diff options
Diffstat (limited to 'fs/cifs/cifssmb.c')
-rw-r--r-- | fs/cifs/cifssmb.c | 217 |
1 files changed, 83 insertions, 134 deletions
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index a0845dc7b8a9..75e6623a8635 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c | |||
@@ -1,7 +1,7 @@ | |||
1 | /* | 1 | /* |
2 | * fs/cifs/cifssmb.c | 2 | * fs/cifs/cifssmb.c |
3 | * | 3 | * |
4 | * Copyright (C) International Business Machines Corp., 2002,2008 | 4 | * Copyright (C) International Business Machines Corp., 2002,2009 |
5 | * Author(s): Steve French (sfrench@us.ibm.com) | 5 | * Author(s): Steve French (sfrench@us.ibm.com) |
6 | * | 6 | * |
7 | * Contains the routines for constructing the SMB PDUs themselves | 7 | * Contains the routines for constructing the SMB PDUs themselves |
@@ -81,41 +81,6 @@ static struct { | |||
81 | #endif /* CONFIG_CIFS_WEAK_PW_HASH */ | 81 | #endif /* CONFIG_CIFS_WEAK_PW_HASH */ |
82 | #endif /* CIFS_POSIX */ | 82 | #endif /* CIFS_POSIX */ |
83 | 83 | ||
84 | /* Allocates buffer into dst and copies smb string from src to it. | ||
85 | * caller is responsible for freeing dst if function returned 0. | ||
86 | * returns: | ||
87 | * on success - 0 | ||
88 | * on failure - errno | ||
89 | */ | ||
90 | static int | ||
91 | cifs_strncpy_to_host(char **dst, const char *src, const int maxlen, | ||
92 | const bool is_unicode, const struct nls_table *nls_codepage) | ||
93 | { | ||
94 | int plen; | ||
95 | |||
96 | if (is_unicode) { | ||
97 | plen = UniStrnlen((wchar_t *)src, maxlen); | ||
98 | *dst = kmalloc(plen + 2, GFP_KERNEL); | ||
99 | if (!*dst) | ||
100 | goto cifs_strncpy_to_host_ErrExit; | ||
101 | cifs_strfromUCS_le(*dst, (__le16 *)src, plen, nls_codepage); | ||
102 | } else { | ||
103 | plen = strnlen(src, maxlen); | ||
104 | *dst = kmalloc(plen + 2, GFP_KERNEL); | ||
105 | if (!*dst) | ||
106 | goto cifs_strncpy_to_host_ErrExit; | ||
107 | strncpy(*dst, src, plen); | ||
108 | } | ||
109 | (*dst)[plen] = 0; | ||
110 | (*dst)[plen+1] = 0; /* harmless for ASCII case, needed for Unicode */ | ||
111 | return 0; | ||
112 | |||
113 | cifs_strncpy_to_host_ErrExit: | ||
114 | cERROR(1, ("Failed to allocate buffer for string\n")); | ||
115 | return -ENOMEM; | ||
116 | } | ||
117 | |||
118 | |||
119 | /* Mark as invalid, all open files on tree connections since they | 84 | /* Mark as invalid, all open files on tree connections since they |
120 | were closed when session to server was lost */ | 85 | were closed when session to server was lost */ |
121 | static void mark_open_files_invalid(struct cifsTconInfo *pTcon) | 86 | static void mark_open_files_invalid(struct cifsTconInfo *pTcon) |
@@ -484,6 +449,14 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses) | |||
484 | cFYI(1, ("Kerberos only mechanism, enable extended security")); | 449 | cFYI(1, ("Kerberos only mechanism, enable extended security")); |
