1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Copyright (C) 2016 Namjae Jeon <linkinjeon@kernel.org>
4 * Copyright (C) 2018 Samsung Electronics Co., Ltd.
7 #include <linux/inetdevice.h>
8 #include <net/addrconf.h>
9 #include <linux/syscalls.h>
10 #include <linux/namei.h>
11 #include <linux/statfs.h>
12 #include <linux/ethtool.h>
22 #include "buffer_pool.h"
23 #include "connection.h"
24 #include "transport_ipc.h"
26 #include "vfs_cache.h"
30 #include "smb_common.h"
31 #include "smbstatus.h"
32 #include "ksmbd_work.h"
33 #include "mgmt/user_config.h"
34 #include "mgmt/share_config.h"
35 #include "mgmt/tree_connect.h"
36 #include "mgmt/user_session.h"
37 #include "mgmt/ksmbd_ida.h"
40 static void __wbuf(struct ksmbd_work *work, void **req, void **rsp)
42 if (work->next_smb2_rcv_hdr_off) {
43 *req = REQUEST_BUF_NEXT(work);
44 *rsp = RESPONSE_BUF_NEXT(work);
46 *req = work->request_buf;
47 *rsp = work->response_buf;
51 #define WORK_BUFFERS(w, rq, rs) __wbuf((w), (void **)&(rq), (void **)&(rs))
54 * check_session_id() - check for valid session id in smb header
55 * @conn: connection instance
56 * @id: session id from smb header
58 * Return: 1 if valid session id, otherwise 0
60 static inline int check_session_id(struct ksmbd_conn *conn, u64 id)
62 struct ksmbd_session *sess;
64 if (id == 0 || id == -1)
67 sess = ksmbd_session_lookup(conn, id);
70 ksmbd_err("Invalid user session id: %llu\n", id);
74 struct channel *lookup_chann_list(struct ksmbd_session *sess)
76 struct channel *chann;
79 list_for_each(t, &sess->ksmbd_chann_list) {
80 chann = list_entry(t, struct channel, chann_list);
81 if (chann && chann->conn == sess->conn)
89 * smb2_get_ksmbd_tcon() - get tree connection information for a tree id
92 * Return: matching tree connection on success, otherwise error
94 int smb2_get_ksmbd_tcon(struct ksmbd_work *work)
96 struct smb2_hdr *req_hdr = work->request_buf;
100 if (work->conn->ops->get_cmd_val(work) == SMB2_TREE_CONNECT_HE ||
101 work->conn->ops->get_cmd_val(work) == SMB2_CANCEL_HE ||
102 work->conn->ops->get_cmd_val(work) == SMB2_LOGOFF_HE) {
103 ksmbd_debug(SMB, "skip to check tree connect request\n");
107 if (xa_empty(&work->sess->tree_conns)) {
108 ksmbd_debug(SMB, "NO tree connected\n");
112 tree_id = le32_to_cpu(req_hdr->Id.SyncId.TreeId);
113 work->tcon = ksmbd_tree_conn_lookup(work->sess, tree_id);
115 ksmbd_err("Invalid tid %d\n", tree_id);
123 * smb2_set_err_rsp() - set error response code on smb response
124 * @work: smb work containing response buffer
126 void smb2_set_err_rsp(struct ksmbd_work *work)
128 struct smb2_err_rsp *err_rsp;
130 if (work->next_smb2_rcv_hdr_off)
131 err_rsp = RESPONSE_BUF_NEXT(work);
133 err_rsp = work->response_buf;
135 if (err_rsp->hdr.Status != STATUS_STOPPED_ON_SYMLINK) {
136 err_rsp->StructureSize = SMB2_ERROR_STRUCTURE_SIZE2_LE;
137 err_rsp->ErrorContextCount = 0;
138 err_rsp->Reserved = 0;
139 err_rsp->ByteCount = 0;
140 err_rsp->ErrorData[0] = 0;
141 inc_rfc1001_len(work->response_buf, SMB2_ERROR_STRUCTURE_SIZE2);
146 * is_smb2_neg_cmd() - is it smb2 negotiation command
147 * @work: smb work containing smb header
149 * Return: 1 if smb2 negotiation command, otherwise 0
151 int is_smb2_neg_cmd(struct ksmbd_work *work)
153 struct smb2_hdr *hdr = work->request_buf;
155 /* is it SMB2 header ? */
156 if (hdr->ProtocolId != SMB2_PROTO_NUMBER)
159 /* make sure it is request not response message */
160 if (hdr->Flags & SMB2_FLAGS_SERVER_TO_REDIR)
163 if (hdr->Command != SMB2_NEGOTIATE)
170 * is_smb2_rsp() - is it smb2 response
171 * @work: smb work containing smb response buffer
173 * Return: 1 if smb2 response, otherwise 0
175 int is_smb2_rsp(struct ksmbd_work *work)
177 struct smb2_hdr *hdr = work->response_buf;
179 /* is it SMB2 header ? */
180 if (hdr->ProtocolId != SMB2_PROTO_NUMBER)
183 /* make sure it is response not request message */
184 if (!(hdr->Flags & SMB2_FLAGS_SERVER_TO_REDIR))
191 * get_smb2_cmd_val() - get smb command code from smb header
192 * @work: smb work containing smb request buffer
194 * Return: smb2 request command value
196 uint16_t get_smb2_cmd_val(struct ksmbd_work *work)
198 struct smb2_hdr *rcv_hdr;
200 if (work->next_smb2_rcv_hdr_off)
201 rcv_hdr = REQUEST_BUF_NEXT(work);
203 rcv_hdr = work->request_buf;
204 return le16_to_cpu(rcv_hdr->Command);
208 * set_smb2_rsp_status() - set error response code on smb2 header
209 * @work: smb work containing response buffer
210 * @err: error response code
212 void set_smb2_rsp_status(struct ksmbd_work *work, __le32 err)
214 struct smb2_hdr *rsp_hdr;
216 if (work->next_smb2_rcv_hdr_off)
217 rsp_hdr = RESPONSE_BUF_NEXT(work);
219 rsp_hdr = work->response_buf;
220 rsp_hdr->Status = err;
221 smb2_set_err_rsp(work);
225 * init_smb2_neg_rsp() - initialize smb2 response for negotiate command
226 * @work: smb work containing smb request buffer
228 * smb2 negotiate response is sent in reply of smb1 negotiate command for
229 * dialect auto-negotiation.
231 int init_smb2_neg_rsp(struct ksmbd_work *work)
233 struct smb2_hdr *rsp_hdr;
234 struct smb2_negotiate_rsp *rsp;
235 struct ksmbd_conn *conn = work->conn;
237 if (conn->need_neg == false)
239 if (!(conn->dialect >= SMB20_PROT_ID &&
240 conn->dialect <= SMB311_PROT_ID))
243 rsp_hdr = work->response_buf;
245 memset(rsp_hdr, 0, sizeof(struct smb2_hdr) + 2);
247 rsp_hdr->smb2_buf_length =
248 cpu_to_be32(HEADER_SIZE_NO_BUF_LEN(conn));
250 rsp_hdr->ProtocolId = SMB2_PROTO_NUMBER;
251 rsp_hdr->StructureSize = SMB2_HEADER_STRUCTURE_SIZE;
252 rsp_hdr->CreditRequest = cpu_to_le16(2);
253 rsp_hdr->Command = SMB2_NEGOTIATE;
254 rsp_hdr->Flags = (SMB2_FLAGS_SERVER_TO_REDIR);
255 rsp_hdr->NextCommand = 0;
256 rsp_hdr->MessageId = 0;
257 rsp_hdr->Id.SyncId.ProcessId = 0;
258 rsp_hdr->Id.SyncId.TreeId = 0;
259 rsp_hdr->SessionId = 0;
260 memset(rsp_hdr->Signature, 0, 16);
262 rsp = work->response_buf;
264 WARN_ON(ksmbd_conn_good(work));
266 rsp->StructureSize = cpu_to_le16(65);
267 ksmbd_debug(SMB, "conn->dialect 0x%x\n", conn->dialect);
268 rsp->DialectRevision = cpu_to_le16(conn->dialect);
269 /* Not setting conn guid rsp->ServerGUID, as it
270 * not used by client for identifying connection
272 rsp->Capabilities = cpu_to_le32(conn->vals->capabilities);
273 /* Default Max Message Size till SMB2.0, 64K*/
274 rsp->MaxTransactSize = cpu_to_le32(conn->vals->max_trans_size);
275 rsp->MaxReadSize = cpu_to_le32(conn->vals->max_read_size);
276 rsp->MaxWriteSize = cpu_to_le32(conn->vals->max_write_size);
278 rsp->SystemTime = cpu_to_le64(ksmbd_systime());
279 rsp->ServerStartTime = 0;
281 rsp->SecurityBufferOffset = cpu_to_le16(128);
282 rsp->SecurityBufferLength = cpu_to_le16(AUTH_GSS_LENGTH);
283 ksmbd_copy_gss_neg_header(((char *)(&rsp->hdr) +
284 sizeof(rsp->hdr.smb2_buf_length)) +
285 le16_to_cpu(rsp->SecurityBufferOffset));
286 inc_rfc1001_len(rsp, sizeof(struct smb2_negotiate_rsp) -
287 sizeof(struct smb2_hdr) - sizeof(rsp->Buffer) +
289 rsp->SecurityMode = SMB2_NEGOTIATE_SIGNING_ENABLED_LE;
290 if (server_conf.signing == KSMBD_CONFIG_OPT_MANDATORY)
291 rsp->SecurityMode |= SMB2_NEGOTIATE_SIGNING_REQUIRED_LE;
292 conn->use_spnego = true;
294 ksmbd_conn_set_need_negotiate(work);
298 static int smb2_consume_credit_charge(struct ksmbd_work *work,
299 unsigned short credit_charge)
301 struct ksmbd_conn *conn = work->conn;
302 unsigned int rsp_credits = 1;
304 if (!conn->total_credits)
307 if (credit_charge > 0)
308 rsp_credits = credit_charge;
310 conn->total_credits -= rsp_credits;
315 * smb2_set_rsp_credits() - set number of credits in response buffer
316 * @work: smb work containing smb response buffer
318 int smb2_set_rsp_credits(struct ksmbd_work *work)
320 struct smb2_hdr *req_hdr = REQUEST_BUF_NEXT(work);
321 struct smb2_hdr *hdr = RESPONSE_BUF_NEXT(work);
322 struct ksmbd_conn *conn = work->conn;
323 unsigned short credits_requested = le16_to_cpu(req_hdr->CreditRequest);
324 unsigned short credit_charge = 1, credits_granted = 0;
325 unsigned short aux_max, aux_credits, min_credits;
326 int rsp_credit_charge;
328 if (hdr->Command == SMB2_CANCEL)
331 /* get default minimum credits by shifting maximum credits by 4 */
332 min_credits = conn->max_credits >> 4;
334 if (conn->total_credits >= conn->max_credits) {
335 ksmbd_err("Total credits overflow: %d\n", conn->total_credits);
336 conn->total_credits = min_credits;
339 rsp_credit_charge = smb2_consume_credit_charge(work,
340 le16_to_cpu(req_hdr->CreditCharge));
341 if (rsp_credit_charge < 0)
344 hdr->CreditCharge = cpu_to_le16(rsp_credit_charge);
346 if (credits_requested > 0) {
347 aux_credits = credits_requested - 1;
349 if (hdr->Command == SMB2_NEGOTIATE)
351 aux_credits = (aux_credits < aux_max) ? aux_credits : aux_max;
352 credits_granted = aux_credits + credit_charge;
354 /* if credits granted per client is getting bigger than default
355 * minimum credits then we should wrap it up within the limits.
357 if ((conn->total_credits + credits_granted) > min_credits)
358 credits_granted = min_credits - conn->total_credits;
360 * TODO: Need to adjuct CreditRequest value according to
363 } else if (conn->total_credits == 0) {
367 conn->total_credits += credits_granted;
368 work->credits_granted += credits_granted;
370 if (!req_hdr->NextCommand) {
371 /* Update CreditRequest in last request */
372 hdr->CreditRequest = cpu_to_le16(work->credits_granted);
376 "credits: requested[%d] granted[%d] total_granted[%d]\n",
377 credits_requested, credits_granted,
378 conn->total_credits);
383 * init_chained_smb2_rsp() - initialize smb2 chained response
384 * @work: smb work containing smb response buffer
386 static void init_chained_smb2_rsp(struct ksmbd_work *work)
388 struct smb2_hdr *req = REQUEST_BUF_NEXT(work);
389 struct smb2_hdr *rsp = RESPONSE_BUF_NEXT(work);
390 struct smb2_hdr *rsp_hdr;
391 struct smb2_hdr *rcv_hdr;
392 int next_hdr_offset = 0;
395 /* Len of this response = updated RFC len - offset of previous cmd
396 * in the compound rsp
399 /* Storing the current local FID which may be needed by subsequent
400 * command in the compound request
402 if (req->Command == SMB2_CREATE && rsp->Status == STATUS_SUCCESS) {
404 le64_to_cpu(((struct smb2_create_rsp *)rsp)->
406 work->compound_pfid =
407 le64_to_cpu(((struct smb2_create_rsp *)rsp)->
409 work->compound_sid = le64_to_cpu(rsp->SessionId);
412 len = get_rfc1002_len(work->response_buf) - work->next_smb2_rsp_hdr_off;
413 next_hdr_offset = le32_to_cpu(req->NextCommand);
415 new_len = ALIGN(len, 8);
416 inc_rfc1001_len(work->response_buf, ((sizeof(struct smb2_hdr) - 4)
418 rsp->NextCommand = cpu_to_le32(new_len);
420 work->next_smb2_rcv_hdr_off += next_hdr_offset;
421 work->next_smb2_rsp_hdr_off += new_len;
423 "Compound req new_len = %d rcv off = %d rsp off = %d\n",
424 new_len, work->next_smb2_rcv_hdr_off,
425 work->next_smb2_rsp_hdr_off);
427 rsp_hdr = RESPONSE_BUF_NEXT(work);
428 rcv_hdr = REQUEST_BUF_NEXT(work);
430 if (!(rcv_hdr->Flags & SMB2_FLAGS_RELATED_OPERATIONS)) {
431 ksmbd_debug(SMB, "related flag should be set\n");
432 work->compound_fid = KSMBD_NO_FID;
433 work->compound_pfid = KSMBD_NO_FID;
435 memset((char *)rsp_hdr + 4, 0, sizeof(struct smb2_hdr) + 2);
436 rsp_hdr->ProtocolId = rcv_hdr->ProtocolId;
437 rsp_hdr->StructureSize = SMB2_HEADER_STRUCTURE_SIZE;
438 rsp_hdr->Command = rcv_hdr->Command;
441 * Message is response. We don't grant oplock yet.
443 rsp_hdr->Flags = (SMB2_FLAGS_SERVER_TO_REDIR |
444 SMB2_FLAGS_RELATED_OPERATIONS);
445 rsp_hdr->NextCommand = 0;
446 rsp_hdr->MessageId = rcv_hdr->MessageId;
447 rsp_hdr->Id.SyncId.ProcessId = rcv_hdr->Id.SyncId.ProcessId;
448 rsp_hdr->Id.SyncId.TreeId = rcv_hdr->Id.SyncId.TreeId;
449 rsp_hdr->SessionId = rcv_hdr->SessionId;
450 memcpy(rsp_hdr->Signature, rcv_hdr->Signature, 16);
454 * is_chained_smb2_message() - check for chained command
455 * @work: smb work containing smb request buffer
457 * Return: true if chained request, otherwise false
459 bool is_chained_smb2_message(struct ksmbd_work *work)
461 struct smb2_hdr *hdr = work->request_buf;
464 if (hdr->ProtocolId != SMB2_PROTO_NUMBER)
467 hdr = REQUEST_BUF_NEXT(work);
468 if (le32_to_cpu(hdr->NextCommand) > 0) {
469 ksmbd_debug(SMB, "got SMB2 chained command\n");
470 init_chained_smb2_rsp(work);
472 } else if (work->next_smb2_rcv_hdr_off) {
474 * This is last request in chained command,
475 * align response to 8 byte
477 len = ALIGN(get_rfc1002_len(work->response_buf), 8);
478 len = len - get_rfc1002_len(work->response_buf);
480 ksmbd_debug(SMB, "padding len %u\n", len);
481 inc_rfc1001_len(work->response_buf, len);
482 if (work->aux_payload_sz)
483 work->aux_payload_sz += len;
490 * init_smb2_rsp_hdr() - initialize smb2 response
491 * @work: smb work containing smb request buffer
495 int init_smb2_rsp_hdr(struct ksmbd_work *work)
497 struct smb2_hdr *rsp_hdr = work->response_buf;
498 struct smb2_hdr *rcv_hdr = work->request_buf;
499 struct ksmbd_conn *conn = work->conn;
501 memset(rsp_hdr, 0, sizeof(struct smb2_hdr) + 2);
502 rsp_hdr->smb2_buf_length = cpu_to_be32(HEADER_SIZE_NO_BUF_LEN(conn));
503 rsp_hdr->ProtocolId = rcv_hdr->ProtocolId;
504 rsp_hdr->StructureSize = SMB2_HEADER_STRUCTURE_SIZE;
505 rsp_hdr->Command = rcv_hdr->Command;
508 * Message is response. We don't grant oplock yet.
510 rsp_hdr->Flags = (SMB2_FLAGS_SERVER_TO_REDIR);
511 rsp_hdr->NextCommand = 0;
512 rsp_hdr->MessageId = rcv_hdr->MessageId;
513 rsp_hdr->Id.SyncId.ProcessId = rcv_hdr->Id.SyncId.ProcessId;
514 rsp_hdr->Id.SyncId.TreeId = rcv_hdr->Id.SyncId.TreeId;
515 rsp_hdr->SessionId = rcv_hdr->SessionId;
516 memcpy(rsp_hdr->Signature, rcv_hdr->Signature, 16);
518 work->syncronous = true;
519 if (work->async_id) {
520 ksmbd_release_id(&conn->async_ida, work->async_id);
528 * smb2_allocate_rsp_buf() - allocate smb2 response buffer
529 * @work: smb work containing smb request buffer
531 * Return: 0 on success, otherwise -ENOMEM
533 int smb2_allocate_rsp_buf(struct ksmbd_work *work)
535 struct smb2_hdr *hdr = work->request_buf;
536 size_t small_sz = MAX_CIFS_SMALL_BUFFER_SIZE;
537 size_t large_sz = work->conn->vals->max_trans_size + MAX_SMB2_HDR_SIZE;
538 size_t sz = small_sz;
539 int cmd = le16_to_cpu(hdr->Command);
541 if (cmd == SMB2_IOCTL_HE || cmd == SMB2_QUERY_DIRECTORY_HE) {
543 work->set_trans_buf = true;
546 if (cmd == SMB2_QUERY_INFO_HE) {
547 struct smb2_query_info_req *req;
549 req = work->request_buf;
550 if (req->InfoType == SMB2_O_INFO_FILE &&
551 (req->FileInfoClass == FILE_FULL_EA_INFORMATION ||
552 req->FileInfoClass == FILE_ALL_INFORMATION)) {
554 work->set_trans_buf = true;
558 /* allocate large response buf for chained commands */
559 if (le32_to_cpu(hdr->NextCommand) > 0)
562 if (server_conf.flags & KSMBD_GLOBAL_FLAG_CACHE_TBUF &&
564 work->response_buf = ksmbd_find_buffer(sz);
566 work->response_buf = kvmalloc(sz, GFP_KERNEL | __GFP_ZERO);
568 if (!work->response_buf)
571 work->response_sz = sz;
576 * smb2_check_user_session() - check for valid session for a user
577 * @work: smb work containing smb request buffer
579 * Return: 0 on success, otherwise error
581 int smb2_check_user_session(struct ksmbd_work *work)
583 struct smb2_hdr *req_hdr = work->request_buf;
584 struct ksmbd_conn *conn = work->conn;
585 unsigned int cmd = conn->ops->get_cmd_val(work);
586 unsigned long long sess_id;
590 * SMB2_ECHO, SMB2_NEGOTIATE, SMB2_SESSION_SETUP command do not
591 * require a session id, so no need to validate user session's for
594 if (cmd == SMB2_ECHO_HE || cmd == SMB2_NEGOTIATE_HE ||
595 cmd == SMB2_SESSION_SETUP_HE)
598 if (!ksmbd_conn_good(work))
601 sess_id = le64_to_cpu(req_hdr->SessionId);
602 /* Check for validity of user session */
603 work->sess = ksmbd_session_lookup(conn, sess_id);
606 ksmbd_debug(SMB, "Invalid user session, Uid %llu\n", sess_id);
610 static void destroy_previous_session(struct ksmbd_user *user, u64 id)
612 struct ksmbd_session *prev_sess = ksmbd_session_lookup_slowpath(id);
613 struct ksmbd_user *prev_user;
618 prev_user = prev_sess->user;
621 strcmp(user->name, prev_user->name) ||
622 user->passkey_sz != prev_user->passkey_sz ||
623 memcmp(user->passkey, prev_user->passkey, user->passkey_sz)) {
624 put_session(prev_sess);
628 put_session(prev_sess);
629 ksmbd_session_destroy(prev_sess);
633 * smb2_get_name() - get filename string from on the wire smb format
634 * @share: ksmbd_share_config pointer
635 * @src: source buffer
636 * @maxlen: maxlen of source string
637 * @nls_table: nls_table pointer
639 * Return: matching converted filename on success, otherwise error ptr
642 smb2_get_name(struct ksmbd_share_config *share, const char *src,
643 const int maxlen, struct nls_table *local_nls)
645 char *name, *unixname;
647 name = smb_strndup_from_utf16(src, maxlen, 1, local_nls);
649 ksmbd_err("failed to get name %ld\n", PTR_ERR(name));
653 /* change it to absolute unix name */
654 ksmbd_conv_path_to_unix(name);
655 ksmbd_strip_last_slash(name);
657 unixname = convert_to_unix_name(share, name);
660 ksmbd_err("can not convert absolute name\n");
661 return ERR_PTR(-ENOMEM);
664 ksmbd_debug(SMB, "absolute name = %s\n", unixname);
668 int setup_async_work(struct ksmbd_work *work, void (*fn)(void **), void **arg)
670 struct smb2_hdr *rsp_hdr;
671 struct ksmbd_conn *conn = work->conn;
674 rsp_hdr = work->response_buf;
675 rsp_hdr->Flags |= SMB2_FLAGS_ASYNC_COMMAND;
677 id = ksmbd_acquire_async_msg_id(&conn->async_ida);
679 ksmbd_err("Failed to alloc async message id\n");
682 work->syncronous = false;
684 rsp_hdr->Id.AsyncId = cpu_to_le64(id);
687 "Send interim Response to inform async request id : %d\n",
690 work->cancel_fn = fn;
691 work->cancel_argv = arg;
693 spin_lock(&conn->request_lock);
694 list_add_tail(&work->async_request_entry, &conn->async_requests);
695 spin_unlock(&conn->request_lock);
700 void smb2_send_interim_resp(struct ksmbd_work *work, __le32 status)
702 struct smb2_hdr *rsp_hdr;
704 rsp_hdr = work->response_buf;
705 smb2_set_err_rsp(work);
706 rsp_hdr->Status = status;
709 ksmbd_conn_write(work);
714 static __le32 smb2_get_reparse_tag_special_file(umode_t mode)
716 if (S_ISDIR(mode) || S_ISREG(mode))
720 return IO_REPARSE_TAG_LX_SYMLINK_LE;
721 else if (S_ISFIFO(mode))
722 return IO_REPARSE_TAG_LX_FIFO_LE;
723 else if (S_ISSOCK(mode))
724 return IO_REPARSE_TAG_AF_UNIX_LE;
725 else if (S_ISCHR(mode))
726 return IO_REPARSE_TAG_LX_CHR_LE;
727 else if (S_ISBLK(mode))
728 return IO_REPARSE_TAG_LX_BLK_LE;
734 * smb2_get_dos_mode() - get file mode in dos format from unix mode
735 * @stat: kstat containing file mode
736 * @attribute: attribute flags
738 * Return: converted dos mode
740 static int smb2_get_dos_mode(struct kstat *stat, int attribute)
744 if (S_ISDIR(stat->mode)) {
745 attr = ATTR_DIRECTORY |
746 (attribute & (ATTR_HIDDEN | ATTR_SYSTEM));
748 attr = (attribute & 0x00005137) | ATTR_ARCHIVE;
749 attr &= ~(ATTR_DIRECTORY);
750 if (S_ISREG(stat->mode) && (server_conf.share_fake_fscaps &
751 FILE_SUPPORTS_SPARSE_FILES))
754 if (smb2_get_reparse_tag_special_file(stat->mode))
755 attr |= ATTR_REPARSE;
761 static void build_preauth_ctxt(struct smb2_preauth_neg_context *pneg_ctxt,
764 pneg_ctxt->ContextType = SMB2_PREAUTH_INTEGRITY_CAPABILITIES;
765 pneg_ctxt->DataLength = cpu_to_le16(38);
766 pneg_ctxt->HashAlgorithmCount = cpu_to_le16(1);
767 pneg_ctxt->Reserved = cpu_to_le32(0);
768 pneg_ctxt->SaltLength = cpu_to_le16(SMB311_SALT_SIZE);
769 get_random_bytes(pneg_ctxt->Salt, SMB311_SALT_SIZE);
770 pneg_ctxt->HashAlgorithms = hash_id;
773 static void build_encrypt_ctxt(struct smb2_encryption_neg_context *pneg_ctxt,
776 pneg_ctxt->ContextType = SMB2_ENCRYPTION_CAPABILITIES;
777 pneg_ctxt->DataLength = cpu_to_le16(4);
778 pneg_ctxt->Reserved = cpu_to_le32(0);
779 pneg_ctxt->CipherCount = cpu_to_le16(1);
780 pneg_ctxt->Ciphers[0] = cipher_type;
783 static void build_compression_ctxt(struct smb2_compression_ctx *pneg_ctxt,
786 pneg_ctxt->ContextType = SMB2_COMPRESSION_CAPABILITIES;
787 pneg_ctxt->DataLength =
788 cpu_to_le16(sizeof(struct smb2_compression_ctx)
789 - sizeof(struct smb2_neg_context));
790 pneg_ctxt->Reserved = cpu_to_le32(0);
791 pneg_ctxt->CompressionAlgorithmCount = cpu_to_le16(1);
792 pneg_ctxt->Reserved1 = cpu_to_le32(0);
793 pneg_ctxt->CompressionAlgorithms[0] = comp_algo;
796 static void build_posix_ctxt(struct smb2_posix_neg_context *pneg_ctxt)
798 pneg_ctxt->ContextType = SMB2_POSIX_EXTENSIONS_AVAILABLE;
799 pneg_ctxt->DataLength = cpu_to_le16(POSIX_CTXT_DATA_LEN);
800 /* SMB2_CREATE_TAG_POSIX is "0x93AD25509CB411E7B42383DE968BCD7C" */
801 pneg_ctxt->Name[0] = 0x93;
802 pneg_ctxt->Name[1] = 0xAD;
803 pneg_ctxt->Name[2] = 0x25;
804 pneg_ctxt->Name[3] = 0x50;
805 pneg_ctxt->Name[4] = 0x9C;
806 pneg_ctxt->Name[5] = 0xB4;
807 pneg_ctxt->Name[6] = 0x11;
808 pneg_ctxt->Name[7] = 0xE7;
809 pneg_ctxt->Name[8] = 0xB4;
810 pneg_ctxt->Name[9] = 0x23;
811 pneg_ctxt->Name[10] = 0x83;
812 pneg_ctxt->Name[11] = 0xDE;
813 pneg_ctxt->Name[12] = 0x96;
814 pneg_ctxt->Name[13] = 0x8B;
815 pneg_ctxt->Name[14] = 0xCD;
816 pneg_ctxt->Name[15] = 0x7C;
819 static void assemble_neg_contexts(struct ksmbd_conn *conn,
820 struct smb2_negotiate_rsp *rsp)
822 /* +4 is to account for the RFC1001 len field */
823 char *pneg_ctxt = (char *)rsp +
824 le32_to_cpu(rsp->NegotiateContextOffset) + 4;
825 int neg_ctxt_cnt = 1;
829 "assemble SMB2_PREAUTH_INTEGRITY_CAPABILITIES context\n");
830 build_preauth_ctxt((struct smb2_preauth_neg_context *)pneg_ctxt,
831 conn->preauth_info->Preauth_HashId);
832 rsp->NegotiateContextCount = cpu_to_le16(neg_ctxt_cnt);
833 inc_rfc1001_len(rsp, AUTH_GSS_PADDING);
834 ctxt_size = sizeof(struct smb2_preauth_neg_context);
835 /* Round to 8 byte boundary */
836 pneg_ctxt += round_up(sizeof(struct smb2_preauth_neg_context), 8);
838 if (conn->cipher_type) {
839 ctxt_size = round_up(ctxt_size, 8);
841 "assemble SMB2_ENCRYPTION_CAPABILITIES context\n");
842 build_encrypt_ctxt((struct smb2_encryption_neg_context *)pneg_ctxt,
844 rsp->NegotiateContextCount = cpu_to_le16(++neg_ctxt_cnt);
845 ctxt_size += sizeof(struct smb2_encryption_neg_context);
846 /* Round to 8 byte boundary */
848 round_up(sizeof(struct smb2_encryption_neg_context),
852 if (conn->compress_algorithm) {
853 ctxt_size = round_up(ctxt_size, 8);
855 "assemble SMB2_COMPRESSION_CAPABILITIES context\n");
856 /* Temporarily set to SMB3_COMPRESS_NONE */
857 build_compression_ctxt((struct smb2_compression_ctx *)pneg_ctxt,
858 conn->compress_algorithm);
859 rsp->NegotiateContextCount = cpu_to_le16(++neg_ctxt_cnt);
860 ctxt_size += sizeof(struct smb2_compression_ctx);
861 /* Round to 8 byte boundary */
862 pneg_ctxt += round_up(sizeof(struct smb2_compression_ctx), 8);
865 if (conn->posix_ext_supported) {
866 ctxt_size = round_up(ctxt_size, 8);
868 "assemble SMB2_POSIX_EXTENSIONS_AVAILABLE context\n");
869 build_posix_ctxt((struct smb2_posix_neg_context *)pneg_ctxt);
870 rsp->NegotiateContextCount = cpu_to_le16(++neg_ctxt_cnt);
871 ctxt_size += sizeof(struct smb2_posix_neg_context);
874 inc_rfc1001_len(rsp, ctxt_size);
877 static __le32 decode_preauth_ctxt(struct ksmbd_conn *conn,
878 struct smb2_preauth_neg_context *pneg_ctxt)
880 __le32 err = STATUS_NO_PREAUTH_INTEGRITY_HASH_OVERLAP;
882 if (pneg_ctxt->HashAlgorithms ==
883 SMB2_PREAUTH_INTEGRITY_SHA512) {
884 conn->preauth_info->Preauth_HashId =
885 SMB2_PREAUTH_INTEGRITY_SHA512;
886 err = STATUS_SUCCESS;
892 static int decode_encrypt_ctxt(struct ksmbd_conn *conn,
893 struct smb2_encryption_neg_context *pneg_ctxt)
896 int cph_cnt = le16_to_cpu(pneg_ctxt->CipherCount);
898 conn->cipher_type = 0;
900 if (!(server_conf.flags & KSMBD_GLOBAL_FLAG_SMB2_ENCRYPTION))
903 for (i = 0; i < cph_cnt; i++) {
904 if (pneg_ctxt->Ciphers[i] == SMB2_ENCRYPTION_AES128_GCM ||
905 pneg_ctxt->Ciphers[i] == SMB2_ENCRYPTION_AES128_CCM ||
906 pneg_ctxt->Ciphers[i] == SMB2_ENCRYPTION_AES256_CCM ||
907 pneg_ctxt->Ciphers[i] == SMB2_ENCRYPTION_AES256_GCM) {
908 ksmbd_debug(SMB, "Cipher ID = 0x%x\n",
909 pneg_ctxt->Ciphers[i]);
910 conn->cipher_type = pneg_ctxt->Ciphers[i];
917 * Return encrypt context size in request.
918 * So need to plus extra number of ciphers size.
920 return sizeof(struct smb2_encryption_neg_context) +
924 static int decode_compress_ctxt(struct ksmbd_conn *conn,
925 struct smb2_compression_ctx *pneg_ctxt)
927 int algo_cnt = le16_to_cpu(pneg_ctxt->CompressionAlgorithmCount);
929 conn->compress_algorithm = SMB3_COMPRESS_NONE;
932 * Return compression context size in request.
933 * So need to plus extra number of CompressionAlgorithms size.
