1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Copyright (C) 2020, Microsoft Corporation.
5 * Author(s): Steve French <stfrench@microsoft.com>
6 * David Howells <dhowells@redhat.com>
10 #include <linux/module.h>
11 #include <linux/nsproxy.h>
12 #include <linux/slab.h>
13 #include <linux/magic.h>
14 #include <linux/security.h>
15 #include <net/net_namespace.h>
18 #include <linux/ctype.h>
19 #include <linux/fs_context.h>
20 #include <linux/fs_parser.h>
22 #include <linux/mount.h>
23 #include <linux/parser.h>
24 #include <linux/utsname.h>
28 #include "cifsproto.h"
29 #include "cifs_unicode.h"
30 #include "cifs_debug.h"
31 #include "cifs_fs_sb.h"
34 #include "rfc1002pdu.h"
35 #include "fs_context.h"
37 static const match_table_t cifs_smb_version_tokens = {
38 { Smb_1, SMB1_VERSION_STRING },
39 { Smb_20, SMB20_VERSION_STRING},
40 { Smb_21, SMB21_VERSION_STRING },
41 { Smb_30, SMB30_VERSION_STRING },
42 { Smb_302, SMB302_VERSION_STRING },
43 { Smb_302, ALT_SMB302_VERSION_STRING },
44 { Smb_311, SMB311_VERSION_STRING },
45 { Smb_311, ALT_SMB311_VERSION_STRING },
46 { Smb_3any, SMB3ANY_VERSION_STRING },
47 { Smb_default, SMBDEFAULT_VERSION_STRING },
48 { Smb_version_err, NULL }
51 static const match_table_t cifs_secflavor_tokens = {
52 { Opt_sec_krb5, "krb5" },
53 { Opt_sec_krb5i, "krb5i" },
54 { Opt_sec_krb5p, "krb5p" },
55 { Opt_sec_ntlmsspi, "ntlmsspi" },
56 { Opt_sec_ntlmssp, "ntlmssp" },
58 { Opt_sec_ntlmi, "ntlmi" },
59 { Opt_sec_ntlmv2, "nontlm" },
60 { Opt_sec_ntlmv2, "ntlmv2" },
61 { Opt_sec_ntlmv2i, "ntlmv2i" },
62 { Opt_sec_lanman, "lanman" },
63 { Opt_sec_none, "none" },
68 const struct fs_parameter_spec smb3_fs_parameters[] = {
69 /* Mount options that take no arguments */
70 fsparam_flag_no("user_xattr", Opt_user_xattr),
71 fsparam_flag_no("forceuid", Opt_forceuid),
72 fsparam_flag_no("multichannel", Opt_multichannel),
73 fsparam_flag_no("forcegid", Opt_forcegid),
74 fsparam_flag("noblocksend", Opt_noblocksend),
75 fsparam_flag("noautotune", Opt_noautotune),
76 fsparam_flag("nolease", Opt_nolease),
77 fsparam_flag_no("hard", Opt_hard),
78 fsparam_flag_no("soft", Opt_soft),
79 fsparam_flag_no("perm", Opt_perm),
80 fsparam_flag("nodelete", Opt_nodelete),
81 fsparam_flag_no("mapposix", Opt_mapposix),
82 fsparam_flag("mapchars", Opt_mapchars),
83 fsparam_flag("nomapchars", Opt_nomapchars),
84 fsparam_flag_no("sfu", Opt_sfu),
85 fsparam_flag("nodfs", Opt_nodfs),
86 fsparam_flag_no("posixpaths", Opt_posixpaths),
87 fsparam_flag_no("unix", Opt_unix),
88 fsparam_flag_no("linux", Opt_unix),
89 fsparam_flag_no("posix", Opt_unix),
90 fsparam_flag("nocase", Opt_nocase),
91 fsparam_flag("ignorecase", Opt_nocase),
92 fsparam_flag_no("brl", Opt_brl),
93 fsparam_flag_no("handlecache", Opt_handlecache),
94 fsparam_flag("forcemandatorylock", Opt_forcemandatorylock),
95 fsparam_flag("forcemand", Opt_forcemandatorylock),
96 fsparam_flag("setuidfromacl", Opt_setuidfromacl),
97 fsparam_flag("idsfromsid", Opt_setuidfromacl),
98 fsparam_flag_no("setuids", Opt_setuids),
99 fsparam_flag_no("dynperm", Opt_dynperm),
100 fsparam_flag_no("intr", Opt_intr),
101 fsparam_flag_no("strictsync", Opt_strictsync),
102 fsparam_flag_no("serverino", Opt_serverino),
103 fsparam_flag("rwpidforward", Opt_rwpidforward),
104 fsparam_flag("cifsacl", Opt_cifsacl),
105 fsparam_flag_no("acl", Opt_acl),
106 fsparam_flag("locallease", Opt_locallease),
107 fsparam_flag("sign", Opt_sign),
108 fsparam_flag("ignore_signature", Opt_ignore_signature),
109 fsparam_flag("signloosely", Opt_ignore_signature),
110 fsparam_flag("seal", Opt_seal),
111 fsparam_flag("noac", Opt_noac),
112 fsparam_flag("fsc", Opt_fsc),
113 fsparam_flag("mfsymlinks", Opt_mfsymlinks),
114 fsparam_flag("multiuser", Opt_multiuser),
115 fsparam_flag("sloppy", Opt_sloppy),
116 fsparam_flag("nosharesock", Opt_nosharesock),
117 fsparam_flag_no("persistenthandles", Opt_persistent),
118 fsparam_flag_no("resilienthandles", Opt_resilient),
119 fsparam_flag("domainauto", Opt_domainauto),
120 fsparam_flag("rdma", Opt_rdma),
121 fsparam_flag("modesid", Opt_modesid),
