]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - fs/cifs/connect.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[CIFS] reindent misindented statement
[mirror_ubuntu-artful-kernel.git] / fs / cifs / connect.c
CommitLineData
1da177e4
LT		 1/*
2 * fs/cifs/connect.c
3 *
366781c1 4 * Copyright (C) International Business Machines Corp., 2002,2008
1da177e4
LT		 5 * Author(s): Steve French (sfrench@us.ibm.com)
6 *
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
fb8c4b14 19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
1da177e4
LT		 20 */
21#include <linux/fs.h>
22#include <linux/net.h>
23#include <linux/string.h>
24#include <linux/list.h>
25#include <linux/wait.h>
26#include <linux/ipv6.h>
27#include <linux/pagemap.h>
28#include <linux/ctype.h>
29#include <linux/utsname.h>
30#include <linux/mempool.h>
b8643e1b 31#include <linux/delay.h>
f191401f 32#include <linux/completion.h>
aaf737ad 33#include <linux/kthread.h>
0ae0efad 34#include <linux/pagevec.h>
7dfb7103 35#include <linux/freezer.h>
1da177e4
LT		 36#include <asm/uaccess.h>
37#include <asm/processor.h>
38#include "cifspdu.h"
39#include "cifsglob.h"
40#include "cifsproto.h"
41#include "cifs_unicode.h"
42#include "cifs_debug.h"
43#include "cifs_fs_sb.h"
44#include "ntlmssp.h"
45#include "nterr.h"
46#include "rfc1002pdu.h"
a2653eba 47#include "cn_cifs.h"
1da177e4
LT		 48
49#define CIFS_PORT 445
50#define RFC1001_PORT 139
51
1da177e4
LT		 52extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
53 unsigned char *p24);
54
55extern mempool_t *cifs_req_poolp;
56
57struct smb_vol {
58 char *username;
59 char *password;
60 char *domainname;
61 char *UNC;
62 char *UNCip;
95b1cb90 63 char *in6_addr; /* ipv6 address as human readable form of in6_addr */
1da177e4
LT		 64 char *iocharset; /* local code page for mapping to and from Unicode */
65 char source_rfc1001_name[16]; /* netbios name of client */
a10faeb2 66 char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
1da177e4
LT		 67 uid_t linux_uid;
68 gid_t linux_gid;
69 mode_t file_mode;
70 mode_t dir_mode;
189acaae 71 unsigned secFlg;
4b18f2a9
SF		 72 bool rw:1;
73 bool retry:1;
74 bool intr:1;
75 bool setuids:1;
76 bool override_uid:1;
77 bool override_gid:1;
d0a9c078 78 bool dynperm:1;
4b18f2a9
SF		 79 bool noperm:1;
80 bool no_psx_acl:1; /* set if posix acl support should be disabled */
81 bool cifs_acl:1;
82 bool no_xattr:1; /* set if xattr (EA) support should be disabled*/
83 bool server_ino:1; /* use inode numbers from server ie UniqueId */
84 bool direct_io:1;
95b1cb90
SF		 85 bool remap:1; /* set to remap seven reserved chars in filenames */
86 bool posix_paths:1; /* unset to not ask for posix pathnames. */
4b18f2a9
SF		 87 bool no_linux_ext:1;
88 bool sfu_emul:1;
95b1cb90
SF		 89 bool nullauth:1; /* attempt to authenticate with null user */
90 bool nocase:1; /* request case insensitive filenames */
91 bool nobrl:1; /* disable sending byte range locks to srv */
92 bool seal:1; /* request transport encryption on share */
1da177e4
LT		 93 unsigned int rsize;
94 unsigned int wsize;
95 unsigned int sockopt;
96 unsigned short int port;
fb8c4b14 97 char *prepath;
1da177e4
LT		 98};
99
fb8c4b14 100static int ipv4_connect(struct sockaddr_in *psin_server,
1da177e4 101 struct socket **csocket,
fb8c4b14
SF		 102 char *netb_name,
103 char *server_netb_name);
104static int ipv6_connect(struct sockaddr_in6 *psin_server,
1da177e4
LT		 105 struct socket **csocket);
106
107
fb8c4b14 108 /*
1da177e4 109 * cifs tcp session reconnection
fb8c4b14 110 *
1da177e4
LT		 111 * mark tcp session as reconnecting so temporarily locked
112 * mark all smb sessions as reconnecting for tcp session
113 * reconnect tcp session
114 * wake up waiters on reconnection? - (not needed currently)
115 */
116
2cd646a2 117static int
1da177e4
LT		 118cifs_reconnect(struct TCP_Server_Info *server)
119{
120 int rc = 0;
121 struct list_head *tmp;
122 struct cifsSesInfo *ses;
123 struct cifsTconInfo *tcon;
fb8c4b14 124 struct mid_q_entry *mid_entry;
50c2f753 125
1da177e4 126 spin_lock(&GlobalMid_Lock);
26f57364 127 if (kthread_should_stop()) {
fb8c4b14 128 /* the demux thread will exit normally
1da177e4
LT		 129 next time through the loop */
130 spin_unlock(&GlobalMid_Lock);
131 return rc;
132 } else
133 server->tcpStatus = CifsNeedReconnect;
134 spin_unlock(&GlobalMid_Lock);
135 server->maxBuf = 0;
136
e4eb295d 137 cFYI(1, ("Reconnecting tcp session"));
1da177e4
LT		 138
139 /* before reconnecting the tcp session, mark the smb session (uid)
140 and the tid bad so they are not used until reconnected */
141 read_lock(&GlobalSMBSeslock);
142 list_for_each(tmp, &GlobalSMBSessionList) {
143 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
144 if (ses->server) {
145 if (ses->server == server) {
146 ses->status = CifsNeedReconnect;
147 ses->ipc_tid = 0;
148 }
149 }
150 /* else tcp and smb sessions need reconnection */
151 }
152 list_for_each(tmp, &GlobalTreeConnectionList) {
153 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
ad8b15f0 154 if ((tcon->ses) && (tcon->ses->server == server))
1da177e4 155 tcon->tidStatus = CifsNeedReconnect;
1da177e4
LT		 156 }
157 read_unlock(&GlobalSMBSeslock);
158 /* do not want to be sending data on a socket we are freeing */
fb8c4b14
SF		 159 down(&server->tcpSem);
160 if (server->ssocket) {
467a8f8d 161 cFYI(1, ("State: 0x%x Flags: 0x%lx", server->ssocket->state,
1da177e4 162 server->ssocket->flags));
91cf45f0 163 kernel_sock_shutdown(server->ssocket, SHUT_WR);
fb8c4b14 164 cFYI(1, ("Post shutdown state: 0x%x Flags: 0x%lx",
467a8f8d 165 server->ssocket->state,
1da177e4
LT		 166 server->ssocket->flags));
167 sock_release(server->ssocket);
168 server->ssocket = NULL;
169 }
170
171 spin_lock(&GlobalMid_Lock);
172 list_for_each(tmp, &server->pending_mid_q) {
173 mid_entry = list_entry(tmp, struct
174 mid_q_entry,
175 qhead);
ad8b15f0 176 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
09d1db5c
SF		 177 /* Mark other intransit requests as needing
178 retry so we do not immediately mark the
179 session bad again (ie after we reconnect
180 below) as they timeout too */
ad8b15f0 181 mid_entry->midState = MID_RETRY_NEEDED;
1da177e4
LT		 182 }
183 }
184 spin_unlock(&GlobalMid_Lock);
fb8c4b14 185 up(&server->tcpSem);
1da177e4 186
26f57364 187 while ((!kthread_should_stop()) && (server->tcpStatus != CifsGood)) {
6c3d8909 188 try_to_freeze();
fb8c4b14
SF		 189 if (server->protocolType == IPV6) {
190 rc = ipv6_connect(&server->addr.sockAddr6,
191 &server->ssocket);
1da177e4 192 } else {
fb8c4b14 193 rc = ipv4_connect(&server->addr.sockAddr,
1da177e4 194 &server->ssocket,
a10faeb2
SF		 195 server->workstation_RFC1001_name,
196 server->server_RFC1001_name);
1da177e4 197 }
fb8c4b14
SF		 198 if (rc) {
199 cFYI(1, ("reconnect error %d", rc));
0cb766ae 200 msleep(3000);
1da177e4
LT		 201 } else {
202 atomic_inc(&tcpSesReconnectCount);
203 spin_lock(&GlobalMid_Lock);
26f57364 204 if (!kthread_should_stop())
1da177e4 205 server->tcpStatus = CifsGood;
ad009ac9 206 server->sequence_number = 0;
fb8c4b14 207 spin_unlock(&GlobalMid_Lock);
1da177e4
LT		 208 /* atomic_set(&server->inFlight,0);*/
209 wake_up(&server->response_q);
210 }
211 }
212 return rc;
213}
214
fb8c4b14 215/*
e4eb295d
SF		 216 return codes:
217 0 not a transact2, or all data present
218 >0 transact2 with that much data missing
219 -EINVAL = invalid transact2
220
221 */
fb8c4b14 222static int check2ndT2(struct smb_hdr *pSMB, unsigned int maxBufSize)
e4eb295d 223{
fb8c4b14
SF		 224 struct smb_t2_rsp *pSMBt;
225 int total_data_size;
e4eb295d
SF		 226 int data_in_this_rsp;
227 int remaining;
228
fb8c4b14 229 if (pSMB->Command != SMB_COM_TRANSACTION2)
e4eb295d
SF		 230 return 0;
231
fb8c4b14
SF		 232 /* check for plausible wct, bcc and t2 data and parm sizes */
233 /* check for parm and data offset going beyond end of smb */
234 if (pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
467a8f8d 235 cFYI(1, ("invalid transact2 word count"));
e4eb295d
SF		 236 return -EINVAL;
237 }
238
239 pSMBt = (struct smb_t2_rsp *)pSMB;
240
241 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
242 data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
243
244 remaining = total_data_size - data_in_this_rsp;
245
fb8c4b14 246 if (remaining == 0)
e4eb295d 247 return 0;
fb8c4b14 248 else if (remaining < 0) {
467a8f8d 249 cFYI(1, ("total data %d smaller than data in frame %d",
e4eb295d
SF		 250 total_data_size, data_in_this_rsp));
251 return -EINVAL;
252 } else {
467a8f8d 253 cFYI(1, ("missing %d bytes from transact2, check next response",
e4eb295d 254 remaining));
fb8c4b14
SF		 255 if (total_data_size > maxBufSize) {
256 cERROR(1, ("TotalDataSize %d is over maximum buffer %d",
257 total_data_size, maxBufSize));
258 return -EINVAL;
e4eb295d
SF		 259 }
260 return remaining;
261 }
262}
263
fb8c4b14 264static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
e4eb295d
SF		 265{
266 struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
267 struct smb_t2_rsp *pSMBt = (struct smb_t2_rsp *)pTargetSMB;
268 int total_data_size;
269 int total_in_buf;
270 int remaining;
271 int total_in_buf2;
fb8c4b14
SF		 272 char *data_area_of_target;
273 char *data_area_of_buf2;
e4eb295d
SF		 274 __u16 byte_count;
275
276 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
277
fb8c4b14 278 if (total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
63135e08 279 cFYI(1, ("total data size of primary and secondary t2 differ"));
e4eb295d
SF		 280 }
281
282 total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
283
284 remaining = total_data_size - total_in_buf;
50c2f753 285
fb8c4b14 286 if (remaining < 0)
e4eb295d
SF		 287 return -EINVAL;
288
fb8c4b14 289 if (remaining == 0) /* nothing to do, ignore */
e4eb295d 290 return 0;
50c2f753 291
e4eb295d 292 total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
fb8c4b14 293 if (remaining < total_in_buf2) {
467a8f8d 294 cFYI(1, ("transact2 2nd response contains too much data"));
e4eb295d
SF		 295 }
296
297 /* find end of first SMB data area */
fb8c4b14 298 data_area_of_target = (char *)&pSMBt->hdr.Protocol +
e4eb295d
SF		 299 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
300 /* validate target area */
301
302 data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
fb8c4b14 303 le16_to_cpu(pSMB2->t2_rsp.DataOffset);
e4eb295d
SF		 304
305 data_area_of_target += total_in_buf;
306
307 /* copy second buffer into end of first buffer */
fb8c4b14 308 memcpy(data_area_of_target, data_area_of_buf2, total_in_buf2);
e4eb295d
SF		 309 total_in_buf += total_in_buf2;
310 pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
311 byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
312 byte_count += total_in_buf2;
313 BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
314
70ca734a 315 byte_count = pTargetSMB->smb_buf_length;
e4eb295d
SF		 316 byte_count += total_in_buf2;
317
318 /* BB also add check that we are not beyond maximum buffer size */
50c2f753 319
70ca734a 320 pTargetSMB->smb_buf_length = byte_count;
e4eb295d 321
fb8c4b14 322 if (remaining == total_in_buf2) {
467a8f8d 323 cFYI(1, ("found the last secondary response"));
e4eb295d
SF		 324 return 0; /* we are done */
325 } else /* more responses to go */
326 return 1;
327
328}
329
1da177e4
LT		 330static int
331cifs_demultiplex_thread(struct TCP_Server_Info *server)
332{
333 int length;
334 unsigned int pdu_length, total_read;
335 struct smb_hdr *smb_buffer = NULL;
b8643e1b
SF		 336 struct smb_hdr *bigbuf = NULL;
337 struct smb_hdr *smallbuf = NULL;
1da177e4
LT		 338 struct msghdr smb_msg;
339 struct kvec iov;
340 struct socket *csocket = server->ssocket;
341 struct list_head *tmp;
342 struct cifsSesInfo *ses;
343 struct task_struct *task_to_wake = NULL;
344 struct mid_q_entry *mid_entry;
70ca734a 345 char temp;
4b18f2a9
SF		 346 bool isLargeBuf = false;
347 bool isMultiRsp;
e4eb295d 348 int reconnect;
1da177e4 349
1da177e4 350 current->flags |= PF_MEMALLOC;
ba25f9dc 351 cFYI(1, ("Demultiplex PID: %d", task_pid_nr(current)));
93d0ec85
JL		 352
353 length = atomic_inc_return(&tcpSesAllocCount);
354 if (length > 1)
26f57364
SF		 355 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
356 GFP_KERNEL);
1da177e4 357
83144186 358 set_freezable();
aaf737ad 359 while (!kthread_should_stop()) {
ede1327e
SF		 360 if (try_to_freeze())
361 continue;
b8643e1b
SF		 362 if (bigbuf == NULL) {
363 bigbuf = cifs_buf_get();
0fd1ffe0
PM		 364 if (!bigbuf) {
365 cERROR(1, ("No memory for large SMB response"));
b8643e1b
SF		 366 msleep(3000);
367 /* retry will check if exiting */
368 continue;
369 }
0fd1ffe0
PM		 370 } else if (isLargeBuf) {
371 /* we are reusing a dirty large buf, clear its start */
26f57364 372 memset(bigbuf, 0, sizeof(struct smb_hdr));
1da177e4 373 }
b8643e1b
SF		 374
375 if (smallbuf == NULL) {
376 smallbuf = cifs_small_buf_get();
0fd1ffe0
PM		 377 if (!smallbuf) {
378 cERROR(1, ("No memory for SMB response"));
b8643e1b
SF		 379 msleep(1000);
380 /* retry will check if exiting */
381 continue;
382 }
383 /* beginning of smb buffer is cleared in our buf_get */
384 } else /* if existing small buf clear beginning */
26f57364 385 memset(smallbuf, 0, sizeof(struct smb_hdr));
b8643e1b 386
4b18f2a9
SF		 387 isLargeBuf = false;
388 isMultiRsp = false;
b8643e1b 389 smb_buffer = smallbuf;
1da177e4
LT		 390 iov.iov_base = smb_buffer;
391 iov.iov_len = 4;
392 smb_msg.msg_control = NULL;
393 smb_msg.msg_controllen = 0;
f01d5e14
SF		 394 pdu_length = 4; /* enough to get RFC1001 header */
395incomplete_rcv:
1da177e4
LT		 396 length =
397 kernel_recvmsg(csocket, &smb_msg,
f01d5e14 398 &iov, 1, pdu_length, 0 /* BB other flags? */);
1da177e4 399
26f57364 400 if (kthread_should_stop()) {
1da177e4
LT		 401 break;
402 } else if (server->tcpStatus == CifsNeedReconnect) {
0fd1ffe0 403 cFYI(1, ("Reconnect after server stopped responding"));
1da177e4 404 cifs_reconnect(server);
0fd1ffe0 405 cFYI(1, ("call to reconnect done"));
1da177e4
LT		 406 csocket = server->ssocket;
407 continue;
408 } else if ((length == -ERESTARTSYS) || (length == -EAGAIN)) {
b8643e1b 409 msleep(1); /* minimum sleep to prevent looping
1da177e4
LT		 410 allowing socket to clear and app threads to set
411 tcpStatus CifsNeedReconnect if server hung */
c18c732e
SF		 412 if (pdu_length < 4)
413 goto incomplete_rcv;
414 else
415 continue;
1da177e4 416 } else if (length <= 0) {
0fd1ffe0
PM		 417 if (server->tcpStatus == CifsNew) {
418 cFYI(1, ("tcp session abend after SMBnegprot"));
09d1db5c
SF		 419 /* some servers kill the TCP session rather than
420 returning an SMB negprot error, in which
421 case reconnecting here is not going to help,
422 and so simply return error to mount */
1da177e4
LT		 423 break;
424 }
0fd1ffe0 425 if (!try_to_freeze() && (length == -EINTR)) {
467a8f8d 426 cFYI(1, ("cifsd thread killed"));
1da177e4
LT		 427 break;
428 }
467a8f8d 429 cFYI(1, ("Reconnect after unexpected peek error %d",
57337e42 430 length));
1da177e4
LT		 431 cifs_reconnect(server);
432 csocket = server->ssocket;
433 wake_up(&server->response_q);
434 continue;
2a974680
PT		 435 } else if (length < pdu_length) {
436 cFYI(1, ("requested %d bytes but only got %d bytes",
437 pdu_length, length));
f01d5e14 438 pdu_length -= length;
f01d5e14
SF		 439 msleep(1);
440 goto incomplete_rcv;
46810cbf 441 }
1da177e4 442
70ca734a
SF		 443 /* The right amount was read from socket - 4 bytes */
444 /* so we can now interpret the length field */
46810cbf 445
70ca734a
SF		 446 /* the first byte big endian of the length field,
447 is actually not part of the length but the type
448 with the most common, zero, as regular data */
449 temp = *((char *) smb_buffer);
46810cbf 450
fb8c4b14 451 /* Note that FC 1001 length is big endian on the wire,
70ca734a
SF		 452 but we convert it here so it is always manipulated
453 as host byte order */
5ca33c6a 454 pdu_length = be32_to_cpu((__force __be32)smb_buffer->smb_buf_length);
70ca734a
SF		 455 smb_buffer->smb_buf_length = pdu_length;
456
467a8f8d 457 cFYI(1, ("rfc1002 length 0x%x", pdu_length+4));
46810cbf 458
70ca734a 459 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
fb8c4b14 460 continue;
70ca734a 461 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
467a8f8d 462 cFYI(1, ("Good RFC 1002 session rsp"));
e4eb295d 463 continue;
70ca734a 464 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
fb8c4b14 465 /* we get this from Windows 98 instead of
46810cbf 466 an error on SMB negprot response */
fb8c4b14 467 cFYI(1, ("Negative RFC1002 Session Response Error 0x%x)",
70ca734a 468 pdu_length));
fb8c4b14
SF		 469 if (server->tcpStatus == CifsNew) {
470 /* if nack on negprot (rather than
46810cbf
SF		 471 ret of smb negprot error) reconnecting
472 not going to help, ret error to mount */
473 break;
474 } else {
475 /* give server a second to
476 clean up before reconnect attempt */
477 msleep(1000);
478 /* always try 445 first on reconnect