935 return sizeof(struct smb2_encryption_neg_context) +
936 ((algo_cnt - 1) * 2);
939 static __le32 deassemble_neg_contexts(struct ksmbd_conn *conn,
940 struct smb2_negotiate_req *req)
944 /* +4 is to account for the RFC1001 len field */
945 char *pneg_ctxt = (char *)req +
946 le32_to_cpu(req->NegotiateContextOffset) + 4;
947 __le16 *ContextType = (__le16 *)pneg_ctxt;
948 int neg_ctxt_cnt = le16_to_cpu(req->NegotiateContextCount);
951 ksmbd_debug(SMB, "negotiate context count = %d\n", neg_ctxt_cnt);
952 status = STATUS_INVALID_PARAMETER;
953 while (i++ < neg_ctxt_cnt) {
954 if (*ContextType == SMB2_PREAUTH_INTEGRITY_CAPABILITIES) {
956 "deassemble SMB2_PREAUTH_INTEGRITY_CAPABILITIES context\n");
957 if (conn->preauth_info->Preauth_HashId)
960 status = decode_preauth_ctxt(conn,
961 (struct smb2_preauth_neg_context *)pneg_ctxt);
962 pneg_ctxt += DIV_ROUND_UP(sizeof(struct smb2_preauth_neg_context), 8) * 8;
963 } else if (*ContextType == SMB2_ENCRYPTION_CAPABILITIES) {
965 "deassemble SMB2_ENCRYPTION_CAPABILITIES context\n");
966 if (conn->cipher_type)
969 ctxt_size = decode_encrypt_ctxt(conn,
970 (struct smb2_encryption_neg_context *)pneg_ctxt);
971 pneg_ctxt += DIV_ROUND_UP(ctxt_size, 8) * 8;
972 } else if (*ContextType == SMB2_COMPRESSION_CAPABILITIES) {
974 "deassemble SMB2_COMPRESSION_CAPABILITIES context\n");
975 if (conn->compress_algorithm)
978 ctxt_size = decode_compress_ctxt(conn,
979 (struct smb2_compression_ctx *)pneg_ctxt);
980 pneg_ctxt += DIV_ROUND_UP(ctxt_size, 8) * 8;
981 } else if (*ContextType == SMB2_NETNAME_NEGOTIATE_CONTEXT_ID) {
983 "deassemble SMB2_NETNAME_NEGOTIATE_CONTEXT_ID context\n");
984 ctxt_size = sizeof(struct smb2_netname_neg_context);
985 ctxt_size += DIV_ROUND_UP(le16_to_cpu(((struct smb2_netname_neg_context *)
986 pneg_ctxt)->DataLength), 8) * 8;
987 pneg_ctxt += ctxt_size;
988 } else if (*ContextType == SMB2_POSIX_EXTENSIONS_AVAILABLE) {
990 "deassemble SMB2_POSIX_EXTENSIONS_AVAILABLE context\n");
991 conn->posix_ext_supported = true;
992 pneg_ctxt += DIV_ROUND_UP(sizeof(struct smb2_posix_neg_context), 8) * 8;
994 ContextType = (__le16 *)pneg_ctxt;
996 if (status != STATUS_SUCCESS)
1003 * smb2_handle_negotiate() - handler for smb2 negotiate command
1004 * @work: smb work containing smb request buffer
1008 int smb2_handle_negotiate(struct ksmbd_work *work)
1010 struct ksmbd_conn *conn = work->conn;
1011 struct smb2_negotiate_req *req = work->request_buf;
1012 struct smb2_negotiate_rsp *rsp = work->response_buf;
1016 ksmbd_debug(SMB, "Received negotiate request\n");
1017 conn->need_neg = false;
1018 if (ksmbd_conn_good(work)) {
1019 ksmbd_err("conn->tcp_status is already in CifsGood State\n");
1020 work->send_no_response = 1;
1024 if (req->DialectCount == 0) {
1025 ksmbd_err("malformed packet\n");
1026 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
1031 conn->cli_cap = le32_to_cpu(req->Capabilities);
1032 switch (conn->dialect) {
1033 case SMB311_PROT_ID:
1034 conn->preauth_info =
1035 kzalloc(sizeof(struct preauth_integrity_info),
1037 if (!conn->preauth_info) {
1039 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
1043 status = deassemble_neg_contexts(conn, req);
1044 if (status != STATUS_SUCCESS) {
1045 ksmbd_err("deassemble_neg_contexts error(0x%x)\n",
1047 rsp->hdr.Status = status;
1052 rc = init_smb3_11_server(conn);
1054 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
1058 ksmbd_gen_preauth_integrity_hash(conn,
1060 conn->preauth_info->Preauth_HashValue);
1061 rsp->NegotiateContextOffset =
1062 cpu_to_le32(OFFSET_OF_NEG_CONTEXT);
1063 assemble_neg_contexts(conn, rsp);
1065 case SMB302_PROT_ID:
1066 init_smb3_02_server(conn);
1069 init_smb3_0_server(conn);
1072 init_smb2_1_server(conn);
1075 rc = init_smb2_0_server(conn);
1077 rsp->hdr.Status = STATUS_NOT_SUPPORTED;
1084 ksmbd_debug(SMB, "Server dialect :0x%x not supported\n",
1086 rsp->hdr.Status = STATUS_NOT_SUPPORTED;
1090 rsp->Capabilities = cpu_to_le32(conn->vals->capabilities);
1093 conn->connection_type = conn->dialect;
1095 rsp->MaxTransactSize = cpu_to_le32(conn->vals->max_trans_size);
1096 rsp->MaxReadSize = cpu_to_le32(conn->vals->max_read_size);
1097 rsp->MaxWriteSize = cpu_to_le32(conn->vals->max_write_size);
1099 if (conn->dialect > SMB20_PROT_ID) {
1100 memcpy(conn->ClientGUID, req->ClientGUID,
1101 SMB2_CLIENT_GUID_SIZE);
1102 conn->cli_sec_mode = le16_to_cpu(req->SecurityMode);
1105 rsp->StructureSize = cpu_to_le16(65);
1106 rsp->DialectRevision = cpu_to_le16(conn->dialect);
1107 /* Not setting conn guid rsp->ServerGUID, as it
1108 * not used by client for identifying server
1110 memset(rsp->ServerGUID, 0, SMB2_CLIENT_GUID_SIZE);
1112 rsp->SystemTime = cpu_to_le64(ksmbd_systime());
1113 rsp->ServerStartTime = 0;
1114 ksmbd_debug(SMB, "negotiate context offset %d, count %d\n",
1115 le32_to_cpu(rsp->NegotiateContextOffset),
1116 le16_to_cpu(rsp->NegotiateContextCount));
1118 rsp->SecurityBufferOffset = cpu_to_le16(128);
1119 rsp->SecurityBufferLength = cpu_to_le16(AUTH_GSS_LENGTH);
1120 ksmbd_copy_gss_neg_header(((char *)(&rsp->hdr) +
1121 sizeof(rsp->hdr.smb2_buf_length)) +
1122 le16_to_cpu(rsp->SecurityBufferOffset));
1123 inc_rfc1001_len(rsp, sizeof(struct smb2_negotiate_rsp) -
1124 sizeof(struct smb2_hdr) - sizeof(rsp->Buffer) +
1126 rsp->SecurityMode = SMB2_NEGOTIATE_SIGNING_ENABLED_LE;
1127 conn->use_spnego = true;
1129 if ((server_conf.signing == KSMBD_CONFIG_OPT_AUTO ||
1130 server_conf.signing == KSMBD_CONFIG_OPT_DISABLED) &&
1131 req->SecurityMode & SMB2_NEGOTIATE_SIGNING_REQUIRED_LE)
1133 else if (server_conf.signing == KSMBD_CONFIG_OPT_MANDATORY) {
1134 server_conf.enforced_signing = true;
1135 rsp->SecurityMode |= SMB2_NEGOTIATE_SIGNING_REQUIRED_LE;
1139 conn->srv_sec_mode = le16_to_cpu(rsp->SecurityMode);
1140 ksmbd_conn_set_need_negotiate(work);
1144 smb2_set_err_rsp(work);
1149 static int alloc_preauth_hash(struct ksmbd_session *sess,
1150 struct ksmbd_conn *conn)
1152 if (sess->Preauth_HashValue)
1155 sess->Preauth_HashValue = kmemdup(conn->preauth_info->Preauth_HashValue,
1156 PREAUTH_HASHVALUE_SIZE, GFP_KERNEL);
1157 if (!sess->Preauth_HashValue)
1163 static int generate_preauth_hash(struct ksmbd_work *work)
1165 struct ksmbd_conn *conn = work->conn;
1166 struct ksmbd_session *sess = work->sess;
1168 if (conn->dialect != SMB311_PROT_ID)
1171 if (!sess->Preauth_HashValue) {
1172 if (alloc_preauth_hash(sess, conn))
1176 ksmbd_gen_preauth_integrity_hash(conn,
1178 sess->Preauth_HashValue);
1182 static int decode_negotiation_token(struct ksmbd_work *work,
1183 struct negotiate_message *negblob)
1185 struct ksmbd_conn *conn = work->conn;
1186 struct smb2_sess_setup_req *req;
1189 if (!conn->use_spnego)
1192 req = work->request_buf;
1193 sz = le16_to_cpu(req->SecurityBufferLength);
1195 if (ksmbd_decode_negTokenInit((char *)negblob, sz, conn)) {
1196 if (ksmbd_decode_negTokenTarg((char *)negblob, sz, conn)) {
1197 conn->auth_mechs |= KSMBD_AUTH_NTLMSSP;
1198 conn->preferred_auth_mech = KSMBD_AUTH_NTLMSSP;
1199 conn->use_spnego = false;
1205 static int ntlm_negotiate(struct ksmbd_work *work,
1206 struct negotiate_message *negblob)
1208 struct smb2_sess_setup_req *req = work->request_buf;
1209 struct smb2_sess_setup_rsp *rsp = work->response_buf;
1210 struct challenge_message *chgblob;
1211 unsigned char *spnego_blob = NULL;
1212 u16 spnego_blob_len;
1216 ksmbd_debug(SMB, "negotiate phase\n");
1217 sz = le16_to_cpu(req->SecurityBufferLength);
1218 rc = ksmbd_decode_ntlmssp_neg_blob(negblob, sz, work->sess);
1222 sz = le16_to_cpu(rsp->SecurityBufferOffset);
1224 (struct challenge_message *)((char *)&rsp->hdr.ProtocolId + sz);
1225 memset(chgblob, 0, sizeof(struct challenge_message));
1227 if (!work->conn->use_spnego) {
1228 sz = ksmbd_build_ntlmssp_challenge_blob(chgblob, work->sess);
1232 rsp->SecurityBufferLength = cpu_to_le16(sz);
1236 sz = sizeof(struct challenge_message);
1237 sz += (strlen(ksmbd_netbios_name()) * 2 + 1 + 4) * 6;
1239 neg_blob = kzalloc(sz, GFP_KERNEL);
1243 chgblob = (struct challenge_message *)neg_blob;
1244 sz = ksmbd_build_ntlmssp_challenge_blob(chgblob, work->sess);
1250 rc = build_spnego_ntlmssp_neg_blob(&spnego_blob,
1259 sz = le16_to_cpu(rsp->SecurityBufferOffset);
1260 memcpy((char *)&rsp->hdr.ProtocolId + sz, spnego_blob, spnego_blob_len);
1261 rsp->SecurityBufferLength = cpu_to_le16(spnego_blob_len);
1269 static struct authenticate_message *user_authblob(struct ksmbd_conn *conn,
1270 struct smb2_sess_setup_req *req)
1274 if (conn->use_spnego && conn->mechToken)
1275 return (struct authenticate_message *)conn->mechToken;
1277 sz = le16_to_cpu(req->SecurityBufferOffset);
1278 return (struct authenticate_message *)((char *)&req->hdr.ProtocolId
1282 static struct ksmbd_user *session_user(struct ksmbd_conn *conn,
1283 struct smb2_sess_setup_req *req)
1285 struct authenticate_message *authblob;
1286 struct ksmbd_user *user;
1290 authblob = user_authblob(conn, req);
1291 sz = le32_to_cpu(authblob->UserName.BufferOffset);
1292 name = smb_strndup_from_utf16((const char *)authblob + sz,
1293 le16_to_cpu(authblob->UserName.Length),
1297 ksmbd_err("cannot allocate memory\n");
1301 ksmbd_debug(SMB, "session setup request for user %s\n", name);
1302 user = ksmbd_login_user(name);
1307 static int ntlm_authenticate(struct ksmbd_work *work)
1309 struct smb2_sess_setup_req *req = work->request_buf;
1310 struct smb2_sess_setup_rsp *rsp = work->response_buf;
1311 struct ksmbd_conn *conn = work->conn;
1312 struct ksmbd_session *sess = work->sess;
1313 struct channel *chann = NULL;
1314 struct ksmbd_user *user;
1318 ksmbd_debug(SMB, "authenticate phase\n");
1319 if (conn->use_spnego) {
1320 unsigned char *spnego_blob;
1321 u16 spnego_blob_len;
1323 rc = build_spnego_ntlmssp_auth_blob(&spnego_blob,
1329 sz = le16_to_cpu(rsp->SecurityBufferOffset);
1330 memcpy((char *)&rsp->hdr.ProtocolId + sz, spnego_blob, spnego_blob_len);
1331 rsp->SecurityBufferLength = cpu_to_le16(spnego_blob_len);
1333 inc_rfc1001_len(rsp, spnego_blob_len - 1);
1336 user = session_user(conn, req);
1338 ksmbd_debug(SMB, "Unknown user name or an error\n");
1339 rsp->hdr.Status = STATUS_LOGON_FAILURE;
1343 /* Check for previous session */
1344 prev_id = le64_to_cpu(req->PreviousSessionId);
1345 if (prev_id && prev_id != sess->id)
1346 destroy_previous_session(user, prev_id);
1348 if (sess->state == SMB2_SESSION_VALID) {
1350 * Reuse session if anonymous try to connect
1351 * on reauthetication.
1353 if (ksmbd_anonymous_user(user)) {
1354 ksmbd_free_user(user);
1357 ksmbd_free_user(sess->user);
1361 if (user_guest(sess->user)) {
1363 ksmbd_debug(SMB, "Guest login not allowed when signing enabled\n");
1364 rsp->hdr.Status = STATUS_LOGON_FAILURE;
1368 rsp->SessionFlags = SMB2_SESSION_FLAG_IS_GUEST_LE;
1370 struct authenticate_message *authblob;
1372 authblob = user_authblob(conn, req);
1373 sz = le16_to_cpu(req->SecurityBufferLength);
1374 rc = ksmbd_decode_ntlmssp_auth_blob(authblob, sz, sess);
1376 set_user_flag(sess->user, KSMBD_USER_FLAG_BAD_PASSWORD);
1377 ksmbd_debug(SMB, "authentication failed\n");
1378 rsp->hdr.Status = STATUS_LOGON_FAILURE;
1383 * If session state is SMB2_SESSION_VALID, We can assume
1384 * that it is reauthentication. And the user/password
1385 * has been verified, so return it here.
1387 if (sess->state == SMB2_SESSION_VALID)
1390 if ((conn->sign || server_conf.enforced_signing) ||
1391 (req->SecurityMode & SMB2_NEGOTIATE_SIGNING_REQUIRED))
1394 if (conn->vals->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION &&
1395 conn->ops->generate_encryptionkey) {
1396 rc = conn->ops->generate_encryptionkey(sess);
1399 "SMB3 encryption key generation failed\n");
1400 rsp->hdr.Status = STATUS_LOGON_FAILURE;
1404 rsp->SessionFlags = SMB2_SESSION_FLAG_ENCRYPT_DATA_LE;
1406 * signing is disable if encryption is enable
1413 if (conn->dialect >= SMB30_PROT_ID) {
1414 chann = lookup_chann_list(sess);
1416 chann = kmalloc(sizeof(struct channel), GFP_KERNEL);
1421 INIT_LIST_HEAD(&chann->chann_list);
1422 list_add(&chann->chann_list, &sess->ksmbd_chann_list);
1426 if (conn->ops->generate_signingkey) {
1427 rc = conn->ops->generate_signingkey(sess);
1429 ksmbd_debug(SMB, "SMB3 signing key generation failed\n");
1430 rsp->hdr.Status = STATUS_LOGON_FAILURE;
1435 if (conn->dialect > SMB20_PROT_ID) {
1436 if (!ksmbd_conn_lookup_dialect(conn)) {
1437 ksmbd_err("fail to verify the dialect\n");
1438 rsp->hdr.Status = STATUS_USER_SESSION_DELETED;
1445 #ifdef CONFIG_SMB_SERVER_KERBEROS5
1446 static int krb5_authenticate(struct ksmbd_work *work)
1448 struct smb2_sess_setup_req *req = work->request_buf;
1449 struct smb2_sess_setup_rsp *rsp = work->response_buf;
1450 struct ksmbd_conn *conn = work->conn;
1451 struct ksmbd_session *sess = work->sess;
1452 char *in_blob, *out_blob;
1453 struct channel *chann = NULL;
1455 int in_len, out_len;
1458 in_blob = (char *)&req->hdr.ProtocolId +
1459 le16_to_cpu(req->SecurityBufferOffset);
1460 in_len = le16_to_cpu(req->SecurityBufferLength);
1461 out_blob = (char *)&rsp->hdr.ProtocolId +
1462 le16_to_cpu(rsp->SecurityBufferOffset);
1463 out_len = work->response_sz -
1464 offsetof(struct smb2_hdr, smb2_buf_length) -
1465 le16_to_cpu(rsp->SecurityBufferOffset);
1467 /* Check previous session */
1468 prev_sess_id = le64_to_cpu(req->PreviousSessionId);
1469 if (prev_sess_id && prev_sess_id != sess->id)
1470 destroy_previous_session(sess->user, prev_sess_id);
1472 if (sess->state == SMB2_SESSION_VALID)
1473 ksmbd_free_user(sess->user);
1475 retval = ksmbd_krb5_authenticate(sess, in_blob, in_len,
1476 out_blob, &out_len);
1478 ksmbd_debug(SMB, "krb5 authentication failed\n");
1479 rsp->hdr.Status = STATUS_LOGON_FAILURE;
1482 rsp->SecurityBufferLength = cpu_to_le16(out_len);
1483 inc_rfc1001_len(rsp, out_len - 1);
1485 if ((conn->sign || server_conf.enforced_signing) ||
1486 (req->SecurityMode & SMB2_NEGOTIATE_SIGNING_REQUIRED))
1489 if ((conn->vals->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION) &&
1490 conn->ops->generate_encryptionkey) {
1491 retval = conn->ops->generate_encryptionkey(sess);
1494 "SMB3 encryption key generation failed\n");
1495 rsp->hdr.Status = STATUS_LOGON_FAILURE;
1499 rsp->SessionFlags = SMB2_SESSION_FLAG_ENCRYPT_DATA_LE;
1503 if (conn->dialect >= SMB30_PROT_ID) {
1504 chann = lookup_chann_list(sess);
1506 chann = kmalloc(sizeof(struct channel), GFP_KERNEL);
1511 INIT_LIST_HEAD(&chann->chann_list);
1512 list_add(&chann->chann_list, &sess->ksmbd_chann_list);
1516 if (conn->ops->generate_signingkey) {
1517 retval = conn->ops->generate_signingkey(sess);
1519 ksmbd_debug(SMB, "SMB3 signing key generation failed\n");
1520 rsp->hdr.Status = STATUS_LOGON_FAILURE;
1525 if (conn->dialect > SMB20_PROT_ID) {
1526 if (!ksmbd_conn_lookup_dialect(conn)) {
1527 ksmbd_err("fail to verify the dialect\n");
1528 rsp->hdr.Status = STATUS_USER_SESSION_DELETED;
1535 static int krb5_authenticate(struct ksmbd_work *work)
1541 int smb2_sess_setup(struct ksmbd_work *work)
1543 struct ksmbd_conn *conn = work->conn;
1544 struct smb2_sess_setup_req *req = work->request_buf;
1545 struct smb2_sess_setup_rsp *rsp = work->response_buf;
1546 struct ksmbd_session *sess;
1547 struct negotiate_message *negblob;
1550 ksmbd_debug(SMB, "Received request for session setup\n");
1552 rsp->StructureSize = cpu_to_le16(9);
1553 rsp->SessionFlags = 0;
1554 rsp->SecurityBufferOffset = cpu_to_le16(72);
1555 rsp->SecurityBufferLength = 0;
1556 inc_rfc1001_len(rsp, 9);
1558 if (!req->hdr.SessionId) {
1559 sess = ksmbd_smb2_session_create();
1564 rsp->hdr.SessionId = cpu_to_le64(sess->id);
1565 ksmbd_session_register(conn, sess);
1567 sess = ksmbd_session_lookup(conn,
1568 le64_to_cpu(req->hdr.SessionId));
1571 rsp->hdr.Status = STATUS_USER_SESSION_DELETED;
1577 if (sess->state == SMB2_SESSION_EXPIRED)
1578 sess->state = SMB2_SESSION_IN_PROGRESS;
1580 negblob = (struct negotiate_message *)((char *)&req->hdr.ProtocolId +
1581 le16_to_cpu(req->SecurityBufferOffset));
1583 if (decode_negotiation_token(work, negblob) == 0) {
1584 if (conn->mechToken)
1585 negblob = (struct negotiate_message *)conn->mechToken;
1588 if (server_conf.auth_mechs & conn->auth_mechs) {
1589 if (conn->preferred_auth_mech &
1590 (KSMBD_AUTH_KRB5 | KSMBD_AUTH_MSKRB5)) {
1591 rc = generate_preauth_hash(work);
1595 rc = krb5_authenticate(work);
1597 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
1601 ksmbd_conn_set_good(work);
1602 sess->state = SMB2_SESSION_VALID;
1603 kfree(sess->Preauth_HashValue);
1604 sess->Preauth_HashValue = NULL;
1605 } else if (conn->preferred_auth_mech == KSMBD_AUTH_NTLMSSP) {
1606 rc = generate_preauth_hash(work);
1610 if (negblob->MessageType == NtLmNegotiate) {
1611 rc = ntlm_negotiate(work, negblob);
1615 STATUS_MORE_PROCESSING_REQUIRED;
1617 * Note: here total size -1 is done as an
1618 * adjustment for 0 size blob
1620 inc_rfc1001_len(rsp, le16_to_cpu(rsp->SecurityBufferLength) - 1);
1622 } else if (negblob->MessageType == NtLmAuthenticate) {
1623 rc = ntlm_authenticate(work);
1627 ksmbd_conn_set_good(work);
1628 sess->state = SMB2_SESSION_VALID;
1629 kfree(sess->Preauth_HashValue);
1630 sess->Preauth_HashValue = NULL;
1633 /* TODO: need one more negotiation */
1634 ksmbd_err("Not support the preferred authentication\n");
1636 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
1639 ksmbd_err("Not support authentication\n");
1641 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
1645 if (conn->use_spnego && conn->mechToken) {
1646 kfree(conn->mechToken);
1647 conn->mechToken = NULL;
1650 if (rc < 0 && sess) {
1651 ksmbd_session_destroy(sess);
1659 * smb2_tree_connect() - handler for smb2 tree connect command
1660 * @work: smb work containing smb request buffer
1662 * Return: 0 on success, otherwise error
1664 int smb2_tree_connect(struct ksmbd_work *work)
1666 struct ksmbd_conn *conn = work->conn;
1667 struct smb2_tree_connect_req *req = work->request_buf;
1668 struct smb2_tree_connect_rsp *rsp = work->response_buf;
1669 struct ksmbd_session *sess = work->sess;
1670 char *treename = NULL, *name = NULL;
1671 struct ksmbd_tree_conn_status status;
1672 struct ksmbd_share_config *share;
1675 treename = smb_strndup_from_utf16(req->Buffer,
1676 le16_to_cpu(req->PathLength), true, conn->local_nls);
1677 if (IS_ERR(treename)) {
1678 ksmbd_err("treename is NULL\n");
1679 status.ret = KSMBD_TREE_CONN_STATUS_ERROR;
1683 name = ksmbd_extract_sharename(treename);
1685 status.ret = KSMBD_TREE_CONN_STATUS_ERROR;
1689 ksmbd_debug(SMB, "tree connect request for tree %s treename %s\n",
1692 status = ksmbd_tree_conn_connect(sess, name);
1693 if (status.ret == KSMBD_TREE_CONN_STATUS_OK)
1694 rsp->hdr.Id.SyncId.TreeId = cpu_to_le32(status.tree_conn->id);
1698 share = status.tree_conn->share_conf;
1699 if (test_share_config_flag(share, KSMBD_SHARE_FLAG_PIPE)) {
1700 ksmbd_debug(SMB, "IPC share path request\n");
1701 rsp->ShareType = SMB2_SHARE_TYPE_PIPE;
1702 rsp->MaximalAccess = FILE_READ_DATA_LE | FILE_READ_EA_LE |
1703 FILE_EXECUTE_LE | FILE_READ_ATTRIBUTES_LE |
1704 FILE_DELETE_LE | FILE_READ_CONTROL_LE |
1705 FILE_WRITE_DAC_LE | FILE_WRITE_OWNER_LE |
1706 FILE_SYNCHRONIZE_LE;
1708 rsp->ShareType = SMB2_SHARE_TYPE_DISK;
1709 rsp->MaximalAccess = FILE_READ_DATA_LE | FILE_READ_EA_LE |
1710 FILE_EXECUTE_LE | FILE_READ_ATTRIBUTES_LE;
1711 if (test_tree_conn_flag(status.tree_conn,
1712 KSMBD_TREE_CONN_FLAG_WRITABLE)) {
1713 rsp->MaximalAccess |= FILE_WRITE_DATA_LE |
1714 FILE_APPEND_DATA_LE | FILE_WRITE_EA_LE |
1715 FILE_DELETE_CHILD_LE | FILE_DELETE_LE |
1716 FILE_WRITE_ATTRIBUTES_LE | FILE_DELETE_LE |
1717 FILE_READ_CONTROL_LE | FILE_WRITE_DAC_LE |
1718 FILE_WRITE_OWNER_LE | FILE_SYNCHRONIZE_LE;
1722 status.tree_conn->maximal_access = le32_to_cpu(rsp->MaximalAccess);
1723 if (conn->posix_ext_supported)
1724 status.tree_conn->posix_extensions = true;
1727 rsp->StructureSize = cpu_to_le16(16);
1728 rsp->Capabilities = 0;
1730 /* default manual caching */
1731 rsp->ShareFlags = SMB2_SHAREFLAG_MANUAL_CACHING;
1732 inc_rfc1001_len(rsp, 16);
1734 if (!IS_ERR(treename))
1739 switch (status.ret) {
1740 case KSMBD_TREE_CONN_STATUS_OK:
1741 rsp->hdr.Status = STATUS_SUCCESS;
1744 case KSMBD_TREE_CONN_STATUS_NO_SHARE:
1745 rsp->hdr.Status = STATUS_BAD_NETWORK_PATH;
1748 case KSMBD_TREE_CONN_STATUS_NOMEM:
1749 rsp->hdr.Status = STATUS_NO_MEMORY;
1751 case KSMBD_TREE_CONN_STATUS_ERROR:
1752 case KSMBD_TREE_CONN_STATUS_TOO_MANY_CONNS:
1753 case KSMBD_TREE_CONN_STATUS_TOO_MANY_SESSIONS:
1754 rsp->hdr.Status = STATUS_ACCESS_DENIED;
1757 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
1760 rsp->hdr.Status = STATUS_ACCESS_DENIED;
1767 * smb2_create_open_flags() - convert smb open flags to unix open flags
1768 * @file_present: is file already present
1769 * @access: file access flags
1770 * @disposition: file disposition flags
1772 * Return: file open flags
1774 static int smb2_create_open_flags(bool file_present, __le32 access,
1777 int oflags = O_NONBLOCK | O_LARGEFILE;
1779 if (access & FILE_READ_DESIRED_ACCESS_LE &&
1780 access & FILE_WRITE_DESIRE_ACCESS_LE)
1782 else if (access & FILE_WRITE_DESIRE_ACCESS_LE)
1787 if (access == FILE_READ_ATTRIBUTES_LE)
1791 switch (disposition & FILE_CREATE_MASK_LE) {
1793 case FILE_CREATE_LE:
1795 case FILE_SUPERSEDE_LE:
1796 case FILE_OVERWRITE_LE:
1797 case FILE_OVERWRITE_IF_LE:
1804 switch (disposition & FILE_CREATE_MASK_LE) {
1805 case FILE_SUPERSEDE_LE:
1806 case FILE_CREATE_LE:
1807 case FILE_OPEN_IF_LE:
1808 case FILE_OVERWRITE_IF_LE:
1812 case FILE_OVERWRITE_LE:
1823 * smb2_tree_disconnect() - handler for smb tree connect request
1824 * @work: smb work containing request buffer
1828 int smb2_tree_disconnect(struct ksmbd_work *work)
1830 struct smb2_tree_disconnect_rsp *rsp = work->response_buf;
1831 struct ksmbd_session *sess = work->sess;
1832 struct ksmbd_tree_connect *tcon = work->tcon;
1834 rsp->StructureSize = cpu_to_le16(4);
1835 inc_rfc1001_len(rsp, 4);
1837 ksmbd_debug(SMB, "request\n");
1840 struct smb2_tree_disconnect_req *req = work->request_buf;
1842 ksmbd_debug(SMB, "Invalid tid %d\n", req->hdr.Id.SyncId.TreeId);
1843 rsp->hdr.Status = STATUS_NETWORK_NAME_DELETED;
1844 smb2_set_err_rsp(work);
1848 ksmbd_close_tree_conn_fds(work);
1849 ksmbd_tree_conn_disconnect(sess, tcon);
1854 * smb2_session_logoff() - handler for session log off request
1855 * @work: smb work containing request buffer
1859 int smb2_session_logoff(struct ksmbd_work *work)
1861 struct ksmbd_conn *conn = work->conn;
1862 struct smb2_logoff_rsp *rsp = work->response_buf;
1863 struct ksmbd_session *sess = work->sess;
1865 rsp->StructureSize = cpu_to_le16(4);
1866 inc_rfc1001_len(rsp, 4);
1868 ksmbd_debug(SMB, "request\n");
1870 /* Got a valid session, set connection state */
1871 WARN_ON(sess->conn != conn);
1873 /* setting CifsExiting here may race with start_tcp_sess */
1874 ksmbd_conn_set_need_reconnect(work);
1875 ksmbd_close_session_fds(work);
1876 ksmbd_conn_wait_idle(conn);
1878 if (ksmbd_tree_conn_session_logoff(sess)) {
1879 struct smb2_logoff_req *req = work->request_buf;
1881 ksmbd_debug(SMB, "Invalid tid %d\n", req->hdr.Id.SyncId.TreeId);
1882 rsp->hdr.Status = STATUS_NETWORK_NAME_DELETED;
1883 smb2_set_err_rsp(work);
1887 ksmbd_destroy_file_table(&sess->file_table);
1888 sess->state = SMB2_SESSION_EXPIRED;
1890 ksmbd_free_user(sess->user);
1893 /* let start_tcp_sess free connection info now */
1894 ksmbd_conn_set_need_negotiate(work);
1899 * create_smb2_pipe() - create IPC pipe
1900 * @work: smb work containing request buffer
1902 * Return: 0 on success, otherwise error
1904 static noinline int create_smb2_pipe(struct ksmbd_work *work)
1906 struct smb2_create_rsp *rsp = work->response_buf;
1907 struct smb2_create_req *req = work->request_buf;
1912 name = smb_strndup_from_utf16(req->Buffer, le16_to_cpu(req->NameLength),
1913 1, work->conn->local_nls);
1915 rsp->hdr.Status = STATUS_NO_MEMORY;
1916 err = PTR_ERR(name);
1920 id = ksmbd_session_rpc_open(work->sess, name);
1922 ksmbd_err("Unable to open RPC pipe: %d\n", id);
1927 rsp->hdr.Status = STATUS_SUCCESS;
1928 rsp->StructureSize = cpu_to_le16(89);
1929 rsp->OplockLevel = SMB2_OPLOCK_LEVEL_NONE;
1931 rsp->CreateAction = cpu_to_le32(FILE_OPENED);
1933 rsp->CreationTime = cpu_to_le64(0);
1934 rsp->LastAccessTime = cpu_to_le64(0);
1935 rsp->ChangeTime = cpu_to_le64(0);
1936 rsp->AllocationSize = cpu_to_le64(0);
1937 rsp->EndofFile = cpu_to_le64(0);
1938 rsp->FileAttributes = ATTR_NORMAL_LE;
1940 rsp->VolatileFileId = cpu_to_le64(id);
1941 rsp->PersistentFileId = 0;
1942 rsp->CreateContextsOffset = 0;
1943 rsp->CreateContextsLength = 0;
1945 inc_rfc1001_len(rsp, 88); /* StructureSize - 1*/
1952 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
1956 rsp->hdr.Status = STATUS_NO_MEMORY;
1963 smb2_set_err_rsp(work);
1968 * smb2_set_ea() - handler for setting extended attributes using set
1970 * @eabuf: set info command buffer
1971 * @path: dentry path for get ea
1973 * Return: 0 on success, otherwise error
1975 static int smb2_set_ea(struct smb2_ea_info *eabuf, struct path *path)
1977 char *attr_name = NULL, *value;
1981 attr_name = kmalloc(XATTR_NAME_MAX + 1, GFP_KERNEL);
1986 if (!eabuf->EaNameLength)
1990 "name : <%s>, name_len : %u, value_len : %u, next : %u\n",
1991 eabuf->name, eabuf->EaNameLength,
1992 le16_to_cpu(eabuf->EaValueLength),
1993 le32_to_cpu(eabuf->NextEntryOffset));
1995 if (eabuf->EaNameLength >
1996 (XATTR_NAME_MAX - XATTR_USER_PREFIX_LEN)) {
2001 memcpy(attr_name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN);
2002 memcpy(&attr_name[XATTR_USER_PREFIX_LEN], eabuf->name,
2003 eabuf->EaNameLength);
2004 attr_name[XATTR_USER_PREFIX_LEN + eabuf->EaNameLength] = '\0';
2005 value = (char *)&eabuf->name + eabuf->EaNameLength + 1;
2007 if (!eabuf->EaValueLength) {
2008 rc = ksmbd_vfs_casexattr_len(path->dentry,
2010 XATTR_USER_PREFIX_LEN +
2011 eabuf->EaNameLength);
2013 /* delete the EA only when it exits */
2015 rc = ksmbd_vfs_remove_xattr(path->dentry,
2020 "remove xattr failed(%d)\n",
2026 /* if the EA doesn't exist, just do nothing. */
2029 rc = ksmbd_vfs_setxattr(path->dentry, attr_name, value,
2030 le16_to_cpu(eabuf->EaValueLength), 0);
2033 "ksmbd_vfs_setxattr is failed(%d)\n",
2040 next = le32_to_cpu(eabuf->NextEntryOffset);
2041 eabuf = (struct smb2_ea_info *)((char *)eabuf + next);
2042 } while (next != 0);
2048 static inline int check_context_err(void *ctx, char *str)
2053 ksmbd_debug(SMB, "find context %s err %d\n", str, err);
2055 if (err == -EINVAL) {
2056 ksmbd_err("bad name length\n");
2063 static noinline int smb2_set_stream_name_xattr(struct path *path,
2064 struct ksmbd_file *fp, char *stream_name, int s_type)
