search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6
[wrt350n-kernel.git] / fs / cifs / connect.c
blobfbc96e26984bdd259edef598cfb3a990e808c235
1 /*
2 * fs/cifs/connect.c
3 *
4 * Copyright (C) International Business Machines Corp., 2002,2008
5 * Author(s): Steve French (sfrench@us.ibm.com)
6 *
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
21 #include <linux/fs.h>
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/ipv6.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/kthread.h>
34 #include <linux/pagevec.h>
35 #include <linux/freezer.h>
36 #include <asm/uaccess.h>
37 #include <asm/processor.h>
38 #include "cifspdu.h"
39 #include "cifsglob.h"
40 #include "cifsproto.h"
41 #include "cifs_unicode.h"
42 #include "cifs_debug.h"
43 #include "cifs_fs_sb.h"
44 #include "ntlmssp.h"
45 #include "nterr.h"
46 #include "rfc1002pdu.h"
47 #include "cn_cifs.h"
48
49 #define CIFS_PORT 445
50 #define RFC1001_PORT 139
51
52 static DECLARE_COMPLETION(cifsd_complete);
53
54 extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
55 unsigned char *p24);
56
57 extern mempool_t *cifs_req_poolp;
58
59 struct smb_vol {
60 char *username;
61 char *password;
62 char *domainname;
63 char *UNC;
64 char *UNCip;
65 char *in6_addr; /* ipv6 address as human readable form of in6_addr */
66 char *iocharset; /* local code page for mapping to and from Unicode */
67 char source_rfc1001_name[16]; /* netbios name of client */
68 char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
69 uid_t linux_uid;
70 gid_t linux_gid;
71 mode_t file_mode;
72 mode_t dir_mode;
73 unsigned secFlg;
74 unsigned rw:1;
75 unsigned retry:1;
76 unsigned intr:1;
77 unsigned setuids:1;
78 unsigned override_uid:1;
79 unsigned override_gid:1;
80 unsigned noperm:1;
81 unsigned no_psx_acl:1; /* set if posix acl support should be disabled */
82 unsigned cifs_acl:1;
83 unsigned no_xattr:1; /* set if xattr (EA) support should be disabled*/
84 unsigned server_ino:1; /* use inode numbers from server ie UniqueId */
85 unsigned direct_io:1;
86 unsigned remap:1; /* set to remap seven reserved chars in filenames */
87 unsigned posix_paths:1; /* unset to not ask for posix pathnames. */
88 unsigned no_linux_ext:1;
89 unsigned sfu_emul:1;
90 unsigned nullauth:1; /* attempt to authenticate with null user */
91 unsigned nocase; /* request case insensitive filenames */
92 unsigned nobrl; /* disable sending byte range locks to srv */
93 unsigned int rsize;
94 unsigned int wsize;
95 unsigned int sockopt;
96 unsigned short int port;
97 char *prepath;
98 };
99
100 static int ipv4_connect(struct sockaddr_in *psin_server,
101 struct socket **csocket,
102 char *netb_name,
103 char *server_netb_name);
104 static int ipv6_connect(struct sockaddr_in6 *psin_server,
105 struct socket **csocket);
106
107
108 /*
109 * cifs tcp session reconnection
110 *
111 * mark tcp session as reconnecting so temporarily locked
112 * mark all smb sessions as reconnecting for tcp session
113 * reconnect tcp session
114 * wake up waiters on reconnection? - (not needed currently)
115 */
116
117 static int
118 cifs_reconnect(struct TCP_Server_Info *server)
119 {
120 int rc = 0;
121 struct list_head *tmp;
122 struct cifsSesInfo *ses;
123 struct cifsTconInfo *tcon;
124 struct mid_q_entry *mid_entry;
125
126 spin_lock(&GlobalMid_Lock);
127 if (kthread_should_stop()) {
128 /* the demux thread will exit normally
129 next time through the loop */
130 spin_unlock(&GlobalMid_Lock);
131 return rc;
132 } else
133 server->tcpStatus = CifsNeedReconnect;
134 spin_unlock(&GlobalMid_Lock);
135 server->maxBuf = 0;
136
137 cFYI(1, ("Reconnecting tcp session"));
138
139 /* before reconnecting the tcp session, mark the smb session (uid)
140 and the tid bad so they are not used until reconnected */
141 read_lock(&GlobalSMBSeslock);
142 list_for_each(tmp, &GlobalSMBSessionList) {
143 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
144 if (ses->server) {
145 if (ses->server == server) {
146 ses->status = CifsNeedReconnect;
147 ses->ipc_tid = 0;
148 }
149 }
150 /* else tcp and smb sessions need reconnection */
151 }
152 list_for_each(tmp, &GlobalTreeConnectionList) {
153 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
154 if ((tcon) && (tcon->ses) && (tcon->ses->server == server))
155 tcon->tidStatus = CifsNeedReconnect;
156 }
157 read_unlock(&GlobalSMBSeslock);
158 /* do not want to be sending data on a socket we are freeing */
159 down(&server->tcpSem);
160 if (server->ssocket) {
161 cFYI(1, ("State: 0x%x Flags: 0x%lx", server->ssocket->state,
162 server->ssocket->flags));
163 kernel_sock_shutdown(server->ssocket, SHUT_WR);
164 cFYI(1, ("Post shutdown state: 0x%x Flags: 0x%lx",
165 server->ssocket->state,
166 server->ssocket->flags));
167 sock_release(server->ssocket);
168 server->ssocket = NULL;
169 }
170
171 spin_lock(&GlobalMid_Lock);
172 list_for_each(tmp, &server->pending_mid_q) {
173 mid_entry = list_entry(tmp, struct
174 mid_q_entry,
175 qhead);
176 if (mid_entry) {
177 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
178 /* Mark other intransit requests as needing
179 retry so we do not immediately mark the
180 session bad again (ie after we reconnect
181 below) as they timeout too */
182 mid_entry->midState = MID_RETRY_NEEDED;
183 }
184 }
185 }
186 spin_unlock(&GlobalMid_Lock);
187 up(&server->tcpSem);
188
189 while ((!kthread_should_stop()) && (server->tcpStatus != CifsGood)) {
190 try_to_freeze();
191 if (server->protocolType == IPV6) {
192 rc = ipv6_connect(&server->addr.sockAddr6,
193 &server->ssocket);
194 } else {
195 rc = ipv4_connect(&server->addr.sockAddr,
196 &server->ssocket,
197 server->workstation_RFC1001_name,
198 server->server_RFC1001_name);
199 }
200 if (rc) {
201 cFYI(1, ("reconnect error %d", rc));
202 msleep(3000);
203 } else {
204 atomic_inc(&tcpSesReconnectCount);
205 spin_lock(&GlobalMid_Lock);
206 if (!kthread_should_stop())
207 server->tcpStatus = CifsGood;
208 server->sequence_number = 0;
209 spin_unlock(&GlobalMid_Lock);
210 /* atomic_set(&server->inFlight,0);*/
211 wake_up(&server->response_q);
212 }
213 }
214 return rc;
215 }
216
217 /*
218 return codes:
219 0 not a transact2, or all data present
220 >0 transact2 with that much data missing
221 -EINVAL = invalid transact2
222
223 */
224 static int check2ndT2(struct smb_hdr *pSMB, unsigned int maxBufSize)
225 {
226 struct smb_t2_rsp *pSMBt;
227 int total_data_size;
228 int data_in_this_rsp;
229 int remaining;
230
231 if (pSMB->Command != SMB_COM_TRANSACTION2)
232 return 0;
233
234 /* check for plausible wct, bcc and t2 data and parm sizes */
235 /* check for parm and data offset going beyond end of smb */
236 if (pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
237 cFYI(1, ("invalid transact2 word count"));
238 return -EINVAL;
239 }
240
241 pSMBt = (struct smb_t2_rsp *)pSMB;
242
243 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
244 data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
245
246 remaining = total_data_size - data_in_this_rsp;
247
248 if (remaining == 0)
249 return 0;
250 else if (remaining < 0) {
251 cFYI(1, ("total data %d smaller than data in frame %d",
252 total_data_size, data_in_this_rsp));
253 return -EINVAL;
254 } else {
255 cFYI(1, ("missing %d bytes from transact2, check next response",
256 remaining));
257 if (total_data_size > maxBufSize) {
258 cERROR(1, ("TotalDataSize %d is over maximum buffer %d",
259 total_data_size, maxBufSize));
260 return -EINVAL;
261 }
262 return remaining;
263 }
264 }
265
266 static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
267 {
268 struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
269 struct smb_t2_rsp *pSMBt = (struct smb_t2_rsp *)pTargetSMB;
270 int total_data_size;
271 int total_in_buf;
272 int remaining;
273 int total_in_buf2;
274 char *data_area_of_target;
275 char *data_area_of_buf2;
276 __u16 byte_count;
277
278 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
279
280 if (total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
281 cFYI(1, ("total data size of primary and secondary t2 differ"));
282 }
283
284 total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
285
286 remaining = total_data_size - total_in_buf;
287
288 if (remaining < 0)
289 return -EINVAL;
290
291 if (remaining == 0) /* nothing to do, ignore */
292 return 0;
293
294 total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
295 if (remaining < total_in_buf2) {
296 cFYI(1, ("transact2 2nd response contains too much data"));
297 }
298
299 /* find end of first SMB data area */
300 data_area_of_target = (char *)&pSMBt->hdr.Protocol +
301 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
302 /* validate target area */
303
304 data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
305 le16_to_cpu(pSMB2->t2_rsp.DataOffset);
306
307 data_area_of_target += total_in_buf;
308
309 /* copy second buffer into end of first buffer */
310 memcpy(data_area_of_target, data_area_of_buf2, total_in_buf2);
311 total_in_buf += total_in_buf2;
312 pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
313 byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
314 byte_count += total_in_buf2;
315 BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
316
317 byte_count = pTargetSMB->smb_buf_length;
318 byte_count += total_in_buf2;
319
320 /* BB also add check that we are not beyond maximum buffer size */
321
322 pTargetSMB->smb_buf_length = byte_count;
323
324 if (remaining == total_in_buf2) {
325 cFYI(1, ("found the last secondary response"));
326 return 0; /* we are done */
327 } else /* more responses to go */
328 return 1;
329
330 }
331
332 static int
333 cifs_demultiplex_thread(struct TCP_Server_Info *server)
334 {
335 int length;
336 unsigned int pdu_length, total_read;
337 struct smb_hdr *smb_buffer = NULL;
338 struct smb_hdr *bigbuf = NULL;
339 struct smb_hdr *smallbuf = NULL;
340 struct msghdr smb_msg;
341 struct kvec iov;
342 struct socket *csocket = server->ssocket;
343 struct list_head *tmp;
344 struct cifsSesInfo *ses;
345 struct task_struct *task_to_wake = NULL;
346 struct mid_q_entry *mid_entry;
347 char temp;
348 int isLargeBuf = FALSE;
349 int isMultiRsp;
350 int reconnect;
351
352 current->flags |= PF_MEMALLOC;
353 server->tsk = current; /* save process info to wake at shutdown */
354 cFYI(1, ("Demultiplex PID: %d", task_pid_nr(current)));
355 write_lock(&GlobalSMBSeslock);
356 atomic_inc(&tcpSesAllocCount);
357 length = tcpSesAllocCount.counter;
358 write_unlock(&GlobalSMBSeslock);
359 complete(&cifsd_complete);
360 if (length > 1)
361 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
362 GFP_KERNEL);
363
364 set_freezable();
365 while (!kthread_should_stop()) {
366 if (try_to_freeze())
367 continue;
368 if (bigbuf == NULL) {
369 bigbuf = cifs_buf_get();
370 if (!bigbuf) {
371 cERROR(1, ("No memory for large SMB response"));
372 msleep(3000);
373 /* retry will check if exiting */
374 continue;
375 }
376 } else if (isLargeBuf) {
377 /* we are reusing a dirty large buf, clear its start */
378 memset(bigbuf, 0, sizeof(struct smb_hdr));
379 }
380
381 if (smallbuf == NULL) {
382 smallbuf = cifs_small_buf_get();
383 if (!smallbuf) {
384 cERROR(1, ("No memory for SMB response"));
385 msleep(1000);
386 /* retry will check if exiting */
387 continue;
388 }
389 /* beginning of smb buffer is cleared in our buf_get */
390 } else /* if existing small buf clear beginning */
391 memset(smallbuf, 0, sizeof(struct smb_hdr));
392
393 isLargeBuf = FALSE;
394 isMultiRsp = FALSE;
395 smb_buffer = smallbuf;
396 iov.iov_base = smb_buffer;
397 iov.iov_len = 4;
398 smb_msg.msg_control = NULL;
399 smb_msg.msg_controllen = 0;
400 pdu_length = 4; /* enough to get RFC1001 header */
401 incomplete_rcv:
402 length =
403 kernel_recvmsg(csocket, &smb_msg,
404 &iov, 1, pdu_length, 0 /* BB other flags? */);
405
406 if (kthread_should_stop()) {
407 break;
408 } else if (server->tcpStatus == CifsNeedReconnect) {
409 cFYI(1, ("Reconnect after server stopped responding"));
410 cifs_reconnect(server);
411 cFYI(1, ("call to reconnect done"));
412 csocket = server->ssocket;
413 continue;
414 } else if ((length == -ERESTARTSYS) || (length == -EAGAIN)) {
415 msleep(1); /* minimum sleep to prevent looping
416 allowing socket to clear and app threads to set
417 tcpStatus CifsNeedReconnect if server hung */
418 if (pdu_length < 4)
419 goto incomplete_rcv;
420 else
421 continue;
422 } else if (length <= 0) {
423 if (server->tcpStatus == CifsNew) {
424 cFYI(1, ("tcp session abend after SMBnegprot"));
425 /* some servers kill the TCP session rather than
426 returning an SMB negprot error, in which
427 case reconnecting here is not going to help,
428 and so simply return error to mount */
429 break;
430 }
431 if (!try_to_freeze() && (length == -EINTR)) {
432 cFYI(1, ("cifsd thread killed"));
433 break;
434 }
435 cFYI(1, ("Reconnect after unexpected peek error %d",
436 length));
437 cifs_reconnect(server);
438 csocket = server->ssocket;
439 wake_up(&server->response_q);
440 continue;
441 } else if (length < pdu_length) {
442 cFYI(1, ("requested %d bytes but only got %d bytes",
443 pdu_length, length));
444 pdu_length -= length;
445 msleep(1);
446 goto incomplete_rcv;
447 }
448
449 /* The right amount was read from socket - 4 bytes */
450 /* so we can now interpret the length field */
451
452 /* the first byte big endian of the length field,
453 is actually not part of the length but the type
454 with the most common, zero, as regular data */
455 temp = *((char *) smb_buffer);
456
457 /* Note that FC 1001 length is big endian on the wire,
458 but we convert it here so it is always manipulated
459 as host byte order */
460 pdu_length = ntohl(smb_buffer->smb_buf_length);
461 smb_buffer->smb_buf_length = pdu_length;
462
463 cFYI(1, ("rfc1002 length 0x%x", pdu_length+4));
464
465 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
466 continue;
467 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
468 cFYI(1, ("Good RFC 1002 session rsp"));
469 continue;
470 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
471 /* we get this from Windows 98 instead of
472 an error on SMB negprot response */
473 cFYI(1, ("Negative RFC1002 Session Response Error 0x%x)",
474 pdu_length));
475 if (server->tcpStatus == CifsNew) {
476 /* if nack on negprot (rather than
