4 * Copyright (C) International Business Machines Corp., 2002,2006
5 * Author(s): Steve French (sfrench@us.ibm.com)
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/ipv6.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/pagevec.h>
34 #include <asm/uaccess.h>
35 #include <asm/processor.h>
38 #include "cifsproto.h"
39 #include "cifs_unicode.h"
40 #include "cifs_debug.h"
41 #include "cifs_fs_sb.h"
44 #include "rfc1002pdu.h"
48 #define RFC1001_PORT 139
50 static DECLARE_COMPLETION(cifsd_complete);
52 extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
55 extern mempool_t *cifs_req_poolp;
63 char *in6_addr; /* ipv6 address as human readable form of in6_addr */
64 char *iocharset; /* local code page for mapping to and from Unicode */
65 char source_rfc1001_name[16]; /* netbios name of client */
66 char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
77 unsigned no_psx_acl:1; /* set if posix acl support should be disabled */
79 unsigned no_xattr:1; /* set if xattr (EA) support should be disabled*/
80 unsigned server_ino:1; /* use inode numbers from server ie UniqueId */
82 unsigned remap:1; /* set to remap seven reserved chars in filenames */
83 unsigned posix_paths:1; /* unset to not ask for posix pathnames. */
85 unsigned nullauth:1; /* attempt to authenticate with null user */
86 unsigned nocase; /* request case insensitive filenames */
87 unsigned nobrl; /* disable sending byte range locks to srv */
91 unsigned short int port;
94 static int ipv4_connect(struct sockaddr_in *psin_server,
95 struct socket **csocket,
97 char * server_netb_name);
98 static int ipv6_connect(struct sockaddr_in6 *psin_server,
99 struct socket **csocket);
103 * cifs tcp session reconnection
105 * mark tcp session as reconnecting so temporarily locked
106 * mark all smb sessions as reconnecting for tcp session
107 * reconnect tcp session
108 * wake up waiters on reconnection? - (not needed currently)
112 cifs_reconnect(struct TCP_Server_Info *server)
115 struct list_head *tmp;
116 struct cifsSesInfo *ses;
117 struct cifsTconInfo *tcon;
118 struct mid_q_entry * mid_entry;
120 spin_lock(&GlobalMid_Lock);
121 if(server->tcpStatus == CifsExiting) {
122 /* the demux thread will exit normally
123 next time through the loop */
124 spin_unlock(&GlobalMid_Lock);
127 server->tcpStatus = CifsNeedReconnect;
128 spin_unlock(&GlobalMid_Lock);
131 cFYI(1, ("Reconnecting tcp session"));
133 /* before reconnecting the tcp session, mark the smb session (uid)
134 and the tid bad so they are not used until reconnected */
135 read_lock(&GlobalSMBSeslock);
136 list_for_each(tmp, &GlobalSMBSessionList) {
137 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
139 if (ses->server == server) {
140 ses->status = CifsNeedReconnect;
144 /* else tcp and smb sessions need reconnection */
146 list_for_each(tmp, &GlobalTreeConnectionList) {
147 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
148 if((tcon) && (tcon->ses) && (tcon->ses->server == server)) {
149 tcon->tidStatus = CifsNeedReconnect;
152 read_unlock(&GlobalSMBSeslock);
153 /* do not want to be sending data on a socket we are freeing */
154 down(&server->tcpSem);
155 if(server->ssocket) {
156 cFYI(1,("State: 0x%x Flags: 0x%lx", server->ssocket->state,
157 server->ssocket->flags));
158 server->ssocket->ops->shutdown(server->ssocket,SEND_SHUTDOWN);
159 cFYI(1,("Post shutdown state: 0x%x Flags: 0x%lx", server->ssocket->state,
160 server->ssocket->flags));
161 sock_release(server->ssocket);
162 server->ssocket = NULL;
165 spin_lock(&GlobalMid_Lock);
166 list_for_each(tmp, &server->pending_mid_q) {
167 mid_entry = list_entry(tmp, struct
171 if(mid_entry->midState == MID_REQUEST_SUBMITTED) {
172 /* Mark other intransit requests as needing
173 retry so we do not immediately mark the
174 session bad again (ie after we reconnect
175 below) as they timeout too */
176 mid_entry->midState = MID_RETRY_NEEDED;
180 spin_unlock(&GlobalMid_Lock);
183 while ((server->tcpStatus != CifsExiting) && (server->tcpStatus != CifsGood))
186 if(server->protocolType == IPV6) {
187 rc = ipv6_connect(&server->addr.sockAddr6,&server->ssocket);
189 rc = ipv4_connect(&server->addr.sockAddr,
191 server->workstation_RFC1001_name,
192 server->server_RFC1001_name);
195 cFYI(1,("reconnect error %d",rc));
198 atomic_inc(&tcpSesReconnectCount);
199 spin_lock(&GlobalMid_Lock);
200 if(server->tcpStatus != CifsExiting)
201 server->tcpStatus = CifsGood;
202 server->sequence_number = 0;
203 spin_unlock(&GlobalMid_Lock);
204 /* atomic_set(&server->inFlight,0);*/
205 wake_up(&server->response_q);
213 0 not a transact2, or all data present
214 >0 transact2 with that much data missing
215 -EINVAL = invalid transact2
218 static int check2ndT2(struct smb_hdr * pSMB, unsigned int maxBufSize)
220 struct smb_t2_rsp * pSMBt;
222 int data_in_this_rsp;
225 if(pSMB->Command != SMB_COM_TRANSACTION2)
228 /* check for plausible wct, bcc and t2 data and parm sizes */
229 /* check for parm and data offset going beyond end of smb */
230 if(pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
231 cFYI(1,("invalid transact2 word count"));
235 pSMBt = (struct smb_t2_rsp *)pSMB;
237 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
238 data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
240 remaining = total_data_size - data_in_this_rsp;
244 else if(remaining < 0) {
245 cFYI(1,("total data %d smaller than data in frame %d",
246 total_data_size, data_in_this_rsp));
249 cFYI(1,("missing %d bytes from transact2, check next response",
251 if(total_data_size > maxBufSize) {
252 cERROR(1,("TotalDataSize %d is over maximum buffer %d",
253 total_data_size,maxBufSize));
260 static int coalesce_t2(struct smb_hdr * psecond, struct smb_hdr *pTargetSMB)
262 struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
263 struct smb_t2_rsp *pSMBt = (struct smb_t2_rsp *)pTargetSMB;
268 char * data_area_of_target;
269 char * data_area_of_buf2;
272 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
274 if(total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
275 cFYI(1,("total data sizes of primary and secondary t2 differ"));
278 total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
280 remaining = total_data_size - total_in_buf;
285 if(remaining == 0) /* nothing to do, ignore */
288 total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
289 if(remaining < total_in_buf2) {
290 cFYI(1,("transact2 2nd response contains too much data"));
293 /* find end of first SMB data area */
294 data_area_of_target = (char *)&pSMBt->hdr.Protocol +
295 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
296 /* validate target area */
298 data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
299 le16_to_cpu(pSMB2->t2_rsp.DataOffset);
301 data_area_of_target += total_in_buf;
303 /* copy second buffer into end of first buffer */
304 memcpy(data_area_of_target,data_area_of_buf2,total_in_buf2);
305 total_in_buf += total_in_buf2;
306 pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
307 byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
308 byte_count += total_in_buf2;
309 BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
311 byte_count = pTargetSMB->smb_buf_length;
312 byte_count += total_in_buf2;
314 /* BB also add check that we are not beyond maximum buffer size */
316 pTargetSMB->smb_buf_length = byte_count;
318 if(remaining == total_in_buf2) {
319 cFYI(1,("found the last secondary response"));
320 return 0; /* we are done */
321 } else /* more responses to go */
327 cifs_demultiplex_thread(struct TCP_Server_Info *server)
330 unsigned int pdu_length, total_read;
331 struct smb_hdr *smb_buffer = NULL;
332 struct smb_hdr *bigbuf = NULL;
333 struct smb_hdr *smallbuf = NULL;
334 struct msghdr smb_msg;
336 struct socket *csocket = server->ssocket;
337 struct list_head *tmp;
338 struct cifsSesInfo *ses;
339 struct task_struct *task_to_wake = NULL;
340 struct mid_q_entry *mid_entry;
342 int isLargeBuf = FALSE;
347 allow_signal(SIGKILL);
348 current->flags |= PF_MEMALLOC;
349 server->tsk = current; /* save process info to wake at shutdown */
350 cFYI(1, ("Demultiplex PID: %d", current->pid));
351 write_lock(&GlobalSMBSeslock);
352 atomic_inc(&tcpSesAllocCount);
353 length = tcpSesAllocCount.counter;
354 write_unlock(&GlobalSMBSeslock);
355 complete(&cifsd_complete);
357 mempool_resize(cifs_req_poolp,
358 length + cifs_min_rcv,
362 while (server->tcpStatus != CifsExiting) {
365 if (bigbuf == NULL) {
366 bigbuf = cifs_buf_get();
368 cERROR(1, ("No memory for large SMB response"));
370 /* retry will check if exiting */
373 } else if (isLargeBuf) {
374 /* we are reusing a dirty large buf, clear its start */
375 memset(bigbuf, 0, sizeof (struct smb_hdr));
378 if (smallbuf == NULL) {
379 smallbuf = cifs_small_buf_get();
381 cERROR(1, ("No memory for SMB response"));
383 /* retry will check if exiting */
386 /* beginning of smb buffer is cleared in our buf_get */
387 } else /* if existing small buf clear beginning */
388 memset(smallbuf, 0, sizeof (struct smb_hdr));
392 smb_buffer = smallbuf;
393 iov.iov_base = smb_buffer;
395 smb_msg.msg_control = NULL;
396 smb_msg.msg_controllen = 0;
398 kernel_recvmsg(csocket, &smb_msg,
399 &iov, 1, 4, 0 /* BB see socket.h flags */);
401 if (server->tcpStatus == CifsExiting) {
403 } else if (server->tcpStatus == CifsNeedReconnect) {
404 cFYI(1, ("Reconnect after server stopped responding"));
405 cifs_reconnect(server);
406 cFYI(1, ("call to reconnect done"));
407 csocket = server->ssocket;
409 } else if ((length == -ERESTARTSYS) || (length == -EAGAIN)) {
410 msleep(1); /* minimum sleep to prevent looping
411 allowing socket to clear and app threads to set
412 tcpStatus CifsNeedReconnect if server hung */
414 } else if (length <= 0) {
415 if (server->tcpStatus == CifsNew) {
416 cFYI(1, ("tcp session abend after SMBnegprot"));
417 /* some servers kill the TCP session rather than
418 returning an SMB negprot error, in which
419 case reconnecting here is not going to help,
420 and so simply return error to mount */
423 if (!try_to_freeze() && (length == -EINTR)) {
424 cFYI(1,("cifsd thread killed"));
427 cFYI(1,("Reconnect after unexpected peek error %d",
429 cifs_reconnect(server);
430 csocket = server->ssocket;
431 wake_up(&server->response_q);
433 } else if (length < 4) {
435 ("Frame under four bytes received (%d bytes long)",
437 cifs_reconnect(server);
438 csocket = server->ssocket;
439 wake_up(&server->response_q);
443 /* The right amount was read from socket - 4 bytes */
444 /* so we can now interpret the length field */
446 /* the first byte big endian of the length field,
447 is actually not part of the length but the type
448 with the most common, zero, as regular data */
449 temp = *((char *) smb_buffer);
451 /* Note that FC 1001 length is big endian on the wire,
452 but we convert it here so it is always manipulated
453 as host byte order */
454 pdu_length = ntohl(smb_buffer->smb_buf_length);
455 smb_buffer->smb_buf_length = pdu_length;
457 cFYI(1,("rfc1002 length 0x%x)", pdu_length+4));
459 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
461 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
462 cFYI(1,("Good RFC 1002 session rsp"));
464 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