2066 size_t xattr_stream_size;
2067 char *xattr_stream_name;
2070 rc = ksmbd_vfs_xattr_stream_name(stream_name,
2077 fp->stream.name = xattr_stream_name;
2078 fp->stream.size = xattr_stream_size;
2080 /* Check if there is stream prefix in xattr space */
2081 rc = ksmbd_vfs_casexattr_len(path->dentry,
2087 if (fp->cdoption == FILE_OPEN_LE) {
2088 ksmbd_debug(SMB, "XATTR stream name lookup failed: %d\n", rc);
2092 rc = ksmbd_vfs_setxattr(path->dentry, xattr_stream_name, NULL, 0, 0);
2094 ksmbd_err("Failed to store XATTR stream name :%d\n", rc);
2098 static int smb2_remove_smb_xattrs(struct dentry *dentry)
2100 char *name, *xattr_list = NULL;
2101 ssize_t xattr_list_len;
2104 xattr_list_len = ksmbd_vfs_listxattr(dentry, &xattr_list);
2105 if (xattr_list_len < 0) {
2107 } else if (!xattr_list_len) {
2108 ksmbd_debug(SMB, "empty xattr in the file\n");
2112 for (name = xattr_list; name - xattr_list < xattr_list_len;
2113 name += strlen(name) + 1) {
2114 ksmbd_debug(SMB, "%s, len %zd\n", name, strlen(name));
2116 if (strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN) &&
2117 strncmp(&name[XATTR_USER_PREFIX_LEN], DOS_ATTRIBUTE_PREFIX,
2118 DOS_ATTRIBUTE_PREFIX_LEN) &&
2119 strncmp(&name[XATTR_USER_PREFIX_LEN], STREAM_PREFIX, STREAM_PREFIX_LEN))
2122 err = ksmbd_vfs_remove_xattr(dentry, name);
2124 ksmbd_debug(SMB, "remove xattr failed : %s\n", name);
2131 static int smb2_create_truncate(struct path *path)
2133 int rc = vfs_truncate(path, 0);
2136 ksmbd_err("vfs_truncate failed, rc %d\n", rc);
2140 rc = smb2_remove_smb_xattrs(path->dentry);
2141 if (rc == -EOPNOTSUPP)
2145 "ksmbd_truncate_stream_name_xattr failed, rc %d\n",
2150 static void smb2_new_xattrs(struct ksmbd_tree_connect *tcon, struct path *path,
2151 struct ksmbd_file *fp)
2153 struct xattr_dos_attrib da = {0};
2156 if (!test_share_config_flag(tcon->share_conf,
2157 KSMBD_SHARE_FLAG_STORE_DOS_ATTRS))
2161 da.attr = le32_to_cpu(fp->f_ci->m_fattr);
2162 da.itime = da.create_time = fp->create_time;
2163 da.flags = XATTR_DOSINFO_ATTRIB | XATTR_DOSINFO_CREATE_TIME |
2164 XATTR_DOSINFO_ITIME;
2166 rc = ksmbd_vfs_set_dos_attrib_xattr(path->dentry, &da);
2168 ksmbd_debug(SMB, "failed to store file attribute into xattr\n");
2171 static void smb2_update_xattrs(struct ksmbd_tree_connect *tcon,
2172 struct path *path, struct ksmbd_file *fp)
2174 struct xattr_dos_attrib da;
2177 fp->f_ci->m_fattr &= ~(ATTR_HIDDEN_LE | ATTR_SYSTEM_LE);
2179 /* get FileAttributes from XATTR_NAME_DOS_ATTRIBUTE */
2180 if (!test_share_config_flag(tcon->share_conf,
2181 KSMBD_SHARE_FLAG_STORE_DOS_ATTRS))
2184 rc = ksmbd_vfs_get_dos_attrib_xattr(path->dentry, &da);
2186 fp->f_ci->m_fattr = cpu_to_le32(da.attr);
2187 fp->create_time = da.create_time;
2188 fp->itime = da.itime;
2192 static int smb2_creat(struct ksmbd_work *work, struct path *path, char *name,
2193 int open_flags, umode_t posix_mode, bool is_dir)
2195 struct ksmbd_tree_connect *tcon = work->tcon;
2196 struct ksmbd_share_config *share = tcon->share_conf;
2200 if (!(open_flags & O_CREAT))
2203 ksmbd_debug(SMB, "file does not exist, so creating\n");
2204 if (is_dir == true) {
2205 ksmbd_debug(SMB, "creating directory\n");
2207 mode = share_config_directory_mode(share, posix_mode);
2208 rc = ksmbd_vfs_mkdir(work, name, mode);
2212 ksmbd_debug(SMB, "creating regular file\n");
2214 mode = share_config_create_mode(share, posix_mode);
2215 rc = ksmbd_vfs_create(work, name, mode);
2220 rc = ksmbd_vfs_kern_path(name, 0, path, 0);
2222 ksmbd_err("cannot get linux path (%s), err = %d\n",
2229 static int smb2_create_sd_buffer(struct ksmbd_work *work,
2230 struct smb2_create_req *req, struct dentry *dentry)
2232 struct create_context *context;
2235 if (!req->CreateContextsOffset)
2238 /* Parse SD BUFFER create contexts */
2239 context = smb2_find_context_vals(req, SMB2_CREATE_SD_BUFFER);
2240 if (context && !IS_ERR(context)) {
2241 struct create_sd_buf_req *sd_buf;
2244 "Set ACLs using SMB2_CREATE_SD_BUFFER context\n");
2245 sd_buf = (struct create_sd_buf_req *)context;
2246 rc = set_info_sec(work->conn, work->tcon, dentry, &sd_buf->ntsd,
2247 le32_to_cpu(sd_buf->ccontext.DataLength), true);
2253 static void ksmbd_acls_fattr(struct smb_fattr *fattr, struct inode *inode)
2255 fattr->cf_uid = inode->i_uid;
2256 fattr->cf_gid = inode->i_gid;
2257 fattr->cf_mode = inode->i_mode;
2258 fattr->cf_dacls = NULL;
2260 fattr->cf_acls = ksmbd_vfs_get_acl(inode, ACL_TYPE_ACCESS);
2261 if (S_ISDIR(inode->i_mode))
2262 fattr->cf_dacls = ksmbd_vfs_get_acl(inode, ACL_TYPE_DEFAULT);
2266 * smb2_open() - handler for smb file open request
2267 * @work: smb work containing request buffer
2269 * Return: 0 on success, otherwise error
2271 int smb2_open(struct ksmbd_work *work)
2273 struct ksmbd_conn *conn = work->conn;
2274 struct ksmbd_session *sess = work->sess;
2275 struct ksmbd_tree_connect *tcon = work->tcon;
2276 struct smb2_create_req *req;
2277 struct smb2_create_rsp *rsp, *rsp_org;
2279 struct ksmbd_share_config *share = tcon->share_conf;
2280 struct ksmbd_file *fp = NULL;
2281 struct file *filp = NULL;
2283 struct create_context *context;
2284 struct lease_ctx_info *lc = NULL;
2285 struct create_ea_buf_req *ea_buf = NULL;
2286 struct oplock_info *opinfo;
2287 __le32 *next_ptr = NULL;
2288 int req_op_level = 0, open_flags = 0, file_info = 0;
2289 int rc = 0, len = 0;
2290 int contxt_cnt = 0, query_disk_id = 0;
2291 int maximal_access_ctxt = 0, posix_ctxt = 0;
2295 char *stream_name = NULL;
2296 bool file_present = false, created = false, already_permitted = false;
2297 int share_ret, need_truncate = 0;
2299 umode_t posix_mode = 0;
2300 __le32 daccess, maximal_access = 0;
2302 rsp_org = work->response_buf;
2303 WORK_BUFFERS(work, req, rsp);
2305 if (req->hdr.NextCommand && !work->next_smb2_rcv_hdr_off &&
2306 (req->hdr.Flags & SMB2_FLAGS_RELATED_OPERATIONS)) {
2307 ksmbd_debug(SMB, "invalid flag in chained command\n");
2308 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
2309 smb2_set_err_rsp(work);
2313 if (test_share_config_flag(share, KSMBD_SHARE_FLAG_PIPE)) {
2314 ksmbd_debug(SMB, "IPC pipe create request\n");
2315 return create_smb2_pipe(work);
2318 if (req->NameLength) {
2319 if ((req->CreateOptions & FILE_DIRECTORY_FILE_LE) &&
2320 *(char *)req->Buffer == '\\') {
2321 ksmbd_err("not allow directory name included leading slash\n");
2326 name = smb2_get_name(share,
2328 le16_to_cpu(req->NameLength),
2329 work->conn->local_nls);
2337 ksmbd_debug(SMB, "converted name = %s\n", name);
2338 if (strchr(name, ':')) {
2339 if (!test_share_config_flag(work->tcon->share_conf,
2340 KSMBD_SHARE_FLAG_STREAMS)) {
2344 rc = parse_stream_name(name, &stream_name, &s_type);
2349 rc = ksmbd_validate_filename(name);
2353 if (ksmbd_share_veto_filename(share, name)) {
2355 ksmbd_debug(SMB, "Reject open(), vetoed file: %s\n",
2360 len = strlen(share->path);
2361 ksmbd_debug(SMB, "share path len %d\n", len);
2362 name = kmalloc(len + 1, GFP_KERNEL);
2364 rsp->hdr.Status = STATUS_NO_MEMORY;
2369 memcpy(name, share->path, len);
2370 *(name + len) = '\0';
2373 req_op_level = req->RequestedOplockLevel;
2374 if (req_op_level == SMB2_OPLOCK_LEVEL_LEASE)
2375 lc = parse_lease_state(req);
2377 if (le32_to_cpu(req->ImpersonationLevel) > le32_to_cpu(IL_DELEGATE_LE)) {
2378 ksmbd_err("Invalid impersonationlevel : 0x%x\n",
2379 le32_to_cpu(req->ImpersonationLevel));
2381 rsp->hdr.Status = STATUS_BAD_IMPERSONATION_LEVEL;
2385 if (req->CreateOptions && !(req->CreateOptions & CREATE_OPTIONS_MASK)) {
2386 ksmbd_err("Invalid create options : 0x%x\n",
2387 le32_to_cpu(req->CreateOptions));
2391 if (req->CreateOptions & FILE_SEQUENTIAL_ONLY_LE &&
2392 req->CreateOptions & FILE_RANDOM_ACCESS_LE)
2393 req->CreateOptions = ~(FILE_SEQUENTIAL_ONLY_LE);
2395 if (req->CreateOptions & (FILE_OPEN_BY_FILE_ID_LE |
2396 CREATE_TREE_CONNECTION | FILE_RESERVE_OPFILTER_LE)) {
2401 if (req->CreateOptions & FILE_DIRECTORY_FILE_LE) {
2402 if (req->CreateOptions & FILE_NON_DIRECTORY_FILE_LE) {
2405 } else if (req->CreateOptions & FILE_NO_COMPRESSION_LE) {
2406 req->CreateOptions = ~(FILE_NO_COMPRESSION_LE);
2411 if (le32_to_cpu(req->CreateDisposition) >
2412 le32_to_cpu(FILE_OVERWRITE_IF_LE)) {
2413 ksmbd_err("Invalid create disposition : 0x%x\n",
2414 le32_to_cpu(req->CreateDisposition));
2419 if (!(req->DesiredAccess & DESIRED_ACCESS_MASK)) {
2420 ksmbd_err("Invalid desired access : 0x%x\n",
2421 le32_to_cpu(req->DesiredAccess));
2426 if (req->FileAttributes && !(req->FileAttributes & ATTR_MASK_LE)) {
2427 ksmbd_err("Invalid file attribute : 0x%x\n",
2428 le32_to_cpu(req->FileAttributes));
2433 if (req->CreateContextsOffset) {
2434 /* Parse non-durable handle create contexts */
2435 context = smb2_find_context_vals(req, SMB2_CREATE_EA_BUFFER);
2436 if (IS_ERR(context)) {
2437 rc = check_context_err(context, SMB2_CREATE_EA_BUFFER);
2441 ea_buf = (struct create_ea_buf_req *)context;
2442 if (req->CreateOptions & FILE_NO_EA_KNOWLEDGE_LE) {
2443 rsp->hdr.Status = STATUS_ACCESS_DENIED;
2449 context = smb2_find_context_vals(req,
2450 SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST);
2451 if (IS_ERR(context)) {
2452 rc = check_context_err(context,
2453 SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST);
2458 "get query maximal access context\n");
2459 maximal_access_ctxt = 1;
2462 context = smb2_find_context_vals(req,
2463 SMB2_CREATE_TIMEWARP_REQUEST);
2464 if (IS_ERR(context)) {
2465 rc = check_context_err(context,
2466 SMB2_CREATE_TIMEWARP_REQUEST);
2470 ksmbd_debug(SMB, "get timewarp context\n");
2475 if (tcon->posix_extensions) {
2476 context = smb2_find_context_vals(req,
2477 SMB2_CREATE_TAG_POSIX);
2478 if (IS_ERR(context)) {
2479 rc = check_context_err(context,
2480 SMB2_CREATE_TAG_POSIX);
2484 struct create_posix *posix =
2485 (struct create_posix *)context;
2486 ksmbd_debug(SMB, "get posix context\n");
2488 posix_mode = le32_to_cpu(posix->Mode);
2494 if (ksmbd_override_fsids(work)) {
2499 if (req->CreateOptions & FILE_DELETE_ON_CLOSE_LE) {
2501 * On delete request, instead of following up, need to
2502 * look the current entity
2504 rc = ksmbd_vfs_kern_path(name, 0, &path, 1);
2507 * If file exists with under flags, return access
2510 if (req->CreateDisposition == FILE_OVERWRITE_IF_LE ||
2511 req->CreateDisposition == FILE_OPEN_IF_LE) {
2517 if (!test_tree_conn_flag(tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) {
2519 "User does not have write permission\n");
2526 if (test_share_config_flag(work->tcon->share_conf,
2527 KSMBD_SHARE_FLAG_FOLLOW_SYMLINKS)) {
2529 * Use LOOKUP_FOLLOW to follow the path of
2530 * symlink in path buildup
2532 rc = ksmbd_vfs_kern_path(name, LOOKUP_FOLLOW, &path, 1);
2533 if (rc) { /* Case for broken link ?*/
2534 rc = ksmbd_vfs_kern_path(name, 0, &path, 1);
2537 rc = ksmbd_vfs_kern_path(name, 0, &path, 1);
2538 if (!rc && d_is_symlink(path.dentry)) {
2547 if (rc == -EACCES) {
2549 "User does not have right permission\n");
2552 ksmbd_debug(SMB, "can not get linux path for %s, rc = %d\n",
2556 file_present = true;
2557 generic_fillattr(&init_user_ns, d_inode(path.dentry), &stat);
2560 if (req->CreateOptions & FILE_DIRECTORY_FILE_LE) {
2561 if (s_type == DATA_STREAM) {
2563 rsp->hdr.Status = STATUS_NOT_A_DIRECTORY;
2566 if (S_ISDIR(stat.mode) && s_type == DATA_STREAM) {
2568 rsp->hdr.Status = STATUS_FILE_IS_A_DIRECTORY;
2572 if (req->CreateOptions & FILE_DIRECTORY_FILE_LE &&
2573 req->FileAttributes & ATTR_NORMAL_LE) {
2574 rsp->hdr.Status = STATUS_NOT_A_DIRECTORY;
2582 if (file_present && req->CreateOptions & FILE_NON_DIRECTORY_FILE_LE &&
2583 S_ISDIR(stat.mode) && !(req->CreateOptions & FILE_DELETE_ON_CLOSE_LE)) {
2584 ksmbd_debug(SMB, "open() argument is a directory: %s, %x\n",
2585 name, req->CreateOptions);
2586 rsp->hdr.Status = STATUS_FILE_IS_A_DIRECTORY;
2591 if (file_present && (req->CreateOptions & FILE_DIRECTORY_FILE_LE) &&
2592 !(req->CreateDisposition == FILE_CREATE_LE) &&
2593 !S_ISDIR(stat.mode)) {
2594 rsp->hdr.Status = STATUS_NOT_A_DIRECTORY;
2599 if (!stream_name && file_present &&
2600 req->CreateDisposition == FILE_CREATE_LE) {
2605 daccess = smb_map_generic_desired_access(req->DesiredAccess);
2607 if (file_present && !(req->CreateOptions & FILE_DELETE_ON_CLOSE_LE)) {
2608 rc = smb_check_perm_dacl(conn, path.dentry, &daccess,
2614 if (daccess & FILE_MAXIMAL_ACCESS_LE) {
2615 if (!file_present) {
2616 daccess = cpu_to_le32(GENERIC_ALL_FLAGS);
2618 rc = ksmbd_vfs_query_maximal_access(path.dentry,
2622 already_permitted = true;
2624 maximal_access = daccess;
2627 open_flags = smb2_create_open_flags(file_present,
2628 daccess, req->CreateDisposition);
2630 if (!test_tree_conn_flag(tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) {
2631 if (open_flags & O_CREAT) {
2633 "User does not have write permission\n");
2639 /*create file if not present */
2640 if (!file_present) {
2641 rc = smb2_creat(work, &path, name, open_flags, posix_mode,
2642 req->CreateOptions & FILE_DIRECTORY_FILE_LE);
2648 rc = smb2_set_ea(&ea_buf->ea, &path);
2649 if (rc == -EOPNOTSUPP)
2654 } else if (!already_permitted) {
2657 may_delete = daccess & FILE_DELETE_LE ||
2658 req->CreateOptions & FILE_DELETE_ON_CLOSE_LE;
2660 /* FILE_READ_ATTRIBUTE is allowed without inode_permission,
2661 * because execute(search) permission on a parent directory,
2662 * is already granted.
2664 if (daccess & ~(FILE_READ_ATTRIBUTES_LE | FILE_READ_CONTROL_LE)) {
2665 rc = ksmbd_vfs_inode_permission(path.dentry,
2666 open_flags & O_ACCMODE, may_delete);
2672 rc = ksmbd_query_inode_status(d_inode(path.dentry->d_parent));
2673 if (rc == KSMBD_INODE_STATUS_PENDING_DELETE) {
2679 filp = dentry_open(&path, open_flags, current_cred());
2682 ksmbd_err("dentry open for dir failed, rc %d\n", rc);
2687 if (!(open_flags & O_TRUNC))
2688 file_info = FILE_OPENED;
2690 file_info = FILE_OVERWRITTEN;
2692 if ((req->CreateDisposition & FILE_CREATE_MASK_LE)
2693 == FILE_SUPERSEDE_LE)
2694 file_info = FILE_SUPERSEDED;
2695 } else if (open_flags & O_CREAT) {
2696 file_info = FILE_CREATED;
2699 ksmbd_vfs_set_fadvise(filp, req->CreateOptions);
2701 /* Obtain Volatile-ID */
2702 fp = ksmbd_open_fd(work, filp);
2710 /* Get Persistent-ID */
2711 ksmbd_open_durable_fd(fp);
2712 if (!HAS_FILE_ID(fp->persistent_id)) {
2717 fp->filename = name;
2718 fp->cdoption = req->CreateDisposition;
2719 fp->daccess = daccess;
2720 fp->saccess = req->ShareAccess;
2721 fp->coption = req->CreateOptions;
2723 /* Set default windows and posix acls if creating new file */
2726 struct inode *inode = d_inode(path.dentry);
2728 posix_acl_rc = ksmbd_vfs_inherit_posix_acl(inode, d_inode(path.dentry->d_parent));
2730 ksmbd_debug(SMB, "inherit posix acl failed : %d\n", posix_acl_rc);
2732 if (test_share_config_flag(work->tcon->share_conf,
2733 KSMBD_SHARE_FLAG_ACL_XATTR)) {
2734 rc = smb_inherit_dacl(conn, path.dentry, sess->user->uid,
2739 rc = smb2_create_sd_buffer(work, req, path.dentry);
2742 ksmbd_vfs_set_init_posix_acl(inode);
2744 if (test_share_config_flag(work->tcon->share_conf,
2745 KSMBD_SHARE_FLAG_ACL_XATTR)) {
2746 struct smb_fattr fattr;
2747 struct smb_ntsd *pntsd;
2748 int pntsd_size, ace_num = 0;
2750 ksmbd_acls_fattr(&fattr, inode);
2752 ace_num = fattr.cf_acls->a_count;
2754 ace_num += fattr.cf_dacls->a_count;
2756 pntsd = kmalloc(sizeof(struct smb_ntsd) +
2757 sizeof(struct smb_sid) * 3 +
2758 sizeof(struct smb_acl) +
2759 sizeof(struct smb_ace) * ace_num * 2,
2764 rc = build_sec_desc(pntsd, NULL,
2765 OWNER_SECINFO | GROUP_SECINFO | DACL_SECINFO,
2766 &pntsd_size, &fattr);
2767 posix_acl_release(fattr.cf_acls);
2768 posix_acl_release(fattr.cf_dacls);
2770 rc = ksmbd_vfs_set_sd_xattr(conn,
2771 path.dentry, pntsd, pntsd_size);
2774 ksmbd_err("failed to store ntacl in xattr : %d\n",
2783 rc = smb2_set_stream_name_xattr(&path,
2789 file_info = FILE_CREATED;
2792 fp->attrib_only = !(req->DesiredAccess & ~(FILE_READ_ATTRIBUTES_LE |
2793 FILE_WRITE_ATTRIBUTES_LE | FILE_SYNCHRONIZE_LE));
2794 if (!S_ISDIR(file_inode(filp)->i_mode) && open_flags & O_TRUNC &&
2795 !fp->attrib_only && !stream_name) {
2796 smb_break_all_oplock(work, fp);
2800 /* fp should be searchable through ksmbd_inode.m_fp_list
2801 * after daccess, saccess, attrib_only, and stream are
2804 write_lock(&fp->f_ci->m_lock);
2805 list_add(&fp->node, &fp->f_ci->m_fp_list);
2806 write_unlock(&fp->f_ci->m_lock);
2808 rc = ksmbd_vfs_getattr(&path, &stat);
2810 generic_fillattr(&init_user_ns, d_inode(path.dentry), &stat);
2814 /* Check delete pending among previous fp before oplock break */
2815 if (ksmbd_inode_pending_delete(fp)) {
2820 share_ret = ksmbd_smb_check_shared_mode(fp->filp, fp);
2821 if (!test_share_config_flag(work->tcon->share_conf, KSMBD_SHARE_FLAG_OPLOCKS) ||
2822 (req_op_level == SMB2_OPLOCK_LEVEL_LEASE &&
2823 !(conn->vals->capabilities & SMB2_GLOBAL_CAP_LEASING))) {
2824 if (share_ret < 0 && !S_ISDIR(FP_INODE(fp)->i_mode)) {
2829 if (req_op_level == SMB2_OPLOCK_LEVEL_LEASE) {
2830 req_op_level = smb2_map_lease_to_oplock(lc->req_state);
2832 "lease req for(%s) req oplock state 0x%x, lease state 0x%x\n",
2833 name, req_op_level, lc->req_state);
2834 rc = find_same_lease_key(sess, fp->f_ci, lc);
2837 } else if (open_flags == O_RDONLY &&
2838 (req_op_level == SMB2_OPLOCK_LEVEL_BATCH ||
2839 req_op_level == SMB2_OPLOCK_LEVEL_EXCLUSIVE))
2840 req_op_level = SMB2_OPLOCK_LEVEL_II;
2842 rc = smb_grant_oplock(work, req_op_level,
2843 fp->persistent_id, fp,
2844 le32_to_cpu(req->hdr.Id.SyncId.TreeId),
2850 if (req->CreateOptions & FILE_DELETE_ON_CLOSE_LE)
2851 ksmbd_fd_set_delete_on_close(fp, file_info);
2853 if (need_truncate) {
2854 rc = smb2_create_truncate(&path);
2859 if (req->CreateContextsOffset) {
2860 struct create_alloc_size_req *az_req;
2862 az_req = (struct create_alloc_size_req *)
2863 smb2_find_context_vals(req,
2864 SMB2_CREATE_ALLOCATION_SIZE);
2865 if (IS_ERR(az_req)) {
2866 rc = check_context_err(az_req,
2867 SMB2_CREATE_ALLOCATION_SIZE);
2871 loff_t alloc_size = le64_to_cpu(az_req->AllocationSize);
2875 "request smb2 create allocate size : %llu\n",
2877 err = ksmbd_vfs_alloc_size(work, fp, alloc_size);
2880 "ksmbd_vfs_alloc_size is failed : %d\n",
2884 context = smb2_find_context_vals(req, SMB2_CREATE_QUERY_ON_DISK_ID);
2885 if (IS_ERR(context)) {
2886 rc = check_context_err(context, SMB2_CREATE_QUERY_ON_DISK_ID);
2890 ksmbd_debug(SMB, "get query on disk id context\n");
2895 if (stat.result_mask & STATX_BTIME)
2896 fp->create_time = ksmbd_UnixTimeToNT(stat.btime);
2898 fp->create_time = ksmbd_UnixTimeToNT(stat.ctime);
2899 if (req->FileAttributes || fp->f_ci->m_fattr == 0)
2900 fp->f_ci->m_fattr = cpu_to_le32(smb2_get_dos_mode(&stat,
2901 le32_to_cpu(req->FileAttributes)));
2904 smb2_update_xattrs(tcon, &path, fp);
2906 smb2_new_xattrs(tcon, &path, fp);
2908 memcpy(fp->client_guid, conn->ClientGUID, SMB2_CLIENT_GUID_SIZE);
2910 generic_fillattr(&init_user_ns, FP_INODE(fp), &stat);
2912 rsp->StructureSize = cpu_to_le16(89);
2914 opinfo = rcu_dereference(fp->f_opinfo);
2915 rsp->OplockLevel = opinfo != NULL ? opinfo->level : 0;
2918 rsp->CreateAction = cpu_to_le32(file_info);
2919 rsp->CreationTime = cpu_to_le64(fp->create_time);
2920 time = ksmbd_UnixTimeToNT(stat.atime);
2921 rsp->LastAccessTime = cpu_to_le64(time);
2922 time = ksmbd_UnixTimeToNT(stat.mtime);
2923 rsp->LastWriteTime = cpu_to_le64(time);
2924 time = ksmbd_UnixTimeToNT(stat.ctime);
2925 rsp->ChangeTime = cpu_to_le64(time);
2926 rsp->AllocationSize = S_ISDIR(stat.mode) ? 0 :
2927 cpu_to_le64(stat.blocks << 9);
2928 rsp->EndofFile = S_ISDIR(stat.mode) ? 0 : cpu_to_le64(stat.size);
2929 rsp->FileAttributes = fp->f_ci->m_fattr;
2933 rsp->PersistentFileId = cpu_to_le64(fp->persistent_id);
2934 rsp->VolatileFileId = cpu_to_le64(fp->volatile_id);
2936 rsp->CreateContextsOffset = 0;
2937 rsp->CreateContextsLength = 0;
2938 inc_rfc1001_len(rsp_org, 88); /* StructureSize - 1*/
2940 /* If lease is request send lease context response */
2941 if (opinfo && opinfo->is_lease) {
2942 struct create_context *lease_ccontext;
2944 ksmbd_debug(SMB, "lease granted on(%s) lease state 0x%x\n",
2945 name, opinfo->o_lease->state);
2946 rsp->OplockLevel = SMB2_OPLOCK_LEVEL_LEASE;
2948 lease_ccontext = (struct create_context *)rsp->Buffer;
2950 create_lease_buf(rsp->Buffer, opinfo->o_lease);
2951 le32_add_cpu(&rsp->CreateContextsLength,
2952 conn->vals->create_lease_size);
2953 inc_rfc1001_len(rsp_org, conn->vals->create_lease_size);
2954 next_ptr = &lease_ccontext->Next;
2955 next_off = conn->vals->create_lease_size;
2958 if (maximal_access_ctxt) {
2959 struct create_context *mxac_ccontext;
2961 if (maximal_access == 0)
2962 ksmbd_vfs_query_maximal_access(path.dentry,
2964 mxac_ccontext = (struct create_context *)(rsp->Buffer +
2965 le32_to_cpu(rsp->CreateContextsLength));
2967 create_mxac_rsp_buf(rsp->Buffer +
2968 le32_to_cpu(rsp->CreateContextsLength),
2969 le32_to_cpu(maximal_access));
2970 le32_add_cpu(&rsp->CreateContextsLength,
2971 conn->vals->create_mxac_size);
2972 inc_rfc1001_len(rsp_org, conn->vals->create_mxac_size);
2974 *next_ptr = cpu_to_le32(next_off);
2975 next_ptr = &mxac_ccontext->Next;
2976 next_off = conn->vals->create_mxac_size;
2979 if (query_disk_id) {
2980 struct create_context *disk_id_ccontext;
2982 disk_id_ccontext = (struct create_context *)(rsp->Buffer +
2983 le32_to_cpu(rsp->CreateContextsLength));
2985 create_disk_id_rsp_buf(rsp->Buffer +
2986 le32_to_cpu(rsp->CreateContextsLength),
2987 stat.ino, tcon->id);
2988 le32_add_cpu(&rsp->CreateContextsLength,
2989 conn->vals->create_disk_id_size);
2990 inc_rfc1001_len(rsp_org, conn->vals->create_disk_id_size);
2992 *next_ptr = cpu_to_le32(next_off);
2993 next_ptr = &disk_id_ccontext->Next;
2994 next_off = conn->vals->create_disk_id_size;
2999 create_posix_rsp_buf(rsp->Buffer +
3000 le32_to_cpu(rsp->CreateContextsLength),
3002 le32_add_cpu(&rsp->CreateContextsLength,
3003 conn->vals->create_posix_size);
3004 inc_rfc1001_len(rsp_org, conn->vals->create_posix_size);
3006 *next_ptr = cpu_to_le32(next_off);
3009 if (contxt_cnt > 0) {
3010 rsp->CreateContextsOffset =
3011 cpu_to_le32(offsetof(struct smb2_create_rsp, Buffer)
3016 if (file_present || created)
3018 ksmbd_revert_fsids(work);
3022 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
3023 else if (rc == -EOPNOTSUPP)
3024 rsp->hdr.Status = STATUS_NOT_SUPPORTED;
3025 else if (rc == -EACCES || rc == -ESTALE)
3026 rsp->hdr.Status = STATUS_ACCESS_DENIED;
3027 else if (rc == -ENOENT)
3028 rsp->hdr.Status = STATUS_OBJECT_NAME_INVALID;
3029 else if (rc == -EPERM)
3030 rsp->hdr.Status = STATUS_SHARING_VIOLATION;
3031 else if (rc == -EBUSY)
3032 rsp->hdr.Status = STATUS_DELETE_PENDING;
3033 else if (rc == -EBADF)
3034 rsp->hdr.Status = STATUS_OBJECT_NAME_NOT_FOUND;
3035 else if (rc == -ENOEXEC)
3036 rsp->hdr.Status = STATUS_DUPLICATE_OBJECTID;
3037 else if (rc == -ENXIO)
3038 rsp->hdr.Status = STATUS_NO_SUCH_DEVICE;
3039 else if (rc == -EEXIST)
3040 rsp->hdr.Status = STATUS_OBJECT_NAME_COLLISION;
3041 else if (rc == -EMFILE)
3042 rsp->hdr.Status = STATUS_INSUFFICIENT_RESOURCES;
3043 if (!rsp->hdr.Status)
3044 rsp->hdr.Status = STATUS_UNEXPECTED_IO_ERROR;
3046 if (!fp || !fp->filename)
3049 ksmbd_fd_put(work, fp);
3050 smb2_set_err_rsp(work);
3051 ksmbd_debug(SMB, "Error response: %x\n", rsp->hdr.Status);
3059 static int readdir_info_level_struct_sz(int info_level)
3061 switch (info_level) {
3062 case FILE_FULL_DIRECTORY_INFORMATION:
3063 return sizeof(struct file_full_directory_info);
3064 case FILE_BOTH_DIRECTORY_INFORMATION:
3065 return sizeof(struct file_both_directory_info);
3066 case FILE_DIRECTORY_INFORMATION:
3067 return sizeof(struct file_directory_info);
3068 case FILE_NAMES_INFORMATION:
3069 return sizeof(struct file_names_info);
3070 case FILEID_FULL_DIRECTORY_INFORMATION:
3071 return sizeof(struct file_id_full_dir_info);
3072 case FILEID_BOTH_DIRECTORY_INFORMATION:
3073 return sizeof(struct file_id_both_directory_info);
3074 case SMB_FIND_FILE_POSIX_INFO:
3075 return sizeof(struct smb2_posix_info);
3081 static int dentry_name(struct ksmbd_dir_info *d_info, int info_level)
3083 switch (info_level) {
3084 case FILE_FULL_DIRECTORY_INFORMATION:
3086 struct file_full_directory_info *ffdinfo;
3088 ffdinfo = (struct file_full_directory_info *)d_info->rptr;
3089 d_info->rptr += le32_to_cpu(ffdinfo->NextEntryOffset);
3090 d_info->name = ffdinfo->FileName;
3091 d_info->name_len = le32_to_cpu(ffdinfo->FileNameLength);
3094 case FILE_BOTH_DIRECTORY_INFORMATION:
3096 struct file_both_directory_info *fbdinfo;
3098 fbdinfo = (struct file_both_directory_info *)d_info->rptr;
3099 d_info->rptr += le32_to_cpu(fbdinfo->NextEntryOffset);
3100 d_info->name = fbdinfo->FileName;
3101 d_info->name_len = le32_to_cpu(fbdinfo->FileNameLength);
3104 case FILE_DIRECTORY_INFORMATION:
3106 struct file_directory_info *fdinfo;
3108 fdinfo = (struct file_directory_info *)d_info->rptr;
3109 d_info->rptr += le32_to_cpu(fdinfo->NextEntryOffset);
3110 d_info->name = fdinfo->FileName;
3111 d_info->name_len = le32_to_cpu(fdinfo->FileNameLength);
3114 case FILE_NAMES_INFORMATION:
3116 struct file_names_info *fninfo;
3118 fninfo = (struct file_names_info *)d_info->rptr;
3119 d_info->rptr += le32_to_cpu(fninfo->NextEntryOffset);
3120 d_info->name = fninfo->FileName;
3121 d_info->name_len = le32_to_cpu(fninfo->FileNameLength);
3124 case FILEID_FULL_DIRECTORY_INFORMATION:
3126 struct file_id_full_dir_info *dinfo;
3128 dinfo = (struct file_id_full_dir_info *)d_info->rptr;
3129 d_info->rptr += le32_to_cpu(dinfo->NextEntryOffset);
3130 d_info->name = dinfo->FileName;
3131 d_info->name_len = le32_to_cpu(dinfo->FileNameLength);
3134 case FILEID_BOTH_DIRECTORY_INFORMATION:
3136 struct file_id_both_directory_info *fibdinfo;
3138 fibdinfo = (struct file_id_both_directory_info *)d_info->rptr;
3139 d_info->rptr += le32_to_cpu(fibdinfo->NextEntryOffset);
3140 d_info->name = fibdinfo->FileName;
3141 d_info->name_len = le32_to_cpu(fibdinfo->FileNameLength);
3144 case SMB_FIND_FILE_POSIX_INFO:
3146 struct smb2_posix_info *posix_info;
3148 posix_info = (struct smb2_posix_info *)d_info->rptr;
3149 d_info->rptr += le32_to_cpu(posix_info->NextEntryOffset);
3150 d_info->name = posix_info->name;
3151 d_info->name_len = le32_to_cpu(posix_info->name_len);
3160 * smb2_populate_readdir_entry() - encode directory entry in smb2 response
3162 * @conn: connection instance
3163 * @info_level: smb information level
3164 * @d_info: structure included variables for query dir
3165 * @ksmbd_kstat: ksmbd wrapper of dirent stat information
3167 * if directory has many entries, find first can't read it fully.
