1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Copyright (C) 2020, Microsoft Corporation.
5 * Author(s): Steve French <stfrench@microsoft.com>
6 * David Howells <dhowells@redhat.com>
10 #include <linux/module.h>
11 #include <linux/nsproxy.h>
12 #include <linux/slab.h>
13 #include <linux/magic.h>
14 #include <linux/security.h>
15 #include <net/net_namespace.h>
18 #include <linux/ctype.h>
19 #include <linux/fs_context.h>
20 #include <linux/fs_parser.h>
22 #include <linux/mount.h>
23 #include <linux/parser.h>
24 #include <linux/utsname.h>
28 #include "cifsproto.h"
29 #include "cifs_unicode.h"
30 #include "cifs_debug.h"
31 #include "cifs_fs_sb.h"
34 #include "rfc1002pdu.h"
35 #include "fs_context.h"
37 static const match_table_t cifs_smb_version_tokens = {
38 { Smb_1, SMB1_VERSION_STRING },
39 { Smb_20, SMB20_VERSION_STRING},
40 { Smb_21, SMB21_VERSION_STRING },
41 { Smb_30, SMB30_VERSION_STRING },
42 { Smb_302, SMB302_VERSION_STRING },
43 { Smb_302, ALT_SMB302_VERSION_STRING },
44 { Smb_311, SMB311_VERSION_STRING },
45 { Smb_311, ALT_SMB311_VERSION_STRING },
46 { Smb_3any, SMB3ANY_VERSION_STRING },
47 { Smb_default, SMBDEFAULT_VERSION_STRING },
48 { Smb_version_err, NULL }
51 static const match_table_t cifs_secflavor_tokens = {
52 { Opt_sec_krb5, "krb5" },
53 { Opt_sec_krb5i, "krb5i" },
54 { Opt_sec_krb5p, "krb5p" },
55 { Opt_sec_ntlmsspi, "ntlmsspi" },
56 { Opt_sec_ntlmssp, "ntlmssp" },
58 { Opt_sec_ntlmi, "ntlmi" },
59 { Opt_sec_ntlmv2, "nontlm" },
60 { Opt_sec_ntlmv2, "ntlmv2" },
61 { Opt_sec_ntlmv2i, "ntlmv2i" },
62 { Opt_sec_lanman, "lanman" },
63 { Opt_sec_none, "none" },
68 const struct fs_parameter_spec smb3_fs_parameters[] = {
69 /* Mount options that take no arguments */
70 fsparam_flag_no("user_xattr", Opt_user_xattr),
71 fsparam_flag_no("forceuid", Opt_forceuid),
72 fsparam_flag_no("multichannel", Opt_multichannel),
73 fsparam_flag_no("forcegid", Opt_forcegid),
74 fsparam_flag("noblocksend", Opt_noblocksend),
75 fsparam_flag("noautotune", Opt_noautotune),
76 fsparam_flag("nolease", Opt_nolease),
77 fsparam_flag_no("hard", Opt_hard),
78 fsparam_flag_no("soft", Opt_soft),
79 fsparam_flag_no("perm", Opt_perm),
80 fsparam_flag("nodelete", Opt_nodelete),
81 fsparam_flag_no("mapposix", Opt_mapposix),
82 fsparam_flag("mapchars", Opt_mapchars),
83 fsparam_flag("nomapchars", Opt_nomapchars),
84 fsparam_flag_no("sfu", Opt_sfu),
85 fsparam_flag("nodfs", Opt_nodfs),
86 fsparam_flag_no("posixpaths", Opt_posixpaths),
87 fsparam_flag_no("unix", Opt_unix),
88 fsparam_flag_no("linux", Opt_unix),
89 fsparam_flag_no("posix", Opt_unix),
90 fsparam_flag("nocase", Opt_nocase),
91 fsparam_flag("ignorecase", Opt_nocase),
92 fsparam_flag_no("brl", Opt_brl),
93 fsparam_flag_no("handlecache", Opt_handlecache),
94 fsparam_flag("forcemandatorylock", Opt_forcemandatorylock),
95 fsparam_flag("forcemand", Opt_forcemandatorylock),
96 fsparam_flag("setuidfromacl", Opt_setuidfromacl),
97 fsparam_flag("idsfromsid", Opt_setuidfromacl),
98 fsparam_flag_no("setuids", Opt_setuids),
99 fsparam_flag_no("dynperm", Opt_dynperm),
100 fsparam_flag_no("intr", Opt_intr),
101 fsparam_flag_no("strictsync", Opt_strictsync),
102 fsparam_flag_no("serverino", Opt_serverino),
103 fsparam_flag("rwpidforward", Opt_rwpidforward),
104 fsparam_flag("cifsacl", Opt_cifsacl),
105 fsparam_flag_no("acl", Opt_acl),
106 fsparam_flag("locallease", Opt_locallease),
107 fsparam_flag("sign", Opt_sign),
108 fsparam_flag("ignore_signature", Opt_ignore_signature),
109 fsparam_flag("signloosely", Opt_ignore_signature),
110 fsparam_flag("seal", Opt_seal),
111 fsparam_flag("noac", Opt_noac),
112 fsparam_flag("fsc", Opt_fsc),
113 fsparam_flag("mfsymlinks", Opt_mfsymlinks),
114 fsparam_flag("multiuser", Opt_multiuser),
115 fsparam_flag("sloppy", Opt_sloppy),
116 fsparam_flag("nosharesock", Opt_nosharesock),
117 fsparam_flag_no("persistenthandles", Opt_persistent),
118 fsparam_flag_no("resilienthandles", Opt_resilient),
119 fsparam_flag("domainauto", Opt_domainauto),
120 fsparam_flag("rdma", Opt_rdma),
121 fsparam_flag("modesid", Opt_modesid),
122 fsparam_flag("modefromsid", Opt_modesid),
123 fsparam_flag("rootfs", Opt_rootfs),
124 fsparam_flag("compress", Opt_compress),
125 fsparam_flag("witness", Opt_witness),
