Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1 | /* |
| 2 | * fs/cifs/misc.c |
| 3 | * |
Steve French | 8345187 | 2005-12-01 17:12:59 -0800 | [diff] [blame] | 4 | * Copyright (C) International Business Machines Corp., 2002,2005 |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 5 | * Author(s): Steve French (sfrench@us.ibm.com) |
| 6 | * |
| 7 | * This library is free software; you can redistribute it and/or modify |
| 8 | * it under the terms of the GNU Lesser General Public License as published |
| 9 | * by the Free Software Foundation; either version 2.1 of the License, or |
| 10 | * (at your option) any later version. |
| 11 | * |
| 12 | * This library is distributed in the hope that it will be useful, |
| 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See |
| 15 | * the GNU Lesser General Public License for more details. |
| 16 | * |
| 17 | * You should have received a copy of the GNU Lesser General Public License |
| 18 | * along with this library; if not, write to the Free Software |
| 19 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
| 20 | */ |
| 21 | |
| 22 | #include <linux/slab.h> |
| 23 | #include <linux/ctype.h> |
| 24 | #include <linux/mempool.h> |
| 25 | #include "cifspdu.h" |
| 26 | #include "cifsglob.h" |
| 27 | #include "cifsproto.h" |
| 28 | #include "cifs_debug.h" |
| 29 | #include "smberr.h" |
| 30 | #include "nterr.h" |
Steve French | 6c91d36 | 2005-04-28 22:41:06 -0700 | [diff] [blame] | 31 | #include "cifs_unicode.h" |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 32 | |
| 33 | extern mempool_t *cifs_sm_req_poolp; |
| 34 | extern mempool_t *cifs_req_poolp; |
| 35 | extern struct task_struct * oplockThread; |
| 36 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 37 | /* The xid serves as a useful identifier for each incoming vfs request, |
| 38 | in a similar way to the mid which is useful to track each sent smb, |
| 39 | and CurrentXid can also provide a running counter (although it |
| 40 | will eventually wrap past zero) of the total vfs operations handled |
| 41 | since the cifs fs was mounted */ |
| 42 | |
| 43 | unsigned int |
| 44 | _GetXid(void) |
| 45 | { |
| 46 | unsigned int xid; |
| 47 | |
| 48 | spin_lock(&GlobalMid_Lock); |
| 49 | GlobalTotalActiveXid++; |
| 50 | if (GlobalTotalActiveXid > GlobalMaxActiveXid) |
| 51 | GlobalMaxActiveXid = GlobalTotalActiveXid; /* keep high water mark for number of simultaneous vfs ops in our filesystem */ |
Steve French | 1982c34 | 2005-08-17 12:38:22 -0700 | [diff] [blame] | 52 | if(GlobalTotalActiveXid > 65000) |
| 53 | cFYI(1,("warning: more than 65000 requests active")); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 54 | xid = GlobalCurrentXid++; |
| 55 | spin_unlock(&GlobalMid_Lock); |
| 56 | return xid; |
| 57 | } |
| 58 | |
| 59 | void |
| 60 | _FreeXid(unsigned int xid) |
| 61 | { |
| 62 | spin_lock(&GlobalMid_Lock); |
| 63 | /* if(GlobalTotalActiveXid == 0) |
| 64 | BUG(); */ |
| 65 | GlobalTotalActiveXid--; |
| 66 | spin_unlock(&GlobalMid_Lock); |
| 67 | } |
| 68 | |
| 69 | struct cifsSesInfo * |
| 70 | sesInfoAlloc(void) |
| 71 | { |
| 72 | struct cifsSesInfo *ret_buf; |
| 73 | |
| 74 | ret_buf = |
Eric Sesterhenn | a048d7a | 2006-02-21 22:33:09 +0000 | [diff] [blame] | 75 | (struct cifsSesInfo *) kzalloc(sizeof (struct cifsSesInfo), |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 76 | GFP_KERNEL); |
| 77 | if (ret_buf) { |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 78 | write_lock(&GlobalSMBSeslock); |
| 79 | atomic_inc(&sesInfoAllocCount); |
| 80 | ret_buf->status = CifsNew; |
| 81 | list_add(&ret_buf->cifsSessionList, &GlobalSMBSessionList); |
| 82 | init_MUTEX(&ret_buf->sesSem); |
| 83 | write_unlock(&GlobalSMBSeslock); |
| 84 | } |
| 85 | return ret_buf; |
| 86 | } |
| 87 | |
| 88 | void |
| 89 | sesInfoFree(struct cifsSesInfo *buf_to_free) |
| 90 | { |
| 91 | if (buf_to_free == NULL) { |
| 92 | cFYI(1, ("Null buffer passed to sesInfoFree")); |
| 93 | return; |
| 94 | } |
| 95 | |
| 96 | write_lock(&GlobalSMBSeslock); |
| 97 | atomic_dec(&sesInfoAllocCount); |
| 98 | list_del(&buf_to_free->cifsSessionList); |
| 99 | write_unlock(&GlobalSMBSeslock); |
Jesper Juhl | f99d49a | 2005-11-07 01:01:34 -0800 | [diff] [blame] | 100 | kfree(buf_to_free->serverOS); |
| 101 | kfree(buf_to_free->serverDomain); |
| 102 | kfree(buf_to_free->serverNOS); |
| 103 | kfree(buf_to_free->password); |
Steve French | 3979877 | 2006-05-31 22:40:51 +0000 | [diff] [blame] | 104 | kfree(buf_to_free->domainName); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 105 | kfree(buf_to_free); |
| 106 | } |
| 107 | |
| 108 | struct cifsTconInfo * |