3168 * find next might be called multiple times to read remaining dir entries
3170 * Return: 0 on success, otherwise error
3172 static int smb2_populate_readdir_entry(struct ksmbd_conn *conn, int info_level,
3173 struct ksmbd_dir_info *d_info, struct ksmbd_kstat *ksmbd_kstat)
3175 int next_entry_offset = 0;
3181 conv_name = ksmbd_convert_dir_info_name(d_info,
3187 /* Somehow the name has only terminating NULL bytes */
3193 struct_sz = readdir_info_level_struct_sz(info_level);
3194 next_entry_offset = ALIGN(struct_sz - 1 + conv_len,
3195 KSMBD_DIR_INFO_ALIGNMENT);
3197 if (next_entry_offset > d_info->out_buf_len) {
3198 d_info->out_buf_len = 0;
3202 kstat = d_info->wptr;
3203 if (info_level != FILE_NAMES_INFORMATION)
3204 kstat = ksmbd_vfs_init_kstat(&d_info->wptr, ksmbd_kstat);
3206 switch (info_level) {
3207 case FILE_FULL_DIRECTORY_INFORMATION:
3209 struct file_full_directory_info *ffdinfo;
3211 ffdinfo = (struct file_full_directory_info *)kstat;
3212 ffdinfo->FileNameLength = cpu_to_le32(conv_len);
3214 smb2_get_reparse_tag_special_file(ksmbd_kstat->kstat->mode);
3215 if (ffdinfo->EaSize)
3216 ffdinfo->ExtFileAttributes = ATTR_REPARSE_POINT_LE;
3217 if (d_info->hide_dot_file && d_info->name[0] == '.')
3218 ffdinfo->ExtFileAttributes |= ATTR_HIDDEN_LE;
3219 memcpy(ffdinfo->FileName, conv_name, conv_len);
3220 ffdinfo->NextEntryOffset = cpu_to_le32(next_entry_offset);
3223 case FILE_BOTH_DIRECTORY_INFORMATION:
3225 struct file_both_directory_info *fbdinfo;
3227 fbdinfo = (struct file_both_directory_info *)kstat;
3228 fbdinfo->FileNameLength = cpu_to_le32(conv_len);
3230 smb2_get_reparse_tag_special_file(ksmbd_kstat->kstat->mode);
3231 if (fbdinfo->EaSize)
3232 fbdinfo->ExtFileAttributes = ATTR_REPARSE_POINT_LE;
3233 fbdinfo->ShortNameLength = 0;
3234 fbdinfo->Reserved = 0;
3235 if (d_info->hide_dot_file && d_info->name[0] == '.')
3236 fbdinfo->ExtFileAttributes |= ATTR_HIDDEN_LE;
3237 memcpy(fbdinfo->FileName, conv_name, conv_len);
3238 fbdinfo->NextEntryOffset = cpu_to_le32(next_entry_offset);
3241 case FILE_DIRECTORY_INFORMATION:
3243 struct file_directory_info *fdinfo;
3245 fdinfo = (struct file_directory_info *)kstat;
3246 fdinfo->FileNameLength = cpu_to_le32(conv_len);
3247 if (d_info->hide_dot_file && d_info->name[0] == '.')
3248 fdinfo->ExtFileAttributes |= ATTR_HIDDEN_LE;
3249 memcpy(fdinfo->FileName, conv_name, conv_len);
3250 fdinfo->NextEntryOffset = cpu_to_le32(next_entry_offset);
3253 case FILE_NAMES_INFORMATION:
3255 struct file_names_info *fninfo;
3257 fninfo = (struct file_names_info *)kstat;
3258 fninfo->FileNameLength = cpu_to_le32(conv_len);
3259 memcpy(fninfo->FileName, conv_name, conv_len);
3260 fninfo->NextEntryOffset = cpu_to_le32(next_entry_offset);
3263 case FILEID_FULL_DIRECTORY_INFORMATION:
3265 struct file_id_full_dir_info *dinfo;
3267 dinfo = (struct file_id_full_dir_info *)kstat;
3268 dinfo->FileNameLength = cpu_to_le32(conv_len);
3270 smb2_get_reparse_tag_special_file(ksmbd_kstat->kstat->mode);
3272 dinfo->ExtFileAttributes = ATTR_REPARSE_POINT_LE;
3273 dinfo->Reserved = 0;
3274 dinfo->UniqueId = cpu_to_le64(ksmbd_kstat->kstat->ino);
3275 if (d_info->hide_dot_file && d_info->name[0] == '.')
3276 dinfo->ExtFileAttributes |= ATTR_HIDDEN_LE;
3277 memcpy(dinfo->FileName, conv_name, conv_len);
3278 dinfo->NextEntryOffset = cpu_to_le32(next_entry_offset);
3281 case FILEID_BOTH_DIRECTORY_INFORMATION:
3283 struct file_id_both_directory_info *fibdinfo;
3285 fibdinfo = (struct file_id_both_directory_info *)kstat;
3286 fibdinfo->FileNameLength = cpu_to_le32(conv_len);
3288 smb2_get_reparse_tag_special_file(ksmbd_kstat->kstat->mode);
3289 if (fibdinfo->EaSize)
3290 fibdinfo->ExtFileAttributes = ATTR_REPARSE_POINT_LE;
3291 fibdinfo->UniqueId = cpu_to_le64(ksmbd_kstat->kstat->ino);
3292 fibdinfo->ShortNameLength = 0;
3293 fibdinfo->Reserved = 0;
3294 fibdinfo->Reserved2 = cpu_to_le16(0);
3295 if (d_info->hide_dot_file && d_info->name[0] == '.')
3296 fibdinfo->ExtFileAttributes |= ATTR_HIDDEN_LE;
3297 memcpy(fibdinfo->FileName, conv_name, conv_len);
3298 fibdinfo->NextEntryOffset = cpu_to_le32(next_entry_offset);
3301 case SMB_FIND_FILE_POSIX_INFO:
3303 struct smb2_posix_info *posix_info;
3306 posix_info = (struct smb2_posix_info *)kstat;
3307 posix_info->Ignored = 0;
3308 posix_info->CreationTime = cpu_to_le64(ksmbd_kstat->create_time);
3309 time = ksmbd_UnixTimeToNT(ksmbd_kstat->kstat->ctime);
3310 posix_info->ChangeTime = cpu_to_le64(time);
3311 time = ksmbd_UnixTimeToNT(ksmbd_kstat->kstat->atime);
3312 posix_info->LastAccessTime = cpu_to_le64(time);
3313 time = ksmbd_UnixTimeToNT(ksmbd_kstat->kstat->mtime);
3314 posix_info->LastWriteTime = cpu_to_le64(time);
3315 posix_info->EndOfFile = cpu_to_le64(ksmbd_kstat->kstat->size);
3316 posix_info->AllocationSize = cpu_to_le64(ksmbd_kstat->kstat->blocks << 9);
3317 posix_info->DeviceId = cpu_to_le32(ksmbd_kstat->kstat->rdev);
3318 posix_info->HardLinks = cpu_to_le32(ksmbd_kstat->kstat->nlink);
3319 posix_info->Mode = cpu_to_le32(ksmbd_kstat->kstat->mode);
3320 posix_info->Inode = cpu_to_le64(ksmbd_kstat->kstat->ino);
3321 posix_info->DosAttributes =
3322 S_ISDIR(ksmbd_kstat->kstat->mode) ? ATTR_DIRECTORY_LE : ATTR_ARCHIVE_LE;
3323 if (d_info->hide_dot_file && d_info->name[0] == '.')
3324 posix_info->DosAttributes |= ATTR_HIDDEN_LE;
3325 id_to_sid(from_kuid(&init_user_ns, ksmbd_kstat->kstat->uid),
3326 SIDNFS_USER, (struct smb_sid *)&posix_info->SidBuffer[0]);
3327 id_to_sid(from_kgid(&init_user_ns, ksmbd_kstat->kstat->gid),
3328 SIDNFS_GROUP, (struct smb_sid *)&posix_info->SidBuffer[20]);
3329 memcpy(posix_info->name, conv_name, conv_len);
3330 posix_info->name_len = cpu_to_le32(conv_len);
3331 posix_info->NextEntryOffset = cpu_to_le32(next_entry_offset);
3335 } /* switch (info_level) */
3337 d_info->last_entry_offset = d_info->data_count;
3338 d_info->data_count += next_entry_offset;
3339 d_info->out_buf_len -= next_entry_offset;
3340 d_info->wptr += next_entry_offset;
3344 "info_level : %d, buf_len :%d, next_offset : %d, data_count : %d\n",
3345 info_level, d_info->out_buf_len,
3346 next_entry_offset, d_info->data_count);
3351 struct smb2_query_dir_private {
3352 struct ksmbd_work *work;
3353 char *search_pattern;
3354 struct ksmbd_file *dir_fp;
3356 struct ksmbd_dir_info *d_info;
3360 static void lock_dir(struct ksmbd_file *dir_fp)
3362 struct dentry *dir = dir_fp->filp->f_path.dentry;
3364 inode_lock_nested(d_inode(dir), I_MUTEX_PARENT);
3367 static void unlock_dir(struct ksmbd_file *dir_fp)
3369 struct dentry *dir = dir_fp->filp->f_path.dentry;
3371 inode_unlock(d_inode(dir));
3374 static int process_query_dir_entries(struct smb2_query_dir_private *priv)
3377 struct ksmbd_kstat ksmbd_kstat;
3381 for (i = 0; i < priv->d_info->num_entry; i++) {
3382 struct dentry *dent;
3384 if (dentry_name(priv->d_info, priv->info_level))
3387 lock_dir(priv->dir_fp);
3388 dent = lookup_one_len(priv->d_info->name,
3389 priv->dir_fp->filp->f_path.dentry,
3390 priv->d_info->name_len);
3391 unlock_dir(priv->dir_fp);
3394 ksmbd_debug(SMB, "Cannot lookup `%s' [%ld]\n",
3399 if (unlikely(d_is_negative(dent))) {
3401 ksmbd_debug(SMB, "Negative dentry `%s'\n",
3402 priv->d_info->name);
3406 ksmbd_kstat.kstat = &kstat;
3407 if (priv->info_level != FILE_NAMES_INFORMATION)
3408 ksmbd_vfs_fill_dentry_attrs(priv->work,
3412 rc = smb2_populate_readdir_entry(priv->work->conn,
3423 static int reserve_populate_dentry(struct ksmbd_dir_info *d_info,
3428 int next_entry_offset;
3430 struct_sz = readdir_info_level_struct_sz(info_level);
3431 if (struct_sz == -EOPNOTSUPP)
3434 conv_len = (d_info->name_len + 1) * 2;
3435 next_entry_offset = ALIGN(struct_sz - 1 + conv_len,
3436 KSMBD_DIR_INFO_ALIGNMENT);
3438 if (next_entry_offset > d_info->out_buf_len) {
3439 d_info->out_buf_len = 0;
3443 switch (info_level) {
3444 case FILE_FULL_DIRECTORY_INFORMATION:
3446 struct file_full_directory_info *ffdinfo;
3448 ffdinfo = (struct file_full_directory_info *)d_info->wptr;
3449 memcpy(ffdinfo->FileName, d_info->name, d_info->name_len);
3450 ffdinfo->FileName[d_info->name_len] = 0x00;
3451 ffdinfo->FileNameLength = cpu_to_le32(d_info->name_len);
3452 ffdinfo->NextEntryOffset = cpu_to_le32(next_entry_offset);
3455 case FILE_BOTH_DIRECTORY_INFORMATION:
3457 struct file_both_directory_info *fbdinfo;
3459 fbdinfo = (struct file_both_directory_info *)d_info->wptr;
3460 memcpy(fbdinfo->FileName, d_info->name, d_info->name_len);
3461 fbdinfo->FileName[d_info->name_len] = 0x00;
3462 fbdinfo->FileNameLength = cpu_to_le32(d_info->name_len);
3463 fbdinfo->NextEntryOffset = cpu_to_le32(next_entry_offset);
3466 case FILE_DIRECTORY_INFORMATION:
3468 struct file_directory_info *fdinfo;
3470 fdinfo = (struct file_directory_info *)d_info->wptr;
3471 memcpy(fdinfo->FileName, d_info->name, d_info->name_len);
3472 fdinfo->FileName[d_info->name_len] = 0x00;
3473 fdinfo->FileNameLength = cpu_to_le32(d_info->name_len);
3474 fdinfo->NextEntryOffset = cpu_to_le32(next_entry_offset);
3477 case FILE_NAMES_INFORMATION:
3479 struct file_names_info *fninfo;
3481 fninfo = (struct file_names_info *)d_info->wptr;
3482 memcpy(fninfo->FileName, d_info->name, d_info->name_len);
3483 fninfo->FileName[d_info->name_len] = 0x00;
3484 fninfo->FileNameLength = cpu_to_le32(d_info->name_len);
3485 fninfo->NextEntryOffset = cpu_to_le32(next_entry_offset);
3488 case FILEID_FULL_DIRECTORY_INFORMATION:
3490 struct file_id_full_dir_info *dinfo;
3492 dinfo = (struct file_id_full_dir_info *)d_info->wptr;
3493 memcpy(dinfo->FileName, d_info->name, d_info->name_len);
3494 dinfo->FileName[d_info->name_len] = 0x00;
3495 dinfo->FileNameLength = cpu_to_le32(d_info->name_len);
3496 dinfo->NextEntryOffset = cpu_to_le32(next_entry_offset);
3499 case FILEID_BOTH_DIRECTORY_INFORMATION:
3501 struct file_id_both_directory_info *fibdinfo;
3503 fibdinfo = (struct file_id_both_directory_info *)d_info->wptr;
3504 memcpy(fibdinfo->FileName, d_info->name, d_info->name_len);
3505 fibdinfo->FileName[d_info->name_len] = 0x00;
3506 fibdinfo->FileNameLength = cpu_to_le32(d_info->name_len);
3507 fibdinfo->NextEntryOffset = cpu_to_le32(next_entry_offset);
3510 case SMB_FIND_FILE_POSIX_INFO:
3512 struct smb2_posix_info *posix_info;
3514 posix_info = (struct smb2_posix_info *)d_info->wptr;
3515 memcpy(posix_info->name, d_info->name, d_info->name_len);
3516 posix_info->name[d_info->name_len] = 0x00;
3517 posix_info->name_len = cpu_to_le32(d_info->name_len);
3518 posix_info->NextEntryOffset =
3519 cpu_to_le32(next_entry_offset);
3522 } /* switch (info_level) */
3524 d_info->num_entry++;
3525 d_info->out_buf_len -= next_entry_offset;
3526 d_info->wptr += next_entry_offset;
3530 static int __query_dir(struct dir_context *ctx, const char *name, int namlen,
3531 loff_t offset, u64 ino, unsigned int d_type)
3533 struct ksmbd_readdir_data *buf;
3534 struct smb2_query_dir_private *priv;
3535 struct ksmbd_dir_info *d_info;
3538 buf = container_of(ctx, struct ksmbd_readdir_data, ctx);
3539 priv = buf->private;
3540 d_info = priv->d_info;
3542 /* dot and dotdot entries are already reserved */
3543 if (!strcmp(".", name) || !strcmp("..", name))
3545 if (ksmbd_share_veto_filename(priv->work->tcon->share_conf, name))
3547 if (!match_pattern(name, namlen, priv->search_pattern))
3550 d_info->name = name;
3551 d_info->name_len = namlen;
3552 rc = reserve_populate_dentry(d_info, priv->info_level);
3555 if (d_info->flags & SMB2_RETURN_SINGLE_ENTRY) {
3556 d_info->out_buf_len = 0;
3562 static void restart_ctx(struct dir_context *ctx)
3567 static int verify_info_level(int info_level)
3569 switch (info_level) {
3570 case FILE_FULL_DIRECTORY_INFORMATION:
3571 case FILE_BOTH_DIRECTORY_INFORMATION:
3572 case FILE_DIRECTORY_INFORMATION:
3573 case FILE_NAMES_INFORMATION:
3574 case FILEID_FULL_DIRECTORY_INFORMATION:
3575 case FILEID_BOTH_DIRECTORY_INFORMATION:
3576 case SMB_FIND_FILE_POSIX_INFO:
3585 int smb2_query_dir(struct ksmbd_work *work)
3587 struct ksmbd_conn *conn = work->conn;
3588 struct smb2_query_directory_req *req;
3589 struct smb2_query_directory_rsp *rsp, *rsp_org;
3590 struct ksmbd_share_config *share = work->tcon->share_conf;
3591 struct ksmbd_file *dir_fp = NULL;
3592 struct ksmbd_dir_info d_info;
3594 char *srch_ptr = NULL;
3595 unsigned char srch_flag;
3597 struct smb2_query_dir_private query_dir_private = {NULL, };
3599 rsp_org = work->response_buf;
3600 WORK_BUFFERS(work, req, rsp);
3602 if (ksmbd_override_fsids(work)) {
3603 rsp->hdr.Status = STATUS_NO_MEMORY;
3604 smb2_set_err_rsp(work);
3608 rc = verify_info_level(req->FileInformationClass);
3614 dir_fp = ksmbd_lookup_fd_slow(work,
3615 le64_to_cpu(req->VolatileFileId),
3616 le64_to_cpu(req->PersistentFileId));
3622 if (!(dir_fp->daccess & FILE_LIST_DIRECTORY_LE) ||
3623 inode_permission(&init_user_ns, file_inode(dir_fp->filp), MAY_READ | MAY_EXEC)) {
3624 ksmbd_err("no right to enumerate directory (%s)\n",
3625 FP_FILENAME(dir_fp));
3630 if (!S_ISDIR(file_inode(dir_fp->filp)->i_mode)) {
3631 ksmbd_err("can't do query dir for a file\n");
3636 srch_flag = req->Flags;
3637 srch_ptr = smb_strndup_from_utf16(req->Buffer,
3638 le16_to_cpu(req->FileNameLength), 1,
3640 if (IS_ERR(srch_ptr)) {
3641 ksmbd_debug(SMB, "Search Pattern not found\n");
3645 ksmbd_debug(SMB, "Search pattern is %s\n", srch_ptr);
3648 ksmbd_debug(SMB, "Directory name is %s\n", dir_fp->filename);
3650 if (srch_flag & SMB2_REOPEN || srch_flag & SMB2_RESTART_SCANS) {
3651 ksmbd_debug(SMB, "Restart directory scan\n");
3652 generic_file_llseek(dir_fp->filp, 0, SEEK_SET);
3653 restart_ctx(&dir_fp->readdir_data.ctx);
3656 memset(&d_info, 0, sizeof(struct ksmbd_dir_info));
3657 d_info.wptr = (char *)rsp->Buffer;
3658 d_info.rptr = (char *)rsp->Buffer;
3659 d_info.out_buf_len = (work->response_sz - (get_rfc1002_len(rsp_org) + 4));
3660 d_info.out_buf_len = min_t(int, d_info.out_buf_len,
3661 le32_to_cpu(req->OutputBufferLength)) - sizeof(struct smb2_query_directory_rsp);
3662 d_info.flags = srch_flag;
3665 * reserve dot and dotdot entries in head of buffer
3668 rc = ksmbd_populate_dot_dotdot_entries(work, req->FileInformationClass,
3669 dir_fp, &d_info, srch_ptr, smb2_populate_readdir_entry);
3675 if (test_share_config_flag(share, KSMBD_SHARE_FLAG_HIDE_DOT_FILES))
3676 d_info.hide_dot_file = true;
3678 buffer_sz = d_info.out_buf_len;
3679 d_info.rptr = d_info.wptr;
3680 query_dir_private.work = work;
3681 query_dir_private.search_pattern = srch_ptr;
3682 query_dir_private.dir_fp = dir_fp;
3683 query_dir_private.d_info = &d_info;
3684 query_dir_private.info_level = req->FileInformationClass;
3685 dir_fp->readdir_data.private = &query_dir_private;
3686 set_ctx_actor(&dir_fp->readdir_data.ctx, __query_dir);
3688 rc = ksmbd_vfs_readdir(dir_fp->filp, &dir_fp->readdir_data);
3690 restart_ctx(&dir_fp->readdir_data.ctx);
3696 d_info.wptr = d_info.rptr;
3697 d_info.out_buf_len = buffer_sz;
3698 rc = process_query_dir_entries(&query_dir_private);
3702 if (!d_info.data_count && d_info.out_buf_len >= 0) {
3703 if (srch_flag & SMB2_RETURN_SINGLE_ENTRY && !is_asterisk(srch_ptr)) {
3704 rsp->hdr.Status = STATUS_NO_SUCH_FILE;
3706 dir_fp->dot_dotdot[0] = dir_fp->dot_dotdot[1] = 0;
3707 rsp->hdr.Status = STATUS_NO_MORE_FILES;
3709 rsp->StructureSize = cpu_to_le16(9);
3710 rsp->OutputBufferOffset = cpu_to_le16(0);
3711 rsp->OutputBufferLength = cpu_to_le32(0);
3713 inc_rfc1001_len(rsp_org, 9);
3715 ((struct file_directory_info *)
3716 ((char *)rsp->Buffer + d_info.last_entry_offset))
3717 ->NextEntryOffset = 0;
3719 rsp->StructureSize = cpu_to_le16(9);
3720 rsp->OutputBufferOffset = cpu_to_le16(72);
3721 rsp->OutputBufferLength = cpu_to_le32(d_info.data_count);
3722 inc_rfc1001_len(rsp_org, 8 + d_info.data_count);
3726 ksmbd_fd_put(work, dir_fp);
3727 ksmbd_revert_fsids(work);
3731 ksmbd_err("error while processing smb2 query dir rc = %d\n", rc);
3736 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
3737 else if (rc == -EACCES)
3738 rsp->hdr.Status = STATUS_ACCESS_DENIED;
3739 else if (rc == -ENOENT)
3740 rsp->hdr.Status = STATUS_NO_SUCH_FILE;
3741 else if (rc == -EBADF)
3742 rsp->hdr.Status = STATUS_FILE_CLOSED;
3743 else if (rc == -ENOMEM)
3744 rsp->hdr.Status = STATUS_NO_MEMORY;
3745 else if (rc == -EFAULT)
3746 rsp->hdr.Status = STATUS_INVALID_INFO_CLASS;
3747 if (!rsp->hdr.Status)
3748 rsp->hdr.Status = STATUS_UNEXPECTED_IO_ERROR;
3750 smb2_set_err_rsp(work);
3751 ksmbd_fd_put(work, dir_fp);
3752 ksmbd_revert_fsids(work);
3757 * buffer_check_err() - helper function to check buffer errors
3758 * @reqOutputBufferLength: max buffer length expected in command response
3759 * @rsp: query info response buffer contains output buffer length
3760 * @infoclass_size: query info class response buffer size
3762 * Return: 0 on success, otherwise error
3764 static int buffer_check_err(int reqOutputBufferLength,
3765 struct smb2_query_info_rsp *rsp, int infoclass_size)
3767 if (reqOutputBufferLength < le32_to_cpu(rsp->OutputBufferLength)) {
3768 if (reqOutputBufferLength < infoclass_size) {
3769 ksmbd_err("Invalid Buffer Size Requested\n");
3770 rsp->hdr.Status = STATUS_INFO_LENGTH_MISMATCH;
3771 rsp->hdr.smb2_buf_length = cpu_to_be32(sizeof(struct smb2_hdr) - 4);
3775 ksmbd_debug(SMB, "Buffer Overflow\n");
3776 rsp->hdr.Status = STATUS_BUFFER_OVERFLOW;
3777 rsp->hdr.smb2_buf_length = cpu_to_be32(sizeof(struct smb2_hdr) - 4 +
3778 reqOutputBufferLength);
3779 rsp->OutputBufferLength = cpu_to_le32(reqOutputBufferLength);
3784 static void get_standard_info_pipe(struct smb2_query_info_rsp *rsp)
3786 struct smb2_file_standard_info *sinfo;
3788 sinfo = (struct smb2_file_standard_info *)rsp->Buffer;
3790 sinfo->AllocationSize = cpu_to_le64(4096);
3791 sinfo->EndOfFile = cpu_to_le64(0);
3792 sinfo->NumberOfLinks = cpu_to_le32(1);
3793 sinfo->DeletePending = 1;
3794 sinfo->Directory = 0;
3795 rsp->OutputBufferLength =
3796 cpu_to_le32(sizeof(struct smb2_file_standard_info));
3797 inc_rfc1001_len(rsp, sizeof(struct smb2_file_standard_info));
3800 static void get_internal_info_pipe(struct smb2_query_info_rsp *rsp,
3803 struct smb2_file_internal_info *file_info;
3805 file_info = (struct smb2_file_internal_info *)rsp->Buffer;
3807 /* any unique number */
3808 file_info->IndexNumber = cpu_to_le64(num | (1ULL << 63));
3809 rsp->OutputBufferLength =
3810 cpu_to_le32(sizeof(struct smb2_file_internal_info));
3811 inc_rfc1001_len(rsp, sizeof(struct smb2_file_internal_info));
3814 static int smb2_get_info_file_pipe(struct ksmbd_session *sess,
3815 struct smb2_query_info_req *req,
3816 struct smb2_query_info_rsp *rsp)
3822 * Windows can sometime send query file info request on
3823 * pipe without opening it, checking error condition here
3825 id = le64_to_cpu(req->VolatileFileId);
3826 if (!ksmbd_session_rpc_method(sess, id))
3829 ksmbd_debug(SMB, "FileInfoClass %u, FileId 0x%llx\n",
3830 req->FileInfoClass, le64_to_cpu(req->VolatileFileId));
3832 switch (req->FileInfoClass) {
3833 case FILE_STANDARD_INFORMATION:
3834 get_standard_info_pipe(rsp);
3835 rc = buffer_check_err(le32_to_cpu(req->OutputBufferLength),
3836 rsp, FILE_STANDARD_INFORMATION_SIZE);
3838 case FILE_INTERNAL_INFORMATION:
3839 get_internal_info_pipe(rsp, id);
3840 rc = buffer_check_err(le32_to_cpu(req->OutputBufferLength),
3841 rsp, FILE_INTERNAL_INFORMATION_SIZE);
3844 ksmbd_debug(SMB, "smb2_info_file_pipe for %u not supported\n",
3845 req->FileInfoClass);
3852 * smb2_get_ea() - handler for smb2 get extended attribute command
3853 * @work: smb work containing query info command buffer
3854 * @fp: ksmbd_file pointer
3855 * @req: get extended attribute request
3856 * @rsp: response buffer pointer
3857 * @rsp_org: base response buffer pointer in case of chained response
3859 * Return: 0 on success, otherwise error
3861 static int smb2_get_ea(struct ksmbd_work *work, struct ksmbd_file *fp,
3862 struct smb2_query_info_req *req,
3863 struct smb2_query_info_rsp *rsp, void *rsp_org)
3865 struct smb2_ea_info *eainfo, *prev_eainfo;
3866 char *name, *ptr, *xattr_list = NULL, *buf;
3867 int rc, name_len, value_len, xattr_list_len, idx;
3868 ssize_t buf_free_len, alignment_bytes, next_offset, rsp_data_cnt = 0;
3869 struct smb2_ea_info_req *ea_req = NULL;
3872 if (!(fp->daccess & FILE_READ_EA_LE)) {
3873 ksmbd_err("Not permitted to read ext attr : 0x%x\n",
3878 path = &fp->filp->f_path;
3879 /* single EA entry is requested with given user.* name */
3880 if (req->InputBufferLength) {
3881 ea_req = (struct smb2_ea_info_req *)req->Buffer;
3883 /* need to send all EAs, if no specific EA is requested*/
3884 if (le32_to_cpu(req->Flags) & SL_RETURN_SINGLE_ENTRY)
3886 "All EAs are requested but need to send single EA entry in rsp flags 0x%x\n",
3887 le32_to_cpu(req->Flags));
3890 buf_free_len = work->response_sz -
3891 (get_rfc1002_len(rsp_org) + 4) -
3892 sizeof(struct smb2_query_info_rsp);
3894 if (le32_to_cpu(req->OutputBufferLength) < buf_free_len)
3895 buf_free_len = le32_to_cpu(req->OutputBufferLength);
3897 rc = ksmbd_vfs_listxattr(path->dentry, &xattr_list);
3899 rsp->hdr.Status = STATUS_INVALID_HANDLE;
3901 } else if (!rc) { /* there is no EA in the file */
3902 ksmbd_debug(SMB, "no ea data in the file\n");
3905 xattr_list_len = rc;
3907 ptr = (char *)rsp->Buffer;
3908 eainfo = (struct smb2_ea_info *)ptr;
3909 prev_eainfo = eainfo;
3912 while (idx < xattr_list_len) {
3913 name = xattr_list + idx;
3914 name_len = strlen(name);
3916 ksmbd_debug(SMB, "%s, len %d\n", name, name_len);
3917 idx += name_len + 1;
3920 * CIFS does not support EA other than user.* namespace,
3921 * still keep the framework generic, to list other attrs
3924 if (strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN))
3927 if (!strncmp(&name[XATTR_USER_PREFIX_LEN], STREAM_PREFIX,
3931 if (req->InputBufferLength &&
3932 strncmp(&name[XATTR_USER_PREFIX_LEN], ea_req->name,
3933 ea_req->EaNameLength))
3936 if (!strncmp(&name[XATTR_USER_PREFIX_LEN],
3937 DOS_ATTRIBUTE_PREFIX, DOS_ATTRIBUTE_PREFIX_LEN))
3940 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN))
3941 name_len -= XATTR_USER_PREFIX_LEN;
3943 ptr = (char *)(&eainfo->name + name_len + 1);
3944 buf_free_len -= (offsetof(struct smb2_ea_info, name) +
3946 /* bailout if xattr can't fit in buf_free_len */
3947 value_len = ksmbd_vfs_getxattr(path->dentry, name, &buf);
3948 if (value_len <= 0) {
3950 rsp->hdr.Status = STATUS_INVALID_HANDLE;
3954 buf_free_len -= value_len;
3955 if (buf_free_len < 0) {
3960 memcpy(ptr, buf, value_len);
3965 eainfo->EaNameLength = name_len;
3967 if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN))
3968 memcpy(eainfo->name, &name[XATTR_USER_PREFIX_LEN],
3971 memcpy(eainfo->name, name, name_len);
3973 eainfo->name[name_len] = '\0';
3974 eainfo->EaValueLength = cpu_to_le16(value_len);
3975 next_offset = offsetof(struct smb2_ea_info, name) +
3976 name_len + 1 + value_len;
3978 /* align next xattr entry at 4 byte bundary */
3979 alignment_bytes = ((next_offset + 3) & ~3) - next_offset;
3980 if (alignment_bytes) {
3981 memset(ptr, '\0', alignment_bytes);
3982 ptr += alignment_bytes;
3983 next_offset += alignment_bytes;
3984 buf_free_len -= alignment_bytes;
3986 eainfo->NextEntryOffset = cpu_to_le32(next_offset);
3987 prev_eainfo = eainfo;
3988 eainfo = (struct smb2_ea_info *)ptr;
3989 rsp_data_cnt += next_offset;
3991 if (req->InputBufferLength) {
3992 ksmbd_debug(SMB, "single entry requested\n");
3997 /* no more ea entries */
3998 prev_eainfo->NextEntryOffset = 0;
4001 if (rsp_data_cnt == 0)
4002 rsp->hdr.Status = STATUS_NO_EAS_ON_FILE;
4003 rsp->OutputBufferLength = cpu_to_le32(rsp_data_cnt);
4004 inc_rfc1001_len(rsp_org, rsp_data_cnt);
4010 static void get_file_access_info(struct smb2_query_info_rsp *rsp,
4011 struct ksmbd_file *fp, void *rsp_org)
4013 struct smb2_file_access_info *file_info;
4015 file_info = (struct smb2_file_access_info *)rsp->Buffer;
4016 file_info->AccessFlags = fp->daccess;
4017 rsp->OutputBufferLength =
4018 cpu_to_le32(sizeof(struct smb2_file_access_info));
4019 inc_rfc1001_len(rsp_org, sizeof(struct smb2_file_access_info));
4022 static int get_file_basic_info(struct smb2_query_info_rsp *rsp,
4023 struct ksmbd_file *fp, void *rsp_org)
4025 struct smb2_file_all_info *basic_info;
4029 if (!(fp->daccess & FILE_READ_ATTRIBUTES_LE)) {
4030 ksmbd_err("no right to read the attributes : 0x%x\n",
4035 basic_info = (struct smb2_file_all_info *)rsp->Buffer;
4036 generic_fillattr(&init_user_ns, FP_INODE(fp), &stat);
4037 basic_info->CreationTime = cpu_to_le64(fp->create_time);
4038 time = ksmbd_UnixTimeToNT(stat.atime);
4039 basic_info->LastAccessTime = cpu_to_le64(time);
4040 time = ksmbd_UnixTimeToNT(stat.mtime);
4041 basic_info->LastWriteTime = cpu_to_le64(time);
4042 time = ksmbd_UnixTimeToNT(stat.ctime);
4043 basic_info->ChangeTime = cpu_to_le64(time);
4044 basic_info->Attributes = fp->f_ci->m_fattr;
4045 basic_info->Pad1 = 0;
4046 rsp->OutputBufferLength =
4047 cpu_to_le32(offsetof(struct smb2_file_all_info, AllocationSize));
4048 inc_rfc1001_len(rsp_org, offsetof(struct smb2_file_all_info,
4053 static unsigned long long get_allocation_size(struct inode *inode,
