1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Copyright (C) 2020, Microsoft Corporation.
5 * Author(s): Steve French <stfrench@microsoft.com>
6 * David Howells <dhowells@redhat.com>
10 #include <linux/module.h>
11 #include <linux/nsproxy.h>
12 #include <linux/slab.h>
13 #include <linux/magic.h>
14 #include <linux/security.h>
15 #include <net/net_namespace.h>
18 #include <linux/ctype.h>
19 #include <linux/fs_context.h>
20 #include <linux/fs_parser.h>
22 #include <linux/mount.h>
23 #include <linux/parser.h>
24 #include <linux/utsname.h>
28 #include "cifsproto.h"
29 #include "cifs_unicode.h"
30 #include "cifs_debug.h"
31 #include "cifs_fs_sb.h"
34 #include "rfc1002pdu.h"
35 #include "fs_context.h"
37 static const match_table_t cifs_smb_version_tokens = {
38 { Smb_1, SMB1_VERSION_STRING },
39 { Smb_20, SMB20_VERSION_STRING},
40 { Smb_21, SMB21_VERSION_STRING },
41 { Smb_30, SMB30_VERSION_STRING },
42 { Smb_302, SMB302_VERSION_STRING },
43 { Smb_302, ALT_SMB302_VERSION_STRING },
44 { Smb_311, SMB311_VERSION_STRING },
45 { Smb_311, ALT_SMB311_VERSION_STRING },
46 { Smb_3any, SMB3ANY_VERSION_STRING },
47 { Smb_default, SMBDEFAULT_VERSION_STRING },
48 { Smb_version_err, NULL }
51 static const match_table_t cifs_secflavor_tokens = {
52 { Opt_sec_krb5, "krb5" },
53 { Opt_sec_krb5i, "krb5i" },
54 { Opt_sec_krb5p, "krb5p" },
55 { Opt_sec_ntlmsspi, "ntlmsspi" },
56 { Opt_sec_ntlmssp, "ntlmssp" },
58 { Opt_sec_ntlmi, "ntlmi" },
59 { Opt_sec_ntlmv2, "nontlm" },
60 { Opt_sec_ntlmv2, "ntlmv2" },
61 { Opt_sec_ntlmv2i, "ntlmv2i" },
62 { Opt_sec_lanman, "lanman" },
63 { Opt_sec_none, "none" },
68 const struct fs_parameter_spec smb3_fs_parameters[] = {
69 /* Mount options that take no arguments */
70 fsparam_flag_no("user_xattr", Opt_user_xattr),
71 fsparam_flag_no("forceuid", Opt_forceuid),
72 fsparam_flag_no("multichannel", Opt_multichannel),
73 fsparam_flag_no("forcegid", Opt_forcegid),
74 fsparam_flag("noblocksend", Opt_noblocksend),
75 fsparam_flag("noautotune", Opt_noautotune),
76 fsparam_flag("nolease", Opt_nolease),
77 fsparam_flag_no("hard", Opt_hard),
78 fsparam_flag_no("soft", Opt_soft),
79 fsparam_flag_no("perm", Opt_perm),
80 fsparam_flag("nodelete", Opt_nodelete),
81 fsparam_flag_no("mapposix", Opt_mapposix),
82 fsparam_flag("mapchars", Opt_mapchars),
83 fsparam_flag("nomapchars", Opt_nomapchars),
84 fsparam_flag_no("sfu", Opt_sfu),
85 fsparam_flag("nodfs", Opt_nodfs),
86 fsparam_flag_no("posixpaths", Opt_posixpaths),
87 fsparam_flag_no("unix", Opt_unix),
88 fsparam_flag_no("linux", Opt_unix),
89 fsparam_flag_no("posix", Opt_unix),
90 fsparam_flag("nocase", Opt_nocase),
91 fsparam_flag("ignorecase", Opt_nocase),
92 fsparam_flag_no("brl", Opt_brl),
93 fsparam_flag_no("handlecache", Opt_handlecache),
94 fsparam_flag("forcemandatorylock", Opt_forcemandatorylock),
95 fsparam_flag("forcemand", Opt_forcemandatorylock),
96 fsparam_flag("setuidfromacl", Opt_setuidfromacl),
97 fsparam_flag_no("setuids", Opt_setuids),
98 fsparam_flag_no("dynperm", Opt_dynperm),
99 fsparam_flag_no("intr", Opt_intr),
100 fsparam_flag_no("strictsync", Opt_strictsync),
101 fsparam_flag_no("serverino", Opt_serverino),
102 fsparam_flag("rwpidforward", Opt_rwpidforward),
103 fsparam_flag("cifsacl", Opt_cifsacl),
104 fsparam_flag_no("acl", Opt_acl),
105 fsparam_flag("locallease", Opt_locallease),
106 fsparam_flag("sign", Opt_sign),
107 fsparam_flag("ignore_signature", Opt_ignore_signature),
108 fsparam_flag("seal", Opt_seal),
109 fsparam_flag("noac", Opt_noac),
110 fsparam_flag("fsc", Opt_fsc),
111 fsparam_flag("mfsymlinks", Opt_mfsymlinks),
112 fsparam_flag("multiuser", Opt_multiuser),
113 fsparam_flag("sloppy", Opt_sloppy),
114 fsparam_flag("nosharesock", Opt_nosharesock),
115 fsparam_flag_no("persistent", Opt_persistent),
116 fsparam_flag_no("resilient", Opt_resilient),
117 fsparam_flag("domainauto", Opt_domainauto),
118 fsparam_flag("rdma", Opt_rdma),
119 fsparam_flag("modesid", Opt_modesid),
120 fsparam_flag("rootfs", Opt_rootfs),
121 fsparam_flag("compress", Opt_compress),
