aboutsummaryrefslogtreecommitdiffstats
path: root/fs/cifs
diff options
context:
space:
mode:
authorJames Morris <jmorris@namei.org>2009-05-22 04:40:59 -0400
committerJames Morris <jmorris@namei.org>2009-05-22 04:40:59 -0400
commit2c9e703c618106f5383226fbb1f526cb11034f8a (patch)
tree87d7548001ea82f655fede0640466fc16aabcdf7 /fs/cifs
parent6470c077cae12227318f40f3e6d756caadcce4b0 (diff)
parent5805977e63a36ad56594a623f3bd2bebcb7db233 (diff)
Merge branch 'master' into next
Conflicts: fs/exec.c Removed IMA changes (the IMA checks are now performed via may_open()). Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs/cifs')
-rw-r--r--fs/cifs/CHANGES13
-rw-r--r--fs/cifs/README10
-rw-r--r--fs/cifs/cifs_dfs_ref.c32
-rw-r--r--fs/cifs/cifs_unicode.c198
-rw-r--r--fs/cifs/cifs_unicode.h23
-rw-r--r--fs/cifs/cifsfs.c6
-rw-r--r--fs/cifs/cifsfs.h2
-rw-r--r--fs/cifs/cifsglob.h16
-rw-r--r--fs/cifs/cifsproto.h5
-rw-r--r--fs/cifs/cifssmb.c215
-rw-r--r--fs/cifs/connect.c1190
-rw-r--r--fs/cifs/dir.c15
-rw-r--r--fs/cifs/file.c14
-rw-r--r--fs/cifs/inode.c21
-rw-r--r--fs/cifs/link.c162
-rw-r--r--fs/cifs/misc.c71
-rw-r--r--fs/cifs/netmisc.c2
-rw-r--r--fs/cifs/nterr.h9
-rw-r--r--fs/cifs/ntlmssp.h68
-rw-r--r--fs/cifs/readdir.c72
-rw-r--r--fs/cifs/sess.c340
-rw-r--r--fs/cifs/smberr.h1
22 files changed, 816 insertions, 1669 deletions
diff --git a/fs/cifs/CHANGES b/fs/cifs/CHANGES
index 9d1fb6ec8a5a..f20c4069c220 100644
--- a/fs/cifs/CHANGES
+++ b/fs/cifs/CHANGES
@@ -1,3 +1,16 @@
1Version 1.58
2------------
3Guard against buffer overruns in various UCS-2 to UTF-8 string conversions
4when the UTF-8 string is composed of unusually long (more than 4 byte) converted
5characters. Add support for mounting root of a share which redirects immediately
6to DFS target. Convert string conversion functions from Unicode to more
7accurately mark string length before allocating memory (which may help the
8rare cases where a UTF-8 string is much larger than the UCS2 string that
9we converted from). Fix endianness of the vcnum field used during
10session setup to distinguish multiple mounts to same server from different
11userids. Raw NTLMSSP fixed (it requires /proc/fs/cifs/experimental
12flag to be set to 2, and mount must enable krb5 to turn on extended security).
13
1Version 1.57 14Version 1.57
2------------ 15------------
3Improve support for multiple security contexts to the same server. We 16Improve support for multiple security contexts to the same server. We
diff --git a/fs/cifs/README b/fs/cifs/README
index 07434181623b..db208ddb9899 100644
--- a/fs/cifs/README
+++ b/fs/cifs/README
@@ -651,7 +651,15 @@ Experimental When set to 1 used to enable certain experimental
651 signing turned on in case buffer was modified 651 signing turned on in case buffer was modified
652 just before it was sent, also this flag will 652 just before it was sent, also this flag will
653 be used to use the new experimental directory change 653 be used to use the new experimental directory change
654 notification code). 654 notification code). When set to 2 enables
655 an additional experimental feature, "raw ntlmssp"
656 session establishment support (which allows
657 specifying "sec=ntlmssp" on mount). The Linux cifs
658 module will use ntlmv2 authentication encapsulated
659 in "raw ntlmssp" (not using SPNEGO) when
660 "sec=ntlmssp" is specified on mount.
661 This support also requires building cifs with
662 the CONFIG_CIFS_EXPERIMENTAL configuration flag.
655 663
656These experimental features and tracing can be enabled by changing flags in 664These experimental features and tracing can be enabled by changing flags in
657/proc/fs/cifs (after the cifs module has been installed or built into the 665/proc/fs/cifs (after the cifs module has been installed or built into the
diff --git a/fs/cifs/cifs_dfs_ref.c b/fs/cifs/cifs_dfs_ref.c
index 5fdbf8a14472..83d62759c7c7 100644
--- a/fs/cifs/cifs_dfs_ref.c
+++ b/fs/cifs/cifs_dfs_ref.c
@@ -340,28 +340,24 @@ cifs_dfs_follow_mountpoint(struct dentry *dentry, struct nameidata *nd)
340 cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR); 340 cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR);
341 341
342 for (i = 0; i < num_referrals; i++) { 342 for (i = 0; i < num_referrals; i++) {
343 int len;
343 dump_referral(referrals+i); 344 dump_referral(referrals+i);
344 /* connect to a storage node */ 345 /* connect to a node */
345 if (referrals[i].flags & DFSREF_STORAGE_SERVER) { 346 len = strlen(referrals[i].node_name);
346 int len; 347 if (len < 2) {
347 len = strlen(referrals[i].node_name); 348 cERROR(1, ("%s: Net Address path too short: %s",
348 if (len < 2) {
349 cERROR(1, ("%s: Net Address path too short: %s",
350 __func__, referrals[i].node_name)); 349 __func__, referrals[i].node_name));
351 rc = -EINVAL; 350 rc = -EINVAL;
352 goto out_err; 351 goto out_err;
353 } 352 }
354 mnt = cifs_dfs_do_refmount(nd->path.mnt, 353 mnt = cifs_dfs_do_refmount(nd->path.mnt,
355 nd->path.dentry, 354 nd->path.dentry, referrals + i);
356 referrals + i); 355 cFYI(1, ("%s: cifs_dfs_do_refmount:%s , mnt:%p", __func__,
357 cFYI(1, ("%s: cifs_dfs_do_refmount:%s , mnt:%p",
358 __func__,
359 referrals[i].node_name, mnt)); 356 referrals[i].node_name, mnt));
360 357
361 /* complete mount procedure if we accured submount */ 358 /* complete mount procedure if we accured submount */
362 if (!IS_ERR(mnt)) 359 if (!IS_ERR(mnt))
363 break; 360 break;
364 }
365 } 361 }
366 362
367 /* we need it cause for() above could exit without valid submount */ 363 /* we need it cause for() above could exit without valid submount */
diff --git a/fs/cifs/cifs_unicode.c b/fs/cifs/cifs_unicode.c
index 7d75272a6b3f..60e3c4253de0 100644
--- a/fs/cifs/cifs_unicode.c
+++ b/fs/cifs/cifs_unicode.c
@@ -1,7 +1,7 @@
1/* 1/*
2 * fs/cifs/cifs_unicode.c 2 * fs/cifs/cifs_unicode.c
3 * 3 *
4 * Copyright (c) International Business Machines Corp., 2000,2005 4 * Copyright (c) International Business Machines Corp., 2000,2009
5 * Modified by Steve French (sfrench@us.ibm.com) 5 * Modified by Steve French (sfrench@us.ibm.com)
6 * 6 *
7 * This program is free software; you can redistribute it and/or modify 7 * This program is free software; you can redistribute it and/or modify
@@ -26,31 +26,157 @@
26#include "cifs_debug.h" 26#include "cifs_debug.h"
27 27
28/* 28/*
29 * NAME: cifs_strfromUCS() 29 * cifs_ucs2_bytes - how long will a string be after conversion?
30 * 30 * @ucs - pointer to input string
31 * FUNCTION: Convert little-endian unicode string to character string 31 * @maxbytes - don't go past this many bytes of input string
32 * @codepage - destination codepage
32 * 33 *
34 * Walk a ucs2le string and return the number of bytes that the string will
35 * be after being converted to the given charset, not including any null
36 * termination required. Don't walk past maxbytes in the source buffer.
33 */ 37 */
34int 38int
35cifs_strfromUCS_le(char *to, const __le16 *from, 39cifs_ucs2_bytes(const __le16 *from, int maxbytes,
36 int len, const struct nls_table *codepage) 40 const struct nls_table *codepage)
37{ 41{
38 int i; 42 int i;
39 int outlen = 0; 43 int charlen, outlen = 0;
44 int maxwords = maxbytes / 2;
45 char tmp[NLS_MAX_CHARSET_SIZE];
40 46
41 for (i = 0; (i < len) && from[i]; i++) { 47 for (i = 0; from[i] && i < maxwords; i++) {
42 int charlen; 48 charlen = codepage->uni2char(le16_to_cpu(from[i]), tmp,
43 /* 2.4.0 kernel or greater */ 49 NLS_MAX_CHARSET_SIZE);
44 charlen = 50 if (charlen > 0)
45 codepage->uni2char(le16_to_cpu(from[i]), &to[outlen],
46 NLS_MAX_CHARSET_SIZE);
47 if (charlen > 0) {
48 outlen += charlen; 51 outlen += charlen;
49 } else { 52 else
50 to[outlen++] = '?'; 53 outlen++;
54 }
55
56 return outlen;
57}
58
59/*
60 * cifs_mapchar - convert a little-endian char to proper char in codepage
61 * @target - where converted character should be copied
62 * @src_char - 2 byte little-endian source character
63 * @cp - codepage to which character should be converted
64 * @mapchar - should character be mapped according to mapchars mount option?
65 *
66 * This function handles the conversion of a single character. It is the
67 * responsibility of the caller to ensure that the target buffer is large
68 * enough to hold the result of the conversion (at least NLS_MAX_CHARSET_SIZE).
69 */
70static int
71cifs_mapchar(char *target, const __le16 src_char, const struct nls_table *cp,
72 bool mapchar)
73{
74 int len = 1;
75
76 if (!mapchar)
77 goto cp_convert;
78
79 /*
80 * BB: Cannot handle remapping UNI_SLASH until all the calls to
81 * build_path_from_dentry are modified, as they use slash as
82 * separator.
83 */
84 switch (le16_to_cpu(src_char)) {
85 case UNI_COLON:
86 *target = ':';
87 break;
88 case UNI_ASTERIK:
89 *target = '*';
90 break;
91 case UNI_QUESTION:
92 *target = '?';
93 break;
94 case UNI_PIPE:
95 *target = '|';
96 break;
97 case UNI_GRTRTHAN:
98 *target = '>';
99 break;
100 case UNI_LESSTHAN:
101 *target = '<';
102 break;
103 default:
104 goto cp_convert;
105 }
106
107out:
108 return len;
109
110cp_convert:
111 len = cp->uni2char(le16_to_cpu(src_char), target,
112 NLS_MAX_CHARSET_SIZE);
113 if (len <= 0) {
114 *target = '?';
115 len = 1;
116 }
117 goto out;
118}
119
120/*
121 * cifs_from_ucs2 - convert utf16le string to local charset
122 * @to - destination buffer
123 * @from - source buffer
124 * @tolen - destination buffer size (in bytes)
125 * @fromlen - source buffer size (in bytes)
126 * @codepage - codepage to which characters should be converted
127 * @mapchar - should characters be remapped according to the mapchars option?
128 *
129 * Convert a little-endian ucs2le string (as sent by the server) to a string
130 * in the provided codepage. The tolen and fromlen parameters are to ensure
131 * that the code doesn't walk off of the end of the buffer (which is always
132 * a danger if the alignment of the source buffer is off). The destination
133 * string is always properly null terminated and fits in the destination
134 * buffer. Returns the length of the destination string in bytes (including
135 * null terminator).
136 *
137 * Note that some windows versions actually send multiword UTF-16 characters
138 * instead of straight UCS-2. The linux nls routines however aren't able to
139 * deal with those characters properly. In the event that we get some of
140 * those characters, they won't be translated properly.
141 */
142int
143cifs_from_ucs2(char *to, const __le16 *from, int tolen, int fromlen,
144 const struct nls_table *codepage, bool mapchar)
145{
146 int i, charlen, safelen;
147 int outlen = 0;
148 int nullsize = nls_nullsize(codepage);
149 int fromwords = fromlen / 2;
150 char tmp[NLS_MAX_CHARSET_SIZE];
151
152 /*
153 * because the chars can be of varying widths, we need to take care
154 * not to overflow the destination buffer when we get close to the
155 * end of it. Until we get to this offset, we don't need to check
156 * for overflow however.
157 */
158 safelen = tolen - (NLS_MAX_CHARSET_SIZE + nullsize);
159
160 for (i = 0; i < fromwords && from[i]; i++) {
161 /*
162 * check to see if converting this character might make the
163 * conversion bleed into the null terminator
164 */
165 if (outlen >= safelen) {
166 charlen = cifs_mapchar(tmp, from[i], codepage, mapchar);
167 if ((outlen + charlen) > (tolen - nullsize))
168 break;
51 } 169 }
170
171 /* put converted char into 'to' buffer */
172 charlen = cifs_mapchar(&to[outlen], from[i], codepage, mapchar);
173 outlen += charlen;
52 } 174 }
53 to[outlen] = 0; 175
176 /* properly null-terminate string */
177 for (i = 0; i < nullsize; i++)
178 to[outlen++] = 0;
179
54 return outlen; 180 return outlen;
55} 181}
56 182
@@ -88,3 +214,41 @@ cifs_strtoUCS(__le16 *to, const char *from, int len,
88 return i; 214 return i;
89} 215}
90 216
217/*
218 * cifs_strndup_from_ucs - copy a string from wire format to the local codepage
219 * @src - source string
220 * @maxlen - don't walk past this many bytes in the source string
221 * @is_unicode - is this a unicode string?
222 * @codepage - destination codepage
223 *
224 * Take a string given by the server, convert it to the local codepage and
225 * put it in a new buffer. Returns a pointer to the new string or NULL on
226 * error.
227 */
228char *
229cifs_strndup_from_ucs(const char *src, const int maxlen, const bool is_unicode,
230 const struct nls_table *codepage)
231{
232 int len;
233 char *dst;
234
235 if (is_unicode) {
236 len = cifs_ucs2_bytes((__le16 *) src, maxlen, codepage);
237 len += nls_nullsize(codepage);
238 dst = kmalloc(len, GFP_KERNEL);
239 if (!dst)
240 return NULL;
241 cifs_from_ucs2(dst, (__le16 *) src, len, maxlen, codepage,
242 false);
243 } else {
244 len = strnlen(src, maxlen);
245 len++;
246 dst = kmalloc(len, GFP_KERNEL);
247 if (!dst)
248 return NULL;
249 strlcpy(dst, src, len);
250 }
251
252 return dst;
253}
254
diff --git a/fs/cifs/cifs_unicode.h b/fs/cifs/cifs_unicode.h
index 14eb9a2395d3..650638275a6f 100644
--- a/fs/cifs/cifs_unicode.h
+++ b/fs/cifs/cifs_unicode.h
@@ -5,7 +5,7 @@
5 * Convert a unicode character to upper or lower case using 5 * Convert a unicode character to upper or lower case using
6 * compressed tables. 6 * compressed tables.
7 * 7 *
8 * Copyright (c) International Business Machines Corp., 2000,2007 8 * Copyright (c) International Business Machines Corp., 2000,2009
9 * 9 *
10 * This program is free software; you can redistribute it and/or modify 10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by 11 * it under the terms of the GNU General Public License as published by
@@ -37,6 +37,19 @@
37 37
38#define UNIUPR_NOLOWER /* Example to not expand lower case tables */ 38#define UNIUPR_NOLOWER /* Example to not expand lower case tables */
39 39
40/*
41 * Windows maps these to the user defined 16 bit Unicode range since they are
42 * reserved symbols (along with \ and /), otherwise illegal to store
43 * in filenames in NTFS
44 */
45#define UNI_ASTERIK (__u16) ('*' + 0xF000)
46#define UNI_QUESTION (__u16) ('?' + 0xF000)
47#define UNI_COLON (__u16) (':' + 0xF000)
48#define UNI_GRTRTHAN (__u16) ('>' + 0xF000)
49#define UNI_LESSTHAN (__u16) ('<' + 0xF000)
50#define UNI_PIPE (__u16) ('|' + 0xF000)
51#define UNI_SLASH (__u16) ('\\' + 0xF000)
52
40/* Just define what we want from uniupr.h. We don't want to define the tables 53/* Just define what we want from uniupr.h. We don't want to define the tables
41 * in each source file. 54 * in each source file.