4056 unsigned long long alloc_size = 0;
4058 if (!S_ISDIR(stat->mode)) {
4059 if ((inode->i_blocks << 9) <= stat->size)
4060 alloc_size = stat->size;
4062 alloc_size = inode->i_blocks << 9;
4068 static void get_file_standard_info(struct smb2_query_info_rsp *rsp,
4069 struct ksmbd_file *fp, void *rsp_org)
4071 struct smb2_file_standard_info *sinfo;
4072 unsigned int delete_pending;
4073 struct inode *inode;
4076 inode = FP_INODE(fp);
4077 generic_fillattr(&init_user_ns, inode, &stat);
4079 sinfo = (struct smb2_file_standard_info *)rsp->Buffer;
4080 delete_pending = ksmbd_inode_pending_delete(fp);
4082 sinfo->AllocationSize = cpu_to_le64(get_allocation_size(inode, &stat));
4083 sinfo->EndOfFile = S_ISDIR(stat.mode) ? 0 : cpu_to_le64(stat.size);
4084 sinfo->NumberOfLinks = cpu_to_le32(get_nlink(&stat) - delete_pending);
4085 sinfo->DeletePending = delete_pending;
4086 sinfo->Directory = S_ISDIR(stat.mode) ? 1 : 0;
4087 rsp->OutputBufferLength =
4088 cpu_to_le32(sizeof(struct smb2_file_standard_info));
4089 inc_rfc1001_len(rsp_org,
4090 sizeof(struct smb2_file_standard_info));
4093 static void get_file_alignment_info(struct smb2_query_info_rsp *rsp,
4096 struct smb2_file_alignment_info *file_info;
4098 file_info = (struct smb2_file_alignment_info *)rsp->Buffer;
4099 file_info->AlignmentRequirement = 0;
4100 rsp->OutputBufferLength =
4101 cpu_to_le32(sizeof(struct smb2_file_alignment_info));
4102 inc_rfc1001_len(rsp_org,
4103 sizeof(struct smb2_file_alignment_info));
4106 static int get_file_all_info(struct ksmbd_work *work,
4107 struct smb2_query_info_rsp *rsp, struct ksmbd_file *fp,
4110 struct ksmbd_conn *conn = work->conn;
4111 struct smb2_file_all_info *file_info;
4112 unsigned int delete_pending;
4113 struct inode *inode;
4119 if (!(fp->daccess & FILE_READ_ATTRIBUTES_LE)) {
4120 ksmbd_debug(SMB, "no right to read the attributes : 0x%x\n",
4125 filename = convert_to_nt_pathname(fp->filename,
4126 work->tcon->share_conf->path);
4130 inode = FP_INODE(fp);
4131 generic_fillattr(&init_user_ns, inode, &stat);
4133 ksmbd_debug(SMB, "filename = %s\n", filename);
4134 delete_pending = ksmbd_inode_pending_delete(fp);
4135 file_info = (struct smb2_file_all_info *)rsp->Buffer;
4137 file_info->CreationTime = cpu_to_le64(fp->create_time);
4138 time = ksmbd_UnixTimeToNT(stat.atime);
4139 file_info->LastAccessTime = cpu_to_le64(time);
4140 time = ksmbd_UnixTimeToNT(stat.mtime);
4141 file_info->LastWriteTime = cpu_to_le64(time);
4142 time = ksmbd_UnixTimeToNT(stat.ctime);
4143 file_info->ChangeTime = cpu_to_le64(time);
4144 file_info->Attributes = fp->f_ci->m_fattr;
4145 file_info->Pad1 = 0;
4146 file_info->AllocationSize =
4147 cpu_to_le64(get_allocation_size(inode, &stat));
4148 file_info->EndOfFile = S_ISDIR(stat.mode) ? 0 : cpu_to_le64(stat.size);
4149 file_info->NumberOfLinks =
4150 cpu_to_le32(get_nlink(&stat) - delete_pending);
4151 file_info->DeletePending = delete_pending;
4152 file_info->Directory = S_ISDIR(stat.mode) ? 1 : 0;
4153 file_info->Pad2 = 0;
4154 file_info->IndexNumber = cpu_to_le64(stat.ino);
4155 file_info->EASize = 0;
4156 file_info->AccessFlags = fp->daccess;
4157 file_info->CurrentByteOffset = cpu_to_le64(fp->filp->f_pos);
4158 file_info->Mode = fp->coption;
4159 file_info->AlignmentRequirement = 0;
4160 conv_len = smbConvertToUTF16((__le16 *)file_info->FileName,
4166 file_info->FileNameLength = cpu_to_le32(conv_len);
4167 rsp->OutputBufferLength =
4168 cpu_to_le32(sizeof(struct smb2_file_all_info) + conv_len - 1);
4170 inc_rfc1001_len(rsp_org, le32_to_cpu(rsp->OutputBufferLength));
4174 static void get_file_alternate_info(struct ksmbd_work *work,
4175 struct smb2_query_info_rsp *rsp, struct ksmbd_file *fp,
4178 struct ksmbd_conn *conn = work->conn;
4179 struct smb2_file_alt_name_info *file_info;
4183 filename = (char *)FP_FILENAME(fp);
4184 file_info = (struct smb2_file_alt_name_info *)rsp->Buffer;
4185 conv_len = ksmbd_extract_shortname(conn,
4187 file_info->FileName);
4188 file_info->FileNameLength = cpu_to_le32(conv_len);
4189 rsp->OutputBufferLength =
4190 cpu_to_le32(sizeof(struct smb2_file_alt_name_info) + conv_len);
4191 inc_rfc1001_len(rsp_org, le32_to_cpu(rsp->OutputBufferLength));
4194 static void get_file_stream_info(struct ksmbd_work *work,
4195 struct smb2_query_info_rsp *rsp, struct ksmbd_file *fp,
4198 struct ksmbd_conn *conn = work->conn;
4199 struct smb2_file_stream_info *file_info;
4200 char *stream_name, *xattr_list = NULL, *stream_buf;
4202 struct path *path = &fp->filp->f_path;
4203 ssize_t xattr_list_len;
4204 int nbytes = 0, streamlen, stream_name_len, next, idx = 0;
4206 generic_fillattr(&init_user_ns, FP_INODE(fp), &stat);
4207 file_info = (struct smb2_file_stream_info *)rsp->Buffer;
4209 xattr_list_len = ksmbd_vfs_listxattr(path->dentry, &xattr_list);
4210 if (xattr_list_len < 0) {
4212 } else if (!xattr_list_len) {
4213 ksmbd_debug(SMB, "empty xattr in the file\n");
4217 while (idx < xattr_list_len) {
4218 stream_name = xattr_list + idx;
4219 streamlen = strlen(stream_name);
4220 idx += streamlen + 1;
4222 ksmbd_debug(SMB, "%s, len %d\n", stream_name, streamlen);
4224 if (strncmp(&stream_name[XATTR_USER_PREFIX_LEN],
4225 STREAM_PREFIX, STREAM_PREFIX_LEN))
4228 stream_name_len = streamlen - (XATTR_USER_PREFIX_LEN +
4230 streamlen = stream_name_len;
4234 stream_buf = kmalloc(streamlen + 1, GFP_KERNEL);
4238 streamlen = snprintf(stream_buf, streamlen + 1,
4239 ":%s", &stream_name[XATTR_NAME_STREAM_LEN]);
4241 file_info = (struct smb2_file_stream_info *)
4242 &rsp->Buffer[nbytes];
4243 streamlen = smbConvertToUTF16((__le16 *)file_info->StreamName,
4250 file_info->StreamNameLength = cpu_to_le32(streamlen);
4251 file_info->StreamSize = cpu_to_le64(stream_name_len);
4252 file_info->StreamAllocationSize = cpu_to_le64(stream_name_len);
4254 next = sizeof(struct smb2_file_stream_info) + streamlen;
4256 file_info->NextEntryOffset = cpu_to_le32(next);
4260 file_info = (struct smb2_file_stream_info *)
4261 &rsp->Buffer[nbytes];
4262 streamlen = smbConvertToUTF16((__le16 *)file_info->StreamName,
4263 "::$DATA", 7, conn->local_nls, 0);
4265 file_info->StreamNameLength = cpu_to_le32(streamlen);
4266 file_info->StreamSize = S_ISDIR(stat.mode) ? 0 :
4267 cpu_to_le64(stat.size);
4268 file_info->StreamAllocationSize = S_ISDIR(stat.mode) ? 0 :
4269 cpu_to_le64(stat.size);
4270 nbytes += sizeof(struct smb2_file_stream_info) + streamlen;
4273 /* last entry offset should be 0 */
4274 file_info->NextEntryOffset = 0;
4278 rsp->OutputBufferLength = cpu_to_le32(nbytes);
4279 inc_rfc1001_len(rsp_org, nbytes);
4282 static void get_file_internal_info(struct smb2_query_info_rsp *rsp,
4283 struct ksmbd_file *fp, void *rsp_org)
4285 struct smb2_file_internal_info *file_info;
4288 generic_fillattr(&init_user_ns, FP_INODE(fp), &stat);
4289 file_info = (struct smb2_file_internal_info *)rsp->Buffer;
4290 file_info->IndexNumber = cpu_to_le64(stat.ino);
4291 rsp->OutputBufferLength =
4292 cpu_to_le32(sizeof(struct smb2_file_internal_info));
4293 inc_rfc1001_len(rsp_org, sizeof(struct smb2_file_internal_info));
4296 static int get_file_network_open_info(struct smb2_query_info_rsp *rsp,
4297 struct ksmbd_file *fp, void *rsp_org)
4299 struct smb2_file_ntwrk_info *file_info;
4300 struct inode *inode;
4304 if (!(fp->daccess & FILE_READ_ATTRIBUTES_LE)) {
4305 ksmbd_err("no right to read the attributes : 0x%x\n",
4310 file_info = (struct smb2_file_ntwrk_info *)rsp->Buffer;
4312 inode = FP_INODE(fp);
4313 generic_fillattr(&init_user_ns, inode, &stat);
4315 file_info->CreationTime = cpu_to_le64(fp->create_time);
4316 time = ksmbd_UnixTimeToNT(stat.atime);
4317 file_info->LastAccessTime = cpu_to_le64(time);
4318 time = ksmbd_UnixTimeToNT(stat.mtime);
4319 file_info->LastWriteTime = cpu_to_le64(time);
4320 time = ksmbd_UnixTimeToNT(stat.ctime);
4321 file_info->ChangeTime = cpu_to_le64(time);
4322 file_info->Attributes = fp->f_ci->m_fattr;
4323 file_info->AllocationSize =
4324 cpu_to_le64(get_allocation_size(inode, &stat));
4325 file_info->EndOfFile = S_ISDIR(stat.mode) ? 0 : cpu_to_le64(stat.size);
4326 file_info->Reserved = cpu_to_le32(0);
4327 rsp->OutputBufferLength =
4328 cpu_to_le32(sizeof(struct smb2_file_ntwrk_info));
4329 inc_rfc1001_len(rsp_org, sizeof(struct smb2_file_ntwrk_info));
4333 static void get_file_ea_info(struct smb2_query_info_rsp *rsp, void *rsp_org)
4335 struct smb2_file_ea_info *file_info;
4337 file_info = (struct smb2_file_ea_info *)rsp->Buffer;
4338 file_info->EASize = 0;
4339 rsp->OutputBufferLength =
4340 cpu_to_le32(sizeof(struct smb2_file_ea_info));
4341 inc_rfc1001_len(rsp_org, sizeof(struct smb2_file_ea_info));
4344 static void get_file_position_info(struct smb2_query_info_rsp *rsp,
4345 struct ksmbd_file *fp, void *rsp_org)
4347 struct smb2_file_pos_info *file_info;
4349 file_info = (struct smb2_file_pos_info *)rsp->Buffer;
4350 file_info->CurrentByteOffset = cpu_to_le64(fp->filp->f_pos);
4351 rsp->OutputBufferLength =
4352 cpu_to_le32(sizeof(struct smb2_file_pos_info));
4353 inc_rfc1001_len(rsp_org, sizeof(struct smb2_file_pos_info));
4356 static void get_file_mode_info(struct smb2_query_info_rsp *rsp,
4357 struct ksmbd_file *fp, void *rsp_org)
4359 struct smb2_file_mode_info *file_info;
4361 file_info = (struct smb2_file_mode_info *)rsp->Buffer;
4362 file_info->Mode = fp->coption & FILE_MODE_INFO_MASK;
4363 rsp->OutputBufferLength =
4364 cpu_to_le32(sizeof(struct smb2_file_mode_info));
4365 inc_rfc1001_len(rsp_org, sizeof(struct smb2_file_mode_info));
4368 static void get_file_compression_info(struct smb2_query_info_rsp *rsp,
4369 struct ksmbd_file *fp, void *rsp_org)
4371 struct smb2_file_comp_info *file_info;
4374 generic_fillattr(&init_user_ns, FP_INODE(fp), &stat);
4376 file_info = (struct smb2_file_comp_info *)rsp->Buffer;
4377 file_info->CompressedFileSize = cpu_to_le64(stat.blocks << 9);
4378 file_info->CompressionFormat = COMPRESSION_FORMAT_NONE;
4379 file_info->CompressionUnitShift = 0;
4380 file_info->ChunkShift = 0;
4381 file_info->ClusterShift = 0;
4382 memset(&file_info->Reserved[0], 0, 3);
4384 rsp->OutputBufferLength =
4385 cpu_to_le32(sizeof(struct smb2_file_comp_info));
4386 inc_rfc1001_len(rsp_org, sizeof(struct smb2_file_comp_info));
4389 static int get_file_attribute_tag_info(struct smb2_query_info_rsp *rsp,
4390 struct ksmbd_file *fp, void *rsp_org)
4392 struct smb2_file_attr_tag_info *file_info;
4394 if (!(fp->daccess & FILE_READ_ATTRIBUTES_LE)) {
4395 ksmbd_err("no right to read the attributes : 0x%x\n",
4400 file_info = (struct smb2_file_attr_tag_info *)rsp->Buffer;
4401 file_info->FileAttributes = fp->f_ci->m_fattr;
4402 file_info->ReparseTag = 0;
4403 rsp->OutputBufferLength =
4404 cpu_to_le32(sizeof(struct smb2_file_attr_tag_info));
4405 inc_rfc1001_len(rsp_org,
4406 sizeof(struct smb2_file_attr_tag_info));
4410 static int find_file_posix_info(struct smb2_query_info_rsp *rsp,
4411 struct ksmbd_file *fp, void *rsp_org)
4413 struct smb311_posix_qinfo *file_info;
4414 struct inode *inode = FP_INODE(fp);
4417 file_info = (struct smb311_posix_qinfo *)rsp->Buffer;
4418 file_info->CreationTime = cpu_to_le64(fp->create_time);
4419 time = ksmbd_UnixTimeToNT(inode->i_atime);
4420 file_info->LastAccessTime = cpu_to_le64(time);
4421 time = ksmbd_UnixTimeToNT(inode->i_mtime);
4422 file_info->LastWriteTime = cpu_to_le64(time);
4423 time = ksmbd_UnixTimeToNT(inode->i_ctime);
4424 file_info->ChangeTime = cpu_to_le64(time);
4425 file_info->DosAttributes = fp->f_ci->m_fattr;
4426 file_info->Inode = cpu_to_le64(inode->i_ino);
4427 file_info->EndOfFile = cpu_to_le64(inode->i_size);
4428 file_info->AllocationSize = cpu_to_le64(inode->i_blocks << 9);
4429 file_info->HardLinks = cpu_to_le32(inode->i_nlink);
4430 file_info->Mode = cpu_to_le32(inode->i_mode);
4431 file_info->DeviceId = cpu_to_le32(inode->i_rdev);
4432 rsp->OutputBufferLength =
4433 cpu_to_le32(sizeof(struct smb311_posix_qinfo));
4434 inc_rfc1001_len(rsp_org, sizeof(struct smb311_posix_qinfo));
4438 static int smb2_get_info_file(struct ksmbd_work *work,
4439 struct smb2_query_info_req *req,
4440 struct smb2_query_info_rsp *rsp, void *rsp_org)
4442 struct ksmbd_file *fp;
4443 int fileinfoclass = 0;
4445 int file_infoclass_size;
4446 unsigned int id = KSMBD_NO_FID, pid = KSMBD_NO_FID;
4448 if (test_share_config_flag(work->tcon->share_conf,
4449 KSMBD_SHARE_FLAG_PIPE)) {
4450 /* smb2 info file called for pipe */
4451 return smb2_get_info_file_pipe(work->sess, req, rsp);
4454 if (work->next_smb2_rcv_hdr_off) {
4455 if (!HAS_FILE_ID(le64_to_cpu(req->VolatileFileId))) {
4456 ksmbd_debug(SMB, "Compound request set FID = %u\n",
4457 work->compound_fid);
4458 id = work->compound_fid;
4459 pid = work->compound_pfid;
4463 if (!HAS_FILE_ID(id)) {
4464 id = le64_to_cpu(req->VolatileFileId);
4465 pid = le64_to_cpu(req->PersistentFileId);
4468 fp = ksmbd_lookup_fd_slow(work, id, pid);
4472 fileinfoclass = req->FileInfoClass;
4474 switch (fileinfoclass) {
4475 case FILE_ACCESS_INFORMATION:
4476 get_file_access_info(rsp, fp, rsp_org);
4477 file_infoclass_size = FILE_ACCESS_INFORMATION_SIZE;
4480 case FILE_BASIC_INFORMATION:
4481 rc = get_file_basic_info(rsp, fp, rsp_org);
4482 file_infoclass_size = FILE_BASIC_INFORMATION_SIZE;
4485 case FILE_STANDARD_INFORMATION:
4486 get_file_standard_info(rsp, fp, rsp_org);
4487 file_infoclass_size = FILE_STANDARD_INFORMATION_SIZE;
4490 case FILE_ALIGNMENT_INFORMATION:
4491 get_file_alignment_info(rsp, rsp_org);
4492 file_infoclass_size = FILE_ALIGNMENT_INFORMATION_SIZE;
4495 case FILE_ALL_INFORMATION:
4496 rc = get_file_all_info(work, rsp, fp, rsp_org);
4497 file_infoclass_size = FILE_ALL_INFORMATION_SIZE;
4500 case FILE_ALTERNATE_NAME_INFORMATION:
4501 get_file_alternate_info(work, rsp, fp, rsp_org);
4502 file_infoclass_size = FILE_ALTERNATE_NAME_INFORMATION_SIZE;
4505 case FILE_STREAM_INFORMATION:
4506 get_file_stream_info(work, rsp, fp, rsp_org);
4507 file_infoclass_size = FILE_STREAM_INFORMATION_SIZE;
4510 case FILE_INTERNAL_INFORMATION:
4511 get_file_internal_info(rsp, fp, rsp_org);
4512 file_infoclass_size = FILE_INTERNAL_INFORMATION_SIZE;
4515 case FILE_NETWORK_OPEN_INFORMATION:
4516 rc = get_file_network_open_info(rsp, fp, rsp_org);
4517 file_infoclass_size = FILE_NETWORK_OPEN_INFORMATION_SIZE;
4520 case FILE_EA_INFORMATION:
4521 get_file_ea_info(rsp, rsp_org);
4522 file_infoclass_size = FILE_EA_INFORMATION_SIZE;
4525 case FILE_FULL_EA_INFORMATION:
4526 rc = smb2_get_ea(work, fp, req, rsp, rsp_org);
4527 file_infoclass_size = FILE_FULL_EA_INFORMATION_SIZE;
4530 case FILE_POSITION_INFORMATION:
4531 get_file_position_info(rsp, fp, rsp_org);
4532 file_infoclass_size = FILE_POSITION_INFORMATION_SIZE;
4535 case FILE_MODE_INFORMATION:
4536 get_file_mode_info(rsp, fp, rsp_org);
4537 file_infoclass_size = FILE_MODE_INFORMATION_SIZE;
4540 case FILE_COMPRESSION_INFORMATION:
4541 get_file_compression_info(rsp, fp, rsp_org);
4542 file_infoclass_size = FILE_COMPRESSION_INFORMATION_SIZE;
4545 case FILE_ATTRIBUTE_TAG_INFORMATION:
4546 rc = get_file_attribute_tag_info(rsp, fp, rsp_org);
4547 file_infoclass_size = FILE_ATTRIBUTE_TAG_INFORMATION_SIZE;
4549 case SMB_FIND_FILE_POSIX_INFO:
4550 if (!work->tcon->posix_extensions) {
4551 ksmbd_err("client doesn't negotiate with SMB3.1.1 POSIX Extensions\n");
4554 rc = find_file_posix_info(rsp, fp, rsp_org);
4555 file_infoclass_size = sizeof(struct smb311_posix_qinfo);
4559 ksmbd_debug(SMB, "fileinfoclass %d not supported yet\n",
4564 rc = buffer_check_err(le32_to_cpu(req->OutputBufferLength),
4566 file_infoclass_size);
4567 ksmbd_fd_put(work, fp);
4571 static int smb2_get_info_filesystem(struct ksmbd_work *work,
4572 struct smb2_query_info_req *req,
4573 struct smb2_query_info_rsp *rsp, void *rsp_org)
4575 struct ksmbd_session *sess = work->sess;
4576 struct ksmbd_conn *conn = sess->conn;
4577 struct ksmbd_share_config *share = work->tcon->share_conf;
4578 int fsinfoclass = 0;
4579 struct kstatfs stfs;
4582 int fs_infoclass_size = 0;
4584 rc = ksmbd_vfs_kern_path(share->path, LOOKUP_FOLLOW, &path, 0);
4586 ksmbd_err("cannot create vfs path\n");
4590 rc = vfs_statfs(&path, &stfs);
4592 ksmbd_err("cannot do stat of path %s\n", share->path);
4597 fsinfoclass = req->FileInfoClass;
4599 switch (fsinfoclass) {
4600 case FS_DEVICE_INFORMATION:
4602 struct filesystem_device_info *info;
4604 info = (struct filesystem_device_info *)rsp->Buffer;
4606 info->DeviceType = cpu_to_le32(stfs.f_type);
4607 info->DeviceCharacteristics = cpu_to_le32(0x00000020);
4608 rsp->OutputBufferLength = cpu_to_le32(8);
4609 inc_rfc1001_len(rsp_org, 8);
4610 fs_infoclass_size = FS_DEVICE_INFORMATION_SIZE;
4613 case FS_ATTRIBUTE_INFORMATION:
4615 struct filesystem_attribute_info *info;
4618 info = (struct filesystem_attribute_info *)rsp->Buffer;
4619 info->Attributes = cpu_to_le32(FILE_SUPPORTS_OBJECT_IDS |
4620 FILE_PERSISTENT_ACLS |
4621 FILE_UNICODE_ON_DISK |
4622 FILE_CASE_PRESERVED_NAMES |
4623 FILE_CASE_SENSITIVE_SEARCH |
4624 FILE_SUPPORTS_BLOCK_REFCOUNTING);
4626 info->Attributes |= cpu_to_le32(server_conf.share_fake_fscaps);
4628 info->MaxPathNameComponentLength = cpu_to_le32(stfs.f_namelen);
4629 len = smbConvertToUTF16((__le16 *)info->FileSystemName,
4630 "NTFS", PATH_MAX, conn->local_nls, 0);
4632 info->FileSystemNameLen = cpu_to_le32(len);
4633 sz = sizeof(struct filesystem_attribute_info) - 2 + len;
4634 rsp->OutputBufferLength = cpu_to_le32(sz);
4635 inc_rfc1001_len(rsp_org, sz);
4636 fs_infoclass_size = FS_ATTRIBUTE_INFORMATION_SIZE;
4639 case FS_VOLUME_INFORMATION:
4641 struct filesystem_vol_info *info;
4644 info = (struct filesystem_vol_info *)(rsp->Buffer);
4645 info->VolumeCreationTime = 0;
4646 /* Taking dummy value of serial number*/
4647 info->SerialNumber = cpu_to_le32(0xbc3ac512);
4648 len = smbConvertToUTF16((__le16 *)info->VolumeLabel,
4649 share->name, PATH_MAX,
4650 conn->local_nls, 0);
4652 info->VolumeLabelSize = cpu_to_le32(len);
4654 sz = sizeof(struct filesystem_vol_info) - 2 + len;
4655 rsp->OutputBufferLength = cpu_to_le32(sz);
4656 inc_rfc1001_len(rsp_org, sz);
4657 fs_infoclass_size = FS_VOLUME_INFORMATION_SIZE;
4660 case FS_SIZE_INFORMATION:
4662 struct filesystem_info *info;
4663 unsigned short logical_sector_size;
4665 info = (struct filesystem_info *)(rsp->Buffer);
4666 logical_sector_size =
4667 ksmbd_vfs_logical_sector_size(d_inode(path.dentry));
4669 info->TotalAllocationUnits = cpu_to_le64(stfs.f_blocks);
4670 info->FreeAllocationUnits = cpu_to_le64(stfs.f_bfree);
4671 info->SectorsPerAllocationUnit = cpu_to_le32(stfs.f_bsize >> 9);
4672 info->BytesPerSector = cpu_to_le32(logical_sector_size);
4673 rsp->OutputBufferLength = cpu_to_le32(24);
4674 inc_rfc1001_len(rsp_org, 24);
4675 fs_infoclass_size = FS_SIZE_INFORMATION_SIZE;
4678 case FS_FULL_SIZE_INFORMATION:
4680 struct smb2_fs_full_size_info *info;
4681 unsigned short logical_sector_size;
4683 info = (struct smb2_fs_full_size_info *)(rsp->Buffer);
4684 logical_sector_size =
4685 ksmbd_vfs_logical_sector_size(d_inode(path.dentry));
4687 info->TotalAllocationUnits = cpu_to_le64(stfs.f_blocks);
4688 info->CallerAvailableAllocationUnits =
4689 cpu_to_le64(stfs.f_bavail);
4690 info->ActualAvailableAllocationUnits =
4691 cpu_to_le64(stfs.f_bfree);
4692 info->SectorsPerAllocationUnit = cpu_to_le32(stfs.f_bsize >> 9);
4693 info->BytesPerSector = cpu_to_le32(logical_sector_size);
4694 rsp->OutputBufferLength = cpu_to_le32(32);
4695 inc_rfc1001_len(rsp_org, 32);
4696 fs_infoclass_size = FS_FULL_SIZE_INFORMATION_SIZE;
4699 case FS_OBJECT_ID_INFORMATION:
4701 struct object_id_info *info;
4703 info = (struct object_id_info *)(rsp->Buffer);
4705 if (!user_guest(sess->user))
4706 memcpy(info->objid, user_passkey(sess->user), 16);
4708 memset(info->objid, 0, 16);
4710 info->extended_info.magic = cpu_to_le32(EXTENDED_INFO_MAGIC);
4711 info->extended_info.version = cpu_to_le32(1);
4712 info->extended_info.release = cpu_to_le32(1);
4713 info->extended_info.rel_date = 0;
4714 memcpy(info->extended_info.version_string, "1.1.0", strlen("1.1.0"));
4715 rsp->OutputBufferLength = cpu_to_le32(64);
4716 inc_rfc1001_len(rsp_org, 64);
4717 fs_infoclass_size = FS_OBJECT_ID_INFORMATION_SIZE;
4720 case FS_SECTOR_SIZE_INFORMATION:
4722 struct smb3_fs_ss_info *info;
4723 struct ksmbd_fs_sector_size fs_ss;
4725 info = (struct smb3_fs_ss_info *)(rsp->Buffer);
4726 ksmbd_vfs_smb2_sector_size(d_inode(path.dentry), &fs_ss);
4728 info->LogicalBytesPerSector =
4729 cpu_to_le32(fs_ss.logical_sector_size);
4730 info->PhysicalBytesPerSectorForAtomicity =
4731 cpu_to_le32(fs_ss.physical_sector_size);
4732 info->PhysicalBytesPerSectorForPerf =
4733 cpu_to_le32(fs_ss.optimal_io_size);
4734 info->FSEffPhysicalBytesPerSectorForAtomicity =
4735 cpu_to_le32(fs_ss.optimal_io_size);
4736 info->Flags = cpu_to_le32(SSINFO_FLAGS_ALIGNED_DEVICE |
4737 SSINFO_FLAGS_PARTITION_ALIGNED_ON_DEVICE);
4738 info->ByteOffsetForSectorAlignment = 0;
4739 info->ByteOffsetForPartitionAlignment = 0;
4740 rsp->OutputBufferLength = cpu_to_le32(28);
4741 inc_rfc1001_len(rsp_org, 28);
4742 fs_infoclass_size = FS_SECTOR_SIZE_INFORMATION_SIZE;
4745 case FS_CONTROL_INFORMATION:
4748 * TODO : The current implementation is based on
4749 * test result with win7(NTFS) server. It's need to
4750 * modify this to get valid Quota values
4753 struct smb2_fs_control_info *info;
4755 info = (struct smb2_fs_control_info *)(rsp->Buffer);
4756 info->FreeSpaceStartFiltering = 0;
4757 info->FreeSpaceThreshold = 0;
4758 info->FreeSpaceStopFiltering = 0;
4759 info->DefaultQuotaThreshold = cpu_to_le64(SMB2_NO_FID);
4760 info->DefaultQuotaLimit = cpu_to_le64(SMB2_NO_FID);
4762 rsp->OutputBufferLength = cpu_to_le32(48);
4763 inc_rfc1001_len(rsp_org, 48);
4764 fs_infoclass_size = FS_CONTROL_INFORMATION_SIZE;
4767 case FS_POSIX_INFORMATION:
4769 struct filesystem_posix_info *info;
4770 unsigned short logical_sector_size;
4772 if (!work->tcon->posix_extensions) {
4773 ksmbd_err("client doesn't negotiate with SMB3.1.1 POSIX Extensions\n");
4776 info = (struct filesystem_posix_info *)(rsp->Buffer);
4777 logical_sector_size =
4778 ksmbd_vfs_logical_sector_size(d_inode(path.dentry));
4779 info->OptimalTransferSize = cpu_to_le32(logical_sector_size);
4780 info->BlockSize = cpu_to_le32(stfs.f_bsize);
4781 info->TotalBlocks = cpu_to_le64(stfs.f_blocks);
4782 info->BlocksAvail = cpu_to_le64(stfs.f_bfree);
4783 info->UserBlocksAvail = cpu_to_le64(stfs.f_bavail);
4784 info->TotalFileNodes = cpu_to_le64(stfs.f_files);
4785 info->FreeFileNodes = cpu_to_le64(stfs.f_ffree);
4786 rsp->OutputBufferLength = cpu_to_le32(56);
4787 inc_rfc1001_len(rsp_org, 56);
4788 fs_infoclass_size = FS_POSIX_INFORMATION_SIZE;
4796 rc = buffer_check_err(le32_to_cpu(req->OutputBufferLength),
4803 static int smb2_get_info_sec(struct ksmbd_work *work,
4804 struct smb2_query_info_req *req,
4805 struct smb2_query_info_rsp *rsp, void *rsp_org)
4807 struct ksmbd_file *fp;
4808 struct smb_ntsd *pntsd = (struct smb_ntsd *)rsp->Buffer, *ppntsd = NULL;
4809 struct smb_fattr fattr = {{0}};
4810 struct inode *inode;
4812 unsigned int id = KSMBD_NO_FID, pid = KSMBD_NO_FID;
4813 int addition_info = le32_to_cpu(req->AdditionalInformation);
4816 if (addition_info & ~(OWNER_SECINFO | GROUP_SECINFO | DACL_SECINFO)) {
4817 ksmbd_debug(SMB, "Unsupported addition info: 0x%x)\n",
4820 pntsd->revision = cpu_to_le16(1);
4821 pntsd->type = cpu_to_le16(SELF_RELATIVE | DACL_PROTECTED);
4822 pntsd->osidoffset = 0;
4823 pntsd->gsidoffset = 0;
4824 pntsd->sacloffset = 0;
4825 pntsd->dacloffset = 0;
4827 secdesclen = sizeof(struct smb_ntsd);
4828 rsp->OutputBufferLength = cpu_to_le32(secdesclen);
4829 inc_rfc1001_len(rsp_org, secdesclen);
4834 if (work->next_smb2_rcv_hdr_off) {
4835 if (!HAS_FILE_ID(le64_to_cpu(req->VolatileFileId))) {
4836 ksmbd_debug(SMB, "Compound request set FID = %u\n",
4837 work->compound_fid);
4838 id = work->compound_fid;
4839 pid = work->compound_pfid;
4843 if (!HAS_FILE_ID(id)) {
4844 id = le64_to_cpu(req->VolatileFileId);
4845 pid = le64_to_cpu(req->PersistentFileId);
4848 fp = ksmbd_lookup_fd_slow(work, id, pid);
4852 inode = FP_INODE(fp);
4853 ksmbd_acls_fattr(&fattr, inode);
4855 if (test_share_config_flag(work->tcon->share_conf,
4856 KSMBD_SHARE_FLAG_ACL_XATTR))
4857 ksmbd_vfs_get_sd_xattr(work->conn, fp->filp->f_path.dentry, &ppntsd);
4859 rc = build_sec_desc(pntsd, ppntsd, addition_info, &secdesclen, &fattr);
4860 posix_acl_release(fattr.cf_acls);
4861 posix_acl_release(fattr.cf_dacls);
4863 ksmbd_fd_put(work, fp);
4867 rsp->OutputBufferLength = cpu_to_le32(secdesclen);
4868 inc_rfc1001_len(rsp_org, secdesclen);
4873 * smb2_query_info() - handler for smb2 query info command
4874 * @work: smb work containing query info request buffer
4876 * Return: 0 on success, otherwise error
4878 int smb2_query_info(struct ksmbd_work *work)
4880 struct smb2_query_info_req *req;
4881 struct smb2_query_info_rsp *rsp, *rsp_org;
4884 rsp_org = work->response_buf;
4885 WORK_BUFFERS(work, req, rsp);
4887 ksmbd_debug(SMB, "GOT query info request\n");
4889 switch (req->InfoType) {
4890 case SMB2_O_INFO_FILE:
4891 ksmbd_debug(SMB, "GOT SMB2_O_INFO_FILE\n");
4892 rc = smb2_get_info_file(work, req, rsp, (void *)rsp_org);
4894 case SMB2_O_INFO_FILESYSTEM:
4895 ksmbd_debug(SMB, "GOT SMB2_O_INFO_FILESYSTEM\n");
4896 rc = smb2_get_info_filesystem(work, req, rsp, (void *)rsp_org);
4898 case SMB2_O_INFO_SECURITY:
4899 ksmbd_debug(SMB, "GOT SMB2_O_INFO_SECURITY\n");
4900 rc = smb2_get_info_sec(work, req, rsp, (void *)rsp_org);
4903 ksmbd_debug(SMB, "InfoType %d not supported yet\n",
4910 rsp->hdr.Status = STATUS_ACCESS_DENIED;
4911 else if (rc == -ENOENT)
4912 rsp->hdr.Status = STATUS_FILE_CLOSED;
4913 else if (rc == -EIO)
4914 rsp->hdr.Status = STATUS_UNEXPECTED_IO_ERROR;
4915 else if (rc == -EOPNOTSUPP || rsp->hdr.Status == 0)
4916 rsp->hdr.Status = STATUS_INVALID_INFO_CLASS;
4917 smb2_set_err_rsp(work);
4919 ksmbd_debug(SMB, "error while processing smb2 query rc = %d\n",
4923 rsp->StructureSize = cpu_to_le16(9);
4924 rsp->OutputBufferOffset = cpu_to_le16(72);
4925 inc_rfc1001_len(rsp_org, 8);
4930 * smb2_close_pipe() - handler for closing IPC pipe
4931 * @work: smb work containing close request buffer
4935 static noinline int smb2_close_pipe(struct ksmbd_work *work)
4938 struct smb2_close_req *req = work->request_buf;
4939 struct smb2_close_rsp *rsp = work->response_buf;
4941 id = le64_to_cpu(req->VolatileFileId);
4942 ksmbd_session_rpc_close(work->sess, id);
4944 rsp->StructureSize = cpu_to_le16(60);
4947 rsp->CreationTime = 0;
4948 rsp->LastAccessTime = 0;
4949 rsp->LastWriteTime = 0;
4950 rsp->ChangeTime = 0;
4951 rsp->AllocationSize = 0;
4953 rsp->Attributes = 0;
4954 inc_rfc1001_len(rsp, 60);
4959 * smb2_close() - handler for smb2 close file command
4960 * @work: smb work containing close request buffer
4964 int smb2_close(struct ksmbd_work *work)
4966 unsigned int volatile_id = KSMBD_NO_FID;
4968 struct smb2_close_req *req;
4969 struct smb2_close_rsp *rsp;
4970 struct smb2_close_rsp *rsp_org;
4971 struct ksmbd_conn *conn = work->conn;
4972 struct ksmbd_file *fp;
4973 struct inode *inode;
4977 rsp_org = work->response_buf;
4978 WORK_BUFFERS(work, req, rsp);
4980 if (test_share_config_flag(work->tcon->share_conf,
4981 KSMBD_SHARE_FLAG_PIPE)) {
4982 ksmbd_debug(SMB, "IPC pipe close request\n");
4983 return smb2_close_pipe(work);
4986 sess_id = le64_to_cpu(req->hdr.SessionId);
4987 if (req->hdr.Flags & SMB2_FLAGS_RELATED_OPERATIONS)
4988 sess_id = work->compound_sid;
4990 work->compound_sid = 0;
4991 if (check_session_id(conn, sess_id)) {
4992 work->compound_sid = sess_id;
4994 rsp->hdr.Status = STATUS_USER_SESSION_DELETED;
4995 if (req->hdr.Flags & SMB2_FLAGS_RELATED_OPERATIONS)
4996 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
5001 if (work->next_smb2_rcv_hdr_off &&
5002 !HAS_FILE_ID(le64_to_cpu(req->VolatileFileId))) {
5003 if (!HAS_FILE_ID(work->compound_fid)) {
5004 /* file already closed, return FILE_CLOSED */
5005 ksmbd_debug(SMB, "file already closed\n");
5006 rsp->hdr.Status = STATUS_FILE_CLOSED;
5010 ksmbd_debug(SMB, "Compound request set FID = %u:%u\n",
5012 work->compound_pfid);
5013 volatile_id = work->compound_fid;
5015 /* file closed, stored id is not valid anymore */
5016 work->compound_fid = KSMBD_NO_FID;
5017 work->compound_pfid = KSMBD_NO_FID;
5020 volatile_id = le64_to_cpu(req->VolatileFileId);
5022 ksmbd_debug(SMB, "volatile_id = %u\n", volatile_id);
5024 rsp->StructureSize = cpu_to_le16(60);
5027 if (req->Flags == SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB) {
5028 fp = ksmbd_lookup_fd_fast(work, volatile_id);
5034 inode = FP_INODE(fp);
5035 rsp->Flags = SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB;
5036 rsp->AllocationSize = S_ISDIR(inode->i_mode) ? 0 :
5037 cpu_to_le64(inode->i_blocks << 9);
5038 rsp->EndOfFile = cpu_to_le64(inode->i_size);
5039 rsp->Attributes = fp->f_ci->m_fattr;
5040 rsp->CreationTime = cpu_to_le64(fp->create_time);
5041 time = ksmbd_UnixTimeToNT(inode->i_atime);
5042 rsp->LastAccessTime = cpu_to_le64(time);
5043 time = ksmbd_UnixTimeToNT(inode->i_mtime);
5044 rsp->LastWriteTime = cpu_to_le64(time);
5045 time = ksmbd_UnixTimeToNT(inode->i_ctime);
5046 rsp->ChangeTime = cpu_to_le64(time);
5047 ksmbd_fd_put(work, fp);
5050 rsp->AllocationSize = 0;
5052 rsp->Attributes = 0;
5053 rsp->CreationTime = 0;
5054 rsp->LastAccessTime = 0;
5055 rsp->LastWriteTime = 0;
5056 rsp->ChangeTime = 0;
5059 err = ksmbd_close_fd(work, volatile_id);
5062 if (rsp->hdr.Status == 0)
5063 rsp->hdr.Status = STATUS_FILE_CLOSED;
5064 smb2_set_err_rsp(work);
5066 inc_rfc1001_len(rsp_org, 60);
5073 * smb2_echo() - handler for smb2 echo(ping) command
5074 * @work: smb work containing echo request buffer
5078 int smb2_echo(struct ksmbd_work *work)
5080 struct smb2_echo_rsp *rsp = work->response_buf;
5082 rsp->StructureSize = cpu_to_le16(4);
5084 inc_rfc1001_len(rsp, 4);
5088 static int smb2_rename(struct ksmbd_work *work, struct ksmbd_file *fp,
5089 struct smb2_file_rename_info *file_info,
5090 struct nls_table *local_nls)
5092 struct ksmbd_share_config *share = fp->tcon->share_conf;
5093 char *new_name = NULL, *abs_oldname = NULL, *old_name = NULL;
5094 char *pathname = NULL;
5096 bool file_present = true;
5099 ksmbd_debug(SMB, "setting FILE_RENAME_INFO\n");
5100 pathname = kmalloc(PATH_MAX, GFP_KERNEL);
5104 abs_oldname = d_path(&fp->filp->f_path, pathname, PATH_MAX);
5105 if (IS_ERR(abs_oldname)) {
5109 old_name = strrchr(abs_oldname, '/');
5110 if (old_name && old_name[1] != '\0') {
5113 ksmbd_debug(SMB, "can't get last component in path %s\n",
5119 new_name = smb2_get_name(share,
5120 file_info->FileName,
5121 le32_to_cpu(file_info->FileNameLength),
5123 if (IS_ERR(new_name)) {
5124 rc = PTR_ERR(new_name);
5128 if (strchr(new_name, ':')) {
5130 char *xattr_stream_name, *stream_name = NULL;
5131 size_t xattr_stream_size;
5134 rc = parse_stream_name(new_name, &stream_name, &s_type);
5138 len = strlen(new_name);
5139 if (new_name[len - 1] != '/') {
5140 ksmbd_err("not allow base filename in rename\n");
5145 rc = ksmbd_vfs_xattr_stream_name(stream_name,
5152 rc = ksmbd_vfs_setxattr(fp->filp->f_path.dentry,
5156 ksmbd_err("failed to store stream name in xattr: %d\n",
5165 ksmbd_debug(SMB, "new name %s\n", new_name);
5166 rc = ksmbd_vfs_kern_path(new_name, 0, &path, 1);
5168 file_present = false;
5172 if (ksmbd_share_veto_filename(share, new_name)) {
5174 ksmbd_debug(SMB, "Can't rename vetoed file: %s\n", new_name);
5178 if (file_info->ReplaceIfExists) {
5180 rc = ksmbd_vfs_remove_file(work, new_name);
5182 if (rc != -ENOTEMPTY)
5184 ksmbd_debug(SMB, "cannot delete %s, rc %d\n",
5191 strncmp(old_name, path.dentry->d_name.name, strlen(old_name))) {
5194 "cannot rename already existing file\n");
5199 rc = ksmbd_vfs_fp_rename(work, fp, new_name);
5202 if (!IS_ERR(new_name))
5207 static int smb2_create_link(struct ksmbd_work *work,
5208 struct ksmbd_share_config *share,
5209 struct smb2_file_link_info *file_info, struct file *filp,
5210 struct nls_table *local_nls)
5212 char *link_name = NULL, *target_name = NULL, *pathname = NULL;
5214 bool file_present = true;
5217 ksmbd_debug(SMB, "setting FILE_LINK_INFORMATION\n");
5218 pathname = kmalloc(PATH_MAX, GFP_KERNEL);
5222 link_name = smb2_get_name(share,
5223 file_info->FileName,
5224 le32_to_cpu(file_info->FileNameLength),
5226 if (IS_ERR(link_name) || S_ISDIR(file_inode(filp)->i_mode)) {
5231 ksmbd_debug(SMB, "link name is %s\n", link_name);
5232 target_name = d_path(&filp->f_path, pathname, PATH_MAX);
5233 if (IS_ERR(target_name)) {
5238 ksmbd_debug(SMB, "target name is %s\n", target_name);
5239 rc = ksmbd_vfs_kern_path(link_name, 0, &path, 0);
5241 file_present = false;
5245 if (file_info->ReplaceIfExists) {
5247 rc = ksmbd_vfs_remove_file(work, link_name);
5250 ksmbd_debug(SMB, "cannot delete %s\n",
5258 ksmbd_debug(SMB, "link already exists\n");
5263 rc = ksmbd_vfs_link(work, target_name, link_name);
5267 if (!IS_ERR(link_name))
5273 static int set_file_basic_info(struct ksmbd_file *fp, char *buf,
5274 struct ksmbd_share_config *share)
5276 struct smb2_file_all_info *file_info;
5278 struct iattr temp_attrs;
5280 struct inode *inode;
5283 if (!(fp->daccess & FILE_WRITE_ATTRIBUTES_LE))
5286 file_info = (struct smb2_file_all_info *)buf;
5289 inode = file_inode(filp);
5291 if (file_info->CreationTime)
5292 fp->create_time = le64_to_cpu(file_info->CreationTime);
5294 if (file_info->LastAccessTime) {
5295 attrs.ia_atime = ksmbd_NTtimeToUnix(file_info->LastAccessTime);
5296 attrs.ia_valid |= (ATTR_ATIME | ATTR_ATIME_SET);
5299 if (file_info->ChangeTime) {
5300 temp_attrs.ia_ctime = ksmbd_NTtimeToUnix(file_info->ChangeTime);
5301 attrs.ia_ctime = temp_attrs.ia_ctime;
5302 attrs.ia_valid |= ATTR_CTIME;
5304 temp_attrs.ia_ctime = inode->i_ctime;
5307 if (file_info->LastWriteTime) {
5308 attrs.ia_mtime = ksmbd_NTtimeToUnix(file_info->LastWriteTime);
5309 attrs.ia_valid |= (ATTR_MTIME | ATTR_MTIME_SET);
5312 if (file_info->Attributes) {
5313 if (!S_ISDIR(inode->i_mode) &&
5314 file_info->Attributes & ATTR_DIRECTORY_LE) {
5315 ksmbd_err("can't change a file to a directory\n");
5319 if (!(S_ISDIR(inode->i_mode) && file_info->Attributes == ATTR_NORMAL_LE))
5320 fp->f_ci->m_fattr = file_info->Attributes |
5321 (fp->f_ci->m_fattr & ATTR_DIRECTORY_LE);
5324 if (test_share_config_flag(share, KSMBD_SHARE_FLAG_STORE_DOS_ATTRS) &&
5325 (file_info->CreationTime || file_info->Attributes)) {
5326 struct xattr_dos_attrib da = {0};
5329 da.itime = fp->itime;
5330 da.create_time = fp->create_time;
5331 da.attr = le32_to_cpu(fp->f_ci->m_fattr);
5332 da.flags = XATTR_DOSINFO_ATTRIB | XATTR_DOSINFO_CREATE_TIME |
5333 XATTR_DOSINFO_ITIME;
5335 rc = ksmbd_vfs_set_dos_attrib_xattr(filp->f_path.dentry, &da);
5338 "failed to restore file attribute in EA\n");
5343 * HACK : set ctime here to avoid ctime changed
5344 * when file_info->ChangeTime is zero.
5346 attrs.ia_ctime = temp_attrs.ia_ctime;
5347 attrs.ia_valid |= ATTR_CTIME;
5349 if (attrs.ia_valid) {
5350 struct dentry *dentry = filp->f_path.dentry;
5351 struct inode *inode = d_inode(dentry);
5353 if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
5356 rc = setattr_prepare(&init_user_ns, dentry, &attrs);
5361 setattr_copy(&init_user_ns, inode, &attrs);
5362 attrs.ia_valid &= ~ATTR_CTIME;
5363 rc = notify_change(&init_user_ns, dentry, &attrs, NULL);
5364 inode_unlock(inode);
5369 static int set_file_allocation_info(struct ksmbd_work *work,
5370 struct ksmbd_file *fp, char *buf)
5373 * TODO : It's working fine only when store dos attributes
5374 * is not yes. need to implement a logic which works
5375 * properly with any smb.conf option
5378 struct smb2_file_alloc_info *file_alloc_info;
5380 struct inode *inode;
5383 if (!(fp->daccess & FILE_WRITE_DATA_LE))
5386 file_alloc_info = (struct smb2_file_alloc_info *)buf;
5387 alloc_blks = (le64_to_cpu(file_alloc_info->AllocationSize) + 511) >> 9;
5388 inode = file_inode(fp->filp);
5390 if (alloc_blks > inode->i_blocks) {
5391 rc = ksmbd_vfs_alloc_size(work, fp, alloc_blks * 512);
5392 if (rc && rc != -EOPNOTSUPP) {
5393 ksmbd_err("ksmbd_vfs_alloc_size is failed : %d\n", rc);
5396 } else if (alloc_blks < inode->i_blocks) {
5400 * Allocation size could be smaller than original one
5401 * which means allocated blocks in file should be
5402 * deallocated. use truncate to cut out it, but inode
5403 * size is also updated with truncate offset.
5404 * inode size is retained by backup inode size.
5406 size = i_size_read(inode);
5407 rc = ksmbd_vfs_truncate(work, NULL, fp, alloc_blks * 512);
5409 ksmbd_err("truncate failed! filename : %s, err %d\n",
5413 if (size < alloc_blks * 512)
5414 i_size_write(inode, size);
5419 static int set_end_of_file_info(struct ksmbd_work *work, struct ksmbd_file *fp,
5422 struct smb2_file_eof_info *file_eof_info;
5424 struct inode *inode;
5427 if (!(fp->daccess & FILE_WRITE_DATA_LE))
5430 file_eof_info = (struct smb2_file_eof_info *)buf;
5431 newsize = le64_to_cpu(file_eof_info->EndOfFile);
5432 inode = file_inode(fp->filp);
5435 * If FILE_END_OF_FILE_INFORMATION of set_info_file is called
5436 * on FAT32 shared device, truncate execution time is too long
5437 * and network error could cause from windows client. because
5438 * truncate of some filesystem like FAT32 fill zero data in
5441 if (inode->i_sb->s_magic != MSDOS_SUPER_MAGIC) {
5442 ksmbd_debug(SMB, "filename : %s truncated to newsize %lld\n",
5443 fp->filename, newsize);
5444 rc = ksmbd_vfs_truncate(work, NULL, fp, newsize);
5446 ksmbd_debug(SMB, "truncate failed! filename : %s err %d\n",
5456 static int set_rename_info(struct ksmbd_work *work, struct ksmbd_file *fp,
5459 struct ksmbd_file *parent_fp;
5461 if (!(fp->daccess & FILE_DELETE_LE)) {
5462 ksmbd_err("no right to delete : 0x%x\n", fp->daccess);
5466 if (ksmbd_stream_fd(fp))
5469 parent_fp = ksmbd_lookup_fd_inode(PARENT_INODE(fp));
5471 if (parent_fp->daccess & FILE_DELETE_LE) {
5472 ksmbd_err("parent dir is opened with delete access\n");
5477 return smb2_rename(work, fp,
5478 (struct smb2_file_rename_info *)buf,
5479 work->sess->conn->local_nls);
5482 static int set_file_disposition_info(struct ksmbd_file *fp, char *buf)
5484 struct smb2_file_disposition_info *file_info;
5485 struct inode *inode;
5487 if (!(fp->daccess & FILE_DELETE_LE)) {
5488 ksmbd_err("no right to delete : 0x%x\n", fp->daccess);
5492 inode = file_inode(fp->filp);
5493 file_info = (struct smb2_file_disposition_info *)buf;
5494 if (file_info->DeletePending) {
5495 if (S_ISDIR(inode->i_mode) &&
5496 ksmbd_vfs_empty_dir(fp) == -ENOTEMPTY)
5498 ksmbd_set_inode_pending_delete(fp);
5500 ksmbd_clear_inode_pending_delete(fp);
5505 static int set_file_position_info(struct ksmbd_file *fp, char *buf)
5507 struct smb2_file_pos_info *file_info;
5508 loff_t current_byte_offset;
5509 unsigned short sector_size;
5510 struct inode *inode;
5512 inode = file_inode(fp->filp);
5513 file_info = (struct smb2_file_pos_info *)buf;
5514 current_byte_offset = le64_to_cpu(file_info->CurrentByteOffset);
5515 sector_size = ksmbd_vfs_logical_sector_size(inode);
5517 if (current_byte_offset < 0 ||
5518 (fp->coption == FILE_NO_INTERMEDIATE_BUFFERING_LE &&
5519 current_byte_offset & (sector_size - 1))) {
5520 ksmbd_err("CurrentByteOffset is not valid : %llu\n",
5521 current_byte_offset);
5525 fp->filp->f_pos = current_byte_offset;
5529 static int set_file_mode_info(struct ksmbd_file *fp, char *buf)
5531 struct smb2_file_mode_info *file_info;
5534 file_info = (struct smb2_file_mode_info *)buf;
5535 mode = file_info->Mode;
5537 if ((mode & ~FILE_MODE_INFO_MASK) ||
5538 (mode & FILE_SYNCHRONOUS_IO_ALERT_LE &&
5539 mode & FILE_SYNCHRONOUS_IO_NONALERT_LE)) {
5540 ksmbd_err("Mode is not valid : 0x%x\n", le32_to_cpu(mode));
5545 * TODO : need to implement consideration for
5546 * FILE_SYNCHRONOUS_IO_ALERT and FILE_SYNCHRONOUS_IO_NONALERT
5548 ksmbd_vfs_set_fadvise(fp->filp, mode);
5554 * smb2_set_info_file() - handler for smb2 set info command
5555 * @work: smb work containing set info command buffer
5556 * @fp: ksmbd_file pointer
5557 * @info_class: smb2 set info class
5558 * @share: ksmbd_share_config pointer
5560 * Return: 0 on success, otherwise error
5561 * TODO: need to implement an error handling for STATUS_INFO_LENGTH_MISMATCH
5563 static int smb2_set_info_file(struct ksmbd_work *work, struct ksmbd_file *fp,
5564 int info_class, char *buf, struct ksmbd_share_config *share)
5566 switch (info_class) {
5567 case FILE_BASIC_INFORMATION:
5568 return set_file_basic_info(fp, buf, share);
5570 case FILE_ALLOCATION_INFORMATION:
5571 return set_file_allocation_info(work, fp, buf);
5573 case FILE_END_OF_FILE_INFORMATION:
5574 return set_end_of_file_info(work, fp, buf);
5576 case FILE_RENAME_INFORMATION:
5577 if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) {
5579 "User does not have write permission\n");
5582 return set_rename_info(work, fp, buf);
5584 case FILE_LINK_INFORMATION:
5585 return smb2_create_link(work, work->tcon->share_conf,
5586 (struct smb2_file_link_info *)buf, fp->filp,
5587 work->sess->conn->local_nls);
5589 case FILE_DISPOSITION_INFORMATION:
5590 if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) {
5592 "User does not have write permission\n");
5595 return set_file_disposition_info(fp, buf);
5597 case FILE_FULL_EA_INFORMATION:
5599 if (!(fp->daccess & FILE_WRITE_EA_LE)) {
5600 ksmbd_err("Not permitted to write ext attr: 0x%x\n",
5605 return smb2_set_ea((struct smb2_ea_info *)buf,
5609 case FILE_POSITION_INFORMATION:
5610 return set_file_position_info(fp, buf);
5612 case FILE_MODE_INFORMATION:
5613 return set_file_mode_info(fp, buf);
5616 ksmbd_err("Unimplemented Fileinfoclass :%d\n", info_class);
5620 static int smb2_set_info_sec(struct ksmbd_file *fp, int addition_info,
5621 char *buffer, int buf_len)
5623 struct smb_ntsd *pntsd = (struct smb_ntsd *)buffer;
5625 fp->saccess |= FILE_SHARE_DELETE_LE;
5627 return set_info_sec(fp->conn, fp->tcon, fp->filp->f_path.dentry, pntsd,
5632 * smb2_set_info() - handler for smb2 set info command handler
5633 * @work: smb work containing set info request buffer
5635 * Return: 0 on success, otherwise error
5637 int smb2_set_info(struct ksmbd_work *work)
5639 struct smb2_set_info_req *req;
5640 struct smb2_set_info_rsp *rsp, *rsp_org;
5641 struct ksmbd_file *fp;
5643 unsigned int id = KSMBD_NO_FID, pid = KSMBD_NO_FID;
5645 ksmbd_debug(SMB, "Received set info request\n");
5647 rsp_org = work->response_buf;
5648 if (work->next_smb2_rcv_hdr_off) {
5649 req = REQUEST_BUF_NEXT(work);
5650 rsp = RESPONSE_BUF_NEXT(work);
5651 if (!HAS_FILE_ID(le64_to_cpu(req->VolatileFileId))) {
5652 ksmbd_debug(SMB, "Compound request set FID = %u\n",
5653 work->compound_fid);
5654 id = work->compound_fid;
5655 pid = work->compound_pfid;
5658 req = work->request_buf;
5659 rsp = work->response_buf;
5662 if (!HAS_FILE_ID(id)) {
5663 id = le64_to_cpu(req->VolatileFileId);
5664 pid = le64_to_cpu(req->PersistentFileId);
5667 fp = ksmbd_lookup_fd_slow(work, id, pid);
5669 ksmbd_debug(SMB, "Invalid id for close: %u\n", id);
5674 switch (req->InfoType) {
5675 case SMB2_O_INFO_FILE:
5676 ksmbd_debug(SMB, "GOT SMB2_O_INFO_FILE\n");
5677 rc = smb2_set_info_file(work, fp, req->FileInfoClass,
5678 req->Buffer, work->tcon->share_conf);
5680 case SMB2_O_INFO_SECURITY:
5681 ksmbd_debug(SMB, "GOT SMB2_O_INFO_SECURITY\n");
5682 rc = smb2_set_info_sec(fp,
5683 le32_to_cpu(req->AdditionalInformation), req->Buffer,
5684 le32_to_cpu(req->BufferLength));
5693 rsp->StructureSize = cpu_to_le16(2);
5694 inc_rfc1001_len(rsp_org, 2);
5695 ksmbd_fd_put(work, fp);
5699 if (rc == -EACCES || rc == -EPERM)
5700 rsp->hdr.Status = STATUS_ACCESS_DENIED;
5701 else if (rc == -EINVAL)
5702 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
5703 else if (rc == -ESHARE)
5704 rsp->hdr.Status = STATUS_SHARING_VIOLATION;
5705 else if (rc == -ENOENT)
5706 rsp->hdr.Status = STATUS_OBJECT_NAME_INVALID;
5707 else if (rc == -EBUSY || rc == -ENOTEMPTY)
5708 rsp->hdr.Status = STATUS_DIRECTORY_NOT_EMPTY;
5709 else if (rc == -EAGAIN)
5710 rsp->hdr.Status = STATUS_FILE_LOCK_CONFLICT;
5711 else if (rc == -EBADF || rc == -ESTALE)
5712 rsp->hdr.Status = STATUS_INVALID_HANDLE;
5713 else if (rc == -EEXIST)
5714 rsp->hdr.Status = STATUS_OBJECT_NAME_COLLISION;
5715 else if (rsp->hdr.Status == 0 || rc == -EOPNOTSUPP)
5716 rsp->hdr.Status = STATUS_INVALID_INFO_CLASS;
5717 smb2_set_err_rsp(work);
5718 ksmbd_fd_put(work, fp);
5719 ksmbd_debug(SMB, "error while processing smb2 query rc = %d\n",
5725 * smb2_read_pipe() - handler for smb2 read from IPC pipe
5726 * @work: smb work containing read IPC pipe command buffer
5728 * Return: 0 on success, otherwise error
5730 static noinline int smb2_read_pipe(struct ksmbd_work *work)
5732 int nbytes = 0, err;
5734 struct ksmbd_rpc_command *rpc_resp;
5735 struct smb2_read_req *req = work->request_buf;
5736 struct smb2_read_rsp *rsp = work->response_buf;
5738 id = le64_to_cpu(req->VolatileFileId);
5740 inc_rfc1001_len(rsp, 16);
5741 rpc_resp = ksmbd_rpc_read(work->sess, id);
5743 if (rpc_resp->flags != KSMBD_RPC_OK) {
5748 work->aux_payload_buf =
5749 kvmalloc(rpc_resp->payload_sz, GFP_KERNEL | __GFP_ZERO);
5750 if (!work->aux_payload_buf) {
5755 memcpy(work->aux_payload_buf, rpc_resp->payload,
5756 rpc_resp->payload_sz);
5758 nbytes = rpc_resp->payload_sz;
5759 work->resp_hdr_sz = get_rfc1002_len(rsp) + 4;
5760 work->aux_payload_sz = nbytes;
5764 rsp->StructureSize = cpu_to_le16(17);
5765 rsp->DataOffset = 80;
5767 rsp->DataLength = cpu_to_le32(nbytes);
5768 rsp->DataRemaining = 0;
5770 inc_rfc1001_len(rsp, nbytes);
5774 rsp->hdr.Status = STATUS_UNEXPECTED_IO_ERROR;
5775 smb2_set_err_rsp(work);
5780 static ssize_t smb2_read_rdma_channel(struct ksmbd_work *work,
5781 struct smb2_read_req *req, void *data_buf, size_t length)
5783 struct smb2_buffer_desc_v1 *desc =
5784 (struct smb2_buffer_desc_v1 *)&req->Buffer[0];
5787 if (work->conn->dialect == SMB30_PROT_ID &&
5788 req->Channel != SMB2_CHANNEL_RDMA_V1)
5791 if (req->ReadChannelInfoOffset == 0 ||
5792 le16_to_cpu(req->ReadChannelInfoLength) < sizeof(*desc))
5795 work->need_invalidate_rkey =
5796 (req->Channel == SMB2_CHANNEL_RDMA_V1_INVALIDATE);
5797 work->remote_key = le32_to_cpu(desc->token);
5799 err = ksmbd_conn_rdma_write(work->conn, data_buf, length,
5800 le32_to_cpu(desc->token), le64_to_cpu(desc->offset),
5801 le32_to_cpu(desc->length));
5809 * smb2_read() - handler for smb2 read from file
5810 * @work: smb work containing read command buffer
5812 * Return: 0 on success, otherwise error
5814 int smb2_read(struct ksmbd_work *work)
5816 struct ksmbd_conn *conn = work->conn;
5817 struct smb2_read_req *req;
5818 struct smb2_read_rsp *rsp, *rsp_org;
5819 struct ksmbd_file *fp;
5821 size_t length, mincount;
5822 ssize_t nbytes = 0, remain_bytes = 0;
5825 rsp_org = work->response_buf;
5826 WORK_BUFFERS(work, req, rsp);
5828 if (test_share_config_flag(work->tcon->share_conf,
5829 KSMBD_SHARE_FLAG_PIPE)) {
5830 ksmbd_debug(SMB, "IPC pipe read request\n");
5831 return smb2_read_pipe(work);
5834 fp = ksmbd_lookup_fd_slow(work,
5835 le64_to_cpu(req->VolatileFileId),
5836 le64_to_cpu(req->PersistentFileId));
5842 if (!(fp->daccess & (FILE_READ_DATA_LE | FILE_READ_ATTRIBUTES_LE))) {
5843 ksmbd_err("Not permitted to read : 0x%x\n", fp->daccess);
5848 offset = le64_to_cpu(req->Offset);
5849 length = le32_to_cpu(req->Length);
5850 mincount = le32_to_cpu(req->MinimumCount);
5852 if (length > conn->vals->max_read_size) {
5853 ksmbd_debug(SMB, "limiting read size to max size(%u)\n",
5854 conn->vals->max_read_size);
5859 ksmbd_debug(SMB, "filename %s, offset %lld, len %zu\n", FP_FILENAME(fp),
5862 if (server_conf.flags & KSMBD_GLOBAL_FLAG_CACHE_RBUF) {
5863 work->aux_payload_buf =
5864 ksmbd_find_buffer(conn->vals->max_read_size);
5865 work->set_read_buf = true;
5867 work->aux_payload_buf = kvmalloc(length, GFP_KERNEL | __GFP_ZERO);
5869 if (!work->aux_payload_buf) {
5874 nbytes = ksmbd_vfs_read(work, fp, length, &offset);
5880 if ((nbytes == 0 && length != 0) || nbytes < mincount) {
5881 if (server_conf.flags & KSMBD_GLOBAL_FLAG_CACHE_RBUF)
5882 ksmbd_release_buffer(work->aux_payload_buf);
5884 kvfree(work->aux_payload_buf);
5885 work->aux_payload_buf = NULL;
5886 rsp->hdr.Status = STATUS_END_OF_FILE;
5887 smb2_set_err_rsp(work);
5888 ksmbd_fd_put(work, fp);
5892 ksmbd_debug(SMB, "nbytes %zu, offset %lld mincount %zu\n",
5893 nbytes, offset, mincount);
5895 if (req->Channel == SMB2_CHANNEL_RDMA_V1_INVALIDATE ||
5896 req->Channel == SMB2_CHANNEL_RDMA_V1) {
5897 /* write data to the client using rdma channel */
5898 remain_bytes = smb2_read_rdma_channel(work, req,
5899 work->aux_payload_buf, nbytes);
5900 if (server_conf.flags & KSMBD_GLOBAL_FLAG_CACHE_RBUF)
5901 ksmbd_release_buffer(work->aux_payload_buf);
5903 kvfree(work->aux_payload_buf);
5904 work->aux_payload_buf = NULL;
5907 if (remain_bytes < 0) {
5908 err = (int)remain_bytes;
5913 rsp->StructureSize = cpu_to_le16(17);
5914 rsp->DataOffset = 80;
5916 rsp->DataLength = cpu_to_le32(nbytes);
5917 rsp->DataRemaining = cpu_to_le32(remain_bytes);
5919 inc_rfc1001_len(rsp_org, 16);
5920 work->resp_hdr_sz = get_rfc1002_len(rsp_org) + 4;
5921 work->aux_payload_sz = nbytes;
5922 inc_rfc1001_len(rsp_org, nbytes);
5923 ksmbd_fd_put(work, fp);
5929 rsp->hdr.Status = STATUS_INVALID_DEVICE_REQUEST;
5930 else if (err == -EAGAIN)
5931 rsp->hdr.Status = STATUS_FILE_LOCK_CONFLICT;
5932 else if (err == -ENOENT)
5933 rsp->hdr.Status = STATUS_FILE_CLOSED;
5934 else if (err == -EACCES)
5935 rsp->hdr.Status = STATUS_ACCESS_DENIED;
5936 else if (err == -ESHARE)
5937 rsp->hdr.Status = STATUS_SHARING_VIOLATION;
5938 else if (err == -EINVAL)
5939 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
5941 rsp->hdr.Status = STATUS_INVALID_HANDLE;
5943 smb2_set_err_rsp(work);
5945 ksmbd_fd_put(work, fp);
5950 * smb2_write_pipe() - handler for smb2 write on IPC pipe
5951 * @work: smb work containing write IPC pipe command buffer
5953 * Return: 0 on success, otherwise error
5955 static noinline int smb2_write_pipe(struct ksmbd_work *work)
5957 struct smb2_write_req *req = work->request_buf;
