]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - fs/cifs/connect.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge with /pub/scm/linux/kernel/git/torvalds/linux-2.6.git
[mirror_ubuntu-artful-kernel.git] / fs / cifs / connect.c
CommitLineData
1da177e4
LT		 1/*
2 * fs/cifs/connect.c
3 *
5815449d 4 * Copyright (C) International Business Machines Corp., 2002,2006
1da177e4
LT		 5 * Author(s): Steve French (sfrench@us.ibm.com)
6 *
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
21#include <linux/fs.h>
22#include <linux/net.h>
23#include <linux/string.h>
24#include <linux/list.h>
25#include <linux/wait.h>
26#include <linux/ipv6.h>
27#include <linux/pagemap.h>
28#include <linux/ctype.h>
29#include <linux/utsname.h>
30#include <linux/mempool.h>
b8643e1b 31#include <linux/delay.h>
f191401f 32#include <linux/completion.h>
0ae0efad 33#include <linux/pagevec.h>
1da177e4
LT		 34#include <asm/uaccess.h>
35#include <asm/processor.h>
36#include "cifspdu.h"
37#include "cifsglob.h"
38#include "cifsproto.h"
39#include "cifs_unicode.h"
40#include "cifs_debug.h"
41#include "cifs_fs_sb.h"
42#include "ntlmssp.h"
43#include "nterr.h"
44#include "rfc1002pdu.h"
a2653eba 45#include "cn_cifs.h"
1da177e4
LT		 46
47#define CIFS_PORT 445
48#define RFC1001_PORT 139
49
f191401f
SF		 50static DECLARE_COMPLETION(cifsd_complete);
51
1da177e4
LT		 52extern void SMBencrypt(unsigned char *passwd, unsigned char *c8,
53 unsigned char *p24);
54extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
55 unsigned char *p24);
56
57extern mempool_t *cifs_req_poolp;
58
59struct smb_vol {
60 char *username;
61 char *password;
62 char *domainname;
63 char *UNC;
64 char *UNCip;
65 char *in6_addr; /* ipv6 address as human readable form of in6_addr */
66 char *iocharset; /* local code page for mapping to and from Unicode */
67 char source_rfc1001_name[16]; /* netbios name of client */
a10faeb2 68 char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
1da177e4
LT		 69 uid_t linux_uid;
70 gid_t linux_gid;
71 mode_t file_mode;
72 mode_t dir_mode;
73 unsigned rw:1;
74 unsigned retry:1;
75 unsigned intr:1;
76 unsigned setuids:1;
77 unsigned noperm:1;
78 unsigned no_psx_acl:1; /* set if posix acl support should be disabled */
0a4b92c0 79 unsigned cifs_acl:1;
1da177e4
LT		 80 unsigned no_xattr:1; /* set if xattr (EA) support should be disabled*/
81 unsigned server_ino:1; /* use inode numbers from server ie UniqueId */
82 unsigned direct_io:1;
6a0b4824 83 unsigned remap:1; /* set to remap seven reserved chars in filenames */
ac67055e 84 unsigned posix_paths:1; /* unset to not ask for posix pathnames. */
d7245c2c 85 unsigned sfu_emul:1;
bf820679
SF		 86 unsigned krb5:1;
87 unsigned ntlm:1;
88 unsigned ntlmv2:1;
89 unsigned nullauth:1; /* attempt to authenticate with null user */
90 unsigned sign:1;
91 unsigned seal:1; /* encrypt */
c46fa8ac
SF		 92 unsigned nocase; /* request case insensitive filenames */
93 unsigned nobrl; /* disable sending byte range locks to srv */
1da177e4
LT		 94 unsigned int rsize;
95 unsigned int wsize;
96 unsigned int sockopt;
97 unsigned short int port;
98};
99
100static int ipv4_connect(struct sockaddr_in *psin_server,
101 struct socket **csocket,
a10faeb2
SF		 102 char * netb_name,
103 char * server_netb_name);
1da177e4
LT		 104static int ipv6_connect(struct sockaddr_in6 *psin_server,
105 struct socket **csocket);
106
107
108 /*
109 * cifs tcp session reconnection
110 *
111 * mark tcp session as reconnecting so temporarily locked
112 * mark all smb sessions as reconnecting for tcp session
113 * reconnect tcp session
114 * wake up waiters on reconnection? - (not needed currently)
115 */
116
117int
118cifs_reconnect(struct TCP_Server_Info *server)
119{
120 int rc = 0;
121 struct list_head *tmp;
122 struct cifsSesInfo *ses;
123 struct cifsTconInfo *tcon;
124 struct mid_q_entry * mid_entry;
125
126 spin_lock(&GlobalMid_Lock);
127 if(server->tcpStatus == CifsExiting) {
128 /* the demux thread will exit normally
129 next time through the loop */
130 spin_unlock(&GlobalMid_Lock);
131 return rc;
132 } else
133 server->tcpStatus = CifsNeedReconnect;
134 spin_unlock(&GlobalMid_Lock);
135 server->maxBuf = 0;
136
e4eb295d 137 cFYI(1, ("Reconnecting tcp session"));
1da177e4
LT		 138
139 /* before reconnecting the tcp session, mark the smb session (uid)
140 and the tid bad so they are not used until reconnected */
141 read_lock(&GlobalSMBSeslock);
142 list_for_each(tmp, &GlobalSMBSessionList) {
143 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
144 if (ses->server) {
145 if (ses->server == server) {
146 ses->status = CifsNeedReconnect;
147 ses->ipc_tid = 0;
148 }
149 }
150 /* else tcp and smb sessions need reconnection */
151 }
152 list_for_each(tmp, &GlobalTreeConnectionList) {
153 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
154 if((tcon) && (tcon->ses) && (tcon->ses->server == server)) {
155 tcon->tidStatus = CifsNeedReconnect;
156 }
157 }
158 read_unlock(&GlobalSMBSeslock);
159 /* do not want to be sending data on a socket we are freeing */
160 down(&server->tcpSem);
161 if(server->ssocket) {
162 cFYI(1,("State: 0x%x Flags: 0x%lx", server->ssocket->state,
163 server->ssocket->flags));
164 server->ssocket->ops->shutdown(server->ssocket,SEND_SHUTDOWN);
165 cFYI(1,("Post shutdown state: 0x%x Flags: 0x%lx", server->ssocket->state,
166 server->ssocket->flags));
167 sock_release(server->ssocket);
168 server->ssocket = NULL;
169 }
170
171 spin_lock(&GlobalMid_Lock);
172 list_for_each(tmp, &server->pending_mid_q) {
173 mid_entry = list_entry(tmp, struct
174 mid_q_entry,
175 qhead);
176 if(mid_entry) {
177 if(mid_entry->midState == MID_REQUEST_SUBMITTED) {
09d1db5c
SF		 178 /* Mark other intransit requests as needing
179 retry so we do not immediately mark the
180 session bad again (ie after we reconnect
181 below) as they timeout too */
1da177e4
LT		 182 mid_entry->midState = MID_RETRY_NEEDED;
183 }
184 }
185 }
186 spin_unlock(&GlobalMid_Lock);
187 up(&server->tcpSem);
188
189 while ((server->tcpStatus != CifsExiting) && (server->tcpStatus != CifsGood))
190 {
191 if(server->protocolType == IPV6) {
192 rc = ipv6_connect(&server->addr.sockAddr6,&server->ssocket);
193 } else {
194 rc = ipv4_connect(&server->addr.sockAddr,
195 &server->ssocket,
a10faeb2
SF		 196 server->workstation_RFC1001_name,
197 server->server_RFC1001_name);
1da177e4
LT		 198 }
199 if(rc) {
b387eaeb 200 cFYI(1,("reconnect error %d",rc));
0cb766ae 201 msleep(3000);
1da177e4
LT		 202 } else {
203 atomic_inc(&tcpSesReconnectCount);
204 spin_lock(&GlobalMid_Lock);
205 if(server->tcpStatus != CifsExiting)
206 server->tcpStatus = CifsGood;
ad009ac9
SF		 207 server->sequence_number = 0;
208 spin_unlock(&GlobalMid_Lock);
1da177e4
LT		 209 /* atomic_set(&server->inFlight,0);*/
210 wake_up(&server->response_q);
211 }
212 }
213 return rc;
214}
215
e4eb295d
SF		 216/*
217 return codes:
218 0 not a transact2, or all data present
219 >0 transact2 with that much data missing
220 -EINVAL = invalid transact2
221
222 */
223static int check2ndT2(struct smb_hdr * pSMB, unsigned int maxBufSize)
224{
225 struct smb_t2_rsp * pSMBt;
226 int total_data_size;
227 int data_in_this_rsp;
228 int remaining;
229
230 if(pSMB->Command != SMB_COM_TRANSACTION2)
231 return 0;
232
233 /* check for plausible wct, bcc and t2 data and parm sizes */
234 /* check for parm and data offset going beyond end of smb */
235 if(pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
236 cFYI(1,("invalid transact2 word count"));
237 return -EINVAL;
238 }
239
240 pSMBt = (struct smb_t2_rsp *)pSMB;
241
242 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
243 data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
244
245 remaining = total_data_size - data_in_this_rsp;
246
247 if(remaining == 0)
248 return 0;
249 else if(remaining < 0) {
250 cFYI(1,("total data %d smaller than data in frame %d",
251 total_data_size, data_in_this_rsp));
252 return -EINVAL;
253 } else {
254 cFYI(1,("missing %d bytes from transact2, check next response",
255 remaining));
256 if(total_data_size > maxBufSize) {
257 cERROR(1,("TotalDataSize %d is over maximum buffer %d",
258 total_data_size,maxBufSize));
259 return -EINVAL;
260 }
261 return remaining;
262 }
263}
264
265static int coalesce_t2(struct smb_hdr * psecond, struct smb_hdr *pTargetSMB)
266{
267 struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
268 struct smb_t2_rsp *pSMBt = (struct smb_t2_rsp *)pTargetSMB;
269 int total_data_size;
270 int total_in_buf;
271 int remaining;
272 int total_in_buf2;
273 char * data_area_of_target;
274 char * data_area_of_buf2;
275 __u16 byte_count;
276
277 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
278
279 if(total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
280 cFYI(1,("total data sizes of primary and secondary t2 differ"));
281 }
282
283 total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
284
285 remaining = total_data_size - total_in_buf;
286
287 if(remaining < 0)
288 return -EINVAL;
289
290 if(remaining == 0) /* nothing to do, ignore */
291 return 0;
292
293 total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
294 if(remaining < total_in_buf2) {
295 cFYI(1,("transact2 2nd response contains too much data"));
296 }
297
298 /* find end of first SMB data area */
299 data_area_of_target = (char *)&pSMBt->hdr.Protocol +
300 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
301 /* validate target area */
302
303 data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
304 le16_to_cpu(pSMB2->t2_rsp.DataOffset);
305
306 data_area_of_target += total_in_buf;
307
308 /* copy second buffer into end of first buffer */
309 memcpy(data_area_of_target,data_area_of_buf2,total_in_buf2);
310 total_in_buf += total_in_buf2;
311 pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
312 byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
313 byte_count += total_in_buf2;
314 BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
315
70ca734a 316 byte_count = pTargetSMB->smb_buf_length;
e4eb295d
SF		 317 byte_count += total_in_buf2;
318
319 /* BB also add check that we are not beyond maximum buffer size */
320
70ca734a 321 pTargetSMB->smb_buf_length = byte_count;
e4eb295d
SF		 322
323 if(remaining == total_in_buf2) {
324 cFYI(1,("found the last secondary response"));
325 return 0; /* we are done */
326 } else /* more responses to go */
327 return 1;
328
329}
330
1da177e4
LT		 331static int
332cifs_demultiplex_thread(struct TCP_Server_Info *server)
333{
334 int length;
335 unsigned int pdu_length, total_read;
336 struct smb_hdr *smb_buffer = NULL;
b8643e1b
SF		 337 struct smb_hdr *bigbuf = NULL;
338 struct smb_hdr *smallbuf = NULL;
1da177e4
LT		 339 struct msghdr smb_msg;
340 struct kvec iov;
341 struct socket *csocket = server->ssocket;
342 struct list_head *tmp;
343 struct cifsSesInfo *ses;
344 struct task_struct *task_to_wake = NULL;
345 struct mid_q_entry *mid_entry;
70ca734a 346 char temp;
b8643e1b 347 int isLargeBuf = FALSE;
e4eb295d
SF		 348 int isMultiRsp;
349 int reconnect;
1da177e4
LT		 350
351 daemonize("cifsd");
352 allow_signal(SIGKILL);
353 current->flags |= PF_MEMALLOC;
354 server->tsk = current; /* save process info to wake at shutdown */
355 cFYI(1, ("Demultiplex PID: %d", current->pid));
356 write_lock(&GlobalSMBSeslock);
357 atomic_inc(&tcpSesAllocCount);
358 length = tcpSesAllocCount.counter;
359 write_unlock(&GlobalSMBSeslock);
f191401f 360 complete(&cifsd_complete);
1da177e4
LT		 361 if(length > 1) {
362 mempool_resize(cifs_req_poolp,
363 length + cifs_min_rcv,
364 GFP_KERNEL);
365 }
366
367 while (server->tcpStatus != CifsExiting) {
ede1327e
SF		 368 if (try_to_freeze())
369 continue;
b8643e1b
SF		 370 if (bigbuf == NULL) {
371 bigbuf = cifs_buf_get();
372 if(bigbuf == NULL) {
373 cERROR(1,("No memory for large SMB response"));
374 msleep(3000);
375 /* retry will check if exiting */
376 continue;
377 }
378 } else if(isLargeBuf) {
379 /* we are reusing a dirtry large buf, clear its start */
380 memset(bigbuf, 0, sizeof (struct smb_hdr));
1da177e4 381 }
b8643e1b
SF		 382
383 if (smallbuf == NULL) {
384 smallbuf = cifs_small_buf_get();
385 if(smallbuf == NULL) {
386 cERROR(1,("No memory for SMB response"));
387 msleep(1000);
388 /* retry will check if exiting */
389 continue;
390 }
391 /* beginning of smb buffer is cleared in our buf_get */
392 } else /* if existing small buf clear beginning */
393 memset(smallbuf, 0, sizeof (struct smb_hdr));
394
395 isLargeBuf = FALSE;
e4eb295d 396 isMultiRsp = FALSE;
b8643e1b 397 smb_buffer = smallbuf;
1da177e4
LT		 398 iov.iov_base = smb_buffer;
399 iov.iov_len = 4;
400 smb_msg.msg_control = NULL;
401 smb_msg.msg_controllen = 0;
402 length =
403 kernel_recvmsg(csocket, &smb_msg,
404 &iov, 1, 4, 0 /* BB see socket.h flags */);
405
406 if(server->tcpStatus == CifsExiting) {
407 break;
408 } else if (server->tcpStatus == CifsNeedReconnect) {
57337e42 409 cFYI(1,("Reconnect after server stopped responding"));
1da177e4
LT		 410 cifs_reconnect(server);
411 cFYI(1,("call to reconnect done"));
412 csocket = server->ssocket;
413 continue;
414 } else if ((length == -ERESTARTSYS) || (length == -EAGAIN)) {
b8643e1b 415 msleep(1); /* minimum sleep to prevent looping
1da177e4
LT		 416 allowing socket to clear and app threads to set
417 tcpStatus CifsNeedReconnect if server hung */
418 continue;
419 } else if (length <= 0) {
420 if(server->tcpStatus == CifsNew) {
57337e42 421 cFYI(1,("tcp session abend after SMBnegprot"));
09d1db5c
SF		 422 /* some servers kill the TCP session rather than
423 returning an SMB negprot error, in which
424 case reconnecting here is not going to help,
425 and so simply return error to mount */
1da177e4
LT		 426 break;
427 }
428 if(length == -EINTR) {
429 cFYI(1,("cifsd thread killed"));
430 break;
431 }
57337e42
SF		 432 cFYI(1,("Reconnect after unexpected peek error %d",
433 length));
1da177e4
LT		 434 cifs_reconnect(server);
435 csocket = server->ssocket;
436 wake_up(&server->response_q);
437 continue;
46810cbf
SF		 438 } else if (length < 4) {
439 cFYI(1,
57337e42 440 ("Frame under four bytes received (%d bytes long)",
46810cbf
SF		 441 length));
442 cifs_reconnect(server);
