4 * Copyright (C) International Business Machines Corp., 2002,2008
5 * Author(s): Steve French (sfrench@us.ibm.com)
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/ipv6.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/kthread.h>
34 #include <linux/pagevec.h>
35 #include <linux/freezer.h>
36 #include <asm/uaccess.h>
37 #include <asm/processor.h>
40 #include "cifsproto.h"
41 #include "cifs_unicode.h"
42 #include "cifs_debug.h"
43 #include "cifs_fs_sb.h"
46 #include "rfc1002pdu.h"
50 #define RFC1001_PORT 139
52 extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
55 extern mempool_t *cifs_req_poolp;
63 char *in6_addr; /* ipv6 address as human readable form of in6_addr */
64 char *iocharset; /* local code page for mapping to and from Unicode */
65 char source_rfc1001_name[16]; /* netbios name of client */
66 char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
80 bool no_psx_acl:1; /* set if posix acl support should be disabled */
82 bool no_xattr:1; /* set if xattr (EA) support should be disabled*/
83 bool server_ino:1; /* use inode numbers from server ie UniqueId */
85 bool remap:1; /* set to remap seven reserved chars in filenames */
86 bool posix_paths:1; /* unset to not ask for posix pathnames. */
89 bool nullauth:1; /* attempt to authenticate with null user */
90 bool nocase:1; /* request case insensitive filenames */
91 bool nobrl:1; /* disable sending byte range locks to srv */
92 bool seal:1; /* request transport encryption on share */
93 bool nodfs:1; /* Do not request DFS, even if available */
94 bool local_lease:1; /* check leases only on local system, not remote */
100 unsigned short int port;
104 static int ipv4_connect(struct sockaddr_in *psin_server,
105 struct socket **csocket,
107 char *server_netb_name,
109 bool nosndbuf); /* ipv6 never set sndbuf size */
110 static int ipv6_connect(struct sockaddr_in6 *psin_server,
111 struct socket **csocket, bool noblocksnd);
115 * cifs tcp session reconnection
117 * mark tcp session as reconnecting so temporarily locked
118 * mark all smb sessions as reconnecting for tcp session
119 * reconnect tcp session
120 * wake up waiters on reconnection? - (not needed currently)
124 cifs_reconnect(struct TCP_Server_Info *server)
127 struct list_head *tmp, *tmp2;
128 struct cifsSesInfo *ses;
129 struct cifsTconInfo *tcon;
130 struct mid_q_entry *mid_entry;
132 spin_lock(&GlobalMid_Lock);
133 if (server->tcpStatus == CifsExiting) {
134 /* the demux thread will exit normally
135 next time through the loop */
136 spin_unlock(&GlobalMid_Lock);
139 server->tcpStatus = CifsNeedReconnect;
140 spin_unlock(&GlobalMid_Lock);
143 cFYI(1, ("Reconnecting tcp session"));
145 /* before reconnecting the tcp session, mark the smb session (uid)
146 and the tid bad so they are not used until reconnected */
147 read_lock(&cifs_tcp_ses_lock);
148 list_for_each(tmp, &server->smb_ses_list) {
149 ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
150 ses->need_reconnect = true;
152 list_for_each(tmp2, &ses->tcon_list) {
153 tcon = list_entry(tmp2, struct cifsTconInfo, tcon_list);
154 tcon->need_reconnect = true;
157 read_unlock(&cifs_tcp_ses_lock);
158 /* do not want to be sending data on a socket we are freeing */
159 mutex_lock(&server->srv_mutex);
160 if (server->ssocket) {
161 cFYI(1, ("State: 0x%x Flags: 0x%lx", server->ssocket->state,
162 server->ssocket->flags));
163 kernel_sock_shutdown(server->ssocket, SHUT_WR);
164 cFYI(1, ("Post shutdown state: 0x%x Flags: 0x%lx",
165 server->ssocket->state,
166 server->ssocket->flags));
167 sock_release(server->ssocket);
168 server->ssocket = NULL;
171 spin_lock(&GlobalMid_Lock);
172 list_for_each(tmp, &server->pending_mid_q) {
173 mid_entry = list_entry(tmp, struct
176 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
177 /* Mark other intransit requests as needing
178 retry so we do not immediately mark the
179 session bad again (ie after we reconnect
180 below) as they timeout too */
181 mid_entry->midState = MID_RETRY_NEEDED;
184 spin_unlock(&GlobalMid_Lock);
185 mutex_unlock(&server->srv_mutex);
187 while ((server->tcpStatus != CifsExiting) &&
188 (server->tcpStatus != CifsGood)) {
190 if (server->addr.sockAddr6.sin6_family == AF_INET6) {
191 rc = ipv6_connect(&server->addr.sockAddr6,
192 &server->ssocket, server->noautotune);
194 rc = ipv4_connect(&server->addr.sockAddr,
196 server->workstation_RFC1001_name,
197 server->server_RFC1001_name,
198 server->noblocksnd, server->noautotune);
201 cFYI(1, ("reconnect error %d", rc));
204 atomic_inc(&tcpSesReconnectCount);
205 spin_lock(&GlobalMid_Lock);
206 if (server->tcpStatus != CifsExiting)
207 server->tcpStatus = CifsGood;
208 server->sequence_number = 0;
209 spin_unlock(&GlobalMid_Lock);
210 /* atomic_set(&server->inFlight,0);*/
211 wake_up(&server->response_q);
219 0 not a transact2, or all data present
220 >0 transact2 with that much data missing
221 -EINVAL = invalid transact2
224 static int check2ndT2(struct smb_hdr *pSMB, unsigned int maxBufSize)
226 struct smb_t2_rsp *pSMBt;
228 int data_in_this_rsp;
231 if (pSMB->Command != SMB_COM_TRANSACTION2)
234 /* check for plausible wct, bcc and t2 data and parm sizes */
235 /* check for parm and data offset going beyond end of smb */
236 if (pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
237 cFYI(1, ("invalid transact2 word count"));
241 pSMBt = (struct smb_t2_rsp *)pSMB;
243 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
244 data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
246 remaining = total_data_size - data_in_this_rsp;
250 else if (remaining < 0) {
251 cFYI(1, ("total data %d smaller than data in frame %d",
252 total_data_size, data_in_this_rsp));
255 cFYI(1, ("missing %d bytes from transact2, check next response",
257 if (total_data_size > maxBufSize) {
258 cERROR(1, ("TotalDataSize %d is over maximum buffer %d",
259 total_data_size, maxBufSize));
266 static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
268 struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
269 struct smb_t2_rsp *pSMBt = (struct smb_t2_rsp *)pTargetSMB;
274 char *data_area_of_target;
275 char *data_area_of_buf2;
278 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
280 if (total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
281 cFYI(1, ("total data size of primary and secondary t2 differ"));
284 total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
286 remaining = total_data_size - total_in_buf;
291 if (remaining == 0) /* nothing to do, ignore */
294 total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
295 if (remaining < total_in_buf2) {
296 cFYI(1, ("transact2 2nd response contains too much data"));
299 /* find end of first SMB data area */
300 data_area_of_target = (char *)&pSMBt->hdr.Protocol +
301 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
302 /* validate target area */
304 data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
305 le16_to_cpu(pSMB2->t2_rsp.DataOffset);
307 data_area_of_target += total_in_buf;
309 /* copy second buffer into end of first buffer */
310 memcpy(data_area_of_target, data_area_of_buf2, total_in_buf2);
311 total_in_buf += total_in_buf2;
312 pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
313 byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
314 byte_count += total_in_buf2;
315 BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
317 byte_count = pTargetSMB->smb_buf_length;
318 byte_count += total_in_buf2;
320 /* BB also add check that we are not beyond maximum buffer size */
322 pTargetSMB->smb_buf_length = byte_count;
324 if (remaining == total_in_buf2) {
325 cFYI(1, ("found the last secondary response"));
326 return 0; /* we are done */
327 } else /* more responses to go */
333 cifs_demultiplex_thread(struct TCP_Server_Info *server)
336 unsigned int pdu_length, total_read;
337 struct smb_hdr *smb_buffer = NULL;
338 struct smb_hdr *bigbuf = NULL;
339 struct smb_hdr *smallbuf = NULL;
340 struct msghdr smb_msg;
342 struct socket *csocket = server->ssocket;
343 struct list_head *tmp;
344 struct cifsSesInfo *ses;
345 struct task_struct *task_to_wake = NULL;
346 struct mid_q_entry *mid_entry;
348 bool isLargeBuf = false;
352 current->flags |= PF_MEMALLOC;
353 cFYI(1, ("Demultiplex PID: %d", task_pid_nr(current)));
355 length = atomic_inc_return(&tcpSesAllocCount);
357 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
361 while (server->tcpStatus != CifsExiting) {
364 if (bigbuf == NULL) {
365 bigbuf = cifs_buf_get();
367 cERROR(1, ("No memory for large SMB response"));
369 /* retry will check if exiting */
372 } else if (isLargeBuf) {
373 /* we are reusing a dirty large buf, clear its start */
374 memset(bigbuf, 0, sizeof(struct smb_hdr));
377 if (smallbuf == NULL) {
378 smallbuf = cifs_small_buf_get();
380 cERROR(1, ("No memory for SMB response"));
382 /* retry will check if exiting */
385 /* beginning of smb buffer is cleared in our buf_get */
386 } else /* if existing small buf clear beginning */
387 memset(smallbuf, 0, sizeof(struct smb_hdr));
391 smb_buffer = smallbuf;
392 iov.iov_base = smb_buffer;
394 smb_msg.msg_control = NULL;
395 smb_msg.msg_controllen = 0;
396 pdu_length = 4; /* enough to get RFC1001 header */
399 kernel_recvmsg(csocket, &smb_msg,
400 &iov, 1, pdu_length, 0 /* BB other flags? */);
402 if (server->tcpStatus == CifsExiting) {
404 } else if (server->tcpStatus == CifsNeedReconnect) {
405 cFYI(1, ("Reconnect after server stopped responding"));
406 cifs_reconnect(server);
407 cFYI(1, ("call to reconnect done"));
408 csocket = server->ssocket;
410 } else if ((length == -ERESTARTSYS) || (length == -EAGAIN)) {
411 msleep(1); /* minimum sleep to prevent looping
412 allowing socket to clear and app threads to set
413 tcpStatus CifsNeedReconnect if server hung */
414 if (pdu_length < 4) {
415 iov.iov_base = (4 - pdu_length) +
417 iov.iov_len = pdu_length;
418 smb_msg.msg_control = NULL;
419 smb_msg.msg_controllen = 0;
423 } else if (length <= 0) {
424 if (server->tcpStatus == CifsNew) {
425 cFYI(1, ("tcp session abend after SMBnegprot"));
426 /* some servers kill the TCP session rather than
427 returning an SMB negprot error, in which
428 case reconnecting here is not going to help,
429 and so simply return error to mount */
432 if (!try_to_freeze() && (length == -EINTR)) {
433 cFYI(1, ("cifsd thread killed"));
436 cFYI(1, ("Reconnect after unexpected peek error %d",
438 cifs_reconnect(server);
439 csocket = server->ssocket;
440 wake_up(&server->response_q);
442 } else if (length < pdu_length) {
443 cFYI(1, ("requested %d bytes but only got %d bytes",
444 pdu_length, length));
445 pdu_length -= length;
450 /* The right amount was read from socket - 4 bytes */
451 /* so we can now interpret the length field */
453 /* the first byte big endian of the length field,
454 is actually not part of the length but the type
455 with the most common, zero, as regular data */
456 temp = *((char *) smb_buffer);
458 /* Note that FC 1001 length is big endian on the wire,
459 but we convert it here so it is always manipulated
460 as host byte order */
461 pdu_length = be32_to_cpu((__force __be32)smb_buffer->smb_buf_length);
462 smb_buffer->smb_buf_length = pdu_length;
464 cFYI(1, ("rfc1002 length 0x%x", pdu_length+4));
466 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
468 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
469 cFYI(1, ("Good RFC 1002 session rsp"));
471 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
472 /* we get this from Windows 98 instead of
473 an error on SMB negprot response */
474 cFYI(1, ("Negative RFC1002 Session Response Error 0x%x)",
476 if (server->tcpStatus == CifsNew) {
477 /* if nack on negprot (rather than
478 ret of smb negprot error) reconnecting
479 not going to help, ret error to mount */
482 /* give server a second to
483 clean up before reconnect attempt */
485 /* always try 445 first on reconnect
486 since we get NACK on some if we ever
487 connected to port 139 (the NACK is
488 since we do not begin with RFC1001
489 session initialize frame) */
490 server->addr.sockAddr.sin_port =
492 cifs_reconnect(server);
493 csocket = server->ssocket;
494 wake_up(&server->response_q);
497 } else if (temp != (char) 0) {
498 cERROR(1, ("Unknown RFC 1002 frame"));
499 cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
501 cifs_reconnect(server);
502 csocket = server->ssocket;
506 /* else we have an SMB response */
507 if ((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
508 (pdu_length < sizeof(struct smb_hdr) - 1 - 4)) {
509 cERROR(1, ("Invalid size SMB length %d pdu_length %d",
510 length, pdu_length+4));
511 cifs_reconnect(server);
512 csocket = server->ssocket;
513 wake_up(&server->response_q);
520 if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
522 memcpy(bigbuf, smallbuf, 4);
526 iov.iov_base = 4 + (char *)smb_buffer;
527 iov.iov_len = pdu_length;
528 for (total_read = 0; total_read < pdu_length;
529 total_read += length) {
530 length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
531 pdu_length - total_read, 0);
532 if ((server->tcpStatus == CifsExiting) ||
533 (length == -EINTR)) {
537 } else if (server->tcpStatus == CifsNeedReconnect) {
538 cifs_reconnect(server);
539 csocket = server->ssocket;
540 /* Reconnect wakes up rspns q */
541 /* Now we will reread sock */
544 } else if ((length == -ERESTARTSYS) ||
545 (length == -EAGAIN)) {