477 ret of smb negprot error) reconnecting
478 not going to help, ret error to mount */
479 break;
480 } else {
481 /* give server a second to
482 clean up before reconnect attempt */
483 msleep(1000);
484 /* always try 445 first on reconnect
485 since we get NACK on some if we ever
486 connected to port 139 (the NACK is
487 since we do not begin with RFC1001
488 session initialize frame) */
489 server->addr.sockAddr.sin_port =
490 htons(CIFS_PORT);
491 cifs_reconnect(server);
492 csocket = server->ssocket;
493 wake_up(&server->response_q);
494 continue;
495 }
496 } else if (temp != (char) 0) {
497 cERROR(1, ("Unknown RFC 1002 frame"));
498 cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
499 length);
500 cifs_reconnect(server);
501 csocket = server->ssocket;
502 continue;
503 }
504
505 /* else we have an SMB response */
506 if ((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
507 (pdu_length < sizeof(struct smb_hdr) - 1 - 4)) {
508 cERROR(1, ("Invalid size SMB length %d pdu_length %d",
509 length, pdu_length+4));
510 cifs_reconnect(server);
511 csocket = server->ssocket;
512 wake_up(&server->response_q);
513 continue;
514 }
515
516 /* else length ok */
517 reconnect = 0;
518
519 if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
520 isLargeBuf = TRUE;
521 memcpy(bigbuf, smallbuf, 4);
522 smb_buffer = bigbuf;
523 }
524 length = 0;
525 iov.iov_base = 4 + (char *)smb_buffer;
526 iov.iov_len = pdu_length;
527 for (total_read = 0; total_read < pdu_length;
528 total_read += length) {
529 length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
530 pdu_length - total_read, 0);
531 if (kthread_should_stop() ||
532 (length == -EINTR)) {
533 /* then will exit */
534 reconnect = 2;
535 break;
536 } else if (server->tcpStatus == CifsNeedReconnect) {
537 cifs_reconnect(server);
538 csocket = server->ssocket;
539 /* Reconnect wakes up rspns q */
540 /* Now we will reread sock */
541 reconnect = 1;
542 break;
543 } else if ((length == -ERESTARTSYS) ||
544 (length == -EAGAIN)) {
545 msleep(1); /* minimum sleep to prevent looping,
546 allowing socket to clear and app
547 threads to set tcpStatus
548 CifsNeedReconnect if server hung*/
549 length = 0;
550 continue;
551 } else if (length <= 0) {
552 cERROR(1, ("Received no data, expecting %d",
553 pdu_length - total_read));
554 cifs_reconnect(server);
555 csocket = server->ssocket;
556 reconnect = 1;
557 break;
558 }
559 }
560 if (reconnect == 2)
561 break;
562 else if (reconnect == 1)
563 continue;
564
565 length += 4; /* account for rfc1002 hdr */
566
567
568 dump_smb(smb_buffer, length);
569 if (checkSMB(smb_buffer, smb_buffer->Mid, total_read+4)) {
570 cifs_dump_mem("Bad SMB: ", smb_buffer, 48);
571 continue;
572 }
573
574
575 task_to_wake = NULL;
576 spin_lock(&GlobalMid_Lock);
577 list_for_each(tmp, &server->pending_mid_q) {
578 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
579
580 if ((mid_entry->mid == smb_buffer->Mid) &&
581 (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
582 (mid_entry->command == smb_buffer->Command)) {
583 if (check2ndT2(smb_buffer,server->maxBuf) > 0) {
584 /* We have a multipart transact2 resp */
585 isMultiRsp = TRUE;
586 if (mid_entry->resp_buf) {
587 /* merge response - fix up 1st*/
588 if (coalesce_t2(smb_buffer,
589 mid_entry->resp_buf)) {
590 mid_entry->multiRsp = 1;
591 break;
592 } else {
593 /* all parts received */
594 mid_entry->multiEnd = 1;
595 goto multi_t2_fnd;
596 }
597 } else {
598 if (!isLargeBuf) {
599 cERROR(1,("1st trans2 resp needs bigbuf"));
600 /* BB maybe we can fix this up, switch
601 to already allocated large buffer? */
602 } else {
603 /* Have first buffer */
604 mid_entry->resp_buf =
605 smb_buffer;
606 mid_entry->largeBuf = 1;
607 bigbuf = NULL;
608 }
609 }
610 break;
611 }
612 mid_entry->resp_buf = smb_buffer;
613 if (isLargeBuf)
614 mid_entry->largeBuf = 1;
615 else
616 mid_entry->largeBuf = 0;
617 multi_t2_fnd:
618 task_to_wake = mid_entry->tsk;
619 mid_entry->midState = MID_RESPONSE_RECEIVED;
620 #ifdef CONFIG_CIFS_STATS2
621 mid_entry->when_received = jiffies;
622 #endif
623 /* so we do not time out requests to server
624 which is still responding (since server could
625 be busy but not dead) */
626 server->lstrp = jiffies;
627 break;
628 }
629 }
630 spin_unlock(&GlobalMid_Lock);
631 if (task_to_wake) {
632 /* Was previous buf put in mpx struct for multi-rsp? */
633 if (!isMultiRsp) {
634 /* smb buffer will be freed by user thread */
635 if (isLargeBuf)
636 bigbuf = NULL;
637 else
638 smallbuf = NULL;
639 }
640 wake_up_process(task_to_wake);
641 } else if ((is_valid_oplock_break(smb_buffer, server) == FALSE)
642 && (isMultiRsp == FALSE)) {
643 cERROR(1, ("No task to wake, unknown frame received! "
644 "NumMids %d", midCount.counter));
645 cifs_dump_mem("Received Data is: ", (char *)smb_buffer,
646 sizeof(struct smb_hdr));
647 #ifdef CONFIG_CIFS_DEBUG2
648 cifs_dump_detail(smb_buffer);
649 cifs_dump_mids(server);
650 #endif /* CIFS_DEBUG2 */
651
652 }
653 } /* end while !EXITING */
654
655 spin_lock(&GlobalMid_Lock);
656 server->tcpStatus = CifsExiting;
657 server->tsk = NULL;
658 /* check if we have blocked requests that need to free */
659 /* Note that cifs_max_pending is normally 50, but
660 can be set at module install time to as little as two */
661 if (atomic_read(&server->inFlight) >= cifs_max_pending)
662 atomic_set(&server->inFlight, cifs_max_pending - 1);
663 /* We do not want to set the max_pending too low or we
664 could end up with the counter going negative */
665 spin_unlock(&GlobalMid_Lock);
666 /* Although there should not be any requests blocked on
667 this queue it can not hurt to be paranoid and try to wake up requests
668 that may haven been blocked when more than 50 at time were on the wire
669 to the same server - they now will see the session is in exit state
670 and get out of SendReceive. */
671 wake_up_all(&server->request_q);
672 /* give those requests time to exit */
673 msleep(125);
674
675 if (server->ssocket) {
676 sock_release(csocket);
677 server->ssocket = NULL;
678 }
679 /* buffer usuallly freed in free_mid - need to free it here on exit */
680 cifs_buf_release(bigbuf);
681 if (smallbuf) /* no sense logging a debug message if NULL */
682 cifs_small_buf_release(smallbuf);
683
684 read_lock(&GlobalSMBSeslock);
685 if (list_empty(&server->pending_mid_q)) {
686 /* loop through server session structures attached to this and
687 mark them dead */
688 list_for_each(tmp, &GlobalSMBSessionList) {
689 ses =
690 list_entry(tmp, struct cifsSesInfo,
691 cifsSessionList);
692 if (ses->server == server) {
693 ses->status = CifsExiting;
694 ses->server = NULL;
695 }
696 }
697 read_unlock(&GlobalSMBSeslock);
698 } else {
699 /* although we can not zero the server struct pointer yet,
700 since there are active requests which may depnd on them,
701 mark the corresponding SMB sessions as exiting too */
702 list_for_each(tmp, &GlobalSMBSessionList) {
703 ses = list_entry(tmp, struct cifsSesInfo,
704 cifsSessionList);
705 if (ses->server == server)
706 ses->status = CifsExiting;
707 }
708
709 spin_lock(&GlobalMid_Lock);
710 list_for_each(tmp, &server->pending_mid_q) {
711 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
712 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
713 cFYI(1, ("Clearing Mid 0x%x - waking up ",
714 mid_entry->mid));
715 task_to_wake = mid_entry->tsk;
716 if (task_to_wake)
717 wake_up_process(task_to_wake);
718 }
719 }
720 spin_unlock(&GlobalMid_Lock);
721 read_unlock(&GlobalSMBSeslock);
722 /* 1/8th of sec is more than enough time for them to exit */
723 msleep(125);
724 }
725
726 if (!list_empty(&server->pending_mid_q)) {
727 /* mpx threads have not exited yet give them
728 at least the smb send timeout time for long ops */
729 /* due to delays on oplock break requests, we need
730 to wait at least 45 seconds before giving up
731 on a request getting a response and going ahead
732 and killing cifsd */
733 cFYI(1, ("Wait for exit from demultiplex thread"));
734 msleep(46000);
735 /* if threads still have not exited they are probably never
736 coming home not much else we can do but free the memory */
737 }
738
739 write_lock(&GlobalSMBSeslock);
740 atomic_dec(&tcpSesAllocCount);
741 length = tcpSesAllocCount.counter;
742
743 /* last chance to mark ses pointers invalid
744 if there are any pointing to this (e.g
745 if a crazy root user tried to kill cifsd
746 kernel thread explicitly this might happen) */
747 list_for_each(tmp, &GlobalSMBSessionList) {
748 ses = list_entry(tmp, struct cifsSesInfo,
749 cifsSessionList);
750 if (ses->server == server)
751 ses->server = NULL;
752 }
753 write_unlock(&GlobalSMBSeslock);
754
755 kfree(server->hostname);
756 kfree(server);
757 if (length > 0)
758 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
759 GFP_KERNEL);
760
761 return 0;
762 }
763
764 /* extract the host portion of the UNC string */
765 static char *
766 extract_hostname(const char *unc)
767 {
768 const char *src;
769 char *dst, *delim;
770 unsigned int len;
771
772 /* skip double chars at beginning of string */
773 /* BB: check validity of these bytes? */
774 src = unc + 2;
775
776 /* delimiter between hostname and sharename is always '\\' now */
777 delim = strchr(src, '\\');
778 if (!delim)
779 return ERR_PTR(-EINVAL);
780
781 len = delim - src;
782 dst = kmalloc((len + 1), GFP_KERNEL);
783 if (dst == NULL)
784 return ERR_PTR(-ENOMEM);
785
786 memcpy(dst, src, len);
787 dst[len] = '\0';
788
789 return dst;
790 }
791
792 static int
793 cifs_parse_mount_options(char *options, const char *devname,
794 struct smb_vol *vol)
795 {
796 char *value;
797 char *data;
798 unsigned int temp_len, i, j;
799 char separator[2];
800
801 separator[0] = ',';
802 separator[1] = 0;
803
804 if (Local_System_Name[0] != 0)
805 memcpy(vol->source_rfc1001_name, Local_System_Name, 15);
806 else {
807 char *nodename = utsname()->nodename;
808 int n = strnlen(nodename, 15);
809 memset(vol->source_rfc1001_name, 0x20, 15);
810 for (i = 0; i < n; i++) {
811 /* does not have to be perfect mapping since field is
812 informational, only used for servers that do not support
813 port 445 and it can be overridden at mount time */
814 vol->source_rfc1001_name[i] = toupper(nodename[i]);
815 }
816 }
817 vol->source_rfc1001_name[15] = 0;
818 /* null target name indicates to use *SMBSERVR default called name
819 if we end up sending RFC1001 session initialize */
820 vol->target_rfc1001_name[0] = 0;
821 vol->linux_uid = current->uid; /* current->euid instead? */
822 vol->linux_gid = current->gid;
823 vol->dir_mode = S_IRWXUGO;
824 /* 2767 perms indicate mandatory locking support */
825 vol->file_mode = (S_IRWXUGO | S_ISGID) & (~S_IXGRP);
826
827 /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
828 vol->rw = TRUE;
829 /* default is always to request posix paths. */
830 vol->posix_paths = 1;
831
832 if (!options)
833 return 1;
834
835 if (strncmp(options, "sep=", 4) == 0) {
836 if (options[4] != 0) {
837 separator[0] = options[4];
838 options += 5;
839 } else {
840 cFYI(1, ("Null separator not allowed"));
841 }
842 }
843
844 while ((data = strsep(&options, separator)) != NULL) {
845 if (!*data)
846 continue;
847 if ((value = strchr(data, '=')) != NULL)
848 *value++ = '\0';
849
850 /* Have to parse this before we parse for "user" */
851 if (strnicmp(data, "user_xattr", 10) == 0) {
852 vol->no_xattr = 0;
853 } else if (strnicmp(data, "nouser_xattr", 12) == 0) {
854 vol->no_xattr = 1;
855 } else if (strnicmp(data, "user", 4) == 0) {
856 if (!value) {
857 printk(KERN_WARNING
858 "CIFS: invalid or missing username\n");
859 return 1; /* needs_arg; */
860 } else if (!*value) {
861 /* null user, ie anonymous, authentication */
862 vol->nullauth = 1;
863 }
864 if (strnlen(value, 200) < 200) {
865 vol->username = value;
866 } else {
867 printk(KERN_WARNING "CIFS: username too long\n");
868 return 1;
869 }
870 } else if (strnicmp(data, "pass", 4) == 0) {
871 if (!value) {
872 vol->password = NULL;
873 continue;
874 } else if (value[0] == 0) {
875 /* check if string begins with double comma
876 since that would mean the password really
877 does start with a comma, and would not
878 indicate an empty string */
879 if (value[1] != separator[0]) {
880 vol->password = NULL;
881 continue;
882 }
883 }
884 temp_len = strlen(value);
885 /* removed password length check, NTLM passwords
886 can be arbitrarily long */
887
888 /* if comma in password, the string will be
889 prematurely null terminated. Commas in password are
890 specified across the cifs mount interface by a double
891 comma ie ,, and a comma used as in other cases ie ','
892 as a parameter delimiter/separator is single and due
893 to the strsep above is temporarily zeroed. */
894
895 /* NB: password legally can have multiple commas and
896 the only illegal character in a password is null */
897
898 if ((value[temp_len] == 0) &&
899 (value[temp_len+1] == separator[0])) {
900 /* reinsert comma */
901 value[temp_len] = separator[0];
902 temp_len += 2; /* move after second comma */
903 while (value[temp_len] != 0) {
904 if (value[temp_len] == separator[0]) {
905 if (value[temp_len+1] ==
906 separator[0]) {
907 /* skip second comma */
908 temp_len++;
909 } else {
910 /* single comma indicating start
911 of next parm */
912 break;
913 }
914 }
915 temp_len++;
916 }
917 if (value[temp_len] == 0) {
918 options = NULL;
919 } else {
920 value[temp_len] = 0;
921 /* point option to start of next parm */
922 options = value + temp_len + 1;
923 }
924 /* go from value to value + temp_len condensing
925 double commas to singles. Note that this ends up
926 allocating a few bytes too many, which is ok */
927 vol->password = kzalloc(temp_len, GFP_KERNEL);
928 if (vol->password == NULL) {
929 printk(KERN_WARNING "CIFS: no memory "
930 "for password\n");
931 return 1;
932 }
933 for (i = 0, j = 0; i < temp_len; i++, j++) {
934 vol->password[j] = value[i];
935 if (value[i] == separator[0]
936 && value[i+1] == separator[0]) {
937 /* skip second comma */
938 i++;
939 }
940 }
941 vol->password[j] = 0;
942 } else {
943 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
944 if (vol->password == NULL) {
945 printk(KERN_WARNING "CIFS: no memory "
946 "for password\n");
947 return 1;
948 }
949 strcpy(vol->password, value);
950 }
