1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Copyright (C) 2020, Microsoft Corporation.
5 * Author(s): Steve French <stfrench@microsoft.com>
6 * David Howells <dhowells@redhat.com>
10 #include <linux/module.h>
11 #include <linux/nsproxy.h>
12 #include <linux/slab.h>
13 #include <linux/magic.h>
14 #include <linux/security.h>
15 #include <net/net_namespace.h>
18 #include <linux/ctype.h>
19 #include <linux/fs_context.h>
20 #include <linux/fs_parser.h>
22 #include <linux/mount.h>
23 #include <linux/parser.h>
24 #include <linux/utsname.h>
28 #include "cifsproto.h"
29 #include "cifs_unicode.h"
30 #include "cifs_debug.h"
31 #include "cifs_fs_sb.h"
34 #include "rfc1002pdu.h"
35 #include "fs_context.h"
37 static const match_table_t cifs_smb_version_tokens = {
38 { Smb_1, SMB1_VERSION_STRING },
39 { Smb_20, SMB20_VERSION_STRING},
40 { Smb_21, SMB21_VERSION_STRING },
41 { Smb_30, SMB30_VERSION_STRING },
42 { Smb_302, SMB302_VERSION_STRING },
43 { Smb_302, ALT_SMB302_VERSION_STRING },
44 { Smb_311, SMB311_VERSION_STRING },
45 { Smb_311, ALT_SMB311_VERSION_STRING },
46 { Smb_3any, SMB3ANY_VERSION_STRING },
47 { Smb_default, SMBDEFAULT_VERSION_STRING },
48 { Smb_version_err, NULL }
51 static const match_table_t cifs_secflavor_tokens = {
52 { Opt_sec_krb5, "krb5" },
53 { Opt_sec_krb5i, "krb5i" },
54 { Opt_sec_krb5p, "krb5p" },
55 { Opt_sec_ntlmsspi, "ntlmsspi" },
56 { Opt_sec_ntlmssp, "ntlmssp" },
58 { Opt_sec_ntlmi, "ntlmi" },
59 { Opt_sec_ntlmv2, "nontlm" },
60 { Opt_sec_ntlmv2, "ntlmv2" },
61 { Opt_sec_ntlmv2i, "ntlmv2i" },
62 { Opt_sec_lanman, "lanman" },
63 { Opt_sec_none, "none" },
68 const struct fs_parameter_spec smb3_fs_parameters[] = {
69 /* Mount options that take no arguments */
70 fsparam_flag_no("user_xattr", Opt_user_xattr),
71 fsparam_flag_no("forceuid", Opt_forceuid),
72 fsparam_flag_no("multichannel", Opt_multichannel),
73 fsparam_flag_no("forcegid", Opt_forcegid),
74 fsparam_flag("noblocksend", Opt_noblocksend),
75 fsparam_flag("noautotune", Opt_noautotune),
76 fsparam_flag("nolease", Opt_nolease),
77 fsparam_flag_no("hard", Opt_hard),
78 fsparam_flag_no("soft", Opt_soft),
79 fsparam_flag_no("perm", Opt_perm),
80 fsparam_flag("nodelete", Opt_nodelete),
81 fsparam_flag_no("mapposix", Opt_mapposix),
82 fsparam_flag("mapchars", Opt_mapchars),
83 fsparam_flag("nomapchars", Opt_nomapchars),
84 fsparam_flag_no("sfu", Opt_sfu),
85 fsparam_flag("nodfs", Opt_nodfs),
86 fsparam_flag_no("posixpaths", Opt_posixpaths),
87 fsparam_flag_no("unix", Opt_unix),
88 fsparam_flag_no("linux", Opt_unix),
89 fsparam_flag_no("posix", Opt_unix),
90 fsparam_flag("nocase", Opt_nocase),
91 fsparam_flag("ignorecase", Opt_nocase),
92 fsparam_flag_no("brl", Opt_brl),
93 fsparam_flag_no("handlecache", Opt_handlecache),
94 fsparam_flag("forcemandatorylock", Opt_forcemandatorylock),
95 fsparam_flag("forcemand", Opt_forcemandatorylock),
96 fsparam_flag("setuidfromacl", Opt_setuidfromacl),
97 fsparam_flag("idsfromsid", Opt_setuidfromacl),
98 fsparam_flag_no("setuids", Opt_setuids),
99 fsparam_flag_no("dynperm", Opt_dynperm),
100 fsparam_flag_no("intr", Opt_intr),
101 fsparam_flag_no("strictsync", Opt_strictsync),
102 fsparam_flag_no("serverino", Opt_serverino),
103 fsparam_flag("rwpidforward", Opt_rwpidforward),
104 fsparam_flag("cifsacl", Opt_cifsacl),
105 fsparam_flag_no("acl", Opt_acl),
106 fsparam_flag("locallease", Opt_locallease),
107 fsparam_flag("sign", Opt_sign),
108 fsparam_flag("ignore_signature", Opt_ignore_signature),
109 fsparam_flag("signloosely", Opt_ignore_signature),
110 fsparam_flag("seal", Opt_seal),
111 fsparam_flag("noac", Opt_noac),
112 fsparam_flag("fsc", Opt_fsc),
113 fsparam_flag("mfsymlinks", Opt_mfsymlinks),
114 fsparam_flag("multiuser", Opt_multiuser),
115 fsparam_flag("sloppy", Opt_sloppy),
116 fsparam_flag("nosharesock", Opt_nosharesock),
117 fsparam_flag_no("persistenthandles", Opt_persistent),
118 fsparam_flag_no("resilienthandles", Opt_resilient),
119 fsparam_flag("domainauto", Opt_domainauto),
120 fsparam_flag("rdma", Opt_rdma),
121 fsparam_flag("modesid", Opt_modesid),
122 fsparam_flag("modefromsid", Opt_modesid),
123 fsparam_flag("rootfs", Opt_rootfs),
124 fsparam_flag("compress", Opt_compress),
