1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Contains the CIFS DFS referral mounting routines used for handling
4 * traversal via DFS junction point
5 *
6 * Copyright (c) 2007 Igor Mammedov
7 * Copyright (C) International Business Machines Corp., 2008
8 * Author(s): Igor Mammedov (niallain@gmail.com)
9 * Steve French (sfrench@us.ibm.com)
10 */
11
12 #include <linux/dcache.h>
13 #include <linux/mount.h>
14 #include <linux/namei.h>
15 #include <linux/slab.h>
16 #include <linux/vfs.h>
17 #include <linux/fs.h>
18 #include <linux/inet.h>
19 #include "cifsglob.h"
20 #include "cifsproto.h"
21 #include "cifsfs.h"
22 #include "dns_resolve.h"
23 #include "cifs_debug.h"
24 #include "cifs_unicode.h"
25 #include "dfs_cache.h"
26
27 static LIST_HEAD(cifs_dfs_automount_list);
28
29 static void cifs_dfs_expire_automounts(struct work_struct *work);
30 static DECLARE_DELAYED_WORK(cifs_dfs_automount_task,
31 cifs_dfs_expire_automounts);
32 static int cifs_dfs_mountpoint_expiry_timeout = 500 * HZ;
33
cifs_dfs_expire_automounts(struct work_struct * work)34 static void cifs_dfs_expire_automounts(struct work_struct *work)
35 {
36 struct list_head *list = &cifs_dfs_automount_list;
37
38 mark_mounts_for_expiry(list);
39 if (!list_empty(list))
40 schedule_delayed_work(&cifs_dfs_automount_task,
41 cifs_dfs_mountpoint_expiry_timeout);
42 }
43
cifs_dfs_release_automount_timer(void)44 void cifs_dfs_release_automount_timer(void)
45 {
46 BUG_ON(!list_empty(&cifs_dfs_automount_list));
47 cancel_delayed_work_sync(&cifs_dfs_automount_task);
48 }
49
50 /**
51 * cifs_build_devname - build a devicename from a UNC and optional prepath
52 * @nodename: pointer to UNC string
53 * @prepath: pointer to prefixpath (or NULL if there isn't one)
54 *
55 * Build a new cifs devicename after chasing a DFS referral. Allocate a buffer
56 * big enough to hold the final thing. Copy the UNC from the nodename, and
57 * concatenate the prepath onto the end of it if there is one.
58 *
59 * Returns pointer to the built string, or a ERR_PTR. Caller is responsible
60 * for freeing the returned string.
61 */
62 static char *
cifs_build_devname(char * nodename,const char * prepath)63 cifs_build_devname(char *nodename, const char *prepath)
64 {
65 size_t pplen;
66 size_t unclen;
67 char *dev;
68 char *pos;
69
70 /* skip over any preceding delimiters */
71 nodename += strspn(nodename, "\\");
72 if (!*nodename)
73 return ERR_PTR(-EINVAL);
74
75 /* get length of UNC and set pos to last char */
76 unclen = strlen(nodename);
77 pos = nodename + unclen - 1;
78
79 /* trim off any trailing delimiters */
80 while (*pos == '\\') {
81 --pos;
82 --unclen;
83 }
84
85 /* allocate a buffer:
86 * +2 for preceding "//"
87 * +1 for delimiter between UNC and prepath
88 * +1 for trailing NULL
89 */
90 pplen = prepath ? strlen(prepath) : 0;
91 dev = kmalloc(2 + unclen + 1 + pplen + 1, GFP_KERNEL);
92 if (!dev)
93 return ERR_PTR(-ENOMEM);
94
95 pos = dev;
96 /* add the initial "//" */
97 *pos = '/';
98 ++pos;
99 *pos = '/';
100 ++pos;
101
102 /* copy in the UNC portion from referral */
103 memcpy(pos, nodename, unclen);
104 pos += unclen;
105
106 /* copy the prefixpath remainder (if there is one) */
107 if (pplen) {
108 *pos = '/';
109 ++pos;
110 memcpy(pos, prepath, pplen);
111 pos += pplen;
112 }
113
114 /* NULL terminator */
115 *pos = '\0';
116
117 convert_delimiter(dev, '/');
118 return dev;
119 }
120
121
122 /**
123 * cifs_compose_mount_options - creates mount options for referral
124 * @sb_mountdata: parent/root DFS mount options (template)
125 * @fullpath: full path in UNC format
126 * @ref: optional server's referral
127 * @devname: optional pointer for saving device name
128 *
129 * creates mount options for submount based on template options sb_mountdata
130 * and replacing unc,ip,prefixpath options with ones we've got form ref_unc.
131 *
132 * Returns: pointer to new mount options or ERR_PTR.
133 * Caller is responsible for freeing returned value if it is not error.