465 /* we get this from Windows 98 instead of
466 an error on SMB negprot response */
467 cFYI(1,("Negative RFC1002 Session Response Error 0x%x)",
469 if(server->tcpStatus == CifsNew) {
470 /* if nack on negprot (rather than
471 ret of smb negprot error) reconnecting
472 not going to help, ret error to mount */
475 /* give server a second to
476 clean up before reconnect attempt */
478 /* always try 445 first on reconnect
479 since we get NACK on some if we ever
480 connected to port 139 (the NACK is
481 since we do not begin with RFC1001
482 session initialize frame) */
483 server->addr.sockAddr.sin_port =
485 cifs_reconnect(server);
486 csocket = server->ssocket;
487 wake_up(&server->response_q);
490 } else if (temp != (char) 0) {
491 cERROR(1,("Unknown RFC 1002 frame"));
492 cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
494 cifs_reconnect(server);
495 csocket = server->ssocket;
499 /* else we have an SMB response */
500 if((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
501 (pdu_length < sizeof (struct smb_hdr) - 1 - 4)) {
502 cERROR(1, ("Invalid size SMB length %d pdu_length %d",
503 length, pdu_length+4));
504 cifs_reconnect(server);
505 csocket = server->ssocket;
506 wake_up(&server->response_q);
513 if(pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
515 memcpy(bigbuf, smallbuf, 4);
519 iov.iov_base = 4 + (char *)smb_buffer;
520 iov.iov_len = pdu_length;
521 for (total_read = 0; total_read < pdu_length;
522 total_read += length) {
523 length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
524 pdu_length - total_read, 0);
525 if((server->tcpStatus == CifsExiting) ||
526 (length == -EINTR)) {
530 } else if (server->tcpStatus == CifsNeedReconnect) {
531 cifs_reconnect(server);
532 csocket = server->ssocket;
533 /* Reconnect wakes up rspns q */
534 /* Now we will reread sock */
537 } else if ((length == -ERESTARTSYS) ||
538 (length == -EAGAIN)) {
539 msleep(1); /* minimum sleep to prevent looping,
540 allowing socket to clear and app
541 threads to set tcpStatus
542 CifsNeedReconnect if server hung*/
544 } else if (length <= 0) {
545 cERROR(1,("Received no data, expecting %d",
546 pdu_length - total_read));
547 cifs_reconnect(server);
548 csocket = server->ssocket;
555 else if(reconnect == 1)
558 length += 4; /* account for rfc1002 hdr */
561 dump_smb(smb_buffer, length);
562 if (checkSMB(smb_buffer, smb_buffer->Mid, total_read+4)) {
563 cifs_dump_mem("Bad SMB: ", smb_buffer, 48);
569 spin_lock(&GlobalMid_Lock);
570 list_for_each(tmp, &server->pending_mid_q) {
571 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
573 if ((mid_entry->mid == smb_buffer->Mid) &&
574 (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
575 (mid_entry->command == smb_buffer->Command)) {
576 if(check2ndT2(smb_buffer,server->maxBuf) > 0) {
577 /* We have a multipart transact2 resp */
579 if(mid_entry->resp_buf) {
580 /* merge response - fix up 1st*/
581 if(coalesce_t2(smb_buffer,
582 mid_entry->resp_buf)) {
583 mid_entry->multiRsp = 1;
586 /* all parts received */
587 mid_entry->multiEnd = 1;
592 cERROR(1,("1st trans2 resp needs bigbuf"));
593 /* BB maybe we can fix this up, switch
594 to already allocated large buffer? */
596 /* Have first buffer */
597 mid_entry->resp_buf =
599 mid_entry->largeBuf = 1;
605 mid_entry->resp_buf = smb_buffer;
607 mid_entry->largeBuf = 1;
609 mid_entry->largeBuf = 0;
611 task_to_wake = mid_entry->tsk;
612 mid_entry->midState = MID_RESPONSE_RECEIVED;
613 #ifdef CONFIG_CIFS_STATS2
614 mid_entry->when_received = jiffies;
616 /* so we do not time out requests to server
617 which is still responding (since server could
618 be busy but not dead) */
619 server->lstrp = jiffies;
623 spin_unlock(&GlobalMid_Lock);
625 /* Was previous buf put in mpx struct for multi-rsp? */
627 /* smb buffer will be freed by user thread */
633 wake_up_process(task_to_wake);
634 } else if ((is_valid_oplock_break(smb_buffer, server) == FALSE)
635 && (isMultiRsp == FALSE)) {
636 cERROR(1, ("No task to wake, unknown frame rcvd! NumMids %d", midCount.counter));
637 cifs_dump_mem("Received Data is: ",(char *)smb_buffer,
638 sizeof(struct smb_hdr));
639 #ifdef CONFIG_CIFS_DEBUG2
640 cifs_dump_detail(smb_buffer);
641 cifs_dump_mids(server);
642 #endif /* CIFS_DEBUG2 */
645 } /* end while !EXITING */
647 spin_lock(&GlobalMid_Lock);
648 server->tcpStatus = CifsExiting;
650 /* check if we have blocked requests that need to free */
651 /* Note that cifs_max_pending is normally 50, but
652 can be set at module install time to as little as two */
653 if(atomic_read(&server->inFlight) >= cifs_max_pending)
654 atomic_set(&server->inFlight, cifs_max_pending - 1);
655 /* We do not want to set the max_pending too low or we
656 could end up with the counter going negative */
657 spin_unlock(&GlobalMid_Lock);
658 /* Although there should not be any requests blocked on
659 this queue it can not hurt to be paranoid and try to wake up requests
660 that may haven been blocked when more than 50 at time were on the wire
661 to the same server - they now will see the session is in exit state
662 and get out of SendReceive. */
663 wake_up_all(&server->request_q);
664 /* give those requests time to exit */
667 if(server->ssocket) {
668 sock_release(csocket);
669 server->ssocket = NULL;
671 /* buffer usuallly freed in free_mid - need to free it here on exit */
673 cifs_buf_release(bigbuf);
674 if (smallbuf != NULL)
675 cifs_small_buf_release(smallbuf);
677 read_lock(&GlobalSMBSeslock);
678 if (list_empty(&server->pending_mid_q)) {
679 /* loop through server session structures attached to this and
681 list_for_each(tmp, &GlobalSMBSessionList) {
683 list_entry(tmp, struct cifsSesInfo,
685 if (ses->server == server) {
686 ses->status = CifsExiting;
690 read_unlock(&GlobalSMBSeslock);
692 /* although we can not zero the server struct pointer yet,
693 since there are active requests which may depnd on them,
694 mark the corresponding SMB sessions as exiting too */
695 list_for_each(tmp, &GlobalSMBSessionList) {
696 ses = list_entry(tmp, struct cifsSesInfo,
698 if (ses->server == server) {
699 ses->status = CifsExiting;
703 spin_lock(&GlobalMid_Lock);
704 list_for_each(tmp, &server->pending_mid_q) {
705 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
706 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
708 ("Clearing Mid 0x%x - waking up ",mid_entry->mid));
709 task_to_wake = mid_entry->tsk;
711 wake_up_process(task_to_wake);
715 spin_unlock(&GlobalMid_Lock);
716 read_unlock(&GlobalSMBSeslock);
717 /* 1/8th of sec is more than enough time for them to exit */
721 if (!list_empty(&server->pending_mid_q)) {
722 /* mpx threads have not exited yet give them
723 at least the smb send timeout time for long ops */
724 /* due to delays on oplock break requests, we need
725 to wait at least 45 seconds before giving up
726 on a request getting a response and going ahead
728 cFYI(1, ("Wait for exit from demultiplex thread"));
730 /* if threads still have not exited they are probably never
731 coming home not much else we can do but free the memory */
734 write_lock(&GlobalSMBSeslock);
735 atomic_dec(&tcpSesAllocCount);
736 length = tcpSesAllocCount.counter;
738 /* last chance to mark ses pointers invalid
739 if there are any pointing to this (e.g
740 if a crazy root user tried to kill cifsd
741 kernel thread explicitly this might happen) */
742 list_for_each(tmp, &GlobalSMBSessionList) {
743 ses = list_entry(tmp, struct cifsSesInfo,
745 if (ses->server == server) {
749 write_unlock(&GlobalSMBSeslock);
753 mempool_resize(cifs_req_poolp,
754 length + cifs_min_rcv,
758 complete_and_exit(&cifsd_complete, 0);
763 cifs_parse_mount_options(char *options, const char *devname,struct smb_vol *vol)
767 unsigned int temp_len, i, j;
773 memset(vol->source_rfc1001_name,0x20,15);
774 for(i=0;i < strnlen(system_utsname.nodename,15);i++) {
775 /* does not have to be a perfect mapping since the field is
776 informational, only used for servers that do not support
777 port 445 and it can be overridden at mount time */
778 vol->source_rfc1001_name[i] =
779 toupper(system_utsname.nodename[i]);
781 vol->source_rfc1001_name[15] = 0;
782 /* null target name indicates to use *SMBSERVR default called name
783 if we end up sending RFC1001 session initialize */
784 vol->target_rfc1001_name[0] = 0;
785 vol->linux_uid = current->uid; /* current->euid instead? */
786 vol->linux_gid = current->gid;
787 vol->dir_mode = S_IRWXUGO;
788 /* 2767 perms indicate mandatory locking support */
789 vol->file_mode = S_IALLUGO & ~(S_ISUID | S_IXGRP);
791 /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
793 /* default is always to request posix paths. */
794 vol->posix_paths = 1;
799 if(strncmp(options,"sep=",4) == 0) {
800 if(options[4] != 0) {
801 separator[0] = options[4];
804 cFYI(1,("Null separator not allowed"));
808 while ((data = strsep(&options, separator)) != NULL) {
811 if ((value = strchr(data, '=')) != NULL)
814 if (strnicmp(data, "user_xattr",10) == 0) {/*parse before user*/
816 } else if (strnicmp(data, "nouser_xattr",12) == 0) {
818 } else if (strnicmp(data, "user", 4) == 0) {
819 if (!value || !*value) {
821 "CIFS: invalid or missing username\n");
822 return 1; /* needs_arg; */
824 if (strnlen(value, 200) < 200) {
825 vol->username = value;
827 printk(KERN_WARNING "CIFS: username too long\n");
830 } else if (strnicmp(data, "pass", 4) == 0) {
832 vol->password = NULL;
834 } else if(value[0] == 0) {
835 /* check if string begins with double comma
836 since that would mean the password really
837 does start with a comma, and would not
838 indicate an empty string */
839 if(value[1] != separator[0]) {
840 vol->password = NULL;
844 temp_len = strlen(value);
845 /* removed password length check, NTLM passwords
846 can be arbitrarily long */
848 /* if comma in password, the string will be
849 prematurely null terminated. Commas in password are
850 specified across the cifs mount interface by a double
851 comma ie ,, and a comma used as in other cases ie ','
852 as a parameter delimiter/separator is single and due
853 to the strsep above is temporarily zeroed. */
855 /* NB: password legally can have multiple commas and
856 the only illegal character in a password is null */
858 if ((value[temp_len] == 0) &&
859 (value[temp_len+1] == separator[0])) {
861 value[temp_len] = separator[0];
862 temp_len+=2; /* move after the second comma */
863 while(value[temp_len] != 0) {
864 if (value[temp_len] == separator[0]) {
865 if (value[temp_len+1] ==
867 /* skip second comma */
870 /* single comma indicating start
877 if(value[temp_len] == 0) {
881 /* point option to start of next parm */
882 options = value + temp_len + 1;
884 /* go from value to value + temp_len condensing
885 double commas to singles. Note that this ends up
886 allocating a few bytes too many, which is ok */
887 vol->password = kzalloc(temp_len, GFP_KERNEL);
888 if(vol->password == NULL) {
889 printk("CIFS: no memory for pass\n");
892 for(i=0,j=0;i<temp_len;i++,j++) {
893 vol->password[j] = value[i];
894 if(value[i] == separator[0]
895 && value[i+1] == separator[0]) {
896 /* skip second comma */
900 vol->password[j] = 0;
902 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
