block: Add gfp_mask parameter to bio_integrity_clone()
[linux-2.6] / fs / cifs / connect.c
1 /*
2  *   fs/cifs/connect.c
3  *
4  *   Copyright (C) International Business Machines  Corp., 2002,2008
5  *   Author(s): Steve French (sfrench@us.ibm.com)
6  *
7  *   This library is free software; you can redistribute it and/or modify
8  *   it under the terms of the GNU Lesser General Public License as published
9  *   by the Free Software Foundation; either version 2.1 of the License, or
10  *   (at your option) any later version.
11  *
12  *   This library is distributed in the hope that it will be useful,
13  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
14  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
15  *   the GNU Lesser General Public License for more details.
16  *
17  *   You should have received a copy of the GNU Lesser General Public License
18  *   along with this library; if not, write to the Free Software
19  *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20  */
21 #include <linux/fs.h>
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/pagemap.h>
27 #include <linux/ctype.h>
28 #include <linux/utsname.h>
29 #include <linux/mempool.h>
30 #include <linux/delay.h>
31 #include <linux/completion.h>
32 #include <linux/kthread.h>
33 #include <linux/pagevec.h>
34 #include <linux/freezer.h>
35 #include <asm/uaccess.h>
36 #include <asm/processor.h>
37 #include <net/ipv6.h>
38 #include "cifspdu.h"
39 #include "cifsglob.h"
40 #include "cifsproto.h"
41 #include "cifs_unicode.h"
42 #include "cifs_debug.h"
43 #include "cifs_fs_sb.h"
44 #include "ntlmssp.h"
45 #include "nterr.h"
46 #include "rfc1002pdu.h"
47 #include "cn_cifs.h"
48
49 #define CIFS_PORT 445
50 #define RFC1001_PORT 139
51
52 extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
53                          unsigned char *p24);
54
55 extern mempool_t *cifs_req_poolp;
56
57 struct smb_vol {
58         char *username;
59         char *password;
60         char *domainname;
61         char *UNC;
62         char *UNCip;
63         char *in6_addr;   /* ipv6 address as human readable form of in6_addr */
64         char *iocharset;  /* local code page for mapping to and from Unicode */
65         char source_rfc1001_name[16]; /* netbios name of client */
66         char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
67         uid_t linux_uid;
68         gid_t linux_gid;
69         mode_t file_mode;
70         mode_t dir_mode;
71         unsigned secFlg;
72         bool rw:1;
73         bool retry:1;
74         bool intr:1;
75         bool setuids:1;
76         bool override_uid:1;
77         bool override_gid:1;
78         bool dynperm:1;
79         bool noperm:1;
80         bool no_psx_acl:1; /* set if posix acl support should be disabled */
81         bool cifs_acl:1;
82         bool no_xattr:1;   /* set if xattr (EA) support should be disabled*/
83         bool server_ino:1; /* use inode numbers from server ie UniqueId */
84         bool direct_io:1;
85         bool remap:1;      /* set to remap seven reserved chars in filenames */
86         bool posix_paths:1; /* unset to not ask for posix pathnames. */
87         bool no_linux_ext:1;
88         bool sfu_emul:1;
89         bool nullauth:1;   /* attempt to authenticate with null user */
90         bool nocase:1;     /* request case insensitive filenames */
91         bool nobrl:1;      /* disable sending byte range locks to srv */
92         bool mand_lock:1;  /* send mandatory not posix byte range lock reqs */
93         bool seal:1;       /* request transport encryption on share */
94         bool nodfs:1;      /* Do not request DFS, even if available */
95         bool local_lease:1; /* check leases only on local system, not remote */
96         bool noblocksnd:1;
97         bool noautotune:1;
98         unsigned int rsize;
99         unsigned int wsize;
100         unsigned int sockopt;
101         unsigned short int port;
102         char *prepath;
103 };
104
105 static int ipv4_connect(struct TCP_Server_Info *server);
106 static int ipv6_connect(struct TCP_Server_Info *server);
107
108 /*
109  * cifs tcp session reconnection
110  *
111  * mark tcp session as reconnecting so temporarily locked
112  * mark all smb sessions as reconnecting for tcp session
113  * reconnect tcp session
114  * wake up waiters on reconnection? - (not needed currently)
115  */
116 static int
117 cifs_reconnect(struct TCP_Server_Info *server)
118 {
119         int rc = 0;
120         struct list_head *tmp, *tmp2;
121         struct cifsSesInfo *ses;
122         struct cifsTconInfo *tcon;
123         struct mid_q_entry *mid_entry;
124
125         spin_lock(&GlobalMid_Lock);
126         if (server->tcpStatus == CifsExiting) {
127                 /* the demux thread will exit normally
128                 next time through the loop */
129                 spin_unlock(&GlobalMid_Lock);
130                 return rc;
131         } else
132                 server->tcpStatus = CifsNeedReconnect;
133         spin_unlock(&GlobalMid_Lock);
134         server->maxBuf = 0;
135
136         cFYI(1, ("Reconnecting tcp session"));
137
138         /* before reconnecting the tcp session, mark the smb session (uid)
139                 and the tid bad so they are not used until reconnected */
140         read_lock(&cifs_tcp_ses_lock);
141         list_for_each(tmp, &server->smb_ses_list) {
142                 ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
143                 ses->need_reconnect = true;
144                 ses->ipc_tid = 0;
145                 list_for_each(tmp2, &ses->tcon_list) {
146                         tcon = list_entry(tmp2, struct cifsTconInfo, tcon_list);
147                         tcon->need_reconnect = true;
148                 }
149         }
150         read_unlock(&cifs_tcp_ses_lock);
151         /* do not want to be sending data on a socket we are freeing */
152         mutex_lock(&server->srv_mutex);
153         if (server->ssocket) {
154                 cFYI(1, ("State: 0x%x Flags: 0x%lx", server->ssocket->state,
155                         server->ssocket->flags));
156                 kernel_sock_shutdown(server->ssocket, SHUT_WR);
157                 cFYI(1, ("Post shutdown state: 0x%x Flags: 0x%lx",
158                         server->ssocket->state,
159                         server->ssocket->flags));
160                 sock_release(server->ssocket);
161                 server->ssocket = NULL;
162         }
163
164         spin_lock(&GlobalMid_Lock);
165         list_for_each(tmp, &server->pending_mid_q) {
166                 mid_entry = list_entry(tmp, struct
167                                         mid_q_entry,
168                                         qhead);
169                 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
170                                 /* Mark other intransit requests as needing
171                                    retry so we do not immediately mark the
172                                    session bad again (ie after we reconnect
173                                    below) as they timeout too */
174                         mid_entry->midState = MID_RETRY_NEEDED;
175                 }
176         }
177         spin_unlock(&GlobalMid_Lock);
178         mutex_unlock(&server->srv_mutex);
179
180         while ((server->tcpStatus != CifsExiting) &&
181                (server->tcpStatus != CifsGood)) {
182                 try_to_freeze();
183                 if (server->addr.sockAddr6.sin6_family == AF_INET6)
184                         rc = ipv6_connect(server);
185                 else
186                         rc = ipv4_connect(server);
187                 if (rc) {
188                         cFYI(1, ("reconnect error %d", rc));
189                         msleep(3000);
190                 } else {
191                         atomic_inc(&tcpSesReconnectCount);
192                         spin_lock(&GlobalMid_Lock);
193                         if (server->tcpStatus != CifsExiting)
194                                 server->tcpStatus = CifsGood;
195                         server->sequence_number = 0;
196                         spin_unlock(&GlobalMid_Lock);
197         /*              atomic_set(&server->inFlight,0);*/
198                         wake_up(&server->response_q);
199                 }
200         }
201         return rc;
202 }
203
204 /*
205         return codes:
206                 0       not a transact2, or all data present
207                 >0      transact2 with that much data missing
208                 -EINVAL = invalid transact2
209
210  */
211 static int check2ndT2(struct smb_hdr *pSMB, unsigned int maxBufSize)
212 {
213         struct smb_t2_rsp *pSMBt;
214         int total_data_size;
215         int data_in_this_rsp;
216         int remaining;
217
218         if (pSMB->Command != SMB_COM_TRANSACTION2)
219                 return 0;
220
221         /* check for plausible wct, bcc and t2 data and parm sizes */
222         /* check for parm and data offset going beyond end of smb */
223         if (pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
224                 cFYI(1, ("invalid transact2 word count"));
225                 return -EINVAL;
226         }
227
228         pSMBt = (struct smb_t2_rsp *)pSMB;
229
230         total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
231         data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
232
233         remaining = total_data_size - data_in_this_rsp;
234
235         if (remaining == 0)
236                 return 0;
237         else if (remaining < 0) {
238                 cFYI(1, ("total data %d smaller than data in frame %d",
239                         total_data_size, data_in_this_rsp));
240                 return -EINVAL;
241         } else {
242                 cFYI(1, ("missing %d bytes from transact2, check next response",
243                         remaining));
244                 if (total_data_size > maxBufSize) {
245                         cERROR(1, ("TotalDataSize %d is over maximum buffer %d",
246                                 total_data_size, maxBufSize));
247                         return -EINVAL;
248                 }
249                 return remaining;
250         }
251 }
252
253 static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
254 {
255         struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
256         struct smb_t2_rsp *pSMBt  = (struct smb_t2_rsp *)pTargetSMB;
257         int total_data_size;
258         int total_in_buf;
259         int remaining;
260         int total_in_buf2;
261         char *data_area_of_target;
262         char *data_area_of_buf2;
263         __u16 byte_count;
264
265         total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
266
267         if (total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
268                 cFYI(1, ("total data size of primary and secondary t2 differ"));
269         }
270
271         total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
272
273         remaining = total_data_size - total_in_buf;
274
275         if (remaining < 0)
276                 return -EINVAL;
277
278         if (remaining == 0) /* nothing to do, ignore */
279                 return 0;
280
281         total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
282         if (remaining < total_in_buf2) {
283                 cFYI(1, ("transact2 2nd response contains too much data"));
284         }
285
286         /* find end of first SMB data area */
287         data_area_of_target = (char *)&pSMBt->hdr.Protocol +
288                                 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
289         /* validate target area */
290
291         data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
292                                         le16_to_cpu(pSMB2->t2_rsp.DataOffset);
293
294         data_area_of_target += total_in_buf;
295
296         /* copy second buffer into end of first buffer */
297         memcpy(data_area_of_target, data_area_of_buf2, total_in_buf2);
298         total_in_buf += total_in_buf2;
299         pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
300         byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
301         byte_count += total_in_buf2;
302         BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
303
304         byte_count = pTargetSMB->smb_buf_length;
305         byte_count += total_in_buf2;
306
307         /* BB also add check that we are not beyond maximum buffer size */
308
309         pTargetSMB->smb_buf_length = byte_count;
310
311         if (remaining == total_in_buf2) {
312                 cFYI(1, ("found the last secondary response"));
313                 return 0; /* we are done */
314         } else /* more responses to go */
315                 return 1;
316
317 }
318
319 static int
320 cifs_demultiplex_thread(struct TCP_Server_Info *server)
321 {
322         int length;
323         unsigned int pdu_length, total_read;
324         struct smb_hdr *smb_buffer = NULL;
325         struct smb_hdr *bigbuf = NULL;
326         struct smb_hdr *smallbuf = NULL;
327         struct msghdr smb_msg;
328         struct kvec iov;
329         struct socket *csocket = server->ssocket;
330         struct list_head *tmp;
331         struct cifsSesInfo *ses;
332         struct task_struct *task_to_wake = NULL;
333         struct mid_q_entry *mid_entry;
334         char temp;
335         bool isLargeBuf = false;
336         bool isMultiRsp;
337         int reconnect;
338
339         current->flags |= PF_MEMALLOC;
340         cFYI(1, ("Demultiplex PID: %d", task_pid_nr(current)));
341
342         length = atomic_inc_return(&tcpSesAllocCount);
343         if (length > 1)
344                 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
345                                 GFP_KERNEL);
346
347         set_freezable();
348         while (server->tcpStatus != CifsExiting) {
349                 if (try_to_freeze())
350                         continue;
351                 if (bigbuf == NULL) {
352                         bigbuf = cifs_buf_get();
353                         if (!bigbuf) {
354                                 cERROR(1, ("No memory for large SMB response"));
355                                 msleep(3000);
356                                 /* retry will check if exiting */
357                                 continue;
358                         }
359                 } else if (isLargeBuf) {
360                         /* we are reusing a dirty large buf, clear its start */
361                         memset(bigbuf, 0, sizeof(struct smb_hdr));
362                 }
363
364                 if (smallbuf == NULL) {
365                         smallbuf = cifs_small_buf_get();
366                         if (!smallbuf) {
367                                 cERROR(1, ("No memory for SMB response"));
368                                 msleep(1000);
369                                 /* retry will check if exiting */
370                                 continue;
371                         }
372                         /* beginning of smb buffer is cleared in our buf_get */
373                 } else /* if existing small buf clear beginning */
374                         memset(smallbuf, 0, sizeof(struct smb_hdr));
375
376                 isLargeBuf = false;
377                 isMultiRsp = false;
378                 smb_buffer = smallbuf;
379                 iov.iov_base = smb_buffer;
380                 iov.iov_len = 4;
381                 smb_msg.msg_control = NULL;
382                 smb_msg.msg_controllen = 0;
383                 pdu_length = 4; /* enough to get RFC1001 header */
384 incomplete_rcv:
385                 length =
386                     kernel_recvmsg(csocket, &smb_msg,
387                                 &iov, 1, pdu_length, 0 /* BB other flags? */);
388
389                 if (server->tcpStatus == CifsExiting) {
390                         break;
391                 } else if (server->tcpStatus == CifsNeedReconnect) {
392                         cFYI(1, ("Reconnect after server stopped responding"));
393                         cifs_reconnect(server);
394                         cFYI(1, ("call to reconnect done"));
395                         csocket = server->ssocket;
396                         continue;
397                 } else if ((length == -ERESTARTSYS) || (length == -EAGAIN)) {
398                         msleep(1); /* minimum sleep to prevent looping
399                                 allowing socket to clear and app threads to set
400                                 tcpStatus CifsNeedReconnect if server hung */
401                         if (pdu_length < 4) {
402                                 iov.iov_base = (4 - pdu_length) +
403                                                         (char *)smb_buffer;
404                                 iov.iov_len = pdu_length;
405                                 smb_msg.msg_control = NULL;
406                                 smb_msg.msg_controllen = 0;
407                                 goto incomplete_rcv;
408                         } else
409                                 continue;
410                 } else if (length <= 0) {
411                         if (server->tcpStatus == CifsNew) {
412                                 cFYI(1, ("tcp session abend after SMBnegprot"));
413                                 /* some servers kill the TCP session rather than
414                                    returning an SMB negprot error, in which
415                                    case reconnecting here is not going to help,
416                                    and so simply return error to mount */
417                                 break;
418                         }
419                         if (!try_to_freeze() && (length == -EINTR)) {
420                                 cFYI(1, ("cifsd thread killed"));
421                                 break;
422                         }
423                         cFYI(1, ("Reconnect after unexpected peek error %d",
424                                 length));
425                         cifs_reconnect(server);
426                         csocket = server->ssocket;
427                         wake_up(&server->response_q);
428                         continue;
429                 } else if (length < pdu_length) {
430                         cFYI(1, ("requested %d bytes but only got %d bytes",
431                                   pdu_length, length));
432                         pdu_length -= length;
433                         msleep(1);
434                         goto incomplete_rcv;
435                 }
436
437                 /* The right amount was read from socket - 4 bytes */
438                 /* so we can now interpret the length field */
439
440                 /* the first byte big endian of the length field,
441                 is actually not part of the length but the type
442                 with the most common, zero, as regular data */
443                 temp = *((char *) smb_buffer);
444
445                 /* Note that FC 1001 length is big endian on the wire,
446                 but we convert it here so it is always manipulated
447                 as host byte order */
448                 pdu_length = be32_to_cpu((__force __be32)smb_buffer->smb_buf_length);
449                 smb_buffer->smb_buf_length = pdu_length;
450
451                 cFYI(1, ("rfc1002 length 0x%x", pdu_length+4));
452
453                 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
454                         continue;
455                 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
456                         cFYI(1, ("Good RFC 1002 session rsp"));
457                         continue;
458                 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
459                         /* we get this from Windows 98 instead of
460                            an error on SMB negprot response */
461                         cFYI(1, ("Negative RFC1002 Session Response Error 0x%x)",
462                                 pdu_length));
463                         if (server->tcpStatus == CifsNew) {
464                                 /* if nack on negprot (rather than
465                                 ret of smb negprot error) reconnecting
466                                 not going to help, ret error to mount */
467                                 break;
468                         } else {
469                                 /* give server a second to
470                                 clean up before reconnect attempt */
471                                 msleep(1000);
472                                 /* always try 445 first on reconnect
473                                 since we get NACK on some if we ever
474                                 connected to port 139 (the NACK is
475                                 since we do not begin with RFC1001
476                                 session initialize frame) */
477                                 server->addr.sockAddr.sin_port =
478                                         htons(CIFS_PORT);
479                                 cifs_reconnect(server);
480                                 csocket = server->ssocket;
481                                 wake_up(&server->response_q);
482                                 continue;
483                         }
484                 } else if (temp != (char) 0) {
485                         cERROR(1, ("Unknown RFC 1002 frame"));
486                         cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
487                                       length);
488                         cifs_reconnect(server);
489                         csocket = server->ssocket;
490                         continue;
491                 }
492
493                 /* else we have an SMB response */
494                 if ((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
495                             (pdu_length < sizeof(struct smb_hdr) - 1 - 4)) {
496                         cERROR(1, ("Invalid size SMB length %d pdu_length %d",
497                                         length, pdu_length+4));
498                         cifs_reconnect(server);
499                         csocket = server->ssocket;
500                         wake_up(&server->response_q);
501                         continue;
502                 }
503
504                 /* else length ok */
505                 reconnect = 0;
506
507                 if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
508                         isLargeBuf = true;
509                         memcpy(bigbuf, smallbuf, 4);
510                         smb_buffer = bigbuf;
511                 }
512                 length = 0;
513                 iov.iov_base = 4 + (char *)smb_buffer;
514                 iov.iov_len = pdu_length;
515                 for (total_read = 0; total_read < pdu_length;
516                      total_read += length) {
517                         length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
518                                                 pdu_length - total_read, 0);
519                         if ((server->tcpStatus == CifsExiting) ||
520                             (length == -EINTR)) {
521                                 /* then will exit */
522                                 reconnect = 2;
523                                 break;
524                         } else if (server->tcpStatus == CifsNeedReconnect) {
525                                 cifs_reconnect(server);
526                                 csocket = server->ssocket;
527                                 /* Reconnect wakes up rspns q */
528                                 /* Now we will reread sock */
529                                 reconnect = 1;
530                                 break;
531                         } else if ((length == -ERESTARTSYS) ||
532                                    (length == -EAGAIN)) {
533                                 msleep(1); /* minimum sleep to prevent looping,
534                                               allowing socket to clear and app
535                                               threads to set tcpStatus
536                                               CifsNeedReconnect if server hung*/
537                                 length = 0;
538                                 continue;
539                         } else if (length <= 0) {
540                                 cERROR(1, ("Received no data, expecting %d",
541                                               pdu_length - total_read));
542                                 cifs_reconnect(server);
543                                 csocket = server->ssocket;
544                                 reconnect = 1;
545                                 break;
546                         }
547                 }
548                 if (reconnect == 2)
549                         break;
550                 else if (reconnect == 1)
551                         continue;
552
553                 length += 4; /* account for rfc1002 hdr */
554
555
556                 dump_smb(smb_buffer, length);
557                 if (checkSMB(smb_buffer, smb_buffer->Mid, total_read+4)) {
558                         cifs_dump_mem("Bad SMB: ", smb_buffer, 48);
559                         continue;
560                 }
561
562
563                 task_to_wake = NULL;
564                 spin_lock(&GlobalMid_Lock);
565                 list_for_each(tmp, &server->pending_mid_q) {
566                         mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
567
568                         if ((mid_entry->mid == smb_buffer->Mid) &&
569                             (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
570                             (mid_entry->command == smb_buffer->Command)) {
