1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Contains the CIFS DFS referral mounting routines used for handling
4 * traversal via DFS junction point
5 *
6 * Copyright (c) 2007 Igor Mammedov
7 * Copyright (C) International Business Machines Corp., 2008
8 * Author(s): Igor Mammedov (niallain@gmail.com)
9 * Steve French (sfrench@us.ibm.com)
10 */
11
12 #include <linux/dcache.h>
13 #include <linux/mount.h>
14 #include <linux/namei.h>
15 #include <linux/slab.h>
16 #include <linux/vfs.h>
17 #include <linux/fs.h>
18 #include <linux/inet.h>
19 #include "cifsglob.h"
20 #include "cifsproto.h"
21 #include "cifsfs.h"
22 #include "dns_resolve.h"
23 #include "cifs_debug.h"
24 #include "cifs_unicode.h"
25 #include "dfs_cache.h"
26
27 static LIST_HEAD(cifs_dfs_automount_list);
28
29 static void cifs_dfs_expire_automounts(struct work_struct *work);
30 static DECLARE_DELAYED_WORK(cifs_dfs_automount_task,
31 cifs_dfs_expire_automounts);
32 static int cifs_dfs_mountpoint_expiry_timeout = 500 * HZ;
33
cifs_dfs_expire_automounts(struct work_struct * work)34 static void cifs_dfs_expire_automounts(struct work_struct *work)
35 {
36 struct list_head *list = &cifs_dfs_automount_list;
37
38 mark_mounts_for_expiry(list);
39 if (!list_empty(list))
40 schedule_delayed_work(&cifs_dfs_automount_task,
41 cifs_dfs_mountpoint_expiry_timeout);
42 }
43
cifs_dfs_release_automount_timer(void)44 void cifs_dfs_release_automount_timer(void)
45 {
46 BUG_ON(!list_empty(&cifs_dfs_automount_list));
47 cancel_delayed_work_sync(&cifs_dfs_automount_task);
48 }
49
50 /**
51 * cifs_build_devname - build a devicename from a UNC and optional prepath
52 * @nodename: pointer to UNC string
53 * @prepath: pointer to prefixpath (or NULL if there isn't one)
54 *
55 * Build a new cifs devicename after chasing a DFS referral. Allocate a buffer
56 * big enough to hold the final thing. Copy the UNC from the nodename, and
57 * concatenate the prepath onto the end of it if there is one.
58 *
59 * Returns pointer to the built string, or a ERR_PTR. Caller is responsible
60 * for freeing the returned string.
61 */
62 static char *
cifs_build_devname(char * nodename,const char * prepath)63 cifs_build_devname(char *nodename, const char *prepath)
64 {
65 size_t pplen;
66 size_t unclen;
67 char *dev;
68 char *pos;
69
70 /* skip over any preceding delimiters */
71 nodename += strspn(nodename, "\\");
72 if (!*nodename)
73 return ERR_PTR(-EINVAL);
74
75 /* get length of UNC and set pos to last char */
76 unclen = strlen(nodename);
77 pos = nodename + unclen - 1;
78
79 /* trim off any trailing delimiters */
80 while (*pos == '\\') {
81 --pos;
82 --unclen;
83 }
84
85 /* allocate a buffer:
86 * +2 for preceding "//"
87 * +1 for delimiter between UNC and prepath
88 * +1 for trailing NULL
89 */
90 pplen = prepath ? strlen(prepath) : 0;
91 dev = kmalloc(2 + unclen + 1 + pplen + 1, GFP_KERNEL);
92 if (!dev)
93 return ERR_PTR(-ENOMEM);
94
95 pos = dev;
96 /* add the initial "//" */
97 *pos = '/';
98 ++pos;
99 *pos = '/';
100 ++pos;
101
102 /* copy in the UNC portion from referral */
103 memcpy(pos, nodename, unclen);
104 pos += unclen;
105
106 /* copy the prefixpath remainder (if there is one) */
107 if (pplen) {
108 *pos = '/';
109 ++pos;
110 memcpy(pos, prepath, pplen);
111 pos += pplen;
112 }
113
114 /* NULL terminator */
115 *pos = '\0';
116
117 convert_delimiter(dev, '/');
118 return dev;
119 }
120
121
122 /**
123 * cifs_compose_mount_options - creates mount options for refferral
124 * @sb_mountdata: parent/root DFS mount options (template)
125 * @fullpath: full path in UNC format
126 * @ref: server's referral
127 * @devname: optional pointer for saving device name
128 *
129 * creates mount options for submount based on template options sb_mountdata
130 * and replacing unc,ip,prefixpath options with ones we've got form ref_unc.
