]>
Commit | Line | Data |
---|---|---|
ec2e4523 PS |
1 | /* |
2 | * fs/cifs/smb2pdu.c | |
3 | * | |
4 | * Copyright (C) International Business Machines Corp., 2009, 2011 | |
5 | * Etersoft, 2012 | |
6 | * Author(s): Steve French (sfrench@us.ibm.com) | |
7 | * Pavel Shilovsky (pshilovsky@samba.org) 2012 | |
8 | * | |
9 | * Contains the routines for constructing the SMB2 PDUs themselves | |
10 | * | |
11 | * This library is free software; you can redistribute it and/or modify | |
12 | * it under the terms of the GNU Lesser General Public License as published | |
13 | * by the Free Software Foundation; either version 2.1 of the License, or | |
14 | * (at your option) any later version. | |
15 | * | |
16 | * This library is distributed in the hope that it will be useful, | |
17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See | |
19 | * the GNU Lesser General Public License for more details. | |
20 | * | |
21 | * You should have received a copy of the GNU Lesser General Public License | |
22 | * along with this library; if not, write to the Free Software | |
23 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
24 | */ | |
25 | ||
26 | /* SMB2 PDU handling routines here - except for leftovers (eg session setup) */ | |
27 | /* Note that there are handle based routines which must be */ | |
28 | /* treated slightly differently for reconnection purposes since we never */ | |
29 | /* want to reuse a stale file handle and only the caller knows the file info */ | |
30 | ||
31 | #include <linux/fs.h> | |
32 | #include <linux/kernel.h> | |
33 | #include <linux/vfs.h> | |
34 | #include <linux/uaccess.h> | |
35 | #include <linux/xattr.h> | |
36 | #include "smb2pdu.h" | |
37 | #include "cifsglob.h" | |
38 | #include "cifsacl.h" | |
39 | #include "cifsproto.h" | |
40 | #include "smb2proto.h" | |
41 | #include "cifs_unicode.h" | |
42 | #include "cifs_debug.h" | |
43 | #include "ntlmssp.h" | |
44 | #include "smb2status.h" | |
45 | ||
46 | /* | |
47 | * The following table defines the expected "StructureSize" of SMB2 requests | |
48 | * in order by SMB2 command. This is similar to "wct" in SMB/CIFS requests. | |
49 | * | |
50 | * Note that commands are defined in smb2pdu.h in le16 but the array below is | |
51 | * indexed by command in host byte order. | |
52 | */ | |
53 | static const int smb2_req_struct_sizes[NUMBER_OF_SMB2_COMMANDS] = { | |
54 | /* SMB2_NEGOTIATE */ 36, | |
55 | /* SMB2_SESSION_SETUP */ 25, | |
56 | /* SMB2_LOGOFF */ 4, | |
57 | /* SMB2_TREE_CONNECT */ 9, | |
58 | /* SMB2_TREE_DISCONNECT */ 4, | |
59 | /* SMB2_CREATE */ 57, | |
60 | /* SMB2_CLOSE */ 24, | |
61 | /* SMB2_FLUSH */ 24, | |
62 | /* SMB2_READ */ 49, | |
63 | /* SMB2_WRITE */ 49, | |
64 | /* SMB2_LOCK */ 48, | |
65 | /* SMB2_IOCTL */ 57, | |
66 | /* SMB2_CANCEL */ 4, | |
67 | /* SMB2_ECHO */ 4, | |
68 | /* SMB2_QUERY_DIRECTORY */ 33, | |
69 | /* SMB2_CHANGE_NOTIFY */ 32, | |
70 | /* SMB2_QUERY_INFO */ 41, | |
71 | /* SMB2_SET_INFO */ 33, | |
72 | /* SMB2_OPLOCK_BREAK */ 24 /* BB this is 36 for LEASE_BREAK variant */ | |
73 | }; | |
74 | ||
75 | ||
76 | static void | |
77 | smb2_hdr_assemble(struct smb2_hdr *hdr, __le16 smb2_cmd /* command */ , | |
78 | const struct cifs_tcon *tcon) | |
79 | { | |
80 | struct smb2_pdu *pdu = (struct smb2_pdu *)hdr; | |
81 | char *temp = (char *)hdr; | |
82 | /* lookup word count ie StructureSize from table */ | |
83 | __u16 parmsize = smb2_req_struct_sizes[le16_to_cpu(smb2_cmd)]; | |
84 | ||
85 | /* | |
86 | * smaller than SMALL_BUFFER_SIZE but bigger than fixed area of | |
87 | * largest operations (Create) | |
88 | */ | |
89 | memset(temp, 0, 256); | |
90 | ||
91 | /* Note this is only network field converted to big endian */ | |
92 | hdr->smb2_buf_length = cpu_to_be32(parmsize + sizeof(struct smb2_hdr) | |
93 | - 4 /* RFC 1001 length field itself not counted */); | |
94 | ||
95 | hdr->ProtocolId[0] = 0xFE; | |
96 | hdr->ProtocolId[1] = 'S'; | |
97 | hdr->ProtocolId[2] = 'M'; | |
98 | hdr->ProtocolId[3] = 'B'; | |
99 | hdr->StructureSize = cpu_to_le16(64); | |
100 | hdr->Command = smb2_cmd; | |
101 | hdr->CreditRequest = cpu_to_le16(2); /* BB make this dynamic */ | |
102 | hdr->ProcessId = cpu_to_le32((__u16)current->tgid); | |
103 | ||
104 | if (!tcon) | |
105 | goto out; | |
106 | ||
107 | hdr->TreeId = tcon->tid; | |
108 | /* Uid is not converted */ | |
109 | if (tcon->ses) | |
110 | hdr->SessionId = tcon->ses->Suid; | |
111 | /* BB check following DFS flags BB */ | |
112 | /* BB do we have to add check for SHI1005_FLAGS_DFS_ROOT too? */ | |
faaf946a PS |
113 | if (tcon->share_flags & SHI1005_FLAGS_DFS) |
114 | hdr->Flags |= SMB2_FLAGS_DFS_OPERATIONS; | |
ec2e4523 PS |
115 | /* BB how does SMB2 do case sensitive? */ |
116 | /* if (tcon->nocase) | |
117 | hdr->Flags |= SMBFLG_CASELESS; */ | |
118 | /* if (tcon->ses && tcon->ses->server && | |
119 | (tcon->ses->server->sec_mode & SECMODE_SIGN_REQUIRED)) | |
120 | hdr->Flags |= SMB2_FLAGS_SIGNED; */ | |
121 | out: | |
