1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Copyright (C) 2020, Microsoft Corporation.
5 * Author(s): Steve French <stfrench@microsoft.com>
6 * David Howells <dhowells@redhat.com>
10 #include <linux/module.h>
11 #include <linux/nsproxy.h>
12 #include <linux/slab.h>
13 #include <linux/magic.h>
14 #include <linux/security.h>
15 #include <net/net_namespace.h>
18 #include <linux/ctype.h>
19 #include <linux/fs_context.h>
20 #include <linux/fs_parser.h>
22 #include <linux/mount.h>
23 #include <linux/parser.h>
24 #include <linux/utsname.h>
28 #include "cifsproto.h"
29 #include "cifs_unicode.h"
30 #include "cifs_debug.h"
31 #include "cifs_fs_sb.h"
34 #include "rfc1002pdu.h"
35 #include "fs_context.h"
37 static const match_table_t cifs_smb_version_tokens = {
38 { Smb_1, SMB1_VERSION_STRING },
39 { Smb_20, SMB20_VERSION_STRING},
40 { Smb_21, SMB21_VERSION_STRING },
41 { Smb_30, SMB30_VERSION_STRING },
42 { Smb_302, SMB302_VERSION_STRING },
43 { Smb_302, ALT_SMB302_VERSION_STRING },
44 { Smb_311, SMB311_VERSION_STRING },
45 { Smb_311, ALT_SMB311_VERSION_STRING },
46 { Smb_3any, SMB3ANY_VERSION_STRING },
47 { Smb_default, SMBDEFAULT_VERSION_STRING },
48 { Smb_version_err, NULL }
51 static const match_table_t cifs_secflavor_tokens = {
52 { Opt_sec_krb5, "krb5" },
53 { Opt_sec_krb5i, "krb5i" },
54 { Opt_sec_krb5p, "krb5p" },
55 { Opt_sec_ntlmsspi, "ntlmsspi" },
56 { Opt_sec_ntlmssp, "ntlmssp" },
58 { Opt_sec_ntlmi, "ntlmi" },
59 { Opt_sec_ntlmv2, "nontlm" },
60 { Opt_sec_ntlmv2, "ntlmv2" },
61 { Opt_sec_ntlmv2i, "ntlmv2i" },
62 { Opt_sec_lanman, "lanman" },
63 { Opt_sec_none, "none" },
68 const struct fs_parameter_spec smb3_fs_parameters[] = {
69 /* Mount options that take no arguments */
70 fsparam_flag_no("user_xattr", Opt_user_xattr),
71 fsparam_flag_no("forceuid", Opt_forceuid),
72 fsparam_flag_no("multichannel", Opt_multichannel),
73 fsparam_flag_no("forcegid", Opt_forcegid),
74 fsparam_flag("noblocksend", Opt_noblocksend),
75 fsparam_flag("noautotune", Opt_noautotune),
76 fsparam_flag("nolease", Opt_nolease),
77 fsparam_flag_no("hard", Opt_hard),
78 fsparam_flag_no("soft", Opt_soft),
79 fsparam_flag_no("perm", Opt_perm),
80 fsparam_flag("nodelete", Opt_nodelete),
81 fsparam_flag_no("mapposix", Opt_mapposix),
82 fsparam_flag("mapchars", Opt_mapchars),
83 fsparam_flag("nomapchars", Opt_nomapchars),
84 fsparam_flag_no("sfu", Opt_sfu),
85 fsparam_flag("nodfs", Opt_nodfs),
86 fsparam_flag_no("posixpaths", Opt_posixpaths),
87 fsparam_flag_no("unix", Opt_unix),
88 fsparam_flag_no("linux", Opt_unix),
89 fsparam_flag_no("posix", Opt_unix),
90 fsparam_flag("nocase", Opt_nocase),
91 fsparam_flag("ignorecase", Opt_nocase),
92 fsparam_flag_no("brl", Opt_brl),
93 fsparam_flag_no("handlecache", Opt_handlecache),
94 fsparam_flag("forcemandatorylock", Opt_forcemandatorylock),
95 fsparam_flag("forcemand", Opt_forcemandatorylock),
96 fsparam_flag("setuidfromacl", Opt_setuidfromacl),
97 fsparam_flag("idsfromsid", Opt_setuidfromacl),
98 fsparam_flag_no("setuids", Opt_setuids),
99 fsparam_flag_no("dynperm", Opt_dynperm),
100 fsparam_flag_no("intr", Opt_intr),
101 fsparam_flag_no("strictsync", Opt_strictsync),
102 fsparam_flag_no("serverino", Opt_serverino),
103 fsparam_flag("rwpidforward", Opt_rwpidforward),
104 fsparam_flag("cifsacl", Opt_cifsacl),
105 fsparam_flag_no("acl", Opt_acl),
106 fsparam_flag("locallease", Opt_locallease),
107 fsparam_flag("sign", Opt_sign),
108 fsparam_flag("ignore_signature", Opt_ignore_signature),
109 fsparam_flag("signloosely", Opt_ignore_signature),
110 fsparam_flag("seal", Opt_seal),
111 fsparam_flag("noac", Opt_noac),
112 fsparam_flag("fsc", Opt_fsc),
113 fsparam_flag("mfsymlinks", Opt_mfsymlinks),
114 fsparam_flag("multiuser", Opt_multiuser),
115 fsparam_flag("sloppy", Opt_sloppy),
116 fsparam_flag("nosharesock", Opt_nosharesock),
117 fsparam_flag_no("persistenthandles", Opt_persistent),
118 fsparam_flag_no("resilienthandles", Opt_resilient),
119 fsparam_flag("domainauto", Opt_domainauto),
120 fsparam_flag("rdma", Opt_rdma),
121 fsparam_flag("modesid", Opt_modesid),
122 fsparam_flag("modefromsid", Opt_modesid),
