4 * Copyright (C) International Business Machines Corp., 2002,2005
5 * Author(s): Steve French (sfrench@us.ibm.com)
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/ipv6.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/pagevec.h>
34 #include <asm/uaccess.h>
35 #include <asm/processor.h>
38 #include "cifsproto.h"
39 #include "cifs_unicode.h"
40 #include "cifs_debug.h"
41 #include "cifs_fs_sb.h"
44 #include "rfc1002pdu.h"
48 #define RFC1001_PORT 139
50 static DECLARE_COMPLETION(cifsd_complete);
52 extern void SMBencrypt(unsigned char *passwd, unsigned char *c8,
54 extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
57 extern mempool_t *cifs_req_poolp;
65 char *in6_addr; /* ipv6 address as human readable form of in6_addr */
66 char *iocharset; /* local code page for mapping to and from Unicode */
67 char source_rfc1001_name[16]; /* netbios name of client */
68 char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
78 unsigned no_psx_acl:1; /* set if posix acl support should be disabled */
80 unsigned no_xattr:1; /* set if xattr (EA) support should be disabled*/
81 unsigned server_ino:1; /* use inode numbers from server ie UniqueId */
83 unsigned remap:1; /* set to remap seven reserved chars in filenames */
84 unsigned posix_paths:1; /* unset to not ask for posix pathnames. */
89 unsigned nullauth:1; /* attempt to authenticate with null user */
91 unsigned seal:1; /* encrypt */
92 unsigned nocase; /* request case insensitive filenames */
93 unsigned nobrl; /* disable sending byte range locks to srv */
97 unsigned short int port;
100 static int ipv4_connect(struct sockaddr_in *psin_server,
101 struct socket **csocket,
103 char * server_netb_name);
104 static int ipv6_connect(struct sockaddr_in6 *psin_server,
105 struct socket **csocket);
109 * cifs tcp session reconnection
111 * mark tcp session as reconnecting so temporarily locked
112 * mark all smb sessions as reconnecting for tcp session
113 * reconnect tcp session
114 * wake up waiters on reconnection? - (not needed currently)
118 cifs_reconnect(struct TCP_Server_Info *server)
121 struct list_head *tmp;
122 struct cifsSesInfo *ses;
123 struct cifsTconInfo *tcon;
124 struct mid_q_entry * mid_entry;
126 spin_lock(&GlobalMid_Lock);
127 if(server->tcpStatus == CifsExiting) {
128 /* the demux thread will exit normally
129 next time through the loop */
130 spin_unlock(&GlobalMid_Lock);
133 server->tcpStatus = CifsNeedReconnect;
134 spin_unlock(&GlobalMid_Lock);
137 cFYI(1, ("Reconnecting tcp session"));
139 /* before reconnecting the tcp session, mark the smb session (uid)
140 and the tid bad so they are not used until reconnected */
141 read_lock(&GlobalSMBSeslock);
142 list_for_each(tmp, &GlobalSMBSessionList) {
143 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
145 if (ses->server == server) {
146 ses->status = CifsNeedReconnect;
150 /* else tcp and smb sessions need reconnection */
152 list_for_each(tmp, &GlobalTreeConnectionList) {
153 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
154 if((tcon) && (tcon->ses) && (tcon->ses->server == server)) {
155 tcon->tidStatus = CifsNeedReconnect;
158 read_unlock(&GlobalSMBSeslock);
159 /* do not want to be sending data on a socket we are freeing */
160 down(&server->tcpSem);
161 if(server->ssocket) {
162 cFYI(1,("State: 0x%x Flags: 0x%lx", server->ssocket->state,
163 server->ssocket->flags));
164 server->ssocket->ops->shutdown(server->ssocket,SEND_SHUTDOWN);
165 cFYI(1,("Post shutdown state: 0x%x Flags: 0x%lx", server->ssocket->state,
166 server->ssocket->flags));
167 sock_release(server->ssocket);
168 server->ssocket = NULL;
171 spin_lock(&GlobalMid_Lock);
172 list_for_each(tmp, &server->pending_mid_q) {
173 mid_entry = list_entry(tmp, struct
177 if(mid_entry->midState == MID_REQUEST_SUBMITTED) {
178 /* Mark other intransit requests as needing
179 retry so we do not immediately mark the
180 session bad again (ie after we reconnect
181 below) as they timeout too */
182 mid_entry->midState = MID_RETRY_NEEDED;
186 spin_unlock(&GlobalMid_Lock);
189 while ((server->tcpStatus != CifsExiting) && (server->tcpStatus != CifsGood))
191 if(server->protocolType == IPV6) {
192 rc = ipv6_connect(&server->addr.sockAddr6,&server->ssocket);
194 rc = ipv4_connect(&server->addr.sockAddr,
196 server->workstation_RFC1001_name,
197 server->server_RFC1001_name);
200 cFYI(1,("reconnect error %d",rc));
203 atomic_inc(&tcpSesReconnectCount);
204 spin_lock(&GlobalMid_Lock);
205 if(server->tcpStatus != CifsExiting)
206 server->tcpStatus = CifsGood;
207 server->sequence_number = 0;
208 spin_unlock(&GlobalMid_Lock);
209 /* atomic_set(&server->inFlight,0);*/
210 wake_up(&server->response_q);
218 0 not a transact2, or all data present
219 >0 transact2 with that much data missing
220 -EINVAL = invalid transact2
223 static int check2ndT2(struct smb_hdr * pSMB, unsigned int maxBufSize)
225 struct smb_t2_rsp * pSMBt;
227 int data_in_this_rsp;
230 if(pSMB->Command != SMB_COM_TRANSACTION2)
233 /* check for plausible wct, bcc and t2 data and parm sizes */
234 /* check for parm and data offset going beyond end of smb */
235 if(pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
236 cFYI(1,("invalid transact2 word count"));
240 pSMBt = (struct smb_t2_rsp *)pSMB;
242 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
243 data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
245 remaining = total_data_size - data_in_this_rsp;
249 else if(remaining < 0) {
250 cFYI(1,("total data %d smaller than data in frame %d",
251 total_data_size, data_in_this_rsp));
254 cFYI(1,("missing %d bytes from transact2, check next response",
256 if(total_data_size > maxBufSize) {
257 cERROR(1,("TotalDataSize %d is over maximum buffer %d",
258 total_data_size,maxBufSize));
265 static int coalesce_t2(struct smb_hdr * psecond, struct smb_hdr *pTargetSMB)
267 struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
268 struct smb_t2_rsp *pSMBt = (struct smb_t2_rsp *)pTargetSMB;
273 char * data_area_of_target;
274 char * data_area_of_buf2;
277 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
279 if(total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
280 cFYI(1,("total data sizes of primary and secondary t2 differ"));
283 total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
285 remaining = total_data_size - total_in_buf;
290 if(remaining == 0) /* nothing to do, ignore */
293 total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
294 if(remaining < total_in_buf2) {
295 cFYI(1,("transact2 2nd response contains too much data"));
298 /* find end of first SMB data area */
299 data_area_of_target = (char *)&pSMBt->hdr.Protocol +
300 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
301 /* validate target area */
303 data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
304 le16_to_cpu(pSMB2->t2_rsp.DataOffset);
306 data_area_of_target += total_in_buf;
308 /* copy second buffer into end of first buffer */
309 memcpy(data_area_of_target,data_area_of_buf2,total_in_buf2);
310 total_in_buf += total_in_buf2;
311 pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
312 byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
313 byte_count += total_in_buf2;
314 BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
316 byte_count = pTargetSMB->smb_buf_length;
317 byte_count += total_in_buf2;
319 /* BB also add check that we are not beyond maximum buffer size */
321 pTargetSMB->smb_buf_length = byte_count;
323 if(remaining == total_in_buf2) {
324 cFYI(1,("found the last secondary response"));
325 return 0; /* we are done */
326 } else /* more responses to go */
332 cifs_demultiplex_thread(struct TCP_Server_Info *server)
335 unsigned int pdu_length, total_read;
336 struct smb_hdr *smb_buffer = NULL;
337 struct smb_hdr *bigbuf = NULL;
338 struct smb_hdr *smallbuf = NULL;
339 struct msghdr smb_msg;
341 struct socket *csocket = server->ssocket;
342 struct list_head *tmp;
343 struct cifsSesInfo *ses;
344 struct task_struct *task_to_wake = NULL;
345 struct mid_q_entry *mid_entry;
347 int isLargeBuf = FALSE;
352 allow_signal(SIGKILL);
353 current->flags |= PF_MEMALLOC;
354 server->tsk = current; /* save process info to wake at shutdown */
355 cFYI(1, ("Demultiplex PID: %d", current->pid));
356 write_lock(&GlobalSMBSeslock);
357 atomic_inc(&tcpSesAllocCount);
358 length = tcpSesAllocCount.counter;
359 write_unlock(&GlobalSMBSeslock);
360 complete(&cifsd_complete);
362 mempool_resize(cifs_req_poolp,
363 length + cifs_min_rcv,
367 while (server->tcpStatus != CifsExiting) {
370 if (bigbuf == NULL) {
371 bigbuf = cifs_buf_get();
373 cERROR(1,("No memory for large SMB response"));
375 /* retry will check if exiting */
378 } else if(isLargeBuf) {
379 /* we are reusing a dirtry large buf, clear its start */
380 memset(bigbuf, 0, sizeof (struct smb_hdr));
383 if (smallbuf == NULL) {
384 smallbuf = cifs_small_buf_get();
385 if(smallbuf == NULL) {
386 cERROR(1,("No memory for SMB response"));
388 /* retry will check if exiting */
391 /* beginning of smb buffer is cleared in our buf_get */
392 } else /* if existing small buf clear beginning */
393 memset(smallbuf, 0, sizeof (struct smb_hdr));
397 smb_buffer = smallbuf;
398 iov.iov_base = smb_buffer;
400 smb_msg.msg_control = NULL;
401 smb_msg.msg_controllen = 0;
403 kernel_recvmsg(csocket, &smb_msg,
404 &iov, 1, 4, 0 /* BB see socket.h flags */);
406 if(server->tcpStatus == CifsExiting) {
408 } else if (server->tcpStatus == CifsNeedReconnect) {
409 cFYI(1,("Reconnect after server stopped responding"));
410 cifs_reconnect(server);
411 cFYI(1,("call to reconnect done"));
412 csocket = server->ssocket;
414 } else if ((length == -ERESTARTSYS) || (length == -EAGAIN)) {
415 msleep(1); /* minimum sleep to prevent looping
416 allowing socket to clear and app threads to set
417 tcpStatus CifsNeedReconnect if server hung */
419 } else if (length <= 0) {
420 if(server->tcpStatus == CifsNew) {
421 cFYI(1,("tcp session abend after SMBnegprot"));
422 /* some servers kill the TCP session rather than
423 returning an SMB negprot error, in which
424 case reconnecting here is not going to help,
425 and so simply return error to mount */
428 if(length == -EINTR) {
429 cFYI(1,("cifsd thread killed"));
432 cFYI(1,("Reconnect after unexpected peek error %d",
434 cifs_reconnect(server);
435 csocket = server->ssocket;
436 wake_up(&server->response_q);
438 } else if (length < 4) {
440 ("Frame under four bytes received (%d bytes long)",
442 cifs_reconnect(server);
443 csocket = server->ssocket;
444 wake_up(&server->response_q);
448 /* The right amount was read from socket - 4 bytes */
449 /* so we can now interpret the length field */
451 /* the first byte big endian of the length field,
452 is actually not part of the length but the type
453 with the most common, zero, as regular data */
454 temp = *((char *) smb_buffer);
456 /* Note that FC 1001 length is big endian on the wire,
