xref: /linux/fs/smb/client/dfs.c (revision c532de5a67a70f8533d495f8f2aaa9a0491c3ad0)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Copyright (c) 2022 Paulo Alcantara <palcantara@suse.de>
4  */
5 
6 #include "cifsproto.h"
7 #include "cifs_debug.h"
8 #include "dns_resolve.h"
9 #include "fs_context.h"
10 #include "dfs.h"
11 
12 /**
13  * dfs_parse_target_referral - set fs context for dfs target referral
14  *
15  * @full_path: full path in UNC format.
16  * @ref: dfs referral pointer.
17  * @ctx: smb3 fs context pointer.
18  *
19  * Return zero if dfs referral was parsed correctly, otherwise non-zero.
20  */
21 int dfs_parse_target_referral(const char *full_path, const struct dfs_info3_param *ref,
22 			      struct smb3_fs_context *ctx)
23 {
24 	int rc;
25 	const char *prepath = NULL;
26 	char *path;
27 
28 	if (!full_path || !*full_path || !ref || !ctx)
29 		return -EINVAL;
30 
31 	if (WARN_ON_ONCE(!ref->node_name || ref->path_consumed < 0))
32 		return -EINVAL;
33 
34 	if (strlen(full_path) - ref->path_consumed) {
35 		prepath = full_path + ref->path_consumed;
36 		/* skip initial delimiter */
37 		if (*prepath == '/' || *prepath == '\\')
38 			prepath++;
39 	}
40 
41 	path = cifs_build_devname(ref->node_name, prepath);
42 	if (IS_ERR(path))
43 		return PTR_ERR(path);
44 
45 	rc = smb3_parse_devname(path, ctx);
46 	if (rc)
47 		goto out;
48 
49 	rc = dns_resolve_server_name_to_ip(path, (struct sockaddr *)&ctx->dstaddr, NULL);
50 
51 out:
52 	kfree(path);
53 	return rc;
54 }
55 
56 static int get_session(struct cifs_mount_ctx *mnt_ctx, const char *full_path)
57 {
58 	struct smb3_fs_context *ctx = mnt_ctx->fs_ctx;
59 	int rc;
60 
61 	ctx->leaf_fullpath = (char *)full_path;
62 	rc = cifs_mount_get_session(mnt_ctx);
63 	ctx->leaf_fullpath = NULL;
64 
65 	return rc;
66 }
67 
68 /*
69  * Get an active reference of @ses so that next call to cifs_put_tcon() won't
70  * release it as any new DFS referrals must go through its IPC tcon.
71  */
72 static void set_root_smb_session(struct cifs_mount_ctx *mnt_ctx)
73 {
74 	struct smb3_fs_context *ctx = mnt_ctx->fs_ctx;
75 	struct cifs_ses *ses = mnt_ctx->ses;
76 
77 	if (ses) {
78 		spin_lock(&cifs_tcp_ses_lock);
79 		cifs_smb_ses_inc_refcount(ses);
80 		spin_unlock(&cifs_tcp_ses_lock);
81 	}
82 	ctx->dfs_root_ses = ses;
83 }
84 
85 static inline int parse_dfs_target(struct smb3_fs_context *ctx,
86 				   struct dfs_ref_walk *rw,
87 				   struct dfs_info3_param *tgt)
88 {
89 	int rc;
90 	const char *fpath = ref_walk_fpath(rw) + 1;
91 
92 	rc = ref_walk_get_tgt(rw, tgt);
93 	if (!rc)
94 		rc = dfs_parse_target_referral(fpath, tgt, ctx);
95 	return rc;
96 }
97 
98 static int setup_dfs_ref(struct cifs_mount_ctx *mnt_ctx,
99 			 struct dfs_info3_param *tgt,
100 			 struct dfs_ref_walk *rw)
101 {
102 	struct smb3_fs_context *ctx = mnt_ctx->fs_ctx;
103 	struct cifs_sb_info *cifs_sb = mnt_ctx->cifs_sb;
104 	char *ref_path, *full_path;
105 	int rc;
106 
107 	full_path = smb3_fs_context_fullpath(ctx, CIFS_DIR_SEP(cifs_sb));
108 	if (IS_ERR(full_path))
