4 * Copyright (C) International Business Machines Corp., 2002,2006
5 * Author(s): Steve French (sfrench@us.ibm.com)
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/ipv6.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/pagevec.h>
34 #include <asm/uaccess.h>
35 #include <asm/processor.h>
38 #include "cifsproto.h"
39 #include "cifs_unicode.h"
40 #include "cifs_debug.h"
41 #include "cifs_fs_sb.h"
44 #include "rfc1002pdu.h"
48 #define RFC1001_PORT 139
50 static DECLARE_COMPLETION(cifsd_complete);
52 extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
55 extern mempool_t *cifs_req_poolp;
63 char *in6_addr; /* ipv6 address as human readable form of in6_addr */
64 char *iocharset; /* local code page for mapping to and from Unicode */
65 char source_rfc1001_name[16]; /* netbios name of client */
66 char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
77 unsigned no_psx_acl:1; /* set if posix acl support should be disabled */
79 unsigned no_xattr:1; /* set if xattr (EA) support should be disabled*/
80 unsigned server_ino:1; /* use inode numbers from server ie UniqueId */
82 unsigned remap:1; /* set to remap seven reserved chars in filenames */
83 unsigned posix_paths:1; /* unset to not ask for posix pathnames. */
85 unsigned nullauth:1; /* attempt to authenticate with null user */
86 unsigned nocase; /* request case insensitive filenames */
87 unsigned nobrl; /* disable sending byte range locks to srv */
91 unsigned short int port;
94 static int ipv4_connect(struct sockaddr_in *psin_server,
95 struct socket **csocket,
97 char * server_netb_name);
98 static int ipv6_connect(struct sockaddr_in6 *psin_server,
99 struct socket **csocket);
103 * cifs tcp session reconnection
105 * mark tcp session as reconnecting so temporarily locked
106 * mark all smb sessions as reconnecting for tcp session
107 * reconnect tcp session
108 * wake up waiters on reconnection? - (not needed currently)
112 cifs_reconnect(struct TCP_Server_Info *server)
115 struct list_head *tmp;
116 struct cifsSesInfo *ses;
117 struct cifsTconInfo *tcon;
118 struct mid_q_entry * mid_entry;
120 spin_lock(&GlobalMid_Lock);
121 if(server->tcpStatus == CifsExiting) {
122 /* the demux thread will exit normally
123 next time through the loop */
124 spin_unlock(&GlobalMid_Lock);
127 server->tcpStatus = CifsNeedReconnect;
128 spin_unlock(&GlobalMid_Lock);
131 cFYI(1, ("Reconnecting tcp session"));
133 /* before reconnecting the tcp session, mark the smb session (uid)
134 and the tid bad so they are not used until reconnected */
135 read_lock(&GlobalSMBSeslock);
136 list_for_each(tmp, &GlobalSMBSessionList) {
137 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
139 if (ses->server == server) {
140 ses->status = CifsNeedReconnect;
144 /* else tcp and smb sessions need reconnection */
146 list_for_each(tmp, &GlobalTreeConnectionList) {
147 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
148 if((tcon) && (tcon->ses) && (tcon->ses->server == server)) {
149 tcon->tidStatus = CifsNeedReconnect;
152 read_unlock(&GlobalSMBSeslock);
153 /* do not want to be sending data on a socket we are freeing */
154 down(&server->tcpSem);
155 if(server->ssocket) {
156 cFYI(1,("State: 0x%x Flags: 0x%lx", server->ssocket->state,
157 server->ssocket->flags));
158 server->ssocket->ops->shutdown(server->ssocket,SEND_SHUTDOWN);
159 cFYI(1,("Post shutdown state: 0x%x Flags: 0x%lx", server->ssocket->state,
160 server->ssocket->flags));
161 sock_release(server->ssocket);
162 server->ssocket = NULL;
165 spin_lock(&GlobalMid_Lock);
166 list_for_each(tmp, &server->pending_mid_q) {
167 mid_entry = list_entry(tmp, struct
171 if(mid_entry->midState == MID_REQUEST_SUBMITTED) {
172 /* Mark other intransit requests as needing
173 retry so we do not immediately mark the
174 session bad again (ie after we reconnect
175 below) as they timeout too */
176 mid_entry->midState = MID_RETRY_NEEDED;
180 spin_unlock(&GlobalMid_Lock);
183 while ((server->tcpStatus != CifsExiting) && (server->tcpStatus != CifsGood))
185 if(server->protocolType == IPV6) {
186 rc = ipv6_connect(&server->addr.sockAddr6,&server->ssocket);
188 rc = ipv4_connect(&server->addr.sockAddr,
190 server->workstation_RFC1001_name,
191 server->server_RFC1001_name);
194 cFYI(1,("reconnect error %d",rc));
197 atomic_inc(&tcpSesReconnectCount);
198 spin_lock(&GlobalMid_Lock);
199 if(server->tcpStatus != CifsExiting)
200 server->tcpStatus = CifsGood;
201 server->sequence_number = 0;
202 spin_unlock(&GlobalMid_Lock);
203 /* atomic_set(&server->inFlight,0);*/
204 wake_up(&server->response_q);
212 0 not a transact2, or all data present
213 >0 transact2 with that much data missing
214 -EINVAL = invalid transact2
217 static int check2ndT2(struct smb_hdr * pSMB, unsigned int maxBufSize)
219 struct smb_t2_rsp * pSMBt;
221 int data_in_this_rsp;
224 if(pSMB->Command != SMB_COM_TRANSACTION2)
227 /* check for plausible wct, bcc and t2 data and parm sizes */
228 /* check for parm and data offset going beyond end of smb */
229 if(pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
230 cFYI(1,("invalid transact2 word count"));
234 pSMBt = (struct smb_t2_rsp *)pSMB;
236 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
237 data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
239 remaining = total_data_size - data_in_this_rsp;
243 else if(remaining < 0) {
244 cFYI(1,("total data %d smaller than data in frame %d",
245 total_data_size, data_in_this_rsp));
248 cFYI(1,("missing %d bytes from transact2, check next response",
250 if(total_data_size > maxBufSize) {
251 cERROR(1,("TotalDataSize %d is over maximum buffer %d",
252 total_data_size,maxBufSize));
259 static int coalesce_t2(struct smb_hdr * psecond, struct smb_hdr *pTargetSMB)
261 struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
262 struct smb_t2_rsp *pSMBt = (struct smb_t2_rsp *)pTargetSMB;
267 char * data_area_of_target;
268 char * data_area_of_buf2;
271 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
273 if(total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
274 cFYI(1,("total data sizes of primary and secondary t2 differ"));
277 total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
279 remaining = total_data_size - total_in_buf;
284 if(remaining == 0) /* nothing to do, ignore */
287 total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
288 if(remaining < total_in_buf2) {
289 cFYI(1,("transact2 2nd response contains too much data"));
292 /* find end of first SMB data area */
293 data_area_of_target = (char *)&pSMBt->hdr.Protocol +
294 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
295 /* validate target area */
297 data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
298 le16_to_cpu(pSMB2->t2_rsp.DataOffset);
300 data_area_of_target += total_in_buf;
302 /* copy second buffer into end of first buffer */
303 memcpy(data_area_of_target,data_area_of_buf2,total_in_buf2);
304 total_in_buf += total_in_buf2;
305 pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
306 byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
307 byte_count += total_in_buf2;
308 BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
310 byte_count = pTargetSMB->smb_buf_length;
311 byte_count += total_in_buf2;
313 /* BB also add check that we are not beyond maximum buffer size */
315 pTargetSMB->smb_buf_length = byte_count;
317 if(remaining == total_in_buf2) {
318 cFYI(1,("found the last secondary response"));
319 return 0; /* we are done */
320 } else /* more responses to go */
326 cifs_demultiplex_thread(struct TCP_Server_Info *server)
329 unsigned int pdu_length, total_read;
330 struct smb_hdr *smb_buffer = NULL;
331 struct smb_hdr *bigbuf = NULL;
332 struct smb_hdr *smallbuf = NULL;
333 struct msghdr smb_msg;
335 struct socket *csocket = server->ssocket;
336 struct list_head *tmp;
337 struct cifsSesInfo *ses;
338 struct task_struct *task_to_wake = NULL;
339 struct mid_q_entry *mid_entry;
341 int isLargeBuf = FALSE;
346 allow_signal(SIGKILL);
347 current->flags |= PF_MEMALLOC;
348 server->tsk = current; /* save process info to wake at shutdown */
349 cFYI(1, ("Demultiplex PID: %d", current->pid));
350 write_lock(&GlobalSMBSeslock);
351 atomic_inc(&tcpSesAllocCount);
352 length = tcpSesAllocCount.counter;
353 write_unlock(&GlobalSMBSeslock);
354 complete(&cifsd_complete);
356 mempool_resize(cifs_req_poolp,
357 length + cifs_min_rcv,
361 while (server->tcpStatus != CifsExiting) {
364 if (bigbuf == NULL) {
365 bigbuf = cifs_buf_get();
367 cERROR(1, ("No memory for large SMB response"));
369 /* retry will check if exiting */
372 } else if (isLargeBuf) {
373 /* we are reusing a dirty large buf, clear its start */
374 memset(bigbuf, 0, sizeof (struct smb_hdr));
377 if (smallbuf == NULL) {
378 smallbuf = cifs_small_buf_get();
380 cERROR(1, ("No memory for SMB response"));
382 /* retry will check if exiting */
385 /* beginning of smb buffer is cleared in our buf_get */
386 } else /* if existing small buf clear beginning */
387 memset(smallbuf, 0, sizeof (struct smb_hdr));
391 smb_buffer = smallbuf;
392 iov.iov_base = smb_buffer;
394 smb_msg.msg_control = NULL;
395 smb_msg.msg_controllen = 0;
397 kernel_recvmsg(csocket, &smb_msg,
398 &iov, 1, 4, 0 /* BB see socket.h flags */);
400 if (server->tcpStatus == CifsExiting) {
402 } else if (server->tcpStatus == CifsNeedReconnect) {
403 cFYI(1, ("Reconnect after server stopped responding"));
404 cifs_reconnect(server);
405 cFYI(1, ("call to reconnect done"));
406 csocket = server->ssocket;
408 } else if ((length == -ERESTARTSYS) || (length == -EAGAIN)) {
409 msleep(1); /* minimum sleep to prevent looping
410 allowing socket to clear and app threads to set
411 tcpStatus CifsNeedReconnect if server hung */
413 } else if (length <= 0) {
414 if (server->tcpStatus == CifsNew) {
415 cFYI(1, ("tcp session abend after SMBnegprot"));
416 /* some servers kill the TCP session rather than
417 returning an SMB negprot error, in which
418 case reconnecting here is not going to help,
419 and so simply return error to mount */
422 if (!try_to_freeze() && (length == -EINTR)) {
423 cFYI(1,("cifsd thread killed"));
426 cFYI(1,("Reconnect after unexpected peek error %d",
428 cifs_reconnect(server);
429 csocket = server->ssocket;
430 wake_up(&server->response_q);
432 } else if (length < 4) {
434 ("Frame under four bytes received (%d bytes long)",
436 cifs_reconnect(server);
437 csocket = server->ssocket;
438 wake_up(&server->response_q);
442 /* The right amount was read from socket - 4 bytes */
443 /* so we can now interpret the length field */
445 /* the first byte big endian of the length field,
446 is actually not part of the length but the type
447 with the most common, zero, as regular data */
448 temp = *((char *) smb_buffer);
450 /* Note that FC 1001 length is big endian on the wire,
451 but we convert it here so it is always manipulated
452 as host byte order */
453 pdu_length = ntohl(smb_buffer->smb_buf_length);
454 smb_buffer->smb_buf_length = pdu_length;
456 cFYI(1,("rfc1002 length 0x%x)", pdu_length+4));
458 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
460 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
461 cFYI(1,("Good RFC 1002 session rsp"));
