]>
Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * fs/cifs/misc.c | |
3 | * | |
ad7a2926 | 4 | * Copyright (C) International Business Machines Corp., 2002,2008 |
1da177e4 LT |
5 | * Author(s): Steve French (sfrench@us.ibm.com) |
6 | * | |
7 | * This library is free software; you can redistribute it and/or modify | |
8 | * it under the terms of the GNU Lesser General Public License as published | |
9 | * by the Free Software Foundation; either version 2.1 of the License, or | |
10 | * (at your option) any later version. | |
11 | * | |
12 | * This library is distributed in the hope that it will be useful, | |
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See | |
15 | * the GNU Lesser General Public License for more details. | |
16 | * | |
17 | * You should have received a copy of the GNU Lesser General Public License | |
18 | * along with this library; if not, write to the Free Software | |
fb8c4b14 | 19 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
1da177e4 LT |
20 | */ |
21 | ||
22 | #include <linux/slab.h> | |
23 | #include <linux/ctype.h> | |
24 | #include <linux/mempool.h> | |
25 | #include "cifspdu.h" | |
26 | #include "cifsglob.h" | |
27 | #include "cifsproto.h" | |
28 | #include "cifs_debug.h" | |
29 | #include "smberr.h" | |
30 | #include "nterr.h" | |
6c91d362 | 31 | #include "cifs_unicode.h" |
1da177e4 LT |
32 | |
33 | extern mempool_t *cifs_sm_req_poolp; | |
34 | extern mempool_t *cifs_req_poolp; | |
fb8c4b14 | 35 | extern struct task_struct *oplockThread; |
1da177e4 | 36 | |
fb8c4b14 SF |
37 | /* The xid serves as a useful identifier for each incoming vfs request, |
38 | in a similar way to the mid which is useful to track each sent smb, | |
39 | and CurrentXid can also provide a running counter (although it | |
40 | will eventually wrap past zero) of the total vfs operations handled | |
1da177e4 LT |
41 | since the cifs fs was mounted */ |
42 | ||
43 | unsigned int | |
44 | _GetXid(void) | |
45 | { | |
46 | unsigned int xid; | |
47 | ||
48 | spin_lock(&GlobalMid_Lock); | |
49 | GlobalTotalActiveXid++; | |
50c2f753 SF |
50 | |
51 | /* keep high water mark for number of simultaneous ops in filesystem */ | |
1da177e4 | 52 | if (GlobalTotalActiveXid > GlobalMaxActiveXid) |
50c2f753 | 53 | GlobalMaxActiveXid = GlobalTotalActiveXid; |
790fe579 | 54 | if (GlobalTotalActiveXid > 65000) |
fb8c4b14 | 55 | cFYI(1, ("warning: more than 65000 requests active")); |
1da177e4 LT |
56 | xid = GlobalCurrentXid++; |
57 | spin_unlock(&GlobalMid_Lock); | |
58 | return xid; | |
59 | } | |
60 | ||
61 | void | |
62 | _FreeXid(unsigned int xid) | |
63 | { | |
64 | spin_lock(&GlobalMid_Lock); | |
790fe579 | 65 | /* if (GlobalTotalActiveXid == 0) |
1da177e4 LT |
66 | BUG(); */ |
67 | GlobalTotalActiveXid--; | |
68 | spin_unlock(&GlobalMid_Lock); | |
69 | } | |
70 | ||
71 | struct cifsSesInfo * | |
72 | sesInfoAlloc(void) | |
73 | { | |
74 | struct cifsSesInfo *ret_buf; | |
75 | ||
630f3f0c | 76 | ret_buf = kzalloc(sizeof(struct cifsSesInfo), GFP_KERNEL); |
1da177e4 | 77 | if (ret_buf) { |
1da177e4 LT |
78 | write_lock(&GlobalSMBSeslock); |
79 | atomic_inc(&sesInfoAllocCount); | |
80 | ret_buf->status = CifsNew; | |
81 | list_add(&ret_buf->cifsSessionList, &GlobalSMBSessionList); | |
82 | init_MUTEX(&ret_buf->sesSem); | |
83 | write_unlock(&GlobalSMBSeslock); | |
84 | } | |
85 | return ret_buf; | |
86 | } | |
87 | ||
88 | void | |
89 | sesInfoFree(struct cifsSesInfo *buf_to_free) | |
90 | { | |
91 | if (buf_to_free == NULL) { | |
92 | cFYI(1, ("Null buffer passed to sesInfoFree")); | |
93 | return; | |
94 | } | |
95 | ||
96 | write_lock(&GlobalSMBSeslock); | |
97 | atomic_dec(&sesInfoAllocCount); | |
98 | list_del(&buf_to_free->cifsSessionList); | |
99 | write_unlock(&GlobalSMBSeslock); | |
f99d49ad JJ |
100 | kfree(buf_to_free->serverOS); |
101 | kfree(buf_to_free->serverDomain); | |
102 | kfree(buf_to_free->serverNOS); | |
103 | kfree(buf_to_free->password); | |
3979877e | 104 | kfree(buf_to_free->domainName); |
1da177e4 LT |