123 fsparam_flag("rootfs", Opt_rootfs),
124 fsparam_flag("compress", Opt_compress),
125 fsparam_flag("witness", Opt_witness),
127 /* Mount options which take numeric value */
128 fsparam_u32("backupuid", Opt_backupuid),
129 fsparam_u32("backupgid", Opt_backupgid),
130 fsparam_u32("uid", Opt_uid),
131 fsparam_u32("cruid", Opt_cruid),
132 fsparam_u32("gid", Opt_gid),
133 fsparam_u32("file_mode", Opt_file_mode),
134 fsparam_u32("dirmode", Opt_dirmode),
135 fsparam_u32("dir_mode", Opt_dirmode),
136 fsparam_u32("port", Opt_port),
137 fsparam_u32("min_enc_offload", Opt_min_enc_offload),
138 fsparam_u32("esize", Opt_min_enc_offload),
139 fsparam_u32("bsize", Opt_blocksize),
140 fsparam_u32("rsize", Opt_rsize),
141 fsparam_u32("wsize", Opt_wsize),
142 fsparam_u32("actimeo", Opt_actimeo),
143 fsparam_u32("echo_interval", Opt_echo_interval),
144 fsparam_u32("max_credits", Opt_max_credits),
145 fsparam_u32("handletimeout", Opt_handletimeout),
146 fsparam_u32("snapshot", Opt_snapshot),
147 fsparam_u32("max_channels", Opt_max_channels),
149 /* Mount options which take string value */
150 fsparam_string("source", Opt_source),
151 fsparam_string("unc", Opt_source),
152 fsparam_string("user", Opt_user),
153 fsparam_string("username", Opt_user),
154 fsparam_string("pass", Opt_pass),
155 fsparam_string("password", Opt_pass),
156 fsparam_string("ip", Opt_ip),
157 fsparam_string("addr", Opt_ip),
158 fsparam_string("domain", Opt_domain),
159 fsparam_string("dom", Opt_domain),
160 fsparam_string("srcaddr", Opt_srcaddr),
161 fsparam_string("iocharset", Opt_iocharset),
162 fsparam_string("netbiosname", Opt_netbiosname),
163 fsparam_string("servern", Opt_servern),
164 fsparam_string("ver", Opt_ver),
165 fsparam_string("vers", Opt_vers),
166 fsparam_string("sec", Opt_sec),
167 fsparam_string("cache", Opt_cache),
169 /* Arguments that should be ignored */
170 fsparam_flag("guest", Opt_ignore),
171 fsparam_flag("noatime", Opt_ignore),
172 fsparam_flag("relatime", Opt_ignore),
173 fsparam_flag("_netdev", Opt_ignore),
174 fsparam_flag_no("suid", Opt_ignore),
175 fsparam_flag_no("exec", Opt_ignore),
176 fsparam_flag_no("dev", Opt_ignore),
177 fsparam_flag_no("mand", Opt_ignore),
178 fsparam_string("cred", Opt_ignore),
179 fsparam_string("credentials", Opt_ignore),
184 cifs_parse_security_flavors(char *value, struct smb3_fs_context *ctx)
187 substring_t args[MAX_OPT_ARGS];
190 * With mount options, the last one should win. Reset any existing
191 * settings back to default.
193 ctx->sectype = Unspecified;
196 switch (match_token(value, cifs_secflavor_tokens, args)) {
198 cifs_dbg(VFS, "sec=krb5p is not supported!\n");
204 ctx->sectype = Kerberos;
206 case Opt_sec_ntlmsspi:
209 case Opt_sec_ntlmssp:
210 ctx->sectype = RawNTLMSSP;
218 case Opt_sec_ntlmv2i:
222 ctx->sectype = NTLMv2;
224 #ifdef CONFIG_CIFS_WEAK_PW_HASH
226 ctx->sectype = LANMAN;
233 cifs_dbg(VFS, "bad security option: %s\n", value);
240 static const match_table_t cifs_cacheflavor_tokens = {
241 { Opt_cache_loose, "loose" },
242 { Opt_cache_strict, "strict" },
243 { Opt_cache_none, "none" },
244 { Opt_cache_ro, "ro" },
245 { Opt_cache_rw, "singleclient" },
246 { Opt_cache_err, NULL }
250 cifs_parse_cache_flavor(char *value, struct smb3_fs_context *ctx)
252 substring_t args[MAX_OPT_ARGS];
254 switch (match_token(value, cifs_cacheflavor_tokens, args)) {
255 case Opt_cache_loose:
256 ctx->direct_io = false;
257 ctx->strict_io = false;
258 ctx->cache_ro = false;
259 ctx->cache_rw = false;
261 case Opt_cache_strict:
262 ctx->direct_io = false;
263 ctx->strict_io = true;
264 ctx->cache_ro = false;
265 ctx->cache_rw = false;
268 ctx->direct_io = true;
269 ctx->strict_io = false;
270 ctx->cache_ro = false;
271 ctx->cache_rw = false;
274 ctx->direct_io = false;
275 ctx->strict_io = false;
276 ctx->cache_ro = true;
277 ctx->cache_rw = false;
280 ctx->direct_io = false;
281 ctx->strict_io = false;
282 ctx->cache_ro = false;
283 ctx->cache_rw = true;
286 cifs_dbg(VFS, "bad cache= option: %s\n", value);
292 #define DUP_CTX_STR(field) \
295 new_ctx->field = kstrdup(ctx->field, GFP_ATOMIC); \