42 */ 55 */
@@ -59,8 +72,14 @@ extern struct UniCaseRange UniLowerRange[];
59#endif /* UNIUPR_NOLOWER */ 72#endif /* UNIUPR_NOLOWER */
60 73
61#ifdef __KERNEL__ 74#ifdef __KERNEL__
62int cifs_strfromUCS_le(char *, const __le16 *, int, const struct nls_table *); 75int cifs_from_ucs2(char *to, const __le16 *from, int tolen, int fromlen,
76 const struct nls_table *codepage, bool mapchar);
77int cifs_ucs2_bytes(const __le16 *from, int maxbytes,
78 const struct nls_table *codepage);
63int cifs_strtoUCS(__le16 *, const char *, int, const struct nls_table *); 79int cifs_strtoUCS(__le16 *, const char *, int, const struct nls_table *);
80char *cifs_strndup_from_ucs(const char *src, const int maxlen,
81 const bool is_unicode,
82 const struct nls_table *codepage);
64#endif 83#endif
65 84
66/* 85/*
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
index 0d6d8b573652..5e6d35804d73 100644
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -35,6 +35,7 @@
35#include <linux/delay.h> 35#include <linux/delay.h>
36#include <linux/kthread.h> 36#include <linux/kthread.h>
37#include <linux/freezer.h> 37#include <linux/freezer.h>
38#include <linux/smp_lock.h>
38#include "cifsfs.h" 39#include "cifsfs.h"
39#include "cifspdu.h" 40#include "cifspdu.h"
40#define DECLARE_GLOBALS_HERE 41#define DECLARE_GLOBALS_HERE
@@ -530,6 +531,7 @@ static void cifs_umount_begin(struct super_block *sb)
530 if (tcon == NULL) 531 if (tcon == NULL)
531 return; 532 return;
532 533
534 lock_kernel();
533 read_lock(&cifs_tcp_ses_lock); 535 read_lock(&cifs_tcp_ses_lock);
534 if (tcon->tc_count == 1) 536 if (tcon->tc_count == 1)
535 tcon->tidStatus = CifsExiting; 537 tcon->tidStatus = CifsExiting;
@@ -548,6 +550,7 @@ static void cifs_umount_begin(struct super_block *sb)
548 } 550 }
549/* BB FIXME - finish add checks for tidStatus BB */ 551/* BB FIXME - finish add checks for tidStatus BB */
550 552
553 unlock_kernel();
551 return; 554 return;
552} 555}
553 556
@@ -599,8 +602,7 @@ cifs_get_sb(struct file_system_type *fs_type,
599 602
600 rc = cifs_read_super(sb, data, dev_name, flags & MS_SILENT ? 1 : 0); 603 rc = cifs_read_super(sb, data, dev_name, flags & MS_SILENT ? 1 : 0);
601 if (rc) { 604 if (rc) {
602 up_write(&sb->s_umount); 605 deactivate_locked_super(sb);
603 deactivate_super(sb);
604 return rc; 606 return rc;
605 } 607 }
606 sb->s_flags |= MS_ACTIVE; 608 sb->s_flags |= MS_ACTIVE;
diff --git a/fs/cifs/cifsfs.h b/fs/cifs/cifsfs.h
index 77e190dc2883..051b71cfdea9 100644
--- a/fs/cifs/cifsfs.h
+++ b/fs/cifs/cifsfs.h
@@ -100,5 +100,5 @@ extern long cifs_ioctl(struct file *filep, unsigned int cmd, unsigned long arg);
100extern const struct export_operations cifs_export_ops; 100extern const struct export_operations cifs_export_ops;
101#endif /* EXPERIMENTAL */ 101#endif /* EXPERIMENTAL */
102 102
103#define CIFS_VERSION "1.57" 103#define CIFS_VERSION "1.58"
104#endif /* _CIFSFS_H */ 104#endif /* _CIFSFS_H */
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index df40ab64cd95..a61ab772c6f6 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -82,8 +82,8 @@ enum securityEnum {
82 LANMAN, /* Legacy LANMAN auth */ 82 LANMAN, /* Legacy LANMAN auth */
83 NTLM, /* Legacy NTLM012 auth with NTLM hash */ 83 NTLM, /* Legacy NTLM012 auth with NTLM hash */
84 NTLMv2, /* Legacy NTLM auth with NTLMv2 hash */ 84 NTLMv2, /* Legacy NTLM auth with NTLMv2 hash */
85 RawNTLMSSP, /* NTLMSSP without SPNEGO */ 85 RawNTLMSSP, /* NTLMSSP without SPNEGO, NTLMv2 hash */
86 NTLMSSP, /* NTLMSSP via SPNEGO */ 86 NTLMSSP, /* NTLMSSP via SPNEGO, NTLMv2 hash */
87 Kerberos, /* Kerberos via SPNEGO */ 87 Kerberos, /* Kerberos via SPNEGO */
88 MSKerberos, /* MS Kerberos via SPNEGO */ 88 MSKerberos, /* MS Kerberos via SPNEGO */
89}; 89};
@@ -531,6 +531,7 @@ static inline void free_dfs_info_array(struct dfs_info3_param *param,
531#define CIFSSEC_MAY_PLNTXT 0 531#define CIFSSEC_MAY_PLNTXT 0
532#endif /* weak passwords */ 532#endif /* weak passwords */
533#define CIFSSEC_MAY_SEAL 0x00040 /* not supported yet */ 533#define CIFSSEC_MAY_SEAL 0x00040 /* not supported yet */
534#define CIFSSEC_MAY_NTLMSSP 0x00080 /* raw ntlmssp with ntlmv2 */
534 535
535#define CIFSSEC_MUST_SIGN 0x01001 536#define CIFSSEC_MUST_SIGN 0x01001
536/* note that only one of the following can be set so the 537/* note that only one of the following can be set so the
@@ -543,22 +544,23 @@ require use of the stronger protocol */
543#define CIFSSEC_MUST_LANMAN 0x10010 544#define CIFSSEC_MUST_LANMAN 0x10010
544#define CIFSSEC_MUST_PLNTXT 0x20020 545#define CIFSSEC_MUST_PLNTXT 0x20020
545#ifdef CONFIG_CIFS_UPCALL 546#ifdef CONFIG_CIFS_UPCALL
546#define CIFSSEC_MASK 0x3F03F /* allows weak security but also krb5 */ 547#define CIFSSEC_MASK 0xAF0AF /* allows weak security but also krb5 */
547#else 548#else
548#define CIFSSEC_MASK 0x37037 /* current flags supported if weak */ 549#define CIFSSEC_MASK 0xA70A7 /* current flags supported if weak */
549#endif /* UPCALL */ 550#endif /* UPCALL */
550#else /* do not allow weak pw hash */ 551#else /* do not allow weak pw hash */
551#ifdef CONFIG_CIFS_UPCALL 552#ifdef CONFIG_CIFS_UPCALL
552#define CIFSSEC_MASK 0x0F00F /* flags supported if no weak allowed */ 553#define CIFSSEC_MASK 0x8F08F /* flags supported if no weak allowed */
553#else 554#else
554#define CIFSSEC_MASK 0x07007 /* flags supported if no weak allowed */ 555#define CIFSSEC_MASK 0x87087 /* flags supported if no weak allowed */
555#endif /* UPCALL */ 556#endif /* UPCALL */
556#endif /* WEAK_PW_HASH */ 557#endif /* WEAK_PW_HASH */
557#define CIFSSEC_MUST_SEAL 0x40040 /* not supported yet */ 558#define CIFSSEC_MUST_SEAL 0x40040 /* not supported yet */
559#define CIFSSEC_MUST_NTLMSSP 0x80080 /* raw ntlmssp with ntlmv2 */
558 560
559#define CIFSSEC_DEF (CIFSSEC_MAY_SIGN | CIFSSEC_MAY_NTLM | CIFSSEC_MAY_NTLMV2) 561#define CIFSSEC_DEF (CIFSSEC_MAY_SIGN | CIFSSEC_MAY_NTLM | CIFSSEC_MAY_NTLMV2)
560#define CIFSSEC_MAX (CIFSSEC_MUST_SIGN | CIFSSEC_MUST_NTLMV2) 562#define CIFSSEC_MAX (CIFSSEC_MUST_SIGN | CIFSSEC_MUST_NTLMV2)
561#define CIFSSEC_AUTH_MASK (CIFSSEC_MAY_NTLM | CIFSSEC_MAY_NTLMV2 | CIFSSEC_MAY_LANMAN | CIFSSEC_MAY_PLNTXT | CIFSSEC_MAY_KRB5) 563#define CIFSSEC_AUTH_MASK (CIFSSEC_MAY_NTLM | CIFSSEC_MAY_NTLMV2 | CIFSSEC_MAY_LANMAN | CIFSSEC_MAY_PLNTXT | CIFSSEC_MAY_KRB5 | CIFSSEC_MAY_NTLMSSP)
562/* 564/*
563 ***************************************************************** 565 *****************************************************************
564 * All constants go here 566 * All constants go here
diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h
index 4167716d32f2..fae083930eee 100644
--- a/fs/cifs/cifsproto.h
+++ b/fs/cifs/cifsproto.h
@@ -260,8 +260,7 @@ extern int CIFSUnixCreateSymLink(const int xid,
260 const struct nls_table *nls_codepage); 260 const struct nls_table *nls_codepage);
261extern int CIFSSMBUnixQuerySymLink(const int xid, 261extern int CIFSSMBUnixQuerySymLink(const int xid,
262 struct cifsTconInfo *tcon, 262 struct cifsTconInfo *tcon,
263 const unsigned char *searchName, 263 const unsigned char *searchName, char **syminfo,
264 char *syminfo, const int buflen,
265 const struct nls_table *nls_codepage); 264 const struct nls_table *nls_codepage);
266extern int CIFSSMBQueryReparseLinkInfo(const int xid, 265extern int CIFSSMBQueryReparseLinkInfo(const int xid,
267 struct cifsTconInfo *tcon, 266 struct cifsTconInfo *tcon,
@@ -307,8 +306,6 @@ extern int CIFSGetSrvInodeNumber(const int xid, struct cifsTconInfo *tcon,
307 const unsigned char *searchName, __u64 *inode_number, 306 const unsigned char *searchName, __u64 *inode_number,
308 const struct nls_table *nls_codepage, 307 const struct nls_table *nls_codepage,
309 int remap_special_chars); 308 int remap_special_chars);
310extern int cifs_convertUCSpath(char *target, const __le16 *source, int maxlen,
311 const struct nls_table *codepage);
312extern int cifsConvertToUCS(__le16 *target, const char *source, int maxlen, 309extern int cifsConvertToUCS(__le16 *target, const char *source, int maxlen,
313 const struct nls_table *cp, int mapChars); 310 const struct nls_table *cp, int mapChars);
314 311
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index a0845dc7b8a9..d06260251c30 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -1,7 +1,7 @@
1/* 1/*
2 * fs/cifs/cifssmb.c 2 * fs/cifs/cifssmb.c
3 * 3 *
4 * Copyright (C) International Business Machines Corp., 2002,2008 4 * Copyright (C) International Business Machines Corp., 2002,2009
5 * Author(s): Steve French (sfrench@us.ibm.com) 5 * Author(s): Steve French (sfrench@us.ibm.com)
6 * 6 *
7 * Contains the routines for constructing the SMB PDUs themselves 7 * Contains the routines for constructing the SMB PDUs themselves
@@ -81,41 +81,6 @@ static struct {
81#endif /* CONFIG_CIFS_WEAK_PW_HASH */ 81#endif /* CONFIG_CIFS_WEAK_PW_HASH */
82#endif /* CIFS_POSIX */ 82#endif /* CIFS_POSIX */
83 83
84/* Allocates buffer into dst and copies smb string from src to it.
85 * caller is responsible for freeing dst if function returned 0.
86 * returns:
87 * on success - 0
88 * on failure - errno
89 */
90static int
91cifs_strncpy_to_host(char **dst, const char *src, const int maxlen,
92 const bool is_unicode, const struct nls_table *nls_codepage)
93{
94 int plen;
95
96 if (is_unicode) {
97 plen = UniStrnlen((wchar_t *)src, maxlen);
98 *dst = kmalloc(plen + 2, GFP_KERNEL);
99 if (!*dst)
100 goto cifs_strncpy_to_host_ErrExit;
101 cifs_strfromUCS_le(*dst, (__le16 *)src, plen, nls_codepage);
102 } else {
103 plen = strnlen(src, maxlen);
104 *dst = kmalloc(plen + 2, GFP_KERNEL);
105 if (!*dst)
106 goto cifs_strncpy_to_host_ErrExit;
107 strncpy(*dst, src, plen);
108 }
109 (*dst)[plen] = 0;
110 (*dst)[plen+1] = 0; /* harmless for ASCII case, needed for Unicode */
111 return 0;
112
113cifs_strncpy_to_host_ErrExit:
114 cERROR(1, ("Failed to allocate buffer for string\n"));
115 return -ENOMEM;
116}
117
118
119/* Mark as invalid, all open files on tree connections since they 84/* Mark as invalid, all open files on tree connections since they
120 were closed when session to server was lost */ 85 were closed when session to server was lost */
121static void mark_open_files_invalid(struct cifsTconInfo *pTcon) 86static void mark_open_files_invalid(struct cifsTconInfo *pTcon)
@@ -484,6 +449,14 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
484 cFYI(1, ("Kerberos only mechanism, enable extended security")); 449 cFYI(1, ("Kerberos only mechanism, enable extended security"));
485 pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC; 450 pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC;
486 } 451 }
452#ifdef CONFIG_CIFS_EXPERIMENTAL
453 else if ((secFlags & CIFSSEC_MUST_NTLMSSP) == CIFSSEC_MUST_NTLMSSP)
454 pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC;
455 else if ((secFlags & CIFSSEC_AUTH_MASK) == CIFSSEC_MAY_NTLMSSP) {
456 cFYI(1, ("NTLMSSP only mechanism, enable extended security"));
457 pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC;
458 }
459#endif
487 460
488 count = 0; 461 count = 0;
489 for (i = 0; i < CIFS_NUM_PROT; i++) { 462 for (i = 0; i < CIFS_NUM_PROT; i++) {
@@ -620,6 +593,8 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses)
620 server->secType = NTLMv2; 593 server->secType = NTLMv2;
621 else if (secFlags & CIFSSEC_MAY_KRB5) 594 else if (secFlags & CIFSSEC_MAY_KRB5)
622 server->secType = Kerberos; 595 server->secType = Kerberos;
596 else if (secFlags & CIFSSEC_MAY_NTLMSSP)
597 server->secType = NTLMSSP;
623 else if (secFlags & CIFSSEC_MAY_LANMAN) 598 else if (secFlags & CIFSSEC_MAY_LANMAN)
624 server->secType = LANMAN; 599 server->secType = LANMAN;
625/* #ifdef CONFIG_CIFS_EXPERIMENTAL 600/* #ifdef CONFIG_CIFS_EXPERIMENTAL
@@ -2417,8 +2392,7 @@ winCreateHardLinkRetry:
2417 2392
2418int 2393int
2419CIFSSMBUnixQuerySymLink(const int xid, struct cifsTconInfo *tcon, 2394CIFSSMBUnixQuerySymLink(const int xid, struct cifsTconInfo *tcon,
2420 const unsigned char *searchName, 2395 const unsigned char *searchName, char **symlinkinfo,
2421 char *symlinkinfo, const int buflen,
2422 const struct nls_table *nls_codepage) 2396 const struct nls_table *nls_codepage)
2423{ 2397{
2424/* SMB_QUERY_FILE_UNIX_LINK */ 2398/* SMB_QUERY_FILE_UNIX_LINK */
@@ -2428,6 +2402,7 @@ CIFSSMBUnixQuerySymLink(const int xid, struct cifsTconInfo *tcon,
2428 int bytes_returned; 2402 int bytes_returned;
2429 int name_len; 2403 int name_len;
2430 __u16 params, byte_count; 2404 __u16 params, byte_count;
2405 char *data_start;
2431 2406
2432 cFYI(1, ("In QPathSymLinkInfo (Unix) for path %s", searchName)); 2407 cFYI(1, ("In QPathSymLinkInfo (Unix) for path %s", searchName));
2433 2408
@@ -2482,30 +2457,26 @@ querySymLinkRetry:
2482 /* decode response */ 2457 /* decode response */
2483 2458
2484 rc = validate_t2((struct smb_t2_rsp *)pSMBr); 2459 rc = validate_t2((struct smb_t2_rsp *)pSMBr);
2485 if (rc || (pSMBr->ByteCount < 2))
2486 /* BB also check enough total bytes returned */ 2460 /* BB also check enough total bytes returned */
2487 rc = -EIO; /* bad smb */ 2461 if (rc || (pSMBr->ByteCount < 2))
2462 rc = -EIO;
2488 else { 2463 else {
2489 __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); 2464 bool is_unicode;
2490 __u16 count = le16_to_cpu(pSMBr->t2.DataCount); 2465 u16 count = le16_to_cpu(pSMBr->t2.DataCount);
2466
2467 data_start = ((char *) &pSMBr->hdr.Protocol) +
2468 le16_to_cpu(pSMBr->t2.DataOffset);
2469
2470 if (pSMBr->hdr.Flags2 & SMBFLG2_UNICODE)
2471 is_unicode = true;
2472 else
2473 is_unicode = false;
2491 2474
2492 if (pSMBr->hdr.Flags2 & SMBFLG2_UNICODE) {
2493 name_len = UniStrnlen((wchar_t *) ((char *)
2494 &pSMBr->hdr.Protocol + data_offset),
2495 min_t(const int, buflen, count) / 2);
2496 /* BB FIXME investigate remapping reserved chars here */ 2475 /* BB FIXME investigate remapping reserved chars here */
2497 cifs_strfromUCS_le(symlinkinfo, 2476 *symlinkinfo = cifs_strndup_from_ucs(data_start, count,
2498 (__le16 *) ((char *)&pSMBr->hdr.Protocol 2477 is_unicode, nls_codepage);
2499 + data_offset), 2478 if (!*symlinkinfo)
2500 name_len, nls_codepage); 2479 rc = -ENOMEM;
2501 } else {
2502 strncpy(symlinkinfo,
2503 (char *) &pSMBr->hdr.Protocol +
2504 data_offset,
2505 min_t(const int, buflen, count));
2506 }
2507 symlinkinfo[buflen] = 0;
2508 /* just in case so calling code does not go off the end of buffer */
2509 } 2480 }
2510 } 2481 }
2511 cifs_buf_release(pSMB); 2482 cifs_buf_release(pSMB);
@@ -2603,7 +2574,6 @@ validate_ntransact(char *buf, char **ppparm, char **ppdata,
2603 *pparmlen = parm_count; 2574 *pparmlen = parm_count;
2604 return 0; 2575 return 0;
2605} 2576}
2606#endif /* CIFS_EXPERIMENTAL */
2607 2577
2608int 2578int
2609CIFSSMBQueryReparseLinkInfo(const int xid, struct cifsTconInfo *tcon, 2579CIFSSMBQueryReparseLinkInfo(const int xid, struct cifsTconInfo *tcon,
@@ -2613,7 +2583,6 @@ CIFSSMBQueryReparseLinkInfo(const int xid, struct cifsTconInfo *tcon,
2613{ 2583{
2614 int rc = 0; 2584 int rc = 0;
2615 int bytes_returned; 2585 int bytes_returned;
2616 int name_len;
2617 struct smb_com_transaction_ioctl_req *pSMB; 2586 struct smb_com_transaction_ioctl_req *pSMB;
2618 struct smb_com_transaction_ioctl_rsp *pSMBr; 2587 struct smb_com_transaction_ioctl_rsp *pSMBr;
2619 2588
@@ -2650,59 +2619,55 @@ CIFSSMBQueryReparseLinkInfo(const int xid, struct cifsTconInfo *tcon,
2650 } else { /* decode response */ 2619 } else { /* decode response */
2651 __u32 data_offset = le32_to_cpu(pSMBr->DataOffset); 2620 __u32 data_offset = le32_to_cpu(pSMBr->DataOffset);
2652 __u32 data_count = le32_to_cpu(pSMBr->DataCount); 2621 __u32 data_count = le32_to_cpu(pSMBr->DataCount);
2653 if ((pSMBr->ByteCount < 2) || (data_offset > 512)) 2622 if ((pSMBr->ByteCount < 2) || (data_offset > 512)) {
2654 /* BB also check enough total bytes returned */ 2623 /* BB also check enough total bytes returned */
2655 rc = -EIO; /* bad smb */ 2624 rc = -EIO; /* bad smb */
2656 else { 2625 goto qreparse_out;
2657 if (data_count && (data_count < 2048)) { 2626 }
2658 char *end_of_smb = 2 /* sizeof byte count */ + 2627 if (data_count && (data_count < 2048)) {
2659 pSMBr->ByteCount + 2628 char *end_of_smb = 2 /* sizeof byte count */ +
2660 (char *)&pSMBr->ByteCount; 2629 pSMBr->ByteCount + (char *)&pSMBr->ByteCount;
2661 2630
2662 struct reparse_data *reparse_buf = 2631 struct reparse_data *reparse_buf =
2663 (struct reparse_data *) 2632 (struct reparse_data *)
2664 ((char *)&pSMBr->hdr.Protocol 2633 ((char *)&pSMBr->hdr.Protocol
2665 + data_offset); 2634 + data_offset);
2666 if ((char *)reparse_buf >= end_of_smb) { 2635 if ((char *)reparse_buf >= end_of_smb) {
2667 rc = -EIO; 2636 rc = -EIO;
2668 goto qreparse_out; 2637 goto qreparse_out;
2669 } 2638 }
2670 if ((reparse_buf->LinkNamesBuf + 2639 if ((reparse_buf->LinkNamesBuf +
2671 reparse_buf->TargetNameOffset + 2640 reparse_buf->TargetNameOffset +
2672 reparse_buf->TargetNameLen) > 2641 reparse_buf->TargetNameLen) > end_of_smb) {
2673 end_of_smb) { 2642 cFYI(1, ("reparse buf beyond SMB"));
2674 cFYI(1, ("reparse buf beyond SMB")); 2643 rc = -EIO;
2675 rc = -EIO; 2644 goto qreparse_out;
2676 goto qreparse_out; 2645 }
2677 }
2678 2646
2679 if (pSMBr->hdr.Flags2 & SMBFLG2_UNICODE) { 2647 if (pSMBr->hdr.Flags2 & SMBFLG2_UNICODE) {
2680 name_len = UniStrnlen((wchar_t *) 2648 cifs_from_ucs2(symlinkinfo, (__le16 *)
2681 (reparse_buf->LinkNamesBuf + 2649 (reparse_buf->LinkNamesBuf +
2682 reparse_buf->TargetNameOffset), 2650 reparse_buf->TargetNameOffset),
2683 min(buflen/2, 2651 buflen,
2684 reparse_buf->TargetNameLen / 2)); 2652 reparse_buf->TargetNameLen,
2685 cifs_strfromUCS_le(symlinkinfo, 2653 nls_codepage, 0);
2686 (__le16 *) (reparse_buf->LinkNamesBuf + 2654 } else { /* ASCII names */
2687 reparse_buf->TargetNameOffset), 2655 strncpy(symlinkinfo,
2688 name_len, nls_codepage); 2656 reparse_buf->LinkNamesBuf +
2689 } else { /* ASCII names */ 2657 reparse_buf->TargetNameOffset,
2690 strncpy(symlinkinfo, 2658 min_t(const int, buflen,
2691 reparse_buf->LinkNamesBuf + 2659 reparse_buf->TargetNameLen));