109 		return PTR_ERR(full_path);
110 
111 	if (!tgt || (tgt->server_type == DFS_TYPE_LINK &&
112 		     DFS_INTERLINK(tgt->flags)))
113 		ref_path = dfs_get_path(cifs_sb, ctx->UNC);
114 	else
115 		ref_path = dfs_get_path(cifs_sb, full_path);
116 	if (IS_ERR(ref_path)) {
117 		rc = PTR_ERR(ref_path);
118 		kfree(full_path);
119 		return rc;
120 	}
121 	ref_walk_path(rw) = ref_path;
122 	ref_walk_fpath(rw) = full_path;
123 	ref_walk_ses(rw) = ctx->dfs_root_ses;
124 	return 0;
125 }
126 
127 static int __dfs_referral_walk(struct cifs_mount_ctx *mnt_ctx,
128 			       struct dfs_ref_walk *rw)
129 {
130 	struct smb3_fs_context *ctx = mnt_ctx->fs_ctx;
131 	struct dfs_info3_param tgt = {};
132 	int rc = -ENOENT;
133 
134 again:
135 	do {
136 		ctx->dfs_root_ses = ref_walk_ses(rw);
137 		if (ref_walk_empty(rw)) {
138 			rc = dfs_get_referral(mnt_ctx, ref_walk_path(rw) + 1,
139 					      NULL, ref_walk_tl(rw));
140 			if (rc) {
141 				rc = cifs_mount_get_tcon(mnt_ctx);
142 				if (!rc)
143 					rc = cifs_is_path_remote(mnt_ctx);
144 				continue;
145 			}
146 			if (!ref_walk_num_tgts(rw)) {
147 				rc = -ENOENT;
148 				continue;
149 			}
150 		}
151 
152 		while (ref_walk_next_tgt(rw)) {
153 			rc = parse_dfs_target(ctx, rw, &tgt);
154 			if (rc)
155 				continue;
156 
157 			cifs_mount_put_conns(mnt_ctx);
158 			rc = get_session(mnt_ctx, ref_walk_path(rw));
159 			if (rc)
160 				continue;
161 
162 			ref_walk_set_tgt_hint(rw);
163 			if (tgt.flags & DFSREF_STORAGE_SERVER) {
164 				rc = cifs_mount_get_tcon(mnt_ctx);
165 				if (!rc)
166 					rc = cifs_is_path_remote(mnt_ctx);
167 				if (!rc)
168 					break;
169 				if (rc != -EREMOTE)
170 					continue;
171 			}
172 
173 			set_root_smb_session(mnt_ctx);
174 			rc = ref_walk_advance(rw);
175 			if (!rc) {
176 				rc = setup_dfs_ref(mnt_ctx, &tgt, rw);
177 				if (!rc) {
178 					rc = -EREMOTE;
179 					goto again;
180 				}
181 			}
182 			if (rc != -ELOOP)
183 				goto out;
184 		}
185 	} while (rc && ref_walk_descend(rw));
186 
187 out:
188 	free_dfs_info_param(&tgt);
189 	return rc;
190 }
191 
192 static int dfs_referral_walk(struct cifs_mount_ctx *mnt_ctx,
193 			     struct dfs_ref_walk **rw)
194 {
195 	int rc;
196 
197 	*rw = ref_walk_alloc();
198 	if (IS_ERR(*rw)) {
199 		rc = PTR_ERR(*rw);
200 		*rw = NULL;
201 		return rc;
202 	}
203 
204 	ref_walk_init(*rw);
205 	rc = setup_dfs_ref(mnt_ctx, NULL, *rw);
206 	if (!rc)
207 		rc = __dfs_referral_walk(mnt_ctx, *rw);
208 	return rc;
209 }
210 
211 static int __dfs_mount_share(struct cifs_mount_ctx *mnt_ctx)
212 {
213 	struct cifs_sb_info *cifs_sb = mnt_ctx->cifs_sb;
214 	struct smb3_fs_context *ctx = mnt_ctx->fs_ctx;
215 	struct dfs_ref_walk *rw = NULL;
216 	struct cifs_tcon *tcon;
217 	char *origin_fullpath;
218 	int rc;
219 
220 	origin_fullpath = dfs_get_path(cifs_sb, ctx->source);
221 	if (IS_ERR(origin_fullpath))
222 		return PTR_ERR(origin_fullpath);
223 
224 	rc = dfs_referral_walk(mnt_ctx, &rw);
225 	if (!rc) {
226 		/*
227 		 * Prevent superblock from being created with any missing
228 		 * connections.