546 msleep(1); /* minimum sleep to prevent looping,
547 allowing socket to clear and app
548 threads to set tcpStatus
549 CifsNeedReconnect if server hung*/
552 } else if (length <= 0) {
553 cERROR(1, ("Received no data, expecting %d",
554 pdu_length - total_read));
555 cifs_reconnect(server);
556 csocket = server->ssocket;
563 else if (reconnect == 1)
566 length += 4; /* account for rfc1002 hdr */
569 dump_smb(smb_buffer, length);
570 if (checkSMB(smb_buffer, smb_buffer->Mid, total_read+4)) {
571 cifs_dump_mem("Bad SMB: ", smb_buffer, 48);
577 spin_lock(&GlobalMid_Lock);
578 list_for_each(tmp, &server->pending_mid_q) {
579 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
581 if ((mid_entry->mid == smb_buffer->Mid) &&
582 (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
583 (mid_entry->command == smb_buffer->Command)) {
584 if (check2ndT2(smb_buffer,server->maxBuf) > 0) {
585 /* We have a multipart transact2 resp */
587 if (mid_entry->resp_buf) {
588 /* merge response - fix up 1st*/
589 if (coalesce_t2(smb_buffer,
590 mid_entry->resp_buf)) {
591 mid_entry->multiRsp =
595 /* all parts received */
596 mid_entry->multiEnd =
602 cERROR(1,("1st trans2 resp needs bigbuf"));
603 /* BB maybe we can fix this up, switch
604 to already allocated large buffer? */
606 /* Have first buffer */
607 mid_entry->resp_buf =
609 mid_entry->largeBuf =
616 mid_entry->resp_buf = smb_buffer;
617 mid_entry->largeBuf = isLargeBuf;
619 task_to_wake = mid_entry->tsk;
620 mid_entry->midState = MID_RESPONSE_RECEIVED;
621 #ifdef CONFIG_CIFS_STATS2
622 mid_entry->when_received = jiffies;
624 /* so we do not time out requests to server
625 which is still responding (since server could
626 be busy but not dead) */
627 server->lstrp = jiffies;
631 spin_unlock(&GlobalMid_Lock);
633 /* Was previous buf put in mpx struct for multi-rsp? */
635 /* smb buffer will be freed by user thread */
641 wake_up_process(task_to_wake);
642 } else if (!is_valid_oplock_break(smb_buffer, server) &&
644 cERROR(1, ("No task to wake, unknown frame received! "
645 "NumMids %d", midCount.counter));
646 cifs_dump_mem("Received Data is: ", (char *)smb_buffer,
647 sizeof(struct smb_hdr));
648 #ifdef CONFIG_CIFS_DEBUG2
649 cifs_dump_detail(smb_buffer);
650 cifs_dump_mids(server);
651 #endif /* CIFS_DEBUG2 */
654 } /* end while !EXITING */
656 /* take it off the list, if it's not already */
657 write_lock(&cifs_tcp_ses_lock);
658 list_del_init(&server->tcp_ses_list);
659 write_unlock(&cifs_tcp_ses_lock);
661 spin_lock(&GlobalMid_Lock);
662 server->tcpStatus = CifsExiting;
663 spin_unlock(&GlobalMid_Lock);
664 wake_up_all(&server->response_q);
666 /* check if we have blocked requests that need to free */
667 /* Note that cifs_max_pending is normally 50, but
668 can be set at module install time to as little as two */
669 spin_lock(&GlobalMid_Lock);
670 if (atomic_read(&server->inFlight) >= cifs_max_pending)
671 atomic_set(&server->inFlight, cifs_max_pending - 1);
672 /* We do not want to set the max_pending too low or we
673 could end up with the counter going negative */
674 spin_unlock(&GlobalMid_Lock);
675 /* Although there should not be any requests blocked on
676 this queue it can not hurt to be paranoid and try to wake up requests
677 that may haven been blocked when more than 50 at time were on the wire
678 to the same server - they now will see the session is in exit state
679 and get out of SendReceive. */
680 wake_up_all(&server->request_q);
681 /* give those requests time to exit */
684 if (server->ssocket) {
685 sock_release(csocket);
686 server->ssocket = NULL;
688 /* buffer usuallly freed in free_mid - need to free it here on exit */
689 cifs_buf_release(bigbuf);
690 if (smallbuf) /* no sense logging a debug message if NULL */
691 cifs_small_buf_release(smallbuf);
694 * BB: we shouldn't have to do any of this. It shouldn't be
695 * possible to exit from the thread with active SMB sessions
697 read_lock(&cifs_tcp_ses_lock);
698 if (list_empty(&server->pending_mid_q)) {
699 /* loop through server session structures attached to this and
701 list_for_each(tmp, &server->smb_ses_list) {
702 ses = list_entry(tmp, struct cifsSesInfo,
704 ses->status = CifsExiting;
707 read_unlock(&cifs_tcp_ses_lock);
709 /* although we can not zero the server struct pointer yet,
710 since there are active requests which may depnd on them,
711 mark the corresponding SMB sessions as exiting too */
712 list_for_each(tmp, &server->smb_ses_list) {
713 ses = list_entry(tmp, struct cifsSesInfo,
715 ses->status = CifsExiting;
718 spin_lock(&GlobalMid_Lock);
719 list_for_each(tmp, &server->pending_mid_q) {
720 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
721 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
722 cFYI(1, ("Clearing Mid 0x%x - waking up ",
724 task_to_wake = mid_entry->tsk;
726 wake_up_process(task_to_wake);
729 spin_unlock(&GlobalMid_Lock);
730 read_unlock(&cifs_tcp_ses_lock);
731 /* 1/8th of sec is more than enough time for them to exit */
735 if (!list_empty(&server->pending_mid_q)) {
736 /* mpx threads have not exited yet give them
737 at least the smb send timeout time for long ops */
738 /* due to delays on oplock break requests, we need
739 to wait at least 45 seconds before giving up
740 on a request getting a response and going ahead
742 cFYI(1, ("Wait for exit from demultiplex thread"));
744 /* if threads still have not exited they are probably never
745 coming home not much else we can do but free the memory */
748 /* last chance to mark ses pointers invalid
749 if there are any pointing to this (e.g
750 if a crazy root user tried to kill cifsd
751 kernel thread explicitly this might happen) */
752 /* BB: This shouldn't be necessary, see above */
753 read_lock(&cifs_tcp_ses_lock);
754 list_for_each(tmp, &server->smb_ses_list) {
755 ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
758 read_unlock(&cifs_tcp_ses_lock);
760 kfree(server->hostname);
761 task_to_wake = xchg(&server->tsk, NULL);
764 length = atomic_dec_return(&tcpSesAllocCount);
766 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
769 /* if server->tsk was NULL then wait for a signal before exiting */
771 set_current_state(TASK_INTERRUPTIBLE);
772 while (!signal_pending(current)) {
774 set_current_state(TASK_INTERRUPTIBLE);
776 set_current_state(TASK_RUNNING);
779 module_put_and_exit(0);
782 /* extract the host portion of the UNC string */
784 extract_hostname(const char *unc)
790 /* skip double chars at beginning of string */
791 /* BB: check validity of these bytes? */
794 /* delimiter between hostname and sharename is always '\\' now */
795 delim = strchr(src, '\\');
797 return ERR_PTR(-EINVAL);
800 dst = kmalloc((len + 1), GFP_KERNEL);
802 return ERR_PTR(-ENOMEM);
804 memcpy(dst, src, len);
811 cifs_parse_mount_options(char *options, const char *devname,
816 unsigned int temp_len, i, j;
822 if (Local_System_Name[0] != 0)
823 memcpy(vol->source_rfc1001_name, Local_System_Name, 15);
825 char *nodename = utsname()->nodename;
826 int n = strnlen(nodename, 15);
827 memset(vol->source_rfc1001_name, 0x20, 15);
828 for (i = 0; i < n; i++) {
829 /* does not have to be perfect mapping since field is
830 informational, only used for servers that do not support
831 port 445 and it can be overridden at mount time */
832 vol->source_rfc1001_name[i] = toupper(nodename[i]);
835 vol->source_rfc1001_name[15] = 0;
836 /* null target name indicates to use *SMBSERVR default called name
837 if we end up sending RFC1001 session initialize */
838 vol->target_rfc1001_name[0] = 0;
839 vol->linux_uid = current->uid; /* current->euid instead? */
840 vol->linux_gid = current->gid;
841 vol->dir_mode = S_IRWXUGO;
842 /* 2767 perms indicate mandatory locking support */
843 vol->file_mode = (S_IRWXUGO | S_ISGID) & (~S_IXGRP);
845 /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
847 /* default is always to request posix paths. */
848 vol->posix_paths = 1;
853 if (strncmp(options, "sep=", 4) == 0) {
854 if (options[4] != 0) {
855 separator[0] = options[4];
858 cFYI(1, ("Null separator not allowed"));
862 while ((data = strsep(&options, separator)) != NULL) {
865 if ((value = strchr(data, '=')) != NULL)
868 /* Have to parse this before we parse for "user" */
869 if (strnicmp(data, "user_xattr", 10) == 0) {
871 } else if (strnicmp(data, "nouser_xattr", 12) == 0) {
873 } else if (strnicmp(data, "user", 4) == 0) {
876 "CIFS: invalid or missing username\n");
877 return 1; /* needs_arg; */
878 } else if (!*value) {
879 /* null user, ie anonymous, authentication */
882 if (strnlen(value, 200) < 200) {
883 vol->username = value;
885 printk(KERN_WARNING "CIFS: username too long\n");
888 } else if (strnicmp(data, "pass", 4) == 0) {
890 vol->password = NULL;
892 } else if (value[0] == 0) {
893 /* check if string begins with double comma
894 since that would mean the password really
895 does start with a comma, and would not
896 indicate an empty string */
897 if (value[1] != separator[0]) {
898 vol->password = NULL;
902 temp_len = strlen(value);
903 /* removed password length check, NTLM passwords
904 can be arbitrarily long */
906 /* if comma in password, the string will be
907 prematurely null terminated. Commas in password are
908 specified across the cifs mount interface by a double
909 comma ie ,, and a comma used as in other cases ie ','
910 as a parameter delimiter/separator is single and due
911 to the strsep above is temporarily zeroed. */
913 /* NB: password legally can have multiple commas and
914 the only illegal character in a password is null */
916 if ((value[temp_len] == 0) &&
917 (value[temp_len+1] == separator[0])) {
919 value[temp_len] = separator[0];
920 temp_len += 2; /* move after second comma */
921 while (value[temp_len] != 0) {
922 if (value[temp_len] == separator[0]) {
923 if (value[temp_len+1] ==
925 /* skip second comma */
928 /* single comma indicating start
935 if (value[temp_len] == 0) {
939 /* point option to start of next parm */
940 options = value + temp_len + 1;
942 /* go from value to value + temp_len condensing
943 double commas to singles. Note that this ends up
944 allocating a few bytes too many, which is ok */
945 vol->password = kzalloc(temp_len, GFP_KERNEL);
946 if (vol->password == NULL) {
947 printk(KERN_WARNING "CIFS: no memory "
951 for (i = 0, j = 0; i < temp_len; i++, j++) {
952 vol->password[j] = value[i];
953 if (value[i] == separator[0]
954 && value[i+1] == separator[0]) {
955 /* skip second comma */
959 vol->password[j] = 0;
961 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
962 if (vol->password == NULL) {
963 printk(KERN_WARNING "CIFS: no memory "
967 strcpy(vol->password, value);
969 } else if (strnicmp(data, "ip", 2) == 0) {
970 if (!value || !*value) {
972 } else if (strnlen(value, 35) < 35) {
975 printk(KERN_WARNING "CIFS: ip address "
979 } else if (strnicmp(data, "sec", 3) == 0) {
980 if (!value || !*value) {
981 cERROR(1, ("no security value specified"));
983 } else if (strnicmp(value, "krb5i", 5) == 0) {
984 vol->secFlg |= CIFSSEC_MAY_KRB5 |
986 } else if (strnicmp(value, "krb5p", 5) == 0) {
987 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
989 cERROR(1, ("Krb5 cifs privacy not supported"));
991 } else if (strnicmp(value, "krb5", 4) == 0) {
992 vol->secFlg |= CIFSSEC_MAY_KRB5;
993 } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
994 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
996 } else if (strnicmp(value, "ntlmv2", 6) == 0) {
997 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
998 } else if (strnicmp(value, "ntlmi", 5) == 0) {
999 vol->secFlg |= CIFSSEC_MAY_NTLM |
1001 } else if (strnicmp(value, "ntlm", 4) == 0) {
1002 /* ntlm is default so can be turned off too */
1003 vol->secFlg |= CIFSSEC_MAY_NTLM;
1004 } else if (strnicmp(value, "nontlm", 6) == 0) {
1005 /* BB is there a better way to do this? */
1006 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
1007 #ifdef CONFIG_CIFS_WEAK_PW_HASH
1008 } else if (strnicmp(value, "lanman", 6) == 0) {
1009 vol->secFlg |= CIFSSEC_MAY_LANMAN;
1011 } else if (strnicmp(value, "none", 4) == 0) {
1014 cERROR(1, ("bad security option: %s", value));
1017 } else if ((strnicmp(data, "unc", 3) == 0)
1018 || (strnicmp(data, "target", 6) == 0)
1019 || (strnicmp(data, "path", 4) == 0)) {
1020 if (!value || !*value) {
1021 printk(KERN_WARNING "CIFS: invalid path to "
1022 "network resource\n");
1023 return 1; /* needs_arg; */
1025 if ((temp_len = strnlen(value, 300)) < 300) {
1026 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1027 if (vol->UNC == NULL)
1029 strcpy(vol->UNC, value);
1030 if (strncmp(vol->UNC, "//", 2) == 0) {
1033 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1035 "CIFS: UNC Path does not begin "
1036 "with // or \\\\ \n");
1040 printk(KERN_WARNING "CIFS: UNC name too long\n");
1043 } else if ((strnicmp(data, "domain", 3) == 0)
1044 || (strnicmp(data, "workgroup", 5) == 0)) {
1045 if (!value || !*value) {
1046 printk(KERN_WARNING "CIFS: invalid domain name\n");
1047 return 1; /* needs_arg; */
1049 /* BB are there cases in which a comma can be valid in
1050 a domain name and need special handling? */
1051 if (strnlen(value, 256) < 256) {
1052 vol->domainname = value;
1053 cFYI(1, ("Domain name set"));
1055 printk(KERN_WARNING "CIFS: domain name too "
1059 } else if (strnicmp(data, "prefixpath", 10) == 0) {
1060 if (!value || !*value) {
