4 * Copyright (C) International Business Machines Corp., 2002,2005
5 * Author(s): Steve French (sfrench@us.ibm.com)
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/ipv6.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <asm/uaccess.h>
33 #include <asm/processor.h>
36 #include "cifsproto.h"
37 #include "cifs_unicode.h"
38 #include "cifs_debug.h"
39 #include "cifs_fs_sb.h"
42 #include "rfc1002pdu.h"
45 #define RFC1001_PORT 139
47 extern void SMBencrypt(unsigned char *passwd, unsigned char *c8,
49 extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
52 extern mempool_t *cifs_req_poolp;
60 char *in6_addr; /* ipv6 address as human readable form of in6_addr */
61 char *iocharset; /* local code page for mapping to and from Unicode */
62 char source_rfc1001_name[16]; /* netbios name of client */
72 unsigned no_psx_acl:1; /* set if posix acl support should be disabled */
73 unsigned no_xattr:1; /* set if xattr (EA) support should be disabled*/
74 unsigned server_ino:1; /* use inode numbers from server ie UniqueId */
76 unsigned remap:1; /* set to remap seven reserved chars in filenames */
80 unsigned short int port;
83 static int ipv4_connect(struct sockaddr_in *psin_server,
84 struct socket **csocket,
86 static int ipv6_connect(struct sockaddr_in6 *psin_server,
87 struct socket **csocket);
91 * cifs tcp session reconnection
93 * mark tcp session as reconnecting so temporarily locked
94 * mark all smb sessions as reconnecting for tcp session
95 * reconnect tcp session
96 * wake up waiters on reconnection? - (not needed currently)
100 cifs_reconnect(struct TCP_Server_Info *server)
103 struct list_head *tmp;
104 struct cifsSesInfo *ses;
105 struct cifsTconInfo *tcon;
106 struct mid_q_entry * mid_entry;
108 spin_lock(&GlobalMid_Lock);
109 if(server->tcpStatus == CifsExiting) {
110 /* the demux thread will exit normally
111 next time through the loop */
112 spin_unlock(&GlobalMid_Lock);
115 server->tcpStatus = CifsNeedReconnect;
116 spin_unlock(&GlobalMid_Lock);
119 cFYI(1, ("Reconnecting tcp session"));
121 /* before reconnecting the tcp session, mark the smb session (uid)
122 and the tid bad so they are not used until reconnected */
123 read_lock(&GlobalSMBSeslock);
124 list_for_each(tmp, &GlobalSMBSessionList) {
125 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
127 if (ses->server == server) {
128 ses->status = CifsNeedReconnect;
132 /* else tcp and smb sessions need reconnection */
134 list_for_each(tmp, &GlobalTreeConnectionList) {
135 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
136 if((tcon) && (tcon->ses) && (tcon->ses->server == server)) {
137 tcon->tidStatus = CifsNeedReconnect;
140 read_unlock(&GlobalSMBSeslock);
141 /* do not want to be sending data on a socket we are freeing */
142 down(&server->tcpSem);
143 if(server->ssocket) {
144 cFYI(1,("State: 0x%x Flags: 0x%lx", server->ssocket->state,
145 server->ssocket->flags));
146 server->ssocket->ops->shutdown(server->ssocket,SEND_SHUTDOWN);
147 cFYI(1,("Post shutdown state: 0x%x Flags: 0x%lx", server->ssocket->state,
148 server->ssocket->flags));
149 sock_release(server->ssocket);
150 server->ssocket = NULL;
153 spin_lock(&GlobalMid_Lock);
154 list_for_each(tmp, &server->pending_mid_q) {
155 mid_entry = list_entry(tmp, struct
159 if(mid_entry->midState == MID_REQUEST_SUBMITTED) {
160 /* Mark other intransit requests as needing
161 retry so we do not immediately mark the
162 session bad again (ie after we reconnect
163 below) as they timeout too */
164 mid_entry->midState = MID_RETRY_NEEDED;
168 spin_unlock(&GlobalMid_Lock);
171 while ((server->tcpStatus != CifsExiting) && (server->tcpStatus != CifsGood))
173 if(server->protocolType == IPV6) {
174 rc = ipv6_connect(&server->addr.sockAddr6,&server->ssocket);
176 rc = ipv4_connect(&server->addr.sockAddr,
178 server->workstation_RFC1001_name);
183 atomic_inc(&tcpSesReconnectCount);
184 spin_lock(&GlobalMid_Lock);
185 if(server->tcpStatus != CifsExiting)
186 server->tcpStatus = CifsGood;
187 server->sequence_number = 0;
188 spin_unlock(&GlobalMid_Lock);
189 /* atomic_set(&server->inFlight,0);*/
190 wake_up(&server->response_q);
198 0 not a transact2, or all data present
199 >0 transact2 with that much data missing
200 -EINVAL = invalid transact2
203 static int check2ndT2(struct smb_hdr * pSMB, unsigned int maxBufSize)
205 struct smb_t2_rsp * pSMBt;
207 int data_in_this_rsp;
210 if(pSMB->Command != SMB_COM_TRANSACTION2)
213 /* check for plausible wct, bcc and t2 data and parm sizes */
214 /* check for parm and data offset going beyond end of smb */
215 if(pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
216 cFYI(1,("invalid transact2 word count"));
220 pSMBt = (struct smb_t2_rsp *)pSMB;
222 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
223 data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
225 remaining = total_data_size - data_in_this_rsp;
229 else if(remaining < 0) {
230 cFYI(1,("total data %d smaller than data in frame %d",
231 total_data_size, data_in_this_rsp));
234 cFYI(1,("missing %d bytes from transact2, check next response",
236 if(total_data_size > maxBufSize) {
237 cERROR(1,("TotalDataSize %d is over maximum buffer %d",
238 total_data_size,maxBufSize));
245 static int coalesce_t2(struct smb_hdr * psecond, struct smb_hdr *pTargetSMB)
247 struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
248 struct smb_t2_rsp *pSMBt = (struct smb_t2_rsp *)pTargetSMB;
253 char * data_area_of_target;
254 char * data_area_of_buf2;
257 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
259 if(total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
260 cFYI(1,("total data sizes of primary and secondary t2 differ"));
263 total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
265 remaining = total_data_size - total_in_buf;
270 if(remaining == 0) /* nothing to do, ignore */
273 total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
274 if(remaining < total_in_buf2) {
275 cFYI(1,("transact2 2nd response contains too much data"));
278 /* find end of first SMB data area */
279 data_area_of_target = (char *)&pSMBt->hdr.Protocol +
280 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
281 /* validate target area */
283 data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
284 le16_to_cpu(pSMB2->t2_rsp.DataOffset);
286 data_area_of_target += total_in_buf;
288 /* copy second buffer into end of first buffer */
289 memcpy(data_area_of_target,data_area_of_buf2,total_in_buf2);
290 total_in_buf += total_in_buf2;
291 pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
292 byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
293 byte_count += total_in_buf2;
294 BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
296 byte_count = be32_to_cpu(pTargetSMB->smb_buf_length);
297 byte_count += total_in_buf2;
299 /* BB also add check that we are not beyond maximum buffer size */
301 pTargetSMB->smb_buf_length = cpu_to_be32(byte_count);
303 if(remaining == total_in_buf2) {
304 cFYI(1,("found the last secondary response"));
305 return 0; /* we are done */
306 } else /* more responses to go */
312 cifs_demultiplex_thread(struct TCP_Server_Info *server)
315 unsigned int pdu_length, total_read;
316 struct smb_hdr *smb_buffer = NULL;
317 struct smb_hdr *bigbuf = NULL;
318 struct smb_hdr *smallbuf = NULL;
319 struct msghdr smb_msg;
321 struct socket *csocket = server->ssocket;
322 struct list_head *tmp;
323 struct cifsSesInfo *ses;
324 struct task_struct *task_to_wake = NULL;
325 struct mid_q_entry *mid_entry;
327 int isLargeBuf = FALSE;
332 allow_signal(SIGKILL);
333 current->flags |= PF_MEMALLOC;
334 server->tsk = current; /* save process info to wake at shutdown */
335 cFYI(1, ("Demultiplex PID: %d", current->pid));
336 write_lock(&GlobalSMBSeslock);
337 atomic_inc(&tcpSesAllocCount);
338 length = tcpSesAllocCount.counter;
339 write_unlock(&GlobalSMBSeslock);
341 mempool_resize(cifs_req_poolp,
342 length + cifs_min_rcv,
346 while (server->tcpStatus != CifsExiting) {
349 if (bigbuf == NULL) {
350 bigbuf = cifs_buf_get();
352 cERROR(1,("No memory for large SMB response"));
354 /* retry will check if exiting */
357 } else if(isLargeBuf) {
358 /* we are reusing a dirtry large buf, clear its start */
359 memset(bigbuf, 0, sizeof (struct smb_hdr));
362 if (smallbuf == NULL) {
363 smallbuf = cifs_small_buf_get();
364 if(smallbuf == NULL) {
365 cERROR(1,("No memory for SMB response"));
367 /* retry will check if exiting */
370 /* beginning of smb buffer is cleared in our buf_get */
371 } else /* if existing small buf clear beginning */
372 memset(smallbuf, 0, sizeof (struct smb_hdr));
376 smb_buffer = smallbuf;
377 iov.iov_base = smb_buffer;
379 smb_msg.msg_control = NULL;
380 smb_msg.msg_controllen = 0;
382 kernel_recvmsg(csocket, &smb_msg,
383 &iov, 1, 4, 0 /* BB see socket.h flags */);
385 if(server->tcpStatus == CifsExiting) {
387 } else if (server->tcpStatus == CifsNeedReconnect) {
388 cFYI(1,("Reconnect after server stopped responding"));
389 cifs_reconnect(server);
390 cFYI(1,("call to reconnect done"));
391 csocket = server->ssocket;
393 } else if ((length == -ERESTARTSYS) || (length == -EAGAIN)) {
394 msleep(1); /* minimum sleep to prevent looping
395 allowing socket to clear and app threads to set
396 tcpStatus CifsNeedReconnect if server hung */
398 } else if (length <= 0) {
399 if(server->tcpStatus == CifsNew) {
400 cFYI(1,("tcp session abend after SMBnegprot"));
401 /* some servers kill the TCP session rather than
402 returning an SMB negprot error, in which
403 case reconnecting here is not going to help,
404 and so simply return error to mount */
407 if(length == -EINTR) {
408 cFYI(1,("cifsd thread killed"));
411 cFYI(1,("Reconnect after unexpected peek error %d",
413 cifs_reconnect(server);
414 csocket = server->ssocket;
415 wake_up(&server->response_q);
417 } else if (length < 4) {
419 ("Frame under four bytes received (%d bytes long)",
421 cifs_reconnect(server);
422 csocket = server->ssocket;
423 wake_up(&server->response_q);
427 /* the right amount was read from socket - 4 bytes */
429 pdu_length = ntohl(smb_buffer->smb_buf_length);
430 cFYI(1,("rfc1002 length(big endian)0x%x)", pdu_length+4));
432 temp = (char *) smb_buffer;
433 if (temp[0] == (char) RFC1002_SESSION_KEEP_ALIVE) {
435 } else if (temp[0] == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
436 cFYI(1,("Good RFC 1002 session rsp"));
438 } else if (temp[0] == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
439 /* we get this from Windows 98 instead of
440 an error on SMB negprot response */
441 cFYI(1,("Negative RFC1002 Session Response Error 0x%x)",
443 if(server->tcpStatus == CifsNew) {
444 /* if nack on negprot (rather than
445 ret of smb negprot error) reconnecting
446 not going to help, ret error to mount */