296 if (new_ctx->field == NULL) { \
297 smb3_cleanup_fs_context_contents(new_ctx); \
304 smb3_fs_context_dup(struct smb3_fs_context *new_ctx, struct smb3_fs_context *ctx)
306 memcpy(new_ctx, ctx, sizeof(*ctx));
307 new_ctx->prepath = NULL;
308 new_ctx->mount_options = NULL;
309 new_ctx->nodename = NULL;
310 new_ctx->username = NULL;
311 new_ctx->password = NULL;
312 new_ctx->domainname = NULL;
314 new_ctx->iocharset = NULL;
317 * Make sure to stay in sync with smb3_cleanup_fs_context_contents()
319 DUP_CTX_STR(prepath);
320 DUP_CTX_STR(mount_options);
321 DUP_CTX_STR(username);
322 DUP_CTX_STR(password);
324 DUP_CTX_STR(domainname);
325 DUP_CTX_STR(nodename);
326 DUP_CTX_STR(iocharset);
332 cifs_parse_smb_version(char *value, struct smb3_fs_context *ctx, bool is_smb3)
334 substring_t args[MAX_OPT_ARGS];
336 switch (match_token(value, cifs_smb_version_tokens, args)) {
337 #ifdef CONFIG_CIFS_ALLOW_INSECURE_LEGACY
339 if (disable_legacy_dialects) {
340 cifs_dbg(VFS, "mount with legacy dialect disabled\n");
344 cifs_dbg(VFS, "vers=1.0 (cifs) not permitted when mounting with smb3\n");
347 cifs_dbg(VFS, "Use of the less secure dialect vers=1.0 is not recommended unless required for access to very old servers\n");
348 ctx->ops = &smb1_operations;
349 ctx->vals = &smb1_values;
352 if (disable_legacy_dialects) {
353 cifs_dbg(VFS, "mount with legacy dialect disabled\n");
357 cifs_dbg(VFS, "vers=2.0 not permitted when mounting with smb3\n");
360 ctx->ops = &smb20_operations;
361 ctx->vals = &smb20_values;
365 cifs_dbg(VFS, "vers=1.0 (cifs) mount not permitted when legacy dialects disabled\n");
368 cifs_dbg(VFS, "vers=2.0 mount not permitted when legacy dialects disabled\n");
370 #endif /* CIFS_ALLOW_INSECURE_LEGACY */
372 ctx->ops = &smb21_operations;
373 ctx->vals = &smb21_values;
376 ctx->ops = &smb30_operations;
377 ctx->vals = &smb30_values;
380 ctx->ops = &smb30_operations; /* currently identical with 3.0 */
381 ctx->vals = &smb302_values;
384 ctx->ops = &smb311_operations;
385 ctx->vals = &smb311_values;
388 ctx->ops = &smb30_operations; /* currently identical with 3.0 */
389 ctx->vals = &smb3any_values;
392 ctx->ops = &smb30_operations; /* currently identical with 3.0 */
393 ctx->vals = &smbdefault_values;
396 cifs_dbg(VFS, "Unknown vers= option specified: %s\n", value);
403 * Parse a devname into substrings and populate the ctx->UNC and ctx->prepath
404 * fields with the result. Returns 0 on success and an error otherwise
405 * (e.g. ENOMEM or EINVAL)
408 smb3_parse_devname(const char *devname, struct smb3_fs_context *ctx)
411 const char *delims = "/\\";
414 if (unlikely(!devname || !*devname)) {
415 cifs_dbg(VFS, "Device name not specified\n");
419 /* make sure we have a valid UNC double delimiter prefix */
420 len = strspn(devname, delims);
424 /* find delimiter between host and sharename */
425 pos = strpbrk(devname + 2, delims);
429 /* skip past delimiter */
432 /* now go until next delimiter or end of string */
433 len = strcspn(pos, delims);
435 /* move "pos" up to delimiter or NULL */
437 ctx->UNC = kstrndup(devname, pos - devname, GFP_KERNEL);
441 convert_delimiter(ctx->UNC, '\\');
443 /* skip any delimiter */
444 if (*pos == '/' || *pos == '\\')
447 /* If pos is NULL then no prepath */
451 ctx->prepath = kstrdup(pos, GFP_KERNEL);
458 static void smb3_fs_context_free(struct fs_context *fc);
459 static int smb3_fs_context_parse_param(struct fs_context *fc,
460 struct fs_parameter *param);
461 static int smb3_fs_context_parse_monolithic(struct fs_context *fc,
463 static int smb3_get_tree(struct fs_context *fc);
464 static int smb3_reconfigure(struct fs_context *fc);
466 static const struct fs_context_operations smb3_fs_context_ops = {
467 .free = smb3_fs_context_free,
468 .parse_param = smb3_fs_context_parse_param,
469 .parse_monolithic = smb3_fs_context_parse_monolithic,
470 .get_tree = smb3_get_tree,
471 .reconfigure = smb3_reconfigure,
475 * Parse a monolithic block of data from sys_mount().
476 * smb3_fs_context_parse_monolithic - Parse key[=val][,key[=val]]* mount data
477 * @ctx: The superblock configuration to fill in.
