4 * Copyright (C) International Business Machines Corp., 2002,2007
5 * Author(s): Steve French (sfrench@us.ibm.com)
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/ipv6.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/kthread.h>
34 #include <linux/pagevec.h>
35 #include <linux/freezer.h>
36 #include <asm/uaccess.h>
37 #include <asm/processor.h>
40 #include "cifsproto.h"
41 #include "cifs_unicode.h"
42 #include "cifs_debug.h"
43 #include "cifs_fs_sb.h"
46 #include "rfc1002pdu.h"
50 #define RFC1001_PORT 139
52 static DECLARE_COMPLETION(cifsd_complete);
54 extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
57 extern mempool_t *cifs_req_poolp;
65 char *in6_addr; /* ipv6 address as human readable form of in6_addr */
66 char *iocharset; /* local code page for mapping to and from Unicode */
67 char source_rfc1001_name[16]; /* netbios name of client */
68 char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
78 unsigned override_uid:1;
79 unsigned override_gid:1;
81 unsigned no_psx_acl:1; /* set if posix acl support should be disabled */
83 unsigned no_xattr:1; /* set if xattr (EA) support should be disabled*/
84 unsigned server_ino:1; /* use inode numbers from server ie UniqueId */
86 unsigned remap:1; /* set to remap seven reserved chars in filenames */
87 unsigned posix_paths:1; /* unset to not ask for posix pathnames. */
88 unsigned no_linux_ext:1;
90 unsigned nullauth:1; /* attempt to authenticate with null user */
91 unsigned nocase; /* request case insensitive filenames */
92 unsigned nobrl; /* disable sending byte range locks to srv */
96 unsigned short int port;
100 static int ipv4_connect(struct sockaddr_in *psin_server,
101 struct socket **csocket,
103 char *server_netb_name);
104 static int ipv6_connect(struct sockaddr_in6 *psin_server,
105 struct socket **csocket);
109 * cifs tcp session reconnection
111 * mark tcp session as reconnecting so temporarily locked
112 * mark all smb sessions as reconnecting for tcp session
113 * reconnect tcp session
114 * wake up waiters on reconnection? - (not needed currently)
118 cifs_reconnect(struct TCP_Server_Info *server)
121 struct list_head *tmp;
122 struct cifsSesInfo *ses;
123 struct cifsTconInfo *tcon;
124 struct mid_q_entry *mid_entry;
126 spin_lock(&GlobalMid_Lock);
127 if (kthread_should_stop()) {
128 /* the demux thread will exit normally
129 next time through the loop */
130 spin_unlock(&GlobalMid_Lock);
133 server->tcpStatus = CifsNeedReconnect;
134 spin_unlock(&GlobalMid_Lock);
137 cFYI(1, ("Reconnecting tcp session"));
139 /* before reconnecting the tcp session, mark the smb session (uid)
140 and the tid bad so they are not used until reconnected */
141 read_lock(&GlobalSMBSeslock);
142 list_for_each(tmp, &GlobalSMBSessionList) {
143 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
145 if (ses->server == server) {
146 ses->status = CifsNeedReconnect;
150 /* else tcp and smb sessions need reconnection */
152 list_for_each(tmp, &GlobalTreeConnectionList) {
153 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
154 if ((tcon) && (tcon->ses) && (tcon->ses->server == server))
155 tcon->tidStatus = CifsNeedReconnect;
157 read_unlock(&GlobalSMBSeslock);
158 /* do not want to be sending data on a socket we are freeing */
159 down(&server->tcpSem);
160 if (server->ssocket) {
161 cFYI(1, ("State: 0x%x Flags: 0x%lx", server->ssocket->state,
162 server->ssocket->flags));
163 server->ssocket->ops->shutdown(server->ssocket, SEND_SHUTDOWN);
164 cFYI(1, ("Post shutdown state: 0x%x Flags: 0x%lx",
165 server->ssocket->state,
166 server->ssocket->flags));
167 sock_release(server->ssocket);
168 server->ssocket = NULL;
171 spin_lock(&GlobalMid_Lock);
172 list_for_each(tmp, &server->pending_mid_q) {
173 mid_entry = list_entry(tmp, struct
177 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
178 /* Mark other intransit requests as needing
179 retry so we do not immediately mark the
180 session bad again (ie after we reconnect
181 below) as they timeout too */
182 mid_entry->midState = MID_RETRY_NEEDED;
186 spin_unlock(&GlobalMid_Lock);
189 while ((!kthread_should_stop()) && (server->tcpStatus != CifsGood)) {
191 if (server->protocolType == IPV6) {
192 rc = ipv6_connect(&server->addr.sockAddr6,
195 rc = ipv4_connect(&server->addr.sockAddr,
197 server->workstation_RFC1001_name,
198 server->server_RFC1001_name);
201 cFYI(1, ("reconnect error %d", rc));
204 atomic_inc(&tcpSesReconnectCount);
205 spin_lock(&GlobalMid_Lock);
206 if (!kthread_should_stop())
207 server->tcpStatus = CifsGood;
208 server->sequence_number = 0;
209 spin_unlock(&GlobalMid_Lock);
210 /* atomic_set(&server->inFlight,0);*/
211 wake_up(&server->response_q);
219 0 not a transact2, or all data present
220 >0 transact2 with that much data missing
221 -EINVAL = invalid transact2
224 static int check2ndT2(struct smb_hdr *pSMB, unsigned int maxBufSize)
226 struct smb_t2_rsp *pSMBt;
228 int data_in_this_rsp;
231 if (pSMB->Command != SMB_COM_TRANSACTION2)
234 /* check for plausible wct, bcc and t2 data and parm sizes */
235 /* check for parm and data offset going beyond end of smb */
236 if (pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
237 cFYI(1, ("invalid transact2 word count"));
241 pSMBt = (struct smb_t2_rsp *)pSMB;
243 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
244 data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
246 remaining = total_data_size - data_in_this_rsp;
250 else if (remaining < 0) {
251 cFYI(1, ("total data %d smaller than data in frame %d",
252 total_data_size, data_in_this_rsp));
255 cFYI(1, ("missing %d bytes from transact2, check next response",
257 if (total_data_size > maxBufSize) {
258 cERROR(1, ("TotalDataSize %d is over maximum buffer %d",
259 total_data_size, maxBufSize));
266 static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
268 struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
269 struct smb_t2_rsp *pSMBt = (struct smb_t2_rsp *)pTargetSMB;
274 char *data_area_of_target;
275 char *data_area_of_buf2;
278 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
280 if (total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
281 cFYI(1, ("total data size of primary and secondary t2 differ"));
284 total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
286 remaining = total_data_size - total_in_buf;
291 if (remaining == 0) /* nothing to do, ignore */
294 total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
295 if (remaining < total_in_buf2) {
296 cFYI(1, ("transact2 2nd response contains too much data"));
299 /* find end of first SMB data area */
300 data_area_of_target = (char *)&pSMBt->hdr.Protocol +
301 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
302 /* validate target area */
304 data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
305 le16_to_cpu(pSMB2->t2_rsp.DataOffset);
307 data_area_of_target += total_in_buf;
309 /* copy second buffer into end of first buffer */
310 memcpy(data_area_of_target, data_area_of_buf2, total_in_buf2);
311 total_in_buf += total_in_buf2;
312 pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
313 byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
314 byte_count += total_in_buf2;
315 BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
317 byte_count = pTargetSMB->smb_buf_length;
318 byte_count += total_in_buf2;
320 /* BB also add check that we are not beyond maximum buffer size */
322 pTargetSMB->smb_buf_length = byte_count;
324 if (remaining == total_in_buf2) {
325 cFYI(1, ("found the last secondary response"));
326 return 0; /* we are done */
327 } else /* more responses to go */
333 cifs_demultiplex_thread(struct TCP_Server_Info *server)
336 unsigned int pdu_length, total_read;
337 struct smb_hdr *smb_buffer = NULL;
338 struct smb_hdr *bigbuf = NULL;
339 struct smb_hdr *smallbuf = NULL;
340 struct msghdr smb_msg;
342 struct socket *csocket = server->ssocket;
343 struct list_head *tmp;
344 struct cifsSesInfo *ses;
345 struct task_struct *task_to_wake = NULL;
346 struct mid_q_entry *mid_entry;
348 int isLargeBuf = FALSE;
352 current->flags |= PF_MEMALLOC;
353 server->tsk = current; /* save process info to wake at shutdown */
354 cFYI(1, ("Demultiplex PID: %d", current->pid));
355 write_lock(&GlobalSMBSeslock);
356 atomic_inc(&tcpSesAllocCount);
357 length = tcpSesAllocCount.counter;
358 write_unlock(&GlobalSMBSeslock);
359 complete(&cifsd_complete);
361 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
365 while (!kthread_should_stop()) {
368 if (bigbuf == NULL) {
369 bigbuf = cifs_buf_get();
371 cERROR(1, ("No memory for large SMB response"));
373 /* retry will check if exiting */
376 } else if (isLargeBuf) {
377 /* we are reusing a dirty large buf, clear its start */
378 memset(bigbuf, 0, sizeof(struct smb_hdr));
381 if (smallbuf == NULL) {
382 smallbuf = cifs_small_buf_get();
384 cERROR(1, ("No memory for SMB response"));
386 /* retry will check if exiting */
389 /* beginning of smb buffer is cleared in our buf_get */
390 } else /* if existing small buf clear beginning */
391 memset(smallbuf, 0, sizeof(struct smb_hdr));
395 smb_buffer = smallbuf;
396 iov.iov_base = smb_buffer;
398 smb_msg.msg_control = NULL;
399 smb_msg.msg_controllen = 0;
400 pdu_length = 4; /* enough to get RFC1001 header */
403 kernel_recvmsg(csocket, &smb_msg,
404 &iov, 1, pdu_length, 0 /* BB other flags? */);
406 if (kthread_should_stop()) {
408 } else if (server->tcpStatus == CifsNeedReconnect) {
409 cFYI(1, ("Reconnect after server stopped responding"));
410 cifs_reconnect(server);
411 cFYI(1, ("call to reconnect done"));
412 csocket = server->ssocket;
414 } else if ((length == -ERESTARTSYS) || (length == -EAGAIN)) {
415 msleep(1); /* minimum sleep to prevent looping
416 allowing socket to clear and app threads to set
417 tcpStatus CifsNeedReconnect if server hung */
419 } else if (length <= 0) {
420 if (server->tcpStatus == CifsNew) {
421 cFYI(1, ("tcp session abend after SMBnegprot"));
422 /* some servers kill the TCP session rather than
423 returning an SMB negprot error, in which
424 case reconnecting here is not going to help,
425 and so simply return error to mount */
428 if (!try_to_freeze() && (length == -EINTR)) {
429 cFYI(1, ("cifsd thread killed"));
432 cFYI(1, ("Reconnect after unexpected peek error %d",
434 cifs_reconnect(server);
435 csocket = server->ssocket;
436 wake_up(&server->response_q);
438 } else if (length < 4) {
439 cFYI(1, ("less than four bytes received (%d bytes)",
441 pdu_length -= length;
442 cifs_reconnect(server);
447 /* The right amount was read from socket - 4 bytes */
448 /* so we can now interpret the length field */
450 /* the first byte big endian of the length field,
451 is actually not part of the length but the type
452 with the most common, zero, as regular data */
453 temp = *((char *) smb_buffer);
455 /* Note that FC 1001 length is big endian on the wire,
456 but we convert it here so it is always manipulated
457 as host byte order */
458 pdu_length = ntohl(smb_buffer->smb_buf_length);
459 smb_buffer->smb_buf_length = pdu_length;
461 cFYI(1, ("rfc1002 length 0x%x", pdu_length+4));
463 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
465 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
466 cFYI(1, ("Good RFC 1002 session rsp"));
468 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
469 /* we get this from Windows 98 instead of
470 an error on SMB negprot response */
471 cFYI(1, ("Negative RFC1002 Session Response Error 0x%x)",
473 if (server->tcpStatus == CifsNew) {
474 /* if nack on negprot (rather than
475 ret of smb negprot error) reconnecting
476 not going to help, ret error to mount */
