4 * Copyright (C) International Business Machines Corp., 2002,2006
5 * Author(s): Steve French (sfrench@us.ibm.com)
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/ipv6.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/pagevec.h>
34 #include <asm/uaccess.h>
35 #include <asm/processor.h>
38 #include "cifsproto.h"
39 #include "cifs_unicode.h"
40 #include "cifs_debug.h"
41 #include "cifs_fs_sb.h"
44 #include "rfc1002pdu.h"
48 #define RFC1001_PORT 139
50 static DECLARE_COMPLETION(cifsd_complete);
52 extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
55 extern mempool_t *cifs_req_poolp;
63 char *in6_addr; /* ipv6 address as human readable form of in6_addr */
64 char *iocharset; /* local code page for mapping to and from Unicode */
65 char source_rfc1001_name[16]; /* netbios name of client */
66 char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
77 unsigned no_psx_acl:1; /* set if posix acl support should be disabled */
79 unsigned no_xattr:1; /* set if xattr (EA) support should be disabled*/
80 unsigned server_ino:1; /* use inode numbers from server ie UniqueId */
82 unsigned remap:1; /* set to remap seven reserved chars in filenames */
83 unsigned posix_paths:1; /* unset to not ask for posix pathnames. */
85 unsigned nullauth:1; /* attempt to authenticate with null user */
86 unsigned nocase; /* request case insensitive filenames */
87 unsigned nobrl; /* disable sending byte range locks to srv */
91 unsigned short int port;
95 static int ipv4_connect(struct sockaddr_in *psin_server,
96 struct socket **csocket,
98 char * server_netb_name);
99 static int ipv6_connect(struct sockaddr_in6 *psin_server,
100 struct socket **csocket);
104 * cifs tcp session reconnection
106 * mark tcp session as reconnecting so temporarily locked
107 * mark all smb sessions as reconnecting for tcp session
108 * reconnect tcp session
109 * wake up waiters on reconnection? - (not needed currently)
113 cifs_reconnect(struct TCP_Server_Info *server)
116 struct list_head *tmp;
117 struct cifsSesInfo *ses;
118 struct cifsTconInfo *tcon;
119 struct mid_q_entry * mid_entry;
121 spin_lock(&GlobalMid_Lock);
122 if(server->tcpStatus == CifsExiting) {
123 /* the demux thread will exit normally
124 next time through the loop */
125 spin_unlock(&GlobalMid_Lock);
128 server->tcpStatus = CifsNeedReconnect;
129 spin_unlock(&GlobalMid_Lock);
132 cFYI(1, ("Reconnecting tcp session"));
134 /* before reconnecting the tcp session, mark the smb session (uid)
135 and the tid bad so they are not used until reconnected */
136 read_lock(&GlobalSMBSeslock);
137 list_for_each(tmp, &GlobalSMBSessionList) {
138 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
140 if (ses->server == server) {
141 ses->status = CifsNeedReconnect;
145 /* else tcp and smb sessions need reconnection */
147 list_for_each(tmp, &GlobalTreeConnectionList) {
148 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
149 if((tcon) && (tcon->ses) && (tcon->ses->server == server)) {
150 tcon->tidStatus = CifsNeedReconnect;
153 read_unlock(&GlobalSMBSeslock);
154 /* do not want to be sending data on a socket we are freeing */
155 down(&server->tcpSem);
156 if(server->ssocket) {
157 cFYI(1,("State: 0x%x Flags: 0x%lx", server->ssocket->state,
158 server->ssocket->flags));
159 server->ssocket->ops->shutdown(server->ssocket,SEND_SHUTDOWN);
160 cFYI(1,("Post shutdown state: 0x%x Flags: 0x%lx", server->ssocket->state,
161 server->ssocket->flags));
162 sock_release(server->ssocket);
163 server->ssocket = NULL;
166 spin_lock(&GlobalMid_Lock);
167 list_for_each(tmp, &server->pending_mid_q) {
168 mid_entry = list_entry(tmp, struct
172 if(mid_entry->midState == MID_REQUEST_SUBMITTED) {
173 /* Mark other intransit requests as needing
174 retry so we do not immediately mark the
175 session bad again (ie after we reconnect
176 below) as they timeout too */
177 mid_entry->midState = MID_RETRY_NEEDED;
181 spin_unlock(&GlobalMid_Lock);
184 while ((server->tcpStatus != CifsExiting) && (server->tcpStatus != CifsGood))
187 if(server->protocolType == IPV6) {
188 rc = ipv6_connect(&server->addr.sockAddr6,&server->ssocket);
190 rc = ipv4_connect(&server->addr.sockAddr,
192 server->workstation_RFC1001_name,
193 server->server_RFC1001_name);
196 cFYI(1,("reconnect error %d",rc));
199 atomic_inc(&tcpSesReconnectCount);
200 spin_lock(&GlobalMid_Lock);
201 if(server->tcpStatus != CifsExiting)
202 server->tcpStatus = CifsGood;
203 server->sequence_number = 0;
204 spin_unlock(&GlobalMid_Lock);
205 /* atomic_set(&server->inFlight,0);*/
206 wake_up(&server->response_q);
214 0 not a transact2, or all data present
215 >0 transact2 with that much data missing
216 -EINVAL = invalid transact2
219 static int check2ndT2(struct smb_hdr * pSMB, unsigned int maxBufSize)
221 struct smb_t2_rsp * pSMBt;
223 int data_in_this_rsp;
226 if(pSMB->Command != SMB_COM_TRANSACTION2)
229 /* check for plausible wct, bcc and t2 data and parm sizes */
230 /* check for parm and data offset going beyond end of smb */
231 if(pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
232 cFYI(1,("invalid transact2 word count"));
236 pSMBt = (struct smb_t2_rsp *)pSMB;
238 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
239 data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
241 remaining = total_data_size - data_in_this_rsp;
245 else if(remaining < 0) {
246 cFYI(1,("total data %d smaller than data in frame %d",
247 total_data_size, data_in_this_rsp));
250 cFYI(1,("missing %d bytes from transact2, check next response",
252 if(total_data_size > maxBufSize) {
253 cERROR(1,("TotalDataSize %d is over maximum buffer %d",
254 total_data_size,maxBufSize));
261 static int coalesce_t2(struct smb_hdr * psecond, struct smb_hdr *pTargetSMB)
263 struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
264 struct smb_t2_rsp *pSMBt = (struct smb_t2_rsp *)pTargetSMB;
269 char * data_area_of_target;
270 char * data_area_of_buf2;
273 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
275 if(total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
276 cFYI(1,("total data sizes of primary and secondary t2 differ"));
279 total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
281 remaining = total_data_size - total_in_buf;
286 if(remaining == 0) /* nothing to do, ignore */
289 total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
290 if(remaining < total_in_buf2) {
291 cFYI(1,("transact2 2nd response contains too much data"));
294 /* find end of first SMB data area */
295 data_area_of_target = (char *)&pSMBt->hdr.Protocol +
296 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
297 /* validate target area */
299 data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
300 le16_to_cpu(pSMB2->t2_rsp.DataOffset);
302 data_area_of_target += total_in_buf;
304 /* copy second buffer into end of first buffer */
305 memcpy(data_area_of_target,data_area_of_buf2,total_in_buf2);
306 total_in_buf += total_in_buf2;
307 pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
308 byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
309 byte_count += total_in_buf2;
310 BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
312 byte_count = pTargetSMB->smb_buf_length;
313 byte_count += total_in_buf2;
315 /* BB also add check that we are not beyond maximum buffer size */
317 pTargetSMB->smb_buf_length = byte_count;
319 if(remaining == total_in_buf2) {
320 cFYI(1,("found the last secondary response"));
321 return 0; /* we are done */
322 } else /* more responses to go */
328 cifs_demultiplex_thread(struct TCP_Server_Info *server)
331 unsigned int pdu_length, total_read;
332 struct smb_hdr *smb_buffer = NULL;
333 struct smb_hdr *bigbuf = NULL;
334 struct smb_hdr *smallbuf = NULL;
335 struct msghdr smb_msg;
337 struct socket *csocket = server->ssocket;
338 struct list_head *tmp;
339 struct cifsSesInfo *ses;
340 struct task_struct *task_to_wake = NULL;
341 struct mid_q_entry *mid_entry;
343 int isLargeBuf = FALSE;
348 allow_signal(SIGKILL);
349 current->flags |= PF_MEMALLOC;
350 server->tsk = current; /* save process info to wake at shutdown */
351 cFYI(1, ("Demultiplex PID: %d", current->pid));
352 write_lock(&GlobalSMBSeslock);
353 atomic_inc(&tcpSesAllocCount);
354 length = tcpSesAllocCount.counter;
355 write_unlock(&GlobalSMBSeslock);
356 complete(&cifsd_complete);
358 mempool_resize(cifs_req_poolp,
359 length + cifs_min_rcv,
363 while (server->tcpStatus != CifsExiting) {
366 if (bigbuf == NULL) {
367 bigbuf = cifs_buf_get();
369 cERROR(1, ("No memory for large SMB response"));
371 /* retry will check if exiting */
374 } else if (isLargeBuf) {
375 /* we are reusing a dirty large buf, clear its start */
376 memset(bigbuf, 0, sizeof (struct smb_hdr));
379 if (smallbuf == NULL) {
380 smallbuf = cifs_small_buf_get();
382 cERROR(1, ("No memory for SMB response"));
384 /* retry will check if exiting */
387 /* beginning of smb buffer is cleared in our buf_get */
388 } else /* if existing small buf clear beginning */
389 memset(smallbuf, 0, sizeof (struct smb_hdr));
393 smb_buffer = smallbuf;
394 iov.iov_base = smb_buffer;
396 smb_msg.msg_control = NULL;
397 smb_msg.msg_controllen = 0;
399 kernel_recvmsg(csocket, &smb_msg,
400 &iov, 1, 4, 0 /* BB see socket.h flags */);
402 if (server->tcpStatus == CifsExiting) {
404 } else if (server->tcpStatus == CifsNeedReconnect) {
405 cFYI(1, ("Reconnect after server stopped responding"));
406 cifs_reconnect(server);
407 cFYI(1, ("call to reconnect done"));
408 csocket = server->ssocket;
410 } else if ((length == -ERESTARTSYS) || (length == -EAGAIN)) {
411 msleep(1); /* minimum sleep to prevent looping
412 allowing socket to clear and app threads to set
413 tcpStatus CifsNeedReconnect if server hung */
415 } else if (length <= 0) {
416 if (server->tcpStatus == CifsNew) {
417 cFYI(1, ("tcp session abend after SMBnegprot"));
418 /* some servers kill the TCP session rather than
419 returning an SMB negprot error, in which
420 case reconnecting here is not going to help,
421 and so simply return error to mount */
424 if (!try_to_freeze() && (length == -EINTR)) {
425 cFYI(1,("cifsd thread killed"));
428 cFYI(1,("Reconnect after unexpected peek error %d",
430 cifs_reconnect(server);
431 csocket = server->ssocket;
432 wake_up(&server->response_q);
434 } else if (length < 4) {
436 ("Frame under four bytes received (%d bytes long)",
438 cifs_reconnect(server);
439 csocket = server->ssocket;
440 wake_up(&server->response_q);
444 /* The right amount was read from socket - 4 bytes */
445 /* so we can now interpret the length field */
447 /* the first byte big endian of the length field,
448 is actually not part of the length but the type
449 with the most common, zero, as regular data */
450 temp = *((char *) smb_buffer);
452 /* Note that FC 1001 length is big endian on the wire,
453 but we convert it here so it is always manipulated
454 as host byte order */
455 pdu_length = ntohl(smb_buffer->smb_buf_length);
456 smb_buffer->smb_buf_length = pdu_length;
458 cFYI(1,("rfc1002 length 0x%x)", pdu_length+4));
460 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
462 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
463 cFYI(1,("Good RFC 1002 session rsp"));
465 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
466 /* we get this from Windows 98 instead of
467 an error on SMB negprot response */
468 cFYI(1,("Negative RFC1002 Session Response Error 0x%x)",
470 if(server->tcpStatus == CifsNew) {
471 /* if nack on negprot (rather than