127 /* Mount options which take numeric value */
128 fsparam_u32("backupuid", Opt_backupuid),
129 fsparam_u32("backupgid", Opt_backupgid),
130 fsparam_u32("uid", Opt_uid),
131 fsparam_u32("cruid", Opt_cruid),
132 fsparam_u32("gid", Opt_gid),
133 fsparam_u32("file_mode", Opt_file_mode),
134 fsparam_u32("dirmode", Opt_dirmode),
135 fsparam_u32("dir_mode", Opt_dirmode),
136 fsparam_u32("port", Opt_port),
137 fsparam_u32("min_enc_offload", Opt_min_enc_offload),
138 fsparam_u32("esize", Opt_min_enc_offload),
139 fsparam_u32("bsize", Opt_blocksize),
140 fsparam_u32("rsize", Opt_rsize),
141 fsparam_u32("wsize", Opt_wsize),
142 fsparam_u32("actimeo", Opt_actimeo),
143 fsparam_u32("echo_interval", Opt_echo_interval),
144 fsparam_u32("max_credits", Opt_max_credits),
145 fsparam_u32("handletimeout", Opt_handletimeout),
146 fsparam_u32("snapshot", Opt_snapshot),
147 fsparam_u32("max_channels", Opt_max_channels),
149 /* Mount options which take string value */
150 fsparam_string("source", Opt_source),
151 fsparam_string("user", Opt_user),
152 fsparam_string("username", Opt_user),
153 fsparam_string("pass", Opt_pass),
154 fsparam_string("password", Opt_pass),
155 fsparam_string("ip", Opt_ip),
156 fsparam_string("addr", Opt_ip),
157 fsparam_string("domain", Opt_domain),
158 fsparam_string("dom", Opt_domain),
159 fsparam_string("srcaddr", Opt_srcaddr),
160 fsparam_string("iocharset", Opt_iocharset),
161 fsparam_string("netbiosname", Opt_netbiosname),
162 fsparam_string("servern", Opt_servern),
163 fsparam_string("ver", Opt_ver),
164 fsparam_string("vers", Opt_vers),
165 fsparam_string("sec", Opt_sec),
166 fsparam_string("cache", Opt_cache),
168 /* Arguments that should be ignored */
169 fsparam_flag("guest", Opt_ignore),
170 fsparam_flag("noatime", Opt_ignore),
171 fsparam_flag("relatime", Opt_ignore),
172 fsparam_flag("_netdev", Opt_ignore),
173 fsparam_flag_no("suid", Opt_ignore),
174 fsparam_flag_no("exec", Opt_ignore),
175 fsparam_flag_no("dev", Opt_ignore),
176 fsparam_flag_no("mand", Opt_ignore),
177 fsparam_flag_no("auto", Opt_ignore),
178 fsparam_string("cred", Opt_ignore),
179 fsparam_string("credentials", Opt_ignore),
181 * UNC and prefixpath is now extracted from Opt_source
182 * in the new mount API so we can just ignore them going forward.
184 fsparam_string("unc", Opt_ignore),
185 fsparam_string("prefixpath", Opt_ignore),
190 cifs_parse_security_flavors(char *value, struct smb3_fs_context *ctx)
193 substring_t args[MAX_OPT_ARGS];
196 * With mount options, the last one should win. Reset any existing
197 * settings back to default.
199 ctx->sectype = Unspecified;
202 switch (match_token(value, cifs_secflavor_tokens, args)) {
204 cifs_dbg(VFS, "sec=krb5p is not supported!\n");
210 ctx->sectype = Kerberos;
212 case Opt_sec_ntlmsspi:
215 case Opt_sec_ntlmssp:
216 ctx->sectype = RawNTLMSSP;
224 case Opt_sec_ntlmv2i:
228 ctx->sectype = NTLMv2;
230 #ifdef CONFIG_CIFS_WEAK_PW_HASH
232 ctx->sectype = LANMAN;
239 cifs_dbg(VFS, "bad security option: %s\n", value);
246 static const match_table_t cifs_cacheflavor_tokens = {
247 { Opt_cache_loose, "loose" },
248 { Opt_cache_strict, "strict" },
249 { Opt_cache_none, "none" },
250 { Opt_cache_ro, "ro" },
251 { Opt_cache_rw, "singleclient" },
252 { Opt_cache_err, NULL }
256 cifs_parse_cache_flavor(char *value, struct smb3_fs_context *ctx)
258 substring_t args[MAX_OPT_ARGS];
260 switch (match_token(value, cifs_cacheflavor_tokens, args)) {
261 case Opt_cache_loose:
262 ctx->direct_io = false;
263 ctx->strict_io = false;
264 ctx->cache_ro = false;
265 ctx->cache_rw = false;
267 case Opt_cache_strict:
268 ctx->direct_io = false;
269 ctx->strict_io = true;
270 ctx->cache_ro = false;
271 ctx->cache_rw = false;
274 ctx->direct_io = true;
275 ctx->strict_io = false;
276 ctx->cache_ro = false;
277 ctx->cache_rw = false;
280 ctx->direct_io = false;
281 ctx->strict_io = false;
282 ctx->cache_ro = true;
283 ctx->cache_rw = false;
286 ctx->direct_io = false;
287 ctx->strict_io = false;
288 ctx->cache_ro = false;
289 ctx->cache_rw = true;
292 cifs_dbg(VFS, "bad cache= option: %s\n", value);
298 #define DUP_CTX_STR(field) \
301 new_ctx->field = kstrdup(ctx->field, GFP_ATOMIC); \
302 if (new_ctx->field == NULL) { \
303 smb3_cleanup_fs_context_contents(new_ctx); \
