smb_common.c (15733B)
1// SPDX-License-Identifier: GPL-2.0-or-later 2/* 3 * Copyright (C) 2018 Samsung Electronics Co., Ltd. 4 * Copyright (C) 2018 Namjae Jeon <linkinjeon@kernel.org> 5 */ 6 7#include "smb_common.h" 8#include "server.h" 9#include "misc.h" 10#include "smbstatus.h" 11#include "connection.h" 12#include "ksmbd_work.h" 13#include "mgmt/user_session.h" 14#include "mgmt/user_config.h" 15#include "mgmt/tree_connect.h" 16#include "mgmt/share_config.h" 17 18/*for shortname implementation */ 19static const char basechars[43] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_-!@#$%"; 20#define MANGLE_BASE (sizeof(basechars) / sizeof(char) - 1) 21#define MAGIC_CHAR '~' 22#define PERIOD '.' 23#define mangle(V) ((char)(basechars[(V) % MANGLE_BASE])) 24 25struct smb_protocol { 26 int index; 27 char *name; 28 char *prot; 29 __u16 prot_id; 30}; 31 32static struct smb_protocol smb1_protos[] = { 33 { 34 SMB21_PROT, 35 "\2SMB 2.1", 36 "SMB2_10", 37 SMB21_PROT_ID 38 }, 39 { 40 SMB2X_PROT, 41 "\2SMB 2.???", 42 "SMB2_22", 43 SMB2X_PROT_ID 44 }, 45}; 46 47static struct smb_protocol smb2_protos[] = { 48 { 49 SMB21_PROT, 50 "\2SMB 2.1", 51 "SMB2_10", 52 SMB21_PROT_ID 53 }, 54 { 55 SMB30_PROT, 56 "\2SMB 3.0", 57 "SMB3_00", 58 SMB30_PROT_ID 59 }, 60 { 61 SMB302_PROT, 62 "\2SMB 3.02", 63 "SMB3_02", 64 SMB302_PROT_ID 65 }, 66 { 67 SMB311_PROT, 68 "\2SMB 3.1.1", 69 "SMB3_11", 70 SMB311_PROT_ID 71 }, 72}; 73 74unsigned int ksmbd_server_side_copy_max_chunk_count(void) 75{ 76 return 256; 77} 78 79unsigned int ksmbd_server_side_copy_max_chunk_size(void) 80{ 81 return (2U << 30) - 1; 82} 83 84unsigned int ksmbd_server_side_copy_max_total_size(void) 85{ 86 return (2U << 30) - 1; 87} 88 89inline int ksmbd_min_protocol(void) 90{ 91 return SMB21_PROT; 92} 93 94inline int ksmbd_max_protocol(void) 95{ 96 return SMB311_PROT; 97} 98 99int ksmbd_lookup_protocol_idx(char *str) 100{ 101 int offt = ARRAY_SIZE(smb1_protos) - 1; 102 int len = strlen(str); 103 104 while (offt >= 0) { 105 if (!strncmp(str, smb1_protos[offt].prot, len)) { 106 ksmbd_debug(SMB, "selected %s dialect idx = %d\n", 107 smb1_protos[offt].prot, offt); 108 return smb1_protos[offt].index; 109 } 110 offt--; 111 } 112 113 offt = ARRAY_SIZE(smb2_protos) - 1; 114 while (offt >= 0) { 115 if (!strncmp(str, smb2_protos[offt].prot, len)) { 116 ksmbd_debug(SMB, "selected %s dialect idx = %d\n", 117 smb2_protos[offt].prot, offt); 118 return smb2_protos[offt].index; 119 } 120 offt--; 121 } 122 return -1; 123} 124 125/** 126 * ksmbd_verify_smb_message() - check for valid smb2 request header 127 * @work: smb work 128 * 129 * check for valid smb signature and packet direction(request/response) 130 * 131 * Return: 0 on success, otherwise -EINVAL 132 */ 133int ksmbd_verify_smb_message(struct ksmbd_work *work) 134{ 135 struct smb2_hdr *smb2_hdr = ksmbd_req_buf_next(work); 136 struct smb_hdr *hdr; 137 138 if (smb2_hdr->ProtocolId == SMB2_PROTO_NUMBER) 139 return ksmbd_smb2_check_message(work); 140 141 hdr = work->request_buf; 142 if (*(__le32 *)hdr->Protocol == SMB1_PROTO_NUMBER && 143 hdr->Command == SMB_COM_NEGOTIATE) { 144 work->conn->outstanding_credits++; 145 return 0; 146 } 147 148 return -EINVAL; 149} 150 151/** 152 * ksmbd_smb_request() - check for valid smb request type 153 * @conn: connection instance 154 * 155 * Return: true on success, otherwise false 156 */ 157bool ksmbd_smb_request(struct ksmbd_conn *conn) 158{ 159 return conn->request_buf[0] == 0; 160} 161 162static bool supported_protocol(int idx) 163{ 164 if (idx == SMB2X_PROT && 165 (server_conf.min_protocol >= SMB21_PROT || 166 server_conf.max_protocol <= SMB311_PROT)) 167 return true; 168 169 return (server_conf.min_protocol <= idx && 170 idx <= server_conf.max_protocol); 171} 172 173static char *next_dialect(char *dialect, int *next_off, int bcount) 174{ 175 dialect = dialect + *next_off; 176 *next_off = strnlen(dialect, bcount); 177 if (dialect[*next_off] != '\0') 178 return NULL; 179 return dialect; 180} 181 182static int ksmbd_lookup_dialect_by_name(char *cli_dialects, __le16 byte_count) 183{ 184 int i, seq_num, bcount, next; 185 char *dialect; 186 187 for (i = ARRAY_SIZE(smb1_protos) - 1; i >= 0; i--) { 188 seq_num = 0; 189 next = 0; 190 dialect = cli_dialects; 191 bcount = le16_to_cpu(byte_count); 192 do { 193 dialect = next_dialect(dialect, &next, bcount); 194 if (!dialect) 195 break; 196 ksmbd_debug(SMB, "client requested dialect %s\n", 197 dialect); 198 if (!strcmp(dialect, smb1_protos[i].name)) { 199 if (supported_protocol(smb1_protos[i].index)) { 200 ksmbd_debug(SMB, 201 "selected %s dialect\n", 202 smb1_protos[i].name); 203 if (smb1_protos[i].index == SMB1_PROT) 204 return seq_num; 205 return smb1_protos[i].prot_id; 206 } 207 } 208 seq_num++; 209 bcount -= (++next); 210 } while (bcount > 0); 211 } 212 213 return BAD_PROT_ID; 214} 215 216int ksmbd_lookup_dialect_by_id(__le16 *cli_dialects, __le16 dialects_count) 217{ 218 int i; 219 int count; 220 221 for (i = ARRAY_SIZE(smb2_protos) - 1; i >= 0; i--) { 222 count = le16_to_cpu(dialects_count); 223 while (--count >= 0) { 224 ksmbd_debug(SMB, "client requested dialect 0x%x\n", 225 le16_to_cpu(cli_dialects[count])); 226 if (le16_to_cpu(cli_dialects[count]) != 227 smb2_protos[i].prot_id) 228 continue; 229 230 if (supported_protocol(smb2_protos[i].index)) { 231 ksmbd_debug(SMB, "selected %s dialect\n", 232 smb2_protos[i].name); 233 return smb2_protos[i].prot_id; 234 } 235 } 236 } 237 238 return BAD_PROT_ID; 239} 240 241static int ksmbd_negotiate_smb_dialect(void *buf) 242{ 243 int smb_buf_length = get_rfc1002_len(buf); 244 __le32 proto = ((struct smb2_hdr *)smb2_get_msg(buf))->ProtocolId; 245 246 if (proto == SMB2_PROTO_NUMBER) { 247 struct smb2_negotiate_req *req; 248 int smb2_neg_size = 249 offsetof(struct smb2_negotiate_req, Dialects); 250 251 req = (struct smb2_negotiate_req *)smb2_get_msg(buf); 252 if (smb2_neg_size > smb_buf_length) 253 goto err_out; 254 255 if (smb2_neg_size + le16_to_cpu(req->DialectCount) * sizeof(__le16) > 256 smb_buf_length) 257 goto err_out; 258 259 return ksmbd_lookup_dialect_by_id(req->Dialects, 260 req->DialectCount); 261 } 262 263 proto = *(__le32 *)((struct smb_hdr *)buf)->Protocol; 264 if (proto == SMB1_PROTO_NUMBER) { 265 struct smb_negotiate_req *req; 266 267 req = (struct smb_negotiate_req *)buf; 268 if (le16_to_cpu(req->ByteCount) < 2) 269 goto err_out; 270 271 if (offsetof(struct smb_negotiate_req, DialectsArray) - 4 + 272 le16_to_cpu(req->ByteCount) > smb_buf_length) { 273 goto err_out; 274 } 275 276 return ksmbd_lookup_dialect_by_name(req->DialectsArray, 277 req->ByteCount); 278 } 279 280err_out: 281 return BAD_PROT_ID; 282} 283 284int ksmbd_init_smb_server(struct ksmbd_work *work) 285{ 286 struct ksmbd_conn *conn = work->conn; 287 288 if (conn->need_neg == false) 289 return 0; 290 291 init_smb3_11_server(conn); 292 293 if (conn->ops->get_cmd_val(work) != SMB_COM_NEGOTIATE) 294 conn->need_neg = false; 295 return 0; 296} 297 298int ksmbd_populate_dot_dotdot_entries(struct ksmbd_work *work, int info_level, 299 struct ksmbd_file *dir, 300 struct ksmbd_dir_info *d_info, 301 char *search_pattern, 302 int (*fn)(struct ksmbd_conn *, int, 303 struct ksmbd_dir_info *, 304 struct ksmbd_kstat *)) 305{ 306 int i, rc = 0; 307 struct ksmbd_conn *conn = work->conn; 308 struct user_namespace *user_ns = file_mnt_user_ns(dir->filp); 309 310 for (i = 0; i < 2; i++) { 311 struct kstat kstat; 312 struct ksmbd_kstat ksmbd_kstat; 313 struct dentry *dentry; 314 315 if (!dir->dot_dotdot[i]) { /* fill dot entry info */ 316 if (i == 0) { 317 d_info->name = "."; 318 d_info->name_len = 1; 319 dentry = dir->filp->f_path.dentry; 320 } else { 321 d_info->name = ".."; 322 d_info->name_len = 2; 323 dentry = dir->filp->f_path.dentry->d_parent; 324 } 325 326 if (!match_pattern(d_info->name, d_info->name_len, 327 search_pattern)) { 328 dir->dot_dotdot[i] = 1; 329 continue; 330 } 331 332 ksmbd_kstat.kstat = &kstat; 333 ksmbd_vfs_fill_dentry_attrs(work, 334 user_ns, 335 dentry, 336 &ksmbd_kstat); 337 rc = fn(conn, info_level, d_info, &ksmbd_kstat); 338 if (rc) 339 break; 340 if (d_info->out_buf_len <= 0) 341 break; 342 343 dir->dot_dotdot[i] = 1; 344 if (d_info->flags & SMB2_RETURN_SINGLE_ENTRY) { 345 d_info->out_buf_len = 0; 346 break; 347 } 348 } 349 } 350 351 return rc; 352} 353 354/** 355 * ksmbd_extract_shortname() - get shortname from long filename 356 * @conn: connection instance 357 * @longname: source long filename 358 * @shortname: destination short filename 359 * 360 * Return: shortname length or 0 when source long name is '.' or '..' 