472 ret of smb negprot error) reconnecting
473 not going to help, ret error to mount */
476 /* give server a second to
477 clean up before reconnect attempt */
479 /* always try 445 first on reconnect
480 since we get NACK on some if we ever
481 connected to port 139 (the NACK is
482 since we do not begin with RFC1001
483 session initialize frame) */
484 server->addr.sockAddr.sin_port =
486 cifs_reconnect(server);
487 csocket = server->ssocket;
488 wake_up(&server->response_q);
491 } else if (temp != (char) 0) {
492 cERROR(1,("Unknown RFC 1002 frame"));
493 cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
495 cifs_reconnect(server);
496 csocket = server->ssocket;
500 /* else we have an SMB response */
501 if((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
502 (pdu_length < sizeof (struct smb_hdr) - 1 - 4)) {
503 cERROR(1, ("Invalid size SMB length %d pdu_length %d",
504 length, pdu_length+4));
505 cifs_reconnect(server);
506 csocket = server->ssocket;
507 wake_up(&server->response_q);
514 if(pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
516 memcpy(bigbuf, smallbuf, 4);
520 iov.iov_base = 4 + (char *)smb_buffer;
521 iov.iov_len = pdu_length;
522 for (total_read = 0; total_read < pdu_length;
523 total_read += length) {
524 length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
525 pdu_length - total_read, 0);
526 if((server->tcpStatus == CifsExiting) ||
527 (length == -EINTR)) {
531 } else if (server->tcpStatus == CifsNeedReconnect) {
532 cifs_reconnect(server);
533 csocket = server->ssocket;
534 /* Reconnect wakes up rspns q */
535 /* Now we will reread sock */
538 } else if ((length == -ERESTARTSYS) ||
539 (length == -EAGAIN)) {
540 msleep(1); /* minimum sleep to prevent looping,
541 allowing socket to clear and app
542 threads to set tcpStatus
543 CifsNeedReconnect if server hung*/
545 } else if (length <= 0) {
546 cERROR(1,("Received no data, expecting %d",
547 pdu_length - total_read));
548 cifs_reconnect(server);
549 csocket = server->ssocket;
556 else if(reconnect == 1)
559 length += 4; /* account for rfc1002 hdr */
562 dump_smb(smb_buffer, length);
563 if (checkSMB(smb_buffer, smb_buffer->Mid, total_read+4)) {
564 cifs_dump_mem("Bad SMB: ", smb_buffer, 48);
570 spin_lock(&GlobalMid_Lock);
571 list_for_each(tmp, &server->pending_mid_q) {
572 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
574 if ((mid_entry->mid == smb_buffer->Mid) &&
575 (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
576 (mid_entry->command == smb_buffer->Command)) {
577 if(check2ndT2(smb_buffer,server->maxBuf) > 0) {
578 /* We have a multipart transact2 resp */
580 if(mid_entry->resp_buf) {
581 /* merge response - fix up 1st*/
582 if(coalesce_t2(smb_buffer,
583 mid_entry->resp_buf)) {
584 mid_entry->multiRsp = 1;
587 /* all parts received */
588 mid_entry->multiEnd = 1;
593 cERROR(1,("1st trans2 resp needs bigbuf"));
594 /* BB maybe we can fix this up, switch
595 to already allocated large buffer? */
597 /* Have first buffer */
598 mid_entry->resp_buf =
600 mid_entry->largeBuf = 1;
606 mid_entry->resp_buf = smb_buffer;
608 mid_entry->largeBuf = 1;
610 mid_entry->largeBuf = 0;
612 task_to_wake = mid_entry->tsk;
613 mid_entry->midState = MID_RESPONSE_RECEIVED;
614 #ifdef CONFIG_CIFS_STATS2
615 mid_entry->when_received = jiffies;
617 /* so we do not time out requests to server
618 which is still responding (since server could
619 be busy but not dead) */
620 server->lstrp = jiffies;
624 spin_unlock(&GlobalMid_Lock);
626 /* Was previous buf put in mpx struct for multi-rsp? */
628 /* smb buffer will be freed by user thread */
634 wake_up_process(task_to_wake);
635 } else if ((is_valid_oplock_break(smb_buffer, server) == FALSE)
636 && (isMultiRsp == FALSE)) {
637 cERROR(1, ("No task to wake, unknown frame rcvd! NumMids %d", midCount.counter));
638 cifs_dump_mem("Received Data is: ",(char *)smb_buffer,
639 sizeof(struct smb_hdr));
640 #ifdef CONFIG_CIFS_DEBUG2
641 cifs_dump_detail(smb_buffer);
642 cifs_dump_mids(server);
643 #endif /* CIFS_DEBUG2 */
646 } /* end while !EXITING */
648 spin_lock(&GlobalMid_Lock);
649 server->tcpStatus = CifsExiting;
651 /* check if we have blocked requests that need to free */
652 /* Note that cifs_max_pending is normally 50, but
653 can be set at module install time to as little as two */
654 if(atomic_read(&server->inFlight) >= cifs_max_pending)
655 atomic_set(&server->inFlight, cifs_max_pending - 1);
656 /* We do not want to set the max_pending too low or we
657 could end up with the counter going negative */
658 spin_unlock(&GlobalMid_Lock);
659 /* Although there should not be any requests blocked on
660 this queue it can not hurt to be paranoid and try to wake up requests
661 that may haven been blocked when more than 50 at time were on the wire
662 to the same server - they now will see the session is in exit state
663 and get out of SendReceive. */
664 wake_up_all(&server->request_q);
665 /* give those requests time to exit */
668 if(server->ssocket) {
669 sock_release(csocket);
670 server->ssocket = NULL;
672 /* buffer usuallly freed in free_mid - need to free it here on exit */
674 cifs_buf_release(bigbuf);
675 if (smallbuf != NULL)
676 cifs_small_buf_release(smallbuf);
678 read_lock(&GlobalSMBSeslock);
679 if (list_empty(&server->pending_mid_q)) {
680 /* loop through server session structures attached to this and
682 list_for_each(tmp, &GlobalSMBSessionList) {
684 list_entry(tmp, struct cifsSesInfo,
686 if (ses->server == server) {
687 ses->status = CifsExiting;
691 read_unlock(&GlobalSMBSeslock);
693 /* although we can not zero the server struct pointer yet,
694 since there are active requests which may depnd on them,
695 mark the corresponding SMB sessions as exiting too */
696 list_for_each(tmp, &GlobalSMBSessionList) {
697 ses = list_entry(tmp, struct cifsSesInfo,
699 if (ses->server == server) {
700 ses->status = CifsExiting;
704 spin_lock(&GlobalMid_Lock);
705 list_for_each(tmp, &server->pending_mid_q) {
706 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
707 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
709 ("Clearing Mid 0x%x - waking up ",mid_entry->mid));
710 task_to_wake = mid_entry->tsk;
712 wake_up_process(task_to_wake);
716 spin_unlock(&GlobalMid_Lock);
717 read_unlock(&GlobalSMBSeslock);
718 /* 1/8th of sec is more than enough time for them to exit */
722 if (!list_empty(&server->pending_mid_q)) {
723 /* mpx threads have not exited yet give them
724 at least the smb send timeout time for long ops */
725 /* due to delays on oplock break requests, we need
726 to wait at least 45 seconds before giving up
727 on a request getting a response and going ahead
729 cFYI(1, ("Wait for exit from demultiplex thread"));
731 /* if threads still have not exited they are probably never
732 coming home not much else we can do but free the memory */
735 write_lock(&GlobalSMBSeslock);
736 atomic_dec(&tcpSesAllocCount);
737 length = tcpSesAllocCount.counter;
739 /* last chance to mark ses pointers invalid
740 if there are any pointing to this (e.g
741 if a crazy root user tried to kill cifsd
742 kernel thread explicitly this might happen) */
743 list_for_each(tmp, &GlobalSMBSessionList) {
744 ses = list_entry(tmp, struct cifsSesInfo,
746 if (ses->server == server) {
750 write_unlock(&GlobalSMBSeslock);
754 mempool_resize(cifs_req_poolp,
755 length + cifs_min_rcv,
759 complete_and_exit(&cifsd_complete, 0);
764 cifs_parse_mount_options(char *options, const char *devname,struct smb_vol *vol)
768 unsigned int temp_len, i, j;
774 if(Local_System_Name[0] != 0)
775 memcpy(vol->source_rfc1001_name, Local_System_Name,15);
777 memset(vol->source_rfc1001_name,0x20,15);
778 for(i=0;i < strnlen(system_utsname.nodename,15);i++) {
779 /* does not have to be perfect mapping since field is
780 informational, only used for servers that do not support
781 port 445 and it can be overridden at mount time */
782 vol->source_rfc1001_name[i] =
783 toupper(system_utsname.nodename[i]);
786 vol->source_rfc1001_name[15] = 0;
787 /* null target name indicates to use *SMBSERVR default called name
788 if we end up sending RFC1001 session initialize */
789 vol->target_rfc1001_name[0] = 0;
790 vol->linux_uid = current->uid; /* current->euid instead? */
791 vol->linux_gid = current->gid;
792 vol->dir_mode = S_IRWXUGO;
793 /* 2767 perms indicate mandatory locking support */
794 vol->file_mode = S_IALLUGO & ~(S_ISUID | S_IXGRP);
796 /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
798 /* default is always to request posix paths. */
799 vol->posix_paths = 1;
804 if(strncmp(options,"sep=",4) == 0) {
805 if(options[4] != 0) {
806 separator[0] = options[4];
809 cFYI(1,("Null separator not allowed"));
813 while ((data = strsep(&options, separator)) != NULL) {
816 if ((value = strchr(data, '=')) != NULL)
819 if (strnicmp(data, "user_xattr",10) == 0) {/*parse before user*/
821 } else if (strnicmp(data, "nouser_xattr",12) == 0) {
823 } else if (strnicmp(data, "user", 4) == 0) {
824 if (!value || !*value) {
826 "CIFS: invalid or missing username\n");
827 return 1; /* needs_arg; */
829 if (strnlen(value, 200) < 200) {
830 vol->username = value;
832 printk(KERN_WARNING "CIFS: username too long\n");
835 } else if (strnicmp(data, "pass", 4) == 0) {
837 vol->password = NULL;
839 } else if(value[0] == 0) {
840 /* check if string begins with double comma
841 since that would mean the password really
842 does start with a comma, and would not
843 indicate an empty string */
844 if(value[1] != separator[0]) {
845 vol->password = NULL;
849 temp_len = strlen(value);
850 /* removed password length check, NTLM passwords
851 can be arbitrarily long */
853 /* if comma in password, the string will be
854 prematurely null terminated. Commas in password are
855 specified across the cifs mount interface by a double
856 comma ie ,, and a comma used as in other cases ie ','
857 as a parameter delimiter/separator is single and due
858 to the strsep above is temporarily zeroed. */
860 /* NB: password legally can have multiple commas and
861 the only illegal character in a password is null */
863 if ((value[temp_len] == 0) &&
864 (value[temp_len+1] == separator[0])) {
866 value[temp_len] = separator[0];
867 temp_len+=2; /* move after the second comma */
868 while(value[temp_len] != 0) {
869 if (value[temp_len] == separator[0]) {
870 if (value[temp_len+1] ==
872 /* skip second comma */
875 /* single comma indicating start
882 if(value[temp_len] == 0) {
886 /* point option to start of next parm */
887 options = value + temp_len + 1;
889 /* go from value to value + temp_len condensing
890 double commas to singles. Note that this ends up
891 allocating a few bytes too many, which is ok */
892 vol->password = kzalloc(temp_len, GFP_KERNEL);
893 if(vol->password == NULL) {
894 printk("CIFS: no memory for pass\n");
897 for(i=0,j=0;i<temp_len;i++,j++) {
898 vol->password[j] = value[i];
899 if(value[i] == separator[0]
900 && value[i+1] == separator[0]) {
901 /* skip second comma */
905 vol->password[j] = 0;
907 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
908 if(vol->password == NULL) {
909 printk("CIFS: no memory for pass\n");
912 strcpy(vol->password, value);
914 } else if (strnicmp(data, "ip", 2) == 0) {
915 if (!value || !*value) {
917 } else if (strnlen(value, 35) < 35) {
920 printk(KERN_WARNING "CIFS: ip address too long\n");
923 } else if (strnicmp(data, "sec", 3) == 0) {
924 if (!value || !*value) {
