4 * Copyright (C) International Business Machines Corp., 2002,2006
5 * Author(s): Steve French (sfrench@us.ibm.com)
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/ipv6.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/pagevec.h>
34 #include <asm/uaccess.h>
35 #include <asm/processor.h>
38 #include "cifsproto.h"
39 #include "cifs_unicode.h"
40 #include "cifs_debug.h"
41 #include "cifs_fs_sb.h"
44 #include "rfc1002pdu.h"
48 #define RFC1001_PORT 139
50 static DECLARE_COMPLETION(cifsd_complete);
52 extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
55 extern mempool_t *cifs_req_poolp;
63 char *in6_addr; /* ipv6 address as human readable form of in6_addr */
64 char *iocharset; /* local code page for mapping to and from Unicode */
65 char source_rfc1001_name[16]; /* netbios name of client */
66 char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
77 unsigned no_psx_acl:1; /* set if posix acl support should be disabled */
79 unsigned no_xattr:1; /* set if xattr (EA) support should be disabled*/
80 unsigned server_ino:1; /* use inode numbers from server ie UniqueId */
82 unsigned remap:1; /* set to remap seven reserved chars in filenames */
83 unsigned posix_paths:1; /* unset to not ask for posix pathnames. */
85 unsigned nullauth:1; /* attempt to authenticate with null user */
86 unsigned nocase; /* request case insensitive filenames */
87 unsigned nobrl; /* disable sending byte range locks to srv */
91 unsigned short int port;
95 static int ipv4_connect(struct sockaddr_in *psin_server,
96 struct socket **csocket,
98 char * server_netb_name);
99 static int ipv6_connect(struct sockaddr_in6 *psin_server,
100 struct socket **csocket);
104 * cifs tcp session reconnection
106 * mark tcp session as reconnecting so temporarily locked
107 * mark all smb sessions as reconnecting for tcp session
108 * reconnect tcp session
109 * wake up waiters on reconnection? - (not needed currently)
113 cifs_reconnect(struct TCP_Server_Info *server)
116 struct list_head *tmp;
117 struct cifsSesInfo *ses;
118 struct cifsTconInfo *tcon;
119 struct mid_q_entry * mid_entry;
121 spin_lock(&GlobalMid_Lock);
122 if(server->tcpStatus == CifsExiting) {
123 /* the demux thread will exit normally
124 next time through the loop */
125 spin_unlock(&GlobalMid_Lock);
128 server->tcpStatus = CifsNeedReconnect;
129 spin_unlock(&GlobalMid_Lock);
132 cFYI(1, ("Reconnecting tcp session"));
134 /* before reconnecting the tcp session, mark the smb session (uid)
135 and the tid bad so they are not used until reconnected */
136 read_lock(&GlobalSMBSeslock);
137 list_for_each(tmp, &GlobalSMBSessionList) {
138 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
140 if (ses->server == server) {
141 ses->status = CifsNeedReconnect;
145 /* else tcp and smb sessions need reconnection */
147 list_for_each(tmp, &GlobalTreeConnectionList) {
148 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
149 if((tcon) && (tcon->ses) && (tcon->ses->server == server)) {
150 tcon->tidStatus = CifsNeedReconnect;
153 read_unlock(&GlobalSMBSeslock);
154 /* do not want to be sending data on a socket we are freeing */
155 down(&server->tcpSem);
156 if(server->ssocket) {
157 cFYI(1,("State: 0x%x Flags: 0x%lx", server->ssocket->state,
158 server->ssocket->flags));
159 server->ssocket->ops->shutdown(server->ssocket,SEND_SHUTDOWN);
160 cFYI(1,("Post shutdown state: 0x%x Flags: 0x%lx", server->ssocket->state,
161 server->ssocket->flags));
162 sock_release(server->ssocket);
163 server->ssocket = NULL;
166 spin_lock(&GlobalMid_Lock);
167 list_for_each(tmp, &server->pending_mid_q) {
168 mid_entry = list_entry(tmp, struct
172 if(mid_entry->midState == MID_REQUEST_SUBMITTED) {
173 /* Mark other intransit requests as needing
174 retry so we do not immediately mark the
175 session bad again (ie after we reconnect
176 below) as they timeout too */
177 mid_entry->midState = MID_RETRY_NEEDED;
181 spin_unlock(&GlobalMid_Lock);
184 while ((server->tcpStatus != CifsExiting) && (server->tcpStatus != CifsGood))
187 if(server->protocolType == IPV6) {
188 rc = ipv6_connect(&server->addr.sockAddr6,&server->ssocket);
190 rc = ipv4_connect(&server->addr.sockAddr,
192 server->workstation_RFC1001_name,
193 server->server_RFC1001_name);
196 cFYI(1,("reconnect error %d",rc));
199 atomic_inc(&tcpSesReconnectCount);
200 spin_lock(&GlobalMid_Lock);
201 if(server->tcpStatus != CifsExiting)
202 server->tcpStatus = CifsGood;
203 server->sequence_number = 0;
204 spin_unlock(&GlobalMid_Lock);
205 /* atomic_set(&server->inFlight,0);*/
206 wake_up(&server->response_q);
214 0 not a transact2, or all data present
215 >0 transact2 with that much data missing
216 -EINVAL = invalid transact2
219 static int check2ndT2(struct smb_hdr * pSMB, unsigned int maxBufSize)
221 struct smb_t2_rsp * pSMBt;
223 int data_in_this_rsp;
226 if(pSMB->Command != SMB_COM_TRANSACTION2)
229 /* check for plausible wct, bcc and t2 data and parm sizes */
230 /* check for parm and data offset going beyond end of smb */
231 if(pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
232 cFYI(1,("invalid transact2 word count"));
236 pSMBt = (struct smb_t2_rsp *)pSMB;
238 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
239 data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
241 remaining = total_data_size - data_in_this_rsp;
245 else if(remaining < 0) {
246 cFYI(1,("total data %d smaller than data in frame %d",
247 total_data_size, data_in_this_rsp));
250 cFYI(1,("missing %d bytes from transact2, check next response",
252 if(total_data_size > maxBufSize) {
253 cERROR(1,("TotalDataSize %d is over maximum buffer %d",
254 total_data_size,maxBufSize));
261 static int coalesce_t2(struct smb_hdr * psecond, struct smb_hdr *pTargetSMB)
263 struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
264 struct smb_t2_rsp *pSMBt = (struct smb_t2_rsp *)pTargetSMB;
269 char * data_area_of_target;
270 char * data_area_of_buf2;
273 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
275 if(total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
276 cFYI(1,("total data sizes of primary and secondary t2 differ"));
279 total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
281 remaining = total_data_size - total_in_buf;
286 if(remaining == 0) /* nothing to do, ignore */
289 total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
290 if(remaining < total_in_buf2) {
291 cFYI(1,("transact2 2nd response contains too much data"));
294 /* find end of first SMB data area */
295 data_area_of_target = (char *)&pSMBt->hdr.Protocol +
296 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
297 /* validate target area */
299 data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
300 le16_to_cpu(pSMB2->t2_rsp.DataOffset);
302 data_area_of_target += total_in_buf;
304 /* copy second buffer into end of first buffer */
305 memcpy(data_area_of_target,data_area_of_buf2,total_in_buf2);
306 total_in_buf += total_in_buf2;
307 pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
308 byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
309 byte_count += total_in_buf2;
310 BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
312 byte_count = pTargetSMB->smb_buf_length;
313 byte_count += total_in_buf2;
315 /* BB also add check that we are not beyond maximum buffer size */
317 pTargetSMB->smb_buf_length = byte_count;
319 if(remaining == total_in_buf2) {
320 cFYI(1,("found the last secondary response"));
321 return 0; /* we are done */
322 } else /* more responses to go */
328 cifs_demultiplex_thread(struct TCP_Server_Info *server)
331 unsigned int pdu_length, total_read;
332 struct smb_hdr *smb_buffer = NULL;
333 struct smb_hdr *bigbuf = NULL;
334 struct smb_hdr *smallbuf = NULL;
335 struct msghdr smb_msg;
337 struct socket *csocket = server->ssocket;
338 struct list_head *tmp;
339 struct cifsSesInfo *ses;
340 struct task_struct *task_to_wake = NULL;
341 struct mid_q_entry *mid_entry;
343 int isLargeBuf = FALSE;
348 allow_signal(SIGKILL);
349 current->flags |= PF_MEMALLOC;
350 server->tsk = current; /* save process info to wake at shutdown */
351 cFYI(1, ("Demultiplex PID: %d", current->pid));
352 write_lock(&GlobalSMBSeslock);
353 atomic_inc(&tcpSesAllocCount);
354 length = tcpSesAllocCount.counter;
355 write_unlock(&GlobalSMBSeslock);
356 complete(&cifsd_complete);
358 mempool_resize(cifs_req_poolp,
359 length + cifs_min_rcv,
363 while (server->tcpStatus != CifsExiting) {
366 if (bigbuf == NULL) {
367 bigbuf = cifs_buf_get();
369 cERROR(1, ("No memory for large SMB response"));
371 /* retry will check if exiting */
374 } else if (isLargeBuf) {
375 /* we are reusing a dirty large buf, clear its start */
376 memset(bigbuf, 0, sizeof (struct smb_hdr));
379 if (smallbuf == NULL) {
380 smallbuf = cifs_small_buf_get();
382 cERROR(1, ("No memory for SMB response"));
384 /* retry will check if exiting */
387 /* beginning of smb buffer is cleared in our buf_get */
388 } else /* if existing small buf clear beginning */
389 memset(smallbuf, 0, sizeof (struct smb_hdr));
393 smb_buffer = smallbuf;
394 iov.iov_base = smb_buffer;
396 smb_msg.msg_control = NULL;
397 smb_msg.msg_controllen = 0;
399 kernel_recvmsg(csocket, &smb_msg,
400 &iov, 1, 4, 0 /* BB see socket.h flags */);
402 if (server->tcpStatus == CifsExiting) {
404 } else if (server->tcpStatus == CifsNeedReconnect) {
405 cFYI(1, ("Reconnect after server stopped responding"));
406 cifs_reconnect(server);
407 cFYI(1, ("call to reconnect done"));
408 csocket = server->ssocket;
410 } else if ((length == -ERESTARTSYS) || (length == -EAGAIN)) {
411 msleep(1); /* minimum sleep to prevent looping
412 allowing socket to clear and app threads to set
413 tcpStatus CifsNeedReconnect if server hung */
415 } else if (length <= 0) {
416 if (server->tcpStatus == CifsNew) {
417 cFYI(1, ("tcp session abend after SMBnegprot"));
418 /* some servers kill the TCP session rather than
419 returning an SMB negprot error, in which
420 case reconnecting here is not going to help,
421 and so simply return error to mount */
424 if (!try_to_freeze() && (length == -EINTR)) {
425 cFYI(1,("cifsd thread killed"));
428 cFYI(1,("Reconnect after unexpected peek error %d",
430 cifs_reconnect(server);
431 csocket = server->ssocket;
432 wake_up(&server->response_q);
434 } else if (length < 4) {
436 ("Frame under four bytes received (%d bytes long)",
438 cifs_reconnect(server);
439 csocket = server->ssocket;
440 wake_up(&server->response_q);
444 /* The right amount was read from socket - 4 bytes */
445 /* so we can now interpret the length field */
447 /* the first byte big endian of the length field,
448 is actually not part of the length but the type
449 with the most common, zero, as regular data */
450 temp = *((char *) smb_buffer);
452 /* Note that FC 1001 length is big endian on the wire,
453 but we convert it here so it is always manipulated
454 as host byte order */
455 pdu_length = ntohl(smb_buffer->smb_buf_length);
456 smb_buffer->smb_buf_length = pdu_length;
458 cFYI(1,("rfc1002 length 0x%x)", pdu_length+4));
460 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
462 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
463 cFYI(1,("Good RFC 1002 session rsp"));
465 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
466 /* we get this from Windows 98 instead of
467 an error on SMB negprot response */
468 cFYI(1,("Negative RFC1002 Session Response Error 0x%x)",
470 if(server->tcpStatus == CifsNew) {
471 /* if nack on negprot (rather than
