Gitiles
Code Review Sign In
review.evervolv.com / android_kernel_oneplus_sm8150 / 16abbecdad3367c76c12537450eba0d86943fe2c / . / fs / cifs / connect.c
blob: 134195cc40731c0530160cb8497b17e6a53b51d0 [file] [log] [blame]
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1/*
2 * fs/cifs/connect.c
3 *
Steve Frenchb8643e12005-04-28 22:41:07 -0700[diff] [blame]4 * Copyright (C) International Business Machines Corp., 2002,2005
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]5 * Author(s): Steve French (sfrench@us.ibm.com)
6 *
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
21#include <linux/fs.h>
22#include <linux/net.h>
23#include <linux/string.h>
24#include <linux/list.h>
25#include <linux/wait.h>
26#include <linux/ipv6.h>
27#include <linux/pagemap.h>
28#include <linux/ctype.h>
29#include <linux/utsname.h>
30#include <linux/mempool.h>
Steve Frenchb8643e12005-04-28 22:41:07 -0700[diff] [blame]31#include <linux/delay.h>
Steve Frenchf1914012005-08-18 09:37:34 -0700[diff] [blame]32#include <linux/completion.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]33#include <asm/uaccess.h>
34#include <asm/processor.h>
35#include "cifspdu.h"
36#include "cifsglob.h"
37#include "cifsproto.h"
38#include "cifs_unicode.h"
39#include "cifs_debug.h"
40#include "cifs_fs_sb.h"
41#include "ntlmssp.h"
42#include "nterr.h"
43#include "rfc1002pdu.h"
44
45#define CIFS_PORT 445
46#define RFC1001_PORT 139
47
Steve Frenchf1914012005-08-18 09:37:34 -0700[diff] [blame]48static DECLARE_COMPLETION(cifsd_complete);
49
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]50extern void SMBencrypt(unsigned char *passwd, unsigned char *c8,
51 unsigned char *p24);
52extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
53 unsigned char *p24);
54
55extern mempool_t *cifs_req_poolp;
56
57struct smb_vol {
58 char *username;
59 char *password;
60 char *domainname;
61 char *UNC;
62 char *UNCip;
63 char *in6_addr; /* ipv6 address as human readable form of in6_addr */
64 char *iocharset; /* local code page for mapping to and from Unicode */
65 char source_rfc1001_name[16]; /* netbios name of client */
Steve Frencha10faeb22005-08-22 21:38:31 -0700[diff] [blame]66 char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]67 uid_t linux_uid;
68 gid_t linux_gid;
69 mode_t file_mode;
70 mode_t dir_mode;
71 unsigned rw:1;
72 unsigned retry:1;
73 unsigned intr:1;
74 unsigned setuids:1;
75 unsigned noperm:1;
76 unsigned no_psx_acl:1; /* set if posix acl support should be disabled */
77 unsigned no_xattr:1; /* set if xattr (EA) support should be disabled*/
78 unsigned server_ino:1; /* use inode numbers from server ie UniqueId */
79 unsigned direct_io:1;
Steve French6a0b4822005-04-28 22:41:05 -0700[diff] [blame]80 unsigned remap:1; /* set to remap seven reserved chars in filenames */
Jeremy Allisonac670552005-06-22 17:26:35 -0700[diff] [blame]81 unsigned posix_paths:1; /* unset to not ask for posix pathnames. */
Steve Frenchd7245c22005-07-14 18:25:12 -0500[diff] [blame]82 unsigned sfu_emul:1;
Steve Frenchc46fa8a2005-08-18 20:49:57 -0700[diff] [blame]83 unsigned nocase; /* request case insensitive filenames */
84 unsigned nobrl; /* disable sending byte range locks to srv */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]85 unsigned int rsize;
86 unsigned int wsize;
87 unsigned int sockopt;
88 unsigned short int port;
89};
90
91static int ipv4_connect(struct sockaddr_in *psin_server,
92 struct socket **csocket,
Steve Frencha10faeb22005-08-22 21:38:31 -0700[diff] [blame]93 char * netb_name,
94 char * server_netb_name);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]95static int ipv6_connect(struct sockaddr_in6 *psin_server,
96 struct socket **csocket);
97
98
99 /*
100 * cifs tcp session reconnection
101 *
102 * mark tcp session as reconnecting so temporarily locked
103 * mark all smb sessions as reconnecting for tcp session
104 * reconnect tcp session
105 * wake up waiters on reconnection? - (not needed currently)
106 */
107
108int
109cifs_reconnect(struct TCP_Server_Info *server)
110{
111 int rc = 0;
112 struct list_head *tmp;
113 struct cifsSesInfo *ses;
114 struct cifsTconInfo *tcon;
115 struct mid_q_entry * mid_entry;
116
117 spin_lock(&GlobalMid_Lock);
118 if(server->tcpStatus == CifsExiting) {
119 /* the demux thread will exit normally
120 next time through the loop */
121 spin_unlock(&GlobalMid_Lock);
122 return rc;
123 } else
124 server->tcpStatus = CifsNeedReconnect;
125 spin_unlock(&GlobalMid_Lock);
126 server->maxBuf = 0;
127
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]128 cFYI(1, ("Reconnecting tcp session"));
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]129
130 /* before reconnecting the tcp session, mark the smb session (uid)
131 and the tid bad so they are not used until reconnected */
132 read_lock(&GlobalSMBSeslock);
133 list_for_each(tmp, &GlobalSMBSessionList) {
134 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
135 if (ses->server) {
136 if (ses->server == server) {
137 ses->status = CifsNeedReconnect;
138 ses->ipc_tid = 0;
139 }
140 }
141 /* else tcp and smb sessions need reconnection */
142 }
143 list_for_each(tmp, &GlobalTreeConnectionList) {
144 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
145 if((tcon) && (tcon->ses) && (tcon->ses->server == server)) {
146 tcon->tidStatus = CifsNeedReconnect;
147 }
148 }
149 read_unlock(&GlobalSMBSeslock);
150 /* do not want to be sending data on a socket we are freeing */
151 down(&server->tcpSem);
152 if(server->ssocket) {
153 cFYI(1,("State: 0x%x Flags: 0x%lx", server->ssocket->state,
154 server->ssocket->flags));
155 server->ssocket->ops->shutdown(server->ssocket,SEND_SHUTDOWN);
156 cFYI(1,("Post shutdown state: 0x%x Flags: 0x%lx", server->ssocket->state,
157 server->ssocket->flags));
158 sock_release(server->ssocket);
159 server->ssocket = NULL;
160 }
161
162 spin_lock(&GlobalMid_Lock);
163 list_for_each(tmp, &server->pending_mid_q) {
164 mid_entry = list_entry(tmp, struct
165 mid_q_entry,
166 qhead);
167 if(mid_entry) {
168 if(mid_entry->midState == MID_REQUEST_SUBMITTED) {
Steve French09d1db52005-04-28 22:41:08 -0700[diff] [blame]169 /* Mark other intransit requests as needing
170 retry so we do not immediately mark the
171 session bad again (ie after we reconnect
172 below) as they timeout too */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]173 mid_entry->midState = MID_RETRY_NEEDED;
174 }
175 }
176 }
177 spin_unlock(&GlobalMid_Lock);
178 up(&server->tcpSem);
179
180 while ((server->tcpStatus != CifsExiting) && (server->tcpStatus != CifsGood))
181 {
182 if(server->protocolType == IPV6) {
183 rc = ipv6_connect(&server->addr.sockAddr6,&server->ssocket);
184 } else {
185 rc = ipv4_connect(&server->addr.sockAddr,
186 &server->ssocket,
Steve Frencha10faeb22005-08-22 21:38:31 -0700[diff] [blame]187 server->workstation_RFC1001_name,
188 server->server_RFC1001_name);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]189 }
190 if(rc) {
Steve French0cb766a2005-04-28 22:41:11 -0700[diff] [blame]191 msleep(3000);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]192 } else {
193 atomic_inc(&tcpSesReconnectCount);
194 spin_lock(&GlobalMid_Lock);
195 if(server->tcpStatus != CifsExiting)
196 server->tcpStatus = CifsGood;
Steve Frenchad009ac2005-04-28 22:41:05 -0700[diff] [blame]197 server->sequence_number = 0;
198 spin_unlock(&GlobalMid_Lock);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]199 /* atomic_set(&server->inFlight,0);*/
200 wake_up(&server->response_q);
201 }
202 }
203 return rc;
204}
205
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]206/*
207 return codes:
208 0 not a transact2, or all data present
209 >0 transact2 with that much data missing
210 -EINVAL = invalid transact2
211
212 */
213static int check2ndT2(struct smb_hdr * pSMB, unsigned int maxBufSize)
214{
215 struct smb_t2_rsp * pSMBt;
216 int total_data_size;
217 int data_in_this_rsp;
218 int remaining;
219
220 if(pSMB->Command != SMB_COM_TRANSACTION2)
221 return 0;
222
223 /* check for plausible wct, bcc and t2 data and parm sizes */
224 /* check for parm and data offset going beyond end of smb */
225 if(pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
226 cFYI(1,("invalid transact2 word count"));
227 return -EINVAL;
228 }
229
230 pSMBt = (struct smb_t2_rsp *)pSMB;
231
232 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
233 data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
234
235 remaining = total_data_size - data_in_this_rsp;
236
237 if(remaining == 0)
238 return 0;
239 else if(remaining < 0) {
240 cFYI(1,("total data %d smaller than data in frame %d",
241 total_data_size, data_in_this_rsp));
242 return -EINVAL;
243 } else {
244 cFYI(1,("missing %d bytes from transact2, check next response",
245 remaining));
246 if(total_data_size > maxBufSize) {
247 cERROR(1,("TotalDataSize %d is over maximum buffer %d",
248 total_data_size,maxBufSize));
249 return -EINVAL;
250 }
251 return remaining;
252 }
253}
254
255static int coalesce_t2(struct smb_hdr * psecond, struct smb_hdr *pTargetSMB)
256{
257 struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
258 struct smb_t2_rsp *pSMBt = (struct smb_t2_rsp *)pTargetSMB;
259 int total_data_size;
260 int total_in_buf;
261 int remaining;
262 int total_in_buf2;
263 char * data_area_of_target;
264 char * data_area_of_buf2;
265 __u16 byte_count;
266
267 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
268
269 if(total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
270 cFYI(1,("total data sizes of primary and secondary t2 differ"));
271 }
272
273 total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
274
275 remaining = total_data_size - total_in_buf;
276
277 if(remaining < 0)
278 return -EINVAL;
279
280 if(remaining == 0) /* nothing to do, ignore */
281 return 0;
282
283 total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
284 if(remaining < total_in_buf2) {
285 cFYI(1,("transact2 2nd response contains too much data"));
286 }
287
288 /* find end of first SMB data area */
289 data_area_of_target = (char *)&pSMBt->hdr.Protocol +
290 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
291 /* validate target area */
292
293 data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
294 le16_to_cpu(pSMB2->t2_rsp.DataOffset);
295
296 data_area_of_target += total_in_buf;
297
298 /* copy second buffer into end of first buffer */
299 memcpy(data_area_of_target,data_area_of_buf2,total_in_buf2);
300 total_in_buf += total_in_buf2;
301 pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
302 byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
303 byte_count += total_in_buf2;
304 BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
305
306 byte_count = be32_to_cpu(pTargetSMB->smb_buf_length);
307 byte_count += total_in_buf2;
308
309 /* BB also add check that we are not beyond maximum buffer size */
310
311 pTargetSMB->smb_buf_length = cpu_to_be32(byte_count);
312
313 if(remaining == total_in_buf2) {
314 cFYI(1,("found the last secondary response"));
315 return 0; /* we are done */
316 } else /* more responses to go */
317 return 1;
318
319}
320
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]321static int
322cifs_demultiplex_thread(struct TCP_Server_Info *server)
323{
324 int length;
325 unsigned int pdu_length, total_read;
326 struct smb_hdr *smb_buffer = NULL;
Steve Frenchb8643e12005-04-28 22:41:07 -0700[diff] [blame]327 struct smb_hdr *bigbuf = NULL;
328 struct smb_hdr *smallbuf = NULL;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]329 struct msghdr smb_msg;
330 struct kvec iov;
331 struct socket *csocket = server->ssocket;
332 struct list_head *tmp;
333 struct cifsSesInfo *ses;
334 struct task_struct *task_to_wake = NULL;
335 struct mid_q_entry *mid_entry;
336 char *temp;
Steve Frenchb8643e12005-04-28 22:41:07 -0700[diff] [blame]337 int isLargeBuf = FALSE;
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]338 int isMultiRsp;
339 int reconnect;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]340
341 daemonize("cifsd");
342 allow_signal(SIGKILL);
343 current->flags |= PF_MEMALLOC;
344 server->tsk = current; /* save process info to wake at shutdown */
345 cFYI(1, ("Demultiplex PID: %d", current->pid));
346 write_lock(&GlobalSMBSeslock);
347 atomic_inc(&tcpSesAllocCount);
348 length = tcpSesAllocCount.counter;
349 write_unlock(&GlobalSMBSeslock);
Steve Frenchf1914012005-08-18 09:37:34 -0700[diff] [blame]350 complete(&cifsd_complete);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]351 if(length > 1) {
352 mempool_resize(cifs_req_poolp,
353 length + cifs_min_rcv,
354 GFP_KERNEL);
355 }
356
357 while (server->tcpStatus != CifsExiting) {
Steve French16abbec2005-08-30 13:10:14 -0700[diff] [blame^]358 if(try_to_freeze())
359 continue;
Steve Frenchb8643e12005-04-28 22:41:07 -0700[diff] [blame]360 if (bigbuf == NULL) {
361 bigbuf = cifs_buf_get();
362 if(bigbuf == NULL) {
363 cERROR(1,("No memory for large SMB response"));
364 msleep(3000);
365 /* retry will check if exiting */
366 continue;
367 }
368 } else if(isLargeBuf) {
369 /* we are reusing a dirtry large buf, clear its start */
370 memset(bigbuf, 0, sizeof (struct smb_hdr));
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]371 }
Steve Frenchb8643e12005-04-28 22:41:07 -0700[diff] [blame]372
373 if (smallbuf == NULL) {
374 smallbuf = cifs_small_buf_get();
375 if(smallbuf == NULL) {
376 cERROR(1,("No memory for SMB response"));
377 msleep(1000);
378 /* retry will check if exiting */
379 continue;
380 }
381 /* beginning of smb buffer is cleared in our buf_get */
382 } else /* if existing small buf clear beginning */
383 memset(smallbuf, 0, sizeof (struct smb_hdr));
384
385 isLargeBuf = FALSE;
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]386 isMultiRsp = FALSE;
Steve Frenchb8643e12005-04-28 22:41:07 -0700[diff] [blame]387 smb_buffer = smallbuf;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]388 iov.iov_base = smb_buffer;
389 iov.iov_len = 4;
390 smb_msg.msg_control = NULL;
391 smb_msg.msg_controllen = 0;
392 length =
393 kernel_recvmsg(csocket, &smb_msg,
394 &iov, 1, 4, 0 /* BB see socket.h flags */);
395
396 if(server->tcpStatus == CifsExiting) {
397 break;
398 } else if (server->tcpStatus == CifsNeedReconnect) {
Steve French57337e42005-04-28 22:41:10 -0700[diff] [blame]399 cFYI(1,("Reconnect after server stopped responding"));
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]400 cifs_reconnect(server);
401 cFYI(1,("call to reconnect done"));
402 csocket = server->ssocket;
403 continue;
404 } else if ((length == -ERESTARTSYS) || (length == -EAGAIN)) {
Steve Frenchb8643e12005-04-28 22:41:07 -0700[diff] [blame]405 msleep(1); /* minimum sleep to prevent looping
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]406 allowing socket to clear and app threads to set
407 tcpStatus CifsNeedReconnect if server hung */
408 continue;
409 } else if (length <= 0) {
410 if(server->tcpStatus == CifsNew) {
Steve French57337e42005-04-28 22:41:10 -0700[diff] [blame]411 cFYI(1,("tcp session abend after SMBnegprot"));
Steve French09d1db52005-04-28 22:41:08 -0700[diff] [blame]412 /* some servers kill the TCP session rather than
413 returning an SMB negprot error, in which
414 case reconnecting here is not going to help,