122 | pdu->StructureSize2 = cpu_to_le16(parmsize); | |
123 | return; | |
124 | } | |
125 | ||
126 | static int | |
127 | smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon) | |
128 | { | |
129 | int rc = 0; | |
aa24d1e9 PS |
130 | struct nls_table *nls_codepage; |
131 | struct cifs_ses *ses; | |
132 | struct TCP_Server_Info *server; | |
133 | ||
134 | /* | |
135 | * SMB2s NegProt, SessSetup, Logoff do not have tcon yet so | |
136 | * check for tcp and smb session status done differently | |
137 | * for those three - in the calling routine. | |
138 | */ | |
139 | if (tcon == NULL) | |
140 | return rc; | |
141 | ||
142 | if (smb2_command == SMB2_TREE_CONNECT) | |
143 | return rc; | |
144 | ||
145 | if (tcon->tidStatus == CifsExiting) { | |
146 | /* | |
147 | * only tree disconnect, open, and write, | |
148 | * (and ulogoff which does not have tcon) | |
149 | * are allowed as we start force umount. | |
150 | */ | |
151 | if ((smb2_command != SMB2_WRITE) && | |
152 | (smb2_command != SMB2_CREATE) && | |
153 | (smb2_command != SMB2_TREE_DISCONNECT)) { | |
154 | cFYI(1, "can not send cmd %d while umounting", | |
155 | smb2_command); | |
156 | return -ENODEV; | |
157 | } | |
158 | } | |
159 | if ((!tcon->ses) || (tcon->ses->status == CifsExiting) || | |
160 | (!tcon->ses->server)) | |
161 | return -EIO; | |
162 | ||
163 | ses = tcon->ses; | |
164 | server = ses->server; | |
165 | ||
166 | /* | |
167 | * Give demultiplex thread up to 10 seconds to reconnect, should be | |
168 | * greater than cifs socket timeout which is 7 seconds | |
169 | */ | |
170 | while (server->tcpStatus == CifsNeedReconnect) { | |
171 | /* | |
172 | * Return to caller for TREE_DISCONNECT and LOGOFF and CLOSE | |
173 | * here since they are implicitly done when session drops. | |
174 | */ | |
175 | switch (smb2_command) { | |
176 | /* | |
177 | * BB Should we keep oplock break and add flush to exceptions? | |
178 | */ | |
179 | case SMB2_TREE_DISCONNECT: | |
180 | case SMB2_CANCEL: | |
181 | case SMB2_CLOSE: | |
182 | case SMB2_OPLOCK_BREAK: | |
183 | return -EAGAIN; | |
184 | } | |
185 | ||
186 | wait_event_interruptible_timeout(server->response_q, | |
187 | (server->tcpStatus != CifsNeedReconnect), 10 * HZ); | |
188 | ||
189 | /* are we still trying to reconnect? */ | |
190 | if (server->tcpStatus != CifsNeedReconnect) | |
191 | break; | |
192 | ||
193 | /* | |
194 | * on "soft" mounts we wait once. Hard mounts keep | |
195 | * retrying until process is killed or server comes | |
196 | * back on-line | |
197 | */ | |
198 | if (!tcon->retry) { | |
199 | cFYI(1, "gave up waiting on reconnect in smb_init"); | |
200 | return -EHOSTDOWN; | |
201 | } | |
202 | } | |
203 | ||
204 | if (!tcon->ses->need_reconnect && !tcon->need_reconnect) | |
205 | return rc; | |
206 | ||
207 | nls_codepage = load_nls_default(); | |
208 | ||
209 | /* | |
210 | * need to prevent multiple threads trying to simultaneously reconnect | |
211 | * the same SMB session | |
212 | */ | |
213 | mutex_lock(&tcon->ses->session_mutex); | |
214 | rc = cifs_negotiate_protocol(0, tcon->ses); | |
215 | if (!rc && tcon->ses->need_reconnect) | |
216 | rc = cifs_setup_session(0, tcon->ses, nls_codepage); | |
217 | ||
218 | if (rc || !tcon->need_reconnect) { | |
219 | mutex_unlock(&tcon->ses->session_mutex); | |
220 | goto out; | |
221 | } | |
222 | ||
223 | cifs_mark_open_files_invalid(tcon); | |
224 | rc = SMB2_tcon(0, tcon->ses, tcon->treeName, tcon, nls_codepage); | |
225 | mutex_unlock(&tcon->ses->session_mutex); | |
226 | cFYI(1, "reconnect tcon rc = %d", rc); | |
227 | if (rc) | |
228 | goto out; | |
229 | atomic_inc(&tconInfoReconnectCount); | |
230 | /* | |
231 | * BB FIXME add code to check if wsize needs update due to negotiated | |
232 | * smb buffer size shrinking. | |
233 | */ | |
234 | out: | |
235 | /* | |
236 | * Check if handle based operation so we know whether we can continue | |
237 | * or not without returning to caller to reset file handle. | |
238 | */ | |
239 | /* | |
240 | * BB Is flush done by server on drop of tcp session? Should we special | |
241 | * case it and skip above? | |
242 | */ | |
243 | switch (smb2_command) { | |
244 | case SMB2_FLUSH: | |
245 | case SMB2_READ: | |
246 | case SMB2_WRITE: | |
247 | case SMB2_LOCK: | |
248 | case SMB2_IOCTL: | |
249 | case SMB2_QUERY_DIRECTORY: | |
250 | case SMB2_CHANGE_NOTIFY: | |
251 | case SMB2_QUERY_INFO: | |
252 | case SMB2_SET_INFO: | |
253 | return -EAGAIN; | |
254 | } | |
255 | unload_nls(nls_codepage); | |
ec2e4523 PS |
256 | return rc; |
257 | } | |
258 | ||
259 | /* | |
260 | * Allocate and return pointer to an SMB request hdr, and set basic | |
261 | * SMB information in the SMB header. If the return code is zero, this | |
262 | * function must have filled in request_buf pointer. | |
263 | */ | |
264 | static int | |
265 | small_smb2_init(__le16 smb2_command, struct cifs_tcon *tcon, | |
266 | void **request_buf) | |
267 | { | |
268 | int rc = 0; | |
269 | ||