122 fsparam_flag("witness", Opt_witness),
124 /* Mount options which take numeric value */
125 fsparam_u32("backupuid", Opt_backupuid),
126 fsparam_u32("backupgid", Opt_backupgid),
127 fsparam_u32("uid", Opt_uid),
128 fsparam_u32("cruid", Opt_cruid),
129 fsparam_u32("gid", Opt_gid),
130 fsparam_u32("file_mode", Opt_file_mode),
131 fsparam_u32("dirmode", Opt_dirmode),
132 fsparam_u32("dir_mode", Opt_dirmode),
133 fsparam_u32("port", Opt_port),
134 fsparam_u32("min_enc_offload", Opt_min_enc_offload),
135 fsparam_u32("bsize", Opt_blocksize),
136 fsparam_u32("rsize", Opt_rsize),
137 fsparam_u32("wsize", Opt_wsize),
138 fsparam_u32("actimeo", Opt_actimeo),
139 fsparam_u32("echo_interval", Opt_echo_interval),
140 fsparam_u32("max_credits", Opt_max_credits),
141 fsparam_u32("handletimeout", Opt_handletimeout),
142 fsparam_u32("snapshot", Opt_snapshot),
143 fsparam_u32("max_channels", Opt_max_channels),
145 /* Mount options which take string value */
146 fsparam_string("source", Opt_source),
147 fsparam_string("unc", Opt_source),
148 fsparam_string("user", Opt_user),
149 fsparam_string("username", Opt_user),
150 fsparam_string("pass", Opt_pass),
151 fsparam_string("password", Opt_pass),
152 fsparam_string("ip", Opt_ip),
153 fsparam_string("addr", Opt_ip),
154 fsparam_string("domain", Opt_domain),
155 fsparam_string("dom", Opt_domain),
156 fsparam_string("srcaddr", Opt_srcaddr),
157 fsparam_string("iocharset", Opt_iocharset),
158 fsparam_string("netbiosname", Opt_netbiosname),
159 fsparam_string("servern", Opt_servern),
160 fsparam_string("ver", Opt_ver),
161 fsparam_string("vers", Opt_vers),
162 fsparam_string("sec", Opt_sec),
163 fsparam_string("cache", Opt_cache),
165 /* Arguments that should be ignored */
166 fsparam_flag("guest", Opt_ignore),
167 fsparam_flag("noatime", Opt_ignore),
168 fsparam_flag("relatime", Opt_ignore),
169 fsparam_flag("_netdev", Opt_ignore),
170 fsparam_flag_no("suid", Opt_ignore),
171 fsparam_flag_no("exec", Opt_ignore),
172 fsparam_flag_no("dev", Opt_ignore),
173 fsparam_flag_no("mand", Opt_ignore),
174 fsparam_string("cred", Opt_ignore),
175 fsparam_string("credentials", Opt_ignore),
180 cifs_parse_security_flavors(char *value, struct smb3_fs_context *ctx)
183 substring_t args[MAX_OPT_ARGS];
186 * With mount options, the last one should win. Reset any existing
187 * settings back to default.
189 ctx->sectype = Unspecified;
192 switch (match_token(value, cifs_secflavor_tokens, args)) {
194 cifs_dbg(VFS, "sec=krb5p is not supported!\n");
200 ctx->sectype = Kerberos;
202 case Opt_sec_ntlmsspi:
205 case Opt_sec_ntlmssp:
206 ctx->sectype = RawNTLMSSP;
214 case Opt_sec_ntlmv2i:
218 ctx->sectype = NTLMv2;
220 #ifdef CONFIG_CIFS_WEAK_PW_HASH
222 ctx->sectype = LANMAN;
229 cifs_dbg(VFS, "bad security option: %s\n", value);
236 static const match_table_t cifs_cacheflavor_tokens = {
237 { Opt_cache_loose, "loose" },
238 { Opt_cache_strict, "strict" },
239 { Opt_cache_none, "none" },
240 { Opt_cache_ro, "ro" },
241 { Opt_cache_rw, "singleclient" },
242 { Opt_cache_err, NULL }
246 cifs_parse_cache_flavor(char *value, struct smb3_fs_context *ctx)
248 substring_t args[MAX_OPT_ARGS];
250 switch (match_token(value, cifs_cacheflavor_tokens, args)) {
251 case Opt_cache_loose:
252 ctx->direct_io = false;
253 ctx->strict_io = false;
254 ctx->cache_ro = false;
255 ctx->cache_rw = false;
257 case Opt_cache_strict:
258 ctx->direct_io = false;
259 ctx->strict_io = true;
260 ctx->cache_ro = false;
261 ctx->cache_rw = false;
264 ctx->direct_io = true;
265 ctx->strict_io = false;
266 ctx->cache_ro = false;
267 ctx->cache_rw = false;
270 ctx->direct_io = false;
271 ctx->strict_io = false;
272 ctx->cache_ro = true;
273 ctx->cache_rw = false;
276 ctx->direct_io = false;
277 ctx->strict_io = false;
278 ctx->cache_ro = false;
279 ctx->cache_rw = true;
282 cifs_dbg(VFS, "bad cache= option: %s\n", value);
288 #define DUP_CTX_STR(field) \
291 new_ctx->field = kstrdup(ctx->field, GFP_ATOMIC); \
292 if (new_ctx->field == NULL) { \
293 smb3_cleanup_fs_context_contents(new_ctx); \