| 109 | tconInfoAlloc(void) |
| 110 | { |
| 111 | struct cifsTconInfo *ret_buf; |
| 112 | ret_buf = |
Eric Sesterhenn | a048d7a | 2006-02-21 22:33:09 +0000 | [diff] [blame] | 113 | (struct cifsTconInfo *) kzalloc(sizeof (struct cifsTconInfo), |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 114 | GFP_KERNEL); |
| 115 | if (ret_buf) { |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 116 | write_lock(&GlobalSMBSeslock); |
| 117 | atomic_inc(&tconInfoAllocCount); |
| 118 | list_add(&ret_buf->cifsConnectionList, |
| 119 | &GlobalTreeConnectionList); |
| 120 | ret_buf->tidStatus = CifsNew; |
| 121 | INIT_LIST_HEAD(&ret_buf->openFileList); |
| 122 | init_MUTEX(&ret_buf->tconSem); |
| 123 | #ifdef CONFIG_CIFS_STATS |
| 124 | spin_lock_init(&ret_buf->stat_lock); |
| 125 | #endif |
| 126 | write_unlock(&GlobalSMBSeslock); |
| 127 | } |
| 128 | return ret_buf; |
| 129 | } |
| 130 | |
| 131 | void |
| 132 | tconInfoFree(struct cifsTconInfo *buf_to_free) |
| 133 | { |
| 134 | if (buf_to_free == NULL) { |
| 135 | cFYI(1, ("Null buffer passed to tconInfoFree")); |
| 136 | return; |
| 137 | } |
| 138 | write_lock(&GlobalSMBSeslock); |
| 139 | atomic_dec(&tconInfoAllocCount); |
| 140 | list_del(&buf_to_free->cifsConnectionList); |
| 141 | write_unlock(&GlobalSMBSeslock); |
Jesper Juhl | f99d49a | 2005-11-07 01:01:34 -0800 | [diff] [blame] | 142 | kfree(buf_to_free->nativeFileSystem); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 143 | kfree(buf_to_free); |
| 144 | } |
| 145 | |
| 146 | struct smb_hdr * |
| 147 | cifs_buf_get(void) |
| 148 | { |
| 149 | struct smb_hdr *ret_buf = NULL; |
| 150 | |
| 151 | /* We could use negotiated size instead of max_msgsize - |
| 152 | but it may be more efficient to always alloc same size |
| 153 | albeit slightly larger than necessary and maxbuffersize |
| 154 | defaults to this and can not be bigger */ |
| 155 | ret_buf = |
Christoph Lameter | e94b176 | 2006-12-06 20:33:17 -0800 | [diff] [blame] | 156 | (struct smb_hdr *) mempool_alloc(cifs_req_poolp, GFP_KERNEL | GFP_NOFS); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 157 | |
| 158 | /* clear the first few header bytes */ |
| 159 | /* for most paths, more is cleared in header_assemble */ |
| 160 | if (ret_buf) { |
| 161 | memset(ret_buf, 0, sizeof(struct smb_hdr) + 3); |
| 162 | atomic_inc(&bufAllocCount); |
Steve French | 4498eed5 | 2005-12-03 13:58:57 -0800 | [diff] [blame] | 163 | #ifdef CONFIG_CIFS_STATS2 |
| 164 | atomic_inc(&totBufAllocCount); |
| 165 | #endif /* CONFIG_CIFS_STATS2 */ |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 166 | } |
| 167 | |
| 168 | return ret_buf; |
| 169 | } |
| 170 | |
| 171 | void |
| 172 | cifs_buf_release(void *buf_to_free) |
| 173 | { |
| 174 | |
| 175 | if (buf_to_free == NULL) { |
| 176 | /* cFYI(1, ("Null buffer passed to cifs_buf_release"));*/ |
| 177 | return; |
| 178 | } |
| 179 | mempool_free(buf_to_free,cifs_req_poolp); |
| 180 | |
| 181 | atomic_dec(&bufAllocCount); |
| 182 | return; |
| 183 | } |
| 184 | |
| 185 | struct smb_hdr * |
| 186 | cifs_small_buf_get(void) |
| 187 | { |
| 188 | struct smb_hdr *ret_buf = NULL; |
| 189 | |
| 190 | /* We could use negotiated size instead of max_msgsize - |
| 191 | but it may be more efficient to always alloc same size |
| 192 | albeit slightly larger than necessary and maxbuffersize |
| 193 | defaults to this and can not be bigger */ |
| 194 | ret_buf = |
Christoph Lameter | e94b176 | 2006-12-06 20:33:17 -0800 | [diff] [blame] | 195 | (struct smb_hdr *) mempool_alloc(cifs_sm_req_poolp, GFP_KERNEL | GFP_NOFS); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 196 | if (ret_buf) { |
| 197 | /* No need to clear memory here, cleared in header assemble */ |
| 198 | /* memset(ret_buf, 0, sizeof(struct smb_hdr) + 27);*/ |
| 199 | atomic_inc(&smBufAllocCount); |
Steve French | 4498eed5 | 2005-12-03 13:58:57 -0800 | [diff] [blame] | 200 | #ifdef CONFIG_CIFS_STATS2 |
| 201 | atomic_inc(&totSmBufAllocCount); |
| 202 | #endif /* CONFIG_CIFS_STATS2 */ |
| 203 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 204 | } |
| 205 | return ret_buf; |
| 206 | } |
| 207 | |
| 208 | void |
| 209 | cifs_small_buf_release(void *buf_to_free) |
| 210 | { |
| 211 | |
| 212 | if (buf_to_free == NULL) { |
| 213 | cFYI(1, ("Null buffer passed to cifs_small_buf_release")); |
| 214 | return; |
| 215 | } |
| 216 | mempool_free(buf_to_free,cifs_sm_req_poolp); |
| 217 | |
| 218 | atomic_dec(&smBufAllocCount); |
| 219 | return; |
| 220 | } |
| 221 | |
Steve French | 1982c34 | 2005-08-17 12:38:22 -0700 | [diff] [blame] | 222 | /* |
| 223 | Find a free multiplex id (SMB mid). Otherwise there could be |