1062 "CIFS: invalid path prefix\n");
1063 return 1; /* needs_argument */
1065 if ((temp_len = strnlen(value, 1024)) < 1024) {
1066 if (value[0] != '/')
1067 temp_len++; /* missing leading slash */
1068 vol->prepath = kmalloc(temp_len+1, GFP_KERNEL);
1069 if (vol->prepath == NULL)
1071 if (value[0] != '/') {
1072 vol->prepath[0] = '/';
1073 strcpy(vol->prepath+1, value);
1075 strcpy(vol->prepath, value);
1076 cFYI(1, ("prefix path %s", vol->prepath));
1078 printk(KERN_WARNING "CIFS: prefix too long\n");
1081 } else if (strnicmp(data, "iocharset", 9) == 0) {
1082 if (!value || !*value) {
1083 printk(KERN_WARNING "CIFS: invalid iocharset "
1085 return 1; /* needs_arg; */
1087 if (strnlen(value, 65) < 65) {
1088 if (strnicmp(value, "default", 7))
1089 vol->iocharset = value;
1090 /* if iocharset not set then load_nls_default
1091 is used by caller */
1092 cFYI(1, ("iocharset set to %s", value));
1094 printk(KERN_WARNING "CIFS: iocharset name "
1098 } else if (strnicmp(data, "uid", 3) == 0) {
1099 if (value && *value) {
1101 simple_strtoul(value, &value, 0);
1102 vol->override_uid = 1;
1104 } else if (strnicmp(data, "gid", 3) == 0) {
1105 if (value && *value) {
1107 simple_strtoul(value, &value, 0);
1108 vol->override_gid = 1;
1110 } else if (strnicmp(data, "file_mode", 4) == 0) {
1111 if (value && *value) {
1113 simple_strtoul(value, &value, 0);
1115 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1116 if (value && *value) {
1118 simple_strtoul(value, &value, 0);
1120 } else if (strnicmp(data, "dirmode", 4) == 0) {
1121 if (value && *value) {
1123 simple_strtoul(value, &value, 0);
1125 } else if (strnicmp(data, "port", 4) == 0) {
1126 if (value && *value) {
1128 simple_strtoul(value, &value, 0);
1130 } else if (strnicmp(data, "rsize", 5) == 0) {
1131 if (value && *value) {
1133 simple_strtoul(value, &value, 0);
1135 } else if (strnicmp(data, "wsize", 5) == 0) {
1136 if (value && *value) {
1138 simple_strtoul(value, &value, 0);
1140 } else if (strnicmp(data, "sockopt", 5) == 0) {
1141 if (value && *value) {
1143 simple_strtoul(value, &value, 0);
1145 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1146 if (!value || !*value || (*value == ' ')) {
1147 cFYI(1, ("invalid (empty) netbiosname"));
1149 memset(vol->source_rfc1001_name, 0x20, 15);
1150 for (i = 0; i < 15; i++) {
1151 /* BB are there cases in which a comma can be
1152 valid in this workstation netbios name (and need
1153 special handling)? */
1155 /* We do not uppercase netbiosname for user */
1159 vol->source_rfc1001_name[i] =
1162 /* The string has 16th byte zero still from
1163 set at top of the function */
1164 if ((i == 15) && (value[i] != 0))
1165 printk(KERN_WARNING "CIFS: netbiosname"
1166 " longer than 15 truncated.\n");
1168 } else if (strnicmp(data, "servern", 7) == 0) {
1169 /* servernetbiosname specified override *SMBSERVER */
1170 if (!value || !*value || (*value == ' ')) {
1171 cFYI(1, ("empty server netbiosname specified"));
1173 /* last byte, type, is 0x20 for servr type */
1174 memset(vol->target_rfc1001_name, 0x20, 16);
1176 for (i = 0; i < 15; i++) {
1177 /* BB are there cases in which a comma can be
1178 valid in this workstation netbios name
1179 (and need special handling)? */
1181 /* user or mount helper must uppercase
1186 vol->target_rfc1001_name[i] =
1189 /* The string has 16th byte zero still from
1190 set at top of the function */
1191 if ((i == 15) && (value[i] != 0))
1192 printk(KERN_WARNING "CIFS: server net"
1193 "biosname longer than 15 truncated.\n");
1195 } else if (strnicmp(data, "credentials", 4) == 0) {
1197 } else if (strnicmp(data, "version", 3) == 0) {
1199 } else if (strnicmp(data, "guest", 5) == 0) {
1201 } else if (strnicmp(data, "rw", 2) == 0) {
1203 } else if (strnicmp(data, "noblocksend", 11) == 0) {
1204 vol->noblocksnd = 1;
1205 } else if (strnicmp(data, "noautotune", 10) == 0) {
1206 vol->noautotune = 1;
1207 } else if ((strnicmp(data, "suid", 4) == 0) ||
1208 (strnicmp(data, "nosuid", 6) == 0) ||
1209 (strnicmp(data, "exec", 4) == 0) ||
1210 (strnicmp(data, "noexec", 6) == 0) ||
1211 (strnicmp(data, "nodev", 5) == 0) ||
1212 (strnicmp(data, "noauto", 6) == 0) ||
1213 (strnicmp(data, "dev", 3) == 0)) {
1214 /* The mount tool or mount.cifs helper (if present)
1215 uses these opts to set flags, and the flags are read
1216 by the kernel vfs layer before we get here (ie
1217 before read super) so there is no point trying to
1218 parse these options again and set anything and it
1219 is ok to just ignore them */
1221 } else if (strnicmp(data, "ro", 2) == 0) {
1223 } else if (strnicmp(data, "hard", 4) == 0) {
1225 } else if (strnicmp(data, "soft", 4) == 0) {
1227 } else if (strnicmp(data, "perm", 4) == 0) {
1229 } else if (strnicmp(data, "noperm", 6) == 0) {
1231 } else if (strnicmp(data, "mapchars", 8) == 0) {
1233 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1235 } else if (strnicmp(data, "sfu", 3) == 0) {
1237 } else if (strnicmp(data, "nosfu", 5) == 0) {
1239 } else if (strnicmp(data, "nodfs", 5) == 0) {
1241 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1242 vol->posix_paths = 1;
1243 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1244 vol->posix_paths = 0;
1245 } else if (strnicmp(data, "nounix", 6) == 0) {
1246 vol->no_linux_ext = 1;
1247 } else if (strnicmp(data, "nolinux", 7) == 0) {
1248 vol->no_linux_ext = 1;
1249 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1250 (strnicmp(data, "ignorecase", 10) == 0)) {
1252 } else if (strnicmp(data, "brl", 3) == 0) {
1254 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1255 (strnicmp(data, "nolock", 6) == 0)) {
1257 /* turn off mandatory locking in mode
1258 if remote locking is turned off since the
1259 local vfs will do advisory */
1260 if (vol->file_mode ==
1261 (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1262 vol->file_mode = S_IALLUGO;
1263 } else if (strnicmp(data, "setuids", 7) == 0) {
1265 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1267 } else if (strnicmp(data, "dynperm", 7) == 0) {
1268 vol->dynperm = true;
1269 } else if (strnicmp(data, "nodynperm", 9) == 0) {
1270 vol->dynperm = false;
1271 } else if (strnicmp(data, "nohard", 6) == 0) {
1273 } else if (strnicmp(data, "nosoft", 6) == 0) {
1275 } else if (strnicmp(data, "nointr", 6) == 0) {
1277 } else if (strnicmp(data, "intr", 4) == 0) {
1279 } else if (strnicmp(data, "serverino", 7) == 0) {
1280 vol->server_ino = 1;
1281 } else if (strnicmp(data, "noserverino", 9) == 0) {
1282 vol->server_ino = 0;
1283 } else if (strnicmp(data, "cifsacl", 7) == 0) {
1285 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1287 } else if (strnicmp(data, "acl", 3) == 0) {
1288 vol->no_psx_acl = 0;
1289 } else if (strnicmp(data, "noacl", 5) == 0) {
1290 vol->no_psx_acl = 1;
1291 #ifdef CONFIG_CIFS_EXPERIMENTAL
1292 } else if (strnicmp(data, "locallease", 6) == 0) {
1293 vol->local_lease = 1;
1295 } else if (strnicmp(data, "sign", 4) == 0) {
1296 vol->secFlg |= CIFSSEC_MUST_SIGN;
1297 } else if (strnicmp(data, "seal", 4) == 0) {
1298 /* we do not do the following in secFlags because seal
1299 is a per tree connection (mount) not a per socket
1300 or per-smb connection option in the protocol */
1301 /* vol->secFlg |= CIFSSEC_MUST_SEAL; */
1303 } else if (strnicmp(data, "direct", 6) == 0) {
1305 } else if (strnicmp(data, "forcedirectio", 13) == 0) {
1307 } else if (strnicmp(data, "in6_addr", 8) == 0) {
1308 if (!value || !*value) {
1309 vol->in6_addr = NULL;
1310 } else if (strnlen(value, 49) == 48) {
1311 vol->in6_addr = value;
1313 printk(KERN_WARNING "CIFS: ip v6 address not "
1314 "48 characters long\n");
1317 } else if (strnicmp(data, "noac", 4) == 0) {
1318 printk(KERN_WARNING "CIFS: Mount option noac not "
1319 "supported. Instead set "
1320 "/proc/fs/cifs/LookupCacheEnabled to 0\n");
1322 printk(KERN_WARNING "CIFS: Unknown mount option %s\n",
1325 if (vol->UNC == NULL) {
1326 if (devname == NULL) {
1327 printk(KERN_WARNING "CIFS: Missing UNC name for mount "
1331 if ((temp_len = strnlen(devname, 300)) < 300) {
1332 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1333 if (vol->UNC == NULL)
1335 strcpy(vol->UNC, devname);
1336 if (strncmp(vol->UNC, "//", 2) == 0) {
1339 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1340 printk(KERN_WARNING "CIFS: UNC Path does not "
1341 "begin with // or \\\\ \n");
1344 value = strpbrk(vol->UNC+2, "/\\");
1348 printk(KERN_WARNING "CIFS: UNC name too long\n");
1352 if (vol->UNCip == NULL)
1353 vol->UNCip = &vol->UNC[2];
1358 static struct TCP_Server_Info *
1359 cifs_find_tcp_session(struct sockaddr *addr)
1361 struct list_head *tmp;
1362 struct TCP_Server_Info *server;
1363 struct sockaddr_in *addr4 = (struct sockaddr_in *) addr;
1364 struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) addr;
1366 write_lock(&cifs_tcp_ses_lock);
1367 list_for_each(tmp, &cifs_tcp_ses_list) {
1368 server = list_entry(tmp, struct TCP_Server_Info,
1371 * the demux thread can exit on its own while still in CifsNew
1372 * so don't accept any sockets in that state. Since the
1373 * tcpStatus never changes back to CifsNew it's safe to check
1374 * for this without a lock.
1376 if (server->tcpStatus == CifsNew)
1379 if (addr->sa_family == AF_INET &&
1380 (addr4->sin_addr.s_addr !=
1381 server->addr.sockAddr.sin_addr.s_addr))
1383 else if (addr->sa_family == AF_INET6 &&
1384 memcmp(&server->addr.sockAddr6.sin6_addr,
1385 &addr6->sin6_addr, sizeof(addr6->sin6_addr)))
1388 ++server->srv_count;
1389 write_unlock(&cifs_tcp_ses_lock);
1390 cFYI(1, ("Existing tcp session with server found"));
1393 write_unlock(&cifs_tcp_ses_lock);
1398 cifs_put_tcp_session(struct TCP_Server_Info *server)
1400 struct task_struct *task;
1402 write_lock(&cifs_tcp_ses_lock);
1403 if (--server->srv_count > 0) {
1404 write_unlock(&cifs_tcp_ses_lock);
1408 list_del_init(&server->tcp_ses_list);
1409 write_unlock(&cifs_tcp_ses_lock);
1411 spin_lock(&GlobalMid_Lock);
1412 server->tcpStatus = CifsExiting;
1413 spin_unlock(&GlobalMid_Lock);
1415 task = xchg(&server->tsk, NULL);
1417 force_sig(SIGKILL, task);
1420 static struct TCP_Server_Info *
1421 cifs_get_tcp_session(struct smb_vol *volume_info)
1423 struct TCP_Server_Info *tcp_ses = NULL;
1424 struct sockaddr addr;
1425 struct sockaddr_in *sin_server = (struct sockaddr_in *) &addr;
1426 struct sockaddr_in6 *sin_server6 = (struct sockaddr_in6 *) &addr;
1429 memset(&addr, 0, sizeof(struct sockaddr));
1431 if (volume_info->UNCip && volume_info->UNC) {
1432 rc = cifs_inet_pton(AF_INET, volume_info->UNCip,
1433 &sin_server->sin_addr.s_addr);
1436 /* not ipv4 address, try ipv6 */
1437 rc = cifs_inet_pton(AF_INET6, volume_info->UNCip,
1438 &sin_server6->sin6_addr.in6_u);
1440 addr.sa_family = AF_INET6;
1442 addr.sa_family = AF_INET;
1446 /* we failed translating address */
1451 cFYI(1, ("UNC: %s ip: %s", volume_info->UNC,
1452 volume_info->UNCip));
1453 } else if (volume_info->UNCip) {
1454 /* BB using ip addr as tcp_ses name to connect to the
1456 cERROR(1, ("Connecting to DFS root not implemented yet"));
1459 } else /* which tcp_sess DFS root would we conect to */ {
1461 ("CIFS mount error: No UNC path (e.g. -o "
1462 "unc=//192.168.1.100/public) specified"));
1467 /* see if we already have a matching tcp_ses */
1468 tcp_ses = cifs_find_tcp_session(&addr);
1472 tcp_ses = kzalloc(sizeof(struct TCP_Server_Info), GFP_KERNEL);
1478 tcp_ses->hostname = extract_hostname(volume_info->UNC);
1479 if (IS_ERR(tcp_ses->hostname)) {
1480 rc = PTR_ERR(tcp_ses->hostname);
1484 tcp_ses->noblocksnd = volume_info->noblocksnd;
1485 tcp_ses->noautotune = volume_info->noautotune;
1486 atomic_set(&tcp_ses->inFlight, 0);
1487 init_waitqueue_head(&tcp_ses->response_q);
1488 init_waitqueue_head(&tcp_ses->request_q);
1489 INIT_LIST_HEAD(&tcp_ses->pending_mid_q);
1490 mutex_init(&tcp_ses->srv_mutex);
1491 memcpy(tcp_ses->workstation_RFC1001_name,
1492 volume_info->source_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1493 memcpy(tcp_ses->server_RFC1001_name,
1494 volume_info->target_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1495 tcp_ses->sequence_number = 0;
1496 INIT_LIST_HEAD(&tcp_ses->tcp_ses_list);
1497 INIT_LIST_HEAD(&tcp_ses->smb_ses_list);
1500 * at this point we are the only ones with the pointer
1501 * to the struct since the kernel thread not created yet
1502 * no need to spinlock this init of tcpStatus or srv_count
1504 tcp_ses->tcpStatus = CifsNew;
1505 ++tcp_ses->srv_count;
1507 if (addr.sa_family == AF_INET6) {
1508 cFYI(1, ("attempting ipv6 connect"));
1509 /* BB should we allow ipv6 on port 139? */
1510 /* other OS never observed in Wild doing 139 with v6 */
1511 memcpy(&tcp_ses->addr.sockAddr6, sin_server6,
1512 sizeof(struct sockaddr_in6));
1513 sin_server6->sin6_port = htons(volume_info->port);
1514 rc = ipv6_connect(sin_server6, &tcp_ses->ssocket,
1515 volume_info->noblocksnd);
1517 memcpy(&tcp_ses->addr.sockAddr, sin_server,
1518 sizeof(struct sockaddr_in));
1519 sin_server->sin_port = htons(volume_info->port);
1520 rc = ipv4_connect(sin_server, &tcp_ses->ssocket,
1521 volume_info->source_rfc1001_name,
1522 volume_info->target_rfc1001_name,
1523 volume_info->noblocksnd,
1524 volume_info->noautotune);
1527 cERROR(1, ("Error connecting to socket. Aborting operation"));
1532 * since we're in a cifs function already, we know that
1533 * this will succeed. No need for try_module_get().
