smb2pdu.c 40 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503
  1. /*
  2. * fs/cifs/smb2pdu.c
  3. *
  4. * Copyright (C) International Business Machines Corp., 2009, 2011
  5. * Etersoft, 2012
  6. * Author(s): Steve French (sfrench@us.ibm.com)
  7. * Pavel Shilovsky (pshilovsky@samba.org) 2012
  8. *
  9. * Contains the routines for constructing the SMB2 PDUs themselves
  10. *
  11. * This library is free software; you can redistribute it and/or modify
  12. * it under the terms of the GNU Lesser General Public License as published
  13. * by the Free Software Foundation; either version 2.1 of the License, or
  14. * (at your option) any later version.
  15. *
  16. * This library is distributed in the hope that it will be useful,
  17. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
  19. * the GNU Lesser General Public License for more details.
  20. *
  21. * You should have received a copy of the GNU Lesser General Public License
  22. * along with this library; if not, write to the Free Software
  23. * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  24. */
  25. /* SMB2 PDU handling routines here - except for leftovers (eg session setup) */
  26. /* Note that there are handle based routines which must be */
  27. /* treated slightly differently for reconnection purposes since we never */
  28. /* want to reuse a stale file handle and only the caller knows the file info */
  29. #include <linux/fs.h>
  30. #include <linux/kernel.h>
  31. #include <linux/vfs.h>
  32. #include <linux/task_io_accounting_ops.h>
  33. #include <linux/uaccess.h>
  34. #include <linux/pagemap.h>
  35. #include <linux/xattr.h>
  36. #include "smb2pdu.h"
  37. #include "cifsglob.h"
  38. #include "cifsacl.h"
  39. #include "cifsproto.h"
  40. #include "smb2proto.h"
  41. #include "cifs_unicode.h"
  42. #include "cifs_debug.h"
  43. #include "ntlmssp.h"
  44. #include "smb2status.h"
  45. #include "smb2glob.h"
  46. /*
  47. * The following table defines the expected "StructureSize" of SMB2 requests
  48. * in order by SMB2 command. This is similar to "wct" in SMB/CIFS requests.
  49. *
  50. * Note that commands are defined in smb2pdu.h in le16 but the array below is
  51. * indexed by command in host byte order.
  52. */
  53. static const int smb2_req_struct_sizes[NUMBER_OF_SMB2_COMMANDS] = {
  54. /* SMB2_NEGOTIATE */ 36,
  55. /* SMB2_SESSION_SETUP */ 25,
  56. /* SMB2_LOGOFF */ 4,
  57. /* SMB2_TREE_CONNECT */ 9,
  58. /* SMB2_TREE_DISCONNECT */ 4,
  59. /* SMB2_CREATE */ 57,
  60. /* SMB2_CLOSE */ 24,
  61. /* SMB2_FLUSH */ 24,
  62. /* SMB2_READ */ 49,
  63. /* SMB2_WRITE */ 49,
  64. /* SMB2_LOCK */ 48,
  65. /* SMB2_IOCTL */ 57,
  66. /* SMB2_CANCEL */ 4,
  67. /* SMB2_ECHO */ 4,
  68. /* SMB2_QUERY_DIRECTORY */ 33,
  69. /* SMB2_CHANGE_NOTIFY */ 32,
  70. /* SMB2_QUERY_INFO */ 41,
  71. /* SMB2_SET_INFO */ 33,
  72. /* SMB2_OPLOCK_BREAK */ 24 /* BB this is 36 for LEASE_BREAK variant */
  73. };
  74. static void
  75. smb2_hdr_assemble(struct smb2_hdr *hdr, __le16 smb2_cmd /* command */ ,
  76. const struct cifs_tcon *tcon)
  77. {
  78. struct smb2_pdu *pdu = (struct smb2_pdu *)hdr;
  79. char *temp = (char *)hdr;
  80. /* lookup word count ie StructureSize from table */
  81. __u16 parmsize = smb2_req_struct_sizes[le16_to_cpu(smb2_cmd)];
  82. /*
  83. * smaller than SMALL_BUFFER_SIZE but bigger than fixed area of
  84. * largest operations (Create)
  85. */
  86. memset(temp, 0, 256);
  87. /* Note this is only network field converted to big endian */
  88. hdr->smb2_buf_length = cpu_to_be32(parmsize + sizeof(struct smb2_hdr)
  89. - 4 /* RFC 1001 length field itself not counted */);
  90. hdr->ProtocolId[0] = 0xFE;
  91. hdr->ProtocolId[1] = 'S';
  92. hdr->ProtocolId[2] = 'M';
  93. hdr->ProtocolId[3] = 'B';
  94. hdr->StructureSize = cpu_to_le16(64);
  95. hdr->Command = smb2_cmd;
  96. hdr->CreditRequest = cpu_to_le16(2); /* BB make this dynamic */
  97. hdr->ProcessId = cpu_to_le32((__u16)current->tgid);
  98. if (!tcon)
  99. goto out;
  100. hdr->TreeId = tcon->tid;
  101. /* Uid is not converted */
  102. if (tcon->ses)
  103. hdr->SessionId = tcon->ses->Suid;
  104. /* BB check following DFS flags BB */
  105. /* BB do we have to add check for SHI1005_FLAGS_DFS_ROOT too? */
  106. if (tcon->share_flags & SHI1005_FLAGS_DFS)
  107. hdr->Flags |= SMB2_FLAGS_DFS_OPERATIONS;
  108. /* BB how does SMB2 do case sensitive? */
  109. /* if (tcon->nocase)
  110. hdr->Flags |= SMBFLG_CASELESS; */
  111. /* if (tcon->ses && tcon->ses->server &&
  112. (tcon->ses->server->sec_mode & SECMODE_SIGN_REQUIRED))
  113. hdr->Flags |= SMB2_FLAGS_SIGNED; */
  114. out:
  115. pdu->StructureSize2 = cpu_to_le16(parmsize);
  116. return;
  117. }
  118. static int
  119. smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon)
  120. {
  121. int rc = 0;
  122. struct nls_table *nls_codepage;
  123. struct cifs_ses *ses;
  124. struct TCP_Server_Info *server;
  125. /*
  126. * SMB2s NegProt, SessSetup, Logoff do not have tcon yet so
  127. * check for tcp and smb session status done differently
  128. * for those three - in the calling routine.
  129. */
  130. if (tcon == NULL)
  131. return rc;
  132. if (smb2_command == SMB2_TREE_CONNECT)
  133. return rc;
  134. if (tcon->tidStatus == CifsExiting) {
  135. /*
  136. * only tree disconnect, open, and write,
  137. * (and ulogoff which does not have tcon)
  138. * are allowed as we start force umount.
  139. */
  140. if ((smb2_command != SMB2_WRITE) &&
  141. (smb2_command != SMB2_CREATE) &&
  142. (smb2_command != SMB2_TREE_DISCONNECT)) {
  143. cFYI(1, "can not send cmd %d while umounting",
  144. smb2_command);
  145. return -ENODEV;
  146. }
  147. }
  148. if ((!tcon->ses) || (tcon->ses->status == CifsExiting) ||
  149. (!tcon->ses->server))
  150. return -EIO;
  151. ses = tcon->ses;
  152. server = ses->server;
  153. /*
  154. * Give demultiplex thread up to 10 seconds to reconnect, should be
  155. * greater than cifs socket timeout which is 7 seconds
  156. */
  157. while (server->tcpStatus == CifsNeedReconnect) {
  158. /*
  159. * Return to caller for TREE_DISCONNECT and LOGOFF and CLOSE
  160. * here since they are implicitly done when session drops.
