| 1 |
62 |
marcus.erl |
/*
|
| 2 |
|
|
* fs/cifs/misc.c
|
| 3 |
|
|
*
|
| 4 |
|
|
* Copyright (C) International Business Machines Corp., 2002,2007
|
| 5 |
|
|
* Author(s): Steve French (sfrench@us.ibm.com)
|
| 6 |
|
|
*
|
| 7 |
|
|
* This library is free software; you can redistribute it and/or modify
|
| 8 |
|
|
* it under the terms of the GNU Lesser General Public License as published
|
| 9 |
|
|
* by the Free Software Foundation; either version 2.1 of the License, or
|
| 10 |
|
|
* (at your option) any later version.
|
| 11 |
|
|
*
|
| 12 |
|
|
* This library is distributed in the hope that it will be useful,
|
| 13 |
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
| 14 |
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
|
| 15 |
|
|
* the GNU Lesser General Public License for more details.
|
| 16 |
|
|
*
|
| 17 |
|
|
* You should have received a copy of the GNU Lesser General Public License
|
| 18 |
|
|
* along with this library; if not, write to the Free Software
|
| 19 |
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
| 20 |
|
|
*/
|
| 21 |
|
|
|
| 22 |
|
|
#include <linux/slab.h>
|
| 23 |
|
|
#include <linux/ctype.h>
|
| 24 |
|
|
#include <linux/mempool.h>
|
| 25 |
|
|
#include "cifspdu.h"
|
| 26 |
|
|
#include "cifsglob.h"
|
| 27 |
|
|
#include "cifsproto.h"
|
| 28 |
|
|
#include "cifs_debug.h"
|
| 29 |
|
|
#include "smberr.h"
|
| 30 |
|
|
#include "nterr.h"
|
| 31 |
|
|
#include "cifs_unicode.h"
|
| 32 |
|
|
|
| 33 |
|
|
extern mempool_t *cifs_sm_req_poolp;
|
| 34 |
|
|
extern mempool_t *cifs_req_poolp;
|
| 35 |
|
|
extern struct task_struct *oplockThread;
|
| 36 |
|
|
|
| 37 |
|
|
/* The xid serves as a useful identifier for each incoming vfs request,
|
| 38 |
|
|
in a similar way to the mid which is useful to track each sent smb,
|
| 39 |
|
|
and CurrentXid can also provide a running counter (although it
|
| 40 |
|
|
will eventually wrap past zero) of the total vfs operations handled
|
| 41 |
|
|
since the cifs fs was mounted */
|
| 42 |
|
|
|
| 43 |
|
|
unsigned int
|
| 44 |
|
|
_GetXid(void)
|
| 45 |
|
|
{
|
| 46 |
|
|
unsigned int xid;
|
| 47 |
|
|
|
| 48 |
|
|
spin_lock(&GlobalMid_Lock);
|
| 49 |
|
|
GlobalTotalActiveXid++;
|
| 50 |
|
|
|
| 51 |
|
|
/* keep high water mark for number of simultaneous ops in filesystem */
|
| 52 |
|
|
if (GlobalTotalActiveXid > GlobalMaxActiveXid)
|
| 53 |
|
|
GlobalMaxActiveXid = GlobalTotalActiveXid;
|
| 54 |
|
|
if (GlobalTotalActiveXid > 65000)
|
| 55 |
|
|
cFYI(1, ("warning: more than 65000 requests active"));
|
| 56 |
|
|
xid = GlobalCurrentXid++;
|
| 57 |
|
|
spin_unlock(&GlobalMid_Lock);
|
| 58 |
|
|
return xid;
|
| 59 |
|
|
}
|
| 60 |
|
|
|
| 61 |
|
|
void
|
| 62 |
|
|
_FreeXid(unsigned int xid)
|
| 63 |
|
|
{
|
| 64 |
|
|
spin_lock(&GlobalMid_Lock);
|
| 65 |
|
|
/* if (GlobalTotalActiveXid == 0)
|
| 66 |
|
|
BUG(); */
|
| 67 |
|
|
GlobalTotalActiveXid--;
|
| 68 |
|
|
spin_unlock(&GlobalMid_Lock);
|
| 69 |
|
|
}
|
| 70 |
|
|
|
| 71 |
|
|
struct cifsSesInfo *
|
| 72 |
|
|
sesInfoAlloc(void)
|
| 73 |
|
|
{
|
| 74 |
|
|
struct cifsSesInfo *ret_buf;
|
| 75 |
|
|
|
| 76 |
|
|
ret_buf = kzalloc(sizeof(struct cifsSesInfo), GFP_KERNEL);
|
| 77 |
|
|
if (ret_buf) {
|
| 78 |
|
|
write_lock(&GlobalSMBSeslock);
|
| 79 |
|
|
atomic_inc(&sesInfoAllocCount);
|
| 80 |
|
|
ret_buf->status = CifsNew;
|
| 81 |
|
|
list_add(&ret_buf->cifsSessionList, &GlobalSMBSessionList);
|
| 82 |
|
|
init_MUTEX(&ret_buf->sesSem);
|
| 83 |
|
|
write_unlock(&GlobalSMBSeslock);
|
| 84 |
|
|
}
|
| 85 |
|
|
return ret_buf;
|
| 86 |
|
|
}
|
| 87 |
|
|
|
| 88 |
|
|
void
|
| 89 |
|
|
sesInfoFree(struct cifsSesInfo *buf_to_free)
|
| 90 |
|
|
{
|
| 91 |
|
|
if (buf_to_free == NULL) {
|
| 92 |
|
|
cFYI(1, ("Null buffer passed to sesInfoFree"));
|
| 93 |
|
|
return;
|
| 94 |
|
|
}
|
| 95 |
|
|
|
| 96 |
|
|
write_lock(&GlobalSMBSeslock);
|
| 97 |
|
|
atomic_dec(&sesInfoAllocCount);
|
| 98 |
|
|
list_del(&buf_to_free->cifsSessionList);
|
| 99 |
|
|
write_unlock(&GlobalSMBSeslock);
|
| 100 |
|
|
kfree(buf_to_free->serverOS);
|
| 101 |
|
|
kfree(buf_to_free->serverDomain);
