1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Copyright (C) 2018 Samsung Electronics Co., Ltd.
4 * Copyright (C) 2018 Namjae Jeon <linkinjeon@kernel.org>
7 #include "smb_common.h"
10 #include "smbstatus.h"
11 #include "connection.h"
12 #include "ksmbd_work.h"
13 #include "mgmt/user_session.h"
14 #include "mgmt/user_config.h"
15 #include "mgmt/tree_connect.h"
16 #include "mgmt/share_config.h"
18 /*for shortname implementation */
19 static const char basechars[43] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_-!@#$%";
20 #define MANGLE_BASE (sizeof(basechars) / sizeof(char) - 1)
21 #define MAGIC_CHAR '~'
23 #define mangle(V) ((char)(basechars[(V) % MANGLE_BASE]))
24 #define KSMBD_MIN_SUPPORTED_HEADER_SIZE (sizeof(struct smb2_hdr))
33 static struct smb_protocol smb1_protos[] = {
48 static struct smb_protocol smb2_protos[] = {
75 unsigned int ksmbd_server_side_copy_max_chunk_count(void)
80 unsigned int ksmbd_server_side_copy_max_chunk_size(void)
82 return (2U << 30) - 1;
85 unsigned int ksmbd_server_side_copy_max_total_size(void)
87 return (2U << 30) - 1;
90 inline int ksmbd_min_protocol(void)
95 inline int ksmbd_max_protocol(void)
100 int ksmbd_lookup_protocol_idx(char *str)
102 int offt = ARRAY_SIZE(smb1_protos) - 1;
103 int len = strlen(str);
106 if (!strncmp(str, smb1_protos[offt].prot, len)) {
107 ksmbd_debug(SMB, "selected %s dialect idx = %d\n",
108 smb1_protos[offt].prot, offt);
109 return smb1_protos[offt].index;
114 offt = ARRAY_SIZE(smb2_protos) - 1;
116 if (!strncmp(str, smb2_protos[offt].prot, len)) {
117 ksmbd_debug(SMB, "selected %s dialect idx = %d\n",
118 smb2_protos[offt].prot, offt);
119 return smb2_protos[offt].index;
127 * ksmbd_verify_smb_message() - check for valid smb2 request header
130 * check for valid smb signature and packet direction(request/response)
132 * Return: 0 on success, otherwise 1
134 int ksmbd_verify_smb_message(struct ksmbd_work *work)
136 struct smb2_hdr *smb2_hdr = work->request_buf;
138 if (smb2_hdr->ProtocolId == SMB2_PROTO_NUMBER)
139 return ksmbd_smb2_check_message(work);
145 * ksmbd_smb_request() - check for valid smb request type
146 * @conn: connection instance
148 * Return: true on success, otherwise false
150 bool ksmbd_smb_request(struct ksmbd_conn *conn)
152 int type = *(char *)conn->request_buf;
155 case RFC1002_SESSION_MESSAGE:
156 /* Regular SMB request */
158 case RFC1002_SESSION_KEEP_ALIVE:
159 ksmbd_debug(SMB, "RFC 1002 session keep alive\n");
162 ksmbd_debug(SMB, "RFC 1002 unknown request type 0x%x\n", type);
168 static bool supported_protocol(int idx)
170 if (idx == SMB2X_PROT &&
171 (server_conf.min_protocol >= SMB21_PROT ||
172 server_conf.max_protocol <= SMB311_PROT))
175 return (server_conf.min_protocol <= idx &&
176 idx <= server_conf.max_protocol);
179 static char *next_dialect(char *dialect, int *next_off)
181 dialect = dialect + *next_off;
182 *next_off = strlen(dialect);
186 static int ksmbd_lookup_dialect_by_name(char *cli_dialects, __le16 byte_count)
188 int i, seq_num, bcount, next;
191 for (i = ARRAY_SIZE(smb1_protos) - 1; i >= 0; i--) {
194 dialect = cli_dialects;
195 bcount = le16_to_cpu(byte_count);