229 		 */
230 		if (WARN_ON(!mnt_ctx->server))
231 			rc = -EHOSTDOWN;
232 		else if (WARN_ON(!mnt_ctx->ses))
233 			rc = -EACCES;
234 		else if (WARN_ON(!mnt_ctx->tcon))
235 			rc = -ENOENT;
236 	}
237 	if (rc)
238 		goto out;
239 
240 	tcon = mnt_ctx->tcon;
241 	spin_lock(&tcon->tc_lock);
242 	tcon->origin_fullpath = origin_fullpath;
243 	origin_fullpath = NULL;
244 	ref_walk_set_tcon(rw, tcon);
245 	spin_unlock(&tcon->tc_lock);
246 	queue_delayed_work(dfscache_wq, &tcon->dfs_cache_work,
247 			   dfs_cache_get_ttl() * HZ);
248 
249 out:
250 	kfree(origin_fullpath);
251 	ref_walk_free(rw);
252 	return rc;
253 }
254 
255 /*
256  * If @ctx->dfs_automount, then update @ctx->dstaddr earlier with the DFS root
257  * server from where we'll start following any referrals.  Otherwise rely on the
258  * value provided by mount(2) as the user might not have dns_resolver key set up
259  * and therefore failing to upcall to resolve UNC hostname under @ctx->source.
260  */
261 static int update_fs_context_dstaddr(struct smb3_fs_context *ctx)
262 {
263 	struct sockaddr *addr = (struct sockaddr *)&ctx->dstaddr;
264 	int rc = 0;
265 
266 	if (!ctx->nodfs && ctx->dfs_automount) {
267 		rc = dns_resolve_server_name_to_ip(ctx->source, addr, NULL);
268 		if (!rc)
269 			cifs_set_port(addr, ctx->port);
270 		ctx->dfs_automount = false;
271 	}
272 	return rc;
273 }
274 
275 int dfs_mount_share(struct cifs_mount_ctx *mnt_ctx)
276 {
277 	struct smb3_fs_context *ctx = mnt_ctx->fs_ctx;
278 	bool nodfs = ctx->nodfs;
279 	int rc;
280 
281 	rc = update_fs_context_dstaddr(ctx);
282 	if (rc)
283 		return rc;
284 
285 	rc = get_session(mnt_ctx, NULL);
286 	if (rc)
287 		return rc;
288 
289 	/*
290 	 * If called with 'nodfs' mount option, then skip DFS resolving.  Otherwise unconditionally
291 	 * try to get an DFS referral (even cached) to determine whether it is an DFS mount.
292 	 *
293 	 * Skip prefix path to provide support for DFS referrals from w2k8 servers which don't seem
294 	 * to respond with PATH_NOT_COVERED to requests that include the prefix.