443 csocket = server->ssocket;
444 wake_up(&server->response_q);
445 continue;
446 }
1da177e4 447
70ca734a
SF		 448 /* The right amount was read from socket - 4 bytes */
449 /* so we can now interpret the length field */
46810cbf 450
70ca734a
SF		 451 /* the first byte big endian of the length field,
452 is actually not part of the length but the type
453 with the most common, zero, as regular data */
454 temp = *((char *) smb_buffer);
46810cbf 455
70ca734a
SF		 456 /* Note that FC 1001 length is big endian on the wire,
457 but we convert it here so it is always manipulated
458 as host byte order */
46810cbf 459 pdu_length = ntohl(smb_buffer->smb_buf_length);
70ca734a
SF		 460 smb_buffer->smb_buf_length = pdu_length;
461
462 cFYI(1,("rfc1002 length 0x%x)", pdu_length+4));
46810cbf 463
70ca734a 464 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
e4eb295d 465 continue;
70ca734a 466 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
e4eb295d
SF		 467 cFYI(1,("Good RFC 1002 session rsp"));
468 continue;
70ca734a 469 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
46810cbf
SF		 470 /* we get this from Windows 98 instead of
471 an error on SMB negprot response */
e4eb295d 472 cFYI(1,("Negative RFC1002 Session Response Error 0x%x)",
70ca734a 473 pdu_length));
46810cbf
SF		 474 if(server->tcpStatus == CifsNew) {
475 /* if nack on negprot (rather than
476 ret of smb negprot error) reconnecting
477 not going to help, ret error to mount */
478 break;
479 } else {
480 /* give server a second to
481 clean up before reconnect attempt */
482 msleep(1000);
483 /* always try 445 first on reconnect
484 since we get NACK on some if we ever
485 connected to port 139 (the NACK is
486 since we do not begin with RFC1001
487 session initialize frame) */
488 server->addr.sockAddr.sin_port =
489 htons(CIFS_PORT);
1da177e4
LT		 490 cifs_reconnect(server);
491 csocket = server->ssocket;
46810cbf 492 wake_up(&server->response_q);
1da177e4 493 continue;
46810cbf 494 }
70ca734a 495 } else if (temp != (char) 0) {
46810cbf 496 cERROR(1,("Unknown RFC 1002 frame"));
70ca734a
SF		 497 cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
498 length);
46810cbf
SF		 499 cifs_reconnect(server);
500 csocket = server->ssocket;
501 continue;
e4eb295d
SF		 502 }
503
504 /* else we have an SMB response */
505 if((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
46810cbf 506 (pdu_length < sizeof (struct smb_hdr) - 1 - 4)) {
e4eb295d 507 cERROR(1, ("Invalid size SMB length %d pdu_length %d",
46810cbf 508 length, pdu_length+4));
e4eb295d
SF		 509 cifs_reconnect(server);
510 csocket = server->ssocket;
511 wake_up(&server->response_q);
512 continue;
513 }
514
515 /* else length ok */
516 reconnect = 0;
517
ec637e3f 518 if(pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
e4eb295d
SF		 519 isLargeBuf = TRUE;
520 memcpy(bigbuf, smallbuf, 4);
521 smb_buffer = bigbuf;
522 }
523 length = 0;
524 iov.iov_base = 4 + (char *)smb_buffer;
525 iov.iov_len = pdu_length;
526 for (total_read = 0; total_read < pdu_length;
527 total_read += length) {
528 length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
529 pdu_length - total_read, 0);
530 if((server->tcpStatus == CifsExiting) ||
531 (length == -EINTR)) {
532 /* then will exit */
533 reconnect = 2;
534 break;
535 } else if (server->tcpStatus == CifsNeedReconnect) {
46810cbf
SF		 536 cifs_reconnect(server);
537 csocket = server->ssocket;
e4eb295d
SF		 538 /* Reconnect wakes up rspns q */
539 /* Now we will reread sock */
540 reconnect = 1;
541 break;
542 } else if ((length == -ERESTARTSYS) ||
543 (length == -EAGAIN)) {
544 msleep(1); /* minimum sleep to prevent looping,
545 allowing socket to clear and app
546 threads to set tcpStatus
547 CifsNeedReconnect if server hung*/
46810cbf 548 continue;
e4eb295d
SF		 549 } else if (length <= 0) {
550 cERROR(1,("Received no data, expecting %d",
551 pdu_length - total_read));
552 cifs_reconnect(server);
553 csocket = server->ssocket;
554 reconnect = 1;
555 break;
46810cbf 556 }
e4eb295d
SF		 557 }
558 if(reconnect == 2)
559 break;
560 else if(reconnect == 1)
561 continue;
1da177e4 562
e4eb295d
SF		 563 length += 4; /* account for rfc1002 hdr */
564
09d1db5c 565
e4eb295d
SF		 566 dump_smb(smb_buffer, length);
567 if (checkSMB (smb_buffer, smb_buffer->Mid, total_read+4)) {
b387eaeb 568 cifs_dump_mem("Bad SMB: ", smb_buffer, 48);
e4eb295d
SF		 569 continue;
570 }
1da177e4 571
e4eb295d
SF		 572
573 task_to_wake = NULL;
574 spin_lock(&GlobalMid_Lock);
575 list_for_each(tmp, &server->pending_mid_q) {
576 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
577
578 if ((mid_entry->mid == smb_buffer->Mid) &&
579 (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
580 (mid_entry->command == smb_buffer->Command)) {
e4eb295d
SF		 581 if(check2ndT2(smb_buffer,server->maxBuf) > 0) {
582 /* We have a multipart transact2 resp */
cd63499c 583 isMultiRsp = TRUE;
e4eb295d
SF		 584 if(mid_entry->resp_buf) {
585 /* merge response - fix up 1st*/
586 if(coalesce_t2(smb_buffer,
587 mid_entry->resp_buf)) {
e4eb295d
SF		 588 break;
589 } else {
590 /* all parts received */
591 goto multi_t2_fnd;
592 }
593 } else {
594 if(!isLargeBuf) {
595 cERROR(1,("1st trans2 resp needs bigbuf"));
596 /* BB maybe we can fix this up, switch
597 to already allocated large buffer? */
598 } else {
cd63499c 599 /* Have first buffer */
e4eb295d
SF		 600 mid_entry->resp_buf =
601 smb_buffer;
602 mid_entry->largeBuf = 1;
e4eb295d
SF		 603 bigbuf = NULL;
604 }
605 }
606 break;
607 }
608 mid_entry->resp_buf = smb_buffer;
46810cbf 609 if(isLargeBuf)
e4eb295d 610 mid_entry->largeBuf = 1;
46810cbf 611 else
e4eb295d
SF		 612 mid_entry->largeBuf = 0;
613multi_t2_fnd:
614 task_to_wake = mid_entry->tsk;
615 mid_entry->midState = MID_RESPONSE_RECEIVED;
1047abc1
SF		 616#ifdef CONFIG_CIFS_STATS2
617 mid_entry->when_received = jiffies;
618#endif
e4eb295d 619 break;
46810cbf 620 }
1da177e4 621 }
e4eb295d
SF		 622 spin_unlock(&GlobalMid_Lock);
623 if (task_to_wake) {
cd63499c
SF		 624 /* Was previous buf put in mpx struct for multi-rsp? */
625 if(!isMultiRsp) {
626 /* smb buffer will be freed by user thread */
627 if(isLargeBuf) {
628 bigbuf = NULL;
629 } else
630 smallbuf = NULL;
631 }
e4eb295d 632 wake_up_process(task_to_wake);
57337e42 633 } else if ((is_valid_oplock_break(smb_buffer) == FALSE)
e4eb295d
SF		 634 && (isMultiRsp == FALSE)) {
635 cERROR(1, ("No task to wake, unknown frame rcvd!"));
70ca734a
SF		 636 cifs_dump_mem("Received Data is: ",(char *)smb_buffer,
637 sizeof(struct smb_hdr));
e4eb295d
SF		 638 }
639 } /* end while !EXITING */
640
1da177e4
LT		 641 spin_lock(&GlobalMid_Lock);
642 server->tcpStatus = CifsExiting;
643 server->tsk = NULL;
31ca3bc3
SF		 644 /* check if we have blocked requests that need to free */
645 /* Note that cifs_max_pending is normally 50, but
646 can be set at module install time to as little as two */
647 if(atomic_read(&server->inFlight) >= cifs_max_pending)
648 atomic_set(&server->inFlight, cifs_max_pending - 1);
649 /* We do not want to set the max_pending too low or we
650 could end up with the counter going negative */
1da177e4
LT		 651 spin_unlock(&GlobalMid_Lock);
652 /* Although there should not be any requests blocked on
653 this queue it can not hurt to be paranoid and try to wake up requests
09d1db5c 654 that may haven been blocked when more than 50 at time were on the wire
1da177e4
LT		 655 to the same server - they now will see the session is in exit state
656 and get out of SendReceive. */
657 wake_up_all(&server->request_q);
658 /* give those requests time to exit */
b8643e1b
SF		 659 msleep(125);
660
1da177e4
LT		 661 if(server->ssocket) {
662 sock_release(csocket);
663 server->ssocket = NULL;
664 }
b8643e1b
SF		 665 /* buffer usuallly freed in free_mid - need to free it here on exit */
666 if (bigbuf != NULL)
667 cifs_buf_release(bigbuf);
668 if (smallbuf != NULL)
669 cifs_small_buf_release(smallbuf);
1da177e4
LT		 670
671 read_lock(&GlobalSMBSeslock);
672 if (list_empty(&server->pending_mid_q)) {
09d1db5c
SF		 673 /* loop through server session structures attached to this and
674 mark them dead */
1da177e4
LT		 675 list_for_each(tmp, &GlobalSMBSessionList) {
676 ses =
677 list_entry(tmp, struct cifsSesInfo,
678 cifsSessionList);
679 if (ses->server == server) {
680 ses->status = CifsExiting;
681 ses->server = NULL;
682 }
683 }
684 read_unlock(&GlobalSMBSeslock);
685 } else {
31ca3bc3
SF		 686 /* although we can not zero the server struct pointer yet,
687 since there are active requests which may depnd on them,
688 mark the corresponding SMB sessions as exiting too */
689 list_for_each(tmp, &GlobalSMBSessionList) {
690 ses = list_entry(tmp, struct cifsSesInfo,
691 cifsSessionList);
692 if (ses->server == server) {
693 ses->status = CifsExiting;
694 }
695 }
696
1da177e4
LT		 697 spin_lock(&GlobalMid_Lock);
698 list_for_each(tmp, &server->pending_mid_q) {
699 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
700 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
701 cFYI(1,
09d1db5c 702 ("Clearing Mid 0x%x - waking up ",mid_entry->mid));
1da177e4
LT		 703 task_to_wake = mid_entry->tsk;
704 if(task_to_wake) {
705 wake_up_process(task_to_wake);
706 }
707 }
708 }
709 spin_unlock(&GlobalMid_Lock);
710 read_unlock(&GlobalSMBSeslock);
1da177e4 711 /* 1/8th of sec is more than enough time for them to exit */
b8643e1b 712 msleep(125);
1da177e4
LT		 713 }
714
f191401f 715 if (!list_empty(&server->pending_mid_q)) {
1da177e4
LT		 716 /* mpx threads have not exited yet give them
717 at least the smb send timeout time for long ops */
31ca3bc3
SF		 718 /* due to delays on oplock break requests, we need
719 to wait at least 45 seconds before giving up
720 on a request getting a response and going ahead
721 and killing cifsd */
1da177e4 722 cFYI(1, ("Wait for exit from demultiplex thread"));
31ca3bc3 723 msleep(46000);
1da177e4
LT		 724 /* if threads still have not exited they are probably never
725 coming home not much else we can do but free the memory */
726 }
1da177e4
LT		 727
728 write_lock(&GlobalSMBSeslock);
729 atomic_dec(&tcpSesAllocCount);
730 length = tcpSesAllocCount.counter;
31ca3bc3
SF		 731
732 /* last chance to mark ses pointers invalid
733 if there are any pointing to this (e.g
734 if a crazy root user tried to kill cifsd
735 kernel thread explicitly this might happen) */
736 list_for_each(tmp, &GlobalSMBSessionList) {
737 ses = list_entry(tmp, struct cifsSesInfo,
738 cifsSessionList);
739 if (ses->server == server) {
740 ses->server = NULL;
741 }
742 }
1da177e4 743 write_unlock(&GlobalSMBSeslock);
31ca3bc3
SF		 744
745 kfree(server);
1da177e4
LT		 746 if(length > 0) {
747 mempool_resize(cifs_req_poolp,
748 length + cifs_min_rcv,
749 GFP_KERNEL);
750 }
b8643e1b 751
f191401f 752 complete_and_exit(&cifsd_complete, 0);
1da177e4
LT		 753 return 0;
754}
755
1da177e4
LT		 756static int
757cifs_parse_mount_options(char *options, const char *devname,struct smb_vol *vol)
758{
759 char *value;
760 char *data;
761 unsigned int temp_len, i, j;
762 char separator[2];
763
764 separator[0] = ',';
765 separator[1] = 0;
766
767 memset(vol->source_rfc1001_name,0x20,15);
768 for(i=0;i < strnlen(system_utsname.nodename,15);i++) {
769 /* does not have to be a perfect mapping since the field is
770 informational, only used for servers that do not support
771 port 445 and it can be overridden at mount time */
09d1db5c
SF		 772 vol->source_rfc1001_name[i] =
773 toupper(system_utsname.nodename[i]);
1da177e4
LT		 774 }
775 vol->source_rfc1001_name[15] = 0;
a10faeb2
SF		 776 /* null target name indicates to use *SMBSERVR default called name
777 if we end up sending RFC1001 session initialize */
778 vol->target_rfc1001_name[0] = 0;
1da177e4
LT		 779 vol->linux_uid = current->uid; /* current->euid instead? */
780 vol->linux_gid = current->gid;
781 vol->dir_mode = S_IRWXUGO;
782 /* 2767 perms indicate mandatory locking support */
783 vol->file_mode = S_IALLUGO & ~(S_ISUID | S_IXGRP);
784
785 /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
786 vol->rw = TRUE;
bf820679 787 vol->ntlm = TRUE;
ac67055e
JA		 788 /* default is always to request posix paths. */
789 vol->posix_paths = 1;
790
1da177e4
LT		 791 if (!options)
792 return 1;
793
794 if(strncmp(options,"sep=",4) == 0) {
795 if(options[4] != 0) {
796 separator[0] = options[4];
797 options += 5;
798 } else {
799 cFYI(1,("Null separator not allowed"));
800 }
801 }
802
803 while ((data = strsep(&options, separator)) != NULL) {
804 if (!*data)
805 continue;
806 if ((value = strchr(data, '=')) != NULL)
807 *value++ = '\0';
808
809 if (strnicmp(data, "user_xattr",10) == 0) {/*parse before user*/
810 vol->no_xattr = 0;
811 } else if (strnicmp(data, "nouser_xattr",12) == 0) {
812 vol->no_xattr = 1;
813 } else if (strnicmp(data, "user", 4) == 0) {
814 if (!value || !*value) {
815 printk(KERN_WARNING
816 "CIFS: invalid or missing username\n");
817 return 1; /* needs_arg; */
818 }
819 if (strnlen(value, 200) < 200) {
820 vol->username = value;
821 } else {
822 printk(KERN_WARNING "CIFS: username too long\n");
823 return 1;
824 }
825 } else if (strnicmp(data, "pass", 4) == 0) {
826 if (!value) {
827 vol->password = NULL;
828 continue;
829 } else if(value[0] == 0) {
830 /* check if string begins with double comma
831 since that would mean the password really
832 does start with a comma, and would not
833 indicate an empty string */
834 if(value[1] != separator[0]) {
835 vol->password = NULL;
836 continue;
837 }
838 }
839 temp_len = strlen(value);
840 /* removed password length check, NTLM passwords
841 can be arbitrarily long */
842
843 /* if comma in password, the string will be
844 prematurely null terminated. Commas in password are
845 specified across the cifs mount interface by a double
846 comma ie ,, and a comma used as in other cases ie ','
847 as a parameter delimiter/separator is single and due
848 to the strsep above is temporarily zeroed. */
849
850 /* NB: password legally can have multiple commas and
851 the only illegal character in a password is null */
852
09d1db5c
SF		 853 if ((value[temp_len] == 0) &&
854 (value[temp_len+1] == separator[0])) {