  161. */
  162. switch (smb2_command) {
  163. /*
  164. * BB Should we keep oplock break and add flush to exceptions?
  165. */
  166. case SMB2_TREE_DISCONNECT:
  167. case SMB2_CANCEL:
  168. case SMB2_CLOSE:
  169. case SMB2_OPLOCK_BREAK:
  170. return -EAGAIN;
  171. }
  172. wait_event_interruptible_timeout(server->response_q,
  173. (server->tcpStatus != CifsNeedReconnect), 10 * HZ);
  174. /* are we still trying to reconnect? */
  175. if (server->tcpStatus != CifsNeedReconnect)
  176. break;
  177. /*
  178. * on "soft" mounts we wait once. Hard mounts keep
  179. * retrying until process is killed or server comes
  180. * back on-line
  181. */
  182. if (!tcon->retry) {
  183. cFYI(1, "gave up waiting on reconnect in smb_init");
  184. return -EHOSTDOWN;
  185. }
  186. }
  187. if (!tcon->ses->need_reconnect && !tcon->need_reconnect)
  188. return rc;
  189. nls_codepage = load_nls_default();
  190. /*
  191. * need to prevent multiple threads trying to simultaneously reconnect
  192. * the same SMB session
  193. */
  194. mutex_lock(&tcon->ses->session_mutex);
  195. rc = cifs_negotiate_protocol(0, tcon->ses);
  196. if (!rc && tcon->ses->need_reconnect)
  197. rc = cifs_setup_session(0, tcon->ses, nls_codepage);
  198. if (rc || !tcon->need_reconnect) {
  199. mutex_unlock(&tcon->ses->session_mutex);
  200. goto out;
  201. }
  202. cifs_mark_open_files_invalid(tcon);
  203. rc = SMB2_tcon(0, tcon->ses, tcon->treeName, tcon, nls_codepage);
  204. mutex_unlock(&tcon->ses->session_mutex);
  205. cFYI(1, "reconnect tcon rc = %d", rc);
  206. if (rc)
  207. goto out;
  208. atomic_inc(&tconInfoReconnectCount);
  209. /*
  210. * BB FIXME add code to check if wsize needs update due to negotiated
  211. * smb buffer size shrinking.
  212. */
  213. out:
  214. /*
  215. * Check if handle based operation so we know whether we can continue
  216. * or not without returning to caller to reset file handle.
  217. */
  218. /*
  219. * BB Is flush done by server on drop of tcp session? Should we special
  220. * case it and skip above?
  221. */
  222. switch (smb2_command) {
  223. case SMB2_FLUSH:
  224. case SMB2_READ:
  225. case SMB2_WRITE:
  226. case SMB2_LOCK:
  227. case SMB2_IOCTL:
  228. case SMB2_QUERY_DIRECTORY:
  229. case SMB2_CHANGE_NOTIFY:
  230. case SMB2_QUERY_INFO:
  231. case SMB2_SET_INFO:
  232. return -EAGAIN;
  233. }
  234. unload_nls(nls_codepage);
  235. return rc;
  236. }
  237. /*
  238. * Allocate and return pointer to an SMB request hdr, and set basic
  239. * SMB information in the SMB header. If the return code is zero, this
  240. * function must have filled in request_buf pointer.
  241. */
  242. static int
  243. small_smb2_init(__le16 smb2_command, struct cifs_tcon *tcon,
  244. void **request_buf)
  245. {
  246. int rc = 0;
  247. rc = smb2_reconnect(smb2_command, tcon);
  248. if (rc)
  249. return rc;
  250. /* BB eventually switch this to SMB2 specific small buf size */
  251. *request_buf = cifs_small_buf_get();
  252. if (*request_buf == NULL) {
  253. /* BB should we add a retry in here if not a writepage? */
  254. return -ENOMEM;
  255. }
  256. smb2_hdr_assemble((struct smb2_hdr *) *request_buf, smb2_command, tcon);
  257. if (tcon != NULL) {
  258. #ifdef CONFIG_CIFS_STATS2
  259. uint16_t com_code = le16_to_cpu(smb2_command);
  260. cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_sent[com_code]);
  261. #endif
  262. cifs_stats_inc(&tcon->num_smbs_sent);
  263. }
  264. return rc;
  265. }
  266. static void
  267. free_rsp_buf(int resp_buftype, void *rsp)
  268. {
  269. if (resp_buftype == CIFS_SMALL_BUFFER)
  270. cifs_small_buf_release(rsp);
  271. else if (resp_buftype == CIFS_LARGE_BUFFER)
  272. cifs_buf_release(rsp);
  273. }
  274. #define SMB2_NUM_PROT 1
  275. #define SMB2_PROT 0
  276. #define SMB21_PROT 1
  277. #define BAD_PROT 0xFFFF
  278. #define SMB2_PROT_ID 0x0202
  279. #define SMB21_PROT_ID 0x0210
  280. #define BAD_PROT_ID 0xFFFF
  281. static struct {
  282. int index;
  283. __le16 name;
  284. } smb2protocols[] = {
  285. {SMB2_PROT, cpu_to_le16(SMB2_PROT_ID)},
  286. {SMB21_PROT, cpu_to_le16(SMB21_PROT_ID)},
  287. {BAD_PROT, cpu_to_le16(BAD_PROT_ID)}
  288. };
  289. /*
  290. *
  291. * SMB2 Worker functions follow:
  292. *
  293. * The general structure of the worker functions is:
  294. * 1) Call smb2_init (assembles SMB2 header)
  295. * 2) Initialize SMB2 command specific fields in fixed length area of SMB
  296. * 3) Call smb_sendrcv2 (sends request on socket and waits for response)
  297. * 4) Decode SMB2 command specific fields in the fixed length area
  298. * 5) Decode variable length data area (if any for this SMB2 command type)
  299. * 6) Call free smb buffer
  300. * 7) return
  301. *
  302. */
  303. int
  304. SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses)
  305. {
  306. struct smb2_negotiate_req *req;
  307. struct smb2_negotiate_rsp *rsp;
  308. struct kvec iov[1];
  309. int rc = 0;
  310. int resp_buftype;
  311. struct TCP_Server_Info *server;
  312. unsigned int sec_flags;
  313. u16 i;
  314. u16 temp = 0;
  315. int blob_offset, blob_length;
  316. char *security_blob;
  317. int flags = CIFS_NEG_OP;
  318. cFYI(1, "Negotiate protocol");
  319. if (ses->server)
  320. server = ses->server;
  321. else {
  322. rc = -EIO;
  323. return rc;
  324. }
  325. rc = small_smb2_init(SMB2_NEGOTIATE, NULL, (void **) &req);
  326. if (rc)
  327. return rc;
  328. /* if any of auth flags (ie not sign or seal) are overriden use them */
  329. if (ses->overrideSecFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL)))