457 but we convert it here so it is always manipulated
458 as host byte order */
459 pdu_length = ntohl(smb_buffer->smb_buf_length);
460 smb_buffer->smb_buf_length = pdu_length;
462 cFYI(1,("rfc1002 length 0x%x)", pdu_length+4));
464 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
466 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
467 cFYI(1,("Good RFC 1002 session rsp"));
469 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
470 /* we get this from Windows 98 instead of
471 an error on SMB negprot response */
472 cFYI(1,("Negative RFC1002 Session Response Error 0x%x)",
474 if(server->tcpStatus == CifsNew) {
475 /* if nack on negprot (rather than
476 ret of smb negprot error) reconnecting
477 not going to help, ret error to mount */
480 /* give server a second to
481 clean up before reconnect attempt */
483 /* always try 445 first on reconnect
484 since we get NACK on some if we ever
485 connected to port 139 (the NACK is
486 since we do not begin with RFC1001
487 session initialize frame) */
488 server->addr.sockAddr.sin_port =
490 cifs_reconnect(server);
491 csocket = server->ssocket;
492 wake_up(&server->response_q);
495 } else if (temp != (char) 0) {
496 cERROR(1,("Unknown RFC 1002 frame"));
497 cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
499 cifs_reconnect(server);
500 csocket = server->ssocket;
504 /* else we have an SMB response */
505 if((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
506 (pdu_length < sizeof (struct smb_hdr) - 1 - 4)) {
507 cERROR(1, ("Invalid size SMB length %d pdu_length %d",
508 length, pdu_length+4));
509 cifs_reconnect(server);
510 csocket = server->ssocket;
511 wake_up(&server->response_q);
518 if(pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
520 memcpy(bigbuf, smallbuf, 4);
524 iov.iov_base = 4 + (char *)smb_buffer;
525 iov.iov_len = pdu_length;
526 for (total_read = 0; total_read < pdu_length;
527 total_read += length) {
528 length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
529 pdu_length - total_read, 0);
530 if((server->tcpStatus == CifsExiting) ||
531 (length == -EINTR)) {
535 } else if (server->tcpStatus == CifsNeedReconnect) {
536 cifs_reconnect(server);
537 csocket = server->ssocket;
538 /* Reconnect wakes up rspns q */
539 /* Now we will reread sock */
542 } else if ((length == -ERESTARTSYS) ||
543 (length == -EAGAIN)) {
544 msleep(1); /* minimum sleep to prevent looping,
545 allowing socket to clear and app
546 threads to set tcpStatus
547 CifsNeedReconnect if server hung*/
549 } else if (length <= 0) {
550 cERROR(1,("Received no data, expecting %d",
551 pdu_length - total_read));
552 cifs_reconnect(server);
553 csocket = server->ssocket;
560 else if(reconnect == 1)
563 length += 4; /* account for rfc1002 hdr */
566 dump_smb(smb_buffer, length);
567 if (checkSMB (smb_buffer, smb_buffer->Mid, total_read+4)) {
568 cifs_dump_mem("Bad SMB: ", smb_buffer, 48);
574 spin_lock(&GlobalMid_Lock);
575 list_for_each(tmp, &server->pending_mid_q) {
576 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
578 if ((mid_entry->mid == smb_buffer->Mid) &&
579 (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
580 (mid_entry->command == smb_buffer->Command)) {
581 if(check2ndT2(smb_buffer,server->maxBuf) > 0) {
582 /* We have a multipart transact2 resp */
584 if(mid_entry->resp_buf) {
585 /* merge response - fix up 1st*/
586 if(coalesce_t2(smb_buffer,
587 mid_entry->resp_buf)) {
590 /* all parts received */
595 cERROR(1,("1st trans2 resp needs bigbuf"));
596 /* BB maybe we can fix this up, switch
597 to already allocated large buffer? */
599 /* Have first buffer */
600 mid_entry->resp_buf =
602 mid_entry->largeBuf = 1;
608 mid_entry->resp_buf = smb_buffer;
610 mid_entry->largeBuf = 1;
612 mid_entry->largeBuf = 0;
614 task_to_wake = mid_entry->tsk;
615 mid_entry->midState = MID_RESPONSE_RECEIVED;
616 #ifdef CONFIG_CIFS_STATS2
617 mid_entry->when_received = jiffies;
622 spin_unlock(&GlobalMid_Lock);
624 /* Was previous buf put in mpx struct for multi-rsp? */
626 /* smb buffer will be freed by user thread */
632 wake_up_process(task_to_wake);
633 } else if ((is_valid_oplock_break(smb_buffer) == FALSE)
634 && (isMultiRsp == FALSE)) {
635 cERROR(1, ("No task to wake, unknown frame rcvd!"));
636 cifs_dump_mem("Received Data is: ",(char *)smb_buffer,
637 sizeof(struct smb_hdr));
639 } /* end while !EXITING */
641 spin_lock(&GlobalMid_Lock);
642 server->tcpStatus = CifsExiting;
644 /* check if we have blocked requests that need to free */
645 /* Note that cifs_max_pending is normally 50, but
646 can be set at module install time to as little as two */
647 if(atomic_read(&server->inFlight) >= cifs_max_pending)
648 atomic_set(&server->inFlight, cifs_max_pending - 1);
649 /* We do not want to set the max_pending too low or we
650 could end up with the counter going negative */
651 spin_unlock(&GlobalMid_Lock);
652 /* Although there should not be any requests blocked on
653 this queue it can not hurt to be paranoid and try to wake up requests
654 that may haven been blocked when more than 50 at time were on the wire
655 to the same server - they now will see the session is in exit state
656 and get out of SendReceive. */
657 wake_up_all(&server->request_q);
658 /* give those requests time to exit */
661 if(server->ssocket) {
662 sock_release(csocket);
663 server->ssocket = NULL;
665 /* buffer usuallly freed in free_mid - need to free it here on exit */
667 cifs_buf_release(bigbuf);
668 if (smallbuf != NULL)
669 cifs_small_buf_release(smallbuf);
671 read_lock(&GlobalSMBSeslock);
672 if (list_empty(&server->pending_mid_q)) {
673 /* loop through server session structures attached to this and
675 list_for_each(tmp, &GlobalSMBSessionList) {
677 list_entry(tmp, struct cifsSesInfo,
679 if (ses->server == server) {
680 ses->status = CifsExiting;
684 read_unlock(&GlobalSMBSeslock);
686 /* although we can not zero the server struct pointer yet,
687 since there are active requests which may depnd on them,
688 mark the corresponding SMB sessions as exiting too */
689 list_for_each(tmp, &GlobalSMBSessionList) {
690 ses = list_entry(tmp, struct cifsSesInfo,
692 if (ses->server == server) {
693 ses->status = CifsExiting;
697 spin_lock(&GlobalMid_Lock);
698 list_for_each(tmp, &server->pending_mid_q) {
699 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
700 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
702 ("Clearing Mid 0x%x - waking up ",mid_entry->mid));
703 task_to_wake = mid_entry->tsk;
705 wake_up_process(task_to_wake);
709 spin_unlock(&GlobalMid_Lock);
710 read_unlock(&GlobalSMBSeslock);
711 /* 1/8th of sec is more than enough time for them to exit */
715 if (!list_empty(&server->pending_mid_q)) {
716 /* mpx threads have not exited yet give them
717 at least the smb send timeout time for long ops */
718 /* due to delays on oplock break requests, we need
719 to wait at least 45 seconds before giving up
720 on a request getting a response and going ahead
722 cFYI(1, ("Wait for exit from demultiplex thread"));
724 /* if threads still have not exited they are probably never
725 coming home not much else we can do but free the memory */
728 write_lock(&GlobalSMBSeslock);
729 atomic_dec(&tcpSesAllocCount);
730 length = tcpSesAllocCount.counter;
732 /* last chance to mark ses pointers invalid
733 if there are any pointing to this (e.g
734 if a crazy root user tried to kill cifsd
735 kernel thread explicitly this might happen) */
736 list_for_each(tmp, &GlobalSMBSessionList) {
737 ses = list_entry(tmp, struct cifsSesInfo,
739 if (ses->server == server) {
743 write_unlock(&GlobalSMBSeslock);
747 mempool_resize(cifs_req_poolp,
748 length + cifs_min_rcv,
752 complete_and_exit(&cifsd_complete, 0);
757 cifs_parse_mount_options(char *options, const char *devname,struct smb_vol *vol)
761 unsigned int temp_len, i, j;
767 memset(vol->source_rfc1001_name,0x20,15);
768 for(i=0;i < strnlen(system_utsname.nodename,15);i++) {
769 /* does not have to be a perfect mapping since the field is
770 informational, only used for servers that do not support
771 port 445 and it can be overridden at mount time */
772 vol->source_rfc1001_name[i] =
773 toupper(system_utsname.nodename[i]);
775 vol->source_rfc1001_name[15] = 0;
776 /* null target name indicates to use *SMBSERVR default called name
777 if we end up sending RFC1001 session initialize */
778 vol->target_rfc1001_name[0] = 0;
779 vol->linux_uid = current->uid; /* current->euid instead? */
780 vol->linux_gid = current->gid;
781 vol->dir_mode = S_IRWXUGO;
782 /* 2767 perms indicate mandatory locking support */
783 vol->file_mode = S_IALLUGO & ~(S_ISUID | S_IXGRP);
785 /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
788 /* default is always to request posix paths. */
789 vol->posix_paths = 1;
794 if(strncmp(options,"sep=",4) == 0) {
795 if(options[4] != 0) {
796 separator[0] = options[4];
799 cFYI(1,("Null separator not allowed"));
803 while ((data = strsep(&options, separator)) != NULL) {
806 if ((value = strchr(data, '=')) != NULL)
809 if (strnicmp(data, "user_xattr",10) == 0) {/*parse before user*/
811 } else if (strnicmp(data, "nouser_xattr",12) == 0) {
813 } else if (strnicmp(data, "user", 4) == 0) {
814 if (!value || !*value) {
816 "CIFS: invalid or missing username\n");
817 return 1; /* needs_arg; */
819 if (strnlen(value, 200) < 200) {
820 vol->username = value;
822 printk(KERN_WARNING "CIFS: username too long\n");
825 } else if (strnicmp(data, "pass", 4) == 0) {
827 vol->password = NULL;
829 } else if(value[0] == 0) {
830 /* check if string begins with double comma
831 since that would mean the password really
832 does start with a comma, and would not
833 indicate an empty string */
834 if(value[1] != separator[0]) {
835 vol->password = NULL;
839 temp_len = strlen(value);
840 /* removed password length check, NTLM passwords
841 can be arbitrarily long */
843 /* if comma in password, the string will be
844 prematurely null terminated. Commas in password are
845 specified across the cifs mount interface by a double
846 comma ie ,, and a comma used as in other cases ie ','
847 as a parameter delimiter/separator is single and due
848 to the strsep above is temporarily zeroed. */
850 /* NB: password legally can have multiple commas and
851 the only illegal character in a password is null */
853 if ((value[temp_len] == 0) &&
854 (value[temp_len+1] == separator[0])) {
856 value[temp_len] = separator[0];
857 temp_len+=2; /* move after the second comma */
858 while(value[temp_len] != 0) {
859 if (value[temp_len] == separator[0]) {
860 if (value[temp_len+1] ==
862 /* skip second comma */
865 /* single comma indicating start
872 if(value[temp_len] == 0) {
876 /* point option to start of next parm */
877 options = value + temp_len + 1;
879 /* go from value to value + temp_len condensing
880 double commas to singles. Note that this ends up
