting) && (server->tcpStatus != CifsGood))
181 {
182 if(server->protocolType == IPV6) {
183 rc = ipv6_connect(&server->addr.sockAddr6,&server->ssocket);
184 } else {
185 rc = ipv4_connect(&server->addr.sockAddr,
186 &server->ssocket,
Steve Frencha10faeb22005-08-22 21:38:31 -0700[diff] [blame]187 server->workstation_RFC1001_name,
188 server->server_RFC1001_name);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]189 }
190 if(rc) {
Steve French0cb766a2005-04-28 22:41:11 -0700[diff] [blame]191 msleep(3000);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]192 } else {
193 atomic_inc(&tcpSesReconnectCount);
194 spin_lock(&GlobalMid_Lock);
195 if(server->tcpStatus != CifsExiting)
196 server->tcpStatus = CifsGood;
Steve Frenchad009ac2005-04-28 22:41:05 -0700[diff] [blame]197 server->sequence_number = 0;
198 spin_unlock(&GlobalMid_Lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]199 /* atomic_set(&server->inFlight,0);*/
200 wake_up(&server->response_q);
201 }
202 }
203 return rc;
204}
205
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]206/*
207 return codes:
208 0 not a transact2, or all data present
209 >0 transact2 with that much data missing
210 -EINVAL = invalid transact2
211
212 */
213static int check2ndT2(struct smb_hdr * pSMB, unsigned int maxBufSize)
214{
215 struct smb_t2_rsp * pSMBt;
216 int total_data_size;
217 int data_in_this_rsp;
218 int remaining;
219
220 if(pSMB->Command != SMB_COM_TRANSACTION2)
221 return 0;
222
223 /* check for plausible wct, bcc and t2 data and parm sizes */
224 /* check for parm and data offset going beyond end of smb */
225 if(pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
226 cFYI(1,("invalid transact2 word count"));
227 return -EINVAL;
228 }
229
230 pSMBt = (struct smb_t2_rsp *)pSMB;
231
232 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
233 data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
234
235 remaining = total_data_size - data_in_this_rsp;
236
237 if(remaining == 0)
238 return 0;
239 else if(remaining < 0) {
240 cFYI(1,("total data %d smaller than data in frame %d",
241 total_data_size, data_in_this_rsp));
242 return -EINVAL;
243 } else {
244 cFYI(1,("missing %d bytes from transact2, check next response",
245 remaining));
246 if(total_data_size > maxBufSize) {
247 cERROR(1,("TotalDataSize %d is over maximum buffer %d",
248 total_data_size,maxBufSize));
249 return -EINVAL;
250 }
251 return remaining;
252 }
253}
254
255static int coalesce_t2(struct smb_hdr * psecond, struct smb_hdr *pTargetSMB)
256{
257 struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
258 struct smb_t2_rsp *pSMBt = (struct smb_t2_rsp *)pTargetSMB;
259 int total_data_size;
260 int total_in_buf;
261 int remaining;
262 int total_in_buf2;
263 char * data_area_of_target;
264 char * data_area_of_buf2;
265 __u16 byte_count;
266
267 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
268
269 if(total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
270 cFYI(1,("total data sizes of primary and secondary t2 differ"));
271 }
272
273 total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
274
275 remaining = total_data_size - total_in_buf;
276
277 if(remaining < 0)
278 return -EINVAL;
279
280 if(remaining == 0) /* nothing to do, ignore */
281 return 0;
282
283 total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
284 if(remaining < total_in_buf2) {
285 cFYI(1,("transact2 2nd response contains too much data"));
286 }
287
288 /* find end of first SMB data area */
289 data_area_of_target = (char *)&pSMBt->hdr.Protocol +
290 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
291 /* validate target area */
292
293 data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
294 le16_to_cpu(pSMB2->t2_rsp.DataOffset);
295
296 data_area_of_target += total_in_buf;
297
298 /* copy second buffer into end of first buffer */
299 memcpy(data_area_of_target,data_area_of_buf2,total_in_buf2);
300 total_in_buf += total_in_buf2;
301 pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
302 byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
303 byte_count += total_in_buf2;
304 BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
305
306 byte_count = be32_to_cpu(pTargetSMB->smb_buf_length);
307 byte_count += total_in_buf2;
308
309 /* BB also add check that we are not beyond maximum buffer size */
310
311 pTargetSMB->smb_buf_length = cpu_to_be32(byte_count);
312
313 if(remaining == total_in_buf2) {
314 cFYI(1,("found the last secondary response"));
315 return 0; /* we are done */
316 } else /* more responses to go */
317 return 1;
318
319}
320
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]321static int
322cifs_demultiplex_thread(struct TCP_Server_Info *server)
323{
324 int length;
325 unsigned int pdu_length, total_read;
326 struct smb_hdr *smb_buffer = NULL;
Steve Frenchb8643e12005-04-28 22:41:07 -0700[diff] [blame]327 struct smb_hdr *bigbuf = NULL;
328 struct smb_hdr *smallbuf = NULL;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]329 struct msghdr smb_msg;
330 struct kvec iov;
331 struct socket *csocket = server->ssocket;
332 struct list_head *tmp;
333 struct cifsSesInfo *ses;
334 struct task_struct *task_to_wake = NULL;
335 struct mid_q_entry *mid_entry;
336 char *temp;
Steve Frenchb8643e12005-04-28 22:41:07 -0700[diff] [blame]337 int isLargeBuf = FALSE;
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]338 int isMultiRsp;
339 int reconnect;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]340
341 daemonize("cifsd");
342 allow_signal(SIGKILL);
343 current->flags |= PF_MEMALLOC;
344 server->tsk = current; /* save process info to wake at shutdown */
345 cFYI(1, ("Demultiplex PID: %d", current->pid));
346 write_lock(&GlobalSMBSeslock);
347 atomic_inc(&tcpSesAllocCount);
348 length = tcpSesAllocCount.counter;
349 write_unlock(&GlobalSMBSeslock);
Steve Frenchf1914012005-08-18 09:37:34 -0700[diff] [blame]350 complete(&cifsd_complete);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]351 if(length > 1) {
352 mempool_resize(cifs_req_poolp,
353 length + cifs_min_rcv,
354 GFP_KERNEL);
355 }
356
357 while (server->tcpStatus != CifsExiting) {
Steve French16abbec2005-08-30 13:10:14 -0700[diff] [blame]358 if(try_to_freeze())
359 continue;
Steve Frenchb8643e12005-04-28 22:41:07 -0700[diff] [blame]360 if (bigbuf == NULL) {
361 bigbuf = cifs_buf_get();
362 if(bigbuf == NULL) {
363 cERROR(1,("No memory for large SMB response"));
364 msleep(3000);
365 /* retry will check if exiting */
366 continue;
367 }
368 } else if(isLargeBuf) {
369 /* we are reusing a dirtry large buf, clear its start */
370 memset(bigbuf, 0, sizeof (struct smb_hdr));
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]371 }
Steve Frenchb8643e12005-04-28 22:41:07 -0700[diff] [blame]372
373 if (smallbuf == NULL) {
374 smallbuf = cifs_small_buf_get();
375 if(smallbuf == NULL) {
376 cERROR(1,("No memory for SMB response"));
377 msleep(1000);
378 /* retry will check if exiting */
379 continue;
380 }
381 /* beginning of smb buffer is cleared in our buf_get */
382 } else /* if existing small buf clear beginning */
383 memset(smallbuf, 0, sizeof (struct smb_hdr));
384
385 isLargeBuf = FALSE;
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]386 isMultiRsp = FALSE;
Steve Frenchb8643e12005-04-28 22:41:07 -0700[diff] [blame]387 smb_buffer = smallbuf;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]388 iov.iov_base = smb_buffer;
389 iov.iov_len = 4;
390 smb_msg.msg_control = NULL;
391 smb_msg.msg_controllen = 0;
392 length =
393 kernel_recvmsg(csocket, &smb_msg,
394 &iov, 1, 4, 0 /* BB see socket.h flags */);
395
396 if(server->tcpStatus == CifsExiting) {
397 break;
398 } else if (server->tcpStatus == CifsNeedReconnect) {
Steve French57337e42005-04-28 22:41:10 -0700[diff] [blame]399 cFYI(1,("Reconnect after server stopped responding"));
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]400 cifs_reconnect(server);
401 cFYI(1,("call to reconnect done"));
402 csocket = server->ssocket;
403 continue;
404 } else if ((length == -ERESTARTSYS) || (length == -EAGAIN)) {
Steve Frenchb8643e12005-04-28 22:41:07 -0700[diff] [blame]405 msleep(1); /* minimum sleep to prevent looping
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]406 allowing socket to clear and app threads to set
407 tcpStatus CifsNeedReconnect if server hung */
408 continue;
409 } else if (length <= 0) {
410 if(server->tcpStatus == CifsNew) {
Steve French57337e42005-04-28 22:41:10 -0700[diff] [blame]411 cFYI(1,("tcp session abend after SMBnegprot"));
Steve French09d1db52005-04-28 22:41:08 -0700[diff] [blame]412 /* some servers kill the TCP session rather than
413 returning an SMB negprot error, in which
414 case reconnecting here is not going to help,
415 and so simply return error to mount */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]416 break;
417 }
418 if(length == -EINTR) {
419 cFYI(1,("cifsd thread killed"));
420 break;
421 }
Steve French57337e42005-04-28 22:41:10 -0700[diff] [blame]422 cFYI(1,("Reconnect after unexpected peek error %d",
423 length));
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]424 cifs_reconnect(server);
425 csocket = server->ssocket;
426 wake_up(&server->response_q);
427 continue;
Steve French46810cb2005-04-28 22:41:09 -0700[diff] [blame]428 } else if (length < 4) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]429 cFYI(1,
Steve French57337e42005-04-28 22:41:10 -0700[diff] [blame]430 ("Frame under four bytes received (%d bytes long)",
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]431 length));
432 cifs_reconnect(server);
433 csocket = server->ssocket;
434 wake_up(&server->response_q);
435 continue;
436 }
Steve French67010fb2005-04-28 22:41:09 -0700[diff] [blame]437
Steve French46810cb2005-04-28 22:41:09 -0700[diff] [blame]438 /* the right amount was read from socket - 4 bytes */
439
440 pdu_length = ntohl(smb_buffer->smb_buf_length);
441 cFYI(1,("rfc1002 length(big endian)0x%x)", pdu_length+4));
442
443 temp = (char *) smb_buffer;
444 if (temp[0] == (char) RFC1002_SESSION_KEEP_ALIVE) {
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]445 continue;
Steve French46810cb2005-04-28 22:41:09 -0700[diff] [blame]446 } else if (temp[0] == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]447 cFYI(1,("Good RFC 1002 session rsp"));
448 continue;
Steve French46810cb2005-04-28 22:41:09 -0700[diff] [blame]449 } else if (temp[0] == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
450 /* we get this from Windows 98 instead of
451 an error on SMB negprot response */
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]452 cFYI(1,("Negative RFC1002 Session Response Error 0x%x)",
453 temp[4]));
Steve French46810cb2005-04-28 22:41:09 -0700[diff] [blame]454 if(server->tcpStatus == CifsNew) {
455 /* if nack on negprot (rather than
456 ret of smb negprot error) reconnecting
457 not going to help, ret error to mount */
458 break;
459 } else {
460 /* give server a second to
461 clean up before reconnect attempt */
462 msleep(1000);
463 /* always try 445 first on reconnect
464 since we get NACK on some if we ever
465 connected to port 139 (the NACK is
466 since we do not begin with RFC1001
467 session initialize frame) */
468 server->addr.sockAddr.sin_port =
469 htons(CIFS_PORT);
470 cifs_reconnect(server);
471 csocket = server->ssocket;
472 wake_up(&server->response_q);
473 continue;
474 }
475 } else if (temp[0] != (char) 0) {
476 cERROR(1,("Unknown RFC 1002 frame"));
477 cifs_dump_mem(" Received Data: ", temp, length);
478 cifs_reconnect(server);
479 csocket = server->ssocket;
480 continue;
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]481 }
482
483 /* else we have an SMB response */
484 if((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
Steve French46810cb2005-04-28 22:41:09 -0700[diff] [blame]485 (pdu_length < sizeof (struct smb_hdr) - 1 - 4)) {
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]486 cERROR(1, ("Invalid size SMB length %d pdu_length %d",
Steve French46810cb2005-04-28 22:41:09 -0700[diff] [blame]487 length, pdu_length+4));
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]488 cifs_reconnect(server);
489 csocket = server->ssocket;
490 wake_up(&server->response_q);
491 continue;
492 }
493
494 /* else length ok */
495 reconnect = 0;
496
497 if(pdu_length > MAX_CIFS_HDR_SIZE - 4) {
498 isLargeBuf = TRUE;
499 memcpy(bigbuf, smallbuf, 4);
500 smb_buffer = bigbuf;
501 }
502 length = 0;
503 iov.iov_base = 4 + (char *)smb_buffer;
504 iov.iov_len = pdu_length;
505 for (total_read = 0; total_read < pdu_length;
506 total_read += length) {
507 length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
508 pdu_length - total_read, 0);
509 if((server->tcpStatus == CifsExiting) ||
510 (length == -EINTR)) {
511 /* then will exit */
512 reconnect = 2;
513 break;
514 } else if (server->tcpStatus == CifsNeedReconnect) {
Steve French46810cb2005-04-28 22:41:09 -0700[diff] [blame]515 cifs_reconnect(server);
516 csocket = server->ssocket;
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]517 /* Reconnect wakes up rspns q */
518 /* Now we will reread sock */
519 reconnect = 1;
520 break;
521 } else if ((length == -ERESTARTSYS) ||
522 (length == -EAGAIN)) {
523 msleep(1); /* minimum sleep to prevent looping,
524 allowing socket to clear and app
525 threads to set tcpStatus
526 CifsNeedReconnect if server hung*/
Steve French46810cb2005-04-28 22:41:09 -0700[diff] [blame]527 continue;
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]528 } else if (length <= 0) {
529 cERROR(1,("Received no data, expecting %d",
530 pdu_length - total_read));
531 cifs_reconnect(server);
532 csocket = server->ssocket;
533 reconnect = 1;
534 break;
Steve French46810cb2005-04-28 22:41:09 -0700[diff] [blame]535 }
536 }
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]537 if(reconnect == 2)
538 break;
539 else if(reconnect == 1)
540 continue;
541
542 length += 4; /* account for rfc1002 hdr */
543
544
545 dump_smb(smb_buffer, length);
546 if (checkSMB (smb_buffer, smb_buffer->Mid, total_read+4)) {
547 cERROR(1, ("Bad SMB Received "));
548 continue;
549 }
550
551
552 task_to_wake = NULL;
553 spin_lock(&GlobalMid_Lock);
554 list_for_each(tmp, &server->pending_mid_q) {
555 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
556
557 if ((mid_entry->mid == smb_buffer->Mid) &&
558 (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
559 (mid_entry->command == smb_buffer->Command)) {
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]560 if(check2ndT2(smb_buffer,server->maxBuf) > 0) {
561 /* We have a multipart transact2 resp */
Steve Frenchcd634992005-04-28 22:41:10 -0700[diff] [blame]562 isMultiRsp = TRUE;
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]563 if(mid_entry->resp_buf) {
564 /* merge response - fix up 1st*/
565 if(coalesce_t2(smb_buffer,
566 mid_entry->resp_buf)) {
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]567 break;
568 } else {