1535 __module_get(THIS_MODULE);
1536 tcp_ses->tsk = kthread_run((void *)(void *)cifs_demultiplex_thread,
1538 if (IS_ERR(tcp_ses->tsk)) {
1539 rc = PTR_ERR(tcp_ses->tsk);
1540 cERROR(1, ("error %d create cifsd thread", rc));
1541 module_put(THIS_MODULE);
1545 /* thread spawned, put it on the list */
1546 write_lock(&cifs_tcp_ses_lock);
1547 list_add(&tcp_ses->tcp_ses_list, &cifs_tcp_ses_list);
1548 write_unlock(&cifs_tcp_ses_lock);
1554 kfree(tcp_ses->hostname);
1555 if (tcp_ses->ssocket)
1556 sock_release(tcp_ses->ssocket);
1562 static struct cifsSesInfo *
1563 cifs_find_smb_ses(struct TCP_Server_Info *server, char *username)
1565 struct list_head *tmp;
1566 struct cifsSesInfo *ses;
1568 write_lock(&cifs_tcp_ses_lock);
1569 list_for_each(tmp, &server->smb_ses_list) {
1570 ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
1571 if (strncmp(ses->userName, username, MAX_USERNAME_SIZE))
1575 write_unlock(&cifs_tcp_ses_lock);
1578 write_unlock(&cifs_tcp_ses_lock);
1583 cifs_put_smb_ses(struct cifsSesInfo *ses)
1586 struct TCP_Server_Info *server = ses->server;
1588 write_lock(&cifs_tcp_ses_lock);
1589 if (--ses->ses_count > 0) {
1590 write_unlock(&cifs_tcp_ses_lock);
1594 list_del_init(&ses->smb_ses_list);
1595 write_unlock(&cifs_tcp_ses_lock);
1597 if (ses->status == CifsGood) {
1599 CIFSSMBLogoff(xid, ses);
1603 cifs_put_tcp_session(server);
1606 static struct cifsTconInfo *
1607 cifs_find_tcon(struct cifsSesInfo *ses, const char *unc)
1609 struct list_head *tmp;
1610 struct cifsTconInfo *tcon;
1612 write_lock(&cifs_tcp_ses_lock);
1613 list_for_each(tmp, &ses->tcon_list) {
1614 tcon = list_entry(tmp, struct cifsTconInfo, tcon_list);
1615 if (tcon->tidStatus == CifsExiting)
1617 if (strncmp(tcon->treeName, unc, MAX_TREE_SIZE))
1621 write_unlock(&cifs_tcp_ses_lock);
1624 write_unlock(&cifs_tcp_ses_lock);
1629 cifs_put_tcon(struct cifsTconInfo *tcon)
1632 struct cifsSesInfo *ses = tcon->ses;
1634 write_lock(&cifs_tcp_ses_lock);
1635 if (--tcon->tc_count > 0) {
1636 write_unlock(&cifs_tcp_ses_lock);
1640 list_del_init(&tcon->tcon_list);
1641 write_unlock(&cifs_tcp_ses_lock);
1644 CIFSSMBTDis(xid, tcon);
1647 DeleteTconOplockQEntries(tcon);
1649 cifs_put_smb_ses(ses);
1653 get_dfs_path(int xid, struct cifsSesInfo *pSesInfo, const char *old_path,
1654 const struct nls_table *nls_codepage, unsigned int *pnum_referrals,
1655 struct dfs_info3_param **preferrals, int remap)
1660 *pnum_referrals = 0;
1663 if (pSesInfo->ipc_tid == 0) {
1664 temp_unc = kmalloc(2 /* for slashes */ +
1665 strnlen(pSesInfo->serverName,
1666 SERVER_NAME_LEN_WITH_NULL * 2)
1667 + 1 + 4 /* slash IPC$ */ + 2,
1669 if (temp_unc == NULL)
1673 strcpy(temp_unc + 2, pSesInfo->serverName);
1674 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
1675 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
1677 ("CIFS Tcon rc = %d ipc_tid = %d", rc, pSesInfo->ipc_tid));
1681 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
1682 pnum_referrals, nls_codepage, remap);
1683 /* BB map targetUNCs to dfs_info3 structures, here or
1684 in CIFSGetDFSRefer BB */
1689 #ifdef CONFIG_DEBUG_LOCK_ALLOC
1690 static struct lock_class_key cifs_key[2];
1691 static struct lock_class_key cifs_slock_key[2];
1694 cifs_reclassify_socket4(struct socket *sock)
1696 struct sock *sk = sock->sk;
1697 BUG_ON(sock_owned_by_user(sk));
1698 sock_lock_init_class_and_name(sk, "slock-AF_INET-CIFS",
1699 &cifs_slock_key[0], "sk_lock-AF_INET-CIFS", &cifs_key[0]);
1703 cifs_reclassify_socket6(struct socket *sock)
1705 struct sock *sk = sock->sk;
1706 BUG_ON(sock_owned_by_user(sk));
1707 sock_lock_init_class_and_name(sk, "slock-AF_INET6-CIFS",
1708 &cifs_slock_key[1], "sk_lock-AF_INET6-CIFS", &cifs_key[1]);
1712 cifs_reclassify_socket4(struct socket *sock)
1717 cifs_reclassify_socket6(struct socket *sock)
1722 /* See RFC1001 section 14 on representation of Netbios names */
1723 static void rfc1002mangle(char *target, char *source, unsigned int length)
1727 for (i = 0, j = 0; i < (length); i++) {
1728 /* mask a nibble at a time and encode */
1729 target[j] = 'A' + (0x0F & (source[i] >> 4));
1730 target[j+1] = 'A' + (0x0F & source[i]);
1738 ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket,
1739 char *netbios_name, char *target_name,
1740 bool noblocksnd, bool noautotune)
1744 __be16 orig_port = 0;
1746 if (*csocket == NULL) {
1747 rc = sock_create_kern(PF_INET, SOCK_STREAM,
1748 IPPROTO_TCP, csocket);
1750 cERROR(1, ("Error %d creating socket", rc));
1754 /* BB other socket options to set KEEPALIVE, NODELAY? */
1755 cFYI(1, ("Socket created"));
1756 (*csocket)->sk->sk_allocation = GFP_NOFS;
1757 cifs_reclassify_socket4(*csocket);
1761 psin_server->sin_family = AF_INET;
1762 if (psin_server->sin_port) { /* user overrode default port */
1763 rc = (*csocket)->ops->connect(*csocket,
1764 (struct sockaddr *) psin_server,
1765 sizeof(struct sockaddr_in), 0);
1771 /* save original port so we can retry user specified port
1772 later if fall back ports fail this time */
1773 orig_port = psin_server->sin_port;
1775 /* do not retry on the same port we just failed on */
1776 if (psin_server->sin_port != htons(CIFS_PORT)) {
1777 psin_server->sin_port = htons(CIFS_PORT);
1779 rc = (*csocket)->ops->connect(*csocket,
1780 (struct sockaddr *) psin_server,
1781 sizeof(struct sockaddr_in), 0);
1787 psin_server->sin_port = htons(RFC1001_PORT);
1788 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1790 sizeof(struct sockaddr_in), 0);
1795 /* give up here - unless we want to retry on different
1796 protocol families some day */
1799 psin_server->sin_port = orig_port;
1800 cFYI(1, ("Error %d connecting to server via ipv4", rc));
1801 sock_release(*csocket);
1805 /* Eventually check for other socket options to change from
1806 the default. sock_setsockopt not used because it expects
1807 user space buffer */
1808 cFYI(1, ("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",
1809 (*csocket)->sk->sk_sndbuf,
1810 (*csocket)->sk->sk_rcvbuf, (*csocket)->sk->sk_rcvtimeo));
1811 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1813 (*csocket)->sk->sk_sndtimeo = 3 * HZ;
1815 /* make the bufsizes depend on wsize/rsize and max requests */
1817 if ((*csocket)->sk->sk_sndbuf < (200 * 1024))
1818 (*csocket)->sk->sk_sndbuf = 200 * 1024;
1819 if ((*csocket)->sk->sk_rcvbuf < (140 * 1024))
1820 (*csocket)->sk->sk_rcvbuf = 140 * 1024;
1823 /* send RFC1001 sessinit */
1824 if (psin_server->sin_port == htons(RFC1001_PORT)) {
1825 /* some servers require RFC1001 sessinit before sending
1826 negprot - BB check reconnection in case where second
1827 sessinit is sent but no second negprot */
1828 struct rfc1002_session_packet *ses_init_buf;
1829 struct smb_hdr *smb_buf;
1830 ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet),
1833 ses_init_buf->trailer.session_req.called_len = 32;
1834 if (target_name && (target_name[0] != 0)) {
1835 rfc1002mangle(ses_init_buf->trailer.
1836 session_req.called_name,
1838 RFC1001_NAME_LEN_WITH_NULL);
1840 rfc1002mangle(ses_init_buf->trailer.
1841 session_req.called_name,
1842 DEFAULT_CIFS_CALLED_NAME,
1843 RFC1001_NAME_LEN_WITH_NULL);
1846 ses_init_buf->trailer.session_req.calling_len = 32;
1847 /* calling name ends in null (byte 16) from old smb
1849 if (netbios_name && (netbios_name[0] != 0)) {
1850 rfc1002mangle(ses_init_buf->trailer.
1851 session_req.calling_name,
1853 RFC1001_NAME_LEN_WITH_NULL);
1855 rfc1002mangle(ses_init_buf->trailer.
1856 session_req.calling_name,
1858 RFC1001_NAME_LEN_WITH_NULL);
1860 ses_init_buf->trailer.session_req.scope1 = 0;
1861 ses_init_buf->trailer.session_req.scope2 = 0;
1862 smb_buf = (struct smb_hdr *)ses_init_buf;
1863 /* sizeof RFC1002_SESSION_REQUEST with no scope */
1864 smb_buf->smb_buf_length = 0x81000044;
1865 rc = smb_send(*csocket, smb_buf, 0x44,
1866 (struct sockaddr *)psin_server, noblocksnd);
1867 kfree(ses_init_buf);
1868 msleep(1); /* RFC1001 layer in at least one server
1869 requires very short break before negprot
1870 presumably because not expecting negprot
1871 to follow so fast. This is a simple
1872 solution that works without
1873 complicating the code and causes no
1874 significant slowing down on mount
1875 for everyone else */
1877 /* else the negprot may still work without this
1878 even though malloc failed */
1886 ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket,
1891 __be16 orig_port = 0;
1893 if (*csocket == NULL) {
1894 rc = sock_create_kern(PF_INET6, SOCK_STREAM,
1895 IPPROTO_TCP, csocket);
1897 cERROR(1, ("Error %d creating ipv6 socket", rc));
1901 /* BB other socket options to set KEEPALIVE, NODELAY? */
1902 cFYI(1, ("ipv6 Socket created"));
1903 (*csocket)->sk->sk_allocation = GFP_NOFS;
1904 cifs_reclassify_socket6(*csocket);
1908 psin_server->sin6_family = AF_INET6;
1910 if (psin_server->sin6_port) { /* user overrode default port */
1911 rc = (*csocket)->ops->connect(*csocket,
1912 (struct sockaddr *) psin_server,
1913 sizeof(struct sockaddr_in6), 0);
1919 /* save original port so we can retry user specified port
1920 later if fall back ports fail this time */
1922 orig_port = psin_server->sin6_port;
1923 /* do not retry on the same port we just failed on */
1924 if (psin_server->sin6_port != htons(CIFS_PORT)) {
1925 psin_server->sin6_port = htons(CIFS_PORT);
1927 rc = (*csocket)->ops->connect(*csocket,
1928 (struct sockaddr *) psin_server,
1929 sizeof(struct sockaddr_in6), 0);
1935 psin_server->sin6_port = htons(RFC1001_PORT);
1936 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1937 psin_server, sizeof(struct sockaddr_in6), 0);
1942 /* give up here - unless we want to retry on different
1943 protocol families some day */
1946 psin_server->sin6_port = orig_port;
1947 cFYI(1, ("Error %d connecting to server via ipv6", rc));
1948 sock_release(*csocket);
1952 /* Eventually check for other socket options to change from
1953 the default. sock_setsockopt not used because it expects
1954 user space buffer */
1955 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1957 (*csocket)->sk->sk_sndtimeo = 3 * HZ;
1963 void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon,
1964 struct super_block *sb, struct smb_vol *vol_info)
1966 /* if we are reconnecting then should we check to see if
1967 * any requested capabilities changed locally e.g. via
1968 * remount but we can not do much about it here
1969 * if they have (even if we could detect it by the following)
1970 * Perhaps we could add a backpointer to array of sb from tcon
1971 * or if we change to make all sb to same share the same
1972 * sb as NFS - then we only have one backpointer to sb.
