4 * Copyright (C) International Business Machines Corp., 2002,2008
5 * Author(s): Steve French (sfrench@us.ibm.com)
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/ipv6.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/kthread.h>
34 #include <linux/pagevec.h>
35 #include <linux/freezer.h>
36 #include <asm/uaccess.h>
37 #include <asm/processor.h>
40 #include "cifsproto.h"
41 #include "cifs_unicode.h"
42 #include "cifs_debug.h"
43 #include "cifs_fs_sb.h"
46 #include "rfc1002pdu.h"
50 #define RFC1001_PORT 139
52 extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
55 extern mempool_t *cifs_req_poolp;
63 char *in6_addr; /* ipv6 address as human readable form of in6_addr */
64 char *iocharset; /* local code page for mapping to and from Unicode */
65 char source_rfc1001_name[16]; /* netbios name of client */
66 char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
80 bool no_psx_acl:1; /* set if posix acl support should be disabled */
82 bool no_xattr:1; /* set if xattr (EA) support should be disabled*/
83 bool server_ino:1; /* use inode numbers from server ie UniqueId */
85 bool remap:1; /* set to remap seven reserved chars in filenames */
86 bool posix_paths:1; /* unset to not ask for posix pathnames. */
89 bool nullauth:1; /* attempt to authenticate with null user */
90 bool nocase:1; /* request case insensitive filenames */
91 bool nobrl:1; /* disable sending byte range locks to srv */
92 bool seal:1; /* request transport encryption on share */
93 bool nodfs:1; /* Do not request DFS, even if available */
94 bool local_lease:1; /* check leases only on local system, not remote */
100 unsigned short int port;
104 static int ipv4_connect(struct sockaddr_in *psin_server,
105 struct socket **csocket,
107 char *server_netb_name,
109 bool nosndbuf); /* ipv6 never set sndbuf size */
110 static int ipv6_connect(struct sockaddr_in6 *psin_server,
111 struct socket **csocket, bool noblocksnd);
115 * cifs tcp session reconnection
117 * mark tcp session as reconnecting so temporarily locked
118 * mark all smb sessions as reconnecting for tcp session
119 * reconnect tcp session
120 * wake up waiters on reconnection? - (not needed currently)
124 cifs_reconnect(struct TCP_Server_Info *server)
127 struct list_head *tmp, *tmp2;
128 struct cifsSesInfo *ses;
129 struct cifsTconInfo *tcon;
130 struct mid_q_entry *mid_entry;
132 spin_lock(&GlobalMid_Lock);
133 if (server->tcpStatus == CifsExiting) {
134 /* the demux thread will exit normally
135 next time through the loop */
136 spin_unlock(&GlobalMid_Lock);
139 server->tcpStatus = CifsNeedReconnect;
140 spin_unlock(&GlobalMid_Lock);
143 cFYI(1, ("Reconnecting tcp session"));
145 /* before reconnecting the tcp session, mark the smb session (uid)
146 and the tid bad so they are not used until reconnected */
147 read_lock(&cifs_tcp_ses_lock);
148 list_for_each(tmp, &server->smb_ses_list) {
149 ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
150 ses->need_reconnect = true;
152 list_for_each(tmp2, &ses->tcon_list) {
153 tcon = list_entry(tmp2, struct cifsTconInfo, tcon_list);
154 tcon->need_reconnect = true;
157 read_unlock(&cifs_tcp_ses_lock);
158 /* do not want to be sending data on a socket we are freeing */
159 mutex_lock(&server->srv_mutex);
160 if (server->ssocket) {
161 cFYI(1, ("State: 0x%x Flags: 0x%lx", server->ssocket->state,
162 server->ssocket->flags));
163 kernel_sock_shutdown(server->ssocket, SHUT_WR);
164 cFYI(1, ("Post shutdown state: 0x%x Flags: 0x%lx",
165 server->ssocket->state,
166 server->ssocket->flags));
167 sock_release(server->ssocket);
168 server->ssocket = NULL;
171 spin_lock(&GlobalMid_Lock);
172 list_for_each(tmp, &server->pending_mid_q) {
173 mid_entry = list_entry(tmp, struct
176 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
177 /* Mark other intransit requests as needing
178 retry so we do not immediately mark the
179 session bad again (ie after we reconnect
180 below) as they timeout too */
181 mid_entry->midState = MID_RETRY_NEEDED;
184 spin_unlock(&GlobalMid_Lock);
185 mutex_unlock(&server->srv_mutex);
187 while ((server->tcpStatus != CifsExiting) &&
188 (server->tcpStatus != CifsGood)) {
190 if (server->addr.sockAddr6.sin6_family == AF_INET6) {
191 rc = ipv6_connect(&server->addr.sockAddr6,
192 &server->ssocket, server->noautotune);
194 rc = ipv4_connect(&server->addr.sockAddr,
196 server->workstation_RFC1001_name,
197 server->server_RFC1001_name,
198 server->noblocksnd, server->noautotune);
201 cFYI(1, ("reconnect error %d", rc));
204 atomic_inc(&tcpSesReconnectCount);
205 spin_lock(&GlobalMid_Lock);
206 if (server->tcpStatus != CifsExiting)
207 server->tcpStatus = CifsGood;
208 server->sequence_number = 0;
209 spin_unlock(&GlobalMid_Lock);
210 /* atomic_set(&server->inFlight,0);*/
211 wake_up(&server->response_q);
219 0 not a transact2, or all data present
220 >0 transact2 with that much data missing
221 -EINVAL = invalid transact2
224 static int check2ndT2(struct smb_hdr *pSMB, unsigned int maxBufSize)
226 struct smb_t2_rsp *pSMBt;
228 int data_in_this_rsp;
231 if (pSMB->Command != SMB_COM_TRANSACTION2)
234 /* check for plausible wct, bcc and t2 data and parm sizes */
235 /* check for parm and data offset going beyond end of smb */
236 if (pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
237 cFYI(1, ("invalid transact2 word count"));
241 pSMBt = (struct smb_t2_rsp *)pSMB;
243 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
244 data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
246 remaining = total_data_size - data_in_this_rsp;
250 else if (remaining < 0) {
251 cFYI(1, ("total data %d smaller than data in frame %d",
252 total_data_size, data_in_this_rsp));
255 cFYI(1, ("missing %d bytes from transact2, check next response",
257 if (total_data_size > maxBufSize) {
258 cERROR(1, ("TotalDataSize %d is over maximum buffer %d",
259 total_data_size, maxBufSize));
266 static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
268 struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
269 struct smb_t2_rsp *pSMBt = (struct smb_t2_rsp *)pTargetSMB;
274 char *data_area_of_target;
275 char *data_area_of_buf2;
278 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
280 if (total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
281 cFYI(1, ("total data size of primary and secondary t2 differ"));
284 total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
286 remaining = total_data_size - total_in_buf;
291 if (remaining == 0) /* nothing to do, ignore */
294 total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
295 if (remaining < total_in_buf2) {
296 cFYI(1, ("transact2 2nd response contains too much data"));
299 /* find end of first SMB data area */
300 data_area_of_target = (char *)&pSMBt->hdr.Protocol +
301 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
302 /* validate target area */
304 data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
305 le16_to_cpu(pSMB2->t2_rsp.DataOffset);
307 data_area_of_target += total_in_buf;
309 /* copy second buffer into end of first buffer */
310 memcpy(data_area_of_target, data_area_of_buf2, total_in_buf2);
311 total_in_buf += total_in_buf2;
312 pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
313 byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
314 byte_count += total_in_buf2;
315 BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
317 byte_count = pTargetSMB->smb_buf_length;
318 byte_count += total_in_buf2;
320 /* BB also add check that we are not beyond maximum buffer size */
322 pTargetSMB->smb_buf_length = byte_count;
324 if (remaining == total_in_buf2) {
325 cFYI(1, ("found the last secondary response"));
326 return 0; /* we are done */
327 } else /* more responses to go */
333 cifs_demultiplex_thread(struct TCP_Server_Info *server)
336 unsigned int pdu_length, total_read;
337 struct smb_hdr *smb_buffer = NULL;
338 struct smb_hdr *bigbuf = NULL;
339 struct smb_hdr *smallbuf = NULL;
340 struct msghdr smb_msg;
342 struct socket *csocket = server->ssocket;
343 struct list_head *tmp;
344 struct cifsSesInfo *ses;
345 struct task_struct *task_to_wake = NULL;
346 struct mid_q_entry *mid_entry;
348 bool isLargeBuf = false;
352 current->flags |= PF_MEMALLOC;
353 cFYI(1, ("Demultiplex PID: %d", task_pid_nr(current)));
355 length = atomic_inc_return(&tcpSesAllocCount);
357 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
361 while (server->tcpStatus != CifsExiting) {
364 if (bigbuf == NULL) {
365 bigbuf = cifs_buf_get();
367 cERROR(1, ("No memory for large SMB response"));
369 /* retry will check if exiting */
372 } else if (isLargeBuf) {
373 /* we are reusing a dirty large buf, clear its start */
374 memset(bigbuf, 0, sizeof(struct smb_hdr));
377 if (smallbuf == NULL) {
378 smallbuf = cifs_small_buf_get();
380 cERROR(1, ("No memory for SMB response"));
382 /* retry will check if exiting */
385 /* beginning of smb buffer is cleared in our buf_get */
386 } else /* if existing small buf clear beginning */
387 memset(smallbuf, 0, sizeof(struct smb_hdr));
391 smb_buffer = smallbuf;
392 iov.iov_base = smb_buffer;
394 smb_msg.msg_control = NULL;
395 smb_msg.msg_controllen = 0;
396 pdu_length = 4; /* enough to get RFC1001 header */
399 kernel_recvmsg(csocket, &smb_msg,
400 &iov, 1, pdu_length, 0 /* BB other flags? */);
402 if (server->tcpStatus == CifsExiting) {
404 } else if (server->tcpStatus == CifsNeedReconnect) {
405 cFYI(1, ("Reconnect after server stopped responding"));
406 cifs_reconnect(server);
407 cFYI(1, ("call to reconnect done"));
408 csocket = server->ssocket;
410 } else if ((length == -ERESTARTSYS) || (length == -EAGAIN)) {
411 msleep(1); /* minimum sleep to prevent looping
412 allowing socket to clear and app threads to set
413 tcpStatus CifsNeedReconnect if server hung */
414 if (pdu_length < 4) {
415 iov.iov_base = (4 - pdu_length) +
417 iov.iov_len = pdu_length;
418 smb_msg.msg_control = NULL;
419 smb_msg.msg_controllen = 0;
423 } else if (length <= 0) {
424 if (server->tcpStatus == CifsNew) {
425 cFYI(1, ("tcp session abend after SMBnegprot"));
426 /* some servers kill the TCP session rather than
427 returning an SMB negprot error, in which
428 case reconnecting here is not going to help,
429 and so simply return error to mount */
432 if (!try_to_freeze() && (length == -EINTR)) {
433 cFYI(1, ("cifsd thread killed"));
436 cFYI(1, ("Reconnect after unexpected peek error %d",
438 cifs_reconnect(server);
439 csocket = server->ssocket;
440 wake_up(&server->response_q);
442 } else if (length < pdu_length) {
443 cFYI(1, ("requested %d bytes but only got %d bytes",
444 pdu_length, length));
445 pdu_length -= length;
450 /* The right amount was read from socket - 4 bytes */
451 /* so we can now interpret the length field */
453 /* the first byte big endian of the length field,
454 is actually not part of the length but the type
455 with the most common, zero, as regular data */
456 temp = *((char *) smb_buffer);
458 /* Note that FC 1001 length is big endian on the wire,
459 but we convert it here so it is always manipulated
460 as host byte order */
461 pdu_length = be32_to_cpu((__force __be32)smb_buffer->smb_buf_length);
462 smb_buffer->smb_buf_length = pdu_length;
464 cFYI(1, ("rfc1002 length 0x%x", pdu_length+4));
466 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
468 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
469 cFYI(1, ("Good RFC 1002 session rsp"));
471 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
472 /* we get this from Windows 98 instead of
473 an error on SMB negprot response */
474 cFYI(1, ("Negative RFC1002 Session Response Error 0x%x)",
476 if (server->tcpStatus == CifsNew) {
477 /* if nack on negprot (rather than
478 ret of smb negprot error) reconnecting
479 not going to help, ret error to mount */
482 /* give server a second to
483 clean up before reconnect attempt */
485 /* always try 445 first on reconnect
486 since we get NACK on some if we ever
487 connected to port 139 (the NACK is
488 since we do not begin with RFC1001
489 session initialize frame) */
490 server->addr.sockAddr.sin_port =
492 cifs_reconnect(server);
493 csocket = server->ssocket;
494 wake_up(&server->response_q);
497 } else if (temp != (char) 0) {
498 cERROR(1, ("Unknown RFC 1002 frame"));
499 cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
501 cifs_reconnect(server);
502 csocket = server->ssocket;
506 /* else we have an SMB response */
507 if ((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
508 (pdu_length < sizeof(struct smb_hdr) - 1 - 4)) {
509 cERROR(1, ("Invalid size SMB length %d pdu_length %d",
510 length, pdu_length+4));
511 cifs_reconnect(server);
512 csocket = server->ssocket;
513 wake_up(&server->response_q);
520 if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
522 memcpy(bigbuf, smallbuf, 4);
526 iov.iov_base = 4 + (char *)smb_buffer;
527 iov.iov_len = pdu_length;
528 for (total_read = 0; total_read < pdu_length;
529 total_read += length) {
530 length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
531 pdu_length - total_read, 0);
532 if ((server->tcpStatus == CifsExiting) ||
533 (length == -EINTR)) {
537 } else if (server->tcpStatus == CifsNeedReconnect) {
538 cifs_reconnect(server);
539 csocket = server->ssocket;
540 /* Reconnect wakes up rspns q */
541 /* Now we will reread sock */
544 } else if ((length == -ERESTARTSYS) ||
545 (length == -EAGAIN)) {
