]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blob - fs/cifs/connect.c
projects / mirror_ubuntu-artful-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge master.kernel.org:/pub/scm/linux/kernel/git/davej/agpgart
[mirror_ubuntu-artful-kernel.git] / fs / cifs / connect.c
1 /*
2 * fs/cifs/connect.c
3 *
4 * Copyright (C) International Business Machines Corp., 2002,2005
5 * Author(s): Steve French (sfrench@us.ibm.com)
6 *
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
21 #include <linux/fs.h>
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/ipv6.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/pagevec.h>
34 #include <asm/uaccess.h>
35 #include <asm/processor.h>
36 #include "cifspdu.h"
37 #include "cifsglob.h"
38 #include "cifsproto.h"
39 #include "cifs_unicode.h"
40 #include "cifs_debug.h"
41 #include "cifs_fs_sb.h"
42 #include "ntlmssp.h"
43 #include "nterr.h"
44 #include "rfc1002pdu.h"
45 #include "cn_cifs.h"
46
47 #define CIFS_PORT 445
48 #define RFC1001_PORT 139
49
50 static DECLARE_COMPLETION(cifsd_complete);
51
52 extern void SMBencrypt(unsigned char *passwd, unsigned char *c8,
53 unsigned char *p24);
54 extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
55 unsigned char *p24);
56
57 extern mempool_t *cifs_req_poolp;
58
59 struct smb_vol {
60 char *username;
61 char *password;
62 char *domainname;
63 char *UNC;
64 char *UNCip;
65 char *in6_addr; /* ipv6 address as human readable form of in6_addr */
66 char *iocharset; /* local code page for mapping to and from Unicode */
67 char source_rfc1001_name[16]; /* netbios name of client */
68 char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
69 uid_t linux_uid;
70 gid_t linux_gid;
71 mode_t file_mode;
72 mode_t dir_mode;
73 unsigned rw:1;
74 unsigned retry:1;
75 unsigned intr:1;
76 unsigned setuids:1;
77 unsigned noperm:1;
78 unsigned no_psx_acl:1; /* set if posix acl support should be disabled */
79 unsigned cifs_acl:1;
80 unsigned no_xattr:1; /* set if xattr (EA) support should be disabled*/
81 unsigned server_ino:1; /* use inode numbers from server ie UniqueId */
82 unsigned direct_io:1;
83 unsigned remap:1; /* set to remap seven reserved chars in filenames */
84 unsigned posix_paths:1; /* unset to not ask for posix pathnames. */
85 unsigned sfu_emul:1;
86 unsigned krb5:1;
87 unsigned ntlm:1;
88 unsigned ntlmv2:1;
89 unsigned nullauth:1; /* attempt to authenticate with null user */
90 unsigned sign:1;
91 unsigned seal:1; /* encrypt */
92 unsigned nocase; /* request case insensitive filenames */
93 unsigned nobrl; /* disable sending byte range locks to srv */
94 unsigned int rsize;
95 unsigned int wsize;
96 unsigned int sockopt;
97 unsigned short int port;
98 };
99
100 static int ipv4_connect(struct sockaddr_in *psin_server,
101 struct socket **csocket,
102 char * netb_name,
103 char * server_netb_name);
104 static int ipv6_connect(struct sockaddr_in6 *psin_server,
105 struct socket **csocket);
106
107
108 /*
109 * cifs tcp session reconnection
110 *
111 * mark tcp session as reconnecting so temporarily locked
112 * mark all smb sessions as reconnecting for tcp session
113 * reconnect tcp session
114 * wake up waiters on reconnection? - (not needed currently)
115 */
116
117 int
118 cifs_reconnect(struct TCP_Server_Info *server)
119 {
120 int rc = 0;
121 struct list_head *tmp;
122 struct cifsSesInfo *ses;
123 struct cifsTconInfo *tcon;
124 struct mid_q_entry * mid_entry;
125
126 spin_lock(&GlobalMid_Lock);
127 if(server->tcpStatus == CifsExiting) {
128 /* the demux thread will exit normally
129 next time through the loop */
130 spin_unlock(&GlobalMid_Lock);
131 return rc;
132 } else
133 server->tcpStatus = CifsNeedReconnect;
134 spin_unlock(&GlobalMid_Lock);
135 server->maxBuf = 0;
136
137 cFYI(1, ("Reconnecting tcp session"));
138
139 /* before reconnecting the tcp session, mark the smb session (uid)
140 and the tid bad so they are not used until reconnected */
141 read_lock(&GlobalSMBSeslock);
142 list_for_each(tmp, &GlobalSMBSessionList) {
143 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
144 if (ses->server) {
145 if (ses->server == server) {
146 ses->status = CifsNeedReconnect;
147 ses->ipc_tid = 0;
148 }
149 }
150 /* else tcp and smb sessions need reconnection */
151 }
152 list_for_each(tmp, &GlobalTreeConnectionList) {
153 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
154 if((tcon) && (tcon->ses) && (tcon->ses->server == server)) {
155 tcon->tidStatus = CifsNeedReconnect;
156 }
157 }
158 read_unlock(&GlobalSMBSeslock);
159 /* do not want to be sending data on a socket we are freeing */
160 down(&server->tcpSem);
161 if(server->ssocket) {
162 cFYI(1,("State: 0x%x Flags: 0x%lx", server->ssocket->state,
163 server->ssocket->flags));
164 server->ssocket->ops->shutdown(server->ssocket,SEND_SHUTDOWN);
165 cFYI(1,("Post shutdown state: 0x%x Flags: 0x%lx", server->ssocket->state,
166 server->ssocket->flags));
167 sock_release(server->ssocket);
168 server->ssocket = NULL;
169 }
170
171 spin_lock(&GlobalMid_Lock);
172 list_for_each(tmp, &server->pending_mid_q) {
173 mid_entry = list_entry(tmp, struct
174 mid_q_entry,
175 qhead);
176 if(mid_entry) {
177 if(mid_entry->midState == MID_REQUEST_SUBMITTED) {
178 /* Mark other intransit requests as needing
179 retry so we do not immediately mark the
180 session bad again (ie after we reconnect
181 below) as they timeout too */
182 mid_entry->midState = MID_RETRY_NEEDED;
183 }
184 }
185 }
186 spin_unlock(&GlobalMid_Lock);
187 up(&server->tcpSem);
188
189 while ((server->tcpStatus != CifsExiting) && (server->tcpStatus != CifsGood))
190 {
191 if(server->protocolType == IPV6) {
192 rc = ipv6_connect(&server->addr.sockAddr6,&server->ssocket);
193 } else {
194 rc = ipv4_connect(&server->addr.sockAddr,
195 &server->ssocket,
196 server->workstation_RFC1001_name,
197 server->server_RFC1001_name);
198 }
199 if(rc) {
200 cFYI(1,("reconnect error %d",rc));
201 msleep(3000);
202 } else {
203 atomic_inc(&tcpSesReconnectCount);
204 spin_lock(&GlobalMid_Lock);
205 if(server->tcpStatus != CifsExiting)
206 server->tcpStatus = CifsGood;
207 server->sequence_number = 0;
208 spin_unlock(&GlobalMid_Lock);
209 /* atomic_set(&server->inFlight,0);*/
210 wake_up(&server->response_q);
211 }
212 }
213 return rc;
214 }
215
216 /*
217 return codes:
218 0 not a transact2, or all data present
219 >0 transact2 with that much data missing
220 -EINVAL = invalid transact2
221
222 */
223 static int check2ndT2(struct smb_hdr * pSMB, unsigned int maxBufSize)
224 {
225 struct smb_t2_rsp * pSMBt;
226 int total_data_size;
227 int data_in_this_rsp;
228 int remaining;
229
230 if(pSMB->Command != SMB_COM_TRANSACTION2)
231 return 0;
232
233 /* check for plausible wct, bcc and t2 data and parm sizes */
234 /* check for parm and data offset going beyond end of smb */
235 if(pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
236 cFYI(1,("invalid transact2 word count"));
237 return -EINVAL;
238 }
239
240 pSMBt = (struct smb_t2_rsp *)pSMB;
241
242 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
243 data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
244
245 remaining = total_data_size - data_in_this_rsp;
246
247 if(remaining == 0)
248 return 0;
249 else if(remaining < 0) {
250 cFYI(1,("total data %d smaller than data in frame %d",
251 total_data_size, data_in_this_rsp));
252 return -EINVAL;
253 } else {
254 cFYI(1,("missing %d bytes from transact2, check next response",
255 remaining));
256 if(total_data_size > maxBufSize) {
257 cERROR(1,("TotalDataSize %d is over maximum buffer %d",
258 total_data_size,maxBufSize));
259 return -EINVAL;
260 }
261 return remaining;
262 }
263 }
264
265 static int coalesce_t2(struct smb_hdr * psecond, struct smb_hdr *pTargetSMB)
266 {
267 struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
268 struct smb_t2_rsp *pSMBt = (struct smb_t2_rsp *)pTargetSMB;
269 int total_data_size;
270 int total_in_buf;
271 int remaining;
272 int total_in_buf2;
273 char * data_area_of_target;
274 char * data_area_of_buf2;
275 __u16 byte_count;
276
277 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
278
279 if(total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
280 cFYI(1,("total data sizes of primary and secondary t2 differ"));
281 }
282
283 total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
284
285 remaining = total_data_size - total_in_buf;
286
287 if(remaining < 0)
288 return -EINVAL;
289
290 if(remaining == 0) /* nothing to do, ignore */
291 return 0;
292
293 total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
294 if(remaining < total_in_buf2) {
295 cFYI(1,("transact2 2nd response contains too much data"));
296 }
297
298 /* find end of first SMB data area */
299 data_area_of_target = (char *)&pSMBt->hdr.Protocol +
300 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
301 /* validate target area */
302
303 data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
304 le16_to_cpu(pSMB2->t2_rsp.DataOffset);
305
306 data_area_of_target += total_in_buf;
307
308 /* copy second buffer into end of first buffer */
309 memcpy(data_area_of_target,data_area_of_buf2,total_in_buf2);
310 total_in_buf += total_in_buf2;
311 pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
312 byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
313 byte_count += total_in_buf2;
314 BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
315
316 byte_count = pTargetSMB->smb_buf_length;
317 byte_count += total_in_buf2;
318
319 /* BB also add check that we are not beyond maximum buffer size */
320
321 pTargetSMB->smb_buf_length = byte_count;
322
323 if(remaining == total_in_buf2) {
324 cFYI(1,("found the last secondary response"));
325 return 0; /* we are done */
326 } else /* more responses to go */
327 return 1;
328
329 }
330
331 static int
332 cifs_demultiplex_thread(struct TCP_Server_Info *server)
333 {
334 int length;
335 unsigned int pdu_length, total_read;
336 struct smb_hdr *smb_buffer = NULL;
337 struct smb_hdr *bigbuf = NULL;
338 struct smb_hdr *smallbuf = NULL;
339 struct msghdr smb_msg;
340 struct kvec iov;
341 struct socket *csocket = server->ssocket;
342 struct list_head *tmp;
343 struct cifsSesInfo *ses;
344 struct task_struct *task_to_wake = NULL;
345 struct mid_q_entry *mid_entry;
346 char temp;
347 int isLargeBuf = FALSE;
348 int isMultiRsp;
349 int reconnect;
350
351 daemonize("cifsd");
352 allow_signal(SIGKILL);
353 current->flags |= PF_MEMALLOC;
354 server->tsk = current; /* save process info to wake at shutdown */
355 cFYI(1, ("Demultiplex PID: %d", current->pid));
356 write_lock(&GlobalSMBSeslock);
357 atomic_inc(&tcpSesAllocCount);
358 length = tcpSesAllocCount.counter;
359 write_unlock(&GlobalSMBSeslock);
360 complete(&cifsd_complete);
361 if(length > 1) {
362 mempool_resize(cifs_req_poolp,
363 length + cifs_min_rcv,
364 GFP_KERNEL);
365 }
366
367 while (server->tcpStatus != CifsExiting) {
368 if (try_to_freeze())
369 continue;
370 if (bigbuf == NULL) {
371 bigbuf = cifs_buf_get();
372 if(bigbuf == NULL) {
373 cERROR(1,("No memory for large SMB response"));
374 msleep(3000);
375 /* retry will check if exiting */
376 continue;
377 }
378 } else if(isLargeBuf) {
379 /* we are reusing a dirtry large buf, clear its start */
380 memset(bigbuf, 0, sizeof (struct smb_hdr));
381 }
382
383 if (smallbuf == NULL) {
384 smallbuf = cifs_small_buf_get();
385 if(smallbuf == NULL) {
386 cERROR(1,("No memory for SMB response"));
387 msleep(1000);
388 /* retry will check if exiting */
389 continue;
390 }
391 /* beginning of smb buffer is cleared in our buf_get */
392 } else /* if existing small buf clear beginning */
393 memset(smallbuf, 0, sizeof (struct smb_hdr));
394
395 isLargeBuf = FALSE;
396 isMultiRsp = FALSE;
397 smb_buffer = smallbuf;
398 iov.iov_base = smb_buffer;
399 iov.iov_len = 4;
400 smb_msg.msg_control = NULL;
401 smb_msg.msg_controllen = 0;
402 length =
403 kernel_recvmsg(csocket, &smb_msg,
404 &iov, 1, 4, 0 /* BB see socket.h flags */);
405
406 if(server->tcpStatus == CifsExiting) {
407 break;
408 } else if (server->tcpStatus == CifsNeedReconnect) {
409 cFYI(1,("Reconnect after server stopped responding"));
410 cifs_reconnect(server);
411 cFYI(1,("call to reconnect done"));
412 csocket = server->ssocket;
413 continue;
414 } else if ((length == -ERESTARTSYS) || (length == -EAGAIN)) {
415 msleep(1); /* minimum sleep to prevent looping
416 allowing socket to clear and app threads to set
417 tcpStatus CifsNeedReconnect if server hung */
418 continue;
419 } else if (length <= 0) {
420 if(server->tcpStatus == CifsNew) {
421 cFYI(1,("tcp session abend after SMBnegprot"));
422 /* some servers kill the TCP session rather than
423 returning an SMB negprot error, in which
424 case reconnecting here is not going to help,
425 and so simply return error to mount */
426 break;
427 }
428 if(length == -EINTR) {
429 cFYI(1,("cifsd thread killed"));
430 break;
431 }
432 cFYI(1,("Reconnect after unexpected peek error %d",
433 length));
434 cifs_reconnect(server);
435 csocket = server->ssocket;
436 wake_up(&server->response_q);
437 continue;
438 } else if (length < 4) {
439 cFYI(1,
440 ("Frame under four bytes received (%d bytes long)",
441 length));
442 cifs_reconnect(server);
443 csocket = server->ssocket;
444 wake_up(&server->response_q);
445 continue;
446 }
447