134 */
cifs_compose_mount_options(const char * sb_mountdata,const char * fullpath,const struct dfs_info3_param * ref,char ** devname)135 char *cifs_compose_mount_options(const char *sb_mountdata,
136 const char *fullpath,
137 const struct dfs_info3_param *ref,
138 char **devname)
139 {
140 int rc;
141 char *name;
142 char *mountdata = NULL;
143 const char *prepath = NULL;
144 int md_len;
145 char *tkn_e;
146 char *srvIP = NULL;
147 char sep = ',';
148 int off, noff;
149
150 if (sb_mountdata == NULL)
151 return ERR_PTR(-EINVAL);
152
153 if (ref) {
154 if (strlen(fullpath) - ref->path_consumed) {
155 prepath = fullpath + ref->path_consumed;
156 /* skip initial delimiter */
157 if (*prepath == '/' || *prepath == '\\')
158 prepath++;
159 }
160
161 name = cifs_build_devname(ref->node_name, prepath);
162 if (IS_ERR(name)) {
163 rc = PTR_ERR(name);
164 name = NULL;
165 goto compose_mount_options_err;
166 }
167 } else {
168 name = cifs_build_devname((char *)fullpath, NULL);
169 if (IS_ERR(name)) {
170 rc = PTR_ERR(name);
171 name = NULL;
172 goto compose_mount_options_err;
173 }
174 }
175
176 rc = dns_resolve_server_name_to_ip(name, &srvIP);
177 if (rc < 0) {
178 cifs_dbg(FYI, "%s: Failed to resolve server part of %s to IP: %d\n",
179 __func__, name, rc);
180 goto compose_mount_options_err;
181 }
182
183 /*
184 * In most cases, we'll be building a shorter string than the original,
185 * but we do have to assume that the address in the ip= option may be
186 * much longer than the original. Add the max length of an address
187 * string to the length of the original string to allow for worst case.
188 */
189 md_len = strlen(sb_mountdata) + INET6_ADDRSTRLEN;
190 mountdata = kzalloc(md_len + sizeof("ip=") + 1, GFP_KERNEL);
191 if (mountdata == NULL) {
192 rc = -ENOMEM;
193 goto compose_mount_options_err;
194 }
195
196 /* copy all options except of unc,ip,prefixpath */
197 off = 0;
198 if (strncmp(sb_mountdata, "sep=", 4) == 0) {
199 sep = sb_mountdata[4];
200 strncpy(mountdata, sb_mountdata, 5);
201 off += 5;
202 }
203
204 do {
205 tkn_e = strchr(sb_mountdata + off, sep);
206 if (tkn_e == NULL)
207 noff = strlen(sb_mountdata + off);
208 else
209 noff = tkn_e - (sb_mountdata + off) + 1;
210
211 if (strncasecmp(sb_mountdata + off, "unc=", 4) == 0) {
212 off += noff;
213 continue;
214 }
215 if (strncasecmp(sb_mountdata + off, "ip=", 3) == 0) {
216 off += noff;
217 continue;
218 }
219 if (strncasecmp(sb_mountdata + off, "prefixpath=", 11) == 0) {
220 off += noff;
221 continue;
222 }
223 strncat(mountdata, sb_mountdata + off, noff);
224 off += noff;
225 } while (tkn_e);
226 strcat(mountdata, sb_mountdata + off);
227 mountdata[md_len] = '\0';
228
229 /* copy new IP and ref share name */
230 if (mountdata[strlen(mountdata) - 1] != sep)
231 strncat(mountdata, &sep, 1);
232 strcat(mountdata, "ip=");
233 strcat(mountdata, srvIP);
234
235 if (devname)
236 *devname = name;
237 else
238 kfree(name);
239
240 /*cifs_dbg(FYI, "%s: parent mountdata: %s\n", __func__, sb_mountdata);*/
241 /*cifs_dbg(FYI, "%s: submount mountdata: %s\n", __func__, mountdata );*/
242
243 compose_mount_options_out:
244 kfree(srvIP);
245 return mountdata;
246
247 compose_mount_options_err:
248 kfree(mountdata);
249 mountdata = ERR_PTR(rc);
250 kfree(name);
251 goto compose_mount_options_out;
252 }
253
254 /**
255 * cifs_dfs_do_mount - mounts specified path using DFS full path
256 *
257 * Always pass down @fullpath to smb3_do_mount() so we can use the root server
258 * to perform failover in case we failed to connect to the first target in the
259 * referral.