310 smb3_fs_context_dup(struct smb3_fs_context *new_ctx, struct smb3_fs_context *ctx)
312 memcpy(new_ctx, ctx, sizeof(*ctx));
313 new_ctx->prepath = NULL;
314 new_ctx->mount_options = NULL;
315 new_ctx->nodename = NULL;
316 new_ctx->username = NULL;
317 new_ctx->password = NULL;
318 new_ctx->domainname = NULL;
320 new_ctx->source = NULL;
321 new_ctx->iocharset = NULL;
324 * Make sure to stay in sync with smb3_cleanup_fs_context_contents()
326 DUP_CTX_STR(prepath);
327 DUP_CTX_STR(mount_options);
328 DUP_CTX_STR(username);
329 DUP_CTX_STR(password);
332 DUP_CTX_STR(domainname);
333 DUP_CTX_STR(nodename);
334 DUP_CTX_STR(iocharset);
340 cifs_parse_smb_version(char *value, struct smb3_fs_context *ctx, bool is_smb3)
342 substring_t args[MAX_OPT_ARGS];
344 switch (match_token(value, cifs_smb_version_tokens, args)) {
345 #ifdef CONFIG_CIFS_ALLOW_INSECURE_LEGACY
347 if (disable_legacy_dialects) {
348 cifs_dbg(VFS, "mount with legacy dialect disabled\n");
352 cifs_dbg(VFS, "vers=1.0 (cifs) not permitted when mounting with smb3\n");
355 cifs_dbg(VFS, "Use of the less secure dialect vers=1.0 is not recommended unless required for access to very old servers\n");
356 ctx->ops = &smb1_operations;
357 ctx->vals = &smb1_values;
360 if (disable_legacy_dialects) {
361 cifs_dbg(VFS, "mount with legacy dialect disabled\n");
365 cifs_dbg(VFS, "vers=2.0 not permitted when mounting with smb3\n");
368 ctx->ops = &smb20_operations;
369 ctx->vals = &smb20_values;
373 cifs_dbg(VFS, "vers=1.0 (cifs) mount not permitted when legacy dialects disabled\n");
376 cifs_dbg(VFS, "vers=2.0 mount not permitted when legacy dialects disabled\n");
378 #endif /* CIFS_ALLOW_INSECURE_LEGACY */
380 ctx->ops = &smb21_operations;
381 ctx->vals = &smb21_values;
384 ctx->ops = &smb30_operations;
385 ctx->vals = &smb30_values;
388 ctx->ops = &smb30_operations; /* currently identical with 3.0 */
389 ctx->vals = &smb302_values;
392 ctx->ops = &smb311_operations;
393 ctx->vals = &smb311_values;
396 ctx->ops = &smb30_operations; /* currently identical with 3.0 */
397 ctx->vals = &smb3any_values;
400 ctx->ops = &smb30_operations; /* currently identical with 3.0 */
401 ctx->vals = &smbdefault_values;
404 cifs_dbg(VFS, "Unknown vers= option specified: %s\n", value);
410 int smb3_parse_opt(const char *options, const char *key, char **val)
413 char *opts, *orig, *p;
415 orig = opts = kstrdup(options, GFP_KERNEL);
419 while ((p = strsep(&opts, ","))) {
424 if (strncasecmp(p, key, strlen(key)))
426 nval = strchr(p, '=');
431 *val = kstrndup(nval, strlen(nval), GFP_KERNEL);
432 rc = !*val ? -ENOMEM : 0;
442 * Parse a devname into substrings and populate the ctx->UNC and ctx->prepath
443 * fields with the result. Returns 0 on success and an error otherwise
444 * (e.g. ENOMEM or EINVAL)
447 smb3_parse_devname(const char *devname, struct smb3_fs_context *ctx)
450 const char *delims = "/\\";
453 if (unlikely(!devname || !*devname)) {
454 cifs_dbg(VFS, "Device name not specified\n");
458 /* make sure we have a valid UNC double delimiter prefix */
459 len = strspn(devname, delims);
463 /* find delimiter between host and sharename */
464 pos = strpbrk(devname + 2, delims);
468 /* skip past delimiter */
471 /* now go until next delimiter or end of string */
472 len = strcspn(pos, delims);
474 /* move "pos" up to delimiter or NULL */
476 ctx->UNC = kstrndup(devname, pos - devname, GFP_KERNEL);
480 convert_delimiter(ctx->UNC, '\\');
482 /* skip any delimiter */
483 if (*pos == '/' || *pos == '\\')
486 /* If pos is NULL then no prepath */
490 ctx->prepath = kstrdup(pos, GFP_KERNEL);
497 static void smb3_fs_context_free(struct fs_context *fc);
498 static int smb3_fs_context_parse_param(struct fs_context *fc,
499 struct fs_parameter *param);
500 static int smb3_fs_context_parse_monolithic(struct fs_context *fc,
502 static int smb3_get_tree(struct fs_context *fc);
503 static int smb3_reconfigure(struct fs_context *fc);
505 static const struct fs_context_operations smb3_fs_context_ops = {
506 .free = smb3_fs_context_free,
507 .parse_param = smb3_fs_context_parse_param,
508 .parse_monolithic = smb3_fs_context_parse_monolithic,
509 .get_tree = smb3_get_tree,
510 .reconfigure = smb3_reconfigure,
514 * Parse a monolithic block of data from sys_mount().
