4 * Copyright (C) International Business Machines Corp., 2002,2006
5 * Author(s): Steve French (sfrench@us.ibm.com)
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/ipv6.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/pagevec.h>
34 #include <asm/uaccess.h>
35 #include <asm/processor.h>
38 #include "cifsproto.h"
39 #include "cifs_unicode.h"
40 #include "cifs_debug.h"
41 #include "cifs_fs_sb.h"
44 #include "rfc1002pdu.h"
48 #define RFC1001_PORT 139
50 static DECLARE_COMPLETION(cifsd_complete);
52 extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
55 extern mempool_t *cifs_req_poolp;
63 char *in6_addr; /* ipv6 address as human readable form of in6_addr */
64 char *iocharset; /* local code page for mapping to and from Unicode */
65 char source_rfc1001_name[16]; /* netbios name of client */
66 char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
77 unsigned no_psx_acl:1; /* set if posix acl support should be disabled */
79 unsigned no_xattr:1; /* set if xattr (EA) support should be disabled*/
80 unsigned server_ino:1; /* use inode numbers from server ie UniqueId */
82 unsigned remap:1; /* set to remap seven reserved chars in filenames */
83 unsigned posix_paths:1; /* unset to not ask for posix pathnames. */
85 unsigned nullauth:1; /* attempt to authenticate with null user */
86 unsigned nocase; /* request case insensitive filenames */
87 unsigned nobrl; /* disable sending byte range locks to srv */
91 unsigned short int port;
94 static int ipv4_connect(struct sockaddr_in *psin_server,
95 struct socket **csocket,
97 char * server_netb_name);
98 static int ipv6_connect(struct sockaddr_in6 *psin_server,
99 struct socket **csocket);
103 * cifs tcp session reconnection
105 * mark tcp session as reconnecting so temporarily locked
106 * mark all smb sessions as reconnecting for tcp session
107 * reconnect tcp session
108 * wake up waiters on reconnection? - (not needed currently)
112 cifs_reconnect(struct TCP_Server_Info *server)
115 struct list_head *tmp;
116 struct cifsSesInfo *ses;
117 struct cifsTconInfo *tcon;
118 struct mid_q_entry * mid_entry;
120 spin_lock(&GlobalMid_Lock);
121 if(server->tcpStatus == CifsExiting) {
122 /* the demux thread will exit normally
123 next time through the loop */
124 spin_unlock(&GlobalMid_Lock);
127 server->tcpStatus = CifsNeedReconnect;
128 spin_unlock(&GlobalMid_Lock);
131 cFYI(1, ("Reconnecting tcp session"));
133 /* before reconnecting the tcp session, mark the smb session (uid)
134 and the tid bad so they are not used until reconnected */
135 read_lock(&GlobalSMBSeslock);
136 list_for_each(tmp, &GlobalSMBSessionList) {
137 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
139 if (ses->server == server) {
140 ses->status = CifsNeedReconnect;
144 /* else tcp and smb sessions need reconnection */
146 list_for_each(tmp, &GlobalTreeConnectionList) {
147 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
148 if((tcon) && (tcon->ses) && (tcon->ses->server == server)) {
149 tcon->tidStatus = CifsNeedReconnect;
152 read_unlock(&GlobalSMBSeslock);
153 /* do not want to be sending data on a socket we are freeing */
154 down(&server->tcpSem);
155 if(server->ssocket) {
156 cFYI(1,("State: 0x%x Flags: 0x%lx", server->ssocket->state,
157 server->ssocket->flags));
158 server->ssocket->ops->shutdown(server->ssocket,SEND_SHUTDOWN);
159 cFYI(1,("Post shutdown state: 0x%x Flags: 0x%lx", server->ssocket->state,
160 server->ssocket->flags));
161 sock_release(server->ssocket);
162 server->ssocket = NULL;
165 spin_lock(&GlobalMid_Lock);
166 list_for_each(tmp, &server->pending_mid_q) {
167 mid_entry = list_entry(tmp, struct
171 if(mid_entry->midState == MID_REQUEST_SUBMITTED) {
172 /* Mark other intransit requests as needing
173 retry so we do not immediately mark the
174 session bad again (ie after we reconnect
175 below) as they timeout too */
176 mid_entry->midState = MID_RETRY_NEEDED;
180 spin_unlock(&GlobalMid_Lock);
183 while ((server->tcpStatus != CifsExiting) && (server->tcpStatus != CifsGood))
186 if(server->protocolType == IPV6) {
187 rc = ipv6_connect(&server->addr.sockAddr6,&server->ssocket);
189 rc = ipv4_connect(&server->addr.sockAddr,
191 server->workstation_RFC1001_name,
192 server->server_RFC1001_name);
195 cFYI(1,("reconnect error %d",rc));
198 atomic_inc(&tcpSesReconnectCount);
199 spin_lock(&GlobalMid_Lock);
200 if(server->tcpStatus != CifsExiting)
201 server->tcpStatus = CifsGood;
202 server->sequence_number = 0;
203 spin_unlock(&GlobalMid_Lock);
204 /* atomic_set(&server->inFlight,0);*/
205 wake_up(&server->response_q);
213 0 not a transact2, or all data present
214 >0 transact2 with that much data missing
215 -EINVAL = invalid transact2
218 static int check2ndT2(struct smb_hdr * pSMB, unsigned int maxBufSize)
220 struct smb_t2_rsp * pSMBt;
222 int data_in_this_rsp;
225 if(pSMB->Command != SMB_COM_TRANSACTION2)
228 /* check for plausible wct, bcc and t2 data and parm sizes */
229 /* check for parm and data offset going beyond end of smb */
230 if(pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
231 cFYI(1,("invalid transact2 word count"));
235 pSMBt = (struct smb_t2_rsp *)pSMB;
237 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
238 data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
240 remaining = total_data_size - data_in_this_rsp;
244 else if(remaining < 0) {
245 cFYI(1,("total data %d smaller than data in frame %d",
246 total_data_size, data_in_this_rsp));
249 cFYI(1,("missing %d bytes from transact2, check next response",
251 if(total_data_size > maxBufSize) {
252 cERROR(1,("TotalDataSize %d is over maximum buffer %d",
253 total_data_size,maxBufSize));
260 static int coalesce_t2(struct smb_hdr * psecond, struct smb_hdr *pTargetSMB)
262 struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
263 struct smb_t2_rsp *pSMBt = (struct smb_t2_rsp *)pTargetSMB;
268 char * data_area_of_target;
269 char * data_area_of_buf2;
272 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
274 if(total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
275 cFYI(1,("total data sizes of primary and secondary t2 differ"));
278 total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
280 remaining = total_data_size - total_in_buf;
285 if(remaining == 0) /* nothing to do, ignore */
288 total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
289 if(remaining < total_in_buf2) {
290 cFYI(1,("transact2 2nd response contains too much data"));
293 /* find end of first SMB data area */
294 data_area_of_target = (char *)&pSMBt->hdr.Protocol +
295 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
296 /* validate target area */
298 data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
299 le16_to_cpu(pSMB2->t2_rsp.DataOffset);
301 data_area_of_target += total_in_buf;
303 /* copy second buffer into end of first buffer */
304 memcpy(data_area_of_target,data_area_of_buf2,total_in_buf2);
305 total_in_buf += total_in_buf2;
306 pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
307 byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
308 byte_count += total_in_buf2;
309 BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
311 byte_count = pTargetSMB->smb_buf_length;
312 byte_count += total_in_buf2;
314 /* BB also add check that we are not beyond maximum buffer size */
316 pTargetSMB->smb_buf_length = byte_count;
318 if(remaining == total_in_buf2) {
319 cFYI(1,("found the last secondary response"));
320 return 0; /* we are done */
321 } else /* more responses to go */
327 cifs_demultiplex_thread(struct TCP_Server_Info *server)
330 unsigned int pdu_length, total_read;
331 struct smb_hdr *smb_buffer = NULL;
332 struct smb_hdr *bigbuf = NULL;
333 struct smb_hdr *smallbuf = NULL;
334 struct msghdr smb_msg;
336 struct socket *csocket = server->ssocket;
337 struct list_head *tmp;
338 struct cifsSesInfo *ses;
339 struct task_struct *task_to_wake = NULL;
340 struct mid_q_entry *mid_entry;
342 int isLargeBuf = FALSE;
347 allow_signal(SIGKILL);
348 current->flags |= PF_MEMALLOC;
349 server->tsk = current; /* save process info to wake at shutdown */
350 cFYI(1, ("Demultiplex PID: %d", current->pid));
351 write_lock(&GlobalSMBSeslock);
352 atomic_inc(&tcpSesAllocCount);
353 length = tcpSesAllocCount.counter;
354 write_unlock(&GlobalSMBSeslock);
355 complete(&cifsd_complete);
357 mempool_resize(cifs_req_poolp,
358 length + cifs_min_rcv,
362 while (server->tcpStatus != CifsExiting) {
365 if (bigbuf == NULL) {
366 bigbuf = cifs_buf_get();
368 cERROR(1, ("No memory for large SMB response"));
370 /* retry will check if exiting */
373 } else if (isLargeBuf) {
374 /* we are reusing a dirty large buf, clear its start */
375 memset(bigbuf, 0, sizeof (struct smb_hdr));
378 if (smallbuf == NULL) {
379 smallbuf = cifs_small_buf_get();
381 cERROR(1, ("No memory for SMB response"));
383 /* retry will check if exiting */
386 /* beginning of smb buffer is cleared in our buf_get */
387 } else /* if existing small buf clear beginning */
388 memset(smallbuf, 0, sizeof (struct smb_hdr));
392 smb_buffer = smallbuf;
393 iov.iov_base = smb_buffer;
395 smb_msg.msg_control = NULL;
396 smb_msg.msg_controllen = 0;
398 kernel_recvmsg(csocket, &smb_msg,
399 &iov, 1, 4, 0 /* BB see socket.h flags */);
401 if (server->tcpStatus == CifsExiting) {
403 } else if (server->tcpStatus == CifsNeedReconnect) {
404 cFYI(1, ("Reconnect after server stopped responding"));
405 cifs_reconnect(server);
406 cFYI(1, ("call to reconnect done"));
407 csocket = server->ssocket;
409 } else if ((length == -ERESTARTSYS) || (length == -EAGAIN)) {
410 msleep(1); /* minimum sleep to prevent looping
411 allowing socket to clear and app threads to set
412 tcpStatus CifsNeedReconnect if server hung */
414 } else if (length <= 0) {
415 if (server->tcpStatus == CifsNew) {
416 cFYI(1, ("tcp session abend after SMBnegprot"));
417 /* some servers kill the TCP session rather than
418 returning an SMB negprot error, in which
419 case reconnecting here is not going to help,
420 and so simply return error to mount */
423 if (!try_to_freeze() && (length == -EINTR)) {
424 cFYI(1,("cifsd thread killed"));
427 cFYI(1,("Reconnect after unexpected peek error %d",
429 cifs_reconnect(server);
430 csocket = server->ssocket;
431 wake_up(&server->response_q);
433 } else if (length < 4) {
435 ("Frame under four bytes received (%d bytes long)",
437 cifs_reconnect(server);
438 csocket = server->ssocket;
439 wake_up(&server->response_q);
443 /* The right amount was read from socket - 4 bytes */
444 /* so we can now interpret the length field */
446 /* the first byte big endian of the length field,
447 is actually not part of the length but the type
448 with the most common, zero, as regular data */
449 temp = *((char *) smb_buffer);
451 /* Note that FC 1001 length is big endian on the wire,
452 but we convert it here so it is always manipulated
453 as host byte order */
454 pdu_length = ntohl(smb_buffer->smb_buf_length);
455 smb_buffer->smb_buf_length = pdu_length;
457 cFYI(1,("rfc1002 length 0x%x)", pdu_length+4));
459 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
461 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
462 cFYI(1,("Good RFC 1002 session rsp"));
464 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
