1 /*
2 * fs/cifs/connect.c
3 *
4 * Copyright (C) International Business Machines Corp., 2002,2009
5 * Author(s): Steve French (sfrench@us.ibm.com)
6 *
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
21 #include <linux/fs.h>
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/slab.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/kthread.h>
34 #include <linux/pagevec.h>
35 #include <linux/freezer.h>
36 #include <linux/namei.h>
37 #include <asm/uaccess.h>
38 #include <asm/processor.h>
39 #include <linux/inet.h>
40 #include <linux/module.h>
41 #include <keys/user-type.h>
42 #include <net/ipv6.h>
43 #include "cifspdu.h"
44 #include "cifsglob.h"
45 #include "cifsproto.h"
46 #include "cifs_unicode.h"
47 #include "cifs_debug.h"
48 #include "cifs_fs_sb.h"
49 #include "ntlmssp.h"
50 #include "nterr.h"
51 #include "rfc1002pdu.h"
52 #include "fscache.h"
53
54 #define CIFS_PORT 445
55 #define RFC1001_PORT 139
56
57 /* SMB echo "timeout" -- FIXME: tunable? */
58 #define SMB_ECHO_INTERVAL (60 * HZ)
59
60 extern mempool_t *cifs_req_poolp;
61
62 /* FIXME: should these be tunable? */
63 #define TLINK_ERROR_EXPIRE (1 * HZ)
64 #define TLINK_IDLE_EXPIRE (600 * HZ)
65
66 static int ip_connect(struct TCP_Server_Info *server);
67 static int generic_ip_connect(struct TCP_Server_Info *server);
68 static void tlink_rb_insert(struct rb_root *root, struct tcon_link *new_tlink);
69 static void cifs_prune_tlinks(struct work_struct *work);
70 static int cifs_setup_volume_info(struct smb_vol *volume_info, char *mount_data,
71 const char *devname);
72
73 /*
74 * cifs tcp session reconnection
75 *
76 * mark tcp session as reconnecting so temporarily locked
77 * mark all smb sessions as reconnecting for tcp session
78 * reconnect tcp session
79 * wake up waiters on reconnection? - (not needed currently)
80 */
81 static int
cifs_reconnect(struct TCP_Server_Info * server)82 cifs_reconnect(struct TCP_Server_Info *server)
83 {
84 int rc = 0;
85 struct list_head *tmp, *tmp2;
86 struct cifs_ses *ses;
87 struct cifs_tcon *tcon;
88 struct mid_q_entry *mid_entry;
89 struct list_head retry_list;
90
91 spin_lock(&GlobalMid_Lock);
92 if (server->tcpStatus == CifsExiting) {
93 /* the demux thread will exit normally
94 next time through the loop */
95 spin_unlock(&GlobalMid_Lock);
96 return rc;
97 } else
98 server->tcpStatus = CifsNeedReconnect;
99 spin_unlock(&GlobalMid_Lock);
100 server->maxBuf = 0;
101
102 cFYI(1, "Reconnecting tcp session");
103
104 /* before reconnecting the tcp session, mark the smb session (uid)
105 and the tid bad so they are not used until reconnected */
106 cFYI(1, "%s: marking sessions and tcons for reconnect", __func__);
107 spin_lock(&cifs_tcp_ses_lock);
108 list_for_each(tmp, &server->smb_ses_list) {
109 ses = list_entry(tmp, struct cifs_ses, smb_ses_list);
110 ses->need_reconnect = true;
111 ses->ipc_tid = 0;
112 list_for_each(tmp2, &ses->tcon_list) {
113 tcon = list_entry(tmp2, struct cifs_tcon, tcon_list);
114 tcon->need_reconnect = true;
115 }
116 }
117 spin_unlock(&cifs_tcp_ses_lock);
118
119 /* do not want to be sending data on a socket we are freeing */
120 cFYI(1, "%s: tearing down socket", __func__);
121 mutex_lock(&server->srv_mutex);
122 if (server->ssocket) {
123 cFYI(1, "State: 0x%x Flags: 0x%lx", server->ssocket->state,
124 server->ssocket->flags);
125 kernel_sock_shutdown(server->ssocket, SHUT_WR);
126 cFYI(1, "Post shutdown state: 0x%x Flags: 0x%lx",
127 server->ssocket->state,
128 server->ssocket->flags);
129 sock_release(server->ssocket);
130 server->ssocket = NULL;
131 }
132 server->sequence_number = 0;
133 server->session_estab = false;
134 kfree(server->session_key.response);
135 server->session_key.response = NULL;
136 server->session_key.len = 0;
137 server->lstrp = jiffies;
138 mutex_unlock(&server->srv_mutex);
139
140 /* mark submitted MIDs for retry and issue callback */
141 INIT_LIST_HEAD(&retry_list);
142 cFYI(1, "%s: moving mids to private list", __func__);
143 spin_lock(&GlobalMid_Lock);
144 list_for_each_safe(tmp, tmp2, &server->pending_mid_q) {
145 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
146 if (mid_entry->midState == MID_REQUEST_SUBMITTED)
147 mid_entry->midState = MID_RETRY_NEEDED;
148 list_move(&mid_entry->qhead, &retry_list);
149 }
150 spin_unlock(&GlobalMid_Lock);
151
152 cFYI(1, "%s: issuing mid callbacks", __func__);
153 list_for_each_safe(tmp, tmp2, &retry_list) {
154 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
155 list_del_init(&mid_entry->qhead);
156 mid_entry->callback(mid_entry);
157 }
158
159 do {
160 try_to_freeze();
161
162 /* we should try only the port we connected to before */
163 rc = generic_ip_connect(server);
164 if (rc) {
165 cFYI(1, "reconnect error %d", rc);
166 msleep(3000);
167 } else {
168 atomic_inc(&tcpSesReconnectCount);
169 spin_lock(&GlobalMid_Lock);
170 if (server->tcpStatus != CifsExiting)
171 server->tcpStatus = CifsNeedNegotiate;
172 spin_unlock(&GlobalMid_Lock);
173 }
174 } while (server->tcpStatus == CifsNeedReconnect);
175
176 return rc;
177 }
178
179 /*
180 return codes:
181 0 not a transact2, or all data present
182 >0 transact2 with that much data missing
183 -EINVAL = invalid transact2
184
185 */
check2ndT2(struct smb_hdr * pSMB)186 static int check2ndT2(struct smb_hdr *pSMB)
187 {
188 struct smb_t2_rsp *pSMBt;
189 int remaining;
190 __u16 total_data_size, data_in_this_rsp;
191
192 if (pSMB->Command != SMB_COM_TRANSACTION2)
193 return 0;
194
195 /* check for plausible wct, bcc and t2 data and parm sizes */
196 /* check for parm and data offset going beyond end of smb */
197 if (pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
198 cFYI(1, "invalid transact2 word count");
199 return -EINVAL;
200 }
201
202 pSMBt = (struct smb_t2_rsp *)pSMB;
203
204 total_data_size = get_unaligned_le16(&pSMBt->t2_rsp.TotalDataCount);
205 data_in_this_rsp = get_unaligned_le16(&pSMBt->t2_rsp.DataCount);
206
207 if (total_data_size == data_in_this_rsp)
208 return 0;
209 else if (total_data_size < data_in_this_rsp) {
210 cFYI(1, "total data %d smaller than data in frame %d",
211 total_data_size, data_in_this_rsp);
212 return -EINVAL;
213 }
214
215 remaining = total_data_size - data_in_this_rsp;
216
217 cFYI(1, "missing %d bytes from transact2, check next response",
218 remaining);
219 if (total_data_size > CIFSMaxBufSize) {
220 cERROR(1, "TotalDataSize %d is over maximum buffer %d",
221 total_data_size, CIFSMaxBufSize);
222 return -EINVAL;
223 }
224 return remaining;
225 }
226
coalesce_t2(struct smb_hdr * psecond,struct smb_hdr * pTargetSMB)227 static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
228 {
229 struct smb_t2_rsp *pSMBs = (struct smb_t2_rsp *)psecond;
230 struct smb_t2_rsp *pSMBt = (struct smb_t2_rsp *)pTargetSMB;
231 char *data_area_of_tgt;
232 char *data_area_of_src;
233 int remaining;
234 unsigned int byte_count, total_in_tgt;
235 __u16 tgt_total_cnt, src_total_cnt, total_in_src;
236
237 src_total_cnt = get_unaligned_le16(&pSMBs->t2_rsp.TotalDataCount);
238 tgt_total_cnt = get_unaligned_le16(&pSMBt->t2_rsp.TotalDataCount);
239
240 if (tgt_total_cnt != src_total_cnt)
241 cFYI(1, "total data count of primary and secondary t2 differ "
242 "source=%hu target=%hu", src_total_cnt, tgt_total_cnt);
243
244 total_in_tgt = get_unaligned_le16(&pSMBt->t2_rsp.DataCount);
245
246 remaining = tgt_total_cnt - total_in_tgt;
247
248 if (remaining < 0) {
249 cFYI(1, "Server sent too much data. tgt_total_cnt=%hu "
250 "total_in_tgt=%hu", tgt_total_cnt, total_in_tgt);
251 return -EPROTO;
252 }
253
254 if (remaining == 0) {
255 /* nothing to do, ignore */
256 cFYI(1, "no more data remains");
257 return 0;
258 }
259
260 total_in_src = get_unaligned_le16(&pSMBs->t2_rsp.DataCount);
261 if (remaining < total_in_src)
262 cFYI(1, "transact2 2nd response contains too much data");
263
264 /* find end of first SMB data area */
265 data_area_of_tgt = (char *)&pSMBt->hdr.Protocol +
266 get_unaligned_le16(&pSMBt->t2_rsp.DataOffset);
267
268 /* validate target area */
269 data_area_of_src = (char *)&pSMBs->hdr.Protocol +
270 get_unaligned_le16(&pSMBs->t2_rsp.DataOffset);
271
272 data_area_of_tgt += total_in_tgt;
273
274 total_in_tgt += total_in_src;
275 /* is the result too big for the field? */
276 if (total_in_tgt > USHRT_MAX) {
277 cFYI(1, "coalesced DataCount too large (%u)", total_in_tgt);
278 return -EPROTO;
279 }
280 put_unaligned_le16(total_in_tgt, &pSMBt->t2_rsp.DataCount);
281
282 /* fix up the BCC */
283 byte_count = get_bcc(pTargetSMB);
284 byte_count += total_in_src;
285 /* is the result too big for the field? */
286 if (byte_count > USHRT_MAX) {
287 cFYI(1, "coalesced BCC too large (%u)", byte_count);
288 return -EPROTO;
289 }
290 put_bcc(byte_count, pTargetSMB);
291
292 byte_count = be32_to_cpu(pTargetSMB->smb_buf_length);
293 byte_count += total_in_src;
294 /* don't allow buffer to overflow */
295 if (byte_count > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
296 cFYI(1, "coalesced BCC exceeds buffer size (%u)", byte_count);
297 return -ENOBUFS;
298 }
299 pTargetSMB->smb_buf_length = cpu_to_be32(byte_count);
300
301 /* copy second buffer into end of first buffer */
302 memcpy(data_area_of_tgt, data_area_of_src, total_in_src);
303
304 if (remaining != total_in_src) {
305 /* more responses to go */
306 cFYI(1, "waiting for more secondary responses");
307 return 1;
308 }
309
310 /* we are done */
311 cFYI(1, "found the last secondary response");
312 return 0;
313 }
314
315 static void
cifs_echo_request(struct work_struct * work)316 cifs_echo_request(struct work_struct *work)
317 {
318 int rc;
319 struct TCP_Server_Info *server = container_of(work,
320 struct TCP_Server_Info, echo.work);
321
322 /*
323 * We cannot send an echo until the NEGOTIATE_PROTOCOL request is
324 * done, which is indicated by maxBuf != 0. Also, no need to ping if
325 * we got a response recently
326 */
327 if (server->maxBuf == 0 ||
328 time_before(jiffies, server->lstrp + SMB_ECHO_INTERVAL - HZ))
329 goto requeue_echo;
330
331 rc = CIFSSMBEcho(server);
332 if (rc)
333 cFYI(1, "Unable to send echo request to server: %s",
334 server->hostname);
335
336 requeue_echo:
337 queue_delayed_work(system_nrt_wq, &server->echo, SMB_ECHO_INTERVAL);
338 }
339
340 static bool
allocate_buffers(struct TCP_Server_Info * server)341 allocate_buffers(struct TCP_Server_Info *server)
342 {
343 if (!server->bigbuf) {
344 server->bigbuf = (char *)cifs_buf_get();
345 if (!server->bigbuf) {
346 cERROR(1, "No memory for large SMB response");
347 msleep(3000);
348 /* retry will check if exiting */
349 return false;
350 }
351 } else if (server->large_buf) {
352 /* we are reusing a dirty large buf, clear its start */
353 memset(server->bigbuf, 0, sizeof(struct smb_hdr));
354 }
355
356 if (!server->smallbuf) {
357 server->smallbuf = (char *)cifs_small_buf_get();
358 if (!server->smallbuf) {
359 cERROR(1, "No memory for SMB response");
360 msleep(1000);
361 /* retry will check if exiting */
362 return false;
363 }
364 /* beginning of smb buffer is cleared in our buf_get */
365 } else {
366 /* if existing small buf clear beginning */
367 memset(server->smallbuf, 0, sizeof(struct smb_hdr));
368 }
369
370 return true;
371 }
372
373 static bool
server_unresponsive(struct TCP_Server_Info * server)374 server_unresponsive(struct TCP_Server_Info *server)
375 {
376 if (echo_retries > 0 && server->tcpStatus == CifsGood &&
377 time_after(jiffies, server->lstrp +
378 (echo_retries * SMB_ECHO_INTERVAL))) {
379 cERROR(1, "Server %s has not responded in %d seconds. "
380 "Reconnecting...", server->hostname,
381 (echo_retries * SMB_ECHO_INTERVAL / HZ));
382 cifs_reconnect(server);
383 wake_up(&server->response_q);
384 return true;
385 }
386
387 return false;
388 }
389
390 /*
391 * kvec_array_init - clone a kvec array, and advance into it
392 * @new: pointer to memory for cloned array
393 * @iov: pointer to original array
394 * @nr_segs: number of members in original array
395 * @bytes: number of bytes to advance into the cloned array
396 *
397 * This function will copy the array provided in iov to a section of memory
398 * and advance the specified number of bytes into the new array. It returns
399 * the number of segments in the new array. "new" must be at least as big as
400 * the original iov array.
401 */
402 static unsigned int
kvec_array_init(struct kvec * new,struct kvec * iov,unsigned int nr_segs,size_t bytes)403 kvec_array_init(struct kvec *new, struct kvec *iov, unsigned int nr_segs,
404 size_t bytes)
405 {
406 size_t base = 0;
407
408 while (bytes || !iov->iov_len) {
409 int copy = min(bytes, iov->iov_len);
410
411 bytes -= copy;
412 base += copy;
413 if (iov->iov_len == base) {
414 iov++;
415 nr_segs--;
416 base = 0;
417 }
418 }
419 memcpy(new, iov, sizeof(*iov) * nr_segs);
420 new->iov_base += base;
421 new->iov_len -= base;
422 return nr_segs;
423 }
424
425 static struct kvec *
get_server_iovec(struct TCP_Server_Info * server,unsigned int nr_segs)426 get_server_iovec(struct TCP_Server_Info *server, unsigned int nr_segs)
427 {
428 struct kvec *new_iov;
429
430 if (server->iov && nr_segs <= server->nr_iov)
431 return server->iov;
432
433 /* not big enough -- allocate a new one and release the old */
434 new_iov = kmalloc(sizeof(*new_iov) * nr_segs, GFP_NOFS);
435 if (new_iov) {
436 kfree(server->iov);
437 server->iov = new_iov;
438 server->nr_iov = nr_segs;
439 }
440 return new_iov;
441 }
442
443 int
cifs_readv_from_socket(struct TCP_Server_Info * server,struct kvec * iov_orig,unsigned int nr_segs,unsigned int to_read)444 cifs_readv_from_socket(struct TCP_Server_Info *server, struct kvec *iov_orig,
445 unsigned int nr_segs, unsigned int to_read)
446 {
447 int length = 0;
448 int total_read;
449 unsigned int segs;
450 struct msghdr smb_msg;
451 struct kvec *iov;
452
453 iov = get_server_iovec(server, nr_segs);
454 if (!iov)
455 return -ENOMEM;
456
457 smb_msg.msg_control = NULL;
458 smb_msg.msg_controllen = 0;
459
460 for (total_read = 0; to_read; total_read += length, to_read -= length) {
461 try_to_freeze();
462
463 if (server_unresponsive(server)) {
464 total_read = -EAGAIN;
465 break;
466 }
467
468 segs = kvec_array_init(iov, iov_orig, nr_segs, total_read);
469
470 length = kernel_recvmsg(server->ssocket, &smb_msg,
471 iov, segs, to_read, 0);
472
473 if (server->tcpStatus == CifsExiting) {
474 total_read = -ESHUTDOWN;
475 break;
476 } else if (server->tcpStatus == CifsNeedReconnect) {
477 cifs_reconnect(server);
478 total_read = -EAGAIN;
479 break;
480 } else if (length == -ERESTARTSYS ||
481 length == -EAGAIN ||
482 length == -EINTR) {
483 /*
484 * Minimum sleep to prevent looping, allowing socket
485 * to clear and app threads to set tcpStatus
486 * CifsNeedReconnect if server hung.
487 */
488 usleep_range(1000, 2000);
489 length = 0;
490 continue;
491 } else if (length <= 0) {
492 cFYI(1, "Received no data or error: expecting %d "
493 "got %d", to_read, length);
494 cifs_reconnect(server);
495 total_read = -EAGAIN;
496 break;
497 }
498 }
499 return total_read;
500 }
501
502 int
cifs_read_from_socket(struct TCP_Server_Info * server,char * buf,unsigned int to_read)503 cifs_read_from_socket(struct TCP_Server_Info *server, char *buf,
504 unsigned int to_read)
505 {
506 struct kvec iov;
507
508 iov.iov_base = buf;
509 iov.iov_len = to_read;
510
511 return cifs_readv_from_socket(server, &iov, 1, to_read);
512 }
513
514 static bool
is_smb_response(struct TCP_Server_Info * server,unsigned char type)515 is_smb_response(struct TCP_Server_Info *server, unsigned char type)
516 {
517 /*
518 * The first byte big endian of the length field,
519 * is actually not part of the length but the type
520 * with the most common, zero, as regular data.
521 */
522 switch (type) {
523 case RFC1002_SESSION_MESSAGE:
524 /* Regular SMB response */
525 return true;
526 case RFC1002_SESSION_KEEP_ALIVE:
527 cFYI(1, "RFC 1002 session keep alive");
528 break;
529 case RFC1002_POSITIVE_SESSION_RESPONSE:
530 cFYI(1, "RFC 1002 positive session response");
531 break;
532 case RFC1002_NEGATIVE_SESSION_RESPONSE:
533 /*
534 * We get this from Windows 98 instead of an error on
535 * SMB negprot response.
536 */
537 cFYI(1, "RFC 1002 negative session response");
538 /* give server a second to clean up */
539 msleep(1000);
540 /*
541 * Always try 445 first on reconnect since we get NACK
542 * on some if we ever connected to port 139 (the NACK
543 * is since we do not begin with RFC1001 session
544 * initialize frame).