448 /* The right amount was read from socket - 4 bytes */
449 /* so we can now interpret the length field */
450
451 /* the first byte big endian of the length field,
452 is actually not part of the length but the type
453 with the most common, zero, as regular data */
454 temp = *((char *) smb_buffer);
455
456 /* Note that FC 1001 length is big endian on the wire,
457 but we convert it here so it is always manipulated
458 as host byte order */
459 pdu_length = ntohl(smb_buffer->smb_buf_length);
460 smb_buffer->smb_buf_length = pdu_length;
461
462 cFYI(1,("rfc1002 length 0x%x)", pdu_length+4));
463
464 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
465 continue;
466 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
467 cFYI(1,("Good RFC 1002 session rsp"));
468 continue;
469 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
470 /* we get this from Windows 98 instead of
471 an error on SMB negprot response */
472 cFYI(1,("Negative RFC1002 Session Response Error 0x%x)",
473 pdu_length));
474 if(server->tcpStatus == CifsNew) {
475 /* if nack on negprot (rather than
476 ret of smb negprot error) reconnecting
477 not going to help, ret error to mount */
478 break;
479 } else {
480 /* give server a second to
481 clean up before reconnect attempt */
482 msleep(1000);
483 /* always try 445 first on reconnect
484 since we get NACK on some if we ever
485 connected to port 139 (the NACK is
486 since we do not begin with RFC1001
487 session initialize frame) */
488 server->addr.sockAddr.sin_port =
489 htons(CIFS_PORT);
490 cifs_reconnect(server);
491 csocket = server->ssocket;
492 wake_up(&server->response_q);
493 continue;
494 }
495 } else if (temp != (char) 0) {
496 cERROR(1,("Unknown RFC 1002 frame"));
497 cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
498 length);
499 cifs_reconnect(server);
500 csocket = server->ssocket;
501 continue;
502 }
503
504 /* else we have an SMB response */
505 if((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
506 (pdu_length < sizeof (struct smb_hdr) - 1 - 4)) {
507 cERROR(1, ("Invalid size SMB length %d pdu_length %d",
508 length, pdu_length+4));
509 cifs_reconnect(server);
510 csocket = server->ssocket;
511 wake_up(&server->response_q);
512 continue;
513 }
514
515 /* else length ok */
516 reconnect = 0;
517
518 if(pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
519 isLargeBuf = TRUE;
520 memcpy(bigbuf, smallbuf, 4);
521 smb_buffer = bigbuf;
522 }
523 length = 0;
524 iov.iov_base = 4 + (char *)smb_buffer;
525 iov.iov_len = pdu_length;
526 for (total_read = 0; total_read < pdu_length;
527 total_read += length) {
528 length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
529 pdu_length - total_read, 0);
530 if((server->tcpStatus == CifsExiting) ||
531 (length == -EINTR)) {
532 /* then will exit */
533 reconnect = 2;
534 break;
535 } else if (server->tcpStatus == CifsNeedReconnect) {
536 cifs_reconnect(server);
537 csocket = server->ssocket;
538 /* Reconnect wakes up rspns q */
539 /* Now we will reread sock */
540 reconnect = 1;
541 break;
542 } else if ((length == -ERESTARTSYS) ||
543 (length == -EAGAIN)) {
544 msleep(1); /* minimum sleep to prevent looping,
545 allowing socket to clear and app
546 threads to set tcpStatus
547 CifsNeedReconnect if server hung*/
548 continue;
549 } else if (length <= 0) {
550 cERROR(1,("Received no data, expecting %d",
551 pdu_length - total_read));
552 cifs_reconnect(server);
553 csocket = server->ssocket;
554 reconnect = 1;
555 break;
556 }
557 }
558 if(reconnect == 2)
559 break;
560 else if(reconnect == 1)
561 continue;
562
563 length += 4; /* account for rfc1002 hdr */
564
565
566 dump_smb(smb_buffer, length);
567 if (checkSMB (smb_buffer, smb_buffer->Mid, total_read+4)) {
568 cifs_dump_mem("Bad SMB: ", smb_buffer, 48);
569 continue;
570 }
571
572
573 task_to_wake = NULL;
574 spin_lock(&GlobalMid_Lock);
575 list_for_each(tmp, &server->pending_mid_q) {
576 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
577
578 if ((mid_entry->mid == smb_buffer->Mid) &&
579 (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
580 (mid_entry->command == smb_buffer->Command)) {
581 if(check2ndT2(smb_buffer,server->maxBuf) > 0) {
582 /* We have a multipart transact2 resp */
583 isMultiRsp = TRUE;
584 if(mid_entry->resp_buf) {
585 /* merge response - fix up 1st*/
586 if(coalesce_t2(smb_buffer,
587 mid_entry->resp_buf)) {
588 break;
589 } else {
590 /* all parts received */
591 goto multi_t2_fnd;
592 }
593 } else {
594 if(!isLargeBuf) {
595 cERROR(1,("1st trans2 resp needs bigbuf"));
596 /* BB maybe we can fix this up, switch
597 to already allocated large buffer? */
598 } else {
599 /* Have first buffer */
600 mid_entry->resp_buf =
601 smb_buffer;
602 mid_entry->largeBuf = 1;
603 bigbuf = NULL;
604 }
605 }
606 break;
607 }
608 mid_entry->resp_buf = smb_buffer;
609 if(isLargeBuf)
610 mid_entry->largeBuf = 1;
611 else
612 mid_entry->largeBuf = 0;
613 multi_t2_fnd:
614 task_to_wake = mid_entry->tsk;
615 mid_entry->midState = MID_RESPONSE_RECEIVED;
616 #ifdef CONFIG_CIFS_STATS2
617 mid_entry->when_received = jiffies;
618 #endif
619 break;
620 }
621 }
622 spin_unlock(&GlobalMid_Lock);
623 if (task_to_wake) {
624 /* Was previous buf put in mpx struct for multi-rsp? */
625 if(!isMultiRsp) {
626 /* smb buffer will be freed by user thread */
627 if(isLargeBuf) {
628 bigbuf = NULL;
629 } else
630 smallbuf = NULL;
631 }
632 wake_up_process(task_to_wake);
633 } else if ((is_valid_oplock_break(smb_buffer) == FALSE)
634 && (isMultiRsp == FALSE)) {
635 cERROR(1, ("No task to wake, unknown frame rcvd!"));
636 cifs_dump_mem("Received Data is: ",(char *)smb_buffer,
637 sizeof(struct smb_hdr));
638 }
639 } /* end while !EXITING */
640
641 spin_lock(&GlobalMid_Lock);
642 server->tcpStatus = CifsExiting;
643 server->tsk = NULL;
644 /* check if we have blocked requests that need to free */
645 /* Note that cifs_max_pending is normally 50, but
646 can be set at module install time to as little as two */
647 if(atomic_read(&server->inFlight) >= cifs_max_pending)
648 atomic_set(&server->inFlight, cifs_max_pending - 1);
649 /* We do not want to set the max_pending too low or we
650 could end up with the counter going negative */
651 spin_unlock(&GlobalMid_Lock);
652 /* Although there should not be any requests blocked on
653 this queue it can not hurt to be paranoid and try to wake up requests
654 that may haven been blocked when more than 50 at time were on the wire
655 to the same server - they now will see the session is in exit state
656 and get out of SendReceive. */
657 wake_up_all(&server->request_q);
658 /* give those requests time to exit */
659 msleep(125);
660
661 if(server->ssocket) {
662 sock_release(csocket);
663 server->ssocket = NULL;
664 }
665 /* buffer usuallly freed in free_mid - need to free it here on exit */
666 if (bigbuf != NULL)
667 cifs_buf_release(bigbuf);
668 if (smallbuf != NULL)
669 cifs_small_buf_release(smallbuf);
670
671 read_lock(&GlobalSMBSeslock);
672 if (list_empty(&server->pending_mid_q)) {
673 /* loop through server session structures attached to this and
674 mark them dead */
675 list_for_each(tmp, &GlobalSMBSessionList) {
676 ses =
677 list_entry(tmp, struct cifsSesInfo,
678 cifsSessionList);
679 if (ses->server == server) {
680 ses->status = CifsExiting;
681 ses->server = NULL;
682 }
683 }
684 read_unlock(&GlobalSMBSeslock);
685 } else {
686 /* although we can not zero the server struct pointer yet,
687 since there are active requests which may depnd on them,
688 mark the corresponding SMB sessions as exiting too */
689 list_for_each(tmp, &GlobalSMBSessionList) {
690 ses = list_entry(tmp, struct cifsSesInfo,
691 cifsSessionList);
692 if (ses->server == server) {
693 ses->status = CifsExiting;
694 }
695 }
696
697 spin_lock(&GlobalMid_Lock);
698 list_for_each(tmp, &server->pending_mid_q) {
699 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
700 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
701 cFYI(1,
702 ("Clearing Mid 0x%x - waking up ",mid_entry->mid));
703 task_to_wake = mid_entry->tsk;
704 if(task_to_wake) {
705 wake_up_process(task_to_wake);
706 }
707 }
708 }
709 spin_unlock(&GlobalMid_Lock);
710 read_unlock(&GlobalSMBSeslock);
711 /* 1/8th of sec is more than enough time for them to exit */
712 msleep(125);
713 }
714
715 if (!list_empty(&server->pending_mid_q)) {
716 /* mpx threads have not exited yet give them
717 at least the smb send timeout time for long ops */
718 /* due to delays on oplock break requests, we need
719 to wait at least 45 seconds before giving up
720 on a request getting a response and going ahead
721 and killing cifsd */
722 cFYI(1, ("Wait for exit from demultiplex thread"));
723 msleep(46000);
724 /* if threads still have not exited they are probably never
725 coming home not much else we can do but free the memory */
726 }
727
728 write_lock(&GlobalSMBSeslock);
729 atomic_dec(&tcpSesAllocCount);
730 length = tcpSesAllocCount.counter;
731
732 /* last chance to mark ses pointers invalid
733 if there are any pointing to this (e.g
734 if a crazy root user tried to kill cifsd
735 kernel thread explicitly this might happen) */
736 list_for_each(tmp, &GlobalSMBSessionList) {
737 ses = list_entry(tmp, struct cifsSesInfo,
738 cifsSessionList);
739 if (ses->server == server) {
740 ses->server = NULL;
741 }
742 }
743 write_unlock(&GlobalSMBSeslock);
744
745 kfree(server);
746 if(length > 0) {
747 mempool_resize(cifs_req_poolp,
748 length + cifs_min_rcv,
749 GFP_KERNEL);
750 }
751
752 complete_and_exit(&cifsd_complete, 0);
753 return 0;
754 }
755
756 static int
757 cifs_parse_mount_options(char *options, const char *devname,struct smb_vol *vol)
758 {
759 char *value;
760 char *data;
761 unsigned int temp_len, i, j;
762 char separator[2];
763
764 separator[0] = ',';
765 separator[1] = 0;
766
767 memset(vol->source_rfc1001_name,0x20,15);
768 for(i=0;i < strnlen(system_utsname.nodename,15);i++) {
769 /* does not have to be a perfect mapping since the field is
770 informational, only used for servers that do not support
771 port 445 and it can be overridden at mount time */
772 vol->source_rfc1001_name[i] =
773 toupper(system_utsname.nodename[i]);
774 }
775 vol->source_rfc1001_name[15] = 0;
776 /* null target name indicates to use *SMBSERVR default called name
777 if we end up sending RFC1001 session initialize */
778 vol->target_rfc1001_name[0] = 0;
779 vol->linux_uid = current->uid; /* current->euid instead? */
780 vol->linux_gid = current->gid;
781 vol->dir_mode = S_IRWXUGO;
782 /* 2767 perms indicate mandatory locking support */
783 vol->file_mode = S_IALLUGO & ~(S_ISUID | S_IXGRP);
784
785 /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
786 vol->rw = TRUE;
787 vol->ntlm = TRUE;
788 /* default is always to request posix paths. */
789 vol->posix_paths = 1;
790
791 if (!options)
792 return 1;
793
794 if(strncmp(options,"sep=",4) == 0) {
795 if(options[4] != 0) {
796 separator[0] = options[4];
797 options += 5;
798 } else {
799 cFYI(1,("Null separator not allowed"));
800 }
801 }
802
803 while ((data = strsep(&options, separator)) != NULL) {
804 if (!*data)
805 continue;
806 if ((value = strchr(data, '=')) != NULL)
807 *value++ = '\0';
808
809 if (strnicmp(data, "user_xattr",10) == 0) {/*parse before user*/
810 vol->no_xattr = 0;
811 } else if (strnicmp(data, "nouser_xattr",12) == 0) {
812 vol->no_xattr = 1;
813 } else if (strnicmp(data, "user", 4) == 0) {
814 if (!value || !*value) {
815 printk(KERN_WARNING
816 "CIFS: invalid or missing username\n");
817 return 1; /* needs_arg; */
818 }
819 if (strnlen(value, 200) < 200) {
820 vol->username = value;
821 } else {
822 printk(KERN_WARNING "CIFS: username too long\n");
823 return 1;
824 }
825 } else if (strnicmp(data, "pass", 4) == 0) {
826 if (!value) {
827 vol->password = NULL;
828 continue;
829 } else if(value[0] == 0) {
830 /* check if string begins with double comma
831 since that would mean the password really
832 does start with a comma, and would not
833 indicate an empty string */
834 if(value[1] != separator[0]) {
835 vol->password = NULL;
836 continue;
837 }
838 }
839 temp_len = strlen(value);
840 /* removed password length check, NTLM passwords
841 can be arbitrarily long */
842
843 /* if comma in password, the string will be
844 prematurely null terminated. Commas in password are
845 specified across the cifs mount interface by a double
846 comma ie ,, and a comma used as in other cases ie ','
847 as a parameter delimiter/separator is single and due
848 to the strsep above is temporarily zeroed. */
849
850 /* NB: password legally can have multiple commas and
851 the only illegal character in a password is null */
852
853 if ((value[temp_len] == 0) &&
854 (value[temp_len+1] == separator[0])) {
855 /* reinsert comma */
856 value[temp_len] = separator[0];
857 temp_len+=2; /* move after the second comma */
858 while(value[temp_len] != 0) {
859 if (value[temp_len] == separator[0]) {
860 if (value[temp_len+1] ==
861 separator[0]) {
862 /* skip second comma */
863 temp_len++;
864 } else {
865 /* single comma indicating start
866 of next parm */
867 break;
868 }
869 }
870 temp_len++;
871 }
872 if(value[temp_len] == 0) {
873 options = NULL;
874 } else {
875 value[temp_len] = 0;
876 /* point option to start of next parm */