122 fsparam_flag("modefromsid", Opt_modesid),
123 fsparam_flag("rootfs", Opt_rootfs),
124 fsparam_flag("compress", Opt_compress),
125 fsparam_flag("witness", Opt_witness),
127 /* Mount options which take numeric value */
128 fsparam_u32("backupuid", Opt_backupuid),
129 fsparam_u32("backupgid", Opt_backupgid),
130 fsparam_u32("uid", Opt_uid),
131 fsparam_u32("cruid", Opt_cruid),
132 fsparam_u32("gid", Opt_gid),
133 fsparam_u32("file_mode", Opt_file_mode),
134 fsparam_u32("dirmode", Opt_dirmode),
135 fsparam_u32("dir_mode", Opt_dirmode),
136 fsparam_u32("port", Opt_port),
137 fsparam_u32("min_enc_offload", Opt_min_enc_offload),
138 fsparam_u32("esize", Opt_min_enc_offload),
139 fsparam_u32("bsize", Opt_blocksize),
140 fsparam_u32("rsize", Opt_rsize),
141 fsparam_u32("wsize", Opt_wsize),
142 fsparam_u32("actimeo", Opt_actimeo),
143 fsparam_u32("echo_interval", Opt_echo_interval),
144 fsparam_u32("max_credits", Opt_max_credits),
145 fsparam_u32("handletimeout", Opt_handletimeout),
146 fsparam_u32("snapshot", Opt_snapshot),
147 fsparam_u32("max_channels", Opt_max_channels),
149 /* Mount options which take string value */
150 fsparam_string("source", Opt_source),
151 fsparam_string("unc", Opt_source),
152 fsparam_string("user", Opt_user),
153 fsparam_string("username", Opt_user),
154 fsparam_string("pass", Opt_pass),
155 fsparam_string("password", Opt_pass),
156 fsparam_string("ip", Opt_ip),
157 fsparam_string("addr", Opt_ip),
158 fsparam_string("domain", Opt_domain),
159 fsparam_string("dom", Opt_domain),
160 fsparam_string("srcaddr", Opt_srcaddr),
161 fsparam_string("iocharset", Opt_iocharset),
162 fsparam_string("netbiosname", Opt_netbiosname),
163 fsparam_string("servern", Opt_servern),
164 fsparam_string("ver", Opt_ver),
165 fsparam_string("vers", Opt_vers),
166 fsparam_string("sec", Opt_sec),
167 fsparam_string("cache", Opt_cache),
169 /* Arguments that should be ignored */
170 fsparam_flag("guest", Opt_ignore),
171 fsparam_flag("noatime", Opt_ignore),
172 fsparam_flag("relatime", Opt_ignore),
173 fsparam_flag("_netdev", Opt_ignore),
174 fsparam_flag_no("suid", Opt_ignore),
175 fsparam_flag_no("exec", Opt_ignore),
176 fsparam_flag_no("dev", Opt_ignore),
177 fsparam_flag_no("mand", Opt_ignore),
178 fsparam_string("cred", Opt_ignore),
179 fsparam_string("credentials", Opt_ignore),
184 cifs_parse_security_flavors(char *value, struct smb3_fs_context *ctx)
187 substring_t args[MAX_OPT_ARGS];
190 * With mount options, the last one should win. Reset any existing
191 * settings back to default.
193 ctx->sectype = Unspecified;
196 switch (match_token(value, cifs_secflavor_tokens, args)) {
198 cifs_dbg(VFS, "sec=krb5p is not supported!\n");
204 ctx->sectype = Kerberos;
206 case Opt_sec_ntlmsspi:
209 case Opt_sec_ntlmssp:
210 ctx->sectype = RawNTLMSSP;
218 case Opt_sec_ntlmv2i:
222 ctx->sectype = NTLMv2;
224 #ifdef CONFIG_CIFS_WEAK_PW_HASH
226 ctx->sectype = LANMAN;
233 cifs_dbg(VFS, "bad security option: %s\n", value);
240 static const match_table_t cifs_cacheflavor_tokens = {
241 { Opt_cache_loose, "loose" },
242 { Opt_cache_strict, "strict" },
243 { Opt_cache_none, "none" },
244 { Opt_cache_ro, "ro" },
245 { Opt_cache_rw, "singleclient" },
246 { Opt_cache_err, NULL }
250 cifs_parse_cache_flavor(char *value, struct smb3_fs_context *ctx)
252 substring_t args[MAX_OPT_ARGS];
254 switch (match_token(value, cifs_cacheflavor_tokens, args)) {
255 case Opt_cache_loose:
256 ctx->direct_io = false;
257 ctx->strict_io = false;
258 ctx->cache_ro = false;
259 ctx->cache_rw = false;
261 case Opt_cache_strict:
262 ctx->direct_io = false;
263 ctx->strict_io = true;
264 ctx->cache_ro = false;
265 ctx->cache_rw = false;
268 ctx->direct_io = true;
269 ctx->strict_io = false;
270 ctx->cache_ro = false;
271 ctx->cache_rw = false;
274 ctx->direct_io = false;
275 ctx->strict_io = false;
276 ctx->cache_ro = true;
277 ctx->cache_rw = false;
280 ctx->direct_io = false;
281 ctx->strict_io = false;
282 ctx->cache_ro = false;
283 ctx->cache_rw = true;
286 cifs_dbg(VFS, "bad cache= option: %s\n", value);