300 smb3_fs_context_dup(struct smb3_fs_context *new_ctx, struct smb3_fs_context *ctx)
304 memcpy(new_ctx, ctx, sizeof(*ctx));
305 new_ctx->prepath = NULL;
306 new_ctx->mount_options = NULL;
307 new_ctx->nodename = NULL;
308 new_ctx->username = NULL;
309 new_ctx->password = NULL;
310 new_ctx->domainname = NULL;
312 new_ctx->iocharset = NULL;
315 * Make sure to stay in sync with smb3_cleanup_fs_context_contents()
317 DUP_CTX_STR(prepath);
318 DUP_CTX_STR(mount_options);
319 DUP_CTX_STR(username);
320 DUP_CTX_STR(password);
322 DUP_CTX_STR(domainname);
323 DUP_CTX_STR(nodename);
324 DUP_CTX_STR(iocharset);
330 cifs_parse_smb_version(char *value, struct smb3_fs_context *ctx, bool is_smb3)
332 substring_t args[MAX_OPT_ARGS];
334 switch (match_token(value, cifs_smb_version_tokens, args)) {
335 #ifdef CONFIG_CIFS_ALLOW_INSECURE_LEGACY
337 if (disable_legacy_dialects) {
338 cifs_dbg(VFS, "mount with legacy dialect disabled\n");
342 cifs_dbg(VFS, "vers=1.0 (cifs) not permitted when mounting with smb3\n");
345 cifs_dbg(VFS, "Use of the less secure dialect vers=1.0 is not recommended unless required for access to very old servers\n");
346 ctx->ops = &smb1_operations;
347 ctx->vals = &smb1_values;
350 if (disable_legacy_dialects) {
351 cifs_dbg(VFS, "mount with legacy dialect disabled\n");
355 cifs_dbg(VFS, "vers=2.0 not permitted when mounting with smb3\n");
358 ctx->ops = &smb20_operations;
359 ctx->vals = &smb20_values;
363 cifs_dbg(VFS, "vers=1.0 (cifs) mount not permitted when legacy dialects disabled\n");
366 cifs_dbg(VFS, "vers=2.0 mount not permitted when legacy dialects disabled\n");
368 #endif /* CIFS_ALLOW_INSECURE_LEGACY */
370 ctx->ops = &smb21_operations;
371 ctx->vals = &smb21_values;
374 ctx->ops = &smb30_operations;
375 ctx->vals = &smb30_values;
378 ctx->ops = &smb30_operations; /* currently identical with 3.0 */
379 ctx->vals = &smb302_values;
382 ctx->ops = &smb311_operations;
383 ctx->vals = &smb311_values;
386 ctx->ops = &smb30_operations; /* currently identical with 3.0 */
387 ctx->vals = &smb3any_values;
390 ctx->ops = &smb30_operations; /* currently identical with 3.0 */
391 ctx->vals = &smbdefault_values;
394 cifs_dbg(VFS, "Unknown vers= option specified: %s\n", value);
401 * Parse a devname into substrings and populate the ctx->UNC and ctx->prepath
402 * fields with the result. Returns 0 on success and an error otherwise
403 * (e.g. ENOMEM or EINVAL)
406 smb3_parse_devname(const char *devname, struct smb3_fs_context *ctx)
409 const char *delims = "/\\";
412 if (unlikely(!devname || !*devname)) {
413 cifs_dbg(VFS, "Device name not specified\n");
417 /* make sure we have a valid UNC double delimiter prefix */
418 len = strspn(devname, delims);
422 /* find delimiter between host and sharename */
423 pos = strpbrk(devname + 2, delims);
427 /* skip past delimiter */
430 /* now go until next delimiter or end of string */
431 len = strcspn(pos, delims);
433 /* move "pos" up to delimiter or NULL */
435 ctx->UNC = kstrndup(devname, pos - devname, GFP_KERNEL);
439 convert_delimiter(ctx->UNC, '\\');
441 /* skip any delimiter */
442 if (*pos == '/' || *pos == '\\')
445 /* If pos is NULL then no prepath */
449 ctx->prepath = kstrdup(pos, GFP_KERNEL);
456 static void smb3_fs_context_free(struct fs_context *fc);
457 static int smb3_fs_context_parse_param(struct fs_context *fc,
458 struct fs_parameter *param);
459 static int smb3_fs_context_parse_monolithic(struct fs_context *fc,
461 static int smb3_get_tree(struct fs_context *fc);
462 static int smb3_reconfigure(struct fs_context *fc);
464 static const struct fs_context_operations smb3_fs_context_ops = {
465 .free = smb3_fs_context_free,
466 .parse_param = smb3_fs_context_parse_param,
467 .parse_monolithic = smb3_fs_context_parse_monolithic,
468 .get_tree = smb3_get_tree,
469 .reconfigure = smb3_reconfigure,
473 * Parse a monolithic block of data from sys_mount().
474 * smb3_fs_context_parse_monolithic - Parse key[=val][,key[=val]]* mount data
475 * @ctx: The superblock configuration to fill in.