479 /* give server a second to
480 clean up before reconnect attempt */
482 /* always try 445 first on reconnect
483 since we get NACK on some if we ever
484 connected to port 139 (the NACK is
485 since we do not begin with RFC1001
486 session initialize frame) */
487 server->addr.sockAddr.sin_port =
489 cifs_reconnect(server);
490 csocket = server->ssocket;
491 wake_up(&server->response_q);
494 } else if (temp != (char) 0) {
495 cERROR(1, ("Unknown RFC 1002 frame"));
496 cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
498 cifs_reconnect(server);
499 csocket = server->ssocket;
503 /* else we have an SMB response */
504 if ((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
505 (pdu_length < sizeof(struct smb_hdr) - 1 - 4)) {
506 cERROR(1, ("Invalid size SMB length %d pdu_length %d",
507 length, pdu_length+4));
508 cifs_reconnect(server);
509 csocket = server->ssocket;
510 wake_up(&server->response_q);
517 if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
519 memcpy(bigbuf, smallbuf, 4);
523 iov.iov_base = 4 + (char *)smb_buffer;
524 iov.iov_len = pdu_length;
525 for (total_read = 0; total_read < pdu_length;
526 total_read += length) {
527 length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
528 pdu_length - total_read, 0);
529 if (kthread_should_stop() ||
530 (length == -EINTR)) {
534 } else if (server->tcpStatus == CifsNeedReconnect) {
535 cifs_reconnect(server);
536 csocket = server->ssocket;
537 /* Reconnect wakes up rspns q */
538 /* Now we will reread sock */
541 } else if ((length == -ERESTARTSYS) ||
542 (length == -EAGAIN)) {
543 msleep(1); /* minimum sleep to prevent looping,
544 allowing socket to clear and app
545 threads to set tcpStatus
546 CifsNeedReconnect if server hung*/
548 } else if (length <= 0) {
549 cERROR(1, ("Received no data, expecting %d",
550 pdu_length - total_read));
551 cifs_reconnect(server);
552 csocket = server->ssocket;
559 else if (reconnect == 1)
562 length += 4; /* account for rfc1002 hdr */
565 dump_smb(smb_buffer, length);
566 if (checkSMB(smb_buffer, smb_buffer->Mid, total_read+4)) {
567 cifs_dump_mem("Bad SMB: ", smb_buffer, 48);
573 spin_lock(&GlobalMid_Lock);
574 list_for_each(tmp, &server->pending_mid_q) {
575 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
577 if ((mid_entry->mid == smb_buffer->Mid) &&
578 (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
579 (mid_entry->command == smb_buffer->Command)) {
580 if (check2ndT2(smb_buffer,server->maxBuf) > 0) {
581 /* We have a multipart transact2 resp */
583 if (mid_entry->resp_buf) {
584 /* merge response - fix up 1st*/
585 if (coalesce_t2(smb_buffer,
586 mid_entry->resp_buf)) {
587 mid_entry->multiRsp = 1;
590 /* all parts received */
591 mid_entry->multiEnd = 1;
596 cERROR(1,("1st trans2 resp needs bigbuf"));
597 /* BB maybe we can fix this up, switch
598 to already allocated large buffer? */
600 /* Have first buffer */
601 mid_entry->resp_buf =
603 mid_entry->largeBuf = 1;
609 mid_entry->resp_buf = smb_buffer;
611 mid_entry->largeBuf = 1;
613 mid_entry->largeBuf = 0;
615 task_to_wake = mid_entry->tsk;
616 mid_entry->midState = MID_RESPONSE_RECEIVED;
617 #ifdef CONFIG_CIFS_STATS2
618 mid_entry->when_received = jiffies;
620 /* so we do not time out requests to server
621 which is still responding (since server could
622 be busy but not dead) */
623 server->lstrp = jiffies;
627 spin_unlock(&GlobalMid_Lock);
629 /* Was previous buf put in mpx struct for multi-rsp? */
631 /* smb buffer will be freed by user thread */
637 wake_up_process(task_to_wake);
638 } else if ((is_valid_oplock_break(smb_buffer, server) == FALSE)
639 && (isMultiRsp == FALSE)) {
640 cERROR(1, ("No task to wake, unknown frame received! "
641 "NumMids %d", midCount.counter));
642 cifs_dump_mem("Received Data is: ", (char *)smb_buffer,
643 sizeof(struct smb_hdr));
644 #ifdef CONFIG_CIFS_DEBUG2
645 cifs_dump_detail(smb_buffer);
646 cifs_dump_mids(server);
647 #endif /* CIFS_DEBUG2 */
650 } /* end while !EXITING */
652 spin_lock(&GlobalMid_Lock);
653 server->tcpStatus = CifsExiting;
655 /* check if we have blocked requests that need to free */
656 /* Note that cifs_max_pending is normally 50, but
657 can be set at module install time to as little as two */
658 if (atomic_read(&server->inFlight) >= cifs_max_pending)
659 atomic_set(&server->inFlight, cifs_max_pending - 1);
660 /* We do not want to set the max_pending too low or we
661 could end up with the counter going negative */
662 spin_unlock(&GlobalMid_Lock);
663 /* Although there should not be any requests blocked on
664 this queue it can not hurt to be paranoid and try to wake up requests
665 that may haven been blocked when more than 50 at time were on the wire
666 to the same server - they now will see the session is in exit state
667 and get out of SendReceive. */
668 wake_up_all(&server->request_q);
669 /* give those requests time to exit */
672 if (server->ssocket) {
673 sock_release(csocket);
674 server->ssocket = NULL;
676 /* buffer usuallly freed in free_mid - need to free it here on exit */
678 cifs_buf_release(bigbuf);
679 if (smallbuf != NULL)
680 cifs_small_buf_release(smallbuf);
682 read_lock(&GlobalSMBSeslock);
683 if (list_empty(&server->pending_mid_q)) {
684 /* loop through server session structures attached to this and
686 list_for_each(tmp, &GlobalSMBSessionList) {
688 list_entry(tmp, struct cifsSesInfo,
690 if (ses->server == server) {
691 ses->status = CifsExiting;
695 read_unlock(&GlobalSMBSeslock);
697 /* although we can not zero the server struct pointer yet,
698 since there are active requests which may depnd on them,
699 mark the corresponding SMB sessions as exiting too */
700 list_for_each(tmp, &GlobalSMBSessionList) {
701 ses = list_entry(tmp, struct cifsSesInfo,
703 if (ses->server == server)
704 ses->status = CifsExiting;
707 spin_lock(&GlobalMid_Lock);
708 list_for_each(tmp, &server->pending_mid_q) {
709 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
710 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
711 cFYI(1, ("Clearing Mid 0x%x - waking up ",
713 task_to_wake = mid_entry->tsk;
715 wake_up_process(task_to_wake);
718 spin_unlock(&GlobalMid_Lock);
719 read_unlock(&GlobalSMBSeslock);
720 /* 1/8th of sec is more than enough time for them to exit */
724 if (!list_empty(&server->pending_mid_q)) {
725 /* mpx threads have not exited yet give them
726 at least the smb send timeout time for long ops */
727 /* due to delays on oplock break requests, we need
728 to wait at least 45 seconds before giving up
729 on a request getting a response and going ahead
731 cFYI(1, ("Wait for exit from demultiplex thread"));
733 /* if threads still have not exited they are probably never
734 coming home not much else we can do but free the memory */
737 write_lock(&GlobalSMBSeslock);
738 atomic_dec(&tcpSesAllocCount);
739 length = tcpSesAllocCount.counter;
741 /* last chance to mark ses pointers invalid
742 if there are any pointing to this (e.g
743 if a crazy root user tried to kill cifsd
744 kernel thread explicitly this might happen) */
745 list_for_each(tmp, &GlobalSMBSessionList) {
746 ses = list_entry(tmp, struct cifsSesInfo,
748 if (ses->server == server)
751 write_unlock(&GlobalSMBSeslock);
755 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
762 cifs_parse_mount_options(char *options, const char *devname,
767 unsigned int temp_len, i, j;
773 if (Local_System_Name[0] != 0)
774 memcpy(vol->source_rfc1001_name, Local_System_Name, 15);
776 char *nodename = utsname()->nodename;
777 int n = strnlen(nodename, 15);
778 memset(vol->source_rfc1001_name, 0x20, 15);
779 for (i = 0; i < n; i++) {
780 /* does not have to be perfect mapping since field is
781 informational, only used for servers that do not support
782 port 445 and it can be overridden at mount time */
783 vol->source_rfc1001_name[i] = toupper(nodename[i]);
786 vol->source_rfc1001_name[15] = 0;
787 /* null target name indicates to use *SMBSERVR default called name
788 if we end up sending RFC1001 session initialize */
789 vol->target_rfc1001_name[0] = 0;
790 vol->linux_uid = current->uid; /* current->euid instead? */
791 vol->linux_gid = current->gid;
792 vol->dir_mode = S_IRWXUGO;
793 /* 2767 perms indicate mandatory locking support */
794 vol->file_mode = S_IALLUGO & ~(S_ISUID | S_IXGRP);
796 /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
798 /* default is always to request posix paths. */
799 vol->posix_paths = 1;
804 if (strncmp(options, "sep=", 4) == 0) {
805 if (options[4] != 0) {
806 separator[0] = options[4];
809 cFYI(1, ("Null separator not allowed"));
813 while ((data = strsep(&options, separator)) != NULL) {
816 if ((value = strchr(data, '=')) != NULL)
819 /* Have to parse this before we parse for "user" */
820 if (strnicmp(data, "user_xattr", 10) == 0) {
822 } else if (strnicmp(data, "nouser_xattr", 12) == 0) {
824 } else if (strnicmp(data, "user", 4) == 0) {
827 "CIFS: invalid or missing username\n");
828 return 1; /* needs_arg; */
829 } else if (!*value) {
830 /* null user, ie anonymous, authentication */
833 if (strnlen(value, 200) < 200) {
834 vol->username = value;
836 printk(KERN_WARNING "CIFS: username too long\n");
839 } else if (strnicmp(data, "pass", 4) == 0) {
841 vol->password = NULL;
843 } else if (value[0] == 0) {
844 /* check if string begins with double comma
845 since that would mean the password really
846 does start with a comma, and would not
847 indicate an empty string */
848 if (value[1] != separator[0]) {
849 vol->password = NULL;
853 temp_len = strlen(value);
854 /* removed password length check, NTLM passwords
855 can be arbitrarily long */
857 /* if comma in password, the string will be
858 prematurely null terminated. Commas in password are
859 specified across the cifs mount interface by a double
860 comma ie ,, and a comma used as in other cases ie ','
861 as a parameter delimiter/separator is single and due
862 to the strsep above is temporarily zeroed. */
864 /* NB: password legally can have multiple commas and
865 the only illegal character in a password is null */
867 if ((value[temp_len] == 0) &&
868 (value[temp_len+1] == separator[0])) {
870 value[temp_len] = separator[0];
871 temp_len += 2; /* move after second comma */
872 while (value[temp_len] != 0) {
873 if (value[temp_len] == separator[0]) {
874 if (value[temp_len+1] ==
876 /* skip second comma */
879 /* single comma indicating start
886 if (value[temp_len] == 0) {
890 /* point option to start of next parm */
891 options = value + temp_len + 1;
893 /* go from value to value + temp_len condensing
894 double commas to singles. Note that this ends up
895 allocating a few bytes too many, which is ok */
896 vol->password = kzalloc(temp_len, GFP_KERNEL);
897 if (vol->password == NULL) {
898 printk(KERN_WARNING "CIFS: no memory "
902 for (i = 0, j = 0; i < temp_len; i++, j++) {
903 vol->password[j] = value[i];
904 if (value[i] == separator[0]
905 && value[i+1] == separator[0]) {
906 /* skip second comma */
910 vol->password[j] = 0;
912 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
913 if (vol->password == NULL) {
914 printk(KERN_WARNING "CIFS: no memory "
918 strcpy(vol->password, value);
920 } else if (strnicmp(data, "ip", 2) == 0) {
921 if (!value || !*value) {
923 } else if (strnlen(value, 35) < 35) {
926 printk(KERN_WARNING "CIFS: ip address "
930 } else if (strnicmp(data, "sec", 3) == 0) {
931 if (!value || !*value) {
932 cERROR(1, ("no security value specified"));
934 } else if (strnicmp(value, "krb5i", 5) == 0) {
935 vol->secFlg |= CIFSSEC_MAY_KRB5 |
937 } else if (strnicmp(value, "krb5p", 5) == 0) {