  330. sec_flags = ses->overrideSecFlg; /* BB FIXME fix sign flags?*/
  331. else /* if override flags set only sign/seal OR them with global auth */
  332. sec_flags = global_secflags | ses->overrideSecFlg;
  333. cFYI(1, "sec_flags 0x%x", sec_flags);
  334. req->hdr.SessionId = 0;
  335. for (i = 0; i < SMB2_NUM_PROT; i++)
  336. req->Dialects[i] = smb2protocols[i].name;
  337. req->DialectCount = cpu_to_le16(i);
  338. inc_rfc1001_len(req, i * 2);
  339. /* only one of SMB2 signing flags may be set in SMB2 request */
  340. if ((sec_flags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN)
  341. temp = SMB2_NEGOTIATE_SIGNING_REQUIRED;
  342. else if (sec_flags & CIFSSEC_MAY_SIGN) /* MAY_SIGN is a single flag */
  343. temp = SMB2_NEGOTIATE_SIGNING_ENABLED;
  344. req->SecurityMode = cpu_to_le16(temp);
  345. req->Capabilities = cpu_to_le32(SMB2_GLOBAL_CAP_DFS);
  346. iov[0].iov_base = (char *)req;
  347. /* 4 for rfc1002 length field */
  348. iov[0].iov_len = get_rfc1002_length(req) + 4;
  349. rc = SendReceive2(xid, ses, iov, 1, &resp_buftype, flags);
  350. rsp = (struct smb2_negotiate_rsp *)iov[0].iov_base;
  351. /*
  352. * No tcon so can't do
  353. * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]);
  354. */
  355. if (rc != 0)
  356. goto neg_exit;
  357. if (rsp == NULL) {
  358. rc = -EIO;
  359. goto neg_exit;
  360. }
  361. cFYI(1, "mode 0x%x", rsp->SecurityMode);
  362. if (rsp->DialectRevision == smb2protocols[SMB21_PROT].name)
  363. cFYI(1, "negotiated smb2.1 dialect");
  364. else if (rsp->DialectRevision == smb2protocols[SMB2_PROT].name)
  365. cFYI(1, "negotiated smb2 dialect");
  366. else {
  367. cERROR(1, "Illegal dialect returned by server %d",
  368. le16_to_cpu(rsp->DialectRevision));
  369. rc = -EIO;
  370. goto neg_exit;
  371. }
  372. server->dialect = le16_to_cpu(rsp->DialectRevision);
  373. server->maxBuf = le32_to_cpu(rsp->MaxTransactSize);
  374. server->max_read = le32_to_cpu(rsp->MaxReadSize);
  375. server->max_write = le32_to_cpu(rsp->MaxWriteSize);
  376. /* BB Do we need to validate the SecurityMode? */
  377. server->sec_mode = le16_to_cpu(rsp->SecurityMode);
  378. server->capabilities = le32_to_cpu(rsp->Capabilities);
  379. /* Internal types */
  380. server->capabilities |= SMB2_NT_FIND | SMB2_LARGE_FILES;
  381. security_blob = smb2_get_data_area_len(&blob_offset, &blob_length,
  382. &rsp->hdr);
  383. if (blob_length == 0) {
  384. cERROR(1, "missing security blob on negprot");
  385. rc = -EIO;
  386. goto neg_exit;
  387. }
  388. #ifdef CONFIG_SMB2_ASN1 /* BB REMOVEME when updated asn1.c ready */
  389. rc = decode_neg_token_init(security_blob, blob_length,
  390. &server->sec_type);
  391. if (rc == 1)
  392. rc = 0;
  393. else if (rc == 0) {
  394. rc = -EIO;
  395. goto neg_exit;
  396. }
  397. #endif
  398. neg_exit:
  399. free_rsp_buf(resp_buftype, rsp);
  400. return rc;
  401. }
  402. int
  403. SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses,
  404. const struct nls_table *nls_cp)
  405. {
  406. struct smb2_sess_setup_req *req;
  407. struct smb2_sess_setup_rsp *rsp = NULL;
  408. struct kvec iov[2];
  409. int rc = 0;
  410. int resp_buftype;
  411. __le32 phase = NtLmNegotiate; /* NTLMSSP, if needed, is multistage */
  412. struct TCP_Server_Info *server;
  413. unsigned int sec_flags;
  414. u8 temp = 0;
  415. u16 blob_length = 0;
  416. char *security_blob;
  417. char *ntlmssp_blob = NULL;
  418. bool use_spnego = false; /* else use raw ntlmssp */
  419. cFYI(1, "Session Setup");
  420. if (ses->server)
  421. server = ses->server;
  422. else {
  423. rc = -EIO;
  424. return rc;
  425. }
  426. /*
  427. * If memory allocation is successful, caller of this function
  428. * frees it.
  429. */
  430. ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL);
  431. if (!ses->ntlmssp)
  432. return -ENOMEM;
  433. ses->server->secType = RawNTLMSSP;
  434. ssetup_ntlmssp_authenticate:
  435. if (phase == NtLmChallenge)
  436. phase = NtLmAuthenticate; /* if ntlmssp, now final phase */
  437. rc = small_smb2_init(SMB2_SESSION_SETUP, NULL, (void **) &req);
  438. if (rc)
  439. return rc;
  440. /* if any of auth flags (ie not sign or seal) are overriden use them */
  441. if (ses->overrideSecFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL)))
  442. sec_flags = ses->overrideSecFlg; /* BB FIXME fix sign flags?*/
  443. else /* if override flags set only sign/seal OR them with global auth */
  444. sec_flags = global_secflags | ses->overrideSecFlg;
  445. cFYI(1, "sec_flags 0x%x", sec_flags);
  446. req->hdr.SessionId = 0; /* First session, not a reauthenticate */
  447. req->VcNumber = 0; /* MBZ */
  448. /* to enable echos and oplocks */
  449. req->hdr.CreditRequest = cpu_to_le16(3);
  450. /* only one of SMB2 signing flags may be set in SMB2 request */
  451. if ((sec_flags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN)
  452. temp = SMB2_NEGOTIATE_SIGNING_REQUIRED;
  453. else if (ses->server->sec_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED)
  454. temp = SMB2_NEGOTIATE_SIGNING_REQUIRED;
  455. else if (sec_flags & CIFSSEC_MAY_SIGN) /* MAY_SIGN is a single flag */
  456. temp = SMB2_NEGOTIATE_SIGNING_ENABLED;
  457. req->SecurityMode = temp;
  458. req->Capabilities = 0;
  459. req->Channel = 0; /* MBZ */
  460. iov[0].iov_base = (char *)req;
  461. /* 4 for rfc1002 length field and 1 for pad */
  462. iov[0].iov_len = get_rfc1002_length(req) + 4 - 1;
  463. if (phase == NtLmNegotiate) {
  464. ntlmssp_blob = kmalloc(sizeof(struct _NEGOTIATE_MESSAGE),
  465. GFP_KERNEL);