1da177e4
LT		 855 /* reinsert comma */
856 value[temp_len] = separator[0];
857 temp_len+=2; /* move after the second comma */
858 while(value[temp_len] != 0) {
859 if (value[temp_len] == separator[0]) {
09d1db5c
SF		 860 if (value[temp_len+1] ==
861 separator[0]) {
862 /* skip second comma */
863 temp_len++;
1da177e4
LT		 864 } else {
865 /* single comma indicating start
866 of next parm */
867 break;
868 }
869 }
870 temp_len++;
871 }
872 if(value[temp_len] == 0) {
873 options = NULL;
874 } else {
875 value[temp_len] = 0;
876 /* point option to start of next parm */
877 options = value + temp_len + 1;
878 }
879 /* go from value to value + temp_len condensing
880 double commas to singles. Note that this ends up
881 allocating a few bytes too many, which is ok */
e915fc49 882 vol->password = kzalloc(temp_len, GFP_KERNEL);
433dc24f
SF		 883 if(vol->password == NULL) {
884 printk("CIFS: no memory for pass\n");
885 return 1;
886 }
1da177e4
LT		 887 for(i=0,j=0;i<temp_len;i++,j++) {
888 vol->password[j] = value[i];
09d1db5c
SF		 889 if(value[i] == separator[0]
890 && value[i+1] == separator[0]) {
1da177e4
LT		 891 /* skip second comma */
892 i++;
893 }
894 }
895 vol->password[j] = 0;
896 } else {
e915fc49 897 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
433dc24f
SF		 898 if(vol->password == NULL) {
899 printk("CIFS: no memory for pass\n");
900 return 1;
901 }
1da177e4
LT		 902 strcpy(vol->password, value);
903 }
904 } else if (strnicmp(data, "ip", 2) == 0) {
905 if (!value || !*value) {
906 vol->UNCip = NULL;
907 } else if (strnlen(value, 35) < 35) {
908 vol->UNCip = value;
909 } else {
910 printk(KERN_WARNING "CIFS: ip address too long\n");
911 return 1;
912 }
bf820679
SF		 913 } else if (strnicmp(data, "sec", 3) == 0) {
914 if (!value || !*value) {
915 cERROR(1,("no security value specified"));
916 continue;
917 } else if (strnicmp(value, "krb5i", 5) == 0) {
918 vol->sign = 1;
919 vol->krb5 = 1;
920 } else if (strnicmp(value, "krb5p", 5) == 0) {
921 /* vol->seal = 1;
922 vol->krb5 = 1; */
923 cERROR(1,("Krb5 cifs privacy not supported"));
924 return 1;
925 } else if (strnicmp(value, "krb5", 4) == 0) {
926 vol->krb5 = 1;
927 } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
928 vol->ntlmv2 = 1;
929 vol->sign = 1;
930 } else if (strnicmp(value, "ntlmv2", 6) == 0) {
931 vol->ntlmv2 = 1;
932 } else if (strnicmp(value, "ntlmi", 5) == 0) {
933 vol->ntlm = 1;
934 vol->sign = 1;
935 } else if (strnicmp(value, "ntlm", 4) == 0) {
936 /* ntlm is default so can be turned off too */
937 vol->ntlm = 1;
938 } else if (strnicmp(value, "nontlm", 6) == 0) {
939 vol->ntlm = 0;
940 } else if (strnicmp(value, "none", 4) == 0) {
941 vol->nullauth = 1;
942 } else {
943 cERROR(1,("bad security option: %s", value));
944 return 1;
945 }
1da177e4
LT		 946 } else if ((strnicmp(data, "unc", 3) == 0)
947 || (strnicmp(data, "target", 6) == 0)
948 || (strnicmp(data, "path", 4) == 0)) {
949 if (!value || !*value) {
950 printk(KERN_WARNING
951 "CIFS: invalid path to network resource\n");
952 return 1; /* needs_arg; */
953 }
954 if ((temp_len = strnlen(value, 300)) < 300) {
955 vol->UNC = kmalloc(temp_len+1,GFP_KERNEL);
956 if(vol->UNC == NULL)
957 return 1;
958 strcpy(vol->UNC,value);
959 if (strncmp(vol->UNC, "//", 2) == 0) {
960 vol->UNC[0] = '\\';
961 vol->UNC[1] = '\\';
962 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
963 printk(KERN_WARNING
964 "CIFS: UNC Path does not begin with // or \\\\ \n");
965 return 1;
966 }
967 } else {
968 printk(KERN_WARNING "CIFS: UNC name too long\n");
969 return 1;
970 }
971 } else if ((strnicmp(data, "domain", 3) == 0)
972 || (strnicmp(data, "workgroup", 5) == 0)) {
973 if (!value || !*value) {
974 printk(KERN_WARNING "CIFS: invalid domain name\n");
975 return 1; /* needs_arg; */
976 }
977 /* BB are there cases in which a comma can be valid in
978 a domain name and need special handling? */
979 if (strnlen(value, 65) < 65) {
980 vol->domainname = value;
981 cFYI(1, ("Domain name set"));
982 } else {
983 printk(KERN_WARNING "CIFS: domain name too long\n");
984 return 1;
985 }
986 } else if (strnicmp(data, "iocharset", 9) == 0) {
987 if (!value || !*value) {
988 printk(KERN_WARNING "CIFS: invalid iocharset specified\n");
989 return 1; /* needs_arg; */
990 }
991 if (strnlen(value, 65) < 65) {
992 if(strnicmp(value,"default",7))
993 vol->iocharset = value;
994 /* if iocharset not set load_nls_default used by caller */
995 cFYI(1, ("iocharset set to %s",value));
996 } else {
997 printk(KERN_WARNING "CIFS: iocharset name too long.\n");
998 return 1;
999 }
1000 } else if (strnicmp(data, "uid", 3) == 0) {
1001 if (value && *value) {
1002 vol->linux_uid =
1003 simple_strtoul(value, &value, 0);
1004 }
1005 } else if (strnicmp(data, "gid", 3) == 0) {
1006 if (value && *value) {
1007 vol->linux_gid =
1008 simple_strtoul(value, &value, 0);
1009 }
1010 } else if (strnicmp(data, "file_mode", 4) == 0) {
1011 if (value && *value) {
1012 vol->file_mode =
1013 simple_strtoul(value, &value, 0);
1014 }
1015 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1016 if (value && *value) {
1017 vol->dir_mode =
1018 simple_strtoul(value, &value, 0);
1019 }
1020 } else if (strnicmp(data, "dirmode", 4) == 0) {
1021 if (value && *value) {
1022 vol->dir_mode =
1023 simple_strtoul(value, &value, 0);
1024 }
1025 } else if (strnicmp(data, "port", 4) == 0) {
1026 if (value && *value) {
1027 vol->port =
1028 simple_strtoul(value, &value, 0);
1029 }
1030 } else if (strnicmp(data, "rsize", 5) == 0) {
1031 if (value && *value) {
1032 vol->rsize =
1033 simple_strtoul(value, &value, 0);
1034 }
1035 } else if (strnicmp(data, "wsize", 5) == 0) {
1036 if (value && *value) {
1037 vol->wsize =
1038 simple_strtoul(value, &value, 0);
1039 }
1040 } else if (strnicmp(data, "sockopt", 5) == 0) {
1041 if (value && *value) {
1042 vol->sockopt =
1043 simple_strtoul(value, &value, 0);
1044 }
1045 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1046 if (!value || !*value || (*value == ' ')) {
1047 cFYI(1,("invalid (empty) netbiosname specified"));
1048 } else {
1049 memset(vol->source_rfc1001_name,0x20,15);
1050 for(i=0;i<15;i++) {
1051 /* BB are there cases in which a comma can be
1052 valid in this workstation netbios name (and need
1053 special handling)? */
1054
1055 /* We do not uppercase netbiosname for user */
1056 if (value[i]==0)
1057 break;
1058 else
1059 vol->source_rfc1001_name[i] = value[i];
1060 }
1061 /* The string has 16th byte zero still from
1062 set at top of the function */
1063 if((i==15) && (value[i] != 0))
a10faeb2
SF		 1064 printk(KERN_WARNING "CIFS: netbiosname longer than 15 truncated.\n");
1065 }
1066 } else if (strnicmp(data, "servern", 7) == 0) {
1067 /* servernetbiosname specified override *SMBSERVER */
1068 if (!value || !*value || (*value == ' ')) {
1069 cFYI(1,("empty server netbiosname specified"));
1070 } else {
1071 /* last byte, type, is 0x20 for servr type */
1072 memset(vol->target_rfc1001_name,0x20,16);
1073
1074 for(i=0;i<15;i++) {
1075 /* BB are there cases in which a comma can be
1076 valid in this workstation netbios name (and need
1077 special handling)? */
1078
1079 /* user or mount helper must uppercase netbiosname */
1080 if (value[i]==0)
1081 break;
1082 else
1083 vol->target_rfc1001_name[i] = value[i];
1084 }
1085 /* The string has 16th byte zero still from
1086 set at top of the function */
1087 if((i==15) && (value[i] != 0))
1088 printk(KERN_WARNING "CIFS: server netbiosname longer than 15 truncated.\n");
1da177e4
LT		 1089 }
1090 } else if (strnicmp(data, "credentials", 4) == 0) {
1091 /* ignore */
1092 } else if (strnicmp(data, "version", 3) == 0) {
1093 /* ignore */
1094 } else if (strnicmp(data, "guest",5) == 0) {
1095 /* ignore */
1096 } else if (strnicmp(data, "rw", 2) == 0) {
1097 vol->rw = TRUE;
1098 } else if ((strnicmp(data, "suid", 4) == 0) ||
1099 (strnicmp(data, "nosuid", 6) == 0) ||
1100 (strnicmp(data, "exec", 4) == 0) ||
1101 (strnicmp(data, "noexec", 6) == 0) ||
1102 (strnicmp(data, "nodev", 5) == 0) ||
1103 (strnicmp(data, "noauto", 6) == 0) ||
1104 (strnicmp(data, "dev", 3) == 0)) {
1105 /* The mount tool or mount.cifs helper (if present)
1106 uses these opts to set flags, and the flags are read
1107 by the kernel vfs layer before we get here (ie
1108 before read super) so there is no point trying to
1109 parse these options again and set anything and it
1110 is ok to just ignore them */
1111 continue;
1112 } else if (strnicmp(data, "ro", 2) == 0) {
1113 vol->rw = FALSE;
1114 } else if (strnicmp(data, "hard", 4) == 0) {
1115 vol->retry = 1;
1116 } else if (strnicmp(data, "soft", 4) == 0) {
1117 vol->retry = 0;
1118 } else if (strnicmp(data, "perm", 4) == 0) {
1119 vol->noperm = 0;
1120 } else if (strnicmp(data, "noperm", 6) == 0) {
1121 vol->noperm = 1;
6a0b4824
SF		 1122 } else if (strnicmp(data, "mapchars", 8) == 0) {
1123 vol->remap = 1;
1124 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1125 vol->remap = 0;
d7245c2c
SF		 1126 } else if (strnicmp(data, "sfu", 3) == 0) {
1127 vol->sfu_emul = 1;
1128 } else if (strnicmp(data, "nosfu", 5) == 0) {
1129 vol->sfu_emul = 0;
ac67055e
JA		 1130 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1131 vol->posix_paths = 1;
1132 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1133 vol->posix_paths = 0;
a10faeb2
SF		 1134 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1135 (strnicmp(data, "ignorecase", 10) == 0)) {
c46fa8ac
SF		 1136 vol->nocase = 1;
1137 } else if (strnicmp(data, "brl", 3) == 0) {
1138 vol->nobrl = 0;
cb8be640 1139 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1c955187 1140 (strnicmp(data, "nolock", 6) == 0)) {
c46fa8ac 1141 vol->nobrl = 1;
d3485d37
SF		 1142 /* turn off mandatory locking in mode
1143 if remote locking is turned off since the
1144 local vfs will do advisory */
1145 if(vol->file_mode == (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1146 vol->file_mode = S_IALLUGO;
1da177e4
LT		 1147 } else if (strnicmp(data, "setuids", 7) == 0) {
1148 vol->setuids = 1;
1149 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1150 vol->setuids = 0;
1151 } else if (strnicmp(data, "nohard", 6) == 0) {
1152 vol->retry = 0;
1153 } else if (strnicmp(data, "nosoft", 6) == 0) {
1154 vol->retry = 1;
1155 } else if (strnicmp(data, "nointr", 6) == 0) {
1156 vol->intr = 0;
1157 } else if (strnicmp(data, "intr", 4) == 0) {
1158 vol->intr = 1;
1159 } else if (strnicmp(data, "serverino",7) == 0) {
1160 vol->server_ino = 1;
1161 } else if (strnicmp(data, "noserverino",9) == 0) {
1162 vol->server_ino = 0;
0a4b92c0
SF		 1163 } else if (strnicmp(data, "cifsacl",7) == 0) {
1164 vol->cifs_acl = 1;
1165 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1166 vol->cifs_acl = 0;
1da177e4
LT		 1167 } else if (strnicmp(data, "acl",3) == 0) {
1168 vol->no_psx_acl = 0;
1169 } else if (strnicmp(data, "noacl",5) == 0) {
1170 vol->no_psx_acl = 1;
1171 } else if (strnicmp(data, "direct",6) == 0) {
1172 vol->direct_io = 1;
1173 } else if (strnicmp(data, "forcedirectio",13) == 0) {
1174 vol->direct_io = 1;
1175 } else if (strnicmp(data, "in6_addr",8) == 0) {
1176 if (!value || !*value) {
1177 vol->in6_addr = NULL;
1178 } else if (strnlen(value, 49) == 48) {
1179 vol->in6_addr = value;
1180 } else {
1181 printk(KERN_WARNING "CIFS: ip v6 address not 48 characters long\n");
1182 return 1;
1183 }
1184 } else if (strnicmp(data, "noac", 4) == 0) {
1185 printk(KERN_WARNING "CIFS: Mount option noac not supported. Instead set /proc/fs/cifs/LookupCacheEnabled to 0\n");
1186 } else
1187 printk(KERN_WARNING "CIFS: Unknown mount option %s\n",data);
1188 }
1189 if (vol->UNC == NULL) {
1190 if(devname == NULL) {
1191 printk(KERN_WARNING "CIFS: Missing UNC name for mount target\n");
1192 return 1;
1193 }
1194 if ((temp_len = strnlen(devname, 300)) < 300) {
1195 vol->UNC = kmalloc(temp_len+1,GFP_KERNEL);
1196 if(vol->UNC == NULL)
1197 return 1;
1198 strcpy(vol->UNC,devname);
1199 if (strncmp(vol->UNC, "//", 2) == 0) {
1200 vol->UNC[0] = '\\';
1201 vol->UNC[1] = '\\';
1202 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1203 printk(KERN_WARNING "CIFS: UNC Path does not begin with // or \\\\ \n");
1204 return 1;
1205 }
1206 } else {
1207 printk(KERN_WARNING "CIFS: UNC name too long\n");
1208 return 1;
1209 }
1210 }
1211 if(vol->UNCip == NULL)
1212 vol->UNCip = &vol->UNC[2];
1213
1214 return 0;
1215}
1216
1217static struct cifsSesInfo *
1218cifs_find_tcp_session(struct in_addr * target_ip_addr,
1219 struct in6_addr *target_ip6_addr,
1220 char *userName, struct TCP_Server_Info **psrvTcp)
1221{
1222 struct list_head *tmp;
1223 struct cifsSesInfo *ses;
1224 *psrvTcp = NULL;
1225 read_lock(&GlobalSMBSeslock);
1226
1227 list_for_each(tmp, &GlobalSMBSessionList) {
1228 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
1229 if (ses->server) {
1230 if((target_ip_addr &&
1231 (ses->server->addr.sockAddr.sin_addr.s_addr
1232 == target_ip_addr->s_addr)) || (target_ip6_addr
1233 && memcmp(&ses->server->addr.sockAddr6.sin6_addr,
1234 target_ip6_addr,sizeof(*target_ip6_addr)))){
1235 /* BB lock server and tcp session and increment use count here?? */
1236 *psrvTcp = ses->server; /* found a match on the TCP session */
1237 /* BB check if reconnection needed */
1238 if (strncmp
1239 (ses->userName, userName,
1240 MAX_USERNAME_SIZE) == 0){
1241 read_unlock(&GlobalSMBSeslock);
1242 return ses; /* found exact match on both tcp and SMB sessions */
1243 }
1244 }
1245 }
1246 /* else tcp and smb sessions need reconnection */
1247 }
1248 read_unlock(&GlobalSMBSeslock);
1249 return NULL;
1250}
1251
1252static struct cifsTconInfo *
1253find_unc(__be32 new_target_ip_addr, char *uncName, char *userName)
1254{
1255 struct list_head *tmp;
1256 struct cifsTconInfo *tcon;
1257
1258 read_lock(&GlobalSMBSeslock);
1259 list_for_each(tmp, &GlobalTreeConnectionList) {
1260 cFYI(1, ("Next tcon - "));
1261 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
1262 if (tcon->ses) {
1263 if (tcon->ses->server) {
1264 cFYI(1,
1265 (" old ip addr: %x == new ip %x ?",
1266 tcon->ses->server->addr.sockAddr.sin_addr.
1267 s_addr, new_target_ip_addr));
1268 if (tcon->ses->server->addr.sockAddr.sin_addr.