449 /* give server a second to
450 clean up before reconnect attempt */
452 /* always try 445 first on reconnect
453 since we get NACK on some if we ever
454 connected to port 139 (the NACK is
455 since we do not begin with RFC1001
456 session initialize frame) */
457 server->addr.sockAddr.sin_port =
459 cifs_reconnect(server);
460 csocket = server->ssocket;
461 wake_up(&server->response_q);
464 } else if (temp[0] != (char) 0) {
465 cERROR(1,("Unknown RFC 1002 frame"));
466 cifs_dump_mem(" Received Data: ", temp, length);
467 cifs_reconnect(server);
468 csocket = server->ssocket;
472 /* else we have an SMB response */
473 if((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
474 (pdu_length < sizeof (struct smb_hdr) - 1 - 4)) {
475 cERROR(1, ("Invalid size SMB length %d pdu_length %d",
476 length, pdu_length+4));
477 cifs_reconnect(server);
478 csocket = server->ssocket;
479 wake_up(&server->response_q);
486 if(pdu_length > MAX_CIFS_HDR_SIZE - 4) {
488 memcpy(bigbuf, smallbuf, 4);
492 iov.iov_base = 4 + (char *)smb_buffer;
493 iov.iov_len = pdu_length;
494 for (total_read = 0; total_read < pdu_length;
495 total_read += length) {
496 length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
497 pdu_length - total_read, 0);
498 if((server->tcpStatus == CifsExiting) ||
499 (length == -EINTR)) {
503 } else if (server->tcpStatus == CifsNeedReconnect) {
504 cifs_reconnect(server);
505 csocket = server->ssocket;
506 /* Reconnect wakes up rspns q */
507 /* Now we will reread sock */
510 } else if ((length == -ERESTARTSYS) ||
511 (length == -EAGAIN)) {
512 msleep(1); /* minimum sleep to prevent looping,
513 allowing socket to clear and app
514 threads to set tcpStatus
515 CifsNeedReconnect if server hung*/
517 } else if (length <= 0) {
518 cERROR(1,("Received no data, expecting %d",
519 pdu_length - total_read));
520 cifs_reconnect(server);
521 csocket = server->ssocket;
528 else if(reconnect == 1)
531 length += 4; /* account for rfc1002 hdr */
534 dump_smb(smb_buffer, length);
535 if (checkSMB (smb_buffer, smb_buffer->Mid, total_read+4)) {
536 cERROR(1, ("Bad SMB Received "));
542 spin_lock(&GlobalMid_Lock);
543 list_for_each(tmp, &server->pending_mid_q) {
544 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
546 if ((mid_entry->mid == smb_buffer->Mid) &&
547 (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
548 (mid_entry->command == smb_buffer->Command)) {
549 if(check2ndT2(smb_buffer,server->maxBuf) > 0) {
550 /* We have a multipart transact2 resp */
552 if(mid_entry->resp_buf) {
553 /* merge response - fix up 1st*/
554 if(coalesce_t2(smb_buffer,
555 mid_entry->resp_buf)) {
558 /* all parts received */
563 cERROR(1,("1st trans2 resp needs bigbuf"));
564 /* BB maybe we can fix this up, switch
565 to already allocated large buffer? */
567 /* Have first buffer */
568 mid_entry->resp_buf =
570 mid_entry->largeBuf = 1;
576 mid_entry->resp_buf = smb_buffer;
578 mid_entry->largeBuf = 1;
580 mid_entry->largeBuf = 0;
582 task_to_wake = mid_entry->tsk;
583 mid_entry->midState = MID_RESPONSE_RECEIVED;
587 spin_unlock(&GlobalMid_Lock);
589 /* Was previous buf put in mpx struct for multi-rsp? */
591 /* smb buffer will be freed by user thread */
597 wake_up_process(task_to_wake);
598 } else if ((is_valid_oplock_break(smb_buffer) == FALSE)
599 && (isMultiRsp == FALSE)) {
600 cERROR(1, ("No task to wake, unknown frame rcvd!"));
601 cifs_dump_mem("Received Data is: ",temp,sizeof(struct smb_hdr));
603 } /* end while !EXITING */
605 spin_lock(&GlobalMid_Lock);
606 server->tcpStatus = CifsExiting;
608 /* check if we have blocked requests that need to free */
609 /* Note that cifs_max_pending is normally 50, but
610 can be set at module install time to as little as two */
611 if(atomic_read(&server->inFlight) >= cifs_max_pending)
612 atomic_set(&server->inFlight, cifs_max_pending - 1);
613 /* We do not want to set the max_pending too low or we
614 could end up with the counter going negative */
615 spin_unlock(&GlobalMid_Lock);
616 /* Although there should not be any requests blocked on
617 this queue it can not hurt to be paranoid and try to wake up requests
618 that may haven been blocked when more than 50 at time were on the wire
619 to the same server - they now will see the session is in exit state
620 and get out of SendReceive. */
621 wake_up_all(&server->request_q);
622 /* give those requests time to exit */
625 if(server->ssocket) {
626 sock_release(csocket);
627 server->ssocket = NULL;
629 /* buffer usuallly freed in free_mid - need to free it here on exit */
631 cifs_buf_release(bigbuf);
632 if (smallbuf != NULL)
633 cifs_small_buf_release(smallbuf);
635 read_lock(&GlobalSMBSeslock);
636 if (list_empty(&server->pending_mid_q)) {
637 /* loop through server session structures attached to this and
639 list_for_each(tmp, &GlobalSMBSessionList) {
641 list_entry(tmp, struct cifsSesInfo,
643 if (ses->server == server) {
644 ses->status = CifsExiting;
648 read_unlock(&GlobalSMBSeslock);
650 /* although we can not zero the server struct pointer yet,
651 since there are active requests which may depnd on them,
652 mark the corresponding SMB sessions as exiting too */
653 list_for_each(tmp, &GlobalSMBSessionList) {
654 ses = list_entry(tmp, struct cifsSesInfo,
656 if (ses->server == server) {
657 ses->status = CifsExiting;
661 spin_lock(&GlobalMid_Lock);
662 list_for_each(tmp, &server->pending_mid_q) {
663 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
664 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
666 ("Clearing Mid 0x%x - waking up ",mid_entry->mid));
667 task_to_wake = mid_entry->tsk;
669 wake_up_process(task_to_wake);
673 spin_unlock(&GlobalMid_Lock);
674 read_unlock(&GlobalSMBSeslock);
675 /* 1/8th of sec is more than enough time for them to exit */
679 if (list_empty(&server->pending_mid_q)) {
680 /* mpx threads have not exited yet give them
681 at least the smb send timeout time for long ops */
682 /* due to delays on oplock break requests, we need
683 to wait at least 45 seconds before giving up
684 on a request getting a response and going ahead
686 cFYI(1, ("Wait for exit from demultiplex thread"));
688 /* if threads still have not exited they are probably never
689 coming home not much else we can do but free the memory */
692 write_lock(&GlobalSMBSeslock);
693 atomic_dec(&tcpSesAllocCount);
694 length = tcpSesAllocCount.counter;
696 /* last chance to mark ses pointers invalid
697 if there are any pointing to this (e.g
698 if a crazy root user tried to kill cifsd
699 kernel thread explicitly this might happen) */
700 list_for_each(tmp, &GlobalSMBSessionList) {
701 ses = list_entry(tmp, struct cifsSesInfo,
703 if (ses->server == server) {
707 write_unlock(&GlobalSMBSeslock);
711 mempool_resize(cifs_req_poolp,
712 length + cifs_min_rcv,
721 cifs_parse_mount_options(char *options, const char *devname,struct smb_vol *vol)
725 unsigned int temp_len, i, j;
731 memset(vol->source_rfc1001_name,0x20,15);
732 for(i=0;i < strnlen(system_utsname.nodename,15);i++) {
733 /* does not have to be a perfect mapping since the field is
734 informational, only used for servers that do not support
735 port 445 and it can be overridden at mount time */
736 vol->source_rfc1001_name[i] =
737 toupper(system_utsname.nodename[i]);
739 vol->source_rfc1001_name[15] = 0;
741 vol->linux_uid = current->uid; /* current->euid instead? */
742 vol->linux_gid = current->gid;
743 vol->dir_mode = S_IRWXUGO;
744 /* 2767 perms indicate mandatory locking support */
745 vol->file_mode = S_IALLUGO & ~(S_ISUID | S_IXGRP);
747 /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
753 if(strncmp(options,"sep=",4) == 0) {
754 if(options[4] != 0) {
755 separator[0] = options[4];
758 cFYI(1,("Null separator not allowed"));
762 while ((data = strsep(&options, separator)) != NULL) {
765 if ((value = strchr(data, '=')) != NULL)
768 if (strnicmp(data, "user_xattr",10) == 0) {/*parse before user*/
770 } else if (strnicmp(data, "nouser_xattr",12) == 0) {
772 } else if (strnicmp(data, "user", 4) == 0) {
773 if (!value || !*value) {
775 "CIFS: invalid or missing username\n");
776 return 1; /* needs_arg; */
778 if (strnlen(value, 200) < 200) {
779 vol->username = value;
781 printk(KERN_WARNING "CIFS: username too long\n");
784 } else if (strnicmp(data, "pass", 4) == 0) {
786 vol->password = NULL;
788 } else if(value[0] == 0) {
789 /* check if string begins with double comma
790 since that would mean the password really
791 does start with a comma, and would not
792 indicate an empty string */
793 if(value[1] != separator[0]) {
794 vol->password = NULL;
798 temp_len = strlen(value);
799 /* removed password length check, NTLM passwords
800 can be arbitrarily long */
802 /* if comma in password, the string will be
803 prematurely null terminated. Commas in password are
804 specified across the cifs mount interface by a double
805 comma ie ,, and a comma used as in other cases ie ','
806 as a parameter delimiter/separator is single and due
807 to the strsep above is temporarily zeroed. */
809 /* NB: password legally can have multiple commas and
810 the only illegal character in a password is null */
812 if ((value[temp_len] == 0) &&
813 (value[temp_len+1] == separator[0])) {
815 value[temp_len] = separator[0];
816 temp_len+=2; /* move after the second comma */
817 while(value[temp_len] != 0) {
818 if (value[temp_len] == separator[0]) {
819 if (value[temp_len+1] ==
821 /* skip second comma */
824 /* single comma indicating start
831 if(value[temp_len] == 0) {
835 /* point option to start of next parm */
836 options = value + temp_len + 1;
838 /* go from value to value + temp_len condensing
839 double commas to singles. Note that this ends up
840 allocating a few bytes too many, which is ok */
841 vol->password = kzalloc(temp_len, GFP_KERNEL);
842 if(vol->password == NULL) {
843 printk("CIFS: no memory for pass\n");
846 for(i=0,j=0;i<temp_len;i++,j++) {
847 vol->password[j] = value[i];
848 if(value[i] == separator[0]
849 && value[i+1] == separator[0]) {
850 /* skip second comma */
854 vol->password[j] = 0;
856 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
857 if(vol->password == NULL) {
858 printk("CIFS: no memory for pass\n");
861 strcpy(vol->password, value);
863 } else if (strnicmp(data, "ip", 2) == 0) {
864 if (!value || !*value) {
866 } else if (strnlen(value, 35) < 35) {
869 printk(KERN_WARNING "CIFS: ip address too long\n");
872 } else if ((strnicmp(data, "unc", 3) == 0)
873 || (strnicmp(data, "target", 6) == 0)
874 || (strnicmp(data, "path", 4) == 0)) {
875 if (!value || !*value) {
877 "CIFS: invalid path to network resource\n");
878 return 1; /* needs_arg; */
880 if ((temp_len = strnlen(value, 300)) < 300) {
881 vol->UNC = kmalloc(temp_len+1,GFP_KERNEL);