476 * @data: The data to parse
478 * Parse a blob of data that's in key[=val][,key[=val]]* form. This can be
479 * called from the ->monolithic_mount_data() fs_context operation.
481 * Returns 0 on success or the error returned by the ->parse_option() fs_context
482 * operation on failure.
484 static int smb3_fs_context_parse_monolithic(struct fs_context *fc,
487 struct smb3_fs_context *ctx = smb3_fc2context(fc);
488 char *options = data, *key;
494 ctx->mount_options = kstrdup(data, GFP_KERNEL);
495 if (ctx->mount_options == NULL)
498 ret = security_sb_eat_lsm_opts(options, &fc->security);
502 /* BB Need to add support for sep= here TBD */
503 while ((key = strsep(&options, ",")) != NULL) {
506 char *value = strchr(key, '=');
512 v_len = strlen(value);
514 ret = vfs_parse_fs_string(fc, key, value, v_len);
524 * Validate the preparsed information in the config.
526 static int smb3_fs_context_validate(struct fs_context *fc)
528 struct smb3_fs_context *ctx = smb3_fc2context(fc);
530 if (ctx->rdma && ctx->vals->protocol_id < SMB30_PROT_ID) {
531 cifs_dbg(VFS, "SMB Direct requires Version >=3.0\n");
536 /* Muliuser mounts require CONFIG_KEYS support */
537 if (ctx->multiuser) {
538 cifs_dbg(VFS, "Multiuser mounts require kernels with CONFIG_KEYS enabled\n");
543 if (ctx->got_version == false)
544 pr_warn_once("No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.\n");
548 cifs_dbg(VFS, "CIFS mount error: No usable UNC path provided in device string!\n");
552 /* make sure UNC has a share name */
553 if (strlen(ctx->UNC) < 3 || !strchr(ctx->UNC + 3, '\\')) {
554 cifs_dbg(VFS, "Malformed UNC. Unable to find share name.\n");
562 /* No ip= option specified? Try to get it from UNC */
563 /* Use the address part of the UNC. */
564 slash = strchr(&ctx->UNC[2], '\\');
565 len = slash - &ctx->UNC[2];
566 if (!cifs_convert_address((struct sockaddr *)&ctx->dstaddr,
567 &ctx->UNC[2], len)) {
568 pr_err("Unable to determine destination address\n");
573 /* set the port that we got earlier */
574 cifs_set_port((struct sockaddr *)&ctx->dstaddr, ctx->port);
576 if (ctx->override_uid && !ctx->uid_specified) {
577 ctx->override_uid = 0;
578 pr_notice("ignoring forceuid mount option specified with no uid= option\n");
581 if (ctx->override_gid && !ctx->gid_specified) {
582 ctx->override_gid = 0;
583 pr_notice("ignoring forcegid mount option specified with no gid= option\n");
589 static int smb3_get_tree_common(struct fs_context *fc)
591 struct smb3_fs_context *ctx = smb3_fc2context(fc);
595 root = cifs_smb3_do_mount(fc->fs_type, 0, ctx);
597 return PTR_ERR(root);
605 * Create an SMB3 superblock from the parameters passed.
607 static int smb3_get_tree(struct fs_context *fc)
609 int err = smb3_fs_context_validate(fc);
613 return smb3_get_tree_common(fc);
616 static void smb3_fs_context_free(struct fs_context *fc)
618 struct smb3_fs_context *ctx = smb3_fc2context(fc);
620 smb3_cleanup_fs_context(ctx);
624 * Compare the old and new proposed context during reconfigure
625 * and check if the changes are compatible.
627 static int smb3_verify_reconfigure_ctx(struct smb3_fs_context *new_ctx,
628 struct smb3_fs_context *old_ctx)
630 if (new_ctx->posix_paths != old_ctx->posix_paths) {
631 cifs_dbg(VFS, "can not change posixpaths during remount\n");
634 if (new_ctx->sectype != old_ctx->sectype) {
635 cifs_dbg(VFS, "can not change sec during remount\n");
638 if (new_ctx->multiuser != old_ctx->multiuser) {
639 cifs_dbg(VFS, "can not change multiuser during remount\n");
643 (!old_ctx->UNC || strcmp(new_ctx->UNC, old_ctx->UNC))) {
644 cifs_dbg(VFS, "can not change UNC during remount\n");
647 if (new_ctx->username &&
648 (!old_ctx->username || strcmp(new_ctx->username, old_ctx->username))) {
649 cifs_dbg(VFS, "can not change username during remount\n");
652 if (new_ctx->password &&
653 (!old_ctx->password || strcmp(new_ctx->password, old_ctx->password))) {
654 cifs_dbg(VFS, "can not change password during remount\n");
657 if (new_ctx->domainname &&
658 (!old_ctx->domainname || strcmp(new_ctx->domainname, old_ctx->domainname))) {
659 cifs_dbg(VFS, "can not change domainname during remount\n");
662 if (new_ctx->nodename &&
663 (!old_ctx->nodename || strcmp(new_ctx->nodename, old_ctx->nodename))) {
664 cifs_dbg(VFS, "can not change nodename during remount\n");
667 if (new_ctx->iocharset &&
668 (!old_ctx->iocharset || strcmp(new_ctx->iocharset, old_ctx->iocharset))) {
669 cifs_dbg(VFS, "can not change iocharset during remount\n");
676 #define STEAL_STRING(cifs_sb, ctx, field) \
679 ctx->field = cifs_sb->ctx->field; \
680 cifs_sb->ctx->field = NULL; \
683 static int smb3_reconfigure(struct fs_context *fc)
685 struct smb3_fs_context *ctx = smb3_fc2context(fc);
686 struct dentry *root = fc->root;
687 struct cifs_sb_info *cifs_sb = CIFS_SB(root->d_sb);
690 rc = smb3_verify_reconfigure_ctx(ctx, cifs_sb->ctx);
695 * We can not change UNC/username/password/domainname/nodename/iocharset
696 * during reconnect so ignore what we have in the new context and
697 * just use what we already have in cifs_sb->ctx.