479 since we get NACK on some if we ever
fb8c4b14 480 connected to port 139 (the NACK is
46810cbf
SF		 481 since we do not begin with RFC1001
482 session initialize frame) */
fb8c4b14 483 server->addr.sockAddr.sin_port =
46810cbf 484 htons(CIFS_PORT);
1da177e4
LT		 485 cifs_reconnect(server);
486 csocket = server->ssocket;
46810cbf 487 wake_up(&server->response_q);
1da177e4 488 continue;
46810cbf 489 }
70ca734a 490 } else if (temp != (char) 0) {
fb8c4b14 491 cERROR(1, ("Unknown RFC 1002 frame"));
70ca734a
SF		 492 cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
493 length);
46810cbf
SF		 494 cifs_reconnect(server);
495 csocket = server->ssocket;
496 continue;
e4eb295d
SF		 497 }
498
499 /* else we have an SMB response */
fb8c4b14 500 if ((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
26f57364 501 (pdu_length < sizeof(struct smb_hdr) - 1 - 4)) {
e4eb295d 502 cERROR(1, ("Invalid size SMB length %d pdu_length %d",
46810cbf 503 length, pdu_length+4));
e4eb295d
SF		 504 cifs_reconnect(server);
505 csocket = server->ssocket;
506 wake_up(&server->response_q);
507 continue;
fb8c4b14 508 }
e4eb295d
SF		 509
510 /* else length ok */
511 reconnect = 0;
512
fb8c4b14 513 if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
4b18f2a9 514 isLargeBuf = true;
e4eb295d
SF		 515 memcpy(bigbuf, smallbuf, 4);
516 smb_buffer = bigbuf;
517 }
518 length = 0;
519 iov.iov_base = 4 + (char *)smb_buffer;
520 iov.iov_len = pdu_length;
fb8c4b14 521 for (total_read = 0; total_read < pdu_length;
e4eb295d
SF		 522 total_read += length) {
523 length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
524 pdu_length - total_read, 0);
26f57364 525 if (kthread_should_stop() ||
e4eb295d
SF		 526 (length == -EINTR)) {
527 /* then will exit */
528 reconnect = 2;
529 break;
530 } else if (server->tcpStatus == CifsNeedReconnect) {
46810cbf
SF		 531 cifs_reconnect(server);
532 csocket = server->ssocket;
fb8c4b14 533 /* Reconnect wakes up rspns q */
e4eb295d
SF		 534 /* Now we will reread sock */
535 reconnect = 1;
536 break;
fb8c4b14 537 } else if ((length == -ERESTARTSYS) ||
e4eb295d
SF		 538 (length == -EAGAIN)) {
539 msleep(1); /* minimum sleep to prevent looping,
fb8c4b14 540 allowing socket to clear and app
e4eb295d
SF		 541 threads to set tcpStatus
542 CifsNeedReconnect if server hung*/
c18c732e 543 length = 0;
46810cbf 544 continue;
e4eb295d 545 } else if (length <= 0) {
fb8c4b14 546 cERROR(1, ("Received no data, expecting %d",
e4eb295d
SF		 547 pdu_length - total_read));
548 cifs_reconnect(server);
549 csocket = server->ssocket;
550 reconnect = 1;
551 break;
46810cbf 552 }
e4eb295d 553 }
fb8c4b14 554 if (reconnect == 2)
e4eb295d 555 break;
fb8c4b14 556 else if (reconnect == 1)
e4eb295d 557 continue;
1da177e4 558
e4eb295d 559 length += 4; /* account for rfc1002 hdr */
50c2f753 560
09d1db5c 561
e4eb295d 562 dump_smb(smb_buffer, length);
184ed211 563 if (checkSMB(smb_buffer, smb_buffer->Mid, total_read+4)) {
b387eaeb 564 cifs_dump_mem("Bad SMB: ", smb_buffer, 48);
e4eb295d
SF		 565 continue;
566 }
1da177e4 567
e4eb295d
SF		 568
569 task_to_wake = NULL;
570 spin_lock(&GlobalMid_Lock);
571 list_for_each(tmp, &server->pending_mid_q) {
572 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
573
50c2f753 574 if ((mid_entry->mid == smb_buffer->Mid) &&
e4eb295d
SF		 575 (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
576 (mid_entry->command == smb_buffer->Command)) {
fb8c4b14 577 if (check2ndT2(smb_buffer,server->maxBuf) > 0) {
e4eb295d 578 /* We have a multipart transact2 resp */
4b18f2a9 579 isMultiRsp = true;
fb8c4b14 580 if (mid_entry->resp_buf) {
e4eb295d 581 /* merge response - fix up 1st*/
50c2f753 582 if (coalesce_t2(smb_buffer,
e4eb295d 583 mid_entry->resp_buf)) {
4b18f2a9
SF		 584 mid_entry->multiRsp =
585 true;
e4eb295d
SF		 586 break;
587 } else {
588 /* all parts received */
4b18f2a9
SF		 589 mid_entry->multiEnd =
590 true;
50c2f753 591 goto multi_t2_fnd;
e4eb295d
SF		 592 }
593 } else {
fb8c4b14 594 if (!isLargeBuf) {
e4eb295d
SF		 595 cERROR(1,("1st trans2 resp needs bigbuf"));
596 /* BB maybe we can fix this up, switch
50c2f753 597 to already allocated large buffer? */
e4eb295d 598 } else {
cd63499c 599 /* Have first buffer */
e4eb295d
SF		 600 mid_entry->resp_buf =
601 smb_buffer;
4b18f2a9
SF		 602 mid_entry->largeBuf =
603 true;
e4eb295d
SF		 604 bigbuf = NULL;
605 }
606 }
607 break;
50c2f753 608 }
e4eb295d 609 mid_entry->resp_buf = smb_buffer;
4b18f2a9 610 mid_entry->largeBuf = isLargeBuf;
e4eb295d
SF		 611multi_t2_fnd:
612 task_to_wake = mid_entry->tsk;
613 mid_entry->midState = MID_RESPONSE_RECEIVED;
1047abc1
SF		 614#ifdef CONFIG_CIFS_STATS2
615 mid_entry->when_received = jiffies;
616#endif
3a5ff61c
SF		 617 /* so we do not time out requests to server
618 which is still responding (since server could
619 be busy but not dead) */
620 server->lstrp = jiffies;
e4eb295d 621 break;
46810cbf 622 }
1da177e4 623 }
e4eb295d
SF		 624 spin_unlock(&GlobalMid_Lock);
625 if (task_to_wake) {
cd63499c 626 /* Was previous buf put in mpx struct for multi-rsp? */
fb8c4b14 627 if (!isMultiRsp) {
cd63499c 628 /* smb buffer will be freed by user thread */
26f57364 629 if (isLargeBuf)
cd63499c 630 bigbuf = NULL;
26f57364 631 else
cd63499c
SF		 632 smallbuf = NULL;
633 }
e4eb295d 634 wake_up_process(task_to_wake);
4b18f2a9
SF		 635 } else if (!is_valid_oplock_break(smb_buffer, server) &&
636 !isMultiRsp) {
50c2f753
SF		 637 cERROR(1, ("No task to wake, unknown frame received! "
638 "NumMids %d", midCount.counter));
639 cifs_dump_mem("Received Data is: ", (char *)smb_buffer,
70ca734a 640 sizeof(struct smb_hdr));
3979877e
SF		 641#ifdef CONFIG_CIFS_DEBUG2
642 cifs_dump_detail(smb_buffer);
643 cifs_dump_mids(server);
644#endif /* CIFS_DEBUG2 */
50c2f753 645
e4eb295d
SF		 646 }
647 } /* end while !EXITING */
648
1da177e4
LT		 649 spin_lock(&GlobalMid_Lock);
650 server->tcpStatus = CifsExiting;
e691b9d1 651 spin_unlock(&GlobalMid_Lock);
dbdbb876 652 wake_up_all(&server->response_q);
e691b9d1
SF		 653
654 /* don't exit until kthread_stop is called */
655 set_current_state(TASK_UNINTERRUPTIBLE);
656 while (!kthread_should_stop()) {
657 schedule();
658 set_current_state(TASK_UNINTERRUPTIBLE);
659 }
660 set_current_state(TASK_RUNNING);
661
31ca3bc3
SF		 662 /* check if we have blocked requests that need to free */
663 /* Note that cifs_max_pending is normally 50, but
664 can be set at module install time to as little as two */
e691b9d1 665 spin_lock(&GlobalMid_Lock);
fb8c4b14 666 if (atomic_read(&server->inFlight) >= cifs_max_pending)
31ca3bc3
SF		 667 atomic_set(&server->inFlight, cifs_max_pending - 1);
668 /* We do not want to set the max_pending too low or we
669 could end up with the counter going negative */
1da177e4 670 spin_unlock(&GlobalMid_Lock);
50c2f753 671 /* Although there should not be any requests blocked on
1da177e4 672 this queue it can not hurt to be paranoid and try to wake up requests
09d1db5c 673 that may haven been blocked when more than 50 at time were on the wire
1da177e4
LT		 674 to the same server - they now will see the session is in exit state
675 and get out of SendReceive. */
676 wake_up_all(&server->request_q);
677 /* give those requests time to exit */
b8643e1b 678 msleep(125);
50c2f753 679
fb8c4b14 680 if (server->ssocket) {
1da177e4
LT		 681 sock_release(csocket);
682 server->ssocket = NULL;
683 }
b8643e1b 684 /* buffer usuallly freed in free_mid - need to free it here on exit */
a8a11d39
MK		 685 cifs_buf_release(bigbuf);
686 if (smallbuf) /* no sense logging a debug message if NULL */
b8643e1b 687 cifs_small_buf_release(smallbuf);
1da177e4
LT		 688
689 read_lock(&GlobalSMBSeslock);
690 if (list_empty(&server->pending_mid_q)) {
09d1db5c
SF		 691 /* loop through server session structures attached to this and
692 mark them dead */
1da177e4
LT		 693 list_for_each(tmp, &GlobalSMBSessionList) {
694 ses =
695 list_entry(tmp, struct cifsSesInfo,
696 cifsSessionList);
697 if (ses->server == server) {
698 ses->status = CifsExiting;
699 ses->server = NULL;
700 }
701 }
702 read_unlock(&GlobalSMBSeslock);
703 } else {
31ca3bc3
SF		 704 /* although we can not zero the server struct pointer yet,
705 since there are active requests which may depnd on them,
706 mark the corresponding SMB sessions as exiting too */
707 list_for_each(tmp, &GlobalSMBSessionList) {
708 ses = list_entry(tmp, struct cifsSesInfo,
709 cifsSessionList);
26f57364 710 if (ses->server == server)
31ca3bc3 711 ses->status = CifsExiting;
31ca3bc3
SF		 712 }
713
1da177e4
LT		 714 spin_lock(&GlobalMid_Lock);
715 list_for_each(tmp, &server->pending_mid_q) {
716 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
717 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
50c2f753
SF		 718 cFYI(1, ("Clearing Mid 0x%x - waking up ",
719 mid_entry->mid));
1da177e4 720 task_to_wake = mid_entry->tsk;
26f57364 721 if (task_to_wake)
1da177e4 722 wake_up_process(task_to_wake);
1da177e4
LT		 723 }
724 }
725 spin_unlock(&GlobalMid_Lock);
726 read_unlock(&GlobalSMBSeslock);
1da177e4 727 /* 1/8th of sec is more than enough time for them to exit */
b8643e1b 728 msleep(125);
1da177e4
LT		 729 }
730
f191401f 731 if (!list_empty(&server->pending_mid_q)) {
50c2f753 732 /* mpx threads have not exited yet give them
1da177e4 733 at least the smb send timeout time for long ops */
31ca3bc3
SF		 734 /* due to delays on oplock break requests, we need
735 to wait at least 45 seconds before giving up
736 on a request getting a response and going ahead
737 and killing cifsd */
1da177e4 738 cFYI(1, ("Wait for exit from demultiplex thread"));
31ca3bc3 739 msleep(46000);
1da177e4
LT		 740 /* if threads still have not exited they are probably never
741 coming home not much else we can do but free the memory */
742 }
1da177e4 743
31ca3bc3
SF		 744 /* last chance to mark ses pointers invalid
745 if there are any pointing to this (e.g
50c2f753 746 if a crazy root user tried to kill cifsd
31ca3bc3 747 kernel thread explicitly this might happen) */
93d0ec85 748 write_lock(&GlobalSMBSeslock);
31ca3bc3
SF		 749 list_for_each(tmp, &GlobalSMBSessionList) {
750 ses = list_entry(tmp, struct cifsSesInfo,
751 cifsSessionList);
26f57364 752 if (ses->server == server)
31ca3bc3 753 ses->server = NULL;
31ca3bc3 754 }
1da177e4 755 write_unlock(&GlobalSMBSeslock);
31ca3bc3 756
c359cf3c 757 kfree(server->hostname);
31ca3bc3 758 kfree(server);
93d0ec85
JL		 759
760 length = atomic_dec_return(&tcpSesAllocCount);
26f57364
SF		 761 if (length > 0)
762 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
763 GFP_KERNEL);
50c2f753 764
1da177e4
LT		 765 return 0;
766}
767
c359cf3c
JL		 768/* extract the host portion of the UNC string */
769static char *
770extract_hostname(const char *unc)
771{
772 const char *src;
773 char *dst, *delim;
774 unsigned int len;
775
776 /* skip double chars at beginning of string */
777 /* BB: check validity of these bytes? */
778 src = unc + 2;
779
780 /* delimiter between hostname and sharename is always '\\' now */
781 delim = strchr(src, '\\');
782 if (!delim)
783 return ERR_PTR(-EINVAL);
784
785 len = delim - src;
786 dst = kmalloc((len + 1), GFP_KERNEL);
787 if (dst == NULL)
788 return ERR_PTR(-ENOMEM);
789
790 memcpy(dst, src, len);
791 dst[len] = '\0';
792
793 return dst;
794}
795
1da177e4 796static int
50c2f753
SF		 797cifs_parse_mount_options(char *options, const char *devname,
798 struct smb_vol *vol)
1da177e4
LT		 799{
800 char *value;
801 char *data;
802 unsigned int temp_len, i, j;
803 char separator[2];
804
805 separator[0] = ',';
50c2f753 806 separator[1] = 0;
1da177e4 807
12e36b2f 808 if (Local_System_Name[0] != 0)
50c2f753 809 memcpy(vol->source_rfc1001_name, Local_System_Name, 15);
2cd646a2 810 else {
12e36b2f 811 char *nodename = utsname()->nodename;
50c2f753
SF		 812 int n = strnlen(nodename, 15);
813 memset(vol->source_rfc1001_name, 0x20, 15);
814 for (i = 0; i < n; i++) {
2cd646a2
SF		 815 /* does not have to be perfect mapping since field is
816 informational, only used for servers that do not support
817 port 445 and it can be overridden at mount time */
12e36b2f 818 vol->source_rfc1001_name[i] = toupper(nodename[i]);
2cd646a2 819 }
1da177e4
LT		 820 }
821 vol->source_rfc1001_name[15] = 0;
a10faeb2
SF		 822 /* null target name indicates to use *SMBSERVR default called name
823 if we end up sending RFC1001 session initialize */
824 vol->target_rfc1001_name[0] = 0;
1da177e4
LT		 825 vol->linux_uid = current->uid; /* current->euid instead? */
826 vol->linux_gid = current->gid;
827 vol->dir_mode = S_IRWXUGO;
828 /* 2767 perms indicate mandatory locking support */
7505e052 829 vol->file_mode = (S_IRWXUGO | S_ISGID) & (~S_IXGRP);
1da177e4
LT		 830
831 /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
4b18f2a9 832 vol->rw = true;
ac67055e
JA		 833 /* default is always to request posix paths. */
834 vol->posix_paths = 1;
835
1da177e4
LT		 836 if (!options)
837 return 1;
838
50c2f753 839 if (strncmp(options, "sep=", 4) == 0) {
fb8c4b14 840 if (options[4] != 0) {
1da177e4
LT		 841 separator[0] = options[4];
842 options += 5;
843 } else {
467a8f8d 844 cFYI(1, ("Null separator not allowed"));
1da177e4
LT		 845 }
846 }
50c2f753 847
1da177e4
LT		 848 while ((data = strsep(&options, separator)) != NULL) {
849 if (!*data)
850 continue;
851 if ((value = strchr(data, '=')) != NULL)
852 *value++ = '\0';
853
50c2f753
SF		 854 /* Have to parse this before we parse for "user" */
855 if (strnicmp(data, "user_xattr", 10) == 0) {
1da177e4 856 vol->no_xattr = 0;
50c2f753 857 } else if (strnicmp(data, "nouser_xattr", 12) == 0) {
1da177e4
LT		 858 vol->no_xattr = 1;
859 } else if (strnicmp(data, "user", 4) == 0) {
4b952a9b 860 if (!value) {
1da177e4
LT		 861 printk(KERN_WARNING
862 "CIFS: invalid or missing username\n");
863 return 1; /* needs_arg; */
fb8c4b14 864 } else if (!*value) {
4b952a9b
SF		 865 /* null user, ie anonymous, authentication */
866 vol->nullauth = 1;
1da177e4
LT		 867 }
868 if (strnlen(value, 200) < 200) {
869 vol->username = value;
870 } else {
871 printk(KERN_WARNING "CIFS: username too long\n");
872 return 1;
873 }
874 } else if (strnicmp(data, "pass", 4) == 0) {
875 if (!value) {
876 vol->password = NULL;
877 continue;
fb8c4b14 878 } else if (value[0] == 0) {
1da177e4
LT		 879 /* check if string begins with double comma
880 since that would mean the password really
881 does start with a comma, and would not
882 indicate an empty string */
fb8c4b14 883 if (value[1] != separator[0]) {
1da177e4
LT		 884 vol->password = NULL;
885 continue;
886 }
887 }
888 temp_len = strlen(value);
889 /* removed password length check, NTLM passwords
890 can be arbitrarily long */
891
50c2f753 892 /* if comma in password, the string will be
1da177e4
LT		 893 prematurely null terminated. Commas in password are
894 specified across the cifs mount interface by a double
895 comma ie ,, and a comma used as in other cases ie ','
896 as a parameter delimiter/separator is single and due
897 to the strsep above is temporarily zeroed. */
898
899 /* NB: password legally can have multiple commas and
900 the only illegal character in a password is null */
901
50c2f753 902 if ((value[temp_len] == 0) &&
09d1db5c 903 (value[temp_len+1] == separator[0])) {
1da177e4
LT		 904 /* reinsert comma */
905 value[temp_len] = separator[0];
50c2f753
SF		 906 temp_len += 2; /* move after second comma */
907 while (value[temp_len] != 0) {
1da177e4 908 if (value[temp_len] == separator[0]) {
50c2f753 909 if (value[temp_len+1] ==
09d1db5c
SF		 910 separator[0]) {
911 /* skip second comma */
912 temp_len++;
50c2f753 913 } else {
1da177e4
LT		 914 /* single comma indicating start
915 of next parm */
916 break;
917 }
918 }
919 temp_len++;
920 }
fb8c4b14 921 if (value[temp_len] == 0) {
1da177e4
LT		 922 options = NULL;
923 } else {
924 value[temp_len] = 0;
925 /* point option to start of next parm */
926 options = value + temp_len + 1;
927 }
50c2f753 928 /* go from value to value + temp_len condensing
1da177e4
LT		 929 double commas to singles. Note that this ends up
930 allocating a few bytes too many, which is ok */
e915fc49 931 vol->password = kzalloc(temp_len, GFP_KERNEL);
fb8c4b14 932 if (vol->password == NULL) {
50c2f753
SF		 933 printk(KERN_WARNING "CIFS: no memory "
934 "for password\n");
433dc24f
SF		 935 return 1;
936 }
50c2f753 937 for (i = 0, j = 0; i < temp_len; i++, j++) {
1da177e4 938 vol->password[j] = value[i];
fb8c4b14 939 if (value[i] == separator[0]
09d1db5c 940 && value[i+1] == separator[0]) {
1da177e4
LT		 941 /* skip second comma */
942 i++;
943 }
944 }
945 vol->password[j] = 0;
946 } else {
e915fc49 947 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
fb8c4b14 948 if (vol->password == NULL) {
50c2f753
SF		 949 printk(KERN_WARNING "CIFS: no memory "
950 "for password\n");
433dc24f
SF		 951 return 1;
952 }
1da177e4
LT		 953 strcpy(vol->password, value);
954 }
955 } else if (strnicmp(data, "ip", 2) == 0) {