292 #define DUP_CTX_STR(field) \
295 new_ctx->field = kstrdup(ctx->field, GFP_ATOMIC); \
296 if (new_ctx->field == NULL) { \
297 smb3_cleanup_fs_context_contents(new_ctx); \
304 smb3_fs_context_dup(struct smb3_fs_context *new_ctx, struct smb3_fs_context *ctx)
308 memcpy(new_ctx, ctx, sizeof(*ctx));
309 new_ctx->prepath = NULL;
310 new_ctx->mount_options = NULL;
311 new_ctx->nodename = NULL;
312 new_ctx->username = NULL;
313 new_ctx->password = NULL;
314 new_ctx->domainname = NULL;
316 new_ctx->iocharset = NULL;
319 * Make sure to stay in sync with smb3_cleanup_fs_context_contents()
321 DUP_CTX_STR(prepath);
322 DUP_CTX_STR(mount_options);
323 DUP_CTX_STR(username);
324 DUP_CTX_STR(password);
326 DUP_CTX_STR(domainname);
327 DUP_CTX_STR(nodename);
328 DUP_CTX_STR(iocharset);
334 cifs_parse_smb_version(char *value, struct smb3_fs_context *ctx, bool is_smb3)
336 substring_t args[MAX_OPT_ARGS];
338 switch (match_token(value, cifs_smb_version_tokens, args)) {
339 #ifdef CONFIG_CIFS_ALLOW_INSECURE_LEGACY
341 if (disable_legacy_dialects) {
342 cifs_dbg(VFS, "mount with legacy dialect disabled\n");
346 cifs_dbg(VFS, "vers=1.0 (cifs) not permitted when mounting with smb3\n");
349 cifs_dbg(VFS, "Use of the less secure dialect vers=1.0 is not recommended unless required for access to very old servers\n");
350 ctx->ops = &smb1_operations;
351 ctx->vals = &smb1_values;
354 if (disable_legacy_dialects) {
355 cifs_dbg(VFS, "mount with legacy dialect disabled\n");
359 cifs_dbg(VFS, "vers=2.0 not permitted when mounting with smb3\n");
362 ctx->ops = &smb20_operations;
363 ctx->vals = &smb20_values;
367 cifs_dbg(VFS, "vers=1.0 (cifs) mount not permitted when legacy dialects disabled\n");
370 cifs_dbg(VFS, "vers=2.0 mount not permitted when legacy dialects disabled\n");
372 #endif /* CIFS_ALLOW_INSECURE_LEGACY */
374 ctx->ops = &smb21_operations;
375 ctx->vals = &smb21_values;
378 ctx->ops = &smb30_operations;
379 ctx->vals = &smb30_values;
382 ctx->ops = &smb30_operations; /* currently identical with 3.0 */
383 ctx->vals = &smb302_values;
386 ctx->ops = &smb311_operations;
387 ctx->vals = &smb311_values;
390 ctx->ops = &smb30_operations; /* currently identical with 3.0 */
391 ctx->vals = &smb3any_values;
394 ctx->ops = &smb30_operations; /* currently identical with 3.0 */
395 ctx->vals = &smbdefault_values;
398 cifs_dbg(VFS, "Unknown vers= option specified: %s\n", value);
405 * Parse a devname into substrings and populate the ctx->UNC and ctx->prepath
406 * fields with the result. Returns 0 on success and an error otherwise
407 * (e.g. ENOMEM or EINVAL)
410 smb3_parse_devname(const char *devname, struct smb3_fs_context *ctx)
413 const char *delims = "/\\";
416 if (unlikely(!devname || !*devname)) {
417 cifs_dbg(VFS, "Device name not specified\n");
421 /* make sure we have a valid UNC double delimiter prefix */
422 len = strspn(devname, delims);
426 /* find delimiter between host and sharename */
427 pos = strpbrk(devname + 2, delims);
431 /* skip past delimiter */
434 /* now go until next delimiter or end of string */
435 len = strcspn(pos, delims);
437 /* move "pos" up to delimiter or NULL */
439 ctx->UNC = kstrndup(devname, pos - devname, GFP_KERNEL);
443 convert_delimiter(ctx->UNC, '\\');
445 /* skip any delimiter */
446 if (*pos == '/' || *pos == '\\')
449 /* If pos is NULL then no prepath */
453 ctx->prepath = kstrdup(pos, GFP_KERNEL);
460 static void smb3_fs_context_free(struct fs_context *fc);
461 static int smb3_fs_context_parse_param(struct fs_context *fc,
462 struct fs_parameter *param);
463 static int smb3_fs_context_parse_monolithic(struct fs_context *fc,
465 static int smb3_get_tree(struct fs_context *fc);
466 static int smb3_reconfigure(struct fs_context *fc);
468 static const struct fs_context_operations smb3_fs_context_ops = {
469 .free = smb3_fs_context_free,
470 .parse_param = smb3_fs_context_parse_param,
471 .parse_monolithic = smb3_fs_context_parse_monolithic,
472 .get_tree = smb3_get_tree,
473 .reconfigure = smb3_reconfigure,
477 * Parse a monolithic block of data from sys_mount().