472 ret of smb negprot error) reconnecting
473 not going to help, ret error to mount */
476 /* give server a second to
477 clean up before reconnect attempt */
479 /* always try 445 first on reconnect
480 since we get NACK on some if we ever
481 connected to port 139 (the NACK is
482 since we do not begin with RFC1001
483 session initialize frame) */
484 server->addr.sockAddr.sin_port =
486 cifs_reconnect(server);
487 csocket = server->ssocket;
488 wake_up(&server->response_q);
491 } else if (temp != (char) 0) {
492 cERROR(1,("Unknown RFC 1002 frame"));
493 cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
495 cifs_reconnect(server);
496 csocket = server->ssocket;
500 /* else we have an SMB response */
501 if((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
502 (pdu_length < sizeof (struct smb_hdr) - 1 - 4)) {
503 cERROR(1, ("Invalid size SMB length %d pdu_length %d",
504 length, pdu_length+4));
505 cifs_reconnect(server);
506 csocket = server->ssocket;
507 wake_up(&server->response_q);
514 if(pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
516 memcpy(bigbuf, smallbuf, 4);
520 iov.iov_base = 4 + (char *)smb_buffer;
521 iov.iov_len = pdu_length;
522 for (total_read = 0; total_read < pdu_length;
523 total_read += length) {
524 length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
525 pdu_length - total_read, 0);
526 if((server->tcpStatus == CifsExiting) ||
527 (length == -EINTR)) {
531 } else if (server->tcpStatus == CifsNeedReconnect) {
532 cifs_reconnect(server);
533 csocket = server->ssocket;
534 /* Reconnect wakes up rspns q */
535 /* Now we will reread sock */
538 } else if ((length == -ERESTARTSYS) ||
539 (length == -EAGAIN)) {
540 msleep(1); /* minimum sleep to prevent looping,
541 allowing socket to clear and app
542 threads to set tcpStatus
543 CifsNeedReconnect if server hung*/
545 } else if (length <= 0) {
546 cERROR(1,("Received no data, expecting %d",
547 pdu_length - total_read));
548 cifs_reconnect(server);
549 csocket = server->ssocket;
556 else if(reconnect == 1)
559 length += 4; /* account for rfc1002 hdr */
562 dump_smb(smb_buffer, length);
563 if (checkSMB(smb_buffer, smb_buffer->Mid, total_read+4)) {
564 cifs_dump_mem("Bad SMB: ", smb_buffer, 48);
570 spin_lock(&GlobalMid_Lock);
571 list_for_each(tmp, &server->pending_mid_q) {
572 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
574 if ((mid_entry->mid == smb_buffer->Mid) &&
575 (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
576 (mid_entry->command == smb_buffer->Command)) {
577 if(check2ndT2(smb_buffer,server->maxBuf) > 0) {
578 /* We have a multipart transact2 resp */
580 if(mid_entry->resp_buf) {
581 /* merge response - fix up 1st*/
582 if(coalesce_t2(smb_buffer,
583 mid_entry->resp_buf)) {
584 mid_entry->multiRsp = 1;
587 /* all parts received */
588 mid_entry->multiEnd = 1;
593 cERROR(1,("1st trans2 resp needs bigbuf"));
594 /* BB maybe we can fix this up, switch
595 to already allocated large buffer? */
597 /* Have first buffer */
598 mid_entry->resp_buf =
600 mid_entry->largeBuf = 1;
606 mid_entry->resp_buf = smb_buffer;
608 mid_entry->largeBuf = 1;
610 mid_entry->largeBuf = 0;
612 task_to_wake = mid_entry->tsk;
613 mid_entry->midState = MID_RESPONSE_RECEIVED;
614 #ifdef CONFIG_CIFS_STATS2
615 mid_entry->when_received = jiffies;
617 /* so we do not time out requests to server
618 which is still responding (since server could
619 be busy but not dead) */
620 server->lstrp = jiffies;
624 spin_unlock(&GlobalMid_Lock);
626 /* Was previous buf put in mpx struct for multi-rsp? */
628 /* smb buffer will be freed by user thread */
634 wake_up_process(task_to_wake);
635 } else if ((is_valid_oplock_break(smb_buffer, server) == FALSE)
636 && (isMultiRsp == FALSE)) {
637 cERROR(1, ("No task to wake, unknown frame rcvd! NumMids %d", midCount.counter));
638 cifs_dump_mem("Received Data is: ",(char *)smb_buffer,
639 sizeof(struct smb_hdr));
640 #ifdef CONFIG_CIFS_DEBUG2
641 cifs_dump_detail(smb_buffer);
642 cifs_dump_mids(server);
643 #endif /* CIFS_DEBUG2 */
646 } /* end while !EXITING */
648 spin_lock(&GlobalMid_Lock);
649 server->tcpStatus = CifsExiting;
651 /* check if we have blocked requests that need to free */
652 /* Note that cifs_max_pending is normally 50, but
653 can be set at module install time to as little as two */
654 if(atomic_read(&server->inFlight) >= cifs_max_pending)
655 atomic_set(&server->inFlight, cifs_max_pending - 1);
656 /* We do not want to set the max_pending too low or we
657 could end up with the counter going negative */
658 spin_unlock(&GlobalMid_Lock);
659 /* Although there should not be any requests blocked on
660 this queue it can not hurt to be paranoid and try to wake up requests
661 that may haven been blocked when more than 50 at time were on the wire
662 to the same server - they now will see the session is in exit state
663 and get out of SendReceive. */
664 wake_up_all(&server->request_q);
665 /* give those requests time to exit */
668 if(server->ssocket) {
669 sock_release(csocket);
670 server->ssocket = NULL;
672 /* buffer usuallly freed in free_mid - need to free it here on exit */
674 cifs_buf_release(bigbuf);
675 if (smallbuf != NULL)
676 cifs_small_buf_release(smallbuf);
678 read_lock(&GlobalSMBSeslock);
679 if (list_empty(&server->pending_mid_q)) {
680 /* loop through server session structures attached to this and
682 list_for_each(tmp, &GlobalSMBSessionList) {
684 list_entry(tmp, struct cifsSesInfo,
686 if (ses->server == server) {
687 ses->status = CifsExiting;
691 read_unlock(&GlobalSMBSeslock);
693 /* although we can not zero the server struct pointer yet,
694 since there are active requests which may depnd on them,
695 mark the corresponding SMB sessions as exiting too */
696 list_for_each(tmp, &GlobalSMBSessionList) {
697 ses = list_entry(tmp, struct cifsSesInfo,
699 if (ses->server == server) {
700 ses->status = CifsExiting;
704 spin_lock(&GlobalMid_Lock);
705 list_for_each(tmp, &server->pending_mid_q) {
706 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
707 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
709 ("Clearing Mid 0x%x - waking up ",mid_entry->mid));
710 task_to_wake = mid_entry->tsk;
712 wake_up_process(task_to_wake);
716 spin_unlock(&GlobalMid_Lock);
717 read_unlock(&GlobalSMBSeslock);
718 /* 1/8th of sec is more than enough time for them to exit */
722 if (!list_empty(&server->pending_mid_q)) {
723 /* mpx threads have not exited yet give them
724 at least the smb send timeout time for long ops */
725 /* due to delays on oplock break requests, we need
726 to wait at least 45 seconds before giving up
727 on a request getting a response and going ahead
729 cFYI(1, ("Wait for exit from demultiplex thread"));
731 /* if threads still have not exited they are probably never
732 coming home not much else we can do but free the memory */
735 write_lock(&GlobalSMBSeslock);
736 atomic_dec(&tcpSesAllocCount);
737 length = tcpSesAllocCount.counter;
739 /* last chance to mark ses pointers invalid
740 if there are any pointing to this (e.g
741 if a crazy root user tried to kill cifsd
742 kernel thread explicitly this might happen) */
743 list_for_each(tmp, &GlobalSMBSessionList) {
744 ses = list_entry(tmp, struct cifsSesInfo,
746 if (ses->server == server) {
750 write_unlock(&GlobalSMBSeslock);
754 mempool_resize(cifs_req_poolp,
755 length + cifs_min_rcv,
759 complete_and_exit(&cifsd_complete, 0);
764 cifs_parse_mount_options(char *options, const char *devname,struct smb_vol *vol)
768 unsigned int temp_len, i, j;
774 if (Local_System_Name[0] != 0)
775 memcpy(vol->source_rfc1001_name, Local_System_Name,15);
777 char *nodename = utsname()->nodename;
778 int n = strnlen(nodename,15);
779 memset(vol->source_rfc1001_name,0x20,15);
780 for(i=0 ; i < n ; i++) {
781 /* does not have to be perfect mapping since field is
782 informational, only used for servers that do not support
783 port 445 and it can be overridden at mount time */
784 vol->source_rfc1001_name[i] = toupper(nodename[i]);
787 vol->source_rfc1001_name[15] = 0;
788 /* null target name indicates to use *SMBSERVR default called name
789 if we end up sending RFC1001 session initialize */
790 vol->target_rfc1001_name[0] = 0;
791 vol->linux_uid = current->uid; /* current->euid instead? */
792 vol->linux_gid = current->gid;
793 vol->dir_mode = S_IRWXUGO;
794 /* 2767 perms indicate mandatory locking support */
795 vol->file_mode = S_IALLUGO & ~(S_ISUID | S_IXGRP);
797 /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
799 /* default is always to request posix paths. */
800 vol->posix_paths = 1;
805 if(strncmp(options,"sep=",4) == 0) {
806 if(options[4] != 0) {
807 separator[0] = options[4];
810 cFYI(1,("Null separator not allowed"));
814 while ((data = strsep(&options, separator)) != NULL) {
817 if ((value = strchr(data, '=')) != NULL)
820 if (strnicmp(data, "user_xattr",10) == 0) {/*parse before user*/
822 } else if (strnicmp(data, "nouser_xattr",12) == 0) {
824 } else if (strnicmp(data, "user", 4) == 0) {
827 "CIFS: invalid or missing username\n");
828 return 1; /* needs_arg; */
830 /* null user, ie anonymous, authentication */
833 if (strnlen(value, 200) < 200) {
834 vol->username = value;
836 printk(KERN_WARNING "CIFS: username too long\n");
839 } else if (strnicmp(data, "pass", 4) == 0) {
841 vol->password = NULL;
843 } else if(value[0] == 0) {
844 /* check if string begins with double comma
845 since that would mean the password really
846 does start with a comma, and would not
847 indicate an empty string */
848 if(value[1] != separator[0]) {
849 vol->password = NULL;
853 temp_len = strlen(value);
854 /* removed password length check, NTLM passwords
855 can be arbitrarily long */
857 /* if comma in password, the string will be
858 prematurely null terminated. Commas in password are
859 specified across the cifs mount interface by a double
860 comma ie ,, and a comma used as in other cases ie ','
861 as a parameter delimiter/separator is single and due
862 to the strsep above is temporarily zeroed. */
864 /* NB: password legally can have multiple commas and
865 the only illegal character in a password is null */
867 if ((value[temp_len] == 0) &&
868 (value[temp_len+1] == separator[0])) {
870 value[temp_len] = separator[0];
871 temp_len+=2; /* move after the second comma */
872 while(value[temp_len] != 0) {
873 if (value[temp_len] == separator[0]) {
874 if (value[temp_len+1] ==
876 /* skip second comma */
879 /* single comma indicating start
886 if(value[temp_len] == 0) {
890 /* point option to start of next parm */
891 options = value + temp_len + 1;
893 /* go from value to value + temp_len condensing
894 double commas to singles. Note that this ends up
895 allocating a few bytes too many, which is ok */
896 vol->password = kzalloc(temp_len, GFP_KERNEL);
897 if(vol->password == NULL) {
898 printk("CIFS: no memory for pass\n");
901 for(i=0,j=0;i<temp_len;i++,j++) {
902 vol->password[j] = value[i];
903 if(value[i] == separator[0]
904 && value[i+1] == separator[0]) {
905 /* skip second comma */
909 vol->password[j] = 0;
911 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
912 if(vol->password == NULL) {
913 printk("CIFS: no memory for pass\n");
916 strcpy(vol->password, value);
918 } else if (strnicmp(data, "ip", 2) == 0) {
919 if (!value || !*value) {
921 } else if (strnlen(value, 35) < 35) {
924 printk(KERN_WARNING "CIFS: ip address too long\n");
927 } else if (strnicmp(data, "sec", 3) == 0) {