546 msleep(1); /* minimum sleep to prevent looping,
547 allowing socket to clear and app
548 threads to set tcpStatus
549 CifsNeedReconnect if server hung*/
552 } else if (length <= 0) {
553 cERROR(1, ("Received no data, expecting %d",
554 pdu_length - total_read));
555 cifs_reconnect(server);
556 csocket = server->ssocket;
563 else if (reconnect == 1)
566 length += 4; /* account for rfc1002 hdr */
569 dump_smb(smb_buffer, length);
570 if (checkSMB(smb_buffer, smb_buffer->Mid, total_read+4)) {
571 cifs_dump_mem("Bad SMB: ", smb_buffer, 48);
577 spin_lock(&GlobalMid_Lock);
578 list_for_each(tmp, &server->pending_mid_q) {
579 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
581 if ((mid_entry->mid == smb_buffer->Mid) &&
582 (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
583 (mid_entry->command == smb_buffer->Command)) {
584 if (check2ndT2(smb_buffer,server->maxBuf) > 0) {
585 /* We have a multipart transact2 resp */
587 if (mid_entry->resp_buf) {
588 /* merge response - fix up 1st*/
589 if (coalesce_t2(smb_buffer,
590 mid_entry->resp_buf)) {
591 mid_entry->multiRsp =
595 /* all parts received */
596 mid_entry->multiEnd =
602 cERROR(1,("1st trans2 resp needs bigbuf"));
603 /* BB maybe we can fix this up, switch
604 to already allocated large buffer? */
606 /* Have first buffer */
607 mid_entry->resp_buf =
609 mid_entry->largeBuf =
616 mid_entry->resp_buf = smb_buffer;
617 mid_entry->largeBuf = isLargeBuf;
619 task_to_wake = mid_entry->tsk;
620 mid_entry->midState = MID_RESPONSE_RECEIVED;
621 #ifdef CONFIG_CIFS_STATS2
622 mid_entry->when_received = jiffies;
624 /* so we do not time out requests to server
625 which is still responding (since server could
626 be busy but not dead) */
627 server->lstrp = jiffies;
631 spin_unlock(&GlobalMid_Lock);
633 /* Was previous buf put in mpx struct for multi-rsp? */
635 /* smb buffer will be freed by user thread */
641 wake_up_process(task_to_wake);
642 } else if (!is_valid_oplock_break(smb_buffer, server) &&
644 cERROR(1, ("No task to wake, unknown frame received! "
645 "NumMids %d", midCount.counter));
646 cifs_dump_mem("Received Data is: ", (char *)smb_buffer,
647 sizeof(struct smb_hdr));
648 #ifdef CONFIG_CIFS_DEBUG2
649 cifs_dump_detail(smb_buffer);
650 cifs_dump_mids(server);
651 #endif /* CIFS_DEBUG2 */
654 } /* end while !EXITING */
656 /* take it off the list, if it's not already */
657 write_lock(&cifs_tcp_ses_lock);
658 list_del_init(&server->tcp_ses_list);
659 write_unlock(&cifs_tcp_ses_lock);
661 spin_lock(&GlobalMid_Lock);
662 server->tcpStatus = CifsExiting;
663 spin_unlock(&GlobalMid_Lock);
664 wake_up_all(&server->response_q);
666 /* check if we have blocked requests that need to free */
667 /* Note that cifs_max_pending is normally 50, but
668 can be set at module install time to as little as two */
669 spin_lock(&GlobalMid_Lock);
670 if (atomic_read(&server->inFlight) >= cifs_max_pending)
671 atomic_set(&server->inFlight, cifs_max_pending - 1);
672 /* We do not want to set the max_pending too low or we
673 could end up with the counter going negative */
674 spin_unlock(&GlobalMid_Lock);
675 /* Although there should not be any requests blocked on
676 this queue it can not hurt to be paranoid and try to wake up requests
677 that may haven been blocked when more than 50 at time were on the wire
678 to the same server - they now will see the session is in exit state
679 and get out of SendReceive. */
680 wake_up_all(&server->request_q);
681 /* give those requests time to exit */
684 if (server->ssocket) {
685 sock_release(csocket);
686 server->ssocket = NULL;
688 /* buffer usuallly freed in free_mid - need to free it here on exit */
689 cifs_buf_release(bigbuf);
690 if (smallbuf) /* no sense logging a debug message if NULL */
691 cifs_small_buf_release(smallbuf);
694 * BB: we shouldn't have to do any of this. It shouldn't be
695 * possible to exit from the thread with active SMB sessions
697 read_lock(&cifs_tcp_ses_lock);
698 if (list_empty(&server->pending_mid_q)) {
699 /* loop through server session structures attached to this and
701 list_for_each(tmp, &server->smb_ses_list) {
702 ses = list_entry(tmp, struct cifsSesInfo,
704 ses->status = CifsExiting;
707 read_unlock(&cifs_tcp_ses_lock);
709 /* although we can not zero the server struct pointer yet,
710 since there are active requests which may depnd on them,
711 mark the corresponding SMB sessions as exiting too */
712 list_for_each(tmp, &server->smb_ses_list) {
713 ses = list_entry(tmp, struct cifsSesInfo,
715 ses->status = CifsExiting;
718 spin_lock(&GlobalMid_Lock);
719 list_for_each(tmp, &server->pending_mid_q) {
720 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
721 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
722 cFYI(1, ("Clearing Mid 0x%x - waking up ",
724 task_to_wake = mid_entry->tsk;
726 wake_up_process(task_to_wake);
729 spin_unlock(&GlobalMid_Lock);
730 read_unlock(&cifs_tcp_ses_lock);
731 /* 1/8th of sec is more than enough time for them to exit */
735 if (!list_empty(&server->pending_mid_q)) {
736 /* mpx threads have not exited yet give them
737 at least the smb send timeout time for long ops */
738 /* due to delays on oplock break requests, we need
739 to wait at least 45 seconds before giving up
740 on a request getting a response and going ahead
742 cFYI(1, ("Wait for exit from demultiplex thread"));
744 /* if threads still have not exited they are probably never
745 coming home not much else we can do but free the memory */
748 /* last chance to mark ses pointers invalid
749 if there are any pointing to this (e.g
750 if a crazy root user tried to kill cifsd
751 kernel thread explicitly this might happen) */
752 /* BB: This shouldn't be necessary, see above */
753 read_lock(&cifs_tcp_ses_lock);
754 list_for_each(tmp, &server->smb_ses_list) {
755 ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
758 read_unlock(&cifs_tcp_ses_lock);
760 kfree(server->hostname);
761 task_to_wake = xchg(&server->tsk, NULL);
764 length = atomic_dec_return(&tcpSesAllocCount);
766 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
769 /* if server->tsk was NULL then wait for a signal before exiting */
771 set_current_state(TASK_INTERRUPTIBLE);
772 while (!signal_pending(current)) {
774 set_current_state(TASK_INTERRUPTIBLE);
776 set_current_state(TASK_RUNNING);
779 module_put_and_exit(0);
782 /* extract the host portion of the UNC string */
784 extract_hostname(const char *unc)
790 /* skip double chars at beginning of string */
791 /* BB: check validity of these bytes? */
794 /* delimiter between hostname and sharename is always '\\' now */
795 delim = strchr(src, '\\');
797 return ERR_PTR(-EINVAL);
800 dst = kmalloc((len + 1), GFP_KERNEL);
802 return ERR_PTR(-ENOMEM);
804 memcpy(dst, src, len);
811 cifs_parse_mount_options(char *options, const char *devname,
816 unsigned int temp_len, i, j;
822 if (Local_System_Name[0] != 0)
823 memcpy(vol->source_rfc1001_name, Local_System_Name, 15);
825 char *nodename = utsname()->nodename;
826 int n = strnlen(nodename, 15);
827 memset(vol->source_rfc1001_name, 0x20, 15);
828 for (i = 0; i < n; i++) {
829 /* does not have to be perfect mapping since field is
830 informational, only used for servers that do not support
831 port 445 and it can be overridden at mount time */
832 vol->source_rfc1001_name[i] = toupper(nodename[i]);
835 vol->source_rfc1001_name[15] = 0;
836 /* null target name indicates to use *SMBSERVR default called name
837 if we end up sending RFC1001 session initialize */
838 vol->target_rfc1001_name[0] = 0;
839 vol->linux_uid = current->uid; /* current->euid instead? */
840 vol->linux_gid = current->gid;
841 vol->dir_mode = S_IRWXUGO;
842 /* 2767 perms indicate mandatory locking support */
843 vol->file_mode = (S_IRWXUGO | S_ISGID) & (~S_IXGRP);
845 /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
847 /* default is always to request posix paths. */
848 vol->posix_paths = 1;
853 if (strncmp(options, "sep=", 4) == 0) {
854 if (options[4] != 0) {
855 separator[0] = options[4];
858 cFYI(1, ("Null separator not allowed"));
862 while ((data = strsep(&options, separator)) != NULL) {
865 if ((value = strchr(data, '=')) != NULL)
868 /* Have to parse this before we parse for "user" */
869 if (strnicmp(data, "user_xattr", 10) == 0) {
871 } else if (strnicmp(data, "nouser_xattr", 12) == 0) {
873 } else if (strnicmp(data, "user", 4) == 0) {
876 "CIFS: invalid or missing username\n");
877 return 1; /* needs_arg; */
878 } else if (!*value) {
879 /* null user, ie anonymous, authentication */
882 if (strnlen(value, 200) < 200) {
883 vol->username = value;
885 printk(KERN_WARNING "CIFS: username too long\n");
888 } else if (strnicmp(data, "pass", 4) == 0) {
890 vol->password = NULL;
892 } else if (value[0] == 0) {
893 /* check if string begins with double comma
894 since that would mean the password really
895 does start with a comma, and would not
896 indicate an empty string */
897 if (value[1] != separator[0]) {
898 vol->password = NULL;
902 temp_len = strlen(value);
903 /* removed password length check, NTLM passwords
904 can be arbitrarily long */
906 /* if comma in password, the string will be
907 prematurely null terminated. Commas in password are
908 specified across the cifs mount interface by a double
909 comma ie ,, and a comma used as in other cases ie ','
910 as a parameter delimiter/separator is single and due
911 to the strsep above is temporarily zeroed. */
913 /* NB: password legally can have multiple commas and
914 the only illegal character in a password is null */
916 if ((value[temp_len] == 0) &&
917 (value[temp_len+1] == separator[0])) {
919 value[temp_len] = separator[0];
920 temp_len += 2; /* move after second comma */
921 while (value[temp_len] != 0) {
922 if (value[temp_len] == separator[0]) {
923 if (value[temp_len+1] ==
925 /* skip second comma */
928 /* single comma indicating start
935 if (value[temp_len] == 0) {
939 /* point option to start of next parm */
940 options = value + temp_len + 1;
942 /* go from value to value + temp_len condensing
943 double commas to singles. Note that this ends up
944 allocating a few bytes too many, which is ok */
945 vol->password = kzalloc(temp_len, GFP_KERNEL);
946 if (vol->password == NULL) {
947 printk(KERN_WARNING "CIFS: no memory "
951 for (i = 0, j = 0; i < temp_len; i++, j++) {
952 vol->password[j] = value[i];
953 if (value[i] == separator[0]
954 && value[i+1] == separator[0]) {
955 /* skip second comma */
959 vol->password[j] = 0;
961 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
962 if (vol->password == NULL) {
963 printk(KERN_WARNING "CIFS: no memory "
967 strcpy(vol->password, value);
969 } else if (strnicmp(data, "ip", 2) == 0) {
970 if (!value || !*value) {
972 } else if (strnlen(value, 35) < 35) {
975 printk(KERN_WARNING "CIFS: ip address "
979 } else if (strnicmp(data, "sec", 3) == 0) {
980 if (!value || !*value) {
981 cERROR(1, ("no security value specified"));
983 } else if (strnicmp(value, "krb5i", 5) == 0) {
984 vol->secFlg |= CIFSSEC_MAY_KRB5 |
986 } else if (strnicmp(value, "krb5p", 5) == 0) {
987 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
989 cERROR(1, ("Krb5 cifs privacy not supported"));
991 } else if (strnicmp(value, "krb5", 4) == 0) {
992 vol->secFlg |= CIFSSEC_MAY_KRB5;
993 } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
994 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
996 } else if (strnicmp(value, "ntlmv2", 6) == 0) {
997 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
998 } else if (strnicmp(value, "ntlmi", 5) == 0) {
999 vol->secFlg |= CIFSSEC_MAY_NTLM |
1001 } else if (strnicmp(value, "ntlm", 4) == 0) {
1002 /* ntlm is default so can be turned off too */
1003 vol->secFlg |= CIFSSEC_MAY_NTLM;
1004 } else if (strnicmp(value, "nontlm", 6) == 0) {
1005 /* BB is there a better way to do this? */
1006 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
1007 #ifdef CONFIG_CIFS_WEAK_PW_HASH
1008 } else if (strnicmp(value, "lanman", 6) == 0) {
1009 vol->secFlg |= CIFSSEC_MAY_LANMAN;
1011 } else if (strnicmp(value, "none", 4) == 0) {
1014 cERROR(1, ("bad security option: %s", value));
1017 } else if ((strnicmp(data, "unc", 3) == 0)
1018 || (strnicmp(data, "target", 6) == 0)
1019 || (strnicmp(data, "path", 4) == 0)) {
1020 if (!value || !*value) {
1021 printk(KERN_WARNING "CIFS: invalid path to "
1022 "network resource\n");
1023 return 1; /* needs_arg; */
1025 if ((temp_len = strnlen(value, 300)) < 300) {
1026 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1027 if (vol->UNC == NULL)
1029 strcpy(vol->UNC, value);
1030 if (strncmp(vol->UNC, "//", 2) == 0) {
1033 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1035 "CIFS: UNC Path does not begin "
1036 "with // or \\\\ \n");
1040 printk(KERN_WARNING "CIFS: UNC name too long\n");
1043 } else if ((strnicmp(data, "domain", 3) == 0)
1044 || (strnicmp(data, "workgroup", 5) == 0)) {
1045 if (!value || !*value) {
1046 printk(KERN_WARNING "CIFS: invalid domain name\n");
1047 return 1; /* needs_arg; */
1049 /* BB are there cases in which a comma can be valid in
1050 a domain name and need special handling? */
1051 if (strnlen(value, 256) < 256) {
1052 vol->domainname = value;
1053 cFYI(1, ("Domain name set"));
1055 printk(KERN_WARNING "CIFS: domain name too "
1059 } else if (strnicmp(data, "prefixpath", 10) == 0) {
1060 if (!value || !*value) {