105 | kfree(buf_to_free); |
106 | } | |
107 | ||
108 | struct cifsTconInfo * | |
109 | tconInfoAlloc(void) | |
110 | { | |
111 | struct cifsTconInfo *ret_buf; | |
630f3f0c | 112 | ret_buf = kzalloc(sizeof(struct cifsTconInfo), GFP_KERNEL); |
1da177e4 | 113 | if (ret_buf) { |
1da177e4 LT |
114 | write_lock(&GlobalSMBSeslock); |
115 | atomic_inc(&tconInfoAllocCount); | |
116 | list_add(&ret_buf->cifsConnectionList, | |
117 | &GlobalTreeConnectionList); | |
118 | ret_buf->tidStatus = CifsNew; | |
119 | INIT_LIST_HEAD(&ret_buf->openFileList); | |
120 | init_MUTEX(&ret_buf->tconSem); | |
121 | #ifdef CONFIG_CIFS_STATS | |
122 | spin_lock_init(&ret_buf->stat_lock); | |
123 | #endif | |
124 | write_unlock(&GlobalSMBSeslock); | |
125 | } | |
126 | return ret_buf; | |
127 | } | |
128 | ||
129 | void | |
130 | tconInfoFree(struct cifsTconInfo *buf_to_free) | |
131 | { | |
132 | if (buf_to_free == NULL) { | |
133 | cFYI(1, ("Null buffer passed to tconInfoFree")); | |
134 | return; | |
135 | } | |
136 | write_lock(&GlobalSMBSeslock); | |
137 | atomic_dec(&tconInfoAllocCount); | |
138 | list_del(&buf_to_free->cifsConnectionList); | |
139 | write_unlock(&GlobalSMBSeslock); | |
f99d49ad | 140 | kfree(buf_to_free->nativeFileSystem); |
1da177e4 LT |
141 | kfree(buf_to_free); |
142 | } | |
143 | ||
144 | struct smb_hdr * | |
145 | cifs_buf_get(void) | |
146 | { | |
147 | struct smb_hdr *ret_buf = NULL; | |
148 | ||
fb8c4b14 SF |
149 | /* We could use negotiated size instead of max_msgsize - |
150 | but it may be more efficient to always alloc same size | |
151 | albeit slightly larger than necessary and maxbuffersize | |
1da177e4 | 152 | defaults to this and can not be bigger */ |
232087cb | 153 | ret_buf = mempool_alloc(cifs_req_poolp, GFP_NOFS); |
1da177e4 LT |
154 | |
155 | /* clear the first few header bytes */ | |
156 | /* for most paths, more is cleared in header_assemble */ | |
157 | if (ret_buf) { | |
158 | memset(ret_buf, 0, sizeof(struct smb_hdr) + 3); | |
159 | atomic_inc(&bufAllocCount); | |
4498eed5 SF |
160 | #ifdef CONFIG_CIFS_STATS2 |
161 | atomic_inc(&totBufAllocCount); | |
162 | #endif /* CONFIG_CIFS_STATS2 */ | |
1da177e4 LT |
163 | } |
164 | ||
165 | return ret_buf; | |
166 | } | |
167 | ||
168 | void | |
169 | cifs_buf_release(void *buf_to_free) | |
170 | { | |
1da177e4 LT |
171 | if (buf_to_free == NULL) { |
172 | /* cFYI(1, ("Null buffer passed to cifs_buf_release"));*/ | |
173 | return; | |
174 | } | |
fb8c4b14 | 175 | mempool_free(buf_to_free, cifs_req_poolp); |
1da177e4 LT |
176 | |
177 | atomic_dec(&bufAllocCount); | |
178 | return; | |
179 | } | |
180 | ||
181 | struct smb_hdr * | |
182 | cifs_small_buf_get(void) | |
183 | { | |
184 | struct smb_hdr *ret_buf = NULL; | |
185 | ||
fb8c4b14 SF |
186 | /* We could use negotiated size instead of max_msgsize - |
187 | but it may be more efficient to always alloc same size | |
188 | albeit slightly larger than necessary and maxbuffersize | |
1da177e4 | 189 | defaults to this and can not be bigger */ |
232087cb | 190 | ret_buf = mempool_alloc(cifs_sm_req_poolp, GFP_NOFS); |
1da177e4 LT |
191 | if (ret_buf) { |
192 | /* No need to clear memory here, cleared in header assemble */ | |
193 | /* memset(ret_buf, 0, sizeof(struct smb_hdr) + 27);*/ | |
194 | atomic_inc(&smBufAllocCount); | |
4498eed5 SF |
195 | #ifdef CONFIG_CIFS_STATS2 |
196 | atomic_inc(&totSmBufAllocCount); | |
197 | #endif /* CONFIG_CIFS_STATS2 */ | |
198 | ||
1da177e4 LT |
199 | } |
200 | return ret_buf; | |
201 | } | |
202 | ||
203 | void | |
204 | cifs_small_buf_release(void *buf_to_free) | |
205 | { | |
206 | ||
207 | if (buf_to_free == NULL) { | |
208 | cFYI(1, ("Null buffer passed to cifs_small_buf_release")); | |
209 | return; | |
210 | } | |
fb8c4b14 | 211 | mempool_free(buf_to_free, cifs_sm_req_poolp); |
1da177e4 LT |
212 | |
213 | atomic_dec(&smBufAllocCount); | |
214 | return; | |
215 | } | |
216 | ||
fb8c4b14 | 217 | /* |
1982c344 SF |
218 | Find a free multiplex id (SMB mid). Otherwise there could be |