515 * smb3_fs_context_parse_monolithic - Parse key[=val][,key[=val]]* mount data
516 * @ctx: The superblock configuration to fill in.
517 * @data: The data to parse
519 * Parse a blob of data that's in key[=val][,key[=val]]* form. This can be
520 * called from the ->monolithic_mount_data() fs_context operation.
522 * Returns 0 on success or the error returned by the ->parse_option() fs_context
523 * operation on failure.
525 static int smb3_fs_context_parse_monolithic(struct fs_context *fc,
528 struct smb3_fs_context *ctx = smb3_fc2context(fc);
529 char *options = data, *key;
535 ctx->mount_options = kstrdup(data, GFP_KERNEL);
536 if (ctx->mount_options == NULL)
539 ret = security_sb_eat_lsm_opts(options, &fc->security);
543 /* BB Need to add support for sep= here TBD */
544 while ((key = strsep(&options, ",")) != NULL) {
547 char *value = strchr(key, '=');
553 v_len = strlen(value);
555 ret = vfs_parse_fs_string(fc, key, value, v_len);
565 * Validate the preparsed information in the config.
567 static int smb3_fs_context_validate(struct fs_context *fc)
569 struct smb3_fs_context *ctx = smb3_fc2context(fc);
571 if (ctx->rdma && ctx->vals->protocol_id < SMB30_PROT_ID) {
572 cifs_dbg(VFS, "SMB Direct requires Version >=3.0\n");
577 /* Muliuser mounts require CONFIG_KEYS support */
578 if (ctx->multiuser) {
579 cifs_dbg(VFS, "Multiuser mounts require kernels with CONFIG_KEYS enabled\n");
584 if (ctx->got_version == false)
585 pr_warn_once("No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.\n");
589 cifs_dbg(VFS, "CIFS mount error: No usable UNC path provided in device string!\n");
593 /* make sure UNC has a share name */
594 if (strlen(ctx->UNC) < 3 || !strchr(ctx->UNC + 3, '\\')) {
595 cifs_dbg(VFS, "Malformed UNC. Unable to find share name.\n");
603 /* No ip= option specified? Try to get it from UNC */
604 /* Use the address part of the UNC. */
605 slash = strchr(&ctx->UNC[2], '\\');
606 len = slash - &ctx->UNC[2];
607 if (!cifs_convert_address((struct sockaddr *)&ctx->dstaddr,
608 &ctx->UNC[2], len)) {
609 pr_err("Unable to determine destination address\n");
610 return -EHOSTUNREACH;
614 /* set the port that we got earlier */
615 cifs_set_port((struct sockaddr *)&ctx->dstaddr, ctx->port);
617 if (ctx->override_uid && !ctx->uid_specified) {
618 ctx->override_uid = 0;
619 pr_notice("ignoring forceuid mount option specified with no uid= option\n");
622 if (ctx->override_gid && !ctx->gid_specified) {
623 ctx->override_gid = 0;
624 pr_notice("ignoring forcegid mount option specified with no gid= option\n");
630 static int smb3_get_tree_common(struct fs_context *fc)
632 struct smb3_fs_context *ctx = smb3_fc2context(fc);
636 root = cifs_smb3_do_mount(fc->fs_type, 0, ctx);
638 return PTR_ERR(root);
646 * Create an SMB3 superblock from the parameters passed.
648 static int smb3_get_tree(struct fs_context *fc)
650 int err = smb3_fs_context_validate(fc);
654 return smb3_get_tree_common(fc);
657 static void smb3_fs_context_free(struct fs_context *fc)
659 struct smb3_fs_context *ctx = smb3_fc2context(fc);
661 smb3_cleanup_fs_context(ctx);
665 * Compare the old and new proposed context during reconfigure
666 * and check if the changes are compatible.
668 static int smb3_verify_reconfigure_ctx(struct smb3_fs_context *new_ctx,
669 struct smb3_fs_context *old_ctx)
671 if (new_ctx->posix_paths != old_ctx->posix_paths) {
672 cifs_dbg(VFS, "can not change posixpaths during remount\n");
675 if (new_ctx->sectype != old_ctx->sectype) {
676 cifs_dbg(VFS, "can not change sec during remount\n");
679 if (new_ctx->multiuser != old_ctx->multiuser) {
680 cifs_dbg(VFS, "can not change multiuser during remount\n");
684 (!old_ctx->UNC || strcmp(new_ctx->UNC, old_ctx->UNC))) {
685 cifs_dbg(VFS, "can not change UNC during remount\n");
688 if (new_ctx->username &&
689 (!old_ctx->username || strcmp(new_ctx->username, old_ctx->username))) {
690 cifs_dbg(VFS, "can not change username during remount\n");
693 if (new_ctx->password &&
694 (!old_ctx->password || strcmp(new_ctx->password, old_ctx->password))) {
695 cifs_dbg(VFS, "can not change password during remount\n");
698 if (new_ctx->domainname &&
699 (!old_ctx->domainname || strcmp(new_ctx->domainname, old_ctx->domainname))) {
700 cifs_dbg(VFS, "can not change domainname during remount\n");
703 if (new_ctx->nodename &&
704 (!old_ctx->nodename || strcmp(new_ctx->nodename, old_ctx->nodename))) {
705 cifs_dbg(VFS, "can not change nodename during remount\n");
708 if (new_ctx->iocharset &&
709 (!old_ctx->iocharset || strcmp(new_ctx->iocharset, old_ctx->iocharset))) {
710 cifs_dbg(VFS, "can not change iocharset during remount\n");
717 #define STEAL_STRING(cifs_sb, ctx, field) \
720 ctx->field = cifs_sb->ctx->field; \
721 cifs_sb->ctx->field = NULL; \
724 static int smb3_reconfigure(struct fs_context *fc)
726 struct smb3_fs_context *ctx = smb3_fc2context(fc);
727 struct dentry *root = fc->root;
728 struct cifs_sb_info *cifs_sb = CIFS_SB(root->d_sb);
731 rc = smb3_verify_reconfigure_ctx(ctx, cifs_sb->ctx);
736 * We can not change UNC/username/password/domainname/nodename/iocharset
737 * during reconnect so ignore what we have in the new context and
738 * just use what we already have in cifs_sb->ctx.