270 | rc = smb2_reconnect(smb2_command, tcon); | |
271 | if (rc) | |
272 | return rc; | |
273 | ||
274 | /* BB eventually switch this to SMB2 specific small buf size */ | |
275 | *request_buf = cifs_small_buf_get(); | |
276 | if (*request_buf == NULL) { | |
277 | /* BB should we add a retry in here if not a writepage? */ | |
278 | return -ENOMEM; | |
279 | } | |
280 | ||
281 | smb2_hdr_assemble((struct smb2_hdr *) *request_buf, smb2_command, tcon); | |
282 | ||
283 | if (tcon != NULL) { | |
284 | #ifdef CONFIG_CIFS_STATS2 | |
ec2e4523 PS |
285 | uint16_t com_code = le16_to_cpu(smb2_command); |
286 | cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_sent[com_code]); | |
ec2e4523 PS |
287 | #endif |
288 | cifs_stats_inc(&tcon->num_smbs_sent); | |
289 | } | |
290 | ||
291 | return rc; | |
292 | } | |
293 | ||
294 | static void | |
295 | free_rsp_buf(int resp_buftype, void *rsp) | |
296 | { | |
297 | if (resp_buftype == CIFS_SMALL_BUFFER) | |
298 | cifs_small_buf_release(rsp); | |
299 | else if (resp_buftype == CIFS_LARGE_BUFFER) | |
300 | cifs_buf_release(rsp); | |
301 | } | |
302 | ||
303 | #define SMB2_NUM_PROT 1 | |
304 | ||
305 | #define SMB2_PROT 0 | |
306 | #define SMB21_PROT 1 | |
307 | #define BAD_PROT 0xFFFF | |
308 | ||
309 | #define SMB2_PROT_ID 0x0202 | |
310 | #define SMB21_PROT_ID 0x0210 | |
311 | #define BAD_PROT_ID 0xFFFF | |
312 | ||
313 | static struct { | |
314 | int index; | |
315 | __le16 name; | |
316 | } smb2protocols[] = { | |
317 | {SMB2_PROT, cpu_to_le16(SMB2_PROT_ID)}, | |
318 | {SMB21_PROT, cpu_to_le16(SMB21_PROT_ID)}, | |
319 | {BAD_PROT, cpu_to_le16(BAD_PROT_ID)} | |
320 | }; | |
321 | ||
322 | /* | |
323 | * | |
324 | * SMB2 Worker functions follow: | |
325 | * | |
326 | * The general structure of the worker functions is: | |
327 | * 1) Call smb2_init (assembles SMB2 header) | |
328 | * 2) Initialize SMB2 command specific fields in fixed length area of SMB | |
329 | * 3) Call smb_sendrcv2 (sends request on socket and waits for response) | |
330 | * 4) Decode SMB2 command specific fields in the fixed length area | |
331 | * 5) Decode variable length data area (if any for this SMB2 command type) | |
332 | * 6) Call free smb buffer | |
333 | * 7) return | |
334 | * | |
335 | */ | |
336 | ||
337 | int | |
338 | SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses) | |
339 | { | |
340 | struct smb2_negotiate_req *req; | |
341 | struct smb2_negotiate_rsp *rsp; | |
342 | struct kvec iov[1]; | |
343 | int rc = 0; | |
344 | int resp_buftype; | |
345 | struct TCP_Server_Info *server; | |
346 | unsigned int sec_flags; | |
347 | u16 i; | |
348 | u16 temp = 0; | |
349 | int blob_offset, blob_length; | |
350 | char *security_blob; | |
351 | int flags = CIFS_NEG_OP; | |
352 | ||
353 | cFYI(1, "Negotiate protocol"); | |
354 | ||
355 | if (ses->server) | |
356 | server = ses->server; | |
357 | else { | |
358 | rc = -EIO; | |
359 | return rc; | |
360 | } | |
361 | ||
362 | rc = small_smb2_init(SMB2_NEGOTIATE, NULL, (void **) &req); | |
363 | if (rc) | |
364 | return rc; | |
365 | ||
366 | /* if any of auth flags (ie not sign or seal) are overriden use them */ | |
367 | if (ses->overrideSecFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL))) | |
368 | sec_flags = ses->overrideSecFlg; /* BB FIXME fix sign flags?*/ | |
369 | else /* if override flags set only sign/seal OR them with global auth */ | |
370 | sec_flags = global_secflags | ses->overrideSecFlg; | |
371 | ||
372 | cFYI(1, "sec_flags 0x%x", sec_flags); | |
373 | ||
374 | req->hdr.SessionId = 0; | |
375 | ||
376 | for (i = 0; i < SMB2_NUM_PROT; i++) | |
377 | req->Dialects[i] = smb2protocols[i].name; | |
378 | ||
379 | req->DialectCount = cpu_to_le16(i); | |
380 | inc_rfc1001_len(req, i * 2); | |
381 | ||
382 | /* only one of SMB2 signing flags may be set in SMB2 request */ | |
383 | if ((sec_flags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) | |
384 | temp = SMB2_NEGOTIATE_SIGNING_REQUIRED; | |
385 | else if (sec_flags & CIFSSEC_MAY_SIGN) /* MAY_SIGN is a single flag */ | |
386 | temp = SMB2_NEGOTIATE_SIGNING_ENABLED; | |
387 | ||
388 | req->SecurityMode = cpu_to_le16(temp); | |
389 | ||
390 | req->Capabilities = cpu_to_le32(SMB2_GLOBAL_CAP_DFS); | |
391 | ||
392 | iov[0].iov_base = (char *)req; | |
393 | /* 4 for rfc1002 length field */ | |
394 | iov[0].iov_len = get_rfc1002_length(req) + 4; | |
395 | ||
396 | rc = SendReceive2(xid, ses, iov, 1, &resp_buftype, flags); | |
397 | ||
398 | rsp = (struct smb2_negotiate_rsp *)iov[0].iov_base; | |
399 | /* | |
400 | * No tcon so can't do | |
401 | * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]); | |
402 | */ | |
403 | if (rc != 0) | |
404 | goto neg_exit; | |
405 | ||
406 | if (rsp == NULL) { | |
407 | rc = -EIO; | |
408 | goto neg_exit; | |
409 | } | |
410 | ||
411 | cFYI(1, "mode 0x%x", rsp->SecurityMode); | |
412 | ||
413 | if (rsp->DialectRevision == smb2protocols[SMB21_PROT].name) | |
414 | cFYI(1, "negotiated smb2.1 dialect"); | |