884 strcpy(vol->UNC,value);
885 if (strncmp(vol->UNC, "//", 2) == 0) {
888 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
890 "CIFS: UNC Path does not begin with // or \\\\ \n");
894 printk(KERN_WARNING "CIFS: UNC name too long\n");
897 } else if ((strnicmp(data, "domain", 3) == 0)
898 || (strnicmp(data, "workgroup", 5) == 0)) {
899 if (!value || !*value) {
900 printk(KERN_WARNING "CIFS: invalid domain name\n");
901 return 1; /* needs_arg; */
903 /* BB are there cases in which a comma can be valid in
904 a domain name and need special handling? */
905 if (strnlen(value, 65) < 65) {
906 vol->domainname = value;
907 cFYI(1, ("Domain name set"));
909 printk(KERN_WARNING "CIFS: domain name too long\n");
912 } else if (strnicmp(data, "iocharset", 9) == 0) {
913 if (!value || !*value) {
914 printk(KERN_WARNING "CIFS: invalid iocharset specified\n");
915 return 1; /* needs_arg; */
917 if (strnlen(value, 65) < 65) {
918 if(strnicmp(value,"default",7))
919 vol->iocharset = value;
920 /* if iocharset not set load_nls_default used by caller */
921 cFYI(1, ("iocharset set to %s",value));
923 printk(KERN_WARNING "CIFS: iocharset name too long.\n");
926 } else if (strnicmp(data, "uid", 3) == 0) {
927 if (value && *value) {
929 simple_strtoul(value, &value, 0);
931 } else if (strnicmp(data, "gid", 3) == 0) {
932 if (value && *value) {
934 simple_strtoul(value, &value, 0);
936 } else if (strnicmp(data, "file_mode", 4) == 0) {
937 if (value && *value) {
939 simple_strtoul(value, &value, 0);
941 } else if (strnicmp(data, "dir_mode", 4) == 0) {
942 if (value && *value) {
944 simple_strtoul(value, &value, 0);
946 } else if (strnicmp(data, "dirmode", 4) == 0) {
947 if (value && *value) {
949 simple_strtoul(value, &value, 0);
951 } else if (strnicmp(data, "port", 4) == 0) {
952 if (value && *value) {
954 simple_strtoul(value, &value, 0);
956 } else if (strnicmp(data, "rsize", 5) == 0) {
957 if (value && *value) {
959 simple_strtoul(value, &value, 0);
961 } else if (strnicmp(data, "wsize", 5) == 0) {
962 if (value && *value) {
964 simple_strtoul(value, &value, 0);
966 } else if (strnicmp(data, "sockopt", 5) == 0) {
967 if (value && *value) {
969 simple_strtoul(value, &value, 0);
971 } else if (strnicmp(data, "netbiosname", 4) == 0) {
972 if (!value || !*value || (*value == ' ')) {
973 cFYI(1,("invalid (empty) netbiosname specified"));
975 memset(vol->source_rfc1001_name,0x20,15);
977 /* BB are there cases in which a comma can be
978 valid in this workstation netbios name (and need
979 special handling)? */
981 /* We do not uppercase netbiosname for user */
985 vol->source_rfc1001_name[i] = value[i];
987 /* The string has 16th byte zero still from
988 set at top of the function */
989 if((i==15) && (value[i] != 0))
990 printk(KERN_WARNING "CIFS: netbiosname longer than 15 and was truncated.\n");
992 } else if (strnicmp(data, "credentials", 4) == 0) {
994 } else if (strnicmp(data, "version", 3) == 0) {
996 } else if (strnicmp(data, "guest",5) == 0) {
998 } else if (strnicmp(data, "rw", 2) == 0) {
1000 } else if ((strnicmp(data, "suid", 4) == 0) ||
1001 (strnicmp(data, "nosuid", 6) == 0) ||
1002 (strnicmp(data, "exec", 4) == 0) ||
1003 (strnicmp(data, "noexec", 6) == 0) ||
1004 (strnicmp(data, "nodev", 5) == 0) ||
1005 (strnicmp(data, "noauto", 6) == 0) ||
1006 (strnicmp(data, "dev", 3) == 0)) {
1007 /* The mount tool or mount.cifs helper (if present)
1008 uses these opts to set flags, and the flags are read
1009 by the kernel vfs layer before we get here (ie
1010 before read super) so there is no point trying to
1011 parse these options again and set anything and it
1012 is ok to just ignore them */
1014 } else if (strnicmp(data, "ro", 2) == 0) {
1016 } else if (strnicmp(data, "hard", 4) == 0) {
1018 } else if (strnicmp(data, "soft", 4) == 0) {
1020 } else if (strnicmp(data, "perm", 4) == 0) {
1022 } else if (strnicmp(data, "noperm", 6) == 0) {
1024 } else if (strnicmp(data, "mapchars", 8) == 0) {
1026 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1028 } else if (strnicmp(data, "setuids", 7) == 0) {
1030 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1032 } else if (strnicmp(data, "nohard", 6) == 0) {
1034 } else if (strnicmp(data, "nosoft", 6) == 0) {
1036 } else if (strnicmp(data, "nointr", 6) == 0) {
1038 } else if (strnicmp(data, "intr", 4) == 0) {
1040 } else if (strnicmp(data, "serverino",7) == 0) {
1041 vol->server_ino = 1;
1042 } else if (strnicmp(data, "noserverino",9) == 0) {
1043 vol->server_ino = 0;
1044 } else if (strnicmp(data, "acl",3) == 0) {
1045 vol->no_psx_acl = 0;
1046 } else if (strnicmp(data, "noacl",5) == 0) {
1047 vol->no_psx_acl = 1;
1048 } else if (strnicmp(data, "direct",6) == 0) {
1050 } else if (strnicmp(data, "forcedirectio",13) == 0) {
1052 } else if (strnicmp(data, "in6_addr",8) == 0) {
1053 if (!value || !*value) {
1054 vol->in6_addr = NULL;
1055 } else if (strnlen(value, 49) == 48) {
1056 vol->in6_addr = value;
1058 printk(KERN_WARNING "CIFS: ip v6 address not 48 characters long\n");
1061 } else if (strnicmp(data, "noac", 4) == 0) {
1062 printk(KERN_WARNING "CIFS: Mount option noac not supported. Instead set /proc/fs/cifs/LookupCacheEnabled to 0\n");
1064 printk(KERN_WARNING "CIFS: Unknown mount option %s\n",data);
1066 if (vol->UNC == NULL) {
1067 if(devname == NULL) {
1068 printk(KERN_WARNING "CIFS: Missing UNC name for mount target\n");
1071 if ((temp_len = strnlen(devname, 300)) < 300) {
1072 vol->UNC = kmalloc(temp_len+1,GFP_KERNEL);
1073 if(vol->UNC == NULL)
1075 strcpy(vol->UNC,devname);
1076 if (strncmp(vol->UNC, "//", 2) == 0) {
1079 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1080 printk(KERN_WARNING "CIFS: UNC Path does not begin with // or \\\\ \n");
1084 printk(KERN_WARNING "CIFS: UNC name too long\n");
1088 if(vol->UNCip == NULL)
1089 vol->UNCip = &vol->UNC[2];
1094 static struct cifsSesInfo *
1095 cifs_find_tcp_session(struct in_addr * target_ip_addr,
1096 struct in6_addr *target_ip6_addr,
1097 char *userName, struct TCP_Server_Info **psrvTcp)
1099 struct list_head *tmp;
1100 struct cifsSesInfo *ses;
1102 read_lock(&GlobalSMBSeslock);
1104 list_for_each(tmp, &GlobalSMBSessionList) {
1105 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
1107 if((target_ip_addr &&
1108 (ses->server->addr.sockAddr.sin_addr.s_addr
1109 == target_ip_addr->s_addr)) || (target_ip6_addr
1110 && memcmp(&ses->server->addr.sockAddr6.sin6_addr,
1111 target_ip6_addr,sizeof(*target_ip6_addr)))){
1112 /* BB lock server and tcp session and increment use count here?? */
1113 *psrvTcp = ses->server; /* found a match on the TCP session */
1114 /* BB check if reconnection needed */
1116 (ses->userName, userName,
1117 MAX_USERNAME_SIZE) == 0){
1118 read_unlock(&GlobalSMBSeslock);
1119 return ses; /* found exact match on both tcp and SMB sessions */
1123 /* else tcp and smb sessions need reconnection */
1125 read_unlock(&GlobalSMBSeslock);
1129 static struct cifsTconInfo *
1130 find_unc(__be32 new_target_ip_addr, char *uncName, char *userName)
1132 struct list_head *tmp;
1133 struct cifsTconInfo *tcon;
1135 read_lock(&GlobalSMBSeslock);
1136 list_for_each(tmp, &GlobalTreeConnectionList) {
1137 cFYI(1, ("Next tcon - "));
1138 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
1140 if (tcon->ses->server) {
1142 (" old ip addr: %x == new ip %x ?",
1143 tcon->ses->server->addr.sockAddr.sin_addr.
1144 s_addr, new_target_ip_addr));
1145 if (tcon->ses->server->addr.sockAddr.sin_addr.
1146 s_addr == new_target_ip_addr) {
1147 /* BB lock tcon and server and tcp session and increment use count here? */
1148 /* found a match on the TCP session */
1149 /* BB check if reconnection needed */
1150 cFYI(1,("Matched ip, old UNC: %s == new: %s ?",
1151 tcon->treeName, uncName));
1153 (tcon->treeName, uncName,
1154 MAX_TREE_SIZE) == 0) {
1156 ("Matched UNC, old user: %s == new: %s ?",
1157 tcon->treeName, uncName));
1159 (tcon->ses->userName,
1161 MAX_USERNAME_SIZE) == 0) {
1162 read_unlock(&GlobalSMBSeslock);
1163 return tcon;/* also matched user (smb session)*/
1170 read_unlock(&GlobalSMBSeslock);
1175 connect_to_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
1176 const char *old_path, const struct nls_table *nls_codepage,
1179 unsigned char *referrals = NULL;
1180 unsigned int num_referrals;
1183 rc = get_dfs_path(xid, pSesInfo,old_path, nls_codepage,
1184 &num_referrals, &referrals, remap);
1186 /* BB Add in code to: if valid refrl, if not ip address contact
1187 the helper that resolves tcp names, mount to it, try to
1188 tcon to it unmount it if fail */
1197 get_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
1198 const char *old_path, const struct nls_table *nls_codepage,
1199 unsigned int *pnum_referrals,
1200 unsigned char ** preferrals, int remap)
1205 *pnum_referrals = 0;
1207 if (pSesInfo->ipc_tid == 0) {
1208 temp_unc = kmalloc(2 /* for slashes */ +
1209 strnlen(pSesInfo->serverName,SERVER_NAME_LEN_WITH_NULL * 2)
1210 + 1 + 4 /* slash IPC$ */ + 2,
1212 if (temp_unc == NULL)
1216 strcpy(temp_unc + 2, pSesInfo->serverName);
1217 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
1218 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
1220 ("CIFS Tcon rc = %d ipc_tid = %d", rc,pSesInfo->ipc_tid));
1224 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
1225 pnum_referrals, nls_codepage, remap);
1230 /* See RFC1001 section 14 on representation of Netbios names */
1231 static void rfc1002mangle(char * target,char * source, unsigned int length)
1235 for(i=0,j=0;i<(length);i++) {
1236 /* mask a nibble at a time and encode */
1237 target[j] = 'A' + (0x0F & (source[i] >> 4));
1238 target[j+1] = 'A' + (0x0F & source[i]);
1246 ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket,
1247 char * netbios_name)
1251 __be16 orig_port = 0;
1253 if(*csocket == NULL) {
1254 rc = sock_create_kern(PF_INET, SOCK_STREAM, IPPROTO_TCP, csocket);
1256 cERROR(1, ("Error %d creating socket",rc));
1260 /* BB other socket options to set KEEPALIVE, NODELAY? */
1261 cFYI(1,("Socket created"));
1262 (*csocket)->sk->sk_allocation = GFP_NOFS;
1266 psin_server->sin_family = AF_INET;
1267 if(psin_server->sin_port) { /* user overrode default port */
1268 rc = (*csocket)->ops->connect(*csocket,
1269 (struct sockaddr *) psin_server,
1270 sizeof (struct sockaddr_in),0);
1276 /* save original port so we can retry user specified port
1277 later if fall back ports fail this time */
1278 orig_port = psin_server->sin_port;
1280 /* do not retry on the same port we just failed on */
1281 if(psin_server->sin_port != htons(CIFS_PORT)) {
1282 psin_server->sin_port = htons(CIFS_PORT);
1284 rc = (*csocket)->ops->connect(*csocket,
1285 (struct sockaddr *) psin_server,
1286 sizeof (struct sockaddr_in),0);
1292 psin_server->sin_port = htons(RFC1001_PORT);