740 STEAL_STRING(cifs_sb, ctx, UNC);
741 STEAL_STRING(cifs_sb, ctx, source);
742 STEAL_STRING(cifs_sb, ctx, username);
743 STEAL_STRING(cifs_sb, ctx, password);
744 STEAL_STRING(cifs_sb, ctx, domainname);
745 STEAL_STRING(cifs_sb, ctx, nodename);
746 STEAL_STRING(cifs_sb, ctx, iocharset);
748 /* if rsize or wsize not passed in on remount, use previous values */
750 ctx->rsize = cifs_sb->ctx->rsize;
752 ctx->wsize = cifs_sb->ctx->wsize;
755 smb3_cleanup_fs_context_contents(cifs_sb->ctx);
756 rc = smb3_fs_context_dup(cifs_sb->ctx, ctx);
757 smb3_update_mnt_flags(cifs_sb);
762 static int smb3_fs_context_parse_param(struct fs_context *fc,
763 struct fs_parameter *param)
765 struct fs_parse_result result;
766 struct smb3_fs_context *ctx = smb3_fc2context(fc);
768 bool is_smb3 = !strcmp(fc->fs_type->name, "smb3");
769 bool skip_parsing = false;
771 cifs_dbg(FYI, "CIFS: parsing cifs mount option '%s'\n", param->key);
774 * fs_parse can not handle string options with an empty value so
775 * we will need special handling of them.
777 if (param->type == fs_value_is_string && param->string[0] == 0) {
778 if (!strcmp("pass", param->key) || !strcmp("password", param->key)) {
781 } else if (!strcmp("user", param->key) || !strcmp("username", param->key)) {
788 opt = fs_parse(fc, smb3_fs_parameters, param, &result);
790 return ctx->sloppy ? 1 : opt;
795 ctx->compression = UNKNOWN_TYPE;
797 "SMB3 compression support is experimental\n");
819 ctx->sfu_remap = false; /* disable SFU mapping */
830 ctx->override_uid = 0;
832 ctx->override_uid = 1;
836 ctx->override_gid = 0;
838 ctx->override_gid = 1;
858 case Opt_noblocksend:
870 case Opt_multichannel:
871 if (result.negated) {
872 ctx->multichannel = false;
873 ctx->max_channels = 1;
875 ctx->multichannel = true;
876 /* if number of channels not specified, default to 2 */
877 if (ctx->max_channels < 2)
878 ctx->max_channels = 2;
882 ctx->linux_uid.val = result.uint_32;
883 ctx->uid_specified = true;
886 ctx->cred_uid.val = result.uint_32;
889 ctx->backupgid.val = result.uint_32;
890 ctx->backupgid_specified = true;
893 ctx->linux_gid.val = result.uint_32;
894 ctx->gid_specified = true;
897 ctx->port = result.uint_32;
900 ctx->file_mode = result.uint_32;
903 ctx->dir_mode = result.uint_32;
905 case Opt_min_enc_offload:
906 ctx->min_offload = result.uint_32;
910 * inode blocksize realistically should never need to be
911 * less than 16K or greater than 16M and default is 1MB.