5958 struct smb2_write_rsp *rsp = work->response_buf;
5959 struct ksmbd_rpc_command *rpc_resp;
5961 int err = 0, ret = 0;
5965 length = le32_to_cpu(req->Length);
5966 id = le64_to_cpu(req->VolatileFileId);
5968 if (le16_to_cpu(req->DataOffset) ==
5969 (offsetof(struct smb2_write_req, Buffer) - 4)) {
5970 data_buf = (char *)&req->Buffer[0];
5972 if ((le16_to_cpu(req->DataOffset) > get_rfc1002_len(req)) ||
5973 (le16_to_cpu(req->DataOffset) + length > get_rfc1002_len(req))) {
5974 ksmbd_err("invalid write data offset %u, smb_len %u\n",
5975 le16_to_cpu(req->DataOffset), get_rfc1002_len(req));
5980 data_buf = (char *)(((char *)&req->hdr.ProtocolId) +
5981 le16_to_cpu(req->DataOffset));
5984 rpc_resp = ksmbd_rpc_write(work->sess, id, data_buf, length);
5986 if (rpc_resp->flags == KSMBD_RPC_ENOTIMPLEMENTED) {
5987 rsp->hdr.Status = STATUS_NOT_SUPPORTED;
5989 smb2_set_err_rsp(work);
5992 if (rpc_resp->flags != KSMBD_RPC_OK) {
5993 rsp->hdr.Status = STATUS_INVALID_HANDLE;
5994 smb2_set_err_rsp(work);
6001 rsp->StructureSize = cpu_to_le16(17);
6002 rsp->DataOffset = 0;
6004 rsp->DataLength = cpu_to_le32(length);
6005 rsp->DataRemaining = 0;
6007 inc_rfc1001_len(rsp, 16);
6011 rsp->hdr.Status = STATUS_INVALID_HANDLE;
6012 smb2_set_err_rsp(work);
6018 static ssize_t smb2_write_rdma_channel(struct ksmbd_work *work,
6019 struct smb2_write_req *req, struct ksmbd_file *fp,
6020 loff_t offset, size_t length, bool sync)
6022 struct smb2_buffer_desc_v1 *desc;
6027 desc = (struct smb2_buffer_desc_v1 *)&req->Buffer[0];
6029 if (work->conn->dialect == SMB30_PROT_ID &&
6030 req->Channel != SMB2_CHANNEL_RDMA_V1)
6033 if (req->Length != 0 || req->DataOffset != 0)
6036 if (req->WriteChannelInfoOffset == 0 ||
6037 le16_to_cpu(req->WriteChannelInfoLength) < sizeof(*desc))
6040 work->need_invalidate_rkey =
6041 (req->Channel == SMB2_CHANNEL_RDMA_V1_INVALIDATE);
6042 work->remote_key = le32_to_cpu(desc->token);
6044 data_buf = kvmalloc(length, GFP_KERNEL | __GFP_ZERO);
6048 ret = ksmbd_conn_rdma_read(work->conn, data_buf, length,
6049 le32_to_cpu(desc->token),
6050 le64_to_cpu(desc->offset),
6051 le32_to_cpu(desc->length));
6057 ret = ksmbd_vfs_write(work, fp, data_buf, length, &offset, sync, &nbytes);
6066 * smb2_write() - handler for smb2 write from file
6067 * @work: smb work containing write command buffer
6069 * Return: 0 on success, otherwise error
6071 int smb2_write(struct ksmbd_work *work)
6073 struct smb2_write_req *req;
6074 struct smb2_write_rsp *rsp, *rsp_org;
6075 struct ksmbd_file *fp = NULL;
6080 bool writethrough = false;
6083 rsp_org = work->response_buf;
6084 WORK_BUFFERS(work, req, rsp);
6086 if (test_share_config_flag(work->tcon->share_conf, KSMBD_SHARE_FLAG_PIPE)) {
6087 ksmbd_debug(SMB, "IPC pipe write request\n");
6088 return smb2_write_pipe(work);
6091 if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) {
6092 ksmbd_debug(SMB, "User does not have write permission\n");
6097 fp = ksmbd_lookup_fd_slow(work, le64_to_cpu(req->VolatileFileId),
6098 le64_to_cpu(req->PersistentFileId));
6104 if (!(fp->daccess & (FILE_WRITE_DATA_LE | FILE_READ_ATTRIBUTES_LE))) {
6105 ksmbd_err("Not permitted to write : 0x%x\n", fp->daccess);
6110 offset = le64_to_cpu(req->Offset);
6111 length = le32_to_cpu(req->Length);
6113 if (length > work->conn->vals->max_write_size) {
6114 ksmbd_debug(SMB, "limiting write size to max size(%u)\n",
6115 work->conn->vals->max_write_size);
6120 if (le32_to_cpu(req->Flags) & SMB2_WRITEFLAG_WRITE_THROUGH)
6121 writethrough = true;
6123 if (req->Channel != SMB2_CHANNEL_RDMA_V1 &&
6124 req->Channel != SMB2_CHANNEL_RDMA_V1_INVALIDATE) {
6125 if (le16_to_cpu(req->DataOffset) ==
6126 (offsetof(struct smb2_write_req, Buffer) - 4)) {
6127 data_buf = (char *)&req->Buffer[0];
6129 if ((le16_to_cpu(req->DataOffset) > get_rfc1002_len(req)) ||
6130 (le16_to_cpu(req->DataOffset) + length > get_rfc1002_len(req))) {
6131 ksmbd_err("invalid write data offset %u, smb_len %u\n",
6132 le16_to_cpu(req->DataOffset),
6133 get_rfc1002_len(req));
6138 data_buf = (char *)(((char *)&req->hdr.ProtocolId) +
6139 le16_to_cpu(req->DataOffset));
6142 ksmbd_debug(SMB, "flags %u\n", le32_to_cpu(req->Flags));
6143 if (le32_to_cpu(req->Flags) & SMB2_WRITEFLAG_WRITE_THROUGH)
6144 writethrough = true;
6146 ksmbd_debug(SMB, "filename %s, offset %lld, len %zu\n",
6147 FP_FILENAME(fp), offset, length);
6148 err = ksmbd_vfs_write(work, fp, data_buf, length, &offset,
6149 writethrough, &nbytes);
6153 /* read data from the client using rdma channel, and
6156 nbytes = smb2_write_rdma_channel(work, req, fp, offset,
6157 le32_to_cpu(req->RemainingBytes),
6165 rsp->StructureSize = cpu_to_le16(17);
6166 rsp->DataOffset = 0;
6168 rsp->DataLength = cpu_to_le32(nbytes);
6169 rsp->DataRemaining = 0;
6171 inc_rfc1001_len(rsp_org, 16);
6172 ksmbd_fd_put(work, fp);
6177 rsp->hdr.Status = STATUS_FILE_LOCK_CONFLICT;
6178 else if (err == -ENOSPC || err == -EFBIG)
6179 rsp->hdr.Status = STATUS_DISK_FULL;
6180 else if (err == -ENOENT)
6181 rsp->hdr.Status = STATUS_FILE_CLOSED;
6182 else if (err == -EACCES)
6183 rsp->hdr.Status = STATUS_ACCESS_DENIED;
6184 else if (err == -ESHARE)
6185 rsp->hdr.Status = STATUS_SHARING_VIOLATION;
6186 else if (err == -EINVAL)
6187 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
6189 rsp->hdr.Status = STATUS_INVALID_HANDLE;
6191 smb2_set_err_rsp(work);
6192 ksmbd_fd_put(work, fp);
6197 * smb2_flush() - handler for smb2 flush file - fsync
6198 * @work: smb work containing flush command buffer
6200 * Return: 0 on success, otherwise error
6202 int smb2_flush(struct ksmbd_work *work)
6204 struct smb2_flush_req *req;
6205 struct smb2_flush_rsp *rsp, *rsp_org;
6208 rsp_org = work->response_buf;
6209 WORK_BUFFERS(work, req, rsp);
6211 ksmbd_debug(SMB, "SMB2_FLUSH called for fid %llu\n",
6212 le64_to_cpu(req->VolatileFileId));
6214 err = ksmbd_vfs_fsync(work,
6215 le64_to_cpu(req->VolatileFileId),
6216 le64_to_cpu(req->PersistentFileId));
6220 rsp->StructureSize = cpu_to_le16(4);
6222 inc_rfc1001_len(rsp_org, 4);
6227 rsp->hdr.Status = STATUS_INVALID_HANDLE;
6228 smb2_set_err_rsp(work);
6235 * smb2_cancel() - handler for smb2 cancel command
6236 * @work: smb work containing cancel command buffer
6238 * Return: 0 on success, otherwise error
6240 int smb2_cancel(struct ksmbd_work *work)
6242 struct ksmbd_conn *conn = work->conn;
6243 struct smb2_hdr *hdr = work->request_buf;
6244 struct smb2_hdr *chdr;
6245 struct ksmbd_work *cancel_work = NULL;
6246 struct list_head *tmp;
6248 struct list_head *command_list;
6250 ksmbd_debug(SMB, "smb2 cancel called on mid %llu, async flags 0x%x\n",
6251 hdr->MessageId, hdr->Flags);
6253 if (hdr->Flags & SMB2_FLAGS_ASYNC_COMMAND) {
6254 command_list = &conn->async_requests;
6256 spin_lock(&conn->request_lock);
6257 list_for_each(tmp, command_list) {
6258 cancel_work = list_entry(tmp, struct ksmbd_work,
6259 async_request_entry);
6260 chdr = cancel_work->request_buf;
6262 if (cancel_work->async_id !=
6263 le64_to_cpu(hdr->Id.AsyncId))
6267 "smb2 with AsyncId %llu cancelled command = 0x%x\n",
6268 le64_to_cpu(hdr->Id.AsyncId),
6269 le16_to_cpu(chdr->Command));
6273 spin_unlock(&conn->request_lock);
6275 command_list = &conn->requests;
6277 spin_lock(&conn->request_lock);
6278 list_for_each(tmp, command_list) {
6279 cancel_work = list_entry(tmp, struct ksmbd_work,
6281 chdr = cancel_work->request_buf;
6283 if (chdr->MessageId != hdr->MessageId ||
6284 cancel_work == work)
6288 "smb2 with mid %llu cancelled command = 0x%x\n",
6289 le64_to_cpu(hdr->MessageId),
6290 le16_to_cpu(chdr->Command));
6294 spin_unlock(&conn->request_lock);
6298 cancel_work->state = KSMBD_WORK_CANCELLED;
6299 if (cancel_work->cancel_fn)
6300 cancel_work->cancel_fn(cancel_work->cancel_argv);
6303 /* For SMB2_CANCEL command itself send no response*/
6304 work->send_no_response = 1;
6308 struct file_lock *smb_flock_init(struct file *f)
6310 struct file_lock *fl;
6312 fl = locks_alloc_lock();
6316 locks_init_lock(fl);
6319 fl->fl_pid = current->tgid;
6321 fl->fl_flags = FL_POSIX;
6323 fl->fl_lmops = NULL;
6329 static int smb2_set_flock_flags(struct file_lock *flock, int flags)
6333 /* Checking for wrong flag combination during lock request*/
6335 case SMB2_LOCKFLAG_SHARED:
6336 ksmbd_debug(SMB, "received shared request\n");
6338 flock->fl_type = F_RDLCK;
6339 flock->fl_flags |= FL_SLEEP;
6341 case SMB2_LOCKFLAG_EXCLUSIVE:
6342 ksmbd_debug(SMB, "received exclusive request\n");
6344 flock->fl_type = F_WRLCK;
6345 flock->fl_flags |= FL_SLEEP;
6347 case SMB2_LOCKFLAG_SHARED | SMB2_LOCKFLAG_FAIL_IMMEDIATELY:
6349 "received shared & fail immediately request\n");
6351 flock->fl_type = F_RDLCK;
6353 case SMB2_LOCKFLAG_EXCLUSIVE | SMB2_LOCKFLAG_FAIL_IMMEDIATELY:
6355 "received exclusive & fail immediately request\n");
6357 flock->fl_type = F_WRLCK;
6359 case SMB2_LOCKFLAG_UNLOCK:
6360 ksmbd_debug(SMB, "received unlock request\n");
6361 flock->fl_type = F_UNLCK;
6369 static struct ksmbd_lock *smb2_lock_init(struct file_lock *flock,
6370 unsigned int cmd, int flags, struct list_head *lock_list)
6372 struct ksmbd_lock *lock;
6374 lock = kzalloc(sizeof(struct ksmbd_lock), GFP_KERNEL);
6380 lock->start = flock->fl_start;
6381 lock->end = flock->fl_end;
6382 lock->flags = flags;
6383 if (lock->start == lock->end)
6385 INIT_LIST_HEAD(&lock->llist);
6386 INIT_LIST_HEAD(&lock->glist);
6387 list_add_tail(&lock->llist, lock_list);
6392 static void smb2_remove_blocked_lock(void **argv)
6394 struct file_lock *flock = (struct file_lock *)argv[0];
6396 ksmbd_vfs_posix_lock_unblock(flock);
6397 wake_up(&flock->fl_wait);
6400 static inline bool lock_defer_pending(struct file_lock *fl)
6402 /* check pending lock waiters */
6403 return waitqueue_active(&fl->fl_wait);
6407 * smb2_lock() - handler for smb2 file lock command
6408 * @work: smb work containing lock command buffer
6410 * Return: 0 on success, otherwise error
6412 int smb2_lock(struct ksmbd_work *work)
6414 struct smb2_lock_req *req = work->request_buf;
6415 struct smb2_lock_rsp *rsp = work->response_buf;
6416 struct smb2_lock_element *lock_ele;
6417 struct ksmbd_file *fp = NULL;
6418 struct file_lock *flock = NULL;
6419 struct file *filp = NULL;
6424 u64 lock_start, lock_length;
6425 struct ksmbd_lock *smb_lock = NULL, *cmp_lock, *tmp;
6427 LIST_HEAD(lock_list);
6428 LIST_HEAD(rollback_list);
6431 ksmbd_debug(SMB, "Received lock request\n");
6432 fp = ksmbd_lookup_fd_slow(work,
6433 le64_to_cpu(req->VolatileFileId),
6434 le64_to_cpu(req->PersistentFileId));
6436 ksmbd_debug(SMB, "Invalid file id for lock : %llu\n",
6437 le64_to_cpu(req->VolatileFileId));
6438 rsp->hdr.Status = STATUS_FILE_CLOSED;
6443 lock_count = le16_to_cpu(req->LockCount);
6444 lock_ele = req->locks;
6446 ksmbd_debug(SMB, "lock count is %d\n", lock_count);
6448 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
6452 for (i = 0; i < lock_count; i++) {
6453 flags = le32_to_cpu(lock_ele[i].Flags);
6455 flock = smb_flock_init(filp);
6457 rsp->hdr.Status = STATUS_LOCK_NOT_GRANTED;
6461 cmd = smb2_set_flock_flags(flock, flags);
6463 lock_start = le64_to_cpu(lock_ele[i].Offset);
6464 lock_length = le64_to_cpu(lock_ele[i].Length);
6465 if (lock_start > U64_MAX - lock_length) {
6466 ksmbd_err("Invalid lock range requested\n");
6467 rsp->hdr.Status = STATUS_INVALID_LOCK_RANGE;
6471 if (lock_start > OFFSET_MAX)
6472 flock->fl_start = OFFSET_MAX;
6474 flock->fl_start = lock_start;
6476 lock_length = le64_to_cpu(lock_ele[i].Length);
6477 if (lock_length > OFFSET_MAX - flock->fl_start)
6478 lock_length = OFFSET_MAX - flock->fl_start;
6480 flock->fl_end = flock->fl_start + lock_length;
6482 if (flock->fl_end < flock->fl_start) {
6484 "the end offset(%llx) is smaller than the start offset(%llx)\n",
6485 flock->fl_end, flock->fl_start);
6486 rsp->hdr.Status = STATUS_INVALID_LOCK_RANGE;
6490 /* Check conflict locks in one request */
6491 list_for_each_entry(cmp_lock, &lock_list, llist) {
6492 if (cmp_lock->fl->fl_start <= flock->fl_start &&
6493 cmp_lock->fl->fl_end >= flock->fl_end) {
6494 if (cmp_lock->fl->fl_type != F_UNLCK &&
6495 flock->fl_type != F_UNLCK) {
6496 ksmbd_err("conflict two locks in one request\n");
6498 STATUS_INVALID_PARAMETER;
6504 smb_lock = smb2_lock_init(flock, cmd, flags, &lock_list);
6506 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
6511 list_for_each_entry_safe(smb_lock, tmp, &lock_list, llist) {
6512 if (smb_lock->cmd < 0) {
6513 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
6517 if (!(smb_lock->flags & SMB2_LOCKFLAG_MASK)) {
6518 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
6522 if ((prior_lock & (SMB2_LOCKFLAG_EXCLUSIVE | SMB2_LOCKFLAG_SHARED) &&
6523 smb_lock->flags & SMB2_LOCKFLAG_UNLOCK) ||
6524 (prior_lock == SMB2_LOCKFLAG_UNLOCK &&
6525 !(smb_lock->flags & SMB2_LOCKFLAG_UNLOCK))) {
6526 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
6530 prior_lock = smb_lock->flags;
6532 if (!(smb_lock->flags & SMB2_LOCKFLAG_UNLOCK) &&
6533 !(smb_lock->flags & SMB2_LOCKFLAG_FAIL_IMMEDIATELY))
6537 /* check locks in global list */
6538 list_for_each_entry(cmp_lock, &global_lock_list, glist) {
6539 if (file_inode(cmp_lock->fl->fl_file) !=
6540 file_inode(smb_lock->fl->fl_file))
6543 if (smb_lock->fl->fl_type == F_UNLCK) {
6544 if (cmp_lock->fl->fl_file == smb_lock->fl->fl_file &&
6545 cmp_lock->start == smb_lock->start &&
6546 cmp_lock->end == smb_lock->end &&
6547 !lock_defer_pending(cmp_lock->fl)) {
6549 locks_free_lock(cmp_lock->fl);
6550 list_del(&cmp_lock->glist);
6557 if (cmp_lock->fl->fl_file == smb_lock->fl->fl_file) {
6558 if (smb_lock->flags & SMB2_LOCKFLAG_SHARED)
6561 if (cmp_lock->flags & SMB2_LOCKFLAG_SHARED)
6565 /* check zero byte lock range */
6566 if (cmp_lock->zero_len && !smb_lock->zero_len &&
6567 cmp_lock->start > smb_lock->start &&
6568 cmp_lock->start < smb_lock->end) {
6569 ksmbd_err("previous lock conflict with zero byte lock range\n");
6570 rsp->hdr.Status = STATUS_LOCK_NOT_GRANTED;
6574 if (smb_lock->zero_len && !cmp_lock->zero_len &&
6575 smb_lock->start > cmp_lock->start &&
6576 smb_lock->start < cmp_lock->end) {
6577 ksmbd_err("current lock conflict with zero byte lock range\n");
6578 rsp->hdr.Status = STATUS_LOCK_NOT_GRANTED;
6582 if (((cmp_lock->start <= smb_lock->start &&
6583 cmp_lock->end > smb_lock->start) ||
6584 (cmp_lock->start < smb_lock->end && cmp_lock->end >= smb_lock->end)) &&
6585 !cmp_lock->zero_len && !smb_lock->zero_len) {
6586 ksmbd_err("Not allow lock operation on exclusive lock range\n");
6588 STATUS_LOCK_NOT_GRANTED;
6593 if (smb_lock->fl->fl_type == F_UNLCK && nolock) {
6594 ksmbd_err("Try to unlock nolocked range\n");
6595 rsp->hdr.Status = STATUS_RANGE_NOT_LOCKED;
6600 if (smb_lock->zero_len) {
6605 flock = smb_lock->fl;
6606 list_del(&smb_lock->llist);
6608 err = ksmbd_vfs_lock(filp, smb_lock->cmd, flock);
6610 if (flags & SMB2_LOCKFLAG_UNLOCK) {
6612 ksmbd_debug(SMB, "File unlocked\n");
6613 } else if (err == -ENOENT) {
6614 rsp->hdr.Status = STATUS_NOT_LOCKED;
6617 locks_free_lock(flock);
6620 if (err == FILE_LOCK_DEFERRED) {
6624 "would have to wait for getting lock\n");
6625 list_add_tail(&smb_lock->glist,
6627 list_add(&smb_lock->llist, &rollback_list);
6629 argv = kmalloc(sizeof(void *), GFP_KERNEL);
6636 err = setup_async_work(work,
6637 smb2_remove_blocked_lock, argv);
6640 STATUS_INSUFFICIENT_RESOURCES;
6643 spin_lock(&fp->f_lock);
6644 list_add(&work->fp_entry, &fp->blocked_works);
6645 spin_unlock(&fp->f_lock);
6647 smb2_send_interim_resp(work, STATUS_PENDING);
6649 err = ksmbd_vfs_posix_lock_wait(flock);
6651 if (!WORK_ACTIVE(work)) {
6652 list_del(&smb_lock->llist);
6653 list_del(&smb_lock->glist);
6654 locks_free_lock(flock);
6656 if (WORK_CANCELLED(work)) {
6657 spin_lock(&fp->f_lock);
6658 list_del(&work->fp_entry);
6659 spin_unlock(&fp->f_lock);
6663 smb2_send_interim_resp(work,
6665 work->send_no_response = 1;
6668 init_smb2_rsp_hdr(work);
6669 smb2_set_err_rsp(work);
6671 STATUS_RANGE_NOT_LOCKED;
6676 list_del(&smb_lock->llist);
6677 list_del(&smb_lock->glist);
6678 spin_lock(&fp->f_lock);
6679 list_del(&work->fp_entry);
6680 spin_unlock(&fp->f_lock);
6683 list_add_tail(&smb_lock->glist,
6685 list_add(&smb_lock->llist, &rollback_list);
6686 ksmbd_debug(SMB, "successful in taking lock\n");
6688 rsp->hdr.Status = STATUS_LOCK_NOT_GRANTED;
6694 if (atomic_read(&fp->f_ci->op_count) > 1)
6695 smb_break_all_oplock(work, fp);
6697 rsp->StructureSize = cpu_to_le16(4);
6698 ksmbd_debug(SMB, "successful in taking lock\n");
6699 rsp->hdr.Status = STATUS_SUCCESS;
6701 inc_rfc1001_len(rsp, 4);
6702 ksmbd_fd_put(work, fp);
6706 list_for_each_entry_safe(smb_lock, tmp, &lock_list, llist) {
6707 locks_free_lock(smb_lock->fl);
6708 list_del(&smb_lock->llist);
6712 list_for_each_entry_safe(smb_lock, tmp, &rollback_list, llist) {
6713 struct file_lock *rlock = NULL;
6715 rlock = smb_flock_init(filp);
6716 rlock->fl_type = F_UNLCK;
6717 rlock->fl_start = smb_lock->start;
6718 rlock->fl_end = smb_lock->end;
6720 err = ksmbd_vfs_lock(filp, 0, rlock);
6722 ksmbd_err("rollback unlock fail : %d\n", err);
6723 list_del(&smb_lock->llist);
6724 list_del(&smb_lock->glist);
6725 locks_free_lock(smb_lock->fl);
6726 locks_free_lock(rlock);
6730 ksmbd_debug(SMB, "failed in taking lock(flags : %x)\n", flags);
6731 smb2_set_err_rsp(work);
6732 ksmbd_fd_put(work, fp);
6736 static int fsctl_copychunk(struct ksmbd_work *work, struct smb2_ioctl_req *req,
6737 struct smb2_ioctl_rsp *rsp)
6739 struct copychunk_ioctl_req *ci_req;
6740 struct copychunk_ioctl_rsp *ci_rsp;
6741 struct ksmbd_file *src_fp = NULL, *dst_fp = NULL;
6742 struct srv_copychunk *chunks;
6743 unsigned int i, chunk_count, chunk_count_written = 0;
6744 unsigned int chunk_size_written = 0;
6745 loff_t total_size_written = 0;
6748 cnt_code = le32_to_cpu(req->CntCode);
6749 ci_req = (struct copychunk_ioctl_req *)&req->Buffer[0];
6750 ci_rsp = (struct copychunk_ioctl_rsp *)&rsp->Buffer[0];
6752 rsp->VolatileFileId = req->VolatileFileId;
6753 rsp->PersistentFileId = req->PersistentFileId;
6754 ci_rsp->ChunksWritten =
6755 cpu_to_le32(ksmbd_server_side_copy_max_chunk_count());
6756 ci_rsp->ChunkBytesWritten =
6757 cpu_to_le32(ksmbd_server_side_copy_max_chunk_size());
6758 ci_rsp->TotalBytesWritten =
6759 cpu_to_le32(ksmbd_server_side_copy_max_total_size());
6761 chunks = (struct srv_copychunk *)&ci_req->Chunks[0];
6762 chunk_count = le32_to_cpu(ci_req->ChunkCount);
6763 total_size_written = 0;
6765 /* verify the SRV_COPYCHUNK_COPY packet */
6766 if (chunk_count > ksmbd_server_side_copy_max_chunk_count() ||
6767 le32_to_cpu(req->InputCount) <
6768 offsetof(struct copychunk_ioctl_req, Chunks) +
6769 chunk_count * sizeof(struct srv_copychunk)) {
6770 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
6774 for (i = 0; i < chunk_count; i++) {
6775 if (le32_to_cpu(chunks[i].Length) == 0 ||
6776 le32_to_cpu(chunks[i].Length) > ksmbd_server_side_copy_max_chunk_size())
6778 total_size_written += le32_to_cpu(chunks[i].Length);
6781 if (i < chunk_count ||
6782 total_size_written > ksmbd_server_side_copy_max_total_size()) {
6783 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
6787 src_fp = ksmbd_lookup_foreign_fd(work,
6788 le64_to_cpu(ci_req->ResumeKey[0]));
6789 dst_fp = ksmbd_lookup_fd_slow(work,
6790 le64_to_cpu(req->VolatileFileId),
6791 le64_to_cpu(req->PersistentFileId));
6794 src_fp->persistent_id != le64_to_cpu(ci_req->ResumeKey[1])) {
6795 rsp->hdr.Status = STATUS_OBJECT_NAME_NOT_FOUND;
6800 rsp->hdr.Status = STATUS_FILE_CLOSED;
6805 * FILE_READ_DATA should only be included in
6806 * the FSCTL_COPYCHUNK case
6808 if (cnt_code == FSCTL_COPYCHUNK && !(dst_fp->daccess &
6809 (FILE_READ_DATA_LE | FILE_GENERIC_READ_LE))) {
6810 rsp->hdr.Status = STATUS_ACCESS_DENIED;
6814 ret = ksmbd_vfs_copy_file_ranges(work, src_fp, dst_fp,
6815 chunks, chunk_count,
6816 &chunk_count_written, &chunk_size_written,
6817 &total_size_written);
6820 rsp->hdr.Status = STATUS_ACCESS_DENIED;
6822 rsp->hdr.Status = STATUS_FILE_LOCK_CONFLICT;
6823 else if (ret == -EBADF)
6824 rsp->hdr.Status = STATUS_INVALID_HANDLE;
6825 else if (ret == -EFBIG || ret == -ENOSPC)
6826 rsp->hdr.Status = STATUS_DISK_FULL;
6827 else if (ret == -EINVAL)
6828 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
6829 else if (ret == -EISDIR)
6830 rsp->hdr.Status = STATUS_FILE_IS_A_DIRECTORY;
6831 else if (ret == -E2BIG)
6832 rsp->hdr.Status = STATUS_INVALID_VIEW_SIZE;
6834 rsp->hdr.Status = STATUS_UNEXPECTED_IO_ERROR;
6837 ci_rsp->ChunksWritten = cpu_to_le32(chunk_count_written);
6838 ci_rsp->ChunkBytesWritten = cpu_to_le32(chunk_size_written);
6839 ci_rsp->TotalBytesWritten = cpu_to_le32(total_size_written);
6841 ksmbd_fd_put(work, src_fp);
6842 ksmbd_fd_put(work, dst_fp);
6846 static __be32 idev_ipv4_address(struct in_device *idev)
6850 struct in_ifaddr *ifa;
6853 in_dev_for_each_ifa_rcu(ifa, idev) {
6854 if (ifa->ifa_flags & IFA_F_SECONDARY)
6857 addr = ifa->ifa_address;
6864 static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn,
6865 struct smb2_ioctl_req *req, struct smb2_ioctl_rsp *rsp)
6867 struct network_interface_info_ioctl_rsp *nii_rsp = NULL;
6869 struct net_device *netdev;
6870 struct sockaddr_storage_rsp *sockaddr_storage;
6872 unsigned long long speed;
6875 for_each_netdev(&init_net, netdev) {
6876 if (unlikely(!netdev)) {
6881 if (netdev->type == ARPHRD_LOOPBACK)
6884 flags = dev_get_flags(netdev);
6885 if (!(flags & IFF_RUNNING))
6888 nii_rsp = (struct network_interface_info_ioctl_rsp *)
6889 &rsp->Buffer[nbytes];
6890 nii_rsp->IfIndex = cpu_to_le32(netdev->ifindex);
6892 /* TODO: specify the RDMA capabilities */
6893 if (netdev->num_tx_queues > 1)
6894 nii_rsp->Capability = cpu_to_le32(RSS_CAPABLE);
6896 nii_rsp->Capability = 0;
6898 nii_rsp->Next = cpu_to_le32(152);
6899 nii_rsp->Reserved = 0;
6901 if (netdev->ethtool_ops->get_link_ksettings) {
6902 struct ethtool_link_ksettings cmd;
6904 netdev->ethtool_ops->get_link_ksettings(netdev, &cmd);
6905 speed = cmd.base.speed;
6907 ksmbd_err("%s %s\n", netdev->name,
6908 "speed is unknown, defaulting to 1Gb/sec");
6913 nii_rsp->LinkSpeed = cpu_to_le64(speed);
6915 sockaddr_storage = (struct sockaddr_storage_rsp *)
6916 nii_rsp->SockAddr_Storage;
6917 memset(sockaddr_storage, 0, 128);
6919 if (conn->peer_addr.ss_family == PF_INET) {
6920 struct in_device *idev;
6922 sockaddr_storage->Family = cpu_to_le16(INTERNETWORK);
6923 sockaddr_storage->addr4.Port = 0;
6925 idev = __in_dev_get_rtnl(netdev);
6928 sockaddr_storage->addr4.IPv4address =
6929 idev_ipv4_address(idev);
6931 struct inet6_dev *idev6;
6932 struct inet6_ifaddr *ifa;
6933 __u8 *ipv6_addr = sockaddr_storage->addr6.IPv6address;
6935 sockaddr_storage->Family = cpu_to_le16(INTERNETWORKV6);
6936 sockaddr_storage->addr6.Port = 0;
6937 sockaddr_storage->addr6.FlowInfo = 0;
6939 idev6 = __in6_dev_get(netdev);
6943 list_for_each_entry(ifa, &idev6->addr_list, if_list) {
6944 if (ifa->flags & (IFA_F_TENTATIVE |
6947 memcpy(ipv6_addr, ifa->addr.s6_addr, 16);
6950 sockaddr_storage->addr6.ScopeId = 0;
6953 nbytes += sizeof(struct network_interface_info_ioctl_rsp);
6957 /* zero if this is last one */
6962 rsp->hdr.Status = STATUS_BUFFER_TOO_SMALL;
6966 rsp->PersistentFileId = cpu_to_le64(SMB2_NO_FID);
6967 rsp->VolatileFileId = cpu_to_le64(SMB2_NO_FID);
6971 static int fsctl_validate_negotiate_info(struct ksmbd_conn *conn,
6972 struct validate_negotiate_info_req *neg_req,
6973 struct validate_negotiate_info_rsp *neg_rsp)
6978 dialect = ksmbd_lookup_dialect_by_id(neg_req->Dialects,
6979 neg_req->DialectCount);
6980 if (dialect == BAD_PROT_ID || dialect != conn->dialect) {
6985 if (strncmp(neg_req->Guid, conn->ClientGUID, SMB2_CLIENT_GUID_SIZE)) {
6990 if (le16_to_cpu(neg_req->SecurityMode) != conn->cli_sec_mode) {
6995 if (le32_to_cpu(neg_req->Capabilities) != conn->cli_cap) {
7000 neg_rsp->Capabilities = cpu_to_le32(conn->vals->capabilities);
7001 memset(neg_rsp->Guid, 0, SMB2_CLIENT_GUID_SIZE);
7002 neg_rsp->SecurityMode = cpu_to_le16(conn->srv_sec_mode);
7003 neg_rsp->Dialect = cpu_to_le16(conn->dialect);
7008 static int fsctl_query_allocated_ranges(struct ksmbd_work *work, u64 id,
7009 struct file_allocated_range_buffer *qar_req,
7010 struct file_allocated_range_buffer *qar_rsp,
7011 int in_count, int *out_count)
7013 struct ksmbd_file *fp;
7014 loff_t start, length;
7021 fp = ksmbd_lookup_fd_fast(work, id);
7025 start = le64_to_cpu(qar_req->file_offset);
7026 length = le64_to_cpu(qar_req->length);
7028 ret = ksmbd_vfs_fqar_lseek(fp, start, length,
7029 qar_rsp, in_count, out_count);
7030 if (ret && ret != -E2BIG)
7033 ksmbd_fd_put(work, fp);
7037 static int fsctl_pipe_transceive(struct ksmbd_work *work, u64 id,
7038 int out_buf_len, struct smb2_ioctl_req *req,
7039 struct smb2_ioctl_rsp *rsp)
7041 struct ksmbd_rpc_command *rpc_resp;
7042 char *data_buf = (char *)&req->Buffer[0];
7045 rpc_resp = ksmbd_rpc_ioctl(work->sess, id, data_buf,
7046 le32_to_cpu(req->InputCount));
7048 if (rpc_resp->flags == KSMBD_RPC_SOME_NOT_MAPPED) {
7050 * set STATUS_SOME_NOT_MAPPED response
7051 * for unknown domain sid.