125 fsparam_flag("witness", Opt_witness),
127 /* Mount options which take numeric value */
128 fsparam_u32("backupuid", Opt_backupuid),
129 fsparam_u32("backupgid", Opt_backupgid),
130 fsparam_u32("uid", Opt_uid),
131 fsparam_u32("cruid", Opt_cruid),
132 fsparam_u32("gid", Opt_gid),
133 fsparam_u32("file_mode", Opt_file_mode),
134 fsparam_u32("dirmode", Opt_dirmode),
135 fsparam_u32("dir_mode", Opt_dirmode),
136 fsparam_u32("port", Opt_port),
137 fsparam_u32("min_enc_offload", Opt_min_enc_offload),
138 fsparam_u32("esize", Opt_min_enc_offload),
139 fsparam_u32("bsize", Opt_blocksize),
140 fsparam_u32("rsize", Opt_rsize),
141 fsparam_u32("wsize", Opt_wsize),
142 fsparam_u32("actimeo", Opt_actimeo),
143 fsparam_u32("echo_interval", Opt_echo_interval),
144 fsparam_u32("max_credits", Opt_max_credits),
145 fsparam_u32("handletimeout", Opt_handletimeout),
146 fsparam_u32("snapshot", Opt_snapshot),
147 fsparam_u32("max_channels", Opt_max_channels),
149 /* Mount options which take string value */
150 fsparam_string("source", Opt_source),
151 fsparam_string("unc", Opt_source),
152 fsparam_string("user", Opt_user),
153 fsparam_string("username", Opt_user),
154 fsparam_string("pass", Opt_pass),
155 fsparam_string("password", Opt_pass),
156 fsparam_string("ip", Opt_ip),
157 fsparam_string("addr", Opt_ip),
158 fsparam_string("domain", Opt_domain),
159 fsparam_string("dom", Opt_domain),
160 fsparam_string("srcaddr", Opt_srcaddr),
161 fsparam_string("iocharset", Opt_iocharset),
162 fsparam_string("netbiosname", Opt_netbiosname),
163 fsparam_string("servern", Opt_servern),
164 fsparam_string("ver", Opt_ver),
165 fsparam_string("vers", Opt_vers),
166 fsparam_string("sec", Opt_sec),
167 fsparam_string("cache", Opt_cache),
169 /* Arguments that should be ignored */
170 fsparam_flag("guest", Opt_ignore),
171 fsparam_flag("noatime", Opt_ignore),
172 fsparam_flag("relatime", Opt_ignore),
173 fsparam_flag("_netdev", Opt_ignore),
174 fsparam_flag_no("suid", Opt_ignore),
175 fsparam_flag_no("exec", Opt_ignore),
176 fsparam_flag_no("dev", Opt_ignore),
177 fsparam_flag_no("mand", Opt_ignore),
178 fsparam_flag_no("auto", Opt_ignore),
179 fsparam_string("cred", Opt_ignore),
180 fsparam_string("credentials", Opt_ignore),
181 fsparam_string("prefixpath", Opt_ignore),
186 cifs_parse_security_flavors(char *value, struct smb3_fs_context *ctx)
189 substring_t args[MAX_OPT_ARGS];
192 * With mount options, the last one should win. Reset any existing
193 * settings back to default.
195 ctx->sectype = Unspecified;
198 switch (match_token(value, cifs_secflavor_tokens, args)) {
200 cifs_dbg(VFS, "sec=krb5p is not supported!\n");
206 ctx->sectype = Kerberos;
208 case Opt_sec_ntlmsspi:
211 case Opt_sec_ntlmssp:
212 ctx->sectype = RawNTLMSSP;
220 case Opt_sec_ntlmv2i:
224 ctx->sectype = NTLMv2;
226 #ifdef CONFIG_CIFS_WEAK_PW_HASH
228 ctx->sectype = LANMAN;
235 cifs_dbg(VFS, "bad security option: %s\n", value);
242 static const match_table_t cifs_cacheflavor_tokens = {
243 { Opt_cache_loose, "loose" },
244 { Opt_cache_strict, "strict" },
245 { Opt_cache_none, "none" },
246 { Opt_cache_ro, "ro" },
247 { Opt_cache_rw, "singleclient" },
248 { Opt_cache_err, NULL }
252 cifs_parse_cache_flavor(char *value, struct smb3_fs_context *ctx)
254 substring_t args[MAX_OPT_ARGS];
256 switch (match_token(value, cifs_cacheflavor_tokens, args)) {
257 case Opt_cache_loose:
258 ctx->direct_io = false;
259 ctx->strict_io = false;
260 ctx->cache_ro = false;
261 ctx->cache_rw = false;
263 case Opt_cache_strict:
264 ctx->direct_io = false;
265 ctx->strict_io = true;
266 ctx->cache_ro = false;
267 ctx->cache_rw = false;
270 ctx->direct_io = true;
271 ctx->strict_io = false;
272 ctx->cache_ro = false;
273 ctx->cache_rw = false;
276 ctx->direct_io = false;
277 ctx->strict_io = false;
278 ctx->cache_ro = true;
279 ctx->cache_rw = false;
282 ctx->direct_io = false;
283 ctx->strict_io = false;
284 ctx->cache_ro = false;
285 ctx->cache_rw = true;
288 cifs_dbg(VFS, "bad cache= option: %s\n", value);
294 #define DUP_CTX_STR(field) \
297 new_ctx->field = kstrdup(ctx->field, GFP_ATOMIC); \
298 if (new_ctx->field == NULL) { \
299 smb3_cleanup_fs_context_contents(new_ctx); \