928 if (!value || !*value) {
929 cERROR(1,("no security value specified"));
931 } else if (strnicmp(value, "krb5i", 5) == 0) {
932 vol->secFlg |= CIFSSEC_MAY_KRB5 |
934 } else if (strnicmp(value, "krb5p", 5) == 0) {
935 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
937 cERROR(1,("Krb5 cifs privacy not supported"));
939 } else if (strnicmp(value, "krb5", 4) == 0) {
940 vol->secFlg |= CIFSSEC_MAY_KRB5;
941 } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
942 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
944 } else if (strnicmp(value, "ntlmv2", 6) == 0) {
945 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
946 } else if (strnicmp(value, "ntlmi", 5) == 0) {
947 vol->secFlg |= CIFSSEC_MAY_NTLM |
949 } else if (strnicmp(value, "ntlm", 4) == 0) {
950 /* ntlm is default so can be turned off too */
951 vol->secFlg |= CIFSSEC_MAY_NTLM;
952 } else if (strnicmp(value, "nontlm", 6) == 0) {
953 /* BB is there a better way to do this? */
954 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
955 #ifdef CONFIG_CIFS_WEAK_PW_HASH
956 } else if (strnicmp(value, "lanman", 6) == 0) {
957 vol->secFlg |= CIFSSEC_MAY_LANMAN;
959 } else if (strnicmp(value, "none", 4) == 0) {
962 cERROR(1,("bad security option: %s", value));
965 } else if ((strnicmp(data, "unc", 3) == 0)
966 || (strnicmp(data, "target", 6) == 0)
967 || (strnicmp(data, "path", 4) == 0)) {
968 if (!value || !*value) {
970 "CIFS: invalid path to network resource\n");
971 return 1; /* needs_arg; */
973 if ((temp_len = strnlen(value, 300)) < 300) {
974 vol->UNC = kmalloc(temp_len+1,GFP_KERNEL);
977 strcpy(vol->UNC,value);
978 if (strncmp(vol->UNC, "//", 2) == 0) {
981 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
983 "CIFS: UNC Path does not begin with // or \\\\ \n");
987 printk(KERN_WARNING "CIFS: UNC name too long\n");
990 } else if ((strnicmp(data, "domain", 3) == 0)
991 || (strnicmp(data, "workgroup", 5) == 0)) {
992 if (!value || !*value) {
993 printk(KERN_WARNING "CIFS: invalid domain name\n");
994 return 1; /* needs_arg; */
996 /* BB are there cases in which a comma can be valid in
997 a domain name and need special handling? */
998 if (strnlen(value, 256) < 256) {
999 vol->domainname = value;
1000 cFYI(1, ("Domain name set"));
1002 printk(KERN_WARNING "CIFS: domain name too long\n");
1005 } else if (strnicmp(data, "prefixpath", 10) == 0) {
1006 if (!value || !*value) {
1008 "CIFS: invalid path prefix\n");
1009 return 1; /* needs_arg; */
1011 if ((temp_len = strnlen(value, 1024)) < 1024) {
1013 temp_len++; /* missing leading slash */
1014 vol->prepath = kmalloc(temp_len+1,GFP_KERNEL);
1015 if(vol->prepath == NULL)
1017 if(value[0] != '/') {
1018 vol->prepath[0] = '/';
1019 strcpy(vol->prepath+1,value);
1021 strcpy(vol->prepath,value);
1022 cFYI(1,("prefix path %s",vol->prepath));
1024 printk(KERN_WARNING "CIFS: prefix too long\n");
1027 } else if (strnicmp(data, "iocharset", 9) == 0) {
1028 if (!value || !*value) {
1029 printk(KERN_WARNING "CIFS: invalid iocharset specified\n");
1030 return 1; /* needs_arg; */
1032 if (strnlen(value, 65) < 65) {
1033 if(strnicmp(value,"default",7))
1034 vol->iocharset = value;
1035 /* if iocharset not set load_nls_default used by caller */
1036 cFYI(1, ("iocharset set to %s",value));
1038 printk(KERN_WARNING "CIFS: iocharset name too long.\n");
1041 } else if (strnicmp(data, "uid", 3) == 0) {
1042 if (value && *value) {
1044 simple_strtoul(value, &value, 0);
1046 } else if (strnicmp(data, "gid", 3) == 0) {
1047 if (value && *value) {
1049 simple_strtoul(value, &value, 0);
1051 } else if (strnicmp(data, "file_mode", 4) == 0) {
1052 if (value && *value) {
1054 simple_strtoul(value, &value, 0);
1056 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1057 if (value && *value) {
1059 simple_strtoul(value, &value, 0);
1061 } else if (strnicmp(data, "dirmode", 4) == 0) {
1062 if (value && *value) {
1064 simple_strtoul(value, &value, 0);
1066 } else if (strnicmp(data, "port", 4) == 0) {
1067 if (value && *value) {
1069 simple_strtoul(value, &value, 0);
1071 } else if (strnicmp(data, "rsize", 5) == 0) {
1072 if (value && *value) {
1074 simple_strtoul(value, &value, 0);
1076 } else if (strnicmp(data, "wsize", 5) == 0) {
1077 if (value && *value) {
1079 simple_strtoul(value, &value, 0);
1081 } else if (strnicmp(data, "sockopt", 5) == 0) {
1082 if (value && *value) {
1084 simple_strtoul(value, &value, 0);
1086 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1087 if (!value || !*value || (*value == ' ')) {
1088 cFYI(1,("invalid (empty) netbiosname specified"));
1090 memset(vol->source_rfc1001_name,0x20,15);
1092 /* BB are there cases in which a comma can be
1093 valid in this workstation netbios name (and need
1094 special handling)? */
1096 /* We do not uppercase netbiosname for user */
1100 vol->source_rfc1001_name[i] = value[i];
1102 /* The string has 16th byte zero still from
1103 set at top of the function */
1104 if((i==15) && (value[i] != 0))
1105 printk(KERN_WARNING "CIFS: netbiosname longer than 15 truncated.\n");
1107 } else if (strnicmp(data, "servern", 7) == 0) {
1108 /* servernetbiosname specified override *SMBSERVER */
1109 if (!value || !*value || (*value == ' ')) {
1110 cFYI(1,("empty server netbiosname specified"));
1112 /* last byte, type, is 0x20 for servr type */
1113 memset(vol->target_rfc1001_name,0x20,16);
1116 /* BB are there cases in which a comma can be
1117 valid in this workstation netbios name (and need
1118 special handling)? */
1120 /* user or mount helper must uppercase netbiosname */
1124 vol->target_rfc1001_name[i] = value[i];
1126 /* The string has 16th byte zero still from
1127 set at top of the function */
1128 if((i==15) && (value[i] != 0))
1129 printk(KERN_WARNING "CIFS: server netbiosname longer than 15 truncated.\n");
1131 } else if (strnicmp(data, "credentials", 4) == 0) {
1133 } else if (strnicmp(data, "version", 3) == 0) {
1135 } else if (strnicmp(data, "guest",5) == 0) {
1137 } else if (strnicmp(data, "rw", 2) == 0) {
1139 } else if ((strnicmp(data, "suid", 4) == 0) ||
1140 (strnicmp(data, "nosuid", 6) == 0) ||
1141 (strnicmp(data, "exec", 4) == 0) ||
1142 (strnicmp(data, "noexec", 6) == 0) ||
1143 (strnicmp(data, "nodev", 5) == 0) ||
1144 (strnicmp(data, "noauto", 6) == 0) ||
1145 (strnicmp(data, "dev", 3) == 0)) {
1146 /* The mount tool or mount.cifs helper (if present)
1147 uses these opts to set flags, and the flags are read
1148 by the kernel vfs layer before we get here (ie
1149 before read super) so there is no point trying to
1150 parse these options again and set anything and it
1151 is ok to just ignore them */
1153 } else if (strnicmp(data, "ro", 2) == 0) {
1155 } else if (strnicmp(data, "hard", 4) == 0) {
1157 } else if (strnicmp(data, "soft", 4) == 0) {
1159 } else if (strnicmp(data, "perm", 4) == 0) {
1161 } else if (strnicmp(data, "noperm", 6) == 0) {
1163 } else if (strnicmp(data, "mapchars", 8) == 0) {
1165 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1167 } else if (strnicmp(data, "sfu", 3) == 0) {
1169 } else if (strnicmp(data, "nosfu", 5) == 0) {
1171 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1172 vol->posix_paths = 1;
1173 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1174 vol->posix_paths = 0;
1175 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1176 (strnicmp(data, "ignorecase", 10) == 0)) {
1178 } else if (strnicmp(data, "brl", 3) == 0) {
1180 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1181 (strnicmp(data, "nolock", 6) == 0)) {
1183 /* turn off mandatory locking in mode
1184 if remote locking is turned off since the
1185 local vfs will do advisory */
1186 if(vol->file_mode == (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1187 vol->file_mode = S_IALLUGO;
1188 } else if (strnicmp(data, "setuids", 7) == 0) {
1190 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1192 } else if (strnicmp(data, "nohard", 6) == 0) {
1194 } else if (strnicmp(data, "nosoft", 6) == 0) {
1196 } else if (strnicmp(data, "nointr", 6) == 0) {
1198 } else if (strnicmp(data, "intr", 4) == 0) {
1200 } else if (strnicmp(data, "serverino",7) == 0) {
1201 vol->server_ino = 1;
1202 } else if (strnicmp(data, "noserverino",9) == 0) {
1203 vol->server_ino = 0;
1204 } else if (strnicmp(data, "cifsacl",7) == 0) {
1206 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1208 } else if (strnicmp(data, "acl",3) == 0) {
1209 vol->no_psx_acl = 0;
1210 } else if (strnicmp(data, "noacl",5) == 0) {
1211 vol->no_psx_acl = 1;
1212 } else if (strnicmp(data, "sign",4) == 0) {
1213 vol->secFlg |= CIFSSEC_MUST_SIGN;
1214 /* } else if (strnicmp(data, "seal",4) == 0) {
1215 vol->secFlg |= CIFSSEC_MUST_SEAL; */
1216 } else if (strnicmp(data, "direct",6) == 0) {
1218 } else if (strnicmp(data, "forcedirectio",13) == 0) {
1220 } else if (strnicmp(data, "in6_addr",8) == 0) {
1221 if (!value || !*value) {
1222 vol->in6_addr = NULL;
1223 } else if (strnlen(value, 49) == 48) {
1224 vol->in6_addr = value;
1226 printk(KERN_WARNING "CIFS: ip v6 address not 48 characters long\n");
1229 } else if (strnicmp(data, "noac", 4) == 0) {
1230 printk(KERN_WARNING "CIFS: Mount option noac not supported. Instead set /proc/fs/cifs/LookupCacheEnabled to 0\n");
1232 printk(KERN_WARNING "CIFS: Unknown mount option %s\n",data);
1234 if (vol->UNC == NULL) {
1235 if(devname == NULL) {
1236 printk(KERN_WARNING "CIFS: Missing UNC name for mount target\n");
1239 if ((temp_len = strnlen(devname, 300)) < 300) {
1240 vol->UNC = kmalloc(temp_len+1,GFP_KERNEL);
1241 if(vol->UNC == NULL)
1243 strcpy(vol->UNC,devname);
1244 if (strncmp(vol->UNC, "//", 2) == 0) {
1247 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1248 printk(KERN_WARNING "CIFS: UNC Path does not begin with // or \\\\ \n");
1252 printk(KERN_WARNING "CIFS: UNC name too long\n");
1256 if(vol->UNCip == NULL)
1257 vol->UNCip = &vol->UNC[2];
1262 static struct cifsSesInfo *
1263 cifs_find_tcp_session(struct in_addr * target_ip_addr,
1264 struct in6_addr *target_ip6_addr,
1265 char *userName, struct TCP_Server_Info **psrvTcp)
1267 struct list_head *tmp;
1268 struct cifsSesInfo *ses;
1270 read_lock(&GlobalSMBSeslock);
1272 list_for_each(tmp, &GlobalSMBSessionList) {
1273 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
1275 if((target_ip_addr &&
1276 (ses->server->addr.sockAddr.sin_addr.s_addr
1277 == target_ip_addr->s_addr)) || (target_ip6_addr
1278 && memcmp(&ses->server->addr.sockAddr6.sin6_addr,
1279 target_ip6_addr,sizeof(*target_ip6_addr)))){
1280 /* BB lock server and tcp session and increment use count here?? */
1281 *psrvTcp = ses->server; /* found a match on the TCP session */
1282 /* BB check if reconnection needed */
1284 (ses->userName, userName,
1285 MAX_USERNAME_SIZE) == 0){
1286 read_unlock(&GlobalSMBSeslock);
1287 return ses; /* found exact match on both tcp and SMB sessions */
1291 /* else tcp and smb sessions need reconnection */
1293 read_unlock(&GlobalSMBSeslock);
1297 static struct cifsTconInfo *
1298 find_unc(__be32 new_target_ip_addr, char *uncName, char *userName)
1300 struct list_head *tmp;
1301 struct cifsTconInfo *tcon;
1303 read_lock(&GlobalSMBSeslock);
1304 list_for_each(tmp, &GlobalTreeConnectionList) {
1305 cFYI(1, ("Next tcon"));
1306 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
1308 if (tcon->ses->server) {
1310 ("old ip addr: %x == new ip %x ?",
1311 tcon->ses->server->addr.sockAddr.sin_addr.
1312 s_addr, new_target_ip_addr));
1313 if (tcon->ses->server->addr.sockAddr.sin_addr.