903 if(vol->password == NULL) {
904 printk("CIFS: no memory for pass\n");
907 strcpy(vol->password, value);
909 } else if (strnicmp(data, "ip", 2) == 0) {
910 if (!value || !*value) {
912 } else if (strnlen(value, 35) < 35) {
915 printk(KERN_WARNING "CIFS: ip address too long\n");
918 } else if (strnicmp(data, "sec", 3) == 0) {
919 if (!value || !*value) {
920 cERROR(1,("no security value specified"));
922 } else if (strnicmp(value, "krb5i", 5) == 0) {
923 vol->secFlg |= CIFSSEC_MAY_KRB5 |
925 } else if (strnicmp(value, "krb5p", 5) == 0) {
926 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
928 cERROR(1,("Krb5 cifs privacy not supported"));
930 } else if (strnicmp(value, "krb5", 4) == 0) {
931 vol->secFlg |= CIFSSEC_MAY_KRB5;
932 } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
933 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
935 } else if (strnicmp(value, "ntlmv2", 6) == 0) {
936 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
937 } else if (strnicmp(value, "ntlmi", 5) == 0) {
938 vol->secFlg |= CIFSSEC_MAY_NTLM |
940 } else if (strnicmp(value, "ntlm", 4) == 0) {
941 /* ntlm is default so can be turned off too */
942 vol->secFlg |= CIFSSEC_MAY_NTLM;
943 } else if (strnicmp(value, "nontlm", 6) == 0) {
944 /* BB is there a better way to do this? */
945 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
946 #ifdef CONFIG_CIFS_WEAK_PW_HASH
947 } else if (strnicmp(value, "lanman", 6) == 0) {
948 vol->secFlg |= CIFSSEC_MAY_LANMAN;
950 } else if (strnicmp(value, "none", 4) == 0) {
953 cERROR(1,("bad security option: %s", value));
956 } else if ((strnicmp(data, "unc", 3) == 0)
957 || (strnicmp(data, "target", 6) == 0)
958 || (strnicmp(data, "path", 4) == 0)) {
959 if (!value || !*value) {
961 "CIFS: invalid path to network resource\n");
962 return 1; /* needs_arg; */
964 if ((temp_len = strnlen(value, 300)) < 300) {
965 vol->UNC = kmalloc(temp_len+1,GFP_KERNEL);
968 strcpy(vol->UNC,value);
969 if (strncmp(vol->UNC, "//", 2) == 0) {
972 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
974 "CIFS: UNC Path does not begin with // or \\\\ \n");
978 printk(KERN_WARNING "CIFS: UNC name too long\n");
981 } else if ((strnicmp(data, "domain", 3) == 0)
982 || (strnicmp(data, "workgroup", 5) == 0)) {
983 if (!value || !*value) {
984 printk(KERN_WARNING "CIFS: invalid domain name\n");
985 return 1; /* needs_arg; */
987 /* BB are there cases in which a comma can be valid in
988 a domain name and need special handling? */
989 if (strnlen(value, 256) < 256) {
990 vol->domainname = value;
991 cFYI(1, ("Domain name set"));
993 printk(KERN_WARNING "CIFS: domain name too long\n");
996 } else if (strnicmp(data, "iocharset", 9) == 0) {
997 if (!value || !*value) {
998 printk(KERN_WARNING "CIFS: invalid iocharset specified\n");
999 return 1; /* needs_arg; */
1001 if (strnlen(value, 65) < 65) {
1002 if(strnicmp(value,"default",7))
1003 vol->iocharset = value;
1004 /* if iocharset not set load_nls_default used by caller */
1005 cFYI(1, ("iocharset set to %s",value));
1007 printk(KERN_WARNING "CIFS: iocharset name too long.\n");
1010 } else if (strnicmp(data, "uid", 3) == 0) {
1011 if (value && *value) {
1013 simple_strtoul(value, &value, 0);
1015 } else if (strnicmp(data, "gid", 3) == 0) {
1016 if (value && *value) {
1018 simple_strtoul(value, &value, 0);
1020 } else if (strnicmp(data, "file_mode", 4) == 0) {
1021 if (value && *value) {
1023 simple_strtoul(value, &value, 0);
1025 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1026 if (value && *value) {
1028 simple_strtoul(value, &value, 0);
1030 } else if (strnicmp(data, "dirmode", 4) == 0) {
1031 if (value && *value) {
1033 simple_strtoul(value, &value, 0);
1035 } else if (strnicmp(data, "port", 4) == 0) {
1036 if (value && *value) {
1038 simple_strtoul(value, &value, 0);
1040 } else if (strnicmp(data, "rsize", 5) == 0) {
1041 if (value && *value) {
1043 simple_strtoul(value, &value, 0);
1045 } else if (strnicmp(data, "wsize", 5) == 0) {
1046 if (value && *value) {
1048 simple_strtoul(value, &value, 0);
1050 } else if (strnicmp(data, "sockopt", 5) == 0) {
1051 if (value && *value) {
1053 simple_strtoul(value, &value, 0);
1055 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1056 if (!value || !*value || (*value == ' ')) {
1057 cFYI(1,("invalid (empty) netbiosname specified"));
1059 memset(vol->source_rfc1001_name,0x20,15);
1061 /* BB are there cases in which a comma can be
1062 valid in this workstation netbios name (and need
1063 special handling)? */
1065 /* We do not uppercase netbiosname for user */
1069 vol->source_rfc1001_name[i] = value[i];
1071 /* The string has 16th byte zero still from
1072 set at top of the function */
1073 if((i==15) && (value[i] != 0))
1074 printk(KERN_WARNING "CIFS: netbiosname longer than 15 truncated.\n");
1076 } else if (strnicmp(data, "servern", 7) == 0) {
1077 /* servernetbiosname specified override *SMBSERVER */
1078 if (!value || !*value || (*value == ' ')) {
1079 cFYI(1,("empty server netbiosname specified"));
1081 /* last byte, type, is 0x20 for servr type */
1082 memset(vol->target_rfc1001_name,0x20,16);
1085 /* BB are there cases in which a comma can be
1086 valid in this workstation netbios name (and need
1087 special handling)? */
1089 /* user or mount helper must uppercase netbiosname */
1093 vol->target_rfc1001_name[i] = value[i];
1095 /* The string has 16th byte zero still from
1096 set at top of the function */
1097 if((i==15) && (value[i] != 0))
1098 printk(KERN_WARNING "CIFS: server netbiosname longer than 15 truncated.\n");
1100 } else if (strnicmp(data, "credentials", 4) == 0) {
1102 } else if (strnicmp(data, "version", 3) == 0) {
1104 } else if (strnicmp(data, "guest",5) == 0) {
1106 } else if (strnicmp(data, "rw", 2) == 0) {
1108 } else if ((strnicmp(data, "suid", 4) == 0) ||
1109 (strnicmp(data, "nosuid", 6) == 0) ||
1110 (strnicmp(data, "exec", 4) == 0) ||
1111 (strnicmp(data, "noexec", 6) == 0) ||
1112 (strnicmp(data, "nodev", 5) == 0) ||
1113 (strnicmp(data, "noauto", 6) == 0) ||
1114 (strnicmp(data, "dev", 3) == 0)) {
1115 /* The mount tool or mount.cifs helper (if present)
1116 uses these opts to set flags, and the flags are read
1117 by the kernel vfs layer before we get here (ie
1118 before read super) so there is no point trying to
1119 parse these options again and set anything and it
1120 is ok to just ignore them */
1122 } else if (strnicmp(data, "ro", 2) == 0) {
1124 } else if (strnicmp(data, "hard", 4) == 0) {
1126 } else if (strnicmp(data, "soft", 4) == 0) {
1128 } else if (strnicmp(data, "perm", 4) == 0) {
1130 } else if (strnicmp(data, "noperm", 6) == 0) {
1132 } else if (strnicmp(data, "mapchars", 8) == 0) {
1134 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1136 } else if (strnicmp(data, "sfu", 3) == 0) {
1138 } else if (strnicmp(data, "nosfu", 5) == 0) {
1140 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1141 vol->posix_paths = 1;
1142 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1143 vol->posix_paths = 0;
1144 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1145 (strnicmp(data, "ignorecase", 10) == 0)) {
1147 } else if (strnicmp(data, "brl", 3) == 0) {
1149 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1150 (strnicmp(data, "nolock", 6) == 0)) {
1152 /* turn off mandatory locking in mode
1153 if remote locking is turned off since the
1154 local vfs will do advisory */
1155 if(vol->file_mode == (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1156 vol->file_mode = S_IALLUGO;
1157 } else if (strnicmp(data, "setuids", 7) == 0) {
1159 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1161 } else if (strnicmp(data, "nohard", 6) == 0) {
1163 } else if (strnicmp(data, "nosoft", 6) == 0) {
1165 } else if (strnicmp(data, "nointr", 6) == 0) {
1167 } else if (strnicmp(data, "intr", 4) == 0) {
1169 } else if (strnicmp(data, "serverino",7) == 0) {
1170 vol->server_ino = 1;
1171 } else if (strnicmp(data, "noserverino",9) == 0) {
1172 vol->server_ino = 0;
1173 } else if (strnicmp(data, "cifsacl",7) == 0) {
1175 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1177 } else if (strnicmp(data, "acl",3) == 0) {
1178 vol->no_psx_acl = 0;
1179 } else if (strnicmp(data, "noacl",5) == 0) {
1180 vol->no_psx_acl = 1;
1181 } else if (strnicmp(data, "sign",4) == 0) {
1182 vol->secFlg |= CIFSSEC_MUST_SIGN;
1183 /* } else if (strnicmp(data, "seal",4) == 0) {
1184 vol->secFlg |= CIFSSEC_MUST_SEAL; */
1185 } else if (strnicmp(data, "direct",6) == 0) {
1187 } else if (strnicmp(data, "forcedirectio",13) == 0) {
1189 } else if (strnicmp(data, "in6_addr",8) == 0) {
1190 if (!value || !*value) {
1191 vol->in6_addr = NULL;
1192 } else if (strnlen(value, 49) == 48) {
1193 vol->in6_addr = value;
1195 printk(KERN_WARNING "CIFS: ip v6 address not 48 characters long\n");
1198 } else if (strnicmp(data, "noac", 4) == 0) {
1199 printk(KERN_WARNING "CIFS: Mount option noac not supported. Instead set /proc/fs/cifs/LookupCacheEnabled to 0\n");
1201 printk(KERN_WARNING "CIFS: Unknown mount option %s\n",data);
1203 if (vol->UNC == NULL) {
1204 if(devname == NULL) {
1205 printk(KERN_WARNING "CIFS: Missing UNC name for mount target\n");
1208 if ((temp_len = strnlen(devname, 300)) < 300) {
1209 vol->UNC = kmalloc(temp_len+1,GFP_KERNEL);
1210 if(vol->UNC == NULL)
1212 strcpy(vol->UNC,devname);
1213 if (strncmp(vol->UNC, "//", 2) == 0) {
1216 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1217 printk(KERN_WARNING "CIFS: UNC Path does not begin with // or \\\\ \n");
1221 printk(KERN_WARNING "CIFS: UNC name too long\n");
1225 if(vol->UNCip == NULL)
1226 vol->UNCip = &vol->UNC[2];
1231 static struct cifsSesInfo *
1232 cifs_find_tcp_session(struct in_addr * target_ip_addr,
1233 struct in6_addr *target_ip6_addr,
1234 char *userName, struct TCP_Server_Info **psrvTcp)
1236 struct list_head *tmp;
1237 struct cifsSesInfo *ses;
1239 read_lock(&GlobalSMBSeslock);
1241 list_for_each(tmp, &GlobalSMBSessionList) {
1242 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
1244 if((target_ip_addr &&
1245 (ses->server->addr.sockAddr.sin_addr.s_addr
1246 == target_ip_addr->s_addr)) || (target_ip6_addr
1247 && memcmp(&ses->server->addr.sockAddr6.sin6_addr,
1248 target_ip6_addr,sizeof(*target_ip6_addr)))){
1249 /* BB lock server and tcp session and increment use count here?? */
1250 *psrvTcp = ses->server; /* found a match on the TCP session */
1251 /* BB check if reconnection needed */
1253 (ses->userName, userName,
1254 MAX_USERNAME_SIZE) == 0){
1255 read_unlock(&GlobalSMBSeslock);
1256 return ses; /* found exact match on both tcp and SMB sessions */
1260 /* else tcp and smb sessions need reconnection */
1262 read_unlock(&GlobalSMBSeslock);
1266 static struct cifsTconInfo *
1267 find_unc(__be32 new_target_ip_addr, char *uncName, char *userName)
1269 struct list_head *tmp;
1270 struct cifsTconInfo *tcon;
1272 read_lock(&GlobalSMBSeslock);
1273 list_for_each(tmp, &GlobalTreeConnectionList) {
1274 cFYI(1, ("Next tcon"));
1275 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
1277 if (tcon->ses->server) {
1279 ("old ip addr: %x == new ip %x ?",
1280 tcon->ses->server->addr.sockAddr.sin_addr.
1281 s_addr, new_target_ip_addr));
1282 if (tcon->ses->server->addr.sockAddr.sin_addr.