197 dialect = next_dialect(dialect, &next);
198 ksmbd_debug(SMB, "client requested dialect %s\n",
200 if (!strcmp(dialect, smb1_protos[i].name)) {
201 if (supported_protocol(smb1_protos[i].index)) {
203 "selected %s dialect\n",
204 smb1_protos[i].name);
205 if (smb1_protos[i].index == SMB1_PROT)
207 return smb1_protos[i].prot_id;
212 } while (bcount > 0);
218 int ksmbd_lookup_dialect_by_id(__le16 *cli_dialects, __le16 dialects_count)
223 for (i = ARRAY_SIZE(smb2_protos) - 1; i >= 0; i--) {
224 count = le16_to_cpu(dialects_count);
225 while (--count >= 0) {
226 ksmbd_debug(SMB, "client requested dialect 0x%x\n",
227 le16_to_cpu(cli_dialects[count]));
228 if (le16_to_cpu(cli_dialects[count]) !=
229 smb2_protos[i].prot_id)
232 if (supported_protocol(smb2_protos[i].index)) {
233 ksmbd_debug(SMB, "selected %s dialect\n",
234 smb2_protos[i].name);
235 return smb2_protos[i].prot_id;
243 static int ksmbd_negotiate_smb_dialect(void *buf)
247 proto = ((struct smb2_hdr *)buf)->ProtocolId;
248 if (proto == SMB2_PROTO_NUMBER) {
249 struct smb2_negotiate_req *req;
251 req = (struct smb2_negotiate_req *)buf;
252 return ksmbd_lookup_dialect_by_id(req->Dialects,
256 proto = *(__le32 *)((struct smb_hdr *)buf)->Protocol;
257 if (proto == SMB1_PROTO_NUMBER) {
258 struct smb_negotiate_req *req;
260 req = (struct smb_negotiate_req *)buf;
261 return ksmbd_lookup_dialect_by_name(req->DialectsArray,
268 #define SMB_COM_NEGOTIATE 0x72
269 int ksmbd_init_smb_server(struct ksmbd_work *work)
271 struct ksmbd_conn *conn = work->conn;
273 if (conn->need_neg == false)
276 init_smb3_11_server(conn);
278 if (conn->ops->get_cmd_val(work) != SMB_COM_NEGOTIATE)
279 conn->need_neg = false;
283 bool ksmbd_pdu_size_has_room(unsigned int pdu)
285 return (pdu >= KSMBD_MIN_SUPPORTED_HEADER_SIZE - 4);
288 int ksmbd_populate_dot_dotdot_entries(struct ksmbd_work *work, int info_level,
289 struct ksmbd_file *dir,
290 struct ksmbd_dir_info *d_info,
291 char *search_pattern,
292 int (*fn)(struct ksmbd_conn *, int,
293 struct ksmbd_dir_info *,
294 struct user_namespace *,
295 struct ksmbd_kstat *))
298 struct ksmbd_conn *conn = work->conn;
299 struct user_namespace *user_ns = file_mnt_user_ns(dir->filp);
301 for (i = 0; i < 2; i++) {
303 struct ksmbd_kstat ksmbd_kstat;
305 if (!dir->dot_dotdot[i]) { /* fill dot entry info */
308 d_info->name_len = 1;
311 d_info->name_len = 2;
314 if (!match_pattern(d_info->name, d_info->name_len,
316 dir->dot_dotdot[i] = 1;
320 ksmbd_kstat.kstat = &kstat;
321 ksmbd_vfs_fill_dentry_attrs(work,
323 dir->filp->f_path.dentry->d_parent,
325 rc = fn(conn, info_level, d_info,
326 user_ns, &ksmbd_kstat);
329 if (d_info->out_buf_len <= 0)
332 dir->dot_dotdot[i] = 1;
333 if (d_info->flags & SMB2_RETURN_SINGLE_ENTRY) {
334 d_info->out_buf_len = 0;
344 * ksmbd_extract_shortname() - get shortname from long filename
345 * @conn: connection instance
346 * @longname: source long filename
347 * @shortname: destination short filename
349 * Return: shortname length or 0 when source long name is '.' or '..'
350 * TODO: Though this function comforms the restriction of 8.3 Filename spec,
351 * but the result is different with Windows 7's one. need to check.