|
| 102 |
|
|
kfree(buf_to_free->serverNOS);
|
| 103 |
|
|
kfree(buf_to_free->password);
|
| 104 |
|
|
kfree(buf_to_free->domainName);
|
| 105 |
|
|
kfree(buf_to_free);
|
| 106 |
|
|
}
|
| 107 |
|
|
|
| 108 |
|
|
struct cifsTconInfo *
|
| 109 |
|
|
tconInfoAlloc(void)
|
| 110 |
|
|
{
|
| 111 |
|
|
struct cifsTconInfo *ret_buf;
|
| 112 |
|
|
ret_buf = kzalloc(sizeof(struct cifsTconInfo), GFP_KERNEL);
|
| 113 |
|
|
if (ret_buf) {
|
| 114 |
|
|
write_lock(&GlobalSMBSeslock);
|
| 115 |
|
|
atomic_inc(&tconInfoAllocCount);
|
| 116 |
|
|
list_add(&ret_buf->cifsConnectionList,
|
| 117 |
|
|
&GlobalTreeConnectionList);
|
| 118 |
|
|
ret_buf->tidStatus = CifsNew;
|
| 119 |
|
|
INIT_LIST_HEAD(&ret_buf->openFileList);
|
| 120 |
|
|
init_MUTEX(&ret_buf->tconSem);
|
| 121 |
|
|
#ifdef CONFIG_CIFS_STATS
|
| 122 |
|
|
spin_lock_init(&ret_buf->stat_lock);
|
| 123 |
|
|
#endif
|
| 124 |
|
|
write_unlock(&GlobalSMBSeslock);
|
| 125 |
|
|
}
|
| 126 |
|
|
return ret_buf;
|
| 127 |
|
|
}
|
| 128 |
|
|
|
| 129 |
|
|
void
|
| 130 |
|
|
tconInfoFree(struct cifsTconInfo *buf_to_free)
|
| 131 |
|
|
{
|
| 132 |
|
|
if (buf_to_free == NULL) {
|
| 133 |
|
|
cFYI(1, ("Null buffer passed to tconInfoFree"));
|
| 134 |
|
|
return;
|
| 135 |
|
|
}
|
| 136 |
|
|
write_lock(&GlobalSMBSeslock);
|
| 137 |
|
|
atomic_dec(&tconInfoAllocCount);
|
| 138 |
|
|
list_del(&buf_to_free->cifsConnectionList);
|
| 139 |
|
|
write_unlock(&GlobalSMBSeslock);
|
| 140 |
|
|
kfree(buf_to_free->nativeFileSystem);
|
| 141 |
|
|
kfree(buf_to_free);
|
| 142 |
|
|
}
|
| 143 |
|
|
|
| 144 |
|
|
struct smb_hdr *
|
| 145 |
|
|
cifs_buf_get(void)
|
| 146 |
|
|
{
|
| 147 |
|
|
struct smb_hdr *ret_buf = NULL;
|
| 148 |
|
|
|
| 149 |
|
|
/* We could use negotiated size instead of max_msgsize -
|
| 150 |
|
|
but it may be more efficient to always alloc same size
|
| 151 |
|
|
albeit slightly larger than necessary and maxbuffersize
|
| 152 |
|
|
defaults to this and can not be bigger */
|
| 153 |
|
|
ret_buf = (struct smb_hdr *) mempool_alloc(cifs_req_poolp,
|
| 154 |
|
|
GFP_KERNEL | GFP_NOFS);
|
| 155 |
|
|
|
| 156 |
|
|
/* clear the first few header bytes */
|
| 157 |
|
|
/* for most paths, more is cleared in header_assemble */
|
| 158 |
|
|
if (ret_buf) {
|
| 159 |
|
|
memset(ret_buf, 0, sizeof(struct smb_hdr) + 3);
|
| 160 |
|
|
atomic_inc(&bufAllocCount);
|
| 161 |
|
|
#ifdef CONFIG_CIFS_STATS2
|
| 162 |
|
|
atomic_inc(&totBufAllocCount);
|
| 163 |
|
|
#endif /* CONFIG_CIFS_STATS2 */
|
| 164 |
|
|
}
|
| 165 |
|
|
|
| 166 |
|
|
return ret_buf;
|
| 167 |
|
|
}
|
| 168 |
|
|
|
| 169 |
|
|
void
|
| 170 |
|
|
cifs_buf_release(void *buf_to_free)
|
| 171 |
|
|
{
|
| 172 |
|
|
if (buf_to_free == NULL) {
|
| 173 |
|
|
/* cFYI(1, ("Null buffer passed to cifs_buf_release"));*/
|
| 174 |
|
|
return;
|
| 175 |
|
|
}
|
| 176 |
|
|
mempool_free(buf_to_free, cifs_req_poolp);
|
| 177 |
|
|
|
| 178 |
|
|
atomic_dec(&bufAllocCount);
|
| 179 |
|
|
return;
|
| 180 |
|
|
}
|
| 181 |
|
|
|
| 182 |
|
|
struct smb_hdr *
|
| 183 |
|
|
cifs_small_buf_get(void)
|
| 184 |
|
|
{
|
| 185 |
|
|
struct smb_hdr *ret_buf = NULL;
|
| 186 |
|
|
|
| 187 |
|
|
/* We could use negotiated size instead of max_msgsize -
|
| 188 |
|
|
but it may be more efficient to always alloc same size
|
| 189 |
|
|
albeit slightly larger than necessary and maxbuffersize
|
| 190 |
|
|
defaults to this and can not be bigger */
|
| 191 |
|
|
ret_buf = (struct smb_hdr *) mempool_alloc(cifs_sm_req_poolp,
|
| 192 |
|
|
GFP_KERNEL | GFP_NOFS);
|
| 193 |
|
|
if (ret_buf) {
|
| 194 |
|
|
/* No need to clear memory here, cleared in header assemble */
|
| 195 |
|
|
/* memset(ret_buf, 0, sizeof(struct smb_hdr) + 27);*/
|
| 196 |
|
|
atomic_inc(&smBufAllocCount);
|
| 197 |
|
|
#ifdef CONFIG_CIFS_STATS2
|
| 198 |
|
|
atomic_inc(&totSmBufAllocCount);
|
| 199 |
|
|
#endif /* CONFIG_CIFS_STATS2 */
|
| 200 |
|
|
|
| 201 |
|
|
}
|
| 202 |
|
|
return ret_buf;
|
| 203 |
|
|
}
|
| 204 |
|
|
|
| 205 |
|
|
void
|
| 206 |
|
|
cifs_small_buf_release(void *buf_to_free)
|
| 207 |
|
|
{
|
| 208 |
|
|
|
| 209 |
|
|
if (buf_to_free == NULL) {