881 allocating a few bytes too many, which is ok */
882 vol->password = kzalloc(temp_len, GFP_KERNEL);
883 if(vol->password == NULL) {
884 printk("CIFS: no memory for pass\n");
887 for(i=0,j=0;i<temp_len;i++,j++) {
888 vol->password[j] = value[i];
889 if(value[i] == separator[0]
890 && value[i+1] == separator[0]) {
891 /* skip second comma */
895 vol->password[j] = 0;
897 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
898 if(vol->password == NULL) {
899 printk("CIFS: no memory for pass\n");
902 strcpy(vol->password, value);
904 } else if (strnicmp(data, "ip", 2) == 0) {
905 if (!value || !*value) {
907 } else if (strnlen(value, 35) < 35) {
910 printk(KERN_WARNING "CIFS: ip address too long\n");
913 } else if (strnicmp(data, "sec", 3) == 0) {
914 if (!value || !*value) {
915 cERROR(1,("no security value specified"));
917 } else if (strnicmp(value, "krb5i", 5) == 0) {
920 } else if (strnicmp(value, "krb5p", 5) == 0) {
923 cERROR(1,("Krb5 cifs privacy not supported"));
925 } else if (strnicmp(value, "krb5", 4) == 0) {
927 } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
930 } else if (strnicmp(value, "ntlmv2", 6) == 0) {
932 } else if (strnicmp(value, "ntlmi", 5) == 0) {
935 } else if (strnicmp(value, "ntlm", 4) == 0) {
936 /* ntlm is default so can be turned off too */
938 } else if (strnicmp(value, "nontlm", 6) == 0) {
940 } else if (strnicmp(value, "none", 4) == 0) {
943 cERROR(1,("bad security option: %s", value));
946 } else if ((strnicmp(data, "unc", 3) == 0)
947 || (strnicmp(data, "target", 6) == 0)
948 || (strnicmp(data, "path", 4) == 0)) {
949 if (!value || !*value) {
951 "CIFS: invalid path to network resource\n");
952 return 1; /* needs_arg; */
954 if ((temp_len = strnlen(value, 300)) < 300) {
955 vol->UNC = kmalloc(temp_len+1,GFP_KERNEL);
958 strcpy(vol->UNC,value);
959 if (strncmp(vol->UNC, "//", 2) == 0) {
962 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
964 "CIFS: UNC Path does not begin with // or \\\\ \n");
968 printk(KERN_WARNING "CIFS: UNC name too long\n");
971 } else if ((strnicmp(data, "domain", 3) == 0)
972 || (strnicmp(data, "workgroup", 5) == 0)) {
973 if (!value || !*value) {
974 printk(KERN_WARNING "CIFS: invalid domain name\n");
975 return 1; /* needs_arg; */
977 /* BB are there cases in which a comma can be valid in
978 a domain name and need special handling? */
979 if (strnlen(value, 65) < 65) {
980 vol->domainname = value;
981 cFYI(1, ("Domain name set"));
983 printk(KERN_WARNING "CIFS: domain name too long\n");
986 } else if (strnicmp(data, "iocharset", 9) == 0) {
987 if (!value || !*value) {
988 printk(KERN_WARNING "CIFS: invalid iocharset specified\n");
989 return 1; /* needs_arg; */
991 if (strnlen(value, 65) < 65) {
992 if(strnicmp(value,"default",7))
993 vol->iocharset = value;
994 /* if iocharset not set load_nls_default used by caller */
995 cFYI(1, ("iocharset set to %s",value));
997 printk(KERN_WARNING "CIFS: iocharset name too long.\n");
1000 } else if (strnicmp(data, "uid", 3) == 0) {
1001 if (value && *value) {
1003 simple_strtoul(value, &value, 0);
1005 } else if (strnicmp(data, "gid", 3) == 0) {
1006 if (value && *value) {
1008 simple_strtoul(value, &value, 0);
1010 } else if (strnicmp(data, "file_mode", 4) == 0) {
1011 if (value && *value) {
1013 simple_strtoul(value, &value, 0);
1015 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1016 if (value && *value) {
1018 simple_strtoul(value, &value, 0);
1020 } else if (strnicmp(data, "dirmode", 4) == 0) {
1021 if (value && *value) {
1023 simple_strtoul(value, &value, 0);
1025 } else if (strnicmp(data, "port", 4) == 0) {
1026 if (value && *value) {
1028 simple_strtoul(value, &value, 0);
1030 } else if (strnicmp(data, "rsize", 5) == 0) {
1031 if (value && *value) {
1033 simple_strtoul(value, &value, 0);
1035 } else if (strnicmp(data, "wsize", 5) == 0) {
1036 if (value && *value) {
1038 simple_strtoul(value, &value, 0);
1040 } else if (strnicmp(data, "sockopt", 5) == 0) {
1041 if (value && *value) {
1043 simple_strtoul(value, &value, 0);
1045 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1046 if (!value || !*value || (*value == ' ')) {
1047 cFYI(1,("invalid (empty) netbiosname specified"));
1049 memset(vol->source_rfc1001_name,0x20,15);
1051 /* BB are there cases in which a comma can be
1052 valid in this workstation netbios name (and need
1053 special handling)? */
1055 /* We do not uppercase netbiosname for user */
1059 vol->source_rfc1001_name[i] = value[i];
1061 /* The string has 16th byte zero still from
1062 set at top of the function */
1063 if((i==15) && (value[i] != 0))
1064 printk(KERN_WARNING "CIFS: netbiosname longer than 15 truncated.\n");
1066 } else if (strnicmp(data, "servern", 7) == 0) {
1067 /* servernetbiosname specified override *SMBSERVER */
1068 if (!value || !*value || (*value == ' ')) {
1069 cFYI(1,("empty server netbiosname specified"));
1071 /* last byte, type, is 0x20 for servr type */
1072 memset(vol->target_rfc1001_name,0x20,16);
1075 /* BB are there cases in which a comma can be
1076 valid in this workstation netbios name (and need
1077 special handling)? */
1079 /* user or mount helper must uppercase netbiosname */
1083 vol->target_rfc1001_name[i] = value[i];
1085 /* The string has 16th byte zero still from
1086 set at top of the function */
1087 if((i==15) && (value[i] != 0))
1088 printk(KERN_WARNING "CIFS: server netbiosname longer than 15 truncated.\n");
1090 } else if (strnicmp(data, "credentials", 4) == 0) {
1092 } else if (strnicmp(data, "version", 3) == 0) {
1094 } else if (strnicmp(data, "guest",5) == 0) {
1096 } else if (strnicmp(data, "rw", 2) == 0) {
1098 } else if ((strnicmp(data, "suid", 4) == 0) ||
1099 (strnicmp(data, "nosuid", 6) == 0) ||
1100 (strnicmp(data, "exec", 4) == 0) ||
1101 (strnicmp(data, "noexec", 6) == 0) ||
1102 (strnicmp(data, "nodev", 5) == 0) ||
1103 (strnicmp(data, "noauto", 6) == 0) ||
1104 (strnicmp(data, "dev", 3) == 0)) {
1105 /* The mount tool or mount.cifs helper (if present)
1106 uses these opts to set flags, and the flags are read
1107 by the kernel vfs layer before we get here (ie
1108 before read super) so there is no point trying to
1109 parse these options again and set anything and it
1110 is ok to just ignore them */
1112 } else if (strnicmp(data, "ro", 2) == 0) {
1114 } else if (strnicmp(data, "hard", 4) == 0) {
1116 } else if (strnicmp(data, "soft", 4) == 0) {
1118 } else if (strnicmp(data, "perm", 4) == 0) {
1120 } else if (strnicmp(data, "noperm", 6) == 0) {
1122 } else if (strnicmp(data, "mapchars", 8) == 0) {
1124 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1126 } else if (strnicmp(data, "sfu", 3) == 0) {
1128 } else if (strnicmp(data, "nosfu", 5) == 0) {
1130 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1131 vol->posix_paths = 1;
1132 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1133 vol->posix_paths = 0;
1134 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1135 (strnicmp(data, "ignorecase", 10) == 0)) {
1137 } else if (strnicmp(data, "brl", 3) == 0) {
1139 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1140 (strnicmp(data, "nolock", 6) == 0)) {
1142 /* turn off mandatory locking in mode
1143 if remote locking is turned off since the
1144 local vfs will do advisory */
1145 if(vol->file_mode == (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1146 vol->file_mode = S_IALLUGO;
1147 } else if (strnicmp(data, "setuids", 7) == 0) {
1149 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1151 } else if (strnicmp(data, "nohard", 6) == 0) {
1153 } else if (strnicmp(data, "nosoft", 6) == 0) {
1155 } else if (strnicmp(data, "nointr", 6) == 0) {
1157 } else if (strnicmp(data, "intr", 4) == 0) {
1159 } else if (strnicmp(data, "serverino",7) == 0) {
1160 vol->server_ino = 1;
1161 } else if (strnicmp(data, "noserverino",9) == 0) {
1162 vol->server_ino = 0;
1163 } else if (strnicmp(data, "cifsacl",7) == 0) {
1165 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1167 } else if (strnicmp(data, "acl",3) == 0) {
1168 vol->no_psx_acl = 0;
1169 } else if (strnicmp(data, "noacl",5) == 0) {
1170 vol->no_psx_acl = 1;
1171 } else if (strnicmp(data, "direct",6) == 0) {
1173 } else if (strnicmp(data, "forcedirectio",13) == 0) {
1175 } else if (strnicmp(data, "in6_addr",8) == 0) {
1176 if (!value || !*value) {
1177 vol->in6_addr = NULL;
1178 } else if (strnlen(value, 49) == 48) {
1179 vol->in6_addr = value;
1181 printk(KERN_WARNING "CIFS: ip v6 address not 48 characters long\n");
1184 } else if (strnicmp(data, "noac", 4) == 0) {
1185 printk(KERN_WARNING "CIFS: Mount option noac not supported. Instead set /proc/fs/cifs/LookupCacheEnabled to 0\n");
1187 printk(KERN_WARNING "CIFS: Unknown mount option %s\n",data);
1189 if (vol->UNC == NULL) {
1190 if(devname == NULL) {
1191 printk(KERN_WARNING "CIFS: Missing UNC name for mount target\n");
1194 if ((temp_len = strnlen(devname, 300)) < 300) {
1195 vol->UNC = kmalloc(temp_len+1,GFP_KERNEL);
1196 if(vol->UNC == NULL)
1198 strcpy(vol->UNC,devname);
1199 if (strncmp(vol->UNC, "//", 2) == 0) {
1202 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1203 printk(KERN_WARNING "CIFS: UNC Path does not begin with // or \\\\ \n");
1207 printk(KERN_WARNING "CIFS: UNC name too long\n");
1211 if(vol->UNCip == NULL)
1212 vol->UNCip = &vol->UNC[2];
1217 static struct cifsSesInfo *
1218 cifs_find_tcp_session(struct in_addr * target_ip_addr,
1219 struct in6_addr *target_ip6_addr,
1220 char *userName, struct TCP_Server_Info **psrvTcp)
1222 struct list_head *tmp;
1223 struct cifsSesInfo *ses;
1225 read_lock(&GlobalSMBSeslock);
1227 list_for_each(tmp, &GlobalSMBSessionList) {
1228 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
1230 if((target_ip_addr &&
1231 (ses->server->addr.sockAddr.sin_addr.s_addr
1232 == target_ip_addr->s_addr)) || (target_ip6_addr
1233 && memcmp(&ses->server->addr.sockAddr6.sin6_addr,
1234 target_ip6_addr,sizeof(*target_ip6_addr)))){
1235 /* BB lock server and tcp session and increment use count here?? */
1236 *psrvTcp = ses->server; /* found a match on the TCP session */
1237 /* BB check if reconnection needed */
1239 (ses->userName, userName,
1240 MAX_USERNAME_SIZE) == 0){
1241 read_unlock(&GlobalSMBSeslock);
1242 return ses; /* found exact match on both tcp and SMB sessions */
1246 /* else tcp and smb sessions need reconnection */
1248 read_unlock(&GlobalSMBSeslock);
1252 static struct cifsTconInfo *
1253 find_unc(__be32 new_target_ip_addr, char *uncName, char *userName)
1255 struct list_head *tmp;
1256 struct cifsTconInfo *tcon;
1258 read_lock(&GlobalSMBSeslock);
1259 list_for_each(tmp, &GlobalTreeConnectionList) {
1260 cFYI(1, ("Next tcon - "));
1261 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
1263 if (tcon->ses->server) {
1265 (" old ip addr: %x == new ip %x ?",
1266 tcon->ses->server->addr.sockAddr.sin_addr.
1267 s_addr, new_target_ip_addr));
1268 if (tcon->ses->server->addr.sockAddr.sin_addr.