938 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
940 cERROR(1, ("Krb5 cifs privacy not supported"));
942 } else if (strnicmp(value, "krb5", 4) == 0) {
943 vol->secFlg |= CIFSSEC_MAY_KRB5;
944 } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
945 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
947 } else if (strnicmp(value, "ntlmv2", 6) == 0) {
948 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
949 } else if (strnicmp(value, "ntlmi", 5) == 0) {
950 vol->secFlg |= CIFSSEC_MAY_NTLM |
952 } else if (strnicmp(value, "ntlm", 4) == 0) {
953 /* ntlm is default so can be turned off too */
954 vol->secFlg |= CIFSSEC_MAY_NTLM;
955 } else if (strnicmp(value, "nontlm", 6) == 0) {
956 /* BB is there a better way to do this? */
957 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
958 #ifdef CONFIG_CIFS_WEAK_PW_HASH
959 } else if (strnicmp(value, "lanman", 6) == 0) {
960 vol->secFlg |= CIFSSEC_MAY_LANMAN;
962 } else if (strnicmp(value, "none", 4) == 0) {
965 cERROR(1, ("bad security option: %s", value));
968 } else if ((strnicmp(data, "unc", 3) == 0)
969 || (strnicmp(data, "target", 6) == 0)
970 || (strnicmp(data, "path", 4) == 0)) {
971 if (!value || !*value) {
972 printk(KERN_WARNING "CIFS: invalid path to "
973 "network resource\n");
974 return 1; /* needs_arg; */
976 if ((temp_len = strnlen(value, 300)) < 300) {
977 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
978 if (vol->UNC == NULL)
980 strcpy(vol->UNC, value);
981 if (strncmp(vol->UNC, "//", 2) == 0) {
984 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
986 "CIFS: UNC Path does not begin "
987 "with // or \\\\ \n");
991 printk(KERN_WARNING "CIFS: UNC name too long\n");
994 } else if ((strnicmp(data, "domain", 3) == 0)
995 || (strnicmp(data, "workgroup", 5) == 0)) {
996 if (!value || !*value) {
997 printk(KERN_WARNING "CIFS: invalid domain name\n");
998 return 1; /* needs_arg; */
1000 /* BB are there cases in which a comma can be valid in
1001 a domain name and need special handling? */
1002 if (strnlen(value, 256) < 256) {
1003 vol->domainname = value;
1004 cFYI(1, ("Domain name set"));
1006 printk(KERN_WARNING "CIFS: domain name too "
1010 } else if (strnicmp(data, "prefixpath", 10) == 0) {
1011 if (!value || !*value) {
1013 "CIFS: invalid path prefix\n");
1014 return 1; /* needs_argument */
1016 if ((temp_len = strnlen(value, 1024)) < 1024) {
1017 if (value[0] != '/')
1018 temp_len++; /* missing leading slash */
1019 vol->prepath = kmalloc(temp_len+1, GFP_KERNEL);
1020 if (vol->prepath == NULL)
1022 if (value[0] != '/') {
1023 vol->prepath[0] = '/';
1024 strcpy(vol->prepath+1, value);
1026 strcpy(vol->prepath, value);
1027 cFYI(1, ("prefix path %s", vol->prepath));
1029 printk(KERN_WARNING "CIFS: prefix too long\n");
1032 } else if (strnicmp(data, "iocharset", 9) == 0) {
1033 if (!value || !*value) {
1034 printk(KERN_WARNING "CIFS: invalid iocharset "
1036 return 1; /* needs_arg; */
1038 if (strnlen(value, 65) < 65) {
1039 if (strnicmp(value, "default", 7))
1040 vol->iocharset = value;
1041 /* if iocharset not set then load_nls_default
1042 is used by caller */
1043 cFYI(1, ("iocharset set to %s", value));
1045 printk(KERN_WARNING "CIFS: iocharset name "
1049 } else if (strnicmp(data, "uid", 3) == 0) {
1050 if (value && *value) {
1052 simple_strtoul(value, &value, 0);
1053 vol->override_uid = 1;
1055 } else if (strnicmp(data, "gid", 3) == 0) {
1056 if (value && *value) {
1058 simple_strtoul(value, &value, 0);
1059 vol->override_gid = 1;
1061 } else if (strnicmp(data, "file_mode", 4) == 0) {
1062 if (value && *value) {
1064 simple_strtoul(value, &value, 0);
1066 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1067 if (value && *value) {
1069 simple_strtoul(value, &value, 0);
1071 } else if (strnicmp(data, "dirmode", 4) == 0) {
1072 if (value && *value) {
1074 simple_strtoul(value, &value, 0);
1076 } else if (strnicmp(data, "port", 4) == 0) {
1077 if (value && *value) {
1079 simple_strtoul(value, &value, 0);
1081 } else if (strnicmp(data, "rsize", 5) == 0) {
1082 if (value && *value) {
1084 simple_strtoul(value, &value, 0);
1086 } else if (strnicmp(data, "wsize", 5) == 0) {
1087 if (value && *value) {
1089 simple_strtoul(value, &value, 0);
1091 } else if (strnicmp(data, "sockopt", 5) == 0) {
1092 if (value && *value) {
1094 simple_strtoul(value, &value, 0);
1096 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1097 if (!value || !*value || (*value == ' ')) {
1098 cFYI(1, ("invalid (empty) netbiosname"));
1100 memset(vol->source_rfc1001_name, 0x20, 15);
1101 for (i = 0; i < 15; i++) {
1102 /* BB are there cases in which a comma can be
1103 valid in this workstation netbios name (and need
1104 special handling)? */
1106 /* We do not uppercase netbiosname for user */
1110 vol->source_rfc1001_name[i] =
1113 /* The string has 16th byte zero still from
1114 set at top of the function */
1115 if ((i == 15) && (value[i] != 0))
1116 printk(KERN_WARNING "CIFS: netbiosname"
1117 " longer than 15 truncated.\n");
1119 } else if (strnicmp(data, "servern", 7) == 0) {
1120 /* servernetbiosname specified override *SMBSERVER */
1121 if (!value || !*value || (*value == ' ')) {
1122 cFYI(1, ("empty server netbiosname specified"));
1124 /* last byte, type, is 0x20 for servr type */
1125 memset(vol->target_rfc1001_name, 0x20, 16);
1127 for (i = 0; i < 15; i++) {
1128 /* BB are there cases in which a comma can be
1129 valid in this workstation netbios name
1130 (and need special handling)? */
1132 /* user or mount helper must uppercase
1137 vol->target_rfc1001_name[i] =
1140 /* The string has 16th byte zero still from
1141 set at top of the function */
1142 if ((i == 15) && (value[i] != 0))
1143 printk(KERN_WARNING "CIFS: server net"
1144 "biosname longer than 15 truncated.\n");
1146 } else if (strnicmp(data, "credentials", 4) == 0) {
1148 } else if (strnicmp(data, "version", 3) == 0) {
1150 } else if (strnicmp(data, "guest", 5) == 0) {
1152 } else if (strnicmp(data, "rw", 2) == 0) {
1154 } else if ((strnicmp(data, "suid", 4) == 0) ||
1155 (strnicmp(data, "nosuid", 6) == 0) ||
1156 (strnicmp(data, "exec", 4) == 0) ||
1157 (strnicmp(data, "noexec", 6) == 0) ||
1158 (strnicmp(data, "nodev", 5) == 0) ||
1159 (strnicmp(data, "noauto", 6) == 0) ||
1160 (strnicmp(data, "dev", 3) == 0)) {
1161 /* The mount tool or mount.cifs helper (if present)
1162 uses these opts to set flags, and the flags are read
1163 by the kernel vfs layer before we get here (ie
1164 before read super) so there is no point trying to
1165 parse these options again and set anything and it
1166 is ok to just ignore them */
1168 } else if (strnicmp(data, "ro", 2) == 0) {
1170 } else if (strnicmp(data, "hard", 4) == 0) {
1172 } else if (strnicmp(data, "soft", 4) == 0) {
1174 } else if (strnicmp(data, "perm", 4) == 0) {
1176 } else if (strnicmp(data, "noperm", 6) == 0) {
1178 } else if (strnicmp(data, "mapchars", 8) == 0) {
1180 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1182 } else if (strnicmp(data, "sfu", 3) == 0) {
1184 } else if (strnicmp(data, "nosfu", 5) == 0) {
1186 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1187 vol->posix_paths = 1;
1188 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1189 vol->posix_paths = 0;
1190 } else if (strnicmp(data, "nounix", 6) == 0) {
1191 vol->no_linux_ext = 1;
1192 } else if (strnicmp(data, "nolinux", 7) == 0) {
1193 vol->no_linux_ext = 1;
1194 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1195 (strnicmp(data, "ignorecase", 10) == 0)) {
1197 } else if (strnicmp(data, "brl", 3) == 0) {
1199 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1200 (strnicmp(data, "nolock", 6) == 0)) {
1202 /* turn off mandatory locking in mode
1203 if remote locking is turned off since the
1204 local vfs will do advisory */
1205 if (vol->file_mode ==
1206 (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1207 vol->file_mode = S_IALLUGO;
1208 } else if (strnicmp(data, "setuids", 7) == 0) {
1210 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1212 } else if (strnicmp(data, "nohard", 6) == 0) {
1214 } else if (strnicmp(data, "nosoft", 6) == 0) {
1216 } else if (strnicmp(data, "nointr", 6) == 0) {
1218 } else if (strnicmp(data, "intr", 4) == 0) {
1220 } else if (strnicmp(data, "serverino", 7) == 0) {
1221 vol->server_ino = 1;
1222 } else if (strnicmp(data, "noserverino", 9) == 0) {
1223 vol->server_ino = 0;
1224 } else if (strnicmp(data, "cifsacl", 7) == 0) {
1226 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1228 } else if (strnicmp(data, "acl", 3) == 0) {
1229 vol->no_psx_acl = 0;
1230 } else if (strnicmp(data, "noacl", 5) == 0) {
1231 vol->no_psx_acl = 1;
1232 } else if (strnicmp(data, "sign", 4) == 0) {
1233 vol->secFlg |= CIFSSEC_MUST_SIGN;
1234 /* } else if (strnicmp(data, "seal",4) == 0) {
1235 vol->secFlg |= CIFSSEC_MUST_SEAL; */
1236 } else if (strnicmp(data, "direct", 6) == 0) {
1238 } else if (strnicmp(data, "forcedirectio", 13) == 0) {
1240 } else if (strnicmp(data, "in6_addr", 8) == 0) {
1241 if (!value || !*value) {
1242 vol->in6_addr = NULL;
1243 } else if (strnlen(value, 49) == 48) {
1244 vol->in6_addr = value;
1246 printk(KERN_WARNING "CIFS: ip v6 address not "
1247 "48 characters long\n");
1250 } else if (strnicmp(data, "noac", 4) == 0) {
1251 printk(KERN_WARNING "CIFS: Mount option noac not "
1252 "supported. Instead set "
1253 "/proc/fs/cifs/LookupCacheEnabled to 0\n");
1255 printk(KERN_WARNING "CIFS: Unknown mount option %s\n",
1258 if (vol->UNC == NULL) {
1259 if (devname == NULL) {
1260 printk(KERN_WARNING "CIFS: Missing UNC name for mount "
1264 if ((temp_len = strnlen(devname, 300)) < 300) {
1265 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1266 if (vol->UNC == NULL)
1268 strcpy(vol->UNC, devname);
1269 if (strncmp(vol->UNC, "//", 2) == 0) {
1272 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1273 printk(KERN_WARNING "CIFS: UNC Path does not "
1274 "begin with // or \\\\ \n");
1278 printk(KERN_WARNING "CIFS: UNC name too long\n");
1282 if (vol->UNCip == NULL)
1283 vol->UNCip = &vol->UNC[2];
1288 static struct cifsSesInfo *
1289 cifs_find_tcp_session(struct in_addr *target_ip_addr,
1290 struct in6_addr *target_ip6_addr,
1291 char *userName, struct TCP_Server_Info **psrvTcp)
1293 struct list_head *tmp;
1294 struct cifsSesInfo *ses;
1296 read_lock(&GlobalSMBSeslock);
1298 list_for_each(tmp, &GlobalSMBSessionList) {
1299 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
1301 if ((target_ip_addr &&
1302 (ses->server->addr.sockAddr.sin_addr.s_addr
1303 == target_ip_addr->s_addr)) || (target_ip6_addr
1304 && memcmp(&ses->server->addr.sockAddr6.sin6_addr,
1305 target_ip6_addr, sizeof(*target_ip6_addr)))) {
1306 /* BB lock server and tcp session and increment
1309 /* found a match on the TCP session */
1310 *psrvTcp = ses->server;
1312 /* BB check if reconnection needed */
1314 (ses->userName, userName,
1315 MAX_USERNAME_SIZE) == 0){
1316 read_unlock(&GlobalSMBSeslock);
1317 /* Found exact match on both TCP and
1323 /* else tcp and smb sessions need reconnection */
1325 read_unlock(&GlobalSMBSeslock);
1329 static struct cifsTconInfo *
1330 find_unc(__be32 new_target_ip_addr, char *uncName, char *userName)
1332 struct list_head *tmp;
1333 struct cifsTconInfo *tcon;
1335 read_lock(&GlobalSMBSeslock);
1336 list_for_each(tmp, &GlobalTreeConnectionList) {
1337 cFYI(1, ("Next tcon"));
1338 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
1340 if (tcon->ses->server) {
1342 ("old ip addr: %x == new ip %x ?",
1343 tcon->ses->server->addr.sockAddr.sin_addr.
1344 s_addr, new_target_ip_addr));
1345 if (tcon->ses->server->addr.sockAddr.sin_addr.