1293 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1294 psin_server, sizeof (struct sockaddr_in),0);
1299 /* give up here - unless we want to retry on different
1300 protocol families some day */
1303 psin_server->sin_port = orig_port;
1304 cFYI(1,("Error %d connecting to server via ipv4",rc));
1305 sock_release(*csocket);
1309 /* Eventually check for other socket options to change from
1310 the default. sock_setsockopt not used because it expects
1311 user space buffer */
1312 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1314 /* send RFC1001 sessinit */
1316 if(psin_server->sin_port == htons(RFC1001_PORT)) {
1317 /* some servers require RFC1001 sessinit before sending
1318 negprot - BB check reconnection in case where second
1319 sessinit is sent but no second negprot */
1320 struct rfc1002_session_packet * ses_init_buf;
1321 struct smb_hdr * smb_buf;
1322 ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet), GFP_KERNEL);
1324 ses_init_buf->trailer.session_req.called_len = 32;
1325 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1326 DEFAULT_CIFS_CALLED_NAME,16);
1327 ses_init_buf->trailer.session_req.calling_len = 32;
1328 /* calling name ends in null (byte 16) from old smb
1330 if(netbios_name && (netbios_name[0] !=0)) {
1331 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1334 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1335 "LINUX_CIFS_CLNT",16);
1337 ses_init_buf->trailer.session_req.scope1 = 0;
1338 ses_init_buf->trailer.session_req.scope2 = 0;
1339 smb_buf = (struct smb_hdr *)ses_init_buf;
1340 /* sizeof RFC1002_SESSION_REQUEST with no scope */
1341 smb_buf->smb_buf_length = 0x81000044;
1342 rc = smb_send(*csocket, smb_buf, 0x44,
1343 (struct sockaddr *)psin_server);
1344 kfree(ses_init_buf);
1346 /* else the negprot may still work without this
1347 even though malloc failed */
1355 ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket)
1359 __be16 orig_port = 0;
1361 if(*csocket == NULL) {
1362 rc = sock_create_kern(PF_INET6, SOCK_STREAM, IPPROTO_TCP, csocket);
1364 cERROR(1, ("Error %d creating ipv6 socket",rc));
1368 /* BB other socket options to set KEEPALIVE, NODELAY? */
1369 cFYI(1,("ipv6 Socket created"));
1370 (*csocket)->sk->sk_allocation = GFP_NOFS;
1374 psin_server->sin6_family = AF_INET6;
1376 if(psin_server->sin6_port) { /* user overrode default port */
1377 rc = (*csocket)->ops->connect(*csocket,
1378 (struct sockaddr *) psin_server,
1379 sizeof (struct sockaddr_in6),0);
1385 /* save original port so we can retry user specified port
1386 later if fall back ports fail this time */
1388 orig_port = psin_server->sin6_port;
1389 /* do not retry on the same port we just failed on */
1390 if(psin_server->sin6_port != htons(CIFS_PORT)) {
1391 psin_server->sin6_port = htons(CIFS_PORT);
1393 rc = (*csocket)->ops->connect(*csocket,
1394 (struct sockaddr *) psin_server,
1395 sizeof (struct sockaddr_in6),0);
1401 psin_server->sin6_port = htons(RFC1001_PORT);
1402 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1403 psin_server, sizeof (struct sockaddr_in6),0);
1408 /* give up here - unless we want to retry on different
1409 protocol families some day */
1412 psin_server->sin6_port = orig_port;
1413 cFYI(1,("Error %d connecting to server via ipv6",rc));
1414 sock_release(*csocket);
1418 /* Eventually check for other socket options to change from
1419 the default. sock_setsockopt not used because it expects
1420 user space buffer */
1421 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1427 cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
1428 char *mount_data, const char *devname)
1432 int address_type = AF_INET;
1433 struct socket *csocket = NULL;
1434 struct sockaddr_in sin_server;
1435 struct sockaddr_in6 sin_server6;
1436 struct smb_vol volume_info;
1437 struct cifsSesInfo *pSesInfo = NULL;
1438 struct cifsSesInfo *existingCifsSes = NULL;
1439 struct cifsTconInfo *tcon = NULL;
1440 struct TCP_Server_Info *srvTcp = NULL;
1444 /* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */
1446 memset(&volume_info,0,sizeof(struct smb_vol));
1447 if (cifs_parse_mount_options(mount_data, devname, &volume_info)) {
1449 kfree(volume_info.UNC);
1450 if(volume_info.password)
1451 kfree(volume_info.password);
1456 if (volume_info.username) {
1457 /* BB fixme parse for domain name here */
1458 cFYI(1, ("Username: %s ", volume_info.username));
1461 cifserror("No username specified ");
1462 /* In userspace mount helper we can get user name from alternate
1463 locations such as env variables and files on disk */
1465 kfree(volume_info.UNC);
1466 if(volume_info.password)
1467 kfree(volume_info.password);
1472 if (volume_info.UNCip && volume_info.UNC) {
1473 rc = cifs_inet_pton(AF_INET, volume_info.UNCip,&sin_server.sin_addr.s_addr);
1476 /* not ipv4 address, try ipv6 */
1477 rc = cifs_inet_pton(AF_INET6,volume_info.UNCip,&sin_server6.sin6_addr.in6_u);
1479 address_type = AF_INET6;
1481 address_type = AF_INET;
1485 /* we failed translating address */
1487 kfree(volume_info.UNC);
1488 if(volume_info.password)
1489 kfree(volume_info.password);
1494 cFYI(1, ("UNC: %s ip: %s", volume_info.UNC, volume_info.UNCip));
1497 } else if (volume_info.UNCip){
1498 /* BB using ip addr as server name connect to the DFS root below */
1499 cERROR(1,("Connecting to DFS root not implemented yet"));
1501 kfree(volume_info.UNC);
1502 if(volume_info.password)
1503 kfree(volume_info.password);
1506 } else /* which servers DFS root would we conect to */ {
1508 ("CIFS mount error: No UNC path (e.g. -o unc=//192.168.1.100/public) specified "));
1510 kfree(volume_info.UNC);
1511 if(volume_info.password)
1512 kfree(volume_info.password);
1517 /* this is needed for ASCII cp to Unicode converts */
1518 if(volume_info.iocharset == NULL) {
1519 cifs_sb->local_nls = load_nls_default();
1520 /* load_nls_default can not return null */
1522 cifs_sb->local_nls = load_nls(volume_info.iocharset);
1523 if(cifs_sb->local_nls == NULL) {
1524 cERROR(1,("CIFS mount error: iocharset %s not found",volume_info.iocharset));
1526 kfree(volume_info.UNC);
1527 if(volume_info.password)
1528 kfree(volume_info.password);
1534 if(address_type == AF_INET)
1535 existingCifsSes = cifs_find_tcp_session(&sin_server.sin_addr,
1536 NULL /* no ipv6 addr */,
1537 volume_info.username, &srvTcp);
1538 else if(address_type == AF_INET6)
1539 existingCifsSes = cifs_find_tcp_session(NULL /* no ipv4 addr */,
1540 &sin_server6.sin6_addr,
1541 volume_info.username, &srvTcp);
1544 kfree(volume_info.UNC);
1545 if(volume_info.password)
1546 kfree(volume_info.password);
1553 cFYI(1, ("Existing tcp session with server found "));
1554 } else { /* create socket */
1555 if(volume_info.port)
1556 sin_server.sin_port = htons(volume_info.port);
1558 sin_server.sin_port = 0;
1559 rc = ipv4_connect(&sin_server,&csocket,volume_info.source_rfc1001_name);
1562 ("Error connecting to IPv4 socket. Aborting operation"));
1564 sock_release(csocket);
1566 kfree(volume_info.UNC);
1567 if(volume_info.password)
1568 kfree(volume_info.password);
1573 srvTcp = kmalloc(sizeof (struct TCP_Server_Info), GFP_KERNEL);
1574 if (srvTcp == NULL) {
1576 sock_release(csocket);
1578 kfree(volume_info.UNC);
1579 if(volume_info.password)
1580 kfree(volume_info.password);
1584 memset(srvTcp, 0, sizeof (struct TCP_Server_Info));
1585 memcpy(&srvTcp->addr.sockAddr, &sin_server, sizeof (struct sockaddr_in));
1586 atomic_set(&srvTcp->inFlight,0);
1587 /* BB Add code for ipv6 case too */
1588 srvTcp->ssocket = csocket;
1589 srvTcp->protocolType = IPV4;
1590 init_waitqueue_head(&srvTcp->response_q);
1591 init_waitqueue_head(&srvTcp->request_q);
1592 INIT_LIST_HEAD(&srvTcp->pending_mid_q);
1593 /* at this point we are the only ones with the pointer
1594 to the struct since the kernel thread not created yet
1595 so no need to spinlock this init of tcpStatus */
1596 srvTcp->tcpStatus = CifsNew;
1597 init_MUTEX(&srvTcp->tcpSem);
1598 rc = (int)kernel_thread((void *)(void *)cifs_demultiplex_thread, srvTcp,
1599 CLONE_FS | CLONE_FILES | CLONE_VM);
1602 sock_release(csocket);
1604 kfree(volume_info.UNC);
1605 if(volume_info.password)
1606 kfree(volume_info.password);
1611 memcpy(srvTcp->workstation_RFC1001_name, volume_info.source_rfc1001_name,16);
1612 srvTcp->sequence_number = 0;
1616 if (existingCifsSes) {
1617 pSesInfo = existingCifsSes;
1618 cFYI(1, ("Existing smb sess found "));
1619 if(volume_info.password)
1620 kfree(volume_info.password);
1621 /* volume_info.UNC freed at end of function */
1623 cFYI(1, ("Existing smb sess not found "));
1624 pSesInfo = sesInfoAlloc();
1625 if (pSesInfo == NULL)
1628 pSesInfo->server = srvTcp;
1629 sprintf(pSesInfo->serverName, "%u.%u.%u.%u",
1630 NIPQUAD(sin_server.sin_addr.s_addr));
1634 /* volume_info.password freed at unmount */
1635 if (volume_info.password)
1636 pSesInfo->password = volume_info.password;
1637 if (volume_info.username)
1638 strncpy(pSesInfo->userName,
1639 volume_info.username,MAX_USERNAME_SIZE);
1640 if (volume_info.domainname)
1641 strncpy(pSesInfo->domainName,
1642 volume_info.domainname,MAX_USERNAME_SIZE);
1643 pSesInfo->linux_uid = volume_info.linux_uid;
1644 down(&pSesInfo->sesSem);
1645 rc = cifs_setup_session(xid,pSesInfo, cifs_sb->local_nls);
1646 up(&pSesInfo->sesSem);
1648 atomic_inc(&srvTcp->socketUseCount);
1650 if(volume_info.password)
1651 kfree(volume_info.password);
1654 /* search for existing tcon to this server share */
1656 if((volume_info.rsize) && (volume_info.rsize <= CIFSMaxBufSize))
1657 cifs_sb->rsize = volume_info.rsize;
1659 cifs_sb->rsize = srvTcp->maxBuf - MAX_CIFS_HDR_SIZE; /* default */
1660 if((volume_info.wsize) && (volume_info.wsize <= CIFSMaxBufSize))
1661 cifs_sb->wsize = volume_info.wsize;
1663 cifs_sb->wsize = CIFSMaxBufSize; /* default */
1664 if(cifs_sb->rsize < PAGE_CACHE_SIZE) {
1665 cifs_sb->rsize = PAGE_CACHE_SIZE;
1666 cERROR(1,("Attempt to set readsize for mount to less than one page (4096)"));
1668 cifs_sb->mnt_uid = volume_info.linux_uid;
1669 cifs_sb->mnt_gid = volume_info.linux_gid;
1670 cifs_sb->mnt_file_mode = volume_info.file_mode;
1671 cifs_sb->mnt_dir_mode = volume_info.dir_mode;
1672 cFYI(1,("file mode: 0x%x dir mode: 0x%x",cifs_sb->mnt_file_mode,cifs_sb->mnt_dir_mode));
1674 if(volume_info.noperm)
1675 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
1676 if(volume_info.setuids)
1677 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
1678 if(volume_info.server_ino)
1679 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
1680 if(volume_info.remap)
1681 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
1682 if(volume_info.no_xattr)
1683 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
1684 if(volume_info.direct_io) {
1685 cERROR(1,("mounting share using direct i/o"));