1283 s_addr == new_target_ip_addr) {
1284 /* BB lock tcon, server and tcp session and increment use count here? */
1285 /* found a match on the TCP session */
1286 /* BB check if reconnection needed */
1287 cFYI(1,("IP match, old UNC: %s new: %s",
1288 tcon->treeName, uncName));
1290 (tcon->treeName, uncName,
1291 MAX_TREE_SIZE) == 0) {
1293 ("and old usr: %s new: %s",
1294 tcon->treeName, uncName));
1296 (tcon->ses->userName,
1298 MAX_USERNAME_SIZE) == 0) {
1299 read_unlock(&GlobalSMBSeslock);
1300 /* matched smb session
1309 read_unlock(&GlobalSMBSeslock);
1314 connect_to_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
1315 const char *old_path, const struct nls_table *nls_codepage,
1318 unsigned char *referrals = NULL;
1319 unsigned int num_referrals;
1322 rc = get_dfs_path(xid, pSesInfo,old_path, nls_codepage,
1323 &num_referrals, &referrals, remap);
1325 /* BB Add in code to: if valid refrl, if not ip address contact
1326 the helper that resolves tcp names, mount to it, try to
1327 tcon to it unmount it if fail */
1335 get_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
1336 const char *old_path, const struct nls_table *nls_codepage,
1337 unsigned int *pnum_referrals,
1338 unsigned char ** preferrals, int remap)
1343 *pnum_referrals = 0;
1345 if (pSesInfo->ipc_tid == 0) {
1346 temp_unc = kmalloc(2 /* for slashes */ +
1347 strnlen(pSesInfo->serverName,SERVER_NAME_LEN_WITH_NULL * 2)
1348 + 1 + 4 /* slash IPC$ */ + 2,
1350 if (temp_unc == NULL)
1354 strcpy(temp_unc + 2, pSesInfo->serverName);
1355 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
1356 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
1358 ("CIFS Tcon rc = %d ipc_tid = %d", rc,pSesInfo->ipc_tid));
1362 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
1363 pnum_referrals, nls_codepage, remap);
1368 /* See RFC1001 section 14 on representation of Netbios names */
1369 static void rfc1002mangle(char * target,char * source, unsigned int length)
1373 for(i=0,j=0;i<(length);i++) {
1374 /* mask a nibble at a time and encode */
1375 target[j] = 'A' + (0x0F & (source[i] >> 4));
1376 target[j+1] = 'A' + (0x0F & source[i]);
1384 ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket,
1385 char * netbios_name, char * target_name)
1389 __be16 orig_port = 0;
1391 if(*csocket == NULL) {
1392 rc = sock_create_kern(PF_INET, SOCK_STREAM, IPPROTO_TCP, csocket);
1394 cERROR(1, ("Error %d creating socket",rc));
1398 /* BB other socket options to set KEEPALIVE, NODELAY? */
1399 cFYI(1,("Socket created"));
1400 (*csocket)->sk->sk_allocation = GFP_NOFS;
1404 psin_server->sin_family = AF_INET;
1405 if(psin_server->sin_port) { /* user overrode default port */
1406 rc = (*csocket)->ops->connect(*csocket,
1407 (struct sockaddr *) psin_server,
1408 sizeof (struct sockaddr_in),0);
1414 /* save original port so we can retry user specified port
1415 later if fall back ports fail this time */
1416 orig_port = psin_server->sin_port;
1418 /* do not retry on the same port we just failed on */
1419 if(psin_server->sin_port != htons(CIFS_PORT)) {
1420 psin_server->sin_port = htons(CIFS_PORT);
1422 rc = (*csocket)->ops->connect(*csocket,
1423 (struct sockaddr *) psin_server,
1424 sizeof (struct sockaddr_in),0);
1430 psin_server->sin_port = htons(RFC1001_PORT);
1431 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1432 psin_server, sizeof (struct sockaddr_in),0);
1437 /* give up here - unless we want to retry on different
1438 protocol families some day */
1441 psin_server->sin_port = orig_port;
1442 cFYI(1,("Error %d connecting to server via ipv4",rc));
1443 sock_release(*csocket);
1447 /* Eventually check for other socket options to change from
1448 the default. sock_setsockopt not used because it expects
1449 user space buffer */
1450 cFYI(1,("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",(*csocket)->sk->sk_sndbuf,
1451 (*csocket)->sk->sk_rcvbuf, (*csocket)->sk->sk_rcvtimeo));
1452 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1453 /* make the bufsizes depend on wsize/rsize and max requests */
1454 if((*csocket)->sk->sk_sndbuf < (200 * 1024))
1455 (*csocket)->sk->sk_sndbuf = 200 * 1024;
1456 if((*csocket)->sk->sk_rcvbuf < (140 * 1024))
1457 (*csocket)->sk->sk_rcvbuf = 140 * 1024;
1459 /* send RFC1001 sessinit */
1460 if(psin_server->sin_port == htons(RFC1001_PORT)) {
1461 /* some servers require RFC1001 sessinit before sending
1462 negprot - BB check reconnection in case where second
1463 sessinit is sent but no second negprot */
1464 struct rfc1002_session_packet * ses_init_buf;
1465 struct smb_hdr * smb_buf;
1466 ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet), GFP_KERNEL);
1468 ses_init_buf->trailer.session_req.called_len = 32;
1469 if(target_name && (target_name[0] != 0)) {
1470 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1473 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1474 DEFAULT_CIFS_CALLED_NAME,16);
1477 ses_init_buf->trailer.session_req.calling_len = 32;
1478 /* calling name ends in null (byte 16) from old smb
1480 if(netbios_name && (netbios_name[0] !=0)) {
1481 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1484 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1485 "LINUX_CIFS_CLNT",16);
1487 ses_init_buf->trailer.session_req.scope1 = 0;
1488 ses_init_buf->trailer.session_req.scope2 = 0;
1489 smb_buf = (struct smb_hdr *)ses_init_buf;
1490 /* sizeof RFC1002_SESSION_REQUEST with no scope */
1491 smb_buf->smb_buf_length = 0x81000044;
1492 rc = smb_send(*csocket, smb_buf, 0x44,
1493 (struct sockaddr *)psin_server);
1494 kfree(ses_init_buf);
1495 msleep(1); /* RFC1001 layer in at least one server
1496 requires very short break before negprot
1497 presumably because not expecting negprot
1498 to follow so fast. This is a simple
1499 solution that works without
1500 complicating the code and causes no
1501 significant slowing down on mount
1502 for everyone else */
1504 /* else the negprot may still work without this
1505 even though malloc failed */
1513 ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket)
1517 __be16 orig_port = 0;
1519 if(*csocket == NULL) {
1520 rc = sock_create_kern(PF_INET6, SOCK_STREAM, IPPROTO_TCP, csocket);
1522 cERROR(1, ("Error %d creating ipv6 socket",rc));
1526 /* BB other socket options to set KEEPALIVE, NODELAY? */
1527 cFYI(1,("ipv6 Socket created"));
1528 (*csocket)->sk->sk_allocation = GFP_NOFS;
1532 psin_server->sin6_family = AF_INET6;
1534 if(psin_server->sin6_port) { /* user overrode default port */
1535 rc = (*csocket)->ops->connect(*csocket,
1536 (struct sockaddr *) psin_server,
1537 sizeof (struct sockaddr_in6),0);
1543 /* save original port so we can retry user specified port
1544 later if fall back ports fail this time */
1546 orig_port = psin_server->sin6_port;
1547 /* do not retry on the same port we just failed on */
1548 if(psin_server->sin6_port != htons(CIFS_PORT)) {
1549 psin_server->sin6_port = htons(CIFS_PORT);
1551 rc = (*csocket)->ops->connect(*csocket,
1552 (struct sockaddr *) psin_server,
1553 sizeof (struct sockaddr_in6),0);
1559 psin_server->sin6_port = htons(RFC1001_PORT);
1560 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1561 psin_server, sizeof (struct sockaddr_in6),0);
1566 /* give up here - unless we want to retry on different
1567 protocol families some day */
1570 psin_server->sin6_port = orig_port;
1571 cFYI(1,("Error %d connecting to server via ipv6",rc));
1572 sock_release(*csocket);
1576 /* Eventually check for other socket options to change from
1577 the default. sock_setsockopt not used because it expects
1578 user space buffer */
1579 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1585 cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
1586 char *mount_data, const char *devname)
1590 int address_type = AF_INET;
1591 struct socket *csocket = NULL;
1592 struct sockaddr_in sin_server;
1593 struct sockaddr_in6 sin_server6;
1594 struct smb_vol volume_info;
1595 struct cifsSesInfo *pSesInfo = NULL;
1596 struct cifsSesInfo *existingCifsSes = NULL;
1597 struct cifsTconInfo *tcon = NULL;
1598 struct TCP_Server_Info *srvTcp = NULL;
1602 /* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */
1604 memset(&volume_info,0,sizeof(struct smb_vol));
1605 if (cifs_parse_mount_options(mount_data, devname, &volume_info)) {
1606 kfree(volume_info.UNC);
1607 kfree(volume_info.password);
1612 if (volume_info.username) {
1613 /* BB fixme parse for domain name here */
1614 cFYI(1, ("Username: %s ", volume_info.username));
1617 cifserror("No username specified");
1618 /* In userspace mount helper we can get user name from alternate
1619 locations such as env variables and files on disk */
1620 kfree(volume_info.UNC);
1621 kfree(volume_info.password);
1626 if (volume_info.UNCip && volume_info.UNC) {
1627 rc = cifs_inet_pton(AF_INET, volume_info.UNCip,&sin_server.sin_addr.s_addr);
1630 /* not ipv4 address, try ipv6 */
1631 rc = cifs_inet_pton(AF_INET6,volume_info.UNCip,&sin_server6.sin6_addr.in6_u);
1633 address_type = AF_INET6;
1635 address_type = AF_INET;
1639 /* we failed translating address */
1640 kfree(volume_info.UNC);
1641 kfree(volume_info.password);
1646 cFYI(1, ("UNC: %s ip: %s", volume_info.UNC, volume_info.UNCip));
1649 } else if (volume_info.UNCip){
1650 /* BB using ip addr as server name connect to the DFS root below */
1651 cERROR(1,("Connecting to DFS root not implemented yet"));
1652 kfree(volume_info.UNC);
1653 kfree(volume_info.password);
1656 } else /* which servers DFS root would we conect to */ {
1658 ("CIFS mount error: No UNC path (e.g. -o unc=//192.168.1.100/public) specified"));
1659 kfree(volume_info.UNC);
1660 kfree(volume_info.password);
1665 /* this is needed for ASCII cp to Unicode converts */
1666 if(volume_info.iocharset == NULL) {
1667 cifs_sb->local_nls = load_nls_default();
1668 /* load_nls_default can not return null */
1670 cifs_sb->local_nls = load_nls(volume_info.iocharset);
1671 if(cifs_sb->local_nls == NULL) {
1672 cERROR(1,("CIFS mount error: iocharset %s not found",volume_info.iocharset));
1673 kfree(volume_info.UNC);
1674 kfree(volume_info.password);
1680 if(address_type == AF_INET)
1681 existingCifsSes = cifs_find_tcp_session(&sin_server.sin_addr,
1682 NULL /* no ipv6 addr */,
1683 volume_info.username, &srvTcp);
1684 else if(address_type == AF_INET6)
1685 existingCifsSes = cifs_find_tcp_session(NULL /* no ipv4 addr */,
1686 &sin_server6.sin6_addr,
1687 volume_info.username, &srvTcp);
1689 kfree(volume_info.UNC);
1690 kfree(volume_info.password);
1697 cFYI(1, ("Existing tcp session with server found"));
1698 } else { /* create socket */
1699 if(volume_info.port)
1700 sin_server.sin_port = htons(volume_info.port);
1702 sin_server.sin_port = 0;
1703 rc = ipv4_connect(&sin_server,&csocket,
1704 volume_info.source_rfc1001_name,
1705 volume_info.target_rfc1001_name);
1708 ("Error connecting to IPv4 socket. Aborting operation"));
1710 sock_release(csocket);
1711 kfree(volume_info.UNC);
1712 kfree(volume_info.password);
1717 srvTcp = kmalloc(sizeof (struct TCP_Server_Info), GFP_KERNEL);
1718 if (srvTcp == NULL) {
1720 sock_release(csocket);