1062 "CIFS: invalid path prefix\n");
1063 return 1; /* needs_argument */
1065 if ((temp_len = strnlen(value, 1024)) < 1024) {
1066 if (value[0] != '/')
1067 temp_len++; /* missing leading slash */
1068 vol->prepath = kmalloc(temp_len+1, GFP_KERNEL);
1069 if (vol->prepath == NULL)
1071 if (value[0] != '/') {
1072 vol->prepath[0] = '/';
1073 strcpy(vol->prepath+1, value);
1075 strcpy(vol->prepath, value);
1076 cFYI(1, ("prefix path %s", vol->prepath));
1078 printk(KERN_WARNING "CIFS: prefix too long\n");
1081 } else if (strnicmp(data, "iocharset", 9) == 0) {
1082 if (!value || !*value) {
1083 printk(KERN_WARNING "CIFS: invalid iocharset "
1085 return 1; /* needs_arg; */
1087 if (strnlen(value, 65) < 65) {
1088 if (strnicmp(value, "default", 7))
1089 vol->iocharset = value;
1090 /* if iocharset not set then load_nls_default
1091 is used by caller */
1092 cFYI(1, ("iocharset set to %s", value));
1094 printk(KERN_WARNING "CIFS: iocharset name "
1098 } else if (strnicmp(data, "uid", 3) == 0) {
1099 if (value && *value) {
1101 simple_strtoul(value, &value, 0);
1102 vol->override_uid = 1;
1104 } else if (strnicmp(data, "gid", 3) == 0) {
1105 if (value && *value) {
1107 simple_strtoul(value, &value, 0);
1108 vol->override_gid = 1;
1110 } else if (strnicmp(data, "file_mode", 4) == 0) {
1111 if (value && *value) {
1113 simple_strtoul(value, &value, 0);
1115 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1116 if (value && *value) {
1118 simple_strtoul(value, &value, 0);
1120 } else if (strnicmp(data, "dirmode", 4) == 0) {
1121 if (value && *value) {
1123 simple_strtoul(value, &value, 0);
1125 } else if (strnicmp(data, "port", 4) == 0) {
1126 if (value && *value) {
1128 simple_strtoul(value, &value, 0);
1130 } else if (strnicmp(data, "rsize", 5) == 0) {
1131 if (value && *value) {
1133 simple_strtoul(value, &value, 0);
1135 } else if (strnicmp(data, "wsize", 5) == 0) {
1136 if (value && *value) {
1138 simple_strtoul(value, &value, 0);
1140 } else if (strnicmp(data, "sockopt", 5) == 0) {
1141 if (value && *value) {
1143 simple_strtoul(value, &value, 0);
1145 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1146 if (!value || !*value || (*value == ' ')) {
1147 cFYI(1, ("invalid (empty) netbiosname"));
1149 memset(vol->source_rfc1001_name, 0x20, 15);
1150 for (i = 0; i < 15; i++) {
1151 /* BB are there cases in which a comma can be
1152 valid in this workstation netbios name (and need
1153 special handling)? */
1155 /* We do not uppercase netbiosname for user */
1159 vol->source_rfc1001_name[i] =
1162 /* The string has 16th byte zero still from
1163 set at top of the function */
1164 if ((i == 15) && (value[i] != 0))
1165 printk(KERN_WARNING "CIFS: netbiosname"
1166 " longer than 15 truncated.\n");
1168 } else if (strnicmp(data, "servern", 7) == 0) {
1169 /* servernetbiosname specified override *SMBSERVER */
1170 if (!value || !*value || (*value == ' ')) {
1171 cFYI(1, ("empty server netbiosname specified"));
1173 /* last byte, type, is 0x20 for servr type */
1174 memset(vol->target_rfc1001_name, 0x20, 16);
1176 for (i = 0; i < 15; i++) {
1177 /* BB are there cases in which a comma can be
1178 valid in this workstation netbios name
1179 (and need special handling)? */
1181 /* user or mount helper must uppercase
1186 vol->target_rfc1001_name[i] =
1189 /* The string has 16th byte zero still from
1190 set at top of the function */
1191 if ((i == 15) && (value[i] != 0))
1192 printk(KERN_WARNING "CIFS: server net"
1193 "biosname longer than 15 truncated.\n");
1195 } else if (strnicmp(data, "credentials", 4) == 0) {
1197 } else if (strnicmp(data, "version", 3) == 0) {
1199 } else if (strnicmp(data, "guest", 5) == 0) {
1201 } else if (strnicmp(data, "rw", 2) == 0) {
1203 } else if (strnicmp(data, "noblocksend", 11) == 0) {
1204 vol->noblocksnd = 1;
1205 } else if (strnicmp(data, "noautotune", 10) == 0) {
1206 vol->noautotune = 1;
1207 } else if ((strnicmp(data, "suid", 4) == 0) ||
1208 (strnicmp(data, "nosuid", 6) == 0) ||
1209 (strnicmp(data, "exec", 4) == 0) ||
1210 (strnicmp(data, "noexec", 6) == 0) ||
1211 (strnicmp(data, "nodev", 5) == 0) ||
1212 (strnicmp(data, "noauto", 6) == 0) ||
1213 (strnicmp(data, "dev", 3) == 0)) {
1214 /* The mount tool or mount.cifs helper (if present)
1215 uses these opts to set flags, and the flags are read
1216 by the kernel vfs layer before we get here (ie
1217 before read super) so there is no point trying to
1218 parse these options again and set anything and it
1219 is ok to just ignore them */
1221 } else if (strnicmp(data, "ro", 2) == 0) {
1223 } else if (strnicmp(data, "hard", 4) == 0) {
1225 } else if (strnicmp(data, "soft", 4) == 0) {
1227 } else if (strnicmp(data, "perm", 4) == 0) {
1229 } else if (strnicmp(data, "noperm", 6) == 0) {
1231 } else if (strnicmp(data, "mapchars", 8) == 0) {
1233 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1235 } else if (strnicmp(data, "sfu", 3) == 0) {
1237 } else if (strnicmp(data, "nosfu", 5) == 0) {
1239 } else if (strnicmp(data, "nodfs", 5) == 0) {
1241 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1242 vol->posix_paths = 1;
1243 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1244 vol->posix_paths = 0;
1245 } else if (strnicmp(data, "nounix", 6) == 0) {
1246 vol->no_linux_ext = 1;
1247 } else if (strnicmp(data, "nolinux", 7) == 0) {
1248 vol->no_linux_ext = 1;
1249 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1250 (strnicmp(data, "ignorecase", 10) == 0)) {
1252 } else if (strnicmp(data, "brl", 3) == 0) {
1254 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1255 (strnicmp(data, "nolock", 6) == 0)) {
1257 /* turn off mandatory locking in mode
1258 if remote locking is turned off since the
1259 local vfs will do advisory */
1260 if (vol->file_mode ==
1261 (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1262 vol->file_mode = S_IALLUGO;
1263 } else if (strnicmp(data, "setuids", 7) == 0) {
1265 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1267 } else if (strnicmp(data, "dynperm", 7) == 0) {
1268 vol->dynperm = true;
1269 } else if (strnicmp(data, "nodynperm", 9) == 0) {
1270 vol->dynperm = false;
1271 } else if (strnicmp(data, "nohard", 6) == 0) {
1273 } else if (strnicmp(data, "nosoft", 6) == 0) {
1275 } else if (strnicmp(data, "nointr", 6) == 0) {
1277 } else if (strnicmp(data, "intr", 4) == 0) {
1279 } else if (strnicmp(data, "serverino", 7) == 0) {
1280 vol->server_ino = 1;
1281 } else if (strnicmp(data, "noserverino", 9) == 0) {
1282 vol->server_ino = 0;
1283 } else if (strnicmp(data, "cifsacl", 7) == 0) {
1285 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1287 } else if (strnicmp(data, "acl", 3) == 0) {
1288 vol->no_psx_acl = 0;
1289 } else if (strnicmp(data, "noacl", 5) == 0) {
1290 vol->no_psx_acl = 1;
1291 #ifdef CONFIG_CIFS_EXPERIMENTAL
1292 } else if (strnicmp(data, "locallease", 6) == 0) {
1293 vol->local_lease = 1;
1295 } else if (strnicmp(data, "sign", 4) == 0) {
1296 vol->secFlg |= CIFSSEC_MUST_SIGN;
1297 } else if (strnicmp(data, "seal", 4) == 0) {
1298 /* we do not do the following in secFlags because seal
1299 is a per tree connection (mount) not a per socket
1300 or per-smb connection option in the protocol */
1301 /* vol->secFlg |= CIFSSEC_MUST_SEAL; */
1303 } else if (strnicmp(data, "direct", 6) == 0) {
1305 } else if (strnicmp(data, "forcedirectio", 13) == 0) {
1307 } else if (strnicmp(data, "in6_addr", 8) == 0) {
1308 if (!value || !*value) {
1309 vol->in6_addr = NULL;
1310 } else if (strnlen(value, 49) == 48) {
1311 vol->in6_addr = value;
1313 printk(KERN_WARNING "CIFS: ip v6 address not "
1314 "48 characters long\n");
1317 } else if (strnicmp(data, "noac", 4) == 0) {
1318 printk(KERN_WARNING "CIFS: Mount option noac not "
1319 "supported. Instead set "
1320 "/proc/fs/cifs/LookupCacheEnabled to 0\n");
1322 printk(KERN_WARNING "CIFS: Unknown mount option %s\n",
1325 if (vol->UNC == NULL) {
1326 if (devname == NULL) {
1327 printk(KERN_WARNING "CIFS: Missing UNC name for mount "
1331 if ((temp_len = strnlen(devname, 300)) < 300) {
1332 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1333 if (vol->UNC == NULL)
1335 strcpy(vol->UNC, devname);
1336 if (strncmp(vol->UNC, "//", 2) == 0) {
1339 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1340 printk(KERN_WARNING "CIFS: UNC Path does not "
1341 "begin with // or \\\\ \n");
1344 value = strpbrk(vol->UNC+2, "/\\");
1348 printk(KERN_WARNING "CIFS: UNC name too long\n");
1352 if (vol->UNCip == NULL)
1353 vol->UNCip = &vol->UNC[2];
1358 static struct TCP_Server_Info *
1359 cifs_find_tcp_session(struct sockaddr *addr)
1361 struct list_head *tmp;
1362 struct TCP_Server_Info *server;
1363 struct sockaddr_in *addr4 = (struct sockaddr_in *) addr;
1364 struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) addr;
1366 write_lock(&cifs_tcp_ses_lock);
1367 list_for_each(tmp, &cifs_tcp_ses_list) {
1368 server = list_entry(tmp, struct TCP_Server_Info,
1371 * the demux thread can exit on its own while still in CifsNew
1372 * so don't accept any sockets in that state. Since the
1373 * tcpStatus never changes back to CifsNew it's safe to check
1374 * for this without a lock.
1376 if (server->tcpStatus == CifsNew)
1379 if (addr->sa_family == AF_INET &&
1380 (addr4->sin_addr.s_addr !=
1381 server->addr.sockAddr.sin_addr.s_addr))
1383 else if (addr->sa_family == AF_INET6 &&
1384 memcmp(&server->addr.sockAddr6.sin6_addr,
1385 &addr6->sin6_addr, sizeof(addr6->sin6_addr)))
1388 ++server->srv_count;
1389 write_unlock(&cifs_tcp_ses_lock);
1390 cFYI(1, ("Existing tcp session with server found"));
1393 write_unlock(&cifs_tcp_ses_lock);
1398 cifs_put_tcp_session(struct TCP_Server_Info *server)
1400 struct task_struct *task;
1402 write_lock(&cifs_tcp_ses_lock);
1403 if (--server->srv_count > 0) {
1404 write_unlock(&cifs_tcp_ses_lock);
1408 list_del_init(&server->tcp_ses_list);
1409 write_unlock(&cifs_tcp_ses_lock);
1411 spin_lock(&GlobalMid_Lock);
1412 server->tcpStatus = CifsExiting;
1413 spin_unlock(&GlobalMid_Lock);
1415 task = xchg(&server->tsk, NULL);
1417 force_sig(SIGKILL, task);
1420 static struct TCP_Server_Info *
1421 cifs_get_tcp_session(struct smb_vol *volume_info)
1423 struct TCP_Server_Info *tcp_ses = NULL;
1424 struct sockaddr addr;
1425 struct sockaddr_in *sin_server = (struct sockaddr_in *) &addr;
1426 struct sockaddr_in6 *sin_server6 = (struct sockaddr_in6 *) &addr;
1429 memset(&addr, 0, sizeof(struct sockaddr));
1431 if (volume_info->UNCip && volume_info->UNC) {
1432 rc = cifs_inet_pton(AF_INET, volume_info->UNCip,
1433 &sin_server->sin_addr.s_addr);
1436 /* not ipv4 address, try ipv6 */
1437 rc = cifs_inet_pton(AF_INET6, volume_info->UNCip,
1438 &sin_server6->sin6_addr.in6_u);
1440 addr.sa_family = AF_INET6;
1442 addr.sa_family = AF_INET;
1446 /* we failed translating address */
1451 cFYI(1, ("UNC: %s ip: %s", volume_info->UNC,
1452 volume_info->UNCip));
1453 } else if (volume_info->UNCip) {
1454 /* BB using ip addr as tcp_ses name to connect to the
1456 cERROR(1, ("Connecting to DFS root not implemented yet"));
1459 } else /* which tcp_sess DFS root would we conect to */ {
1461 ("CIFS mount error: No UNC path (e.g. -o "
1462 "unc=//192.168.1.100/public) specified"));
1467 /* see if we already have a matching tcp_ses */
1468 tcp_ses = cifs_find_tcp_session(&addr);
1472 tcp_ses = kzalloc(sizeof(struct TCP_Server_Info), GFP_KERNEL);
1478 tcp_ses->hostname = extract_hostname(volume_info->UNC);
1479 if (IS_ERR(tcp_ses->hostname)) {
1480 rc = PTR_ERR(tcp_ses->hostname);
1484 tcp_ses->noblocksnd = volume_info->noblocksnd;
1485 tcp_ses->noautotune = volume_info->noautotune;
1486 atomic_set(&tcp_ses->inFlight, 0);
1487 init_waitqueue_head(&tcp_ses->response_q);
1488 init_waitqueue_head(&tcp_ses->request_q);
1489 INIT_LIST_HEAD(&tcp_ses->pending_mid_q);
1490 mutex_init(&tcp_ses->srv_mutex);
1491 memcpy(tcp_ses->workstation_RFC1001_name,
1492 volume_info->source_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1493 memcpy(tcp_ses->server_RFC1001_name,
1494 volume_info->target_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1495 tcp_ses->sequence_number = 0;
1496 INIT_LIST_HEAD(&tcp_ses->tcp_ses_list);
1497 INIT_LIST_HEAD(&tcp_ses->smb_ses_list);
1500 * at this point we are the only ones with the pointer
1501 * to the struct since the kernel thread not created yet
1502 * no need to spinlock this init of tcpStatus or srv_count
1504 tcp_ses->tcpStatus = CifsNew;
1505 ++tcp_ses->srv_count;
1507 if (addr.sa_family == AF_INET6) {
1508 cFYI(1, ("attempting ipv6 connect"));
1509 /* BB should we allow ipv6 on port 139? */
1510 /* other OS never observed in Wild doing 139 with v6 */
1511 memcpy(&tcp_ses->addr.sockAddr6, sin_server6,
1512 sizeof(struct sockaddr_in6));
1513 sin_server6->sin6_port = htons(volume_info->port);
1514 rc = ipv6_connect(sin_server6, &tcp_ses->ssocket,
1515 volume_info->noblocksnd);
1517 memcpy(&tcp_ses->addr.sockAddr, sin_server,
1518 sizeof(struct sockaddr_in));
1519 sin_server->sin_port = htons(volume_info->port);
1520 rc = ipv4_connect(sin_server, &tcp_ses->ssocket,
1521 volume_info->source_rfc1001_name,
1522 volume_info->target_rfc1001_name,
1523 volume_info->noblocksnd,
1524 volume_info->noautotune);
1527 cERROR(1, ("Error connecting to socket. Aborting operation"));
1532 * since we're in a cifs function already, we know that
1533 * this will succeed. No need for try_module_get().