912 * Note that small inode block sizes (e.g. 64K) can lead
913 * to very poor performance of common tools like cp and scp
915 if ((result.uint_32 < CIFS_MAX_MSGSIZE) ||
916 (result.uint_32 > (4 * SMB3_DEFAULT_IOSIZE))) {
917 cifs_dbg(VFS, "%s: Invalid blocksize\n",
919 goto cifs_parse_mount_err;
921 ctx->bsize = result.uint_32;
922 ctx->got_bsize = true;
925 ctx->rsize = result.uint_32;
926 ctx->got_rsize = true;
929 ctx->wsize = result.uint_32;
930 ctx->got_wsize = true;
933 ctx->actimeo = HZ * result.uint_32;
934 if (ctx->actimeo > CIFS_MAX_ACTIMEO) {
935 cifs_dbg(VFS, "attribute cache timeout too large\n");
936 goto cifs_parse_mount_err;
939 case Opt_echo_interval:
940 ctx->echo_interval = result.uint_32;
943 ctx->snapshot_time = result.uint_32;
945 case Opt_max_credits:
946 if (result.uint_32 < 20 || result.uint_32 > 60000) {
947 cifs_dbg(VFS, "%s: Invalid max_credits value\n",
949 goto cifs_parse_mount_err;
951 ctx->max_credits = result.uint_32;
953 case Opt_max_channels:
954 if (result.uint_32 < 1 || result.uint_32 > CIFS_MAX_CHANNELS) {
955 cifs_dbg(VFS, "%s: Invalid max_channels value, needs to be 1-%d\n",
956 __func__, CIFS_MAX_CHANNELS);
957 goto cifs_parse_mount_err;
959 ctx->max_channels = result.uint_32;
961 case Opt_handletimeout:
962 ctx->handle_timeout = result.uint_32;
963 if (ctx->handle_timeout > SMB3_MAX_HANDLE_TIMEOUT) {
964 cifs_dbg(VFS, "Invalid handle cache timeout, longer than 16 minutes\n");
965 goto cifs_parse_mount_err;
971 switch (smb3_parse_devname(param->string, ctx)) {
975 cifs_dbg(VFS, "Unable to allocate memory for devname\n");
976 goto cifs_parse_mount_err;
978 cifs_dbg(VFS, "Malformed UNC in devname\n");
979 goto cifs_parse_mount_err;
981 cifs_dbg(VFS, "Unknown error parsing devname\n");
982 goto cifs_parse_mount_err;
984 ctx->source = kstrdup(param->string, GFP_KERNEL);
985 if (ctx->source == NULL) {
986 cifs_dbg(VFS, "OOM when copying UNC string\n");
987 goto cifs_parse_mount_err;
989 fc->source = kstrdup(param->string, GFP_KERNEL);
990 if (fc->source == NULL) {
991 cifs_dbg(VFS, "OOM when copying UNC string\n");
992 goto cifs_parse_mount_err;
996 kfree(ctx->username);
997 ctx->username = NULL;
998 if (strlen(param->string) == 0) {
999 /* null user, ie. anonymous authentication */
1004 if (strnlen(param->string, CIFS_MAX_USERNAME_LEN) >
1005 CIFS_MAX_USERNAME_LEN) {
1006 pr_warn("username too long\n");
1007 goto cifs_parse_mount_err;
1009 ctx->username = kstrdup(param->string, GFP_KERNEL);
1010 if (ctx->username == NULL) {
1011 cifs_dbg(VFS, "OOM when copying username string\n");
1012 goto cifs_parse_mount_err;
1016 kfree(ctx->password);
1017 ctx->password = NULL;
1018 if (strlen(param->string) == 0)
1021 ctx->password = kstrdup(param->string, GFP_KERNEL);
1022 if (ctx->password == NULL) {
1023 cifs_dbg(VFS, "OOM when copying password string\n");
1024 goto cifs_parse_mount_err;
1028 if (strlen(param->string) == 0) {
1029 ctx->got_ip = false;
1032 if (!cifs_convert_address((struct sockaddr *)&ctx->dstaddr,
1034 strlen(param->string))) {
1035 pr_err("bad ip= option (%s)\n", param->string);
1036 goto cifs_parse_mount_err;
1041 if (strnlen(param->string, CIFS_MAX_DOMAINNAME_LEN)
1042 == CIFS_MAX_DOMAINNAME_LEN) {
1043 pr_warn("domain name too long\n");
1044 goto cifs_parse_mount_err;
1047 kfree(ctx->domainname);
1048 ctx->domainname = kstrdup(param->string, GFP_KERNEL);
1049 if (ctx->domainname == NULL) {
1050 cifs_dbg(VFS, "OOM when copying domainname string\n");
1051 goto cifs_parse_mount_err;
1053 cifs_dbg(FYI, "Domain name set\n");
1056 if (!cifs_convert_address(
1057 (struct sockaddr *)&ctx->srcaddr,
1058 param->string, strlen(param->string))) {
1059 pr_warn("Could not parse srcaddr: %s\n",
1061 goto cifs_parse_mount_err;
1065 if (strnlen(param->string, 1024) >= 65) {
1066 pr_warn("iocharset name too long\n");
1067 goto cifs_parse_mount_err;
1070 if (strncasecmp(param->string, "default", 7) != 0) {
1071 kfree(ctx->iocharset);
1072 ctx->iocharset = kstrdup(param->string, GFP_KERNEL);
1073 if (ctx->iocharset == NULL) {
1074 cifs_dbg(VFS, "OOM when copying iocharset string\n");
1075 goto cifs_parse_mount_err;
1078 /* if iocharset not set then load_nls_default
1081 cifs_dbg(FYI, "iocharset set to %s\n", ctx->iocharset);
1083 case Opt_netbiosname:
1084 memset(ctx->source_rfc1001_name, 0x20,
1087 * FIXME: are there cases in which a comma can
1088 * be valid in workstation netbios name (and
1089 * need special handling)?
1091 for (i = 0; i < RFC1001_NAME_LEN; i++) {
1092 /* don't ucase netbiosname for user */
1093 if (param->string[i] == 0)
1095 ctx->source_rfc1001_name[i] = param->string[i];
1097 /* The string has 16th byte zero still from
1098 * set at top of the function
1100 if (i == RFC1001_NAME_LEN && param->string[i] != 0)
1101 pr_warn("netbiosname longer than 15 truncated\n");
1104 /* last byte, type, is 0x20 for servr type */
1105 memset(ctx->target_rfc1001_name, 0x20,
1106 RFC1001_NAME_LEN_WITH_NULL);
1108 * BB are there cases in which a comma can be valid in this
1109 * workstation netbios name (and need special handling)?