478 * smb3_fs_context_parse_monolithic - Parse key[=val][,key[=val]]* mount data
479 * @ctx: The superblock configuration to fill in.
480 * @data: The data to parse
482 * Parse a blob of data that's in key[=val][,key[=val]]* form. This can be
483 * called from the ->monolithic_mount_data() fs_context operation.
485 * Returns 0 on success or the error returned by the ->parse_option() fs_context
486 * operation on failure.
488 static int smb3_fs_context_parse_monolithic(struct fs_context *fc,
491 struct smb3_fs_context *ctx = smb3_fc2context(fc);
492 char *options = data, *key;
498 ctx->mount_options = kstrdup(data, GFP_KERNEL);
499 if (ctx->mount_options == NULL)
502 ret = security_sb_eat_lsm_opts(options, &fc->security);
506 /* BB Need to add support for sep= here TBD */
507 while ((key = strsep(&options, ",")) != NULL) {
510 char *value = strchr(key, '=');
516 v_len = strlen(value);
518 ret = vfs_parse_fs_string(fc, key, value, v_len);
528 * Validate the preparsed information in the config.
530 static int smb3_fs_context_validate(struct fs_context *fc)
532 struct smb3_fs_context *ctx = smb3_fc2context(fc);
534 if (ctx->rdma && ctx->vals->protocol_id < SMB30_PROT_ID) {
535 cifs_dbg(VFS, "SMB Direct requires Version >=3.0\n");
540 /* Muliuser mounts require CONFIG_KEYS support */
541 if (ctx->multiuser) {
542 cifs_dbg(VFS, "Multiuser mounts require kernels with CONFIG_KEYS enabled\n");
547 if (ctx->got_version == false)
548 pr_warn_once("No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.\n");
552 cifs_dbg(VFS, "CIFS mount error: No usable UNC path provided in device string!\n");
556 /* make sure UNC has a share name */
557 if (strlen(ctx->UNC) < 3 || !strchr(ctx->UNC + 3, '\\')) {
558 cifs_dbg(VFS, "Malformed UNC. Unable to find share name.\n");
566 /* No ip= option specified? Try to get it from UNC */
567 /* Use the address part of the UNC. */
568 slash = strchr(&ctx->UNC[2], '\\');
569 len = slash - &ctx->UNC[2];
570 if (!cifs_convert_address((struct sockaddr *)&ctx->dstaddr,
571 &ctx->UNC[2], len)) {
572 pr_err("Unable to determine destination address\n");
577 /* set the port that we got earlier */
578 cifs_set_port((struct sockaddr *)&ctx->dstaddr, ctx->port);
580 if (ctx->override_uid && !ctx->uid_specified) {
581 ctx->override_uid = 0;
582 pr_notice("ignoring forceuid mount option specified with no uid= option\n");
585 if (ctx->override_gid && !ctx->gid_specified) {
586 ctx->override_gid = 0;
587 pr_notice("ignoring forcegid mount option specified with no gid= option\n");
593 static int smb3_get_tree_common(struct fs_context *fc)
595 struct smb3_fs_context *ctx = smb3_fc2context(fc);
599 root = cifs_smb3_do_mount(fc->fs_type, 0, ctx);
601 return PTR_ERR(root);
609 * Create an SMB3 superblock from the parameters passed.
611 static int smb3_get_tree(struct fs_context *fc)
613 int err = smb3_fs_context_validate(fc);
617 return smb3_get_tree_common(fc);
620 static void smb3_fs_context_free(struct fs_context *fc)
622 struct smb3_fs_context *ctx = smb3_fc2context(fc);
624 smb3_cleanup_fs_context(ctx);
628 * Compare the old and new proposed context during reconfigure
629 * and check if the changes are compatible.
631 static int smb3_verify_reconfigure_ctx(struct smb3_fs_context *new_ctx,
632 struct smb3_fs_context *old_ctx)
634 if (new_ctx->posix_paths != old_ctx->posix_paths) {
635 cifs_dbg(VFS, "can not change posixpaths during remount\n");
638 if (new_ctx->sectype != old_ctx->sectype) {
639 cifs_dbg(VFS, "can not change sec during remount\n");
642 if (new_ctx->multiuser != old_ctx->multiuser) {
643 cifs_dbg(VFS, "can not change multiuser during remount\n");
647 (!old_ctx->UNC || strcmp(new_ctx->UNC, old_ctx->UNC))) {
648 cifs_dbg(VFS, "can not change UNC during remount\n");
651 if (new_ctx->username &&
652 (!old_ctx->username || strcmp(new_ctx->username, old_ctx->username))) {
653 cifs_dbg(VFS, "can not change username during remount\n");
656 if (new_ctx->password &&
657 (!old_ctx->password || strcmp(new_ctx->password, old_ctx->password))) {
658 cifs_dbg(VFS, "can not change password during remount\n");
661 if (new_ctx->domainname &&
662 (!old_ctx->domainname || strcmp(new_ctx->domainname, old_ctx->domainname))) {
663 cifs_dbg(VFS, "can not change domainname during remount\n");
666 if (new_ctx->nodename &&
667 (!old_ctx->nodename || strcmp(new_ctx->nodename, old_ctx->nodename))) {
668 cifs_dbg(VFS, "can not change nodename during remount\n");
671 if (new_ctx->iocharset &&
672 (!old_ctx->iocharset || strcmp(new_ctx->iocharset, old_ctx->iocharset))) {
673 cifs_dbg(VFS, "can not change iocharset during remount\n");
680 #define STEAL_STRING(cifs_sb, ctx, field) \
683 ctx->field = cifs_sb->ctx->field; \
684 cifs_sb->ctx->field = NULL; \
687 static int smb3_reconfigure(struct fs_context *fc)
689 struct smb3_fs_context *ctx = smb3_fc2context(fc);
690 struct dentry *root = fc->root;
691 struct cifs_sb_info *cifs_sb = CIFS_SB(root->d_sb);
694 rc = smb3_verify_reconfigure_ctx(ctx, cifs_sb->ctx);
699 * We can not change UNC/username/password/domainname/nodename/iocharset
700 * during reconnect so ignore what we have in the new context and
701 * just use what we already have in cifs_sb->ctx.