1346 s_addr == new_target_ip_addr) {
1347 /* BB lock tcon, server and tcp session and increment use count here? */
1348 /* found a match on the TCP session */
1349 /* BB check if reconnection needed */
1351 ("IP match, old UNC: %s new: %s",
1352 tcon->treeName, uncName));
1354 (tcon->treeName, uncName,
1355 MAX_TREE_SIZE) == 0) {
1357 ("and old usr: %s new: %s",
1358 tcon->treeName, uncName));
1360 (tcon->ses->userName,
1362 MAX_USERNAME_SIZE) == 0) {
1363 read_unlock(&GlobalSMBSeslock);
1364 /* matched smb session
1373 read_unlock(&GlobalSMBSeslock);
1378 connect_to_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
1379 const char *old_path, const struct nls_table *nls_codepage,
1382 unsigned char *referrals = NULL;
1383 unsigned int num_referrals;
1386 rc = get_dfs_path(xid, pSesInfo, old_path, nls_codepage,
1387 &num_referrals, &referrals, remap);
1389 /* BB Add in code to: if valid refrl, if not ip address contact
1390 the helper that resolves tcp names, mount to it, try to
1391 tcon to it unmount it if fail */
1399 get_dfs_path(int xid, struct cifsSesInfo *pSesInfo, const char *old_path,
1400 const struct nls_table *nls_codepage, unsigned int *pnum_referrals,
1401 unsigned char **preferrals, int remap)
1406 *pnum_referrals = 0;
1408 if (pSesInfo->ipc_tid == 0) {
1409 temp_unc = kmalloc(2 /* for slashes */ +
1410 strnlen(pSesInfo->serverName,
1411 SERVER_NAME_LEN_WITH_NULL * 2)
1412 + 1 + 4 /* slash IPC$ */ + 2,
1414 if (temp_unc == NULL)
1418 strcpy(temp_unc + 2, pSesInfo->serverName);
1419 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
1420 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
1422 ("CIFS Tcon rc = %d ipc_tid = %d", rc, pSesInfo->ipc_tid));
1426 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
1427 pnum_referrals, nls_codepage, remap);
1432 /* See RFC1001 section 14 on representation of Netbios names */
1433 static void rfc1002mangle(char *target, char *source, unsigned int length)
1437 for (i = 0, j = 0; i < (length); i++) {
1438 /* mask a nibble at a time and encode */
1439 target[j] = 'A' + (0x0F & (source[i] >> 4));
1440 target[j+1] = 'A' + (0x0F & source[i]);
1448 ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket,
1449 char *netbios_name, char *target_name)
1453 __be16 orig_port = 0;
1455 if (*csocket == NULL) {
1456 rc = sock_create_kern(PF_INET, SOCK_STREAM,
1457 IPPROTO_TCP, csocket);
1459 cERROR(1, ("Error %d creating socket", rc));
1463 /* BB other socket options to set KEEPALIVE, NODELAY? */
1464 cFYI(1, ("Socket created"));
1465 (*csocket)->sk->sk_allocation = GFP_NOFS;
1469 psin_server->sin_family = AF_INET;
1470 if (psin_server->sin_port) { /* user overrode default port */
1471 rc = (*csocket)->ops->connect(*csocket,
1472 (struct sockaddr *) psin_server,
1473 sizeof (struct sockaddr_in), 0);
1479 /* save original port so we can retry user specified port
1480 later if fall back ports fail this time */
1481 orig_port = psin_server->sin_port;
1483 /* do not retry on the same port we just failed on */
1484 if (psin_server->sin_port != htons(CIFS_PORT)) {
1485 psin_server->sin_port = htons(CIFS_PORT);
1487 rc = (*csocket)->ops->connect(*csocket,
1488 (struct sockaddr *) psin_server,
1489 sizeof (struct sockaddr_in), 0);
1495 psin_server->sin_port = htons(RFC1001_PORT);
1496 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1498 sizeof (struct sockaddr_in), 0);
1503 /* give up here - unless we want to retry on different
1504 protocol families some day */
1507 psin_server->sin_port = orig_port;
1508 cFYI(1, ("Error %d connecting to server via ipv4", rc));
1509 sock_release(*csocket);
1513 /* Eventually check for other socket options to change from
1514 the default. sock_setsockopt not used because it expects
1515 user space buffer */
1516 cFYI(1, ("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",
1517 (*csocket)->sk->sk_sndbuf,
1518 (*csocket)->sk->sk_rcvbuf, (*csocket)->sk->sk_rcvtimeo));
1519 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1520 /* make the bufsizes depend on wsize/rsize and max requests */
1521 if ((*csocket)->sk->sk_sndbuf < (200 * 1024))
1522 (*csocket)->sk->sk_sndbuf = 200 * 1024;
1523 if ((*csocket)->sk->sk_rcvbuf < (140 * 1024))
1524 (*csocket)->sk->sk_rcvbuf = 140 * 1024;
1526 /* send RFC1001 sessinit */
1527 if (psin_server->sin_port == htons(RFC1001_PORT)) {
1528 /* some servers require RFC1001 sessinit before sending
1529 negprot - BB check reconnection in case where second
1530 sessinit is sent but no second negprot */
1531 struct rfc1002_session_packet *ses_init_buf;
1532 struct smb_hdr *smb_buf;
1533 ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet),
1536 ses_init_buf->trailer.session_req.called_len = 32;
1537 if (target_name && (target_name[0] != 0)) {
1538 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1541 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1542 DEFAULT_CIFS_CALLED_NAME, 16);
1545 ses_init_buf->trailer.session_req.calling_len = 32;
1546 /* calling name ends in null (byte 16) from old smb
1548 if (netbios_name && (netbios_name[0] != 0)) {
1549 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1552 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1553 "LINUX_CIFS_CLNT", 16);
1555 ses_init_buf->trailer.session_req.scope1 = 0;
1556 ses_init_buf->trailer.session_req.scope2 = 0;
1557 smb_buf = (struct smb_hdr *)ses_init_buf;
1558 /* sizeof RFC1002_SESSION_REQUEST with no scope */
1559 smb_buf->smb_buf_length = 0x81000044;
1560 rc = smb_send(*csocket, smb_buf, 0x44,
1561 (struct sockaddr *)psin_server);
1562 kfree(ses_init_buf);
1563 msleep(1); /* RFC1001 layer in at least one server
1564 requires very short break before negprot
1565 presumably because not expecting negprot
1566 to follow so fast. This is a simple
1567 solution that works without
1568 complicating the code and causes no
1569 significant slowing down on mount
1570 for everyone else */
1572 /* else the negprot may still work without this
1573 even though malloc failed */
1581 ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket)
1585 __be16 orig_port = 0;
1587 if (*csocket == NULL) {
1588 rc = sock_create_kern(PF_INET6, SOCK_STREAM,
1589 IPPROTO_TCP, csocket);
1591 cERROR(1, ("Error %d creating ipv6 socket", rc));
1595 /* BB other socket options to set KEEPALIVE, NODELAY? */
1596 cFYI(1, ("ipv6 Socket created"));
1597 (*csocket)->sk->sk_allocation = GFP_NOFS;
1601 psin_server->sin6_family = AF_INET6;
1603 if (psin_server->sin6_port) { /* user overrode default port */
1604 rc = (*csocket)->ops->connect(*csocket,
1605 (struct sockaddr *) psin_server,
1606 sizeof (struct sockaddr_in6), 0);
1612 /* save original port so we can retry user specified port
1613 later if fall back ports fail this time */
1615 orig_port = psin_server->sin6_port;
1616 /* do not retry on the same port we just failed on */
1617 if (psin_server->sin6_port != htons(CIFS_PORT)) {
1618 psin_server->sin6_port = htons(CIFS_PORT);
1620 rc = (*csocket)->ops->connect(*csocket,
1621 (struct sockaddr *) psin_server,
1622 sizeof (struct sockaddr_in6), 0);
1628 psin_server->sin6_port = htons(RFC1001_PORT);
1629 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1630 psin_server, sizeof (struct sockaddr_in6), 0);
1635 /* give up here - unless we want to retry on different
1636 protocol families some day */
1639 psin_server->sin6_port = orig_port;
1640 cFYI(1, ("Error %d connecting to server via ipv6", rc));
1641 sock_release(*csocket);
1645 /* Eventually check for other socket options to change from
1646 the default. sock_setsockopt not used because it expects
1647 user space buffer */
1648 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1653 void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon,
1654 struct super_block *sb, struct smb_vol *vol_info)
1656 /* if we are reconnecting then should we check to see if
1657 * any requested capabilities changed locally e.g. via
1658 * remount but we can not do much about it here
1659 * if they have (even if we could detect it by the following)
1660 * Perhaps we could add a backpointer to array of sb from tcon
1661 * or if we change to make all sb to same share the same
1662 * sb as NFS - then we only have one backpointer to sb.
1663 * What if we wanted to mount the server share twice once with
1664 * and once without posixacls or posix paths? */
1665 __u64 saved_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
1667 if (vol_info && vol_info->no_linux_ext) {
1668 tcon->fsUnixInfo.Capability = 0;
1669 tcon->unix_ext = 0; /* Unix Extensions disabled */
1670 cFYI(1, ("Linux protocol extensions disabled"));
1672 } else if (vol_info)
1673 tcon->unix_ext = 1; /* Unix Extensions supported */
1675 if (tcon->unix_ext == 0) {
1676 cFYI(1, ("Unix extensions disabled so not set on reconnect"));
1680 if (!CIFSSMBQFSUnixInfo(xid, tcon)) {
1681 __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
1683 /* check for reconnect case in which we do not
1684 want to change the mount behavior if we can avoid it */
1685 if (vol_info == NULL) {
1686 /* turn off POSIX ACL and PATHNAMES if not set
1687 originally at mount time */
1688 if ((saved_cap & CIFS_UNIX_POSIX_ACL_CAP) == 0)
1689 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
1690 if ((saved_cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0)
1691 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
1694 cap &= CIFS_UNIX_CAP_MASK;
1695 if (vol_info && vol_info->no_psx_acl)
1696 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
1697 else if (CIFS_UNIX_POSIX_ACL_CAP & cap) {
1698 cFYI(1, ("negotiated posix acl support"));
1700 sb->s_flags |= MS_POSIXACL;
1703 if (vol_info && vol_info->posix_paths == 0)
1704 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
1705 else if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
1706 cFYI(1, ("negotiate posix pathnames"));
1708 CIFS_SB(sb)->mnt_cifs_flags |=
1709 CIFS_MOUNT_POSIX_PATHS;
1712 /* We might be setting the path sep back to a different
1713 form if we are reconnecting and the server switched its
1714 posix path capability for this share */
1715 if (sb && (CIFS_SB(sb)->prepathlen > 0))
1716 CIFS_SB(sb)->prepath[0] = CIFS_DIR_SEP(CIFS_SB(sb));
1718 if (sb && (CIFS_SB(sb)->rsize > 127 * 1024)) {
1719 if ((cap & CIFS_UNIX_LARGE_READ_CAP) == 0) {
1720 CIFS_SB(sb)->rsize = 127 * 1024;
1721 #ifdef CONFIG_CIFS_DEBUG2
1722 cFYI(1, ("larger reads not supported by srv"));
1728 cFYI(1, ("Negotiate caps 0x%x", (int)cap));
1729 #ifdef CONFIG_CIFS_DEBUG2
1730 if (cap & CIFS_UNIX_FCNTL_CAP)
1731 cFYI(1, ("FCNTL cap"));
1732 if (cap & CIFS_UNIX_EXTATTR_CAP)
1733 cFYI(1, ("EXTATTR cap"));
1734 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
1735 cFYI(1, ("POSIX path cap"));
1736 if (cap & CIFS_UNIX_XATTR_CAP)
1737 cFYI(1, ("XATTR cap"));
1738 if (cap & CIFS_UNIX_POSIX_ACL_CAP)
1739 cFYI(1, ("POSIX ACL cap"));
1740 if (cap & CIFS_UNIX_LARGE_READ_CAP)
1741 cFYI(1, ("very large read cap"));
1742 if (cap & CIFS_UNIX_LARGE_WRITE_CAP)
1743 cFYI(1, ("very large write cap"));
1744 #endif /* CIFS_DEBUG2 */
1745 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
1746 cFYI(1, ("setting capabilities failed"));
1752 cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
1753 char *mount_data, const char *devname)
1757 int address_type = AF_INET;
1758 struct socket *csocket = NULL;
1759 struct sockaddr_in sin_server;
1760 struct sockaddr_in6 sin_server6;
1761 struct smb_vol volume_info;
1762 struct cifsSesInfo *pSesInfo = NULL;
1763 struct cifsSesInfo *existingCifsSes = NULL;
1764 struct cifsTconInfo *tcon = NULL;
1765 struct TCP_Server_Info *srvTcp = NULL;
1769 /* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */
1771 memset(&volume_info, 0, sizeof(struct smb_vol));
1772 if (cifs_parse_mount_options(mount_data, devname, &volume_info)) {
1773 kfree(volume_info.UNC);
1774 kfree(volume_info.password);
1775 kfree(volume_info.prepath);
1780 if (volume_info.nullauth) {
1781 cFYI(1, ("null user"));