361 * TODO: Though this function comforms the restriction of 8.3 Filename spec, 362 * but the result is different with Windows 7's one. need to check. 363 */ 364int ksmbd_extract_shortname(struct ksmbd_conn *conn, const char *longname, 365 char *shortname) 366{ 367 const char *p; 368 char base[9], extension[4]; 369 char out[13] = {0}; 370 int baselen = 0; 371 int extlen = 0, len = 0; 372 unsigned int csum = 0; 373 const unsigned char *ptr; 374 bool dot_present = true; 375 376 p = longname; 377 if ((*p == '.') || (!(strcmp(p, "..")))) { 378 /*no mangling required */ 379 return 0; 380 } 381 382 p = strrchr(longname, '.'); 383 if (p == longname) { /*name starts with a dot*/ 384 strscpy(extension, "___", strlen("___")); 385 } else { 386 if (p) { 387 p++; 388 while (*p && extlen < 3) { 389 if (*p != '.') 390 extension[extlen++] = toupper(*p); 391 p++; 392 } 393 extension[extlen] = '\0'; 394 } else { 395 dot_present = false; 396 } 397 } 398 399 p = longname; 400 if (*p == '.') { 401 p++; 402 longname++; 403 } 404 while (*p && (baselen < 5)) { 405 if (*p != '.') 406 base[baselen++] = toupper(*p); 407 p++; 408 } 409 410 base[baselen] = MAGIC_CHAR; 411 memcpy(out, base, baselen + 1); 412 413 ptr = longname; 414 len = strlen(longname); 415 for (; len > 0; len--, ptr++) 416 csum += *ptr; 417 418 csum = csum % (MANGLE_BASE * MANGLE_BASE); 419 out[baselen + 1] = mangle(csum / MANGLE_BASE); 420 out[baselen + 2] = mangle(csum); 421 out[baselen + 3] = PERIOD; 422 423 if (dot_present) 424 memcpy(&out[baselen + 4], extension, 4); 425 else 426 out[baselen + 4] = '\0'; 427 smbConvertToUTF16((__le16 *)shortname, out, PATH_MAX, 428 conn->local_nls, 0); 429 len = strlen(out) * 2; 430 return len; 431} 432 433static int __smb2_negotiate(struct ksmbd_conn *conn) 434{ 435 return (conn->dialect >= SMB21_PROT_ID && 436 conn->dialect <= SMB311_PROT_ID); 437} 438 439static int smb_handle_negotiate(struct ksmbd_work *work) 440{ 441 struct smb_negotiate_rsp *neg_rsp = work->response_buf; 442 443 ksmbd_debug(SMB, "Unsupported SMB protocol\n"); 444 neg_rsp->hdr.Status.CifsError = STATUS_INVALID_LOGON_TYPE; 445 return -EINVAL; 446} 447 448int ksmbd_smb_negotiate_common(struct ksmbd_work *work, unsigned int command) 449{ 450 struct ksmbd_conn *conn = work->conn; 451 int ret; 452 453 conn->dialect = 454 ksmbd_negotiate_smb_dialect(work->request_buf); 455 ksmbd_debug(SMB, "conn->dialect 0x%x\n", conn->dialect); 456 457 if (command == SMB2_NEGOTIATE_HE) { 458 struct smb2_hdr *smb2_hdr = smb2_get_msg(work->request_buf); 459 460 if (smb2_hdr->ProtocolId != SMB2_PROTO_NUMBER) { 461 ksmbd_debug(SMB, "Downgrade to SMB1 negotiation\n"); 462 command = SMB_COM_NEGOTIATE; 463 } 464 } 465 466 if (command == SMB2_NEGOTIATE_HE && __smb2_negotiate(conn)) { 467 ret = smb2_handle_negotiate(work); 468 init_smb2_neg_rsp(work); 469 return ret; 470 } 471 472 if (command == SMB_COM_NEGOTIATE) { 473 if (__smb2_negotiate(conn)) { 474 conn->need_neg = true; 475 init_smb3_11_server(conn); 476 init_smb2_neg_rsp(work); 477 ksmbd_debug(SMB, "Upgrade to SMB2 negotiation\n"); 478 return 0; 479 } 480 return smb_handle_negotiate(work); 481 } 482 483 pr_err("Unknown SMB negotiation command: %u\n", command); 484 return -EINVAL; 485} 486 487enum SHARED_MODE_ERRORS { 488 SHARE_DELETE_ERROR, 489 SHARE_READ_ERROR, 490 SHARE_WRITE_ERROR, 491 FILE_READ_ERROR, 492 FILE_WRITE_ERROR, 493 FILE_DELETE_ERROR, 494}; 495 496static const char * const shared_mode_errors[] = { 497 "Current access mode does not permit SHARE_DELETE", 498 "Current access mode does not permit SHARE_READ", 499 "Current access mode does not permit SHARE_WRITE", 500 "Desired access mode does not permit FILE_READ", 501 "Desired access mode does not permit FILE_WRITE", 502 "Desired access mode does not permit FILE_DELETE", 503}; 504 505static void smb_shared_mode_error(int error, struct ksmbd_file *prev_fp, 506 struct ksmbd_file *curr_fp) 507{ 508 ksmbd_debug(SMB, "%s\n", shared_mode_errors[error]); 509 ksmbd_debug(SMB, "Current mode: 0x%x Desired mode: 0x%x\n", 510 prev_fp->saccess, curr_fp->daccess); 511} 512 513int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp) 514{ 515 int rc = 0; 516 struct ksmbd_file *prev_fp; 517 518 /* 519 * Lookup fp in master fp list, and check desired access and 520 * shared mode between previous open and current open. 521 */ 522 read_lock(&curr_fp->f_ci->m_lock); 523 list_for_each_entry(prev_fp, &curr_fp->f_ci->m_fp_list, node) { 524 if (file_inode(filp) != file_inode(prev_fp->filp)) 525 continue; 526 527 if (filp == prev_fp->filp) 528 continue; 529 530 if (ksmbd_stream_fd(prev_fp) && ksmbd_stream_fd(curr_fp)) 531 if (strcmp(prev_fp->stream.name, curr_fp->stream.name)) 532 continue; 533 534 if (prev_fp->attrib_only != curr_fp->attrib_only) 535 continue; 536 537 if (!(prev_fp->saccess & FILE_SHARE_DELETE_LE) && 538 curr_fp->daccess & FILE_DELETE_LE) { 539 smb_shared_mode_error(SHARE_DELETE_ERROR, 540 prev_fp, 541 curr_fp); 542 rc = -EPERM; 543 break; 544 } 545 546 /* 547 * Only check FILE_SHARE_DELETE if stream opened and 548 * normal file opened. 549 */ 550 if (ksmbd_stream_fd(prev_fp) && !ksmbd_stream_fd(curr_fp)) 551 continue; 552 553 if (!(prev_fp->saccess & FILE_SHARE_READ_LE) && 554 curr_fp->daccess & (FILE_EXECUTE_LE | FILE_READ_DATA_LE)) { 555 smb_shared_mode_error(SHARE_READ_ERROR, 556 prev_fp, 557 curr_fp); 558 rc = -EPERM; 559 break; 560 } 561 562 if (!(prev_fp->saccess & FILE_SHARE_WRITE_LE) && 563 curr_fp->daccess & (FILE_WRITE_DATA_LE | FILE_APPEND_DATA_LE)) { 564 smb_shared_mode_error(SHARE_WRITE_ERROR, 565 prev_fp, 566 curr_fp); 567 rc = -EPERM; 568 break; 569 } 570 571 if (prev_fp->daccess & (FILE_EXECUTE_LE | FILE_READ_DATA_LE) && 572 !