1314 s_addr == new_target_ip_addr) {
1315 /* BB lock tcon, server and tcp session and increment use count here? */
1316 /* found a match on the TCP session */
1317 /* BB check if reconnection needed */
1318 cFYI(1,("IP match, old UNC: %s new: %s",
1319 tcon->treeName, uncName));
1321 (tcon->treeName, uncName,
1322 MAX_TREE_SIZE) == 0) {
1324 ("and old usr: %s new: %s",
1325 tcon->treeName, uncName));
1327 (tcon->ses->userName,
1329 MAX_USERNAME_SIZE) == 0) {
1330 read_unlock(&GlobalSMBSeslock);
1331 /* matched smb session
1340 read_unlock(&GlobalSMBSeslock);
1345 connect_to_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
1346 const char *old_path, const struct nls_table *nls_codepage,
1349 unsigned char *referrals = NULL;
1350 unsigned int num_referrals;
1353 rc = get_dfs_path(xid, pSesInfo,old_path, nls_codepage,
1354 &num_referrals, &referrals, remap);
1356 /* BB Add in code to: if valid refrl, if not ip address contact
1357 the helper that resolves tcp names, mount to it, try to
1358 tcon to it unmount it if fail */
1366 get_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
1367 const char *old_path, const struct nls_table *nls_codepage,
1368 unsigned int *pnum_referrals,
1369 unsigned char ** preferrals, int remap)
1374 *pnum_referrals = 0;
1376 if (pSesInfo->ipc_tid == 0) {
1377 temp_unc = kmalloc(2 /* for slashes */ +
1378 strnlen(pSesInfo->serverName,SERVER_NAME_LEN_WITH_NULL * 2)
1379 + 1 + 4 /* slash IPC$ */ + 2,
1381 if (temp_unc == NULL)
1385 strcpy(temp_unc + 2, pSesInfo->serverName);
1386 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
1387 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
1389 ("CIFS Tcon rc = %d ipc_tid = %d", rc,pSesInfo->ipc_tid));
1393 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
1394 pnum_referrals, nls_codepage, remap);
1399 /* See RFC1001 section 14 on representation of Netbios names */
1400 static void rfc1002mangle(char * target,char * source, unsigned int length)
1404 for(i=0,j=0;i<(length);i++) {
1405 /* mask a nibble at a time and encode */
1406 target[j] = 'A' + (0x0F & (source[i] >> 4));
1407 target[j+1] = 'A' + (0x0F & source[i]);
1415 ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket,
1416 char * netbios_name, char * target_name)
1420 __be16 orig_port = 0;
1422 if(*csocket == NULL) {
1423 rc = sock_create_kern(PF_INET, SOCK_STREAM, IPPROTO_TCP, csocket);
1425 cERROR(1, ("Error %d creating socket",rc));
1429 /* BB other socket options to set KEEPALIVE, NODELAY? */
1430 cFYI(1,("Socket created"));
1431 (*csocket)->sk->sk_allocation = GFP_NOFS;
1435 psin_server->sin_family = AF_INET;
1436 if(psin_server->sin_port) { /* user overrode default port */
1437 rc = (*csocket)->ops->connect(*csocket,
1438 (struct sockaddr *) psin_server,
1439 sizeof (struct sockaddr_in),0);
1445 /* save original port so we can retry user specified port
1446 later if fall back ports fail this time */
1447 orig_port = psin_server->sin_port;
1449 /* do not retry on the same port we just failed on */
1450 if(psin_server->sin_port != htons(CIFS_PORT)) {
1451 psin_server->sin_port = htons(CIFS_PORT);
1453 rc = (*csocket)->ops->connect(*csocket,
1454 (struct sockaddr *) psin_server,
1455 sizeof (struct sockaddr_in),0);
1461 psin_server->sin_port = htons(RFC1001_PORT);
1462 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1463 psin_server, sizeof (struct sockaddr_in),0);
1468 /* give up here - unless we want to retry on different
1469 protocol families some day */
1472 psin_server->sin_port = orig_port;
1473 cFYI(1,("Error %d connecting to server via ipv4",rc));
1474 sock_release(*csocket);
1478 /* Eventually check for other socket options to change from
1479 the default. sock_setsockopt not used because it expects
1480 user space buffer */
1481 cFYI(1,("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",(*csocket)->sk->sk_sndbuf,
1482 (*csocket)->sk->sk_rcvbuf, (*csocket)->sk->sk_rcvtimeo));
1483 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1484 /* make the bufsizes depend on wsize/rsize and max requests */
1485 if((*csocket)->sk->sk_sndbuf < (200 * 1024))
1486 (*csocket)->sk->sk_sndbuf = 200 * 1024;
1487 if((*csocket)->sk->sk_rcvbuf < (140 * 1024))
1488 (*csocket)->sk->sk_rcvbuf = 140 * 1024;
1490 /* send RFC1001 sessinit */
1491 if(psin_server->sin_port == htons(RFC1001_PORT)) {
1492 /* some servers require RFC1001 sessinit before sending
1493 negprot - BB check reconnection in case where second
1494 sessinit is sent but no second negprot */
1495 struct rfc1002_session_packet * ses_init_buf;
1496 struct smb_hdr * smb_buf;
1497 ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet), GFP_KERNEL);
1499 ses_init_buf->trailer.session_req.called_len = 32;
1500 if(target_name && (target_name[0] != 0)) {
1501 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1504 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1505 DEFAULT_CIFS_CALLED_NAME,16);
1508 ses_init_buf->trailer.session_req.calling_len = 32;
1509 /* calling name ends in null (byte 16) from old smb
1511 if(netbios_name && (netbios_name[0] !=0)) {
1512 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1515 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1516 "LINUX_CIFS_CLNT",16);
1518 ses_init_buf->trailer.session_req.scope1 = 0;
1519 ses_init_buf->trailer.session_req.scope2 = 0;
1520 smb_buf = (struct smb_hdr *)ses_init_buf;
1521 /* sizeof RFC1002_SESSION_REQUEST with no scope */
1522 smb_buf->smb_buf_length = 0x81000044;
1523 rc = smb_send(*csocket, smb_buf, 0x44,
1524 (struct sockaddr *)psin_server);
1525 kfree(ses_init_buf);
1526 msleep(1); /* RFC1001 layer in at least one server
1527 requires very short break before negprot
1528 presumably because not expecting negprot
1529 to follow so fast. This is a simple
1530 solution that works without
1531 complicating the code and causes no
1532 significant slowing down on mount
1533 for everyone else */
1535 /* else the negprot may still work without this
1536 even though malloc failed */
1544 ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket)
1548 __be16 orig_port = 0;
1550 if(*csocket == NULL) {
1551 rc = sock_create_kern(PF_INET6, SOCK_STREAM, IPPROTO_TCP, csocket);
1553 cERROR(1, ("Error %d creating ipv6 socket",rc));
1557 /* BB other socket options to set KEEPALIVE, NODELAY? */
1558 cFYI(1,("ipv6 Socket created"));
1559 (*csocket)->sk->sk_allocation = GFP_NOFS;
1563 psin_server->sin6_family = AF_INET6;
1565 if(psin_server->sin6_port) { /* user overrode default port */
1566 rc = (*csocket)->ops->connect(*csocket,
1567 (struct sockaddr *) psin_server,
1568 sizeof (struct sockaddr_in6),0);
1574 /* save original port so we can retry user specified port
1575 later if fall back ports fail this time */
1577 orig_port = psin_server->sin6_port;
1578 /* do not retry on the same port we just failed on */
1579 if(psin_server->sin6_port != htons(CIFS_PORT)) {
1580 psin_server->sin6_port = htons(CIFS_PORT);
1582 rc = (*csocket)->ops->connect(*csocket,
1583 (struct sockaddr *) psin_server,
1584 sizeof (struct sockaddr_in6),0);
1590 psin_server->sin6_port = htons(RFC1001_PORT);
1591 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1592 psin_server, sizeof (struct sockaddr_in6),0);
1597 /* give up here - unless we want to retry on different
1598 protocol families some day */
1601 psin_server->sin6_port = orig_port;
1602 cFYI(1,("Error %d connecting to server via ipv6",rc));
1603 sock_release(*csocket);
1607 /* Eventually check for other socket options to change from
1608 the default. sock_setsockopt not used because it expects
1609 user space buffer */
1610 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1616 cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
1617 char *mount_data, const char *devname)
1621 int address_type = AF_INET;
1622 struct socket *csocket = NULL;
1623 struct sockaddr_in sin_server;
1624 struct sockaddr_in6 sin_server6;
1625 struct smb_vol volume_info;
1626 struct cifsSesInfo *pSesInfo = NULL;
1627 struct cifsSesInfo *existingCifsSes = NULL;
1628 struct cifsTconInfo *tcon = NULL;
1629 struct TCP_Server_Info *srvTcp = NULL;
1633 /* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */
1635 memset(&volume_info,0,sizeof(struct smb_vol));
1636 if (cifs_parse_mount_options(mount_data, devname, &volume_info)) {
1637 kfree(volume_info.UNC);
1638 kfree(volume_info.password);
1639 kfree(volume_info.prepath);
1644 if (volume_info.username) {
1645 /* BB fixme parse for domain name here */
1646 cFYI(1, ("Username: %s ", volume_info.username));
1648 } else if (volume_info.nullauth) {
1649 cFYI(1,("null user"));
1651 cifserror("No username specified");
1652 /* In userspace mount helper we can get user name from alternate
1653 locations such as env variables and files on disk */
1654 kfree(volume_info.UNC);
1655 kfree(volume_info.password);
1656 kfree(volume_info.prepath);
1661 if (volume_info.UNCip && volume_info.UNC) {
1662 rc = cifs_inet_pton(AF_INET, volume_info.UNCip,&sin_server.sin_addr.s_addr);
1665 /* not ipv4 address, try ipv6 */
1666 rc = cifs_inet_pton(AF_INET6,volume_info.UNCip,&sin_server6.sin6_addr.in6_u);
1668 address_type = AF_INET6;
1670 address_type = AF_INET;
1674 /* we failed translating address */
1675 kfree(volume_info.UNC);
1676 kfree(volume_info.password);
1677 kfree(volume_info.prepath);
1682 cFYI(1, ("UNC: %s ip: %s", volume_info.UNC, volume_info.UNCip));
1685 } else if (volume_info.UNCip){
1686 /* BB using ip addr as server name connect to the DFS root below */
1687 cERROR(1,("Connecting to DFS root not implemented yet"));
1688 kfree(volume_info.UNC);
1689 kfree(volume_info.password);
1690 kfree(volume_info.prepath);
1693 } else /* which servers DFS root would we conect to */ {
1695 ("CIFS mount error: No UNC path (e.g. -o unc=//192.168.1.100/public) specified"));
1696 kfree(volume_info.UNC);
1697 kfree(volume_info.password);
1698 kfree(volume_info.prepath);
1703 /* this is needed for ASCII cp to Unicode converts */
1704 if(volume_info.iocharset == NULL) {
1705 cifs_sb->local_nls = load_nls_default();
1706 /* load_nls_default can not return null */
1708 cifs_sb->local_nls = load_nls(volume_info.iocharset);
1709 if(cifs_sb->local_nls == NULL) {
1710 cERROR(1,("CIFS mount error: iocharset %s not found",volume_info.iocharset));
1711 kfree(volume_info.UNC);
1712 kfree(volume_info.password);
1713 kfree(volume_info.prepath);
1719 if(address_type == AF_INET)
1720 existingCifsSes = cifs_find_tcp_session(&sin_server.sin_addr,
1721 NULL /* no ipv6 addr */,
1722 volume_info.username, &srvTcp);
1723 else if(address_type == AF_INET6)
1724 existingCifsSes = cifs_find_tcp_session(NULL /* no ipv4 addr */,
1725 &sin_server6.sin6_addr,
1726 volume_info.username, &srvTcp);
1728 kfree(volume_info.UNC);
1729 kfree(volume_info.password);
1730 kfree(volume_info.prepath);
1737 cFYI(1, ("Existing tcp session with server found"));
1738 } else { /* create socket */
1739 if(volume_info.port)
1740 sin_server.sin_port = htons(volume_info.port);
1742 sin_server.sin_port = 0;
1743 rc = ipv4_connect(&sin_server,&csocket,
1744 volume_info.source_rfc1001_name,
1745 volume_info.target_rfc1001_name);
1748 ("Error connecting to IPv4 socket. Aborting operation"));
1750 sock_release(csocket);
1751 kfree(volume_info.UNC);
1752 kfree(volume_info.password);