877 options = value + temp_len + 1;
878 }
879 /* go from value to value + temp_len condensing
880 double commas to singles. Note that this ends up
881 allocating a few bytes too many, which is ok */
882 vol->password = kzalloc(temp_len, GFP_KERNEL);
883 if(vol->password == NULL) {
884 printk("CIFS: no memory for pass\n");
885 return 1;
886 }
887 for(i=0,j=0;i<temp_len;i++,j++) {
888 vol->password[j] = value[i];
889 if(value[i] == separator[0]
890 && value[i+1] == separator[0]) {
891 /* skip second comma */
892 i++;
893 }
894 }
895 vol->password[j] = 0;
896 } else {
897 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
898 if(vol->password == NULL) {
899 printk("CIFS: no memory for pass\n");
900 return 1;
901 }
902 strcpy(vol->password, value);
903 }
904 } else if (strnicmp(data, "ip", 2) == 0) {
905 if (!value || !*value) {
906 vol->UNCip = NULL;
907 } else if (strnlen(value, 35) < 35) {
908 vol->UNCip = value;
909 } else {
910 printk(KERN_WARNING "CIFS: ip address too long\n");
911 return 1;
912 }
913 } else if (strnicmp(data, "sec", 3) == 0) {
914 if (!value || !*value) {
915 cERROR(1,("no security value specified"));
916 continue;
917 } else if (strnicmp(value, "krb5i", 5) == 0) {
918 vol->sign = 1;
919 vol->krb5 = 1;
920 } else if (strnicmp(value, "krb5p", 5) == 0) {
921 /* vol->seal = 1;
922 vol->krb5 = 1; */
923 cERROR(1,("Krb5 cifs privacy not supported"));
924 return 1;
925 } else if (strnicmp(value, "krb5", 4) == 0) {
926 vol->krb5 = 1;
927 } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
928 vol->ntlmv2 = 1;
929 vol->sign = 1;
930 } else if (strnicmp(value, "ntlmv2", 6) == 0) {
931 vol->ntlmv2 = 1;
932 } else if (strnicmp(value, "ntlmi", 5) == 0) {
933 vol->ntlm = 1;
934 vol->sign = 1;
935 } else if (strnicmp(value, "ntlm", 4) == 0) {
936 /* ntlm is default so can be turned off too */
937 vol->ntlm = 1;
938 } else if (strnicmp(value, "nontlm", 6) == 0) {
939 vol->ntlm = 0;
940 } else if (strnicmp(value, "none", 4) == 0) {
941 vol->nullauth = 1;
942 } else {
943 cERROR(1,("bad security option: %s", value));
944 return 1;
945 }
946 } else if ((strnicmp(data, "unc", 3) == 0)
947 || (strnicmp(data, "target", 6) == 0)
948 || (strnicmp(data, "path", 4) == 0)) {
949 if (!value || !*value) {
950 printk(KERN_WARNING
951 "CIFS: invalid path to network resource\n");
952 return 1; /* needs_arg; */
953 }
954 if ((temp_len = strnlen(value, 300)) < 300) {
955 vol->UNC = kmalloc(temp_len+1,GFP_KERNEL);
956 if(vol->UNC == NULL)
957 return 1;
958 strcpy(vol->UNC,value);
959 if (strncmp(vol->UNC, "//", 2) == 0) {
960 vol->UNC[0] = '\\';
961 vol->UNC[1] = '\\';
962 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
963 printk(KERN_WARNING
964 "CIFS: UNC Path does not begin with // or \\\\ \n");
965 return 1;
966 }
967 } else {
968 printk(KERN_WARNING "CIFS: UNC name too long\n");
969 return 1;
970 }
971 } else if ((strnicmp(data, "domain", 3) == 0)
972 || (strnicmp(data, "workgroup", 5) == 0)) {
973 if (!value || !*value) {
974 printk(KERN_WARNING "CIFS: invalid domain name\n");
975 return 1; /* needs_arg; */
976 }
977 /* BB are there cases in which a comma can be valid in
978 a domain name and need special handling? */
979 if (strnlen(value, 65) < 65) {
980 vol->domainname = value;
981 cFYI(1, ("Domain name set"));
982 } else {
983 printk(KERN_WARNING "CIFS: domain name too long\n");
984 return 1;
985 }
986 } else if (strnicmp(data, "iocharset", 9) == 0) {
987 if (!value || !*value) {
988 printk(KERN_WARNING "CIFS: invalid iocharset specified\n");
989 return 1; /* needs_arg; */
990 }
991 if (strnlen(value, 65) < 65) {
992 if(strnicmp(value,"default",7))
993 vol->iocharset = value;
994 /* if iocharset not set load_nls_default used by caller */
995 cFYI(1, ("iocharset set to %s",value));
996 } else {
997 printk(KERN_WARNING "CIFS: iocharset name too long.\n");
998 return 1;
999 }
1000 } else if (strnicmp(data, "uid", 3) == 0) {
1001 if (value && *value) {
1002 vol->linux_uid =
1003 simple_strtoul(value, &value, 0);
1004 }
1005 } else if (strnicmp(data, "gid", 3) == 0) {
1006 if (value && *value) {
1007 vol->linux_gid =
1008 simple_strtoul(value, &value, 0);
1009 }
1010 } else if (strnicmp(data, "file_mode", 4) == 0) {
1011 if (value && *value) {
1012 vol->file_mode =
1013 simple_strtoul(value, &value, 0);
1014 }
1015 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1016 if (value && *value) {
1017 vol->dir_mode =
1018 simple_strtoul(value, &value, 0);
1019 }
1020 } else if (strnicmp(data, "dirmode", 4) == 0) {
1021 if (value && *value) {
1022 vol->dir_mode =
1023 simple_strtoul(value, &value, 0);
1024 }
1025 } else if (strnicmp(data, "port", 4) == 0) {
1026 if (value && *value) {
1027 vol->port =
1028 simple_strtoul(value, &value, 0);
1029 }
1030 } else if (strnicmp(data, "rsize", 5) == 0) {
1031 if (value && *value) {
1032 vol->rsize =
1033 simple_strtoul(value, &value, 0);
1034 }
1035 } else if (strnicmp(data, "wsize", 5) == 0) {
1036 if (value && *value) {
1037 vol->wsize =
1038 simple_strtoul(value, &value, 0);
1039 }
1040 } else if (strnicmp(data, "sockopt", 5) == 0) {
1041 if (value && *value) {
1042 vol->sockopt =
1043 simple_strtoul(value, &value, 0);
1044 }
1045 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1046 if (!value || !*value || (*value == ' ')) {
1047 cFYI(1,("invalid (empty) netbiosname specified"));
1048 } else {
1049 memset(vol->source_rfc1001_name,0x20,15);
1050 for(i=0;i<15;i++) {
1051 /* BB are there cases in which a comma can be
1052 valid in this workstation netbios name (and need
1053 special handling)? */
1054
1055 /* We do not uppercase netbiosname for user */
1056 if (value[i]==0)
1057 break;
1058 else
1059 vol->source_rfc1001_name[i] = value[i];
1060 }
1061 /* The string has 16th byte zero still from
1062 set at top of the function */
1063 if((i==15) && (value[i] != 0))
1064 printk(KERN_WARNING "CIFS: netbiosname longer than 15 truncated.\n");
1065 }
1066 } else if (strnicmp(data, "servern", 7) == 0) {
1067 /* servernetbiosname specified override *SMBSERVER */
1068 if (!value || !*value || (*value == ' ')) {
1069 cFYI(1,("empty server netbiosname specified"));
1070 } else {
1071 /* last byte, type, is 0x20 for servr type */
1072 memset(vol->target_rfc1001_name,0x20,16);
1073
1074 for(i=0;i<15;i++) {
1075 /* BB are there cases in which a comma can be
1076 valid in this workstation netbios name (and need
1077 special handling)? */
1078
1079 /* user or mount helper must uppercase netbiosname */
1080 if (value[i]==0)
1081 break;
1082 else
1083 vol->target_rfc1001_name[i] = value[i];
1084 }
1085 /* The string has 16th byte zero still from
1086 set at top of the function */
1087 if((i==15) && (value[i] != 0))
1088 printk(KERN_WARNING "CIFS: server netbiosname longer than 15 truncated.\n");
1089 }
1090 } else if (strnicmp(data, "credentials", 4) == 0) {
1091 /* ignore */
1092 } else if (strnicmp(data, "version", 3) == 0) {
1093 /* ignore */
1094 } else if (strnicmp(data, "guest",5) == 0) {
1095 /* ignore */
1096 } else if (strnicmp(data, "rw", 2) == 0) {
1097 vol->rw = TRUE;
1098 } else if ((strnicmp(data, "suid", 4) == 0) ||
1099 (strnicmp(data, "nosuid", 6) == 0) ||
1100 (strnicmp(data, "exec", 4) == 0) ||
1101 (strnicmp(data, "noexec", 6) == 0) ||
1102 (strnicmp(data, "nodev", 5) == 0) ||
1103 (strnicmp(data, "noauto", 6) == 0) ||
1104 (strnicmp(data, "dev", 3) == 0)) {
1105 /* The mount tool or mount.cifs helper (if present)
1106 uses these opts to set flags, and the flags are read
1107 by the kernel vfs layer before we get here (ie
1108 before read super) so there is no point trying to
1109 parse these options again and set anything and it
1110 is ok to just ignore them */
1111 continue;
1112 } else if (strnicmp(data, "ro", 2) == 0) {
1113 vol->rw = FALSE;
1114 } else if (strnicmp(data, "hard", 4) == 0) {
1115 vol->retry = 1;
1116 } else if (strnicmp(data, "soft", 4) == 0) {
1117 vol->retry = 0;
1118 } else if (strnicmp(data, "perm", 4) == 0) {
1119 vol->noperm = 0;
1120 } else if (strnicmp(data, "noperm", 6) == 0) {
1121 vol->noperm = 1;
1122 } else if (strnicmp(data, "mapchars", 8) == 0) {
1123 vol->remap = 1;
1124 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1125 vol->remap = 0;
1126 } else if (strnicmp(data, "sfu", 3) == 0) {
1127 vol->sfu_emul = 1;
1128 } else if (strnicmp(data, "nosfu", 5) == 0) {
1129 vol->sfu_emul = 0;
1130 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1131 vol->posix_paths = 1;
1132 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1133 vol->posix_paths = 0;
1134 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1135 (strnicmp(data, "ignorecase", 10) == 0)) {
1136 vol->nocase = 1;
1137 } else if (strnicmp(data, "brl", 3) == 0) {
1138 vol->nobrl = 0;
1139 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1140 (strnicmp(data, "nolock", 6) == 0)) {
1141 vol->nobrl = 1;
1142 /* turn off mandatory locking in mode
1143 if remote locking is turned off since the
1144 local vfs will do advisory */
1145 if(vol->file_mode == (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1146 vol->file_mode = S_IALLUGO;
1147 } else if (strnicmp(data, "setuids", 7) == 0) {
1148 vol->setuids = 1;
1149 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1150 vol->setuids = 0;
1151 } else if (strnicmp(data, "nohard", 6) == 0) {
1152 vol->retry = 0;
1153 } else if (strnicmp(data, "nosoft", 6) == 0) {
1154 vol->retry = 1;
1155 } else if (strnicmp(data, "nointr", 6) == 0) {
1156 vol->intr = 0;
1157 } else if (strnicmp(data, "intr", 4) == 0) {
1158 vol->intr = 1;
1159 } else if (strnicmp(data, "serverino",7) == 0) {
1160 vol->server_ino = 1;
1161 } else if (strnicmp(data, "noserverino",9) == 0) {
1162 vol->server_ino = 0;
1163 } else if (strnicmp(data, "cifsacl",7) == 0) {
1164 vol->cifs_acl = 1;
1165 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1166 vol->cifs_acl = 0;
1167 } else if (strnicmp(data, "acl",3) == 0) {
1168 vol->no_psx_acl = 0;
1169 } else if (strnicmp(data, "noacl",5) == 0) {
1170 vol->no_psx_acl = 1;
1171 } else if (strnicmp(data, "direct",6) == 0) {
1172 vol->direct_io = 1;
1173 } else if (strnicmp(data, "forcedirectio",13) == 0) {
1174 vol->direct_io = 1;
1175 } else if (strnicmp(data, "in6_addr",8) == 0) {
1176 if (!value || !*value) {
1177 vol->in6_addr = NULL;
1178 } else if (strnlen(value, 49) == 48) {
1179 vol->in6_addr = value;
1180 } else {
1181 printk(KERN_WARNING "CIFS: ip v6 address not 48 characters long\n");
1182 return 1;
1183 }
1184 } else if (strnicmp(data, "noac", 4) == 0) {
1185 printk(KERN_WARNING "CIFS: Mount option noac not supported. Instead set /proc/fs/cifs/LookupCacheEnabled to 0\n");
1186 } else
1187 printk(KERN_WARNING "CIFS: Unknown mount option %s\n",data);
1188 }
1189 if (vol->UNC == NULL) {
1190 if(devname == NULL) {
1191 printk(KERN_WARNING "CIFS: Missing UNC name for mount target\n");
1192 return 1;
1193 }
1194 if ((temp_len = strnlen(devname, 300)) < 300) {
1195 vol->UNC = kmalloc(temp_len+1,GFP_KERNEL);
1196 if(vol->UNC == NULL)
1197 return 1;
1198 strcpy(vol->UNC,devname);
1199 if (strncmp(vol->UNC, "//", 2) == 0) {
1200 vol->UNC[0] = '\\';
1201 vol->UNC[1] = '\\';
1202 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1203 printk(KERN_WARNING "CIFS: UNC Path does not begin with // or \\\\ \n");
1204 return 1;
1205 }
1206 } else {
1207 printk(KERN_WARNING "CIFS: UNC name too long\n");
1208 return 1;
1209 }
1210 }
1211 if(vol->UNCip == NULL)
1212 vol->UNCip = &vol->UNC[2];
1213
1214 return 0;
1215 }
1216
1217 static struct cifsSesInfo *
1218 cifs_find_tcp_session(struct in_addr * target_ip_addr,
1219 struct in6_addr *target_ip6_addr,
1220 char *userName, struct TCP_Server_Info **psrvTcp)
1221 {
1222 struct list_head *tmp;
1223 struct cifsSesInfo *ses;
1224 *psrvTcp = NULL;
1225 read_lock(&GlobalSMBSeslock);
1226
1227 list_for_each(tmp, &GlobalSMBSessionList) {
1228 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
1229 if (ses->server) {
1230 if((target_ip_addr &&
1231 (ses->server->addr.sockAddr.sin_addr.s_addr
1232 == target_ip_addr->s_addr)) || (target_ip6_addr
1233 && memcmp(&ses->server->addr.sockAddr6.sin6_addr,
1234 target_ip6_addr,sizeof(*target_ip6_addr)))){
1235 /* BB lock server and tcp session and increment use count here?? */
1236 *psrvTcp = ses->server; /* found a match on the TCP session */
1237 /* BB check if reconnection needed */
1238 if (strncmp
1239 (ses->userName, userName,
1240 MAX_USERNAME_SIZE) == 0){
1241 read_unlock(&GlobalSMBSeslock);
1242 return ses; /* found exact match on both tcp and SMB sessions */
1243 }
1244 }
1245 }
1246 /* else tcp and smb sessions need reconnection */
1247 }
1248 read_unlock(&GlobalSMBSeslock);
1249 return NULL;
1250 }
1251
1252 static struct cifsTconInfo *
1253 find_unc(__be32 new_target_ip_addr, char *uncName, char *userName)
1254 {
1255 struct list_head *tmp;
1256 struct cifsTconInfo *tcon;
1257
1258 read_lock(&GlobalSMBSeslock);
1259 list_for_each(tmp, &GlobalTreeConnectionList) {
1260 cFYI(1, ("Next tcon - "));
1261 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
1262 if (tcon->ses) {
1263 if (tcon->ses->server) {
1264 cFYI(1,
1265 (" old ip addr: %x == new ip %x ?",
1266 tcon->ses->server->addr.sockAddr.sin_addr.
1267 s_addr, new_target_ip_addr));
1268 if (tcon->ses->server->addr.sockAddr.sin_addr.