1269 s_addr == new_target_ip_addr) {
1270 /* BB lock tcon and server and tcp session and increment use count here? */
1271 /* found a match on the TCP session */
1272 /* BB check if reconnection needed */
1273 cFYI(1,("Matched ip, old UNC: %s == new: %s ?",
1274 tcon->treeName, uncName));
1275 if (strncmp
1276 (tcon->treeName, uncName,
1277 MAX_TREE_SIZE) == 0) {
1278 cFYI(1,
1279 ("Matched UNC, old user: %s == new: %s ?",
1280 tcon->treeName, uncName));
1281 if (strncmp
1282 (tcon->ses->userName,
1283 userName,
1284 MAX_USERNAME_SIZE) == 0) {
1285 read_unlock(&GlobalSMBSeslock);
1286 return tcon;/* also matched user (smb session)*/
1287 }
1288 }
1289 }
1290 }
1291 }
1292 }
1293 read_unlock(&GlobalSMBSeslock);
1294 return NULL;
1295}
1296
1297int
1298connect_to_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
737b758c
SF		 1299 const char *old_path, const struct nls_table *nls_codepage,
1300 int remap)
1da177e4
LT		 1301{
1302 unsigned char *referrals = NULL;
1303 unsigned int num_referrals;
1304 int rc = 0;
1305
1306 rc = get_dfs_path(xid, pSesInfo,old_path, nls_codepage,
737b758c 1307 &num_referrals, &referrals, remap);
1da177e4
LT		 1308
1309 /* BB Add in code to: if valid refrl, if not ip address contact
1310 the helper that resolves tcp names, mount to it, try to
1311 tcon to it unmount it if fail */
1312
f99d49ad 1313 kfree(referrals);
1da177e4
LT		 1314
1315 return rc;
1316}
1317
1318int
1319get_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
1320 const char *old_path, const struct nls_table *nls_codepage,
737b758c
SF		 1321 unsigned int *pnum_referrals,
1322 unsigned char ** preferrals, int remap)
1da177e4
LT		 1323{
1324 char *temp_unc;
1325 int rc = 0;
1326
1327 *pnum_referrals = 0;
1328
1329 if (pSesInfo->ipc_tid == 0) {
1330 temp_unc = kmalloc(2 /* for slashes */ +
1331 strnlen(pSesInfo->serverName,SERVER_NAME_LEN_WITH_NULL * 2)
1332 + 1 + 4 /* slash IPC$ */ + 2,
1333 GFP_KERNEL);
1334 if (temp_unc == NULL)
1335 return -ENOMEM;
1336 temp_unc[0] = '\\';
1337 temp_unc[1] = '\\';
1338 strcpy(temp_unc + 2, pSesInfo->serverName);
1339 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
1340 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
1341 cFYI(1,
1342 ("CIFS Tcon rc = %d ipc_tid = %d", rc,pSesInfo->ipc_tid));
1343 kfree(temp_unc);
1344 }
1345 if (rc == 0)
1346 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
737b758c 1347 pnum_referrals, nls_codepage, remap);
1da177e4
LT		 1348
1349 return rc;
1350}
1351
1352/* See RFC1001 section 14 on representation of Netbios names */
1353static void rfc1002mangle(char * target,char * source, unsigned int length)
1354{
1355 unsigned int i,j;
1356
1357 for(i=0,j=0;i<(length);i++) {
1358 /* mask a nibble at a time and encode */
1359 target[j] = 'A' + (0x0F & (source[i] >> 4));
1360 target[j+1] = 'A' + (0x0F & source[i]);
1361 j+=2;
1362 }
1363
1364}
1365
1366
1367static int
1368ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket,
a10faeb2 1369 char * netbios_name, char * target_name)
1da177e4
LT		 1370{
1371 int rc = 0;
1372 int connected = 0;
1373 __be16 orig_port = 0;
1374
1375 if(*csocket == NULL) {
1376 rc = sock_create_kern(PF_INET, SOCK_STREAM, IPPROTO_TCP, csocket);
1377 if (rc < 0) {
1378 cERROR(1, ("Error %d creating socket",rc));
1379 *csocket = NULL;
1380 return rc;
1381 } else {
1382 /* BB other socket options to set KEEPALIVE, NODELAY? */
1383 cFYI(1,("Socket created"));
1384 (*csocket)->sk->sk_allocation = GFP_NOFS;
1385 }
1386 }
1387
1388 psin_server->sin_family = AF_INET;
1389 if(psin_server->sin_port) { /* user overrode default port */
1390 rc = (*csocket)->ops->connect(*csocket,
1391 (struct sockaddr *) psin_server,
1392 sizeof (struct sockaddr_in),0);
1393 if (rc >= 0)
1394 connected = 1;
1395 }
1396
1397 if(!connected) {
1398 /* save original port so we can retry user specified port
1399 later if fall back ports fail this time */
1400 orig_port = psin_server->sin_port;
1401
1402 /* do not retry on the same port we just failed on */
1403 if(psin_server->sin_port != htons(CIFS_PORT)) {
1404 psin_server->sin_port = htons(CIFS_PORT);
1405
1406 rc = (*csocket)->ops->connect(*csocket,
1407 (struct sockaddr *) psin_server,
1408 sizeof (struct sockaddr_in),0);
1409 if (rc >= 0)
1410 connected = 1;
1411 }
1412 }
1413 if (!connected) {
1414 psin_server->sin_port = htons(RFC1001_PORT);
1415 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1416 psin_server, sizeof (struct sockaddr_in),0);
1417 if (rc >= 0)
1418 connected = 1;
1419 }
1420
1421 /* give up here - unless we want to retry on different
1422 protocol families some day */
1423 if (!connected) {
1424 if(orig_port)
1425 psin_server->sin_port = orig_port;
1426 cFYI(1,("Error %d connecting to server via ipv4",rc));
1427 sock_release(*csocket);
1428 *csocket = NULL;
1429 return rc;
1430 }
1431 /* Eventually check for other socket options to change from
1432 the default. sock_setsockopt not used because it expects
1433 user space buffer */
b387eaeb
SF		 1434 cFYI(1,("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",(*csocket)->sk->sk_sndbuf,
1435 (*csocket)->sk->sk_rcvbuf, (*csocket)->sk->sk_rcvtimeo));
1da177e4 1436 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
b387eaeb
SF		 1437 /* make the bufsizes depend on wsize/rsize and max requests */
1438 if((*csocket)->sk->sk_sndbuf < (200 * 1024))
1439 (*csocket)->sk->sk_sndbuf = 200 * 1024;
1440 if((*csocket)->sk->sk_rcvbuf < (140 * 1024))
1441 (*csocket)->sk->sk_rcvbuf = 140 * 1024;
1da177e4
LT		 1442
1443 /* send RFC1001 sessinit */
1da177e4
LT		 1444 if(psin_server->sin_port == htons(RFC1001_PORT)) {
1445 /* some servers require RFC1001 sessinit before sending
1446 negprot - BB check reconnection in case where second
1447 sessinit is sent but no second negprot */
1448 struct rfc1002_session_packet * ses_init_buf;
1449 struct smb_hdr * smb_buf;
e915fc49 1450 ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet), GFP_KERNEL);
1da177e4
LT		 1451 if(ses_init_buf) {
1452 ses_init_buf->trailer.session_req.called_len = 32;
a10faeb2
SF		 1453 if(target_name && (target_name[0] != 0)) {
1454 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1455 target_name, 16);
1456 } else {
1457 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1458 DEFAULT_CIFS_CALLED_NAME,16);
1459 }
1460
1da177e4
LT		 1461 ses_init_buf->trailer.session_req.calling_len = 32;
1462 /* calling name ends in null (byte 16) from old smb
1463 convention. */
1464 if(netbios_name && (netbios_name[0] !=0)) {
1465 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1466 netbios_name,16);
1467 } else {
1468 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1469 "LINUX_CIFS_CLNT",16);
1470 }
1471 ses_init_buf->trailer.session_req.scope1 = 0;
1472 ses_init_buf->trailer.session_req.scope2 = 0;
1473 smb_buf = (struct smb_hdr *)ses_init_buf;
1474 /* sizeof RFC1002_SESSION_REQUEST with no scope */
1475 smb_buf->smb_buf_length = 0x81000044;
1476 rc = smb_send(*csocket, smb_buf, 0x44,
1477 (struct sockaddr *)psin_server);
1478 kfree(ses_init_buf);
1479 }
1480 /* else the negprot may still work without this
1481 even though malloc failed */
1482
1483 }
1484
1485 return rc;
1486}
1487
1488static int
1489ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket)
1490{
1491 int rc = 0;
1492 int connected = 0;
1493 __be16 orig_port = 0;
1494
1495 if(*csocket == NULL) {
1496 rc = sock_create_kern(PF_INET6, SOCK_STREAM, IPPROTO_TCP, csocket);
1497 if (rc < 0) {
1498 cERROR(1, ("Error %d creating ipv6 socket",rc));
1499 *csocket = NULL;
1500 return rc;
1501 } else {
1502 /* BB other socket options to set KEEPALIVE, NODELAY? */
1503 cFYI(1,("ipv6 Socket created"));
1504 (*csocket)->sk->sk_allocation = GFP_NOFS;
1505 }
1506 }
1507
1508 psin_server->sin6_family = AF_INET6;
1509
1510 if(psin_server->sin6_port) { /* user overrode default port */
1511 rc = (*csocket)->ops->connect(*csocket,
1512 (struct sockaddr *) psin_server,
1513 sizeof (struct sockaddr_in6),0);
1514 if (rc >= 0)
1515 connected = 1;
1516 }
1517
1518 if(!connected) {
1519 /* save original port so we can retry user specified port
1520 later if fall back ports fail this time */
1521
1522 orig_port = psin_server->sin6_port;
1523 /* do not retry on the same port we just failed on */
1524 if(psin_server->sin6_port != htons(CIFS_PORT)) {
1525 psin_server->sin6_port = htons(CIFS_PORT);
1526
1527 rc = (*csocket)->ops->connect(*csocket,
1528 (struct sockaddr *) psin_server,
1529 sizeof (struct sockaddr_in6),0);
1530 if (rc >= 0)
1531 connected = 1;
1532 }
1533 }
1534 if (!connected) {
1535 psin_server->sin6_port = htons(RFC1001_PORT);
1536 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1537 psin_server, sizeof (struct sockaddr_in6),0);
1538 if (rc >= 0)
1539 connected = 1;
1540 }
1541
1542 /* give up here - unless we want to retry on different
1543 protocol families some day */
1544 if (!connected) {
1545 if(orig_port)
1546 psin_server->sin6_port = orig_port;
1547 cFYI(1,("Error %d connecting to server via ipv6",rc));
1548 sock_release(*csocket);
1549 *csocket = NULL;
1550 return rc;
1551 }
1552 /* Eventually check for other socket options to change from
1553 the default. sock_setsockopt not used because it expects
1554 user space buffer */
1555 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1556
1557 return rc;
1558}
1559
1560int
1561cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
1562 char *mount_data, const char *devname)
1563{
1564 int rc = 0;
1565 int xid;
1566 int address_type = AF_INET;
1567 struct socket *csocket = NULL;
1568 struct sockaddr_in sin_server;
1569 struct sockaddr_in6 sin_server6;
1570 struct smb_vol volume_info;
1571 struct cifsSesInfo *pSesInfo = NULL;
1572 struct cifsSesInfo *existingCifsSes = NULL;
1573 struct cifsTconInfo *tcon = NULL;
1574 struct TCP_Server_Info *srvTcp = NULL;
1575
1576 xid = GetXid();
1577
1578/* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */
1579
1580 memset(&volume_info,0,sizeof(struct smb_vol));
1581 if (cifs_parse_mount_options(mount_data, devname, &volume_info)) {
f99d49ad
JJ		 1582 kfree(volume_info.UNC);
1583 kfree(volume_info.password);
1da177e4
LT		 1584 FreeXid(xid);
1585 return -EINVAL;
1586 }
1587
1588 if (volume_info.username) {
1589 /* BB fixme parse for domain name here */
1590 cFYI(1, ("Username: %s ", volume_info.username));
1591
1592 } else {
bf820679 1593 cifserror("No username specified");
1da177e4
LT		 1594 /* In userspace mount helper we can get user name from alternate
1595 locations such as env variables and files on disk */
f99d49ad
JJ		 1596 kfree(volume_info.UNC);
1597 kfree(volume_info.password);
1da177e4
LT		 1598 FreeXid(xid);
1599 return -EINVAL;
1600 }
1601
1602 if (volume_info.UNCip && volume_info.UNC) {
1603 rc = cifs_inet_pton(AF_INET, volume_info.UNCip,&sin_server.sin_addr.s_addr);
1604
1605 if(rc <= 0) {
1606 /* not ipv4 address, try ipv6 */
1607 rc = cifs_inet_pton(AF_INET6,volume_info.UNCip,&sin_server6.sin6_addr.in6_u);
1608 if(rc > 0)
1609 address_type = AF_INET6;
1610 } else {
1611 address_type = AF_INET;
1612 }
1613
1614 if(rc <= 0) {
1615 /* we failed translating address */
f99d49ad
JJ		 1616 kfree(volume_info.UNC);
1617 kfree(volume_info.password);
1da177e4
LT		 1618 FreeXid(xid);
1619 return -EINVAL;
1620 }
1621
1622 cFYI(1, ("UNC: %s ip: %s", volume_info.UNC, volume_info.UNCip));
1623 /* success */
1624 rc = 0;
1625 } else if (volume_info.UNCip){
1626 /* BB using ip addr as server name connect to the DFS root below */
1627 cERROR(1,("Connecting to DFS root not implemented yet"));
f99d49ad
JJ		 1628 kfree(volume_info.UNC);
1629 kfree(volume_info.password);
1da177e4
LT		 1630 FreeXid(xid);
1631 return -EINVAL;
1632 } else /* which servers DFS root would we conect to */ {
1633 cERROR(1,
bf820679 1634 ("CIFS mount error: No UNC path (e.g. -o unc=//192.168.1.100/public) specified"));
f99d49ad
JJ		 1635 kfree(volume_info.UNC);
1636 kfree(volume_info.password);
1da177e4
LT		 1637 FreeXid(xid);
1638 return -EINVAL;
1639 }
1640
1641 /* this is needed for ASCII cp to Unicode converts */
1642 if(volume_info.iocharset == NULL) {
1643 cifs_sb->local_nls = load_nls_default();
1644 /* load_nls_default can not return null */
1645 } else {
1646 cifs_sb->local_nls = load_nls(volume_info.iocharset);
1647 if(cifs_sb->local_nls == NULL) {
1648 cERROR(1,("CIFS mount error: iocharset %s not found",volume_info.iocharset));
f99d49ad
JJ		 1649 kfree(volume_info.UNC);
1650 kfree(volume_info.password);
1da177e4
LT		 1651 FreeXid(xid);
1652 return -ELIBACC;
1653 }
1654 }
1655
1656 if(address_type == AF_INET)
1657 existingCifsSes = cifs_find_tcp_session(&sin_server.sin_addr,
1658 NULL /* no ipv6 addr */,
1659 volume_info.username, &srvTcp);
1660 else if(address_type == AF_INET6)
1661 existingCifsSes = cifs_find_tcp_session(NULL /* no ipv4 addr */,
1662 &sin_server6.sin6_addr,
1663 volume_info.username, &srvTcp);
1664 else {
f99d49ad
JJ		 1665 kfree(volume_info.UNC);
1666 kfree(volume_info.password);
1da177e4
LT		 1667 FreeXid(xid);
1668 return -EINVAL;
1669 }
1670
1671
1672 if (srvTcp) {
bf820679 1673 cFYI(1, ("Existing tcp session with server found"));
1da177e4
LT		 1674 } else { /* create socket */
1675 if(volume_info.port)
1676 sin_server.sin_port = htons(volume_info.port);
1677 else
1678 sin_server.sin_port = 0;
a10faeb2
SF		 1679 rc = ipv4_connect(&sin_server,&csocket,
1680 volume_info.source_rfc1001_name,
1681 volume_info.target_rfc1001_name);
1da177e4
LT		 1682 if (rc < 0) {
1683 cERROR(1,
1684 ("Error connecting to IPv4 socket. Aborting operation"));
1685 if(csocket != NULL)
1686 sock_release(csocket);
f99d49ad
JJ		 1687 kfree(volume_info.UNC);
1688 kfree(volume_info.password);
1da177e4
LT		 1689 FreeXid(xid);
1690 return rc;
1691 }
1692
1693 srvTcp = kmalloc(sizeof (struct TCP_Server_Info), GFP_KERNEL);
1694 if (srvTcp == NULL) {
1695 rc = -ENOMEM;
1696 sock_release(csocket);
f99d49ad
JJ		 1697 kfree(volume_info.UNC);
1698 kfree(volume_info.password);
1da177e4
LT		 1699 FreeXid(xid);
1700 return rc;
1701 } else {
1702 memset(srvTcp, 0, sizeof (struct TCP_Server_Info));
1703 memcpy(&srvTcp->addr.sockAddr, &sin_server, sizeof (struct sockaddr_in));
1704 atomic_set(&srvTcp->inFlight,0);
1705 /* BB Add code for ipv6 case too */
1706 srvTcp->ssocket = csocket;
1707 srvTcp->protocolType = IPV4;
1708 init_waitqueue_head(&srvTcp->response_q);
1709 init_waitqueue_head(&srvTcp->request_q);
1710 INIT_LIST_HEAD(&srvTcp->pending_mid_q);
1711 /* at this point we are the only ones with the pointer
1712 to the struct since the kernel thread not created yet
1713 so no need to spinlock this init of tcpStatus */
1714 srvTcp->tcpStatus = CifsNew;
1715 init_MUTEX(&srvTcp->tcpSem);
1716 rc = (int)kernel_thread((void *)(void *)cifs_demultiplex_thread, srvTcp,
1717 CLONE_FS | CLONE_FILES | CLONE_VM);
1718 if(rc < 0) {
1719 rc = -ENOMEM;
1720 sock_release(csocket);
f99d49ad
JJ		 1721 kfree(volume_info.UNC);
1722 kfree(volume_info.password);
1da177e4
LT		 1723 FreeXid(xid);
1724 return rc;
f191401f
SF		 1725 }
1726 wait_for_completion(&cifsd_complete);
1727 rc = 0;
1da177e4 1728 memcpy(srvTcp->workstation_RFC1001_name, volume_info.source_rfc1001_name,16);
a10faeb2 1729 memcpy(srvTcp->server_RFC1001_name, volume_info.target_rfc1001_name,16);
ad009ac9 1730 srvTcp->sequence_number = 0;
1da177e4
LT		 1731 }
1732 }
1733
1734 if (existingCifsSes) {
1735 pSesInfo = existingCifsSes;
bf820679 1736 cFYI(1, ("Existing smb sess found"));
f99d49ad 1737 kfree(volume_info.password);
1da177e4
LT		 1738 /* volume_info.UNC freed at end of function */
1739 } else if (!rc) {
bf820679 1740 cFYI(1, ("Existing smb sess not found"));
1da177e4
LT		 1741 pSesInfo = sesInfoAlloc();
1742 if (pSesInfo == NULL)
1743 rc = -ENOMEM;
1744 else {
1745 pSesInfo->server = srvTcp;
1746 sprintf(pSesInfo->serverName, "%u.%u.%u.%u",
1747 NIPQUAD(sin_server.sin_addr.s_addr));
1748 }
1749
1750 if (!rc){
1751 /* volume_info.password freed at unmount */
1752 if (volume_info.password)
1753 pSesInfo->password = volume_info.password;
1754 if (volume_info.username)
1755 strncpy(pSesInfo->userName,
1756 volume_info.username,MAX_USERNAME_SIZE);
1757 if (volume_info.domainname)
1758 strncpy(pSesInfo->domainName,
1759 volume_info.domainname,MAX_USERNAME_SIZE);
1760 pSesInfo->linux_uid = volume_info.linux_uid;
1761 down(&pSesInfo->sesSem);
1762 rc = cifs_setup_session(xid,pSesInfo, cifs_sb->local_nls);
1763 up(&pSesInfo->sesSem);
1764 if(!rc)
1765 atomic_inc(&srvTcp->socketUseCount);
1766 } else
f99d49ad 1767 kfree(volume_info.password);
1da177e4
LT		 1768 }
1769
1770 /* search for existing tcon to this server share */
1771 if (!rc) {
0ae0efad
SF		 1772 if(volume_info.rsize > CIFSMaxBufSize) {
1773 cERROR(1,("rsize %d too large, using MaxBufSize",
1774 volume_info.rsize));
1775 cifs_sb->rsize = CIFSMaxBufSize;
1776 } else if((volume_info.rsize) && (volume_info.rsize <= CIFSMaxBufSize))
1da177e4 1777 cifs_sb->rsize = volume_info.rsize;
0ae0efad
SF		 1778 else /* default */
1779 cifs_sb->rsize = CIFSMaxBufSize;
1780
1781 if(volume_info.wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
1782 cERROR(1,("wsize %d too large using 4096 instead",
1783 volume_info.wsize));
1784 cifs_sb->wsize = 4096;
1785 } else if(volume_info.wsize)
1da177e4
LT		 1786 cifs_sb->wsize = volume_info.wsize;
1787 else
17cbbafe 1788 cifs_sb->wsize =
1877c9ea
SF		 1789 min_t(const int, PAGEVEC_SIZE * PAGE_CACHE_SIZE,
1790 127*1024);
17cbbafe
SF		 1791 /* old default of CIFSMaxBufSize was too small now
1792 that SMB Write2 can send multiple pages in kvec.