1686 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
1690 find_unc(sin_server.sin_addr.s_addr, volume_info.UNC,
1691 volume_info.username);
1693 cFYI(1, ("Found match on UNC path "));
1694 /* we can have only one retry value for a connection
1695 to a share so for resources mounted more than once
1696 to the same server share the last value passed in
1697 for the retry flag is used */
1698 tcon->retry = volume_info.retry;
1700 tcon = tconInfoAlloc();
1704 /* check for null share name ie connect to dfs root */
1706 /* BB check if this works for exactly length three strings */
1707 if ((strchr(volume_info.UNC + 3, '\\') == NULL)
1708 && (strchr(volume_info.UNC + 3, '/') ==
1710 rc = connect_to_dfs_path(xid, pSesInfo,
1711 "", cifs_sb->local_nls,
1712 cifs_sb->mnt_cifs_flags &
1713 CIFS_MOUNT_MAP_SPECIAL_CHR);
1715 kfree(volume_info.UNC);
1719 rc = CIFSTCon(xid, pSesInfo,
1721 tcon, cifs_sb->local_nls);
1722 cFYI(1, ("CIFS Tcon rc = %d", rc));
1725 atomic_inc(&pSesInfo->inUse);
1726 tcon->retry = volume_info.retry;
1732 if (pSesInfo->capabilities & CAP_LARGE_FILES) {
1733 sb->s_maxbytes = (u64) 1 << 63;
1735 sb->s_maxbytes = (u64) 1 << 31; /* 2 GB */
1738 sb->s_time_gran = 100;
1740 /* on error free sesinfo and tcon struct if needed */
1742 /* if session setup failed, use count is zero but
1743 we still need to free cifsd thread */
1744 if(atomic_read(&srvTcp->socketUseCount) == 0) {
1745 spin_lock(&GlobalMid_Lock);
1746 srvTcp->tcpStatus = CifsExiting;
1747 spin_unlock(&GlobalMid_Lock);
1749 send_sig(SIGKILL,srvTcp->tsk,1);
1751 /* If find_unc succeeded then rc == 0 so we can not end */
1752 if (tcon) /* up accidently freeing someone elses tcon struct */
1754 if (existingCifsSes == NULL) {
1756 if ((pSesInfo->server) &&
1757 (pSesInfo->status == CifsGood)) {
1759 temp_rc = CIFSSMBLogoff(xid, pSesInfo);
1760 /* if the socketUseCount is now zero */
1761 if((temp_rc == -ESHUTDOWN) &&
1762 (pSesInfo->server->tsk))
1763 send_sig(SIGKILL,pSesInfo->server->tsk,1);
1765 cFYI(1, ("No session or bad tcon"));
1766 sesInfoFree(pSesInfo);
1767 /* pSesInfo = NULL; */
1771 atomic_inc(&tcon->useCount);
1772 cifs_sb->tcon = tcon;
1773 tcon->ses = pSesInfo;
1775 /* do not care if following two calls succeed - informational only */
1776 CIFSSMBQFSDeviceInfo(xid, tcon);
1777 CIFSSMBQFSAttributeInfo(xid, tcon);
1778 if (tcon->ses->capabilities & CAP_UNIX) {
1779 if(!CIFSSMBQFSUnixInfo(xid, tcon)) {
1780 if(!volume_info.no_psx_acl) {
1781 if(CIFS_UNIX_POSIX_ACL_CAP &
1782 le64_to_cpu(tcon->fsUnixInfo.Capability))
1783 cFYI(1,("server negotiated posix acl support"));
1784 sb->s_flags |= MS_POSIXACL;
1790 /* volume_info.password is freed above when existing session found
1791 (in which case it is not needed anymore) but when new sesion is created
1792 the password ptr is put in the new session structure (in which case the
1793 password will be freed at unmount time) */
1795 kfree(volume_info.UNC);
1801 CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
1802 char session_key[CIFS_SESSION_KEY_SIZE],
1803 const struct nls_table *nls_codepage)
1805 struct smb_hdr *smb_buffer;
1806 struct smb_hdr *smb_buffer_response;
1807 SESSION_SETUP_ANDX *pSMB;
1808 SESSION_SETUP_ANDX *pSMBr;
1813 int remaining_words = 0;
1814 int bytes_returned = 0;
1819 cFYI(1, ("In sesssetup "));
1822 user = ses->userName;
1823 domain = ses->domainName;
1824 smb_buffer = cifs_buf_get();
1825 if (smb_buffer == NULL) {
1828 smb_buffer_response = smb_buffer;
1829 pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
1831 /* send SMBsessionSetup here */
1832 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
1833 NULL /* no tCon exists yet */ , 13 /* wct */ );
1835 pSMB->req_no_secext.AndXCommand = 0xFF;
1836 pSMB->req_no_secext.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
1837 pSMB->req_no_secext.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
1839 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
1840 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
1842 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
1843 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
1844 if (ses->capabilities & CAP_UNICODE) {
1845 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
1846 capabilities |= CAP_UNICODE;
1848 if (ses->capabilities & CAP_STATUS32) {
1849 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
1850 capabilities |= CAP_STATUS32;
1852 if (ses->capabilities & CAP_DFS) {
1853 smb_buffer->Flags2 |= SMBFLG2_DFS;
1854 capabilities |= CAP_DFS;
1856 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
1858 pSMB->req_no_secext.CaseInsensitivePasswordLength =
1859 cpu_to_le16(CIFS_SESSION_KEY_SIZE);
1861 pSMB->req_no_secext.CaseSensitivePasswordLength =
1862 cpu_to_le16(CIFS_SESSION_KEY_SIZE);
1863 bcc_ptr = pByteArea(smb_buffer);
1864 memcpy(bcc_ptr, (char *) session_key, CIFS_SESSION_KEY_SIZE);
1865 bcc_ptr += CIFS_SESSION_KEY_SIZE;
1866 memcpy(bcc_ptr, (char *) session_key, CIFS_SESSION_KEY_SIZE);
1867 bcc_ptr += CIFS_SESSION_KEY_SIZE;
1869 if (ses->capabilities & CAP_UNICODE) {
1870 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode */
1875 bytes_returned = 0; /* skill null user */
1878 cifs_strtoUCS((wchar_t *) bcc_ptr, user, 100,
1880 /* convert number of 16 bit words to bytes */
1881 bcc_ptr += 2 * bytes_returned;
1882 bcc_ptr += 2; /* trailing null */
1885 cifs_strtoUCS((wchar_t *) bcc_ptr,
1886 "CIFS_LINUX_DOM", 32, nls_codepage);
1889 cifs_strtoUCS((wchar_t *) bcc_ptr, domain, 64,
1891 bcc_ptr += 2 * bytes_returned;
1894 cifs_strtoUCS((wchar_t *) bcc_ptr, "Linux version ",
1896 bcc_ptr += 2 * bytes_returned;
1898 cifs_strtoUCS((wchar_t *) bcc_ptr, system_utsname.release,
1900 bcc_ptr += 2 * bytes_returned;
1903 cifs_strtoUCS((wchar_t *) bcc_ptr, CIFS_NETWORK_OPSYS,
1905 bcc_ptr += 2 * bytes_returned;
1909 strncpy(bcc_ptr, user, 200);
1910 bcc_ptr += strnlen(user, 200);
1914 if (domain == NULL) {
1915 strcpy(bcc_ptr, "CIFS_LINUX_DOM");
1916 bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
1918 strncpy(bcc_ptr, domain, 64);
1919 bcc_ptr += strnlen(domain, 64);
1923 strcpy(bcc_ptr, "Linux version ");
1924 bcc_ptr += strlen("Linux version ");
1925 strcpy(bcc_ptr, system_utsname.release);
1926 bcc_ptr += strlen(system_utsname.release) + 1;
1927 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
1928 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
1930 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
1931 smb_buffer->smb_buf_length += count;
1932 pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
1934 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
1935 &bytes_returned, 1);
1937 /* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
1938 } else if ((smb_buffer_response->WordCount == 3)
1939 || (smb_buffer_response->WordCount == 4)) {
1940 __u16 action = le16_to_cpu(pSMBr->resp.Action);
1941 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
1942 if (action & GUEST_LOGIN)
1943 cFYI(1, (" Guest login")); /* do we want to mark SesInfo struct ? */
1944 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format (le) */
1945 cFYI(1, ("UID = %d ", ses->Suid));
1946 /* response can have either 3 or 4 word count - Samba sends 3 */
1947 bcc_ptr = pByteArea(smb_buffer_response);
1948 if ((pSMBr->resp.hdr.WordCount == 3)
1949 || ((pSMBr->resp.hdr.WordCount == 4)
1950 && (blob_len < pSMBr->resp.ByteCount))) {
1951 if (pSMBr->resp.hdr.WordCount == 4)
1952 bcc_ptr += blob_len;
1954 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
1955 if ((long) (bcc_ptr) % 2) {
1957 (BCC(smb_buffer_response) - 1) /2;
1958 bcc_ptr++; /* Unicode strings must be word aligned */
1961 BCC(smb_buffer_response) / 2;
1964 UniStrnlen((wchar_t *) bcc_ptr,
1965 remaining_words - 1);
1966 /* We look for obvious messed up bcc or strings in response so we do not go off
1967 the end since (at least) WIN2K and Windows XP have a major bug in not null
1968 terminating last Unicode string in response */
1969 ses->serverOS = kzalloc(2 * (len + 1), GFP_KERNEL);
1970 if(ses->serverOS == NULL)
1971 goto sesssetup_nomem;
1972 cifs_strfromUCS_le(ses->serverOS,
1973 (wchar_t *)bcc_ptr, len,nls_codepage);
1974 bcc_ptr += 2 * (len + 1);
1975 remaining_words -= len + 1;
1976 ses->serverOS[2 * len] = 0;
1977 ses->serverOS[1 + (2 * len)] = 0;
1978 if (remaining_words > 0) {
1979 len = UniStrnlen((wchar_t *)bcc_ptr,
1981 ses->serverNOS = kzalloc(2 * (len + 1),GFP_KERNEL);
1982 if(ses->serverNOS == NULL)
1983 goto sesssetup_nomem;
1984 cifs_strfromUCS_le(ses->serverNOS,
1985 (wchar_t *)bcc_ptr,len,nls_codepage);
1986 bcc_ptr += 2 * (len + 1);
1987 ses->serverNOS[2 * len] = 0;
1988 ses->serverNOS[1 + (2 * len)] = 0;
1989 if(strncmp(ses->serverNOS,
1990 "NT LAN Manager 4",16) == 0) {
1991 cFYI(1,("NT4 server"));
1992 ses->flags |= CIFS_SES_NT4;
1994 remaining_words -= len + 1;
1995 if (remaining_words > 0) {
1996 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
1997 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
1999 kzalloc(2*(len+1),GFP_KERNEL);
2000 if(ses->serverDomain == NULL)
2001 goto sesssetup_nomem;
2002 cifs_strfromUCS_le(ses->serverDomain,
2003 (wchar_t *)bcc_ptr,len,nls_codepage);
2004 bcc_ptr += 2 * (len + 1);
2005 ses->serverDomain[2*len] = 0;
2006 ses->serverDomain[1+(2*len)] = 0;
2007 } /* else no more room so create dummy domain string */
2010 kzalloc(2, GFP_KERNEL);
2011 } else { /* no room so create dummy domain and NOS string */
2012 /* if these kcallocs fail not much we
2013 can do, but better to not fail the
2016 kzalloc(2, GFP_KERNEL);
2018 kzalloc(2, GFP_KERNEL);
2020 } else { /* ASCII */
2021 len = strnlen(bcc_ptr, 1024);
2022 if (((long) bcc_ptr + len) - (long)
2023 pByteArea(smb_buffer_response)
2024 <= BCC(smb_buffer_response)) {
2025 ses->serverOS = kzalloc(len + 1,GFP_KERNEL);
2026 if(ses->serverOS == NULL)
2027 goto sesssetup_nomem;
2028 strncpy(ses->serverOS,bcc_ptr, len);
2031 bcc_ptr[0] = 0; /* null terminate the string */
2034 len = strnlen(bcc_ptr, 1024);
2035 ses->serverNOS = kzalloc(len + 1,GFP_KERNEL);
2036 if(ses->serverNOS == NULL)
2037 goto sesssetup_nomem;
2038 strncpy(ses->serverNOS, bcc_ptr, len);
2043 len = strnlen(bcc_ptr, 1024);
2044 ses->serverDomain = kzalloc(len + 1,GFP_KERNEL);
2045 if(ses->serverDomain == NULL)
2046 goto sesssetup_nomem;
2047 strncpy(ses->serverDomain, bcc_ptr, len);
2053 ("Variable field of length %d extends beyond end of smb ",
2058 (" Security Blob Length extends beyond end of SMB"));
2062 (" Invalid Word count %d: ",
2063 smb_buffer_response->WordCount));
2066 sesssetup_nomem: /* do not return an error on nomem for the info strings,
2067 since that could make reconnection harder, and
2068 reconnection might be needed to free memory */
2070 cifs_buf_release(smb_buffer);