571                                 if (check2ndT2(smb_buffer,server->maxBuf) > 0) {
572                                         /* We have a multipart transact2 resp */
573                                         isMultiRsp = true;
574                                         if (mid_entry->resp_buf) {
575                                                 /* merge response - fix up 1st*/
576                                                 if (coalesce_t2(smb_buffer,
577                                                         mid_entry->resp_buf)) {
578                                                         mid_entry->multiRsp =
579                                                                  true;
580                                                         break;
581                                                 } else {
582                                                         /* all parts received */
583                                                         mid_entry->multiEnd =
584                                                                  true;
585                                                         goto multi_t2_fnd;
586                                                 }
587                                         } else {
588                                                 if (!isLargeBuf) {
589                                                         cERROR(1,("1st trans2 resp needs bigbuf"));
590                                         /* BB maybe we can fix this up,  switch
591                                            to already allocated large buffer? */
592                                                 } else {
593                                                         /* Have first buffer */
594                                                         mid_entry->resp_buf =
595                                                                  smb_buffer;
596                                                         mid_entry->largeBuf =
597                                                                  true;
598                                                         bigbuf = NULL;
599                                                 }
600                                         }
601                                         break;
602                                 }
603                                 mid_entry->resp_buf = smb_buffer;
604                                 mid_entry->largeBuf = isLargeBuf;
605 multi_t2_fnd:
606                                 task_to_wake = mid_entry->tsk;
607                                 mid_entry->midState = MID_RESPONSE_RECEIVED;
608 #ifdef CONFIG_CIFS_STATS2
609                                 mid_entry->when_received = jiffies;
610 #endif
611                                 /* so we do not time out requests to  server
612                                 which is still responding (since server could
613                                 be busy but not dead) */
614                                 server->lstrp = jiffies;
615                                 break;
616                         }
617                 }
618                 spin_unlock(&GlobalMid_Lock);
619                 if (task_to_wake) {
620                         /* Was previous buf put in mpx struct for multi-rsp? */
621                         if (!isMultiRsp) {
622                                 /* smb buffer will be freed by user thread */
623                                 if (isLargeBuf)
624                                         bigbuf = NULL;
625                                 else
626                                         smallbuf = NULL;
627                         }
628                         wake_up_process(task_to_wake);
629                 } else if (!is_valid_oplock_break(smb_buffer, server) &&
630                            !isMultiRsp) {
631                         cERROR(1, ("No task to wake, unknown frame received! "
632                                    "NumMids %d", midCount.counter));
633                         cifs_dump_mem("Received Data is: ", (char *)smb_buffer,
634                                       sizeof(struct smb_hdr));
635 #ifdef CONFIG_CIFS_DEBUG2
636                         cifs_dump_detail(smb_buffer);
637                         cifs_dump_mids(server);
638 #endif /* CIFS_DEBUG2 */
639
640                 }
641         } /* end while !EXITING */
642
643         /* take it off the list, if it's not already */
644         write_lock(&cifs_tcp_ses_lock);
645         list_del_init(&server->tcp_ses_list);
646         write_unlock(&cifs_tcp_ses_lock);
647
648         spin_lock(&GlobalMid_Lock);
649         server->tcpStatus = CifsExiting;
650         spin_unlock(&GlobalMid_Lock);
651         wake_up_all(&server->response_q);
652
653         /* check if we have blocked requests that need to free */
654         /* Note that cifs_max_pending is normally 50, but
655         can be set at module install time to as little as two */
656         spin_lock(&GlobalMid_Lock);
657         if (atomic_read(&server->inFlight) >= cifs_max_pending)
658                 atomic_set(&server->inFlight, cifs_max_pending - 1);
659         /* We do not want to set the max_pending too low or we
660         could end up with the counter going negative */
661         spin_unlock(&GlobalMid_Lock);
662         /* Although there should not be any requests blocked on
663         this queue it can not hurt to be paranoid and try to wake up requests
664         that may haven been blocked when more than 50 at time were on the wire
665         to the same server - they now will see the session is in exit state
666         and get out of SendReceive.  */
667         wake_up_all(&server->request_q);
668         /* give those requests time to exit */
669         msleep(125);
670
671         if (server->ssocket) {
672                 sock_release(csocket);
673                 server->ssocket = NULL;
674         }
675         /* buffer usuallly freed in free_mid - need to free it here on exit */
676         cifs_buf_release(bigbuf);
677         if (smallbuf) /* no sense logging a debug message if NULL */
678                 cifs_small_buf_release(smallbuf);
679
680         /*
681          * BB: we shouldn't have to do any of this. It shouldn't be
682          * possible to exit from the thread with active SMB sessions
683          */
684         read_lock(&cifs_tcp_ses_lock);
685         if (list_empty(&server->pending_mid_q)) {
686                 /* loop through server session structures attached to this and
687                     mark them dead */
688                 list_for_each(tmp, &server->smb_ses_list) {
689                         ses = list_entry(tmp, struct cifsSesInfo,
690                                          smb_ses_list);
691                         ses->status = CifsExiting;
692                         ses->server = NULL;
693                 }
694                 read_unlock(&cifs_tcp_ses_lock);
695         } else {
696                 /* although we can not zero the server struct pointer yet,
697                 since there are active requests which may depnd on them,
698                 mark the corresponding SMB sessions as exiting too */
699                 list_for_each(tmp, &server->smb_ses_list) {
700                         ses = list_entry(tmp, struct cifsSesInfo,
701                                          smb_ses_list);
702                         ses->status = CifsExiting;
703                 }
704
705                 spin_lock(&GlobalMid_Lock);
706                 list_for_each(tmp, &server->pending_mid_q) {
707                 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
708                         if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
709                                 cFYI(1, ("Clearing Mid 0x%x - waking up ",
710                                          mid_entry->mid));
711                                 task_to_wake = mid_entry->tsk;
712                                 if (task_to_wake)
713                                         wake_up_process(task_to_wake);
714                         }
715                 }
716                 spin_unlock(&GlobalMid_Lock);
717                 read_unlock(&cifs_tcp_ses_lock);
718                 /* 1/8th of sec is more than enough time for them to exit */
719                 msleep(125);
720         }
721
722         if (!list_empty(&server->pending_mid_q)) {
723                 /* mpx threads have not exited yet give them
724                 at least the smb send timeout time for long ops */
725                 /* due to delays on oplock break requests, we need
726                 to wait at least 45 seconds before giving up
727                 on a request getting a response and going ahead
728                 and killing cifsd */
729                 cFYI(1, ("Wait for exit from demultiplex thread"));
730                 msleep(46000);
731                 /* if threads still have not exited they are probably never
732                 coming home not much else we can do but free the memory */
733         }
734
735         /* last chance to mark ses pointers invalid
736         if there are any pointing to this (e.g
737         if a crazy root user tried to kill cifsd
738         kernel thread explicitly this might happen) */
739         /* BB: This shouldn't be necessary, see above */
740         read_lock(&cifs_tcp_ses_lock);
741         list_for_each(tmp, &server->smb_ses_list) {
742                 ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
743                 ses->server = NULL;
744         }
745         read_unlock(&cifs_tcp_ses_lock);
746
747         kfree(server->hostname);
748         task_to_wake = xchg(&server->tsk, NULL);
749         kfree(server);
750
751         length = atomic_dec_return(&tcpSesAllocCount);
752         if (length  > 0)
753                 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
754                                 GFP_KERNEL);
755
756         /* if server->tsk was NULL then wait for a signal before exiting */
757         if (!task_to_wake) {
758                 set_current_state(TASK_INTERRUPTIBLE);
759                 while (!signal_pending(current)) {
760                         schedule();
761                         set_current_state(TASK_INTERRUPTIBLE);
762                 }
763                 set_current_state(TASK_RUNNING);
764         }
765
766         module_put_and_exit(0);
767 }
768
769 /* extract the host portion of the UNC string */
770 static char *
771 extract_hostname(const char *unc)
772 {
773         const char *src;
774         char *dst, *delim;
775         unsigned int len;
776
777         /* skip double chars at beginning of string */
778         /* BB: check validity of these bytes? */
779         src = unc + 2;
780
781         /* delimiter between hostname and sharename is always '\\' now */
782         delim = strchr(src, '\\');
783         if (!delim)
784                 return ERR_PTR(-EINVAL);
785
786         len = delim - src;
787         dst = kmalloc((len + 1), GFP_KERNEL);
788         if (dst == NULL)
789                 return ERR_PTR(-ENOMEM);
790
791         memcpy(dst, src, len);
792         dst[len] = '\0';
793
794         return dst;
795 }
796
797 static int
798 cifs_parse_mount_options(char *options, const char *devname,
799                          struct smb_vol *vol)
800 {
801         char *value;
802         char *data;
803         unsigned int  temp_len, i, j;
804         char separator[2];
805
806         separator[0] = ',';
807         separator[1] = 0;
808
809         if (Local_System_Name[0] != 0)
810                 memcpy(vol->source_rfc1001_name, Local_System_Name, 15);
811         else {
812                 char *nodename = utsname()->nodename;
813                 int n = strnlen(nodename, 15);
814                 memset(vol->source_rfc1001_name, 0x20, 15);
815                 for (i = 0; i < n; i++) {
816                         /* does not have to be perfect mapping since field is
817                         informational, only used for servers that do not support
818                         port 445 and it can be overridden at mount time */
819                         vol->source_rfc1001_name[i] = toupper(nodename[i]);
820                 }
821         }
822         vol->source_rfc1001_name[15] = 0;
823         /* null target name indicates to use *SMBSERVR default called name
824            if we end up sending RFC1001 session initialize */
825         vol->target_rfc1001_name[0] = 0;
826         vol->linux_uid = current_uid();  /* use current_euid() instead? */
827         vol->linux_gid = current_gid();
828         vol->dir_mode = S_IRWXUGO;
829         /* 2767 perms indicate mandatory locking support */
830         vol->file_mode = (S_IRWXUGO | S_ISGID) & (~S_IXGRP);
831
832         /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
833         vol->rw = true;
834         /* default is always to request posix paths. */
835         vol->posix_paths = 1;
836
837         if (!options)
838                 return 1;
839
840         if (strncmp(options, "sep=", 4) == 0) {
841                 if (options[4] != 0) {
842                         separator[0] = options[4];
843                         options += 5;
844                 } else {
845                         cFYI(1, ("Null separator not allowed"));
846                 }
847         }
848
849         while ((data = strsep(&options, separator)) != NULL) {
850                 if (!*data)
851                         continue;
852                 if ((value = strchr(data, '=')) != NULL)
853                         *value++ = '\0';
854
855                 /* Have to parse this before we parse for "user" */
856                 if (strnicmp(data, "user_xattr", 10) == 0) {
857                         vol->no_xattr = 0;
858                 } else if (strnicmp(data, "nouser_xattr", 12) == 0) {
859                         vol->no_xattr = 1;
860                 } else if (strnicmp(data, "user", 4) == 0) {
861                         if (!value) {
862                                 printk(KERN_WARNING
863                                        "CIFS: invalid or missing username\n");
864                                 return 1;       /* needs_arg; */
865                         } else if (!*value) {
866                                 /* null user, ie anonymous, authentication */
867                                 vol->nullauth = 1;
868                         }
869                         if (strnlen(value, 200) < 200) {
870                                 vol->username = value;
871                         } else {
872                                 printk(KERN_WARNING "CIFS: username too long\n");
873                                 return 1;
874                         }
875                 } else if (strnicmp(data, "pass", 4) == 0) {
876                         if (!value) {
877                                 vol->password = NULL;
878                                 continue;
879                         } else if (value[0] == 0) {
880                                 /* check if string begins with double comma
881                                    since that would mean the password really
882                                    does start with a comma, and would not
883                                    indicate an empty string */
884                                 if (value[1] != separator[0]) {
885                                         vol->password = NULL;
886                                         continue;
887                                 }
888                         }
889                         temp_len = strlen(value);
890                         /* removed password length check, NTLM passwords
891                                 can be arbitrarily long */
892
893                         /* if comma in password, the string will be
894                         prematurely null terminated.  Commas in password are
895                         specified across the cifs mount interface by a double
896                         comma ie ,, and a comma used as in other cases ie ','
897                         as a parameter delimiter/separator is single and due
898                         to the strsep above is temporarily zeroed. */
899
900                         /* NB: password legally can have multiple commas and
901                         the only illegal character in a password is null */
902
903                         if ((value[temp_len] == 0) &&
904                             (value[temp_len+1] == separator[0])) {
905                                 /* reinsert comma */
906                                 value[temp_len] = separator[0];
907                                 temp_len += 2;  /* move after second comma */
908                                 while (value[temp_len] != 0)  {
909                                         if (value[temp_len] == separator[0]) {
910                                                 if (value[temp_len+1] ==
911                                                      separator[0]) {
912                                                 /* skip second comma */
913                                                         temp_len++;
914                                                 } else {
915                                                 /* single comma indicating start
916                                                          of next parm */
917                                                         break;
918                                                 }
919                                         }
920                                         temp_len++;
921                                 }
922                                 if (value[temp_len] == 0) {
923                                         options = NULL;
924                                 } else {
925                                         value[temp_len] = 0;
926                                         /* point option to start of next parm */
927                                         options = value + temp_len + 1;
928                                 }
929                                 /* go from value to value + temp_len condensing
930                                 double commas to singles. Note that this ends up
931                                 allocating a few bytes too many, which is ok */
932                                 vol->password = kzalloc(temp_len, GFP_KERNEL);
933                                 if (vol->password == NULL) {
934                                         printk(KERN_WARNING "CIFS: no memory "
935                                                             "for password\n");
936                                         return 1;
937                                 }
938                                 for (i = 0, j = 0; i < temp_len; i++, j++) {
939                                         vol->password[j] = value[i];
940                                         if (value[i] == separator[0]
941                                                 && value[i+1] == separator[0]) {
942                                                 /* skip second comma */
943                                                 i++;
944                                         }
945                                 }
946                                 vol->password[j] = 0;
947                         } else {
948                                 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
949                                 if (vol->password == NULL) {
950                                         printk(KERN_WARNING "CIFS: no memory "
951                                                             "for password\n");
952                                         return 1;
953                                 }
954                                 strcpy(vol->password, value);
955                         }
956                 } else if (strnicmp(data, "ip", 2) == 0) {
957                         if (!value || !*value) {
958                                 vol->UNCip = NULL;
959                         } else if (strnlen(value, 35) < 35) {
960                                 vol->UNCip = value;
961                         } else {
962                                 printk(KERN_WARNING "CIFS: ip address "
963                                                     "too long\n");
964                                 return 1;
965                         }
966                 } else if (strnicmp(data, "sec", 3) == 0) {
967                         if (!value || !*value) {
968                                 cERROR(1, ("no security value specified"));
969                                 continue;
970                         } else if (strnicmp(value, "krb5i", 5) == 0) {
971                                 vol->secFlg |= CIFSSEC_MAY_KRB5 |
972                                         CIFSSEC_MUST_SIGN;
973                         } else if (strnicmp(value, "krb5p", 5) == 0) {
974                                 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
975                                         CIFSSEC_MAY_KRB5; */
976                                 cERROR(1, ("Krb5 cifs privacy not supported"));
977                                 return 1;
978                         } else if (strnicmp(value, "krb5", 4) == 0) {
979                                 vol->secFlg |= CIFSSEC_MAY_KRB5;
980                         } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
981                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
982                                         CIFSSEC_MUST_SIGN;
983                         } else if (strnicmp(value, "ntlmv2", 6) == 0) {
984                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
985                         } else if (strnicmp(value, "ntlmi", 5) == 0) {
986                                 vol->secFlg |= CIFSSEC_MAY_NTLM |
987                                         CIFSSEC_MUST_SIGN;
988                         } else if (strnicmp(value, "ntlm", 4) == 0) {
989                                 /* ntlm is default so can be turned off too */
990                                 vol->secFlg |= CIFSSEC_MAY_NTLM;
991                         } else if (strnicmp(value, "nontlm", 6) == 0) {
992                                 /* BB is there a better way to do this? */
993                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
994 #ifdef CONFIG_CIFS_WEAK_PW_HASH
995                         } else if (strnicmp(value, "lanman", 6) == 0) {
996                                 vol->secFlg |= CIFSSEC_MAY_LANMAN;
997 #endif
998                         } else if (strnicmp(value, "none", 4) == 0) {
999                                 vol->nullauth = 1;
1000                         } else {
1001                                 cERROR(1, ("bad security option: %s", value));
1002                                 return 1;
1003                         }
1004                 } else if ((strnicmp(data, "unc", 3) == 0)
1005                            || (strnicmp(data, "target", 6) == 0)
1006                            || (strnicmp(data, "path", 4) == 0)) {
1007                         if (!value || !*value) {
1008                                 printk(KERN_WARNING "CIFS: invalid path to "
1009                                                     "network resource\n");
1010                                 return 1;       /* needs_arg; */
1011                         }
1012                         if ((temp_len = strnlen(value, 300)) < 300) {
1013                                 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1014                                 if (vol->UNC == NULL)
1015                                         return 1;
1016                                 strcpy(vol->UNC, value);
1017                                 if (strncmp(vol->UNC, "//", 2) == 0) {
1018                                         vol->UNC[0] = '\\';
1019                                         vol->UNC[1] = '\\';
1020                                 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1021                                         printk(KERN_WARNING
1022                                                "CIFS: UNC Path does not begin "
1023                                                "with // or \\\\ \n");
1024                                         return 1;
1025                                 }
1026                         } else {
1027                                 printk(KERN_WARNING "CIFS: UNC name too long\n");
1028                                 return 1;
1029                         }
1030                 } else if ((strnicmp(data, "domain", 3) == 0)
1031                            || (strnicmp(data, "workgroup", 5) == 0)) {
1032                         if (!value || !*value) {
1033                                 printk(KERN_WARNING "CIFS: invalid domain name\n");
1034                                 return 1;       /* needs_arg; */
1035                         }
1036                         /* BB are there cases in which a comma can be valid in
1037                         a domain name and need special handling? */
1038                         if (strnlen(value, 256) < 256) {
1039                                 vol->domainname = value;
1040                                 cFYI(1, ("Domain name set"));
1041                         } else {
1042                                 printk(KERN_WARNING "CIFS: domain name too "
1043                                                     "long\n");
1044                                 return 1;
1045                         }
1046                 } else if (strnicmp(data, "prefixpath", 10) == 0) {
1047                         if (!value || !*value) {
1048                                 printk(KERN_WARNING