1782 volume_info.username = NULL;
1783 } else if (volume_info.username) {
1784 /* BB fixme parse for domain name here */
1785 cFYI(1, ("Username: %s", volume_info.username));
1787 cifserror("No username specified");
1788 /* In userspace mount helper we can get user name from alternate
1789 locations such as env variables and files on disk */
1790 kfree(volume_info.UNC);
1791 kfree(volume_info.password);
1792 kfree(volume_info.prepath);
1797 if (volume_info.UNCip && volume_info.UNC) {
1798 rc = cifs_inet_pton(AF_INET, volume_info.UNCip,
1799 &sin_server.sin_addr.s_addr);
1802 /* not ipv4 address, try ipv6 */
1803 rc = cifs_inet_pton(AF_INET6, volume_info.UNCip,
1804 &sin_server6.sin6_addr.in6_u);
1806 address_type = AF_INET6;
1808 address_type = AF_INET;
1812 /* we failed translating address */
1813 kfree(volume_info.UNC);
1814 kfree(volume_info.password);
1815 kfree(volume_info.prepath);
1820 cFYI(1, ("UNC: %s ip: %s", volume_info.UNC, volume_info.UNCip));
1823 } else if (volume_info.UNCip) {
1824 /* BB using ip addr as server name to connect to the
1826 cERROR(1, ("Connecting to DFS root not implemented yet"));
1827 kfree(volume_info.UNC);
1828 kfree(volume_info.password);
1829 kfree(volume_info.prepath);
1832 } else /* which servers DFS root would we conect to */ {
1834 ("CIFS mount error: No UNC path (e.g. -o "
1835 "unc=//192.168.1.100/public) specified"));
1836 kfree(volume_info.UNC);
1837 kfree(volume_info.password);
1838 kfree(volume_info.prepath);
1843 /* this is needed for ASCII cp to Unicode converts */
1844 if (volume_info.iocharset == NULL) {
1845 cifs_sb->local_nls = load_nls_default();
1846 /* load_nls_default can not return null */
1848 cifs_sb->local_nls = load_nls(volume_info.iocharset);
1849 if (cifs_sb->local_nls == NULL) {
1850 cERROR(1, ("CIFS mount error: iocharset %s not found",
1851 volume_info.iocharset));
1852 kfree(volume_info.UNC);
1853 kfree(volume_info.password);
1854 kfree(volume_info.prepath);
1860 if (address_type == AF_INET)
1861 existingCifsSes = cifs_find_tcp_session(&sin_server.sin_addr,
1862 NULL /* no ipv6 addr */,
1863 volume_info.username, &srvTcp);
1864 else if (address_type == AF_INET6) {
1865 cFYI(1, ("looking for ipv6 address"));
1866 existingCifsSes = cifs_find_tcp_session(NULL /* no ipv4 addr */,
1867 &sin_server6.sin6_addr,
1868 volume_info.username, &srvTcp);
1870 kfree(volume_info.UNC);
1871 kfree(volume_info.password);
1872 kfree(volume_info.prepath);
1878 cFYI(1, ("Existing tcp session with server found"));
1879 } else { /* create socket */
1880 if (volume_info.port)
1881 sin_server.sin_port = htons(volume_info.port);
1883 sin_server.sin_port = 0;
1884 if (address_type == AF_INET6) {
1885 cFYI(1, ("attempting ipv6 connect"));
1886 /* BB should we allow ipv6 on port 139? */
1887 /* other OS never observed in Wild doing 139 with v6 */
1888 rc = ipv6_connect(&sin_server6, &csocket);
1890 rc = ipv4_connect(&sin_server, &csocket,
1891 volume_info.source_rfc1001_name,
1892 volume_info.target_rfc1001_name);
1894 cERROR(1, ("Error connecting to IPv4 socket. "
1895 "Aborting operation"));
1896 if (csocket != NULL)
1897 sock_release(csocket);
1898 kfree(volume_info.UNC);
1899 kfree(volume_info.password);
1900 kfree(volume_info.prepath);
1905 srvTcp = kmalloc(sizeof (struct TCP_Server_Info), GFP_KERNEL);
1906 if (srvTcp == NULL) {
1908 sock_release(csocket);
1909 kfree(volume_info.UNC);
1910 kfree(volume_info.password);
1911 kfree(volume_info.prepath);
1915 memset(srvTcp, 0, sizeof (struct TCP_Server_Info));
1916 memcpy(&srvTcp->addr.sockAddr, &sin_server,
1917 sizeof (struct sockaddr_in));
1918 atomic_set(&srvTcp->inFlight, 0);
1919 /* BB Add code for ipv6 case too */
1920 srvTcp->ssocket = csocket;
1921 srvTcp->protocolType = IPV4;
1922 init_waitqueue_head(&srvTcp->response_q);
1923 init_waitqueue_head(&srvTcp->request_q);
1924 INIT_LIST_HEAD(&srvTcp->pending_mid_q);
1925 /* at this point we are the only ones with the pointer
1926 to the struct since the kernel thread not created yet
1927 so no need to spinlock this init of tcpStatus */
1928 srvTcp->tcpStatus = CifsNew;
1929 init_MUTEX(&srvTcp->tcpSem);
1930 srvTcp->tsk = kthread_run((void *)(void *)cifs_demultiplex_thread, srvTcp, "cifsd");
1931 if ( IS_ERR(srvTcp->tsk) ) {
1932 rc = PTR_ERR(srvTcp->tsk);
1933 cERROR(1, ("error %d create cifsd thread", rc));
1935 sock_release(csocket);
1936 kfree(volume_info.UNC);
1937 kfree(volume_info.password);
1938 kfree(volume_info.prepath);
1942 wait_for_completion(&cifsd_complete);
1944 memcpy(srvTcp->workstation_RFC1001_name,
1945 volume_info.source_rfc1001_name, 16);
1946 memcpy(srvTcp->server_RFC1001_name,
1947 volume_info.target_rfc1001_name, 16);
1948 srvTcp->sequence_number = 0;
1952 if (existingCifsSes) {
1953 pSesInfo = existingCifsSes;
1954 cFYI(1, ("Existing smb sess found"));
1955 kfree(volume_info.password);
1956 /* volume_info.UNC freed at end of function */
1958 cFYI(1, ("Existing smb sess not found"));
1959 pSesInfo = sesInfoAlloc();
1960 if (pSesInfo == NULL)
1963 pSesInfo->server = srvTcp;
1964 sprintf(pSesInfo->serverName, "%u.%u.%u.%u",
1965 NIPQUAD(sin_server.sin_addr.s_addr));
1969 /* volume_info.password freed at unmount */
1970 if (volume_info.password)
1971 pSesInfo->password = volume_info.password;
1972 if (volume_info.username)
1973 strncpy(pSesInfo->userName,
1974 volume_info.username,
1976 if (volume_info.domainname) {
1977 int len = strlen(volume_info.domainname);
1978 pSesInfo->domainName =
1979 kmalloc(len + 1, GFP_KERNEL);
1980 if (pSesInfo->domainName)
1981 strcpy(pSesInfo->domainName,
1982 volume_info.domainname);
1984 pSesInfo->linux_uid = volume_info.linux_uid;
1985 pSesInfo->overrideSecFlg = volume_info.secFlg;
1986 down(&pSesInfo->sesSem);
1987 /* BB FIXME need to pass vol->secFlgs BB */
1988 rc = cifs_setup_session(xid, pSesInfo,
1989 cifs_sb->local_nls);
1990 up(&pSesInfo->sesSem);
1992 atomic_inc(&srvTcp->socketUseCount);
1994 kfree(volume_info.password);
1997 /* search for existing tcon to this server share */
1999 if (volume_info.rsize > CIFSMaxBufSize) {
2000 cERROR(1, ("rsize %d too large, using MaxBufSize",
2001 volume_info.rsize));
2002 cifs_sb->rsize = CIFSMaxBufSize;
2003 } else if ((volume_info.rsize) &&
2004 (volume_info.rsize <= CIFSMaxBufSize))
2005 cifs_sb->rsize = volume_info.rsize;
2007 cifs_sb->rsize = CIFSMaxBufSize;
2009 if (volume_info.wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
2010 cERROR(1, ("wsize %d too large, using 4096 instead",
2011 volume_info.wsize));
2012 cifs_sb->wsize = 4096;
2013 } else if (volume_info.wsize)
2014 cifs_sb->wsize = volume_info.wsize;
2017 min_t(const int, PAGEVEC_SIZE * PAGE_CACHE_SIZE,
2019 /* old default of CIFSMaxBufSize was too small now
2020 that SMB Write2 can send multiple pages in kvec.
2021 RFC1001 does not describe what happens when frame
2022 bigger than 128K is sent so use that as max in
2023 conjunction with 52K kvec constraint on arch with 4K
2026 if (cifs_sb->rsize < 2048) {
2027 cifs_sb->rsize = 2048;
2028 /* Windows ME may prefer this */
2029 cFYI(1, ("readsize set to minimum: 2048"));
2031 /* calculate prepath */
2032 cifs_sb->prepath = volume_info.prepath;
2033 if (cifs_sb->prepath) {
2034 cifs_sb->prepathlen = strlen(cifs_sb->prepath);
2035 cifs_sb->prepath[0] = CIFS_DIR_SEP(cifs_sb);
2036 volume_info.prepath = NULL;
2038 cifs_sb->prepathlen = 0;
2039 cifs_sb->mnt_uid = volume_info.linux_uid;
2040 cifs_sb->mnt_gid = volume_info.linux_gid;
2041 cifs_sb->mnt_file_mode = volume_info.file_mode;
2042 cifs_sb->mnt_dir_mode = volume_info.dir_mode;
2043 cFYI(1, ("file mode: 0x%x dir mode: 0x%x",
2044 cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode));
2046 if (volume_info.noperm)
2047 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
2048 if (volume_info.setuids)
2049 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
2050 if (volume_info.server_ino)
2051 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
2052 if (volume_info.remap)
2053 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
2054 if (volume_info.no_xattr)
2055 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
2056 if (volume_info.sfu_emul)
2057 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
2058 if (volume_info.nobrl)
2059 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
2060 if (volume_info.cifs_acl)
2061 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
2062 if (volume_info.override_uid)
2063 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
2064 if (volume_info.override_gid)
2065 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
2066 if (volume_info.direct_io) {
2067 cFYI(1, ("mounting share using direct i/o"));
2068 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
2072 find_unc(sin_server.sin_addr.s_addr, volume_info.UNC,
2073 volume_info.username);
2075 cFYI(1, ("Found match on UNC path"));
2076 /* we can have only one retry value for a connection
2077 to a share so for resources mounted more than once
2078 to the same server share the last value passed in
2079 for the retry flag is used */
2080 tcon->retry = volume_info.retry;
2081 tcon->nocase = volume_info.nocase;
2083 tcon = tconInfoAlloc();
2087 /* check for null share name ie connecting to
2090 /* BB check if this works for exactly length
2092 if ((strchr(volume_info.UNC + 3, '\\') == NULL)
2093 && (strchr(volume_info.UNC + 3, '/') ==
2095 rc = connect_to_dfs_path(xid, pSesInfo,
2096 "", cifs_sb->local_nls,
2097 cifs_sb->mnt_cifs_flags &
2098 CIFS_MOUNT_MAP_SPECIAL_CHR);
2099 kfree(volume_info.UNC);
2103 /* BB Do we need to wrap sesSem around
2104 * this TCon call and Unix SetFS as
2105 * we do on SessSetup and reconnect? */
2106 rc = CIFSTCon(xid, pSesInfo,
2108 tcon, cifs_sb->local_nls);
2109 cFYI(1, ("CIFS Tcon rc = %d", rc));
2112 atomic_inc(&pSesInfo->inUse);
2113 tcon->retry = volume_info.retry;
2114 tcon->nocase = volume_info.nocase;
2120 if (pSesInfo->capabilities & CAP_LARGE_FILES) {
2121 sb->s_maxbytes = (u64) 1 << 63;
2123 sb->s_maxbytes = (u64) 1 << 31; /* 2 GB */
2126 /* BB FIXME fix time_gran to be larger for LANMAN sessions */
2127 sb->s_time_gran = 100;
2129 /* on error free sesinfo and tcon struct if needed */
2131 /* if session setup failed, use count is zero but
2132 we still need to free cifsd thread */
2133 if (atomic_read(&srvTcp->socketUseCount) == 0) {
2134 spin_lock(&GlobalMid_Lock);
2135 srvTcp->tcpStatus = CifsExiting;
2136 spin_unlock(&GlobalMid_Lock);
2138 struct task_struct *tsk;
2139 /* If we could verify that kthread_stop would
2140 always wake up processes blocked in
2141 tcp in recv_mesg then we could remove the
2143 force_sig(SIGKILL, srvTcp->tsk);
2149 /* If find_unc succeeded then rc == 0 so we can not end */
2150 if (tcon) /* up accidently freeing someone elses tcon struct */
2152 if (existingCifsSes == NULL) {
2154 if ((pSesInfo->server) &&
2155 (pSesInfo->status == CifsGood)) {
2157 temp_rc = CIFSSMBLogoff(xid, pSesInfo);
2158 /* if the socketUseCount is now zero */
2159 if ((temp_rc == -ESHUTDOWN) &&
2160 (pSesInfo->server) &&
2161 (pSesInfo->server->tsk)) {
2162 struct task_struct *tsk;
2164 pSesInfo->server->tsk);
2165 tsk = pSesInfo->server->tsk;
2170 cFYI(1, ("No session or bad tcon"));
2171 sesInfoFree(pSesInfo);
2172 /* pSesInfo = NULL; */
2176 atomic_inc(&tcon->useCount);
2177 cifs_sb->tcon = tcon;
2178 tcon->ses = pSesInfo;
2180 /* do not care if following two calls succeed - informational */
2181 CIFSSMBQFSDeviceInfo(xid, tcon);
2182 CIFSSMBQFSAttributeInfo(xid, tcon);
2184 /* tell server which Unix caps we support */
2185 if (tcon->ses->capabilities & CAP_UNIX)
2186 /* reset of caps checks mount to see if unix extensions
2187 disabled for just this mount */
2188 reset_cifs_unix_caps(xid, tcon, sb, &volume_info);
2190 tcon->unix_ext = 0; /* server does not support them */
2192 if ((tcon->unix_ext == 0) && (cifs_sb->rsize > (1024 * 127))) {
2193 cifs_sb->rsize = 1024 * 127;
2194 #ifdef CONFIG_CIFS_DEBUG2
2195 cFYI(1, ("no very large read support, rsize now 127K"));