219 | mid collisions which might cause problems, demultiplexing the | |
220 | wrong response to this request. Multiplex ids could collide if | |
221 | one of a series requests takes much longer than the others, or | |
222 | if a very large number of long lived requests (byte range | |
223 | locks or FindNotify requests) are pending. No more than | |
fb8c4b14 | 224 | 64K-1 requests can be outstanding at one time. If no |
1982c344 SF |
225 | mids are available, return zero. A future optimization |
226 | could make the combination of mids and uid the key we use | |
fb8c4b14 | 227 | to demultiplex on (rather than mid alone). |
1982c344 SF |
228 | In addition to the above check, the cifs demultiplex |
229 | code already used the command code as a secondary | |
230 | check of the frame and if signing is negotiated the | |
231 | response would be discarded if the mid were the same | |
232 | but the signature was wrong. Since the mid is not put in the | |
233 | pending queue until later (when it is about to be dispatched) | |
fb8c4b14 | 234 | we do have to limit the number of outstanding requests |
1982c344 SF |
235 | to somewhat less than 64K-1 although it is hard to imagine |
236 | so many threads being in the vfs at one time. | |
237 | */ | |
238 | __u16 GetNextMid(struct TCP_Server_Info *server) | |
239 | { | |
240 | __u16 mid = 0; | |
241 | __u16 last_mid; | |
fb8c4b14 | 242 | int collision; |
1982c344 | 243 | |
790fe579 | 244 | if (server == NULL) |
1982c344 SF |
245 | return mid; |
246 | ||
247 | spin_lock(&GlobalMid_Lock); | |
248 | last_mid = server->CurrentMid; /* we do not want to loop forever */ | |
249 | server->CurrentMid++; | |
250 | /* This nested loop looks more expensive than it is. | |
fb8c4b14 | 251 | In practice the list of pending requests is short, |
1982c344 SF |
252 | fewer than 50, and the mids are likely to be unique |
253 | on the first pass through the loop unless some request | |
254 | takes longer than the 64 thousand requests before it | |
255 | (and it would also have to have been a request that | |
256 | did not time out) */ | |
fb8c4b14 | 257 | while (server->CurrentMid != last_mid) { |
1982c344 SF |
258 | struct list_head *tmp; |
259 | struct mid_q_entry *mid_entry; | |
260 | ||
261 | collision = 0; | |
790fe579 | 262 | if (server->CurrentMid == 0) |
1982c344 SF |
263 | server->CurrentMid++; |
264 | ||
265 | list_for_each(tmp, &server->pending_mid_q) { | |
266 | mid_entry = list_entry(tmp, struct mid_q_entry, qhead); | |
267 | ||
268 | if ((mid_entry->mid == server->CurrentMid) && | |
269 | (mid_entry->midState == MID_REQUEST_SUBMITTED)) { | |
270 | /* This mid is in use, try a different one */ | |
271 | collision = 1; | |
272 | break; | |
273 | } | |
274 | } | |
790fe579 | 275 | if (collision == 0) { |
1982c344 SF |
276 | mid = server->CurrentMid; |
277 | break; | |
278 | } | |
279 | server->CurrentMid++; | |
280 | } | |
281 | spin_unlock(&GlobalMid_Lock); | |
282 | return mid; | |
283 | } | |
284 | ||
285 | /* NB: MID can not be set if treeCon not passed in, in that | |
286 | case it is responsbility of caller to set the mid */ | |
1da177e4 LT |
287 | void |
288 | header_assemble(struct smb_hdr *buffer, char smb_command /* command */ , | |
289 | const struct cifsTconInfo *treeCon, int word_count | |
290 | /* length of fixed section (word count) in two byte units */) | |
291 | { | |
fb8c4b14 SF |
292 | struct list_head *temp_item; |
293 | struct cifsSesInfo *ses; | |
1da177e4 LT |
294 | char *temp = (char *) buffer; |
295 | ||
fb8c4b14 | 296 | memset(temp, 0, 256); /* bigger than MAX_CIFS_HDR_SIZE */ |
1da177e4 LT |
297 | |
298 | buffer->smb_buf_length = | |
630f3f0c | 299 | (2 * word_count) + sizeof(struct smb_hdr) - |
1da177e4 LT |
300 | 4 /* RFC 1001 length field does not count */ + |
301 | 2 /* for bcc field itself */ ; | |
1982c344 SF |
302 | /* Note that this is the only network field that has to be converted |
303 | to big endian and it is done just before we send it */ | |
1da177e4 LT |
304 | |
305 | buffer->Protocol[0] = 0xFF; | |