1973 * What if we wanted to mount the server share twice once with
1974 * and once without posixacls or posix paths? */
1975 __u64 saved_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
1977 if (vol_info && vol_info->no_linux_ext) {
1978 tcon->fsUnixInfo.Capability = 0;
1979 tcon->unix_ext = 0; /* Unix Extensions disabled */
1980 cFYI(1, ("Linux protocol extensions disabled"));
1982 } else if (vol_info)
1983 tcon->unix_ext = 1; /* Unix Extensions supported */
1985 if (tcon->unix_ext == 0) {
1986 cFYI(1, ("Unix extensions disabled so not set on reconnect"));
1990 if (!CIFSSMBQFSUnixInfo(xid, tcon)) {
1991 __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
1993 /* check for reconnect case in which we do not
1994 want to change the mount behavior if we can avoid it */
1995 if (vol_info == NULL) {
1996 /* turn off POSIX ACL and PATHNAMES if not set
1997 originally at mount time */
1998 if ((saved_cap & CIFS_UNIX_POSIX_ACL_CAP) == 0)
1999 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2000 if ((saved_cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2001 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2002 cERROR(1, ("POSIXPATH support change"));
2003 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2004 } else if ((cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2005 cERROR(1, ("possible reconnect error"));
2007 ("server disabled POSIX path support"));
2011 cap &= CIFS_UNIX_CAP_MASK;
2012 if (vol_info && vol_info->no_psx_acl)
2013 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2014 else if (CIFS_UNIX_POSIX_ACL_CAP & cap) {
2015 cFYI(1, ("negotiated posix acl support"));
2017 sb->s_flags |= MS_POSIXACL;
2020 if (vol_info && vol_info->posix_paths == 0)
2021 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2022 else if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
2023 cFYI(1, ("negotiate posix pathnames"));
2025 CIFS_SB(sb)->mnt_cifs_flags |=
2026 CIFS_MOUNT_POSIX_PATHS;
2029 /* We might be setting the path sep back to a different
2030 form if we are reconnecting and the server switched its
2031 posix path capability for this share */
2032 if (sb && (CIFS_SB(sb)->prepathlen > 0))
2033 CIFS_SB(sb)->prepath[0] = CIFS_DIR_SEP(CIFS_SB(sb));
2035 if (sb && (CIFS_SB(sb)->rsize > 127 * 1024)) {
2036 if ((cap & CIFS_UNIX_LARGE_READ_CAP) == 0) {
2037 CIFS_SB(sb)->rsize = 127 * 1024;
2039 ("larger reads not supported by srv"));
2044 cFYI(1, ("Negotiate caps 0x%x", (int)cap));
2045 #ifdef CONFIG_CIFS_DEBUG2
2046 if (cap & CIFS_UNIX_FCNTL_CAP)
2047 cFYI(1, ("FCNTL cap"));
2048 if (cap & CIFS_UNIX_EXTATTR_CAP)
2049 cFYI(1, ("EXTATTR cap"));
2050 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2051 cFYI(1, ("POSIX path cap"));
2052 if (cap & CIFS_UNIX_XATTR_CAP)
2053 cFYI(1, ("XATTR cap"));
2054 if (cap & CIFS_UNIX_POSIX_ACL_CAP)
2055 cFYI(1, ("POSIX ACL cap"));
2056 if (cap & CIFS_UNIX_LARGE_READ_CAP)
2057 cFYI(1, ("very large read cap"));
2058 if (cap & CIFS_UNIX_LARGE_WRITE_CAP)
2059 cFYI(1, ("very large write cap"));
2060 #endif /* CIFS_DEBUG2 */
2061 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
2062 if (vol_info == NULL) {
2063 cFYI(1, ("resetting capabilities failed"));
2065 cERROR(1, ("Negotiating Unix capabilities "
2066 "with the server failed. Consider "
2067 "mounting with the Unix Extensions\n"
2068 "disabled, if problems are found, "
2069 "by specifying the nounix mount "
2077 convert_delimiter(char *path, char delim)
2090 for (i = 0; path[i] != '\0'; i++) {
2091 if (path[i] == old_delim)
2096 static void setup_cifs_sb(struct smb_vol *pvolume_info,
2097 struct cifs_sb_info *cifs_sb)
2099 if (pvolume_info->rsize > CIFSMaxBufSize) {
2100 cERROR(1, ("rsize %d too large, using MaxBufSize",
2101 pvolume_info->rsize));
2102 cifs_sb->rsize = CIFSMaxBufSize;
2103 } else if ((pvolume_info->rsize) &&
2104 (pvolume_info->rsize <= CIFSMaxBufSize))
2105 cifs_sb->rsize = pvolume_info->rsize;
2107 cifs_sb->rsize = CIFSMaxBufSize;
2109 if (pvolume_info->wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
2110 cERROR(1, ("wsize %d too large, using 4096 instead",
2111 pvolume_info->wsize));
2112 cifs_sb->wsize = 4096;
2113 } else if (pvolume_info->wsize)
2114 cifs_sb->wsize = pvolume_info->wsize;
2116 cifs_sb->wsize = min_t(const int,
2117 PAGEVEC_SIZE * PAGE_CACHE_SIZE,
2119 /* old default of CIFSMaxBufSize was too small now
2120 that SMB Write2 can send multiple pages in kvec.
2121 RFC1001 does not describe what happens when frame
2122 bigger than 128K is sent so use that as max in
2123 conjunction with 52K kvec constraint on arch with 4K
2126 if (cifs_sb->rsize < 2048) {
2127 cifs_sb->rsize = 2048;
2128 /* Windows ME may prefer this */
2129 cFYI(1, ("readsize set to minimum: 2048"));
2131 /* calculate prepath */
2132 cifs_sb->prepath = pvolume_info->prepath;
2133 if (cifs_sb->prepath) {
2134 cifs_sb->prepathlen = strlen(cifs_sb->prepath);
2135 /* we can not convert the / to \ in the path
2136 separators in the prefixpath yet because we do not
2137 know (until reset_cifs_unix_caps is called later)
2138 whether POSIX PATH CAP is available. We normalize
2139 the / to \ after reset_cifs_unix_caps is called */
2140 pvolume_info->prepath = NULL;
2142 cifs_sb->prepathlen = 0;
2143 cifs_sb->mnt_uid = pvolume_info->linux_uid;
2144 cifs_sb->mnt_gid = pvolume_info->linux_gid;
2145 cifs_sb->mnt_file_mode = pvolume_info->file_mode;
2146 cifs_sb->mnt_dir_mode = pvolume_info->dir_mode;
2147 cFYI(1, ("file mode: 0x%x dir mode: 0x%x",
2148 cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode));
2150 if (pvolume_info->noperm)
2151 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
2152 if (pvolume_info->setuids)
2153 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
2154 if (pvolume_info->server_ino)
2155 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
2156 if (pvolume_info->remap)
2157 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
2158 if (pvolume_info->no_xattr)
2159 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
2160 if (pvolume_info->sfu_emul)
2161 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
2162 if (pvolume_info->nobrl)
2163 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
2164 if (pvolume_info->cifs_acl)
2165 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
2166 if (pvolume_info->override_uid)
2167 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
2168 if (pvolume_info->override_gid)
2169 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
2170 if (pvolume_info->dynperm)
2171 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DYNPERM;
2172 if (pvolume_info->direct_io) {
2173 cFYI(1, ("mounting share using direct i/o"));
2174 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
2177 if ((pvolume_info->cifs_acl) && (pvolume_info->dynperm))
2178 cERROR(1, ("mount option dynperm ignored if cifsacl "
2179 "mount option supported"));
2183 cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
2184 char *mount_data, const char *devname)
2188 struct smb_vol *volume_info;
2189 struct cifsSesInfo *pSesInfo = NULL;
2190 struct cifsTconInfo *tcon = NULL;
2191 struct TCP_Server_Info *srvTcp = NULL;
2195 volume_info = kzalloc(sizeof(struct smb_vol), GFP_KERNEL);
2201 if (cifs_parse_mount_options(mount_data, devname, volume_info)) {
2206 if (volume_info->nullauth) {
2207 cFYI(1, ("null user"));
2208 volume_info->username = "";
2209 } else if (volume_info->username) {
2210 /* BB fixme parse for domain name here */
2211 cFYI(1, ("Username: %s", volume_info->username));
2213 cifserror("No username specified");
2214 /* In userspace mount helper we can get user name from alternate
2215 locations such as env variables and files on disk */
2221 /* this is needed for ASCII cp to Unicode converts */
2222 if (volume_info->iocharset == NULL) {
2223 cifs_sb->local_nls = load_nls_default();
2224 /* load_nls_default can not return null */
2226 cifs_sb->local_nls = load_nls(volume_info->iocharset);
2227 if (cifs_sb->local_nls == NULL) {
2228 cERROR(1, ("CIFS mount error: iocharset %s not found",
2229 volume_info->iocharset));
2235 /* get a reference to a tcp session */
2236 srvTcp = cifs_get_tcp_session(volume_info);
2237 if (IS_ERR(srvTcp)) {
2238 rc = PTR_ERR(srvTcp);
2242 pSesInfo = cifs_find_smb_ses(srvTcp, volume_info->username);
2244 cFYI(1, ("Existing smb sess found (status=%d)",
2247 * The existing SMB session already has a reference to srvTcp,
2248 * so we can put back the extra one we got before
2250 cifs_put_tcp_session(srvTcp);
2252 down(&pSesInfo->sesSem);
2253 if (pSesInfo->need_reconnect) {
2254 cFYI(1, ("Session needs reconnect"));
2255 rc = cifs_setup_session(xid, pSesInfo,
2256 cifs_sb->local_nls);
2258 up(&pSesInfo->sesSem);
2260 cFYI(1, ("Existing smb sess not found"));
2261 pSesInfo = sesInfoAlloc();
2262 if (pSesInfo == NULL) {
2264 goto mount_fail_check;
2267 /* new SMB session uses our srvTcp ref */
2268 pSesInfo->server = srvTcp;
2269 if (srvTcp->addr.sockAddr6.sin6_family == AF_INET6)
2270 sprintf(pSesInfo->serverName, NIP6_FMT,
2271 NIP6(srvTcp->addr.sockAddr6.sin6_addr));
2273 sprintf(pSesInfo->serverName, NIPQUAD_FMT,
2274 NIPQUAD(srvTcp->addr.sockAddr.sin_addr.s_addr));
2276 write_lock(&cifs_tcp_ses_lock);
2277 list_add(&pSesInfo->smb_ses_list, &srvTcp->smb_ses_list);
2278 write_unlock(&cifs_tcp_ses_lock);
2280 /* volume_info->password freed at unmount */
2281 if (volume_info->password) {
2282 pSesInfo->password = volume_info->password;
2283 /* set to NULL to prevent freeing on exit */
2284 volume_info->password = NULL;
2286 if (volume_info->username)
2287 strncpy(pSesInfo->userName, volume_info->username,
2289 if (volume_info->domainname) {
2290 int len = strlen(volume_info->domainname);
2291 pSesInfo->domainName = kmalloc(len + 1, GFP_KERNEL);
2292 if (pSesInfo->domainName)
2293 strcpy(pSesInfo->domainName,
2294 volume_info->domainname);
2296 pSesInfo->linux_uid = volume_info->linux_uid;
2297 pSesInfo->overrideSecFlg = volume_info->secFlg;
2298 down(&pSesInfo->sesSem);
2300 /* BB FIXME need to pass vol->secFlgs BB */
2301 rc = cifs_setup_session(xid, pSesInfo,
2302 cifs_sb->local_nls);
2303 up(&pSesInfo->sesSem);
2306 /* search for existing tcon to this server share */
2308 setup_cifs_sb(volume_info, cifs_sb);
2310 tcon = cifs_find_tcon(pSesInfo, volume_info->UNC);
2312 cFYI(1, ("Found match on UNC path"));
2313 /* existing tcon already has a reference */
2314 cifs_put_smb_ses(pSesInfo);
2315 if (tcon->seal != volume_info->seal)
2316 cERROR(1, ("transport encryption setting "
2317 "conflicts with existing tid"));
2319 tcon = tconInfoAlloc();
2322 goto mount_fail_check;
2324 tcon->ses = pSesInfo;
2326 /* check for null share name ie connect to dfs root */
2327 if ((strchr(volume_info->UNC + 3, '\\') == NULL)
2328 && (strchr(volume_info->UNC + 3, '/') == NULL)) {
2329 /* rc = connect_to_dfs_path(...) */
2330 cFYI(1, ("DFS root not supported"));
2332 goto mount_fail_check;
2334 /* BB Do we need to wrap sesSem around
2335 * this TCon call and Unix SetFS as
2336 * we do on SessSetup and reconnect? */
2337 rc = CIFSTCon(xid, pSesInfo, volume_info->UNC,
2338 tcon, cifs_sb->local_nls);
2339 cFYI(1, ("CIFS Tcon rc = %d", rc));
2340 if (volume_info->nodfs) {
2341 tcon->Flags &= ~SMB_SHARE_IS_IN_DFS;
2342 cFYI(1, ("DFS disabled (%d)",
2347 goto mount_fail_check;
2348 tcon->seal = volume_info->seal;
2349 write_lock(&cifs_tcp_ses_lock);
2350 list_add(&tcon->tcon_list, &pSesInfo->tcon_list);
2351 write_unlock(&cifs_tcp_ses_lock);
2354 /* we can have only one retry value for a connection
2355 to a share so for resources mounted more than once
2356 to the same server share the last value passed in
2357 for the retry flag is used */
2358 tcon->retry = volume_info->retry;
2359 tcon->nocase = volume_info->nocase;
2360 tcon->local_lease = volume_info->local_lease;
2363 if (pSesInfo->capabilities & CAP_LARGE_FILES) {
2364 sb->s_maxbytes = (u64) 1 << 63;
2366 sb->s_maxbytes = (u64) 1 << 31; /* 2 GB */
2369 /* BB FIXME fix time_gran to be larger for LANMAN sessions */
2370 sb->s_time_gran = 100;
2373 /* on error free sesinfo and tcon struct if needed */
2375 /* If find_unc succeeded then rc == 0 so we can not end */
2376 /* up accidently freeing someone elses tcon struct */