465 /* we get this from Windows 98 instead of
466 an error on SMB negprot response */
467 cFYI(1,("Negative RFC1002 Session Response Error 0x%x)",
469 if(server->tcpStatus == CifsNew) {
470 /* if nack on negprot (rather than
471 ret of smb negprot error) reconnecting
472 not going to help, ret error to mount */
475 /* give server a second to
476 clean up before reconnect attempt */
478 /* always try 445 first on reconnect
479 since we get NACK on some if we ever
480 connected to port 139 (the NACK is
481 since we do not begin with RFC1001
482 session initialize frame) */
483 server->addr.sockAddr.sin_port =
485 cifs_reconnect(server);
486 csocket = server->ssocket;
487 wake_up(&server->response_q);
490 } else if (temp != (char) 0) {
491 cERROR(1,("Unknown RFC 1002 frame"));
492 cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
494 cifs_reconnect(server);
495 csocket = server->ssocket;
499 /* else we have an SMB response */
500 if((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
501 (pdu_length < sizeof (struct smb_hdr) - 1 - 4)) {
502 cERROR(1, ("Invalid size SMB length %d pdu_length %d",
503 length, pdu_length+4));
504 cifs_reconnect(server);
505 csocket = server->ssocket;
506 wake_up(&server->response_q);
513 if(pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
515 memcpy(bigbuf, smallbuf, 4);
519 iov.iov_base = 4 + (char *)smb_buffer;
520 iov.iov_len = pdu_length;
521 for (total_read = 0; total_read < pdu_length;
522 total_read += length) {
523 length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
524 pdu_length - total_read, 0);
525 if((server->tcpStatus == CifsExiting) ||
526 (length == -EINTR)) {
530 } else if (server->tcpStatus == CifsNeedReconnect) {
531 cifs_reconnect(server);
532 csocket = server->ssocket;
533 /* Reconnect wakes up rspns q */
534 /* Now we will reread sock */
537 } else if ((length == -ERESTARTSYS) ||
538 (length == -EAGAIN)) {
539 msleep(1); /* minimum sleep to prevent looping,
540 allowing socket to clear and app
541 threads to set tcpStatus
542 CifsNeedReconnect if server hung*/
544 } else if (length <= 0) {
545 cERROR(1,("Received no data, expecting %d",
546 pdu_length - total_read));
547 cifs_reconnect(server);
548 csocket = server->ssocket;
555 else if(reconnect == 1)
558 length += 4; /* account for rfc1002 hdr */
561 dump_smb(smb_buffer, length);
562 if (checkSMB(smb_buffer, smb_buffer->Mid, total_read+4)) {
563 cifs_dump_mem("Bad SMB: ", smb_buffer, 48);
569 spin_lock(&GlobalMid_Lock);
570 list_for_each(tmp, &server->pending_mid_q) {
571 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
573 if ((mid_entry->mid == smb_buffer->Mid) &&
574 (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
575 (mid_entry->command == smb_buffer->Command)) {
576 if(check2ndT2(smb_buffer,server->maxBuf) > 0) {
577 /* We have a multipart transact2 resp */
579 if(mid_entry->resp_buf) {
580 /* merge response - fix up 1st*/
581 if(coalesce_t2(smb_buffer,
582 mid_entry->resp_buf)) {
583 mid_entry->multiRsp = 1;
586 /* all parts received */
587 mid_entry->multiEnd = 1;
592 cERROR(1,("1st trans2 resp needs bigbuf"));
593 /* BB maybe we can fix this up, switch
594 to already allocated large buffer? */
596 /* Have first buffer */
597 mid_entry->resp_buf =
599 mid_entry->largeBuf = 1;
605 mid_entry->resp_buf = smb_buffer;
607 mid_entry->largeBuf = 1;
609 mid_entry->largeBuf = 0;
611 task_to_wake = mid_entry->tsk;
612 mid_entry->midState = MID_RESPONSE_RECEIVED;
613 #ifdef CONFIG_CIFS_STATS2
614 mid_entry->when_received = jiffies;
616 /* so we do not time out requests to server
617 which is still responding (since server could
618 be busy but not dead) */
619 server->lstrp = jiffies;
623 spin_unlock(&GlobalMid_Lock);
625 /* Was previous buf put in mpx struct for multi-rsp? */
627 /* smb buffer will be freed by user thread */
633 wake_up_process(task_to_wake);
634 } else if ((is_valid_oplock_break(smb_buffer, server) == FALSE)
635 && (isMultiRsp == FALSE)) {
636 cERROR(1, ("No task to wake, unknown frame rcvd! NumMids %d", midCount.counter));
637 cifs_dump_mem("Received Data is: ",(char *)smb_buffer,
638 sizeof(struct smb_hdr));
639 #ifdef CONFIG_CIFS_DEBUG2
640 cifs_dump_detail(smb_buffer);
641 cifs_dump_mids(server);
642 #endif /* CIFS_DEBUG2 */
645 } /* end while !EXITING */
647 spin_lock(&GlobalMid_Lock);
648 server->tcpStatus = CifsExiting;
650 /* check if we have blocked requests that need to free */
651 /* Note that cifs_max_pending is normally 50, but
652 can be set at module install time to as little as two */
653 if(atomic_read(&server->inFlight) >= cifs_max_pending)
654 atomic_set(&server->inFlight, cifs_max_pending - 1);
655 /* We do not want to set the max_pending too low or we
656 could end up with the counter going negative */
657 spin_unlock(&GlobalMid_Lock);
658 /* Although there should not be any requests blocked on
659 this queue it can not hurt to be paranoid and try to wake up requests
660 that may haven been blocked when more than 50 at time were on the wire
661 to the same server - they now will see the session is in exit state
662 and get out of SendReceive. */
663 wake_up_all(&server->request_q);
664 /* give those requests time to exit */
667 if(server->ssocket) {
668 sock_release(csocket);
669 server->ssocket = NULL;
671 /* buffer usuallly freed in free_mid - need to free it here on exit */
673 cifs_buf_release(bigbuf);
674 if (smallbuf != NULL)
675 cifs_small_buf_release(smallbuf);
677 read_lock(&GlobalSMBSeslock);
678 if (list_empty(&server->pending_mid_q)) {
679 /* loop through server session structures attached to this and
681 list_for_each(tmp, &GlobalSMBSessionList) {
683 list_entry(tmp, struct cifsSesInfo,
685 if (ses->server == server) {
686 ses->status = CifsExiting;
690 read_unlock(&GlobalSMBSeslock);
692 /* although we can not zero the server struct pointer yet,
693 since there are active requests which may depnd on them,
694 mark the corresponding SMB sessions as exiting too */
695 list_for_each(tmp, &GlobalSMBSessionList) {
696 ses = list_entry(tmp, struct cifsSesInfo,
698 if (ses->server == server) {
699 ses->status = CifsExiting;
703 spin_lock(&GlobalMid_Lock);
704 list_for_each(tmp, &server->pending_mid_q) {
705 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
706 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
708 ("Clearing Mid 0x%x - waking up ",mid_entry->mid));
709 task_to_wake = mid_entry->tsk;
711 wake_up_process(task_to_wake);
715 spin_unlock(&GlobalMid_Lock);
716 read_unlock(&GlobalSMBSeslock);
717 /* 1/8th of sec is more than enough time for them to exit */
721 if (!list_empty(&server->pending_mid_q)) {
722 /* mpx threads have not exited yet give them
723 at least the smb send timeout time for long ops */
724 /* due to delays on oplock break requests, we need
725 to wait at least 45 seconds before giving up
726 on a request getting a response and going ahead
728 cFYI(1, ("Wait for exit from demultiplex thread"));
730 /* if threads still have not exited they are probably never
731 coming home not much else we can do but free the memory */
734 write_lock(&GlobalSMBSeslock);
735 atomic_dec(&tcpSesAllocCount);
736 length = tcpSesAllocCount.counter;
738 /* last chance to mark ses pointers invalid
739 if there are any pointing to this (e.g
740 if a crazy root user tried to kill cifsd
741 kernel thread explicitly this might happen) */
742 list_for_each(tmp, &GlobalSMBSessionList) {
743 ses = list_entry(tmp, struct cifsSesInfo,
745 if (ses->server == server) {
749 write_unlock(&GlobalSMBSeslock);
753 mempool_resize(cifs_req_poolp,
754 length + cifs_min_rcv,
758 complete_and_exit(&cifsd_complete, 0);
763 cifs_parse_mount_options(char *options, const char *devname,struct smb_vol *vol)
767 unsigned int temp_len, i, j;
773 memset(vol->source_rfc1001_name,0x20,15);
774 for(i=0;i < strnlen(system_utsname.nodename,15);i++) {
775 /* does not have to be a perfect mapping since the field is
776 informational, only used for servers that do not support
777 port 445 and it can be overridden at mount time */
778 vol->source_rfc1001_name[i] =
779 toupper(system_utsname.nodename[i]);
781 vol->source_rfc1001_name[15] = 0;
782 /* null target name indicates to use *SMBSERVR default called name
783 if we end up sending RFC1001 session initialize */
784 vol->target_rfc1001_name[0] = 0;
785 vol->linux_uid = current->uid; /* current->euid instead? */
786 vol->linux_gid = current->gid;
787 vol->dir_mode = S_IRWXUGO;
788 /* 2767 perms indicate mandatory locking support */
789 vol->file_mode = S_IALLUGO & ~(S_ISUID | S_IXGRP);
791 /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
793 /* default is always to request posix paths. */
794 vol->posix_paths = 1;
799 if(strncmp(options,"sep=",4) == 0) {
800 if(options[4] != 0) {
801 separator[0] = options[4];
804 cFYI(1,("Null separator not allowed"));
808 while ((data = strsep(&options, separator)) != NULL) {
811 if ((value = strchr(data, '=')) != NULL)
814 if (strnicmp(data, "user_xattr",10) == 0) {/*parse before user*/
816 } else if (strnicmp(data, "nouser_xattr",12) == 0) {
818 } else if (strnicmp(data, "user", 4) == 0) {
819 if (!value || !*value) {
821 "CIFS: invalid or missing username\n");
822 return 1; /* needs_arg; */
824 if (strnlen(value, 200) < 200) {
825 vol->username = value;
827 printk(KERN_WARNING "CIFS: username too long\n");
830 } else if (strnicmp(data, "pass", 4) == 0) {
832 vol->password = NULL;
834 } else if(value[0] == 0) {
835 /* check if string begins with double comma
836 since that would mean the password really
837 does start with a comma, and would not
838 indicate an empty string */
839 if(value[1] != separator[0]) {
840 vol->password = NULL;
844 temp_len = strlen(value);
845 /* removed password length check, NTLM passwords
846 can be arbitrarily long */
848 /* if comma in password, the string will be
849 prematurely null terminated. Commas in password are
850 specified across the cifs mount interface by a double
851 comma ie ,, and a comma used as in other cases ie ','
852 as a parameter delimiter/separator is single and due
853 to the strsep above is temporarily zeroed. */
855 /* NB: password legally can have multiple commas and
856 the only illegal character in a password is null */
858 if ((value[temp_len] == 0) &&
859 (value[temp_len+1] == separator[0])) {
861 value[temp_len] = separator[0];
862 temp_len+=2; /* move after the second comma */
863 while(value[temp_len] != 0) {
864 if (value[temp_len] == separator[0]) {
865 if (value[temp_len+1] ==
867 /* skip second comma */
870 /* single comma indicating start
877 if(value[temp_len] == 0) {
881 /* point option to start of next parm */
882 options = value + temp_len + 1;
884 /* go from value to value + temp_len condensing
885 double commas to singles. Note that this ends up
886 allocating a few bytes too many, which is ok */
887 vol->password = kzalloc(temp_len, GFP_KERNEL);
888 if(vol->password == NULL) {
889 printk("CIFS: no memory for pass\n");
892 for(i=0,j=0;i<temp_len;i++,j++) {
893 vol->password[j] = value[i];
894 if(value[i] == separator[0]
895 && value[i+1] == separator[0]) {
896 /* skip second comma */
900 vol->password[j] = 0;
902 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