131 *
132 * Returns: pointer to new mount options or ERR_PTR.
133 * Caller is responcible for freeing retunrned value if it is not error.
134 */
cifs_compose_mount_options(const char * sb_mountdata,const char * fullpath,const struct dfs_info3_param * ref,char ** devname)135 char *cifs_compose_mount_options(const char *sb_mountdata,
136 const char *fullpath,
137 const struct dfs_info3_param *ref,
138 char **devname)
139 {
140 int rc;
141 char *name;
142 char *mountdata = NULL;
143 const char *prepath = NULL;
144 int md_len;
145 char *tkn_e;
146 char *srvIP = NULL;
147 char sep = ',';
148 int off, noff;
149
150 if (sb_mountdata == NULL)
151 return ERR_PTR(-EINVAL);
152
153 if (strlen(fullpath) - ref->path_consumed) {
154 prepath = fullpath + ref->path_consumed;
155 /* skip initial delimiter */
156 if (*prepath == '/' || *prepath == '\\')
157 prepath++;
158 }
159
160 name = cifs_build_devname(ref->node_name, prepath);
161 if (IS_ERR(name)) {
162 rc = PTR_ERR(name);
163 name = NULL;
164 goto compose_mount_options_err;
165 }
166
167 rc = dns_resolve_server_name_to_ip(name, &srvIP);
168 if (rc < 0) {
169 cifs_dbg(FYI, "%s: Failed to resolve server part of %s to IP: %d\n",
170 __func__, name, rc);
171 goto compose_mount_options_err;
172 }
173
174 /*
175 * In most cases, we'll be building a shorter string than the original,
176 * but we do have to assume that the address in the ip= option may be
177 * much longer than the original. Add the max length of an address
178 * string to the length of the original string to allow for worst case.
179 */
180 md_len = strlen(sb_mountdata) + INET6_ADDRSTRLEN;
181 mountdata = kzalloc(md_len + sizeof("ip=") + 1, GFP_KERNEL);
182 if (mountdata == NULL) {
183 rc = -ENOMEM;
184 goto compose_mount_options_err;
185 }
186
187 /* copy all options except of unc,ip,prefixpath */
188 off = 0;
189 if (strncmp(sb_mountdata, "sep=", 4) == 0) {
190 sep = sb_mountdata[4];
191 strncpy(mountdata, sb_mountdata, 5);
192 off += 5;
193 }
194
195 do {
196 tkn_e = strchr(sb_mountdata + off, sep);
197 if (tkn_e == NULL)
198 noff = strlen(sb_mountdata + off);
199 else
200 noff = tkn_e - (sb_mountdata + off) + 1;
201
202 if (strncasecmp(sb_mountdata + off, "unc=", 4) == 0) {
203 off += noff;
204 continue;
205 }
206 if (strncasecmp(sb_mountdata + off, "ip=", 3) == 0) {
207 off += noff;
208 continue;
209 }
210 if (strncasecmp(sb_mountdata + off, "prefixpath=", 11) == 0) {
211 off += noff;
212 continue;
213 }
214 strncat(mountdata, sb_mountdata + off, noff);
215 off += noff;
216 } while (tkn_e);
217 strcat(mountdata, sb_mountdata + off);
218 mountdata[md_len] = '\0';
219
220 /* copy new IP and ref share name */
221 if (mountdata[strlen(mountdata) - 1] != sep)
222 strncat(mountdata, &sep, 1);
223 strcat(mountdata, "ip=");
224 strcat(mountdata, srvIP);
225
226 if (devname)