699 STEAL_STRING(cifs_sb, ctx, UNC);
700 STEAL_STRING(cifs_sb, ctx, username);
701 STEAL_STRING(cifs_sb, ctx, password);
702 STEAL_STRING(cifs_sb, ctx, domainname);
703 STEAL_STRING(cifs_sb, ctx, nodename);
704 STEAL_STRING(cifs_sb, ctx, iocharset);
706 smb3_cleanup_fs_context_contents(cifs_sb->ctx);
707 rc = smb3_fs_context_dup(cifs_sb->ctx, ctx);
708 smb3_update_mnt_flags(cifs_sb);
713 static int smb3_fs_context_parse_param(struct fs_context *fc,
714 struct fs_parameter *param)
716 struct fs_parse_result result;
717 struct smb3_fs_context *ctx = smb3_fc2context(fc);
719 bool is_smb3 = !strcmp(fc->fs_type->name, "smb3");
720 bool skip_parsing = false;
722 cifs_dbg(FYI, "CIFS: parsing cifs mount option '%s'\n", param->key);
725 * fs_parse can not handle string options with an empty value so
726 * we will need special handling of them.
728 if (param->type == fs_value_is_string && param->string[0] == 0) {
729 if (!strcmp("pass", param->key) || !strcmp("password", param->key))
734 opt = fs_parse(fc, smb3_fs_parameters, param, &result);
736 return ctx->sloppy ? 1 : opt;
741 ctx->compression = UNKNOWN_TYPE;
743 "SMB3 compression support is experimental\n");
765 ctx->sfu_remap = false; /* disable SFU mapping */
776 ctx->override_uid = 0;
778 ctx->override_uid = 1;
782 ctx->override_gid = 0;
784 ctx->override_gid = 1;
804 case Opt_noblocksend:
816 case Opt_multichannel:
817 if (result.negated) {
818 ctx->multichannel = false;
819 ctx->max_channels = 1;
821 ctx->multichannel = true;
822 /* if number of channels not specified, default to 2 */
823 if (ctx->max_channels < 2)
824 ctx->max_channels = 2;
828 ctx->linux_uid.val = result.uint_32;
829 ctx->uid_specified = true;
832 ctx->cred_uid.val = result.uint_32;
835 ctx->backupgid.val = result.uint_32;
836 ctx->backupgid_specified = true;
839 ctx->linux_gid.val = result.uint_32;
840 ctx->gid_specified = true;
843 ctx->port = result.uint_32;
846 ctx->file_mode = result.uint_32;
849 ctx->dir_mode = result.uint_32;
851 case Opt_min_enc_offload:
852 ctx->min_offload = result.uint_32;
856 * inode blocksize realistically should never need to be
857 * less than 16K or greater than 16M and default is 1MB.
858 * Note that small inode block sizes (e.g. 64K) can lead
859 * to very poor performance of common tools like cp and scp
861 if ((result.uint_32 < CIFS_MAX_MSGSIZE) ||
862 (result.uint_32 > (4 * SMB3_DEFAULT_IOSIZE))) {
863 cifs_dbg(VFS, "%s: Invalid blocksize\n",
865 goto cifs_parse_mount_err;
867 ctx->bsize = result.uint_32;
868 ctx->got_bsize = true;
871 ctx->rsize = result.uint_32;
872 ctx->got_rsize = true;
875 ctx->wsize = result.uint_32;
876 ctx->got_wsize = true;
879 ctx->actimeo = HZ * result.uint_32;
880 if (ctx->actimeo > CIFS_MAX_ACTIMEO) {
881 cifs_dbg(VFS, "attribute cache timeout too large\n");
882 goto cifs_parse_mount_err;
885 case Opt_echo_interval:
886 ctx->echo_interval = result.uint_32;
889 ctx->snapshot_time = result.uint_32;
891 case Opt_max_credits:
892 if (result.uint_32 < 20 || result.uint_32 > 60000) {
893 cifs_dbg(VFS, "%s: Invalid max_credits value\n",
895 goto cifs_parse_mount_err;
897 ctx->max_credits = result.uint_32;
899 case Opt_max_channels:
900 if (result.uint_32 < 1 || result.uint_32 > CIFS_MAX_CHANNELS) {
901 cifs_dbg(VFS, "%s: Invalid max_channels value, needs to be 1-%d\n",
902 __func__, CIFS_MAX_CHANNELS);
903 goto cifs_parse_mount_err;
905 ctx->max_channels = result.uint_32;
907 case Opt_handletimeout:
908 ctx->handle_timeout = result.uint_32;