1049                                         "CIFS: invalid path prefix\n");
1050                                 return 1;       /* needs_argument */
1051                         }
1052                         if ((temp_len = strnlen(value, 1024)) < 1024) {
1053                                 if (value[0] != '/')
1054                                         temp_len++;  /* missing leading slash */
1055                                 vol->prepath = kmalloc(temp_len+1, GFP_KERNEL);
1056                                 if (vol->prepath == NULL)
1057                                         return 1;
1058                                 if (value[0] != '/') {
1059                                         vol->prepath[0] = '/';
1060                                         strcpy(vol->prepath+1, value);
1061                                 } else
1062                                         strcpy(vol->prepath, value);
1063                                 cFYI(1, ("prefix path %s", vol->prepath));
1064                         } else {
1065                                 printk(KERN_WARNING "CIFS: prefix too long\n");
1066                                 return 1;
1067                         }
1068                 } else if (strnicmp(data, "iocharset", 9) == 0) {
1069                         if (!value || !*value) {
1070                                 printk(KERN_WARNING "CIFS: invalid iocharset "
1071                                                     "specified\n");
1072                                 return 1;       /* needs_arg; */
1073                         }
1074                         if (strnlen(value, 65) < 65) {
1075                                 if (strnicmp(value, "default", 7))
1076                                         vol->iocharset = value;
1077                                 /* if iocharset not set then load_nls_default
1078                                    is used by caller */
1079                                 cFYI(1, ("iocharset set to %s", value));
1080                         } else {
1081                                 printk(KERN_WARNING "CIFS: iocharset name "
1082                                                     "too long.\n");
1083                                 return 1;
1084                         }
1085                 } else if (strnicmp(data, "uid", 3) == 0) {
1086                         if (value && *value) {
1087                                 vol->linux_uid =
1088                                         simple_strtoul(value, &value, 0);
1089                                 vol->override_uid = 1;
1090                         }
1091                 } else if (strnicmp(data, "gid", 3) == 0) {
1092                         if (value && *value) {
1093                                 vol->linux_gid =
1094                                         simple_strtoul(value, &value, 0);
1095                                 vol->override_gid = 1;
1096                         }
1097                 } else if (strnicmp(data, "file_mode", 4) == 0) {
1098                         if (value && *value) {
1099                                 vol->file_mode =
1100                                         simple_strtoul(value, &value, 0);
1101                         }
1102                 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1103                         if (value && *value) {
1104                                 vol->dir_mode =
1105                                         simple_strtoul(value, &value, 0);
1106                         }
1107                 } else if (strnicmp(data, "dirmode", 4) == 0) {
1108                         if (value && *value) {
1109                                 vol->dir_mode =
1110                                         simple_strtoul(value, &value, 0);
1111                         }
1112                 } else if (strnicmp(data, "port", 4) == 0) {
1113                         if (value && *value) {
1114                                 vol->port =
1115                                         simple_strtoul(value, &value, 0);
1116                         }
1117                 } else if (strnicmp(data, "rsize", 5) == 0) {
1118                         if (value && *value) {
1119                                 vol->rsize =
1120                                         simple_strtoul(value, &value, 0);
1121                         }
1122                 } else if (strnicmp(data, "wsize", 5) == 0) {
1123                         if (value && *value) {
1124                                 vol->wsize =
1125                                         simple_strtoul(value, &value, 0);
1126                         }
1127                 } else if (strnicmp(data, "sockopt", 5) == 0) {
1128                         if (value && *value) {
1129                                 vol->sockopt =
1130                                         simple_strtoul(value, &value, 0);
1131                         }
1132                 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1133                         if (!value || !*value || (*value == ' ')) {
1134                                 cFYI(1, ("invalid (empty) netbiosname"));
1135                         } else {
1136                                 memset(vol->source_rfc1001_name, 0x20, 15);
1137                                 for (i = 0; i < 15; i++) {
1138                                 /* BB are there cases in which a comma can be
1139                                 valid in this workstation netbios name (and need
1140                                 special handling)? */
1141
1142                                 /* We do not uppercase netbiosname for user */
1143                                         if (value[i] == 0)
1144                                                 break;
1145                                         else
1146                                                 vol->source_rfc1001_name[i] =
1147                                                                 value[i];
1148                                 }
1149                                 /* The string has 16th byte zero still from
1150                                 set at top of the function  */
1151                                 if ((i == 15) && (value[i] != 0))
1152                                         printk(KERN_WARNING "CIFS: netbiosname"
1153                                                 " longer than 15 truncated.\n");
1154                         }
1155                 } else if (strnicmp(data, "servern", 7) == 0) {
1156                         /* servernetbiosname specified override *SMBSERVER */
1157                         if (!value || !*value || (*value == ' ')) {
1158                                 cFYI(1, ("empty server netbiosname specified"));
1159                         } else {
1160                                 /* last byte, type, is 0x20 for servr type */
1161                                 memset(vol->target_rfc1001_name, 0x20, 16);
1162
1163                                 for (i = 0; i < 15; i++) {
1164                                 /* BB are there cases in which a comma can be
1165                                    valid in this workstation netbios name
1166                                    (and need special handling)? */
1167
1168                                 /* user or mount helper must uppercase
1169                                    the netbiosname */
1170                                         if (value[i] == 0)
1171                                                 break;
1172                                         else
1173                                                 vol->target_rfc1001_name[i] =
1174                                                                 value[i];
1175                                 }
1176                                 /* The string has 16th byte zero still from
1177                                    set at top of the function  */
1178                                 if ((i == 15) && (value[i] != 0))
1179                                         printk(KERN_WARNING "CIFS: server net"
1180                                         "biosname longer than 15 truncated.\n");
1181                         }
1182                 } else if (strnicmp(data, "credentials", 4) == 0) {
1183                         /* ignore */
1184                 } else if (strnicmp(data, "version", 3) == 0) {
1185                         /* ignore */
1186                 } else if (strnicmp(data, "guest", 5) == 0) {
1187                         /* ignore */
1188                 } else if (strnicmp(data, "rw", 2) == 0) {
1189                         vol->rw = true;
1190                 } else if (strnicmp(data, "noblocksend", 11) == 0) {
1191                         vol->noblocksnd = 1;
1192                 } else if (strnicmp(data, "noautotune", 10) == 0) {
1193                         vol->noautotune = 1;
1194                 } else if ((strnicmp(data, "suid", 4) == 0) ||
1195                                    (strnicmp(data, "nosuid", 6) == 0) ||
1196                                    (strnicmp(data, "exec", 4) == 0) ||
1197                                    (strnicmp(data, "noexec", 6) == 0) ||
1198                                    (strnicmp(data, "nodev", 5) == 0) ||
1199                                    (strnicmp(data, "noauto", 6) == 0) ||
1200                                    (strnicmp(data, "dev", 3) == 0)) {
1201                         /*  The mount tool or mount.cifs helper (if present)
1202                             uses these opts to set flags, and the flags are read
1203                             by the kernel vfs layer before we get here (ie
1204                             before read super) so there is no point trying to
1205                             parse these options again and set anything and it
1206                             is ok to just ignore them */
1207                         continue;
1208                 } else if (strnicmp(data, "ro", 2) == 0) {
1209                         vol->rw = false;
1210                 } else if (strnicmp(data, "hard", 4) == 0) {
1211                         vol->retry = 1;
1212                 } else if (strnicmp(data, "soft", 4) == 0) {
1213                         vol->retry = 0;
1214                 } else if (strnicmp(data, "perm", 4) == 0) {
1215                         vol->noperm = 0;
1216                 } else if (strnicmp(data, "noperm", 6) == 0) {
1217                         vol->noperm = 1;
1218                 } else if (strnicmp(data, "mapchars", 8) == 0) {
1219                         vol->remap = 1;
1220                 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1221                         vol->remap = 0;
1222                 } else if (strnicmp(data, "sfu", 3) == 0) {
1223                         vol->sfu_emul = 1;
1224                 } else if (strnicmp(data, "nosfu", 5) == 0) {
1225                         vol->sfu_emul = 0;
1226                 } else if (strnicmp(data, "nodfs", 5) == 0) {
1227                         vol->nodfs = 1;
1228                 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1229                         vol->posix_paths = 1;
1230                 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1231                         vol->posix_paths = 0;
1232                 } else if (strnicmp(data, "nounix", 6) == 0) {
1233                         vol->no_linux_ext = 1;
1234                 } else if (strnicmp(data, "nolinux", 7) == 0) {
1235                         vol->no_linux_ext = 1;
1236                 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1237                            (strnicmp(data, "ignorecase", 10)  == 0)) {
1238                         vol->nocase = 1;
1239                 } else if (strnicmp(data, "brl", 3) == 0) {
1240                         vol->nobrl =  0;
1241                 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1242                            (strnicmp(data, "nolock", 6) == 0)) {
1243                         vol->nobrl =  1;
1244                         /* turn off mandatory locking in mode
1245                         if remote locking is turned off since the
1246                         local vfs will do advisory */
1247                         if (vol->file_mode ==
1248                                 (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1249                                 vol->file_mode = S_IALLUGO;
1250                 } else if (strnicmp(data, "forcemandatorylock", 9) == 0) {
1251                         /* will take the shorter form "forcemand" as well */
1252                         /* This mount option will force use of mandatory
1253                           (DOS/Windows style) byte range locks, instead of
1254                           using posix advisory byte range locks, even if the
1255                           Unix extensions are available and posix locks would
1256                           be supported otherwise. If Unix extensions are not
1257                           negotiated this has no effect since mandatory locks
1258                           would be used (mandatory locks is all that those
1259                           those servers support) */
1260                         vol->mand_lock = 1;
1261                 } else if (strnicmp(data, "setuids", 7) == 0) {
1262                         vol->setuids = 1;
1263                 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1264                         vol->setuids = 0;
1265                 } else if (strnicmp(data, "dynperm", 7) == 0) {
1266                         vol->dynperm = true;
1267                 } else if (strnicmp(data, "nodynperm", 9) == 0) {
1268                         vol->dynperm = false;
1269                 } else if (strnicmp(data, "nohard", 6) == 0) {
1270                         vol->retry = 0;
1271                 } else if (strnicmp(data, "nosoft", 6) == 0) {
1272                         vol->retry = 1;
1273                 } else if (strnicmp(data, "nointr", 6) == 0) {
1274                         vol->intr = 0;
1275                 } else if (strnicmp(data, "intr", 4) == 0) {
1276                         vol->intr = 1;
1277                 } else if (strnicmp(data, "serverino", 7) == 0) {
1278                         vol->server_ino = 1;
1279                 } else if (strnicmp(data, "noserverino", 9) == 0) {
1280                         vol->server_ino = 0;
1281                 } else if (strnicmp(data, "cifsacl", 7) == 0) {
1282                         vol->cifs_acl = 1;
1283                 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1284                         vol->cifs_acl = 0;
1285                 } else if (strnicmp(data, "acl", 3) == 0) {
1286                         vol->no_psx_acl = 0;
1287                 } else if (strnicmp(data, "noacl", 5) == 0) {
1288                         vol->no_psx_acl = 1;
1289 #ifdef CONFIG_CIFS_EXPERIMENTAL
1290                 } else if (strnicmp(data, "locallease", 6) == 0) {
1291                         vol->local_lease = 1;
1292 #endif
1293                 } else if (strnicmp(data, "sign", 4) == 0) {
1294                         vol->secFlg |= CIFSSEC_MUST_SIGN;
1295                 } else if (strnicmp(data, "seal", 4) == 0) {
1296                         /* we do not do the following in secFlags because seal
1297                            is a per tree connection (mount) not a per socket
1298                            or per-smb connection option in the protocol */
1299                         /* vol->secFlg |= CIFSSEC_MUST_SEAL; */
1300                         vol->seal = 1;
1301                 } else if (strnicmp(data, "direct", 6) == 0) {
1302                         vol->direct_io = 1;
1303                 } else if (strnicmp(data, "forcedirectio", 13) == 0) {
1304                         vol->direct_io = 1;
1305                 } else if (strnicmp(data, "in6_addr", 8) == 0) {
1306                         if (!value || !*value) {
1307                                 vol->in6_addr = NULL;
1308                         } else if (strnlen(value, 49) == 48) {
1309                                 vol->in6_addr = value;
1310                         } else {
1311                                 printk(KERN_WARNING "CIFS: ip v6 address not "
1312                                                     "48 characters long\n");
1313                                 return 1;
1314                         }
1315                 } else if (strnicmp(data, "noac", 4) == 0) {
1316                         printk(KERN_WARNING "CIFS: Mount option noac not "
1317                                 "supported. Instead set "
1318                                 "/proc/fs/cifs/LookupCacheEnabled to 0\n");
1319                 } else
1320                         printk(KERN_WARNING "CIFS: Unknown mount option %s\n",
1321                                                 data);
1322         }
1323         if (vol->UNC == NULL) {
1324                 if (devname == NULL) {
1325                         printk(KERN_WARNING "CIFS: Missing UNC name for mount "
1326                                                 "target\n");
1327                         return 1;
1328                 }
1329                 if ((temp_len = strnlen(devname, 300)) < 300) {
1330                         vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1331                         if (vol->UNC == NULL)
1332                                 return 1;
1333                         strcpy(vol->UNC, devname);
1334                         if (strncmp(vol->UNC, "//", 2) == 0) {
1335                                 vol->UNC[0] = '\\';
1336                                 vol->UNC[1] = '\\';
1337                         } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1338                                 printk(KERN_WARNING "CIFS: UNC Path does not "
1339                                                     "begin with // or \\\\ \n");
1340                                 return 1;
1341                         }
1342                         value = strpbrk(vol->UNC+2, "/\\");
1343                         if (value)
1344                                 *value = '\\';
1345                 } else {
1346                         printk(KERN_WARNING "CIFS: UNC name too long\n");
1347                         return 1;
1348                 }
1349         }
1350         if (vol->UNCip == NULL)
1351                 vol->UNCip = &vol->UNC[2];
1352
1353         return 0;
1354 }
1355
1356 static struct TCP_Server_Info *
1357 cifs_find_tcp_session(struct sockaddr_storage *addr)
1358 {
1359         struct list_head *tmp;
1360         struct TCP_Server_Info *server;
1361         struct sockaddr_in *addr4 = (struct sockaddr_in *) addr;
1362         struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) addr;
1363
1364         write_lock(&cifs_tcp_ses_lock);
1365         list_for_each(tmp, &cifs_tcp_ses_list) {
1366                 server = list_entry(tmp, struct TCP_Server_Info,
1367                                     tcp_ses_list);
1368                 /*
1369                  * the demux thread can exit on its own while still in CifsNew
1370                  * so don't accept any sockets in that state. Since the
1371                  * tcpStatus never changes back to CifsNew it's safe to check
1372                  * for this without a lock.
1373                  */
1374                 if (server->tcpStatus == CifsNew)
1375                         continue;
1376
1377                 if (addr->ss_family == AF_INET &&
1378                     (addr4->sin_addr.s_addr !=
1379                      server->addr.sockAddr.sin_addr.s_addr))
1380                         continue;
1381                 else if (addr->ss_family == AF_INET6 &&
1382                          !ipv6_addr_equal(&server->addr.sockAddr6.sin6_addr,
1383                                           &addr6->sin6_addr))
1384                         continue;
1385
1386                 ++server->srv_count;
1387                 write_unlock(&cifs_tcp_ses_lock);
1388                 cFYI(1, ("Existing tcp session with server found"));
1389                 return server;
1390         }
1391         write_unlock(&cifs_tcp_ses_lock);
1392         return NULL;
1393 }
1394
1395 static void
1396 cifs_put_tcp_session(struct TCP_Server_Info *server)
1397 {
1398         struct task_struct *task;
1399
1400         write_lock(&cifs_tcp_ses_lock);
1401         if (--server->srv_count > 0) {
1402                 write_unlock(&cifs_tcp_ses_lock);
1403                 return;
1404         }
1405
1406         list_del_init(&server->tcp_ses_list);
1407         write_unlock(&cifs_tcp_ses_lock);
1408
1409         spin_lock(&GlobalMid_Lock);
1410         server->tcpStatus = CifsExiting;
1411         spin_unlock(&GlobalMid_Lock);
1412
1413         task = xchg(&server->tsk, NULL);
1414         if (task)
1415                 force_sig(SIGKILL, task);
1416 }
1417
1418 static struct TCP_Server_Info *
1419 cifs_get_tcp_session(struct smb_vol *volume_info)
1420 {
1421         struct TCP_Server_Info *tcp_ses = NULL;
1422         struct sockaddr_storage addr;
1423         struct sockaddr_in *sin_server = (struct sockaddr_in *) &addr;
1424         struct sockaddr_in6 *sin_server6 = (struct sockaddr_in6 *) &addr;
1425         int rc;
1426
1427         memset(&addr, 0, sizeof(struct sockaddr_storage));
1428
1429         if (volume_info->UNCip && volume_info->UNC) {
1430                 rc = cifs_inet_pton(AF_INET, volume_info->UNCip,
1431                                     &sin_server->sin_addr.s_addr);
1432
1433                 if (rc <= 0) {
1434                         /* not ipv4 address, try ipv6 */
1435                         rc = cifs_inet_pton(AF_INET6, volume_info->UNCip,
1436                                             &sin_server6->sin6_addr.in6_u);
1437                         if (rc > 0)
1438                                 addr.ss_family = AF_INET6;
1439                 } else {
1440                         addr.ss_family = AF_INET;
1441                 }
1442
1443                 if (rc <= 0) {
1444                         /* we failed translating address */
1445                         rc = -EINVAL;
1446                         goto out_err;
1447                 }
1448
1449                 cFYI(1, ("UNC: %s ip: %s", volume_info->UNC,
1450                          volume_info->UNCip));
1451         } else if (volume_info->UNCip) {
1452                 /* BB using ip addr as tcp_ses name to connect to the
1453                    DFS root below */
1454                 cERROR(1, ("Connecting to DFS root not implemented yet"));
1455                 rc = -EINVAL;
1456                 goto out_err;
1457         } else /* which tcp_sess DFS root would we conect to */ {
1458                 cERROR(1,
1459                        ("CIFS mount error: No UNC path (e.g. -o "
1460                         "unc=//192.168.1.100/public) specified"));
1461                 rc = -EINVAL;
1462                 goto out_err;
1463         }
1464
1465         /* see if we already have a matching tcp_ses */
1466         tcp_ses = cifs_find_tcp_session(&addr);
1467         if (tcp_ses)
1468                 return tcp_ses;
1469
1470         tcp_ses = kzalloc(sizeof(struct TCP_Server_Info), GFP_KERNEL);
1471         if (!tcp_ses) {
1472                 rc = -ENOMEM;
1473                 goto out_err;
1474         }
1475
1476         tcp_ses->hostname = extract_hostname(volume_info->UNC);
1477         if (IS_ERR(tcp_ses->hostname)) {
1478                 rc = PTR_ERR(tcp_ses->hostname);
1479                 goto out_err;
1480         }
1481
1482         tcp_ses->noblocksnd = volume_info->noblocksnd;
1483         tcp_ses->noautotune = volume_info->noautotune;
1484         atomic_set(&tcp_ses->inFlight, 0);
1485         init_waitqueue_head(&tcp_ses->response_q);
1486         init_waitqueue_head(&tcp_ses->request_q);
1487         INIT_LIST_HEAD(&tcp_ses->pending_mid_q);
1488         mutex_init(&tcp_ses->srv_mutex);
1489         memcpy(tcp_ses->workstation_RFC1001_name,
1490                 volume_info->source_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1491         memcpy(tcp_ses->server_RFC1001_name,
1492                 volume_info->target_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1493         tcp_ses->sequence_number = 0;
1494         INIT_LIST_HEAD(&tcp_ses->tcp_ses_list);
1495         INIT_LIST_HEAD(&tcp_ses->smb_ses_list);
1496
1497         /*
1498          * at this point we are the only ones with the pointer
1499          * to the struct since the kernel thread not created yet
1500          * no need to spinlock this init of tcpStatus or srv_count
1501          */
1502         tcp_ses->tcpStatus = CifsNew;
1503         ++tcp_ses->srv_count;
1504
1505         if (addr.ss_family == AF_INET6) {
1506                 cFYI(1, ("attempting ipv6 connect"));
1507                 /* BB should we allow ipv6 on port 139? */
1508                 /* other OS never observed in Wild doing 139 with v6 */
1509                 memcpy(&tcp_ses->addr.sockAddr6, sin_server6,
1510                         sizeof(struct sockaddr_in6));
1511                 sin_server6->sin6_port = htons(volume_info->port);
1512                 rc = ipv6_connect(tcp_ses);
1513         } else {
1514                 memcpy(&tcp_ses->addr.sockAddr, sin_server,
1515                         sizeof(struct sockaddr_in));
1516                 sin_server->sin_port = htons(volume_info->port);
1517                 rc = ipv4_connect(tcp_ses);
1518         }
1519         if (rc < 0) {
1520                 cERROR(1, ("Error connecting to socket. Aborting operation"));
1521                 goto out_err;
1522         }
1523
1524         /*
1525          * since we're in a cifs function already, we know that
1526          * this will succeed. No need for try_module_get().
