Merge branch 'linux-next' of git://git.infradead.org/ubifs-2.6
[linux-2.6] / fs / cifs / connect.c
1 /*
2  *   fs/cifs/connect.c
3  *
4  *   Copyright (C) International Business Machines  Corp., 2002,2008
5  *   Author(s): Steve French (sfrench@us.ibm.com)
6  *
7  *   This library is free software; you can redistribute it and/or modify
8  *   it under the terms of the GNU Lesser General Public License as published
9  *   by the Free Software Foundation; either version 2.1 of the License, or
10  *   (at your option) any later version.
11  *
12  *   This library is distributed in the hope that it will be useful,
13  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
14  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
15  *   the GNU Lesser General Public License for more details.
16  *
17  *   You should have received a copy of the GNU Lesser General Public License
18  *   along with this library; if not, write to the Free Software
19  *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20  */
21 #include <linux/fs.h>
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/ipv6.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/kthread.h>
34 #include <linux/pagevec.h>
35 #include <linux/freezer.h>
36 #include <asm/uaccess.h>
37 #include <asm/processor.h>
38 #include "cifspdu.h"
39 #include "cifsglob.h"
40 #include "cifsproto.h"
41 #include "cifs_unicode.h"
42 #include "cifs_debug.h"
43 #include "cifs_fs_sb.h"
44 #include "ntlmssp.h"
45 #include "nterr.h"
46 #include "rfc1002pdu.h"
47 #include "cn_cifs.h"
48
49 #define CIFS_PORT 445
50 #define RFC1001_PORT 139
51
52 extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
53                          unsigned char *p24);
54
55 extern mempool_t *cifs_req_poolp;
56
57 struct smb_vol {
58         char *username;
59         char *password;
60         char *domainname;
61         char *UNC;
62         char *UNCip;
63         char *in6_addr;   /* ipv6 address as human readable form of in6_addr */
64         char *iocharset;  /* local code page for mapping to and from Unicode */
65         char source_rfc1001_name[16]; /* netbios name of client */
66         char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
67         uid_t linux_uid;
68         gid_t linux_gid;
69         mode_t file_mode;
70         mode_t dir_mode;
71         unsigned secFlg;
72         bool rw:1;
73         bool retry:1;
74         bool intr:1;
75         bool setuids:1;
76         bool override_uid:1;
77         bool override_gid:1;
78         bool dynperm:1;
79         bool noperm:1;
80         bool no_psx_acl:1; /* set if posix acl support should be disabled */
81         bool cifs_acl:1;
82         bool no_xattr:1;   /* set if xattr (EA) support should be disabled*/
83         bool server_ino:1; /* use inode numbers from server ie UniqueId */
84         bool direct_io:1;
85         bool remap:1;      /* set to remap seven reserved chars in filenames */
86         bool posix_paths:1; /* unset to not ask for posix pathnames. */
87         bool no_linux_ext:1;
88         bool sfu_emul:1;
89         bool nullauth:1;   /* attempt to authenticate with null user */
90         bool nocase:1;     /* request case insensitive filenames */
91         bool nobrl:1;      /* disable sending byte range locks to srv */
92         bool mand_lock:1;  /* send mandatory not posix byte range lock reqs */
93         bool seal:1;       /* request transport encryption on share */
94         bool nodfs:1;      /* Do not request DFS, even if available */
95         bool local_lease:1; /* check leases only on local system, not remote */
96         bool noblocksnd:1;
97         bool noautotune:1;
98         unsigned int rsize;
99         unsigned int wsize;
100         unsigned int sockopt;
101         unsigned short int port;
102         char *prepath;
103 };
104
105 static int ipv4_connect(struct TCP_Server_Info *server);
106 static int ipv6_connect(struct TCP_Server_Info *server);
107
108 /*
109  * cifs tcp session reconnection
110  *
111  * mark tcp session as reconnecting so temporarily locked
112  * mark all smb sessions as reconnecting for tcp session
113  * reconnect tcp session
114  * wake up waiters on reconnection? - (not needed currently)
115  */
116 static int
117 cifs_reconnect(struct TCP_Server_Info *server)
118 {
119         int rc = 0;
120         struct list_head *tmp, *tmp2;
121         struct cifsSesInfo *ses;
122         struct cifsTconInfo *tcon;
123         struct mid_q_entry *mid_entry;
124
125         spin_lock(&GlobalMid_Lock);
126         if (server->tcpStatus == CifsExiting) {
127                 /* the demux thread will exit normally
128                 next time through the loop */
129                 spin_unlock(&GlobalMid_Lock);