909 if (ctx->handle_timeout > SMB3_MAX_HANDLE_TIMEOUT) {
910 cifs_dbg(VFS, "Invalid handle cache timeout, longer than 16 minutes\n");
911 goto cifs_parse_mount_err;
917 switch (smb3_parse_devname(param->string, ctx)) {
921 cifs_dbg(VFS, "Unable to allocate memory for devname\n");
922 goto cifs_parse_mount_err;
924 cifs_dbg(VFS, "Malformed UNC in devname\n");
925 goto cifs_parse_mount_err;
927 cifs_dbg(VFS, "Unknown error parsing devname\n");
928 goto cifs_parse_mount_err;
930 fc->source = kstrdup(param->string, GFP_KERNEL);
931 if (fc->source == NULL) {
932 cifs_dbg(VFS, "OOM when copying UNC string\n");
933 goto cifs_parse_mount_err;
937 kfree(ctx->username);
938 ctx->username = NULL;
939 if (strlen(param->string) == 0) {
940 /* null user, ie. anonymous authentication */
945 if (strnlen(param->string, CIFS_MAX_USERNAME_LEN) >
946 CIFS_MAX_USERNAME_LEN) {
947 pr_warn("username too long\n");
948 goto cifs_parse_mount_err;
950 ctx->username = kstrdup(param->string, GFP_KERNEL);
951 if (ctx->username == NULL) {
952 cifs_dbg(VFS, "OOM when copying username string\n");
953 goto cifs_parse_mount_err;
957 kfree(ctx->password);
958 ctx->password = NULL;
959 if (strlen(param->string) == 0)
962 ctx->password = kstrdup(param->string, GFP_KERNEL);
963 if (ctx->password == NULL) {
964 cifs_dbg(VFS, "OOM when copying password string\n");
965 goto cifs_parse_mount_err;
969 if (strlen(param->string) == 0) {
973 if (!cifs_convert_address((struct sockaddr *)&ctx->dstaddr,
975 strlen(param->string))) {
976 pr_err("bad ip= option (%s)\n", param->string);
977 goto cifs_parse_mount_err;
982 if (strnlen(param->string, CIFS_MAX_DOMAINNAME_LEN)
983 == CIFS_MAX_DOMAINNAME_LEN) {
984 pr_warn("domain name too long\n");
985 goto cifs_parse_mount_err;
988 kfree(ctx->domainname);
989 ctx->domainname = kstrdup(param->string, GFP_KERNEL);
990 if (ctx->domainname == NULL) {
991 cifs_dbg(VFS, "OOM when copying domainname string\n");
992 goto cifs_parse_mount_err;
994 cifs_dbg(FYI, "Domain name set\n");
997 if (!cifs_convert_address(
998 (struct sockaddr *)&ctx->srcaddr,
999 param->string, strlen(param->string))) {
1000 pr_warn("Could not parse srcaddr: %s\n",
1002 goto cifs_parse_mount_err;
1006 if (strnlen(param->string, 1024) >= 65) {
1007 pr_warn("iocharset name too long\n");
1008 goto cifs_parse_mount_err;
1011 if (strncasecmp(param->string, "default", 7) != 0) {
1012 kfree(ctx->iocharset);
1013 ctx->iocharset = kstrdup(param->string, GFP_KERNEL);
1014 if (ctx->iocharset == NULL) {
1015 cifs_dbg(VFS, "OOM when copying iocharset string\n");
1016 goto cifs_parse_mount_err;
1019 /* if iocharset not set then load_nls_default
1022 cifs_dbg(FYI, "iocharset set to %s\n", ctx->iocharset);
1024 case Opt_netbiosname:
1025 memset(ctx->source_rfc1001_name, 0x20,
1028 * FIXME: are there cases in which a comma can
1029 * be valid in workstation netbios name (and
1030 * need special handling)?
1032 for (i = 0; i < RFC1001_NAME_LEN; i++) {
1033 /* don't ucase netbiosname for user */
1034 if (param->string[i] == 0)
1036 ctx->source_rfc1001_name[i] = param->string[i];
1038 /* The string has 16th byte zero still from
1039 * set at top of the function
1041 if (i == RFC1001_NAME_LEN && param->string[i] != 0)
1042 pr_warn("netbiosname longer than 15 truncated\n");
1045 /* last byte, type, is 0x20 for servr type */
1046 memset(ctx->target_rfc1001_name, 0x20,
1047 RFC1001_NAME_LEN_WITH_NULL);
1049 * BB are there cases in which a comma can be valid in this
1050 * workstation netbios name (and need special handling)?