1527          */
1528         __module_get(THIS_MODULE);
1529         tcp_ses->tsk = kthread_run((void *)(void *)cifs_demultiplex_thread,
1530                                   tcp_ses, "cifsd");
1531         if (IS_ERR(tcp_ses->tsk)) {
1532                 rc = PTR_ERR(tcp_ses->tsk);
1533                 cERROR(1, ("error %d create cifsd thread", rc));
1534                 module_put(THIS_MODULE);
1535                 goto out_err;
1536         }
1537
1538         /* thread spawned, put it on the list */
1539         write_lock(&cifs_tcp_ses_lock);
1540         list_add(&tcp_ses->tcp_ses_list, &cifs_tcp_ses_list);
1541         write_unlock(&cifs_tcp_ses_lock);
1542
1543         return tcp_ses;
1544
1545 out_err:
1546         if (tcp_ses) {
1547                 kfree(tcp_ses->hostname);
1548                 if (tcp_ses->ssocket)
1549                         sock_release(tcp_ses->ssocket);
1550                 kfree(tcp_ses);
1551         }
1552         return ERR_PTR(rc);
1553 }
1554
1555 static struct cifsSesInfo *
1556 cifs_find_smb_ses(struct TCP_Server_Info *server, char *username)
1557 {
1558         struct list_head *tmp;
1559         struct cifsSesInfo *ses;
1560
1561         write_lock(&cifs_tcp_ses_lock);
1562         list_for_each(tmp, &server->smb_ses_list) {
1563                 ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
1564                 if (strncmp(ses->userName, username, MAX_USERNAME_SIZE))
1565                         continue;
1566
1567                 ++ses->ses_count;
1568                 write_unlock(&cifs_tcp_ses_lock);
1569                 return ses;
1570         }
1571         write_unlock(&cifs_tcp_ses_lock);
1572         return NULL;
1573 }
1574
1575 static void
1576 cifs_put_smb_ses(struct cifsSesInfo *ses)
1577 {
1578         int xid;
1579         struct TCP_Server_Info *server = ses->server;
1580
1581         write_lock(&cifs_tcp_ses_lock);
1582         if (--ses->ses_count > 0) {
1583                 write_unlock(&cifs_tcp_ses_lock);
1584                 return;
1585         }
1586
1587         list_del_init(&ses->smb_ses_list);
1588         write_unlock(&cifs_tcp_ses_lock);
1589
1590         if (ses->status == CifsGood) {
1591                 xid = GetXid();
1592                 CIFSSMBLogoff(xid, ses);
1593                 _FreeXid(xid);
1594         }
1595         sesInfoFree(ses);
1596         cifs_put_tcp_session(server);
1597 }
1598
1599 static struct cifsTconInfo *
1600 cifs_find_tcon(struct cifsSesInfo *ses, const char *unc)
1601 {
1602         struct list_head *tmp;
1603         struct cifsTconInfo *tcon;
1604
1605         write_lock(&cifs_tcp_ses_lock);
1606         list_for_each(tmp, &ses->tcon_list) {
1607                 tcon = list_entry(tmp, struct cifsTconInfo, tcon_list);
1608                 if (tcon->tidStatus == CifsExiting)
1609                         continue;
1610                 if (strncmp(tcon->treeName, unc, MAX_TREE_SIZE))
1611                         continue;
1612
1613                 ++tcon->tc_count;
1614                 write_unlock(&cifs_tcp_ses_lock);
1615                 return tcon;
1616         }
1617         write_unlock(&cifs_tcp_ses_lock);
1618         return NULL;
1619 }
1620
1621 static void
1622 cifs_put_tcon(struct cifsTconInfo *tcon)
1623 {
1624         int xid;
1625         struct cifsSesInfo *ses = tcon->ses;
1626
1627         write_lock(&cifs_tcp_ses_lock);
1628         if (--tcon->tc_count > 0) {
1629                 write_unlock(&cifs_tcp_ses_lock);
1630                 return;
1631         }
1632
1633         list_del_init(&tcon->tcon_list);
1634         write_unlock(&cifs_tcp_ses_lock);
1635
1636         xid = GetXid();
1637         CIFSSMBTDis(xid, tcon);
1638         _FreeXid(xid);
1639
1640         DeleteTconOplockQEntries(tcon);
1641         tconInfoFree(tcon);
1642         cifs_put_smb_ses(ses);
1643 }
1644
1645 int
1646 get_dfs_path(int xid, struct cifsSesInfo *pSesInfo, const char *old_path,
1647              const struct nls_table *nls_codepage, unsigned int *pnum_referrals,
1648              struct dfs_info3_param **preferrals, int remap)
1649 {
1650         char *temp_unc;
1651         int rc = 0;
1652
1653         *pnum_referrals = 0;
1654         *preferrals = NULL;
1655
1656         if (pSesInfo->ipc_tid == 0) {
1657                 temp_unc = kmalloc(2 /* for slashes */ +
1658                         strnlen(pSesInfo->serverName,
1659                                 SERVER_NAME_LEN_WITH_NULL * 2)
1660                                  + 1 + 4 /* slash IPC$ */  + 2,
1661                                 GFP_KERNEL);
1662                 if (temp_unc == NULL)
1663                         return -ENOMEM;
1664                 temp_unc[0] = '\\';
1665                 temp_unc[1] = '\\';
1666                 strcpy(temp_unc + 2, pSesInfo->serverName);
1667                 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
1668                 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
1669                 cFYI(1,
1670                      ("CIFS Tcon rc = %d ipc_tid = %d", rc, pSesInfo->ipc_tid));
1671                 kfree(temp_unc);
1672         }
1673         if (rc == 0)
1674                 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
1675                                      pnum_referrals, nls_codepage, remap);
1676         /* BB map targetUNCs to dfs_info3 structures, here or
1677                 in CIFSGetDFSRefer BB */
1678
1679         return rc;
1680 }
1681
1682 #ifdef CONFIG_DEBUG_LOCK_ALLOC
1683 static struct lock_class_key cifs_key[2];
1684 static struct lock_class_key cifs_slock_key[2];
1685
1686 static inline void
1687 cifs_reclassify_socket4(struct socket *sock)
1688 {
1689         struct sock *sk = sock->sk;
1690         BUG_ON(sock_owned_by_user(sk));
1691         sock_lock_init_class_and_name(sk, "slock-AF_INET-CIFS",
1692                 &cifs_slock_key[0], "sk_lock-AF_INET-CIFS", &cifs_key[0]);
1693 }
1694
1695 static inline void
1696 cifs_reclassify_socket6(struct socket *sock)
1697 {
1698         struct sock *sk = sock->sk;
1699         BUG_ON(sock_owned_by_user(sk));
1700         sock_lock_init_class_and_name(sk, "slock-AF_INET6-CIFS",
1701                 &cifs_slock_key[1], "sk_lock-AF_INET6-CIFS", &cifs_key[1]);
1702 }
1703 #else
1704 static inline void
1705 cifs_reclassify_socket4(struct socket *sock)
1706 {
1707 }
1708
1709 static inline void
1710 cifs_reclassify_socket6(struct socket *sock)
1711 {
1712 }
1713 #endif
1714
1715 /* See RFC1001 section 14 on representation of Netbios names */
1716 static void rfc1002mangle(char *target, char *source, unsigned int length)
1717 {
1718         unsigned int i, j;
1719
1720         for (i = 0, j = 0; i < (length); i++) {
1721                 /* mask a nibble at a time and encode */
1722                 target[j] = 'A' + (0x0F & (source[i] >> 4));
1723                 target[j+1] = 'A' + (0x0F & source[i]);
1724                 j += 2;
1725         }
1726
1727 }
1728
1729
1730 static int
1731 ipv4_connect(struct TCP_Server_Info *server)
1732 {
1733         int rc = 0;
1734         bool connected = false;
1735         __be16 orig_port = 0;
1736         struct socket *socket = server->ssocket;
1737
1738         if (socket == NULL) {
1739                 rc = sock_create_kern(PF_INET, SOCK_STREAM,
1740                                       IPPROTO_TCP, &socket);
1741                 if (rc < 0) {
1742                         cERROR(1, ("Error %d creating socket", rc));
1743                         return rc;
1744                 }
1745
1746                 /* BB other socket options to set KEEPALIVE, NODELAY? */
1747                 cFYI(1, ("Socket created"));
1748                 server->ssocket = socket;
1749                 socket->sk->sk_allocation = GFP_NOFS;
1750                 cifs_reclassify_socket4(socket);
1751         }
1752
1753         /* user overrode default port */
1754         if (server->addr.sockAddr.sin_port) {
1755                 rc = socket->ops->connect(socket, (struct sockaddr *)
1756                                           &server->addr.sockAddr,
1757                                           sizeof(struct sockaddr_in), 0);
1758                 if (rc >= 0)
1759                         connected = true;
1760         }
1761
1762         if (!connected) {
1763                 /* save original port so we can retry user specified port
1764                         later if fall back ports fail this time  */
1765                 orig_port = server->addr.sockAddr.sin_port;
1766
1767                 /* do not retry on the same port we just failed on */
1768                 if (server->addr.sockAddr.sin_port != htons(CIFS_PORT)) {
1769                         server->addr.sockAddr.sin_port = htons(CIFS_PORT);
1770                         rc = socket->ops->connect(socket,
1771                                                 (struct sockaddr *)
1772                                                 &server->addr.sockAddr,
1773                                                 sizeof(struct sockaddr_in), 0);
1774                         if (rc >= 0)
1775                                 connected = true;
1776                 }
1777         }
1778         if (!connected) {
1779                 server->addr.sockAddr.sin_port = htons(RFC1001_PORT);
1780                 rc = socket->ops->connect(socket, (struct sockaddr *)
1781                                               &server->addr.sockAddr,
1782                                               sizeof(struct sockaddr_in), 0);
1783                 if (rc >= 0)
1784                         connected = true;
1785         }
1786
1787         /* give up here - unless we want to retry on different
1788                 protocol families some day */
1789         if (!connected) {
1790                 if (orig_port)
1791                         server->addr.sockAddr.sin_port = orig_port;
1792                 cFYI(1, ("Error %d connecting to server via ipv4", rc));
1793                 sock_release(socket);
1794                 server->ssocket = NULL;
1795                 return rc;
1796         }
1797
1798
1799         /*
1800          * Eventually check for other socket options to change from
1801          *  the default. sock_setsockopt not used because it expects
1802          *  user space buffer
1803          */
1804         socket->sk->sk_rcvtimeo = 7 * HZ;
1805         socket->sk->sk_sndtimeo = 5 * HZ;
1806
1807         /* make the bufsizes depend on wsize/rsize and max requests */
1808         if (server->noautotune) {
1809                 if (socket->sk->sk_sndbuf < (200 * 1024))
1810                         socket->sk->sk_sndbuf = 200 * 1024;
1811                 if (socket->sk->sk_rcvbuf < (140 * 1024))
1812                         socket->sk->sk_rcvbuf = 140 * 1024;
1813         }
1814
1815          cFYI(1, ("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",
1816                  socket->sk->sk_sndbuf,
1817                  socket->sk->sk_rcvbuf, socket->sk->sk_rcvtimeo));
1818
1819         /* send RFC1001 sessinit */
1820         if (server->addr.sockAddr.sin_port == htons(RFC1001_PORT)) {
1821                 /* some servers require RFC1001 sessinit before sending
1822                 negprot - BB check reconnection in case where second
1823                 sessinit is sent but no second negprot */
1824                 struct rfc1002_session_packet *ses_init_buf;
1825                 struct smb_hdr *smb_buf;
1826                 ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet),
1827                                        GFP_KERNEL);
1828                 if (ses_init_buf) {
1829                         ses_init_buf->trailer.session_req.called_len = 32;
1830                         if (server->server_RFC1001_name &&
1831                             server->server_RFC1001_name[0] != 0)
1832                                 rfc1002mangle(ses_init_buf->trailer.
1833                                                 session_req.called_name,
1834                                               server->server_RFC1001_name,
1835                                               RFC1001_NAME_LEN_WITH_NULL);
1836                         else
1837                                 rfc1002mangle(ses_init_buf->trailer.
1838                                                 session_req.called_name,
1839                                               DEFAULT_CIFS_CALLED_NAME,
1840                                               RFC1001_NAME_LEN_WITH_NULL);
1841
1842                         ses_init_buf->trailer.session_req.calling_len = 32;
1843
1844                         /* calling name ends in null (byte 16) from old smb
1845                         convention. */
1846                         if (server->workstation_RFC1001_name &&
1847                             server->workstation_RFC1001_name[0] != 0)
1848                                 rfc1002mangle(ses_init_buf->trailer.
1849                                                 session_req.calling_name,
1850                                               server->workstation_RFC1001_name,
1851                                               RFC1001_NAME_LEN_WITH_NULL);
1852                         else
1853                                 rfc1002mangle(ses_init_buf->trailer.
1854                                                 session_req.calling_name,
1855                                               "LINUX_CIFS_CLNT",
1856                                               RFC1001_NAME_LEN_WITH_NULL);
1857
1858                         ses_init_buf->trailer.session_req.scope1 = 0;
1859                         ses_init_buf->trailer.session_req.scope2 = 0;
1860                         smb_buf = (struct smb_hdr *)ses_init_buf;
1861                         /* sizeof RFC1002_SESSION_REQUEST with no scope */
1862                         smb_buf->smb_buf_length = 0x81000044;
1863                         rc = smb_send(server, smb_buf, 0x44);
1864                         kfree(ses_init_buf);
1865                         msleep(1); /* RFC1001 layer in at least one server
1866                                       requires very short break before negprot
1867                                       presumably because not expecting negprot
1868                                       to follow so fast.  This is a simple
1869                                       solution that works without
1870                                       complicating the code and causes no
1871                                       significant slowing down on mount
1872                                       for everyone else */
1873                 }
1874                 /* else the negprot may still work without this
1875                 even though malloc failed */
1876
1877         }
1878
1879         return rc;
1880 }
1881
1882 static int
1883 ipv6_connect(struct TCP_Server_Info *server)
1884 {
1885         int rc = 0;
1886         bool connected = false;
1887         __be16 orig_port = 0;
1888         struct socket *socket = server->ssocket;
1889
1890         if (socket == NULL) {
1891                 rc = sock_create_kern(PF_INET6, SOCK_STREAM,
1892                                       IPPROTO_TCP, &socket);
1893                 if (rc < 0) {
1894                         cERROR(1, ("Error %d creating ipv6 socket", rc));
1895                         socket = NULL;
1896                         return rc;
1897                 }
1898
1899                 /* BB other socket options to set KEEPALIVE, NODELAY? */
1900                 cFYI(1, ("ipv6 Socket created"));
1901                 server->ssocket = socket;
1902                 socket->sk->sk_allocation = GFP_NOFS;
1903                 cifs_reclassify_socket6(socket);
1904         }
1905
1906         /* user overrode default port */
1907         if (server->addr.sockAddr6.sin6_port) {
1908                 rc = socket->ops->connect(socket,
1909                                 (struct sockaddr *) &server->addr.sockAddr6,
1910                                 sizeof(struct sockaddr_in6), 0);
1911                 if (rc >= 0)
1912                         connected = true;
1913         }
1914
1915         if (!connected) {
1916                 /* save original port so we can retry user specified port
1917                         later if fall back ports fail this time  */
1918
1919                 orig_port = server->addr.sockAddr6.sin6_port;
1920                 /* do not retry on the same port we just failed on */
1921                 if (server->addr.sockAddr6.sin6_port != htons(CIFS_PORT)) {
1922                         server->addr.sockAddr6.sin6_port = htons(CIFS_PORT);
1923                         rc = socket->ops->connect(socket, (struct sockaddr *)
1924                                         &server->addr.sockAddr6,
1925                                         sizeof(struct sockaddr_in6), 0);
1926                         if (rc >= 0)
1927                                 connected = true;
1928                 }
1929         }
1930         if (!connected) {
1931                 server->addr.sockAddr6.sin6_port = htons(RFC1001_PORT);
1932                 rc = socket->ops->connect(socket, (struct sockaddr *)
1933                                 &server->addr.sockAddr6,
1934                                 sizeof(struct sockaddr_in6), 0);
1935                 if (rc >= 0)
1936                         connected = true;
1937         }
1938
1939         /* give up here - unless we want to retry on different
1940                 protocol families some day */
1941         if (!connected) {
1942                 if (orig_port)
1943                         server->addr.sockAddr6.sin6_port = orig_port;
1944                 cFYI(1, ("Error %d connecting to server via ipv6", rc));
1945                 sock_release(socket);
1946                 server->ssocket = NULL;
1947                 return rc;
1948         }
1949
1950         /*
1951          * Eventually check for other socket options to change from
1952          * the default. sock_setsockopt not used because it expects
1953          * user space buffer
1954          */
1955         socket->sk->sk_rcvtimeo = 7 * HZ;
1956         socket->sk->sk_sndtimeo = 5 * HZ;
1957         server->ssocket = socket;
1958
1959         return rc;
1960 }
1961
1962 void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon,
1963                           struct super_block *sb, struct smb_vol *vol_info)
1964 {
1965         /* if we are reconnecting then should we check to see if
1966          * any requested capabilities changed locally e.g. via
1967          * remount but we can not do much about it here
1968          * if they have (even if we could detect it by the following)
1969          * Perhaps we could add a backpointer to array of sb from tcon
1970          * or if we change to make all sb to same share the same
1971          * sb as NFS - then we only have one backpointer to sb.