1112 /* user or mount helper must uppercase the netbios name */
1113 for (i = 0; i < 15; i++) {
1114 if (param->string[i] == 0)
1116 ctx->target_rfc1001_name[i] = param->string[i];
1119 /* The string has 16th byte zero still from set at top of function */
1120 if (i == RFC1001_NAME_LEN && param->string[i] != 0)
1121 pr_warn("server netbiosname longer than 15 truncated\n");
1124 /* version of mount userspace tools, not dialect */
1125 /* If interface changes in mount.cifs bump to new ver */
1126 if (strncasecmp(param->string, "1", 1) == 0) {
1127 if (strlen(param->string) > 1) {
1128 pr_warn("Bad mount helper ver=%s. Did you want SMB1 (CIFS) dialect and mean to type vers=1.0 instead?\n",
1130 goto cifs_parse_mount_err;
1132 /* This is the default */
1135 /* For all other value, error */
1136 pr_warn("Invalid mount helper version specified\n");
1137 goto cifs_parse_mount_err;
1139 /* protocol version (dialect) */
1140 if (cifs_parse_smb_version(param->string, ctx, is_smb3) != 0)
1141 goto cifs_parse_mount_err;
1142 ctx->got_version = true;
1145 if (cifs_parse_security_flavors(param->string, ctx) != 0)
1146 goto cifs_parse_mount_err;
1149 if (cifs_parse_cache_flavor(param->string, ctx) != 0)
1150 goto cifs_parse_mount_err;
1153 #ifndef CONFIG_CIFS_SWN_UPCALL
1154 cifs_dbg(VFS, "Witness support needs CONFIG_CIFS_SWN_UPCALL config option\n");
1155 goto cifs_parse_mount_err;
1157 ctx->witness = true;
1158 pr_warn_once("Witness protocol support is experimental\n");
1161 #ifdef CONFIG_CIFS_ROOT
1165 case Opt_posixpaths:
1167 ctx->posix_paths = 0;
1169 ctx->posix_paths = 1;
1175 ctx->no_linux_ext = 1;
1181 if (result.negated) {
1183 * turn off mandatory locking in mode
1184 * if remote locking is turned off since the
1185 * local vfs will do advisory
1187 if (ctx->file_mode ==
1188 (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1189 ctx->file_mode = S_IALLUGO;
1194 case Opt_handlecache:
1196 ctx->nohandlecache = 1;
1198 ctx->nohandlecache = 0;
1200 case Opt_forcemandatorylock:
1204 ctx->setuids = result.negated;
1207 ctx->intr = !result.negated;
1209 case Opt_setuidfromacl:
1210 ctx->setuidfromacl = 1;
1212 case Opt_strictsync:
1213 ctx->nostrictsync = result.negated;
1216 ctx->server_ino = !result.negated;
1218 case Opt_rwpidforward:
1219 ctx->rwpidforward = 1;
1225 ctx->cifs_acl = !result.negated;
1228 ctx->no_psx_acl = result.negated;
1230 case Opt_locallease:
1231 ctx->local_lease = 1;
1236 case Opt_ignore_signature:
1238 ctx->ignore_signature = true;
1241 /* we do not do the following in secFlags because seal
1242 * is a per tree connection (mount) not a per socket
1243 * or per-smb connection option in the protocol
1244 * vol->secFlg |= CIFSSEC_MUST_SEAL;
1249 pr_warn("Mount option noac not supported. Instead set /proc/fs/cifs/LookupCacheEnabled to 0\n");
1252 #ifndef CONFIG_CIFS_FSCACHE
1253 cifs_dbg(VFS, "FS-Cache support needs CONFIG_CIFS_FSCACHE kernel config option set\n");
1254 goto cifs_parse_mount_err;
1258 case Opt_mfsymlinks:
1259 ctx->mfsymlinks = true;
1262 ctx->multiuser = true;
1267 case Opt_nosharesock:
1268 ctx->nosharesock = true;
1270 case Opt_persistent:
1271 if (result.negated) {
1272 ctx->nopersistent = true;
1273 if (ctx->persistent) {
1275 "persistenthandles mount options conflict\n");
1276 goto cifs_parse_mount_err;
1279 ctx->persistent = true;
1280 if ((ctx->nopersistent) || (ctx->resilient)) {
1282 "persistenthandles mount options conflict\n");
1283 goto cifs_parse_mount_err;
1288 if (result.negated) {
1289 ctx->resilient = false; /* already the default */
1291 ctx->resilient = true;
1292 if (ctx->persistent) {
1294 "persistenthandles mount options conflict\n");
1295 goto cifs_parse_mount_err;
1299 case Opt_domainauto:
1300 ctx->domainauto = true;
1306 /* case Opt_ignore: - is ignored as expected ... */
1310 cifs_parse_mount_err:
1314 int smb3_init_fs_context(struct fs_context *fc)
1316 struct smb3_fs_context *ctx;
1317 char *nodename = utsname()->nodename;
1320 ctx = kzalloc(sizeof(struct smb3_fs_context), GFP_KERNEL);
1325 * does not have to be perfect mapping since field is
1326 * informational, only used for servers that do not support
1327 * port 445 and it can be overridden at mount time
1329 memset(ctx->source_rfc1001_name, 0x20, RFC1001_NAME_LEN);
1330 for (i = 0; i < strnlen(nodename, RFC1001_NAME_LEN); i++)
1331 ctx->source_rfc1001_name[i] = toupper(nodename[i]);
1333 ctx->source_rfc1001_name[RFC1001_NAME_LEN] = 0;
1335 * null target name indicates to use *SMBSERVR default called name
1336 * if we end up sending RFC1001 session initialize
1338 ctx->target_rfc1001_name[0] = 0;
1339 ctx->cred_uid = current_uid();
1340 ctx->linux_uid = current_uid();
1341 ctx->linux_gid = current_gid();
1342 ctx->bsize = 1024 * 1024; /* can improve cp performance significantly */
1345 * default to SFM style remapping of seven reserved characters
1346 * unless user overrides it or we negotiate CIFS POSIX where
1347 * it is unnecessary. Can not simultaneously use more than one mapping
1348 * since then readdir could list files that open could not open
1352 /* default to only allowing write access to owner of the mount */
1353 ctx->dir_mode = ctx->file_mode = S_IRUGO | S_IXUGO | S_IWUSR;
1355 /* ctx->retry default is 0 (i.e. "soft" limited retry not hard retry) */
1356 /* default is always to request posix paths. */
1357 ctx->posix_paths = 1;
1358 /* default to using server inode numbers where available */
1359 ctx->server_ino = 1;
1361 /* default is to use strict cifs caching semantics */
1362 ctx->strict_io = true;
1364 ctx->actimeo = CIFS_DEF_ACTIMEO;
1366 /* Most clients set timeout to 0, allows server to use its default */
1367 ctx->handle_timeout = 0; /* See MS-SMB2 spec section 2.2.14.2.12 */
1369 /* offer SMB2.1 and later (SMB3 etc). Secure and widely accepted */
1370 ctx->ops = &smb30_operations;