478 * @data: The data to parse
480 * Parse a blob of data that's in key[=val][,key[=val]]* form. This can be
481 * called from the ->monolithic_mount_data() fs_context operation.
483 * Returns 0 on success or the error returned by the ->parse_option() fs_context
484 * operation on failure.
486 static int smb3_fs_context_parse_monolithic(struct fs_context *fc,
489 struct smb3_fs_context *ctx = smb3_fc2context(fc);
490 char *options = data, *key;
496 ctx->mount_options = kstrdup(data, GFP_KERNEL);
497 if (ctx->mount_options == NULL)
500 ret = security_sb_eat_lsm_opts(options, &fc->security);
504 /* BB Need to add support for sep= here TBD */
505 while ((key = strsep(&options, ",")) != NULL) {
508 char *value = strchr(key, '=');
514 v_len = strlen(value);
516 ret = vfs_parse_fs_string(fc, key, value, v_len);
526 * Validate the preparsed information in the config.
528 static int smb3_fs_context_validate(struct fs_context *fc)
530 struct smb3_fs_context *ctx = smb3_fc2context(fc);
532 if (ctx->rdma && ctx->vals->protocol_id < SMB30_PROT_ID) {
533 cifs_dbg(VFS, "SMB Direct requires Version >=3.0\n");
538 /* Muliuser mounts require CONFIG_KEYS support */
539 if (ctx->multiuser) {
540 cifs_dbg(VFS, "Multiuser mounts require kernels with CONFIG_KEYS enabled\n");
545 if (ctx->got_version == false)
546 pr_warn_once("No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.\n");
550 cifs_dbg(VFS, "CIFS mount error: No usable UNC path provided in device string!\n");
554 /* make sure UNC has a share name */
555 if (strlen(ctx->UNC) < 3 || !strchr(ctx->UNC + 3, '\\')) {
556 cifs_dbg(VFS, "Malformed UNC. Unable to find share name.\n");
564 /* No ip= option specified? Try to get it from UNC */
565 /* Use the address part of the UNC. */
566 slash = strchr(&ctx->UNC[2], '\\');
567 len = slash - &ctx->UNC[2];
568 if (!cifs_convert_address((struct sockaddr *)&ctx->dstaddr,
569 &ctx->UNC[2], len)) {
570 pr_err("Unable to determine destination address\n");
575 /* set the port that we got earlier */
576 cifs_set_port((struct sockaddr *)&ctx->dstaddr, ctx->port);
578 if (ctx->override_uid && !ctx->uid_specified) {
579 ctx->override_uid = 0;
580 pr_notice("ignoring forceuid mount option specified with no uid= option\n");
583 if (ctx->override_gid && !ctx->gid_specified) {
584 ctx->override_gid = 0;
585 pr_notice("ignoring forcegid mount option specified with no gid= option\n");
591 static int smb3_get_tree_common(struct fs_context *fc)
593 struct smb3_fs_context *ctx = smb3_fc2context(fc);
597 root = cifs_smb3_do_mount(fc->fs_type, 0, ctx);
599 return PTR_ERR(root);
607 * Create an SMB3 superblock from the parameters passed.
609 static int smb3_get_tree(struct fs_context *fc)
611 int err = smb3_fs_context_validate(fc);
615 return smb3_get_tree_common(fc);
618 static void smb3_fs_context_free(struct fs_context *fc)
620 struct smb3_fs_context *ctx = smb3_fc2context(fc);
622 smb3_cleanup_fs_context(ctx);
626 * Compare the old and new proposed context during reconfigure
627 * and check if the changes are compatible.
629 static int smb3_verify_reconfigure_ctx(struct smb3_fs_context *new_ctx,
630 struct smb3_fs_context *old_ctx)
632 if (new_ctx->posix_paths != old_ctx->posix_paths) {
633 cifs_dbg(VFS, "can not change posixpaths during remount\n");
636 if (new_ctx->sectype != old_ctx->sectype) {
637 cifs_dbg(VFS, "can not change sec during remount\n");
640 if (new_ctx->multiuser != old_ctx->multiuser) {
641 cifs_dbg(VFS, "can not change multiuser during remount\n");
645 (!old_ctx->UNC || strcmp(new_ctx->UNC, old_ctx->UNC))) {
646 cifs_dbg(VFS, "can not change UNC during remount\n");
649 if (new_ctx->username &&
650 (!old_ctx->username || strcmp(new_ctx->username, old_ctx->username))) {
651 cifs_dbg(VFS, "can not change username during remount\n");
654 if (new_ctx->password &&
655 (!old_ctx->password || strcmp(new_ctx->password, old_ctx->password))) {
656 cifs_dbg(VFS, "can not change password during remount\n");
659 if (new_ctx->domainname &&
660 (!old_ctx->domainname || strcmp(new_ctx->domainname, old_ctx->domainname))) {
661 cifs_dbg(VFS, "can not change domainname during remount\n");
664 if (new_ctx->nodename &&
665 (!old_ctx->nodename || strcmp(new_ctx->nodename, old_ctx->nodename))) {
666 cifs_dbg(VFS, "can not change nodename during remount\n");
669 if (new_ctx->iocharset &&
670 (!old_ctx->iocharset || strcmp(new_ctx->iocharset, old_ctx->iocharset))) {
671 cifs_dbg(VFS, "can not change iocharset during remount\n");
678 #define STEAL_STRING(cifs_sb, ctx, field) \
681 ctx->field = cifs_sb->ctx->field; \
682 cifs_sb->ctx->field = NULL; \
685 static int smb3_reconfigure(struct fs_context *fc)
687 struct smb3_fs_context *ctx = smb3_fc2context(fc);
688 struct dentry *root = fc->root;
689 struct cifs_sb_info *cifs_sb = CIFS_SB(root->d_sb);
692 rc = smb3_verify_reconfigure_ctx(ctx, cifs_sb->ctx);
697 * We can not change UNC/username/password/domainname/nodename/iocharset
698 * during reconnect so ignore what we have in the new context and
699 * just use what we already have in cifs_sb->ctx.