703 STEAL_STRING(cifs_sb, ctx, UNC);
704 STEAL_STRING(cifs_sb, ctx, username);
705 STEAL_STRING(cifs_sb, ctx, password);
706 STEAL_STRING(cifs_sb, ctx, domainname);
707 STEAL_STRING(cifs_sb, ctx, nodename);
708 STEAL_STRING(cifs_sb, ctx, iocharset);
710 smb3_cleanup_fs_context_contents(cifs_sb->ctx);
711 rc = smb3_fs_context_dup(cifs_sb->ctx, ctx);
712 smb3_update_mnt_flags(cifs_sb);
717 static int smb3_fs_context_parse_param(struct fs_context *fc,
718 struct fs_parameter *param)
720 struct fs_parse_result result;
721 struct smb3_fs_context *ctx = smb3_fc2context(fc);
723 bool is_smb3 = !strcmp(fc->fs_type->name, "smb3");
724 bool skip_parsing = false;
726 cifs_dbg(FYI, "CIFS: parsing cifs mount option '%s'\n", param->key);
729 * fs_parse can not handle string options with an empty value so
730 * we will need special handling of them.
732 if (param->type == fs_value_is_string && param->string[0] == 0) {
733 if (!strcmp("pass", param->key) || !strcmp("password", param->key)) {
736 } else if (!strcmp("user", param->key) || !strcmp("username", param->key)) {
743 opt = fs_parse(fc, smb3_fs_parameters, param, &result);
745 return ctx->sloppy ? 1 : opt;
750 ctx->compression = UNKNOWN_TYPE;
752 "SMB3 compression support is experimental\n");
774 ctx->sfu_remap = false; /* disable SFU mapping */
785 ctx->override_uid = 0;
787 ctx->override_uid = 1;
791 ctx->override_gid = 0;
793 ctx->override_gid = 1;
813 case Opt_noblocksend:
825 case Opt_multichannel:
826 if (result.negated) {
827 ctx->multichannel = false;
828 ctx->max_channels = 1;
830 ctx->multichannel = true;
831 /* if number of channels not specified, default to 2 */
832 if (ctx->max_channels < 2)
833 ctx->max_channels = 2;
837 ctx->linux_uid.val = result.uint_32;
838 ctx->uid_specified = true;
841 ctx->cred_uid.val = result.uint_32;
844 ctx->backupgid.val = result.uint_32;
845 ctx->backupgid_specified = true;
848 ctx->linux_gid.val = result.uint_32;
849 ctx->gid_specified = true;
852 ctx->port = result.uint_32;
855 ctx->file_mode = result.uint_32;
858 ctx->dir_mode = result.uint_32;
860 case Opt_min_enc_offload:
861 ctx->min_offload = result.uint_32;
865 * inode blocksize realistically should never need to be
866 * less than 16K or greater than 16M and default is 1MB.
867 * Note that small inode block sizes (e.g. 64K) can lead
868 * to very poor performance of common tools like cp and scp
870 if ((result.uint_32 < CIFS_MAX_MSGSIZE) ||
871 (result.uint_32 > (4 * SMB3_DEFAULT_IOSIZE))) {
872 cifs_dbg(VFS, "%s: Invalid blocksize\n",
874 goto cifs_parse_mount_err;
876 ctx->bsize = result.uint_32;
877 ctx->got_bsize = true;
880 ctx->rsize = result.uint_32;
881 ctx->got_rsize = true;
884 ctx->wsize = result.uint_32;
885 ctx->got_wsize = true;
888 ctx->actimeo = HZ * result.uint_32;
889 if (ctx->actimeo > CIFS_MAX_ACTIMEO) {
890 cifs_dbg(VFS, "attribute cache timeout too large\n");
891 goto cifs_parse_mount_err;
894 case Opt_echo_interval:
895 ctx->echo_interval = result.uint_32;
898 ctx->snapshot_time = result.uint_32;
900 case Opt_max_credits:
901 if (result.uint_32 < 20 || result.uint_32 > 60000) {
902 cifs_dbg(VFS, "%s: Invalid max_credits value\n",
904 goto cifs_parse_mount_err;
906 ctx->max_credits = result.uint_32;
908 case Opt_max_channels:
909 if (result.uint_32 < 1 || result.uint_32 > CIFS_MAX_CHANNELS) {
910 cifs_dbg(VFS, "%s: Invalid max_channels value, needs to be 1-%d\n",
911 __func__, CIFS_MAX_CHANNELS);
912 goto cifs_parse_mount_err;
914 ctx->max_channels = result.uint_32;
916 case Opt_handletimeout:
917 ctx->handle_timeout = result.uint_32;