545 */
546 cifs_set_port((struct sockaddr *)&server->dstaddr, CIFS_PORT);
547 cifs_reconnect(server);
548 wake_up(&server->response_q);
549 break;
550 default:
551 cERROR(1, "RFC 1002 unknown response type 0x%x", type);
552 cifs_reconnect(server);
553 }
554
555 return false;
556 }
557
558 static struct mid_q_entry *
find_mid(struct TCP_Server_Info * server,struct smb_hdr * buf)559 find_mid(struct TCP_Server_Info *server, struct smb_hdr *buf)
560 {
561 struct mid_q_entry *mid;
562
563 spin_lock(&GlobalMid_Lock);
564 list_for_each_entry(mid, &server->pending_mid_q, qhead) {
565 if (mid->mid == buf->Mid &&
566 mid->midState == MID_REQUEST_SUBMITTED &&
567 mid->command == buf->Command) {
568 spin_unlock(&GlobalMid_Lock);
569 return mid;
570 }
571 }
572 spin_unlock(&GlobalMid_Lock);
573 return NULL;
574 }
575
576 void
dequeue_mid(struct mid_q_entry * mid,bool malformed)577 dequeue_mid(struct mid_q_entry *mid, bool malformed)
578 {
579 #ifdef CONFIG_CIFS_STATS2
580 mid->when_received = jiffies;
581 #endif
582 spin_lock(&GlobalMid_Lock);
583 if (!malformed)
584 mid->midState = MID_RESPONSE_RECEIVED;
585 else
586 mid->midState = MID_RESPONSE_MALFORMED;
587 list_del_init(&mid->qhead);
588 spin_unlock(&GlobalMid_Lock);
589 }
590
591 static void
handle_mid(struct mid_q_entry * mid,struct TCP_Server_Info * server,struct smb_hdr * buf,int malformed)592 handle_mid(struct mid_q_entry *mid, struct TCP_Server_Info *server,
593 struct smb_hdr *buf, int malformed)
594 {
595 if (malformed == 0 && check2ndT2(buf) > 0) {
596 mid->multiRsp = true;
597 if (mid->resp_buf) {
598 /* merge response - fix up 1st*/
599 malformed = coalesce_t2(buf, mid->resp_buf);
600 if (malformed > 0)
601 return;
602
603 /* All parts received or packet is malformed. */
604 mid->multiEnd = true;
605 return dequeue_mid(mid, malformed);
606 }
607 if (!server->large_buf) {
608 /*FIXME: switch to already allocated largebuf?*/
609 cERROR(1, "1st trans2 resp needs bigbuf");
610 } else {
611 /* Have first buffer */
612 mid->resp_buf = buf;
613 mid->largeBuf = true;
614 server->bigbuf = NULL;
615 }
616 return;
617 }
618 mid->resp_buf = buf;
619 mid->largeBuf = server->large_buf;
620 /* Was previous buf put in mpx struct for multi-rsp? */
621 if (!mid->multiRsp) {
622 /* smb buffer will be freed by user thread */
623 if (server->large_buf)
624 server->bigbuf = NULL;
625 else
626 server->smallbuf = NULL;
627 }
628 dequeue_mid(mid, malformed);
629 }
630
clean_demultiplex_info(struct TCP_Server_Info * server)631 static void clean_demultiplex_info(struct TCP_Server_Info *server)
632 {
633 int length;
634
635 /* take it off the list, if it's not already */
636 spin_lock(&cifs_tcp_ses_lock);
637 list_del_init(&server->tcp_ses_list);
638 spin_unlock(&cifs_tcp_ses_lock);
639
640 spin_lock(&GlobalMid_Lock);
641 server->tcpStatus = CifsExiting;
642 spin_unlock(&GlobalMid_Lock);
643 wake_up_all(&server->response_q);
644
645 /*
646 * Check if we have blocked requests that need to free. Note that
647 * cifs_max_pending is normally 50, but can be set at module install
648 * time to as little as two.
649 */
650 spin_lock(&GlobalMid_Lock);
651 if (atomic_read(&server->inFlight) >= cifs_max_pending)
652 atomic_set(&server->inFlight, cifs_max_pending - 1);
653 /*
654 * We do not want to set the max_pending too low or we could end up
655 * with the counter going negative.
656 */
657 spin_unlock(&GlobalMid_Lock);
658 /*
659 * Although there should not be any requests blocked on this queue it
660 * can not hurt to be paranoid and try to wake up requests that may
661 * haven been blocked when more than 50 at time were on the wire to the
662 * same server - they now will see the session is in exit state and get
663 * out of SendReceive.
664 */
665 wake_up_all(&server->request_q);
666 /* give those requests time to exit */
667 msleep(125);
668
669 if (server->ssocket) {
670 sock_release(server->ssocket);
671 server->ssocket = NULL;
672 }
673
674 if (!list_empty(&server->pending_mid_q)) {
675 struct list_head dispose_list;
676 struct mid_q_entry *mid_entry;
677 struct list_head *tmp, *tmp2;
678
679 INIT_LIST_HEAD(&dispose_list);
680 spin_lock(&GlobalMid_Lock);
681 list_for_each_safe(tmp, tmp2, &server->pending_mid_q) {
682 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
683 cFYI(1, "Clearing mid 0x%x", mid_entry->mid);
684 mid_entry->midState = MID_SHUTDOWN;
685 list_move(&mid_entry->qhead, &dispose_list);
686 }
687 spin_unlock(&GlobalMid_Lock);
688
689 /* now walk dispose list and issue callbacks */
690 list_for_each_safe(tmp, tmp2, &dispose_list) {
691 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
692 cFYI(1, "Callback mid 0x%x", mid_entry->mid);
693 list_del_init(&mid_entry->qhead);
694 mid_entry->callback(mid_entry);
695 }
696 /* 1/8th of sec is more than enough time for them to exit */
697 msleep(125);
698 }
699
700 if (!list_empty(&server->pending_mid_q)) {
701 /*
702 * mpx threads have not exited yet give them at least the smb
703 * send timeout time for long ops.
704 *
705 * Due to delays on oplock break requests, we need to wait at
706 * least 45 seconds before giving up on a request getting a
707 * response and going ahead and killing cifsd.
708 */
709 cFYI(1, "Wait for exit from demultiplex thread");
710 msleep(46000);
711 /*
712 * If threads still have not exited they are probably never
713 * coming home not much else we can do but free the memory.
714 */
715 }
716
717 kfree(server->hostname);
718 kfree(server->iov);
719 kfree(server);
720
721 length = atomic_dec_return(&tcpSesAllocCount);
722 if (length > 0)
723 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
724 GFP_KERNEL);
725 }
726
727 static int
standard_receive3(struct TCP_Server_Info * server,struct mid_q_entry * mid)728 standard_receive3(struct TCP_Server_Info *server, struct mid_q_entry *mid)
729 {
730 int length;
731 char *buf = server->smallbuf;
732 struct smb_hdr *smb_buffer = (struct smb_hdr *)buf;
733 unsigned int pdu_length = be32_to_cpu(smb_buffer->smb_buf_length);
734
735 /* make sure this will fit in a large buffer */
736 if (pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
737 cERROR(1, "SMB response too long (%u bytes)",
738 pdu_length);
739 cifs_reconnect(server);
740 wake_up(&server->response_q);
741 return -EAGAIN;
742 }
743
744 /* switch to large buffer if too big for a small one */
745 if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
746 server->large_buf = true;
747 memcpy(server->bigbuf, server->smallbuf, server->total_read);
748 buf = server->bigbuf;
749 smb_buffer = (struct smb_hdr *)buf;
750 }
751
752 /* now read the rest */
753 length = cifs_read_from_socket(server,
754 buf + sizeof(struct smb_hdr) - 1,
755 pdu_length - sizeof(struct smb_hdr) + 1 + 4);
756 if (length < 0)
757 return length;
758 server->total_read += length;
759
760 dump_smb(smb_buffer, server->total_read);
761
762 /*
763 * We know that we received enough to get to the MID as we
764 * checked the pdu_length earlier. Now check to see
765 * if the rest of the header is OK. We borrow the length
766 * var for the rest of the loop to avoid a new stack var.
767 *
768 * 48 bytes is enough to display the header and a little bit
769 * into the payload for debugging purposes.
770 */
771 length = checkSMB(smb_buffer, smb_buffer->Mid, server->total_read);
772 if (length != 0)
773 cifs_dump_mem("Bad SMB: ", buf,
774 min_t(unsigned int, server->total_read, 48));
775
776 if (!mid)
777 return length;
778
779 handle_mid(mid, server, smb_buffer, length);
780 return 0;
781 }
782
783 static int
cifs_demultiplex_thread(void * p)784 cifs_demultiplex_thread(void *p)
785 {
786 int length;
787 struct TCP_Server_Info *server = p;
788 unsigned int pdu_length;
789 char *buf = NULL;
790 struct smb_hdr *smb_buffer = NULL;
791 struct task_struct *task_to_wake = NULL;
792 struct mid_q_entry *mid_entry;
793
794 current->flags |= PF_MEMALLOC;
795 cFYI(1, "Demultiplex PID: %d", task_pid_nr(current));
796
797 length = atomic_inc_return(&tcpSesAllocCount);
798 if (length > 1)
799 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
800 GFP_KERNEL);
801
802 set_freezable();
803 while (server->tcpStatus != CifsExiting) {
804 if (try_to_freeze())
805 continue;
806
807 if (!allocate_buffers(server))
808 continue;
809
810 server->large_buf = false;
811 smb_buffer = (struct smb_hdr *)server->smallbuf;
812 buf = server->smallbuf;
813 pdu_length = 4; /* enough to get RFC1001 header */
814
815 length = cifs_read_from_socket(server, buf, pdu_length);
816 if (length < 0)
817 continue;
818 server->total_read = length;
819
820 /*
821 * The right amount was read from socket - 4 bytes,
822 * so we can now interpret the length field.
823 */
824 pdu_length = be32_to_cpu(smb_buffer->smb_buf_length);
825
826 cFYI(1, "RFC1002 header 0x%x", pdu_length);
827 if (!is_smb_response(server, buf[0]))
828 continue;
829
830 /* make sure we have enough to get to the MID */
831 if (pdu_length < sizeof(struct smb_hdr) - 1 - 4) {
832 cERROR(1, "SMB response too short (%u bytes)",
833 pdu_length);
834 cifs_reconnect(server);
835 wake_up(&server->response_q);
836 continue;
837 }
838
839 /* read down to the MID */
840 length = cifs_read_from_socket(server, buf + 4,
841 sizeof(struct smb_hdr) - 1 - 4);
842 if (length < 0)
843 continue;
844 server->total_read += length;
845
846 mid_entry = find_mid(server, smb_buffer);
847
848 if (!mid_entry || !mid_entry->receive)
849 length = standard_receive3(server, mid_entry);
850 else
851 length = mid_entry->receive(server, mid_entry);
852
853 if (length < 0)
854 continue;
855
856 if (server->large_buf) {
857 buf = server->bigbuf;
858 smb_buffer = (struct smb_hdr *)buf;
859 }
860
861 server->lstrp = jiffies;
862 if (mid_entry != NULL) {
863 if (!mid_entry->multiRsp || mid_entry->multiEnd)
864 mid_entry->callback(mid_entry);
865 } else if (!is_valid_oplock_break(smb_buffer, server)) {
866 cERROR(1, "No task to wake, unknown frame received! "
867 "NumMids %d", atomic_read(&midCount));
868 cifs_dump_mem("Received Data is: ", buf,
869 sizeof(struct smb_hdr));
870 #ifdef CONFIG_CIFS_DEBUG2
871 cifs_dump_detail(smb_buffer);
872 cifs_dump_mids(server);
873 #endif /* CIFS_DEBUG2 */
874
875 }
876 } /* end while !EXITING */
877
878 /* buffer usually freed in free_mid - need to free it here on exit */
879 cifs_buf_release(server->bigbuf);
880 if (server->smallbuf) /* no sense logging a debug message if NULL */
881 cifs_small_buf_release(server->smallbuf);
882
883 task_to_wake = xchg(&server->tsk, NULL);
884 clean_demultiplex_info(server);
885
886 /* if server->tsk was NULL then wait for a signal before exiting */
887 if (!task_to_wake) {
888 set_current_state(TASK_INTERRUPTIBLE);
889 while (!signal_pending(current)) {
890 schedule();
891 set_current_state(TASK_INTERRUPTIBLE);
892 }
893 set_current_state(TASK_RUNNING);
894 }
895
896 module_put_and_exit(0);
897 }
898
899 /* extract the host portion of the UNC string */
900 static char *
extract_hostname(const char * unc)901 extract_hostname(const char *unc)
902 {
903 const char *src;
904 char *dst, *delim;
905 unsigned int len;
906
907 /* skip double chars at beginning of string */
908 /* BB: check validity of these bytes? */
909 src = unc + 2;
910
911 /* delimiter between hostname and sharename is always '\\' now */
912 delim = strchr(src, '\\');
913 if (!delim)
914 return ERR_PTR(-EINVAL);
915
916 len = delim - src;
917 dst = kmalloc((len + 1), GFP_KERNEL);
918 if (dst == NULL)
919 return ERR_PTR(-ENOMEM);
920
921 memcpy(dst, src, len);
922 dst[len] = '\0';
923
924 return dst;
925 }
926
927 static int
cifs_parse_mount_options(const char * mountdata,const char * devname,struct smb_vol * vol)928 cifs_parse_mount_options(const char *mountdata, const char *devname,
929 struct smb_vol *vol)
930 {
931 char *value, *data, *end;
932 char *mountdata_copy = NULL, *options;
933 int err;
934 unsigned int temp_len, i, j;
935 char separator[2];
936 short int override_uid = -1;
937 short int override_gid = -1;
938 bool uid_specified = false;
939 bool gid_specified = false;
940 char *nodename = utsname()->nodename;
941
942 separator[0] = ',';
943 separator[1] = 0;
944
945 /*
946 * does not have to be perfect mapping since field is
947 * informational, only used for servers that do not support
948 * port 445 and it can be overridden at mount time
949 */
950 memset(vol->source_rfc1001_name, 0x20, RFC1001_NAME_LEN);
951 for (i = 0; i < strnlen(nodename, RFC1001_NAME_LEN); i++)
952 vol->source_rfc1001_name[i] = toupper(nodename[i]);
953
954 vol->source_rfc1001_name[RFC1001_NAME_LEN] = 0;
955 /* null target name indicates to use *SMBSERVR default called name
956 if we end up sending RFC1001 session initialize */
957 vol->target_rfc1001_name[0] = 0;
958 vol->cred_uid = current_uid();
959 vol->linux_uid = current_uid();
960 vol->linux_gid = current_gid();
961
962 /* default to only allowing write access to owner of the mount */
963 vol->dir_mode = vol->file_mode = S_IRUGO | S_IXUGO | S_IWUSR;
964
965 /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
966 /* default is always to request posix paths. */
967 vol->posix_paths = 1;
968 /* default to using server inode numbers where available */
969 vol->server_ino = 1;
970
971 vol->actimeo = CIFS_DEF_ACTIMEO;
972
973 if (!mountdata)
974 goto cifs_parse_mount_err;
975
976 mountdata_copy = kstrndup(mountdata, PAGE_SIZE, GFP_KERNEL);
977 if (!mountdata_copy)
978 goto cifs_parse_mount_err;
979
980 options = mountdata_copy;
981 end = options + strlen(options);
982 if (strncmp(options, "sep=", 4) == 0) {
983 if (options[4] != 0) {
984 separator[0] = options[4];
985 options += 5;
986 } else {
987 cFYI(1, "Null separator not allowed");
988 }
989 }
990 vol->backupuid_specified = false; /* no backup intent for a user */
991 vol->backupgid_specified = false; /* no backup intent for a group */
992
993 while ((data = strsep(&options, separator)) != NULL) {
994 if (!*data)
995 continue;
996 if ((value = strchr(data, '=')) != NULL)
997 *value++ = '\0';
998
999 /* Have to parse this before we parse for "user" */
1000 if (strnicmp(data, "user_xattr", 10) == 0) {
1001 vol->no_xattr = 0;
1002 } else if (strnicmp(data, "nouser_xattr", 12) == 0) {
1003 vol->no_xattr = 1;
1004 } else if (strnicmp(data, "user", 4) == 0) {
1005 if (!value) {
1006 printk(KERN_WARNING
1007 "CIFS: invalid or missing username\n");
1008 goto cifs_parse_mount_err;
1009 } else if (!*value) {
1010 /* null user, ie anonymous, authentication */
1011 vol->nullauth = 1;
1012 }
1013 if (strnlen(value, MAX_USERNAME_SIZE) <
1014 MAX_USERNAME_SIZE) {
1015 vol->username = kstrdup(value, GFP_KERNEL);
1016 if (!vol->username) {
1017 printk(KERN_WARNING "CIFS: no memory "
1018 "for username\n");
1019 goto cifs_parse_mount_err;
1020 }
1021 } else {
1022 printk(KERN_WARNING "CIFS: username too long\n");
1023 goto cifs_parse_mount_err;
1024 }
1025 } else if (strnicmp(data, "pass", 4) == 0) {
1026 if (!value) {
1027 vol->password = NULL;
1028 continue;
1029 } else if (value[0] == 0) {
1030 /* check if string begins with double comma
1031 since that would mean the password really
1032 does start with a comma, and would not
1033 indicate an empty string */
1034 if (value[1] != separator[0]) {
1035 vol->password = NULL;
1036 continue;
1037 }
1038 }
1039 temp_len = strlen(value);
1040 /* removed password length check, NTLM passwords
1041 can be arbitrarily long */
1042
1043 /* if comma in password, the string will be
1044 prematurely null terminated. Commas in password are
1045 specified across the cifs mount interface by a double
1046 comma ie ,, and a comma used as in other cases ie ','
1047 as a parameter delimiter/separator is single and due
1048 to the strsep above is temporarily zeroed. */
1049
1050 /* NB: password legally can have multiple commas and
1051 the only illegal character in a password is null */
1052
1053 if ((value[temp_len] == 0) &&
1054 (value + temp_len < end) &&
1055 (value[temp_len+1] == separator[0])) {
1056 /* reinsert comma */
1057 value[temp_len] = separator[0];
1058 temp_len += 2; /* move after second comma */
1059 while (value[temp_len] != 0) {
1060 if (value[temp_len] == separator[0]) {
1061 if (value[temp_len+1] ==
1062 separator[0]) {
1063 /* skip second comma */
1064 temp_len++;
1065 } else {
1066 /* single comma indicating start
1067 of next parm */
1068 break;
1069 }
1070 }
1071 temp_len++;
1072 }
1073 if (value[temp_len] == 0) {
1074 options = NULL;
1075 } else {
1076 value[temp_len] = 0;
1077 /* point option to start of next parm */
1078 options = value + temp_len + 1;
1079 }
1080 /* go from value to value + temp_len condensing
1081 double commas to singles. Note that this ends up
1082 allocating a few bytes too many, which is ok */
1083 vol->password = kzalloc(temp_len, GFP_KERNEL);
1084 if (vol->password == NULL) {
1085 printk(KERN_WARNING "CIFS: no memory "
1086 "for password\n");
1087 goto cifs_parse_mount_err;
1088 }
1089 for (i = 0, j = 0; i < temp_len; i++, j++) {
1090 vol->password[j] = value[i];
1091 if (value[i] == separator[0]
1092 && value[i+1] == separator[0]) {
1093 /* skip second comma */
1094 i++;
1095 }
1096 }
1097 vol->password[j] = 0;
1098 } else {
1099 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
1100 if (vol->password == NULL) {
1101 printk(KERN_WARNING "CIFS: no memory "
1102 "for password\n");
1103 goto cifs_parse_mount_err;
1104 }
1105 strcpy(vol->password, value);
1106 }
1107 } else if (!strnicmp(data, "ip", 2) ||
1108 !strnicmp(data, "addr", 4)) {
1109 if (!value || !*value) {
1110 vol->UNCip = NULL;
1111 } else if (strnlen(value, INET6_ADDRSTRLEN) <
1112 INET6_ADDRSTRLEN) {
1113 vol->UNCip = kstrdup(value, GFP_KERNEL);
1114 if (!vol->UNCip) {
1115 printk(KERN_WARNING "CIFS: no memory "
1116 "for UNC IP\n");
1117 goto cifs_parse_mount_err;
1118 }
1119 } else {
1120 printk(KERN_WARNING "CIFS: ip address "
1121 "too long\n");
1122 goto cifs_parse_mount_err;
1123 }
1124 } else if (strnicmp(data, "sec", 3) == 0) {
1125 if (!value || !*value) {
1126 cERROR(1, "no security value specified");