569 /* all parts received */
570 goto multi_t2_fnd;
571 }
572 } else {
573 if(!isLargeBuf) {
574 cERROR(1,("1st trans2 resp needs bigbuf"));
575 /* BB maybe we can fix this up, switch
576 to already allocated large buffer? */
577 } else {
Steve Frenchcd634992005-04-28 22:41:10 -0700[diff] [blame]578 /* Have first buffer */
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]579 mid_entry->resp_buf =
580 smb_buffer;
581 mid_entry->largeBuf = 1;
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]582 bigbuf = NULL;
583 }
584 }
585 break;
586 }
587 mid_entry->resp_buf = smb_buffer;
588 if(isLargeBuf)
589 mid_entry->largeBuf = 1;
590 else
591 mid_entry->largeBuf = 0;
592multi_t2_fnd:
593 task_to_wake = mid_entry->tsk;
594 mid_entry->midState = MID_RESPONSE_RECEIVED;
595 break;
596 }
597 }
598 spin_unlock(&GlobalMid_Lock);
599 if (task_to_wake) {
Steve Frenchcd634992005-04-28 22:41:10 -0700[diff] [blame]600 /* Was previous buf put in mpx struct for multi-rsp? */
601 if(!isMultiRsp) {
602 /* smb buffer will be freed by user thread */
603 if(isLargeBuf) {
604 bigbuf = NULL;
605 } else
606 smallbuf = NULL;
607 }
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]608 wake_up_process(task_to_wake);
Steve French57337e42005-04-28 22:41:10 -0700[diff] [blame]609 } else if ((is_valid_oplock_break(smb_buffer) == FALSE)
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]610 && (isMultiRsp == FALSE)) {
611 cERROR(1, ("No task to wake, unknown frame rcvd!"));
612 cifs_dump_mem("Received Data is: ",temp,sizeof(struct smb_hdr));
613 }
614 } /* end while !EXITING */
615
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]616 spin_lock(&GlobalMid_Lock);
617 server->tcpStatus = CifsExiting;
618 server->tsk = NULL;
Steve French31ca3bc2005-04-28 22:41:11 -0700[diff] [blame]619 /* check if we have blocked requests that need to free */
620 /* Note that cifs_max_pending is normally 50, but
621 can be set at module install time to as little as two */
622 if(atomic_read(&server->inFlight) >= cifs_max_pending)
623 atomic_set(&server->inFlight, cifs_max_pending - 1);
624 /* We do not want to set the max_pending too low or we
625 could end up with the counter going negative */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]626 spin_unlock(&GlobalMid_Lock);
627 /* Although there should not be any requests blocked on
628 this queue it can not hurt to be paranoid and try to wake up requests
Steve French09d1db52005-04-28 22:41:08 -0700[diff] [blame]629 that may haven been blocked when more than 50 at time were on the wire
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]630 to the same server - they now will see the session is in exit state
631 and get out of SendReceive. */
632 wake_up_all(&server->request_q);
633 /* give those requests time to exit */
Steve Frenchb8643e12005-04-28 22:41:07 -0700[diff] [blame]634 msleep(125);
635
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]636 if(server->ssocket) {
637 sock_release(csocket);
638 server->ssocket = NULL;
639 }
Steve Frenchb8643e12005-04-28 22:41:07 -0700[diff] [blame]640 /* buffer usuallly freed in free_mid - need to free it here on exit */
641 if (bigbuf != NULL)
642 cifs_buf_release(bigbuf);
643 if (smallbuf != NULL)
644 cifs_small_buf_release(smallbuf);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]645
646 read_lock(&GlobalSMBSeslock);
647 if (list_empty(&server->pending_mid_q)) {
Steve French09d1db52005-04-28 22:41:08 -0700[diff] [blame]648 /* loop through server session structures attached to this and
649 mark them dead */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]650 list_for_each(tmp, &GlobalSMBSessionList) {
651 ses =
652 list_entry(tmp, struct cifsSesInfo,
653 cifsSessionList);
654 if (ses->server == server) {
655 ses->status = CifsExiting;
656 ses->server = NULL;
657 }
658 }
659 read_unlock(&GlobalSMBSeslock);
660 } else {
Steve French31ca3bc2005-04-28 22:41:11 -0700[diff] [blame]661 /* although we can not zero the server struct pointer yet,
662 since there are active requests which may depnd on them,
663 mark the corresponding SMB sessions as exiting too */
664 list_for_each(tmp, &GlobalSMBSessionList) {
665 ses = list_entry(tmp, struct cifsSesInfo,
666 cifsSessionList);
667 if (ses->server == server) {
668 ses->status = CifsExiting;
669 }
670 }
671
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]672 spin_lock(&GlobalMid_Lock);
673 list_for_each(tmp, &server->pending_mid_q) {
674 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
675 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
676 cFYI(1,
Steve French09d1db52005-04-28 22:41:08 -0700[diff] [blame]677 ("Clearing Mid 0x%x - waking up ",mid_entry->mid));
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]678 task_to_wake = mid_entry->tsk;
679 if(task_to_wake) {
680 wake_up_process(task_to_wake);
681 }
682 }
683 }
684 spin_unlock(&GlobalMid_Lock);
685 read_unlock(&GlobalSMBSeslock);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]686 /* 1/8th of sec is more than enough time for them to exit */
Steve Frenchb8643e12005-04-28 22:41:07 -0700[diff] [blame]687 msleep(125);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]688 }
689
Steve Frenchf1914012005-08-18 09:37:34 -0700[diff] [blame]690 if (!list_empty(&server->pending_mid_q)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]691 /* mpx threads have not exited yet give them
692 at least the smb send timeout time for long ops */
Steve French31ca3bc2005-04-28 22:41:11 -0700[diff] [blame]693 /* due to delays on oplock break requests, we need
694 to wait at least 45 seconds before giving up
695 on a request getting a response and going ahead
696 and killing cifsd */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]697 cFYI(1, ("Wait for exit from demultiplex thread"));
Steve French31ca3bc2005-04-28 22:41:11 -0700[diff] [blame]698 msleep(46000);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]699 /* if threads still have not exited they are probably never
700 coming home not much else we can do but free the memory */
701 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]702
703 write_lock(&GlobalSMBSeslock);
704 atomic_dec(&tcpSesAllocCount);
705 length = tcpSesAllocCount.counter;
Steve French31ca3bc2005-04-28 22:41:11 -0700[diff] [blame]706
707 /* last chance to mark ses pointers invalid
708 if there are any pointing to this (e.g
709 if a crazy root user tried to kill cifsd
710 kernel thread explicitly this might happen) */
711 list_for_each(tmp, &GlobalSMBSessionList) {
712 ses = list_entry(tmp, struct cifsSesInfo,
713 cifsSessionList);
714 if (ses->server == server) {
715 ses->server = NULL;
716 }
717 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]718 write_unlock(&GlobalSMBSeslock);
Steve French31ca3bc2005-04-28 22:41:11 -0700[diff] [blame]719
720 kfree(server);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]721 if(length > 0) {
722 mempool_resize(cifs_req_poolp,
723 length + cifs_min_rcv,
724 GFP_KERNEL);
725 }
Steve Frenchb8643e12005-04-28 22:41:07 -0700[diff] [blame]726
Steve Frenchf1914012005-08-18 09:37:34 -0700[diff] [blame]727 complete_and_exit(&cifsd_complete, 0);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]728 return 0;
729}
730
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]731static int
732cifs_parse_mount_options(char *options, const char *devname,struct smb_vol *vol)
733{
734 char *value;
735 char *data;
736 unsigned int temp_len, i, j;
737 char separator[2];
738
739 separator[0] = ',';
740 separator[1] = 0;
741
742 memset(vol->source_rfc1001_name,0x20,15);
743 for(i=0;i < strnlen(system_utsname.nodename,15);i++) {
744 /* does not have to be a perfect mapping since the field is
745 informational, only used for servers that do not support
746 port 445 and it can be overridden at mount time */
Steve French09d1db52005-04-28 22:41:08 -0700[diff] [blame]747 vol->source_rfc1001_name[i] =
748 toupper(system_utsname.nodename[i]);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]749 }
750 vol->source_rfc1001_name[15] = 0;
Steve Frencha10faeb22005-08-22 21:38:31 -0700[diff] [blame]751 /* null target name indicates to use *SMBSERVR default called name
752 if we end up sending RFC1001 session initialize */
753 vol->target_rfc1001_name[0] = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]754 vol->linux_uid = current->uid; /* current->euid instead? */
755 vol->linux_gid = current->gid;
756 vol->dir_mode = S_IRWXUGO;
757 /* 2767 perms indicate mandatory locking support */
758 vol->file_mode = S_IALLUGO & ~(S_ISUID | S_IXGRP);
759
760 /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
761 vol->rw = TRUE;
762
Jeremy Allisonac670552005-06-22 17:26:35 -0700[diff] [blame]763 /* default is always to request posix paths. */
764 vol->posix_paths = 1;
765
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]766 if (!options)
767 return 1;
768
769 if(strncmp(options,"sep=",4) == 0) {
770 if(options[4] != 0) {
771 separator[0] = options[4];
772 options += 5;
773 } else {
774 cFYI(1,("Null separator not allowed"));
775 }
776 }
777
778 while ((data = strsep(&options, separator)) != NULL) {
779 if (!*data)
780 continue;
781 if ((value = strchr(data, '=')) != NULL)
782 *value++ = '\0';
783
784 if (strnicmp(data, "user_xattr",10) == 0) {/*parse before user*/
785 vol->no_xattr = 0;
786 } else if (strnicmp(data, "nouser_xattr",12) == 0) {
787 vol->no_xattr = 1;
788 } else if (strnicmp(data, "user", 4) == 0) {
789 if (!value || !*value) {
790 printk(KERN_WARNING
791 "CIFS: invalid or missing username\n");
792 return 1; /* needs_arg; */
793 }
794 if (strnlen(value, 200) < 200) {
795 vol->username = value;
796 } else {
797 printk(KERN_WARNING "CIFS: username too long\n");
798 return 1;
799 }
800 } else if (strnicmp(data, "pass", 4) == 0) {
801 if (!value) {
802 vol->password = NULL;
803 continue;
804 } else if(value[0] == 0) {
805 /* check if string begins with double comma
806 since that would mean the password really
807 does start with a comma, and would not
808 indicate an empty string */
809 if(value[1] != separator[0]) {
810 vol->password = NULL;
811 continue;
812 }
813 }
814 temp_len = strlen(value);
815 /* removed password length check, NTLM passwords
816 can be arbitrarily long */
817
818 /* if comma in password, the string will be
819 prematurely null terminated. Commas in password are
820 specified across the cifs mount interface by a double
821 comma ie ,, and a comma used as in other cases ie ','
822 as a parameter delimiter/separator is single and due
823 to the strsep above is temporarily zeroed. */
824
825 /* NB: password legally can have multiple commas and
826 the only illegal character in a password is null */
827
Steve French09d1db52005-04-28 22:41:08 -0700[diff] [blame]828 if ((value[temp_len] == 0) &&
829 (value[temp_len+1] == separator[0])) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]830 /* reinsert comma */
831 value[temp_len] = separator[0];
832 temp_len+=2; /* move after the second comma */
833 while(value[temp_len] != 0) {
834 if (value[temp_len] == separator[0]) {
Steve French09d1db52005-04-28 22:41:08 -0700[diff] [blame]835 if (value[temp_len+1] ==
836 separator[0]) {
837 /* skip second comma */
838 temp_len++;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]839 } else {
840 /* single comma indicating start
841 of next parm */
842 break;
843 }
844 }
845 temp_len++;
846 }
847 if(value[temp_len] == 0) {
848 options = NULL;
849 } else {
850 value[temp_len] = 0;
851 /* point option to start of next parm */
852 options = value + temp_len + 1;
853 }
854 /* go from value to value + temp_len condensing
855 double commas to singles. Note that this ends up
856 allocating a few bytes too many, which is ok */
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]857 vol->password = kcalloc(1, temp_len, GFP_KERNEL);
858 if(vol->password == NULL) {
859 printk("CIFS: no memory for pass\n");
860 return 1;
861 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]862 for(i=0,j=0;i<temp_len;i++,j++) {
863 vol->password[j] = value[i];
Steve French09d1db52005-04-28 22:41:08 -0700[diff] [blame]864 if(value[i] == separator[0]
865 && value[i+1] == separator[0]) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]866 /* skip second comma */
867 i++;
868 }
869 }
870 vol->password[j] = 0;
871 } else {
Steve French09d1db52005-04-28 22:41:08 -0700[diff] [blame]872 vol->password = kcalloc(1, temp_len+1, GFP_KERNEL);
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]873 if(vol->password == NULL) {
874 printk("CIFS: no memory for pass\n");
875 return 1;
876 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]877 strcpy(vol->password, value);
878 }
879 } else if (strnicmp(data, "ip", 2) == 0) {
880 if (!value || !*value) {
881 vol->UNCip = NULL;
882 } else if (strnlen(value, 35) < 35) {
883 vol->UNCip = value;
884 } else {
885 printk(KERN_WARNING "CIFS: ip address too long\n");
886 return 1;
887 }
888 } else if ((strnicmp(data, "unc", 3) == 0)
889 || (strnicmp(data, "target", 6) == 0)
890 || (strnicmp(data, "path", 4) == 0)) {
891 if (!value || !*value) {
892 printk(KERN_WARNING
893 "CIFS: invalid path to network resource\n");
894 return 1; /* needs_arg; */
895 }
896 if ((temp_len = strnlen(value, 300)) < 300) {
897 vol->UNC = kmalloc(temp_len+1,GFP_KERNEL);
898 if(vol->UNC == NULL)
899 return 1;
900 strcpy(vol->UNC,value);
901 if (strncmp(vol->UNC, "//", 2) == 0) {
902 vol->UNC[0] = '\\';
903 vol->UNC[1] = '\\';
904 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
905 printk(KERN_WARNING
906 "CIFS: UNC Path does not begin with // or \\\\ \n");
907 return 1;
908 }
909 } else {
910 printk(KERN_WARNING "CIFS: UNC name too long\n");
911 return 1;
912 }
913 } else if ((strnicmp(data, "domain", 3) == 0)
914 || (strnicmp(data, "workgroup", 5) == 0)) {
915 if (!value || !*value) {
916 printk(KERN_WARNING "CIFS: invalid domain name\n");
917 return 1; /* needs_arg; */
918 }
919 /* BB are there cases in which a comma can be valid in
920 a domain name and need special handling? */
921 if (strnlen(value, 65) < 65) {
922 vol->domainname = value;
923 cFYI(1, ("Domain name set"));
924 } else {
925 printk(KERN_WARNING "CIFS: domain name too long\n");
926 return 1;
927 }
928 } else if (strnicmp(data, "iocharset", 9) == 0) {
929 if (!value || !*value) {
930 printk(KERN_WARNING "CIFS: invalid iocharset specified\n");
931 return 1; /* needs_arg; */
932 }
933 if (strnlen(value, 65) < 65) {
934 if(strnicmp(value,"default",7))
935 vol->iocharset = value;
936 /* if iocharset not set load_nls_default used by caller */
937 cFYI(1, ("iocharset set to %s",value));
938 } else {
939 printk(KERN_WARNING "CIFS: iocharset name too long.\n");
940 return 1;
941 }
942 } else if (strnicmp(data, "uid", 3) == 0) {
943 if (value && *value) {
944 vol->linux_uid =
945 simple_strtoul(value, &value, 0);
946 }
947 } else if (strnicmp(data, "gid", 3) == 0) {
948 if (value && *value) {
949 vol->linux_gid =