130                 return rc;
131         } else
132                 server->tcpStatus = CifsNeedReconnect;
133         spin_unlock(&GlobalMid_Lock);
134         server->maxBuf = 0;
135
136         cFYI(1, ("Reconnecting tcp session"));
137
138         /* before reconnecting the tcp session, mark the smb session (uid)
139                 and the tid bad so they are not used until reconnected */
140         read_lock(&cifs_tcp_ses_lock);
141         list_for_each(tmp, &server->smb_ses_list) {
142                 ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
143                 ses->need_reconnect = true;
144                 ses->ipc_tid = 0;
145                 list_for_each(tmp2, &ses->tcon_list) {
146                         tcon = list_entry(tmp2, struct cifsTconInfo, tcon_list);
147                         tcon->need_reconnect = true;
148                 }
149         }
150         read_unlock(&cifs_tcp_ses_lock);
151         /* do not want to be sending data on a socket we are freeing */
152         mutex_lock(&server->srv_mutex);
153         if (server->ssocket) {
154                 cFYI(1, ("State: 0x%x Flags: 0x%lx", server->ssocket->state,
155                         server->ssocket->flags));
156                 kernel_sock_shutdown(server->ssocket, SHUT_WR);
157                 cFYI(1, ("Post shutdown state: 0x%x Flags: 0x%lx",
158                         server->ssocket->state,
159                         server->ssocket->flags));
160                 sock_release(server->ssocket);
161                 server->ssocket = NULL;
162         }
163
164         spin_lock(&GlobalMid_Lock);
165         list_for_each(tmp, &server->pending_mid_q) {
166                 mid_entry = list_entry(tmp, struct
167                                         mid_q_entry,
168                                         qhead);
169                 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
170                                 /* Mark other intransit requests as needing
171                                    retry so we do not immediately mark the
172                                    session bad again (ie after we reconnect
173                                    below) as they timeout too */
174                         mid_entry->midState = MID_RETRY_NEEDED;
175                 }
176         }
177         spin_unlock(&GlobalMid_Lock);
178         mutex_unlock(&server->srv_mutex);
179
180         while ((server->tcpStatus != CifsExiting) &&
181                (server->tcpStatus != CifsGood)) {
182                 try_to_freeze();
183                 if (server->addr.sockAddr6.sin6_family == AF_INET6)
184                         rc = ipv6_connect(server);
185                 else
186                         rc = ipv4_connect(server);
187                 if (rc) {
188                         cFYI(1, ("reconnect error %d", rc));
189                         msleep(3000);
190                 } else {
191                         atomic_inc(&tcpSesReconnectCount);
192                         spin_lock(&GlobalMid_Lock);
193                         if (server->tcpStatus != CifsExiting)
194                                 server->tcpStatus = CifsGood;
195                         server->sequence_number = 0;
196                         spin_unlock(&GlobalMid_Lock);
197         /*              atomic_set(&server->inFlight,0);*/
198                         wake_up(&server->response_q);
199                 }
200         }
201         return rc;
202 }
203
204 /*
205         return codes:
206                 0       not a transact2, or all data present
207                 >0      transact2 with that much data missing
208                 -EINVAL = invalid transact2
209
210  */
211 static int check2ndT2(struct smb_hdr *pSMB, unsigned int maxBufSize)
212 {
213         struct smb_t2_rsp *pSMBt;
214         int total_data_size;
215         int data_in_this_rsp;
216         int remaining;
217
218         if (pSMB->Command != SMB_COM_TRANSACTION2)
219                 return 0;
220
221         /* check for plausible wct, bcc and t2 data and parm sizes */
222         /* check for parm and data offset going beyond end of smb */
223         if (pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
224                 cFYI(1, ("invalid transact2 word count"));
225                 return -EINVAL;
226         }
227
228         pSMBt = (struct smb_t2_rsp *)pSMB;
229
230         total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
231         data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
232
233         remaining = total_data_size - data_in_this_rsp;
234
235         if (remaining == 0)
236                 return 0;
237         else if (remaining < 0) {
238                 cFYI(1, ("total data %d smaller than data in frame %d",