|
| 210 |
|
|
cFYI(1, ("Null buffer passed to cifs_small_buf_release"));
|
| 211 |
|
|
return;
|
| 212 |
|
|
}
|
| 213 |
|
|
mempool_free(buf_to_free, cifs_sm_req_poolp);
|
| 214 |
|
|
|
| 215 |
|
|
atomic_dec(&smBufAllocCount);
|
| 216 |
|
|
return;
|
| 217 |
|
|
}
|
| 218 |
|
|
|
| 219 |
|
|
/*
|
| 220 |
|
|
Find a free multiplex id (SMB mid). Otherwise there could be
|
| 221 |
|
|
mid collisions which might cause problems, demultiplexing the
|
| 222 |
|
|
wrong response to this request. Multiplex ids could collide if
|
| 223 |
|
|
one of a series requests takes much longer than the others, or
|
| 224 |
|
|
if a very large number of long lived requests (byte range
|
| 225 |
|
|
locks or FindNotify requests) are pending. No more than
|
| 226 |
|
|
64K-1 requests can be outstanding at one time. If no
|
| 227 |
|
|
mids are available, return zero. A future optimization
|
| 228 |
|
|
could make the combination of mids and uid the key we use
|
| 229 |
|
|
to demultiplex on (rather than mid alone).
|
| 230 |
|
|
In addition to the above check, the cifs demultiplex
|
| 231 |
|
|
code already used the command code as a secondary
|
| 232 |
|
|
check of the frame and if signing is negotiated the
|
| 233 |
|
|
response would be discarded if the mid were the same
|
| 234 |
|
|
but the signature was wrong. Since the mid is not put in the
|
| 235 |
|
|
pending queue until later (when it is about to be dispatched)
|
| 236 |
|
|
we do have to limit the number of outstanding requests
|
| 237 |
|
|
to somewhat less than 64K-1 although it is hard to imagine
|
| 238 |
|
|
so many threads being in the vfs at one time.
|
| 239 |
|
|
*/
|
| 240 |
|
|
__u16 GetNextMid(struct TCP_Server_Info *server)
|
| 241 |
|
|
{
|
| 242 |
|
|
__u16 mid = 0;
|
| 243 |
|
|
__u16 last_mid;
|
| 244 |
|
|
int collision;
|
| 245 |
|
|
|
| 246 |
|
|
if (server == NULL)
|
| 247 |
|
|
return mid;
|
| 248 |
|
|
|
| 249 |
|
|
spin_lock(&GlobalMid_Lock);
|
| 250 |
|
|
last_mid = server->CurrentMid; /* we do not want to loop forever */
|
| 251 |
|
|
server->CurrentMid++;
|
| 252 |
|
|
/* This nested loop looks more expensive than it is.
|
| 253 |
|
|
In practice the list of pending requests is short,
|
| 254 |
|
|
fewer than 50, and the mids are likely to be unique
|
| 255 |
|
|
on the first pass through the loop unless some request
|
| 256 |
|
|
takes longer than the 64 thousand requests before it
|
| 257 |
|
|
(and it would also have to have been a request that
|
| 258 |
|
|
did not time out) */
|
| 259 |
|
|
while (server->CurrentMid != last_mid) {
|
| 260 |
|
|
struct list_head *tmp;
|
| 261 |
|
|
struct mid_q_entry *mid_entry;
|
| 262 |
|
|
|
| 263 |
|
|
collision = 0;
|
| 264 |
|
|
if (server->CurrentMid == 0)
|
| 265 |
|
|
server->CurrentMid++;
|
| 266 |
|
|
|
| 267 |
|
|
list_for_each(tmp, &server->pending_mid_q) {
|
| 268 |
|
|
mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
|
| 269 |
|
|
|
| 270 |
|
|
if ((mid_entry->mid == server->CurrentMid) &&
|
| 271 |
|
|
(mid_entry->midState == MID_REQUEST_SUBMITTED)) {
|
| 272 |
|
|
/* This mid is in use, try a different one */
|
| 273 |
|
|
collision = 1;
|
| 274 |
|
|
break;
|
| 275 |
|
|
}
|
| 276 |
|
|
}
|
| 277 |
|
|
if (collision == 0) {
|
| 278 |
|
|
mid = server->CurrentMid;
|
| 279 |
|
|
break;
|
| 280 |
|
|
}
|
| 281 |
|
|
server->CurrentMid++;
|
| 282 |
|
|
}
|
| 283 |
|
|
spin_unlock(&GlobalMid_Lock);
|
| 284 |
|
|
return mid;
|
| 285 |
|
|
}
|
| 286 |
|
|
|
| 287 |
|
|
/* NB: MID can not be set if treeCon not passed in, in that
|
| 288 |
|
|
case it is responsbility of caller to set the mid */
|
| 289 |
|
|
void
|
| 290 |
|
|
header_assemble(struct smb_hdr *buffer, char smb_command /* command */ ,
|
| 291 |
|
|
const struct cifsTconInfo *treeCon, int word_count
|
| 292 |
|
|
/* length of fixed section (word count) in two byte units */)
|
| 293 |
|
|
{
|
| 294 |
|
|
struct list_head *temp_item;
|
| 295 |
|
|
struct cifsSesInfo *ses;
|
| 296 |
|
|
char *temp = (char *) buffer;
|
| 297 |
|
|
|
| 298 |
|
|
memset(temp, 0, 256); /* bigger than MAX_CIFS_HDR_SIZE */
|
| 299 |