463 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
464 /* we get this from Windows 98 instead of
465 an error on SMB negprot response */
466 cFYI(1,("Negative RFC1002 Session Response Error 0x%x)",
468 if(server->tcpStatus == CifsNew) {
469 /* if nack on negprot (rather than
470 ret of smb negprot error) reconnecting
471 not going to help, ret error to mount */
474 /* give server a second to
475 clean up before reconnect attempt */
477 /* always try 445 first on reconnect
478 since we get NACK on some if we ever
479 connected to port 139 (the NACK is
480 since we do not begin with RFC1001
481 session initialize frame) */
482 server->addr.sockAddr.sin_port =
484 cifs_reconnect(server);
485 csocket = server->ssocket;
486 wake_up(&server->response_q);
489 } else if (temp != (char) 0) {
490 cERROR(1,("Unknown RFC 1002 frame"));
491 cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
493 cifs_reconnect(server);
494 csocket = server->ssocket;
498 /* else we have an SMB response */
499 if((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
500 (pdu_length < sizeof (struct smb_hdr) - 1 - 4)) {
501 cERROR(1, ("Invalid size SMB length %d pdu_length %d",
502 length, pdu_length+4));
503 cifs_reconnect(server);
504 csocket = server->ssocket;
505 wake_up(&server->response_q);
512 if(pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
514 memcpy(bigbuf, smallbuf, 4);
518 iov.iov_base = 4 + (char *)smb_buffer;
519 iov.iov_len = pdu_length;
520 for (total_read = 0; total_read < pdu_length;
521 total_read += length) {
522 length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
523 pdu_length - total_read, 0);
524 if((server->tcpStatus == CifsExiting) ||
525 (length == -EINTR)) {
529 } else if (server->tcpStatus == CifsNeedReconnect) {
530 cifs_reconnect(server);
531 csocket = server->ssocket;
532 /* Reconnect wakes up rspns q */
533 /* Now we will reread sock */
536 } else if ((length == -ERESTARTSYS) ||
537 (length == -EAGAIN)) {
538 msleep(1); /* minimum sleep to prevent looping,
539 allowing socket to clear and app
540 threads to set tcpStatus
541 CifsNeedReconnect if server hung*/
543 } else if (length <= 0) {
544 cERROR(1,("Received no data, expecting %d",
545 pdu_length - total_read));
546 cifs_reconnect(server);
547 csocket = server->ssocket;
554 else if(reconnect == 1)
557 length += 4; /* account for rfc1002 hdr */
560 dump_smb(smb_buffer, length);
561 if (checkSMB(smb_buffer, smb_buffer->Mid, total_read+4)) {
562 cifs_dump_mem("Bad SMB: ", smb_buffer, 48);
568 spin_lock(&GlobalMid_Lock);
569 list_for_each(tmp, &server->pending_mid_q) {
570 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
572 if ((mid_entry->mid == smb_buffer->Mid) &&
573 (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
574 (mid_entry->command == smb_buffer->Command)) {
575 if(check2ndT2(smb_buffer,server->maxBuf) > 0) {
576 /* We have a multipart transact2 resp */
578 if(mid_entry->resp_buf) {
579 /* merge response - fix up 1st*/
580 if(coalesce_t2(smb_buffer,
581 mid_entry->resp_buf)) {
582 mid_entry->multiRsp = 1;
585 /* all parts received */
586 mid_entry->multiEnd = 1;
591 cERROR(1,("1st trans2 resp needs bigbuf"));
592 /* BB maybe we can fix this up, switch
593 to already allocated large buffer? */
595 /* Have first buffer */
596 mid_entry->resp_buf =
598 mid_entry->largeBuf = 1;
604 mid_entry->resp_buf = smb_buffer;
606 mid_entry->largeBuf = 1;
608 mid_entry->largeBuf = 0;
610 task_to_wake = mid_entry->tsk;
611 mid_entry->midState = MID_RESPONSE_RECEIVED;
612 #ifdef CONFIG_CIFS_STATS2
613 mid_entry->when_received = jiffies;
618 spin_unlock(&GlobalMid_Lock);
620 /* Was previous buf put in mpx struct for multi-rsp? */
622 /* smb buffer will be freed by user thread */
628 wake_up_process(task_to_wake);
629 } else if ((is_valid_oplock_break(smb_buffer, server) == FALSE)
630 && (isMultiRsp == FALSE)) {
631 cERROR(1, ("No task to wake, unknown frame rcvd! NumMids %d", midCount.counter));
632 cifs_dump_mem("Received Data is: ",(char *)smb_buffer,
633 sizeof(struct smb_hdr));
634 #ifdef CONFIG_CIFS_DEBUG2
635 cifs_dump_detail(smb_buffer);
636 cifs_dump_mids(server);
637 #endif /* CIFS_DEBUG2 */
640 } /* end while !EXITING */
642 spin_lock(&GlobalMid_Lock);
643 server->tcpStatus = CifsExiting;
645 /* check if we have blocked requests that need to free */
646 /* Note that cifs_max_pending is normally 50, but
647 can be set at module install time to as little as two */
648 if(atomic_read(&server->inFlight) >= cifs_max_pending)
649 atomic_set(&server->inFlight, cifs_max_pending - 1);
650 /* We do not want to set the max_pending too low or we
651 could end up with the counter going negative */
652 spin_unlock(&GlobalMid_Lock);
653 /* Although there should not be any requests blocked on
654 this queue it can not hurt to be paranoid and try to wake up requests
655 that may haven been blocked when more than 50 at time were on the wire
656 to the same server - they now will see the session is in exit state
657 and get out of SendReceive. */
658 wake_up_all(&server->request_q);
659 /* give those requests time to exit */
662 if(server->ssocket) {
663 sock_release(csocket);
664 server->ssocket = NULL;
666 /* buffer usuallly freed in free_mid - need to free it here on exit */
668 cifs_buf_release(bigbuf);
669 if (smallbuf != NULL)
670 cifs_small_buf_release(smallbuf);
672 read_lock(&GlobalSMBSeslock);
673 if (list_empty(&server->pending_mid_q)) {
674 /* loop through server session structures attached to this and
676 list_for_each(tmp, &GlobalSMBSessionList) {
678 list_entry(tmp, struct cifsSesInfo,
680 if (ses->server == server) {
681 ses->status = CifsExiting;
685 read_unlock(&GlobalSMBSeslock);
687 /* although we can not zero the server struct pointer yet,
688 since there are active requests which may depnd on them,
689 mark the corresponding SMB sessions as exiting too */
690 list_for_each(tmp, &GlobalSMBSessionList) {
691 ses = list_entry(tmp, struct cifsSesInfo,
693 if (ses->server == server) {
694 ses->status = CifsExiting;
698 spin_lock(&GlobalMid_Lock);
699 list_for_each(tmp, &server->pending_mid_q) {
700 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
701 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
703 ("Clearing Mid 0x%x - waking up ",mid_entry->mid));
704 task_to_wake = mid_entry->tsk;
706 wake_up_process(task_to_wake);
710 spin_unlock(&GlobalMid_Lock);
711 read_unlock(&GlobalSMBSeslock);
712 /* 1/8th of sec is more than enough time for them to exit */
716 if (!list_empty(&server->pending_mid_q)) {
717 /* mpx threads have not exited yet give them
718 at least the smb send timeout time for long ops */
719 /* due to delays on oplock break requests, we need
720 to wait at least 45 seconds before giving up
721 on a request getting a response and going ahead
723 cFYI(1, ("Wait for exit from demultiplex thread"));
725 /* if threads still have not exited they are probably never
726 coming home not much else we can do but free the memory */
729 write_lock(&GlobalSMBSeslock);
730 atomic_dec(&tcpSesAllocCount);
731 length = tcpSesAllocCount.counter;
733 /* last chance to mark ses pointers invalid
734 if there are any pointing to this (e.g
735 if a crazy root user tried to kill cifsd
736 kernel thread explicitly this might happen) */
737 list_for_each(tmp, &GlobalSMBSessionList) {
738 ses = list_entry(tmp, struct cifsSesInfo,
740 if (ses->server == server) {
744 write_unlock(&GlobalSMBSeslock);
748 mempool_resize(cifs_req_poolp,
749 length + cifs_min_rcv,
753 complete_and_exit(&cifsd_complete, 0);
758 cifs_parse_mount_options(char *options, const char *devname,struct smb_vol *vol)
762 unsigned int temp_len, i, j;
768 memset(vol->source_rfc1001_name,0x20,15);
769 for(i=0;i < strnlen(system_utsname.nodename,15);i++) {
770 /* does not have to be a perfect mapping since the field is
771 informational, only used for servers that do not support
772 port 445 and it can be overridden at mount time */
773 vol->source_rfc1001_name[i] =
774 toupper(system_utsname.nodename[i]);
776 vol->source_rfc1001_name[15] = 0;
777 /* null target name indicates to use *SMBSERVR default called name
778 if we end up sending RFC1001 session initialize */
779 vol->target_rfc1001_name[0] = 0;
780 vol->linux_uid = current->uid; /* current->euid instead? */
781 vol->linux_gid = current->gid;
782 vol->dir_mode = S_IRWXUGO;
783 /* 2767 perms indicate mandatory locking support */
784 vol->file_mode = S_IALLUGO & ~(S_ISUID | S_IXGRP);
786 /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
788 /* default is always to request posix paths. */
789 vol->posix_paths = 1;
794 if(strncmp(options,"sep=",4) == 0) {
795 if(options[4] != 0) {
796 separator[0] = options[4];
799 cFYI(1,("Null separator not allowed"));
803 while ((data = strsep(&options, separator)) != NULL) {
806 if ((value = strchr(data, '=')) != NULL)
809 if (strnicmp(data, "user_xattr",10) == 0) {/*parse before user*/
811 } else if (strnicmp(data, "nouser_xattr",12) == 0) {
813 } else if (strnicmp(data, "user", 4) == 0) {
814 if (!value || !*value) {
816 "CIFS: invalid or missing username\n");
817 return 1; /* needs_arg; */
819 if (strnlen(value, 200) < 200) {
820 vol->username = value;
822 printk(KERN_WARNING "CIFS: username too long\n");
825 } else if (strnicmp(data, "pass", 4) == 0) {
827 vol->password = NULL;
829 } else if(value[0] == 0) {
830 /* check if string begins with double comma
831 since that would mean the password really
832 does start with a comma, and would not
833 indicate an empty string */
834 if(value[1] != separator[0]) {
835 vol->password = NULL;
839 temp_len = strlen(value);
840 /* removed password length check, NTLM passwords
841 can be arbitrarily long */
843 /* if comma in password, the string will be
844 prematurely null terminated. Commas in password are
845 specified across the cifs mount interface by a double
846 comma ie ,, and a comma used as in other cases ie ','
847 as a parameter delimiter/separator is single and due
848 to the strsep above is temporarily zeroed. */
850 /* NB: password legally can have multiple commas and
851 the only illegal character in a password is null */
853 if ((value[temp_len] == 0) &&
854 (value[temp_len+1] == separator[0])) {
856 value[temp_len] = separator[0];
857 temp_len+=2; /* move after the second comma */
858 while(value[temp_len] != 0) {
859 if (value[temp_len] == separator[0]) {
860 if (value[temp_len+1] ==
862 /* skip second comma */
865 /* single comma indicating start
872 if(value[temp_len] == 0) {
876 /* point option to start of next parm */
877 options = value + temp_len + 1;
879 /* go from value to value + temp_len condensing
880 double commas to singles. Note that this ends up
881 allocating a few bytes too many, which is ok */
882 vol->password = kzalloc(temp_len, GFP_KERNEL);
883 if(vol->password == NULL) {
884 printk("CIFS: no memory for pass\n");
887 for(i=0,j=0;i<temp_len;i++,j++) {
888 vol->password[j] = value[i];
889 if(value[i] == separator[0]
890 && value[i+1] == separator[0]) {
891 /* skip second comma */
895 vol->password[j] = 0;
897 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
898 if(vol->password == NULL) {
899 printk("CIFS: no memory for pass\n");