415 | else if (rsp->DialectRevision == smb2protocols[SMB2_PROT].name) | |
416 | cFYI(1, "negotiated smb2 dialect"); | |
417 | else { | |
418 | cERROR(1, "Illegal dialect returned by server %d", | |
419 | le16_to_cpu(rsp->DialectRevision)); | |
420 | rc = -EIO; | |
421 | goto neg_exit; | |
422 | } | |
423 | server->dialect = le16_to_cpu(rsp->DialectRevision); | |
424 | ||
425 | server->maxBuf = le32_to_cpu(rsp->MaxTransactSize); | |
426 | server->max_read = le32_to_cpu(rsp->MaxReadSize); | |
427 | server->max_write = le32_to_cpu(rsp->MaxWriteSize); | |
428 | /* BB Do we need to validate the SecurityMode? */ | |
429 | server->sec_mode = le16_to_cpu(rsp->SecurityMode); | |
430 | server->capabilities = le32_to_cpu(rsp->Capabilities); | |
431 | ||
432 | security_blob = smb2_get_data_area_len(&blob_offset, &blob_length, | |
433 | &rsp->hdr); | |
434 | if (blob_length == 0) { | |
435 | cERROR(1, "missing security blob on negprot"); | |
436 | rc = -EIO; | |
437 | goto neg_exit; | |
438 | } | |
439 | #ifdef CONFIG_SMB2_ASN1 /* BB REMOVEME when updated asn1.c ready */ | |
440 | rc = decode_neg_token_init(security_blob, blob_length, | |
441 | &server->sec_type); | |
442 | if (rc == 1) | |
443 | rc = 0; | |
444 | else if (rc == 0) { | |
445 | rc = -EIO; | |
446 | goto neg_exit; | |
447 | } | |
448 | #endif | |
449 | ||
450 | neg_exit: | |
451 | free_rsp_buf(resp_buftype, rsp); | |
452 | return rc; | |
453 | } | |
5478f9ba PS |
454 | |
455 | int | |
456 | SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses, | |
457 | const struct nls_table *nls_cp) | |
458 | { | |
459 | struct smb2_sess_setup_req *req; | |
460 | struct smb2_sess_setup_rsp *rsp = NULL; | |
461 | struct kvec iov[2]; | |
462 | int rc = 0; | |
463 | int resp_buftype; | |
464 | __le32 phase = NtLmNegotiate; /* NTLMSSP, if needed, is multistage */ | |
465 | struct TCP_Server_Info *server; | |
466 | unsigned int sec_flags; | |
467 | u8 temp = 0; | |
468 | u16 blob_length = 0; | |
469 | char *security_blob; | |
470 | char *ntlmssp_blob = NULL; | |
471 | bool use_spnego = false; /* else use raw ntlmssp */ | |
472 | ||
473 | cFYI(1, "Session Setup"); | |
474 | ||
475 | if (ses->server) | |
476 | server = ses->server; | |
477 | else { | |
478 | rc = -EIO; | |
479 | return rc; | |
480 | } | |
481 | ||
482 | /* | |
483 | * If memory allocation is successful, caller of this function | |
484 | * frees it. | |
485 | */ | |
486 | ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL); | |
487 | if (!ses->ntlmssp) | |
488 | return -ENOMEM; | |
489 | ||
490 | ses->server->secType = RawNTLMSSP; | |
491 | ||
492 | ssetup_ntlmssp_authenticate: | |
493 | if (phase == NtLmChallenge) | |
494 | phase = NtLmAuthenticate; /* if ntlmssp, now final phase */ | |
495 | ||
496 | rc = small_smb2_init(SMB2_SESSION_SETUP, NULL, (void **) &req); | |
497 | if (rc) | |
498 | return rc; | |
499 | ||
500 | /* if any of auth flags (ie not sign or seal) are overriden use them */ | |
501 | if (ses->overrideSecFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL))) | |
502 | sec_flags = ses->overrideSecFlg; /* BB FIXME fix sign flags?*/ | |
503 | else /* if override flags set only sign/seal OR them with global auth */ | |
504 | sec_flags = global_secflags | ses->overrideSecFlg; | |
505 | ||
506 | cFYI(1, "sec_flags 0x%x", sec_flags); | |
507 | ||
508 | req->hdr.SessionId = 0; /* First session, not a reauthenticate */ | |
509 | req->VcNumber = 0; /* MBZ */ | |
510 | /* to enable echos and oplocks */ | |
511 | req->hdr.CreditRequest = cpu_to_le16(3); | |
512 | ||
513 | /* only one of SMB2 signing flags may be set in SMB2 request */ | |
514 | if ((sec_flags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) | |
515 | temp = SMB2_NEGOTIATE_SIGNING_REQUIRED; | |
516 | else if (ses->server->sec_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) | |
517 | temp = SMB2_NEGOTIATE_SIGNING_REQUIRED; | |
518 | else if (sec_flags & CIFSSEC_MAY_SIGN) /* MAY_SIGN is a single flag */ | |
519 | temp = SMB2_NEGOTIATE_SIGNING_ENABLED; | |
520 | ||
521 | req->SecurityMode = temp; | |
522 | req->Capabilities = 0; | |
523 | req->Channel = 0; /* MBZ */ | |
524 | ||
525 | iov[0].iov_base = (char *)req; | |
526 | /* 4 for rfc1002 length field and 1 for pad */ | |
527 | iov[0].iov_len = get_rfc1002_length(req) + 4 - 1; | |
528 | if (phase == NtLmNegotiate) { | |
529 | ntlmssp_blob = kmalloc(sizeof(struct _NEGOTIATE_MESSAGE), | |
530 | GFP_KERNEL); | |
531 | if (ntlmssp_blob == NULL) { | |
532 | rc = -ENOMEM; | |
533 | goto ssetup_exit; | |
534 | } | |
535 | build_ntlmssp_negotiate_blob(ntlmssp_blob, ses); | |
536 | if (use_spnego) { | |
537 | /* blob_length = build_spnego_ntlmssp_blob( | |
538 | &security_blob, | |
539 | sizeof(struct _NEGOTIATE_MESSAGE), | |
540 | ntlmssp_blob); */ | |
541 | /* BB eventually need to add this */ | |
542 | cERROR(1, "spnego not supported for SMB2 yet"); | |
543 | rc = -EOPNOTSUPP; | |
544 | kfree(ntlmssp_blob); | |
545 | goto ssetup_exit; | |
546 | } else { | |