| 224 | mid collisions which might cause problems, demultiplexing the |
| 225 | wrong response to this request. Multiplex ids could collide if |
| 226 | one of a series requests takes much longer than the others, or |
| 227 | if a very large number of long lived requests (byte range |
| 228 | locks or FindNotify requests) are pending. No more than |
| 229 | 64K-1 requests can be outstanding at one time. If no |
| 230 | mids are available, return zero. A future optimization |
| 231 | could make the combination of mids and uid the key we use |
| 232 | to demultiplex on (rather than mid alone). |
| 233 | In addition to the above check, the cifs demultiplex |
| 234 | code already used the command code as a secondary |
| 235 | check of the frame and if signing is negotiated the |
| 236 | response would be discarded if the mid were the same |
| 237 | but the signature was wrong. Since the mid is not put in the |
| 238 | pending queue until later (when it is about to be dispatched) |
| 239 | we do have to limit the number of outstanding requests |
| 240 | to somewhat less than 64K-1 although it is hard to imagine |
| 241 | so many threads being in the vfs at one time. |
| 242 | */ |
| 243 | __u16 GetNextMid(struct TCP_Server_Info *server) |
| 244 | { |
| 245 | __u16 mid = 0; |
| 246 | __u16 last_mid; |
| 247 | int collision; |
| 248 | |
| 249 | if(server == NULL) |
| 250 | return mid; |
| 251 | |
| 252 | spin_lock(&GlobalMid_Lock); |
| 253 | last_mid = server->CurrentMid; /* we do not want to loop forever */ |
| 254 | server->CurrentMid++; |
| 255 | /* This nested loop looks more expensive than it is. |
| 256 | In practice the list of pending requests is short, |
| 257 | fewer than 50, and the mids are likely to be unique |
| 258 | on the first pass through the loop unless some request |
| 259 | takes longer than the 64 thousand requests before it |
| 260 | (and it would also have to have been a request that |
| 261 | did not time out) */ |
| 262 | while(server->CurrentMid != last_mid) { |
| 263 | struct list_head *tmp; |
| 264 | struct mid_q_entry *mid_entry; |
| 265 | |
| 266 | collision = 0; |
| 267 | if(server->CurrentMid == 0) |
| 268 | server->CurrentMid++; |
| 269 | |
| 270 | list_for_each(tmp, &server->pending_mid_q) { |
| 271 | mid_entry = list_entry(tmp, struct mid_q_entry, qhead); |
| 272 | |
| 273 | if ((mid_entry->mid == server->CurrentMid) && |
| 274 | (mid_entry->midState == MID_REQUEST_SUBMITTED)) { |
| 275 | /* This mid is in use, try a different one */ |
| 276 | collision = 1; |
| 277 | break; |
| 278 | } |
| 279 | } |
| 280 | if(collision == 0) { |
| 281 | mid = server->CurrentMid; |
| 282 | break; |
| 283 | } |
| 284 | server->CurrentMid++; |
| 285 | } |
| 286 | spin_unlock(&GlobalMid_Lock); |
| 287 | return mid; |
| 288 | } |
| 289 | |
| 290 | /* NB: MID can not be set if treeCon not passed in, in that |
| 291 | case it is responsbility of caller to set the mid */ |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 292 | void |
| 293 | header_assemble(struct smb_hdr *buffer, char smb_command /* command */ , |
| 294 | const struct cifsTconInfo *treeCon, int word_count |
| 295 | /* length of fixed section (word count) in two byte units */) |
| 296 | { |
| 297 | struct list_head* temp_item; |
| 298 | struct cifsSesInfo * ses; |
| 299 | char *temp = (char *) buffer; |
| 300 | |
Steve French | ec637e3 | 2005-12-12 20:53:18 -0800 | [diff] [blame] | 301 | memset(temp,0,256); /* bigger than MAX_CIFS_HDR_SIZE */ |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 302 | |
| 303 | buffer->smb_buf_length = |
| 304 | (2 * word_count) + sizeof (struct smb_hdr) - |
| 305 | 4 /* RFC 1001 length field does not count */ + |
| 306 | 2 /* for bcc field itself */ ; |
Steve French | 1982c34 | 2005-08-17 12:38:22 -0700 | [diff] [blame] | 307 | /* Note that this is the only network field that has to be converted |
| 308 | to big endian and it is done just before we send it */ |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 309 | |
| 310 | buffer->Protocol[0] = 0xFF; |
| 311 | buffer->Protocol[1] = 'S'; |
| 312 | buffer->Protocol[2] = 'M'; |
| 313 | buffer->Protocol[3] = 'B'; |
| 314 | buffer->Command = smb_command; |
| 315 | buffer->Flags = 0x00; /* case sensitive */ |
| 316 | buffer->Flags2 = SMBFLG2_KNOWS_LONG_NAMES; |
| 317 | buffer->Pid = cpu_to_le16((__u16)current->tgid); |
| 318 | buffer->PidHigh = cpu_to_le16((__u16)(current->tgid >> 16)); |
| 319 | spin_lock(&GlobalMid_Lock); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 320 | spin_unlock(&GlobalMid_Lock); |
| 321 | if (treeCon) { |
| 322 | buffer->Tid = treeCon->tid; |