|
|
|
| 300 |
|
|
buffer->smb_buf_length =
|
| 301 |
|
|
(2 * word_count) + sizeof(struct smb_hdr) -
|
| 302 |
|
|
4 /* RFC 1001 length field does not count */ +
|
| 303 |
|
|
2 /* for bcc field itself */ ;
|
| 304 |
|
|
/* Note that this is the only network field that has to be converted
|
| 305 |
|
|
to big endian and it is done just before we send it */
|
| 306 |
|
|
|
| 307 |
|
|
buffer->Protocol[0] = 0xFF;
|
| 308 |
|
|
buffer->Protocol[1] = 'S';
|
| 309 |
|
|
buffer->Protocol[2] = 'M';
|
| 310 |
|
|
buffer->Protocol[3] = 'B';
|
| 311 |
|
|
buffer->Command = smb_command;
|
| 312 |
|
|
buffer->Flags = 0x00; /* case sensitive */
|
| 313 |
|
|
buffer->Flags2 = SMBFLG2_KNOWS_LONG_NAMES;
|
| 314 |
|
|
buffer->Pid = cpu_to_le16((__u16)current->tgid);
|
| 315 |
|
|
buffer->PidHigh = cpu_to_le16((__u16)(current->tgid >> 16));
|
| 316 |
|
|
spin_lock(&GlobalMid_Lock);
|
| 317 |
|
|
spin_unlock(&GlobalMid_Lock);
|
| 318 |
|
|
if (treeCon) {
|
| 319 |
|
|
buffer->Tid = treeCon->tid;
|
| 320 |
|
|
if (treeCon->ses) {
|
| 321 |
|
|
if (treeCon->ses->capabilities & CAP_UNICODE)
|
| 322 |
|
|
buffer->Flags2 |= SMBFLG2_UNICODE;
|
| 323 |
|
|
if (treeCon->ses->capabilities & CAP_STATUS32) {
|
| 324 |
|
|
buffer->Flags2 |= SMBFLG2_ERR_STATUS;
|
| 325 |
|
|
}
|
| 326 |
|
|
/* Uid is not converted */
|
| 327 |
|
|
buffer->Uid = treeCon->ses->Suid;
|
| 328 |
|
|
buffer->Mid = GetNextMid(treeCon->ses->server);
|
| 329 |
|
|
if (multiuser_mount != 0) {
|
| 330 |
|
|
/* For the multiuser case, there are few obvious technically */
|
| 331 |
|
|
/* possible mechanisms to match the local linux user (uid) */
|
| 332 |
|
|
/* to a valid remote smb user (smb_uid): */
|
| 333 |
|
|
/* 1) Query Winbind (or other local pam/nss daemon */
|
| 334 |
|
|
/* for userid/password/logon_domain or credential */
|
| 335 |
|
|
/* 2) Query Winbind for uid to sid to username mapping */
|
| 336 |
|
|
/* and see if we have a matching password for existing*/
|
| 337 |
|
|
/* session for that user perhas getting password by */
|
| 338 |
|
|
/* adding a new pam_cifs module that stores passwords */
|
| 339 |
|
|
/* so that the cifs vfs can get at that for all logged*/
|
| 340 |
|
|
/* on users */
|
| 341 |
|
|
/* 3) (Which is the mechanism we have chosen) */
|
| 342 |
|
|
/* Search through sessions to the same server for a */
|
| 343 |
|
|
/* a match on the uid that was passed in on mount */
|
| 344 |
|
|
/* with the current processes uid (or euid?) and use */
|
| 345 |
|
|
/* that smb uid. If no existing smb session for */
|
| 346 |
|
|
/* that uid found, use the default smb session ie */
|
| 347 |
|
|
/* the smb session for the volume mounted which is */
|
| 348 |
|
|
/* the same as would be used if the multiuser mount */
|
| 349 |
|
|
/* flag were disabled. */
|
| 350 |
|
|
|
| 351 |
|
|
/* BB Add support for establishing new tCon and SMB Session */
|
| 352 |
|
|
/* with userid/password pairs found on the smb session */
|
| 353 |
|
|
/* for other target tcp/ip addresses BB */
|
| 354 |
|
|
if (current->fsuid != treeCon->ses->linux_uid) {
|
| 355 |
|
|
cFYI(1, ("Multiuser mode and UID "
|
| 356 |
|
|
"did not match tcon uid"));
|
| 357 |
|
|
read_lock(&GlobalSMBSeslock);
|
| 358 |
|
|
list_for_each(temp_item, &GlobalSMBSessionList) {
|
| 359 |
|
|
ses = list_entry(temp_item, struct cifsSesInfo, cifsSessionList);
|
| 360 |
|
|
if (ses->linux_uid == current->fsuid) {
|
| 361 |
|
|
if (ses->server == treeCon->ses->server) {
|
| 362 |
|
|
cFYI(1, ("found matching uid substitute right smb_uid"));
|
| 363 |
|
|
buffer->Uid = ses->Suid;
|
| 364 |
|
|
break;
|
| 365 |
|
|
} else {
|
| 366 |
|
|
/* BB eventually call cifs_setup_session here */
|
| 367 |
|
|
cFYI(1, ("local UID found but no smb sess with this server exists"));
|
| 368 |
|
|
}
|
| 369 |
|
|
}
|
| 370 |
|
|
}
|
| 371 |
|
|
read_unlock(&GlobalSMBSeslock);
|
| 372 |
|
|
}
|
| 373 |
|
|
}
|
| 374 |
|
|
}
|
| 375 |
|
|
if (treeCon->Flags & SMB_SHARE_IS_IN_DFS)
|
| 376 |
|
|
buffer->Flags2 |= SMBFLG2_DFS;
|
| 377 |
|
|
if (treeCon->nocase)
|
| 378 |
|
|
buffer->Flags |= SMBFLG_CASELESS;