1972          * What if we wanted to mount the server share twice once with
1973          * and once without posixacls or posix paths? */
1974         __u64 saved_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
1975
1976         if (vol_info && vol_info->no_linux_ext) {
1977                 tcon->fsUnixInfo.Capability = 0;
1978                 tcon->unix_ext = 0; /* Unix Extensions disabled */
1979                 cFYI(1, ("Linux protocol extensions disabled"));
1980                 return;
1981         } else if (vol_info)
1982                 tcon->unix_ext = 1; /* Unix Extensions supported */
1983
1984         if (tcon->unix_ext == 0) {
1985                 cFYI(1, ("Unix extensions disabled so not set on reconnect"));
1986                 return;
1987         }
1988
1989         if (!CIFSSMBQFSUnixInfo(xid, tcon)) {
1990                 __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
1991
1992                 /* check for reconnect case in which we do not
1993                    want to change the mount behavior if we can avoid it */
1994                 if (vol_info == NULL) {
1995                         /* turn off POSIX ACL and PATHNAMES if not set
1996                            originally at mount time */
1997                         if ((saved_cap & CIFS_UNIX_POSIX_ACL_CAP) == 0)
1998                                 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
1999                         if ((saved_cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2000                                 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2001                                         cERROR(1, ("POSIXPATH support change"));
2002                                 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2003                         } else if ((cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2004                                 cERROR(1, ("possible reconnect error"));
2005                                 cERROR(1,
2006                                         ("server disabled POSIX path support"));
2007                         }
2008                 }
2009
2010                 cap &= CIFS_UNIX_CAP_MASK;
2011                 if (vol_info && vol_info->no_psx_acl)
2012                         cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2013                 else if (CIFS_UNIX_POSIX_ACL_CAP & cap) {
2014                         cFYI(1, ("negotiated posix acl support"));
2015                         if (sb)
2016                                 sb->s_flags |= MS_POSIXACL;
2017                 }
2018
2019                 if (vol_info && vol_info->posix_paths == 0)
2020                         cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2021                 else if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
2022                         cFYI(1, ("negotiate posix pathnames"));
2023                         if (sb)
2024                                 CIFS_SB(sb)->mnt_cifs_flags |=
2025                                         CIFS_MOUNT_POSIX_PATHS;
2026                 }
2027
2028                 /* We might be setting the path sep back to a different
2029                 form if we are reconnecting and the server switched its
2030                 posix path capability for this share */
2031                 if (sb && (CIFS_SB(sb)->prepathlen > 0))
2032                         CIFS_SB(sb)->prepath[0] = CIFS_DIR_SEP(CIFS_SB(sb));
2033
2034                 if (sb && (CIFS_SB(sb)->rsize > 127 * 1024)) {
2035                         if ((cap & CIFS_UNIX_LARGE_READ_CAP) == 0) {
2036                                 CIFS_SB(sb)->rsize = 127 * 1024;
2037                                 cFYI(DBG2,
2038                                         ("larger reads not supported by srv"));
2039                         }
2040                 }
2041
2042
2043                 cFYI(1, ("Negotiate caps 0x%x", (int)cap));
2044 #ifdef CONFIG_CIFS_DEBUG2
2045                 if (cap & CIFS_UNIX_FCNTL_CAP)
2046                         cFYI(1, ("FCNTL cap"));
2047                 if (cap & CIFS_UNIX_EXTATTR_CAP)
2048                         cFYI(1, ("EXTATTR cap"));
2049                 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2050                         cFYI(1, ("POSIX path cap"));
2051                 if (cap & CIFS_UNIX_XATTR_CAP)
2052                         cFYI(1, ("XATTR cap"));
2053                 if (cap & CIFS_UNIX_POSIX_ACL_CAP)
2054                         cFYI(1, ("POSIX ACL cap"));
2055                 if (cap & CIFS_UNIX_LARGE_READ_CAP)
2056                         cFYI(1, ("very large read cap"));
2057                 if (cap & CIFS_UNIX_LARGE_WRITE_CAP)
2058                         cFYI(1, ("very large write cap"));
2059 #endif /* CIFS_DEBUG2 */
2060                 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
2061                         if (vol_info == NULL) {
2062                                 cFYI(1, ("resetting capabilities failed"));
2063                         } else
2064                                 cERROR(1, ("Negotiating Unix capabilities "
2065                                            "with the server failed.  Consider "
2066                                            "mounting with the Unix Extensions\n"
2067                                            "disabled, if problems are found, "
2068                                            "by specifying the nounix mount "
2069                                            "option."));
2070
2071                 }
2072         }
2073 }
2074
2075 static void
2076 convert_delimiter(char *path, char delim)
2077 {
2078         int i;
2079         char old_delim;
2080
2081         if (path == NULL)
2082                 return;
2083
2084         if (delim == '/')
2085                 old_delim = '\\';
2086         else
2087                 old_delim = '/';
2088
2089         for (i = 0; path[i] != '\0'; i++) {
2090                 if (path[i] == old_delim)
2091                         path[i] = delim;
2092         }
2093 }
2094
2095 static void setup_cifs_sb(struct smb_vol *pvolume_info,
2096                           struct cifs_sb_info *cifs_sb)
2097 {
2098         if (pvolume_info->rsize > CIFSMaxBufSize) {
2099                 cERROR(1, ("rsize %d too large, using MaxBufSize",
2100                         pvolume_info->rsize));
2101                 cifs_sb->rsize = CIFSMaxBufSize;
2102         } else if ((pvolume_info->rsize) &&
2103                         (pvolume_info->rsize <= CIFSMaxBufSize))
2104                 cifs_sb->rsize = pvolume_info->rsize;
2105         else /* default */
2106                 cifs_sb->rsize = CIFSMaxBufSize;
2107
2108         if (pvolume_info->wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
2109                 cERROR(1, ("wsize %d too large, using 4096 instead",
2110                           pvolume_info->wsize));
2111                 cifs_sb->wsize = 4096;
2112         } else if (pvolume_info->wsize)
2113                 cifs_sb->wsize = pvolume_info->wsize;
2114         else
2115                 cifs_sb->wsize = min_t(const int,
2116                                         PAGEVEC_SIZE * PAGE_CACHE_SIZE,
2117                                         127*1024);
2118                 /* old default of CIFSMaxBufSize was too small now
2119                    that SMB Write2 can send multiple pages in kvec.
2120                    RFC1001 does not describe what happens when frame
2121                    bigger than 128K is sent so use that as max in
2122                    conjunction with 52K kvec constraint on arch with 4K
2123                    page size  */
2124
2125         if (cifs_sb->rsize < 2048) {
2126                 cifs_sb->rsize = 2048;
2127                 /* Windows ME may prefer this */
2128                 cFYI(1, ("readsize set to minimum: 2048"));
2129         }
2130         /* calculate prepath */
2131         cifs_sb->prepath = pvolume_info->prepath;
2132         if (cifs_sb->prepath) {
2133                 cifs_sb->prepathlen = strlen(cifs_sb->prepath);
2134                 /* we can not convert the / to \ in the path
2135                 separators in the prefixpath yet because we do not
2136                 know (until reset_cifs_unix_caps is called later)
2137                 whether POSIX PATH CAP is available. We normalize
2138                 the / to \ after reset_cifs_unix_caps is called */
2139                 pvolume_info->prepath = NULL;
2140         } else
2141                 cifs_sb->prepathlen = 0;
2142         cifs_sb->mnt_uid = pvolume_info->linux_uid;
2143         cifs_sb->mnt_gid = pvolume_info->linux_gid;
2144         cifs_sb->mnt_file_mode = pvolume_info->file_mode;
2145         cifs_sb->mnt_dir_mode = pvolume_info->dir_mode;
2146         cFYI(1, ("file mode: 0x%x  dir mode: 0x%x",
2147                 cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode));
2148
2149         if (pvolume_info->noperm)
2150                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
2151         if (pvolume_info->setuids)
2152                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
2153         if (pvolume_info->server_ino)
2154                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
2155         if (pvolume_info->remap)
2156                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
2157         if (pvolume_info->no_xattr)
2158                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
2159         if (pvolume_info->sfu_emul)
2160                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
2161         if (pvolume_info->nobrl)
2162                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
2163         if (pvolume_info->mand_lock)
2164                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOPOSIXBRL;
2165         if (pvolume_info->cifs_acl)
2166                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
2167         if (pvolume_info->override_uid)
2168                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
2169         if (pvolume_info->override_gid)
2170                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
2171         if (pvolume_info->dynperm)
2172                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DYNPERM;
2173         if (pvolume_info->direct_io) {
2174                 cFYI(1, ("mounting share using direct i/o"));
2175                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
2176         }
2177
2178         if ((pvolume_info->cifs_acl) && (pvolume_info->dynperm))
2179                 cERROR(1, ("mount option dynperm ignored if cifsacl "
2180                            "mount option supported"));
2181 }
2182
2183 static int
2184 is_path_accessible(int xid, struct cifsTconInfo *tcon,
2185                    struct cifs_sb_info *cifs_sb, const char *full_path)
2186 {
2187         int rc;
2188         __u64 inode_num;
2189         FILE_ALL_INFO *pfile_info;
2190
2191         rc = CIFSGetSrvInodeNumber(xid, tcon, full_path, &inode_num,
2192                                    cifs_sb->local_nls,
2193                                    cifs_sb->mnt_cifs_flags &
2194                                                 CIFS_MOUNT_MAP_SPECIAL_CHR);
2195         if (rc != -EOPNOTSUPP)
2196                 return rc;
2197
2198         pfile_info = kmalloc(sizeof(FILE_ALL_INFO), GFP_KERNEL);
2199         if (pfile_info == NULL)
2200                 return -ENOMEM;
2201
2202         rc = CIFSSMBQPathInfo(xid, tcon, full_path, pfile_info,
2203                               0 /* not legacy */, cifs_sb->local_nls,
2204                               cifs_sb->mnt_cifs_flags &
2205                                 CIFS_MOUNT_MAP_SPECIAL_CHR);
2206         kfree(pfile_info);
2207         return rc;
2208 }
2209
2210 int
2211 cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
2212            char *mount_data, const char *devname)
2213 {
2214         int rc = 0;
2215         int xid;
2216         struct smb_vol *volume_info;
2217         struct cifsSesInfo *pSesInfo = NULL;
2218         struct cifsTconInfo *tcon = NULL;
2219         struct TCP_Server_Info *srvTcp = NULL;
2220         char   *full_path;
2221
2222         xid = GetXid();
2223
2224         volume_info = kzalloc(sizeof(struct smb_vol), GFP_KERNEL);
2225         if (!volume_info) {
2226                 rc = -ENOMEM;
2227                 goto out;
2228         }
2229
2230         if (cifs_parse_mount_options(mount_data, devname, volume_info)) {
2231                 rc = -EINVAL;
2232                 goto out;
2233         }
2234
2235         if (volume_info->nullauth) {
2236                 cFYI(1, ("null user"));
2237                 volume_info->username = "";
2238         } else if (volume_info->username) {
2239                 /* BB fixme parse for domain name here */
2240                 cFYI(1, ("Username: %s", volume_info->username));
2241         } else {
2242                 cifserror("No username specified");
2243         /* In userspace mount helper we can get user name from alternate
2244            locations such as env variables and files on disk */
2245                 rc = -EINVAL;
2246                 goto out;
2247         }
2248
2249
2250         /* this is needed for ASCII cp to Unicode converts */
2251         if (volume_info->iocharset == NULL) {
2252                 cifs_sb->local_nls = load_nls_default();
2253         /* load_nls_default can not return null */
2254         } else {
2255                 cifs_sb->local_nls = load_nls(volume_info->iocharset);
2256                 if (cifs_sb->local_nls == NULL) {
2257                         cERROR(1, ("CIFS mount error: iocharset %s not found",
2258                                  volume_info->iocharset));
2259                         rc = -ELIBACC;
2260                         goto out;
2261                 }
2262         }
2263
2264         /* get a reference to a tcp session */
2265         srvTcp = cifs_get_tcp_session(volume_info);
2266         if (IS_ERR(srvTcp)) {
2267                 rc = PTR_ERR(srvTcp);
2268                 goto out;
2269         }
2270
2271         pSesInfo = cifs_find_smb_ses(srvTcp, volume_info->username);
2272         if (pSesInfo) {
2273                 cFYI(1, ("Existing smb sess found (status=%d)",
2274                         pSesInfo->status));
2275                 /*
2276                  * The existing SMB session already has a reference to srvTcp,
2277                  * so we can put back the extra one we got before
2278                  */
2279                 cifs_put_tcp_session(srvTcp);
2280
2281                 down(&pSesInfo->sesSem);
2282                 if (pSesInfo->need_reconnect) {
2283                         cFYI(1, ("Session needs reconnect"));
2284                         rc = cifs_setup_session(xid, pSesInfo,
2285                                                 cifs_sb->local_nls);
2286                 }
2287                 up(&pSesInfo->sesSem);
2288         } else if (!rc) {
2289                 cFYI(1, ("Existing smb sess not found"));
2290                 pSesInfo = sesInfoAlloc();
2291                 if (pSesInfo == NULL) {
2292                         rc = -ENOMEM;
2293                         goto mount_fail_check;
2294                 }
2295
2296                 /* new SMB session uses our srvTcp ref */
2297                 pSesInfo->server = srvTcp;
2298                 if (srvTcp->addr.sockAddr6.sin6_family == AF_INET6)
2299                         sprintf(pSesInfo->serverName, "%pI6",
2300                                 &srvTcp->addr.sockAddr6.sin6_addr);
2301                 else
2302                         sprintf(pSesInfo->serverName, "%pI4",
2303                                 &srvTcp->addr.sockAddr.sin_addr.s_addr);
2304
2305                 write_lock(&cifs_tcp_ses_lock);
2306                 list_add(&pSesInfo->smb_ses_list, &srvTcp->smb_ses_list);
2307                 write_unlock(&cifs_tcp_ses_lock);
2308
2309                 /* volume_info->password freed at unmount */
2310                 if (volume_info->password) {
2311                         pSesInfo->password = kstrdup(volume_info->password,
2312                                                      GFP_KERNEL);
2313                         if (!pSesInfo->password) {
2314                                 rc = -ENOMEM;
2315                                 goto mount_fail_check;
2316                         }
2317                 }
2318                 if (volume_info->username)
2319                         strncpy(pSesInfo->userName, volume_info->username,
2320                                 MAX_USERNAME_SIZE);
2321                 if (volume_info->domainname) {
2322                         int len = strlen(volume_info->domainname);
2323                         pSesInfo->domainName = kmalloc(len + 1, GFP_KERNEL);
2324                         if (pSesInfo->domainName)
2325                                 strcpy(pSesInfo->domainName,
2326                                         volume_info->domainname);
2327                 }
2328                 pSesInfo->linux_uid = volume_info->linux_uid;
2329                 pSesInfo->overrideSecFlg = volume_info->secFlg;
2330                 down(&pSesInfo->sesSem);
2331
2332                 /* BB FIXME need to pass vol->secFlgs BB */
2333                 rc = cifs_setup_session(xid, pSesInfo,
2334                                         cifs_sb->local_nls);
2335                 up(&pSesInfo->sesSem);
2336         }
2337
2338         /* search for existing tcon to this server share */
2339         if (!rc) {
2340                 setup_cifs_sb(volume_info, cifs_sb);
2341
2342                 tcon = cifs_find_tcon(pSesInfo, volume_info->UNC);
2343                 if (tcon) {
2344                         cFYI(1, ("Found match on UNC path"));
2345                         /* existing tcon already has a reference */
2346                         cifs_put_smb_ses(pSesInfo);
2347                         if (tcon->seal != volume_info->seal)
2348                                 cERROR(1, ("transport encryption setting "
2349                                            "conflicts with existing tid"));
2350                 } else {
2351                         tcon = tconInfoAlloc();
2352                         if (tcon == NULL) {
2353                                 rc = -ENOMEM;
2354                                 goto mount_fail_check;
2355                         }
2356
2357                         tcon->ses = pSesInfo;
2358                         if (volume_info->password) {
2359                                 tcon->password = kstrdup(volume_info->password,
2360                                                          GFP_KERNEL);
2361                                 if (!tcon->password) {
2362                                         rc = -ENOMEM;
2363                                         goto mount_fail_check;
2364                                 }
2365                         }
2366
2367                         /* check for null share name ie connect to dfs root */
2368                         if ((strchr(volume_info->UNC + 3, '\\') == NULL)
2369                             && (strchr(volume_info->UNC + 3, '/') == NULL)) {
2370                                 /* rc = connect_to_dfs_path(...) */
2371                                 cFYI(1, ("DFS root not supported"));
2372                                 rc = -ENODEV;
2373                                 goto mount_fail_check;
2374                         } else {
2375                                 /* BB Do we need to wrap sesSem around
2376                                  * this TCon call and Unix SetFS as
2377                                  * we do on SessSetup and reconnect? */
2378                                 rc = CIFSTCon(xid, pSesInfo, volume_info->UNC,
2379                                               tcon, cifs_sb->local_nls);
2380                                 cFYI(1, ("CIFS Tcon rc = %d", rc));
2381                                 if (volume_info->nodfs) {
2382                                         tcon->Flags &= ~SMB_SHARE_IS_IN_DFS;
2383                                         cFYI(1, ("DFS disabled (%d)",
2384                                                 tcon->Flags));
2385                                 }
2386                         }
2387                         if (rc)
2388                                 goto mount_fail_check;
2389                         tcon->seal = volume_info->seal;
2390                         write_lock(&cifs_tcp_ses_lock);
2391                         list_add(&tcon->tcon_list, &pSesInfo->tcon_list);
2392                         write_unlock(&cifs_tcp_ses_lock);
2393                 }
2394
2395                 /* we can have only one retry value for a connection
2396                    to a share so for resources mounted more than once
2397                    to the same server share the last value passed in
2398                    for the retry flag is used */
2399                 tcon->retry = volume_info->retry;
2400                 tcon->nocase = volume_info->nocase;
2401                 tcon->local_lease = volume_info->local_lease;
2402         }
2403         if (pSesInfo) {
2404                 if (pSesInfo->capabilities & CAP_LARGE_FILES) {
2405                         sb->s_maxbytes = (u64) 1 << 63;
2406                 } else
2407                         sb->s_maxbytes = (u64) 1 << 31; /* 2 GB */
2408         }
2409
2410         /* BB FIXME fix time_gran to be larger for LANMAN sessions */
2411         sb->s_time_gran = 100;
2412
2413 mount_fail_check:
2414         /* on error free sesinfo and tcon struct if needed */
2415         if (rc) {
2416                 /* If find_unc succeeded then rc == 0 so we can not end */
2417                 /* up accidently freeing someone elses tcon struct */
2418                 if (tcon)
2419                         cifs_put_tcon(tcon);
2420                 else if (pSesInfo)
2421                         cifs_put_smb_ses(pSesInfo);
2422                 else
2423                         cifs_put_tcp_session(srvTcp);
2424                 goto out;
2425         }
2426         cifs_sb->tcon = tcon;
2427
2428         /* do not care if following two calls succeed - informational */
2429         if (!tcon->ipc) {
2430                 CIFSSMBQFSDeviceInfo(xid, tcon);
2431                 CIFSSMBQFSAttributeInfo(xid, tcon);
2432         }
2433
2434         /* tell server which Unix caps we support */
2435         if (tcon->ses->capabilities & CAP_UNIX)
2436                 /* reset of caps checks mount to see if unix extensions
2437                    disabled for just this mount */
2438                 reset_cifs_unix_caps(xid, tcon, sb, volume_info);
2439         else
2440                 tcon->unix_ext = 0; /* server does not support them */
2441
2442         /* convert forward to back slashes in prepath here if needed */
2443         if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0)
2444                 convert_delimiter(cifs_sb->prepath, CIFS_DIR_SEP(cifs_sb));
2445
2446         if ((tcon->unix_ext == 0) && (cifs_sb->rsize > (1024 * 127))) {
2447                 cifs_sb->rsize = 1024 * 127;
2448                 cFYI(DBG2, ("no very large read support, rsize now 127K"));
2449         }
2450         if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
2451                 cifs_sb->wsize = min(cifs_sb->wsize,
2452                                (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE));
2453         if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
2454                 cifs_sb->rsize = min(cifs_sb->rsize,
2455                                (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE));
2456
2457         if (!rc && cifs_sb->prepathlen) {
2458                 /* build_path_to_root works only when we have a valid tcon */
2459                 full_path = cifs_build_path_to_root(cifs_sb);
2460                 if (full_path == NULL) {
2461                         rc = -ENOMEM;
2462                         goto mount_fail_check;
2463                 }
2464                 rc = is_path_accessible(xid, tcon, cifs_sb, full_path);
2465                 if (rc) {
2466                         cERROR(1, ("Path %s in not accessible: %d",
2467                                                 full_path, rc));
2468                         kfree(full_path);
2469                         goto mount_fail_check;
2470                 }
2471                 kfree(full_path);
2472         }
2473
2474         /* volume_info->password is freed above when existing session found
2475         (in which case it is not needed anymore) but when new sesion is created
2476         the password ptr is put in the new session structure (in which case the
2477         password will be freed at unmount time) */
2478 out:
2479         /* zero out password before freeing */
2480         if (volume_info) {
2481                 if (volume_info->password != NULL) {
2482                         memset(volume_info->password, 0,
2483                                 strlen(volume_info->password));
2484                         kfree(volume_info->password);
2485                 }
2486                 kfree(volume_info->UNC);
2487                 kfree(volume_info->prepath);
2488                 kfree(volume_info);
2489         }
2490         FreeXid(xid);
2491         return rc;
2492 }
2493
2494 static int