1127 continue;
1128 } else if (strnicmp(value, "krb5i", 5) == 0) {
1129 vol->secFlg |= CIFSSEC_MAY_KRB5 |
1130 CIFSSEC_MUST_SIGN;
1131 } else if (strnicmp(value, "krb5p", 5) == 0) {
1132 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
1133 CIFSSEC_MAY_KRB5; */
1134 cERROR(1, "Krb5 cifs privacy not supported");
1135 goto cifs_parse_mount_err;
1136 } else if (strnicmp(value, "krb5", 4) == 0) {
1137 vol->secFlg |= CIFSSEC_MAY_KRB5;
1138 } else if (strnicmp(value, "ntlmsspi", 8) == 0) {
1139 vol->secFlg |= CIFSSEC_MAY_NTLMSSP |
1140 CIFSSEC_MUST_SIGN;
1141 } else if (strnicmp(value, "ntlmssp", 7) == 0) {
1142 vol->secFlg |= CIFSSEC_MAY_NTLMSSP;
1143 } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
1144 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
1145 CIFSSEC_MUST_SIGN;
1146 } else if (strnicmp(value, "ntlmv2", 6) == 0) {
1147 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
1148 } else if (strnicmp(value, "ntlmi", 5) == 0) {
1149 vol->secFlg |= CIFSSEC_MAY_NTLM |
1150 CIFSSEC_MUST_SIGN;
1151 } else if (strnicmp(value, "ntlm", 4) == 0) {
1152 /* ntlm is default so can be turned off too */
1153 vol->secFlg |= CIFSSEC_MAY_NTLM;
1154 } else if (strnicmp(value, "nontlm", 6) == 0) {
1155 /* BB is there a better way to do this? */
1156 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
1157 #ifdef CONFIG_CIFS_WEAK_PW_HASH
1158 } else if (strnicmp(value, "lanman", 6) == 0) {
1159 vol->secFlg |= CIFSSEC_MAY_LANMAN;
1160 #endif
1161 } else if (strnicmp(value, "none", 4) == 0) {
1162 vol->nullauth = 1;
1163 } else {
1164 cERROR(1, "bad security option: %s", value);
1165 goto cifs_parse_mount_err;
1166 }
1167 } else if (strnicmp(data, "vers", 3) == 0) {
1168 if (!value || !*value) {
1169 cERROR(1, "no protocol version specified"
1170 " after vers= mount option");
1171 } else if ((strnicmp(value, "cifs", 4) == 0) ||
1172 (strnicmp(value, "1", 1) == 0)) {
1173 /* this is the default */
1174 continue;
1175 }
1176 } else if ((strnicmp(data, "unc", 3) == 0)
1177 || (strnicmp(data, "target", 6) == 0)
1178 || (strnicmp(data, "path", 4) == 0)) {
1179 if (!value || !*value) {
1180 printk(KERN_WARNING "CIFS: invalid path to "
1181 "network resource\n");
1182 goto cifs_parse_mount_err;
1183 }
1184 if ((temp_len = strnlen(value, 300)) < 300) {
1185 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1186 if (vol->UNC == NULL)
1187 goto cifs_parse_mount_err;
1188 strcpy(vol->UNC, value);
1189 if (strncmp(vol->UNC, "//", 2) == 0) {
1190 vol->UNC[0] = '\\';
1191 vol->UNC[1] = '\\';
1192 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1193 printk(KERN_WARNING
1194 "CIFS: UNC Path does not begin "
1195 "with // or \\\\ \n");
1196 goto cifs_parse_mount_err;
1197 }
1198 } else {
1199 printk(KERN_WARNING "CIFS: UNC name too long\n");
1200 goto cifs_parse_mount_err;
1201 }
1202 } else if ((strnicmp(data, "domain", 3) == 0)
1203 || (strnicmp(data, "workgroup", 5) == 0)) {
1204 if (!value || !*value) {
1205 printk(KERN_WARNING "CIFS: invalid domain name\n");
1206 goto cifs_parse_mount_err;
1207 }
1208 /* BB are there cases in which a comma can be valid in
1209 a domain name and need special handling? */
1210 if (strnlen(value, 256) < 256) {
1211 vol->domainname = kstrdup(value, GFP_KERNEL);
1212 if (!vol->domainname) {
1213 printk(KERN_WARNING "CIFS: no memory "
1214 "for domainname\n");
1215 goto cifs_parse_mount_err;
1216 }
1217 cFYI(1, "Domain name set");
1218 } else {
1219 printk(KERN_WARNING "CIFS: domain name too "
1220 "long\n");
1221 goto cifs_parse_mount_err;
1222 }
1223 } else if (strnicmp(data, "srcaddr", 7) == 0) {
1224 vol->srcaddr.ss_family = AF_UNSPEC;
1225
1226 if (!value || !*value) {
1227 printk(KERN_WARNING "CIFS: srcaddr value"
1228 " not specified.\n");
1229 goto cifs_parse_mount_err;
1230 }
1231 i = cifs_convert_address((struct sockaddr *)&vol->srcaddr,
1232 value, strlen(value));
1233 if (i == 0) {
1234 printk(KERN_WARNING "CIFS: Could not parse"
1235 " srcaddr: %s\n",
1236 value);
1237 goto cifs_parse_mount_err;
1238 }
1239 } else if (strnicmp(data, "prefixpath", 10) == 0) {
1240 if (!value || !*value) {
1241 printk(KERN_WARNING
1242 "CIFS: invalid path prefix\n");
1243 goto cifs_parse_mount_err;
1244 }
1245 if ((temp_len = strnlen(value, 1024)) < 1024) {
1246 if (value[0] != '/')
1247 temp_len++; /* missing leading slash */
1248 vol->prepath = kmalloc(temp_len+1, GFP_KERNEL);
1249 if (vol->prepath == NULL)
1250 goto cifs_parse_mount_err;
1251 if (value[0] != '/') {
1252 vol->prepath[0] = '/';
1253 strcpy(vol->prepath+1, value);
1254 } else
1255 strcpy(vol->prepath, value);
1256 cFYI(1, "prefix path %s", vol->prepath);
1257 } else {
1258 printk(KERN_WARNING "CIFS: prefix too long\n");
1259 goto cifs_parse_mount_err;
1260 }
1261 } else if (strnicmp(data, "iocharset", 9) == 0) {
1262 if (!value || !*value) {
1263 printk(KERN_WARNING "CIFS: invalid iocharset "
1264 "specified\n");
1265 goto cifs_parse_mount_err;
1266 }
1267 if (strnlen(value, 65) < 65) {
1268 if (strnicmp(value, "default", 7)) {
1269 vol->iocharset = kstrdup(value,
1270 GFP_KERNEL);
1271
1272 if (!vol->iocharset) {
1273 printk(KERN_WARNING "CIFS: no "
1274 "memory for"
1275 "charset\n");
1276 goto cifs_parse_mount_err;
1277 }
1278 }
1279 /* if iocharset not set then load_nls_default
1280 is used by caller */
1281 cFYI(1, "iocharset set to %s", value);
1282 } else {
1283 printk(KERN_WARNING "CIFS: iocharset name "
1284 "too long.\n");
1285 goto cifs_parse_mount_err;
1286 }
1287 } else if (!strnicmp(data, "uid", 3) && value && *value) {
1288 vol->linux_uid = simple_strtoul(value, &value, 0);
1289 uid_specified = true;
1290 } else if (!strnicmp(data, "cruid", 5) && value && *value) {
1291 vol->cred_uid = simple_strtoul(value, &value, 0);
1292 } else if (!strnicmp(data, "forceuid", 8)) {
1293 override_uid = 1;
1294 } else if (!strnicmp(data, "noforceuid", 10)) {
1295 override_uid = 0;
1296 } else if (!strnicmp(data, "gid", 3) && value && *value) {
1297 vol->linux_gid = simple_strtoul(value, &value, 0);
1298 gid_specified = true;
1299 } else if (!strnicmp(data, "forcegid", 8)) {
1300 override_gid = 1;
1301 } else if (!strnicmp(data, "noforcegid", 10)) {
1302 override_gid = 0;
1303 } else if (strnicmp(data, "file_mode", 4) == 0) {
1304 if (value && *value) {
1305 vol->file_mode =
1306 simple_strtoul(value, &value, 0);
1307 }
1308 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1309 if (value && *value) {
1310 vol->dir_mode =
1311 simple_strtoul(value, &value, 0);
1312 }
1313 } else if (strnicmp(data, "dirmode", 4) == 0) {
1314 if (value && *value) {
1315 vol->dir_mode =
1316 simple_strtoul(value, &value, 0);
1317 }
1318 } else if (strnicmp(data, "port", 4) == 0) {
1319 if (value && *value) {
1320 vol->port =
1321 simple_strtoul(value, &value, 0);
1322 }
1323 } else if (strnicmp(data, "rsize", 5) == 0) {
1324 if (value && *value) {
1325 vol->rsize =
1326 simple_strtoul(value, &value, 0);
1327 }
1328 } else if (strnicmp(data, "wsize", 5) == 0) {
1329 if (value && *value) {
1330 vol->wsize =
1331 simple_strtoul(value, &value, 0);
1332 }
1333 } else if (strnicmp(data, "sockopt", 5) == 0) {
1334 if (!value || !*value) {
1335 cERROR(1, "no socket option specified");
1336 continue;
1337 } else if (strnicmp(value, "TCP_NODELAY", 11) == 0) {
1338 vol->sockopt_tcp_nodelay = 1;
1339 }
1340 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1341 if (!value || !*value || (*value == ' ')) {
1342 cFYI(1, "invalid (empty) netbiosname");
1343 } else {
1344 memset(vol->source_rfc1001_name, 0x20,
1345 RFC1001_NAME_LEN);
1346 /*
1347 * FIXME: are there cases in which a comma can
1348 * be valid in workstation netbios name (and
1349 * need special handling)?
1350 */
1351 for (i = 0; i < RFC1001_NAME_LEN; i++) {
1352 /* don't ucase netbiosname for user */
1353 if (value[i] == 0)
1354 break;
1355 vol->source_rfc1001_name[i] = value[i];
1356 }
1357 /* The string has 16th byte zero still from
1358 set at top of the function */
1359 if (i == RFC1001_NAME_LEN && value[i] != 0)
1360 printk(KERN_WARNING "CIFS: netbiosname"
1361 " longer than 15 truncated.\n");
1362 }
1363 } else if (strnicmp(data, "servern", 7) == 0) {
1364 /* servernetbiosname specified override *SMBSERVER */
1365 if (!value || !*value || (*value == ' ')) {
1366 cFYI(1, "empty server netbiosname specified");
1367 } else {
1368 /* last byte, type, is 0x20 for servr type */
1369 memset(vol->target_rfc1001_name, 0x20,
1370 RFC1001_NAME_LEN_WITH_NULL);
1371
1372 for (i = 0; i < 15; i++) {
1373 /* BB are there cases in which a comma can be
1374 valid in this workstation netbios name
1375 (and need special handling)? */
1376
1377 /* user or mount helper must uppercase
1378 the netbiosname */
1379 if (value[i] == 0)
1380 break;
1381 else
1382 vol->target_rfc1001_name[i] =
1383 value[i];
1384 }
1385 /* The string has 16th byte zero still from
1386 set at top of the function */
1387 if (i == RFC1001_NAME_LEN && value[i] != 0)
1388 printk(KERN_WARNING "CIFS: server net"
1389 "biosname longer than 15 truncated.\n");
1390 }
1391 } else if (strnicmp(data, "actimeo", 7) == 0) {
1392 if (value && *value) {
1393 vol->actimeo = HZ * simple_strtoul(value,
1394 &value, 0);
1395 if (vol->actimeo > CIFS_MAX_ACTIMEO) {
1396 cERROR(1, "CIFS: attribute cache"
1397 "timeout too large");
1398 goto cifs_parse_mount_err;
1399 }
1400 }
1401 } else if (strnicmp(data, "credentials", 4) == 0) {
1402 /* ignore */
1403 } else if (strnicmp(data, "version", 3) == 0) {
1404 /* ignore */
1405 } else if (strnicmp(data, "guest", 5) == 0) {
1406 /* ignore */
1407 } else if (strnicmp(data, "rw", 2) == 0 && strlen(data) == 2) {
1408 /* ignore */
1409 } else if (strnicmp(data, "ro", 2) == 0) {
1410 /* ignore */
1411 } else if (strnicmp(data, "noblocksend", 11) == 0) {
1412 vol->noblocksnd = 1;
1413 } else if (strnicmp(data, "noautotune", 10) == 0) {
1414 vol->noautotune = 1;
1415 } else if ((strnicmp(data, "suid", 4) == 0) ||
1416 (strnicmp(data, "nosuid", 6) == 0) ||
1417 (strnicmp(data, "exec", 4) == 0) ||
1418 (strnicmp(data, "noexec", 6) == 0) ||
1419 (strnicmp(data, "nodev", 5) == 0) ||
1420 (strnicmp(data, "noauto", 6) == 0) ||
1421 (strnicmp(data, "dev", 3) == 0)) {
1422 /* The mount tool or mount.cifs helper (if present)
1423 uses these opts to set flags, and the flags are read
1424 by the kernel vfs layer before we get here (ie
1425 before read super) so there is no point trying to
1426 parse these options again and set anything and it
1427 is ok to just ignore them */
1428 continue;
1429 } else if (strnicmp(data, "hard", 4) == 0) {
1430 vol->retry = 1;
1431 } else if (strnicmp(data, "soft", 4) == 0) {
1432 vol->retry = 0;
1433 } else if (strnicmp(data, "perm", 4) == 0) {
1434 vol->noperm = 0;
1435 } else if (strnicmp(data, "noperm", 6) == 0) {
1436 vol->noperm = 1;
1437 } else if (strnicmp(data, "mapchars", 8) == 0) {
1438 vol->remap = 1;
1439 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1440 vol->remap = 0;
1441 } else if (strnicmp(data, "sfu", 3) == 0) {
1442 vol->sfu_emul = 1;
1443 } else if (strnicmp(data, "nosfu", 5) == 0) {
1444 vol->sfu_emul = 0;
1445 } else if (strnicmp(data, "nodfs", 5) == 0) {
1446 vol->nodfs = 1;
1447 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1448 vol->posix_paths = 1;
1449 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1450 vol->posix_paths = 0;
1451 } else if (strnicmp(data, "nounix", 6) == 0) {
1452 vol->no_linux_ext = 1;
1453 } else if (strnicmp(data, "nolinux", 7) == 0) {
1454 vol->no_linux_ext = 1;
1455 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1456 (strnicmp(data, "ignorecase", 10) == 0)) {
1457 vol->nocase = 1;
1458 } else if (strnicmp(data, "mand", 4) == 0) {
1459 /* ignore */
1460 } else if (strnicmp(data, "nomand", 6) == 0) {
1461 /* ignore */
1462 } else if (strnicmp(data, "_netdev", 7) == 0) {
1463 /* ignore */
1464 } else if (strnicmp(data, "brl", 3) == 0) {
1465 vol->nobrl = 0;
1466 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1467 (strnicmp(data, "nolock", 6) == 0)) {
1468 vol->nobrl = 1;
1469 /* turn off mandatory locking in mode
1470 if remote locking is turned off since the
1471 local vfs will do advisory */
1472 if (vol->file_mode ==
1473 (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1474 vol->file_mode = S_IALLUGO;
1475 } else if (strnicmp(data, "forcemandatorylock", 9) == 0) {
1476 /* will take the shorter form "forcemand" as well */
1477 /* This mount option will force use of mandatory
1478 (DOS/Windows style) byte range locks, instead of
1479 using posix advisory byte range locks, even if the
1480 Unix extensions are available and posix locks would
1481 be supported otherwise. If Unix extensions are not
1482 negotiated this has no effect since mandatory locks
1483 would be used (mandatory locks is all that those
1484 those servers support) */
1485 vol->mand_lock = 1;
1486 } else if (strnicmp(data, "setuids", 7) == 0) {
1487 vol->setuids = 1;
1488 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1489 vol->setuids = 0;
1490 } else if (strnicmp(data, "dynperm", 7) == 0) {
1491 vol->dynperm = true;
1492 } else if (strnicmp(data, "nodynperm", 9) == 0) {
1493 vol->dynperm = false;
1494 } else if (strnicmp(data, "nohard", 6) == 0) {
1495 vol->retry = 0;
1496 } else if (strnicmp(data, "nosoft", 6) == 0) {
1497 vol->retry = 1;
1498 } else if (strnicmp(data, "nointr", 6) == 0) {
1499 vol->intr = 0;
1500 } else if (strnicmp(data, "intr", 4) == 0) {
1501 vol->intr = 1;
1502 } else if (strnicmp(data, "nostrictsync", 12) == 0) {
1503 vol->nostrictsync = 1;
1504 } else if (strnicmp(data, "strictsync", 10) == 0) {
1505 vol->nostrictsync = 0;
1506 } else if (strnicmp(data, "serverino", 7) == 0) {
1507 vol->server_ino = 1;
1508 } else if (strnicmp(data, "noserverino", 9) == 0) {
1509 vol->server_ino = 0;
1510 } else if (strnicmp(data, "rwpidforward", 12) == 0) {
1511 vol->rwpidforward = 1;
1512 } else if (strnicmp(data, "cifsacl", 7) == 0) {
1513 vol->cifs_acl = 1;
1514 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1515 vol->cifs_acl = 0;
1516 } else if (strnicmp(data, "acl", 3) == 0) {
1517 vol->no_psx_acl = 0;
1518 } else if (strnicmp(data, "noacl", 5) == 0) {
1519 vol->no_psx_acl = 1;
1520 } else if (strnicmp(data, "locallease", 6) == 0) {
1521 vol->local_lease = 1;
1522 } else if (strnicmp(data, "sign", 4) == 0) {
1523 vol->secFlg |= CIFSSEC_MUST_SIGN;
1524 } else if (strnicmp(data, "seal", 4) == 0) {
1525 /* we do not do the following in secFlags because seal
1526 is a per tree connection (mount) not a per socket
1527 or per-smb connection option in the protocol */
1528 /* vol->secFlg |= CIFSSEC_MUST_SEAL; */
1529 vol->seal = 1;
1530 } else if (strnicmp(data, "direct", 6) == 0) {
1531 vol->direct_io = 1;
1532 } else if (strnicmp(data, "forcedirectio", 13) == 0) {
1533 vol->direct_io = 1;
1534 } else if (strnicmp(data, "strictcache", 11) == 0) {
1535 vol->strict_io = 1;
1536 } else if (strnicmp(data, "noac", 4) == 0) {
1537 printk(KERN_WARNING "CIFS: Mount option noac not "
1538 "supported. Instead set "
1539 "/proc/fs/cifs/LookupCacheEnabled to 0\n");
1540 } else if (strnicmp(data, "fsc", 3) == 0) {
1541 #ifndef CONFIG_CIFS_FSCACHE
1542 cERROR(1, "FS-Cache support needs CONFIG_CIFS_FSCACHE "
1543 "kernel config option set");
1544 goto cifs_parse_mount_err;
1545 #endif
1546 vol->fsc = true;
1547 } else if (strnicmp(data, "mfsymlinks", 10) == 0) {
1548 vol->mfsymlinks = true;
1549 } else if (strnicmp(data, "multiuser", 8) == 0) {
1550 vol->multiuser = true;
1551 } else if (!strnicmp(data, "backupuid", 9) && value && *value) {
1552 err = kstrtouint(value, 0, &vol->backupuid);
1553 if (err < 0) {
1554 cERROR(1, "%s: Invalid backupuid value",
1555 __func__);
1556 goto cifs_parse_mount_err;
1557 }
1558 vol->backupuid_specified = true;
1559 } else if (!strnicmp(data, "backupgid", 9) && value && *value) {
1560 err = kstrtouint(value, 0, &vol->backupgid);
1561 if (err < 0) {
1562 cERROR(1, "%s: Invalid backupgid value",
1563 __func__);
1564 goto cifs_parse_mount_err;
1565 }
1566 vol->backupgid_specified = true;
1567 } else
1568 printk(KERN_WARNING "CIFS: Unknown mount option %s\n",
1569 data);
1570 }
1571 if (vol->UNC == NULL) {
1572 if (devname == NULL) {
1573 printk(KERN_WARNING "CIFS: Missing UNC name for mount "
1574 "target\n");
1575 goto cifs_parse_mount_err;
1576 }
1577 if ((temp_len = strnlen(devname, 300)) < 300) {
1578 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1579 if (vol->UNC == NULL)
1580 goto cifs_parse_mount_err;
1581 strcpy(vol->UNC, devname);
1582 if (strncmp(vol->UNC, "//", 2) == 0) {
1583 vol->UNC[0] = '\\';
1584 vol->UNC[1] = '\\';
1585 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1586 printk(KERN_WARNING "CIFS: UNC Path does not "
1587 "begin with // or \\\\ \n");
1588 goto cifs_parse_mount_err;
1589 }
1590 value = strpbrk(vol->UNC+2, "/\\");
1591 if (value)
1592 *value = '\\';
1593 } else {
1594 printk(KERN_WARNING "CIFS: UNC name too long\n");
1595 goto cifs_parse_mount_err;
1596 }
1597 }
1598
1599 #ifndef CONFIG_KEYS
1600 /* Muliuser mounts require CONFIG_KEYS support */
1601 if (vol->multiuser) {
1602 cERROR(1, "Multiuser mounts require kernels with "
1603 "CONFIG_KEYS enabled.");
1604 goto cifs_parse_mount_err;
1605 }
1606 #endif
1607
1608 if (vol->UNCip == NULL)
1609 vol->UNCip = &vol->UNC[2];
1610
1611 if (uid_specified)
1612 vol->override_uid = override_uid;
1613 else if (override_uid == 1)
1614 printk(KERN_NOTICE "CIFS: ignoring forceuid mount option "
1615 "specified with no uid= option.\n");
1616
1617 if (gid_specified)
1618 vol->override_gid = override_gid;
1619 else if (override_gid == 1)
1620 printk(KERN_NOTICE "CIFS: ignoring forcegid mount option "
1621 "specified with no gid= option.\n");
1622
1623 kfree(mountdata_copy);
1624 return 0;
1625
1626 cifs_parse_mount_err:
1627 kfree(mountdata_copy);
1628 return 1;
1629 }
1630
1631 /** Returns true if srcaddr isn't specified and rhs isn't
1632 * specified, or if srcaddr is specified and
1633 * matches the IP address of the rhs argument.