1793 RFC1001 does not describe what happens when frame
1794 bigger than 128K is sent so use that as max in
1795 conjunction with 52K kvec constraint on arch with 4K
1796 page size */
1797
6cec2aed
SF		 1798 if(cifs_sb->rsize < 2048) {
1799 cifs_sb->rsize = 2048;
1800 /* Windows ME may prefer this */
1801 cFYI(1,("readsize set to minimum 2048"));
1da177e4
LT		 1802 }
1803 cifs_sb->mnt_uid = volume_info.linux_uid;
1804 cifs_sb->mnt_gid = volume_info.linux_gid;
1805 cifs_sb->mnt_file_mode = volume_info.file_mode;
1806 cifs_sb->mnt_dir_mode = volume_info.dir_mode;
eeac8047
SF		 1807 cFYI(1,("file mode: 0x%x dir mode: 0x%x",
1808 cifs_sb->mnt_file_mode,cifs_sb->mnt_dir_mode));
1da177e4
LT		 1809
1810 if(volume_info.noperm)
1811 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
1812 if(volume_info.setuids)
1813 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
1814 if(volume_info.server_ino)
1815 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
6a0b4824
SF		 1816 if(volume_info.remap)
1817 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
1da177e4
LT		 1818 if(volume_info.no_xattr)
1819 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
d7245c2c
SF		 1820 if(volume_info.sfu_emul)
1821 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
c46fa8ac
SF		 1822 if(volume_info.nobrl)
1823 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
0a4b92c0
SF		 1824 if(volume_info.cifs_acl)
1825 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
ac67055e 1826
1da177e4 1827 if(volume_info.direct_io) {
c46fa8ac 1828 cFYI(1,("mounting share using direct i/o"));
1da177e4
LT		 1829 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
1830 }
1831
1832 tcon =
1833 find_unc(sin_server.sin_addr.s_addr, volume_info.UNC,
1834 volume_info.username);
1835 if (tcon) {
bf820679 1836 cFYI(1, ("Found match on UNC path"));
1da177e4
LT		 1837 /* we can have only one retry value for a connection
1838 to a share so for resources mounted more than once
1839 to the same server share the last value passed in
1840 for the retry flag is used */
1841 tcon->retry = volume_info.retry;
d3485d37 1842 tcon->nocase = volume_info.nocase;
1da177e4
LT		 1843 } else {
1844 tcon = tconInfoAlloc();
1845 if (tcon == NULL)
1846 rc = -ENOMEM;
1847 else {
1848 /* check for null share name ie connect to dfs root */
1849
1850 /* BB check if this works for exactly length three strings */
1851 if ((strchr(volume_info.UNC + 3, '\\') == NULL)
1852 && (strchr(volume_info.UNC + 3, '/') ==
1853 NULL)) {
737b758c
SF		 1854 rc = connect_to_dfs_path(xid, pSesInfo,
1855 "", cifs_sb->local_nls,
1856 cifs_sb->mnt_cifs_flags &
1857 CIFS_MOUNT_MAP_SPECIAL_CHR);
f99d49ad 1858 kfree(volume_info.UNC);
1da177e4
LT		 1859 FreeXid(xid);
1860 return -ENODEV;
1861 } else {
1862 rc = CIFSTCon(xid, pSesInfo,
1863 volume_info.UNC,
1864 tcon, cifs_sb->local_nls);
1865 cFYI(1, ("CIFS Tcon rc = %d", rc));
1866 }
1867 if (!rc) {
1868 atomic_inc(&pSesInfo->inUse);
1869 tcon->retry = volume_info.retry;
d3485d37 1870 tcon->nocase = volume_info.nocase;
1da177e4
LT		 1871 }
1872 }
1873 }
1874 }
1875 if(pSesInfo) {
1876 if (pSesInfo->capabilities & CAP_LARGE_FILES) {
1877 sb->s_maxbytes = (u64) 1 << 63;
1878 } else
1879 sb->s_maxbytes = (u64) 1 << 31; /* 2 GB */
1880 }
1881
1882 sb->s_time_gran = 100;
1883
1884/* on error free sesinfo and tcon struct if needed */
1885 if (rc) {
1886 /* if session setup failed, use count is zero but
1887 we still need to free cifsd thread */
1888 if(atomic_read(&srvTcp->socketUseCount) == 0) {
1889 spin_lock(&GlobalMid_Lock);
1890 srvTcp->tcpStatus = CifsExiting;
1891 spin_unlock(&GlobalMid_Lock);
f191401f 1892 if(srvTcp->tsk) {
1da177e4 1893 send_sig(SIGKILL,srvTcp->tsk,1);
f191401f
SF		 1894 wait_for_completion(&cifsd_complete);
1895 }
1da177e4
LT		 1896 }
1897 /* If find_unc succeeded then rc == 0 so we can not end */
1898 if (tcon) /* up accidently freeing someone elses tcon struct */
1899 tconInfoFree(tcon);
1900 if (existingCifsSes == NULL) {
1901 if (pSesInfo) {
1902 if ((pSesInfo->server) &&
1903 (pSesInfo->status == CifsGood)) {
1904 int temp_rc;
1905 temp_rc = CIFSSMBLogoff(xid, pSesInfo);
1906 /* if the socketUseCount is now zero */
1907 if((temp_rc == -ESHUTDOWN) &&
f191401f 1908 (pSesInfo->server->tsk)) {
1da177e4 1909 send_sig(SIGKILL,pSesInfo->server->tsk,1);
f191401f
SF		 1910 wait_for_completion(&cifsd_complete);
1911 }
1da177e4
LT		 1912 } else
1913 cFYI(1, ("No session or bad tcon"));
1914 sesInfoFree(pSesInfo);
1915 /* pSesInfo = NULL; */
1916 }
1917 }
1918 } else {
1919 atomic_inc(&tcon->useCount);
1920 cifs_sb->tcon = tcon;
1921 tcon->ses = pSesInfo;
1922
1923 /* do not care if following two calls succeed - informational only */
737b758c
SF		 1924 CIFSSMBQFSDeviceInfo(xid, tcon);
1925 CIFSSMBQFSAttributeInfo(xid, tcon);
1da177e4 1926 if (tcon->ses->capabilities & CAP_UNIX) {
737b758c 1927 if(!CIFSSMBQFSUnixInfo(xid, tcon)) {
1da177e4
LT		 1928 if(!volume_info.no_psx_acl) {
1929 if(CIFS_UNIX_POSIX_ACL_CAP &
1930 le64_to_cpu(tcon->fsUnixInfo.Capability))
1931 cFYI(1,("server negotiated posix acl support"));
1932 sb->s_flags |= MS_POSIXACL;
1933 }
ac67055e
JA		 1934
1935 /* Try and negotiate POSIX pathnames if we can. */
1936 if (volume_info.posix_paths && (CIFS_UNIX_POSIX_PATHNAMES_CAP &
1937 le64_to_cpu(tcon->fsUnixInfo.Capability))) {
45abc6ee 1938 if (!CIFSSMBSetFSUnixInfo(xid, tcon, CIFS_UNIX_POSIX_PATHNAMES_CAP)) {
ac67055e
JA		 1939 cFYI(1,("negotiated posix pathnames support"));
1940 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_POSIX_PATHS;
1941 } else {
1942 cFYI(1,("posix pathnames support requested but not supported"));
1943 }
1944 }
1da177e4
LT		 1945 }
1946 }
3e84469d
SF		 1947 if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
1948 cifs_sb->wsize = min(cifs_sb->wsize,
1949 (tcon->ses->server->maxBuf -
1950 MAX_CIFS_HDR_SIZE));
0ae0efad
SF		 1951 if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
1952 cifs_sb->rsize = min(cifs_sb->rsize,
1953 (tcon->ses->server->maxBuf -
1954 MAX_CIFS_HDR_SIZE));
1da177e4
LT		 1955 }
1956
1957 /* volume_info.password is freed above when existing session found
1958 (in which case it is not needed anymore) but when new sesion is created
1959 the password ptr is put in the new session structure (in which case the
1960 password will be freed at unmount time) */
f99d49ad 1961 kfree(volume_info.UNC);
1da177e4
LT		 1962 FreeXid(xid);
1963 return rc;
1964}
1965
1966static int
1967CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
1968 char session_key[CIFS_SESSION_KEY_SIZE],
1969 const struct nls_table *nls_codepage)
1970{
1971 struct smb_hdr *smb_buffer;
1972 struct smb_hdr *smb_buffer_response;
1973 SESSION_SETUP_ANDX *pSMB;
1974 SESSION_SETUP_ANDX *pSMBr;
1975 char *bcc_ptr;
1976 char *user;
1977 char *domain;
1978 int rc = 0;
1979 int remaining_words = 0;
1980 int bytes_returned = 0;
1981 int len;
1982 __u32 capabilities;
1983 __u16 count;
1984
eeac8047 1985 cFYI(1, ("In sesssetup"));
1da177e4
LT		 1986 if(ses == NULL)
1987 return -EINVAL;
1988 user = ses->userName;
1989 domain = ses->domainName;
1990 smb_buffer = cifs_buf_get();
1991 if (smb_buffer == NULL) {
1992 return -ENOMEM;
1993 }
1994 smb_buffer_response = smb_buffer;
1995 pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
1996
1997 /* send SMBsessionSetup here */
1998 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
1999 NULL /* no tCon exists yet */ , 13 /* wct */ );
2000
1982c344 2001 smb_buffer->Mid = GetNextMid(ses->server);
1da177e4
LT		 2002 pSMB->req_no_secext.AndXCommand = 0xFF;
2003 pSMB->req_no_secext.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2004 pSMB->req_no_secext.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2005
2006 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2007 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2008
2009 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2010 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
2011 if (ses->capabilities & CAP_UNICODE) {
2012 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2013 capabilities |= CAP_UNICODE;
2014 }
2015 if (ses->capabilities & CAP_STATUS32) {
2016 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2017 capabilities |= CAP_STATUS32;
2018 }
2019 if (ses->capabilities & CAP_DFS) {
2020 smb_buffer->Flags2 |= SMBFLG2_DFS;
2021 capabilities |= CAP_DFS;
2022 }
2023 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
2024
2025 pSMB->req_no_secext.CaseInsensitivePasswordLength =
2026 cpu_to_le16(CIFS_SESSION_KEY_SIZE);
2027
2028 pSMB->req_no_secext.CaseSensitivePasswordLength =
2029 cpu_to_le16(CIFS_SESSION_KEY_SIZE);
2030 bcc_ptr = pByteArea(smb_buffer);
2031 memcpy(bcc_ptr, (char *) session_key, CIFS_SESSION_KEY_SIZE);
2032 bcc_ptr += CIFS_SESSION_KEY_SIZE;
2033 memcpy(bcc_ptr, (char *) session_key, CIFS_SESSION_KEY_SIZE);
2034 bcc_ptr += CIFS_SESSION_KEY_SIZE;
2035
2036 if (ses->capabilities & CAP_UNICODE) {
2037 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode */
2038 *bcc_ptr = 0;
2039 bcc_ptr++;
2040 }
2041 if(user == NULL)
2042 bytes_returned = 0; /* skill null user */
2043 else
2044 bytes_returned =
e89dc920 2045 cifs_strtoUCS((__le16 *) bcc_ptr, user, 100,
1da177e4
LT		 2046 nls_codepage);
2047 /* convert number of 16 bit words to bytes */
2048 bcc_ptr += 2 * bytes_returned;
2049 bcc_ptr += 2; /* trailing null */
2050 if (domain == NULL)
2051 bytes_returned =
e89dc920 2052 cifs_strtoUCS((__le16 *) bcc_ptr,
1da177e4
LT		 2053 "CIFS_LINUX_DOM", 32, nls_codepage);
2054 else
2055 bytes_returned =
e89dc920 2056 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
1da177e4
LT		 2057 nls_codepage);
2058 bcc_ptr += 2 * bytes_returned;
2059 bcc_ptr += 2;
2060 bytes_returned =
e89dc920 2061 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
1da177e4
LT		 2062 32, nls_codepage);
2063 bcc_ptr += 2 * bytes_returned;
2064 bytes_returned =
e89dc920 2065 cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release,
1da177e4
LT		 2066 32, nls_codepage);
2067 bcc_ptr += 2 * bytes_returned;
2068 bcc_ptr += 2;
2069 bytes_returned =
e89dc920 2070 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
1da177e4
LT		 2071 64, nls_codepage);
2072 bcc_ptr += 2 * bytes_returned;
2073 bcc_ptr += 2;
2074 } else {
2075 if(user != NULL) {
2076 strncpy(bcc_ptr, user, 200);
2077 bcc_ptr += strnlen(user, 200);
2078 }
2079 *bcc_ptr = 0;
2080 bcc_ptr++;
2081 if (domain == NULL) {
2082 strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2083 bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2084 } else {
2085 strncpy(bcc_ptr, domain, 64);
2086 bcc_ptr += strnlen(domain, 64);
2087 *bcc_ptr = 0;
2088 bcc_ptr++;
2089 }
2090 strcpy(bcc_ptr, "Linux version ");
2091 bcc_ptr += strlen("Linux version ");
2092 strcpy(bcc_ptr, system_utsname.release);
2093 bcc_ptr += strlen(system_utsname.release) + 1;
2094 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2095 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2096 }
2097 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2098 smb_buffer->smb_buf_length += count;
2099 pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
2100
2101 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2102 &bytes_returned, 1);
2103 if (rc) {
2104/* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2105 } else if ((smb_buffer_response->WordCount == 3)
2106 || (smb_buffer_response->WordCount == 4)) {
2107 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2108 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2109 if (action & GUEST_LOGIN)
2110 cFYI(1, (" Guest login")); /* do we want to mark SesInfo struct ? */
2111 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format (le) */
2112 cFYI(1, ("UID = %d ", ses->Suid));
2113 /* response can have either 3 or 4 word count - Samba sends 3 */
2114 bcc_ptr = pByteArea(smb_buffer_response);
2115 if ((pSMBr->resp.hdr.WordCount == 3)
2116 || ((pSMBr->resp.hdr.WordCount == 4)
2117 && (blob_len < pSMBr->resp.ByteCount))) {
2118 if (pSMBr->resp.hdr.WordCount == 4)
2119 bcc_ptr += blob_len;
2120
2121 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2122 if ((long) (bcc_ptr) % 2) {
2123 remaining_words =
2124 (BCC(smb_buffer_response) - 1) /2;
2125 bcc_ptr++; /* Unicode strings must be word aligned */
2126 } else {
2127 remaining_words =
2128 BCC(smb_buffer_response) / 2;
2129 }
2130 len =
2131 UniStrnlen((wchar_t *) bcc_ptr,
2132 remaining_words - 1);
2133/* We look for obvious messed up bcc or strings in response so we do not go off
2134 the end since (at least) WIN2K and Windows XP have a major bug in not null
2135 terminating last Unicode string in response */
e915fc49 2136 ses->serverOS = kzalloc(2 * (len + 1), GFP_KERNEL);
433dc24f
SF		 2137 if(ses->serverOS == NULL)
2138 goto sesssetup_nomem;
1da177e4 2139 cifs_strfromUCS_le(ses->serverOS,
e89dc920 2140 (__le16 *)bcc_ptr, len,nls_codepage);
1da177e4
LT		 2141 bcc_ptr += 2 * (len + 1);
2142 remaining_words -= len + 1;
2143 ses->serverOS[2 * len] = 0;
2144 ses->serverOS[1 + (2 * len)] = 0;
2145 if (remaining_words > 0) {
2146 len = UniStrnlen((wchar_t *)bcc_ptr,
2147 remaining_words-1);
e915fc49 2148 ses->serverNOS = kzalloc(2 * (len + 1),GFP_KERNEL);
433dc24f
SF		 2149 if(ses->serverNOS == NULL)
2150 goto sesssetup_nomem;
1da177e4 2151 cifs_strfromUCS_le(ses->serverNOS,
e89dc920 2152 (__le16 *)bcc_ptr,len,nls_codepage);
1da177e4
LT		 2153 bcc_ptr += 2 * (len + 1);
2154 ses->serverNOS[2 * len] = 0;
2155 ses->serverNOS[1 + (2 * len)] = 0;
2156 if(strncmp(ses->serverNOS,
2157 "NT LAN Manager 4",16) == 0) {
2158 cFYI(1,("NT4 server"));
2159 ses->flags |= CIFS_SES_NT4;
2160 }
2161 remaining_words -= len + 1;
2162 if (remaining_words > 0) {
433dc24f 2163 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
1da177e4
LT		 2164 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2165 ses->serverDomain =
e915fc49 2166 kzalloc(2*(len+1),GFP_KERNEL);
433dc24f
SF		 2167 if(ses->serverDomain == NULL)
2168 goto sesssetup_nomem;
1da177e4 2169 cifs_strfromUCS_le(ses->serverDomain,
e89dc920 2170 (__le16 *)bcc_ptr,len,nls_codepage);
1da177e4
LT		 2171 bcc_ptr += 2 * (len + 1);
2172 ses->serverDomain[2*len] = 0;
2173 ses->serverDomain[1+(2*len)] = 0;
2174 } /* else no more room so create dummy domain string */
2175 else
433dc24f 2176 ses->serverDomain =
e915fc49 2177 kzalloc(2, GFP_KERNEL);
1da177e4 2178 } else { /* no room so create dummy domain and NOS string */
433dc24f
SF		 2179 /* if these kcallocs fail not much we
2180 can do, but better to not fail the
2181 sesssetup itself */
1da177e4 2182 ses->serverDomain =
e915fc49 2183 kzalloc(2, GFP_KERNEL);
1da177e4 2184 ses->serverNOS =
e915fc49 2185 kzalloc(2, GFP_KERNEL);
1da177e4
LT		 2186 }
2187 } else { /* ASCII */
2188 len = strnlen(bcc_ptr, 1024);
2189 if (((long) bcc_ptr + len) - (long)