2495 CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2496               char session_key[CIFS_SESS_KEY_SIZE],
2497               const struct nls_table *nls_codepage)
2498 {
2499         struct smb_hdr *smb_buffer;
2500         struct smb_hdr *smb_buffer_response;
2501         SESSION_SETUP_ANDX *pSMB;
2502         SESSION_SETUP_ANDX *pSMBr;
2503         char *bcc_ptr;
2504         char *user;
2505         char *domain;
2506         int rc = 0;
2507         int remaining_words = 0;
2508         int bytes_returned = 0;
2509         int len;
2510         __u32 capabilities;
2511         __u16 count;
2512
2513         cFYI(1, ("In sesssetup"));
2514         if (ses == NULL)
2515                 return -EINVAL;
2516         user = ses->userName;
2517         domain = ses->domainName;
2518         smb_buffer = cifs_buf_get();
2519
2520         if (smb_buffer == NULL)
2521                 return -ENOMEM;
2522
2523         smb_buffer_response = smb_buffer;
2524         pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2525
2526         /* send SMBsessionSetup here */
2527         header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2528                         NULL /* no tCon exists yet */ , 13 /* wct */ );
2529
2530         smb_buffer->Mid = GetNextMid(ses->server);
2531         pSMB->req_no_secext.AndXCommand = 0xFF;
2532         pSMB->req_no_secext.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2533         pSMB->req_no_secext.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2534
2535         if (ses->server->secMode &
2536                         (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2537                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2538
2539         capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2540                 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
2541         if (ses->capabilities & CAP_UNICODE) {
2542                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2543                 capabilities |= CAP_UNICODE;
2544         }
2545         if (ses->capabilities & CAP_STATUS32) {
2546                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2547                 capabilities |= CAP_STATUS32;
2548         }
2549         if (ses->capabilities & CAP_DFS) {
2550                 smb_buffer->Flags2 |= SMBFLG2_DFS;
2551                 capabilities |= CAP_DFS;
2552         }
2553         pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
2554
2555         pSMB->req_no_secext.CaseInsensitivePasswordLength =
2556                 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2557
2558         pSMB->req_no_secext.CaseSensitivePasswordLength =
2559             cpu_to_le16(CIFS_SESS_KEY_SIZE);
2560         bcc_ptr = pByteArea(smb_buffer);
2561         memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2562         bcc_ptr += CIFS_SESS_KEY_SIZE;
2563         memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2564         bcc_ptr += CIFS_SESS_KEY_SIZE;
2565
2566         if (ses->capabilities & CAP_UNICODE) {
2567                 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode */
2568                         *bcc_ptr = 0;
2569                         bcc_ptr++;
2570                 }
2571                 if (user == NULL)
2572                         bytes_returned = 0; /* skip null user */
2573                 else
2574                         bytes_returned =
2575                                 cifs_strtoUCS((__le16 *) bcc_ptr, user, 100,
2576                                         nls_codepage);
2577                 /* convert number of 16 bit words to bytes */
2578                 bcc_ptr += 2 * bytes_returned;
2579                 bcc_ptr += 2;   /* trailing null */
2580                 if (domain == NULL)
2581                         bytes_returned =
2582                             cifs_strtoUCS((__le16 *) bcc_ptr,
2583                                           "CIFS_LINUX_DOM", 32, nls_codepage);
2584                 else
2585                         bytes_returned =
2586                             cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2587                                           nls_codepage);
2588                 bcc_ptr += 2 * bytes_returned;
2589                 bcc_ptr += 2;
2590                 bytes_returned =
2591                     cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2592                                   32, nls_codepage);
2593                 bcc_ptr += 2 * bytes_returned;
2594                 bytes_returned =
2595                     cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release,
2596                                   32, nls_codepage);
2597                 bcc_ptr += 2 * bytes_returned;
2598                 bcc_ptr += 2;
2599                 bytes_returned =
2600                     cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2601                                   64, nls_codepage);
2602                 bcc_ptr += 2 * bytes_returned;
2603                 bcc_ptr += 2;
2604         } else {
2605                 if (user != NULL) {
2606                     strncpy(bcc_ptr, user, 200);
2607                     bcc_ptr += strnlen(user, 200);
2608                 }
2609                 *bcc_ptr = 0;
2610                 bcc_ptr++;
2611                 if (domain == NULL) {
2612                         strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2613                         bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2614                 } else {
2615                         strncpy(bcc_ptr, domain, 64);
2616                         bcc_ptr += strnlen(domain, 64);
2617                         *bcc_ptr = 0;
2618                         bcc_ptr++;
2619                 }
2620                 strcpy(bcc_ptr, "Linux version ");
2621                 bcc_ptr += strlen("Linux version ");
2622                 strcpy(bcc_ptr, utsname()->release);
2623                 bcc_ptr += strlen(utsname()->release) + 1;
2624                 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2625                 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2626         }
2627         count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2628         smb_buffer->smb_buf_length += count;
2629         pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
2630
2631         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2632                          &bytes_returned, CIFS_LONG_OP);
2633         if (rc) {
2634 /* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2635         } else if ((smb_buffer_response->WordCount == 3)
2636                    || (smb_buffer_response->WordCount == 4)) {
2637                 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2638                 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2639                 if (action & GUEST_LOGIN)
2640                         cFYI(1, ("Guest login")); /* BB mark SesInfo struct? */
2641                 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format
2642                                                          (little endian) */
2643                 cFYI(1, ("UID = %d ", ses->Suid));
2644         /* response can have either 3 or 4 word count - Samba sends 3 */
2645                 bcc_ptr = pByteArea(smb_buffer_response);
2646                 if ((pSMBr->resp.hdr.WordCount == 3)
2647                     || ((pSMBr->resp.hdr.WordCount == 4)
2648                         && (blob_len < pSMBr->resp.ByteCount))) {
2649                         if (pSMBr->resp.hdr.WordCount == 4)
2650                                 bcc_ptr += blob_len;
2651
2652                         if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2653                                 if ((long) (bcc_ptr) % 2) {
2654                                         remaining_words =
2655                                             (BCC(smb_buffer_response) - 1) / 2;
2656                                         /* Unicode strings must be word
2657                                            aligned */
2658                                         bcc_ptr++;
2659                                 } else {
2660                                         remaining_words =
2661                                                 BCC(smb_buffer_response) / 2;
2662                                 }
2663                                 len =
2664                                     UniStrnlen((wchar_t *) bcc_ptr,
2665                                                remaining_words - 1);
2666 /* We look for obvious messed up bcc or strings in response so we do not go off
2667    the end since (at least) WIN2K and Windows XP have a major bug in not null
2668    terminating last Unicode string in response  */
2669                                 if (ses->serverOS)
2670                                         kfree(ses->serverOS);
2671                                 ses->serverOS = kzalloc(2 * (len + 1),
2672                                                         GFP_KERNEL);
2673                                 if (ses->serverOS == NULL)
2674                                         goto sesssetup_nomem;
2675                                 cifs_strfromUCS_le(ses->serverOS,
2676                                                    (__le16 *)bcc_ptr,
2677                                                    len, nls_codepage);
2678                                 bcc_ptr += 2 * (len + 1);
2679                                 remaining_words -= len + 1;
2680                                 ses->serverOS[2 * len] = 0;
2681                                 ses->serverOS[1 + (2 * len)] = 0;
2682                                 if (remaining_words > 0) {
2683                                         len = UniStrnlen((wchar_t *)bcc_ptr,
2684                                                          remaining_words-1);
2685                                         kfree(ses->serverNOS);
2686                                         ses->serverNOS = kzalloc(2 * (len + 1),
2687                                                                  GFP_KERNEL);
2688                                         if (ses->serverNOS == NULL)
2689                                                 goto sesssetup_nomem;
2690                                         cifs_strfromUCS_le(ses->serverNOS,
2691                                                            (__le16 *)bcc_ptr,
2692                                                            len, nls_codepage);
2693                                         bcc_ptr += 2 * (len + 1);
2694                                         ses->serverNOS[2 * len] = 0;
2695                                         ses->serverNOS[1 + (2 * len)] = 0;
2696                                         if (strncmp(ses->serverNOS,
2697                                                 "NT LAN Manager 4", 16) == 0) {
2698                                                 cFYI(1, ("NT4 server"));
2699                                                 ses->flags |= CIFS_SES_NT4;
2700                                         }
2701                                         remaining_words -= len + 1;
2702                                         if (remaining_words > 0) {
2703                                                 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2704                                 /* last string is not always null terminated
2705                                    (for e.g. for Windows XP & 2000) */
2706                                                 if (ses->serverDomain)
2707                                                         kfree(ses->serverDomain);
2708                                                 ses->serverDomain =
2709                                                     kzalloc(2*(len+1),
2710                                                             GFP_KERNEL);
2711                                                 if (ses->serverDomain == NULL)
2712                                                         goto sesssetup_nomem;
2713                                                 cifs_strfromUCS_le(ses->serverDomain,
2714                                                         (__le16 *)bcc_ptr,
2715                                                         len, nls_codepage);
2716                                                 bcc_ptr += 2 * (len + 1);
2717                                                 ses->serverDomain[2*len] = 0;
2718                                                 ses->serverDomain[1+(2*len)] = 0;
2719                                         } else { /* else no more room so create
2720                                                   dummy domain string */
2721                                                 if (ses->serverDomain)
2722                                                         kfree(ses->serverDomain);
2723                                                 ses->serverDomain =
2724                                                         kzalloc(2, GFP_KERNEL);
2725                                         }
2726                                 } else { /* no room so create dummy domain
2727                                             and NOS string */
2728
2729                                         /* if these kcallocs fail not much we
2730                                            can do, but better to not fail the
2731                                            sesssetup itself */
2732                                         kfree(ses->serverDomain);
2733                                         ses->serverDomain =
2734                                             kzalloc(2, GFP_KERNEL);
2735                                         kfree(ses->serverNOS);
2736                                         ses->serverNOS =
2737                                             kzalloc(2, GFP_KERNEL);
2738                                 }
2739                         } else {        /* ASCII */
2740                                 len = strnlen(bcc_ptr, 1024);
2741                                 if (((long) bcc_ptr + len) - (long)
2742                                     pByteArea(smb_buffer_response)
2743                                             <= BCC(smb_buffer_response)) {
2744                                         kfree(ses->serverOS);
2745                                         ses->serverOS = kzalloc(len + 1,
2746                                                                 GFP_KERNEL);
2747                                         if (ses->serverOS == NULL)
2748                                                 goto sesssetup_nomem;
2749                                         strncpy(ses->serverOS, bcc_ptr, len);
2750
2751                                         bcc_ptr += len;
2752                                         /* null terminate the string */
2753                                         bcc_ptr[0] = 0;
2754                                         bcc_ptr++;
2755
2756                                         len = strnlen(bcc_ptr, 1024);
2757                                         kfree(ses->serverNOS);
2758                                         ses->serverNOS = kzalloc(len + 1,
2759                                                                  GFP_KERNEL);
2760                                         if (ses->serverNOS == NULL)
2761                                                 goto sesssetup_nomem;
2762                                         strncpy(ses->serverNOS, bcc_ptr, len);
2763                                         bcc_ptr += len;
2764                                         bcc_ptr[0] = 0;
2765                                         bcc_ptr++;
2766
2767                                         len = strnlen(bcc_ptr, 1024);
2768                                         if (ses->serverDomain)
2769                                                 kfree(ses->serverDomain);
2770                                         ses->serverDomain = kzalloc(len + 1,
2771                                                                     GFP_KERNEL);
2772                                         if (ses->serverDomain == NULL)
2773                                                 goto sesssetup_nomem;
2774                                         strncpy(ses->serverDomain, bcc_ptr,
2775                                                 len);
2776                                         bcc_ptr += len;
2777                                         bcc_ptr[0] = 0;
2778                                         bcc_ptr++;
2779                                 } else
2780                                         cFYI(1,
2781                                              ("Variable field of length %d "
2782                                                 "extends beyond end of smb ",
2783                                               len));
2784                         }
2785                 } else {
2786                         cERROR(1, ("Security Blob Length extends beyond "
2787                                 "end of SMB"));
2788                 }
2789         } else {
2790                 cERROR(1, ("Invalid Word count %d: ",
2791                         smb_buffer_response->WordCount));
2792                 rc = -EIO;
2793         }
2794 sesssetup_nomem:        /* do not return an error on nomem for the info strings,
2795                            since that could make reconnection harder, and
2796                            reconnection might be needed to free memory */
2797         cifs_buf_release(smb_buffer);
2798
2799         return rc;
2800 }
2801
2802 static int
2803 CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2804                               struct cifsSesInfo *ses, bool *pNTLMv2_flag,
2805                               const struct nls_table *nls_codepage)
2806 {
2807         struct smb_hdr *smb_buffer;
2808         struct smb_hdr *smb_buffer_response;
2809         SESSION_SETUP_ANDX *pSMB;
2810         SESSION_SETUP_ANDX *pSMBr;
2811         char *bcc_ptr;
2812         char *domain;
2813         int rc = 0;
2814         int remaining_words = 0;
2815         int bytes_returned = 0;
2816         int len;
2817         int SecurityBlobLength = sizeof(NEGOTIATE_MESSAGE);
2818         PNEGOTIATE_MESSAGE SecurityBlob;
2819         PCHALLENGE_MESSAGE SecurityBlob2;
2820         __u32 negotiate_flags, capabilities;
2821         __u16 count;
2822
2823         cFYI(1, ("In NTLMSSP sesssetup (negotiate)"));
2824         if (ses == NULL)
2825                 return -EINVAL;
2826         domain = ses->domainName;
2827         *pNTLMv2_flag = false;
2828         smb_buffer = cifs_buf_get();
2829         if (smb_buffer == NULL) {
2830                 return -ENOMEM;
2831         }
2832         smb_buffer_response = smb_buffer;
2833         pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2834         pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2835
2836         /* send SMBsessionSetup here */
2837         header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2838                         NULL /* no tCon exists yet */ , 12 /* wct */ );
2839
2840         smb_buffer->Mid = GetNextMid(ses->server);
2841         pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2842         pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2843
2844         pSMB->req.AndXCommand = 0xFF;
2845         pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2846         pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2847
2848         if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2849                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2850
2851         capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2852             CAP_EXTENDED_SECURITY;
2853         if (ses->capabilities & CAP_UNICODE) {
2854                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2855                 capabilities |= CAP_UNICODE;
2856         }
2857         if (ses->capabilities & CAP_STATUS32) {
2858                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2859                 capabilities |= CAP_STATUS32;
2860         }
2861         if (ses->capabilities & CAP_DFS) {
2862                 smb_buffer->Flags2 |= SMBFLG2_DFS;
2863                 capabilities |= CAP_DFS;
2864         }
2865         pSMB->req.Capabilities = cpu_to_le32(capabilities);
2866
2867         bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2868         SecurityBlob = (PNEGOTIATE_MESSAGE) bcc_ptr;
2869         strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2870         SecurityBlob->MessageType = NtLmNegotiate;
2871         negotiate_flags =
2872             NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
2873             NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM |
2874             NTLMSSP_NEGOTIATE_56 |
2875             /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
2876         if (sign_CIFS_PDUs)
2877                 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
2878 /*      if (ntlmv2_support)
2879                 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;*/
2880         /* setup pointers to domain name and workstation name */
2881         bcc_ptr += SecurityBlobLength;
2882
2883         SecurityBlob->WorkstationName.Buffer = 0;
2884         SecurityBlob->WorkstationName.Length = 0;
2885         SecurityBlob->WorkstationName.MaximumLength = 0;
2886
2887         /* Domain not sent on first Sesssetup in NTLMSSP, instead it is sent
2888         along with username on auth request (ie the response to challenge) */
2889         SecurityBlob->DomainName.Buffer = 0;
2890         SecurityBlob->DomainName.Length = 0;
2891         SecurityBlob->DomainName.MaximumLength = 0;
2892         if (ses->capabilities & CAP_UNICODE) {
2893                 if ((long) bcc_ptr % 2) {
2894                         *bcc_ptr = 0;
2895                         bcc_ptr++;
2896                 }
2897
2898                 bytes_returned =
2899                     cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2900                                   32, nls_codepage);
2901                 bcc_ptr += 2 * bytes_returned;
2902                 bytes_returned =
2903                     cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
2904                                   nls_codepage);
2905                 bcc_ptr += 2 * bytes_returned;
2906                 bcc_ptr += 2;   /* null terminate Linux version */
2907                 bytes_returned =
2908                     cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2909                                   64, nls_codepage);
2910                 bcc_ptr += 2 * bytes_returned;
2911                 *(bcc_ptr + 1) = 0;
2912                 *(bcc_ptr + 2) = 0;
2913                 bcc_ptr += 2;   /* null terminate network opsys string */
2914                 *(bcc_ptr + 1) = 0;
2915                 *(bcc_ptr + 2) = 0;
2916                 bcc_ptr += 2;   /* null domain */
2917         } else {                /* ASCII */
2918                 strcpy(bcc_ptr, "Linux version ");
2919                 bcc_ptr += strlen("Linux version ");
2920                 strcpy(bcc_ptr, utsname()->release);
2921                 bcc_ptr += strlen(utsname()->release) + 1;
2922                 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2923                 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2924                 bcc_ptr++;      /* empty domain field */
2925                 *bcc_ptr = 0;
2926         }
2927         SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2928         pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2929         count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2930         smb_buffer->smb_buf_length += count;
2931         pSMB->req.ByteCount = cpu_to_le16(count);
2932
2933         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2934                          &bytes_returned, CIFS_LONG_OP);
2935
2936         if (smb_buffer_response->Status.CifsError ==
2937             cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
2938                 rc = 0;
2939
2940         if (rc) {
2941 /*    rc = map_smb_to_linux_error(smb_buffer_response);  *//* done in SendReceive now */
2942         } else if ((smb_buffer_response->WordCount == 3)
2943                    || (smb_buffer_response->WordCount == 4)) {
2944                 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2945                 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2946
2947                 if (action & GUEST_LOGIN)
2948                         cFYI(1, ("Guest login"));
2949         /* Do we want to set anything in SesInfo struct when guest login? */
2950
2951                 bcc_ptr = pByteArea(smb_buffer_response);
2952         /* response can have either 3 or 4 word count - Samba sends 3 */
2953
2954                 SecurityBlob2 = (PCHALLENGE_MESSAGE) bcc_ptr;
2955                 if (SecurityBlob2->MessageType != NtLmChallenge) {
2956                         cFYI(1, ("Unexpected NTLMSSP message type received %d",
2957                               SecurityBlob2->MessageType));
2958                 } else if (ses) {
2959                         ses->Suid = smb_buffer_response->Uid; /* UID left in le format */
2960                         cFYI(1, ("UID = %d", ses->Suid));
2961                         if ((pSMBr->resp.hdr.WordCount == 3)
2962                             || ((pSMBr->resp.hdr.WordCount == 4)