903 if(vol->password == NULL) {
904 printk("CIFS: no memory for pass\n");
907 strcpy(vol->password, value);
909 } else if (strnicmp(data, "ip", 2) == 0) {
910 if (!value || !*value) {
912 } else if (strnlen(value, 35) < 35) {
915 printk(KERN_WARNING "CIFS: ip address too long\n");
918 } else if (strnicmp(data, "sec", 3) == 0) {
919 if (!value || !*value) {
920 cERROR(1,("no security value specified"));
922 } else if (strnicmp(value, "krb5i", 5) == 0) {
923 vol->secFlg |= CIFSSEC_MAY_KRB5 |
925 } else if (strnicmp(value, "krb5p", 5) == 0) {
926 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
928 cERROR(1,("Krb5 cifs privacy not supported"));
930 } else if (strnicmp(value, "krb5", 4) == 0) {
931 vol->secFlg |= CIFSSEC_MAY_KRB5;
932 } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
933 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
935 } else if (strnicmp(value, "ntlmv2", 6) == 0) {
936 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
937 } else if (strnicmp(value, "ntlmi", 5) == 0) {
938 vol->secFlg |= CIFSSEC_MAY_NTLM |
940 } else if (strnicmp(value, "ntlm", 4) == 0) {
941 /* ntlm is default so can be turned off too */
942 vol->secFlg |= CIFSSEC_MAY_NTLM;
943 } else if (strnicmp(value, "nontlm", 6) == 0) {
944 /* BB is there a better way to do this? */
945 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
946 #ifdef CONFIG_CIFS_WEAK_PW_HASH
947 } else if (strnicmp(value, "lanman", 6) == 0) {
948 vol->secFlg |= CIFSSEC_MAY_LANMAN;
950 } else if (strnicmp(value, "none", 4) == 0) {
953 cERROR(1,("bad security option: %s", value));
956 } else if ((strnicmp(data, "unc", 3) == 0)
957 || (strnicmp(data, "target", 6) == 0)
958 || (strnicmp(data, "path", 4) == 0)) {
959 if (!value || !*value) {
961 "CIFS: invalid path to network resource\n");
962 return 1; /* needs_arg; */
964 if ((temp_len = strnlen(value, 300)) < 300) {
965 vol->UNC = kmalloc(temp_len+1,GFP_KERNEL);
968 strcpy(vol->UNC,value);
969 if (strncmp(vol->UNC, "//", 2) == 0) {
972 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
974 "CIFS: UNC Path does not begin with // or \\\\ \n");
978 printk(KERN_WARNING "CIFS: UNC name too long\n");
981 } else if ((strnicmp(data, "domain", 3) == 0)
982 || (strnicmp(data, "workgroup", 5) == 0)) {
983 if (!value || !*value) {
984 printk(KERN_WARNING "CIFS: invalid domain name\n");
985 return 1; /* needs_arg; */
987 /* BB are there cases in which a comma can be valid in
988 a domain name and need special handling? */
989 if (strnlen(value, 256) < 256) {
990 vol->domainname = value;
991 cFYI(1, ("Domain name set"));
993 printk(KERN_WARNING "CIFS: domain name too long\n");
996 } else if (strnicmp(data, "iocharset", 9) == 0) {
997 if (!value || !*value) {
998 printk(KERN_WARNING "CIFS: invalid iocharset specified\n");
999 return 1; /* needs_arg; */
1001 if (strnlen(value, 65) < 65) {
1002 if(strnicmp(value,"default",7))
1003 vol->iocharset = value;
1004 /* if iocharset not set load_nls_default used by caller */
1005 cFYI(1, ("iocharset set to %s",value));
1007 printk(KERN_WARNING "CIFS: iocharset name too long.\n");
1010 } else if (strnicmp(data, "uid", 3) == 0) {
1011 if (value && *value) {
1013 simple_strtoul(value, &value, 0);
1015 } else if (strnicmp(data, "gid", 3) == 0) {
1016 if (value && *value) {
1018 simple_strtoul(value, &value, 0);
1020 } else if (strnicmp(data, "file_mode", 4) == 0) {
1021 if (value && *value) {
1023 simple_strtoul(value, &value, 0);
1025 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1026 if (value && *value) {
1028 simple_strtoul(value, &value, 0);
1030 } else if (strnicmp(data, "dirmode", 4) == 0) {
1031 if (value && *value) {
1033 simple_strtoul(value, &value, 0);
1035 } else if (strnicmp(data, "port", 4) == 0) {
1036 if (value && *value) {
1038 simple_strtoul(value, &value, 0);
1040 } else if (strnicmp(data, "rsize", 5) == 0) {
1041 if (value && *value) {
1043 simple_strtoul(value, &value, 0);
1045 } else if (strnicmp(data, "wsize", 5) == 0) {
1046 if (value && *value) {
1048 simple_strtoul(value, &value, 0);
1050 } else if (strnicmp(data, "sockopt", 5) == 0) {
1051 if (value && *value) {
1053 simple_strtoul(value, &value, 0);
1055 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1056 if (!value || !*value || (*value == ' ')) {
1057 cFYI(1,("invalid (empty) netbiosname specified"));
1059 memset(vol->source_rfc1001_name,0x20,15);
1061 /* BB are there cases in which a comma can be
1062 valid in this workstation netbios name (and need
1063 special handling)? */
1065 /* We do not uppercase netbiosname for user */
1069 vol->source_rfc1001_name[i] = value[i];
1071 /* The string has 16th byte zero still from
1072 set at top of the function */
1073 if((i==15) && (value[i] != 0))
1074 printk(KERN_WARNING "CIFS: netbiosname longer than 15 truncated.\n");
1076 } else if (strnicmp(data, "servern", 7) == 0) {
1077 /* servernetbiosname specified override *SMBSERVER */
1078 if (!value || !*value || (*value == ' ')) {
1079 cFYI(1,("empty server netbiosname specified"));
1081 /* last byte, type, is 0x20 for servr type */
1082 memset(vol->target_rfc1001_name,0x20,16);
1085 /* BB are there cases in which a comma can be
1086 valid in this workstation netbios name (and need
1087 special handling)? */
1089 /* user or mount helper must uppercase netbiosname */
1093 vol->target_rfc1001_name[i] = value[i];
1095 /* The string has 16th byte zero still from
1096 set at top of the function */
1097 if((i==15) && (value[i] != 0))
1098 printk(KERN_WARNING "CIFS: server netbiosname longer than 15 truncated.\n");
1100 } else if (strnicmp(data, "credentials", 4) == 0) {
1102 } else if (strnicmp(data, "version", 3) == 0) {
1104 } else if (strnicmp(data, "guest",5) == 0) {
1106 } else if (strnicmp(data, "rw", 2) == 0) {
1108 } else if ((strnicmp(data, "suid", 4) == 0) ||
1109 (strnicmp(data, "nosuid", 6) == 0) ||
1110 (strnicmp(data, "exec", 4) == 0) ||
1111 (strnicmp(data, "noexec", 6) == 0) ||
1112 (strnicmp(data, "nodev", 5) == 0) ||
1113 (strnicmp(data, "noauto", 6) == 0) ||
1114 (strnicmp(data, "dev", 3) == 0)) {
1115 /* The mount tool or mount.cifs helper (if present)
1116 uses these opts to set flags, and the flags are read
1117 by the kernel vfs layer before we get here (ie
1118 before read super) so there is no point trying to
1119 parse these options again and set anything and it
1120 is ok to just ignore them */
1122 } else if (strnicmp(data, "ro", 2) == 0) {
1124 } else if (strnicmp(data, "hard", 4) == 0) {
1126 } else if (strnicmp(data, "soft", 4) == 0) {
1128 } else if (strnicmp(data, "perm", 4) == 0) {
1130 } else if (strnicmp(data, "noperm", 6) == 0) {
1132 } else if (strnicmp(data, "mapchars", 8) == 0) {
1134 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1136 } else if (strnicmp(data, "sfu", 3) == 0) {
1138 } else if (strnicmp(data, "nosfu", 5) == 0) {
1140 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1141 vol->posix_paths = 1;
1142 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1143 vol->posix_paths = 0;
1144 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1145 (strnicmp(data, "ignorecase", 10) == 0)) {
1147 } else if (strnicmp(data, "brl", 3) == 0) {
1149 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1150 (strnicmp(data, "nolock", 6) == 0)) {
1152 /* turn off mandatory locking in mode
1153 if remote locking is turned off since the
1154 local vfs will do advisory */
1155 if(vol->file_mode == (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1156 vol->file_mode = S_IALLUGO;
1157 } else if (strnicmp(data, "setuids", 7) == 0) {
1159 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1161 } else if (strnicmp(data, "nohard", 6) == 0) {
1163 } else if (strnicmp(data, "nosoft", 6) == 0) {
1165 } else if (strnicmp(data, "nointr", 6) == 0) {
1167 } else if (strnicmp(data, "intr", 4) == 0) {
1169 } else if (strnicmp(data, "serverino",7) == 0) {
1170 vol->server_ino = 1;
1171 } else if (strnicmp(data, "noserverino",9) == 0) {
1172 vol->server_ino = 0;
1173 } else if (strnicmp(data, "cifsacl",7) == 0) {
1175 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1177 } else if (strnicmp(data, "acl",3) == 0) {
1178 vol->no_psx_acl = 0;
1179 } else if (strnicmp(data, "noacl",5) == 0) {
1180 vol->no_psx_acl = 1;
1181 } else if (strnicmp(data, "sign",4) == 0) {
1182 vol->secFlg |= CIFSSEC_MUST_SIGN;
1183 /* } else if (strnicmp(data, "seal",4) == 0) {
1184 vol->secFlg |= CIFSSEC_MUST_SEAL; */
1185 } else if (strnicmp(data, "direct",6) == 0) {
1187 } else if (strnicmp(data, "forcedirectio",13) == 0) {
1189 } else if (strnicmp(data, "in6_addr",8) == 0) {
1190 if (!value || !*value) {
1191 vol->in6_addr = NULL;
1192 } else if (strnlen(value, 49) == 48) {
1193 vol->in6_addr = value;
1195 printk(KERN_WARNING "CIFS: ip v6 address not 48 characters long\n");
1198 } else if (strnicmp(data, "noac", 4) == 0) {
1199 printk(KERN_WARNING "CIFS: Mount option noac not supported. Instead set /proc/fs/cifs/LookupCacheEnabled to 0\n");
1201 printk(KERN_WARNING "CIFS: Unknown mount option %s\n",data);
1203 if (vol->UNC == NULL) {
1204 if(devname == NULL) {
1205 printk(KERN_WARNING "CIFS: Missing UNC name for mount target\n");
1208 if ((temp_len = strnlen(devname, 300)) < 300) {
1209 vol->UNC = kmalloc(temp_len+1,GFP_KERNEL);
1210 if(vol->UNC == NULL)
1212 strcpy(vol->UNC,devname);
1213 if (strncmp(vol->UNC, "//", 2) == 0) {
1216 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1217 printk(KERN_WARNING "CIFS: UNC Path does not begin with // or \\\\ \n");
1221 printk(KERN_WARNING "CIFS: UNC name too long\n");
1225 if(vol->UNCip == NULL)
1226 vol->UNCip = &vol->UNC[2];
1231 static struct cifsSesInfo *
1232 cifs_find_tcp_session(struct in_addr * target_ip_addr,
1233 struct in6_addr *target_ip6_addr,
1234 char *userName, struct TCP_Server_Info **psrvTcp)
1236 struct list_head *tmp;
1237 struct cifsSesInfo *ses;
1239 read_lock(&GlobalSMBSeslock);
1241 list_for_each(tmp, &GlobalSMBSessionList) {
1242 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
1244 if((target_ip_addr &&
1245 (ses->server->addr.sockAddr.sin_addr.s_addr
1246 == target_ip_addr->s_addr)) || (target_ip6_addr
1247 && memcmp(&ses->server->addr.sockAddr6.sin6_addr,
1248 target_ip6_addr,sizeof(*target_ip6_addr)))){
1249 /* BB lock server and tcp session and increment use count here?? */
1250 *psrvTcp = ses->server; /* found a match on the TCP session */
1251 /* BB check if reconnection needed */
1253 (ses->userName, userName,
1254 MAX_USERNAME_SIZE) == 0){
1255 read_unlock(&GlobalSMBSeslock);
1256 return ses; /* found exact match on both tcp and SMB sessions */
1260 /* else tcp and smb sessions need reconnection */
1262 read_unlock(&GlobalSMBSeslock);
1266 static struct cifsTconInfo *
1267 find_unc(__be32 new_target_ip_addr, char *uncName, char *userName)
1269 struct list_head *tmp;
1270 struct cifsTconInfo *tcon;
1272 read_lock(&GlobalSMBSeslock);
1273 list_for_each(tmp, &GlobalTreeConnectionList) {
1274 cFYI(1, ("Next tcon - "));
1275 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
1277 if (tcon->ses->server) {
1279 (" old ip addr: %x == new ip %x ?",
1280 tcon->ses->server->addr.sockAddr.sin_addr.
1281 s_addr, new_target_ip_addr));
1282 if (tcon->ses->server->addr.sockAddr.sin_addr.