1269 s_addr == new_target_ip_addr) {
1270 /* BB lock tcon and server and tcp session and increment use count here? */
1271 /* found a match on the TCP session */
1272 /* BB check if reconnection needed */
1273 cFYI(1,("Matched ip, old UNC: %s == new: %s ?",
1274 tcon->treeName, uncName));
1276 (tcon->treeName, uncName,
1277 MAX_TREE_SIZE) == 0) {
1279 ("Matched UNC, old user: %s == new: %s ?",
1280 tcon->treeName, uncName));
1282 (tcon->ses->userName,
1284 MAX_USERNAME_SIZE) == 0) {
1285 read_unlock(&GlobalSMBSeslock);
1286 return tcon;/* also matched user (smb session)*/
1293 read_unlock(&GlobalSMBSeslock);
1298 connect_to_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
1299 const char *old_path, const struct nls_table *nls_codepage,
1302 unsigned char *referrals = NULL;
1303 unsigned int num_referrals;
1306 rc = get_dfs_path(xid, pSesInfo,old_path, nls_codepage,
1307 &num_referrals, &referrals, remap);
1309 /* BB Add in code to: if valid refrl, if not ip address contact
1310 the helper that resolves tcp names, mount to it, try to
1311 tcon to it unmount it if fail */
1319 get_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
1320 const char *old_path, const struct nls_table *nls_codepage,
1321 unsigned int *pnum_referrals,
1322 unsigned char ** preferrals, int remap)
1327 *pnum_referrals = 0;
1329 if (pSesInfo->ipc_tid == 0) {
1330 temp_unc = kmalloc(2 /* for slashes */ +
1331 strnlen(pSesInfo->serverName,SERVER_NAME_LEN_WITH_NULL * 2)
1332 + 1 + 4 /* slash IPC$ */ + 2,
1334 if (temp_unc == NULL)
1338 strcpy(temp_unc + 2, pSesInfo->serverName);
1339 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
1340 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
1342 ("CIFS Tcon rc = %d ipc_tid = %d", rc,pSesInfo->ipc_tid));
1346 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
1347 pnum_referrals, nls_codepage, remap);
1352 /* See RFC1001 section 14 on representation of Netbios names */
1353 static void rfc1002mangle(char * target,char * source, unsigned int length)
1357 for(i=0,j=0;i<(length);i++) {
1358 /* mask a nibble at a time and encode */
1359 target[j] = 'A' + (0x0F & (source[i] >> 4));
1360 target[j+1] = 'A' + (0x0F & source[i]);
1368 ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket,
1369 char * netbios_name, char * target_name)
1373 __be16 orig_port = 0;
1375 if(*csocket == NULL) {
1376 rc = sock_create_kern(PF_INET, SOCK_STREAM, IPPROTO_TCP, csocket);
1378 cERROR(1, ("Error %d creating socket",rc));
1382 /* BB other socket options to set KEEPALIVE, NODELAY? */
1383 cFYI(1,("Socket created"));
1384 (*csocket)->sk->sk_allocation = GFP_NOFS;
1388 psin_server->sin_family = AF_INET;
1389 if(psin_server->sin_port) { /* user overrode default port */
1390 rc = (*csocket)->ops->connect(*csocket,
1391 (struct sockaddr *) psin_server,
1392 sizeof (struct sockaddr_in),0);
1398 /* save original port so we can retry user specified port
1399 later if fall back ports fail this time */
1400 orig_port = psin_server->sin_port;
1402 /* do not retry on the same port we just failed on */
1403 if(psin_server->sin_port != htons(CIFS_PORT)) {
1404 psin_server->sin_port = htons(CIFS_PORT);
1406 rc = (*csocket)->ops->connect(*csocket,
1407 (struct sockaddr *) psin_server,
1408 sizeof (struct sockaddr_in),0);
1414 psin_server->sin_port = htons(RFC1001_PORT);
1415 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1416 psin_server, sizeof (struct sockaddr_in),0);
1421 /* give up here - unless we want to retry on different
1422 protocol families some day */
1425 psin_server->sin_port = orig_port;
1426 cFYI(1,("Error %d connecting to server via ipv4",rc));
1427 sock_release(*csocket);
1431 /* Eventually check for other socket options to change from
1432 the default. sock_setsockopt not used because it expects
1433 user space buffer */
1434 cFYI(1,("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",(*csocket)->sk->sk_sndbuf,
1435 (*csocket)->sk->sk_rcvbuf, (*csocket)->sk->sk_rcvtimeo));
1436 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1437 /* make the bufsizes depend on wsize/rsize and max requests */
1438 if((*csocket)->sk->sk_sndbuf < (200 * 1024))
1439 (*csocket)->sk->sk_sndbuf = 200 * 1024;
1440 if((*csocket)->sk->sk_rcvbuf < (140 * 1024))
1441 (*csocket)->sk->sk_rcvbuf = 140 * 1024;
1443 /* send RFC1001 sessinit */
1444 if(psin_server->sin_port == htons(RFC1001_PORT)) {
1445 /* some servers require RFC1001 sessinit before sending
1446 negprot - BB check reconnection in case where second
1447 sessinit is sent but no second negprot */
1448 struct rfc1002_session_packet * ses_init_buf;
1449 struct smb_hdr * smb_buf;
1450 ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet), GFP_KERNEL);
1452 ses_init_buf->trailer.session_req.called_len = 32;
1453 if(target_name && (target_name[0] != 0)) {
1454 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1457 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1458 DEFAULT_CIFS_CALLED_NAME,16);
1461 ses_init_buf->trailer.session_req.calling_len = 32;
1462 /* calling name ends in null (byte 16) from old smb
1464 if(netbios_name && (netbios_name[0] !=0)) {
1465 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1468 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1469 "LINUX_CIFS_CLNT",16);
1471 ses_init_buf->trailer.session_req.scope1 = 0;
1472 ses_init_buf->trailer.session_req.scope2 = 0;
1473 smb_buf = (struct smb_hdr *)ses_init_buf;
1474 /* sizeof RFC1002_SESSION_REQUEST with no scope */
1475 smb_buf->smb_buf_length = 0x81000044;
1476 rc = smb_send(*csocket, smb_buf, 0x44,
1477 (struct sockaddr *)psin_server);
1478 kfree(ses_init_buf);
1480 /* else the negprot may still work without this
1481 even though malloc failed */
1489 ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket)
1493 __be16 orig_port = 0;
1495 if(*csocket == NULL) {
1496 rc = sock_create_kern(PF_INET6, SOCK_STREAM, IPPROTO_TCP, csocket);
1498 cERROR(1, ("Error %d creating ipv6 socket",rc));
1502 /* BB other socket options to set KEEPALIVE, NODELAY? */
1503 cFYI(1,("ipv6 Socket created"));
1504 (*csocket)->sk->sk_allocation = GFP_NOFS;
1508 psin_server->sin6_family = AF_INET6;
1510 if(psin_server->sin6_port) { /* user overrode default port */
1511 rc = (*csocket)->ops->connect(*csocket,
1512 (struct sockaddr *) psin_server,
1513 sizeof (struct sockaddr_in6),0);
1519 /* save original port so we can retry user specified port
1520 later if fall back ports fail this time */
1522 orig_port = psin_server->sin6_port;
1523 /* do not retry on the same port we just failed on */
1524 if(psin_server->sin6_port != htons(CIFS_PORT)) {
1525 psin_server->sin6_port = htons(CIFS_PORT);
1527 rc = (*csocket)->ops->connect(*csocket,
1528 (struct sockaddr *) psin_server,
1529 sizeof (struct sockaddr_in6),0);
1535 psin_server->sin6_port = htons(RFC1001_PORT);
1536 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1537 psin_server, sizeof (struct sockaddr_in6),0);
1542 /* give up here - unless we want to retry on different
1543 protocol families some day */
1546 psin_server->sin6_port = orig_port;
1547 cFYI(1,("Error %d connecting to server via ipv6",rc));
1548 sock_release(*csocket);
1552 /* Eventually check for other socket options to change from
1553 the default. sock_setsockopt not used because it expects
1554 user space buffer */
1555 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1561 cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
1562 char *mount_data, const char *devname)
1566 int address_type = AF_INET;
1567 struct socket *csocket = NULL;
1568 struct sockaddr_in sin_server;
1569 struct sockaddr_in6 sin_server6;
1570 struct smb_vol volume_info;
1571 struct cifsSesInfo *pSesInfo = NULL;
1572 struct cifsSesInfo *existingCifsSes = NULL;
1573 struct cifsTconInfo *tcon = NULL;
1574 struct TCP_Server_Info *srvTcp = NULL;
1578 /* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */
1580 memset(&volume_info,0,sizeof(struct smb_vol));
1581 if (cifs_parse_mount_options(mount_data, devname, &volume_info)) {
1582 kfree(volume_info.UNC);
1583 kfree(volume_info.password);
1588 if (volume_info.username) {
1589 /* BB fixme parse for domain name here */
1590 cFYI(1, ("Username: %s ", volume_info.username));
1593 cifserror("No username specified");
1594 /* In userspace mount helper we can get user name from alternate
1595 locations such as env variables and files on disk */
1596 kfree(volume_info.UNC);
1597 kfree(volume_info.password);
1602 if (volume_info.UNCip && volume_info.UNC) {
1603 rc = cifs_inet_pton(AF_INET, volume_info.UNCip,&sin_server.sin_addr.s_addr);
1606 /* not ipv4 address, try ipv6 */
1607 rc = cifs_inet_pton(AF_INET6,volume_info.UNCip,&sin_server6.sin6_addr.in6_u);
1609 address_type = AF_INET6;
1611 address_type = AF_INET;
1615 /* we failed translating address */
1616 kfree(volume_info.UNC);
1617 kfree(volume_info.password);
1622 cFYI(1, ("UNC: %s ip: %s", volume_info.UNC, volume_info.UNCip));
1625 } else if (volume_info.UNCip){
1626 /* BB using ip addr as server name connect to the DFS root below */
1627 cERROR(1,("Connecting to DFS root not implemented yet"));
1628 kfree(volume_info.UNC);
1629 kfree(volume_info.password);
1632 } else /* which servers DFS root would we conect to */ {
1634 ("CIFS mount error: No UNC path (e.g. -o unc=//192.168.1.100/public) specified"));
1635 kfree(volume_info.UNC);
1636 kfree(volume_info.password);
1641 /* this is needed for ASCII cp to Unicode converts */
1642 if(volume_info.iocharset == NULL) {
1643 cifs_sb->local_nls = load_nls_default();
1644 /* load_nls_default can not return null */
1646 cifs_sb->local_nls = load_nls(volume_info.iocharset);
1647 if(cifs_sb->local_nls == NULL) {
1648 cERROR(1,("CIFS mount error: iocharset %s not found",volume_info.iocharset));
1649 kfree(volume_info.UNC);
1650 kfree(volume_info.password);
1656 if(address_type == AF_INET)
1657 existingCifsSes = cifs_find_tcp_session(&sin_server.sin_addr,
1658 NULL /* no ipv6 addr */,
1659 volume_info.username, &srvTcp);
1660 else if(address_type == AF_INET6)
1661 existingCifsSes = cifs_find_tcp_session(NULL /* no ipv4 addr */,
1662 &sin_server6.sin6_addr,
1663 volume_info.username, &srvTcp);
1665 kfree(volume_info.UNC);
1666 kfree(volume_info.password);
1673 cFYI(1, ("Existing tcp session with server found"));
1674 } else { /* create socket */
1675 if(volume_info.port)
1676 sin_server.sin_port = htons(volume_info.port);
1678 sin_server.sin_port = 0;
1679 rc = ipv4_connect(&sin_server,&csocket,
1680 volume_info.source_rfc1001_name,
1681 volume_info.target_rfc1001_name);
1684 ("Error connecting to IPv4 socket. Aborting operation"));
1686 sock_release(csocket);
1687 kfree(volume_info.UNC);
1688 kfree(volume_info.password);
1693 srvTcp = kmalloc(sizeof (struct TCP_Server_Info), GFP_KERNEL);
1694 if (srvTcp == NULL) {
1696 sock_release(csocket);
1697 kfree(volume_info.UNC);
1698 kfree(volume_info.password);
1702 memset(srvTcp, 0, sizeof (struct TCP_Server_Info));
1703 memcpy(&srvTcp->addr.sockAddr, &sin_server, sizeof (struct sockaddr_in));
1704 atomic_set(&srvTcp->inFlight,0);
1705 /* BB Add code for ipv6 case too */
1706 srvTcp->ssocket = csocket;
1707 srvTcp->protocolType = IPV4;
1708 init_waitqueue_head(&srvTcp->response_q);
1709 init_waitqueue_head(&srvTcp->request_q);
1710 INIT_LIST_HEAD(&srvTcp->pending_mid_q);
1711 /* at this point we are the only ones with the pointer
1712 to the struct since the kernel thread not created yet
1713 so no need to spinlock this init of tcpStatus */
1714 srvTcp->tcpStatus = CifsNew;
1715 init_MUTEX(&srvTcp->tcpSem);
1716 rc = (int)kernel_thread((void *)(void *)cifs_demultiplex_thread, srvTcp,
1717 CLONE_FS | CLONE_FILES | CLONE_VM);
1720 sock_release(csocket);
1721 kfree(volume_info.UNC);
1722 kfree(volume_info.password);
1726 wait_for_completion(&cifsd_complete);
1728 memcpy(srvTcp->workstation_RFC1001_name, volume_info.source_rfc1001_name,16);
1729 memcpy(srvTcp->server_RFC1001_name, volume_info.target_rfc1001_name,16);
1730 srvTcp->sequence_number = 0;
1734 if (existingCifsSes) {
1735 pSesInfo = existingCifsSes;
1736 cFYI(1, ("Existing smb sess found"));
1737 kfree(volume_info.password);
1738 /* volume_info.UNC freed at end of function */
1740 cFYI(1, ("Existing smb sess not found"));
1741 pSesInfo = sesInfoAlloc();
1742 if (pSesInfo == NULL)
1745 pSesInfo->server = srvTcp;
1746 sprintf(pSesInfo->serverName, "%u.%u.%u.%u",
1747 NIPQUAD(sin_server.sin_addr.s_addr));
1751 /* volume_info.password freed at unmount */
1752 if (volume_info.password)
1753 pSesInfo->password = volume_info.password;
1754 if (volume_info.username)
1755 strncpy(pSesInfo->userName,
1756 volume_info.username,MAX_USERNAME_SIZE);
1757 if (volume_info.domainname)
1758 strncpy(pSesInfo->domainName,
1759 volume_info.domainname,MAX_USERNAME_SIZE);
1760 pSesInfo->linux_uid = volume_info.linux_uid;
1761 down(&pSesInfo->sesSem);
1762 rc = cifs_setup_session(xid,pSesInfo, cifs_sb->local_nls);
1763 up(&pSesInfo->sesSem);
1765 atomic_inc(&srvTcp->socketUseCount);
1767 kfree(volume_info.password);
1770 /* search for existing tcon to this server share */
1772 if(volume_info.rsize > CIFSMaxBufSize) {
1773 cERROR(1,("rsize %d too large, using MaxBufSize",
1774 volume_info.rsize));
1775 cifs_sb->rsize = CIFSMaxBufSize;
1776 } else if((volume_info.rsize) && (volume_info.rsize <= CIFSMaxBufSize))
1777 cifs_sb->rsize = volume_info.rsize;
1779 cifs_sb->rsize = CIFSMaxBufSize;
1781 if(volume_info.wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
1782 cERROR(1,("wsize %d too large using 4096 instead",
1783 volume_info.wsize));
1784 cifs_sb->wsize = 4096;
1785 } else if(volume_info.wsize)
1786 cifs_sb->wsize = volume_info.wsize;
1789 min(PAGEVEC_SIZE * PAGE_CACHE_SIZE, 127*1024);
1790 /* old default of CIFSMaxBufSize was too small now
1791 that SMB Write2 can send multiple pages in kvec.