295 	 */
296 	if (!nodfs) {
297 		rc = dfs_get_referral(mnt_ctx, ctx->UNC + 1, NULL, NULL);
298 		if (rc) {
299 			cifs_dbg(FYI, "%s: no dfs referral for %s: %d\n",
300 				 __func__, ctx->UNC + 1, rc);
301 			cifs_dbg(FYI, "%s: assuming non-dfs mount...\n", __func__);
302 			nodfs = true;
303 		}
304 	}
305 	if (nodfs) {
306 		rc = cifs_mount_get_tcon(mnt_ctx);
307 		if (!rc)
308 			rc = cifs_is_path_remote(mnt_ctx);
309 		return rc;
310 	}
311 
312 	if (!ctx->dfs_conn) {
313 		ctx->dfs_conn = true;
314 		cifs_mount_put_conns(mnt_ctx);
315 		rc = get_session(mnt_ctx, NULL);
316 	}
317 	if (!rc) {
318 		set_root_smb_session(mnt_ctx);
319 		rc = __dfs_mount_share(mnt_ctx);
320 	}
321 	return rc;
322 }
323 
324 /* Update dfs referral path of superblock */
325 static int update_server_fullpath(struct TCP_Server_Info *server, struct cifs_sb_info *cifs_sb,
326 				  const char *target)
327 {
328 	int rc = 0;
329 	size_t len = strlen(target);
330 	char *refpath, *npath;
331 
332 	if (unlikely(len < 2 || *target != '\\'))
333 		return -EINVAL;
334 
335 	if (target[1] == '\\') {
336 		len += 1;
337 		refpath = kmalloc(len, GFP_KERNEL);
338 		if (!refpath)
339 			return -ENOMEM;
340 
341 		scnprintf(refpath, len, "%s", target);
342 	} else {
343 		len += sizeof("\\");
344 		refpath = kmalloc(len, GFP_KERNEL);
345 		if (!refpath)
346 			return -ENOMEM;
347 
348 		scnprintf(refpath, len, "\\%s", target);
349 	}
350 
351 	npath = dfs_cache_canonical_path(refpath, cifs_sb->local_nls, cifs_remap(cifs_sb));
352 	kfree(refpath);
353 
354 	if (IS_ERR(npath)) {
355 		rc = PTR_ERR(npath);
356 	} else {
357 		mutex_lock(&server->refpath_lock);
358 		spin_lock(&server->srv_lock);
359 		kfree(server->leaf_fullpath);
360 		server->leaf_fullpath = npath;
361 		spin_unlock(&server->srv_lock);
362 		mutex_unlock(&server->refpath_lock);
363 	}
364 	return rc;
365 }
366 
367 static int target_share_matches_server(struct TCP_Server_Info *server, char *share,
368 				       bool *target_match)
369 {
370 	int rc = 0;
371 	const char *dfs_host;
372 	size_t dfs_host_len;
373 
374 	*target_match = true;
375 	extract_unc_hostname(share, &dfs_host, &dfs_host_len);
376 
377 	/* Check if hostnames or addresses match */
378 	cifs_server_lock(server);
379 	if (dfs_host_len != strlen(server->hostname) ||
380 	    strncasecmp(dfs_host, server->hostname, dfs_host_len)) {
381 		cifs_dbg(FYI, "%s: %.*s doesn't match %s\n", __func__,
382 			 (int)dfs_host_len, dfs_host, server->hostname);
383 		rc = match_target_ip(server, dfs_host, dfs_host_len, target_match);
384 		if (rc)
385 			cifs_dbg(VFS, "%s: failed to match target ip: %d\n", __func__, rc);
386 	}
387 	cifs_server_unlock(server);
388 	return rc;
389 }
390 
391 static void __tree_connect_ipc(const unsigned int xid, char *tree,
392 			       struct cifs_sb_info *cifs_sb,
393 			       struct cifs_ses *ses)
394 {
395 	struct TCP_Server_Info *server = ses->server;
396 	struct cifs_tcon *tcon = ses->tcon_ipc;
397 	int rc;
398 
399 	spin_lock(&ses->ses_lock);
400 	spin_lock(&ses->chan_lock);
401 	if (cifs_chan_needs_reconnect(ses, server) ||
402 	    ses->ses_status != SES_GOOD) {
403 		spin_unlock(&ses->chan_lock);
404 		spin_unlock(&ses->ses_lock);
405 		cifs_server_dbg(FYI, "%s: skipping ipc reconnect due to disconnected ses\n",
406 				__func__);
407 		return;
408 	}
409 	spin_unlock(&ses->chan_lock);
410 	spin_unlock(&ses->ses_lock);
411 
412 	cifs_server_lock(server);
413 	scnprintf(tree, MAX_TREE_SIZE, "\\\\%s\\IPC$", server->hostname);
414 	cifs_server_unlock(server);
415 
416 	rc = server->ops->tree_connect(xid, ses, tree, tcon,
417 				       cifs_sb->local_nls);
418 	cifs_server_dbg(FYI, "%s: tree_reconnect %s: %d\n", __func__, tree, rc);
419 	spin_lock(&tcon->tc_lock);
420 	if (rc) {
421 		tcon->status = TID_NEED_TCON;