1283 s_addr == new_target_ip_addr) {
1284 /* BB lock tcon and server and tcp session and increment use count here? */
1285 /* found a match on the TCP session */
1286 /* BB check if reconnection needed */
1287 cFYI(1,("Matched ip, old UNC: %s == new: %s ?",
1288 tcon->treeName, uncName));
1290 (tcon->treeName, uncName,
1291 MAX_TREE_SIZE) == 0) {
1293 ("Matched UNC, old user: %s == new: %s ?",
1294 tcon->treeName, uncName));
1296 (tcon->ses->userName,
1298 MAX_USERNAME_SIZE) == 0) {
1299 read_unlock(&GlobalSMBSeslock);
1300 return tcon;/* also matched user (smb session)*/
1307 read_unlock(&GlobalSMBSeslock);
1312 connect_to_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
1313 const char *old_path, const struct nls_table *nls_codepage,
1316 unsigned char *referrals = NULL;
1317 unsigned int num_referrals;
1320 rc = get_dfs_path(xid, pSesInfo,old_path, nls_codepage,
1321 &num_referrals, &referrals, remap);
1323 /* BB Add in code to: if valid refrl, if not ip address contact
1324 the helper that resolves tcp names, mount to it, try to
1325 tcon to it unmount it if fail */
1333 get_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
1334 const char *old_path, const struct nls_table *nls_codepage,
1335 unsigned int *pnum_referrals,
1336 unsigned char ** preferrals, int remap)
1341 *pnum_referrals = 0;
1343 if (pSesInfo->ipc_tid == 0) {
1344 temp_unc = kmalloc(2 /* for slashes */ +
1345 strnlen(pSesInfo->serverName,SERVER_NAME_LEN_WITH_NULL * 2)
1346 + 1 + 4 /* slash IPC$ */ + 2,
1348 if (temp_unc == NULL)
1352 strcpy(temp_unc + 2, pSesInfo->serverName);
1353 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
1354 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
1356 ("CIFS Tcon rc = %d ipc_tid = %d", rc,pSesInfo->ipc_tid));
1360 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
1361 pnum_referrals, nls_codepage, remap);
1366 /* See RFC1001 section 14 on representation of Netbios names */
1367 static void rfc1002mangle(char * target,char * source, unsigned int length)
1371 for(i=0,j=0;i<(length);i++) {
1372 /* mask a nibble at a time and encode */
1373 target[j] = 'A' + (0x0F & (source[i] >> 4));
1374 target[j+1] = 'A' + (0x0F & source[i]);
1382 ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket,
1383 char * netbios_name, char * target_name)
1387 __be16 orig_port = 0;
1389 if(*csocket == NULL) {
1390 rc = sock_create_kern(PF_INET, SOCK_STREAM, IPPROTO_TCP, csocket);
1392 cERROR(1, ("Error %d creating socket",rc));
1396 /* BB other socket options to set KEEPALIVE, NODELAY? */
1397 cFYI(1,("Socket created"));
1398 (*csocket)->sk->sk_allocation = GFP_NOFS;
1402 psin_server->sin_family = AF_INET;
1403 if(psin_server->sin_port) { /* user overrode default port */
1404 rc = (*csocket)->ops->connect(*csocket,
1405 (struct sockaddr *) psin_server,
1406 sizeof (struct sockaddr_in),0);
1412 /* save original port so we can retry user specified port
1413 later if fall back ports fail this time */
1414 orig_port = psin_server->sin_port;
1416 /* do not retry on the same port we just failed on */
1417 if(psin_server->sin_port != htons(CIFS_PORT)) {
1418 psin_server->sin_port = htons(CIFS_PORT);
1420 rc = (*csocket)->ops->connect(*csocket,
1421 (struct sockaddr *) psin_server,
1422 sizeof (struct sockaddr_in),0);
1428 psin_server->sin_port = htons(RFC1001_PORT);
1429 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1430 psin_server, sizeof (struct sockaddr_in),0);
1435 /* give up here - unless we want to retry on different
1436 protocol families some day */
1439 psin_server->sin_port = orig_port;
1440 cFYI(1,("Error %d connecting to server via ipv4",rc));
1441 sock_release(*csocket);
1445 /* Eventually check for other socket options to change from
1446 the default. sock_setsockopt not used because it expects
1447 user space buffer */
1448 cFYI(1,("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",(*csocket)->sk->sk_sndbuf,
1449 (*csocket)->sk->sk_rcvbuf, (*csocket)->sk->sk_rcvtimeo));
1450 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1451 /* make the bufsizes depend on wsize/rsize and max requests */
1452 if((*csocket)->sk->sk_sndbuf < (200 * 1024))
1453 (*csocket)->sk->sk_sndbuf = 200 * 1024;
1454 if((*csocket)->sk->sk_rcvbuf < (140 * 1024))
1455 (*csocket)->sk->sk_rcvbuf = 140 * 1024;
1457 /* send RFC1001 sessinit */
1458 if(psin_server->sin_port == htons(RFC1001_PORT)) {
1459 /* some servers require RFC1001 sessinit before sending
1460 negprot - BB check reconnection in case where second
1461 sessinit is sent but no second negprot */
1462 struct rfc1002_session_packet * ses_init_buf;
1463 struct smb_hdr * smb_buf;
1464 ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet), GFP_KERNEL);
1466 ses_init_buf->trailer.session_req.called_len = 32;
1467 if(target_name && (target_name[0] != 0)) {
1468 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1471 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1472 DEFAULT_CIFS_CALLED_NAME,16);
1475 ses_init_buf->trailer.session_req.calling_len = 32;
1476 /* calling name ends in null (byte 16) from old smb
1478 if(netbios_name && (netbios_name[0] !=0)) {
1479 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1482 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1483 "LINUX_CIFS_CLNT",16);
1485 ses_init_buf->trailer.session_req.scope1 = 0;
1486 ses_init_buf->trailer.session_req.scope2 = 0;
1487 smb_buf = (struct smb_hdr *)ses_init_buf;
1488 /* sizeof RFC1002_SESSION_REQUEST with no scope */
1489 smb_buf->smb_buf_length = 0x81000044;
1490 rc = smb_send(*csocket, smb_buf, 0x44,
1491 (struct sockaddr *)psin_server);
1492 kfree(ses_init_buf);
1493 msleep(1); /* RFC1001 layer in at least one server
1494 requires very short break before negprot
1495 presumably because not expecting negprot
1496 to follow so fast. This is a simple
1497 solution that works without
1498 complicating the code and causes no
1499 significant slowing down on mount
1500 for everyone else */
1502 /* else the negprot may still work without this
1503 even though malloc failed */
1511 ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket)
1515 __be16 orig_port = 0;
1517 if(*csocket == NULL) {
1518 rc = sock_create_kern(PF_INET6, SOCK_STREAM, IPPROTO_TCP, csocket);
1520 cERROR(1, ("Error %d creating ipv6 socket",rc));
1524 /* BB other socket options to set KEEPALIVE, NODELAY? */
1525 cFYI(1,("ipv6 Socket created"));
1526 (*csocket)->sk->sk_allocation = GFP_NOFS;
1530 psin_server->sin6_family = AF_INET6;
1532 if(psin_server->sin6_port) { /* user overrode default port */
1533 rc = (*csocket)->ops->connect(*csocket,
1534 (struct sockaddr *) psin_server,
1535 sizeof (struct sockaddr_in6),0);
1541 /* save original port so we can retry user specified port
1542 later if fall back ports fail this time */
1544 orig_port = psin_server->sin6_port;
1545 /* do not retry on the same port we just failed on */
1546 if(psin_server->sin6_port != htons(CIFS_PORT)) {
1547 psin_server->sin6_port = htons(CIFS_PORT);
1549 rc = (*csocket)->ops->connect(*csocket,
1550 (struct sockaddr *) psin_server,
1551 sizeof (struct sockaddr_in6),0);
1557 psin_server->sin6_port = htons(RFC1001_PORT);
1558 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1559 psin_server, sizeof (struct sockaddr_in6),0);
1564 /* give up here - unless we want to retry on different
1565 protocol families some day */
1568 psin_server->sin6_port = orig_port;
1569 cFYI(1,("Error %d connecting to server via ipv6",rc));
1570 sock_release(*csocket);
1574 /* Eventually check for other socket options to change from
1575 the default. sock_setsockopt not used because it expects
1576 user space buffer */
1577 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1583 cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
1584 char *mount_data, const char *devname)
1588 int address_type = AF_INET;
1589 struct socket *csocket = NULL;
1590 struct sockaddr_in sin_server;
1591 struct sockaddr_in6 sin_server6;
1592 struct smb_vol volume_info;
1593 struct cifsSesInfo *pSesInfo = NULL;
1594 struct cifsSesInfo *existingCifsSes = NULL;
1595 struct cifsTconInfo *tcon = NULL;
1596 struct TCP_Server_Info *srvTcp = NULL;
1600 /* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */
1602 memset(&volume_info,0,sizeof(struct smb_vol));
1603 if (cifs_parse_mount_options(mount_data, devname, &volume_info)) {
1604 kfree(volume_info.UNC);
1605 kfree(volume_info.password);
1610 if (volume_info.username) {
1611 /* BB fixme parse for domain name here */
1612 cFYI(1, ("Username: %s ", volume_info.username));
1615 cifserror("No username specified");
1616 /* In userspace mount helper we can get user name from alternate
1617 locations such as env variables and files on disk */
1618 kfree(volume_info.UNC);
1619 kfree(volume_info.password);
1624 if (volume_info.UNCip && volume_info.UNC) {
1625 rc = cifs_inet_pton(AF_INET, volume_info.UNCip,&sin_server.sin_addr.s_addr);
1628 /* not ipv4 address, try ipv6 */
1629 rc = cifs_inet_pton(AF_INET6,volume_info.UNCip,&sin_server6.sin6_addr.in6_u);
1631 address_type = AF_INET6;
1633 address_type = AF_INET;
1637 /* we failed translating address */
1638 kfree(volume_info.UNC);
1639 kfree(volume_info.password);
1644 cFYI(1, ("UNC: %s ip: %s", volume_info.UNC, volume_info.UNCip));
1647 } else if (volume_info.UNCip){
1648 /* BB using ip addr as server name connect to the DFS root below */
1649 cERROR(1,("Connecting to DFS root not implemented yet"));
1650 kfree(volume_info.UNC);
1651 kfree(volume_info.password);
1654 } else /* which servers DFS root would we conect to */ {
1656 ("CIFS mount error: No UNC path (e.g. -o unc=//192.168.1.100/public) specified"));
1657 kfree(volume_info.UNC);
1658 kfree(volume_info.password);
1663 /* this is needed for ASCII cp to Unicode converts */
1664 if(volume_info.iocharset == NULL) {
1665 cifs_sb->local_nls = load_nls_default();
1666 /* load_nls_default can not return null */
1668 cifs_sb->local_nls = load_nls(volume_info.iocharset);
1669 if(cifs_sb->local_nls == NULL) {
1670 cERROR(1,("CIFS mount error: iocharset %s not found",volume_info.iocharset));
1671 kfree(volume_info.UNC);
1672 kfree(volume_info.password);
1678 if(address_type == AF_INET)
1679 existingCifsSes = cifs_find_tcp_session(&sin_server.sin_addr,
1680 NULL /* no ipv6 addr */,
1681 volume_info.username, &srvTcp);
1682 else if(address_type == AF_INET6)
1683 existingCifsSes = cifs_find_tcp_session(NULL /* no ipv4 addr */,
1684 &sin_server6.sin6_addr,
1685 volume_info.username, &srvTcp);
1687 kfree(volume_info.UNC);
1688 kfree(volume_info.password);
1695 cFYI(1, ("Existing tcp session with server found"));
1696 } else { /* create socket */
1697 if(volume_info.port)
1698 sin_server.sin_port = htons(volume_info.port);
1700 sin_server.sin_port = 0;
1701 rc = ipv4_connect(&sin_server,&csocket,
1702 volume_info.source_rfc1001_name,
1703 volume_info.target_rfc1001_name);
1706 ("Error connecting to IPv4 socket. Aborting operation"));
1708 sock_release(csocket);
1709 kfree(volume_info.UNC);
1710 kfree(volume_info.password);
1715 srvTcp = kmalloc(sizeof (struct TCP_Server_Info), GFP_KERNEL);
1716 if (srvTcp == NULL) {