485 | pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC; | 450 | pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC; |
486 | } | 451 | } |
452 | #ifdef CONFIG_CIFS_EXPERIMENTAL | ||
453 | else if ((secFlags & CIFSSEC_MUST_NTLMSSP) == CIFSSEC_MUST_NTLMSSP) | ||
454 | pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC; | ||
455 | else if ((secFlags & CIFSSEC_AUTH_MASK) == CIFSSEC_MAY_NTLMSSP) { | ||
456 | cFYI(1, ("NTLMSSP only mechanism, enable extended security")); | ||
457 | pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC; | ||
458 | } | ||
459 | #endif | ||
487 | 460 | ||
488 | count = 0; | 461 | count = 0; |
489 | for (i = 0; i < CIFS_NUM_PROT; i++) { | 462 | for (i = 0; i < CIFS_NUM_PROT; i++) { |
@@ -620,6 +593,8 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses) | |||
620 | server->secType = NTLMv2; | 593 | server->secType = NTLMv2; |
621 | else if (secFlags & CIFSSEC_MAY_KRB5) | 594 | else if (secFlags & CIFSSEC_MAY_KRB5) |
622 | server->secType = Kerberos; | 595 | server->secType = Kerberos; |
596 | else if (secFlags & CIFSSEC_MAY_NTLMSSP) | ||
597 | server->secType = NTLMSSP; | ||
623 | else if (secFlags & CIFSSEC_MAY_LANMAN) | 598 | else if (secFlags & CIFSSEC_MAY_LANMAN) |
624 | server->secType = LANMAN; | 599 | server->secType = LANMAN; |
625 | /* #ifdef CONFIG_CIFS_EXPERIMENTAL | 600 | /* #ifdef CONFIG_CIFS_EXPERIMENTAL |
@@ -2417,8 +2392,7 @@ winCreateHardLinkRetry: | |||
2417 | 2392 | ||
2418 | int | 2393 | int |
2419 | CIFSSMBUnixQuerySymLink(const int xid, struct cifsTconInfo *tcon, | 2394 | CIFSSMBUnixQuerySymLink(const int xid, struct cifsTconInfo *tcon, |
2420 | const unsigned char *searchName, | 2395 | const unsigned char *searchName, char **symlinkinfo, |
2421 | char *symlinkinfo, const int buflen, | ||
2422 | const struct nls_table *nls_codepage) | 2396 | const struct nls_table *nls_codepage) |
2423 | { | 2397 | { |
2424 | /* SMB_QUERY_FILE_UNIX_LINK */ | 2398 | /* SMB_QUERY_FILE_UNIX_LINK */ |
@@ -2428,6 +2402,7 @@ CIFSSMBUnixQuerySymLink(const int xid, struct cifsTconInfo *tcon, | |||
2428 | int bytes_returned; | 2402 | int bytes_returned; |
2429 | int name_len; | 2403 | int name_len; |
2430 | __u16 params, byte_count; | 2404 | __u16 params, byte_count; |
2405 | char *data_start; | ||
2431 | 2406 | ||
2432 | cFYI(1, ("In QPathSymLinkInfo (Unix) for path %s", searchName)); | 2407 | cFYI(1, ("In QPathSymLinkInfo (Unix) for path %s", searchName)); |
2433 | 2408 | ||
@@ -2482,30 +2457,26 @@ querySymLinkRetry: | |||
2482 | /* decode response */ | 2457 | /* decode response */ |
2483 | 2458 | ||
2484 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); | 2459 | rc = validate_t2((struct smb_t2_rsp *)pSMBr); |
2485 | if (rc || (pSMBr->ByteCount < 2)) | ||
2486 | /* BB also check enough total bytes returned */ | 2460 | /* BB also check enough total bytes returned */ |