925 cERROR(1,("no security value specified"));
927 } else if (strnicmp(value, "krb5i", 5) == 0) {
928 vol->secFlg |= CIFSSEC_MAY_KRB5 |
930 } else if (strnicmp(value, "krb5p", 5) == 0) {
931 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
933 cERROR(1,("Krb5 cifs privacy not supported"));
935 } else if (strnicmp(value, "krb5", 4) == 0) {
936 vol->secFlg |= CIFSSEC_MAY_KRB5;
937 } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
938 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
940 } else if (strnicmp(value, "ntlmv2", 6) == 0) {
941 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
942 } else if (strnicmp(value, "ntlmi", 5) == 0) {
943 vol->secFlg |= CIFSSEC_MAY_NTLM |
945 } else if (strnicmp(value, "ntlm", 4) == 0) {
946 /* ntlm is default so can be turned off too */
947 vol->secFlg |= CIFSSEC_MAY_NTLM;
948 } else if (strnicmp(value, "nontlm", 6) == 0) {
949 /* BB is there a better way to do this? */
950 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
951 #ifdef CONFIG_CIFS_WEAK_PW_HASH
952 } else if (strnicmp(value, "lanman", 6) == 0) {
953 vol->secFlg |= CIFSSEC_MAY_LANMAN;
955 } else if (strnicmp(value, "none", 4) == 0) {
958 cERROR(1,("bad security option: %s", value));
961 } else if ((strnicmp(data, "unc", 3) == 0)
962 || (strnicmp(data, "target", 6) == 0)
963 || (strnicmp(data, "path", 4) == 0)) {
964 if (!value || !*value) {
966 "CIFS: invalid path to network resource\n");
967 return 1; /* needs_arg; */
969 if ((temp_len = strnlen(value, 300)) < 300) {
970 vol->UNC = kmalloc(temp_len+1,GFP_KERNEL);
973 strcpy(vol->UNC,value);
974 if (strncmp(vol->UNC, "//", 2) == 0) {
977 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
979 "CIFS: UNC Path does not begin with // or \\\\ \n");
983 printk(KERN_WARNING "CIFS: UNC name too long\n");
986 } else if ((strnicmp(data, "domain", 3) == 0)
987 || (strnicmp(data, "workgroup", 5) == 0)) {
988 if (!value || !*value) {
989 printk(KERN_WARNING "CIFS: invalid domain name\n");
990 return 1; /* needs_arg; */
992 /* BB are there cases in which a comma can be valid in
993 a domain name and need special handling? */
994 if (strnlen(value, 256) < 256) {
995 vol->domainname = value;
996 cFYI(1, ("Domain name set"));
998 printk(KERN_WARNING "CIFS: domain name too long\n");
1001 } else if (strnicmp(data, "prefixpath", 10) == 0) {
1002 if (!value || !*value) {
1004 "CIFS: invalid path prefix\n");
1005 return 1; /* needs_arg; */
1007 if ((temp_len = strnlen(value, 1024)) < 1024) {
1009 temp_len++; /* missing leading slash */
1010 vol->prepath = kmalloc(temp_len+1,GFP_KERNEL);
1011 if(vol->prepath == NULL)
1013 if(value[0] != '/') {
1014 vol->prepath[0] = '/';
1015 strcpy(vol->prepath+1,value);
1017 strcpy(vol->prepath,value);
1018 cFYI(1,("prefix path %s",vol->prepath));
1020 printk(KERN_WARNING "CIFS: prefix too long\n");
1023 } else if (strnicmp(data, "iocharset", 9) == 0) {
1024 if (!value || !*value) {
1025 printk(KERN_WARNING "CIFS: invalid iocharset specified\n");
1026 return 1; /* needs_arg; */
1028 if (strnlen(value, 65) < 65) {
1029 if(strnicmp(value,"default",7))
1030 vol->iocharset = value;
1031 /* if iocharset not set load_nls_default used by caller */
1032 cFYI(1, ("iocharset set to %s",value));
1034 printk(KERN_WARNING "CIFS: iocharset name too long.\n");
1037 } else if (strnicmp(data, "uid", 3) == 0) {
1038 if (value && *value) {
1040 simple_strtoul(value, &value, 0);
1042 } else if (strnicmp(data, "gid", 3) == 0) {
1043 if (value && *value) {
1045 simple_strtoul(value, &value, 0);
1047 } else if (strnicmp(data, "file_mode", 4) == 0) {
1048 if (value && *value) {
1050 simple_strtoul(value, &value, 0);
1052 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1053 if (value && *value) {
1055 simple_strtoul(value, &value, 0);
1057 } else if (strnicmp(data, "dirmode", 4) == 0) {
1058 if (value && *value) {
1060 simple_strtoul(value, &value, 0);
1062 } else if (strnicmp(data, "port", 4) == 0) {
1063 if (value && *value) {
1065 simple_strtoul(value, &value, 0);
1067 } else if (strnicmp(data, "rsize", 5) == 0) {
1068 if (value && *value) {
1070 simple_strtoul(value, &value, 0);
1072 } else if (strnicmp(data, "wsize", 5) == 0) {
1073 if (value && *value) {
1075 simple_strtoul(value, &value, 0);
1077 } else if (strnicmp(data, "sockopt", 5) == 0) {
1078 if (value && *value) {
1080 simple_strtoul(value, &value, 0);
1082 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1083 if (!value || !*value || (*value == ' ')) {
1084 cFYI(1,("invalid (empty) netbiosname specified"));
1086 memset(vol->source_rfc1001_name,0x20,15);
1088 /* BB are there cases in which a comma can be
1089 valid in this workstation netbios name (and need
1090 special handling)? */
1092 /* We do not uppercase netbiosname for user */
1096 vol->source_rfc1001_name[i] = value[i];
1098 /* The string has 16th byte zero still from
1099 set at top of the function */
1100 if((i==15) && (value[i] != 0))
1101 printk(KERN_WARNING "CIFS: netbiosname longer than 15 truncated.\n");
1103 } else if (strnicmp(data, "servern", 7) == 0) {
1104 /* servernetbiosname specified override *SMBSERVER */
1105 if (!value || !*value || (*value == ' ')) {
1106 cFYI(1,("empty server netbiosname specified"));
1108 /* last byte, type, is 0x20 for servr type */
1109 memset(vol->target_rfc1001_name,0x20,16);
1112 /* BB are there cases in which a comma can be
1113 valid in this workstation netbios name (and need
1114 special handling)? */
1116 /* user or mount helper must uppercase netbiosname */
1120 vol->target_rfc1001_name[i] = value[i];
1122 /* The string has 16th byte zero still from
1123 set at top of the function */
1124 if((i==15) && (value[i] != 0))
1125 printk(KERN_WARNING "CIFS: server netbiosname longer than 15 truncated.\n");
1127 } else if (strnicmp(data, "credentials", 4) == 0) {
1129 } else if (strnicmp(data, "version", 3) == 0) {
1131 } else if (strnicmp(data, "guest",5) == 0) {
1133 } else if (strnicmp(data, "rw", 2) == 0) {
1135 } else if ((strnicmp(data, "suid", 4) == 0) ||
1136 (strnicmp(data, "nosuid", 6) == 0) ||
1137 (strnicmp(data, "exec", 4) == 0) ||
1138 (strnicmp(data, "noexec", 6) == 0) ||
1139 (strnicmp(data, "nodev", 5) == 0) ||
1140 (strnicmp(data, "noauto", 6) == 0) ||
1141 (strnicmp(data, "dev", 3) == 0)) {
1142 /* The mount tool or mount.cifs helper (if present)
1143 uses these opts to set flags, and the flags are read
1144 by the kernel vfs layer before we get here (ie
1145 before read super) so there is no point trying to
1146 parse these options again and set anything and it
1147 is ok to just ignore them */
1149 } else if (strnicmp(data, "ro", 2) == 0) {
1151 } else if (strnicmp(data, "hard", 4) == 0) {
1153 } else if (strnicmp(data, "soft", 4) == 0) {
1155 } else if (strnicmp(data, "perm", 4) == 0) {
1157 } else if (strnicmp(data, "noperm", 6) == 0) {
1159 } else if (strnicmp(data, "mapchars", 8) == 0) {
1161 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1163 } else if (strnicmp(data, "sfu", 3) == 0) {
1165 } else if (strnicmp(data, "nosfu", 5) == 0) {
1167 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1168 vol->posix_paths = 1;
1169 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1170 vol->posix_paths = 0;
1171 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1172 (strnicmp(data, "ignorecase", 10) == 0)) {
1174 } else if (strnicmp(data, "brl", 3) == 0) {
1176 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1177 (strnicmp(data, "nolock", 6) == 0)) {
1179 /* turn off mandatory locking in mode
1180 if remote locking is turned off since the
1181 local vfs will do advisory */
1182 if(vol->file_mode == (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1183 vol->file_mode = S_IALLUGO;
1184 } else if (strnicmp(data, "setuids", 7) == 0) {
1186 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1188 } else if (strnicmp(data, "nohard", 6) == 0) {
1190 } else if (strnicmp(data, "nosoft", 6) == 0) {
1192 } else if (strnicmp(data, "nointr", 6) == 0) {
1194 } else if (strnicmp(data, "intr", 4) == 0) {
1196 } else if (strnicmp(data, "serverino",7) == 0) {
1197 vol->server_ino = 1;
1198 } else if (strnicmp(data, "noserverino",9) == 0) {
1199 vol->server_ino = 0;
1200 } else if (strnicmp(data, "cifsacl",7) == 0) {
1202 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1204 } else if (strnicmp(data, "acl",3) == 0) {
1205 vol->no_psx_acl = 0;
1206 } else if (strnicmp(data, "noacl",5) == 0) {
1207 vol->no_psx_acl = 1;
1208 } else if (strnicmp(data, "sign",4) == 0) {
1209 vol->secFlg |= CIFSSEC_MUST_SIGN;
1210 /* } else if (strnicmp(data, "seal",4) == 0) {
1211 vol->secFlg |= CIFSSEC_MUST_SEAL; */
1212 } else if (strnicmp(data, "direct",6) == 0) {
1214 } else if (strnicmp(data, "forcedirectio",13) == 0) {
1216 } else if (strnicmp(data, "in6_addr",8) == 0) {
1217 if (!value || !*value) {
1218 vol->in6_addr = NULL;
1219 } else if (strnlen(value, 49) == 48) {
1220 vol->in6_addr = value;
1222 printk(KERN_WARNING "CIFS: ip v6 address not 48 characters long\n");
1225 } else if (strnicmp(data, "noac", 4) == 0) {
1226 printk(KERN_WARNING "CIFS: Mount option noac not supported. Instead set /proc/fs/cifs/LookupCacheEnabled to 0\n");
1228 printk(KERN_WARNING "CIFS: Unknown mount option %s\n",data);
1230 if (vol->UNC == NULL) {
1231 if(devname == NULL) {
1232 printk(KERN_WARNING "CIFS: Missing UNC name for mount target\n");
1235 if ((temp_len = strnlen(devname, 300)) < 300) {
1236 vol->UNC = kmalloc(temp_len+1,GFP_KERNEL);
1237 if(vol->UNC == NULL)
1239 strcpy(vol->UNC,devname);
1240 if (strncmp(vol->UNC, "//", 2) == 0) {
1243 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1244 printk(KERN_WARNING "CIFS: UNC Path does not begin with // or \\\\ \n");
1248 printk(KERN_WARNING "CIFS: UNC name too long\n");
1252 if(vol->UNCip == NULL)
1253 vol->UNCip = &vol->UNC[2];
1258 static struct cifsSesInfo *
1259 cifs_find_tcp_session(struct in_addr * target_ip_addr,
1260 struct in6_addr *target_ip6_addr,
1261 char *userName, struct TCP_Server_Info **psrvTcp)
1263 struct list_head *tmp;
1264 struct cifsSesInfo *ses;
1266 read_lock(&GlobalSMBSeslock);
1268 list_for_each(tmp, &GlobalSMBSessionList) {
1269 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
1271 if((target_ip_addr &&
1272 (ses->server->addr.sockAddr.sin_addr.s_addr
1273 == target_ip_addr->s_addr)) || (target_ip6_addr
1274 && memcmp(&ses->server->addr.sockAddr6.sin6_addr,
1275 target_ip6_addr,sizeof(*target_ip6_addr)))){
1276 /* BB lock server and tcp session and increment use count here?? */
1277 *psrvTcp = ses->server; /* found a match on the TCP session */
1278 /* BB check if reconnection needed */
1280 (ses->userName, userName,
1281 MAX_USERNAME_SIZE) == 0){
1282 read_unlock(&GlobalSMBSeslock);
1283 return ses; /* found exact match on both tcp and SMB sessions */
1287 /* else tcp and smb sessions need reconnection */
1289 read_unlock(&GlobalSMBSeslock);
1293 static struct cifsTconInfo *
1294 find_unc(__be32 new_target_ip_addr, char *uncName, char *userName)
1296 struct list_head *tmp;
1297 struct cifsTconInfo *tcon;
1299 read_lock(&GlobalSMBSeslock);
1300 list_for_each(tmp, &GlobalTreeConnectionList) {
1301 cFYI(1, ("Next tcon"));
1302 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
1304 if (tcon->ses->server) {
1306 ("old ip addr: %x == new ip %x ?",
1307 tcon->ses->server->addr.sockAddr.sin_addr.
1308 s_addr, new_target_ip_addr));
1309 if (tcon->ses->server->addr.sockAddr.sin_addr.