951 } else if (strnicmp(data, "ip", 2) == 0) {
952 if (!value || !*value) {
953 vol->UNCip = NULL;
954 } else if (strnlen(value, 35) < 35) {
955 vol->UNCip = value;
956 } else {
957 printk(KERN_WARNING "CIFS: ip address "
958 "too long\n");
959 return 1;
960 }
961 } else if (strnicmp(data, "sec", 3) == 0) {
962 if (!value || !*value) {
963 cERROR(1, ("no security value specified"));
964 continue;
965 } else if (strnicmp(value, "krb5i", 5) == 0) {
966 vol->secFlg |= CIFSSEC_MAY_KRB5 |
967 CIFSSEC_MUST_SIGN;
968 } else if (strnicmp(value, "krb5p", 5) == 0) {
969 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
970 CIFSSEC_MAY_KRB5; */
971 cERROR(1, ("Krb5 cifs privacy not supported"));
972 return 1;
973 } else if (strnicmp(value, "krb5", 4) == 0) {
974 vol->secFlg |= CIFSSEC_MAY_KRB5;
975 } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
976 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
977 CIFSSEC_MUST_SIGN;
978 } else if (strnicmp(value, "ntlmv2", 6) == 0) {
979 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
980 } else if (strnicmp(value, "ntlmi", 5) == 0) {
981 vol->secFlg |= CIFSSEC_MAY_NTLM |
982 CIFSSEC_MUST_SIGN;
983 } else if (strnicmp(value, "ntlm", 4) == 0) {
984 /* ntlm is default so can be turned off too */
985 vol->secFlg |= CIFSSEC_MAY_NTLM;
986 } else if (strnicmp(value, "nontlm", 6) == 0) {
987 /* BB is there a better way to do this? */
988 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
989 #ifdef CONFIG_CIFS_WEAK_PW_HASH
990 } else if (strnicmp(value, "lanman", 6) == 0) {
991 vol->secFlg |= CIFSSEC_MAY_LANMAN;
992 #endif
993 } else if (strnicmp(value, "none", 4) == 0) {
994 vol->nullauth = 1;
995 } else {
996 cERROR(1, ("bad security option: %s", value));
997 return 1;
998 }
999 } else if ((strnicmp(data, "unc", 3) == 0)
1000 || (strnicmp(data, "target", 6) == 0)
1001 || (strnicmp(data, "path", 4) == 0)) {
1002 if (!value || !*value) {
1003 printk(KERN_WARNING "CIFS: invalid path to "
1004 "network resource\n");
1005 return 1; /* needs_arg; */
1006 }
1007 if ((temp_len = strnlen(value, 300)) < 300) {
1008 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1009 if (vol->UNC == NULL)
1010 return 1;
1011 strcpy(vol->UNC, value);
1012 if (strncmp(vol->UNC, "//", 2) == 0) {
1013 vol->UNC[0] = '\\';
1014 vol->UNC[1] = '\\';
1015 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1016 printk(KERN_WARNING
1017 "CIFS: UNC Path does not begin "
1018 "with // or \\\\ \n");
1019 return 1;
1020 }
1021 } else {
1022 printk(KERN_WARNING "CIFS: UNC name too long\n");
1023 return 1;
1024 }
1025 } else if ((strnicmp(data, "domain", 3) == 0)
1026 || (strnicmp(data, "workgroup", 5) == 0)) {
1027 if (!value || !*value) {
1028 printk(KERN_WARNING "CIFS: invalid domain name\n");
1029 return 1; /* needs_arg; */
1030 }
1031 /* BB are there cases in which a comma can be valid in
1032 a domain name and need special handling? */
1033 if (strnlen(value, 256) < 256) {
1034 vol->domainname = value;
1035 cFYI(1, ("Domain name set"));
1036 } else {
1037 printk(KERN_WARNING "CIFS: domain name too "
1038 "long\n");
1039 return 1;
1040 }
1041 } else if (strnicmp(data, "prefixpath", 10) == 0) {
1042 if (!value || !*value) {
1043 printk(KERN_WARNING
1044 "CIFS: invalid path prefix\n");
1045 return 1; /* needs_argument */
1046 }
1047 if ((temp_len = strnlen(value, 1024)) < 1024) {
1048 if (value[0] != '/')
1049 temp_len++; /* missing leading slash */
1050 vol->prepath = kmalloc(temp_len+1, GFP_KERNEL);
1051 if (vol->prepath == NULL)
1052 return 1;
1053 if (value[0] != '/') {
1054 vol->prepath[0] = '/';
1055 strcpy(vol->prepath+1, value);
1056 } else
1057 strcpy(vol->prepath, value);
1058 cFYI(1, ("prefix path %s", vol->prepath));
1059 } else {
1060 printk(KERN_WARNING "CIFS: prefix too long\n");
1061 return 1;
1062 }
1063 } else if (strnicmp(data, "iocharset", 9) == 0) {
1064 if (!value || !*value) {
1065 printk(KERN_WARNING "CIFS: invalid iocharset "
1066 "specified\n");
1067 return 1; /* needs_arg; */
1068 }
1069 if (strnlen(value, 65) < 65) {
1070 if (strnicmp(value, "default", 7))
1071 vol->iocharset = value;
1072 /* if iocharset not set then load_nls_default
1073 is used by caller */
1074 cFYI(1, ("iocharset set to %s", value));
1075 } else {
1076 printk(KERN_WARNING "CIFS: iocharset name "
1077 "too long.\n");
1078 return 1;
1079 }
1080 } else if (strnicmp(data, "uid", 3) == 0) {
1081 if (value && *value) {
1082 vol->linux_uid =
1083 simple_strtoul(value, &value, 0);
1084 vol->override_uid = 1;
1085 }
1086 } else if (strnicmp(data, "gid", 3) == 0) {
1087 if (value && *value) {
1088 vol->linux_gid =
1089 simple_strtoul(value, &value, 0);
1090 vol->override_gid = 1;
1091 }
1092 } else if (strnicmp(data, "file_mode", 4) == 0) {
1093 if (value && *value) {
1094 vol->file_mode =
1095 simple_strtoul(value, &value, 0);
1096 }
1097 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1098 if (value && *value) {
1099 vol->dir_mode =
1100 simple_strtoul(value, &value, 0);
1101 }
1102 } else if (strnicmp(data, "dirmode", 4) == 0) {
1103 if (value && *value) {
1104 vol->dir_mode =
1105 simple_strtoul(value, &value, 0);
1106 }
1107 } else if (strnicmp(data, "port", 4) == 0) {
1108 if (value && *value) {
1109 vol->port =
1110 simple_strtoul(value, &value, 0);
1111 }
1112 } else if (strnicmp(data, "rsize", 5) == 0) {
1113 if (value && *value) {
1114 vol->rsize =
1115 simple_strtoul(value, &value, 0);
1116 }
1117 } else if (strnicmp(data, "wsize", 5) == 0) {
1118 if (value && *value) {
1119 vol->wsize =
1120 simple_strtoul(value, &value, 0);
1121 }
1122 } else if (strnicmp(data, "sockopt", 5) == 0) {
1123 if (value && *value) {
1124 vol->sockopt =
1125 simple_strtoul(value, &value, 0);
1126 }
1127 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1128 if (!value || !*value || (*value == ' ')) {
1129 cFYI(1, ("invalid (empty) netbiosname"));
1130 } else {
1131 memset(vol->source_rfc1001_name, 0x20, 15);
1132 for (i = 0; i < 15; i++) {
1133 /* BB are there cases in which a comma can be
1134 valid in this workstation netbios name (and need
1135 special handling)? */
1136
1137 /* We do not uppercase netbiosname for user */
1138 if (value[i] == 0)
1139 break;
1140 else
1141 vol->source_rfc1001_name[i] =
1142 value[i];
1143 }
1144 /* The string has 16th byte zero still from
1145 set at top of the function */
1146 if ((i == 15) && (value[i] != 0))
1147 printk(KERN_WARNING "CIFS: netbiosname"
1148 " longer than 15 truncated.\n");
1149 }
1150 } else if (strnicmp(data, "servern", 7) == 0) {
1151 /* servernetbiosname specified override *SMBSERVER */
1152 if (!value || !*value || (*value == ' ')) {
1153 cFYI(1, ("empty server netbiosname specified"));
1154 } else {
1155 /* last byte, type, is 0x20 for servr type */
1156 memset(vol->target_rfc1001_name, 0x20, 16);
1157
1158 for (i = 0; i < 15; i++) {
1159 /* BB are there cases in which a comma can be
1160 valid in this workstation netbios name
1161 (and need special handling)? */
1162
1163 /* user or mount helper must uppercase
1164 the netbiosname */
1165 if (value[i] == 0)
1166 break;
1167 else
1168 vol->target_rfc1001_name[i] =
1169 value[i];
1170 }
1171 /* The string has 16th byte zero still from
1172 set at top of the function */
1173 if ((i == 15) && (value[i] != 0))
1174 printk(KERN_WARNING "CIFS: server net"
1175 "biosname longer than 15 truncated.\n");
1176 }
1177 } else if (strnicmp(data, "credentials", 4) == 0) {
1178 /* ignore */
1179 } else if (strnicmp(data, "version", 3) == 0) {
1180 /* ignore */
1181 } else if (strnicmp(data, "guest", 5) == 0) {
1182 /* ignore */
1183 } else if (strnicmp(data, "rw", 2) == 0) {
1184 vol->rw = TRUE;
1185 } else if ((strnicmp(data, "suid", 4) == 0) ||
1186 (strnicmp(data, "nosuid", 6) == 0) ||
1187 (strnicmp(data, "exec", 4) == 0) ||
1188 (strnicmp(data, "noexec", 6) == 0) ||
1189 (strnicmp(data, "nodev", 5) == 0) ||
1190 (strnicmp(data, "noauto", 6) == 0) ||
1191 (strnicmp(data, "dev", 3) == 0)) {
1192 /* The mount tool or mount.cifs helper (if present)
1193 uses these opts to set flags, and the flags are read
1194 by the kernel vfs layer before we get here (ie
1195 before read super) so there is no point trying to
1196 parse these options again and set anything and it
1197 is ok to just ignore them */
1198 continue;
1199 } else if (strnicmp(data, "ro", 2) == 0) {
1200 vol->rw = FALSE;
1201 } else if (strnicmp(data, "hard", 4) == 0) {
1202 vol->retry = 1;
1203 } else if (strnicmp(data, "soft", 4) == 0) {
1204 vol->retry = 0;
1205 } else if (strnicmp(data, "perm", 4) == 0) {
1206 vol->noperm = 0;
1207 } else if (strnicmp(data, "noperm", 6) == 0) {
1208 vol->noperm = 1;
1209 } else if (strnicmp(data, "mapchars", 8) == 0) {
1210 vol->remap = 1;
1211 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1212 vol->remap = 0;
1213 } else if (strnicmp(data, "sfu", 3) == 0) {
1214 vol->sfu_emul = 1;
1215 } else if (strnicmp(data, "nosfu", 5) == 0) {
1216 vol->sfu_emul = 0;
1217 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1218 vol->posix_paths = 1;
1219 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1220 vol->posix_paths = 0;
1221 } else if (strnicmp(data, "nounix", 6) == 0) {
1222 vol->no_linux_ext = 1;
1223 } else if (strnicmp(data, "nolinux", 7) == 0) {
1224 vol->no_linux_ext = 1;
1225 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1226 (strnicmp(data, "ignorecase", 10) == 0)) {
1227 vol->nocase = 1;
1228 } else if (strnicmp(data, "brl", 3) == 0) {
1229 vol->nobrl = 0;
1230 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1231 (strnicmp(data, "nolock", 6) == 0)) {
1232 vol->nobrl = 1;
1233 /* turn off mandatory locking in mode
1234 if remote locking is turned off since the
1235 local vfs will do advisory */
1236 if (vol->file_mode ==
1237 (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1238 vol->file_mode = S_IALLUGO;
1239 } else if (strnicmp(data, "setuids", 7) == 0) {
1240 vol->setuids = 1;
1241 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1242 vol->setuids = 0;
1243 } else if (strnicmp(data, "nohard", 6) == 0) {
1244 vol->retry = 0;
1245 } else if (strnicmp(data, "nosoft", 6) == 0) {
1246 vol->retry = 1;
1247 } else if (strnicmp(data, "nointr", 6) == 0) {
1248 vol->intr = 0;
1249 } else if (strnicmp(data, "intr", 4) == 0) {
1250 vol->intr = 1;
1251 } else if (strnicmp(data, "serverino", 7) == 0) {
1252 vol->server_ino = 1;
1253 } else if (strnicmp(data, "noserverino", 9) == 0) {
1254 vol->server_ino = 0;
1255 } else if (strnicmp(data, "cifsacl", 7) == 0) {
1256 vol->cifs_acl = 1;
1257 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1258 vol->cifs_acl = 0;
1259 } else if (strnicmp(data, "acl", 3) == 0) {
1260 vol->no_psx_acl = 0;
1261 } else if (strnicmp(data, "noacl", 5) == 0) {
1262 vol->no_psx_acl = 1;
1263 } else if (strnicmp(data, "sign", 4) == 0) {
1264 vol->secFlg |= CIFSSEC_MUST_SIGN;
1265 /* } else if (strnicmp(data, "seal",4) == 0) {
1266 vol->secFlg |= CIFSSEC_MUST_SEAL; */
1267 } else if (strnicmp(data, "direct", 6) == 0) {
1268 vol->direct_io = 1;
1269 } else if (strnicmp(data, "forcedirectio", 13) == 0) {
1270 vol->direct_io = 1;
1271 } else if (strnicmp(data, "in6_addr", 8) == 0) {
1272 if (!value || !*value) {
1273 vol->in6_addr = NULL;
1274 } else if (strnlen(value, 49) == 48) {
1275 vol->in6_addr = value;
1276 } else {
1277 printk(KERN_WARNING "CIFS: ip v6 address not "
1278 "48 characters long\n");
1279 return 1;
1280 }
1281 } else if (strnicmp(data, "noac", 4) == 0) {
1282 printk(KERN_WARNING "CIFS: Mount option noac not "
1283 "supported. Instead set "
1284 "/proc/fs/cifs/LookupCacheEnabled to 0\n");
1285 } else
1286 printk(KERN_WARNING "CIFS: Unknown mount option %s\n",
1287 data);
1288 }
1289 if (vol->UNC == NULL) {
1290 if (devname == NULL) {
1291 printk(KERN_WARNING "CIFS: Missing UNC name for mount "
1292 "target\n");
1293 return 1;
1294 }
1295 if ((temp_len = strnlen(devname, 300)) < 300) {
1296 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1297 if (vol->UNC == NULL)
1298 return 1;
1299 strcpy(vol->UNC, devname);
1300 if (strncmp(vol->UNC, "//", 2) == 0) {
1301 vol->UNC[0] = '\\';
1302 vol->UNC[1] = '\\';
1303 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1304 printk(KERN_WARNING "CIFS: UNC Path does not "
1305 "begin with // or \\\\ \n");
1306 return 1;
1307 }
1308 } else {
1309 printk(KERN_WARNING "CIFS: UNC name too long\n");
1310 return 1;
1311 }
1312 }
1313 if (vol->UNCip == NULL)
1314 vol->UNCip = &vol->UNC[2];
1315
1316 return 0;
1317 }
1318
1319 static struct cifsSesInfo *
1320 cifs_find_tcp_session(struct in_addr *target_ip_addr,
1321 struct in6_addr *target_ip6_addr,
1322 char *userName, struct TCP_Server_Info **psrvTcp)
1323 {
1324 struct list_head *tmp;
1325 struct cifsSesInfo *ses;
1326 *psrvTcp = NULL;
1327 read_lock(&GlobalSMBSeslock);
1328
1329 list_for_each(tmp, &GlobalSMBSessionList) {
1330 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
1331 if (ses->server) {
1332 if ((target_ip_addr &&
1333 (ses->server->addr.sockAddr.sin_addr.s_addr
1334 == target_ip_addr->s_addr)) || (target_ip6_addr
1335 && memcmp(&ses->server->addr.sockAddr6.sin6_addr,
1336 target_ip6_addr, sizeof(*target_ip6_addr)))) {
1337 /* BB lock server and tcp session and increment
1338 use count here?? */
1339
1340 /* found a match on the TCP session */
1341 *psrvTcp = ses->server;
1342
1343 /* BB check if reconnection needed */
1344 if (strncmp
1345 (ses->userName, userName,
1346 MAX_USERNAME_SIZE) == 0){
1347 read_unlock(&GlobalSMBSeslock);
1348 /* Found exact match on both TCP and
1349 SMB sessions */
1350 return ses;
1351 }
1352 }
1353 }
1354 /* else tcp and smb sessions need reconnection */
1355 }
1356 read_unlock(&GlobalSMBSeslock);
1357 return NULL;
1358 }
1359
1360 static struct cifsTconInfo *
1361 find_unc(__be32 new_target_ip_addr, char *uncName, char *userName)
1362 {
1363 struct list_head *tmp;
1364 struct cifsTconInfo *tcon;
1365
1366 read_lock(&GlobalSMBSeslock);
1367 list_for_each(tmp, &GlobalTreeConnectionList) {
1368 cFYI(1, ("Next tcon"));
1369 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
1370 if (tcon->ses) {
1371 if (tcon->ses->server) {
1372 cFYI(1,
1373 ("old ip addr: %x == new ip %x ?",
1374 tcon->ses->server->addr.sockAddr.sin_addr.
1375 s_addr, new_target_ip_addr));
1376 if (tcon->ses->server->addr.sockAddr.sin_addr.
