HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
[linux/fpc-iii.git] / fs / cifs / cifs_dfs_ref.c
blob1ea643faf04b958280390ba0dc34e2365520a41d
1 /*
2 * Contains the CIFS DFS referral mounting routines used for handling
3 * traversal via DFS junction point
5 * Copyright (c) 2007 Igor Mammedov
6 * Copyright (C) International Business Machines Corp., 2008
7 * Author(s): Igor Mammedov (niallain@gmail.com)
8 * Steve French (sfrench@us.ibm.com)
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
15 #include <linux/dcache.h>
16 #include <linux/mount.h>
17 #include <linux/namei.h>
18 #include <linux/slab.h>
19 #include <linux/vfs.h>
20 #include <linux/fs.h>
21 #include <linux/inet.h>
22 #include "cifsglob.h"
23 #include "cifsproto.h"
24 #include "cifsfs.h"
25 #include "dns_resolve.h"
26 #include "cifs_debug.h"
27 #include "cifs_unicode.h"
29 static LIST_HEAD(cifs_dfs_automount_list);
31 static void cifs_dfs_expire_automounts(struct work_struct *work);
32 static DECLARE_DELAYED_WORK(cifs_dfs_automount_task,
33 cifs_dfs_expire_automounts);
34 static int cifs_dfs_mountpoint_expiry_timeout = 500 * HZ;
36 static void cifs_dfs_expire_automounts(struct work_struct *work)
38 struct list_head *list = &cifs_dfs_automount_list;
40 mark_mounts_for_expiry(list);
41 if (!list_empty(list))
42 schedule_delayed_work(&cifs_dfs_automount_task,
43 cifs_dfs_mountpoint_expiry_timeout);
46 void cifs_dfs_release_automount_timer(void)
48 BUG_ON(!list_empty(&cifs_dfs_automount_list));
49 cancel_delayed_work_sync(&cifs_dfs_automount_task);
52 /**
53 * cifs_build_devname - build a devicename from a UNC and optional prepath
54 * @nodename: pointer to UNC string
55 * @prepath: pointer to prefixpath (or NULL if there isn't one)
57 * Build a new cifs devicename after chasing a DFS referral. Allocate a buffer
58 * big enough to hold the final thing. Copy the UNC from the nodename, and
59 * concatenate the prepath onto the end of it if there is one.
61 * Returns pointer to the built string, or a ERR_PTR. Caller is responsible
62 * for freeing the returned string.
64 static char *
65 cifs_build_devname(char *nodename, const char *prepath)
67 size_t pplen;
68 size_t unclen;
69 char *dev;
70 char *pos;
72 /* skip over any preceding delimiters */
73 nodename += strspn(nodename, "\\");
74 if (!*nodename)
75 return ERR_PTR(-EINVAL);
77 /* get length of UNC and set pos to last char */
78 unclen = strlen(nodename);
79 pos = nodename + unclen - 1;
81 /* trim off any trailing delimiters */
82 while (*pos == '\\') {
83 --pos;
84 --unclen;
87 /* allocate a buffer:
88 * +2 for preceding "//"
89 * +1 for delimiter between UNC and prepath
90 * +1 for trailing NULL
92 pplen = prepath ? strlen(prepath) : 0;
93 dev = kmalloc(2 + unclen + 1 + pplen + 1, GFP_KERNEL);
94 if (!dev)
95 return ERR_PTR(-ENOMEM);
97 pos = dev;
98 /* add the initial "//" */
99 *pos = '/';
100 ++pos;
101 *pos = '/';
102 ++pos;
104 /* copy in the UNC portion from referral */
105 memcpy(pos, nodename, unclen);
106 pos += unclen;
108 /* copy the prefixpath remainder (if there is one) */
109 if (pplen) {
110 *pos = '/';
111 ++pos;
112 memcpy(pos, prepath, pplen);
113 pos += pplen;
116 /* NULL terminator */
117 *pos = '\0';
119 convert_delimiter(dev, '/');
120 return dev;
125 * cifs_compose_mount_options - creates mount options for refferral
126 * @sb_mountdata: parent/root DFS mount options (template)
127 * @fullpath: full path in UNC format
128 * @ref: server's referral
129 * @devname: pointer for saving device name
131 * creates mount options for submount based on template options sb_mountdata
132 * and replacing unc,ip,prefixpath options with ones we've got form ref_unc.