1535 __module_get(THIS_MODULE);
1536 tcp_ses->tsk = kthread_run((void *)(void *)cifs_demultiplex_thread,
1538 if (IS_ERR(tcp_ses->tsk)) {
1539 rc = PTR_ERR(tcp_ses->tsk);
1540 cERROR(1, ("error %d create cifsd thread", rc));
1541 module_put(THIS_MODULE);
1545 /* thread spawned, put it on the list */
1546 write_lock(&cifs_tcp_ses_lock);
1547 list_add(&tcp_ses->tcp_ses_list, &cifs_tcp_ses_list);
1548 write_unlock(&cifs_tcp_ses_lock);
1554 kfree(tcp_ses->hostname);
1555 if (tcp_ses->ssocket)
1556 sock_release(tcp_ses->ssocket);
1562 static struct cifsSesInfo *
1563 cifs_find_smb_ses(struct TCP_Server_Info *server, char *username)
1565 struct list_head *tmp;
1566 struct cifsSesInfo *ses;
1568 write_lock(&cifs_tcp_ses_lock);
1569 list_for_each(tmp, &server->smb_ses_list) {
1570 ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
1571 if (strncmp(ses->userName, username, MAX_USERNAME_SIZE))
1575 write_unlock(&cifs_tcp_ses_lock);
1578 write_unlock(&cifs_tcp_ses_lock);
1583 cifs_put_smb_ses(struct cifsSesInfo *ses)
1586 struct TCP_Server_Info *server = ses->server;
1588 write_lock(&cifs_tcp_ses_lock);
1589 if (--ses->ses_count > 0) {
1590 write_unlock(&cifs_tcp_ses_lock);
1594 list_del_init(&ses->smb_ses_list);
1595 write_unlock(&cifs_tcp_ses_lock);
1597 if (ses->status == CifsGood) {
1599 CIFSSMBLogoff(xid, ses);
1603 cifs_put_tcp_session(server);
1606 static struct cifsTconInfo *
1607 cifs_find_tcon(struct cifsSesInfo *ses, const char *unc)
1609 struct list_head *tmp;
1610 struct cifsTconInfo *tcon;
1612 write_lock(&cifs_tcp_ses_lock);
1613 list_for_each(tmp, &ses->tcon_list) {
1614 tcon = list_entry(tmp, struct cifsTconInfo, tcon_list);
1615 if (tcon->tidStatus == CifsExiting)
1617 if (strncmp(tcon->treeName, unc, MAX_TREE_SIZE))
1621 write_unlock(&cifs_tcp_ses_lock);
1624 write_unlock(&cifs_tcp_ses_lock);
1629 cifs_put_tcon(struct cifsTconInfo *tcon)
1632 struct cifsSesInfo *ses = tcon->ses;
1634 write_lock(&cifs_tcp_ses_lock);
1635 if (--tcon->tc_count > 0) {
1636 write_unlock(&cifs_tcp_ses_lock);
1640 list_del_init(&tcon->tcon_list);
1641 write_unlock(&cifs_tcp_ses_lock);
1644 CIFSSMBTDis(xid, tcon);
1647 DeleteTconOplockQEntries(tcon);
1649 cifs_put_smb_ses(ses);
1653 get_dfs_path(int xid, struct cifsSesInfo *pSesInfo, const char *old_path,
1654 const struct nls_table *nls_codepage, unsigned int *pnum_referrals,
1655 struct dfs_info3_param **preferrals, int remap)
1660 *pnum_referrals = 0;
1663 if (pSesInfo->ipc_tid == 0) {
1664 temp_unc = kmalloc(2 /* for slashes */ +
1665 strnlen(pSesInfo->serverName,
1666 SERVER_NAME_LEN_WITH_NULL * 2)
1667 + 1 + 4 /* slash IPC$ */ + 2,
1669 if (temp_unc == NULL)
1673 strcpy(temp_unc + 2, pSesInfo->serverName);
1674 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
1675 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
1677 ("CIFS Tcon rc = %d ipc_tid = %d", rc, pSesInfo->ipc_tid));
1681 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
1682 pnum_referrals, nls_codepage, remap);
1683 /* BB map targetUNCs to dfs_info3 structures, here or
1684 in CIFSGetDFSRefer BB */
1689 #ifdef CONFIG_DEBUG_LOCK_ALLOC
1690 static struct lock_class_key cifs_key[2];
1691 static struct lock_class_key cifs_slock_key[2];
1694 cifs_reclassify_socket4(struct socket *sock)
1696 struct sock *sk = sock->sk;
1697 BUG_ON(sock_owned_by_user(sk));
1698 sock_lock_init_class_and_name(sk, "slock-AF_INET-CIFS",
1699 &cifs_slock_key[0], "sk_lock-AF_INET-CIFS", &cifs_key[0]);
1703 cifs_reclassify_socket6(struct socket *sock)
1705 struct sock *sk = sock->sk;
1706 BUG_ON(sock_owned_by_user(sk));
1707 sock_lock_init_class_and_name(sk, "slock-AF_INET6-CIFS",
1708 &cifs_slock_key[1], "sk_lock-AF_INET6-CIFS", &cifs_key[1]);
1712 cifs_reclassify_socket4(struct socket *sock)
1717 cifs_reclassify_socket6(struct socket *sock)
1722 /* See RFC1001 section 14 on representation of Netbios names */
1723 static void rfc1002mangle(char *target, char *source, unsigned int length)
1727 for (i = 0, j = 0; i < (length); i++) {
1728 /* mask a nibble at a time and encode */
1729 target[j] = 'A' + (0x0F & (source[i] >> 4));
1730 target[j+1] = 'A' + (0x0F & source[i]);
1738 ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket,
1739 char *netbios_name, char *target_name,
1740 bool noblocksnd, bool noautotune)
1744 __be16 orig_port = 0;
1746 if (*csocket == NULL) {
1747 rc = sock_create_kern(PF_INET, SOCK_STREAM,
1748 IPPROTO_TCP, csocket);
1750 cERROR(1, ("Error %d creating socket", rc));
1754 /* BB other socket options to set KEEPALIVE, NODELAY? */
1755 cFYI(1, ("Socket created"));
1756 (*csocket)->sk->sk_allocation = GFP_NOFS;
1757 cifs_reclassify_socket4(*csocket);
1761 psin_server->sin_family = AF_INET;
1762 if (psin_server->sin_port) { /* user overrode default port */
1763 rc = (*csocket)->ops->connect(*csocket,
1764 (struct sockaddr *) psin_server,
1765 sizeof(struct sockaddr_in), 0);
1771 /* save original port so we can retry user specified port
1772 later if fall back ports fail this time */
1773 orig_port = psin_server->sin_port;
1775 /* do not retry on the same port we just failed on */
1776 if (psin_server->sin_port != htons(CIFS_PORT)) {
1777 psin_server->sin_port = htons(CIFS_PORT);
1779 rc = (*csocket)->ops->connect(*csocket,
1780 (struct sockaddr *) psin_server,
1781 sizeof(struct sockaddr_in), 0);
1787 psin_server->sin_port = htons(RFC1001_PORT);
1788 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1790 sizeof(struct sockaddr_in), 0);
1795 /* give up here - unless we want to retry on different
1796 protocol families some day */
1799 psin_server->sin_port = orig_port;
1800 cFYI(1, ("Error %d connecting to server via ipv4", rc));
1801 sock_release(*csocket);
1805 /* Eventually check for other socket options to change from
1806 the default. sock_setsockopt not used because it expects
1807 user space buffer */
1808 cFYI(1, ("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",
1809 (*csocket)->sk->sk_sndbuf,
1810 (*csocket)->sk->sk_rcvbuf, (*csocket)->sk->sk_rcvtimeo));
1811 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1813 (*csocket)->sk->sk_sndtimeo = 3 * HZ;
1815 /* make the bufsizes depend on wsize/rsize and max requests */
1817 if ((*csocket)->sk->sk_sndbuf < (200 * 1024))
1818 (*csocket)->sk->sk_sndbuf = 200 * 1024;
1819 if ((*csocket)->sk->sk_rcvbuf < (140 * 1024))
1820 (*csocket)->sk->sk_rcvbuf = 140 * 1024;
1823 /* send RFC1001 sessinit */
1824 if (psin_server->sin_port == htons(RFC1001_PORT)) {
1825 /* some servers require RFC1001 sessinit before sending
1826 negprot - BB check reconnection in case where second
1827 sessinit is sent but no second negprot */
1828 struct rfc1002_session_packet *ses_init_buf;
1829 struct smb_hdr *smb_buf;
1830 ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet),
1833 ses_init_buf->trailer.session_req.called_len = 32;
1834 if (target_name && (target_name[0] != 0)) {
1835 rfc1002mangle(ses_init_buf->trailer.
1836 session_req.called_name,
1838 RFC1001_NAME_LEN_WITH_NULL);
1840 rfc1002mangle(ses_init_buf->trailer.
1841 session_req.called_name,
1842 DEFAULT_CIFS_CALLED_NAME,
1843 RFC1001_NAME_LEN_WITH_NULL);
1846 ses_init_buf->trailer.session_req.calling_len = 32;
1847 /* calling name ends in null (byte 16) from old smb
1849 if (netbios_name && (netbios_name[0] != 0)) {
1850 rfc1002mangle(ses_init_buf->trailer.
1851 session_req.calling_name,
1853 RFC1001_NAME_LEN_WITH_NULL);
1855 rfc1002mangle(ses_init_buf->trailer.
1856 session_req.calling_name,
1858 RFC1001_NAME_LEN_WITH_NULL);
1860 ses_init_buf->trailer.session_req.scope1 = 0;
1861 ses_init_buf->trailer.session_req.scope2 = 0;
1862 smb_buf = (struct smb_hdr *)ses_init_buf;
1863 /* sizeof RFC1002_SESSION_REQUEST with no scope */
1864 smb_buf->smb_buf_length = 0x81000044;
1865 rc = smb_send(*csocket, smb_buf, 0x44,
1866 (struct sockaddr *)psin_server, noblocksnd);
1867 kfree(ses_init_buf);
1868 msleep(1); /* RFC1001 layer in at least one server
1869 requires very short break before negprot
1870 presumably because not expecting negprot
1871 to follow so fast. This is a simple
1872 solution that works without
1873 complicating the code and causes no
1874 significant slowing down on mount
1875 for everyone else */
1877 /* else the negprot may still work without this
1878 even though malloc failed */
1886 ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket,
1891 __be16 orig_port = 0;
1893 if (*csocket == NULL) {
1894 rc = sock_create_kern(PF_INET6, SOCK_STREAM,
1895 IPPROTO_TCP, csocket);
1897 cERROR(1, ("Error %d creating ipv6 socket", rc));
1901 /* BB other socket options to set KEEPALIVE, NODELAY? */
1902 cFYI(1, ("ipv6 Socket created"));
1903 (*csocket)->sk->sk_allocation = GFP_NOFS;
1904 cifs_reclassify_socket6(*csocket);
1908 psin_server->sin6_family = AF_INET6;
1910 if (psin_server->sin6_port) { /* user overrode default port */
1911 rc = (*csocket)->ops->connect(*csocket,
1912 (struct sockaddr *) psin_server,
1913 sizeof(struct sockaddr_in6), 0);
1919 /* save original port so we can retry user specified port
1920 later if fall back ports fail this time */
1922 orig_port = psin_server->sin6_port;
1923 /* do not retry on the same port we just failed on */
1924 if (psin_server->sin6_port != htons(CIFS_PORT)) {
1925 psin_server->sin6_port = htons(CIFS_PORT);
1927 rc = (*csocket)->ops->connect(*csocket,
1928 (struct sockaddr *) psin_server,
1929 sizeof(struct sockaddr_in6), 0);
1935 psin_server->sin6_port = htons(RFC1001_PORT);
1936 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1937 psin_server, sizeof(struct sockaddr_in6), 0);
1942 /* give up here - unless we want to retry on different
1943 protocol families some day */
1946 psin_server->sin6_port = orig_port;
1947 cFYI(1, ("Error %d connecting to server via ipv6", rc));
1948 sock_release(*csocket);
1952 /* Eventually check for other socket options to change from
1953 the default. sock_setsockopt not used because it expects
1954 user space buffer */
1955 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1957 (*csocket)->sk->sk_sndtimeo = 3 * HZ;
1963 void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon,
1964 struct super_block *sb, struct smb_vol *vol_info)
1966 /* if we are reconnecting then should we check to see if
1967 * any requested capabilities changed locally e.g. via
1968 * remount but we can not do much about it here
1969 * if they have (even if we could detect it by the following)
1970 * Perhaps we could add a backpointer to array of sb from tcon
1971 * or if we change to make all sb to same share the same
1972 * sb as NFS - then we only have one backpointer to sb.