239                         total_data_size, data_in_this_rsp));
240                 return -EINVAL;
241         } else {
242                 cFYI(1, ("missing %d bytes from transact2, check next response",
243                         remaining));
244                 if (total_data_size > maxBufSize) {
245                         cERROR(1, ("TotalDataSize %d is over maximum buffer %d",
246                                 total_data_size, maxBufSize));
247                         return -EINVAL;
248                 }
249                 return remaining;
250         }
251 }
252
253 static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
254 {
255         struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
256         struct smb_t2_rsp *pSMBt  = (struct smb_t2_rsp *)pTargetSMB;
257         int total_data_size;
258         int total_in_buf;
259         int remaining;
260         int total_in_buf2;
261         char *data_area_of_target;
262         char *data_area_of_buf2;
263         __u16 byte_count;
264
265         total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
266
267         if (total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
268                 cFYI(1, ("total data size of primary and secondary t2 differ"));
269         }
270
271         total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
272
273         remaining = total_data_size - total_in_buf;
274
275         if (remaining < 0)
276                 return -EINVAL;
277
278         if (remaining == 0) /* nothing to do, ignore */
279                 return 0;
280
281         total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
282         if (remaining < total_in_buf2) {
283                 cFYI(1, ("transact2 2nd response contains too much data"));
284         }
285
286         /* find end of first SMB data area */
287         data_area_of_target = (char *)&pSMBt->hdr.Protocol +
288                                 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
289         /* validate target area */
290
291         data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
292                                         le16_to_cpu(pSMB2->t2_rsp.DataOffset);
293
294         data_area_of_target += total_in_buf;
295
296         /* copy second buffer into end of first buffer */
297         memcpy(data_area_of_target, data_area_of_buf2, total_in_buf2);
298         total_in_buf += total_in_buf2;
299         pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
300         byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
301         byte_count += total_in_buf2;
302         BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
303
304         byte_count = pTargetSMB->smb_buf_length;
305         byte_count += total_in_buf2;
306
307         /* BB also add check that we are not beyond maximum buffer size */
308
309         pTargetSMB->smb_buf_length = byte_count;
310
311         if (remaining == total_in_buf2) {
312                 cFYI(1, ("found the last secondary response"));
313                 return 0; /* we are done */
314         } else /* more responses to go */
315                 return 1;
316
317 }
318
319 static int
320 cifs_demultiplex_thread(struct TCP_Server_Info *server)
321 {
322         int length;
323         unsigned int pdu_length, total_read;
324         struct smb_hdr *smb_buffer = NULL;
325         struct smb_hdr *bigbuf = NULL;
326         struct smb_hdr *smallbuf = NULL;
327         struct msghdr smb_msg;
328         struct kvec iov;
329         struct socket *csocket = server->ssocket;
330         struct list_head *tmp;
331         struct cifsSesInfo *ses;
332         struct task_struct *task_to_wake = NULL;
333         struct mid_q_entry *mid_entry;
334         char temp;
335         bool isLargeBuf = false;
336         bool isMultiRsp;
337         int reconnect;
338
339         current->flags |= PF_MEMALLOC;
340         cFYI(1, ("Demultiplex PID: %d", task_pid_nr(current)));
341
342         length = atomic_inc_return(&tcpSesAllocCount);
343         if (length > 1)
344                 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
345                                 GFP_KERNEL);
346
347         set_freezable();
348         while (server->tcpStatus != CifsExiting) {
349                 if (try_to_freeze())
350                         continue;
351                 if (bigbuf == NULL) {
352                         bigbuf = cifs_buf_get();
353                         if (!bigbuf) {
354                                 cERROR(1, ("No memory for large SMB response"));
355                                 msleep(3000);
356                                 /* retry will check if exiting */
357                                 continue;