422 	} else {
423 		tcon->status = TID_GOOD;
424 		tcon->need_reconnect = false;
425 	}
426 	spin_unlock(&tcon->tc_lock);
427 }
428 
429 static void tree_connect_ipc(const unsigned int xid, char *tree,
430 			     struct cifs_sb_info *cifs_sb,
431 			     struct cifs_tcon *tcon)
432 {
433 	struct cifs_ses *ses = tcon->ses;
434 
435 	__tree_connect_ipc(xid, tree, cifs_sb, ses);
436 	__tree_connect_ipc(xid, tree, cifs_sb, CIFS_DFS_ROOT_SES(ses));
437 }
438 
439 static int __tree_connect_dfs_target(const unsigned int xid, struct cifs_tcon *tcon,
440 				     struct cifs_sb_info *cifs_sb, char *tree, bool islink,
441 				     struct dfs_cache_tgt_list *tl)
442 {
443 	int rc;
444 	struct TCP_Server_Info *server = tcon->ses->server;
445 	const struct smb_version_operations *ops = server->ops;
446 	struct cifs_ses *root_ses = CIFS_DFS_ROOT_SES(tcon->ses);
447 	char *share = NULL, *prefix = NULL;
448 	struct dfs_cache_tgt_iterator *tit;
449 	bool target_match;
450 
451 	tit = dfs_cache_get_tgt_iterator(tl);
452 	if (!tit) {
453 		rc = -ENOENT;
454 		goto out;
455 	}
456 
457 	/* Try to tree connect to all dfs targets */
458 	for (; tit; tit = dfs_cache_get_next_tgt(tl, tit)) {
459 		const char *target = dfs_cache_get_tgt_name(tit);
460 		DFS_CACHE_TGT_LIST(ntl);
461 
462 		kfree(share);
463 		kfree(prefix);
464 		share = prefix = NULL;
465 
466 		/* Check if share matches with tcp ses */
467 		rc = dfs_cache_get_tgt_share(server->leaf_fullpath + 1, tit, &share, &prefix);
468 		if (rc) {
469 			cifs_dbg(VFS, "%s: failed to parse target share: %d\n", __func__, rc);
470 			break;
471 		}
472 
473 		rc = target_share_matches_server(server, share, &target_match);
474 		if (rc)
475 			break;
476 		if (!target_match) {
477 			rc = -EHOSTUNREACH;
478 			continue;
479 		}
480 
481 		dfs_cache_noreq_update_tgthint(server->leaf_fullpath + 1, tit);
482 		tree_connect_ipc(xid, tree, cifs_sb, tcon);
483 
484 		scnprintf(tree, MAX_TREE_SIZE, "\\%s", share);
485 		if (!islink) {
486 			rc = ops->tree_connect(xid, tcon->ses, tree, tcon, cifs_sb->local_nls);
487 			break;
488 		}
489 
490 		/*
491 		 * If no dfs referrals were returned from link target, then just do a TREE_CONNECT
492 		 * to it.  Otherwise, cache the dfs referral and then mark current tcp ses for
493 		 * reconnect so either the demultiplex thread or the echo worker will reconnect to
494 		 * newly resolved target.
495 		 */
496 		if (dfs_cache_find(xid, root_ses, cifs_sb->local_nls, cifs_remap(cifs_sb), target,
497 				   NULL, &ntl)) {
498 			rc = ops->tree_connect(xid, tcon->ses, tree, tcon, cifs_sb->local_nls);
499 			if (rc)
500 				continue;
501 
502 			rc = cifs_update_super_prepath(cifs_sb, prefix);
503 		} else {
504 			/* Target is another dfs share */
505 			rc = update_server_fullpath(server, cifs_sb, target);
506 			dfs_cache_free_tgts(tl);
507 
508 			if (!rc) {
509 				rc = -EREMOTE;
510 				list_replace_init(&ntl.tl_list, &tl->tl_list);
511 			} else
512 				dfs_cache_free_tgts(&ntl);
513 		}
514 		break;
515 	}
516 
517 out:
518 	kfree(share);
519 	kfree(prefix);
520 
521 	return rc;
522 }
523 
524 static int tree_connect_dfs_target(const unsigned int xid, struct cifs_tcon *tcon,
525 				   struct cifs_sb_info *cifs_sb, char *tree, bool islink,
526 				   struct dfs_cache_tgt_list *tl)
527 {
528 	int rc;
529 	int num_links = 0;
530 	struct TCP_Server_Info *server = tcon->ses->server;
531 	char *old_fullpath = server->leaf_fullpath;
532 
533 	do {
534 		rc = __tree_connect_dfs_target(xid, tcon, cifs_sb, tree, islink, tl);
535 		if (!rc || rc != -EREMOTE)
536 			break;
537 	} while (rc = -ELOOP, ++num_links < MAX_NESTED_LINKS);
538 	/*
539 	 * If we couldn't tree connect to any targets from last referral path, then
540 	 * retry it from newly resolved dfs referral.