1973 * What if we wanted to mount the server share twice once with
1974 * and once without posixacls or posix paths? */
1975 __u64 saved_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
1977 if (vol_info && vol_info->no_linux_ext) {
1978 tcon->fsUnixInfo.Capability = 0;
1979 tcon->unix_ext = 0; /* Unix Extensions disabled */
1980 cFYI(1, ("Linux protocol extensions disabled"));
1982 } else if (vol_info)
1983 tcon->unix_ext = 1; /* Unix Extensions supported */
1985 if (tcon->unix_ext == 0) {
1986 cFYI(1, ("Unix extensions disabled so not set on reconnect"));
1990 if (!CIFSSMBQFSUnixInfo(xid, tcon)) {
1991 __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
1993 /* check for reconnect case in which we do not
1994 want to change the mount behavior if we can avoid it */
1995 if (vol_info == NULL) {
1996 /* turn off POSIX ACL and PATHNAMES if not set
1997 originally at mount time */
1998 if ((saved_cap & CIFS_UNIX_POSIX_ACL_CAP) == 0)
1999 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2000 if ((saved_cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2001 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2002 cERROR(1, ("POSIXPATH support change"));
2003 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2004 } else if ((cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2005 cERROR(1, ("possible reconnect error"));
2007 ("server disabled POSIX path support"));
2011 cap &= CIFS_UNIX_CAP_MASK;
2012 if (vol_info && vol_info->no_psx_acl)
2013 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2014 else if (CIFS_UNIX_POSIX_ACL_CAP & cap) {
2015 cFYI(1, ("negotiated posix acl support"));
2017 sb->s_flags |= MS_POSIXACL;
2020 if (vol_info && vol_info->posix_paths == 0)
2021 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2022 else if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
2023 cFYI(1, ("negotiate posix pathnames"));
2025 CIFS_SB(sb)->mnt_cifs_flags |=
2026 CIFS_MOUNT_POSIX_PATHS;
2029 /* We might be setting the path sep back to a different
2030 form if we are reconnecting and the server switched its
2031 posix path capability for this share */
2032 if (sb && (CIFS_SB(sb)->prepathlen > 0))
2033 CIFS_SB(sb)->prepath[0] = CIFS_DIR_SEP(CIFS_SB(sb));
2035 if (sb && (CIFS_SB(sb)->rsize > 127 * 1024)) {
2036 if ((cap & CIFS_UNIX_LARGE_READ_CAP) == 0) {
2037 CIFS_SB(sb)->rsize = 127 * 1024;
2039 ("larger reads not supported by srv"));
2044 cFYI(1, ("Negotiate caps 0x%x", (int)cap));
2045 #ifdef CONFIG_CIFS_DEBUG2
2046 if (cap & CIFS_UNIX_FCNTL_CAP)
2047 cFYI(1, ("FCNTL cap"));
2048 if (cap & CIFS_UNIX_EXTATTR_CAP)
2049 cFYI(1, ("EXTATTR cap"));
2050 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2051 cFYI(1, ("POSIX path cap"));
2052 if (cap & CIFS_UNIX_XATTR_CAP)
2053 cFYI(1, ("XATTR cap"));
2054 if (cap & CIFS_UNIX_POSIX_ACL_CAP)
2055 cFYI(1, ("POSIX ACL cap"));
2056 if (cap & CIFS_UNIX_LARGE_READ_CAP)
2057 cFYI(1, ("very large read cap"));
2058 if (cap & CIFS_UNIX_LARGE_WRITE_CAP)
2059 cFYI(1, ("very large write cap"));
2060 #endif /* CIFS_DEBUG2 */
2061 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
2062 if (vol_info == NULL) {
2063 cFYI(1, ("resetting capabilities failed"));
2065 cERROR(1, ("Negotiating Unix capabilities "
2066 "with the server failed. Consider "
2067 "mounting with the Unix Extensions\n"
2068 "disabled, if problems are found, "
2069 "by specifying the nounix mount "
2077 convert_delimiter(char *path, char delim)
2090 for (i = 0; path[i] != '\0'; i++) {
2091 if (path[i] == old_delim)
2096 static void setup_cifs_sb(struct smb_vol *pvolume_info,
2097 struct cifs_sb_info *cifs_sb)
2099 if (pvolume_info->rsize > CIFSMaxBufSize) {
2100 cERROR(1, ("rsize %d too large, using MaxBufSize",
2101 pvolume_info->rsize));
2102 cifs_sb->rsize = CIFSMaxBufSize;
2103 } else if ((pvolume_info->rsize) &&
2104 (pvolume_info->rsize <= CIFSMaxBufSize))
2105 cifs_sb->rsize = pvolume_info->rsize;
2107 cifs_sb->rsize = CIFSMaxBufSize;
2109 if (pvolume_info->wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
2110 cERROR(1, ("wsize %d too large, using 4096 instead",
2111 pvolume_info->wsize));
2112 cifs_sb->wsize = 4096;
2113 } else if (pvolume_info->wsize)
2114 cifs_sb->wsize = pvolume_info->wsize;
2116 cifs_sb->wsize = min_t(const int,
2117 PAGEVEC_SIZE * PAGE_CACHE_SIZE,
2119 /* old default of CIFSMaxBufSize was too small now
2120 that SMB Write2 can send multiple pages in kvec.
2121 RFC1001 does not describe what happens when frame
2122 bigger than 128K is sent so use that as max in
2123 conjunction with 52K kvec constraint on arch with 4K
2126 if (cifs_sb->rsize < 2048) {
2127 cifs_sb->rsize = 2048;
2128 /* Windows ME may prefer this */
2129 cFYI(1, ("readsize set to minimum: 2048"));
2131 /* calculate prepath */
2132 cifs_sb->prepath = pvolume_info->prepath;
2133 if (cifs_sb->prepath) {
2134 cifs_sb->prepathlen = strlen(cifs_sb->prepath);
2135 /* we can not convert the / to \ in the path
2136 separators in the prefixpath yet because we do not
2137 know (until reset_cifs_unix_caps is called later)
2138 whether POSIX PATH CAP is available. We normalize
2139 the / to \ after reset_cifs_unix_caps is called */
2140 pvolume_info->prepath = NULL;
2142 cifs_sb->prepathlen = 0;
2143 cifs_sb->mnt_uid = pvolume_info->linux_uid;
2144 cifs_sb->mnt_gid = pvolume_info->linux_gid;
2145 cifs_sb->mnt_file_mode = pvolume_info->file_mode;
2146 cifs_sb->mnt_dir_mode = pvolume_info->dir_mode;
2147 cFYI(1, ("file mode: 0x%x dir mode: 0x%x",
2148 cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode));
2150 if (pvolume_info->noperm)
2151 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
2152 if (pvolume_info->setuids)
2153 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
2154 if (pvolume_info->server_ino)
2155 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
2156 if (pvolume_info->remap)
2157 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
2158 if (pvolume_info->no_xattr)
2159 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
2160 if (pvolume_info->sfu_emul)
2161 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
2162 if (pvolume_info->nobrl)
2163 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
2164 if (pvolume_info->cifs_acl)
2165 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
2166 if (pvolume_info->override_uid)
2167 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
2168 if (pvolume_info->override_gid)
2169 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
2170 if (pvolume_info->dynperm)
2171 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DYNPERM;
2172 if (pvolume_info->direct_io) {
2173 cFYI(1, ("mounting share using direct i/o"));
2174 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
2177 if ((pvolume_info->cifs_acl) && (pvolume_info->dynperm))
2178 cERROR(1, ("mount option dynperm ignored if cifsacl "
2179 "mount option supported"));
2183 cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
2184 char *mount_data, const char *devname)
2188 struct smb_vol volume_info;
2189 struct cifsSesInfo *pSesInfo = NULL;
2190 struct cifsTconInfo *tcon = NULL;
2191 struct TCP_Server_Info *srvTcp = NULL;
2195 /* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */
2197 memset(&volume_info, 0, sizeof(struct smb_vol));
2198 if (cifs_parse_mount_options(mount_data, devname, &volume_info)) {
2203 if (volume_info.nullauth) {
2204 cFYI(1, ("null user"));
2205 volume_info.username = "";
2206 } else if (volume_info.username) {
2207 /* BB fixme parse for domain name here */
2208 cFYI(1, ("Username: %s", volume_info.username));
2210 cifserror("No username specified");
2211 /* In userspace mount helper we can get user name from alternate
2212 locations such as env variables and files on disk */
2218 /* this is needed for ASCII cp to Unicode converts */
2219 if (volume_info.iocharset == NULL) {
2220 cifs_sb->local_nls = load_nls_default();
2221 /* load_nls_default can not return null */
2223 cifs_sb->local_nls = load_nls(volume_info.iocharset);
2224 if (cifs_sb->local_nls == NULL) {
2225 cERROR(1, ("CIFS mount error: iocharset %s not found",
2226 volume_info.iocharset));
2232 /* get a reference to a tcp session */
2233 srvTcp = cifs_get_tcp_session(&volume_info);
2234 if (IS_ERR(srvTcp)) {
2235 rc = PTR_ERR(srvTcp);
2239 pSesInfo = cifs_find_smb_ses(srvTcp, volume_info.username);
2241 cFYI(1, ("Existing smb sess found (status=%d)",
2244 * The existing SMB session already has a reference to srvTcp,
2245 * so we can put back the extra one we got before
2247 cifs_put_tcp_session(srvTcp);
2249 down(&pSesInfo->sesSem);
2250 if (pSesInfo->need_reconnect) {
2251 cFYI(1, ("Session needs reconnect"));
2252 rc = cifs_setup_session(xid, pSesInfo,
2253 cifs_sb->local_nls);
2255 up(&pSesInfo->sesSem);
2257 cFYI(1, ("Existing smb sess not found"));
2258 pSesInfo = sesInfoAlloc();
2259 if (pSesInfo == NULL) {
2261 goto mount_fail_check;
2264 /* new SMB session uses our srvTcp ref */
2265 pSesInfo->server = srvTcp;
2266 if (srvTcp->addr.sockAddr6.sin6_family == AF_INET6)
2267 sprintf(pSesInfo->serverName, NIP6_FMT,
2268 NIP6(srvTcp->addr.sockAddr6.sin6_addr));
2270 sprintf(pSesInfo->serverName, NIPQUAD_FMT,
2271 NIPQUAD(srvTcp->addr.sockAddr.sin_addr.s_addr));
2273 write_lock(&cifs_tcp_ses_lock);
2274 list_add(&pSesInfo->smb_ses_list, &srvTcp->smb_ses_list);
2275 write_unlock(&cifs_tcp_ses_lock);
2277 /* volume_info.password freed at unmount */
2278 if (volume_info.password) {
2279 pSesInfo->password = volume_info.password;
2280 /* set to NULL to prevent freeing on exit */
2281 volume_info.password = NULL;
2283 if (volume_info.username)
2284 strncpy(pSesInfo->userName, volume_info.username,
2286 if (volume_info.domainname) {
2287 int len = strlen(volume_info.domainname);
2288 pSesInfo->domainName = kmalloc(len + 1, GFP_KERNEL);
2289 if (pSesInfo->domainName)
2290 strcpy(pSesInfo->domainName,
2291 volume_info.domainname);
2293 pSesInfo->linux_uid = volume_info.linux_uid;
2294 pSesInfo->overrideSecFlg = volume_info.secFlg;
2295 down(&pSesInfo->sesSem);
2297 /* BB FIXME need to pass vol->secFlgs BB */
2298 rc = cifs_setup_session(xid, pSesInfo,
2299 cifs_sb->local_nls);
2300 up(&pSesInfo->sesSem);
2303 /* search for existing tcon to this server share */
2305 setup_cifs_sb(&volume_info, cifs_sb);
2307 tcon = cifs_find_tcon(pSesInfo, volume_info.UNC);
2309 cFYI(1, ("Found match on UNC path"));
2310 /* existing tcon already has a reference */
2311 cifs_put_smb_ses(pSesInfo);
2312 if (tcon->seal != volume_info.seal)
2313 cERROR(1, ("transport encryption setting "
2314 "conflicts with existing tid"));
2316 tcon = tconInfoAlloc();
2319 goto mount_fail_check;
2321 tcon->ses = pSesInfo;
2323 /* check for null share name ie connect to dfs root */
2324 if ((strchr(volume_info.UNC + 3, '\\') == NULL)
2325 && (strchr(volume_info.UNC + 3, '/') == NULL)) {
2326 /* rc = connect_to_dfs_path(...) */
2327 cFYI(1, ("DFS root not supported"));
2329 goto mount_fail_check;
2331 /* BB Do we need to wrap sesSem around
2332 * this TCon call and Unix SetFS as
2333 * we do on SessSetup and reconnect? */
2334 rc = CIFSTCon(xid, pSesInfo, volume_info.UNC,
2335 tcon, cifs_sb->local_nls);
2336 cFYI(1, ("CIFS Tcon rc = %d", rc));
2337 if (volume_info.nodfs) {
2338 tcon->Flags &= ~SMB_SHARE_IS_IN_DFS;
2339 cFYI(1, ("DFS disabled (%d)",
2344 goto mount_fail_check;
2345 tcon->seal = volume_info.seal;
2346 write_lock(&cifs_tcp_ses_lock);
2347 list_add(&tcon->tcon_list, &pSesInfo->tcon_list);
2348 write_unlock(&cifs_tcp_ses_lock);
2351 /* we can have only one retry value for a connection
2352 to a share so for resources mounted more than once
2353 to the same server share the last value passed in
2354 for the retry flag is used */
2355 tcon->retry = volume_info.retry;
2356 tcon->nocase = volume_info.nocase;
2357 tcon->local_lease = volume_info.local_lease;
2360 if (pSesInfo->capabilities & CAP_LARGE_FILES) {
2361 sb->s_maxbytes = (u64) 1 << 63;
2363 sb->s_maxbytes = (u64) 1 << 31; /* 2 GB */
2366 /* BB FIXME fix time_gran to be larger for LANMAN sessions */
2367 sb->s_time_gran = 100;
2370 /* on error free sesinfo and tcon struct if needed */
2372 /* If find_unc succeeded then rc == 0 so we can not end */
2373 /* up accidently freeing someone elses tcon struct */