956 if (!value || !*value) {
957 vol->UNCip = NULL;
958 } else if (strnlen(value, 35) < 35) {
959 vol->UNCip = value;
960 } else {
50c2f753
SF		 961 printk(KERN_WARNING "CIFS: ip address "
962 "too long\n");
1da177e4
LT		 963 return 1;
964 }
50c2f753
SF		 965 } else if (strnicmp(data, "sec", 3) == 0) {
966 if (!value || !*value) {
967 cERROR(1, ("no security value specified"));
968 continue;
969 } else if (strnicmp(value, "krb5i", 5) == 0) {
970 vol->secFlg |= CIFSSEC_MAY_KRB5 |
189acaae 971 CIFSSEC_MUST_SIGN;
bf820679 972 } else if (strnicmp(value, "krb5p", 5) == 0) {
50c2f753
SF		 973 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
974 CIFSSEC_MAY_KRB5; */
975 cERROR(1, ("Krb5 cifs privacy not supported"));
bf820679
SF		 976 return 1;
977 } else if (strnicmp(value, "krb5", 4) == 0) {
750d1151 978 vol->secFlg |= CIFSSEC_MAY_KRB5;
bf820679 979 } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
750d1151 980 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
189acaae 981 CIFSSEC_MUST_SIGN;
bf820679 982 } else if (strnicmp(value, "ntlmv2", 6) == 0) {
750d1151 983 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
bf820679 984 } else if (strnicmp(value, "ntlmi", 5) == 0) {
750d1151 985 vol->secFlg |= CIFSSEC_MAY_NTLM |
189acaae 986 CIFSSEC_MUST_SIGN;
bf820679
SF		 987 } else if (strnicmp(value, "ntlm", 4) == 0) {
988 /* ntlm is default so can be turned off too */
750d1151 989 vol->secFlg |= CIFSSEC_MAY_NTLM;
bf820679 990 } else if (strnicmp(value, "nontlm", 6) == 0) {
189acaae 991 /* BB is there a better way to do this? */
750d1151 992 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
189acaae
SF		 993#ifdef CONFIG_CIFS_WEAK_PW_HASH
994 } else if (strnicmp(value, "lanman", 6) == 0) {
50c2f753 995 vol->secFlg |= CIFSSEC_MAY_LANMAN;
189acaae 996#endif
bf820679 997 } else if (strnicmp(value, "none", 4) == 0) {
189acaae 998 vol->nullauth = 1;
50c2f753
SF		 999 } else {
1000 cERROR(1, ("bad security option: %s", value));
1001 return 1;
1002 }
1da177e4
LT		 1003 } else if ((strnicmp(data, "unc", 3) == 0)
1004 || (strnicmp(data, "target", 6) == 0)
1005 || (strnicmp(data, "path", 4) == 0)) {
1006 if (!value || !*value) {
50c2f753
SF		 1007 printk(KERN_WARNING "CIFS: invalid path to "
1008 "network resource\n");
1da177e4
LT		 1009 return 1; /* needs_arg; */
1010 }
1011 if ((temp_len = strnlen(value, 300)) < 300) {
50c2f753 1012 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
4523cc30 1013 if (vol->UNC == NULL)
1da177e4 1014 return 1;
50c2f753 1015 strcpy(vol->UNC, value);
1da177e4
LT		 1016 if (strncmp(vol->UNC, "//", 2) == 0) {
1017 vol->UNC[0] = '\\';
1018 vol->UNC[1] = '\\';
50c2f753 1019 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1da177e4 1020 printk(KERN_WARNING
50c2f753
SF		 1021 "CIFS: UNC Path does not begin "
1022 "with // or \\\\ \n");
1da177e4
LT		 1023 return 1;
1024 }
1025 } else {
1026 printk(KERN_WARNING "CIFS: UNC name too long\n");
1027 return 1;
1028 }
1029 } else if ((strnicmp(data, "domain", 3) == 0)
1030 || (strnicmp(data, "workgroup", 5) == 0)) {
1031 if (!value || !*value) {
1032 printk(KERN_WARNING "CIFS: invalid domain name\n");
1033 return 1; /* needs_arg; */
1034 }
1035 /* BB are there cases in which a comma can be valid in
1036 a domain name and need special handling? */
3979877e 1037 if (strnlen(value, 256) < 256) {
1da177e4
LT		 1038 vol->domainname = value;
1039 cFYI(1, ("Domain name set"));
1040 } else {
50c2f753
SF		 1041 printk(KERN_WARNING "CIFS: domain name too "
1042 "long\n");
1da177e4
LT		 1043 return 1;
1044 }
50c2f753
SF		 1045 } else if (strnicmp(data, "prefixpath", 10) == 0) {
1046 if (!value || !*value) {
1047 printk(KERN_WARNING
1048 "CIFS: invalid path prefix\n");
1049 return 1; /* needs_argument */
1050 }
1051 if ((temp_len = strnlen(value, 1024)) < 1024) {
4523cc30 1052 if (value[0] != '/')
2fe87f02 1053 temp_len++; /* missing leading slash */
50c2f753
SF		 1054 vol->prepath = kmalloc(temp_len+1, GFP_KERNEL);
1055 if (vol->prepath == NULL)
1056 return 1;
4523cc30 1057 if (value[0] != '/') {
2fe87f02 1058 vol->prepath[0] = '/';
50c2f753 1059 strcpy(vol->prepath+1, value);
2fe87f02 1060 } else
50c2f753
SF		 1061 strcpy(vol->prepath, value);
1062 cFYI(1, ("prefix path %s", vol->prepath));
1063 } else {
1064 printk(KERN_WARNING "CIFS: prefix too long\n");
1065 return 1;
1066 }
1da177e4
LT		 1067 } else if (strnicmp(data, "iocharset", 9) == 0) {
1068 if (!value || !*value) {
63135e08
SF		 1069 printk(KERN_WARNING "CIFS: invalid iocharset "
1070 "specified\n");
1da177e4
LT		 1071 return 1; /* needs_arg; */
1072 }
1073 if (strnlen(value, 65) < 65) {
50c2f753 1074 if (strnicmp(value, "default", 7))
1da177e4 1075 vol->iocharset = value;
50c2f753
SF		 1076 /* if iocharset not set then load_nls_default
1077 is used by caller */
1078 cFYI(1, ("iocharset set to %s", value));
1da177e4 1079 } else {
63135e08
SF		 1080 printk(KERN_WARNING "CIFS: iocharset name "
1081 "too long.\n");
1da177e4
LT		 1082 return 1;
1083 }
1084 } else if (strnicmp(data, "uid", 3) == 0) {
1085 if (value && *value) {
1086 vol->linux_uid =
1087 simple_strtoul(value, &value, 0);
4523cc30 1088 vol->override_uid = 1;
1da177e4
LT		 1089 }
1090 } else if (strnicmp(data, "gid", 3) == 0) {
1091 if (value && *value) {
1092 vol->linux_gid =
1093 simple_strtoul(value, &value, 0);
4523cc30 1094 vol->override_gid = 1;
1da177e4
LT		 1095 }
1096 } else if (strnicmp(data, "file_mode", 4) == 0) {
1097 if (value && *value) {
1098 vol->file_mode =
1099 simple_strtoul(value, &value, 0);
1100 }
1101 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1102 if (value && *value) {
1103 vol->dir_mode =
1104 simple_strtoul(value, &value, 0);
1105 }
1106 } else if (strnicmp(data, "dirmode", 4) == 0) {
1107 if (value && *value) {
1108 vol->dir_mode =
1109 simple_strtoul(value, &value, 0);
1110 }
1111 } else if (strnicmp(data, "port", 4) == 0) {
1112 if (value && *value) {
1113 vol->port =
1114 simple_strtoul(value, &value, 0);
1115 }
1116 } else if (strnicmp(data, "rsize", 5) == 0) {
1117 if (value && *value) {
1118 vol->rsize =
1119 simple_strtoul(value, &value, 0);
1120 }
1121 } else if (strnicmp(data, "wsize", 5) == 0) {
1122 if (value && *value) {
1123 vol->wsize =
1124 simple_strtoul(value, &value, 0);
1125 }
1126 } else if (strnicmp(data, "sockopt", 5) == 0) {
1127 if (value && *value) {
1128 vol->sockopt =
1129 simple_strtoul(value, &value, 0);
1130 }
1131 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1132 if (!value || !*value || (*value == ' ')) {
63135e08 1133 cFYI(1, ("invalid (empty) netbiosname"));
1da177e4 1134 } else {
50c2f753
SF		 1135 memset(vol->source_rfc1001_name, 0x20, 15);
1136 for (i = 0; i < 15; i++) {
1137 /* BB are there cases in which a comma can be
1da177e4
LT		 1138 valid in this workstation netbios name (and need
1139 special handling)? */
1140
1141 /* We do not uppercase netbiosname for user */
50c2f753 1142 if (value[i] == 0)
1da177e4 1143 break;
50c2f753
SF		 1144 else
1145 vol->source_rfc1001_name[i] =
1146 value[i];
1da177e4
LT		 1147 }
1148 /* The string has 16th byte zero still from
1149 set at top of the function */
50c2f753
SF		 1150 if ((i == 15) && (value[i] != 0))
1151 printk(KERN_WARNING "CIFS: netbiosname"
1152 " longer than 15 truncated.\n");
a10faeb2
SF		 1153 }
1154 } else if (strnicmp(data, "servern", 7) == 0) {
1155 /* servernetbiosname specified override *SMBSERVER */
1156 if (!value || !*value || (*value == ' ')) {
467a8f8d 1157 cFYI(1, ("empty server netbiosname specified"));
a10faeb2
SF		 1158 } else {
1159 /* last byte, type, is 0x20 for servr type */
50c2f753 1160 memset(vol->target_rfc1001_name, 0x20, 16);
a10faeb2 1161
50c2f753 1162 for (i = 0; i < 15; i++) {
a10faeb2 1163 /* BB are there cases in which a comma can be
50c2f753
SF		 1164 valid in this workstation netbios name
1165 (and need special handling)? */
a10faeb2 1166
50c2f753
SF		 1167 /* user or mount helper must uppercase
1168 the netbiosname */
1169 if (value[i] == 0)
a10faeb2
SF		 1170 break;
1171 else
50c2f753
SF		 1172 vol->target_rfc1001_name[i] =
1173 value[i];
a10faeb2
SF		 1174 }
1175 /* The string has 16th byte zero still from
1176 set at top of the function */
50c2f753
SF		 1177 if ((i == 15) && (value[i] != 0))
1178 printk(KERN_WARNING "CIFS: server net"
1179 "biosname longer than 15 truncated.\n");
1da177e4
LT		 1180 }
1181 } else if (strnicmp(data, "credentials", 4) == 0) {
1182 /* ignore */
1183 } else if (strnicmp(data, "version", 3) == 0) {
1184 /* ignore */
50c2f753 1185 } else if (strnicmp(data, "guest", 5) == 0) {
1da177e4
LT		 1186 /* ignore */
1187 } else if (strnicmp(data, "rw", 2) == 0) {
4b18f2a9 1188 vol->rw = true;
1da177e4
LT		 1189 } else if ((strnicmp(data, "suid", 4) == 0) ||
1190 (strnicmp(data, "nosuid", 6) == 0) ||
1191 (strnicmp(data, "exec", 4) == 0) ||
1192 (strnicmp(data, "noexec", 6) == 0) ||
1193 (strnicmp(data, "nodev", 5) == 0) ||
1194 (strnicmp(data, "noauto", 6) == 0) ||
1195 (strnicmp(data, "dev", 3) == 0)) {
1196 /* The mount tool or mount.cifs helper (if present)
50c2f753
SF		 1197 uses these opts to set flags, and the flags are read
1198 by the kernel vfs layer before we get here (ie
1199 before read super) so there is no point trying to
1200 parse these options again and set anything and it
1201 is ok to just ignore them */
1da177e4
LT		 1202 continue;
1203 } else if (strnicmp(data, "ro", 2) == 0) {
4b18f2a9 1204 vol->rw = false;
1da177e4
LT		 1205 } else if (strnicmp(data, "hard", 4) == 0) {
1206 vol->retry = 1;
1207 } else if (strnicmp(data, "soft", 4) == 0) {
1208 vol->retry = 0;
1209 } else if (strnicmp(data, "perm", 4) == 0) {
1210 vol->noperm = 0;
1211 } else if (strnicmp(data, "noperm", 6) == 0) {
1212 vol->noperm = 1;
6a0b4824
SF		 1213 } else if (strnicmp(data, "mapchars", 8) == 0) {
1214 vol->remap = 1;
1215 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1216 vol->remap = 0;
50c2f753
SF		 1217 } else if (strnicmp(data, "sfu", 3) == 0) {
1218 vol->sfu_emul = 1;
1219 } else if (strnicmp(data, "nosfu", 5) == 0) {
1220 vol->sfu_emul = 0;
ac67055e
JA		 1221 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1222 vol->posix_paths = 1;
1223 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1224 vol->posix_paths = 0;
c18c842b
SF		 1225 } else if (strnicmp(data, "nounix", 6) == 0) {
1226 vol->no_linux_ext = 1;
1227 } else if (strnicmp(data, "nolinux", 7) == 0) {
1228 vol->no_linux_ext = 1;
50c2f753 1229 } else if ((strnicmp(data, "nocase", 6) == 0) ||
a10faeb2 1230 (strnicmp(data, "ignorecase", 10) == 0)) {
50c2f753 1231 vol->nocase = 1;
c46fa8ac
SF		 1232 } else if (strnicmp(data, "brl", 3) == 0) {
1233 vol->nobrl = 0;
50c2f753 1234 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1c955187 1235 (strnicmp(data, "nolock", 6) == 0)) {
c46fa8ac 1236 vol->nobrl = 1;
d3485d37
SF		 1237 /* turn off mandatory locking in mode
1238 if remote locking is turned off since the
1239 local vfs will do advisory */
50c2f753
SF		 1240 if (vol->file_mode ==
1241 (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
d3485d37 1242 vol->file_mode = S_IALLUGO;
1da177e4
LT		 1243 } else if (strnicmp(data, "setuids", 7) == 0) {
1244 vol->setuids = 1;
1245 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1246 vol->setuids = 0;
d0a9c078
JL		 1247 } else if (strnicmp(data, "dynperm", 7) == 0) {
1248 vol->dynperm = true;
1249 } else if (strnicmp(data, "nodynperm", 9) == 0) {
1250 vol->dynperm = false;
1da177e4
LT		 1251 } else if (strnicmp(data, "nohard", 6) == 0) {
1252 vol->retry = 0;
1253 } else if (strnicmp(data, "nosoft", 6) == 0) {
1254 vol->retry = 1;
1255 } else if (strnicmp(data, "nointr", 6) == 0) {
1256 vol->intr = 0;
1257 } else if (strnicmp(data, "intr", 4) == 0) {
1258 vol->intr = 1;
50c2f753 1259 } else if (strnicmp(data, "serverino", 7) == 0) {
1da177e4 1260 vol->server_ino = 1;
50c2f753 1261 } else if (strnicmp(data, "noserverino", 9) == 0) {
1da177e4 1262 vol->server_ino = 0;
50c2f753 1263 } else if (strnicmp(data, "cifsacl", 7) == 0) {
0a4b92c0
SF		 1264 vol->cifs_acl = 1;
1265 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1266 vol->cifs_acl = 0;
50c2f753 1267 } else if (strnicmp(data, "acl", 3) == 0) {
1da177e4 1268 vol->no_psx_acl = 0;
50c2f753 1269 } else if (strnicmp(data, "noacl", 5) == 0) {
1da177e4 1270 vol->no_psx_acl = 1;
50c2f753 1271 } else if (strnicmp(data, "sign", 4) == 0) {
750d1151 1272 vol->secFlg |= CIFSSEC_MUST_SIGN;
95b1cb90
SF		 1273 } else if (strnicmp(data, "seal", 4) == 0) {
1274 /* we do not do the following in secFlags because seal
1275 is a per tree connection (mount) not a per socket
1276 or per-smb connection option in the protocol */
1277 /* vol->secFlg |= CIFSSEC_MUST_SEAL; */
1278 vol->seal = 1;
50c2f753 1279 } else if (strnicmp(data, "direct", 6) == 0) {
1da177e4 1280 vol->direct_io = 1;
50c2f753 1281 } else if (strnicmp(data, "forcedirectio", 13) == 0) {
1da177e4 1282 vol->direct_io = 1;
50c2f753 1283 } else if (strnicmp(data, "in6_addr", 8) == 0) {
1da177e4
LT		 1284 if (!value || !*value) {
1285 vol->in6_addr = NULL;
1286 } else if (strnlen(value, 49) == 48) {
1287 vol->in6_addr = value;
1288 } else {
50c2f753
SF		 1289 printk(KERN_WARNING "CIFS: ip v6 address not "
1290 "48 characters long\n");
1da177e4
LT		 1291 return 1;
1292 }
1293 } else if (strnicmp(data, "noac", 4) == 0) {
50c2f753
SF		 1294 printk(KERN_WARNING "CIFS: Mount option noac not "
1295 "supported. Instead set "
1296 "/proc/fs/cifs/LookupCacheEnabled to 0\n");
1da177e4 1297 } else
50c2f753
SF		 1298 printk(KERN_WARNING "CIFS: Unknown mount option %s\n",
1299 data);
1da177e4
LT		 1300 }
1301 if (vol->UNC == NULL) {
4523cc30 1302 if (devname == NULL) {
50c2f753
SF		 1303 printk(KERN_WARNING "CIFS: Missing UNC name for mount "
1304 "target\n");
1da177e4
LT		 1305 return 1;
1306 }
1307 if ((temp_len = strnlen(devname, 300)) < 300) {
50c2f753 1308 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
4523cc30 1309 if (vol->UNC == NULL)
1da177e4 1310 return 1;
50c2f753 1311 strcpy(vol->UNC, devname);
1da177e4
LT		 1312 if (strncmp(vol->UNC, "//", 2) == 0) {
1313 vol->UNC[0] = '\\';
1314 vol->UNC[1] = '\\';
1315 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
50c2f753
SF		 1316 printk(KERN_WARNING "CIFS: UNC Path does not "
1317 "begin with // or \\\\ \n");
1da177e4
LT		 1318 return 1;
1319 }
7c5e628f
IM		 1320 value = strpbrk(vol->UNC+2, "/\\");
1321 if (value)
1322 *value = '\\';
1da177e4
LT		 1323 } else {
1324 printk(KERN_WARNING "CIFS: UNC name too long\n");
1325 return 1;
1326 }
1327 }
fb8c4b14 1328 if (vol->UNCip == NULL)
1da177e4
LT		 1329 vol->UNCip = &vol->UNC[2];
1330
1331 return 0;
1332}
1333
1334static struct cifsSesInfo *
50c2f753 1335cifs_find_tcp_session(struct in_addr *target_ip_addr,
1b20d672
CG		 1336 struct in6_addr *target_ip6_addr,
1337 char *userName, struct TCP_Server_Info **psrvTcp)
1da177e4
LT		 1338{
1339 struct list_head *tmp;
1340 struct cifsSesInfo *ses;
1b20d672 1341
1da177e4 1342 *psrvTcp = NULL;
1da177e4 1343
1b20d672 1344 read_lock(&GlobalSMBSeslock);
1da177e4
LT		 1345 list_for_each(tmp, &GlobalSMBSessionList) {
1346 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
1b20d672
CG		 1347 if (!ses->server)
1348 continue;
1349
1350 if (target_ip_addr &&
1351 ses->server->addr.sockAddr.sin_addr.s_addr != target_ip_addr->s_addr)
1352 continue;
1353 else if (target_ip6_addr &&
1354 memcmp(&ses->server->addr.sockAddr6.sin6_addr,
1355 target_ip6_addr, sizeof(*target_ip6_addr)))
1356 continue;
02eadeff 1357 /* BB lock server and tcp session; increment use count here?? */
1b20d672
CG		 1358
1359 /* found a match on the TCP session */
1360 *psrvTcp = ses->server;
1361
1362 /* BB check if reconnection needed */
1363 if (strncmp(ses->userName, userName, MAX_USERNAME_SIZE) == 0) {
1364 read_unlock(&GlobalSMBSeslock);
1365 /* Found exact match on both TCP and
1366 SMB sessions */
1367 return ses;
1da177e4
LT		 1368 }
1369 /* else tcp and smb sessions need reconnection */
1370 }
1371 read_unlock(&GlobalSMBSeslock);
1b20d672 1372
1da177e4
LT		 1373 return NULL;
1374}
1375
1376static struct cifsTconInfo *
1377find_unc(__be32 new_target_ip_addr, char *uncName, char *userName)
1378{
1379 struct list_head *tmp;
1380 struct cifsTconInfo *tcon;
dea570e0 1381 __be32 old_ip;
1da177e4
LT		 1382
1383 read_lock(&GlobalSMBSeslock);
dea570e0 1384
1da177e4 1385 list_for_each(tmp, &GlobalTreeConnectionList) {
e466e487 1386 cFYI(1, ("Next tcon"));
1da177e4 1387 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
dea570e0
SF		 1388 if (!tcon->ses || !tcon->ses->server)
1389 continue;
1390
1391 old_ip = tcon->ses->server->addr.sockAddr.sin_addr.s_addr;
1392 cFYI(1, ("old ip addr: %x == new ip %x ?",
1393 old_ip, new_target_ip_addr));
1394
1395 if (old_ip != new_target_ip_addr)
1396 continue;
1397
1398 /* BB lock tcon, server, tcp session and increment use count? */
1399 /* found a match on the TCP session */