306 smb3_fs_context_dup(struct smb3_fs_context *new_ctx, struct smb3_fs_context *ctx)
308 memcpy(new_ctx, ctx, sizeof(*ctx));
309 new_ctx->prepath = NULL;
310 new_ctx->mount_options = NULL;
311 new_ctx->nodename = NULL;
312 new_ctx->username = NULL;
313 new_ctx->password = NULL;
314 new_ctx->domainname = NULL;
316 new_ctx->iocharset = NULL;
319 * Make sure to stay in sync with smb3_cleanup_fs_context_contents()
321 DUP_CTX_STR(prepath);
322 DUP_CTX_STR(mount_options);
323 DUP_CTX_STR(username);
324 DUP_CTX_STR(password);
326 DUP_CTX_STR(domainname);
327 DUP_CTX_STR(nodename);
328 DUP_CTX_STR(iocharset);
334 cifs_parse_smb_version(char *value, struct smb3_fs_context *ctx, bool is_smb3)
336 substring_t args[MAX_OPT_ARGS];
338 switch (match_token(value, cifs_smb_version_tokens, args)) {
339 #ifdef CONFIG_CIFS_ALLOW_INSECURE_LEGACY
341 if (disable_legacy_dialects) {
342 cifs_dbg(VFS, "mount with legacy dialect disabled\n");
346 cifs_dbg(VFS, "vers=1.0 (cifs) not permitted when mounting with smb3\n");
349 cifs_dbg(VFS, "Use of the less secure dialect vers=1.0 is not recommended unless required for access to very old servers\n");
350 ctx->ops = &smb1_operations;
351 ctx->vals = &smb1_values;
354 if (disable_legacy_dialects) {
355 cifs_dbg(VFS, "mount with legacy dialect disabled\n");
359 cifs_dbg(VFS, "vers=2.0 not permitted when mounting with smb3\n");
362 ctx->ops = &smb20_operations;
363 ctx->vals = &smb20_values;
367 cifs_dbg(VFS, "vers=1.0 (cifs) mount not permitted when legacy dialects disabled\n");
370 cifs_dbg(VFS, "vers=2.0 mount not permitted when legacy dialects disabled\n");
372 #endif /* CIFS_ALLOW_INSECURE_LEGACY */
374 ctx->ops = &smb21_operations;
375 ctx->vals = &smb21_values;
378 ctx->ops = &smb30_operations;
379 ctx->vals = &smb30_values;
382 ctx->ops = &smb30_operations; /* currently identical with 3.0 */
383 ctx->vals = &smb302_values;
386 ctx->ops = &smb311_operations;
387 ctx->vals = &smb311_values;
390 ctx->ops = &smb30_operations; /* currently identical with 3.0 */
391 ctx->vals = &smb3any_values;
394 ctx->ops = &smb30_operations; /* currently identical with 3.0 */
395 ctx->vals = &smbdefault_values;
398 cifs_dbg(VFS, "Unknown vers= option specified: %s\n", value);
404 int smb3_parse_opt(const char *options, const char *key, char **val)
407 char *opts, *orig, *p;
409 orig = opts = kstrdup(options, GFP_KERNEL);
413 while ((p = strsep(&opts, ","))) {
418 if (strncasecmp(p, key, strlen(key)))
420 nval = strchr(p, '=');
425 *val = kstrndup(nval, strlen(nval), GFP_KERNEL);
426 rc = !*val ? -ENOMEM : 0;
436 * Parse a devname into substrings and populate the ctx->UNC and ctx->prepath
437 * fields with the result. Returns 0 on success and an error otherwise
438 * (e.g. ENOMEM or EINVAL)
441 smb3_parse_devname(const char *devname, struct smb3_fs_context *ctx)
444 const char *delims = "/\\";
447 if (unlikely(!devname || !*devname)) {
448 cifs_dbg(VFS, "Device name not specified\n");
452 /* make sure we have a valid UNC double delimiter prefix */
453 len = strspn(devname, delims);
457 /* find delimiter between host and sharename */
458 pos = strpbrk(devname + 2, delims);
462 /* skip past delimiter */
465 /* now go until next delimiter or end of string */
466 len = strcspn(pos, delims);
468 /* move "pos" up to delimiter or NULL */
470 ctx->UNC = kstrndup(devname, pos - devname, GFP_KERNEL);
474 convert_delimiter(ctx->UNC, '\\');
476 /* skip any delimiter */
477 if (*pos == '/' || *pos == '\\')
480 /* If pos is NULL then no prepath */
484 ctx->prepath = kstrdup(pos, GFP_KERNEL);
491 static void smb3_fs_context_free(struct fs_context *fc);
492 static int smb3_fs_context_parse_param(struct fs_context *fc,
493 struct fs_parameter *param);
494 static int smb3_fs_context_parse_monolithic(struct fs_context *fc,
496 static int smb3_get_tree(struct fs_context *fc);
497 static int smb3_reconfigure(struct fs_context *fc);
499 static const struct fs_context_operations smb3_fs_context_ops = {
500 .free = smb3_fs_context_free,
501 .parse_param = smb3_fs_context_parse_param,
502 .parse_monolithic = smb3_fs_context_parse_monolithic,
503 .get_tree = smb3_get_tree,
504 .reconfigure = smb3_reconfigure,
508 * Parse a monolithic block of data from sys_mount().
