1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (C) 2020, Microsoft Corporation.
4 *
5 * Author(s): Steve French <stfrench@microsoft.com>
6 * David Howells <dhowells@redhat.com>
7 */
8
9 #include "cifsglob.h"
10 #include "cifs_debug.h"
11 #include "fs_context.h"
12
13 static const match_table_t cifs_smb_version_tokens = {
14 { Smb_1, SMB1_VERSION_STRING },
15 { Smb_20, SMB20_VERSION_STRING},
16 { Smb_21, SMB21_VERSION_STRING },
17 { Smb_30, SMB30_VERSION_STRING },
18 { Smb_302, SMB302_VERSION_STRING },
19 { Smb_302, ALT_SMB302_VERSION_STRING },
20 { Smb_311, SMB311_VERSION_STRING },
21 { Smb_311, ALT_SMB311_VERSION_STRING },
22 { Smb_3any, SMB3ANY_VERSION_STRING },
23 { Smb_default, SMBDEFAULT_VERSION_STRING },
24 { Smb_version_err, NULL }
25 };
26
27 int
cifs_parse_smb_version(char * value,struct smb_vol * vol,bool is_smb3)28 cifs_parse_smb_version(char *value, struct smb_vol *vol, bool is_smb3)
29 {
30 substring_t args[MAX_OPT_ARGS];
31
32 switch (match_token(value, cifs_smb_version_tokens, args)) {
33 #ifdef CONFIG_CIFS_ALLOW_INSECURE_LEGACY
34 case Smb_1:
35 if (disable_legacy_dialects) {
36 cifs_dbg(VFS, "mount with legacy dialect disabled\n");
37 return 1;
38 }
39 if (is_smb3) {
40 cifs_dbg(VFS, "vers=1.0 (cifs) not permitted when mounting with smb3\n");
41 return 1;
42 }
43 cifs_dbg(VFS, "Use of the less secure dialect vers=1.0 is not recommended unless required for access to very old servers\n");
44 vol->ops = &smb1_operations;
45 vol->vals = &smb1_values;
46 break;
47 case Smb_20:
48 if (disable_legacy_dialects) {
49 cifs_dbg(VFS, "mount with legacy dialect disabled\n");
50 return 1;
51 }
52 if (is_smb3) {
53 cifs_dbg(VFS, "vers=2.0 not permitted when mounting with smb3\n");
54 return 1;
55 }
56 vol->ops = &smb20_operations;
57 vol->vals = &smb20_values;
58 break;
59 #else
60 case Smb_1:
61 cifs_dbg(VFS, "vers=1.0 (cifs) mount not permitted when legacy dialects disabled\n");
62 return 1;
63 case Smb_20:
64 cifs_dbg(VFS, "vers=2.0 mount not permitted when legacy dialects disabled\n");
65 return 1;
66 #endif /* CIFS_ALLOW_INSECURE_LEGACY */
67 case Smb_21:
68 vol->ops = &smb21_operations;
69 vol->vals = &smb21_values;
70 break;
71 case Smb_30:
72 vol->ops = &smb30_operations;
73 vol->vals = &smb30_values;
74 break;
75 case Smb_302:
76 vol->ops = &smb30_operations; /* currently identical with 3.0 */
77 vol->vals = &smb302_values;
78 break;
79 case Smb_311:
80 vol->ops = &smb311_operations;
81 vol->vals = &smb311_values;
82 break;
83 case Smb_3any:
84 vol->ops = &smb30_operations; /* currently identical with 3.0 */
85 vol->vals = &smb3any_values;
86 break;
87 case Smb_default:
88 vol->ops = &smb30_operations; /* currently identical with 3.0 */
89 vol->vals = &smbdefault_values;
90 break;
91 default:
92 cifs_dbg(VFS, "Unknown vers= option specified: %s\n", value);
93 return 1;
94 }
95 return 0;
96 }
97
98 static const match_table_t cifs_secflavor_tokens = {
99 { Opt_sec_krb5, "krb5" },
100 { Opt_sec_krb5i, "krb5i" },
101 { Opt_sec_krb5p, "krb5p" },
102 { Opt_sec_ntlmsspi, "ntlmsspi" },
103 { Opt_sec_ntlmssp, "ntlmssp" },
104 { Opt_ntlm, "ntlm" },
105 { Opt_sec_ntlmi, "ntlmi" },
106 { Opt_sec_ntlmv2, "nontlm" },
107 { Opt_sec_ntlmv2, "ntlmv2" },
108 { Opt_sec_ntlmv2i, "ntlmv2i" },
109 { Opt_sec_lanman, "lanman" },
110 { Opt_sec_none, "none" },
111
112 { Opt_sec_err, NULL }
113 };
114
cifs_parse_security_flavors(char * value,struct smb_vol * vol)115 int cifs_parse_security_flavors(char *value, struct smb_vol *vol)
116 {
117
118 substring_t args[MAX_OPT_ARGS];
119
120 /*
121 * With mount options, the last one should win. Reset any existing
122 * settings back to default.