1400 /* BB check if reconnection needed */
1401 cFYI(1, ("IP match, old UNC: %s new: %s",
1402 tcon->treeName, uncName));
1403
1404 if (strncmp(tcon->treeName, uncName, MAX_TREE_SIZE))
1405 continue;
1406
1407 cFYI(1, ("and old usr: %s new: %s",
1408 tcon->treeName, uncName));
1409
1410 if (strncmp(tcon->ses->userName, userName, MAX_USERNAME_SIZE))
1411 continue;
1412
1413 /* matched smb session (user name) */
1414 read_unlock(&GlobalSMBSeslock);
1415 return tcon;
1da177e4 1416 }
dea570e0 1417
1da177e4
LT		 1418 read_unlock(&GlobalSMBSeslock);
1419 return NULL;
1420}
1421
1da177e4 1422int
50c2f753
SF		 1423get_dfs_path(int xid, struct cifsSesInfo *pSesInfo, const char *old_path,
1424 const struct nls_table *nls_codepage, unsigned int *pnum_referrals,
366781c1 1425 struct dfs_info3_param **preferrals, int remap)
1da177e4
LT		 1426{
1427 char *temp_unc;
1428 int rc = 0;
1429
1430 *pnum_referrals = 0;
366781c1 1431 *preferrals = NULL;
1da177e4
LT		 1432
1433 if (pSesInfo->ipc_tid == 0) {
1434 temp_unc = kmalloc(2 /* for slashes */ +
50c2f753
SF		 1435 strnlen(pSesInfo->serverName,
1436 SERVER_NAME_LEN_WITH_NULL * 2)
1da177e4
LT		 1437 + 1 + 4 /* slash IPC$ */ + 2,
1438 GFP_KERNEL);
1439 if (temp_unc == NULL)
1440 return -ENOMEM;
1441 temp_unc[0] = '\\';
1442 temp_unc[1] = '\\';
1443 strcpy(temp_unc + 2, pSesInfo->serverName);
1444 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
1445 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
1446 cFYI(1,
50c2f753 1447 ("CIFS Tcon rc = %d ipc_tid = %d", rc, pSesInfo->ipc_tid));
1da177e4
LT		 1448 kfree(temp_unc);
1449 }
1450 if (rc == 0)
c2cf07d5 1451 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
737b758c 1452 pnum_referrals, nls_codepage, remap);
366781c1
SF		 1453 /* BB map targetUNCs to dfs_info3 structures, here or
1454 in CIFSGetDFSRefer BB */
1da177e4
LT		 1455
1456 return rc;
1457}
1458
09e50d55
JL		 1459#ifdef CONFIG_DEBUG_LOCK_ALLOC
1460static struct lock_class_key cifs_key[2];
1461static struct lock_class_key cifs_slock_key[2];
1462
1463static inline void
1464cifs_reclassify_socket4(struct socket *sock)
1465{
1466 struct sock *sk = sock->sk;
1467 BUG_ON(sock_owned_by_user(sk));
1468 sock_lock_init_class_and_name(sk, "slock-AF_INET-CIFS",
1469 &cifs_slock_key[0], "sk_lock-AF_INET-CIFS", &cifs_key[0]);
1470}
1471
1472static inline void
1473cifs_reclassify_socket6(struct socket *sock)
1474{
1475 struct sock *sk = sock->sk;
1476 BUG_ON(sock_owned_by_user(sk));
1477 sock_lock_init_class_and_name(sk, "slock-AF_INET6-CIFS",
1478 &cifs_slock_key[1], "sk_lock-AF_INET6-CIFS", &cifs_key[1]);
1479}
1480#else
1481static inline void
1482cifs_reclassify_socket4(struct socket *sock)
1483{
1484}
1485
1486static inline void
1487cifs_reclassify_socket6(struct socket *sock)
1488{
1489}
1490#endif
1491
1da177e4 1492/* See RFC1001 section 14 on representation of Netbios names */
50c2f753 1493static void rfc1002mangle(char *target, char *source, unsigned int length)
1da177e4 1494{
50c2f753 1495 unsigned int i, j;
1da177e4 1496
50c2f753 1497 for (i = 0, j = 0; i < (length); i++) {
1da177e4
LT		 1498 /* mask a nibble at a time and encode */
1499 target[j] = 'A' + (0x0F & (source[i] >> 4));
1500 target[j+1] = 'A' + (0x0F & source[i]);
50c2f753 1501 j += 2;
1da177e4
LT		 1502 }
1503
1504}
1505
1506
1507static int
50c2f753
SF		 1508ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket,
1509 char *netbios_name, char *target_name)
1da177e4
LT		 1510{
1511 int rc = 0;
1512 int connected = 0;
1513 __be16 orig_port = 0;
1514
fb8c4b14 1515 if (*csocket == NULL) {
50c2f753
SF		 1516 rc = sock_create_kern(PF_INET, SOCK_STREAM,
1517 IPPROTO_TCP, csocket);
1da177e4 1518 if (rc < 0) {
50c2f753 1519 cERROR(1, ("Error %d creating socket", rc));
1da177e4
LT		 1520 *csocket = NULL;
1521 return rc;
1522 } else {
1523 /* BB other socket options to set KEEPALIVE, NODELAY? */
467a8f8d 1524 cFYI(1, ("Socket created"));
50c2f753 1525 (*csocket)->sk->sk_allocation = GFP_NOFS;
09e50d55 1526 cifs_reclassify_socket4(*csocket);
1da177e4
LT		 1527 }
1528 }
1529
1530 psin_server->sin_family = AF_INET;
fb8c4b14 1531 if (psin_server->sin_port) { /* user overrode default port */
1da177e4
LT		 1532 rc = (*csocket)->ops->connect(*csocket,
1533 (struct sockaddr *) psin_server,
6345a3a8 1534 sizeof(struct sockaddr_in), 0);
1da177e4
LT		 1535 if (rc >= 0)
1536 connected = 1;
50c2f753 1537 }
1da177e4 1538
fb8c4b14 1539 if (!connected) {
50c2f753 1540 /* save original port so we can retry user specified port
1da177e4
LT		 1541 later if fall back ports fail this time */
1542 orig_port = psin_server->sin_port;
1543
1544 /* do not retry on the same port we just failed on */
fb8c4b14 1545 if (psin_server->sin_port != htons(CIFS_PORT)) {
1da177e4
LT		 1546 psin_server->sin_port = htons(CIFS_PORT);
1547
1548 rc = (*csocket)->ops->connect(*csocket,
1549 (struct sockaddr *) psin_server,
6345a3a8 1550 sizeof(struct sockaddr_in), 0);
1da177e4
LT		 1551 if (rc >= 0)
1552 connected = 1;
1553 }
1554 }
1555 if (!connected) {
1556 psin_server->sin_port = htons(RFC1001_PORT);
1557 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
50c2f753 1558 psin_server,
6345a3a8 1559 sizeof(struct sockaddr_in), 0);
50c2f753 1560 if (rc >= 0)
1da177e4
LT		 1561 connected = 1;
1562 }
1563
1564 /* give up here - unless we want to retry on different
1565 protocol families some day */
1566 if (!connected) {
fb8c4b14 1567 if (orig_port)
1da177e4 1568 psin_server->sin_port = orig_port;
50c2f753 1569 cFYI(1, ("Error %d connecting to server via ipv4", rc));
1da177e4
LT		 1570 sock_release(*csocket);
1571 *csocket = NULL;
1572 return rc;
1573 }
50c2f753
SF		 1574 /* Eventually check for other socket options to change from
1575 the default. sock_setsockopt not used because it expects
1da177e4 1576 user space buffer */
50c2f753
SF		 1577 cFYI(1, ("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",
1578 (*csocket)->sk->sk_sndbuf,
b387eaeb 1579 (*csocket)->sk->sk_rcvbuf, (*csocket)->sk->sk_rcvtimeo));
1da177e4 1580 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
b387eaeb 1581 /* make the bufsizes depend on wsize/rsize and max requests */
fb8c4b14 1582 if ((*csocket)->sk->sk_sndbuf < (200 * 1024))
b387eaeb 1583 (*csocket)->sk->sk_sndbuf = 200 * 1024;
fb8c4b14 1584 if ((*csocket)->sk->sk_rcvbuf < (140 * 1024))
b387eaeb 1585 (*csocket)->sk->sk_rcvbuf = 140 * 1024;
1da177e4
LT		 1586
1587 /* send RFC1001 sessinit */
fb8c4b14 1588 if (psin_server->sin_port == htons(RFC1001_PORT)) {
1da177e4 1589 /* some servers require RFC1001 sessinit before sending
50c2f753 1590 negprot - BB check reconnection in case where second
1da177e4 1591 sessinit is sent but no second negprot */
50c2f753
SF		 1592 struct rfc1002_session_packet *ses_init_buf;
1593 struct smb_hdr *smb_buf;
1594 ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet),
1595 GFP_KERNEL);
fb8c4b14 1596 if (ses_init_buf) {
1da177e4 1597 ses_init_buf->trailer.session_req.called_len = 32;
fb8c4b14 1598 if (target_name && (target_name[0] != 0)) {
a10faeb2
SF		 1599 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1600 target_name, 16);
1601 } else {
1602 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
50c2f753 1603 DEFAULT_CIFS_CALLED_NAME, 16);
a10faeb2
SF		 1604 }
1605
1da177e4
LT		 1606 ses_init_buf->trailer.session_req.calling_len = 32;
1607 /* calling name ends in null (byte 16) from old smb
1608 convention. */
50c2f753 1609 if (netbios_name && (netbios_name[0] != 0)) {
1da177e4 1610 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
50c2f753 1611 netbios_name, 16);
1da177e4
LT		 1612 } else {
1613 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
50c2f753 1614 "LINUX_CIFS_CLNT", 16);
1da177e4
LT		 1615 }
1616 ses_init_buf->trailer.session_req.scope1 = 0;
1617 ses_init_buf->trailer.session_req.scope2 = 0;
1618 smb_buf = (struct smb_hdr *)ses_init_buf;
1619 /* sizeof RFC1002_SESSION_REQUEST with no scope */
1620 smb_buf->smb_buf_length = 0x81000044;
1621 rc = smb_send(*csocket, smb_buf, 0x44,
1622 (struct sockaddr *)psin_server);
1623 kfree(ses_init_buf);
50c2f753 1624 msleep(1); /* RFC1001 layer in at least one server
083d3a2c
SF		 1625 requires very short break before negprot
1626 presumably because not expecting negprot
1627 to follow so fast. This is a simple
50c2f753 1628 solution that works without
083d3a2c
SF		 1629 complicating the code and causes no
1630 significant slowing down on mount
1631 for everyone else */
1da177e4 1632 }
50c2f753 1633 /* else the negprot may still work without this
1da177e4 1634 even though malloc failed */
50c2f753 1635
1da177e4 1636 }
50c2f753 1637
1da177e4
LT		 1638 return rc;
1639}
1640
1641static int
1642ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket)
1643{
1644 int rc = 0;
1645 int connected = 0;
1646 __be16 orig_port = 0;
1647
fb8c4b14 1648 if (*csocket == NULL) {
50c2f753
SF		 1649 rc = sock_create_kern(PF_INET6, SOCK_STREAM,
1650 IPPROTO_TCP, csocket);
1da177e4 1651 if (rc < 0) {
50c2f753 1652 cERROR(1, ("Error %d creating ipv6 socket", rc));
1da177e4
LT		 1653 *csocket = NULL;
1654 return rc;
1655 } else {
1656 /* BB other socket options to set KEEPALIVE, NODELAY? */
fb8c4b14 1657 cFYI(1, ("ipv6 Socket created"));
1da177e4 1658 (*csocket)->sk->sk_allocation = GFP_NOFS;
09e50d55 1659 cifs_reclassify_socket6(*csocket);
1da177e4
LT		 1660 }
1661 }
1662
1663 psin_server->sin6_family = AF_INET6;
1664
fb8c4b14 1665 if (psin_server->sin6_port) { /* user overrode default port */
1da177e4
LT		 1666 rc = (*csocket)->ops->connect(*csocket,
1667 (struct sockaddr *) psin_server,
6345a3a8 1668 sizeof(struct sockaddr_in6), 0);
1da177e4
LT		 1669 if (rc >= 0)
1670 connected = 1;
50c2f753 1671 }
1da177e4 1672
fb8c4b14 1673 if (!connected) {
50c2f753 1674 /* save original port so we can retry user specified port
1da177e4
LT		 1675 later if fall back ports fail this time */
1676
1677 orig_port = psin_server->sin6_port;
1678 /* do not retry on the same port we just failed on */
fb8c4b14 1679 if (psin_server->sin6_port != htons(CIFS_PORT)) {
1da177e4
LT		 1680 psin_server->sin6_port = htons(CIFS_PORT);
1681
1682 rc = (*csocket)->ops->connect(*csocket,
1683 (struct sockaddr *) psin_server,
6345a3a8 1684 sizeof(struct sockaddr_in6), 0);
1da177e4
LT		 1685 if (rc >= 0)
1686 connected = 1;
1687 }
1688 }
1689 if (!connected) {
1690 psin_server->sin6_port = htons(RFC1001_PORT);
1691 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
6345a3a8 1692 psin_server, sizeof(struct sockaddr_in6), 0);
50c2f753 1693 if (rc >= 0)
1da177e4
LT		 1694 connected = 1;
1695 }
1696
1697 /* give up here - unless we want to retry on different
1698 protocol families some day */
1699 if (!connected) {
fb8c4b14 1700 if (orig_port)
1da177e4 1701 psin_server->sin6_port = orig_port;
50c2f753 1702 cFYI(1, ("Error %d connecting to server via ipv6", rc));
1da177e4
LT		 1703 sock_release(*csocket);
1704 *csocket = NULL;
1705 return rc;
1706 }
50c2f753
SF		 1707 /* Eventually check for other socket options to change from
1708 the default. sock_setsockopt not used because it expects
1da177e4
LT		 1709 user space buffer */
1710 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
50c2f753 1711
1da177e4
LT		 1712 return rc;
1713}
1714
50c2f753
SF		 1715void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon,
1716 struct super_block *sb, struct smb_vol *vol_info)
8af18971
SF		 1717{
1718 /* if we are reconnecting then should we check to see if
1719 * any requested capabilities changed locally e.g. via
1720 * remount but we can not do much about it here
1721 * if they have (even if we could detect it by the following)
1722 * Perhaps we could add a backpointer to array of sb from tcon
1723 * or if we change to make all sb to same share the same
1724 * sb as NFS - then we only have one backpointer to sb.
1725 * What if we wanted to mount the server share twice once with
1726 * and once without posixacls or posix paths? */
1727 __u64 saved_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
50c2f753 1728
c18c842b
SF		 1729 if (vol_info && vol_info->no_linux_ext) {
1730 tcon->fsUnixInfo.Capability = 0;
1731 tcon->unix_ext = 0; /* Unix Extensions disabled */
1732 cFYI(1, ("Linux protocol extensions disabled"));
1733 return;
1734 } else if (vol_info)
1735 tcon->unix_ext = 1; /* Unix Extensions supported */
1736
1737 if (tcon->unix_ext == 0) {
1738 cFYI(1, ("Unix extensions disabled so not set on reconnect"));
1739 return;
1740 }
50c2f753 1741
fb8c4b14 1742 if (!CIFSSMBQFSUnixInfo(xid, tcon)) {
8af18971 1743 __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
50c2f753 1744
8af18971
SF		 1745 /* check for reconnect case in which we do not
1746 want to change the mount behavior if we can avoid it */
fb8c4b14 1747 if (vol_info == NULL) {
50c2f753 1748 /* turn off POSIX ACL and PATHNAMES if not set
8af18971
SF		 1749 originally at mount time */
1750 if ((saved_cap & CIFS_UNIX_POSIX_ACL_CAP) == 0)
1751 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
11b6d645
IM		 1752 if ((saved_cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
1753 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
1754 cERROR(1, ("POSIXPATH support change"));
8af18971 1755 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
11b6d645
IM		 1756 } else if ((cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
1757 cERROR(1, ("possible reconnect error"));
1758 cERROR(1,
1759 ("server disabled POSIX path support"));
1760 }
8af18971 1761 }
50c2f753 1762
8af18971 1763 cap &= CIFS_UNIX_CAP_MASK;
75865f8c 1764 if (vol_info && vol_info->no_psx_acl)
8af18971 1765 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
75865f8c 1766 else if (CIFS_UNIX_POSIX_ACL_CAP & cap) {
fb8c4b14
SF		 1767 cFYI(1, ("negotiated posix acl support"));
1768 if (sb)
8af18971
SF		 1769 sb->s_flags |= MS_POSIXACL;
1770 }
1771
75865f8c 1772 if (vol_info && vol_info->posix_paths == 0)
8af18971 1773 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
75865f8c 1774 else if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
fb8c4b14 1775 cFYI(1, ("negotiate posix pathnames"));
75865f8c 1776 if (sb)
50c2f753 1777 CIFS_SB(sb)->mnt_cifs_flags |=
8af18971
SF		 1778 CIFS_MOUNT_POSIX_PATHS;
1779 }
50c2f753 1780
984acfe1
SF		 1781 /* We might be setting the path sep back to a different
1782 form if we are reconnecting and the server switched its
50c2f753 1783 posix path capability for this share */
75865f8c 1784 if (sb && (CIFS_SB(sb)->prepathlen > 0))
984acfe1 1785 CIFS_SB(sb)->prepath[0] = CIFS_DIR_SEP(CIFS_SB(sb));
75865f8c
SF		 1786
1787 if (sb && (CIFS_SB(sb)->rsize > 127 * 1024)) {
1788 if ((cap & CIFS_UNIX_LARGE_READ_CAP) == 0) {
1789 CIFS_SB(sb)->rsize = 127 * 1024;
90c81e0b
SF		 1790 cFYI(DBG2,
1791 ("larger reads not supported by srv"));
75865f8c
SF		 1792 }
1793 }
50c2f753
SF		 1794
1795
1796 cFYI(1, ("Negotiate caps 0x%x", (int)cap));
8af18971 1797#ifdef CONFIG_CIFS_DEBUG2
75865f8c 1798 if (cap & CIFS_UNIX_FCNTL_CAP)
fb8c4b14 1799 cFYI(1, ("FCNTL cap"));
75865f8c 1800 if (cap & CIFS_UNIX_EXTATTR_CAP)
fb8c4b14 1801 cFYI(1, ("EXTATTR cap"));
75865f8c 1802 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
fb8c4b14 1803 cFYI(1, ("POSIX path cap"));
75865f8c 1804 if (cap & CIFS_UNIX_XATTR_CAP)
fb8c4b14 1805 cFYI(1, ("XATTR cap"));
75865f8c 1806 if (cap & CIFS_UNIX_POSIX_ACL_CAP)
fb8c4b14 1807 cFYI(1, ("POSIX ACL cap"));
75865f8c 1808 if (cap & CIFS_UNIX_LARGE_READ_CAP)
fb8c4b14 1809 cFYI(1, ("very large read cap"));
75865f8c 1810 if (cap & CIFS_UNIX_LARGE_WRITE_CAP)
fb8c4b14 1811 cFYI(1, ("very large write cap"));
8af18971
SF		 1812#endif /* CIFS_DEBUG2 */
1813 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
442aa310 1814 if (vol_info == NULL) {
5a44b319 1815 cFYI(1, ("resetting capabilities failed"));
442aa310 1816 } else
5a44b319
SF		 1817 cERROR(1, ("Negotiating Unix capabilities "
1818 "with the server failed. Consider "
1819 "mounting with the Unix Extensions\n"
1820 "disabled, if problems are found, "
1821 "by specifying the nounix mount "
2224f4e5 1822 "option."));
5a44b319 1823
8af18971
SF		 1824 }
1825 }
1826}
1827
03a143c9
SF		 1828static void
1829convert_delimiter(char *path, char delim)
1830{
1831 int i;
c2d68ea6 1832 char old_delim;
03a143c9
SF		 1833
1834 if (path == NULL)
1835 return;
1836
582d21e5 1837 if (delim == '/')
c2d68ea6
SF		 1838 old_delim = '\\';
1839 else
1840 old_delim = '/';
1841
03a143c9 1842 for (i = 0; path[i] != '\0'; i++) {
c2d68ea6 1843 if (path[i] == old_delim)
03a143c9
SF		 1844 path[i] = delim;
1845 }
1846}
1847
1da177e4
LT		 1848int
1849cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
1850 char *mount_data, const char *devname)
1851{
1852 int rc = 0;
1853 int xid;
1854 int address_type = AF_INET;
1855 struct socket *csocket = NULL;
1856 struct sockaddr_in sin_server;
1857 struct sockaddr_in6 sin_server6;
1858 struct smb_vol volume_info;
1859 struct cifsSesInfo *pSesInfo = NULL;
1860 struct cifsSesInfo *existingCifsSes = NULL;