950 simple_strtoul(value, &value, 0);
951 }
952 } else if (strnicmp(data, "file_mode", 4) == 0) {
953 if (value && *value) {
954 vol->file_mode =
955 simple_strtoul(value, &value, 0);
956 }
957 } else if (strnicmp(data, "dir_mode", 4) == 0) {
958 if (value && *value) {
959 vol->dir_mode =
960 simple_strtoul(value, &value, 0);
961 }
962 } else if (strnicmp(data, "dirmode", 4) == 0) {
963 if (value && *value) {
964 vol->dir_mode =
965 simple_strtoul(value, &value, 0);
966 }
967 } else if (strnicmp(data, "port", 4) == 0) {
968 if (value && *value) {
969 vol->port =
970 simple_strtoul(value, &value, 0);
971 }
972 } else if (strnicmp(data, "rsize", 5) == 0) {
973 if (value && *value) {
974 vol->rsize =
975 simple_strtoul(value, &value, 0);
976 }
977 } else if (strnicmp(data, "wsize", 5) == 0) {
978 if (value && *value) {
979 vol->wsize =
980 simple_strtoul(value, &value, 0);
981 }
982 } else if (strnicmp(data, "sockopt", 5) == 0) {
983 if (value && *value) {
984 vol->sockopt =
985 simple_strtoul(value, &value, 0);
986 }
987 } else if (strnicmp(data, "netbiosname", 4) == 0) {
988 if (!value || !*value || (*value == ' ')) {
989 cFYI(1,("invalid (empty) netbiosname specified"));
990 } else {
991 memset(vol->source_rfc1001_name,0x20,15);
992 for(i=0;i<15;i++) {
993 /* BB are there cases in which a comma can be
994 valid in this workstation netbios name (and need
995 special handling)? */
996
997 /* We do not uppercase netbiosname for user */
998 if (value[i]==0)
999 break;
1000 else
1001 vol->source_rfc1001_name[i] = value[i];
1002 }
1003 /* The string has 16th byte zero still from
1004 set at top of the function */
1005 if((i==15) && (value[i] != 0))
Steve Frencha10faeb22005-08-22 21:38:31 -0700[diff] [blame]1006 printk(KERN_WARNING "CIFS: netbiosname longer than 15 truncated.\n");
1007 }
1008 } else if (strnicmp(data, "servern", 7) == 0) {
1009 /* servernetbiosname specified override *SMBSERVER */
1010 if (!value || !*value || (*value == ' ')) {
1011 cFYI(1,("empty server netbiosname specified"));
1012 } else {
1013 /* last byte, type, is 0x20 for servr type */
1014 memset(vol->target_rfc1001_name,0x20,16);
1015
1016 for(i=0;i<15;i++) {
1017 /* BB are there cases in which a comma can be
1018 valid in this workstation netbios name (and need
1019 special handling)? */
1020
1021 /* user or mount helper must uppercase netbiosname */
1022 if (value[i]==0)
1023 break;
1024 else
1025 vol->target_rfc1001_name[i] = value[i];
1026 }
1027 /* The string has 16th byte zero still from
1028 set at top of the function */
1029 if((i==15) && (value[i] != 0))
1030 printk(KERN_WARNING "CIFS: server netbiosname longer than 15 truncated.\n");
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1031 }
1032 } else if (strnicmp(data, "credentials", 4) == 0) {
1033 /* ignore */
1034 } else if (strnicmp(data, "version", 3) == 0) {
1035 /* ignore */
1036 } else if (strnicmp(data, "guest",5) == 0) {
1037 /* ignore */
1038 } else if (strnicmp(data, "rw", 2) == 0) {
1039 vol->rw = TRUE;
1040 } else if ((strnicmp(data, "suid", 4) == 0) ||
1041 (strnicmp(data, "nosuid", 6) == 0) ||
1042 (strnicmp(data, "exec", 4) == 0) ||
1043 (strnicmp(data, "noexec", 6) == 0) ||
1044 (strnicmp(data, "nodev", 5) == 0) ||
1045 (strnicmp(data, "noauto", 6) == 0) ||
1046 (strnicmp(data, "dev", 3) == 0)) {
1047 /* The mount tool or mount.cifs helper (if present)
1048 uses these opts to set flags, and the flags are read
1049 by the kernel vfs layer before we get here (ie
1050 before read super) so there is no point trying to
1051 parse these options again and set anything and it
1052 is ok to just ignore them */
1053 continue;
1054 } else if (strnicmp(data, "ro", 2) == 0) {
1055 vol->rw = FALSE;
1056 } else if (strnicmp(data, "hard", 4) == 0) {
1057 vol->retry = 1;
1058 } else if (strnicmp(data, "soft", 4) == 0) {
1059 vol->retry = 0;
1060 } else if (strnicmp(data, "perm", 4) == 0) {
1061 vol->noperm = 0;
1062 } else if (strnicmp(data, "noperm", 6) == 0) {
1063 vol->noperm = 1;
Steve French6a0b4822005-04-28 22:41:05 -0700[diff] [blame]1064 } else if (strnicmp(data, "mapchars", 8) == 0) {
1065 vol->remap = 1;
1066 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1067 vol->remap = 0;
Steve Frenchd7245c22005-07-14 18:25:12 -0500[diff] [blame]1068 } else if (strnicmp(data, "sfu", 3) == 0) {
1069 vol->sfu_emul = 1;
1070 } else if (strnicmp(data, "nosfu", 5) == 0) {
1071 vol->sfu_emul = 0;
Jeremy Allisonac670552005-06-22 17:26:35 -0700[diff] [blame]1072 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1073 vol->posix_paths = 1;
1074 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1075 vol->posix_paths = 0;
Steve Frencha10faeb22005-08-22 21:38:31 -0700[diff] [blame]1076 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1077 (strnicmp(data, "ignorecase", 10) == 0)) {
Steve Frenchc46fa8a2005-08-18 20:49:57 -0700[diff] [blame]1078 vol->nocase = 1;
1079 } else if (strnicmp(data, "brl", 3) == 0) {
1080 vol->nobrl = 0;
Steve Frenchcb8be642005-08-30 15:25:52 -0700[diff] [blame^]1081 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1082 (strnicmp(data, "nolock", 6)) {
Steve Frenchc46fa8a2005-08-18 20:49:57 -0700[diff] [blame]1083 vol->nobrl = 1;
Steve Frenchd3485d32005-08-19 11:04:29 -0700[diff] [blame]1084 /* turn off mandatory locking in mode
1085 if remote locking is turned off since the
1086 local vfs will do advisory */
1087 if(vol->file_mode == (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1088 vol->file_mode = S_IALLUGO;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1089 } else if (strnicmp(data, "setuids", 7) == 0) {
1090 vol->setuids = 1;
1091 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1092 vol->setuids = 0;
1093 } else if (strnicmp(data, "nohard", 6) == 0) {
1094 vol->retry = 0;
1095 } else if (strnicmp(data, "nosoft", 6) == 0) {
1096 vol->retry = 1;
1097 } else if (strnicmp(data, "nointr", 6) == 0) {
1098 vol->intr = 0;
1099 } else if (strnicmp(data, "intr", 4) == 0) {
1100 vol->intr = 1;
1101 } else if (strnicmp(data, "serverino",7) == 0) {
1102 vol->server_ino = 1;
1103 } else if (strnicmp(data, "noserverino",9) == 0) {
1104 vol->server_ino = 0;
1105 } else if (strnicmp(data, "acl",3) == 0) {
1106 vol->no_psx_acl = 0;
1107 } else if (strnicmp(data, "noacl",5) == 0) {
1108 vol->no_psx_acl = 1;
1109 } else if (strnicmp(data, "direct",6) == 0) {
1110 vol->direct_io = 1;
1111 } else if (strnicmp(data, "forcedirectio",13) == 0) {
1112 vol->direct_io = 1;
1113 } else if (strnicmp(data, "in6_addr",8) == 0) {
1114 if (!value || !*value) {
1115 vol->in6_addr = NULL;
1116 } else if (strnlen(value, 49) == 48) {
1117 vol->in6_addr = value;
1118 } else {
1119 printk(KERN_WARNING "CIFS: ip v6 address not 48 characters long\n");
1120 return 1;
1121 }
1122 } else if (strnicmp(data, "noac", 4) == 0) {
1123 printk(KERN_WARNING "CIFS: Mount option noac not supported. Instead set /proc/fs/cifs/LookupCacheEnabled to 0\n");
1124 } else
1125 printk(KERN_WARNING "CIFS: Unknown mount option %s\n",data);
1126 }
1127 if (vol->UNC == NULL) {
1128 if(devname == NULL) {
1129 printk(KERN_WARNING "CIFS: Missing UNC name for mount target\n");
1130 return 1;
1131 }
1132 if ((temp_len = strnlen(devname, 300)) < 300) {
1133 vol->UNC = kmalloc(temp_len+1,GFP_KERNEL);
1134 if(vol->UNC == NULL)
1135 return 1;
1136 strcpy(vol->UNC,devname);
1137 if (strncmp(vol->UNC, "//", 2) == 0) {
1138 vol->UNC[0] = '\\';
1139 vol->UNC[1] = '\\';
1140 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1141 printk(KERN_WARNING "CIFS: UNC Path does not begin with // or \\\\ \n");
1142 return 1;
1143 }
1144 } else {
1145 printk(KERN_WARNING "CIFS: UNC name too long\n");
1146 return 1;
1147 }
1148 }
1149 if(vol->UNCip == NULL)
1150 vol->UNCip = &vol->UNC[2];
1151
1152 return 0;
1153}
1154
1155static struct cifsSesInfo *
1156cifs_find_tcp_session(struct in_addr * target_ip_addr,
1157 struct in6_addr *target_ip6_addr,
1158 char *userName, struct TCP_Server_Info **psrvTcp)
1159{
1160 struct list_head *tmp;
1161 struct cifsSesInfo *ses;
1162 *psrvTcp = NULL;
1163 read_lock(&GlobalSMBSeslock);
1164
1165 list_for_each(tmp, &GlobalSMBSessionList) {
1166 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
1167 if (ses->server) {
1168 if((target_ip_addr &&
1169 (ses->server->addr.sockAddr.sin_addr.s_addr
1170 == target_ip_addr->s_addr)) || (target_ip6_addr
1171 && memcmp(&ses->server->addr.sockAddr6.sin6_addr,
1172 target_ip6_addr,sizeof(*target_ip6_addr)))){
1173 /* BB lock server and tcp session and increment use count here?? */
1174 *psrvTcp = ses->server; /* found a match on the TCP session */
1175 /* BB check if reconnection needed */
1176 if (strncmp
1177 (ses->userName, userName,
1178 MAX_USERNAME_SIZE) == 0){
1179 read_unlock(&GlobalSMBSeslock);
1180 return ses; /* found exact match on both tcp and SMB sessions */
1181 }
1182 }
1183 }
1184 /* else tcp and smb sessions need reconnection */
1185 }
1186 read_unlock(&GlobalSMBSeslock);
1187 return NULL;
1188}
1189
1190static struct cifsTconInfo *
1191find_unc(__be32 new_target_ip_addr, char *uncName, char *userName)
1192{
1193 struct list_head *tmp;
1194 struct cifsTconInfo *tcon;
1195
1196 read_lock(&GlobalSMBSeslock);
1197 list_for_each(tmp, &GlobalTreeConnectionList) {
1198 cFYI(1, ("Next tcon - "));
1199 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
1200 if (tcon->ses) {
1201 if (tcon->ses->server) {
1202 cFYI(1,
1203 (" old ip addr: %x == new ip %x ?",
1204 tcon->ses->server->addr.sockAddr.sin_addr.
1205 s_addr, new_target_ip_addr));
1206 if (tcon->ses->server->addr.sockAddr.sin_addr.
1207 s_addr == new_target_ip_addr) {
1208 /* BB lock tcon and server and tcp session and increment use count here? */
1209 /* found a match on the TCP session */
1210 /* BB check if reconnection needed */
1211 cFYI(1,("Matched ip, old UNC: %s == new: %s ?",
1212 tcon->treeName, uncName));
1213 if (strncmp
1214 (tcon->treeName, uncName,
1215 MAX_TREE_SIZE) == 0) {
1216 cFYI(1,
1217 ("Matched UNC, old user: %s == new: %s ?",
1218 tcon->treeName, uncName));
1219 if (strncmp
1220 (tcon->ses->userName,
1221 userName,
1222 MAX_USERNAME_SIZE) == 0) {
1223 read_unlock(&GlobalSMBSeslock);
1224 return tcon;/* also matched user (smb session)*/
1225 }
1226 }
1227 }
1228 }
1229 }
1230 }
1231 read_unlock(&GlobalSMBSeslock);
1232 return NULL;
1233}
1234
1235int
1236connect_to_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
Steve French737b7582005-04-28 22:41:06 -0700[diff] [blame]1237 const char *old_path, const struct nls_table *nls_codepage,
1238 int remap)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1239{
1240 unsigned char *referrals = NULL;
1241 unsigned int num_referrals;
1242 int rc = 0;
1243
1244 rc = get_dfs_path(xid, pSesInfo,old_path, nls_codepage,
Steve French737b7582005-04-28 22:41:06 -0700[diff] [blame]1245 &num_referrals, &referrals, remap);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1246
1247 /* BB Add in code to: if valid refrl, if not ip address contact
1248 the helper that resolves tcp names, mount to it, try to
1249 tcon to it unmount it if fail */
1250
1251 if(referrals)
1252 kfree(referrals);
1253
1254 return rc;
1255}
1256
1257int
1258get_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
1259 const char *old_path, const struct nls_table *nls_codepage,
Steve French737b7582005-04-28 22:41:06 -0700[diff] [blame]1260 unsigned int *pnum_referrals,
1261 unsigned char ** preferrals, int remap)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1262{
1263 char *temp_unc;
1264 int rc = 0;
1265
1266 *pnum_referrals = 0;
1267
1268 if (pSesInfo->ipc_tid == 0) {
1269 temp_unc = kmalloc(2 /* for slashes */ +
1270 strnlen(pSesInfo->serverName,SERVER_NAME_LEN_WITH_NULL * 2)
1271 + 1 + 4 /* slash IPC$ */ + 2,
1272 GFP_KERNEL);
1273 if (temp_unc == NULL)
1274 return -ENOMEM;
1275 temp_unc[0] = '\\';
1276 temp_unc[1] = '\\';
1277 strcpy(temp_unc + 2, pSesInfo->serverName);
1278 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
1279 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
1280 cFYI(1,
1281 ("CIFS Tcon rc = %d ipc_tid = %d", rc,pSesInfo->ipc_tid));
1282 kfree(temp_unc);
1283 }
1284 if (rc == 0)
1285 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
Steve French737b7582005-04-28 22:41:06 -0700[diff] [blame]1286 pnum_referrals, nls_codepage, remap);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1287
1288 return rc;
1289}
1290
1291/* See RFC1001 section 14 on representation of Netbios names */
1292static void rfc1002mangle(char * target,char * source, unsigned int length)
1293{
1294 unsigned int i,j;
1295
1296 for(i=0,j=0;i<(length);i++) {
1297 /* mask a nibble at a time and encode */
1298 target[j] = 'A' + (0x0F & (source[i] >> 4));
1299 target[j+1] = 'A' + (0x0F & source[i]);
1300 j+=2;
1301 }
1302
1303}
1304
1305
1306static int
1307ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket,
Steve Frencha10faeb22005-08-22 21:38:31 -0700[diff] [blame]1308 char * netbios_name, char * target_name)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1309{
1310 int rc = 0;
1311 int connected = 0;
1312 __be16 orig_port = 0;
1313
1314 if(*csocket == NULL) {
1315 rc = sock_create_kern(PF_INET, SOCK_STREAM, IPPROTO_TCP, csocket);
1316 if (rc < 0) {
1317 cERROR(1, ("Error %d creating socket",rc));
1318 *csocket = NULL;
1319 return rc;
1320 } else {
1321 /* BB other socket options to set KEEPALIVE, NODELAY? */
1322 cFYI(1,("Socket created"));
1323 (*csocket)->sk->sk_allocation = GFP_NOFS;
1324 }
1325 }
1326
1327 psin_server->sin_family = AF_INET;
1328 if(psin_server->sin_port) { /* user overrode default port */
1329 rc = (*csocket)->ops->connect(*csocket,
1330 (struct sockaddr *) psin_server,
1331 sizeof (struct sockaddr_in),0);
1332 if (rc >= 0)
1333 connected = 1;
1334 }
1335
1336 if(!connected) {
1337 /* save original port so we can retry user specified port
1338 later if fall back ports fail this time */
1339 orig_port = psin_server->sin_port;
1340
1341 /* do not retry on the same port we just failed on */
1342 if(psin_server->sin_port != htons(CIFS_PORT)) {
1343 psin_server->sin_port = htons(CIFS_PORT);
1344
1345 rc = (*csocket)->ops->connect(*csocket,
1346 (struct sockaddr *) psin_server,
1347 sizeof (struct sockaddr_in),0);
1348 if (rc >= 0)
1349 connected = 1;
1350 }
1351 }
1352 if (!connected) {
1353 psin_server->sin_port = htons(RFC1001_PORT);
1354 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1355 psin_server, sizeof (struct sockaddr_in),0);
1356 if (rc >= 0)
1357 connected = 1;
1358 }
1359
1360 /* give up here - unless we want to retry on different
1361 protocol families some day */
1362 if (!connected) {
1363 if(orig_port)
1364 psin_server->sin_port = orig_port;
1365 cFYI(1,("Error %d connecting to server via ipv4",rc));
1366 sock_release(*csocket);
1367 *csocket = NULL;
1368 return rc;
1369 }
1370 /* Eventually check for other socket options to change from
1371 the default. sock_setsockopt not used because it expects