2963                                 && (blob_len <
2964                                     pSMBr->resp.ByteCount))) {
2965
2966                                 if (pSMBr->resp.hdr.WordCount == 4) {
2967                                         bcc_ptr += blob_len;
2968                                         cFYI(1, ("Security Blob Length %d",
2969                                               blob_len));
2970                                 }
2971
2972                                 cFYI(1, ("NTLMSSP Challenge rcvd"));
2973
2974                                 memcpy(ses->server->cryptKey,
2975                                        SecurityBlob2->Challenge,
2976                                        CIFS_CRYPTO_KEY_SIZE);
2977                                 if (SecurityBlob2->NegotiateFlags &
2978                                         cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
2979                                         *pNTLMv2_flag = true;
2980
2981                                 if ((SecurityBlob2->NegotiateFlags &
2982                                         cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN))
2983                                         || (sign_CIFS_PDUs > 1))
2984                                                 ses->server->secMode |=
2985                                                         SECMODE_SIGN_REQUIRED;
2986                                 if ((SecurityBlob2->NegotiateFlags &
2987                                         cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN)) && (sign_CIFS_PDUs))
2988                                                 ses->server->secMode |=
2989                                                         SECMODE_SIGN_ENABLED;
2990
2991                                 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2992                                         if ((long) (bcc_ptr) % 2) {
2993                                                 remaining_words =
2994                                                     (BCC(smb_buffer_response)
2995                                                      - 1) / 2;
2996                                          /* Must word align unicode strings */
2997                                                 bcc_ptr++;
2998                                         } else {
2999                                                 remaining_words =
3000                                                     BCC
3001                                                     (smb_buffer_response) / 2;
3002                                         }
3003                                         len =
3004                                             UniStrnlen((wchar_t *) bcc_ptr,
3005                                                        remaining_words - 1);
3006 /* We look for obvious messed up bcc or strings in response so we do not go off
3007    the end since (at least) WIN2K and Windows XP have a major bug in not null
3008    terminating last Unicode string in response  */
3009                                         if (ses->serverOS)
3010                                                 kfree(ses->serverOS);
3011                                         ses->serverOS =
3012                                             kzalloc(2 * (len + 1), GFP_KERNEL);
3013                                         cifs_strfromUCS_le(ses->serverOS,
3014                                                            (__le16 *)
3015                                                            bcc_ptr, len,
3016                                                            nls_codepage);
3017                                         bcc_ptr += 2 * (len + 1);
3018                                         remaining_words -= len + 1;
3019                                         ses->serverOS[2 * len] = 0;
3020                                         ses->serverOS[1 + (2 * len)] = 0;
3021                                         if (remaining_words > 0) {
3022                                                 len = UniStrnlen((wchar_t *)
3023                                                                  bcc_ptr,
3024                                                                  remaining_words
3025                                                                  - 1);
3026                                                 kfree(ses->serverNOS);
3027                                                 ses->serverNOS =
3028                                                     kzalloc(2 * (len + 1),
3029                                                             GFP_KERNEL);
3030                                                 cifs_strfromUCS_le(ses->
3031                                                                    serverNOS,
3032                                                                    (__le16 *)
3033                                                                    bcc_ptr,
3034                                                                    len,
3035                                                                    nls_codepage);
3036                                                 bcc_ptr += 2 * (len + 1);
3037                                                 ses->serverNOS[2 * len] = 0;
3038                                                 ses->serverNOS[1 +
3039                                                                (2 * len)] = 0;
3040                                                 remaining_words -= len + 1;
3041                                                 if (remaining_words > 0) {
3042                                                         len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
3043                                 /* last string not always null terminated
3044                                    (for e.g. for Windows XP & 2000) */
3045                                                         kfree(ses->serverDomain);
3046                                                         ses->serverDomain =
3047                                                             kzalloc(2 *
3048                                                                     (len +
3049                                                                      1),
3050                                                                     GFP_KERNEL);
3051                                                         cifs_strfromUCS_le
3052                                                             (ses->serverDomain,
3053                                                              (__le16 *)bcc_ptr,
3054                                                              len, nls_codepage);
3055                                                         bcc_ptr +=
3056                                                             2 * (len + 1);
3057                                                         ses->serverDomain[2*len]
3058                                                             = 0;
3059                                                         ses->serverDomain
3060                                                                 [1 + (2 * len)]
3061                                                             = 0;
3062                                                 } /* else no more room so create dummy domain string */
3063                                                 else {
3064                                                         kfree(ses->serverDomain);
3065                                                         ses->serverDomain =
3066                                                             kzalloc(2,
3067                                                                     GFP_KERNEL);
3068                                                 }
3069                                         } else {        /* no room so create dummy domain and NOS string */
3070                                                 kfree(ses->serverDomain);
3071                                                 ses->serverDomain =
3072                                                     kzalloc(2, GFP_KERNEL);
3073                                                 kfree(ses->serverNOS);
3074                                                 ses->serverNOS =
3075                                                     kzalloc(2, GFP_KERNEL);
3076                                         }
3077                                 } else {        /* ASCII */
3078                                         len = strnlen(bcc_ptr, 1024);
3079                                         if (((long) bcc_ptr + len) - (long)
3080                                             pByteArea(smb_buffer_response)
3081                                             <= BCC(smb_buffer_response)) {
3082                                                 if (ses->serverOS)
3083                                                         kfree(ses->serverOS);
3084                                                 ses->serverOS =
3085                                                     kzalloc(len + 1,
3086                                                             GFP_KERNEL);
3087                                                 strncpy(ses->serverOS,
3088                                                         bcc_ptr, len);
3089
3090                                                 bcc_ptr += len;
3091                                                 bcc_ptr[0] = 0; /* null terminate string */
3092                                                 bcc_ptr++;
3093
3094                                                 len = strnlen(bcc_ptr, 1024);
3095                                                 kfree(ses->serverNOS);
3096                                                 ses->serverNOS =
3097                                                     kzalloc(len + 1,
3098                                                             GFP_KERNEL);
3099                                                 strncpy(ses->serverNOS, bcc_ptr, len);
3100                                                 bcc_ptr += len;
3101                                                 bcc_ptr[0] = 0;
3102                                                 bcc_ptr++;
3103
3104                                                 len = strnlen(bcc_ptr, 1024);
3105                                                 kfree(ses->serverDomain);
3106                                                 ses->serverDomain =
3107                                                     kzalloc(len + 1,
3108                                                             GFP_KERNEL);
3109                                                 strncpy(ses->serverDomain,
3110                                                         bcc_ptr, len);
3111                                                 bcc_ptr += len;
3112                                                 bcc_ptr[0] = 0;
3113                                                 bcc_ptr++;
3114                                         } else
3115                                                 cFYI(1,
3116                                                      ("field of length %d "
3117                                                     "extends beyond end of smb",
3118                                                       len));
3119                                 }
3120                         } else {
3121                                 cERROR(1, ("Security Blob Length extends beyond"
3122                                            " end of SMB"));
3123                         }
3124                 } else {
3125                         cERROR(1, ("No session structure passed in."));
3126                 }
3127         } else {
3128                 cERROR(1, ("Invalid Word count %d:",
3129                         smb_buffer_response->WordCount));
3130                 rc = -EIO;
3131         }
3132
3133         cifs_buf_release(smb_buffer);
3134
3135         return rc;
3136 }
3137 static int
3138 CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
3139                         char *ntlm_session_key, bool ntlmv2_flag,
3140                         const struct nls_table *nls_codepage)
3141 {
3142         struct smb_hdr *smb_buffer;
3143         struct smb_hdr *smb_buffer_response;
3144         SESSION_SETUP_ANDX *pSMB;
3145         SESSION_SETUP_ANDX *pSMBr;
3146         char *bcc_ptr;
3147         char *user;
3148         char *domain;
3149         int rc = 0;
3150         int remaining_words = 0;
3151         int bytes_returned = 0;
3152         int len;
3153         int SecurityBlobLength = sizeof(AUTHENTICATE_MESSAGE);
3154         PAUTHENTICATE_MESSAGE SecurityBlob;
3155         __u32 negotiate_flags, capabilities;
3156         __u16 count;
3157
3158         cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
3159         if (ses == NULL)
3160                 return -EINVAL;
3161         user = ses->userName;
3162         domain = ses->domainName;
3163         smb_buffer = cifs_buf_get();
3164         if (smb_buffer == NULL) {
3165                 return -ENOMEM;
3166         }
3167         smb_buffer_response = smb_buffer;
3168         pSMB = (SESSION_SETUP_ANDX *)smb_buffer;
3169         pSMBr = (SESSION_SETUP_ANDX *)smb_buffer_response;
3170
3171         /* send SMBsessionSetup here */
3172         header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
3173                         NULL /* no tCon exists yet */ , 12 /* wct */ );
3174
3175         smb_buffer->Mid = GetNextMid(ses->server);
3176         pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
3177         pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
3178         pSMB->req.AndXCommand = 0xFF;
3179         pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
3180         pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
3181
3182         pSMB->req.hdr.Uid = ses->Suid;
3183
3184         if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3185                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3186
3187         capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
3188                         CAP_EXTENDED_SECURITY;
3189         if (ses->capabilities & CAP_UNICODE) {
3190                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3191                 capabilities |= CAP_UNICODE;
3192         }
3193         if (ses->capabilities & CAP_STATUS32) {
3194                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3195                 capabilities |= CAP_STATUS32;
3196         }
3197         if (ses->capabilities & CAP_DFS) {
3198                 smb_buffer->Flags2 |= SMBFLG2_DFS;
3199                 capabilities |= CAP_DFS;
3200         }
3201         pSMB->req.Capabilities = cpu_to_le32(capabilities);
3202
3203         bcc_ptr = (char *)&pSMB->req.SecurityBlob;
3204         SecurityBlob = (PAUTHENTICATE_MESSAGE)bcc_ptr;
3205         strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
3206         SecurityBlob->MessageType = NtLmAuthenticate;
3207         bcc_ptr += SecurityBlobLength;
3208         negotiate_flags = NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
3209                         NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
3210                         0x80000000 | NTLMSSP_NEGOTIATE_128;
3211         if (sign_CIFS_PDUs)
3212                 negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
3213         if (ntlmv2_flag)
3214                 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
3215
3216 /* setup pointers to domain name and workstation name */
3217
3218         SecurityBlob->WorkstationName.Buffer = 0;
3219         SecurityBlob->WorkstationName.Length = 0;
3220         SecurityBlob->WorkstationName.MaximumLength = 0;
3221         SecurityBlob->SessionKey.Length = 0;
3222         SecurityBlob->SessionKey.MaximumLength = 0;
3223         SecurityBlob->SessionKey.Buffer = 0;
3224
3225         SecurityBlob->LmChallengeResponse.Length = 0;
3226         SecurityBlob->LmChallengeResponse.MaximumLength = 0;
3227         SecurityBlob->LmChallengeResponse.Buffer = 0;
3228
3229         SecurityBlob->NtChallengeResponse.Length =
3230             cpu_to_le16(CIFS_SESS_KEY_SIZE);
3231         SecurityBlob->NtChallengeResponse.MaximumLength =
3232             cpu_to_le16(CIFS_SESS_KEY_SIZE);
3233         memcpy(bcc_ptr, ntlm_session_key, CIFS_SESS_KEY_SIZE);
3234         SecurityBlob->NtChallengeResponse.Buffer =
3235             cpu_to_le32(SecurityBlobLength);
3236         SecurityBlobLength += CIFS_SESS_KEY_SIZE;
3237         bcc_ptr += CIFS_SESS_KEY_SIZE;
3238
3239         if (ses->capabilities & CAP_UNICODE) {
3240                 if (domain == NULL) {
3241                         SecurityBlob->DomainName.Buffer = 0;
3242                         SecurityBlob->DomainName.Length = 0;
3243                         SecurityBlob->DomainName.MaximumLength = 0;
3244                 } else {
3245                         __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
3246                                           nls_codepage);
3247                         ln *= 2;
3248                         SecurityBlob->DomainName.MaximumLength =
3249                             cpu_to_le16(ln);
3250                         SecurityBlob->DomainName.Buffer =
3251                             cpu_to_le32(SecurityBlobLength);
3252                         bcc_ptr += ln;
3253                         SecurityBlobLength += ln;
3254                         SecurityBlob->DomainName.Length = cpu_to_le16(ln);
3255                 }
3256                 if (user == NULL) {
3257                         SecurityBlob->UserName.Buffer = 0;
3258                         SecurityBlob->UserName.Length = 0;
3259                         SecurityBlob->UserName.MaximumLength = 0;
3260                 } else {
3261                         __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, user, 64,
3262                                           nls_codepage);
3263                         ln *= 2;
3264                         SecurityBlob->UserName.MaximumLength =
3265                             cpu_to_le16(ln);
3266                         SecurityBlob->UserName.Buffer =
3267                             cpu_to_le32(SecurityBlobLength);
3268                         bcc_ptr += ln;
3269                         SecurityBlobLength += ln;
3270                         SecurityBlob->UserName.Length = cpu_to_le16(ln);
3271                 }
3272
3273                 /* SecurityBlob->WorkstationName.Length =
3274                  cifs_strtoUCS((__le16 *) bcc_ptr, "AMACHINE",64, nls_codepage);
3275                    SecurityBlob->WorkstationName.Length *= 2;
3276                    SecurityBlob->WorkstationName.MaximumLength =
3277                         cpu_to_le16(SecurityBlob->WorkstationName.Length);
3278                    SecurityBlob->WorkstationName.Buffer =
3279                                  cpu_to_le32(SecurityBlobLength);
3280                    bcc_ptr += SecurityBlob->WorkstationName.Length;
3281                    SecurityBlobLength += SecurityBlob->WorkstationName.Length;
3282                    SecurityBlob->WorkstationName.Length =
3283                         cpu_to_le16(SecurityBlob->WorkstationName.Length);  */
3284
3285                 if ((long) bcc_ptr % 2) {
3286                         *bcc_ptr = 0;
3287                         bcc_ptr++;
3288                 }
3289                 bytes_returned =
3290                     cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
3291                                   32, nls_codepage);
3292                 bcc_ptr += 2 * bytes_returned;
3293                 bytes_returned =
3294                     cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
3295                                   nls_codepage);
3296                 bcc_ptr += 2 * bytes_returned;
3297                 bcc_ptr += 2;   /* null term version string */
3298                 bytes_returned =
3299                     cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
3300                                   64, nls_codepage);
3301                 bcc_ptr += 2 * bytes_returned;
3302                 *(bcc_ptr + 1) = 0;
3303                 *(bcc_ptr + 2) = 0;
3304                 bcc_ptr += 2;   /* null terminate network opsys string */
3305                 *(bcc_ptr + 1) = 0;
3306                 *(bcc_ptr + 2) = 0;
3307                 bcc_ptr += 2;   /* null domain */
3308         } else {                /* ASCII */
3309                 if (domain == NULL) {
3310                         SecurityBlob->DomainName.Buffer = 0;
3311                         SecurityBlob->DomainName.Length = 0;
3312                         SecurityBlob->DomainName.MaximumLength = 0;
3313                 } else {
3314                         __u16 ln;
3315                         negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
3316                         strncpy(bcc_ptr, domain, 63);
3317                         ln = strnlen(domain, 64);
3318                         SecurityBlob->DomainName.MaximumLength =
3319                             cpu_to_le16(ln);
3320                         SecurityBlob->DomainName.Buffer =
3321                             cpu_to_le32(SecurityBlobLength);
3322                         bcc_ptr += ln;
3323                         SecurityBlobLength += ln;
3324                         SecurityBlob->DomainName.Length = cpu_to_le16(ln);
3325                 }
3326                 if (user == NULL) {
3327                         SecurityBlob->UserName.Buffer = 0;
3328                         SecurityBlob->UserName.Length = 0;
3329                         SecurityBlob->UserName.MaximumLength = 0;
3330                 } else {
3331                         __u16 ln;
3332                         strncpy(bcc_ptr, user, 63);
3333                         ln = strnlen(user, 64);
3334                         SecurityBlob->UserName.MaximumLength = cpu_to_le16(ln);
3335                         SecurityBlob->UserName.Buffer =
3336                                                 cpu_to_le32(SecurityBlobLength);
3337                         bcc_ptr += ln;
3338                         SecurityBlobLength += ln;
3339                         SecurityBlob->UserName.Length = cpu_to_le16(ln);
3340                 }
3341                 /* BB fill in our workstation name if known BB */
3342
3343                 strcpy(bcc_ptr, "Linux version ");
3344                 bcc_ptr += strlen("Linux version ");
3345                 strcpy(bcc_ptr, utsname()->release);
3346                 bcc_ptr += strlen(utsname()->release) + 1;
3347                 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
3348                 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
3349                 bcc_ptr++;      /* null domain */
3350                 *bcc_ptr = 0;
3351         }
3352         SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
3353         pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
3354         count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
3355         smb_buffer->smb_buf_length += count;
3356         pSMB->req.ByteCount = cpu_to_le16(count);
3357
3358         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
3359                          &bytes_returned, CIFS_LONG_OP);
3360         if (rc) {
3361 /*   rc = map_smb_to_linux_error(smb_buffer_response) done in SendReceive now */
3362         } else if ((smb_buffer_response->WordCount == 3) ||
3363                    (smb_buffer_response->WordCount == 4)) {
3364                 __u16 action = le16_to_cpu(pSMBr->resp.Action);
3365                 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
3366                 if (action & GUEST_LOGIN)
3367                         cFYI(1, ("Guest login")); /* BB Should we set anything
3368                                                          in SesInfo struct ? */
3369 /*              if (SecurityBlob2->MessageType != NtLm??) {
3370                         cFYI("Unexpected message type on auth response is %d"));
3371                 } */
3372
3373                 if (ses) {
3374                         cFYI(1,
3375                              ("Check challenge UID %d vs auth response UID %d",
3376                               ses->Suid, smb_buffer_response->Uid));
3377                         /* UID left in wire format */
3378                         ses->Suid = smb_buffer_response->Uid;
3379                         bcc_ptr = pByteArea(smb_buffer_response);
3380                 /* response can have either 3 or 4 word count - Samba sends 3 */
3381                         if ((pSMBr->resp.hdr.WordCount == 3)
3382                             || ((pSMBr->resp.hdr.WordCount == 4)
3383                                 && (blob_len <
3384                                     pSMBr->resp.ByteCount))) {
3385                                 if (pSMBr->resp.hdr.WordCount == 4) {
3386                                         bcc_ptr +=
3387                                             blob_len;
3388                                         cFYI(1,
3389                                              ("Security Blob Length %d ",
3390                                               blob_len));
3391                                 }
3392
3393                                 cFYI(1,
3394                                      ("NTLMSSP response to Authenticate "));
3395