227 *devname = name;
228
229 /*cifs_dbg(FYI, "%s: parent mountdata: %s\n", __func__, sb_mountdata);*/
230 /*cifs_dbg(FYI, "%s: submount mountdata: %s\n", __func__, mountdata );*/
231
232 compose_mount_options_out:
233 kfree(srvIP);
234 return mountdata;
235
236 compose_mount_options_err:
237 kfree(mountdata);
238 mountdata = ERR_PTR(rc);
239 kfree(name);
240 goto compose_mount_options_out;
241 }
242
243 /**
244 * cifs_dfs_do_refmount - mounts specified path using provided refferal
245 * @cifs_sb: parent/root superblock
246 * @fullpath: full path in UNC format
247 * @ref: server's referral
248 */
cifs_dfs_do_refmount(struct dentry * mntpt,struct cifs_sb_info * cifs_sb,const char * fullpath,const struct dfs_info3_param * ref)249 static struct vfsmount *cifs_dfs_do_refmount(struct dentry *mntpt,
250 struct cifs_sb_info *cifs_sb,
251 const char *fullpath, const struct dfs_info3_param *ref)
252 {
253 struct vfsmount *mnt;
254 char *mountdata;
255 char *devname;
256
257 /*
258 * Always pass down the DFS full path to smb3_do_mount() so we
259 * can use it later for failover.
260 */
261 devname = kstrndup(fullpath, strlen(fullpath), GFP_KERNEL);
262 if (!devname)
263 return ERR_PTR(-ENOMEM);
264
265 convert_delimiter(devname, '/');
266
267 /* strip first '\' from fullpath */
268 mountdata = cifs_compose_mount_options(cifs_sb->mountdata,
269 fullpath + 1, ref, NULL);
270 if (IS_ERR(mountdata)) {
271 kfree(devname);
272 return (struct vfsmount *)mountdata;
273 }
274
275 mnt = vfs_submount(mntpt, &cifs_fs_type, devname, mountdata);
276 kfree(mountdata);
277 kfree(devname);
278 return mnt;
279 }
280
dump_referral(const struct dfs_info3_param * ref)281 static void dump_referral(const struct dfs_info3_param *ref)
282 {
283 cifs_dbg(FYI, "DFS: ref path: %s\n", ref->path_name);
284 cifs_dbg(FYI, "DFS: node path: %s\n", ref->node_name);
285 cifs_dbg(FYI, "DFS: fl: %d, srv_type: %d\n",
286 ref->flags, ref->server_type);
287 cifs_dbg(FYI, "DFS: ref_flags: %d, path_consumed: %d\n",
288 ref->ref_flag, ref->path_consumed);
289 }
290
291 /*
292 * Create a vfsmount that we can automount
293 */
cifs_dfs_do_automount(struct dentry * mntpt)294 static struct vfsmount *cifs_dfs_do_automount(struct dentry *mntpt)
295 {
296 struct dfs_info3_param referral = {0};
297 struct cifs_sb_info *cifs_sb;
298 struct cifs_ses *ses;
299 struct cifs_tcon *tcon;
300 char *full_path, *root_path;
301 unsigned int xid;
302 int len;
303 int rc;
304 struct vfsmount *mnt;
305
306 cifs_dbg(FYI, "in %s\n", __func__);
307 BUG_ON(IS_ROOT(mntpt));
308
309 /*
310 * The MSDFS spec states that paths in DFS referral requests and
311 * responses must be prefixed by a single '\' character instead of
312 * the double backslashes usually used in the UNC. This function
313 * gives us the latter, so we must adjust the result.