1861 struct cifsTconInfo *tcon = NULL;
1862 struct TCP_Server_Info *srvTcp = NULL;
1863
1864 xid = GetXid();
1865
1866/* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */
50c2f753
SF		 1867
1868 memset(&volume_info, 0, sizeof(struct smb_vol));
1da177e4 1869 if (cifs_parse_mount_options(mount_data, devname, &volume_info)) {
70fe7dc0
JL		 1870 rc = -EINVAL;
1871 goto out;
1da177e4
LT		 1872 }
1873
8426c39c 1874 if (volume_info.nullauth) {
fb8c4b14 1875 cFYI(1, ("null user"));
9b8f5f57 1876 volume_info.username = "";
8426c39c 1877 } else if (volume_info.username) {
1da177e4 1878 /* BB fixme parse for domain name here */
467a8f8d 1879 cFYI(1, ("Username: %s", volume_info.username));
1da177e4 1880 } else {
bf820679 1881 cifserror("No username specified");
50c2f753
SF		 1882 /* In userspace mount helper we can get user name from alternate
1883 locations such as env variables and files on disk */
70fe7dc0
JL		 1884 rc = -EINVAL;
1885 goto out;
1da177e4
LT		 1886 }
1887
1888 if (volume_info.UNCip && volume_info.UNC) {
50c2f753
SF		 1889 rc = cifs_inet_pton(AF_INET, volume_info.UNCip,
1890 &sin_server.sin_addr.s_addr);
1da177e4 1891
fb8c4b14 1892 if (rc <= 0) {
1da177e4 1893 /* not ipv4 address, try ipv6 */
50c2f753
SF		 1894 rc = cifs_inet_pton(AF_INET6, volume_info.UNCip,
1895 &sin_server6.sin6_addr.in6_u);
fb8c4b14 1896 if (rc > 0)
1da177e4
LT		 1897 address_type = AF_INET6;
1898 } else {
1899 address_type = AF_INET;
1900 }
50c2f753 1901
fb8c4b14 1902 if (rc <= 0) {
1da177e4 1903 /* we failed translating address */
70fe7dc0
JL		 1904 rc = -EINVAL;
1905 goto out;
1da177e4
LT		 1906 }
1907
1908 cFYI(1, ("UNC: %s ip: %s", volume_info.UNC, volume_info.UNCip));
1909 /* success */
1910 rc = 0;
50c2f753
SF		 1911 } else if (volume_info.UNCip) {
1912 /* BB using ip addr as server name to connect to the
1913 DFS root below */
1914 cERROR(1, ("Connecting to DFS root not implemented yet"));
70fe7dc0
JL		 1915 rc = -EINVAL;
1916 goto out;
1da177e4
LT		 1917 } else /* which servers DFS root would we conect to */ {
1918 cERROR(1,
50c2f753
SF		 1919 ("CIFS mount error: No UNC path (e.g. -o "
1920 "unc=//192.168.1.100/public) specified"));
70fe7dc0
JL		 1921 rc = -EINVAL;
1922 goto out;
1da177e4
LT		 1923 }
1924
1925 /* this is needed for ASCII cp to Unicode converts */
fb8c4b14 1926 if (volume_info.iocharset == NULL) {
1da177e4
LT		 1927 cifs_sb->local_nls = load_nls_default();
1928 /* load_nls_default can not return null */
1929 } else {
1930 cifs_sb->local_nls = load_nls(volume_info.iocharset);
fb8c4b14 1931 if (cifs_sb->local_nls == NULL) {
50c2f753
SF		 1932 cERROR(1, ("CIFS mount error: iocharset %s not found",
1933 volume_info.iocharset));
70fe7dc0
JL		 1934 rc = -ELIBACC;
1935 goto out;
1da177e4
LT		 1936 }
1937 }
1938
fb8c4b14 1939 if (address_type == AF_INET)
1da177e4
LT		 1940 existingCifsSes = cifs_find_tcp_session(&sin_server.sin_addr,
1941 NULL /* no ipv6 addr */,
1942 volume_info.username, &srvTcp);
fb8c4b14
SF		 1943 else if (address_type == AF_INET6) {
1944 cFYI(1, ("looking for ipv6 address"));
1da177e4
LT		 1945 existingCifsSes = cifs_find_tcp_session(NULL /* no ipv4 addr */,
1946 &sin_server6.sin6_addr,
1947 volume_info.username, &srvTcp);
5858ae44 1948 } else {
70fe7dc0
JL		 1949 rc = -EINVAL;
1950 goto out;
1da177e4
LT		 1951 }
1952
1da177e4 1953 if (srvTcp) {
50c2f753 1954 cFYI(1, ("Existing tcp session with server found"));
1da177e4 1955 } else { /* create socket */
4523cc30 1956 if (volume_info.port)
1da177e4
LT		 1957 sin_server.sin_port = htons(volume_info.port);
1958 else
1959 sin_server.sin_port = 0;
5858ae44 1960 if (address_type == AF_INET6) {
fb8c4b14 1961 cFYI(1, ("attempting ipv6 connect"));
5858ae44
SF		 1962 /* BB should we allow ipv6 on port 139? */
1963 /* other OS never observed in Wild doing 139 with v6 */
50c2f753
SF		 1964 rc = ipv6_connect(&sin_server6, &csocket);
1965 } else
1966 rc = ipv4_connect(&sin_server, &csocket,
a10faeb2
SF		 1967 volume_info.source_rfc1001_name,
1968 volume_info.target_rfc1001_name);
1da177e4 1969 if (rc < 0) {
50c2f753
SF		 1970 cERROR(1, ("Error connecting to IPv4 socket. "
1971 "Aborting operation"));
4523cc30 1972 if (csocket != NULL)
1da177e4 1973 sock_release(csocket);
70fe7dc0 1974 goto out;
1da177e4
LT		 1975 }
1976
a8a11d39
MK		 1977 srvTcp = kzalloc(sizeof(struct TCP_Server_Info), GFP_KERNEL);
1978 if (!srvTcp) {
1da177e4
LT		 1979 rc = -ENOMEM;
1980 sock_release(csocket);
70fe7dc0 1981 goto out;
1da177e4 1982 } else {
50c2f753 1983 memcpy(&srvTcp->addr.sockAddr, &sin_server,
6345a3a8 1984 sizeof(struct sockaddr_in));
50c2f753 1985 atomic_set(&srvTcp->inFlight, 0);
1da177e4
LT		 1986 /* BB Add code for ipv6 case too */
1987 srvTcp->ssocket = csocket;
1988 srvTcp->protocolType = IPV4;
c359cf3c
JL		 1989 srvTcp->hostname = extract_hostname(volume_info.UNC);
1990 if (IS_ERR(srvTcp->hostname)) {
1991 rc = PTR_ERR(srvTcp->hostname);
1992 sock_release(csocket);
1993 goto out;
1994 }
1da177e4
LT		 1995 init_waitqueue_head(&srvTcp->response_q);
1996 init_waitqueue_head(&srvTcp->request_q);
1997 INIT_LIST_HEAD(&srvTcp->pending_mid_q);
1998 /* at this point we are the only ones with the pointer
1999 to the struct since the kernel thread not created yet
2000 so no need to spinlock this init of tcpStatus */
2001 srvTcp->tcpStatus = CifsNew;
2002 init_MUTEX(&srvTcp->tcpSem);
aaf737ad 2003 srvTcp->tsk = kthread_run((void *)(void *)cifs_demultiplex_thread, srvTcp, "cifsd");
8840dee9 2004 if (IS_ERR(srvTcp->tsk)) {
aaf737ad 2005 rc = PTR_ERR(srvTcp->tsk);
50c2f753 2006 cERROR(1, ("error %d create cifsd thread", rc));
aaf737ad 2007 srvTcp->tsk = NULL;
1da177e4 2008 sock_release(csocket);
c359cf3c 2009 kfree(srvTcp->hostname);
70fe7dc0 2010 goto out;
f191401f 2011 }
f191401f 2012 rc = 0;
50c2f753
SF		 2013 memcpy(srvTcp->workstation_RFC1001_name,
2014 volume_info.source_rfc1001_name, 16);
2015 memcpy(srvTcp->server_RFC1001_name,
2016 volume_info.target_rfc1001_name, 16);
ad009ac9 2017 srvTcp->sequence_number = 0;
1da177e4
LT		 2018 }
2019 }
2020
2021 if (existingCifsSes) {
2022 pSesInfo = existingCifsSes;
1d9a8852
JL		 2023 cFYI(1, ("Existing smb sess found (status=%d)",
2024 pSesInfo->status));
88e7d705 2025 down(&pSesInfo->sesSem);
1d9a8852
JL		 2026 if (pSesInfo->status == CifsNeedReconnect) {
2027 cFYI(1, ("Session needs reconnect"));
1d9a8852
JL		 2028 rc = cifs_setup_session(xid, pSesInfo,
2029 cifs_sb->local_nls);
1d9a8852 2030 }
88e7d705 2031 up(&pSesInfo->sesSem);
1da177e4 2032 } else if (!rc) {
bf820679 2033 cFYI(1, ("Existing smb sess not found"));
1da177e4
LT		 2034 pSesInfo = sesInfoAlloc();
2035 if (pSesInfo == NULL)
2036 rc = -ENOMEM;
2037 else {
2038 pSesInfo->server = srvTcp;
2039 sprintf(pSesInfo->serverName, "%u.%u.%u.%u",
2040 NIPQUAD(sin_server.sin_addr.s_addr));
2041 }
2042
50c2f753
SF		 2043 if (!rc) {
2044 /* volume_info.password freed at unmount */
70fe7dc0 2045 if (volume_info.password) {
1da177e4 2046 pSesInfo->password = volume_info.password;
70fe7dc0
JL		 2047 /* set to NULL to prevent freeing on exit */
2048 volume_info.password = NULL;
2049 }
1da177e4
LT		 2050 if (volume_info.username)
2051 strncpy(pSesInfo->userName,
50c2f753
SF		 2052 volume_info.username,
2053 MAX_USERNAME_SIZE);
3979877e
SF		 2054 if (volume_info.domainname) {
2055 int len = strlen(volume_info.domainname);
50c2f753 2056 pSesInfo->domainName =
3979877e 2057 kmalloc(len + 1, GFP_KERNEL);
4523cc30 2058 if (pSesInfo->domainName)
3979877e
SF		 2059 strcpy(pSesInfo->domainName,
2060 volume_info.domainname);
2061 }
1da177e4 2062 pSesInfo->linux_uid = volume_info.linux_uid;
750d1151 2063 pSesInfo->overrideSecFlg = volume_info.secFlg;
1da177e4 2064 down(&pSesInfo->sesSem);
189acaae 2065 /* BB FIXME need to pass vol->secFlgs BB */
50c2f753
SF		 2066 rc = cifs_setup_session(xid, pSesInfo,
2067 cifs_sb->local_nls);
1da177e4 2068 up(&pSesInfo->sesSem);
4523cc30 2069 if (!rc)
1da177e4 2070 atomic_inc(&srvTcp->socketUseCount);
70fe7dc0 2071 }
1da177e4 2072 }
50c2f753 2073
1da177e4
LT		 2074 /* search for existing tcon to this server share */
2075 if (!rc) {
4523cc30 2076 if (volume_info.rsize > CIFSMaxBufSize) {
50c2f753 2077 cERROR(1, ("rsize %d too large, using MaxBufSize",
0ae0efad
SF		 2078 volume_info.rsize));
2079 cifs_sb->rsize = CIFSMaxBufSize;
75865f8c
SF		 2080 } else if ((volume_info.rsize) &&
2081 (volume_info.rsize <= CIFSMaxBufSize))
1da177e4 2082 cifs_sb->rsize = volume_info.rsize;
0ae0efad
SF		 2083 else /* default */
2084 cifs_sb->rsize = CIFSMaxBufSize;
2085
4523cc30 2086 if (volume_info.wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
50c2f753 2087 cERROR(1, ("wsize %d too large, using 4096 instead",
0ae0efad
SF		 2088 volume_info.wsize));
2089 cifs_sb->wsize = 4096;
4523cc30 2090 } else if (volume_info.wsize)
1da177e4
LT		 2091 cifs_sb->wsize = volume_info.wsize;
2092 else
50c2f753 2093 cifs_sb->wsize =
1877c9ea
SF		 2094 min_t(const int, PAGEVEC_SIZE * PAGE_CACHE_SIZE,
2095 127*1024);
17cbbafe 2096 /* old default of CIFSMaxBufSize was too small now
50c2f753 2097 that SMB Write2 can send multiple pages in kvec.
17cbbafe
SF		 2098 RFC1001 does not describe what happens when frame
2099 bigger than 128K is sent so use that as max in
2100 conjunction with 52K kvec constraint on arch with 4K
2101 page size */
2102
4523cc30 2103 if (cifs_sb->rsize < 2048) {
50c2f753 2104 cifs_sb->rsize = 2048;
6cec2aed 2105 /* Windows ME may prefer this */
467a8f8d 2106 cFYI(1, ("readsize set to minimum: 2048"));
1da177e4 2107 }
2fe87f02
SF		 2108 /* calculate prepath */
2109 cifs_sb->prepath = volume_info.prepath;
4523cc30 2110 if (cifs_sb->prepath) {
2fe87f02 2111 cifs_sb->prepathlen = strlen(cifs_sb->prepath);
03a143c9
SF		 2112 /* we can not convert the / to \ in the path
2113 separators in the prefixpath yet because we do not
2114 know (until reset_cifs_unix_caps is called later)
2115 whether POSIX PATH CAP is available. We normalize
2116 the / to \ after reset_cifs_unix_caps is called */
2fe87f02 2117 volume_info.prepath = NULL;
50c2f753 2118 } else
2fe87f02 2119 cifs_sb->prepathlen = 0;
1da177e4
LT		 2120 cifs_sb->mnt_uid = volume_info.linux_uid;
2121 cifs_sb->mnt_gid = volume_info.linux_gid;
2122 cifs_sb->mnt_file_mode = volume_info.file_mode;
2123 cifs_sb->mnt_dir_mode = volume_info.dir_mode;
467a8f8d
SF		 2124 cFYI(1, ("file mode: 0x%x dir mode: 0x%x",
2125 cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode));
1da177e4 2126
4523cc30 2127 if (volume_info.noperm)
1da177e4 2128 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
4523cc30 2129 if (volume_info.setuids)
1da177e4 2130 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
4523cc30 2131 if (volume_info.server_ino)
1da177e4 2132 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
4523cc30 2133 if (volume_info.remap)
6a0b4824 2134 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
4523cc30 2135 if (volume_info.no_xattr)
1da177e4 2136 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
4523cc30 2137 if (volume_info.sfu_emul)
d7245c2c 2138 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
4523cc30 2139 if (volume_info.nobrl)
c46fa8ac 2140 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
4523cc30 2141 if (volume_info.cifs_acl)
0a4b92c0 2142 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
4523cc30
SF		 2143 if (volume_info.override_uid)
2144 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
2145 if (volume_info.override_gid)
2146 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
d0a9c078
JL		 2147 if (volume_info.dynperm)
2148 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DYNPERM;
4523cc30 2149 if (volume_info.direct_io) {
467a8f8d 2150 cFYI(1, ("mounting share using direct i/o"));
1da177e4
LT		 2151 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
2152 }
2153
27adb44c
SF		 2154 if ((volume_info.cifs_acl) && (volume_info.dynperm))
2155 cERROR(1, ("mount option dynperm ignored if cifsacl "
2156 "mount option supported"));
2157
1da177e4
LT		 2158 tcon =
2159 find_unc(sin_server.sin_addr.s_addr, volume_info.UNC,
2160 volume_info.username);
2161 if (tcon) {
bf820679 2162 cFYI(1, ("Found match on UNC path"));
1da177e4
LT		 2163 /* we can have only one retry value for a connection
2164 to a share so for resources mounted more than once
50c2f753 2165 to the same server share the last value passed in
1da177e4
LT		 2166 for the retry flag is used */
2167 tcon->retry = volume_info.retry;
d3485d37 2168 tcon->nocase = volume_info.nocase;
95b1cb90
SF		 2169 if (tcon->seal != volume_info.seal)
2170 cERROR(1, ("transport encryption setting "
2171 "conflicts with existing tid"));
1da177e4
LT		 2172 } else {
2173 tcon = tconInfoAlloc();
2174 if (tcon == NULL)
2175 rc = -ENOMEM;
2176 else {
50c2f753 2177 /* check for null share name ie connecting to
8af18971 2178 * dfs root */
1da177e4 2179
50c2f753 2180 /* BB check if this works for exactly length
8af18971 2181 * three strings */
1da177e4
LT		 2182 if ((strchr(volume_info.UNC + 3, '\\') == NULL)
2183 && (strchr(volume_info.UNC + 3, '/') ==
2184 NULL)) {
646dd539 2185/* rc = connect_to_dfs_path(xid, pSesInfo,
8af18971 2186 "", cifs_sb->local_nls,
50c2f753 2187 cifs_sb->mnt_cifs_flags &
646dd539
SF		 2188 CIFS_MOUNT_MAP_SPECIAL_CHR);*/
2189 cFYI(1, ("DFS root not supported"));
70fe7dc0
JL		 2190 rc = -ENODEV;
2191 goto out;
1da177e4 2192 } else {
8af18971
SF		 2193 /* BB Do we need to wrap sesSem around
2194 * this TCon call and Unix SetFS as
2195 * we do on SessSetup and reconnect? */
50c2f753 2196 rc = CIFSTCon(xid, pSesInfo,
1da177e4
LT		 2197 volume_info.UNC,
2198 tcon, cifs_sb->local_nls);
2199 cFYI(1, ("CIFS Tcon rc = %d", rc));
2200 }
2201 if (!rc) {
2202 atomic_inc(&pSesInfo->inUse);
2203 tcon->retry = volume_info.retry;
d3485d37 2204 tcon->nocase = volume_info.nocase;
95b1cb90 2205 tcon->seal = volume_info.seal;
1da177e4
LT		 2206 }
2207 }
2208 }
2209 }
4523cc30 2210 if (pSesInfo) {
1da177e4
LT		 2211 if (pSesInfo->capabilities & CAP_LARGE_FILES) {
2212 sb->s_maxbytes = (u64) 1 << 63;
2213 } else
2214 sb->s_maxbytes = (u64) 1 << 31; /* 2 GB */
2215 }
2216
8af18971 2217 /* BB FIXME fix time_gran to be larger for LANMAN sessions */
1da177e4
LT		 2218 sb->s_time_gran = 100;
2219
2220/* on error free sesinfo and tcon struct if needed */
2221 if (rc) {
2222 /* if session setup failed, use count is zero but
2223 we still need to free cifsd thread */
4523cc30 2224 if (atomic_read(&srvTcp->socketUseCount) == 0) {
1da177e4
LT		 2225 spin_lock(&GlobalMid_Lock);
2226 srvTcp->tcpStatus = CifsExiting;
2227 spin_unlock(&GlobalMid_Lock);
4523cc30 2228 if (srvTcp->tsk) {
28356a16
SF		 2229 /* If we could verify that kthread_stop would
2230 always wake up processes blocked in
2231 tcp in recv_mesg then we could remove the
2232 send_sig call */
50c2f753 2233 force_sig(SIGKILL, srvTcp->tsk);
e691b9d1 2234 kthread_stop(srvTcp->tsk);
f191401f 2235 }
1da177e4
LT		 2236 }
2237 /* If find_unc succeeded then rc == 0 so we can not end */
2238 if (tcon) /* up accidently freeing someone elses tcon struct */
2239 tconInfoFree(tcon);
2240 if (existingCifsSes == NULL) {
2241 if (pSesInfo) {
50c2f753 2242 if ((pSesInfo->server) &&
1da177e4
LT		 2243 (pSesInfo->status == CifsGood)) {
2244 int temp_rc;
2245 temp_rc = CIFSSMBLogoff(xid, pSesInfo);
2246 /* if the socketUseCount is now zero */
4523cc30 2247 if ((temp_rc == -ESHUTDOWN) &&
50c2f753 2248 (pSesInfo->server) &&
5d9c7206 2249 (pSesInfo->server->tsk)) {
5d9c7206
J		 2250 force_sig(SIGKILL,
2251 pSesInfo->server->tsk);
e691b9d1 2252 kthread_stop(pSesInfo->server->tsk);
f191401f 2253 }
a013689d 2254 } else {
1da177e4 2255 cFYI(1, ("No session or bad tcon"));
a013689d
SF		 2256 if ((pSesInfo->server) &&
2257 (pSesInfo->server->tsk)) {
a013689d
SF		 2258 force_sig(SIGKILL,
2259 pSesInfo->server->tsk);
e691b9d1 2260 kthread_stop(pSesInfo->server->tsk);
a013689d
SF		 2261 }
2262 }
1da177e4
LT		 2263 sesInfoFree(pSesInfo);
2264 /* pSesInfo = NULL; */
2265 }
2266 }
2267 } else {
2268 atomic_inc(&tcon->useCount);
2269 cifs_sb->tcon = tcon;
2270 tcon->ses = pSesInfo;
2271
82940a46 2272 /* do not care if following two calls succeed - informational */
7f8ed420
SF		 2273 if (!tcon->ipc) {
2274 CIFSSMBQFSDeviceInfo(xid, tcon);
2275 CIFSSMBQFSAttributeInfo(xid, tcon);
2276 }
50c2f753 2277
8af18971
SF		 2278 /* tell server which Unix caps we support */
2279 if (tcon->ses->capabilities & CAP_UNIX)
c18c842b
SF		 2280 /* reset of caps checks mount to see if unix extensions
2281 disabled for just this mount */
8af18971 2282 reset_cifs_unix_caps(xid, tcon, sb, &volume_info);
c18c842b
SF		 2283 else
2284 tcon->unix_ext = 0; /* server does not support them */
2285
03a143c9 2286 /* convert forward to back slashes in prepath here if needed */
11b6d645
IM		 2287 if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0)
2288 convert_delimiter(cifs_sb->prepath,
2289 CIFS_DIR_SEP(cifs_sb));
03a143c9 2290