1310 s_addr == new_target_ip_addr) {
1311 /* BB lock tcon, server and tcp session and increment use count here? */
1312 /* found a match on the TCP session */
1313 /* BB check if reconnection needed */
1314 cFYI(1,("IP match, old UNC: %s new: %s",
1315 tcon->treeName, uncName));
1317 (tcon->treeName, uncName,
1318 MAX_TREE_SIZE) == 0) {
1320 ("and old usr: %s new: %s",
1321 tcon->treeName, uncName));
1323 (tcon->ses->userName,
1325 MAX_USERNAME_SIZE) == 0) {
1326 read_unlock(&GlobalSMBSeslock);
1327 /* matched smb session
1336 read_unlock(&GlobalSMBSeslock);
1341 connect_to_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
1342 const char *old_path, const struct nls_table *nls_codepage,
1345 unsigned char *referrals = NULL;
1346 unsigned int num_referrals;
1349 rc = get_dfs_path(xid, pSesInfo,old_path, nls_codepage,
1350 &num_referrals, &referrals, remap);
1352 /* BB Add in code to: if valid refrl, if not ip address contact
1353 the helper that resolves tcp names, mount to it, try to
1354 tcon to it unmount it if fail */
1362 get_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
1363 const char *old_path, const struct nls_table *nls_codepage,
1364 unsigned int *pnum_referrals,
1365 unsigned char ** preferrals, int remap)
1370 *pnum_referrals = 0;
1372 if (pSesInfo->ipc_tid == 0) {
1373 temp_unc = kmalloc(2 /* for slashes */ +
1374 strnlen(pSesInfo->serverName,SERVER_NAME_LEN_WITH_NULL * 2)
1375 + 1 + 4 /* slash IPC$ */ + 2,
1377 if (temp_unc == NULL)
1381 strcpy(temp_unc + 2, pSesInfo->serverName);
1382 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
1383 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
1385 ("CIFS Tcon rc = %d ipc_tid = %d", rc,pSesInfo->ipc_tid));
1389 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
1390 pnum_referrals, nls_codepage, remap);
1395 /* See RFC1001 section 14 on representation of Netbios names */
1396 static void rfc1002mangle(char * target,char * source, unsigned int length)
1400 for(i=0,j=0;i<(length);i++) {
1401 /* mask a nibble at a time and encode */
1402 target[j] = 'A' + (0x0F & (source[i] >> 4));
1403 target[j+1] = 'A' + (0x0F & source[i]);
1411 ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket,
1412 char * netbios_name, char * target_name)
1416 __be16 orig_port = 0;
1418 if(*csocket == NULL) {
1419 rc = sock_create_kern(PF_INET, SOCK_STREAM, IPPROTO_TCP, csocket);
1421 cERROR(1, ("Error %d creating socket",rc));
1425 /* BB other socket options to set KEEPALIVE, NODELAY? */
1426 cFYI(1,("Socket created"));
1427 (*csocket)->sk->sk_allocation = GFP_NOFS;
1431 psin_server->sin_family = AF_INET;
1432 if(psin_server->sin_port) { /* user overrode default port */
1433 rc = (*csocket)->ops->connect(*csocket,
1434 (struct sockaddr *) psin_server,
1435 sizeof (struct sockaddr_in),0);
1441 /* save original port so we can retry user specified port
1442 later if fall back ports fail this time */
1443 orig_port = psin_server->sin_port;
1445 /* do not retry on the same port we just failed on */
1446 if(psin_server->sin_port != htons(CIFS_PORT)) {
1447 psin_server->sin_port = htons(CIFS_PORT);
1449 rc = (*csocket)->ops->connect(*csocket,
1450 (struct sockaddr *) psin_server,
1451 sizeof (struct sockaddr_in),0);
1457 psin_server->sin_port = htons(RFC1001_PORT);
1458 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1459 psin_server, sizeof (struct sockaddr_in),0);
1464 /* give up here - unless we want to retry on different
1465 protocol families some day */
1468 psin_server->sin_port = orig_port;
1469 cFYI(1,("Error %d connecting to server via ipv4",rc));
1470 sock_release(*csocket);
1474 /* Eventually check for other socket options to change from
1475 the default. sock_setsockopt not used because it expects
1476 user space buffer */
1477 cFYI(1,("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",(*csocket)->sk->sk_sndbuf,
1478 (*csocket)->sk->sk_rcvbuf, (*csocket)->sk->sk_rcvtimeo));
1479 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1480 /* make the bufsizes depend on wsize/rsize and max requests */
1481 if((*csocket)->sk->sk_sndbuf < (200 * 1024))
1482 (*csocket)->sk->sk_sndbuf = 200 * 1024;
1483 if((*csocket)->sk->sk_rcvbuf < (140 * 1024))
1484 (*csocket)->sk->sk_rcvbuf = 140 * 1024;
1486 /* send RFC1001 sessinit */
1487 if(psin_server->sin_port == htons(RFC1001_PORT)) {
1488 /* some servers require RFC1001 sessinit before sending
1489 negprot - BB check reconnection in case where second
1490 sessinit is sent but no second negprot */
1491 struct rfc1002_session_packet * ses_init_buf;
1492 struct smb_hdr * smb_buf;
1493 ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet), GFP_KERNEL);
1495 ses_init_buf->trailer.session_req.called_len = 32;
1496 if(target_name && (target_name[0] != 0)) {
1497 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1500 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1501 DEFAULT_CIFS_CALLED_NAME,16);
1504 ses_init_buf->trailer.session_req.calling_len = 32;
1505 /* calling name ends in null (byte 16) from old smb
1507 if(netbios_name && (netbios_name[0] !=0)) {
1508 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1511 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1512 "LINUX_CIFS_CLNT",16);
1514 ses_init_buf->trailer.session_req.scope1 = 0;
1515 ses_init_buf->trailer.session_req.scope2 = 0;
1516 smb_buf = (struct smb_hdr *)ses_init_buf;
1517 /* sizeof RFC1002_SESSION_REQUEST with no scope */
1518 smb_buf->smb_buf_length = 0x81000044;
1519 rc = smb_send(*csocket, smb_buf, 0x44,
1520 (struct sockaddr *)psin_server);
1521 kfree(ses_init_buf);
1522 msleep(1); /* RFC1001 layer in at least one server
1523 requires very short break before negprot
1524 presumably because not expecting negprot
1525 to follow so fast. This is a simple
1526 solution that works without
1527 complicating the code and causes no
1528 significant slowing down on mount
1529 for everyone else */
1531 /* else the negprot may still work without this
1532 even though malloc failed */
1540 ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket)
1544 __be16 orig_port = 0;
1546 if(*csocket == NULL) {
1547 rc = sock_create_kern(PF_INET6, SOCK_STREAM, IPPROTO_TCP, csocket);
1549 cERROR(1, ("Error %d creating ipv6 socket",rc));
1553 /* BB other socket options to set KEEPALIVE, NODELAY? */
1554 cFYI(1,("ipv6 Socket created"));
1555 (*csocket)->sk->sk_allocation = GFP_NOFS;
1559 psin_server->sin6_family = AF_INET6;
1561 if(psin_server->sin6_port) { /* user overrode default port */
1562 rc = (*csocket)->ops->connect(*csocket,
1563 (struct sockaddr *) psin_server,
1564 sizeof (struct sockaddr_in6),0);
1570 /* save original port so we can retry user specified port
1571 later if fall back ports fail this time */
1573 orig_port = psin_server->sin6_port;
1574 /* do not retry on the same port we just failed on */
1575 if(psin_server->sin6_port != htons(CIFS_PORT)) {
1576 psin_server->sin6_port = htons(CIFS_PORT);
1578 rc = (*csocket)->ops->connect(*csocket,
1579 (struct sockaddr *) psin_server,
1580 sizeof (struct sockaddr_in6),0);
1586 psin_server->sin6_port = htons(RFC1001_PORT);
1587 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1588 psin_server, sizeof (struct sockaddr_in6),0);
1593 /* give up here - unless we want to retry on different
1594 protocol families some day */
1597 psin_server->sin6_port = orig_port;
1598 cFYI(1,("Error %d connecting to server via ipv6",rc));
1599 sock_release(*csocket);
1603 /* Eventually check for other socket options to change from
1604 the default. sock_setsockopt not used because it expects
1605 user space buffer */
1606 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1612 cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
1613 char *mount_data, const char *devname)
1617 int address_type = AF_INET;
1618 struct socket *csocket = NULL;
1619 struct sockaddr_in sin_server;
1620 struct sockaddr_in6 sin_server6;
1621 struct smb_vol volume_info;
1622 struct cifsSesInfo *pSesInfo = NULL;
1623 struct cifsSesInfo *existingCifsSes = NULL;
1624 struct cifsTconInfo *tcon = NULL;
1625 struct TCP_Server_Info *srvTcp = NULL;
1629 /* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */
1631 memset(&volume_info,0,sizeof(struct smb_vol));
1632 if (cifs_parse_mount_options(mount_data, devname, &volume_info)) {
1633 kfree(volume_info.UNC);
1634 kfree(volume_info.password);
1635 kfree(volume_info.prepath);
1640 if (volume_info.username) {
1641 /* BB fixme parse for domain name here */
1642 cFYI(1, ("Username: %s ", volume_info.username));
1645 cifserror("No username specified");
1646 /* In userspace mount helper we can get user name from alternate
1647 locations such as env variables and files on disk */
1648 kfree(volume_info.UNC);
1649 kfree(volume_info.password);
1650 kfree(volume_info.prepath);
1655 if (volume_info.UNCip && volume_info.UNC) {
1656 rc = cifs_inet_pton(AF_INET, volume_info.UNCip,&sin_server.sin_addr.s_addr);
1659 /* not ipv4 address, try ipv6 */
1660 rc = cifs_inet_pton(AF_INET6,volume_info.UNCip,&sin_server6.sin6_addr.in6_u);
1662 address_type = AF_INET6;
1664 address_type = AF_INET;
1668 /* we failed translating address */
1669 kfree(volume_info.UNC);
1670 kfree(volume_info.password);
1671 kfree(volume_info.prepath);
1676 cFYI(1, ("UNC: %s ip: %s", volume_info.UNC, volume_info.UNCip));
1679 } else if (volume_info.UNCip){
1680 /* BB using ip addr as server name connect to the DFS root below */
1681 cERROR(1,("Connecting to DFS root not implemented yet"));
1682 kfree(volume_info.UNC);
1683 kfree(volume_info.password);
1684 kfree(volume_info.prepath);
1687 } else /* which servers DFS root would we conect to */ {
1689 ("CIFS mount error: No UNC path (e.g. -o unc=//192.168.1.100/public) specified"));
1690 kfree(volume_info.UNC);
1691 kfree(volume_info.password);
1692 kfree(volume_info.prepath);
1697 /* this is needed for ASCII cp to Unicode converts */
1698 if(volume_info.iocharset == NULL) {
1699 cifs_sb->local_nls = load_nls_default();
1700 /* load_nls_default can not return null */
1702 cifs_sb->local_nls = load_nls(volume_info.iocharset);
1703 if(cifs_sb->local_nls == NULL) {
1704 cERROR(1,("CIFS mount error: iocharset %s not found",volume_info.iocharset));
1705 kfree(volume_info.UNC);
1706 kfree(volume_info.password);
1707 kfree(volume_info.prepath);
1713 if(address_type == AF_INET)
1714 existingCifsSes = cifs_find_tcp_session(&sin_server.sin_addr,
1715 NULL /* no ipv6 addr */,
1716 volume_info.username, &srvTcp);
1717 else if(address_type == AF_INET6)
1718 existingCifsSes = cifs_find_tcp_session(NULL /* no ipv4 addr */,
1719 &sin_server6.sin6_addr,
1720 volume_info.username, &srvTcp);
1722 kfree(volume_info.UNC);
1723 kfree(volume_info.password);
1724 kfree(volume_info.prepath);
1731 cFYI(1, ("Existing tcp session with server found"));
1732 } else { /* create socket */
1733 if(volume_info.port)
1734 sin_server.sin_port = htons(volume_info.port);
1736 sin_server.sin_port = 0;
1737 rc = ipv4_connect(&sin_server,&csocket,
1738 volume_info.source_rfc1001_name,
1739 volume_info.target_rfc1001_name);
1742 ("Error connecting to IPv4 socket. Aborting operation"));
1744 sock_release(csocket);
1745 kfree(volume_info.UNC);
1746 kfree(volume_info.password);
1747 kfree(volume_info.prepath);