1372 user space buffer */
1373 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1374
1375 /* send RFC1001 sessinit */
1376
1377 if(psin_server->sin_port == htons(RFC1001_PORT)) {
1378 /* some servers require RFC1001 sessinit before sending
1379 negprot - BB check reconnection in case where second
1380 sessinit is sent but no second negprot */
1381 struct rfc1002_session_packet * ses_init_buf;
1382 struct smb_hdr * smb_buf;
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]1383 ses_init_buf = kcalloc(1, sizeof(struct rfc1002_session_packet), GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1384 if(ses_init_buf) {
1385 ses_init_buf->trailer.session_req.called_len = 32;
Steve Frencha10faeb22005-08-22 21:38:31 -0700[diff] [blame]1386 if(target_name && (target_name[0] != 0)) {
1387 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1388 target_name, 16);
1389 } else {
1390 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1391 DEFAULT_CIFS_CALLED_NAME,16);
1392 }
1393
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1394 ses_init_buf->trailer.session_req.calling_len = 32;
1395 /* calling name ends in null (byte 16) from old smb
1396 convention. */
1397 if(netbios_name && (netbios_name[0] !=0)) {
1398 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1399 netbios_name,16);
1400 } else {
1401 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1402 "LINUX_CIFS_CLNT",16);
1403 }
1404 ses_init_buf->trailer.session_req.scope1 = 0;
1405 ses_init_buf->trailer.session_req.scope2 = 0;
1406 smb_buf = (struct smb_hdr *)ses_init_buf;
1407 /* sizeof RFC1002_SESSION_REQUEST with no scope */
1408 smb_buf->smb_buf_length = 0x81000044;
1409 rc = smb_send(*csocket, smb_buf, 0x44,
1410 (struct sockaddr *)psin_server);
1411 kfree(ses_init_buf);
1412 }
1413 /* else the negprot may still work without this
1414 even though malloc failed */
1415
1416 }
1417
1418 return rc;
1419}
1420
1421static int
1422ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket)
1423{
1424 int rc = 0;
1425 int connected = 0;
1426 __be16 orig_port = 0;
1427
1428 if(*csocket == NULL) {
1429 rc = sock_create_kern(PF_INET6, SOCK_STREAM, IPPROTO_TCP, csocket);
1430 if (rc < 0) {
1431 cERROR(1, ("Error %d creating ipv6 socket",rc));
1432 *csocket = NULL;
1433 return rc;
1434 } else {
1435 /* BB other socket options to set KEEPALIVE, NODELAY? */
1436 cFYI(1,("ipv6 Socket created"));
1437 (*csocket)->sk->sk_allocation = GFP_NOFS;
1438 }
1439 }
1440
1441 psin_server->sin6_family = AF_INET6;
1442
1443 if(psin_server->sin6_port) { /* user overrode default port */
1444 rc = (*csocket)->ops->connect(*csocket,
1445 (struct sockaddr *) psin_server,
1446 sizeof (struct sockaddr_in6),0);
1447 if (rc >= 0)
1448 connected = 1;
1449 }
1450
1451 if(!connected) {
1452 /* save original port so we can retry user specified port
1453 later if fall back ports fail this time */
1454
1455 orig_port = psin_server->sin6_port;
1456 /* do not retry on the same port we just failed on */
1457 if(psin_server->sin6_port != htons(CIFS_PORT)) {
1458 psin_server->sin6_port = htons(CIFS_PORT);
1459
1460 rc = (*csocket)->ops->connect(*csocket,
1461 (struct sockaddr *) psin_server,
1462 sizeof (struct sockaddr_in6),0);
1463 if (rc >= 0)
1464 connected = 1;
1465 }
1466 }
1467 if (!connected) {
1468 psin_server->sin6_port = htons(RFC1001_PORT);
1469 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1470 psin_server, sizeof (struct sockaddr_in6),0);
1471 if (rc >= 0)
1472 connected = 1;
1473 }
1474
1475 /* give up here - unless we want to retry on different
1476 protocol families some day */
1477 if (!connected) {
1478 if(orig_port)
1479 psin_server->sin6_port = orig_port;
1480 cFYI(1,("Error %d connecting to server via ipv6",rc));
1481 sock_release(*csocket);
1482 *csocket = NULL;
1483 return rc;
1484 }
1485 /* Eventually check for other socket options to change from
1486 the default. sock_setsockopt not used because it expects
1487 user space buffer */
1488 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1489
1490 return rc;
1491}
1492
1493int
1494cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
1495 char *mount_data, const char *devname)
1496{
1497 int rc = 0;
1498 int xid;
1499 int address_type = AF_INET;
1500 struct socket *csocket = NULL;
1501 struct sockaddr_in sin_server;
1502 struct sockaddr_in6 sin_server6;
1503 struct smb_vol volume_info;
1504 struct cifsSesInfo *pSesInfo = NULL;
1505 struct cifsSesInfo *existingCifsSes = NULL;
1506 struct cifsTconInfo *tcon = NULL;
1507 struct TCP_Server_Info *srvTcp = NULL;
1508
1509 xid = GetXid();
1510
1511/* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */
1512
1513 memset(&volume_info,0,sizeof(struct smb_vol));
1514 if (cifs_parse_mount_options(mount_data, devname, &volume_info)) {
1515 if(volume_info.UNC)
1516 kfree(volume_info.UNC);
1517 if(volume_info.password)
1518 kfree(volume_info.password);
1519 FreeXid(xid);
1520 return -EINVAL;
1521 }
1522
1523 if (volume_info.username) {
1524 /* BB fixme parse for domain name here */
1525 cFYI(1, ("Username: %s ", volume_info.username));
1526
1527 } else {
1528 cifserror("No username specified ");
1529 /* In userspace mount helper we can get user name from alternate
1530 locations such as env variables and files on disk */
1531 if(volume_info.UNC)
1532 kfree(volume_info.UNC);
1533 if(volume_info.password)
1534 kfree(volume_info.password);
1535 FreeXid(xid);
1536 return -EINVAL;
1537 }
1538
1539 if (volume_info.UNCip && volume_info.UNC) {
1540 rc = cifs_inet_pton(AF_INET, volume_info.UNCip,&sin_server.sin_addr.s_addr);
1541
1542 if(rc <= 0) {
1543 /* not ipv4 address, try ipv6 */
1544 rc = cifs_inet_pton(AF_INET6,volume_info.UNCip,&sin_server6.sin6_addr.in6_u);
1545 if(rc > 0)
1546 address_type = AF_INET6;
1547 } else {
1548 address_type = AF_INET;
1549 }
1550
1551 if(rc <= 0) {
1552 /* we failed translating address */
1553 if(volume_info.UNC)
1554 kfree(volume_info.UNC);
1555 if(volume_info.password)
1556 kfree(volume_info.password);
1557 FreeXid(xid);
1558 return -EINVAL;
1559 }
1560
1561 cFYI(1, ("UNC: %s ip: %s", volume_info.UNC, volume_info.UNCip));
1562 /* success */
1563 rc = 0;
1564 } else if (volume_info.UNCip){
1565 /* BB using ip addr as server name connect to the DFS root below */
1566 cERROR(1,("Connecting to DFS root not implemented yet"));
1567 if(volume_info.UNC)
1568 kfree(volume_info.UNC);
1569 if(volume_info.password)
1570 kfree(volume_info.password);
1571 FreeXid(xid);
1572 return -EINVAL;
1573 } else /* which servers DFS root would we conect to */ {
1574 cERROR(1,
1575 ("CIFS mount error: No UNC path (e.g. -o unc=//192.168.1.100/public) specified "));
1576 if(volume_info.UNC)
1577 kfree(volume_info.UNC);
1578 if(volume_info.password)
1579 kfree(volume_info.password);
1580 FreeXid(xid);
1581 return -EINVAL;
1582 }
1583
1584 /* this is needed for ASCII cp to Unicode converts */
1585 if(volume_info.iocharset == NULL) {
1586 cifs_sb->local_nls = load_nls_default();
1587 /* load_nls_default can not return null */
1588 } else {
1589 cifs_sb->local_nls = load_nls(volume_info.iocharset);
1590 if(cifs_sb->local_nls == NULL) {
1591 cERROR(1,("CIFS mount error: iocharset %s not found",volume_info.iocharset));
1592 if(volume_info.UNC)
1593 kfree(volume_info.UNC);
1594 if(volume_info.password)
1595 kfree(volume_info.password);
1596 FreeXid(xid);
1597 return -ELIBACC;
1598 }
1599 }
1600
1601 if(address_type == AF_INET)
1602 existingCifsSes = cifs_find_tcp_session(&sin_server.sin_addr,
1603 NULL /* no ipv6 addr */,
1604 volume_info.username, &srvTcp);
1605 else if(address_type == AF_INET6)
1606 existingCifsSes = cifs_find_tcp_session(NULL /* no ipv4 addr */,
1607 &sin_server6.sin6_addr,
1608 volume_info.username, &srvTcp);
1609 else {
1610 if(volume_info.UNC)
1611 kfree(volume_info.UNC);
1612 if(volume_info.password)
1613 kfree(volume_info.password);
1614 FreeXid(xid);
1615 return -EINVAL;
1616 }
1617
1618
1619 if (srvTcp) {
1620 cFYI(1, ("Existing tcp session with server found "));
1621 } else { /* create socket */
1622 if(volume_info.port)
1623 sin_server.sin_port = htons(volume_info.port);
1624 else
1625 sin_server.sin_port = 0;
Steve Frencha10faeb22005-08-22 21:38:31 -0700[diff] [blame]1626 rc = ipv4_connect(&sin_server,&csocket,
1627 volume_info.source_rfc1001_name,
1628 volume_info.target_rfc1001_name);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1629 if (rc < 0) {
1630 cERROR(1,
1631 ("Error connecting to IPv4 socket. Aborting operation"));
1632 if(csocket != NULL)
1633 sock_release(csocket);
1634 if(volume_info.UNC)
1635 kfree(volume_info.UNC);
1636 if(volume_info.password)
1637 kfree(volume_info.password);
1638 FreeXid(xid);
1639 return rc;
1640 }
1641
1642 srvTcp = kmalloc(sizeof (struct TCP_Server_Info), GFP_KERNEL);
1643 if (srvTcp == NULL) {
1644 rc = -ENOMEM;
1645 sock_release(csocket);
1646 if(volume_info.UNC)
1647 kfree(volume_info.UNC);
1648 if(volume_info.password)
1649 kfree(volume_info.password);
1650 FreeXid(xid);
1651 return rc;
1652 } else {
1653 memset(srvTcp, 0, sizeof (struct TCP_Server_Info));
1654 memcpy(&srvTcp->addr.sockAddr, &sin_server, sizeof (struct sockaddr_in));
1655 atomic_set(&srvTcp->inFlight,0);
1656 /* BB Add code for ipv6 case too */
1657 srvTcp->ssocket = csocket;
1658 srvTcp->protocolType = IPV4;
1659 init_waitqueue_head(&srvTcp->response_q);
1660 init_waitqueue_head(&srvTcp->request_q);
1661 INIT_LIST_HEAD(&srvTcp->pending_mid_q);
1662 /* at this point we are the only ones with the pointer
1663 to the struct since the kernel thread not created yet
1664 so no need to spinlock this init of tcpStatus */
1665 srvTcp->tcpStatus = CifsNew;
1666 init_MUTEX(&srvTcp->tcpSem);
1667 rc = (int)kernel_thread((void *)(void *)cifs_demultiplex_thread, srvTcp,
1668 CLONE_FS | CLONE_FILES | CLONE_VM);
1669 if(rc < 0) {
1670 rc = -ENOMEM;
1671 sock_release(csocket);
1672 if(volume_info.UNC)
1673 kfree(volume_info.UNC);
1674 if(volume_info.password)
1675 kfree(volume_info.password);
1676 FreeXid(xid);
1677 return rc;
Steve Frenchf1914012005-08-18 09:37:34 -0700[diff] [blame]1678 }
1679 wait_for_completion(&cifsd_complete);
1680 rc = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1681 memcpy(srvTcp->workstation_RFC1001_name, volume_info.source_rfc1001_name,16);
Steve Frencha10faeb22005-08-22 21:38:31 -0700[diff] [blame]1682 memcpy(srvTcp->server_RFC1001_name, volume_info.target_rfc1001_name,16);
Steve Frenchad009ac2005-04-28 22:41:05 -0700[diff] [blame]1683 srvTcp->sequence_number = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1684 }
1685 }
1686
1687 if (existingCifsSes) {
1688 pSesInfo = existingCifsSes;
1689 cFYI(1, ("Existing smb sess found "));
1690 if(volume_info.password)
1691 kfree(volume_info.password);
1692 /* volume_info.UNC freed at end of function */
1693 } else if (!rc) {
1694 cFYI(1, ("Existing smb sess not found "));
1695 pSesInfo = sesInfoAlloc();
1696 if (pSesInfo == NULL)
1697 rc = -ENOMEM;
1698 else {
1699 pSesInfo->server = srvTcp;
1700 sprintf(pSesInfo->serverName, "%u.%u.%u.%u",
1701 NIPQUAD(sin_server.sin_addr.s_addr));
1702 }
1703
1704 if (!rc){
1705 /* volume_info.password freed at unmount */
1706 if (volume_info.password)
1707 pSesInfo->password = volume_info.password;
1708 if (volume_info.username)
1709 strncpy(pSesInfo->userName,
1710 volume_info.username,MAX_USERNAME_SIZE);
1711 if (volume_info.domainname)
1712 strncpy(pSesInfo->domainName,
1713 volume_info.domainname,MAX_USERNAME_SIZE);
1714 pSesInfo->linux_uid = volume_info.linux_uid;
1715 down(&pSesInfo->sesSem);
1716 rc = cifs_setup_session(xid,pSesInfo, cifs_sb->local_nls);
1717 up(&pSesInfo->sesSem);
1718 if(!rc)
1719 atomic_inc(&srvTcp->socketUseCount);
1720 } else
1721 if(volume_info.password)
1722 kfree(volume_info.password);
1723 }
1724
1725 /* search for existing tcon to this server share */
1726 if (!rc) {
1727 if((volume_info.rsize) && (volume_info.rsize <= CIFSMaxBufSize))
1728 cifs_sb->rsize = volume_info.rsize;
1729 else
1730 cifs_sb->rsize = srvTcp->maxBuf - MAX_CIFS_HDR_SIZE; /* default */
1731 if((volume_info.wsize) && (volume_info.wsize <= CIFSMaxBufSize))
1732 cifs_sb->wsize = volume_info.wsize;
1733 else
1734 cifs_sb->wsize = CIFSMaxBufSize; /* default */
1735 if(cifs_sb->rsize < PAGE_CACHE_SIZE) {
Steve French6b8edfe2005-08-23 20:26:03 -0700[diff] [blame]1736 cifs_sb->rsize = PAGE_CACHE_SIZE;
1737 /* Windows ME does this */
1738 cFYI(1,("Attempt to set readsize for mount to less than one page (4096)"));
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1739 }
1740 cifs_sb->mnt_uid = volume_info.linux_uid;
1741 cifs_sb->mnt_gid = volume_info.linux_gid;
1742 cifs_sb->mnt_file_mode = volume_info.file_mode;
1743 cifs_sb->mnt_dir_mode = volume_info.dir_mode;
1744 cFYI(1,("file mode: 0x%x dir mode: 0x%x",cifs_sb->mnt_file_mode,cifs_sb->mnt_dir_mode));
1745
1746 if(volume_info.noperm)
1747 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
1748 if(volume_info.setuids)
1749 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
1750 if(volume_info.server_ino)
1751 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
Steve French6a0b4822005-04-28 22:41:05 -0700[diff] [blame]1752 if(volume_info.remap)
1753 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1754 if(volume_info.no_xattr)
1755 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
Steve Frenchd7245c22005-07-14 18:25:12 -0500[diff] [blame]1756 if(volume_info.sfu_emul)
1757 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
Steve Frenchc46fa8a2005-08-18 20:49:57 -0700[diff] [blame]1758 if(volume_info.nobrl)
1759 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
Jeremy Allisonac670552005-06-22 17:26:35 -0700[diff] [blame]1760
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1761 if(volume_info.direct_io) {
Steve Frenchc46fa8a2005-08-18 20:49:57 -0700[diff] [blame]1762 cFYI(1,("mounting share using direct i/o"));
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1763 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
1764 }
1765
1766 tcon =
1767 find_unc(sin_server.sin_addr.s_addr, volume_info.UNC,
1768 volume_info.username);
1769 if (tcon) {
1770 cFYI(1, ("Found match on UNC path "));
1771 /* we can have only one retry value for a connection
1772 to a share so for resources mounted more than once
1773 to the same server share the last value passed in
1774 for the retry flag is used */
1775 tcon->retry = volume_info.retry;
Steve Frenchd3485d32005-08-19 11:04:29 -0700[diff] [blame]1776 tcon->nocase = volume_info.nocase;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1777 } else {
1778 tcon = tconInfoAlloc();
1779 if (tcon == NULL)
1780 rc = -ENOMEM;
1781 else {
1782 /* check for null share name ie connect to dfs root */
1783
1784 /* BB check if this works for exactly length three strings */
1785 if ((strchr(volume_info.UNC + 3, '\\') == NULL)
1786 && (strchr(volume_info.UNC + 3, '/') ==
1787 NULL)) {