2198 if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
2199 cifs_sb->wsize = min(cifs_sb->wsize,
2200 (tcon->ses->server->maxBuf -
2201 MAX_CIFS_HDR_SIZE));
2202 if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
2203 cifs_sb->rsize = min(cifs_sb->rsize,
2204 (tcon->ses->server->maxBuf -
2205 MAX_CIFS_HDR_SIZE));
2208 /* volume_info.password is freed above when existing session found
2209 (in which case it is not needed anymore) but when new sesion is created
2210 the password ptr is put in the new session structure (in which case the
2211 password will be freed at unmount time) */
2212 kfree(volume_info.UNC);
2213 kfree(volume_info.prepath);
2219 CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2220 char session_key[CIFS_SESS_KEY_SIZE],
2221 const struct nls_table *nls_codepage)
2223 struct smb_hdr *smb_buffer;
2224 struct smb_hdr *smb_buffer_response;
2225 SESSION_SETUP_ANDX *pSMB;
2226 SESSION_SETUP_ANDX *pSMBr;
2231 int remaining_words = 0;
2232 int bytes_returned = 0;
2237 cFYI(1, ("In sesssetup"));
2240 user = ses->userName;
2241 domain = ses->domainName;
2242 smb_buffer = cifs_buf_get();
2243 if (smb_buffer == NULL) {
2246 smb_buffer_response = smb_buffer;
2247 pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2249 /* send SMBsessionSetup here */
2250 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2251 NULL /* no tCon exists yet */ , 13 /* wct */ );
2253 smb_buffer->Mid = GetNextMid(ses->server);
2254 pSMB->req_no_secext.AndXCommand = 0xFF;
2255 pSMB->req_no_secext.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2256 pSMB->req_no_secext.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2258 if (ses->server->secMode &
2259 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2260 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2262 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2263 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
2264 if (ses->capabilities & CAP_UNICODE) {
2265 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2266 capabilities |= CAP_UNICODE;
2268 if (ses->capabilities & CAP_STATUS32) {
2269 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2270 capabilities |= CAP_STATUS32;
2272 if (ses->capabilities & CAP_DFS) {
2273 smb_buffer->Flags2 |= SMBFLG2_DFS;
2274 capabilities |= CAP_DFS;
2276 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
2278 pSMB->req_no_secext.CaseInsensitivePasswordLength =
2279 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2281 pSMB->req_no_secext.CaseSensitivePasswordLength =
2282 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2283 bcc_ptr = pByteArea(smb_buffer);
2284 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2285 bcc_ptr += CIFS_SESS_KEY_SIZE;
2286 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2287 bcc_ptr += CIFS_SESS_KEY_SIZE;
2289 if (ses->capabilities & CAP_UNICODE) {
2290 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode */
2295 bytes_returned = 0; /* skip null user */
2298 cifs_strtoUCS((__le16 *) bcc_ptr, user, 100,
2300 /* convert number of 16 bit words to bytes */
2301 bcc_ptr += 2 * bytes_returned;
2302 bcc_ptr += 2; /* trailing null */
2305 cifs_strtoUCS((__le16 *) bcc_ptr,
2306 "CIFS_LINUX_DOM", 32, nls_codepage);
2309 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2311 bcc_ptr += 2 * bytes_returned;
2314 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2316 bcc_ptr += 2 * bytes_returned;
2318 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release,
2320 bcc_ptr += 2 * bytes_returned;
2323 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2325 bcc_ptr += 2 * bytes_returned;
2329 strncpy(bcc_ptr, user, 200);
2330 bcc_ptr += strnlen(user, 200);
2334 if (domain == NULL) {
2335 strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2336 bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2338 strncpy(bcc_ptr, domain, 64);
2339 bcc_ptr += strnlen(domain, 64);
2343 strcpy(bcc_ptr, "Linux version ");
2344 bcc_ptr += strlen("Linux version ");
2345 strcpy(bcc_ptr, utsname()->release);
2346 bcc_ptr += strlen(utsname()->release) + 1;
2347 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2348 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2350 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2351 smb_buffer->smb_buf_length += count;
2352 pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
2354 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2355 &bytes_returned, 1);
2357 /* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2358 } else if ((smb_buffer_response->WordCount == 3)
2359 || (smb_buffer_response->WordCount == 4)) {
2360 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2361 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2362 if (action & GUEST_LOGIN)
2363 cFYI(1, (" Guest login")); /* BB mark SesInfo struct? */
2364 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format
2366 cFYI(1, ("UID = %d ", ses->Suid));
2367 /* response can have either 3 or 4 word count - Samba sends 3 */
2368 bcc_ptr = pByteArea(smb_buffer_response);
2369 if ((pSMBr->resp.hdr.WordCount == 3)
2370 || ((pSMBr->resp.hdr.WordCount == 4)
2371 && (blob_len < pSMBr->resp.ByteCount))) {
2372 if (pSMBr->resp.hdr.WordCount == 4)
2373 bcc_ptr += blob_len;
2375 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2376 if ((long) (bcc_ptr) % 2) {
2378 (BCC(smb_buffer_response) - 1) / 2;
2379 /* Unicode strings must be word
2384 BCC(smb_buffer_response) / 2;
2387 UniStrnlen((wchar_t *) bcc_ptr,
2388 remaining_words - 1);
2389 /* We look for obvious messed up bcc or strings in response so we do not go off
2390 the end since (at least) WIN2K and Windows XP have a major bug in not null
2391 terminating last Unicode string in response */
2393 kfree(ses->serverOS);
2394 ses->serverOS = kzalloc(2 * (len + 1),
2396 if (ses->serverOS == NULL)
2397 goto sesssetup_nomem;
2398 cifs_strfromUCS_le(ses->serverOS,
2401 bcc_ptr += 2 * (len + 1);
2402 remaining_words -= len + 1;
2403 ses->serverOS[2 * len] = 0;
2404 ses->serverOS[1 + (2 * len)] = 0;
2405 if (remaining_words > 0) {
2406 len = UniStrnlen((wchar_t *)bcc_ptr,
2408 kfree(ses->serverNOS);
2409 ses->serverNOS = kzalloc(2 * (len + 1),
2411 if (ses->serverNOS == NULL)
2412 goto sesssetup_nomem;
2413 cifs_strfromUCS_le(ses->serverNOS,
2416 bcc_ptr += 2 * (len + 1);
2417 ses->serverNOS[2 * len] = 0;
2418 ses->serverNOS[1 + (2 * len)] = 0;
2419 if (strncmp(ses->serverNOS,
2420 "NT LAN Manager 4", 16) == 0) {
2421 cFYI(1, ("NT4 server"));
2422 ses->flags |= CIFS_SES_NT4;
2424 remaining_words -= len + 1;
2425 if (remaining_words > 0) {
2426 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2427 /* last string is not always null terminated
2428 (for e.g. for Windows XP & 2000) */
2429 if (ses->serverDomain)
2430 kfree(ses->serverDomain);
2434 if (ses->serverDomain == NULL)
2435 goto sesssetup_nomem;
2436 cifs_strfromUCS_le(ses->serverDomain,
2439 bcc_ptr += 2 * (len + 1);
2440 ses->serverDomain[2*len] = 0;
2441 ses->serverDomain[1+(2*len)] = 0;
2442 } else { /* else no more room so create
2443 dummy domain string */
2444 if (ses->serverDomain)
2445 kfree(ses->serverDomain);
2447 kzalloc(2, GFP_KERNEL);
2449 } else { /* no room so create dummy domain
2452 /* if these kcallocs fail not much we
2453 can do, but better to not fail the
2455 kfree(ses->serverDomain);
2457 kzalloc(2, GFP_KERNEL);
2458 kfree(ses->serverNOS);
2460 kzalloc(2, GFP_KERNEL);
2462 } else { /* ASCII */
2463 len = strnlen(bcc_ptr, 1024);
2464 if (((long) bcc_ptr + len) - (long)
2465 pByteArea(smb_buffer_response)
2466 <= BCC(smb_buffer_response)) {
2467 kfree(ses->serverOS);
2468 ses->serverOS = kzalloc(len + 1,
2470 if (ses->serverOS == NULL)
2471 goto sesssetup_nomem;
2472 strncpy(ses->serverOS, bcc_ptr, len);
2475 /* null terminate the string */
2479 len = strnlen(bcc_ptr, 1024);
2480 kfree(ses->serverNOS);
2481 ses->serverNOS = kzalloc(len + 1,
2483 if (ses->serverNOS == NULL)
2484 goto sesssetup_nomem;
2485 strncpy(ses->serverNOS, bcc_ptr, len);
2490 len = strnlen(bcc_ptr, 1024);
2491 if (ses->serverDomain)
2492 kfree(ses->serverDomain);
2493 ses->serverDomain = kzalloc(len + 1,
2495 if (ses->serverDomain == NULL)
2496 goto sesssetup_nomem;
2497 strncpy(ses->serverDomain, bcc_ptr,
2504 ("Variable field of length %d "
2505 "extends beyond end of smb ",
2510 (" Security Blob Length extends beyond "
2515 (" Invalid Word count %d: ",
2516 smb_buffer_response->WordCount));
2519 sesssetup_nomem: /* do not return an error on nomem for the info strings,
2520 since that could make reconnection harder, and
2521 reconnection might be needed to free memory */
2523 cifs_buf_release(smb_buffer);
2529 CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2530 struct cifsSesInfo *ses, int *pNTLMv2_flag,
2531 const struct nls_table *nls_codepage)
2533 struct smb_hdr *smb_buffer;
2534 struct smb_hdr *smb_buffer_response;
2535 SESSION_SETUP_ANDX *pSMB;
2536 SESSION_SETUP_ANDX *pSMBr;
2540 int remaining_words = 0;
2541 int bytes_returned = 0;
2543 int SecurityBlobLength = sizeof (NEGOTIATE_MESSAGE);
2544 PNEGOTIATE_MESSAGE SecurityBlob;
2545 PCHALLENGE_MESSAGE SecurityBlob2;
2546 __u32 negotiate_flags, capabilities;
2549 cFYI(1, ("In NTLMSSP sesssetup (negotiate)"));
2552 domain = ses->domainName;
2553 *pNTLMv2_flag = FALSE;
2554 smb_buffer = cifs_buf_get();
2555 if (smb_buffer == NULL) {
2558 smb_buffer_response = smb_buffer;
2559 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2560 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2562 /* send SMBsessionSetup here */
2563 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2564 NULL /* no tCon exists yet */ , 12 /* wct */ );
2566 smb_buffer->Mid = GetNextMid(ses->server);
2567 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2568 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2570 pSMB->req.AndXCommand = 0xFF;
2571 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2572 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2574 if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2575 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2577 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2578 CAP_EXTENDED_SECURITY;
2579 if (ses->capabilities & CAP_UNICODE) {
2580 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2581 capabilities |= CAP_UNICODE;
2583 if (ses->capabilities & CAP_STATUS32) {
2584 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2585 capabilities |= CAP_STATUS32;
2587 if (ses->capabilities & CAP_DFS) {
2588 smb_buffer->Flags2 |= SMBFLG2_DFS;
2589 capabilities |= CAP_DFS;
2591 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2593 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2594 SecurityBlob = (PNEGOTIATE_MESSAGE) bcc_ptr;
2595 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2596 SecurityBlob->MessageType = NtLmNegotiate;
2598 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
2599 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM |
2600 NTLMSSP_NEGOTIATE_56 |
2601 /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
2603 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
2604 /* if (ntlmv2_support)
2605 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;*/
2606 /* setup pointers to domain name and workstation name */
2607 bcc_ptr += SecurityBlobLength;
2609 SecurityBlob->WorkstationName.Buffer = 0;
2610 SecurityBlob->WorkstationName.Length = 0;
2611 SecurityBlob->WorkstationName.MaximumLength = 0;
2613 /* Domain not sent on first Sesssetup in NTLMSSP, instead it is sent
2614 along with username on auth request (ie the response to challenge) */
2615 SecurityBlob->DomainName.Buffer = 0;
2616 SecurityBlob->DomainName.Length = 0;
2617 SecurityBlob->DomainName.MaximumLength = 0;
2618 if (ses->capabilities & CAP_UNICODE) {
2619 if ((long) bcc_ptr % 2) {
2625 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2627 bcc_ptr += 2 * bytes_returned;
2629 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