1753 kfree(volume_info.prepath);
1758 srvTcp = kmalloc(sizeof (struct TCP_Server_Info), GFP_KERNEL);
1759 if (srvTcp == NULL) {
1761 sock_release(csocket);
1762 kfree(volume_info.UNC);
1763 kfree(volume_info.password);
1764 kfree(volume_info.prepath);
1768 memset(srvTcp, 0, sizeof (struct TCP_Server_Info));
1769 memcpy(&srvTcp->addr.sockAddr, &sin_server, sizeof (struct sockaddr_in));
1770 atomic_set(&srvTcp->inFlight,0);
1771 /* BB Add code for ipv6 case too */
1772 srvTcp->ssocket = csocket;
1773 srvTcp->protocolType = IPV4;
1774 init_waitqueue_head(&srvTcp->response_q);
1775 init_waitqueue_head(&srvTcp->request_q);
1776 INIT_LIST_HEAD(&srvTcp->pending_mid_q);
1777 /* at this point we are the only ones with the pointer
1778 to the struct since the kernel thread not created yet
1779 so no need to spinlock this init of tcpStatus */
1780 srvTcp->tcpStatus = CifsNew;
1781 init_MUTEX(&srvTcp->tcpSem);
1782 rc = (int)kernel_thread((void *)(void *)cifs_demultiplex_thread, srvTcp,
1783 CLONE_FS | CLONE_FILES | CLONE_VM);
1786 sock_release(csocket);
1787 kfree(volume_info.UNC);
1788 kfree(volume_info.password);
1789 kfree(volume_info.prepath);
1793 wait_for_completion(&cifsd_complete);
1795 memcpy(srvTcp->workstation_RFC1001_name, volume_info.source_rfc1001_name,16);
1796 memcpy(srvTcp->server_RFC1001_name, volume_info.target_rfc1001_name,16);
1797 srvTcp->sequence_number = 0;
1801 if (existingCifsSes) {
1802 pSesInfo = existingCifsSes;
1803 cFYI(1, ("Existing smb sess found"));
1804 kfree(volume_info.password);
1805 /* volume_info.UNC freed at end of function */
1807 cFYI(1, ("Existing smb sess not found"));
1808 pSesInfo = sesInfoAlloc();
1809 if (pSesInfo == NULL)
1812 pSesInfo->server = srvTcp;
1813 sprintf(pSesInfo->serverName, "%u.%u.%u.%u",
1814 NIPQUAD(sin_server.sin_addr.s_addr));
1818 /* volume_info.password freed at unmount */
1819 if (volume_info.password)
1820 pSesInfo->password = volume_info.password;
1821 if (volume_info.username)
1822 strncpy(pSesInfo->userName,
1823 volume_info.username,MAX_USERNAME_SIZE);
1824 if (volume_info.domainname) {
1825 int len = strlen(volume_info.domainname);
1826 pSesInfo->domainName =
1827 kmalloc(len + 1, GFP_KERNEL);
1828 if(pSesInfo->domainName)
1829 strcpy(pSesInfo->domainName,
1830 volume_info.domainname);
1832 pSesInfo->linux_uid = volume_info.linux_uid;
1833 pSesInfo->overrideSecFlg = volume_info.secFlg;
1834 down(&pSesInfo->sesSem);
1835 /* BB FIXME need to pass vol->secFlgs BB */
1836 rc = cifs_setup_session(xid,pSesInfo, cifs_sb->local_nls);
1837 up(&pSesInfo->sesSem);
1839 atomic_inc(&srvTcp->socketUseCount);
1841 kfree(volume_info.password);
1844 /* search for existing tcon to this server share */
1846 if(volume_info.rsize > CIFSMaxBufSize) {
1847 cERROR(1,("rsize %d too large, using MaxBufSize",
1848 volume_info.rsize));
1849 cifs_sb->rsize = CIFSMaxBufSize;
1850 } else if((volume_info.rsize) && (volume_info.rsize <= CIFSMaxBufSize))
1851 cifs_sb->rsize = volume_info.rsize;
1853 cifs_sb->rsize = CIFSMaxBufSize;
1855 if(volume_info.wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
1856 cERROR(1,("wsize %d too large using 4096 instead",
1857 volume_info.wsize));
1858 cifs_sb->wsize = 4096;
1859 } else if(volume_info.wsize)
1860 cifs_sb->wsize = volume_info.wsize;
1863 min_t(const int, PAGEVEC_SIZE * PAGE_CACHE_SIZE,
1865 /* old default of CIFSMaxBufSize was too small now
1866 that SMB Write2 can send multiple pages in kvec.
1867 RFC1001 does not describe what happens when frame
1868 bigger than 128K is sent so use that as max in
1869 conjunction with 52K kvec constraint on arch with 4K
1872 if(cifs_sb->rsize < 2048) {
1873 cifs_sb->rsize = 2048;
1874 /* Windows ME may prefer this */
1875 cFYI(1,("readsize set to minimum 2048"));
1877 /* calculate prepath */
1878 cifs_sb->prepath = volume_info.prepath;
1879 if(cifs_sb->prepath) {
1880 cifs_sb->prepathlen = strlen(cifs_sb->prepath);
1881 cifs_sb->prepath[0] = CIFS_DIR_SEP(cifs_sb);
1882 volume_info.prepath = NULL;
1884 cifs_sb->prepathlen = 0;
1885 cifs_sb->mnt_uid = volume_info.linux_uid;
1886 cifs_sb->mnt_gid = volume_info.linux_gid;
1887 cifs_sb->mnt_file_mode = volume_info.file_mode;
1888 cifs_sb->mnt_dir_mode = volume_info.dir_mode;
1889 cFYI(1,("file mode: 0x%x dir mode: 0x%x",
1890 cifs_sb->mnt_file_mode,cifs_sb->mnt_dir_mode));
1892 if(volume_info.noperm)
1893 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
1894 if(volume_info.setuids)
1895 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
1896 if(volume_info.server_ino)
1897 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
1898 if(volume_info.remap)
1899 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
1900 if(volume_info.no_xattr)
1901 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
1902 if(volume_info.sfu_emul)
1903 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
1904 if(volume_info.nobrl)
1905 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
1906 if(volume_info.cifs_acl)
1907 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
1909 if(volume_info.direct_io) {
1910 cFYI(1,("mounting share using direct i/o"));
1911 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
1915 find_unc(sin_server.sin_addr.s_addr, volume_info.UNC,
1916 volume_info.username);
1918 cFYI(1, ("Found match on UNC path"));
1919 /* we can have only one retry value for a connection
1920 to a share so for resources mounted more than once
1921 to the same server share the last value passed in
1922 for the retry flag is used */
1923 tcon->retry = volume_info.retry;
1924 tcon->nocase = volume_info.nocase;
1926 tcon = tconInfoAlloc();
1930 /* check for null share name ie connect to dfs root */
1932 /* BB check if this works for exactly length three strings */
1933 if ((strchr(volume_info.UNC + 3, '\\') == NULL)
1934 && (strchr(volume_info.UNC + 3, '/') ==
1936 rc = connect_to_dfs_path(xid, pSesInfo,
1937 "", cifs_sb->local_nls,
1938 cifs_sb->mnt_cifs_flags &
1939 CIFS_MOUNT_MAP_SPECIAL_CHR);
1940 kfree(volume_info.UNC);
1944 rc = CIFSTCon(xid, pSesInfo,
1946 tcon, cifs_sb->local_nls);
1947 cFYI(1, ("CIFS Tcon rc = %d", rc));
1950 atomic_inc(&pSesInfo->inUse);
1951 tcon->retry = volume_info.retry;
1952 tcon->nocase = volume_info.nocase;
1958 if (pSesInfo->capabilities & CAP_LARGE_FILES) {
1959 sb->s_maxbytes = (u64) 1 << 63;
1961 sb->s_maxbytes = (u64) 1 << 31; /* 2 GB */
1964 sb->s_time_gran = 100;
1966 /* on error free sesinfo and tcon struct if needed */
1968 /* if session setup failed, use count is zero but
1969 we still need to free cifsd thread */
1970 if(atomic_read(&srvTcp->socketUseCount) == 0) {
1971 spin_lock(&GlobalMid_Lock);
1972 srvTcp->tcpStatus = CifsExiting;
1973 spin_unlock(&GlobalMid_Lock);
1975 send_sig(SIGKILL,srvTcp->tsk,1);
1976 wait_for_completion(&cifsd_complete);
1979 /* If find_unc succeeded then rc == 0 so we can not end */
1980 if (tcon) /* up accidently freeing someone elses tcon struct */
1982 if (existingCifsSes == NULL) {
1984 if ((pSesInfo->server) &&
1985 (pSesInfo->status == CifsGood)) {
1987 temp_rc = CIFSSMBLogoff(xid, pSesInfo);
1988 /* if the socketUseCount is now zero */
1989 if((temp_rc == -ESHUTDOWN) &&
1990 (pSesInfo->server->tsk)) {
1991 send_sig(SIGKILL,pSesInfo->server->tsk,1);
1992 wait_for_completion(&cifsd_complete);
1995 cFYI(1, ("No session or bad tcon"));
1996 sesInfoFree(pSesInfo);
1997 /* pSesInfo = NULL; */
2001 atomic_inc(&tcon->useCount);
2002 cifs_sb->tcon = tcon;
2003 tcon->ses = pSesInfo;
2005 /* do not care if following two calls succeed - informational */
2006 CIFSSMBQFSDeviceInfo(xid, tcon);
2007 CIFSSMBQFSAttributeInfo(xid, tcon);
2009 if (tcon->ses->capabilities & CAP_UNIX) {
2010 if(!CIFSSMBQFSUnixInfo(xid, tcon)) {
2012 le64_to_cpu(tcon->fsUnixInfo.Capability);
2013 cap &= CIFS_UNIX_CAP_MASK;
2014 if(volume_info.no_psx_acl)
2015 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2016 else if(CIFS_UNIX_POSIX_ACL_CAP & cap) {
2017 cFYI(1,("negotiated posix acl support"));
2018 sb->s_flags |= MS_POSIXACL;
2021 if(volume_info.posix_paths == 0)
2022 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2023 else if(cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
2024 cFYI(1,("negotiate posix pathnames"));
2025 cifs_sb->mnt_cifs_flags |=
2026 CIFS_MOUNT_POSIX_PATHS;
2029 cFYI(1,("Negotiate caps 0x%x",(int)cap));
2030 #ifdef CONFIG_CIFS_DEBUG2
2031 if(cap & CIFS_UNIX_FCNTL_CAP)
2032 cFYI(1,("FCNTL cap"));
2033 if(cap & CIFS_UNIX_EXTATTR_CAP)
2034 cFYI(1,("EXTATTR cap"));
2035 if(cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2036 cFYI(1,("POSIX path cap"));
2037 if(cap & CIFS_UNIX_XATTR_CAP)
2038 cFYI(1,("XATTR cap"));
2039 if(cap & CIFS_UNIX_POSIX_ACL_CAP)
2040 cFYI(1,("POSIX ACL cap"));
2041 #endif /* CIFS_DEBUG2 */
2042 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
2043 cFYI(1,("setting capabilities failed"));
2047 if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
2048 cifs_sb->wsize = min(cifs_sb->wsize,
2049 (tcon->ses->server->maxBuf -
2050 MAX_CIFS_HDR_SIZE));
2051 if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
2052 cifs_sb->rsize = min(cifs_sb->rsize,
2053 (tcon->ses->server->maxBuf -
2054 MAX_CIFS_HDR_SIZE));
2057 /* volume_info.password is freed above when existing session found
2058 (in which case it is not needed anymore) but when new sesion is created
2059 the password ptr is put in the new session structure (in which case the
2060 password will be freed at unmount time) */
2061 kfree(volume_info.UNC);
2062 kfree(volume_info.prepath);
2068 CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2069 char session_key[CIFS_SESS_KEY_SIZE],
2070 const struct nls_table *nls_codepage)
2072 struct smb_hdr *smb_buffer;
2073 struct smb_hdr *smb_buffer_response;
2074 SESSION_SETUP_ANDX *pSMB;
2075 SESSION_SETUP_ANDX *pSMBr;
2080 int remaining_words = 0;
2081 int bytes_returned = 0;
2086 cFYI(1, ("In sesssetup"));
2089 user = ses->userName;
2090 domain = ses->domainName;
2091 smb_buffer = cifs_buf_get();
2092 if (smb_buffer == NULL) {
2095 smb_buffer_response = smb_buffer;
2096 pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2098 /* send SMBsessionSetup here */
2099 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2100 NULL /* no tCon exists yet */ , 13 /* wct */ );
2102 smb_buffer->Mid = GetNextMid(ses->server);
2103 pSMB->req_no_secext.AndXCommand = 0xFF;
2104 pSMB->req_no_secext.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2105 pSMB->req_no_secext.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2107 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2108 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2110 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2111 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
2112 if (ses->capabilities & CAP_UNICODE) {
2113 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2114 capabilities |= CAP_UNICODE;
2116 if (ses->capabilities & CAP_STATUS32) {
2117 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2118 capabilities |= CAP_STATUS32;
2120 if (ses->capabilities & CAP_DFS) {
2121 smb_buffer->Flags2 |= SMBFLG2_DFS;
2122 capabilities |= CAP_DFS;
2124 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
2126 pSMB->req_no_secext.CaseInsensitivePasswordLength =