1718 sock_release(csocket);
1719 kfree(volume_info.UNC);
1720 kfree(volume_info.password);
1724 memset(srvTcp, 0, sizeof (struct TCP_Server_Info));
1725 memcpy(&srvTcp->addr.sockAddr, &sin_server, sizeof (struct sockaddr_in));
1726 atomic_set(&srvTcp->inFlight,0);
1727 /* BB Add code for ipv6 case too */
1728 srvTcp->ssocket = csocket;
1729 srvTcp->protocolType = IPV4;
1730 init_waitqueue_head(&srvTcp->response_q);
1731 init_waitqueue_head(&srvTcp->request_q);
1732 INIT_LIST_HEAD(&srvTcp->pending_mid_q);
1733 /* at this point we are the only ones with the pointer
1734 to the struct since the kernel thread not created yet
1735 so no need to spinlock this init of tcpStatus */
1736 srvTcp->tcpStatus = CifsNew;
1737 init_MUTEX(&srvTcp->tcpSem);
1738 rc = (int)kernel_thread((void *)(void *)cifs_demultiplex_thread, srvTcp,
1739 CLONE_FS | CLONE_FILES | CLONE_VM);
1742 sock_release(csocket);
1743 kfree(volume_info.UNC);
1744 kfree(volume_info.password);
1748 wait_for_completion(&cifsd_complete);
1750 memcpy(srvTcp->workstation_RFC1001_name, volume_info.source_rfc1001_name,16);
1751 memcpy(srvTcp->server_RFC1001_name, volume_info.target_rfc1001_name,16);
1752 srvTcp->sequence_number = 0;
1756 if (existingCifsSes) {
1757 pSesInfo = existingCifsSes;
1758 cFYI(1, ("Existing smb sess found"));
1759 kfree(volume_info.password);
1760 /* volume_info.UNC freed at end of function */
1762 cFYI(1, ("Existing smb sess not found"));
1763 pSesInfo = sesInfoAlloc();
1764 if (pSesInfo == NULL)
1767 pSesInfo->server = srvTcp;
1768 sprintf(pSesInfo->serverName, "%u.%u.%u.%u",
1769 NIPQUAD(sin_server.sin_addr.s_addr));
1773 /* volume_info.password freed at unmount */
1774 if (volume_info.password)
1775 pSesInfo->password = volume_info.password;
1776 if (volume_info.username)
1777 strncpy(pSesInfo->userName,
1778 volume_info.username,MAX_USERNAME_SIZE);
1779 if (volume_info.domainname) {
1780 int len = strlen(volume_info.domainname);
1781 pSesInfo->domainName =
1782 kmalloc(len + 1, GFP_KERNEL);
1783 if(pSesInfo->domainName)
1784 strcpy(pSesInfo->domainName,
1785 volume_info.domainname);
1787 pSesInfo->linux_uid = volume_info.linux_uid;
1788 pSesInfo->overrideSecFlg = volume_info.secFlg;
1789 down(&pSesInfo->sesSem);
1790 /* BB FIXME need to pass vol->secFlgs BB */
1791 rc = cifs_setup_session(xid,pSesInfo, cifs_sb->local_nls);
1792 up(&pSesInfo->sesSem);
1794 atomic_inc(&srvTcp->socketUseCount);
1796 kfree(volume_info.password);
1799 /* search for existing tcon to this server share */
1801 if(volume_info.rsize > CIFSMaxBufSize) {
1802 cERROR(1,("rsize %d too large, using MaxBufSize",
1803 volume_info.rsize));
1804 cifs_sb->rsize = CIFSMaxBufSize;
1805 } else if((volume_info.rsize) && (volume_info.rsize <= CIFSMaxBufSize))
1806 cifs_sb->rsize = volume_info.rsize;
1808 cifs_sb->rsize = CIFSMaxBufSize;
1810 if(volume_info.wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
1811 cERROR(1,("wsize %d too large using 4096 instead",
1812 volume_info.wsize));
1813 cifs_sb->wsize = 4096;
1814 } else if(volume_info.wsize)
1815 cifs_sb->wsize = volume_info.wsize;
1818 min_t(const int, PAGEVEC_SIZE * PAGE_CACHE_SIZE,
1820 /* old default of CIFSMaxBufSize was too small now
1821 that SMB Write2 can send multiple pages in kvec.
1822 RFC1001 does not describe what happens when frame
1823 bigger than 128K is sent so use that as max in
1824 conjunction with 52K kvec constraint on arch with 4K
1827 if(cifs_sb->rsize < 2048) {
1828 cifs_sb->rsize = 2048;
1829 /* Windows ME may prefer this */
1830 cFYI(1,("readsize set to minimum 2048"));
1832 cifs_sb->mnt_uid = volume_info.linux_uid;
1833 cifs_sb->mnt_gid = volume_info.linux_gid;
1834 cifs_sb->mnt_file_mode = volume_info.file_mode;
1835 cifs_sb->mnt_dir_mode = volume_info.dir_mode;
1836 cFYI(1,("file mode: 0x%x dir mode: 0x%x",
1837 cifs_sb->mnt_file_mode,cifs_sb->mnt_dir_mode));
1839 if(volume_info.noperm)
1840 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
1841 if(volume_info.setuids)
1842 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
1843 if(volume_info.server_ino)
1844 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
1845 if(volume_info.remap)
1846 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
1847 if(volume_info.no_xattr)
1848 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
1849 if(volume_info.sfu_emul)
1850 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
1851 if(volume_info.nobrl)
1852 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
1853 if(volume_info.cifs_acl)
1854 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
1856 if(volume_info.direct_io) {
1857 cFYI(1,("mounting share using direct i/o"));
1858 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
1862 find_unc(sin_server.sin_addr.s_addr, volume_info.UNC,
1863 volume_info.username);
1865 cFYI(1, ("Found match on UNC path"));
1866 /* we can have only one retry value for a connection
1867 to a share so for resources mounted more than once
1868 to the same server share the last value passed in
1869 for the retry flag is used */
1870 tcon->retry = volume_info.retry;
1871 tcon->nocase = volume_info.nocase;
1873 tcon = tconInfoAlloc();
1877 /* check for null share name ie connect to dfs root */
1879 /* BB check if this works for exactly length three strings */
1880 if ((strchr(volume_info.UNC + 3, '\\') == NULL)
1881 && (strchr(volume_info.UNC + 3, '/') ==
1883 rc = connect_to_dfs_path(xid, pSesInfo,
1884 "", cifs_sb->local_nls,
1885 cifs_sb->mnt_cifs_flags &
1886 CIFS_MOUNT_MAP_SPECIAL_CHR);
1887 kfree(volume_info.UNC);
1891 rc = CIFSTCon(xid, pSesInfo,
1893 tcon, cifs_sb->local_nls);
1894 cFYI(1, ("CIFS Tcon rc = %d", rc));
1897 atomic_inc(&pSesInfo->inUse);
1898 tcon->retry = volume_info.retry;
1899 tcon->nocase = volume_info.nocase;
1905 if (pSesInfo->capabilities & CAP_LARGE_FILES) {
1906 sb->s_maxbytes = (u64) 1 << 63;
1908 sb->s_maxbytes = (u64) 1 << 31; /* 2 GB */
1911 sb->s_time_gran = 100;
1913 /* on error free sesinfo and tcon struct if needed */
1915 /* if session setup failed, use count is zero but
1916 we still need to free cifsd thread */
1917 if(atomic_read(&srvTcp->socketUseCount) == 0) {
1918 spin_lock(&GlobalMid_Lock);
1919 srvTcp->tcpStatus = CifsExiting;
1920 spin_unlock(&GlobalMid_Lock);
1922 send_sig(SIGKILL,srvTcp->tsk,1);
1923 wait_for_completion(&cifsd_complete);
1926 /* If find_unc succeeded then rc == 0 so we can not end */
1927 if (tcon) /* up accidently freeing someone elses tcon struct */
1929 if (existingCifsSes == NULL) {
1931 if ((pSesInfo->server) &&
1932 (pSesInfo->status == CifsGood)) {
1934 temp_rc = CIFSSMBLogoff(xid, pSesInfo);
1935 /* if the socketUseCount is now zero */
1936 if((temp_rc == -ESHUTDOWN) &&
1937 (pSesInfo->server->tsk)) {
1938 send_sig(SIGKILL,pSesInfo->server->tsk,1);
1939 wait_for_completion(&cifsd_complete);
1942 cFYI(1, ("No session or bad tcon"));
1943 sesInfoFree(pSesInfo);
1944 /* pSesInfo = NULL; */
1948 atomic_inc(&tcon->useCount);
1949 cifs_sb->tcon = tcon;
1950 tcon->ses = pSesInfo;
1952 /* do not care if following two calls succeed - informational */
1953 CIFSSMBQFSDeviceInfo(xid, tcon);
1954 CIFSSMBQFSAttributeInfo(xid, tcon);
1956 if (tcon->ses->capabilities & CAP_UNIX) {
1957 if(!CIFSSMBQFSUnixInfo(xid, tcon)) {
1959 le64_to_cpu(tcon->fsUnixInfo.Capability);
1960 cap &= CIFS_UNIX_CAP_MASK;
1961 if(volume_info.no_psx_acl)
1962 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
1963 else if(CIFS_UNIX_POSIX_ACL_CAP & cap) {
1964 cFYI(1,("negotiated posix acl support"));
1965 sb->s_flags |= MS_POSIXACL;
1968 if(volume_info.posix_paths == 0)
1969 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
1970 else if(cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
1971 cFYI(1,("negotiate posix pathnames"));
1972 cifs_sb->mnt_cifs_flags |=
1973 CIFS_MOUNT_POSIX_PATHS;
1976 cFYI(1,("Negotiate caps 0x%x",(int)cap));
1977 #ifdef CONFIG_CIFS_DEBUG2
1978 if(cap & CIFS_UNIX_FCNTL_CAP)
1979 cFYI(1,("FCNTL cap"));
1980 if(cap & CIFS_UNIX_EXTATTR_CAP)
1981 cFYI(1,("EXTATTR cap"));
1982 if(cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
1983 cFYI(1,("POSIX path cap"));
1984 if(cap & CIFS_UNIX_XATTR_CAP)
1985 cFYI(1,("XATTR cap"));
1986 if(cap & CIFS_UNIX_POSIX_ACL_CAP)
1987 cFYI(1,("POSIX ACL cap"));
1988 #endif /* CIFS_DEBUG2 */
1989 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
1990 cFYI(1,("setting capabilities failed"));
1994 if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
1995 cifs_sb->wsize = min(cifs_sb->wsize,
1996 (tcon->ses->server->maxBuf -
1997 MAX_CIFS_HDR_SIZE));
1998 if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
1999 cifs_sb->rsize = min(cifs_sb->rsize,
2000 (tcon->ses->server->maxBuf -
2001 MAX_CIFS_HDR_SIZE));
2004 /* volume_info.password is freed above when existing session found
2005 (in which case it is not needed anymore) but when new sesion is created
2006 the password ptr is put in the new session structure (in which case the
2007 password will be freed at unmount time) */
2008 kfree(volume_info.UNC);
2014 CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2015 char session_key[CIFS_SESS_KEY_SIZE],
2016 const struct nls_table *nls_codepage)
2018 struct smb_hdr *smb_buffer;
2019 struct smb_hdr *smb_buffer_response;
2020 SESSION_SETUP_ANDX *pSMB;
2021 SESSION_SETUP_ANDX *pSMBr;
2026 int remaining_words = 0;
2027 int bytes_returned = 0;
2032 cFYI(1, ("In sesssetup"));
2035 user = ses->userName;
2036 domain = ses->domainName;
2037 smb_buffer = cifs_buf_get();
2038 if (smb_buffer == NULL) {
2041 smb_buffer_response = smb_buffer;
2042 pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2044 /* send SMBsessionSetup here */
2045 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2046 NULL /* no tCon exists yet */ , 13 /* wct */ );
2048 smb_buffer->Mid = GetNextMid(ses->server);
2049 pSMB->req_no_secext.AndXCommand = 0xFF;
2050 pSMB->req_no_secext.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2051 pSMB->req_no_secext.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2053 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2054 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2056 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2057 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
2058 if (ses->capabilities & CAP_UNICODE) {
2059 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2060 capabilities |= CAP_UNICODE;
2062 if (ses->capabilities & CAP_STATUS32) {
2063 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2064 capabilities |= CAP_STATUS32;
2066 if (ses->capabilities & CAP_DFS) {
2067 smb_buffer->Flags2 |= SMBFLG2_DFS;
2068 capabilities |= CAP_DFS;
2070 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
2072 pSMB->req_no_secext.CaseInsensitivePasswordLength =
2073 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2075 pSMB->req_no_secext.CaseSensitivePasswordLength =
2076 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2077 bcc_ptr = pByteArea(smb_buffer);
2078 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2079 bcc_ptr += CIFS_SESS_KEY_SIZE;
2080 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2081 bcc_ptr += CIFS_SESS_KEY_SIZE;