c18c842b 2291 if ((tcon->unix_ext == 0) && (cifs_sb->rsize > (1024 * 127))) {
75865f8c 2292 cifs_sb->rsize = 1024 * 127;
90c81e0b
SF		 2293 cFYI(DBG2,
2294 ("no very large read support, rsize now 127K"));
75865f8c 2295 }
3e84469d
SF		 2296 if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
2297 cifs_sb->wsize = min(cifs_sb->wsize,
2298 (tcon->ses->server->maxBuf -
2299 MAX_CIFS_HDR_SIZE));
0ae0efad 2300 if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
50c2f753
SF		 2301 cifs_sb->rsize = min(cifs_sb->rsize,
2302 (tcon->ses->server->maxBuf -
2303 MAX_CIFS_HDR_SIZE));
1da177e4
LT		 2304 }
2305
2306 /* volume_info.password is freed above when existing session found
2307 (in which case it is not needed anymore) but when new sesion is created
2308 the password ptr is put in the new session structure (in which case the
2309 password will be freed at unmount time) */
70fe7dc0
JL		 2310out:
2311 /* zero out password before freeing */
2312 if (volume_info.password != NULL) {
2313 memset(volume_info.password, 0, strlen(volume_info.password));
2314 kfree(volume_info.password);
2315 }
f99d49ad 2316 kfree(volume_info.UNC);
2fe87f02 2317 kfree(volume_info.prepath);
1da177e4
LT		 2318 FreeXid(xid);
2319 return rc;
2320}
2321
2322static int
2323CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
7c7b25bc 2324 char session_key[CIFS_SESS_KEY_SIZE],
1da177e4
LT		 2325 const struct nls_table *nls_codepage)
2326{
2327 struct smb_hdr *smb_buffer;
2328 struct smb_hdr *smb_buffer_response;
2329 SESSION_SETUP_ANDX *pSMB;
2330 SESSION_SETUP_ANDX *pSMBr;
2331 char *bcc_ptr;
2332 char *user;
2333 char *domain;
2334 int rc = 0;
2335 int remaining_words = 0;
2336 int bytes_returned = 0;
2337 int len;
2338 __u32 capabilities;
2339 __u16 count;
2340
eeac8047 2341 cFYI(1, ("In sesssetup"));
4523cc30 2342 if (ses == NULL)
1da177e4
LT		 2343 return -EINVAL;
2344 user = ses->userName;
2345 domain = ses->domainName;
2346 smb_buffer = cifs_buf_get();
582d21e5
SF		 2347
2348 if (smb_buffer == NULL)
1da177e4 2349 return -ENOMEM;
582d21e5 2350
1da177e4
LT		 2351 smb_buffer_response = smb_buffer;
2352 pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2353
2354 /* send SMBsessionSetup here */
2355 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2356 NULL /* no tCon exists yet */ , 13 /* wct */ );
2357
1982c344 2358 smb_buffer->Mid = GetNextMid(ses->server);
1da177e4
LT		 2359 pSMB->req_no_secext.AndXCommand = 0xFF;
2360 pSMB->req_no_secext.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2361 pSMB->req_no_secext.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2362
50c2f753
SF		 2363 if (ses->server->secMode &
2364 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
1da177e4
LT		 2365 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2366
2367 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2368 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
2369 if (ses->capabilities & CAP_UNICODE) {
2370 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2371 capabilities |= CAP_UNICODE;
2372 }
2373 if (ses->capabilities & CAP_STATUS32) {
2374 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2375 capabilities |= CAP_STATUS32;
2376 }
2377 if (ses->capabilities & CAP_DFS) {
2378 smb_buffer->Flags2 |= SMBFLG2_DFS;
2379 capabilities |= CAP_DFS;
2380 }
2381 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
2382
50c2f753 2383 pSMB->req_no_secext.CaseInsensitivePasswordLength =
7c7b25bc 2384 cpu_to_le16(CIFS_SESS_KEY_SIZE);
1da177e4
LT		 2385
2386 pSMB->req_no_secext.CaseSensitivePasswordLength =
7c7b25bc 2387 cpu_to_le16(CIFS_SESS_KEY_SIZE);
1da177e4 2388 bcc_ptr = pByteArea(smb_buffer);
7c7b25bc
SF		 2389 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2390 bcc_ptr += CIFS_SESS_KEY_SIZE;
2391 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2392 bcc_ptr += CIFS_SESS_KEY_SIZE;
1da177e4
LT		 2393
2394 if (ses->capabilities & CAP_UNICODE) {
2395 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode */
2396 *bcc_ptr = 0;
2397 bcc_ptr++;
2398 }
4523cc30 2399 if (user == NULL)
3979877e 2400 bytes_returned = 0; /* skip null user */
50c2f753 2401 else
1da177e4 2402 bytes_returned =
50c2f753 2403 cifs_strtoUCS((__le16 *) bcc_ptr, user, 100,
1da177e4
LT		 2404 nls_codepage);
2405 /* convert number of 16 bit words to bytes */
2406 bcc_ptr += 2 * bytes_returned;
2407 bcc_ptr += 2; /* trailing null */
2408 if (domain == NULL)
2409 bytes_returned =
e89dc920 2410 cifs_strtoUCS((__le16 *) bcc_ptr,
1da177e4
LT		 2411 "CIFS_LINUX_DOM", 32, nls_codepage);
2412 else
2413 bytes_returned =
e89dc920 2414 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
1da177e4
LT		 2415 nls_codepage);
2416 bcc_ptr += 2 * bytes_returned;
2417 bcc_ptr += 2;
2418 bytes_returned =
e89dc920 2419 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
1da177e4
LT		 2420 32, nls_codepage);
2421 bcc_ptr += 2 * bytes_returned;
2422 bytes_returned =
e9ff3990 2423 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release,
1da177e4
LT		 2424 32, nls_codepage);
2425 bcc_ptr += 2 * bytes_returned;
2426 bcc_ptr += 2;
2427 bytes_returned =
e89dc920 2428 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
1da177e4
LT		 2429 64, nls_codepage);
2430 bcc_ptr += 2 * bytes_returned;
2431 bcc_ptr += 2;
2432 } else {
50c2f753 2433 if (user != NULL) {
1da177e4
LT		 2434 strncpy(bcc_ptr, user, 200);
2435 bcc_ptr += strnlen(user, 200);
2436 }
2437 *bcc_ptr = 0;
2438 bcc_ptr++;
2439 if (domain == NULL) {
2440 strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2441 bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2442 } else {
2443 strncpy(bcc_ptr, domain, 64);
2444 bcc_ptr += strnlen(domain, 64);
2445 *bcc_ptr = 0;
2446 bcc_ptr++;
2447 }
2448 strcpy(bcc_ptr, "Linux version ");
2449 bcc_ptr += strlen("Linux version ");
e9ff3990
SH		 2450 strcpy(bcc_ptr, utsname()->release);
2451 bcc_ptr += strlen(utsname()->release) + 1;
1da177e4
LT		 2452 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2453 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2454 }
2455 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2456 smb_buffer->smb_buf_length += count;
2457 pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
2458
2459 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
133672ef 2460 &bytes_returned, CIFS_LONG_OP);
1da177e4
LT		 2461 if (rc) {
2462/* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2463 } else if ((smb_buffer_response->WordCount == 3)
2464 || (smb_buffer_response->WordCount == 4)) {
2465 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2466 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2467 if (action & GUEST_LOGIN)
50c2f753
SF		 2468 cFYI(1, (" Guest login")); /* BB mark SesInfo struct? */
2469 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format
2470 (little endian) */
1da177e4 2471 cFYI(1, ("UID = %d ", ses->Suid));
50c2f753
SF		 2472 /* response can have either 3 or 4 word count - Samba sends 3 */
2473 bcc_ptr = pByteArea(smb_buffer_response);
1da177e4
LT		 2474 if ((pSMBr->resp.hdr.WordCount == 3)
2475 || ((pSMBr->resp.hdr.WordCount == 4)
2476 && (blob_len < pSMBr->resp.ByteCount))) {
2477 if (pSMBr->resp.hdr.WordCount == 4)
2478 bcc_ptr += blob_len;
2479
2480 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2481 if ((long) (bcc_ptr) % 2) {
2482 remaining_words =
50c2f753
SF		 2483 (BCC(smb_buffer_response) - 1) / 2;
2484 /* Unicode strings must be word
2485 aligned */
2486 bcc_ptr++;
1da177e4
LT		 2487 } else {
2488 remaining_words =
2489 BCC(smb_buffer_response) / 2;
2490 }
2491 len =
2492 UniStrnlen((wchar_t *) bcc_ptr,
2493 remaining_words - 1);
2494/* We look for obvious messed up bcc or strings in response so we do not go off
2495 the end since (at least) WIN2K and Windows XP have a major bug in not null
2496 terminating last Unicode string in response */
fb8c4b14 2497 if (ses->serverOS)
a424f8bf 2498 kfree(ses->serverOS);
50c2f753
SF		 2499 ses->serverOS = kzalloc(2 * (len + 1),
2500 GFP_KERNEL);
fb8c4b14 2501 if (ses->serverOS == NULL)
433dc24f 2502 goto sesssetup_nomem;
1da177e4 2503 cifs_strfromUCS_le(ses->serverOS,
50c2f753
SF		 2504 (__le16 *)bcc_ptr,
2505 len, nls_codepage);
1da177e4
LT		 2506 bcc_ptr += 2 * (len + 1);
2507 remaining_words -= len + 1;
2508 ses->serverOS[2 * len] = 0;
2509 ses->serverOS[1 + (2 * len)] = 0;
2510 if (remaining_words > 0) {
2511 len = UniStrnlen((wchar_t *)bcc_ptr,
2512 remaining_words-1);
cd49b492 2513 kfree(ses->serverNOS);
50c2f753
SF		 2514 ses->serverNOS = kzalloc(2 * (len + 1),
2515 GFP_KERNEL);
fb8c4b14 2516 if (ses->serverNOS == NULL)
433dc24f 2517 goto sesssetup_nomem;
1da177e4 2518 cifs_strfromUCS_le(ses->serverNOS,
50c2f753
SF		 2519 (__le16 *)bcc_ptr,
2520 len, nls_codepage);
1da177e4
LT		 2521 bcc_ptr += 2 * (len + 1);
2522 ses->serverNOS[2 * len] = 0;
2523 ses->serverNOS[1 + (2 * len)] = 0;
fb8c4b14 2524 if (strncmp(ses->serverNOS,
50c2f753 2525 "NT LAN Manager 4", 16) == 0) {
467a8f8d 2526 cFYI(1, ("NT4 server"));
1da177e4
LT		 2527 ses->flags |= CIFS_SES_NT4;
2528 }
2529 remaining_words -= len + 1;
2530 if (remaining_words > 0) {
433dc24f 2531 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
50c2f753
SF		 2532 /* last string is not always null terminated
2533 (for e.g. for Windows XP & 2000) */
fb8c4b14 2534 if (ses->serverDomain)
a424f8bf 2535 kfree(ses->serverDomain);
1da177e4 2536 ses->serverDomain =
50c2f753
SF		 2537 kzalloc(2*(len+1),
2538 GFP_KERNEL);
fb8c4b14 2539 if (ses->serverDomain == NULL)
433dc24f 2540 goto sesssetup_nomem;
1da177e4 2541 cifs_strfromUCS_le(ses->serverDomain,
50c2f753
SF		 2542 (__le16 *)bcc_ptr,
2543 len, nls_codepage);
1da177e4
LT		 2544 bcc_ptr += 2 * (len + 1);
2545 ses->serverDomain[2*len] = 0;
2546 ses->serverDomain[1+(2*len)] = 0;
50c2f753
SF		 2547 } else { /* else no more room so create
2548 dummy domain string */
fb8c4b14 2549 if (ses->serverDomain)
a424f8bf 2550 kfree(ses->serverDomain);
50c2f753 2551 ses->serverDomain =
e915fc49 2552 kzalloc(2, GFP_KERNEL);
a424f8bf 2553 }
50c2f753
SF		 2554 } else { /* no room so create dummy domain
2555 and NOS string */
2556
433dc24f
SF		 2557 /* if these kcallocs fail not much we
2558 can do, but better to not fail the
2559 sesssetup itself */
cd49b492 2560 kfree(ses->serverDomain);
1da177e4 2561 ses->serverDomain =
e915fc49 2562 kzalloc(2, GFP_KERNEL);
cd49b492 2563 kfree(ses->serverNOS);
1da177e4 2564 ses->serverNOS =
e915fc49 2565 kzalloc(2, GFP_KERNEL);
1da177e4
LT		 2566 }
2567 } else { /* ASCII */
2568 len = strnlen(bcc_ptr, 1024);
2569 if (((long) bcc_ptr + len) - (long)
2570 pByteArea(smb_buffer_response)
2571 <= BCC(smb_buffer_response)) {
cd49b492 2572 kfree(ses->serverOS);
50c2f753
SF		 2573 ses->serverOS = kzalloc(len + 1,
2574 GFP_KERNEL);
fb8c4b14 2575 if (ses->serverOS == NULL)
433dc24f 2576 goto sesssetup_nomem;
50c2f753 2577 strncpy(ses->serverOS, bcc_ptr, len);
1da177e4
LT		 2578
2579 bcc_ptr += len;
50c2f753
SF		 2580 /* null terminate the string */
2581 bcc_ptr[0] = 0;
1da177e4
LT		 2582 bcc_ptr++;
2583
2584 len = strnlen(bcc_ptr, 1024);
cd49b492 2585 kfree(ses->serverNOS);
50c2f753
SF		 2586 ses->serverNOS = kzalloc(len + 1,
2587 GFP_KERNEL);
fb8c4b14 2588 if (ses->serverNOS == NULL)
433dc24f 2589 goto sesssetup_nomem;
1da177e4
LT		 2590 strncpy(ses->serverNOS, bcc_ptr, len);
2591 bcc_ptr += len;
2592 bcc_ptr[0] = 0;
2593 bcc_ptr++;
2594
2595 len = strnlen(bcc_ptr, 1024);
fb8c4b14 2596 if (ses->serverDomain)
a424f8bf 2597 kfree(ses->serverDomain);
50c2f753
SF		 2598 ses->serverDomain = kzalloc(len + 1,
2599 GFP_KERNEL);
fb8c4b14 2600 if (ses->serverDomain == NULL)
433dc24f 2601 goto sesssetup_nomem;
50c2f753
SF		 2602 strncpy(ses->serverDomain, bcc_ptr,
2603 len);
1da177e4
LT		 2604 bcc_ptr += len;
2605 bcc_ptr[0] = 0;
2606 bcc_ptr++;
2607 } else
2608 cFYI(1,
50c2f753
SF		 2609 ("Variable field of length %d "
2610 "extends beyond end of smb ",
1da177e4
LT		 2611 len));
2612 }
2613 } else {
2614 cERROR(1,
50c2f753
SF		 2615 (" Security Blob Length extends beyond "
2616 "end of SMB"));
1da177e4
LT		 2617 }
2618 } else {
2619 cERROR(1,
2620 (" Invalid Word count %d: ",
2621 smb_buffer_response->WordCount));
2622 rc = -EIO;
2623 }
433dc24f
SF		 2624sesssetup_nomem: /* do not return an error on nomem for the info strings,
2625 since that could make reconnection harder, and
2626 reconnection might be needed to free memory */
a8a11d39 2627 cifs_buf_release(smb_buffer);
1da177e4
LT		 2628
2629 return rc;
2630}
2631
1da177e4
LT		 2632static int
2633CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
4b18f2a9 2634 struct cifsSesInfo *ses, bool *pNTLMv2_flag,
1da177e4
LT		 2635 const struct nls_table *nls_codepage)
2636{
2637 struct smb_hdr *smb_buffer;
2638 struct smb_hdr *smb_buffer_response;
2639 SESSION_SETUP_ANDX *pSMB;
2640 SESSION_SETUP_ANDX *pSMBr;
2641 char *bcc_ptr;
2642 char *domain;
2643 int rc = 0;
2644 int remaining_words = 0;
2645 int bytes_returned = 0;
2646 int len;
6345a3a8 2647 int SecurityBlobLength = sizeof(NEGOTIATE_MESSAGE);
1da177e4
LT		 2648 PNEGOTIATE_MESSAGE SecurityBlob;
2649 PCHALLENGE_MESSAGE SecurityBlob2;
2650 __u32 negotiate_flags, capabilities;
2651 __u16 count;
2652
12b3b8ff 2653 cFYI(1, ("In NTLMSSP sesssetup (negotiate)"));
fb8c4b14 2654 if (ses == NULL)
1da177e4
LT		 2655 return -EINVAL;
2656 domain = ses->domainName;
4b18f2a9 2657 *pNTLMv2_flag = false;
1da177e4
LT		 2658 smb_buffer = cifs_buf_get();
2659 if (smb_buffer == NULL) {
2660 return -ENOMEM;
2661 }
2662 smb_buffer_response = smb_buffer;
2663 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2664 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2665
2666 /* send SMBsessionSetup here */
2667 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2668 NULL /* no tCon exists yet */ , 12 /* wct */ );
1982c344
SF		 2669
2670 smb_buffer->Mid = GetNextMid(ses->server);
1da177e4
LT		 2671 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2672 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2673
2674 pSMB->req.AndXCommand = 0xFF;
2675 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2676 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2677
fb8c4b14 2678 if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
1da177e4
LT		 2679 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2680
2681 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2682 CAP_EXTENDED_SECURITY;
2683 if (ses->capabilities & CAP_UNICODE) {
2684 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2685 capabilities |= CAP_UNICODE;
2686 }
2687 if (ses->capabilities & CAP_STATUS32) {
2688 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2689 capabilities |= CAP_STATUS32;
2690 }
2691 if (ses->capabilities & CAP_DFS) {
2692 smb_buffer->Flags2 |= SMBFLG2_DFS;
2693 capabilities |= CAP_DFS;
2694 }
2695 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2696
2697 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2698 SecurityBlob = (PNEGOTIATE_MESSAGE) bcc_ptr;
2699 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2700 SecurityBlob->MessageType = NtLmNegotiate;
2701 negotiate_flags =
2702 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
12b3b8ff
SF		 2703 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM |
2704 NTLMSSP_NEGOTIATE_56 |
1da177e4 2705 /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
fb8c4b14 2706 if (sign_CIFS_PDUs)
1da177e4 2707 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
fb8c4b14 2708/* if (ntlmv2_support)
3979877e 2709 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;*/
1da177e4
LT		 2710 /* setup pointers to domain name and workstation name */
2711 bcc_ptr += SecurityBlobLength;
2712
2713 SecurityBlob->WorkstationName.Buffer = 0;
2714 SecurityBlob->WorkstationName.Length = 0;
2715 SecurityBlob->WorkstationName.MaximumLength = 0;
2716
12b3b8ff
SF		 2717 /* Domain not sent on first Sesssetup in NTLMSSP, instead it is sent
2718 along with username on auth request (ie the response to challenge) */
2719 SecurityBlob->DomainName.Buffer = 0;
2720 SecurityBlob->DomainName.Length = 0;
2721 SecurityBlob->DomainName.MaximumLength = 0;
1da177e4
LT		 2722 if (ses->capabilities & CAP_UNICODE) {
2723 if ((long) bcc_ptr % 2) {
2724 *bcc_ptr = 0;
2725 bcc_ptr++;
2726 }
2727
2728 bytes_returned =
e89dc920 2729 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
1da177e4
LT		 2730 32, nls_codepage);
2731 bcc_ptr += 2 * bytes_returned;
2732 bytes_returned =
e9ff3990 2733 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
1da177e4
LT		 2734 nls_codepage);
2735 bcc_ptr += 2 * bytes_returned;
2736 bcc_ptr += 2; /* null terminate Linux version */
2737 bytes_returned =
e89dc920 2738 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
1da177e4
LT		 2739 64, nls_codepage);
2740 bcc_ptr += 2 * bytes_returned;
2741 *(bcc_ptr + 1) = 0;
2742 *(bcc_ptr + 2) = 0;
2743 bcc_ptr += 2; /* null terminate network opsys string */
2744 *(bcc_ptr + 1) = 0;
2745 *(bcc_ptr + 2) = 0;