306 | buffer->Protocol[1] = 'S'; | |
307 | buffer->Protocol[2] = 'M'; | |
308 | buffer->Protocol[3] = 'B'; | |
309 | buffer->Command = smb_command; | |
310 | buffer->Flags = 0x00; /* case sensitive */ | |
311 | buffer->Flags2 = SMBFLG2_KNOWS_LONG_NAMES; | |
312 | buffer->Pid = cpu_to_le16((__u16)current->tgid); | |
313 | buffer->PidHigh = cpu_to_le16((__u16)(current->tgid >> 16)); | |
314 | spin_lock(&GlobalMid_Lock); | |
1da177e4 LT |
315 | spin_unlock(&GlobalMid_Lock); |
316 | if (treeCon) { | |
317 | buffer->Tid = treeCon->tid; | |
318 | if (treeCon->ses) { | |
319 | if (treeCon->ses->capabilities & CAP_UNICODE) | |
320 | buffer->Flags2 |= SMBFLG2_UNICODE; | |
ad7a2926 | 321 | if (treeCon->ses->capabilities & CAP_STATUS32) |
1da177e4 | 322 | buffer->Flags2 |= SMBFLG2_ERR_STATUS; |
ad7a2926 | 323 | |
1982c344 SF |
324 | /* Uid is not converted */ |
325 | buffer->Uid = treeCon->ses->Suid; | |
326 | buffer->Mid = GetNextMid(treeCon->ses->server); | |
790fe579 | 327 | if (multiuser_mount != 0) { |
1da177e4 LT |
328 | /* For the multiuser case, there are few obvious technically */ |
329 | /* possible mechanisms to match the local linux user (uid) */ | |
330 | /* to a valid remote smb user (smb_uid): */ | |
331 | /* 1) Query Winbind (or other local pam/nss daemon */ | |
332 | /* for userid/password/logon_domain or credential */ | |
333 | /* 2) Query Winbind for uid to sid to username mapping */ | |
334 | /* and see if we have a matching password for existing*/ | |
335 | /* session for that user perhas getting password by */ | |
336 | /* adding a new pam_cifs module that stores passwords */ | |
337 | /* so that the cifs vfs can get at that for all logged*/ | |
338 | /* on users */ | |
339 | /* 3) (Which is the mechanism we have chosen) */ | |
340 | /* Search through sessions to the same server for a */ | |
341 | /* a match on the uid that was passed in on mount */ | |
342 | /* with the current processes uid (or euid?) and use */ | |
343 | /* that smb uid. If no existing smb session for */ | |
344 | /* that uid found, use the default smb session ie */ | |
345 | /* the smb session for the volume mounted which is */ | |
346 | /* the same as would be used if the multiuser mount */ | |
347 | /* flag were disabled. */ | |
348 | ||
349 | /* BB Add support for establishing new tCon and SMB Session */ | |
fb8c4b14 | 350 | /* with userid/password pairs found on the smb session */ |
1da177e4 | 351 | /* for other target tcp/ip addresses BB */ |
790fe579 | 352 | if (current->fsuid != treeCon->ses->linux_uid) { |
63135e08 SF |
353 | cFYI(1, ("Multiuser mode and UID " |
354 | "did not match tcon uid")); | |
1da177e4 LT |
355 | read_lock(&GlobalSMBSeslock); |
356 | list_for_each(temp_item, &GlobalSMBSessionList) { | |
357 | ses = list_entry(temp_item, struct cifsSesInfo, cifsSessionList); | |
790fe579 SF |
358 | if (ses->linux_uid == current->fsuid) { |
359 | if (ses->server == treeCon->ses->server) { | |
fb8c4b14 | 360 | cFYI(1, ("found matching uid substitute right smb_uid")); |
1da177e4 LT |
361 | buffer->Uid = ses->Suid; |
362 | break; | |
363 | } else { | |
fb8c4b14 SF |
364 | /* BB eventually call cifs_setup_session here */ |
365 | cFYI(1, ("local UID found but no smb sess with this server exists")); | |
1da177e4 LT |
366 | } |
367 | } | |
368 | } | |
369 | read_unlock(&GlobalSMBSeslock); | |
370 | } | |
371 | } | |
372 | } | |
373 | if (treeCon->Flags & SMB_SHARE_IS_IN_DFS) | |
374 | buffer->Flags2 |= SMBFLG2_DFS; | |
d3485d37 SF |
375 | if (treeCon->nocase) |
376 | buffer->Flags |= SMBFLG_CASELESS; | |
790fe579 SF |
377 | if ((treeCon->ses) && (treeCon->ses->server)) |
378 | if (treeCon->ses->server->secMode & | |
1da177e4 LT |
379 | (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) |
380 | buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE; | |
381 | } | |
382 | ||
383 | /* endian conversion of flags is now done just before sending */ | |
384 | buffer->WordCount = (char) word_count; | |
385 | return; | |
386 | } | |
387 | ||