1269 s_addr == new_target_ip_addr) {
1270 /* BB lock tcon and server and tcp session and increment use count here? */
1271 /* found a match on the TCP session */
1272 /* BB check if reconnection needed */
1273 cFYI(1,("Matched ip, old UNC: %s == new: %s ?",
1274 tcon->treeName, uncName));
1275 if (strncmp
1276 (tcon->treeName, uncName,
1277 MAX_TREE_SIZE) == 0) {
1278 cFYI(1,
1279 ("Matched UNC, old user: %s == new: %s ?",
1280 tcon->treeName, uncName));
1281 if (strncmp
1282 (tcon->ses->userName,
1283 userName,
1284 MAX_USERNAME_SIZE) == 0) {
1285 read_unlock(&GlobalSMBSeslock);
1286 return tcon;/* also matched user (smb session)*/
1287 }
1288 }
1289 }
1290 }
1291 }
1292 }
1293 read_unlock(&GlobalSMBSeslock);
1294 return NULL;
1295 }
1296
1297 int
1298 connect_to_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
1299 const char *old_path, const struct nls_table *nls_codepage,
1300 int remap)
1301 {
1302 unsigned char *referrals = NULL;
1303 unsigned int num_referrals;
1304 int rc = 0;
1305
1306 rc = get_dfs_path(xid, pSesInfo,old_path, nls_codepage,
1307 &num_referrals, &referrals, remap);
1308
1309 /* BB Add in code to: if valid refrl, if not ip address contact
1310 the helper that resolves tcp names, mount to it, try to
1311 tcon to it unmount it if fail */
1312
1313 kfree(referrals);
1314
1315 return rc;
1316 }
1317
1318 int
1319 get_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
1320 const char *old_path, const struct nls_table *nls_codepage,
1321 unsigned int *pnum_referrals,
1322 unsigned char ** preferrals, int remap)
1323 {
1324 char *temp_unc;
1325 int rc = 0;
1326
1327 *pnum_referrals = 0;
1328
1329 if (pSesInfo->ipc_tid == 0) {
1330 temp_unc = kmalloc(2 /* for slashes */ +
1331 strnlen(pSesInfo->serverName,SERVER_NAME_LEN_WITH_NULL * 2)
1332 + 1 + 4 /* slash IPC$ */ + 2,
1333 GFP_KERNEL);
1334 if (temp_unc == NULL)
1335 return -ENOMEM;
1336 temp_unc[0] = '\\';
1337 temp_unc[1] = '\\';
1338 strcpy(temp_unc + 2, pSesInfo->serverName);
1339 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
1340 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
1341 cFYI(1,
1342 ("CIFS Tcon rc = %d ipc_tid = %d", rc,pSesInfo->ipc_tid));
1343 kfree(temp_unc);
1344 }
1345 if (rc == 0)
1346 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
1347 pnum_referrals, nls_codepage, remap);
1348
1349 return rc;
1350 }
1351
1352 /* See RFC1001 section 14 on representation of Netbios names */
1353 static void rfc1002mangle(char * target,char * source, unsigned int length)
1354 {
1355 unsigned int i,j;
1356
1357 for(i=0,j=0;i<(length);i++) {
1358 /* mask a nibble at a time and encode */
1359 target[j] = 'A' + (0x0F & (source[i] >> 4));
1360 target[j+1] = 'A' + (0x0F & source[i]);
1361 j+=2;
1362 }
1363
1364 }
1365
1366
1367 static int
1368 ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket,
1369 char * netbios_name, char * target_name)
1370 {
1371 int rc = 0;
1372 int connected = 0;
1373 __be16 orig_port = 0;
1374
1375 if(*csocket == NULL) {
1376 rc = sock_create_kern(PF_INET, SOCK_STREAM, IPPROTO_TCP, csocket);
1377 if (rc < 0) {
1378 cERROR(1, ("Error %d creating socket",rc));
1379 *csocket = NULL;
1380 return rc;
1381 } else {
1382 /* BB other socket options to set KEEPALIVE, NODELAY? */
1383 cFYI(1,("Socket created"));
1384 (*csocket)->sk->sk_allocation = GFP_NOFS;
1385 }
1386 }
1387
1388 psin_server->sin_family = AF_INET;
1389 if(psin_server->sin_port) { /* user overrode default port */
1390 rc = (*csocket)->ops->connect(*csocket,
1391 (struct sockaddr *) psin_server,
1392 sizeof (struct sockaddr_in),0);
1393 if (rc >= 0)
1394 connected = 1;
1395 }
1396
1397 if(!connected) {
1398 /* save original port so we can retry user specified port
1399 later if fall back ports fail this time */
1400 orig_port = psin_server->sin_port;
1401
1402 /* do not retry on the same port we just failed on */
1403 if(psin_server->sin_port != htons(CIFS_PORT)) {
1404 psin_server->sin_port = htons(CIFS_PORT);
1405
1406 rc = (*csocket)->ops->connect(*csocket,
1407 (struct sockaddr *) psin_server,
1408 sizeof (struct sockaddr_in),0);
1409 if (rc >= 0)
1410 connected = 1;
1411 }
1412 }
1413 if (!connected) {
1414 psin_server->sin_port = htons(RFC1001_PORT);
1415 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1416 psin_server, sizeof (struct sockaddr_in),0);
1417 if (rc >= 0)
1418 connected = 1;
1419 }
1420
1421 /* give up here - unless we want to retry on different
1422 protocol families some day */
1423 if (!connected) {
1424 if(orig_port)
1425 psin_server->sin_port = orig_port;
1426 cFYI(1,("Error %d connecting to server via ipv4",rc));
1427 sock_release(*csocket);
1428 *csocket = NULL;
1429 return rc;
1430 }
1431 /* Eventually check for other socket options to change from
1432 the default. sock_setsockopt not used because it expects
1433 user space buffer */
1434 cFYI(1,("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",(*csocket)->sk->sk_sndbuf,
1435 (*csocket)->sk->sk_rcvbuf, (*csocket)->sk->sk_rcvtimeo));
1436 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1437 /* make the bufsizes depend on wsize/rsize and max requests */
1438 if((*csocket)->sk->sk_sndbuf < (200 * 1024))
1439 (*csocket)->sk->sk_sndbuf = 200 * 1024;
1440 if((*csocket)->sk->sk_rcvbuf < (140 * 1024))
1441 (*csocket)->sk->sk_rcvbuf = 140 * 1024;
1442
1443 /* send RFC1001 sessinit */
1444 if(psin_server->sin_port == htons(RFC1001_PORT)) {
1445 /* some servers require RFC1001 sessinit before sending
1446 negprot - BB check reconnection in case where second
1447 sessinit is sent but no second negprot */
1448 struct rfc1002_session_packet * ses_init_buf;
1449 struct smb_hdr * smb_buf;
1450 ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet), GFP_KERNEL);
1451 if(ses_init_buf) {
1452 ses_init_buf->trailer.session_req.called_len = 32;
1453 if(target_name && (target_name[0] != 0)) {
1454 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1455 target_name, 16);
1456 } else {
1457 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1458 DEFAULT_CIFS_CALLED_NAME,16);
1459 }
1460
1461 ses_init_buf->trailer.session_req.calling_len = 32;
1462 /* calling name ends in null (byte 16) from old smb
1463 convention. */
1464 if(netbios_name && (netbios_name[0] !=0)) {
1465 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1466 netbios_name,16);
1467 } else {
1468 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1469 "LINUX_CIFS_CLNT",16);
1470 }
1471 ses_init_buf->trailer.session_req.scope1 = 0;
1472 ses_init_buf->trailer.session_req.scope2 = 0;
1473 smb_buf = (struct smb_hdr *)ses_init_buf;
1474 /* sizeof RFC1002_SESSION_REQUEST with no scope */
1475 smb_buf->smb_buf_length = 0x81000044;
1476 rc = smb_send(*csocket, smb_buf, 0x44,
1477 (struct sockaddr *)psin_server);
1478 kfree(ses_init_buf);
1479 }
1480 /* else the negprot may still work without this
1481 even though malloc failed */
1482
1483 }
1484
1485 return rc;
1486 }
1487
1488 static int
1489 ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket)
1490 {
1491 int rc = 0;
1492 int connected = 0;
1493 __be16 orig_port = 0;
1494
1495 if(*csocket == NULL) {
1496 rc = sock_create_kern(PF_INET6, SOCK_STREAM, IPPROTO_TCP, csocket);
1497 if (rc < 0) {
1498 cERROR(1, ("Error %d creating ipv6 socket",rc));
1499 *csocket = NULL;
1500 return rc;
1501 } else {
1502 /* BB other socket options to set KEEPALIVE, NODELAY? */
1503 cFYI(1,("ipv6 Socket created"));
1504 (*csocket)->sk->sk_allocation = GFP_NOFS;
1505 }
1506 }
1507
1508 psin_server->sin6_family = AF_INET6;
1509
1510 if(psin_server->sin6_port) { /* user overrode default port */
1511 rc = (*csocket)->ops->connect(*csocket,
1512 (struct sockaddr *) psin_server,
1513 sizeof (struct sockaddr_in6),0);
1514 if (rc >= 0)
1515 connected = 1;
1516 }
1517
1518 if(!connected) {
1519 /* save original port so we can retry user specified port
1520 later if fall back ports fail this time */
1521
1522 orig_port = psin_server->sin6_port;
1523 /* do not retry on the same port we just failed on */
1524 if(psin_server->sin6_port != htons(CIFS_PORT)) {
1525 psin_server->sin6_port = htons(CIFS_PORT);
1526
1527 rc = (*csocket)->ops->connect(*csocket,
1528 (struct sockaddr *) psin_server,
1529 sizeof (struct sockaddr_in6),0);
1530 if (rc >= 0)
1531 connected = 1;
1532 }
1533 }
1534 if (!connected) {
1535 psin_server->sin6_port = htons(RFC1001_PORT);
1536 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1537 psin_server, sizeof (struct sockaddr_in6),0);
1538 if (rc >= 0)
1539 connected = 1;
1540 }
1541
1542 /* give up here - unless we want to retry on different
1543 protocol families some day */
1544 if (!connected) {
1545 if(orig_port)
1546 psin_server->sin6_port = orig_port;
1547 cFYI(1,("Error %d connecting to server via ipv6",rc));
1548 sock_release(*csocket);
1549 *csocket = NULL;
1550 return rc;
1551 }
1552 /* Eventually check for other socket options to change from
1553 the default. sock_setsockopt not used because it expects
1554 user space buffer */
1555 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1556
1557 return rc;
1558 }
1559
1560 int
1561 cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
1562 char *mount_data, const char *devname)
1563 {
1564 int rc = 0;
1565 int xid;
1566 int address_type = AF_INET;
1567 struct socket *csocket = NULL;
1568 struct sockaddr_in sin_server;
1569 struct sockaddr_in6 sin_server6;
1570 struct smb_vol volume_info;
1571 struct cifsSesInfo *pSesInfo = NULL;
1572 struct cifsSesInfo *existingCifsSes = NULL;
1573 struct cifsTconInfo *tcon = NULL;
1574 struct TCP_Server_Info *srvTcp = NULL;
1575
1576 xid = GetXid();
1577
1578 /* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */
1579
1580 memset(&volume_info,0,sizeof(struct smb_vol));
1581 if (cifs_parse_mount_options(mount_data, devname, &volume_info)) {
1582 kfree(volume_info.UNC);
1583 kfree(volume_info.password);
1584 FreeXid(xid);
1585 return -EINVAL;
1586 }
1587
1588 if (volume_info.username) {
1589 /* BB fixme parse for domain name here */
1590 cFYI(1, ("Username: %s ", volume_info.username));
1591
1592 } else {
1593 cifserror("No username specified");
1594 /* In userspace mount helper we can get user name from alternate
1595 locations such as env variables and files on disk */
1596 kfree(volume_info.UNC);
1597 kfree(volume_info.password);
1598 FreeXid(xid);
1599 return -EINVAL;
1600 }
1601
1602 if (volume_info.UNCip && volume_info.UNC) {
1603 rc = cifs_inet_pton(AF_INET, volume_info.UNCip,&sin_server.sin_addr.s_addr);
1604
1605 if(rc <= 0) {
1606 /* not ipv4 address, try ipv6 */
1607 rc = cifs_inet_pton(AF_INET6,volume_info.UNCip,&sin_server6.sin6_addr.in6_u);
1608 if(rc > 0)
1609 address_type = AF_INET6;
1610 } else {
1611 address_type = AF_INET;
1612 }
1613
1614 if(rc <= 0) {
1615 /* we failed translating address */
1616 kfree(volume_info.UNC);
1617 kfree(volume_info.password);
1618 FreeXid(xid);
1619 return -EINVAL;
1620 }
1621
1622 cFYI(1, ("UNC: %s ip: %s", volume_info.UNC, volume_info.UNCip));
1623 /* success */
1624 rc = 0;
1625 } else if (volume_info.UNCip){
1626 /* BB using ip addr as server name connect to the DFS root below */
1627 cERROR(1,("Connecting to DFS root not implemented yet"));
1628 kfree(volume_info.UNC);
1629 kfree(volume_info.password);
1630 FreeXid(xid);
1631 return -EINVAL;
1632 } else /* which servers DFS root would we conect to */ {
1633 cERROR(1,
1634 ("CIFS mount error: No UNC path (e.g. -o unc=//192.168.1.100/public) specified"));
1635 kfree(volume_info.UNC);
1636 kfree(volume_info.password);
1637 FreeXid(xid);
1638 return -EINVAL;
1639 }
1640
1641 /* this is needed for ASCII cp to Unicode converts */
1642 if(volume_info.iocharset == NULL) {
1643 cifs_sb->local_nls = load_nls_default();
1644 /* load_nls_default can not return null */
1645 } else {
1646 cifs_sb->local_nls = load_nls(volume_info.iocharset);
1647 if(cifs_sb->local_nls == NULL) {
1648 cERROR(1,("CIFS mount error: iocharset %s not found",volume_info.iocharset));
1649 kfree(volume_info.UNC);
1650 kfree(volume_info.password);
1651 FreeXid(xid);
1652 return -ELIBACC;
1653 }
1654 }
1655
1656 if(address_type == AF_INET)
1657 existingCifsSes = cifs_find_tcp_session(&sin_server.sin_addr,
1658 NULL /* no ipv6 addr */,
1659 volume_info.username, &srvTcp);
1660 else if(address_type == AF_INET6)
1661 existingCifsSes = cifs_find_tcp_session(NULL /* no ipv4 addr */,
1662 &sin_server6.sin6_addr,
1663 volume_info.username, &srvTcp);
1664 else {
1665 kfree(volume_info.UNC);
1666 kfree(volume_info.password);
1667 FreeXid(xid);
1668 return -EINVAL;
1669 }
1670
1671
1672 if (srvTcp) {
1673 cFYI(1, ("Existing tcp session with server found"));
1674 } else { /* create socket */
1675 if(volume_info.port)
1676 sin_server.sin_port = htons(volume_info.port);
1677 else
1678 sin_server.sin_port = 0;
1679 rc = ipv4_connect(&sin_server,&csocket,
1680 volume_info.source_rfc1001_name,
1681 volume_info.target_rfc1001_name);
1682 if (rc < 0) {
1683 cERROR(1,
1684 ("Error connecting to IPv4 socket. Aborting operation"));
1685 if(csocket != NULL)
1686 sock_release(csocket);
1687 kfree(volume_info.UNC);
1688 kfree(volume_info.password);
1689 FreeXid(xid);
1690 return rc;
1691 }
1692
1693 srvTcp = kmalloc(sizeof (struct TCP_Server_Info), GFP_KERNEL);
1694 if (srvTcp == NULL) {
1695 rc = -ENOMEM;
1696 sock_release(csocket);
1697 kfree(volume_info.UNC);
1698 kfree(volume_info.password);
1699 FreeXid(xid);
1700 return rc;
1701 } else {
1702 memset(srvTcp, 0, sizeof (struct TCP_Server_Info));
1703 memcpy(&srvTcp->addr.sockAddr, &sin_server, sizeof (struct sockaddr_in));
1704 atomic_set(&srvTcp->inFlight,0);
1705 /* BB Add code for ipv6 case too */
1706 srvTcp->ssocket = csocket;
1707 srvTcp->protocolType = IPV4;
1708 init_waitqueue_head(&srvTcp->response_q);
1709 init_waitqueue_head(&srvTcp->request_q);
1710 INIT_LIST_HEAD(&srvTcp->pending_mid_q);
1711 /* at this point we are the only ones with the pointer
1712 to the struct since the kernel thread not created yet
1713 so no need to spinlock this init of tcpStatus */
1714 srvTcp->tcpStatus = CifsNew;
1715 init_MUTEX(&srvTcp->tcpSem);
1716 rc = (int)kernel_thread((void *)(void *)cifs_demultiplex_thread, srvTcp,
1717 CLONE_FS | CLONE_FILES | CLONE_VM);
1718 if(rc < 0) {
1719 rc = -ENOMEM;
1720 sock_release(csocket);
1721 kfree(volume_info.UNC);
1722 kfree(volume_info.password);
1723 FreeXid(xid);
1724 return rc;
1725 }
1726 wait_for_completion(&cifsd_complete);
1727 rc = 0;
1728 memcpy(srvTcp->workstation_RFC1001_name, volume_info.source_rfc1001_name,16);
1729 memcpy(srvTcp->server_RFC1001_name, volume_info.target_rfc1001_name,16);