547 | blob_length = sizeof(struct _NEGOTIATE_MESSAGE); | |
548 | /* with raw NTLMSSP we don't encapsulate in SPNEGO */ | |
549 | security_blob = ntlmssp_blob; | |
550 | } | |
551 | } else if (phase == NtLmAuthenticate) { | |
552 | req->hdr.SessionId = ses->Suid; | |
553 | ntlmssp_blob = kzalloc(sizeof(struct _NEGOTIATE_MESSAGE) + 500, | |
554 | GFP_KERNEL); | |
555 | if (ntlmssp_blob == NULL) { | |
556 | cERROR(1, "failed to malloc ntlmssp blob"); | |
557 | rc = -ENOMEM; | |
558 | goto ssetup_exit; | |
559 | } | |
560 | rc = build_ntlmssp_auth_blob(ntlmssp_blob, &blob_length, ses, | |
561 | nls_cp); | |
562 | if (rc) { | |
563 | cFYI(1, "build_ntlmssp_auth_blob failed %d", rc); | |
564 | goto ssetup_exit; /* BB double check error handling */ | |
565 | } | |
566 | if (use_spnego) { | |
567 | /* blob_length = build_spnego_ntlmssp_blob( | |
568 | &security_blob, | |
569 | blob_length, | |
570 | ntlmssp_blob); */ | |
571 | cERROR(1, "spnego not supported for SMB2 yet"); | |
572 | rc = -EOPNOTSUPP; | |
573 | kfree(ntlmssp_blob); | |
574 | goto ssetup_exit; | |
575 | } else { | |
576 | security_blob = ntlmssp_blob; | |
577 | } | |
578 | } else { | |
579 | cERROR(1, "illegal ntlmssp phase"); | |
580 | rc = -EIO; | |
581 | goto ssetup_exit; | |
582 | } | |
583 | ||
584 | /* Testing shows that buffer offset must be at location of Buffer[0] */ | |
585 | req->SecurityBufferOffset = | |
586 | cpu_to_le16(sizeof(struct smb2_sess_setup_req) - | |
587 | 1 /* pad */ - 4 /* rfc1001 len */); | |
588 | req->SecurityBufferLength = cpu_to_le16(blob_length); | |
589 | iov[1].iov_base = security_blob; | |
590 | iov[1].iov_len = blob_length; | |
591 | ||
592 | inc_rfc1001_len(req, blob_length - 1 /* pad */); | |
593 | ||
594 | /* BB add code to build os and lm fields */ | |
595 | ||
596 | rc = SendReceive2(xid, ses, iov, 2, &resp_buftype, CIFS_LOG_ERROR); | |
597 | ||
598 | kfree(security_blob); | |
599 | rsp = (struct smb2_sess_setup_rsp *)iov[0].iov_base; | |
600 | if (rsp->hdr.Status == STATUS_MORE_PROCESSING_REQUIRED) { | |
601 | if (phase != NtLmNegotiate) { | |
602 | cERROR(1, "Unexpected more processing error"); | |
603 | goto ssetup_exit; | |
604 | } | |
605 | if (offsetof(struct smb2_sess_setup_rsp, Buffer) - 4 != | |
606 | le16_to_cpu(rsp->SecurityBufferOffset)) { | |
607 | cERROR(1, "Invalid security buffer offset %d", | |
608 | le16_to_cpu(rsp->SecurityBufferOffset)); | |
609 | rc = -EIO; | |
610 | goto ssetup_exit; | |
611 | } | |
612 | ||
613 | /* NTLMSSP Negotiate sent now processing challenge (response) */ | |
614 | phase = NtLmChallenge; /* process ntlmssp challenge */ | |
615 | rc = 0; /* MORE_PROCESSING is not an error here but expected */ | |
616 | ses->Suid = rsp->hdr.SessionId; | |
617 | rc = decode_ntlmssp_challenge(rsp->Buffer, | |
618 | le16_to_cpu(rsp->SecurityBufferLength), ses); | |
619 | } | |
620 | ||
621 | /* | |
622 | * BB eventually add code for SPNEGO decoding of NtlmChallenge blob, | |
623 | * but at least the raw NTLMSSP case works. | |
624 | */ | |
625 | /* | |
626 | * No tcon so can't do | |
627 | * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]); | |
628 | */ | |
629 | if (rc != 0) | |
630 | goto ssetup_exit; | |
631 | ||
632 | if (rsp == NULL) { | |
633 | rc = -EIO; | |
634 | goto ssetup_exit; | |
635 | } | |
636 | ||
637 | ses->session_flags = le16_to_cpu(rsp->SessionFlags); | |
638 | ssetup_exit: | |
639 | free_rsp_buf(resp_buftype, rsp); | |
640 | ||
641 | /* if ntlmssp, and negotiate succeeded, proceed to authenticate phase */ | |
642 | if ((phase == NtLmChallenge) && (rc == 0)) | |
643 | goto ssetup_ntlmssp_authenticate; | |
644 | return rc; | |
645 | } | |
646 | ||
647 | int | |
648 | SMB2_logoff(const unsigned int xid, struct cifs_ses *ses) | |
649 | { | |
650 | struct smb2_logoff_req *req; /* response is also trivial struct */ | |
651 | int rc = 0; | |
652 | struct TCP_Server_Info *server; | |
653 | ||
654 | cFYI(1, "disconnect session %p", ses); | |
655 | ||
656 | if (ses && (ses->server)) | |
657 | server = ses->server; | |
658 | else | |
659 | return -EIO; | |
660 | ||
661 | rc = small_smb2_init(SMB2_LOGOFF, NULL, (void **) &req); | |
662 | if (rc) | |
663 | return rc; | |
664 | ||
665 | /* since no tcon, smb2_init can not do this, so do here */ | |
666 | req->hdr.SessionId = ses->Suid; | |
667 | ||
668 | rc = SendReceiveNoRsp(xid, ses, (char *) &req->hdr, 0); | |
669 | /* | |
670 | * No tcon so can't do | |
671 | * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]); | |
672 | */ | |
673 | return rc; | |
674 | } | |
faaf946a PS |
675 | |
676 | static inline void cifs_stats_fail_inc(struct cifs_tcon *tcon, uint16_t code) | |
677 | { | |
d60622eb | 678 | cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_failed[code]); |
faaf946a PS |
679 | } |
680 | ||
681 | #define MAX_SHARENAME_LENGTH (255 /* server */ + 80 /* share */ + 1 /* NULL */) | |
682 | ||
683 | int | |
684 | SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree, | |