902 strcpy(vol->password, value);
904 } else if (strnicmp(data, "ip", 2) == 0) {
905 if (!value || !*value) {
907 } else if (strnlen(value, 35) < 35) {
910 printk(KERN_WARNING "CIFS: ip address too long\n");
913 } else if (strnicmp(data, "sec", 3) == 0) {
914 if (!value || !*value) {
915 cERROR(1,("no security value specified"));
917 } else if (strnicmp(value, "krb5i", 5) == 0) {
918 vol->secFlg |= CIFSSEC_MAY_KRB5 |
920 } else if (strnicmp(value, "krb5p", 5) == 0) {
921 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
923 cERROR(1,("Krb5 cifs privacy not supported"));
925 } else if (strnicmp(value, "krb5", 4) == 0) {
926 vol->secFlg |= CIFSSEC_MAY_KRB5;
927 } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
928 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
930 } else if (strnicmp(value, "ntlmv2", 6) == 0) {
931 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
932 } else if (strnicmp(value, "ntlmi", 5) == 0) {
933 vol->secFlg |= CIFSSEC_MAY_NTLM |
935 } else if (strnicmp(value, "ntlm", 4) == 0) {
936 /* ntlm is default so can be turned off too */
937 vol->secFlg |= CIFSSEC_MAY_NTLM;
938 } else if (strnicmp(value, "nontlm", 6) == 0) {
939 /* BB is there a better way to do this? */
940 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
941 #ifdef CONFIG_CIFS_WEAK_PW_HASH
942 } else if (strnicmp(value, "lanman", 6) == 0) {
943 vol->secFlg |= CIFSSEC_MAY_LANMAN;
945 } else if (strnicmp(value, "none", 4) == 0) {
948 cERROR(1,("bad security option: %s", value));
951 } else if ((strnicmp(data, "unc", 3) == 0)
952 || (strnicmp(data, "target", 6) == 0)
953 || (strnicmp(data, "path", 4) == 0)) {
954 if (!value || !*value) {
956 "CIFS: invalid path to network resource\n");
957 return 1; /* needs_arg; */
959 if ((temp_len = strnlen(value, 300)) < 300) {
960 vol->UNC = kmalloc(temp_len+1,GFP_KERNEL);
963 strcpy(vol->UNC,value);
964 if (strncmp(vol->UNC, "//", 2) == 0) {
967 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
969 "CIFS: UNC Path does not begin with // or \\\\ \n");
973 printk(KERN_WARNING "CIFS: UNC name too long\n");
976 } else if ((strnicmp(data, "domain", 3) == 0)
977 || (strnicmp(data, "workgroup", 5) == 0)) {
978 if (!value || !*value) {
979 printk(KERN_WARNING "CIFS: invalid domain name\n");
980 return 1; /* needs_arg; */
982 /* BB are there cases in which a comma can be valid in
983 a domain name and need special handling? */
984 if (strnlen(value, 256) < 256) {
985 vol->domainname = value;
986 cFYI(1, ("Domain name set"));
988 printk(KERN_WARNING "CIFS: domain name too long\n");
991 } else if (strnicmp(data, "iocharset", 9) == 0) {
992 if (!value || !*value) {
993 printk(KERN_WARNING "CIFS: invalid iocharset specified\n");
994 return 1; /* needs_arg; */
996 if (strnlen(value, 65) < 65) {
997 if(strnicmp(value,"default",7))
998 vol->iocharset = value;
999 /* if iocharset not set load_nls_default used by caller */
1000 cFYI(1, ("iocharset set to %s",value));
1002 printk(KERN_WARNING "CIFS: iocharset name too long.\n");
1005 } else if (strnicmp(data, "uid", 3) == 0) {
1006 if (value && *value) {
1008 simple_strtoul(value, &value, 0);
1010 } else if (strnicmp(data, "gid", 3) == 0) {
1011 if (value && *value) {
1013 simple_strtoul(value, &value, 0);
1015 } else if (strnicmp(data, "file_mode", 4) == 0) {
1016 if (value && *value) {
1018 simple_strtoul(value, &value, 0);
1020 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1021 if (value && *value) {
1023 simple_strtoul(value, &value, 0);
1025 } else if (strnicmp(data, "dirmode", 4) == 0) {
1026 if (value && *value) {
1028 simple_strtoul(value, &value, 0);
1030 } else if (strnicmp(data, "port", 4) == 0) {
1031 if (value && *value) {
1033 simple_strtoul(value, &value, 0);
1035 } else if (strnicmp(data, "rsize", 5) == 0) {
1036 if (value && *value) {
1038 simple_strtoul(value, &value, 0);
1040 } else if (strnicmp(data, "wsize", 5) == 0) {
1041 if (value && *value) {
1043 simple_strtoul(value, &value, 0);
1045 } else if (strnicmp(data, "sockopt", 5) == 0) {
1046 if (value && *value) {
1048 simple_strtoul(value, &value, 0);
1050 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1051 if (!value || !*value || (*value == ' ')) {
1052 cFYI(1,("invalid (empty) netbiosname specified"));
1054 memset(vol->source_rfc1001_name,0x20,15);
1056 /* BB are there cases in which a comma can be
1057 valid in this workstation netbios name (and need
1058 special handling)? */
1060 /* We do not uppercase netbiosname for user */
1064 vol->source_rfc1001_name[i] = value[i];
1066 /* The string has 16th byte zero still from
1067 set at top of the function */
1068 if((i==15) && (value[i] != 0))
1069 printk(KERN_WARNING "CIFS: netbiosname longer than 15 truncated.\n");
1071 } else if (strnicmp(data, "servern", 7) == 0) {
1072 /* servernetbiosname specified override *SMBSERVER */
1073 if (!value || !*value || (*value == ' ')) {
1074 cFYI(1,("empty server netbiosname specified"));
1076 /* last byte, type, is 0x20 for servr type */
1077 memset(vol->target_rfc1001_name,0x20,16);
1080 /* BB are there cases in which a comma can be
1081 valid in this workstation netbios name (and need
1082 special handling)? */
1084 /* user or mount helper must uppercase netbiosname */
1088 vol->target_rfc1001_name[i] = value[i];
1090 /* The string has 16th byte zero still from
1091 set at top of the function */
1092 if((i==15) && (value[i] != 0))
1093 printk(KERN_WARNING "CIFS: server netbiosname longer than 15 truncated.\n");
1095 } else if (strnicmp(data, "credentials", 4) == 0) {
1097 } else if (strnicmp(data, "version", 3) == 0) {
1099 } else if (strnicmp(data, "guest",5) == 0) {
1101 } else if (strnicmp(data, "rw", 2) == 0) {
1103 } else if ((strnicmp(data, "suid", 4) == 0) ||
1104 (strnicmp(data, "nosuid", 6) == 0) ||
1105 (strnicmp(data, "exec", 4) == 0) ||
1106 (strnicmp(data, "noexec", 6) == 0) ||
1107 (strnicmp(data, "nodev", 5) == 0) ||
1108 (strnicmp(data, "noauto", 6) == 0) ||
1109 (strnicmp(data, "dev", 3) == 0)) {
1110 /* The mount tool or mount.cifs helper (if present)
1111 uses these opts to set flags, and the flags are read
1112 by the kernel vfs layer before we get here (ie
1113 before read super) so there is no point trying to
1114 parse these options again and set anything and it
1115 is ok to just ignore them */
1117 } else if (strnicmp(data, "ro", 2) == 0) {
1119 } else if (strnicmp(data, "hard", 4) == 0) {
1121 } else if (strnicmp(data, "soft", 4) == 0) {
1123 } else if (strnicmp(data, "perm", 4) == 0) {
1125 } else if (strnicmp(data, "noperm", 6) == 0) {
1127 } else if (strnicmp(data, "mapchars", 8) == 0) {
1129 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1131 } else if (strnicmp(data, "sfu", 3) == 0) {
1133 } else if (strnicmp(data, "nosfu", 5) == 0) {
1135 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1136 vol->posix_paths = 1;
1137 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1138 vol->posix_paths = 0;
1139 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1140 (strnicmp(data, "ignorecase", 10) == 0)) {
1142 } else if (strnicmp(data, "brl", 3) == 0) {
1144 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1145 (strnicmp(data, "nolock", 6) == 0)) {
1147 /* turn off mandatory locking in mode
1148 if remote locking is turned off since the
1149 local vfs will do advisory */
1150 if(vol->file_mode == (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1151 vol->file_mode = S_IALLUGO;
1152 } else if (strnicmp(data, "setuids", 7) == 0) {
1154 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1156 } else if (strnicmp(data, "nohard", 6) == 0) {
1158 } else if (strnicmp(data, "nosoft", 6) == 0) {
1160 } else if (strnicmp(data, "nointr", 6) == 0) {
1162 } else if (strnicmp(data, "intr", 4) == 0) {
1164 } else if (strnicmp(data, "serverino",7) == 0) {
1165 vol->server_ino = 1;
1166 } else if (strnicmp(data, "noserverino",9) == 0) {
1167 vol->server_ino = 0;
1168 } else if (strnicmp(data, "cifsacl",7) == 0) {
1170 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1172 } else if (strnicmp(data, "acl",3) == 0) {
1173 vol->no_psx_acl = 0;
1174 } else if (strnicmp(data, "noacl",5) == 0) {
1175 vol->no_psx_acl = 1;
1176 } else if (strnicmp(data, "sign",4) == 0) {
1177 vol->secFlg |= CIFSSEC_MUST_SIGN;
1178 /* } else if (strnicmp(data, "seal",4) == 0) {
1179 vol->secFlg |= CIFSSEC_MUST_SEAL; */
1180 } else if (strnicmp(data, "direct",6) == 0) {
1182 } else if (strnicmp(data, "forcedirectio",13) == 0) {
1184 } else if (strnicmp(data, "in6_addr",8) == 0) {
1185 if (!value || !*value) {
1186 vol->in6_addr = NULL;
1187 } else if (strnlen(value, 49) == 48) {
1188 vol->in6_addr = value;
1190 printk(KERN_WARNING "CIFS: ip v6 address not 48 characters long\n");
1193 } else if (strnicmp(data, "noac", 4) == 0) {
1194 printk(KERN_WARNING "CIFS: Mount option noac not supported. Instead set /proc/fs/cifs/LookupCacheEnabled to 0\n");
1196 printk(KERN_WARNING "CIFS: Unknown mount option %s\n",data);
1198 if (vol->UNC == NULL) {
1199 if(devname == NULL) {
1200 printk(KERN_WARNING "CIFS: Missing UNC name for mount target\n");
1203 if ((temp_len = strnlen(devname, 300)) < 300) {
1204 vol->UNC = kmalloc(temp_len+1,GFP_KERNEL);
1205 if(vol->UNC == NULL)
1207 strcpy(vol->UNC,devname);
1208 if (strncmp(vol->UNC, "//", 2) == 0) {
1211 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1212 printk(KERN_WARNING "CIFS: UNC Path does not begin with // or \\\\ \n");
1216 printk(KERN_WARNING "CIFS: UNC name too long\n");
1220 if(vol->UNCip == NULL)
1221 vol->UNCip = &vol->UNC[2];
1226 static struct cifsSesInfo *
1227 cifs_find_tcp_session(struct in_addr * target_ip_addr,
1228 struct in6_addr *target_ip6_addr,
1229 char *userName, struct TCP_Server_Info **psrvTcp)
1231 struct list_head *tmp;
1232 struct cifsSesInfo *ses;
1234 read_lock(&GlobalSMBSeslock);
1236 list_for_each(tmp, &GlobalSMBSessionList) {
1237 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
1239 if((target_ip_addr &&
1240 (ses->server->addr.sockAddr.sin_addr.s_addr
1241 == target_ip_addr->s_addr)) || (target_ip6_addr
1242 && memcmp(&ses->server->addr.sockAddr6.sin6_addr,
1243 target_ip6_addr,sizeof(*target_ip6_addr)))){
1244 /* BB lock server and tcp session and increment use count here?? */
1245 *psrvTcp = ses->server; /* found a match on the TCP session */
1246 /* BB check if reconnection needed */
1248 (ses->userName, userName,
1249 MAX_USERNAME_SIZE) == 0){
1250 read_unlock(&GlobalSMBSeslock);
1251 return ses; /* found exact match on both tcp and SMB sessions */
1255 /* else tcp and smb sessions need reconnection */
1257 read_unlock(&GlobalSMBSeslock);
1261 static struct cifsTconInfo *
1262 find_unc(__be32 new_target_ip_addr, char *uncName, char *userName)
1264 struct list_head *tmp;
1265 struct cifsTconInfo *tcon;
1267 read_lock(&GlobalSMBSeslock);
1268 list_for_each(tmp, &GlobalTreeConnectionList) {
1269 cFYI(1, ("Next tcon - "));
1270 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
1272 if (tcon->ses->server) {
1274 (" old ip addr: %x == new ip %x ?",
1275 tcon->ses->server->addr.sockAddr.sin_addr.
1276 s_addr, new_target_ip_addr));
1277 if (tcon->ses->server->addr.sockAddr.sin_addr.