1377 s_addr == new_target_ip_addr) {
1378 /* BB lock tcon, server and tcp session and increment use count here? */
1379 /* found a match on the TCP session */
1380 /* BB check if reconnection needed */
1381 cFYI(1,
1382 ("IP match, old UNC: %s new: %s",
1383 tcon->treeName, uncName));
1384 if (strncmp
1385 (tcon->treeName, uncName,
1386 MAX_TREE_SIZE) == 0) {
1387 cFYI(1,
1388 ("and old usr: %s new: %s",
1389 tcon->treeName, uncName));
1390 if (strncmp
1391 (tcon->ses->userName,
1392 userName,
1393 MAX_USERNAME_SIZE) == 0) {
1394 read_unlock(&GlobalSMBSeslock);
1395 /* matched smb session
1396 (user name */
1397 return tcon;
1398 }
1399 }
1400 }
1401 }
1402 }
1403 }
1404 read_unlock(&GlobalSMBSeslock);
1405 return NULL;
1406 }
1407
1408 int
1409 connect_to_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
1410 const char *old_path, const struct nls_table *nls_codepage,
1411 int remap)
1412 {
1413 struct dfs_info3_param *referrals = NULL;
1414 unsigned int num_referrals;
1415 int rc = 0;
1416
1417 rc = get_dfs_path(xid, pSesInfo, old_path, nls_codepage,
1418 &num_referrals, &referrals, remap);
1419
1420 /* BB Add in code to: if valid refrl, if not ip address contact
1421 the helper that resolves tcp names, mount to it, try to
1422 tcon to it unmount it if fail */
1423
1424 kfree(referrals);
1425
1426 return rc;
1427 }
1428
1429 int
1430 get_dfs_path(int xid, struct cifsSesInfo *pSesInfo, const char *old_path,
1431 const struct nls_table *nls_codepage, unsigned int *pnum_referrals,
1432 struct dfs_info3_param **preferrals, int remap)
1433 {
1434 char *temp_unc;
1435 int rc = 0;
1436 unsigned char *targetUNCs;
1437
1438 *pnum_referrals = 0;
1439 *preferrals = NULL;
1440
1441 if (pSesInfo->ipc_tid == 0) {
1442 temp_unc = kmalloc(2 /* for slashes */ +
1443 strnlen(pSesInfo->serverName,
1444 SERVER_NAME_LEN_WITH_NULL * 2)
1445 + 1 + 4 /* slash IPC$ */ + 2,
1446 GFP_KERNEL);
1447 if (temp_unc == NULL)
1448 return -ENOMEM;
1449 temp_unc[0] = '\\';
1450 temp_unc[1] = '\\';
1451 strcpy(temp_unc + 2, pSesInfo->serverName);
1452 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
1453 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
1454 cFYI(1,
1455 ("CIFS Tcon rc = %d ipc_tid = %d", rc, pSesInfo->ipc_tid));
1456 kfree(temp_unc);
1457 }
1458 if (rc == 0)
1459 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, &targetUNCs,
1460 pnum_referrals, nls_codepage, remap);
1461 /* BB map targetUNCs to dfs_info3 structures, here or
1462 in CIFSGetDFSRefer BB */
1463
1464 return rc;
1465 }
1466
1467 /* See RFC1001 section 14 on representation of Netbios names */
1468 static void rfc1002mangle(char *target, char *source, unsigned int length)
1469 {
1470 unsigned int i, j;
1471
1472 for (i = 0, j = 0; i < (length); i++) {
1473 /* mask a nibble at a time and encode */
1474 target[j] = 'A' + (0x0F & (source[i] >> 4));
1475 target[j+1] = 'A' + (0x0F & source[i]);
1476 j += 2;
1477 }
1478
1479 }
1480
1481
1482 static int
1483 ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket,
1484 char *netbios_name, char *target_name)
1485 {
1486 int rc = 0;
1487 int connected = 0;
1488 __be16 orig_port = 0;
1489
1490 if (*csocket == NULL) {
1491 rc = sock_create_kern(PF_INET, SOCK_STREAM,
1492 IPPROTO_TCP, csocket);
1493 if (rc < 0) {
1494 cERROR(1, ("Error %d creating socket", rc));
1495 *csocket = NULL;
1496 return rc;
1497 } else {
1498 /* BB other socket options to set KEEPALIVE, NODELAY? */
1499 cFYI(1, ("Socket created"));
1500 (*csocket)->sk->sk_allocation = GFP_NOFS;
1501 }
1502 }
1503
1504 psin_server->sin_family = AF_INET;
1505 if (psin_server->sin_port) { /* user overrode default port */
1506 rc = (*csocket)->ops->connect(*csocket,
1507 (struct sockaddr *) psin_server,
1508 sizeof(struct sockaddr_in), 0);
1509 if (rc >= 0)
1510 connected = 1;
1511 }
1512
1513 if (!connected) {
1514 /* save original port so we can retry user specified port
1515 later if fall back ports fail this time */
1516 orig_port = psin_server->sin_port;
1517
1518 /* do not retry on the same port we just failed on */
1519 if (psin_server->sin_port != htons(CIFS_PORT)) {
1520 psin_server->sin_port = htons(CIFS_PORT);
1521
1522 rc = (*csocket)->ops->connect(*csocket,
1523 (struct sockaddr *) psin_server,
1524 sizeof(struct sockaddr_in), 0);
1525 if (rc >= 0)
1526 connected = 1;
1527 }
1528 }
1529 if (!connected) {
1530 psin_server->sin_port = htons(RFC1001_PORT);
1531 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1532 psin_server,
1533 sizeof(struct sockaddr_in), 0);
1534 if (rc >= 0)
1535 connected = 1;
1536 }
1537
1538 /* give up here - unless we want to retry on different
1539 protocol families some day */
1540 if (!connected) {
1541 if (orig_port)
1542 psin_server->sin_port = orig_port;
1543 cFYI(1, ("Error %d connecting to server via ipv4", rc));
1544 sock_release(*csocket);
1545 *csocket = NULL;
1546 return rc;
1547 }
1548 /* Eventually check for other socket options to change from
1549 the default. sock_setsockopt not used because it expects
1550 user space buffer */
1551 cFYI(1, ("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",
1552 (*csocket)->sk->sk_sndbuf,
1553 (*csocket)->sk->sk_rcvbuf, (*csocket)->sk->sk_rcvtimeo));
1554 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1555 /* make the bufsizes depend on wsize/rsize and max requests */
1556 if ((*csocket)->sk->sk_sndbuf < (200 * 1024))
1557 (*csocket)->sk->sk_sndbuf = 200 * 1024;
1558 if ((*csocket)->sk->sk_rcvbuf < (140 * 1024))
1559 (*csocket)->sk->sk_rcvbuf = 140 * 1024;
1560
1561 /* send RFC1001 sessinit */
1562 if (psin_server->sin_port == htons(RFC1001_PORT)) {
1563 /* some servers require RFC1001 sessinit before sending
1564 negprot - BB check reconnection in case where second
1565 sessinit is sent but no second negprot */
1566 struct rfc1002_session_packet *ses_init_buf;
1567 struct smb_hdr *smb_buf;
1568 ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet),
1569 GFP_KERNEL);
1570 if (ses_init_buf) {
1571 ses_init_buf->trailer.session_req.called_len = 32;
1572 if (target_name && (target_name[0] != 0)) {
1573 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1574 target_name, 16);
1575 } else {
1576 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1577 DEFAULT_CIFS_CALLED_NAME, 16);
1578 }
1579
1580 ses_init_buf->trailer.session_req.calling_len = 32;
1581 /* calling name ends in null (byte 16) from old smb
1582 convention. */
1583 if (netbios_name && (netbios_name[0] != 0)) {
1584 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1585 netbios_name, 16);
1586 } else {
1587 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1588 "LINUX_CIFS_CLNT", 16);
1589 }
1590 ses_init_buf->trailer.session_req.scope1 = 0;
1591 ses_init_buf->trailer.session_req.scope2 = 0;
1592 smb_buf = (struct smb_hdr *)ses_init_buf;
1593 /* sizeof RFC1002_SESSION_REQUEST with no scope */
1594 smb_buf->smb_buf_length = 0x81000044;
1595 rc = smb_send(*csocket, smb_buf, 0x44,
1596 (struct sockaddr *)psin_server);
1597 kfree(ses_init_buf);
1598 msleep(1); /* RFC1001 layer in at least one server
1599 requires very short break before negprot
1600 presumably because not expecting negprot
1601 to follow so fast. This is a simple
1602 solution that works without
1603 complicating the code and causes no
1604 significant slowing down on mount
1605 for everyone else */
1606 }
1607 /* else the negprot may still work without this
1608 even though malloc failed */
1609
1610 }
1611
1612 return rc;
1613 }
1614
1615 static int
1616 ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket)
1617 {
1618 int rc = 0;
1619 int connected = 0;
1620 __be16 orig_port = 0;
1621
1622 if (*csocket == NULL) {
1623 rc = sock_create_kern(PF_INET6, SOCK_STREAM,
1624 IPPROTO_TCP, csocket);
1625 if (rc < 0) {
1626 cERROR(1, ("Error %d creating ipv6 socket", rc));
1627 *csocket = NULL;
1628 return rc;
1629 } else {
1630 /* BB other socket options to set KEEPALIVE, NODELAY? */
1631 cFYI(1, ("ipv6 Socket created"));
1632 (*csocket)->sk->sk_allocation = GFP_NOFS;
1633 }
1634 }
1635
1636 psin_server->sin6_family = AF_INET6;
1637
1638 if (psin_server->sin6_port) { /* user overrode default port */
1639 rc = (*csocket)->ops->connect(*csocket,
1640 (struct sockaddr *) psin_server,
1641 sizeof(struct sockaddr_in6), 0);
1642 if (rc >= 0)
1643 connected = 1;
1644 }
1645
1646 if (!connected) {
1647 /* save original port so we can retry user specified port
1648 later if fall back ports fail this time */
1649
1650 orig_port = psin_server->sin6_port;
1651 /* do not retry on the same port we just failed on */
1652 if (psin_server->sin6_port != htons(CIFS_PORT)) {
1653 psin_server->sin6_port = htons(CIFS_PORT);
1654
1655 rc = (*csocket)->ops->connect(*csocket,
1656 (struct sockaddr *) psin_server,
1657 sizeof(struct sockaddr_in6), 0);
1658 if (rc >= 0)
1659 connected = 1;
1660 }
1661 }
1662 if (!connected) {
1663 psin_server->sin6_port = htons(RFC1001_PORT);
1664 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1665 psin_server, sizeof(struct sockaddr_in6), 0);
1666 if (rc >= 0)
1667 connected = 1;
1668 }
1669
1670 /* give up here - unless we want to retry on different
1671 protocol families some day */
1672 if (!connected) {
1673 if (orig_port)
1674 psin_server->sin6_port = orig_port;
1675 cFYI(1, ("Error %d connecting to server via ipv6", rc));
1676 sock_release(*csocket);
1677 *csocket = NULL;
1678 return rc;
1679 }
1680 /* Eventually check for other socket options to change from
1681 the default. sock_setsockopt not used because it expects
1682 user space buffer */
1683 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1684
1685 return rc;
1686 }
1687
1688 void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon,
1689 struct super_block *sb, struct smb_vol *vol_info)
1690 {
1691 /* if we are reconnecting then should we check to see if
1692 * any requested capabilities changed locally e.g. via
1693 * remount but we can not do much about it here
1694 * if they have (even if we could detect it by the following)
1695 * Perhaps we could add a backpointer to array of sb from tcon
1696 * or if we change to make all sb to same share the same
1697 * sb as NFS - then we only have one backpointer to sb.
1698 * What if we wanted to mount the server share twice once with
1699 * and once without posixacls or posix paths? */
1700 __u64 saved_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
1701
1702 if (vol_info && vol_info->no_linux_ext) {
1703 tcon->fsUnixInfo.Capability = 0;
1704 tcon->unix_ext = 0; /* Unix Extensions disabled */
1705 cFYI(1, ("Linux protocol extensions disabled"));
1706 return;
1707 } else if (vol_info)
1708 tcon->unix_ext = 1; /* Unix Extensions supported */
1709
1710 if (tcon->unix_ext == 0) {
1711 cFYI(1, ("Unix extensions disabled so not set on reconnect"));
1712 return;
1713 }
1714
1715 if (!CIFSSMBQFSUnixInfo(xid, tcon)) {
1716 __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
1717
1718 /* check for reconnect case in which we do not
1719 want to change the mount behavior if we can avoid it */
1720 if (vol_info == NULL) {
1721 /* turn off POSIX ACL and PATHNAMES if not set
1722 originally at mount time */
1723 if ((saved_cap & CIFS_UNIX_POSIX_ACL_CAP) == 0)
1724 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
1725 <<<<<<< HEAD:fs/cifs/connect.c
1726 if ((saved_cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0)
1727 =======
1728 if ((saved_cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
1729 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
1730 cERROR(1, ("POSIXPATH support change"));
1731 >>>>>>> 264e3e889d86e552b4191d69bb60f4f3b383135a:fs/cifs/connect.c
1732 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
1733 <<<<<<< HEAD:fs/cifs/connect.c
1734 =======
1735 } else if ((cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
1736 cERROR(1, ("possible reconnect error"));
1737 cERROR(1,
1738 ("server disabled POSIX path support"));
1739 }
1740 >>>>>>> 264e3e889d86e552b4191d69bb60f4f3b383135a:fs/cifs/connect.c
1741 }
1742
1743 cap &= CIFS_UNIX_CAP_MASK;
1744 if (vol_info && vol_info->no_psx_acl)
1745 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
1746 else if (CIFS_UNIX_POSIX_ACL_CAP & cap) {
1747 cFYI(1, ("negotiated posix acl support"));
1748 if (sb)
1749 sb->s_flags |= MS_POSIXACL;
1750 }
1751
1752 if (vol_info && vol_info->posix_paths == 0)
1753 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
1754 else if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
1755 cFYI(1, ("negotiate posix pathnames"));
1756 if (sb)
1757 CIFS_SB(sb)->mnt_cifs_flags |=
1758 CIFS_MOUNT_POSIX_PATHS;
1759 }
1760
1761 /* We might be setting the path sep back to a different
1762 form if we are reconnecting and the server switched its
1763 posix path capability for this share */
1764 if (sb && (CIFS_SB(sb)->prepathlen > 0))
1765 CIFS_SB(sb)->prepath[0] = CIFS_DIR_SEP(CIFS_SB(sb));
1766
1767 if (sb && (CIFS_SB(sb)->rsize > 127 * 1024)) {
1768 if ((cap & CIFS_UNIX_LARGE_READ_CAP) == 0) {
1769 CIFS_SB(sb)->rsize = 127 * 1024;
1770 <<<<<<< HEAD:fs/cifs/connect.c
1771 #ifdef CONFIG_CIFS_DEBUG2
1772 cFYI(1, ("larger reads not supported by srv"));
1773 #endif
1774 =======
1775 cFYI(DBG2,
1776 ("larger reads not supported by srv"));
1777 >>>>>>> 264e3e889d86e552b4191d69bb60f4f3b383135a:fs/cifs/connect.c
1778 }
1779 }
1780
1781
1782 cFYI(1, ("Negotiate caps 0x%x", (int)cap));
1783 #ifdef CONFIG_CIFS_DEBUG2
1784 if (cap & CIFS_UNIX_FCNTL_CAP)
1785 cFYI(1, ("FCNTL cap"));
1786 if (cap & CIFS_UNIX_EXTATTR_CAP)
1787 cFYI(1, ("EXTATTR cap"));
1788 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
1789 cFYI(1, ("POSIX path cap"));
1790 if (cap & CIFS_UNIX_XATTR_CAP)
1791 cFYI(1, ("XATTR cap"));
1792 if (cap & CIFS_UNIX_POSIX_ACL_CAP)
1793 cFYI(1, ("POSIX ACL cap"));
1794 if (cap & CIFS_UNIX_LARGE_READ_CAP)
1795 cFYI(1, ("very large read cap"));
1796 if (cap & CIFS_UNIX_LARGE_WRITE_CAP)
1797 cFYI(1, ("very large write cap"));
1798 #endif /* CIFS_DEBUG2 */
1799 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
1800 if (vol_info == NULL) {
1801 cFYI(1, ("resetting capabilities failed"));
1802 } else
1803 cERROR(1, ("Negotiating Unix capabilities "
1804 "with the server failed. Consider "
1805 "mounting with the Unix Extensions\n"
1806 "disabled, if problems are found, "
1807 "by specifying the nounix mount "
1808 "option."));
1809
1810 }
1811 }
1812 }
1813
1814 <<<<<<< HEAD:fs/cifs/connect.c
1815 =======
1816 static void
1817 convert_delimiter(char *path, char delim)
1818 {
1819 int i;
1820 char old_delim;
1821
1822 if (path == NULL)
1823 return;
1824
1825 if (delim == '/')
1826 old_delim = '\\';
1827 else
1828 old_delim = '/';
1829
1830 for (i = 0; path[i] != '\0'; i++) {
1831 if (path[i] == old_delim)
1832 path[i] = delim;
1833 }
1834 }
1835
1836 >>>>>>> 264e3e889d86e552b4191d69bb60f4f3b383135a:fs/cifs/connect.c
1837 int
1838 cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
1839 char *mount_data, const char *devname)
1840 {
1841 int rc = 0;
1842 int xid;