1730 srvTcp->sequence_number = 0;
1731 }
1732 }
1733
1734 if (existingCifsSes) {
1735 pSesInfo = existingCifsSes;
1736 cFYI(1, ("Existing smb sess found"));
1737 kfree(volume_info.password);
1738 /* volume_info.UNC freed at end of function */
1739 } else if (!rc) {
1740 cFYI(1, ("Existing smb sess not found"));
1741 pSesInfo = sesInfoAlloc();
1742 if (pSesInfo == NULL)
1743 rc = -ENOMEM;
1744 else {
1745 pSesInfo->server = srvTcp;
1746 sprintf(pSesInfo->serverName, "%u.%u.%u.%u",
1747 NIPQUAD(sin_server.sin_addr.s_addr));
1748 }
1749
1750 if (!rc){
1751 /* volume_info.password freed at unmount */
1752 if (volume_info.password)
1753 pSesInfo->password = volume_info.password;
1754 if (volume_info.username)
1755 strncpy(pSesInfo->userName,
1756 volume_info.username,MAX_USERNAME_SIZE);
1757 if (volume_info.domainname)
1758 strncpy(pSesInfo->domainName,
1759 volume_info.domainname,MAX_USERNAME_SIZE);
1760 pSesInfo->linux_uid = volume_info.linux_uid;
1761 down(&pSesInfo->sesSem);
1762 rc = cifs_setup_session(xid,pSesInfo, cifs_sb->local_nls);
1763 up(&pSesInfo->sesSem);
1764 if(!rc)
1765 atomic_inc(&srvTcp->socketUseCount);
1766 } else
1767 kfree(volume_info.password);
1768 }
1769
1770 /* search for existing tcon to this server share */
1771 if (!rc) {
1772 if(volume_info.rsize > CIFSMaxBufSize) {
1773 cERROR(1,("rsize %d too large, using MaxBufSize",
1774 volume_info.rsize));
1775 cifs_sb->rsize = CIFSMaxBufSize;
1776 } else if((volume_info.rsize) && (volume_info.rsize <= CIFSMaxBufSize))
1777 cifs_sb->rsize = volume_info.rsize;
1778 else /* default */
1779 cifs_sb->rsize = CIFSMaxBufSize;
1780
1781 if(volume_info.wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
1782 cERROR(1,("wsize %d too large using 4096 instead",
1783 volume_info.wsize));
1784 cifs_sb->wsize = 4096;
1785 } else if(volume_info.wsize)
1786 cifs_sb->wsize = volume_info.wsize;
1787 else
1788 cifs_sb->wsize = CIFSMaxBufSize; /* default */
1789 if(cifs_sb->rsize < PAGE_CACHE_SIZE) {
1790 cifs_sb->rsize = PAGE_CACHE_SIZE;
1791 /* Windows ME does this */
1792 cFYI(1,("Attempt to set readsize for mount to less than one page (4096)"));
1793 }
1794 cifs_sb->mnt_uid = volume_info.linux_uid;
1795 cifs_sb->mnt_gid = volume_info.linux_gid;
1796 cifs_sb->mnt_file_mode = volume_info.file_mode;
1797 cifs_sb->mnt_dir_mode = volume_info.dir_mode;
1798 cFYI(1,("file mode: 0x%x dir mode: 0x%x",
1799 cifs_sb->mnt_file_mode,cifs_sb->mnt_dir_mode));
1800
1801 if(volume_info.noperm)
1802 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
1803 if(volume_info.setuids)
1804 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
1805 if(volume_info.server_ino)
1806 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
1807 if(volume_info.remap)
1808 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
1809 if(volume_info.no_xattr)
1810 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
1811 if(volume_info.sfu_emul)
1812 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
1813 if(volume_info.nobrl)
1814 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
1815 if(volume_info.cifs_acl)
1816 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
1817
1818 if(volume_info.direct_io) {
1819 cFYI(1,("mounting share using direct i/o"));
1820 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
1821 }
1822
1823 tcon =
1824 find_unc(sin_server.sin_addr.s_addr, volume_info.UNC,
1825 volume_info.username);
1826 if (tcon) {
1827 cFYI(1, ("Found match on UNC path"));
1828 /* we can have only one retry value for a connection
1829 to a share so for resources mounted more than once
1830 to the same server share the last value passed in
1831 for the retry flag is used */
1832 tcon->retry = volume_info.retry;
1833 tcon->nocase = volume_info.nocase;
1834 } else {
1835 tcon = tconInfoAlloc();
1836 if (tcon == NULL)
1837 rc = -ENOMEM;
1838 else {
1839 /* check for null share name ie connect to dfs root */
1840
1841 /* BB check if this works for exactly length three strings */
1842 if ((strchr(volume_info.UNC + 3, '\\') == NULL)
1843 && (strchr(volume_info.UNC + 3, '/') ==
1844 NULL)) {
1845 rc = connect_to_dfs_path(xid, pSesInfo,
1846 "", cifs_sb->local_nls,
1847 cifs_sb->mnt_cifs_flags &
1848 CIFS_MOUNT_MAP_SPECIAL_CHR);
1849 kfree(volume_info.UNC);
1850 FreeXid(xid);
1851 return -ENODEV;
1852 } else {
1853 rc = CIFSTCon(xid, pSesInfo,
1854 volume_info.UNC,
1855 tcon, cifs_sb->local_nls);
1856 cFYI(1, ("CIFS Tcon rc = %d", rc));
1857 }
1858 if (!rc) {
1859 atomic_inc(&pSesInfo->inUse);
1860 tcon->retry = volume_info.retry;
1861 tcon->nocase = volume_info.nocase;
1862 }
1863 }
1864 }
1865 }
1866 if(pSesInfo) {
1867 if (pSesInfo->capabilities & CAP_LARGE_FILES) {
1868 sb->s_maxbytes = (u64) 1 << 63;
1869 } else
1870 sb->s_maxbytes = (u64) 1 << 31; /* 2 GB */
1871 }
1872
1873 sb->s_time_gran = 100;
1874
1875 /* on error free sesinfo and tcon struct if needed */
1876 if (rc) {
1877 /* if session setup failed, use count is zero but
1878 we still need to free cifsd thread */
1879 if(atomic_read(&srvTcp->socketUseCount) == 0) {
1880 spin_lock(&GlobalMid_Lock);
1881 srvTcp->tcpStatus = CifsExiting;
1882 spin_unlock(&GlobalMid_Lock);
1883 if(srvTcp->tsk) {
1884 send_sig(SIGKILL,srvTcp->tsk,1);
1885 wait_for_completion(&cifsd_complete);
1886 }
1887 }
1888 /* If find_unc succeeded then rc == 0 so we can not end */
1889 if (tcon) /* up accidently freeing someone elses tcon struct */
1890 tconInfoFree(tcon);
1891 if (existingCifsSes == NULL) {
1892 if (pSesInfo) {
1893 if ((pSesInfo->server) &&
1894 (pSesInfo->status == CifsGood)) {
1895 int temp_rc;
1896 temp_rc = CIFSSMBLogoff(xid, pSesInfo);
1897 /* if the socketUseCount is now zero */
1898 if((temp_rc == -ESHUTDOWN) &&
1899 (pSesInfo->server->tsk)) {
1900 send_sig(SIGKILL,pSesInfo->server->tsk,1);
1901 wait_for_completion(&cifsd_complete);
1902 }
1903 } else
1904 cFYI(1, ("No session or bad tcon"));
1905 sesInfoFree(pSesInfo);
1906 /* pSesInfo = NULL; */
1907 }
1908 }
1909 } else {
1910 atomic_inc(&tcon->useCount);
1911 cifs_sb->tcon = tcon;
1912 tcon->ses = pSesInfo;
1913
1914 /* do not care if following two calls succeed - informational only */
1915 CIFSSMBQFSDeviceInfo(xid, tcon);
1916 CIFSSMBQFSAttributeInfo(xid, tcon);
1917 if (tcon->ses->capabilities & CAP_UNIX) {
1918 if(!CIFSSMBQFSUnixInfo(xid, tcon)) {
1919 if(!volume_info.no_psx_acl) {
1920 if(CIFS_UNIX_POSIX_ACL_CAP &
1921 le64_to_cpu(tcon->fsUnixInfo.Capability))
1922 cFYI(1,("server negotiated posix acl support"));
1923 sb->s_flags |= MS_POSIXACL;
1924 }
1925
1926 /* Try and negotiate POSIX pathnames if we can. */
1927 if (volume_info.posix_paths && (CIFS_UNIX_POSIX_PATHNAMES_CAP &
1928 le64_to_cpu(tcon->fsUnixInfo.Capability))) {
1929 if (!CIFSSMBSetFSUnixInfo(xid, tcon, CIFS_UNIX_POSIX_PATHNAMES_CAP)) {
1930 cFYI(1,("negotiated posix pathnames support"));
1931 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_POSIX_PATHS;
1932 } else {
1933 cFYI(1,("posix pathnames support requested but not supported"));
1934 }
1935 }
1936 }
1937 }
1938 if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
1939 cifs_sb->wsize = min(cifs_sb->wsize,
1940 (tcon->ses->server->maxBuf -
1941 MAX_CIFS_HDR_SIZE));
1942 if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
1943 cifs_sb->rsize = min(cifs_sb->rsize,
1944 (tcon->ses->server->maxBuf -
1945 MAX_CIFS_HDR_SIZE));
1946 }
1947
1948 /* volume_info.password is freed above when existing session found
1949 (in which case it is not needed anymore) but when new sesion is created
1950 the password ptr is put in the new session structure (in which case the
1951 password will be freed at unmount time) */
1952 kfree(volume_info.UNC);
1953 FreeXid(xid);
1954 return rc;
1955 }
1956
1957 static int
1958 CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
1959 char session_key[CIFS_SESSION_KEY_SIZE],
1960 const struct nls_table *nls_codepage)
1961 {
1962 struct smb_hdr *smb_buffer;
1963 struct smb_hdr *smb_buffer_response;
1964 SESSION_SETUP_ANDX *pSMB;
1965 SESSION_SETUP_ANDX *pSMBr;
1966 char *bcc_ptr;
1967 char *user;
1968 char *domain;
1969 int rc = 0;
1970 int remaining_words = 0;
1971 int bytes_returned = 0;
1972 int len;
1973 __u32 capabilities;
1974 __u16 count;
1975
1976 cFYI(1, ("In sesssetup"));
1977 if(ses == NULL)
1978 return -EINVAL;
1979 user = ses->userName;
1980 domain = ses->domainName;
1981 smb_buffer = cifs_buf_get();
1982 if (smb_buffer == NULL) {
1983 return -ENOMEM;
1984 }
1985 smb_buffer_response = smb_buffer;
1986 pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
1987
1988 /* send SMBsessionSetup here */
1989 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
1990 NULL /* no tCon exists yet */ , 13 /* wct */ );
1991
1992 smb_buffer->Mid = GetNextMid(ses->server);
1993 pSMB->req_no_secext.AndXCommand = 0xFF;
1994 pSMB->req_no_secext.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
1995 pSMB->req_no_secext.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
1996
1997 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
1998 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
1999
2000 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2001 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
2002 if (ses->capabilities & CAP_UNICODE) {
2003 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2004 capabilities |= CAP_UNICODE;
2005 }
2006 if (ses->capabilities & CAP_STATUS32) {
2007 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2008 capabilities |= CAP_STATUS32;
2009 }
2010 if (ses->capabilities & CAP_DFS) {
2011 smb_buffer->Flags2 |= SMBFLG2_DFS;
2012 capabilities |= CAP_DFS;
2013 }
2014 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
2015
2016 pSMB->req_no_secext.CaseInsensitivePasswordLength =
2017 cpu_to_le16(CIFS_SESSION_KEY_SIZE);
2018
2019 pSMB->req_no_secext.CaseSensitivePasswordLength =
2020 cpu_to_le16(CIFS_SESSION_KEY_SIZE);
2021 bcc_ptr = pByteArea(smb_buffer);
2022 memcpy(bcc_ptr, (char *) session_key, CIFS_SESSION_KEY_SIZE);
2023 bcc_ptr += CIFS_SESSION_KEY_SIZE;
2024 memcpy(bcc_ptr, (char *) session_key, CIFS_SESSION_KEY_SIZE);
2025 bcc_ptr += CIFS_SESSION_KEY_SIZE;
2026
2027 if (ses->capabilities & CAP_UNICODE) {
2028 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode */
2029 *bcc_ptr = 0;
2030 bcc_ptr++;
2031 }
2032 if(user == NULL)
2033 bytes_returned = 0; /* skill null user */
2034 else
2035 bytes_returned =
2036 cifs_strtoUCS((__le16 *) bcc_ptr, user, 100,
2037 nls_codepage);
2038 /* convert number of 16 bit words to bytes */
2039 bcc_ptr += 2 * bytes_returned;
2040 bcc_ptr += 2; /* trailing null */
2041 if (domain == NULL)
2042 bytes_returned =
2043 cifs_strtoUCS((__le16 *) bcc_ptr,
2044 "CIFS_LINUX_DOM", 32, nls_codepage);
2045 else
2046 bytes_returned =
2047 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2048 nls_codepage);
2049 bcc_ptr += 2 * bytes_returned;
2050 bcc_ptr += 2;
2051 bytes_returned =
2052 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2053 32, nls_codepage);
2054 bcc_ptr += 2 * bytes_returned;
2055 bytes_returned =
2056 cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release,
2057 32, nls_codepage);
2058 bcc_ptr += 2 * bytes_returned;
2059 bcc_ptr += 2;
2060 bytes_returned =
2061 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2062 64, nls_codepage);
2063 bcc_ptr += 2 * bytes_returned;
2064 bcc_ptr += 2;
2065 } else {
2066 if(user != NULL) {
2067 strncpy(bcc_ptr, user, 200);
2068 bcc_ptr += strnlen(user, 200);
2069 }
2070 *bcc_ptr = 0;
2071 bcc_ptr++;
2072 if (domain == NULL) {
2073 strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2074 bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2075 } else {
2076 strncpy(bcc_ptr, domain, 64);
2077 bcc_ptr += strnlen(domain, 64);
2078 *bcc_ptr = 0;
2079 bcc_ptr++;
2080 }
2081 strcpy(bcc_ptr, "Linux version ");
2082 bcc_ptr += strlen("Linux version ");
2083 strcpy(bcc_ptr, system_utsname.release);
2084 bcc_ptr += strlen(system_utsname.release) + 1;
2085 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2086 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2087 }
2088 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2089 smb_buffer->smb_buf_length += count;
2090 pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
2091
2092 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2093 &bytes_returned, 1);
2094 if (rc) {
2095 /* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2096 } else if ((smb_buffer_response->WordCount == 3)
2097 || (smb_buffer_response->WordCount == 4)) {
2098 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2099 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2100 if (action & GUEST_LOGIN)
2101 cFYI(1, (" Guest login")); /* do we want to mark SesInfo struct ? */
2102 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format (le) */
2103 cFYI(1, ("UID = %d ", ses->Suid));
2104 /* response can have either 3 or 4 word count - Samba sends 3 */
2105 bcc_ptr = pByteArea(smb_buffer_response);
2106 if ((pSMBr->resp.hdr.WordCount == 3)
2107 || ((pSMBr->resp.hdr.WordCount == 4)
2108 && (blob_len < pSMBr->resp.ByteCount))) {
2109 if (pSMBr->resp.hdr.WordCount == 4)
2110 bcc_ptr += blob_len;
2111
2112 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2113 if ((long) (bcc_ptr) % 2) {
2114 remaining_words =
2115 (BCC(smb_buffer_response) - 1) /2;
2116 bcc_ptr++; /* Unicode strings must be word aligned */
2117 } else {
2118 remaining_words =
2119 BCC(smb_buffer_response) / 2;
2120 }
2121 len =
2122 UniStrnlen((wchar_t *) bcc_ptr,
2123 remaining_words - 1);
2124 /* We look for obvious messed up bcc or strings in response so we do not go off
2125 the end since (at least) WIN2K and Windows XP have a major bug in not null
2126 terminating last Unicode string in response */
2127 ses->serverOS = kzalloc(2 * (len + 1), GFP_KERNEL);
2128 if(ses->serverOS == NULL)
2129 goto sesssetup_nomem;
2130 cifs_strfromUCS_le(ses->serverOS,
2131 (__le16 *)bcc_ptr, len,nls_codepage);
2132 bcc_ptr += 2 * (len + 1);
2133 remaining_words -= len + 1;
2134 ses->serverOS[2 * len] = 0;
2135 ses->serverOS[1 + (2 * len)] = 0;
2136 if (remaining_words > 0) {
2137 len = UniStrnlen((wchar_t *)bcc_ptr,
2138 remaining_words-1);
2139 ses->serverNOS = kzalloc(2 * (len + 1),GFP_KERNEL);
2140 if(ses->serverNOS == NULL)
2141 goto sesssetup_nomem;
2142 cifs_strfromUCS_le(ses->serverNOS,
2143 (__le16 *)bcc_ptr,len,nls_codepage);
2144 bcc_ptr += 2 * (len + 1);
2145 ses->serverNOS[2 * len] = 0;
2146 ses->serverNOS[1 + (2 * len)] = 0;
2147 if(strncmp(ses->serverNOS,
2148 "NT LAN Manager 4",16) == 0) {