2083 if (ses->capabilities & CAP_UNICODE) {
2084 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode */
2089 bytes_returned = 0; /* skip null user */
2092 cifs_strtoUCS((__le16 *) bcc_ptr, user, 100,
2094 /* convert number of 16 bit words to bytes */
2095 bcc_ptr += 2 * bytes_returned;
2096 bcc_ptr += 2; /* trailing null */
2099 cifs_strtoUCS((__le16 *) bcc_ptr,
2100 "CIFS_LINUX_DOM", 32, nls_codepage);
2103 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2105 bcc_ptr += 2 * bytes_returned;
2108 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2110 bcc_ptr += 2 * bytes_returned;
2112 cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release,
2114 bcc_ptr += 2 * bytes_returned;
2117 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2119 bcc_ptr += 2 * bytes_returned;
2123 strncpy(bcc_ptr, user, 200);
2124 bcc_ptr += strnlen(user, 200);
2128 if (domain == NULL) {
2129 strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2130 bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2132 strncpy(bcc_ptr, domain, 64);
2133 bcc_ptr += strnlen(domain, 64);
2137 strcpy(bcc_ptr, "Linux version ");
2138 bcc_ptr += strlen("Linux version ");
2139 strcpy(bcc_ptr, system_utsname.release);
2140 bcc_ptr += strlen(system_utsname.release) + 1;
2141 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2142 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2144 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2145 smb_buffer->smb_buf_length += count;
2146 pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
2148 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2149 &bytes_returned, 1);
2151 /* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2152 } else if ((smb_buffer_response->WordCount == 3)
2153 || (smb_buffer_response->WordCount == 4)) {
2154 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2155 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2156 if (action & GUEST_LOGIN)
2157 cFYI(1, (" Guest login")); /* do we want to mark SesInfo struct ? */
2158 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format (le) */
2159 cFYI(1, ("UID = %d ", ses->Suid));
2160 /* response can have either 3 or 4 word count - Samba sends 3 */
2161 bcc_ptr = pByteArea(smb_buffer_response);
2162 if ((pSMBr->resp.hdr.WordCount == 3)
2163 || ((pSMBr->resp.hdr.WordCount == 4)
2164 && (blob_len < pSMBr->resp.ByteCount))) {
2165 if (pSMBr->resp.hdr.WordCount == 4)
2166 bcc_ptr += blob_len;
2168 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2169 if ((long) (bcc_ptr) % 2) {
2171 (BCC(smb_buffer_response) - 1) /2;
2172 bcc_ptr++; /* Unicode strings must be word aligned */
2175 BCC(smb_buffer_response) / 2;
2178 UniStrnlen((wchar_t *) bcc_ptr,
2179 remaining_words - 1);
2180 /* We look for obvious messed up bcc or strings in response so we do not go off
2181 the end since (at least) WIN2K and Windows XP have a major bug in not null
2182 terminating last Unicode string in response */
2184 kfree(ses->serverOS);
2185 ses->serverOS = kzalloc(2 * (len + 1), GFP_KERNEL);
2186 if(ses->serverOS == NULL)
2187 goto sesssetup_nomem;
2188 cifs_strfromUCS_le(ses->serverOS,
2189 (__le16 *)bcc_ptr, len,nls_codepage);
2190 bcc_ptr += 2 * (len + 1);
2191 remaining_words -= len + 1;
2192 ses->serverOS[2 * len] = 0;
2193 ses->serverOS[1 + (2 * len)] = 0;
2194 if (remaining_words > 0) {
2195 len = UniStrnlen((wchar_t *)bcc_ptr,
2197 kfree(ses->serverNOS);
2198 ses->serverNOS = kzalloc(2 * (len + 1),GFP_KERNEL);
2199 if(ses->serverNOS == NULL)
2200 goto sesssetup_nomem;
2201 cifs_strfromUCS_le(ses->serverNOS,
2202 (__le16 *)bcc_ptr,len,nls_codepage);
2203 bcc_ptr += 2 * (len + 1);
2204 ses->serverNOS[2 * len] = 0;
2205 ses->serverNOS[1 + (2 * len)] = 0;
2206 if(strncmp(ses->serverNOS,
2207 "NT LAN Manager 4",16) == 0) {
2208 cFYI(1,("NT4 server"));
2209 ses->flags |= CIFS_SES_NT4;
2211 remaining_words -= len + 1;
2212 if (remaining_words > 0) {
2213 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2214 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2215 if(ses->serverDomain)
2216 kfree(ses->serverDomain);
2218 kzalloc(2*(len+1),GFP_KERNEL);
2219 if(ses->serverDomain == NULL)
2220 goto sesssetup_nomem;
2221 cifs_strfromUCS_le(ses->serverDomain,
2222 (__le16 *)bcc_ptr,len,nls_codepage);
2223 bcc_ptr += 2 * (len + 1);
2224 ses->serverDomain[2*len] = 0;
2225 ses->serverDomain[1+(2*len)] = 0;
2226 } /* else no more room so create dummy domain string */
2228 if(ses->serverDomain)
2229 kfree(ses->serverDomain);
2231 kzalloc(2, GFP_KERNEL);
2233 } else { /* no room so create dummy domain and NOS string */
2234 /* if these kcallocs fail not much we
2235 can do, but better to not fail the
2237 kfree(ses->serverDomain);
2239 kzalloc(2, GFP_KERNEL);
2240 kfree(ses->serverNOS);
2242 kzalloc(2, GFP_KERNEL);
2244 } else { /* ASCII */
2245 len = strnlen(bcc_ptr, 1024);
2246 if (((long) bcc_ptr + len) - (long)
2247 pByteArea(smb_buffer_response)
2248 <= BCC(smb_buffer_response)) {
2249 kfree(ses->serverOS);
2250 ses->serverOS = kzalloc(len + 1,GFP_KERNEL);
2251 if(ses->serverOS == NULL)
2252 goto sesssetup_nomem;
2253 strncpy(ses->serverOS,bcc_ptr, len);
2256 bcc_ptr[0] = 0; /* null terminate the string */
2259 len = strnlen(bcc_ptr, 1024);
2260 kfree(ses->serverNOS);
2261 ses->serverNOS = kzalloc(len + 1,GFP_KERNEL);
2262 if(ses->serverNOS == NULL)
2263 goto sesssetup_nomem;
2264 strncpy(ses->serverNOS, bcc_ptr, len);
2269 len = strnlen(bcc_ptr, 1024);
2270 if(ses->serverDomain)
2271 kfree(ses->serverDomain);
2272 ses->serverDomain = kzalloc(len + 1,GFP_KERNEL);
2273 if(ses->serverDomain == NULL)
2274 goto sesssetup_nomem;
2275 strncpy(ses->serverDomain, bcc_ptr, len);
2281 ("Variable field of length %d extends beyond end of smb ",
2286 (" Security Blob Length extends beyond end of SMB"));
2290 (" Invalid Word count %d: ",
2291 smb_buffer_response->WordCount));
2294 sesssetup_nomem: /* do not return an error on nomem for the info strings,
2295 since that could make reconnection harder, and
2296 reconnection might be needed to free memory */
2298 cifs_buf_release(smb_buffer);
2304 CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2305 struct cifsSesInfo *ses, int * pNTLMv2_flag,
2306 const struct nls_table *nls_codepage)
2308 struct smb_hdr *smb_buffer;
2309 struct smb_hdr *smb_buffer_response;
2310 SESSION_SETUP_ANDX *pSMB;
2311 SESSION_SETUP_ANDX *pSMBr;
2315 int remaining_words = 0;
2316 int bytes_returned = 0;
2318 int SecurityBlobLength = sizeof (NEGOTIATE_MESSAGE);
2319 PNEGOTIATE_MESSAGE SecurityBlob;
2320 PCHALLENGE_MESSAGE SecurityBlob2;
2321 __u32 negotiate_flags, capabilities;
2324 cFYI(1, ("In NTLMSSP sesssetup (negotiate)"));
2327 domain = ses->domainName;
2328 *pNTLMv2_flag = FALSE;
2329 smb_buffer = cifs_buf_get();
2330 if (smb_buffer == NULL) {
2333 smb_buffer_response = smb_buffer;
2334 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2335 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2337 /* send SMBsessionSetup here */
2338 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2339 NULL /* no tCon exists yet */ , 12 /* wct */ );
2341 smb_buffer->Mid = GetNextMid(ses->server);
2342 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2343 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2345 pSMB->req.AndXCommand = 0xFF;
2346 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2347 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2349 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2350 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2352 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2353 CAP_EXTENDED_SECURITY;
2354 if (ses->capabilities & CAP_UNICODE) {
2355 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2356 capabilities |= CAP_UNICODE;
2358 if (ses->capabilities & CAP_STATUS32) {
2359 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2360 capabilities |= CAP_STATUS32;
2362 if (ses->capabilities & CAP_DFS) {
2363 smb_buffer->Flags2 |= SMBFLG2_DFS;
2364 capabilities |= CAP_DFS;
2366 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2368 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2369 SecurityBlob = (PNEGOTIATE_MESSAGE) bcc_ptr;
2370 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2371 SecurityBlob->MessageType = NtLmNegotiate;
2373 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
2374 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM |
2375 NTLMSSP_NEGOTIATE_56 |
2376 /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
2378 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
2379 /* if(ntlmv2_support)
2380 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;*/
2381 /* setup pointers to domain name and workstation name */
2382 bcc_ptr += SecurityBlobLength;
2384 SecurityBlob->WorkstationName.Buffer = 0;
2385 SecurityBlob->WorkstationName.Length = 0;
2386 SecurityBlob->WorkstationName.MaximumLength = 0;
2388 /* Domain not sent on first Sesssetup in NTLMSSP, instead it is sent
2389 along with username on auth request (ie the response to challenge) */
2390 SecurityBlob->DomainName.Buffer = 0;
2391 SecurityBlob->DomainName.Length = 0;
2392 SecurityBlob->DomainName.MaximumLength = 0;
2393 if (ses->capabilities & CAP_UNICODE) {
2394 if ((long) bcc_ptr % 2) {
2400 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2402 bcc_ptr += 2 * bytes_returned;
2404 cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release, 32,
2406 bcc_ptr += 2 * bytes_returned;
2407 bcc_ptr += 2; /* null terminate Linux version */
2409 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2411 bcc_ptr += 2 * bytes_returned;
2414 bcc_ptr += 2; /* null terminate network opsys string */
2417 bcc_ptr += 2; /* null domain */
2418 } else { /* ASCII */
2419 strcpy(bcc_ptr, "Linux version ");
2420 bcc_ptr += strlen("Linux version ");
2421 strcpy(bcc_ptr, system_utsname.release);
2422 bcc_ptr += strlen(system_utsname.release) + 1;
2423 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2424 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2425 bcc_ptr++; /* empty domain field */
2428 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2429 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2430 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2431 smb_buffer->smb_buf_length += count;
2432 pSMB->req.ByteCount = cpu_to_le16(count);
2434 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2435 &bytes_returned, 1);
2437 if (smb_buffer_response->Status.CifsError ==
2438 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
2442 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2443 } else if ((smb_buffer_response->WordCount == 3)
2444 || (smb_buffer_response->WordCount == 4)) {
2445 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2446 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2448 if (action & GUEST_LOGIN)
2449 cFYI(1, (" Guest login"));
2450 /* Do we want to set anything in SesInfo struct when guest login? */
2452 bcc_ptr = pByteArea(smb_buffer_response);
2453 /* response can have either 3 or 4 word count - Samba sends 3 */
2455 SecurityBlob2 = (PCHALLENGE_MESSAGE) bcc_ptr;