2127 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2129 pSMB->req_no_secext.CaseSensitivePasswordLength =
2130 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2131 bcc_ptr = pByteArea(smb_buffer);
2132 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2133 bcc_ptr += CIFS_SESS_KEY_SIZE;
2134 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2135 bcc_ptr += CIFS_SESS_KEY_SIZE;
2137 if (ses->capabilities & CAP_UNICODE) {
2138 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode */
2143 bytes_returned = 0; /* skip null user */
2146 cifs_strtoUCS((__le16 *) bcc_ptr, user, 100,
2148 /* convert number of 16 bit words to bytes */
2149 bcc_ptr += 2 * bytes_returned;
2150 bcc_ptr += 2; /* trailing null */
2153 cifs_strtoUCS((__le16 *) bcc_ptr,
2154 "CIFS_LINUX_DOM", 32, nls_codepage);
2157 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2159 bcc_ptr += 2 * bytes_returned;
2162 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2164 bcc_ptr += 2 * bytes_returned;
2166 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release,
2168 bcc_ptr += 2 * bytes_returned;
2171 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2173 bcc_ptr += 2 * bytes_returned;
2177 strncpy(bcc_ptr, user, 200);
2178 bcc_ptr += strnlen(user, 200);
2182 if (domain == NULL) {
2183 strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2184 bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2186 strncpy(bcc_ptr, domain, 64);
2187 bcc_ptr += strnlen(domain, 64);
2191 strcpy(bcc_ptr, "Linux version ");
2192 bcc_ptr += strlen("Linux version ");
2193 strcpy(bcc_ptr, utsname()->release);
2194 bcc_ptr += strlen(utsname()->release) + 1;
2195 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2196 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2198 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2199 smb_buffer->smb_buf_length += count;
2200 pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
2202 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2203 &bytes_returned, 1);
2205 /* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2206 } else if ((smb_buffer_response->WordCount == 3)
2207 || (smb_buffer_response->WordCount == 4)) {
2208 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2209 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2210 if (action & GUEST_LOGIN)
2211 cFYI(1, (" Guest login")); /* do we want to mark SesInfo struct ? */
2212 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format (le) */
2213 cFYI(1, ("UID = %d ", ses->Suid));
2214 /* response can have either 3 or 4 word count - Samba sends 3 */
2215 bcc_ptr = pByteArea(smb_buffer_response);
2216 if ((pSMBr->resp.hdr.WordCount == 3)
2217 || ((pSMBr->resp.hdr.WordCount == 4)
2218 && (blob_len < pSMBr->resp.ByteCount))) {
2219 if (pSMBr->resp.hdr.WordCount == 4)
2220 bcc_ptr += blob_len;
2222 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2223 if ((long) (bcc_ptr) % 2) {
2225 (BCC(smb_buffer_response) - 1) /2;
2226 bcc_ptr++; /* Unicode strings must be word aligned */
2229 BCC(smb_buffer_response) / 2;
2232 UniStrnlen((wchar_t *) bcc_ptr,
2233 remaining_words - 1);
2234 /* We look for obvious messed up bcc or strings in response so we do not go off
2235 the end since (at least) WIN2K and Windows XP have a major bug in not null
2236 terminating last Unicode string in response */
2238 kfree(ses->serverOS);
2239 ses->serverOS = kzalloc(2 * (len + 1), GFP_KERNEL);
2240 if(ses->serverOS == NULL)
2241 goto sesssetup_nomem;
2242 cifs_strfromUCS_le(ses->serverOS,
2243 (__le16 *)bcc_ptr, len,nls_codepage);
2244 bcc_ptr += 2 * (len + 1);
2245 remaining_words -= len + 1;
2246 ses->serverOS[2 * len] = 0;
2247 ses->serverOS[1 + (2 * len)] = 0;
2248 if (remaining_words > 0) {
2249 len = UniStrnlen((wchar_t *)bcc_ptr,
2251 kfree(ses->serverNOS);
2252 ses->serverNOS = kzalloc(2 * (len + 1),GFP_KERNEL);
2253 if(ses->serverNOS == NULL)
2254 goto sesssetup_nomem;
2255 cifs_strfromUCS_le(ses->serverNOS,
2256 (__le16 *)bcc_ptr,len,nls_codepage);
2257 bcc_ptr += 2 * (len + 1);
2258 ses->serverNOS[2 * len] = 0;
2259 ses->serverNOS[1 + (2 * len)] = 0;
2260 if(strncmp(ses->serverNOS,
2261 "NT LAN Manager 4",16) == 0) {
2262 cFYI(1,("NT4 server"));
2263 ses->flags |= CIFS_SES_NT4;
2265 remaining_words -= len + 1;
2266 if (remaining_words > 0) {
2267 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2268 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2269 if(ses->serverDomain)
2270 kfree(ses->serverDomain);
2272 kzalloc(2*(len+1),GFP_KERNEL);
2273 if(ses->serverDomain == NULL)
2274 goto sesssetup_nomem;
2275 cifs_strfromUCS_le(ses->serverDomain,
2276 (__le16 *)bcc_ptr,len,nls_codepage);
2277 bcc_ptr += 2 * (len + 1);
2278 ses->serverDomain[2*len] = 0;
2279 ses->serverDomain[1+(2*len)] = 0;
2280 } /* else no more room so create dummy domain string */
2282 if(ses->serverDomain)
2283 kfree(ses->serverDomain);
2285 kzalloc(2, GFP_KERNEL);
2287 } else { /* no room so create dummy domain and NOS string */
2288 /* if these kcallocs fail not much we
2289 can do, but better to not fail the
2291 kfree(ses->serverDomain);
2293 kzalloc(2, GFP_KERNEL);
2294 kfree(ses->serverNOS);
2296 kzalloc(2, GFP_KERNEL);
2298 } else { /* ASCII */
2299 len = strnlen(bcc_ptr, 1024);
2300 if (((long) bcc_ptr + len) - (long)
2301 pByteArea(smb_buffer_response)
2302 <= BCC(smb_buffer_response)) {
2303 kfree(ses->serverOS);
2304 ses->serverOS = kzalloc(len + 1,GFP_KERNEL);
2305 if(ses->serverOS == NULL)
2306 goto sesssetup_nomem;
2307 strncpy(ses->serverOS,bcc_ptr, len);
2310 bcc_ptr[0] = 0; /* null terminate the string */
2313 len = strnlen(bcc_ptr, 1024);
2314 kfree(ses->serverNOS);
2315 ses->serverNOS = kzalloc(len + 1,GFP_KERNEL);
2316 if(ses->serverNOS == NULL)
2317 goto sesssetup_nomem;
2318 strncpy(ses->serverNOS, bcc_ptr, len);
2323 len = strnlen(bcc_ptr, 1024);
2324 if(ses->serverDomain)
2325 kfree(ses->serverDomain);
2326 ses->serverDomain = kzalloc(len + 1,GFP_KERNEL);
2327 if(ses->serverDomain == NULL)
2328 goto sesssetup_nomem;
2329 strncpy(ses->serverDomain, bcc_ptr, len);
2335 ("Variable field of length %d extends beyond end of smb ",
2340 (" Security Blob Length extends beyond end of SMB"));
2344 (" Invalid Word count %d: ",
2345 smb_buffer_response->WordCount));
2348 sesssetup_nomem: /* do not return an error on nomem for the info strings,
2349 since that could make reconnection harder, and
2350 reconnection might be needed to free memory */
2352 cifs_buf_release(smb_buffer);
2358 CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2359 struct cifsSesInfo *ses, int * pNTLMv2_flag,
2360 const struct nls_table *nls_codepage)
2362 struct smb_hdr *smb_buffer;
2363 struct smb_hdr *smb_buffer_response;
2364 SESSION_SETUP_ANDX *pSMB;
2365 SESSION_SETUP_ANDX *pSMBr;
2369 int remaining_words = 0;
2370 int bytes_returned = 0;
2372 int SecurityBlobLength = sizeof (NEGOTIATE_MESSAGE);
2373 PNEGOTIATE_MESSAGE SecurityBlob;
2374 PCHALLENGE_MESSAGE SecurityBlob2;
2375 __u32 negotiate_flags, capabilities;
2378 cFYI(1, ("In NTLMSSP sesssetup (negotiate)"));
2381 domain = ses->domainName;
2382 *pNTLMv2_flag = FALSE;
2383 smb_buffer = cifs_buf_get();
2384 if (smb_buffer == NULL) {
2387 smb_buffer_response = smb_buffer;
2388 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2389 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2391 /* send SMBsessionSetup here */
2392 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2393 NULL /* no tCon exists yet */ , 12 /* wct */ );
2395 smb_buffer->Mid = GetNextMid(ses->server);
2396 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2397 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2399 pSMB->req.AndXCommand = 0xFF;
2400 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2401 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2403 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2404 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2406 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2407 CAP_EXTENDED_SECURITY;
2408 if (ses->capabilities & CAP_UNICODE) {
2409 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2410 capabilities |= CAP_UNICODE;
2412 if (ses->capabilities & CAP_STATUS32) {
2413 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2414 capabilities |= CAP_STATUS32;
2416 if (ses->capabilities & CAP_DFS) {
2417 smb_buffer->Flags2 |= SMBFLG2_DFS;
2418 capabilities |= CAP_DFS;
2420 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2422 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2423 SecurityBlob = (PNEGOTIATE_MESSAGE) bcc_ptr;
2424 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2425 SecurityBlob->MessageType = NtLmNegotiate;
2427 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
2428 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM |
2429 NTLMSSP_NEGOTIATE_56 |
2430 /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
2432 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
2433 /* if(ntlmv2_support)
2434 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;*/
2435 /* setup pointers to domain name and workstation name */
2436 bcc_ptr += SecurityBlobLength;
2438 SecurityBlob->WorkstationName.Buffer = 0;
2439 SecurityBlob->WorkstationName.Length = 0;
2440 SecurityBlob->WorkstationName.MaximumLength = 0;
2442 /* Domain not sent on first Sesssetup in NTLMSSP, instead it is sent
2443 along with username on auth request (ie the response to challenge) */
2444 SecurityBlob->DomainName.Buffer = 0;
2445 SecurityBlob->DomainName.Length = 0;
2446 SecurityBlob->DomainName.MaximumLength = 0;
2447 if (ses->capabilities & CAP_UNICODE) {
2448 if ((long) bcc_ptr % 2) {
2454 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2456 bcc_ptr += 2 * bytes_returned;
2458 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
2460 bcc_ptr += 2 * bytes_returned;
2461 bcc_ptr += 2; /* null terminate Linux version */
2463 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2465 bcc_ptr += 2 * bytes_returned;
2468 bcc_ptr += 2; /* null terminate network opsys string */
2471 bcc_ptr += 2; /* null domain */
2472 } else { /* ASCII */
2473 strcpy(bcc_ptr, "Linux version ");
2474 bcc_ptr += strlen("Linux version ");
2475 strcpy(bcc_ptr, utsname()->release);
2476 bcc_ptr += strlen(utsname()->release) + 1;
2477 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2478 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2479 bcc_ptr++; /* empty domain field */
2482 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2483 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2484 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2485 smb_buffer->smb_buf_length += count;
2486 pSMB->req.ByteCount = cpu_to_le16(count);
2488 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2489 &bytes_returned, 1);
2491 if (smb_buffer_response->Status.CifsError ==
2492 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
2496 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2497 } else if ((smb_buffer_response->WordCount == 3)
2498 || (smb_buffer_response->WordCount == 4)) {
2499 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2500 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2502 if (action & GUEST_LOGIN)
2503 cFYI(1, (" Guest login"));
2504 /* Do we want to set anything in SesInfo struct when guest login? */