1053 /* user or mount helper must uppercase the netbios name */
1054 for (i = 0; i < 15; i++) {
1055 if (param->string[i] == 0)
1057 ctx->target_rfc1001_name[i] = param->string[i];
1060 /* The string has 16th byte zero still from set at top of function */
1061 if (i == RFC1001_NAME_LEN && param->string[i] != 0)
1062 pr_warn("server netbiosname longer than 15 truncated\n");
1065 /* version of mount userspace tools, not dialect */
1066 /* If interface changes in mount.cifs bump to new ver */
1067 if (strncasecmp(param->string, "1", 1) == 0) {
1068 if (strlen(param->string) > 1) {
1069 pr_warn("Bad mount helper ver=%s. Did you want SMB1 (CIFS) dialect and mean to type vers=1.0 instead?\n",
1071 goto cifs_parse_mount_err;
1073 /* This is the default */
1076 /* For all other value, error */
1077 pr_warn("Invalid mount helper version specified\n");
1078 goto cifs_parse_mount_err;
1080 /* protocol version (dialect) */
1081 if (cifs_parse_smb_version(param->string, ctx, is_smb3) != 0)
1082 goto cifs_parse_mount_err;
1083 ctx->got_version = true;
1086 if (cifs_parse_security_flavors(param->string, ctx) != 0)
1087 goto cifs_parse_mount_err;
1090 if (cifs_parse_cache_flavor(param->string, ctx) != 0)
1091 goto cifs_parse_mount_err;
1094 #ifndef CONFIG_CIFS_SWN_UPCALL
1095 cifs_dbg(VFS, "Witness support needs CONFIG_CIFS_SWN_UPCALL config option\n");
1096 goto cifs_parse_mount_err;
1098 ctx->witness = true;
1101 #ifdef CONFIG_CIFS_ROOT
1105 case Opt_posixpaths:
1107 ctx->posix_paths = 0;
1109 ctx->posix_paths = 1;
1115 ctx->no_linux_ext = 1;
1121 if (result.negated) {
1123 * turn off mandatory locking in mode
1124 * if remote locking is turned off since the
1125 * local vfs will do advisory
1127 if (ctx->file_mode ==
1128 (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1129 ctx->file_mode = S_IALLUGO;
1134 case Opt_handlecache:
1136 ctx->nohandlecache = 1;
1138 ctx->nohandlecache = 0;
1140 case Opt_forcemandatorylock:
1144 ctx->setuids = result.negated;
1147 ctx->intr = !result.negated;
1149 case Opt_setuidfromacl:
1150 ctx->setuidfromacl = 1;
1152 case Opt_strictsync:
1153 ctx->nostrictsync = result.negated;
1156 ctx->server_ino = !result.negated;
1158 case Opt_rwpidforward:
1159 ctx->rwpidforward = 1;
1165 ctx->cifs_acl = !result.negated;
1168 ctx->no_psx_acl = result.negated;
1170 case Opt_locallease:
1171 ctx->local_lease = 1;
1176 case Opt_ignore_signature:
1178 ctx->ignore_signature = true;
1181 /* we do not do the following in secFlags because seal
1182 * is a per tree connection (mount) not a per socket
1183 * or per-smb connection option in the protocol
1184 * vol->secFlg |= CIFSSEC_MUST_SEAL;
1189 pr_warn("Mount option noac not supported. Instead set /proc/fs/cifs/LookupCacheEnabled to 0\n");
1192 #ifndef CONFIG_CIFS_FSCACHE
1193 cifs_dbg(VFS, "FS-Cache support needs CONFIG_CIFS_FSCACHE kernel config option set\n");
1194 goto cifs_parse_mount_err;
1198 case Opt_mfsymlinks:
1199 ctx->mfsymlinks = true;
1202 ctx->multiuser = true;
1207 case Opt_nosharesock:
1208 ctx->nosharesock = true;
1210 case Opt_persistent:
1211 if (result.negated) {
1212 if ((ctx->nopersistent) || (ctx->resilient)) {
1214 "persistenthandles mount options conflict\n");
1215 goto cifs_parse_mount_err;
1218 ctx->nopersistent = true;
1219 if (ctx->persistent) {
1221 "persistenthandles mount options conflict\n");
1222 goto cifs_parse_mount_err;
1227 if (result.negated) {
1228 ctx->resilient = false; /* already the default */
1230 ctx->resilient = true;
1231 if (ctx->persistent) {
1233 "persistenthandles mount options conflict\n");
1234 goto cifs_parse_mount_err;
1238 case Opt_domainauto:
1239 ctx->domainauto = true;
1248 cifs_parse_mount_err:
1252 int smb3_init_fs_context(struct fs_context *fc)
1254 struct smb3_fs_context *ctx;
1255 char *nodename = utsname()->nodename;
1258 ctx = kzalloc(sizeof(struct smb3_fs_context), GFP_KERNEL);
1263 * does not have to be perfect mapping since field is
1264 * informational, only used for servers that do not support
1265 * port 445 and it can be overridden at mount time
1267 memset(ctx->source_rfc1001_name, 0x20, RFC1001_NAME_LEN);
1268 for (i = 0; i < strnlen(nodename, RFC1001_NAME_LEN); i++)
1269 ctx->source_rfc1001_name[i] = toupper(nodename[i]);
1271 ctx->source_rfc1001_name[RFC1001_NAME_LEN] = 0;
1273 * null target name indicates to use *SMBSERVR default called name
1274 * if we end up sending RFC1001 session initialize
1276 ctx->target_rfc1001_name[0] = 0;
1277 ctx->cred_uid = current_uid();
1278 ctx->linux_uid = current_uid();
1279 ctx->linux_gid = current_gid();
1280 ctx->bsize = 1024 * 1024; /* can improve cp performance significantly */
1283 * default to SFM style remapping of seven reserved characters
1284 * unless user overrides it or we negotiate CIFS POSIX where
1285 * it is unnecessary. Can not simultaneously use more than one mapping
1286 * since then readdir could list files that open could not open
1290 /* default to only allowing write access to owner of the mount */
1291 ctx->dir_mode = ctx->file_mode = S_IRUGO | S_IXUGO | S_IWUSR;
1293 /* ctx->retry default is 0 (i.e. "soft" limited retry not hard retry) */
1294 /* default is always to request posix paths. */
1295 ctx->posix_paths = 1;
1296 /* default to using server inode numbers where available */
1297 ctx->server_ino = 1;
1299 /* default is to use strict cifs caching semantics */
1300 ctx->strict_io = true;
1302 ctx->actimeo = CIFS_DEF_ACTIMEO;
1304 /* Most clients set timeout to 0, allows server to use its default */
1305 ctx->handle_timeout = 0; /* See MS-SMB2 spec section 2.2.14.2.12 */
1307 /* offer SMB2.1 and later (SMB3 etc). Secure and widely accepted */
1308 ctx->ops = &smb30_operations;
1309 ctx->vals = &smbdefault_values;
1311 ctx->echo_interval = SMB_ECHO_INTERVAL_DEFAULT;