260 *
261 * @cifs_sb: parent/root superblock
262 * @fullpath: full path in UNC format
263 */
cifs_dfs_do_mount(struct dentry * mntpt,struct cifs_sb_info * cifs_sb,const char * fullpath)264 static struct vfsmount *cifs_dfs_do_mount(struct dentry *mntpt,
265 struct cifs_sb_info *cifs_sb,
266 const char *fullpath)
267 {
268 struct vfsmount *mnt;
269 char *mountdata;
270 char *devname;
271
272 devname = kstrndup(fullpath, strlen(fullpath), GFP_KERNEL);
273 if (!devname)
274 return ERR_PTR(-ENOMEM);
275
276 convert_delimiter(devname, '/');
277
278 /* strip first '\' from fullpath */
279 mountdata = cifs_compose_mount_options(cifs_sb->mountdata,
280 fullpath + 1, NULL, NULL);
281 if (IS_ERR(mountdata)) {
282 kfree(devname);
283 return (struct vfsmount *)mountdata;
284 }
285
286 mnt = vfs_submount(mntpt, &cifs_fs_type, devname, mountdata);
287 kfree(mountdata);
288 kfree(devname);
289 return mnt;
290 }
291
292 /*
293 * Create a vfsmount that we can automount
294 */
cifs_dfs_do_automount(struct dentry * mntpt)295 static struct vfsmount *cifs_dfs_do_automount(struct dentry *mntpt)
296 {
297 struct cifs_sb_info *cifs_sb;
298 struct cifs_ses *ses;
299 struct cifs_tcon *tcon;
300 char *full_path, *root_path;
301 unsigned int xid;
302 int rc;
303 struct vfsmount *mnt;
304
305 cifs_dbg(FYI, "in %s\n", __func__);
306 BUG_ON(IS_ROOT(mntpt));
307
308 /*
309 * The MSDFS spec states that paths in DFS referral requests and
310 * responses must be prefixed by a single '\' character instead of
311 * the double backslashes usually used in the UNC. This function
312 * gives us the latter, so we must adjust the result.
313 */
314 mnt = ERR_PTR(-ENOMEM);
315
316 cifs_sb = CIFS_SB(mntpt->d_sb);
317 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NO_DFS) {
318 mnt = ERR_PTR(-EREMOTE);
319 goto cdda_exit;
320 }
321
322 /* always use tree name prefix */
323 full_path = build_path_from_dentry_optional_prefix(mntpt, true);
324 if (full_path == NULL)
325 goto cdda_exit;
326
327 convert_delimiter(full_path, '\\');
328
329 cifs_dbg(FYI, "%s: full_path: %s\n", __func__, full_path);
330
331 if (!cifs_sb_master_tlink(cifs_sb)) {
332 cifs_dbg(FYI, "%s: master tlink is NULL\n", __func__);
333 goto free_full_path;
334 }
335
336 tcon = cifs_sb_master_tcon(cifs_sb);
337 if (!tcon) {
338 cifs_dbg(FYI, "%s: master tcon is NULL\n", __func__);
339 goto free_full_path;
340 }
341
342 root_path = kstrdup(tcon->treeName, GFP_KERNEL);
343 if (!root_path) {
344 mnt = ERR_PTR(-ENOMEM);
345 goto free_full_path;
346 }
347 cifs_dbg(FYI, "%s: root path: %s\n", __func__, root_path);
348
349 ses = tcon->ses;
350 xid = get_xid();
351
352 /*
353 * If DFS root has been expired, then unconditionally fetch it again to
354 * refresh DFS referral cache.
355 */
356 rc = dfs_cache_find(xid, ses, cifs_sb->local_nls, cifs_remap(cifs_sb),
357 root_path + 1, NULL, NULL);
358 if (!rc) {
359 rc = dfs_cache_find(xid, ses, cifs_sb->local_nls,
360 cifs_remap(cifs_sb), full_path + 1,
361 NULL, NULL);
362 }
363
364 free_xid(xid);
365
366 if (rc) {
367 mnt = ERR_PTR(rc);
368 goto free_root_path;
369 }
370 /*
371 * OK - we were able to get and cache a referral for @full_path.
372 *
373 * Now, pass it down to cifs_mount() and it will retry every available
374 * node server in case of failures - no need to do it here.
375 */
376 mnt = cifs_dfs_do_mount(mntpt, cifs_sb, full_path);
377 cifs_dbg(FYI, "%s: cifs_dfs_do_mount:%s , mnt:%p\n", __func__,
378 full_path + 1, mnt);
379
380 free_root_path:
381 kfree(root_path);
382 free_full_path:
383 kfree(full_path);
384 cdda_exit:
385 cifs_dbg(FYI, "leaving %s\n" , __func__);
386 return mnt;
387 }
388
389 /*
390 * Attempt to automount the referral
391 */
cifs_dfs_d_automount(struct path * path)392 struct vfsmount *cifs_dfs_d_automount(struct path *path)
393 {
394 struct vfsmount *newmnt;
395
396 cifs_dbg(FYI, "in %s\n", __func__);
397
398 newmnt = cifs_dfs_do_automount(path->dentry);
399 if (IS_ERR(newmnt)) {
400 cifs_dbg(FYI, "leaving %s [automount failed]\n" , __func__);
401 return newmnt;
402 }
403
404 mntget(newmnt); /* prevent immediate expiration */
405 mnt_set_expiry(newmnt, &cifs_dfs_automount_list);
406 schedule_delayed_work(&cifs_dfs_automount_task,
407 cifs_dfs_mountpoint_expiry_timeout);
408 cifs_dbg(FYI, "leaving %s [ok]\n" , __func__);
409 return newmnt;
410 }
411
412 const struct inode_operations cifs_dfs_referral_inode_operations = {
413 };
414
