1 /*
2  *   Contains the CIFS DFS referral mounting routines used for handling
3  *   traversal via DFS junction point
4  *
5  *   Copyright (c) 2007 Igor Mammedov
6  *   Copyright (C) International Business Machines  Corp., 2008
7  *   Author(s): Igor Mammedov (niallain@gmail.com)
8  *		Steve French (sfrench@us.ibm.com)
9  *   This program is free software; you can redistribute it and/or
10  *   modify it under the terms of the GNU General Public License
11  *   as published by the Free Software Foundation; either version
12  *   2 of the License, or (at your option) any later version.
13  */
14 
15 #include <linux/dcache.h>
16 #include <linux/mount.h>
17 #include <linux/namei.h>
18 #include <linux/slab.h>
19 #include <linux/vfs.h>
20 #include <linux/fs.h>
21 #include <linux/inet.h>
22 #include "cifsglob.h"
23 #include "cifsproto.h"
24 #include "cifsfs.h"
25 #include "dns_resolve.h"
26 #include "cifs_debug.h"
27 #include "cifs_unicode.h"
28 
29 static LIST_HEAD(cifs_dfs_automount_list);
30 
31 static void cifs_dfs_expire_automounts(struct work_struct *work);
32 static DECLARE_DELAYED_WORK(cifs_dfs_automount_task,
33 			    cifs_dfs_expire_automounts);
34 static int cifs_dfs_mountpoint_expiry_timeout = 500 * HZ;
35 
cifs_dfs_expire_automounts(struct work_struct * work)36 static void cifs_dfs_expire_automounts(struct work_struct *work)
37 {
38 	struct list_head *list = &cifs_dfs_automount_list;
39 
40 	mark_mounts_for_expiry(list);
41 	if (!list_empty(list))
42 		schedule_delayed_work(&cifs_dfs_automount_task,
43 				      cifs_dfs_mountpoint_expiry_timeout);
44 }
45 
cifs_dfs_release_automount_timer(void)46 void cifs_dfs_release_automount_timer(void)
47 {
48 	BUG_ON(!list_empty(&cifs_dfs_automount_list));
49 	cancel_delayed_work_sync(&cifs_dfs_automount_task);
50 }
51 
52 /**
53  * cifs_build_devname - build a devicename from a UNC and optional prepath
54  * @nodename:	pointer to UNC string
55  * @prepath:	pointer to prefixpath (or NULL if there isn't one)
56  *
57  * Build a new cifs devicename after chasing a DFS referral. Allocate a buffer
58  * big enough to hold the final thing. Copy the UNC from the nodename, and
59  * concatenate the prepath onto the end of it if there is one.
60  *
61  * Returns pointer to the built string, or a ERR_PTR. Caller is responsible
62  * for freeing the returned string.