1843 int address_type = AF_INET;
1844 struct socket *csocket = NULL;
1845 struct sockaddr_in sin_server;
1846 struct sockaddr_in6 sin_server6;
1847 struct smb_vol volume_info;
1848 struct cifsSesInfo *pSesInfo = NULL;
1849 struct cifsSesInfo *existingCifsSes = NULL;
1850 struct cifsTconInfo *tcon = NULL;
1851 struct TCP_Server_Info *srvTcp = NULL;
1852
1853 xid = GetXid();
1854
1855 /* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */
1856
1857 memset(&volume_info, 0, sizeof(struct smb_vol));
1858 if (cifs_parse_mount_options(mount_data, devname, &volume_info)) {
1859 rc = -EINVAL;
1860 goto out;
1861 }
1862
1863 if (volume_info.nullauth) {
1864 cFYI(1, ("null user"));
1865 volume_info.username = "";
1866 } else if (volume_info.username) {
1867 /* BB fixme parse for domain name here */
1868 cFYI(1, ("Username: %s", volume_info.username));
1869 } else {
1870 cifserror("No username specified");
1871 /* In userspace mount helper we can get user name from alternate
1872 locations such as env variables and files on disk */
1873 rc = -EINVAL;
1874 goto out;
1875 }
1876
1877 if (volume_info.UNCip && volume_info.UNC) {
1878 rc = cifs_inet_pton(AF_INET, volume_info.UNCip,
1879 &sin_server.sin_addr.s_addr);
1880
1881 if (rc <= 0) {
1882 /* not ipv4 address, try ipv6 */
1883 rc = cifs_inet_pton(AF_INET6, volume_info.UNCip,
1884 &sin_server6.sin6_addr.in6_u);
1885 if (rc > 0)
1886 address_type = AF_INET6;
1887 } else {
1888 address_type = AF_INET;
1889 }
1890
1891 if (rc <= 0) {
1892 /* we failed translating address */
1893 rc = -EINVAL;
1894 goto out;
1895 }
1896
1897 cFYI(1, ("UNC: %s ip: %s", volume_info.UNC, volume_info.UNCip));
1898 /* success */
1899 rc = 0;
1900 } else if (volume_info.UNCip) {
1901 /* BB using ip addr as server name to connect to the
1902 DFS root below */
1903 cERROR(1, ("Connecting to DFS root not implemented yet"));
1904 rc = -EINVAL;
1905 goto out;
1906 } else /* which servers DFS root would we conect to */ {
1907 cERROR(1,
1908 ("CIFS mount error: No UNC path (e.g. -o "
1909 "unc=//192.168.1.100/public) specified"));
1910 rc = -EINVAL;
1911 goto out;
1912 }
1913
1914 /* this is needed for ASCII cp to Unicode converts */
1915 if (volume_info.iocharset == NULL) {
1916 cifs_sb->local_nls = load_nls_default();
1917 /* load_nls_default can not return null */
1918 } else {
1919 cifs_sb->local_nls = load_nls(volume_info.iocharset);
1920 if (cifs_sb->local_nls == NULL) {
1921 cERROR(1, ("CIFS mount error: iocharset %s not found",
1922 volume_info.iocharset));
1923 rc = -ELIBACC;
1924 goto out;
1925 }
1926 }
1927
1928 if (address_type == AF_INET)
1929 existingCifsSes = cifs_find_tcp_session(&sin_server.sin_addr,
1930 NULL /* no ipv6 addr */,
1931 volume_info.username, &srvTcp);
1932 else if (address_type == AF_INET6) {
1933 cFYI(1, ("looking for ipv6 address"));
1934 existingCifsSes = cifs_find_tcp_session(NULL /* no ipv4 addr */,
1935 &sin_server6.sin6_addr,
1936 volume_info.username, &srvTcp);
1937 } else {
1938 rc = -EINVAL;
1939 goto out;
1940 }
1941
1942 if (srvTcp) {
1943 cFYI(1, ("Existing tcp session with server found"));
1944 } else { /* create socket */
1945 if (volume_info.port)
1946 sin_server.sin_port = htons(volume_info.port);
1947 else
1948 sin_server.sin_port = 0;
1949 if (address_type == AF_INET6) {
1950 cFYI(1, ("attempting ipv6 connect"));
1951 /* BB should we allow ipv6 on port 139? */
1952 /* other OS never observed in Wild doing 139 with v6 */
1953 rc = ipv6_connect(&sin_server6, &csocket);
1954 } else
1955 rc = ipv4_connect(&sin_server, &csocket,
1956 volume_info.source_rfc1001_name,
1957 volume_info.target_rfc1001_name);
1958 if (rc < 0) {
1959 cERROR(1, ("Error connecting to IPv4 socket. "
1960 "Aborting operation"));
1961 if (csocket != NULL)
1962 sock_release(csocket);
1963 goto out;
1964 }
1965
1966 srvTcp = kzalloc(sizeof(struct TCP_Server_Info), GFP_KERNEL);
1967 if (!srvTcp) {
1968 rc = -ENOMEM;
1969 sock_release(csocket);
1970 goto out;
1971 } else {
1972 memcpy(&srvTcp->addr.sockAddr, &sin_server,
1973 sizeof(struct sockaddr_in));
1974 atomic_set(&srvTcp->inFlight, 0);
1975 /* BB Add code for ipv6 case too */
1976 srvTcp->ssocket = csocket;
1977 srvTcp->protocolType = IPV4;
1978 srvTcp->hostname = extract_hostname(volume_info.UNC);
1979 if (IS_ERR(srvTcp->hostname)) {
1980 rc = PTR_ERR(srvTcp->hostname);
1981 sock_release(csocket);
1982 goto out;
1983 }
1984 init_waitqueue_head(&srvTcp->response_q);
1985 init_waitqueue_head(&srvTcp->request_q);
1986 INIT_LIST_HEAD(&srvTcp->pending_mid_q);
1987 /* at this point we are the only ones with the pointer
1988 to the struct since the kernel thread not created yet
1989 so no need to spinlock this init of tcpStatus */
1990 srvTcp->tcpStatus = CifsNew;
1991 init_MUTEX(&srvTcp->tcpSem);
1992 srvTcp->tsk = kthread_run((void *)(void *)cifs_demultiplex_thread, srvTcp, "cifsd");
1993 if (IS_ERR(srvTcp->tsk)) {
1994 rc = PTR_ERR(srvTcp->tsk);
1995 cERROR(1, ("error %d create cifsd thread", rc));
1996 srvTcp->tsk = NULL;
1997 sock_release(csocket);
1998 kfree(srvTcp->hostname);
1999 goto out;
2000 }
2001 wait_for_completion(&cifsd_complete);
2002 rc = 0;
2003 memcpy(srvTcp->workstation_RFC1001_name,
2004 volume_info.source_rfc1001_name, 16);
2005 memcpy(srvTcp->server_RFC1001_name,
2006 volume_info.target_rfc1001_name, 16);
2007 srvTcp->sequence_number = 0;
2008 }
2009 }
2010
2011 if (existingCifsSes) {
2012 pSesInfo = existingCifsSes;
2013 cFYI(1, ("Existing smb sess found (status=%d)",
2014 pSesInfo->status));
2015 down(&pSesInfo->sesSem);
2016 if (pSesInfo->status == CifsNeedReconnect) {
2017 cFYI(1, ("Session needs reconnect"));
2018 rc = cifs_setup_session(xid, pSesInfo,
2019 cifs_sb->local_nls);
2020 }
2021 up(&pSesInfo->sesSem);
2022 } else if (!rc) {
2023 cFYI(1, ("Existing smb sess not found"));
2024 pSesInfo = sesInfoAlloc();
2025 if (pSesInfo == NULL)
2026 rc = -ENOMEM;
2027 else {
2028 pSesInfo->server = srvTcp;
2029 sprintf(pSesInfo->serverName, "%u.%u.%u.%u",
2030 NIPQUAD(sin_server.sin_addr.s_addr));
2031 }
2032
2033 if (!rc) {
2034 /* volume_info.password freed at unmount */
2035 if (volume_info.password) {
2036 pSesInfo->password = volume_info.password;
2037 /* set to NULL to prevent freeing on exit */
2038 volume_info.password = NULL;
2039 }
2040 if (volume_info.username)
2041 strncpy(pSesInfo->userName,
2042 volume_info.username,
2043 MAX_USERNAME_SIZE);
2044 if (volume_info.domainname) {
2045 int len = strlen(volume_info.domainname);
2046 pSesInfo->domainName =
2047 kmalloc(len + 1, GFP_KERNEL);
2048 if (pSesInfo->domainName)
2049 strcpy(pSesInfo->domainName,
2050 volume_info.domainname);
2051 }
2052 pSesInfo->linux_uid = volume_info.linux_uid;
2053 pSesInfo->overrideSecFlg = volume_info.secFlg;
2054 down(&pSesInfo->sesSem);
2055 /* BB FIXME need to pass vol->secFlgs BB */
2056 rc = cifs_setup_session(xid, pSesInfo,
2057 cifs_sb->local_nls);
2058 up(&pSesInfo->sesSem);
2059 if (!rc)
2060 atomic_inc(&srvTcp->socketUseCount);
2061 }
2062 }
2063
2064 /* search for existing tcon to this server share */
2065 if (!rc) {
2066 if (volume_info.rsize > CIFSMaxBufSize) {
2067 cERROR(1, ("rsize %d too large, using MaxBufSize",
2068 volume_info.rsize));
2069 cifs_sb->rsize = CIFSMaxBufSize;
2070 } else if ((volume_info.rsize) &&
2071 (volume_info.rsize <= CIFSMaxBufSize))
2072 cifs_sb->rsize = volume_info.rsize;
2073 else /* default */
2074 cifs_sb->rsize = CIFSMaxBufSize;
2075
2076 if (volume_info.wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
2077 cERROR(1, ("wsize %d too large, using 4096 instead",
2078 volume_info.wsize));
2079 cifs_sb->wsize = 4096;
2080 } else if (volume_info.wsize)
2081 cifs_sb->wsize = volume_info.wsize;
2082 else
2083 cifs_sb->wsize =
2084 min_t(const int, PAGEVEC_SIZE * PAGE_CACHE_SIZE,
2085 127*1024);
2086 /* old default of CIFSMaxBufSize was too small now
2087 that SMB Write2 can send multiple pages in kvec.
2088 RFC1001 does not describe what happens when frame
2089 bigger than 128K is sent so use that as max in
2090 conjunction with 52K kvec constraint on arch with 4K
2091 page size */
2092
2093 if (cifs_sb->rsize < 2048) {
2094 cifs_sb->rsize = 2048;
2095 /* Windows ME may prefer this */
2096 cFYI(1, ("readsize set to minimum: 2048"));
2097 }
2098 /* calculate prepath */
2099 cifs_sb->prepath = volume_info.prepath;
2100 if (cifs_sb->prepath) {
2101 cifs_sb->prepathlen = strlen(cifs_sb->prepath);
2102 <<<<<<< HEAD:fs/cifs/connect.c
2103 cifs_sb->prepath[0] = CIFS_DIR_SEP(cifs_sb);
2104 =======
2105 /* we can not convert the / to \ in the path
2106 separators in the prefixpath yet because we do not
2107 know (until reset_cifs_unix_caps is called later)
2108 whether POSIX PATH CAP is available. We normalize
2109 the / to \ after reset_cifs_unix_caps is called */
2110 >>>>>>> 264e3e889d86e552b4191d69bb60f4f3b383135a:fs/cifs/connect.c
2111 volume_info.prepath = NULL;
2112 } else
2113 cifs_sb->prepathlen = 0;
2114 cifs_sb->mnt_uid = volume_info.linux_uid;
2115 cifs_sb->mnt_gid = volume_info.linux_gid;
2116 cifs_sb->mnt_file_mode = volume_info.file_mode;
2117 cifs_sb->mnt_dir_mode = volume_info.dir_mode;
2118 cFYI(1, ("file mode: 0x%x dir mode: 0x%x",
2119 cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode));
2120
2121 if (volume_info.noperm)
2122 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
2123 if (volume_info.setuids)
2124 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
2125 if (volume_info.server_ino)
2126 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
2127 if (volume_info.remap)
2128 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
2129 if (volume_info.no_xattr)
2130 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
2131 if (volume_info.sfu_emul)
2132 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
2133 if (volume_info.nobrl)
2134 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
2135 if (volume_info.cifs_acl)
2136 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
2137 if (volume_info.override_uid)
2138 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
2139 if (volume_info.override_gid)
2140 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
2141 if (volume_info.direct_io) {
2142 cFYI(1, ("mounting share using direct i/o"));
2143 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
2144 }
2145
2146 tcon =
2147 find_unc(sin_server.sin_addr.s_addr, volume_info.UNC,
2148 volume_info.username);
2149 if (tcon) {
2150 cFYI(1, ("Found match on UNC path"));
2151 /* we can have only one retry value for a connection
2152 to a share so for resources mounted more than once
2153 to the same server share the last value passed in
2154 for the retry flag is used */
2155 tcon->retry = volume_info.retry;
2156 tcon->nocase = volume_info.nocase;
2157 } else {
2158 tcon = tconInfoAlloc();
2159 if (tcon == NULL)
2160 rc = -ENOMEM;
2161 else {
2162 /* check for null share name ie connecting to
2163 * dfs root */
2164
2165 /* BB check if this works for exactly length
2166 * three strings */
2167 if ((strchr(volume_info.UNC + 3, '\\') == NULL)
2168 && (strchr(volume_info.UNC + 3, '/') ==
2169 NULL)) {
2170 rc = connect_to_dfs_path(xid, pSesInfo,
2171 "", cifs_sb->local_nls,
2172 cifs_sb->mnt_cifs_flags &
2173 CIFS_MOUNT_MAP_SPECIAL_CHR);
2174 rc = -ENODEV;
2175 goto out;
2176 } else {
2177 /* BB Do we need to wrap sesSem around
2178 * this TCon call and Unix SetFS as
2179 * we do on SessSetup and reconnect? */
2180 rc = CIFSTCon(xid, pSesInfo,
2181 volume_info.UNC,
2182 tcon, cifs_sb->local_nls);
2183 cFYI(1, ("CIFS Tcon rc = %d", rc));
2184 }
2185 if (!rc) {
2186 atomic_inc(&pSesInfo->inUse);
2187 tcon->retry = volume_info.retry;
2188 tcon->nocase = volume_info.nocase;
2189 }
2190 }
2191 }
2192 }
2193 if (pSesInfo) {
2194 if (pSesInfo->capabilities & CAP_LARGE_FILES) {
2195 sb->s_maxbytes = (u64) 1 << 63;
2196 } else
2197 sb->s_maxbytes = (u64) 1 << 31; /* 2 GB */
2198 }
2199
2200 /* BB FIXME fix time_gran to be larger for LANMAN sessions */
2201 sb->s_time_gran = 100;
2202
2203 /* on error free sesinfo and tcon struct if needed */
2204 if (rc) {
2205 /* if session setup failed, use count is zero but
2206 we still need to free cifsd thread */
2207 if (atomic_read(&srvTcp->socketUseCount) == 0) {
2208 spin_lock(&GlobalMid_Lock);
2209 srvTcp->tcpStatus = CifsExiting;
2210 spin_unlock(&GlobalMid_Lock);
2211 if (srvTcp->tsk) {
2212 struct task_struct *tsk;
2213 /* If we could verify that kthread_stop would
2214 always wake up processes blocked in
2215 tcp in recv_mesg then we could remove the
2216 send_sig call */
2217 force_sig(SIGKILL, srvTcp->tsk);
2218 tsk = srvTcp->tsk;
2219 if (tsk)
2220 kthread_stop(tsk);
2221 }
2222 }
2223 /* If find_unc succeeded then rc == 0 so we can not end */
2224 if (tcon) /* up accidently freeing someone elses tcon struct */
2225 tconInfoFree(tcon);
2226 if (existingCifsSes == NULL) {
2227 if (pSesInfo) {
2228 if ((pSesInfo->server) &&
2229 (pSesInfo->status == CifsGood)) {
2230 int temp_rc;
2231 temp_rc = CIFSSMBLogoff(xid, pSesInfo);
2232 /* if the socketUseCount is now zero */
2233 if ((temp_rc == -ESHUTDOWN) &&
2234 (pSesInfo->server) &&
2235 (pSesInfo->server->tsk)) {
2236 struct task_struct *tsk;
2237 force_sig(SIGKILL,
2238 pSesInfo->server->tsk);
2239 tsk = pSesInfo->server->tsk;
2240 if (tsk)
2241 kthread_stop(tsk);
2242 }
2243 } else {
2244 cFYI(1, ("No session or bad tcon"));
2245 if ((pSesInfo->server) &&
2246 (pSesInfo->server->tsk)) {
2247 struct task_struct *tsk;
2248 force_sig(SIGKILL,
2249 pSesInfo->server->tsk);
2250 tsk = pSesInfo->server->tsk;
2251 if (tsk)
2252 kthread_stop(tsk);
2253 }
2254 }
2255 sesInfoFree(pSesInfo);
2256 /* pSesInfo = NULL; */
2257 }
2258 }
2259 } else {
2260 atomic_inc(&tcon->useCount);
2261 cifs_sb->tcon = tcon;
2262 tcon->ses = pSesInfo;
2263
2264 /* do not care if following two calls succeed - informational */
2265 if (!tcon->ipc) {
2266 CIFSSMBQFSDeviceInfo(xid, tcon);
2267 CIFSSMBQFSAttributeInfo(xid, tcon);
2268 }
2269
2270 /* tell server which Unix caps we support */
2271 if (tcon->ses->capabilities & CAP_UNIX)
2272 /* reset of caps checks mount to see if unix extensions
2273 disabled for just this mount */
2274 reset_cifs_unix_caps(xid, tcon, sb, &volume_info);
2275 else
2276 tcon->unix_ext = 0; /* server does not support them */
2277
2278 <<<<<<< HEAD:fs/cifs/connect.c
2279 =======
2280 /* convert forward to back slashes in prepath here if needed */
2281 if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0)
2282 convert_delimiter(cifs_sb->prepath,
2283 CIFS_DIR_SEP(cifs_sb));
2284
2285 >>>>>>> 264e3e889d86e552b4191d69bb60f4f3b383135a:fs/cifs/connect.c
2286 if ((tcon->unix_ext == 0) && (cifs_sb->rsize > (1024 * 127))) {
2287 cifs_sb->rsize = 1024 * 127;
2288 <<<<<<< HEAD:fs/cifs/connect.c
2289 #ifdef CONFIG_CIFS_DEBUG2
2290 cFYI(1, ("no very large read support, rsize now 127K"));
2291 #endif
2292 =======
2293 cFYI(DBG2,
2294 ("no very large read support, rsize now 127K"));
2295 >>>>>>> 264e3e889d86e552b4191d69bb60f4f3b383135a:fs/cifs/connect.c
2296 }