  466. if (ntlmssp_blob == NULL) {
  467. rc = -ENOMEM;
  468. goto ssetup_exit;
  469. }
  470. build_ntlmssp_negotiate_blob(ntlmssp_blob, ses);
  471. if (use_spnego) {
  472. /* blob_length = build_spnego_ntlmssp_blob(
  473. &security_blob,
  474. sizeof(struct _NEGOTIATE_MESSAGE),
  475. ntlmssp_blob); */
  476. /* BB eventually need to add this */
  477. cERROR(1, "spnego not supported for SMB2 yet");
  478. rc = -EOPNOTSUPP;
  479. kfree(ntlmssp_blob);
  480. goto ssetup_exit;
  481. } else {
  482. blob_length = sizeof(struct _NEGOTIATE_MESSAGE);
  483. /* with raw NTLMSSP we don't encapsulate in SPNEGO */
  484. security_blob = ntlmssp_blob;
  485. }
  486. } else if (phase == NtLmAuthenticate) {
  487. req->hdr.SessionId = ses->Suid;
  488. ntlmssp_blob = kzalloc(sizeof(struct _NEGOTIATE_MESSAGE) + 500,
  489. GFP_KERNEL);
  490. if (ntlmssp_blob == NULL) {
  491. cERROR(1, "failed to malloc ntlmssp blob");
  492. rc = -ENOMEM;
  493. goto ssetup_exit;
  494. }
  495. rc = build_ntlmssp_auth_blob(ntlmssp_blob, &blob_length, ses,
  496. nls_cp);
  497. if (rc) {
  498. cFYI(1, "build_ntlmssp_auth_blob failed %d", rc);
  499. goto ssetup_exit; /* BB double check error handling */
  500. }
  501. if (use_spnego) {
  502. /* blob_length = build_spnego_ntlmssp_blob(
  503. &security_blob,
  504. blob_length,
  505. ntlmssp_blob); */
  506. cERROR(1, "spnego not supported for SMB2 yet");
  507. rc = -EOPNOTSUPP;
  508. kfree(ntlmssp_blob);
  509. goto ssetup_exit;
  510. } else {
  511. security_blob = ntlmssp_blob;
  512. }
  513. } else {
  514. cERROR(1, "illegal ntlmssp phase");
  515. rc = -EIO;
  516. goto ssetup_exit;
  517. }
  518. /* Testing shows that buffer offset must be at location of Buffer[0] */
  519. req->SecurityBufferOffset =
  520. cpu_to_le16(sizeof(struct smb2_sess_setup_req) -
  521. 1 /* pad */ - 4 /* rfc1001 len */);
  522. req->SecurityBufferLength = cpu_to_le16(blob_length);
  523. iov[1].iov_base = security_blob;
  524. iov[1].iov_len = blob_length;
  525. inc_rfc1001_len(req, blob_length - 1 /* pad */);
  526. /* BB add code to build os and lm fields */
  527. rc = SendReceive2(xid, ses, iov, 2, &resp_buftype, CIFS_LOG_ERROR);
  528. kfree(security_blob);
  529. rsp = (struct smb2_sess_setup_rsp *)iov[0].iov_base;
  530. if (rsp->hdr.Status == STATUS_MORE_PROCESSING_REQUIRED) {
  531. if (phase != NtLmNegotiate) {
  532. cERROR(1, "Unexpected more processing error");
  533. goto ssetup_exit;
  534. }
  535. if (offsetof(struct smb2_sess_setup_rsp, Buffer) - 4 !=
  536. le16_to_cpu(rsp->SecurityBufferOffset)) {
  537. cERROR(1, "Invalid security buffer offset %d",
  538. le16_to_cpu(rsp->SecurityBufferOffset));
  539. rc = -EIO;
  540. goto ssetup_exit;
  541. }
  542. /* NTLMSSP Negotiate sent now processing challenge (response) */
  543. phase = NtLmChallenge; /* process ntlmssp challenge */
  544. rc = 0; /* MORE_PROCESSING is not an error here but expected */
  545. ses->Suid = rsp->hdr.SessionId;
  546. rc = decode_ntlmssp_challenge(rsp->Buffer,
  547. le16_to_cpu(rsp->SecurityBufferLength), ses);
  548. }
  549. /*
  550. * BB eventually add code for SPNEGO decoding of NtlmChallenge blob,
  551. * but at least the raw NTLMSSP case works.
  552. */
  553. /*
  554. * No tcon so can't do
  555. * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]);
  556. */
  557. if (rc != 0)
  558. goto ssetup_exit;
  559. if (rsp == NULL) {
  560. rc = -EIO;
  561. goto ssetup_exit;
  562. }
  563. ses->session_flags = le16_to_cpu(rsp->SessionFlags);
  564. ssetup_exit:
  565. free_rsp_buf(resp_buftype, rsp);
  566. /* if ntlmssp, and negotiate succeeded, proceed to authenticate phase */
  567. if ((phase == NtLmChallenge) && (rc == 0))
  568. goto ssetup_ntlmssp_authenticate;
  569. return rc;
  570. }
  571. int
  572. SMB2_logoff(const unsigned int xid, struct cifs_ses *ses)
  573. {
  574. struct smb2_logoff_req *req; /* response is also trivial struct */
  575. int rc = 0;
  576. struct TCP_Server_Info *server;
  577. cFYI(1, "disconnect session %p", ses);
  578. if (ses && (ses->server))
  579. server = ses->server;
  580. else
  581. return -EIO;
  582. rc = small_smb2_init(SMB2_LOGOFF, NULL, (void **) &req);
  583. if (rc)
  584. return rc;
  585. /* since no tcon, smb2_init can not do this, so do here */
  586. req->hdr.SessionId = ses->Suid;
  587. rc = SendReceiveNoRsp(xid, ses, (char *) &req->hdr, 0);
  588. /*
  589. * No tcon so can't do
  590. * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]);
  591. */
  592. return rc;
  593. }
  594. static inline void cifs_stats_fail_inc(struct cifs_tcon *tcon, uint16_t code)
  595. {
  596. cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_failed[code]);
  597. }
  598. #define MAX_SHARENAME_LENGTH (255 /* server */ + 80 /* share */ + 1 /* NULL */)
  599. int
  600. SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree,
  601. struct cifs_tcon *tcon, const struct nls_table *cp)
  602. {
  603. struct smb2_tree_connect_req *req;
  604. struct smb2_tree_connect_rsp *rsp = NULL;
  605. struct kvec iov[2];
  606. int rc = 0;
  607. int resp_buftype;
  608. int unc_path_len;
  609. struct TCP_Server_Info *server;
  610. __le16 *unc_path = NULL;
  611. cFYI(1, "TCON");
  612. if ((ses->server) && tree)
  613. server = ses->server;
  614. else
  615. return -EIO;
  616. if (tcon && tcon->bad_network_name)
  617. return -ENOENT;
  618. unc_path = kmalloc(MAX_SHARENAME_LENGTH * 2, GFP_KERNEL);
  619. if (unc_path == NULL)
  620. return -ENOMEM;
  621. unc_path_len = cifs_strtoUTF16(unc_path, tree, strlen(tree), cp) + 1;