1634 */
1635 static bool
srcip_matches(struct sockaddr * srcaddr,struct sockaddr * rhs)1636 srcip_matches(struct sockaddr *srcaddr, struct sockaddr *rhs)
1637 {
1638 switch (srcaddr->sa_family) {
1639 case AF_UNSPEC:
1640 return (rhs->sa_family == AF_UNSPEC);
1641 case AF_INET: {
1642 struct sockaddr_in *saddr4 = (struct sockaddr_in *)srcaddr;
1643 struct sockaddr_in *vaddr4 = (struct sockaddr_in *)rhs;
1644 return (saddr4->sin_addr.s_addr == vaddr4->sin_addr.s_addr);
1645 }
1646 case AF_INET6: {
1647 struct sockaddr_in6 *saddr6 = (struct sockaddr_in6 *)srcaddr;
1648 struct sockaddr_in6 *vaddr6 = (struct sockaddr_in6 *)&rhs;
1649 return ipv6_addr_equal(&saddr6->sin6_addr, &vaddr6->sin6_addr);
1650 }
1651 default:
1652 WARN_ON(1);
1653 return false; /* don't expect to be here */
1654 }
1655 }
1656
1657 /*
1658 * If no port is specified in addr structure, we try to match with 445 port
1659 * and if it fails - with 139 ports. It should be called only if address
1660 * families of server and addr are equal.
1661 */
1662 static bool
match_port(struct TCP_Server_Info * server,struct sockaddr * addr)1663 match_port(struct TCP_Server_Info *server, struct sockaddr *addr)
1664 {
1665 __be16 port, *sport;
1666
1667 switch (addr->sa_family) {
1668 case AF_INET:
1669 sport = &((struct sockaddr_in *) &server->dstaddr)->sin_port;
1670 port = ((struct sockaddr_in *) addr)->sin_port;
1671 break;
1672 case AF_INET6:
1673 sport = &((struct sockaddr_in6 *) &server->dstaddr)->sin6_port;
1674 port = ((struct sockaddr_in6 *) addr)->sin6_port;
1675 break;
1676 default:
1677 WARN_ON(1);
1678 return false;
1679 }
1680
1681 if (!port) {
1682 port = htons(CIFS_PORT);
1683 if (port == *sport)
1684 return true;
1685
1686 port = htons(RFC1001_PORT);
1687 }
1688
1689 return port == *sport;
1690 }
1691
1692 static bool
match_address(struct TCP_Server_Info * server,struct sockaddr * addr,struct sockaddr * srcaddr)1693 match_address(struct TCP_Server_Info *server, struct sockaddr *addr,
1694 struct sockaddr *srcaddr)
1695 {
1696 switch (addr->sa_family) {
1697 case AF_INET: {
1698 struct sockaddr_in *addr4 = (struct sockaddr_in *)addr;
1699 struct sockaddr_in *srv_addr4 =
1700 (struct sockaddr_in *)&server->dstaddr;
1701
1702 if (addr4->sin_addr.s_addr != srv_addr4->sin_addr.s_addr)
1703 return false;
1704 break;
1705 }
1706 case AF_INET6: {
1707 struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)addr;
1708 struct sockaddr_in6 *srv_addr6 =
1709 (struct sockaddr_in6 *)&server->dstaddr;
1710
1711 if (!ipv6_addr_equal(&addr6->sin6_addr,
1712 &srv_addr6->sin6_addr))
1713 return false;
1714 if (addr6->sin6_scope_id != srv_addr6->sin6_scope_id)
1715 return false;
1716 break;
1717 }
1718 default:
1719 WARN_ON(1);
1720 return false; /* don't expect to be here */
1721 }
1722
1723 if (!srcip_matches(srcaddr, (struct sockaddr *)&server->srcaddr))
1724 return false;
1725
1726 return true;
1727 }
1728
1729 static bool
match_security(struct TCP_Server_Info * server,struct smb_vol * vol)1730 match_security(struct TCP_Server_Info *server, struct smb_vol *vol)
1731 {
1732 unsigned int secFlags;
1733
1734 if (vol->secFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL)))
1735 secFlags = vol->secFlg;
1736 else
1737 secFlags = global_secflags | vol->secFlg;
1738
1739 switch (server->secType) {
1740 case LANMAN:
1741 if (!(secFlags & (CIFSSEC_MAY_LANMAN|CIFSSEC_MAY_PLNTXT)))
1742 return false;
1743 break;
1744 case NTLMv2:
1745 if (!(secFlags & CIFSSEC_MAY_NTLMV2))
1746 return false;
1747 break;
1748 case NTLM:
1749 if (!(secFlags & CIFSSEC_MAY_NTLM))
1750 return false;
1751 break;
1752 case Kerberos:
1753 if (!(secFlags & CIFSSEC_MAY_KRB5))
1754 return false;
1755 break;
1756 case RawNTLMSSP:
1757 if (!(secFlags & CIFSSEC_MAY_NTLMSSP))
1758 return false;
1759 break;
1760 default:
1761 /* shouldn't happen */
1762 return false;
1763 }
1764
1765 /* now check if signing mode is acceptable */
1766 if ((secFlags & CIFSSEC_MAY_SIGN) == 0 &&
1767 (server->sec_mode & SECMODE_SIGN_REQUIRED))
1768 return false;
1769 else if (((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) &&
1770 (server->sec_mode &
1771 (SECMODE_SIGN_ENABLED|SECMODE_SIGN_REQUIRED)) == 0)
1772 return false;
1773
1774 return true;
1775 }
1776
match_server(struct TCP_Server_Info * server,struct sockaddr * addr,struct smb_vol * vol)1777 static int match_server(struct TCP_Server_Info *server, struct sockaddr *addr,
1778 struct smb_vol *vol)
1779 {
1780 if (!net_eq(cifs_net_ns(server), current->nsproxy->net_ns))
1781 return 0;
1782
1783 if (!match_address(server, addr,
1784 (struct sockaddr *)&vol->srcaddr))
1785 return 0;
1786
1787 if (!match_port(server, addr))
1788 return 0;
1789
1790 if (!match_security(server, vol))
1791 return 0;
1792
1793 return 1;
1794 }
1795
1796 static struct TCP_Server_Info *
cifs_find_tcp_session(struct sockaddr * addr,struct smb_vol * vol)1797 cifs_find_tcp_session(struct sockaddr *addr, struct smb_vol *vol)
1798 {
1799 struct TCP_Server_Info *server;
1800
1801 spin_lock(&cifs_tcp_ses_lock);
1802 list_for_each_entry(server, &cifs_tcp_ses_list, tcp_ses_list) {
1803 if (!match_server(server, addr, vol))
1804 continue;
1805
1806 ++server->srv_count;
1807 spin_unlock(&cifs_tcp_ses_lock);
1808 cFYI(1, "Existing tcp session with server found");
1809 return server;
1810 }
1811 spin_unlock(&cifs_tcp_ses_lock);
1812 return NULL;
1813 }
1814
1815 static void
cifs_put_tcp_session(struct TCP_Server_Info * server)1816 cifs_put_tcp_session(struct TCP_Server_Info *server)
1817 {
1818 struct task_struct *task;
1819
1820 spin_lock(&cifs_tcp_ses_lock);
1821 if (--server->srv_count > 0) {
1822 spin_unlock(&cifs_tcp_ses_lock);
1823 return;
1824 }
1825
1826 put_net(cifs_net_ns(server));
1827
1828 list_del_init(&server->tcp_ses_list);
1829 spin_unlock(&cifs_tcp_ses_lock);
1830
1831 cancel_delayed_work_sync(&server->echo);
1832
1833 spin_lock(&GlobalMid_Lock);
1834 server->tcpStatus = CifsExiting;
1835 spin_unlock(&GlobalMid_Lock);
1836
1837 cifs_crypto_shash_release(server);
1838 cifs_fscache_release_client_cookie(server);
1839
1840 kfree(server->session_key.response);
1841 server->session_key.response = NULL;
1842 server->session_key.len = 0;
1843
1844 task = xchg(&server->tsk, NULL);
1845 if (task)
1846 force_sig(SIGKILL, task);
1847 }
1848
1849 static struct TCP_Server_Info *
cifs_get_tcp_session(struct smb_vol * volume_info)1850 cifs_get_tcp_session(struct smb_vol *volume_info)
1851 {
1852 struct TCP_Server_Info *tcp_ses = NULL;
1853 struct sockaddr_storage addr;
1854 struct sockaddr_in *sin_server = (struct sockaddr_in *) &addr;
1855 struct sockaddr_in6 *sin_server6 = (struct sockaddr_in6 *) &addr;
1856 int rc;
1857
1858 memset(&addr, 0, sizeof(struct sockaddr_storage));
1859
1860 cFYI(1, "UNC: %s ip: %s", volume_info->UNC, volume_info->UNCip);
1861
1862 if (volume_info->UNCip && volume_info->UNC) {
1863 rc = cifs_fill_sockaddr((struct sockaddr *)&addr,
1864 volume_info->UNCip,
1865 strlen(volume_info->UNCip),
1866 volume_info->port);
1867 if (!rc) {
1868 /* we failed translating address */
1869 rc = -EINVAL;
1870 goto out_err;
1871 }
1872 } else if (volume_info->UNCip) {
1873 /* BB using ip addr as tcp_ses name to connect to the
1874 DFS root below */
1875 cERROR(1, "Connecting to DFS root not implemented yet");
1876 rc = -EINVAL;
1877 goto out_err;
1878 } else /* which tcp_sess DFS root would we conect to */ {
1879 cERROR(1, "CIFS mount error: No UNC path (e.g. -o "
1880 "unc=//192.168.1.100/public) specified");
1881 rc = -EINVAL;
1882 goto out_err;
1883 }
1884
1885 /* see if we already have a matching tcp_ses */
1886 tcp_ses = cifs_find_tcp_session((struct sockaddr *)&addr, volume_info);
1887 if (tcp_ses)
1888 return tcp_ses;
1889
1890 tcp_ses = kzalloc(sizeof(struct TCP_Server_Info), GFP_KERNEL);
1891 if (!tcp_ses) {
1892 rc = -ENOMEM;
1893 goto out_err;
1894 }
1895
1896 rc = cifs_crypto_shash_allocate(tcp_ses);
1897 if (rc) {
1898 cERROR(1, "could not setup hash structures rc %d", rc);
1899 goto out_err;
1900 }
1901
1902 cifs_set_net_ns(tcp_ses, get_net(current->nsproxy->net_ns));
1903 tcp_ses->hostname = extract_hostname(volume_info->UNC);
1904 if (IS_ERR(tcp_ses->hostname)) {
1905 rc = PTR_ERR(tcp_ses->hostname);
1906 goto out_err_crypto_release;
1907 }
1908
1909 tcp_ses->noblocksnd = volume_info->noblocksnd;
1910 tcp_ses->noautotune = volume_info->noautotune;
1911 tcp_ses->tcp_nodelay = volume_info->sockopt_tcp_nodelay;
1912 atomic_set(&tcp_ses->inFlight, 0);
1913 init_waitqueue_head(&tcp_ses->response_q);
1914 init_waitqueue_head(&tcp_ses->request_q);
1915 INIT_LIST_HEAD(&tcp_ses->pending_mid_q);
1916 mutex_init(&tcp_ses->srv_mutex);
1917 memcpy(tcp_ses->workstation_RFC1001_name,
1918 volume_info->source_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1919 memcpy(tcp_ses->server_RFC1001_name,
1920 volume_info->target_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1921 tcp_ses->session_estab = false;
1922 tcp_ses->sequence_number = 0;
1923 tcp_ses->lstrp = jiffies;
1924 INIT_LIST_HEAD(&tcp_ses->tcp_ses_list);
1925 INIT_LIST_HEAD(&tcp_ses->smb_ses_list);
1926 INIT_DELAYED_WORK(&tcp_ses->echo, cifs_echo_request);
1927
1928 /*
1929 * at this point we are the only ones with the pointer
1930 * to the struct since the kernel thread not created yet
1931 * no need to spinlock this init of tcpStatus or srv_count
1932 */
1933 tcp_ses->tcpStatus = CifsNew;
1934 memcpy(&tcp_ses->srcaddr, &volume_info->srcaddr,
1935 sizeof(tcp_ses->srcaddr));
1936 ++tcp_ses->srv_count;
1937
1938 if (addr.ss_family == AF_INET6) {
1939 cFYI(1, "attempting ipv6 connect");
1940 /* BB should we allow ipv6 on port 139? */
1941 /* other OS never observed in Wild doing 139 with v6 */
1942 memcpy(&tcp_ses->dstaddr, sin_server6,
1943 sizeof(struct sockaddr_in6));
1944 } else
1945 memcpy(&tcp_ses->dstaddr, sin_server,
1946 sizeof(struct sockaddr_in));
1947
1948 rc = ip_connect(tcp_ses);
1949 if (rc < 0) {
1950 cERROR(1, "Error connecting to socket. Aborting operation");
1951 goto out_err_crypto_release;
1952 }
1953
1954 /*
1955 * since we're in a cifs function already, we know that
1956 * this will succeed. No need for try_module_get().