509 * smb3_fs_context_parse_monolithic - Parse key[=val][,key[=val]]* mount data
510 * @ctx: The superblock configuration to fill in.
511 * @data: The data to parse
513 * Parse a blob of data that's in key[=val][,key[=val]]* form. This can be
514 * called from the ->monolithic_mount_data() fs_context operation.
516 * Returns 0 on success or the error returned by the ->parse_option() fs_context
517 * operation on failure.
519 static int smb3_fs_context_parse_monolithic(struct fs_context *fc,
522 struct smb3_fs_context *ctx = smb3_fc2context(fc);
523 char *options = data, *key;
529 ctx->mount_options = kstrdup(data, GFP_KERNEL);
530 if (ctx->mount_options == NULL)
533 ret = security_sb_eat_lsm_opts(options, &fc->security);
537 /* BB Need to add support for sep= here TBD */
538 while ((key = strsep(&options, ",")) != NULL) {
541 char *value = strchr(key, '=');
547 v_len = strlen(value);
549 ret = vfs_parse_fs_string(fc, key, value, v_len);
559 * Validate the preparsed information in the config.
561 static int smb3_fs_context_validate(struct fs_context *fc)
563 struct smb3_fs_context *ctx = smb3_fc2context(fc);
565 if (ctx->rdma && ctx->vals->protocol_id < SMB30_PROT_ID) {
566 cifs_dbg(VFS, "SMB Direct requires Version >=3.0\n");
571 /* Muliuser mounts require CONFIG_KEYS support */
572 if (ctx->multiuser) {
573 cifs_dbg(VFS, "Multiuser mounts require kernels with CONFIG_KEYS enabled\n");
578 if (ctx->got_version == false)
579 pr_warn_once("No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.\n");
583 cifs_dbg(VFS, "CIFS mount error: No usable UNC path provided in device string!\n");
587 /* make sure UNC has a share name */
588 if (strlen(ctx->UNC) < 3 || !strchr(ctx->UNC + 3, '\\')) {
589 cifs_dbg(VFS, "Malformed UNC. Unable to find share name.\n");
597 /* No ip= option specified? Try to get it from UNC */
598 /* Use the address part of the UNC. */
599 slash = strchr(&ctx->UNC[2], '\\');
600 len = slash - &ctx->UNC[2];
601 if (!cifs_convert_address((struct sockaddr *)&ctx->dstaddr,
602 &ctx->UNC[2], len)) {
603 pr_err("Unable to determine destination address\n");
604 return -EHOSTUNREACH;
608 /* set the port that we got earlier */
609 cifs_set_port((struct sockaddr *)&ctx->dstaddr, ctx->port);
611 if (ctx->override_uid && !ctx->uid_specified) {
612 ctx->override_uid = 0;
613 pr_notice("ignoring forceuid mount option specified with no uid= option\n");
616 if (ctx->override_gid && !ctx->gid_specified) {
617 ctx->override_gid = 0;
618 pr_notice("ignoring forcegid mount option specified with no gid= option\n");
624 static int smb3_get_tree_common(struct fs_context *fc)
626 struct smb3_fs_context *ctx = smb3_fc2context(fc);
630 root = cifs_smb3_do_mount(fc->fs_type, 0, ctx);
632 return PTR_ERR(root);
640 * Create an SMB3 superblock from the parameters passed.
642 static int smb3_get_tree(struct fs_context *fc)
644 int err = smb3_fs_context_validate(fc);
648 return smb3_get_tree_common(fc);
651 static void smb3_fs_context_free(struct fs_context *fc)
653 struct smb3_fs_context *ctx = smb3_fc2context(fc);
655 smb3_cleanup_fs_context(ctx);
659 * Compare the old and new proposed context during reconfigure
660 * and check if the changes are compatible.
662 static int smb3_verify_reconfigure_ctx(struct smb3_fs_context *new_ctx,
663 struct smb3_fs_context *old_ctx)
665 if (new_ctx->posix_paths != old_ctx->posix_paths) {
666 cifs_dbg(VFS, "can not change posixpaths during remount\n");
669 if (new_ctx->sectype != old_ctx->sectype) {
670 cifs_dbg(VFS, "can not change sec during remount\n");
673 if (new_ctx->multiuser != old_ctx->multiuser) {
674 cifs_dbg(VFS, "can not change multiuser during remount\n");
678 (!old_ctx->UNC || strcmp(new_ctx->UNC, old_ctx->UNC))) {
679 cifs_dbg(VFS, "can not change UNC during remount\n");
682 if (new_ctx->username &&
683 (!old_ctx->username || strcmp(new_ctx->username, old_ctx->username))) {
684 cifs_dbg(VFS, "can not change username during remount\n");
687 if (new_ctx->password &&
688 (!old_ctx->password || strcmp(new_ctx->password, old_ctx->password))) {
689 cifs_dbg(VFS, "can not change password during remount\n");
692 if (new_ctx->domainname &&
693 (!old_ctx->domainname || strcmp(new_ctx->domainname, old_ctx->domainname))) {
694 cifs_dbg(VFS, "can not change domainname during remount\n");
697 if (new_ctx->nodename &&
698 (!old_ctx->nodename || strcmp(new_ctx->nodename, old_ctx->nodename))) {
699 cifs_dbg(VFS, "can not change nodename during remount\n");
702 if (new_ctx->iocharset &&
703 (!old_ctx->iocharset || strcmp(new_ctx->iocharset, old_ctx->iocharset))) {
704 cifs_dbg(VFS, "can not change iocharset during remount\n");
711 #define STEAL_STRING(cifs_sb, ctx, field) \
714 ctx->field = cifs_sb->ctx->field; \
715 cifs_sb->ctx->field = NULL; \
718 static int smb3_reconfigure(struct fs_context *fc)
720 struct smb3_fs_context *ctx = smb3_fc2context(fc);
721 struct dentry *root = fc->root;
722 struct cifs_sb_info *cifs_sb = CIFS_SB(root->d_sb);
725 rc = smb3_verify_reconfigure_ctx(ctx, cifs_sb->ctx);
730 * We can not change UNC/username/password/domainname/nodename/iocharset
731 * during reconnect so ignore what we have in the new context and
732 * just use what we already have in cifs_sb->ctx.