2456 if (SecurityBlob2->MessageType != NtLmChallenge) {
2458 ("Unexpected NTLMSSP message type received %d",
2459 SecurityBlob2->MessageType));
2461 ses->Suid = smb_buffer_response->Uid; /* UID left in le format */
2462 cFYI(1, ("UID = %d", ses->Suid));
2463 if ((pSMBr->resp.hdr.WordCount == 3)
2464 || ((pSMBr->resp.hdr.WordCount == 4)
2466 pSMBr->resp.ByteCount))) {
2468 if (pSMBr->resp.hdr.WordCount == 4) {
2469 bcc_ptr += blob_len;
2470 cFYI(1, ("Security Blob Length %d",
2474 cFYI(1, ("NTLMSSP Challenge rcvd"));
2476 memcpy(ses->server->cryptKey,
2477 SecurityBlob2->Challenge,
2478 CIFS_CRYPTO_KEY_SIZE);
2479 if(SecurityBlob2->NegotiateFlags &
2480 cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
2481 *pNTLMv2_flag = TRUE;
2483 if((SecurityBlob2->NegotiateFlags &
2484 cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN))
2485 || (sign_CIFS_PDUs > 1))
2486 ses->server->secMode |=
2487 SECMODE_SIGN_REQUIRED;
2488 if ((SecurityBlob2->NegotiateFlags &
2489 cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN)) && (sign_CIFS_PDUs))
2490 ses->server->secMode |=
2491 SECMODE_SIGN_ENABLED;
2493 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2494 if ((long) (bcc_ptr) % 2) {
2496 (BCC(smb_buffer_response)
2498 bcc_ptr++; /* Unicode strings must be word aligned */
2502 (smb_buffer_response) / 2;
2505 UniStrnlen((wchar_t *) bcc_ptr,
2506 remaining_words - 1);
2507 /* We look for obvious messed up bcc or strings in response so we do not go off
2508 the end since (at least) WIN2K and Windows XP have a major bug in not null
2509 terminating last Unicode string in response */
2511 kfree(ses->serverOS);
2513 kzalloc(2 * (len + 1), GFP_KERNEL);
2514 cifs_strfromUCS_le(ses->serverOS,
2518 bcc_ptr += 2 * (len + 1);
2519 remaining_words -= len + 1;
2520 ses->serverOS[2 * len] = 0;
2521 ses->serverOS[1 + (2 * len)] = 0;
2522 if (remaining_words > 0) {
2523 len = UniStrnlen((wchar_t *)
2527 kfree(ses->serverNOS);
2529 kzalloc(2 * (len + 1),
2531 cifs_strfromUCS_le(ses->
2537 bcc_ptr += 2 * (len + 1);
2538 ses->serverNOS[2 * len] = 0;
2541 remaining_words -= len + 1;
2542 if (remaining_words > 0) {
2543 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2544 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2545 kfree(ses->serverDomain);
2557 ses->serverDomain[2*len]
2562 } /* else no more room so create dummy domain string */
2564 kfree(ses->serverDomain);
2569 } else { /* no room so create dummy domain and NOS string */
2570 kfree(ses->serverDomain);
2572 kzalloc(2, GFP_KERNEL);
2573 kfree(ses->serverNOS);
2575 kzalloc(2, GFP_KERNEL);
2577 } else { /* ASCII */
2578 len = strnlen(bcc_ptr, 1024);
2579 if (((long) bcc_ptr + len) - (long)
2580 pByteArea(smb_buffer_response)
2581 <= BCC(smb_buffer_response)) {
2583 kfree(ses->serverOS);
2587 strncpy(ses->serverOS,
2591 bcc_ptr[0] = 0; /* null terminate string */
2594 len = strnlen(bcc_ptr, 1024);
2595 kfree(ses->serverNOS);
2599 strncpy(ses->serverNOS, bcc_ptr, len);
2604 len = strnlen(bcc_ptr, 1024);
2605 kfree(ses->serverDomain);
2609 strncpy(ses->serverDomain, bcc_ptr, len);
2615 ("Variable field of length %d extends beyond end of smb",
2620 (" Security Blob Length extends beyond end of SMB"));
2623 cERROR(1, ("No session structure passed in."));
2627 (" Invalid Word count %d:",
2628 smb_buffer_response->WordCount));
2633 cifs_buf_release(smb_buffer);
2638 CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2639 char *ntlm_session_key, int ntlmv2_flag,
2640 const struct nls_table *nls_codepage)
2642 struct smb_hdr *smb_buffer;
2643 struct smb_hdr *smb_buffer_response;
2644 SESSION_SETUP_ANDX *pSMB;
2645 SESSION_SETUP_ANDX *pSMBr;
2650 int remaining_words = 0;
2651 int bytes_returned = 0;
2653 int SecurityBlobLength = sizeof (AUTHENTICATE_MESSAGE);
2654 PAUTHENTICATE_MESSAGE SecurityBlob;
2655 __u32 negotiate_flags, capabilities;
2658 cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
2661 user = ses->userName;
2662 domain = ses->domainName;
2663 smb_buffer = cifs_buf_get();
2664 if (smb_buffer == NULL) {
2667 smb_buffer_response = smb_buffer;
2668 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2669 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2671 /* send SMBsessionSetup here */
2672 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2673 NULL /* no tCon exists yet */ , 12 /* wct */ );
2675 smb_buffer->Mid = GetNextMid(ses->server);
2676 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2677 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2678 pSMB->req.AndXCommand = 0xFF;
2679 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2680 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2682 pSMB->req.hdr.Uid = ses->Suid;
2684 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2685 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2687 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2688 CAP_EXTENDED_SECURITY;
2689 if (ses->capabilities & CAP_UNICODE) {
2690 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2691 capabilities |= CAP_UNICODE;
2693 if (ses->capabilities & CAP_STATUS32) {
2694 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2695 capabilities |= CAP_STATUS32;
2697 if (ses->capabilities & CAP_DFS) {
2698 smb_buffer->Flags2 |= SMBFLG2_DFS;
2699 capabilities |= CAP_DFS;
2701 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2703 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2704 SecurityBlob = (PAUTHENTICATE_MESSAGE) bcc_ptr;
2705 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2706 SecurityBlob->MessageType = NtLmAuthenticate;
2707 bcc_ptr += SecurityBlobLength;
2709 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
2710 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
2711 0x80000000 | NTLMSSP_NEGOTIATE_128;
2713 negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
2715 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
2717 /* setup pointers to domain name and workstation name */
2719 SecurityBlob->WorkstationName.Buffer = 0;
2720 SecurityBlob->WorkstationName.Length = 0;
2721 SecurityBlob->WorkstationName.MaximumLength = 0;
2722 SecurityBlob->SessionKey.Length = 0;
2723 SecurityBlob->SessionKey.MaximumLength = 0;
2724 SecurityBlob->SessionKey.Buffer = 0;
2726 SecurityBlob->LmChallengeResponse.Length = 0;
2727 SecurityBlob->LmChallengeResponse.MaximumLength = 0;
2728 SecurityBlob->LmChallengeResponse.Buffer = 0;
2730 SecurityBlob->NtChallengeResponse.Length =
2731 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2732 SecurityBlob->NtChallengeResponse.MaximumLength =
2733 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2734 memcpy(bcc_ptr, ntlm_session_key, CIFS_SESS_KEY_SIZE);
2735 SecurityBlob->NtChallengeResponse.Buffer =
2736 cpu_to_le32(SecurityBlobLength);
2737 SecurityBlobLength += CIFS_SESS_KEY_SIZE;
2738 bcc_ptr += CIFS_SESS_KEY_SIZE;
2740 if (ses->capabilities & CAP_UNICODE) {
2741 if (domain == NULL) {
2742 SecurityBlob->DomainName.Buffer = 0;
2743 SecurityBlob->DomainName.Length = 0;
2744 SecurityBlob->DomainName.MaximumLength = 0;
2747 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2750 SecurityBlob->DomainName.MaximumLength =
2752 SecurityBlob->DomainName.Buffer =
2753 cpu_to_le32(SecurityBlobLength);
2755 SecurityBlobLength += len;
2756 SecurityBlob->DomainName.Length =
2760 SecurityBlob->UserName.Buffer = 0;
2761 SecurityBlob->UserName.Length = 0;
2762 SecurityBlob->UserName.MaximumLength = 0;
2765 cifs_strtoUCS((__le16 *) bcc_ptr, user, 64,
2768 SecurityBlob->UserName.MaximumLength =
2770 SecurityBlob->UserName.Buffer =
2771 cpu_to_le32(SecurityBlobLength);
2773 SecurityBlobLength += len;
2774 SecurityBlob->UserName.Length =
2778 /* SecurityBlob->WorkstationName.Length = cifs_strtoUCS((__le16 *) bcc_ptr, "AMACHINE",64, nls_codepage);
2779 SecurityBlob->WorkstationName.Length *= 2;
2780 SecurityBlob->WorkstationName.MaximumLength = cpu_to_le16(SecurityBlob->WorkstationName.Length);
2781 SecurityBlob->WorkstationName.Buffer = cpu_to_le32(SecurityBlobLength);
2782 bcc_ptr += SecurityBlob->WorkstationName.Length;
2783 SecurityBlobLength += SecurityBlob->WorkstationName.Length;
2784 SecurityBlob->WorkstationName.Length = cpu_to_le16(SecurityBlob->WorkstationName.Length); */
2786 if ((long) bcc_ptr % 2) {
2791 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2793 bcc_ptr += 2 * bytes_returned;
2795 cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release, 32,
2797 bcc_ptr += 2 * bytes_returned;
2798 bcc_ptr += 2; /* null term version string */
2800 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2802 bcc_ptr += 2 * bytes_returned;
2805 bcc_ptr += 2; /* null terminate network opsys string */
2808 bcc_ptr += 2; /* null domain */
2809 } else { /* ASCII */
2810 if (domain == NULL) {
2811 SecurityBlob->DomainName.Buffer = 0;
2812 SecurityBlob->DomainName.Length = 0;
2813 SecurityBlob->DomainName.MaximumLength = 0;
2816 negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
2817 strncpy(bcc_ptr, domain, 63);
2818 len = strnlen(domain, 64);
2819 SecurityBlob->DomainName.MaximumLength =
2821 SecurityBlob->DomainName.Buffer =
2822 cpu_to_le32(SecurityBlobLength);
2824 SecurityBlobLength += len;
2825 SecurityBlob->DomainName.Length = cpu_to_le16(len);
2828 SecurityBlob->UserName.Buffer = 0;
2829 SecurityBlob->UserName.Length = 0;
2830 SecurityBlob->UserName.MaximumLength = 0;
2833 strncpy(bcc_ptr, user, 63);
2834 len = strnlen(user, 64);
2835 SecurityBlob->UserName.MaximumLength =
2837 SecurityBlob->UserName.Buffer =
2838 cpu_to_le32(SecurityBlobLength);
2840 SecurityBlobLength += len;
2841 SecurityBlob->UserName.Length = cpu_to_le16(len);
2843 /* BB fill in our workstation name if known BB */
2845 strcpy(bcc_ptr, "Linux version ");
2846 bcc_ptr += strlen("Linux version ");
2847 strcpy(bcc_ptr, system_utsname.release);
2848 bcc_ptr += strlen(system_utsname.release) + 1;
2849 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2850 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2851 bcc_ptr++; /* null domain */
2854 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2855 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2856 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2857 smb_buffer->smb_buf_length += count;
2858 pSMB->req.ByteCount = cpu_to_le16(count);
2860 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2861 &bytes_returned, 1);
2863 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2864 } else if ((smb_buffer_response->WordCount == 3)
2865 || (smb_buffer_response->WordCount == 4)) {
2866 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2868 le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2869 if (action & GUEST_LOGIN)
2870 cFYI(1, (" Guest login")); /* BB do we want to set anything in SesInfo struct ? */
2871 /* if(SecurityBlob2->MessageType != NtLm??){
2872 cFYI("Unexpected message type on auth response is %d "));
2876 ("Does UID on challenge %d match auth response UID %d ",
2877 ses->Suid, smb_buffer_response->Uid));
2878 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format */
2879 bcc_ptr = pByteArea(smb_buffer_response);