1752 srvTcp = kmalloc(sizeof (struct TCP_Server_Info), GFP_KERNEL);
1753 if (srvTcp == NULL) {
1755 sock_release(csocket);
1756 kfree(volume_info.UNC);
1757 kfree(volume_info.password);
1758 kfree(volume_info.prepath);
1762 memset(srvTcp, 0, sizeof (struct TCP_Server_Info));
1763 memcpy(&srvTcp->addr.sockAddr, &sin_server, sizeof (struct sockaddr_in));
1764 atomic_set(&srvTcp->inFlight,0);
1765 /* BB Add code for ipv6 case too */
1766 srvTcp->ssocket = csocket;
1767 srvTcp->protocolType = IPV4;
1768 init_waitqueue_head(&srvTcp->response_q);
1769 init_waitqueue_head(&srvTcp->request_q);
1770 INIT_LIST_HEAD(&srvTcp->pending_mid_q);
1771 /* at this point we are the only ones with the pointer
1772 to the struct since the kernel thread not created yet
1773 so no need to spinlock this init of tcpStatus */
1774 srvTcp->tcpStatus = CifsNew;
1775 init_MUTEX(&srvTcp->tcpSem);
1776 rc = (int)kernel_thread((void *)(void *)cifs_demultiplex_thread, srvTcp,
1777 CLONE_FS | CLONE_FILES | CLONE_VM);
1780 sock_release(csocket);
1781 kfree(volume_info.UNC);
1782 kfree(volume_info.password);
1783 kfree(volume_info.prepath);
1787 wait_for_completion(&cifsd_complete);
1789 memcpy(srvTcp->workstation_RFC1001_name, volume_info.source_rfc1001_name,16);
1790 memcpy(srvTcp->server_RFC1001_name, volume_info.target_rfc1001_name,16);
1791 srvTcp->sequence_number = 0;
1795 if (existingCifsSes) {
1796 pSesInfo = existingCifsSes;
1797 cFYI(1, ("Existing smb sess found"));
1798 kfree(volume_info.password);
1799 /* volume_info.UNC freed at end of function */
1801 cFYI(1, ("Existing smb sess not found"));
1802 pSesInfo = sesInfoAlloc();
1803 if (pSesInfo == NULL)
1806 pSesInfo->server = srvTcp;
1807 sprintf(pSesInfo->serverName, "%u.%u.%u.%u",
1808 NIPQUAD(sin_server.sin_addr.s_addr));
1812 /* volume_info.password freed at unmount */
1813 if (volume_info.password)
1814 pSesInfo->password = volume_info.password;
1815 if (volume_info.username)
1816 strncpy(pSesInfo->userName,
1817 volume_info.username,MAX_USERNAME_SIZE);
1818 if (volume_info.domainname) {
1819 int len = strlen(volume_info.domainname);
1820 pSesInfo->domainName =
1821 kmalloc(len + 1, GFP_KERNEL);
1822 if(pSesInfo->domainName)
1823 strcpy(pSesInfo->domainName,
1824 volume_info.domainname);
1826 pSesInfo->linux_uid = volume_info.linux_uid;
1827 pSesInfo->overrideSecFlg = volume_info.secFlg;
1828 down(&pSesInfo->sesSem);
1829 /* BB FIXME need to pass vol->secFlgs BB */
1830 rc = cifs_setup_session(xid,pSesInfo, cifs_sb->local_nls);
1831 up(&pSesInfo->sesSem);
1833 atomic_inc(&srvTcp->socketUseCount);
1835 kfree(volume_info.password);
1838 /* search for existing tcon to this server share */
1840 if(volume_info.rsize > CIFSMaxBufSize) {
1841 cERROR(1,("rsize %d too large, using MaxBufSize",
1842 volume_info.rsize));
1843 cifs_sb->rsize = CIFSMaxBufSize;
1844 } else if((volume_info.rsize) && (volume_info.rsize <= CIFSMaxBufSize))
1845 cifs_sb->rsize = volume_info.rsize;
1847 cifs_sb->rsize = CIFSMaxBufSize;
1849 if(volume_info.wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
1850 cERROR(1,("wsize %d too large using 4096 instead",
1851 volume_info.wsize));
1852 cifs_sb->wsize = 4096;
1853 } else if(volume_info.wsize)
1854 cifs_sb->wsize = volume_info.wsize;
1857 min_t(const int, PAGEVEC_SIZE * PAGE_CACHE_SIZE,
1859 /* old default of CIFSMaxBufSize was too small now
1860 that SMB Write2 can send multiple pages in kvec.
1861 RFC1001 does not describe what happens when frame
1862 bigger than 128K is sent so use that as max in
1863 conjunction with 52K kvec constraint on arch with 4K
1866 if(cifs_sb->rsize < 2048) {
1867 cifs_sb->rsize = 2048;
1868 /* Windows ME may prefer this */
1869 cFYI(1,("readsize set to minimum 2048"));
1871 /* calculate prepath */
1872 cifs_sb->prepath = volume_info.prepath;
1873 if(cifs_sb->prepath) {
1874 cifs_sb->prepathlen = strlen(cifs_sb->prepath);
1875 cifs_sb->prepath[0] = CIFS_DIR_SEP(cifs_sb);
1876 volume_info.prepath = NULL;
1878 cifs_sb->prepathlen = 0;
1879 cifs_sb->mnt_uid = volume_info.linux_uid;
1880 cifs_sb->mnt_gid = volume_info.linux_gid;
1881 cifs_sb->mnt_file_mode = volume_info.file_mode;
1882 cifs_sb->mnt_dir_mode = volume_info.dir_mode;
1883 cFYI(1,("file mode: 0x%x dir mode: 0x%x",
1884 cifs_sb->mnt_file_mode,cifs_sb->mnt_dir_mode));
1886 if(volume_info.noperm)
1887 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
1888 if(volume_info.setuids)
1889 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
1890 if(volume_info.server_ino)
1891 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
1892 if(volume_info.remap)
1893 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
1894 if(volume_info.no_xattr)
1895 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
1896 if(volume_info.sfu_emul)
1897 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
1898 if(volume_info.nobrl)
1899 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
1900 if(volume_info.cifs_acl)
1901 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
1903 if(volume_info.direct_io) {
1904 cFYI(1,("mounting share using direct i/o"));
1905 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
1909 find_unc(sin_server.sin_addr.s_addr, volume_info.UNC,
1910 volume_info.username);
1912 cFYI(1, ("Found match on UNC path"));
1913 /* we can have only one retry value for a connection
1914 to a share so for resources mounted more than once
1915 to the same server share the last value passed in
1916 for the retry flag is used */
1917 tcon->retry = volume_info.retry;
1918 tcon->nocase = volume_info.nocase;
1920 tcon = tconInfoAlloc();
1924 /* check for null share name ie connect to dfs root */
1926 /* BB check if this works for exactly length three strings */
1927 if ((strchr(volume_info.UNC + 3, '\\') == NULL)
1928 && (strchr(volume_info.UNC + 3, '/') ==
1930 rc = connect_to_dfs_path(xid, pSesInfo,
1931 "", cifs_sb->local_nls,
1932 cifs_sb->mnt_cifs_flags &
1933 CIFS_MOUNT_MAP_SPECIAL_CHR);
1934 kfree(volume_info.UNC);
1938 rc = CIFSTCon(xid, pSesInfo,
1940 tcon, cifs_sb->local_nls);
1941 cFYI(1, ("CIFS Tcon rc = %d", rc));
1944 atomic_inc(&pSesInfo->inUse);
1945 tcon->retry = volume_info.retry;
1946 tcon->nocase = volume_info.nocase;
1952 if (pSesInfo->capabilities & CAP_LARGE_FILES) {
1953 sb->s_maxbytes = (u64) 1 << 63;
1955 sb->s_maxbytes = (u64) 1 << 31; /* 2 GB */
1958 sb->s_time_gran = 100;
1960 /* on error free sesinfo and tcon struct if needed */
1962 /* if session setup failed, use count is zero but
1963 we still need to free cifsd thread */
1964 if(atomic_read(&srvTcp->socketUseCount) == 0) {
1965 spin_lock(&GlobalMid_Lock);
1966 srvTcp->tcpStatus = CifsExiting;
1967 spin_unlock(&GlobalMid_Lock);
1969 send_sig(SIGKILL,srvTcp->tsk,1);
1970 wait_for_completion(&cifsd_complete);
1973 /* If find_unc succeeded then rc == 0 so we can not end */
1974 if (tcon) /* up accidently freeing someone elses tcon struct */
1976 if (existingCifsSes == NULL) {
1978 if ((pSesInfo->server) &&
1979 (pSesInfo->status == CifsGood)) {
1981 temp_rc = CIFSSMBLogoff(xid, pSesInfo);
1982 /* if the socketUseCount is now zero */
1983 if((temp_rc == -ESHUTDOWN) &&
1984 (pSesInfo->server->tsk)) {
1985 send_sig(SIGKILL,pSesInfo->server->tsk,1);
1986 wait_for_completion(&cifsd_complete);
1989 cFYI(1, ("No session or bad tcon"));
1990 sesInfoFree(pSesInfo);
1991 /* pSesInfo = NULL; */
1995 atomic_inc(&tcon->useCount);
1996 cifs_sb->tcon = tcon;
1997 tcon->ses = pSesInfo;
1999 /* do not care if following two calls succeed - informational */
2000 CIFSSMBQFSDeviceInfo(xid, tcon);
2001 CIFSSMBQFSAttributeInfo(xid, tcon);
2003 if (tcon->ses->capabilities & CAP_UNIX) {
2004 if(!CIFSSMBQFSUnixInfo(xid, tcon)) {
2006 le64_to_cpu(tcon->fsUnixInfo.Capability);
2007 cap &= CIFS_UNIX_CAP_MASK;
2008 if(volume_info.no_psx_acl)
2009 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2010 else if(CIFS_UNIX_POSIX_ACL_CAP & cap) {
2011 cFYI(1,("negotiated posix acl support"));
2012 sb->s_flags |= MS_POSIXACL;
2015 if(volume_info.posix_paths == 0)
2016 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2017 else if(cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
2018 cFYI(1,("negotiate posix pathnames"));
2019 cifs_sb->mnt_cifs_flags |=
2020 CIFS_MOUNT_POSIX_PATHS;
2023 cFYI(1,("Negotiate caps 0x%x",(int)cap));
2024 #ifdef CONFIG_CIFS_DEBUG2
2025 if(cap & CIFS_UNIX_FCNTL_CAP)
2026 cFYI(1,("FCNTL cap"));
2027 if(cap & CIFS_UNIX_EXTATTR_CAP)
2028 cFYI(1,("EXTATTR cap"));
2029 if(cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2030 cFYI(1,("POSIX path cap"));
2031 if(cap & CIFS_UNIX_XATTR_CAP)
2032 cFYI(1,("XATTR cap"));
2033 if(cap & CIFS_UNIX_POSIX_ACL_CAP)
2034 cFYI(1,("POSIX ACL cap"));
2035 #endif /* CIFS_DEBUG2 */
2036 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
2037 cFYI(1,("setting capabilities failed"));
2041 if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
2042 cifs_sb->wsize = min(cifs_sb->wsize,
2043 (tcon->ses->server->maxBuf -
2044 MAX_CIFS_HDR_SIZE));
2045 if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
2046 cifs_sb->rsize = min(cifs_sb->rsize,
2047 (tcon->ses->server->maxBuf -
2048 MAX_CIFS_HDR_SIZE));
2051 /* volume_info.password is freed above when existing session found
2052 (in which case it is not needed anymore) but when new sesion is created
2053 the password ptr is put in the new session structure (in which case the
2054 password will be freed at unmount time) */
2055 kfree(volume_info.UNC);
2056 kfree(volume_info.prepath);
2062 CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2063 char session_key[CIFS_SESS_KEY_SIZE],
2064 const struct nls_table *nls_codepage)
2066 struct smb_hdr *smb_buffer;
2067 struct smb_hdr *smb_buffer_response;
2068 SESSION_SETUP_ANDX *pSMB;
2069 SESSION_SETUP_ANDX *pSMBr;
2074 int remaining_words = 0;
2075 int bytes_returned = 0;
2080 cFYI(1, ("In sesssetup"));
2083 user = ses->userName;
2084 domain = ses->domainName;
2085 smb_buffer = cifs_buf_get();
2086 if (smb_buffer == NULL) {
2089 smb_buffer_response = smb_buffer;
2090 pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2092 /* send SMBsessionSetup here */
2093 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2094 NULL /* no tCon exists yet */ , 13 /* wct */ );
2096 smb_buffer->Mid = GetNextMid(ses->server);
2097 pSMB->req_no_secext.AndXCommand = 0xFF;
2098 pSMB->req_no_secext.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2099 pSMB->req_no_secext.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2101 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2102 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2104 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2105 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
2106 if (ses->capabilities & CAP_UNICODE) {
2107 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2108 capabilities |= CAP_UNICODE;
2110 if (ses->capabilities & CAP_STATUS32) {
2111 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2112 capabilities |= CAP_STATUS32;
2114 if (ses->capabilities & CAP_DFS) {
2115 smb_buffer->Flags2 |= SMBFLG2_DFS;
2116 capabilities |= CAP_DFS;
2118 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
2120 pSMB->req_no_secext.CaseInsensitivePasswordLength =
2121 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2123 pSMB->req_no_secext.CaseSensitivePasswordLength =