701 STEAL_STRING(cifs_sb, ctx, UNC);
702 STEAL_STRING(cifs_sb, ctx, username);
703 STEAL_STRING(cifs_sb, ctx, password);
704 STEAL_STRING(cifs_sb, ctx, domainname);
705 STEAL_STRING(cifs_sb, ctx, nodename);
706 STEAL_STRING(cifs_sb, ctx, iocharset);
708 /* if rsize or wsize not passed in on remount, use previous values */
710 ctx->rsize = cifs_sb->ctx->rsize;
712 ctx->wsize = cifs_sb->ctx->wsize;
715 smb3_cleanup_fs_context_contents(cifs_sb->ctx);
716 rc = smb3_fs_context_dup(cifs_sb->ctx, ctx);
717 smb3_update_mnt_flags(cifs_sb);
722 static int smb3_fs_context_parse_param(struct fs_context *fc,
723 struct fs_parameter *param)
725 struct fs_parse_result result;
726 struct smb3_fs_context *ctx = smb3_fc2context(fc);
728 bool is_smb3 = !strcmp(fc->fs_type->name, "smb3");
729 bool skip_parsing = false;
731 cifs_dbg(FYI, "CIFS: parsing cifs mount option '%s'\n", param->key);
734 * fs_parse can not handle string options with an empty value so
735 * we will need special handling of them.
737 if (param->type == fs_value_is_string && param->string[0] == 0) {
738 if (!strcmp("pass", param->key) || !strcmp("password", param->key)) {
741 } else if (!strcmp("user", param->key) || !strcmp("username", param->key)) {
748 opt = fs_parse(fc, smb3_fs_parameters, param, &result);
750 return ctx->sloppy ? 1 : opt;
755 ctx->compression = UNKNOWN_TYPE;
757 "SMB3 compression support is experimental\n");
779 ctx->sfu_remap = false; /* disable SFU mapping */
790 ctx->override_uid = 0;
792 ctx->override_uid = 1;
796 ctx->override_gid = 0;
798 ctx->override_gid = 1;
818 case Opt_noblocksend:
830 case Opt_multichannel:
831 if (result.negated) {
832 ctx->multichannel = false;
833 ctx->max_channels = 1;
835 ctx->multichannel = true;
836 /* if number of channels not specified, default to 2 */
837 if (ctx->max_channels < 2)
838 ctx->max_channels = 2;
842 ctx->linux_uid.val = result.uint_32;
843 ctx->uid_specified = true;
846 ctx->cred_uid.val = result.uint_32;
849 ctx->backupgid.val = result.uint_32;
850 ctx->backupgid_specified = true;
853 ctx->linux_gid.val = result.uint_32;
854 ctx->gid_specified = true;
857 ctx->port = result.uint_32;
860 ctx->file_mode = result.uint_32;
863 ctx->dir_mode = result.uint_32;
865 case Opt_min_enc_offload:
866 ctx->min_offload = result.uint_32;
870 * inode blocksize realistically should never need to be
871 * less than 16K or greater than 16M and default is 1MB.
872 * Note that small inode block sizes (e.g. 64K) can lead
873 * to very poor performance of common tools like cp and scp
875 if ((result.uint_32 < CIFS_MAX_MSGSIZE) ||
876 (result.uint_32 > (4 * SMB3_DEFAULT_IOSIZE))) {
877 cifs_dbg(VFS, "%s: Invalid blocksize\n",
879 goto cifs_parse_mount_err;
881 ctx->bsize = result.uint_32;
882 ctx->got_bsize = true;
885 ctx->rsize = result.uint_32;
886 ctx->got_rsize = true;
889 ctx->wsize = result.uint_32;
890 ctx->got_wsize = true;
893 ctx->actimeo = HZ * result.uint_32;
894 if (ctx->actimeo > CIFS_MAX_ACTIMEO) {
895 cifs_dbg(VFS, "attribute cache timeout too large\n");
896 goto cifs_parse_mount_err;
899 case Opt_echo_interval:
900 ctx->echo_interval = result.uint_32;
903 ctx->snapshot_time = result.uint_32;
905 case Opt_max_credits:
906 if (result.uint_32 < 20 || result.uint_32 > 60000) {
907 cifs_dbg(VFS, "%s: Invalid max_credits value\n",
909 goto cifs_parse_mount_err;
911 ctx->max_credits = result.uint_32;
913 case Opt_max_channels:
914 if (result.uint_32 < 1 || result.uint_32 > CIFS_MAX_CHANNELS) {
915 cifs_dbg(VFS, "%s: Invalid max_channels value, needs to be 1-%d\n",
916 __func__, CIFS_MAX_CHANNELS);
917 goto cifs_parse_mount_err;