415 and so simply return error to mount */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]416 break;
417 }
418 if(length == -EINTR) {
419 cFYI(1,("cifsd thread killed"));
420 break;
421 }
Steve French57337e42005-04-28 22:41:10 -0700[diff] [blame]422 cFYI(1,("Reconnect after unexpected peek error %d",
423 length));
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]424 cifs_reconnect(server);
425 csocket = server->ssocket;
426 wake_up(&server->response_q);
427 continue;
Steve French46810cb2005-04-28 22:41:09 -0700[diff] [blame]428 } else if (length < 4) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]429 cFYI(1,
Steve French57337e42005-04-28 22:41:10 -0700[diff] [blame]430 ("Frame under four bytes received (%d bytes long)",
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]431 length));
432 cifs_reconnect(server);
433 csocket = server->ssocket;
434 wake_up(&server->response_q);
435 continue;
436 }
Steve French67010fb2005-04-28 22:41:09 -0700[diff] [blame]437
Steve French46810cb2005-04-28 22:41:09 -0700[diff] [blame]438 /* the right amount was read from socket - 4 bytes */
439
440 pdu_length = ntohl(smb_buffer->smb_buf_length);
441 cFYI(1,("rfc1002 length(big endian)0x%x)", pdu_length+4));
442
443 temp = (char *) smb_buffer;
444 if (temp[0] == (char) RFC1002_SESSION_KEEP_ALIVE) {
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]445 continue;
Steve French46810cb2005-04-28 22:41:09 -0700[diff] [blame]446 } else if (temp[0] == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]447 cFYI(1,("Good RFC 1002 session rsp"));
448 continue;
Steve French46810cb2005-04-28 22:41:09 -0700[diff] [blame]449 } else if (temp[0] == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
450 /* we get this from Windows 98 instead of
451 an error on SMB negprot response */
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]452 cFYI(1,("Negative RFC1002 Session Response Error 0x%x)",
453 temp[4]));
Steve French46810cb2005-04-28 22:41:09 -0700[diff] [blame]454 if(server->tcpStatus == CifsNew) {
455 /* if nack on negprot (rather than
456 ret of smb negprot error) reconnecting
457 not going to help, ret error to mount */
458 break;
459 } else {
460 /* give server a second to
461 clean up before reconnect attempt */
462 msleep(1000);
463 /* always try 445 first on reconnect
464 since we get NACK on some if we ever
465 connected to port 139 (the NACK is
466 since we do not begin with RFC1001
467 session initialize frame) */
468 server->addr.sockAddr.sin_port =
469 htons(CIFS_PORT);
470 cifs_reconnect(server);
471 csocket = server->ssocket;
472 wake_up(&server->response_q);
473 continue;
474 }
475 } else if (temp[0] != (char) 0) {
476 cERROR(1,("Unknown RFC 1002 frame"));
477 cifs_dump_mem(" Received Data: ", temp, length);
478 cifs_reconnect(server);
479 csocket = server->ssocket;
480 continue;
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]481 }
482
483 /* else we have an SMB response */
484 if((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
Steve French46810cb2005-04-28 22:41:09 -0700[diff] [blame]485 (pdu_length < sizeof (struct smb_hdr) - 1 - 4)) {
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]486 cERROR(1, ("Invalid size SMB length %d pdu_length %d",
Steve French46810cb2005-04-28 22:41:09 -0700[diff] [blame]487 length, pdu_length+4));
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]488 cifs_reconnect(server);
489 csocket = server->ssocket;
490 wake_up(&server->response_q);
491 continue;
492 }
493
494 /* else length ok */
495 reconnect = 0;
496
497 if(pdu_length > MAX_CIFS_HDR_SIZE - 4) {
498 isLargeBuf = TRUE;
499 memcpy(bigbuf, smallbuf, 4);
500 smb_buffer = bigbuf;
501 }
502 length = 0;
503 iov.iov_base = 4 + (char *)smb_buffer;
504 iov.iov_len = pdu_length;
505 for (total_read = 0; total_read < pdu_length;
506 total_read += length) {
507 length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
508 pdu_length - total_read, 0);
509 if((server->tcpStatus == CifsExiting) ||
510 (length == -EINTR)) {
511 /* then will exit */
512 reconnect = 2;
513 break;
514 } else if (server->tcpStatus == CifsNeedReconnect) {
Steve French46810cb2005-04-28 22:41:09 -0700[diff] [blame]515 cifs_reconnect(server);
516 csocket = server->ssocket;
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]517 /* Reconnect wakes up rspns q */
518 /* Now we will reread sock */
519 reconnect = 1;
520 break;
521 } else if ((length == -ERESTARTSYS) ||
522 (length == -EAGAIN)) {
523 msleep(1); /* minimum sleep to prevent looping,
524 allowing socket to clear and app
525 threads to set tcpStatus
526 CifsNeedReconnect if server hung*/
Steve French46810cb2005-04-28 22:41:09 -0700[diff] [blame]527 continue;
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]528 } else if (length <= 0) {
529 cERROR(1,("Received no data, expecting %d",
530 pdu_length - total_read));
531 cifs_reconnect(server);
532 csocket = server->ssocket;
533 reconnect = 1;
534 break;
Steve French46810cb2005-04-28 22:41:09 -0700[diff] [blame]535 }
536 }
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]537 if(reconnect == 2)
538 break;
539 else if(reconnect == 1)
540 continue;
541
542 length += 4; /* account for rfc1002 hdr */
543
544
545 dump_smb(smb_buffer, length);
546 if (checkSMB (smb_buffer, smb_buffer->Mid, total_read+4)) {
547 cERROR(1, ("Bad SMB Received "));
548 continue;
549 }
550
551
552 task_to_wake = NULL;
553 spin_lock(&GlobalMid_Lock);
554 list_for_each(tmp, &server->pending_mid_q) {
555 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
556
557 if ((mid_entry->mid == smb_buffer->Mid) &&
558 (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
559 (mid_entry->command == smb_buffer->Command)) {
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]560 if(check2ndT2(smb_buffer,server->maxBuf) > 0) {
561 /* We have a multipart transact2 resp */
Steve Frenchcd634992005-04-28 22:41:10 -0700[diff] [blame]562 isMultiRsp = TRUE;
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]563 if(mid_entry->resp_buf) {
564 /* merge response - fix up 1st*/
565 if(coalesce_t2(smb_buffer,
566 mid_entry->resp_buf)) {
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]567 break;
568 } else {
569 /* all parts received */
570 goto multi_t2_fnd;
571 }
572 } else {
573 if(!isLargeBuf) {
574 cERROR(1,("1st trans2 resp needs bigbuf"));
575 /* BB maybe we can fix this up, switch
576 to already allocated large buffer? */
577 } else {
Steve Frenchcd634992005-04-28 22:41:10 -0700[diff] [blame]578 /* Have first buffer */
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]579 mid_entry->resp_buf =
580 smb_buffer;
581 mid_entry->largeBuf = 1;
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]582 bigbuf = NULL;
583 }
584 }
585 break;
586 }
587 mid_entry->resp_buf = smb_buffer;
588 if(isLargeBuf)
589 mid_entry->largeBuf = 1;
590 else
591 mid_entry->largeBuf = 0;
592multi_t2_fnd:
593 task_to_wake = mid_entry->tsk;
594 mid_entry->midState = MID_RESPONSE_RECEIVED;
595 break;
596 }
597 }
598 spin_unlock(&GlobalMid_Lock);
599 if (task_to_wake) {
Steve Frenchcd634992005-04-28 22:41:10 -0700[diff] [blame]600 /* Was previous buf put in mpx struct for multi-rsp? */
601 if(!isMultiRsp) {
602 /* smb buffer will be freed by user thread */
603 if(isLargeBuf) {
604 bigbuf = NULL;
605 } else
606 smallbuf = NULL;
607 }
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]608 wake_up_process(task_to_wake);
Steve French57337e42005-04-28 22:41:10 -0700[diff] [blame]609 } else if ((is_valid_oplock_break(smb_buffer) == FALSE)
Steve Frenche4eb2952005-04-28 22:41:09 -0700[diff] [blame]610 && (isMultiRsp == FALSE)) {
611 cERROR(1, ("No task to wake, unknown frame rcvd!"));
612 cifs_dump_mem("Received Data is: ",temp,sizeof(struct smb_hdr));
613 }
614 } /* end while !EXITING */
615
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]616 spin_lock(&GlobalMid_Lock);
617 server->tcpStatus = CifsExiting;
618 server->tsk = NULL;
Steve French31ca3bc2005-04-28 22:41:11 -0700[diff] [blame]619 /* check if we have blocked requests that need to free */
620 /* Note that cifs_max_pending is normally 50, but
621 can be set at module install time to as little as two */
622 if(atomic_read(&server->inFlight) >= cifs_max_pending)
623 atomic_set(&server->inFlight, cifs_max_pending - 1);
624 /* We do not want to set the max_pending too low or we
625 could end up with the counter going negative */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]626 spin_unlock(&GlobalMid_Lock);
627 /* Although there should not be any requests blocked on
628 this queue it can not hurt to be paranoid and try to wake up requests
Steve French09d1db52005-04-28 22:41:08 -0700[diff] [blame]629 that may haven been blocked when more than 50 at time were on the wire
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]630 to the same server - they now will see the session is in exit state
631 and get out of SendReceive. */
632 wake_up_all(&server->request_q);
633 /* give those requests time to exit */
Steve Frenchb8643e12005-04-28 22:41:07 -0700[diff] [blame]634 msleep(125);
635
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]636 if(server->ssocket) {
637 sock_release(csocket);
638 server->ssocket = NULL;
639 }
Steve Frenchb8643e12005-04-28 22:41:07 -0700[diff] [blame]640 /* buffer usuallly freed in free_mid - need to free it here on exit */
641 if (bigbuf != NULL)
642 cifs_buf_release(bigbuf);
643 if (smallbuf != NULL)
644 cifs_small_buf_release(smallbuf);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]645
646 read_lock(&GlobalSMBSeslock);
647 if (list_empty(&server->pending_mid_q)) {
Steve French09d1db52005-04-28 22:41:08 -0700[diff] [blame]648 /* loop through server session structures attached to this and
649 mark them dead */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]650 list_for_each(tmp, &GlobalSMBSessionList) {
651 ses =
652 list_entry(tmp, struct cifsSesInfo,
653 cifsSessionList);
654 if (ses->server == server) {
655 ses->status = CifsExiting;
656 ses->server = NULL;
657 }
658 }
659 read_unlock(&GlobalSMBSeslock);
660 } else {
Steve French31ca3bc2005-04-28 22:41:11 -0700[diff] [blame]661 /* although we can not zero the server struct pointer yet,
662 since there are active requests which may depnd on them,
663 mark the corresponding SMB sessions as exiting too */
664 list_for_each(tmp, &GlobalSMBSessionList) {
665 ses = list_entry(tmp, struct cifsSesInfo,
666 cifsSessionList);
667 if (ses->server == server) {
668 ses->status = CifsExiting;
669 }
670 }
671
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]672 spin_lock(&GlobalMid_Lock);
673 list_for_each(tmp, &server->pending_mid_q) {
674 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
675 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
676 cFYI(1,
Steve French09d1db52005-04-28 22:41:08 -0700[diff] [blame]677 ("Clearing Mid 0x%x - waking up ",mid_entry->mid));
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]678 task_to_wake = mid_entry->tsk;
679 if(task_to_wake) {
680 wake_up_process(task_to_wake);
681 }
682 }
683 }
684 spin_unlock(&GlobalMid_Lock);
685 read_unlock(&GlobalSMBSeslock);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]686 /* 1/8th of sec is more than enough time for them to exit */
Steve Frenchb8643e12005-04-28 22:41:07 -0700[diff] [blame]687 msleep(125);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]688 }
689
Steve Frenchf1914012005-08-18 09:37:34 -0700[diff] [blame]690 if (!list_empty(&server->pending_mid_q)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]691 /* mpx threads have not exited yet give them
692 at least the smb send timeout time for long ops */
Steve French31ca3bc2005-04-28 22:41:11 -0700[diff] [blame]693 /* due to delays on oplock break requests, we need
694 to wait at least 45 seconds before giving up
695 on a request getting a response and going ahead
696 and killing cifsd */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]697 cFYI(1, ("Wait for exit from demultiplex thread"));
Steve French31ca3bc2005-04-28 22:41:11 -0700[diff] [blame]698 msleep(46000);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]699 /* if threads still have not exited they are probably never
700 coming home not much else we can do but free the memory */
701 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]702
703 write_lock(&GlobalSMBSeslock);
704 atomic_dec(&tcpSesAllocCount);
705 length = tcpSesAllocCount.counter;
Steve French31ca3bc2005-04-28 22:41:11 -0700[diff] [blame]706
707 /* last chance to mark ses pointers invalid
708 if there are any pointing to this (e.g
709 if a crazy root user tried to kill cifsd
710 kernel thread explicitly this might happen) */
711 list_for_each(tmp, &GlobalSMBSessionList) {
712 ses = list_entry(tmp, struct cifsSesInfo,
713 cifsSessionList);
714 if (ses->server == server) {
715 ses->server = NULL;
716 }
717 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]718 write_unlock(&GlobalSMBSeslock);
Steve French31ca3bc2005-04-28 22:41:11 -0700[diff] [blame]719
720 kfree(server);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]721 if(length > 0) {
722 mempool_resize(cifs_req_poolp,
723 length + cifs_min_rcv,
724 GFP_KERNEL);
725 }
Steve Frenchb8643e12005-04-28 22:41:07 -0700[diff] [blame]726
Steve Frenchf1914012005-08-18 09:37:34 -0700[diff] [blame]727 complete_and_exit(&cifsd_complete, 0);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]728 return 0;
729}
730
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]731static int
732cifs_parse_mount_options(char *options, const char *devname,struct smb_vol *vol)
733{
734 char *value;
735 char *data;
736 unsigned int temp_len, i, j;
737 char separator[2];
738
739 separator[0] = ',';
740 separator[1] = 0;
741
742 memset(vol->source_rfc1001_name,0x20,15);
743 for(i=0;i < strnlen(system_utsname.nodename,15);i++) {
744 /* does not have to be a perfect mapping since the field is
745 informational, only used for servers that do not support
746 port 445 and it can be overridden at mount time */
Steve French09d1db52005-04-28 22:41:08 -0700[diff] [blame]747 vol->source_rfc1001_name[i] =
748 toupper(system_utsname.nodename[i]);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]749 }
750 vol->source_rfc1001_name[15] = 0;
Steve Frencha10faeb22005-08-22 21:38:31 -0700[diff] [blame]751 /* null target name indicates to use *SMBSERVR default called name
752 if we end up sending RFC1001 session initialize */
753 vol->target_rfc1001_name[0] = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]754 vol->linux_uid = current->uid; /* current->euid instead? */
755 vol->linux_gid = current->gid;
756 vol->dir_mode = S_IRWXUGO;
757 /* 2767 perms indicate mandatory locking support */
758 vol->file_mode = S_IALLUGO & ~(S_ISUID | S_IXGRP);
759
760 /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
761 vol->rw = TRUE;
762
Jeremy Allisonac670552005-06-22 17:26:35 -0700[diff] [blame]763 /* default is always to request posix paths. */
764 vol->posix_paths = 1;
765
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]766 if (!options)
767 return 1;
768
769 if(strncmp(options,"sep=",4) == 0) {
770 if(options[4] != 0) {
771 separator[0] = options[4];
772 options += 5;
773 } else {
774 cFYI(1,("Null separator not allowed"));
775 }
776 }
777