2692 reparse_buf->TargetNameOffset,
2693 min_t(const int, buflen,
2694 reparse_buf->TargetNameLen));
2695 }
2696 } else {
2697 rc = -EIO;
2698 cFYI(1, ("Invalid return data count on "
2699 "get reparse info ioctl"));
2700 } 2660 }
2701 symlinkinfo[buflen] = 0; /* just in case so the caller 2661 } else {
2702 does not go off the end of the buffer */ 2662 rc = -EIO;
2703 cFYI(1, ("readlink result - %s", symlinkinfo)); 2663 cFYI(1, ("Invalid return data count on "
2664 "get reparse info ioctl"));
2704 } 2665 }
2666 symlinkinfo[buflen] = 0; /* just in case so the caller
2667 does not go off the end of the buffer */
2668 cFYI(1, ("readlink result - %s", symlinkinfo));
2705 } 2669 }
2670
2706qreparse_out: 2671qreparse_out:
2707 cifs_buf_release(pSMB); 2672 cifs_buf_release(pSMB);
2708 2673
@@ -2711,6 +2676,7 @@ qreparse_out:
2711 2676
2712 return rc; 2677 return rc;
2713} 2678}
2679#endif /* CIFS_EXPERIMENTAL */
2714 2680
2715#ifdef CONFIG_CIFS_POSIX 2681#ifdef CONFIG_CIFS_POSIX
2716 2682
@@ -3928,27 +3894,6 @@ GetInodeNumOut:
3928 return rc; 3894 return rc;
3929} 3895}
3930 3896
3931/* computes length of UCS string converted to host codepage
3932 * @src: UCS string
3933 * @maxlen: length of the input string in UCS characters
3934 * (not in bytes)
3935 *
3936 * return: size of input string in host codepage
3937 */
3938static int hostlen_fromUCS(const __le16 *src, const int maxlen,
3939 const struct nls_table *nls_codepage) {
3940 int i;
3941 int hostlen = 0;
3942 char to[4];
3943 int charlen;
3944 for (i = 0; (i < maxlen) && src[i]; ++i) {
3945 charlen = nls_codepage->uni2char(le16_to_cpu(src[i]),
3946 to, NLS_MAX_CHARSET_SIZE);
3947 hostlen += charlen > 0 ? charlen : 1;
3948 }
3949 return hostlen;
3950}
3951
3952/* parses DFS refferal V3 structure 3897/* parses DFS refferal V3 structure
3953 * caller is responsible for freeing target_nodes 3898 * caller is responsible for freeing target_nodes
3954 * returns: 3899 * returns:
@@ -3994,7 +3939,7 @@ parse_DFS_referrals(TRANSACTION2_GET_DFS_REFER_RSP *pSMBr,
3994 3939
3995 cFYI(1, ("num_referrals: %d dfs flags: 0x%x ... \n", 3940 cFYI(1, ("num_referrals: %d dfs flags: 0x%x ... \n",
3996 *num_of_nodes, 3941 *num_of_nodes,
3997 le16_to_cpu(pSMBr->DFSFlags))); 3942 le32_to_cpu(pSMBr->DFSFlags)));
3998 3943
3999 *target_nodes = kzalloc(sizeof(struct dfs_info3_param) * 3944 *target_nodes = kzalloc(sizeof(struct dfs_info3_param) *
4000 *num_of_nodes, GFP_KERNEL); 3945 *num_of_nodes, GFP_KERNEL);
@@ -4010,14 +3955,14 @@ parse_DFS_referrals(TRANSACTION2_GET_DFS_REFER_RSP *pSMBr,
4010 int max_len; 3955 int max_len;
4011 struct dfs_info3_param *node = (*target_nodes)+i; 3956 struct dfs_info3_param *node = (*target_nodes)+i;
4012 3957
4013 node->flags = le16_to_cpu(pSMBr->DFSFlags); 3958 node->flags = le32_to_cpu(pSMBr->DFSFlags);
4014 if (is_unicode) { 3959 if (is_unicode) {
4015 __le16 *tmp = kmalloc(strlen(searchName)*2 + 2, 3960 __le16 *tmp = kmalloc(strlen(searchName)*2 + 2,
4016 GFP_KERNEL); 3961 GFP_KERNEL);
4017 cifsConvertToUCS((__le16 *) tmp, searchName, 3962 cifsConvertToUCS((__le16 *) tmp, searchName,
4018 PATH_MAX, nls_codepage, remap); 3963 PATH_MAX, nls_codepage, remap);
4019 node->path_consumed = hostlen_fromUCS(tmp, 3964 node->path_consumed = cifs_ucs2_bytes(tmp,
4020 le16_to_cpu(pSMBr->PathConsumed)/2, 3965 le16_to_cpu(pSMBr->PathConsumed),
4021 nls_codepage); 3966 nls_codepage);
4022 kfree(tmp); 3967 kfree(tmp);
4023 } else 3968 } else
@@ -4029,20 +3974,20 @@ parse_DFS_referrals(TRANSACTION2_GET_DFS_REFER_RSP *pSMBr,
4029 /* copy DfsPath */ 3974 /* copy DfsPath */
4030 temp = (char *)ref + le16_to_cpu(ref->DfsPathOffset); 3975 temp = (char *)ref + le16_to_cpu(ref->DfsPathOffset);
4031 max_len = data_end - temp; 3976 max_len = data_end - temp;
4032 rc = cifs_strncpy_to_host(&(node->path_name), temp, 3977 node->path_name = cifs_strndup_from_ucs(temp, max_len,
4033 max_len, is_unicode, nls_codepage); 3978 is_unicode, nls_codepage);
4034 if (rc) 3979 if (!node->path_name) {
3980 rc = -ENOMEM;
4035 goto parse_DFS_referrals_exit; 3981 goto parse_DFS_referrals_exit;
3982 }
4036 3983
4037 /* copy link target UNC */ 3984 /* copy link target UNC */
4038 temp = (char *)ref + le16_to_cpu(ref->NetworkAddressOffset); 3985 temp = (char *)ref + le16_to_cpu(ref->NetworkAddressOffset);
4039 max_len = data_end - temp; 3986 max_len = data_end - temp;
4040 rc = cifs_strncpy_to_host(&(node->node_name), temp, 3987 node->node_name = cifs_strndup_from_ucs(temp, max_len,
4041 max_len, is_unicode, nls_codepage); 3988 is_unicode, nls_codepage);
4042 if (rc) 3989 if (!node->node_name)
4043 goto parse_DFS_referrals_exit; 3990 rc = -ENOMEM;
4044
4045 ref += le16_to_cpu(ref->Size);
4046 } 3991 }
4047 3992
4048parse_DFS_referrals_exit: 3993parse_DFS_referrals_exit:
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index bacdef1546b7..4aa81a507b74 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -1,7 +1,7 @@
1/* 1/*
2 * fs/cifs/connect.c 2 * fs/cifs/connect.c
3 * 3 *
4 * Copyright (C) International Business Machines Corp., 2002,2008 4 * Copyright (C) International Business Machines Corp., 2002,2009
5 * Author(s): Steve French (sfrench@us.ibm.com) 5 * Author(s): Steve French (sfrench@us.ibm.com)
6 * 6 *
7 * This library is free software; you can redistribute it and/or modify 7 * This library is free software; you can redistribute it and/or modify
@@ -32,6 +32,7 @@
32#include <linux/kthread.h> 32#include <linux/kthread.h>
33#include <linux/pagevec.h> 33#include <linux/pagevec.h>
34#include <linux/freezer.h> 34#include <linux/freezer.h>
35#include <linux/namei.h>
35#include <asm/uaccess.h> 36#include <asm/uaccess.h>
36#include <asm/processor.h> 37#include <asm/processor.h>
37#include <net/ipv6.h> 38#include <net/ipv6.h>
@@ -978,6 +979,13 @@ cifs_parse_mount_options(char *options, const char *devname,
978 return 1; 979 return 1;
979 } else if (strnicmp(value, "krb5", 4) == 0) { 980 } else if (strnicmp(value, "krb5", 4) == 0) {
980 vol->secFlg |= CIFSSEC_MAY_KRB5; 981 vol->secFlg |= CIFSSEC_MAY_KRB5;
982#ifdef CONFIG_CIFS_EXPERIMENTAL
983 } else if (strnicmp(value, "ntlmsspi", 8) == 0) {
984 vol->secFlg |= CIFSSEC_MAY_NTLMSSP |
985 CIFSSEC_MUST_SIGN;
986 } else if (strnicmp(value, "ntlmssp", 7) == 0) {
987 vol->secFlg |= CIFSSEC_MAY_NTLMSSP;
988#endif
981 } else if (strnicmp(value, "ntlmv2i", 7) == 0) { 989 } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
982 vol->secFlg |= CIFSSEC_MAY_NTLMV2 | 990 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
983 CIFSSEC_MUST_SIGN; 991 CIFSSEC_MUST_SIGN;
@@ -2278,6 +2286,7 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
2278#ifdef CONFIG_CIFS_DFS_UPCALL 2286#ifdef CONFIG_CIFS_DFS_UPCALL
2279 struct dfs_info3_param *referrals = NULL; 2287 struct dfs_info3_param *referrals = NULL;
2280 unsigned int num_referrals = 0; 2288 unsigned int num_referrals = 0;
2289 int referral_walks_count = 0;
2281try_mount_again: 2290try_mount_again:
2282#endif 2291#endif
2283 full_path = NULL; 2292 full_path = NULL;
@@ -2525,6 +2534,16 @@ remote_path_check:
2525 /* get referral if needed */ 2534 /* get referral if needed */
2526 if (rc == -EREMOTE) { 2535 if (rc == -EREMOTE) {
2527#ifdef CONFIG_CIFS_DFS_UPCALL 2536#ifdef CONFIG_CIFS_DFS_UPCALL
2537 if (referral_walks_count > MAX_NESTED_LINKS) {
2538 /*
2539 * BB: when we implement proper loop detection,
2540 * we will remove this check. But now we need it
2541 * to prevent an indefinite loop if 'DFS tree' is
2542 * misconfigured (i.e. has loops).
2543 */
2544 rc = -ELOOP;
2545 goto mount_fail_check;
2546 }
2528 /* convert forward to back slashes in prepath here if needed */ 2547 /* convert forward to back slashes in prepath here if needed */
2529 if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0) 2548 if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0)
2530 convert_delimiter(cifs_sb->prepath, 2549 convert_delimiter(cifs_sb->prepath,
@@ -2558,6 +2577,7 @@ remote_path_check:
2558 cleanup_volume_info(&volume_info); 2577 cleanup_volume_info(&volume_info);
2559 FreeXid(xid); 2578 FreeXid(xid);
2560 kfree(full_path); 2579 kfree(full_path);
2580 referral_walks_count++;
2561 goto try_mount_again; 2581 goto try_mount_again;
2562 } 2582 }
2563#else /* No DFS support, return error on mount */ 2583#else /* No DFS support, return error on mount */
@@ -2592,1041 +2612,6 @@ out:
2592 return rc; 2612 return rc;
2593} 2613}
2594 2614
2595static int
2596CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2597 char session_key[CIFS_SESS_KEY_SIZE],
2598 const struct nls_table *nls_codepage)
2599{
2600 struct smb_hdr *smb_buffer;
2601 struct smb_hdr *smb_buffer_response;
2602 SESSION_SETUP_ANDX *pSMB;
2603 SESSION_SETUP_ANDX *pSMBr;
2604 char *bcc_ptr;
2605 char *user;
2606 char *domain;
2607 int rc = 0;
2608 int remaining_words = 0;
2609 int bytes_returned = 0;
2610 int len;
2611 __u32 capabilities;
2612 __u16 count;
2613
2614 cFYI(1, ("In sesssetup"));
2615 if (ses == NULL)
2616 return -EINVAL;
2617 user = ses->userName;
2618 domain = ses->domainName;
2619 smb_buffer = cifs_buf_get();
2620
2621 if (smb_buffer == NULL)
2622 return -ENOMEM;
2623
2624 smb_buffer_response = smb_buffer;
2625 pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2626
2627 /* send SMBsessionSetup here */
2628 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2629 NULL /* no tCon exists yet */ , 13 /* wct */ );
2630
2631 smb_buffer->Mid = GetNextMid(ses->server);
2632 pSMB->req_no_secext.AndXCommand = 0xFF;
2633 pSMB->req_no_secext.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2634 pSMB->req_no_secext.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2635
2636 if (ses->server->secMode &
2637 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2638 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2639
2640 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2641 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
2642 if (ses->capabilities & CAP_UNICODE) {
2643 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2644 capabilities |= CAP_UNICODE;
2645 }
2646 if (ses->capabilities & CAP_STATUS32) {
2647 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2648 capabilities |= CAP_STATUS32;
2649 }
2650 if (ses->capabilities & CAP_DFS) {
2651 smb_buffer->Flags2 |= SMBFLG2_DFS;
2652 capabilities |= CAP_DFS;
2653 }
2654 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
2655
2656 pSMB->req_no_secext.CaseInsensitivePasswordLength =
2657 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2658
2659 pSMB->req_no_secext.CaseSensitivePasswordLength =
2660 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2661 bcc_ptr = pByteArea(smb_buffer);
2662 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2663 bcc_ptr += CIFS_SESS_KEY_SIZE;
2664 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2665 bcc_ptr += CIFS_SESS_KEY_SIZE;
2666
2667 if (ses->capabilities & CAP_UNICODE) {
2668 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode */
2669 *bcc_ptr = 0;
2670 bcc_ptr++;
2671 }
2672 if (user == NULL)
2673 bytes_returned = 0; /* skip null user */
2674 else
2675 bytes_returned =
2676 cifs_strtoUCS((__le16 *) bcc_ptr, user, 100,
2677 nls_codepage);
2678 /* convert number of 16 bit words to bytes */
2679 bcc_ptr += 2 * bytes_returned;
2680 bcc_ptr += 2; /* trailing null */
2681 if (domain == NULL)
2682 bytes_returned =
2683 cifs_strtoUCS((__le16 *) bcc_ptr,
2684 "CIFS_LINUX_DOM", 32, nls_codepage);
2685 else
2686 bytes_returned =
2687 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2688 nls_codepage);
2689 bcc_ptr += 2 * bytes_returned;
2690 bcc_ptr += 2;
2691 bytes_returned =
2692 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2693 32, nls_codepage);
2694 bcc_ptr += 2 * bytes_returned;
2695 bytes_returned =
2696 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release,
2697 32, nls_codepage);
2698 bcc_ptr += 2 * bytes_returned;
2699 bcc_ptr += 2;
2700 bytes_returned =
2701 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2702 64, nls_codepage);
2703 bcc_ptr += 2 * bytes_returned;
2704 bcc_ptr += 2;
2705 } else {
2706 if (user != NULL) {
2707 strncpy(bcc_ptr, user, 200);
2708 bcc_ptr += strnlen(user, 200);
2709 }
2710 *bcc_ptr = 0;
2711 bcc_ptr++;
2712 if (domain == NULL) {
2713 strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2714 bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2715 } else {
2716 strncpy(bcc_ptr, domain, 64);
2717 bcc_ptr += strnlen(domain, 64);
2718 *bcc_ptr = 0;
2719 bcc_ptr++;
2720 }
2721 strcpy(bcc_ptr, "Linux version ");
2722 bcc_ptr += strlen("Linux version ");
2723 strcpy(bcc_ptr, utsname()->release);
2724 bcc_ptr += strlen(utsname()->release) + 1;
2725 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2726 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2727 }
2728 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2729 smb_buffer->smb_buf_length += count;
2730 pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
2731
2732 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2733 &bytes_returned, CIFS_LONG_OP);
2734 if (rc) {
2735/* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2736 } else if ((smb_buffer_response->WordCount == 3)
2737 || (smb_buffer_response->WordCount == 4)) {
2738 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2739 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2740 if (action & GUEST_LOGIN)
2741 cFYI(1, ("Guest login")); /* BB mark SesInfo struct? */
2742 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format
2743 (little endian) */
2744 cFYI(1, ("UID = %d ", ses->Suid));
2745 /* response can have either 3 or 4 word count - Samba sends 3 */
2746 bcc_ptr = pByteArea(smb_buffer_response);
2747 if ((pSMBr->resp.hdr.WordCount == 3)
2748 || ((pSMBr->resp.hdr.WordCount == 4)
2749 && (blob_len < pSMBr->resp.ByteCount))) {
2750 if (pSMBr->resp.hdr.WordCount == 4)
2751 bcc_ptr += blob_len;
2752
2753 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2754 if ((long) (bcc_ptr) % 2) {
2755 remaining_words =
2756 (BCC(smb_buffer_response) - 1) / 2;
2757 /* Unicode strings must be word
2758 aligned */
2759 bcc_ptr++;
2760 } else {
2761 remaining_words =
2762 BCC(smb_buffer_response) / 2;
2763 }
2764 len =
2765 UniStrnlen((wchar_t *) bcc_ptr,
2766 remaining_words - 1);
2767/* We look for obvious messed up bcc or strings in response so we do not go off
2768 the end since (at least) WIN2K and Windows XP have a major bug in not null
2769 terminating last Unicode string in response */
2770 kfree(ses->serverOS);
2771 ses->serverOS = kzalloc(2 * (len + 1),
2772 GFP_KERNEL);
2773 if (ses->serverOS == NULL)
2774 goto sesssetup_nomem;
2775 cifs_strfromUCS_le(ses->serverOS,
2776 (__le16 *)bcc_ptr,
2777 len, nls_codepage);
2778 bcc_ptr += 2 * (len + 1);
2779 remaining_words -= len + 1;
2780 ses->serverOS[2 * len] = 0;
2781 ses->serverOS[1 + (2 * len)] = 0;
2782 if (remaining_words > 0) {
2783 len = UniStrnlen((wchar_t *)bcc_ptr,
2784 remaining_words-1);
2785 kfree(ses->serverNOS);
2786 ses->serverNOS = kzalloc(2 * (len + 1),
2787 GFP_KERNEL);
2788 if (ses->serverNOS == NULL)
2789 goto sesssetup_nomem;
2790 cifs_strfromUCS_le(ses->serverNOS,
2791 (__le16 *)bcc_ptr,
2792 len, nls_codepage);
2793 bcc_ptr += 2 * (len + 1);
2794 ses->serverNOS[2 * len] = 0;
2795 ses->serverNOS[1 + (2 * len)] = 0;
2796 if (strncmp(ses->serverNOS,
2797 "NT LAN Manager 4", 16) == 0) {
2798 cFYI(1, ("NT4 server"));
2799 ses->flags |= CIFS_SES_NT4;
2800 }
2801 remaining_words -= len + 1;
2802 if (remaining_words > 0) {
2803 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2804 /* last string is not always null terminated
2805 (for e.g. for Windows XP & 2000) */
2806 kfree(ses->serverDomain);
2807 ses->serverDomain =
2808 kzalloc(2*(len+1),
2809 GFP_KERNEL);
2810 if (ses->serverDomain == NULL)
2811 goto sesssetup_nomem;
2812 cifs_strfromUCS_le(ses->serverDomain,
2813 (__le16 *)bcc_ptr,
2814 len, nls_codepage);
2815 bcc_ptr += 2 * (len + 1);
2816 ses->serverDomain[2*len] = 0;
2817 ses->serverDomain[1+(2*len)] = 0;
2818 } else { /* else no more room so create
2819 dummy domain string */
2820 kfree(ses->serverDomain);
2821 ses->serverDomain =
2822 kzalloc(2, GFP_KERNEL);
2823 }
2824 } else { /* no room so create dummy domain
2825 and NOS string */
2826
2827 /* if these kcallocs fail not much we
2828 can do, but better to not fail the
2829 sesssetup itself */
2830 kfree(ses->serverDomain);
2831 ses->serverDomain =
2832 kzalloc(2, GFP_KERNEL);
2833 kfree(ses->serverNOS);
2834 ses->serverNOS =
2835 kzalloc(2, GFP_KERNEL);
2836 }
2837 } else { /* ASCII */
2838 len = strnlen(bcc_ptr, 1024);
2839 if (((long) bcc_ptr + len) - (long)
2840 pByteArea(smb_buffer_response)
2841 <= BCC(smb_buffer_response)) {
2842 kfree(ses->serverOS);
2843 ses->serverOS = kzalloc(len + 1,
2844 GFP_KERNEL);
2845 if (ses->serverOS == NULL)
2846 goto sesssetup_nomem;
2847 strncpy(ses->serverOS, bcc_ptr, len);
2848
2849 bcc_ptr += len;
2850 /* null terminate the string */
2851 bcc_ptr[0] = 0;
2852 bcc_ptr++;
2853
2854 len = strnlen(bcc_ptr, 1024);
2855 kfree(ses->serverNOS);
2856 ses->serverNOS = kzalloc(len + 1,
2857 GFP_KERNEL);
2858 if (ses->serverNOS == NULL)
2859 goto sesssetup_nomem;
2860 strncpy(ses->serverNOS, bcc_ptr, len);
2861 bcc_ptr += len;
2862 bcc_ptr[0] = 0;
2863 bcc_ptr++;
2864
2865 len = strnlen(bcc_ptr, 1024);
2866 kfree(ses->serverDomain);
2867 ses->serverDomain = kzalloc(len + 1,
2868 GFP_KERNEL);
2869 if (ses->serverDomain == NULL)
2870 goto sesssetup_nomem;
2871 strncpy(ses->serverDomain, bcc_ptr,
2872 len);
2873 bcc_ptr += len;
2874 bcc_ptr[0] = 0;
2875 bcc_ptr++;
2876 } else
2877 cFYI(1,
2878 ("Variable field of length %d "
2879 "extends beyond end of smb ",
2880 len));
2881 }
2882 } else {
2883 cERROR(1, ("Security Blob Length extends beyond "
2884 "end of SMB"));
2885 }
2886 } else {
2887 cERROR(1, ("Invalid Word count %d: ",
2888 smb_buffer_response->WordCount));
2889 rc = -EIO;
2890 }
2891sesssetup_nomem: /* do not return an error on nomem for the info strings,
2892 since that could make reconnection harder, and