Steve French737b7582005-04-28 22:41:06 -0700[diff] [blame]1788 rc = connect_to_dfs_path(xid, pSesInfo,
1789 "", cifs_sb->local_nls,
1790 cifs_sb->mnt_cifs_flags &
1791 CIFS_MOUNT_MAP_SPECIAL_CHR);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1792 if(volume_info.UNC)
1793 kfree(volume_info.UNC);
1794 FreeXid(xid);
1795 return -ENODEV;
1796 } else {
1797 rc = CIFSTCon(xid, pSesInfo,
1798 volume_info.UNC,
1799 tcon, cifs_sb->local_nls);
1800 cFYI(1, ("CIFS Tcon rc = %d", rc));
1801 }
1802 if (!rc) {
1803 atomic_inc(&pSesInfo->inUse);
1804 tcon->retry = volume_info.retry;
Steve Frenchd3485d32005-08-19 11:04:29 -0700[diff] [blame]1805 tcon->nocase = volume_info.nocase;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1806 }
1807 }
1808 }
1809 }
1810 if(pSesInfo) {
1811 if (pSesInfo->capabilities & CAP_LARGE_FILES) {
1812 sb->s_maxbytes = (u64) 1 << 63;
1813 } else
1814 sb->s_maxbytes = (u64) 1 << 31; /* 2 GB */
1815 }
1816
1817 sb->s_time_gran = 100;
1818
1819/* on error free sesinfo and tcon struct if needed */
1820 if (rc) {
1821 /* if session setup failed, use count is zero but
1822 we still need to free cifsd thread */
1823 if(atomic_read(&srvTcp->socketUseCount) == 0) {
1824 spin_lock(&GlobalMid_Lock);
1825 srvTcp->tcpStatus = CifsExiting;
1826 spin_unlock(&GlobalMid_Lock);
Steve Frenchf1914012005-08-18 09:37:34 -0700[diff] [blame]1827 if(srvTcp->tsk) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1828 send_sig(SIGKILL,srvTcp->tsk,1);
Steve Frenchf1914012005-08-18 09:37:34 -0700[diff] [blame]1829 wait_for_completion(&cifsd_complete);
1830 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1831 }
1832 /* If find_unc succeeded then rc == 0 so we can not end */
1833 if (tcon) /* up accidently freeing someone elses tcon struct */
1834 tconInfoFree(tcon);
1835 if (existingCifsSes == NULL) {
1836 if (pSesInfo) {
1837 if ((pSesInfo->server) &&
1838 (pSesInfo->status == CifsGood)) {
1839 int temp_rc;
1840 temp_rc = CIFSSMBLogoff(xid, pSesInfo);
1841 /* if the socketUseCount is now zero */
1842 if((temp_rc == -ESHUTDOWN) &&
Steve Frenchf1914012005-08-18 09:37:34 -0700[diff] [blame]1843 (pSesInfo->server->tsk)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1844 send_sig(SIGKILL,pSesInfo->server->tsk,1);
Steve Frenchf1914012005-08-18 09:37:34 -0700[diff] [blame]1845 wait_for_completion(&cifsd_complete);
1846 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1847 } else
1848 cFYI(1, ("No session or bad tcon"));
1849 sesInfoFree(pSesInfo);
1850 /* pSesInfo = NULL; */
1851 }
1852 }
1853 } else {
1854 atomic_inc(&tcon->useCount);
1855 cifs_sb->tcon = tcon;
1856 tcon->ses = pSesInfo;
1857
1858 /* do not care if following two calls succeed - informational only */
Steve French737b7582005-04-28 22:41:06 -0700[diff] [blame]1859 CIFSSMBQFSDeviceInfo(xid, tcon);
1860 CIFSSMBQFSAttributeInfo(xid, tcon);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1861 if (tcon->ses->capabilities & CAP_UNIX) {
Steve French737b7582005-04-28 22:41:06 -0700[diff] [blame]1862 if(!CIFSSMBQFSUnixInfo(xid, tcon)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1863 if(!volume_info.no_psx_acl) {
1864 if(CIFS_UNIX_POSIX_ACL_CAP &
1865 le64_to_cpu(tcon->fsUnixInfo.Capability))
1866 cFYI(1,("server negotiated posix acl support"));
1867 sb->s_flags |= MS_POSIXACL;
1868 }
Jeremy Allisonac670552005-06-22 17:26:35 -0700[diff] [blame]1869
1870 /* Try and negotiate POSIX pathnames if we can. */
1871 if (volume_info.posix_paths && (CIFS_UNIX_POSIX_PATHNAMES_CAP &
1872 le64_to_cpu(tcon->fsUnixInfo.Capability))) {
Steve French45abc6e2005-06-23 13:42:03 -0500[diff] [blame]1873 if (!CIFSSMBSetFSUnixInfo(xid, tcon, CIFS_UNIX_POSIX_PATHNAMES_CAP)) {
Jeremy Allisonac670552005-06-22 17:26:35 -0700[diff] [blame]1874 cFYI(1,("negotiated posix pathnames support"));
1875 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_POSIX_PATHS;
1876 } else {
1877 cFYI(1,("posix pathnames support requested but not supported"));
1878 }
1879 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1880 }
1881 }
1882 }
1883
1884 /* volume_info.password is freed above when existing session found
1885 (in which case it is not needed anymore) but when new sesion is created
1886 the password ptr is put in the new session structure (in which case the
1887 password will be freed at unmount time) */
1888 if(volume_info.UNC)
1889 kfree(volume_info.UNC);
1890 FreeXid(xid);
1891 return rc;
1892}
1893
1894static int
1895CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
1896 char session_key[CIFS_SESSION_KEY_SIZE],
1897 const struct nls_table *nls_codepage)
1898{
1899 struct smb_hdr *smb_buffer;
1900 struct smb_hdr *smb_buffer_response;
1901 SESSION_SETUP_ANDX *pSMB;
1902 SESSION_SETUP_ANDX *pSMBr;
1903 char *bcc_ptr;
1904 char *user;
1905 char *domain;
1906 int rc = 0;
1907 int remaining_words = 0;
1908 int bytes_returned = 0;
1909 int len;
1910 __u32 capabilities;
1911 __u16 count;
1912
1913 cFYI(1, ("In sesssetup "));
1914 if(ses == NULL)
1915 return -EINVAL;
1916 user = ses->userName;
1917 domain = ses->domainName;
1918 smb_buffer = cifs_buf_get();
1919 if (smb_buffer == NULL) {
1920 return -ENOMEM;
1921 }
1922 smb_buffer_response = smb_buffer;
1923 pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
1924
1925 /* send SMBsessionSetup here */
1926 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
1927 NULL /* no tCon exists yet */ , 13 /* wct */ );
1928
Steve French1982c342005-08-17 12:38:22 -0700[diff] [blame]1929 smb_buffer->Mid = GetNextMid(ses->server);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1930 pSMB->req_no_secext.AndXCommand = 0xFF;
1931 pSMB->req_no_secext.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
1932 pSMB->req_no_secext.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
1933
1934 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
1935 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
1936
1937 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
1938 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
1939 if (ses->capabilities & CAP_UNICODE) {
1940 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
1941 capabilities |= CAP_UNICODE;
1942 }
1943 if (ses->capabilities & CAP_STATUS32) {
1944 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
1945 capabilities |= CAP_STATUS32;
1946 }
1947 if (ses->capabilities & CAP_DFS) {
1948 smb_buffer->Flags2 |= SMBFLG2_DFS;
1949 capabilities |= CAP_DFS;
1950 }
1951 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
1952
1953 pSMB->req_no_secext.CaseInsensitivePasswordLength =
1954 cpu_to_le16(CIFS_SESSION_KEY_SIZE);
1955
1956 pSMB->req_no_secext.CaseSensitivePasswordLength =
1957 cpu_to_le16(CIFS_SESSION_KEY_SIZE);
1958 bcc_ptr = pByteArea(smb_buffer);
1959 memcpy(bcc_ptr, (char *) session_key, CIFS_SESSION_KEY_SIZE);
1960 bcc_ptr += CIFS_SESSION_KEY_SIZE;
1961 memcpy(bcc_ptr, (char *) session_key, CIFS_SESSION_KEY_SIZE);
1962 bcc_ptr += CIFS_SESSION_KEY_SIZE;
1963
1964 if (ses->capabilities & CAP_UNICODE) {
1965 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode */
1966 *bcc_ptr = 0;
1967 bcc_ptr++;
1968 }
1969 if(user == NULL)
1970 bytes_returned = 0; /* skill null user */
1971 else
1972 bytes_returned =
1973 cifs_strtoUCS((wchar_t *) bcc_ptr, user, 100,
1974 nls_codepage);
1975 /* convert number of 16 bit words to bytes */
1976 bcc_ptr += 2 * bytes_returned;
1977 bcc_ptr += 2; /* trailing null */
1978 if (domain == NULL)
1979 bytes_returned =
1980 cifs_strtoUCS((wchar_t *) bcc_ptr,
1981 "CIFS_LINUX_DOM", 32, nls_codepage);
1982 else
1983 bytes_returned =
1984 cifs_strtoUCS((wchar_t *) bcc_ptr, domain, 64,
1985 nls_codepage);
1986 bcc_ptr += 2 * bytes_returned;
1987 bcc_ptr += 2;
1988 bytes_returned =
1989 cifs_strtoUCS((wchar_t *) bcc_ptr, "Linux version ",
1990 32, nls_codepage);
1991 bcc_ptr += 2 * bytes_returned;
1992 bytes_returned =
1993 cifs_strtoUCS((wchar_t *) bcc_ptr, system_utsname.release,
1994 32, nls_codepage);
1995 bcc_ptr += 2 * bytes_returned;
1996 bcc_ptr += 2;
1997 bytes_returned =
1998 cifs_strtoUCS((wchar_t *) bcc_ptr, CIFS_NETWORK_OPSYS,
1999 64, nls_codepage);
2000 bcc_ptr += 2 * bytes_returned;
2001 bcc_ptr += 2;
2002 } else {
2003 if(user != NULL) {
2004 strncpy(bcc_ptr, user, 200);
2005 bcc_ptr += strnlen(user, 200);
2006 }
2007 *bcc_ptr = 0;
2008 bcc_ptr++;
2009 if (domain == NULL) {
2010 strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2011 bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2012 } else {
2013 strncpy(bcc_ptr, domain, 64);
2014 bcc_ptr += strnlen(domain, 64);
2015 *bcc_ptr = 0;
2016 bcc_ptr++;
2017 }
2018 strcpy(bcc_ptr, "Linux version ");
2019 bcc_ptr += strlen("Linux version ");
2020 strcpy(bcc_ptr, system_utsname.release);
2021 bcc_ptr += strlen(system_utsname.release) + 1;
2022 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2023 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2024 }
2025 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2026 smb_buffer->smb_buf_length += count;
2027 pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
2028
2029 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2030 &bytes_returned, 1);
2031 if (rc) {
2032/* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2033 } else if ((smb_buffer_response->WordCount == 3)
2034 || (smb_buffer_response->WordCount == 4)) {
2035 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2036 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2037 if (action & GUEST_LOGIN)
2038 cFYI(1, (" Guest login")); /* do we want to mark SesInfo struct ? */
2039 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format (le) */
2040 cFYI(1, ("UID = %d ", ses->Suid));
2041 /* response can have either 3 or 4 word count - Samba sends 3 */
2042 bcc_ptr = pByteArea(smb_buffer_response);
2043 if ((pSMBr->resp.hdr.WordCount == 3)
2044 || ((pSMBr->resp.hdr.WordCount == 4)
2045 && (blob_len < pSMBr->resp.ByteCount))) {
2046 if (pSMBr->resp.hdr.WordCount == 4)
2047 bcc_ptr += blob_len;
2048
2049 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2050 if ((long) (bcc_ptr) % 2) {
2051 remaining_words =
2052 (BCC(smb_buffer_response) - 1) /2;
2053 bcc_ptr++; /* Unicode strings must be word aligned */
2054 } else {
2055 remaining_words =
2056 BCC(smb_buffer_response) / 2;
2057 }
2058 len =
2059 UniStrnlen((wchar_t *) bcc_ptr,
2060 remaining_words - 1);
2061/* We look for obvious messed up bcc or strings in response so we do not go off
2062 the end since (at least) WIN2K and Windows XP have a major bug in not null
2063 terminating last Unicode string in response */
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2064 ses->serverOS = kcalloc(1, 2 * (len + 1), GFP_KERNEL);
2065 if(ses->serverOS == NULL)
2066 goto sesssetup_nomem;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2067 cifs_strfromUCS_le(ses->serverOS,
2068 (wchar_t *)bcc_ptr, len,nls_codepage);
2069 bcc_ptr += 2 * (len + 1);
2070 remaining_words -= len + 1;
2071 ses->serverOS[2 * len] = 0;
2072 ses->serverOS[1 + (2 * len)] = 0;
2073 if (remaining_words > 0) {
2074 len = UniStrnlen((wchar_t *)bcc_ptr,
2075 remaining_words-1);
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2076 ses->serverNOS = kcalloc(1, 2 * (len + 1),GFP_KERNEL);
2077 if(ses->serverNOS == NULL)
2078 goto sesssetup_nomem;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2079 cifs_strfromUCS_le(ses->serverNOS,
2080 (wchar_t *)bcc_ptr,len,nls_codepage);
2081 bcc_ptr += 2 * (len + 1);
2082 ses->serverNOS[2 * len] = 0;
2083 ses->serverNOS[1 + (2 * len)] = 0;
2084 if(strncmp(ses->serverNOS,
2085 "NT LAN Manager 4",16) == 0) {
2086 cFYI(1,("NT4 server"));
2087 ses->flags |= CIFS_SES_NT4;
2088 }
2089 remaining_words -= len + 1;
2090 if (remaining_words > 0) {
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2091 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2092 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2093 ses->serverDomain =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2094 kcalloc(1, 2*(len+1),GFP_KERNEL);
2095 if(ses->serverDomain == NULL)
2096 goto sesssetup_nomem;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2097 cifs_strfromUCS_le(ses->serverDomain,
2098 (wchar_t *)bcc_ptr,len,nls_codepage);
2099 bcc_ptr += 2 * (len + 1);
2100 ses->serverDomain[2*len] = 0;
2101 ses->serverDomain[1+(2*len)] = 0;
2102 } /* else no more room so create dummy domain string */
2103 else
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2104 ses->serverDomain =
2105 kcalloc(1, 2, GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2106 } else { /* no room so create dummy domain and NOS string */
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2107 /* if these kcallocs fail not much we
2108 can do, but better to not fail the
2109 sesssetup itself */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2110 ses->serverDomain =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2111 kcalloc(1, 2, GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2112 ses->serverNOS =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2113 kcalloc(1, 2, GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2114 }
2115 } else { /* ASCII */
2116 len = strnlen(bcc_ptr, 1024);
2117 if (((long) bcc_ptr + len) - (long)
2118 pByteArea(smb_buffer_response)
2119 <= BCC(smb_buffer_response)) {
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2120 ses->serverOS = kcalloc(1, len + 1,GFP_KERNEL);
2121 if(ses->serverOS == NULL)
2122 goto sesssetup_nomem;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2123 strncpy(ses->serverOS,bcc_ptr, len);
2124
2125 bcc_ptr += len;
2126 bcc_ptr[0] = 0; /* null terminate the string */
2127 bcc_ptr++;
2128
2129 len = strnlen(bcc_ptr, 1024);
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2130 ses->serverNOS = kcalloc(1, len + 1,GFP_KERNEL);
2131 if(ses->serverNOS == NULL)
2132 goto sesssetup_nomem;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2133 strncpy(ses->serverNOS, bcc_ptr, len);
2134 bcc_ptr += len;
2135 bcc_ptr[0] = 0;
2136 bcc_ptr++;
2137
2138 len = strnlen(bcc_ptr, 1024);
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2139 ses->serverDomain = kcalloc(1, len + 1,GFP_KERNEL);
2140 if(ses->serverDomain == NULL)
2141 goto sesssetup_nomem;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2142 strncpy(ses->serverDomain, bcc_ptr, len);
2143 bcc_ptr += len;
2144 bcc_ptr[0] = 0;
2145 bcc_ptr++;
2146 } else
2147 cFYI(1,
2148 ("Variable field of length %d extends beyond end of smb ",
2149 len));
2150 }
2151 } else {
2152 cERROR(1,
2153 (" Security Blob Length extends beyond end of SMB"));
2154 }
2155 } else {
2156 cERROR(1,
2157 (" Invalid Word count %d: ",
2158 smb_buffer_response->WordCount));
2159 rc = -EIO;
2160 }
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2161sesssetup_nomem: /* do not return an error on nomem for the info strings,
2162 since that could make reconnection harder, and