778 while ((data = strsep(&options, separator)) != NULL) {
779 if (!*data)
780 continue;
781 if ((value = strchr(data, '=')) != NULL)
782 *value++ = '\0';
783
784 if (strnicmp(data, "user_xattr",10) == 0) {/*parse before user*/
785 vol->no_xattr = 0;
786 } else if (strnicmp(data, "nouser_xattr",12) == 0) {
787 vol->no_xattr = 1;
788 } else if (strnicmp(data, "user", 4) == 0) {
789 if (!value || !*value) {
790 printk(KERN_WARNING
791 "CIFS: invalid or missing username\n");
792 return 1; /* needs_arg; */
793 }
794 if (strnlen(value, 200) < 200) {
795 vol->username = value;
796 } else {
797 printk(KERN_WARNING "CIFS: username too long\n");
798 return 1;
799 }
800 } else if (strnicmp(data, "pass", 4) == 0) {
801 if (!value) {
802 vol->password = NULL;
803 continue;
804 } else if(value[0] == 0) {
805 /* check if string begins with double comma
806 since that would mean the password really
807 does start with a comma, and would not
808 indicate an empty string */
809 if(value[1] != separator[0]) {
810 vol->password = NULL;
811 continue;
812 }
813 }
814 temp_len = strlen(value);
815 /* removed password length check, NTLM passwords
816 can be arbitrarily long */
817
818 /* if comma in password, the string will be
819 prematurely null terminated. Commas in password are
820 specified across the cifs mount interface by a double
821 comma ie ,, and a comma used as in other cases ie ','
822 as a parameter delimiter/separator is single and due
823 to the strsep above is temporarily zeroed. */
824
825 /* NB: password legally can have multiple commas and
826 the only illegal character in a password is null */
827
Steve French09d1db52005-04-28 22:41:08 -0700[diff] [blame]828 if ((value[temp_len] == 0) &&
829 (value[temp_len+1] == separator[0])) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]830 /* reinsert comma */
831 value[temp_len] = separator[0];
832 temp_len+=2; /* move after the second comma */
833 while(value[temp_len] != 0) {
834 if (value[temp_len] == separator[0]) {
Steve French09d1db52005-04-28 22:41:08 -0700[diff] [blame]835 if (value[temp_len+1] ==
836 separator[0]) {
837 /* skip second comma */
838 temp_len++;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]839 } else {
840 /* single comma indicating start
841 of next parm */
842 break;
843 }
844 }
845 temp_len++;
846 }
847 if(value[temp_len] == 0) {
848 options = NULL;
849 } else {
850 value[temp_len] = 0;
851 /* point option to start of next parm */
852 options = value + temp_len + 1;
853 }
854 /* go from value to value + temp_len condensing
855 double commas to singles. Note that this ends up
856 allocating a few bytes too many, which is ok */
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]857 vol->password = kcalloc(1, temp_len, GFP_KERNEL);
858 if(vol->password == NULL) {
859 printk("CIFS: no memory for pass\n");
860 return 1;
861 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]862 for(i=0,j=0;i<temp_len;i++,j++) {
863 vol->password[j] = value[i];
Steve French09d1db52005-04-28 22:41:08 -0700[diff] [blame]864 if(value[i] == separator[0]
865 && value[i+1] == separator[0]) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]866 /* skip second comma */
867 i++;
868 }
869 }
870 vol->password[j] = 0;
871 } else {
Steve French09d1db52005-04-28 22:41:08 -0700[diff] [blame]872 vol->password = kcalloc(1, temp_len+1, GFP_KERNEL);
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]873 if(vol->password == NULL) {
874 printk("CIFS: no memory for pass\n");
875 return 1;
876 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]877 strcpy(vol->password, value);
878 }
879 } else if (strnicmp(data, "ip", 2) == 0) {
880 if (!value || !*value) {
881 vol->UNCip = NULL;
882 } else if (strnlen(value, 35) < 35) {
883 vol->UNCip = value;
884 } else {
885 printk(KERN_WARNING "CIFS: ip address too long\n");
886 return 1;
887 }
888 } else if ((strnicmp(data, "unc", 3) == 0)
889 || (strnicmp(data, "target", 6) == 0)
890 || (strnicmp(data, "path", 4) == 0)) {
891 if (!value || !*value) {
892 printk(KERN_WARNING
893 "CIFS: invalid path to network resource\n");
894 return 1; /* needs_arg; */
895 }
896 if ((temp_len = strnlen(value, 300)) < 300) {
897 vol->UNC = kmalloc(temp_len+1,GFP_KERNEL);
898 if(vol->UNC == NULL)
899 return 1;
900 strcpy(vol->UNC,value);
901 if (strncmp(vol->UNC, "//", 2) == 0) {
902 vol->UNC[0] = '\\';
903 vol->UNC[1] = '\\';
904 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
905 printk(KERN_WARNING
906 "CIFS: UNC Path does not begin with // or \\\\ \n");
907 return 1;
908 }
909 } else {
910 printk(KERN_WARNING "CIFS: UNC name too long\n");
911 return 1;
912 }
913 } else if ((strnicmp(data, "domain", 3) == 0)
914 || (strnicmp(data, "workgroup", 5) == 0)) {
915 if (!value || !*value) {
916 printk(KERN_WARNING "CIFS: invalid domain name\n");
917 return 1; /* needs_arg; */
918 }
919 /* BB are there cases in which a comma can be valid in
920 a domain name and need special handling? */
921 if (strnlen(value, 65) < 65) {
922 vol->domainname = value;
923 cFYI(1, ("Domain name set"));
924 } else {
925 printk(KERN_WARNING "CIFS: domain name too long\n");
926 return 1;
927 }
928 } else if (strnicmp(data, "iocharset", 9) == 0) {
929 if (!value || !*value) {
930 printk(KERN_WARNING "CIFS: invalid iocharset specified\n");
931 return 1; /* needs_arg; */
932 }
933 if (strnlen(value, 65) < 65) {
934 if(strnicmp(value,"default",7))
935 vol->iocharset = value;
936 /* if iocharset not set load_nls_default used by caller */
937 cFYI(1, ("iocharset set to %s",value));
938 } else {
939 printk(KERN_WARNING "CIFS: iocharset name too long.\n");
940 return 1;
941 }
942 } else if (strnicmp(data, "uid", 3) == 0) {
943 if (value && *value) {
944 vol->linux_uid =
945 simple_strtoul(value, &value, 0);
946 }
947 } else if (strnicmp(data, "gid", 3) == 0) {
948 if (value && *value) {
949 vol->linux_gid =
950 simple_strtoul(value, &value, 0);
951 }
952 } else if (strnicmp(data, "file_mode", 4) == 0) {
953 if (value && *value) {
954 vol->file_mode =
955 simple_strtoul(value, &value, 0);
956 }
957 } else if (strnicmp(data, "dir_mode", 4) == 0) {
958 if (value && *value) {
959 vol->dir_mode =
960 simple_strtoul(value, &value, 0);
961 }
962 } else if (strnicmp(data, "dirmode", 4) == 0) {
963 if (value && *value) {
964 vol->dir_mode =
965 simple_strtoul(value, &value, 0);
966 }
967 } else if (strnicmp(data, "port", 4) == 0) {
968 if (value && *value) {
969 vol->port =
970 simple_strtoul(value, &value, 0);
971 }
972 } else if (strnicmp(data, "rsize", 5) == 0) {
973 if (value && *value) {
974 vol->rsize =
975 simple_strtoul(value, &value, 0);
976 }
977 } else if (strnicmp(data, "wsize", 5) == 0) {
978 if (value && *value) {
979 vol->wsize =
980 simple_strtoul(value, &value, 0);
981 }
982 } else if (strnicmp(data, "sockopt", 5) == 0) {
983 if (value && *value) {
984 vol->sockopt =
985 simple_strtoul(value, &value, 0);
986 }
987 } else if (strnicmp(data, "netbiosname", 4) == 0) {
988 if (!value || !*value || (*value == ' ')) {
989 cFYI(1,("invalid (empty) netbiosname specified"));
990 } else {
991 memset(vol->source_rfc1001_name,0x20,15);
992 for(i=0;i<15;i++) {
993 /* BB are there cases in which a comma can be
994 valid in this workstation netbios name (and need
995 special handling)? */
996
997 /* We do not uppercase netbiosname for user */
998 if (value[i]==0)
999 break;
1000 else
1001 vol->source_rfc1001_name[i] = value[i];
1002 }
1003 /* The string has 16th byte zero still from
1004 set at top of the function */
1005 if((i==15) && (value[i] != 0))
Steve Frencha10faeb22005-08-22 21:38:31 -0700[diff] [blame]1006 printk(KERN_WARNING "CIFS: netbiosname longer than 15 truncated.\n");
1007 }
1008 } else if (strnicmp(data, "servern", 7) == 0) {
1009 /* servernetbiosname specified override *SMBSERVER */
1010 if (!value || !*value || (*value == ' ')) {
1011 cFYI(1,("empty server netbiosname specified"));
1012 } else {
1013 /* last byte, type, is 0x20 for servr type */
1014 memset(vol->target_rfc1001_name,0x20,16);
1015
1016 for(i=0;i<15;i++) {
1017 /* BB are there cases in which a comma can be
1018 valid in this workstation netbios name (and need
1019 special handling)? */
1020
1021 /* user or mount helper must uppercase netbiosname */
1022 if (value[i]==0)
1023 break;
1024 else
1025 vol->target_rfc1001_name[i] = value[i];
1026 }
1027 /* The string has 16th byte zero still from
1028 set at top of the function */
1029 if((i==15) && (value[i] != 0))
1030 printk(KERN_WARNING "CIFS: server netbiosname longer than 15 truncated.\n");
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1031 }
1032 } else if (strnicmp(data, "credentials", 4) == 0) {
1033 /* ignore */
1034 } else if (strnicmp(data, "version", 3) == 0) {
1035 /* ignore */
1036 } else if (strnicmp(data, "guest",5) == 0) {
1037 /* ignore */
1038 } else if (strnicmp(data, "rw", 2) == 0) {
1039 vol->rw = TRUE;
1040 } else if ((strnicmp(data, "suid", 4) == 0) ||
1041 (strnicmp(data, "nosuid", 6) == 0) ||
1042 (strnicmp(data, "exec", 4) == 0) ||
1043 (strnicmp(data, "noexec", 6) == 0) ||
1044 (strnicmp(data, "nodev", 5) == 0) ||
1045 (strnicmp(data, "noauto", 6) == 0) ||
1046 (strnicmp(data, "dev", 3) == 0)) {
1047 /* The mount tool or mount.cifs helper (if present)
1048 uses these opts to set flags, and the flags are read
1049 by the kernel vfs layer before we get here (ie
1050 before read super) so there is no point trying to
1051 parse these options again and set anything and it
1052 is ok to just ignore them */
1053 continue;
1054 } else if (strnicmp(data, "ro", 2) == 0) {
1055 vol->rw = FALSE;
1056 } else if (strnicmp(data, "hard", 4) == 0) {
1057 vol->retry = 1;
1058 } else if (strnicmp(data, "soft", 4) == 0) {
1059 vol->retry = 0;
1060 } else if (strnicmp(data, "perm", 4) == 0) {
1061 vol->noperm = 0;
1062 } else if (strnicmp(data, "noperm", 6) == 0) {
1063 vol->noperm = 1;
Steve French6a0b4822005-04-28 22:41:05 -0700[diff] [blame]1064 } else if (strnicmp(data, "mapchars", 8) == 0) {
1065 vol->remap = 1;
1066 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1067 vol->remap = 0;
Steve Frenchd7245c22005-07-14 18:25:12 -0500[diff] [blame]1068 } else if (strnicmp(data, "sfu", 3) == 0) {
1069 vol->sfu_emul = 1;
1070 } else if (strnicmp(data, "nosfu", 5) == 0) {
1071 vol->sfu_emul = 0;
Jeremy Allisonac670552005-06-22 17:26:35 -0700[diff] [blame]1072 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1073 vol->posix_paths = 1;
1074 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1075 vol->posix_paths = 0;
Steve Frencha10faeb22005-08-22 21:38:31 -0700[diff] [blame]1076 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1077 (strnicmp(data, "ignorecase", 10) == 0)) {
Steve Frenchc46fa8a2005-08-18 20:49:57 -0700[diff] [blame]1078 vol->nocase = 1;
1079 } else if (strnicmp(data, "brl", 3) == 0) {
1080 vol->nobrl = 0;
1081 } else if (strnicmp(data, "nobrl", 5) == 0) {
1082 vol->nobrl = 1;
Steve Frenchd3485d32005-08-19 11:04:29 -0700[diff] [blame]1083 /* turn off mandatory locking in mode
1084 if remote locking is turned off since the
1085 local vfs will do advisory */
1086 if(vol->file_mode == (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1087 vol->file_mode = S_IALLUGO;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1088 } else if (strnicmp(data, "setuids", 7) == 0) {
1089 vol->setuids = 1;
1090 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1091 vol->setuids = 0;
1092 } else if (strnicmp(data, "nohard", 6) == 0) {
1093 vol->retry = 0;
1094 } else if (strnicmp(data, "nosoft", 6) == 0) {
1095 vol->retry = 1;
1096 } else if (strnicmp(data, "nointr", 6) == 0) {
1097 vol->intr = 0;
1098 } else if (strnicmp(data, "intr", 4) == 0) {
1099 vol->intr = 1;
1100 } else if (strnicmp(data, "serverino",7) == 0) {
1101 vol->server_ino = 1;
1102 } else if (strnicmp(data, "noserverino",9) == 0) {
1103 vol->server_ino = 0;
1104 } else if (strnicmp(data, "acl",3) == 0) {
1105 vol->no_psx_acl = 0;
1106 } else if (strnicmp(data, "noacl",5) == 0) {
1107 vol->no_psx_acl = 1;
1108 } else if (strnicmp(data, "direct",6) == 0) {
1109 vol->direct_io = 1;
1110 } else if (strnicmp(data, "forcedirectio",13) == 0) {
1111 vol->direct_io = 1;
1112 } else if (strnicmp(data, "in6_addr",8) == 0) {
1113 if (!value || !*value) {
1114 vol->in6_addr = NULL;
1115 } else if (strnlen(value, 49) == 48) {
1116 vol->in6_addr = value;
1117 } else {
1118 printk(KERN_WARNING "CIFS: ip v6 address not 48 characters long\n");
1119 return 1;
1120 }
1121 } else if (strnicmp(data, "noac", 4) == 0) {
1122 printk(KERN_WARNING "CIFS: Mount option noac not supported. Instead set /proc/fs/cifs/LookupCacheEnabled to 0\n");
1123 } else
1124 printk(KERN_WARNING "CIFS: Unknown mount option %s\n",data);
1125 }
1126 if (vol->UNC == NULL) {
1127 if(devname == NULL) {
1128 printk(KERN_WARNING "CIFS: Missing UNC name for mount target\n");
1129 return 1;
1130 }
1131 if ((temp_len = strnlen(devname, 300)) < 300) {
1132 vol->UNC = kmalloc(temp_len+1,GFP_KERNEL);
1133 if(vol->UNC == NULL)
1134 return 1;
1135 strcpy(vol->UNC,devname);
1136 if (strncmp(vol->UNC, "//", 2) == 0) {
1137 vol->UNC[0] = '\\';
1138 vol->UNC[1] = '\\';
1139 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1140 printk(KERN_WARNING "CIFS: UNC Path does not begin with // or \\\\ \n");
1141 return 1;
1142 }
1143 } else {
1144 printk(KERN_WARNING "CIFS: UNC name too long\n");
1145 return 1;
1146 }
1147 }
1148 if(vol->UNCip == NULL)
1149 vol->UNCip = &vol->UNC[2];
1150
1151 return 0;
1152}
1153
1154static struct cifsSesInfo *
1155cifs_find_tcp_session(struct in_addr * target_ip_addr,
1156 struct in6_addr *target_ip6_addr,
1157 char *userName, struct TCP_Server_Info **psrvTcp)
1158{
1159 struct list_head *tmp;
1160 struct cifsSesInfo *ses;
1161 *psrvTcp = NULL;
1162 read_lock(&GlobalSMBSeslock);
1163
1164 list_for_each(tmp, &GlobalSMBSessionList) {
1165 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
1166 if (ses->server) {
1167 if((target_ip_addr &&
1168 (ses->server->addr.sockAddr.sin_addr.s_addr
1169 == target_ip_addr->s_addr)) || (target_ip6_addr
1170 && memcmp(&ses->server->addr.sockAddr6.sin6_addr,
1171 target_ip6_addr,sizeof(*target_ip6_addr)))){
1172 /* BB lock server and tcp session and increment use count here?? */
1173 *psrvTcp = ses->server; /* found a match on the TCP session */
1174 /* BB check if reconnection needed */
1175 if (strncmp
1176 (ses->userName, userName,
1177 MAX_USERNAME_SIZE) == 0){
1178 read_unlock(&GlobalSMBSeslock);
1179 return ses; /* found exact match on both tcp and SMB sessions */
1180 }
1181 }
1182 }
1183 /* else tcp and smb sessions need reconnection */
1184 }
1185 read_unlock(&GlobalSMBSeslock);
1186 return NULL;
1187}
1188
1189static struct cifsTconInfo *
1190find_unc(__be32 new_target_ip_addr, char *uncName, char *userName)
1191{
1192 struct list_head *tmp;
1193 struct cifsTconInfo *tcon;
1194
1195 read_lock(&GlobalSMBSeslock);
1196 list_for_each(tmp, &GlobalTreeConnectionList) {
1197 cFYI(1, ("Next tcon - "));
1198 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
1199 if (tcon->ses) {
1200 if (tcon->ses->server) {
1201 cFYI(1,
1202 (" old ip addr: %x == new ip %x ?",
1203 tcon->ses->server->addr.sockAddr.sin_addr.
1204 s_addr, new_target_ip_addr));
1205 if (tcon->ses->server->addr.sockAddr.sin_addr.