918 if (ctx->handle_timeout > SMB3_MAX_HANDLE_TIMEOUT) {
919 cifs_dbg(VFS, "Invalid handle cache timeout, longer than 16 minutes\n");
920 goto cifs_parse_mount_err;
926 switch (smb3_parse_devname(param->string, ctx)) {
930 cifs_dbg(VFS, "Unable to allocate memory for devname\n");
931 goto cifs_parse_mount_err;
933 cifs_dbg(VFS, "Malformed UNC in devname\n");
934 goto cifs_parse_mount_err;
936 cifs_dbg(VFS, "Unknown error parsing devname\n");
937 goto cifs_parse_mount_err;
939 fc->source = kstrdup(param->string, GFP_KERNEL);
940 if (fc->source == NULL) {
941 cifs_dbg(VFS, "OOM when copying UNC string\n");
942 goto cifs_parse_mount_err;
946 kfree(ctx->username);
947 ctx->username = NULL;
948 if (strlen(param->string) == 0) {
949 /* null user, ie. anonymous authentication */
954 if (strnlen(param->string, CIFS_MAX_USERNAME_LEN) >
955 CIFS_MAX_USERNAME_LEN) {
956 pr_warn("username too long\n");
957 goto cifs_parse_mount_err;
959 ctx->username = kstrdup(param->string, GFP_KERNEL);
960 if (ctx->username == NULL) {
961 cifs_dbg(VFS, "OOM when copying username string\n");
962 goto cifs_parse_mount_err;
966 kfree(ctx->password);
967 ctx->password = NULL;
968 if (strlen(param->string) == 0)
971 ctx->password = kstrdup(param->string, GFP_KERNEL);
972 if (ctx->password == NULL) {
973 cifs_dbg(VFS, "OOM when copying password string\n");
974 goto cifs_parse_mount_err;
978 if (strlen(param->string) == 0) {
982 if (!cifs_convert_address((struct sockaddr *)&ctx->dstaddr,
984 strlen(param->string))) {
985 pr_err("bad ip= option (%s)\n", param->string);
986 goto cifs_parse_mount_err;
991 if (strnlen(param->string, CIFS_MAX_DOMAINNAME_LEN)
992 == CIFS_MAX_DOMAINNAME_LEN) {
993 pr_warn("domain name too long\n");
994 goto cifs_parse_mount_err;
997 kfree(ctx->domainname);
998 ctx->domainname = kstrdup(param->string, GFP_KERNEL);
999 if (ctx->domainname == NULL) {
1000 cifs_dbg(VFS, "OOM when copying domainname string\n");
1001 goto cifs_parse_mount_err;
1003 cifs_dbg(FYI, "Domain name set\n");
1006 if (!cifs_convert_address(
1007 (struct sockaddr *)&ctx->srcaddr,
1008 param->string, strlen(param->string))) {
1009 pr_warn("Could not parse srcaddr: %s\n",
1011 goto cifs_parse_mount_err;
1015 if (strnlen(param->string, 1024) >= 65) {
1016 pr_warn("iocharset name too long\n");
1017 goto cifs_parse_mount_err;
1020 if (strncasecmp(param->string, "default", 7) != 0) {
1021 kfree(ctx->iocharset);
1022 ctx->iocharset = kstrdup(param->string, GFP_KERNEL);
1023 if (ctx->iocharset == NULL) {
1024 cifs_dbg(VFS, "OOM when copying iocharset string\n");
1025 goto cifs_parse_mount_err;
1028 /* if iocharset not set then load_nls_default
1031 cifs_dbg(FYI, "iocharset set to %s\n", ctx->iocharset);
1033 case Opt_netbiosname:
1034 memset(ctx->source_rfc1001_name, 0x20,
1037 * FIXME: are there cases in which a comma can
1038 * be valid in workstation netbios name (and
1039 * need special handling)?
1041 for (i = 0; i < RFC1001_NAME_LEN; i++) {
1042 /* don't ucase netbiosname for user */
1043 if (param->string[i] == 0)
1045 ctx->source_rfc1001_name[i] = param->string[i];
1047 /* The string has 16th byte zero still from
1048 * set at top of the function
1050 if (i == RFC1001_NAME_LEN && param->string[i] != 0)
1051 pr_warn("netbiosname longer than 15 truncated\n");
1054 /* last byte, type, is 0x20 for servr type */
1055 memset(ctx->target_rfc1001_name, 0x20,
1056 RFC1001_NAME_LEN_WITH_NULL);
1058 * BB are there cases in which a comma can be valid in this
1059 * workstation netbios name (and need special handling)?