2375 cifs_put_tcon(tcon);
2377 cifs_put_smb_ses(pSesInfo);
2379 cifs_put_tcp_session(srvTcp);
2382 cifs_sb->tcon = tcon;
2384 /* do not care if following two calls succeed - informational */
2386 CIFSSMBQFSDeviceInfo(xid, tcon);
2387 CIFSSMBQFSAttributeInfo(xid, tcon);
2390 /* tell server which Unix caps we support */
2391 if (tcon->ses->capabilities & CAP_UNIX)
2392 /* reset of caps checks mount to see if unix extensions
2393 disabled for just this mount */
2394 reset_cifs_unix_caps(xid, tcon, sb, &volume_info);
2396 tcon->unix_ext = 0; /* server does not support them */
2398 /* convert forward to back slashes in prepath here if needed */
2399 if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0)
2400 convert_delimiter(cifs_sb->prepath, CIFS_DIR_SEP(cifs_sb));
2402 if ((tcon->unix_ext == 0) && (cifs_sb->rsize > (1024 * 127))) {
2403 cifs_sb->rsize = 1024 * 127;
2404 cFYI(DBG2, ("no very large read support, rsize now 127K"));
2406 if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
2407 cifs_sb->wsize = min(cifs_sb->wsize,
2408 (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE));
2409 if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
2410 cifs_sb->rsize = min(cifs_sb->rsize,
2411 (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE));
2413 /* volume_info.password is freed above when existing session found
2414 (in which case it is not needed anymore) but when new sesion is created
2415 the password ptr is put in the new session structure (in which case the
2416 password will be freed at unmount time) */
2418 /* zero out password before freeing */
2419 if (volume_info.password != NULL) {
2420 memset(volume_info.password, 0, strlen(volume_info.password));
2421 kfree(volume_info.password);
2423 kfree(volume_info.UNC);
2424 kfree(volume_info.prepath);
2430 CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2431 char session_key[CIFS_SESS_KEY_SIZE],
2432 const struct nls_table *nls_codepage)
2434 struct smb_hdr *smb_buffer;
2435 struct smb_hdr *smb_buffer_response;
2436 SESSION_SETUP_ANDX *pSMB;
2437 SESSION_SETUP_ANDX *pSMBr;
2442 int remaining_words = 0;
2443 int bytes_returned = 0;
2448 cFYI(1, ("In sesssetup"));
2451 user = ses->userName;
2452 domain = ses->domainName;
2453 smb_buffer = cifs_buf_get();
2455 if (smb_buffer == NULL)
2458 smb_buffer_response = smb_buffer;
2459 pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2461 /* send SMBsessionSetup here */
2462 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2463 NULL /* no tCon exists yet */ , 13 /* wct */ );
2465 smb_buffer->Mid = GetNextMid(ses->server);
2466 pSMB->req_no_secext.AndXCommand = 0xFF;
2467 pSMB->req_no_secext.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2468 pSMB->req_no_secext.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2470 if (ses->server->secMode &
2471 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2472 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2474 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2475 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
2476 if (ses->capabilities & CAP_UNICODE) {
2477 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2478 capabilities |= CAP_UNICODE;
2480 if (ses->capabilities & CAP_STATUS32) {
2481 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2482 capabilities |= CAP_STATUS32;
2484 if (ses->capabilities & CAP_DFS) {
2485 smb_buffer->Flags2 |= SMBFLG2_DFS;
2486 capabilities |= CAP_DFS;
2488 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
2490 pSMB->req_no_secext.CaseInsensitivePasswordLength =
2491 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2493 pSMB->req_no_secext.CaseSensitivePasswordLength =
2494 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2495 bcc_ptr = pByteArea(smb_buffer);
2496 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2497 bcc_ptr += CIFS_SESS_KEY_SIZE;
2498 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2499 bcc_ptr += CIFS_SESS_KEY_SIZE;
2501 if (ses->capabilities & CAP_UNICODE) {
2502 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode */
2507 bytes_returned = 0; /* skip null user */
2510 cifs_strtoUCS((__le16 *) bcc_ptr, user, 100,
2512 /* convert number of 16 bit words to bytes */
2513 bcc_ptr += 2 * bytes_returned;
2514 bcc_ptr += 2; /* trailing null */
2517 cifs_strtoUCS((__le16 *) bcc_ptr,
2518 "CIFS_LINUX_DOM", 32, nls_codepage);
2521 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2523 bcc_ptr += 2 * bytes_returned;
2526 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2528 bcc_ptr += 2 * bytes_returned;
2530 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release,
2532 bcc_ptr += 2 * bytes_returned;
2535 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2537 bcc_ptr += 2 * bytes_returned;
2541 strncpy(bcc_ptr, user, 200);
2542 bcc_ptr += strnlen(user, 200);
2546 if (domain == NULL) {
2547 strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2548 bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2550 strncpy(bcc_ptr, domain, 64);
2551 bcc_ptr += strnlen(domain, 64);
2555 strcpy(bcc_ptr, "Linux version ");
2556 bcc_ptr += strlen("Linux version ");
2557 strcpy(bcc_ptr, utsname()->release);
2558 bcc_ptr += strlen(utsname()->release) + 1;
2559 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2560 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2562 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2563 smb_buffer->smb_buf_length += count;
2564 pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
2566 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2567 &bytes_returned, CIFS_LONG_OP);
2569 /* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2570 } else if ((smb_buffer_response->WordCount == 3)
2571 || (smb_buffer_response->WordCount == 4)) {
2572 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2573 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2574 if (action & GUEST_LOGIN)
2575 cFYI(1, (" Guest login")); /* BB mark SesInfo struct? */
2576 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format
2578 cFYI(1, ("UID = %d ", ses->Suid));
2579 /* response can have either 3 or 4 word count - Samba sends 3 */
2580 bcc_ptr = pByteArea(smb_buffer_response);
2581 if ((pSMBr->resp.hdr.WordCount == 3)
2582 || ((pSMBr->resp.hdr.WordCount == 4)
2583 && (blob_len < pSMBr->resp.ByteCount))) {
2584 if (pSMBr->resp.hdr.WordCount == 4)
2585 bcc_ptr += blob_len;
2587 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2588 if ((long) (bcc_ptr) % 2) {
2590 (BCC(smb_buffer_response) - 1) / 2;
2591 /* Unicode strings must be word
2596 BCC(smb_buffer_response) / 2;
2599 UniStrnlen((wchar_t *) bcc_ptr,
2600 remaining_words - 1);
2601 /* We look for obvious messed up bcc or strings in response so we do not go off
2602 the end since (at least) WIN2K and Windows XP have a major bug in not null
2603 terminating last Unicode string in response */
2605 kfree(ses->serverOS);
2606 ses->serverOS = kzalloc(2 * (len + 1),
2608 if (ses->serverOS == NULL)
2609 goto sesssetup_nomem;
2610 cifs_strfromUCS_le(ses->serverOS,
2613 bcc_ptr += 2 * (len + 1);
2614 remaining_words -= len + 1;
2615 ses->serverOS[2 * len] = 0;
2616 ses->serverOS[1 + (2 * len)] = 0;
2617 if (remaining_words > 0) {
2618 len = UniStrnlen((wchar_t *)bcc_ptr,
2620 kfree(ses->serverNOS);
2621 ses->serverNOS = kzalloc(2 * (len + 1),
2623 if (ses->serverNOS == NULL)
2624 goto sesssetup_nomem;
2625 cifs_strfromUCS_le(ses->serverNOS,
2628 bcc_ptr += 2 * (len + 1);
2629 ses->serverNOS[2 * len] = 0;
2630 ses->serverNOS[1 + (2 * len)] = 0;
2631 if (strncmp(ses->serverNOS,
2632 "NT LAN Manager 4", 16) == 0) {
2633 cFYI(1, ("NT4 server"));
2634 ses->flags |= CIFS_SES_NT4;
2636 remaining_words -= len + 1;
2637 if (remaining_words > 0) {
2638 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2639 /* last string is not always null terminated
2640 (for e.g. for Windows XP & 2000) */
2641 if (ses->serverDomain)
2642 kfree(ses->serverDomain);
2646 if (ses->serverDomain == NULL)
2647 goto sesssetup_nomem;
2648 cifs_strfromUCS_le(ses->serverDomain,
2651 bcc_ptr += 2 * (len + 1);
2652 ses->serverDomain[2*len] = 0;
2653 ses->serverDomain[1+(2*len)] = 0;
2654 } else { /* else no more room so create
2655 dummy domain string */
2656 if (ses->serverDomain)
2657 kfree(ses->serverDomain);
2659 kzalloc(2, GFP_KERNEL);
2661 } else { /* no room so create dummy domain
2664 /* if these kcallocs fail not much we
2665 can do, but better to not fail the
2667 kfree(ses->serverDomain);
2669 kzalloc(2, GFP_KERNEL);
2670 kfree(ses->serverNOS);
2672 kzalloc(2, GFP_KERNEL);
2674 } else { /* ASCII */
2675 len = strnlen(bcc_ptr, 1024);
2676 if (((long) bcc_ptr + len) - (long)
2677 pByteArea(smb_buffer_response)
2678 <= BCC(smb_buffer_response)) {
2679 kfree(ses->serverOS);
2680 ses->serverOS = kzalloc(len + 1,
2682 if (ses->serverOS == NULL)
2683 goto sesssetup_nomem;
2684 strncpy(ses->serverOS, bcc_ptr, len);
2687 /* null terminate the string */
2691 len = strnlen(bcc_ptr, 1024);
2692 kfree(ses->serverNOS);
2693 ses->serverNOS = kzalloc(len + 1,
2695 if (ses->serverNOS == NULL)
2696 goto sesssetup_nomem;
2697 strncpy(ses->serverNOS, bcc_ptr, len);
2702 len = strnlen(bcc_ptr, 1024);
2703 if (ses->serverDomain)
2704 kfree(ses->serverDomain);
2705 ses->serverDomain = kzalloc(len + 1,
2707 if (ses->serverDomain == NULL)
2708 goto sesssetup_nomem;
2709 strncpy(ses->serverDomain, bcc_ptr,
2716 ("Variable field of length %d "
2717 "extends beyond end of smb ",
2722 (" Security Blob Length extends beyond "
2727 (" Invalid Word count %d: ",
2728 smb_buffer_response->WordCount));
2731 sesssetup_nomem: /* do not return an error on nomem for the info strings,
2732 since that could make reconnection harder, and
2733 reconnection might be needed to free memory */
2734 cifs_buf_release(smb_buffer);
2740 CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2741 struct cifsSesInfo *ses, bool *pNTLMv2_flag,
2742 const struct nls_table *nls_codepage)
2744 struct smb_hdr *smb_buffer;
2745 struct smb_hdr *smb_buffer_response;
2746 SESSION_SETUP_ANDX *pSMB;
2747 SESSION_SETUP_ANDX *pSMBr;
2751 int remaining_words = 0;
2752 int bytes_returned = 0;
2754 int SecurityBlobLength = sizeof(NEGOTIATE_MESSAGE);
2755 PNEGOTIATE_MESSAGE SecurityBlob;
2756 PCHALLENGE_MESSAGE SecurityBlob2;
2757 __u32 negotiate_flags, capabilities;
2760 cFYI(1, ("In NTLMSSP sesssetup (negotiate)"));
2763 domain = ses->domainName;
2764 *pNTLMv2_flag = false;
2765 smb_buffer = cifs_buf_get();
2766 if (smb_buffer == NULL) {
2769 smb_buffer_response = smb_buffer;
2770 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2771 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2773 /* send SMBsessionSetup here */
2774 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2775 NULL /* no tCon exists yet */ , 12 /* wct */ );
2777 smb_buffer->Mid = GetNextMid(ses->server);
2778 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2779 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2781 pSMB->req.AndXCommand = 0xFF;
2782 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2783 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2785 if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2786 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2788 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2789 CAP_EXTENDED_SECURITY;
2790 if (ses->capabilities & CAP_UNICODE) {
2791 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2792 capabilities |= CAP_UNICODE;
2794 if (ses->capabilities & CAP_STATUS32) {
2795 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2796 capabilities |= CAP_STATUS32;
2798 if (ses->capabilities & CAP_DFS) {
2799 smb_buffer->Flags2 |= SMBFLG2_DFS;
2800 capabilities |= CAP_DFS;
2802 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2804 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2805 SecurityBlob = (PNEGOTIATE_MESSAGE) bcc_ptr;
2806 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2807 SecurityBlob->MessageType = NtLmNegotiate;
2809 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
2810 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM |
2811 NTLMSSP_NEGOTIATE_56 |
2812 /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