1206 s_addr == new_target_ip_addr) {
1207 /* BB lock tcon and server and tcp session and increment use count here? */
1208 /* found a match on the TCP session */
1209 /* BB check if reconnection needed */
1210 cFYI(1,("Matched ip, old UNC: %s == new: %s ?",
1211 tcon->treeName, uncName));
1212 if (strncmp
1213 (tcon->treeName, uncName,
1214 MAX_TREE_SIZE) == 0) {
1215 cFYI(1,
1216 ("Matched UNC, old user: %s == new: %s ?",
1217 tcon->treeName, uncName));
1218 if (strncmp
1219 (tcon->ses->userName,
1220 userName,
1221 MAX_USERNAME_SIZE) == 0) {
1222 read_unlock(&GlobalSMBSeslock);
1223 return tcon;/* also matched user (smb session)*/
1224 }
1225 }
1226 }
1227 }
1228 }
1229 }
1230 read_unlock(&GlobalSMBSeslock);
1231 return NULL;
1232}
1233
1234int
1235connect_to_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
Steve French737b7582005-04-28 22:41:06 -0700[diff] [blame]1236 const char *old_path, const struct nls_table *nls_codepage,
1237 int remap)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1238{
1239 unsigned char *referrals = NULL;
1240 unsigned int num_referrals;
1241 int rc = 0;
1242
1243 rc = get_dfs_path(xid, pSesInfo,old_path, nls_codepage,
Steve French737b7582005-04-28 22:41:06 -0700[diff] [blame]1244 &num_referrals, &referrals, remap);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1245
1246 /* BB Add in code to: if valid refrl, if not ip address contact
1247 the helper that resolves tcp names, mount to it, try to
1248 tcon to it unmount it if fail */
1249
1250 if(referrals)
1251 kfree(referrals);
1252
1253 return rc;
1254}
1255
1256int
1257get_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
1258 const char *old_path, const struct nls_table *nls_codepage,
Steve French737b7582005-04-28 22:41:06 -0700[diff] [blame]1259 unsigned int *pnum_referrals,
1260 unsigned char ** preferrals, int remap)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1261{
1262 char *temp_unc;
1263 int rc = 0;
1264
1265 *pnum_referrals = 0;
1266
1267 if (pSesInfo->ipc_tid == 0) {
1268 temp_unc = kmalloc(2 /* for slashes */ +
1269 strnlen(pSesInfo->serverName,SERVER_NAME_LEN_WITH_NULL * 2)
1270 + 1 + 4 /* slash IPC$ */ + 2,
1271 GFP_KERNEL);
1272 if (temp_unc == NULL)
1273 return -ENOMEM;
1274 temp_unc[0] = '\\';
1275 temp_unc[1] = '\\';
1276 strcpy(temp_unc + 2, pSesInfo->serverName);
1277 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
1278 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
1279 cFYI(1,
1280 ("CIFS Tcon rc = %d ipc_tid = %d", rc,pSesInfo->ipc_tid));
1281 kfree(temp_unc);
1282 }
1283 if (rc == 0)
1284 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
Steve French737b7582005-04-28 22:41:06 -0700[diff] [blame]1285 pnum_referrals, nls_codepage, remap);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1286
1287 return rc;
1288}
1289
1290/* See RFC1001 section 14 on representation of Netbios names */
1291static void rfc1002mangle(char * target,char * source, unsigned int length)
1292{
1293 unsigned int i,j;
1294
1295 for(i=0,j=0;i<(length);i++) {
1296 /* mask a nibble at a time and encode */
1297 target[j] = 'A' + (0x0F & (source[i] >> 4));
1298 target[j+1] = 'A' + (0x0F & source[i]);
1299 j+=2;
1300 }
1301
1302}
1303
1304
1305static int
1306ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket,
Steve Frencha10faeb22005-08-22 21:38:31 -0700[diff] [blame]1307 char * netbios_name, char * target_name)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1308{
1309 int rc = 0;
1310 int connected = 0;
1311 __be16 orig_port = 0;
1312
1313 if(*csocket == NULL) {
1314 rc = sock_create_kern(PF_INET, SOCK_STREAM, IPPROTO_TCP, csocket);
1315 if (rc < 0) {
1316 cERROR(1, ("Error %d creating socket",rc));
1317 *csocket = NULL;
1318 return rc;
1319 } else {
1320 /* BB other socket options to set KEEPALIVE, NODELAY? */
1321 cFYI(1,("Socket created"));
1322 (*csocket)->sk->sk_allocation = GFP_NOFS;
1323 }
1324 }
1325
1326 psin_server->sin_family = AF_INET;
1327 if(psin_server->sin_port) { /* user overrode default port */
1328 rc = (*csocket)->ops->connect(*csocket,
1329 (struct sockaddr *) psin_server,
1330 sizeof (struct sockaddr_in),0);
1331 if (rc >= 0)
1332 connected = 1;
1333 }
1334
1335 if(!connected) {
1336 /* save original port so we can retry user specified port
1337 later if fall back ports fail this time */
1338 orig_port = psin_server->sin_port;
1339
1340 /* do not retry on the same port we just failed on */
1341 if(psin_server->sin_port != htons(CIFS_PORT)) {
1342 psin_server->sin_port = htons(CIFS_PORT);
1343
1344 rc = (*csocket)->ops->connect(*csocket,
1345 (struct sockaddr *) psin_server,
1346 sizeof (struct sockaddr_in),0);
1347 if (rc >= 0)
1348 connected = 1;
1349 }
1350 }
1351 if (!connected) {
1352 psin_server->sin_port = htons(RFC1001_PORT);
1353 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1354 psin_server, sizeof (struct sockaddr_in),0);
1355 if (rc >= 0)
1356 connected = 1;
1357 }
1358
1359 /* give up here - unless we want to retry on different
1360 protocol families some day */
1361 if (!connected) {
1362 if(orig_port)
1363 psin_server->sin_port = orig_port;
1364 cFYI(1,("Error %d connecting to server via ipv4",rc));
1365 sock_release(*csocket);
1366 *csocket = NULL;
1367 return rc;
1368 }
1369 /* Eventually check for other socket options to change from
1370 the default. sock_setsockopt not used because it expects
1371 user space buffer */
1372 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1373
1374 /* send RFC1001 sessinit */
1375
1376 if(psin_server->sin_port == htons(RFC1001_PORT)) {
1377 /* some servers require RFC1001 sessinit before sending
1378 negprot - BB check reconnection in case where second
1379 sessinit is sent but no second negprot */
1380 struct rfc1002_session_packet * ses_init_buf;
1381 struct smb_hdr * smb_buf;
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]1382 ses_init_buf = kcalloc(1, sizeof(struct rfc1002_session_packet), GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1383 if(ses_init_buf) {
1384 ses_init_buf->trailer.session_req.called_len = 32;
Steve Frencha10faeb22005-08-22 21:38:31 -0700[diff] [blame]1385 if(target_name && (target_name[0] != 0)) {
1386 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1387 target_name, 16);
1388 } else {
1389 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1390 DEFAULT_CIFS_CALLED_NAME,16);
1391 }
1392
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1393 ses_init_buf->trailer.session_req.calling_len = 32;
1394 /* calling name ends in null (byte 16) from old smb
1395 convention. */
1396 if(netbios_name && (netbios_name[0] !=0)) {
1397 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1398 netbios_name,16);
1399 } else {
1400 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1401 "LINUX_CIFS_CLNT",16);
1402 }
1403 ses_init_buf->trailer.session_req.scope1 = 0;
1404 ses_init_buf->trailer.session_req.scope2 = 0;
1405 smb_buf = (struct smb_hdr *)ses_init_buf;
1406 /* sizeof RFC1002_SESSION_REQUEST with no scope */
1407 smb_buf->smb_buf_length = 0x81000044;
1408 rc = smb_send(*csocket, smb_buf, 0x44,
1409 (struct sockaddr *)psin_server);
1410 kfree(ses_init_buf);
1411 }
1412 /* else the negprot may still work without this
1413 even though malloc failed */
1414
1415 }
1416
1417 return rc;
1418}
1419
1420static int
1421ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket)
1422{
1423 int rc = 0;
1424 int connected = 0;
1425 __be16 orig_port = 0;
1426
1427 if(*csocket == NULL) {
1428 rc = sock_create_kern(PF_INET6, SOCK_STREAM, IPPROTO_TCP, csocket);
1429 if (rc < 0) {
1430 cERROR(1, ("Error %d creating ipv6 socket",rc));
1431 *csocket = NULL;
1432 return rc;
1433 } else {
1434 /* BB other socket options to set KEEPALIVE, NODELAY? */
1435 cFYI(1,("ipv6 Socket created"));
1436 (*csocket)->sk->sk_allocation = GFP_NOFS;
1437 }
1438 }
1439
1440 psin_server->sin6_family = AF_INET6;
1441
1442 if(psin_server->sin6_port) { /* user overrode default port */
1443 rc = (*csocket)->ops->connect(*csocket,
1444 (struct sockaddr *) psin_server,
1445 sizeof (struct sockaddr_in6),0);
1446 if (rc >= 0)
1447 connected = 1;
1448 }
1449
1450 if(!connected) {
1451 /* save original port so we can retry user specified port
1452 later if fall back ports fail this time */
1453
1454 orig_port = psin_server->sin6_port;
1455 /* do not retry on the same port we just failed on */
1456 if(psin_server->sin6_port != htons(CIFS_PORT)) {
1457 psin_server->sin6_port = htons(CIFS_PORT);
1458
1459 rc = (*csocket)->ops->connect(*csocket,
1460 (struct sockaddr *) psin_server,
1461 sizeof (struct sockaddr_in6),0);
1462 if (rc >= 0)
1463 connected = 1;
1464 }
1465 }
1466 if (!connected) {
1467 psin_server->sin6_port = htons(RFC1001_PORT);
1468 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1469 psin_server, sizeof (struct sockaddr_in6),0);
1470 if (rc >= 0)
1471 connected = 1;
1472 }
1473
1474 /* give up here - unless we want to retry on different
1475 protocol families some day */
1476 if (!connected) {
1477 if(orig_port)
1478 psin_server->sin6_port = orig_port;
1479 cFYI(1,("Error %d connecting to server via ipv6",rc));
1480 sock_release(*csocket);
1481 *csocket = NULL;
1482 return rc;
1483 }
1484 /* Eventually check for other socket options to change from
1485 the default. sock_setsockopt not used because it expects
1486 user space buffer */
1487 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1488
1489 return rc;
1490}
1491
1492int
1493cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
1494 char *mount_data, const char *devname)
1495{
1496 int rc = 0;
1497 int xid;
1498 int address_type = AF_INET;
1499 struct socket *csocket = NULL;
1500 struct sockaddr_in sin_server;
1501 struct sockaddr_in6 sin_server6;
1502 struct smb_vol volume_info;
1503 struct cifsSesInfo *pSesInfo = NULL;
1504 struct cifsSesInfo *existingCifsSes = NULL;
1505 struct cifsTconInfo *tcon = NULL;
1506 struct TCP_Server_Info *srvTcp = NULL;
1507
1508 xid = GetXid();
1509
1510/* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */
1511
1512 memset(&volume_info,0,sizeof(struct smb_vol));
1513 if (cifs_parse_mount_options(mount_data, devname, &volume_info)) {
1514 if(volume_info.UNC)
1515 kfree(volume_info.UNC);
1516 if(volume_info.password)
1517 kfree(volume_info.password);
1518 FreeXid(xid);
1519 return -EINVAL;
1520 }
1521
1522 if (volume_info.username) {
1523 /* BB fixme parse for domain name here */
1524 cFYI(1, ("Username: %s ", volume_info.username));
1525
1526 } else {
1527 cifserror("No username specified ");
1528 /* In userspace mount helper we can get user name from alternate
1529 locations such as env variables and files on disk */
1530 if(volume_info.UNC)
1531 kfree(volume_info.UNC);
1532 if(volume_info.password)
1533 kfree(volume_info.password);
1534 FreeXid(xid);
1535 return -EINVAL;
1536 }
1537
1538 if (volume_info.UNCip && volume_info.UNC) {
1539 rc = cifs_inet_pton(AF_INET, volume_info.UNCip,&sin_server.sin_addr.s_addr);
1540
1541 if(rc <= 0) {
1542 /* not ipv4 address, try ipv6 */
1543 rc = cifs_inet_pton(AF_INET6,volume_info.UNCip,&sin_server6.sin6_addr.in6_u);
1544 if(rc > 0)
1545 address_type = AF_INET6;
1546 } else {
1547 address_type = AF_INET;
1548 }
1549
1550 if(rc <= 0) {
1551 /* we failed translating address */
1552 if(volume_info.UNC)
1553 kfree(volume_info.UNC);
1554 if(volume_info.password)
1555 kfree(volume_info.password);
1556 FreeXid(xid);
1557 return -EINVAL;
1558 }
1559
1560 cFYI(1, ("UNC: %s ip: %s", volume_info.UNC, volume_info.UNCip));
1561 /* success */
1562 rc = 0;
1563 } else if (volume_info.UNCip){
1564 /* BB using ip addr as server name connect to the DFS root below */
1565 cERROR(1,("Connecting to DFS root not implemented yet"));
1566 if(volume_info.UNC)
1567 kfree(volume_info.UNC);
1568 if(volume_info.password)
1569 kfree(volume_info.password);
1570 FreeXid(xid);
1571 return -EINVAL;
1572 } else /* which servers DFS root would we conect to */ {
1573 cERROR(1,
1574 ("CIFS mount error: No UNC path (e.g. -o unc=//192.168.1.100/public) specified "));
1575 if(volume_info.UNC)
1576 kfree(volume_info.UNC);
1577 if(volume_info.password)
1578 kfree(volume_info.password);
1579 FreeXid(xid);
1580 return -EINVAL;
1581 }
1582
1583 /* this is needed for ASCII cp to Unicode converts */
1584 if(volume_info.iocharset == NULL) {
1585 cifs_sb->local_nls = load_nls_default();
1586 /* load_nls_default can not return null */
1587 } else {
1588 cifs_sb->local_nls = load_nls(volume_info.iocharset);
1589 if(cifs_sb->local_nls == NULL) {
1590 cERROR(1,("CIFS mount error: iocharset %s not found",volume_info.iocharset));
1591 if(volume_info.UNC)
1592 kfree(volume_info.UNC);
1593 if(volume_info.password)
1594 kfree(volume_info.password);
1595 FreeXid(xid);
1596 return -ELIBACC;
1597 }
1598 }
1599
1600 if(address_type == AF_INET)
1601 existingCifsSes = cifs_find_tcp_session(&sin_server.sin_addr,
1602 NULL /* no ipv6 addr */,
1603 volume_info.username, &srvTcp);
1604 else if(address_type == AF_INET6)
1605 existingCifsSes = cifs_find_tcp_session(NULL /* no ipv4 addr */,
1606 &sin_server6.sin6_addr,
1607 volume_info.username, &srvTcp);
1608 else {
1609 if(volume_info.UNC)
1610 kfree(volume_info.UNC);
1611 if(volume_info.password)
1612 kfree(volume_info.password);
1613 FreeXid(xid);
1614 return -EINVAL;
1615 }
1616
1617
1618 if (srvTcp) {
1619 cFYI(1, ("Existing tcp session with server found "));
1620 } else { /* create socket */
1621 if(volume_info.port)
1622 sin_server.sin_port = htons(volume_info.port);
1623 else
1624 sin_server.sin_port = 0;
Steve Frencha10faeb22005-08-22 21:38:31 -0700[diff] [blame]1625 rc = ipv4_connect(&sin_server,&csocket,
1626 volume_info.source_rfc1001_name,
1627 volume_info.target_rfc1001_name);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1628 if (rc < 0) {
1629 cERROR(1,
1630 ("Error connecting to IPv4 socket. Aborting operation"));
1631 if(csocket != NULL)
1632 sock_release(csocket);
1633 if(volume_info.UNC)
1634 kfree(volume_info.UNC);
1635 if(volume_info.password)
1636 kfree(volume_info.password);
1637 FreeXid(xid);
1638 return rc;
1639 }
1640
1641 srvTcp = kmalloc(sizeof (struct TCP_Server_Info), GFP_KERNEL);
1642 if (srvTcp == NULL) {
1643 rc = -ENOMEM;
1644 sock_release(csocket);
1645 if(volume_info.UNC)
1646 kfree(volume_info.UNC);
1647 if(volume_info.password)
1648 kfree(volume_info.password);
1649 FreeXid(xid);
1650 return rc;
1651 } else {
1652 memset(srvTcp, 0, sizeof (struct TCP_Server_Info));
1653 memcpy(&srvTcp->addr.sockAddr, &sin_server, sizeof (struct sockaddr_in));
1654 atomic_set(&srvTcp->inFlight,0);
1655 /* BB Add code for ipv6 case too */
1656 srvTcp->ssocket = csocket;
1657 srvTcp->protocolType = IPV4;
1658 init_waitqueue_head(&srvTcp->response_q);
1659 init_waitqueue_head(&srvTcp->request_q);
1660 INIT_LIST_HEAD(&srvTcp->pending_mid_q);
1661 /* at this point we are the only ones with the pointer
1662 to the struct since the kernel thread not created yet
1663 so no need to spinlock this init of tcpStatus */
1664 srvTcp->tcpStatus = CifsNew;
1665 init_MUTEX(&srvTcp->tcpSem);
1666 rc = (int)kernel_thread((void *)(void *)cifs_demultiplex_thread, srvTcp,
1667 CLONE_FS | CLONE_FILES | CLONE_VM);
1668 if(rc < 0) {
1669 rc = -ENOMEM;
1670 sock_release(csocket);
1671 if(volume_info.UNC)
1672 kfree(volume_info.UNC);
1673 if(volume_info.password)
1674 kfree(volume_info.password);
1675 FreeXid(xid);
1676 return rc;
Steve Frenchf1914012005-08-18 09:37:34 -0700[diff] [blame]1677 }
1678 wait_for_completion(&cifsd_complete);
1679 rc = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1680 memcpy(srvTcp->workstation_RFC1001_name, volume_info.source_rfc1001_name,16);
Steve Frencha10faeb22005-08-22 21:38:31 -0700[diff] [blame]1681 memcpy(srvTcp->server_RFC1001_name, volume_info.target_rfc1001_name,16);
Steve Frenchad009ac2005-04-28 22:41:05 -0700[diff] [blame]1682 srvTcp->sequence_number = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1683 }
1684 }
1685
1686 if (existingCifsSes) {
1687 pSesInfo = existingCifsSes;