2124 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2125 bcc_ptr = pByteArea(smb_buffer);
2126 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2127 bcc_ptr += CIFS_SESS_KEY_SIZE;
2128 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2129 bcc_ptr += CIFS_SESS_KEY_SIZE;
2131 if (ses->capabilities & CAP_UNICODE) {
2132 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode */
2137 bytes_returned = 0; /* skip null user */
2140 cifs_strtoUCS((__le16 *) bcc_ptr, user, 100,
2142 /* convert number of 16 bit words to bytes */
2143 bcc_ptr += 2 * bytes_returned;
2144 bcc_ptr += 2; /* trailing null */
2147 cifs_strtoUCS((__le16 *) bcc_ptr,
2148 "CIFS_LINUX_DOM", 32, nls_codepage);
2151 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2153 bcc_ptr += 2 * bytes_returned;
2156 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2158 bcc_ptr += 2 * bytes_returned;
2160 cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release,
2162 bcc_ptr += 2 * bytes_returned;
2165 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2167 bcc_ptr += 2 * bytes_returned;
2171 strncpy(bcc_ptr, user, 200);
2172 bcc_ptr += strnlen(user, 200);
2176 if (domain == NULL) {
2177 strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2178 bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2180 strncpy(bcc_ptr, domain, 64);
2181 bcc_ptr += strnlen(domain, 64);
2185 strcpy(bcc_ptr, "Linux version ");
2186 bcc_ptr += strlen("Linux version ");
2187 strcpy(bcc_ptr, system_utsname.release);
2188 bcc_ptr += strlen(system_utsname.release) + 1;
2189 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2190 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2192 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2193 smb_buffer->smb_buf_length += count;
2194 pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
2196 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2197 &bytes_returned, 1);
2199 /* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2200 } else if ((smb_buffer_response->WordCount == 3)
2201 || (smb_buffer_response->WordCount == 4)) {
2202 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2203 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2204 if (action & GUEST_LOGIN)
2205 cFYI(1, (" Guest login")); /* do we want to mark SesInfo struct ? */
2206 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format (le) */
2207 cFYI(1, ("UID = %d ", ses->Suid));
2208 /* response can have either 3 or 4 word count - Samba sends 3 */
2209 bcc_ptr = pByteArea(smb_buffer_response);
2210 if ((pSMBr->resp.hdr.WordCount == 3)
2211 || ((pSMBr->resp.hdr.WordCount == 4)
2212 && (blob_len < pSMBr->resp.ByteCount))) {
2213 if (pSMBr->resp.hdr.WordCount == 4)
2214 bcc_ptr += blob_len;
2216 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2217 if ((long) (bcc_ptr) % 2) {
2219 (BCC(smb_buffer_response) - 1) /2;
2220 bcc_ptr++; /* Unicode strings must be word aligned */
2223 BCC(smb_buffer_response) / 2;
2226 UniStrnlen((wchar_t *) bcc_ptr,
2227 remaining_words - 1);
2228 /* We look for obvious messed up bcc or strings in response so we do not go off
2229 the end since (at least) WIN2K and Windows XP have a major bug in not null
2230 terminating last Unicode string in response */
2232 kfree(ses->serverOS);
2233 ses->serverOS = kzalloc(2 * (len + 1), GFP_KERNEL);
2234 if(ses->serverOS == NULL)
2235 goto sesssetup_nomem;
2236 cifs_strfromUCS_le(ses->serverOS,
2237 (__le16 *)bcc_ptr, len,nls_codepage);
2238 bcc_ptr += 2 * (len + 1);
2239 remaining_words -= len + 1;
2240 ses->serverOS[2 * len] = 0;
2241 ses->serverOS[1 + (2 * len)] = 0;
2242 if (remaining_words > 0) {
2243 len = UniStrnlen((wchar_t *)bcc_ptr,
2245 kfree(ses->serverNOS);
2246 ses->serverNOS = kzalloc(2 * (len + 1),GFP_KERNEL);
2247 if(ses->serverNOS == NULL)
2248 goto sesssetup_nomem;
2249 cifs_strfromUCS_le(ses->serverNOS,
2250 (__le16 *)bcc_ptr,len,nls_codepage);
2251 bcc_ptr += 2 * (len + 1);
2252 ses->serverNOS[2 * len] = 0;
2253 ses->serverNOS[1 + (2 * len)] = 0;
2254 if(strncmp(ses->serverNOS,
2255 "NT LAN Manager 4",16) == 0) {
2256 cFYI(1,("NT4 server"));
2257 ses->flags |= CIFS_SES_NT4;
2259 remaining_words -= len + 1;
2260 if (remaining_words > 0) {
2261 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2262 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2263 if(ses->serverDomain)
2264 kfree(ses->serverDomain);
2266 kzalloc(2*(len+1),GFP_KERNEL);
2267 if(ses->serverDomain == NULL)
2268 goto sesssetup_nomem;
2269 cifs_strfromUCS_le(ses->serverDomain,
2270 (__le16 *)bcc_ptr,len,nls_codepage);
2271 bcc_ptr += 2 * (len + 1);
2272 ses->serverDomain[2*len] = 0;
2273 ses->serverDomain[1+(2*len)] = 0;
2274 } /* else no more room so create dummy domain string */
2276 if(ses->serverDomain)
2277 kfree(ses->serverDomain);
2279 kzalloc(2, GFP_KERNEL);
2281 } else { /* no room so create dummy domain and NOS string */
2282 /* if these kcallocs fail not much we
2283 can do, but better to not fail the
2285 kfree(ses->serverDomain);
2287 kzalloc(2, GFP_KERNEL);
2288 kfree(ses->serverNOS);
2290 kzalloc(2, GFP_KERNEL);
2292 } else { /* ASCII */
2293 len = strnlen(bcc_ptr, 1024);
2294 if (((long) bcc_ptr + len) - (long)
2295 pByteArea(smb_buffer_response)
2296 <= BCC(smb_buffer_response)) {
2297 kfree(ses->serverOS);
2298 ses->serverOS = kzalloc(len + 1,GFP_KERNEL);
2299 if(ses->serverOS == NULL)
2300 goto sesssetup_nomem;
2301 strncpy(ses->serverOS,bcc_ptr, len);
2304 bcc_ptr[0] = 0; /* null terminate the string */
2307 len = strnlen(bcc_ptr, 1024);
2308 kfree(ses->serverNOS);
2309 ses->serverNOS = kzalloc(len + 1,GFP_KERNEL);
2310 if(ses->serverNOS == NULL)
2311 goto sesssetup_nomem;
2312 strncpy(ses->serverNOS, bcc_ptr, len);
2317 len = strnlen(bcc_ptr, 1024);
2318 if(ses->serverDomain)
2319 kfree(ses->serverDomain);
2320 ses->serverDomain = kzalloc(len + 1,GFP_KERNEL);
2321 if(ses->serverDomain == NULL)
2322 goto sesssetup_nomem;
2323 strncpy(ses->serverDomain, bcc_ptr, len);
2329 ("Variable field of length %d extends beyond end of smb ",
2334 (" Security Blob Length extends beyond end of SMB"));
2338 (" Invalid Word count %d: ",
2339 smb_buffer_response->WordCount));
2342 sesssetup_nomem: /* do not return an error on nomem for the info strings,
2343 since that could make reconnection harder, and
2344 reconnection might be needed to free memory */
2346 cifs_buf_release(smb_buffer);
2352 CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2353 struct cifsSesInfo *ses, int * pNTLMv2_flag,
2354 const struct nls_table *nls_codepage)
2356 struct smb_hdr *smb_buffer;
2357 struct smb_hdr *smb_buffer_response;
2358 SESSION_SETUP_ANDX *pSMB;
2359 SESSION_SETUP_ANDX *pSMBr;
2363 int remaining_words = 0;
2364 int bytes_returned = 0;
2366 int SecurityBlobLength = sizeof (NEGOTIATE_MESSAGE);
2367 PNEGOTIATE_MESSAGE SecurityBlob;
2368 PCHALLENGE_MESSAGE SecurityBlob2;
2369 __u32 negotiate_flags, capabilities;
2372 cFYI(1, ("In NTLMSSP sesssetup (negotiate)"));
2375 domain = ses->domainName;
2376 *pNTLMv2_flag = FALSE;
2377 smb_buffer = cifs_buf_get();
2378 if (smb_buffer == NULL) {
2381 smb_buffer_response = smb_buffer;
2382 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2383 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2385 /* send SMBsessionSetup here */
2386 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2387 NULL /* no tCon exists yet */ , 12 /* wct */ );
2389 smb_buffer->Mid = GetNextMid(ses->server);
2390 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2391 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2393 pSMB->req.AndXCommand = 0xFF;
2394 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2395 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2397 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2398 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2400 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2401 CAP_EXTENDED_SECURITY;
2402 if (ses->capabilities & CAP_UNICODE) {
2403 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2404 capabilities |= CAP_UNICODE;
2406 if (ses->capabilities & CAP_STATUS32) {
2407 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2408 capabilities |= CAP_STATUS32;
2410 if (ses->capabilities & CAP_DFS) {
2411 smb_buffer->Flags2 |= SMBFLG2_DFS;
2412 capabilities |= CAP_DFS;
2414 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2416 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2417 SecurityBlob = (PNEGOTIATE_MESSAGE) bcc_ptr;
2418 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2419 SecurityBlob->MessageType = NtLmNegotiate;
2421 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
2422 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM |
2423 NTLMSSP_NEGOTIATE_56 |
2424 /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
2426 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
2427 /* if(ntlmv2_support)
2428 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;*/
2429 /* setup pointers to domain name and workstation name */
2430 bcc_ptr += SecurityBlobLength;
2432 SecurityBlob->WorkstationName.Buffer = 0;
2433 SecurityBlob->WorkstationName.Length = 0;
2434 SecurityBlob->WorkstationName.MaximumLength = 0;
2436 /* Domain not sent on first Sesssetup in NTLMSSP, instead it is sent
2437 along with username on auth request (ie the response to challenge) */
2438 SecurityBlob->DomainName.Buffer = 0;
2439 SecurityBlob->DomainName.Length = 0;
2440 SecurityBlob->DomainName.MaximumLength = 0;
2441 if (ses->capabilities & CAP_UNICODE) {
2442 if ((long) bcc_ptr % 2) {
2448 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2450 bcc_ptr += 2 * bytes_returned;
2452 cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release, 32,
2454 bcc_ptr += 2 * bytes_returned;
2455 bcc_ptr += 2; /* null terminate Linux version */
2457 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2459 bcc_ptr += 2 * bytes_returned;
2462 bcc_ptr += 2; /* null terminate network opsys string */
2465 bcc_ptr += 2; /* null domain */
2466 } else { /* ASCII */
2467 strcpy(bcc_ptr, "Linux version ");
2468 bcc_ptr += strlen("Linux version ");
2469 strcpy(bcc_ptr, system_utsname.release);
2470 bcc_ptr += strlen(system_utsname.release) + 1;
2471 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2472 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2473 bcc_ptr++; /* empty domain field */
2476 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2477 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2478 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2479 smb_buffer->smb_buf_length += count;
2480 pSMB->req.ByteCount = cpu_to_le16(count);
2482 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2483 &bytes_returned, 1);
2485 if (smb_buffer_response->Status.CifsError ==
2486 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
2490 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2491 } else if ((smb_buffer_response->WordCount == 3)
2492 || (smb_buffer_response->WordCount == 4)) {
2493 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2494 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2496 if (action & GUEST_LOGIN)
2497 cFYI(1, (" Guest login"));
2498 /* Do we want to set anything in SesInfo struct when guest login? */