1278 s_addr == new_target_ip_addr) {
1279 /* BB lock tcon and server and tcp session and increment use count here? */
1280 /* found a match on the TCP session */
1281 /* BB check if reconnection needed */
1282 cFYI(1,("Matched ip, old UNC: %s == new: %s ?",
1283 tcon->treeName, uncName));
1285 (tcon->treeName, uncName,
1286 MAX_TREE_SIZE) == 0) {
1288 ("Matched UNC, old user: %s == new: %s ?",
1289 tcon->treeName, uncName));
1291 (tcon->ses->userName,
1293 MAX_USERNAME_SIZE) == 0) {
1294 read_unlock(&GlobalSMBSeslock);
1295 return tcon;/* also matched user (smb session)*/
1302 read_unlock(&GlobalSMBSeslock);
1307 connect_to_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
1308 const char *old_path, const struct nls_table *nls_codepage,
1311 unsigned char *referrals = NULL;
1312 unsigned int num_referrals;
1315 rc = get_dfs_path(xid, pSesInfo,old_path, nls_codepage,
1316 &num_referrals, &referrals, remap);
1318 /* BB Add in code to: if valid refrl, if not ip address contact
1319 the helper that resolves tcp names, mount to it, try to
1320 tcon to it unmount it if fail */
1328 get_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
1329 const char *old_path, const struct nls_table *nls_codepage,
1330 unsigned int *pnum_referrals,
1331 unsigned char ** preferrals, int remap)
1336 *pnum_referrals = 0;
1338 if (pSesInfo->ipc_tid == 0) {
1339 temp_unc = kmalloc(2 /* for slashes */ +
1340 strnlen(pSesInfo->serverName,SERVER_NAME_LEN_WITH_NULL * 2)
1341 + 1 + 4 /* slash IPC$ */ + 2,
1343 if (temp_unc == NULL)
1347 strcpy(temp_unc + 2, pSesInfo->serverName);
1348 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
1349 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
1351 ("CIFS Tcon rc = %d ipc_tid = %d", rc,pSesInfo->ipc_tid));
1355 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
1356 pnum_referrals, nls_codepage, remap);
1361 /* See RFC1001 section 14 on representation of Netbios names */
1362 static void rfc1002mangle(char * target,char * source, unsigned int length)
1366 for(i=0,j=0;i<(length);i++) {
1367 /* mask a nibble at a time and encode */
1368 target[j] = 'A' + (0x0F & (source[i] >> 4));
1369 target[j+1] = 'A' + (0x0F & source[i]);
1377 ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket,
1378 char * netbios_name, char * target_name)
1382 __be16 orig_port = 0;
1384 if(*csocket == NULL) {
1385 rc = sock_create_kern(PF_INET, SOCK_STREAM, IPPROTO_TCP, csocket);
1387 cERROR(1, ("Error %d creating socket",rc));
1391 /* BB other socket options to set KEEPALIVE, NODELAY? */
1392 cFYI(1,("Socket created"));
1393 (*csocket)->sk->sk_allocation = GFP_NOFS;
1397 psin_server->sin_family = AF_INET;
1398 if(psin_server->sin_port) { /* user overrode default port */
1399 rc = (*csocket)->ops->connect(*csocket,
1400 (struct sockaddr *) psin_server,
1401 sizeof (struct sockaddr_in),0);
1407 /* save original port so we can retry user specified port
1408 later if fall back ports fail this time */
1409 orig_port = psin_server->sin_port;
1411 /* do not retry on the same port we just failed on */
1412 if(psin_server->sin_port != htons(CIFS_PORT)) {
1413 psin_server->sin_port = htons(CIFS_PORT);
1415 rc = (*csocket)->ops->connect(*csocket,
1416 (struct sockaddr *) psin_server,
1417 sizeof (struct sockaddr_in),0);
1423 psin_server->sin_port = htons(RFC1001_PORT);
1424 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1425 psin_server, sizeof (struct sockaddr_in),0);
1430 /* give up here - unless we want to retry on different
1431 protocol families some day */
1434 psin_server->sin_port = orig_port;
1435 cFYI(1,("Error %d connecting to server via ipv4",rc));
1436 sock_release(*csocket);
1440 /* Eventually check for other socket options to change from
1441 the default. sock_setsockopt not used because it expects
1442 user space buffer */
1443 cFYI(1,("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",(*csocket)->sk->sk_sndbuf,
1444 (*csocket)->sk->sk_rcvbuf, (*csocket)->sk->sk_rcvtimeo));
1445 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1446 /* make the bufsizes depend on wsize/rsize and max requests */
1447 if((*csocket)->sk->sk_sndbuf < (200 * 1024))
1448 (*csocket)->sk->sk_sndbuf = 200 * 1024;
1449 if((*csocket)->sk->sk_rcvbuf < (140 * 1024))
1450 (*csocket)->sk->sk_rcvbuf = 140 * 1024;
1452 /* send RFC1001 sessinit */
1453 if(psin_server->sin_port == htons(RFC1001_PORT)) {
1454 /* some servers require RFC1001 sessinit before sending
1455 negprot - BB check reconnection in case where second
1456 sessinit is sent but no second negprot */
1457 struct rfc1002_session_packet * ses_init_buf;
1458 struct smb_hdr * smb_buf;
1459 ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet), GFP_KERNEL);
1461 ses_init_buf->trailer.session_req.called_len = 32;
1462 if(target_name && (target_name[0] != 0)) {
1463 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1466 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1467 DEFAULT_CIFS_CALLED_NAME,16);
1470 ses_init_buf->trailer.session_req.calling_len = 32;
1471 /* calling name ends in null (byte 16) from old smb
1473 if(netbios_name && (netbios_name[0] !=0)) {
1474 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1477 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1478 "LINUX_CIFS_CLNT",16);
1480 ses_init_buf->trailer.session_req.scope1 = 0;
1481 ses_init_buf->trailer.session_req.scope2 = 0;
1482 smb_buf = (struct smb_hdr *)ses_init_buf;
1483 /* sizeof RFC1002_SESSION_REQUEST with no scope */
1484 smb_buf->smb_buf_length = 0x81000044;
1485 rc = smb_send(*csocket, smb_buf, 0x44,
1486 (struct sockaddr *)psin_server);
1487 kfree(ses_init_buf);
1488 msleep(1); /* RFC1001 layer in at least one server
1489 requires very short break before negprot
1490 presumably because not expecting negprot
1491 to follow so fast. This is a simple
1492 solution that works without
1493 complicating the code and causes no
1494 significant slowing down on mount
1495 for everyone else */
1497 /* else the negprot may still work without this
1498 even though malloc failed */
1506 ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket)
1510 __be16 orig_port = 0;
1512 if(*csocket == NULL) {
1513 rc = sock_create_kern(PF_INET6, SOCK_STREAM, IPPROTO_TCP, csocket);
1515 cERROR(1, ("Error %d creating ipv6 socket",rc));
1519 /* BB other socket options to set KEEPALIVE, NODELAY? */
1520 cFYI(1,("ipv6 Socket created"));
1521 (*csocket)->sk->sk_allocation = GFP_NOFS;
1525 psin_server->sin6_family = AF_INET6;
1527 if(psin_server->sin6_port) { /* user overrode default port */
1528 rc = (*csocket)->ops->connect(*csocket,
1529 (struct sockaddr *) psin_server,
1530 sizeof (struct sockaddr_in6),0);
1536 /* save original port so we can retry user specified port
1537 later if fall back ports fail this time */
1539 orig_port = psin_server->sin6_port;
1540 /* do not retry on the same port we just failed on */
1541 if(psin_server->sin6_port != htons(CIFS_PORT)) {
1542 psin_server->sin6_port = htons(CIFS_PORT);
1544 rc = (*csocket)->ops->connect(*csocket,
1545 (struct sockaddr *) psin_server,
1546 sizeof (struct sockaddr_in6),0);
1552 psin_server->sin6_port = htons(RFC1001_PORT);
1553 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1554 psin_server, sizeof (struct sockaddr_in6),0);
1559 /* give up here - unless we want to retry on different
1560 protocol families some day */
1563 psin_server->sin6_port = orig_port;
1564 cFYI(1,("Error %d connecting to server via ipv6",rc));
1565 sock_release(*csocket);
1569 /* Eventually check for other socket options to change from
1570 the default. sock_setsockopt not used because it expects
1571 user space buffer */
1572 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1578 cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
1579 char *mount_data, const char *devname)
1583 int address_type = AF_INET;
1584 struct socket *csocket = NULL;
1585 struct sockaddr_in sin_server;
1586 struct sockaddr_in6 sin_server6;
1587 struct smb_vol volume_info;
1588 struct cifsSesInfo *pSesInfo = NULL;
1589 struct cifsSesInfo *existingCifsSes = NULL;
1590 struct cifsTconInfo *tcon = NULL;
1591 struct TCP_Server_Info *srvTcp = NULL;
1595 /* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */
1597 memset(&volume_info,0,sizeof(struct smb_vol));
1598 if (cifs_parse_mount_options(mount_data, devname, &volume_info)) {
1599 kfree(volume_info.UNC);
1600 kfree(volume_info.password);
1605 if (volume_info.username) {
1606 /* BB fixme parse for domain name here */
1607 cFYI(1, ("Username: %s ", volume_info.username));
1610 cifserror("No username specified");
1611 /* In userspace mount helper we can get user name from alternate
1612 locations such as env variables and files on disk */
1613 kfree(volume_info.UNC);
1614 kfree(volume_info.password);
1619 if (volume_info.UNCip && volume_info.UNC) {
1620 rc = cifs_inet_pton(AF_INET, volume_info.UNCip,&sin_server.sin_addr.s_addr);
1623 /* not ipv4 address, try ipv6 */
1624 rc = cifs_inet_pton(AF_INET6,volume_info.UNCip,&sin_server6.sin6_addr.in6_u);
1626 address_type = AF_INET6;
1628 address_type = AF_INET;
1632 /* we failed translating address */
1633 kfree(volume_info.UNC);
1634 kfree(volume_info.password);
1639 cFYI(1, ("UNC: %s ip: %s", volume_info.UNC, volume_info.UNCip));
1642 } else if (volume_info.UNCip){
1643 /* BB using ip addr as server name connect to the DFS root below */
1644 cERROR(1,("Connecting to DFS root not implemented yet"));
1645 kfree(volume_info.UNC);
1646 kfree(volume_info.password);
1649 } else /* which servers DFS root would we conect to */ {
1651 ("CIFS mount error: No UNC path (e.g. -o unc=//192.168.1.100/public) specified"));
1652 kfree(volume_info.UNC);
1653 kfree(volume_info.password);
1658 /* this is needed for ASCII cp to Unicode converts */
1659 if(volume_info.iocharset == NULL) {
1660 cifs_sb->local_nls = load_nls_default();
1661 /* load_nls_default can not return null */
1663 cifs_sb->local_nls = load_nls(volume_info.iocharset);
1664 if(cifs_sb->local_nls == NULL) {
1665 cERROR(1,("CIFS mount error: iocharset %s not found",volume_info.iocharset));
1666 kfree(volume_info.UNC);
1667 kfree(volume_info.password);
1673 if(address_type == AF_INET)
1674 existingCifsSes = cifs_find_tcp_session(&sin_server.sin_addr,
1675 NULL /* no ipv6 addr */,
1676 volume_info.username, &srvTcp);
1677 else if(address_type == AF_INET6)
1678 existingCifsSes = cifs_find_tcp_session(NULL /* no ipv4 addr */,
1679 &sin_server6.sin6_addr,
1680 volume_info.username, &srvTcp);
1682 kfree(volume_info.UNC);
1683 kfree(volume_info.password);
1690 cFYI(1, ("Existing tcp session with server found"));
1691 } else { /* create socket */
1692 if(volume_info.port)
1693 sin_server.sin_port = htons(volume_info.port);
1695 sin_server.sin_port = 0;
1696 rc = ipv4_connect(&sin_server,&csocket,
1697 volume_info.source_rfc1001_name,
1698 volume_info.target_rfc1001_name);
1701 ("Error connecting to IPv4 socket. Aborting operation"));
1703 sock_release(csocket);
1704 kfree(volume_info.UNC);
1705 kfree(volume_info.password);