2631 bcc_ptr += 2 * bytes_returned;
2632 bcc_ptr += 2; /* null terminate Linux version */
2634 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2636 bcc_ptr += 2 * bytes_returned;
2639 bcc_ptr += 2; /* null terminate network opsys string */
2642 bcc_ptr += 2; /* null domain */
2643 } else { /* ASCII */
2644 strcpy(bcc_ptr, "Linux version ");
2645 bcc_ptr += strlen("Linux version ");
2646 strcpy(bcc_ptr, utsname()->release);
2647 bcc_ptr += strlen(utsname()->release) + 1;
2648 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2649 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2650 bcc_ptr++; /* empty domain field */
2653 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2654 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2655 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2656 smb_buffer->smb_buf_length += count;
2657 pSMB->req.ByteCount = cpu_to_le16(count);
2659 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2660 &bytes_returned, 1);
2662 if (smb_buffer_response->Status.CifsError ==
2663 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
2667 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2668 } else if ((smb_buffer_response->WordCount == 3)
2669 || (smb_buffer_response->WordCount == 4)) {
2670 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2671 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2673 if (action & GUEST_LOGIN)
2674 cFYI(1, (" Guest login"));
2675 /* Do we want to set anything in SesInfo struct when guest login? */
2677 bcc_ptr = pByteArea(smb_buffer_response);
2678 /* response can have either 3 or 4 word count - Samba sends 3 */
2680 SecurityBlob2 = (PCHALLENGE_MESSAGE) bcc_ptr;
2681 if (SecurityBlob2->MessageType != NtLmChallenge) {
2683 ("Unexpected NTLMSSP message type received %d",
2684 SecurityBlob2->MessageType));
2686 ses->Suid = smb_buffer_response->Uid; /* UID left in le format */
2687 cFYI(1, ("UID = %d", ses->Suid));
2688 if ((pSMBr->resp.hdr.WordCount == 3)
2689 || ((pSMBr->resp.hdr.WordCount == 4)
2691 pSMBr->resp.ByteCount))) {
2693 if (pSMBr->resp.hdr.WordCount == 4) {
2694 bcc_ptr += blob_len;
2695 cFYI(1, ("Security Blob Length %d",
2699 cFYI(1, ("NTLMSSP Challenge rcvd"));
2701 memcpy(ses->server->cryptKey,
2702 SecurityBlob2->Challenge,
2703 CIFS_CRYPTO_KEY_SIZE);
2704 if (SecurityBlob2->NegotiateFlags &
2705 cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
2706 *pNTLMv2_flag = TRUE;
2708 if ((SecurityBlob2->NegotiateFlags &
2709 cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN))
2710 || (sign_CIFS_PDUs > 1))
2711 ses->server->secMode |=
2712 SECMODE_SIGN_REQUIRED;
2713 if ((SecurityBlob2->NegotiateFlags &
2714 cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN)) && (sign_CIFS_PDUs))
2715 ses->server->secMode |=
2716 SECMODE_SIGN_ENABLED;
2718 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2719 if ((long) (bcc_ptr) % 2) {
2721 (BCC(smb_buffer_response)
2723 /* Must word align unicode strings */
2728 (smb_buffer_response) / 2;
2731 UniStrnlen((wchar_t *) bcc_ptr,
2732 remaining_words - 1);
2733 /* We look for obvious messed up bcc or strings in response so we do not go off
2734 the end since (at least) WIN2K and Windows XP have a major bug in not null
2735 terminating last Unicode string in response */
2737 kfree(ses->serverOS);
2739 kzalloc(2 * (len + 1), GFP_KERNEL);
2740 cifs_strfromUCS_le(ses->serverOS,
2744 bcc_ptr += 2 * (len + 1);
2745 remaining_words -= len + 1;
2746 ses->serverOS[2 * len] = 0;
2747 ses->serverOS[1 + (2 * len)] = 0;
2748 if (remaining_words > 0) {
2749 len = UniStrnlen((wchar_t *)
2753 kfree(ses->serverNOS);
2755 kzalloc(2 * (len + 1),
2757 cifs_strfromUCS_le(ses->
2763 bcc_ptr += 2 * (len + 1);
2764 ses->serverNOS[2 * len] = 0;
2767 remaining_words -= len + 1;
2768 if (remaining_words > 0) {
2769 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2770 /* last string not always null terminated
2771 (for e.g. for Windows XP & 2000) */
2772 kfree(ses->serverDomain);
2784 ses->serverDomain[2*len]
2789 } /* else no more room so create dummy domain string */
2791 kfree(ses->serverDomain);
2796 } else { /* no room so create dummy domain and NOS string */
2797 kfree(ses->serverDomain);
2799 kzalloc(2, GFP_KERNEL);
2800 kfree(ses->serverNOS);
2802 kzalloc(2, GFP_KERNEL);
2804 } else { /* ASCII */
2805 len = strnlen(bcc_ptr, 1024);
2806 if (((long) bcc_ptr + len) - (long)
2807 pByteArea(smb_buffer_response)
2808 <= BCC(smb_buffer_response)) {
2810 kfree(ses->serverOS);
2814 strncpy(ses->serverOS,
2818 bcc_ptr[0] = 0; /* null terminate string */
2821 len = strnlen(bcc_ptr, 1024);
2822 kfree(ses->serverNOS);
2826 strncpy(ses->serverNOS, bcc_ptr, len);
2831 len = strnlen(bcc_ptr, 1024);
2832 kfree(ses->serverDomain);
2836 strncpy(ses->serverDomain,
2843 ("field of length %d "
2844 "extends beyond end of smb",
2848 cERROR(1, ("Security Blob Length extends beyond"
2852 cERROR(1, ("No session structure passed in."));
2856 (" Invalid Word count %d:",
2857 smb_buffer_response->WordCount));
2862 cifs_buf_release(smb_buffer);
2867 CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2868 char *ntlm_session_key, int ntlmv2_flag,
2869 const struct nls_table *nls_codepage)
2871 struct smb_hdr *smb_buffer;
2872 struct smb_hdr *smb_buffer_response;
2873 SESSION_SETUP_ANDX *pSMB;
2874 SESSION_SETUP_ANDX *pSMBr;
2879 int remaining_words = 0;
2880 int bytes_returned = 0;
2882 int SecurityBlobLength = sizeof (AUTHENTICATE_MESSAGE);
2883 PAUTHENTICATE_MESSAGE SecurityBlob;
2884 __u32 negotiate_flags, capabilities;
2887 cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
2890 user = ses->userName;
2891 domain = ses->domainName;
2892 smb_buffer = cifs_buf_get();
2893 if (smb_buffer == NULL) {
2896 smb_buffer_response = smb_buffer;
2897 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2898 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2900 /* send SMBsessionSetup here */
2901 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2902 NULL /* no tCon exists yet */ , 12 /* wct */ );
2904 smb_buffer->Mid = GetNextMid(ses->server);
2905 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2906 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2907 pSMB->req.AndXCommand = 0xFF;
2908 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2909 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2911 pSMB->req.hdr.Uid = ses->Suid;
2913 if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2914 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2916 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2917 CAP_EXTENDED_SECURITY;
2918 if (ses->capabilities & CAP_UNICODE) {
2919 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2920 capabilities |= CAP_UNICODE;
2922 if (ses->capabilities & CAP_STATUS32) {
2923 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2924 capabilities |= CAP_STATUS32;
2926 if (ses->capabilities & CAP_DFS) {
2927 smb_buffer->Flags2 |= SMBFLG2_DFS;
2928 capabilities |= CAP_DFS;
2930 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2932 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2933 SecurityBlob = (PAUTHENTICATE_MESSAGE) bcc_ptr;
2934 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2935 SecurityBlob->MessageType = NtLmAuthenticate;
2936 bcc_ptr += SecurityBlobLength;
2938 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
2939 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
2940 0x80000000 | NTLMSSP_NEGOTIATE_128;
2942 negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
2944 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
2946 /* setup pointers to domain name and workstation name */
2948 SecurityBlob->WorkstationName.Buffer = 0;
2949 SecurityBlob->WorkstationName.Length = 0;
2950 SecurityBlob->WorkstationName.MaximumLength = 0;
2951 SecurityBlob->SessionKey.Length = 0;
2952 SecurityBlob->SessionKey.MaximumLength = 0;
2953 SecurityBlob->SessionKey.Buffer = 0;
2955 SecurityBlob->LmChallengeResponse.Length = 0;
2956 SecurityBlob->LmChallengeResponse.MaximumLength = 0;
2957 SecurityBlob->LmChallengeResponse.Buffer = 0;
2959 SecurityBlob->NtChallengeResponse.Length =
2960 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2961 SecurityBlob->NtChallengeResponse.MaximumLength =
2962 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2963 memcpy(bcc_ptr, ntlm_session_key, CIFS_SESS_KEY_SIZE);
2964 SecurityBlob->NtChallengeResponse.Buffer =
2965 cpu_to_le32(SecurityBlobLength);
2966 SecurityBlobLength += CIFS_SESS_KEY_SIZE;
2967 bcc_ptr += CIFS_SESS_KEY_SIZE;
2969 if (ses->capabilities & CAP_UNICODE) {
2970 if (domain == NULL) {
2971 SecurityBlob->DomainName.Buffer = 0;
2972 SecurityBlob->DomainName.Length = 0;
2973 SecurityBlob->DomainName.MaximumLength = 0;
2976 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2979 SecurityBlob->DomainName.MaximumLength =
2981 SecurityBlob->DomainName.Buffer =
2982 cpu_to_le32(SecurityBlobLength);
2984 SecurityBlobLength += len;
2985 SecurityBlob->DomainName.Length =
2989 SecurityBlob->UserName.Buffer = 0;
2990 SecurityBlob->UserName.Length = 0;
2991 SecurityBlob->UserName.MaximumLength = 0;
2994 cifs_strtoUCS((__le16 *) bcc_ptr, user, 64,
2997 SecurityBlob->UserName.MaximumLength =
2999 SecurityBlob->UserName.Buffer =
3000 cpu_to_le32(SecurityBlobLength);
3002 SecurityBlobLength += len;
3003 SecurityBlob->UserName.Length =
3007 /* SecurityBlob->WorkstationName.Length =
3008 cifs_strtoUCS((__le16 *) bcc_ptr, "AMACHINE",64, nls_codepage);
3009 SecurityBlob->WorkstationName.Length *= 2;
3010 SecurityBlob->WorkstationName.MaximumLength =
3011 cpu_to_le16(SecurityBlob->WorkstationName.Length);
3012 SecurityBlob->WorkstationName.Buffer =
3013 cpu_to_le32(SecurityBlobLength);
3014 bcc_ptr += SecurityBlob->WorkstationName.Length;
3015 SecurityBlobLength += SecurityBlob->WorkstationName.Length;
3016 SecurityBlob->WorkstationName.Length =
3017 cpu_to_le16(SecurityBlob->WorkstationName.Length); */
3019 if ((long) bcc_ptr % 2) {
3024 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
3026 bcc_ptr += 2 * bytes_returned;
3028 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
3030 bcc_ptr += 2 * bytes_returned;
3031 bcc_ptr += 2; /* null term version string */
3033 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
3035 bcc_ptr += 2 * bytes_returned;
3038 bcc_ptr += 2; /* null terminate network opsys string */
3041 bcc_ptr += 2; /* null domain */
3042 } else { /* ASCII */
3043 if (domain == NULL) {
3044 SecurityBlob->DomainName.Buffer = 0;
3045 SecurityBlob->DomainName.Length = 0;
3046 SecurityBlob->DomainName.MaximumLength = 0;
3049 negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
3050 strncpy(bcc_ptr, domain, 63);
3051 len = strnlen(domain, 64);
3052 SecurityBlob->DomainName.MaximumLength =
3054 SecurityBlob->DomainName.Buffer =
3055 cpu_to_le32(SecurityBlobLength);
3057 SecurityBlobLength += len;
3058 SecurityBlob->DomainName.Length = cpu_to_le16(len);
3061 SecurityBlob->UserName.Buffer = 0;
3062 SecurityBlob->UserName.Length = 0;
3063 SecurityBlob->UserName.MaximumLength = 0;
3066 strncpy(bcc_ptr, user, 63);
3067 len = strnlen(user, 64);
3068 SecurityBlob->UserName.MaximumLength =
3070 SecurityBlob->UserName.Buffer =
3071 cpu_to_le32(SecurityBlobLength);
3073 SecurityBlobLength += len;
3074 SecurityBlob->UserName.Length = cpu_to_le16(len);
3076 /* BB fill in our workstation name if known BB */
3078 strcpy(bcc_ptr, "Linux version ");
3079 bcc_ptr += strlen("Linux version ");
3080 strcpy(bcc_ptr, utsname()->release);
3081 bcc_ptr += strlen(utsname()->release) + 1;
3082 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
3083 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
3084 bcc_ptr++; /* null domain */
3087 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
3088 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
3089 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
3090 smb_buffer->smb_buf_length += count;
3091 pSMB->req.ByteCount = cpu_to_le16(count);