| 323 | if (treeCon->ses) { |
| 324 | if (treeCon->ses->capabilities & CAP_UNICODE) |
| 325 | buffer->Flags2 |= SMBFLG2_UNICODE; |
| 326 | if (treeCon->ses->capabilities & CAP_STATUS32) { |
| 327 | buffer->Flags2 |= SMBFLG2_ERR_STATUS; |
| 328 | } |
Steve French | 1982c34 | 2005-08-17 12:38:22 -0700 | [diff] [blame] | 329 | /* Uid is not converted */ |
| 330 | buffer->Uid = treeCon->ses->Suid; |
| 331 | buffer->Mid = GetNextMid(treeCon->ses->server); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 332 | if(multiuser_mount != 0) { |
| 333 | /* For the multiuser case, there are few obvious technically */ |
| 334 | /* possible mechanisms to match the local linux user (uid) */ |
| 335 | /* to a valid remote smb user (smb_uid): */ |
| 336 | /* 1) Query Winbind (or other local pam/nss daemon */ |
| 337 | /* for userid/password/logon_domain or credential */ |
| 338 | /* 2) Query Winbind for uid to sid to username mapping */ |
| 339 | /* and see if we have a matching password for existing*/ |
| 340 | /* session for that user perhas getting password by */ |
| 341 | /* adding a new pam_cifs module that stores passwords */ |
| 342 | /* so that the cifs vfs can get at that for all logged*/ |
| 343 | /* on users */ |
| 344 | /* 3) (Which is the mechanism we have chosen) */ |
| 345 | /* Search through sessions to the same server for a */ |
| 346 | /* a match on the uid that was passed in on mount */ |
| 347 | /* with the current processes uid (or euid?) and use */ |
| 348 | /* that smb uid. If no existing smb session for */ |
| 349 | /* that uid found, use the default smb session ie */ |
| 350 | /* the smb session for the volume mounted which is */ |
| 351 | /* the same as would be used if the multiuser mount */ |
| 352 | /* flag were disabled. */ |
| 353 | |
| 354 | /* BB Add support for establishing new tCon and SMB Session */ |
| 355 | /* with userid/password pairs found on the smb session */ |
| 356 | /* for other target tcp/ip addresses BB */ |
Steve French | 8345187 | 2005-12-01 17:12:59 -0800 | [diff] [blame] | 357 | if(current->fsuid != treeCon->ses->linux_uid) { |
| 358 | cFYI(1,("Multiuser mode and UID did not match tcon uid")); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 359 | read_lock(&GlobalSMBSeslock); |
| 360 | list_for_each(temp_item, &GlobalSMBSessionList) { |
| 361 | ses = list_entry(temp_item, struct cifsSesInfo, cifsSessionList); |
Steve French | 8345187 | 2005-12-01 17:12:59 -0800 | [diff] [blame] | 362 | if(ses->linux_uid == current->fsuid) { |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 363 | if(ses->server == treeCon->ses->server) { |
| 364 | cFYI(1,("found matching uid substitute right smb_uid")); |
| 365 | buffer->Uid = ses->Suid; |
| 366 | break; |
| 367 | } else { |
| 368 | /* BB eventually call cifs_setup_session here */ |
| 369 | cFYI(1,("local UID found but smb sess with this server does not exist")); |
| 370 | } |
| 371 | } |
| 372 | } |
| 373 | read_unlock(&GlobalSMBSeslock); |
| 374 | } |
| 375 | } |
| 376 | } |
| 377 | if (treeCon->Flags & SMB_SHARE_IS_IN_DFS) |
| 378 | buffer->Flags2 |= SMBFLG2_DFS; |
Steve French | d3485d3 | 2005-08-19 11:04:29 -0700 | [diff] [blame] | 379 | if (treeCon->nocase) |
| 380 | buffer->Flags |= SMBFLG_CASELESS; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 381 | if((treeCon->ses) && (treeCon->ses->server)) |
| 382 | if(treeCon->ses->server->secMode & |
| 383 | (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) |
| 384 | buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE; |
| 385 | } |
| 386 | |
| 387 | /* endian conversion of flags is now done just before sending */ |
| 388 | buffer->WordCount = (char) word_count; |
| 389 | return; |
| 390 | } |
| 391 | |
Steve French | 2cd646a | 2006-09-28 19:43:08 +0000 | [diff] [blame] | 392 | static int |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 393 | checkSMBhdr(struct smb_hdr *smb, __u16 mid) |
| 394 | { |
| 395 | /* Make sure that this really is an SMB, that it is a response, |
| 396 | and that the message ids match */ |
| 397 | if ((*(__le32 *) smb->Protocol == cpu_to_le32(0x424d53ff)) && |
| 398 | (mid == smb->Mid)) { |
| 399 | if(smb->Flags & SMBFLG_RESPONSE) |
| 400 | return 0; |
| 401 | else { |
| 402 | /* only one valid case where server sends us request */ |
| 403 | if(smb->Command == SMB_COM_LOCKING_ANDX) |
| 404 | return 0; |
| 405 | else |
Steve French | 6ab16d2 | 2005-11-29 20:55:11 -0800 | [diff] [blame] | 406 | cERROR(1, ("Rcvd Request not response")); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 407 | } |
| 408 | } else { /* bad signature or mid */ |
| 409 | if (*(__le32 *) smb->Protocol != cpu_to_le32(0x424d53ff)) |