2163 reconnection might be needed to free memory */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2164 if (smb_buffer)
2165 cifs_buf_release(smb_buffer);
2166
2167 return rc;
2168}
2169
2170static int
2171CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2172 char *SecurityBlob,int SecurityBlobLength,
2173 const struct nls_table *nls_codepage)
2174{
2175 struct smb_hdr *smb_buffer;
2176 struct smb_hdr *smb_buffer_response;
2177 SESSION_SETUP_ANDX *pSMB;
2178 SESSION_SETUP_ANDX *pSMBr;
2179 char *bcc_ptr;
2180 char *user;
2181 char *domain;
2182 int rc = 0;
2183 int remaining_words = 0;
2184 int bytes_returned = 0;
2185 int len;
2186 __u32 capabilities;
2187 __u16 count;
2188
2189 cFYI(1, ("In spnego sesssetup "));
2190 if(ses == NULL)
2191 return -EINVAL;
2192 user = ses->userName;
2193 domain = ses->domainName;
2194
2195 smb_buffer = cifs_buf_get();
2196 if (smb_buffer == NULL) {
2197 return -ENOMEM;
2198 }
2199 smb_buffer_response = smb_buffer;
2200 pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2201
2202 /* send SMBsessionSetup here */
2203 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2204 NULL /* no tCon exists yet */ , 12 /* wct */ );
Steve French1982c342005-08-17 12:38:22 -0700[diff] [blame]2205
2206 smb_buffer->Mid = GetNextMid(ses->server);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2207 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2208 pSMB->req.AndXCommand = 0xFF;
2209 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2210 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2211
2212 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2213 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2214
2215 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2216 CAP_EXTENDED_SECURITY;
2217 if (ses->capabilities & CAP_UNICODE) {
2218 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2219 capabilities |= CAP_UNICODE;
2220 }
2221 if (ses->capabilities & CAP_STATUS32) {
2222 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2223 capabilities |= CAP_STATUS32;
2224 }
2225 if (ses->capabilities & CAP_DFS) {
2226 smb_buffer->Flags2 |= SMBFLG2_DFS;
2227 capabilities |= CAP_DFS;
2228 }
2229 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2230
2231 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2232 bcc_ptr = pByteArea(smb_buffer);
2233 memcpy(bcc_ptr, SecurityBlob, SecurityBlobLength);
2234 bcc_ptr += SecurityBlobLength;
2235
2236 if (ses->capabilities & CAP_UNICODE) {
2237 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode strings */
2238 *bcc_ptr = 0;
2239 bcc_ptr++;
2240 }
2241 bytes_returned =
2242 cifs_strtoUCS((wchar_t *) bcc_ptr, user, 100, nls_codepage);
2243 bcc_ptr += 2 * bytes_returned; /* convert num of 16 bit words to bytes */
2244 bcc_ptr += 2; /* trailing null */
2245 if (domain == NULL)
2246 bytes_returned =
2247 cifs_strtoUCS((wchar_t *) bcc_ptr,
2248 "CIFS_LINUX_DOM", 32, nls_codepage);
2249 else
2250 bytes_returned =
2251 cifs_strtoUCS((wchar_t *) bcc_ptr, domain, 64,
2252 nls_codepage);
2253 bcc_ptr += 2 * bytes_returned;
2254 bcc_ptr += 2;
2255 bytes_returned =
2256 cifs_strtoUCS((wchar_t *) bcc_ptr, "Linux version ",
2257 32, nls_codepage);
2258 bcc_ptr += 2 * bytes_returned;
2259 bytes_returned =
2260 cifs_strtoUCS((wchar_t *) bcc_ptr, system_utsname.release, 32,
2261 nls_codepage);
2262 bcc_ptr += 2 * bytes_returned;
2263 bcc_ptr += 2;
2264 bytes_returned =
2265 cifs_strtoUCS((wchar_t *) bcc_ptr, CIFS_NETWORK_OPSYS,
2266 64, nls_codepage);
2267 bcc_ptr += 2 * bytes_returned;
2268 bcc_ptr += 2;
2269 } else {
2270 strncpy(bcc_ptr, user, 200);
2271 bcc_ptr += strnlen(user, 200);
2272 *bcc_ptr = 0;
2273 bcc_ptr++;
2274 if (domain == NULL) {
2275 strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2276 bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2277 } else {
2278 strncpy(bcc_ptr, domain, 64);
2279 bcc_ptr += strnlen(domain, 64);
2280 *bcc_ptr = 0;
2281 bcc_ptr++;
2282 }
2283 strcpy(bcc_ptr, "Linux version ");
2284 bcc_ptr += strlen("Linux version ");
2285 strcpy(bcc_ptr, system_utsname.release);
2286 bcc_ptr += strlen(system_utsname.release) + 1;
2287 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2288 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2289 }
2290 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2291 smb_buffer->smb_buf_length += count;
2292 pSMB->req.ByteCount = cpu_to_le16(count);
2293
2294 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2295 &bytes_returned, 1);
2296 if (rc) {
2297/* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2298 } else if ((smb_buffer_response->WordCount == 3)
2299 || (smb_buffer_response->WordCount == 4)) {
2300 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2301 __u16 blob_len =
2302 le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2303 if (action & GUEST_LOGIN)
2304 cFYI(1, (" Guest login")); /* BB do we want to set anything in SesInfo struct ? */
2305 if (ses) {
2306 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format (le) */
2307 cFYI(1, ("UID = %d ", ses->Suid));
2308 bcc_ptr = pByteArea(smb_buffer_response); /* response can have either 3 or 4 word count - Samba sends 3 */
2309
2310 /* BB Fix below to make endian neutral !! */
2311
2312 if ((pSMBr->resp.hdr.WordCount == 3)
2313 || ((pSMBr->resp.hdr.WordCount == 4)
2314 && (blob_len <
2315 pSMBr->resp.ByteCount))) {
2316 if (pSMBr->resp.hdr.WordCount == 4) {
2317 bcc_ptr +=
2318 blob_len;
2319 cFYI(1,
2320 ("Security Blob Length %d ",
2321 blob_len));
2322 }
2323
2324 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2325 if ((long) (bcc_ptr) % 2) {
2326 remaining_words =
2327 (BCC(smb_buffer_response)
2328 - 1) / 2;
2329 bcc_ptr++; /* Unicode strings must be word aligned */
2330 } else {
2331 remaining_words =
2332 BCC
2333 (smb_buffer_response) / 2;
2334 }
2335 len =
2336 UniStrnlen((wchar_t *) bcc_ptr,
2337 remaining_words - 1);
2338/* We look for obvious messed up bcc or strings in response so we do not go off
2339 the end since (at least) WIN2K and Windows XP have a major bug in not null
2340 terminating last Unicode string in response */
2341 ses->serverOS =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2342 kcalloc(1, 2 * (len + 1), GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2343 cifs_strfromUCS_le(ses->serverOS,
2344 (wchar_t *)
2345 bcc_ptr, len,
2346 nls_codepage);
2347 bcc_ptr += 2 * (len + 1);
2348 remaining_words -= len + 1;
2349 ses->serverOS[2 * len] = 0;
2350 ses->serverOS[1 + (2 * len)] = 0;
2351 if (remaining_words > 0) {
2352 len = UniStrnlen((wchar_t *)bcc_ptr,
2353 remaining_words
2354 - 1);
2355 ses->serverNOS =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2356 kcalloc(1, 2 * (len + 1),
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2357 GFP_KERNEL);
2358 cifs_strfromUCS_le(ses->serverNOS,
2359 (wchar_t *)bcc_ptr,
2360 len,
2361 nls_codepage);
2362 bcc_ptr += 2 * (len + 1);
2363 ses->serverNOS[2 * len] = 0;
2364 ses->serverNOS[1 + (2 * len)] = 0;
2365 remaining_words -= len + 1;
2366 if (remaining_words > 0) {
2367 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2368 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2369 ses->serverDomain = kcalloc(1, 2*(len+1),GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2370 cifs_strfromUCS_le(ses->serverDomain,
2371 (wchar_t *)bcc_ptr,
2372 len,
2373 nls_codepage);
2374 bcc_ptr += 2*(len+1);
2375 ses->serverDomain[2*len] = 0;
2376 ses->serverDomain[1+(2*len)] = 0;
2377 } /* else no more room so create dummy domain string */
2378 else
2379 ses->serverDomain =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2380 kcalloc(1, 2,GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2381 } else { /* no room so create dummy domain and NOS string */
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2382 ses->serverDomain = kcalloc(1, 2, GFP_KERNEL);
2383 ses->serverNOS = kcalloc(1, 2, GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2384 }
2385 } else { /* ASCII */
2386
2387 len = strnlen(bcc_ptr, 1024);
2388 if (((long) bcc_ptr + len) - (long)
2389 pByteArea(smb_buffer_response)
2390 <= BCC(smb_buffer_response)) {
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2391 ses->serverOS = kcalloc(1, len + 1, GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2392 strncpy(ses->serverOS, bcc_ptr, len);
2393
2394 bcc_ptr += len;
2395 bcc_ptr[0] = 0; /* null terminate the string */
2396 bcc_ptr++;
2397
2398 len = strnlen(bcc_ptr, 1024);
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2399 ses->serverNOS = kcalloc(1, len + 1,GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2400 strncpy(ses->serverNOS, bcc_ptr, len);
2401 bcc_ptr += len;
2402 bcc_ptr[0] = 0;
2403 bcc_ptr++;
2404
2405 len = strnlen(bcc_ptr, 1024);
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2406 ses->serverDomain = kcalloc(1, len + 1, GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2407 strncpy(ses->serverDomain, bcc_ptr, len);
2408 bcc_ptr += len;
2409 bcc_ptr[0] = 0;
2410 bcc_ptr++;
2411 } else
2412 cFYI(1,
2413 ("Variable field of length %d extends beyond end of smb ",
2414 len));
2415 }
2416 } else {
2417 cERROR(1,
2418 (" Security Blob Length extends beyond end of SMB"));
2419 }
2420 } else {
2421 cERROR(1, ("No session structure passed in."));
2422 }
2423 } else {
2424 cERROR(1,
2425 (" Invalid Word count %d: ",
2426 smb_buffer_response->WordCount));
2427 rc = -EIO;
2428 }
2429
2430 if (smb_buffer)
2431 cifs_buf_release(smb_buffer);
2432
2433 return rc;
2434}
2435
2436static int
2437CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2438 struct cifsSesInfo *ses, int * pNTLMv2_flag,
2439 const struct nls_table *nls_codepage)
2440{
2441 struct smb_hdr *smb_buffer;
2442 struct smb_hdr *smb_buffer_response;
2443 SESSION_SETUP_ANDX *pSMB;
2444 SESSION_SETUP_ANDX *pSMBr;
2445 char *bcc_ptr;
2446 char *domain;
2447 int rc = 0;
2448 int remaining_words = 0;
2449 int bytes_returned = 0;
2450 int len;
2451 int SecurityBlobLength = sizeof (NEGOTIATE_MESSAGE);
2452 PNEGOTIATE_MESSAGE SecurityBlob;
2453 PCHALLENGE_MESSAGE SecurityBlob2;
2454 __u32 negotiate_flags, capabilities;
2455 __u16 count;
2456
2457 cFYI(1, ("In NTLMSSP sesssetup (negotiate) "));
2458 if(ses == NULL)
2459 return -EINVAL;
2460 domain = ses->domainName;
2461 *pNTLMv2_flag = FALSE;
2462 smb_buffer = cifs_buf_get();
2463 if (smb_buffer == NULL) {
2464 return -ENOMEM;
2465 }
2466 smb_buffer_response = smb_buffer;
2467 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2468 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2469
2470 /* send SMBsessionSetup here */
2471 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2472 NULL /* no tCon exists yet */ , 12 /* wct */ );
Steve French1982c342005-08-17 12:38:22 -0700[diff] [blame]2473
2474 smb_buffer->Mid = GetNextMid(ses->server);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2475 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2476 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2477
2478 pSMB->req.AndXCommand = 0xFF;
2479 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2480 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2481
2482 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2483 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2484
2485 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2486 CAP_EXTENDED_SECURITY;
2487 if (ses->capabilities & CAP_UNICODE) {
2488 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2489 capabilities |= CAP_UNICODE;
2490 }
2491 if (ses->capabilities & CAP_STATUS32) {
2492 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2493 capabilities |= CAP_STATUS32;
2494 }
2495 if (ses->capabilities & CAP_DFS) {
2496 smb_buffer->Flags2 |= SMBFLG2_DFS;
2497 capabilities |= CAP_DFS;
2498 }
2499 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2500
2501 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2502 SecurityBlob = (PNEGOTIATE_MESSAGE) bcc_ptr;
2503 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2504 SecurityBlob->MessageType = NtLmNegotiate;
2505 negotiate_flags =
2506 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
2507 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM | 0x80000000 |
2508 /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
2509 if(sign_CIFS_PDUs)
2510 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
2511 if(ntlmv2_support)
2512 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
2513 /* setup pointers to domain name and workstation name */
2514 bcc_ptr += SecurityBlobLength;
2515
2516 SecurityBlob->WorkstationName.Buffer = 0;
2517 SecurityBlob->WorkstationName.Length = 0;
2518 SecurityBlob->WorkstationName.MaximumLength = 0;
2519
2520 if (domain == NULL) {
2521 SecurityBlob->DomainName.Buffer = 0;
2522 SecurityBlob->DomainName.Length = 0;
2523 SecurityBlob->DomainName.MaximumLength = 0;
2524 } else {
2525 __u16 len;
2526 negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
2527 strncpy(bcc_ptr, domain, 63);
2528 len = strnlen(domain, 64);
2529 SecurityBlob->DomainName.MaximumLength =
2530 cpu_to_le16(len);
2531 SecurityBlob->DomainName.Buffer =
2532 cpu_to_le32((long) &SecurityBlob->
2533 DomainString -
2534 (long) &SecurityBlob->Signature);
2535 bcc_ptr += len;
2536 SecurityBlobLength += len;
2537 SecurityBlob->DomainName.Length =
2538 cpu_to_le16(len);
2539 }
2540 if (ses->capabilities & CAP_UNICODE) {
2541 if ((long) bcc_ptr % 2) {
2542 *bcc_ptr = 0;
2543 bcc_ptr++;
2544 }
2545
2546 bytes_returned =
2547 cifs_strtoUCS((wchar_t *) bcc_ptr, "Linux version ",
2548 32, nls_codepage);
2549 bcc_ptr += 2 * bytes_returned;
2550 bytes_returned =
2551 cifs_strtoUCS((wchar_t *) bcc_ptr, system_utsname.release, 32,
2552 nls_codepage);
2553 bcc_ptr += 2 * bytes_returned;
2554 bcc_ptr += 2; /* null terminate Linux version */
2555 bytes_returned =
2556 cifs_strtoUCS((wchar_t *) bcc_ptr, CIFS_NETWORK_OPSYS,
2557 64, nls_codepage);
2558 bcc_ptr += 2 * bytes_returned;
2559 *(bcc_ptr + 1) = 0;
2560 *(bcc_ptr + 2) = 0;
2561 bcc_ptr += 2; /* null terminate network opsys string */
2562 *(bcc_ptr + 1) = 0;
2563 *(bcc_ptr + 2) = 0;
2564 bcc_ptr += 2; /* null domain */
2565 } else { /* ASCII */
2566 strcpy(bcc_ptr, "Linux version ");
2567 bcc_ptr += strlen("Linux version ");
2568 strcpy(bcc_ptr, system_utsname.release);
2569 bcc_ptr += strlen(system_utsname.release) + 1;
2570 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2571 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2572 bcc_ptr++; /* empty domain field */
2573 *bcc_ptr = 0;
2574 }
2575 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2576 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2577 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2578 smb_buffer->smb_buf_length += count;
2579 pSMB->req.ByteCount = cpu_to_le16(count);
2580
2581 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2582 &bytes_returned, 1);
2583
2584 if (smb_buffer_response->Status.CifsError ==
2585 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