2cd646a2 | 388 | static int |
1da177e4 LT |
389 | checkSMBhdr(struct smb_hdr *smb, __u16 mid) |
390 | { | |
fb8c4b14 | 391 | /* Make sure that this really is an SMB, that it is a response, |
1da177e4 | 392 | and that the message ids match */ |
fb8c4b14 SF |
393 | if ((*(__le32 *) smb->Protocol == cpu_to_le32(0x424d53ff)) && |
394 | (mid == smb->Mid)) { | |
790fe579 | 395 | if (smb->Flags & SMBFLG_RESPONSE) |
fb8c4b14 SF |
396 | return 0; |
397 | else { | |
1da177e4 | 398 | /* only one valid case where server sends us request */ |
790fe579 | 399 | if (smb->Command == SMB_COM_LOCKING_ANDX) |
1da177e4 LT |
400 | return 0; |
401 | else | |
fb8c4b14 | 402 | cERROR(1, ("Received Request not response")); |
1da177e4 LT |
403 | } |
404 | } else { /* bad signature or mid */ | |
405 | if (*(__le32 *) smb->Protocol != cpu_to_le32(0x424d53ff)) | |
406 | cERROR(1, | |
6ab16d24 | 407 | ("Bad protocol string signature header %x", |
1da177e4 LT |
408 | *(unsigned int *) smb->Protocol)); |
409 | if (mid != smb->Mid) | |
410 | cERROR(1, ("Mids do not match")); | |
411 | } | |
412 | cERROR(1, ("bad smb detected. The Mid=%d", smb->Mid)); | |
413 | return 1; | |
414 | } | |
415 | ||
416 | int | |
d103e164 | 417 | checkSMB(struct smb_hdr *smb, __u16 mid, unsigned int length) |
1da177e4 | 418 | { |
70ca734a | 419 | __u32 len = smb->smb_buf_length; |
190fdeb8 | 420 | __u32 clc_len; /* calculated length */ |
184ed211 | 421 | cFYI(0, ("checkSMB Length: 0x%x, smb_buf_length: 0x%x", length, len)); |
d103e164 | 422 | |
630f3f0c SF |
423 | if (length < 2 + sizeof(struct smb_hdr)) { |
424 | if ((length >= sizeof(struct smb_hdr) - 1) | |
1da177e4 | 425 | && (smb->Status.CifsError != 0)) { |
d103e164 SF |
426 | smb->WordCount = 0; |
427 | /* some error cases do not return wct and bcc */ | |
428 | return 0; | |
fb8c4b14 | 429 | } else if ((length == sizeof(struct smb_hdr) + 1) && |
d103e164 | 430 | (smb->WordCount == 0)) { |
fb8c4b14 | 431 | char *tmp = (char *)smb; |
d103e164 SF |
432 | /* Need to work around a bug in two servers here */ |
433 | /* First, check if the part of bcc they sent was zero */ | |
434 | if (tmp[sizeof(struct smb_hdr)] == 0) { | |
435 | /* some servers return only half of bcc | |
436 | * on simple responses (wct, bcc both zero) | |
437 | * in particular have seen this on | |
438 | * ulogoffX and FindClose. This leaves | |
439 | * one byte of bcc potentially unitialized | |
440 | */ | |
441 | /* zero rest of bcc */ | |
442 | tmp[sizeof(struct smb_hdr)+1] = 0; | |
46c79a64 | 443 | return 0; |
1da177e4 | 444 | } |
fb8c4b14 | 445 | cERROR(1, ("rcvd invalid byte count (bcc)")); |
d103e164 SF |
446 | } else { |
447 | cERROR(1, ("Length less than smb header size")); | |
1da177e4 | 448 | } |
d103e164 SF |
449 | return 1; |
450 | } | |
451 | if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) { | |
452 | cERROR(1, ("smb length greater than MaxBufSize, mid=%d", | |
184ed211 | 453 | smb->Mid)); |
1da177e4 LT |
454 | return 1; |
455 | } | |
456 | ||
457 | if (checkSMBhdr(smb, mid)) | |
458 | return 1; | |
190fdeb8 | 459 | clc_len = smbCalcSize_LE(smb); |
184ed211 | 460 | |
790fe579 | 461 | if (4 + len != length) { |
63135e08 SF |
462 | cERROR(1, ("Length read does not match RFC1001 length %d", |
463 | len)); | |
184ed211 SF |
464 | return 1; |
465 | } | |
466 | ||
467 | if (4 + len != clc_len) { | |
468 | /* check if bcc wrapped around for large read responses */ | |
790fe579 | 469 | if ((len > 64 * 1024) && (len > clc_len)) { |
184ed211 | 470 | /* check if lengths match mod 64K */ |
790fe579 | 471 | if (((4 + len) & 0xFFFF) == (clc_len & 0xFFFF)) |
fb8c4b14 | 472 | return 0; /* bcc wrapped */ |
184ed211 | 473 | } |
46c79a64 SF |
474 | cFYI(1, ("Calculated size %d vs length %d mismatch for mid %d", |
475 | clc_len, 4 + len, smb->Mid)); | |
190fdeb8 | 476 | /* Windows XP can return a few bytes too much, presumably |
fb8c4b14 | 477 | an illegal pad, at the end of byte range lock responses |
6ab16d24 | 478 | so we allow for that three byte pad, as long as actual |