| 410 | cERROR(1, |
Steve French | 6ab16d2 | 2005-11-29 20:55:11 -0800 | [diff] [blame] | 411 | ("Bad protocol string signature header %x", |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 412 | *(unsigned int *) smb->Protocol)); |
| 413 | if (mid != smb->Mid) |
| 414 | cERROR(1, ("Mids do not match")); |
| 415 | } |
| 416 | cERROR(1, ("bad smb detected. The Mid=%d", smb->Mid)); |
| 417 | return 1; |
| 418 | } |
| 419 | |
| 420 | int |
Steve French | d103e16 | 2006-10-12 17:49:24 +0000 | [diff] [blame] | 421 | checkSMB(struct smb_hdr *smb, __u16 mid, unsigned int length) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 422 | { |
Steve French | 70ca734 | 2005-09-22 16:32:06 -0700 | [diff] [blame] | 423 | __u32 len = smb->smb_buf_length; |
Steve French | 190fdeb | 2005-10-10 11:48:26 -0700 | [diff] [blame] | 424 | __u32 clc_len; /* calculated length */ |
Steve French | 184ed21 | 2006-02-24 06:15:11 +0000 | [diff] [blame] | 425 | cFYI(0, ("checkSMB Length: 0x%x, smb_buf_length: 0x%x", length, len)); |
Steve French | d103e16 | 2006-10-12 17:49:24 +0000 | [diff] [blame] | 426 | |
| 427 | if (length < 2 + sizeof (struct smb_hdr)) { |
| 428 | if ((length >= sizeof (struct smb_hdr) - 1) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 429 | && (smb->Status.CifsError != 0)) { |
Steve French | d103e16 | 2006-10-12 17:49:24 +0000 | [diff] [blame] | 430 | smb->WordCount = 0; |
| 431 | /* some error cases do not return wct and bcc */ |
| 432 | return 0; |
| 433 | } else if ((length == sizeof(struct smb_hdr) + 1) && |
| 434 | (smb->WordCount == 0)) { |
| 435 | char * tmp = (char *)smb; |
| 436 | /* Need to work around a bug in two servers here */ |
| 437 | /* First, check if the part of bcc they sent was zero */ |
| 438 | if (tmp[sizeof(struct smb_hdr)] == 0) { |
| 439 | /* some servers return only half of bcc |
| 440 | * on simple responses (wct, bcc both zero) |
| 441 | * in particular have seen this on |
| 442 | * ulogoffX and FindClose. This leaves |
| 443 | * one byte of bcc potentially unitialized |
| 444 | */ |
| 445 | /* zero rest of bcc */ |
| 446 | tmp[sizeof(struct smb_hdr)+1] = 0; |
Steve French | 46c79a6 | 2006-03-02 00:07:08 +0000 | [diff] [blame] | 447 | return 0; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 448 | } |
Steve French | d103e16 | 2006-10-12 17:49:24 +0000 | [diff] [blame] | 449 | cERROR(1,("rcvd invalid byte count (bcc)")); |
| 450 | } else { |
| 451 | cERROR(1, ("Length less than smb header size")); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 452 | } |
Steve French | d103e16 | 2006-10-12 17:49:24 +0000 | [diff] [blame] | 453 | return 1; |
| 454 | } |
| 455 | if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) { |
| 456 | cERROR(1, ("smb length greater than MaxBufSize, mid=%d", |
Steve French | 184ed21 | 2006-02-24 06:15:11 +0000 | [diff] [blame] | 457 | smb->Mid)); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 458 | return 1; |
| 459 | } |
| 460 | |
| 461 | if (checkSMBhdr(smb, mid)) |
| 462 | return 1; |
Steve French | 190fdeb | 2005-10-10 11:48:26 -0700 | [diff] [blame] | 463 | clc_len = smbCalcSize_LE(smb); |
Steve French | 184ed21 | 2006-02-24 06:15:11 +0000 | [diff] [blame] | 464 | |
Steve French | d103e16 | 2006-10-12 17:49:24 +0000 | [diff] [blame] | 465 | if(4 + len != length) { |
Steve French | 184ed21 | 2006-02-24 06:15:11 +0000 | [diff] [blame] | 466 | cERROR(1, ("Length read does not match RFC1001 length %d",len)); |
| 467 | return 1; |
| 468 | } |
| 469 | |
| 470 | if (4 + len != clc_len) { |
| 471 | /* check if bcc wrapped around for large read responses */ |
| 472 | if((len > 64 * 1024) && (len > clc_len)) { |
| 473 | /* check if lengths match mod 64K */ |
| 474 | if(((4 + len) & 0xFFFF) == (clc_len & 0xFFFF)) |
| 475 | return 0; /* bcc wrapped */ |
| 476 | } |
Steve French | 46c79a6 | 2006-03-02 00:07:08 +0000 | [diff] [blame] | 477 | cFYI(1, ("Calculated size %d vs length %d mismatch for mid %d", |
| 478 | clc_len, 4 + len, smb->Mid)); |
Steve French | 190fdeb | 2005-10-10 11:48:26 -0700 | [diff] [blame] | 479 | /* Windows XP can return a few bytes too much, presumably |
| 480 | an illegal pad, at the end of byte range lock responses |
Steve French | 6ab16d2 | 2005-11-29 20:55:11 -0800 | [diff] [blame] | 481 | so we allow for that three byte pad, as long as actual |
Steve French | 190fdeb | 2005-10-10 11:48:26 -0700 | [diff] [blame] | 482 | received length is as long or longer than calculated length */ |
Steve French | 6ab16d2 | 2005-11-29 20:55:11 -0800 | [diff] [blame] | 483 | /* We have now had to extend this more, since there is a |
| 484 | case in which it needs to be bigger still to handle a |