1371 ctx->vals = &smbdefault_values;
1373 ctx->echo_interval = SMB_ECHO_INTERVAL_DEFAULT;
1375 /* default to no multichannel (single server connection) */
1376 ctx->multichannel = false;
1377 ctx->max_channels = 1;
1379 ctx->backupuid_specified = false; /* no backup intent for a user */
1380 ctx->backupgid_specified = false; /* no backup intent for a group */
1383 * short int override_uid = -1;
1384 * short int override_gid = -1;
1385 * char *nodename = strdup(utsname()->nodename);
1386 * struct sockaddr *dstaddr = (struct sockaddr *)&vol->dstaddr;
1389 fc->fs_private = ctx;
1390 fc->ops = &smb3_fs_context_ops;
1395 smb3_cleanup_fs_context_contents(struct smb3_fs_context *ctx)
1401 * Make sure this stays in sync with smb3_fs_context_dup()
1403 kfree(ctx->mount_options);
1404 ctx->mount_options = NULL;
1405 kfree(ctx->username);
1406 ctx->username = NULL;
1407 kfree_sensitive(ctx->password);
1408 ctx->password = NULL;
1413 kfree(ctx->domainname);
1414 ctx->domainname = NULL;
1415 kfree(ctx->nodename);
1416 ctx->nodename = NULL;
1417 kfree(ctx->iocharset);
1418 ctx->iocharset = NULL;
1419 kfree(ctx->prepath);
1420 ctx->prepath = NULL;
1424 smb3_cleanup_fs_context(struct smb3_fs_context *ctx)
1428 smb3_cleanup_fs_context_contents(ctx);
1432 void smb3_update_mnt_flags(struct cifs_sb_info *cifs_sb)
1434 struct smb3_fs_context *ctx = cifs_sb->ctx;
1437 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_DFS;
1439 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NO_DFS;
1442 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
1444 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NO_PERM;
1447 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
1449 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_SET_UID;
1451 if (ctx->setuidfromacl)
1452 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UID_FROM_ACL;
1454 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_UID_FROM_ACL;
1456 if (ctx->server_ino)
1457 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
1459 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_SERVER_INUM;
1462 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SFM_CHR;
1464 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_MAP_SFM_CHR;
1467 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
1469 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_MAP_SPECIAL_CHR;
1472 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
1474 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NO_XATTR;
1477 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
1479 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_UNX_EMUL;
1482 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
1484 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NO_BRL;
1486 if (ctx->nohandlecache)
1487 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_HANDLE_CACHE;
1489 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NO_HANDLE_CACHE;
1491 if (ctx->nostrictsync)
1492 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOSSYNC;
1494 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NOSSYNC;
1497 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOPOSIXBRL;
1499 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NOPOSIXBRL;
1501 if (ctx->rwpidforward)
1502 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_RWPIDFORWARD;
1504 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_RWPIDFORWARD;
1507 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MODE_FROM_SID;
1509 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_MODE_FROM_SID;
1512 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
1514 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_CIFS_ACL;
1516 if (ctx->backupuid_specified)
1517 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_BACKUPUID;
1519 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_CIFS_BACKUPUID;
1521 if (ctx->backupgid_specified)
1522 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_BACKUPGID;
1524 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_CIFS_BACKUPGID;
1526 if (ctx->override_uid)
1527 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
1529 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_OVERR_UID;
1531 if (ctx->override_gid)
1532 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
1534 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_OVERR_GID;
1537 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DYNPERM;
1539 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_DYNPERM;
1542 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_FSCACHE;
1544 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_FSCACHE;
1547 cifs_sb->mnt_cifs_flags |= (CIFS_MOUNT_MULTIUSER |
1548 CIFS_MOUNT_NO_PERM);
1550 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_MULTIUSER;
1554 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_STRICT_IO;
1556 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_STRICT_IO;
1559 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
1561 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_DIRECT_IO;
1563 if (ctx->mfsymlinks)
1564 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MF_SYMLINKS;
1566 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_MF_SYMLINKS;
1567 if (ctx->mfsymlinks) {
1568 if (ctx->sfu_emul) {
1570 * Our SFU ("Services for Unix" emulation does not allow
1571 * creating symlinks but does allow reading existing SFU
1572 * symlinks (it does allow both creating and reading SFU
1573 * style mknod and FIFOs though). When "mfsymlinks" and
1574 * "sfu" are both enabled at the same time, it allows
1575 * reading both types of symlinks, but will only create
1576 * them with mfsymlinks format. This allows better
1577 * Apple compatibility (probably better for Samba too)
1578 * while still recognizing old Windows style symlinks.
1580 cifs_dbg(VFS, "mount options mfsymlinks and sfu both enabled\n");