1792 RFC1001 does not describe what happens when frame
1793 bigger than 128K is sent so use that as max in
1794 conjunction with 52K kvec constraint on arch with 4K
1797 if(cifs_sb->rsize < PAGE_CACHE_SIZE) {
1798 cifs_sb->rsize = PAGE_CACHE_SIZE;
1799 /* Windows ME does this */
1800 cFYI(1,("Attempt to set readsize for mount to less than one page (4096)"));
1802 cifs_sb->mnt_uid = volume_info.linux_uid;
1803 cifs_sb->mnt_gid = volume_info.linux_gid;
1804 cifs_sb->mnt_file_mode = volume_info.file_mode;
1805 cifs_sb->mnt_dir_mode = volume_info.dir_mode;
1806 cFYI(1,("file mode: 0x%x dir mode: 0x%x",
1807 cifs_sb->mnt_file_mode,cifs_sb->mnt_dir_mode));
1809 if(volume_info.noperm)
1810 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
1811 if(volume_info.setuids)
1812 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
1813 if(volume_info.server_ino)
1814 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
1815 if(volume_info.remap)
1816 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
1817 if(volume_info.no_xattr)
1818 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
1819 if(volume_info.sfu_emul)
1820 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
1821 if(volume_info.nobrl)
1822 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
1823 if(volume_info.cifs_acl)
1824 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
1826 if(volume_info.direct_io) {
1827 cFYI(1,("mounting share using direct i/o"));
1828 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
1832 find_unc(sin_server.sin_addr.s_addr, volume_info.UNC,
1833 volume_info.username);
1835 cFYI(1, ("Found match on UNC path"));
1836 /* we can have only one retry value for a connection
1837 to a share so for resources mounted more than once
1838 to the same server share the last value passed in
1839 for the retry flag is used */
1840 tcon->retry = volume_info.retry;
1841 tcon->nocase = volume_info.nocase;
1843 tcon = tconInfoAlloc();
1847 /* check for null share name ie connect to dfs root */
1849 /* BB check if this works for exactly length three strings */
1850 if ((strchr(volume_info.UNC + 3, '\\') == NULL)
1851 && (strchr(volume_info.UNC + 3, '/') ==
1853 rc = connect_to_dfs_path(xid, pSesInfo,
1854 "", cifs_sb->local_nls,
1855 cifs_sb->mnt_cifs_flags &
1856 CIFS_MOUNT_MAP_SPECIAL_CHR);
1857 kfree(volume_info.UNC);
1861 rc = CIFSTCon(xid, pSesInfo,
1863 tcon, cifs_sb->local_nls);
1864 cFYI(1, ("CIFS Tcon rc = %d", rc));
1867 atomic_inc(&pSesInfo->inUse);
1868 tcon->retry = volume_info.retry;
1869 tcon->nocase = volume_info.nocase;
1875 if (pSesInfo->capabilities & CAP_LARGE_FILES) {
1876 sb->s_maxbytes = (u64) 1 << 63;
1878 sb->s_maxbytes = (u64) 1 << 31; /* 2 GB */
1881 sb->s_time_gran = 100;
1883 /* on error free sesinfo and tcon struct if needed */
1885 /* if session setup failed, use count is zero but
1886 we still need to free cifsd thread */
1887 if(atomic_read(&srvTcp->socketUseCount) == 0) {
1888 spin_lock(&GlobalMid_Lock);
1889 srvTcp->tcpStatus = CifsExiting;
1890 spin_unlock(&GlobalMid_Lock);
1892 send_sig(SIGKILL,srvTcp->tsk,1);
1893 wait_for_completion(&cifsd_complete);
1896 /* If find_unc succeeded then rc == 0 so we can not end */
1897 if (tcon) /* up accidently freeing someone elses tcon struct */
1899 if (existingCifsSes == NULL) {
1901 if ((pSesInfo->server) &&
1902 (pSesInfo->status == CifsGood)) {
1904 temp_rc = CIFSSMBLogoff(xid, pSesInfo);
1905 /* if the socketUseCount is now zero */
1906 if((temp_rc == -ESHUTDOWN) &&
1907 (pSesInfo->server->tsk)) {
1908 send_sig(SIGKILL,pSesInfo->server->tsk,1);
1909 wait_for_completion(&cifsd_complete);
1912 cFYI(1, ("No session or bad tcon"));
1913 sesInfoFree(pSesInfo);
1914 /* pSesInfo = NULL; */
1918 atomic_inc(&tcon->useCount);
1919 cifs_sb->tcon = tcon;
1920 tcon->ses = pSesInfo;
1922 /* do not care if following two calls succeed - informational only */
1923 CIFSSMBQFSDeviceInfo(xid, tcon);
1924 CIFSSMBQFSAttributeInfo(xid, tcon);
1925 if (tcon->ses->capabilities & CAP_UNIX) {
1926 if(!CIFSSMBQFSUnixInfo(xid, tcon)) {
1927 if(!volume_info.no_psx_acl) {
1928 if(CIFS_UNIX_POSIX_ACL_CAP &
1929 le64_to_cpu(tcon->fsUnixInfo.Capability))
1930 cFYI(1,("server negotiated posix acl support"));
1931 sb->s_flags |= MS_POSIXACL;
1934 /* Try and negotiate POSIX pathnames if we can. */
1935 if (volume_info.posix_paths && (CIFS_UNIX_POSIX_PATHNAMES_CAP &
1936 le64_to_cpu(tcon->fsUnixInfo.Capability))) {
1937 if (!CIFSSMBSetFSUnixInfo(xid, tcon, CIFS_UNIX_POSIX_PATHNAMES_CAP)) {
1938 cFYI(1,("negotiated posix pathnames support"));
1939 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_POSIX_PATHS;
1941 cFYI(1,("posix pathnames support requested but not supported"));
1946 if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
1947 cifs_sb->wsize = min(cifs_sb->wsize,
1948 (tcon->ses->server->maxBuf -
1949 MAX_CIFS_HDR_SIZE));
1950 if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
1951 cifs_sb->rsize = min(cifs_sb->rsize,
1952 (tcon->ses->server->maxBuf -
1953 MAX_CIFS_HDR_SIZE));
1956 /* volume_info.password is freed above when existing session found
1957 (in which case it is not needed anymore) but when new sesion is created
1958 the password ptr is put in the new session structure (in which case the
1959 password will be freed at unmount time) */
1960 kfree(volume_info.UNC);
1966 CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
1967 char session_key[CIFS_SESSION_KEY_SIZE],
1968 const struct nls_table *nls_codepage)
1970 struct smb_hdr *smb_buffer;
1971 struct smb_hdr *smb_buffer_response;
1972 SESSION_SETUP_ANDX *pSMB;
1973 SESSION_SETUP_ANDX *pSMBr;
1978 int remaining_words = 0;
1979 int bytes_returned = 0;
1984 cFYI(1, ("In sesssetup"));
1987 user = ses->userName;
1988 domain = ses->domainName;
1989 smb_buffer = cifs_buf_get();
1990 if (smb_buffer == NULL) {
1993 smb_buffer_response = smb_buffer;
1994 pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
1996 /* send SMBsessionSetup here */
1997 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
1998 NULL /* no tCon exists yet */ , 13 /* wct */ );
2000 smb_buffer->Mid = GetNextMid(ses->server);
2001 pSMB->req_no_secext.AndXCommand = 0xFF;
2002 pSMB->req_no_secext.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2003 pSMB->req_no_secext.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2005 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2006 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2008 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2009 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
2010 if (ses->capabilities & CAP_UNICODE) {
2011 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2012 capabilities |= CAP_UNICODE;
2014 if (ses->capabilities & CAP_STATUS32) {
2015 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2016 capabilities |= CAP_STATUS32;
2018 if (ses->capabilities & CAP_DFS) {
2019 smb_buffer->Flags2 |= SMBFLG2_DFS;
2020 capabilities |= CAP_DFS;
2022 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
2024 pSMB->req_no_secext.CaseInsensitivePasswordLength =
2025 cpu_to_le16(CIFS_SESSION_KEY_SIZE);
2027 pSMB->req_no_secext.CaseSensitivePasswordLength =
2028 cpu_to_le16(CIFS_SESSION_KEY_SIZE);
2029 bcc_ptr = pByteArea(smb_buffer);
2030 memcpy(bcc_ptr, (char *) session_key, CIFS_SESSION_KEY_SIZE);
2031 bcc_ptr += CIFS_SESSION_KEY_SIZE;
2032 memcpy(bcc_ptr, (char *) session_key, CIFS_SESSION_KEY_SIZE);
2033 bcc_ptr += CIFS_SESSION_KEY_SIZE;
2035 if (ses->capabilities & CAP_UNICODE) {
2036 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode */
2041 bytes_returned = 0; /* skill null user */
2044 cifs_strtoUCS((__le16 *) bcc_ptr, user, 100,
2046 /* convert number of 16 bit words to bytes */
2047 bcc_ptr += 2 * bytes_returned;
2048 bcc_ptr += 2; /* trailing null */
2051 cifs_strtoUCS((__le16 *) bcc_ptr,
2052 "CIFS_LINUX_DOM", 32, nls_codepage);
2055 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2057 bcc_ptr += 2 * bytes_returned;
2060 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2062 bcc_ptr += 2 * bytes_returned;
2064 cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release,
2066 bcc_ptr += 2 * bytes_returned;
2069 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2071 bcc_ptr += 2 * bytes_returned;
2075 strncpy(bcc_ptr, user, 200);
2076 bcc_ptr += strnlen(user, 200);
2080 if (domain == NULL) {
2081 strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2082 bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2084 strncpy(bcc_ptr, domain, 64);
2085 bcc_ptr += strnlen(domain, 64);
2089 strcpy(bcc_ptr, "Linux version ");
2090 bcc_ptr += strlen("Linux version ");
2091 strcpy(bcc_ptr, system_utsname.release);
2092 bcc_ptr += strlen(system_utsname.release) + 1;
2093 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2094 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2096 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2097 smb_buffer->smb_buf_length += count;
2098 pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
2100 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2101 &bytes_returned, 1);
2103 /* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2104 } else if ((smb_buffer_response->WordCount == 3)
2105 || (smb_buffer_response->WordCount == 4)) {
2106 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2107 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2108 if (action & GUEST_LOGIN)
2109 cFYI(1, (" Guest login")); /* do we want to mark SesInfo struct ? */
2110 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format (le) */
2111 cFYI(1, ("UID = %d ", ses->Suid));
2112 /* response can have either 3 or 4 word count - Samba sends 3 */
2113 bcc_ptr = pByteArea(smb_buffer_response);
2114 if ((pSMBr->resp.hdr.WordCount == 3)
2115 || ((pSMBr->resp.hdr.WordCount == 4)
2116 && (blob_len < pSMBr->resp.ByteCount))) {
2117 if (pSMBr->resp.hdr.WordCount == 4)
2118 bcc_ptr += blob_len;
2120 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2121 if ((long) (bcc_ptr) % 2) {
2123 (BCC(smb_buffer_response) - 1) /2;
2124 bcc_ptr++; /* Unicode strings must be word aligned */
2127 BCC(smb_buffer_response) / 2;
2130 UniStrnlen((wchar_t *) bcc_ptr,
2131 remaining_words - 1);
2132 /* We look for obvious messed up bcc or strings in response so we do not go off
2133 the end since (at least) WIN2K and Windows XP have a major bug in not null
2134 terminating last Unicode string in response */
2135 ses->serverOS = kzalloc(2 * (len + 1), GFP_KERNEL);
2136 if(ses->serverOS == NULL)
2137 goto sesssetup_nomem;
2138 cifs_strfromUCS_le(ses->serverOS,
2139 (__le16 *)bcc_ptr, len,nls_codepage);
2140 bcc_ptr += 2 * (len + 1);
2141 remaining_words -= len + 1;
2142 ses->serverOS[2 * len] = 0;
2143 ses->serverOS[1 + (2 * len)] = 0;
2144 if (remaining_words > 0) {
2145 len = UniStrnlen((wchar_t *)bcc_ptr,
2147 ses->serverNOS = kzalloc(2 * (len + 1),GFP_KERNEL);
2148 if(ses->serverNOS == NULL)
2149 goto sesssetup_nomem;
2150 cifs_strfromUCS_le(ses->serverNOS,
2151 (__le16 *)bcc_ptr,len,nls_codepage);
2152 bcc_ptr += 2 * (len + 1);
2153 ses->serverNOS[2 * len] = 0;
2154 ses->serverNOS[1 + (2 * len)] = 0;
2155 if(strncmp(ses->serverNOS,
2156 "NT LAN Manager 4",16) == 0) {
2157 cFYI(1,("NT4 server"));
2158 ses->flags |= CIFS_SES_NT4;
2160 remaining_words -= len + 1;
2161 if (remaining_words > 0) {
2162 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2163 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2165 kzalloc(2*(len+1),GFP_KERNEL);
2166 if(ses->serverDomain == NULL)
2167 goto sesssetup_nomem;