| 485 | malformed response to transact2 findfirst from WinXP when |
| 486 | access denied is returned and thus bcc and wct are zero |
| 487 | but server says length is 0x21 bytes too long as if the server |
| 488 | forget to reset the smb rfc1001 length when it reset the |
| 489 | wct and bcc to minimum size and drop the t2 parms and data */ |
| 490 | if((4+len > clc_len) && (len <= clc_len + 512)) |
Steve French | 190fdeb | 2005-10-10 11:48:26 -0700 | [diff] [blame] | 491 | return 0; |
Steve French | 46c79a6 | 2006-03-02 00:07:08 +0000 | [diff] [blame] | 492 | else { |
| 493 | cERROR(1, ("RFC1001 size %d bigger than SMB for Mid=%d", |
| 494 | len, smb->Mid)); |
Steve French | 190fdeb | 2005-10-10 11:48:26 -0700 | [diff] [blame] | 495 | return 1; |
Steve French | 46c79a6 | 2006-03-02 00:07:08 +0000 | [diff] [blame] | 496 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 497 | } |
Steve French | 2096243 | 2005-09-21 22:05:57 -0700 | [diff] [blame] | 498 | return 0; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 499 | } |
| 500 | int |
Steve French | d7c8c94 | 2006-03-03 10:43:49 +0000 | [diff] [blame] | 501 | is_valid_oplock_break(struct smb_hdr *buf, struct TCP_Server_Info *srv) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 502 | { |
| 503 | struct smb_com_lock_req * pSMB = (struct smb_com_lock_req *)buf; |
| 504 | struct list_head *tmp; |
| 505 | struct list_head *tmp1; |
| 506 | struct cifsTconInfo *tcon; |
| 507 | struct cifsFileInfo *netfile; |
| 508 | |
| 509 | cFYI(1,("Checking for oplock break or dnotify response")); |
| 510 | if((pSMB->hdr.Command == SMB_COM_NT_TRANSACT) && |
| 511 | (pSMB->hdr.Flags & SMBFLG_RESPONSE)) { |
| 512 | struct smb_com_transaction_change_notify_rsp * pSMBr = |
| 513 | (struct smb_com_transaction_change_notify_rsp *)buf; |
| 514 | struct file_notify_information * pnotify; |
| 515 | __u32 data_offset = 0; |
| 516 | if(pSMBr->ByteCount > sizeof(struct file_notify_information)) { |
| 517 | data_offset = le32_to_cpu(pSMBr->DataOffset); |
| 518 | |
Steve French | 3979877 | 2006-05-31 22:40:51 +0000 | [diff] [blame] | 519 | pnotify = (struct file_notify_information *) |
| 520 | ((char *)&pSMBr->hdr.Protocol + data_offset); |
| 521 | cFYI(1,("dnotify on %s Action: 0x%x",pnotify->FileName, |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 522 | pnotify->Action)); /* BB removeme BB */ |
Steve French | 3979877 | 2006-05-31 22:40:51 +0000 | [diff] [blame] | 523 | /* cifs_dump_mem("Rcvd notify Data: ",buf, |
| 524 | sizeof(struct smb_hdr)+60); */ |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 525 | return TRUE; |
| 526 | } |
| 527 | if(pSMBr->hdr.Status.CifsError) { |
| 528 | cFYI(1,("notify err 0x%d",pSMBr->hdr.Status.CifsError)); |
| 529 | return TRUE; |
| 530 | } |
| 531 | return FALSE; |
| 532 | } |
| 533 | if(pSMB->hdr.Command != SMB_COM_LOCKING_ANDX) |
| 534 | return FALSE; |
| 535 | if(pSMB->hdr.Flags & SMBFLG_RESPONSE) { |
| 536 | /* no sense logging error on invalid handle on oplock |
| 537 | break - harmless race between close request and oplock |
| 538 | break response is expected from time to time writing out |
| 539 | large dirty files cached on the client */ |
| 540 | if ((NT_STATUS_INVALID_HANDLE) == |
| 541 | le32_to_cpu(pSMB->hdr.Status.CifsError)) { |
| 542 | cFYI(1,("invalid handle on oplock break")); |
| 543 | return TRUE; |
| 544 | } else if (ERRbadfid == |
| 545 | le16_to_cpu(pSMB->hdr.Status.DosError.Error)) { |
| 546 | return TRUE; |
| 547 | } else { |
| 548 | return FALSE; /* on valid oplock brk we get "request" */ |
| 549 | } |
| 550 | } |
| 551 | if(pSMB->hdr.WordCount != 8) |
| 552 | return FALSE; |
| 553 | |
| 554 | cFYI(1,(" oplock type 0x%d level 0x%d",pSMB->LockType,pSMB->OplockLevel)); |
| 555 | if(!(pSMB->LockType & LOCKING_ANDX_OPLOCK_RELEASE)) |
| 556 | return FALSE; |
| 557 | |
| 558 | /* look up tcon based on tid & uid */ |
| 559 | read_lock(&GlobalSMBSeslock); |
| 560 | list_for_each(tmp, &GlobalTreeConnectionList) { |
| 561 | tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList); |
Steve French | d7c8c94 | 2006-03-03 10:43:49 +0000 | [diff] [blame] | 562 | if ((tcon->tid == buf->Tid) && (srv == tcon->ses->server)) { |
Steve French | a4544347 | 2005-08-24 13:59:35 -0700 | [diff] [blame] | 563 | cifs_stats_inc(&tcon->num_oplock_brks); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 564 | list_for_each(tmp1,&tcon->openFileList){ |
Steve French | 57337e4 | 2005-04-28 22:41:10 -0700 | [diff] [blame] | 565 | netfile = list_entry(tmp1,struct cifsFileInfo, |
| 566 | tlist); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 567 | if(pSMB->Fid == netfile->netfid) { |