1721 kfree(volume_info.UNC);
1722 kfree(volume_info.password);
1726 memset(srvTcp, 0, sizeof (struct TCP_Server_Info));
1727 memcpy(&srvTcp->addr.sockAddr, &sin_server, sizeof (struct sockaddr_in));
1728 atomic_set(&srvTcp->inFlight,0);
1729 /* BB Add code for ipv6 case too */
1730 srvTcp->ssocket = csocket;
1731 srvTcp->protocolType = IPV4;
1732 init_waitqueue_head(&srvTcp->response_q);
1733 init_waitqueue_head(&srvTcp->request_q);
1734 INIT_LIST_HEAD(&srvTcp->pending_mid_q);
1735 /* at this point we are the only ones with the pointer
1736 to the struct since the kernel thread not created yet
1737 so no need to spinlock this init of tcpStatus */
1738 srvTcp->tcpStatus = CifsNew;
1739 init_MUTEX(&srvTcp->tcpSem);
1740 rc = (int)kernel_thread((void *)(void *)cifs_demultiplex_thread, srvTcp,
1741 CLONE_FS | CLONE_FILES | CLONE_VM);
1744 sock_release(csocket);
1745 kfree(volume_info.UNC);
1746 kfree(volume_info.password);
1750 wait_for_completion(&cifsd_complete);
1752 memcpy(srvTcp->workstation_RFC1001_name, volume_info.source_rfc1001_name,16);
1753 memcpy(srvTcp->server_RFC1001_name, volume_info.target_rfc1001_name,16);
1754 srvTcp->sequence_number = 0;
1758 if (existingCifsSes) {
1759 pSesInfo = existingCifsSes;
1760 cFYI(1, ("Existing smb sess found"));
1761 kfree(volume_info.password);
1762 /* volume_info.UNC freed at end of function */
1764 cFYI(1, ("Existing smb sess not found"));
1765 pSesInfo = sesInfoAlloc();
1766 if (pSesInfo == NULL)
1769 pSesInfo->server = srvTcp;
1770 sprintf(pSesInfo->serverName, "%u.%u.%u.%u",
1771 NIPQUAD(sin_server.sin_addr.s_addr));
1775 /* volume_info.password freed at unmount */
1776 if (volume_info.password)
1777 pSesInfo->password = volume_info.password;
1778 if (volume_info.username)
1779 strncpy(pSesInfo->userName,
1780 volume_info.username,MAX_USERNAME_SIZE);
1781 if (volume_info.domainname) {
1782 int len = strlen(volume_info.domainname);
1783 pSesInfo->domainName =
1784 kmalloc(len + 1, GFP_KERNEL);
1785 if(pSesInfo->domainName)
1786 strcpy(pSesInfo->domainName,
1787 volume_info.domainname);
1789 pSesInfo->linux_uid = volume_info.linux_uid;
1790 pSesInfo->overrideSecFlg = volume_info.secFlg;
1791 down(&pSesInfo->sesSem);
1792 /* BB FIXME need to pass vol->secFlgs BB */
1793 rc = cifs_setup_session(xid,pSesInfo, cifs_sb->local_nls);
1794 up(&pSesInfo->sesSem);
1796 atomic_inc(&srvTcp->socketUseCount);
1798 kfree(volume_info.password);
1801 /* search for existing tcon to this server share */
1803 if(volume_info.rsize > CIFSMaxBufSize) {
1804 cERROR(1,("rsize %d too large, using MaxBufSize",
1805 volume_info.rsize));
1806 cifs_sb->rsize = CIFSMaxBufSize;
1807 } else if((volume_info.rsize) && (volume_info.rsize <= CIFSMaxBufSize))
1808 cifs_sb->rsize = volume_info.rsize;
1810 cifs_sb->rsize = CIFSMaxBufSize;
1812 if(volume_info.wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
1813 cERROR(1,("wsize %d too large using 4096 instead",
1814 volume_info.wsize));
1815 cifs_sb->wsize = 4096;
1816 } else if(volume_info.wsize)
1817 cifs_sb->wsize = volume_info.wsize;
1820 min_t(const int, PAGEVEC_SIZE * PAGE_CACHE_SIZE,
1822 /* old default of CIFSMaxBufSize was too small now
1823 that SMB Write2 can send multiple pages in kvec.
1824 RFC1001 does not describe what happens when frame
1825 bigger than 128K is sent so use that as max in
1826 conjunction with 52K kvec constraint on arch with 4K
1829 if(cifs_sb->rsize < 2048) {
1830 cifs_sb->rsize = 2048;
1831 /* Windows ME may prefer this */
1832 cFYI(1,("readsize set to minimum 2048"));
1834 cifs_sb->mnt_uid = volume_info.linux_uid;
1835 cifs_sb->mnt_gid = volume_info.linux_gid;
1836 cifs_sb->mnt_file_mode = volume_info.file_mode;
1837 cifs_sb->mnt_dir_mode = volume_info.dir_mode;
1838 cFYI(1,("file mode: 0x%x dir mode: 0x%x",
1839 cifs_sb->mnt_file_mode,cifs_sb->mnt_dir_mode));
1841 if(volume_info.noperm)
1842 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
1843 if(volume_info.setuids)
1844 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
1845 if(volume_info.server_ino)
1846 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
1847 if(volume_info.remap)
1848 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
1849 if(volume_info.no_xattr)
1850 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
1851 if(volume_info.sfu_emul)
1852 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
1853 if(volume_info.nobrl)
1854 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
1855 if(volume_info.cifs_acl)
1856 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
1858 if(volume_info.direct_io) {
1859 cFYI(1,("mounting share using direct i/o"));
1860 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
1864 find_unc(sin_server.sin_addr.s_addr, volume_info.UNC,
1865 volume_info.username);
1867 cFYI(1, ("Found match on UNC path"));
1868 /* we can have only one retry value for a connection
1869 to a share so for resources mounted more than once
1870 to the same server share the last value passed in
1871 for the retry flag is used */
1872 tcon->retry = volume_info.retry;
1873 tcon->nocase = volume_info.nocase;
1875 tcon = tconInfoAlloc();
1879 /* check for null share name ie connect to dfs root */
1881 /* BB check if this works for exactly length three strings */
1882 if ((strchr(volume_info.UNC + 3, '\\') == NULL)
1883 && (strchr(volume_info.UNC + 3, '/') ==
1885 rc = connect_to_dfs_path(xid, pSesInfo,
1886 "", cifs_sb->local_nls,
1887 cifs_sb->mnt_cifs_flags &
1888 CIFS_MOUNT_MAP_SPECIAL_CHR);
1889 kfree(volume_info.UNC);
1893 rc = CIFSTCon(xid, pSesInfo,
1895 tcon, cifs_sb->local_nls);
1896 cFYI(1, ("CIFS Tcon rc = %d", rc));
1899 atomic_inc(&pSesInfo->inUse);
1900 tcon->retry = volume_info.retry;
1901 tcon->nocase = volume_info.nocase;
1907 if (pSesInfo->capabilities & CAP_LARGE_FILES) {
1908 sb->s_maxbytes = (u64) 1 << 63;
1910 sb->s_maxbytes = (u64) 1 << 31; /* 2 GB */
1913 sb->s_time_gran = 100;
1915 /* on error free sesinfo and tcon struct if needed */
1917 /* if session setup failed, use count is zero but
1918 we still need to free cifsd thread */
1919 if(atomic_read(&srvTcp->socketUseCount) == 0) {
1920 spin_lock(&GlobalMid_Lock);
1921 srvTcp->tcpStatus = CifsExiting;
1922 spin_unlock(&GlobalMid_Lock);
1924 send_sig(SIGKILL,srvTcp->tsk,1);
1925 wait_for_completion(&cifsd_complete);
1928 /* If find_unc succeeded then rc == 0 so we can not end */
1929 if (tcon) /* up accidently freeing someone elses tcon struct */
1931 if (existingCifsSes == NULL) {
1933 if ((pSesInfo->server) &&
1934 (pSesInfo->status == CifsGood)) {
1936 temp_rc = CIFSSMBLogoff(xid, pSesInfo);
1937 /* if the socketUseCount is now zero */
1938 if((temp_rc == -ESHUTDOWN) &&
1939 (pSesInfo->server->tsk)) {
1940 send_sig(SIGKILL,pSesInfo->server->tsk,1);
1941 wait_for_completion(&cifsd_complete);
1944 cFYI(1, ("No session or bad tcon"));
1945 sesInfoFree(pSesInfo);
1946 /* pSesInfo = NULL; */
1950 atomic_inc(&tcon->useCount);
1951 cifs_sb->tcon = tcon;
1952 tcon->ses = pSesInfo;
1954 /* do not care if following two calls succeed - informational */
1955 CIFSSMBQFSDeviceInfo(xid, tcon);
1956 CIFSSMBQFSAttributeInfo(xid, tcon);
1958 if (tcon->ses->capabilities & CAP_UNIX) {
1959 if(!CIFSSMBQFSUnixInfo(xid, tcon)) {
1961 le64_to_cpu(tcon->fsUnixInfo.Capability);
1962 cap &= CIFS_UNIX_CAP_MASK;
1963 if(volume_info.no_psx_acl)
1964 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
1965 else if(CIFS_UNIX_POSIX_ACL_CAP & cap) {
1966 cFYI(1,("negotiated posix acl support"));
1967 sb->s_flags |= MS_POSIXACL;
1970 if(volume_info.posix_paths == 0)
1971 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
1972 else if(cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
1973 cFYI(1,("negotiate posix pathnames"));
1974 cifs_sb->mnt_cifs_flags |=
1975 CIFS_MOUNT_POSIX_PATHS;
1978 cFYI(1,("Negotiate caps 0x%x",(int)cap));
1979 #ifdef CONFIG_CIFS_DEBUG2
1980 if(cap & CIFS_UNIX_FCNTL_CAP)
1981 cFYI(1,("FCNTL cap"));
1982 if(cap & CIFS_UNIX_EXTATTR_CAP)
1983 cFYI(1,("EXTATTR cap"));
1984 if(cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
1985 cFYI(1,("POSIX path cap"));
1986 if(cap & CIFS_UNIX_XATTR_CAP)
1987 cFYI(1,("XATTR cap"));
1988 if(cap & CIFS_UNIX_POSIX_ACL_CAP)
1989 cFYI(1,("POSIX ACL cap"));
1990 #endif /* CIFS_DEBUG2 */
1991 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
1992 cFYI(1,("setting capabilities failed"));
1996 if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
1997 cifs_sb->wsize = min(cifs_sb->wsize,
1998 (tcon->ses->server->maxBuf -
1999 MAX_CIFS_HDR_SIZE));
2000 if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
2001 cifs_sb->rsize = min(cifs_sb->rsize,
2002 (tcon->ses->server->maxBuf -
2003 MAX_CIFS_HDR_SIZE));
2006 /* volume_info.password is freed above when existing session found
2007 (in which case it is not needed anymore) but when new sesion is created
2008 the password ptr is put in the new session structure (in which case the
2009 password will be freed at unmount time) */
2010 kfree(volume_info.UNC);
2016 CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2017 char session_key[CIFS_SESS_KEY_SIZE],
2018 const struct nls_table *nls_codepage)
2020 struct smb_hdr *smb_buffer;
2021 struct smb_hdr *smb_buffer_response;
2022 SESSION_SETUP_ANDX *pSMB;
2023 SESSION_SETUP_ANDX *pSMBr;
2028 int remaining_words = 0;
2029 int bytes_returned = 0;
2034 cFYI(1, ("In sesssetup"));
2037 user = ses->userName;
2038 domain = ses->domainName;
2039 smb_buffer = cifs_buf_get();
2040 if (smb_buffer == NULL) {
2043 smb_buffer_response = smb_buffer;
2044 pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2046 /* send SMBsessionSetup here */
2047 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2048 NULL /* no tCon exists yet */ , 13 /* wct */ );
2050 smb_buffer->Mid = GetNextMid(ses->server);
2051 pSMB->req_no_secext.AndXCommand = 0xFF;
2052 pSMB->req_no_secext.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2053 pSMB->req_no_secext.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2055 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2056 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2058 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2059 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
2060 if (ses->capabilities & CAP_UNICODE) {
2061 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2062 capabilities |= CAP_UNICODE;
2064 if (ses->capabilities & CAP_STATUS32) {
2065 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2066 capabilities |= CAP_STATUS32;
2068 if (ses->capabilities & CAP_DFS) {
2069 smb_buffer->Flags2 |= SMBFLG2_DFS;
2070 capabilities |= CAP_DFS;
2072 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
2074 pSMB->req_no_secext.CaseInsensitivePasswordLength =
2075 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2077 pSMB->req_no_secext.CaseSensitivePasswordLength =
2078 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2079 bcc_ptr = pByteArea(smb_buffer);
2080 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2081 bcc_ptr += CIFS_SESS_KEY_SIZE;
2082 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2083 bcc_ptr += CIFS_SESS_KEY_SIZE;