2297 if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
2298 cifs_sb->wsize = min(cifs_sb->wsize,
2299 (tcon->ses->server->maxBuf -
2300 MAX_CIFS_HDR_SIZE));
2301 if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
2302 cifs_sb->rsize = min(cifs_sb->rsize,
2303 (tcon->ses->server->maxBuf -
2304 MAX_CIFS_HDR_SIZE));
2305 }
2306
2307 /* volume_info.password is freed above when existing session found
2308 (in which case it is not needed anymore) but when new sesion is created
2309 the password ptr is put in the new session structure (in which case the
2310 password will be freed at unmount time) */
2311 out:
2312 /* zero out password before freeing */
2313 if (volume_info.password != NULL) {
2314 memset(volume_info.password, 0, strlen(volume_info.password));
2315 kfree(volume_info.password);
2316 }
2317 kfree(volume_info.UNC);
2318 kfree(volume_info.prepath);
2319 FreeXid(xid);
2320 return rc;
2321 }
2322
2323 static int
2324 CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2325 char session_key[CIFS_SESS_KEY_SIZE],
2326 const struct nls_table *nls_codepage)
2327 {
2328 struct smb_hdr *smb_buffer;
2329 struct smb_hdr *smb_buffer_response;
2330 SESSION_SETUP_ANDX *pSMB;
2331 SESSION_SETUP_ANDX *pSMBr;
2332 char *bcc_ptr;
2333 char *user;
2334 char *domain;
2335 int rc = 0;
2336 int remaining_words = 0;
2337 int bytes_returned = 0;
2338 int len;
2339 __u32 capabilities;
2340 __u16 count;
2341
2342 cFYI(1, ("In sesssetup"));
2343 if (ses == NULL)
2344 return -EINVAL;
2345 user = ses->userName;
2346 domain = ses->domainName;
2347 smb_buffer = cifs_buf_get();
2348 if (smb_buffer == NULL) {
2349 return -ENOMEM;
2350 }
2351 smb_buffer_response = smb_buffer;
2352 pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2353
2354 /* send SMBsessionSetup here */
2355 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2356 NULL /* no tCon exists yet */ , 13 /* wct */ );
2357
2358 smb_buffer->Mid = GetNextMid(ses->server);
2359 pSMB->req_no_secext.AndXCommand = 0xFF;
2360 pSMB->req_no_secext.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2361 pSMB->req_no_secext.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2362
2363 if (ses->server->secMode &
2364 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2365 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2366
2367 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2368 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
2369 if (ses->capabilities & CAP_UNICODE) {
2370 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2371 capabilities |= CAP_UNICODE;
2372 }
2373 if (ses->capabilities & CAP_STATUS32) {
2374 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2375 capabilities |= CAP_STATUS32;
2376 }
2377 if (ses->capabilities & CAP_DFS) {
2378 smb_buffer->Flags2 |= SMBFLG2_DFS;
2379 capabilities |= CAP_DFS;
2380 }
2381 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
2382
2383 pSMB->req_no_secext.CaseInsensitivePasswordLength =
2384 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2385
2386 pSMB->req_no_secext.CaseSensitivePasswordLength =
2387 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2388 bcc_ptr = pByteArea(smb_buffer);
2389 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2390 bcc_ptr += CIFS_SESS_KEY_SIZE;
2391 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2392 bcc_ptr += CIFS_SESS_KEY_SIZE;
2393
2394 if (ses->capabilities & CAP_UNICODE) {
2395 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode */
2396 *bcc_ptr = 0;
2397 bcc_ptr++;
2398 }
2399 if (user == NULL)
2400 bytes_returned = 0; /* skip null user */
2401 else
2402 bytes_returned =
2403 cifs_strtoUCS((__le16 *) bcc_ptr, user, 100,
2404 nls_codepage);
2405 /* convert number of 16 bit words to bytes */
2406 bcc_ptr += 2 * bytes_returned;
2407 bcc_ptr += 2; /* trailing null */
2408 if (domain == NULL)
2409 bytes_returned =
2410 cifs_strtoUCS((__le16 *) bcc_ptr,
2411 "CIFS_LINUX_DOM", 32, nls_codepage);
2412 else
2413 bytes_returned =
2414 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2415 nls_codepage);
2416 bcc_ptr += 2 * bytes_returned;
2417 bcc_ptr += 2;
2418 bytes_returned =
2419 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2420 32, nls_codepage);
2421 bcc_ptr += 2 * bytes_returned;
2422 bytes_returned =
2423 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release,
2424 32, nls_codepage);
2425 bcc_ptr += 2 * bytes_returned;
2426 bcc_ptr += 2;
2427 bytes_returned =
2428 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2429 64, nls_codepage);
2430 bcc_ptr += 2 * bytes_returned;
2431 bcc_ptr += 2;
2432 } else {
2433 if (user != NULL) {
2434 strncpy(bcc_ptr, user, 200);
2435 bcc_ptr += strnlen(user, 200);
2436 }
2437 *bcc_ptr = 0;
2438 bcc_ptr++;
2439 if (domain == NULL) {
2440 strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2441 bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2442 } else {
2443 strncpy(bcc_ptr, domain, 64);
2444 bcc_ptr += strnlen(domain, 64);
2445 *bcc_ptr = 0;
2446 bcc_ptr++;
2447 }
2448 strcpy(bcc_ptr, "Linux version ");
2449 bcc_ptr += strlen("Linux version ");
2450 strcpy(bcc_ptr, utsname()->release);
2451 bcc_ptr += strlen(utsname()->release) + 1;
2452 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2453 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2454 }
2455 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2456 smb_buffer->smb_buf_length += count;
2457 pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
2458
2459 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2460 &bytes_returned, CIFS_LONG_OP);
2461 if (rc) {
2462 /* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2463 } else if ((smb_buffer_response->WordCount == 3)
2464 || (smb_buffer_response->WordCount == 4)) {
2465 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2466 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2467 if (action & GUEST_LOGIN)
2468 cFYI(1, (" Guest login")); /* BB mark SesInfo struct? */
2469 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format
2470 (little endian) */
2471 cFYI(1, ("UID = %d ", ses->Suid));
2472 /* response can have either 3 or 4 word count - Samba sends 3 */
2473 bcc_ptr = pByteArea(smb_buffer_response);
2474 if ((pSMBr->resp.hdr.WordCount == 3)
2475 || ((pSMBr->resp.hdr.WordCount == 4)
2476 && (blob_len < pSMBr->resp.ByteCount))) {
2477 if (pSMBr->resp.hdr.WordCount == 4)
2478 bcc_ptr += blob_len;
2479
2480 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2481 if ((long) (bcc_ptr) % 2) {
2482 remaining_words =
2483 (BCC(smb_buffer_response) - 1) / 2;
2484 /* Unicode strings must be word
2485 aligned */
2486 bcc_ptr++;
2487 } else {
2488 remaining_words =
2489 BCC(smb_buffer_response) / 2;
2490 }
2491 len =
2492 UniStrnlen((wchar_t *) bcc_ptr,
2493 remaining_words - 1);
2494 /* We look for obvious messed up bcc or strings in response so we do not go off
2495 the end since (at least) WIN2K and Windows XP have a major bug in not null
2496 terminating last Unicode string in response */
2497 if (ses->serverOS)
2498 kfree(ses->serverOS);
2499 ses->serverOS = kzalloc(2 * (len + 1),
2500 GFP_KERNEL);
2501 if (ses->serverOS == NULL)
2502 goto sesssetup_nomem;
2503 cifs_strfromUCS_le(ses->serverOS,
2504 (__le16 *)bcc_ptr,
2505 len, nls_codepage);
2506 bcc_ptr += 2 * (len + 1);
2507 remaining_words -= len + 1;
2508 ses->serverOS[2 * len] = 0;
2509 ses->serverOS[1 + (2 * len)] = 0;
2510 if (remaining_words > 0) {
2511 len = UniStrnlen((wchar_t *)bcc_ptr,
2512 remaining_words-1);
2513 kfree(ses->serverNOS);
2514 ses->serverNOS = kzalloc(2 * (len + 1),
2515 GFP_KERNEL);
2516 if (ses->serverNOS == NULL)
2517 goto sesssetup_nomem;
2518 cifs_strfromUCS_le(ses->serverNOS,
2519 (__le16 *)bcc_ptr,
2520 len, nls_codepage);
2521 bcc_ptr += 2 * (len + 1);
2522 ses->serverNOS[2 * len] = 0;
2523 ses->serverNOS[1 + (2 * len)] = 0;
2524 if (strncmp(ses->serverNOS,
2525 "NT LAN Manager 4", 16) == 0) {
2526 cFYI(1, ("NT4 server"));
2527 ses->flags |= CIFS_SES_NT4;
2528 }
2529 remaining_words -= len + 1;
2530 if (remaining_words > 0) {
2531 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2532 /* last string is not always null terminated
2533 (for e.g. for Windows XP & 2000) */
2534 if (ses->serverDomain)
2535 kfree(ses->serverDomain);
2536 ses->serverDomain =
2537 kzalloc(2*(len+1),
2538 GFP_KERNEL);
2539 if (ses->serverDomain == NULL)
2540 goto sesssetup_nomem;
2541 cifs_strfromUCS_le(ses->serverDomain,
2542 (__le16 *)bcc_ptr,
2543 len, nls_codepage);
2544 bcc_ptr += 2 * (len + 1);
2545 ses->serverDomain[2*len] = 0;
2546 ses->serverDomain[1+(2*len)] = 0;
2547 } else { /* else no more room so create
2548 dummy domain string */
2549 if (ses->serverDomain)
2550 kfree(ses->serverDomain);
2551 ses->serverDomain =
2552 kzalloc(2, GFP_KERNEL);
2553 }
2554 } else { /* no room so create dummy domain
2555 and NOS string */
2556
2557 /* if these kcallocs fail not much we
2558 can do, but better to not fail the
2559 sesssetup itself */
2560 kfree(ses->serverDomain);
2561 ses->serverDomain =
2562 kzalloc(2, GFP_KERNEL);
2563 kfree(ses->serverNOS);
2564 ses->serverNOS =
2565 kzalloc(2, GFP_KERNEL);
2566 }
2567 } else { /* ASCII */
2568 len = strnlen(bcc_ptr, 1024);
2569 if (((long) bcc_ptr + len) - (long)
2570 pByteArea(smb_buffer_response)
2571 <= BCC(smb_buffer_response)) {
2572 kfree(ses->serverOS);
2573 ses->serverOS = kzalloc(len + 1,
2574 GFP_KERNEL);
2575 if (ses->serverOS == NULL)
2576 goto sesssetup_nomem;
2577 strncpy(ses->serverOS, bcc_ptr, len);
2578
2579 bcc_ptr += len;
2580 /* null terminate the string */
2581 bcc_ptr[0] = 0;
2582 bcc_ptr++;
2583
2584 len = strnlen(bcc_ptr, 1024);
2585 kfree(ses->serverNOS);
2586 ses->serverNOS = kzalloc(len + 1,
2587 GFP_KERNEL);
2588 if (ses->serverNOS == NULL)
2589 goto sesssetup_nomem;
2590 strncpy(ses->serverNOS, bcc_ptr, len);
2591 bcc_ptr += len;
2592 bcc_ptr[0] = 0;
2593 bcc_ptr++;
2594
2595 len = strnlen(bcc_ptr, 1024);
2596 if (ses->serverDomain)
2597 kfree(ses->serverDomain);
2598 ses->serverDomain = kzalloc(len + 1,
2599 GFP_KERNEL);
2600 if (ses->serverDomain == NULL)
2601 goto sesssetup_nomem;
2602 strncpy(ses->serverDomain, bcc_ptr,
2603 len);
2604 bcc_ptr += len;
2605 bcc_ptr[0] = 0;
2606 bcc_ptr++;
2607 } else
2608 cFYI(1,
2609 ("Variable field of length %d "
2610 "extends beyond end of smb ",
2611 len));
2612 }
2613 } else {
2614 cERROR(1,
2615 (" Security Blob Length extends beyond "
2616 "end of SMB"));
2617 }
2618 } else {
2619 cERROR(1,
2620 (" Invalid Word count %d: ",
2621 smb_buffer_response->WordCount));
2622 rc = -EIO;
2623 }
2624 sesssetup_nomem: /* do not return an error on nomem for the info strings,
2625 since that could make reconnection harder, and
2626 reconnection might be needed to free memory */
2627 cifs_buf_release(smb_buffer);
2628
2629 return rc;
2630 }
2631
2632 static int
2633 CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2634 struct cifsSesInfo *ses, int *pNTLMv2_flag,
2635 const struct nls_table *nls_codepage)
2636 {
2637 struct smb_hdr *smb_buffer;
2638 struct smb_hdr *smb_buffer_response;
2639 SESSION_SETUP_ANDX *pSMB;
2640 SESSION_SETUP_ANDX *pSMBr;
2641 char *bcc_ptr;
2642 char *domain;
2643 int rc = 0;
2644 int remaining_words = 0;
2645 int bytes_returned = 0;
2646 int len;
2647 int SecurityBlobLength = sizeof(NEGOTIATE_MESSAGE);
2648 PNEGOTIATE_MESSAGE SecurityBlob;
2649 PCHALLENGE_MESSAGE SecurityBlob2;
2650 __u32 negotiate_flags, capabilities;
2651 __u16 count;
2652
2653 cFYI(1, ("In NTLMSSP sesssetup (negotiate)"));
2654 if (ses == NULL)
2655 return -EINVAL;
2656 domain = ses->domainName;
2657 *pNTLMv2_flag = FALSE;
2658 smb_buffer = cifs_buf_get();
2659 if (smb_buffer == NULL) {
2660 return -ENOMEM;
2661 }
2662 smb_buffer_response = smb_buffer;
2663 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2664 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2665
2666 /* send SMBsessionSetup here */
2667 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2668 NULL /* no tCon exists yet */ , 12 /* wct */ );
2669
2670 smb_buffer->Mid = GetNextMid(ses->server);
2671 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2672 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2673
2674 pSMB->req.AndXCommand = 0xFF;
2675 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2676 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2677
2678 if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2679 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2680
2681 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2682 CAP_EXTENDED_SECURITY;
2683 if (ses->capabilities & CAP_UNICODE) {
2684 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2685 capabilities |= CAP_UNICODE;
2686 }
2687 if (ses->capabilities & CAP_STATUS32) {
2688 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2689 capabilities |= CAP_STATUS32;
2690 }
2691 if (ses->capabilities & CAP_DFS) {
2692 smb_buffer->Flags2 |= SMBFLG2_DFS;
2693 capabilities |= CAP_DFS;
2694 }
2695 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2696
2697 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2698 SecurityBlob = (PNEGOTIATE_MESSAGE) bcc_ptr;
2699 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2700 SecurityBlob->MessageType = NtLmNegotiate;
2701 negotiate_flags =
2702 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
2703 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM |
2704 NTLMSSP_NEGOTIATE_56 |
2705 /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
2706 if (sign_CIFS_PDUs)
2707 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
2708 /* if (ntlmv2_support)
2709 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;*/
2710 /* setup pointers to domain name and workstation name */
2711 bcc_ptr += SecurityBlobLength;
2712
2713 SecurityBlob->WorkstationName.Buffer = 0;
2714 SecurityBlob->WorkstationName.Length = 0;
2715 SecurityBlob->WorkstationName.MaximumLength = 0;
2716
2717 /* Domain not sent on first Sesssetup in NTLMSSP, instead it is sent
2718 along with username on auth request (ie the response to challenge) */
2719 SecurityBlob->DomainName.Buffer = 0;
2720 SecurityBlob->DomainName.Length = 0;
2721 SecurityBlob->DomainName.MaximumLength = 0;
2722 if (ses->capabilities & CAP_UNICODE) {
2723 if ((long) bcc_ptr % 2) {
2724 *bcc_ptr = 0;
2725 bcc_ptr++;
2726 }
2727
2728 bytes_returned =
2729 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2730 32, nls_codepage);
2731 bcc_ptr += 2 * bytes_returned;
2732 bytes_returned =
2733 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
2734 nls_codepage);
2735 bcc_ptr += 2 * bytes_returned;
2736 bcc_ptr += 2; /* null terminate Linux version */
2737 bytes_returned =
2738 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2739 64, nls_codepage);
2740 bcc_ptr += 2 * bytes_returned;
2741 *(bcc_ptr + 1) = 0;
2742 *(bcc_ptr + 2) = 0;
2743 bcc_ptr += 2; /* null terminate network opsys string */
2744 *(bcc_ptr + 1) = 0;
2745 *(bcc_ptr + 2) = 0;
2746 bcc_ptr += 2; /* null domain */
2747 } else { /* ASCII */
2748 strcpy(bcc_ptr, "Linux version ");