353 int ksmbd_extract_shortname(struct ksmbd_conn *conn, const char *longname,
357 char base[9], extension[4];
360 int extlen = 0, len = 0;
361 unsigned int csum = 0;
362 const unsigned char *ptr;
363 bool dot_present = true;
366 if ((*p == '.') || (!(strcmp(p, "..")))) {
367 /*no mangling required */
371 p = strrchr(longname, '.');
372 if (p == longname) { /*name starts with a dot*/
373 strscpy(extension, "___", strlen("___"));
377 while (*p && extlen < 3) {
379 extension[extlen++] = toupper(*p);
382 extension[extlen] = '\0';
393 while (*p && (baselen < 5)) {
395 base[baselen++] = toupper(*p);
399 base[baselen] = MAGIC_CHAR;
400 memcpy(out, base, baselen + 1);
403 len = strlen(longname);
404 for (; len > 0; len--, ptr++)
407 csum = csum % (MANGLE_BASE * MANGLE_BASE);
408 out[baselen + 1] = mangle(csum / MANGLE_BASE);
409 out[baselen + 2] = mangle(csum);
410 out[baselen + 3] = PERIOD;
413 memcpy(&out[baselen + 4], extension, 4);
415 out[baselen + 4] = '\0';
416 smbConvertToUTF16((__le16 *)shortname, out, PATH_MAX,
418 len = strlen(out) * 2;
422 static int __smb2_negotiate(struct ksmbd_conn *conn)
424 return (conn->dialect >= SMB20_PROT_ID &&
425 conn->dialect <= SMB311_PROT_ID);
428 static int smb_handle_negotiate(struct ksmbd_work *work)
430 struct smb_negotiate_rsp *neg_rsp = work->response_buf;
432 ksmbd_debug(SMB, "Unsupported SMB protocol\n");
433 neg_rsp->hdr.Status.CifsError = STATUS_INVALID_LOGON_TYPE;
437 int ksmbd_smb_negotiate_common(struct ksmbd_work *work, unsigned int command)
439 struct ksmbd_conn *conn = work->conn;
442 conn->dialect = ksmbd_negotiate_smb_dialect(work->request_buf);
443 ksmbd_debug(SMB, "conn->dialect 0x%x\n", conn->dialect);
445 if (command == SMB2_NEGOTIATE_HE) {
446 struct smb2_hdr *smb2_hdr = work->request_buf;
448 if (smb2_hdr->ProtocolId != SMB2_PROTO_NUMBER) {
449 ksmbd_debug(SMB, "Downgrade to SMB1 negotiation\n");
450 command = SMB_COM_NEGOTIATE;
454 if (command == SMB2_NEGOTIATE_HE) {
455 ret = smb2_handle_negotiate(work);
456 init_smb2_neg_rsp(work);
460 if (command == SMB_COM_NEGOTIATE) {
461 if (__smb2_negotiate(conn)) {
462 conn->need_neg = true;
463 init_smb3_11_server(conn);
464 init_smb2_neg_rsp(work);
465 ksmbd_debug(SMB, "Upgrade to SMB2 negotiation\n");
468 return smb_handle_negotiate(work);
471 pr_err("Unknown SMB negotiation command: %u\n", command);
475 enum SHARED_MODE_ERRORS {
484 static const char * const shared_mode_errors[] = {
485 "Current access mode does not permit SHARE_DELETE",
486 "Current access mode does not permit SHARE_READ",
487 "Current access mode does not permit SHARE_WRITE",
488 "Desired access mode does not permit FILE_READ",
489 "Desired access mode does not permit FILE_WRITE",
490 "Desired access mode does not permit FILE_DELETE",
493 static void smb_shared_mode_error(int error, struct ksmbd_file *prev_fp,
494 struct ksmbd_file *curr_fp)
496 ksmbd_debug(SMB, "%s\n", shared_mode_errors[error]);
497 ksmbd_debug(SMB, "Current mode: 0x%x Desired mode: 0x%x\n",
498 prev_fp->saccess, curr_fp->daccess);
501 int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp)
504 struct ksmbd_file *prev_fp;
507 * Lookup fp in master fp list, and check desired access and
508 * shared mode between previous open and current open.
510 read_lock(&curr_fp->f_ci->m_lock);
511 list_for_each_entry(prev_fp, &curr_fp->f_ci->m_fp_list, node) {
512 if (file_inode(filp) != file_inode(prev_fp->filp))
515 if (filp == prev_fp->filp)
518 if (ksmbd_stream_fd(prev_fp) && ksmbd_stream_fd(curr_fp))
519 if (strcmp(prev_fp->stream.name, curr_fp->stream.name))
522 if (prev_fp->attrib_only != curr_fp->attrib_only)
525 if (!(prev_fp->saccess & FILE_SHARE_DELETE_LE) &&
526 curr_fp->daccess & FILE_DELETE_LE) {
527 smb_shared_mode_error(SHARE_DELETE_ERROR,
535 * Only check FILE_SHARE_DELETE if stream opened and
536 * normal file opened.