63  */
64 static char *
cifs_build_devname(char * nodename,const char * prepath)65 cifs_build_devname(char *nodename, const char *prepath)
66 {
67 	size_t pplen;
68 	size_t unclen;
69 	char *dev;
70 	char *pos;
71 
72 	/* skip over any preceding delimiters */
73 	nodename += strspn(nodename, "\\");
74 	if (!*nodename)
75 		return ERR_PTR(-EINVAL);
76 
77 	/* get length of UNC and set pos to last char */
78 	unclen = strlen(nodename);
79 	pos = nodename + unclen - 1;
80 
81 	/* trim off any trailing delimiters */
82 	while (*pos == '\\') {
83 		--pos;
84 		--unclen;
85 	}
86 
87 	/* allocate a buffer:
88 	 * +2 for preceding "//"
89 	 * +1 for delimiter between UNC and prepath
90 	 * +1 for trailing NULL
91 	 */
92 	pplen = prepath ? strlen(prepath) : 0;
93 	dev = kmalloc(2 + unclen + 1 + pplen + 1, GFP_KERNEL);
94 	if (!dev)
95 		return ERR_PTR(-ENOMEM);
96 
97 	pos = dev;
98 	/* add the initial "//" */
99 	*pos = '/';
100 	++pos;
101 	*pos = '/';
102 	++pos;
103 
104 	/* copy in the UNC portion from referral */
105 	memcpy(pos, nodename, unclen);
106 	pos += unclen;
107 
108 	/* copy the prefixpath remainder (if there is one) */
109 	if (pplen) {
110 		*pos = '/';
111 		++pos;
112 		memcpy(pos, prepath, pplen);
113 		pos += pplen;
114 	}
115 
116 	/* NULL terminator */
117 	*pos = '\0';
118 
119 	convert_delimiter(dev, '/');
120 	return dev;
121 }
122 
123 
124 /**
125  * cifs_compose_mount_options	-	creates mount options for refferral
126  * @sb_mountdata:	parent/root DFS mount options (template)
127  * @fullpath:		full path in UNC format
128  * @ref:		server's referral
129  * @devname:		pointer for saving device name
130  *
131  * creates mount options for submount based on template options sb_mountdata
132  * and replacing unc,ip,prefixpath options with ones we've got form ref_unc.
133  *
134  * Returns: pointer to new mount options or ERR_PTR.
135  * Caller is responcible for freeing retunrned value if it is not error.
136  */
cifs_compose_mount_options(const char * sb_mountdata,const char * fullpath,const struct dfs_info3_param * ref,char ** devname)137 char *cifs_compose_mount_options(const char *sb_mountdata,
138 				   const char *fullpath,
139 				   const struct dfs_info3_param *ref,
140 				   char **devname)
141 {
142 	int rc;
143 	char *mountdata = NULL;
144 	const char *prepath = NULL;
145 	int md_len;
146 	char *tkn_e;
147 	char *srvIP = NULL;
148 	char sep = ',';
149 	int off, noff;
150 
151 	if (sb_mountdata == NULL)
152 		return ERR_PTR(-EINVAL);
153 
154 	if (strlen(fullpath) - ref->path_consumed) {
155 		prepath = fullpath + ref->path_consumed;
156 		/* skip initial delimiter */
157 		if (*prepath == '/' || *prepath == '\\')
158 			prepath++;
159 	}
160 
161 	*devname = cifs_build_devname(ref->node_name, prepath);
162 	if (IS_ERR(*devname)) {
163 		rc = PTR_ERR(*devname);
164 		*devname = NULL;
165 		goto compose_mount_options_err;
166 	}
167 
168 	rc = dns_resolve_server_name_to_ip(*devname, &srvIP);
169 	if (rc < 0) {
170 		cifs_dbg(FYI, "%s: Failed to resolve server part of %s to IP: %d\n",
171 			 __func__, *devname, rc);
172 		goto compose_mount_options_err;
173 	}
174 
175 	/*
176 	 * In most cases, we'll be building a shorter string than the original,
177 	 * but we do have to assume that the address in the ip= option may be
178 	 * much longer than the original. Add the max length of an address
179 	 * string to the length of the original string to allow for worst case.