2487 | rc = -EIO; /* bad smb */ | 2461 | if (rc || (pSMBr->ByteCount < 2)) |
2462 | rc = -EIO; | ||
2488 | else { | 2463 | else { |
2489 | __u16 data_offset = le16_to_cpu(pSMBr->t2.DataOffset); | 2464 | bool is_unicode; |
2490 | __u16 count = le16_to_cpu(pSMBr->t2.DataCount); | 2465 | u16 count = le16_to_cpu(pSMBr->t2.DataCount); |
2466 | |||
2467 | data_start = ((char *) &pSMBr->hdr.Protocol) + | ||
2468 | le16_to_cpu(pSMBr->t2.DataOffset); | ||
2469 | |||
2470 | if (pSMBr->hdr.Flags2 & SMBFLG2_UNICODE) | ||
2471 | is_unicode = true; | ||
2472 | else | ||
2473 | is_unicode = false; | ||
2491 | 2474 | ||
2492 | if (pSMBr->hdr.Flags2 & SMBFLG2_UNICODE) { | ||
2493 | name_len = UniStrnlen((wchar_t *) ((char *) | ||
2494 | &pSMBr->hdr.Protocol + data_offset), | ||
2495 | min_t(const int, buflen, count) / 2); | ||
2496 | /* BB FIXME investigate remapping reserved chars here */ | 2475 | /* BB FIXME investigate remapping reserved chars here */ |
2497 | cifs_strfromUCS_le(symlinkinfo, | 2476 | *symlinkinfo = cifs_strndup_from_ucs(data_start, count, |
2498 | (__le16 *) ((char *)&pSMBr->hdr.Protocol | 2477 | is_unicode, nls_codepage); |
2499 | + data_offset), | 2478 | if (!symlinkinfo) |
2500 | name_len, nls_codepage); | 2479 | rc = -ENOMEM; |
2501 | } else { | ||
2502 | strncpy(symlinkinfo, | ||
2503 | (char *) &pSMBr->hdr.Protocol + | ||
2504 | data_offset, | ||
2505 | min_t(const int, buflen, count)); | ||
2506 | } | ||
2507 | symlinkinfo[buflen] = 0; | ||
2508 | /* just in case so calling code does not go off the end of buffer */ | ||
2509 | } | 2480 | } |
2510 | } | 2481 | } |
2511 | cifs_buf_release(pSMB); | 2482 | cifs_buf_release(pSMB); |
@@ -2603,7 +2574,6 @@ validate_ntransact(char *buf, char **ppparm, char **ppdata, | |||
2603 | *pparmlen = parm_count; | 2574 | *pparmlen = parm_count; |
2604 | return 0; | 2575 | return 0; |
2605 | } | 2576 | } |
2606 | #endif /* CIFS_EXPERIMENTAL */ | ||
2607 | 2577 | ||
2608 | int | 2578 | int |
2609 | CIFSSMBQueryReparseLinkInfo(const int xid, struct cifsTconInfo *tcon, | 2579 | CIFSSMBQueryReparseLinkInfo(const int xid, struct cifsTconInfo *tcon, |
@@ -2613,7 +2583,6 @@ CIFSSMBQueryReparseLinkInfo(const int xid, struct cifsTconInfo *tcon, | |||
2613 | { | 2583 | { |
2614 | int rc = 0; | 2584 | int rc = 0; |
2615 | int bytes_returned; | 2585 | int bytes_returned; |
2616 | int name_len; | ||
2617 | struct smb_com_transaction_ioctl_req *pSMB; | 2586 | struct smb_com_transaction_ioctl_req *pSMB; |
2618 | struct smb_com_transaction_ioctl_rsp *pSMBr; | 2587 | struct smb_com_transaction_ioctl_rsp *pSMBr; |
2619 | 2588 | ||
@@ -2650,59 +2619,55 @@ CIFSSMBQueryReparseLinkInfo(const int xid, struct cifsTconInfo *tcon, | |||
2650 | } else { /* decode response */ | 2619 | } else { /* decode response */ |
2651 | __u32 data_offset = le32_to_cpu(pSMBr->DataOffset); | 2620 | __u32 data_offset = le32_to_cpu(pSMBr->DataOffset); |