2149 cFYI(1,("NT4 server"));
2150 ses->flags |= CIFS_SES_NT4;
2151 }
2152 remaining_words -= len + 1;
2153 if (remaining_words > 0) {
2154 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2155 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2156 ses->serverDomain =
2157 kzalloc(2*(len+1),GFP_KERNEL);
2158 if(ses->serverDomain == NULL)
2159 goto sesssetup_nomem;
2160 cifs_strfromUCS_le(ses->serverDomain,
2161 (__le16 *)bcc_ptr,len,nls_codepage);
2162 bcc_ptr += 2 * (len + 1);
2163 ses->serverDomain[2*len] = 0;
2164 ses->serverDomain[1+(2*len)] = 0;
2165 } /* else no more room so create dummy domain string */
2166 else
2167 ses->serverDomain =
2168 kzalloc(2, GFP_KERNEL);
2169 } else { /* no room so create dummy domain and NOS string */
2170 /* if these kcallocs fail not much we
2171 can do, but better to not fail the
2172 sesssetup itself */
2173 ses->serverDomain =
2174 kzalloc(2, GFP_KERNEL);
2175 ses->serverNOS =
2176 kzalloc(2, GFP_KERNEL);
2177 }
2178 } else { /* ASCII */
2179 len = strnlen(bcc_ptr, 1024);
2180 if (((long) bcc_ptr + len) - (long)
2181 pByteArea(smb_buffer_response)
2182 <= BCC(smb_buffer_response)) {
2183 ses->serverOS = kzalloc(len + 1,GFP_KERNEL);
2184 if(ses->serverOS == NULL)
2185 goto sesssetup_nomem;
2186 strncpy(ses->serverOS,bcc_ptr, len);
2187
2188 bcc_ptr += len;
2189 bcc_ptr[0] = 0; /* null terminate the string */
2190 bcc_ptr++;
2191
2192 len = strnlen(bcc_ptr, 1024);
2193 ses->serverNOS = kzalloc(len + 1,GFP_KERNEL);
2194 if(ses->serverNOS == NULL)
2195 goto sesssetup_nomem;
2196 strncpy(ses->serverNOS, bcc_ptr, len);
2197 bcc_ptr += len;
2198 bcc_ptr[0] = 0;
2199 bcc_ptr++;
2200
2201 len = strnlen(bcc_ptr, 1024);
2202 ses->serverDomain = kzalloc(len + 1,GFP_KERNEL);
2203 if(ses->serverDomain == NULL)
2204 goto sesssetup_nomem;
2205 strncpy(ses->serverDomain, bcc_ptr, len);
2206 bcc_ptr += len;
2207 bcc_ptr[0] = 0;
2208 bcc_ptr++;
2209 } else
2210 cFYI(1,
2211 ("Variable field of length %d extends beyond end of smb ",
2212 len));
2213 }
2214 } else {
2215 cERROR(1,
2216 (" Security Blob Length extends beyond end of SMB"));
2217 }
2218 } else {
2219 cERROR(1,
2220 (" Invalid Word count %d: ",
2221 smb_buffer_response->WordCount));
2222 rc = -EIO;
2223 }
2224 sesssetup_nomem: /* do not return an error on nomem for the info strings,
2225 since that could make reconnection harder, and
2226 reconnection might be needed to free memory */
2227 if (smb_buffer)
2228 cifs_buf_release(smb_buffer);
2229
2230 return rc;
2231 }
2232
2233 static int
2234 CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2235 char *SecurityBlob,int SecurityBlobLength,
2236 const struct nls_table *nls_codepage)
2237 {
2238 struct smb_hdr *smb_buffer;
2239 struct smb_hdr *smb_buffer_response;
2240 SESSION_SETUP_ANDX *pSMB;
2241 SESSION_SETUP_ANDX *pSMBr;
2242 char *bcc_ptr;
2243 char *user;
2244 char *domain;
2245 int rc = 0;
2246 int remaining_words = 0;
2247 int bytes_returned = 0;
2248 int len;
2249 __u32 capabilities;
2250 __u16 count;
2251
2252 cFYI(1, ("In spnego sesssetup "));
2253 if(ses == NULL)
2254 return -EINVAL;
2255 user = ses->userName;
2256 domain = ses->domainName;
2257
2258 smb_buffer = cifs_buf_get();
2259 if (smb_buffer == NULL) {
2260 return -ENOMEM;
2261 }
2262 smb_buffer_response = smb_buffer;
2263 pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2264
2265 /* send SMBsessionSetup here */
2266 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2267 NULL /* no tCon exists yet */ , 12 /* wct */ );
2268
2269 smb_buffer->Mid = GetNextMid(ses->server);
2270 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2271 pSMB->req.AndXCommand = 0xFF;
2272 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2273 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2274
2275 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2276 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2277
2278 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2279 CAP_EXTENDED_SECURITY;
2280 if (ses->capabilities & CAP_UNICODE) {
2281 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2282 capabilities |= CAP_UNICODE;
2283 }
2284 if (ses->capabilities & CAP_STATUS32) {
2285 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2286 capabilities |= CAP_STATUS32;
2287 }
2288 if (ses->capabilities & CAP_DFS) {
2289 smb_buffer->Flags2 |= SMBFLG2_DFS;
2290 capabilities |= CAP_DFS;
2291 }
2292 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2293
2294 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2295 bcc_ptr = pByteArea(smb_buffer);
2296 memcpy(bcc_ptr, SecurityBlob, SecurityBlobLength);
2297 bcc_ptr += SecurityBlobLength;
2298
2299 if (ses->capabilities & CAP_UNICODE) {
2300 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode strings */
2301 *bcc_ptr = 0;
2302 bcc_ptr++;
2303 }
2304 bytes_returned =
2305 cifs_strtoUCS((__le16 *) bcc_ptr, user, 100, nls_codepage);
2306 bcc_ptr += 2 * bytes_returned; /* convert num of 16 bit words to bytes */
2307 bcc_ptr += 2; /* trailing null */
2308 if (domain == NULL)
2309 bytes_returned =
2310 cifs_strtoUCS((__le16 *) bcc_ptr,
2311 "CIFS_LINUX_DOM", 32, nls_codepage);
2312 else
2313 bytes_returned =
2314 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2315 nls_codepage);
2316 bcc_ptr += 2 * bytes_returned;
2317 bcc_ptr += 2;
2318 bytes_returned =
2319 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2320 32, nls_codepage);
2321 bcc_ptr += 2 * bytes_returned;
2322 bytes_returned =
2323 cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release, 32,
2324 nls_codepage);
2325 bcc_ptr += 2 * bytes_returned;
2326 bcc_ptr += 2;
2327 bytes_returned =
2328 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2329 64, nls_codepage);
2330 bcc_ptr += 2 * bytes_returned;
2331 bcc_ptr += 2;
2332 } else {
2333 strncpy(bcc_ptr, user, 200);
2334 bcc_ptr += strnlen(user, 200);
2335 *bcc_ptr = 0;
2336 bcc_ptr++;
2337 if (domain == NULL) {
2338 strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2339 bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2340 } else {
2341 strncpy(bcc_ptr, domain, 64);
2342 bcc_ptr += strnlen(domain, 64);
2343 *bcc_ptr = 0;
2344 bcc_ptr++;
2345 }
2346 strcpy(bcc_ptr, "Linux version ");
2347 bcc_ptr += strlen("Linux version ");
2348 strcpy(bcc_ptr, system_utsname.release);
2349 bcc_ptr += strlen(system_utsname.release) + 1;
2350 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2351 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2352 }
2353 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2354 smb_buffer->smb_buf_length += count;
2355 pSMB->req.ByteCount = cpu_to_le16(count);
2356
2357 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2358 &bytes_returned, 1);
2359 if (rc) {
2360 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2361 } else if ((smb_buffer_response->WordCount == 3)
2362 || (smb_buffer_response->WordCount == 4)) {
2363 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2364 __u16 blob_len =
2365 le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2366 if (action & GUEST_LOGIN)
2367 cFYI(1, (" Guest login")); /* BB do we want to set anything in SesInfo struct ? */
2368 if (ses) {
2369 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format (le) */
2370 cFYI(1, ("UID = %d ", ses->Suid));
2371 bcc_ptr = pByteArea(smb_buffer_response); /* response can have either 3 or 4 word count - Samba sends 3 */
2372
2373 /* BB Fix below to make endian neutral !! */
2374
2375 if ((pSMBr->resp.hdr.WordCount == 3)
2376 || ((pSMBr->resp.hdr.WordCount == 4)
2377 && (blob_len <
2378 pSMBr->resp.ByteCount))) {
2379 if (pSMBr->resp.hdr.WordCount == 4) {
2380 bcc_ptr +=
2381 blob_len;
2382 cFYI(1,
2383 ("Security Blob Length %d ",
2384 blob_len));
2385 }
2386
2387 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2388 if ((long) (bcc_ptr) % 2) {
2389 remaining_words =
2390 (BCC(smb_buffer_response)
2391 - 1) / 2;
2392 bcc_ptr++; /* Unicode strings must be word aligned */
2393 } else {
2394 remaining_words =
2395 BCC
2396 (smb_buffer_response) / 2;
2397 }
2398 len =
2399 UniStrnlen((wchar_t *) bcc_ptr,
2400 remaining_words - 1);
2401 /* We look for obvious messed up bcc or strings in response so we do not go off
2402 the end since (at least) WIN2K and Windows XP have a major bug in not null
2403 terminating last Unicode string in response */
2404 ses->serverOS =
2405 kzalloc(2 * (len + 1), GFP_KERNEL);
2406 cifs_strfromUCS_le(ses->serverOS,
2407 (__le16 *)
2408 bcc_ptr, len,
2409 nls_codepage);
2410 bcc_ptr += 2 * (len + 1);
2411 remaining_words -= len + 1;
2412 ses->serverOS[2 * len] = 0;
2413 ses->serverOS[1 + (2 * len)] = 0;
2414 if (remaining_words > 0) {
2415 len = UniStrnlen((wchar_t *)bcc_ptr,
2416 remaining_words
2417 - 1);
2418 ses->serverNOS =
2419 kzalloc(2 * (len + 1),
2420 GFP_KERNEL);
2421 cifs_strfromUCS_le(ses->serverNOS,
2422 (__le16 *)bcc_ptr,
2423 len,
2424 nls_codepage);
2425 bcc_ptr += 2 * (len + 1);
2426 ses->serverNOS[2 * len] = 0;
2427 ses->serverNOS[1 + (2 * len)] = 0;
2428 remaining_words -= len + 1;
2429 if (remaining_words > 0) {
2430 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2431 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2432 ses->serverDomain = kzalloc(2*(len+1),GFP_KERNEL);
2433 cifs_strfromUCS_le(ses->serverDomain,
2434 (__le16 *)bcc_ptr,
2435 len, nls_codepage);
2436 bcc_ptr += 2*(len+1);
2437 ses->serverDomain[2*len] = 0;
2438 ses->serverDomain[1+(2*len)] = 0;
2439 } /* else no more room so create dummy domain string */
2440 else
2441 ses->serverDomain =
2442 kzalloc(2,GFP_KERNEL);
2443 } else { /* no room so create dummy domain and NOS string */
2444 ses->serverDomain = kzalloc(2, GFP_KERNEL);
2445 ses->serverNOS = kzalloc(2, GFP_KERNEL);
2446 }
2447 } else { /* ASCII */
2448
2449 len = strnlen(bcc_ptr, 1024);
2450 if (((long) bcc_ptr + len) - (long)
2451 pByteArea(smb_buffer_response)
2452 <= BCC(smb_buffer_response)) {
2453 ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
2454 strncpy(ses->serverOS, bcc_ptr, len);
2455
2456 bcc_ptr += len;
2457 bcc_ptr[0] = 0; /* null terminate the string */
2458 bcc_ptr++;
2459
2460 len = strnlen(bcc_ptr, 1024);
2461 ses->serverNOS = kzalloc(len + 1,GFP_KERNEL);
2462 strncpy(ses->serverNOS, bcc_ptr, len);
2463 bcc_ptr += len;
2464 bcc_ptr[0] = 0;
2465 bcc_ptr++;
2466
2467 len = strnlen(bcc_ptr, 1024);
2468 ses->serverDomain = kzalloc(len + 1, GFP_KERNEL);
2469 strncpy(ses->serverDomain, bcc_ptr, len);
2470 bcc_ptr += len;
2471 bcc_ptr[0] = 0;
2472 bcc_ptr++;
2473 } else
2474 cFYI(1,
2475 ("Variable field of length %d extends beyond end of smb ",
2476 len));
2477 }
2478 } else {
2479 cERROR(1,
2480 (" Security Blob Length extends beyond end of SMB"));
2481 }
2482 } else {
2483 cERROR(1, ("No session structure passed in."));
2484 }
2485 } else {
2486 cERROR(1,
2487 (" Invalid Word count %d: ",
2488 smb_buffer_response->WordCount));
2489 rc = -EIO;
2490 }
2491
2492 if (smb_buffer)
2493 cifs_buf_release(smb_buffer);
2494
2495 return rc;
2496 }
2497
2498 static int
2499 CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2500 struct cifsSesInfo *ses, int * pNTLMv2_flag,
2501 const struct nls_table *nls_codepage)
2502 {
2503 struct smb_hdr *smb_buffer;
2504 struct smb_hdr *smb_buffer_response;
2505 SESSION_SETUP_ANDX *pSMB;
2506 SESSION_SETUP_ANDX *pSMBr;
2507 char *bcc_ptr;
2508 char *domain;
2509 int rc = 0;
2510 int remaining_words = 0;
2511 int bytes_returned = 0;
2512 int len;
2513 int SecurityBlobLength = sizeof (NEGOTIATE_MESSAGE);
2514 PNEGOTIATE_MESSAGE SecurityBlob;
2515 PCHALLENGE_MESSAGE SecurityBlob2;
2516 __u32 negotiate_flags, capabilities;
2517 __u16 count;
2518
2519 cFYI(1, ("In NTLMSSP sesssetup (negotiate) "));
2520 if(ses == NULL)
2521 return -EINVAL;
2522 domain = ses->domainName;
2523 *pNTLMv2_flag = FALSE;
2524 smb_buffer = cifs_buf_get();
2525 if (smb_buffer == NULL) {
2526 return -ENOMEM;
2527 }
2528 smb_buffer_response = smb_buffer;
2529 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2530 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2531
2532 /* send SMBsessionSetup here */
2533 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2534 NULL /* no tCon exists yet */ , 12 /* wct */ );
2535
2536 smb_buffer->Mid = GetNextMid(ses->server);
2537 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2538 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2539
2540 pSMB->req.AndXCommand = 0xFF;
2541 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2542 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2543
2544 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2545 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2546
2547 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2548 CAP_EXTENDED_SECURITY;
2549 if (ses->capabilities & CAP_UNICODE) {
2550 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2551 capabilities |= CAP_UNICODE;
2552 }
2553 if (ses->capabilities & CAP_STATUS32) {
2554 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2555 capabilities |= CAP_STATUS32;
2556 }
2557 if (ses->capabilities & CAP_DFS) {
2558 smb_buffer->Flags2 |= SMBFLG2_DFS;
2559 capabilities |= CAP_DFS;
2560 }
2561 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2562
2563 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2564 SecurityBlob = (PNEGOTIATE_MESSAGE) bcc_ptr;
2565 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2566 SecurityBlob->MessageType = NtLmNegotiate;
2567 negotiate_flags =
2568 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
2569 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM | 0x80000000 |
2570 /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
2571 if(sign_CIFS_PDUs)
2572 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
2573 if(ntlmv2_support)
2574 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
2575 /* setup pointers to domain name and workstation name */
2576 bcc_ptr += SecurityBlobLength;
2577
2578 SecurityBlob->WorkstationName.Buffer = 0;
2579 SecurityBlob->WorkstationName.Length = 0;
2580 SecurityBlob->WorkstationName.MaximumLength = 0;
2581
2582 if (domain == NULL) {
2583 SecurityBlob->DomainName.Buffer = 0;
2584 SecurityBlob->DomainName.Length = 0;
2585 SecurityBlob->DomainName.MaximumLength = 0;
2586 } else {
2587 __u16 len;
2588 negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
2589 strncpy(bcc_ptr, domain, 63);
2590 len = strnlen(domain, 64);
2591 SecurityBlob->DomainName.MaximumLength =
2592 cpu_to_le16(len);
2593 SecurityBlob->DomainName.Buffer =
2594 cpu_to_le32((long) &SecurityBlob->
2595 DomainString -
2596 (long) &SecurityBlob->Signature);