1710 srvTcp = kmalloc(sizeof (struct TCP_Server_Info), GFP_KERNEL);
1711 if (srvTcp == NULL) {
1713 sock_release(csocket);
1714 kfree(volume_info.UNC);
1715 kfree(volume_info.password);
1719 memset(srvTcp, 0, sizeof (struct TCP_Server_Info));
1720 memcpy(&srvTcp->addr.sockAddr, &sin_server, sizeof (struct sockaddr_in));
1721 atomic_set(&srvTcp->inFlight,0);
1722 /* BB Add code for ipv6 case too */
1723 srvTcp->ssocket = csocket;
1724 srvTcp->protocolType = IPV4;
1725 init_waitqueue_head(&srvTcp->response_q);
1726 init_waitqueue_head(&srvTcp->request_q);
1727 INIT_LIST_HEAD(&srvTcp->pending_mid_q);
1728 /* at this point we are the only ones with the pointer
1729 to the struct since the kernel thread not created yet
1730 so no need to spinlock this init of tcpStatus */
1731 srvTcp->tcpStatus = CifsNew;
1732 init_MUTEX(&srvTcp->tcpSem);
1733 rc = (int)kernel_thread((void *)(void *)cifs_demultiplex_thread, srvTcp,
1734 CLONE_FS | CLONE_FILES | CLONE_VM);
1737 sock_release(csocket);
1738 kfree(volume_info.UNC);
1739 kfree(volume_info.password);
1743 wait_for_completion(&cifsd_complete);
1745 memcpy(srvTcp->workstation_RFC1001_name, volume_info.source_rfc1001_name,16);
1746 memcpy(srvTcp->server_RFC1001_name, volume_info.target_rfc1001_name,16);
1747 srvTcp->sequence_number = 0;
1751 if (existingCifsSes) {
1752 pSesInfo = existingCifsSes;
1753 cFYI(1, ("Existing smb sess found"));
1754 kfree(volume_info.password);
1755 /* volume_info.UNC freed at end of function */
1757 cFYI(1, ("Existing smb sess not found"));
1758 pSesInfo = sesInfoAlloc();
1759 if (pSesInfo == NULL)
1762 pSesInfo->server = srvTcp;
1763 sprintf(pSesInfo->serverName, "%u.%u.%u.%u",
1764 NIPQUAD(sin_server.sin_addr.s_addr));
1768 /* volume_info.password freed at unmount */
1769 if (volume_info.password)
1770 pSesInfo->password = volume_info.password;
1771 if (volume_info.username)
1772 strncpy(pSesInfo->userName,
1773 volume_info.username,MAX_USERNAME_SIZE);
1774 if (volume_info.domainname) {
1775 int len = strlen(volume_info.domainname);
1776 pSesInfo->domainName =
1777 kmalloc(len + 1, GFP_KERNEL);
1778 if(pSesInfo->domainName)
1779 strcpy(pSesInfo->domainName,
1780 volume_info.domainname);
1782 pSesInfo->linux_uid = volume_info.linux_uid;
1783 pSesInfo->overrideSecFlg = volume_info.secFlg;
1784 down(&pSesInfo->sesSem);
1785 /* BB FIXME need to pass vol->secFlgs BB */
1786 rc = cifs_setup_session(xid,pSesInfo, cifs_sb->local_nls);
1787 up(&pSesInfo->sesSem);
1789 atomic_inc(&srvTcp->socketUseCount);
1791 kfree(volume_info.password);
1794 /* search for existing tcon to this server share */
1796 if(volume_info.rsize > CIFSMaxBufSize) {
1797 cERROR(1,("rsize %d too large, using MaxBufSize",
1798 volume_info.rsize));
1799 cifs_sb->rsize = CIFSMaxBufSize;
1800 } else if((volume_info.rsize) && (volume_info.rsize <= CIFSMaxBufSize))
1801 cifs_sb->rsize = volume_info.rsize;
1803 cifs_sb->rsize = CIFSMaxBufSize;
1805 if(volume_info.wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
1806 cERROR(1,("wsize %d too large using 4096 instead",
1807 volume_info.wsize));
1808 cifs_sb->wsize = 4096;
1809 } else if(volume_info.wsize)
1810 cifs_sb->wsize = volume_info.wsize;
1813 min_t(const int, PAGEVEC_SIZE * PAGE_CACHE_SIZE,
1815 /* old default of CIFSMaxBufSize was too small now
1816 that SMB Write2 can send multiple pages in kvec.
1817 RFC1001 does not describe what happens when frame
1818 bigger than 128K is sent so use that as max in
1819 conjunction with 52K kvec constraint on arch with 4K
1822 if(cifs_sb->rsize < 2048) {
1823 cifs_sb->rsize = 2048;
1824 /* Windows ME may prefer this */
1825 cFYI(1,("readsize set to minimum 2048"));
1827 cifs_sb->mnt_uid = volume_info.linux_uid;
1828 cifs_sb->mnt_gid = volume_info.linux_gid;
1829 cifs_sb->mnt_file_mode = volume_info.file_mode;
1830 cifs_sb->mnt_dir_mode = volume_info.dir_mode;
1831 cFYI(1,("file mode: 0x%x dir mode: 0x%x",
1832 cifs_sb->mnt_file_mode,cifs_sb->mnt_dir_mode));
1834 if(volume_info.noperm)
1835 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
1836 if(volume_info.setuids)
1837 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
1838 if(volume_info.server_ino)
1839 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
1840 if(volume_info.remap)
1841 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
1842 if(volume_info.no_xattr)
1843 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
1844 if(volume_info.sfu_emul)
1845 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
1846 if(volume_info.nobrl)
1847 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
1848 if(volume_info.cifs_acl)
1849 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
1851 if(volume_info.direct_io) {
1852 cFYI(1,("mounting share using direct i/o"));
1853 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
1857 find_unc(sin_server.sin_addr.s_addr, volume_info.UNC,
1858 volume_info.username);
1860 cFYI(1, ("Found match on UNC path"));
1861 /* we can have only one retry value for a connection
1862 to a share so for resources mounted more than once
1863 to the same server share the last value passed in
1864 for the retry flag is used */
1865 tcon->retry = volume_info.retry;
1866 tcon->nocase = volume_info.nocase;
1868 tcon = tconInfoAlloc();
1872 /* check for null share name ie connect to dfs root */
1874 /* BB check if this works for exactly length three strings */
1875 if ((strchr(volume_info.UNC + 3, '\\') == NULL)
1876 && (strchr(volume_info.UNC + 3, '/') ==
1878 rc = connect_to_dfs_path(xid, pSesInfo,
1879 "", cifs_sb->local_nls,
1880 cifs_sb->mnt_cifs_flags &
1881 CIFS_MOUNT_MAP_SPECIAL_CHR);
1882 kfree(volume_info.UNC);
1886 rc = CIFSTCon(xid, pSesInfo,
1888 tcon, cifs_sb->local_nls);
1889 cFYI(1, ("CIFS Tcon rc = %d", rc));
1892 atomic_inc(&pSesInfo->inUse);
1893 tcon->retry = volume_info.retry;
1894 tcon->nocase = volume_info.nocase;
1900 if (pSesInfo->capabilities & CAP_LARGE_FILES) {
1901 sb->s_maxbytes = (u64) 1 << 63;
1903 sb->s_maxbytes = (u64) 1 << 31; /* 2 GB */
1906 sb->s_time_gran = 100;
1908 /* on error free sesinfo and tcon struct if needed */
1910 /* if session setup failed, use count is zero but
1911 we still need to free cifsd thread */
1912 if(atomic_read(&srvTcp->socketUseCount) == 0) {
1913 spin_lock(&GlobalMid_Lock);
1914 srvTcp->tcpStatus = CifsExiting;
1915 spin_unlock(&GlobalMid_Lock);
1917 send_sig(SIGKILL,srvTcp->tsk,1);
1918 wait_for_completion(&cifsd_complete);
1921 /* If find_unc succeeded then rc == 0 so we can not end */
1922 if (tcon) /* up accidently freeing someone elses tcon struct */
1924 if (existingCifsSes == NULL) {
1926 if ((pSesInfo->server) &&
1927 (pSesInfo->status == CifsGood)) {
1929 temp_rc = CIFSSMBLogoff(xid, pSesInfo);
1930 /* if the socketUseCount is now zero */
1931 if((temp_rc == -ESHUTDOWN) &&
1932 (pSesInfo->server->tsk)) {
1933 send_sig(SIGKILL,pSesInfo->server->tsk,1);
1934 wait_for_completion(&cifsd_complete);
1937 cFYI(1, ("No session or bad tcon"));
1938 sesInfoFree(pSesInfo);
1939 /* pSesInfo = NULL; */
1943 atomic_inc(&tcon->useCount);
1944 cifs_sb->tcon = tcon;
1945 tcon->ses = pSesInfo;
1947 /* do not care if following two calls succeed - informational */
1948 CIFSSMBQFSDeviceInfo(xid, tcon);
1949 CIFSSMBQFSAttributeInfo(xid, tcon);
1951 if (tcon->ses->capabilities & CAP_UNIX) {
1952 if(!CIFSSMBQFSUnixInfo(xid, tcon)) {
1954 le64_to_cpu(tcon->fsUnixInfo.Capability);
1955 cap &= CIFS_UNIX_CAP_MASK;
1956 if(volume_info.no_psx_acl)
1957 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
1958 else if(CIFS_UNIX_POSIX_ACL_CAP & cap) {
1959 cFYI(1,("negotiated posix acl support"));
1960 sb->s_flags |= MS_POSIXACL;
1963 if(volume_info.posix_paths == 0)
1964 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
1965 else if(cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
1966 cFYI(1,("negotiate posix pathnames"));
1967 cifs_sb->mnt_cifs_flags |=
1968 CIFS_MOUNT_POSIX_PATHS;
1971 cFYI(1,("Negotiate caps 0x%x",(int)cap));
1973 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
1974 cFYI(1,("setting capabilities failed"));
1978 if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
1979 cifs_sb->wsize = min(cifs_sb->wsize,
1980 (tcon->ses->server->maxBuf -
1981 MAX_CIFS_HDR_SIZE));
1982 if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
1983 cifs_sb->rsize = min(cifs_sb->rsize,
1984 (tcon->ses->server->maxBuf -
1985 MAX_CIFS_HDR_SIZE));
1988 /* volume_info.password is freed above when existing session found
1989 (in which case it is not needed anymore) but when new sesion is created
1990 the password ptr is put in the new session structure (in which case the
1991 password will be freed at unmount time) */
1992 kfree(volume_info.UNC);
1998 CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
1999 char session_key[CIFS_SESS_KEY_SIZE],
2000 const struct nls_table *nls_codepage)
2002 struct smb_hdr *smb_buffer;
2003 struct smb_hdr *smb_buffer_response;
2004 SESSION_SETUP_ANDX *pSMB;
2005 SESSION_SETUP_ANDX *pSMBr;
2010 int remaining_words = 0;
2011 int bytes_returned = 0;
2016 cFYI(1, ("In sesssetup"));
2019 user = ses->userName;
2020 domain = ses->domainName;
2021 smb_buffer = cifs_buf_get();
2022 if (smb_buffer == NULL) {
2025 smb_buffer_response = smb_buffer;
2026 pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2028 /* send SMBsessionSetup here */
2029 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2030 NULL /* no tCon exists yet */ , 13 /* wct */ );
2032 smb_buffer->Mid = GetNextMid(ses->server);
2033 pSMB->req_no_secext.AndXCommand = 0xFF;
2034 pSMB->req_no_secext.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2035 pSMB->req_no_secext.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2037 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2038 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2040 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2041 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
2042 if (ses->capabilities & CAP_UNICODE) {
2043 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2044 capabilities |= CAP_UNICODE;
2046 if (ses->capabilities & CAP_STATUS32) {
2047 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2048 capabilities |= CAP_STATUS32;
2050 if (ses->capabilities & CAP_DFS) {
2051 smb_buffer->Flags2 |= SMBFLG2_DFS;
2052 capabilities |= CAP_DFS;
2054 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
2056 pSMB->req_no_secext.CaseInsensitivePasswordLength =
2057 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2059 pSMB->req_no_secext.CaseSensitivePasswordLength =
2060 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2061 bcc_ptr = pByteArea(smb_buffer);
2062 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2063 bcc_ptr += CIFS_SESS_KEY_SIZE;
2064 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2065 bcc_ptr += CIFS_SESS_KEY_SIZE;
2067 if (ses->capabilities & CAP_UNICODE) {
2068 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode */
2073 bytes_returned = 0; /* skip null user */
2076 cifs_strtoUCS((__le16 *) bcc_ptr, user, 100,