  622. unc_path_len *= 2;
  623. if (unc_path_len < 2) {
  624. kfree(unc_path);
  625. return -EINVAL;
  626. }
  627. rc = small_smb2_init(SMB2_TREE_CONNECT, tcon, (void **) &req);
  628. if (rc) {
  629. kfree(unc_path);
  630. return rc;
  631. }
  632. if (tcon == NULL) {
  633. /* since no tcon, smb2_init can not do this, so do here */
  634. req->hdr.SessionId = ses->Suid;
  635. /* if (ses->server->sec_mode & SECMODE_SIGN_REQUIRED)
  636. req->hdr.Flags |= SMB2_FLAGS_SIGNED; */
  637. }
  638. iov[0].iov_base = (char *)req;
  639. /* 4 for rfc1002 length field and 1 for pad */
  640. iov[0].iov_len = get_rfc1002_length(req) + 4 - 1;
  641. /* Testing shows that buffer offset must be at location of Buffer[0] */
  642. req->PathOffset = cpu_to_le16(sizeof(struct smb2_tree_connect_req)
  643. - 1 /* pad */ - 4 /* do not count rfc1001 len field */);
  644. req->PathLength = cpu_to_le16(unc_path_len - 2);
  645. iov[1].iov_base = unc_path;
  646. iov[1].iov_len = unc_path_len;
  647. inc_rfc1001_len(req, unc_path_len - 1 /* pad */);
  648. rc = SendReceive2(xid, ses, iov, 2, &resp_buftype, 0);
  649. rsp = (struct smb2_tree_connect_rsp *)iov[0].iov_base;
  650. if (rc != 0) {
  651. if (tcon) {
  652. cifs_stats_fail_inc(tcon, SMB2_TREE_CONNECT_HE);
  653. tcon->need_reconnect = true;
  654. }
  655. goto tcon_error_exit;
  656. }
  657. if (rsp == NULL) {
  658. rc = -EIO;
  659. goto tcon_exit;
  660. }
  661. if (tcon == NULL) {
  662. ses->ipc_tid = rsp->hdr.TreeId;
  663. goto tcon_exit;
  664. }
  665. if (rsp->ShareType & SMB2_SHARE_TYPE_DISK)
  666. cFYI(1, "connection to disk share");
  667. else if (rsp->ShareType & SMB2_SHARE_TYPE_PIPE) {
  668. tcon->ipc = true;
  669. cFYI(1, "connection to pipe share");
  670. } else if (rsp->ShareType & SMB2_SHARE_TYPE_PRINT) {
  671. tcon->print = true;
  672. cFYI(1, "connection to printer");
  673. } else {
  674. cERROR(1, "unknown share type %d", rsp->ShareType);
  675. rc = -EOPNOTSUPP;
  676. goto tcon_error_exit;
  677. }
  678. tcon->share_flags = le32_to_cpu(rsp->ShareFlags);
  679. tcon->maximal_access = le32_to_cpu(rsp->MaximalAccess);
  680. tcon->tidStatus = CifsGood;
  681. tcon->need_reconnect = false;
  682. tcon->tid = rsp->hdr.TreeId;
  683. strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
  684. if ((rsp->Capabilities & SMB2_SHARE_CAP_DFS) &&
  685. ((tcon->share_flags & SHI1005_FLAGS_DFS) == 0))
  686. cERROR(1, "DFS capability contradicts DFS flag");
  687. tcon_exit:
  688. free_rsp_buf(resp_buftype, rsp);
  689. kfree(unc_path);
  690. return rc;
  691. tcon_error_exit:
  692. if (rsp->hdr.Status == STATUS_BAD_NETWORK_NAME) {
  693. cERROR(1, "BAD_NETWORK_NAME: %s", tree);
  694. tcon->bad_network_name = true;
  695. }
  696. goto tcon_exit;
  697. }
  698. int
  699. SMB2_tdis(const unsigned int xid, struct cifs_tcon *tcon)
  700. {
  701. struct smb2_tree_disconnect_req *req; /* response is trivial */
  702. int rc = 0;
  703. struct TCP_Server_Info *server;
  704. struct cifs_ses *ses = tcon->ses;
  705. cFYI(1, "Tree Disconnect");
  706. if (ses && (ses->server))
  707. server = ses->server;
  708. else
  709. return -EIO;
  710. if ((tcon->need_reconnect) || (tcon->ses->need_reconnect))
  711. return 0;
  712. rc = small_smb2_init(SMB2_TREE_DISCONNECT, tcon, (void **) &req);
  713. if (rc)
  714. return rc;
  715. rc = SendReceiveNoRsp(xid, ses, (char *)&req->hdr, 0);
  716. if (rc)
  717. cifs_stats_fail_inc(tcon, SMB2_TREE_DISCONNECT_HE);
  718. return rc;
  719. }
  720. int
  721. SMB2_open(const unsigned int xid, struct cifs_tcon *tcon, __le16 *path,
  722. u64 *persistent_fid, u64 *volatile_fid, __u32 desired_access,
  723. __u32 create_disposition, __u32 file_attributes, __u32 create_options,
  724. struct smb2_file_all_info *buf)
  725. {
  726. struct smb2_create_req *req;
  727. struct smb2_create_rsp *rsp;
  728. struct TCP_Server_Info *server;
  729. struct cifs_ses *ses = tcon->ses;
  730. struct kvec iov[2];
  731. int resp_buftype;
  732. int uni_path_len;
  733. int rc = 0;
  734. int num_iovecs = 2;
  735. cFYI(1, "create/open");
  736. if (ses && (ses->server))
  737. server = ses->server;
  738. else
  739. return -EIO;
  740. rc = small_smb2_init(SMB2_CREATE, tcon, (void **) &req);
  741. if (rc)
  742. return rc;
  743. /* if (server->oplocks)
  744. req->RequestedOplockLevel = SMB2_OPLOCK_LEVEL_BATCH;
  745. else */
  746. req->RequestedOplockLevel = SMB2_OPLOCK_LEVEL_NONE;
  747. req->ImpersonationLevel = IL_IMPERSONATION;
  748. req->DesiredAccess = cpu_to_le32(desired_access);
  749. /* File attributes ignored on open (used in create though) */
  750. req->FileAttributes = cpu_to_le32(file_attributes);
  751. req->ShareAccess = FILE_SHARE_ALL_LE;
  752. req->CreateDisposition = cpu_to_le32(create_disposition);
  753. req->CreateOptions = cpu_to_le32(create_options);
  754. uni_path_len = (2 * UniStrnlen((wchar_t *)path, PATH_MAX)) + 2;
  755. req->NameOffset = cpu_to_le16(sizeof(struct smb2_create_req)
  756. - 1 /* pad */ - 4 /* do not count rfc1001 len field */);
  757. iov[0].iov_base = (char *)req;
  758. /* 4 for rfc1002 length field */
  759. iov[0].iov_len = get_rfc1002_length(req) + 4;
  760. /* MUST set path len (NameLength) to 0 opening root of share */
  761. if (uni_path_len >= 4) {
  762. req->NameLength = cpu_to_le16(uni_path_len - 2);
  763. /* -1 since last byte is buf[0] which is sent below (path) */
  764. iov[0].iov_len--;
  765. iov[1].iov_len = uni_path_len;
  766. iov[1].iov_base = path;
  767. /*
  768. * -1 since last byte is buf[0] which was counted in
  769. * smb2_buf_len.