2893 reconnection might be needed to free memory */
2894 cifs_buf_release(smb_buffer);
2895
2896 return rc;
2897}
2898
2899static int
2900CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2901 struct cifsSesInfo *ses, bool *pNTLMv2_flag,
2902 const struct nls_table *nls_codepage)
2903{
2904 struct smb_hdr *smb_buffer;
2905 struct smb_hdr *smb_buffer_response;
2906 SESSION_SETUP_ANDX *pSMB;
2907 SESSION_SETUP_ANDX *pSMBr;
2908 char *bcc_ptr;
2909 char *domain;
2910 int rc = 0;
2911 int remaining_words = 0;
2912 int bytes_returned = 0;
2913 int len;
2914 int SecurityBlobLength = sizeof(NEGOTIATE_MESSAGE);
2915 PNEGOTIATE_MESSAGE SecurityBlob;
2916 PCHALLENGE_MESSAGE SecurityBlob2;
2917 __u32 negotiate_flags, capabilities;
2918 __u16 count;
2919
2920 cFYI(1, ("In NTLMSSP sesssetup (negotiate)"));
2921 if (ses == NULL)
2922 return -EINVAL;
2923 domain = ses->domainName;
2924 *pNTLMv2_flag = false;
2925 smb_buffer = cifs_buf_get();
2926 if (smb_buffer == NULL) {
2927 return -ENOMEM;
2928 }
2929 smb_buffer_response = smb_buffer;
2930 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2931 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2932
2933 /* send SMBsessionSetup here */
2934 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2935 NULL /* no tCon exists yet */ , 12 /* wct */ );
2936
2937 smb_buffer->Mid = GetNextMid(ses->server);
2938 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2939 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2940
2941 pSMB->req.AndXCommand = 0xFF;
2942 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2943 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2944
2945 if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2946 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2947
2948 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2949 CAP_EXTENDED_SECURITY;
2950 if (ses->capabilities & CAP_UNICODE) {
2951 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2952 capabilities |= CAP_UNICODE;
2953 }
2954 if (ses->capabilities & CAP_STATUS32) {
2955 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2956 capabilities |= CAP_STATUS32;
2957 }
2958 if (ses->capabilities & CAP_DFS) {
2959 smb_buffer->Flags2 |= SMBFLG2_DFS;
2960 capabilities |= CAP_DFS;
2961 }
2962 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2963
2964 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2965 SecurityBlob = (PNEGOTIATE_MESSAGE) bcc_ptr;
2966 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2967 SecurityBlob->MessageType = NtLmNegotiate;
2968 negotiate_flags =
2969 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
2970 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM |
2971 NTLMSSP_NEGOTIATE_56 |
2972 /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
2973 if (sign_CIFS_PDUs)
2974 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
2975/* if (ntlmv2_support)
2976 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;*/
2977 /* setup pointers to domain name and workstation name */
2978 bcc_ptr += SecurityBlobLength;
2979
2980 SecurityBlob->WorkstationName.Buffer = 0;
2981 SecurityBlob->WorkstationName.Length = 0;
2982 SecurityBlob->WorkstationName.MaximumLength = 0;
2983
2984 /* Domain not sent on first Sesssetup in NTLMSSP, instead it is sent
2985 along with username on auth request (ie the response to challenge) */
2986 SecurityBlob->DomainName.Buffer = 0;
2987 SecurityBlob->DomainName.Length = 0;
2988 SecurityBlob->DomainName.MaximumLength = 0;
2989 if (ses->capabilities & CAP_UNICODE) {
2990 if ((long) bcc_ptr % 2) {
2991 *bcc_ptr = 0;
2992 bcc_ptr++;
2993 }
2994
2995 bytes_returned =
2996 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2997 32, nls_codepage);
2998 bcc_ptr += 2 * bytes_returned;
2999 bytes_returned =
3000 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
3001 nls_codepage);
3002 bcc_ptr += 2 * bytes_returned;
3003 bcc_ptr += 2; /* null terminate Linux version */
3004 bytes_returned =
3005 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
3006 64, nls_codepage);
3007 bcc_ptr += 2 * bytes_returned;
3008 *(bcc_ptr + 1) = 0;
3009 *(bcc_ptr + 2) = 0;
3010 bcc_ptr += 2; /* null terminate network opsys string */
3011 *(bcc_ptr + 1) = 0;
3012 *(bcc_ptr + 2) = 0;
3013 bcc_ptr += 2; /* null domain */
3014 } else { /* ASCII */
3015 strcpy(bcc_ptr, "Linux version ");
3016 bcc_ptr += strlen("Linux version ");
3017 strcpy(bcc_ptr, utsname()->release);
3018 bcc_ptr += strlen(utsname()->release) + 1;
3019 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
3020 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
3021 bcc_ptr++; /* empty domain field */
3022 *bcc_ptr = 0;
3023 }
3024 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
3025 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
3026 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
3027 smb_buffer->smb_buf_length += count;
3028 pSMB->req.ByteCount = cpu_to_le16(count);
3029
3030 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
3031 &bytes_returned, CIFS_LONG_OP);
3032
3033 if (smb_buffer_response->Status.CifsError ==
3034 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
3035 rc = 0;
3036
3037 if (rc) {
3038/* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
3039 } else if ((smb_buffer_response->WordCount == 3)
3040 || (smb_buffer_response->WordCount == 4)) {
3041 __u16 action = le16_to_cpu(pSMBr->resp.Action);
3042 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
3043
3044 if (action & GUEST_LOGIN)
3045 cFYI(1, ("Guest login"));
3046 /* Do we want to set anything in SesInfo struct when guest login? */
3047
3048 bcc_ptr = pByteArea(smb_buffer_response);
3049 /* response can have either 3 or 4 word count - Samba sends 3 */
3050
3051 SecurityBlob2 = (PCHALLENGE_MESSAGE) bcc_ptr;
3052 if (SecurityBlob2->MessageType != NtLmChallenge) {
3053 cFYI(1, ("Unexpected NTLMSSP message type received %d",
3054 SecurityBlob2->MessageType));
3055 } else if (ses) {
3056 ses->Suid = smb_buffer_response->Uid; /* UID left in le format */
3057 cFYI(1, ("UID = %d", ses->Suid));
3058 if ((pSMBr->resp.hdr.WordCount == 3)
3059 || ((pSMBr->resp.hdr.WordCount == 4)
3060 && (blob_len <
3061 pSMBr->resp.ByteCount))) {
3062
3063 if (pSMBr->resp.hdr.WordCount == 4) {
3064 bcc_ptr += blob_len;
3065 cFYI(1, ("Security Blob Length %d",
3066 blob_len));
3067 }
3068
3069 cFYI(1, ("NTLMSSP Challenge rcvd"));
3070
3071 memcpy(ses->server->cryptKey,
3072 SecurityBlob2->Challenge,
3073 CIFS_CRYPTO_KEY_SIZE);
3074 if (SecurityBlob2->NegotiateFlags &
3075 cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
3076 *pNTLMv2_flag = true;
3077
3078 if ((SecurityBlob2->NegotiateFlags &
3079 cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN))
3080 || (sign_CIFS_PDUs > 1))
3081 ses->server->secMode |=
3082 SECMODE_SIGN_REQUIRED;
3083 if ((SecurityBlob2->NegotiateFlags &
3084 cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN)) && (sign_CIFS_PDUs))
3085 ses->server->secMode |=
3086 SECMODE_SIGN_ENABLED;
3087
3088 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3089 if ((long) (bcc_ptr) % 2) {
3090 remaining_words =
3091 (BCC(smb_buffer_response)
3092 - 1) / 2;
3093 /* Must word align unicode strings */
3094 bcc_ptr++;
3095 } else {
3096 remaining_words =
3097 BCC
3098 (smb_buffer_response) / 2;
3099 }
3100 len =
3101 UniStrnlen((wchar_t *) bcc_ptr,
3102 remaining_words - 1);
3103/* We look for obvious messed up bcc or strings in response so we do not go off
3104 the end since (at least) WIN2K and Windows XP have a major bug in not null
3105 terminating last Unicode string in response */
3106 kfree(ses->serverOS);
3107 ses->serverOS =
3108 kzalloc(2 * (len + 1), GFP_KERNEL);
3109 cifs_strfromUCS_le(ses->serverOS,
3110 (__le16 *)
3111 bcc_ptr, len,
3112 nls_codepage);
3113 bcc_ptr += 2 * (len + 1);
3114 remaining_words -= len + 1;
3115 ses->serverOS[2 * len] = 0;
3116 ses->serverOS[1 + (2 * len)] = 0;
3117 if (remaining_words > 0) {
3118 len = UniStrnlen((wchar_t *)
3119 bcc_ptr,
3120 remaining_words
3121 - 1);
3122 kfree(ses->serverNOS);
3123 ses->serverNOS =
3124 kzalloc(2 * (len + 1),
3125 GFP_KERNEL);
3126 cifs_strfromUCS_le(ses->
3127 serverNOS,
3128 (__le16 *)
3129 bcc_ptr,
3130 len,
3131 nls_codepage);
3132 bcc_ptr += 2 * (len + 1);
3133 ses->serverNOS[2 * len] = 0;
3134 ses->serverNOS[1 +
3135 (2 * len)] = 0;
3136 remaining_words -= len + 1;
3137 if (remaining_words > 0) {
3138 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
3139 /* last string not always null terminated
3140 (for e.g. for Windows XP & 2000) */
3141 kfree(ses->serverDomain);
3142 ses->serverDomain =
3143 kzalloc(2 *
3144 (len +
3145 1),
3146 GFP_KERNEL);
3147 cifs_strfromUCS_le
3148 (ses->serverDomain,
3149 (__le16 *)bcc_ptr,
3150 len, nls_codepage);
3151 bcc_ptr +=
3152 2 * (len + 1);
3153 ses->serverDomain[2*len]
3154 = 0;
3155 ses->serverDomain
3156 [1 + (2 * len)]
3157 = 0;
3158 } /* else no more room so create dummy domain string */
3159 else {
3160 kfree(ses->serverDomain);
3161 ses->serverDomain =
3162 kzalloc(2,
3163 GFP_KERNEL);
3164 }
3165 } else { /* no room so create dummy domain and NOS string */
3166 kfree(ses->serverDomain);
3167 ses->serverDomain =
3168 kzalloc(2, GFP_KERNEL);
3169 kfree(ses->serverNOS);
3170 ses->serverNOS =
3171 kzalloc(2, GFP_KERNEL);
3172 }
3173 } else { /* ASCII */
3174 len = strnlen(bcc_ptr, 1024);
3175 if (((long) bcc_ptr + len) - (long)
3176 pByteArea(smb_buffer_response)
3177 <= BCC(smb_buffer_response)) {
3178 kfree(ses->serverOS);
3179 ses->serverOS =
3180 kzalloc(len + 1,
3181 GFP_KERNEL);
3182 strncpy(ses->serverOS,
3183 bcc_ptr, len);
3184
3185 bcc_ptr += len;
3186 bcc_ptr[0] = 0; /* null terminate string */
3187 bcc_ptr++;
3188
3189 len = strnlen(bcc_ptr, 1024);
3190 kfree(ses->serverNOS);
3191 ses->serverNOS =
3192 kzalloc(len + 1,
3193 GFP_KERNEL);
3194 strncpy(ses->serverNOS, bcc_ptr, len);
3195 bcc_ptr += len;
3196 bcc_ptr[0] = 0;
3197 bcc_ptr++;
3198
3199 len = strnlen(bcc_ptr, 1024);
3200 kfree(ses->serverDomain);
3201 ses->serverDomain =
3202 kzalloc(len + 1,
3203 GFP_KERNEL);
3204 strncpy(ses->serverDomain,
3205 bcc_ptr, len);
3206 bcc_ptr += len;
3207 bcc_ptr[0] = 0;
3208 bcc_ptr++;
3209 } else
3210 cFYI(1,
3211 ("field of length %d "
3212 "extends beyond end of smb",
3213 len));
3214 }
3215 } else {
3216 cERROR(1, ("Security Blob Length extends beyond"
3217 " end of SMB"));
3218 }
3219 } else {
3220 cERROR(1, ("No session structure passed in."));
3221 }
3222 } else {
3223 cERROR(1, ("Invalid Word count %d:",
3224 smb_buffer_response->WordCount));
3225 rc = -EIO;
3226 }
3227
3228 cifs_buf_release(smb_buffer);
3229
3230 return rc;
3231}
3232static int
3233CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
3234 char *ntlm_session_key, bool ntlmv2_flag,
3235 const struct nls_table *nls_codepage)
3236{
3237 struct smb_hdr *smb_buffer;
3238 struct smb_hdr *smb_buffer_response;
3239 SESSION_SETUP_ANDX *pSMB;
3240 SESSION_SETUP_ANDX *pSMBr;
3241 char *bcc_ptr;
3242 char *user;
3243 char *domain;
3244 int rc = 0;
3245 int remaining_words = 0;
3246 int bytes_returned = 0;
3247 int len;
3248 int SecurityBlobLength = sizeof(AUTHENTICATE_MESSAGE);
3249 PAUTHENTICATE_MESSAGE SecurityBlob;
3250 __u32 negotiate_flags, capabilities;
3251 __u16 count;
3252
3253 cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
3254 if (ses == NULL)
3255 return -EINVAL;
3256 user = ses->userName;
3257 domain = ses->domainName;
3258 smb_buffer = cifs_buf_get();
3259 if (smb_buffer == NULL) {
3260 return -ENOMEM;
3261 }
3262 smb_buffer_response = smb_buffer;
3263 pSMB = (SESSION_SETUP_ANDX *)smb_buffer;
3264 pSMBr = (SESSION_SETUP_ANDX *)smb_buffer_response;
3265
3266 /* send SMBsessionSetup here */
3267 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
3268 NULL /* no tCon exists yet */ , 12 /* wct */ );
3269
3270 smb_buffer->Mid = GetNextMid(ses->server);
3271 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
3272 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
3273 pSMB->req.AndXCommand = 0xFF;
3274 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
3275 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
3276
3277 pSMB->req.hdr.Uid = ses->Suid;
3278
3279 if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3280 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3281
3282 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
3283 CAP_EXTENDED_SECURITY;
3284 if (ses->capabilities & CAP_UNICODE) {
3285 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3286 capabilities |= CAP_UNICODE;
3287 }
3288 if (ses->capabilities & CAP_STATUS32) {
3289 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3290 capabilities |= CAP_STATUS32;
3291 }
3292 if (ses->capabilities & CAP_DFS) {
3293 smb_buffer->Flags2 |= SMBFLG2_DFS;
3294 capabilities |= CAP_DFS;
3295 }
3296 pSMB->req.Capabilities = cpu_to_le32(capabilities);
3297
3298 bcc_ptr = (char *)&pSMB->req.SecurityBlob;
3299 SecurityBlob = (PAUTHENTICATE_MESSAGE)bcc_ptr;
3300 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
3301 SecurityBlob->MessageType = NtLmAuthenticate;
3302 bcc_ptr += SecurityBlobLength;
3303 negotiate_flags = NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
3304 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
3305 0x80000000 | NTLMSSP_NEGOTIATE_128;
3306 if (sign_CIFS_PDUs)
3307 negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
3308 if (ntlmv2_flag)
3309 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
3310
3311/* setup pointers to domain name and workstation name */
3312
3313 SecurityBlob->WorkstationName.Buffer = 0;
3314 SecurityBlob->WorkstationName.Length = 0;
3315 SecurityBlob->WorkstationName.MaximumLength = 0;
3316 SecurityBlob->SessionKey.Length = 0;
3317 SecurityBlob->SessionKey.MaximumLength = 0;
3318 SecurityBlob->SessionKey.Buffer = 0;
3319
3320 SecurityBlob->LmChallengeResponse.Length = 0;
3321 SecurityBlob->LmChallengeResponse.MaximumLength = 0;
3322 SecurityBlob->LmChallengeResponse.Buffer = 0;
3323
3324 SecurityBlob->NtChallengeResponse.Length =
3325 cpu_to_le16(CIFS_SESS_KEY_SIZE);
3326 SecurityBlob->NtChallengeResponse.MaximumLength =
3327 cpu_to_le16(CIFS_SESS_KEY_SIZE);
3328 memcpy(bcc_ptr, ntlm_session_key, CIFS_SESS_KEY_SIZE);
3329 SecurityBlob->NtChallengeResponse.Buffer =
3330 cpu_to_le32(SecurityBlobLength);
3331 SecurityBlobLength += CIFS_SESS_KEY_SIZE;
3332 bcc_ptr += CIFS_SESS_KEY_SIZE;
3333
3334 if (ses->capabilities & CAP_UNICODE) {
3335 if (domain == NULL) {
3336 SecurityBlob->DomainName.Buffer = 0;
3337 SecurityBlob->DomainName.Length = 0;
3338 SecurityBlob->DomainName.MaximumLength = 0;
3339 } else {
3340 __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
3341 nls_codepage);
3342 ln *= 2;
3343 SecurityBlob->DomainName.MaximumLength =
3344 cpu_to_le16(ln);
3345 SecurityBlob->DomainName.Buffer =
3346 cpu_to_le32(SecurityBlobLength);
3347 bcc_ptr += ln;
3348 SecurityBlobLength += ln;
3349 SecurityBlob->DomainName.Length = cpu_to_le16(ln);
3350 }
3351 if (user == NULL) {
3352 SecurityBlob->UserName.Buffer = 0;
3353 SecurityBlob->UserName.Length = 0;
3354 SecurityBlob->UserName.MaximumLength = 0;
3355 } else {
3356 __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, user, 64,
3357 nls_codepage);
3358 ln *= 2;
3359 SecurityBlob->UserName.MaximumLength =
3360 cpu_to_le16(ln);
3361 SecurityBlob->UserName.Buffer =
3362 cpu_to_le32(SecurityBlobLength);
3363 bcc_ptr += ln;
3364 SecurityBlobLength += ln;
3365 SecurityBlob->UserName.Length = cpu_to_le16(ln);
3366 }
3367
3368 /* SecurityBlob->WorkstationName.Length =
3369 cifs_strtoUCS((__le16 *) bcc_ptr, "AMACHINE",64, nls_codepage);
3370 SecurityBlob->WorkstationName.Length *= 2;
3371 SecurityBlob->WorkstationName.MaximumLength =
3372 cpu_to_le16(SecurityBlob->WorkstationName.Length);
3373 SecurityBlob->WorkstationName.Buffer =
3374 cpu_to_le32(SecurityBlobLength);
3375 bcc_ptr += SecurityBlob->WorkstationName.Length;
3376 SecurityBlobLength += SecurityBlob->WorkstationName.Length;
3377 SecurityBlob->WorkstationName.Length =
3378 cpu_to_le16(SecurityBlob->WorkstationName.Length); */
3379
3380 if ((long) bcc_ptr % 2) {
3381 *bcc_ptr = 0;
3382 bcc_ptr++;
3383 }
3384 bytes_returned =
3385 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
3386 32, nls_codepage);
3387 bcc_ptr += 2 * bytes_returned;
3388 bytes_returned =
3389 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
3390 nls_codepage);
3391 bcc_ptr += 2 * bytes_returned;
3392 bcc_ptr += 2; /* null term version string */
3393 bytes_returned =
3394 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
3395 64, nls_codepage);
3396 bcc_ptr += 2 * bytes_returned;
3397 *(bcc_ptr + 1) = 0;
3398 *(bcc_ptr + 2) = 0;
3399 bcc_ptr += 2; /* null terminate network opsys string */
3400 *(bcc_ptr + 1) = 0;
3401 *(bcc_ptr + 2) = 0;
3402 bcc_ptr += 2; /* null domain */
3403 } else { /* ASCII */
3404 if (domain == NULL) {
3405 SecurityBlob->DomainName.Buffer = 0;
3406 SecurityBlob->DomainName.Length = 0;
3407 SecurityBlob->DomainName.MaximumLength = 0;
3408 } else {
3409 __u16 ln;
3410 negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
3411 strncpy(bcc_ptr, domain, 63);
3412 ln = strnlen(domain, 64);
3413 SecurityBlob->DomainName.MaximumLength =
3414 cpu_to_le16(ln);
3415 SecurityBlob->DomainName.Buffer =
3416 cpu_to_le32(SecurityBlobLength);
3417 bcc_ptr += ln;
3418 SecurityBlobLength += ln;
3419 SecurityBlob->DomainName.Length = cpu_to_le16(ln);
3420 }
3421 if (user == NULL) {
3422 SecurityBlob->UserName.Buffer = 0;
3423 SecurityBlob->UserName.Length = 0;
3424 SecurityBlob->UserName.MaximumLength = 0;
3425 } else {
3426 __u16 ln;
3427 strncpy(bcc_ptr, user, 63);
3428 ln = strnlen(user, 64);
3429 SecurityBlob->UserName.MaximumLength = cpu_to_le16(ln);
3430 SecurityBlob->UserName.Buffer =
3431 cpu_to_le32(SecurityBlobLength);
3432 bcc_ptr += ln;
3433 SecurityBlobLength += ln;
3434 SecurityBlob->UserName.Length = cpu_to_le16(ln);
3435 }
3436 /* BB fill in our workstation name if known BB */
3437