1062 /* user or mount helper must uppercase the netbios name */
1063 for (i = 0; i < 15; i++) {
1064 if (param->string[i] == 0)
1066 ctx->target_rfc1001_name[i] = param->string[i];
1069 /* The string has 16th byte zero still from set at top of function */
1070 if (i == RFC1001_NAME_LEN && param->string[i] != 0)
1071 pr_warn("server netbiosname longer than 15 truncated\n");
1074 /* version of mount userspace tools, not dialect */
1075 /* If interface changes in mount.cifs bump to new ver */
1076 if (strncasecmp(param->string, "1", 1) == 0) {
1077 if (strlen(param->string) > 1) {
1078 pr_warn("Bad mount helper ver=%s. Did you want SMB1 (CIFS) dialect and mean to type vers=1.0 instead?\n",
1080 goto cifs_parse_mount_err;
1082 /* This is the default */
1085 /* For all other value, error */
1086 pr_warn("Invalid mount helper version specified\n");
1087 goto cifs_parse_mount_err;
1089 /* protocol version (dialect) */
1090 if (cifs_parse_smb_version(param->string, ctx, is_smb3) != 0)
1091 goto cifs_parse_mount_err;
1092 ctx->got_version = true;
1095 if (cifs_parse_security_flavors(param->string, ctx) != 0)
1096 goto cifs_parse_mount_err;
1099 if (cifs_parse_cache_flavor(param->string, ctx) != 0)
1100 goto cifs_parse_mount_err;
1103 #ifndef CONFIG_CIFS_SWN_UPCALL
1104 cifs_dbg(VFS, "Witness support needs CONFIG_CIFS_SWN_UPCALL config option\n");
1105 goto cifs_parse_mount_err;
1107 ctx->witness = true;
1108 pr_warn_once("Witness protocol support is experimental\n");
1111 #ifdef CONFIG_CIFS_ROOT
1115 case Opt_posixpaths:
1117 ctx->posix_paths = 0;
1119 ctx->posix_paths = 1;
1125 ctx->no_linux_ext = 1;
1131 if (result.negated) {
1133 * turn off mandatory locking in mode
1134 * if remote locking is turned off since the
1135 * local vfs will do advisory
1137 if (ctx->file_mode ==
1138 (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1139 ctx->file_mode = S_IALLUGO;
1144 case Opt_handlecache:
1146 ctx->nohandlecache = 1;
1148 ctx->nohandlecache = 0;
1150 case Opt_forcemandatorylock:
1154 ctx->setuids = result.negated;
1157 ctx->intr = !result.negated;
1159 case Opt_setuidfromacl:
1160 ctx->setuidfromacl = 1;
1162 case Opt_strictsync:
1163 ctx->nostrictsync = result.negated;
1166 ctx->server_ino = !result.negated;
1168 case Opt_rwpidforward:
1169 ctx->rwpidforward = 1;
1175 ctx->cifs_acl = !result.negated;
1178 ctx->no_psx_acl = result.negated;
1180 case Opt_locallease:
1181 ctx->local_lease = 1;
1186 case Opt_ignore_signature:
1188 ctx->ignore_signature = true;
1191 /* we do not do the following in secFlags because seal
1192 * is a per tree connection (mount) not a per socket
1193 * or per-smb connection option in the protocol
1194 * vol->secFlg |= CIFSSEC_MUST_SEAL;
1199 pr_warn("Mount option noac not supported. Instead set /proc/fs/cifs/LookupCacheEnabled to 0\n");
1202 #ifndef CONFIG_CIFS_FSCACHE
1203 cifs_dbg(VFS, "FS-Cache support needs CONFIG_CIFS_FSCACHE kernel config option set\n");
1204 goto cifs_parse_mount_err;
1208 case Opt_mfsymlinks:
1209 ctx->mfsymlinks = true;
1212 ctx->multiuser = true;
1217 case Opt_nosharesock:
1218 ctx->nosharesock = true;
1220 case Opt_persistent:
1221 if (result.negated) {
1222 ctx->nopersistent = true;
1223 if (ctx->persistent) {
1225 "persistenthandles mount options conflict\n");
1226 goto cifs_parse_mount_err;
1229 ctx->persistent = true;
1230 if ((ctx->nopersistent) || (ctx->resilient)) {
1232 "persistenthandles mount options conflict\n");
1233 goto cifs_parse_mount_err;
1238 if (result.negated) {
1239 ctx->resilient = false; /* already the default */
1241 ctx->resilient = true;
1242 if (ctx->persistent) {
1244 "persistenthandles mount options conflict\n");
1245 goto cifs_parse_mount_err;
1249 case Opt_domainauto:
1250 ctx->domainauto = true;
1256 /* case Opt_ignore: - is ignored as expected ... */
1260 cifs_parse_mount_err:
1264 int smb3_init_fs_context(struct fs_context *fc)
1266 struct smb3_fs_context *ctx;
1267 char *nodename = utsname()->nodename;
1270 ctx = kzalloc(sizeof(struct smb3_fs_context), GFP_KERNEL);
1275 * does not have to be perfect mapping since field is
1276 * informational, only used for servers that do not support
1277 * port 445 and it can be overridden at mount time
1279 memset(ctx->source_rfc1001_name, 0x20, RFC1001_NAME_LEN);
1280 for (i = 0; i < strnlen(nodename, RFC1001_NAME_LEN); i++)
1281 ctx->source_rfc1001_name[i] = toupper(nodename[i]);
1283 ctx->source_rfc1001_name[RFC1001_NAME_LEN] = 0;
1285 * null target name indicates to use *SMBSERVR default called name
1286 * if we end up sending RFC1001 session initialize
1288 ctx->target_rfc1001_name[0] = 0;
1289 ctx->cred_uid = current_uid();
1290 ctx->linux_uid = current_uid();
1291 ctx->linux_gid = current_gid();
1292 ctx->bsize = 1024 * 1024; /* can improve cp performance significantly */
1295 * default to SFM style remapping of seven reserved characters
1296 * unless user overrides it or we negotiate CIFS POSIX where
1297 * it is unnecessary. Can not simultaneously use more than one mapping
1298 * since then readdir could list files that open could not open
1302 /* default to only allowing write access to owner of the mount */
1303 ctx->dir_mode = ctx->file_mode = S_IRUGO | S_IXUGO | S_IWUSR;
1305 /* ctx->retry default is 0 (i.e. "soft" limited retry not hard retry) */
1306 /* default is always to request posix paths. */
1307 ctx->posix_paths = 1;
1308 /* default to using server inode numbers where available */
1309 ctx->server_ino = 1;
1311 /* default is to use strict cifs caching semantics */
1312 ctx->strict_io = true;
1314 ctx->actimeo = CIFS_DEF_ACTIMEO;
1316 /* Most clients set timeout to 0, allows server to use its default */
1317 ctx->handle_timeout = 0; /* See MS-SMB2 spec section 2.2.14.2.12 */
1319 /* offer SMB2.1 and later (SMB3 etc). Secure and widely accepted */
1320 ctx->ops = &smb30_operations;