2586 rc = 0;
2587
2588 if (rc) {
2589/* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2590 } else if ((smb_buffer_response->WordCount == 3)
2591 || (smb_buffer_response->WordCount == 4)) {
2592 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2593 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2594
2595 if (action & GUEST_LOGIN)
2596 cFYI(1, (" Guest login"));
2597 /* Do we want to set anything in SesInfo struct when guest login? */
2598
2599 bcc_ptr = pByteArea(smb_buffer_response);
2600 /* response can have either 3 or 4 word count - Samba sends 3 */
2601
2602 SecurityBlob2 = (PCHALLENGE_MESSAGE) bcc_ptr;
2603 if (SecurityBlob2->MessageType != NtLmChallenge) {
2604 cFYI(1,
2605 ("Unexpected NTLMSSP message type received %d",
2606 SecurityBlob2->MessageType));
2607 } else if (ses) {
2608 ses->Suid = smb_buffer_response->Uid; /* UID left in le format */
2609 cFYI(1, ("UID = %d ", ses->Suid));
2610 if ((pSMBr->resp.hdr.WordCount == 3)
2611 || ((pSMBr->resp.hdr.WordCount == 4)
2612 && (blob_len <
2613 pSMBr->resp.ByteCount))) {
2614
2615 if (pSMBr->resp.hdr.WordCount == 4) {
2616 bcc_ptr += blob_len;
2617 cFYI(1,
2618 ("Security Blob Length %d ",
2619 blob_len));
2620 }
2621
2622 cFYI(1, ("NTLMSSP Challenge rcvd "));
2623
2624 memcpy(ses->server->cryptKey,
2625 SecurityBlob2->Challenge,
2626 CIFS_CRYPTO_KEY_SIZE);
2627 if(SecurityBlob2->NegotiateFlags & cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
2628 *pNTLMv2_flag = TRUE;
2629
2630 if((SecurityBlob2->NegotiateFlags &
2631 cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN))
2632 || (sign_CIFS_PDUs > 1))
2633 ses->server->secMode |=
2634 SECMODE_SIGN_REQUIRED;
2635 if ((SecurityBlob2->NegotiateFlags &
2636 cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN)) && (sign_CIFS_PDUs))
2637 ses->server->secMode |=
2638 SECMODE_SIGN_ENABLED;
2639
2640 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2641 if ((long) (bcc_ptr) % 2) {
2642 remaining_words =
2643 (BCC(smb_buffer_response)
2644 - 1) / 2;
2645 bcc_ptr++; /* Unicode strings must be word aligned */
2646 } else {
2647 remaining_words =
2648 BCC
2649 (smb_buffer_response) / 2;
2650 }
2651 len =
2652 UniStrnlen((wchar_t *) bcc_ptr,
2653 remaining_words - 1);
2654/* We look for obvious messed up bcc or strings in response so we do not go off
2655 the end since (at least) WIN2K and Windows XP have a major bug in not null
2656 terminating last Unicode string in response */
2657 ses->serverOS =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2658 kcalloc(1, 2 * (len + 1), GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2659 cifs_strfromUCS_le(ses->serverOS,
2660 (wchar_t *)
2661 bcc_ptr, len,
2662 nls_codepage);
2663 bcc_ptr += 2 * (len + 1);
2664 remaining_words -= len + 1;
2665 ses->serverOS[2 * len] = 0;
2666 ses->serverOS[1 + (2 * len)] = 0;
2667 if (remaining_words > 0) {
2668 len = UniStrnlen((wchar_t *)
2669 bcc_ptr,
2670 remaining_words
2671 - 1);
2672 ses->serverNOS =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2673 kcalloc(1, 2 * (len + 1),
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2674 GFP_KERNEL);
2675 cifs_strfromUCS_le(ses->
2676 serverNOS,
2677 (wchar_t *)
2678 bcc_ptr,
2679 len,
2680 nls_codepage);
2681 bcc_ptr += 2 * (len + 1);
2682 ses->serverNOS[2 * len] = 0;
2683 ses->serverNOS[1 +
2684 (2 * len)] = 0;
2685 remaining_words -= len + 1;
2686 if (remaining_words > 0) {
2687 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2688 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2689 ses->serverDomain =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2690 kcalloc(1, 2 *
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2691 (len +
2692 1),
2693 GFP_KERNEL);
2694 cifs_strfromUCS_le
2695 (ses->
2696 serverDomain,
2697 (wchar_t *)
2698 bcc_ptr, len,
2699 nls_codepage);
2700 bcc_ptr +=
2701 2 * (len + 1);
2702 ses->
2703 serverDomain[2
2704 * len]
2705 = 0;
2706 ses->
2707 serverDomain[1
2708 +
2709 (2
2710 *
2711 len)]
2712 = 0;
2713 } /* else no more room so create dummy domain string */
2714 else
2715 ses->serverDomain =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2716 kcalloc(1, 2,
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2717 GFP_KERNEL);
2718 } else { /* no room so create dummy domain and NOS string */
2719 ses->serverDomain =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2720 kcalloc(1, 2, GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2721 ses->serverNOS =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2722 kcalloc(1, 2, GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2723 }
2724 } else { /* ASCII */
2725 len = strnlen(bcc_ptr, 1024);
2726 if (((long) bcc_ptr + len) - (long)
2727 pByteArea(smb_buffer_response)
2728 <= BCC(smb_buffer_response)) {
2729 ses->serverOS =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2730 kcalloc(1, len + 1,
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2731 GFP_KERNEL);
2732 strncpy(ses->serverOS,
2733 bcc_ptr, len);
2734
2735 bcc_ptr += len;
2736 bcc_ptr[0] = 0; /* null terminate string */
2737 bcc_ptr++;
2738
2739 len = strnlen(bcc_ptr, 1024);
2740 ses->serverNOS =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2741 kcalloc(1, len + 1,
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2742 GFP_KERNEL);
2743 strncpy(ses->serverNOS, bcc_ptr, len);
2744 bcc_ptr += len;
2745 bcc_ptr[0] = 0;
2746 bcc_ptr++;
2747
2748 len = strnlen(bcc_ptr, 1024);
2749 ses->serverDomain =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2750 kcalloc(1, len + 1,
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2751 GFP_KERNEL);
2752 strncpy(ses->serverDomain, bcc_ptr, len);
2753 bcc_ptr += len;
2754 bcc_ptr[0] = 0;
2755 bcc_ptr++;
2756 } else
2757 cFYI(1,
2758 ("Variable field of length %d extends beyond end of smb ",
2759 len));
2760 }
2761 } else {
2762 cERROR(1,
2763 (" Security Blob Length extends beyond end of SMB"));
2764 }
2765 } else {
2766 cERROR(1, ("No session structure passed in."));
2767 }
2768 } else {
2769 cERROR(1,
2770 (" Invalid Word count %d: ",
2771 smb_buffer_response->WordCount));
2772 rc = -EIO;
2773 }
2774
2775 if (smb_buffer)
2776 cifs_buf_release(smb_buffer);
2777
2778 return rc;
2779}
2780static int
2781CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2782 char *ntlm_session_key, int ntlmv2_flag,
2783 const struct nls_table *nls_codepage)
2784{
2785 struct smb_hdr *smb_buffer;
2786 struct smb_hdr *smb_buffer_response;
2787 SESSION_SETUP_ANDX *pSMB;
2788 SESSION_SETUP_ANDX *pSMBr;
2789 char *bcc_ptr;
2790 char *user;
2791 char *domain;
2792 int rc = 0;
2793 int remaining_words = 0;
2794 int bytes_returned = 0;
2795 int len;
2796 int SecurityBlobLength = sizeof (AUTHENTICATE_MESSAGE);
2797 PAUTHENTICATE_MESSAGE SecurityBlob;
2798 __u32 negotiate_flags, capabilities;
2799 __u16 count;
2800
2801 cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
2802 if(ses == NULL)
2803 return -EINVAL;
2804 user = ses->userName;
2805 domain = ses->domainName;
2806 smb_buffer = cifs_buf_get();
2807 if (smb_buffer == NULL) {
2808 return -ENOMEM;
2809 }
2810 smb_buffer_response = smb_buffer;
2811 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2812 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2813
2814 /* send SMBsessionSetup here */
2815 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2816 NULL /* no tCon exists yet */ , 12 /* wct */ );
Steve French1982c342005-08-17 12:38:22 -0700[diff] [blame]2817
2818 smb_buffer->Mid = GetNextMid(ses->server);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2819 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2820 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2821 pSMB->req.AndXCommand = 0xFF;
2822 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2823 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2824
2825 pSMB->req.hdr.Uid = ses->Suid;
2826
2827 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2828 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2829
2830 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2831 CAP_EXTENDED_SECURITY;
2832 if (ses->capabilities & CAP_UNICODE) {
2833 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2834 capabilities |= CAP_UNICODE;
2835 }
2836 if (ses->capabilities & CAP_STATUS32) {
2837 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2838 capabilities |= CAP_STATUS32;
2839 }
2840 if (ses->capabilities & CAP_DFS) {
2841 smb_buffer->Flags2 |= SMBFLG2_DFS;
2842 capabilities |= CAP_DFS;
2843 }
2844 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2845
2846 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2847 SecurityBlob = (PAUTHENTICATE_MESSAGE) bcc_ptr;
2848 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2849 SecurityBlob->MessageType = NtLmAuthenticate;
2850 bcc_ptr += SecurityBlobLength;
2851 negotiate_flags =
2852 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
2853 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
2854 0x80000000 | NTLMSSP_NEGOTIATE_128;
2855 if(sign_CIFS_PDUs)
2856 negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
2857 if(ntlmv2_flag)
2858 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
2859
2860/* setup pointers to domain name and workstation name */
2861
2862 SecurityBlob->WorkstationName.Buffer = 0;
2863 SecurityBlob->WorkstationName.Length = 0;
2864 SecurityBlob->WorkstationName.MaximumLength = 0;
2865 SecurityBlob->SessionKey.Length = 0;
2866 SecurityBlob->SessionKey.MaximumLength = 0;
2867 SecurityBlob->SessionKey.Buffer = 0;
2868
2869 SecurityBlob->LmChallengeResponse.Length = 0;
2870 SecurityBlob->LmChallengeResponse.MaximumLength = 0;
2871 SecurityBlob->LmChallengeResponse.Buffer = 0;
2872
2873 SecurityBlob->NtChallengeResponse.Length =
2874 cpu_to_le16(CIFS_SESSION_KEY_SIZE);
2875 SecurityBlob->NtChallengeResponse.MaximumLength =
2876 cpu_to_le16(CIFS_SESSION_KEY_SIZE);
2877 memcpy(bcc_ptr, ntlm_session_key, CIFS_SESSION_KEY_SIZE);
2878 SecurityBlob->NtChallengeResponse.Buffer =
2879 cpu_to_le32(SecurityBlobLength);
2880 SecurityBlobLength += CIFS_SESSION_KEY_SIZE;
2881 bcc_ptr += CIFS_SESSION_KEY_SIZE;
2882
2883 if (ses->capabilities & CAP_UNICODE) {
2884 if (domain == NULL) {
2885 SecurityBlob->DomainName.Buffer = 0;
2886 SecurityBlob->DomainName.Length = 0;
2887 SecurityBlob->DomainName.MaximumLength = 0;
2888 } else {
2889 __u16 len =
2890 cifs_strtoUCS((wchar_t *) bcc_ptr, domain, 64,
2891 nls_codepage);
2892 len *= 2;
2893 SecurityBlob->DomainName.MaximumLength =
2894 cpu_to_le16(len);
2895 SecurityBlob->DomainName.Buffer =
2896 cpu_to_le32(SecurityBlobLength);
2897 bcc_ptr += len;
2898 SecurityBlobLength += len;
2899 SecurityBlob->DomainName.Length =
2900 cpu_to_le16(len);
2901 }
2902 if (user == NULL) {
2903 SecurityBlob->UserName.Buffer = 0;
2904 SecurityBlob->UserName.Length = 0;
2905 SecurityBlob->UserName.MaximumLength = 0;
2906 } else {
2907 __u16 len =
2908 cifs_strtoUCS((wchar_t *) bcc_ptr, user, 64,
2909 nls_codepage);
2910 len *= 2;
2911 SecurityBlob->UserName.MaximumLength =
2912 cpu_to_le16(len);
2913 SecurityBlob->UserName.Buffer =
2914 cpu_to_le32(SecurityBlobLength);
2915 bcc_ptr += len;
2916 SecurityBlobLength += len;
2917 SecurityBlob->UserName.Length =
2918 cpu_to_le16(len);
2919 }
2920
2921 /* SecurityBlob->WorkstationName.Length = cifs_strtoUCS((wchar_t *) bcc_ptr, "AMACHINE",64, nls_codepage);
2922 SecurityBlob->WorkstationName.Length *= 2;
2923 SecurityBlob->WorkstationName.MaximumLength = cpu_to_le16(SecurityBlob->WorkstationName.Length);
2924 SecurityBlob->WorkstationName.Buffer = cpu_to_le32(SecurityBlobLength);
2925 bcc_ptr += SecurityBlob->WorkstationName.Length;
2926 SecurityBlobLength += SecurityBlob->WorkstationName.Length;
2927 SecurityBlob->WorkstationName.Length = cpu_to_le16(SecurityBlob->WorkstationName.Length); */
2928
2929 if ((long) bcc_ptr % 2) {
2930 *bcc_ptr = 0;
2931 bcc_ptr++;
2932 }
2933 bytes_returned =
2934 cifs_strtoUCS((wchar_t *) bcc_ptr, "Linux version ",
2935 32, nls_codepage);
2936 bcc_ptr += 2 * bytes_returned;
2937 bytes_returned =
2938 cifs_strtoUCS((wchar_t *) bcc_ptr, system_utsname.release, 32,
2939 nls_codepage);
2940 bcc_ptr += 2 * bytes_returned;
2941 bcc_ptr += 2; /* null term version string */
2942 bytes_returned =
2943 cifs_strtoUCS((wchar_t *) bcc_ptr, CIFS_NETWORK_OPSYS,
2944 64, nls_codepage);
2945 bcc_ptr += 2 * bytes_returned;
2946 *(bcc_ptr + 1) = 0;
2947 *(bcc_ptr + 2) = 0;
2948 bcc_ptr += 2; /* null terminate network opsys string */
2949 *(bcc_ptr + 1) = 0;
2950 *(bcc_ptr + 2) = 0;
2951 bcc_ptr += 2; /* null domain */
2952 } else { /* ASCII */
2953 if (domain == NULL) {
2954 SecurityBlob->DomainName.Buffer = 0;
2955 SecurityBlob->DomainName.Length = 0;
2956 SecurityBlob->DomainName.MaximumLength = 0;
2957 } else {
2958 __u16 len;
2959 negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
2960 strncpy(bcc_ptr, domain, 63);
2961 len = strnlen(domain, 64);
2962 SecurityBlob->DomainName.MaximumLength =
2963 cpu_to_le16(len);
2964 SecurityBlob->DomainName.Buffer =
2965 cpu_to_le32(SecurityBlobLength);
2966 bcc_ptr += len;
2967 SecurityBlobLength += len;
2968 SecurityBlob->DomainName.Length = cpu_to_le16(len);
2969 }
2970 if (user == NULL) {
2971 SecurityBlob->UserName.Buffer = 0;
2972 SecurityBlob->UserName.Length = 0;
2973 SecurityBlob->UserName.MaximumLength = 0;
2974 } else {
2975 __u16 len;
2976 strncpy(bcc_ptr, user, 63);
2977 len = strnlen(user, 64);
2978 SecurityBlob->UserName.MaximumLength =
2979 cpu_to_le16(len);
2980 SecurityBlob->UserName.Buffer =
2981 cpu_to_le32(SecurityBlobLength);
2982 bcc_ptr += len;
2983 SecurityBlobLength += len;
2984 SecurityBlob->UserName.Length = cpu_to_le16(len);
2985 }
2986 /* BB fill in our workstation name if known BB */
2987
2988 strcpy(bcc_ptr, "Linux version ");
2989 bcc_ptr += strlen("Linux version ");
2990 strcpy(bcc_ptr, system_utsname.release);
2991 bcc_ptr += strlen(system_utsname.release) + 1;
2992 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2993 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2994 bcc_ptr++; /* null domain */
2995 *bcc_ptr = 0;
2996 }
2997 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2998 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2999 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
3000 smb_buffer->smb_buf_length += count;
3001 pSMB->req.ByteCount = cpu_to_le16(count);
3002
3003 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
3004 &bytes_returned, 1);
3005 if (rc) {
3006/* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
3007 } else if ((smb_buffer_response->WordCount == 3)
3008 || (smb_buffer_response->WordCount == 4)) {
3009 __u16 action = le16_to_cpu(pSMBr->resp.Action);
3010 __u16 blob_len =
3011 le16_to_cpu(pSMBr->resp.SecurityBlobLength);
3012 if (action & GUEST_LOGIN)
3013 cFYI(1, (" Guest login")); /* BB do we want to set anything in SesInfo struct ? */
3014/* if(SecurityBlob2->MessageType != NtLm??){