2814 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
2815 /* if (ntlmv2_support)
2816 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;*/
2817 /* setup pointers to domain name and workstation name */
2818 bcc_ptr += SecurityBlobLength;
2820 SecurityBlob->WorkstationName.Buffer = 0;
2821 SecurityBlob->WorkstationName.Length = 0;
2822 SecurityBlob->WorkstationName.MaximumLength = 0;
2824 /* Domain not sent on first Sesssetup in NTLMSSP, instead it is sent
2825 along with username on auth request (ie the response to challenge) */
2826 SecurityBlob->DomainName.Buffer = 0;
2827 SecurityBlob->DomainName.Length = 0;
2828 SecurityBlob->DomainName.MaximumLength = 0;
2829 if (ses->capabilities & CAP_UNICODE) {
2830 if ((long) bcc_ptr % 2) {
2836 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2838 bcc_ptr += 2 * bytes_returned;
2840 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
2842 bcc_ptr += 2 * bytes_returned;
2843 bcc_ptr += 2; /* null terminate Linux version */
2845 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2847 bcc_ptr += 2 * bytes_returned;
2850 bcc_ptr += 2; /* null terminate network opsys string */
2853 bcc_ptr += 2; /* null domain */
2854 } else { /* ASCII */
2855 strcpy(bcc_ptr, "Linux version ");
2856 bcc_ptr += strlen("Linux version ");
2857 strcpy(bcc_ptr, utsname()->release);
2858 bcc_ptr += strlen(utsname()->release) + 1;
2859 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2860 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2861 bcc_ptr++; /* empty domain field */
2864 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2865 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2866 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2867 smb_buffer->smb_buf_length += count;
2868 pSMB->req.ByteCount = cpu_to_le16(count);
2870 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2871 &bytes_returned, CIFS_LONG_OP);
2873 if (smb_buffer_response->Status.CifsError ==
2874 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
2878 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2879 } else if ((smb_buffer_response->WordCount == 3)
2880 || (smb_buffer_response->WordCount == 4)) {
2881 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2882 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2884 if (action & GUEST_LOGIN)
2885 cFYI(1, (" Guest login"));
2886 /* Do we want to set anything in SesInfo struct when guest login? */
2888 bcc_ptr = pByteArea(smb_buffer_response);
2889 /* response can have either 3 or 4 word count - Samba sends 3 */
2891 SecurityBlob2 = (PCHALLENGE_MESSAGE) bcc_ptr;
2892 if (SecurityBlob2->MessageType != NtLmChallenge) {
2894 ("Unexpected NTLMSSP message type received %d",
2895 SecurityBlob2->MessageType));
2897 ses->Suid = smb_buffer_response->Uid; /* UID left in le format */
2898 cFYI(1, ("UID = %d", ses->Suid));
2899 if ((pSMBr->resp.hdr.WordCount == 3)
2900 || ((pSMBr->resp.hdr.WordCount == 4)
2902 pSMBr->resp.ByteCount))) {
2904 if (pSMBr->resp.hdr.WordCount == 4) {
2905 bcc_ptr += blob_len;
2906 cFYI(1, ("Security Blob Length %d",
2910 cFYI(1, ("NTLMSSP Challenge rcvd"));
2912 memcpy(ses->server->cryptKey,
2913 SecurityBlob2->Challenge,
2914 CIFS_CRYPTO_KEY_SIZE);
2915 if (SecurityBlob2->NegotiateFlags &
2916 cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
2917 *pNTLMv2_flag = true;
2919 if ((SecurityBlob2->NegotiateFlags &
2920 cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN))
2921 || (sign_CIFS_PDUs > 1))
2922 ses->server->secMode |=
2923 SECMODE_SIGN_REQUIRED;
2924 if ((SecurityBlob2->NegotiateFlags &
2925 cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN)) && (sign_CIFS_PDUs))
2926 ses->server->secMode |=
2927 SECMODE_SIGN_ENABLED;
2929 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2930 if ((long) (bcc_ptr) % 2) {
2932 (BCC(smb_buffer_response)
2934 /* Must word align unicode strings */
2939 (smb_buffer_response) / 2;
2942 UniStrnlen((wchar_t *) bcc_ptr,
2943 remaining_words - 1);
2944 /* We look for obvious messed up bcc or strings in response so we do not go off
2945 the end since (at least) WIN2K and Windows XP have a major bug in not null
2946 terminating last Unicode string in response */
2948 kfree(ses->serverOS);
2950 kzalloc(2 * (len + 1), GFP_KERNEL);
2951 cifs_strfromUCS_le(ses->serverOS,
2955 bcc_ptr += 2 * (len + 1);
2956 remaining_words -= len + 1;
2957 ses->serverOS[2 * len] = 0;
2958 ses->serverOS[1 + (2 * len)] = 0;
2959 if (remaining_words > 0) {
2960 len = UniStrnlen((wchar_t *)
2964 kfree(ses->serverNOS);
2966 kzalloc(2 * (len + 1),
2968 cifs_strfromUCS_le(ses->
2974 bcc_ptr += 2 * (len + 1);
2975 ses->serverNOS[2 * len] = 0;
2978 remaining_words -= len + 1;
2979 if (remaining_words > 0) {
2980 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2981 /* last string not always null terminated
2982 (for e.g. for Windows XP & 2000) */
2983 kfree(ses->serverDomain);
2995 ses->serverDomain[2*len]
3000 } /* else no more room so create dummy domain string */
3002 kfree(ses->serverDomain);
3007 } else { /* no room so create dummy domain and NOS string */
3008 kfree(ses->serverDomain);
3010 kzalloc(2, GFP_KERNEL);
3011 kfree(ses->serverNOS);
3013 kzalloc(2, GFP_KERNEL);
3015 } else { /* ASCII */
3016 len = strnlen(bcc_ptr, 1024);
3017 if (((long) bcc_ptr + len) - (long)
3018 pByteArea(smb_buffer_response)
3019 <= BCC(smb_buffer_response)) {
3021 kfree(ses->serverOS);
3025 strncpy(ses->serverOS,
3029 bcc_ptr[0] = 0; /* null terminate string */
3032 len = strnlen(bcc_ptr, 1024);
3033 kfree(ses->serverNOS);
3037 strncpy(ses->serverNOS, bcc_ptr, len);
3042 len = strnlen(bcc_ptr, 1024);
3043 kfree(ses->serverDomain);
3047 strncpy(ses->serverDomain,
3054 ("field of length %d "
3055 "extends beyond end of smb",
3059 cERROR(1, ("Security Blob Length extends beyond"
3063 cERROR(1, ("No session structure passed in."));
3067 (" Invalid Word count %d:",
3068 smb_buffer_response->WordCount));
3072 cifs_buf_release(smb_buffer);
3077 CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
3078 char *ntlm_session_key, bool ntlmv2_flag,
3079 const struct nls_table *nls_codepage)
3081 struct smb_hdr *smb_buffer;
3082 struct smb_hdr *smb_buffer_response;
3083 SESSION_SETUP_ANDX *pSMB;
3084 SESSION_SETUP_ANDX *pSMBr;
3089 int remaining_words = 0;
3090 int bytes_returned = 0;
3092 int SecurityBlobLength = sizeof(AUTHENTICATE_MESSAGE);
3093 PAUTHENTICATE_MESSAGE SecurityBlob;
3094 __u32 negotiate_flags, capabilities;
3097 cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
3100 user = ses->userName;
3101 domain = ses->domainName;
3102 smb_buffer = cifs_buf_get();
3103 if (smb_buffer == NULL) {
3106 smb_buffer_response = smb_buffer;
3107 pSMB = (SESSION_SETUP_ANDX *)smb_buffer;
3108 pSMBr = (SESSION_SETUP_ANDX *)smb_buffer_response;
3110 /* send SMBsessionSetup here */
3111 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
3112 NULL /* no tCon exists yet */ , 12 /* wct */ );
3114 smb_buffer->Mid = GetNextMid(ses->server);
3115 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
3116 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
3117 pSMB->req.AndXCommand = 0xFF;
3118 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
3119 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
3121 pSMB->req.hdr.Uid = ses->Suid;
3123 if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3124 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3126 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
3127 CAP_EXTENDED_SECURITY;
3128 if (ses->capabilities & CAP_UNICODE) {
3129 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3130 capabilities |= CAP_UNICODE;
3132 if (ses->capabilities & CAP_STATUS32) {
3133 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3134 capabilities |= CAP_STATUS32;
3136 if (ses->capabilities & CAP_DFS) {
3137 smb_buffer->Flags2 |= SMBFLG2_DFS;
3138 capabilities |= CAP_DFS;
3140 pSMB->req.Capabilities = cpu_to_le32(capabilities);
3142 bcc_ptr = (char *)&pSMB->req.SecurityBlob;
3143 SecurityBlob = (PAUTHENTICATE_MESSAGE)bcc_ptr;
3144 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
3145 SecurityBlob->MessageType = NtLmAuthenticate;
3146 bcc_ptr += SecurityBlobLength;
3147 negotiate_flags = NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
3148 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
3149 0x80000000 | NTLMSSP_NEGOTIATE_128;
3151 negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
3153 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
3155 /* setup pointers to domain name and workstation name */
3157 SecurityBlob->WorkstationName.Buffer = 0;
3158 SecurityBlob->WorkstationName.Length = 0;
3159 SecurityBlob->WorkstationName.MaximumLength = 0;
3160 SecurityBlob->SessionKey.Length = 0;
3161 SecurityBlob->SessionKey.MaximumLength = 0;
3162 SecurityBlob->SessionKey.Buffer = 0;
3164 SecurityBlob->LmChallengeResponse.Length = 0;
3165 SecurityBlob->LmChallengeResponse.MaximumLength = 0;
3166 SecurityBlob->LmChallengeResponse.Buffer = 0;
3168 SecurityBlob->NtChallengeResponse.Length =
3169 cpu_to_le16(CIFS_SESS_KEY_SIZE);
3170 SecurityBlob->NtChallengeResponse.MaximumLength =
3171 cpu_to_le16(CIFS_SESS_KEY_SIZE);
3172 memcpy(bcc_ptr, ntlm_session_key, CIFS_SESS_KEY_SIZE);
3173 SecurityBlob->NtChallengeResponse.Buffer =
3174 cpu_to_le32(SecurityBlobLength);
3175 SecurityBlobLength += CIFS_SESS_KEY_SIZE;
3176 bcc_ptr += CIFS_SESS_KEY_SIZE;
3178 if (ses->capabilities & CAP_UNICODE) {
3179 if (domain == NULL) {
3180 SecurityBlob->DomainName.Buffer = 0;
3181 SecurityBlob->DomainName.Length = 0;
3182 SecurityBlob->DomainName.MaximumLength = 0;
3184 __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
3187 SecurityBlob->DomainName.MaximumLength =
3189 SecurityBlob->DomainName.Buffer =
3190 cpu_to_le32(SecurityBlobLength);
3192 SecurityBlobLength += ln;
3193 SecurityBlob->DomainName.Length = cpu_to_le16(ln);
3196 SecurityBlob->UserName.Buffer = 0;
3197 SecurityBlob->UserName.Length = 0;
3198 SecurityBlob->UserName.MaximumLength = 0;
3200 __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, user, 64,
3203 SecurityBlob->UserName.MaximumLength =
3205 SecurityBlob->UserName.Buffer =
3206 cpu_to_le32(SecurityBlobLength);
3208 SecurityBlobLength += ln;
3209 SecurityBlob->UserName.Length = cpu_to_le16(ln);
3212 /* SecurityBlob->WorkstationName.Length =
3213 cifs_strtoUCS((__le16 *) bcc_ptr, "AMACHINE",64, nls_codepage);
3214 SecurityBlob->WorkstationName.Length *= 2;
3215 SecurityBlob->WorkstationName.MaximumLength =
3216 cpu_to_le16(SecurityBlob->WorkstationName.Length);
3217 SecurityBlob->WorkstationName.Buffer =
3218 cpu_to_le32(SecurityBlobLength);
3219 bcc_ptr += SecurityBlob->WorkstationName.Length;
3220 SecurityBlobLength += SecurityBlob->WorkstationName.Length;
3221 SecurityBlob->WorkstationName.Length =
3222 cpu_to_le16(SecurityBlob->WorkstationName.Length); */
3224 if ((long) bcc_ptr % 2) {
3229 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
3231 bcc_ptr += 2 * bytes_returned;
3233 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
3235 bcc_ptr += 2 * bytes_returned;
3236 bcc_ptr += 2; /* null term version string */
3238 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
3240 bcc_ptr += 2 * bytes_returned;
3243 bcc_ptr += 2; /* null terminate network opsys string */
3246 bcc_ptr += 2; /* null domain */
3247 } else { /* ASCII */
3248 if (domain == NULL) {
3249 SecurityBlob->DomainName.Buffer = 0;
3250 SecurityBlob->DomainName.Length = 0;
3251 SecurityBlob->DomainName.MaximumLength = 0;
3254 negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
3255 strncpy(bcc_ptr, domain, 63);
3256 ln = strnlen(domain, 64);
3257 SecurityBlob->DomainName.MaximumLength =
3259 SecurityBlob->DomainName.Buffer =
3260 cpu_to_le32(SecurityBlobLength);
3262 SecurityBlobLength += ln;
3263 SecurityBlob->DomainName.Length = cpu_to_le16(ln);
3266 SecurityBlob->UserName.Buffer = 0;
3267 SecurityBlob->UserName.Length = 0;
3268 SecurityBlob->UserName.MaximumLength = 0;
3271 strncpy(bcc_ptr, user, 63);
3272 ln = strnlen(user, 64);
3273 SecurityBlob->UserName.MaximumLength = cpu_to_le16(ln);
3274 SecurityBlob->UserName.Buffer =
3275 cpu_to_le32(SecurityBlobLength);
3277 SecurityBlobLength += ln;