2749 bcc_ptr += strlen("Linux version ");
2750 strcpy(bcc_ptr, utsname()->release);
2751 bcc_ptr += strlen(utsname()->release) + 1;
2752 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2753 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2754 bcc_ptr++; /* empty domain field */
2755 *bcc_ptr = 0;
2756 }
2757 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2758 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2759 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2760 smb_buffer->smb_buf_length += count;
2761 pSMB->req.ByteCount = cpu_to_le16(count);
2762
2763 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2764 &bytes_returned, CIFS_LONG_OP);
2765
2766 if (smb_buffer_response->Status.CifsError ==
2767 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
2768 rc = 0;
2769
2770 if (rc) {
2771 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2772 } else if ((smb_buffer_response->WordCount == 3)
2773 || (smb_buffer_response->WordCount == 4)) {
2774 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2775 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2776
2777 if (action & GUEST_LOGIN)
2778 cFYI(1, (" Guest login"));
2779 /* Do we want to set anything in SesInfo struct when guest login? */
2780
2781 bcc_ptr = pByteArea(smb_buffer_response);
2782 /* response can have either 3 or 4 word count - Samba sends 3 */
2783
2784 SecurityBlob2 = (PCHALLENGE_MESSAGE) bcc_ptr;
2785 if (SecurityBlob2->MessageType != NtLmChallenge) {
2786 cFYI(1,
2787 ("Unexpected NTLMSSP message type received %d",
2788 SecurityBlob2->MessageType));
2789 } else if (ses) {
2790 ses->Suid = smb_buffer_response->Uid; /* UID left in le format */
2791 cFYI(1, ("UID = %d", ses->Suid));
2792 if ((pSMBr->resp.hdr.WordCount == 3)
2793 || ((pSMBr->resp.hdr.WordCount == 4)
2794 && (blob_len <
2795 pSMBr->resp.ByteCount))) {
2796
2797 if (pSMBr->resp.hdr.WordCount == 4) {
2798 bcc_ptr += blob_len;
2799 cFYI(1, ("Security Blob Length %d",
2800 blob_len));
2801 }
2802
2803 cFYI(1, ("NTLMSSP Challenge rcvd"));
2804
2805 memcpy(ses->server->cryptKey,
2806 SecurityBlob2->Challenge,
2807 CIFS_CRYPTO_KEY_SIZE);
2808 if (SecurityBlob2->NegotiateFlags &
2809 cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
2810 *pNTLMv2_flag = TRUE;
2811
2812 if ((SecurityBlob2->NegotiateFlags &
2813 cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN))
2814 || (sign_CIFS_PDUs > 1))
2815 ses->server->secMode |=
2816 SECMODE_SIGN_REQUIRED;
2817 if ((SecurityBlob2->NegotiateFlags &
2818 cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN)) && (sign_CIFS_PDUs))
2819 ses->server->secMode |=
2820 SECMODE_SIGN_ENABLED;
2821
2822 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2823 if ((long) (bcc_ptr) % 2) {
2824 remaining_words =
2825 (BCC(smb_buffer_response)
2826 - 1) / 2;
2827 /* Must word align unicode strings */
2828 bcc_ptr++;
2829 } else {
2830 remaining_words =
2831 BCC
2832 (smb_buffer_response) / 2;
2833 }
2834 len =
2835 UniStrnlen((wchar_t *) bcc_ptr,
2836 remaining_words - 1);
2837 /* We look for obvious messed up bcc or strings in response so we do not go off
2838 the end since (at least) WIN2K and Windows XP have a major bug in not null
2839 terminating last Unicode string in response */
2840 if (ses->serverOS)
2841 kfree(ses->serverOS);
2842 ses->serverOS =
2843 kzalloc(2 * (len + 1), GFP_KERNEL);
2844 cifs_strfromUCS_le(ses->serverOS,
2845 (__le16 *)
2846 bcc_ptr, len,
2847 nls_codepage);
2848 bcc_ptr += 2 * (len + 1);
2849 remaining_words -= len + 1;
2850 ses->serverOS[2 * len] = 0;
2851 ses->serverOS[1 + (2 * len)] = 0;
2852 if (remaining_words > 0) {
2853 len = UniStrnlen((wchar_t *)
2854 bcc_ptr,
2855 remaining_words
2856 - 1);
2857 kfree(ses->serverNOS);
2858 ses->serverNOS =
2859 kzalloc(2 * (len + 1),
2860 GFP_KERNEL);
2861 cifs_strfromUCS_le(ses->
2862 serverNOS,
2863 (__le16 *)
2864 bcc_ptr,
2865 len,
2866 nls_codepage);
2867 bcc_ptr += 2 * (len + 1);
2868 ses->serverNOS[2 * len] = 0;
2869 ses->serverNOS[1 +
2870 (2 * len)] = 0;
2871 remaining_words -= len + 1;
2872 if (remaining_words > 0) {
2873 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2874 /* last string not always null terminated
2875 (for e.g. for Windows XP & 2000) */
2876 kfree(ses->serverDomain);
2877 ses->serverDomain =
2878 kzalloc(2 *
2879 (len +
2880 1),
2881 GFP_KERNEL);
2882 cifs_strfromUCS_le
2883 (ses->serverDomain,
2884 (__le16 *)bcc_ptr,
2885 len, nls_codepage);
2886 bcc_ptr +=
2887 2 * (len + 1);
2888 ses->serverDomain[2*len]
2889 = 0;
2890 ses->serverDomain
2891 [1 + (2 * len)]
2892 = 0;
2893 } /* else no more room so create dummy domain string */
2894 else {
2895 kfree(ses->serverDomain);
2896 ses->serverDomain =
2897 kzalloc(2,
2898 GFP_KERNEL);
2899 }
2900 } else { /* no room so create dummy domain and NOS string */
2901 kfree(ses->serverDomain);
2902 ses->serverDomain =
2903 kzalloc(2, GFP_KERNEL);
2904 kfree(ses->serverNOS);
2905 ses->serverNOS =
2906 kzalloc(2, GFP_KERNEL);
2907 }
2908 } else { /* ASCII */
2909 len = strnlen(bcc_ptr, 1024);
2910 if (((long) bcc_ptr + len) - (long)
2911 pByteArea(smb_buffer_response)
2912 <= BCC(smb_buffer_response)) {
2913 if (ses->serverOS)
2914 kfree(ses->serverOS);
2915 ses->serverOS =
2916 kzalloc(len + 1,
2917 GFP_KERNEL);
2918 strncpy(ses->serverOS,
2919 bcc_ptr, len);
2920
2921 bcc_ptr += len;
2922 bcc_ptr[0] = 0; /* null terminate string */
2923 bcc_ptr++;
2924
2925 len = strnlen(bcc_ptr, 1024);
2926 kfree(ses->serverNOS);
2927 ses->serverNOS =
2928 kzalloc(len + 1,
2929 GFP_KERNEL);
2930 strncpy(ses->serverNOS, bcc_ptr, len);
2931 bcc_ptr += len;
2932 bcc_ptr[0] = 0;
2933 bcc_ptr++;
2934
2935 len = strnlen(bcc_ptr, 1024);
2936 kfree(ses->serverDomain);
2937 ses->serverDomain =
2938 kzalloc(len + 1,
2939 GFP_KERNEL);
2940 strncpy(ses->serverDomain,
2941 bcc_ptr, len);
2942 bcc_ptr += len;
2943 bcc_ptr[0] = 0;
2944 bcc_ptr++;
2945 } else
2946 cFYI(1,
2947 ("field of length %d "
2948 "extends beyond end of smb",
2949 len));
2950 }
2951 } else {
2952 cERROR(1, ("Security Blob Length extends beyond"
2953 " end of SMB"));
2954 }
2955 } else {
2956 cERROR(1, ("No session structure passed in."));
2957 }
2958 } else {
2959 cERROR(1,
2960 (" Invalid Word count %d:",
2961 smb_buffer_response->WordCount));
2962 rc = -EIO;
2963 }
2964
2965 cifs_buf_release(smb_buffer);
2966
2967 return rc;
2968 }
2969 static int
2970 CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2971 char *ntlm_session_key, int ntlmv2_flag,
2972 const struct nls_table *nls_codepage)
2973 {
2974 struct smb_hdr *smb_buffer;
2975 struct smb_hdr *smb_buffer_response;
2976 SESSION_SETUP_ANDX *pSMB;
2977 SESSION_SETUP_ANDX *pSMBr;
2978 char *bcc_ptr;
2979 char *user;
2980 char *domain;
2981 int rc = 0;
2982 int remaining_words = 0;
2983 int bytes_returned = 0;
2984 int len;
2985 int SecurityBlobLength = sizeof(AUTHENTICATE_MESSAGE);
2986 PAUTHENTICATE_MESSAGE SecurityBlob;
2987 __u32 negotiate_flags, capabilities;
2988 __u16 count;
2989
2990 cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
2991 if (ses == NULL)
2992 return -EINVAL;
2993 user = ses->userName;
2994 domain = ses->domainName;
2995 smb_buffer = cifs_buf_get();
2996 if (smb_buffer == NULL) {
2997 return -ENOMEM;
2998 }
2999 smb_buffer_response = smb_buffer;
3000 pSMB = (SESSION_SETUP_ANDX *)smb_buffer;
3001 pSMBr = (SESSION_SETUP_ANDX *)smb_buffer_response;
3002
3003 /* send SMBsessionSetup here */
3004 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
3005 NULL /* no tCon exists yet */ , 12 /* wct */ );
3006
3007 smb_buffer->Mid = GetNextMid(ses->server);
3008 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
3009 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
3010 pSMB->req.AndXCommand = 0xFF;
3011 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
3012 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
3013
3014 pSMB->req.hdr.Uid = ses->Suid;
3015
3016 if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3017 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3018
3019 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
3020 CAP_EXTENDED_SECURITY;
3021 if (ses->capabilities & CAP_UNICODE) {
3022 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3023 capabilities |= CAP_UNICODE;
3024 }
3025 if (ses->capabilities & CAP_STATUS32) {
3026 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3027 capabilities |= CAP_STATUS32;
3028 }
3029 if (ses->capabilities & CAP_DFS) {
3030 smb_buffer->Flags2 |= SMBFLG2_DFS;
3031 capabilities |= CAP_DFS;
3032 }
3033 pSMB->req.Capabilities = cpu_to_le32(capabilities);
3034
3035 bcc_ptr = (char *)&pSMB->req.SecurityBlob;
3036 SecurityBlob = (PAUTHENTICATE_MESSAGE)bcc_ptr;
3037 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
3038 SecurityBlob->MessageType = NtLmAuthenticate;
3039 bcc_ptr += SecurityBlobLength;
3040 negotiate_flags = NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
3041 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
3042 0x80000000 | NTLMSSP_NEGOTIATE_128;
3043 if (sign_CIFS_PDUs)
3044 negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
3045 if (ntlmv2_flag)
3046 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
3047
3048 /* setup pointers to domain name and workstation name */
3049
3050 SecurityBlob->WorkstationName.Buffer = 0;
3051 SecurityBlob->WorkstationName.Length = 0;
3052 SecurityBlob->WorkstationName.MaximumLength = 0;
3053 SecurityBlob->SessionKey.Length = 0;
3054 SecurityBlob->SessionKey.MaximumLength = 0;
3055 SecurityBlob->SessionKey.Buffer = 0;
3056
3057 SecurityBlob->LmChallengeResponse.Length = 0;
3058 SecurityBlob->LmChallengeResponse.MaximumLength = 0;
3059 SecurityBlob->LmChallengeResponse.Buffer = 0;
3060
3061 SecurityBlob->NtChallengeResponse.Length =
3062 cpu_to_le16(CIFS_SESS_KEY_SIZE);
3063 SecurityBlob->NtChallengeResponse.MaximumLength =
3064 cpu_to_le16(CIFS_SESS_KEY_SIZE);
3065 memcpy(bcc_ptr, ntlm_session_key, CIFS_SESS_KEY_SIZE);
3066 SecurityBlob->NtChallengeResponse.Buffer =
3067 cpu_to_le32(SecurityBlobLength);
3068 SecurityBlobLength += CIFS_SESS_KEY_SIZE;
3069 bcc_ptr += CIFS_SESS_KEY_SIZE;
3070
3071 if (ses->capabilities & CAP_UNICODE) {
3072 if (domain == NULL) {
3073 SecurityBlob->DomainName.Buffer = 0;
3074 SecurityBlob->DomainName.Length = 0;
3075 SecurityBlob->DomainName.MaximumLength = 0;
3076 } else {
3077 __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
3078 nls_codepage);
3079 ln *= 2;
3080 SecurityBlob->DomainName.MaximumLength =
3081 cpu_to_le16(ln);
3082 SecurityBlob->DomainName.Buffer =
3083 cpu_to_le32(SecurityBlobLength);
3084 bcc_ptr += ln;
3085 SecurityBlobLength += ln;
3086 SecurityBlob->DomainName.Length = cpu_to_le16(ln);
3087 }
3088 if (user == NULL) {
3089 SecurityBlob->UserName.Buffer = 0;
3090 SecurityBlob->UserName.Length = 0;
3091 SecurityBlob->UserName.MaximumLength = 0;
3092 } else {
3093 __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, user, 64,
3094 nls_codepage);
3095 ln *= 2;
3096 SecurityBlob->UserName.MaximumLength =
3097 cpu_to_le16(ln);
3098 SecurityBlob->UserName.Buffer =
3099 cpu_to_le32(SecurityBlobLength);
3100 bcc_ptr += ln;
3101 SecurityBlobLength += ln;
3102 SecurityBlob->UserName.Length = cpu_to_le16(ln);
3103 }
3104
3105 /* SecurityBlob->WorkstationName.Length =
3106 cifs_strtoUCS((__le16 *) bcc_ptr, "AMACHINE",64, nls_codepage);
3107 SecurityBlob->WorkstationName.Length *= 2;
3108 SecurityBlob->WorkstationName.MaximumLength =
3109 cpu_to_le16(SecurityBlob->WorkstationName.Length);
3110 SecurityBlob->WorkstationName.Buffer =
3111 cpu_to_le32(SecurityBlobLength);
3112 bcc_ptr += SecurityBlob->WorkstationName.Length;
3113 SecurityBlobLength += SecurityBlob->WorkstationName.Length;
3114 SecurityBlob->WorkstationName.Length =
3115 cpu_to_le16(SecurityBlob->WorkstationName.Length); */
3116
3117 if ((long) bcc_ptr % 2) {
3118 *bcc_ptr = 0;
3119 bcc_ptr++;
3120 }
3121 bytes_returned =
3122 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
3123 32, nls_codepage);
3124 bcc_ptr += 2 * bytes_returned;
3125 bytes_returned =
3126 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
3127 nls_codepage);
3128 bcc_ptr += 2 * bytes_returned;
3129 bcc_ptr += 2; /* null term version string */
3130 bytes_returned =
3131 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
3132 64, nls_codepage);
3133 bcc_ptr += 2 * bytes_returned;
3134 *(bcc_ptr + 1) = 0;
3135 *(bcc_ptr + 2) = 0;
3136 bcc_ptr += 2; /* null terminate network opsys string */
3137 *(bcc_ptr + 1) = 0;
3138 *(bcc_ptr + 2) = 0;
3139 bcc_ptr += 2; /* null domain */
3140 } else { /* ASCII */
3141 if (domain == NULL) {
3142 SecurityBlob->DomainName.Buffer = 0;
3143 SecurityBlob->DomainName.Length = 0;
3144 SecurityBlob->DomainName.MaximumLength = 0;
3145 } else {
3146 __u16 ln;
3147 negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
3148 strncpy(bcc_ptr, domain, 63);
3149 ln = strnlen(domain, 64);
3150 SecurityBlob->DomainName.MaximumLength =
3151 cpu_to_le16(ln);
3152 SecurityBlob->DomainName.Buffer =
3153 cpu_to_le32(SecurityBlobLength);
3154 bcc_ptr += ln;
3155 SecurityBlobLength += ln;
3156 SecurityBlob->DomainName.Length = cpu_to_le16(ln);
3157 }
3158 if (user == NULL) {
3159 SecurityBlob->UserName.Buffer = 0;
3160 SecurityBlob->UserName.Length = 0;
3161 SecurityBlob->UserName.MaximumLength = 0;
3162 } else {
3163 __u16 ln;
3164 strncpy(bcc_ptr, user, 63);
3165 ln = strnlen(user, 64);
3166 SecurityBlob->UserName.MaximumLength = cpu_to_le16(ln);
3167 SecurityBlob->UserName.Buffer =
3168 cpu_to_le32(SecurityBlobLength);
3169 bcc_ptr += ln;
3170 SecurityBlobLength += ln;
3171 SecurityBlob->UserName.Length = cpu_to_le16(ln);
3172 }
3173 /* BB fill in our workstation name if known BB */
3174
3175 strcpy(bcc_ptr, "Linux version ");
3176 bcc_ptr += strlen("Linux version ");
3177 strcpy(bcc_ptr, utsname()->release);
3178 bcc_ptr += strlen(utsname()->release) + 1;
3179 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
3180 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
3181 bcc_ptr++; /* null domain */
3182 *bcc_ptr = 0;
3183 }
3184 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
3185 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
3186 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
3187 smb_buffer->smb_buf_length += count;
3188 pSMB->req.ByteCount = cpu_to_le16(count);
3189
3190 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
3191 &bytes_returned, CIFS_LONG_OP);
3192 if (rc) {
3193 /* rc = map_smb_to_linux_error(smb_buffer_response) done in SendReceive now */
3194 } else if ((smb_buffer_response->WordCount == 3) ||
3195 (smb_buffer_response->WordCount == 4)) {
3196 __u16 action = le16_to_cpu(pSMBr->resp.Action);
3197 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
3198 if (action & GUEST_LOGIN)
3199 cFYI(1, (" Guest login")); /* BB Should we set anything
3200 in SesInfo struct ? */
3201 /* if (SecurityBlob2->MessageType != NtLm??) {
3202 cFYI("Unexpected message type on auth response is %d"));
3203 } */
3204
3205 if (ses) {
3206 cFYI(1,