1957 */
1958 __module_get(THIS_MODULE);
1959 tcp_ses->tsk = kthread_run(cifs_demultiplex_thread,
1960 tcp_ses, "cifsd");
1961 if (IS_ERR(tcp_ses->tsk)) {
1962 rc = PTR_ERR(tcp_ses->tsk);
1963 cERROR(1, "error %d create cifsd thread", rc);
1964 module_put(THIS_MODULE);
1965 goto out_err_crypto_release;
1966 }
1967 tcp_ses->tcpStatus = CifsNeedNegotiate;
1968
1969 /* thread spawned, put it on the list */
1970 spin_lock(&cifs_tcp_ses_lock);
1971 list_add(&tcp_ses->tcp_ses_list, &cifs_tcp_ses_list);
1972 spin_unlock(&cifs_tcp_ses_lock);
1973
1974 cifs_fscache_get_client_cookie(tcp_ses);
1975
1976 /* queue echo request delayed work */
1977 queue_delayed_work(system_nrt_wq, &tcp_ses->echo, SMB_ECHO_INTERVAL);
1978
1979 return tcp_ses;
1980
1981 out_err_crypto_release:
1982 cifs_crypto_shash_release(tcp_ses);
1983
1984 put_net(cifs_net_ns(tcp_ses));
1985
1986 out_err:
1987 if (tcp_ses) {
1988 if (!IS_ERR(tcp_ses->hostname))
1989 kfree(tcp_ses->hostname);
1990 if (tcp_ses->ssocket)
1991 sock_release(tcp_ses->ssocket);
1992 kfree(tcp_ses);
1993 }
1994 return ERR_PTR(rc);
1995 }
1996
match_session(struct cifs_ses * ses,struct smb_vol * vol)1997 static int match_session(struct cifs_ses *ses, struct smb_vol *vol)
1998 {
1999 switch (ses->server->secType) {
2000 case Kerberos:
2001 if (vol->cred_uid != ses->cred_uid)
2002 return 0;
2003 break;
2004 default:
2005 /* NULL username means anonymous session */
2006 if (ses->user_name == NULL) {
2007 if (!vol->nullauth)
2008 return 0;
2009 break;
2010 }
2011
2012 /* anything else takes username/password */
2013 if (strncmp(ses->user_name,
2014 vol->username ? vol->username : "",
2015 MAX_USERNAME_SIZE))
2016 return 0;
2017 if (strlen(vol->username) != 0 &&
2018 ses->password != NULL &&
2019 strncmp(ses->password,
2020 vol->password ? vol->password : "",
2021 MAX_PASSWORD_SIZE))
2022 return 0;
2023 }
2024 return 1;
2025 }
2026
2027 static struct cifs_ses *
cifs_find_smb_ses(struct TCP_Server_Info * server,struct smb_vol * vol)2028 cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb_vol *vol)
2029 {
2030 struct cifs_ses *ses;
2031
2032 spin_lock(&cifs_tcp_ses_lock);
2033 list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
2034 if (!match_session(ses, vol))
2035 continue;
2036 ++ses->ses_count;
2037 spin_unlock(&cifs_tcp_ses_lock);
2038 return ses;
2039 }
2040 spin_unlock(&cifs_tcp_ses_lock);
2041 return NULL;
2042 }
2043
2044 static void
cifs_put_smb_ses(struct cifs_ses * ses)2045 cifs_put_smb_ses(struct cifs_ses *ses)
2046 {
2047 int xid;
2048 struct TCP_Server_Info *server = ses->server;
2049
2050 cFYI(1, "%s: ses_count=%d\n", __func__, ses->ses_count);
2051 spin_lock(&cifs_tcp_ses_lock);
2052 if (--ses->ses_count > 0) {
2053 spin_unlock(&cifs_tcp_ses_lock);
2054 return;
2055 }
2056
2057 list_del_init(&ses->smb_ses_list);
2058 spin_unlock(&cifs_tcp_ses_lock);
2059
2060 if (ses->status == CifsGood) {
2061 xid = GetXid();
2062 CIFSSMBLogoff(xid, ses);
2063 _FreeXid(xid);
2064 }
2065 sesInfoFree(ses);
2066 cifs_put_tcp_session(server);
2067 }
2068
2069 #ifdef CONFIG_KEYS
2070
2071 /* strlen("cifs:a:") + INET6_ADDRSTRLEN + 1 */
2072 #define CIFSCREDS_DESC_SIZE (7 + INET6_ADDRSTRLEN + 1)
2073
2074 /* Populate username and pw fields from keyring if possible */
2075 static int
cifs_set_cifscreds(struct smb_vol * vol,struct cifs_ses * ses)2076 cifs_set_cifscreds(struct smb_vol *vol, struct cifs_ses *ses)
2077 {
2078 int rc = 0;
2079 char *desc, *delim, *payload;
2080 ssize_t len;
2081 struct key *key;
2082 struct TCP_Server_Info *server = ses->server;
2083 struct sockaddr_in *sa;
2084 struct sockaddr_in6 *sa6;
2085 struct user_key_payload *upayload;
2086
2087 desc = kmalloc(CIFSCREDS_DESC_SIZE, GFP_KERNEL);
2088 if (!desc)
2089 return -ENOMEM;
2090
2091 /* try to find an address key first */
2092 switch (server->dstaddr.ss_family) {
2093 case AF_INET:
2094 sa = (struct sockaddr_in *)&server->dstaddr;
2095 sprintf(desc, "cifs:a:%pI4", &sa->sin_addr.s_addr);
2096 break;
2097 case AF_INET6:
2098 sa6 = (struct sockaddr_in6 *)&server->dstaddr;
2099 sprintf(desc, "cifs:a:%pI6c", &sa6->sin6_addr.s6_addr);
2100 break;
2101 default:
2102 cFYI(1, "Bad ss_family (%hu)", server->dstaddr.ss_family);
2103 rc = -EINVAL;
2104 goto out_err;
2105 }
2106
2107 cFYI(1, "%s: desc=%s", __func__, desc);
2108 key = request_key(&key_type_logon, desc, "");
2109 if (IS_ERR(key)) {
2110 if (!ses->domainName) {
2111 cFYI(1, "domainName is NULL");
2112 rc = PTR_ERR(key);
2113 goto out_err;
2114 }
2115
2116 /* didn't work, try to find a domain key */
2117 sprintf(desc, "cifs:d:%s", ses->domainName);
2118 cFYI(1, "%s: desc=%s", __func__, desc);
2119 key = request_key(&key_type_logon, desc, "");
2120 if (IS_ERR(key)) {
2121 rc = PTR_ERR(key);
2122 goto out_err;
2123 }
2124 }
2125
2126 down_read(&key->sem);
2127 upayload = key->payload.data;
2128 if (IS_ERR_OR_NULL(upayload)) {
2129 rc = upayload ? PTR_ERR(upayload) : -EINVAL;
2130 goto out_key_put;
2131 }
2132
2133 /* find first : in payload */
2134 payload = (char *)upayload->data;
2135 delim = strnchr(payload, upayload->datalen, ':');
2136 cFYI(1, "payload=%s", payload);
2137 if (!delim) {
2138 cFYI(1, "Unable to find ':' in payload (datalen=%d)",
2139 upayload->datalen);
2140 rc = -EINVAL;
2141 goto out_key_put;
2142 }
2143
2144 len = delim - payload;
2145 if (len > MAX_USERNAME_SIZE || len <= 0) {
2146 cFYI(1, "Bad value from username search (len=%zd)", len);
2147 rc = -EINVAL;
2148 goto out_key_put;
2149 }
2150
2151 vol->username = kstrndup(payload, len, GFP_KERNEL);
2152 if (!vol->username) {
2153 cFYI(1, "Unable to allocate %zd bytes for username", len);
2154 rc = -ENOMEM;
2155 goto out_key_put;
2156 }
2157 cFYI(1, "%s: username=%s", __func__, vol->username);
2158
2159 len = key->datalen - (len + 1);
2160 if (len > MAX_PASSWORD_SIZE || len <= 0) {
2161 cFYI(1, "Bad len for password search (len=%zd)", len);
2162 rc = -EINVAL;
2163 kfree(vol->username);
2164 vol->username = NULL;
2165 goto out_key_put;
2166 }
2167
2168 ++delim;
2169 vol->password = kstrndup(delim, len, GFP_KERNEL);
2170 if (!vol->password) {
2171 cFYI(1, "Unable to allocate %zd bytes for password", len);
2172 rc = -ENOMEM;
2173 kfree(vol->username);
2174 vol->username = NULL;
2175 goto out_key_put;
2176 }
2177
2178 out_key_put:
2179 up_read(&key->sem);
2180 key_put(key);
2181 out_err:
2182 kfree(desc);
2183 cFYI(1, "%s: returning %d", __func__, rc);
2184 return rc;
2185 }
2186 #else /* ! CONFIG_KEYS */
2187 static inline int
cifs_set_cifscreds(struct smb_vol * vol,struct cifs_ses * ses)2188 cifs_set_cifscreds(struct smb_vol *vol __attribute__((unused)),
2189 struct cifs_ses *ses __attribute__((unused)))
2190 {
2191 return -ENOSYS;
2192 }
2193 #endif /* CONFIG_KEYS */
2194
2195 static bool warned_on_ntlm; /* globals init to false automatically */
2196
2197 static struct cifs_ses *
cifs_get_smb_ses(struct TCP_Server_Info * server,struct smb_vol * volume_info)2198 cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb_vol *volume_info)
2199 {
2200 int rc = -ENOMEM, xid;
2201 struct cifs_ses *ses;
2202 struct sockaddr_in *addr = (struct sockaddr_in *)&server->dstaddr;
2203 struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)&server->dstaddr;
2204
2205 xid = GetXid();
2206
2207 ses = cifs_find_smb_ses(server, volume_info);
2208 if (ses) {
2209 cFYI(1, "Existing smb sess found (status=%d)", ses->status);
2210
2211 mutex_lock(&ses->session_mutex);
2212 rc = cifs_negotiate_protocol(xid, ses);
2213 if (rc) {
2214 mutex_unlock(&ses->session_mutex);
2215 /* problem -- put our ses reference */
2216 cifs_put_smb_ses(ses);
2217 FreeXid(xid);
2218 return ERR_PTR(rc);
2219 }
2220 if (ses->need_reconnect) {
2221 cFYI(1, "Session needs reconnect");
2222 rc = cifs_setup_session(xid, ses,
2223 volume_info->local_nls);
2224 if (rc) {
2225 mutex_unlock(&ses->session_mutex);
2226 /* problem -- put our reference */
2227 cifs_put_smb_ses(ses);
2228 FreeXid(xid);
2229 return ERR_PTR(rc);
2230 }
2231 }
2232 mutex_unlock(&ses->session_mutex);
2233
2234 /* existing SMB ses has a server reference already */
2235 cifs_put_tcp_session(server);
2236 FreeXid(xid);
2237 return ses;
2238 }
2239
2240 cFYI(1, "Existing smb sess not found");
2241 ses = sesInfoAlloc();
2242 if (ses == NULL)
2243 goto get_ses_fail;
2244
2245 /* new SMB session uses our server ref */
2246 ses->server = server;
2247 if (server->dstaddr.ss_family == AF_INET6)
2248 sprintf(ses->serverName, "%pI6", &addr6->sin6_addr);
2249 else
2250 sprintf(ses->serverName, "%pI4", &addr->sin_addr);
2251
2252 if (volume_info->username) {
2253 ses->user_name = kstrdup(volume_info->username, GFP_KERNEL);
2254 if (!ses->user_name)
2255 goto get_ses_fail;
2256 }
2257
2258 /* volume_info->password freed at unmount */
2259 if (volume_info->password) {
2260 ses->password = kstrdup(volume_info->password, GFP_KERNEL);
2261 if (!ses->password)
2262 goto get_ses_fail;
2263 }
2264 if (volume_info->domainname) {
2265 ses->domainName = kstrdup(volume_info->domainname, GFP_KERNEL);
2266 if (!ses->domainName)
2267 goto get_ses_fail;
2268 }
2269 ses->cred_uid = volume_info->cred_uid;
2270 ses->linux_uid = volume_info->linux_uid;
2271
2272 /* ntlmv2 is much stronger than ntlm security, and has been broadly
2273 supported for many years, time to update default security mechanism */
2274 if ((volume_info->secFlg == 0) && warned_on_ntlm == false) {
2275 warned_on_ntlm = true;
2276 cERROR(1, "default security mechanism requested. The default "
2277 "security mechanism will be upgraded from ntlm to "
2278 "ntlmv2 in kernel release 3.3");
2279 }
2280 ses->overrideSecFlg = volume_info->secFlg;
2281
2282 mutex_lock(&ses->session_mutex);
2283 rc = cifs_negotiate_protocol(xid, ses);
2284 if (!rc)
2285 rc = cifs_setup_session(xid, ses, volume_info->local_nls);
2286 mutex_unlock(&ses->session_mutex);
2287 if (rc)
2288 goto get_ses_fail;
2289
2290 /* success, put it on the list */
2291 spin_lock(&cifs_tcp_ses_lock);
2292 list_add(&ses->smb_ses_list, &server->smb_ses_list);
2293 spin_unlock(&cifs_tcp_ses_lock);
2294
2295 FreeXid(xid);
2296 return ses;
2297
2298 get_ses_fail:
2299 sesInfoFree(ses);
2300 FreeXid(xid);
2301 return ERR_PTR(rc);
2302 }
2303
match_tcon(struct cifs_tcon * tcon,const char * unc)2304 static int match_tcon(struct cifs_tcon *tcon, const char *unc)
2305 {
2306 if (tcon->tidStatus == CifsExiting)
2307 return 0;
2308 if (strncmp(tcon->treeName, unc, MAX_TREE_SIZE))
2309 return 0;
2310 return 1;
2311 }
2312
2313 static struct cifs_tcon *
cifs_find_tcon(struct cifs_ses * ses,const char * unc)2314 cifs_find_tcon(struct cifs_ses *ses, const char *unc)
2315 {
2316 struct list_head *tmp;
2317 struct cifs_tcon *tcon;
2318
2319 spin_lock(&cifs_tcp_ses_lock);
2320 list_for_each(tmp, &ses->tcon_list) {
2321 tcon = list_entry(tmp, struct cifs_tcon, tcon_list);
2322 if (!match_tcon(tcon, unc))
2323 continue;
2324 ++tcon->tc_count;
2325 spin_unlock(&cifs_tcp_ses_lock);
2326 return tcon;
2327 }
2328 spin_unlock(&cifs_tcp_ses_lock);
2329 return NULL;
2330 }
2331
2332 static void
cifs_put_tcon(struct cifs_tcon * tcon)2333 cifs_put_tcon(struct cifs_tcon *tcon)
2334 {
2335 int xid;
2336 struct cifs_ses *ses = tcon->ses;
2337
2338 cFYI(1, "%s: tc_count=%d\n", __func__, tcon->tc_count);
2339 spin_lock(&cifs_tcp_ses_lock);
2340 if (--tcon->tc_count > 0) {
2341 spin_unlock(&cifs_tcp_ses_lock);
2342 return;
2343 }
2344
2345 list_del_init(&tcon->tcon_list);
2346 spin_unlock(&cifs_tcp_ses_lock);
2347
2348 xid = GetXid();
2349 CIFSSMBTDis(xid, tcon);
2350 _FreeXid(xid);
2351
2352 cifs_fscache_release_super_cookie(tcon);
2353 tconInfoFree(tcon);
2354 cifs_put_smb_ses(ses);
2355 }
2356
2357 static struct cifs_tcon *
cifs_get_tcon(struct cifs_ses * ses,struct smb_vol * volume_info)2358 cifs_get_tcon(struct cifs_ses *ses, struct smb_vol *volume_info)
2359 {
2360 int rc, xid;
2361 struct cifs_tcon *tcon;
2362
2363 tcon = cifs_find_tcon(ses, volume_info->UNC);
2364 if (tcon) {
2365 cFYI(1, "Found match on UNC path");
2366 /* existing tcon already has a reference */
2367 cifs_put_smb_ses(ses);
2368 if (tcon->seal != volume_info->seal)
2369 cERROR(1, "transport encryption setting "
2370 "conflicts with existing tid");
2371 return tcon;
2372 }
2373
2374 tcon = tconInfoAlloc();
2375 if (tcon == NULL) {
2376 rc = -ENOMEM;
2377 goto out_fail;
2378 }
2379
2380 tcon->ses = ses;
2381 if (volume_info->password) {
2382 tcon->password = kstrdup(volume_info->password, GFP_KERNEL);
2383 if (!tcon->password) {
2384 rc = -ENOMEM;
2385 goto out_fail;
2386 }
2387 }
2388
2389 if (strchr(volume_info->UNC + 3, '\\') == NULL
2390 && strchr(volume_info->UNC + 3, '/') == NULL) {
2391 cERROR(1, "Missing share name");
2392 rc = -ENODEV;
2393 goto out_fail;
2394 }
2395
2396 /* BB Do we need to wrap session_mutex around
2397 * this TCon call and Unix SetFS as
2398 * we do on SessSetup and reconnect? */
2399 xid = GetXid();
2400 rc = CIFSTCon(xid, ses, volume_info->UNC, tcon, volume_info->local_nls);
2401 FreeXid(xid);
2402 cFYI(1, "CIFS Tcon rc = %d", rc);
2403 if (rc)
2404 goto out_fail;
2405
2406 if (volume_info->nodfs) {
2407 tcon->Flags &= ~SMB_SHARE_IS_IN_DFS;
2408 cFYI(1, "DFS disabled (%d)", tcon->Flags);
2409 }
2410 tcon->seal = volume_info->seal;
2411 /* we can have only one retry value for a connection
2412 to a share so for resources mounted more than once
2413 to the same server share the last value passed in
2414 for the retry flag is used */
2415 tcon->retry = volume_info->retry;
2416 tcon->nocase = volume_info->nocase;
2417 tcon->local_lease = volume_info->local_lease;
2418
2419 spin_lock(&cifs_tcp_ses_lock);
2420 list_add(&tcon->tcon_list, &ses->tcon_list);
2421 spin_unlock(&cifs_tcp_ses_lock);
2422
2423 cifs_fscache_get_super_cookie(tcon);
2424
2425 return tcon;
2426
2427 out_fail:
2428 tconInfoFree(tcon);
2429 return ERR_PTR(rc);
2430 }
2431
2432 void
cifs_put_tlink(struct tcon_link * tlink)2433 cifs_put_tlink(struct tcon_link *tlink)
2434 {
2435 if (!tlink || IS_ERR(tlink))
2436 return;
2437
2438 if (!atomic_dec_and_test(&tlink->tl_count) ||
2439 test_bit(TCON_LINK_IN_TREE, &tlink->tl_flags)) {
2440 tlink->tl_time = jiffies;
2441 return;
2442 }
2443
2444 if (!IS_ERR(tlink_tcon(tlink)))
2445 cifs_put_tcon(tlink_tcon(tlink));
2446 kfree(tlink);
2447 return;
2448 }
2449
2450 static inline struct tcon_link *
cifs_sb_master_tlink(struct cifs_sb_info * cifs_sb)2451 cifs_sb_master_tlink(struct cifs_sb_info *cifs_sb)
2452 {
2453 return cifs_sb->master_tlink;
2454 }
2455
2456 static int
compare_mount_options(struct super_block * sb,struct cifs_mnt_data * mnt_data)2457 compare_mount_options(struct super_block *sb, struct cifs_mnt_data *mnt_data)
2458 {
2459 struct cifs_sb_info *old = CIFS_SB(sb);
2460 struct cifs_sb_info *new = mnt_data->cifs_sb;
2461
2462 if ((sb->s_flags & CIFS_MS_MASK) != (mnt_data->flags & CIFS_MS_MASK))
2463 return 0;
2464
2465 if ((old->mnt_cifs_flags & CIFS_MOUNT_MASK) !=
2466 (new->mnt_cifs_flags & CIFS_MOUNT_MASK))
2467 return 0;
2468
2469 /*
2470 * We want to share sb only if we don't specify an r/wsize or
2471 * specified r/wsize is greater than or equal to existing one.
2472 */
2473 if (new->wsize && new->wsize < old->wsize)
2474 return 0;
2475
2476 if (new->rsize && new->rsize < old->rsize)
2477 return 0;
2478
2479 if (old->mnt_uid != new->mnt_uid || old->mnt_gid != new->mnt_gid)
2480 return 0;
2481
2482 if (old->mnt_file_mode != new->mnt_file_mode ||
2483 old->mnt_dir_mode != new->mnt_dir_mode)
2484 return 0;
2485
2486 if (strcmp(old->local_nls->charset, new->local_nls->charset))
2487 return 0;
2488
2489 if (old->actimeo != new->actimeo)
2490 return 0;
2491
2492 return 1;
2493 }
2494
2495 int
cifs_match_super(struct super_block * sb,void * data)2496 cifs_match_super(struct super_block *sb, void *data)
2497 {
2498 struct cifs_mnt_data *mnt_data = (struct cifs_mnt_data *)data;
2499 struct smb_vol *volume_info;
2500 struct cifs_sb_info *cifs_sb;
2501 struct TCP_Server_Info *tcp_srv;
2502 struct cifs_ses *ses;
2503 struct cifs_tcon *tcon;
2504 struct tcon_link *tlink;
2505 struct sockaddr_storage addr;
2506 int rc = 0;
2507
2508 memset(&addr, 0, sizeof(struct sockaddr_storage));
2509
2510 spin_lock(&cifs_tcp_ses_lock);
2511 cifs_sb = CIFS_SB(sb);
2512 tlink = cifs_get_tlink(cifs_sb_master_tlink(cifs_sb));
2513 if (IS_ERR(tlink)) {
2514 spin_unlock(&cifs_tcp_ses_lock);
2515 return rc;
2516 }
2517 tcon = tlink_tcon(tlink);
2518 ses = tcon->ses;
2519 tcp_srv = ses->server;
2520
2521 volume_info = mnt_data->vol;
2522
2523 if (!volume_info->UNCip || !volume_info->UNC)
2524 goto out;
2525
2526 rc = cifs_fill_sockaddr((struct sockaddr *)&addr,
2527 volume_info->UNCip,
2528 strlen(volume_info->UNCip),
2529 volume_info->port);
2530 if (!rc)
2531 goto out;
2532
2533 if (!match_server(tcp_srv, (struct sockaddr *)&addr, volume_info) ||
2534 !match_session(ses, volume_info) ||
2535 !match_tcon(tcon, volume_info->UNC)) {
2536 rc = 0;
2537 goto out;
2538 }
2539
2540 rc = compare_mount_options(sb, mnt_data);
2541 out:
2542 spin_unlock(&cifs_tcp_ses_lock);
2543 cifs_put_tlink(tlink);
2544 return rc;
2545 }
2546
2547 int
get_dfs_path(int xid,struct cifs_ses * pSesInfo,const char * old_path,const struct nls_table * nls_codepage,unsigned int * pnum_referrals,struct dfs_info3_param ** preferrals,int remap)2548 get_dfs_path(int xid, struct cifs_ses *pSesInfo, const char *old_path,
2549 const struct nls_table *nls_codepage, unsigned int *pnum_referrals,
2550 struct dfs_info3_param **preferrals, int remap)
2551 {
2552 char *temp_unc;
2553 int rc = 0;
2554
2555 *pnum_referrals = 0;
2556 *preferrals = NULL;
2557
2558 if (pSesInfo->ipc_tid == 0) {
2559 temp_unc = kmalloc(2 /* for slashes */ +
2560 strnlen(pSesInfo->serverName,
2561 SERVER_NAME_LEN_WITH_NULL * 2)
2562 + 1 + 4 /* slash IPC$ */ + 2,
2563 GFP_KERNEL);
2564 if (temp_unc == NULL)
2565 return -ENOMEM;
2566 temp_unc[0] = '\\';
2567 temp_unc[1] = '\\';
2568 strcpy(temp_unc + 2, pSesInfo->serverName);
2569 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
2570 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
2571 cFYI(1, "CIFS Tcon rc = %d ipc_tid = %d", rc, pSesInfo->ipc_tid);
2572 kfree(temp_unc);
2573 }
2574 if (rc == 0)
2575 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
2576 pnum_referrals, nls_codepage, remap);
2577 /* BB map targetUNCs to dfs_info3 structures, here or
2578 in CIFSGetDFSRefer BB */
2579
2580 return rc;
2581 }
2582
2583 #ifdef CONFIG_DEBUG_LOCK_ALLOC
2584 static struct lock_class_key cifs_key[2];
2585 static struct lock_class_key cifs_slock_key[2];
2586
2587 static inline void
cifs_reclassify_socket4(struct socket * sock)2588 cifs_reclassify_socket4(struct socket *sock)
2589 {
2590 struct sock *sk = sock->sk;
2591 BUG_ON(sock_owned_by_user(sk));
2592 sock_lock_init_class_and_name(sk, "slock-AF_INET-CIFS",
2593 &cifs_slock_key[0], "sk_lock-AF_INET-CIFS", &cifs_key[0]);
2594 }
2595
2596 static inline void
cifs_reclassify_socket6(struct socket * sock)2597 cifs_reclassify_socket6(struct socket *sock)
2598 {
2599 struct sock *sk = sock->sk;
2600 BUG_ON(sock_owned_by_user(sk));
2601 sock_lock_init_class_and_name(sk, "slock-AF_INET6-CIFS",
2602 &cifs_slock_key[1], "sk_lock-AF_INET6-CIFS", &cifs_key[1]);
2603 }
2604 #else
2605 static inline void
cifs_reclassify_socket4(struct socket * sock)2606 cifs_reclassify_socket4(struct socket *sock)
2607 {
2608 }
2609
2610 static inline void
cifs_reclassify_socket6(struct socket * sock)2611 cifs_reclassify_socket6(struct socket *sock)
2612 {
2613 }
2614 #endif
2615
2616 /* See RFC1001 section 14 on representation of Netbios names */
rfc1002mangle(char * target,char * source,unsigned int length)2617 static void rfc1002mangle(char *target, char *source, unsigned int length)
2618 {
2619 unsigned int i, j;
2620
2621 for (i = 0, j = 0; i < (length); i++) {
2622 /* mask a nibble at a time and encode */
2623 target[j] = 'A' + (0x0F & (source[i] >> 4));
2624 target[j+1] = 'A' + (0x0F & source[i]);
2625 j += 2;
2626 }
2627
2628 }
2629
2630 static int
bind_socket(struct TCP_Server_Info * server)2631 bind_socket(struct TCP_Server_Info *server)
2632 {
2633 int rc = 0;
2634 if (server->srcaddr.ss_family != AF_UNSPEC) {
2635 /* Bind to the specified local IP address */
2636 struct socket *socket = server->ssocket;
2637 rc = socket->ops->bind(socket,
2638 (struct sockaddr *) &server->srcaddr,
2639 sizeof(server->srcaddr));
2640 if (rc < 0) {
2641 struct sockaddr_in *saddr4;
2642 struct sockaddr_in6 *saddr6;
2643 saddr4 = (struct sockaddr_in *)&server->srcaddr;
2644 saddr6 = (struct sockaddr_in6 *)&server->srcaddr;
2645 if (saddr6->sin6_family == AF_INET6)
2646 cERROR(1, "cifs: "
2647 "Failed to bind to: %pI6c, error: %d\n",
2648 &saddr6->sin6_addr, rc);
2649 else
2650 cERROR(1, "cifs: "
2651 "Failed to bind to: %pI4, error: %d\n",
2652 &saddr4->sin_addr.s_addr, rc);
2653 }
2654 }
2655 return rc;
2656 }
2657
2658 static int
ip_rfc1001_connect(struct TCP_Server_Info * server)2659 ip_rfc1001_connect(struct TCP_Server_Info *server)
2660 {
2661 int rc = 0;
2662 /*
2663 * some servers require RFC1001 sessinit before sending
2664 * negprot - BB check reconnection in case where second
2665 * sessinit is sent but no second negprot
2666 */
2667 struct rfc1002_session_packet *ses_init_buf;
2668 struct smb_hdr *smb_buf;
2669 ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet),
2670 GFP_KERNEL);
2671 if (ses_init_buf) {
2672 ses_init_buf->trailer.session_req.called_len = 32;
2673
2674 if (server->server_RFC1001_name &&
2675 server->server_RFC1001_name[0] != 0)
2676 rfc1002mangle(ses_init_buf->trailer.