1321 ctx->vals = &smbdefault_values;
1323 ctx->echo_interval = SMB_ECHO_INTERVAL_DEFAULT;
1325 /* default to no multichannel (single server connection) */
1326 ctx->multichannel = false;
1327 ctx->max_channels = 1;
1329 ctx->backupuid_specified = false; /* no backup intent for a user */
1330 ctx->backupgid_specified = false; /* no backup intent for a group */
1333 * short int override_uid = -1;
1334 * short int override_gid = -1;
1335 * char *nodename = strdup(utsname()->nodename);
1336 * struct sockaddr *dstaddr = (struct sockaddr *)&vol->dstaddr;
1339 fc->fs_private = ctx;
1340 fc->ops = &smb3_fs_context_ops;
1345 smb3_cleanup_fs_context_contents(struct smb3_fs_context *ctx)
1351 * Make sure this stays in sync with smb3_fs_context_dup()
1353 kfree(ctx->mount_options);
1354 ctx->mount_options = NULL;
1355 kfree(ctx->username);
1356 ctx->username = NULL;
1357 kfree_sensitive(ctx->password);
1358 ctx->password = NULL;
1361 kfree(ctx->domainname);
1362 ctx->domainname = NULL;
1363 kfree(ctx->nodename);
1364 ctx->nodename = NULL;
1365 kfree(ctx->iocharset);
1366 ctx->iocharset = NULL;
1367 kfree(ctx->prepath);
1368 ctx->prepath = NULL;
1372 smb3_cleanup_fs_context(struct smb3_fs_context *ctx)
1376 smb3_cleanup_fs_context_contents(ctx);
1380 void smb3_update_mnt_flags(struct cifs_sb_info *cifs_sb)
1382 struct smb3_fs_context *ctx = cifs_sb->ctx;
1385 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_DFS;
1387 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NO_DFS;
1390 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
1392 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NO_PERM;
1395 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
1397 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_SET_UID;
1399 if (ctx->setuidfromacl)
1400 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UID_FROM_ACL;
1402 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_UID_FROM_ACL;
1404 if (ctx->server_ino)
1405 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
1407 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_SERVER_INUM;
1410 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SFM_CHR;
1412 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_MAP_SFM_CHR;
1415 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
1417 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_MAP_SPECIAL_CHR;
1420 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
1422 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NO_XATTR;
1425 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
1427 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_UNX_EMUL;
1430 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
1432 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NO_BRL;
1434 if (ctx->nohandlecache)
1435 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_HANDLE_CACHE;
1437 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NO_HANDLE_CACHE;
1439 if (ctx->nostrictsync)
1440 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOSSYNC;
1442 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NOSSYNC;
1445 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOPOSIXBRL;
1447 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_NOPOSIXBRL;
1449 if (ctx->rwpidforward)
1450 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_RWPIDFORWARD;
1452 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_RWPIDFORWARD;
1455 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MODE_FROM_SID;
1457 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_MODE_FROM_SID;
1460 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
1462 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_CIFS_ACL;
1464 if (ctx->backupuid_specified)
1465 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_BACKUPUID;
1467 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_CIFS_BACKUPUID;
1469 if (ctx->backupgid_specified)
1470 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_BACKUPGID;
1472 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_CIFS_BACKUPGID;
1474 if (ctx->override_uid)
1475 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
1477 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_OVERR_UID;
1479 if (ctx->override_gid)
1480 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
1482 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_OVERR_GID;
1485 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DYNPERM;
1487 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_DYNPERM;
1490 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_FSCACHE;
1492 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_FSCACHE;
1495 cifs_sb->mnt_cifs_flags |= (CIFS_MOUNT_MULTIUSER |
1496 CIFS_MOUNT_NO_PERM);
1498 cifs_sb->mnt_cifs_flags &= ~(CIFS_MOUNT_MULTIUSER |
1499 CIFS_MOUNT_NO_PERM);
1502 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_STRICT_IO;
1504 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_STRICT_IO;
1507 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
1509 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_DIRECT_IO;
1511 if (ctx->mfsymlinks)
1512 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MF_SYMLINKS;
1514 cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_MF_SYMLINKS;
1515 if (ctx->mfsymlinks) {
1516 if (ctx->sfu_emul) {
1518 * Our SFU ("Services for Unix" emulation does not allow
1519 * creating symlinks but does allow reading existing SFU
1520 * symlinks (it does allow both creating and reading SFU
1521 * style mknod and FIFOs though). When "mfsymlinks" and
1522 * "sfu" are both enabled at the same time, it allows
1523 * reading both types of symlinks, but will only create
1524 * them with mfsymlinks format. This allows better
1525 * Apple compatibility (probably better for Samba too)
1526 * while still recognizing old Windows style symlinks.
1528 cifs_dbg(VFS, "mount options mfsymlinks and sfu both enabled\n");