314 */
315 mnt = ERR_PTR(-ENOMEM);
316
317 cifs_sb = CIFS_SB(mntpt->d_sb);
318 if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NO_DFS) {
319 mnt = ERR_PTR(-EREMOTE);
320 goto cdda_exit;
321 }
322
323 /* always use tree name prefix */
324 full_path = build_path_from_dentry_optional_prefix(mntpt, true);
325 if (full_path == NULL)
326 goto cdda_exit;
327
328 cifs_dbg(FYI, "%s: full_path: %s\n", __func__, full_path);
329
330 if (!cifs_sb_master_tlink(cifs_sb)) {
331 cifs_dbg(FYI, "%s: master tlink is NULL\n", __func__);
332 goto free_full_path;
333 }
334
335 tcon = cifs_sb_master_tcon(cifs_sb);
336 if (!tcon) {
337 cifs_dbg(FYI, "%s: master tcon is NULL\n", __func__);
338 goto free_full_path;
339 }
340
341 root_path = kstrdup(tcon->treeName, GFP_KERNEL);
342 if (!root_path) {
343 mnt = ERR_PTR(-ENOMEM);
344 goto free_full_path;
345 }
346 cifs_dbg(FYI, "%s: root path: %s\n", __func__, root_path);
347
348 ses = tcon->ses;
349 xid = get_xid();
350
351 /*
352 * If DFS root has been expired, then unconditionally fetch it again to
353 * refresh DFS referral cache.
354 */
355 rc = dfs_cache_find(xid, ses, cifs_sb->local_nls, cifs_remap(cifs_sb),
356 root_path + 1, NULL, NULL);
357 if (!rc) {
358 rc = dfs_cache_find(xid, ses, cifs_sb->local_nls,
359 cifs_remap(cifs_sb), full_path + 1,
360 &referral, NULL);
361 }
362
363 free_xid(xid);
364
365 if (rc) {
366 mnt = ERR_PTR(rc);
367 goto free_root_path;
368 }
369
370 dump_referral(&referral);
371
372 len = strlen(referral.node_name);
373 if (len < 2) {
374 cifs_dbg(VFS, "%s: Net Address path too short: %s\n",
375 __func__, referral.node_name);
376 mnt = ERR_PTR(-EINVAL);
377 goto free_dfs_ref;
378 }
379 /*
380 * cifs_mount() will retry every available node server in case
381 * of failures.
382 */
383 mnt = cifs_dfs_do_refmount(mntpt, cifs_sb, full_path, &referral);
384 cifs_dbg(FYI, "%s: cifs_dfs_do_refmount:%s , mnt:%p\n", __func__,
385 referral.node_name, mnt);
386
387 free_dfs_ref:
388 free_dfs_info_param(&referral);
389 free_root_path:
390 kfree(root_path);
391 free_full_path:
392 kfree(full_path);
393 cdda_exit:
394 cifs_dbg(FYI, "leaving %s\n" , __func__);
395 return mnt;
396 }
397
398 /*
399 * Attempt to automount the referral
400 */
cifs_dfs_d_automount(struct path * path)401 struct vfsmount *cifs_dfs_d_automount(struct path *path)
402 {
403 struct vfsmount *newmnt;
404
405 cifs_dbg(FYI, "in %s\n", __func__);
406
407 newmnt = cifs_dfs_do_automount(path->dentry);
408 if (IS_ERR(newmnt)) {
409 cifs_dbg(FYI, "leaving %s [automount failed]\n" , __func__);
410 return newmnt;
411 }
412
413 mntget(newmnt); /* prevent immediate expiration */
414 mnt_set_expiry(newmnt, &cifs_dfs_automount_list);
415 schedule_delayed_work(&cifs_dfs_automount_task,
416 cifs_dfs_mountpoint_expiry_timeout);
417 cifs_dbg(FYI, "leaving %s [ok]\n" , __func__);
418 return newmnt;
419 }
420
421 const struct inode_operations cifs_dfs_referral_inode_operations = {
422 };
423