3438 strcpy(bcc_ptr, "Linux version ");
3439 bcc_ptr += strlen("Linux version ");
3440 strcpy(bcc_ptr, utsname()->release);
3441 bcc_ptr += strlen(utsname()->release) + 1;
3442 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
3443 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
3444 bcc_ptr++; /* null domain */
3445 *bcc_ptr = 0;
3446 }
3447 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
3448 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
3449 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
3450 smb_buffer->smb_buf_length += count;
3451 pSMB->req.ByteCount = cpu_to_le16(count);
3452
3453 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
3454 &bytes_returned, CIFS_LONG_OP);
3455 if (rc) {
3456/* rc = map_smb_to_linux_error(smb_buffer_response) done in SendReceive now */
3457 } else if ((smb_buffer_response->WordCount == 3) ||
3458 (smb_buffer_response->WordCount == 4)) {
3459 __u16 action = le16_to_cpu(pSMBr->resp.Action);
3460 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
3461 if (action & GUEST_LOGIN)
3462 cFYI(1, ("Guest login")); /* BB Should we set anything
3463 in SesInfo struct ? */
3464/* if (SecurityBlob2->MessageType != NtLm??) {
3465 cFYI("Unexpected message type on auth response is %d"));
3466 } */
3467
3468 if (ses) {
3469 cFYI(1,
3470 ("Check challenge UID %d vs auth response UID %d",
3471 ses->Suid, smb_buffer_response->Uid));
3472 /* UID left in wire format */
3473 ses->Suid = smb_buffer_response->Uid;
3474 bcc_ptr = pByteArea(smb_buffer_response);
3475 /* response can have either 3 or 4 word count - Samba sends 3 */
3476 if ((pSMBr->resp.hdr.WordCount == 3)
3477 || ((pSMBr->resp.hdr.WordCount == 4)
3478 && (blob_len <
3479 pSMBr->resp.ByteCount))) {
3480 if (pSMBr->resp.hdr.WordCount == 4) {
3481 bcc_ptr +=
3482 blob_len;
3483 cFYI(1,
3484 ("Security Blob Length %d ",
3485 blob_len));
3486 }
3487
3488 cFYI(1,
3489 ("NTLMSSP response to Authenticate "));
3490
3491 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3492 if ((long) (bcc_ptr) % 2) {
3493 remaining_words =
3494 (BCC(smb_buffer_response)
3495 - 1) / 2;
3496 bcc_ptr++; /* Unicode strings must be word aligned */
3497 } else {
3498 remaining_words = BCC(smb_buffer_response) / 2;
3499 }
3500 len = UniStrnlen((wchar_t *) bcc_ptr,
3501 remaining_words - 1);
3502/* We look for obvious messed up bcc or strings in response so we do not go off
3503 the end since (at least) WIN2K and Windows XP have a major bug in not null
3504 terminating last Unicode string in response */
3505 kfree(ses->serverOS);
3506 ses->serverOS =
3507 kzalloc(2 * (len + 1), GFP_KERNEL);
3508 cifs_strfromUCS_le(ses->serverOS,
3509 (__le16 *)
3510 bcc_ptr, len,
3511 nls_codepage);
3512 bcc_ptr += 2 * (len + 1);
3513 remaining_words -= len + 1;
3514 ses->serverOS[2 * len] = 0;
3515 ses->serverOS[1 + (2 * len)] = 0;
3516 if (remaining_words > 0) {
3517 len = UniStrnlen((wchar_t *)
3518 bcc_ptr,
3519 remaining_words
3520 - 1);
3521 kfree(ses->serverNOS);
3522 ses->serverNOS =
3523 kzalloc(2 * (len + 1),
3524 GFP_KERNEL);
3525 cifs_strfromUCS_le(ses->
3526 serverNOS,
3527 (__le16 *)
3528 bcc_ptr,
3529 len,
3530 nls_codepage);
3531 bcc_ptr += 2 * (len + 1);
3532 ses->serverNOS[2 * len] = 0;
3533 ses->serverNOS[1+(2*len)] = 0;
3534 remaining_words -= len + 1;
3535 if (remaining_words > 0) {
3536 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
3537 /* last string not always null terminated (e.g. for Windows XP & 2000) */
3538 kfree(ses->serverDomain);
3539 ses->serverDomain =
3540 kzalloc(2 *
3541 (len +
3542 1),
3543 GFP_KERNEL);
3544 cifs_strfromUCS_le
3545 (ses->
3546 serverDomain,
3547 (__le16 *)
3548 bcc_ptr, len,
3549 nls_codepage);
3550 bcc_ptr +=
3551 2 * (len + 1);
3552 ses->
3553 serverDomain[2
3554 * len]
3555 = 0;
3556 ses->
3557 serverDomain[1
3558 +
3559 (2
3560 *
3561 len)]
3562 = 0;
3563 } /* else no more room so create dummy domain string */
3564 else {
3565 kfree(ses->serverDomain);
3566 ses->serverDomain = kzalloc(2,GFP_KERNEL);
3567 }
3568 } else { /* no room so create dummy domain and NOS string */
3569 kfree(ses->serverDomain);
3570 ses->serverDomain = kzalloc(2, GFP_KERNEL);
3571 kfree(ses->serverNOS);
3572 ses->serverNOS = kzalloc(2, GFP_KERNEL);
3573 }
3574 } else { /* ASCII */
3575 len = strnlen(bcc_ptr, 1024);
3576 if (((long) bcc_ptr + len) -
3577 (long) pByteArea(smb_buffer_response)
3578 <= BCC(smb_buffer_response)) {
3579 kfree(ses->serverOS);
3580 ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
3581 strncpy(ses->serverOS,bcc_ptr, len);
3582
3583 bcc_ptr += len;
3584 bcc_ptr[0] = 0; /* null terminate the string */
3585 bcc_ptr++;
3586
3587 len = strnlen(bcc_ptr, 1024);
3588 kfree(ses->serverNOS);
3589 ses->serverNOS = kzalloc(len+1,
3590 GFP_KERNEL);
3591 strncpy(ses->serverNOS,
3592 bcc_ptr, len);
3593 bcc_ptr += len;
3594 bcc_ptr[0] = 0;
3595 bcc_ptr++;
3596
3597 len = strnlen(bcc_ptr, 1024);
3598 kfree(ses->serverDomain);
3599 ses->serverDomain =
3600 kzalloc(len+1,
3601 GFP_KERNEL);
3602 strncpy(ses->serverDomain,
3603 bcc_ptr, len);
3604 bcc_ptr += len;
3605 bcc_ptr[0] = 0;
3606 bcc_ptr++;
3607 } else
3608 cFYI(1, ("field of length %d "
3609 "extends beyond end of smb ",
3610 len));
3611 }
3612 } else {
3613 cERROR(1, ("Security Blob extends beyond end "
3614 "of SMB"));
3615 }
3616 } else {
3617 cERROR(1, ("No session structure passed in."));
3618 }
3619 } else {
3620 cERROR(1, ("Invalid Word count %d: ",
3621 smb_buffer_response->WordCount));
3622 rc = -EIO;
3623 }
3624
3625 cifs_buf_release(smb_buffer);
3626
3627 return rc;
3628}
3629
3630int 2615int
3631CIFSTCon(unsigned int xid, struct cifsSesInfo *ses, 2616CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3632 const char *tree, struct cifsTconInfo *tcon, 2617 const char *tree, struct cifsTconInfo *tcon,
@@ -3638,7 +2623,7 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3638 TCONX_RSP *pSMBr; 2623 TCONX_RSP *pSMBr;
3639 unsigned char *bcc_ptr; 2624 unsigned char *bcc_ptr;
3640 int rc = 0; 2625 int rc = 0;
3641 int length; 2626 int length, bytes_left;
3642 __u16 count; 2627 __u16 count;
3643 2628
3644 if (ses == NULL) 2629 if (ses == NULL)
@@ -3726,14 +2711,22 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3726 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length, 2711 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length,
3727 CIFS_STD_OP); 2712 CIFS_STD_OP);
3728 2713
3729 /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3730 /* above now done in SendReceive */ 2714 /* above now done in SendReceive */
3731 if ((rc == 0) && (tcon != NULL)) { 2715 if ((rc == 0) && (tcon != NULL)) {
2716 bool is_unicode;
2717
3732 tcon->tidStatus = CifsGood; 2718 tcon->tidStatus = CifsGood;
3733 tcon->need_reconnect = false; 2719 tcon->need_reconnect = false;
3734 tcon->tid = smb_buffer_response->Tid; 2720 tcon->tid = smb_buffer_response->Tid;
3735 bcc_ptr = pByteArea(smb_buffer_response); 2721 bcc_ptr = pByteArea(smb_buffer_response);
3736 length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2); 2722 bytes_left = BCC(smb_buffer_response);
2723 length = strnlen(bcc_ptr, bytes_left - 2);
2724 if (smb_buffer->Flags2 & SMBFLG2_UNICODE)
2725 is_unicode = true;
2726 else
2727 is_unicode = false;
2728
2729
3737 /* skip service field (NB: this field is always ASCII) */ 2730 /* skip service field (NB: this field is always ASCII) */
3738 if (length == 3) { 2731 if (length == 3) {
3739 if ((bcc_ptr[0] == 'I') && (bcc_ptr[1] == 'P') && 2732 if ((bcc_ptr[0] == 'I') && (bcc_ptr[1] == 'P') &&
@@ -3748,39 +2741,16 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3748 } 2741 }
3749 } 2742 }
3750 bcc_ptr += length + 1; 2743 bcc_ptr += length + 1;
2744 bytes_left -= (length + 1);
3751 strncpy(tcon->treeName, tree, MAX_TREE_SIZE); 2745 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3752 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) { 2746
3753 length = UniStrnlen((wchar_t *) bcc_ptr, 512); 2747 /* mostly informational -- no need to fail on error here */
3754 if ((bcc_ptr + (2 * length)) - 2748 tcon->nativeFileSystem = cifs_strndup_from_ucs(bcc_ptr,
3755 pByteArea(smb_buffer_response) <= 2749 bytes_left, is_unicode,
3756 BCC(smb_buffer_response)) { 2750 nls_codepage);
3757 kfree(tcon->nativeFileSystem); 2751
3758 tcon->nativeFileSystem = 2752 cFYI(1, ("nativeFileSystem=%s", tcon->nativeFileSystem));
3759 kzalloc((4 * length) + 2, GFP_KERNEL); 2753
3760 if (tcon->nativeFileSystem) {
3761 cifs_strfromUCS_le(
3762 tcon->nativeFileSystem,
3763 (__le16 *) bcc_ptr,
3764 length, nls_codepage);
3765 cFYI(1, ("nativeFileSystem=%s",
3766 tcon->nativeFileSystem));
3767 }
3768 }
3769 /* else do not bother copying these information fields*/
3770 } else {
3771 length = strnlen(bcc_ptr, 1024);
3772 if ((bcc_ptr + length) -
3773 pByteArea(smb_buffer_response) <=
3774 BCC(smb_buffer_response)) {
3775 kfree(tcon->nativeFileSystem);
3776 tcon->nativeFileSystem =
3777 kzalloc(length + 1, GFP_KERNEL);
3778 if (tcon->nativeFileSystem)
3779 strncpy(tcon->nativeFileSystem, bcc_ptr,
3780 length);
3781 }
3782 /* else do not bother copying these information fields*/
3783 }
3784 if ((smb_buffer_response->WordCount == 3) || 2754 if ((smb_buffer_response->WordCount == 3) ||
3785 (smb_buffer_response->WordCount == 7)) 2755 (smb_buffer_response->WordCount == 7))
3786 /* field is in same location */ 2756 /* field is in same location */
@@ -3819,8 +2789,6 @@ int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
3819 struct nls_table *nls_info) 2789 struct nls_table *nls_info)
3820{ 2790{
3821 int rc = 0; 2791 int rc = 0;
3822 char ntlm_session_key[CIFS_SESS_KEY_SIZE];
3823 bool ntlmv2_flag = false;
3824 int first_time = 0; 2792 int first_time = 0;
3825 struct TCP_Server_Info *server = pSesInfo->server; 2793 struct TCP_Server_Info *server = pSesInfo->server;
3826 2794
@@ -3852,83 +2820,19 @@ int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
3852 pSesInfo->capabilities = server->capabilities; 2820 pSesInfo->capabilities = server->capabilities;
3853 if (linuxExtEnabled == 0) 2821 if (linuxExtEnabled == 0)
3854 pSesInfo->capabilities &= (~CAP_UNIX); 2822 pSesInfo->capabilities &= (~CAP_UNIX);
3855 /* pSesInfo->sequence_number = 0;*/ 2823
3856 cFYI(1, ("Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d", 2824 cFYI(1, ("Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d",
3857 server->secMode, server->capabilities, server->timeAdj)); 2825 server->secMode, server->capabilities, server->timeAdj));
3858 2826
3859 if (experimEnabled < 2) 2827 rc = CIFS_SessSetup(xid, pSesInfo, first_time, nls_info);
3860 rc = CIFS_SessSetup(xid, pSesInfo, first_time, nls_info);
3861 else if (extended_security
3862 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3863 && (server->secType == NTLMSSP)) {
3864 rc = -EOPNOTSUPP;
3865 } else if (extended_security
3866 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3867 && (server->secType == RawNTLMSSP)) {
3868 cFYI(1, ("NTLMSSP sesssetup"));
3869 rc = CIFSNTLMSSPNegotiateSessSetup(xid, pSesInfo, &ntlmv2_flag,
3870 nls_info);
3871 if (!rc) {
3872 if (ntlmv2_flag) {
3873 char *v2_response;
3874 cFYI(1, ("more secure NTLM ver2 hash"));
3875 if (CalcNTLMv2_partial_mac_key(pSesInfo,
3876 nls_info)) {
3877 rc = -ENOMEM;
3878 goto ss_err_exit;
3879 } else
3880 v2_response = kmalloc(16 + 64 /* blob*/,
3881 GFP_KERNEL);
3882 if (v2_response) {
3883 CalcNTLMv2_response(pSesInfo,
3884 v2_response);
3885 /* if (first_time)
3886 cifs_calculate_ntlmv2_mac_key */
3887 kfree(v2_response);
3888 /* BB Put dummy sig in SessSetup PDU? */
3889 } else {
3890 rc = -ENOMEM;
3891 goto ss_err_exit;
3892 }
3893
3894 } else {
3895 SMBNTencrypt(pSesInfo->password,
3896 server->cryptKey,
3897 ntlm_session_key);
3898
3899 if (first_time)
3900 cifs_calculate_mac_key(
3901 &server->mac_signing_key,
3902 ntlm_session_key,
3903 pSesInfo->password);
3904 }
3905 /* for better security the weaker lanman hash not sent
3906 in AuthSessSetup so we no longer calculate it */
3907
3908 rc = CIFSNTLMSSPAuthSessSetup(xid, pSesInfo,
3909 ntlm_session_key,
3910 ntlmv2_flag,
3911 nls_info);
3912 }
3913 } else { /* old style NTLM 0.12 session setup */
3914 SMBNTencrypt(pSesInfo->password, server->cryptKey,
3915 ntlm_session_key);
3916
3917 if (first_time)
3918 cifs_calculate_mac_key(&server->mac_signing_key,
3919 ntlm_session_key,
3920 pSesInfo->password);
3921
3922 rc = CIFSSessSetup(xid, pSesInfo, ntlm_session_key, nls_info);
3923 }
3924 if (rc) { 2828 if (rc) {
3925 cERROR(1, ("Send error in SessSetup = %d", rc)); 2829 cERROR(1, ("Send error in SessSetup = %d", rc));
3926 } else { 2830 } else {
3927 cFYI(1, ("CIFS Session Established successfully")); 2831 cFYI(1, ("CIFS Session Established successfully"));
3928 spin_lock(&GlobalMid_Lock); 2832 spin_lock(&GlobalMid_Lock);
3929 pSesInfo->status = CifsGood; 2833 pSesInfo->status = CifsGood;
3930 pSesInfo->need_reconnect = false; 2834 pSesInfo->need_reconnect = false;
3931 spin_unlock(&GlobalMid_Lock); 2835 spin_unlock(&GlobalMid_Lock);
3932 } 2836 }
3933 2837
3934ss_err_exit: 2838ss_err_exit:
diff --git a/fs/cifs/dir.c b/fs/cifs/dir.c
index 461750e01364..11431ed72a7f 100644
--- a/fs/cifs/dir.c
+++ b/fs/cifs/dir.c
@@ -281,6 +281,7 @@ cifs_create(struct inode *inode, struct dentry *direntry, int mode,
281 int create_options = CREATE_NOT_DIR; 281 int create_options = CREATE_NOT_DIR;
282 int oplock = 0; 282 int oplock = 0;
283 int oflags; 283 int oflags;
284 bool posix_create = false;
284 /* 285 /*
285 * BB below access is probably too much for mknod to request 286 * BB below access is probably too much for mknod to request
286 * but we have to do query and setpathinfo so requesting 287 * but we have to do query and setpathinfo so requesting
@@ -328,11 +329,13 @@ cifs_create(struct inode *inode, struct dentry *direntry, int mode,
328 negotation. EREMOTE indicates DFS junction, which is not 329 negotation. EREMOTE indicates DFS junction, which is not
329 handled in posix open */ 330 handled in posix open */
330 331
331 if ((rc == 0) && (newinode == NULL)) 332 if (rc == 0) {
332 goto cifs_create_get_file_info; /* query inode info */ 333 posix_create = true;
333 else if (rc == 0) /* success, no need to query */ 334 if (newinode == NULL) /* query inode info */
334 goto cifs_create_set_dentry; 335 goto cifs_create_get_file_info;
335 else if ((rc != -EIO) && (rc != -EREMOTE) && 336 else /* success, no need to query */
337 goto cifs_create_set_dentry;
338 } else if ((rc != -EIO) && (rc != -EREMOTE) &&
336 (rc != -EOPNOTSUPP)) /* path not found or net err */ 339 (rc != -EOPNOTSUPP)) /* path not found or net err */
337 goto cifs_create_out; 340 goto cifs_create_out;
338 /* else fallthrough to retry, using older open call, this is 341 /* else fallthrough to retry, using older open call, this is
@@ -464,7 +467,7 @@ cifs_create_set_dentry:
464 if ((nd == NULL) || (!(nd->flags & LOOKUP_OPEN))) { 467 if ((nd == NULL) || (!(nd->flags & LOOKUP_OPEN))) {
465 /* mknod case - do not leave file open */ 468 /* mknod case - do not leave file open */
466 CIFSSMBClose(xid, tcon, fileHandle); 469 CIFSSMBClose(xid, tcon, fileHandle);
467 } else if (newinode) { 470 } else if (!(posix_create) && (newinode)) {
468 cifs_fill_fileinfo(newinode, fileHandle, 471 cifs_fill_fileinfo(newinode, fileHandle,
469 cifs_sb->tcon, write_only); 472 cifs_sb->tcon, write_only);
470 } 473 }
diff --git a/fs/cifs/file.c b/fs/cifs/file.c
index 50ca088d8860..38c06f826575 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -129,15 +129,12 @@ static inline int cifs_posix_open_inode_helper(struct inode *inode,
129 struct file *file, struct cifsInodeInfo *pCifsInode, 129 struct file *file, struct cifsInodeInfo *pCifsInode,
130 struct cifsFileInfo *pCifsFile, int oplock, u16 netfid) 130 struct cifsFileInfo *pCifsFile, int oplock, u16 netfid)
131{ 131{
132 struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb);
133/* struct timespec temp; */ /* BB REMOVEME BB */
134 132
135 file->private_data = kmalloc(sizeof(struct cifsFileInfo), GFP_KERNEL); 133 file->private_data = kmalloc(sizeof(struct cifsFileInfo), GFP_KERNEL);
136 if (file->private_data == NULL) 134 if (file->private_data == NULL)
137 return -ENOMEM; 135 return -ENOMEM;
138 pCifsFile = cifs_init_private(file->private_data, inode, file, netfid); 136 pCifsFile = cifs_init_private(file->private_data, inode, file, netfid);
139 write_lock(&GlobalSMBSeslock); 137 write_lock(&GlobalSMBSeslock);
140 list_add(&pCifsFile->tlist, &cifs_sb->tcon->openFileList);
141 138
142 pCifsInode = CIFS_I(file->f_path.dentry->d_inode); 139 pCifsInode = CIFS_I(file->f_path.dentry->d_inode);
143 if (pCifsInode == NULL) { 140 if (pCifsInode == NULL) {
@@ -145,17 +142,6 @@ static inline int cifs_posix_open_inode_helper(struct inode *inode,
145 return -EINVAL; 142 return -EINVAL;
146 } 143 }
147 144
148 /* want handles we can use to read with first
149 in the list so we do not have to walk the
150 list to search for one in write_begin */
151 if ((file->f_flags & O_ACCMODE) == O_WRONLY) {
152 list_add_tail(&pCifsFile->flist,
153 &pCifsInode->openFileList);
154 } else {
155 list_add(&pCifsFile->flist,
156 &pCifsInode->openFileList);
157 }
158
159 if (pCifsInode->clientCanCacheRead) { 145 if (pCifsInode->clientCanCacheRead) {
160 /* we have the inode open somewhere else 146 /* we have the inode open somewhere else
161 no need to discard cache data */ 147 no need to discard cache data */
diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
index f36b4e40e443..9c869a6dcba1 100644
--- a/fs/cifs/inode.c
+++ b/fs/cifs/inode.c
@@ -962,13 +962,21 @@ undo_setattr:
962 goto out_close; 962 goto out_close;
963} 963}
964 964
965
966/*
967 * If dentry->d_inode is null (usually meaning the cached dentry
968 * is a negative dentry) then we would attempt a standard SMB delete, but
969 * if that fails we can not attempt the fall back mechanisms on EACESS
970 * but will return the EACESS to the caller. Note that the VFS does not call
971 * unlink on negative dentries currently.