734 STEAL_STRING(cifs_sb, ctx, UNC);
735 STEAL_STRING(cifs_sb, ctx, username);
736 STEAL_STRING(cifs_sb, ctx, password);
737 STEAL_STRING(cifs_sb, ctx, domainname);
738 STEAL_STRING(cifs_sb, ctx, nodename);
739 STEAL_STRING(cifs_sb, ctx, iocharset);
741 /* if rsize or wsize not passed in on remount, use previous values */
743 ctx->rsize = cifs_sb->ctx->rsize;
745 ctx->wsize = cifs_sb->ctx->wsize;
748 smb3_cleanup_fs_context_contents(cifs_sb->ctx);
749 rc = smb3_fs_context_dup(cifs_sb->ctx, ctx);
750 smb3_update_mnt_flags(cifs_sb);
755 static int smb3_fs_context_parse_param(struct fs_context *fc,
756 struct fs_parameter *param)
758 struct fs_parse_result result;
759 struct smb3_fs_context *ctx = smb3_fc2context(fc);
761 bool is_smb3 = !strcmp(fc->fs_type->name, "smb3");
762 bool skip_parsing = false;
764 cifs_dbg(FYI, "CIFS: parsing cifs mount option '%s'\n", param->key);
767 * fs_parse can not handle string options with an empty value so
768 * we will need special handling of them.
770 if (param->type == fs_value_is_string && param->string[0] == 0) {
771 if (!strcmp("pass", param->key) || !strcmp("password", param->key)) {
774 } else if (!strcmp("user", param->key) || !strcmp("username", param->key)) {
781 opt = fs_parse(fc, smb3_fs_parameters, param, &result);
783 return ctx->sloppy ? 1 : opt;
788 ctx->compression = UNKNOWN_TYPE;
790 "SMB3 compression support is experimental\n");
812 ctx->sfu_remap = false; /* disable SFU mapping */
823 ctx->override_uid = 0;
825 ctx->override_uid = 1;
829 ctx->override_gid = 0;
831 ctx->override_gid = 1;
851 case Opt_noblocksend:
863 case Opt_multichannel:
864 if (result.negated) {
865 ctx->multichannel = false;
866 ctx->max_channels = 1;
868 ctx->multichannel = true;
869 /* if number of channels not specified, default to 2 */
870 if (ctx->max_channels < 2)
871 ctx->max_channels = 2;
875 ctx->linux_uid.val = result.uint_32;
876 ctx->uid_specified = true;
879 ctx->cred_uid.val = result.uint_32;
882 ctx->backupgid.val = result.uint_32;
883 ctx->backupgid_specified = true;
886 ctx->linux_gid.val = result.uint_32;
887 ctx->gid_specified = true;
890 ctx->port = result.uint_32;
893 ctx->file_mode = result.uint_32;
896 ctx->dir_mode = result.uint_32;
898 case Opt_min_enc_offload:
899 ctx->min_offload = result.uint_32;
903 * inode blocksize realistically should never need to be
904 * less than 16K or greater than 16M and default is 1MB.
905 * Note that small inode block sizes (e.g. 64K) can lead
906 * to very poor performance of common tools like cp and scp
908 if ((result.uint_32 < CIFS_MAX_MSGSIZE) ||
909 (result.uint_32 > (4 * SMB3_DEFAULT_IOSIZE))) {
910 cifs_dbg(VFS, "%s: Invalid blocksize\n",
912 goto cifs_parse_mount_err;
914 ctx->bsize = result.uint_32;
915 ctx->got_bsize = true;
918 ctx->rsize = result.uint_32;
919 ctx->got_rsize = true;
922 ctx->wsize = result.uint_32;
923 ctx->got_wsize = true;
926 ctx->actimeo = HZ * result.uint_32;
927 if (ctx->actimeo > CIFS_MAX_ACTIMEO) {
928 cifs_dbg(VFS, "attribute cache timeout too large\n");
929 goto cifs_parse_mount_err;
932 case Opt_echo_interval:
933 ctx->echo_interval = result.uint_32;
936 ctx->snapshot_time = result.uint_32;
938 case Opt_max_credits:
939 if (result.uint_32 < 20 || result.uint_32 > 60000) {
940 cifs_dbg(VFS, "%s: Invalid max_credits value\n",
942 goto cifs_parse_mount_err;
944 ctx->max_credits = result.uint_32;
946 case Opt_max_channels:
947 if (result.uint_32 < 1 || result.uint_32 > CIFS_MAX_CHANNELS) {
948 cifs_dbg(VFS, "%s: Invalid max_channels value, needs to be 1-%d\n",
949 __func__, CIFS_MAX_CHANNELS);
950 goto cifs_parse_mount_err;
952 ctx->max_channels = result.uint_32;