|
| 379 |
|
|
if ((treeCon->ses) && (treeCon->ses->server))
|
| 380 |
|
|
if (treeCon->ses->server->secMode &
|
| 381 |
|
|
(SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
|
| 382 |
|
|
buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
|
| 383 |
|
|
}
|
| 384 |
|
|
|
| 385 |
|
|
/* endian conversion of flags is now done just before sending */
|
| 386 |
|
|
buffer->WordCount = (char) word_count;
|
| 387 |
|
|
return;
|
| 388 |
|
|
}
|
| 389 |
|
|
|
| 390 |
|
|
static int
|
| 391 |
|
|
checkSMBhdr(struct smb_hdr *smb, __u16 mid)
|
| 392 |
|
|
{
|
| 393 |
|
|
/* Make sure that this really is an SMB, that it is a response,
|
| 394 |
|
|
and that the message ids match */
|
| 395 |
|
|
if ((*(__le32 *) smb->Protocol == cpu_to_le32(0x424d53ff)) &&
|
| 396 |
|
|
(mid == smb->Mid)) {
|
| 397 |
|
|
if (smb->Flags & SMBFLG_RESPONSE)
|
| 398 |
|
|
return 0;
|
| 399 |
|
|
else {
|
| 400 |
|
|
/* only one valid case where server sends us request */
|
| 401 |
|
|
if (smb->Command == SMB_COM_LOCKING_ANDX)
|
| 402 |
|
|
return 0;
|
| 403 |
|
|
else
|
| 404 |
|
|
cERROR(1, ("Received Request not response"));
|
| 405 |
|
|
}
|
| 406 |
|
|
} else { /* bad signature or mid */
|
| 407 |
|
|
if (*(__le32 *) smb->Protocol != cpu_to_le32(0x424d53ff))
|
| 408 |
|
|
cERROR(1,
|
| 409 |
|
|
("Bad protocol string signature header %x",
|
| 410 |
|
|
*(unsigned int *) smb->Protocol));
|
| 411 |
|
|
if (mid != smb->Mid)
|
| 412 |
|
|
cERROR(1, ("Mids do not match"));
|
| 413 |
|
|
}
|
| 414 |
|
|
cERROR(1, ("bad smb detected. The Mid=%d", smb->Mid));
|
| 415 |
|
|
return 1;
|
| 416 |
|
|
}
|
| 417 |
|
|
|
| 418 |
|
|
int
|
| 419 |
|
|
checkSMB(struct smb_hdr *smb, __u16 mid, unsigned int length)
|
| 420 |
|
|
{
|
| 421 |
|
|
__u32 len = smb->smb_buf_length;
|
| 422 |
|
|
__u32 clc_len; /* calculated length */
|
| 423 |
|
|
cFYI(0, ("checkSMB Length: 0x%x, smb_buf_length: 0x%x", length, len));
|
| 424 |
|
|
|
| 425 |
|
|
if (length < 2 + sizeof(struct smb_hdr)) {
|
| 426 |
|
|
if ((length >= sizeof(struct smb_hdr) - 1)
|
| 427 |
|
|
&& (smb->Status.CifsError != 0)) {
|
| 428 |
|
|
smb->WordCount = 0;
|
| 429 |
|
|
/* some error cases do not return wct and bcc */
|
| 430 |
|
|
return 0;
|
| 431 |
|
|
} else if ((length == sizeof(struct smb_hdr) + 1) &&
|
| 432 |
|
|
(smb->WordCount == 0)) {
|
| 433 |
|
|
char *tmp = (char *)smb;
|
| 434 |
|
|
/* Need to work around a bug in two servers here */
|
| 435 |
|
|
/* First, check if the part of bcc they sent was zero */
|
| 436 |
|
|
if (tmp[sizeof(struct smb_hdr)] == 0) {
|
| 437 |
|
|
/* some servers return only half of bcc
|
| 438 |
|
|
* on simple responses (wct, bcc both zero)
|
| 439 |
|
|
* in particular have seen this on
|
| 440 |
|
|
* ulogoffX and FindClose. This leaves
|
| 441 |
|
|
* one byte of bcc potentially unitialized
|
| 442 |
|
|
*/
|
| 443 |
|
|
/* zero rest of bcc */
|
| 444 |
|
|
tmp[sizeof(struct smb_hdr)+1] = 0;
|
| 445 |
|
|
return 0;
|
| 446 |
|
|
}
|
| 447 |
|
|
cERROR(1, ("rcvd invalid byte count (bcc)"));
|
| 448 |
|
|
} else {
|
| 449 |
|
|
cERROR(1, ("Length less than smb header size"));
|
| 450 |
|
|
}
|
| 451 |
|
|
return 1;
|
| 452 |
|
|
}
|
| 453 |
|
|
if (len > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) {
|
| 454 |
|
|
cERROR(1, ("smb length greater than MaxBufSize, mid=%d",
|
| 455 |
|
|
smb->Mid));
|
| 456 |
|
|
return 1;
|
| 457 |
|
|
}
|
| 458 |
|
|
|
| 459 |
|
|
if (checkSMBhdr(smb, mid))
|
| 460 |
|
|
return 1;
|
| 461 |
|
|
clc_len = smbCalcSize_LE(smb);
|
| 462 |
|
|
|
| 463 |
|
|
if (4 + len != length) {
|
| 464 |
|
|
cERROR(1, ("Length read does not match RFC1001 length %d",
|
| 465 |
|
|
len));
|
| 466 |
|
|
return 1;
|
| 467 |
|
|
}
|
| 468 |
|
|
|
| 469 |
|
|
if (4 + len != clc_len) {
|
| 470 |
|
|
/* check if bcc wrapped around for large read responses */
|
| 471 |
|
|
if ((len > 64 * 1024) && (len > clc_len)) {
|
| 472 |
|
|
/* check if lengths match mod 64K */
|
| 473 |
|
|
if (((4 + len) & 0xFFFF) == (clc_len & 0xFFFF))
|
| 474 |
|
|
return 0; /* bcc wrapped */
|
| 475 |
|
|
}
|
| 476 |
|
|