972 */
965int cifs_unlink(struct inode *dir, struct dentry *dentry) 973int cifs_unlink(struct inode *dir, struct dentry *dentry)
966{ 974{
967 int rc = 0; 975 int rc = 0;
968 int xid; 976 int xid;
969 char *full_path = NULL; 977 char *full_path = NULL;
970 struct inode *inode = dentry->d_inode; 978 struct inode *inode = dentry->d_inode;
971 struct cifsInodeInfo *cifsInode = CIFS_I(inode); 979 struct cifsInodeInfo *cifs_inode;
972 struct super_block *sb = dir->i_sb; 980 struct super_block *sb = dir->i_sb;
973 struct cifs_sb_info *cifs_sb = CIFS_SB(sb); 981 struct cifs_sb_info *cifs_sb = CIFS_SB(sb);
974 struct cifsTconInfo *tcon = cifs_sb->tcon; 982 struct cifsTconInfo *tcon = cifs_sb->tcon;
@@ -1012,7 +1020,7 @@ psx_del_no_retry:
1012 rc = cifs_rename_pending_delete(full_path, dentry, xid); 1020 rc = cifs_rename_pending_delete(full_path, dentry, xid);
1013 if (rc == 0) 1021 if (rc == 0)
1014 drop_nlink(inode); 1022 drop_nlink(inode);
1015 } else if (rc == -EACCES && dosattr == 0) { 1023 } else if ((rc == -EACCES) && (dosattr == 0) && inode) {
1016 attrs = kzalloc(sizeof(*attrs), GFP_KERNEL); 1024 attrs = kzalloc(sizeof(*attrs), GFP_KERNEL);
1017 if (attrs == NULL) { 1025 if (attrs == NULL) {
1018 rc = -ENOMEM; 1026 rc = -ENOMEM;
@@ -1020,7 +1028,8 @@ psx_del_no_retry:
1020 } 1028 }
1021 1029
1022 /* try to reset dos attributes */ 1030 /* try to reset dos attributes */
1023 origattr = cifsInode->cifsAttrs; 1031 cifs_inode = CIFS_I(inode);
1032 origattr = cifs_inode->cifsAttrs;
1024 if (origattr == 0) 1033 if (origattr == 0)
1025 origattr |= ATTR_NORMAL; 1034 origattr |= ATTR_NORMAL;
1026 dosattr = origattr & ~ATTR_READONLY; 1035 dosattr = origattr & ~ATTR_READONLY;
@@ -1041,13 +1050,13 @@ psx_del_no_retry:
1041 1050
1042out_reval: 1051out_reval:
1043 if (inode) { 1052 if (inode) {
1044 cifsInode = CIFS_I(inode); 1053 cifs_inode = CIFS_I(inode);
1045 cifsInode->time = 0; /* will force revalidate to get info 1054 cifs_inode->time = 0; /* will force revalidate to get info
1046 when needed */ 1055 when needed */
1047 inode->i_ctime = current_fs_time(sb); 1056 inode->i_ctime = current_fs_time(sb);
1048 } 1057 }
1049 dir->i_ctime = dir->i_mtime = current_fs_time(sb); 1058 dir->i_ctime = dir->i_mtime = current_fs_time(sb);
1050 cifsInode = CIFS_I(dir); 1059 cifs_inode = CIFS_I(dir);
1051 CIFS_I(dir)->time = 0; /* force revalidate of dir as well */ 1060 CIFS_I(dir)->time = 0; /* force revalidate of dir as well */
1052 1061
1053 kfree(full_path); 1062 kfree(full_path);
diff --git a/fs/cifs/link.c b/fs/cifs/link.c
index 63f644000ce5..cd83c53fcbb5 100644
--- a/fs/cifs/link.c
+++ b/fs/cifs/link.c
@@ -107,63 +107,51 @@ void *
107cifs_follow_link(struct dentry *direntry, struct nameidata *nd) 107cifs_follow_link(struct dentry *direntry, struct nameidata *nd)
108{ 108{
109 struct inode *inode = direntry->d_inode; 109 struct inode *inode = direntry->d_inode;
110 int rc = -EACCES; 110 int rc = -ENOMEM;
111 int xid; 111 int xid;
112 char *full_path = NULL; 112 char *full_path = NULL;
113 char *target_path = ERR_PTR(-ENOMEM); 113 char *target_path = NULL;
114 struct cifs_sb_info *cifs_sb; 114 struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb);
115 struct cifsTconInfo *pTcon; 115 struct cifsTconInfo *tcon = cifs_sb->tcon;
116 116
117 xid = GetXid(); 117 xid = GetXid();
118 118
119 full_path = build_path_from_dentry(direntry); 119 /*
120 120 * For now, we just handle symlinks with unix extensions enabled.
121 if (!full_path) 121 * Eventually we should handle NTFS reparse points, and MacOS
122 goto out_no_free; 122 * symlink support. For instance...
123 123 *
124 cFYI(1, ("Full path: %s inode = 0x%p", full_path, inode)); 124 * rc = CIFSSMBQueryReparseLinkInfo(...)
125 cifs_sb = CIFS_SB(inode->i_sb); 125 *
126 pTcon = cifs_sb->tcon; 126 * For now, just return -EACCES when the server doesn't support posix
127 target_path = kmalloc(PATH_MAX, GFP_KERNEL); 127 * extensions. Note that we still allow querying symlinks when posix
128 if (!target_path) { 128 * extensions are manually disabled. We could disable these as well
129 target_path = ERR_PTR(-ENOMEM); 129 * but there doesn't seem to be any harm in allowing the client to
130 * read them.
131 */
132 if (!(tcon->ses->capabilities & CAP_UNIX)) {
133 rc = -EACCES;
130 goto out; 134 goto out;
131 } 135 }
132 136
133 /* We could change this to: 137 full_path = build_path_from_dentry(direntry);
134 if (pTcon->unix_ext) 138 if (!full_path)
135 but there does not seem any point in refusing to 139 goto out;
136 get symlink info if we can, even if unix extensions
137 turned off for this mount */
138
139 if (pTcon->ses->capabilities & CAP_UNIX)
140 rc = CIFSSMBUnixQuerySymLink(xid, pTcon, full_path,
141 target_path,
142 PATH_MAX-1,
143 cifs_sb->local_nls);
144 else {
145 /* BB add read reparse point symlink code here */
146 /* rc = CIFSSMBQueryReparseLinkInfo */
147 /* BB Add code to Query ReparsePoint info */
148 /* BB Add MAC style xsymlink check here if enabled */
149 }
150
151 if (rc == 0) {
152 140
153/* BB Add special case check for Samba DFS symlinks */ 141 cFYI(1, ("Full path: %s inode = 0x%p", full_path, inode));
154 142
155 target_path[PATH_MAX-1] = 0; 143 rc = CIFSSMBUnixQuerySymLink(xid, tcon, full_path, &target_path,
156 } else { 144 cifs_sb->local_nls);
145 kfree(full_path);
146out:
147 if (rc != 0) {
157 kfree(target_path); 148 kfree(target_path);
158 target_path = ERR_PTR(rc); 149 target_path = ERR_PTR(rc);
159 } 150 }
160 151
161out:
162 kfree(full_path);
163out_no_free:
164 FreeXid(xid); 152 FreeXid(xid);
165 nd_set_link(nd, target_path); 153 nd_set_link(nd, target_path);
166 return NULL; /* No cookie */ 154 return NULL;
167} 155}
168 156
169int 157int
@@ -224,98 +212,6 @@ cifs_symlink(struct inode *inode, struct dentry *direntry, const char *symname)
224 return rc; 212 return rc;
225} 213}
226 214
227int
228cifs_readlink(struct dentry *direntry, char __user *pBuffer, int buflen)
229{
230 struct inode *inode = direntry->d_inode;
231 int rc = -EACCES;
232 int xid;
233 int oplock = 0;
234 struct cifs_sb_info *cifs_sb;
235 struct cifsTconInfo *pTcon;
236 char *full_path = NULL;
237 char *tmpbuffer;
238 int len;
239 __u16 fid;
240
241 xid = GetXid();
242 cifs_sb = CIFS_SB(inode->i_sb);
243 pTcon = cifs_sb->tcon;
244
245/* BB would it be safe against deadlock to grab this sem
246 even though rename itself grabs the sem and calls lookup? */
247/* mutex_lock(&inode->i_sb->s_vfs_rename_mutex);*/
248 full_path = build_path_from_dentry(direntry);
249/* mutex_unlock(&inode->i_sb->s_vfs_rename_mutex);*/
250
251 if (full_path == NULL) {
252 FreeXid(xid);
253 return -ENOMEM;
254 }
255
256 cFYI(1,
257 ("Full path: %s inode = 0x%p pBuffer = 0x%p buflen = %d",
258 full_path, inode, pBuffer, buflen));
259 if (buflen > PATH_MAX)
260 len = PATH_MAX;
261 else
262 len = buflen;
263 tmpbuffer = kmalloc(len, GFP_KERNEL);
264 if (tmpbuffer == NULL) {
265 kfree(full_path);
266 FreeXid(xid);
267 return -ENOMEM;
268 }
269
270/* BB add read reparse point symlink code and
271 Unix extensions symlink code here BB */
272/* We could disable this based on pTcon->unix_ext flag instead ... but why? */
273 if (cifs_sb->tcon->ses->capabilities & CAP_UNIX)
274 rc = CIFSSMBUnixQuerySymLink(xid, pTcon, full_path,
275 tmpbuffer,
276 len - 1,
277 cifs_sb->local_nls);
278 else if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_UNX_EMUL) {
279 cERROR(1, ("SFU style symlinks not implemented yet"));
280 /* add open and read as in fs/cifs/inode.c */
281 } else {
282 rc = CIFSSMBOpen(xid, pTcon, full_path, FILE_OPEN, GENERIC_READ,
283 OPEN_REPARSE_POINT, &fid, &oplock, NULL,
284 cifs_sb->local_nls,
285 cifs_sb->mnt_cifs_flags &
286 CIFS_MOUNT_MAP_SPECIAL_CHR);
287 if (!rc) {
288 rc = CIFSSMBQueryReparseLinkInfo(xid, pTcon, full_path,
289 tmpbuffer,
290 len - 1,
291 fid,
292 cifs_sb->local_nls);
293 if (CIFSSMBClose(xid, pTcon, fid)) {
294 cFYI(1, ("Error closing junction point "
295 "(open for ioctl)"));
296 }
297 /* If it is a DFS junction earlier we would have gotten
298 PATH_NOT_COVERED returned from server so we do
299 not need to request the DFS info here */
300 }
301 }
302 /* BB Anything else to do to handle recursive links? */
303 /* BB Should we be using page ops here? */
304
305 /* BB null terminate returned string in pBuffer? BB */
306 if (rc == 0) {
307 rc = vfs_readlink(direntry, pBuffer, len, tmpbuffer);
308 cFYI(1,
309 ("vfs_readlink called from cifs_readlink returned %d",
310 rc));
311 }
312
313 kfree(tmpbuffer);
314 kfree(full_path);
315 FreeXid(xid);
316 return rc;
317}
318
319void cifs_put_link(struct dentry *direntry, struct nameidata *nd, void *cookie) 215void cifs_put_link(struct dentry *direntry, struct nameidata *nd, void *cookie)
320{ 216{
321 char *p = nd_get_link(nd); 217 char *p = nd_get_link(nd);
diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c
index 4c89c572891a..e079a9190ec4 100644
--- a/fs/cifs/misc.c
+++ b/fs/cifs/misc.c
@@ -635,77 +635,6 @@ dump_smb(struct smb_hdr *smb_buf, int smb_buf_length)
635 return; 635 return;
636} 636}
637 637
638/* Windows maps these to the user defined 16 bit Unicode range since they are
639 reserved symbols (along with \ and /), otherwise illegal to store
640 in filenames in NTFS */
641#define UNI_ASTERIK (__u16) ('*' + 0xF000)
642#define UNI_QUESTION (__u16) ('?' + 0xF000)
643#define UNI_COLON (__u16) (':' + 0xF000)
644#define UNI_GRTRTHAN (__u16) ('>' + 0xF000)
645#define UNI_LESSTHAN (__u16) ('<' + 0xF000)
646#define UNI_PIPE (__u16) ('|' + 0xF000)
647#define UNI_SLASH (__u16) ('\\' + 0xF000)
648
649/* Convert 16 bit Unicode pathname from wire format to string in current code
650 page. Conversion may involve remapping up the seven characters that are
651 only legal in POSIX-like OS (if they are present in the string). Path
652 names are little endian 16 bit Unicode on the wire */
653int
654cifs_convertUCSpath(char *target, const __le16 *source, int maxlen,
655 const struct nls_table *cp)
656{
657 int i, j, len;
658 __u16 src_char;
659
660 for (i = 0, j = 0; i < maxlen; i++) {
661 src_char = le16_to_cpu(source[i]);
662 switch (src_char) {
663 case 0:
664 goto cUCS_out; /* BB check this BB */
665 case UNI_COLON:
666 target[j] = ':';
667 break;
668 case UNI_ASTERIK:
669 target[j] = '*';
670 break;
671 case UNI_QUESTION:
672 target[j] = '?';
673 break;
674 /* BB We can not handle remapping slash until
675 all the calls to build_path_from_dentry
676 are modified, as they use slash as separator BB */
677 /* case UNI_SLASH:
678 target[j] = '\\';
679 break;*/
680 case UNI_PIPE:
681 target[j] = '|';
682 break;
683 case UNI_GRTRTHAN:
684 target[j] = '>';
685 break;
686 case UNI_LESSTHAN:
687 target[j] = '<';
688 break;
689 default:
690 len = cp->uni2char(src_char, &target[j],
691 NLS_MAX_CHARSET_SIZE);
692 if (len > 0) {
693 j += len;
694 continue;
695 } else {
696 target[j] = '?';
697 }
698 }
699 j++;
700 /* make sure we do not overrun callers allocated temp buffer */
701 if (j >= (2 * NAME_MAX))
702 break;
703 }
704cUCS_out:
705 target[j] = 0;
706 return j;
707}
708
709/* Convert 16 bit Unicode pathname to wire format from string in current code 638/* Convert 16 bit Unicode pathname to wire format from string in current code
710 page. Conversion may involve remapping up the seven characters that are 639 page. Conversion may involve remapping up the seven characters that are
711 only legal in POSIX-like OS (if they are present in the string). Path 640 only legal in POSIX-like OS (if they are present in the string). Path
diff --git a/fs/cifs/netmisc.c b/fs/cifs/netmisc.c
index 8703d68f5b20..e2fe998989a3 100644
--- a/fs/cifs/netmisc.c
+++ b/fs/cifs/netmisc.c
@@ -79,6 +79,7 @@ static const struct smb_to_posix_error mapping_table_ERRDOS[] = {
79 {ErrQuota, -EDQUOT}, 79 {ErrQuota, -EDQUOT},
80 {ErrNotALink, -ENOLINK}, 80 {ErrNotALink, -ENOLINK},
81 {ERRnetlogonNotStarted, -ENOPROTOOPT}, 81 {ERRnetlogonNotStarted, -ENOPROTOOPT},
82 {ERRsymlink, -EOPNOTSUPP},
82 {ErrTooManyLinks, -EMLINK}, 83 {ErrTooManyLinks, -EMLINK},
83 {0, 0} 84 {0, 0}
84}; 85};
@@ -714,6 +715,7 @@ static const struct {
714 ERRDOS, ERRnoaccess, 0xc000028f}, { 715 ERRDOS, ERRnoaccess, 0xc000028f}, {
715 ERRDOS, ERRnoaccess, 0xc0000290}, { 716 ERRDOS, ERRnoaccess, 0xc0000290}, {
716 ERRDOS, ERRbadfunc, 0xc000029c}, { 717 ERRDOS, ERRbadfunc, 0xc000029c}, {
718 ERRDOS, ERRsymlink, NT_STATUS_STOPPED_ON_SYMLINK}, {
717 ERRDOS, ERRinvlevel, 0x007c0001}, }; 719 ERRDOS, ERRinvlevel, 0x007c0001}, };
718 720
719/***************************************************************************** 721/*****************************************************************************
diff --git a/fs/cifs/nterr.h b/fs/cifs/nterr.h
index 588abbb9d08c..257267367d41 100644
--- a/fs/cifs/nterr.h
+++ b/fs/cifs/nterr.h
@@ -35,8 +35,6 @@ struct nt_err_code_struct {
35extern const struct nt_err_code_struct nt_errs[]; 35extern const struct nt_err_code_struct nt_errs[];
36 36
37/* Win32 Status codes. */ 37/* Win32 Status codes. */
38
39#define STATUS_BUFFER_OVERFLOW 0x80000005
40#define STATUS_MORE_ENTRIES 0x0105 38#define STATUS_MORE_ENTRIES 0x0105
41#define ERROR_INVALID_PARAMETER 0x0057 39#define ERROR_INVALID_PARAMETER 0x0057
42#define ERROR_INSUFFICIENT_BUFFER 0x007a 40#define ERROR_INSUFFICIENT_BUFFER 0x007a
@@ -50,6 +48,13 @@ extern const struct nt_err_code_struct nt_errs[];
50#define STATUS_SOME_UNMAPPED 0x0107 48#define STATUS_SOME_UNMAPPED 0x0107
51#define STATUS_BUFFER_OVERFLOW 0x80000005 49#define STATUS_BUFFER_OVERFLOW 0x80000005
52#define NT_STATUS_NO_MORE_ENTRIES 0x8000001a 50#define NT_STATUS_NO_MORE_ENTRIES 0x8000001a
51#define NT_STATUS_MEDIA_CHANGED 0x8000001c
52#define NT_STATUS_END_OF_MEDIA 0x8000001e
53#define NT_STATUS_MEDIA_CHECK 0x80000020
54#define NT_STATUS_NO_DATA_DETECTED 0x8000001c
55#define NT_STATUS_STOPPED_ON_SYMLINK 0x8000002d
56#define NT_STATUS_DEVICE_REQUIRES_CLEANING 0x80000288
57#define NT_STATUS_DEVICE_DOOR_OPEN 0x80000288
53#define NT_STATUS_UNSUCCESSFUL 0xC0000000 | 0x0001 58#define NT_STATUS_UNSUCCESSFUL 0xC0000000 | 0x0001
54#define NT_STATUS_NOT_IMPLEMENTED 0xC0000000 | 0x0002 59#define NT_STATUS_NOT_IMPLEMENTED 0xC0000000 | 0x0002
55#define NT_STATUS_INVALID_INFO_CLASS 0xC0000000 | 0x0003 60#define NT_STATUS_INVALID_INFO_CLASS 0xC0000000 | 0x0003
diff --git a/fs/cifs/ntlmssp.h b/fs/cifs/ntlmssp.h
index c377d8065d99..49c9a4e75319 100644
--- a/fs/cifs/ntlmssp.h
+++ b/fs/cifs/ntlmssp.h
@@ -27,29 +27,39 @@
27#define UnknownMessage cpu_to_le32(8) 27#define UnknownMessage cpu_to_le32(8)
28 28
29/* Negotiate Flags */ 29/* Negotiate Flags */
30#define NTLMSSP_NEGOTIATE_UNICODE 0x01 /* Text strings are in unicode */ 30#define NTLMSSP_NEGOTIATE_UNICODE 0x01 /* Text strings are unicode */
31#define NTLMSSP_NEGOTIATE_OEM 0x02 /* Text strings are in OEM */ 31#define NTLMSSP_NEGOTIATE_OEM 0x02 /* Text strings are in OEM */
32#define NTLMSSP_REQUEST_TARGET 0x04 /* Server return its auth realm */ 32#define NTLMSSP_REQUEST_TARGET 0x04 /* Srv returns its auth realm */