919 ctx->max_channels = result.uint_32;
921 case Opt_handletimeout:
922 ctx->handle_timeout = result.uint_32;
923 if (ctx->handle_timeout > SMB3_MAX_HANDLE_TIMEOUT) {
924 cifs_dbg(VFS, "Invalid handle cache timeout, longer than 16 minutes\n");
925 goto cifs_parse_mount_err;
931 switch (smb3_parse_devname(param->string, ctx)) {
935 cifs_dbg(VFS, "Unable to allocate memory for devname\n");
936 goto cifs_parse_mount_err;
938 cifs_dbg(VFS, "Malformed UNC in devname\n");
939 goto cifs_parse_mount_err;
941 cifs_dbg(VFS, "Unknown error parsing devname\n");
942 goto cifs_parse_mount_err;
944 fc->source = kstrdup(param->string, GFP_KERNEL);
945 if (fc->source == NULL) {
946 cifs_dbg(VFS, "OOM when copying UNC string\n");
947 goto cifs_parse_mount_err;
951 kfree(ctx->username);
952 ctx->username = NULL;
953 if (strlen(param->string) == 0) {
954 /* null user, ie. anonymous authentication */
959 if (strnlen(param->string, CIFS_MAX_USERNAME_LEN) >
960 CIFS_MAX_USERNAME_LEN) {
961 pr_warn("username too long\n");
962 goto cifs_parse_mount_err;
964 ctx->username = kstrdup(param->string, GFP_KERNEL);
965 if (ctx->username == NULL) {
966 cifs_dbg(VFS, "OOM when copying username string\n");
967 goto cifs_parse_mount_err;
971 kfree(ctx->password);
972 ctx->password = NULL;
973 if (strlen(param->string) == 0)
976 ctx->password = kstrdup(param->string, GFP_KERNEL);
977 if (ctx->password == NULL) {
978 cifs_dbg(VFS, "OOM when copying password string\n");
979 goto cifs_parse_mount_err;
983 if (strlen(param->string) == 0) {
987 if (!cifs_convert_address((struct sockaddr *)&ctx->dstaddr,
989 strlen(param->string))) {
990 pr_err("bad ip= option (%s)\n", param->string);
991 goto cifs_parse_mount_err;
996 if (strnlen(param->string, CIFS_MAX_DOMAINNAME_LEN)
997 == CIFS_MAX_DOMAINNAME_LEN) {
998 pr_warn("domain name too long\n");
999 goto cifs_parse_mount_err;
1002 kfree(ctx->domainname);
1003 ctx->domainname = kstrdup(param->string, GFP_KERNEL);
1004 if (ctx->domainname == NULL) {
1005 cifs_dbg(VFS, "OOM when copying domainname string\n");
1006 goto cifs_parse_mount_err;
1008 cifs_dbg(FYI, "Domain name set\n");
1011 if (!cifs_convert_address(
1012 (struct sockaddr *)&ctx->srcaddr,
1013 param->string, strlen(param->string))) {
1014 pr_warn("Could not parse srcaddr: %s\n",
1016 goto cifs_parse_mount_err;
1020 if (strnlen(param->string, 1024) >= 65) {
1021 pr_warn("iocharset name too long\n");
1022 goto cifs_parse_mount_err;
1025 if (strncasecmp(param->string, "default", 7) != 0) {
1026 kfree(ctx->iocharset);
1027 ctx->iocharset = kstrdup(param->string, GFP_KERNEL);
1028 if (ctx->iocharset == NULL) {
1029 cifs_dbg(VFS, "OOM when copying iocharset string\n");
1030 goto cifs_parse_mount_err;
1033 /* if iocharset not set then load_nls_default
1036 cifs_dbg(FYI, "iocharset set to %s\n", ctx->iocharset);
1038 case Opt_netbiosname:
1039 memset(ctx->source_rfc1001_name, 0x20,
1042 * FIXME: are there cases in which a comma can
1043 * be valid in workstation netbios name (and
1044 * need special handling)?
1046 for (i = 0; i < RFC1001_NAME_LEN; i++) {
1047 /* don't ucase netbiosname for user */
1048 if (param->string[i] == 0)
1050 ctx->source_rfc1001_name[i] = param->string[i];
1052 /* The string has 16th byte zero still from
1053 * set at top of the function
1055 if (i == RFC1001_NAME_LEN && param->string[i] != 0)
1056 pr_warn("netbiosname longer than 15 truncated\n");
1059 /* last byte, type, is 0x20 for servr type */
1060 memset(ctx->target_rfc1001_name, 0x20,
1061 RFC1001_NAME_LEN_WITH_NULL);
1063 * BB are there cases in which a comma can be valid in this
1064 * workstation netbios name (and need special handling)?