190fdeb8 | 479 | received length is as long or longer than calculated length */ |
fb8c4b14 | 480 | /* We have now had to extend this more, since there is a |
6ab16d24 SF |
481 | case in which it needs to be bigger still to handle a |
482 | malformed response to transact2 findfirst from WinXP when | |
483 | access denied is returned and thus bcc and wct are zero | |
484 | but server says length is 0x21 bytes too long as if the server | |
485 | forget to reset the smb rfc1001 length when it reset the | |
486 | wct and bcc to minimum size and drop the t2 parms and data */ | |
790fe579 | 487 | if ((4+len > clc_len) && (len <= clc_len + 512)) |
190fdeb8 | 488 | return 0; |
46c79a64 SF |
489 | else { |
490 | cERROR(1, ("RFC1001 size %d bigger than SMB for Mid=%d", | |
491 | len, smb->Mid)); | |
190fdeb8 | 492 | return 1; |
46c79a64 | 493 | } |
1da177e4 | 494 | } |
20962438 | 495 | return 0; |
1da177e4 | 496 | } |
4b18f2a9 SF |
497 | |
498 | bool | |
d7c8c94d | 499 | is_valid_oplock_break(struct smb_hdr *buf, struct TCP_Server_Info *srv) |
fb8c4b14 SF |
500 | { |
501 | struct smb_com_lock_req *pSMB = (struct smb_com_lock_req *)buf; | |
1da177e4 LT |
502 | struct list_head *tmp; |
503 | struct list_head *tmp1; | |
504 | struct cifsTconInfo *tcon; | |
505 | struct cifsFileInfo *netfile; | |
506 | ||
fb8c4b14 | 507 | cFYI(1, ("Checking for oplock break or dnotify response")); |
790fe579 | 508 | if ((pSMB->hdr.Command == SMB_COM_NT_TRANSACT) && |
1da177e4 | 509 | (pSMB->hdr.Flags & SMBFLG_RESPONSE)) { |
fb8c4b14 | 510 | struct smb_com_transaction_change_notify_rsp *pSMBr = |
1da177e4 | 511 | (struct smb_com_transaction_change_notify_rsp *)buf; |
fb8c4b14 | 512 | struct file_notify_information *pnotify; |
1da177e4 | 513 | __u32 data_offset = 0; |
790fe579 | 514 | if (pSMBr->ByteCount > sizeof(struct file_notify_information)) { |
1da177e4 LT |
515 | data_offset = le32_to_cpu(pSMBr->DataOffset); |
516 | ||
3979877e SF |
517 | pnotify = (struct file_notify_information *) |
518 | ((char *)&pSMBr->hdr.Protocol + data_offset); | |
63135e08 | 519 | cFYI(1, ("dnotify on %s Action: 0x%x", |
aaa9bbe0 | 520 | pnotify->FileName, pnotify->Action)); |
fb8c4b14 | 521 | /* cifs_dump_mem("Rcvd notify Data: ",buf, |
3979877e | 522 | sizeof(struct smb_hdr)+60); */ |
4b18f2a9 | 523 | return true; |
1da177e4 | 524 | } |
790fe579 | 525 | if (pSMBr->hdr.Status.CifsError) { |
fb8c4b14 SF |
526 | cFYI(1, ("notify err 0x%d", |
527 | pSMBr->hdr.Status.CifsError)); | |
4b18f2a9 | 528 | return true; |
1da177e4 | 529 | } |
4b18f2a9 | 530 | return false; |
fb8c4b14 | 531 | } |
790fe579 | 532 | if (pSMB->hdr.Command != SMB_COM_LOCKING_ANDX) |
4b18f2a9 | 533 | return false; |
790fe579 | 534 | if (pSMB->hdr.Flags & SMBFLG_RESPONSE) { |
1da177e4 LT |
535 | /* no sense logging error on invalid handle on oplock |
536 | break - harmless race between close request and oplock | |
537 | break response is expected from time to time writing out | |
538 | large dirty files cached on the client */ | |
fb8c4b14 SF |
539 | if ((NT_STATUS_INVALID_HANDLE) == |
540 | le32_to_cpu(pSMB->hdr.Status.CifsError)) { | |
541 | cFYI(1, ("invalid handle on oplock break")); | |
4b18f2a9 | 542 | return true; |
fb8c4b14 | 543 | } else if (ERRbadfid == |
1da177e4 | 544 | le16_to_cpu(pSMB->hdr.Status.DosError.Error)) { |
4b18f2a9 | 545 | return true; |
1da177e4 | 546 | } else { |
4b18f2a9 | 547 | return false; /* on valid oplock brk we get "request" */ |
1da177e4 LT |
548 | } |
549 | } | |
790fe579 | 550 | if (pSMB->hdr.WordCount != 8) |
4b18f2a9 | 551 | return false; |
1da177e4 | 552 | |
fb8c4b14 SF |
553 | cFYI(1, ("oplock type 0x%d level 0x%d", |
554 | pSMB->LockType, pSMB->OplockLevel)); | |
790fe579 | 555 | if (!(pSMB->LockType & LOCKING_ANDX_OPLOCK_RELEASE)) |
4b18f2a9 | 556 | return false; |
1da177e4 LT |
557 | |
558 | /* look up tcon based on tid & uid */ | |
559 | read_lock(&GlobalSMBSeslock); | |
560 | list_for_each(tmp, &GlobalTreeConnectionList) { | |
561 | tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList); | |