  770. */
  771. inc_rfc1001_len(req, uni_path_len - 1);
  772. } else {
  773. num_iovecs = 1;
  774. req->NameLength = 0;
  775. }
  776. rc = SendReceive2(xid, ses, iov, num_iovecs, &resp_buftype, 0);
  777. rsp = (struct smb2_create_rsp *)iov[0].iov_base;
  778. if (rc != 0) {
  779. cifs_stats_fail_inc(tcon, SMB2_CREATE_HE);
  780. goto creat_exit;
  781. }
  782. if (rsp == NULL) {
  783. rc = -EIO;
  784. goto creat_exit;
  785. }
  786. *persistent_fid = rsp->PersistentFileId;
  787. *volatile_fid = rsp->VolatileFileId;
  788. if (buf) {
  789. memcpy(buf, &rsp->CreationTime, 32);
  790. buf->AllocationSize = rsp->AllocationSize;
  791. buf->EndOfFile = rsp->EndofFile;
  792. buf->Attributes = rsp->FileAttributes;
  793. buf->NumberOfLinks = cpu_to_le32(1);
  794. buf->DeletePending = 0;
  795. }
  796. creat_exit:
  797. free_rsp_buf(resp_buftype, rsp);
  798. return rc;
  799. }
  800. int
  801. SMB2_close(const unsigned int xid, struct cifs_tcon *tcon,
  802. u64 persistent_fid, u64 volatile_fid)
  803. {
  804. struct smb2_close_req *req;
  805. struct smb2_close_rsp *rsp;
  806. struct TCP_Server_Info *server;
  807. struct cifs_ses *ses = tcon->ses;
  808. struct kvec iov[1];
  809. int resp_buftype;
  810. int rc = 0;
  811. cFYI(1, "Close");
  812. if (ses && (ses->server))
  813. server = ses->server;
  814. else
  815. return -EIO;
  816. rc = small_smb2_init(SMB2_CLOSE, tcon, (void **) &req);
  817. if (rc)
  818. return rc;
  819. req->PersistentFileId = persistent_fid;
  820. req->VolatileFileId = volatile_fid;
  821. iov[0].iov_base = (char *)req;
  822. /* 4 for rfc1002 length field */
  823. iov[0].iov_len = get_rfc1002_length(req) + 4;
  824. rc = SendReceive2(xid, ses, iov, 1, &resp_buftype, 0);
  825. rsp = (struct smb2_close_rsp *)iov[0].iov_base;
  826. if (rc != 0) {
  827. if (tcon)
  828. cifs_stats_fail_inc(tcon, SMB2_CLOSE_HE);
  829. goto close_exit;
  830. }
  831. if (rsp == NULL) {
  832. rc = -EIO;
  833. goto close_exit;
  834. }
  835. /* BB FIXME - decode close response, update inode for caching */
  836. close_exit:
  837. free_rsp_buf(resp_buftype, rsp);
  838. return rc;
  839. }
  840. static int
  841. validate_buf(unsigned int offset, unsigned int buffer_length,
  842. struct smb2_hdr *hdr, unsigned int min_buf_size)
  843. {
  844. unsigned int smb_len = be32_to_cpu(hdr->smb2_buf_length);
  845. char *end_of_smb = smb_len + 4 /* RFC1001 length field */ + (char *)hdr;
  846. char *begin_of_buf = 4 /* RFC1001 len field */ + offset + (char *)hdr;
  847. char *end_of_buf = begin_of_buf + buffer_length;
  848. if (buffer_length < min_buf_size) {
  849. cERROR(1, "buffer length %d smaller than minimum size %d",
  850. buffer_length, min_buf_size);
  851. return -EINVAL;
  852. }
  853. /* check if beyond RFC1001 maximum length */
  854. if ((smb_len > 0x7FFFFF) || (buffer_length > 0x7FFFFF)) {
  855. cERROR(1, "buffer length %d or smb length %d too large",
  856. buffer_length, smb_len);
  857. return -EINVAL;
  858. }
  859. if ((begin_of_buf > end_of_smb) || (end_of_buf > end_of_smb)) {
  860. cERROR(1, "illegal server response, bad offset to data");
  861. return -EINVAL;
  862. }
  863. return 0;
  864. }
  865. /*
  866. * If SMB buffer fields are valid, copy into temporary buffer to hold result.
  867. * Caller must free buffer.
  868. */
  869. static int
  870. validate_and_copy_buf(unsigned int offset, unsigned int buffer_length,
  871. struct smb2_hdr *hdr, unsigned int minbufsize,
  872. char *data)
  873. {
  874. char *begin_of_buf = 4 /* RFC1001 len field */ + offset + (char *)hdr;
  875. int rc;
  876. if (!data)
  877. return -EINVAL;
  878. rc = validate_buf(offset, buffer_length, hdr, minbufsize);
  879. if (rc)
  880. return rc;
  881. memcpy(data, begin_of_buf, buffer_length);
  882. return 0;
  883. }
  884. static int
  885. query_info(const unsigned int xid, struct cifs_tcon *tcon,
  886. u64 persistent_fid, u64 volatile_fid, u8 info_class,
  887. size_t output_len, size_t min_len, void *data)
  888. {
  889. struct smb2_query_info_req *req;
  890. struct smb2_query_info_rsp *rsp = NULL;
  891. struct kvec iov[2];
  892. int rc = 0;
  893. int resp_buftype;
  894. struct TCP_Server_Info *server;
  895. struct cifs_ses *ses = tcon->ses;
  896. cFYI(1, "Query Info");
  897. if (ses && (ses->server))
  898. server = ses->server;
  899. else
  900. return -EIO;
  901. rc = small_smb2_init(SMB2_QUERY_INFO, tcon, (void **) &req);
  902. if (rc)
  903. return rc;
  904. req->InfoType = SMB2_O_INFO_FILE;
  905. req->FileInfoClass = info_class;
  906. req->PersistentFileId = persistent_fid;
  907. req->VolatileFileId = volatile_fid;
  908. /* 4 for rfc1002 length field and 1 for Buffer */
  909. req->InputBufferOffset =
  910. cpu_to_le16(sizeof(struct smb2_query_info_req) - 1 - 4);
  911. req->OutputBufferLength = cpu_to_le32(output_len);
  912. iov[0].iov_base = (char *)req;
  913. /* 4 for rfc1002 length field */
  914. iov[0].iov_len = get_rfc1002_length(req) + 4;
  915. rc = SendReceive2(xid, ses, iov, 1, &resp_buftype, 0);
  916. if (rc) {
  917. cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE);
  918. goto qinf_exit;
  919. }
  920. rsp = (struct smb2_query_info_rsp *)iov[0].iov_base;
  921. rc = validate_and_copy_buf(le16_to_cpu(rsp->OutputBufferOffset),
  922. le32_to_cpu(rsp->OutputBufferLength),
  923. &rsp->hdr, min_len, data);
  924. qinf_exit:
  925. free_rsp_buf(resp_buftype, rsp);
  926. return rc;
  927. }
  928. int
  929. SMB2_query_info(const unsigned int xid, struct cifs_tcon *tcon,
  930. u64 persistent_fid, u64 volatile_fid,
  931. struct smb2_file_all_info *data)
  932. {
  933. return query_info(xid, tcon, persistent_fid, volatile_fid,
  934. FILE_ALL_INFORMATION,
  935. sizeof(struct smb2_file_all_info) + MAX_NAME * 2,
  936. sizeof(struct smb2_file_all_info), data);
  937. }
  938. int
  939. SMB2_get_srv_num(const unsigned int xid, struct cifs_tcon *tcon,
  940. u64 persistent_fid, u64 volatile_fid, __le64 *uniqueid)
  941. {
  942. return query_info(xid, tcon, persistent_fid, volatile_fid,
  943. FILE_INTERNAL_INFORMATION,
  944. sizeof(struct smb2_file_internal_info),
  945. sizeof(struct smb2_file_internal_info), uniqueid);
  946. }
  947. /*
  948. * This is a no-op for now. We're not really interested in the reply, but
  949. * rather in the fact that the server sent one and that server->lstrp
  950. * gets updated.
  951. *
  952. * FIXME: maybe we should consider checking that the reply matches request?