2500 bcc_ptr = pByteArea(smb_buffer_response);
2501 /* response can have either 3 or 4 word count - Samba sends 3 */
2503 SecurityBlob2 = (PCHALLENGE_MESSAGE) bcc_ptr;
2504 if (SecurityBlob2->MessageType != NtLmChallenge) {
2506 ("Unexpected NTLMSSP message type received %d",
2507 SecurityBlob2->MessageType));
2509 ses->Suid = smb_buffer_response->Uid; /* UID left in le format */
2510 cFYI(1, ("UID = %d", ses->Suid));
2511 if ((pSMBr->resp.hdr.WordCount == 3)
2512 || ((pSMBr->resp.hdr.WordCount == 4)
2514 pSMBr->resp.ByteCount))) {
2516 if (pSMBr->resp.hdr.WordCount == 4) {
2517 bcc_ptr += blob_len;
2518 cFYI(1, ("Security Blob Length %d",
2522 cFYI(1, ("NTLMSSP Challenge rcvd"));
2524 memcpy(ses->server->cryptKey,
2525 SecurityBlob2->Challenge,
2526 CIFS_CRYPTO_KEY_SIZE);
2527 if(SecurityBlob2->NegotiateFlags &
2528 cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
2529 *pNTLMv2_flag = TRUE;
2531 if((SecurityBlob2->NegotiateFlags &
2532 cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN))
2533 || (sign_CIFS_PDUs > 1))
2534 ses->server->secMode |=
2535 SECMODE_SIGN_REQUIRED;
2536 if ((SecurityBlob2->NegotiateFlags &
2537 cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN)) && (sign_CIFS_PDUs))
2538 ses->server->secMode |=
2539 SECMODE_SIGN_ENABLED;
2541 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2542 if ((long) (bcc_ptr) % 2) {
2544 (BCC(smb_buffer_response)
2546 bcc_ptr++; /* Unicode strings must be word aligned */
2550 (smb_buffer_response) / 2;
2553 UniStrnlen((wchar_t *) bcc_ptr,
2554 remaining_words - 1);
2555 /* We look for obvious messed up bcc or strings in response so we do not go off
2556 the end since (at least) WIN2K and Windows XP have a major bug in not null
2557 terminating last Unicode string in response */
2559 kfree(ses->serverOS);
2561 kzalloc(2 * (len + 1), GFP_KERNEL);
2562 cifs_strfromUCS_le(ses->serverOS,
2566 bcc_ptr += 2 * (len + 1);
2567 remaining_words -= len + 1;
2568 ses->serverOS[2 * len] = 0;
2569 ses->serverOS[1 + (2 * len)] = 0;
2570 if (remaining_words > 0) {
2571 len = UniStrnlen((wchar_t *)
2575 kfree(ses->serverNOS);
2577 kzalloc(2 * (len + 1),
2579 cifs_strfromUCS_le(ses->
2585 bcc_ptr += 2 * (len + 1);
2586 ses->serverNOS[2 * len] = 0;
2589 remaining_words -= len + 1;
2590 if (remaining_words > 0) {
2591 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2592 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2593 kfree(ses->serverDomain);
2605 ses->serverDomain[2*len]
2610 } /* else no more room so create dummy domain string */
2612 kfree(ses->serverDomain);
2617 } else { /* no room so create dummy domain and NOS string */
2618 kfree(ses->serverDomain);
2620 kzalloc(2, GFP_KERNEL);
2621 kfree(ses->serverNOS);
2623 kzalloc(2, GFP_KERNEL);
2625 } else { /* ASCII */
2626 len = strnlen(bcc_ptr, 1024);
2627 if (((long) bcc_ptr + len) - (long)
2628 pByteArea(smb_buffer_response)
2629 <= BCC(smb_buffer_response)) {
2631 kfree(ses->serverOS);
2635 strncpy(ses->serverOS,
2639 bcc_ptr[0] = 0; /* null terminate string */
2642 len = strnlen(bcc_ptr, 1024);
2643 kfree(ses->serverNOS);
2647 strncpy(ses->serverNOS, bcc_ptr, len);
2652 len = strnlen(bcc_ptr, 1024);
2653 kfree(ses->serverDomain);
2657 strncpy(ses->serverDomain, bcc_ptr, len);
2663 ("Variable field of length %d extends beyond end of smb",
2668 (" Security Blob Length extends beyond end of SMB"));
2671 cERROR(1, ("No session structure passed in."));
2675 (" Invalid Word count %d:",
2676 smb_buffer_response->WordCount));
2681 cifs_buf_release(smb_buffer);
2686 CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2687 char *ntlm_session_key, int ntlmv2_flag,
2688 const struct nls_table *nls_codepage)
2690 struct smb_hdr *smb_buffer;
2691 struct smb_hdr *smb_buffer_response;
2692 SESSION_SETUP_ANDX *pSMB;
2693 SESSION_SETUP_ANDX *pSMBr;
2698 int remaining_words = 0;
2699 int bytes_returned = 0;
2701 int SecurityBlobLength = sizeof (AUTHENTICATE_MESSAGE);
2702 PAUTHENTICATE_MESSAGE SecurityBlob;
2703 __u32 negotiate_flags, capabilities;
2706 cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
2709 user = ses->userName;
2710 domain = ses->domainName;
2711 smb_buffer = cifs_buf_get();
2712 if (smb_buffer == NULL) {
2715 smb_buffer_response = smb_buffer;
2716 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2717 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2719 /* send SMBsessionSetup here */
2720 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2721 NULL /* no tCon exists yet */ , 12 /* wct */ );
2723 smb_buffer->Mid = GetNextMid(ses->server);
2724 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2725 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2726 pSMB->req.AndXCommand = 0xFF;
2727 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2728 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2730 pSMB->req.hdr.Uid = ses->Suid;
2732 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2733 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2735 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2736 CAP_EXTENDED_SECURITY;
2737 if (ses->capabilities & CAP_UNICODE) {
2738 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2739 capabilities |= CAP_UNICODE;
2741 if (ses->capabilities & CAP_STATUS32) {
2742 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2743 capabilities |= CAP_STATUS32;
2745 if (ses->capabilities & CAP_DFS) {
2746 smb_buffer->Flags2 |= SMBFLG2_DFS;
2747 capabilities |= CAP_DFS;
2749 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2751 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2752 SecurityBlob = (PAUTHENTICATE_MESSAGE) bcc_ptr;
2753 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2754 SecurityBlob->MessageType = NtLmAuthenticate;
2755 bcc_ptr += SecurityBlobLength;
2757 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
2758 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
2759 0x80000000 | NTLMSSP_NEGOTIATE_128;
2761 negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
2763 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
2765 /* setup pointers to domain name and workstation name */
2767 SecurityBlob->WorkstationName.Buffer = 0;
2768 SecurityBlob->WorkstationName.Length = 0;
2769 SecurityBlob->WorkstationName.MaximumLength = 0;
2770 SecurityBlob->SessionKey.Length = 0;
2771 SecurityBlob->SessionKey.MaximumLength = 0;
2772 SecurityBlob->SessionKey.Buffer = 0;
2774 SecurityBlob->LmChallengeResponse.Length = 0;
2775 SecurityBlob->LmChallengeResponse.MaximumLength = 0;
2776 SecurityBlob->LmChallengeResponse.Buffer = 0;
2778 SecurityBlob->NtChallengeResponse.Length =
2779 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2780 SecurityBlob->NtChallengeResponse.MaximumLength =
2781 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2782 memcpy(bcc_ptr, ntlm_session_key, CIFS_SESS_KEY_SIZE);
2783 SecurityBlob->NtChallengeResponse.Buffer =
2784 cpu_to_le32(SecurityBlobLength);
2785 SecurityBlobLength += CIFS_SESS_KEY_SIZE;
2786 bcc_ptr += CIFS_SESS_KEY_SIZE;
2788 if (ses->capabilities & CAP_UNICODE) {
2789 if (domain == NULL) {
2790 SecurityBlob->DomainName.Buffer = 0;
2791 SecurityBlob->DomainName.Length = 0;
2792 SecurityBlob->DomainName.MaximumLength = 0;
2795 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2798 SecurityBlob->DomainName.MaximumLength =
2800 SecurityBlob->DomainName.Buffer =
2801 cpu_to_le32(SecurityBlobLength);
2803 SecurityBlobLength += len;
2804 SecurityBlob->DomainName.Length =
2808 SecurityBlob->UserName.Buffer = 0;
2809 SecurityBlob->UserName.Length = 0;
2810 SecurityBlob->UserName.MaximumLength = 0;
2813 cifs_strtoUCS((__le16 *) bcc_ptr, user, 64,
2816 SecurityBlob->UserName.MaximumLength =
2818 SecurityBlob->UserName.Buffer =
2819 cpu_to_le32(SecurityBlobLength);
2821 SecurityBlobLength += len;
2822 SecurityBlob->UserName.Length =
2826 /* SecurityBlob->WorkstationName.Length = cifs_strtoUCS((__le16 *) bcc_ptr, "AMACHINE",64, nls_codepage);
2827 SecurityBlob->WorkstationName.Length *= 2;
2828 SecurityBlob->WorkstationName.MaximumLength = cpu_to_le16(SecurityBlob->WorkstationName.Length);
2829 SecurityBlob->WorkstationName.Buffer = cpu_to_le32(SecurityBlobLength);
2830 bcc_ptr += SecurityBlob->WorkstationName.Length;
2831 SecurityBlobLength += SecurityBlob->WorkstationName.Length;
2832 SecurityBlob->WorkstationName.Length = cpu_to_le16(SecurityBlob->WorkstationName.Length); */
2834 if ((long) bcc_ptr % 2) {
2839 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2841 bcc_ptr += 2 * bytes_returned;
2843 cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release, 32,
2845 bcc_ptr += 2 * bytes_returned;
2846 bcc_ptr += 2; /* null term version string */
2848 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2850 bcc_ptr += 2 * bytes_returned;
2853 bcc_ptr += 2; /* null terminate network opsys string */
2856 bcc_ptr += 2; /* null domain */
2857 } else { /* ASCII */
2858 if (domain == NULL) {
2859 SecurityBlob->DomainName.Buffer = 0;
2860 SecurityBlob->DomainName.Length = 0;
2861 SecurityBlob->DomainName.MaximumLength = 0;
2864 negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
2865 strncpy(bcc_ptr, domain, 63);
2866 len = strnlen(domain, 64);
2867 SecurityBlob->DomainName.MaximumLength =
2869 SecurityBlob->DomainName.Buffer =
2870 cpu_to_le32(SecurityBlobLength);
2872 SecurityBlobLength += len;
2873 SecurityBlob->DomainName.Length = cpu_to_le16(len);
2876 SecurityBlob->UserName.Buffer = 0;
2877 SecurityBlob->UserName.Length = 0;
2878 SecurityBlob->UserName.MaximumLength = 0;
2881 strncpy(bcc_ptr, user, 63);
2882 len = strnlen(user, 64);
2883 SecurityBlob->UserName.MaximumLength =
2885 SecurityBlob->UserName.Buffer =
2886 cpu_to_le32(SecurityBlobLength);
2888 SecurityBlobLength += len;
2889 SecurityBlob->UserName.Length = cpu_to_le16(len);
2891 /* BB fill in our workstation name if known BB */
2893 strcpy(bcc_ptr, "Linux version ");
2894 bcc_ptr += strlen("Linux version ");
2895 strcpy(bcc_ptr, system_utsname.release);
2896 bcc_ptr += strlen(system_utsname.release) + 1;
2897 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2898 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2899 bcc_ptr++; /* null domain */
2902 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2903 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2904 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2905 smb_buffer->smb_buf_length += count;
2906 pSMB->req.ByteCount = cpu_to_le16(count);
2908 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2909 &bytes_returned, 1);
2911 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2912 } else if ((smb_buffer_response->WordCount == 3)
2913 || (smb_buffer_response->WordCount == 4)) {
2914 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2916 le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2917 if (action & GUEST_LOGIN)
2918 cFYI(1, (" Guest login")); /* BB do we want to set anything in SesInfo struct ? */
2919 /* if(SecurityBlob2->MessageType != NtLm??){
2920 cFYI("Unexpected message type on auth response is %d "));
2924 ("Does UID on challenge %d match auth response UID %d ",
2925 ses->Suid, smb_buffer_response->Uid));
2926 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format */
2927 bcc_ptr = pByteArea(smb_buffer_response);