2085 if (ses->capabilities & CAP_UNICODE) {
2086 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode */
2091 bytes_returned = 0; /* skip null user */
2094 cifs_strtoUCS((__le16 *) bcc_ptr, user, 100,
2096 /* convert number of 16 bit words to bytes */
2097 bcc_ptr += 2 * bytes_returned;
2098 bcc_ptr += 2; /* trailing null */
2101 cifs_strtoUCS((__le16 *) bcc_ptr,
2102 "CIFS_LINUX_DOM", 32, nls_codepage);
2105 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2107 bcc_ptr += 2 * bytes_returned;
2110 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2112 bcc_ptr += 2 * bytes_returned;
2114 cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release,
2116 bcc_ptr += 2 * bytes_returned;
2119 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2121 bcc_ptr += 2 * bytes_returned;
2125 strncpy(bcc_ptr, user, 200);
2126 bcc_ptr += strnlen(user, 200);
2130 if (domain == NULL) {
2131 strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2132 bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2134 strncpy(bcc_ptr, domain, 64);
2135 bcc_ptr += strnlen(domain, 64);
2139 strcpy(bcc_ptr, "Linux version ");
2140 bcc_ptr += strlen("Linux version ");
2141 strcpy(bcc_ptr, system_utsname.release);
2142 bcc_ptr += strlen(system_utsname.release) + 1;
2143 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2144 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2146 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2147 smb_buffer->smb_buf_length += count;
2148 pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
2150 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2151 &bytes_returned, 1);
2153 /* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2154 } else if ((smb_buffer_response->WordCount == 3)
2155 || (smb_buffer_response->WordCount == 4)) {
2156 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2157 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2158 if (action & GUEST_LOGIN)
2159 cFYI(1, (" Guest login")); /* do we want to mark SesInfo struct ? */
2160 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format (le) */
2161 cFYI(1, ("UID = %d ", ses->Suid));
2162 /* response can have either 3 or 4 word count - Samba sends 3 */
2163 bcc_ptr = pByteArea(smb_buffer_response);
2164 if ((pSMBr->resp.hdr.WordCount == 3)
2165 || ((pSMBr->resp.hdr.WordCount == 4)
2166 && (blob_len < pSMBr->resp.ByteCount))) {
2167 if (pSMBr->resp.hdr.WordCount == 4)
2168 bcc_ptr += blob_len;
2170 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2171 if ((long) (bcc_ptr) % 2) {
2173 (BCC(smb_buffer_response) - 1) /2;
2174 bcc_ptr++; /* Unicode strings must be word aligned */
2177 BCC(smb_buffer_response) / 2;
2180 UniStrnlen((wchar_t *) bcc_ptr,
2181 remaining_words - 1);
2182 /* We look for obvious messed up bcc or strings in response so we do not go off
2183 the end since (at least) WIN2K and Windows XP have a major bug in not null
2184 terminating last Unicode string in response */
2186 kfree(ses->serverOS);
2187 ses->serverOS = kzalloc(2 * (len + 1), GFP_KERNEL);
2188 if(ses->serverOS == NULL)
2189 goto sesssetup_nomem;
2190 cifs_strfromUCS_le(ses->serverOS,
2191 (__le16 *)bcc_ptr, len,nls_codepage);
2192 bcc_ptr += 2 * (len + 1);
2193 remaining_words -= len + 1;
2194 ses->serverOS[2 * len] = 0;
2195 ses->serverOS[1 + (2 * len)] = 0;
2196 if (remaining_words > 0) {
2197 len = UniStrnlen((wchar_t *)bcc_ptr,
2199 kfree(ses->serverNOS);
2200 ses->serverNOS = kzalloc(2 * (len + 1),GFP_KERNEL);
2201 if(ses->serverNOS == NULL)
2202 goto sesssetup_nomem;
2203 cifs_strfromUCS_le(ses->serverNOS,
2204 (__le16 *)bcc_ptr,len,nls_codepage);
2205 bcc_ptr += 2 * (len + 1);
2206 ses->serverNOS[2 * len] = 0;
2207 ses->serverNOS[1 + (2 * len)] = 0;
2208 if(strncmp(ses->serverNOS,
2209 "NT LAN Manager 4",16) == 0) {
2210 cFYI(1,("NT4 server"));
2211 ses->flags |= CIFS_SES_NT4;
2213 remaining_words -= len + 1;
2214 if (remaining_words > 0) {
2215 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2216 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2217 if(ses->serverDomain)
2218 kfree(ses->serverDomain);
2220 kzalloc(2*(len+1),GFP_KERNEL);
2221 if(ses->serverDomain == NULL)
2222 goto sesssetup_nomem;
2223 cifs_strfromUCS_le(ses->serverDomain,
2224 (__le16 *)bcc_ptr,len,nls_codepage);
2225 bcc_ptr += 2 * (len + 1);
2226 ses->serverDomain[2*len] = 0;
2227 ses->serverDomain[1+(2*len)] = 0;
2228 } /* else no more room so create dummy domain string */
2230 if(ses->serverDomain)
2231 kfree(ses->serverDomain);
2233 kzalloc(2, GFP_KERNEL);
2235 } else { /* no room so create dummy domain and NOS string */
2236 /* if these kcallocs fail not much we
2237 can do, but better to not fail the
2239 kfree(ses->serverDomain);
2241 kzalloc(2, GFP_KERNEL);
2242 kfree(ses->serverNOS);
2244 kzalloc(2, GFP_KERNEL);
2246 } else { /* ASCII */
2247 len = strnlen(bcc_ptr, 1024);
2248 if (((long) bcc_ptr + len) - (long)
2249 pByteArea(smb_buffer_response)
2250 <= BCC(smb_buffer_response)) {
2251 kfree(ses->serverOS);
2252 ses->serverOS = kzalloc(len + 1,GFP_KERNEL);
2253 if(ses->serverOS == NULL)
2254 goto sesssetup_nomem;
2255 strncpy(ses->serverOS,bcc_ptr, len);
2258 bcc_ptr[0] = 0; /* null terminate the string */
2261 len = strnlen(bcc_ptr, 1024);
2262 kfree(ses->serverNOS);
2263 ses->serverNOS = kzalloc(len + 1,GFP_KERNEL);
2264 if(ses->serverNOS == NULL)
2265 goto sesssetup_nomem;
2266 strncpy(ses->serverNOS, bcc_ptr, len);
2271 len = strnlen(bcc_ptr, 1024);
2272 if(ses->serverDomain)
2273 kfree(ses->serverDomain);
2274 ses->serverDomain = kzalloc(len + 1,GFP_KERNEL);
2275 if(ses->serverDomain == NULL)
2276 goto sesssetup_nomem;
2277 strncpy(ses->serverDomain, bcc_ptr, len);
2283 ("Variable field of length %d extends beyond end of smb ",
2288 (" Security Blob Length extends beyond end of SMB"));
2292 (" Invalid Word count %d: ",
2293 smb_buffer_response->WordCount));
2296 sesssetup_nomem: /* do not return an error on nomem for the info strings,
2297 since that could make reconnection harder, and
2298 reconnection might be needed to free memory */
2300 cifs_buf_release(smb_buffer);
2306 CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2307 struct cifsSesInfo *ses, int * pNTLMv2_flag,
2308 const struct nls_table *nls_codepage)
2310 struct smb_hdr *smb_buffer;
2311 struct smb_hdr *smb_buffer_response;
2312 SESSION_SETUP_ANDX *pSMB;
2313 SESSION_SETUP_ANDX *pSMBr;
2317 int remaining_words = 0;
2318 int bytes_returned = 0;
2320 int SecurityBlobLength = sizeof (NEGOTIATE_MESSAGE);
2321 PNEGOTIATE_MESSAGE SecurityBlob;
2322 PCHALLENGE_MESSAGE SecurityBlob2;
2323 __u32 negotiate_flags, capabilities;
2326 cFYI(1, ("In NTLMSSP sesssetup (negotiate)"));
2329 domain = ses->domainName;
2330 *pNTLMv2_flag = FALSE;
2331 smb_buffer = cifs_buf_get();
2332 if (smb_buffer == NULL) {
2335 smb_buffer_response = smb_buffer;
2336 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2337 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2339 /* send SMBsessionSetup here */
2340 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2341 NULL /* no tCon exists yet */ , 12 /* wct */ );
2343 smb_buffer->Mid = GetNextMid(ses->server);
2344 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2345 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2347 pSMB->req.AndXCommand = 0xFF;
2348 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2349 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2351 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2352 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2354 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2355 CAP_EXTENDED_SECURITY;
2356 if (ses->capabilities & CAP_UNICODE) {
2357 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2358 capabilities |= CAP_UNICODE;
2360 if (ses->capabilities & CAP_STATUS32) {
2361 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2362 capabilities |= CAP_STATUS32;
2364 if (ses->capabilities & CAP_DFS) {
2365 smb_buffer->Flags2 |= SMBFLG2_DFS;
2366 capabilities |= CAP_DFS;
2368 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2370 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2371 SecurityBlob = (PNEGOTIATE_MESSAGE) bcc_ptr;
2372 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2373 SecurityBlob->MessageType = NtLmNegotiate;
2375 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
2376 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM |
2377 NTLMSSP_NEGOTIATE_56 |
2378 /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
2380 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
2381 /* if(ntlmv2_support)
2382 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;*/
2383 /* setup pointers to domain name and workstation name */
2384 bcc_ptr += SecurityBlobLength;
2386 SecurityBlob->WorkstationName.Buffer = 0;
2387 SecurityBlob->WorkstationName.Length = 0;
2388 SecurityBlob->WorkstationName.MaximumLength = 0;
2390 /* Domain not sent on first Sesssetup in NTLMSSP, instead it is sent
2391 along with username on auth request (ie the response to challenge) */
2392 SecurityBlob->DomainName.Buffer = 0;
2393 SecurityBlob->DomainName.Length = 0;
2394 SecurityBlob->DomainName.MaximumLength = 0;
2395 if (ses->capabilities & CAP_UNICODE) {
2396 if ((long) bcc_ptr % 2) {
2402 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2404 bcc_ptr += 2 * bytes_returned;
2406 cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release, 32,
2408 bcc_ptr += 2 * bytes_returned;
2409 bcc_ptr += 2; /* null terminate Linux version */
2411 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2413 bcc_ptr += 2 * bytes_returned;
2416 bcc_ptr += 2; /* null terminate network opsys string */
2419 bcc_ptr += 2; /* null domain */
2420 } else { /* ASCII */
2421 strcpy(bcc_ptr, "Linux version ");
2422 bcc_ptr += strlen("Linux version ");
2423 strcpy(bcc_ptr, system_utsname.release);
2424 bcc_ptr += strlen(system_utsname.release) + 1;
2425 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2426 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2427 bcc_ptr++; /* empty domain field */
2430 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2431 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2432 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2433 smb_buffer->smb_buf_length += count;
2434 pSMB->req.ByteCount = cpu_to_le16(count);
2436 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2437 &bytes_returned, 1);
2439 if (smb_buffer_response->Status.CifsError ==
2440 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
2444 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2445 } else if ((smb_buffer_response->WordCount == 3)
2446 || (smb_buffer_response->WordCount == 4)) {
2447 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2448 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2450 if (action & GUEST_LOGIN)
2451 cFYI(1, (" Guest login"));
2452 /* Do we want to set anything in SesInfo struct when guest login? */
2454 bcc_ptr = pByteArea(smb_buffer_response);
2455 /* response can have either 3 or 4 word count - Samba sends 3 */
2457 SecurityBlob2 = (PCHALLENGE_MESSAGE) bcc_ptr;
2458 if (SecurityBlob2->MessageType != NtLmChallenge) {