2677 session_req.called_name,
2678 server->server_RFC1001_name,
2679 RFC1001_NAME_LEN_WITH_NULL);
2680 else
2681 rfc1002mangle(ses_init_buf->trailer.
2682 session_req.called_name,
2683 DEFAULT_CIFS_CALLED_NAME,
2684 RFC1001_NAME_LEN_WITH_NULL);
2685
2686 ses_init_buf->trailer.session_req.calling_len = 32;
2687
2688 /*
2689 * calling name ends in null (byte 16) from old smb
2690 * convention.
2691 */
2692 if (server->workstation_RFC1001_name &&
2693 server->workstation_RFC1001_name[0] != 0)
2694 rfc1002mangle(ses_init_buf->trailer.
2695 session_req.calling_name,
2696 server->workstation_RFC1001_name,
2697 RFC1001_NAME_LEN_WITH_NULL);
2698 else
2699 rfc1002mangle(ses_init_buf->trailer.
2700 session_req.calling_name,
2701 "LINUX_CIFS_CLNT",
2702 RFC1001_NAME_LEN_WITH_NULL);
2703
2704 ses_init_buf->trailer.session_req.scope1 = 0;
2705 ses_init_buf->trailer.session_req.scope2 = 0;
2706 smb_buf = (struct smb_hdr *)ses_init_buf;
2707
2708 /* sizeof RFC1002_SESSION_REQUEST with no scope */
2709 smb_buf->smb_buf_length = cpu_to_be32(0x81000044);
2710 rc = smb_send(server, smb_buf, 0x44);
2711 kfree(ses_init_buf);
2712 /*
2713 * RFC1001 layer in at least one server
2714 * requires very short break before negprot
2715 * presumably because not expecting negprot
2716 * to follow so fast. This is a simple
2717 * solution that works without
2718 * complicating the code and causes no
2719 * significant slowing down on mount
2720 * for everyone else
2721 */
2722 usleep_range(1000, 2000);
2723 }
2724 /*
2725 * else the negprot may still work without this
2726 * even though malloc failed
2727 */
2728
2729 return rc;
2730 }
2731
2732 static int
generic_ip_connect(struct TCP_Server_Info * server)2733 generic_ip_connect(struct TCP_Server_Info *server)
2734 {
2735 int rc = 0;
2736 __be16 sport;
2737 int slen, sfamily;
2738 struct socket *socket = server->ssocket;
2739 struct sockaddr *saddr;
2740
2741 saddr = (struct sockaddr *) &server->dstaddr;
2742
2743 if (server->dstaddr.ss_family == AF_INET6) {
2744 sport = ((struct sockaddr_in6 *) saddr)->sin6_port;
2745 slen = sizeof(struct sockaddr_in6);
2746 sfamily = AF_INET6;
2747 } else {
2748 sport = ((struct sockaddr_in *) saddr)->sin_port;
2749 slen = sizeof(struct sockaddr_in);
2750 sfamily = AF_INET;
2751 }
2752
2753 if (socket == NULL) {
2754 rc = __sock_create(cifs_net_ns(server), sfamily, SOCK_STREAM,
2755 IPPROTO_TCP, &socket, 1);
2756 if (rc < 0) {
2757 cERROR(1, "Error %d creating socket", rc);
2758 server->ssocket = NULL;
2759 return rc;
2760 }
2761
2762 /* BB other socket options to set KEEPALIVE, NODELAY? */
2763 cFYI(1, "Socket created");
2764 server->ssocket = socket;
2765 socket->sk->sk_allocation = GFP_NOFS;
2766 if (sfamily == AF_INET6)
2767 cifs_reclassify_socket6(socket);
2768 else
2769 cifs_reclassify_socket4(socket);
2770 }
2771
2772 rc = bind_socket(server);
2773 if (rc < 0)
2774 return rc;
2775
2776 /*
2777 * Eventually check for other socket options to change from
2778 * the default. sock_setsockopt not used because it expects
2779 * user space buffer
2780 */
2781 socket->sk->sk_rcvtimeo = 7 * HZ;
2782 socket->sk->sk_sndtimeo = 5 * HZ;
2783
2784 /* make the bufsizes depend on wsize/rsize and max requests */
2785 if (server->noautotune) {
2786 if (socket->sk->sk_sndbuf < (200 * 1024))
2787 socket->sk->sk_sndbuf = 200 * 1024;
2788 if (socket->sk->sk_rcvbuf < (140 * 1024))
2789 socket->sk->sk_rcvbuf = 140 * 1024;
2790 }
2791
2792 if (server->tcp_nodelay) {
2793 int val = 1;
2794 rc = kernel_setsockopt(socket, SOL_TCP, TCP_NODELAY,
2795 (char *)&val, sizeof(val));
2796 if (rc)
2797 cFYI(1, "set TCP_NODELAY socket option error %d", rc);
2798 }
2799
2800 cFYI(1, "sndbuf %d rcvbuf %d rcvtimeo 0x%lx",
2801 socket->sk->sk_sndbuf,
2802 socket->sk->sk_rcvbuf, socket->sk->sk_rcvtimeo);
2803
2804 rc = socket->ops->connect(socket, saddr, slen, 0);
2805 if (rc < 0) {
2806 cFYI(1, "Error %d connecting to server", rc);
2807 sock_release(socket);
2808 server->ssocket = NULL;
2809 return rc;
2810 }
2811
2812 if (sport == htons(RFC1001_PORT))
2813 rc = ip_rfc1001_connect(server);
2814
2815 return rc;
2816 }
2817
2818 static int
ip_connect(struct TCP_Server_Info * server)2819 ip_connect(struct TCP_Server_Info *server)
2820 {
2821 __be16 *sport;
2822 struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)&server->dstaddr;
2823 struct sockaddr_in *addr = (struct sockaddr_in *)&server->dstaddr;
2824
2825 if (server->dstaddr.ss_family == AF_INET6)
2826 sport = &addr6->sin6_port;
2827 else
2828 sport = &addr->sin_port;
2829
2830 if (*sport == 0) {
2831 int rc;
2832
2833 /* try with 445 port at first */
2834 *sport = htons(CIFS_PORT);
2835
2836 rc = generic_ip_connect(server);
2837 if (rc >= 0)
2838 return rc;
2839
2840 /* if it failed, try with 139 port */
2841 *sport = htons(RFC1001_PORT);
2842 }
2843
2844 return generic_ip_connect(server);
2845 }
2846
reset_cifs_unix_caps(int xid,struct cifs_tcon * tcon,struct cifs_sb_info * cifs_sb,struct smb_vol * vol_info)2847 void reset_cifs_unix_caps(int xid, struct cifs_tcon *tcon,
2848 struct cifs_sb_info *cifs_sb, struct smb_vol *vol_info)
2849 {
2850 /* if we are reconnecting then should we check to see if
2851 * any requested capabilities changed locally e.g. via
2852 * remount but we can not do much about it here
2853 * if they have (even if we could detect it by the following)
2854 * Perhaps we could add a backpointer to array of sb from tcon
2855 * or if we change to make all sb to same share the same
2856 * sb as NFS - then we only have one backpointer to sb.
2857 * What if we wanted to mount the server share twice once with
2858 * and once without posixacls or posix paths? */
2859 __u64 saved_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
2860
2861 if (vol_info && vol_info->no_linux_ext) {
2862 tcon->fsUnixInfo.Capability = 0;
2863 tcon->unix_ext = 0; /* Unix Extensions disabled */
2864 cFYI(1, "Linux protocol extensions disabled");
2865 return;
2866 } else if (vol_info)
2867 tcon->unix_ext = 1; /* Unix Extensions supported */
2868
2869 if (tcon->unix_ext == 0) {
2870 cFYI(1, "Unix extensions disabled so not set on reconnect");
2871 return;
2872 }
2873
2874 if (!CIFSSMBQFSUnixInfo(xid, tcon)) {
2875 __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
2876 cFYI(1, "unix caps which server supports %lld", cap);
2877 /* check for reconnect case in which we do not
2878 want to change the mount behavior if we can avoid it */
2879 if (vol_info == NULL) {
2880 /* turn off POSIX ACL and PATHNAMES if not set
2881 originally at mount time */
2882 if ((saved_cap & CIFS_UNIX_POSIX_ACL_CAP) == 0)
2883 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2884 if ((saved_cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2885 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2886 cERROR(1, "POSIXPATH support change");
2887 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2888 } else if ((cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2889 cERROR(1, "possible reconnect error");
2890 cERROR(1, "server disabled POSIX path support");
2891 }
2892 }
2893
2894 if (cap & CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP)
2895 cERROR(1, "per-share encryption not supported yet");
2896
2897 cap &= CIFS_UNIX_CAP_MASK;
2898 if (vol_info && vol_info->no_psx_acl)
2899 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2900 else if (CIFS_UNIX_POSIX_ACL_CAP & cap) {
2901 cFYI(1, "negotiated posix acl support");
2902 if (cifs_sb)
2903 cifs_sb->mnt_cifs_flags |=
2904 CIFS_MOUNT_POSIXACL;
2905 }
2906
2907 if (vol_info && vol_info->posix_paths == 0)
2908 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2909 else if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
2910 cFYI(1, "negotiate posix pathnames");
2911 if (cifs_sb)
2912 cifs_sb->mnt_cifs_flags |=
2913 CIFS_MOUNT_POSIX_PATHS;
2914 }
2915
2916 cFYI(1, "Negotiate caps 0x%x", (int)cap);
2917 #ifdef CONFIG_CIFS_DEBUG2
2918 if (cap & CIFS_UNIX_FCNTL_CAP)
2919 cFYI(1, "FCNTL cap");
2920 if (cap & CIFS_UNIX_EXTATTR_CAP)
2921 cFYI(1, "EXTATTR cap");
2922 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2923 cFYI(1, "POSIX path cap");
2924 if (cap & CIFS_UNIX_XATTR_CAP)
2925 cFYI(1, "XATTR cap");
2926 if (cap & CIFS_UNIX_POSIX_ACL_CAP)
2927 cFYI(1, "POSIX ACL cap");
2928 if (cap & CIFS_UNIX_LARGE_READ_CAP)
2929 cFYI(1, "very large read cap");
2930 if (cap & CIFS_UNIX_LARGE_WRITE_CAP)
2931 cFYI(1, "very large write cap");
2932 if (cap & CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP)
2933 cFYI(1, "transport encryption cap");
2934 if (cap & CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP)
2935 cFYI(1, "mandatory transport encryption cap");
2936 #endif /* CIFS_DEBUG2 */
2937 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
2938 if (vol_info == NULL) {
2939 cFYI(1, "resetting capabilities failed");
2940 } else
2941 cERROR(1, "Negotiating Unix capabilities "
2942 "with the server failed. Consider "
2943 "mounting with the Unix Extensions\n"
2944 "disabled, if problems are found, "
2945 "by specifying the nounix mount "
2946 "option.");
2947
2948 }
2949 }
2950 }
2951
cifs_setup_cifs_sb(struct smb_vol * pvolume_info,struct cifs_sb_info * cifs_sb)2952 void cifs_setup_cifs_sb(struct smb_vol *pvolume_info,
2953 struct cifs_sb_info *cifs_sb)
2954 {
2955 INIT_DELAYED_WORK(&cifs_sb->prune_tlinks, cifs_prune_tlinks);
2956
2957 spin_lock_init(&cifs_sb->tlink_tree_lock);
2958 cifs_sb->tlink_tree = RB_ROOT;
2959
2960 /*
2961 * Temporarily set r/wsize for matching superblock. If we end up using
2962 * new sb then client will later negotiate it downward if needed.
2963 */
2964 cifs_sb->rsize = pvolume_info->rsize;
2965 cifs_sb->wsize = pvolume_info->wsize;
2966
2967 cifs_sb->mnt_uid = pvolume_info->linux_uid;
2968 cifs_sb->mnt_gid = pvolume_info->linux_gid;
2969 if (pvolume_info->backupuid_specified)
2970 cifs_sb->mnt_backupuid = pvolume_info->backupuid;
2971 if (pvolume_info->backupgid_specified)
2972 cifs_sb->mnt_backupgid = pvolume_info->backupgid;
2973 cifs_sb->mnt_file_mode = pvolume_info->file_mode;
2974 cifs_sb->mnt_dir_mode = pvolume_info->dir_mode;
2975 cFYI(1, "file mode: 0x%hx dir mode: 0x%hx",
2976 cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode);
2977
2978 cifs_sb->actimeo = pvolume_info->actimeo;
2979 cifs_sb->local_nls = pvolume_info->local_nls;
2980
2981 if (pvolume_info->noperm)
2982 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
2983 if (pvolume_info->setuids)
2984 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
2985 if (pvolume_info->server_ino)
2986 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
2987 if (pvolume_info->remap)
2988 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
2989 if (pvolume_info->no_xattr)
2990 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
2991 if (pvolume_info->sfu_emul)
2992 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
2993 if (pvolume_info->nobrl)
2994 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
2995 if (pvolume_info->nostrictsync)
2996 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOSSYNC;
2997 if (pvolume_info->mand_lock)
2998 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOPOSIXBRL;
2999 if (pvolume_info->rwpidforward)
3000 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_RWPIDFORWARD;
3001 if (pvolume_info->cifs_acl)
3002 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
3003 if (pvolume_info->backupuid_specified)
3004 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_BACKUPUID;
3005 if (pvolume_info->backupgid_specified)
3006 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_BACKUPGID;
3007 if (pvolume_info->override_uid)
3008 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
3009 if (pvolume_info->override_gid)
3010 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
3011 if (pvolume_info->dynperm)
3012 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DYNPERM;
3013 if (pvolume_info->fsc)
3014 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_FSCACHE;
3015 if (pvolume_info->multiuser)
3016 cifs_sb->mnt_cifs_flags |= (CIFS_MOUNT_MULTIUSER |
3017 CIFS_MOUNT_NO_PERM);
3018 if (pvolume_info->strict_io)
3019 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_STRICT_IO;
3020 if (pvolume_info->direct_io) {
3021 cFYI(1, "mounting share using direct i/o");
3022 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
3023 }
3024 if (pvolume_info->mfsymlinks) {
3025 if (pvolume_info->sfu_emul) {
3026 cERROR(1, "mount option mfsymlinks ignored if sfu "
3027 "mount option is used");
3028 } else {
3029 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MF_SYMLINKS;
3030 }
3031 }
3032
3033 if ((pvolume_info->cifs_acl) && (pvolume_info->dynperm))
3034 cERROR(1, "mount option dynperm ignored if cifsacl "
3035 "mount option supported");
3036 }
3037
3038 /*
3039 * When the server supports very large reads and writes via POSIX extensions,
3040 * we can allow up to 2^24-1, minus the size of a READ/WRITE_AND_X header, not
3041 * including the RFC1001 length.
3042 *
3043 * Note that this might make for "interesting" allocation problems during
3044 * writeback however as we have to allocate an array of pointers for the
3045 * pages. A 16M write means ~32kb page array with PAGE_CACHE_SIZE == 4096.
3046 *
3047 * For reads, there is a similar problem as we need to allocate an array
3048 * of kvecs to handle the receive, though that should only need to be done
3049 * once.
3050 */
3051 #define CIFS_MAX_WSIZE ((1<<24) - 1 - sizeof(WRITE_REQ) + 4)
3052 #define CIFS_MAX_RSIZE ((1<<24) - sizeof(READ_RSP) + 4)
3053
3054 /*
3055 * When the server doesn't allow large posix writes, only allow a rsize/wsize
3056 * of 2^17-1 minus the size of the call header. That allows for a read or
3057 * write up to the maximum size described by RFC1002.
3058 */
3059 #define CIFS_MAX_RFC1002_WSIZE ((1<<17) - 1 - sizeof(WRITE_REQ) + 4)
3060 #define CIFS_MAX_RFC1002_RSIZE ((1<<17) - 1 - sizeof(READ_RSP) + 4)
3061
3062 /*
3063 * The default wsize is 1M. find_get_pages seems to return a maximum of 256
3064 * pages in a single call. With PAGE_CACHE_SIZE == 4k, this means we can fill
3065 * a single wsize request with a single call.
3066 */
3067 #define CIFS_DEFAULT_IOSIZE (1024 * 1024)
3068
3069 /*
3070 * Windows only supports a max of 60kb reads and 65535 byte writes. Default to
3071 * those values when posix extensions aren't in force. In actuality here, we
3072 * use 65536 to allow for a write that is a multiple of 4k. Most servers seem
3073 * to be ok with the extra byte even though Windows doesn't send writes that
3074 * are that large.
3075 *
3076 * Citation:
3077 *
3078 * http://blogs.msdn.com/b/openspecification/archive/2009/04/10/smb-maximum-transmit-buffer-size-and-performance-tuning.aspx
3079 */
3080 #define CIFS_DEFAULT_NON_POSIX_RSIZE (60 * 1024)
3081 #define CIFS_DEFAULT_NON_POSIX_WSIZE (65536)
3082
3083 static unsigned int
cifs_negotiate_wsize(struct cifs_tcon * tcon,struct smb_vol * pvolume_info)3084 cifs_negotiate_wsize(struct cifs_tcon *tcon, struct smb_vol *pvolume_info)
3085 {
3086 __u64 unix_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
3087 struct TCP_Server_Info *server = tcon->ses->server;
3088 unsigned int wsize;
3089
3090 /* start with specified wsize, or default */
3091 if (pvolume_info->wsize)
3092 wsize = pvolume_info->wsize;
3093 else if (tcon->unix_ext && (unix_cap & CIFS_UNIX_LARGE_WRITE_CAP))
3094 wsize = CIFS_DEFAULT_IOSIZE;
3095 else
3096 wsize = CIFS_DEFAULT_NON_POSIX_WSIZE;
3097
3098 /* can server support 24-bit write sizes? (via UNIX extensions) */
3099 if (!tcon->unix_ext || !(unix_cap & CIFS_UNIX_LARGE_WRITE_CAP))
3100 wsize = min_t(unsigned int, wsize, CIFS_MAX_RFC1002_WSIZE);
3101
3102 /*
3103 * no CAP_LARGE_WRITE_X or is signing enabled without CAP_UNIX set?
3104 * Limit it to max buffer offered by the server, minus the size of the
3105 * WRITEX header, not including the 4 byte RFC1001 length.