2076 CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2077 char *SecurityBlob,int SecurityBlobLength,
2078 const struct nls_table *nls_codepage)
2080 struct smb_hdr *smb_buffer;
2081 struct smb_hdr *smb_buffer_response;
2082 SESSION_SETUP_ANDX *pSMB;
2083 SESSION_SETUP_ANDX *pSMBr;
2088 int remaining_words = 0;
2089 int bytes_returned = 0;
2094 cFYI(1, ("In spnego sesssetup "));
2097 user = ses->userName;
2098 domain = ses->domainName;
2100 smb_buffer = cifs_buf_get();
2101 if (smb_buffer == NULL) {
2104 smb_buffer_response = smb_buffer;
2105 pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2107 /* send SMBsessionSetup here */
2108 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2109 NULL /* no tCon exists yet */ , 12 /* wct */ );
2110 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2111 pSMB->req.AndXCommand = 0xFF;
2112 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2113 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2115 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2116 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2118 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2119 CAP_EXTENDED_SECURITY;
2120 if (ses->capabilities & CAP_UNICODE) {
2121 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2122 capabilities |= CAP_UNICODE;
2124 if (ses->capabilities & CAP_STATUS32) {
2125 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2126 capabilities |= CAP_STATUS32;
2128 if (ses->capabilities & CAP_DFS) {
2129 smb_buffer->Flags2 |= SMBFLG2_DFS;
2130 capabilities |= CAP_DFS;
2132 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2134 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2135 bcc_ptr = pByteArea(smb_buffer);
2136 memcpy(bcc_ptr, SecurityBlob, SecurityBlobLength);
2137 bcc_ptr += SecurityBlobLength;
2139 if (ses->capabilities & CAP_UNICODE) {
2140 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode strings */
2145 cifs_strtoUCS((wchar_t *) bcc_ptr, user, 100, nls_codepage);
2146 bcc_ptr += 2 * bytes_returned; /* convert num of 16 bit words to bytes */
2147 bcc_ptr += 2; /* trailing null */
2150 cifs_strtoUCS((wchar_t *) bcc_ptr,
2151 "CIFS_LINUX_DOM", 32, nls_codepage);
2154 cifs_strtoUCS((wchar_t *) bcc_ptr, domain, 64,
2156 bcc_ptr += 2 * bytes_returned;
2159 cifs_strtoUCS((wchar_t *) bcc_ptr, "Linux version ",
2161 bcc_ptr += 2 * bytes_returned;
2163 cifs_strtoUCS((wchar_t *) bcc_ptr, system_utsname.release, 32,
2165 bcc_ptr += 2 * bytes_returned;
2168 cifs_strtoUCS((wchar_t *) bcc_ptr, CIFS_NETWORK_OPSYS,
2170 bcc_ptr += 2 * bytes_returned;
2173 strncpy(bcc_ptr, user, 200);
2174 bcc_ptr += strnlen(user, 200);
2177 if (domain == NULL) {
2178 strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2179 bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2181 strncpy(bcc_ptr, domain, 64);
2182 bcc_ptr += strnlen(domain, 64);
2186 strcpy(bcc_ptr, "Linux version ");
2187 bcc_ptr += strlen("Linux version ");
2188 strcpy(bcc_ptr, system_utsname.release);
2189 bcc_ptr += strlen(system_utsname.release) + 1;
2190 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2191 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2193 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2194 smb_buffer->smb_buf_length += count;
2195 pSMB->req.ByteCount = cpu_to_le16(count);
2197 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2198 &bytes_returned, 1);
2200 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2201 } else if ((smb_buffer_response->WordCount == 3)
2202 || (smb_buffer_response->WordCount == 4)) {
2203 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2205 le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2206 if (action & GUEST_LOGIN)
2207 cFYI(1, (" Guest login")); /* BB do we want to set anything in SesInfo struct ? */
2209 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format (le) */
2210 cFYI(1, ("UID = %d ", ses->Suid));
2211 bcc_ptr = pByteArea(smb_buffer_response); /* response can have either 3 or 4 word count - Samba sends 3 */
2213 /* BB Fix below to make endian neutral !! */
2215 if ((pSMBr->resp.hdr.WordCount == 3)
2216 || ((pSMBr->resp.hdr.WordCount == 4)
2218 pSMBr->resp.ByteCount))) {
2219 if (pSMBr->resp.hdr.WordCount == 4) {
2223 ("Security Blob Length %d ",
2227 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2228 if ((long) (bcc_ptr) % 2) {
2230 (BCC(smb_buffer_response)
2232 bcc_ptr++; /* Unicode strings must be word aligned */
2236 (smb_buffer_response) / 2;
2239 UniStrnlen((wchar_t *) bcc_ptr,
2240 remaining_words - 1);
2241 /* We look for obvious messed up bcc or strings in response so we do not go off
2242 the end since (at least) WIN2K and Windows XP have a major bug in not null
2243 terminating last Unicode string in response */
2245 kzalloc(2 * (len + 1), GFP_KERNEL);
2246 cifs_strfromUCS_le(ses->serverOS,
2250 bcc_ptr += 2 * (len + 1);
2251 remaining_words -= len + 1;
2252 ses->serverOS[2 * len] = 0;
2253 ses->serverOS[1 + (2 * len)] = 0;
2254 if (remaining_words > 0) {
2255 len = UniStrnlen((wchar_t *)bcc_ptr,
2259 kzalloc(2 * (len + 1),
2261 cifs_strfromUCS_le(ses->serverNOS,
2265 bcc_ptr += 2 * (len + 1);
2266 ses->serverNOS[2 * len] = 0;
2267 ses->serverNOS[1 + (2 * len)] = 0;
2268 remaining_words -= len + 1;
2269 if (remaining_words > 0) {
2270 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2271 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2272 ses->serverDomain = kzalloc(2*(len+1),GFP_KERNEL);
2273 cifs_strfromUCS_le(ses->serverDomain,
2277 bcc_ptr += 2*(len+1);
2278 ses->serverDomain[2*len] = 0;
2279 ses->serverDomain[1+(2*len)] = 0;
2280 } /* else no more room so create dummy domain string */
2283 kzalloc(2,GFP_KERNEL);
2284 } else { /* no room so create dummy domain and NOS string */
2285 ses->serverDomain = kzalloc(2, GFP_KERNEL);
2286 ses->serverNOS = kzalloc(2, GFP_KERNEL);
2288 } else { /* ASCII */
2290 len = strnlen(bcc_ptr, 1024);
2291 if (((long) bcc_ptr + len) - (long)
2292 pByteArea(smb_buffer_response)
2293 <= BCC(smb_buffer_response)) {
2294 ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
2295 strncpy(ses->serverOS, bcc_ptr, len);
2298 bcc_ptr[0] = 0; /* null terminate the string */
2301 len = strnlen(bcc_ptr, 1024);
2302 ses->serverNOS = kzalloc(len + 1,GFP_KERNEL);
2303 strncpy(ses->serverNOS, bcc_ptr, len);
2308 len = strnlen(bcc_ptr, 1024);
2309 ses->serverDomain = kzalloc(len + 1, GFP_KERNEL);
2310 strncpy(ses->serverDomain, bcc_ptr, len);
2316 ("Variable field of length %d extends beyond end of smb ",
2321 (" Security Blob Length extends beyond end of SMB"));
2324 cERROR(1, ("No session structure passed in."));
2328 (" Invalid Word count %d: ",
2329 smb_buffer_response->WordCount));
2334 cifs_buf_release(smb_buffer);
2340 CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2341 struct cifsSesInfo *ses, int * pNTLMv2_flag,
2342 const struct nls_table *nls_codepage)
2344 struct smb_hdr *smb_buffer;
2345 struct smb_hdr *smb_buffer_response;
2346 SESSION_SETUP_ANDX *pSMB;
2347 SESSION_SETUP_ANDX *pSMBr;
2351 int remaining_words = 0;
2352 int bytes_returned = 0;
2354 int SecurityBlobLength = sizeof (NEGOTIATE_MESSAGE);
2355 PNEGOTIATE_MESSAGE SecurityBlob;
2356 PCHALLENGE_MESSAGE SecurityBlob2;
2357 __u32 negotiate_flags, capabilities;
2360 cFYI(1, ("In NTLMSSP sesssetup (negotiate) "));
2363 domain = ses->domainName;
2364 *pNTLMv2_flag = FALSE;
2365 smb_buffer = cifs_buf_get();
2366 if (smb_buffer == NULL) {
2369 smb_buffer_response = smb_buffer;
2370 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2371 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2373 /* send SMBsessionSetup here */
2374 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2375 NULL /* no tCon exists yet */ , 12 /* wct */ );
2376 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2377 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2379 pSMB->req.AndXCommand = 0xFF;
2380 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2381 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2383 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2384 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2386 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2387 CAP_EXTENDED_SECURITY;
2388 if (ses->capabilities & CAP_UNICODE) {
2389 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2390 capabilities |= CAP_UNICODE;
2392 if (ses->capabilities & CAP_STATUS32) {
2393 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2394 capabilities |= CAP_STATUS32;
2396 if (ses->capabilities & CAP_DFS) {
2397 smb_buffer->Flags2 |= SMBFLG2_DFS;
2398 capabilities |= CAP_DFS;
2400 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2402 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2403 SecurityBlob = (PNEGOTIATE_MESSAGE) bcc_ptr;
2404 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2405 SecurityBlob->MessageType = NtLmNegotiate;
2407 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
2408 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM | 0x80000000 |
2409 /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
2411 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
2413 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
2414 /* setup pointers to domain name and workstation name */
2415 bcc_ptr += SecurityBlobLength;
2417 SecurityBlob->WorkstationName.Buffer = 0;
2418 SecurityBlob->WorkstationName.Length = 0;
2419 SecurityBlob->WorkstationName.MaximumLength = 0;
2421 if (domain == NULL) {
2422 SecurityBlob->DomainName.Buffer = 0;
2423 SecurityBlob->DomainName.Length = 0;
2424 SecurityBlob->DomainName.MaximumLength = 0;
2427 negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
2428 strncpy(bcc_ptr, domain, 63);
2429 len = strnlen(domain, 64);
2430 SecurityBlob->DomainName.MaximumLength =
2432 SecurityBlob->DomainName.Buffer =
2433 cpu_to_le32((long) &SecurityBlob->
2435 (long) &SecurityBlob->Signature);
2437 SecurityBlobLength += len;
2438 SecurityBlob->DomainName.Length =
2441 if (ses->capabilities & CAP_UNICODE) {
2442 if ((long) bcc_ptr % 2) {
2448 cifs_strtoUCS((wchar_t *) bcc_ptr, "Linux version ",
2450 bcc_ptr += 2 * bytes_returned;
2452 cifs_strtoUCS((wchar_t *) bcc_ptr, system_utsname.release, 32,
2454 bcc_ptr += 2 * bytes_returned;
2455 bcc_ptr += 2; /* null terminate Linux version */
2457 cifs_strtoUCS((wchar_t *) bcc_ptr, CIFS_NETWORK_OPSYS,
2459 bcc_ptr += 2 * bytes_returned;
2462 bcc_ptr += 2; /* null terminate network opsys string */
2465 bcc_ptr += 2; /* null domain */
2466 } else { /* ASCII */
2467 strcpy(bcc_ptr, "Linux version ");
2468 bcc_ptr += strlen("Linux version ");
2469 strcpy(bcc_ptr, system_utsname.release);
2470 bcc_ptr += strlen(system_utsname.release) + 1;
2471 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2472 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2473 bcc_ptr++; /* empty domain field */