2597 bcc_ptr += len;
2598 SecurityBlobLength += len;
2599 SecurityBlob->DomainName.Length =
2600 cpu_to_le16(len);
2601 }
2602 if (ses->capabilities & CAP_UNICODE) {
2603 if ((long) bcc_ptr % 2) {
2604 *bcc_ptr = 0;
2605 bcc_ptr++;
2606 }
2607
2608 bytes_returned =
2609 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2610 32, nls_codepage);
2611 bcc_ptr += 2 * bytes_returned;
2612 bytes_returned =
2613 cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release, 32,
2614 nls_codepage);
2615 bcc_ptr += 2 * bytes_returned;
2616 bcc_ptr += 2; /* null terminate Linux version */
2617 bytes_returned =
2618 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2619 64, nls_codepage);
2620 bcc_ptr += 2 * bytes_returned;
2621 *(bcc_ptr + 1) = 0;
2622 *(bcc_ptr + 2) = 0;
2623 bcc_ptr += 2; /* null terminate network opsys string */
2624 *(bcc_ptr + 1) = 0;
2625 *(bcc_ptr + 2) = 0;
2626 bcc_ptr += 2; /* null domain */
2627 } else { /* ASCII */
2628 strcpy(bcc_ptr, "Linux version ");
2629 bcc_ptr += strlen("Linux version ");
2630 strcpy(bcc_ptr, system_utsname.release);
2631 bcc_ptr += strlen(system_utsname.release) + 1;
2632 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2633 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2634 bcc_ptr++; /* empty domain field */
2635 *bcc_ptr = 0;
2636 }
2637 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2638 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2639 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2640 smb_buffer->smb_buf_length += count;
2641 pSMB->req.ByteCount = cpu_to_le16(count);
2642
2643 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2644 &bytes_returned, 1);
2645
2646 if (smb_buffer_response->Status.CifsError ==
2647 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
2648 rc = 0;
2649
2650 if (rc) {
2651 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2652 } else if ((smb_buffer_response->WordCount == 3)
2653 || (smb_buffer_response->WordCount == 4)) {
2654 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2655 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2656
2657 if (action & GUEST_LOGIN)
2658 cFYI(1, (" Guest login"));
2659 /* Do we want to set anything in SesInfo struct when guest login? */
2660
2661 bcc_ptr = pByteArea(smb_buffer_response);
2662 /* response can have either 3 or 4 word count - Samba sends 3 */
2663
2664 SecurityBlob2 = (PCHALLENGE_MESSAGE) bcc_ptr;
2665 if (SecurityBlob2->MessageType != NtLmChallenge) {
2666 cFYI(1,
2667 ("Unexpected NTLMSSP message type received %d",
2668 SecurityBlob2->MessageType));
2669 } else if (ses) {
2670 ses->Suid = smb_buffer_response->Uid; /* UID left in le format */
2671 cFYI(1, ("UID = %d ", ses->Suid));
2672 if ((pSMBr->resp.hdr.WordCount == 3)
2673 || ((pSMBr->resp.hdr.WordCount == 4)
2674 && (blob_len <
2675 pSMBr->resp.ByteCount))) {
2676
2677 if (pSMBr->resp.hdr.WordCount == 4) {
2678 bcc_ptr += blob_len;
2679 cFYI(1,
2680 ("Security Blob Length %d ",
2681 blob_len));
2682 }
2683
2684 cFYI(1, ("NTLMSSP Challenge rcvd "));
2685
2686 memcpy(ses->server->cryptKey,
2687 SecurityBlob2->Challenge,
2688 CIFS_CRYPTO_KEY_SIZE);
2689 if(SecurityBlob2->NegotiateFlags & cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
2690 *pNTLMv2_flag = TRUE;
2691
2692 if((SecurityBlob2->NegotiateFlags &
2693 cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN))
2694 || (sign_CIFS_PDUs > 1))
2695 ses->server->secMode |=
2696 SECMODE_SIGN_REQUIRED;
2697 if ((SecurityBlob2->NegotiateFlags &
2698 cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN)) && (sign_CIFS_PDUs))
2699 ses->server->secMode |=
2700 SECMODE_SIGN_ENABLED;
2701
2702 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2703 if ((long) (bcc_ptr) % 2) {
2704 remaining_words =
2705 (BCC(smb_buffer_response)
2706 - 1) / 2;
2707 bcc_ptr++; /* Unicode strings must be word aligned */
2708 } else {
2709 remaining_words =
2710 BCC
2711 (smb_buffer_response) / 2;
2712 }
2713 len =
2714 UniStrnlen((wchar_t *) bcc_ptr,
2715 remaining_words - 1);
2716 /* We look for obvious messed up bcc or strings in response so we do not go off
2717 the end since (at least) WIN2K and Windows XP have a major bug in not null
2718 terminating last Unicode string in response */
2719 ses->serverOS =
2720 kzalloc(2 * (len + 1), GFP_KERNEL);
2721 cifs_strfromUCS_le(ses->serverOS,
2722 (__le16 *)
2723 bcc_ptr, len,
2724 nls_codepage);
2725 bcc_ptr += 2 * (len + 1);
2726 remaining_words -= len + 1;
2727 ses->serverOS[2 * len] = 0;
2728 ses->serverOS[1 + (2 * len)] = 0;
2729 if (remaining_words > 0) {
2730 len = UniStrnlen((wchar_t *)
2731 bcc_ptr,
2732 remaining_words
2733 - 1);
2734 ses->serverNOS =
2735 kzalloc(2 * (len + 1),
2736 GFP_KERNEL);
2737 cifs_strfromUCS_le(ses->
2738 serverNOS,
2739 (__le16 *)
2740 bcc_ptr,
2741 len,
2742 nls_codepage);
2743 bcc_ptr += 2 * (len + 1);
2744 ses->serverNOS[2 * len] = 0;
2745 ses->serverNOS[1 +
2746 (2 * len)] = 0;
2747 remaining_words -= len + 1;
2748 if (remaining_words > 0) {
2749 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2750 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2751 ses->serverDomain =
2752 kzalloc(2 *
2753 (len +
2754 1),
2755 GFP_KERNEL);
2756 cifs_strfromUCS_le
2757 (ses->serverDomain,
2758 (__le16 *)bcc_ptr,
2759 len, nls_codepage);
2760 bcc_ptr +=
2761 2 * (len + 1);
2762 ses->serverDomain[2*len]
2763 = 0;
2764 ses->serverDomain
2765 [1 + (2 * len)]
2766 = 0;
2767 } /* else no more room so create dummy domain string */
2768 else
2769 ses->serverDomain =
2770 kzalloc(2,
2771 GFP_KERNEL);
2772 } else { /* no room so create dummy domain and NOS string */
2773 ses->serverDomain =
2774 kzalloc(2, GFP_KERNEL);
2775 ses->serverNOS =
2776 kzalloc(2, GFP_KERNEL);
2777 }
2778 } else { /* ASCII */
2779 len = strnlen(bcc_ptr, 1024);
2780 if (((long) bcc_ptr + len) - (long)
2781 pByteArea(smb_buffer_response)
2782 <= BCC(smb_buffer_response)) {
2783 ses->serverOS =
2784 kzalloc(len + 1,
2785 GFP_KERNEL);
2786 strncpy(ses->serverOS,
2787 bcc_ptr, len);
2788
2789 bcc_ptr += len;
2790 bcc_ptr[0] = 0; /* null terminate string */
2791 bcc_ptr++;
2792
2793 len = strnlen(bcc_ptr, 1024);
2794 ses->serverNOS =
2795 kzalloc(len + 1,
2796 GFP_KERNEL);
2797 strncpy(ses->serverNOS, bcc_ptr, len);
2798 bcc_ptr += len;
2799 bcc_ptr[0] = 0;
2800 bcc_ptr++;
2801
2802 len = strnlen(bcc_ptr, 1024);
2803 ses->serverDomain =
2804 kzalloc(len + 1,
2805 GFP_KERNEL);
2806 strncpy(ses->serverDomain, bcc_ptr, len);
2807 bcc_ptr += len;
2808 bcc_ptr[0] = 0;
2809 bcc_ptr++;
2810 } else
2811 cFYI(1,
2812 ("Variable field of length %d extends beyond end of smb ",
2813 len));
2814 }
2815 } else {
2816 cERROR(1,
2817 (" Security Blob Length extends beyond end of SMB"));
2818 }
2819 } else {
2820 cERROR(1, ("No session structure passed in."));
2821 }
2822 } else {
2823 cERROR(1,
2824 (" Invalid Word count %d: ",
2825 smb_buffer_response->WordCount));
2826 rc = -EIO;
2827 }
2828
2829 if (smb_buffer)
2830 cifs_buf_release(smb_buffer);
2831
2832 return rc;
2833 }
2834 static int
2835 CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2836 char *ntlm_session_key, int ntlmv2_flag,
2837 const struct nls_table *nls_codepage)
2838 {
2839 struct smb_hdr *smb_buffer;
2840 struct smb_hdr *smb_buffer_response;
2841 SESSION_SETUP_ANDX *pSMB;
2842 SESSION_SETUP_ANDX *pSMBr;
2843 char *bcc_ptr;
2844 char *user;
2845 char *domain;
2846 int rc = 0;
2847 int remaining_words = 0;
2848 int bytes_returned = 0;
2849 int len;
2850 int SecurityBlobLength = sizeof (AUTHENTICATE_MESSAGE);
2851 PAUTHENTICATE_MESSAGE SecurityBlob;
2852 __u32 negotiate_flags, capabilities;
2853 __u16 count;
2854
2855 cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
2856 if(ses == NULL)
2857 return -EINVAL;
2858 user = ses->userName;
2859 domain = ses->domainName;
2860 smb_buffer = cifs_buf_get();
2861 if (smb_buffer == NULL) {
2862 return -ENOMEM;
2863 }
2864 smb_buffer_response = smb_buffer;
2865 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2866 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2867
2868 /* send SMBsessionSetup here */
2869 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2870 NULL /* no tCon exists yet */ , 12 /* wct */ );
2871
2872 smb_buffer->Mid = GetNextMid(ses->server);
2873 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2874 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2875 pSMB->req.AndXCommand = 0xFF;
2876 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2877 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2878
2879 pSMB->req.hdr.Uid = ses->Suid;
2880
2881 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2882 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2883
2884 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2885 CAP_EXTENDED_SECURITY;
2886 if (ses->capabilities & CAP_UNICODE) {
2887 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2888 capabilities |= CAP_UNICODE;
2889 }
2890 if (ses->capabilities & CAP_STATUS32) {
2891 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2892 capabilities |= CAP_STATUS32;
2893 }
2894 if (ses->capabilities & CAP_DFS) {
2895 smb_buffer->Flags2 |= SMBFLG2_DFS;
2896 capabilities |= CAP_DFS;
2897 }
2898 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2899
2900 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2901 SecurityBlob = (PAUTHENTICATE_MESSAGE) bcc_ptr;
2902 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2903 SecurityBlob->MessageType = NtLmAuthenticate;
2904 bcc_ptr += SecurityBlobLength;
2905 negotiate_flags =
2906 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
2907 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
2908 0x80000000 | NTLMSSP_NEGOTIATE_128;
2909 if(sign_CIFS_PDUs)
2910 negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
2911 if(ntlmv2_flag)
2912 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
2913
2914 /* setup pointers to domain name and workstation name */
2915
2916 SecurityBlob->WorkstationName.Buffer = 0;
2917 SecurityBlob->WorkstationName.Length = 0;
2918 SecurityBlob->WorkstationName.MaximumLength = 0;
2919 SecurityBlob->SessionKey.Length = 0;
2920 SecurityBlob->SessionKey.MaximumLength = 0;
2921 SecurityBlob->SessionKey.Buffer = 0;
2922
2923 SecurityBlob->LmChallengeResponse.Length = 0;
2924 SecurityBlob->LmChallengeResponse.MaximumLength = 0;
2925 SecurityBlob->LmChallengeResponse.Buffer = 0;
2926
2927 SecurityBlob->NtChallengeResponse.Length =
2928 cpu_to_le16(CIFS_SESSION_KEY_SIZE);
2929 SecurityBlob->NtChallengeResponse.MaximumLength =
2930 cpu_to_le16(CIFS_SESSION_KEY_SIZE);
2931 memcpy(bcc_ptr, ntlm_session_key, CIFS_SESSION_KEY_SIZE);
2932 SecurityBlob->NtChallengeResponse.Buffer =
2933 cpu_to_le32(SecurityBlobLength);
2934 SecurityBlobLength += CIFS_SESSION_KEY_SIZE;
2935 bcc_ptr += CIFS_SESSION_KEY_SIZE;
2936
2937 if (ses->capabilities & CAP_UNICODE) {
2938 if (domain == NULL) {
2939 SecurityBlob->DomainName.Buffer = 0;
2940 SecurityBlob->DomainName.Length = 0;
2941 SecurityBlob->DomainName.MaximumLength = 0;
2942 } else {
2943 __u16 len =
2944 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2945 nls_codepage);
2946 len *= 2;
2947 SecurityBlob->DomainName.MaximumLength =
2948 cpu_to_le16(len);
2949 SecurityBlob->DomainName.Buffer =
2950 cpu_to_le32(SecurityBlobLength);
2951 bcc_ptr += len;
2952 SecurityBlobLength += len;
2953 SecurityBlob->DomainName.Length =
2954 cpu_to_le16(len);
2955 }
2956 if (user == NULL) {
2957 SecurityBlob->UserName.Buffer = 0;
2958 SecurityBlob->UserName.Length = 0;
2959 SecurityBlob->UserName.MaximumLength = 0;
2960 } else {
2961 __u16 len =
2962 cifs_strtoUCS((__le16 *) bcc_ptr, user, 64,
2963 nls_codepage);
2964 len *= 2;
2965 SecurityBlob->UserName.MaximumLength =
2966 cpu_to_le16(len);
2967 SecurityBlob->UserName.Buffer =
2968 cpu_to_le32(SecurityBlobLength);
2969 bcc_ptr += len;
2970 SecurityBlobLength += len;
2971 SecurityBlob->UserName.Length =
2972 cpu_to_le16(len);
2973 }
2974
2975 /* SecurityBlob->WorkstationName.Length = cifs_strtoUCS((__le16 *) bcc_ptr, "AMACHINE",64, nls_codepage);
2976 SecurityBlob->WorkstationName.Length *= 2;
2977 SecurityBlob->WorkstationName.MaximumLength = cpu_to_le16(SecurityBlob->WorkstationName.Length);
2978 SecurityBlob->WorkstationName.Buffer = cpu_to_le32(SecurityBlobLength);
2979 bcc_ptr += SecurityBlob->WorkstationName.Length;
2980 SecurityBlobLength += SecurityBlob->WorkstationName.Length;
2981 SecurityBlob->WorkstationName.Length = cpu_to_le16(SecurityBlob->WorkstationName.Length); */
2982
2983 if ((long) bcc_ptr % 2) {
2984 *bcc_ptr = 0;
2985 bcc_ptr++;
2986 }
2987 bytes_returned =
2988 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2989 32, nls_codepage);
2990 bcc_ptr += 2 * bytes_returned;
2991 bytes_returned =
2992 cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release, 32,
2993 nls_codepage);
2994 bcc_ptr += 2 * bytes_returned;
2995 bcc_ptr += 2; /* null term version string */
2996 bytes_returned =
2997 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2998 64, nls_codepage);
2999 bcc_ptr += 2 * bytes_returned;
3000 *(bcc_ptr + 1) = 0;
3001 *(bcc_ptr + 2) = 0;
3002 bcc_ptr += 2; /* null terminate network opsys string */
3003 *(bcc_ptr + 1) = 0;
3004 *(bcc_ptr + 2) = 0;
3005 bcc_ptr += 2; /* null domain */
3006 } else { /* ASCII */
3007 if (domain == NULL) {
3008 SecurityBlob->DomainName.Buffer = 0;
3009 SecurityBlob->DomainName.Length = 0;
3010 SecurityBlob->DomainName.MaximumLength = 0;
3011 } else {
3012 __u16 len;
3013 negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
3014 strncpy(bcc_ptr, domain, 63);
3015 len = strnlen(domain, 64);
3016 SecurityBlob->DomainName.MaximumLength =
3017 cpu_to_le16(len);
3018 SecurityBlob->DomainName.Buffer =
3019 cpu_to_le32(SecurityBlobLength);
3020 bcc_ptr += len;
3021 SecurityBlobLength += len;
3022 SecurityBlob->DomainName.Length = cpu_to_le16(len);
3023 }
3024 if (user == NULL) {
3025 SecurityBlob->UserName.Buffer = 0;
3026 SecurityBlob->UserName.Length = 0;
3027 SecurityBlob->UserName.MaximumLength = 0;
3028 } else {
3029 __u16 len;
3030 strncpy(bcc_ptr, user, 63);
3031 len = strnlen(user, 64);
3032 SecurityBlob->UserName.MaximumLength =
3033 cpu_to_le16(len);
3034 SecurityBlob->UserName.Buffer =
3035 cpu_to_le32(SecurityBlobLength);
3036 bcc_ptr += len;
3037 SecurityBlobLength += len;
3038 SecurityBlob->UserName.Length = cpu_to_le16(len);
3039 }
3040 /* BB fill in our workstation name if known BB */
3041
3042 strcpy(bcc_ptr, "Linux version ");
3043 bcc_ptr += strlen("Linux version ");
3044 strcpy(bcc_ptr, system_utsname.release);