  953. */
  954. static void
  955. smb2_echo_callback(struct mid_q_entry *mid)
  956. {
  957. struct TCP_Server_Info *server = mid->callback_data;
  958. struct smb2_echo_rsp *smb2 = (struct smb2_echo_rsp *)mid->resp_buf;
  959. unsigned int credits_received = 1;
  960. if (mid->mid_state == MID_RESPONSE_RECEIVED)
  961. credits_received = le16_to_cpu(smb2->hdr.CreditRequest);
  962. DeleteMidQEntry(mid);
  963. add_credits(server, credits_received, CIFS_ECHO_OP);
  964. }
  965. int
  966. SMB2_echo(struct TCP_Server_Info *server)
  967. {
  968. struct smb2_echo_req *req;
  969. int rc = 0;
  970. struct kvec iov;
  971. cFYI(1, "In echo request");
  972. rc = small_smb2_init(SMB2_ECHO, NULL, (void **)&req);
  973. if (rc)
  974. return rc;
  975. req->hdr.CreditRequest = cpu_to_le16(1);
  976. iov.iov_base = (char *)req;
  977. /* 4 for rfc1002 length field */
  978. iov.iov_len = get_rfc1002_length(req) + 4;
  979. rc = cifs_call_async(server, &iov, 1, NULL, smb2_echo_callback, server,
  980. CIFS_ECHO_OP);
  981. if (rc)
  982. cFYI(1, "Echo request failed: %d", rc);
  983. cifs_small_buf_release(req);
  984. return rc;
  985. }
  986. int
  987. SMB2_flush(const unsigned int xid, struct cifs_tcon *tcon, u64 persistent_fid,
  988. u64 volatile_fid)
  989. {
  990. struct smb2_flush_req *req;
  991. struct TCP_Server_Info *server;
  992. struct cifs_ses *ses = tcon->ses;
  993. struct kvec iov[1];
  994. int resp_buftype;
  995. int rc = 0;
  996. cFYI(1, "Flush");
  997. if (ses && (ses->server))
  998. server = ses->server;
  999. else
  1000. return -EIO;
  1001. rc = small_smb2_init(SMB2_FLUSH, tcon, (void **) &req);
  1002. if (rc)
  1003. return rc;
  1004. req->PersistentFileId = persistent_fid;
  1005. req->VolatileFileId = volatile_fid;
  1006. iov[0].iov_base = (char *)req;
  1007. /* 4 for rfc1002 length field */
  1008. iov[0].iov_len = get_rfc1002_length(req) + 4;
  1009. rc = SendReceive2(xid, ses, iov, 1, &resp_buftype, 0);
  1010. if ((rc != 0) && tcon)
  1011. cifs_stats_fail_inc(tcon, SMB2_FLUSH_HE);
  1012. free_rsp_buf(resp_buftype, iov[0].iov_base);
  1013. return rc;
  1014. }
  1015. /*
  1016. * To form a chain of read requests, any read requests after the first should
  1017. * have the end_of_chain boolean set to true.
  1018. */
  1019. static int
  1020. smb2_new_read_req(struct kvec *iov, struct cifs_io_parms *io_parms,
  1021. unsigned int remaining_bytes, int request_type)
  1022. {
  1023. int rc = -EACCES;
  1024. struct smb2_read_req *req = NULL;
  1025. rc = small_smb2_init(SMB2_READ, io_parms->tcon, (void **) &req);
  1026. if (rc)
  1027. return rc;
  1028. if (io_parms->tcon->ses->server == NULL)
  1029. return -ECONNABORTED;
  1030. req->hdr.ProcessId = cpu_to_le32(io_parms->pid);
  1031. req->PersistentFileId = io_parms->persistent_fid;
  1032. req->VolatileFileId = io_parms->volatile_fid;
  1033. req->ReadChannelInfoOffset = 0; /* reserved */
  1034. req->ReadChannelInfoLength = 0; /* reserved */
  1035. req->Channel = 0; /* reserved */
  1036. req->MinimumCount = 0;
  1037. req->Length = cpu_to_le32(io_parms->length);
  1038. req->Offset = cpu_to_le64(io_parms->offset);
  1039. if (request_type & CHAINED_REQUEST) {
  1040. if (!(request_type & END_OF_CHAIN)) {
  1041. /* 4 for rfc1002 length field */
  1042. req->hdr.NextCommand =
  1043. cpu_to_le32(get_rfc1002_length(req) + 4);
  1044. } else /* END_OF_CHAIN */
  1045. req->hdr.NextCommand = 0;
  1046. if (request_type & RELATED_REQUEST) {
  1047. req->hdr.Flags |= SMB2_FLAGS_RELATED_OPERATIONS;
  1048. /*
  1049. * Related requests use info from previous read request
  1050. * in chain.
  1051. */
  1052. req->hdr.SessionId = 0xFFFFFFFF;
  1053. req->hdr.TreeId = 0xFFFFFFFF;
  1054. req->PersistentFileId = 0xFFFFFFFF;
  1055. req->VolatileFileId = 0xFFFFFFFF;
  1056. }
  1057. }
  1058. if (remaining_bytes > io_parms->length)
  1059. req->RemainingBytes = cpu_to_le32(remaining_bytes);
  1060. else
  1061. req->RemainingBytes = 0;
  1062. iov[0].iov_base = (char *)req;
  1063. /* 4 for rfc1002 length field */
  1064. iov[0].iov_len = get_rfc1002_length(req) + 4;
  1065. return rc;
  1066. }
  1067. static void
  1068. smb2_readv_callback(struct mid_q_entry *mid)
  1069. {
  1070. struct cifs_readdata *rdata = mid->callback_data;
  1071. struct cifs_tcon *tcon = tlink_tcon(rdata->cfile->tlink);
  1072. struct TCP_Server_Info *server = tcon->ses->server;
  1073. struct smb2_hdr *buf = (struct smb2_hdr *)rdata->iov[0].iov_base;
  1074. unsigned int credits_received = 1;
  1075. cFYI(1, "%s: mid=%llu state=%d result=%d bytes=%u", __func__,
  1076. mid->mid, mid->mid_state, rdata->result, rdata->bytes);
  1077. switch (mid->mid_state) {
  1078. case MID_RESPONSE_RECEIVED:
  1079. credits_received = le16_to_cpu(buf->CreditRequest);
  1080. /* result already set, check signature */
  1081. /* if (server->sec_mode &
  1082. (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
  1083. if (smb2_verify_signature(mid->resp_buf, server))
  1084. cERROR(1, "Unexpected SMB signature"); */
  1085. /* FIXME: should this be counted toward the initiating task? */
  1086. task_io_account_read(rdata->bytes);
  1087. cifs_stats_bytes_read(tcon, rdata->bytes);
  1088. break;
  1089. case MID_REQUEST_SUBMITTED:
  1090. case MID_RETRY_NEEDED:
  1091. rdata->result = -EAGAIN;
  1092. break;
  1093. default:
  1094. if (rdata->result != -ENODATA)
  1095. rdata->result = -EIO;
  1096. }
  1097. if (rdata->result)
  1098. cifs_stats_fail_inc(tcon, SMB2_READ_HE);
  1099. queue_work(cifsiod_wq, &rdata->work);
  1100. DeleteMidQEntry(mid);
  1101. add_credits(server, credits_received, 0);
  1102. }
  1103. /* smb2_async_readv - send an async write, and set up mid to handle result */
  1104. int
  1105. smb2_async_readv(struct cifs_readdata *rdata)
  1106. {
  1107. int rc;
  1108. struct smb2_hdr *buf;
  1109. struct cifs_io_parms io_parms;
  1110. cFYI(1, "%s: offset=%llu bytes=%u", __func__,
  1111. rdata->offset, rdata->bytes);
  1112. io_parms.tcon = tlink_tcon(rdata->cfile->tlink);
  1113. io_parms.offset = rdata->offset;
  1114. io_parms.length = rdata->bytes;
  1115. io_parms.persistent_fid = rdata->cfile->fid.persistent_fid;