2378 cifs_put_tcon(tcon);
2380 cifs_put_smb_ses(pSesInfo);
2382 cifs_put_tcp_session(srvTcp);
2385 cifs_sb->tcon = tcon;
2387 /* do not care if following two calls succeed - informational */
2389 CIFSSMBQFSDeviceInfo(xid, tcon);
2390 CIFSSMBQFSAttributeInfo(xid, tcon);
2393 /* tell server which Unix caps we support */
2394 if (tcon->ses->capabilities & CAP_UNIX)
2395 /* reset of caps checks mount to see if unix extensions
2396 disabled for just this mount */
2397 reset_cifs_unix_caps(xid, tcon, sb, volume_info);
2399 tcon->unix_ext = 0; /* server does not support them */
2401 /* convert forward to back slashes in prepath here if needed */
2402 if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0)
2403 convert_delimiter(cifs_sb->prepath, CIFS_DIR_SEP(cifs_sb));
2405 if ((tcon->unix_ext == 0) && (cifs_sb->rsize > (1024 * 127))) {
2406 cifs_sb->rsize = 1024 * 127;
2407 cFYI(DBG2, ("no very large read support, rsize now 127K"));
2409 if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
2410 cifs_sb->wsize = min(cifs_sb->wsize,
2411 (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE));
2412 if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
2413 cifs_sb->rsize = min(cifs_sb->rsize,
2414 (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE));
2416 /* volume_info->password is freed above when existing session found
2417 (in which case it is not needed anymore) but when new sesion is created
2418 the password ptr is put in the new session structure (in which case the
2419 password will be freed at unmount time) */
2421 /* zero out password before freeing */
2423 if (volume_info->password != NULL) {
2424 memset(volume_info->password, 0,
2425 strlen(volume_info->password));
2426 kfree(volume_info->password);
2428 kfree(volume_info->UNC);
2429 kfree(volume_info->prepath);
2437 CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2438 char session_key[CIFS_SESS_KEY_SIZE],
2439 const struct nls_table *nls_codepage)
2441 struct smb_hdr *smb_buffer;
2442 struct smb_hdr *smb_buffer_response;
2443 SESSION_SETUP_ANDX *pSMB;
2444 SESSION_SETUP_ANDX *pSMBr;
2449 int remaining_words = 0;
2450 int bytes_returned = 0;
2455 cFYI(1, ("In sesssetup"));
2458 user = ses->userName;
2459 domain = ses->domainName;
2460 smb_buffer = cifs_buf_get();
2462 if (smb_buffer == NULL)
2465 smb_buffer_response = smb_buffer;
2466 pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2468 /* send SMBsessionSetup here */
2469 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2470 NULL /* no tCon exists yet */ , 13 /* wct */ );
2472 smb_buffer->Mid = GetNextMid(ses->server);
2473 pSMB->req_no_secext.AndXCommand = 0xFF;
2474 pSMB->req_no_secext.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2475 pSMB->req_no_secext.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2477 if (ses->server->secMode &
2478 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2479 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2481 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2482 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
2483 if (ses->capabilities & CAP_UNICODE) {
2484 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2485 capabilities |= CAP_UNICODE;
2487 if (ses->capabilities & CAP_STATUS32) {
2488 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2489 capabilities |= CAP_STATUS32;
2491 if (ses->capabilities & CAP_DFS) {
2492 smb_buffer->Flags2 |= SMBFLG2_DFS;
2493 capabilities |= CAP_DFS;
2495 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
2497 pSMB->req_no_secext.CaseInsensitivePasswordLength =
2498 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2500 pSMB->req_no_secext.CaseSensitivePasswordLength =
2501 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2502 bcc_ptr = pByteArea(smb_buffer);
2503 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2504 bcc_ptr += CIFS_SESS_KEY_SIZE;
2505 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2506 bcc_ptr += CIFS_SESS_KEY_SIZE;
2508 if (ses->capabilities & CAP_UNICODE) {
2509 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode */
2514 bytes_returned = 0; /* skip null user */
2517 cifs_strtoUCS((__le16 *) bcc_ptr, user, 100,
2519 /* convert number of 16 bit words to bytes */
2520 bcc_ptr += 2 * bytes_returned;
2521 bcc_ptr += 2; /* trailing null */
2524 cifs_strtoUCS((__le16 *) bcc_ptr,
2525 "CIFS_LINUX_DOM", 32, nls_codepage);
2528 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2530 bcc_ptr += 2 * bytes_returned;
2533 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2535 bcc_ptr += 2 * bytes_returned;
2537 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release,
2539 bcc_ptr += 2 * bytes_returned;
2542 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2544 bcc_ptr += 2 * bytes_returned;
2548 strncpy(bcc_ptr, user, 200);
2549 bcc_ptr += strnlen(user, 200);
2553 if (domain == NULL) {
2554 strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2555 bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2557 strncpy(bcc_ptr, domain, 64);
2558 bcc_ptr += strnlen(domain, 64);
2562 strcpy(bcc_ptr, "Linux version ");
2563 bcc_ptr += strlen("Linux version ");
2564 strcpy(bcc_ptr, utsname()->release);
2565 bcc_ptr += strlen(utsname()->release) + 1;
2566 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2567 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2569 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2570 smb_buffer->smb_buf_length += count;
2571 pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
2573 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2574 &bytes_returned, CIFS_LONG_OP);
2576 /* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2577 } else if ((smb_buffer_response->WordCount == 3)
2578 || (smb_buffer_response->WordCount == 4)) {
2579 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2580 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2581 if (action & GUEST_LOGIN)
2582 cFYI(1, (" Guest login")); /* BB mark SesInfo struct? */
2583 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format
2585 cFYI(1, ("UID = %d ", ses->Suid));
2586 /* response can have either 3 or 4 word count - Samba sends 3 */
2587 bcc_ptr = pByteArea(smb_buffer_response);
2588 if ((pSMBr->resp.hdr.WordCount == 3)
2589 || ((pSMBr->resp.hdr.WordCount == 4)
2590 && (blob_len < pSMBr->resp.ByteCount))) {
2591 if (pSMBr->resp.hdr.WordCount == 4)
2592 bcc_ptr += blob_len;
2594 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2595 if ((long) (bcc_ptr) % 2) {
2597 (BCC(smb_buffer_response) - 1) / 2;
2598 /* Unicode strings must be word
2603 BCC(smb_buffer_response) / 2;
2606 UniStrnlen((wchar_t *) bcc_ptr,
2607 remaining_words - 1);
2608 /* We look for obvious messed up bcc or strings in response so we do not go off
2609 the end since (at least) WIN2K and Windows XP have a major bug in not null
2610 terminating last Unicode string in response */
2612 kfree(ses->serverOS);
2613 ses->serverOS = kzalloc(2 * (len + 1),
2615 if (ses->serverOS == NULL)
2616 goto sesssetup_nomem;
2617 cifs_strfromUCS_le(ses->serverOS,
2620 bcc_ptr += 2 * (len + 1);
2621 remaining_words -= len + 1;
2622 ses->serverOS[2 * len] = 0;
2623 ses->serverOS[1 + (2 * len)] = 0;
2624 if (remaining_words > 0) {
2625 len = UniStrnlen((wchar_t *)bcc_ptr,
2627 kfree(ses->serverNOS);
2628 ses->serverNOS = kzalloc(2 * (len + 1),
2630 if (ses->serverNOS == NULL)
2631 goto sesssetup_nomem;
2632 cifs_strfromUCS_le(ses->serverNOS,
2635 bcc_ptr += 2 * (len + 1);
2636 ses->serverNOS[2 * len] = 0;
2637 ses->serverNOS[1 + (2 * len)] = 0;
2638 if (strncmp(ses->serverNOS,
2639 "NT LAN Manager 4", 16) == 0) {
2640 cFYI(1, ("NT4 server"));
2641 ses->flags |= CIFS_SES_NT4;
2643 remaining_words -= len + 1;
2644 if (remaining_words > 0) {
2645 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2646 /* last string is not always null terminated
2647 (for e.g. for Windows XP & 2000) */
2648 if (ses->serverDomain)
2649 kfree(ses->serverDomain);
2653 if (ses->serverDomain == NULL)
2654 goto sesssetup_nomem;
2655 cifs_strfromUCS_le(ses->serverDomain,
2658 bcc_ptr += 2 * (len + 1);
2659 ses->serverDomain[2*len] = 0;
2660 ses->serverDomain[1+(2*len)] = 0;
2661 } else { /* else no more room so create
2662 dummy domain string */
2663 if (ses->serverDomain)
2664 kfree(ses->serverDomain);
2666 kzalloc(2, GFP_KERNEL);
2668 } else { /* no room so create dummy domain
2671 /* if these kcallocs fail not much we
2672 can do, but better to not fail the
2674 kfree(ses->serverDomain);
2676 kzalloc(2, GFP_KERNEL);
2677 kfree(ses->serverNOS);
2679 kzalloc(2, GFP_KERNEL);
2681 } else { /* ASCII */
2682 len = strnlen(bcc_ptr, 1024);
2683 if (((long) bcc_ptr + len) - (long)
2684 pByteArea(smb_buffer_response)
2685 <= BCC(smb_buffer_response)) {
2686 kfree(ses->serverOS);
2687 ses->serverOS = kzalloc(len + 1,
2689 if (ses->serverOS == NULL)
2690 goto sesssetup_nomem;
2691 strncpy(ses->serverOS, bcc_ptr, len);
2694 /* null terminate the string */
2698 len = strnlen(bcc_ptr, 1024);
2699 kfree(ses->serverNOS);
2700 ses->serverNOS = kzalloc(len + 1,
2702 if (ses->serverNOS == NULL)
2703 goto sesssetup_nomem;
2704 strncpy(ses->serverNOS, bcc_ptr, len);
2709 len = strnlen(bcc_ptr, 1024);
2710 if (ses->serverDomain)
2711 kfree(ses->serverDomain);
2712 ses->serverDomain = kzalloc(len + 1,
2714 if (ses->serverDomain == NULL)
2715 goto sesssetup_nomem;
2716 strncpy(ses->serverDomain, bcc_ptr,
2723 ("Variable field of length %d "
2724 "extends beyond end of smb ",
2729 (" Security Blob Length extends beyond "
2734 (" Invalid Word count %d: ",
2735 smb_buffer_response->WordCount));
2738 sesssetup_nomem: /* do not return an error on nomem for the info strings,
2739 since that could make reconnection harder, and
2740 reconnection might be needed to free memory */
2741 cifs_buf_release(smb_buffer);
2747 CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2748 struct cifsSesInfo *ses, bool *pNTLMv2_flag,
2749 const struct nls_table *nls_codepage)
2751 struct smb_hdr *smb_buffer;
2752 struct smb_hdr *smb_buffer_response;
2753 SESSION_SETUP_ANDX *pSMB;
2754 SESSION_SETUP_ANDX *pSMBr;
2758 int remaining_words = 0;
2759 int bytes_returned = 0;
2761 int SecurityBlobLength = sizeof(NEGOTIATE_MESSAGE);
2762 PNEGOTIATE_MESSAGE SecurityBlob;
2763 PCHALLENGE_MESSAGE SecurityBlob2;
2764 __u32 negotiate_flags, capabilities;
2767 cFYI(1, ("In NTLMSSP sesssetup (negotiate)"));
2770 domain = ses->domainName;
2771 *pNTLMv2_flag = false;
2772 smb_buffer = cifs_buf_get();
2773 if (smb_buffer == NULL) {
2776 smb_buffer_response = smb_buffer;
2777 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2778 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2780 /* send SMBsessionSetup here */
2781 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2782 NULL /* no tCon exists yet */ , 12 /* wct */ );
2784 smb_buffer->Mid = GetNextMid(ses->server);
2785 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2786 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2788 pSMB->req.AndXCommand = 0xFF;
2789 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2790 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2792 if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2793 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2795 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2796 CAP_EXTENDED_SECURITY;
2797 if (ses->capabilities & CAP_UNICODE) {
2798 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2799 capabilities |= CAP_UNICODE;
2801 if (ses->capabilities & CAP_STATUS32) {
2802 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2803 capabilities |= CAP_STATUS32;
2805 if (ses->capabilities & CAP_DFS) {
2806 smb_buffer->Flags2 |= SMBFLG2_DFS;
2807 capabilities |= CAP_DFS;
2809 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2811 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2812 SecurityBlob = (PNEGOTIATE_MESSAGE) bcc_ptr;
2813 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2814 SecurityBlob->MessageType = NtLmNegotiate;
2816 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
2817 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM |
2818 NTLMSSP_NEGOTIATE_56 |
2819 /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