3093 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
3094 &bytes_returned, 1);
3096 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
3097 } else if ((smb_buffer_response->WordCount == 3)
3098 || (smb_buffer_response->WordCount == 4)) {
3099 __u16 action = le16_to_cpu(pSMBr->resp.Action);
3101 le16_to_cpu(pSMBr->resp.SecurityBlobLength);
3102 if (action & GUEST_LOGIN)
3103 cFYI(1, (" Guest login")); /* BB Should we set anything
3104 in SesInfo struct ? */
3105 /* if (SecurityBlob2->MessageType != NtLm??) {
3106 cFYI("Unexpected message type on auth response is %d"));
3111 ("Check challenge UID %d vs auth response UID %d",
3112 ses->Suid, smb_buffer_response->Uid));
3113 /* UID left in wire format */
3114 ses->Suid = smb_buffer_response->Uid;
3115 bcc_ptr = pByteArea(smb_buffer_response);
3116 /* response can have either 3 or 4 word count - Samba sends 3 */
3117 if ((pSMBr->resp.hdr.WordCount == 3)
3118 || ((pSMBr->resp.hdr.WordCount == 4)
3120 pSMBr->resp.ByteCount))) {
3121 if (pSMBr->resp.hdr.WordCount == 4) {
3125 ("Security Blob Length %d ",
3130 ("NTLMSSP response to Authenticate "));
3132 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3133 if ((long) (bcc_ptr) % 2) {
3135 (BCC(smb_buffer_response)
3137 bcc_ptr++; /* Unicode strings must be word aligned */
3139 remaining_words = BCC(smb_buffer_response) / 2;
3142 UniStrnlen((wchar_t *) bcc_ptr,remaining_words - 1);
3143 /* We look for obvious messed up bcc or strings in response so we do not go off
3144 the end since (at least) WIN2K and Windows XP have a major bug in not null
3145 terminating last Unicode string in response */
3147 kfree(ses->serverOS);
3149 kzalloc(2 * (len + 1), GFP_KERNEL);
3150 cifs_strfromUCS_le(ses->serverOS,
3154 bcc_ptr += 2 * (len + 1);
3155 remaining_words -= len + 1;
3156 ses->serverOS[2 * len] = 0;
3157 ses->serverOS[1 + (2 * len)] = 0;
3158 if (remaining_words > 0) {
3159 len = UniStrnlen((wchar_t *)
3163 kfree(ses->serverNOS);
3165 kzalloc(2 * (len + 1),
3167 cifs_strfromUCS_le(ses->
3173 bcc_ptr += 2 * (len + 1);
3174 ses->serverNOS[2 * len] = 0;
3175 ses->serverNOS[1+(2*len)] = 0;
3176 remaining_words -= len + 1;
3177 if (remaining_words > 0) {
3178 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
3179 /* last string not always null terminated (e.g. for Windows XP & 2000) */
3180 if (ses->serverDomain)
3181 kfree(ses->serverDomain);
3206 } /* else no more room so create dummy domain string */
3208 if (ses->serverDomain)
3209 kfree(ses->serverDomain);
3210 ses->serverDomain = kzalloc(2,GFP_KERNEL);
3212 } else { /* no room so create dummy domain and NOS string */
3213 if (ses->serverDomain)
3214 kfree(ses->serverDomain);
3215 ses->serverDomain = kzalloc(2, GFP_KERNEL);
3216 kfree(ses->serverNOS);
3217 ses->serverNOS = kzalloc(2, GFP_KERNEL);
3219 } else { /* ASCII */
3220 len = strnlen(bcc_ptr, 1024);
3221 if (((long) bcc_ptr + len) -
3222 (long) pByteArea(smb_buffer_response)
3223 <= BCC(smb_buffer_response)) {
3225 kfree(ses->serverOS);
3226 ses->serverOS = kzalloc(len + 1,GFP_KERNEL);
3227 strncpy(ses->serverOS,bcc_ptr, len);
3230 bcc_ptr[0] = 0; /* null terminate the string */
3233 len = strnlen(bcc_ptr, 1024);
3234 kfree(ses->serverNOS);
3235 ses->serverNOS = kzalloc(len+1,
3237 strncpy(ses->serverNOS,
3243 len = strnlen(bcc_ptr, 1024);
3244 if (ses->serverDomain)
3245 kfree(ses->serverDomain);
3249 strncpy(ses->serverDomain,
3256 ("field of length %d "
3257 "extends beyond end of smb ",
3262 (" Security Blob extends beyond end "
3266 cERROR(1, ("No session structure passed in."));
3270 (" Invalid Word count %d: ",
3271 smb_buffer_response->WordCount));
3276 cifs_buf_release(smb_buffer);
3282 CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3283 const char *tree, struct cifsTconInfo *tcon,
3284 const struct nls_table *nls_codepage)
3286 struct smb_hdr *smb_buffer;
3287 struct smb_hdr *smb_buffer_response;
3290 unsigned char *bcc_ptr;
3298 smb_buffer = cifs_buf_get();
3299 if (smb_buffer == NULL) {
3302 smb_buffer_response = smb_buffer;
3304 header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3305 NULL /*no tid */ , 4 /*wct */ );
3307 smb_buffer->Mid = GetNextMid(ses->server);
3308 smb_buffer->Uid = ses->Suid;
3309 pSMB = (TCONX_REQ *) smb_buffer;
3310 pSMBr = (TCONX_RSP *) smb_buffer_response;
3312 pSMB->AndXCommand = 0xFF;
3313 pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
3314 bcc_ptr = &pSMB->Password[0];
3315 if ((ses->server->secMode) & SECMODE_USER) {
3316 pSMB->PasswordLength = cpu_to_le16(1); /* minimum */
3317 *bcc_ptr = 0; /* password is null byte */
3318 bcc_ptr++; /* skip password */
3319 /* already aligned so no need to do it below */
3321 pSMB->PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);
3322 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3323 specified as required (when that support is added to
3324 the vfs in the future) as only NTLM or the much
3325 weaker LANMAN (which we do not send by default) is accepted
3326 by Samba (not sure whether other servers allow
3327 NTLMv2 password here) */
3328 #ifdef CONFIG_CIFS_WEAK_PW_HASH
3329 if ((extended_security & CIFSSEC_MAY_LANMAN) &&
3330 (ses->server->secType == LANMAN))
3331 calc_lanman_hash(ses, bcc_ptr);
3333 #endif /* CIFS_WEAK_PW_HASH */
3334 SMBNTencrypt(ses->password,
3335 ses->server->cryptKey,
3338 bcc_ptr += CIFS_SESS_KEY_SIZE;
3339 if (ses->capabilities & CAP_UNICODE) {
3340 /* must align unicode strings */
3341 *bcc_ptr = 0; /* null byte password */
3346 if (ses->server->secMode &
3347 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3348 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3350 if (ses->capabilities & CAP_STATUS32) {
3351 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3353 if (ses->capabilities & CAP_DFS) {
3354 smb_buffer->Flags2 |= SMBFLG2_DFS;
3356 if (ses->capabilities & CAP_UNICODE) {
3357 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3359 cifs_strtoUCS((__le16 *) bcc_ptr, tree,
3360 6 /* max utf8 char length in bytes */ *
3361 (/* server len*/ + 256 /* share len */), nls_codepage);
3362 bcc_ptr += 2 * length; /* convert num 16 bit words to bytes */
3363 bcc_ptr += 2; /* skip trailing null */
3364 } else { /* ASCII */
3365 strcpy(bcc_ptr, tree);
3366 bcc_ptr += strlen(tree) + 1;
3368 strcpy(bcc_ptr, "?????");
3369 bcc_ptr += strlen("?????");
3371 count = bcc_ptr - &pSMB->Password[0];
3372 pSMB->hdr.smb_buf_length += count;
3373 pSMB->ByteCount = cpu_to_le16(count);
3375 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length, 0);
3377 /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3378 /* above now done in SendReceive */
3379 if ((rc == 0) && (tcon != NULL)) {
3380 tcon->tidStatus = CifsGood;
3381 tcon->tid = smb_buffer_response->Tid;
3382 bcc_ptr = pByteArea(smb_buffer_response);
3383 length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2);
3384 /* skip service field (NB: this field is always ASCII) */
3385 bcc_ptr += length + 1;
3386 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3387 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3388 length = UniStrnlen((wchar_t *) bcc_ptr, 512);
3389 if ((bcc_ptr + (2 * length)) -
3390 pByteArea(smb_buffer_response) <=
3391 BCC(smb_buffer_response)) {
3392 kfree(tcon->nativeFileSystem);
3393 tcon->nativeFileSystem =
3394 kzalloc(length + 2, GFP_KERNEL);
3395 cifs_strfromUCS_le(tcon->nativeFileSystem,
3397 length, nls_codepage);
3398 bcc_ptr += 2 * length;
3399 bcc_ptr[0] = 0; /* null terminate the string */
3403 /* else do not bother copying these information fields*/
3405 length = strnlen(bcc_ptr, 1024);
3406 if ((bcc_ptr + length) -
3407 pByteArea(smb_buffer_response) <=
3408 BCC(smb_buffer_response)) {
3409 kfree(tcon->nativeFileSystem);
3410 tcon->nativeFileSystem =
3411 kzalloc(length + 1, GFP_KERNEL);
3412 strncpy(tcon->nativeFileSystem, bcc_ptr,
3415 /* else do not bother copying these information fields*/
3417 if ((smb_buffer_response->WordCount == 3) ||
3418 (smb_buffer_response->WordCount == 7))
3419 /* field is in same location */
3420 tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3423 cFYI(1, ("Tcon flags: 0x%x ", tcon->Flags));
3424 } else if ((rc == 0) && tcon == NULL) {
3425 /* all we need to save for IPC$ connection */
3426 ses->ipc_tid = smb_buffer_response->Tid;
3430 cifs_buf_release(smb_buffer);
3435 cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3439 struct cifsSesInfo *ses = NULL;
3440 struct task_struct *cifsd_task;
3445 if (cifs_sb->tcon) {
3446 ses = cifs_sb->tcon->ses; /* save ptr to ses before delete tcon!*/
3447 rc = CIFSSMBTDis(xid, cifs_sb->tcon);
3452 tconInfoFree(cifs_sb->tcon);
3453 if ((ses) && (ses->server)) {
3454 /* save off task so we do not refer to ses later */
3455 cifsd_task = ses->server->tsk;
3456 cFYI(1, ("About to do SMBLogoff "));
3457 rc = CIFSSMBLogoff(xid, ses);
3461 } else if (rc == -ESHUTDOWN) {
3462 cFYI(1, ("Waking up socket by sending signal"));
3464 force_sig(SIGKILL, cifsd_task);
3465 kthread_stop(cifsd_task);
3468 } /* else - we have an smb session
3469 left on this socket do not kill cifsd */
3471 cFYI(1, ("No session or bad tcon"));
3474 cifs_sb->tcon = NULL;
3475 tmp = cifs_sb->prepath;
3476 cifs_sb->prepathlen = 0;
3477 cifs_sb->prepath = NULL;
3480 schedule_timeout_interruptible(msecs_to_jiffies(500));
3485 return rc; /* BB check if we should always return zero here */
3488 int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
3489 struct nls_table *nls_info)
3492 char ntlm_session_key[CIFS_SESS_KEY_SIZE];
3493 int ntlmv2_flag = FALSE;
3496 /* what if server changes its buffer size after dropping the session? */
3497 if (pSesInfo->server->maxBuf == 0) /* no need to send on reconnect */ {
3498 rc = CIFSSMBNegotiate(xid, pSesInfo);
3499 if (rc == -EAGAIN) /* retry only once on 1st time connection */ {
3500 rc = CIFSSMBNegotiate(xid, pSesInfo);
3505 spin_lock(&GlobalMid_Lock);
3506 if (pSesInfo->server->tcpStatus != CifsExiting)
3507 pSesInfo->server->tcpStatus = CifsGood;
3510 spin_unlock(&GlobalMid_Lock);
3516 pSesInfo->flags = 0;
3517 pSesInfo->capabilities = pSesInfo->server->capabilities;
3518 if (linuxExtEnabled == 0)
3519 pSesInfo->capabilities &= (~CAP_UNIX);
3520 /* pSesInfo->sequence_number = 0;*/
3522 ("Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d",
3523 pSesInfo->server->secMode,
3524 pSesInfo->server->capabilities,
3525 pSesInfo->server->timeAdj));
3526 if (experimEnabled < 2)
3527 rc = CIFS_SessSetup(xid, pSesInfo,
3528 first_time, nls_info);
3529 else if (extended_security
3530 && (pSesInfo->capabilities
3531 & CAP_EXTENDED_SECURITY)
3532 && (pSesInfo->server->secType == NTLMSSP)) {
3534 } else if (extended_security
3535 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3536 && (pSesInfo->server->secType == RawNTLMSSP)) {
3537 cFYI(1, ("NTLMSSP sesssetup"));
3538 rc = CIFSNTLMSSPNegotiateSessSetup(xid,
3545 cFYI(1, ("more secure NTLM ver2 hash"));
3546 if (CalcNTLMv2_partial_mac_key(pSesInfo,
3551 v2_response = kmalloc(16 + 64 /* blob */, GFP_KERNEL);
3553 CalcNTLMv2_response(pSesInfo,
3556 cifs_calculate_ntlmv2_mac_key(
3557 pSesInfo->server->mac_signing_key,
3558 response, ntlm_session_key,*/
3560 /* BB Put dummy sig in SessSetup PDU? */
3567 SMBNTencrypt(pSesInfo->password,
3568 pSesInfo->server->cryptKey,
3572 cifs_calculate_mac_key(
3573 &pSesInfo->server->mac_signing_key,
3575 pSesInfo->password);
3577 /* for better security the weaker lanman hash not sent
3578 in AuthSessSetup so we no longer calculate it */
3580 rc = CIFSNTLMSSPAuthSessSetup(xid,
3586 } else { /* old style NTLM 0.12 session setup */
3587 SMBNTencrypt(pSesInfo->password,
3588 pSesInfo->server->cryptKey,
3592 cifs_calculate_mac_key(
3593 &pSesInfo->server->mac_signing_key,
3594 ntlm_session_key, pSesInfo->password);
3596 rc = CIFSSessSetup(xid, pSesInfo,
3597 ntlm_session_key, nls_info);
3600 cERROR(1, ("Send error in SessSetup = %d", rc));
3602 cFYI(1, ("CIFS Session Established successfully"));
3603 pSesInfo->status = CifsGood;