538 if (ksmbd_stream_fd(prev_fp) && !ksmbd_stream_fd(curr_fp))
541 if (!(prev_fp->saccess & FILE_SHARE_READ_LE) &&
542 curr_fp->daccess & (FILE_EXECUTE_LE | FILE_READ_DATA_LE)) {
543 smb_shared_mode_error(SHARE_READ_ERROR,
550 if (!(prev_fp->saccess & FILE_SHARE_WRITE_LE) &&
551 curr_fp->daccess & (FILE_WRITE_DATA_LE | FILE_APPEND_DATA_LE)) {
552 smb_shared_mode_error(SHARE_WRITE_ERROR,
559 if (prev_fp->daccess & (FILE_EXECUTE_LE | FILE_READ_DATA_LE) &&
560 !(curr_fp->saccess & FILE_SHARE_READ_LE)) {
561 smb_shared_mode_error(FILE_READ_ERROR,
568 if (prev_fp->daccess & (FILE_WRITE_DATA_LE | FILE_APPEND_DATA_LE) &&
569 !(curr_fp->saccess & FILE_SHARE_WRITE_LE)) {
570 smb_shared_mode_error(FILE_WRITE_ERROR,
577 if (prev_fp->daccess & FILE_DELETE_LE &&
578 !(curr_fp->saccess & FILE_SHARE_DELETE_LE)) {
579 smb_shared_mode_error(FILE_DELETE_ERROR,
586 read_unlock(&curr_fp->f_ci->m_lock);
591 bool is_asterisk(char *p)
593 return p && p[0] == '*';
596 int ksmbd_override_fsids(struct ksmbd_work *work)
598 struct ksmbd_session *sess = work->sess;
599 struct ksmbd_share_config *share = work->tcon->share_conf;
601 struct group_info *gi;
605 uid = user_uid(sess->user);
606 gid = user_gid(sess->user);
607 if (share->force_uid != KSMBD_SHARE_INVALID_UID)
608 uid = share->force_uid;
609 if (share->force_gid != KSMBD_SHARE_INVALID_GID)
610 gid = share->force_gid;
612 cred = prepare_kernel_cred(NULL);
616 cred->fsuid = make_kuid(current_user_ns(), uid);
617 cred->fsgid = make_kgid(current_user_ns(), gid);
619 gi = groups_alloc(0);
624 set_groups(cred, gi);
627 if (!uid_eq(cred->fsuid, GLOBAL_ROOT_UID))
628 cred->cap_effective = cap_drop_fs_set(cred->cap_effective);
630 WARN_ON(work->saved_cred);
631 work->saved_cred = override_creds(cred);
632 if (!work->saved_cred) {
639 void ksmbd_revert_fsids(struct ksmbd_work *work)
641 const struct cred *cred;
643 WARN_ON(!work->saved_cred);
645 cred = current_cred();
646 revert_creds(work->saved_cred);
648 work->saved_cred = NULL;
651 __le32 smb_map_generic_desired_access(__le32 daccess)
653 if (daccess & FILE_GENERIC_READ_LE) {
654 daccess |= cpu_to_le32(GENERIC_READ_FLAGS);
655 daccess &= ~FILE_GENERIC_READ_LE;
658 if (daccess & FILE_GENERIC_WRITE_LE) {
659 daccess |= cpu_to_le32(GENERIC_WRITE_FLAGS);
660 daccess &= ~FILE_GENERIC_WRITE_LE;
663 if (daccess & FILE_GENERIC_EXECUTE_LE) {
664 daccess |= cpu_to_le32(GENERIC_EXECUTE_FLAGS);
665 daccess &= ~FILE_GENERIC_EXECUTE_LE;
668 if (daccess & FILE_GENERIC_ALL_LE) {
669 daccess |= cpu_to_le32(GENERIC_ALL_FLAGS);
670 daccess &= ~FILE_GENERIC_ALL_LE;