685 | struct cifs_tcon *tcon, const struct nls_table *cp) | |
686 | { | |
687 | struct smb2_tree_connect_req *req; | |
688 | struct smb2_tree_connect_rsp *rsp = NULL; | |
689 | struct kvec iov[2]; | |
690 | int rc = 0; | |
691 | int resp_buftype; | |
692 | int unc_path_len; | |
693 | struct TCP_Server_Info *server; | |
694 | __le16 *unc_path = NULL; | |
695 | ||
696 | cFYI(1, "TCON"); | |
697 | ||
698 | if ((ses->server) && tree) | |
699 | server = ses->server; | |
700 | else | |
701 | return -EIO; | |
702 | ||
703 | if (tcon && tcon->bad_network_name) | |
704 | return -ENOENT; | |
705 | ||
706 | unc_path = kmalloc(MAX_SHARENAME_LENGTH * 2, GFP_KERNEL); | |
707 | if (unc_path == NULL) | |
708 | return -ENOMEM; | |
709 | ||
710 | unc_path_len = cifs_strtoUTF16(unc_path, tree, strlen(tree), cp) + 1; | |
711 | unc_path_len *= 2; | |
712 | if (unc_path_len < 2) { | |
713 | kfree(unc_path); | |
714 | return -EINVAL; | |
715 | } | |
716 | ||
717 | rc = small_smb2_init(SMB2_TREE_CONNECT, tcon, (void **) &req); | |
718 | if (rc) { | |
719 | kfree(unc_path); | |
720 | return rc; | |
721 | } | |
722 | ||
723 | if (tcon == NULL) { | |
724 | /* since no tcon, smb2_init can not do this, so do here */ | |
725 | req->hdr.SessionId = ses->Suid; | |
726 | /* if (ses->server->sec_mode & SECMODE_SIGN_REQUIRED) | |
727 | req->hdr.Flags |= SMB2_FLAGS_SIGNED; */ | |
728 | } | |
729 | ||
730 | iov[0].iov_base = (char *)req; | |
731 | /* 4 for rfc1002 length field and 1 for pad */ | |
732 | iov[0].iov_len = get_rfc1002_length(req) + 4 - 1; | |
733 | ||
734 | /* Testing shows that buffer offset must be at location of Buffer[0] */ | |
735 | req->PathOffset = cpu_to_le16(sizeof(struct smb2_tree_connect_req) | |
736 | - 1 /* pad */ - 4 /* do not count rfc1001 len field */); | |
737 | req->PathLength = cpu_to_le16(unc_path_len - 2); | |
738 | iov[1].iov_base = unc_path; | |
739 | iov[1].iov_len = unc_path_len; | |
740 | ||
741 | inc_rfc1001_len(req, unc_path_len - 1 /* pad */); | |
742 | ||
743 | rc = SendReceive2(xid, ses, iov, 2, &resp_buftype, 0); | |
744 | rsp = (struct smb2_tree_connect_rsp *)iov[0].iov_base; | |
745 | ||
746 | if (rc != 0) { | |
747 | if (tcon) { | |
748 | cifs_stats_fail_inc(tcon, SMB2_TREE_CONNECT_HE); | |
749 | tcon->need_reconnect = true; | |
750 | } | |
751 | goto tcon_error_exit; | |
752 | } | |
753 | ||
754 | if (rsp == NULL) { | |
755 | rc = -EIO; | |
756 | goto tcon_exit; | |
757 | } | |
758 | ||
759 | if (tcon == NULL) { | |
760 | ses->ipc_tid = rsp->hdr.TreeId; | |
761 | goto tcon_exit; | |
762 | } | |
763 | ||
764 | if (rsp->ShareType & SMB2_SHARE_TYPE_DISK) | |
765 | cFYI(1, "connection to disk share"); | |
766 | else if (rsp->ShareType & SMB2_SHARE_TYPE_PIPE) { | |
767 | tcon->ipc = true; | |
768 | cFYI(1, "connection to pipe share"); | |
769 | } else if (rsp->ShareType & SMB2_SHARE_TYPE_PRINT) { | |
770 | tcon->print = true; | |
771 | cFYI(1, "connection to printer"); | |
772 | } else { | |
773 | cERROR(1, "unknown share type %d", rsp->ShareType); | |
774 | rc = -EOPNOTSUPP; | |
775 | goto tcon_error_exit; | |
776 | } | |
777 | ||
778 | tcon->share_flags = le32_to_cpu(rsp->ShareFlags); | |
779 | tcon->maximal_access = le32_to_cpu(rsp->MaximalAccess); | |
780 | tcon->tidStatus = CifsGood; | |
781 | tcon->need_reconnect = false; | |
782 | tcon->tid = rsp->hdr.TreeId; | |
783 | strncpy(tcon->treeName, tree, MAX_TREE_SIZE); | |
784 | ||
785 | if ((rsp->Capabilities & SMB2_SHARE_CAP_DFS) && | |
786 | ((tcon->share_flags & SHI1005_FLAGS_DFS) == 0)) | |
787 | cERROR(1, "DFS capability contradicts DFS flag"); | |
788 | ||
789 | tcon_exit: | |
790 | free_rsp_buf(resp_buftype, rsp); | |
791 | kfree(unc_path); | |
792 | return rc; | |
793 | ||
794 | tcon_error_exit: | |
795 | if (rsp->hdr.Status == STATUS_BAD_NETWORK_NAME) { | |
796 | cERROR(1, "BAD_NETWORK_NAME: %s", tree); | |
797 | tcon->bad_network_name = true; | |
798 | } | |
799 | goto tcon_exit; | |
800 | } | |
801 | ||
802 | int | |
803 | SMB2_tdis(const unsigned int xid, struct cifs_tcon *tcon) | |
804 | { | |
805 | struct smb2_tree_disconnect_req *req; /* response is trivial */ | |
806 | int rc = 0; | |
807 | struct TCP_Server_Info *server; | |
808 | struct cifs_ses *ses = tcon->ses; | |
809 | ||
810 | cFYI(1, "Tree Disconnect"); | |
811 | ||
812 | if (ses && (ses->server)) | |
813 | server = ses->server; | |
814 | else | |
815 | return -EIO; | |
816 | ||
817 | if ((tcon->need_reconnect) || (tcon->ses->need_reconnect)) | |
818 | return 0; | |
819 | ||
820 | rc = small_smb2_init(SMB2_TREE_DISCONNECT, tcon, (void **) &req); | |
821 | if (rc) | |
822 | return rc; | |
823 | ||
824 | rc = SendReceiveNoRsp(xid, ses, (char *)&req->hdr, 0); | |
825 | if (rc) | |
826 | cifs_stats_fail_inc(tcon, SMB2_TREE_DISCONNECT_HE); | |
827 | ||
828 | return rc; | |
829 | } | |
2503a0db PS |
830 | |
831 | int | |
832 | SMB2_open(const unsigned int xid, struct cifs_tcon *tcon, __le16 *path, | |
833 | u64 *persistent_fid, u64 *volatile_fid, __u32 desired_access, | |