2506 bcc_ptr = pByteArea(smb_buffer_response);
2507 /* response can have either 3 or 4 word count - Samba sends 3 */
2509 SecurityBlob2 = (PCHALLENGE_MESSAGE) bcc_ptr;
2510 if (SecurityBlob2->MessageType != NtLmChallenge) {
2512 ("Unexpected NTLMSSP message type received %d",
2513 SecurityBlob2->MessageType));
2515 ses->Suid = smb_buffer_response->Uid; /* UID left in le format */
2516 cFYI(1, ("UID = %d", ses->Suid));
2517 if ((pSMBr->resp.hdr.WordCount == 3)
2518 || ((pSMBr->resp.hdr.WordCount == 4)
2520 pSMBr->resp.ByteCount))) {
2522 if (pSMBr->resp.hdr.WordCount == 4) {
2523 bcc_ptr += blob_len;
2524 cFYI(1, ("Security Blob Length %d",
2528 cFYI(1, ("NTLMSSP Challenge rcvd"));
2530 memcpy(ses->server->cryptKey,
2531 SecurityBlob2->Challenge,
2532 CIFS_CRYPTO_KEY_SIZE);
2533 if(SecurityBlob2->NegotiateFlags &
2534 cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
2535 *pNTLMv2_flag = TRUE;
2537 if((SecurityBlob2->NegotiateFlags &
2538 cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN))
2539 || (sign_CIFS_PDUs > 1))
2540 ses->server->secMode |=
2541 SECMODE_SIGN_REQUIRED;
2542 if ((SecurityBlob2->NegotiateFlags &
2543 cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN)) && (sign_CIFS_PDUs))
2544 ses->server->secMode |=
2545 SECMODE_SIGN_ENABLED;
2547 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2548 if ((long) (bcc_ptr) % 2) {
2550 (BCC(smb_buffer_response)
2552 bcc_ptr++; /* Unicode strings must be word aligned */
2556 (smb_buffer_response) / 2;
2559 UniStrnlen((wchar_t *) bcc_ptr,
2560 remaining_words - 1);
2561 /* We look for obvious messed up bcc or strings in response so we do not go off
2562 the end since (at least) WIN2K and Windows XP have a major bug in not null
2563 terminating last Unicode string in response */
2565 kfree(ses->serverOS);
2567 kzalloc(2 * (len + 1), GFP_KERNEL);
2568 cifs_strfromUCS_le(ses->serverOS,
2572 bcc_ptr += 2 * (len + 1);
2573 remaining_words -= len + 1;
2574 ses->serverOS[2 * len] = 0;
2575 ses->serverOS[1 + (2 * len)] = 0;
2576 if (remaining_words > 0) {
2577 len = UniStrnlen((wchar_t *)
2581 kfree(ses->serverNOS);
2583 kzalloc(2 * (len + 1),
2585 cifs_strfromUCS_le(ses->
2591 bcc_ptr += 2 * (len + 1);
2592 ses->serverNOS[2 * len] = 0;
2595 remaining_words -= len + 1;
2596 if (remaining_words > 0) {
2597 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2598 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2599 kfree(ses->serverDomain);
2611 ses->serverDomain[2*len]
2616 } /* else no more room so create dummy domain string */
2618 kfree(ses->serverDomain);
2623 } else { /* no room so create dummy domain and NOS string */
2624 kfree(ses->serverDomain);
2626 kzalloc(2, GFP_KERNEL);
2627 kfree(ses->serverNOS);
2629 kzalloc(2, GFP_KERNEL);
2631 } else { /* ASCII */
2632 len = strnlen(bcc_ptr, 1024);
2633 if (((long) bcc_ptr + len) - (long)
2634 pByteArea(smb_buffer_response)
2635 <= BCC(smb_buffer_response)) {
2637 kfree(ses->serverOS);
2641 strncpy(ses->serverOS,
2645 bcc_ptr[0] = 0; /* null terminate string */
2648 len = strnlen(bcc_ptr, 1024);
2649 kfree(ses->serverNOS);
2653 strncpy(ses->serverNOS, bcc_ptr, len);
2658 len = strnlen(bcc_ptr, 1024);
2659 kfree(ses->serverDomain);
2663 strncpy(ses->serverDomain, bcc_ptr, len);
2669 ("Variable field of length %d extends beyond end of smb",
2674 (" Security Blob Length extends beyond end of SMB"));
2677 cERROR(1, ("No session structure passed in."));
2681 (" Invalid Word count %d:",
2682 smb_buffer_response->WordCount));
2687 cifs_buf_release(smb_buffer);
2692 CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2693 char *ntlm_session_key, int ntlmv2_flag,
2694 const struct nls_table *nls_codepage)
2696 struct smb_hdr *smb_buffer;
2697 struct smb_hdr *smb_buffer_response;
2698 SESSION_SETUP_ANDX *pSMB;
2699 SESSION_SETUP_ANDX *pSMBr;
2704 int remaining_words = 0;
2705 int bytes_returned = 0;
2707 int SecurityBlobLength = sizeof (AUTHENTICATE_MESSAGE);
2708 PAUTHENTICATE_MESSAGE SecurityBlob;
2709 __u32 negotiate_flags, capabilities;
2712 cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
2715 user = ses->userName;
2716 domain = ses->domainName;
2717 smb_buffer = cifs_buf_get();
2718 if (smb_buffer == NULL) {
2721 smb_buffer_response = smb_buffer;
2722 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2723 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2725 /* send SMBsessionSetup here */
2726 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2727 NULL /* no tCon exists yet */ , 12 /* wct */ );
2729 smb_buffer->Mid = GetNextMid(ses->server);
2730 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2731 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2732 pSMB->req.AndXCommand = 0xFF;
2733 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2734 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2736 pSMB->req.hdr.Uid = ses->Suid;
2738 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2739 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2741 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2742 CAP_EXTENDED_SECURITY;
2743 if (ses->capabilities & CAP_UNICODE) {
2744 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2745 capabilities |= CAP_UNICODE;
2747 if (ses->capabilities & CAP_STATUS32) {
2748 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2749 capabilities |= CAP_STATUS32;
2751 if (ses->capabilities & CAP_DFS) {
2752 smb_buffer->Flags2 |= SMBFLG2_DFS;
2753 capabilities |= CAP_DFS;
2755 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2757 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2758 SecurityBlob = (PAUTHENTICATE_MESSAGE) bcc_ptr;
2759 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2760 SecurityBlob->MessageType = NtLmAuthenticate;
2761 bcc_ptr += SecurityBlobLength;
2763 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
2764 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
2765 0x80000000 | NTLMSSP_NEGOTIATE_128;
2767 negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
2769 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
2771 /* setup pointers to domain name and workstation name */
2773 SecurityBlob->WorkstationName.Buffer = 0;
2774 SecurityBlob->WorkstationName.Length = 0;
2775 SecurityBlob->WorkstationName.MaximumLength = 0;
2776 SecurityBlob->SessionKey.Length = 0;
2777 SecurityBlob->SessionKey.MaximumLength = 0;
2778 SecurityBlob->SessionKey.Buffer = 0;
2780 SecurityBlob->LmChallengeResponse.Length = 0;
2781 SecurityBlob->LmChallengeResponse.MaximumLength = 0;
2782 SecurityBlob->LmChallengeResponse.Buffer = 0;
2784 SecurityBlob->NtChallengeResponse.Length =
2785 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2786 SecurityBlob->NtChallengeResponse.MaximumLength =
2787 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2788 memcpy(bcc_ptr, ntlm_session_key, CIFS_SESS_KEY_SIZE);
2789 SecurityBlob->NtChallengeResponse.Buffer =
2790 cpu_to_le32(SecurityBlobLength);
2791 SecurityBlobLength += CIFS_SESS_KEY_SIZE;
2792 bcc_ptr += CIFS_SESS_KEY_SIZE;
2794 if (ses->capabilities & CAP_UNICODE) {
2795 if (domain == NULL) {
2796 SecurityBlob->DomainName.Buffer = 0;
2797 SecurityBlob->DomainName.Length = 0;
2798 SecurityBlob->DomainName.MaximumLength = 0;
2801 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2804 SecurityBlob->DomainName.MaximumLength =
2806 SecurityBlob->DomainName.Buffer =
2807 cpu_to_le32(SecurityBlobLength);
2809 SecurityBlobLength += len;
2810 SecurityBlob->DomainName.Length =
2814 SecurityBlob->UserName.Buffer = 0;
2815 SecurityBlob->UserName.Length = 0;
2816 SecurityBlob->UserName.MaximumLength = 0;
2819 cifs_strtoUCS((__le16 *) bcc_ptr, user, 64,
2822 SecurityBlob->UserName.MaximumLength =
2824 SecurityBlob->UserName.Buffer =
2825 cpu_to_le32(SecurityBlobLength);
2827 SecurityBlobLength += len;
2828 SecurityBlob->UserName.Length =
2832 /* SecurityBlob->WorkstationName.Length = cifs_strtoUCS((__le16 *) bcc_ptr, "AMACHINE",64, nls_codepage);
2833 SecurityBlob->WorkstationName.Length *= 2;
2834 SecurityBlob->WorkstationName.MaximumLength = cpu_to_le16(SecurityBlob->WorkstationName.Length);
2835 SecurityBlob->WorkstationName.Buffer = cpu_to_le32(SecurityBlobLength);
2836 bcc_ptr += SecurityBlob->WorkstationName.Length;
2837 SecurityBlobLength += SecurityBlob->WorkstationName.Length;
2838 SecurityBlob->WorkstationName.Length = cpu_to_le16(SecurityBlob->WorkstationName.Length); */
2840 if ((long) bcc_ptr % 2) {
2845 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2847 bcc_ptr += 2 * bytes_returned;
2849 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
2851 bcc_ptr += 2 * bytes_returned;
2852 bcc_ptr += 2; /* null term version string */
2854 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2856 bcc_ptr += 2 * bytes_returned;
2859 bcc_ptr += 2; /* null terminate network opsys string */
2862 bcc_ptr += 2; /* null domain */
2863 } else { /* ASCII */
2864 if (domain == NULL) {
2865 SecurityBlob->DomainName.Buffer = 0;
2866 SecurityBlob->DomainName.Length = 0;
2867 SecurityBlob->DomainName.MaximumLength = 0;
2870 negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
2871 strncpy(bcc_ptr, domain, 63);
2872 len = strnlen(domain, 64);
2873 SecurityBlob->DomainName.MaximumLength =
2875 SecurityBlob->DomainName.Buffer =
2876 cpu_to_le32(SecurityBlobLength);
2878 SecurityBlobLength += len;
2879 SecurityBlob->DomainName.Length = cpu_to_le16(len);
2882 SecurityBlob->UserName.Buffer = 0;
2883 SecurityBlob->UserName.Length = 0;
2884 SecurityBlob->UserName.MaximumLength = 0;
2887 strncpy(bcc_ptr, user, 63);
2888 len = strnlen(user, 64);
2889 SecurityBlob->UserName.MaximumLength =
2891 SecurityBlob->UserName.Buffer =
2892 cpu_to_le32(SecurityBlobLength);
2894 SecurityBlobLength += len;
2895 SecurityBlob->UserName.Length = cpu_to_le16(len);
2897 /* BB fill in our workstation name if known BB */
2899 strcpy(bcc_ptr, "Linux version ");
2900 bcc_ptr += strlen("Linux version ");
2901 strcpy(bcc_ptr, utsname()->release);
2902 bcc_ptr += strlen(utsname()->release) + 1;
2903 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2904 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2905 bcc_ptr++; /* null domain */
2908 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2909 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2910 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2911 smb_buffer->smb_buf_length += count;
2912 pSMB->req.ByteCount = cpu_to_le16(count);
2914 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2915 &bytes_returned, 1);
2917 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2918 } else if ((smb_buffer_response->WordCount == 3)
2919 || (smb_buffer_response->WordCount == 4)) {
2920 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2922 le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2923 if (action & GUEST_LOGIN)
2924 cFYI(1, (" Guest login")); /* BB do we want to set anything in SesInfo struct ? */
2925 /* if(SecurityBlob2->MessageType != NtLm??){
2926 cFYI("Unexpected message type on auth response is %d "));
2930 ("Does UID on challenge %d match auth response UID %d ",
2931 ses->Suid, smb_buffer_response->Uid));
2932 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format */
2933 bcc_ptr = pByteArea(smb_buffer_response);
2934 /* response can have either 3 or 4 word count - Samba sends 3 */