123 */
124 vol->sectype = Unspecified;
125 vol->sign = false;
126
127 switch (match_token(value, cifs_secflavor_tokens, args)) {
128 case Opt_sec_krb5p:
129 cifs_dbg(VFS, "sec=krb5p is not supported!\n");
130 return 1;
131 case Opt_sec_krb5i:
132 vol->sign = true;
133 fallthrough;
134 case Opt_sec_krb5:
135 vol->sectype = Kerberos;
136 break;
137 case Opt_sec_ntlmsspi:
138 vol->sign = true;
139 fallthrough;
140 case Opt_sec_ntlmssp:
141 vol->sectype = RawNTLMSSP;
142 break;
143 case Opt_sec_ntlmi:
144 vol->sign = true;
145 fallthrough;
146 case Opt_ntlm:
147 vol->sectype = NTLM;
148 break;
149 case Opt_sec_ntlmv2i:
150 vol->sign = true;
151 fallthrough;
152 case Opt_sec_ntlmv2:
153 vol->sectype = NTLMv2;
154 break;
155 #ifdef CONFIG_CIFS_WEAK_PW_HASH
156 case Opt_sec_lanman:
157 vol->sectype = LANMAN;
158 break;
159 #endif
160 case Opt_sec_none:
161 vol->nullauth = 1;
162 break;
163 default:
164 cifs_dbg(VFS, "bad security option: %s\n", value);
165 return 1;
166 }
167
168 return 0;
169 }
170
171 static const match_table_t cifs_cacheflavor_tokens = {
172 { Opt_cache_loose, "loose" },
173 { Opt_cache_strict, "strict" },
174 { Opt_cache_none, "none" },
175 { Opt_cache_ro, "ro" },
176 { Opt_cache_rw, "singleclient" },
177 { Opt_cache_err, NULL }
178 };
179
180 int
cifs_parse_cache_flavor(char * value,struct smb_vol * vol)181 cifs_parse_cache_flavor(char *value, struct smb_vol *vol)
182 {
183 substring_t args[MAX_OPT_ARGS];
184
185 switch (match_token(value, cifs_cacheflavor_tokens, args)) {
186 case Opt_cache_loose:
187 vol->direct_io = false;
188 vol->strict_io = false;
189 vol->cache_ro = false;
190 vol->cache_rw = false;
191 break;
192 case Opt_cache_strict:
193 vol->direct_io = false;
194 vol->strict_io = true;
195 vol->cache_ro = false;
196 vol->cache_rw = false;
197 break;
198 case Opt_cache_none:
199 vol->direct_io = true;
200 vol->strict_io = false;
201 vol->cache_ro = false;
202 vol->cache_rw = false;
203 break;
204 case Opt_cache_ro:
205 vol->direct_io = false;
206 vol->strict_io = false;
207 vol->cache_ro = true;
208 vol->cache_rw = false;
209 break;
210 case Opt_cache_rw:
211 vol->direct_io = false;
212 vol->strict_io = false;
213 vol->cache_ro = false;
214 vol->cache_rw = true;
215 break;
216 default:
217 cifs_dbg(VFS, "bad cache= option: %s\n", value);
218 return 1;
219 }
220 return 0;
221 }
222