cFYI(1, ("Calculated size %d vs length %d mismatch for mid %d",
|
| 477 |
|
|
clc_len, 4 + len, smb->Mid));
|
| 478 |
|
|
/* Windows XP can return a few bytes too much, presumably
|
| 479 |
|
|
an illegal pad, at the end of byte range lock responses
|
| 480 |
|
|
so we allow for that three byte pad, as long as actual
|
| 481 |
|
|
received length is as long or longer than calculated length */
|
| 482 |
|
|
/* We have now had to extend this more, since there is a
|
| 483 |
|
|
case in which it needs to be bigger still to handle a
|
| 484 |
|
|
malformed response to transact2 findfirst from WinXP when
|
| 485 |
|
|
access denied is returned and thus bcc and wct are zero
|
| 486 |
|
|
but server says length is 0x21 bytes too long as if the server
|
| 487 |
|
|
forget to reset the smb rfc1001 length when it reset the
|
| 488 |
|
|
wct and bcc to minimum size and drop the t2 parms and data */
|
| 489 |
|
|
if ((4+len > clc_len) && (len <= clc_len + 512))
|
| 490 |
|
|
return 0;
|
| 491 |
|
|
else {
|
| 492 |
|
|
cERROR(1, ("RFC1001 size %d bigger than SMB for Mid=%d",
|
| 493 |
|
|
len, smb->Mid));
|
| 494 |
|
|
return 1;
|
| 495 |
|
|
}
|
| 496 |
|
|
}
|
| 497 |
|
|
return 0;
|
| 498 |
|
|
}
|
| 499 |
|
|
int
|
| 500 |
|
|
is_valid_oplock_break(struct smb_hdr *buf, struct TCP_Server_Info *srv)
|
| 501 |
|
|
{
|
| 502 |
|
|
struct smb_com_lock_req *pSMB = (struct smb_com_lock_req *)buf;
|
| 503 |
|
|
struct list_head *tmp;
|
| 504 |
|
|
struct list_head *tmp1;
|
| 505 |
|
|
struct cifsTconInfo *tcon;
|
| 506 |
|
|
struct cifsFileInfo *netfile;
|
| 507 |
|
|
|
| 508 |
|
|
cFYI(1, ("Checking for oplock break or dnotify response"));
|
| 509 |
|
|
if ((pSMB->hdr.Command == SMB_COM_NT_TRANSACT) &&
|
| 510 |
|
|
(pSMB->hdr.Flags & SMBFLG_RESPONSE)) {
|
| 511 |
|
|
struct smb_com_transaction_change_notify_rsp *pSMBr =
|
| 512 |
|
|
(struct smb_com_transaction_change_notify_rsp *)buf;
|
| 513 |
|
|
struct file_notify_information *pnotify;
|
| 514 |
|
|
__u32 data_offset = 0;
|
| 515 |
|
|
if (pSMBr->ByteCount > sizeof(struct file_notify_information)) {
|
| 516 |
|
|
data_offset = le32_to_cpu(pSMBr->DataOffset);
|
| 517 |
|
|
|
| 518 |
|
|
pnotify = (struct file_notify_information *)
|
| 519 |
|
|
((char *)&pSMBr->hdr.Protocol + data_offset);
|
| 520 |
|
|
cFYI(1, ("dnotify on %s Action: 0x%x",
|
| 521 |
|
|
pnotify->FileName,
|
| 522 |
|
|
pnotify->Action)); /* BB removeme BB */
|
| 523 |
|
|
/* cifs_dump_mem("Rcvd notify Data: ",buf,
|
| 524 |
|
|
sizeof(struct smb_hdr)+60); */
|
| 525 |
|
|
return TRUE;
|
| 526 |
|
|
}
|
| 527 |
|
|
if (pSMBr->hdr.Status.CifsError) {
|
| 528 |
|
|
cFYI(1, ("notify err 0x%d",
|
| 529 |
|
|
pSMBr->hdr.Status.CifsError));
|
| 530 |
|
|
return TRUE;
|
| 531 |
|
|
}
|
| 532 |
|
|
return FALSE;
|
| 533 |
|
|
}
|
| 534 |
|
|
if (pSMB->hdr.Command != SMB_COM_LOCKING_ANDX)
|
| 535 |
|
|
return FALSE;
|
| 536 |
|
|
if (pSMB->hdr.Flags & SMBFLG_RESPONSE) {
|
| 537 |
|
|
/* no sense logging error on invalid handle on oplock
|
| 538 |
|
|
break - harmless race between close request and oplock
|
| 539 |
|
|
break response is expected from time to time writing out
|
| 540 |
|
|
large dirty files cached on the client */
|
| 541 |
|
|
if ((NT_STATUS_INVALID_HANDLE) ==
|
| 542 |
|
|
le32_to_cpu(pSMB->hdr.Status.CifsError)) {
|
| 543 |
|
|
cFYI(1, ("invalid handle on oplock break"));
|
| 544 |
|
|
return TRUE;
|
| 545 |
|
|
} else if (ERRbadfid ==
|
| 546 |
|
|
le16_to_cpu(pSMB->hdr.Status.DosError.Error)) {
|
| 547 |
|
|
return TRUE;
|
| 548 |
|
|
} else {
|
| 549 |
|
|
return FALSE; /* on valid oplock brk we get "request" */
|
| 550 |
|
|
}
|
| 551 |
|
|
}
|
| 552 |
|
|
if (pSMB->hdr.WordCount != 8)
|
| 553 |
|
|
return FALSE;
|
| 554 |
|
|
|
| 555 |
|
|
cFYI(1, ("oplock type 0x%d level 0x%d",
|
| 556 |
|
|
pSMB->LockType, pSMB->OplockLevel));
|
| 557 |
|
|
if (!(pSMB->LockType & LOCKING_ANDX_OPLOCK_RELEASE))
|
| 558 |
|
|
return FALSE;
|
| 559 |
|
|
|
| 560 |
|
|
/* look up tcon based on tid & uid */
|
| 561 |
|
|
read_lock(&GlobalSMBSeslock);
|
| 562 |
|
|
list_for_each(tmp, &GlobalTreeConnectionList) {