1067 /* user or mount helper must uppercase the netbios name */
1068 for (i = 0; i < 15; i++) {
1069 if (param->string[i] == 0)
1071 ctx->target_rfc1001_name[i] = param->string[i];
1074 /* The string has 16th byte zero still from set at top of function */
1075 if (i == RFC1001_NAME_LEN && param->string[i] != 0)
1076 pr_warn("server netbiosname longer than 15 truncated\n");
1079 /* version of mount userspace tools, not dialect */
1080 /* If interface changes in mount.cifs bump to new ver */
1081 if (strncasecmp(param->string, "1", 1) == 0) {
1082 if (strlen(param->string) > 1) {
1083 pr_warn("Bad mount helper ver=%s. Did you want SMB1 (CIFS) dialect and mean to type vers=1.0 instead?\n",
1085 goto cifs_parse_mount_err;
1087 /* This is the default */
1090 /* For all other value, error */
1091 pr_warn("Invalid mount helper version specified\n");
1092 goto cifs_parse_mount_err;
1094 /* protocol version (dialect) */
1095 if (cifs_parse_smb_version(param->string, ctx, is_smb3) != 0)
1096 goto cifs_parse_mount_err;
1097 ctx->got_version = true;
1100 if (cifs_parse_security_flavors(param->string, ctx) != 0)
1101 goto cifs_parse_mount_err;
1104 if (cifs_parse_cache_flavor(param->string, ctx) != 0)
1105 goto cifs_parse_mount_err;
1108 #ifndef CONFIG_CIFS_SWN_UPCALL
1109 cifs_dbg(VFS, "Witness support needs CONFIG_CIFS_SWN_UPCALL config option\n");
1110 goto cifs_parse_mount_err;
1112 ctx->witness = true;
1113 pr_warn_once("Witness protocol support is experimental\n");
1116 #ifdef CONFIG_CIFS_ROOT
1120 case Opt_posixpaths:
1122 ctx->posix_paths = 0;
1124 ctx->posix_paths = 1;
1130 ctx->no_linux_ext = 1;
1136 if (result.negated) {
1138 * turn off mandatory locking in mode
1139 * if remote locking is turned off since the
1140 * local vfs will do advisory
1142 if (ctx->file_mode ==
1143 (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1144 ctx->file_mode = S_IALLUGO;
1149 case Opt_handlecache:
1151 ctx->nohandlecache = 1;
1153 ctx->nohandlecache = 0;
1155 case Opt_forcemandatorylock:
1159 ctx->setuids = result.negated;
1162 ctx->intr = !result.negated;
1164 case Opt_setuidfromacl:
1165 ctx->setuidfromacl = 1;
1167 case Opt_strictsync:
1168 ctx->nostrictsync = result.negated;
1171 ctx->server_ino = !result.negated;
1173 case Opt_rwpidforward:
1174 ctx->rwpidforward = 1;
1180 ctx->cifs_acl = !result.negated;
1183 ctx->no_psx_acl = result.negated;
1185 case Opt_locallease:
1186 ctx->local_lease = 1;
1191 case Opt_ignore_signature:
1193 ctx->ignore_signature = true;
1196 /* we do not do the following in secFlags because seal
1197 * is a per tree connection (mount) not a per socket
1198 * or per-smb connection option in the protocol
1199 * vol->secFlg |= CIFSSEC_MUST_SEAL;
1204 pr_warn("Mount option noac not supported. Instead set /proc/fs/cifs/LookupCacheEnabled to 0\n");
1207 #ifndef CONFIG_CIFS_FSCACHE
1208 cifs_dbg(VFS, "FS-Cache support needs CONFIG_CIFS_FSCACHE kernel config option set\n");
1209 goto cifs_parse_mount_err;
1213 case Opt_mfsymlinks:
1214 ctx->mfsymlinks = true;
1217 ctx->multiuser = true;
1222 case Opt_nosharesock:
1223 ctx->nosharesock = true;
1225 case Opt_persistent:
1226 if (result.negated) {
1227 ctx->nopersistent = true;
1228 if (ctx->persistent) {
1230 "persistenthandles mount options conflict\n");
1231 goto cifs_parse_mount_err;
1234 ctx->persistent = true;
1235 if ((ctx->nopersistent) || (ctx->resilient)) {
1237 "persistenthandles mount options conflict\n");
1238 goto cifs_parse_mount_err;
1243 if (result.negated) {
1244 ctx->resilient = false; /* already the default */
1246 ctx->resilient = true;
1247 if (ctx->persistent) {
1249 "persistenthandles mount options conflict\n");
1250 goto cifs_parse_mount_err;
1254 case Opt_domainauto:
1255 ctx->domainauto = true;
1261 /* case Opt_ignore: - is ignored as expected ... */
1265 cifs_parse_mount_err:
1269 int smb3_init_fs_context(struct fs_context *fc)
1271 struct smb3_fs_context *ctx;
1272 char *nodename = utsname()->nodename;
1275 ctx = kzalloc(sizeof(struct smb3_fs_context), GFP_KERNEL);
1280 * does not have to be perfect mapping since field is
1281 * informational, only used for servers that do not support
1282 * port 445 and it can be overridden at mount time
1284 memset(ctx->source_rfc1001_name, 0x20, RFC1001_NAME_LEN);
1285 for (i = 0; i < strnlen(nodename, RFC1001_NAME_LEN); i++)
1286 ctx->source_rfc1001_name[i] = toupper(nodename[i]);
1288 ctx->source_rfc1001_name[RFC1001_NAME_LEN] = 0;
1290 * null target name indicates to use *SMBSERVR default called name
1291 * if we end up sending RFC1001 session initialize
1293 ctx->target_rfc1001_name[0] = 0;
1294 ctx->cred_uid = current_uid();
1295 ctx->linux_uid = current_uid();
1296 ctx->linux_gid = current_gid();
1297 ctx->bsize = 1024 * 1024; /* can improve cp performance significantly */
1300 * default to SFM style remapping of seven reserved characters
1301 * unless user overrides it or we negotiate CIFS POSIX where
1302 * it is unnecessary. Can not simultaneously use more than one mapping
1303 * since then readdir could list files that open could not open
1307 /* default to only allowing write access to owner of the mount */
1308 ctx->dir_mode = ctx->file_mode = S_IRUGO | S_IXUGO | S_IWUSR;
1310 /* ctx->retry default is 0 (i.e. "soft" limited retry not hard retry) */
1311 /* default is always to request posix paths. */
1312 ctx->posix_paths = 1;
1313 /* default to using server inode numbers where available */
1314 ctx->server_ino = 1;
1316 /* default is to use strict cifs caching semantics */
1317 ctx->strict_io = true;
1319 ctx->actimeo = CIFS_DEF_ACTIMEO;
1321 /* Most clients set timeout to 0, allows server to use its default */
1322 ctx->handle_timeout = 0; /* See MS-SMB2 spec section 2.2.14.2.12 */
1324 /* offer SMB2.1 and later (SMB3 etc). Secure and widely accepted */
1325 ctx->ops = &smb30_operations;