33#define NTLMSSP_NEGOTIATE_SIGN 0x0010 /* Request signature capability */ 33/* define reserved9 0x08 */
34#define NTLMSSP_NEGOTIATE_SEAL 0x0020 /* Request confidentiality */ 34#define NTLMSSP_NEGOTIATE_SIGN 0x0010 /* Request signing capability */
35#define NTLMSSP_NEGOTIATE_DGRAM 0x0040 35#define NTLMSSP_NEGOTIATE_SEAL 0x0020 /* Request confidentiality */
36#define NTLMSSP_NEGOTIATE_LM_KEY 0x0080 /* Sign/seal use LM session key */ 36#define NTLMSSP_NEGOTIATE_DGRAM 0x0040
37#define NTLMSSP_NEGOTIATE_NTLM 0x0200 /* NTLM authentication */ 37#define NTLMSSP_NEGOTIATE_LM_KEY 0x0080 /* Use LM session key */
38#define NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED 0x1000 38/* defined reserved 8 0x0100 */
39#define NTLMSSP_NEGOTIATE_NTLM 0x0200 /* NTLM authentication */
40#define NTLMSSP_NEGOTIATE_NT_ONLY 0x0400 /* Lanman not allowed */
41#define NTLMSSP_ANONYMOUS 0x0800
42#define NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED 0x1000 /* reserved6 */
39#define NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED 0x2000 43#define NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED 0x2000
40#define NTLMSSP_NEGOTIATE_LOCAL_CALL 0x4000 /* client/server on same machine */ 44#define NTLMSSP_NEGOTIATE_LOCAL_CALL 0x4000 /* client/server same machine */
41#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x8000 /* Sign for all security levels */ 45#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x8000 /* Sign. All security levels */
42#define NTLMSSP_TARGET_TYPE_DOMAIN 0x10000 46#define NTLMSSP_TARGET_TYPE_DOMAIN 0x10000
43#define NTLMSSP_TARGET_TYPE_SERVER 0x20000 47#define NTLMSSP_TARGET_TYPE_SERVER 0x20000
44#define NTLMSSP_TARGET_TYPE_SHARE 0x40000 48#define NTLMSSP_TARGET_TYPE_SHARE 0x40000
45#define NTLMSSP_NEGOTIATE_NTLMV2 0x80000 49#define NTLMSSP_NEGOTIATE_EXTENDED_SEC 0x80000 /* NB:not related to NTLMv2 pwd*/
46#define NTLMSSP_REQUEST_INIT_RESP 0x100000 50/* #define NTLMSSP_REQUEST_INIT_RESP 0x100000 */
47#define NTLMSSP_REQUEST_ACCEPT_RESP 0x200000 51#define NTLMSSP_NEGOTIATE_IDENTIFY 0x100000
48#define NTLMSSP_REQUEST_NOT_NT_KEY 0x400000 52#define NTLMSSP_REQUEST_ACCEPT_RESP 0x200000 /* reserved5 */
53#define NTLMSSP_REQUEST_NON_NT_KEY 0x400000
49#define NTLMSSP_NEGOTIATE_TARGET_INFO 0x800000 54#define NTLMSSP_NEGOTIATE_TARGET_INFO 0x800000
50#define NTLMSSP_NEGOTIATE_128 0x20000000 55/* #define reserved4 0x1000000 */
51#define NTLMSSP_NEGOTIATE_KEY_XCH 0x40000000 56#define NTLMSSP_NEGOTIATE_VERSION 0x2000000 /* we do not set */
52#define NTLMSSP_NEGOTIATE_56 0x80000000 57/* #define reserved3 0x4000000 */
58/* #define reserved2 0x8000000 */
59/* #define reserved1 0x10000000 */
60#define NTLMSSP_NEGOTIATE_128 0x20000000
61#define NTLMSSP_NEGOTIATE_KEY_XCH 0x40000000
62#define NTLMSSP_NEGOTIATE_56 0x80000000
53 63
54/* Although typedefs are not commonly used for structure definitions */ 64/* Although typedefs are not commonly used for structure definitions */
55/* in the Linux kernel, in this particular case they are useful */ 65/* in the Linux kernel, in this particular case they are useful */
@@ -60,32 +70,36 @@
60typedef struct _SECURITY_BUFFER { 70typedef struct _SECURITY_BUFFER {
61 __le16 Length; 71 __le16 Length;
62 __le16 MaximumLength; 72 __le16 MaximumLength;
63 __le32 Buffer; /* offset to buffer */ 73 __le32 BufferOffset; /* offset to buffer */
64} __attribute__((packed)) SECURITY_BUFFER; 74} __attribute__((packed)) SECURITY_BUFFER;
65 75
66typedef struct _NEGOTIATE_MESSAGE { 76typedef struct _NEGOTIATE_MESSAGE {
67 __u8 Signature[sizeof(NTLMSSP_SIGNATURE)]; 77 __u8 Signature[sizeof(NTLMSSP_SIGNATURE)];
68 __le32 MessageType; /* 1 */ 78 __le32 MessageType; /* NtLmNegotiate = 1 */
69 __le32 NegotiateFlags; 79 __le32 NegotiateFlags;
70 SECURITY_BUFFER DomainName; /* RFC 1001 style and ASCII */ 80 SECURITY_BUFFER DomainName; /* RFC 1001 style and ASCII */
71 SECURITY_BUFFER WorkstationName; /* RFC 1001 and ASCII */ 81 SECURITY_BUFFER WorkstationName; /* RFC 1001 and ASCII */
82 /* SECURITY_BUFFER for version info not present since we
83 do not set the version is present flag */
72 char DomainString[0]; 84 char DomainString[0];
73 /* followed by WorkstationString */ 85 /* followed by WorkstationString */
74} __attribute__((packed)) NEGOTIATE_MESSAGE, *PNEGOTIATE_MESSAGE; 86} __attribute__((packed)) NEGOTIATE_MESSAGE, *PNEGOTIATE_MESSAGE;
75 87
76typedef struct _CHALLENGE_MESSAGE { 88typedef struct _CHALLENGE_MESSAGE {
77 __u8 Signature[sizeof(NTLMSSP_SIGNATURE)]; 89 __u8 Signature[sizeof(NTLMSSP_SIGNATURE)];
78 __le32 MessageType; /* 2 */ 90 __le32 MessageType; /* NtLmChallenge = 2 */
79 SECURITY_BUFFER TargetName; 91 SECURITY_BUFFER TargetName;
80 __le32 NegotiateFlags; 92 __le32 NegotiateFlags;
81 __u8 Challenge[CIFS_CRYPTO_KEY_SIZE]; 93 __u8 Challenge[CIFS_CRYPTO_KEY_SIZE];
82 __u8 Reserved[8]; 94 __u8 Reserved[8];
83 SECURITY_BUFFER TargetInfoArray; 95 SECURITY_BUFFER TargetInfoArray;
96 /* SECURITY_BUFFER for version info not present since we
97 do not set the version is present flag */
84} __attribute__((packed)) CHALLENGE_MESSAGE, *PCHALLENGE_MESSAGE; 98} __attribute__((packed)) CHALLENGE_MESSAGE, *PCHALLENGE_MESSAGE;
85 99
86typedef struct _AUTHENTICATE_MESSAGE { 100typedef struct _AUTHENTICATE_MESSAGE {
87 __u8 Signature[sizeof (NTLMSSP_SIGNATURE)]; 101 __u8 Signature[sizeof(NTLMSSP_SIGNATURE)];
88 __le32 MessageType; /* 3 */ 102 __le32 MessageType; /* NtLmsAuthenticate = 3 */
89 SECURITY_BUFFER LmChallengeResponse; 103 SECURITY_BUFFER LmChallengeResponse;
90 SECURITY_BUFFER NtChallengeResponse; 104 SECURITY_BUFFER NtChallengeResponse;
91 SECURITY_BUFFER DomainName; 105 SECURITY_BUFFER DomainName;
@@ -93,5 +107,7 @@ typedef struct _AUTHENTICATE_MESSAGE {
93 SECURITY_BUFFER WorkstationName; 107 SECURITY_BUFFER WorkstationName;
94 SECURITY_BUFFER SessionKey; 108 SECURITY_BUFFER SessionKey;
95 __le32 NegotiateFlags; 109 __le32 NegotiateFlags;
110 /* SECURITY_BUFFER for version info not present since we
111 do not set the version is present flag */
96 char UserString[0]; 112 char UserString[0];
97} __attribute__((packed)) AUTHENTICATE_MESSAGE, *PAUTHENTICATE_MESSAGE; 113} __attribute__((packed)) AUTHENTICATE_MESSAGE, *PAUTHENTICATE_MESSAGE;
diff --git a/fs/cifs/readdir.c b/fs/cifs/readdir.c
index 1a8be6228333..964e097c8203 100644
--- a/fs/cifs/readdir.c
+++ b/fs/cifs/readdir.c
@@ -31,6 +31,13 @@
31#include "cifs_fs_sb.h" 31#include "cifs_fs_sb.h"
32#include "cifsfs.h" 32#include "cifsfs.h"
33 33
34/*
35 * To be safe - for UCS to UTF-8 with strings loaded with the rare long
36 * characters alloc more to account for such multibyte target UTF-8
37 * characters.
38 */
39#define UNICODE_NAME_MAX ((4 * NAME_MAX) + 2)
40
34#ifdef CONFIG_CIFS_DEBUG2 41#ifdef CONFIG_CIFS_DEBUG2
35static void dump_cifs_file_struct(struct file *file, char *label) 42static void dump_cifs_file_struct(struct file *file, char *label)
36{ 43{
@@ -438,6 +445,38 @@ static void unix_fill_in_inode(struct inode *tmp_inode,
438 } 445 }
439} 446}
440 447
448/* BB eventually need to add the following helper function to
449 resolve NT_STATUS_STOPPED_ON_SYMLINK return code when
450 we try to do FindFirst on (NTFS) directory symlinks */
451/*
452int get_symlink_reparse_path(char *full_path, struct cifs_sb_info *cifs_sb,
453 int xid)
454{
455 __u16 fid;
456 int len;
457 int oplock = 0;
458 int rc;
459 struct cifsTconInfo *ptcon = cifs_sb->tcon;
460 char *tmpbuffer;
461
462 rc = CIFSSMBOpen(xid, ptcon, full_path, FILE_OPEN, GENERIC_READ,
463 OPEN_REPARSE_POINT, &fid, &oplock, NULL,
464 cifs_sb->local_nls,
465 cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR);
466 if (!rc) {
467 tmpbuffer = kmalloc(maxpath);
468 rc = CIFSSMBQueryReparseLinkInfo(xid, ptcon, full_path,
469 tmpbuffer,
470 maxpath -1,
471 fid,
472 cifs_sb->local_nls);
473 if (CIFSSMBClose(xid, ptcon, fid)) {
474 cFYI(1, ("Error closing temporary reparsepoint open)"));
475 }
476 }
477}
478 */
479
441static int initiate_cifs_search(const int xid, struct file *file) 480static int initiate_cifs_search(const int xid, struct file *file)
442{ 481{
443 int rc = 0; 482 int rc = 0;
@@ -493,7 +532,10 @@ ffirst_retry:
493 CIFS_MOUNT_MAP_SPECIAL_CHR, CIFS_DIR_SEP(cifs_sb)); 532 CIFS_MOUNT_MAP_SPECIAL_CHR, CIFS_DIR_SEP(cifs_sb));
494 if (rc == 0) 533 if (rc == 0)
495 cifsFile->invalidHandle = false; 534 cifsFile->invalidHandle = false;
496 if ((rc == -EOPNOTSUPP) && 535 /* BB add following call to handle readdir on new NTFS symlink errors
536 else if STATUS_STOPPED_ON_SYMLINK
537 call get_symlink_reparse_path and retry with new path */
538 else if ((rc == -EOPNOTSUPP) &&
497 (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SERVER_INUM)) { 539 (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SERVER_INUM)) {
498 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_SERVER_INUM; 540 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_SERVER_INUM;
499 goto ffirst_retry; 541 goto ffirst_retry;
@@ -822,7 +864,7 @@ static int find_cifs_entry(const int xid, struct cifsTconInfo *pTcon,
822/* inode num, inode type and filename returned */ 864/* inode num, inode type and filename returned */
823static int cifs_get_name_from_search_buf(struct qstr *pqst, 865static int cifs_get_name_from_search_buf(struct qstr *pqst,
824 char *current_entry, __u16 level, unsigned int unicode, 866 char *current_entry, __u16 level, unsigned int unicode,
825 struct cifs_sb_info *cifs_sb, int max_len, __u64 *pinum) 867 struct cifs_sb_info *cifs_sb, unsigned int max_len, __u64 *pinum)
826{ 868{
827 int rc = 0; 869 int rc = 0;
828 unsigned int len = 0; 870 unsigned int len = 0;
@@ -881,14 +923,12 @@ static int cifs_get_name_from_search_buf(struct qstr *pqst,
881 } 923 }
882 924
883 if (unicode) { 925 if (unicode) {
884 /* BB fixme - test with long names */ 926 pqst->len = cifs_from_ucs2((char *) pqst->name,
885 /* Note converted filename can be longer than in unicode */ 927 (__le16 *) filename,
886 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR) 928 UNICODE_NAME_MAX,
887 pqst->len = cifs_convertUCSpath((char *)pqst->name, 929 min(len, max_len), nlt,
888 (__le16 *)filename, len/2, nlt); 930 cifs_sb->mnt_cifs_flags &
889 else 931 CIFS_MOUNT_MAP_SPECIAL_CHR);
890 pqst->len = cifs_strfromUCS_le((char *)pqst->name,
891 (__le16 *)filename, len/2, nlt);
892 } else { 932 } else {
893 pqst->name = filename; 933 pqst->name = filename;
894 pqst->len = len; 934 pqst->len = len;
@@ -898,8 +938,8 @@ static int cifs_get_name_from_search_buf(struct qstr *pqst,
898 return rc; 938 return rc;
899} 939}
900 940
901static int cifs_filldir(char *pfindEntry, struct file *file, 941static int cifs_filldir(char *pfindEntry, struct file *file, filldir_t filldir,
902 filldir_t filldir, void *direntry, char *scratch_buf, int max_len) 942 void *direntry, char *scratch_buf, unsigned int max_len)
903{ 943{
904 int rc = 0; 944 int rc = 0;
905 struct qstr qstring; 945 struct qstr qstring;
@@ -996,7 +1036,7 @@ int cifs_readdir(struct file *file, void *direntry, filldir_t filldir)
996 int num_to_fill = 0; 1036 int num_to_fill = 0;
997 char *tmp_buf = NULL; 1037 char *tmp_buf = NULL;
998 char *end_of_smb; 1038 char *end_of_smb;
999 int max_len; 1039 unsigned int max_len;
1000 1040
1001 xid = GetXid(); 1041 xid = GetXid();
1002 1042
@@ -1070,11 +1110,7 @@ int cifs_readdir(struct file *file, void *direntry, filldir_t filldir)
1070 cifsFile->srch_inf.ntwrk_buf_start); 1110 cifsFile->srch_inf.ntwrk_buf_start);
1071 end_of_smb = cifsFile->srch_inf.ntwrk_buf_start + max_len; 1111 end_of_smb = cifsFile->srch_inf.ntwrk_buf_start + max_len;
1072 1112
1073 /* To be safe - for UCS to UTF-8 with strings loaded 1113 tmp_buf = kmalloc(UNICODE_NAME_MAX, GFP_KERNEL);
1074 with the rare long characters alloc more to account for
1075 such multibyte target UTF-8 characters. cifs_unicode.c,
1076 which actually does the conversion, has the same limit */
1077 tmp_buf = kmalloc((2 * NAME_MAX) + 4, GFP_KERNEL);
1078 for (i = 0; (i < num_to_fill) && (rc == 0); i++) { 1114 for (i = 0; (i < num_to_fill) && (rc == 0); i++) {
1079 if (current_entry == NULL) { 1115 if (current_entry == NULL) {
1080 /* evaluate whether this case is an error */ 1116 /* evaluate whether this case is an error */
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index c652c73760dd..897a052270f9 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -3,7 +3,7 @@
3 * 3 *
4 * SMB/CIFS session setup handling routines 4 * SMB/CIFS session setup handling routines
5 * 5 *
6 * Copyright (c) International Business Machines Corp., 2006, 2007 6 * Copyright (c) International Business Machines Corp., 2006, 2009
7 * Author(s): Steve French (sfrench@us.ibm.com) 7 * Author(s): Steve French (sfrench@us.ibm.com)
8 * 8 *
9 * This library is free software; you can redistribute it and/or modify 9 * This library is free software; you can redistribute it and/or modify
@@ -111,7 +111,7 @@ static __le16 get_next_vcnum(struct cifsSesInfo *ses)
111get_vc_num_exit: 111get_vc_num_exit:
112 write_unlock(&cifs_tcp_ses_lock); 112 write_unlock(&cifs_tcp_ses_lock);
113 113
114 return le16_to_cpu(vcnum); 114 return cpu_to_le16(vcnum);
115} 115}
116 116
117static __u32 cifs_ssetup_hdr(struct cifsSesInfo *ses, SESSION_SETUP_ANDX *pSMB) 117static __u32 cifs_ssetup_hdr(struct cifsSesInfo *ses, SESSION_SETUP_ANDX *pSMB)
@@ -277,12 +277,11 @@ static void ascii_ssetup_strings(char **pbcc_area, struct cifsSesInfo *ses,
277 *pbcc_area = bcc_ptr; 277 *pbcc_area = bcc_ptr;
278} 278}
279 279
280static int decode_unicode_ssetup(char **pbcc_area, int bleft, 280static void
281 struct cifsSesInfo *ses, 281decode_unicode_ssetup(char **pbcc_area, int bleft, struct cifsSesInfo *ses,
282 const struct nls_table *nls_cp) 282 const struct nls_table *nls_cp)
283{ 283{
284 int rc = 0; 284 int len;
285 int words_left, len;
286 char *data = *pbcc_area; 285 char *data = *pbcc_area;
287 286
288 cFYI(1, ("bleft %d", bleft)); 287 cFYI(1, ("bleft %d", bleft));
@@ -300,63 +299,29 @@ static int decode_unicode_ssetup(char **pbcc_area, int bleft,
300 ++bleft; 299 ++bleft;
301 } 300 }
302 301
303 words_left = bleft / 2;
304
305 /* save off server operating system */
306 len = UniStrnlen((wchar_t *) data, words_left);
307
308 if (len >= words_left)
309 return rc;
310
311 kfree(ses->serverOS); 302 kfree(ses->serverOS);
312 /* UTF-8 string will not grow more than four times as big as UCS-16 */ 303 ses->serverOS = cifs_strndup_from_ucs(data, bleft, true, nls_cp);
313 ses->serverOS = kzalloc((4 * len) + 2 /* trailing null */, GFP_KERNEL); 304 cFYI(1, ("serverOS=%s", ses->serverOS));
314 if (ses->serverOS != NULL) { 305 len = (UniStrnlen((wchar_t *) data, bleft / 2) * 2) + 2;
315 cifs_strfromUCS_le(ses->serverOS, (__le16 *)data, len, nls_cp); 306 data += len;
316 cFYI(1, ("serverOS=%s", ses->serverOS)); 307 bleft -= len;
317 } 308 if (bleft <= 0)
318 data += 2 * (len + 1); 309 return;
319 words_left -= len + 1;
320
321 /* save off server network operating system */
322 len = UniStrnlen((wchar_t *) data, words_left);
323
324 if (len >= words_left)
325 return rc;
326 310
327 kfree(ses->serverNOS); 311 kfree(ses->serverNOS);