2476 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2477 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2478 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2479 smb_buffer->smb_buf_length += count;
2480 pSMB->req.ByteCount = cpu_to_le16(count);
2482 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2483 &bytes_returned, 1);
2485 if (smb_buffer_response->Status.CifsError ==
2486 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
2490 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2491 } else if ((smb_buffer_response->WordCount == 3)
2492 || (smb_buffer_response->WordCount == 4)) {
2493 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2494 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2496 if (action & GUEST_LOGIN)
2497 cFYI(1, (" Guest login"));
2498 /* Do we want to set anything in SesInfo struct when guest login? */
2500 bcc_ptr = pByteArea(smb_buffer_response);
2501 /* response can have either 3 or 4 word count - Samba sends 3 */
2503 SecurityBlob2 = (PCHALLENGE_MESSAGE) bcc_ptr;
2504 if (SecurityBlob2->MessageType != NtLmChallenge) {
2506 ("Unexpected NTLMSSP message type received %d",
2507 SecurityBlob2->MessageType));
2509 ses->Suid = smb_buffer_response->Uid; /* UID left in le format */
2510 cFYI(1, ("UID = %d ", ses->Suid));
2511 if ((pSMBr->resp.hdr.WordCount == 3)
2512 || ((pSMBr->resp.hdr.WordCount == 4)
2514 pSMBr->resp.ByteCount))) {
2516 if (pSMBr->resp.hdr.WordCount == 4) {
2517 bcc_ptr += blob_len;
2519 ("Security Blob Length %d ",
2523 cFYI(1, ("NTLMSSP Challenge rcvd "));
2525 memcpy(ses->server->cryptKey,
2526 SecurityBlob2->Challenge,
2527 CIFS_CRYPTO_KEY_SIZE);
2528 if(SecurityBlob2->NegotiateFlags & cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
2529 *pNTLMv2_flag = TRUE;
2531 if((SecurityBlob2->NegotiateFlags &
2532 cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN))
2533 || (sign_CIFS_PDUs > 1))
2534 ses->server->secMode |=
2535 SECMODE_SIGN_REQUIRED;
2536 if ((SecurityBlob2->NegotiateFlags &
2537 cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN)) && (sign_CIFS_PDUs))
2538 ses->server->secMode |=
2539 SECMODE_SIGN_ENABLED;
2541 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2542 if ((long) (bcc_ptr) % 2) {
2544 (BCC(smb_buffer_response)
2546 bcc_ptr++; /* Unicode strings must be word aligned */
2550 (smb_buffer_response) / 2;
2553 UniStrnlen((wchar_t *) bcc_ptr,
2554 remaining_words - 1);
2555 /* We look for obvious messed up bcc or strings in response so we do not go off
2556 the end since (at least) WIN2K and Windows XP have a major bug in not null
2557 terminating last Unicode string in response */
2559 kzalloc(2 * (len + 1), GFP_KERNEL);
2560 cifs_strfromUCS_le(ses->serverOS,
2564 bcc_ptr += 2 * (len + 1);
2565 remaining_words -= len + 1;
2566 ses->serverOS[2 * len] = 0;
2567 ses->serverOS[1 + (2 * len)] = 0;
2568 if (remaining_words > 0) {
2569 len = UniStrnlen((wchar_t *)
2574 kzalloc(2 * (len + 1),
2576 cifs_strfromUCS_le(ses->
2582 bcc_ptr += 2 * (len + 1);
2583 ses->serverNOS[2 * len] = 0;
2586 remaining_words -= len + 1;
2587 if (remaining_words > 0) {
2588 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2589 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2614 } /* else no more room so create dummy domain string */
2619 } else { /* no room so create dummy domain and NOS string */
2621 kzalloc(2, GFP_KERNEL);
2623 kzalloc(2, GFP_KERNEL);
2625 } else { /* ASCII */
2626 len = strnlen(bcc_ptr, 1024);
2627 if (((long) bcc_ptr + len) - (long)
2628 pByteArea(smb_buffer_response)
2629 <= BCC(smb_buffer_response)) {
2633 strncpy(ses->serverOS,
2637 bcc_ptr[0] = 0; /* null terminate string */
2640 len = strnlen(bcc_ptr, 1024);
2644 strncpy(ses->serverNOS, bcc_ptr, len);
2649 len = strnlen(bcc_ptr, 1024);
2653 strncpy(ses->serverDomain, bcc_ptr, len);
2659 ("Variable field of length %d extends beyond end of smb ",
2664 (" Security Blob Length extends beyond end of SMB"));
2667 cERROR(1, ("No session structure passed in."));
2671 (" Invalid Word count %d: ",
2672 smb_buffer_response->WordCount));
2677 cifs_buf_release(smb_buffer);
2682 CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2683 char *ntlm_session_key, int ntlmv2_flag,
2684 const struct nls_table *nls_codepage)
2686 struct smb_hdr *smb_buffer;
2687 struct smb_hdr *smb_buffer_response;
2688 SESSION_SETUP_ANDX *pSMB;
2689 SESSION_SETUP_ANDX *pSMBr;
2694 int remaining_words = 0;
2695 int bytes_returned = 0;
2697 int SecurityBlobLength = sizeof (AUTHENTICATE_MESSAGE);
2698 PAUTHENTICATE_MESSAGE SecurityBlob;
2699 __u32 negotiate_flags, capabilities;
2702 cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
2705 user = ses->userName;
2706 domain = ses->domainName;
2707 smb_buffer = cifs_buf_get();
2708 if (smb_buffer == NULL) {
2711 smb_buffer_response = smb_buffer;
2712 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2713 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2715 /* send SMBsessionSetup here */
2716 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2717 NULL /* no tCon exists yet */ , 12 /* wct */ );
2718 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2719 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2720 pSMB->req.AndXCommand = 0xFF;
2721 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2722 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2724 pSMB->req.hdr.Uid = ses->Suid;
2726 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2727 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2729 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2730 CAP_EXTENDED_SECURITY;
2731 if (ses->capabilities & CAP_UNICODE) {
2732 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2733 capabilities |= CAP_UNICODE;
2735 if (ses->capabilities & CAP_STATUS32) {
2736 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2737 capabilities |= CAP_STATUS32;
2739 if (ses->capabilities & CAP_DFS) {
2740 smb_buffer->Flags2 |= SMBFLG2_DFS;
2741 capabilities |= CAP_DFS;
2743 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2745 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2746 SecurityBlob = (PAUTHENTICATE_MESSAGE) bcc_ptr;
2747 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2748 SecurityBlob->MessageType = NtLmAuthenticate;
2749 bcc_ptr += SecurityBlobLength;
2751 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
2752 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
2753 0x80000000 | NTLMSSP_NEGOTIATE_128;
2755 negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
2757 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
2759 /* setup pointers to domain name and workstation name */
2761 SecurityBlob->WorkstationName.Buffer = 0;
2762 SecurityBlob->WorkstationName.Length = 0;
2763 SecurityBlob->WorkstationName.MaximumLength = 0;
2764 SecurityBlob->SessionKey.Length = 0;
2765 SecurityBlob->SessionKey.MaximumLength = 0;
2766 SecurityBlob->SessionKey.Buffer = 0;
2768 SecurityBlob->LmChallengeResponse.Length = 0;
2769 SecurityBlob->LmChallengeResponse.MaximumLength = 0;
2770 SecurityBlob->LmChallengeResponse.Buffer = 0;
2772 SecurityBlob->NtChallengeResponse.Length =
2773 cpu_to_le16(CIFS_SESSION_KEY_SIZE);
2774 SecurityBlob->NtChallengeResponse.MaximumLength =
2775 cpu_to_le16(CIFS_SESSION_KEY_SIZE);
2776 memcpy(bcc_ptr, ntlm_session_key, CIFS_SESSION_KEY_SIZE);
2777 SecurityBlob->NtChallengeResponse.Buffer =
2778 cpu_to_le32(SecurityBlobLength);
2779 SecurityBlobLength += CIFS_SESSION_KEY_SIZE;
2780 bcc_ptr += CIFS_SESSION_KEY_SIZE;
2782 if (ses->capabilities & CAP_UNICODE) {
2783 if (domain == NULL) {
2784 SecurityBlob->DomainName.Buffer = 0;
2785 SecurityBlob->DomainName.Length = 0;
2786 SecurityBlob->DomainName.MaximumLength = 0;
2789 cifs_strtoUCS((wchar_t *) bcc_ptr, domain, 64,
2792 SecurityBlob->DomainName.MaximumLength =
2794 SecurityBlob->DomainName.Buffer =
2795 cpu_to_le32(SecurityBlobLength);
2797 SecurityBlobLength += len;
2798 SecurityBlob->DomainName.Length =
2802 SecurityBlob->UserName.Buffer = 0;
2803 SecurityBlob->UserName.Length = 0;
2804 SecurityBlob->UserName.MaximumLength = 0;
2807 cifs_strtoUCS((wchar_t *) bcc_ptr, user, 64,
2810 SecurityBlob->UserName.MaximumLength =
2812 SecurityBlob->UserName.Buffer =
2813 cpu_to_le32(SecurityBlobLength);
2815 SecurityBlobLength += len;
2816 SecurityBlob->UserName.Length =
2820 /* SecurityBlob->WorkstationName.Length = cifs_strtoUCS((wchar_t *) bcc_ptr, "AMACHINE",64, nls_codepage);
2821 SecurityBlob->WorkstationName.Length *= 2;
2822 SecurityBlob->WorkstationName.MaximumLength = cpu_to_le16(SecurityBlob->WorkstationName.Length);
2823 SecurityBlob->WorkstationName.Buffer = cpu_to_le32(SecurityBlobLength);
2824 bcc_ptr += SecurityBlob->WorkstationName.Length;
2825 SecurityBlobLength += SecurityBlob->WorkstationName.Length;
2826 SecurityBlob->WorkstationName.Length = cpu_to_le16(SecurityBlob->WorkstationName.Length); */
2828 if ((long) bcc_ptr % 2) {
2833 cifs_strtoUCS((wchar_t *) bcc_ptr, "Linux version ",
2835 bcc_ptr += 2 * bytes_returned;
2837 cifs_strtoUCS((wchar_t *) bcc_ptr, system_utsname.release, 32,
2839 bcc_ptr += 2 * bytes_returned;
2840 bcc_ptr += 2; /* null term version string */
2842 cifs_strtoUCS((wchar_t *) bcc_ptr, CIFS_NETWORK_OPSYS,
2844 bcc_ptr += 2 * bytes_returned;
2847 bcc_ptr += 2; /* null terminate network opsys string */
2850 bcc_ptr += 2; /* null domain */
2851 } else { /* ASCII */
2852 if (domain == NULL) {
2853 SecurityBlob->DomainName.Buffer = 0;
2854 SecurityBlob->DomainName.Length = 0;
2855 SecurityBlob->DomainName.MaximumLength = 0;
2858 negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
2859 strncpy(bcc_ptr, domain, 63);
2860 len = strnlen(domain, 64);
2861 SecurityBlob->DomainName.MaximumLength =
2863 SecurityBlob->DomainName.Buffer =
2864 cpu_to_le32(SecurityBlobLength);
2866 SecurityBlobLength += len;
2867 SecurityBlob->DomainName.Length = cpu_to_le16(len);
2870 SecurityBlob->UserName.Buffer = 0;
2871 SecurityBlob->UserName.Length = 0;
2872 SecurityBlob->UserName.MaximumLength = 0;
2875 strncpy(bcc_ptr, user, 63);
2876 len = strnlen(user, 64);
2877 SecurityBlob->UserName.MaximumLength =
2879 SecurityBlob->UserName.Buffer =
2880 cpu_to_le32(SecurityBlobLength);
2882 SecurityBlobLength += len;
2883 SecurityBlob->UserName.Length = cpu_to_le16(len);
2885 /* BB fill in our workstation name if known BB */
2887 strcpy(bcc_ptr, "Linux version ");
2888 bcc_ptr += strlen("Linux version ");
2889 strcpy(bcc_ptr, system_utsname.release);
2890 bcc_ptr += strlen(system_utsname.release) + 1;
2891 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2892 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2893 bcc_ptr++; /* null domain */