1688 cFYI(1, ("Existing smb sess found "));
1689 if(volume_info.password)
1690 kfree(volume_info.password);
1691 /* volume_info.UNC freed at end of function */
1692 } else if (!rc) {
1693 cFYI(1, ("Existing smb sess not found "));
1694 pSesInfo = sesInfoAlloc();
1695 if (pSesInfo == NULL)
1696 rc = -ENOMEM;
1697 else {
1698 pSesInfo->server = srvTcp;
1699 sprintf(pSesInfo->serverName, "%u.%u.%u.%u",
1700 NIPQUAD(sin_server.sin_addr.s_addr));
1701 }
1702
1703 if (!rc){
1704 /* volume_info.password freed at unmount */
1705 if (volume_info.password)
1706 pSesInfo->password = volume_info.password;
1707 if (volume_info.username)
1708 strncpy(pSesInfo->userName,
1709 volume_info.username,MAX_USERNAME_SIZE);
1710 if (volume_info.domainname)
1711 strncpy(pSesInfo->domainName,
1712 volume_info.domainname,MAX_USERNAME_SIZE);
1713 pSesInfo->linux_uid = volume_info.linux_uid;
1714 down(&pSesInfo->sesSem);
1715 rc = cifs_setup_session(xid,pSesInfo, cifs_sb->local_nls);
1716 up(&pSesInfo->sesSem);
1717 if(!rc)
1718 atomic_inc(&srvTcp->socketUseCount);
1719 } else
1720 if(volume_info.password)
1721 kfree(volume_info.password);
1722 }
1723
1724 /* search for existing tcon to this server share */
1725 if (!rc) {
1726 if((volume_info.rsize) && (volume_info.rsize <= CIFSMaxBufSize))
1727 cifs_sb->rsize = volume_info.rsize;
1728 else
1729 cifs_sb->rsize = srvTcp->maxBuf - MAX_CIFS_HDR_SIZE; /* default */
1730 if((volume_info.wsize) && (volume_info.wsize <= CIFSMaxBufSize))
1731 cifs_sb->wsize = volume_info.wsize;
1732 else
1733 cifs_sb->wsize = CIFSMaxBufSize; /* default */
1734 if(cifs_sb->rsize < PAGE_CACHE_SIZE) {
Steve French6b8edfe2005-08-23 20:26:03 -0700[diff] [blame]1735 cifs_sb->rsize = PAGE_CACHE_SIZE;
1736 /* Windows ME does this */
1737 cFYI(1,("Attempt to set readsize for mount to less than one page (4096)"));
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1738 }
1739 cifs_sb->mnt_uid = volume_info.linux_uid;
1740 cifs_sb->mnt_gid = volume_info.linux_gid;
1741 cifs_sb->mnt_file_mode = volume_info.file_mode;
1742 cifs_sb->mnt_dir_mode = volume_info.dir_mode;
1743 cFYI(1,("file mode: 0x%x dir mode: 0x%x",cifs_sb->mnt_file_mode,cifs_sb->mnt_dir_mode));
1744
1745 if(volume_info.noperm)
1746 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
1747 if(volume_info.setuids)
1748 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
1749 if(volume_info.server_ino)
1750 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
Steve French6a0b4822005-04-28 22:41:05 -0700[diff] [blame]1751 if(volume_info.remap)
1752 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1753 if(volume_info.no_xattr)
1754 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
Steve Frenchd7245c22005-07-14 18:25:12 -0500[diff] [blame]1755 if(volume_info.sfu_emul)
1756 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
Steve Frenchc46fa8a2005-08-18 20:49:57 -0700[diff] [blame]1757 if(volume_info.nobrl)
1758 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
Jeremy Allisonac670552005-06-22 17:26:35 -0700[diff] [blame]1759
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1760 if(volume_info.direct_io) {
Steve Frenchc46fa8a2005-08-18 20:49:57 -0700[diff] [blame]1761 cFYI(1,("mounting share using direct i/o"));
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1762 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
1763 }
1764
1765 tcon =
1766 find_unc(sin_server.sin_addr.s_addr, volume_info.UNC,
1767 volume_info.username);
1768 if (tcon) {
1769 cFYI(1, ("Found match on UNC path "));
1770 /* we can have only one retry value for a connection
1771 to a share so for resources mounted more than once
1772 to the same server share the last value passed in
1773 for the retry flag is used */
1774 tcon->retry = volume_info.retry;
Steve Frenchd3485d32005-08-19 11:04:29 -0700[diff] [blame]1775 tcon->nocase = volume_info.nocase;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1776 } else {
1777 tcon = tconInfoAlloc();
1778 if (tcon == NULL)
1779 rc = -ENOMEM;
1780 else {
1781 /* check for null share name ie connect to dfs root */
1782
1783 /* BB check if this works for exactly length three strings */
1784 if ((strchr(volume_info.UNC + 3, '\\') == NULL)
1785 && (strchr(volume_info.UNC + 3, '/') ==
1786 NULL)) {
Steve French737b7582005-04-28 22:41:06 -0700[diff] [blame]1787 rc = connect_to_dfs_path(xid, pSesInfo,
1788 "", cifs_sb->local_nls,
1789 cifs_sb->mnt_cifs_flags &
1790 CIFS_MOUNT_MAP_SPECIAL_CHR);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1791 if(volume_info.UNC)
1792 kfree(volume_info.UNC);
1793 FreeXid(xid);
1794 return -ENODEV;
1795 } else {
1796 rc = CIFSTCon(xid, pSesInfo,
1797 volume_info.UNC,
1798 tcon, cifs_sb->local_nls);
1799 cFYI(1, ("CIFS Tcon rc = %d", rc));
1800 }
1801 if (!rc) {
1802 atomic_inc(&pSesInfo->inUse);
1803 tcon->retry = volume_info.retry;
Steve Frenchd3485d32005-08-19 11:04:29 -0700[diff] [blame]1804 tcon->nocase = volume_info.nocase;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1805 }
1806 }
1807 }
1808 }
1809 if(pSesInfo) {
1810 if (pSesInfo->capabilities & CAP_LARGE_FILES) {
1811 sb->s_maxbytes = (u64) 1 << 63;
1812 } else
1813 sb->s_maxbytes = (u64) 1 << 31; /* 2 GB */
1814 }
1815
1816 sb->s_time_gran = 100;
1817
1818/* on error free sesinfo and tcon struct if needed */
1819 if (rc) {
1820 /* if session setup failed, use count is zero but
1821 we still need to free cifsd thread */
1822 if(atomic_read(&srvTcp->socketUseCount) == 0) {
1823 spin_lock(&GlobalMid_Lock);
1824 srvTcp->tcpStatus = CifsExiting;
1825 spin_unlock(&GlobalMid_Lock);
Steve Frenchf1914012005-08-18 09:37:34 -0700[diff] [blame]1826 if(srvTcp->tsk) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1827 send_sig(SIGKILL,srvTcp->tsk,1);
Steve Frenchf1914012005-08-18 09:37:34 -0700[diff] [blame]1828 wait_for_completion(&cifsd_complete);
1829 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1830 }
1831 /* If find_unc succeeded then rc == 0 so we can not end */
1832 if (tcon) /* up accidently freeing someone elses tcon struct */
1833 tconInfoFree(tcon);
1834 if (existingCifsSes == NULL) {
1835 if (pSesInfo) {
1836 if ((pSesInfo->server) &&
1837 (pSesInfo->status == CifsGood)) {
1838 int temp_rc;
1839 temp_rc = CIFSSMBLogoff(xid, pSesInfo);
1840 /* if the socketUseCount is now zero */
1841 if((temp_rc == -ESHUTDOWN) &&
Steve Frenchf1914012005-08-18 09:37:34 -0700[diff] [blame]1842 (pSesInfo->server->tsk)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1843 send_sig(SIGKILL,pSesInfo->server->tsk,1);
Steve Frenchf1914012005-08-18 09:37:34 -0700[diff] [blame]1844 wait_for_completion(&cifsd_complete);
1845 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1846 } else
1847 cFYI(1, ("No session or bad tcon"));
1848 sesInfoFree(pSesInfo);
1849 /* pSesInfo = NULL; */
1850 }
1851 }
1852 } else {
1853 atomic_inc(&tcon->useCount);
1854 cifs_sb->tcon = tcon;
1855 tcon->ses = pSesInfo;
1856
1857 /* do not care if following two calls succeed - informational only */
Steve French737b7582005-04-28 22:41:06 -0700[diff] [blame]1858 CIFSSMBQFSDeviceInfo(xid, tcon);
1859 CIFSSMBQFSAttributeInfo(xid, tcon);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1860 if (tcon->ses->capabilities & CAP_UNIX) {
Steve French737b7582005-04-28 22:41:06 -0700[diff] [blame]1861 if(!CIFSSMBQFSUnixInfo(xid, tcon)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1862 if(!volume_info.no_psx_acl) {
1863 if(CIFS_UNIX_POSIX_ACL_CAP &
1864 le64_to_cpu(tcon->fsUnixInfo.Capability))
1865 cFYI(1,("server negotiated posix acl support"));
1866 sb->s_flags |= MS_POSIXACL;
1867 }
Jeremy Allisonac670552005-06-22 17:26:35 -0700[diff] [blame]1868
1869 /* Try and negotiate POSIX pathnames if we can. */
1870 if (volume_info.posix_paths && (CIFS_UNIX_POSIX_PATHNAMES_CAP &
1871 le64_to_cpu(tcon->fsUnixInfo.Capability))) {
Steve French45abc6e2005-06-23 13:42:03 -0500[diff] [blame]1872 if (!CIFSSMBSetFSUnixInfo(xid, tcon, CIFS_UNIX_POSIX_PATHNAMES_CAP)) {
Jeremy Allisonac670552005-06-22 17:26:35 -0700[diff] [blame]1873 cFYI(1,("negotiated posix pathnames support"));
1874 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_POSIX_PATHS;
1875 } else {
1876 cFYI(1,("posix pathnames support requested but not supported"));
1877 }
1878 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1879 }
1880 }
1881 }
1882
1883 /* volume_info.password is freed above when existing session found
1884 (in which case it is not needed anymore) but when new sesion is created
1885 the password ptr is put in the new session structure (in which case the
1886 password will be freed at unmount time) */
1887 if(volume_info.UNC)
1888 kfree(volume_info.UNC);
1889 FreeXid(xid);
1890 return rc;
1891}
1892
1893static int
1894CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
1895 char session_key[CIFS_SESSION_KEY_SIZE],
1896 const struct nls_table *nls_codepage)
1897{
1898 struct smb_hdr *smb_buffer;
1899 struct smb_hdr *smb_buffer_response;
1900 SESSION_SETUP_ANDX *pSMB;
1901 SESSION_SETUP_ANDX *pSMBr;
1902 char *bcc_ptr;
1903 char *user;
1904 char *domain;
1905 int rc = 0;
1906 int remaining_words = 0;
1907 int bytes_returned = 0;
1908 int len;
1909 __u32 capabilities;
1910 __u16 count;
1911
1912 cFYI(1, ("In sesssetup "));
1913 if(ses == NULL)
1914 return -EINVAL;
1915 user = ses->userName;
1916 domain = ses->domainName;
1917 smb_buffer = cifs_buf_get();
1918 if (smb_buffer == NULL) {
1919 return -ENOMEM;
1920 }
1921 smb_buffer_response = smb_buffer;
1922 pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
1923
1924 /* send SMBsessionSetup here */
1925 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
1926 NULL /* no tCon exists yet */ , 13 /* wct */ );
1927
Steve French1982c342005-08-17 12:38:22 -0700[diff] [blame]1928 smb_buffer->Mid = GetNextMid(ses->server);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1929 pSMB->req_no_secext.AndXCommand = 0xFF;
1930 pSMB->req_no_secext.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
1931 pSMB->req_no_secext.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
1932
1933 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
1934 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
1935
1936 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
1937 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
1938 if (ses->capabilities & CAP_UNICODE) {
1939 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
1940 capabilities |= CAP_UNICODE;
1941 }
1942 if (ses->capabilities & CAP_STATUS32) {
1943 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
1944 capabilities |= CAP_STATUS32;
1945 }
1946 if (ses->capabilities & CAP_DFS) {
1947 smb_buffer->Flags2 |= SMBFLG2_DFS;
1948 capabilities |= CAP_DFS;
1949 }
1950 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
1951
1952 pSMB->req_no_secext.CaseInsensitivePasswordLength =
1953 cpu_to_le16(CIFS_SESSION_KEY_SIZE);
1954
1955 pSMB->req_no_secext.CaseSensitivePasswordLength =
1956 cpu_to_le16(CIFS_SESSION_KEY_SIZE);
1957 bcc_ptr = pByteArea(smb_buffer);
1958 memcpy(bcc_ptr, (char *) session_key, CIFS_SESSION_KEY_SIZE);
1959 bcc_ptr += CIFS_SESSION_KEY_SIZE;
1960 memcpy(bcc_ptr, (char *) session_key, CIFS_SESSION_KEY_SIZE);
1961 bcc_ptr += CIFS_SESSION_KEY_SIZE;
1962
1963 if (ses->capabilities & CAP_UNICODE) {
1964 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode */
1965 *bcc_ptr = 0;
1966 bcc_ptr++;
1967 }
1968 if(user == NULL)
1969 bytes_returned = 0; /* skill null user */
1970 else
1971 bytes_returned =
1972 cifs_strtoUCS((wchar_t *) bcc_ptr, user, 100,
1973 nls_codepage);
1974 /* convert number of 16 bit words to bytes */
1975 bcc_ptr += 2 * bytes_returned;
1976 bcc_ptr += 2; /* trailing null */
1977 if (domain == NULL)
1978 bytes_returned =
1979 cifs_strtoUCS((wchar_t *) bcc_ptr,
1980 "CIFS_LINUX_DOM", 32, nls_codepage);
1981 else
1982 bytes_returned =
1983 cifs_strtoUCS((wchar_t *) bcc_ptr, domain, 64,
1984 nls_codepage);
1985 bcc_ptr += 2 * bytes_returned;
1986 bcc_ptr += 2;
1987 bytes_returned =
1988 cifs_strtoUCS((wchar_t *) bcc_ptr, "Linux version ",
1989 32, nls_codepage);
1990 bcc_ptr += 2 * bytes_returned;
1991 bytes_returned =
1992 cifs_strtoUCS((wchar_t *) bcc_ptr, system_utsname.release,
1993 32, nls_codepage);
1994 bcc_ptr += 2 * bytes_returned;
1995 bcc_ptr += 2;
1996 bytes_returned =
1997 cifs_strtoUCS((wchar_t *) bcc_ptr, CIFS_NETWORK_OPSYS,
1998 64, nls_codepage);
1999 bcc_ptr += 2 * bytes_returned;
2000 bcc_ptr += 2;
2001 } else {
2002 if(user != NULL) {
2003 strncpy(bcc_ptr, user, 200);
2004 bcc_ptr += strnlen(user, 200);
2005 }
2006 *bcc_ptr = 0;
2007 bcc_ptr++;
2008 if (domain == NULL) {
2009 strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2010 bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2011 } else {
2012 strncpy(bcc_ptr, domain, 64);
2013 bcc_ptr += strnlen(domain, 64);
2014 *bcc_ptr = 0;
2015 bcc_ptr++;
2016 }
2017 strcpy(bcc_ptr, "Linux version ");
2018 bcc_ptr += strlen("Linux version ");
2019 strcpy(bcc_ptr, system_utsname.release);
2020 bcc_ptr += strlen(system_utsname.release) + 1;
2021 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2022 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2023 }
2024 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2025 smb_buffer->smb_buf_length += count;
2026 pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
2027
2028 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2029 &bytes_returned, 1);
2030 if (rc) {
2031/* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2032 } else if ((smb_buffer_response->WordCount == 3)
2033 || (smb_buffer_response->WordCount == 4)) {
2034 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2035 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2036 if (action & GUEST_LOGIN)
2037 cFYI(1, (" Guest login")); /* do we want to mark SesInfo struct ? */
2038 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format (le) */
2039 cFYI(1, ("UID = %d ", ses->Suid));
2040 /* response can have either 3 or 4 word count - Samba sends 3 */
2041 bcc_ptr = pByteArea(smb_buffer_response);
2042 if ((pSMBr->resp.hdr.WordCount == 3)
2043 || ((pSMBr->resp.hdr.WordCount == 4)
2044 && (blob_len < pSMBr->resp.ByteCount))) {
2045 if (pSMBr->resp.hdr.WordCount == 4)
2046 bcc_ptr += blob_len;
2047
2048 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2049 if ((long) (bcc_ptr) % 2) {
2050 remaining_words =
2051 (BCC(smb_buffer_response) - 1) /2;
2052 bcc_ptr++; /* Unicode strings must be word aligned */
2053 } else {
2054 remaining_words =
2055 BCC(smb_buffer_response) / 2;
2056 }
2057 len =
2058 UniStrnlen((wchar_t *) bcc_ptr,
2059 remaining_words - 1);
2060/* We look for obvious messed up bcc or strings in response so we do not go off
2061 the end since (at least) WIN2K and Windows XP have a major bug in not null
2062 terminating last Unicode string in response */
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2063 ses->serverOS = kcalloc(1, 2 * (len + 1), GFP_KERNEL);
2064 if(ses->serverOS == NULL)
2065 goto sesssetup_nomem;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2066 cifs_strfromUCS_le(ses->serverOS,
2067 (wchar_t *)bcc_ptr, len,nls_codepage);
2068 bcc_ptr += 2 * (len + 1);
2069 remaining_words -= len + 1;
2070 ses->serverOS[2 * len] = 0;
2071 ses->serverOS[1 + (2 * len)] = 0;
2072 if (remaining_words > 0) {
2073 len = UniStrnlen((wchar_t *)bcc_ptr,
2074 remaining_words-1);
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2075 ses->serverNOS = kcalloc(1, 2 * (len + 1),GFP_KERNEL);
2076 if(ses->serverNOS == NULL)
2077 goto sesssetup_nomem;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2078 cifs_strfromUCS_le(ses->serverNOS,
2079 (wchar_t *)bcc_ptr,len,nls_codepage);
2080 bcc_ptr += 2 * (len + 1);
2081 ses->serverNOS[2 * len] = 0;
2082 ses->serverNOS[1 + (2 * len)] = 0;
2083 if(strncmp(ses->serverNOS,
2084 "NT LAN Manager 4",16) == 0) {
2085 cFYI(1,("NT4 server"));
2086 ses->flags |= CIFS_SES_NT4;
2087 }
2088 remaining_words -= len + 1;
2089 if (remaining_words > 0) {