2190 pByteArea(smb_buffer_response)
2191 <= BCC(smb_buffer_response)) {
e915fc49 2192 ses->serverOS = kzalloc(len + 1,GFP_KERNEL);
433dc24f
SF		 2193 if(ses->serverOS == NULL)
2194 goto sesssetup_nomem;
1da177e4
LT		 2195 strncpy(ses->serverOS,bcc_ptr, len);
2196
2197 bcc_ptr += len;
2198 bcc_ptr[0] = 0; /* null terminate the string */
2199 bcc_ptr++;
2200
2201 len = strnlen(bcc_ptr, 1024);
e915fc49 2202 ses->serverNOS = kzalloc(len + 1,GFP_KERNEL);
433dc24f
SF		 2203 if(ses->serverNOS == NULL)
2204 goto sesssetup_nomem;
1da177e4
LT		 2205 strncpy(ses->serverNOS, bcc_ptr, len);
2206 bcc_ptr += len;
2207 bcc_ptr[0] = 0;
2208 bcc_ptr++;
2209
2210 len = strnlen(bcc_ptr, 1024);
e915fc49 2211 ses->serverDomain = kzalloc(len + 1,GFP_KERNEL);
433dc24f
SF		 2212 if(ses->serverDomain == NULL)
2213 goto sesssetup_nomem;
1da177e4
LT		 2214 strncpy(ses->serverDomain, bcc_ptr, len);
2215 bcc_ptr += len;
2216 bcc_ptr[0] = 0;
2217 bcc_ptr++;
2218 } else
2219 cFYI(1,
2220 ("Variable field of length %d extends beyond end of smb ",
2221 len));
2222 }
2223 } else {
2224 cERROR(1,
2225 (" Security Blob Length extends beyond end of SMB"));
2226 }
2227 } else {
2228 cERROR(1,
2229 (" Invalid Word count %d: ",
2230 smb_buffer_response->WordCount));
2231 rc = -EIO;
2232 }
433dc24f
SF		 2233sesssetup_nomem: /* do not return an error on nomem for the info strings,
2234 since that could make reconnection harder, and
2235 reconnection might be needed to free memory */
1da177e4
LT		 2236 if (smb_buffer)
2237 cifs_buf_release(smb_buffer);
2238
2239 return rc;
2240}
2241
2242static int
2243CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2244 char *SecurityBlob,int SecurityBlobLength,
2245 const struct nls_table *nls_codepage)
2246{
2247 struct smb_hdr *smb_buffer;
2248 struct smb_hdr *smb_buffer_response;
2249 SESSION_SETUP_ANDX *pSMB;
2250 SESSION_SETUP_ANDX *pSMBr;
2251 char *bcc_ptr;
2252 char *user;
2253 char *domain;
2254 int rc = 0;
2255 int remaining_words = 0;
2256 int bytes_returned = 0;
2257 int len;
2258 __u32 capabilities;
2259 __u16 count;
2260
2261 cFYI(1, ("In spnego sesssetup "));
2262 if(ses == NULL)
2263 return -EINVAL;
2264 user = ses->userName;
2265 domain = ses->domainName;
2266
2267 smb_buffer = cifs_buf_get();
2268 if (smb_buffer == NULL) {
2269 return -ENOMEM;
2270 }
2271 smb_buffer_response = smb_buffer;
2272 pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2273
2274 /* send SMBsessionSetup here */
2275 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2276 NULL /* no tCon exists yet */ , 12 /* wct */ );
1982c344
SF		 2277
2278 smb_buffer->Mid = GetNextMid(ses->server);
1da177e4
LT		 2279 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2280 pSMB->req.AndXCommand = 0xFF;
2281 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2282 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2283
2284 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2285 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2286
2287 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2288 CAP_EXTENDED_SECURITY;
2289 if (ses->capabilities & CAP_UNICODE) {
2290 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2291 capabilities |= CAP_UNICODE;
2292 }
2293 if (ses->capabilities & CAP_STATUS32) {
2294 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2295 capabilities |= CAP_STATUS32;
2296 }
2297 if (ses->capabilities & CAP_DFS) {
2298 smb_buffer->Flags2 |= SMBFLG2_DFS;
2299 capabilities |= CAP_DFS;
2300 }
2301 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2302
2303 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2304 bcc_ptr = pByteArea(smb_buffer);
2305 memcpy(bcc_ptr, SecurityBlob, SecurityBlobLength);
2306 bcc_ptr += SecurityBlobLength;
2307
2308 if (ses->capabilities & CAP_UNICODE) {
2309 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode strings */
2310 *bcc_ptr = 0;
2311 bcc_ptr++;
2312 }
2313 bytes_returned =
e89dc920 2314 cifs_strtoUCS((__le16 *) bcc_ptr, user, 100, nls_codepage);
1da177e4
LT		 2315 bcc_ptr += 2 * bytes_returned; /* convert num of 16 bit words to bytes */
2316 bcc_ptr += 2; /* trailing null */
2317 if (domain == NULL)
2318 bytes_returned =
e89dc920 2319 cifs_strtoUCS((__le16 *) bcc_ptr,
1da177e4
LT		 2320 "CIFS_LINUX_DOM", 32, nls_codepage);
2321 else
2322 bytes_returned =
e89dc920 2323 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
1da177e4
LT		 2324 nls_codepage);
2325 bcc_ptr += 2 * bytes_returned;
2326 bcc_ptr += 2;
2327 bytes_returned =
e89dc920 2328 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
1da177e4
LT		 2329 32, nls_codepage);
2330 bcc_ptr += 2 * bytes_returned;
2331 bytes_returned =
e89dc920 2332 cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release, 32,
1da177e4
LT		 2333 nls_codepage);
2334 bcc_ptr += 2 * bytes_returned;
2335 bcc_ptr += 2;
2336 bytes_returned =
e89dc920 2337 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
1da177e4
LT		 2338 64, nls_codepage);
2339 bcc_ptr += 2 * bytes_returned;
2340 bcc_ptr += 2;
2341 } else {
2342 strncpy(bcc_ptr, user, 200);
2343 bcc_ptr += strnlen(user, 200);
2344 *bcc_ptr = 0;
2345 bcc_ptr++;
2346 if (domain == NULL) {
2347 strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2348 bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2349 } else {
2350 strncpy(bcc_ptr, domain, 64);
2351 bcc_ptr += strnlen(domain, 64);
2352 *bcc_ptr = 0;
2353 bcc_ptr++;
2354 }
2355 strcpy(bcc_ptr, "Linux version ");
2356 bcc_ptr += strlen("Linux version ");
2357 strcpy(bcc_ptr, system_utsname.release);
2358 bcc_ptr += strlen(system_utsname.release) + 1;
2359 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2360 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2361 }
2362 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2363 smb_buffer->smb_buf_length += count;
2364 pSMB->req.ByteCount = cpu_to_le16(count);
2365
2366 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2367 &bytes_returned, 1);
2368 if (rc) {
2369/* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2370 } else if ((smb_buffer_response->WordCount == 3)
2371 || (smb_buffer_response->WordCount == 4)) {
2372 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2373 __u16 blob_len =
2374 le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2375 if (action & GUEST_LOGIN)
2376 cFYI(1, (" Guest login")); /* BB do we want to set anything in SesInfo struct ? */
2377 if (ses) {
2378 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format (le) */
2379 cFYI(1, ("UID = %d ", ses->Suid));
2380 bcc_ptr = pByteArea(smb_buffer_response); /* response can have either 3 or 4 word count - Samba sends 3 */
2381
2382 /* BB Fix below to make endian neutral !! */
2383
2384 if ((pSMBr->resp.hdr.WordCount == 3)
2385 || ((pSMBr->resp.hdr.WordCount == 4)
2386 && (blob_len <
2387 pSMBr->resp.ByteCount))) {
2388 if (pSMBr->resp.hdr.WordCount == 4) {
2389 bcc_ptr +=
2390 blob_len;
2391 cFYI(1,
2392 ("Security Blob Length %d ",
2393 blob_len));
2394 }
2395
2396 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2397 if ((long) (bcc_ptr) % 2) {
2398 remaining_words =
2399 (BCC(smb_buffer_response)
2400 - 1) / 2;
2401 bcc_ptr++; /* Unicode strings must be word aligned */
2402 } else {
2403 remaining_words =
2404 BCC
2405 (smb_buffer_response) / 2;
2406 }
2407 len =
2408 UniStrnlen((wchar_t *) bcc_ptr,
2409 remaining_words - 1);
2410/* We look for obvious messed up bcc or strings in response so we do not go off
2411 the end since (at least) WIN2K and Windows XP have a major bug in not null
2412 terminating last Unicode string in response */
2413 ses->serverOS =
e915fc49 2414 kzalloc(2 * (len + 1), GFP_KERNEL);
1da177e4 2415 cifs_strfromUCS_le(ses->serverOS,
e89dc920 2416 (__le16 *)
1da177e4
LT		 2417 bcc_ptr, len,
2418 nls_codepage);
2419 bcc_ptr += 2 * (len + 1);
2420 remaining_words -= len + 1;
2421 ses->serverOS[2 * len] = 0;
2422 ses->serverOS[1 + (2 * len)] = 0;
2423 if (remaining_words > 0) {
2424 len = UniStrnlen((wchar_t *)bcc_ptr,
2425 remaining_words
2426 - 1);
2427 ses->serverNOS =
e915fc49 2428 kzalloc(2 * (len + 1),
1da177e4
LT		 2429 GFP_KERNEL);
2430 cifs_strfromUCS_le(ses->serverNOS,
e89dc920 2431 (__le16 *)bcc_ptr,
1da177e4
LT		 2432 len,
2433 nls_codepage);
2434 bcc_ptr += 2 * (len + 1);
2435 ses->serverNOS[2 * len] = 0;
2436 ses->serverNOS[1 + (2 * len)] = 0;
2437 remaining_words -= len + 1;
2438 if (remaining_words > 0) {
2439 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2440 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
e915fc49 2441 ses->serverDomain = kzalloc(2*(len+1),GFP_KERNEL);
1da177e4 2442 cifs_strfromUCS_le(ses->serverDomain,
e89dc920
SF		 2443 (__le16 *)bcc_ptr,
2444 len, nls_codepage);
1da177e4
LT		 2445 bcc_ptr += 2*(len+1);
2446 ses->serverDomain[2*len] = 0;
2447 ses->serverDomain[1+(2*len)] = 0;
2448 } /* else no more room so create dummy domain string */
2449 else
2450 ses->serverDomain =
e915fc49 2451 kzalloc(2,GFP_KERNEL);
1da177e4 2452 } else { /* no room so create dummy domain and NOS string */
e915fc49
PE		 2453 ses->serverDomain = kzalloc(2, GFP_KERNEL);
2454 ses->serverNOS = kzalloc(2, GFP_KERNEL);
1da177e4
LT		 2455 }
2456 } else { /* ASCII */
2457
2458 len = strnlen(bcc_ptr, 1024);
2459 if (((long) bcc_ptr + len) - (long)
2460 pByteArea(smb_buffer_response)
2461 <= BCC(smb_buffer_response)) {
e915fc49 2462 ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
1da177e4
LT		 2463 strncpy(ses->serverOS, bcc_ptr, len);
2464
2465 bcc_ptr += len;
2466 bcc_ptr[0] = 0; /* null terminate the string */
2467 bcc_ptr++;
2468
2469 len = strnlen(bcc_ptr, 1024);
e915fc49 2470 ses->serverNOS = kzalloc(len + 1,GFP_KERNEL);
1da177e4
LT		 2471 strncpy(ses->serverNOS, bcc_ptr, len);
2472 bcc_ptr += len;
2473 bcc_ptr[0] = 0;
2474 bcc_ptr++;
2475
2476 len = strnlen(bcc_ptr, 1024);
e915fc49 2477 ses->serverDomain = kzalloc(len + 1, GFP_KERNEL);
1da177e4
LT		 2478 strncpy(ses->serverDomain, bcc_ptr, len);
2479 bcc_ptr += len;
2480 bcc_ptr[0] = 0;
2481 bcc_ptr++;
2482 } else
2483 cFYI(1,
2484 ("Variable field of length %d extends beyond end of smb ",
2485 len));
2486 }
2487 } else {
2488 cERROR(1,
2489 (" Security Blob Length extends beyond end of SMB"));
2490 }
2491 } else {
2492 cERROR(1, ("No session structure passed in."));
2493 }
2494 } else {
2495 cERROR(1,
2496 (" Invalid Word count %d: ",
2497 smb_buffer_response->WordCount));
2498 rc = -EIO;
2499 }
2500
2501 if (smb_buffer)
2502 cifs_buf_release(smb_buffer);
2503
2504 return rc;
2505}
2506
2507static int
2508CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2509 struct cifsSesInfo *ses, int * pNTLMv2_flag,
2510 const struct nls_table *nls_codepage)
2511{
2512 struct smb_hdr *smb_buffer;
2513 struct smb_hdr *smb_buffer_response;
2514 SESSION_SETUP_ANDX *pSMB;
2515 SESSION_SETUP_ANDX *pSMBr;
2516 char *bcc_ptr;
2517 char *domain;
2518 int rc = 0;
2519 int remaining_words = 0;
2520 int bytes_returned = 0;
2521 int len;
2522 int SecurityBlobLength = sizeof (NEGOTIATE_MESSAGE);
2523 PNEGOTIATE_MESSAGE SecurityBlob;
2524 PCHALLENGE_MESSAGE SecurityBlob2;
2525 __u32 negotiate_flags, capabilities;
2526 __u16 count;
2527
12b3b8ff 2528 cFYI(1, ("In NTLMSSP sesssetup (negotiate)"));
1da177e4
LT		 2529 if(ses == NULL)
2530 return -EINVAL;
2531 domain = ses->domainName;
2532 *pNTLMv2_flag = FALSE;
2533 smb_buffer = cifs_buf_get();
2534 if (smb_buffer == NULL) {
2535 return -ENOMEM;
2536 }
2537 smb_buffer_response = smb_buffer;
2538 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2539 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2540
2541 /* send SMBsessionSetup here */
2542 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2543 NULL /* no tCon exists yet */ , 12 /* wct */ );
1982c344
SF		 2544
2545 smb_buffer->Mid = GetNextMid(ses->server);
1da177e4
LT		 2546 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2547 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2548
2549 pSMB->req.AndXCommand = 0xFF;
2550 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2551 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2552
2553 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2554 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2555
2556 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2557 CAP_EXTENDED_SECURITY;
2558 if (ses->capabilities & CAP_UNICODE) {
2559 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2560 capabilities |= CAP_UNICODE;
2561 }
2562 if (ses->capabilities & CAP_STATUS32) {
2563 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2564 capabilities |= CAP_STATUS32;
2565 }
2566 if (ses->capabilities & CAP_DFS) {
2567 smb_buffer->Flags2 |= SMBFLG2_DFS;
2568 capabilities |= CAP_DFS;
2569 }
2570 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2571
2572 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2573 SecurityBlob = (PNEGOTIATE_MESSAGE) bcc_ptr;
2574 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2575 SecurityBlob->MessageType = NtLmNegotiate;
2576 negotiate_flags =
2577 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
12b3b8ff
SF		 2578 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM |
2579 NTLMSSP_NEGOTIATE_56 |
1da177e4
LT		 2580 /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
2581 if(sign_CIFS_PDUs)
2582 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
2583 if(ntlmv2_support)
2584 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
2585 /* setup pointers to domain name and workstation name */
2586 bcc_ptr += SecurityBlobLength;
2587
2588 SecurityBlob->WorkstationName.Buffer = 0;
2589 SecurityBlob->WorkstationName.Length = 0;
2590 SecurityBlob->WorkstationName.MaximumLength = 0;
2591
12b3b8ff
SF		 2592 /* Domain not sent on first Sesssetup in NTLMSSP, instead it is sent
2593 along with username on auth request (ie the response to challenge) */
2594 SecurityBlob->DomainName.Buffer = 0;
2595 SecurityBlob->DomainName.Length = 0;
2596 SecurityBlob->DomainName.MaximumLength = 0;
1da177e4
LT		 2597 if (ses->capabilities & CAP_UNICODE) {
2598 if ((long) bcc_ptr % 2) {
2599 *bcc_ptr = 0;
2600 bcc_ptr++;
2601 }
2602
2603 bytes_returned =
e89dc920 2604 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
1da177e4
LT		 2605 32, nls_codepage);
2606 bcc_ptr += 2 * bytes_returned;
2607 bytes_returned =
e89dc920 2608 cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release, 32,
1da177e4
LT		 2609 nls_codepage);
2610 bcc_ptr += 2 * bytes_returned;
2611 bcc_ptr += 2; /* null terminate Linux version */
2612 bytes_returned =
e89dc920 2613 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
1da177e4
LT		 2614 64, nls_codepage);
2615 bcc_ptr += 2 * bytes_returned;
2616 *(bcc_ptr + 1) = 0;
2617 *(bcc_ptr + 2) = 0;
2618 bcc_ptr += 2; /* null terminate network opsys string */
2619 *(bcc_ptr + 1) = 0;
2620 *(bcc_ptr + 2) = 0;