2078 /* convert number of 16 bit words to bytes */
2079 bcc_ptr += 2 * bytes_returned;
2080 bcc_ptr += 2; /* trailing null */
2083 cifs_strtoUCS((__le16 *) bcc_ptr,
2084 "CIFS_LINUX_DOM", 32, nls_codepage);
2087 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2089 bcc_ptr += 2 * bytes_returned;
2092 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2094 bcc_ptr += 2 * bytes_returned;
2096 cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release,
2098 bcc_ptr += 2 * bytes_returned;
2101 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2103 bcc_ptr += 2 * bytes_returned;
2107 strncpy(bcc_ptr, user, 200);
2108 bcc_ptr += strnlen(user, 200);
2112 if (domain == NULL) {
2113 strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2114 bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2116 strncpy(bcc_ptr, domain, 64);
2117 bcc_ptr += strnlen(domain, 64);
2121 strcpy(bcc_ptr, "Linux version ");
2122 bcc_ptr += strlen("Linux version ");
2123 strcpy(bcc_ptr, system_utsname.release);
2124 bcc_ptr += strlen(system_utsname.release) + 1;
2125 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2126 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2128 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2129 smb_buffer->smb_buf_length += count;
2130 pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
2132 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2133 &bytes_returned, 1);
2135 /* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2136 } else if ((smb_buffer_response->WordCount == 3)
2137 || (smb_buffer_response->WordCount == 4)) {
2138 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2139 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2140 if (action & GUEST_LOGIN)
2141 cFYI(1, (" Guest login")); /* do we want to mark SesInfo struct ? */
2142 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format (le) */
2143 cFYI(1, ("UID = %d ", ses->Suid));
2144 /* response can have either 3 or 4 word count - Samba sends 3 */
2145 bcc_ptr = pByteArea(smb_buffer_response);
2146 if ((pSMBr->resp.hdr.WordCount == 3)
2147 || ((pSMBr->resp.hdr.WordCount == 4)
2148 && (blob_len < pSMBr->resp.ByteCount))) {
2149 if (pSMBr->resp.hdr.WordCount == 4)
2150 bcc_ptr += blob_len;
2152 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2153 if ((long) (bcc_ptr) % 2) {
2155 (BCC(smb_buffer_response) - 1) /2;
2156 bcc_ptr++; /* Unicode strings must be word aligned */
2159 BCC(smb_buffer_response) / 2;
2162 UniStrnlen((wchar_t *) bcc_ptr,
2163 remaining_words - 1);
2164 /* We look for obvious messed up bcc or strings in response so we do not go off
2165 the end since (at least) WIN2K and Windows XP have a major bug in not null
2166 terminating last Unicode string in response */
2168 kfree(ses->serverOS);
2169 ses->serverOS = kzalloc(2 * (len + 1), GFP_KERNEL);
2170 if(ses->serverOS == NULL)
2171 goto sesssetup_nomem;
2172 cifs_strfromUCS_le(ses->serverOS,
2173 (__le16 *)bcc_ptr, len,nls_codepage);
2174 bcc_ptr += 2 * (len + 1);
2175 remaining_words -= len + 1;
2176 ses->serverOS[2 * len] = 0;
2177 ses->serverOS[1 + (2 * len)] = 0;
2178 if (remaining_words > 0) {
2179 len = UniStrnlen((wchar_t *)bcc_ptr,
2181 kfree(ses->serverNOS);
2182 ses->serverNOS = kzalloc(2 * (len + 1),GFP_KERNEL);
2183 if(ses->serverNOS == NULL)
2184 goto sesssetup_nomem;
2185 cifs_strfromUCS_le(ses->serverNOS,
2186 (__le16 *)bcc_ptr,len,nls_codepage);
2187 bcc_ptr += 2 * (len + 1);
2188 ses->serverNOS[2 * len] = 0;
2189 ses->serverNOS[1 + (2 * len)] = 0;
2190 if(strncmp(ses->serverNOS,
2191 "NT LAN Manager 4",16) == 0) {
2192 cFYI(1,("NT4 server"));
2193 ses->flags |= CIFS_SES_NT4;
2195 remaining_words -= len + 1;
2196 if (remaining_words > 0) {
2197 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2198 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2199 if(ses->serverDomain)
2200 kfree(ses->serverDomain);
2202 kzalloc(2*(len+1),GFP_KERNEL);
2203 if(ses->serverDomain == NULL)
2204 goto sesssetup_nomem;
2205 cifs_strfromUCS_le(ses->serverDomain,
2206 (__le16 *)bcc_ptr,len,nls_codepage);
2207 bcc_ptr += 2 * (len + 1);
2208 ses->serverDomain[2*len] = 0;
2209 ses->serverDomain[1+(2*len)] = 0;
2210 } /* else no more room so create dummy domain string */
2212 if(ses->serverDomain)
2213 kfree(ses->serverDomain);
2215 kzalloc(2, GFP_KERNEL);
2217 } else { /* no room so create dummy domain and NOS string */
2218 /* if these kcallocs fail not much we
2219 can do, but better to not fail the
2221 kfree(ses->serverDomain);
2223 kzalloc(2, GFP_KERNEL);
2224 kfree(ses->serverNOS);
2226 kzalloc(2, GFP_KERNEL);
2228 } else { /* ASCII */
2229 len = strnlen(bcc_ptr, 1024);
2230 if (((long) bcc_ptr + len) - (long)
2231 pByteArea(smb_buffer_response)
2232 <= BCC(smb_buffer_response)) {
2233 kfree(ses->serverOS);
2234 ses->serverOS = kzalloc(len + 1,GFP_KERNEL);
2235 if(ses->serverOS == NULL)
2236 goto sesssetup_nomem;
2237 strncpy(ses->serverOS,bcc_ptr, len);
2240 bcc_ptr[0] = 0; /* null terminate the string */
2243 len = strnlen(bcc_ptr, 1024);
2244 kfree(ses->serverNOS);
2245 ses->serverNOS = kzalloc(len + 1,GFP_KERNEL);
2246 if(ses->serverNOS == NULL)
2247 goto sesssetup_nomem;
2248 strncpy(ses->serverNOS, bcc_ptr, len);
2253 len = strnlen(bcc_ptr, 1024);
2254 if(ses->serverDomain)
2255 kfree(ses->serverDomain);
2256 ses->serverDomain = kzalloc(len + 1,GFP_KERNEL);
2257 if(ses->serverDomain == NULL)
2258 goto sesssetup_nomem;
2259 strncpy(ses->serverDomain, bcc_ptr, len);
2265 ("Variable field of length %d extends beyond end of smb ",
2270 (" Security Blob Length extends beyond end of SMB"));
2274 (" Invalid Word count %d: ",
2275 smb_buffer_response->WordCount));
2278 sesssetup_nomem: /* do not return an error on nomem for the info strings,
2279 since that could make reconnection harder, and
2280 reconnection might be needed to free memory */
2282 cifs_buf_release(smb_buffer);
2288 CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2289 struct cifsSesInfo *ses, int * pNTLMv2_flag,
2290 const struct nls_table *nls_codepage)
2292 struct smb_hdr *smb_buffer;
2293 struct smb_hdr *smb_buffer_response;
2294 SESSION_SETUP_ANDX *pSMB;
2295 SESSION_SETUP_ANDX *pSMBr;
2299 int remaining_words = 0;
2300 int bytes_returned = 0;
2302 int SecurityBlobLength = sizeof (NEGOTIATE_MESSAGE);
2303 PNEGOTIATE_MESSAGE SecurityBlob;
2304 PCHALLENGE_MESSAGE SecurityBlob2;
2305 __u32 negotiate_flags, capabilities;
2308 cFYI(1, ("In NTLMSSP sesssetup (negotiate)"));
2311 domain = ses->domainName;
2312 *pNTLMv2_flag = FALSE;
2313 smb_buffer = cifs_buf_get();
2314 if (smb_buffer == NULL) {
2317 smb_buffer_response = smb_buffer;
2318 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2319 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2321 /* send SMBsessionSetup here */
2322 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2323 NULL /* no tCon exists yet */ , 12 /* wct */ );
2325 smb_buffer->Mid = GetNextMid(ses->server);
2326 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2327 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2329 pSMB->req.AndXCommand = 0xFF;
2330 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2331 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2333 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2334 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2336 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2337 CAP_EXTENDED_SECURITY;
2338 if (ses->capabilities & CAP_UNICODE) {
2339 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2340 capabilities |= CAP_UNICODE;
2342 if (ses->capabilities & CAP_STATUS32) {
2343 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2344 capabilities |= CAP_STATUS32;
2346 if (ses->capabilities & CAP_DFS) {
2347 smb_buffer->Flags2 |= SMBFLG2_DFS;
2348 capabilities |= CAP_DFS;
2350 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2352 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2353 SecurityBlob = (PNEGOTIATE_MESSAGE) bcc_ptr;
2354 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2355 SecurityBlob->MessageType = NtLmNegotiate;
2357 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
2358 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM |
2359 NTLMSSP_NEGOTIATE_56 |
2360 /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
2362 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
2363 /* if(ntlmv2_support)
2364 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;*/
2365 /* setup pointers to domain name and workstation name */
2366 bcc_ptr += SecurityBlobLength;
2368 SecurityBlob->WorkstationName.Buffer = 0;
2369 SecurityBlob->WorkstationName.Length = 0;
2370 SecurityBlob->WorkstationName.MaximumLength = 0;
2372 /* Domain not sent on first Sesssetup in NTLMSSP, instead it is sent
2373 along with username on auth request (ie the response to challenge) */
2374 SecurityBlob->DomainName.Buffer = 0;
2375 SecurityBlob->DomainName.Length = 0;
2376 SecurityBlob->DomainName.MaximumLength = 0;
2377 if (ses->capabilities & CAP_UNICODE) {
2378 if ((long) bcc_ptr % 2) {
2384 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2386 bcc_ptr += 2 * bytes_returned;
2388 cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release, 32,
2390 bcc_ptr += 2 * bytes_returned;
2391 bcc_ptr += 2; /* null terminate Linux version */
2393 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2395 bcc_ptr += 2 * bytes_returned;
2398 bcc_ptr += 2; /* null terminate network opsys string */
2401 bcc_ptr += 2; /* null domain */
2402 } else { /* ASCII */
2403 strcpy(bcc_ptr, "Linux version ");
2404 bcc_ptr += strlen("Linux version ");
2405 strcpy(bcc_ptr, system_utsname.release);
2406 bcc_ptr += strlen(system_utsname.release) + 1;
2407 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2408 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2409 bcc_ptr++; /* empty domain field */
2412 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2413 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2414 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2415 smb_buffer->smb_buf_length += count;
2416 pSMB->req.ByteCount = cpu_to_le16(count);
2418 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2419 &bytes_returned, 1);
2421 if (smb_buffer_response->Status.CifsError ==
2422 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
2426 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2427 } else if ((smb_buffer_response->WordCount == 3)
2428 || (smb_buffer_response->WordCount == 4)) {
2429 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2430 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2432 if (action & GUEST_LOGIN)
2433 cFYI(1, (" Guest login"));
2434 /* Do we want to set anything in SesInfo struct when guest login? */
2436 bcc_ptr = pByteArea(smb_buffer_response);
2437 /* response can have either 3 or 4 word count - Samba sends 3 */
2439 SecurityBlob2 = (PCHALLENGE_MESSAGE) bcc_ptr;
2440 if (SecurityBlob2->MessageType != NtLmChallenge) {
2442 ("Unexpected NTLMSSP message type received %d",
2443 SecurityBlob2->MessageType));
2445 ses->Suid = smb_buffer_response->Uid; /* UID left in le format */