| 568 | struct cifsInodeInfo *pCifsInode; |
| 569 | read_unlock(&GlobalSMBSeslock); |
Steve French | 57337e4 | 2005-04-28 22:41:10 -0700 | [diff] [blame] | 570 | cFYI(1,("file id match, oplock break")); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 571 | pCifsInode = |
| 572 | CIFS_I(netfile->pInode); |
| 573 | pCifsInode->clientCanCacheAll = FALSE; |
| 574 | if(pSMB->OplockLevel == 0) |
Steve French | 57337e4 | 2005-04-28 22:41:10 -0700 | [diff] [blame] | 575 | pCifsInode->clientCanCacheRead |
| 576 | = FALSE; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 577 | pCifsInode->oplockPending = TRUE; |
Steve French | 57337e4 | 2005-04-28 22:41:10 -0700 | [diff] [blame] | 578 | AllocOplockQEntry(netfile->pInode, |
| 579 | netfile->netfid, |
| 580 | tcon); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 581 | cFYI(1,("about to wake up oplock thd")); |
Steve French | 57337e4 | 2005-04-28 22:41:10 -0700 | [diff] [blame] | 582 | if(oplockThread) |
| 583 | wake_up_process(oplockThread); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 584 | return TRUE; |
| 585 | } |
| 586 | } |
| 587 | read_unlock(&GlobalSMBSeslock); |
Steve French | 57337e4 | 2005-04-28 22:41:10 -0700 | [diff] [blame] | 588 | cFYI(1,("No matching file for oplock break")); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 589 | return TRUE; |
| 590 | } |
| 591 | } |
| 592 | read_unlock(&GlobalSMBSeslock); |
| 593 | cFYI(1,("Can not process oplock break for non-existent connection")); |
| 594 | return TRUE; |
| 595 | } |
| 596 | |
| 597 | void |
| 598 | dump_smb(struct smb_hdr *smb_buf, int smb_buf_length) |
| 599 | { |
| 600 | int i, j; |
| 601 | char debug_line[17]; |
| 602 | unsigned char *buffer; |
| 603 | |
| 604 | if (traceSMB == 0) |
| 605 | return; |
| 606 | |
| 607 | buffer = (unsigned char *) smb_buf; |
| 608 | for (i = 0, j = 0; i < smb_buf_length; i++, j++) { |
Steve French | 57337e4 | 2005-04-28 22:41:10 -0700 | [diff] [blame] | 609 | if (i % 8 == 0) { /* have reached the beginning of line */ |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 610 | printk(KERN_DEBUG "| "); |
| 611 | j = 0; |
| 612 | } |
| 613 | printk("%0#4x ", buffer[i]); |
| 614 | debug_line[2 * j] = ' '; |
| 615 | if (isprint(buffer[i])) |
| 616 | debug_line[1 + (2 * j)] = buffer[i]; |
| 617 | else |
| 618 | debug_line[1 + (2 * j)] = '_'; |
| 619 | |
Steve French | 57337e4 | 2005-04-28 22:41:10 -0700 | [diff] [blame] | 620 | if (i % 8 == 7) { /* reached end of line, time to print ascii */ |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 621 | debug_line[16] = 0; |
| 622 | printk(" | %s\n", debug_line); |
| 623 | } |
| 624 | } |
| 625 | for (; j < 8; j++) { |
| 626 | printk(" "); |
| 627 | debug_line[2 * j] = ' '; |
| 628 | debug_line[1 + (2 * j)] = ' '; |
| 629 | } |
| 630 | printk( " | %s\n", debug_line); |
| 631 | return; |
| 632 | } |
Steve French | 6a0b482 | 2005-04-28 22:41:05 -0700 | [diff] [blame] | 633 | |
Steve French | 6a0b482 | 2005-04-28 22:41:05 -0700 | [diff] [blame] | 634 | /* Windows maps these to the user defined 16 bit Unicode range since they are |
| 635 | reserved symbols (along with \ and /), otherwise illegal to store |
| 636 | in filenames in NTFS */ |
Steve French | d072471 | 2005-04-28 22:41:06 -0700 | [diff] [blame] | 637 | #define UNI_ASTERIK (__u16) ('*' + 0xF000) |
| 638 | #define UNI_QUESTION (__u16) ('?' + 0xF000) |
| 639 | #define UNI_COLON (__u16) (':' + 0xF000) |
| 640 | #define UNI_GRTRTHAN (__u16) ('>' + 0xF000) |
| 641 | #define UNI_LESSTHAN (__u16) ('<' + 0xF000) |
| 642 | #define UNI_PIPE (__u16) ('|' + 0xF000) |
| 643 | #define UNI_SLASH (__u16) ('\\' + 0xF000) |
Steve French | 6a0b482 | 2005-04-28 22:41:05 -0700 | [diff] [blame] | 644 | |
| 645 | /* Convert 16 bit Unicode pathname from wire format to string in current code |
| 646 | page. Conversion may involve remapping up the seven characters that are |
| 647 | only legal in POSIX-like OS (if they are present in the string). Path |
| 648 | names are little endian 16 bit Unicode on the wire */ |
| 649 | int |
| 650 | cifs_convertUCSpath(char *target, const __le16 * source, int maxlen, |
| 651 | const struct nls_table * cp) |
| 652 | { |
| 653 | int i,j,len; |
Steve French | d072471 | 2005-04-28 22:41:06 -0700 | [diff] [blame] | 654 | __u16 src_char; |
Steve French | 6a0b482 | 2005-04-28 22:41:05 -0700 | [diff] [blame] | 655 | |
| 656 | for(i = 0, j = 0; i < maxlen; i++) { |
| 657 | src_char = le16_to_cpu(source[i]); |
| 658 | switch (src_char) { |
| 659 | case 0: |
| 660 | goto cUCS_out; /* BB check this BB */ |
| 661 | case UNI_COLON: |
| 662 | target[j] = ':'; |