134 * Returns: pointer to new mount options or ERR_PTR.
135 * Caller is responcible for freeing retunrned value if it is not error.
137 char *cifs_compose_mount_options(const char *sb_mountdata,
138 const char *fullpath,
139 const struct dfs_info3_param *ref,
140 char **devname)
142 int rc;
143 char *mountdata = NULL;
144 const char *prepath = NULL;
145 int md_len;
146 char *tkn_e;
147 char *srvIP = NULL;
148 char sep = ',';
149 int off, noff;
151 if (sb_mountdata == NULL)
152 return ERR_PTR(-EINVAL);
154 if (strlen(fullpath) - ref->path_consumed)
155 prepath = fullpath + ref->path_consumed;
157 *devname = cifs_build_devname(ref->node_name, prepath);
158 if (IS_ERR(*devname)) {
159 rc = PTR_ERR(*devname);
160 *devname = NULL;
161 goto compose_mount_options_err;
164 rc = dns_resolve_server_name_to_ip(*devname, &srvIP);
165 if (rc < 0) {
166 cifs_dbg(FYI, "%s: Failed to resolve server part of %s to IP: %d\n",
167 __func__, *devname, rc);
168 goto compose_mount_options_err;
172 * In most cases, we'll be building a shorter string than the original,
173 * but we do have to assume that the address in the ip= option may be
174 * much longer than the original. Add the max length of an address
175 * string to the length of the original string to allow for worst case.
177 md_len = strlen(sb_mountdata) + INET6_ADDRSTRLEN;
178 mountdata = kzalloc(md_len + 1, GFP_KERNEL);
179 if (mountdata == NULL) {
180 rc = -ENOMEM;
181 goto compose_mount_options_err;
184 /* copy all options except of unc,ip,prefixpath */
185 off = 0;
186 if (strncmp(sb_mountdata, "sep=", 4) == 0) {
187 sep = sb_mountdata[4];
188 strncpy(mountdata, sb_mountdata, 5);
189 off += 5;
192 do {
193 tkn_e = strchr(sb_mountdata + off, sep);
194 if (tkn_e == NULL)
195 noff = strlen(sb_mountdata + off);
196 else
197 noff = tkn_e - (sb_mountdata + off) + 1;
199 if (strncasecmp(sb_mountdata + off, "unc=", 4) == 0) {
200 off += noff;
201 continue;
203 if (strncasecmp(sb_mountdata + off, "ip=", 3) == 0) {
204 off += noff;
205 continue;
207 if (strncasecmp(sb_mountdata + off, "prefixpath=", 11) == 0) {
208 off += noff;
209 continue;
211 strncat(mountdata, sb_mountdata + off, noff);
212 off += noff;
213 } while (tkn_e);
214 strcat(mountdata, sb_mountdata + off);
215 mountdata[md_len] = '\0';
217 /* copy new IP and ref share name */
218 if (mountdata[strlen(mountdata) - 1] != sep)
219 strncat(mountdata, &sep, 1);
220 strcat(mountdata, "ip=");
221 strcat(mountdata, srvIP);
223 /*cifs_dbg(FYI, "%s: parent mountdata: %s\n", __func__, sb_mountdata);*/
224 /*cifs_dbg(FYI, "%s: submount mountdata: %s\n", __func__, mountdata );*/
226 compose_mount_options_out:
227 kfree(srvIP);
228 return mountdata;
230 compose_mount_options_err:
231 kfree(mountdata);
232 mountdata = ERR_PTR(rc);
233 kfree(*devname);
234 *devname = NULL;
235 goto compose_mount_options_out;
239 * cifs_dfs_do_refmount - mounts specified path using provided refferal
240 * @cifs_sb: parent/root superblock
241 * @fullpath: full path in UNC format
242 * @ref: server's referral
244 static struct vfsmount *cifs_dfs_do_refmount(struct cifs_sb_info *cifs_sb,
245 const char *fullpath, const struct dfs_info3_param *ref)
247 struct vfsmount *mnt;
248 char *mountdata;
249 char *devname = NULL;
251 /* strip first '\' from fullpath */
252 mountdata = cifs_compose_mount_options(cifs_sb->mountdata,