954 case Opt_handletimeout:
955 ctx->handle_timeout = result.uint_32;
956 if (ctx->handle_timeout > SMB3_MAX_HANDLE_TIMEOUT) {
957 cifs_dbg(VFS, "Invalid handle cache timeout, longer than 16 minutes\n");
958 goto cifs_parse_mount_err;
964 switch (smb3_parse_devname(param->string, ctx)) {
968 cifs_dbg(VFS, "Unable to allocate memory for devname\n");
969 goto cifs_parse_mount_err;
971 cifs_dbg(VFS, "Malformed UNC in devname\n");
972 goto cifs_parse_mount_err;
974 cifs_dbg(VFS, "Unknown error parsing devname\n");
975 goto cifs_parse_mount_err;
977 fc->source = kstrdup(param->string, GFP_KERNEL);
978 if (fc->source == NULL) {
979 cifs_dbg(VFS, "OOM when copying UNC string\n");
980 goto cifs_parse_mount_err;
984 kfree(ctx->username);
985 ctx->username = NULL;
986 if (strlen(param->string) == 0) {
987 /* null user, ie. anonymous authentication */
992 if (strnlen(param->string, CIFS_MAX_USERNAME_LEN) >
993 CIFS_MAX_USERNAME_LEN) {
994 pr_warn("username too long\n");
995 goto cifs_parse_mount_err;
997 ctx->username = kstrdup(param->string, GFP_KERNEL);
998 if (ctx->username == NULL) {
999 cifs_dbg(VFS, "OOM when copying username string\n");
1000 goto cifs_parse_mount_err;
1004 kfree(ctx->password);
1005 ctx->password = NULL;
1006 if (strlen(param->string) == 0)
1009 ctx->password = kstrdup(param->string, GFP_KERNEL);
1010 if (ctx->password == NULL) {
1011 cifs_dbg(VFS, "OOM when copying password string\n");
1012 goto cifs_parse_mount_err;
1016 if (strlen(param->string) == 0) {
1017 ctx->got_ip = false;
1020 if (!cifs_convert_address((struct sockaddr *)&ctx->dstaddr,
1022 strlen(param->string))) {
1023 pr_err("bad ip= option (%s)\n", param->string);
1024 goto cifs_parse_mount_err;
1029 if (strnlen(param->string, CIFS_MAX_DOMAINNAME_LEN)
1030 == CIFS_MAX_DOMAINNAME_LEN) {
1031 pr_warn("domain name too long\n");
1032 goto cifs_parse_mount_err;
1035 kfree(ctx->domainname);
1036 ctx->domainname = kstrdup(param->string, GFP_KERNEL);
1037 if (ctx->domainname == NULL) {
1038 cifs_dbg(VFS, "OOM when copying domainname string\n");
1039 goto cifs_parse_mount_err;
1041 cifs_dbg(FYI, "Domain name set\n");
1044 if (!cifs_convert_address(
1045 (struct sockaddr *)&ctx->srcaddr,
1046 param->string, strlen(param->string))) {
1047 pr_warn("Could not parse srcaddr: %s\n",
1049 goto cifs_parse_mount_err;
1053 if (strnlen(param->string, 1024) >= 65) {
1054 pr_warn("iocharset name too long\n");
1055 goto cifs_parse_mount_err;
1058 if (strncasecmp(param->string, "default", 7) != 0) {
1059 kfree(ctx->iocharset);
1060 ctx->iocharset = kstrdup(param->string, GFP_KERNEL);
1061 if (ctx->iocharset == NULL) {
1062 cifs_dbg(VFS, "OOM when copying iocharset string\n");
1063 goto cifs_parse_mount_err;
1066 /* if iocharset not set then load_nls_default
1069 cifs_dbg(FYI, "iocharset set to %s\n", ctx->iocharset);
1071 case Opt_netbiosname:
1072 memset(ctx->source_rfc1001_name, 0x20,
1075 * FIXME: are there cases in which a comma can
1076 * be valid in workstation netbios name (and
1077 * need special handling)?
1079 for (i = 0; i < RFC1001_NAME_LEN; i++) {
1080 /* don't ucase netbiosname for user */
1081 if (param->string[i] == 0)
1083 ctx->source_rfc1001_name[i] = param->string[i];
1085 /* The string has 16th byte zero still from
1086 * set at top of the function
1088 if (i == RFC1001_NAME_LEN && param->string[i] != 0)
1089 pr_warn("netbiosname longer than 15 truncated\n");
1092 /* last byte, type, is 0x20 for servr type */
1093 memset(ctx->target_rfc1001_name, 0x20,
1094 RFC1001_NAME_LEN_WITH_NULL);
1096 * BB are there cases in which a comma can be valid in this
1097 * workstation netbios name (and need special handling)?