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2090 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2091 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2092 ses->serverDomain =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2093 kcalloc(1, 2*(len+1),GFP_KERNEL);
2094 if(ses->serverDomain == NULL)
2095 goto sesssetup_nomem;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2096 cifs_strfromUCS_le(ses->serverDomain,
2097 (wchar_t *)bcc_ptr,len,nls_codepage);
2098 bcc_ptr += 2 * (len + 1);
2099 ses->serverDomain[2*len] = 0;
2100 ses->serverDomain[1+(2*len)] = 0;
2101 } /* else no more room so create dummy domain string */
2102 else
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2103 ses->serverDomain =
2104 kcalloc(1, 2, GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2105 } else { /* no room so create dummy domain and NOS string */
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2106 /* if these kcallocs fail not much we
2107 can do, but better to not fail the
2108 sesssetup itself */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2109 ses->serverDomain =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2110 kcalloc(1, 2, GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2111 ses->serverNOS =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2112 kcalloc(1, 2, GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2113 }
2114 } else { /* ASCII */
2115 len = strnlen(bcc_ptr, 1024);
2116 if (((long) bcc_ptr + len) - (long)
2117 pByteArea(smb_buffer_response)
2118 <= BCC(smb_buffer_response)) {
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2119 ses->serverOS = kcalloc(1, len + 1,GFP_KERNEL);
2120 if(ses->serverOS == NULL)
2121 goto sesssetup_nomem;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2122 strncpy(ses->serverOS,bcc_ptr, len);
2123
2124 bcc_ptr += len;
2125 bcc_ptr[0] = 0; /* null terminate the string */
2126 bcc_ptr++;
2127
2128 len = strnlen(bcc_ptr, 1024);
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2129 ses->serverNOS = kcalloc(1, len + 1,GFP_KERNEL);
2130 if(ses->serverNOS == NULL)
2131 goto sesssetup_nomem;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2132 strncpy(ses->serverNOS, bcc_ptr, len);
2133 bcc_ptr += len;
2134 bcc_ptr[0] = 0;
2135 bcc_ptr++;
2136
2137 len = strnlen(bcc_ptr, 1024);
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2138 ses->serverDomain = kcalloc(1, len + 1,GFP_KERNEL);
2139 if(ses->serverDomain == NULL)
2140 goto sesssetup_nomem;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2141 strncpy(ses->serverDomain, bcc_ptr, len);
2142 bcc_ptr += len;
2143 bcc_ptr[0] = 0;
2144 bcc_ptr++;
2145 } else
2146 cFYI(1,
2147 ("Variable field of length %d extends beyond end of smb ",
2148 len));
2149 }
2150 } else {
2151 cERROR(1,
2152 (" Security Blob Length extends beyond end of SMB"));
2153 }
2154 } else {
2155 cERROR(1,
2156 (" Invalid Word count %d: ",
2157 smb_buffer_response->WordCount));
2158 rc = -EIO;
2159 }
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2160sesssetup_nomem: /* do not return an error on nomem for the info strings,
2161 since that could make reconnection harder, and
2162 reconnection might be needed to free memory */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2163 if (smb_buffer)
2164 cifs_buf_release(smb_buffer);
2165
2166 return rc;
2167}
2168
2169static int
2170CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2171 char *SecurityBlob,int SecurityBlobLength,
2172 const struct nls_table *nls_codepage)
2173{
2174 struct smb_hdr *smb_buffer;
2175 struct smb_hdr *smb_buffer_response;
2176 SESSION_SETUP_ANDX *pSMB;
2177 SESSION_SETUP_ANDX *pSMBr;
2178 char *bcc_ptr;
2179 char *user;
2180 char *domain;
2181 int rc = 0;
2182 int remaining_words = 0;
2183 int bytes_returned = 0;
2184 int len;
2185 __u32 capabilities;
2186 __u16 count;
2187
2188 cFYI(1, ("In spnego sesssetup "));
2189 if(ses == NULL)
2190 return -EINVAL;
2191 user = ses->userName;
2192 domain = ses->domainName;
2193
2194 smb_buffer = cifs_buf_get();
2195 if (smb_buffer == NULL) {
2196 return -ENOMEM;
2197 }
2198 smb_buffer_response = smb_buffer;
2199 pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2200
2201 /* send SMBsessionSetup here */
2202 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2203 NULL /* no tCon exists yet */ , 12 /* wct */ );
Steve French1982c342005-08-17 12:38:22 -0700[diff] [blame]2204
2205 smb_buffer->Mid = GetNextMid(ses->server);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2206 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2207 pSMB->req.AndXCommand = 0xFF;
2208 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2209 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2210
2211 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2212 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2213
2214 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2215 CAP_EXTENDED_SECURITY;
2216 if (ses->capabilities & CAP_UNICODE) {
2217 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2218 capabilities |= CAP_UNICODE;
2219 }
2220 if (ses->capabilities & CAP_STATUS32) {
2221 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2222 capabilities |= CAP_STATUS32;
2223 }
2224 if (ses->capabilities & CAP_DFS) {
2225 smb_buffer->Flags2 |= SMBFLG2_DFS;
2226 capabilities |= CAP_DFS;
2227 }
2228 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2229
2230 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2231 bcc_ptr = pByteArea(smb_buffer);
2232 memcpy(bcc_ptr, SecurityBlob, SecurityBlobLength);
2233 bcc_ptr += SecurityBlobLength;
2234
2235 if (ses->capabilities & CAP_UNICODE) {
2236 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode strings */
2237 *bcc_ptr = 0;
2238 bcc_ptr++;
2239 }
2240 bytes_returned =
2241 cifs_strtoUCS((wchar_t *) bcc_ptr, user, 100, nls_codepage);
2242 bcc_ptr += 2 * bytes_returned; /* convert num of 16 bit words to bytes */
2243 bcc_ptr += 2; /* trailing null */
2244 if (domain == NULL)
2245 bytes_returned =
2246 cifs_strtoUCS((wchar_t *) bcc_ptr,
2247 "CIFS_LINUX_DOM", 32, nls_codepage);
2248 else
2249 bytes_returned =
2250 cifs_strtoUCS((wchar_t *) bcc_ptr, domain, 64,
2251 nls_codepage);
2252 bcc_ptr += 2 * bytes_returned;
2253 bcc_ptr += 2;
2254 bytes_returned =
2255 cifs_strtoUCS((wchar_t *) bcc_ptr, "Linux version ",
2256 32, nls_codepage);
2257 bcc_ptr += 2 * bytes_returned;
2258 bytes_returned =
2259 cifs_strtoUCS((wchar_t *) bcc_ptr, system_utsname.release, 32,
2260 nls_codepage);
2261 bcc_ptr += 2 * bytes_returned;
2262 bcc_ptr += 2;
2263 bytes_returned =
2264 cifs_strtoUCS((wchar_t *) bcc_ptr, CIFS_NETWORK_OPSYS,
2265 64, nls_codepage);
2266 bcc_ptr += 2 * bytes_returned;
2267 bcc_ptr += 2;
2268 } else {
2269 strncpy(bcc_ptr, user, 200);
2270 bcc_ptr += strnlen(user, 200);
2271 *bcc_ptr = 0;
2272 bcc_ptr++;
2273 if (domain == NULL) {
2274 strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2275 bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2276 } else {
2277 strncpy(bcc_ptr, domain, 64);
2278 bcc_ptr += strnlen(domain, 64);
2279 *bcc_ptr = 0;
2280 bcc_ptr++;
2281 }
2282 strcpy(bcc_ptr, "Linux version ");
2283 bcc_ptr += strlen("Linux version ");
2284 strcpy(bcc_ptr, system_utsname.release);
2285 bcc_ptr += strlen(system_utsname.release) + 1;
2286 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2287 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2288 }
2289 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2290 smb_buffer->smb_buf_length += count;
2291 pSMB->req.ByteCount = cpu_to_le16(count);
2292
2293 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2294 &bytes_returned, 1);
2295 if (rc) {
2296/* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2297 } else if ((smb_buffer_response->WordCount == 3)
2298 || (smb_buffer_response->WordCount == 4)) {
2299 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2300 __u16 blob_len =
2301 le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2302 if (action & GUEST_LOGIN)
2303 cFYI(1, (" Guest login")); /* BB do we want to set anything in SesInfo struct ? */
2304 if (ses) {
2305 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format (le) */
2306 cFYI(1, ("UID = %d ", ses->Suid));
2307 bcc_ptr = pByteArea(smb_buffer_response); /* response can have either 3 or 4 word count - Samba sends 3 */
2308
2309 /* BB Fix below to make endian neutral !! */
2310
2311 if ((pSMBr->resp.hdr.WordCount == 3)
2312 || ((pSMBr->resp.hdr.WordCount == 4)
2313 && (blob_len <
2314 pSMBr->resp.ByteCount))) {
2315 if (pSMBr->resp.hdr.WordCount == 4) {
2316 bcc_ptr +=
2317 blob_len;
2318 cFYI(1,
2319 ("Security Blob Length %d ",
2320 blob_len));
2321 }
2322
2323 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2324 if ((long) (bcc_ptr) % 2) {
2325 remaining_words =
2326 (BCC(smb_buffer_response)
2327 - 1) / 2;
2328 bcc_ptr++; /* Unicode strings must be word aligned */
2329 } else {
2330 remaining_words =
2331 BCC
2332 (smb_buffer_response) / 2;
2333 }
2334 len =
2335 UniStrnlen((wchar_t *) bcc_ptr,
2336 remaining_words - 1);
2337/* We look for obvious messed up bcc or strings in response so we do not go off
2338 the end since (at least) WIN2K and Windows XP have a major bug in not null
2339 terminating last Unicode string in response */
2340 ses->serverOS =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2341 kcalloc(1, 2 * (len + 1), GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2342 cifs_strfromUCS_le(ses->serverOS,
2343 (wchar_t *)
2344 bcc_ptr, len,
2345 nls_codepage);
2346 bcc_ptr += 2 * (len + 1);
2347 remaining_words -= len + 1;
2348 ses->serverOS[2 * len] = 0;
2349 ses->serverOS[1 + (2 * len)] = 0;
2350 if (remaining_words > 0) {
2351 len = UniStrnlen((wchar_t *)bcc_ptr,
2352 remaining_words
2353 - 1);
2354 ses->serverNOS =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2355 kcalloc(1, 2 * (len + 1),
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2356 GFP_KERNEL);
2357 cifs_strfromUCS_le(ses->serverNOS,
2358 (wchar_t *)bcc_ptr,
2359 len,
2360 nls_codepage);
2361 bcc_ptr += 2 * (len + 1);
2362 ses->serverNOS[2 * len] = 0;
2363 ses->serverNOS[1 + (2 * len)] = 0;
2364 remaining_words -= len + 1;
2365 if (remaining_words > 0) {
2366 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2367 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2368 ses->serverDomain = kcalloc(1, 2*(len+1),GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2369 cifs_strfromUCS_le(ses->serverDomain,
2370 (wchar_t *)bcc_ptr,
2371 len,
2372 nls_codepage);
2373 bcc_ptr += 2*(len+1);
2374 ses->serverDomain[2*len] = 0;
2375 ses->serverDomain[1+(2*len)] = 0;
2376 } /* else no more room so create dummy domain string */
2377 else
2378 ses->serverDomain =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2379 kcalloc(1, 2,GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2380 } else { /* no room so create dummy domain and NOS string */
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2381 ses->serverDomain = kcalloc(1, 2, GFP_KERNEL);
2382 ses->serverNOS = kcalloc(1, 2, GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2383 }
2384 } else { /* ASCII */
2385
2386 len = strnlen(bcc_ptr, 1024);
2387 if (((long) bcc_ptr + len) - (long)
2388 pByteArea(smb_buffer_response)
2389 <= BCC(smb_buffer_response)) {
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2390 ses->serverOS = kcalloc(1, len + 1, GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2391 strncpy(ses->serverOS, bcc_ptr, len);
2392
2393 bcc_ptr += len;
2394 bcc_ptr[0] = 0; /* null terminate the string */
2395 bcc_ptr++;
2396
2397 len = strnlen(bcc_ptr, 1024);
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2398 ses->serverNOS = kcalloc(1, len + 1,GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2399 strncpy(ses->serverNOS, bcc_ptr, len);
2400 bcc_ptr += len;
2401 bcc_ptr[0] = 0;
2402 bcc_ptr++;
2403
2404 len = strnlen(bcc_ptr, 1024);
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2405 ses->serverDomain = kcalloc(1, len + 1, GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2406 strncpy(ses->serverDomain, bcc_ptr, len);
2407 bcc_ptr += len;
2408 bcc_ptr[0] = 0;
2409 bcc_ptr++;
2410 } else
2411 cFYI(1,
2412 ("Variable field of length %d extends beyond end of smb ",
2413 len));
2414 }
2415 } else {
2416 cERROR(1,
2417 (" Security Blob Length extends beyond end of SMB"));
2418 }
2419 } else {
2420 cERROR(1, ("No session structure passed in."));
2421 }
2422 } else {
2423 cERROR(1,
2424 (" Invalid Word count %d: ",
2425 smb_buffer_response->WordCount));
2426 rc = -EIO;
2427 }
2428
2429 if (smb_buffer)
2430 cifs_buf_release(smb_buffer);
2431
2432 return rc;
2433}
2434
2435static int
2436CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2437 struct cifsSesInfo *ses, int * pNTLMv2_flag,
2438 const struct nls_table *nls_codepage)
2439{
2440 struct smb_hdr *smb_buffer;
2441 struct smb_hdr *smb_buffer_response;
2442 SESSION_SETUP_ANDX *pSMB;
2443 SESSION_SETUP_ANDX *pSMBr;
2444 char *bcc_ptr;
2445 char *domain;
2446 int rc = 0;
2447 int remaining_words = 0;
2448 int bytes_returned = 0;
2449 int len;
2450 int SecurityBlobLength = sizeof (NEGOTIATE_MESSAGE);
2451 PNEGOTIATE_MESSAGE SecurityBlob;
2452 PCHALLENGE_MESSAGE SecurityBlob2;
2453 __u32 negotiate_flags, capabilities;
2454 __u16 count;
2455
2456 cFYI(1, ("In NTLMSSP sesssetup (negotiate) "));
2457 if(ses == NULL)
2458 return -EINVAL;
2459 domain = ses->domainName;
2460 *pNTLMv2_flag = FALSE;
2461 smb_buffer = cifs_buf_get();
2462 if (smb_buffer == NULL) {
2463 return -ENOMEM;
2464 }
2465 smb_buffer_response = smb_buffer;
2466 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2467 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2468
2469 /* send SMBsessionSetup here */
2470 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2471 NULL /* no tCon exists yet */ , 12 /* wct */ );
Steve French1982c342005-08-17 12:38:22 -0700[diff] [blame]2472
2473 smb_buffer->Mid = GetNextMid(ses->server);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2474 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2475 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2476
2477 pSMB->req.AndXCommand = 0xFF;
2478 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2479 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2480
2481 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2482 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2483
2484 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2485 CAP_EXTENDED_SECURITY;
2486 if (ses->capabilities & CAP_UNICODE) {
2487 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2488 capabilities |= CAP_UNICODE;
2489 }
2490 if (ses->capabilities & CAP_STATUS32) {
2491 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2492 capabilities |= CAP_STATUS32;
2493 }
2494 if (ses->capabilities & CAP_DFS) {
2495 smb_buffer->Flags2 |= SMBFLG2_DFS;
2496 capabilities |= CAP_DFS;
2497 }
2498 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2499
2500 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2501 SecurityBlob = (PNEGOTIATE_MESSAGE) bcc_ptr;
2502 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2503 SecurityBlob->MessageType = NtLmNegotiate;
2504 negotiate_flags =
2505 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
2506 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM | 0x80000000 |
2507 /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
2508 if(sign_CIFS_PDUs)
2509 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
2510 if(ntlmv2_support)
2511 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
2512 /* setup pointers to domain name and workstation name */
2513 bcc_ptr += SecurityBlobLength;
2514
2515 SecurityBlob->WorkstationName.Buffer = 0;
2516 SecurityBlob->WorkstationName.Length = 0;
2517 SecurityBlob->WorkstationName.MaximumLength = 0;
2518
2519 if (domain == NULL) {
2520 SecurityBlob->DomainName.Buffer = 0;
2521 SecurityBlob->DomainName.Length = 0;
2522 SecurityBlob->DomainName.MaximumLength = 0;
2523 } else {