2168 cifs_strfromUCS_le(ses->serverDomain,
2169 (__le16 *)bcc_ptr,len,nls_codepage);
2170 bcc_ptr += 2 * (len + 1);
2171 ses->serverDomain[2*len] = 0;
2172 ses->serverDomain[1+(2*len)] = 0;
2173 } /* else no more room so create dummy domain string */
2176 kzalloc(2, GFP_KERNEL);
2177 } else { /* no room so create dummy domain and NOS string */
2178 /* if these kcallocs fail not much we
2179 can do, but better to not fail the
2182 kzalloc(2, GFP_KERNEL);
2184 kzalloc(2, GFP_KERNEL);
2186 } else { /* ASCII */
2187 len = strnlen(bcc_ptr, 1024);
2188 if (((long) bcc_ptr + len) - (long)
2189 pByteArea(smb_buffer_response)
2190 <= BCC(smb_buffer_response)) {
2191 ses->serverOS = kzalloc(len + 1,GFP_KERNEL);
2192 if(ses->serverOS == NULL)
2193 goto sesssetup_nomem;
2194 strncpy(ses->serverOS,bcc_ptr, len);
2197 bcc_ptr[0] = 0; /* null terminate the string */
2200 len = strnlen(bcc_ptr, 1024);
2201 ses->serverNOS = kzalloc(len + 1,GFP_KERNEL);
2202 if(ses->serverNOS == NULL)
2203 goto sesssetup_nomem;
2204 strncpy(ses->serverNOS, bcc_ptr, len);
2209 len = strnlen(bcc_ptr, 1024);
2210 ses->serverDomain = kzalloc(len + 1,GFP_KERNEL);
2211 if(ses->serverDomain == NULL)
2212 goto sesssetup_nomem;
2213 strncpy(ses->serverDomain, bcc_ptr, len);
2219 ("Variable field of length %d extends beyond end of smb ",
2224 (" Security Blob Length extends beyond end of SMB"));
2228 (" Invalid Word count %d: ",
2229 smb_buffer_response->WordCount));
2232 sesssetup_nomem: /* do not return an error on nomem for the info strings,
2233 since that could make reconnection harder, and
2234 reconnection might be needed to free memory */
2236 cifs_buf_release(smb_buffer);
2242 CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2243 char *SecurityBlob,int SecurityBlobLength,
2244 const struct nls_table *nls_codepage)
2246 struct smb_hdr *smb_buffer;
2247 struct smb_hdr *smb_buffer_response;
2248 SESSION_SETUP_ANDX *pSMB;
2249 SESSION_SETUP_ANDX *pSMBr;
2254 int remaining_words = 0;
2255 int bytes_returned = 0;
2260 cFYI(1, ("In spnego sesssetup "));
2263 user = ses->userName;
2264 domain = ses->domainName;
2266 smb_buffer = cifs_buf_get();
2267 if (smb_buffer == NULL) {
2270 smb_buffer_response = smb_buffer;
2271 pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2273 /* send SMBsessionSetup here */
2274 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2275 NULL /* no tCon exists yet */ , 12 /* wct */ );
2277 smb_buffer->Mid = GetNextMid(ses->server);
2278 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2279 pSMB->req.AndXCommand = 0xFF;
2280 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2281 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2283 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2284 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2286 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2287 CAP_EXTENDED_SECURITY;
2288 if (ses->capabilities & CAP_UNICODE) {
2289 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2290 capabilities |= CAP_UNICODE;
2292 if (ses->capabilities & CAP_STATUS32) {
2293 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2294 capabilities |= CAP_STATUS32;
2296 if (ses->capabilities & CAP_DFS) {
2297 smb_buffer->Flags2 |= SMBFLG2_DFS;
2298 capabilities |= CAP_DFS;
2300 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2302 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2303 bcc_ptr = pByteArea(smb_buffer);
2304 memcpy(bcc_ptr, SecurityBlob, SecurityBlobLength);
2305 bcc_ptr += SecurityBlobLength;
2307 if (ses->capabilities & CAP_UNICODE) {
2308 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode strings */
2313 cifs_strtoUCS((__le16 *) bcc_ptr, user, 100, nls_codepage);
2314 bcc_ptr += 2 * bytes_returned; /* convert num of 16 bit words to bytes */
2315 bcc_ptr += 2; /* trailing null */
2318 cifs_strtoUCS((__le16 *) bcc_ptr,
2319 "CIFS_LINUX_DOM", 32, nls_codepage);
2322 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2324 bcc_ptr += 2 * bytes_returned;
2327 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2329 bcc_ptr += 2 * bytes_returned;
2331 cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release, 32,
2333 bcc_ptr += 2 * bytes_returned;
2336 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2338 bcc_ptr += 2 * bytes_returned;
2341 strncpy(bcc_ptr, user, 200);
2342 bcc_ptr += strnlen(user, 200);
2345 if (domain == NULL) {
2346 strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2347 bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2349 strncpy(bcc_ptr, domain, 64);
2350 bcc_ptr += strnlen(domain, 64);
2354 strcpy(bcc_ptr, "Linux version ");
2355 bcc_ptr += strlen("Linux version ");
2356 strcpy(bcc_ptr, system_utsname.release);
2357 bcc_ptr += strlen(system_utsname.release) + 1;
2358 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2359 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2361 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2362 smb_buffer->smb_buf_length += count;
2363 pSMB->req.ByteCount = cpu_to_le16(count);
2365 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2366 &bytes_returned, 1);
2368 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2369 } else if ((smb_buffer_response->WordCount == 3)
2370 || (smb_buffer_response->WordCount == 4)) {
2371 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2373 le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2374 if (action & GUEST_LOGIN)
2375 cFYI(1, (" Guest login")); /* BB do we want to set anything in SesInfo struct ? */
2377 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format (le) */
2378 cFYI(1, ("UID = %d ", ses->Suid));
2379 bcc_ptr = pByteArea(smb_buffer_response); /* response can have either 3 or 4 word count - Samba sends 3 */
2381 /* BB Fix below to make endian neutral !! */
2383 if ((pSMBr->resp.hdr.WordCount == 3)
2384 || ((pSMBr->resp.hdr.WordCount == 4)
2386 pSMBr->resp.ByteCount))) {
2387 if (pSMBr->resp.hdr.WordCount == 4) {
2391 ("Security Blob Length %d ",
2395 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2396 if ((long) (bcc_ptr) % 2) {
2398 (BCC(smb_buffer_response)
2400 bcc_ptr++; /* Unicode strings must be word aligned */
2404 (smb_buffer_response) / 2;
2407 UniStrnlen((wchar_t *) bcc_ptr,
2408 remaining_words - 1);
2409 /* We look for obvious messed up bcc or strings in response so we do not go off
2410 the end since (at least) WIN2K and Windows XP have a major bug in not null
2411 terminating last Unicode string in response */
2413 kzalloc(2 * (len + 1), GFP_KERNEL);
2414 cifs_strfromUCS_le(ses->serverOS,
2418 bcc_ptr += 2 * (len + 1);
2419 remaining_words -= len + 1;
2420 ses->serverOS[2 * len] = 0;
2421 ses->serverOS[1 + (2 * len)] = 0;
2422 if (remaining_words > 0) {
2423 len = UniStrnlen((wchar_t *)bcc_ptr,
2427 kzalloc(2 * (len + 1),
2429 cifs_strfromUCS_le(ses->serverNOS,
2433 bcc_ptr += 2 * (len + 1);
2434 ses->serverNOS[2 * len] = 0;
2435 ses->serverNOS[1 + (2 * len)] = 0;
2436 remaining_words -= len + 1;
2437 if (remaining_words > 0) {
2438 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2439 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2440 ses->serverDomain = kzalloc(2*(len+1),GFP_KERNEL);
2441 cifs_strfromUCS_le(ses->serverDomain,
2444 bcc_ptr += 2*(len+1);
2445 ses->serverDomain[2*len] = 0;
2446 ses->serverDomain[1+(2*len)] = 0;
2447 } /* else no more room so create dummy domain string */
2450 kzalloc(2,GFP_KERNEL);
2451 } else { /* no room so create dummy domain and NOS string */
2452 ses->serverDomain = kzalloc(2, GFP_KERNEL);
2453 ses->serverNOS = kzalloc(2, GFP_KERNEL);
2455 } else { /* ASCII */
2457 len = strnlen(bcc_ptr, 1024);
2458 if (((long) bcc_ptr + len) - (long)
2459 pByteArea(smb_buffer_response)
2460 <= BCC(smb_buffer_response)) {
2461 ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
2462 strncpy(ses->serverOS, bcc_ptr, len);
2465 bcc_ptr[0] = 0; /* null terminate the string */
2468 len = strnlen(bcc_ptr, 1024);
2469 ses->serverNOS = kzalloc(len + 1,GFP_KERNEL);
2470 strncpy(ses->serverNOS, bcc_ptr, len);
2475 len = strnlen(bcc_ptr, 1024);
2476 ses->serverDomain = kzalloc(len + 1, GFP_KERNEL);
2477 strncpy(ses->serverDomain, bcc_ptr, len);
2483 ("Variable field of length %d extends beyond end of smb ",
2488 (" Security Blob Length extends beyond end of SMB"));
2491 cERROR(1, ("No session structure passed in."));
2495 (" Invalid Word count %d: ",
2496 smb_buffer_response->WordCount));
2501 cifs_buf_release(smb_buffer);
2507 CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2508 struct cifsSesInfo *ses, int * pNTLMv2_flag,
2509 const struct nls_table *nls_codepage)
2511 struct smb_hdr *smb_buffer;
2512 struct smb_hdr *smb_buffer_response;
2513 SESSION_SETUP_ANDX *pSMB;
2514 SESSION_SETUP_ANDX *pSMBr;
2518 int remaining_words = 0;
2519 int bytes_returned = 0;
2521 int SecurityBlobLength = sizeof (NEGOTIATE_MESSAGE);
2522 PNEGOTIATE_MESSAGE SecurityBlob;
2523 PCHALLENGE_MESSAGE SecurityBlob2;
2524 __u32 negotiate_flags, capabilities;
2527 cFYI(1, ("In NTLMSSP sesssetup (negotiate) "));
2530 domain = ses->domainName;
2531 *pNTLMv2_flag = FALSE;
2532 smb_buffer = cifs_buf_get();
2533 if (smb_buffer == NULL) {
2536 smb_buffer_response = smb_buffer;
2537 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2538 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2540 /* send SMBsessionSetup here */
2541 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2542 NULL /* no tCon exists yet */ , 12 /* wct */ );
2544 smb_buffer->Mid = GetNextMid(ses->server);
2545 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2546 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2548 pSMB->req.AndXCommand = 0xFF;
2549 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2550 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2552 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2553 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2555 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2556 CAP_EXTENDED_SECURITY;
2557 if (ses->capabilities & CAP_UNICODE) {
2558 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2559 capabilities |= CAP_UNICODE;
2561 if (ses->capabilities & CAP_STATUS32) {
2562 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2563 capabilities |= CAP_STATUS32;
2565 if (ses->capabilities & CAP_DFS) {
2566 smb_buffer->Flags2 |= SMBFLG2_DFS;
2567 capabilities |= CAP_DFS;
2569 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2571 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2572 SecurityBlob = (PNEGOTIATE_MESSAGE) bcc_ptr;
2573 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2574 SecurityBlob->MessageType = NtLmNegotiate;
2576 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
2577 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM | 0x80000000 |
2578 /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
2580 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
2582 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
2583 /* setup pointers to domain name and workstation name */
2584 bcc_ptr += SecurityBlobLength;
2586 SecurityBlob->WorkstationName.Buffer = 0;
2587 SecurityBlob->WorkstationName.Length = 0;
2588 SecurityBlob->WorkstationName.MaximumLength = 0;
2590 if (domain == NULL) {
2591 SecurityBlob->DomainName.Buffer = 0;
2592 SecurityBlob->DomainName.Length = 0;
2593 SecurityBlob->DomainName.MaximumLength = 0;
2596 negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
2597 strncpy(bcc_ptr, domain, 63);
2598 len = strnlen(domain, 64);
2599 SecurityBlob->DomainName.MaximumLength =
2601 SecurityBlob->DomainName.Buffer =