2652 | __u32 data_count = le32_to_cpu(pSMBr->DataCount); | 2621 | __u32 data_count = le32_to_cpu(pSMBr->DataCount); |
2653 | if ((pSMBr->ByteCount < 2) || (data_offset > 512)) | 2622 | if ((pSMBr->ByteCount < 2) || (data_offset > 512)) { |
2654 | /* BB also check enough total bytes returned */ | 2623 | /* BB also check enough total bytes returned */ |
2655 | rc = -EIO; /* bad smb */ | 2624 | rc = -EIO; /* bad smb */ |
2656 | else { | 2625 | goto qreparse_out; |
2657 | if (data_count && (data_count < 2048)) { | 2626 | } |
2658 | char *end_of_smb = 2 /* sizeof byte count */ + | 2627 | if (data_count && (data_count < 2048)) { |
2659 | pSMBr->ByteCount + | 2628 | char *end_of_smb = 2 /* sizeof byte count */ + |
2660 | (char *)&pSMBr->ByteCount; | 2629 | pSMBr->ByteCount + (char *)&pSMBr->ByteCount; |
2661 | 2630 | ||
2662 | struct reparse_data *reparse_buf = | 2631 | struct reparse_data *reparse_buf = |
2663 | (struct reparse_data *) | 2632 | (struct reparse_data *) |
2664 | ((char *)&pSMBr->hdr.Protocol | 2633 | ((char *)&pSMBr->hdr.Protocol |
2665 | + data_offset); | 2634 | + data_offset); |
2666 | if ((char *)reparse_buf >= end_of_smb) { | 2635 | if ((char *)reparse_buf >= end_of_smb) { |
2667 | rc = -EIO; | 2636 | rc = -EIO; |
2668 | goto qreparse_out; | 2637 | goto qreparse_out; |
2669 | } | 2638 | } |
2670 | if ((reparse_buf->LinkNamesBuf + | 2639 | if ((reparse_buf->LinkNamesBuf + |
2671 | reparse_buf->TargetNameOffset + | 2640 | reparse_buf->TargetNameOffset + |
2672 | reparse_buf->TargetNameLen) > | 2641 | reparse_buf->TargetNameLen) > end_of_smb) { |
2673 | end_of_smb) { | 2642 | cFYI(1, ("reparse buf beyond SMB")); |
2674 | cFYI(1, ("reparse buf beyond SMB")); | 2643 | rc = -EIO; |
2675 | rc = -EIO; | 2644 | goto qreparse_out; |
2676 | goto qreparse_out; | 2645 | } |
2677 | } | ||
2678 | 2646 | ||
2679 | if (pSMBr->hdr.Flags2 & SMBFLG2_UNICODE) { | 2647 | if (pSMBr->hdr.Flags2 & SMBFLG2_UNICODE) { |
2680 | name_len = UniStrnlen((wchar_t *) | 2648 | cifs_from_ucs2(symlinkinfo, (__le16 *) |
2681 | (reparse_buf->LinkNamesBuf + | 2649 | (reparse_buf->LinkNamesBuf + |
2682 | reparse_buf->TargetNameOffset), | 2650 | reparse_buf->TargetNameOffset), |
2683 | min(buflen/2, | 2651 | buflen, |
2684 | reparse_buf->TargetNameLen / 2)); | 2652 | reparse_buf->TargetNameLen, |
2685 | cifs_strfromUCS_le(symlinkinfo, | 2653 | nls_codepage, 0); |
2686 | (__le16 *) (reparse_buf->LinkNamesBuf + | 2654 | } else { /* ASCII names */ |
2687 | reparse_buf->TargetNameOffset), | 2655 | strncpy(symlinkinfo, |
2688 | name_len, nls_codepage); | 2656 | reparse_buf->LinkNamesBuf + |
2689 | } else { /* ASCII names */ | 2657 | reparse_buf->TargetNameOffset, |
2690 | strncpy(symlinkinfo, | 2658 | min_t(const int, buflen, |
2691 | reparse_buf->LinkNamesBuf + | 2659 | reparse_buf->TargetNameLen)); |