  1116. io_parms.volatile_fid = rdata->cfile->fid.volatile_fid;
  1117. io_parms.pid = rdata->pid;
  1118. rc = smb2_new_read_req(&rdata->iov[0], &io_parms, 0, 0);
  1119. if (rc)
  1120. return rc;
  1121. buf = (struct smb2_hdr *)rdata->iov[0].iov_base;
  1122. /* 4 for rfc1002 length field */
  1123. rdata->iov[0].iov_len = get_rfc1002_length(rdata->iov[0].iov_base) + 4;
  1124. kref_get(&rdata->refcount);
  1125. rc = cifs_call_async(io_parms.tcon->ses->server, rdata->iov, 1,
  1126. cifs_readv_receive, smb2_readv_callback,
  1127. rdata, 0);
  1128. if (rc)
  1129. kref_put(&rdata->refcount, cifs_readdata_release);
  1130. cifs_small_buf_release(buf);
  1131. return rc;
  1132. }
  1133. int
  1134. SMB2_read(const unsigned int xid, struct cifs_io_parms *io_parms,
  1135. unsigned int *nbytes, char **buf, int *buf_type)
  1136. {
  1137. int resp_buftype, rc = -EACCES;
  1138. struct smb2_read_rsp *rsp = NULL;
  1139. struct kvec iov[1];
  1140. *nbytes = 0;
  1141. rc = smb2_new_read_req(iov, io_parms, 0, 0);
  1142. if (rc)
  1143. return rc;
  1144. rc = SendReceive2(xid, io_parms->tcon->ses, iov, 1,
  1145. &resp_buftype, CIFS_LOG_ERROR);
  1146. rsp = (struct smb2_read_rsp *)iov[0].iov_base;
  1147. if (rsp->hdr.Status == STATUS_END_OF_FILE) {
  1148. free_rsp_buf(resp_buftype, iov[0].iov_base);
  1149. return 0;
  1150. }
  1151. if (rc) {
  1152. cifs_stats_fail_inc(io_parms->tcon, SMB2_READ_HE);
  1153. cERROR(1, "Send error in read = %d", rc);
  1154. } else {
  1155. *nbytes = le32_to_cpu(rsp->DataLength);
  1156. if ((*nbytes > CIFS_MAX_MSGSIZE) ||
  1157. (*nbytes > io_parms->length)) {
  1158. cFYI(1, "bad length %d for count %d", *nbytes,
  1159. io_parms->length);
  1160. rc = -EIO;
  1161. *nbytes = 0;
  1162. }
  1163. }
  1164. if (*buf) {
  1165. memcpy(*buf, (char *)rsp->hdr.ProtocolId + rsp->DataOffset,
  1166. *nbytes);
  1167. free_rsp_buf(resp_buftype, iov[0].iov_base);
  1168. } else if (resp_buftype != CIFS_NO_BUFFER) {
  1169. *buf = iov[0].iov_base;
  1170. if (resp_buftype == CIFS_SMALL_BUFFER)
  1171. *buf_type = CIFS_SMALL_BUFFER;
  1172. else if (resp_buftype == CIFS_LARGE_BUFFER)
  1173. *buf_type = CIFS_LARGE_BUFFER;
  1174. }
  1175. return rc;
  1176. }
  1177. /*
  1178. * Check the mid_state and signature on received buffer (if any), and queue the
  1179. * workqueue completion task.
  1180. */
  1181. static void
  1182. smb2_writev_callback(struct mid_q_entry *mid)
  1183. {
  1184. struct cifs_writedata *wdata = mid->callback_data;
  1185. struct cifs_tcon *tcon = tlink_tcon(wdata->cfile->tlink);
  1186. unsigned int written;
  1187. struct smb2_write_rsp *rsp = (struct smb2_write_rsp *)mid->resp_buf;
  1188. unsigned int credits_received = 1;
  1189. switch (mid->mid_state) {
  1190. case MID_RESPONSE_RECEIVED:
  1191. credits_received = le16_to_cpu(rsp->hdr.CreditRequest);
  1192. wdata->result = smb2_check_receive(mid, tcon->ses->server, 0);
  1193. if (wdata->result != 0)
  1194. break;
  1195. written = le32_to_cpu(rsp->DataLength);
  1196. /*
  1197. * Mask off high 16 bits when bytes written as returned
  1198. * by the server is greater than bytes requested by the
  1199. * client. OS/2 servers are known to set incorrect
  1200. * CountHigh values.
  1201. */
  1202. if (written > wdata->bytes)
  1203. written &= 0xFFFF;
  1204. if (written < wdata->bytes)
  1205. wdata->result = -ENOSPC;
  1206. else
  1207. wdata->bytes = written;
  1208. break;
  1209. case MID_REQUEST_SUBMITTED:
  1210. case MID_RETRY_NEEDED:
  1211. wdata->result = -EAGAIN;
  1212. break;
  1213. default:
  1214. wdata->result = -EIO;
  1215. break;
  1216. }
  1217. if (wdata->result)
  1218. cifs_stats_fail_inc(tcon, SMB2_WRITE_HE);
  1219. queue_work(cifsiod_wq, &wdata->work);
  1220. DeleteMidQEntry(mid);
  1221. add_credits(tcon->ses->server, credits_received, 0);
  1222. }
  1223. /* smb2_async_writev - send an async write, and set up mid to handle result */
  1224. int
  1225. smb2_async_writev(struct cifs_writedata *wdata)
  1226. {
  1227. int i, rc = -EACCES;
  1228. struct smb2_write_req *req = NULL;
  1229. struct cifs_tcon *tcon = tlink_tcon(wdata->cfile->tlink);
  1230. struct kvec *iov = NULL;
  1231. rc = small_smb2_init(SMB2_WRITE, tcon, (void **) &req);
  1232. if (rc)
  1233. goto async_writev_out;
  1234. /* 1 iov per page + 1 for header */
  1235. iov = kzalloc((wdata->nr_pages + 1) * sizeof(*iov), GFP_NOFS);
  1236. if (iov == NULL) {
  1237. rc = -ENOMEM;
  1238. goto async_writev_out;
  1239. }
  1240. req->hdr.ProcessId = cpu_to_le32(wdata->cfile->pid);
  1241. req->PersistentFileId = wdata->cfile->fid.persistent_fid;
  1242. req->VolatileFileId = wdata->cfile->fid.volatile_fid;
  1243. req->WriteChannelInfoOffset = 0;
  1244. req->WriteChannelInfoLength = 0;
  1245. req->Channel = 0;
  1246. req->Offset = cpu_to_le64(wdata->offset);
  1247. /* 4 for rfc1002 length field */
  1248. req->DataOffset = cpu_to_le16(
  1249. offsetof(struct smb2_write_req, Buffer) - 4);
  1250. req->RemainingBytes = 0;
  1251. /* 4 for rfc1002 length field and 1 for Buffer */
  1252. iov[0].iov_len = get_rfc1002_length(req) + 4 - 1;
  1253. iov[0].iov_base = (char *)req;
  1254. /*
  1255. * This function should marshal up the page array into the kvec
  1256. * array, reserving [0] for the header. It should kmap the pages
  1257. * and set the iov_len properly for each one. It may also set
  1258. * wdata->bytes too.
  1259. */
  1260. cifs_kmap_lock();
  1261. wdata->marshal_iov(iov, wdata);
  1262. cifs_kmap_unlock();
  1263. cFYI(1, "async write at %llu %u bytes", wdata->offset, wdata->bytes);
  1264. req->Length = cpu_to_le32(wdata->bytes);
  1265. inc_rfc1001_len(&req->hdr, wdata->bytes - 1 /* Buffer */);
  1266. kref_get(&wdata->refcount);
  1267. rc = cifs_call_async(tcon->ses->server, iov, wdata->nr_pages + 1,
  1268. NULL, smb2_writev_callback, wdata, 0);
  1269. if (rc)
  1270. kref_put(&wdata->refcount, cifs_writedata_release);
  1271. /* send is done, unmap pages */
  1272. for (i = 0; i < wdata->nr_pages; i++)
  1273. kunmap(wdata->pages[i]);
  1274. async_writev_out:
  1275. cifs_small_buf_release(req);
  1276. kfree(iov);
  1277. return rc;
  1278. }