| 663 | break; |
| 664 | case UNI_ASTERIK: |
| 665 | target[j] = '*'; |
| 666 | break; |
| 667 | case UNI_QUESTION: |
| 668 | target[j] = '?'; |
| 669 | break; |
Steve French | 6c91d36 | 2005-04-28 22:41:06 -0700 | [diff] [blame] | 670 | /* BB We can not handle remapping slash until |
| 671 | all the calls to build_path_from_dentry |
| 672 | are modified, as they use slash as separator BB */ |
| 673 | /* case UNI_SLASH: |
| 674 | target[j] = '\\'; |
| 675 | break;*/ |
Steve French | 6a0b482 | 2005-04-28 22:41:05 -0700 | [diff] [blame] | 676 | case UNI_PIPE: |
| 677 | target[j] = '|'; |
| 678 | break; |
| 679 | case UNI_GRTRTHAN: |
| 680 | target[j] = '>'; |
| 681 | break; |
| 682 | case UNI_LESSTHAN: |
| 683 | target[j] = '<'; |
Steve French | 67594fe | 2005-05-17 13:04:49 -0500 | [diff] [blame] | 684 | break; |
Steve French | 6a0b482 | 2005-04-28 22:41:05 -0700 | [diff] [blame] | 685 | default: |
| 686 | len = cp->uni2char(src_char, &target[j], |
| 687 | NLS_MAX_CHARSET_SIZE); |
| 688 | if(len > 0) { |
| 689 | j += len; |
| 690 | continue; |
| 691 | } else { |
| 692 | target[j] = '?'; |
| 693 | } |
| 694 | } |
| 695 | j++; |
Steve French | 57337e4 | 2005-04-28 22:41:10 -0700 | [diff] [blame] | 696 | /* make sure we do not overrun callers allocated temp buffer */ |
Steve French | 6a0b482 | 2005-04-28 22:41:05 -0700 | [diff] [blame] | 697 | if(j >= (2 * NAME_MAX)) |
| 698 | break; |
| 699 | } |
| 700 | cUCS_out: |
| 701 | target[j] = 0; |
| 702 | return j; |
| 703 | } |
Steve French | 6c91d36 | 2005-04-28 22:41:06 -0700 | [diff] [blame] | 704 | |
| 705 | /* Convert 16 bit Unicode pathname to wire format from string in current code |
| 706 | page. Conversion may involve remapping up the seven characters that are |
| 707 | only legal in POSIX-like OS (if they are present in the string). Path |
| 708 | names are little endian 16 bit Unicode on the wire */ |
| 709 | int |
| 710 | cifsConvertToUCS(__le16 * target, const char *source, int maxlen, |
| 711 | const struct nls_table * cp, int mapChars) |
| 712 | { |
| 713 | int i,j,charlen; |
| 714 | int len_remaining = maxlen; |
| 715 | char src_char; |
Steve French | 70ca734 | 2005-09-22 16:32:06 -0700 | [diff] [blame] | 716 | __u16 temp; |
Steve French | 6c91d36 | 2005-04-28 22:41:06 -0700 | [diff] [blame] | 717 | |
| 718 | if(!mapChars) |
Steve French | e89dc92 | 2005-11-11 15:18:19 -0800 | [diff] [blame] | 719 | return cifs_strtoUCS(target, source, PATH_MAX, cp); |
Steve French | 6c91d36 | 2005-04-28 22:41:06 -0700 | [diff] [blame] | 720 | |
| 721 | for(i = 0, j = 0; i < maxlen; j++) { |
| 722 | src_char = source[i]; |
| 723 | switch (src_char) { |
| 724 | case 0: |
Steve French | f4cfd69 | 2005-07-14 18:29:02 -0500 | [diff] [blame] | 725 | target[j] = 0; |
Steve French | 6c91d36 | 2005-04-28 22:41:06 -0700 | [diff] [blame] | 726 | goto ctoUCS_out; |
| 727 | case ':': |
| 728 | target[j] = cpu_to_le16(UNI_COLON); |
| 729 | break; |
| 730 | case '*': |
| 731 | target[j] = cpu_to_le16(UNI_ASTERIK); |
| 732 | break; |
| 733 | case '?': |
| 734 | target[j] = cpu_to_le16(UNI_QUESTION); |
| 735 | break; |
| 736 | case '<': |
| 737 | target[j] = cpu_to_le16(UNI_LESSTHAN); |
| 738 | break; |
| 739 | case '>': |
| 740 | target[j] = cpu_to_le16(UNI_GRTRTHAN); |
| 741 | break; |
| 742 | case '|': |
| 743 | target[j] = cpu_to_le16(UNI_PIPE); |
| 744 | break; |
| 745 | /* BB We can not handle remapping slash until |
| 746 | all the calls to build_path_from_dentry |
| 747 | are modified, as they use slash as separator BB */ |
| 748 | /* case '\\': |
| 749 | target[j] = cpu_to_le16(UNI_SLASH); |
| 750 | break;*/ |
| 751 | default: |
| 752 | charlen = cp->char2uni(source+i, |
Steve French | 70ca734 | 2005-09-22 16:32:06 -0700 | [diff] [blame] | 753 | len_remaining, &temp); |
Steve French | 6c91d36 | 2005-04-28 22:41:06 -0700 | [diff] [blame] | 754 | /* if no match, use question mark, which |
| 755 | at least in some cases servers as wild card */ |
| 756 | if(charlen < 1) { |
| 757 | target[j] = cpu_to_le16(0x003f); |
| 758 | charlen = 1; |
Steve French | 70ca734 | 2005-09-22 16:32:06 -0700 | [diff] [blame] | 759 | } else |
| 760 | target[j] = cpu_to_le16(temp); |
Steve French | 6c91d36 | 2005-04-28 22:41:06 -0700 | [diff] [blame] | 761 | len_remaining -= charlen; |
| 762 | /* character may take more than one byte in the |
| 763 | the source string, but will take exactly two |
| 764 | bytes in the target string */ |
| 765 | i+= charlen; |
| 766 | continue; |
| 767 | } |
| 768 | i++; /* move to next char in source string */ |
| 769 | len_remaining--; |
| 770 | } |
| 771 | |
| 772 | ctoUCS_out: |
| 773 | return i; |
| 774 | } |