2460 ("Unexpected NTLMSSP message type received %d",
2461 SecurityBlob2->MessageType));
2463 ses->Suid = smb_buffer_response->Uid; /* UID left in le format */
2464 cFYI(1, ("UID = %d", ses->Suid));
2465 if ((pSMBr->resp.hdr.WordCount == 3)
2466 || ((pSMBr->resp.hdr.WordCount == 4)
2468 pSMBr->resp.ByteCount))) {
2470 if (pSMBr->resp.hdr.WordCount == 4) {
2471 bcc_ptr += blob_len;
2472 cFYI(1, ("Security Blob Length %d",
2476 cFYI(1, ("NTLMSSP Challenge rcvd"));
2478 memcpy(ses->server->cryptKey,
2479 SecurityBlob2->Challenge,
2480 CIFS_CRYPTO_KEY_SIZE);
2481 if(SecurityBlob2->NegotiateFlags &
2482 cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
2483 *pNTLMv2_flag = TRUE;
2485 if((SecurityBlob2->NegotiateFlags &
2486 cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN))
2487 || (sign_CIFS_PDUs > 1))
2488 ses->server->secMode |=
2489 SECMODE_SIGN_REQUIRED;
2490 if ((SecurityBlob2->NegotiateFlags &
2491 cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN)) && (sign_CIFS_PDUs))
2492 ses->server->secMode |=
2493 SECMODE_SIGN_ENABLED;
2495 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2496 if ((long) (bcc_ptr) % 2) {
2498 (BCC(smb_buffer_response)
2500 bcc_ptr++; /* Unicode strings must be word aligned */
2504 (smb_buffer_response) / 2;
2507 UniStrnlen((wchar_t *) bcc_ptr,
2508 remaining_words - 1);
2509 /* We look for obvious messed up bcc or strings in response so we do not go off
2510 the end since (at least) WIN2K and Windows XP have a major bug in not null
2511 terminating last Unicode string in response */
2513 kfree(ses->serverOS);
2515 kzalloc(2 * (len + 1), GFP_KERNEL);
2516 cifs_strfromUCS_le(ses->serverOS,
2520 bcc_ptr += 2 * (len + 1);
2521 remaining_words -= len + 1;
2522 ses->serverOS[2 * len] = 0;
2523 ses->serverOS[1 + (2 * len)] = 0;
2524 if (remaining_words > 0) {
2525 len = UniStrnlen((wchar_t *)
2529 kfree(ses->serverNOS);
2531 kzalloc(2 * (len + 1),
2533 cifs_strfromUCS_le(ses->
2539 bcc_ptr += 2 * (len + 1);
2540 ses->serverNOS[2 * len] = 0;
2543 remaining_words -= len + 1;
2544 if (remaining_words > 0) {
2545 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2546 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2547 kfree(ses->serverDomain);
2559 ses->serverDomain[2*len]
2564 } /* else no more room so create dummy domain string */
2566 kfree(ses->serverDomain);
2571 } else { /* no room so create dummy domain and NOS string */
2572 kfree(ses->serverDomain);
2574 kzalloc(2, GFP_KERNEL);
2575 kfree(ses->serverNOS);
2577 kzalloc(2, GFP_KERNEL);
2579 } else { /* ASCII */
2580 len = strnlen(bcc_ptr, 1024);
2581 if (((long) bcc_ptr + len) - (long)
2582 pByteArea(smb_buffer_response)
2583 <= BCC(smb_buffer_response)) {
2585 kfree(ses->serverOS);
2589 strncpy(ses->serverOS,
2593 bcc_ptr[0] = 0; /* null terminate string */
2596 len = strnlen(bcc_ptr, 1024);
2597 kfree(ses->serverNOS);
2601 strncpy(ses->serverNOS, bcc_ptr, len);
2606 len = strnlen(bcc_ptr, 1024);
2607 kfree(ses->serverDomain);
2611 strncpy(ses->serverDomain, bcc_ptr, len);
2617 ("Variable field of length %d extends beyond end of smb",
2622 (" Security Blob Length extends beyond end of SMB"));
2625 cERROR(1, ("No session structure passed in."));
2629 (" Invalid Word count %d:",
2630 smb_buffer_response->WordCount));
2635 cifs_buf_release(smb_buffer);
2640 CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2641 char *ntlm_session_key, int ntlmv2_flag,
2642 const struct nls_table *nls_codepage)
2644 struct smb_hdr *smb_buffer;
2645 struct smb_hdr *smb_buffer_response;
2646 SESSION_SETUP_ANDX *pSMB;
2647 SESSION_SETUP_ANDX *pSMBr;
2652 int remaining_words = 0;
2653 int bytes_returned = 0;
2655 int SecurityBlobLength = sizeof (AUTHENTICATE_MESSAGE);
2656 PAUTHENTICATE_MESSAGE SecurityBlob;
2657 __u32 negotiate_flags, capabilities;
2660 cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
2663 user = ses->userName;
2664 domain = ses->domainName;
2665 smb_buffer = cifs_buf_get();
2666 if (smb_buffer == NULL) {
2669 smb_buffer_response = smb_buffer;
2670 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2671 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2673 /* send SMBsessionSetup here */
2674 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2675 NULL /* no tCon exists yet */ , 12 /* wct */ );
2677 smb_buffer->Mid = GetNextMid(ses->server);
2678 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2679 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2680 pSMB->req.AndXCommand = 0xFF;
2681 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2682 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2684 pSMB->req.hdr.Uid = ses->Suid;
2686 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2687 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2689 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2690 CAP_EXTENDED_SECURITY;
2691 if (ses->capabilities & CAP_UNICODE) {
2692 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2693 capabilities |= CAP_UNICODE;
2695 if (ses->capabilities & CAP_STATUS32) {
2696 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2697 capabilities |= CAP_STATUS32;
2699 if (ses->capabilities & CAP_DFS) {
2700 smb_buffer->Flags2 |= SMBFLG2_DFS;
2701 capabilities |= CAP_DFS;
2703 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2705 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2706 SecurityBlob = (PAUTHENTICATE_MESSAGE) bcc_ptr;
2707 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2708 SecurityBlob->MessageType = NtLmAuthenticate;
2709 bcc_ptr += SecurityBlobLength;
2711 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
2712 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
2713 0x80000000 | NTLMSSP_NEGOTIATE_128;
2715 negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
2717 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
2719 /* setup pointers to domain name and workstation name */
2721 SecurityBlob->WorkstationName.Buffer = 0;
2722 SecurityBlob->WorkstationName.Length = 0;
2723 SecurityBlob->WorkstationName.MaximumLength = 0;
2724 SecurityBlob->SessionKey.Length = 0;
2725 SecurityBlob->SessionKey.MaximumLength = 0;
2726 SecurityBlob->SessionKey.Buffer = 0;
2728 SecurityBlob->LmChallengeResponse.Length = 0;
2729 SecurityBlob->LmChallengeResponse.MaximumLength = 0;
2730 SecurityBlob->LmChallengeResponse.Buffer = 0;
2732 SecurityBlob->NtChallengeResponse.Length =
2733 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2734 SecurityBlob->NtChallengeResponse.MaximumLength =
2735 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2736 memcpy(bcc_ptr, ntlm_session_key, CIFS_SESS_KEY_SIZE);
2737 SecurityBlob->NtChallengeResponse.Buffer =
2738 cpu_to_le32(SecurityBlobLength);
2739 SecurityBlobLength += CIFS_SESS_KEY_SIZE;
2740 bcc_ptr += CIFS_SESS_KEY_SIZE;
2742 if (ses->capabilities & CAP_UNICODE) {
2743 if (domain == NULL) {
2744 SecurityBlob->DomainName.Buffer = 0;
2745 SecurityBlob->DomainName.Length = 0;
2746 SecurityBlob->DomainName.MaximumLength = 0;
2749 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2752 SecurityBlob->DomainName.MaximumLength =
2754 SecurityBlob->DomainName.Buffer =
2755 cpu_to_le32(SecurityBlobLength);
2757 SecurityBlobLength += len;
2758 SecurityBlob->DomainName.Length =
2762 SecurityBlob->UserName.Buffer = 0;
2763 SecurityBlob->UserName.Length = 0;
2764 SecurityBlob->UserName.MaximumLength = 0;
2767 cifs_strtoUCS((__le16 *) bcc_ptr, user, 64,
2770 SecurityBlob->UserName.MaximumLength =
2772 SecurityBlob->UserName.Buffer =
2773 cpu_to_le32(SecurityBlobLength);
2775 SecurityBlobLength += len;
2776 SecurityBlob->UserName.Length =
2780 /* SecurityBlob->WorkstationName.Length = cifs_strtoUCS((__le16 *) bcc_ptr, "AMACHINE",64, nls_codepage);
2781 SecurityBlob->WorkstationName.Length *= 2;
2782 SecurityBlob->WorkstationName.MaximumLength = cpu_to_le16(SecurityBlob->WorkstationName.Length);
2783 SecurityBlob->WorkstationName.Buffer = cpu_to_le32(SecurityBlobLength);
2784 bcc_ptr += SecurityBlob->WorkstationName.Length;
2785 SecurityBlobLength += SecurityBlob->WorkstationName.Length;
2786 SecurityBlob->WorkstationName.Length = cpu_to_le16(SecurityBlob->WorkstationName.Length); */
2788 if ((long) bcc_ptr % 2) {
2793 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2795 bcc_ptr += 2 * bytes_returned;
2797 cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release, 32,
2799 bcc_ptr += 2 * bytes_returned;
2800 bcc_ptr += 2; /* null term version string */
2802 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2804 bcc_ptr += 2 * bytes_returned;
2807 bcc_ptr += 2; /* null terminate network opsys string */
2810 bcc_ptr += 2; /* null domain */
2811 } else { /* ASCII */
2812 if (domain == NULL) {
2813 SecurityBlob->DomainName.Buffer = 0;
2814 SecurityBlob->DomainName.Length = 0;
2815 SecurityBlob->DomainName.MaximumLength = 0;
2818 negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
2819 strncpy(bcc_ptr, domain, 63);
2820 len = strnlen(domain, 64);
2821 SecurityBlob->DomainName.MaximumLength =
2823 SecurityBlob->DomainName.Buffer =
2824 cpu_to_le32(SecurityBlobLength);
2826 SecurityBlobLength += len;
2827 SecurityBlob->DomainName.Length = cpu_to_le16(len);
2830 SecurityBlob->UserName.Buffer = 0;
2831 SecurityBlob->UserName.Length = 0;
2832 SecurityBlob->UserName.MaximumLength = 0;
2835 strncpy(bcc_ptr, user, 63);
2836 len = strnlen(user, 64);
2837 SecurityBlob->UserName.MaximumLength =
2839 SecurityBlob->UserName.Buffer =
2840 cpu_to_le32(SecurityBlobLength);
2842 SecurityBlobLength += len;
2843 SecurityBlob->UserName.Length = cpu_to_le16(len);
2845 /* BB fill in our workstation name if known BB */
2847 strcpy(bcc_ptr, "Linux version ");
2848 bcc_ptr += strlen("Linux version ");
2849 strcpy(bcc_ptr, system_utsname.release);
2850 bcc_ptr += strlen(system_utsname.release) + 1;
2851 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2852 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2853 bcc_ptr++; /* null domain */
2856 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2857 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2858 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2859 smb_buffer->smb_buf_length += count;
2860 pSMB->req.ByteCount = cpu_to_le16(count);
2862 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2863 &bytes_returned, 1);
2865 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2866 } else if ((smb_buffer_response->WordCount == 3)
2867 || (smb_buffer_response->WordCount == 4)) {
2868 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2870 le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2871 if (action & GUEST_LOGIN)
2872 cFYI(1, (" Guest login")); /* BB do we want to set anything in SesInfo struct ? */
2873 /* if(SecurityBlob2->MessageType != NtLm??){
2874 cFYI("Unexpected message type on auth response is %d "));
2878 ("Does UID on challenge %d match auth response UID %d ",
2879 ses->Suid, smb_buffer_response->Uid));
2880 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format */
2881 bcc_ptr = pByteArea(smb_buffer_response);
2882 /* response can have either 3 or 4 word count - Samba sends 3 */