3396                                 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3397                                         if ((long) (bcc_ptr) % 2) {
3398                                                 remaining_words =
3399                                                     (BCC(smb_buffer_response)
3400                                                      - 1) / 2;
3401                                                 bcc_ptr++;      /* Unicode strings must be word aligned */
3402                                         } else {
3403                                                 remaining_words = BCC(smb_buffer_response) / 2;
3404                                         }
3405                                         len = UniStrnlen((wchar_t *) bcc_ptr,
3406                                                         remaining_words - 1);
3407 /* We look for obvious messed up bcc or strings in response so we do not go off
3408   the end since (at least) WIN2K and Windows XP have a major bug in not null
3409   terminating last Unicode string in response  */
3410                                         if (ses->serverOS)
3411                                                 kfree(ses->serverOS);
3412                                         ses->serverOS =
3413                                             kzalloc(2 * (len + 1), GFP_KERNEL);
3414                                         cifs_strfromUCS_le(ses->serverOS,
3415                                                            (__le16 *)
3416                                                            bcc_ptr, len,
3417                                                            nls_codepage);
3418                                         bcc_ptr += 2 * (len + 1);
3419                                         remaining_words -= len + 1;
3420                                         ses->serverOS[2 * len] = 0;
3421                                         ses->serverOS[1 + (2 * len)] = 0;
3422                                         if (remaining_words > 0) {
3423                                                 len = UniStrnlen((wchar_t *)
3424                                                                  bcc_ptr,
3425                                                                  remaining_words
3426                                                                  - 1);
3427                                                 kfree(ses->serverNOS);
3428                                                 ses->serverNOS =
3429                                                     kzalloc(2 * (len + 1),
3430                                                             GFP_KERNEL);
3431                                                 cifs_strfromUCS_le(ses->
3432                                                                    serverNOS,
3433                                                                    (__le16 *)
3434                                                                    bcc_ptr,
3435                                                                    len,
3436                                                                    nls_codepage);
3437                                                 bcc_ptr += 2 * (len + 1);
3438                                                 ses->serverNOS[2 * len] = 0;
3439                                                 ses->serverNOS[1+(2*len)] = 0;
3440                                                 remaining_words -= len + 1;
3441                                                 if (remaining_words > 0) {
3442                                                         len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
3443      /* last string not always null terminated (e.g. for Windows XP & 2000) */
3444                                                         if (ses->serverDomain)
3445                                                                 kfree(ses->serverDomain);
3446                                                         ses->serverDomain =
3447                                                             kzalloc(2 *
3448                                                                     (len +
3449                                                                      1),
3450                                                                     GFP_KERNEL);
3451                                                         cifs_strfromUCS_le
3452                                                             (ses->
3453                                                              serverDomain,
3454                                                              (__le16 *)
3455                                                              bcc_ptr, len,
3456                                                              nls_codepage);
3457                                                         bcc_ptr +=
3458                                                             2 * (len + 1);
3459                                                         ses->
3460                                                             serverDomain[2
3461                                                                          * len]
3462                                                             = 0;
3463                                                         ses->
3464                                                             serverDomain[1
3465                                                                          +
3466                                                                          (2
3467                                                                           *
3468                                                                           len)]
3469                                                             = 0;
3470                                                 } /* else no more room so create dummy domain string */
3471                                                 else {
3472                                                         if (ses->serverDomain)
3473                                                                 kfree(ses->serverDomain);
3474                                                         ses->serverDomain = kzalloc(2,GFP_KERNEL);
3475                                                 }
3476                                         } else {  /* no room so create dummy domain and NOS string */
3477                                                 if (ses->serverDomain)
3478                                                         kfree(ses->serverDomain);
3479                                                 ses->serverDomain = kzalloc(2, GFP_KERNEL);
3480                                                 kfree(ses->serverNOS);
3481                                                 ses->serverNOS = kzalloc(2, GFP_KERNEL);
3482                                         }
3483                                 } else {        /* ASCII */
3484                                         len = strnlen(bcc_ptr, 1024);
3485                                         if (((long) bcc_ptr + len) -
3486                                            (long) pByteArea(smb_buffer_response)
3487                                                 <= BCC(smb_buffer_response)) {
3488                                                 if (ses->serverOS)
3489                                                         kfree(ses->serverOS);
3490                                                 ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
3491                                                 strncpy(ses->serverOS,bcc_ptr, len);
3492
3493                                                 bcc_ptr += len;
3494                                                 bcc_ptr[0] = 0; /* null terminate the string */
3495                                                 bcc_ptr++;
3496
3497                                                 len = strnlen(bcc_ptr, 1024);
3498                                                 kfree(ses->serverNOS);
3499                                                 ses->serverNOS = kzalloc(len+1,
3500                                                                     GFP_KERNEL);
3501                                                 strncpy(ses->serverNOS,
3502                                                         bcc_ptr, len);
3503                                                 bcc_ptr += len;
3504                                                 bcc_ptr[0] = 0;
3505                                                 bcc_ptr++;
3506
3507                                                 len = strnlen(bcc_ptr, 1024);
3508                                                 if (ses->serverDomain)
3509                                                         kfree(ses->serverDomain);
3510                                                 ses->serverDomain =
3511                                                                 kzalloc(len+1,
3512                                                                     GFP_KERNEL);
3513                                                 strncpy(ses->serverDomain,
3514                                                         bcc_ptr, len);
3515                                                 bcc_ptr += len;
3516                                                 bcc_ptr[0] = 0;
3517                                                 bcc_ptr++;
3518                                         } else
3519                                                 cFYI(1, ("field of length %d "
3520                                                    "extends beyond end of smb ",
3521                                                       len));
3522                                 }
3523                         } else {
3524                                 cERROR(1, ("Security Blob extends beyond end "
3525                                         "of SMB"));
3526                         }
3527                 } else {
3528                         cERROR(1, ("No session structure passed in."));
3529                 }
3530         } else {
3531                 cERROR(1, ("Invalid Word count %d: ",
3532                         smb_buffer_response->WordCount));
3533                 rc = -EIO;
3534         }
3535
3536         cifs_buf_release(smb_buffer);
3537
3538         return rc;
3539 }
3540
3541 int
3542 CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3543          const char *tree, struct cifsTconInfo *tcon,
3544          const struct nls_table *nls_codepage)
3545 {
3546         struct smb_hdr *smb_buffer;
3547         struct smb_hdr *smb_buffer_response;
3548         TCONX_REQ *pSMB;
3549         TCONX_RSP *pSMBr;
3550         unsigned char *bcc_ptr;
3551         int rc = 0;
3552         int length;
3553         __u16 count;
3554
3555         if (ses == NULL)
3556                 return -EIO;
3557
3558         smb_buffer = cifs_buf_get();
3559         if (smb_buffer == NULL) {
3560                 return -ENOMEM;
3561         }
3562         smb_buffer_response = smb_buffer;
3563
3564         header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3565                         NULL /*no tid */ , 4 /*wct */ );
3566
3567         smb_buffer->Mid = GetNextMid(ses->server);
3568         smb_buffer->Uid = ses->Suid;
3569         pSMB = (TCONX_REQ *) smb_buffer;
3570         pSMBr = (TCONX_RSP *) smb_buffer_response;
3571
3572         pSMB->AndXCommand = 0xFF;
3573         pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
3574         bcc_ptr = &pSMB->Password[0];
3575         if ((ses->server->secMode) & SECMODE_USER) {
3576                 pSMB->PasswordLength = cpu_to_le16(1);  /* minimum */
3577                 *bcc_ptr = 0; /* password is null byte */
3578                 bcc_ptr++;              /* skip password */
3579                 /* already aligned so no need to do it below */
3580         } else {
3581                 pSMB->PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);
3582                 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3583                    specified as required (when that support is added to
3584                    the vfs in the future) as only NTLM or the much
3585                    weaker LANMAN (which we do not send by default) is accepted
3586                    by Samba (not sure whether other servers allow
3587                    NTLMv2 password here) */
3588 #ifdef CONFIG_CIFS_WEAK_PW_HASH
3589                 if ((extended_security & CIFSSEC_MAY_LANMAN) &&
3590                     (ses->server->secType == LANMAN))
3591                         calc_lanman_hash(tcon->password, ses->server->cryptKey,
3592                                          ses->server->secMode &
3593                                             SECMODE_PW_ENCRYPT ? true : false,
3594                                          bcc_ptr);
3595                 else
3596 #endif /* CIFS_WEAK_PW_HASH */
3597                 SMBNTencrypt(tcon->password, ses->server->cryptKey,
3598                              bcc_ptr);
3599
3600                 bcc_ptr += CIFS_SESS_KEY_SIZE;
3601                 if (ses->capabilities & CAP_UNICODE) {
3602                         /* must align unicode strings */
3603                         *bcc_ptr = 0; /* null byte password */
3604                         bcc_ptr++;
3605                 }
3606         }
3607
3608         if (ses->server->secMode &
3609                         (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3610                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3611
3612         if (ses->capabilities & CAP_STATUS32) {
3613                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3614         }
3615         if (ses->capabilities & CAP_DFS) {
3616                 smb_buffer->Flags2 |= SMBFLG2_DFS;
3617         }
3618         if (ses->capabilities & CAP_UNICODE) {
3619                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3620                 length =
3621                     cifs_strtoUCS((__le16 *) bcc_ptr, tree,
3622                         6 /* max utf8 char length in bytes */ *
3623                         (/* server len*/ + 256 /* share len */), nls_codepage);
3624                 bcc_ptr += 2 * length;  /* convert num 16 bit words to bytes */
3625                 bcc_ptr += 2;   /* skip trailing null */
3626         } else {                /* ASCII */
3627                 strcpy(bcc_ptr, tree);
3628                 bcc_ptr += strlen(tree) + 1;
3629         }
3630         strcpy(bcc_ptr, "?????");
3631         bcc_ptr += strlen("?????");
3632         bcc_ptr += 1;
3633         count = bcc_ptr - &pSMB->Password[0];
3634         pSMB->hdr.smb_buf_length += count;
3635         pSMB->ByteCount = cpu_to_le16(count);
3636
3637         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length,
3638                          CIFS_STD_OP);
3639
3640         /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3641         /* above now done in SendReceive */
3642         if ((rc == 0) && (tcon != NULL)) {
3643                 tcon->tidStatus = CifsGood;
3644                 tcon->need_reconnect = false;
3645                 tcon->tid = smb_buffer_response->Tid;
3646                 bcc_ptr = pByteArea(smb_buffer_response);
3647                 length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2);
3648                 /* skip service field (NB: this field is always ASCII) */
3649                 if (length == 3) {
3650                         if ((bcc_ptr[0] == 'I') && (bcc_ptr[1] == 'P') &&
3651                             (bcc_ptr[2] == 'C')) {
3652                                 cFYI(1, ("IPC connection"));
3653                                 tcon->ipc = 1;
3654                         }
3655                 } else if (length == 2) {
3656                         if ((bcc_ptr[0] == 'A') && (bcc_ptr[1] == ':')) {
3657                                 /* the most common case */
3658                                 cFYI(1, ("disk share connection"));
3659                         }
3660                 }
3661                 bcc_ptr += length + 1;
3662                 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3663                 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3664                         length = UniStrnlen((wchar_t *) bcc_ptr, 512);
3665                         if ((bcc_ptr + (2 * length)) -
3666                              pByteArea(smb_buffer_response) <=
3667                             BCC(smb_buffer_response)) {
3668                                 kfree(tcon->nativeFileSystem);
3669                                 tcon->nativeFileSystem =
3670                                     kzalloc(length + 2, GFP_KERNEL);
3671                                 if (tcon->nativeFileSystem)
3672                                         cifs_strfromUCS_le(
3673                                                 tcon->nativeFileSystem,
3674                                                 (__le16 *) bcc_ptr,
3675                                                 length, nls_codepage);
3676                                 bcc_ptr += 2 * length;
3677                                 bcc_ptr[0] = 0; /* null terminate the string */
3678                                 bcc_ptr[1] = 0;
3679                                 bcc_ptr += 2;
3680                         }
3681                         /* else do not bother copying these information fields*/
3682                 } else {
3683                         length = strnlen(bcc_ptr, 1024);
3684                         if ((bcc_ptr + length) -
3685                             pByteArea(smb_buffer_response) <=
3686                             BCC(smb_buffer_response)) {
3687                                 kfree(tcon->nativeFileSystem);
3688                                 tcon->nativeFileSystem =
3689                                     kzalloc(length + 1, GFP_KERNEL);
3690                                 if (tcon->nativeFileSystem)
3691                                         strncpy(tcon->nativeFileSystem, bcc_ptr,
3692                                                 length);
3693                         }
3694                         /* else do not bother copying these information fields*/
3695                 }
3696                 if ((smb_buffer_response->WordCount == 3) ||
3697                          (smb_buffer_response->WordCount == 7))
3698                         /* field is in same location */
3699                         tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3700                 else
3701                         tcon->Flags = 0;
3702                 cFYI(1, ("Tcon flags: 0x%x ", tcon->Flags));
3703         } else if ((rc == 0) && tcon == NULL) {
3704                 /* all we need to save for IPC$ connection */
3705                 ses->ipc_tid = smb_buffer_response->Tid;
3706         }
3707
3708         cifs_buf_release(smb_buffer);
3709         return rc;
3710 }
3711
3712 int
3713 cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3714 {
3715         int rc = 0;
3716         char *tmp;
3717
3718         if (cifs_sb->tcon)
3719                 cifs_put_tcon(cifs_sb->tcon);
3720
3721         cifs_sb->tcon = NULL;
3722         tmp = cifs_sb->prepath;
3723         cifs_sb->prepathlen = 0;
3724         cifs_sb->prepath = NULL;
3725         kfree(tmp);
3726
3727         return rc;
3728 }
3729
3730 int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
3731                                            struct nls_table *nls_info)
3732 {
3733         int rc = 0;
3734         char ntlm_session_key[CIFS_SESS_KEY_SIZE];
3735         bool ntlmv2_flag = false;
3736         int first_time = 0;
3737         struct TCP_Server_Info *server = pSesInfo->server;
3738
3739         /* what if server changes its buffer size after dropping the session? */
3740         if (server->maxBuf == 0) /* no need to send on reconnect */ {
3741                 rc = CIFSSMBNegotiate(xid, pSesInfo);
3742                 if (rc == -EAGAIN) {
3743                         /* retry only once on 1st time connection */
3744                         rc = CIFSSMBNegotiate(xid, pSesInfo);
3745                         if (rc == -EAGAIN)
3746                                 rc = -EHOSTDOWN;
3747                 }
3748                 if (rc == 0) {
3749                         spin_lock(&GlobalMid_Lock);
3750                         if (server->tcpStatus != CifsExiting)
3751                                 server->tcpStatus = CifsGood;
3752                         else
3753                                 rc = -EHOSTDOWN;
3754                         spin_unlock(&GlobalMid_Lock);
3755
3756                 }
3757                 first_time = 1;
3758         }
3759
3760         if (rc)
3761                 goto ss_err_exit;
3762
3763         pSesInfo->flags = 0;
3764         pSesInfo->capabilities = server->capabilities;
3765         if (linuxExtEnabled == 0)
3766                 pSesInfo->capabilities &= (~CAP_UNIX);
3767         /*      pSesInfo->sequence_number = 0;*/
3768         cFYI(1, ("Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d",
3769                  server->secMode, server->capabilities, server->timeAdj));
3770
3771         if (experimEnabled < 2)
3772                 rc = CIFS_SessSetup(xid, pSesInfo, first_time, nls_info);
3773         else if (extended_security
3774                         && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3775                         && (server->secType == NTLMSSP)) {
3776                 rc = -EOPNOTSUPP;
3777         } else if (extended_security
3778                         && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3779                         && (server->secType == RawNTLMSSP)) {
3780                 cFYI(1, ("NTLMSSP sesssetup"));
3781                 rc = CIFSNTLMSSPNegotiateSessSetup(xid, pSesInfo, &ntlmv2_flag,
3782                                                    nls_info);
3783                 if (!rc) {
3784                         if (ntlmv2_flag) {
3785                                 char *v2_response;
3786                                 cFYI(1, ("more secure NTLM ver2 hash"));
3787                                 if (CalcNTLMv2_partial_mac_key(pSesInfo,
3788                                                                 nls_info)) {
3789                                         rc = -ENOMEM;
3790                                         goto ss_err_exit;
3791                                 } else
3792                                         v2_response = kmalloc(16 + 64 /* blob*/,
3793                                                                 GFP_KERNEL);
3794                                 if (v2_response) {
3795                                         CalcNTLMv2_response(pSesInfo,
3796                                                                 v2_response);
3797                                 /*      if (first_time)
3798                                                 cifs_calculate_ntlmv2_mac_key */
3799                                         kfree(v2_response);
3800                                         /* BB Put dummy sig in SessSetup PDU? */
3801                                 } else {
3802                                         rc = -ENOMEM;
3803                                         goto ss_err_exit;
3804                                 }
3805
3806                         } else {
3807                                 SMBNTencrypt(pSesInfo->password,
3808                                              server->cryptKey,
3809                                              ntlm_session_key);
3810
3811                                 if (first_time)
3812                                         cifs_calculate_mac_key(
3813                                              &server->mac_signing_key,
3814                                              ntlm_session_key,
3815                                              pSesInfo->password);
3816                         }
3817                         /* for better security the weaker lanman hash not sent
3818                            in AuthSessSetup so we no longer calculate it */
3819
3820                         rc = CIFSNTLMSSPAuthSessSetup(xid, pSesInfo,
3821                                                       ntlm_session_key,
3822                                                       ntlmv2_flag,
3823                                                       nls_info);
3824                 }
3825         } else { /* old style NTLM 0.12 session setup */
3826                 SMBNTencrypt(pSesInfo->password, server->cryptKey,
3827                              ntlm_session_key);
3828
3829                 if (first_time)
3830                         cifs_calculate_mac_key(&server->mac_signing_key,
3831                                                 ntlm_session_key,
3832                                                 pSesInfo->password);
3833
3834                 rc = CIFSSessSetup(xid, pSesInfo, ntlm_session_key, nls_info);
3835         }
3836         if (rc) {
3837                 cERROR(1, ("Send error in SessSetup = %d", rc));
3838         } else {
3839                 cFYI(1, ("CIFS Session Established successfully"));
3840                         spin_lock(&GlobalMid_Lock);
3841                         pSesInfo->status = CifsGood;
3842                         pSesInfo->need_reconnect = false;
3843                         spin_unlock(&GlobalMid_Lock);
3844         }
3845
3846 ss_err_exit:
3847         return rc;
3848 }
3849