3278 SecurityBlob->UserName.Length = cpu_to_le16(ln);
3280 /* BB fill in our workstation name if known BB */
3282 strcpy(bcc_ptr, "Linux version ");
3283 bcc_ptr += strlen("Linux version ");
3284 strcpy(bcc_ptr, utsname()->release);
3285 bcc_ptr += strlen(utsname()->release) + 1;
3286 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
3287 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
3288 bcc_ptr++; /* null domain */
3291 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
3292 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
3293 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
3294 smb_buffer->smb_buf_length += count;
3295 pSMB->req.ByteCount = cpu_to_le16(count);
3297 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
3298 &bytes_returned, CIFS_LONG_OP);
3300 /* rc = map_smb_to_linux_error(smb_buffer_response) done in SendReceive now */
3301 } else if ((smb_buffer_response->WordCount == 3) ||
3302 (smb_buffer_response->WordCount == 4)) {
3303 __u16 action = le16_to_cpu(pSMBr->resp.Action);
3304 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
3305 if (action & GUEST_LOGIN)
3306 cFYI(1, (" Guest login")); /* BB Should we set anything
3307 in SesInfo struct ? */
3308 /* if (SecurityBlob2->MessageType != NtLm??) {
3309 cFYI("Unexpected message type on auth response is %d"));
3314 ("Check challenge UID %d vs auth response UID %d",
3315 ses->Suid, smb_buffer_response->Uid));
3316 /* UID left in wire format */
3317 ses->Suid = smb_buffer_response->Uid;
3318 bcc_ptr = pByteArea(smb_buffer_response);
3319 /* response can have either 3 or 4 word count - Samba sends 3 */
3320 if ((pSMBr->resp.hdr.WordCount == 3)
3321 || ((pSMBr->resp.hdr.WordCount == 4)
3323 pSMBr->resp.ByteCount))) {
3324 if (pSMBr->resp.hdr.WordCount == 4) {
3328 ("Security Blob Length %d ",
3333 ("NTLMSSP response to Authenticate "));
3335 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3336 if ((long) (bcc_ptr) % 2) {
3338 (BCC(smb_buffer_response)
3340 bcc_ptr++; /* Unicode strings must be word aligned */
3342 remaining_words = BCC(smb_buffer_response) / 2;
3344 len = UniStrnlen((wchar_t *) bcc_ptr,
3345 remaining_words - 1);
3346 /* We look for obvious messed up bcc or strings in response so we do not go off
3347 the end since (at least) WIN2K and Windows XP have a major bug in not null
3348 terminating last Unicode string in response */
3350 kfree(ses->serverOS);
3352 kzalloc(2 * (len + 1), GFP_KERNEL);
3353 cifs_strfromUCS_le(ses->serverOS,
3357 bcc_ptr += 2 * (len + 1);
3358 remaining_words -= len + 1;
3359 ses->serverOS[2 * len] = 0;
3360 ses->serverOS[1 + (2 * len)] = 0;
3361 if (remaining_words > 0) {
3362 len = UniStrnlen((wchar_t *)
3366 kfree(ses->serverNOS);
3368 kzalloc(2 * (len + 1),
3370 cifs_strfromUCS_le(ses->
3376 bcc_ptr += 2 * (len + 1);
3377 ses->serverNOS[2 * len] = 0;
3378 ses->serverNOS[1+(2*len)] = 0;
3379 remaining_words -= len + 1;
3380 if (remaining_words > 0) {
3381 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
3382 /* last string not always null terminated (e.g. for Windows XP & 2000) */
3383 if (ses->serverDomain)
3384 kfree(ses->serverDomain);
3409 } /* else no more room so create dummy domain string */
3411 if (ses->serverDomain)
3412 kfree(ses->serverDomain);
3413 ses->serverDomain = kzalloc(2,GFP_KERNEL);
3415 } else { /* no room so create dummy domain and NOS string */
3416 if (ses->serverDomain)
3417 kfree(ses->serverDomain);
3418 ses->serverDomain = kzalloc(2, GFP_KERNEL);
3419 kfree(ses->serverNOS);
3420 ses->serverNOS = kzalloc(2, GFP_KERNEL);
3422 } else { /* ASCII */
3423 len = strnlen(bcc_ptr, 1024);
3424 if (((long) bcc_ptr + len) -
3425 (long) pByteArea(smb_buffer_response)
3426 <= BCC(smb_buffer_response)) {
3428 kfree(ses->serverOS);
3429 ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
3430 strncpy(ses->serverOS,bcc_ptr, len);
3433 bcc_ptr[0] = 0; /* null terminate the string */
3436 len = strnlen(bcc_ptr, 1024);
3437 kfree(ses->serverNOS);
3438 ses->serverNOS = kzalloc(len+1,
3440 strncpy(ses->serverNOS,
3446 len = strnlen(bcc_ptr, 1024);
3447 if (ses->serverDomain)
3448 kfree(ses->serverDomain);
3452 strncpy(ses->serverDomain,
3458 cFYI(1, ("field of length %d "
3459 "extends beyond end of smb ",
3463 cERROR(1, ("Security Blob extends beyond end "
3467 cERROR(1, ("No session structure passed in."));
3470 cERROR(1, ("Invalid Word count %d: ",
3471 smb_buffer_response->WordCount));
3475 cifs_buf_release(smb_buffer);
3481 CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3482 const char *tree, struct cifsTconInfo *tcon,
3483 const struct nls_table *nls_codepage)
3485 struct smb_hdr *smb_buffer;
3486 struct smb_hdr *smb_buffer_response;
3489 unsigned char *bcc_ptr;
3497 smb_buffer = cifs_buf_get();
3498 if (smb_buffer == NULL) {
3501 smb_buffer_response = smb_buffer;
3503 header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3504 NULL /*no tid */ , 4 /*wct */ );
3506 smb_buffer->Mid = GetNextMid(ses->server);
3507 smb_buffer->Uid = ses->Suid;
3508 pSMB = (TCONX_REQ *) smb_buffer;
3509 pSMBr = (TCONX_RSP *) smb_buffer_response;
3511 pSMB->AndXCommand = 0xFF;
3512 pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
3513 bcc_ptr = &pSMB->Password[0];
3514 if ((ses->server->secMode) & SECMODE_USER) {
3515 pSMB->PasswordLength = cpu_to_le16(1); /* minimum */
3516 *bcc_ptr = 0; /* password is null byte */
3517 bcc_ptr++; /* skip password */
3518 /* already aligned so no need to do it below */
3520 pSMB->PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);
3521 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3522 specified as required (when that support is added to
3523 the vfs in the future) as only NTLM or the much
3524 weaker LANMAN (which we do not send by default) is accepted
3525 by Samba (not sure whether other servers allow
3526 NTLMv2 password here) */
3527 #ifdef CONFIG_CIFS_WEAK_PW_HASH
3528 if ((extended_security & CIFSSEC_MAY_LANMAN) &&
3529 (ses->server->secType == LANMAN))
3530 calc_lanman_hash(ses, bcc_ptr);
3532 #endif /* CIFS_WEAK_PW_HASH */
3533 SMBNTencrypt(ses->password,
3534 ses->server->cryptKey,
3537 bcc_ptr += CIFS_SESS_KEY_SIZE;
3538 if (ses->capabilities & CAP_UNICODE) {
3539 /* must align unicode strings */
3540 *bcc_ptr = 0; /* null byte password */
3545 if (ses->server->secMode &
3546 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3547 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3549 if (ses->capabilities & CAP_STATUS32) {
3550 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3552 if (ses->capabilities & CAP_DFS) {
3553 smb_buffer->Flags2 |= SMBFLG2_DFS;
3555 if (ses->capabilities & CAP_UNICODE) {
3556 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3558 cifs_strtoUCS((__le16 *) bcc_ptr, tree,
3559 6 /* max utf8 char length in bytes */ *
3560 (/* server len*/ + 256 /* share len */), nls_codepage);
3561 bcc_ptr += 2 * length; /* convert num 16 bit words to bytes */
3562 bcc_ptr += 2; /* skip trailing null */
3563 } else { /* ASCII */
3564 strcpy(bcc_ptr, tree);
3565 bcc_ptr += strlen(tree) + 1;
3567 strcpy(bcc_ptr, "?????");
3568 bcc_ptr += strlen("?????");
3570 count = bcc_ptr - &pSMB->Password[0];
3571 pSMB->hdr.smb_buf_length += count;
3572 pSMB->ByteCount = cpu_to_le16(count);
3574 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length,
3577 /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3578 /* above now done in SendReceive */
3579 if ((rc == 0) && (tcon != NULL)) {
3580 tcon->tidStatus = CifsGood;
3581 tcon->need_reconnect = false;
3582 tcon->tid = smb_buffer_response->Tid;
3583 bcc_ptr = pByteArea(smb_buffer_response);
3584 length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2);
3585 /* skip service field (NB: this field is always ASCII) */
3587 if ((bcc_ptr[0] == 'I') && (bcc_ptr[1] == 'P') &&
3588 (bcc_ptr[2] == 'C')) {
3589 cFYI(1, ("IPC connection"));
3592 } else if (length == 2) {
3593 if ((bcc_ptr[0] == 'A') && (bcc_ptr[1] == ':')) {
3594 /* the most common case */
3595 cFYI(1, ("disk share connection"));
3598 bcc_ptr += length + 1;
3599 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3600 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3601 length = UniStrnlen((wchar_t *) bcc_ptr, 512);
3602 if ((bcc_ptr + (2 * length)) -
3603 pByteArea(smb_buffer_response) <=
3604 BCC(smb_buffer_response)) {
3605 kfree(tcon->nativeFileSystem);
3606 tcon->nativeFileSystem =
3607 kzalloc(length + 2, GFP_KERNEL);
3608 if (tcon->nativeFileSystem)
3610 tcon->nativeFileSystem,
3612 length, nls_codepage);
3613 bcc_ptr += 2 * length;
3614 bcc_ptr[0] = 0; /* null terminate the string */
3618 /* else do not bother copying these information fields*/
3620 length = strnlen(bcc_ptr, 1024);
3621 if ((bcc_ptr + length) -
3622 pByteArea(smb_buffer_response) <=
3623 BCC(smb_buffer_response)) {
3624 kfree(tcon->nativeFileSystem);
3625 tcon->nativeFileSystem =
3626 kzalloc(length + 1, GFP_KERNEL);
3627 if (tcon->nativeFileSystem)
3628 strncpy(tcon->nativeFileSystem, bcc_ptr,
3631 /* else do not bother copying these information fields*/
3633 if ((smb_buffer_response->WordCount == 3) ||
3634 (smb_buffer_response->WordCount == 7))
3635 /* field is in same location */
3636 tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3639 cFYI(1, ("Tcon flags: 0x%x ", tcon->Flags));
3640 } else if ((rc == 0) && tcon == NULL) {
3641 /* all we need to save for IPC$ connection */
3642 ses->ipc_tid = smb_buffer_response->Tid;
3645 cifs_buf_release(smb_buffer);
3650 cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3656 cifs_put_tcon(cifs_sb->tcon);
3658 cifs_sb->tcon = NULL;
3659 tmp = cifs_sb->prepath;
3660 cifs_sb->prepathlen = 0;
3661 cifs_sb->prepath = NULL;
3667 int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
3668 struct nls_table *nls_info)
3671 char ntlm_session_key[CIFS_SESS_KEY_SIZE];
3672 bool ntlmv2_flag = false;
3674 struct TCP_Server_Info *server = pSesInfo->server;
3676 /* what if server changes its buffer size after dropping the session? */
3677 if (server->maxBuf == 0) /* no need to send on reconnect */ {
3678 rc = CIFSSMBNegotiate(xid, pSesInfo);
3679 if (rc == -EAGAIN) {
3680 /* retry only once on 1st time connection */
3681 rc = CIFSSMBNegotiate(xid, pSesInfo);
3686 spin_lock(&GlobalMid_Lock);
3687 if (server->tcpStatus != CifsExiting)
3688 server->tcpStatus = CifsGood;
3691 spin_unlock(&GlobalMid_Lock);
3700 pSesInfo->flags = 0;
3701 pSesInfo->capabilities = server->capabilities;
3702 if (linuxExtEnabled == 0)
3703 pSesInfo->capabilities &= (~CAP_UNIX);
3704 /* pSesInfo->sequence_number = 0;*/
3705 cFYI(1, ("Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d",
3706 server->secMode, server->capabilities, server->timeAdj));
3708 if (experimEnabled < 2)
3709 rc = CIFS_SessSetup(xid, pSesInfo, first_time, nls_info);
3710 else if (extended_security
3711 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3712 && (server->secType == NTLMSSP)) {
3714 } else if (extended_security
3715 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3716 && (server->secType == RawNTLMSSP)) {
3717 cFYI(1, ("NTLMSSP sesssetup"));
3718 rc = CIFSNTLMSSPNegotiateSessSetup(xid, pSesInfo, &ntlmv2_flag,
3723 cFYI(1, ("more secure NTLM ver2 hash"));
3724 if (CalcNTLMv2_partial_mac_key(pSesInfo,
3729 v2_response = kmalloc(16 + 64 /* blob*/,
3732 CalcNTLMv2_response(pSesInfo,
3735 cifs_calculate_ntlmv2_mac_key */
3737 /* BB Put dummy sig in SessSetup PDU? */
3744 SMBNTencrypt(pSesInfo->password,
3749 cifs_calculate_mac_key(
3750 &server->mac_signing_key,
3752 pSesInfo->password);
3754 /* for better security the weaker lanman hash not sent
3755 in AuthSessSetup so we no longer calculate it */
3757 rc = CIFSNTLMSSPAuthSessSetup(xid, pSesInfo,
3762 } else { /* old style NTLM 0.12 session setup */
3763 SMBNTencrypt(pSesInfo->password, server->cryptKey,
3767 cifs_calculate_mac_key(&server->mac_signing_key,
3769 pSesInfo->password);
3771 rc = CIFSSessSetup(xid, pSesInfo, ntlm_session_key, nls_info);
3774 cERROR(1, ("Send error in SessSetup = %d", rc));
3776 cFYI(1, ("CIFS Session Established successfully"));
3777 spin_lock(&GlobalMid_Lock);
3778 pSesInfo->status = CifsGood;
3779 pSesInfo->need_reconnect = false;
3780 spin_unlock(&GlobalMid_Lock);