541 	 */
542 	if (rc && server->leaf_fullpath != old_fullpath)
543 		cifs_signal_cifsd_for_reconnect(server, true);
544 
545 	dfs_cache_free_tgts(tl);
546 	return rc;
547 }
548 
549 int cifs_tree_connect(const unsigned int xid, struct cifs_tcon *tcon, const struct nls_table *nlsc)
550 {
551 	int rc;
552 	struct TCP_Server_Info *server = tcon->ses->server;
553 	const struct smb_version_operations *ops = server->ops;
554 	DFS_CACHE_TGT_LIST(tl);
555 	struct cifs_sb_info *cifs_sb = NULL;
556 	struct super_block *sb = NULL;
557 	struct dfs_info3_param ref = {0};
558 	char *tree;
559 
560 	/* only send once per connect */
561 	spin_lock(&tcon->tc_lock);
562 
563 	/* if tcon is marked for needing reconnect, update state */
564 	if (tcon->need_reconnect)
565 		tcon->status = TID_NEED_TCON;
566 
567 	if (tcon->status == TID_GOOD) {
568 		spin_unlock(&tcon->tc_lock);
569 		return 0;
570 	}
571 
572 	if (tcon->status != TID_NEW &&
573 	    tcon->status != TID_NEED_TCON) {
574 		spin_unlock(&tcon->tc_lock);
575 		return -EHOSTDOWN;
576 	}
577 
578 	tcon->status = TID_IN_TCON;
579 	spin_unlock(&tcon->tc_lock);
580 
581 	tree = kzalloc(MAX_TREE_SIZE, GFP_KERNEL);
582 	if (!tree) {
583 		rc = -ENOMEM;
584 		goto out;
585 	}
586 
587 	if (tcon->ipc) {
588 		cifs_server_lock(server);
589 		scnprintf(tree, MAX_TREE_SIZE, "\\\\%s\\IPC$", server->hostname);
590 		cifs_server_unlock(server);
591 		rc = ops->tree_connect(xid, tcon->ses, tree, tcon, nlsc);
592 		goto out;
593 	}
594 
595 	sb = cifs_get_dfs_tcon_super(tcon);
596 	if (!IS_ERR(sb))
597 		cifs_sb = CIFS_SB(sb);
598 
599 	/*
600 	 * Tree connect to last share in @tcon->tree_name whether dfs super or
601 	 * cached dfs referral was not found.
602 	 */
603 	if (!cifs_sb || !server->leaf_fullpath ||
604 	    dfs_cache_noreq_find(server->leaf_fullpath + 1, &ref, &tl)) {
605 		rc = ops->tree_connect(xid, tcon->ses, tcon->tree_name, tcon,
606 				       cifs_sb ? cifs_sb->local_nls : nlsc);
607 		goto out;
608 	}
609 
610 	rc = tree_connect_dfs_target(xid, tcon, cifs_sb, tree, ref.server_type == DFS_TYPE_LINK,
611 				     &tl);
612 	free_dfs_info_param(&ref);
613 
614 out:
615 	kfree(tree);
616 	cifs_put_tcp_super(sb);
617 
618 	if (rc) {
619 		spin_lock(&tcon->tc_lock);
620 		if (tcon->status == TID_IN_TCON)
621 			tcon->status = TID_NEED_TCON;
622 		spin_unlock(&tcon->tc_lock);
623 	} else {
624 		spin_lock(&tcon->tc_lock);
625 		if (tcon->status == TID_IN_TCON)
626 			tcon->status = TID_GOOD;
627 		tcon->need_reconnect = false;
628 		spin_unlock(&tcon->tc_lock);
629 	}
630 
631 	return rc;
632 }
633