2883 if ((pSMBr->resp.hdr.WordCount == 3)
2884 || ((pSMBr->resp.hdr.WordCount == 4)
2886 pSMBr->resp.ByteCount))) {
2887 if (pSMBr->resp.hdr.WordCount == 4) {
2891 ("Security Blob Length %d ",
2896 ("NTLMSSP response to Authenticate "));
2898 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2899 if ((long) (bcc_ptr) % 2) {
2901 (BCC(smb_buffer_response)
2903 bcc_ptr++; /* Unicode strings must be word aligned */
2905 remaining_words = BCC(smb_buffer_response) / 2;
2908 UniStrnlen((wchar_t *) bcc_ptr,remaining_words - 1);
2909 /* We look for obvious messed up bcc or strings in response so we do not go off
2910 the end since (at least) WIN2K and Windows XP have a major bug in not null
2911 terminating last Unicode string in response */
2913 kfree(ses->serverOS);
2915 kzalloc(2 * (len + 1), GFP_KERNEL);
2916 cifs_strfromUCS_le(ses->serverOS,
2920 bcc_ptr += 2 * (len + 1);
2921 remaining_words -= len + 1;
2922 ses->serverOS[2 * len] = 0;
2923 ses->serverOS[1 + (2 * len)] = 0;
2924 if (remaining_words > 0) {
2925 len = UniStrnlen((wchar_t *)
2929 kfree(ses->serverNOS);
2931 kzalloc(2 * (len + 1),
2933 cifs_strfromUCS_le(ses->
2939 bcc_ptr += 2 * (len + 1);
2940 ses->serverNOS[2 * len] = 0;
2941 ses->serverNOS[1+(2*len)] = 0;
2942 remaining_words -= len + 1;
2943 if (remaining_words > 0) {
2944 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2945 /* last string not always null terminated (e.g. for Windows XP & 2000) */
2946 if(ses->serverDomain)
2947 kfree(ses->serverDomain);
2972 } /* else no more room so create dummy domain string */
2974 if(ses->serverDomain)
2975 kfree(ses->serverDomain);
2976 ses->serverDomain = kzalloc(2,GFP_KERNEL);
2978 } else { /* no room so create dummy domain and NOS string */
2979 if(ses->serverDomain)
2980 kfree(ses->serverDomain);
2981 ses->serverDomain = kzalloc(2, GFP_KERNEL);
2982 kfree(ses->serverNOS);
2983 ses->serverNOS = kzalloc(2, GFP_KERNEL);
2985 } else { /* ASCII */
2986 len = strnlen(bcc_ptr, 1024);
2987 if (((long) bcc_ptr + len) -
2988 (long) pByteArea(smb_buffer_response)
2989 <= BCC(smb_buffer_response)) {
2991 kfree(ses->serverOS);
2992 ses->serverOS = kzalloc(len + 1,GFP_KERNEL);
2993 strncpy(ses->serverOS,bcc_ptr, len);
2996 bcc_ptr[0] = 0; /* null terminate the string */
2999 len = strnlen(bcc_ptr, 1024);
3000 kfree(ses->serverNOS);
3001 ses->serverNOS = kzalloc(len+1,GFP_KERNEL);
3002 strncpy(ses->serverNOS, bcc_ptr, len);
3007 len = strnlen(bcc_ptr, 1024);
3008 if(ses->serverDomain)
3009 kfree(ses->serverDomain);
3010 ses->serverDomain = kzalloc(len+1,GFP_KERNEL);
3011 strncpy(ses->serverDomain, bcc_ptr, len);
3017 ("Variable field of length %d extends beyond end of smb ",
3022 (" Security Blob Length extends beyond end of SMB"));
3025 cERROR(1, ("No session structure passed in."));
3029 (" Invalid Word count %d: ",
3030 smb_buffer_response->WordCount));
3035 cifs_buf_release(smb_buffer);
3041 CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3042 const char *tree, struct cifsTconInfo *tcon,
3043 const struct nls_table *nls_codepage)
3045 struct smb_hdr *smb_buffer;
3046 struct smb_hdr *smb_buffer_response;
3049 unsigned char *bcc_ptr;
3057 smb_buffer = cifs_buf_get();
3058 if (smb_buffer == NULL) {
3061 smb_buffer_response = smb_buffer;
3063 header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3064 NULL /*no tid */ , 4 /*wct */ );
3066 smb_buffer->Mid = GetNextMid(ses->server);
3067 smb_buffer->Uid = ses->Suid;
3068 pSMB = (TCONX_REQ *) smb_buffer;
3069 pSMBr = (TCONX_RSP *) smb_buffer_response;
3071 pSMB->AndXCommand = 0xFF;
3072 pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
3073 bcc_ptr = &pSMB->Password[0];
3074 if((ses->server->secMode) & SECMODE_USER) {
3075 pSMB->PasswordLength = cpu_to_le16(1); /* minimum */
3076 *bcc_ptr = 0; /* password is null byte */
3077 bcc_ptr++; /* skip password */
3078 /* already aligned so no need to do it below */
3080 pSMB->PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);
3081 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3082 specified as required (when that support is added to
3083 the vfs in the future) as only NTLM or the much
3084 weaker LANMAN (which we do not send by default) is accepted
3085 by Samba (not sure whether other servers allow
3086 NTLMv2 password here) */
3087 #ifdef CONFIG_CIFS_WEAK_PW_HASH
3088 if((extended_security & CIFSSEC_MAY_LANMAN) &&
3089 (ses->server->secType == LANMAN))
3090 calc_lanman_hash(ses, bcc_ptr);
3092 #endif /* CIFS_WEAK_PW_HASH */
3093 SMBNTencrypt(ses->password,
3094 ses->server->cryptKey,
3097 bcc_ptr += CIFS_SESS_KEY_SIZE;
3098 if(ses->capabilities & CAP_UNICODE) {
3099 /* must align unicode strings */
3100 *bcc_ptr = 0; /* null byte password */
3105 if(ses->server->secMode &
3106 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3107 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3109 if (ses->capabilities & CAP_STATUS32) {
3110 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3112 if (ses->capabilities & CAP_DFS) {
3113 smb_buffer->Flags2 |= SMBFLG2_DFS;
3115 if (ses->capabilities & CAP_UNICODE) {
3116 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3118 cifs_strtoUCS((__le16 *) bcc_ptr, tree,
3119 6 /* max utf8 char length in bytes */ *
3120 (/* server len*/ + 256 /* share len */), nls_codepage);
3121 bcc_ptr += 2 * length; /* convert num 16 bit words to bytes */
3122 bcc_ptr += 2; /* skip trailing null */
3123 } else { /* ASCII */
3124 strcpy(bcc_ptr, tree);
3125 bcc_ptr += strlen(tree) + 1;
3127 strcpy(bcc_ptr, "?????");
3128 bcc_ptr += strlen("?????");
3130 count = bcc_ptr - &pSMB->Password[0];
3131 pSMB->hdr.smb_buf_length += count;
3132 pSMB->ByteCount = cpu_to_le16(count);
3134 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length, 0);
3136 /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3137 /* above now done in SendReceive */
3138 if ((rc == 0) && (tcon != NULL)) {
3139 tcon->tidStatus = CifsGood;
3140 tcon->tid = smb_buffer_response->Tid;
3141 bcc_ptr = pByteArea(smb_buffer_response);
3142 length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2);
3143 /* skip service field (NB: this field is always ASCII) */
3144 bcc_ptr += length + 1;
3145 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3146 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3147 length = UniStrnlen((wchar_t *) bcc_ptr, 512);
3148 if ((bcc_ptr + (2 * length)) -
3149 pByteArea(smb_buffer_response) <=
3150 BCC(smb_buffer_response)) {
3151 kfree(tcon->nativeFileSystem);
3152 tcon->nativeFileSystem =
3153 kzalloc(length + 2, GFP_KERNEL);
3154 cifs_strfromUCS_le(tcon->nativeFileSystem,
3156 length, nls_codepage);
3157 bcc_ptr += 2 * length;
3158 bcc_ptr[0] = 0; /* null terminate the string */
3162 /* else do not bother copying these informational fields */
3164 length = strnlen(bcc_ptr, 1024);
3165 if ((bcc_ptr + length) -
3166 pByteArea(smb_buffer_response) <=
3167 BCC(smb_buffer_response)) {
3168 kfree(tcon->nativeFileSystem);
3169 tcon->nativeFileSystem =
3170 kzalloc(length + 1, GFP_KERNEL);
3171 strncpy(tcon->nativeFileSystem, bcc_ptr,
3174 /* else do not bother copying these informational fields */
3176 if(smb_buffer_response->WordCount == 3)
3177 tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3180 cFYI(1, ("Tcon flags: 0x%x ", tcon->Flags));
3181 } else if ((rc == 0) && tcon == NULL) {
3182 /* all we need to save for IPC$ connection */
3183 ses->ipc_tid = smb_buffer_response->Tid;
3187 cifs_buf_release(smb_buffer);
3192 cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3196 struct cifsSesInfo *ses = NULL;
3197 struct task_struct *cifsd_task;
3201 if (cifs_sb->tcon) {
3202 ses = cifs_sb->tcon->ses; /* save ptr to ses before delete tcon!*/
3203 rc = CIFSSMBTDis(xid, cifs_sb->tcon);
3208 tconInfoFree(cifs_sb->tcon);
3209 if ((ses) && (ses->server)) {
3210 /* save off task so we do not refer to ses later */
3211 cifsd_task = ses->server->tsk;
3212 cFYI(1, ("About to do SMBLogoff "));
3213 rc = CIFSSMBLogoff(xid, ses);
3217 } else if (rc == -ESHUTDOWN) {
3218 cFYI(1,("Waking up socket by sending it signal"));
3220 send_sig(SIGKILL,cifsd_task,1);
3221 wait_for_completion(&cifsd_complete);
3224 } /* else - we have an smb session
3225 left on this socket do not kill cifsd */
3227 cFYI(1, ("No session or bad tcon"));
3230 cifs_sb->tcon = NULL;
3232 schedule_timeout_interruptible(msecs_to_jiffies(500));
3237 return rc; /* BB check if we should always return zero here */
3240 int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
3241 struct nls_table * nls_info)
3244 char ntlm_session_key[CIFS_SESS_KEY_SIZE];
3245 int ntlmv2_flag = FALSE;
3248 /* what if server changes its buffer size after dropping the session? */
3249 if(pSesInfo->server->maxBuf == 0) /* no need to send on reconnect */ {
3250 rc = CIFSSMBNegotiate(xid, pSesInfo);
3251 if(rc == -EAGAIN) /* retry only once on 1st time connection */ {
3252 rc = CIFSSMBNegotiate(xid, pSesInfo);
3257 spin_lock(&GlobalMid_Lock);
3258 if(pSesInfo->server->tcpStatus != CifsExiting)
3259 pSesInfo->server->tcpStatus = CifsGood;
3262 spin_unlock(&GlobalMid_Lock);
3268 pSesInfo->capabilities = pSesInfo->server->capabilities;
3269 if(linuxExtEnabled == 0)
3270 pSesInfo->capabilities &= (~CAP_UNIX);
3271 /* pSesInfo->sequence_number = 0;*/
3272 cFYI(1,("Security Mode: 0x%x Capabilities: 0x%x Time Zone: %d",
3273 pSesInfo->server->secMode,
3274 pSesInfo->server->capabilities,
3275 pSesInfo->server->timeZone));
3276 if(experimEnabled < 2)
3277 rc = CIFS_SessSetup(xid, pSesInfo,
3278 first_time, nls_info);
3279 else if (extended_security
3280 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3281 && (pSesInfo->server->secType == NTLMSSP)) {
3283 } else if (extended_security
3284 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3285 && (pSesInfo->server->secType == RawNTLMSSP)) {
3286 cFYI(1, ("NTLMSSP sesssetup"));
3287 rc = CIFSNTLMSSPNegotiateSessSetup(xid,
3294 cFYI(1,("Can use more secure NTLM version 2 password hash"));
3295 if(CalcNTLMv2_partial_mac_key(pSesInfo,
3300 v2_response = kmalloc(16 + 64 /* blob */, GFP_KERNEL);
3302 CalcNTLMv2_response(pSesInfo,v2_response);
3304 cifs_calculate_ntlmv2_mac_key(
3305 pSesInfo->server->mac_signing_key,
3306 response, ntlm_session_key, */
3308 /* BB Put dummy sig in SessSetup PDU? */
3315 SMBNTencrypt(pSesInfo->password,
3316 pSesInfo->server->cryptKey,
3320 cifs_calculate_mac_key(
3321 pSesInfo->server->mac_signing_key,
3323 pSesInfo->password);
3325 /* for better security the weaker lanman hash not sent
3326 in AuthSessSetup so we no longer calculate it */
3328 rc = CIFSNTLMSSPAuthSessSetup(xid,
3334 } else { /* old style NTLM 0.12 session setup */
3335 SMBNTencrypt(pSesInfo->password,
3336 pSesInfo->server->cryptKey,
3340 cifs_calculate_mac_key(
3341 pSesInfo->server->mac_signing_key,
3342 ntlm_session_key, pSesInfo->password);
3344 rc = CIFSSessSetup(xid, pSesInfo,
3345 ntlm_session_key, nls_info);
3348 cERROR(1,("Send error in SessSetup = %d",rc));
3350 cFYI(1,("CIFS Session Established successfully"));
3351 pSesInfo->status = CifsGood;
git.openpandora.org / pandora-kernel.git / blob