834 | __u32 create_disposition, __u32 file_attributes, __u32 create_options) | |
835 | { | |
836 | struct smb2_create_req *req; | |
837 | struct smb2_create_rsp *rsp; | |
838 | struct TCP_Server_Info *server; | |
839 | struct cifs_ses *ses = tcon->ses; | |
840 | struct kvec iov[2]; | |
841 | int resp_buftype; | |
842 | int uni_path_len; | |
843 | int rc = 0; | |
844 | int num_iovecs = 2; | |
845 | ||
846 | cFYI(1, "create/open"); | |
847 | ||
848 | if (ses && (ses->server)) | |
849 | server = ses->server; | |
850 | else | |
851 | return -EIO; | |
852 | ||
853 | rc = small_smb2_init(SMB2_CREATE, tcon, (void **) &req); | |
854 | if (rc) | |
855 | return rc; | |
856 | ||
857 | if (enable_oplocks) | |
858 | req->RequestedOplockLevel = SMB2_OPLOCK_LEVEL_BATCH; | |
859 | else | |
860 | req->RequestedOplockLevel = SMB2_OPLOCK_LEVEL_NONE; | |
861 | req->ImpersonationLevel = IL_IMPERSONATION; | |
862 | req->DesiredAccess = cpu_to_le32(desired_access); | |
863 | /* File attributes ignored on open (used in create though) */ | |
864 | req->FileAttributes = cpu_to_le32(file_attributes); | |
865 | req->ShareAccess = FILE_SHARE_ALL_LE; | |
866 | req->CreateDisposition = cpu_to_le32(create_disposition); | |
867 | req->CreateOptions = cpu_to_le32(create_options); | |
868 | uni_path_len = (2 * UniStrnlen((wchar_t *)path, PATH_MAX)) + 2; | |
869 | req->NameOffset = cpu_to_le16(sizeof(struct smb2_create_req) | |
870 | - 1 /* pad */ - 4 /* do not count rfc1001 len field */); | |
871 | ||
872 | iov[0].iov_base = (char *)req; | |
873 | /* 4 for rfc1002 length field */ | |
874 | iov[0].iov_len = get_rfc1002_length(req) + 4; | |
875 | ||
876 | /* MUST set path len (NameLength) to 0 opening root of share */ | |
877 | if (uni_path_len >= 4) { | |
878 | req->NameLength = cpu_to_le16(uni_path_len - 2); | |
879 | /* -1 since last byte is buf[0] which is sent below (path) */ | |
880 | iov[0].iov_len--; | |
881 | iov[1].iov_len = uni_path_len; | |
882 | iov[1].iov_base = path; | |
883 | /* | |
884 | * -1 since last byte is buf[0] which was counted in | |
885 | * smb2_buf_len. | |
886 | */ | |
887 | inc_rfc1001_len(req, uni_path_len - 1); | |
888 | } else { | |
889 | num_iovecs = 1; | |
890 | req->NameLength = 0; | |
891 | } | |
892 | ||
893 | rc = SendReceive2(xid, ses, iov, num_iovecs, &resp_buftype, 0); | |
894 | rsp = (struct smb2_create_rsp *)iov[0].iov_base; | |
895 | ||
896 | if (rc != 0) { | |
897 | cifs_stats_fail_inc(tcon, SMB2_CREATE_HE); | |
898 | goto creat_exit; | |
899 | } | |
900 | ||
901 | if (rsp == NULL) { | |
902 | rc = -EIO; | |
903 | goto creat_exit; | |
904 | } | |
905 | *persistent_fid = rsp->PersistentFileId; | |
906 | *volatile_fid = rsp->VolatileFileId; | |
907 | creat_exit: | |
908 | free_rsp_buf(resp_buftype, rsp); | |
909 | return rc; | |
910 | } | |
911 | ||
912 | int | |
913 | SMB2_close(const unsigned int xid, struct cifs_tcon *tcon, | |
914 | u64 persistent_fid, u64 volatile_fid) | |
915 | { | |
916 | struct smb2_close_req *req; | |
917 | struct smb2_close_rsp *rsp; | |
918 | struct TCP_Server_Info *server; | |
919 | struct cifs_ses *ses = tcon->ses; | |
920 | struct kvec iov[1]; | |
921 | int resp_buftype; | |
922 | int rc = 0; | |
923 | ||
924 | cFYI(1, "Close"); | |
925 | ||
926 | if (ses && (ses->server)) | |
927 | server = ses->server; | |
928 | else | |
929 | return -EIO; | |
930 | ||
931 | rc = small_smb2_init(SMB2_CLOSE, tcon, (void **) &req); | |
932 | if (rc) | |
933 | return rc; | |
934 | ||
935 | req->PersistentFileId = persistent_fid; | |
936 | req->VolatileFileId = volatile_fid; | |
937 | ||
938 | iov[0].iov_base = (char *)req; | |
939 | /* 4 for rfc1002 length field */ | |
940 | iov[0].iov_len = get_rfc1002_length(req) + 4; | |
941 | ||
942 | rc = SendReceive2(xid, ses, iov, 1, &resp_buftype, 0); | |
943 | rsp = (struct smb2_close_rsp *)iov[0].iov_base; | |
944 | ||
945 | if (rc != 0) { | |
946 | if (tcon) | |
947 | cifs_stats_fail_inc(tcon, SMB2_CLOSE_HE); | |
948 | goto close_exit; | |
949 | } | |
950 | ||
951 | if (rsp == NULL) { | |
952 | rc = -EIO; | |
953 | goto close_exit; | |
954 | } | |
955 | ||
956 | /* BB FIXME - decode close response, update inode for caching */ | |
957 | ||
958 | close_exit: | |
959 | free_rsp_buf(resp_buftype, rsp); | |
960 | return rc; | |
961 | } | |
be4cb9e3 PS |
962 | |
963 | static int | |
964 | validate_buf(unsigned int offset, unsigned int buffer_length, | |
965 | struct smb2_hdr *hdr, unsigned int min_buf_size) | |
966 | ||
967 | { | |
968 | unsigned int smb_len = be32_to_cpu(hdr->smb2_buf_length); | |
969 | char *end_of_smb = smb_len + 4 /* RFC1001 length field */ + (char *)hdr; | |
970 | char *begin_of_buf = 4 /* RFC1001 len field */ + offset + (char *)hdr; | |
971 | char *end_of_buf = begin_of_buf + buffer_length; | |
972 | ||
973 | ||
974 | if (buffer_length < min_buf_size) { | |
975 | cERROR(1, "buffer length %d smaller than minimum size %d", | |
976 | buffer_length, min_buf_size); | |
977 | return -EINVAL; | |