2524 __u16 len;
2525 negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
2526 strncpy(bcc_ptr, domain, 63);
2527 len = strnlen(domain, 64);
2528 SecurityBlob->DomainName.MaximumLength =
2529 cpu_to_le16(len);
2530 SecurityBlob->DomainName.Buffer =
2531 cpu_to_le32((long) &SecurityBlob->
2532 DomainString -
2533 (long) &SecurityBlob->Signature);
2534 bcc_ptr += len;
2535 SecurityBlobLength += len;
2536 SecurityBlob->DomainName.Length =
2537 cpu_to_le16(len);
2538 }
2539 if (ses->capabilities & CAP_UNICODE) {
2540 if ((long) bcc_ptr % 2) {
2541 *bcc_ptr = 0;
2542 bcc_ptr++;
2543 }
2544
2545 bytes_returned =
2546 cifs_strtoUCS((wchar_t *) bcc_ptr, "Linux version ",
2547 32, nls_codepage);
2548 bcc_ptr += 2 * bytes_returned;
2549 bytes_returned =
2550 cifs_strtoUCS((wchar_t *) bcc_ptr, system_utsname.release, 32,
2551 nls_codepage);
2552 bcc_ptr += 2 * bytes_returned;
2553 bcc_ptr += 2; /* null terminate Linux version */
2554 bytes_returned =
2555 cifs_strtoUCS((wchar_t *) bcc_ptr, CIFS_NETWORK_OPSYS,
2556 64, nls_codepage);
2557 bcc_ptr += 2 * bytes_returned;
2558 *(bcc_ptr + 1) = 0;
2559 *(bcc_ptr + 2) = 0;
2560 bcc_ptr += 2; /* null terminate network opsys string */
2561 *(bcc_ptr + 1) = 0;
2562 *(bcc_ptr + 2) = 0;
2563 bcc_ptr += 2; /* null domain */
2564 } else { /* ASCII */
2565 strcpy(bcc_ptr, "Linux version ");
2566 bcc_ptr += strlen("Linux version ");
2567 strcpy(bcc_ptr, system_utsname.release);
2568 bcc_ptr += strlen(system_utsname.release) + 1;
2569 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2570 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2571 bcc_ptr++; /* empty domain field */
2572 *bcc_ptr = 0;
2573 }
2574 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2575 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2576 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2577 smb_buffer->smb_buf_length += count;
2578 pSMB->req.ByteCount = cpu_to_le16(count);
2579
2580 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2581 &bytes_returned, 1);
2582
2583 if (smb_buffer_response->Status.CifsError ==
2584 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
2585 rc = 0;
2586
2587 if (rc) {
2588/* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2589 } else if ((smb_buffer_response->WordCount == 3)
2590 || (smb_buffer_response->WordCount == 4)) {
2591 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2592 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2593
2594 if (action & GUEST_LOGIN)
2595 cFYI(1, (" Guest login"));
2596 /* Do we want to set anything in SesInfo struct when guest login? */
2597
2598 bcc_ptr = pByteArea(smb_buffer_response);
2599 /* response can have either 3 or 4 word count - Samba sends 3 */
2600
2601 SecurityBlob2 = (PCHALLENGE_MESSAGE) bcc_ptr;
2602 if (SecurityBlob2->MessageType != NtLmChallenge) {
2603 cFYI(1,
2604 ("Unexpected NTLMSSP message type received %d",
2605 SecurityBlob2->MessageType));
2606 } else if (ses) {
2607 ses->Suid = smb_buffer_response->Uid; /* UID left in le format */
2608 cFYI(1, ("UID = %d ", ses->Suid));
2609 if ((pSMBr->resp.hdr.WordCount == 3)
2610 || ((pSMBr->resp.hdr.WordCount == 4)
2611 && (blob_len <
2612 pSMBr->resp.ByteCount))) {
2613
2614 if (pSMBr->resp.hdr.WordCount == 4) {
2615 bcc_ptr += blob_len;
2616 cFYI(1,
2617 ("Security Blob Length %d ",
2618 blob_len));
2619 }
2620
2621 cFYI(1, ("NTLMSSP Challenge rcvd "));
2622
2623 memcpy(ses->server->cryptKey,
2624 SecurityBlob2->Challenge,
2625 CIFS_CRYPTO_KEY_SIZE);
2626 if(SecurityBlob2->NegotiateFlags & cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
2627 *pNTLMv2_flag = TRUE;
2628
2629 if((SecurityBlob2->NegotiateFlags &
2630 cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN))
2631 || (sign_CIFS_PDUs > 1))
2632 ses->server->secMode |=
2633 SECMODE_SIGN_REQUIRED;
2634 if ((SecurityBlob2->NegotiateFlags &
2635 cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN)) && (sign_CIFS_PDUs))
2636 ses->server->secMode |=
2637 SECMODE_SIGN_ENABLED;
2638
2639 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2640 if ((long) (bcc_ptr) % 2) {
2641 remaining_words =
2642 (BCC(smb_buffer_response)
2643 - 1) / 2;
2644 bcc_ptr++; /* Unicode strings must be word aligned */
2645 } else {
2646 remaining_words =
2647 BCC
2648 (smb_buffer_response) / 2;
2649 }
2650 len =
2651 UniStrnlen((wchar_t *) bcc_ptr,
2652 remaining_words - 1);
2653/* We look for obvious messed up bcc or strings in response so we do not go off
2654 the end since (at least) WIN2K and Windows XP have a major bug in not null
2655 terminating last Unicode string in response */
2656 ses->serverOS =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2657 kcalloc(1, 2 * (len + 1), GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2658 cifs_strfromUCS_le(ses->serverOS,
2659 (wchar_t *)
2660 bcc_ptr, len,
2661 nls_codepage);
2662 bcc_ptr += 2 * (len + 1);
2663 remaining_words -= len + 1;
2664 ses->serverOS[2 * len] = 0;
2665 ses->serverOS[1 + (2 * len)] = 0;
2666 if (remaining_words > 0) {
2667 len = UniStrnlen((wchar_t *)
2668 bcc_ptr,
2669 remaining_words
2670 - 1);
2671 ses->serverNOS =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2672 kcalloc(1, 2 * (len + 1),
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2673 GFP_KERNEL);
2674 cifs_strfromUCS_le(ses->
2675 serverNOS,
2676 (wchar_t *)
2677 bcc_ptr,
2678 len,
2679 nls_codepage);
2680 bcc_ptr += 2 * (len + 1);
2681 ses->serverNOS[2 * len] = 0;
2682 ses->serverNOS[1 +
2683 (2 * len)] = 0;
2684 remaining_words -= len + 1;
2685 if (remaining_words > 0) {
2686 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2687 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2688 ses->serverDomain =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2689 kcalloc(1, 2 *
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2690 (len +
2691 1),
2692 GFP_KERNEL);
2693 cifs_strfromUCS_le
2694 (ses->
2695 serverDomain,
2696 (wchar_t *)
2697 bcc_ptr, len,
2698 nls_codepage);
2699 bcc_ptr +=
2700 2 * (len + 1);
2701 ses->
2702 serverDomain[2
2703 * len]
2704 = 0;
2705 ses->
2706 serverDomain[1
2707 +
2708 (2
2709 *
2710 len)]
2711 = 0;
2712 } /* else no more room so create dummy domain string */
2713 else
2714 ses->serverDomain =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2715 kcalloc(1, 2,
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2716 GFP_KERNEL);
2717 } else { /* no room so create dummy domain and NOS string */
2718 ses->serverDomain =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2719 kcalloc(1, 2, GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2720 ses->serverNOS =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2721 kcalloc(1, 2, GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2722 }
2723 } else { /* ASCII */
2724 len = strnlen(bcc_ptr, 1024);
2725 if (((long) bcc_ptr + len) - (long)
2726 pByteArea(smb_buffer_response)
2727 <= BCC(smb_buffer_response)) {
2728 ses->serverOS =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2729 kcalloc(1, len + 1,
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2730 GFP_KERNEL);
2731 strncpy(ses->serverOS,
2732 bcc_ptr, len);
2733
2734 bcc_ptr += len;
2735 bcc_ptr[0] = 0; /* null terminate string */
2736 bcc_ptr++;
2737
2738 len = strnlen(bcc_ptr, 1024);
2739 ses->serverNOS =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2740 kcalloc(1, len + 1,
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2741 GFP_KERNEL);
2742 strncpy(ses->serverNOS, bcc_ptr, len);
2743 bcc_ptr += len;
2744 bcc_ptr[0] = 0;
2745 bcc_ptr++;
2746
2747 len = strnlen(bcc_ptr, 1024);
2748 ses->serverDomain =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]2749 kcalloc(1, len + 1,
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2750 GFP_KERNEL);
2751 strncpy(ses->serverDomain, bcc_ptr, len);
2752 bcc_ptr += len;
2753 bcc_ptr[0] = 0;
2754 bcc_ptr++;
2755 } else
2756 cFYI(1,
2757 ("Variable field of length %d extends beyond end of smb ",
2758 len));
2759 }
2760 } else {
2761 cERROR(1,
2762 (" Security Blob Length extends beyond end of SMB"));
2763 }
2764 } else {
2765 cERROR(1, ("No session structure passed in."));
2766 }
2767 } else {
2768 cERROR(1,
2769 (" Invalid Word count %d: ",
2770 smb_buffer_response->WordCount));
2771 rc = -EIO;
2772 }
2773
2774 if (smb_buffer)
2775 cifs_buf_release(smb_buffer);
2776
2777 return rc;
2778}
2779static int
2780CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2781 char *ntlm_session_key, int ntlmv2_flag,
2782 const struct nls_table *nls_codepage)
2783{
2784 struct smb_hdr *smb_buffer;
2785 struct smb_hdr *smb_buffer_response;
2786 SESSION_SETUP_ANDX *pSMB;
2787 SESSION_SETUP_ANDX *pSMBr;
2788 char *bcc_ptr;
2789 char *user;
2790 char *domain;
2791 int rc = 0;
2792 int remaining_words = 0;
2793 int bytes_returned = 0;
2794 int len;
2795 int SecurityBlobLength = sizeof (AUTHENTICATE_MESSAGE);
2796 PAUTHENTICATE_MESSAGE SecurityBlob;
2797 __u32 negotiate_flags, capabilities;
2798 __u16 count;
2799
2800 cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
2801 if(ses == NULL)
2802 return -EINVAL;
2803 user = ses->userName;
2804 domain = ses->domainName;
2805 smb_buffer = cifs_buf_get();
2806 if (smb_buffer == NULL) {
2807 return -ENOMEM;
2808 }
2809 smb_buffer_response = smb_buffer;
2810 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2811 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2812
2813 /* send SMBsessionSetup here */
2814 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2815 NULL /* no tCon exists yet */ , 12 /* wct */ );
Steve French1982c342005-08-17 12:38:22 -0700[diff] [blame]2816
2817 smb_buffer->Mid = GetNextMid(ses->server);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2818 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2819 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2820 pSMB->req.AndXCommand = 0xFF;
2821 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2822 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2823
2824 pSMB->req.hdr.Uid = ses->Suid;
2825
2826 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2827 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2828
2829 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2830 CAP_EXTENDED_SECURITY;
2831 if (ses->capabilities & CAP_UNICODE) {
2832 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2833 capabilities |= CAP_UNICODE;
2834 }
2835 if (ses->capabilities & CAP_STATUS32) {
2836 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2837 capabilities |= CAP_STATUS32;
2838 }
2839 if (ses->capabilities & CAP_DFS) {
2840 smb_buffer->Flags2 |= SMBFLG2_DFS;
2841 capabilities |= CAP_DFS;
2842 }
2843 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2844
2845 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2846 SecurityBlob = (PAUTHENTICATE_MESSAGE) bcc_ptr;
2847 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2848 SecurityBlob->MessageType = NtLmAuthenticate;
2849 bcc_ptr += SecurityBlobLength;
2850 negotiate_flags =
2851 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
2852 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
2853 0x80000000 | NTLMSSP_NEGOTIATE_128;
2854 if(sign_CIFS_PDUs)
2855 negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
2856 if(ntlmv2_flag)
2857 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
2858
2859/* setup pointers to domain name and workstation name */
2860
2861 SecurityBlob->WorkstationName.Buffer = 0;
2862 SecurityBlob->WorkstationName.Length = 0;
2863 SecurityBlob->WorkstationName.MaximumLength = 0;
2864 SecurityBlob->SessionKey.Length = 0;
2865 SecurityBlob->SessionKey.MaximumLength = 0;
2866 SecurityBlob->SessionKey.Buffer = 0;
2867
2868 SecurityBlob->LmChallengeResponse.Length = 0;
2869 SecurityBlob->LmChallengeResponse.MaximumLength = 0;
2870 SecurityBlob->LmChallengeResponse.Buffer = 0;
2871
2872 SecurityBlob->NtChallengeResponse.Length =
2873 cpu_to_le16(CIFS_SESSION_KEY_SIZE);
2874 SecurityBlob->NtChallengeResponse.MaximumLength =
2875 cpu_to_le16(CIFS_SESSION_KEY_SIZE);
2876 memcpy(bcc_ptr, ntlm_session_key, CIFS_SESSION_KEY_SIZE);
2877 SecurityBlob->NtChallengeResponse.Buffer =
2878 cpu_to_le32(SecurityBlobLength);
2879 SecurityBlobLength += CIFS_SESSION_KEY_SIZE;
2880 bcc_ptr += CIFS_SESSION_KEY_SIZE;
2881
2882 if (ses->capabilities & CAP_UNICODE) {
2883 if (domain == NULL) {
2884 SecurityBlob->DomainName.Buffer = 0;
2885 SecurityBlob->DomainName.Length = 0;
2886 SecurityBlob->DomainName.MaximumLength = 0;
2887 } else {
2888 __u16 len =
2889 cifs_strtoUCS((wchar_t *) bcc_ptr, domain, 64,
2890 nls_codepage);
2891 len *= 2;
2892 SecurityBlob->DomainName.MaximumLength =
2893 cpu_to_le16(len);
2894 SecurityBlob->DomainName.Buffer =
2895 cpu_to_le32(SecurityBlobLength);
2896 bcc_ptr += len;
2897 SecurityBlobLength += len;
2898 SecurityBlob->DomainName.Length =
2899 cpu_to_le16(len);
2900 }
2901 if (user == NULL) {
2902 SecurityBlob->UserName.Buffer = 0;
2903 SecurityBlob->UserName.Length = 0;
2904 SecurityBlob->UserName.MaximumLength = 0;
2905 } else {
2906 __u16 len =
2907 cifs_strtoUCS((wchar_t *) bcc_ptr, user, 64,
2908 nls_codepage);
2909 len *= 2;
2910 SecurityBlob->UserName.MaximumLength =
2911 cpu_to_le16(len);
2912 SecurityBlob->UserName.Buffer =
2913 cpu_to_le32(SecurityBlobLength);
2914 bcc_ptr += len;
2915 SecurityBlobLength += len;
2916 SecurityBlob->UserName.Length =
2917 cpu_to_le16(len);
2918 }
2919
2920 /* SecurityBlob->WorkstationName.Length = cifs_strtoUCS((wchar_t *) bcc_ptr, "AMACHINE",64, nls_codepage);
2921 SecurityBlob->WorkstationName.Length *= 2;
2922 SecurityBlob->WorkstationName.MaximumLength = cpu_to_le16(SecurityBlob->WorkstationName.Length);
2923 SecurityBlob->WorkstationName.Buffer = cpu_to_le32(SecurityBlobLength);
2924 bcc_ptr += SecurityBlob->WorkstationName.Length;
2925 SecurityBlobLength += SecurityBlob->WorkstationName.Length;
2926 SecurityBlob->WorkstationName.Length = cpu_to_le16(SecurityBlob->WorkstationName.Length); */
2927
2928 if ((long) bcc_ptr % 2) {
2929 *bcc_ptr = 0;
2930 bcc_ptr++;
2931 }
2932 bytes_returned =
2933 cifs_strtoUCS((wchar_t *) bcc_ptr, "Linux version ",
2934 32, nls_codepage);
2935 bcc_ptr += 2 * bytes_returned;
2936 bytes_returned =
2937 cifs_strtoUCS((wchar_t *) bcc_ptr, system_utsname.release, 32,
2938 nls_codepage);
2939 bcc_ptr += 2 * bytes_returned;
2940 bcc_ptr += 2; /* null term version string */
2941 bytes_returned =
2942 cifs_strtoUCS((wchar_t *) bcc_ptr, CIFS_NETWORK_OPSYS,
2943 64, nls_codepage);
2944 bcc_ptr += 2 * bytes_returned;
2945 *(bcc_ptr + 1) = 0;
2946 *(bcc_ptr + 2) = 0;
2947 bcc_ptr += 2; /* null terminate network opsys string */
2948 *(bcc_ptr + 1) = 0;
2949 *(bcc_ptr + 2) = 0;
2950 bcc_ptr += 2; /* null domain */
2951 } else { /* ASCII */
2952 if (domain == NULL) {
2953 SecurityBlob->DomainName.Buffer = 0;
2954 SecurityBlob->DomainName.Length = 0;
2955 SecurityBlob->DomainName.MaximumLength = 0;
2956 } else {
2957 __u16 len;
2958 negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
2959 strncpy(bcc_ptr, domain, 63);
2960 len = strnlen(domain, 64);
2961 SecurityBlob->DomainName.MaximumLength =
2962 cpu_to_le16(len);
2963 SecurityBlob->DomainName.Buffer =
2964 cpu_to_le32(SecurityBlobLength);
2965 bcc_ptr += len;
2966 SecurityBlobLength += len;
2967 SecurityBlob->DomainName.Length = cpu_to_le16(len);
2968 }
2969 if (user == NULL) {
2970 SecurityBlob->UserName.Buffer = 0;
2971 SecurityBlob->UserName.Length = 0;
2972 SecurityBlob->UserName.MaximumLength = 0;
2973 } else {
2974 __u16 len;
2975 strncpy(bcc_ptr, user, 63);
2976 len = strnlen(user, 64);
2977 SecurityBlob->UserName.MaximumLength =
2978 cpu_to_le16(len);
2979 SecurityBlob->UserName.Buffer =
2980 cpu_to_le32(SecurityBlobLength);
2981 bcc_ptr += len;
2982 SecurityBlobLength += len;
2983 SecurityBlob->UserName.Length = cpu_to_le16(len);
2984 }
2985 /* BB fill in our workstation name if known BB */
2986
2987 strcpy(bcc_ptr, "Linux version ");
2988 bcc_ptr += strlen("Linux version ");
2989 strcpy(bcc_ptr, system_utsname.release);