3045 bcc_ptr += strlen(system_utsname.release) + 1;
3046 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
3047 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
3048 bcc_ptr++; /* null domain */
3049 *bcc_ptr = 0;
3050 }
3051 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
3052 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
3053 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
3054 smb_buffer->smb_buf_length += count;
3055 pSMB->req.ByteCount = cpu_to_le16(count);
3056
3057 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
3058 &bytes_returned, 1);
3059 if (rc) {
3060 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
3061 } else if ((smb_buffer_response->WordCount == 3)
3062 || (smb_buffer_response->WordCount == 4)) {
3063 __u16 action = le16_to_cpu(pSMBr->resp.Action);
3064 __u16 blob_len =
3065 le16_to_cpu(pSMBr->resp.SecurityBlobLength);
3066 if (action & GUEST_LOGIN)
3067 cFYI(1, (" Guest login")); /* BB do we want to set anything in SesInfo struct ? */
3068 /* if(SecurityBlob2->MessageType != NtLm??){
3069 cFYI("Unexpected message type on auth response is %d "));
3070 } */
3071 if (ses) {
3072 cFYI(1,
3073 ("Does UID on challenge %d match auth response UID %d ",
3074 ses->Suid, smb_buffer_response->Uid));
3075 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format */
3076 bcc_ptr = pByteArea(smb_buffer_response);
3077 /* response can have either 3 or 4 word count - Samba sends 3 */
3078 if ((pSMBr->resp.hdr.WordCount == 3)
3079 || ((pSMBr->resp.hdr.WordCount == 4)
3080 && (blob_len <
3081 pSMBr->resp.ByteCount))) {
3082 if (pSMBr->resp.hdr.WordCount == 4) {
3083 bcc_ptr +=
3084 blob_len;
3085 cFYI(1,
3086 ("Security Blob Length %d ",
3087 blob_len));
3088 }
3089
3090 cFYI(1,
3091 ("NTLMSSP response to Authenticate "));
3092
3093 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3094 if ((long) (bcc_ptr) % 2) {
3095 remaining_words =
3096 (BCC(smb_buffer_response)
3097 - 1) / 2;
3098 bcc_ptr++; /* Unicode strings must be word aligned */
3099 } else {
3100 remaining_words = BCC(smb_buffer_response) / 2;
3101 }
3102 len =
3103 UniStrnlen((wchar_t *) bcc_ptr,remaining_words - 1);
3104 /* We look for obvious messed up bcc or strings in response so we do not go off
3105 the end since (at least) WIN2K and Windows XP have a major bug in not null
3106 terminating last Unicode string in response */
3107 ses->serverOS =
3108 kzalloc(2 * (len + 1), GFP_KERNEL);
3109 cifs_strfromUCS_le(ses->serverOS,
3110 (__le16 *)
3111 bcc_ptr, len,
3112 nls_codepage);
3113 bcc_ptr += 2 * (len + 1);
3114 remaining_words -= len + 1;
3115 ses->serverOS[2 * len] = 0;
3116 ses->serverOS[1 + (2 * len)] = 0;
3117 if (remaining_words > 0) {
3118 len = UniStrnlen((wchar_t *)
3119 bcc_ptr,
3120 remaining_words
3121 - 1);
3122 ses->serverNOS =
3123 kzalloc(2 * (len + 1),
3124 GFP_KERNEL);
3125 cifs_strfromUCS_le(ses->
3126 serverNOS,
3127 (__le16 *)
3128 bcc_ptr,
3129 len,
3130 nls_codepage);
3131 bcc_ptr += 2 * (len + 1);
3132 ses->serverNOS[2 * len] = 0;
3133 ses->serverNOS[1+(2*len)] = 0;
3134 remaining_words -= len + 1;
3135 if (remaining_words > 0) {
3136 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
3137 /* last string not always null terminated (e.g. for Windows XP & 2000) */
3138 ses->serverDomain =
3139 kzalloc(2 *
3140 (len +
3141 1),
3142 GFP_KERNEL);
3143 cifs_strfromUCS_le
3144 (ses->
3145 serverDomain,
3146 (__le16 *)
3147 bcc_ptr, len,
3148 nls_codepage);
3149 bcc_ptr +=
3150 2 * (len + 1);
3151 ses->
3152 serverDomain[2
3153 * len]
3154 = 0;
3155 ses->
3156 serverDomain[1
3157 +
3158 (2
3159 *
3160 len)]
3161 = 0;
3162 } /* else no more room so create dummy domain string */
3163 else
3164 ses->serverDomain = kzalloc(2,GFP_KERNEL);
3165 } else { /* no room so create dummy domain and NOS string */
3166 ses->serverDomain = kzalloc(2, GFP_KERNEL);
3167 ses->serverNOS = kzalloc(2, GFP_KERNEL);
3168 }
3169 } else { /* ASCII */
3170 len = strnlen(bcc_ptr, 1024);
3171 if (((long) bcc_ptr + len) -
3172 (long) pByteArea(smb_buffer_response)
3173 <= BCC(smb_buffer_response)) {
3174 ses->serverOS = kzalloc(len + 1,GFP_KERNEL);
3175 strncpy(ses->serverOS,bcc_ptr, len);
3176
3177 bcc_ptr += len;
3178 bcc_ptr[0] = 0; /* null terminate the string */
3179 bcc_ptr++;
3180
3181 len = strnlen(bcc_ptr, 1024);
3182 ses->serverNOS = kzalloc(len+1,GFP_KERNEL);
3183 strncpy(ses->serverNOS, bcc_ptr, len);
3184 bcc_ptr += len;
3185 bcc_ptr[0] = 0;
3186 bcc_ptr++;
3187
3188 len = strnlen(bcc_ptr, 1024);
3189 ses->serverDomain = kzalloc(len+1,GFP_KERNEL);
3190 strncpy(ses->serverDomain, bcc_ptr, len);
3191 bcc_ptr += len;
3192 bcc_ptr[0] = 0;
3193 bcc_ptr++;
3194 } else
3195 cFYI(1,
3196 ("Variable field of length %d extends beyond end of smb ",
3197 len));
3198 }
3199 } else {
3200 cERROR(1,
3201 (" Security Blob Length extends beyond end of SMB"));
3202 }
3203 } else {
3204 cERROR(1, ("No session structure passed in."));
3205 }
3206 } else {
3207 cERROR(1,
3208 (" Invalid Word count %d: ",
3209 smb_buffer_response->WordCount));
3210 rc = -EIO;
3211 }
3212
3213 if (smb_buffer)
3214 cifs_buf_release(smb_buffer);
3215
3216 return rc;
3217 }
3218
3219 int
3220 CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3221 const char *tree, struct cifsTconInfo *tcon,
3222 const struct nls_table *nls_codepage)
3223 {
3224 struct smb_hdr *smb_buffer;
3225 struct smb_hdr *smb_buffer_response;
3226 TCONX_REQ *pSMB;
3227 TCONX_RSP *pSMBr;
3228 unsigned char *bcc_ptr;
3229 int rc = 0;
3230 int length;
3231 __u16 count;
3232
3233 if (ses == NULL)
3234 return -EIO;
3235
3236 smb_buffer = cifs_buf_get();
3237 if (smb_buffer == NULL) {
3238 return -ENOMEM;
3239 }
3240 smb_buffer_response = smb_buffer;
3241
3242 header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3243 NULL /*no tid */ , 4 /*wct */ );
3244
3245 smb_buffer->Mid = GetNextMid(ses->server);
3246 smb_buffer->Uid = ses->Suid;
3247 pSMB = (TCONX_REQ *) smb_buffer;
3248 pSMBr = (TCONX_RSP *) smb_buffer_response;
3249
3250 pSMB->AndXCommand = 0xFF;
3251 pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
3252 bcc_ptr = &pSMB->Password[0];
3253 if((ses->server->secMode) & SECMODE_USER) {
3254 pSMB->PasswordLength = cpu_to_le16(1); /* minimum */
3255 bcc_ptr++; /* skip password */
3256 } else {
3257 pSMB->PasswordLength = cpu_to_le16(CIFS_SESSION_KEY_SIZE);
3258 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3259 specified as required (when that support is added to
3260 the vfs in the future) as only NTLM or the much
3261 weaker LANMAN (which we do not send) is accepted
3262 by Samba (not sure whether other servers allow
3263 NTLMv2 password here) */
3264 SMBNTencrypt(ses->password,
3265 ses->server->cryptKey,
3266 bcc_ptr);
3267
3268 bcc_ptr += CIFS_SESSION_KEY_SIZE;
3269 *bcc_ptr = 0;
3270 bcc_ptr++; /* align */
3271 }
3272
3273 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3274 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3275
3276 if (ses->capabilities & CAP_STATUS32) {
3277 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3278 }
3279 if (ses->capabilities & CAP_DFS) {
3280 smb_buffer->Flags2 |= SMBFLG2_DFS;
3281 }
3282 if (ses->capabilities & CAP_UNICODE) {
3283 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3284 length =
3285 cifs_strtoUCS((__le16 *) bcc_ptr, tree, 100, nls_codepage);
3286 bcc_ptr += 2 * length; /* convert num of 16 bit words to bytes */
3287 bcc_ptr += 2; /* skip trailing null */
3288 } else { /* ASCII */
3289 strcpy(bcc_ptr, tree);
3290 bcc_ptr += strlen(tree) + 1;
3291 }
3292 strcpy(bcc_ptr, "?????");
3293 bcc_ptr += strlen("?????");
3294 bcc_ptr += 1;
3295 count = bcc_ptr - &pSMB->Password[0];
3296 pSMB->hdr.smb_buf_length += count;
3297 pSMB->ByteCount = cpu_to_le16(count);
3298
3299 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length, 0);
3300
3301 /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3302 /* above now done in SendReceive */
3303 if ((rc == 0) && (tcon != NULL)) {
3304 tcon->tidStatus = CifsGood;
3305 tcon->tid = smb_buffer_response->Tid;
3306 bcc_ptr = pByteArea(smb_buffer_response);
3307 length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2);
3308 /* skip service field (NB: this field is always ASCII) */
3309 bcc_ptr += length + 1;
3310 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3311 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3312 length = UniStrnlen((wchar_t *) bcc_ptr, 512);
3313 if ((bcc_ptr + (2 * length)) -
3314 pByteArea(smb_buffer_response) <=
3315 BCC(smb_buffer_response)) {
3316 kfree(tcon->nativeFileSystem);
3317 tcon->nativeFileSystem =
3318 kzalloc(length + 2, GFP_KERNEL);
3319 cifs_strfromUCS_le(tcon->nativeFileSystem,
3320 (__le16 *) bcc_ptr,
3321 length, nls_codepage);
3322 bcc_ptr += 2 * length;
3323 bcc_ptr[0] = 0; /* null terminate the string */
3324 bcc_ptr[1] = 0;
3325 bcc_ptr += 2;
3326 }
3327 /* else do not bother copying these informational fields */
3328 } else {
3329 length = strnlen(bcc_ptr, 1024);
3330 if ((bcc_ptr + length) -
3331 pByteArea(smb_buffer_response) <=
3332 BCC(smb_buffer_response)) {
3333 kfree(tcon->nativeFileSystem);
3334 tcon->nativeFileSystem =
3335 kzalloc(length + 1, GFP_KERNEL);
3336 strncpy(tcon->nativeFileSystem, bcc_ptr,
3337 length);
3338 }
3339 /* else do not bother copying these informational fields */
3340 }
3341 tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3342 cFYI(1, ("Tcon flags: 0x%x ", tcon->Flags));
3343 } else if ((rc == 0) && tcon == NULL) {
3344 /* all we need to save for IPC$ connection */
3345 ses->ipc_tid = smb_buffer_response->Tid;
3346 }
3347
3348 if (smb_buffer)
3349 cifs_buf_release(smb_buffer);
3350 return rc;
3351 }
3352
3353 int
3354 cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3355 {
3356 int rc = 0;
3357 int xid;
3358 struct cifsSesInfo *ses = NULL;
3359 struct task_struct *cifsd_task;
3360
3361 xid = GetXid();
3362
3363 if (cifs_sb->tcon) {
3364 ses = cifs_sb->tcon->ses; /* save ptr to ses before delete tcon!*/
3365 rc = CIFSSMBTDis(xid, cifs_sb->tcon);
3366 if (rc == -EBUSY) {
3367 FreeXid(xid);
3368 return 0;
3369 }
3370 tconInfoFree(cifs_sb->tcon);
3371 if ((ses) && (ses->server)) {
3372 /* save off task so we do not refer to ses later */
3373 cifsd_task = ses->server->tsk;
3374 cFYI(1, ("About to do SMBLogoff "));
3375 rc = CIFSSMBLogoff(xid, ses);
3376 if (rc == -EBUSY) {
3377 FreeXid(xid);
3378 return 0;
3379 } else if (rc == -ESHUTDOWN) {
3380 cFYI(1,("Waking up socket by sending it signal"));
3381 if(cifsd_task) {
3382 send_sig(SIGKILL,cifsd_task,1);
3383 wait_for_completion(&cifsd_complete);
3384 }
3385 rc = 0;
3386 } /* else - we have an smb session
3387 left on this socket do not kill cifsd */
3388 } else
3389 cFYI(1, ("No session or bad tcon"));
3390 }
3391
3392 cifs_sb->tcon = NULL;
3393 if (ses)
3394 schedule_timeout_interruptible(msecs_to_jiffies(500));
3395 if (ses)
3396 sesInfoFree(ses);
3397
3398 FreeXid(xid);
3399 return rc; /* BB check if we should always return zero here */
3400 }
3401
3402 int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
3403 struct nls_table * nls_info)
3404 {
3405 int rc = 0;
3406 char ntlm_session_key[CIFS_SESSION_KEY_SIZE];
3407 int ntlmv2_flag = FALSE;
3408 int first_time = 0;
3409
3410 /* what if server changes its buffer size after dropping the session? */
3411 if(pSesInfo->server->maxBuf == 0) /* no need to send on reconnect */ {
3412 rc = CIFSSMBNegotiate(xid, pSesInfo);
3413 if(rc == -EAGAIN) /* retry only once on 1st time connection */ {
3414 rc = CIFSSMBNegotiate(xid, pSesInfo);
3415 if(rc == -EAGAIN)
3416 rc = -EHOSTDOWN;
3417 }
3418 if(rc == 0) {
3419 spin_lock(&GlobalMid_Lock);
3420 if(pSesInfo->server->tcpStatus != CifsExiting)
3421 pSesInfo->server->tcpStatus = CifsGood;
3422 else
3423 rc = -EHOSTDOWN;
3424 spin_unlock(&GlobalMid_Lock);
3425
3426 }
3427 first_time = 1;
3428 }
3429 if (!rc) {
3430 pSesInfo->capabilities = pSesInfo->server->capabilities;
3431 if(linuxExtEnabled == 0)
3432 pSesInfo->capabilities &= (~CAP_UNIX);
3433 /* pSesInfo->sequence_number = 0;*/
3434 cFYI(1,("Security Mode: 0x%x Capabilities: 0x%x Time Zone: %d",
3435 pSesInfo->server->secMode,
3436 pSesInfo->server->capabilities,
3437 pSesInfo->server->timeZone));
3438 if (extended_security
3439 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3440 && (pSesInfo->server->secType == NTLMSSP)) {
3441 cFYI(1, ("New style sesssetup "));
3442 rc = CIFSSpnegoSessSetup(xid, pSesInfo,
3443 NULL /* security blob */,
3444 0 /* blob length */,
3445 nls_info);
3446 } else if (extended_security
3447 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3448 && (pSesInfo->server->secType == RawNTLMSSP)) {
3449 cFYI(1, ("NTLMSSP sesssetup "));
3450 rc = CIFSNTLMSSPNegotiateSessSetup(xid,
3451 pSesInfo,
3452 &ntlmv2_flag,
3453 nls_info);
3454 if (!rc) {
3455 if(ntlmv2_flag) {
3456 char * v2_response;
3457 cFYI(1,("Can use more secure NTLM version 2 password hash"));
3458 if(CalcNTLMv2_partial_mac_key(pSesInfo,
3459 nls_info)) {
3460 rc = -ENOMEM;
3461 goto ss_err_exit;
3462 } else
3463 v2_response = kmalloc(16 + 64 /* blob */, GFP_KERNEL);
3464 if(v2_response) {
3465 CalcNTLMv2_response(pSesInfo,v2_response);
3466 /* if(first_time)
3467 cifs_calculate_ntlmv2_mac_key(
3468 pSesInfo->server->mac_signing_key,
3469 response, ntlm_session_key, */
3470 kfree(v2_response);
3471 /* BB Put dummy sig in SessSetup PDU? */
3472 } else {
3473 rc = -ENOMEM;
3474 goto ss_err_exit;
3475 }
3476
3477 } else {
3478 SMBNTencrypt(pSesInfo->password,
3479 pSesInfo->server->cryptKey,
3480 ntlm_session_key);
3481
3482 if(first_time)
3483 cifs_calculate_mac_key(
3484 pSesInfo->server->mac_signing_key,
3485 ntlm_session_key,
3486 pSesInfo->password);
3487 }
3488 /* for better security the weaker lanman hash not sent
3489 in AuthSessSetup so we no longer calculate it */
3490
3491 rc = CIFSNTLMSSPAuthSessSetup(xid,
3492 pSesInfo,
3493 ntlm_session_key,
3494 ntlmv2_flag,
3495 nls_info);
3496 }
3497 } else { /* old style NTLM 0.12 session setup */
3498 SMBNTencrypt(pSesInfo->password,
3499 pSesInfo->server->cryptKey,
3500 ntlm_session_key);
3501
3502 if(first_time)
3503 cifs_calculate_mac_key(
3504 pSesInfo->server->mac_signing_key,
3505 ntlm_session_key, pSesInfo->password);
3506
3507 rc = CIFSSessSetup(xid, pSesInfo,
3508 ntlm_session_key, nls_info);
3509 }
3510 if (rc) {
3511 cERROR(1,("Send error in SessSetup = %d",rc));
3512 } else {
3513 cFYI(1,("CIFS Session Established successfully"));
3514 pSesInfo->status = CifsGood;
3515 }
3516 }
3517 ss_err_exit:
3518 return rc;
3519 }
3520
Ubuntu Artful kernel mirror