d7c8c94d | 562 | if ((tcon->tid == buf->Tid) && (srv == tcon->ses->server)) { |
a4544347 | 563 | cifs_stats_inc(&tcon->num_oplock_brks); |
fb8c4b14 SF |
564 | list_for_each(tmp1, &tcon->openFileList) { |
565 | netfile = list_entry(tmp1, struct cifsFileInfo, | |
57337e42 | 566 | tlist); |
790fe579 | 567 | if (pSMB->Fid == netfile->netfid) { |
1da177e4 LT |
568 | struct cifsInodeInfo *pCifsInode; |
569 | read_unlock(&GlobalSMBSeslock); | |
63135e08 SF |
570 | cFYI(1, |
571 | ("file id match, oplock break")); | |
fb8c4b14 | 572 | pCifsInode = |
1da177e4 | 573 | CIFS_I(netfile->pInode); |
4b18f2a9 | 574 | pCifsInode->clientCanCacheAll = false; |
790fe579 | 575 | if (pSMB->OplockLevel == 0) |
57337e42 | 576 | pCifsInode->clientCanCacheRead |
4b18f2a9 SF |
577 | = false; |
578 | pCifsInode->oplockPending = true; | |
57337e42 SF |
579 | AllocOplockQEntry(netfile->pInode, |
580 | netfile->netfid, | |
581 | tcon); | |
63135e08 SF |
582 | cFYI(1, |
583 | ("about to wake up oplock thread")); | |
790fe579 | 584 | if (oplockThread) |
57337e42 | 585 | wake_up_process(oplockThread); |
4b18f2a9 | 586 | return true; |
1da177e4 LT |
587 | } |
588 | } | |
589 | read_unlock(&GlobalSMBSeslock); | |
fb8c4b14 | 590 | cFYI(1, ("No matching file for oplock break")); |
4b18f2a9 | 591 | return true; |
1da177e4 LT |
592 | } |
593 | } | |
594 | read_unlock(&GlobalSMBSeslock); | |
fb8c4b14 | 595 | cFYI(1, ("Can not process oplock break for non-existent connection")); |
4b18f2a9 | 596 | return true; |
1da177e4 LT |
597 | } |
598 | ||
599 | void | |
600 | dump_smb(struct smb_hdr *smb_buf, int smb_buf_length) | |
601 | { | |
602 | int i, j; | |
603 | char debug_line[17]; | |
604 | unsigned char *buffer; | |
605 | ||
606 | if (traceSMB == 0) | |
607 | return; | |
608 | ||
609 | buffer = (unsigned char *) smb_buf; | |
610 | for (i = 0, j = 0; i < smb_buf_length; i++, j++) { | |
ad7a2926 SF |
611 | if (i % 8 == 0) { |
612 | /* have reached the beginning of line */ | |
1da177e4 LT |
613 | printk(KERN_DEBUG "| "); |
614 | j = 0; | |
615 | } | |
616 | printk("%0#4x ", buffer[i]); | |
617 | debug_line[2 * j] = ' '; | |
618 | if (isprint(buffer[i])) | |
619 | debug_line[1 + (2 * j)] = buffer[i]; | |
620 | else | |
621 | debug_line[1 + (2 * j)] = '_'; | |
622 | ||
ad7a2926 SF |
623 | if (i % 8 == 7) { |
624 | /* reached end of line, time to print ascii */ | |
1da177e4 LT |
625 | debug_line[16] = 0; |
626 | printk(" | %s\n", debug_line); | |
627 | } | |
628 | } | |
629 | for (; j < 8; j++) { | |
630 | printk(" "); | |
631 | debug_line[2 * j] = ' '; | |
632 | debug_line[1 + (2 * j)] = ' '; | |
633 | } | |
ad7a2926 | 634 | printk(" | %s\n", debug_line); |
1da177e4 LT |
635 | return; |
636 | } | |
6a0b4824 | 637 | |
6a0b4824 SF |
638 | /* Windows maps these to the user defined 16 bit Unicode range since they are |
639 | reserved symbols (along with \ and /), otherwise illegal to store | |
640 | in filenames in NTFS */ | |
d0724714 SF |
641 | #define UNI_ASTERIK (__u16) ('*' + 0xF000) |
642 | #define UNI_QUESTION (__u16) ('?' + 0xF000) | |
643 | #define UNI_COLON (__u16) (':' + 0xF000) | |
644 | #define UNI_GRTRTHAN (__u16) ('>' + 0xF000) | |
645 | #define UNI_LESSTHAN (__u16) ('<' + 0xF000) | |
646 | #define UNI_PIPE (__u16) ('|' + 0xF000) | |
647 | #define UNI_SLASH (__u16) ('\\' + 0xF000) | |
6a0b4824 SF |
648 | |
649 | /* Convert 16 bit Unicode pathname from wire format to string in current code | |
650 | page. Conversion may involve remapping up the seven characters that are | |
651 | only legal in POSIX-like OS (if they are present in the string). Path | |
652 | names are little endian 16 bit Unicode on the wire */ | |
653 | int | |
fb8c4b14 SF |
654 | cifs_convertUCSpath(char *target, const __le16 *source, int maxlen, |
655 | const struct nls_table *cp) | |
6a0b4824 | 656 | { |
fb8c4b14 | 657 | int i, j, len; |
d0724714 | 658 | __u16 src_char; |
6a0b4824 | 659 | |
fb8c4b14 | 660 | for (i = 0, j = 0; i < maxlen; i++) { |
6a0b4824 SF |