2621 bcc_ptr += 2; /* null domain */
2622 } else { /* ASCII */
2623 strcpy(bcc_ptr, "Linux version ");
2624 bcc_ptr += strlen("Linux version ");
2625 strcpy(bcc_ptr, system_utsname.release);
2626 bcc_ptr += strlen(system_utsname.release) + 1;
2627 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2628 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2629 bcc_ptr++; /* empty domain field */
2630 *bcc_ptr = 0;
2631 }
2632 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2633 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2634 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2635 smb_buffer->smb_buf_length += count;
2636 pSMB->req.ByteCount = cpu_to_le16(count);
2637
2638 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2639 &bytes_returned, 1);
2640
2641 if (smb_buffer_response->Status.CifsError ==
2642 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
2643 rc = 0;
2644
2645 if (rc) {
2646/* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2647 } else if ((smb_buffer_response->WordCount == 3)
2648 || (smb_buffer_response->WordCount == 4)) {
2649 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2650 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2651
2652 if (action & GUEST_LOGIN)
2653 cFYI(1, (" Guest login"));
2654 /* Do we want to set anything in SesInfo struct when guest login? */
2655
2656 bcc_ptr = pByteArea(smb_buffer_response);
2657 /* response can have either 3 or 4 word count - Samba sends 3 */
2658
2659 SecurityBlob2 = (PCHALLENGE_MESSAGE) bcc_ptr;
2660 if (SecurityBlob2->MessageType != NtLmChallenge) {
2661 cFYI(1,
2662 ("Unexpected NTLMSSP message type received %d",
2663 SecurityBlob2->MessageType));
2664 } else if (ses) {
2665 ses->Suid = smb_buffer_response->Uid; /* UID left in le format */
12b3b8ff 2666 cFYI(1, ("UID = %d", ses->Suid));
1da177e4
LT		 2667 if ((pSMBr->resp.hdr.WordCount == 3)
2668 || ((pSMBr->resp.hdr.WordCount == 4)
2669 && (blob_len <
2670 pSMBr->resp.ByteCount))) {
2671
2672 if (pSMBr->resp.hdr.WordCount == 4) {
2673 bcc_ptr += blob_len;
12b3b8ff 2674 cFYI(1, ("Security Blob Length %d",
1da177e4
LT		 2675 blob_len));
2676 }
2677
12b3b8ff 2678 cFYI(1, ("NTLMSSP Challenge rcvd"));
1da177e4
LT		 2679
2680 memcpy(ses->server->cryptKey,
2681 SecurityBlob2->Challenge,
2682 CIFS_CRYPTO_KEY_SIZE);
12b3b8ff
SF		 2683 if(SecurityBlob2->NegotiateFlags &
2684 cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
1da177e4
LT		 2685 *pNTLMv2_flag = TRUE;
2686
2687 if((SecurityBlob2->NegotiateFlags &
2688 cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN))
2689 || (sign_CIFS_PDUs > 1))
2690 ses->server->secMode |=
2691 SECMODE_SIGN_REQUIRED;
2692 if ((SecurityBlob2->NegotiateFlags &
2693 cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN)) && (sign_CIFS_PDUs))
2694 ses->server->secMode |=
2695 SECMODE_SIGN_ENABLED;
2696
2697 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2698 if ((long) (bcc_ptr) % 2) {
2699 remaining_words =
2700 (BCC(smb_buffer_response)
2701 - 1) / 2;
2702 bcc_ptr++; /* Unicode strings must be word aligned */
2703 } else {
2704 remaining_words =
2705 BCC
2706 (smb_buffer_response) / 2;
2707 }
2708 len =
2709 UniStrnlen((wchar_t *) bcc_ptr,
2710 remaining_words - 1);
2711/* We look for obvious messed up bcc or strings in response so we do not go off
2712 the end since (at least) WIN2K and Windows XP have a major bug in not null
2713 terminating last Unicode string in response */
2714 ses->serverOS =
e915fc49 2715 kzalloc(2 * (len + 1), GFP_KERNEL);
1da177e4 2716 cifs_strfromUCS_le(ses->serverOS,
e89dc920 2717 (__le16 *)
1da177e4
LT		 2718 bcc_ptr, len,
2719 nls_codepage);
2720 bcc_ptr += 2 * (len + 1);
2721 remaining_words -= len + 1;
2722 ses->serverOS[2 * len] = 0;
2723 ses->serverOS[1 + (2 * len)] = 0;
2724 if (remaining_words > 0) {
2725 len = UniStrnlen((wchar_t *)
2726 bcc_ptr,
2727 remaining_words
2728 - 1);
2729 ses->serverNOS =
e915fc49 2730 kzalloc(2 * (len + 1),
1da177e4
LT		 2731 GFP_KERNEL);
2732 cifs_strfromUCS_le(ses->
2733 serverNOS,
e89dc920 2734 (__le16 *)
1da177e4
LT		 2735 bcc_ptr,
2736 len,
2737 nls_codepage);
2738 bcc_ptr += 2 * (len + 1);
2739 ses->serverNOS[2 * len] = 0;
2740 ses->serverNOS[1 +
2741 (2 * len)] = 0;
2742 remaining_words -= len + 1;
2743 if (remaining_words > 0) {
2744 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2745 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2746 ses->serverDomain =
e915fc49 2747 kzalloc(2 *
1da177e4
LT		 2748 (len +
2749 1),
2750 GFP_KERNEL);
2751 cifs_strfromUCS_le
e89dc920
SF		 2752 (ses->serverDomain,
2753 (__le16 *)bcc_ptr,
2754 len, nls_codepage);
1da177e4
LT		 2755 bcc_ptr +=
2756 2 * (len + 1);
e89dc920 2757 ses->serverDomain[2*len]
1da177e4 2758 = 0;
e89dc920
SF		 2759 ses->serverDomain
2760 [1 + (2 * len)]
1da177e4
LT		 2761 = 0;
2762 } /* else no more room so create dummy domain string */
2763 else
2764 ses->serverDomain =
e915fc49 2765 kzalloc(2,
1da177e4
LT		 2766 GFP_KERNEL);
2767 } else { /* no room so create dummy domain and NOS string */
2768 ses->serverDomain =
e915fc49 2769 kzalloc(2, GFP_KERNEL);
1da177e4 2770 ses->serverNOS =
e915fc49 2771 kzalloc(2, GFP_KERNEL);
1da177e4
LT		 2772 }
2773 } else { /* ASCII */
2774 len = strnlen(bcc_ptr, 1024);
2775 if (((long) bcc_ptr + len) - (long)
2776 pByteArea(smb_buffer_response)
2777 <= BCC(smb_buffer_response)) {
2778 ses->serverOS =
e915fc49 2779 kzalloc(len + 1,
1da177e4
LT		 2780 GFP_KERNEL);
2781 strncpy(ses->serverOS,
2782 bcc_ptr, len);
2783
2784 bcc_ptr += len;
2785 bcc_ptr[0] = 0; /* null terminate string */
2786 bcc_ptr++;
2787
2788 len = strnlen(bcc_ptr, 1024);
2789 ses->serverNOS =
e915fc49 2790 kzalloc(len + 1,
1da177e4
LT		 2791 GFP_KERNEL);
2792 strncpy(ses->serverNOS, bcc_ptr, len);
2793 bcc_ptr += len;
2794 bcc_ptr[0] = 0;
2795 bcc_ptr++;
2796
2797 len = strnlen(bcc_ptr, 1024);
2798 ses->serverDomain =
e915fc49 2799 kzalloc(len + 1,
1da177e4
LT		 2800 GFP_KERNEL);
2801 strncpy(ses->serverDomain, bcc_ptr, len);
2802 bcc_ptr += len;
2803 bcc_ptr[0] = 0;
2804 bcc_ptr++;
2805 } else
2806 cFYI(1,
12b3b8ff 2807 ("Variable field of length %d extends beyond end of smb",
1da177e4
LT		 2808 len));
2809 }
2810 } else {
2811 cERROR(1,
2812 (" Security Blob Length extends beyond end of SMB"));
2813 }
2814 } else {
2815 cERROR(1, ("No session structure passed in."));
2816 }
2817 } else {
2818 cERROR(1,
5815449d 2819 (" Invalid Word count %d:",
1da177e4
LT		 2820 smb_buffer_response->WordCount));
2821 rc = -EIO;
2822 }
2823
2824 if (smb_buffer)
2825 cifs_buf_release(smb_buffer);
2826
2827 return rc;
2828}
2829static int
2830CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2831 char *ntlm_session_key, int ntlmv2_flag,
2832 const struct nls_table *nls_codepage)
2833{
2834 struct smb_hdr *smb_buffer;
2835 struct smb_hdr *smb_buffer_response;
2836 SESSION_SETUP_ANDX *pSMB;
2837 SESSION_SETUP_ANDX *pSMBr;
2838 char *bcc_ptr;
2839 char *user;
2840 char *domain;
2841 int rc = 0;
2842 int remaining_words = 0;
2843 int bytes_returned = 0;
2844 int len;
2845 int SecurityBlobLength = sizeof (AUTHENTICATE_MESSAGE);
2846 PAUTHENTICATE_MESSAGE SecurityBlob;
2847 __u32 negotiate_flags, capabilities;
2848 __u16 count;
2849
2850 cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
2851 if(ses == NULL)
2852 return -EINVAL;
2853 user = ses->userName;
2854 domain = ses->domainName;
2855 smb_buffer = cifs_buf_get();
2856 if (smb_buffer == NULL) {
2857 return -ENOMEM;
2858 }
2859 smb_buffer_response = smb_buffer;
2860 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2861 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2862
2863 /* send SMBsessionSetup here */
2864 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2865 NULL /* no tCon exists yet */ , 12 /* wct */ );
1982c344
SF		 2866
2867 smb_buffer->Mid = GetNextMid(ses->server);
1da177e4
LT		 2868 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2869 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2870 pSMB->req.AndXCommand = 0xFF;
2871 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2872 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2873
2874 pSMB->req.hdr.Uid = ses->Suid;
2875
2876 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2877 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2878
2879 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2880 CAP_EXTENDED_SECURITY;
2881 if (ses->capabilities & CAP_UNICODE) {
2882 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2883 capabilities |= CAP_UNICODE;
2884 }
2885 if (ses->capabilities & CAP_STATUS32) {
2886 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2887 capabilities |= CAP_STATUS32;
2888 }
2889 if (ses->capabilities & CAP_DFS) {
2890 smb_buffer->Flags2 |= SMBFLG2_DFS;
2891 capabilities |= CAP_DFS;
2892 }
2893 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2894
2895 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2896 SecurityBlob = (PAUTHENTICATE_MESSAGE) bcc_ptr;
2897 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2898 SecurityBlob->MessageType = NtLmAuthenticate;
2899 bcc_ptr += SecurityBlobLength;
2900 negotiate_flags =
2901 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
2902 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
2903 0x80000000 | NTLMSSP_NEGOTIATE_128;
2904 if(sign_CIFS_PDUs)
2905 negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
2906 if(ntlmv2_flag)
2907 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
2908
2909/* setup pointers to domain name and workstation name */
2910
2911 SecurityBlob->WorkstationName.Buffer = 0;
2912 SecurityBlob->WorkstationName.Length = 0;
2913 SecurityBlob->WorkstationName.MaximumLength = 0;
2914 SecurityBlob->SessionKey.Length = 0;
2915 SecurityBlob->SessionKey.MaximumLength = 0;
2916 SecurityBlob->SessionKey.Buffer = 0;
2917
2918 SecurityBlob->LmChallengeResponse.Length = 0;
2919 SecurityBlob->LmChallengeResponse.MaximumLength = 0;
2920 SecurityBlob->LmChallengeResponse.Buffer = 0;
2921
2922 SecurityBlob->NtChallengeResponse.Length =
2923 cpu_to_le16(CIFS_SESSION_KEY_SIZE);
2924 SecurityBlob->NtChallengeResponse.MaximumLength =
2925 cpu_to_le16(CIFS_SESSION_KEY_SIZE);
2926 memcpy(bcc_ptr, ntlm_session_key, CIFS_SESSION_KEY_SIZE);
2927 SecurityBlob->NtChallengeResponse.Buffer =
2928 cpu_to_le32(SecurityBlobLength);
2929 SecurityBlobLength += CIFS_SESSION_KEY_SIZE;
2930 bcc_ptr += CIFS_SESSION_KEY_SIZE;
2931
2932 if (ses->capabilities & CAP_UNICODE) {
2933 if (domain == NULL) {
2934 SecurityBlob->DomainName.Buffer = 0;
2935 SecurityBlob->DomainName.Length = 0;
2936 SecurityBlob->DomainName.MaximumLength = 0;
2937 } else {
2938 __u16 len =
e89dc920 2939 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
1da177e4
LT		 2940 nls_codepage);
2941 len *= 2;
2942 SecurityBlob->DomainName.MaximumLength =
2943 cpu_to_le16(len);
2944 SecurityBlob->DomainName.Buffer =
2945 cpu_to_le32(SecurityBlobLength);
2946 bcc_ptr += len;
2947 SecurityBlobLength += len;
2948 SecurityBlob->DomainName.Length =
2949 cpu_to_le16(len);
2950 }
2951 if (user == NULL) {
2952 SecurityBlob->UserName.Buffer = 0;
2953 SecurityBlob->UserName.Length = 0;
2954 SecurityBlob->UserName.MaximumLength = 0;
2955 } else {
2956 __u16 len =
e89dc920 2957 cifs_strtoUCS((__le16 *) bcc_ptr, user, 64,
1da177e4
LT		 2958 nls_codepage);
2959 len *= 2;
2960 SecurityBlob->UserName.MaximumLength =
2961 cpu_to_le16(len);
2962 SecurityBlob->UserName.Buffer =
2963 cpu_to_le32(SecurityBlobLength);
2964 bcc_ptr += len;
2965 SecurityBlobLength += len;
2966 SecurityBlob->UserName.Length =
2967 cpu_to_le16(len);
2968 }
2969
e89dc920 2970 /* SecurityBlob->WorkstationName.Length = cifs_strtoUCS((__le16 *) bcc_ptr, "AMACHINE",64, nls_codepage);
1da177e4
LT		 2971 SecurityBlob->WorkstationName.Length *= 2;
2972 SecurityBlob->WorkstationName.MaximumLength = cpu_to_le16(SecurityBlob->WorkstationName.Length);
2973 SecurityBlob->WorkstationName.Buffer = cpu_to_le32(SecurityBlobLength);
2974 bcc_ptr += SecurityBlob->WorkstationName.Length;
2975 SecurityBlobLength += SecurityBlob->WorkstationName.Length;
2976 SecurityBlob->WorkstationName.Length = cpu_to_le16(SecurityBlob->WorkstationName.Length); */
2977
2978 if ((long) bcc_ptr % 2) {
2979 *bcc_ptr = 0;
2980 bcc_ptr++;
2981 }
2982 bytes_returned =
e89dc920 2983 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
1da177e4
LT		 2984 32, nls_codepage);
2985 bcc_ptr += 2 * bytes_returned;
2986 bytes_returned =
e89dc920 2987 cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release, 32,
1da177e4
LT		 2988 nls_codepage);
2989 bcc_ptr += 2 * bytes_returned;
2990 bcc_ptr += 2; /* null term version string */
2991 bytes_returned =
e89dc920 2992 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
1da177e4
LT		 2993 64, nls_codepage);
2994 bcc_ptr += 2 * bytes_returned;
2995 *(bcc_ptr + 1) = 0;
2996 *(bcc_ptr + 2) = 0;
2997 bcc_ptr += 2; /* null terminate network opsys string */
2998 *(bcc_ptr + 1) = 0;
2999 *(bcc_ptr + 2) = 0;
3000 bcc_ptr += 2; /* null domain */
3001 } else { /* ASCII */
3002 if (domain == NULL) {
3003 SecurityBlob->DomainName.Buffer = 0;
3004 SecurityBlob->DomainName.Length = 0;
3005 SecurityBlob->DomainName.MaximumLength = 0;
3006 } else {
3007 __u16 len;
3008 negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
3009 strncpy(bcc_ptr, domain, 63);
3010 len = strnlen(domain, 64);
3011 SecurityBlob->DomainName.MaximumLength =
3012 cpu_to_le16(len);
3013 SecurityBlob->DomainName.Buffer =
3014 cpu_to_le32(SecurityBlobLength);
3015 bcc_ptr += len;
3016 SecurityBlobLength += len;
3017 SecurityBlob->DomainName.Length = cpu_to_le16(len);
3018 }
3019 if (user == NULL) {
3020 SecurityBlob->UserName.Buffer = 0;
3021 SecurityBlob->UserName.Length = 0;
3022 SecurityBlob->UserName.MaximumLength = 0;
3023 } else {
3024 __u16 len;
3025 strncpy(bcc_ptr, user, 63);
3026 len = strnlen(user, 64);
3027 SecurityBlob->UserName.MaximumLength =
3028 cpu_to_le16(len);
3029 SecurityBlob->UserName.Buffer =
3030 cpu_to_le32(SecurityBlobLength);
3031 bcc_ptr += len;
3032 SecurityBlobLength += len;
3033 SecurityBlob->UserName.Length = cpu_to_le16(len);
3034 }
3035 /* BB fill in our workstation name if known BB */
3036
3037 strcpy(bcc_ptr, "Linux version ");
3038 bcc_ptr += strlen("Linux version ");
3039 strcpy(bcc_ptr, system_utsname.release);
3040 bcc_ptr += strlen(system_utsname.release) + 1;
3041 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
3042 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
3043 bcc_ptr++; /* null domain */
3044 *bcc_ptr = 0;
3045 }
3046 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
3047 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
3048 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
3049 smb_buffer->smb_buf_length += count;
3050 pSMB->req.ByteCount = cpu_to_le16(count);
3051