(curr_fp->saccess & FILE_SHARE_READ_LE)) { 573 smb_shared_mode_error(FILE_READ_ERROR, 574 prev_fp, 575 curr_fp); 576 rc = -EPERM; 577 break; 578 } 579 580 if (prev_fp->daccess & (FILE_WRITE_DATA_LE | FILE_APPEND_DATA_LE) && 581 !(curr_fp->saccess & FILE_SHARE_WRITE_LE)) { 582 smb_shared_mode_error(FILE_WRITE_ERROR, 583 prev_fp, 584 curr_fp); 585 rc = -EPERM; 586 break; 587 } 588 589 if (prev_fp->daccess & FILE_DELETE_LE && 590 !(curr_fp->saccess & FILE_SHARE_DELETE_LE)) { 591 smb_shared_mode_error(FILE_DELETE_ERROR, 592 prev_fp, 593 curr_fp); 594 rc = -EPERM; 595 break; 596 } 597 } 598 read_unlock(&curr_fp->f_ci->m_lock); 599 600 return rc; 601} 602 603bool is_asterisk(char *p) 604{ 605 return p && p[0] == '*'; 606} 607 608int ksmbd_override_fsids(struct ksmbd_work *work) 609{ 610 struct ksmbd_session *sess = work->sess; 611 struct ksmbd_share_config *share = work->tcon->share_conf; 612 struct cred *cred; 613 struct group_info *gi; 614 unsigned int uid; 615 unsigned int gid; 616 617 uid = user_uid(sess->user); 618 gid = user_gid(sess->user); 619 if (share->force_uid != KSMBD_SHARE_INVALID_UID) 620 uid = share->force_uid; 621 if (share->force_gid != KSMBD_SHARE_INVALID_GID) 622 gid = share->force_gid; 623 624 cred = prepare_kernel_cred(NULL); 625 if (!cred) 626 return -ENOMEM; 627 628 cred->fsuid = make_kuid(current_user_ns(), uid); 629 cred->fsgid = make_kgid(current_user_ns(), gid); 630 631 gi = groups_alloc(0); 632 if (!gi) { 633 abort_creds(cred); 634 return -ENOMEM; 635 } 636 set_groups(cred, gi); 637 put_group_info(gi); 638 639 if (!uid_eq(cred->fsuid, GLOBAL_ROOT_UID)) 640 cred->cap_effective = cap_drop_fs_set(cred->cap_effective); 641 642 WARN_ON(work->saved_cred); 643 work->saved_cred = override_creds(cred); 644 if (!work->saved_cred) { 645 abort_creds(cred); 646 return -EINVAL; 647 } 648 return 0; 649} 650 651void ksmbd_revert_fsids(struct ksmbd_work *work) 652{ 653 const struct cred *cred; 654 655 WARN_ON(!work->saved_cred); 656 657 cred = current_cred(); 658 revert_creds(work->saved_cred); 659 put_cred(cred); 660 work->saved_cred = NULL; 661} 662 663__le32 smb_map_generic_desired_access(__le32 daccess) 664{ 665 if (daccess & FILE_GENERIC_READ_LE) { 666 daccess |= cpu_to_le32(GENERIC_READ_FLAGS); 667 daccess &= ~FILE_GENERIC_READ_LE; 668 } 669 670 if (daccess & FILE_GENERIC_WRITE_LE) { 671 daccess |= cpu_to_le32(GENERIC_WRITE_FLAGS); 672 daccess &= ~FILE_GENERIC_WRITE_LE; 673 } 674 675 if (daccess & FILE_GENERIC_EXECUTE_LE) { 676 daccess |= cpu_to_le32(GENERIC_EXECUTE_FLAGS); 677 daccess &= ~FILE_GENERIC_EXECUTE_LE; 678 } 679 680 if (daccess & FILE_GENERIC_ALL_LE) { 681 daccess |= cpu_to_le32(GENERIC_ALL_FLAGS); 682 daccess &= ~FILE_GENERIC_ALL_LE; 683 } 684 685 return daccess; 686}