3106 */
3107 if (!(server->capabilities & CAP_LARGE_WRITE_X) ||
3108 (!(server->capabilities & CAP_UNIX) &&
3109 (server->sec_mode & (SECMODE_SIGN_ENABLED|SECMODE_SIGN_REQUIRED))))
3110 wsize = min_t(unsigned int, wsize,
3111 server->maxBuf - sizeof(WRITE_REQ) + 4);
3112
3113 /* hard limit of CIFS_MAX_WSIZE */
3114 wsize = min_t(unsigned int, wsize, CIFS_MAX_WSIZE);
3115
3116 return wsize;
3117 }
3118
3119 static unsigned int
cifs_negotiate_rsize(struct cifs_tcon * tcon,struct smb_vol * pvolume_info)3120 cifs_negotiate_rsize(struct cifs_tcon *tcon, struct smb_vol *pvolume_info)
3121 {
3122 __u64 unix_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
3123 struct TCP_Server_Info *server = tcon->ses->server;
3124 unsigned int rsize, defsize;
3125
3126 /*
3127 * Set default value...
3128 *
3129 * HACK alert! Ancient servers have very small buffers. Even though
3130 * MS-CIFS indicates that servers are only limited by the client's
3131 * bufsize for reads, testing against win98se shows that it throws
3132 * INVALID_PARAMETER errors if you try to request too large a read.
3133 *
3134 * If the server advertises a MaxBufferSize of less than one page,
3135 * assume that it also can't satisfy reads larger than that either.
3136 *
3137 * FIXME: Is there a better heuristic for this?
3138 */
3139 if (tcon->unix_ext && (unix_cap & CIFS_UNIX_LARGE_READ_CAP))
3140 defsize = CIFS_DEFAULT_IOSIZE;
3141 else if (server->capabilities & CAP_LARGE_READ_X)
3142 defsize = CIFS_DEFAULT_NON_POSIX_RSIZE;
3143 else if (server->maxBuf >= PAGE_CACHE_SIZE)
3144 defsize = CIFSMaxBufSize;
3145 else
3146 defsize = server->maxBuf - sizeof(READ_RSP);
3147
3148 rsize = pvolume_info->rsize ? pvolume_info->rsize : defsize;
3149
3150 /*
3151 * no CAP_LARGE_READ_X? Then MS-CIFS states that we must limit this to
3152 * the client's MaxBufferSize.
3153 */
3154 if (!(server->capabilities & CAP_LARGE_READ_X))
3155 rsize = min_t(unsigned int, CIFSMaxBufSize, rsize);
3156
3157 /* hard limit of CIFS_MAX_RSIZE */
3158 rsize = min_t(unsigned int, rsize, CIFS_MAX_RSIZE);
3159
3160 return rsize;
3161 }
3162
3163 static int
is_path_accessible(int xid,struct cifs_tcon * tcon,struct cifs_sb_info * cifs_sb,const char * full_path)3164 is_path_accessible(int xid, struct cifs_tcon *tcon,
3165 struct cifs_sb_info *cifs_sb, const char *full_path)
3166 {
3167 int rc;
3168 FILE_ALL_INFO *pfile_info;
3169
3170 pfile_info = kmalloc(sizeof(FILE_ALL_INFO), GFP_KERNEL);
3171 if (pfile_info == NULL)
3172 return -ENOMEM;
3173
3174 rc = CIFSSMBQPathInfo(xid, tcon, full_path, pfile_info,
3175 0 /* not legacy */, cifs_sb->local_nls,
3176 cifs_sb->mnt_cifs_flags &
3177 CIFS_MOUNT_MAP_SPECIAL_CHR);
3178
3179 if (rc == -EOPNOTSUPP || rc == -EINVAL)
3180 rc = SMBQueryInformation(xid, tcon, full_path, pfile_info,
3181 cifs_sb->local_nls, cifs_sb->mnt_cifs_flags &
3182 CIFS_MOUNT_MAP_SPECIAL_CHR);
3183 kfree(pfile_info);
3184 return rc;
3185 }
3186
3187 static void
cleanup_volume_info_contents(struct smb_vol * volume_info)3188 cleanup_volume_info_contents(struct smb_vol *volume_info)
3189 {
3190 kfree(volume_info->username);
3191 kzfree(volume_info->password);
3192 if (volume_info->UNCip != volume_info->UNC + 2)
3193 kfree(volume_info->UNCip);
3194 kfree(volume_info->UNC);
3195 kfree(volume_info->domainname);
3196 kfree(volume_info->iocharset);
3197 kfree(volume_info->prepath);
3198 }
3199
3200 void
cifs_cleanup_volume_info(struct smb_vol * volume_info)3201 cifs_cleanup_volume_info(struct smb_vol *volume_info)
3202 {
3203 if (!volume_info)
3204 return;
3205 cleanup_volume_info_contents(volume_info);
3206 kfree(volume_info);
3207 }
3208
3209
3210 #ifdef CONFIG_CIFS_DFS_UPCALL
3211 /* build_path_to_root returns full path to root when
3212 * we do not have an exiting connection (tcon) */
3213 static char *
build_unc_path_to_root(const struct smb_vol * vol,const struct cifs_sb_info * cifs_sb)3214 build_unc_path_to_root(const struct smb_vol *vol,
3215 const struct cifs_sb_info *cifs_sb)
3216 {
3217 char *full_path, *pos;
3218 unsigned int pplen = vol->prepath ? strlen(vol->prepath) : 0;
3219 unsigned int unc_len = strnlen(vol->UNC, MAX_TREE_SIZE + 1);
3220
3221 full_path = kmalloc(unc_len + pplen + 1, GFP_KERNEL);
3222 if (full_path == NULL)
3223 return ERR_PTR(-ENOMEM);
3224
3225 strncpy(full_path, vol->UNC, unc_len);
3226 pos = full_path + unc_len;
3227
3228 if (pplen) {
3229 strncpy(pos, vol->prepath, pplen);
3230 pos += pplen;
3231 }
3232
3233 *pos = '\0'; /* add trailing null */
3234 convert_delimiter(full_path, CIFS_DIR_SEP(cifs_sb));
3235 cFYI(1, "%s: full_path=%s", __func__, full_path);
3236 return full_path;
3237 }
3238
3239 /*
3240 * Perform a dfs referral query for a share and (optionally) prefix
3241 *
3242 * If a referral is found, cifs_sb->mountdata will be (re-)allocated
3243 * to a string containing updated options for the submount. Otherwise it
3244 * will be left untouched.
3245 *
3246 * Returns the rc from get_dfs_path to the caller, which can be used to
3247 * determine whether there were referrals.
3248 */
3249 static int
expand_dfs_referral(int xid,struct cifs_ses * pSesInfo,struct smb_vol * volume_info,struct cifs_sb_info * cifs_sb,int check_prefix)3250 expand_dfs_referral(int xid, struct cifs_ses *pSesInfo,
3251 struct smb_vol *volume_info, struct cifs_sb_info *cifs_sb,
3252 int check_prefix)
3253 {
3254 int rc;
3255 unsigned int num_referrals = 0;
3256 struct dfs_info3_param *referrals = NULL;
3257 char *full_path = NULL, *ref_path = NULL, *mdata = NULL;
3258
3259 full_path = build_unc_path_to_root(volume_info, cifs_sb);
3260 if (IS_ERR(full_path))
3261 return PTR_ERR(full_path);
3262
3263 /* For DFS paths, skip the first '\' of the UNC */
3264 ref_path = check_prefix ? full_path + 1 : volume_info->UNC + 1;
3265
3266 rc = get_dfs_path(xid, pSesInfo , ref_path, cifs_sb->local_nls,
3267 &num_referrals, &referrals,
3268 cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR);
3269
3270 if (!rc && num_referrals > 0) {
3271 char *fake_devname = NULL;
3272
3273 mdata = cifs_compose_mount_options(cifs_sb->mountdata,
3274 full_path + 1, referrals,
3275 &fake_devname);
3276
3277 free_dfs_info_array(referrals, num_referrals);
3278
3279 if (IS_ERR(mdata)) {
3280 rc = PTR_ERR(mdata);
3281 mdata = NULL;
3282 } else {
3283 cleanup_volume_info_contents(volume_info);
3284 memset(volume_info, '\0', sizeof(*volume_info));
3285 rc = cifs_setup_volume_info(volume_info, mdata,
3286 fake_devname);
3287 }
3288 kfree(fake_devname);
3289 kfree(cifs_sb->mountdata);
3290 cifs_sb->mountdata = mdata;
3291 }
3292 kfree(full_path);
3293 return rc;
3294 }
3295 #endif
3296
3297 static int
cifs_setup_volume_info(struct smb_vol * volume_info,char * mount_data,const char * devname)3298 cifs_setup_volume_info(struct smb_vol *volume_info, char *mount_data,
3299 const char *devname)
3300 {
3301 int rc = 0;
3302
3303 if (cifs_parse_mount_options(mount_data, devname, volume_info))
3304 return -EINVAL;
3305
3306 if (volume_info->nullauth) {
3307 cFYI(1, "Anonymous login");
3308 kfree(volume_info->username);
3309 volume_info->username = NULL;
3310 } else if (volume_info->username) {
3311 /* BB fixme parse for domain name here */
3312 cFYI(1, "Username: %s", volume_info->username);
3313 } else {
3314 cifserror("No username specified");
3315 /* In userspace mount helper we can get user name from alternate
3316 locations such as env variables and files on disk */
3317 return -EINVAL;
3318 }
3319
3320 /* this is needed for ASCII cp to Unicode converts */
3321 if (volume_info->iocharset == NULL) {
3322 /* load_nls_default cannot return null */
3323 volume_info->local_nls = load_nls_default();
3324 } else {
3325 volume_info->local_nls = load_nls(volume_info->iocharset);
3326 if (volume_info->local_nls == NULL) {
3327 cERROR(1, "CIFS mount error: iocharset %s not found",
3328 volume_info->iocharset);
3329 return -ELIBACC;
3330 }
3331 }
3332
3333 return rc;
3334 }
3335
3336 struct smb_vol *
cifs_get_volume_info(char * mount_data,const char * devname)3337 cifs_get_volume_info(char *mount_data, const char *devname)
3338 {
3339 int rc;
3340 struct smb_vol *volume_info;
3341
3342 volume_info = kzalloc(sizeof(struct smb_vol), GFP_KERNEL);
3343 if (!volume_info)
3344 return ERR_PTR(-ENOMEM);
3345
3346 rc = cifs_setup_volume_info(volume_info, mount_data, devname);
3347 if (rc) {
3348 cifs_cleanup_volume_info(volume_info);
3349 volume_info = ERR_PTR(rc);
3350 }
3351
3352 return volume_info;
3353 }
3354
3355 /* make sure ra_pages is a multiple of rsize */
3356 static inline unsigned int
cifs_ra_pages(struct cifs_sb_info * cifs_sb)3357 cifs_ra_pages(struct cifs_sb_info *cifs_sb)
3358 {
3359 unsigned int reads;
3360 unsigned int rsize_pages = cifs_sb->rsize / PAGE_CACHE_SIZE;
3361
3362 if (rsize_pages >= default_backing_dev_info.ra_pages)
3363 return default_backing_dev_info.ra_pages;
3364 else if (rsize_pages == 0)
3365 return rsize_pages;
3366
3367 reads = default_backing_dev_info.ra_pages / rsize_pages;
3368 return reads * rsize_pages;
3369 }
3370
3371 int
cifs_mount(struct cifs_sb_info * cifs_sb,struct smb_vol * volume_info)3372 cifs_mount(struct cifs_sb_info *cifs_sb, struct smb_vol *volume_info)
3373 {
3374 int rc = 0;
3375 int xid;
3376 struct cifs_ses *pSesInfo;
3377 struct cifs_tcon *tcon;
3378 struct TCP_Server_Info *srvTcp;
3379 char *full_path;
3380 struct tcon_link *tlink;
3381 #ifdef CONFIG_CIFS_DFS_UPCALL
3382 int referral_walks_count = 0;
3383 #endif
3384
3385 rc = bdi_setup_and_register(&cifs_sb->bdi, "cifs", BDI_CAP_MAP_COPY);
3386 if (rc)
3387 return rc;
3388
3389 #ifdef CONFIG_CIFS_DFS_UPCALL
3390 try_mount_again:
3391 /* cleanup activities if we're chasing a referral */
3392 if (referral_walks_count) {
3393 if (tcon)
3394 cifs_put_tcon(tcon);
3395 else if (pSesInfo)
3396 cifs_put_smb_ses(pSesInfo);
3397
3398 FreeXid(xid);
3399 }
3400 #endif
3401 tcon = NULL;
3402 pSesInfo = NULL;
3403 srvTcp = NULL;
3404 full_path = NULL;
3405 tlink = NULL;
3406
3407 xid = GetXid();
3408
3409 /* get a reference to a tcp session */
3410 srvTcp = cifs_get_tcp_session(volume_info);
3411 if (IS_ERR(srvTcp)) {
3412 rc = PTR_ERR(srvTcp);
3413 bdi_destroy(&cifs_sb->bdi);
3414 goto out;
3415 }
3416
3417 /* get a reference to a SMB session */
3418 pSesInfo = cifs_get_smb_ses(srvTcp, volume_info);
3419 if (IS_ERR(pSesInfo)) {
3420 rc = PTR_ERR(pSesInfo);
3421 pSesInfo = NULL;
3422 goto mount_fail_check;
3423 }
3424
3425 /* search for existing tcon to this server share */
3426 tcon = cifs_get_tcon(pSesInfo, volume_info);
3427 if (IS_ERR(tcon)) {
3428 rc = PTR_ERR(tcon);
3429 tcon = NULL;
3430 goto remote_path_check;
3431 }
3432
3433 /* tell server which Unix caps we support */
3434 if (tcon->ses->capabilities & CAP_UNIX) {
3435 /* reset of caps checks mount to see if unix extensions
3436 disabled for just this mount */
3437 reset_cifs_unix_caps(xid, tcon, cifs_sb, volume_info);
3438 if ((tcon->ses->server->tcpStatus == CifsNeedReconnect) &&
3439 (le64_to_cpu(tcon->fsUnixInfo.Capability) &
3440 CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP)) {
3441 rc = -EACCES;
3442 goto mount_fail_check;
3443 }
3444 } else
3445 tcon->unix_ext = 0; /* server does not support them */
3446
3447 /* do not care if following two calls succeed - informational */
3448 if (!tcon->ipc) {
3449 CIFSSMBQFSDeviceInfo(xid, tcon);
3450 CIFSSMBQFSAttributeInfo(xid, tcon);
3451 }
3452
3453 cifs_sb->wsize = cifs_negotiate_wsize(tcon, volume_info);
3454 cifs_sb->rsize = cifs_negotiate_rsize(tcon, volume_info);
3455
3456 /* tune readahead according to rsize */
3457 cifs_sb->bdi.ra_pages = cifs_ra_pages(cifs_sb);
3458
3459 remote_path_check:
3460 #ifdef CONFIG_CIFS_DFS_UPCALL
3461 /*
3462 * Perform an unconditional check for whether there are DFS
3463 * referrals for this path without prefix, to provide support
3464 * for DFS referrals from w2k8 servers which don't seem to respond
3465 * with PATH_NOT_COVERED to requests that include the prefix.
3466 * Chase the referral if found, otherwise continue normally.
3467 */
3468 if (referral_walks_count == 0) {
3469 int refrc = expand_dfs_referral(xid, pSesInfo, volume_info,
3470 cifs_sb, false);
3471 if (!refrc) {
3472 referral_walks_count++;
3473 goto try_mount_again;
3474 }
3475 }
3476 #endif
3477
3478 /* check if a whole path is not remote */
3479 if (!rc && tcon) {
3480 /* build_path_to_root works only when we have a valid tcon */
3481 full_path = cifs_build_path_to_root(volume_info, cifs_sb, tcon);
3482 if (full_path == NULL) {
3483 rc = -ENOMEM;
3484 goto mount_fail_check;
3485 }
3486 rc = is_path_accessible(xid, tcon, cifs_sb, full_path);
3487 if (rc != 0 && rc != -EREMOTE) {
3488 kfree(full_path);
3489 goto mount_fail_check;
3490 }
3491 kfree(full_path);
3492 }
3493
3494 /* get referral if needed */
3495 if (rc == -EREMOTE) {
3496 #ifdef CONFIG_CIFS_DFS_UPCALL
3497 if (referral_walks_count > MAX_NESTED_LINKS) {
3498 /*
3499 * BB: when we implement proper loop detection,
3500 * we will remove this check. But now we need it
3501 * to prevent an indefinite loop if 'DFS tree' is
3502 * misconfigured (i.e. has loops).
3503 */
3504 rc = -ELOOP;
3505 goto mount_fail_check;
3506 }
3507
3508 rc = expand_dfs_referral(xid, pSesInfo, volume_info, cifs_sb,
3509 true);
3510
3511 if (!rc) {
3512 referral_walks_count++;
3513 goto try_mount_again;
3514 }
3515 goto mount_fail_check;
3516 #else /* No DFS support, return error on mount */
3517 rc = -EOPNOTSUPP;
3518 #endif
3519 }
3520
3521 if (rc)
3522 goto mount_fail_check;
3523
3524 /* now, hang the tcon off of the superblock */
3525 tlink = kzalloc(sizeof *tlink, GFP_KERNEL);
3526 if (tlink == NULL) {
3527 rc = -ENOMEM;
3528 goto mount_fail_check;
3529 }
3530
3531 tlink->tl_uid = pSesInfo->linux_uid;
3532 tlink->tl_tcon = tcon;
3533 tlink->tl_time = jiffies;
3534 set_bit(TCON_LINK_MASTER, &tlink->tl_flags);
3535 set_bit(TCON_LINK_IN_TREE, &tlink->tl_flags);
3536
3537 cifs_sb->master_tlink = tlink;
3538 spin_lock(&cifs_sb->tlink_tree_lock);
3539 tlink_rb_insert(&cifs_sb->tlink_tree, tlink);
3540 spin_unlock(&cifs_sb->tlink_tree_lock);
3541
3542 queue_delayed_work(system_nrt_wq, &cifs_sb->prune_tlinks,
3543 TLINK_IDLE_EXPIRE);
3544
3545 mount_fail_check:
3546 /* on error free sesinfo and tcon struct if needed */
3547 if (rc) {
3548 /* If find_unc succeeded then rc == 0 so we can not end */
3549 /* up accidentally freeing someone elses tcon struct */
3550 if (tcon)
3551 cifs_put_tcon(tcon);
3552 else if (pSesInfo)
3553 cifs_put_smb_ses(pSesInfo);
3554 else
3555 cifs_put_tcp_session(srvTcp);
3556 bdi_destroy(&cifs_sb->bdi);
3557 }
3558
3559 out:
3560 FreeXid(xid);
3561 return rc;
3562 }
3563
3564 /*
3565 * Issue a TREE_CONNECT request. Note that for IPC$ shares, that the tcon
3566 * pointer may be NULL.