2746 bcc_ptr += 2; /* null domain */
2747 } else { /* ASCII */
2748 strcpy(bcc_ptr, "Linux version ");
2749 bcc_ptr += strlen("Linux version ");
e9ff3990
SH		 2750 strcpy(bcc_ptr, utsname()->release);
2751 bcc_ptr += strlen(utsname()->release) + 1;
1da177e4
LT		 2752 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2753 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2754 bcc_ptr++; /* empty domain field */
2755 *bcc_ptr = 0;
2756 }
2757 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2758 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2759 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2760 smb_buffer->smb_buf_length += count;
2761 pSMB->req.ByteCount = cpu_to_le16(count);
2762
2763 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
133672ef 2764 &bytes_returned, CIFS_LONG_OP);
1da177e4
LT		 2765
2766 if (smb_buffer_response->Status.CifsError ==
2767 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
2768 rc = 0;
2769
2770 if (rc) {
2771/* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2772 } else if ((smb_buffer_response->WordCount == 3)
2773 || (smb_buffer_response->WordCount == 4)) {
2774 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2775 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2776
2777 if (action & GUEST_LOGIN)
50c2f753
SF		 2778 cFYI(1, (" Guest login"));
2779 /* Do we want to set anything in SesInfo struct when guest login? */
1da177e4 2780
50c2f753
SF		 2781 bcc_ptr = pByteArea(smb_buffer_response);
2782 /* response can have either 3 or 4 word count - Samba sends 3 */
1da177e4
LT		 2783
2784 SecurityBlob2 = (PCHALLENGE_MESSAGE) bcc_ptr;
2785 if (SecurityBlob2->MessageType != NtLmChallenge) {
2786 cFYI(1,
2787 ("Unexpected NTLMSSP message type received %d",
2788 SecurityBlob2->MessageType));
2789 } else if (ses) {
50c2f753 2790 ses->Suid = smb_buffer_response->Uid; /* UID left in le format */
12b3b8ff 2791 cFYI(1, ("UID = %d", ses->Suid));
1da177e4
LT		 2792 if ((pSMBr->resp.hdr.WordCount == 3)
2793 || ((pSMBr->resp.hdr.WordCount == 4)
2794 && (blob_len <
2795 pSMBr->resp.ByteCount))) {
2796
2797 if (pSMBr->resp.hdr.WordCount == 4) {
2798 bcc_ptr += blob_len;
12b3b8ff 2799 cFYI(1, ("Security Blob Length %d",
1da177e4
LT		 2800 blob_len));
2801 }
2802
12b3b8ff 2803 cFYI(1, ("NTLMSSP Challenge rcvd"));
1da177e4
LT		 2804
2805 memcpy(ses->server->cryptKey,
2806 SecurityBlob2->Challenge,
2807 CIFS_CRYPTO_KEY_SIZE);
50c2f753 2808 if (SecurityBlob2->NegotiateFlags &
12b3b8ff 2809 cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
4b18f2a9 2810 *pNTLMv2_flag = true;
1da177e4 2811
50c2f753
SF		 2812 if ((SecurityBlob2->NegotiateFlags &
2813 cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN))
1da177e4 2814 || (sign_CIFS_PDUs > 1))
50c2f753
SF		 2815 ses->server->secMode |=
2816 SECMODE_SIGN_REQUIRED;
2817 if ((SecurityBlob2->NegotiateFlags &
1da177e4 2818 cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN)) && (sign_CIFS_PDUs))
50c2f753 2819 ses->server->secMode |=
1da177e4
LT		 2820 SECMODE_SIGN_ENABLED;
2821
2822 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2823 if ((long) (bcc_ptr) % 2) {
2824 remaining_words =
2825 (BCC(smb_buffer_response)
2826 - 1) / 2;
50c2f753
SF		 2827 /* Must word align unicode strings */
2828 bcc_ptr++;
1da177e4
LT		 2829 } else {
2830 remaining_words =
2831 BCC
2832 (smb_buffer_response) / 2;
2833 }
2834 len =
2835 UniStrnlen((wchar_t *) bcc_ptr,
2836 remaining_words - 1);
2837/* We look for obvious messed up bcc or strings in response so we do not go off
2838 the end since (at least) WIN2K and Windows XP have a major bug in not null
2839 terminating last Unicode string in response */
fb8c4b14 2840 if (ses->serverOS)
a424f8bf 2841 kfree(ses->serverOS);
1da177e4 2842 ses->serverOS =
e915fc49 2843 kzalloc(2 * (len + 1), GFP_KERNEL);
1da177e4 2844 cifs_strfromUCS_le(ses->serverOS,
e89dc920 2845 (__le16 *)
1da177e4
LT		 2846 bcc_ptr, len,
2847 nls_codepage);
2848 bcc_ptr += 2 * (len + 1);
2849 remaining_words -= len + 1;
2850 ses->serverOS[2 * len] = 0;
2851 ses->serverOS[1 + (2 * len)] = 0;
2852 if (remaining_words > 0) {
2853 len = UniStrnlen((wchar_t *)
2854 bcc_ptr,
2855 remaining_words
2856 - 1);
cd49b492 2857 kfree(ses->serverNOS);
1da177e4 2858 ses->serverNOS =
e915fc49 2859 kzalloc(2 * (len + 1),
1da177e4
LT		 2860 GFP_KERNEL);
2861 cifs_strfromUCS_le(ses->
2862 serverNOS,
e89dc920 2863 (__le16 *)
1da177e4
LT		 2864 bcc_ptr,
2865 len,
2866 nls_codepage);
2867 bcc_ptr += 2 * (len + 1);
2868 ses->serverNOS[2 * len] = 0;
2869 ses->serverNOS[1 +
2870 (2 * len)] = 0;
2871 remaining_words -= len + 1;
2872 if (remaining_words > 0) {
50c2f753
SF		 2873 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2874 /* last string not always null terminated
2875 (for e.g. for Windows XP & 2000) */
cd49b492 2876 kfree(ses->serverDomain);
1da177e4 2877 ses->serverDomain =
e915fc49 2878 kzalloc(2 *
1da177e4
LT		 2879 (len +
2880 1),
2881 GFP_KERNEL);
2882 cifs_strfromUCS_le
e89dc920
SF		 2883 (ses->serverDomain,
2884 (__le16 *)bcc_ptr,
2885 len, nls_codepage);
1da177e4
LT		 2886 bcc_ptr +=
2887 2 * (len + 1);
e89dc920 2888 ses->serverDomain[2*len]
1da177e4 2889 = 0;
e89dc920
SF		 2890 ses->serverDomain
2891 [1 + (2 * len)]
1da177e4
LT		 2892 = 0;
2893 } /* else no more room so create dummy domain string */
a424f8bf 2894 else {
cd49b492 2895 kfree(ses->serverDomain);
1da177e4 2896 ses->serverDomain =
e915fc49 2897 kzalloc(2,
1da177e4 2898 GFP_KERNEL);
a424f8bf 2899 }
1da177e4 2900 } else { /* no room so create dummy domain and NOS string */
cd49b492 2901 kfree(ses->serverDomain);
1da177e4 2902 ses->serverDomain =
e915fc49 2903 kzalloc(2, GFP_KERNEL);
cd49b492 2904 kfree(ses->serverNOS);
1da177e4 2905 ses->serverNOS =
e915fc49 2906 kzalloc(2, GFP_KERNEL);
1da177e4
LT		 2907 }
2908 } else { /* ASCII */
2909 len = strnlen(bcc_ptr, 1024);
2910 if (((long) bcc_ptr + len) - (long)
2911 pByteArea(smb_buffer_response)
2912 <= BCC(smb_buffer_response)) {
fb8c4b14 2913 if (ses->serverOS)
a424f8bf 2914 kfree(ses->serverOS);
1da177e4 2915 ses->serverOS =
e915fc49 2916 kzalloc(len + 1,
1da177e4
LT		 2917 GFP_KERNEL);
2918 strncpy(ses->serverOS,
2919 bcc_ptr, len);
2920
2921 bcc_ptr += len;
2922 bcc_ptr[0] = 0; /* null terminate string */
2923 bcc_ptr++;
2924
2925 len = strnlen(bcc_ptr, 1024);
cd49b492 2926 kfree(ses->serverNOS);
1da177e4 2927 ses->serverNOS =
e915fc49 2928 kzalloc(len + 1,
1da177e4
LT		 2929 GFP_KERNEL);
2930 strncpy(ses->serverNOS, bcc_ptr, len);
2931 bcc_ptr += len;
2932 bcc_ptr[0] = 0;
2933 bcc_ptr++;
2934
2935 len = strnlen(bcc_ptr, 1024);
cd49b492 2936 kfree(ses->serverDomain);
1da177e4 2937 ses->serverDomain =
e915fc49 2938 kzalloc(len + 1,
1da177e4 2939 GFP_KERNEL);
50c2f753
SF		 2940 strncpy(ses->serverDomain,
2941 bcc_ptr, len);
1da177e4
LT		 2942 bcc_ptr += len;
2943 bcc_ptr[0] = 0;
2944 bcc_ptr++;
2945 } else
2946 cFYI(1,
63135e08
SF		 2947 ("field of length %d "
2948 "extends beyond end of smb",
1da177e4
LT		 2949 len));
2950 }
2951 } else {
50c2f753
SF		 2952 cERROR(1, ("Security Blob Length extends beyond"
2953 " end of SMB"));
1da177e4
LT		 2954 }
2955 } else {
2956 cERROR(1, ("No session structure passed in."));
2957 }
2958 } else {
2959 cERROR(1,
5815449d 2960 (" Invalid Word count %d:",
1da177e4
LT		 2961 smb_buffer_response->WordCount));
2962 rc = -EIO;
2963 }
2964
a8a11d39 2965 cifs_buf_release(smb_buffer);
1da177e4
LT		 2966
2967 return rc;
2968}
2969static int
2970CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
4b18f2a9 2971 char *ntlm_session_key, bool ntlmv2_flag,
6345a3a8 2972 const struct nls_table *nls_codepage)
1da177e4
LT		 2973{
2974 struct smb_hdr *smb_buffer;
2975 struct smb_hdr *smb_buffer_response;
2976 SESSION_SETUP_ANDX *pSMB;
2977 SESSION_SETUP_ANDX *pSMBr;
2978 char *bcc_ptr;
2979 char *user;
2980 char *domain;
2981 int rc = 0;
2982 int remaining_words = 0;
2983 int bytes_returned = 0;
2984 int len;
6345a3a8 2985 int SecurityBlobLength = sizeof(AUTHENTICATE_MESSAGE);
1da177e4
LT		 2986 PAUTHENTICATE_MESSAGE SecurityBlob;
2987 __u32 negotiate_flags, capabilities;
2988 __u16 count;
2989
2990 cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
fb8c4b14 2991 if (ses == NULL)
1da177e4
LT		 2992 return -EINVAL;
2993 user = ses->userName;
2994 domain = ses->domainName;
2995 smb_buffer = cifs_buf_get();
2996 if (smb_buffer == NULL) {
2997 return -ENOMEM;
2998 }
2999 smb_buffer_response = smb_buffer;
6345a3a8
CG		 3000 pSMB = (SESSION_SETUP_ANDX *)smb_buffer;
3001 pSMBr = (SESSION_SETUP_ANDX *)smb_buffer_response;
1da177e4
LT		 3002
3003 /* send SMBsessionSetup here */
3004 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
3005 NULL /* no tCon exists yet */ , 12 /* wct */ );
1982c344
SF		 3006
3007 smb_buffer->Mid = GetNextMid(ses->server);
1da177e4
LT		 3008 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
3009 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
3010 pSMB->req.AndXCommand = 0xFF;
3011 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
3012 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
3013
3014 pSMB->req.hdr.Uid = ses->Suid;
3015
fb8c4b14 3016 if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
1da177e4
LT		 3017 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3018
3019 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
6345a3a8 3020 CAP_EXTENDED_SECURITY;
1da177e4
LT		 3021 if (ses->capabilities & CAP_UNICODE) {
3022 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3023 capabilities |= CAP_UNICODE;
3024 }
3025 if (ses->capabilities & CAP_STATUS32) {
3026 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3027 capabilities |= CAP_STATUS32;
3028 }
3029 if (ses->capabilities & CAP_DFS) {
3030 smb_buffer->Flags2 |= SMBFLG2_DFS;
3031 capabilities |= CAP_DFS;
3032 }
3033 pSMB->req.Capabilities = cpu_to_le32(capabilities);
3034
6345a3a8
CG		 3035 bcc_ptr = (char *)&pSMB->req.SecurityBlob;
3036 SecurityBlob = (PAUTHENTICATE_MESSAGE)bcc_ptr;
1da177e4
LT		 3037 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
3038 SecurityBlob->MessageType = NtLmAuthenticate;
3039 bcc_ptr += SecurityBlobLength;
6345a3a8
CG		 3040 negotiate_flags = NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
3041 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
3042 0x80000000 | NTLMSSP_NEGOTIATE_128;
fb8c4b14 3043 if (sign_CIFS_PDUs)
1da177e4 3044 negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
fb8c4b14 3045 if (ntlmv2_flag)
1da177e4
LT		 3046 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
3047
3048/* setup pointers to domain name and workstation name */
3049
3050 SecurityBlob->WorkstationName.Buffer = 0;
3051 SecurityBlob->WorkstationName.Length = 0;
3052 SecurityBlob->WorkstationName.MaximumLength = 0;
3053 SecurityBlob->SessionKey.Length = 0;
3054 SecurityBlob->SessionKey.MaximumLength = 0;
3055 SecurityBlob->SessionKey.Buffer = 0;
3056
3057 SecurityBlob->LmChallengeResponse.Length = 0;
3058 SecurityBlob->LmChallengeResponse.MaximumLength = 0;
3059 SecurityBlob->LmChallengeResponse.Buffer = 0;
3060
3061 SecurityBlob->NtChallengeResponse.Length =
7c7b25bc 3062 cpu_to_le16(CIFS_SESS_KEY_SIZE);
1da177e4 3063 SecurityBlob->NtChallengeResponse.MaximumLength =
7c7b25bc
SF		 3064 cpu_to_le16(CIFS_SESS_KEY_SIZE);
3065 memcpy(bcc_ptr, ntlm_session_key, CIFS_SESS_KEY_SIZE);
1da177e4
LT		 3066 SecurityBlob->NtChallengeResponse.Buffer =
3067 cpu_to_le32(SecurityBlobLength);
7c7b25bc
SF		 3068 SecurityBlobLength += CIFS_SESS_KEY_SIZE;
3069 bcc_ptr += CIFS_SESS_KEY_SIZE;
1da177e4
LT		 3070
3071 if (ses->capabilities & CAP_UNICODE) {
3072 if (domain == NULL) {
3073 SecurityBlob->DomainName.Buffer = 0;
3074 SecurityBlob->DomainName.Length = 0;
3075 SecurityBlob->DomainName.MaximumLength = 0;
3076 } else {
77159b4d 3077 __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
1da177e4 3078 nls_codepage);
77159b4d 3079 ln *= 2;
1da177e4 3080 SecurityBlob->DomainName.MaximumLength =
77159b4d 3081 cpu_to_le16(ln);
1da177e4
LT		 3082 SecurityBlob->DomainName.Buffer =
3083 cpu_to_le32(SecurityBlobLength);
77159b4d
SF		 3084 bcc_ptr += ln;
3085 SecurityBlobLength += ln;
3086 SecurityBlob->DomainName.Length = cpu_to_le16(ln);
1da177e4
LT		 3087 }
3088 if (user == NULL) {
3089 SecurityBlob->UserName.Buffer = 0;
3090 SecurityBlob->UserName.Length = 0;
3091 SecurityBlob->UserName.MaximumLength = 0;
3092 } else {
77159b4d 3093 __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, user, 64,
1da177e4 3094 nls_codepage);
77159b4d 3095 ln *= 2;
1da177e4 3096 SecurityBlob->UserName.MaximumLength =
77159b4d 3097 cpu_to_le16(ln);
1da177e4
LT		 3098 SecurityBlob->UserName.Buffer =
3099 cpu_to_le32(SecurityBlobLength);
77159b4d
SF		 3100 bcc_ptr += ln;
3101 SecurityBlobLength += ln;
3102 SecurityBlob->UserName.Length = cpu_to_le16(ln);
1da177e4
LT		 3103 }
3104
63135e08
SF		 3105 /* SecurityBlob->WorkstationName.Length =
3106 cifs_strtoUCS((__le16 *) bcc_ptr, "AMACHINE",64, nls_codepage);
1da177e4 3107 SecurityBlob->WorkstationName.Length *= 2;
63135e08
SF		 3108 SecurityBlob->WorkstationName.MaximumLength =
3109 cpu_to_le16(SecurityBlob->WorkstationName.Length);
3110 SecurityBlob->WorkstationName.Buffer =
3111 cpu_to_le32(SecurityBlobLength);
1da177e4
LT		 3112 bcc_ptr += SecurityBlob->WorkstationName.Length;
3113 SecurityBlobLength += SecurityBlob->WorkstationName.Length;
63135e08
SF		 3114 SecurityBlob->WorkstationName.Length =
3115 cpu_to_le16(SecurityBlob->WorkstationName.Length); */
1da177e4
LT		 3116
3117 if ((long) bcc_ptr % 2) {
3118 *bcc_ptr = 0;
3119 bcc_ptr++;
3120 }
3121 bytes_returned =
e89dc920 3122 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
1da177e4
LT		 3123 32, nls_codepage);
3124 bcc_ptr += 2 * bytes_returned;
3125 bytes_returned =
e9ff3990 3126 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
1da177e4
LT		 3127 nls_codepage);
3128 bcc_ptr += 2 * bytes_returned;
3129 bcc_ptr += 2; /* null term version string */
3130 bytes_returned =
e89dc920 3131 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
1da177e4
LT		 3132 64, nls_codepage);
3133 bcc_ptr += 2 * bytes_returned;
3134 *(bcc_ptr + 1) = 0;
3135 *(bcc_ptr + 2) = 0;
3136 bcc_ptr += 2; /* null terminate network opsys string */
3137 *(bcc_ptr + 1) = 0;
3138 *(bcc_ptr + 2) = 0;
3139 bcc_ptr += 2; /* null domain */
3140 } else { /* ASCII */
3141 if (domain == NULL) {
3142 SecurityBlob->DomainName.Buffer = 0;
3143 SecurityBlob->DomainName.Length = 0;
3144 SecurityBlob->DomainName.MaximumLength = 0;
3145 } else {
77159b4d 3146 __u16 ln;
1da177e4
LT		 3147 negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
3148 strncpy(bcc_ptr, domain, 63);
77159b4d 3149 ln = strnlen(domain, 64);
1da177e4 3150 SecurityBlob->DomainName.MaximumLength =
77159b4d 3151 cpu_to_le16(ln);
1da177e4
LT		 3152 SecurityBlob->DomainName.Buffer =
3153 cpu_to_le32(SecurityBlobLength);
77159b4d
SF		 3154 bcc_ptr += ln;
3155 SecurityBlobLength += ln;
3156 SecurityBlob->DomainName.Length = cpu_to_le16(ln);
1da177e4
LT		 3157 }
3158 if (user == NULL) {
3159 SecurityBlob->UserName.Buffer = 0;
3160 SecurityBlob->UserName.Length = 0;
3161 SecurityBlob->UserName.MaximumLength = 0;
3162 } else {
77159b4d 3163 __u16 ln;
1da177e4 3164 strncpy(bcc_ptr, user, 63);
77159b4d
SF		 3165 ln = strnlen(user, 64);
3166 SecurityBlob->UserName.MaximumLength = cpu_to_le16(ln);
1da177e4 3167 SecurityBlob->UserName.Buffer =
77159b4d
SF		 3168 cpu_to_le32(SecurityBlobLength);
3169 bcc_ptr += ln;
3170 SecurityBlobLength += ln;
3171 SecurityBlob->UserName.Length = cpu_to_le16(ln);
1da177e4
LT		 3172 }
3173 /* BB fill in our workstation name if known BB */
3174
3175 strcpy(bcc_ptr, "Linux version ");
3176 bcc_ptr += strlen("Linux version ");
e9ff3990
SH		 3177 strcpy(bcc_ptr, utsname()->release);
3178 bcc_ptr += strlen(utsname()->release) + 1;
1da177e4
LT		 3179 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
3180 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
3181 bcc_ptr++; /* null domain */
3182 *bcc_ptr = 0;
3183 }
3184 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
3185 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
3186 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
3187 smb_buffer->smb_buf_length += count;
3188 pSMB->req.ByteCount = cpu_to_le16(count);
3189
3190 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
133672ef 3191 &bytes_returned, CIFS_LONG_OP);
1da177e4 3192 if (rc) {
6345a3a8
CG		 3193/* rc = map_smb_to_linux_error(smb_buffer_response) done in SendReceive now */
3194 } else if ((smb_buffer_response->WordCount == 3) ||
3195 (smb_buffer_response->WordCount == 4)) {
1da177e4 3196 __u16 action = le16_to_cpu(pSMBr->resp.Action);
6345a3a8 3197 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
1da177e4 3198 if (action & GUEST_LOGIN)
50c2f753
SF		 3199 cFYI(1, (" Guest login")); /* BB Should we set anything
3200 in SesInfo struct ? */
3201/* if (SecurityBlob2->MessageType != NtLm??) {