|
| 563 |
|
|
tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
|
| 564 |
|
|
if ((tcon->tid == buf->Tid) && (srv == tcon->ses->server)) {
|
| 565 |
|
|
cifs_stats_inc(&tcon->num_oplock_brks);
|
| 566 |
|
|
list_for_each(tmp1, &tcon->openFileList) {
|
| 567 |
|
|
netfile = list_entry(tmp1, struct cifsFileInfo,
|
| 568 |
|
|
tlist);
|
| 569 |
|
|
if (pSMB->Fid == netfile->netfid) {
|
| 570 |
|
|
struct cifsInodeInfo *pCifsInode;
|
| 571 |
|
|
read_unlock(&GlobalSMBSeslock);
|
| 572 |
|
|
cFYI(1,
|
| 573 |
|
|
("file id match, oplock break"));
|
| 574 |
|
|
pCifsInode =
|
| 575 |
|
|
CIFS_I(netfile->pInode);
|
| 576 |
|
|
pCifsInode->clientCanCacheAll = FALSE;
|
| 577 |
|
|
if (pSMB->OplockLevel == 0)
|
| 578 |
|
|
pCifsInode->clientCanCacheRead
|
| 579 |
|
|
= FALSE;
|
| 580 |
|
|
pCifsInode->oplockPending = TRUE;
|
| 581 |
|
|
AllocOplockQEntry(netfile->pInode,
|
| 582 |
|
|
netfile->netfid,
|
| 583 |
|
|
tcon);
|
| 584 |
|
|
cFYI(1,
|
| 585 |
|
|
("about to wake up oplock thread"));
|
| 586 |
|
|
if (oplockThread)
|
| 587 |
|
|
wake_up_process(oplockThread);
|
| 588 |
|
|
return TRUE;
|
| 589 |
|
|
}
|
| 590 |
|
|
}
|
| 591 |
|
|
read_unlock(&GlobalSMBSeslock);
|
| 592 |
|
|
cFYI(1, ("No matching file for oplock break"));
|
| 593 |
|
|
return TRUE;
|
| 594 |
|
|
}
|
| 595 |
|
|
}
|
| 596 |
|
|
read_unlock(&GlobalSMBSeslock);
|
| 597 |
|
|
cFYI(1, ("Can not process oplock break for non-existent connection"));
|
| 598 |
|
|
return TRUE;
|
| 599 |
|
|
}
|
| 600 |
|
|
|
| 601 |
|
|
void
|
| 602 |
|
|
dump_smb(struct smb_hdr *smb_buf, int smb_buf_length)
|
| 603 |
|
|
{
|
| 604 |
|
|
int i, j;
|
| 605 |
|
|
char debug_line[17];
|
| 606 |
|
|
unsigned char *buffer;
|
| 607 |
|
|
|
| 608 |
|
|
if (traceSMB == 0)
|
| 609 |
|
|
return;
|
| 610 |
|
|
|
| 611 |
|
|
buffer = (unsigned char *) smb_buf;
|
| 612 |
|
|
for (i = 0, j = 0; i < smb_buf_length; i++, j++) {
|
| 613 |
|
|
if (i % 8 == 0) { /* have reached the beginning of line */
|
| 614 |
|
|
printk(KERN_DEBUG "| ");
|
| 615 |
|
|
j = 0;
|
| 616 |
|
|
}
|
| 617 |
|
|
printk("%0#4x ", buffer[i]);
|
| 618 |
|
|
debug_line[2 * j] = ' ';
|
| 619 |
|
|
if (isprint(buffer[i]))
|
| 620 |
|
|
debug_line[1 + (2 * j)] = buffer[i];
|
| 621 |
|
|
else
|
| 622 |
|
|
debug_line[1 + (2 * j)] = '_';
|
| 623 |
|
|
|
| 624 |
|
|
if (i % 8 == 7) { /* reached end of line, time to print ascii */
|
| 625 |
|
|
debug_line[16] = 0;
|
| 626 |
|
|
printk(" | %s\n", debug_line);
|
| 627 |
|
|
}
|
| 628 |
|
|
}
|
| 629 |
|
|
for (; j < 8; j++) {
|
| 630 |
|
|
printk(" ");
|
| 631 |
|
|
debug_line[2 * j] = ' ';
|
| 632 |
|
|
debug_line[1 + (2 * j)] = ' ';
|
| 633 |
|
|
}
|
| 634 |
|
|
printk( " | %s\n", debug_line);
|
| 635 |
|
|
return;
|
| 636 |
|
|
}
|
| 637 |
|
|
|
| 638 |
|
|
/* Windows maps these to the user defined 16 bit Unicode range since they are
|
| 639 |
|
|
reserved symbols (along with \ and /), otherwise illegal to store
|
| 640 |
|
|
in filenames in NTFS */
|
| 641 |
|
|
#define UNI_ASTERIK (__u16) ('*' + 0xF000)
|
| 642 |
|
|
#define UNI_QUESTION (__u16) ('?' + 0xF000)
|
| 643 |
|
|
#define UNI_COLON (__u16) (':' + 0xF000)
|
| 644 |
|
|
#define UNI_GRTRTHAN (__u16) ('>' + 0xF000)
|
| 645 |
|
|
#define UNI_LESSTHAN (__u16) ('<' + 0xF000)
|
| 646 |
|
|
#define UNI_PIPE (__u16) ('|' + 0xF000)
|
| 647 |
|
|
#define UNI_SLASH (__u16) ('\\' + 0xF000)
|
| 648 |
|
|
|
| 649 |
|
|
/* Convert 16 bit Unicode pathname from wire format to string in current code
|
| 650 |
|
|
page. Conversion may involve remapping up the seven characters that are
|
| 651 |
|
|
only legal in POSIX-like OS (if they are present in the string). Path
|
| 652 |
|
|
names are little endian 16 bit Unicode on the wire */
|
| 653 |
|
|
int
|
| 654 |
|
|
cifs_convertUCSpath(char *target, const __le16 *source, int maxlen,
|
| 655 |
|
|
const struct nls_table *cp)
|
| 656 |
|
|
{
|
| 657 |
|
|
int i, j, len;
|
| 658 |
|
|
__u16 src_char;
|
| 659 |
|
|
|
| 660 |
|
|
for (i = 0, j = 0; i < maxlen; i++) {
|
| 661 |
|
|
src_char = le16_to_cpu(source[i]);
|
| 662 |
|
|
switch (src_char) {
|
| 663 |