2821 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
2822 /* if (ntlmv2_support)
2823 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;*/
2824 /* setup pointers to domain name and workstation name */
2825 bcc_ptr += SecurityBlobLength;
2827 SecurityBlob->WorkstationName.Buffer = 0;
2828 SecurityBlob->WorkstationName.Length = 0;
2829 SecurityBlob->WorkstationName.MaximumLength = 0;
2831 /* Domain not sent on first Sesssetup in NTLMSSP, instead it is sent
2832 along with username on auth request (ie the response to challenge) */
2833 SecurityBlob->DomainName.Buffer = 0;
2834 SecurityBlob->DomainName.Length = 0;
2835 SecurityBlob->DomainName.MaximumLength = 0;
2836 if (ses->capabilities & CAP_UNICODE) {
2837 if ((long) bcc_ptr % 2) {
2843 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2845 bcc_ptr += 2 * bytes_returned;
2847 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
2849 bcc_ptr += 2 * bytes_returned;
2850 bcc_ptr += 2; /* null terminate Linux version */
2852 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2854 bcc_ptr += 2 * bytes_returned;
2857 bcc_ptr += 2; /* null terminate network opsys string */
2860 bcc_ptr += 2; /* null domain */
2861 } else { /* ASCII */
2862 strcpy(bcc_ptr, "Linux version ");
2863 bcc_ptr += strlen("Linux version ");
2864 strcpy(bcc_ptr, utsname()->release);
2865 bcc_ptr += strlen(utsname()->release) + 1;
2866 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2867 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2868 bcc_ptr++; /* empty domain field */
2871 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2872 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2873 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2874 smb_buffer->smb_buf_length += count;
2875 pSMB->req.ByteCount = cpu_to_le16(count);
2877 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2878 &bytes_returned, CIFS_LONG_OP);
2880 if (smb_buffer_response->Status.CifsError ==
2881 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
2885 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2886 } else if ((smb_buffer_response->WordCount == 3)
2887 || (smb_buffer_response->WordCount == 4)) {
2888 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2889 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2891 if (action & GUEST_LOGIN)
2892 cFYI(1, (" Guest login"));
2893 /* Do we want to set anything in SesInfo struct when guest login? */
2895 bcc_ptr = pByteArea(smb_buffer_response);
2896 /* response can have either 3 or 4 word count - Samba sends 3 */
2898 SecurityBlob2 = (PCHALLENGE_MESSAGE) bcc_ptr;
2899 if (SecurityBlob2->MessageType != NtLmChallenge) {
2901 ("Unexpected NTLMSSP message type received %d",
2902 SecurityBlob2->MessageType));
2904 ses->Suid = smb_buffer_response->Uid; /* UID left in le format */
2905 cFYI(1, ("UID = %d", ses->Suid));
2906 if ((pSMBr->resp.hdr.WordCount == 3)
2907 || ((pSMBr->resp.hdr.WordCount == 4)
2909 pSMBr->resp.ByteCount))) {
2911 if (pSMBr->resp.hdr.WordCount == 4) {
2912 bcc_ptr += blob_len;
2913 cFYI(1, ("Security Blob Length %d",
2917 cFYI(1, ("NTLMSSP Challenge rcvd"));
2919 memcpy(ses->server->cryptKey,
2920 SecurityBlob2->Challenge,
2921 CIFS_CRYPTO_KEY_SIZE);
2922 if (SecurityBlob2->NegotiateFlags &
2923 cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
2924 *pNTLMv2_flag = true;
2926 if ((SecurityBlob2->NegotiateFlags &
2927 cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN))
2928 || (sign_CIFS_PDUs > 1))
2929 ses->server->secMode |=
2930 SECMODE_SIGN_REQUIRED;
2931 if ((SecurityBlob2->NegotiateFlags &
2932 cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN)) && (sign_CIFS_PDUs))
2933 ses->server->secMode |=
2934 SECMODE_SIGN_ENABLED;
2936 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2937 if ((long) (bcc_ptr) % 2) {
2939 (BCC(smb_buffer_response)
2941 /* Must word align unicode strings */
2946 (smb_buffer_response) / 2;
2949 UniStrnlen((wchar_t *) bcc_ptr,
2950 remaining_words - 1);
2951 /* We look for obvious messed up bcc or strings in response so we do not go off
2952 the end since (at least) WIN2K and Windows XP have a major bug in not null
2953 terminating last Unicode string in response */
2955 kfree(ses->serverOS);
2957 kzalloc(2 * (len + 1), GFP_KERNEL);
2958 cifs_strfromUCS_le(ses->serverOS,
2962 bcc_ptr += 2 * (len + 1);
2963 remaining_words -= len + 1;
2964 ses->serverOS[2 * len] = 0;
2965 ses->serverOS[1 + (2 * len)] = 0;
2966 if (remaining_words > 0) {
2967 len = UniStrnlen((wchar_t *)
2971 kfree(ses->serverNOS);
2973 kzalloc(2 * (len + 1),
2975 cifs_strfromUCS_le(ses->
2981 bcc_ptr += 2 * (len + 1);
2982 ses->serverNOS[2 * len] = 0;
2985 remaining_words -= len + 1;
2986 if (remaining_words > 0) {
2987 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2988 /* last string not always null terminated
2989 (for e.g. for Windows XP & 2000) */
2990 kfree(ses->serverDomain);
3002 ses->serverDomain[2*len]
3007 } /* else no more room so create dummy domain string */
3009 kfree(ses->serverDomain);
3014 } else { /* no room so create dummy domain and NOS string */
3015 kfree(ses->serverDomain);
3017 kzalloc(2, GFP_KERNEL);
3018 kfree(ses->serverNOS);
3020 kzalloc(2, GFP_KERNEL);
3022 } else { /* ASCII */
3023 len = strnlen(bcc_ptr, 1024);
3024 if (((long) bcc_ptr + len) - (long)
3025 pByteArea(smb_buffer_response)
3026 <= BCC(smb_buffer_response)) {
3028 kfree(ses->serverOS);
3032 strncpy(ses->serverOS,
3036 bcc_ptr[0] = 0; /* null terminate string */
3039 len = strnlen(bcc_ptr, 1024);
3040 kfree(ses->serverNOS);
3044 strncpy(ses->serverNOS, bcc_ptr, len);
3049 len = strnlen(bcc_ptr, 1024);
3050 kfree(ses->serverDomain);
3054 strncpy(ses->serverDomain,
3061 ("field of length %d "
3062 "extends beyond end of smb",
3066 cERROR(1, ("Security Blob Length extends beyond"
3070 cERROR(1, ("No session structure passed in."));
3074 (" Invalid Word count %d:",
3075 smb_buffer_response->WordCount));
3079 cifs_buf_release(smb_buffer);
3084 CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
3085 char *ntlm_session_key, bool ntlmv2_flag,
3086 const struct nls_table *nls_codepage)
3088 struct smb_hdr *smb_buffer;
3089 struct smb_hdr *smb_buffer_response;
3090 SESSION_SETUP_ANDX *pSMB;
3091 SESSION_SETUP_ANDX *pSMBr;
3096 int remaining_words = 0;
3097 int bytes_returned = 0;
3099 int SecurityBlobLength = sizeof(AUTHENTICATE_MESSAGE);
3100 PAUTHENTICATE_MESSAGE SecurityBlob;
3101 __u32 negotiate_flags, capabilities;
3104 cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
3107 user = ses->userName;
3108 domain = ses->domainName;
3109 smb_buffer = cifs_buf_get();
3110 if (smb_buffer == NULL) {
3113 smb_buffer_response = smb_buffer;
3114 pSMB = (SESSION_SETUP_ANDX *)smb_buffer;
3115 pSMBr = (SESSION_SETUP_ANDX *)smb_buffer_response;
3117 /* send SMBsessionSetup here */
3118 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
3119 NULL /* no tCon exists yet */ , 12 /* wct */ );
3121 smb_buffer->Mid = GetNextMid(ses->server);
3122 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
3123 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
3124 pSMB->req.AndXCommand = 0xFF;
3125 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
3126 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
3128 pSMB->req.hdr.Uid = ses->Suid;
3130 if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3131 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3133 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
3134 CAP_EXTENDED_SECURITY;
3135 if (ses->capabilities & CAP_UNICODE) {
3136 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3137 capabilities |= CAP_UNICODE;
3139 if (ses->capabilities & CAP_STATUS32) {
3140 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3141 capabilities |= CAP_STATUS32;
3143 if (ses->capabilities & CAP_DFS) {
3144 smb_buffer->Flags2 |= SMBFLG2_DFS;
3145 capabilities |= CAP_DFS;
3147 pSMB->req.Capabilities = cpu_to_le32(capabilities);
3149 bcc_ptr = (char *)&pSMB->req.SecurityBlob;
3150 SecurityBlob = (PAUTHENTICATE_MESSAGE)bcc_ptr;
3151 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
3152 SecurityBlob->MessageType = NtLmAuthenticate;
3153 bcc_ptr += SecurityBlobLength;
3154 negotiate_flags = NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
3155 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
3156 0x80000000 | NTLMSSP_NEGOTIATE_128;
3158 negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
3160 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
3162 /* setup pointers to domain name and workstation name */
3164 SecurityBlob->WorkstationName.Buffer = 0;
3165 SecurityBlob->WorkstationName.Length = 0;
3166 SecurityBlob->WorkstationName.MaximumLength = 0;
3167 SecurityBlob->SessionKey.Length = 0;
3168 SecurityBlob->SessionKey.MaximumLength = 0;
3169 SecurityBlob->SessionKey.Buffer = 0;
3171 SecurityBlob->LmChallengeResponse.Length = 0;
3172 SecurityBlob->LmChallengeResponse.MaximumLength = 0;
3173 SecurityBlob->LmChallengeResponse.Buffer = 0;
3175 SecurityBlob->NtChallengeResponse.Length =
3176 cpu_to_le16(CIFS_SESS_KEY_SIZE);
3177 SecurityBlob->NtChallengeResponse.MaximumLength =
3178 cpu_to_le16(CIFS_SESS_KEY_SIZE);
3179 memcpy(bcc_ptr, ntlm_session_key, CIFS_SESS_KEY_SIZE);
3180 SecurityBlob->NtChallengeResponse.Buffer =
3181 cpu_to_le32(SecurityBlobLength);
3182 SecurityBlobLength += CIFS_SESS_KEY_SIZE;
3183 bcc_ptr += CIFS_SESS_KEY_SIZE;
3185 if (ses->capabilities & CAP_UNICODE) {
3186 if (domain == NULL) {
3187 SecurityBlob->DomainName.Buffer = 0;
3188 SecurityBlob->DomainName.Length = 0;
3189 SecurityBlob->DomainName.MaximumLength = 0;
3191 __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
3194 SecurityBlob->DomainName.MaximumLength =
3196 SecurityBlob->DomainName.Buffer =
3197 cpu_to_le32(SecurityBlobLength);
3199 SecurityBlobLength += ln;
3200 SecurityBlob->DomainName.Length = cpu_to_le16(ln);
3203 SecurityBlob->UserName.Buffer = 0;
3204 SecurityBlob->UserName.Length = 0;
3205 SecurityBlob->UserName.MaximumLength = 0;
3207 __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, user, 64,
3210 SecurityBlob->UserName.MaximumLength =
3212 SecurityBlob->UserName.Buffer =
3213 cpu_to_le32(SecurityBlobLength);
3215 SecurityBlobLength += ln;
3216 SecurityBlob->UserName.Length = cpu_to_le16(ln);
3219 /* SecurityBlob->WorkstationName.Length =
3220 cifs_strtoUCS((__le16 *) bcc_ptr, "AMACHINE",64, nls_codepage);
3221 SecurityBlob->WorkstationName.Length *= 2;
3222 SecurityBlob->WorkstationName.MaximumLength =
3223 cpu_to_le16(SecurityBlob->WorkstationName.Length);
3224 SecurityBlob->WorkstationName.Buffer =
3225 cpu_to_le32(SecurityBlobLength);
3226 bcc_ptr += SecurityBlob->WorkstationName.Length;
3227 SecurityBlobLength += SecurityBlob->WorkstationName.Length;
3228 SecurityBlob->WorkstationName.Length =
3229 cpu_to_le16(SecurityBlob->WorkstationName.Length); */
3231 if ((long) bcc_ptr % 2) {
3236 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
3238 bcc_ptr += 2 * bytes_returned;
3240 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
3242 bcc_ptr += 2 * bytes_returned;
3243 bcc_ptr += 2; /* null term version string */
3245 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
3247 bcc_ptr += 2 * bytes_returned;
3250 bcc_ptr += 2; /* null terminate network opsys string */
3253 bcc_ptr += 2; /* null domain */
3254 } else { /* ASCII */
3255 if (domain == NULL) {
3256 SecurityBlob->DomainName.Buffer = 0;
3257 SecurityBlob->DomainName.Length = 0;
3258 SecurityBlob->DomainName.MaximumLength = 0;
3261 negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
3262 strncpy(bcc_ptr, domain, 63);
3263 ln = strnlen(domain, 64);
3264 SecurityBlob->DomainName.MaximumLength =
3266 SecurityBlob->DomainName.Buffer =
3267 cpu_to_le32(SecurityBlobLength);
3269 SecurityBlobLength += ln;
3270 SecurityBlob->DomainName.Length = cpu_to_le16(ln);
3273 SecurityBlob->UserName.Buffer = 0;
3274 SecurityBlob->UserName.Length = 0;
3275 SecurityBlob->UserName.MaximumLength = 0;
3278 strncpy(bcc_ptr, user, 63);
3279 ln = strnlen(user, 64);
3280 SecurityBlob->UserName.MaximumLength = cpu_to_le16(ln);
3281 SecurityBlob->UserName.Buffer =
3282 cpu_to_le32(SecurityBlobLength);
3284 SecurityBlobLength += ln;