2602 cpu_to_le32((long) &SecurityBlob->
2604 (long) &SecurityBlob->Signature);
2606 SecurityBlobLength += len;
2607 SecurityBlob->DomainName.Length =
2610 if (ses->capabilities & CAP_UNICODE) {
2611 if ((long) bcc_ptr % 2) {
2617 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2619 bcc_ptr += 2 * bytes_returned;
2621 cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release, 32,
2623 bcc_ptr += 2 * bytes_returned;
2624 bcc_ptr += 2; /* null terminate Linux version */
2626 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2628 bcc_ptr += 2 * bytes_returned;
2631 bcc_ptr += 2; /* null terminate network opsys string */
2634 bcc_ptr += 2; /* null domain */
2635 } else { /* ASCII */
2636 strcpy(bcc_ptr, "Linux version ");
2637 bcc_ptr += strlen("Linux version ");
2638 strcpy(bcc_ptr, system_utsname.release);
2639 bcc_ptr += strlen(system_utsname.release) + 1;
2640 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2641 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2642 bcc_ptr++; /* empty domain field */
2645 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2646 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2647 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2648 smb_buffer->smb_buf_length += count;
2649 pSMB->req.ByteCount = cpu_to_le16(count);
2651 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2652 &bytes_returned, 1);
2654 if (smb_buffer_response->Status.CifsError ==
2655 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
2659 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2660 } else if ((smb_buffer_response->WordCount == 3)
2661 || (smb_buffer_response->WordCount == 4)) {
2662 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2663 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2665 if (action & GUEST_LOGIN)
2666 cFYI(1, (" Guest login"));
2667 /* Do we want to set anything in SesInfo struct when guest login? */
2669 bcc_ptr = pByteArea(smb_buffer_response);
2670 /* response can have either 3 or 4 word count - Samba sends 3 */
2672 SecurityBlob2 = (PCHALLENGE_MESSAGE) bcc_ptr;
2673 if (SecurityBlob2->MessageType != NtLmChallenge) {
2675 ("Unexpected NTLMSSP message type received %d",
2676 SecurityBlob2->MessageType));
2678 ses->Suid = smb_buffer_response->Uid; /* UID left in le format */
2679 cFYI(1, ("UID = %d ", ses->Suid));
2680 if ((pSMBr->resp.hdr.WordCount == 3)
2681 || ((pSMBr->resp.hdr.WordCount == 4)
2683 pSMBr->resp.ByteCount))) {
2685 if (pSMBr->resp.hdr.WordCount == 4) {
2686 bcc_ptr += blob_len;
2688 ("Security Blob Length %d ",
2692 cFYI(1, ("NTLMSSP Challenge rcvd "));
2694 memcpy(ses->server->cryptKey,
2695 SecurityBlob2->Challenge,
2696 CIFS_CRYPTO_KEY_SIZE);
2697 if(SecurityBlob2->NegotiateFlags & cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
2698 *pNTLMv2_flag = TRUE;
2700 if((SecurityBlob2->NegotiateFlags &
2701 cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN))
2702 || (sign_CIFS_PDUs > 1))
2703 ses->server->secMode |=
2704 SECMODE_SIGN_REQUIRED;
2705 if ((SecurityBlob2->NegotiateFlags &
2706 cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN)) && (sign_CIFS_PDUs))
2707 ses->server->secMode |=
2708 SECMODE_SIGN_ENABLED;
2710 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2711 if ((long) (bcc_ptr) % 2) {
2713 (BCC(smb_buffer_response)
2715 bcc_ptr++; /* Unicode strings must be word aligned */
2719 (smb_buffer_response) / 2;
2722 UniStrnlen((wchar_t *) bcc_ptr,
2723 remaining_words - 1);
2724 /* We look for obvious messed up bcc or strings in response so we do not go off
2725 the end since (at least) WIN2K and Windows XP have a major bug in not null
2726 terminating last Unicode string in response */
2728 kzalloc(2 * (len + 1), GFP_KERNEL);
2729 cifs_strfromUCS_le(ses->serverOS,
2733 bcc_ptr += 2 * (len + 1);
2734 remaining_words -= len + 1;
2735 ses->serverOS[2 * len] = 0;
2736 ses->serverOS[1 + (2 * len)] = 0;
2737 if (remaining_words > 0) {
2738 len = UniStrnlen((wchar_t *)
2743 kzalloc(2 * (len + 1),
2745 cifs_strfromUCS_le(ses->
2751 bcc_ptr += 2 * (len + 1);
2752 ses->serverNOS[2 * len] = 0;
2755 remaining_words -= len + 1;
2756 if (remaining_words > 0) {
2757 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2758 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2770 ses->serverDomain[2*len]
2775 } /* else no more room so create dummy domain string */
2780 } else { /* no room so create dummy domain and NOS string */
2782 kzalloc(2, GFP_KERNEL);
2784 kzalloc(2, GFP_KERNEL);
2786 } else { /* ASCII */
2787 len = strnlen(bcc_ptr, 1024);
2788 if (((long) bcc_ptr + len) - (long)
2789 pByteArea(smb_buffer_response)
2790 <= BCC(smb_buffer_response)) {
2794 strncpy(ses->serverOS,
2798 bcc_ptr[0] = 0; /* null terminate string */
2801 len = strnlen(bcc_ptr, 1024);
2805 strncpy(ses->serverNOS, bcc_ptr, len);
2810 len = strnlen(bcc_ptr, 1024);
2814 strncpy(ses->serverDomain, bcc_ptr, len);
2820 ("Variable field of length %d extends beyond end of smb ",
2825 (" Security Blob Length extends beyond end of SMB"));
2828 cERROR(1, ("No session structure passed in."));
2832 (" Invalid Word count %d: ",
2833 smb_buffer_response->WordCount));
2838 cifs_buf_release(smb_buffer);
2843 CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2844 char *ntlm_session_key, int ntlmv2_flag,
2845 const struct nls_table *nls_codepage)
2847 struct smb_hdr *smb_buffer;
2848 struct smb_hdr *smb_buffer_response;
2849 SESSION_SETUP_ANDX *pSMB;
2850 SESSION_SETUP_ANDX *pSMBr;
2855 int remaining_words = 0;
2856 int bytes_returned = 0;
2858 int SecurityBlobLength = sizeof (AUTHENTICATE_MESSAGE);
2859 PAUTHENTICATE_MESSAGE SecurityBlob;
2860 __u32 negotiate_flags, capabilities;
2863 cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
2866 user = ses->userName;
2867 domain = ses->domainName;
2868 smb_buffer = cifs_buf_get();
2869 if (smb_buffer == NULL) {
2872 smb_buffer_response = smb_buffer;
2873 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2874 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2876 /* send SMBsessionSetup here */
2877 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2878 NULL /* no tCon exists yet */ , 12 /* wct */ );
2880 smb_buffer->Mid = GetNextMid(ses->server);
2881 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2882 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2883 pSMB->req.AndXCommand = 0xFF;
2884 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2885 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2887 pSMB->req.hdr.Uid = ses->Suid;
2889 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2890 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2892 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2893 CAP_EXTENDED_SECURITY;
2894 if (ses->capabilities & CAP_UNICODE) {
2895 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2896 capabilities |= CAP_UNICODE;
2898 if (ses->capabilities & CAP_STATUS32) {
2899 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2900 capabilities |= CAP_STATUS32;
2902 if (ses->capabilities & CAP_DFS) {
2903 smb_buffer->Flags2 |= SMBFLG2_DFS;
2904 capabilities |= CAP_DFS;
2906 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2908 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2909 SecurityBlob = (PAUTHENTICATE_MESSAGE) bcc_ptr;
2910 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2911 SecurityBlob->MessageType = NtLmAuthenticate;
2912 bcc_ptr += SecurityBlobLength;
2914 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
2915 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
2916 0x80000000 | NTLMSSP_NEGOTIATE_128;
2918 negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
2920 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
2922 /* setup pointers to domain name and workstation name */
2924 SecurityBlob->WorkstationName.Buffer = 0;
2925 SecurityBlob->WorkstationName.Length = 0;
2926 SecurityBlob->WorkstationName.MaximumLength = 0;
2927 SecurityBlob->SessionKey.Length = 0;
2928 SecurityBlob->SessionKey.MaximumLength = 0;
2929 SecurityBlob->SessionKey.Buffer = 0;
2931 SecurityBlob->LmChallengeResponse.Length = 0;
2932 SecurityBlob->LmChallengeResponse.MaximumLength = 0;
2933 SecurityBlob->LmChallengeResponse.Buffer = 0;
2935 SecurityBlob->NtChallengeResponse.Length =
2936 cpu_to_le16(CIFS_SESSION_KEY_SIZE);
2937 SecurityBlob->NtChallengeResponse.MaximumLength =
2938 cpu_to_le16(CIFS_SESSION_KEY_SIZE);
2939 memcpy(bcc_ptr, ntlm_session_key, CIFS_SESSION_KEY_SIZE);
2940 SecurityBlob->NtChallengeResponse.Buffer =
2941 cpu_to_le32(SecurityBlobLength);
2942 SecurityBlobLength += CIFS_SESSION_KEY_SIZE;
2943 bcc_ptr += CIFS_SESSION_KEY_SIZE;
2945 if (ses->capabilities & CAP_UNICODE) {
2946 if (domain == NULL) {
2947 SecurityBlob->DomainName.Buffer = 0;
2948 SecurityBlob->DomainName.Length = 0;
2949 SecurityBlob->DomainName.MaximumLength = 0;
2952 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2955 SecurityBlob->DomainName.MaximumLength =
2957 SecurityBlob->DomainName.Buffer =
2958 cpu_to_le32(SecurityBlobLength);
2960 SecurityBlobLength += len;
2961 SecurityBlob->DomainName.Length =
2965 SecurityBlob->UserName.Buffer = 0;
2966 SecurityBlob->UserName.Length = 0;
2967 SecurityBlob->UserName.MaximumLength = 0;
2970 cifs_strtoUCS((__le16 *) bcc_ptr, user, 64,
2973 SecurityBlob->UserName.MaximumLength =
2975 SecurityBlob->UserName.Buffer =
2976 cpu_to_le32(SecurityBlobLength);
2978 SecurityBlobLength += len;
2979 SecurityBlob->UserName.Length =
2983 /* SecurityBlob->WorkstationName.Length = cifs_strtoUCS((__le16 *) bcc_ptr, "AMACHINE",64, nls_codepage);
2984 SecurityBlob->WorkstationName.Length *= 2;
2985 SecurityBlob->WorkstationName.MaximumLength = cpu_to_le16(SecurityBlob->WorkstationName.Length);
2986 SecurityBlob->WorkstationName.Buffer = cpu_to_le32(SecurityBlobLength);
2987 bcc_ptr += SecurityBlob->WorkstationName.Length;
2988 SecurityBlobLength += SecurityBlob->WorkstationName.Length;
2989 SecurityBlob->WorkstationName.Length = cpu_to_le16(SecurityBlob->WorkstationName.Length); */
2991 if ((long) bcc_ptr % 2) {
2996 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2998 bcc_ptr += 2 * bytes_returned;
3000 cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release, 32,
3002 bcc_ptr += 2 * bytes_returned;
3003 bcc_ptr += 2; /* null term version string */
3005 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
3007 bcc_ptr += 2 * bytes_returned;
3010 bcc_ptr += 2; /* null terminate network opsys string */
3013 bcc_ptr += 2; /* null domain */
3014 } else { /* ASCII */
3015 if (domain == NULL) {
3016 SecurityBlob->DomainName.Buffer = 0;
3017 SecurityBlob->DomainName.Length = 0;
3018 SecurityBlob->DomainName.MaximumLength = 0;
3021 negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
3022 strncpy(bcc_ptr, domain, 63);
3023 len = strnlen(domain, 64);
3024 SecurityBlob->DomainName.MaximumLength =
3026 SecurityBlob->DomainName.Buffer =
3027 cpu_to_le32(SecurityBlobLength);
3029 SecurityBlobLength += len;
3030 SecurityBlob->DomainName.Length = cpu_to_le16(len);
3033 SecurityBlob->UserName.Buffer = 0;
3034 SecurityBlob->UserName.Length = 0;
3035 SecurityBlob->UserName.MaximumLength = 0;
3038 strncpy(bcc_ptr, user, 63);
3039 len = strnlen(user, 64);
3040 SecurityBlob->UserName.MaximumLength =
3042 SecurityBlob->UserName.Buffer =
3043 cpu_to_le32(SecurityBlobLength);
3045 SecurityBlobLength += len;
3046 SecurityBlob->UserName.Length = cpu_to_le16(len);
3048 /* BB fill in our workstation name if known BB */
3050 strcpy(bcc_ptr, "Linux version ");
3051 bcc_ptr += strlen("Linux version ");