1313 /* default to no multichannel (single server connection) */
1314 ctx->multichannel = false;
1315 ctx->max_channels = 1;
1317 ctx->backupuid_specified = false; /* no backup intent for a user */
1318 ctx->backupgid_specified = false; /* no backup intent for a group */
1321 * short int override_uid = -1;
1322 * short int override_gid = -1;
1323 * char *nodename = strdup(utsname()->nodename);
1324 * struct sockaddr *dstaddr = (struct sockaddr *)&vol->dstaddr;
1327 fc->fs_private = ctx;
1328 fc->ops = &smb3_fs_context_ops;
1333 smb3_cleanup_fs_context_contents(struct smb3_fs_context *ctx)
1339 * Make sure this stays in sync with smb3_fs_context_dup()
1341 kfree(ctx->mount_options);
1342 ctx->mount_options = NULL;
1343 kfree(ctx->username);
1344 ctx->username = NULL;
1345 kfree_sensitive(ctx->password);
1346 ctx->password = NULL;
1349 kfree(ctx->domainname);
1350 ctx->domainname = NULL;
1351 kfree(ctx->nodename);
1352 ctx->nodename = NULL;
1353 kfree(ctx->iocharset);
1354 ctx->iocharset = NULL;
1355 kfree(ctx->prepath);
1356 ctx->prepath = NULL;
1360 smb3_cleanup_fs_context(struct smb3_fs_context *ctx)
1364 smb3_cleanup_fs_context_contents(ctx);
1368 void smb3_update_mnt_flags(struct cifs_sb_info *cifs_sb)
1370 struct smb3_fs_context *ctx = cifs_sb->ctx;
1373 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_DFS;
1375 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NO_DFS;
1378 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
1380 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NO_PERM;
1383 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
1385 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_SET_UID;
1387 if (ctx->setuidfromacl)
1388 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UID_FROM_ACL;
1390 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_UID_FROM_ACL;
1392 if (ctx->server_ino)
1393 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
1395 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_SERVER_INUM;
1398 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SFM_CHR;
1400 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_MAP_SFM_CHR;
1403 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
1405 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_MAP_SPECIAL_CHR;
1408 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
1410 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NO_XATTR;
1413 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
1415 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_UNX_EMUL;
1418 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
1420 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NO_BRL;
1422 if (ctx->nohandlecache)
1423 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_HANDLE_CACHE;
1425 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NO_HANDLE_CACHE;
1427 if (ctx->nostrictsync)
1428 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOSSYNC;
1430 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NOSSYNC;
1433 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOPOSIXBRL;
1435 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NOPOSIXBRL;
1437 if (ctx->rwpidforward)
1438 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_RWPIDFORWARD;
1440 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_RWPIDFORWARD;
1443 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MODE_FROM_SID;
1445 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_MODE_FROM_SID;
1448 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
1450 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_CIFS_ACL;
1452 if (ctx->backupuid_specified)
1453 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_BACKUPUID;
1455 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_CIFS_BACKUPUID;
1457 if (ctx->backupgid_specified)
1458 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_BACKUPGID;
1460 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_CIFS_BACKUPGID;
1462 if (ctx->override_uid)
1463 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
1465 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_OVERR_UID;
1467 if (ctx->override_gid)
1468 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
1470 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_OVERR_GID;
1473 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DYNPERM;
1475 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_DYNPERM;
1478 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_FSCACHE;
1480 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_FSCACHE;
1483 cifs_sb->mnt_cifs_flags |= (CIFS_MOUNT_MULTIUSER |
1484 CIFS_MOUNT_NO_PERM);
1486 cifs_sb->mnt_cifs_flags &= ~(CIFS_MOUNT_MULTIUSER |
1487 CIFS_MOUNT_NO_PERM);
1490 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_STRICT_IO;
1492 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_STRICT_IO;
1495 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
1497 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_DIRECT_IO;
1499 if (ctx->mfsymlinks)
1500 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MF_SYMLINKS;
1502 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_MF_SYMLINKS;
1503 if (ctx->mfsymlinks) {
1504 if (ctx->sfu_emul) {
1506 * Our SFU ("Services for Unix" emulation does not allow
1507 * creating symlinks but does allow reading existing SFU
1508 * symlinks (it does allow both creating and reading SFU
1509 * style mknod and FIFOs though). When "mfsymlinks" and
1510 * "sfu" are both enabled at the same time, it allows
1511 * reading both types of symlinks, but will only create
1512 * them with mfsymlinks format. This allows better
1513 * Apple compatibility (probably better for Samba too)
1514 * while still recognizing old Windows style symlinks.
1516 cifs_dbg(VFS, "mount options mfsymlinks and sfu both enabled\n");