3285 SecurityBlob->UserName.Length = cpu_to_le16(ln);
3287 /* BB fill in our workstation name if known BB */
3289 strcpy(bcc_ptr, "Linux version ");
3290 bcc_ptr += strlen("Linux version ");
3291 strcpy(bcc_ptr, utsname()->release);
3292 bcc_ptr += strlen(utsname()->release) + 1;
3293 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
3294 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
3295 bcc_ptr++; /* null domain */
3298 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
3299 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
3300 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
3301 smb_buffer->smb_buf_length += count;
3302 pSMB->req.ByteCount = cpu_to_le16(count);
3304 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
3305 &bytes_returned, CIFS_LONG_OP);
3307 /* rc = map_smb_to_linux_error(smb_buffer_response) done in SendReceive now */
3308 } else if ((smb_buffer_response->WordCount == 3) ||
3309 (smb_buffer_response->WordCount == 4)) {
3310 __u16 action = le16_to_cpu(pSMBr->resp.Action);
3311 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
3312 if (action & GUEST_LOGIN)
3313 cFYI(1, (" Guest login")); /* BB Should we set anything
3314 in SesInfo struct ? */
3315 /* if (SecurityBlob2->MessageType != NtLm??) {
3316 cFYI("Unexpected message type on auth response is %d"));
3321 ("Check challenge UID %d vs auth response UID %d",
3322 ses->Suid, smb_buffer_response->Uid));
3323 /* UID left in wire format */
3324 ses->Suid = smb_buffer_response->Uid;
3325 bcc_ptr = pByteArea(smb_buffer_response);
3326 /* response can have either 3 or 4 word count - Samba sends 3 */
3327 if ((pSMBr->resp.hdr.WordCount == 3)
3328 || ((pSMBr->resp.hdr.WordCount == 4)
3330 pSMBr->resp.ByteCount))) {
3331 if (pSMBr->resp.hdr.WordCount == 4) {
3335 ("Security Blob Length %d ",
3340 ("NTLMSSP response to Authenticate "));
3342 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3343 if ((long) (bcc_ptr) % 2) {
3345 (BCC(smb_buffer_response)
3347 bcc_ptr++; /* Unicode strings must be word aligned */
3349 remaining_words = BCC(smb_buffer_response) / 2;
3351 len = UniStrnlen((wchar_t *) bcc_ptr,
3352 remaining_words - 1);
3353 /* We look for obvious messed up bcc or strings in response so we do not go off
3354 the end since (at least) WIN2K and Windows XP have a major bug in not null
3355 terminating last Unicode string in response */
3357 kfree(ses->serverOS);
3359 kzalloc(2 * (len + 1), GFP_KERNEL);
3360 cifs_strfromUCS_le(ses->serverOS,
3364 bcc_ptr += 2 * (len + 1);
3365 remaining_words -= len + 1;
3366 ses->serverOS[2 * len] = 0;
3367 ses->serverOS[1 + (2 * len)] = 0;
3368 if (remaining_words > 0) {
3369 len = UniStrnlen((wchar_t *)
3373 kfree(ses->serverNOS);
3375 kzalloc(2 * (len + 1),
3377 cifs_strfromUCS_le(ses->
3383 bcc_ptr += 2 * (len + 1);
3384 ses->serverNOS[2 * len] = 0;
3385 ses->serverNOS[1+(2*len)] = 0;
3386 remaining_words -= len + 1;
3387 if (remaining_words > 0) {
3388 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
3389 /* last string not always null terminated (e.g. for Windows XP & 2000) */
3390 if (ses->serverDomain)
3391 kfree(ses->serverDomain);
3416 } /* else no more room so create dummy domain string */
3418 if (ses->serverDomain)
3419 kfree(ses->serverDomain);
3420 ses->serverDomain = kzalloc(2,GFP_KERNEL);
3422 } else { /* no room so create dummy domain and NOS string */
3423 if (ses->serverDomain)
3424 kfree(ses->serverDomain);
3425 ses->serverDomain = kzalloc(2, GFP_KERNEL);
3426 kfree(ses->serverNOS);
3427 ses->serverNOS = kzalloc(2, GFP_KERNEL);
3429 } else { /* ASCII */
3430 len = strnlen(bcc_ptr, 1024);
3431 if (((long) bcc_ptr + len) -
3432 (long) pByteArea(smb_buffer_response)
3433 <= BCC(smb_buffer_response)) {
3435 kfree(ses->serverOS);
3436 ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
3437 strncpy(ses->serverOS,bcc_ptr, len);
3440 bcc_ptr[0] = 0; /* null terminate the string */
3443 len = strnlen(bcc_ptr, 1024);
3444 kfree(ses->serverNOS);
3445 ses->serverNOS = kzalloc(len+1,
3447 strncpy(ses->serverNOS,
3453 len = strnlen(bcc_ptr, 1024);
3454 if (ses->serverDomain)
3455 kfree(ses->serverDomain);
3459 strncpy(ses->serverDomain,
3465 cFYI(1, ("field of length %d "
3466 "extends beyond end of smb ",
3470 cERROR(1, ("Security Blob extends beyond end "
3474 cERROR(1, ("No session structure passed in."));
3477 cERROR(1, ("Invalid Word count %d: ",
3478 smb_buffer_response->WordCount));
3482 cifs_buf_release(smb_buffer);
3488 CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3489 const char *tree, struct cifsTconInfo *tcon,
3490 const struct nls_table *nls_codepage)
3492 struct smb_hdr *smb_buffer;
3493 struct smb_hdr *smb_buffer_response;
3496 unsigned char *bcc_ptr;
3504 smb_buffer = cifs_buf_get();
3505 if (smb_buffer == NULL) {
3508 smb_buffer_response = smb_buffer;
3510 header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3511 NULL /*no tid */ , 4 /*wct */ );
3513 smb_buffer->Mid = GetNextMid(ses->server);
3514 smb_buffer->Uid = ses->Suid;
3515 pSMB = (TCONX_REQ *) smb_buffer;
3516 pSMBr = (TCONX_RSP *) smb_buffer_response;
3518 pSMB->AndXCommand = 0xFF;
3519 pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
3520 bcc_ptr = &pSMB->Password[0];
3521 if ((ses->server->secMode) & SECMODE_USER) {
3522 pSMB->PasswordLength = cpu_to_le16(1); /* minimum */
3523 *bcc_ptr = 0; /* password is null byte */
3524 bcc_ptr++; /* skip password */
3525 /* already aligned so no need to do it below */
3527 pSMB->PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);
3528 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3529 specified as required (when that support is added to
3530 the vfs in the future) as only NTLM or the much
3531 weaker LANMAN (which we do not send by default) is accepted
3532 by Samba (not sure whether other servers allow
3533 NTLMv2 password here) */
3534 #ifdef CONFIG_CIFS_WEAK_PW_HASH
3535 if ((extended_security & CIFSSEC_MAY_LANMAN) &&
3536 (ses->server->secType == LANMAN))
3537 calc_lanman_hash(ses, bcc_ptr);
3539 #endif /* CIFS_WEAK_PW_HASH */
3540 SMBNTencrypt(ses->password,
3541 ses->server->cryptKey,
3544 bcc_ptr += CIFS_SESS_KEY_SIZE;
3545 if (ses->capabilities & CAP_UNICODE) {
3546 /* must align unicode strings */
3547 *bcc_ptr = 0; /* null byte password */
3552 if (ses->server->secMode &
3553 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3554 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3556 if (ses->capabilities & CAP_STATUS32) {
3557 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3559 if (ses->capabilities & CAP_DFS) {
3560 smb_buffer->Flags2 |= SMBFLG2_DFS;
3562 if (ses->capabilities & CAP_UNICODE) {
3563 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3565 cifs_strtoUCS((__le16 *) bcc_ptr, tree,
3566 6 /* max utf8 char length in bytes */ *
3567 (/* server len*/ + 256 /* share len */), nls_codepage);
3568 bcc_ptr += 2 * length; /* convert num 16 bit words to bytes */
3569 bcc_ptr += 2; /* skip trailing null */
3570 } else { /* ASCII */
3571 strcpy(bcc_ptr, tree);
3572 bcc_ptr += strlen(tree) + 1;
3574 strcpy(bcc_ptr, "?????");
3575 bcc_ptr += strlen("?????");
3577 count = bcc_ptr - &pSMB->Password[0];
3578 pSMB->hdr.smb_buf_length += count;
3579 pSMB->ByteCount = cpu_to_le16(count);
3581 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length,
3584 /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3585 /* above now done in SendReceive */
3586 if ((rc == 0) && (tcon != NULL)) {
3587 tcon->tidStatus = CifsGood;
3588 tcon->need_reconnect = false;
3589 tcon->tid = smb_buffer_response->Tid;
3590 bcc_ptr = pByteArea(smb_buffer_response);
3591 length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2);
3592 /* skip service field (NB: this field is always ASCII) */
3594 if ((bcc_ptr[0] == 'I') && (bcc_ptr[1] == 'P') &&
3595 (bcc_ptr[2] == 'C')) {
3596 cFYI(1, ("IPC connection"));
3599 } else if (length == 2) {
3600 if ((bcc_ptr[0] == 'A') && (bcc_ptr[1] == ':')) {
3601 /* the most common case */
3602 cFYI(1, ("disk share connection"));
3605 bcc_ptr += length + 1;
3606 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3607 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3608 length = UniStrnlen((wchar_t *) bcc_ptr, 512);
3609 if ((bcc_ptr + (2 * length)) -
3610 pByteArea(smb_buffer_response) <=
3611 BCC(smb_buffer_response)) {
3612 kfree(tcon->nativeFileSystem);
3613 tcon->nativeFileSystem =
3614 kzalloc(length + 2, GFP_KERNEL);
3615 if (tcon->nativeFileSystem)
3617 tcon->nativeFileSystem,
3619 length, nls_codepage);
3620 bcc_ptr += 2 * length;
3621 bcc_ptr[0] = 0; /* null terminate the string */
3625 /* else do not bother copying these information fields*/
3627 length = strnlen(bcc_ptr, 1024);
3628 if ((bcc_ptr + length) -
3629 pByteArea(smb_buffer_response) <=
3630 BCC(smb_buffer_response)) {
3631 kfree(tcon->nativeFileSystem);
3632 tcon->nativeFileSystem =
3633 kzalloc(length + 1, GFP_KERNEL);
3634 if (tcon->nativeFileSystem)
3635 strncpy(tcon->nativeFileSystem, bcc_ptr,
3638 /* else do not bother copying these information fields*/
3640 if ((smb_buffer_response->WordCount == 3) ||
3641 (smb_buffer_response->WordCount == 7))
3642 /* field is in same location */
3643 tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3646 cFYI(1, ("Tcon flags: 0x%x ", tcon->Flags));
3647 } else if ((rc == 0) && tcon == NULL) {
3648 /* all we need to save for IPC$ connection */
3649 ses->ipc_tid = smb_buffer_response->Tid;
3652 cifs_buf_release(smb_buffer);
3657 cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3663 cifs_put_tcon(cifs_sb->tcon);
3665 cifs_sb->tcon = NULL;
3666 tmp = cifs_sb->prepath;
3667 cifs_sb->prepathlen = 0;
3668 cifs_sb->prepath = NULL;
3674 int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
3675 struct nls_table *nls_info)
3678 char ntlm_session_key[CIFS_SESS_KEY_SIZE];
3679 bool ntlmv2_flag = false;
3681 struct TCP_Server_Info *server = pSesInfo->server;
3683 /* what if server changes its buffer size after dropping the session? */
3684 if (server->maxBuf == 0) /* no need to send on reconnect */ {
3685 rc = CIFSSMBNegotiate(xid, pSesInfo);
3686 if (rc == -EAGAIN) {
3687 /* retry only once on 1st time connection */
3688 rc = CIFSSMBNegotiate(xid, pSesInfo);
3693 spin_lock(&GlobalMid_Lock);
3694 if (server->tcpStatus != CifsExiting)
3695 server->tcpStatus = CifsGood;
3698 spin_unlock(&GlobalMid_Lock);
3707 pSesInfo->flags = 0;
3708 pSesInfo->capabilities = server->capabilities;
3709 if (linuxExtEnabled == 0)
3710 pSesInfo->capabilities &= (~CAP_UNIX);
3711 /* pSesInfo->sequence_number = 0;*/
3712 cFYI(1, ("Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d",
3713 server->secMode, server->capabilities, server->timeAdj));
3715 if (experimEnabled < 2)
3716 rc = CIFS_SessSetup(xid, pSesInfo, first_time, nls_info);
3717 else if (extended_security
3718 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3719 && (server->secType == NTLMSSP)) {
3721 } else if (extended_security
3722 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3723 && (server->secType == RawNTLMSSP)) {
3724 cFYI(1, ("NTLMSSP sesssetup"));
3725 rc = CIFSNTLMSSPNegotiateSessSetup(xid, pSesInfo, &ntlmv2_flag,
3730 cFYI(1, ("more secure NTLM ver2 hash"));
3731 if (CalcNTLMv2_partial_mac_key(pSesInfo,
3736 v2_response = kmalloc(16 + 64 /* blob*/,
3739 CalcNTLMv2_response(pSesInfo,
3742 cifs_calculate_ntlmv2_mac_key */
3744 /* BB Put dummy sig in SessSetup PDU? */
3751 SMBNTencrypt(pSesInfo->password,
3756 cifs_calculate_mac_key(
3757 &server->mac_signing_key,
3759 pSesInfo->password);
3761 /* for better security the weaker lanman hash not sent
3762 in AuthSessSetup so we no longer calculate it */
3764 rc = CIFSNTLMSSPAuthSessSetup(xid, pSesInfo,
3769 } else { /* old style NTLM 0.12 session setup */
3770 SMBNTencrypt(pSesInfo->password, server->cryptKey,
3774 cifs_calculate_mac_key(&server->mac_signing_key,
3776 pSesInfo->password);
3778 rc = CIFSSessSetup(xid, pSesInfo, ntlm_session_key, nls_info);
3781 cERROR(1, ("Send error in SessSetup = %d", rc));
3783 cFYI(1, ("CIFS Session Established successfully"));
3784 spin_lock(&GlobalMid_Lock);
3785 pSesInfo->status = CifsGood;
3786 pSesInfo->need_reconnect = false;
3787 spin_unlock(&GlobalMid_Lock);