7053 rsp->hdr.Status = STATUS_SOME_NOT_MAPPED;
7054 } else if (rpc_resp->flags == KSMBD_RPC_ENOTIMPLEMENTED) {
7055 rsp->hdr.Status = STATUS_NOT_SUPPORTED;
7057 } else if (rpc_resp->flags != KSMBD_RPC_OK) {
7058 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
7062 nbytes = rpc_resp->payload_sz;
7063 if (rpc_resp->payload_sz > out_buf_len) {
7064 rsp->hdr.Status = STATUS_BUFFER_OVERFLOW;
7065 nbytes = out_buf_len;
7068 if (!rpc_resp->payload_sz) {
7070 STATUS_UNEXPECTED_IO_ERROR;
7074 memcpy((char *)rsp->Buffer, rpc_resp->payload, nbytes);
7081 static inline int fsctl_set_sparse(struct ksmbd_work *work, u64 id,
7082 struct file_sparse *sparse)
7084 struct ksmbd_file *fp;
7088 fp = ksmbd_lookup_fd_fast(work, id);
7092 old_fattr = fp->f_ci->m_fattr;
7093 if (sparse->SetSparse)
7094 fp->f_ci->m_fattr |= ATTR_SPARSE_FILE_LE;
7096 fp->f_ci->m_fattr &= ~ATTR_SPARSE_FILE_LE;
7098 if (fp->f_ci->m_fattr != old_fattr &&
7099 test_share_config_flag(work->tcon->share_conf,
7100 KSMBD_SHARE_FLAG_STORE_DOS_ATTRS)) {
7101 struct xattr_dos_attrib da;
7103 ret = ksmbd_vfs_get_dos_attrib_xattr(fp->filp->f_path.dentry, &da);
7107 da.attr = le32_to_cpu(fp->f_ci->m_fattr);
7108 ret = ksmbd_vfs_set_dos_attrib_xattr(fp->filp->f_path.dentry, &da);
7110 fp->f_ci->m_fattr = old_fattr;
7114 ksmbd_fd_put(work, fp);
7118 static int fsctl_request_resume_key(struct ksmbd_work *work,
7119 struct smb2_ioctl_req *req,
7120 struct resume_key_ioctl_rsp *key_rsp)
7122 struct ksmbd_file *fp;
7124 fp = ksmbd_lookup_fd_slow(work,
7125 le64_to_cpu(req->VolatileFileId),
7126 le64_to_cpu(req->PersistentFileId));
7130 memset(key_rsp, 0, sizeof(*key_rsp));
7131 key_rsp->ResumeKey[0] = req->VolatileFileId;
7132 key_rsp->ResumeKey[1] = req->PersistentFileId;
7133 ksmbd_fd_put(work, fp);
7139 * smb2_ioctl() - handler for smb2 ioctl command
7140 * @work: smb work containing ioctl command buffer
7142 * Return: 0 on success, otherwise error
7144 int smb2_ioctl(struct ksmbd_work *work)
7146 struct smb2_ioctl_req *req;
7147 struct smb2_ioctl_rsp *rsp, *rsp_org;
7148 int cnt_code, nbytes = 0;
7150 u64 id = KSMBD_NO_FID;
7151 struct ksmbd_conn *conn = work->conn;
7154 rsp_org = work->response_buf;
7155 if (work->next_smb2_rcv_hdr_off) {
7156 req = REQUEST_BUF_NEXT(work);
7157 rsp = RESPONSE_BUF_NEXT(work);
7158 if (!HAS_FILE_ID(le64_to_cpu(req->VolatileFileId))) {
7159 ksmbd_debug(SMB, "Compound request set FID = %u\n",
7160 work->compound_fid);
7161 id = work->compound_fid;
7164 req = work->request_buf;
7165 rsp = work->response_buf;
7168 if (!HAS_FILE_ID(id))
7169 id = le64_to_cpu(req->VolatileFileId);
7171 if (req->Flags != cpu_to_le32(SMB2_0_IOCTL_IS_FSCTL)) {
7172 rsp->hdr.Status = STATUS_NOT_SUPPORTED;
7176 cnt_code = le32_to_cpu(req->CntCode);
7177 out_buf_len = le32_to_cpu(req->MaxOutputResponse);
7178 out_buf_len = min(KSMBD_IPC_MAX_PAYLOAD, out_buf_len);
7181 case FSCTL_DFS_GET_REFERRALS:
7182 case FSCTL_DFS_GET_REFERRALS_EX:
7183 /* Not support DFS yet */
7184 rsp->hdr.Status = STATUS_FS_DRIVER_REQUIRED;
7186 case FSCTL_CREATE_OR_GET_OBJECT_ID:
7188 struct file_object_buf_type1_ioctl_rsp *obj_buf;
7190 nbytes = sizeof(struct file_object_buf_type1_ioctl_rsp);
7191 obj_buf = (struct file_object_buf_type1_ioctl_rsp *)
7195 * TODO: This is dummy implementation to pass smbtorture
7196 * Need to check correct response later
7198 memset(obj_buf->ObjectId, 0x0, 16);
7199 memset(obj_buf->BirthVolumeId, 0x0, 16);
7200 memset(obj_buf->BirthObjectId, 0x0, 16);
7201 memset(obj_buf->DomainId, 0x0, 16);
7205 case FSCTL_PIPE_TRANSCEIVE:
7206 nbytes = fsctl_pipe_transceive(work, id, out_buf_len, req, rsp);
7208 case FSCTL_VALIDATE_NEGOTIATE_INFO:
7209 if (conn->dialect < SMB30_PROT_ID) {
7214 ret = fsctl_validate_negotiate_info(conn,
7215 (struct validate_negotiate_info_req *)&req->Buffer[0],
7216 (struct validate_negotiate_info_rsp *)&rsp->Buffer[0]);
7220 nbytes = sizeof(struct validate_negotiate_info_rsp);
7221 rsp->PersistentFileId = cpu_to_le64(SMB2_NO_FID);
7222 rsp->VolatileFileId = cpu_to_le64(SMB2_NO_FID);
7224 case FSCTL_QUERY_NETWORK_INTERFACE_INFO:
7225 nbytes = fsctl_query_iface_info_ioctl(conn, req, rsp);
7229 case FSCTL_REQUEST_RESUME_KEY:
7230 if (out_buf_len < sizeof(struct resume_key_ioctl_rsp)) {
7235 ret = fsctl_request_resume_key(work, req,
7236 (struct resume_key_ioctl_rsp *)&rsp->Buffer[0]);
7239 rsp->PersistentFileId = req->PersistentFileId;
7240 rsp->VolatileFileId = req->VolatileFileId;
7241 nbytes = sizeof(struct resume_key_ioctl_rsp);
7243 case FSCTL_COPYCHUNK:
7244 case FSCTL_COPYCHUNK_WRITE:
7245 if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) {
7247 "User does not have write permission\n");
7252 if (out_buf_len < sizeof(struct copychunk_ioctl_rsp)) {
7257 nbytes = sizeof(struct copychunk_ioctl_rsp);
7258 fsctl_copychunk(work, req, rsp);
7260 case FSCTL_SET_SPARSE:
7261 ret = fsctl_set_sparse(work, id,
7262 (struct file_sparse *)&req->Buffer[0]);
7266 case FSCTL_SET_ZERO_DATA:
7268 struct file_zero_data_information *zero_data;
7269 struct ksmbd_file *fp;
7272 if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) {
7274 "User does not have write permission\n");
7280 (struct file_zero_data_information *)&req->Buffer[0];
7282 fp = ksmbd_lookup_fd_fast(work, id);
7288 off = le64_to_cpu(zero_data->FileOffset);
7289 len = le64_to_cpu(zero_data->BeyondFinalZero) - off;
7291 ret = ksmbd_vfs_zero_data(work, fp, off, len);
7292 ksmbd_fd_put(work, fp);
7297 case FSCTL_QUERY_ALLOCATED_RANGES:
7298 ret = fsctl_query_allocated_ranges(work, id,
7299 (struct file_allocated_range_buffer *)&req->Buffer[0],
7300 (struct file_allocated_range_buffer *)&rsp->Buffer[0],
7302 sizeof(struct file_allocated_range_buffer), &nbytes);
7303 if (ret == -E2BIG) {
7304 rsp->hdr.Status = STATUS_BUFFER_OVERFLOW;
7305 } else if (ret < 0) {
7310 nbytes *= sizeof(struct file_allocated_range_buffer);
7312 case FSCTL_GET_REPARSE_POINT:
7314 struct reparse_data_buffer *reparse_ptr;
7315 struct ksmbd_file *fp;
7317 reparse_ptr = (struct reparse_data_buffer *)&rsp->Buffer[0];
7318 fp = ksmbd_lookup_fd_fast(work, id);
7320 ksmbd_err("not found fp!!\n");
7325 reparse_ptr->ReparseTag =
7326 smb2_get_reparse_tag_special_file(FP_INODE(fp)->i_mode);
7327 reparse_ptr->ReparseDataLength = 0;
7328 ksmbd_fd_put(work, fp);
7329 nbytes = sizeof(struct reparse_data_buffer);
7332 case FSCTL_DUPLICATE_EXTENTS_TO_FILE:
7334 struct ksmbd_file *fp_in, *fp_out = NULL;
7335 struct duplicate_extents_to_file *dup_ext;
7336 loff_t src_off, dst_off, length, cloned;
7338 dup_ext = (struct duplicate_extents_to_file *)&req->Buffer[0];
7340 fp_in = ksmbd_lookup_fd_slow(work, dup_ext->VolatileFileHandle,
7341 dup_ext->PersistentFileHandle);
7343 ksmbd_err("not found file handle in duplicate extent to file\n");
7348 fp_out = ksmbd_lookup_fd_fast(work, id);
7350 ksmbd_err("not found fp\n");
7355 src_off = le64_to_cpu(dup_ext->SourceFileOffset);
7356 dst_off = le64_to_cpu(dup_ext->TargetFileOffset);
7357 length = le64_to_cpu(dup_ext->ByteCount);
7358 cloned = vfs_clone_file_range(fp_in->filp, src_off, fp_out->filp,
7359 dst_off, length, 0);
7360 if (cloned == -EXDEV || cloned == -EOPNOTSUPP) {
7363 } else if (cloned != length) {
7364 cloned = ksmbd_vfs_copy_file_range(fp_in->filp, src_off,
7365 fp_out->filp, dst_off, length);
7366 if (cloned != length) {
7375 ksmbd_fd_put(work, fp_in);
7376 ksmbd_fd_put(work, fp_out);
7382 ksmbd_debug(SMB, "not implemented yet ioctl command 0x%x\n",
7388 rsp->CntCode = cpu_to_le32(cnt_code);
7389 rsp->InputCount = cpu_to_le32(0);
7390 rsp->InputOffset = cpu_to_le32(112);
7391 rsp->OutputOffset = cpu_to_le32(112);
7392 rsp->OutputCount = cpu_to_le32(nbytes);
7393 rsp->StructureSize = cpu_to_le16(49);
7394 rsp->Reserved = cpu_to_le16(0);
7395 rsp->Flags = cpu_to_le32(0);
7396 rsp->Reserved2 = cpu_to_le32(0);
7397 inc_rfc1001_len(rsp_org, 48 + nbytes);
7403 rsp->hdr.Status = STATUS_ACCESS_DENIED;
7404 else if (ret == -ENOENT)
7405 rsp->hdr.Status = STATUS_OBJECT_NAME_NOT_FOUND;
7406 else if (ret == -EOPNOTSUPP)
7407 rsp->hdr.Status = STATUS_NOT_SUPPORTED;
7408 else if (ret < 0 || rsp->hdr.Status == 0)
7409 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
7410 smb2_set_err_rsp(work);
7415 * smb20_oplock_break_ack() - handler for smb2.0 oplock break command
7416 * @work: smb work containing oplock break command buffer
7420 static void smb20_oplock_break_ack(struct ksmbd_work *work)
7422 struct smb2_oplock_break *req = work->request_buf;
7423 struct smb2_oplock_break *rsp = work->response_buf;
7424 struct ksmbd_file *fp;
7425 struct oplock_info *opinfo = NULL;
7428 u64 volatile_id, persistent_id;
7429 char req_oplevel = 0, rsp_oplevel = 0;
7430 unsigned int oplock_change_type;
7432 volatile_id = le64_to_cpu(req->VolatileFid);
7433 persistent_id = le64_to_cpu(req->PersistentFid);
7434 req_oplevel = req->OplockLevel;
7435 ksmbd_debug(OPLOCK, "v_id %llu, p_id %llu request oplock level %d\n",
7436 volatile_id, persistent_id, req_oplevel);
7438 fp = ksmbd_lookup_fd_slow(work, volatile_id, persistent_id);
7440 rsp->hdr.Status = STATUS_FILE_CLOSED;
7441 smb2_set_err_rsp(work);
7445 opinfo = opinfo_get(fp);
7447 ksmbd_err("unexpected null oplock_info\n");
7448 rsp->hdr.Status = STATUS_INVALID_OPLOCK_PROTOCOL;
7449 smb2_set_err_rsp(work);
7450 ksmbd_fd_put(work, fp);
7454 if (opinfo->level == SMB2_OPLOCK_LEVEL_NONE) {
7455 rsp->hdr.Status = STATUS_INVALID_OPLOCK_PROTOCOL;
7459 if (opinfo->op_state == OPLOCK_STATE_NONE) {
7460 ksmbd_debug(SMB, "unexpected oplock state 0x%x\n", opinfo->op_state);
7461 rsp->hdr.Status = STATUS_UNSUCCESSFUL;
7465 if ((opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE ||
7466 opinfo->level == SMB2_OPLOCK_LEVEL_BATCH) &&
7467 (req_oplevel != SMB2_OPLOCK_LEVEL_II &&
7468 req_oplevel != SMB2_OPLOCK_LEVEL_NONE)) {
7469 err = STATUS_INVALID_OPLOCK_PROTOCOL;
7470 oplock_change_type = OPLOCK_WRITE_TO_NONE;
7471 } else if (opinfo->level == SMB2_OPLOCK_LEVEL_II &&
7472 req_oplevel != SMB2_OPLOCK_LEVEL_NONE) {
7473 err = STATUS_INVALID_OPLOCK_PROTOCOL;
7474 oplock_change_type = OPLOCK_READ_TO_NONE;
7475 } else if (req_oplevel == SMB2_OPLOCK_LEVEL_II ||
7476 req_oplevel == SMB2_OPLOCK_LEVEL_NONE) {
7477 err = STATUS_INVALID_DEVICE_STATE;
7478 if ((opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE ||
7479 opinfo->level == SMB2_OPLOCK_LEVEL_BATCH) &&
7480 req_oplevel == SMB2_OPLOCK_LEVEL_II) {
7481 oplock_change_type = OPLOCK_WRITE_TO_READ;
7482 } else if ((opinfo->level == SMB2_OPLOCK_LEVEL_EXCLUSIVE ||
7483 opinfo->level == SMB2_OPLOCK_LEVEL_BATCH) &&
7484 req_oplevel == SMB2_OPLOCK_LEVEL_NONE) {
7485 oplock_change_type = OPLOCK_WRITE_TO_NONE;
7486 } else if (opinfo->level == SMB2_OPLOCK_LEVEL_II &&
7487 req_oplevel == SMB2_OPLOCK_LEVEL_NONE) {
7488 oplock_change_type = OPLOCK_READ_TO_NONE;
7490 oplock_change_type = 0;
7493 oplock_change_type = 0;
7496 switch (oplock_change_type) {
7497 case OPLOCK_WRITE_TO_READ:
7498 ret = opinfo_write_to_read(opinfo);
7499 rsp_oplevel = SMB2_OPLOCK_LEVEL_II;
7501 case OPLOCK_WRITE_TO_NONE:
7502 ret = opinfo_write_to_none(opinfo);
7503 rsp_oplevel = SMB2_OPLOCK_LEVEL_NONE;
7505 case OPLOCK_READ_TO_NONE:
7506 ret = opinfo_read_to_none(opinfo);
7507 rsp_oplevel = SMB2_OPLOCK_LEVEL_NONE;
7510 ksmbd_err("unknown oplock change 0x%x -> 0x%x\n",
7511 opinfo->level, rsp_oplevel);
7515 rsp->hdr.Status = err;
7520 ksmbd_fd_put(work, fp);
7521 opinfo->op_state = OPLOCK_STATE_NONE;
7522 wake_up_interruptible_all(&opinfo->oplock_q);
7524 rsp->StructureSize = cpu_to_le16(24);
7525 rsp->OplockLevel = rsp_oplevel;
7528 rsp->VolatileFid = cpu_to_le64(volatile_id);
7529 rsp->PersistentFid = cpu_to_le64(persistent_id);
7530 inc_rfc1001_len(rsp, 24);
7534 opinfo->op_state = OPLOCK_STATE_NONE;
7535 wake_up_interruptible_all(&opinfo->oplock_q);
7538 ksmbd_fd_put(work, fp);
7539 smb2_set_err_rsp(work);
7542 static int check_lease_state(struct lease *lease, __le32 req_state)
7544 if ((lease->new_state ==
7545 (SMB2_LEASE_READ_CACHING_LE | SMB2_LEASE_HANDLE_CACHING_LE)) &&
7546 !(req_state & SMB2_LEASE_WRITE_CACHING_LE)) {
7547 lease->new_state = req_state;
7551 if (lease->new_state == req_state)
7558 * smb21_lease_break_ack() - handler for smb2.1 lease break command
7559 * @work: smb work containing lease break command buffer
7563 static void smb21_lease_break_ack(struct ksmbd_work *work)
7565 struct ksmbd_conn *conn = work->conn;
7566 struct smb2_lease_ack *req = work->request_buf;
7567 struct smb2_lease_ack *rsp = work->response_buf;
7568 struct oplock_info *opinfo;
7571 unsigned int lease_change_type;
7573 struct lease *lease;
7575 ksmbd_debug(OPLOCK, "smb21 lease break, lease state(0x%x)\n",
7576 le32_to_cpu(req->LeaseState));
7577 opinfo = lookup_lease_in_table(conn, req->LeaseKey);
7579 ksmbd_debug(OPLOCK, "file not opened\n");
7580 smb2_set_err_rsp(work);
7581 rsp->hdr.Status = STATUS_UNSUCCESSFUL;
7584 lease = opinfo->o_lease;
7586 if (opinfo->op_state == OPLOCK_STATE_NONE) {
7587 ksmbd_err("unexpected lease break state 0x%x\n",
7589 rsp->hdr.Status = STATUS_UNSUCCESSFUL;
7593 if (check_lease_state(lease, req->LeaseState)) {
7594 rsp->hdr.Status = STATUS_REQUEST_NOT_ACCEPTED;
7596 "req lease state: 0x%x, expected state: 0x%x\n",
7597 req->LeaseState, lease->new_state);
7601 if (!atomic_read(&opinfo->breaking_cnt)) {
7602 rsp->hdr.Status = STATUS_UNSUCCESSFUL;
7606 /* check for bad lease state */
7607 if (req->LeaseState & (~(SMB2_LEASE_READ_CACHING_LE |
7608 SMB2_LEASE_HANDLE_CACHING_LE))) {
7609 err = STATUS_INVALID_OPLOCK_PROTOCOL;
7610 if (lease->state & SMB2_LEASE_WRITE_CACHING_LE)
7611 lease_change_type = OPLOCK_WRITE_TO_NONE;
7613 lease_change_type = OPLOCK_READ_TO_NONE;
7614 ksmbd_debug(OPLOCK, "handle bad lease state 0x%x -> 0x%x\n",
7615 le32_to_cpu(lease->state),
7616 le32_to_cpu(req->LeaseState));
7617 } else if (lease->state == SMB2_LEASE_READ_CACHING_LE &&
7618 req->LeaseState != SMB2_LEASE_NONE_LE) {
7619 err = STATUS_INVALID_OPLOCK_PROTOCOL;
7620 lease_change_type = OPLOCK_READ_TO_NONE;
7621 ksmbd_debug(OPLOCK, "handle bad lease state 0x%x -> 0x%x\n",
7622 le32_to_cpu(lease->state),
7623 le32_to_cpu(req->LeaseState));
7625 /* valid lease state changes */
7626 err = STATUS_INVALID_DEVICE_STATE;
7627 if (req->LeaseState == SMB2_LEASE_NONE_LE) {
7628 if (lease->state & SMB2_LEASE_WRITE_CACHING_LE)
7629 lease_change_type = OPLOCK_WRITE_TO_NONE;
7631 lease_change_type = OPLOCK_READ_TO_NONE;
7632 } else if (req->LeaseState & SMB2_LEASE_READ_CACHING_LE) {
7633 if (lease->state & SMB2_LEASE_WRITE_CACHING_LE)
7634 lease_change_type = OPLOCK_WRITE_TO_READ;
7636 lease_change_type = OPLOCK_READ_HANDLE_TO_READ;
7638 lease_change_type = 0;
7642 switch (lease_change_type) {
7643 case OPLOCK_WRITE_TO_READ:
7644 ret = opinfo_write_to_read(opinfo);
7646 case OPLOCK_READ_HANDLE_TO_READ:
7647 ret = opinfo_read_handle_to_read(opinfo);
7649 case OPLOCK_WRITE_TO_NONE:
7650 ret = opinfo_write_to_none(opinfo);
7652 case OPLOCK_READ_TO_NONE:
7653 ret = opinfo_read_to_none(opinfo);
7656 ksmbd_debug(OPLOCK, "unknown lease change 0x%x -> 0x%x\n",
7657 le32_to_cpu(lease->state),
7658 le32_to_cpu(req->LeaseState));
7661 lease_state = lease->state;
7662 opinfo->op_state = OPLOCK_STATE_NONE;
7663 wake_up_interruptible_all(&opinfo->oplock_q);
7664 atomic_dec(&opinfo->breaking_cnt);
7665 wake_up_interruptible_all(&opinfo->oplock_brk);
7669 rsp->hdr.Status = err;
7673 rsp->StructureSize = cpu_to_le16(36);
7676 memcpy(rsp->LeaseKey, req->LeaseKey, 16);
7677 rsp->LeaseState = lease_state;
7678 rsp->LeaseDuration = 0;
7679 inc_rfc1001_len(rsp, 36);
7683 opinfo->op_state = OPLOCK_STATE_NONE;
7684 wake_up_interruptible_all(&opinfo->oplock_q);
7685 atomic_dec(&opinfo->breaking_cnt);
7686 wake_up_interruptible_all(&opinfo->oplock_brk);
7689 smb2_set_err_rsp(work);
7693 * smb2_oplock_break() - dispatcher for smb2.0 and 2.1 oplock/lease break
7694 * @work: smb work containing oplock/lease break command buffer
7698 int smb2_oplock_break(struct ksmbd_work *work)
7700 struct smb2_oplock_break *req = work->request_buf;
7701 struct smb2_oplock_break *rsp = work->response_buf;
7703 switch (le16_to_cpu(req->StructureSize)) {
7704 case OP_BREAK_STRUCT_SIZE_20:
7705 smb20_oplock_break_ack(work);
7707 case OP_BREAK_STRUCT_SIZE_21:
7708 smb21_lease_break_ack(work);
7711 ksmbd_debug(OPLOCK, "invalid break cmd %d\n",
7712 le16_to_cpu(req->StructureSize));
7713 rsp->hdr.Status = STATUS_INVALID_PARAMETER;
7714 smb2_set_err_rsp(work);
7721 * smb2_notify() - handler for smb2 notify request
7722 * @work: smb work containing notify command buffer
7726 int smb2_notify(struct ksmbd_work *work)
7728 struct smb2_notify_req *req;
7729 struct smb2_notify_rsp *rsp;
7731 WORK_BUFFERS(work, req, rsp);
7733 if (work->next_smb2_rcv_hdr_off && req->hdr.NextCommand) {
7734 rsp->hdr.Status = STATUS_INTERNAL_ERROR;
7735 smb2_set_err_rsp(work);
7739 smb2_set_err_rsp(work);
7740 rsp->hdr.Status = STATUS_NOT_IMPLEMENTED;
7745 * smb2_is_sign_req() - handler for checking packet signing status
7746 * @work: smb work containing notify command buffer
7747 * @command: SMB2 command id
7749 * Return: true if packed is signed, false otherwise
7751 bool smb2_is_sign_req(struct ksmbd_work *work, unsigned int command)
7753 struct smb2_hdr *rcv_hdr2 = work->request_buf;
7755 if ((rcv_hdr2->Flags & SMB2_FLAGS_SIGNED) &&
7756 command != SMB2_NEGOTIATE_HE &&
7757 command != SMB2_SESSION_SETUP_HE &&
7758 command != SMB2_OPLOCK_BREAK_HE)
7765 * smb2_check_sign_req() - handler for req packet sign processing
7766 * @work: smb work containing notify command buffer
7768 * Return: 1 on success, 0 otherwise
7770 int smb2_check_sign_req(struct ksmbd_work *work)
7772 struct smb2_hdr *hdr, *hdr_org;
7773 char signature_req[SMB2_SIGNATURE_SIZE];
7774 char signature[SMB2_HMACSHA256_SIZE];
7778 hdr_org = hdr = work->request_buf;
7779 if (work->next_smb2_rcv_hdr_off)
7780 hdr = REQUEST_BUF_NEXT(work);
7782 if (!hdr->NextCommand && !work->next_smb2_rcv_hdr_off)
7783 len = be32_to_cpu(hdr_org->smb2_buf_length);
7784 else if (hdr->NextCommand)
7785 len = le32_to_cpu(hdr->NextCommand);
7787 len = be32_to_cpu(hdr_org->smb2_buf_length) -
7788 work->next_smb2_rcv_hdr_off;
7790 memcpy(signature_req, hdr->Signature, SMB2_SIGNATURE_SIZE);
7791 memset(hdr->Signature, 0, SMB2_SIGNATURE_SIZE);
7793 iov[0].iov_base = (char *)&hdr->ProtocolId;
7794 iov[0].iov_len = len;
7796 if (ksmbd_sign_smb2_pdu(work->conn, work->sess->sess_key, iov, 1,
7800 if (memcmp(signature, signature_req, SMB2_SIGNATURE_SIZE)) {
7801 ksmbd_err("bad smb2 signature\n");
7809 * smb2_set_sign_rsp() - handler for rsp packet sign processing
7810 * @work: smb work containing notify command buffer
7813 void smb2_set_sign_rsp(struct ksmbd_work *work)
7815 struct smb2_hdr *hdr, *hdr_org;
7816 struct smb2_hdr *req_hdr;
7817 char signature[SMB2_HMACSHA256_SIZE];
7822 hdr_org = hdr = work->response_buf;
7823 if (work->next_smb2_rsp_hdr_off)
7824 hdr = RESPONSE_BUF_NEXT(work);
7826 req_hdr = REQUEST_BUF_NEXT(work);
7828 if (!work->next_smb2_rsp_hdr_off) {
7829 len = get_rfc1002_len(hdr_org);
7830 if (req_hdr->NextCommand)
7831 len = ALIGN(len, 8);
7833 len = get_rfc1002_len(hdr_org) - work->next_smb2_rsp_hdr_off;
7834 len = ALIGN(len, 8);
7837 if (req_hdr->NextCommand)
7838 hdr->NextCommand = cpu_to_le32(len);
7840 hdr->Flags |= SMB2_FLAGS_SIGNED;
7841 memset(hdr->Signature, 0, SMB2_SIGNATURE_SIZE);
7843 iov[0].iov_base = (char *)&hdr->ProtocolId;
7844 iov[0].iov_len = len;
7846 if (work->aux_payload_sz) {
7847 iov[0].iov_len -= work->aux_payload_sz;
7849 iov[1].iov_base = work->aux_payload_buf;
7850 iov[1].iov_len = work->aux_payload_sz;
7854 if (!ksmbd_sign_smb2_pdu(work->conn, work->sess->sess_key, iov, n_vec,
7856 memcpy(hdr->Signature, signature, SMB2_SIGNATURE_SIZE);
7860 * smb3_check_sign_req() - handler for req packet sign processing
7861 * @work: smb work containing notify command buffer
7863 * Return: 1 on success, 0 otherwise
7865 int smb3_check_sign_req(struct ksmbd_work *work)
7867 struct ksmbd_conn *conn;
7869 struct smb2_hdr *hdr, *hdr_org;
7870 struct channel *chann;
7871 char signature_req[SMB2_SIGNATURE_SIZE];
7872 char signature[SMB2_CMACAES_SIZE];
7876 hdr_org = hdr = work->request_buf;
7877 if (work->next_smb2_rcv_hdr_off)
7878 hdr = REQUEST_BUF_NEXT(work);
7880 if (!hdr->NextCommand && !work->next_smb2_rcv_hdr_off)
7881 len = be32_to_cpu(hdr_org->smb2_buf_length);
7882 else if (hdr->NextCommand)
7883 len = le32_to_cpu(hdr->NextCommand);
7885 len = be32_to_cpu(hdr_org->smb2_buf_length) -
7886 work->next_smb2_rcv_hdr_off;
7888 if (le16_to_cpu(hdr->Command) == SMB2_SESSION_SETUP_HE) {
7889 signing_key = work->sess->smb3signingkey;
7890 conn = work->sess->conn;
7892 chann = lookup_chann_list(work->sess);
7895 signing_key = chann->smb3signingkey;
7900 ksmbd_err("SMB3 signing key is not generated\n");
7904 memcpy(signature_req, hdr->Signature, SMB2_SIGNATURE_SIZE);
7905 memset(hdr->Signature, 0, SMB2_SIGNATURE_SIZE);
7906 iov[0].iov_base = (char *)&hdr->ProtocolId;
7907 iov[0].iov_len = len;
7909 if (ksmbd_sign_smb3_pdu(conn, signing_key, iov, 1, signature))
7912 if (memcmp(signature, signature_req, SMB2_SIGNATURE_SIZE)) {
7913 ksmbd_err("bad smb2 signature\n");
7921 * smb3_set_sign_rsp() - handler for rsp packet sign processing
7922 * @work: smb work containing notify command buffer
7925 void smb3_set_sign_rsp(struct ksmbd_work *work)
7927 struct ksmbd_conn *conn;
7928 struct smb2_hdr *req_hdr;
7929 struct smb2_hdr *hdr, *hdr_org;
7930 struct channel *chann;
7931 char signature[SMB2_CMACAES_SIZE];
7937 hdr_org = hdr = work->response_buf;
7938 if (work->next_smb2_rsp_hdr_off)
7939 hdr = RESPONSE_BUF_NEXT(work);
7941 req_hdr = REQUEST_BUF_NEXT(work);
7943 if (!work->next_smb2_rsp_hdr_off) {
7944 len = get_rfc1002_len(hdr_org);
7945 if (req_hdr->NextCommand)
7946 len = ALIGN(len, 8);
7948 len = get_rfc1002_len(hdr_org) - work->next_smb2_rsp_hdr_off;
7949 len = ALIGN(len, 8);
7952 if (le16_to_cpu(hdr->Command) == SMB2_SESSION_SETUP_HE) {
7953 signing_key = work->sess->smb3signingkey;
7954 conn = work->sess->conn;
7956 chann = lookup_chann_list(work->sess);
7959 signing_key = chann->smb3signingkey;
7966 if (req_hdr->NextCommand)
7967 hdr->NextCommand = cpu_to_le32(len);
7969 hdr->Flags |= SMB2_FLAGS_SIGNED;
7970 memset(hdr->Signature, 0, SMB2_SIGNATURE_SIZE);
7971 iov[0].iov_base = (char *)&hdr->ProtocolId;
7972 iov[0].iov_len = len;
7973 if (work->aux_payload_sz) {
7974 iov[0].iov_len -= work->aux_payload_sz;
7975 iov[1].iov_base = work->aux_payload_buf;
7976 iov[1].iov_len = work->aux_payload_sz;
7980 if (!ksmbd_sign_smb3_pdu(conn, signing_key, iov, n_vec, signature))
7981 memcpy(hdr->Signature, signature, SMB2_SIGNATURE_SIZE);
7985 * smb3_preauth_hash_rsp() - handler for computing preauth hash on response
7986 * @work: smb work containing response buffer
7989 void smb3_preauth_hash_rsp(struct ksmbd_work *work)
7991 struct ksmbd_conn *conn = work->conn;
7992 struct ksmbd_session *sess = work->sess;
7993 struct smb2_hdr *req, *rsp;
7995 if (conn->dialect != SMB311_PROT_ID)
7998 WORK_BUFFERS(work, req, rsp);
8000 if (le16_to_cpu(req->Command) == SMB2_NEGOTIATE_HE)
8001 ksmbd_gen_preauth_integrity_hash(conn, (char *)rsp,
8002 conn->preauth_info->Preauth_HashValue);
8004 if (le16_to_cpu(rsp->Command) == SMB2_SESSION_SETUP_HE &&
8005 sess && sess->state == SMB2_SESSION_IN_PROGRESS) {
8008 hash_value = sess->Preauth_HashValue;
8009 ksmbd_gen_preauth_integrity_hash(conn, (char *)rsp,
8014 static void fill_transform_hdr(struct smb2_transform_hdr *tr_hdr, char *old_buf,
8017 struct smb2_hdr *hdr = (struct smb2_hdr *)old_buf;
8018 unsigned int orig_len = get_rfc1002_len(old_buf);
8020 memset(tr_hdr, 0, sizeof(struct smb2_transform_hdr));
8021 tr_hdr->ProtocolId = SMB2_TRANSFORM_PROTO_NUM;
8022 tr_hdr->OriginalMessageSize = cpu_to_le32(orig_len);
8023 tr_hdr->Flags = cpu_to_le16(0x01);
8024 if (cipher_type == SMB2_ENCRYPTION_AES128_GCM ||
8025 cipher_type == SMB2_ENCRYPTION_AES256_GCM)
8026 get_random_bytes(&tr_hdr->Nonce, SMB3_AES_GCM_NONCE);
8028 get_random_bytes(&tr_hdr->Nonce, SMB3_AES_CCM_NONCE);
8029 memcpy(&tr_hdr->SessionId, &hdr->SessionId, 8);
8030 inc_rfc1001_len(tr_hdr, sizeof(struct smb2_transform_hdr) - 4);
8031 inc_rfc1001_len(tr_hdr, orig_len);
8034 int smb3_encrypt_resp(struct ksmbd_work *work)
8036 char *buf = work->response_buf;
8037 struct smb2_transform_hdr *tr_hdr;
8040 int buf_size = 0, rq_nvec = 2 + (work->aux_payload_sz ? 1 : 0);
8042 if (ARRAY_SIZE(iov) < rq_nvec)
8045 tr_hdr = kzalloc(sizeof(struct smb2_transform_hdr), GFP_KERNEL);
8049 /* fill transform header */
8050 fill_transform_hdr(tr_hdr, buf, work->conn->cipher_type);
8052 iov[0].iov_base = tr_hdr;
8053 iov[0].iov_len = sizeof(struct smb2_transform_hdr);
8054 buf_size += iov[0].iov_len - 4;
8056 iov[1].iov_base = buf + 4;
8057 iov[1].iov_len = get_rfc1002_len(buf);
8058 if (work->aux_payload_sz) {
8059 iov[1].iov_len = work->resp_hdr_sz - 4;
8061 iov[2].iov_base = work->aux_payload_buf;
8062 iov[2].iov_len = work->aux_payload_sz;
8063 buf_size += iov[2].iov_len;
8065 buf_size += iov[1].iov_len;
8066 work->resp_hdr_sz = iov[1].iov_len;
8068 rc = ksmbd_crypt_message(work->conn, iov, rq_nvec, 1);
8072 memmove(buf, iov[1].iov_base, iov[1].iov_len);
8073 tr_hdr->smb2_buf_length = cpu_to_be32(buf_size);
8074 work->tr_buf = tr_hdr;
8079 int smb3_is_transform_hdr(void *buf)
8081 struct smb2_transform_hdr *trhdr = buf;
8083 return trhdr->ProtocolId == SMB2_TRANSFORM_PROTO_NUM;
8086 int smb3_decrypt_req(struct ksmbd_work *work)
8088 struct ksmbd_conn *conn = work->conn;
8089 struct ksmbd_session *sess;
8090 char *buf = work->request_buf;
8091 struct smb2_hdr *hdr;
8092 unsigned int pdu_length = get_rfc1002_len(buf);
8094 unsigned int buf_data_size = pdu_length + 4 -
8095 sizeof(struct smb2_transform_hdr);
8096 struct smb2_transform_hdr *tr_hdr = (struct smb2_transform_hdr *)buf;
8097 unsigned int orig_len = le32_to_cpu(tr_hdr->OriginalMessageSize);
8100 sess = ksmbd_session_lookup(conn, le64_to_cpu(tr_hdr->SessionId));
8102 ksmbd_err("invalid session id(%llx) in transform header\n",
8103 le64_to_cpu(tr_hdr->SessionId));
8104 return -ECONNABORTED;
8107 if (pdu_length + 4 < sizeof(struct smb2_transform_hdr) +
8108 sizeof(struct smb2_hdr)) {
8109 ksmbd_err("Transform message is too small (%u)\n",
8111 return -ECONNABORTED;
8114 if (pdu_length + 4 < orig_len + sizeof(struct smb2_transform_hdr)) {
8115 ksmbd_err("Transform message is broken\n");
8116 return -ECONNABORTED;
8119 iov[0].iov_base = buf;
8120 iov[0].iov_len = sizeof(struct smb2_transform_hdr);
8121 iov[1].iov_base = buf + sizeof(struct smb2_transform_hdr);
8122 iov[1].iov_len = buf_data_size;
8123 rc = ksmbd_crypt_message(conn, iov, 2, 0);
8127 memmove(buf + 4, iov[1].iov_base, buf_data_size);
8128 hdr = (struct smb2_hdr *)buf;
8129 hdr->smb2_buf_length = cpu_to_be32(buf_data_size);
8134 bool smb3_11_final_sess_setup_resp(struct ksmbd_work *work)
8136 struct ksmbd_conn *conn = work->conn;
8137 struct smb2_hdr *rsp = work->response_buf;
8139 if (conn->dialect < SMB30_PROT_ID)
8142 if (work->next_smb2_rcv_hdr_off)
8143 rsp = RESPONSE_BUF_NEXT(work);
8145 if (le16_to_cpu(rsp->Command) == SMB2_SESSION_SETUP_HE &&
8146 rsp->Status == STATUS_SUCCESS)