180 	 */
181 	md_len = strlen(sb_mountdata) + INET6_ADDRSTRLEN;
182 	mountdata = kzalloc(md_len + sizeof("ip=") + 1, GFP_KERNEL);
183 	if (mountdata == NULL) {
184 		rc = -ENOMEM;
185 		goto compose_mount_options_err;
186 	}
187 
188 	/* copy all options except of unc,ip,prefixpath */
189 	off = 0;
190 	if (strncmp(sb_mountdata, "sep=", 4) == 0) {
191 			sep = sb_mountdata[4];
192 			strncpy(mountdata, sb_mountdata, 5);
193 			off += 5;
194 	}
195 
196 	do {
197 		tkn_e = strchr(sb_mountdata + off, sep);
198 		if (tkn_e == NULL)
199 			noff = strlen(sb_mountdata + off);
200 		else
201 			noff = tkn_e - (sb_mountdata + off) + 1;
202 
203 		if (strncasecmp(sb_mountdata + off, "unc=", 4) == 0) {
204 			off += noff;
205 			continue;
206 		}
207 		if (strncasecmp(sb_mountdata + off, "ip=", 3) == 0) {
208 			off += noff;
209 			continue;
210 		}
211 		if (strncasecmp(sb_mountdata + off, "prefixpath=", 11) == 0) {
212 			off += noff;
213 			continue;
214 		}
215 		strncat(mountdata, sb_mountdata + off, noff);
216 		off += noff;
217 	} while (tkn_e);
218 	strcat(mountdata, sb_mountdata + off);
219 	mountdata[md_len] = '\0';
220 
221 	/* copy new IP and ref share name */
222 	if (mountdata[strlen(mountdata) - 1] != sep)
223 		strncat(mountdata, &sep, 1);
224 	strcat(mountdata, "ip=");
225 	strcat(mountdata, srvIP);
226 
227 	/*cifs_dbg(FYI, "%s: parent mountdata: %s\n", __func__, sb_mountdata);*/
228 	/*cifs_dbg(FYI, "%s: submount mountdata: %s\n", __func__, mountdata );*/
229 
230 compose_mount_options_out:
231 	kfree(srvIP);
232 	return mountdata;
233 
234 compose_mount_options_err:
235 	kfree(mountdata);
236 	mountdata = ERR_PTR(rc);
237 	kfree(*devname);
238 	*devname = NULL;
239 	goto compose_mount_options_out;
240 }
241 
242 /**
243  * cifs_dfs_do_refmount - mounts specified path using provided refferal
244  * @cifs_sb:		parent/root superblock
245  * @fullpath:		full path in UNC format
246  * @ref:		server's referral
247  */
cifs_dfs_do_refmount(struct dentry * mntpt,struct cifs_sb_info * cifs_sb,const char * fullpath,const struct dfs_info3_param * ref)248 static struct vfsmount *cifs_dfs_do_refmount(struct dentry *mntpt,
249 		struct cifs_sb_info *cifs_sb,
250 		const char *fullpath, const struct dfs_info3_param *ref)
251 {
252 	struct vfsmount *mnt;
253 	char *mountdata;
254 	char *devname = NULL;
255 
256 	/* strip first '\' from fullpath */
257 	mountdata = cifs_compose_mount_options(cifs_sb->mountdata,
258 			fullpath + 1, ref, &devname);
259 
260 	if (IS_ERR(mountdata))
261 		return (struct vfsmount *)mountdata;
262 
263 	mnt = vfs_submount(mntpt, &cifs_fs_type, devname, mountdata);
264 	kfree(mountdata);
265 	kfree(devname);
266 	return mnt;
267 
268 }
269 
dump_referral(const struct dfs_info3_param * ref)270 static void dump_referral(const struct dfs_info3_param *ref)
271 {
272 	cifs_dbg(FYI, "DFS: ref path: %s\n", ref->path_name);
273 	cifs_dbg(FYI, "DFS: node path: %s\n", ref->node_name);
274 	cifs_dbg(FYI, "DFS: fl: %hd, srv_type: %hd\n",
275 		 ref->flags, ref->server_type);
276 	cifs_dbg(FYI, "DFS: ref_flags: %hd, path_consumed: %hd\n",
277 		 ref->ref_flag, ref->path_consumed);
278 }
279 
280 /*
281  * Create a vfsmount that we can automount
282  */
cifs_dfs_do_automount(struct dentry * mntpt)283 static struct vfsmount *cifs_dfs_do_automount(struct dentry *mntpt)
284 {
285 	struct dfs_info3_param *referrals = NULL;
286 	unsigned int num_referrals = 0;
287 	struct cifs_sb_info *cifs_sb;
288 	struct cifs_ses *ses;
289 	char *full_path;
290 	unsigned int xid;
291 	int i;
292 	int rc;
293 	struct vfsmount *mnt;
294 	struct tcon_link *tlink;
295 
296 	cifs_dbg(FYI, "in %s\n", __func__);
297 	BUG_ON(IS_ROOT(mntpt));
298 
299 	/*
300 	 * The MSDFS spec states that paths in DFS referral requests and
301 	 * responses must be prefixed by a single '\' character instead of
302 	 * the double backslashes usually used in the UNC. This function
303 	 * gives us the latter, so we must adjust the result.