3052 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
3053 &bytes_returned, 1);
3054 if (rc) {
3055/* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
3056 } else if ((smb_buffer_response->WordCount == 3)
3057 || (smb_buffer_response->WordCount == 4)) {
3058 __u16 action = le16_to_cpu(pSMBr->resp.Action);
3059 __u16 blob_len =
3060 le16_to_cpu(pSMBr->resp.SecurityBlobLength);
3061 if (action & GUEST_LOGIN)
3062 cFYI(1, (" Guest login")); /* BB do we want to set anything in SesInfo struct ? */
3063/* if(SecurityBlob2->MessageType != NtLm??){
3064 cFYI("Unexpected message type on auth response is %d "));
3065 } */
3066 if (ses) {
3067 cFYI(1,
3068 ("Does UID on challenge %d match auth response UID %d ",
3069 ses->Suid, smb_buffer_response->Uid));
3070 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format */
3071 bcc_ptr = pByteArea(smb_buffer_response);
3072 /* response can have either 3 or 4 word count - Samba sends 3 */
3073 if ((pSMBr->resp.hdr.WordCount == 3)
3074 || ((pSMBr->resp.hdr.WordCount == 4)
3075 && (blob_len <
3076 pSMBr->resp.ByteCount))) {
3077 if (pSMBr->resp.hdr.WordCount == 4) {
3078 bcc_ptr +=
3079 blob_len;
3080 cFYI(1,
3081 ("Security Blob Length %d ",
3082 blob_len));
3083 }
3084
3085 cFYI(1,
3086 ("NTLMSSP response to Authenticate "));
3087
3088 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3089 if ((long) (bcc_ptr) % 2) {
3090 remaining_words =
3091 (BCC(smb_buffer_response)
3092 - 1) / 2;
3093 bcc_ptr++; /* Unicode strings must be word aligned */
3094 } else {
3095 remaining_words = BCC(smb_buffer_response) / 2;
3096 }
3097 len =
3098 UniStrnlen((wchar_t *) bcc_ptr,remaining_words - 1);
3099/* We look for obvious messed up bcc or strings in response so we do not go off
3100 the end since (at least) WIN2K and Windows XP have a major bug in not null
3101 terminating last Unicode string in response */
3102 ses->serverOS =
e915fc49 3103 kzalloc(2 * (len + 1), GFP_KERNEL);
1da177e4 3104 cifs_strfromUCS_le(ses->serverOS,
e89dc920 3105 (__le16 *)
1da177e4
LT		 3106 bcc_ptr, len,
3107 nls_codepage);
3108 bcc_ptr += 2 * (len + 1);
3109 remaining_words -= len + 1;
3110 ses->serverOS[2 * len] = 0;
3111 ses->serverOS[1 + (2 * len)] = 0;
3112 if (remaining_words > 0) {
3113 len = UniStrnlen((wchar_t *)
3114 bcc_ptr,
3115 remaining_words
3116 - 1);
3117 ses->serverNOS =
e915fc49 3118 kzalloc(2 * (len + 1),
1da177e4
LT		 3119 GFP_KERNEL);
3120 cifs_strfromUCS_le(ses->
3121 serverNOS,
e89dc920 3122 (__le16 *)
1da177e4
LT		 3123 bcc_ptr,
3124 len,
3125 nls_codepage);
3126 bcc_ptr += 2 * (len + 1);
3127 ses->serverNOS[2 * len] = 0;
3128 ses->serverNOS[1+(2*len)] = 0;
3129 remaining_words -= len + 1;
3130 if (remaining_words > 0) {
3131 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
3132 /* last string not always null terminated (e.g. for Windows XP & 2000) */
3133 ses->serverDomain =
e915fc49 3134 kzalloc(2 *
1da177e4
LT		 3135 (len +
3136 1),
3137 GFP_KERNEL);
3138 cifs_strfromUCS_le
3139 (ses->
3140 serverDomain,
e89dc920 3141 (__le16 *)
1da177e4
LT		 3142 bcc_ptr, len,
3143 nls_codepage);
3144 bcc_ptr +=
3145 2 * (len + 1);
3146 ses->
3147 serverDomain[2
3148 * len]
3149 = 0;
3150 ses->
3151 serverDomain[1
3152 +
3153 (2
3154 *
3155 len)]
3156 = 0;
3157 } /* else no more room so create dummy domain string */
3158 else
e915fc49 3159 ses->serverDomain = kzalloc(2,GFP_KERNEL);
1da177e4 3160 } else { /* no room so create dummy domain and NOS string */
e915fc49
PE		 3161 ses->serverDomain = kzalloc(2, GFP_KERNEL);
3162 ses->serverNOS = kzalloc(2, GFP_KERNEL);
1da177e4
LT		 3163 }
3164 } else { /* ASCII */
3165 len = strnlen(bcc_ptr, 1024);
3166 if (((long) bcc_ptr + len) -
3167 (long) pByteArea(smb_buffer_response)
3168 <= BCC(smb_buffer_response)) {
e915fc49 3169 ses->serverOS = kzalloc(len + 1,GFP_KERNEL);
1da177e4
LT		 3170 strncpy(ses->serverOS,bcc_ptr, len);
3171
3172 bcc_ptr += len;
3173 bcc_ptr[0] = 0; /* null terminate the string */
3174 bcc_ptr++;
3175
3176 len = strnlen(bcc_ptr, 1024);
e915fc49 3177 ses->serverNOS = kzalloc(len+1,GFP_KERNEL);
1da177e4
LT		 3178 strncpy(ses->serverNOS, bcc_ptr, len);
3179 bcc_ptr += len;
3180 bcc_ptr[0] = 0;
3181 bcc_ptr++;
3182
3183 len = strnlen(bcc_ptr, 1024);
e915fc49 3184 ses->serverDomain = kzalloc(len+1,GFP_KERNEL);
1da177e4
LT		 3185 strncpy(ses->serverDomain, bcc_ptr, len);
3186 bcc_ptr += len;
3187 bcc_ptr[0] = 0;
3188 bcc_ptr++;
3189 } else
3190 cFYI(1,
3191 ("Variable field of length %d extends beyond end of smb ",
3192 len));
3193 }
3194 } else {
3195 cERROR(1,
3196 (" Security Blob Length extends beyond end of SMB"));
3197 }
3198 } else {
3199 cERROR(1, ("No session structure passed in."));
3200 }
3201 } else {
3202 cERROR(1,
3203 (" Invalid Word count %d: ",
3204 smb_buffer_response->WordCount));
3205 rc = -EIO;
3206 }
3207
3208 if (smb_buffer)
3209 cifs_buf_release(smb_buffer);
3210
3211 return rc;
3212}
3213
3214int
3215CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3216 const char *tree, struct cifsTconInfo *tcon,
3217 const struct nls_table *nls_codepage)
3218{
3219 struct smb_hdr *smb_buffer;
3220 struct smb_hdr *smb_buffer_response;
3221 TCONX_REQ *pSMB;
3222 TCONX_RSP *pSMBr;
3223 unsigned char *bcc_ptr;
3224 int rc = 0;
3225 int length;
3226 __u16 count;
3227
3228 if (ses == NULL)
3229 return -EIO;
3230
3231 smb_buffer = cifs_buf_get();
3232 if (smb_buffer == NULL) {
3233 return -ENOMEM;
3234 }
3235 smb_buffer_response = smb_buffer;
3236
3237 header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3238 NULL /*no tid */ , 4 /*wct */ );
1982c344
SF		 3239
3240 smb_buffer->Mid = GetNextMid(ses->server);
1da177e4
LT		 3241 smb_buffer->Uid = ses->Suid;
3242 pSMB = (TCONX_REQ *) smb_buffer;
3243 pSMBr = (TCONX_RSP *) smb_buffer_response;
3244
3245 pSMB->AndXCommand = 0xFF;
3246 pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
1da177e4 3247 bcc_ptr = &pSMB->Password[0];
eeac8047
SF		 3248 if((ses->server->secMode) & SECMODE_USER) {
3249 pSMB->PasswordLength = cpu_to_le16(1); /* minimum */
3250 bcc_ptr++; /* skip password */
3251 } else {
3252 pSMB->PasswordLength = cpu_to_le16(CIFS_SESSION_KEY_SIZE);
3253 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3254 specified as required (when that support is added to
3255 the vfs in the future) as only NTLM or the much
3256 weaker LANMAN (which we do not send) is accepted
3257 by Samba (not sure whether other servers allow
3258 NTLMv2 password here) */
3259 SMBNTencrypt(ses->password,
3260 ses->server->cryptKey,
3261 bcc_ptr);
3262
3263 bcc_ptr += CIFS_SESSION_KEY_SIZE;
3264 *bcc_ptr = 0;
3265 bcc_ptr++; /* align */
3266 }
1da177e4
LT		 3267
3268 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3269 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3270
3271 if (ses->capabilities & CAP_STATUS32) {
3272 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3273 }
3274 if (ses->capabilities & CAP_DFS) {
3275 smb_buffer->Flags2 |= SMBFLG2_DFS;
3276 }
3277 if (ses->capabilities & CAP_UNICODE) {
3278 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3279 length =
e89dc920 3280 cifs_strtoUCS((__le16 *) bcc_ptr, tree, 100, nls_codepage);
1da177e4
LT		 3281 bcc_ptr += 2 * length; /* convert num of 16 bit words to bytes */
3282 bcc_ptr += 2; /* skip trailing null */
3283 } else { /* ASCII */
1da177e4
LT		 3284 strcpy(bcc_ptr, tree);
3285 bcc_ptr += strlen(tree) + 1;
3286 }
3287 strcpy(bcc_ptr, "?????");
3288 bcc_ptr += strlen("?????");
3289 bcc_ptr += 1;
3290 count = bcc_ptr - &pSMB->Password[0];
3291 pSMB->hdr.smb_buf_length += count;
3292 pSMB->ByteCount = cpu_to_le16(count);
3293
3294 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length, 0);
3295
3296 /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3297 /* above now done in SendReceive */
3298 if ((rc == 0) && (tcon != NULL)) {
3299 tcon->tidStatus = CifsGood;
3300 tcon->tid = smb_buffer_response->Tid;
3301 bcc_ptr = pByteArea(smb_buffer_response);
3302 length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2);
3303 /* skip service field (NB: this field is always ASCII) */
3304 bcc_ptr += length + 1;
3305 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3306 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3307 length = UniStrnlen((wchar_t *) bcc_ptr, 512);
3308 if ((bcc_ptr + (2 * length)) -
3309 pByteArea(smb_buffer_response) <=
3310 BCC(smb_buffer_response)) {
f99d49ad 3311 kfree(tcon->nativeFileSystem);
1da177e4 3312 tcon->nativeFileSystem =
e915fc49 3313 kzalloc(length + 2, GFP_KERNEL);
1da177e4 3314 cifs_strfromUCS_le(tcon->nativeFileSystem,
e89dc920 3315 (__le16 *) bcc_ptr,
1da177e4
LT		 3316 length, nls_codepage);
3317 bcc_ptr += 2 * length;
3318 bcc_ptr[0] = 0; /* null terminate the string */
3319 bcc_ptr[1] = 0;
3320 bcc_ptr += 2;
3321 }
3322 /* else do not bother copying these informational fields */
3323 } else {
3324 length = strnlen(bcc_ptr, 1024);
3325 if ((bcc_ptr + length) -
3326 pByteArea(smb_buffer_response) <=
3327 BCC(smb_buffer_response)) {
f99d49ad 3328 kfree(tcon->nativeFileSystem);
1da177e4 3329 tcon->nativeFileSystem =
e915fc49 3330 kzalloc(length + 1, GFP_KERNEL);
1da177e4
LT		 3331 strncpy(tcon->nativeFileSystem, bcc_ptr,
3332 length);
3333 }
3334 /* else do not bother copying these informational fields */
3335 }
3336 tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3337 cFYI(1, ("Tcon flags: 0x%x ", tcon->Flags));
3338 } else if ((rc == 0) && tcon == NULL) {
3339 /* all we need to save for IPC$ connection */
3340 ses->ipc_tid = smb_buffer_response->Tid;
3341 }
3342
3343 if (smb_buffer)
3344 cifs_buf_release(smb_buffer);
3345 return rc;
3346}
3347
3348int
3349cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3350{
3351 int rc = 0;
3352 int xid;
3353 struct cifsSesInfo *ses = NULL;
3354 struct task_struct *cifsd_task;
3355
3356 xid = GetXid();
3357
3358 if (cifs_sb->tcon) {
3359 ses = cifs_sb->tcon->ses; /* save ptr to ses before delete tcon!*/
3360 rc = CIFSSMBTDis(xid, cifs_sb->tcon);
3361 if (rc == -EBUSY) {
3362 FreeXid(xid);
3363 return 0;
3364 }
3365 tconInfoFree(cifs_sb->tcon);
3366 if ((ses) && (ses->server)) {
3367 /* save off task so we do not refer to ses later */
3368 cifsd_task = ses->server->tsk;
3369 cFYI(1, ("About to do SMBLogoff "));
3370 rc = CIFSSMBLogoff(xid, ses);
3371 if (rc == -EBUSY) {
3372 FreeXid(xid);
3373 return 0;
3374 } else if (rc == -ESHUTDOWN) {
3375 cFYI(1,("Waking up socket by sending it signal"));
f191401f 3376 if(cifsd_task) {
1da177e4 3377 send_sig(SIGKILL,cifsd_task,1);
f191401f
SF		 3378 wait_for_completion(&cifsd_complete);
3379 }
1da177e4
LT		 3380 rc = 0;
3381 } /* else - we have an smb session
3382 left on this socket do not kill cifsd */
3383 } else
3384 cFYI(1, ("No session or bad tcon"));
3385 }
3386
3387 cifs_sb->tcon = NULL;
041e0e3b
NA		 3388 if (ses)
3389 schedule_timeout_interruptible(msecs_to_jiffies(500));
1da177e4
LT		 3390 if (ses)
3391 sesInfoFree(ses);
3392
3393 FreeXid(xid);
3394 return rc; /* BB check if we should always return zero here */
3395}
3396
3397int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
3398 struct nls_table * nls_info)
3399{
3400 int rc = 0;
3401 char ntlm_session_key[CIFS_SESSION_KEY_SIZE];
3402 int ntlmv2_flag = FALSE;
ad009ac9 3403 int first_time = 0;
1da177e4
LT		 3404
3405 /* what if server changes its buffer size after dropping the session? */
3406 if(pSesInfo->server->maxBuf == 0) /* no need to send on reconnect */ {
3407 rc = CIFSSMBNegotiate(xid, pSesInfo);
3408 if(rc == -EAGAIN) /* retry only once on 1st time connection */ {
3409 rc = CIFSSMBNegotiate(xid, pSesInfo);
3410 if(rc == -EAGAIN)
3411 rc = -EHOSTDOWN;
3412 }
3413 if(rc == 0) {
3414 spin_lock(&GlobalMid_Lock);
3415 if(pSesInfo->server->tcpStatus != CifsExiting)
3416 pSesInfo->server->tcpStatus = CifsGood;
3417 else
3418 rc = -EHOSTDOWN;
3419 spin_unlock(&GlobalMid_Lock);
3420
3421 }
ad009ac9 3422 first_time = 1;
1da177e4
LT		 3423 }
3424 if (!rc) {
3425 pSesInfo->capabilities = pSesInfo->server->capabilities;
3426 if(linuxExtEnabled == 0)
3427 pSesInfo->capabilities &= (~CAP_UNIX);
ad009ac9 3428 /* pSesInfo->sequence_number = 0;*/
1da177e4
LT		 3429 cFYI(1,("Security Mode: 0x%x Capabilities: 0x%x Time Zone: %d",
3430 pSesInfo->server->secMode,
3431 pSesInfo->server->capabilities,
3432 pSesInfo->server->timeZone));
3433 if (extended_security
3434 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3435 && (pSesInfo->server->secType == NTLMSSP)) {
5815449d 3436 cFYI(1, ("New style sesssetup"));
1da177e4
LT		 3437 rc = CIFSSpnegoSessSetup(xid, pSesInfo,
3438 NULL /* security blob */,
3439 0 /* blob length */,
3440 nls_info);
3441 } else if (extended_security
3442 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3443 && (pSesInfo->server->secType == RawNTLMSSP)) {
5815449d 3444 cFYI(1, ("NTLMSSP sesssetup"));
1da177e4
LT		 3445 rc = CIFSNTLMSSPNegotiateSessSetup(xid,
3446 pSesInfo,
3447 &ntlmv2_flag,
3448 nls_info);
3449 if (!rc) {
3450 if(ntlmv2_flag) {
3451 char * v2_response;
3452 cFYI(1,("Can use more secure NTLM version 2 password hash"));
3453 if(CalcNTLMv2_partial_mac_key(pSesInfo,
3454 nls_info)) {
3455 rc = -ENOMEM;
3456 goto ss_err_exit;
3457 } else
3458 v2_response = kmalloc(16 + 64 /* blob */, GFP_KERNEL);
3459 if(v2_response) {
3460 CalcNTLMv2_response(pSesInfo,v2_response);
ad009ac9
SF		 3461 /* if(first_time)
3462 cifs_calculate_ntlmv2_mac_key(
3463 pSesInfo->server->mac_signing_key,
3464 response, ntlm_session_key, */
1da177e4
LT		 3465 kfree(v2_response);
3466 /* BB Put dummy sig in SessSetup PDU? */
3467 } else {
3468 rc = -ENOMEM;
3469 goto ss_err_exit;
3470 }
3471
3472 } else {
3473 SMBNTencrypt(pSesInfo->password,
3474 pSesInfo->server->cryptKey,
3475 ntlm_session_key);
3476
ad009ac9
SF		 3477 if(first_time)
3478 cifs_calculate_mac_key(
3479 pSesInfo->server->mac_signing_key,
3480 ntlm_session_key,
3481 pSesInfo->password);
1da177e4
LT		 3482 }
3483 /* for better security the weaker lanman hash not sent
3484 in AuthSessSetup so we no longer calculate it */
3485
3486 rc = CIFSNTLMSSPAuthSessSetup(xid,
3487 pSesInfo,
3488 ntlm_session_key,
3489 ntlmv2_flag,
3490 nls_info);
3491 }
3492 } else { /* old style NTLM 0.12 session setup */
3493 SMBNTencrypt(pSesInfo->password,
3494 pSesInfo->server->cryptKey,
3495 ntlm_session_key);
3496
ad009ac9
SF		 3497 if(first_time)
3498 cifs_calculate_mac_key(
3499 pSesInfo->server->mac_signing_key,
3500 ntlm_session_key, pSesInfo->password);
3501
1da177e4
LT		 3502 rc = CIFSSessSetup(xid, pSesInfo,
3503 ntlm_session_key, nls_info);
3504 }
3505 if (rc) {
3506 cERROR(1,("Send error in SessSetup = %d",rc));
3507 } else {
3508 cFYI(1,("CIFS Session Established successfully"));
3509 pSesInfo->status = CifsGood;
3510 }
3511 }
3512ss_err_exit:
3513 return rc;
3514}
3515
Ubuntu Artful kernel mirror