1326 ctx->vals = &smbdefault_values;
1328 ctx->echo_interval = SMB_ECHO_INTERVAL_DEFAULT;
1330 /* default to no multichannel (single server connection) */
1331 ctx->multichannel = false;
1332 ctx->max_channels = 1;
1334 ctx->backupuid_specified = false; /* no backup intent for a user */
1335 ctx->backupgid_specified = false; /* no backup intent for a group */
1338 * short int override_uid = -1;
1339 * short int override_gid = -1;
1340 * char *nodename = strdup(utsname()->nodename);
1341 * struct sockaddr *dstaddr = (struct sockaddr *)&vol->dstaddr;
1344 fc->fs_private = ctx;
1345 fc->ops = &smb3_fs_context_ops;
1350 smb3_cleanup_fs_context_contents(struct smb3_fs_context *ctx)
1356 * Make sure this stays in sync with smb3_fs_context_dup()
1358 kfree(ctx->mount_options);
1359 ctx->mount_options = NULL;
1360 kfree(ctx->username);
1361 ctx->username = NULL;
1362 kfree_sensitive(ctx->password);
1363 ctx->password = NULL;
1366 kfree(ctx->domainname);
1367 ctx->domainname = NULL;
1368 kfree(ctx->nodename);
1369 ctx->nodename = NULL;
1370 kfree(ctx->iocharset);
1371 ctx->iocharset = NULL;
1372 kfree(ctx->prepath);
1373 ctx->prepath = NULL;
1377 smb3_cleanup_fs_context(struct smb3_fs_context *ctx)
1381 smb3_cleanup_fs_context_contents(ctx);
1385 void smb3_update_mnt_flags(struct cifs_sb_info *cifs_sb)
1387 struct smb3_fs_context *ctx = cifs_sb->ctx;
1390 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_DFS;
1392 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NO_DFS;
1395 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
1397 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NO_PERM;
1400 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
1402 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_SET_UID;
1404 if (ctx->setuidfromacl)
1405 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UID_FROM_ACL;
1407 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_UID_FROM_ACL;
1409 if (ctx->server_ino)
1410 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
1412 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_SERVER_INUM;
1415 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SFM_CHR;
1417 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_MAP_SFM_CHR;
1420 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
1422 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_MAP_SPECIAL_CHR;
1425 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
1427 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NO_XATTR;
1430 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
1432 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_UNX_EMUL;
1435 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
1437 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NO_BRL;
1439 if (ctx->nohandlecache)
1440 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_HANDLE_CACHE;
1442 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NO_HANDLE_CACHE;
1444 if (ctx->nostrictsync)
1445 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOSSYNC;
1447 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NOSSYNC;
1450 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOPOSIXBRL;
1452 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NOPOSIXBRL;
1454 if (ctx->rwpidforward)
1455 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_RWPIDFORWARD;
1457 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_RWPIDFORWARD;
1460 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MODE_FROM_SID;
1462 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_MODE_FROM_SID;
1465 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
1467 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_CIFS_ACL;
1469 if (ctx->backupuid_specified)
1470 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_BACKUPUID;
1472 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_CIFS_BACKUPUID;
1474 if (ctx->backupgid_specified)
1475 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_BACKUPGID;
1477 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_CIFS_BACKUPGID;
1479 if (ctx->override_uid)
1480 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
1482 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_OVERR_UID;
1484 if (ctx->override_gid)
1485 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
1487 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_OVERR_GID;
1490 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DYNPERM;
1492 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_DYNPERM;
1495 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_FSCACHE;
1497 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_FSCACHE;
1500 cifs_sb->mnt_cifs_flags |= (CIFS_MOUNT_MULTIUSER |
1501 CIFS_MOUNT_NO_PERM);
1503 cifs_sb->mnt_cifs_flags &= ~(CIFS_MOUNT_MULTIUSER |
1504 CIFS_MOUNT_NO_PERM);
1507 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_STRICT_IO;
1509 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_STRICT_IO;
1512 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
1514 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_DIRECT_IO;
1516 if (ctx->mfsymlinks)
1517 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MF_SYMLINKS;
1519 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_MF_SYMLINKS;
1520 if (ctx->mfsymlinks) {
1521 if (ctx->sfu_emul) {
1523 * Our SFU ("Services for Unix" emulation does not allow
1524 * creating symlinks but does allow reading existing SFU
1525 * symlinks (it does allow both creating and reading SFU
1526 * style mknod and FIFOs though). When "mfsymlinks" and
1527 * "sfu" are both enabled at the same time, it allows
1528 * reading both types of symlinks, but will only create
1529 * them with mfsymlinks format. This allows better
1530 * Apple compatibility (probably better for Samba too)
1531 * while still recognizing old Windows style symlinks.
1533 cifs_dbg(VFS, "mount options mfsymlinks and sfu both enabled\n");