3567 */
3568 int
CIFSTCon(unsigned int xid,struct cifs_ses * ses,const char * tree,struct cifs_tcon * tcon,const struct nls_table * nls_codepage)3569 CIFSTCon(unsigned int xid, struct cifs_ses *ses,
3570 const char *tree, struct cifs_tcon *tcon,
3571 const struct nls_table *nls_codepage)
3572 {
3573 struct smb_hdr *smb_buffer;
3574 struct smb_hdr *smb_buffer_response;
3575 TCONX_REQ *pSMB;
3576 TCONX_RSP *pSMBr;
3577 unsigned char *bcc_ptr;
3578 int rc = 0;
3579 int length;
3580 __u16 bytes_left, count;
3581
3582 if (ses == NULL)
3583 return -EIO;
3584
3585 smb_buffer = cifs_buf_get();
3586 if (smb_buffer == NULL)
3587 return -ENOMEM;
3588
3589 smb_buffer_response = smb_buffer;
3590
3591 header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3592 NULL /*no tid */ , 4 /*wct */ );
3593
3594 smb_buffer->Mid = GetNextMid(ses->server);
3595 smb_buffer->Uid = ses->Suid;
3596 pSMB = (TCONX_REQ *) smb_buffer;
3597 pSMBr = (TCONX_RSP *) smb_buffer_response;
3598
3599 pSMB->AndXCommand = 0xFF;
3600 pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
3601 bcc_ptr = &pSMB->Password[0];
3602 if (!tcon || (ses->server->sec_mode & SECMODE_USER)) {
3603 pSMB->PasswordLength = cpu_to_le16(1); /* minimum */
3604 *bcc_ptr = 0; /* password is null byte */
3605 bcc_ptr++; /* skip password */
3606 /* already aligned so no need to do it below */
3607 } else {
3608 pSMB->PasswordLength = cpu_to_le16(CIFS_AUTH_RESP_SIZE);
3609 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3610 specified as required (when that support is added to
3611 the vfs in the future) as only NTLM or the much
3612 weaker LANMAN (which we do not send by default) is accepted
3613 by Samba (not sure whether other servers allow
3614 NTLMv2 password here) */
3615 #ifdef CONFIG_CIFS_WEAK_PW_HASH
3616 if ((global_secflags & CIFSSEC_MAY_LANMAN) &&
3617 (ses->server->secType == LANMAN))
3618 calc_lanman_hash(tcon->password, ses->server->cryptkey,
3619 ses->server->sec_mode &
3620 SECMODE_PW_ENCRYPT ? true : false,
3621 bcc_ptr);
3622 else
3623 #endif /* CIFS_WEAK_PW_HASH */
3624 rc = SMBNTencrypt(tcon->password, ses->server->cryptkey,
3625 bcc_ptr, nls_codepage);
3626
3627 bcc_ptr += CIFS_AUTH_RESP_SIZE;
3628 if (ses->capabilities & CAP_UNICODE) {
3629 /* must align unicode strings */
3630 *bcc_ptr = 0; /* null byte password */
3631 bcc_ptr++;
3632 }
3633 }
3634
3635 if (ses->server->sec_mode &
3636 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3637 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3638
3639 if (ses->capabilities & CAP_STATUS32) {
3640 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3641 }
3642 if (ses->capabilities & CAP_DFS) {
3643 smb_buffer->Flags2 |= SMBFLG2_DFS;
3644 }
3645 if (ses->capabilities & CAP_UNICODE) {
3646 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3647 length =
3648 cifs_strtoUTF16((__le16 *) bcc_ptr, tree,
3649 6 /* max utf8 char length in bytes */ *
3650 (/* server len*/ + 256 /* share len */), nls_codepage);
3651 bcc_ptr += 2 * length; /* convert num 16 bit words to bytes */
3652 bcc_ptr += 2; /* skip trailing null */
3653 } else { /* ASCII */
3654 strcpy(bcc_ptr, tree);
3655 bcc_ptr += strlen(tree) + 1;
3656 }
3657 strcpy(bcc_ptr, "?????");
3658 bcc_ptr += strlen("?????");
3659 bcc_ptr += 1;
3660 count = bcc_ptr - &pSMB->Password[0];
3661 pSMB->hdr.smb_buf_length = cpu_to_be32(be32_to_cpu(
3662 pSMB->hdr.smb_buf_length) + count);
3663 pSMB->ByteCount = cpu_to_le16(count);
3664
3665 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length,
3666 0);
3667
3668 /* above now done in SendReceive */
3669 if ((rc == 0) && (tcon != NULL)) {
3670 bool is_unicode;
3671
3672 tcon->tidStatus = CifsGood;
3673 tcon->need_reconnect = false;
3674 tcon->tid = smb_buffer_response->Tid;
3675 bcc_ptr = pByteArea(smb_buffer_response);
3676 bytes_left = get_bcc(smb_buffer_response);
3677 length = strnlen(bcc_ptr, bytes_left - 2);
3678 if (smb_buffer->Flags2 & SMBFLG2_UNICODE)
3679 is_unicode = true;
3680 else
3681 is_unicode = false;
3682
3683
3684 /* skip service field (NB: this field is always ASCII) */
3685 if (length == 3) {
3686 if ((bcc_ptr[0] == 'I') && (bcc_ptr[1] == 'P') &&
3687 (bcc_ptr[2] == 'C')) {
3688 cFYI(1, "IPC connection");
3689 tcon->ipc = 1;
3690 }
3691 } else if (length == 2) {
3692 if ((bcc_ptr[0] == 'A') && (bcc_ptr[1] == ':')) {
3693 /* the most common case */
3694 cFYI(1, "disk share connection");
3695 }
3696 }
3697 bcc_ptr += length + 1;
3698 bytes_left -= (length + 1);
3699 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3700
3701 /* mostly informational -- no need to fail on error here */
3702 kfree(tcon->nativeFileSystem);
3703 tcon->nativeFileSystem = cifs_strndup_from_utf16(bcc_ptr,
3704 bytes_left, is_unicode,
3705 nls_codepage);
3706
3707 cFYI(1, "nativeFileSystem=%s", tcon->nativeFileSystem);
3708
3709 if ((smb_buffer_response->WordCount == 3) ||
3710 (smb_buffer_response->WordCount == 7))
3711 /* field is in same location */
3712 tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3713 else
3714 tcon->Flags = 0;
3715 cFYI(1, "Tcon flags: 0x%x ", tcon->Flags);
3716 } else if ((rc == 0) && tcon == NULL) {
3717 /* all we need to save for IPC$ connection */
3718 ses->ipc_tid = smb_buffer_response->Tid;
3719 }
3720
3721 cifs_buf_release(smb_buffer);
3722 return rc;
3723 }
3724
3725 void
cifs_umount(struct cifs_sb_info * cifs_sb)3726 cifs_umount(struct cifs_sb_info *cifs_sb)
3727 {
3728 struct rb_root *root = &cifs_sb->tlink_tree;
3729 struct rb_node *node;
3730 struct tcon_link *tlink;
3731
3732 cancel_delayed_work_sync(&cifs_sb->prune_tlinks);
3733
3734 spin_lock(&cifs_sb->tlink_tree_lock);
3735 while ((node = rb_first(root))) {
3736 tlink = rb_entry(node, struct tcon_link, tl_rbnode);
3737 cifs_get_tlink(tlink);
3738 clear_bit(TCON_LINK_IN_TREE, &tlink->tl_flags);
3739 rb_erase(node, root);
3740
3741 spin_unlock(&cifs_sb->tlink_tree_lock);
3742 cifs_put_tlink(tlink);
3743 spin_lock(&cifs_sb->tlink_tree_lock);
3744 }
3745 spin_unlock(&cifs_sb->tlink_tree_lock);
3746
3747 bdi_destroy(&cifs_sb->bdi);
3748 kfree(cifs_sb->mountdata);
3749 unload_nls(cifs_sb->local_nls);
3750 kfree(cifs_sb);
3751 }
3752
cifs_negotiate_protocol(unsigned int xid,struct cifs_ses * ses)3753 int cifs_negotiate_protocol(unsigned int xid, struct cifs_ses *ses)
3754 {
3755 int rc = 0;
3756 struct TCP_Server_Info *server = ses->server;
3757
3758 /* only send once per connect */
3759 if (server->maxBuf != 0)
3760 return 0;
3761
3762 rc = CIFSSMBNegotiate(xid, ses);
3763 if (rc == -EAGAIN) {
3764 /* retry only once on 1st time connection */
3765 rc = CIFSSMBNegotiate(xid, ses);
3766 if (rc == -EAGAIN)
3767 rc = -EHOSTDOWN;
3768 }
3769 if (rc == 0) {
3770 spin_lock(&GlobalMid_Lock);
3771 if (server->tcpStatus == CifsNeedNegotiate)
3772 server->tcpStatus = CifsGood;
3773 else
3774 rc = -EHOSTDOWN;
3775 spin_unlock(&GlobalMid_Lock);
3776
3777 }
3778
3779 return rc;
3780 }
3781
3782
cifs_setup_session(unsigned int xid,struct cifs_ses * ses,struct nls_table * nls_info)3783 int cifs_setup_session(unsigned int xid, struct cifs_ses *ses,
3784 struct nls_table *nls_info)
3785 {
3786 int rc = 0;
3787 struct TCP_Server_Info *server = ses->server;
3788
3789 ses->flags = 0;
3790 ses->capabilities = server->capabilities;
3791 if (linuxExtEnabled == 0)
3792 ses->capabilities &= (~CAP_UNIX);
3793
3794 cFYI(1, "Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d",
3795 server->sec_mode, server->capabilities, server->timeAdj);
3796
3797 rc = CIFS_SessSetup(xid, ses, nls_info);
3798 if (rc) {
3799 cERROR(1, "Send error in SessSetup = %d", rc);
3800 } else {
3801 mutex_lock(&ses->server->srv_mutex);
3802 if (!server->session_estab) {
3803 server->session_key.response = ses->auth_key.response;
3804 server->session_key.len = ses->auth_key.len;
3805 server->sequence_number = 0x2;
3806 server->session_estab = true;
3807 ses->auth_key.response = NULL;
3808 }
3809 mutex_unlock(&server->srv_mutex);
3810
3811 cFYI(1, "CIFS Session Established successfully");
3812 spin_lock(&GlobalMid_Lock);
3813 ses->status = CifsGood;
3814 ses->need_reconnect = false;
3815 spin_unlock(&GlobalMid_Lock);
3816 }
3817
3818 kfree(ses->auth_key.response);
3819 ses->auth_key.response = NULL;
3820 ses->auth_key.len = 0;
3821 kfree(ses->ntlmssp);
3822 ses->ntlmssp = NULL;
3823
3824 return rc;
3825 }
3826
3827 static int
cifs_set_vol_auth(struct smb_vol * vol,struct cifs_ses * ses)3828 cifs_set_vol_auth(struct smb_vol *vol, struct cifs_ses *ses)
3829 {
3830 switch (ses->server->secType) {
3831 case Kerberos:
3832 vol->secFlg = CIFSSEC_MUST_KRB5;
3833 return 0;
3834 case NTLMv2:
3835 vol->secFlg = CIFSSEC_MUST_NTLMV2;
3836 break;
3837 case NTLM:
3838 vol->secFlg = CIFSSEC_MUST_NTLM;
3839 break;
3840 case RawNTLMSSP:
3841 vol->secFlg = CIFSSEC_MUST_NTLMSSP;
3842 break;
3843 case LANMAN:
3844 vol->secFlg = CIFSSEC_MUST_LANMAN;
3845 break;
3846 }
3847
3848 return cifs_set_cifscreds(vol, ses);
3849 }
3850
3851 static struct cifs_tcon *
cifs_construct_tcon(struct cifs_sb_info * cifs_sb,uid_t fsuid)3852 cifs_construct_tcon(struct cifs_sb_info *cifs_sb, uid_t fsuid)
3853 {
3854 int rc;
3855 struct cifs_tcon *master_tcon = cifs_sb_master_tcon(cifs_sb);
3856 struct cifs_ses *ses;
3857 struct cifs_tcon *tcon = NULL;
3858 struct smb_vol *vol_info;
3859
3860 vol_info = kzalloc(sizeof(*vol_info), GFP_KERNEL);
3861 if (vol_info == NULL)
3862 return ERR_PTR(-ENOMEM);
3863
3864 vol_info->local_nls = cifs_sb->local_nls;
3865 vol_info->linux_uid = fsuid;
3866 vol_info->cred_uid = fsuid;
3867 vol_info->UNC = master_tcon->treeName;
3868 vol_info->retry = master_tcon->retry;
3869 vol_info->nocase = master_tcon->nocase;
3870 vol_info->local_lease = master_tcon->local_lease;
3871 vol_info->no_linux_ext = !master_tcon->unix_ext;
3872
3873 rc = cifs_set_vol_auth(vol_info, master_tcon->ses);
3874 if (rc) {
3875 tcon = ERR_PTR(rc);
3876 goto out;
3877 }
3878
3879 /* get a reference for the same TCP session */
3880 spin_lock(&cifs_tcp_ses_lock);
3881 ++master_tcon->ses->server->srv_count;
3882 spin_unlock(&cifs_tcp_ses_lock);
3883
3884 ses = cifs_get_smb_ses(master_tcon->ses->server, vol_info);
3885 if (IS_ERR(ses)) {
3886 tcon = (struct cifs_tcon *)ses;
3887 cifs_put_tcp_session(master_tcon->ses->server);
3888 goto out;
3889 }
3890
3891 tcon = cifs_get_tcon(ses, vol_info);
3892 if (IS_ERR(tcon)) {
3893 cifs_put_smb_ses(ses);
3894 goto out;
3895 }
3896
3897 if (ses->capabilities & CAP_UNIX)
3898 reset_cifs_unix_caps(0, tcon, NULL, vol_info);
3899 out:
3900 kfree(vol_info->username);
3901 kfree(vol_info->password);
3902 kfree(vol_info);
3903
3904 return tcon;
3905 }
3906
3907 struct cifs_tcon *
cifs_sb_master_tcon(struct cifs_sb_info * cifs_sb)3908 cifs_sb_master_tcon(struct cifs_sb_info *cifs_sb)
3909 {
3910 return tlink_tcon(cifs_sb_master_tlink(cifs_sb));
3911 }
3912
3913 static int
cifs_sb_tcon_pending_wait(void * unused)3914 cifs_sb_tcon_pending_wait(void *unused)
3915 {
3916 schedule();
3917 return signal_pending(current) ? -ERESTARTSYS : 0;
3918 }
3919
3920 /* find and return a tlink with given uid */
3921 static struct tcon_link *
tlink_rb_search(struct rb_root * root,uid_t uid)3922 tlink_rb_search(struct rb_root *root, uid_t uid)
3923 {
3924 struct rb_node *node = root->rb_node;
3925 struct tcon_link *tlink;
3926
3927 while (node) {
3928 tlink = rb_entry(node, struct tcon_link, tl_rbnode);
3929
3930 if (tlink->tl_uid > uid)
3931 node = node->rb_left;
3932 else if (tlink->tl_uid < uid)
3933 node = node->rb_right;
3934 else
3935 return tlink;
3936 }
3937 return NULL;
3938 }
3939
3940 /* insert a tcon_link into the tree */
3941 static void
tlink_rb_insert(struct rb_root * root,struct tcon_link * new_tlink)3942 tlink_rb_insert(struct rb_root *root, struct tcon_link *new_tlink)
3943 {
3944 struct rb_node **new = &(root->rb_node), *parent = NULL;
3945 struct tcon_link *tlink;
3946
3947 while (*new) {
3948 tlink = rb_entry(*new, struct tcon_link, tl_rbnode);
3949 parent = *new;
3950
3951 if (tlink->tl_uid > new_tlink->tl_uid)
3952 new = &((*new)->rb_left);
3953 else
3954 new = &((*new)->rb_right);
3955 }
3956
3957 rb_link_node(&new_tlink->tl_rbnode, parent, new);
3958 rb_insert_color(&new_tlink->tl_rbnode, root);
3959 }
3960
3961 /*
3962 * Find or construct an appropriate tcon given a cifs_sb and the fsuid of the
3963 * current task.
3964 *
3965 * If the superblock doesn't refer to a multiuser mount, then just return
3966 * the master tcon for the mount.
3967 *
3968 * First, search the rbtree for an existing tcon for this fsuid. If one
3969 * exists, then check to see if it's pending construction. If it is then wait
3970 * for construction to complete. Once it's no longer pending, check to see if
3971 * it failed and either return an error or retry construction, depending on
3972 * the timeout.
3973 *
3974 * If one doesn't exist then insert a new tcon_link struct into the tree and
3975 * try to construct a new one.
3976 */
3977 struct tcon_link *
cifs_sb_tlink(struct cifs_sb_info * cifs_sb)3978 cifs_sb_tlink(struct cifs_sb_info *cifs_sb)
3979 {
3980 int ret;
3981 uid_t fsuid = current_fsuid();
3982 struct tcon_link *tlink, *newtlink;
3983
3984 if (!(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MULTIUSER))
3985 return cifs_get_tlink(cifs_sb_master_tlink(cifs_sb));
3986
3987 spin_lock(&cifs_sb->tlink_tree_lock);
3988 tlink = tlink_rb_search(&cifs_sb->tlink_tree, fsuid);
3989 if (tlink)
3990 cifs_get_tlink(tlink);
3991 spin_unlock(&cifs_sb->tlink_tree_lock);
3992
3993 if (tlink == NULL) {
3994 newtlink = kzalloc(sizeof(*tlink), GFP_KERNEL);
3995 if (newtlink == NULL)
3996 return ERR_PTR(-ENOMEM);
3997 newtlink->tl_uid = fsuid;
3998 newtlink->tl_tcon = ERR_PTR(-EACCES);
3999 set_bit(TCON_LINK_PENDING, &newtlink->tl_flags);
4000 set_bit(TCON_LINK_IN_TREE, &newtlink->tl_flags);
4001 cifs_get_tlink(newtlink);
4002
4003 spin_lock(&cifs_sb->tlink_tree_lock);
4004 /* was one inserted after previous search? */
4005 tlink = tlink_rb_search(&cifs_sb->tlink_tree, fsuid);
4006 if (tlink) {
4007 cifs_get_tlink(tlink);
4008 spin_unlock(&cifs_sb->tlink_tree_lock);
4009 kfree(newtlink);
4010 goto wait_for_construction;
4011 }
4012 tlink = newtlink;
4013 tlink_rb_insert(&cifs_sb->tlink_tree, tlink);
4014 spin_unlock(&cifs_sb->tlink_tree_lock);
4015 } else {
4016 wait_for_construction:
4017 ret = wait_on_bit(&tlink->tl_flags, TCON_LINK_PENDING,
4018 cifs_sb_tcon_pending_wait,
4019 TASK_INTERRUPTIBLE);
4020 if (ret) {
4021 cifs_put_tlink(tlink);
4022 return ERR_PTR(ret);
4023 }
4024
4025 /* if it's good, return it */
4026 if (!IS_ERR(tlink->tl_tcon))
4027 return tlink;
4028
4029 /* return error if we tried this already recently */
4030 if (time_before(jiffies, tlink->tl_time + TLINK_ERROR_EXPIRE)) {
4031 cifs_put_tlink(tlink);
4032 return ERR_PTR(-EACCES);
4033 }
4034
4035 if (test_and_set_bit(TCON_LINK_PENDING, &tlink->tl_flags))
4036 goto wait_for_construction;
4037 }
4038
4039 tlink->tl_tcon = cifs_construct_tcon(cifs_sb, fsuid);
4040 clear_bit(TCON_LINK_PENDING, &tlink->tl_flags);
4041 wake_up_bit(&tlink->tl_flags, TCON_LINK_PENDING);
4042
4043 if (IS_ERR(tlink->tl_tcon)) {
4044 cifs_put_tlink(tlink);
4045 return ERR_PTR(-EACCES);
4046 }
4047
4048 return tlink;
4049 }
4050
4051 /*
4052 * periodic workqueue job that scans tcon_tree for a superblock and closes
4053 * out tcons.
4054 */
4055 static void
cifs_prune_tlinks(struct work_struct * work)4056 cifs_prune_tlinks(struct work_struct *work)
4057 {
4058 struct cifs_sb_info *cifs_sb = container_of(work, struct cifs_sb_info,
4059 prune_tlinks.work);
4060 struct rb_root *root = &cifs_sb->tlink_tree;
4061 struct rb_node *node = rb_first(root);
4062 struct rb_node *tmp;
4063 struct tcon_link *tlink;
4064
4065 /*
4066 * Because we drop the spinlock in the loop in order to put the tlink
4067 * it's not guarded against removal of links from the tree. The only
4068 * places that remove entries from the tree are this function and
4069 * umounts. Because this function is non-reentrant and is canceled
4070 * before umount can proceed, this is safe.
4071 */
4072 spin_lock(&cifs_sb->tlink_tree_lock);
4073 node = rb_first(root);
4074 while (node != NULL) {
4075 tmp = node;
4076 node = rb_next(tmp);
4077 tlink = rb_entry(tmp, struct tcon_link, tl_rbnode);
4078
4079 if (test_bit(TCON_LINK_MASTER, &tlink->tl_flags) ||
4080 atomic_read(&tlink->tl_count) != 0 ||
4081 time_after(tlink->tl_time + TLINK_IDLE_EXPIRE, jiffies))
4082 continue;
4083
4084 cifs_get_tlink(tlink);
4085 clear_bit(TCON_LINK_IN_TREE, &tlink->tl_flags);
4086 rb_erase(tmp, root);
4087
4088 spin_unlock(&cifs_sb->tlink_tree_lock);
4089 cifs_put_tlink(tlink);
4090 spin_lock(&cifs_sb->tlink_tree_lock);
4091 }
4092 spin_unlock(&cifs_sb->tlink_tree_lock);
4093
4094 queue_delayed_work(system_nrt_wq, &cifs_sb->prune_tlinks,
4095 TLINK_IDLE_EXPIRE);
4096 }
4097