2928 /* response can have either 3 or 4 word count - Samba sends 3 */
2929 if ((pSMBr->resp.hdr.WordCount == 3)
2930 || ((pSMBr->resp.hdr.WordCount == 4)
2932 pSMBr->resp.ByteCount))) {
2933 if (pSMBr->resp.hdr.WordCount == 4) {
2937 ("Security Blob Length %d ",
2942 ("NTLMSSP response to Authenticate "));
2944 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2945 if ((long) (bcc_ptr) % 2) {
2947 (BCC(smb_buffer_response)
2949 bcc_ptr++; /* Unicode strings must be word aligned */
2951 remaining_words = BCC(smb_buffer_response) / 2;
2954 UniStrnlen((wchar_t *) bcc_ptr,remaining_words - 1);
2955 /* We look for obvious messed up bcc or strings in response so we do not go off
2956 the end since (at least) WIN2K and Windows XP have a major bug in not null
2957 terminating last Unicode string in response */
2959 kfree(ses->serverOS);
2961 kzalloc(2 * (len + 1), GFP_KERNEL);
2962 cifs_strfromUCS_le(ses->serverOS,
2966 bcc_ptr += 2 * (len + 1);
2967 remaining_words -= len + 1;
2968 ses->serverOS[2 * len] = 0;
2969 ses->serverOS[1 + (2 * len)] = 0;
2970 if (remaining_words > 0) {
2971 len = UniStrnlen((wchar_t *)
2975 kfree(ses->serverNOS);
2977 kzalloc(2 * (len + 1),
2979 cifs_strfromUCS_le(ses->
2985 bcc_ptr += 2 * (len + 1);
2986 ses->serverNOS[2 * len] = 0;
2987 ses->serverNOS[1+(2*len)] = 0;
2988 remaining_words -= len + 1;
2989 if (remaining_words > 0) {
2990 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2991 /* last string not always null terminated (e.g. for Windows XP & 2000) */
2992 if(ses->serverDomain)
2993 kfree(ses->serverDomain);
3018 } /* else no more room so create dummy domain string */
3020 if(ses->serverDomain)
3021 kfree(ses->serverDomain);
3022 ses->serverDomain = kzalloc(2,GFP_KERNEL);
3024 } else { /* no room so create dummy domain and NOS string */
3025 if(ses->serverDomain)
3026 kfree(ses->serverDomain);
3027 ses->serverDomain = kzalloc(2, GFP_KERNEL);
3028 kfree(ses->serverNOS);
3029 ses->serverNOS = kzalloc(2, GFP_KERNEL);
3031 } else { /* ASCII */
3032 len = strnlen(bcc_ptr, 1024);
3033 if (((long) bcc_ptr + len) -
3034 (long) pByteArea(smb_buffer_response)
3035 <= BCC(smb_buffer_response)) {
3037 kfree(ses->serverOS);
3038 ses->serverOS = kzalloc(len + 1,GFP_KERNEL);
3039 strncpy(ses->serverOS,bcc_ptr, len);
3042 bcc_ptr[0] = 0; /* null terminate the string */
3045 len = strnlen(bcc_ptr, 1024);
3046 kfree(ses->serverNOS);
3047 ses->serverNOS = kzalloc(len+1,GFP_KERNEL);
3048 strncpy(ses->serverNOS, bcc_ptr, len);
3053 len = strnlen(bcc_ptr, 1024);
3054 if(ses->serverDomain)
3055 kfree(ses->serverDomain);
3056 ses->serverDomain = kzalloc(len+1,GFP_KERNEL);
3057 strncpy(ses->serverDomain, bcc_ptr, len);
3063 ("Variable field of length %d extends beyond end of smb ",
3068 (" Security Blob Length extends beyond end of SMB"));
3071 cERROR(1, ("No session structure passed in."));
3075 (" Invalid Word count %d: ",
3076 smb_buffer_response->WordCount));
3081 cifs_buf_release(smb_buffer);
3087 CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3088 const char *tree, struct cifsTconInfo *tcon,
3089 const struct nls_table *nls_codepage)
3091 struct smb_hdr *smb_buffer;
3092 struct smb_hdr *smb_buffer_response;
3095 unsigned char *bcc_ptr;
3103 smb_buffer = cifs_buf_get();
3104 if (smb_buffer == NULL) {
3107 smb_buffer_response = smb_buffer;
3109 header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3110 NULL /*no tid */ , 4 /*wct */ );
3112 smb_buffer->Mid = GetNextMid(ses->server);
3113 smb_buffer->Uid = ses->Suid;
3114 pSMB = (TCONX_REQ *) smb_buffer;
3115 pSMBr = (TCONX_RSP *) smb_buffer_response;
3117 pSMB->AndXCommand = 0xFF;
3118 pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
3119 bcc_ptr = &pSMB->Password[0];
3120 if((ses->server->secMode) & SECMODE_USER) {
3121 pSMB->PasswordLength = cpu_to_le16(1); /* minimum */
3122 *bcc_ptr = 0; /* password is null byte */
3123 bcc_ptr++; /* skip password */
3124 /* already aligned so no need to do it below */
3126 pSMB->PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);
3127 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3128 specified as required (when that support is added to
3129 the vfs in the future) as only NTLM or the much
3130 weaker LANMAN (which we do not send by default) is accepted
3131 by Samba (not sure whether other servers allow
3132 NTLMv2 password here) */
3133 #ifdef CONFIG_CIFS_WEAK_PW_HASH
3134 if((extended_security & CIFSSEC_MAY_LANMAN) &&
3135 (ses->server->secType == LANMAN))
3136 calc_lanman_hash(ses, bcc_ptr);
3138 #endif /* CIFS_WEAK_PW_HASH */
3139 SMBNTencrypt(ses->password,
3140 ses->server->cryptKey,
3143 bcc_ptr += CIFS_SESS_KEY_SIZE;
3144 if(ses->capabilities & CAP_UNICODE) {
3145 /* must align unicode strings */
3146 *bcc_ptr = 0; /* null byte password */
3151 if(ses->server->secMode &
3152 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3153 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3155 if (ses->capabilities & CAP_STATUS32) {
3156 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3158 if (ses->capabilities & CAP_DFS) {
3159 smb_buffer->Flags2 |= SMBFLG2_DFS;
3161 if (ses->capabilities & CAP_UNICODE) {
3162 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3164 cifs_strtoUCS((__le16 *) bcc_ptr, tree,
3165 6 /* max utf8 char length in bytes */ *
3166 (/* server len*/ + 256 /* share len */), nls_codepage);
3167 bcc_ptr += 2 * length; /* convert num 16 bit words to bytes */
3168 bcc_ptr += 2; /* skip trailing null */
3169 } else { /* ASCII */
3170 strcpy(bcc_ptr, tree);
3171 bcc_ptr += strlen(tree) + 1;
3173 strcpy(bcc_ptr, "?????");
3174 bcc_ptr += strlen("?????");
3176 count = bcc_ptr - &pSMB->Password[0];
3177 pSMB->hdr.smb_buf_length += count;
3178 pSMB->ByteCount = cpu_to_le16(count);
3180 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length, 0);
3182 /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3183 /* above now done in SendReceive */
3184 if ((rc == 0) && (tcon != NULL)) {
3185 tcon->tidStatus = CifsGood;
3186 tcon->tid = smb_buffer_response->Tid;
3187 bcc_ptr = pByteArea(smb_buffer_response);
3188 length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2);
3189 /* skip service field (NB: this field is always ASCII) */
3190 bcc_ptr += length + 1;
3191 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3192 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3193 length = UniStrnlen((wchar_t *) bcc_ptr, 512);
3194 if ((bcc_ptr + (2 * length)) -
3195 pByteArea(smb_buffer_response) <=
3196 BCC(smb_buffer_response)) {
3197 kfree(tcon->nativeFileSystem);
3198 tcon->nativeFileSystem =
3199 kzalloc(length + 2, GFP_KERNEL);
3200 cifs_strfromUCS_le(tcon->nativeFileSystem,
3202 length, nls_codepage);
3203 bcc_ptr += 2 * length;
3204 bcc_ptr[0] = 0; /* null terminate the string */
3208 /* else do not bother copying these informational fields */
3210 length = strnlen(bcc_ptr, 1024);
3211 if ((bcc_ptr + length) -
3212 pByteArea(smb_buffer_response) <=
3213 BCC(smb_buffer_response)) {
3214 kfree(tcon->nativeFileSystem);
3215 tcon->nativeFileSystem =
3216 kzalloc(length + 1, GFP_KERNEL);
3217 strncpy(tcon->nativeFileSystem, bcc_ptr,
3220 /* else do not bother copying these informational fields */
3222 if(smb_buffer_response->WordCount == 3)
3223 tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3226 cFYI(1, ("Tcon flags: 0x%x ", tcon->Flags));
3227 } else if ((rc == 0) && tcon == NULL) {
3228 /* all we need to save for IPC$ connection */
3229 ses->ipc_tid = smb_buffer_response->Tid;
3233 cifs_buf_release(smb_buffer);
3238 cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3242 struct cifsSesInfo *ses = NULL;
3243 struct task_struct *cifsd_task;
3248 if (cifs_sb->tcon) {
3249 ses = cifs_sb->tcon->ses; /* save ptr to ses before delete tcon!*/
3250 rc = CIFSSMBTDis(xid, cifs_sb->tcon);
3255 tconInfoFree(cifs_sb->tcon);
3256 if ((ses) && (ses->server)) {
3257 /* save off task so we do not refer to ses later */
3258 cifsd_task = ses->server->tsk;
3259 cFYI(1, ("About to do SMBLogoff "));
3260 rc = CIFSSMBLogoff(xid, ses);
3264 } else if (rc == -ESHUTDOWN) {
3265 cFYI(1,("Waking up socket by sending it signal"));
3267 send_sig(SIGKILL,cifsd_task,1);
3268 wait_for_completion(&cifsd_complete);
3271 } /* else - we have an smb session
3272 left on this socket do not kill cifsd */
3274 cFYI(1, ("No session or bad tcon"));
3277 cifs_sb->tcon = NULL;
3278 tmp = cifs_sb->prepath;
3279 cifs_sb->prepathlen = 0;
3280 cifs_sb->prepath = NULL;
3283 schedule_timeout_interruptible(msecs_to_jiffies(500));
3288 return rc; /* BB check if we should always return zero here */
3291 int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
3292 struct nls_table * nls_info)
3295 char ntlm_session_key[CIFS_SESS_KEY_SIZE];
3296 int ntlmv2_flag = FALSE;
3299 /* what if server changes its buffer size after dropping the session? */
3300 if(pSesInfo->server->maxBuf == 0) /* no need to send on reconnect */ {
3301 rc = CIFSSMBNegotiate(xid, pSesInfo);
3302 if(rc == -EAGAIN) /* retry only once on 1st time connection */ {
3303 rc = CIFSSMBNegotiate(xid, pSesInfo);
3308 spin_lock(&GlobalMid_Lock);
3309 if(pSesInfo->server->tcpStatus != CifsExiting)
3310 pSesInfo->server->tcpStatus = CifsGood;
3313 spin_unlock(&GlobalMid_Lock);
3319 pSesInfo->capabilities = pSesInfo->server->capabilities;
3320 if(linuxExtEnabled == 0)
3321 pSesInfo->capabilities &= (~CAP_UNIX);
3322 /* pSesInfo->sequence_number = 0;*/
3323 cFYI(1,("Security Mode: 0x%x Capabilities: 0x%x Time Zone: %d",
3324 pSesInfo->server->secMode,
3325 pSesInfo->server->capabilities,
3326 pSesInfo->server->timeZone));
3327 if(experimEnabled < 2)
3328 rc = CIFS_SessSetup(xid, pSesInfo,
3329 first_time, nls_info);
3330 else if (extended_security
3331 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3332 && (pSesInfo->server->secType == NTLMSSP)) {
3334 } else if (extended_security
3335 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3336 && (pSesInfo->server->secType == RawNTLMSSP)) {
3337 cFYI(1, ("NTLMSSP sesssetup"));
3338 rc = CIFSNTLMSSPNegotiateSessSetup(xid,
3345 cFYI(1,("Can use more secure NTLM version 2 password hash"));
3346 if(CalcNTLMv2_partial_mac_key(pSesInfo,
3351 v2_response = kmalloc(16 + 64 /* blob */, GFP_KERNEL);
3353 CalcNTLMv2_response(pSesInfo,v2_response);
3355 cifs_calculate_ntlmv2_mac_key(
3356 pSesInfo->server->mac_signing_key,
3357 response, ntlm_session_key, */
3359 /* BB Put dummy sig in SessSetup PDU? */
3366 SMBNTencrypt(pSesInfo->password,
3367 pSesInfo->server->cryptKey,
3371 cifs_calculate_mac_key(
3372 pSesInfo->server->mac_signing_key,
3374 pSesInfo->password);
3376 /* for better security the weaker lanman hash not sent
3377 in AuthSessSetup so we no longer calculate it */
3379 rc = CIFSNTLMSSPAuthSessSetup(xid,
3385 } else { /* old style NTLM 0.12 session setup */
3386 SMBNTencrypt(pSesInfo->password,
3387 pSesInfo->server->cryptKey,
3391 cifs_calculate_mac_key(
3392 pSesInfo->server->mac_signing_key,
3393 ntlm_session_key, pSesInfo->password);
3395 rc = CIFSSessSetup(xid, pSesInfo,
3396 ntlm_session_key, nls_info);
3399 cERROR(1,("Send error in SessSetup = %d",rc));
3401 cFYI(1,("CIFS Session Established successfully"));
3402 pSesInfo->status = CifsGood;
git.openpandora.org / pandora-kernel.git / blob