304 	 */
305 	mnt = ERR_PTR(-ENOMEM);
306 
307 	/* always use tree name prefix */
308 	full_path = build_path_from_dentry_optional_prefix(mntpt, true);
309 	if (full_path == NULL)
310 		goto cdda_exit;
311 
312 	cifs_sb = CIFS_SB(mntpt->d_sb);
313 	tlink = cifs_sb_tlink(cifs_sb);
314 	if (IS_ERR(tlink)) {
315 		mnt = ERR_CAST(tlink);
316 		goto free_full_path;
317 	}
318 	ses = tlink_tcon(tlink)->ses;
319 
320 	xid = get_xid();
321 	rc = get_dfs_path(xid, ses, full_path + 1, cifs_sb->local_nls,
322 		&num_referrals, &referrals,
323 		cifs_remap(cifs_sb));
324 	free_xid(xid);
325 
326 	cifs_put_tlink(tlink);
327 
328 	mnt = ERR_PTR(-ENOENT);
329 	for (i = 0; i < num_referrals; i++) {
330 		int len;
331 		dump_referral(referrals + i);
332 		/* connect to a node */
333 		len = strlen(referrals[i].node_name);
334 		if (len < 2) {
335 			cifs_dbg(VFS, "%s: Net Address path too short: %s\n",
336 				 __func__, referrals[i].node_name);
337 			mnt = ERR_PTR(-EINVAL);
338 			break;
339 		}
340 		mnt = cifs_dfs_do_refmount(mntpt, cifs_sb,
341 				full_path, referrals + i);
342 		cifs_dbg(FYI, "%s: cifs_dfs_do_refmount:%s , mnt:%p\n",
343 			 __func__, referrals[i].node_name, mnt);
344 		if (!IS_ERR(mnt))
345 			goto success;
346 	}
347 
348 	/* no valid submounts were found; return error from get_dfs_path() by
349 	 * preference */
350 	if (rc != 0)
351 		mnt = ERR_PTR(rc);
352 
353 success:
354 	free_dfs_info_array(referrals, num_referrals);
355 free_full_path:
356 	kfree(full_path);
357 cdda_exit:
358 	cifs_dbg(FYI, "leaving %s\n" , __func__);
359 	return mnt;
360 }
361 
362 /*
363  * Attempt to automount the referral
364  */
cifs_dfs_d_automount(struct path * path)365 struct vfsmount *cifs_dfs_d_automount(struct path *path)
366 {
367 	struct vfsmount *newmnt;
368 
369 	cifs_dbg(FYI, "in %s\n", __func__);
370 
371 	newmnt = cifs_dfs_do_automount(path->dentry);
372 	if (IS_ERR(newmnt)) {
373 		cifs_dbg(FYI, "leaving %s [automount failed]\n" , __func__);
374 		return newmnt;
375 	}
376 
377 	mntget(newmnt); /* prevent immediate expiration */
378 	mnt_set_expiry(newmnt, &cifs_dfs_automount_list);
379 	schedule_delayed_work(&cifs_dfs_automount_task,
380 			      cifs_dfs_mountpoint_expiry_timeout);
381 	cifs_dbg(FYI, "leaving %s [ok]\n" , __func__);
382 	return newmnt;
383 }
384 
385 const struct inode_operations cifs_dfs_referral_inode_operations = {
386 };
387