3052 strcpy(bcc_ptr, system_utsname.release);
3053 bcc_ptr += strlen(system_utsname.release) + 1;
3054 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
3055 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
3056 bcc_ptr++; /* null domain */
3059 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
3060 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
3061 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
3062 smb_buffer->smb_buf_length += count;
3063 pSMB->req.ByteCount = cpu_to_le16(count);
3065 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
3066 &bytes_returned, 1);
3068 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
3069 } else if ((smb_buffer_response->WordCount == 3)
3070 || (smb_buffer_response->WordCount == 4)) {
3071 __u16 action = le16_to_cpu(pSMBr->resp.Action);
3073 le16_to_cpu(pSMBr->resp.SecurityBlobLength);
3074 if (action & GUEST_LOGIN)
3075 cFYI(1, (" Guest login")); /* BB do we want to set anything in SesInfo struct ? */
3076 /* if(SecurityBlob2->MessageType != NtLm??){
3077 cFYI("Unexpected message type on auth response is %d "));
3081 ("Does UID on challenge %d match auth response UID %d ",
3082 ses->Suid, smb_buffer_response->Uid));
3083 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format */
3084 bcc_ptr = pByteArea(smb_buffer_response);
3085 /* response can have either 3 or 4 word count - Samba sends 3 */
3086 if ((pSMBr->resp.hdr.WordCount == 3)
3087 || ((pSMBr->resp.hdr.WordCount == 4)
3089 pSMBr->resp.ByteCount))) {
3090 if (pSMBr->resp.hdr.WordCount == 4) {
3094 ("Security Blob Length %d ",
3099 ("NTLMSSP response to Authenticate "));
3101 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3102 if ((long) (bcc_ptr) % 2) {
3104 (BCC(smb_buffer_response)
3106 bcc_ptr++; /* Unicode strings must be word aligned */
3108 remaining_words = BCC(smb_buffer_response) / 2;
3111 UniStrnlen((wchar_t *) bcc_ptr,remaining_words - 1);
3112 /* We look for obvious messed up bcc or strings in response so we do not go off
3113 the end since (at least) WIN2K and Windows XP have a major bug in not null
3114 terminating last Unicode string in response */
3116 kzalloc(2 * (len + 1), GFP_KERNEL);
3117 cifs_strfromUCS_le(ses->serverOS,
3121 bcc_ptr += 2 * (len + 1);
3122 remaining_words -= len + 1;
3123 ses->serverOS[2 * len] = 0;
3124 ses->serverOS[1 + (2 * len)] = 0;
3125 if (remaining_words > 0) {
3126 len = UniStrnlen((wchar_t *)
3131 kzalloc(2 * (len + 1),
3133 cifs_strfromUCS_le(ses->
3139 bcc_ptr += 2 * (len + 1);
3140 ses->serverNOS[2 * len] = 0;
3141 ses->serverNOS[1+(2*len)] = 0;
3142 remaining_words -= len + 1;
3143 if (remaining_words > 0) {
3144 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
3145 /* last string not always null terminated (e.g. for Windows XP & 2000) */
3170 } /* else no more room so create dummy domain string */
3172 ses->serverDomain = kzalloc(2,GFP_KERNEL);
3173 } else { /* no room so create dummy domain and NOS string */
3174 ses->serverDomain = kzalloc(2, GFP_KERNEL);
3175 ses->serverNOS = kzalloc(2, GFP_KERNEL);
3177 } else { /* ASCII */
3178 len = strnlen(bcc_ptr, 1024);
3179 if (((long) bcc_ptr + len) -
3180 (long) pByteArea(smb_buffer_response)
3181 <= BCC(smb_buffer_response)) {
3182 ses->serverOS = kzalloc(len + 1,GFP_KERNEL);
3183 strncpy(ses->serverOS,bcc_ptr, len);
3186 bcc_ptr[0] = 0; /* null terminate the string */
3189 len = strnlen(bcc_ptr, 1024);
3190 ses->serverNOS = kzalloc(len+1,GFP_KERNEL);
3191 strncpy(ses->serverNOS, bcc_ptr, len);
3196 len = strnlen(bcc_ptr, 1024);
3197 ses->serverDomain = kzalloc(len+1,GFP_KERNEL);
3198 strncpy(ses->serverDomain, bcc_ptr, len);
3204 ("Variable field of length %d extends beyond end of smb ",
3209 (" Security Blob Length extends beyond end of SMB"));
3212 cERROR(1, ("No session structure passed in."));
3216 (" Invalid Word count %d: ",
3217 smb_buffer_response->WordCount));
3222 cifs_buf_release(smb_buffer);
3228 CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3229 const char *tree, struct cifsTconInfo *tcon,
3230 const struct nls_table *nls_codepage)
3232 struct smb_hdr *smb_buffer;
3233 struct smb_hdr *smb_buffer_response;
3236 unsigned char *bcc_ptr;
3244 smb_buffer = cifs_buf_get();
3245 if (smb_buffer == NULL) {
3248 smb_buffer_response = smb_buffer;
3250 header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3251 NULL /*no tid */ , 4 /*wct */ );
3253 smb_buffer->Mid = GetNextMid(ses->server);
3254 smb_buffer->Uid = ses->Suid;
3255 pSMB = (TCONX_REQ *) smb_buffer;
3256 pSMBr = (TCONX_RSP *) smb_buffer_response;
3258 pSMB->AndXCommand = 0xFF;
3259 pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
3260 bcc_ptr = &pSMB->Password[0];
3261 if((ses->server->secMode) & SECMODE_USER) {
3262 pSMB->PasswordLength = cpu_to_le16(1); /* minimum */
3263 bcc_ptr++; /* skip password */
3265 pSMB->PasswordLength = cpu_to_le16(CIFS_SESSION_KEY_SIZE);
3266 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3267 specified as required (when that support is added to
3268 the vfs in the future) as only NTLM or the much
3269 weaker LANMAN (which we do not send) is accepted
3270 by Samba (not sure whether other servers allow
3271 NTLMv2 password here) */
3272 SMBNTencrypt(ses->password,
3273 ses->server->cryptKey,
3276 bcc_ptr += CIFS_SESSION_KEY_SIZE;
3278 bcc_ptr++; /* align */
3281 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3282 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3284 if (ses->capabilities & CAP_STATUS32) {
3285 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3287 if (ses->capabilities & CAP_DFS) {
3288 smb_buffer->Flags2 |= SMBFLG2_DFS;
3290 if (ses->capabilities & CAP_UNICODE) {
3291 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3293 cifs_strtoUCS((__le16 *) bcc_ptr, tree, 100, nls_codepage);
3294 bcc_ptr += 2 * length; /* convert num of 16 bit words to bytes */
3295 bcc_ptr += 2; /* skip trailing null */
3296 } else { /* ASCII */
3297 strcpy(bcc_ptr, tree);
3298 bcc_ptr += strlen(tree) + 1;
3300 strcpy(bcc_ptr, "?????");
3301 bcc_ptr += strlen("?????");
3303 count = bcc_ptr - &pSMB->Password[0];
3304 pSMB->hdr.smb_buf_length += count;
3305 pSMB->ByteCount = cpu_to_le16(count);
3307 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length, 0);
3309 /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3310 /* above now done in SendReceive */
3311 if ((rc == 0) && (tcon != NULL)) {
3312 tcon->tidStatus = CifsGood;
3313 tcon->tid = smb_buffer_response->Tid;
3314 bcc_ptr = pByteArea(smb_buffer_response);
3315 length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2);
3316 /* skip service field (NB: this field is always ASCII) */
3317 bcc_ptr += length + 1;
3318 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3319 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3320 length = UniStrnlen((wchar_t *) bcc_ptr, 512);
3321 if ((bcc_ptr + (2 * length)) -
3322 pByteArea(smb_buffer_response) <=
3323 BCC(smb_buffer_response)) {
3324 kfree(tcon->nativeFileSystem);
3325 tcon->nativeFileSystem =
3326 kzalloc(length + 2, GFP_KERNEL);
3327 cifs_strfromUCS_le(tcon->nativeFileSystem,
3329 length, nls_codepage);
3330 bcc_ptr += 2 * length;
3331 bcc_ptr[0] = 0; /* null terminate the string */
3335 /* else do not bother copying these informational fields */
3337 length = strnlen(bcc_ptr, 1024);
3338 if ((bcc_ptr + length) -
3339 pByteArea(smb_buffer_response) <=
3340 BCC(smb_buffer_response)) {
3341 kfree(tcon->nativeFileSystem);
3342 tcon->nativeFileSystem =
3343 kzalloc(length + 1, GFP_KERNEL);
3344 strncpy(tcon->nativeFileSystem, bcc_ptr,
3347 /* else do not bother copying these informational fields */
3349 tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3350 cFYI(1, ("Tcon flags: 0x%x ", tcon->Flags));
3351 } else if ((rc == 0) && tcon == NULL) {
3352 /* all we need to save for IPC$ connection */
3353 ses->ipc_tid = smb_buffer_response->Tid;
3357 cifs_buf_release(smb_buffer);
3362 cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3366 struct cifsSesInfo *ses = NULL;
3367 struct task_struct *cifsd_task;
3371 if (cifs_sb->tcon) {
3372 ses = cifs_sb->tcon->ses; /* save ptr to ses before delete tcon!*/
3373 rc = CIFSSMBTDis(xid, cifs_sb->tcon);
3378 tconInfoFree(cifs_sb->tcon);
3379 if ((ses) && (ses->server)) {
3380 /* save off task so we do not refer to ses later */
3381 cifsd_task = ses->server->tsk;
3382 cFYI(1, ("About to do SMBLogoff "));
3383 rc = CIFSSMBLogoff(xid, ses);
3387 } else if (rc == -ESHUTDOWN) {
3388 cFYI(1,("Waking up socket by sending it signal"));
3390 send_sig(SIGKILL,cifsd_task,1);
3391 wait_for_completion(&cifsd_complete);
3394 } /* else - we have an smb session
3395 left on this socket do not kill cifsd */
3397 cFYI(1, ("No session or bad tcon"));
3400 cifs_sb->tcon = NULL;
3402 schedule_timeout_interruptible(msecs_to_jiffies(500));
3407 return rc; /* BB check if we should always return zero here */
3410 int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
3411 struct nls_table * nls_info)
3414 char ntlm_session_key[CIFS_SESSION_KEY_SIZE];
3415 int ntlmv2_flag = FALSE;
3418 /* what if server changes its buffer size after dropping the session? */
3419 if(pSesInfo->server->maxBuf == 0) /* no need to send on reconnect */ {
3420 rc = CIFSSMBNegotiate(xid, pSesInfo);
3421 if(rc == -EAGAIN) /* retry only once on 1st time connection */ {
3422 rc = CIFSSMBNegotiate(xid, pSesInfo);
3427 spin_lock(&GlobalMid_Lock);
3428 if(pSesInfo->server->tcpStatus != CifsExiting)
3429 pSesInfo->server->tcpStatus = CifsGood;
3432 spin_unlock(&GlobalMid_Lock);
3438 pSesInfo->capabilities = pSesInfo->server->capabilities;
3439 if(linuxExtEnabled == 0)
3440 pSesInfo->capabilities &= (~CAP_UNIX);
3441 /* pSesInfo->sequence_number = 0;*/
3442 cFYI(1,("Security Mode: 0x%x Capabilities: 0x%x Time Zone: %d",
3443 pSesInfo->server->secMode,
3444 pSesInfo->server->capabilities,
3445 pSesInfo->server->timeZone));
3446 if (extended_security
3447 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3448 && (pSesInfo->server->secType == NTLMSSP)) {
3449 cFYI(1, ("New style sesssetup "));
3450 rc = CIFSSpnegoSessSetup(xid, pSesInfo,
3451 NULL /* security blob */,
3452 0 /* blob length */,
3454 } else if (extended_security
3455 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3456 && (pSesInfo->server->secType == RawNTLMSSP)) {
3457 cFYI(1, ("NTLMSSP sesssetup "));
3458 rc = CIFSNTLMSSPNegotiateSessSetup(xid,
3465 cFYI(1,("Can use more secure NTLM version 2 password hash"));
3466 if(CalcNTLMv2_partial_mac_key(pSesInfo,
3471 v2_response = kmalloc(16 + 64 /* blob */, GFP_KERNEL);
3473 CalcNTLMv2_response(pSesInfo,v2_response);
3475 cifs_calculate_ntlmv2_mac_key(
3476 pSesInfo->server->mac_signing_key,
3477 response, ntlm_session_key, */
3479 /* BB Put dummy sig in SessSetup PDU? */
3486 SMBNTencrypt(pSesInfo->password,
3487 pSesInfo->server->cryptKey,
3491 cifs_calculate_mac_key(
3492 pSesInfo->server->mac_signing_key,
3494 pSesInfo->password);
3496 /* for better security the weaker lanman hash not sent
3497 in AuthSessSetup so we no longer calculate it */
3499 rc = CIFSNTLMSSPAuthSessSetup(xid,
3505 } else { /* old style NTLM 0.12 session setup */
3506 SMBNTencrypt(pSesInfo->password,
3507 pSesInfo->server->cryptKey,
3511 cifs_calculate_mac_key(
3512 pSesInfo->server->mac_signing_key,
3513 ntlm_session_key, pSesInfo->password);
3515 rc = CIFSSessSetup(xid, pSesInfo,
3516 ntlm_session_key, nls_info);
3519 cERROR(1,("Send error in SessSetup = %d",rc));
3521 cFYI(1,("CIFS Session Established successfully"));
3522 pSesInfo->status = CifsGood;