3015 cFYI("Unexpected message type on auth response is %d "));
3016 } */
3017 if (ses) {
3018 cFYI(1,
3019 ("Does UID on challenge %d match auth response UID %d ",
3020 ses->Suid, smb_buffer_response->Uid));
3021 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format */
3022 bcc_ptr = pByteArea(smb_buffer_response);
3023 /* response can have either 3 or 4 word count - Samba sends 3 */
3024 if ((pSMBr->resp.hdr.WordCount == 3)
3025 || ((pSMBr->resp.hdr.WordCount == 4)
3026 && (blob_len <
3027 pSMBr->resp.ByteCount))) {
3028 if (pSMBr->resp.hdr.WordCount == 4) {
3029 bcc_ptr +=
3030 blob_len;
3031 cFYI(1,
3032 ("Security Blob Length %d ",
3033 blob_len));
3034 }
3035
3036 cFYI(1,
3037 ("NTLMSSP response to Authenticate "));
3038
3039 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3040 if ((long) (bcc_ptr) % 2) {
3041 remaining_words =
3042 (BCC(smb_buffer_response)
3043 - 1) / 2;
3044 bcc_ptr++; /* Unicode strings must be word aligned */
3045 } else {
3046 remaining_words = BCC(smb_buffer_response) / 2;
3047 }
3048 len =
3049 UniStrnlen((wchar_t *) bcc_ptr,remaining_words - 1);
3050/* We look for obvious messed up bcc or strings in response so we do not go off
3051 the end since (at least) WIN2K and Windows XP have a major bug in not null
3052 terminating last Unicode string in response */
3053 ses->serverOS =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]3054 kcalloc(1, 2 * (len + 1), GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3055 cifs_strfromUCS_le(ses->serverOS,
3056 (wchar_t *)
3057 bcc_ptr, len,
3058 nls_codepage);
3059 bcc_ptr += 2 * (len + 1);
3060 remaining_words -= len + 1;
3061 ses->serverOS[2 * len] = 0;
3062 ses->serverOS[1 + (2 * len)] = 0;
3063 if (remaining_words > 0) {
3064 len = UniStrnlen((wchar_t *)
3065 bcc_ptr,
3066 remaining_words
3067 - 1);
3068 ses->serverNOS =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]3069 kcalloc(1, 2 * (len + 1),
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3070 GFP_KERNEL);
3071 cifs_strfromUCS_le(ses->
3072 serverNOS,
3073 (wchar_t *)
3074 bcc_ptr,
3075 len,
3076 nls_codepage);
3077 bcc_ptr += 2 * (len + 1);
3078 ses->serverNOS[2 * len] = 0;
3079 ses->serverNOS[1+(2*len)] = 0;
3080 remaining_words -= len + 1;
3081 if (remaining_words > 0) {
3082 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
3083 /* last string not always null terminated (e.g. for Windows XP & 2000) */
3084 ses->serverDomain =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]3085 kcalloc(1, 2 *
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3086 (len +
3087 1),
3088 GFP_KERNEL);
3089 cifs_strfromUCS_le
3090 (ses->
3091 serverDomain,
3092 (wchar_t *)
3093 bcc_ptr, len,
3094 nls_codepage);
3095 bcc_ptr +=
3096 2 * (len + 1);
3097 ses->
3098 serverDomain[2
3099 * len]
3100 = 0;
3101 ses->
3102 serverDomain[1
3103 +
3104 (2
3105 *
3106 len)]
3107 = 0;
3108 } /* else no more room so create dummy domain string */
3109 else
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]3110 ses->serverDomain = kcalloc(1, 2,GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3111 } else { /* no room so create dummy domain and NOS string */
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]3112 ses->serverDomain = kcalloc(1, 2, GFP_KERNEL);
3113 ses->serverNOS = kcalloc(1, 2, GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3114 }
3115 } else { /* ASCII */
3116 len = strnlen(bcc_ptr, 1024);
3117 if (((long) bcc_ptr + len) -
3118 (long) pByteArea(smb_buffer_response)
3119 <= BCC(smb_buffer_response)) {
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]3120 ses->serverOS = kcalloc(1, len + 1,GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3121 strncpy(ses->serverOS,bcc_ptr, len);
3122
3123 bcc_ptr += len;
3124 bcc_ptr[0] = 0; /* null terminate the string */
3125 bcc_ptr++;
3126
3127 len = strnlen(bcc_ptr, 1024);
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]3128 ses->serverNOS = kcalloc(1, len+1,GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3129 strncpy(ses->serverNOS, bcc_ptr, len);
3130 bcc_ptr += len;
3131 bcc_ptr[0] = 0;
3132 bcc_ptr++;
3133
3134 len = strnlen(bcc_ptr, 1024);
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]3135 ses->serverDomain = kcalloc(1, len+1,GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3136 strncpy(ses->serverDomain, bcc_ptr, len);
3137 bcc_ptr += len;
3138 bcc_ptr[0] = 0;
3139 bcc_ptr++;
3140 } else
3141 cFYI(1,
3142 ("Variable field of length %d extends beyond end of smb ",
3143 len));
3144 }
3145 } else {
3146 cERROR(1,
3147 (" Security Blob Length extends beyond end of SMB"));
3148 }
3149 } else {
3150 cERROR(1, ("No session structure passed in."));
3151 }
3152 } else {
3153 cERROR(1,
3154 (" Invalid Word count %d: ",
3155 smb_buffer_response->WordCount));
3156 rc = -EIO;
3157 }
3158
3159 if (smb_buffer)
3160 cifs_buf_release(smb_buffer);
3161
3162 return rc;
3163}
3164
3165int
3166CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3167 const char *tree, struct cifsTconInfo *tcon,
3168 const struct nls_table *nls_codepage)
3169{
3170 struct smb_hdr *smb_buffer;
3171 struct smb_hdr *smb_buffer_response;
3172 TCONX_REQ *pSMB;
3173 TCONX_RSP *pSMBr;
3174 unsigned char *bcc_ptr;
3175 int rc = 0;
3176 int length;
3177 __u16 count;
3178
3179 if (ses == NULL)
3180 return -EIO;
3181
3182 smb_buffer = cifs_buf_get();
3183 if (smb_buffer == NULL) {
3184 return -ENOMEM;
3185 }
3186 smb_buffer_response = smb_buffer;
3187
3188 header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3189 NULL /*no tid */ , 4 /*wct */ );
Steve French1982c342005-08-17 12:38:22 -0700[diff] [blame]3190
3191 smb_buffer->Mid = GetNextMid(ses->server);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3192 smb_buffer->Uid = ses->Suid;
3193 pSMB = (TCONX_REQ *) smb_buffer;
3194 pSMBr = (TCONX_RSP *) smb_buffer_response;
3195
3196 pSMB->AndXCommand = 0xFF;
3197 pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
3198 pSMB->PasswordLength = cpu_to_le16(1); /* minimum */
3199 bcc_ptr = &pSMB->Password[0];
3200 bcc_ptr++; /* skip password */
3201
3202 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3203 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3204
3205 if (ses->capabilities & CAP_STATUS32) {
3206 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3207 }
3208 if (ses->capabilities & CAP_DFS) {
3209 smb_buffer->Flags2 |= SMBFLG2_DFS;
3210 }
3211 if (ses->capabilities & CAP_UNICODE) {
3212 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3213 length =
3214 cifs_strtoUCS((wchar_t *) bcc_ptr, tree, 100, nls_codepage);
3215 bcc_ptr += 2 * length; /* convert num of 16 bit words to bytes */
3216 bcc_ptr += 2; /* skip trailing null */
3217 } else { /* ASCII */
3218
3219 strcpy(bcc_ptr, tree);
3220 bcc_ptr += strlen(tree) + 1;
3221 }
3222 strcpy(bcc_ptr, "?????");
3223 bcc_ptr += strlen("?????");
3224 bcc_ptr += 1;
3225 count = bcc_ptr - &pSMB->Password[0];
3226 pSMB->hdr.smb_buf_length += count;
3227 pSMB->ByteCount = cpu_to_le16(count);
3228
3229 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length, 0);
3230
3231 /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3232 /* above now done in SendReceive */
3233 if ((rc == 0) && (tcon != NULL)) {
3234 tcon->tidStatus = CifsGood;
3235 tcon->tid = smb_buffer_response->Tid;
3236 bcc_ptr = pByteArea(smb_buffer_response);
3237 length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2);
3238 /* skip service field (NB: this field is always ASCII) */
3239 bcc_ptr += length + 1;
3240 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3241 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3242 length = UniStrnlen((wchar_t *) bcc_ptr, 512);
3243 if ((bcc_ptr + (2 * length)) -
3244 pByteArea(smb_buffer_response) <=
3245 BCC(smb_buffer_response)) {
3246 if(tcon->nativeFileSystem)
3247 kfree(tcon->nativeFileSystem);
3248 tcon->nativeFileSystem =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]3249 kcalloc(1, length + 2, GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3250 cifs_strfromUCS_le(tcon->nativeFileSystem,
3251 (wchar_t *) bcc_ptr,
3252 length, nls_codepage);
3253 bcc_ptr += 2 * length;
3254 bcc_ptr[0] = 0; /* null terminate the string */
3255 bcc_ptr[1] = 0;
3256 bcc_ptr += 2;
3257 }
3258 /* else do not bother copying these informational fields */
3259 } else {
3260 length = strnlen(bcc_ptr, 1024);
3261 if ((bcc_ptr + length) -
3262 pByteArea(smb_buffer_response) <=
3263 BCC(smb_buffer_response)) {
3264 if(tcon->nativeFileSystem)
3265 kfree(tcon->nativeFileSystem);
3266 tcon->nativeFileSystem =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]3267 kcalloc(1, length + 1, GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3268 strncpy(tcon->nativeFileSystem, bcc_ptr,
3269 length);
3270 }
3271 /* else do not bother copying these informational fields */
3272 }
3273 tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3274 cFYI(1, ("Tcon flags: 0x%x ", tcon->Flags));
3275 } else if ((rc == 0) && tcon == NULL) {
3276 /* all we need to save for IPC$ connection */
3277 ses->ipc_tid = smb_buffer_response->Tid;
3278 }
3279
3280 if (smb_buffer)
3281 cifs_buf_release(smb_buffer);
3282 return rc;
3283}
3284
3285int
3286cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3287{
3288 int rc = 0;
3289 int xid;
3290 struct cifsSesInfo *ses = NULL;
3291 struct task_struct *cifsd_task;
3292
3293 xid = GetXid();
3294
3295 if (cifs_sb->tcon) {
3296 ses = cifs_sb->tcon->ses; /* save ptr to ses before delete tcon!*/
3297 rc = CIFSSMBTDis(xid, cifs_sb->tcon);
3298 if (rc == -EBUSY) {
3299 FreeXid(xid);
3300 return 0;
3301 }
3302 tconInfoFree(cifs_sb->tcon);
3303 if ((ses) && (ses->server)) {
3304 /* save off task so we do not refer to ses later */
3305 cifsd_task = ses->server->tsk;
3306 cFYI(1, ("About to do SMBLogoff "));
3307 rc = CIFSSMBLogoff(xid, ses);
3308 if (rc == -EBUSY) {
3309 FreeXid(xid);
3310 return 0;
3311 } else if (rc == -ESHUTDOWN) {
3312 cFYI(1,("Waking up socket by sending it signal"));
Steve Frenchf1914012005-08-18 09:37:34 -0700[diff] [blame]3313 if(cifsd_task) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3314 send_sig(SIGKILL,cifsd_task,1);
Steve Frenchf1914012005-08-18 09:37:34 -0700[diff] [blame]3315 wait_for_completion(&cifsd_complete);
3316 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3317 rc = 0;
3318 } /* else - we have an smb session
3319 left on this socket do not kill cifsd */
3320 } else
3321 cFYI(1, ("No session or bad tcon"));
3322 }
3323
3324 cifs_sb->tcon = NULL;
3325 if (ses) {
3326 set_current_state(TASK_INTERRUPTIBLE);
3327 schedule_timeout(HZ / 2);
3328 }
3329 if (ses)
3330 sesInfoFree(ses);
3331
3332 FreeXid(xid);
3333 return rc; /* BB check if we should always return zero here */
3334}
3335
3336int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
3337 struct nls_table * nls_info)
3338{
3339 int rc = 0;
3340 char ntlm_session_key[CIFS_SESSION_KEY_SIZE];
3341 int ntlmv2_flag = FALSE;
Steve Frenchad009ac2005-04-28 22:41:05 -0700[diff] [blame]3342 int first_time = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3343
3344 /* what if server changes its buffer size after dropping the session? */
3345 if(pSesInfo->server->maxBuf == 0) /* no need to send on reconnect */ {
3346 rc = CIFSSMBNegotiate(xid, pSesInfo);
3347 if(rc == -EAGAIN) /* retry only once on 1st time connection */ {
3348 rc = CIFSSMBNegotiate(xid, pSesInfo);
3349 if(rc == -EAGAIN)
3350 rc = -EHOSTDOWN;
3351 }
3352 if(rc == 0) {
3353 spin_lock(&GlobalMid_Lock);
3354 if(pSesInfo->server->tcpStatus != CifsExiting)
3355 pSesInfo->server->tcpStatus = CifsGood;
3356 else
3357 rc = -EHOSTDOWN;
3358 spin_unlock(&GlobalMid_Lock);
3359
3360 }
Steve Frenchad009ac2005-04-28 22:41:05 -0700[diff] [blame]3361 first_time = 1;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3362 }
3363 if (!rc) {
3364 pSesInfo->capabilities = pSesInfo->server->capabilities;
3365 if(linuxExtEnabled == 0)
3366 pSesInfo->capabilities &= (~CAP_UNIX);
Steve Frenchad009ac2005-04-28 22:41:05 -0700[diff] [blame]3367 /* pSesInfo->sequence_number = 0;*/
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3368 cFYI(1,("Security Mode: 0x%x Capabilities: 0x%x Time Zone: %d",
3369 pSesInfo->server->secMode,
3370 pSesInfo->server->capabilities,
3371 pSesInfo->server->timeZone));
3372 if (extended_security
3373 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3374 && (pSesInfo->server->secType == NTLMSSP)) {
3375 cFYI(1, ("New style sesssetup "));
3376 rc = CIFSSpnegoSessSetup(xid, pSesInfo,
3377 NULL /* security blob */,
3378 0 /* blob length */,
3379 nls_info);
3380 } else if (extended_security
3381 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3382 && (pSesInfo->server->secType == RawNTLMSSP)) {
3383 cFYI(1, ("NTLMSSP sesssetup "));
3384 rc = CIFSNTLMSSPNegotiateSessSetup(xid,
3385 pSesInfo,
3386 &ntlmv2_flag,
3387 nls_info);
3388 if (!rc) {
3389 if(ntlmv2_flag) {
3390 char * v2_response;
3391 cFYI(1,("Can use more secure NTLM version 2 password hash"));
3392 if(CalcNTLMv2_partial_mac_key(pSesInfo,
3393 nls_info)) {
3394 rc = -ENOMEM;
3395 goto ss_err_exit;
3396 } else
3397 v2_response = kmalloc(16 + 64 /* blob */, GFP_KERNEL);
3398 if(v2_response) {
3399 CalcNTLMv2_response(pSesInfo,v2_response);
Steve Frenchad009ac2005-04-28 22:41:05 -0700[diff] [blame]3400 /* if(first_time)
3401 cifs_calculate_ntlmv2_mac_key(
3402 pSesInfo->server->mac_signing_key,
3403 response, ntlm_session_key, */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3404 kfree(v2_response);
3405 /* BB Put dummy sig in SessSetup PDU? */
3406 } else {
3407 rc = -ENOMEM;
3408 goto ss_err_exit;
3409 }
3410
3411 } else {
3412 SMBNTencrypt(pSesInfo->password,
3413 pSesInfo->server->cryptKey,
3414 ntlm_session_key);
3415
Steve Frenchad009ac2005-04-28 22:41:05 -0700[diff] [blame]3416 if(first_time)
3417 cifs_calculate_mac_key(
3418 pSesInfo->server->mac_signing_key,
3419 ntlm_session_key,
3420 pSesInfo->password);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3421 }
3422 /* for better security the weaker lanman hash not sent
3423 in AuthSessSetup so we no longer calculate it */
3424
3425 rc = CIFSNTLMSSPAuthSessSetup(xid,
3426 pSesInfo,
3427 ntlm_session_key,
3428 ntlmv2_flag,
3429 nls_info);
3430 }
3431 } else { /* old style NTLM 0.12 session setup */
3432 SMBNTencrypt(pSesInfo->password,
3433 pSesInfo->server->cryptKey,
3434 ntlm_session_key);
3435
Steve Frenchad009ac2005-04-28 22:41:05 -0700[diff] [blame]3436 if(first_time)
3437 cifs_calculate_mac_key(
3438 pSesInfo->server->mac_signing_key,
3439 ntlm_session_key, pSesInfo->password);
3440
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3441 rc = CIFSSessSetup(xid, pSesInfo,
3442 ntlm_session_key, nls_info);
3443 }
3444 if (rc) {
3445 cERROR(1,("Send error in SessSetup = %d",rc));
3446 } else {
3447 cFYI(1,("CIFS Session Established successfully"));
3448 pSesInfo->status = CifsGood;
3449 }
3450 }
3451ss_err_exit:
3452 return rc;
3453}
3454