661 | src_char = le16_to_cpu(source[i]); |
662 | switch (src_char) { | |
663 | case 0: | |
664 | goto cUCS_out; /* BB check this BB */ | |
665 | case UNI_COLON: | |
666 | target[j] = ':'; | |
667 | break; | |
668 | case UNI_ASTERIK: | |
669 | target[j] = '*'; | |
670 | break; | |
671 | case UNI_QUESTION: | |
672 | target[j] = '?'; | |
673 | break; | |
6c91d362 SF |
674 | /* BB We can not handle remapping slash until |
675 | all the calls to build_path_from_dentry | |
676 | are modified, as they use slash as separator BB */ | |
677 | /* case UNI_SLASH: | |
678 | target[j] = '\\'; | |
679 | break;*/ | |
6a0b4824 SF |
680 | case UNI_PIPE: |
681 | target[j] = '|'; | |
682 | break; | |
683 | case UNI_GRTRTHAN: | |
684 | target[j] = '>'; | |
685 | break; | |
686 | case UNI_LESSTHAN: | |
687 | target[j] = '<'; | |
67594feb | 688 | break; |
fb8c4b14 SF |
689 | default: |
690 | len = cp->uni2char(src_char, &target[j], | |
6a0b4824 | 691 | NLS_MAX_CHARSET_SIZE); |
790fe579 | 692 | if (len > 0) { |
6a0b4824 SF |
693 | j += len; |
694 | continue; | |
695 | } else { | |
696 | target[j] = '?'; | |
697 | } | |
698 | } | |
699 | j++; | |
57337e42 | 700 | /* make sure we do not overrun callers allocated temp buffer */ |
790fe579 | 701 | if (j >= (2 * NAME_MAX)) |
6a0b4824 SF |
702 | break; |
703 | } | |
704 | cUCS_out: | |
705 | target[j] = 0; | |
706 | return j; | |
707 | } | |
6c91d362 SF |
708 | |
709 | /* Convert 16 bit Unicode pathname to wire format from string in current code | |
710 | page. Conversion may involve remapping up the seven characters that are | |
711 | only legal in POSIX-like OS (if they are present in the string). Path | |
712 | names are little endian 16 bit Unicode on the wire */ | |
713 | int | |
fb8c4b14 SF |
714 | cifsConvertToUCS(__le16 *target, const char *source, int maxlen, |
715 | const struct nls_table *cp, int mapChars) | |
6c91d362 | 716 | { |
fb8c4b14 | 717 | int i, j, charlen; |
6c91d362 SF |
718 | int len_remaining = maxlen; |
719 | char src_char; | |
70ca734a | 720 | __u16 temp; |
6c91d362 | 721 | |
790fe579 | 722 | if (!mapChars) |
e89dc920 | 723 | return cifs_strtoUCS(target, source, PATH_MAX, cp); |
6c91d362 | 724 | |
fb8c4b14 | 725 | for (i = 0, j = 0; i < maxlen; j++) { |
6c91d362 SF |
726 | src_char = source[i]; |
727 | switch (src_char) { | |
728 | case 0: | |
f4cfd69c | 729 | target[j] = 0; |
6c91d362 SF |
730 | goto ctoUCS_out; |
731 | case ':': | |
732 | target[j] = cpu_to_le16(UNI_COLON); | |
733 | break; | |
734 | case '*': | |
735 | target[j] = cpu_to_le16(UNI_ASTERIK); | |
736 | break; | |
737 | case '?': | |
738 | target[j] = cpu_to_le16(UNI_QUESTION); | |
739 | break; | |
740 | case '<': | |
741 | target[j] = cpu_to_le16(UNI_LESSTHAN); | |
742 | break; | |
743 | case '>': | |
744 | target[j] = cpu_to_le16(UNI_GRTRTHAN); | |
745 | break; | |
746 | case '|': | |
747 | target[j] = cpu_to_le16(UNI_PIPE); | |
fb8c4b14 | 748 | break; |
6c91d362 SF |
749 | /* BB We can not handle remapping slash until |
750 | all the calls to build_path_from_dentry | |
751 | are modified, as they use slash as separator BB */ | |
752 | /* case '\\': | |
753 | target[j] = cpu_to_le16(UNI_SLASH); | |
754 | break;*/ | |
755 | default: | |
756 | charlen = cp->char2uni(source+i, | |
70ca734a | 757 | len_remaining, &temp); |
6c91d362 SF |
758 | /* if no match, use question mark, which |
759 | at least in some cases servers as wild card */ | |
790fe579 | 760 | if (charlen < 1) { |
6c91d362 SF |
761 | target[j] = cpu_to_le16(0x003f); |
762 | charlen = 1; | |
70ca734a SF |
763 | } else |
764 | target[j] = cpu_to_le16(temp); | |
6c91d362 SF |
765 | len_remaining -= charlen; |
766 | /* character may take more than one byte in the | |
767 | the source string, but will take exactly two | |
768 | bytes in the target string */ | |
fb8c4b14 | 769 | i += charlen; |
6c91d362 SF |
770 | continue; |
771 | } | |
772 | i++; /* move to next char in source string */ | |
773 | len_remaining--; | |
774 | } | |
775 | ||
776 | ctoUCS_out: | |
777 | return i; | |
778 | } |