2896 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2897 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2898 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2899 smb_buffer->smb_buf_length += count;
2900 pSMB->req.ByteCount = cpu_to_le16(count);
2902 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2903 &bytes_returned, 1);
2905 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2906 } else if ((smb_buffer_response->WordCount == 3)
2907 || (smb_buffer_response->WordCount == 4)) {
2908 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2910 le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2911 if (action & GUEST_LOGIN)
2912 cFYI(1, (" Guest login")); /* BB do we want to set anything in SesInfo struct ? */
2913 /* if(SecurityBlob2->MessageType != NtLm??){
2914 cFYI("Unexpected message type on auth response is %d "));
2918 ("Does UID on challenge %d match auth response UID %d ",
2919 ses->Suid, smb_buffer_response->Uid));
2920 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format */
2921 bcc_ptr = pByteArea(smb_buffer_response);
2922 /* response can have either 3 or 4 word count - Samba sends 3 */
2923 if ((pSMBr->resp.hdr.WordCount == 3)
2924 || ((pSMBr->resp.hdr.WordCount == 4)
2926 pSMBr->resp.ByteCount))) {
2927 if (pSMBr->resp.hdr.WordCount == 4) {
2931 ("Security Blob Length %d ",
2936 ("NTLMSSP response to Authenticate "));
2938 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2939 if ((long) (bcc_ptr) % 2) {
2941 (BCC(smb_buffer_response)
2943 bcc_ptr++; /* Unicode strings must be word aligned */
2945 remaining_words = BCC(smb_buffer_response) / 2;
2948 UniStrnlen((wchar_t *) bcc_ptr,remaining_words - 1);
2949 /* We look for obvious messed up bcc or strings in response so we do not go off
2950 the end since (at least) WIN2K and Windows XP have a major bug in not null
2951 terminating last Unicode string in response */
2953 kzalloc(2 * (len + 1), GFP_KERNEL);
2954 cifs_strfromUCS_le(ses->serverOS,
2958 bcc_ptr += 2 * (len + 1);
2959 remaining_words -= len + 1;
2960 ses->serverOS[2 * len] = 0;
2961 ses->serverOS[1 + (2 * len)] = 0;
2962 if (remaining_words > 0) {
2963 len = UniStrnlen((wchar_t *)
2968 kzalloc(2 * (len + 1),
2970 cifs_strfromUCS_le(ses->
2976 bcc_ptr += 2 * (len + 1);
2977 ses->serverNOS[2 * len] = 0;
2978 ses->serverNOS[1+(2*len)] = 0;
2979 remaining_words -= len + 1;
2980 if (remaining_words > 0) {
2981 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2982 /* last string not always null terminated (e.g. for Windows XP & 2000) */
3007 } /* else no more room so create dummy domain string */
3009 ses->serverDomain = kzalloc(2,GFP_KERNEL);
3010 } else { /* no room so create dummy domain and NOS string */
3011 ses->serverDomain = kzalloc(2, GFP_KERNEL);
3012 ses->serverNOS = kzalloc(2, GFP_KERNEL);
3014 } else { /* ASCII */
3015 len = strnlen(bcc_ptr, 1024);
3016 if (((long) bcc_ptr + len) -
3017 (long) pByteArea(smb_buffer_response)
3018 <= BCC(smb_buffer_response)) {
3019 ses->serverOS = kzalloc(len + 1,GFP_KERNEL);
3020 strncpy(ses->serverOS,bcc_ptr, len);
3023 bcc_ptr[0] = 0; /* null terminate the string */
3026 len = strnlen(bcc_ptr, 1024);
3027 ses->serverNOS = kzalloc(len+1,GFP_KERNEL);
3028 strncpy(ses->serverNOS, bcc_ptr, len);
3033 len = strnlen(bcc_ptr, 1024);
3034 ses->serverDomain = kzalloc(len+1,GFP_KERNEL);
3035 strncpy(ses->serverDomain, bcc_ptr, len);
3041 ("Variable field of length %d extends beyond end of smb ",
3046 (" Security Blob Length extends beyond end of SMB"));
3049 cERROR(1, ("No session structure passed in."));
3053 (" Invalid Word count %d: ",
3054 smb_buffer_response->WordCount));
3059 cifs_buf_release(smb_buffer);
3065 CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3066 const char *tree, struct cifsTconInfo *tcon,
3067 const struct nls_table *nls_codepage)
3069 struct smb_hdr *smb_buffer;
3070 struct smb_hdr *smb_buffer_response;
3073 unsigned char *bcc_ptr;
3081 smb_buffer = cifs_buf_get();
3082 if (smb_buffer == NULL) {
3085 smb_buffer_response = smb_buffer;
3087 header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3088 NULL /*no tid */ , 4 /*wct */ );
3089 smb_buffer->Uid = ses->Suid;
3090 pSMB = (TCONX_REQ *) smb_buffer;
3091 pSMBr = (TCONX_RSP *) smb_buffer_response;
3093 pSMB->AndXCommand = 0xFF;
3094 pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
3095 pSMB->PasswordLength = cpu_to_le16(1); /* minimum */
3096 bcc_ptr = &pSMB->Password[0];
3097 bcc_ptr++; /* skip password */
3099 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3100 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3102 if (ses->capabilities & CAP_STATUS32) {
3103 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3105 if (ses->capabilities & CAP_DFS) {
3106 smb_buffer->Flags2 |= SMBFLG2_DFS;
3108 if (ses->capabilities & CAP_UNICODE) {
3109 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3111 cifs_strtoUCS((wchar_t *) bcc_ptr, tree, 100, nls_codepage);
3112 bcc_ptr += 2 * length; /* convert num of 16 bit words to bytes */
3113 bcc_ptr += 2; /* skip trailing null */
3114 } else { /* ASCII */
3116 strcpy(bcc_ptr, tree);
3117 bcc_ptr += strlen(tree) + 1;
3119 strcpy(bcc_ptr, "?????");
3120 bcc_ptr += strlen("?????");
3122 count = bcc_ptr - &pSMB->Password[0];
3123 pSMB->hdr.smb_buf_length += count;
3124 pSMB->ByteCount = cpu_to_le16(count);
3126 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length, 0);
3128 /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3129 /* above now done in SendReceive */
3130 if ((rc == 0) && (tcon != NULL)) {
3131 tcon->tidStatus = CifsGood;
3132 tcon->tid = smb_buffer_response->Tid;
3133 bcc_ptr = pByteArea(smb_buffer_response);
3134 length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2);
3135 /* skip service field (NB: this field is always ASCII) */
3136 bcc_ptr += length + 1;
3137 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3138 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3139 length = UniStrnlen((wchar_t *) bcc_ptr, 512);
3140 if ((bcc_ptr + (2 * length)) -
3141 pByteArea(smb_buffer_response) <=
3142 BCC(smb_buffer_response)) {
3143 if(tcon->nativeFileSystem)
3144 kfree(tcon->nativeFileSystem);
3145 tcon->nativeFileSystem =
3146 kzalloc(length + 2, GFP_KERNEL);
3147 cifs_strfromUCS_le(tcon->nativeFileSystem,
3148 (wchar_t *) bcc_ptr,
3149 length, nls_codepage);
3150 bcc_ptr += 2 * length;
3151 bcc_ptr[0] = 0; /* null terminate the string */
3155 /* else do not bother copying these informational fields */
3157 length = strnlen(bcc_ptr, 1024);
3158 if ((bcc_ptr + length) -
3159 pByteArea(smb_buffer_response) <=
3160 BCC(smb_buffer_response)) {
3161 if(tcon->nativeFileSystem)
3162 kfree(tcon->nativeFileSystem);
3163 tcon->nativeFileSystem =
3164 kzalloc(length + 1, GFP_KERNEL);
3165 strncpy(tcon->nativeFileSystem, bcc_ptr,
3168 /* else do not bother copying these informational fields */
3170 tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3171 cFYI(1, ("Tcon flags: 0x%x ", tcon->Flags));
3172 } else if ((rc == 0) && tcon == NULL) {
3173 /* all we need to save for IPC$ connection */
3174 ses->ipc_tid = smb_buffer_response->Tid;
3178 cifs_buf_release(smb_buffer);
3183 cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3187 struct cifsSesInfo *ses = NULL;
3188 struct task_struct *cifsd_task;
3192 if (cifs_sb->tcon) {
3193 ses = cifs_sb->tcon->ses; /* save ptr to ses before delete tcon!*/
3194 rc = CIFSSMBTDis(xid, cifs_sb->tcon);
3199 tconInfoFree(cifs_sb->tcon);
3200 if ((ses) && (ses->server)) {
3201 /* save off task so we do not refer to ses later */
3202 cifsd_task = ses->server->tsk;
3203 cFYI(1, ("About to do SMBLogoff "));
3204 rc = CIFSSMBLogoff(xid, ses);
3208 } else if (rc == -ESHUTDOWN) {
3209 cFYI(1,("Waking up socket by sending it signal"));
3211 send_sig(SIGKILL,cifsd_task,1);
3213 } /* else - we have an smb session
3214 left on this socket do not kill cifsd */
3216 cFYI(1, ("No session or bad tcon"));
3219 cifs_sb->tcon = NULL;
3221 schedule_timeout_interruptible(msecs_to_jiffies(500));
3226 return rc; /* BB check if we should always return zero here */
3229 int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
3230 struct nls_table * nls_info)
3233 char ntlm_session_key[CIFS_SESSION_KEY_SIZE];
3234 int ntlmv2_flag = FALSE;
3237 /* what if server changes its buffer size after dropping the session? */
3238 if(pSesInfo->server->maxBuf == 0) /* no need to send on reconnect */ {
3239 rc = CIFSSMBNegotiate(xid, pSesInfo);
3240 if(rc == -EAGAIN) /* retry only once on 1st time connection */ {
3241 rc = CIFSSMBNegotiate(xid, pSesInfo);
3246 spin_lock(&GlobalMid_Lock);
3247 if(pSesInfo->server->tcpStatus != CifsExiting)
3248 pSesInfo->server->tcpStatus = CifsGood;
3251 spin_unlock(&GlobalMid_Lock);
3257 pSesInfo->capabilities = pSesInfo->server->capabilities;
3258 if(linuxExtEnabled == 0)
3259 pSesInfo->capabilities &= (~CAP_UNIX);
3260 /* pSesInfo->sequence_number = 0;*/
3261 cFYI(1,("Security Mode: 0x%x Capabilities: 0x%x Time Zone: %d",
3262 pSesInfo->server->secMode,
3263 pSesInfo->server->capabilities,
3264 pSesInfo->server->timeZone));
3265 if (extended_security
3266 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3267 && (pSesInfo->server->secType == NTLMSSP)) {
3268 cFYI(1, ("New style sesssetup "));
3269 rc = CIFSSpnegoSessSetup(xid, pSesInfo,
3270 NULL /* security blob */,
3271 0 /* blob length */,
3273 } else if (extended_security
3274 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3275 && (pSesInfo->server->secType == RawNTLMSSP)) {
3276 cFYI(1, ("NTLMSSP sesssetup "));
3277 rc = CIFSNTLMSSPNegotiateSessSetup(xid,
3284 cFYI(1,("Can use more secure NTLM version 2 password hash"));
3285 if(CalcNTLMv2_partial_mac_key(pSesInfo,
3290 v2_response = kmalloc(16 + 64 /* blob */, GFP_KERNEL);
3292 CalcNTLMv2_response(pSesInfo,v2_response);
3294 cifs_calculate_ntlmv2_mac_key(
3295 pSesInfo->server->mac_signing_key,
3296 response, ntlm_session_key, */
3298 /* BB Put dummy sig in SessSetup PDU? */
3305 SMBNTencrypt(pSesInfo->password,
3306 pSesInfo->server->cryptKey,
3310 cifs_calculate_mac_key(
3311 pSesInfo->server->mac_signing_key,
3313 pSesInfo->password);
3315 /* for better security the weaker lanman hash not sent
3316 in AuthSessSetup so we no longer calculate it */
3318 rc = CIFSNTLMSSPAuthSessSetup(xid,
3324 } else { /* old style NTLM 0.12 session setup */
3325 SMBNTencrypt(pSesInfo->password,
3326 pSesInfo->server->cryptKey,
3330 cifs_calculate_mac_key(
3331 pSesInfo->server->mac_signing_key,
3332 ntlm_session_key, pSesInfo->password);
3334 rc = CIFSSessSetup(xid, pSesInfo,
3335 ntlm_session_key, nls_info);
3338 cERROR(1,("Send error in SessSetup = %d",rc));
3340 cFYI(1,("CIFS Session Established successfully"));
3341 pSesInfo->status = CifsGood;
git.samba.org / sfrench / cifs-2.6.git / blob