3202 cFYI("Unexpected message type on auth response is %d"));
3203 } */
3204
1da177e4
LT		 3205 if (ses) {
3206 cFYI(1,
50c2f753 3207 ("Check challenge UID %d vs auth response UID %d",
1da177e4 3208 ses->Suid, smb_buffer_response->Uid));
50c2f753
SF		 3209 /* UID left in wire format */
3210 ses->Suid = smb_buffer_response->Uid;
3211 bcc_ptr = pByteArea(smb_buffer_response);
3212 /* response can have either 3 or 4 word count - Samba sends 3 */
1da177e4
LT		 3213 if ((pSMBr->resp.hdr.WordCount == 3)
3214 || ((pSMBr->resp.hdr.WordCount == 4)
3215 && (blob_len <
3216 pSMBr->resp.ByteCount))) {
3217 if (pSMBr->resp.hdr.WordCount == 4) {
3218 bcc_ptr +=
3219 blob_len;
3220 cFYI(1,
3221 ("Security Blob Length %d ",
3222 blob_len));
3223 }
3224
3225 cFYI(1,
3226 ("NTLMSSP response to Authenticate "));
3227
3228 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3229 if ((long) (bcc_ptr) % 2) {
3230 remaining_words =
3231 (BCC(smb_buffer_response)
3232 - 1) / 2;
3233 bcc_ptr++; /* Unicode strings must be word aligned */
3234 } else {
3235 remaining_words = BCC(smb_buffer_response) / 2;
3236 }
77159b4d
SF		 3237 len = UniStrnlen((wchar_t *) bcc_ptr,
3238 remaining_words - 1);
1da177e4
LT		 3239/* We look for obvious messed up bcc or strings in response so we do not go off
3240 the end since (at least) WIN2K and Windows XP have a major bug in not null
3241 terminating last Unicode string in response */
fb8c4b14 3242 if (ses->serverOS)
08775834 3243 kfree(ses->serverOS);
1da177e4 3244 ses->serverOS =
e915fc49 3245 kzalloc(2 * (len + 1), GFP_KERNEL);
1da177e4 3246 cifs_strfromUCS_le(ses->serverOS,
e89dc920 3247 (__le16 *)
1da177e4
LT		 3248 bcc_ptr, len,
3249 nls_codepage);
3250 bcc_ptr += 2 * (len + 1);
3251 remaining_words -= len + 1;
3252 ses->serverOS[2 * len] = 0;
3253 ses->serverOS[1 + (2 * len)] = 0;
3254 if (remaining_words > 0) {
3255 len = UniStrnlen((wchar_t *)
3256 bcc_ptr,
3257 remaining_words
3258 - 1);
cd49b492 3259 kfree(ses->serverNOS);
1da177e4 3260 ses->serverNOS =
e915fc49 3261 kzalloc(2 * (len + 1),
1da177e4
LT		 3262 GFP_KERNEL);
3263 cifs_strfromUCS_le(ses->
3264 serverNOS,
e89dc920 3265 (__le16 *)
1da177e4
LT		 3266 bcc_ptr,
3267 len,
3268 nls_codepage);
3269 bcc_ptr += 2 * (len + 1);
3270 ses->serverNOS[2 * len] = 0;
3271 ses->serverNOS[1+(2*len)] = 0;
3272 remaining_words -= len + 1;
3273 if (remaining_words > 0) {
50c2f753 3274 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
1da177e4 3275 /* last string not always null terminated (e.g. for Windows XP & 2000) */
fb8c4b14 3276 if (ses->serverDomain)
a424f8bf 3277 kfree(ses->serverDomain);
1da177e4 3278 ses->serverDomain =
e915fc49 3279 kzalloc(2 *
1da177e4
LT		 3280 (len +
3281 1),
3282 GFP_KERNEL);
3283 cifs_strfromUCS_le
3284 (ses->
3285 serverDomain,
e89dc920 3286 (__le16 *)
1da177e4
LT		 3287 bcc_ptr, len,
3288 nls_codepage);
3289 bcc_ptr +=
3290 2 * (len + 1);
3291 ses->
3292 serverDomain[2
3293 * len]
3294 = 0;
3295 ses->
3296 serverDomain[1
3297 +
3298 (2
3299 *
3300 len)]
3301 = 0;
3302 } /* else no more room so create dummy domain string */
a424f8bf 3303 else {
fb8c4b14 3304 if (ses->serverDomain)
a424f8bf 3305 kfree(ses->serverDomain);
e915fc49 3306 ses->serverDomain = kzalloc(2,GFP_KERNEL);
a424f8bf 3307 }
1da177e4 3308 } else { /* no room so create dummy domain and NOS string */
fb8c4b14 3309 if (ses->serverDomain)
a424f8bf 3310 kfree(ses->serverDomain);
e915fc49 3311 ses->serverDomain = kzalloc(2, GFP_KERNEL);
cd49b492 3312 kfree(ses->serverNOS);
e915fc49 3313 ses->serverNOS = kzalloc(2, GFP_KERNEL);
1da177e4
LT		 3314 }
3315 } else { /* ASCII */
3316 len = strnlen(bcc_ptr, 1024);
50c2f753
SF		 3317 if (((long) bcc_ptr + len) -
3318 (long) pByteArea(smb_buffer_response)
63135e08 3319 <= BCC(smb_buffer_response)) {
fb8c4b14 3320 if (ses->serverOS)
a424f8bf 3321 kfree(ses->serverOS);
77159b4d 3322 ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
1da177e4
LT		 3323 strncpy(ses->serverOS,bcc_ptr, len);
3324
3325 bcc_ptr += len;
3326 bcc_ptr[0] = 0; /* null terminate the string */
3327 bcc_ptr++;
3328
3329 len = strnlen(bcc_ptr, 1024);
cd49b492 3330 kfree(ses->serverNOS);
50c2f753
SF		 3331 ses->serverNOS = kzalloc(len+1,
3332 GFP_KERNEL);
63135e08
SF		 3333 strncpy(ses->serverNOS,
3334 bcc_ptr, len);
1da177e4
LT		 3335 bcc_ptr += len;
3336 bcc_ptr[0] = 0;
3337 bcc_ptr++;
3338
3339 len = strnlen(bcc_ptr, 1024);
fb8c4b14 3340 if (ses->serverDomain)
a424f8bf 3341 kfree(ses->serverDomain);
63135e08
SF		 3342 ses->serverDomain =
3343 kzalloc(len+1,
3344 GFP_KERNEL);
3345 strncpy(ses->serverDomain,
3346 bcc_ptr, len);
1da177e4
LT		 3347 bcc_ptr += len;
3348 bcc_ptr[0] = 0;
3349 bcc_ptr++;
3350 } else
6345a3a8 3351 cFYI(1, ("field of length %d "
63135e08 3352 "extends beyond end of smb ",
1da177e4
LT		 3353 len));
3354 }
3355 } else {
6345a3a8 3356 cERROR(1, ("Security Blob extends beyond end "
63135e08 3357 "of SMB"));
1da177e4
LT		 3358 }
3359 } else {
3360 cERROR(1, ("No session structure passed in."));
3361 }
3362 } else {
6345a3a8 3363 cERROR(1, ("Invalid Word count %d: ",
1da177e4
LT		 3364 smb_buffer_response->WordCount));
3365 rc = -EIO;
3366 }
3367
a8a11d39 3368 cifs_buf_release(smb_buffer);
1da177e4
LT		 3369
3370 return rc;
3371}
3372
3373int
3374CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3375 const char *tree, struct cifsTconInfo *tcon,
3376 const struct nls_table *nls_codepage)
3377{
3378 struct smb_hdr *smb_buffer;
3379 struct smb_hdr *smb_buffer_response;
3380 TCONX_REQ *pSMB;
3381 TCONX_RSP *pSMBr;
3382 unsigned char *bcc_ptr;
3383 int rc = 0;
3384 int length;
3385 __u16 count;
3386
3387 if (ses == NULL)
3388 return -EIO;
3389
3390 smb_buffer = cifs_buf_get();
3391 if (smb_buffer == NULL) {
3392 return -ENOMEM;
3393 }
3394 smb_buffer_response = smb_buffer;
3395
3396 header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3397 NULL /*no tid */ , 4 /*wct */ );
1982c344
SF		 3398
3399 smb_buffer->Mid = GetNextMid(ses->server);
1da177e4
LT		 3400 smb_buffer->Uid = ses->Suid;
3401 pSMB = (TCONX_REQ *) smb_buffer;
3402 pSMBr = (TCONX_RSP *) smb_buffer_response;
3403
3404 pSMB->AndXCommand = 0xFF;
3405 pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
1da177e4 3406 bcc_ptr = &pSMB->Password[0];
fb8c4b14 3407 if ((ses->server->secMode) & SECMODE_USER) {
eeac8047 3408 pSMB->PasswordLength = cpu_to_le16(1); /* minimum */
7c7b25bc 3409 *bcc_ptr = 0; /* password is null byte */
eeac8047 3410 bcc_ptr++; /* skip password */
7c7b25bc 3411 /* already aligned so no need to do it below */
eeac8047 3412 } else {
7c7b25bc 3413 pSMB->PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);
eeac8047
SF		 3414 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3415 specified as required (when that support is added to
3416 the vfs in the future) as only NTLM or the much
7c7b25bc 3417 weaker LANMAN (which we do not send by default) is accepted
eeac8047
SF		 3418 by Samba (not sure whether other servers allow
3419 NTLMv2 password here) */
7c7b25bc 3420#ifdef CONFIG_CIFS_WEAK_PW_HASH
50c2f753 3421 if ((extended_security & CIFSSEC_MAY_LANMAN) &&
7c7b25bc
SF		 3422 (ses->server->secType == LANMAN))
3423 calc_lanman_hash(ses, bcc_ptr);
3424 else
3425#endif /* CIFS_WEAK_PW_HASH */
eeac8047
SF		 3426 SMBNTencrypt(ses->password,
3427 ses->server->cryptKey,
3428 bcc_ptr);
3429
7c7b25bc 3430 bcc_ptr += CIFS_SESS_KEY_SIZE;
fb8c4b14 3431 if (ses->capabilities & CAP_UNICODE) {
7c7b25bc
SF		 3432 /* must align unicode strings */
3433 *bcc_ptr = 0; /* null byte password */
3434 bcc_ptr++;
3435 }
eeac8047 3436 }
1da177e4 3437
50c2f753 3438 if (ses->server->secMode &
a878fb22 3439 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
1da177e4
LT		 3440 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3441
3442 if (ses->capabilities & CAP_STATUS32) {
3443 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3444 }
3445 if (ses->capabilities & CAP_DFS) {
3446 smb_buffer->Flags2 |= SMBFLG2_DFS;
3447 }
3448 if (ses->capabilities & CAP_UNICODE) {
3449 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3450 length =
50c2f753
SF		 3451 cifs_strtoUCS((__le16 *) bcc_ptr, tree,
3452 6 /* max utf8 char length in bytes */ *
a878fb22
SF		 3453 (/* server len*/ + 256 /* share len */), nls_codepage);
3454 bcc_ptr += 2 * length; /* convert num 16 bit words to bytes */
1da177e4
LT		 3455 bcc_ptr += 2; /* skip trailing null */
3456 } else { /* ASCII */
1da177e4
LT		 3457 strcpy(bcc_ptr, tree);
3458 bcc_ptr += strlen(tree) + 1;
3459 }
3460 strcpy(bcc_ptr, "?????");
3461 bcc_ptr += strlen("?????");
3462 bcc_ptr += 1;
3463 count = bcc_ptr - &pSMB->Password[0];
3464 pSMB->hdr.smb_buf_length += count;
3465 pSMB->ByteCount = cpu_to_le16(count);
3466
133672ef
SF		 3467 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length,
3468 CIFS_STD_OP);
1da177e4
LT		 3469
3470 /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3471 /* above now done in SendReceive */
3472 if ((rc == 0) && (tcon != NULL)) {
3473 tcon->tidStatus = CifsGood;
3474 tcon->tid = smb_buffer_response->Tid;
3475 bcc_ptr = pByteArea(smb_buffer_response);
3476 length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2);
50c2f753 3477 /* skip service field (NB: this field is always ASCII) */
7f8ed420
SF		 3478 if (length == 3) {
3479 if ((bcc_ptr[0] == 'I') && (bcc_ptr[1] == 'P') &&
3480 (bcc_ptr[2] == 'C')) {
3481 cFYI(1, ("IPC connection"));
3482 tcon->ipc = 1;
3483 }
3484 } else if (length == 2) {
3485 if ((bcc_ptr[0] == 'A') && (bcc_ptr[1] == ':')) {
3486 /* the most common case */
3487 cFYI(1, ("disk share connection"));
3488 }
3489 }
50c2f753 3490 bcc_ptr += length + 1;
1da177e4
LT		 3491 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3492 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3493 length = UniStrnlen((wchar_t *) bcc_ptr, 512);
3494 if ((bcc_ptr + (2 * length)) -
3495 pByteArea(smb_buffer_response) <=
3496 BCC(smb_buffer_response)) {
f99d49ad 3497 kfree(tcon->nativeFileSystem);
1da177e4 3498 tcon->nativeFileSystem =
e915fc49 3499 kzalloc(length + 2, GFP_KERNEL);
88f370a6
SF		 3500 if (tcon->nativeFileSystem)
3501 cifs_strfromUCS_le(
3502 tcon->nativeFileSystem,
3503 (__le16 *) bcc_ptr,
3504 length, nls_codepage);
1da177e4
LT		 3505 bcc_ptr += 2 * length;
3506 bcc_ptr[0] = 0; /* null terminate the string */
3507 bcc_ptr[1] = 0;
3508 bcc_ptr += 2;
3509 }
50c2f753 3510 /* else do not bother copying these information fields*/
1da177e4
LT		 3511 } else {
3512 length = strnlen(bcc_ptr, 1024);
3513 if ((bcc_ptr + length) -
3514 pByteArea(smb_buffer_response) <=
3515 BCC(smb_buffer_response)) {
f99d49ad 3516 kfree(tcon->nativeFileSystem);
1da177e4 3517 tcon->nativeFileSystem =
e915fc49 3518 kzalloc(length + 1, GFP_KERNEL);
88f370a6
SF		 3519 if (tcon->nativeFileSystem)
3520 strncpy(tcon->nativeFileSystem, bcc_ptr,
3521 length);
1da177e4 3522 }
50c2f753 3523 /* else do not bother copying these information fields*/
1da177e4 3524 }
fb8c4b14 3525 if ((smb_buffer_response->WordCount == 3) ||
1a4e15a0
SF		 3526 (smb_buffer_response->WordCount == 7))
3527 /* field is in same location */
3979877e
SF		 3528 tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3529 else
3530 tcon->Flags = 0;
1da177e4
LT		 3531 cFYI(1, ("Tcon flags: 0x%x ", tcon->Flags));
3532 } else if ((rc == 0) && tcon == NULL) {
50c2f753 3533 /* all we need to save for IPC$ connection */
1da177e4
LT		 3534 ses->ipc_tid = smb_buffer_response->Tid;
3535 }
3536
a8a11d39 3537 cifs_buf_release(smb_buffer);
1da177e4
LT		 3538 return rc;
3539}
3540
3541int
3542cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3543{
3544 int rc = 0;
3545 int xid;
3546 struct cifsSesInfo *ses = NULL;
3547 struct task_struct *cifsd_task;
50c2f753 3548 char *tmp;
1da177e4
LT		 3549
3550 xid = GetXid();
3551
3552 if (cifs_sb->tcon) {
3553 ses = cifs_sb->tcon->ses; /* save ptr to ses before delete tcon!*/
3554 rc = CIFSSMBTDis(xid, cifs_sb->tcon);
3555 if (rc == -EBUSY) {
3556 FreeXid(xid);
3557 return 0;
3558 }
5d941ca6 3559 DeleteTconOplockQEntries(cifs_sb->tcon);
1da177e4
LT		 3560 tconInfoFree(cifs_sb->tcon);
3561 if ((ses) && (ses->server)) {
3562 /* save off task so we do not refer to ses later */
3563 cifsd_task = ses->server->tsk;
3564 cFYI(1, ("About to do SMBLogoff "));
3565 rc = CIFSSMBLogoff(xid, ses);
3566 if (rc == -EBUSY) {
3567 FreeXid(xid);
3568 return 0;
3569 } else if (rc == -ESHUTDOWN) {
467a8f8d 3570 cFYI(1, ("Waking up socket by sending signal"));
f7f7c31c 3571 if (cifsd_task) {
50c2f753 3572 force_sig(SIGKILL, cifsd_task);
aaf737ad 3573 kthread_stop(cifsd_task);
f191401f 3574 }
1da177e4
LT		 3575 rc = 0;
3576 } /* else - we have an smb session
3577 left on this socket do not kill cifsd */
3578 } else
3579 cFYI(1, ("No session or bad tcon"));
3580 }
50c2f753 3581
1da177e4 3582 cifs_sb->tcon = NULL;
2fe87f02
SF		 3583 tmp = cifs_sb->prepath;
3584 cifs_sb->prepathlen = 0;
3585 cifs_sb->prepath = NULL;
3586 kfree(tmp);
1da177e4
LT		 3587 if (ses)
3588 sesInfoFree(ses);
3589
3590 FreeXid(xid);
88e7d705 3591 return rc;
50c2f753 3592}
1da177e4
LT		 3593
3594int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
50c2f753 3595 struct nls_table *nls_info)
1da177e4
LT		 3596{
3597 int rc = 0;
7c7b25bc 3598 char ntlm_session_key[CIFS_SESS_KEY_SIZE];
4b18f2a9 3599 bool ntlmv2_flag = false;
ad009ac9 3600 int first_time = 0;
1da177e4
LT		 3601
3602 /* what if server changes its buffer size after dropping the session? */
fb8c4b14 3603 if (pSesInfo->server->maxBuf == 0) /* no need to send on reconnect */ {
1da177e4 3604 rc = CIFSSMBNegotiate(xid, pSesInfo);
fb8c4b14 3605 if (rc == -EAGAIN) /* retry only once on 1st time connection */ {
1da177e4 3606 rc = CIFSSMBNegotiate(xid, pSesInfo);
50c2f753 3607 if (rc == -EAGAIN)
1da177e4
LT		 3608 rc = -EHOSTDOWN;
3609 }
fb8c4b14 3610 if (rc == 0) {
1da177e4 3611 spin_lock(&GlobalMid_Lock);
fb8c4b14 3612 if (pSesInfo->server->tcpStatus != CifsExiting)
1da177e4
LT		 3613 pSesInfo->server->tcpStatus = CifsGood;
3614 else
3615 rc = -EHOSTDOWN;
3616 spin_unlock(&GlobalMid_Lock);
3617
3618 }
ad009ac9 3619 first_time = 1;
1da177e4 3620 }
26b994fa
SF		 3621
3622 if (rc)
3623 goto ss_err_exit;
3624
3625 pSesInfo->flags = 0;
3626 pSesInfo->capabilities = pSesInfo->server->capabilities;
3627 if (linuxExtEnabled == 0)
3628 pSesInfo->capabilities &= (~CAP_UNIX);
ad009ac9 3629 /* pSesInfo->sequence_number = 0;*/
26b994fa
SF		 3630 cFYI(1, ("Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d",
3631 pSesInfo->server->secMode,
3632 pSesInfo->server->capabilities,
3633 pSesInfo->server->timeAdj));
3634 if (experimEnabled < 2)
3635 rc = CIFS_SessSetup(xid, pSesInfo, first_time, nls_info);
3636 else if (extended_security
3637 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3638 && (pSesInfo->server->secType == NTLMSSP)) {
3639 rc = -EOPNOTSUPP;
3640 } else if (extended_security
3641 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3642 && (pSesInfo->server->secType == RawNTLMSSP)) {
3643 cFYI(1, ("NTLMSSP sesssetup"));
3644 rc = CIFSNTLMSSPNegotiateSessSetup(xid, pSesInfo, &ntlmv2_flag,
3645 nls_info);
3646 if (!rc) {
3647 if (ntlmv2_flag) {
3648 char *v2_response;
3649 cFYI(1, ("more secure NTLM ver2 hash"));
3650 if (CalcNTLMv2_partial_mac_key(pSesInfo,
3651 nls_info)) {
3652 rc = -ENOMEM;
3653 goto ss_err_exit;
3654 } else
3655 v2_response = kmalloc(16 + 64 /* blob*/,
3656 GFP_KERNEL);
3657 if (v2_response) {
3658 CalcNTLMv2_response(pSesInfo,
3659 v2_response);
3660 /* if (first_time)
3661 cifs_calculate_ntlmv2_mac_key */
3662 kfree(v2_response);
1da177e4 3663 /* BB Put dummy sig in SessSetup PDU? */
1da177e4 3664 } else {
26b994fa
SF		 3665 rc = -ENOMEM;
3666 goto ss_err_exit;
1da177e4 3667 }
26b994fa
SF		 3668
3669 } else {
3670 SMBNTencrypt(pSesInfo->password,
3671 pSesInfo->server->cryptKey,
3672 ntlm_session_key);
3673
3674 if (first_time)
3675 cifs_calculate_mac_key(
3676 &pSesInfo->server->mac_signing_key,
3677 ntlm_session_key,
3678 pSesInfo->password);
3679 }
1da177e4
LT		 3680 /* for better security the weaker lanman hash not sent
3681 in AuthSessSetup so we no longer calculate it */
3682
26b994fa
SF		 3683 rc = CIFSNTLMSSPAuthSessSetup(xid, pSesInfo,
3684 ntlm_session_key,
3685 ntlmv2_flag,
3686 nls_info);
3687 }
3688 } else { /* old style NTLM 0.12 session setup */
3689 SMBNTencrypt(pSesInfo->password, pSesInfo->server->cryptKey,
3690 ntlm_session_key);
1da177e4 3691
26b994fa
SF		 3692 if (first_time)
3693 cifs_calculate_mac_key(
b609f06a 3694 &pSesInfo->server->mac_signing_key,
ad009ac9
SF		 3695 ntlm_session_key, pSesInfo->password);
3696
26b994fa
SF		 3697 rc = CIFSSessSetup(xid, pSesInfo, ntlm_session_key, nls_info);
3698 }
3699 if (rc) {
3700 cERROR(1, ("Send error in SessSetup = %d", rc));
3701 } else {
3702 cFYI(1, ("CIFS Session Established successfully"));
1da177e4 3703 pSesInfo->status = CifsGood;
1da177e4 3704 }
26b994fa 3705
1da177e4
LT		 3706ss_err_exit:
3707 return rc;
3708}
3709
Ubuntu Artful kernel mirror