|
|
case 0:
|
| 664 |
|
|
goto cUCS_out; /* BB check this BB */
|
| 665 |
|
|
case UNI_COLON:
|
| 666 |
|
|
target[j] = ':';
|
| 667 |
|
|
break;
|
| 668 |
|
|
case UNI_ASTERIK:
|
| 669 |
|
|
target[j] = '*';
|
| 670 |
|
|
break;
|
| 671 |
|
|
case UNI_QUESTION:
|
| 672 |
|
|
target[j] = '?';
|
| 673 |
|
|
break;
|
| 674 |
|
|
/* BB We can not handle remapping slash until
|
| 675 |
|
|
all the calls to build_path_from_dentry
|
| 676 |
|
|
are modified, as they use slash as separator BB */
|
| 677 |
|
|
/* case UNI_SLASH:
|
| 678 |
|
|
target[j] = '\\';
|
| 679 |
|
|
break;*/
|
| 680 |
|
|
case UNI_PIPE:
|
| 681 |
|
|
target[j] = '|';
|
| 682 |
|
|
break;
|
| 683 |
|
|
case UNI_GRTRTHAN:
|
| 684 |
|
|
target[j] = '>';
|
| 685 |
|
|
break;
|
| 686 |
|
|
case UNI_LESSTHAN:
|
| 687 |
|
|
target[j] = '<';
|
| 688 |
|
|
break;
|
| 689 |
|
|
default:
|
| 690 |
|
|
len = cp->uni2char(src_char, &target[j],
|
| 691 |
|
|
NLS_MAX_CHARSET_SIZE);
|
| 692 |
|
|
if (len > 0) {
|
| 693 |
|
|
j += len;
|
| 694 |
|
|
continue;
|
| 695 |
|
|
} else {
|
| 696 |
|
|
target[j] = '?';
|
| 697 |
|
|
}
|
| 698 |
|
|
}
|
| 699 |
|
|
j++;
|
| 700 |
|
|
/* make sure we do not overrun callers allocated temp buffer */
|
| 701 |
|
|
if (j >= (2 * NAME_MAX))
|
| 702 |
|
|
break;
|
| 703 |
|
|
}
|
| 704 |
|
|
cUCS_out:
|
| 705 |
|
|
target[j] = 0;
|
| 706 |
|
|
return j;
|
| 707 |
|
|
}
|
| 708 |
|
|
|
| 709 |
|
|
/* Convert 16 bit Unicode pathname to wire format from string in current code
|
| 710 |
|
|
page. Conversion may involve remapping up the seven characters that are
|
| 711 |
|
|
only legal in POSIX-like OS (if they are present in the string). Path
|
| 712 |
|
|
names are little endian 16 bit Unicode on the wire */
|
| 713 |
|
|
int
|
| 714 |
|
|
cifsConvertToUCS(__le16 *target, const char *source, int maxlen,
|
| 715 |
|
|
const struct nls_table *cp, int mapChars)
|
| 716 |
|
|
{
|
| 717 |
|
|
int i, j, charlen;
|
| 718 |
|
|
int len_remaining = maxlen;
|
| 719 |
|
|
char src_char;
|
| 720 |
|
|
__u16 temp;
|
| 721 |
|
|
|
| 722 |
|
|
if (!mapChars)
|
| 723 |
|
|
return cifs_strtoUCS(target, source, PATH_MAX, cp);
|
| 724 |
|
|
|
| 725 |
|
|
for (i = 0, j = 0; i < maxlen; j++) {
|
| 726 |
|
|
src_char = source[i];
|
| 727 |
|
|
switch (src_char) {
|
| 728 |
|
|
case 0:
|
| 729 |
|
|
target[j] = 0;
|
| 730 |
|
|
goto ctoUCS_out;
|
| 731 |
|
|
case ':':
|
| 732 |
|
|
target[j] = cpu_to_le16(UNI_COLON);
|
| 733 |
|
|
break;
|
| 734 |
|
|
case '*':
|
| 735 |
|
|
target[j] = cpu_to_le16(UNI_ASTERIK);
|
| 736 |
|
|
break;
|
| 737 |
|
|
case '?':
|
| 738 |
|
|
target[j] = cpu_to_le16(UNI_QUESTION);
|
| 739 |
|
|
break;
|
| 740 |
|
|
case '<':
|
| 741 |
|
|
target[j] = cpu_to_le16(UNI_LESSTHAN);
|
| 742 |
|
|
break;
|
| 743 |
|
|
case '>':
|
| 744 |
|
|
target[j] = cpu_to_le16(UNI_GRTRTHAN);
|
| 745 |
|
|
break;
|
| 746 |
|
|
case '|':
|
| 747 |
|
|
target[j] = cpu_to_le16(UNI_PIPE);
|
| 748 |
|
|
break;
|
| 749 |
|
|
/* BB We can not handle remapping slash until
|
| 750 |
|
|
all the calls to build_path_from_dentry
|
| 751 |
|
|
are modified, as they use slash as separator BB */
|
| 752 |
|
|
/* case '\\':
|
| 753 |
|
|
target[j] = cpu_to_le16(UNI_SLASH);
|
| 754 |
|
|
break;*/
|
| 755 |
|
|
default:
|
| 756 |
|
|
charlen = cp->char2uni(source+i,
|
| 757 |
|
|
len_remaining, &temp);
|
| 758 |
|
|
/* if no match, use question mark, which
|
| 759 |
|
|
at least in some cases servers as wild card */
|
| 760 |
|
|
if (charlen < 1) {
|
| 761 |
|
|
target[j] = cpu_to_le16(0x003f);
|
| 762 |
|
|
charlen = 1;
|
| 763 |
|
|
} else
|
| 764 |
|
|
target[j] = cpu_to_le16(temp);
|
| 765 |
|
|
len_remaining -= charlen;
|
| 766 |
|
|
/* character may take more than one byte in the
|
| 767 |
|
|
the source string, but will take exactly two
|
| 768 |
|
|
bytes in the target string */
|
| 769 |
|
|
i += charlen;
|
| 770 |
|
|
continue;
|
| 771 |
|
|
}
|
| 772 |
|
|
i++; /* move to next char in source string */
|
| 773 |
|
|
len_remaining--;
|
| 774 |
|
|
}
|
| 775 |
|
|
|
| 776 |
|
|
ctoUCS_out:
|
| 777 |
|
|
return i;
|
| 778 |
|
|
}
|