1100 /* user or mount helper must uppercase the netbios name */
1101 for (i = 0; i < 15; i++) {
1102 if (param->string[i] == 0)
1104 ctx->target_rfc1001_name[i] = param->string[i];
1107 /* The string has 16th byte zero still from set at top of function */
1108 if (i == RFC1001_NAME_LEN && param->string[i] != 0)
1109 pr_warn("server netbiosname longer than 15 truncated\n");
1112 /* version of mount userspace tools, not dialect */
1113 /* If interface changes in mount.cifs bump to new ver */
1114 if (strncasecmp(param->string, "1", 1) == 0) {
1115 if (strlen(param->string) > 1) {
1116 pr_warn("Bad mount helper ver=%s. Did you want SMB1 (CIFS) dialect and mean to type vers=1.0 instead?\n",
1118 goto cifs_parse_mount_err;
1120 /* This is the default */
1123 /* For all other value, error */
1124 pr_warn("Invalid mount helper version specified\n");
1125 goto cifs_parse_mount_err;
1127 /* protocol version (dialect) */
1128 if (cifs_parse_smb_version(param->string, ctx, is_smb3) != 0)
1129 goto cifs_parse_mount_err;
1130 ctx->got_version = true;
1133 if (cifs_parse_security_flavors(param->string, ctx) != 0)
1134 goto cifs_parse_mount_err;
1137 if (cifs_parse_cache_flavor(param->string, ctx) != 0)
1138 goto cifs_parse_mount_err;
1141 #ifndef CONFIG_CIFS_SWN_UPCALL
1142 cifs_dbg(VFS, "Witness support needs CONFIG_CIFS_SWN_UPCALL config option\n");
1143 goto cifs_parse_mount_err;
1145 ctx->witness = true;
1146 pr_warn_once("Witness protocol support is experimental\n");
1149 #ifdef CONFIG_CIFS_ROOT
1153 case Opt_posixpaths:
1155 ctx->posix_paths = 0;
1157 ctx->posix_paths = 1;
1163 ctx->no_linux_ext = 1;
1169 if (result.negated) {
1171 * turn off mandatory locking in mode
1172 * if remote locking is turned off since the
1173 * local vfs will do advisory
1175 if (ctx->file_mode ==
1176 (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1177 ctx->file_mode = S_IALLUGO;
1182 case Opt_handlecache:
1184 ctx->nohandlecache = 1;
1186 ctx->nohandlecache = 0;
1188 case Opt_forcemandatorylock:
1192 ctx->setuids = result.negated;
1195 ctx->intr = !result.negated;
1197 case Opt_setuidfromacl:
1198 ctx->setuidfromacl = 1;
1200 case Opt_strictsync:
1201 ctx->nostrictsync = result.negated;
1204 ctx->server_ino = !result.negated;
1206 case Opt_rwpidforward:
1207 ctx->rwpidforward = 1;
1213 ctx->cifs_acl = !result.negated;
1216 ctx->no_psx_acl = result.negated;
1218 case Opt_locallease:
1219 ctx->local_lease = 1;
1224 case Opt_ignore_signature:
1226 ctx->ignore_signature = true;
1229 /* we do not do the following in secFlags because seal
1230 * is a per tree connection (mount) not a per socket
1231 * or per-smb connection option in the protocol
1232 * vol->secFlg |= CIFSSEC_MUST_SEAL;
1237 pr_warn("Mount option noac not supported. Instead set /proc/fs/cifs/LookupCacheEnabled to 0\n");
1240 #ifndef CONFIG_CIFS_FSCACHE
1241 cifs_dbg(VFS, "FS-Cache support needs CONFIG_CIFS_FSCACHE kernel config option set\n");
1242 goto cifs_parse_mount_err;
1246 case Opt_mfsymlinks:
1247 ctx->mfsymlinks = true;
1250 ctx->multiuser = true;
1255 case Opt_nosharesock:
1256 ctx->nosharesock = true;
1258 case Opt_persistent:
1259 if (result.negated) {
1260 ctx->nopersistent = true;
1261 if (ctx->persistent) {
1263 "persistenthandles mount options conflict\n");
1264 goto cifs_parse_mount_err;
1267 ctx->persistent = true;
1268 if ((ctx->nopersistent) || (ctx->resilient)) {
1270 "persistenthandles mount options conflict\n");
1271 goto cifs_parse_mount_err;
1276 if (result.negated) {
1277 ctx->resilient = false; /* already the default */
1279 ctx->resilient = true;
1280 if (ctx->persistent) {
1282 "persistenthandles mount options conflict\n");
1283 goto cifs_parse_mount_err;
1287 case Opt_domainauto:
1288 ctx->domainauto = true;
1294 /* case Opt_ignore: - is ignored as expected ... */
1298 cifs_parse_mount_err:
1302 int smb3_init_fs_context(struct fs_context *fc)
1304 struct smb3_fs_context *ctx;
1305 char *nodename = utsname()->nodename;
1308 ctx = kzalloc(sizeof(struct smb3_fs_context), GFP_KERNEL);
1313 * does not have to be perfect mapping since field is
1314 * informational, only used for servers that do not support
1315 * port 445 and it can be overridden at mount time
1317 memset(ctx->source_rfc1001_name, 0x20, RFC1001_NAME_LEN);
1318 for (i = 0; i < strnlen(nodename, RFC1001_NAME_LEN); i++)
1319 ctx->source_rfc1001_name[i] = toupper(nodename[i]);
1321 ctx->source_rfc1001_name[RFC1001_NAME_LEN] = 0;
1323 * null target name indicates to use *SMBSERVR default called name
1324 * if we end up sending RFC1001 session initialize
1326 ctx->target_rfc1001_name[0] = 0;
1327 ctx->cred_uid = current_uid();
1328 ctx->linux_uid = current_uid();
1329 ctx->linux_gid = current_gid();
1330 ctx->bsize = 1024 * 1024; /* can improve cp performance significantly */
1333 * default to SFM style remapping of seven reserved characters
1334 * unless user overrides it or we negotiate CIFS POSIX where
1335 * it is unnecessary. Can not simultaneously use more than one mapping
1336 * since then readdir could list files that open could not open
1340 /* default to only allowing write access to owner of the mount */
1341 ctx->dir_mode = ctx->file_mode = S_IRUGO | S_IXUGO | S_IWUSR;
1343 /* ctx->retry default is 0 (i.e. "soft" limited retry not hard retry) */
1344 /* default is always to request posix paths. */
1345 ctx->posix_paths = 1;
1346 /* default to using server inode numbers where available */
1347 ctx->server_ino = 1;
1349 /* default is to use strict cifs caching semantics */
1350 ctx->strict_io = true;
1352 ctx->actimeo = CIFS_DEF_ACTIMEO;
1354 /* Most clients set timeout to 0, allows server to use its default */
1355 ctx->handle_timeout = 0; /* See MS-SMB2 spec section 2.2.14.2.12 */
1357 /* offer SMB2.1 and later (SMB3 etc). Secure and widely accepted */
1358 ctx->ops = &smb30_operations;