2446 cFYI(1, ("UID = %d", ses->Suid));
2447 if ((pSMBr->resp.hdr.WordCount == 3)
2448 || ((pSMBr->resp.hdr.WordCount == 4)
2450 pSMBr->resp.ByteCount))) {
2452 if (pSMBr->resp.hdr.WordCount == 4) {
2453 bcc_ptr += blob_len;
2454 cFYI(1, ("Security Blob Length %d",
2458 cFYI(1, ("NTLMSSP Challenge rcvd"));
2460 memcpy(ses->server->cryptKey,
2461 SecurityBlob2->Challenge,
2462 CIFS_CRYPTO_KEY_SIZE);
2463 if(SecurityBlob2->NegotiateFlags &
2464 cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
2465 *pNTLMv2_flag = TRUE;
2467 if((SecurityBlob2->NegotiateFlags &
2468 cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN))
2469 || (sign_CIFS_PDUs > 1))
2470 ses->server->secMode |=
2471 SECMODE_SIGN_REQUIRED;
2472 if ((SecurityBlob2->NegotiateFlags &
2473 cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN)) && (sign_CIFS_PDUs))
2474 ses->server->secMode |=
2475 SECMODE_SIGN_ENABLED;
2477 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2478 if ((long) (bcc_ptr) % 2) {
2480 (BCC(smb_buffer_response)
2482 bcc_ptr++; /* Unicode strings must be word aligned */
2486 (smb_buffer_response) / 2;
2489 UniStrnlen((wchar_t *) bcc_ptr,
2490 remaining_words - 1);
2491 /* We look for obvious messed up bcc or strings in response so we do not go off
2492 the end since (at least) WIN2K and Windows XP have a major bug in not null
2493 terminating last Unicode string in response */
2495 kfree(ses->serverOS);
2497 kzalloc(2 * (len + 1), GFP_KERNEL);
2498 cifs_strfromUCS_le(ses->serverOS,
2502 bcc_ptr += 2 * (len + 1);
2503 remaining_words -= len + 1;
2504 ses->serverOS[2 * len] = 0;
2505 ses->serverOS[1 + (2 * len)] = 0;
2506 if (remaining_words > 0) {
2507 len = UniStrnlen((wchar_t *)
2511 kfree(ses->serverNOS);
2513 kzalloc(2 * (len + 1),
2515 cifs_strfromUCS_le(ses->
2521 bcc_ptr += 2 * (len + 1);
2522 ses->serverNOS[2 * len] = 0;
2525 remaining_words -= len + 1;
2526 if (remaining_words > 0) {
2527 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2528 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2529 kfree(ses->serverDomain);
2541 ses->serverDomain[2*len]
2546 } /* else no more room so create dummy domain string */
2548 kfree(ses->serverDomain);
2553 } else { /* no room so create dummy domain and NOS string */
2554 kfree(ses->serverDomain);
2556 kzalloc(2, GFP_KERNEL);
2557 kfree(ses->serverNOS);
2559 kzalloc(2, GFP_KERNEL);
2561 } else { /* ASCII */
2562 len = strnlen(bcc_ptr, 1024);
2563 if (((long) bcc_ptr + len) - (long)
2564 pByteArea(smb_buffer_response)
2565 <= BCC(smb_buffer_response)) {
2567 kfree(ses->serverOS);
2571 strncpy(ses->serverOS,
2575 bcc_ptr[0] = 0; /* null terminate string */
2578 len = strnlen(bcc_ptr, 1024);
2579 kfree(ses->serverNOS);
2583 strncpy(ses->serverNOS, bcc_ptr, len);
2588 len = strnlen(bcc_ptr, 1024);
2589 kfree(ses->serverDomain);
2593 strncpy(ses->serverDomain, bcc_ptr, len);
2599 ("Variable field of length %d extends beyond end of smb",
2604 (" Security Blob Length extends beyond end of SMB"));
2607 cERROR(1, ("No session structure passed in."));
2611 (" Invalid Word count %d:",
2612 smb_buffer_response->WordCount));
2617 cifs_buf_release(smb_buffer);
2622 CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2623 char *ntlm_session_key, int ntlmv2_flag,
2624 const struct nls_table *nls_codepage)
2626 struct smb_hdr *smb_buffer;
2627 struct smb_hdr *smb_buffer_response;
2628 SESSION_SETUP_ANDX *pSMB;
2629 SESSION_SETUP_ANDX *pSMBr;
2634 int remaining_words = 0;
2635 int bytes_returned = 0;
2637 int SecurityBlobLength = sizeof (AUTHENTICATE_MESSAGE);
2638 PAUTHENTICATE_MESSAGE SecurityBlob;
2639 __u32 negotiate_flags, capabilities;
2642 cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
2645 user = ses->userName;
2646 domain = ses->domainName;
2647 smb_buffer = cifs_buf_get();
2648 if (smb_buffer == NULL) {
2651 smb_buffer_response = smb_buffer;
2652 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2653 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2655 /* send SMBsessionSetup here */
2656 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2657 NULL /* no tCon exists yet */ , 12 /* wct */ );
2659 smb_buffer->Mid = GetNextMid(ses->server);
2660 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2661 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2662 pSMB->req.AndXCommand = 0xFF;
2663 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2664 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2666 pSMB->req.hdr.Uid = ses->Suid;
2668 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2669 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2671 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2672 CAP_EXTENDED_SECURITY;
2673 if (ses->capabilities & CAP_UNICODE) {
2674 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2675 capabilities |= CAP_UNICODE;
2677 if (ses->capabilities & CAP_STATUS32) {
2678 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2679 capabilities |= CAP_STATUS32;
2681 if (ses->capabilities & CAP_DFS) {
2682 smb_buffer->Flags2 |= SMBFLG2_DFS;
2683 capabilities |= CAP_DFS;
2685 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2687 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2688 SecurityBlob = (PAUTHENTICATE_MESSAGE) bcc_ptr;
2689 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2690 SecurityBlob->MessageType = NtLmAuthenticate;
2691 bcc_ptr += SecurityBlobLength;
2693 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
2694 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
2695 0x80000000 | NTLMSSP_NEGOTIATE_128;
2697 negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
2699 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
2701 /* setup pointers to domain name and workstation name */
2703 SecurityBlob->WorkstationName.Buffer = 0;
2704 SecurityBlob->WorkstationName.Length = 0;
2705 SecurityBlob->WorkstationName.MaximumLength = 0;
2706 SecurityBlob->SessionKey.Length = 0;
2707 SecurityBlob->SessionKey.MaximumLength = 0;
2708 SecurityBlob->SessionKey.Buffer = 0;
2710 SecurityBlob->LmChallengeResponse.Length = 0;
2711 SecurityBlob->LmChallengeResponse.MaximumLength = 0;
2712 SecurityBlob->LmChallengeResponse.Buffer = 0;
2714 SecurityBlob->NtChallengeResponse.Length =
2715 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2716 SecurityBlob->NtChallengeResponse.MaximumLength =
2717 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2718 memcpy(bcc_ptr, ntlm_session_key, CIFS_SESS_KEY_SIZE);
2719 SecurityBlob->NtChallengeResponse.Buffer =
2720 cpu_to_le32(SecurityBlobLength);
2721 SecurityBlobLength += CIFS_SESS_KEY_SIZE;
2722 bcc_ptr += CIFS_SESS_KEY_SIZE;
2724 if (ses->capabilities & CAP_UNICODE) {
2725 if (domain == NULL) {
2726 SecurityBlob->DomainName.Buffer = 0;
2727 SecurityBlob->DomainName.Length = 0;
2728 SecurityBlob->DomainName.MaximumLength = 0;
2731 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2734 SecurityBlob->DomainName.MaximumLength =
2736 SecurityBlob->DomainName.Buffer =
2737 cpu_to_le32(SecurityBlobLength);
2739 SecurityBlobLength += len;
2740 SecurityBlob->DomainName.Length =
2744 SecurityBlob->UserName.Buffer = 0;
2745 SecurityBlob->UserName.Length = 0;
2746 SecurityBlob->UserName.MaximumLength = 0;
2749 cifs_strtoUCS((__le16 *) bcc_ptr, user, 64,
2752 SecurityBlob->UserName.MaximumLength =
2754 SecurityBlob->UserName.Buffer =
2755 cpu_to_le32(SecurityBlobLength);
2757 SecurityBlobLength += len;
2758 SecurityBlob->UserName.Length =
2762 /* SecurityBlob->WorkstationName.Length = cifs_strtoUCS((__le16 *) bcc_ptr, "AMACHINE",64, nls_codepage);
2763 SecurityBlob->WorkstationName.Length *= 2;
2764 SecurityBlob->WorkstationName.MaximumLength = cpu_to_le16(SecurityBlob->WorkstationName.Length);
2765 SecurityBlob->WorkstationName.Buffer = cpu_to_le32(SecurityBlobLength);
2766 bcc_ptr += SecurityBlob->WorkstationName.Length;
2767 SecurityBlobLength += SecurityBlob->WorkstationName.Length;
2768 SecurityBlob->WorkstationName.Length = cpu_to_le16(SecurityBlob->WorkstationName.Length); */
2770 if ((long) bcc_ptr % 2) {
2775 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2777 bcc_ptr += 2 * bytes_returned;
2779 cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release, 32,
2781 bcc_ptr += 2 * bytes_returned;
2782 bcc_ptr += 2; /* null term version string */
2784 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2786 bcc_ptr += 2 * bytes_returned;
2789 bcc_ptr += 2; /* null terminate network opsys string */
2792 bcc_ptr += 2; /* null domain */
2793 } else { /* ASCII */
2794 if (domain == NULL) {
2795 SecurityBlob->DomainName.Buffer = 0;
2796 SecurityBlob->DomainName.Length = 0;
2797 SecurityBlob->DomainName.MaximumLength = 0;
2800 negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
2801 strncpy(bcc_ptr, domain, 63);
2802 len = strnlen(domain, 64);
2803 SecurityBlob->DomainName.MaximumLength =
2805 SecurityBlob->DomainName.Buffer =
2806 cpu_to_le32(SecurityBlobLength);
2808 SecurityBlobLength += len;
2809 SecurityBlob->DomainName.Length = cpu_to_le16(len);
2812 SecurityBlob->UserName.Buffer = 0;
2813 SecurityBlob->UserName.Length = 0;
2814 SecurityBlob->UserName.MaximumLength = 0;
2817 strncpy(bcc_ptr, user, 63);
2818 len = strnlen(user, 64);
2819 SecurityBlob->UserName.MaximumLength =
2821 SecurityBlob->UserName.Buffer =
2822 cpu_to_le32(SecurityBlobLength);
2824 SecurityBlobLength += len;
2825 SecurityBlob->UserName.Length = cpu_to_le16(len);
2827 /* BB fill in our workstation name if known BB */
2829 strcpy(bcc_ptr, "Linux version ");
2830 bcc_ptr += strlen("Linux version ");
2831 strcpy(bcc_ptr, system_utsname.release);
2832 bcc_ptr += strlen(system_utsname.release) + 1;
2833 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2834 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2835 bcc_ptr++; /* null domain */
2838 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2839 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2840 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2841 smb_buffer->smb_buf_length += count;
2842 pSMB->req.ByteCount = cpu_to_le16(count);
2844 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2845 &bytes_returned, 1);
2847 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2848 } else if ((smb_buffer_response->WordCount == 3)
2849 || (smb_buffer_response->WordCount == 4)) {
2850 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2852 le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2853 if (action & GUEST_LOGIN)
2854 cFYI(1, (" Guest login")); /* BB do we want to set anything in SesInfo struct ? */
2855 /* if(SecurityBlob2->MessageType != NtLm??){
2856 cFYI("Unexpected message type on auth response is %d "));
2860 ("Does UID on challenge %d match auth response UID %d ",
2861 ses->Suid, smb_buffer_response->Uid));
2862 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format */
2863 bcc_ptr = pByteArea(smb_buffer_response);
2864 /* response can have either 3 or 4 word count - Samba sends 3 */
2865 if ((pSMBr->resp.hdr.WordCount == 3)
2866 || ((pSMBr->resp.hdr.WordCount == 4)