2990 bcc_ptr += strlen(system_utsname.release) + 1;
2991 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2992 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2993 bcc_ptr++; /* null domain */
2994 *bcc_ptr = 0;
2995 }
2996 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2997 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2998 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2999 smb_buffer->smb_buf_length += count;
3000 pSMB->req.ByteCount = cpu_to_le16(count);
3001
3002 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
3003 &bytes_returned, 1);
3004 if (rc) {
3005/* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
3006 } else if ((smb_buffer_response->WordCount == 3)
3007 || (smb_buffer_response->WordCount == 4)) {
3008 __u16 action = le16_to_cpu(pSMBr->resp.Action);
3009 __u16 blob_len =
3010 le16_to_cpu(pSMBr->resp.SecurityBlobLength);
3011 if (action & GUEST_LOGIN)
3012 cFYI(1, (" Guest login")); /* BB do we want to set anything in SesInfo struct ? */
3013/* if(SecurityBlob2->MessageType != NtLm??){
3014 cFYI("Unexpected message type on auth response is %d "));
3015 } */
3016 if (ses) {
3017 cFYI(1,
3018 ("Does UID on challenge %d match auth response UID %d ",
3019 ses->Suid, smb_buffer_response->Uid));
3020 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format */
3021 bcc_ptr = pByteArea(smb_buffer_response);
3022 /* response can have either 3 or 4 word count - Samba sends 3 */
3023 if ((pSMBr->resp.hdr.WordCount == 3)
3024 || ((pSMBr->resp.hdr.WordCount == 4)
3025 && (blob_len <
3026 pSMBr->resp.ByteCount))) {
3027 if (pSMBr->resp.hdr.WordCount == 4) {
3028 bcc_ptr +=
3029 blob_len;
3030 cFYI(1,
3031 ("Security Blob Length %d ",
3032 blob_len));
3033 }
3034
3035 cFYI(1,
3036 ("NTLMSSP response to Authenticate "));
3037
3038 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3039 if ((long) (bcc_ptr) % 2) {
3040 remaining_words =
3041 (BCC(smb_buffer_response)
3042 - 1) / 2;
3043 bcc_ptr++; /* Unicode strings must be word aligned */
3044 } else {
3045 remaining_words = BCC(smb_buffer_response) / 2;
3046 }
3047 len =
3048 UniStrnlen((wchar_t *) bcc_ptr,remaining_words - 1);
3049/* We look for obvious messed up bcc or strings in response so we do not go off
3050 the end since (at least) WIN2K and Windows XP have a major bug in not null
3051 terminating last Unicode string in response */
3052 ses->serverOS =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]3053 kcalloc(1, 2 * (len + 1), GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3054 cifs_strfromUCS_le(ses->serverOS,
3055 (wchar_t *)
3056 bcc_ptr, len,
3057 nls_codepage);
3058 bcc_ptr += 2 * (len + 1);
3059 remaining_words -= len + 1;
3060 ses->serverOS[2 * len] = 0;
3061 ses->serverOS[1 + (2 * len)] = 0;
3062 if (remaining_words > 0) {
3063 len = UniStrnlen((wchar_t *)
3064 bcc_ptr,
3065 remaining_words
3066 - 1);
3067 ses->serverNOS =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]3068 kcalloc(1, 2 * (len + 1),
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3069 GFP_KERNEL);
3070 cifs_strfromUCS_le(ses->
3071 serverNOS,
3072 (wchar_t *)
3073 bcc_ptr,
3074 len,
3075 nls_codepage);
3076 bcc_ptr += 2 * (len + 1);
3077 ses->serverNOS[2 * len] = 0;
3078 ses->serverNOS[1+(2*len)] = 0;
3079 remaining_words -= len + 1;
3080 if (remaining_words > 0) {
3081 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
3082 /* last string not always null terminated (e.g. for Windows XP & 2000) */
3083 ses->serverDomain =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]3084 kcalloc(1, 2 *
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3085 (len +
3086 1),
3087 GFP_KERNEL);
3088 cifs_strfromUCS_le
3089 (ses->
3090 serverDomain,
3091 (wchar_t *)
3092 bcc_ptr, len,
3093 nls_codepage);
3094 bcc_ptr +=
3095 2 * (len + 1);
3096 ses->
3097 serverDomain[2
3098 * len]
3099 = 0;
3100 ses->
3101 serverDomain[1
3102 +
3103 (2
3104 *
3105 len)]
3106 = 0;
3107 } /* else no more room so create dummy domain string */
3108 else
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]3109 ses->serverDomain = kcalloc(1, 2,GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3110 } else { /* no room so create dummy domain and NOS string */
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]3111 ses->serverDomain = kcalloc(1, 2, GFP_KERNEL);
3112 ses->serverNOS = kcalloc(1, 2, GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3113 }
3114 } else { /* ASCII */
3115 len = strnlen(bcc_ptr, 1024);
3116 if (((long) bcc_ptr + len) -
3117 (long) pByteArea(smb_buffer_response)
3118 <= BCC(smb_buffer_response)) {
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]3119 ses->serverOS = kcalloc(1, len + 1,GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3120 strncpy(ses->serverOS,bcc_ptr, len);
3121
3122 bcc_ptr += len;
3123 bcc_ptr[0] = 0; /* null terminate the string */
3124 bcc_ptr++;
3125
3126 len = strnlen(bcc_ptr, 1024);
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]3127 ses->serverNOS = kcalloc(1, len+1,GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3128 strncpy(ses->serverNOS, bcc_ptr, len);
3129 bcc_ptr += len;
3130 bcc_ptr[0] = 0;
3131 bcc_ptr++;
3132
3133 len = strnlen(bcc_ptr, 1024);
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]3134 ses->serverDomain = kcalloc(1, len+1,GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3135 strncpy(ses->serverDomain, bcc_ptr, len);
3136 bcc_ptr += len;
3137 bcc_ptr[0] = 0;
3138 bcc_ptr++;
3139 } else
3140 cFYI(1,
3141 ("Variable field of length %d extends beyond end of smb ",
3142 len));
3143 }
3144 } else {
3145 cERROR(1,
3146 (" Security Blob Length extends beyond end of SMB"));
3147 }
3148 } else {
3149 cERROR(1, ("No session structure passed in."));
3150 }
3151 } else {
3152 cERROR(1,
3153 (" Invalid Word count %d: ",
3154 smb_buffer_response->WordCount));
3155 rc = -EIO;
3156 }
3157
3158 if (smb_buffer)
3159 cifs_buf_release(smb_buffer);
3160
3161 return rc;
3162}
3163
3164int
3165CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3166 const char *tree, struct cifsTconInfo *tcon,
3167 const struct nls_table *nls_codepage)
3168{
3169 struct smb_hdr *smb_buffer;
3170 struct smb_hdr *smb_buffer_response;
3171 TCONX_REQ *pSMB;
3172 TCONX_RSP *pSMBr;
3173 unsigned char *bcc_ptr;
3174 int rc = 0;
3175 int length;
3176 __u16 count;
3177
3178 if (ses == NULL)
3179 return -EIO;
3180
3181 smb_buffer = cifs_buf_get();
3182 if (smb_buffer == NULL) {
3183 return -ENOMEM;
3184 }
3185 smb_buffer_response = smb_buffer;
3186
3187 header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3188 NULL /*no tid */ , 4 /*wct */ );
Steve French1982c342005-08-17 12:38:22 -0700[diff] [blame]3189
3190 smb_buffer->Mid = GetNextMid(ses->server);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3191 smb_buffer->Uid = ses->Suid;
3192 pSMB = (TCONX_REQ *) smb_buffer;
3193 pSMBr = (TCONX_RSP *) smb_buffer_response;
3194
3195 pSMB->AndXCommand = 0xFF;
3196 pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
3197 pSMB->PasswordLength = cpu_to_le16(1); /* minimum */
3198 bcc_ptr = &pSMB->Password[0];
3199 bcc_ptr++; /* skip password */
3200
3201 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3202 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3203
3204 if (ses->capabilities & CAP_STATUS32) {
3205 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3206 }
3207 if (ses->capabilities & CAP_DFS) {
3208 smb_buffer->Flags2 |= SMBFLG2_DFS;
3209 }
3210 if (ses->capabilities & CAP_UNICODE) {
3211 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3212 length =
3213 cifs_strtoUCS((wchar_t *) bcc_ptr, tree, 100, nls_codepage);
3214 bcc_ptr += 2 * length; /* convert num of 16 bit words to bytes */
3215 bcc_ptr += 2; /* skip trailing null */
3216 } else { /* ASCII */
3217
3218 strcpy(bcc_ptr, tree);
3219 bcc_ptr += strlen(tree) + 1;
3220 }
3221 strcpy(bcc_ptr, "?????");
3222 bcc_ptr += strlen("?????");
3223 bcc_ptr += 1;
3224 count = bcc_ptr - &pSMB->Password[0];
3225 pSMB->hdr.smb_buf_length += count;
3226 pSMB->ByteCount = cpu_to_le16(count);
3227
3228 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length, 0);
3229
3230 /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3231 /* above now done in SendReceive */
3232 if ((rc == 0) && (tcon != NULL)) {
3233 tcon->tidStatus = CifsGood;
3234 tcon->tid = smb_buffer_response->Tid;
3235 bcc_ptr = pByteArea(smb_buffer_response);
3236 length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2);
3237 /* skip service field (NB: this field is always ASCII) */
3238 bcc_ptr += length + 1;
3239 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3240 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3241 length = UniStrnlen((wchar_t *) bcc_ptr, 512);
3242 if ((bcc_ptr + (2 * length)) -
3243 pByteArea(smb_buffer_response) <=
3244 BCC(smb_buffer_response)) {
3245 if(tcon->nativeFileSystem)
3246 kfree(tcon->nativeFileSystem);
3247 tcon->nativeFileSystem =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]3248 kcalloc(1, length + 2, GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3249 cifs_strfromUCS_le(tcon->nativeFileSystem,
3250 (wchar_t *) bcc_ptr,
3251 length, nls_codepage);
3252 bcc_ptr += 2 * length;
3253 bcc_ptr[0] = 0; /* null terminate the string */
3254 bcc_ptr[1] = 0;
3255 bcc_ptr += 2;
3256 }
3257 /* else do not bother copying these informational fields */
3258 } else {
3259 length = strnlen(bcc_ptr, 1024);
3260 if ((bcc_ptr + length) -
3261 pByteArea(smb_buffer_response) <=
3262 BCC(smb_buffer_response)) {
3263 if(tcon->nativeFileSystem)
3264 kfree(tcon->nativeFileSystem);
3265 tcon->nativeFileSystem =
Steve French433dc242005-04-28 22:41:08 -0700[diff] [blame]3266 kcalloc(1, length + 1, GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3267 strncpy(tcon->nativeFileSystem, bcc_ptr,
3268 length);
3269 }
3270 /* else do not bother copying these informational fields */
3271 }
3272 tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3273 cFYI(1, ("Tcon flags: 0x%x ", tcon->Flags));
3274 } else if ((rc == 0) && tcon == NULL) {
3275 /* all we need to save for IPC$ connection */
3276 ses->ipc_tid = smb_buffer_response->Tid;
3277 }
3278
3279 if (smb_buffer)
3280 cifs_buf_release(smb_buffer);
3281 return rc;
3282}
3283
3284int
3285cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3286{
3287 int rc = 0;
3288 int xid;
3289 struct cifsSesInfo *ses = NULL;
3290 struct task_struct *cifsd_task;
3291
3292 xid = GetXid();
3293
3294 if (cifs_sb->tcon) {
3295 ses = cifs_sb->tcon->ses; /* save ptr to ses before delete tcon!*/
3296 rc = CIFSSMBTDis(xid, cifs_sb->tcon);
3297 if (rc == -EBUSY) {
3298 FreeXid(xid);
3299 return 0;
3300 }
3301 tconInfoFree(cifs_sb->tcon);
3302 if ((ses) && (ses->server)) {
3303 /* save off task so we do not refer to ses later */
3304 cifsd_task = ses->server->tsk;
3305 cFYI(1, ("About to do SMBLogoff "));
3306 rc = CIFSSMBLogoff(xid, ses);
3307 if (rc == -EBUSY) {
3308 FreeXid(xid);
3309 return 0;
3310 } else if (rc == -ESHUTDOWN) {
3311 cFYI(1,("Waking up socket by sending it signal"));
Steve Frenchf1914012005-08-18 09:37:34 -0700[diff] [blame]3312 if(cifsd_task) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3313 send_sig(SIGKILL,cifsd_task,1);
Steve Frenchf1914012005-08-18 09:37:34 -0700[diff] [blame]3314 wait_for_completion(&cifsd_complete);
3315 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3316 rc = 0;
3317 } /* else - we have an smb session
3318 left on this socket do not kill cifsd */
3319 } else
3320 cFYI(1, ("No session or bad tcon"));
3321 }
3322
3323 cifs_sb->tcon = NULL;
3324 if (ses) {
3325 set_current_state(TASK_INTERRUPTIBLE);
3326 schedule_timeout(HZ / 2);
3327 }
3328 if (ses)
3329 sesInfoFree(ses);
3330
3331 FreeXid(xid);
3332 return rc; /* BB check if we should always return zero here */
3333}
3334
3335int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
3336 struct nls_table * nls_info)
3337{
3338 int rc = 0;
3339 char ntlm_session_key[CIFS_SESSION_KEY_SIZE];
3340 int ntlmv2_flag = FALSE;
Steve Frenchad009ac2005-04-28 22:41:05 -0700[diff] [blame]3341 int first_time = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3342
3343 /* what if server changes its buffer size after dropping the session? */
3344 if(pSesInfo->server->maxBuf == 0) /* no need to send on reconnect */ {
3345 rc = CIFSSMBNegotiate(xid, pSesInfo);
3346 if(rc == -EAGAIN) /* retry only once on 1st time connection */ {
3347 rc = CIFSSMBNegotiate(xid, pSesInfo);
3348 if(rc == -EAGAIN)
3349 rc = -EHOSTDOWN;
3350 }
3351 if(rc == 0) {
3352 spin_lock(&GlobalMid_Lock);
3353 if(pSesInfo->server->tcpStatus != CifsExiting)
3354 pSesInfo->server->tcpStatus = CifsGood;
3355 else
3356 rc = -EHOSTDOWN;
3357 spin_unlock(&GlobalMid_Lock);
3358
3359 }
Steve Frenchad009ac2005-04-28 22:41:05 -0700[diff] [blame]3360 first_time = 1;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3361 }
3362 if (!rc) {
3363 pSesInfo->capabilities = pSesInfo->server->capabilities;
3364 if(linuxExtEnabled == 0)
3365 pSesInfo->capabilities &= (~CAP_UNIX);
Steve Frenchad009ac2005-04-28 22:41:05 -0700[diff] [blame]3366 /* pSesInfo->sequence_number = 0;*/
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3367 cFYI(1,("Security Mode: 0x%x Capabilities: 0x%x Time Zone: %d",
3368 pSesInfo->server->secMode,
3369 pSesInfo->server->capabilities,
3370 pSesInfo->server->timeZone));
3371 if (extended_security
3372 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3373 && (pSesInfo->server->secType == NTLMSSP)) {
3374 cFYI(1, ("New style sesssetup "));
3375 rc = CIFSSpnegoSessSetup(xid, pSesInfo,
3376 NULL /* security blob */,
3377 0 /* blob length */,
3378 nls_info);
3379 } else if (extended_security
3380 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3381 && (pSesInfo->server->secType == RawNTLMSSP)) {
3382 cFYI(1, ("NTLMSSP sesssetup "));
3383 rc = CIFSNTLMSSPNegotiateSessSetup(xid,
3384 pSesInfo,
3385 &ntlmv2_flag,
3386 nls_info);
3387 if (!rc) {
3388 if(ntlmv2_flag) {
3389 char * v2_response;
3390 cFYI(1,("Can use more secure NTLM version 2 password hash"));
3391 if(CalcNTLMv2_partial_mac_key(pSesInfo,
3392 nls_info)) {
3393 rc = -ENOMEM;
3394 goto ss_err_exit;
3395 } else
3396 v2_response = kmalloc(16 + 64 /* blob */, GFP_KERNEL);
3397 if(v2_response) {
3398 CalcNTLMv2_response(pSesInfo,v2_response);
Steve Frenchad009ac2005-04-28 22:41:05 -0700[diff] [blame]3399 /* if(first_time)
3400 cifs_calculate_ntlmv2_mac_key(
3401 pSesInfo->server->mac_signing_key,
3402 response, ntlm_session_key, */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3403 kfree(v2_response);
3404 /* BB Put dummy sig in SessSetup PDU? */
3405 } else {
3406 rc = -ENOMEM;
3407 goto ss_err_exit;
3408 }
3409
3410 } else {
3411 SMBNTencrypt(pSesInfo->password,
3412 pSesInfo->server->cryptKey,
3413 ntlm_session_key);
3414
Steve Frenchad009ac2005-04-28 22:41:05 -0700[diff] [blame]3415 if(first_time)
3416 cifs_calculate_mac_key(
3417 pSesInfo->server->mac_signing_key,
3418 ntlm_session_key,
3419 pSesInfo->password);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3420 }
3421 /* for better security the weaker lanman hash not sent
3422 in AuthSessSetup so we no longer calculate it */
3423
3424 rc = CIFSNTLMSSPAuthSessSetup(xid,
3425 pSesInfo,
3426 ntlm_session_key,
3427 ntlmv2_flag,
3428 nls_info);
3429 }
3430 } else { /* old style NTLM 0.12 session setup */
3431 SMBNTencrypt(pSesInfo->password,
3432 pSesInfo->server->cryptKey,
3433 ntlm_session_key);
3434
Steve Frenchad009ac2005-04-28 22:41:05 -0700[diff] [blame]3435 if(first_time)
3436 cifs_calculate_mac_key(
3437 pSesInfo->server->mac_signing_key,
3438 ntlm_session_key, pSesInfo->password);
3439
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]3440 rc = CIFSSessSetup(xid, pSesInfo,
3441 ntlm_session_key, nls_info);
3442 }
3443 if (rc) {
3444 cERROR(1,("Send error in SessSetup = %d",rc));
3445 } else {
3446 cFYI(1,("CIFS Session Established successfully"));
3447 pSesInfo->status = CifsGood;
3448 }
3449 }
3450ss_err_exit:
3451 return rc;
3452}
3453