1359 ctx->vals = &smbdefault_values;
1361 ctx->echo_interval = SMB_ECHO_INTERVAL_DEFAULT;
1363 /* default to no multichannel (single server connection) */
1364 ctx->multichannel = false;
1365 ctx->max_channels = 1;
1367 ctx->backupuid_specified = false; /* no backup intent for a user */
1368 ctx->backupgid_specified = false; /* no backup intent for a group */
1371 * short int override_uid = -1;
1372 * short int override_gid = -1;
1373 * char *nodename = strdup(utsname()->nodename);
1374 * struct sockaddr *dstaddr = (struct sockaddr *)&vol->dstaddr;
1377 fc->fs_private = ctx;
1378 fc->ops = &smb3_fs_context_ops;
1383 smb3_cleanup_fs_context_contents(struct smb3_fs_context *ctx)
1389 * Make sure this stays in sync with smb3_fs_context_dup()
1391 kfree(ctx->mount_options);
1392 ctx->mount_options = NULL;
1393 kfree(ctx->username);
1394 ctx->username = NULL;
1395 kfree_sensitive(ctx->password);
1396 ctx->password = NULL;
1399 kfree(ctx->domainname);
1400 ctx->domainname = NULL;
1401 kfree(ctx->nodename);
1402 ctx->nodename = NULL;
1403 kfree(ctx->iocharset);
1404 ctx->iocharset = NULL;
1405 kfree(ctx->prepath);
1406 ctx->prepath = NULL;
1410 smb3_cleanup_fs_context(struct smb3_fs_context *ctx)
1414 smb3_cleanup_fs_context_contents(ctx);
1418 void smb3_update_mnt_flags(struct cifs_sb_info *cifs_sb)
1420 struct smb3_fs_context *ctx = cifs_sb->ctx;
1423 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_DFS;
1425 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NO_DFS;
1428 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
1430 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NO_PERM;
1433 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
1435 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_SET_UID;
1437 if (ctx->setuidfromacl)
1438 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UID_FROM_ACL;
1440 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_UID_FROM_ACL;
1442 if (ctx->server_ino)
1443 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
1445 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_SERVER_INUM;
1448 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SFM_CHR;
1450 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_MAP_SFM_CHR;
1453 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
1455 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_MAP_SPECIAL_CHR;
1458 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
1460 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NO_XATTR;
1463 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
1465 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_UNX_EMUL;
1468 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
1470 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NO_BRL;
1472 if (ctx->nohandlecache)
1473 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_HANDLE_CACHE;
1475 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NO_HANDLE_CACHE;
1477 if (ctx->nostrictsync)
1478 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOSSYNC;
1480 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NOSSYNC;
1483 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOPOSIXBRL;
1485 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NOPOSIXBRL;
1487 if (ctx->rwpidforward)
1488 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_RWPIDFORWARD;
1490 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_RWPIDFORWARD;
1493 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MODE_FROM_SID;
1495 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_MODE_FROM_SID;
1498 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
1500 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_CIFS_ACL;
1502 if (ctx->backupuid_specified)
1503 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_BACKUPUID;
1505 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_CIFS_BACKUPUID;
1507 if (ctx->backupgid_specified)
1508 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_BACKUPGID;
1510 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_CIFS_BACKUPGID;
1512 if (ctx->override_uid)
1513 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
1515 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_OVERR_UID;
1517 if (ctx->override_gid)
1518 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
1520 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_OVERR_GID;
1523 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DYNPERM;
1525 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_DYNPERM;
1528 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_FSCACHE;
1530 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_FSCACHE;
1533 cifs_sb->mnt_cifs_flags |= (CIFS_MOUNT_MULTIUSER |
1534 CIFS_MOUNT_NO_PERM);
1536 cifs_sb->mnt_cifs_flags &= ~(CIFS_MOUNT_MULTIUSER |
1537 CIFS_MOUNT_NO_PERM);
1540 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_STRICT_IO;
1542 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_STRICT_IO;
1545 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
1547 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_DIRECT_IO;
1549 if (ctx->mfsymlinks)
1550 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MF_SYMLINKS;
1552 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_MF_SYMLINKS;
1553 if (ctx->mfsymlinks) {
1554 if (ctx->sfu_emul) {
1556 * Our SFU ("Services for Unix" emulation does not allow
1557 * creating symlinks but does allow reading existing SFU
1558 * symlinks (it does allow both creating and reading SFU
1559 * style mknod and FIFOs though). When "mfsymlinks" and
1560 * "sfu" are both enabled at the same time, it allows
1561 * reading both types of symlinks, but will only create
1562 * them with mfsymlinks format. This allows better
1563 * Apple compatibility (probably better for Samba too)
1564 * while still recognizing old Windows style symlinks.
1566 cifs_dbg(VFS, "mount options mfsymlinks and sfu both enabled\n");