2868 pSMBr->resp.ByteCount))) {
2869 if (pSMBr->resp.hdr.WordCount == 4) {
2873 ("Security Blob Length %d ",
2878 ("NTLMSSP response to Authenticate "));
2880 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2881 if ((long) (bcc_ptr) % 2) {
2883 (BCC(smb_buffer_response)
2885 bcc_ptr++; /* Unicode strings must be word aligned */
2887 remaining_words = BCC(smb_buffer_response) / 2;
2890 UniStrnlen((wchar_t *) bcc_ptr,remaining_words - 1);
2891 /* We look for obvious messed up bcc or strings in response so we do not go off
2892 the end since (at least) WIN2K and Windows XP have a major bug in not null
2893 terminating last Unicode string in response */
2895 kfree(ses->serverOS);
2897 kzalloc(2 * (len + 1), GFP_KERNEL);
2898 cifs_strfromUCS_le(ses->serverOS,
2902 bcc_ptr += 2 * (len + 1);
2903 remaining_words -= len + 1;
2904 ses->serverOS[2 * len] = 0;
2905 ses->serverOS[1 + (2 * len)] = 0;
2906 if (remaining_words > 0) {
2907 len = UniStrnlen((wchar_t *)
2911 kfree(ses->serverNOS);
2913 kzalloc(2 * (len + 1),
2915 cifs_strfromUCS_le(ses->
2921 bcc_ptr += 2 * (len + 1);
2922 ses->serverNOS[2 * len] = 0;
2923 ses->serverNOS[1+(2*len)] = 0;
2924 remaining_words -= len + 1;
2925 if (remaining_words > 0) {
2926 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2927 /* last string not always null terminated (e.g. for Windows XP & 2000) */
2928 if(ses->serverDomain)
2929 kfree(ses->serverDomain);
2954 } /* else no more room so create dummy domain string */
2956 if(ses->serverDomain)
2957 kfree(ses->serverDomain);
2958 ses->serverDomain = kzalloc(2,GFP_KERNEL);
2960 } else { /* no room so create dummy domain and NOS string */
2961 if(ses->serverDomain)
2962 kfree(ses->serverDomain);
2963 ses->serverDomain = kzalloc(2, GFP_KERNEL);
2964 kfree(ses->serverNOS);
2965 ses->serverNOS = kzalloc(2, GFP_KERNEL);
2967 } else { /* ASCII */
2968 len = strnlen(bcc_ptr, 1024);
2969 if (((long) bcc_ptr + len) -
2970 (long) pByteArea(smb_buffer_response)
2971 <= BCC(smb_buffer_response)) {
2973 kfree(ses->serverOS);
2974 ses->serverOS = kzalloc(len + 1,GFP_KERNEL);
2975 strncpy(ses->serverOS,bcc_ptr, len);
2978 bcc_ptr[0] = 0; /* null terminate the string */
2981 len = strnlen(bcc_ptr, 1024);
2982 kfree(ses->serverNOS);
2983 ses->serverNOS = kzalloc(len+1,GFP_KERNEL);
2984 strncpy(ses->serverNOS, bcc_ptr, len);
2989 len = strnlen(bcc_ptr, 1024);
2990 if(ses->serverDomain)
2991 kfree(ses->serverDomain);
2992 ses->serverDomain = kzalloc(len+1,GFP_KERNEL);
2993 strncpy(ses->serverDomain, bcc_ptr, len);
2999 ("Variable field of length %d extends beyond end of smb ",
3004 (" Security Blob Length extends beyond end of SMB"));
3007 cERROR(1, ("No session structure passed in."));
3011 (" Invalid Word count %d: ",
3012 smb_buffer_response->WordCount));
3017 cifs_buf_release(smb_buffer);
3023 CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3024 const char *tree, struct cifsTconInfo *tcon,
3025 const struct nls_table *nls_codepage)
3027 struct smb_hdr *smb_buffer;
3028 struct smb_hdr *smb_buffer_response;
3031 unsigned char *bcc_ptr;
3039 smb_buffer = cifs_buf_get();
3040 if (smb_buffer == NULL) {
3043 smb_buffer_response = smb_buffer;
3045 header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3046 NULL /*no tid */ , 4 /*wct */ );
3048 smb_buffer->Mid = GetNextMid(ses->server);
3049 smb_buffer->Uid = ses->Suid;
3050 pSMB = (TCONX_REQ *) smb_buffer;
3051 pSMBr = (TCONX_RSP *) smb_buffer_response;
3053 pSMB->AndXCommand = 0xFF;
3054 pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
3055 bcc_ptr = &pSMB->Password[0];
3056 if((ses->server->secMode) & SECMODE_USER) {
3057 pSMB->PasswordLength = cpu_to_le16(1); /* minimum */
3058 *bcc_ptr = 0; /* password is null byte */
3059 bcc_ptr++; /* skip password */
3060 /* already aligned so no need to do it below */
3062 pSMB->PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);
3063 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3064 specified as required (when that support is added to
3065 the vfs in the future) as only NTLM or the much
3066 weaker LANMAN (which we do not send by default) is accepted
3067 by Samba (not sure whether other servers allow
3068 NTLMv2 password here) */
3069 #ifdef CONFIG_CIFS_WEAK_PW_HASH
3070 if((extended_security & CIFSSEC_MAY_LANMAN) &&
3071 (ses->server->secType == LANMAN))
3072 calc_lanman_hash(ses, bcc_ptr);
3074 #endif /* CIFS_WEAK_PW_HASH */
3075 SMBNTencrypt(ses->password,
3076 ses->server->cryptKey,
3079 bcc_ptr += CIFS_SESS_KEY_SIZE;
3080 if(ses->capabilities & CAP_UNICODE) {
3081 /* must align unicode strings */
3082 *bcc_ptr = 0; /* null byte password */
3087 if(ses->server->secMode &
3088 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3089 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3091 if (ses->capabilities & CAP_STATUS32) {
3092 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3094 if (ses->capabilities & CAP_DFS) {
3095 smb_buffer->Flags2 |= SMBFLG2_DFS;
3097 if (ses->capabilities & CAP_UNICODE) {
3098 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3100 cifs_strtoUCS((__le16 *) bcc_ptr, tree,
3101 6 /* max utf8 char length in bytes */ *
3102 (/* server len*/ + 256 /* share len */), nls_codepage);
3103 bcc_ptr += 2 * length; /* convert num 16 bit words to bytes */
3104 bcc_ptr += 2; /* skip trailing null */
3105 } else { /* ASCII */
3106 strcpy(bcc_ptr, tree);
3107 bcc_ptr += strlen(tree) + 1;
3109 strcpy(bcc_ptr, "?????");
3110 bcc_ptr += strlen("?????");
3112 count = bcc_ptr - &pSMB->Password[0];
3113 pSMB->hdr.smb_buf_length += count;
3114 pSMB->ByteCount = cpu_to_le16(count);
3116 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length, 0);
3118 /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3119 /* above now done in SendReceive */
3120 if ((rc == 0) && (tcon != NULL)) {
3121 tcon->tidStatus = CifsGood;
3122 tcon->tid = smb_buffer_response->Tid;
3123 bcc_ptr = pByteArea(smb_buffer_response);
3124 length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2);
3125 /* skip service field (NB: this field is always ASCII) */
3126 bcc_ptr += length + 1;
3127 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3128 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3129 length = UniStrnlen((wchar_t *) bcc_ptr, 512);
3130 if ((bcc_ptr + (2 * length)) -
3131 pByteArea(smb_buffer_response) <=
3132 BCC(smb_buffer_response)) {
3133 kfree(tcon->nativeFileSystem);
3134 tcon->nativeFileSystem =
3135 kzalloc(length + 2, GFP_KERNEL);
3136 cifs_strfromUCS_le(tcon->nativeFileSystem,
3138 length, nls_codepage);
3139 bcc_ptr += 2 * length;
3140 bcc_ptr[0] = 0; /* null terminate the string */
3144 /* else do not bother copying these informational fields */
3146 length = strnlen(bcc_ptr, 1024);
3147 if ((bcc_ptr + length) -
3148 pByteArea(smb_buffer_response) <=
3149 BCC(smb_buffer_response)) {
3150 kfree(tcon->nativeFileSystem);
3151 tcon->nativeFileSystem =
3152 kzalloc(length + 1, GFP_KERNEL);
3153 strncpy(tcon->nativeFileSystem, bcc_ptr,
3156 /* else do not bother copying these informational fields */
3158 if(smb_buffer_response->WordCount == 3)
3159 tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3162 cFYI(1, ("Tcon flags: 0x%x ", tcon->Flags));
3163 } else if ((rc == 0) && tcon == NULL) {
3164 /* all we need to save for IPC$ connection */
3165 ses->ipc_tid = smb_buffer_response->Tid;
3169 cifs_buf_release(smb_buffer);
3174 cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3178 struct cifsSesInfo *ses = NULL;
3179 struct task_struct *cifsd_task;
3183 if (cifs_sb->tcon) {
3184 ses = cifs_sb->tcon->ses; /* save ptr to ses before delete tcon!*/
3185 rc = CIFSSMBTDis(xid, cifs_sb->tcon);
3190 tconInfoFree(cifs_sb->tcon);
3191 if ((ses) && (ses->server)) {
3192 /* save off task so we do not refer to ses later */
3193 cifsd_task = ses->server->tsk;
3194 cFYI(1, ("About to do SMBLogoff "));
3195 rc = CIFSSMBLogoff(xid, ses);
3199 } else if (rc == -ESHUTDOWN) {
3200 cFYI(1,("Waking up socket by sending it signal"));
3202 send_sig(SIGKILL,cifsd_task,1);
3203 wait_for_completion(&cifsd_complete);
3206 } /* else - we have an smb session
3207 left on this socket do not kill cifsd */
3209 cFYI(1, ("No session or bad tcon"));
3212 cifs_sb->tcon = NULL;
3214 schedule_timeout_interruptible(msecs_to_jiffies(500));
3219 return rc; /* BB check if we should always return zero here */
3222 int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
3223 struct nls_table * nls_info)
3226 char ntlm_session_key[CIFS_SESS_KEY_SIZE];
3227 int ntlmv2_flag = FALSE;
3230 /* what if server changes its buffer size after dropping the session? */
3231 if(pSesInfo->server->maxBuf == 0) /* no need to send on reconnect */ {
3232 rc = CIFSSMBNegotiate(xid, pSesInfo);
3233 if(rc == -EAGAIN) /* retry only once on 1st time connection */ {
3234 rc = CIFSSMBNegotiate(xid, pSesInfo);
3239 spin_lock(&GlobalMid_Lock);
3240 if(pSesInfo->server->tcpStatus != CifsExiting)
3241 pSesInfo->server->tcpStatus = CifsGood;
3244 spin_unlock(&GlobalMid_Lock);
3250 pSesInfo->capabilities = pSesInfo->server->capabilities;
3251 if(linuxExtEnabled == 0)
3252 pSesInfo->capabilities &= (~CAP_UNIX);
3253 /* pSesInfo->sequence_number = 0;*/
3254 cFYI(1,("Security Mode: 0x%x Capabilities: 0x%x Time Zone: %d",
3255 pSesInfo->server->secMode,
3256 pSesInfo->server->capabilities,
3257 pSesInfo->server->timeZone));
3258 if(experimEnabled < 2)
3259 rc = CIFS_SessSetup(xid, pSesInfo,
3260 first_time, nls_info);
3261 else if (extended_security
3262 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3263 && (pSesInfo->server->secType == NTLMSSP)) {
3265 } else if (extended_security
3266 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3267 && (pSesInfo->server->secType == RawNTLMSSP)) {
3268 cFYI(1, ("NTLMSSP sesssetup"));
3269 rc = CIFSNTLMSSPNegotiateSessSetup(xid,
3276 cFYI(1,("Can use more secure NTLM version 2 password hash"));
3277 if(CalcNTLMv2_partial_mac_key(pSesInfo,
3282 v2_response = kmalloc(16 + 64 /* blob */, GFP_KERNEL);
3284 CalcNTLMv2_response(pSesInfo,v2_response);
3286 cifs_calculate_ntlmv2_mac_key(
3287 pSesInfo->server->mac_signing_key,
3288 response, ntlm_session_key, */
3290 /* BB Put dummy sig in SessSetup PDU? */
3297 SMBNTencrypt(pSesInfo->password,
3298 pSesInfo->server->cryptKey,
3302 cifs_calculate_mac_key(
3303 pSesInfo->server->mac_signing_key,
3305 pSesInfo->password);
3307 /* for better security the weaker lanman hash not sent
3308 in AuthSessSetup so we no longer calculate it */
3310 rc = CIFSNTLMSSPAuthSessSetup(xid,
3316 } else { /* old style NTLM 0.12 session setup */
3317 SMBNTencrypt(pSesInfo->password,
3318 pSesInfo->server->cryptKey,
3322 cifs_calculate_mac_key(
3323 pSesInfo->server->mac_signing_key,
3324 ntlm_session_key, pSesInfo->password);
3326 rc = CIFSSessSetup(xid, pSesInfo,
3327 ntlm_session_key, nls_info);
3330 cERROR(1,("Send error in SessSetup = %d",rc));
3332 cFYI(1,("CIFS Session Established successfully"));
3333 pSesInfo->status = CifsGood;
git.openpandora.org / pandora-kernel.git / blob