253 fullpath + 1, ref, &devname);
255 if (IS_ERR(mountdata))
256 return (struct vfsmount *)mountdata;
258 mnt = vfs_kern_mount(&cifs_fs_type, 0, devname, mountdata);
259 kfree(mountdata);
260 kfree(devname);
261 return mnt;
265 static void dump_referral(const struct dfs_info3_param *ref)
267 cifs_dbg(FYI, "DFS: ref path: %s\n", ref->path_name);
268 cifs_dbg(FYI, "DFS: node path: %s\n", ref->node_name);
269 cifs_dbg(FYI, "DFS: fl: %d, srv_type: %d\n",
270 ref->flags, ref->server_type);
271 cifs_dbg(FYI, "DFS: ref_flags: %d, path_consumed: %d\n",
272 ref->ref_flag, ref->path_consumed);
276 * Create a vfsmount that we can automount
278 static struct vfsmount *cifs_dfs_do_automount(struct dentry *mntpt)
280 struct dfs_info3_param *referrals = NULL;
281 unsigned int num_referrals = 0;
282 struct cifs_sb_info *cifs_sb;
283 struct cifs_ses *ses;
284 char *full_path;
285 unsigned int xid;
286 int i;
287 int rc;
288 struct vfsmount *mnt;
289 struct tcon_link *tlink;
291 cifs_dbg(FYI, "in %s\n", __func__);
292 BUG_ON(IS_ROOT(mntpt));
295 * The MSDFS spec states that paths in DFS referral requests and
296 * responses must be prefixed by a single '\' character instead of
297 * the double backslashes usually used in the UNC. This function
298 * gives us the latter, so we must adjust the result.
300 mnt = ERR_PTR(-ENOMEM);
301 full_path = build_path_from_dentry(mntpt);
302 if (full_path == NULL)
303 goto cdda_exit;
305 cifs_sb = CIFS_SB(d_inode(mntpt)->i_sb);
306 tlink = cifs_sb_tlink(cifs_sb);
307 if (IS_ERR(tlink)) {
308 mnt = ERR_CAST(tlink);
309 goto free_full_path;
311 ses = tlink_tcon(tlink)->ses;
313 xid = get_xid();
314 rc = get_dfs_path(xid, ses, full_path + 1, cifs_sb->local_nls,
315 &num_referrals, &referrals,
316 cifs_remap(cifs_sb));
317 free_xid(xid);
319 cifs_put_tlink(tlink);
321 mnt = ERR_PTR(-ENOENT);
322 for (i = 0; i < num_referrals; i++) {
323 int len;
324 dump_referral(referrals + i);
325 /* connect to a node */
326 len = strlen(referrals[i].node_name);
327 if (len < 2) {
328 cifs_dbg(VFS, "%s: Net Address path too short: %s\n",
329 __func__, referrals[i].node_name);
330 mnt = ERR_PTR(-EINVAL);
331 break;
333 mnt = cifs_dfs_do_refmount(cifs_sb,
334 full_path, referrals + i);
335 cifs_dbg(FYI, "%s: cifs_dfs_do_refmount:%s , mnt:%p\n",
336 __func__, referrals[i].node_name, mnt);
337 if (!IS_ERR(mnt))
338 goto success;
341 /* no valid submounts were found; return error from get_dfs_path() by
342 * preference */
343 if (rc != 0)
344 mnt = ERR_PTR(rc);
346 success:
347 free_dfs_info_array(referrals, num_referrals);
348 free_full_path:
349 kfree(full_path);
350 cdda_exit:
351 cifs_dbg(FYI, "leaving %s\n" , __func__);
352 return mnt;
356 * Attempt to automount the referral
358 struct vfsmount *cifs_dfs_d_automount(struct path *path)
360 struct vfsmount *newmnt;
362 cifs_dbg(FYI, "in %s\n", __func__);
364 newmnt = cifs_dfs_do_automount(path->dentry);
365 if (IS_ERR(newmnt)) {
366 cifs_dbg(FYI, "leaving %s [automount failed]\n" , __func__);
367 return newmnt;
370 mntget(newmnt); /* prevent immediate expiration */
371 mnt_set_expiry(newmnt, &cifs_dfs_automount_list);
372 schedule_delayed_work(&cifs_dfs_automount_task,
373 cifs_dfs_mountpoint_expiry_timeout);
374 cifs_dbg(FYI, "leaving %s [ok]\n" , __func__);
375 return newmnt;
378 const struct inode_operations cifs_dfs_referral_inode_operations = {