978 | } | |
979 | ||
980 | /* check if beyond RFC1001 maximum length */ | |
981 | if ((smb_len > 0x7FFFFF) || (buffer_length > 0x7FFFFF)) { | |
982 | cERROR(1, "buffer length %d or smb length %d too large", | |
983 | buffer_length, smb_len); | |
984 | return -EINVAL; | |
985 | } | |
986 | ||
987 | if ((begin_of_buf > end_of_smb) || (end_of_buf > end_of_smb)) { | |
988 | cERROR(1, "illegal server response, bad offset to data"); | |
989 | return -EINVAL; | |
990 | } | |
991 | ||
992 | return 0; | |
993 | } | |
994 | ||
995 | /* | |
996 | * If SMB buffer fields are valid, copy into temporary buffer to hold result. | |
997 | * Caller must free buffer. | |
998 | */ | |
999 | static int | |
1000 | validate_and_copy_buf(unsigned int offset, unsigned int buffer_length, | |
1001 | struct smb2_hdr *hdr, unsigned int minbufsize, | |
1002 | char *data) | |
1003 | ||
1004 | { | |
1005 | char *begin_of_buf = 4 /* RFC1001 len field */ + offset + (char *)hdr; | |
1006 | int rc; | |
1007 | ||
1008 | if (!data) | |
1009 | return -EINVAL; | |
1010 | ||
1011 | rc = validate_buf(offset, buffer_length, hdr, minbufsize); | |
1012 | if (rc) | |
1013 | return rc; | |
1014 | ||
1015 | memcpy(data, begin_of_buf, buffer_length); | |
1016 | ||
1017 | return 0; | |
1018 | } | |
1019 | ||
1020 | int | |
1021 | SMB2_query_info(const unsigned int xid, struct cifs_tcon *tcon, | |
1022 | u64 persistent_fid, u64 volatile_fid, | |
1023 | struct smb2_file_all_info *data) | |
1024 | { | |
1025 | struct smb2_query_info_req *req; | |
1026 | struct smb2_query_info_rsp *rsp = NULL; | |
1027 | struct kvec iov[2]; | |
1028 | int rc = 0; | |
1029 | int resp_buftype; | |
1030 | struct TCP_Server_Info *server; | |
1031 | struct cifs_ses *ses = tcon->ses; | |
1032 | ||
1033 | cFYI(1, "Query Info"); | |
1034 | ||
1035 | if (ses && (ses->server)) | |
1036 | server = ses->server; | |
1037 | else | |
1038 | return -EIO; | |
1039 | ||
1040 | rc = small_smb2_init(SMB2_QUERY_INFO, tcon, (void **) &req); | |
1041 | if (rc) | |
1042 | return rc; | |
1043 | ||
1044 | req->InfoType = SMB2_O_INFO_FILE; | |
1045 | req->FileInfoClass = FILE_ALL_INFORMATION; | |
1046 | req->PersistentFileId = persistent_fid; | |
1047 | req->VolatileFileId = volatile_fid; | |
1048 | /* 4 for rfc1002 length field and 1 for Buffer */ | |
1049 | req->InputBufferOffset = | |
1050 | cpu_to_le16(sizeof(struct smb2_query_info_req) - 1 - 4); | |
1051 | req->OutputBufferLength = | |
1052 | cpu_to_le32(sizeof(struct smb2_file_all_info) + MAX_NAME * 2); | |
1053 | ||
1054 | iov[0].iov_base = (char *)req; | |
1055 | /* 4 for rfc1002 length field */ | |
1056 | iov[0].iov_len = get_rfc1002_length(req) + 4; | |
1057 | ||
1058 | rc = SendReceive2(xid, ses, iov, 1, &resp_buftype, 0); | |
1059 | if (rc) { | |
1060 | cifs_stats_fail_inc(tcon, SMB2_QUERY_INFO_HE); | |
1061 | goto qinf_exit; | |
1062 | } | |
1063 | ||
1064 | rsp = (struct smb2_query_info_rsp *)iov[0].iov_base; | |
1065 | ||
1066 | rc = validate_and_copy_buf(le16_to_cpu(rsp->OutputBufferOffset), | |
1067 | le32_to_cpu(rsp->OutputBufferLength), | |
1068 | &rsp->hdr, sizeof(struct smb2_file_all_info), | |
1069 | (char *)data); | |
1070 | ||
1071 | qinf_exit: | |
1072 | free_rsp_buf(resp_buftype, rsp); | |
1073 | return rc; | |
1074 | } | |
9094fad1 PS |
1075 | |
1076 | /* | |
1077 | * This is a no-op for now. We're not really interested in the reply, but | |
1078 | * rather in the fact that the server sent one and that server->lstrp | |
1079 | * gets updated. | |
1080 | * | |
1081 | * FIXME: maybe we should consider checking that the reply matches request? | |
1082 | */ | |
1083 | static void | |
1084 | smb2_echo_callback(struct mid_q_entry *mid) | |
1085 | { | |
1086 | struct TCP_Server_Info *server = mid->callback_data; | |
1087 | struct smb2_echo_rsp *smb2 = (struct smb2_echo_rsp *)mid->resp_buf; | |
1088 | unsigned int credits_received = 1; | |
1089 | ||
1090 | if (mid->mid_state == MID_RESPONSE_RECEIVED) | |
1091 | credits_received = le16_to_cpu(smb2->hdr.CreditRequest); | |
1092 | ||
1093 | DeleteMidQEntry(mid); | |
1094 | add_credits(server, credits_received, CIFS_ECHO_OP); | |
1095 | } | |
1096 | ||
1097 | int | |
1098 | SMB2_echo(struct TCP_Server_Info *server) | |
1099 | { | |
1100 | struct smb2_echo_req *req; | |
1101 | int rc = 0; | |
1102 | struct kvec iov; | |
1103 | ||
1104 | cFYI(1, "In echo request"); | |
1105 | ||
1106 | rc = small_smb2_init(SMB2_ECHO, NULL, (void **)&req); | |
1107 | if (rc) | |
1108 | return rc; | |
1109 | ||
1110 | req->hdr.CreditRequest = cpu_to_le16(1); | |
1111 | ||
1112 | iov.iov_base = (char *)req; | |
1113 | /* 4 for rfc1002 length field */ | |
1114 | iov.iov_len = get_rfc1002_length(req) + 4; | |
1115 | ||
1116 | rc = cifs_call_async(server, &iov, 1, NULL, smb2_echo_callback, server, | |
1117 | CIFS_ECHO_OP); | |
1118 | if (rc) | |
1119 | cFYI(1, "Echo request failed: %d", rc); | |
1120 | ||
1121 | cifs_small_buf_release(req); | |
1122 | return rc; | |
1123 | } |