2935 if ((pSMBr->resp.hdr.WordCount == 3)
2936 || ((pSMBr->resp.hdr.WordCount == 4)
2938 pSMBr->resp.ByteCount))) {
2939 if (pSMBr->resp.hdr.WordCount == 4) {
2943 ("Security Blob Length %d ",
2948 ("NTLMSSP response to Authenticate "));
2950 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2951 if ((long) (bcc_ptr) % 2) {
2953 (BCC(smb_buffer_response)
2955 bcc_ptr++; /* Unicode strings must be word aligned */
2957 remaining_words = BCC(smb_buffer_response) / 2;
2960 UniStrnlen((wchar_t *) bcc_ptr,remaining_words - 1);
2961 /* We look for obvious messed up bcc or strings in response so we do not go off
2962 the end since (at least) WIN2K and Windows XP have a major bug in not null
2963 terminating last Unicode string in response */
2965 kfree(ses->serverOS);
2967 kzalloc(2 * (len + 1), GFP_KERNEL);
2968 cifs_strfromUCS_le(ses->serverOS,
2972 bcc_ptr += 2 * (len + 1);
2973 remaining_words -= len + 1;
2974 ses->serverOS[2 * len] = 0;
2975 ses->serverOS[1 + (2 * len)] = 0;
2976 if (remaining_words > 0) {
2977 len = UniStrnlen((wchar_t *)
2981 kfree(ses->serverNOS);
2983 kzalloc(2 * (len + 1),
2985 cifs_strfromUCS_le(ses->
2991 bcc_ptr += 2 * (len + 1);
2992 ses->serverNOS[2 * len] = 0;
2993 ses->serverNOS[1+(2*len)] = 0;
2994 remaining_words -= len + 1;
2995 if (remaining_words > 0) {
2996 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2997 /* last string not always null terminated (e.g. for Windows XP & 2000) */
2998 if(ses->serverDomain)
2999 kfree(ses->serverDomain);
3024 } /* else no more room so create dummy domain string */
3026 if(ses->serverDomain)
3027 kfree(ses->serverDomain);
3028 ses->serverDomain = kzalloc(2,GFP_KERNEL);
3030 } else { /* no room so create dummy domain and NOS string */
3031 if(ses->serverDomain)
3032 kfree(ses->serverDomain);
3033 ses->serverDomain = kzalloc(2, GFP_KERNEL);
3034 kfree(ses->serverNOS);
3035 ses->serverNOS = kzalloc(2, GFP_KERNEL);
3037 } else { /* ASCII */
3038 len = strnlen(bcc_ptr, 1024);
3039 if (((long) bcc_ptr + len) -
3040 (long) pByteArea(smb_buffer_response)
3041 <= BCC(smb_buffer_response)) {
3043 kfree(ses->serverOS);
3044 ses->serverOS = kzalloc(len + 1,GFP_KERNEL);
3045 strncpy(ses->serverOS,bcc_ptr, len);
3048 bcc_ptr[0] = 0; /* null terminate the string */
3051 len = strnlen(bcc_ptr, 1024);
3052 kfree(ses->serverNOS);
3053 ses->serverNOS = kzalloc(len+1,GFP_KERNEL);
3054 strncpy(ses->serverNOS, bcc_ptr, len);
3059 len = strnlen(bcc_ptr, 1024);
3060 if(ses->serverDomain)
3061 kfree(ses->serverDomain);
3062 ses->serverDomain = kzalloc(len+1,GFP_KERNEL);
3063 strncpy(ses->serverDomain, bcc_ptr, len);
3069 ("Variable field of length %d extends beyond end of smb ",
3074 (" Security Blob Length extends beyond end of SMB"));
3077 cERROR(1, ("No session structure passed in."));
3081 (" Invalid Word count %d: ",
3082 smb_buffer_response->WordCount));
3087 cifs_buf_release(smb_buffer);
3093 CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3094 const char *tree, struct cifsTconInfo *tcon,
3095 const struct nls_table *nls_codepage)
3097 struct smb_hdr *smb_buffer;
3098 struct smb_hdr *smb_buffer_response;
3101 unsigned char *bcc_ptr;
3109 smb_buffer = cifs_buf_get();
3110 if (smb_buffer == NULL) {
3113 smb_buffer_response = smb_buffer;
3115 header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3116 NULL /*no tid */ , 4 /*wct */ );
3118 smb_buffer->Mid = GetNextMid(ses->server);
3119 smb_buffer->Uid = ses->Suid;
3120 pSMB = (TCONX_REQ *) smb_buffer;
3121 pSMBr = (TCONX_RSP *) smb_buffer_response;
3123 pSMB->AndXCommand = 0xFF;
3124 pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
3125 bcc_ptr = &pSMB->Password[0];
3126 if((ses->server->secMode) & SECMODE_USER) {
3127 pSMB->PasswordLength = cpu_to_le16(1); /* minimum */
3128 *bcc_ptr = 0; /* password is null byte */
3129 bcc_ptr++; /* skip password */
3130 /* already aligned so no need to do it below */
3132 pSMB->PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);
3133 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3134 specified as required (when that support is added to
3135 the vfs in the future) as only NTLM or the much
3136 weaker LANMAN (which we do not send by default) is accepted
3137 by Samba (not sure whether other servers allow
3138 NTLMv2 password here) */
3139 #ifdef CONFIG_CIFS_WEAK_PW_HASH
3140 if((extended_security & CIFSSEC_MAY_LANMAN) &&
3141 (ses->server->secType == LANMAN))
3142 calc_lanman_hash(ses, bcc_ptr);
3144 #endif /* CIFS_WEAK_PW_HASH */
3145 SMBNTencrypt(ses->password,
3146 ses->server->cryptKey,
3149 bcc_ptr += CIFS_SESS_KEY_SIZE;
3150 if(ses->capabilities & CAP_UNICODE) {
3151 /* must align unicode strings */
3152 *bcc_ptr = 0; /* null byte password */
3157 if(ses->server->secMode &
3158 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3159 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3161 if (ses->capabilities & CAP_STATUS32) {
3162 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3164 if (ses->capabilities & CAP_DFS) {
3165 smb_buffer->Flags2 |= SMBFLG2_DFS;
3167 if (ses->capabilities & CAP_UNICODE) {
3168 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3170 cifs_strtoUCS((__le16 *) bcc_ptr, tree,
3171 6 /* max utf8 char length in bytes */ *
3172 (/* server len*/ + 256 /* share len */), nls_codepage);
3173 bcc_ptr += 2 * length; /* convert num 16 bit words to bytes */
3174 bcc_ptr += 2; /* skip trailing null */
3175 } else { /* ASCII */
3176 strcpy(bcc_ptr, tree);
3177 bcc_ptr += strlen(tree) + 1;
3179 strcpy(bcc_ptr, "?????");
3180 bcc_ptr += strlen("?????");
3182 count = bcc_ptr - &pSMB->Password[0];
3183 pSMB->hdr.smb_buf_length += count;
3184 pSMB->ByteCount = cpu_to_le16(count);
3186 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length, 0);
3188 /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3189 /* above now done in SendReceive */
3190 if ((rc == 0) && (tcon != NULL)) {
3191 tcon->tidStatus = CifsGood;
3192 tcon->tid = smb_buffer_response->Tid;
3193 bcc_ptr = pByteArea(smb_buffer_response);
3194 length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2);
3195 /* skip service field (NB: this field is always ASCII) */
3196 bcc_ptr += length + 1;
3197 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3198 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3199 length = UniStrnlen((wchar_t *) bcc_ptr, 512);
3200 if ((bcc_ptr + (2 * length)) -
3201 pByteArea(smb_buffer_response) <=
3202 BCC(smb_buffer_response)) {
3203 kfree(tcon->nativeFileSystem);
3204 tcon->nativeFileSystem =
3205 kzalloc(length + 2, GFP_KERNEL);
3206 cifs_strfromUCS_le(tcon->nativeFileSystem,
3208 length, nls_codepage);
3209 bcc_ptr += 2 * length;
3210 bcc_ptr[0] = 0; /* null terminate the string */
3214 /* else do not bother copying these informational fields */
3216 length = strnlen(bcc_ptr, 1024);
3217 if ((bcc_ptr + length) -
3218 pByteArea(smb_buffer_response) <=
3219 BCC(smb_buffer_response)) {
3220 kfree(tcon->nativeFileSystem);
3221 tcon->nativeFileSystem =
3222 kzalloc(length + 1, GFP_KERNEL);
3223 strncpy(tcon->nativeFileSystem, bcc_ptr,
3226 /* else do not bother copying these informational fields */
3228 if((smb_buffer_response->WordCount == 3) ||
3229 (smb_buffer_response->WordCount == 7))
3230 /* field is in same location */
3231 tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3234 cFYI(1, ("Tcon flags: 0x%x ", tcon->Flags));
3235 } else if ((rc == 0) && tcon == NULL) {
3236 /* all we need to save for IPC$ connection */
3237 ses->ipc_tid = smb_buffer_response->Tid;
3241 cifs_buf_release(smb_buffer);
3246 cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3250 struct cifsSesInfo *ses = NULL;
3251 struct task_struct *cifsd_task;
3256 if (cifs_sb->tcon) {
3257 ses = cifs_sb->tcon->ses; /* save ptr to ses before delete tcon!*/
3258 rc = CIFSSMBTDis(xid, cifs_sb->tcon);
3263 tconInfoFree(cifs_sb->tcon);
3264 if ((ses) && (ses->server)) {
3265 /* save off task so we do not refer to ses later */
3266 cifsd_task = ses->server->tsk;
3267 cFYI(1, ("About to do SMBLogoff "));
3268 rc = CIFSSMBLogoff(xid, ses);
3272 } else if (rc == -ESHUTDOWN) {
3273 cFYI(1,("Waking up socket by sending it signal"));
3275 send_sig(SIGKILL,cifsd_task,1);
3276 wait_for_completion(&cifsd_complete);
3279 } /* else - we have an smb session
3280 left on this socket do not kill cifsd */
3282 cFYI(1, ("No session or bad tcon"));
3285 cifs_sb->tcon = NULL;
3286 tmp = cifs_sb->prepath;
3287 cifs_sb->prepathlen = 0;
3288 cifs_sb->prepath = NULL;
3291 schedule_timeout_interruptible(msecs_to_jiffies(500));
3296 return rc; /* BB check if we should always return zero here */
3299 int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
3300 struct nls_table * nls_info)
3303 char ntlm_session_key[CIFS_SESS_KEY_SIZE];
3304 int ntlmv2_flag = FALSE;
3307 /* what if server changes its buffer size after dropping the session? */
3308 if(pSesInfo->server->maxBuf == 0) /* no need to send on reconnect */ {
3309 rc = CIFSSMBNegotiate(xid, pSesInfo);
3310 if(rc == -EAGAIN) /* retry only once on 1st time connection */ {
3311 rc = CIFSSMBNegotiate(xid, pSesInfo);
3316 spin_lock(&GlobalMid_Lock);
3317 if(pSesInfo->server->tcpStatus != CifsExiting)
3318 pSesInfo->server->tcpStatus = CifsGood;
3321 spin_unlock(&GlobalMid_Lock);
3327 pSesInfo->flags = 0;
3328 pSesInfo->capabilities = pSesInfo->server->capabilities;
3329 if(linuxExtEnabled == 0)
3330 pSesInfo->capabilities &= (~CAP_UNIX);
3331 /* pSesInfo->sequence_number = 0;*/
3332 cFYI(1,("Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d",
3333 pSesInfo->server->secMode,
3334 pSesInfo->server->capabilities,
3335 pSesInfo->server->timeAdj));
3336 if(experimEnabled < 2)
3337 rc = CIFS_SessSetup(xid, pSesInfo,
3338 first_time, nls_info);
3339 else if (extended_security
3340 && (pSesInfo->capabilities
3341 & CAP_EXTENDED_SECURITY)
3342 && (pSesInfo->server->secType == NTLMSSP)) {
3344 } else if (extended_security
3345 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3346 && (pSesInfo->server->secType == RawNTLMSSP)) {
3347 cFYI(1, ("NTLMSSP sesssetup"));
3348 rc = CIFSNTLMSSPNegotiateSessSetup(xid,
3355 cFYI(1,("more secure NTLM ver2 hash"));
3356 if(CalcNTLMv2_partial_mac_key(pSesInfo,
3361 v2_response = kmalloc(16 + 64 /* blob */, GFP_KERNEL);
3363 CalcNTLMv2_response(pSesInfo,v2_response);
3365 cifs_calculate_ntlmv2_mac_key(
3366 pSesInfo->server->mac_signing_key,
3367 response, ntlm_session_key, */
3369 /* BB Put dummy sig in SessSetup PDU? */
3376 SMBNTencrypt(pSesInfo->password,
3377 pSesInfo->server->cryptKey,
3381 cifs_calculate_mac_key(
3382 pSesInfo->server->mac_signing_key,
3384 pSesInfo->password);
3386 /* for better security the weaker lanman hash not sent
3387 in AuthSessSetup so we no longer calculate it */
3389 rc = CIFSNTLMSSPAuthSessSetup(xid,
3395 } else { /* old style NTLM 0.12 session setup */
3396 SMBNTencrypt(pSesInfo->password,
3397 pSesInfo->server->cryptKey,
3401 cifs_calculate_mac_key(
3402 pSesInfo->server->mac_signing_key,
3403 ntlm_session_key, pSesInfo->password);
3405 rc = CIFSSessSetup(xid, pSesInfo,
3406 ntlm_session_key, nls_info);
3409 cERROR(1,("Send error in SessSetup = %d",rc));
3411 cFYI(1,("CIFS Session Established successfully"));
3412 pSesInfo->status = CifsGood;