2692 | reparse_buf->TargetNameOffset, | ||
2693 | min_t(const int, buflen, | ||
2694 | reparse_buf->TargetNameLen)); | ||
2695 | } | ||
2696 | } else { | ||
2697 | rc = -EIO; | ||
2698 | cFYI(1, ("Invalid return data count on " | ||
2699 | "get reparse info ioctl")); | ||
2700 | } | 2660 | } |
2701 | symlinkinfo[buflen] = 0; /* just in case so the caller | 2661 | } else { |
2702 | does not go off the end of the buffer */ | 2662 | rc = -EIO; |
2703 | cFYI(1, ("readlink result - %s", symlinkinfo)); | 2663 | cFYI(1, ("Invalid return data count on " |
2664 | "get reparse info ioctl")); | ||
2704 | } | 2665 | } |
2666 | symlinkinfo[buflen] = 0; /* just in case so the caller | ||
2667 | does not go off the end of the buffer */ | ||
2668 | cFYI(1, ("readlink result - %s", symlinkinfo)); | ||
2705 | } | 2669 | } |
2670 | |||
2706 | qreparse_out: | 2671 | qreparse_out: |
2707 | cifs_buf_release(pSMB); | 2672 | cifs_buf_release(pSMB); |
2708 | 2673 | ||
@@ -2711,6 +2676,7 @@ qreparse_out: | |||
2711 | 2676 | ||
2712 | return rc; | 2677 | return rc; |
2713 | } | 2678 | } |
2679 | #endif /* CIFS_EXPERIMENTAL */ | ||
2714 | 2680 | ||
2715 | #ifdef CONFIG_CIFS_POSIX | 2681 | #ifdef CONFIG_CIFS_POSIX |
2716 | 2682 | ||
@@ -3928,27 +3894,6 @@ GetInodeNumOut: | |||
3928 | return rc; | 3894 | return rc; |
3929 | } | 3895 | } |
3930 | 3896 | ||
3931 | /* computes length of UCS string converted to host codepage | ||
3932 | * @src: UCS string | ||
3933 | * @maxlen: length of the input string in UCS characters | ||
3934 | * (not in bytes) | ||
3935 | * | ||
3936 | * return: size of input string in host codepage | ||
3937 | */ | ||
3938 | static int hostlen_fromUCS(const __le16 *src, const int maxlen, | ||
3939 | const struct nls_table *nls_codepage) { | ||
3940 | int i; | ||
3941 | int hostlen = 0; | ||
3942 | char to[4]; | ||
3943 | int charlen; | ||
3944 | for (i = 0; (i < maxlen) && src[i]; ++i) { | ||
3945 | charlen = nls_codepage->uni2char(le16_to_cpu(src[i]), | ||
3946 | to, NLS_MAX_CHARSET_SIZE); | ||
3947 | hostlen += charlen > 0 ? charlen : 1; | ||
3948 | } | ||
3949 | return hostlen; | ||
3950 | } | ||
3951 | |||
3952 | /* parses DFS refferal V3 structure | 3897 | /* parses DFS refferal V3 structure |
3953 | * caller is responsible for freeing target_nodes | 3898 | * caller is responsible for freeing target_nodes |
3954 | * returns: | 3899 | * returns: |
@@ -3994,7 +3939,7 @@ parse_DFS_referrals(TRANSACTION2_GET_DFS_REFER_RSP *pSMBr, | |||
3994 | 3939 | ||
3995 | cFYI(1, ("num_referrals: %d dfs flags: 0x%x ... \n", | 3940 | cFYI(1, ("num_referrals: %d dfs flags: 0x%x ... \n", |
3996 | *num_of_nodes, | 3941 | *num_of_nodes, |
3997 | le16_to_cpu(pSMBr->DFSFlags))); | 3942 | le32_to_cpu(pSMBr->DFSFlags))); |
3998 | 3943 | ||
3999 | *target_nodes = kzalloc(sizeof(struct dfs_info3_param) * | 3944 | *target_nodes = kzalloc(sizeof(struct dfs_info3_param) * |