3207 ("Check challenge UID %d vs auth response UID %d",
3208 ses->Suid, smb_buffer_response->Uid));
3209 /* UID left in wire format */
3210 ses->Suid = smb_buffer_response->Uid;
3211 bcc_ptr = pByteArea(smb_buffer_response);
3212 /* response can have either 3 or 4 word count - Samba sends 3 */
3213 if ((pSMBr->resp.hdr.WordCount == 3)
3214 || ((pSMBr->resp.hdr.WordCount == 4)
3215 && (blob_len <
3216 pSMBr->resp.ByteCount))) {
3217 if (pSMBr->resp.hdr.WordCount == 4) {
3218 bcc_ptr +=
3219 blob_len;
3220 cFYI(1,
3221 ("Security Blob Length %d ",
3222 blob_len));
3223 }
3224
3225 cFYI(1,
3226 ("NTLMSSP response to Authenticate "));
3227
3228 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3229 if ((long) (bcc_ptr) % 2) {
3230 remaining_words =
3231 (BCC(smb_buffer_response)
3232 - 1) / 2;
3233 bcc_ptr++; /* Unicode strings must be word aligned */
3234 } else {
3235 remaining_words = BCC(smb_buffer_response) / 2;
3236 }
3237 len = UniStrnlen((wchar_t *) bcc_ptr,
3238 remaining_words - 1);
3239 /* We look for obvious messed up bcc or strings in response so we do not go off
3240 the end since (at least) WIN2K and Windows XP have a major bug in not null
3241 terminating last Unicode string in response */
3242 if (ses->serverOS)
3243 kfree(ses->serverOS);
3244 ses->serverOS =
3245 kzalloc(2 * (len + 1), GFP_KERNEL);
3246 cifs_strfromUCS_le(ses->serverOS,
3247 (__le16 *)
3248 bcc_ptr, len,
3249 nls_codepage);
3250 bcc_ptr += 2 * (len + 1);
3251 remaining_words -= len + 1;
3252 ses->serverOS[2 * len] = 0;
3253 ses->serverOS[1 + (2 * len)] = 0;
3254 if (remaining_words > 0) {
3255 len = UniStrnlen((wchar_t *)
3256 bcc_ptr,
3257 remaining_words
3258 - 1);
3259 kfree(ses->serverNOS);
3260 ses->serverNOS =
3261 kzalloc(2 * (len + 1),
3262 GFP_KERNEL);
3263 cifs_strfromUCS_le(ses->
3264 serverNOS,
3265 (__le16 *)
3266 bcc_ptr,
3267 len,
3268 nls_codepage);
3269 bcc_ptr += 2 * (len + 1);
3270 ses->serverNOS[2 * len] = 0;
3271 ses->serverNOS[1+(2*len)] = 0;
3272 remaining_words -= len + 1;
3273 if (remaining_words > 0) {
3274 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
3275 /* last string not always null terminated (e.g. for Windows XP & 2000) */
3276 if (ses->serverDomain)
3277 kfree(ses->serverDomain);
3278 ses->serverDomain =
3279 kzalloc(2 *
3280 (len +
3281 1),
3282 GFP_KERNEL);
3283 cifs_strfromUCS_le
3284 (ses->
3285 serverDomain,
3286 (__le16 *)
3287 bcc_ptr, len,
3288 nls_codepage);
3289 bcc_ptr +=
3290 2 * (len + 1);
3291 ses->
3292 serverDomain[2
3293 * len]
3294 = 0;
3295 ses->
3296 serverDomain[1
3297 +
3298 (2
3299 *
3300 len)]
3301 = 0;
3302 } /* else no more room so create dummy domain string */
3303 else {
3304 if (ses->serverDomain)
3305 kfree(ses->serverDomain);
3306 ses->serverDomain = kzalloc(2,GFP_KERNEL);
3307 }
3308 } else { /* no room so create dummy domain and NOS string */
3309 if (ses->serverDomain)
3310 kfree(ses->serverDomain);
3311 ses->serverDomain = kzalloc(2, GFP_KERNEL);
3312 kfree(ses->serverNOS);
3313 ses->serverNOS = kzalloc(2, GFP_KERNEL);
3314 }
3315 } else { /* ASCII */
3316 len = strnlen(bcc_ptr, 1024);
3317 if (((long) bcc_ptr + len) -
3318 (long) pByteArea(smb_buffer_response)
3319 <= BCC(smb_buffer_response)) {
3320 if (ses->serverOS)
3321 kfree(ses->serverOS);
3322 ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
3323 strncpy(ses->serverOS,bcc_ptr, len);
3324
3325 bcc_ptr += len;
3326 bcc_ptr[0] = 0; /* null terminate the string */
3327 bcc_ptr++;
3328
3329 len = strnlen(bcc_ptr, 1024);
3330 kfree(ses->serverNOS);
3331 ses->serverNOS = kzalloc(len+1,
3332 GFP_KERNEL);
3333 strncpy(ses->serverNOS,
3334 bcc_ptr, len);
3335 bcc_ptr += len;
3336 bcc_ptr[0] = 0;
3337 bcc_ptr++;
3338
3339 len = strnlen(bcc_ptr, 1024);
3340 if (ses->serverDomain)
3341 kfree(ses->serverDomain);
3342 ses->serverDomain =
3343 kzalloc(len+1,
3344 GFP_KERNEL);
3345 strncpy(ses->serverDomain,
3346 bcc_ptr, len);
3347 bcc_ptr += len;
3348 bcc_ptr[0] = 0;
3349 bcc_ptr++;
3350 } else
3351 cFYI(1, ("field of length %d "
3352 "extends beyond end of smb ",
3353 len));
3354 }
3355 } else {
3356 cERROR(1, ("Security Blob extends beyond end "
3357 "of SMB"));
3358 }
3359 } else {
3360 cERROR(1, ("No session structure passed in."));
3361 }
3362 } else {
3363 cERROR(1, ("Invalid Word count %d: ",
3364 smb_buffer_response->WordCount));
3365 rc = -EIO;
3366 }
3367
3368 cifs_buf_release(smb_buffer);
3369
3370 return rc;
3371 }
3372
3373 int
3374 CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3375 const char *tree, struct cifsTconInfo *tcon,
3376 const struct nls_table *nls_codepage)
3377 {
3378 struct smb_hdr *smb_buffer;
3379 struct smb_hdr *smb_buffer_response;
3380 TCONX_REQ *pSMB;
3381 TCONX_RSP *pSMBr;
3382 unsigned char *bcc_ptr;
3383 int rc = 0;
3384 int length;
3385 __u16 count;
3386
3387 if (ses == NULL)
3388 return -EIO;
3389
3390 smb_buffer = cifs_buf_get();
3391 if (smb_buffer == NULL) {
3392 return -ENOMEM;
3393 }
3394 smb_buffer_response = smb_buffer;
3395
3396 header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3397 NULL /*no tid */ , 4 /*wct */ );
3398
3399 smb_buffer->Mid = GetNextMid(ses->server);
3400 smb_buffer->Uid = ses->Suid;
3401 pSMB = (TCONX_REQ *) smb_buffer;
3402 pSMBr = (TCONX_RSP *) smb_buffer_response;
3403
3404 pSMB->AndXCommand = 0xFF;
3405 pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
3406 bcc_ptr = &pSMB->Password[0];
3407 if ((ses->server->secMode) & SECMODE_USER) {
3408 pSMB->PasswordLength = cpu_to_le16(1); /* minimum */
3409 *bcc_ptr = 0; /* password is null byte */
3410 bcc_ptr++; /* skip password */
3411 /* already aligned so no need to do it below */
3412 } else {
3413 pSMB->PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);
3414 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3415 specified as required (when that support is added to
3416 the vfs in the future) as only NTLM or the much
3417 weaker LANMAN (which we do not send by default) is accepted
3418 by Samba (not sure whether other servers allow
3419 NTLMv2 password here) */
3420 #ifdef CONFIG_CIFS_WEAK_PW_HASH
3421 if ((extended_security & CIFSSEC_MAY_LANMAN) &&
3422 (ses->server->secType == LANMAN))
3423 calc_lanman_hash(ses, bcc_ptr);
3424 else
3425 #endif /* CIFS_WEAK_PW_HASH */
3426 SMBNTencrypt(ses->password,
3427 ses->server->cryptKey,
3428 bcc_ptr);
3429
3430 bcc_ptr += CIFS_SESS_KEY_SIZE;
3431 if (ses->capabilities & CAP_UNICODE) {
3432 /* must align unicode strings */
3433 *bcc_ptr = 0; /* null byte password */
3434 bcc_ptr++;
3435 }
3436 }
3437
3438 if (ses->server->secMode &
3439 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3440 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3441
3442 if (ses->capabilities & CAP_STATUS32) {
3443 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3444 }
3445 if (ses->capabilities & CAP_DFS) {
3446 smb_buffer->Flags2 |= SMBFLG2_DFS;
3447 }
3448 if (ses->capabilities & CAP_UNICODE) {
3449 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3450 length =
3451 cifs_strtoUCS((__le16 *) bcc_ptr, tree,
3452 6 /* max utf8 char length in bytes */ *
3453 (/* server len*/ + 256 /* share len */), nls_codepage);
3454 bcc_ptr += 2 * length; /* convert num 16 bit words to bytes */
3455 bcc_ptr += 2; /* skip trailing null */
3456 } else { /* ASCII */
3457 strcpy(bcc_ptr, tree);
3458 bcc_ptr += strlen(tree) + 1;
3459 }
3460 strcpy(bcc_ptr, "?????");
3461 bcc_ptr += strlen("?????");
3462 bcc_ptr += 1;
3463 count = bcc_ptr - &pSMB->Password[0];
3464 pSMB->hdr.smb_buf_length += count;
3465 pSMB->ByteCount = cpu_to_le16(count);
3466
3467 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length,
3468 CIFS_STD_OP);
3469
3470 /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3471 /* above now done in SendReceive */
3472 if ((rc == 0) && (tcon != NULL)) {
3473 tcon->tidStatus = CifsGood;
3474 tcon->tid = smb_buffer_response->Tid;
3475 bcc_ptr = pByteArea(smb_buffer_response);
3476 length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2);
3477 /* skip service field (NB: this field is always ASCII) */
3478 if (length == 3) {
3479 if ((bcc_ptr[0] == 'I') && (bcc_ptr[1] == 'P') &&
3480 (bcc_ptr[2] == 'C')) {
3481 cFYI(1, ("IPC connection"));
3482 tcon->ipc = 1;
3483 }
3484 } else if (length == 2) {
3485 if ((bcc_ptr[0] == 'A') && (bcc_ptr[1] == ':')) {
3486 /* the most common case */
3487 cFYI(1, ("disk share connection"));
3488 }
3489 }
3490 bcc_ptr += length + 1;
3491 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3492 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3493 length = UniStrnlen((wchar_t *) bcc_ptr, 512);
3494 if ((bcc_ptr + (2 * length)) -
3495 pByteArea(smb_buffer_response) <=
3496 BCC(smb_buffer_response)) {
3497 kfree(tcon->nativeFileSystem);
3498 tcon->nativeFileSystem =
3499 kzalloc(length + 2, GFP_KERNEL);
3500 if (tcon->nativeFileSystem)
3501 cifs_strfromUCS_le(
3502 tcon->nativeFileSystem,
3503 (__le16 *) bcc_ptr,
3504 length, nls_codepage);
3505 bcc_ptr += 2 * length;
3506 bcc_ptr[0] = 0; /* null terminate the string */
3507 bcc_ptr[1] = 0;
3508 bcc_ptr += 2;
3509 }
3510 /* else do not bother copying these information fields*/
3511 } else {
3512 length = strnlen(bcc_ptr, 1024);
3513 if ((bcc_ptr + length) -
3514 pByteArea(smb_buffer_response) <=
3515 BCC(smb_buffer_response)) {
3516 kfree(tcon->nativeFileSystem);
3517 tcon->nativeFileSystem =
3518 kzalloc(length + 1, GFP_KERNEL);
3519 if (tcon->nativeFileSystem)
3520 strncpy(tcon->nativeFileSystem, bcc_ptr,
3521 length);
3522 }
3523 /* else do not bother copying these information fields*/
3524 }
3525 if ((smb_buffer_response->WordCount == 3) ||
3526 (smb_buffer_response->WordCount == 7))
3527 /* field is in same location */
3528 tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3529 else
3530 tcon->Flags = 0;
3531 cFYI(1, ("Tcon flags: 0x%x ", tcon->Flags));
3532 } else if ((rc == 0) && tcon == NULL) {
3533 /* all we need to save for IPC$ connection */
3534 ses->ipc_tid = smb_buffer_response->Tid;
3535 }
3536
3537 cifs_buf_release(smb_buffer);
3538 return rc;
3539 }
3540
3541 int
3542 cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3543 {
3544 int rc = 0;
3545 int xid;
3546 struct cifsSesInfo *ses = NULL;
3547 struct task_struct *cifsd_task;
3548 char *tmp;
3549
3550 xid = GetXid();
3551
3552 if (cifs_sb->tcon) {
3553 ses = cifs_sb->tcon->ses; /* save ptr to ses before delete tcon!*/
3554 rc = CIFSSMBTDis(xid, cifs_sb->tcon);
3555 if (rc == -EBUSY) {
3556 FreeXid(xid);
3557 return 0;
3558 }
3559 tconInfoFree(cifs_sb->tcon);
3560 if ((ses) && (ses->server)) {
3561 /* save off task so we do not refer to ses later */
3562 cifsd_task = ses->server->tsk;
3563 cFYI(1, ("About to do SMBLogoff "));
3564 rc = CIFSSMBLogoff(xid, ses);
3565 if (rc == -EBUSY) {
3566 FreeXid(xid);
3567 return 0;
3568 } else if (rc == -ESHUTDOWN) {
3569 cFYI(1, ("Waking up socket by sending signal"));
3570 if (cifsd_task) {
3571 force_sig(SIGKILL, cifsd_task);
3572 kthread_stop(cifsd_task);
3573 }
3574 rc = 0;
3575 } /* else - we have an smb session
3576 left on this socket do not kill cifsd */
3577 } else
3578 cFYI(1, ("No session or bad tcon"));
3579 }
3580
3581 cifs_sb->tcon = NULL;
3582 tmp = cifs_sb->prepath;
3583 cifs_sb->prepathlen = 0;
3584 cifs_sb->prepath = NULL;
3585 kfree(tmp);
3586 if (ses)
3587 schedule_timeout_interruptible(msecs_to_jiffies(500));
3588 if (ses)
3589 sesInfoFree(ses);
3590
3591 FreeXid(xid);
3592 return rc;
3593 }
3594
3595 int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
3596 struct nls_table *nls_info)
3597 {
3598 int rc = 0;
3599 char ntlm_session_key[CIFS_SESS_KEY_SIZE];
3600 int ntlmv2_flag = FALSE;
3601 int first_time = 0;
3602
3603 /* what if server changes its buffer size after dropping the session? */
3604 if (pSesInfo->server->maxBuf == 0) /* no need to send on reconnect */ {
3605 rc = CIFSSMBNegotiate(xid, pSesInfo);
3606 if (rc == -EAGAIN) /* retry only once on 1st time connection */ {
3607 rc = CIFSSMBNegotiate(xid, pSesInfo);
3608 if (rc == -EAGAIN)
3609 rc = -EHOSTDOWN;
3610 }
3611 if (rc == 0) {
3612 spin_lock(&GlobalMid_Lock);
3613 if (pSesInfo->server->tcpStatus != CifsExiting)
3614 pSesInfo->server->tcpStatus = CifsGood;
3615 else
3616 rc = -EHOSTDOWN;
3617 spin_unlock(&GlobalMid_Lock);
3618
3619 }
3620 first_time = 1;
3621 }
3622 if (!rc) {
3623 pSesInfo->flags = 0;
3624 pSesInfo->capabilities = pSesInfo->server->capabilities;
3625 if (linuxExtEnabled == 0)
3626 pSesInfo->capabilities &= (~CAP_UNIX);
3627 /* pSesInfo->sequence_number = 0;*/
3628 cFYI(1,
3629 ("Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d",
3630 pSesInfo->server->secMode,
3631 pSesInfo->server->capabilities,
3632 pSesInfo->server->timeAdj));
3633 if (experimEnabled < 2)
3634 rc = CIFS_SessSetup(xid, pSesInfo,
3635 first_time, nls_info);
3636 else if (extended_security
3637 && (pSesInfo->capabilities
3638 & CAP_EXTENDED_SECURITY)
3639 && (pSesInfo->server->secType == NTLMSSP)) {
3640 rc = -EOPNOTSUPP;
3641 } else if (extended_security
3642 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3643 && (pSesInfo->server->secType == RawNTLMSSP)) {
3644 cFYI(1, ("NTLMSSP sesssetup"));
3645 rc = CIFSNTLMSSPNegotiateSessSetup(xid,
3646 pSesInfo,
3647 &ntlmv2_flag,
3648 nls_info);
3649 if (!rc) {
3650 if (ntlmv2_flag) {
3651 char *v2_response;
3652 cFYI(1, ("more secure NTLM ver2 hash"));
3653 if (CalcNTLMv2_partial_mac_key(pSesInfo,
3654 nls_info)) {
3655 rc = -ENOMEM;
3656 goto ss_err_exit;
3657 } else
3658 v2_response = kmalloc(16 + 64 /* blob */, GFP_KERNEL);
3659 if (v2_response) {
3660 CalcNTLMv2_response(pSesInfo,
3661 v2_response);
3662 /* if (first_time)
3663 cifs_calculate_ntlmv2_mac_key(
3664 pSesInfo->server->mac_signing_key,
3665 response, ntlm_session_key,*/
3666 kfree(v2_response);
3667 /* BB Put dummy sig in SessSetup PDU? */
3668 } else {
3669 rc = -ENOMEM;
3670 goto ss_err_exit;
3671 }
3672
3673 } else {
3674 SMBNTencrypt(pSesInfo->password,
3675 pSesInfo->server->cryptKey,
3676 ntlm_session_key);
3677
3678 if (first_time)
3679 cifs_calculate_mac_key(
3680 &pSesInfo->server->mac_signing_key,
3681 ntlm_session_key,
3682 pSesInfo->password);
3683 }
3684 /* for better security the weaker lanman hash not sent
3685 in AuthSessSetup so we no longer calculate it */
3686
3687 rc = CIFSNTLMSSPAuthSessSetup(xid,
3688 pSesInfo,
3689 ntlm_session_key,
3690 ntlmv2_flag,
3691 nls_info);
3692 }
3693 } else { /* old style NTLM 0.12 session setup */
3694 SMBNTencrypt(pSesInfo->password,
3695 pSesInfo->server->cryptKey,
3696 ntlm_session_key);
3697
3698 if (first_time)
3699 cifs_calculate_mac_key(
3700 &pSesInfo->server->mac_signing_key,
3701 ntlm_session_key, pSesInfo->password);
3702
3703 rc = CIFSSessSetup(xid, pSesInfo,
3704 ntlm_session_key, nls_info);
3705 }
3706 if (rc) {
3707 cERROR(1, ("Send error in SessSetup = %d", rc));
3708 } else {
3709 cFYI(1, ("CIFS Session Established successfully"));
3710 pSesInfo->status = CifsGood;
3711 }
3712 }
3713 ss_err_exit:
3714 return rc;
3715 }
3716
WRT350N Kernel Patches