328 ses->serverNOS = kzalloc((4 * len) + 2 /* trailing null */, GFP_KERNEL); 312 ses->serverNOS = cifs_strndup_from_ucs(data, bleft, true, nls_cp);
329 if (ses->serverNOS != NULL) { 313 cFYI(1, ("serverNOS=%s", ses->serverNOS));
330 cifs_strfromUCS_le(ses->serverNOS, (__le16 *)data, len, 314 len = (UniStrnlen((wchar_t *) data, bleft / 2) * 2) + 2;
331 nls_cp); 315 data += len;
332 cFYI(1, ("serverNOS=%s", ses->serverNOS)); 316 bleft -= len;
333 if (strncmp(ses->serverNOS, "NT LAN Manager 4", 16) == 0) { 317 if (bleft <= 0)
334 cFYI(1, ("NT4 server")); 318 return;
335 ses->flags |= CIFS_SES_NT4;
336 }
337 }
338 data += 2 * (len + 1);
339 words_left -= len + 1;
340
341 /* save off server domain */
342 len = UniStrnlen((wchar_t *) data, words_left);
343
344 if (len > words_left)
345 return rc;
346 319
347 kfree(ses->serverDomain); 320 kfree(ses->serverDomain);
348 ses->serverDomain = kzalloc((4 * len) + 2, GFP_KERNEL); 321 ses->serverDomain = cifs_strndup_from_ucs(data, bleft, true, nls_cp);
349 if (ses->serverDomain != NULL) { 322 cFYI(1, ("serverDomain=%s", ses->serverDomain));
350 cifs_strfromUCS_le(ses->serverDomain, (__le16 *)data, len,
351 nls_cp);
352 cFYI(1, ("serverDomain=%s", ses->serverDomain));
353 }
354 data += 2 * (len + 1);
355 words_left -= len + 1;
356
357 cFYI(1, ("words left: %d", words_left));
358 323
359 return rc; 324 return;
360} 325}
361 326
362static int decode_ascii_ssetup(char **pbcc_area, int bleft, 327static int decode_ascii_ssetup(char **pbcc_area, int bleft,
@@ -413,6 +378,186 @@ static int decode_ascii_ssetup(char **pbcc_area, int bleft,
413 return rc; 378 return rc;
414} 379}
415 380
381static int decode_ntlmssp_challenge(char *bcc_ptr, int blob_len,
382 struct cifsSesInfo *ses)
383{
384 CHALLENGE_MESSAGE *pblob = (CHALLENGE_MESSAGE *)bcc_ptr;
385
386 if (blob_len < sizeof(CHALLENGE_MESSAGE)) {
387 cERROR(1, ("challenge blob len %d too small", blob_len));
388 return -EINVAL;
389 }
390
391 if (memcmp(pblob->Signature, "NTLMSSP", 8)) {
392 cERROR(1, ("blob signature incorrect %s", pblob->Signature));
393 return -EINVAL;
394 }
395 if (pblob->MessageType != NtLmChallenge) {
396 cERROR(1, ("Incorrect message type %d", pblob->MessageType));
397 return -EINVAL;
398 }
399
400 memcpy(ses->server->cryptKey, pblob->Challenge, CIFS_CRYPTO_KEY_SIZE);
401 /* BB we could decode pblob->NegotiateFlags; some may be useful */
402 /* In particular we can examine sign flags */
403 /* BB spec says that if AvId field of MsvAvTimestamp is populated then
404 we must set the MIC field of the AUTHENTICATE_MESSAGE */
405
406 return 0;
407}
408
409#ifdef CONFIG_CIFS_EXPERIMENTAL
410/* BB Move to ntlmssp.c eventually */
411
412/* We do not malloc the blob, it is passed in pbuffer, because
413 it is fixed size, and small, making this approach cleaner */
414static void build_ntlmssp_negotiate_blob(unsigned char *pbuffer,
415 struct cifsSesInfo *ses)
416{
417 NEGOTIATE_MESSAGE *sec_blob = (NEGOTIATE_MESSAGE *)pbuffer;
418 __u32 flags;
419
420 memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8);
421 sec_blob->MessageType = NtLmNegotiate;
422
423 /* BB is NTLMV2 session security format easier to use here? */
424 flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET |
425 NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
426 NTLMSSP_NEGOTIATE_NT_ONLY | NTLMSSP_NEGOTIATE_NTLM;
427 if (ses->server->secMode &
428 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
429 flags |= NTLMSSP_NEGOTIATE_SIGN;
430 if (ses->server->secMode & SECMODE_SIGN_REQUIRED)
431 flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
432
433 sec_blob->NegotiateFlags |= cpu_to_le32(flags);
434
435 sec_blob->WorkstationName.BufferOffset = 0;
436 sec_blob->WorkstationName.Length = 0;
437 sec_blob->WorkstationName.MaximumLength = 0;
438
439 /* Domain name is sent on the Challenge not Negotiate NTLMSSP request */
440 sec_blob->DomainName.BufferOffset = 0;
441 sec_blob->DomainName.Length = 0;
442 sec_blob->DomainName.MaximumLength = 0;
443}
444
445/* We do not malloc the blob, it is passed in pbuffer, because its
446 maximum possible size is fixed and small, making this approach cleaner.
447 This function returns the length of the data in the blob */
448static int build_ntlmssp_auth_blob(unsigned char *pbuffer,
449 struct cifsSesInfo *ses,
450 const struct nls_table *nls_cp, int first)
451{
452 AUTHENTICATE_MESSAGE *sec_blob = (AUTHENTICATE_MESSAGE *)pbuffer;
453 __u32 flags;
454 unsigned char *tmp;
455 char ntlm_session_key[CIFS_SESS_KEY_SIZE];
456
457 memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8);
458 sec_blob->MessageType = NtLmAuthenticate;
459
460 flags = NTLMSSP_NEGOTIATE_56 |
461 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO |
462 NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
463 NTLMSSP_NEGOTIATE_NT_ONLY | NTLMSSP_NEGOTIATE_NTLM;
464 if (ses->server->secMode &
465 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
466 flags |= NTLMSSP_NEGOTIATE_SIGN;
467 if (ses->server->secMode & SECMODE_SIGN_REQUIRED)
468 flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
469
470 tmp = pbuffer + sizeof(AUTHENTICATE_MESSAGE);
471 sec_blob->NegotiateFlags |= cpu_to_le32(flags);
472
473 sec_blob->LmChallengeResponse.BufferOffset =
474 cpu_to_le32(sizeof(AUTHENTICATE_MESSAGE));
475 sec_blob->LmChallengeResponse.Length = 0;
476 sec_blob->LmChallengeResponse.MaximumLength = 0;
477
478 /* calculate session key, BB what about adding similar ntlmv2 path? */
479 SMBNTencrypt(ses->password, ses->server->cryptKey, ntlm_session_key);
480 if (first)
481 cifs_calculate_mac_key(&ses->server->mac_signing_key,
482 ntlm_session_key, ses->password);
483
484 memcpy(tmp, ntlm_session_key, CIFS_SESS_KEY_SIZE);
485 sec_blob->NtChallengeResponse.BufferOffset = cpu_to_le32(tmp - pbuffer);
486 sec_blob->NtChallengeResponse.Length = cpu_to_le16(CIFS_SESS_KEY_SIZE);
487 sec_blob->NtChallengeResponse.MaximumLength =
488 cpu_to_le16(CIFS_SESS_KEY_SIZE);
489
490 tmp += CIFS_SESS_KEY_SIZE;
491
492 if (ses->domainName == NULL) {
493 sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - pbuffer);
494 sec_blob->DomainName.Length = 0;
495 sec_blob->DomainName.MaximumLength = 0;
496 tmp += 2;
497 } else {
498 int len;
499 len = cifs_strtoUCS((__le16 *)tmp, ses->domainName,
500 MAX_USERNAME_SIZE, nls_cp);
501 len *= 2; /* unicode is 2 bytes each */
502 len += 2; /* trailing null */
503 sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - pbuffer);
504 sec_blob->DomainName.Length = cpu_to_le16(len);
505 sec_blob->DomainName.MaximumLength = cpu_to_le16(len);
506 tmp += len;
507 }
508
509 if (ses->userName == NULL) {
510 sec_blob->UserName.BufferOffset = cpu_to_le32(tmp - pbuffer);
511 sec_blob->UserName.Length = 0;
512 sec_blob->UserName.MaximumLength = 0;
513 tmp += 2;
514 } else {
515 int len;
516 len = cifs_strtoUCS((__le16 *)tmp, ses->userName,
517 MAX_USERNAME_SIZE, nls_cp);
518 len *= 2; /* unicode is 2 bytes each */
519 len += 2; /* trailing null */
520 sec_blob->UserName.BufferOffset = cpu_to_le32(tmp - pbuffer);
521 sec_blob->UserName.Length = cpu_to_le16(len);
522 sec_blob->UserName.MaximumLength = cpu_to_le16(len);
523 tmp += len;
524 }
525
526 sec_blob->WorkstationName.BufferOffset = cpu_to_le32(tmp - pbuffer);
527 sec_blob->WorkstationName.Length = 0;
528 sec_blob->WorkstationName.MaximumLength = 0;
529 tmp += 2;
530
531 sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - pbuffer);
532 sec_blob->SessionKey.Length = 0;
533 sec_blob->SessionKey.MaximumLength = 0;
534 return tmp - pbuffer;
535}
536
537
538static void setup_ntlmssp_neg_req(SESSION_SETUP_ANDX *pSMB,
539 struct cifsSesInfo *ses)
540{
541 build_ntlmssp_negotiate_blob(&pSMB->req.SecurityBlob[0], ses);
542 pSMB->req.SecurityBlobLength = cpu_to_le16(sizeof(NEGOTIATE_MESSAGE));
543
544 return;
545}
546
547static int setup_ntlmssp_auth_req(SESSION_SETUP_ANDX *pSMB,
548 struct cifsSesInfo *ses,
549 const struct nls_table *nls, int first_time)
550{
551 int bloblen;
552
553 bloblen = build_ntlmssp_auth_blob(&pSMB->req.SecurityBlob[0], ses, nls,
554 first_time);
555 pSMB->req.SecurityBlobLength = cpu_to_le16(bloblen);
556
557 return bloblen;
558}
559#endif
560
416int 561int
417CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time, 562CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
418 const struct nls_table *nls_cp) 563 const struct nls_table *nls_cp)
@@ -431,6 +576,7 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
431 __u16 action; 576 __u16 action;
432 int bytes_remaining; 577 int bytes_remaining;
433 struct key *spnego_key = NULL; 578 struct key *spnego_key = NULL;
579 __le32 phase = NtLmNegotiate; /* NTLMSSP, if needed, is multistage */
434 580
435 if (ses == NULL) 581 if (ses == NULL)
436 return -EINVAL; 582 return -EINVAL;
@@ -438,6 +584,10 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
438 type = ses->server->secType; 584 type = ses->server->secType;
439 585
440 cFYI(1, ("sess setup type %d", type)); 586 cFYI(1, ("sess setup type %d", type));
587ssetup_ntlmssp_authenticate:
588 if (phase == NtLmChallenge)
589 phase = NtLmAuthenticate; /* if ntlmssp, now final phase */
590
441 if (type == LANMAN) { 591 if (type == LANMAN) {
442#ifndef CONFIG_CIFS_WEAK_PW_HASH 592#ifndef CONFIG_CIFS_WEAK_PW_HASH
443 /* LANMAN and plaintext are less secure and off by default. 593 /* LANMAN and plaintext are less secure and off by default.
@@ -651,9 +801,53 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
651 goto ssetup_exit; 801 goto ssetup_exit;
652#endif /* CONFIG_CIFS_UPCALL */ 802#endif /* CONFIG_CIFS_UPCALL */
653 } else { 803 } else {
804#ifdef CONFIG_CIFS_EXPERIMENTAL
805 if ((experimEnabled > 1) && (type == RawNTLMSSP)) {
806 if ((pSMB->req.hdr.Flags2 & SMBFLG2_UNICODE) == 0) {
807 cERROR(1, ("NTLMSSP requires Unicode support"));
808 rc = -ENOSYS;
809 goto ssetup_exit;
810 }
811
812 cFYI(1, ("ntlmssp session setup phase %d", phase));
813 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
814 capabilities |= CAP_EXTENDED_SECURITY;
815 pSMB->req.Capabilities |= cpu_to_le32(capabilities);
816 if (phase == NtLmNegotiate) {
817 setup_ntlmssp_neg_req(pSMB, ses);
818 iov[1].iov_len = sizeof(NEGOTIATE_MESSAGE);
819 } else if (phase == NtLmAuthenticate) {
820 int blob_len;
821 blob_len = setup_ntlmssp_auth_req(pSMB, ses,
822 nls_cp,
823 first_time);
824 iov[1].iov_len = blob_len;
825 /* Make sure that we tell the server that we
826 are using the uid that it just gave us back
827 on the response (challenge) */
828 smb_buf->Uid = ses->Suid;
829 } else {
830 cERROR(1, ("invalid phase %d", phase));
831 rc = -ENOSYS;
832 goto ssetup_exit;
833 }
834 iov[1].iov_base = &pSMB->req.SecurityBlob[0];
835 /* unicode strings must be word aligned */
836 if ((iov[0].iov_len + iov[1].iov_len) % 2) {
837 *bcc_ptr = 0;
838 bcc_ptr++;
839 }
840 unicode_oslm_strings(&bcc_ptr, nls_cp);
841 } else {
842 cERROR(1, ("secType %d not supported!", type));
843 rc = -ENOSYS;
844 goto ssetup_exit;
845 }
846#else
654 cERROR(1, ("secType %d not supported!", type)); 847 cERROR(1, ("secType %d not supported!", type));
655 rc = -ENOSYS; 848 rc = -ENOSYS;
656 goto ssetup_exit; 849 goto ssetup_exit;
850#endif
657 } 851 }
658 852
659 iov[2].iov_base = str_area; 853 iov[2].iov_base = str_area;
@@ -669,12 +863,23 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
669 /* SMB request buf freed in SendReceive2 */ 863 /* SMB request buf freed in SendReceive2 */
670 864
671 cFYI(1, ("ssetup rc from sendrecv2 is %d", rc)); 865 cFYI(1, ("ssetup rc from sendrecv2 is %d", rc));
672 if (rc)
673 goto ssetup_exit;
674 866
675 pSMB = (SESSION_SETUP_ANDX *)iov[0].iov_base; 867 pSMB = (SESSION_SETUP_ANDX *)iov[0].iov_base;
676 smb_buf = (struct smb_hdr *)iov[0].iov_base; 868 smb_buf = (struct smb_hdr *)iov[0].iov_base;
677 869
870 if ((type == RawNTLMSSP) && (smb_buf->Status.CifsError ==
871 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))) {
872 if (phase != NtLmNegotiate) {
873 cERROR(1, ("Unexpected more processing error"));
874 goto ssetup_exit;
875 }
876 /* NTLMSSP Negotiate sent now processing challenge (response) */
877 phase = NtLmChallenge; /* process ntlmssp challenge */
878 rc = 0; /* MORE_PROC rc is not an error here, but expected */
879 }
880 if (rc)
881 goto ssetup_exit;
882
678 if ((smb_buf->WordCount != 3) && (smb_buf->WordCount != 4)) { 883 if ((smb_buf->WordCount != 3) && (smb_buf->WordCount != 4)) {
679 rc = -EIO; 884 rc = -EIO;
680 cERROR(1, ("bad word count %d", smb_buf->WordCount)); 885 cERROR(1, ("bad word count %d", smb_buf->WordCount));
@@ -693,12 +898,18 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
693 if (smb_buf->WordCount == 4) { 898 if (smb_buf->WordCount == 4) {
694 __u16 blob_len; 899 __u16 blob_len;
695 blob_len = le16_to_cpu(pSMB->resp.SecurityBlobLength); 900 blob_len = le16_to_cpu(pSMB->resp.SecurityBlobLength);
696 bcc_ptr += blob_len;
697 if (blob_len > bytes_remaining) { 901 if (blob_len > bytes_remaining) {
698 cERROR(1, ("bad security blob length %d", blob_len)); 902 cERROR(1, ("bad security blob length %d", blob_len));
699 rc = -EINVAL; 903 rc = -EINVAL;
700 goto ssetup_exit; 904 goto ssetup_exit;
701 } 905 }
906 if (phase == NtLmChallenge) {
907 rc = decode_ntlmssp_challenge(bcc_ptr, blob_len, ses);
908 /* now goto beginning for ntlmssp authenticate phase */
909 if (rc)
910 goto ssetup_exit;
911 }
912 bcc_ptr += blob_len;
702 bytes_remaining -= blob_len; 913 bytes_remaining -= blob_len;
703 } 914 }
704 915
@@ -709,8 +920,7 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
709 ++bcc_ptr; 920 ++bcc_ptr;
710 --bytes_remaining; 921 --bytes_remaining;
711 } 922 }
712 rc = decode_unicode_ssetup(&bcc_ptr, bytes_remaining, 923 decode_unicode_ssetup(&bcc_ptr, bytes_remaining, ses, nls_cp);
713 ses, nls_cp);
714 } else { 924 } else {
715 rc = decode_ascii_ssetup(&bcc_ptr, bytes_remaining, 925 rc = decode_ascii_ssetup(&bcc_ptr, bytes_remaining,
716 ses, nls_cp); 926 ses, nls_cp);
@@ -728,5 +938,9 @@ ssetup_exit:
728 } else if (resp_buf_type == CIFS_LARGE_BUFFER) 938 } else if (resp_buf_type == CIFS_LARGE_BUFFER)
729 cifs_buf_release(iov[0].iov_base); 939 cifs_buf_release(iov[0].iov_base);
730 940
941 /* if ntlmssp, and negotiate succeeded, proceed to authenticate phase */
942 if ((phase == NtLmChallenge) && (rc == 0))
943 goto ssetup_ntlmssp_authenticate;
944
731 return rc; 945 return rc;
732} 946}
diff --git a/fs/cifs/smberr.h b/fs/cifs/smberr.h
index 7f50e8577c1c..c5084d27db7c 100644
--- a/fs/cifs/smberr.h
+++ b/fs/cifs/smberr.h
@@ -110,6 +110,7 @@
110 110
111/* Below errors are used internally (do not come over the wire) for passthrough 111/* Below errors are used internally (do not come over the wire) for passthrough
112 from STATUS codes to POSIX only */ 112 from STATUS codes to POSIX only */
113#define ERRsymlink 0xFFFD
113#define ErrTooManyLinks 0xFFFE 114#define ErrTooManyLinks 0xFFFE
114 115
115/* Following error codes may be generated with the ERRSRV error class.*/ 116/* Following error codes may be generated with the ERRSRV error class.*/