4000 | *num_of_nodes, GFP_KERNEL); | 3945 | *num_of_nodes, GFP_KERNEL); |
@@ -4010,14 +3955,14 @@ parse_DFS_referrals(TRANSACTION2_GET_DFS_REFER_RSP *pSMBr, | |||
4010 | int max_len; | 3955 | int max_len; |
4011 | struct dfs_info3_param *node = (*target_nodes)+i; | 3956 | struct dfs_info3_param *node = (*target_nodes)+i; |
4012 | 3957 | ||
4013 | node->flags = le16_to_cpu(pSMBr->DFSFlags); | 3958 | node->flags = le32_to_cpu(pSMBr->DFSFlags); |
4014 | if (is_unicode) { | 3959 | if (is_unicode) { |
4015 | __le16 *tmp = kmalloc(strlen(searchName)*2 + 2, | 3960 | __le16 *tmp = kmalloc(strlen(searchName)*2 + 2, |
4016 | GFP_KERNEL); | 3961 | GFP_KERNEL); |
4017 | cifsConvertToUCS((__le16 *) tmp, searchName, | 3962 | cifsConvertToUCS((__le16 *) tmp, searchName, |
4018 | PATH_MAX, nls_codepage, remap); | 3963 | PATH_MAX, nls_codepage, remap); |
4019 | node->path_consumed = hostlen_fromUCS(tmp, | 3964 | node->path_consumed = cifs_ucs2_bytes(tmp, |
4020 | le16_to_cpu(pSMBr->PathConsumed)/2, | 3965 | le16_to_cpu(pSMBr->PathConsumed), |
4021 | nls_codepage); | 3966 | nls_codepage); |
4022 | kfree(tmp); | 3967 | kfree(tmp); |
4023 | } else | 3968 | } else |
@@ -4029,20 +3974,24 @@ parse_DFS_referrals(TRANSACTION2_GET_DFS_REFER_RSP *pSMBr, | |||
4029 | /* copy DfsPath */ | 3974 | /* copy DfsPath */ |
4030 | temp = (char *)ref + le16_to_cpu(ref->DfsPathOffset); | 3975 | temp = (char *)ref + le16_to_cpu(ref->DfsPathOffset); |
4031 | max_len = data_end - temp; | 3976 | max_len = data_end - temp; |
4032 | rc = cifs_strncpy_to_host(&(node->path_name), temp, | 3977 | node->path_name = cifs_strndup_from_ucs(temp, max_len, |
4033 | max_len, is_unicode, nls_codepage); | 3978 | is_unicode, nls_codepage); |
4034 | if (rc) | 3979 | if (IS_ERR(node->path_name)) { |
3980 | rc = PTR_ERR(node->path_name); | ||
3981 | node->path_name = NULL; | ||
4035 | goto parse_DFS_referrals_exit; | 3982 | goto parse_DFS_referrals_exit; |
3983 | } | ||
4036 | 3984 | ||
4037 | /* copy link target UNC */ | 3985 | /* copy link target UNC */ |
4038 | temp = (char *)ref + le16_to_cpu(ref->NetworkAddressOffset); | 3986 | temp = (char *)ref + le16_to_cpu(ref->NetworkAddressOffset); |
4039 | max_len = data_end - temp; | 3987 | max_len = data_end - temp; |
4040 | rc = cifs_strncpy_to_host(&(node->node_name), temp, | 3988 | node->node_name = cifs_strndup_from_ucs(temp, max_len, |
4041 | max_len, is_unicode, nls_codepage); | 3989 | is_unicode, nls_codepage); |
4042 | if (rc) | 3990 | if (IS_ERR(node->node_name)) { |
3991 | rc = PTR_ERR(node->node_name); | ||
3992 | node->node_name = NULL; | ||
4043 | goto parse_DFS_referrals_exit; | 3993 | goto parse_DFS_referrals_exit; |
4044 | 3994 | } | |
4045 | ref += le16_to_cpu(ref->Size); | ||
4046 | } | 3995 | } |
4047 | 3996 | ||
4048 | parse_DFS_referrals_exit: | 3997 | parse_DFS_referrals_exit: |