2880 /* response can have either 3 or 4 word count - Samba sends 3 */
2881 if ((pSMBr->resp.hdr.WordCount == 3)
2882 || ((pSMBr->resp.hdr.WordCount == 4)
2884 pSMBr->resp.ByteCount))) {
2885 if (pSMBr->resp.hdr.WordCount == 4) {
2889 ("Security Blob Length %d ",
2894 ("NTLMSSP response to Authenticate "));
2896 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2897 if ((long) (bcc_ptr) % 2) {
2899 (BCC(smb_buffer_response)
2901 bcc_ptr++; /* Unicode strings must be word aligned */
2903 remaining_words = BCC(smb_buffer_response) / 2;
2906 UniStrnlen((wchar_t *) bcc_ptr,remaining_words - 1);
2907 /* We look for obvious messed up bcc or strings in response so we do not go off
2908 the end since (at least) WIN2K and Windows XP have a major bug in not null
2909 terminating last Unicode string in response */
2911 kfree(ses->serverOS);
2913 kzalloc(2 * (len + 1), GFP_KERNEL);
2914 cifs_strfromUCS_le(ses->serverOS,
2918 bcc_ptr += 2 * (len + 1);
2919 remaining_words -= len + 1;
2920 ses->serverOS[2 * len] = 0;
2921 ses->serverOS[1 + (2 * len)] = 0;
2922 if (remaining_words > 0) {
2923 len = UniStrnlen((wchar_t *)
2927 kfree(ses->serverNOS);
2929 kzalloc(2 * (len + 1),
2931 cifs_strfromUCS_le(ses->
2937 bcc_ptr += 2 * (len + 1);
2938 ses->serverNOS[2 * len] = 0;
2939 ses->serverNOS[1+(2*len)] = 0;
2940 remaining_words -= len + 1;
2941 if (remaining_words > 0) {
2942 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2943 /* last string not always null terminated (e.g. for Windows XP & 2000) */
2944 if(ses->serverDomain)
2945 kfree(ses->serverDomain);
2970 } /* else no more room so create dummy domain string */
2972 if(ses->serverDomain)
2973 kfree(ses->serverDomain);
2974 ses->serverDomain = kzalloc(2,GFP_KERNEL);
2976 } else { /* no room so create dummy domain and NOS string */
2977 if(ses->serverDomain)
2978 kfree(ses->serverDomain);
2979 ses->serverDomain = kzalloc(2, GFP_KERNEL);
2980 kfree(ses->serverNOS);
2981 ses->serverNOS = kzalloc(2, GFP_KERNEL);
2983 } else { /* ASCII */
2984 len = strnlen(bcc_ptr, 1024);
2985 if (((long) bcc_ptr + len) -
2986 (long) pByteArea(smb_buffer_response)
2987 <= BCC(smb_buffer_response)) {
2989 kfree(ses->serverOS);
2990 ses->serverOS = kzalloc(len + 1,GFP_KERNEL);
2991 strncpy(ses->serverOS,bcc_ptr, len);
2994 bcc_ptr[0] = 0; /* null terminate the string */
2997 len = strnlen(bcc_ptr, 1024);
2998 kfree(ses->serverNOS);
2999 ses->serverNOS = kzalloc(len+1,GFP_KERNEL);
3000 strncpy(ses->serverNOS, bcc_ptr, len);
3005 len = strnlen(bcc_ptr, 1024);
3006 if(ses->serverDomain)
3007 kfree(ses->serverDomain);
3008 ses->serverDomain = kzalloc(len+1,GFP_KERNEL);
3009 strncpy(ses->serverDomain, bcc_ptr, len);
3015 ("Variable field of length %d extends beyond end of smb ",
3020 (" Security Blob Length extends beyond end of SMB"));
3023 cERROR(1, ("No session structure passed in."));
3027 (" Invalid Word count %d: ",
3028 smb_buffer_response->WordCount));
3033 cifs_buf_release(smb_buffer);
3039 CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3040 const char *tree, struct cifsTconInfo *tcon,
3041 const struct nls_table *nls_codepage)
3043 struct smb_hdr *smb_buffer;
3044 struct smb_hdr *smb_buffer_response;
3047 unsigned char *bcc_ptr;
3055 smb_buffer = cifs_buf_get();
3056 if (smb_buffer == NULL) {
3059 smb_buffer_response = smb_buffer;
3061 header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3062 NULL /*no tid */ , 4 /*wct */ );
3064 smb_buffer->Mid = GetNextMid(ses->server);
3065 smb_buffer->Uid = ses->Suid;
3066 pSMB = (TCONX_REQ *) smb_buffer;
3067 pSMBr = (TCONX_RSP *) smb_buffer_response;
3069 pSMB->AndXCommand = 0xFF;
3070 pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
3071 bcc_ptr = &pSMB->Password[0];
3072 if((ses->server->secMode) & SECMODE_USER) {
3073 pSMB->PasswordLength = cpu_to_le16(1); /* minimum */
3074 *bcc_ptr = 0; /* password is null byte */
3075 bcc_ptr++; /* skip password */
3076 /* already aligned so no need to do it below */
3078 pSMB->PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);
3079 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3080 specified as required (when that support is added to
3081 the vfs in the future) as only NTLM or the much
3082 weaker LANMAN (which we do not send by default) is accepted
3083 by Samba (not sure whether other servers allow
3084 NTLMv2 password here) */
3085 #ifdef CONFIG_CIFS_WEAK_PW_HASH
3086 if((extended_security & CIFSSEC_MAY_LANMAN) &&
3087 (ses->server->secType == LANMAN))
3088 calc_lanman_hash(ses, bcc_ptr);
3090 #endif /* CIFS_WEAK_PW_HASH */
3091 SMBNTencrypt(ses->password,
3092 ses->server->cryptKey,
3095 bcc_ptr += CIFS_SESS_KEY_SIZE;
3096 if(ses->capabilities & CAP_UNICODE) {
3097 /* must align unicode strings */
3098 *bcc_ptr = 0; /* null byte password */
3103 if(ses->server->secMode &
3104 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3105 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3107 if (ses->capabilities & CAP_STATUS32) {
3108 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3110 if (ses->capabilities & CAP_DFS) {
3111 smb_buffer->Flags2 |= SMBFLG2_DFS;
3113 if (ses->capabilities & CAP_UNICODE) {
3114 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3116 cifs_strtoUCS((__le16 *) bcc_ptr, tree,
3117 6 /* max utf8 char length in bytes */ *
3118 (/* server len*/ + 256 /* share len */), nls_codepage);
3119 bcc_ptr += 2 * length; /* convert num 16 bit words to bytes */
3120 bcc_ptr += 2; /* skip trailing null */
3121 } else { /* ASCII */
3122 strcpy(bcc_ptr, tree);
3123 bcc_ptr += strlen(tree) + 1;
3125 strcpy(bcc_ptr, "?????");
3126 bcc_ptr += strlen("?????");
3128 count = bcc_ptr - &pSMB->Password[0];
3129 pSMB->hdr.smb_buf_length += count;
3130 pSMB->ByteCount = cpu_to_le16(count);
3132 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length, 0);
3134 /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3135 /* above now done in SendReceive */
3136 if ((rc == 0) && (tcon != NULL)) {
3137 tcon->tidStatus = CifsGood;
3138 tcon->tid = smb_buffer_response->Tid;
3139 bcc_ptr = pByteArea(smb_buffer_response);
3140 length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2);
3141 /* skip service field (NB: this field is always ASCII) */
3142 bcc_ptr += length + 1;
3143 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3144 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3145 length = UniStrnlen((wchar_t *) bcc_ptr, 512);
3146 if ((bcc_ptr + (2 * length)) -
3147 pByteArea(smb_buffer_response) <=
3148 BCC(smb_buffer_response)) {
3149 kfree(tcon->nativeFileSystem);
3150 tcon->nativeFileSystem =
3151 kzalloc(length + 2, GFP_KERNEL);
3152 cifs_strfromUCS_le(tcon->nativeFileSystem,
3154 length, nls_codepage);
3155 bcc_ptr += 2 * length;
3156 bcc_ptr[0] = 0; /* null terminate the string */
3160 /* else do not bother copying these informational fields */
3162 length = strnlen(bcc_ptr, 1024);
3163 if ((bcc_ptr + length) -
3164 pByteArea(smb_buffer_response) <=
3165 BCC(smb_buffer_response)) {
3166 kfree(tcon->nativeFileSystem);
3167 tcon->nativeFileSystem =
3168 kzalloc(length + 1, GFP_KERNEL);
3169 strncpy(tcon->nativeFileSystem, bcc_ptr,
3172 /* else do not bother copying these informational fields */
3174 if(smb_buffer_response->WordCount == 3)
3175 tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3178 cFYI(1, ("Tcon flags: 0x%x ", tcon->Flags));
3179 } else if ((rc == 0) && tcon == NULL) {
3180 /* all we need to save for IPC$ connection */
3181 ses->ipc_tid = smb_buffer_response->Tid;
3185 cifs_buf_release(smb_buffer);
3190 cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3194 struct cifsSesInfo *ses = NULL;
3195 struct task_struct *cifsd_task;
3199 if (cifs_sb->tcon) {
3200 ses = cifs_sb->tcon->ses; /* save ptr to ses before delete tcon!*/
3201 rc = CIFSSMBTDis(xid, cifs_sb->tcon);
3206 tconInfoFree(cifs_sb->tcon);
3207 if ((ses) && (ses->server)) {
3208 /* save off task so we do not refer to ses later */
3209 cifsd_task = ses->server->tsk;
3210 cFYI(1, ("About to do SMBLogoff "));
3211 rc = CIFSSMBLogoff(xid, ses);
3215 } else if (rc == -ESHUTDOWN) {
3216 cFYI(1,("Waking up socket by sending it signal"));
3218 send_sig(SIGKILL,cifsd_task,1);
3219 wait_for_completion(&cifsd_complete);
3222 } /* else - we have an smb session
3223 left on this socket do not kill cifsd */
3225 cFYI(1, ("No session or bad tcon"));
3228 cifs_sb->tcon = NULL;
3230 schedule_timeout_interruptible(msecs_to_jiffies(500));
3235 return rc; /* BB check if we should always return zero here */
3238 int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
3239 struct nls_table * nls_info)
3242 char ntlm_session_key[CIFS_SESS_KEY_SIZE];
3243 int ntlmv2_flag = FALSE;
3246 /* what if server changes its buffer size after dropping the session? */
3247 if(pSesInfo->server->maxBuf == 0) /* no need to send on reconnect */ {
3248 rc = CIFSSMBNegotiate(xid, pSesInfo);
3249 if(rc == -EAGAIN) /* retry only once on 1st time connection */ {
3250 rc = CIFSSMBNegotiate(xid, pSesInfo);
3255 spin_lock(&GlobalMid_Lock);
3256 if(pSesInfo->server->tcpStatus != CifsExiting)
3257 pSesInfo->server->tcpStatus = CifsGood;
3260 spin_unlock(&GlobalMid_Lock);
3266 pSesInfo->capabilities = pSesInfo->server->capabilities;
3267 if(linuxExtEnabled == 0)
3268 pSesInfo->capabilities &= (~CAP_UNIX);
3269 /* pSesInfo->sequence_number = 0;*/
3270 cFYI(1,("Security Mode: 0x%x Capabilities: 0x%x Time Zone: %d",
3271 pSesInfo->server->secMode,
3272 pSesInfo->server->capabilities,
3273 pSesInfo->server->timeZone));
3274 if(experimEnabled < 2)
3275 rc = CIFS_SessSetup(xid, pSesInfo,
3276 first_time, nls_info);
3277 else if (extended_security
3278 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3279 && (pSesInfo->server->secType == NTLMSSP)) {
3281 } else if (extended_security
3282 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3283 && (pSesInfo->server->secType == RawNTLMSSP)) {
3284 cFYI(1, ("NTLMSSP sesssetup"));
3285 rc = CIFSNTLMSSPNegotiateSessSetup(xid,
3292 cFYI(1,("Can use more secure NTLM version 2 password hash"));
3293 if(CalcNTLMv2_partial_mac_key(pSesInfo,
3298 v2_response = kmalloc(16 + 64 /* blob */, GFP_KERNEL);
3300 CalcNTLMv2_response(pSesInfo,v2_response);
3302 cifs_calculate_ntlmv2_mac_key(
3303 pSesInfo->server->mac_signing_key,
3304 response, ntlm_session_key, */
3306 /* BB Put dummy sig in SessSetup PDU? */
3313 SMBNTencrypt(pSesInfo->password,
3314 pSesInfo->server->cryptKey,
3318 cifs_calculate_mac_key(
3319 pSesInfo->server->mac_signing_key,
3321 pSesInfo->password);
3323 /* for better security the weaker lanman hash not sent
3324 in AuthSessSetup so we no longer calculate it */
3326 rc = CIFSNTLMSSPAuthSessSetup(xid,
3332 } else { /* old style NTLM 0.12 session setup */
3333 SMBNTencrypt(pSesInfo->password,
3334 pSesInfo->server->cryptKey,
3338 cifs_calculate_mac_key(
3339 pSesInfo->server->mac_signing_key,
3340 ntlm_session_key, pSesInfo->password);
3342 rc = CIFSSessSetup(xid, pSesInfo,
3343 ntlm_session_key, nls_info);
3346 cERROR(1,("Send error in SessSetup = %d",rc));
3348 cFYI(1,("CIFS Session Established successfully"));
3349 pSesInfo->status = CifsGood;