358                         }
359                 } else if (isLargeBuf) {
360                         /* we are reusing a dirty large buf, clear its start */
361                         memset(bigbuf, 0, sizeof(struct smb_hdr));
362                 }
363
364                 if (smallbuf == NULL) {
365                         smallbuf = cifs_small_buf_get();
366                         if (!smallbuf) {
367                                 cERROR(1, ("No memory for SMB response"));
368                                 msleep(1000);
369                                 /* retry will check if exiting */
370                                 continue;
371                         }
372                         /* beginning of smb buffer is cleared in our buf_get */
373                 } else /* if existing small buf clear beginning */
374                         memset(smallbuf, 0, sizeof(struct smb_hdr));
375
376                 isLargeBuf = false;
377                 isMultiRsp = false;
378                 smb_buffer = smallbuf;
379                 iov.iov_base = smb_buffer;
380                 iov.iov_len = 4;
381                 smb_msg.msg_control = NULL;
382                 smb_msg.msg_controllen = 0;
383                 pdu_length = 4; /* enough to get RFC1001 header */
384 incomplete_rcv:
385                 length =
386                     kernel_recvmsg(csocket, &smb_msg,
387                                 &iov, 1, pdu_length, 0 /* BB other flags? */);
388
389                 if (server->tcpStatus == CifsExiting) {
390                         break;
391                 } else if (server->tcpStatus == CifsNeedReconnect) {
392                         cFYI(1, ("Reconnect after server stopped responding"));
393                         cifs_reconnect(server);
394                         cFYI(1, ("call to reconnect done"));
395                         csocket = server->ssocket;
396                         continue;
397                 } else if ((length == -ERESTARTSYS) || (length == -EAGAIN)) {
398                         msleep(1); /* minimum sleep to prevent looping
399                                 allowing socket to clear and app threads to set
400                                 tcpStatus CifsNeedReconnect if server hung */
401                         if (pdu_length < 4) {
402                                 iov.iov_base = (4 - pdu_length) +
403                                                         (char *)smb_buffer;
404                                 iov.iov_len = pdu_length;
405                                 smb_msg.msg_control = NULL;
406                                 smb_msg.msg_controllen = 0;
407                                 goto incomplete_rcv;
408                         } else
409                                 continue;
410                 } else if (length <= 0) {
411                         if (server->tcpStatus == CifsNew) {
412                                 cFYI(1, ("tcp session abend after SMBnegprot"));
413                                 /* some servers kill the TCP session rather than
414                                    returning an SMB negprot error, in which
415                                    case reconnecting here is not going to help,
416                                    and so simply return error to mount */
417                                 break;
418                         }
419                         if (!try_to_freeze() && (length == -EINTR)) {
420                                 cFYI(1, ("cifsd thread killed"));
421                                 break;
422                         }
423                         cFYI(1, ("Reconnect after unexpected peek error %d",
424                                 length));
425                         cifs_reconnect(server);
426                         csocket = server->ssocket;
427                         wake_up(&server->response_q);
428                         continue;
429                 } else if (length < pdu_length) {
430                         cFYI(1, ("requested %d bytes but only got %d bytes",
431                                   pdu_length, length));
432                         pdu_length -= length;
433                         msleep(1);
434                         goto incomplete_rcv;
435                 }
436
437                 /* The right amount was read from socket - 4 bytes */
438                 /* so we can now interpret the length field */
439
440                 /* the first byte big endian of the length field,
441                 is actually not part of the length but the type
442                 with the most common, zero, as regular data */
443                 temp = *((char *) smb_buffer);
444
445                 /* Note that FC 1001 length is big endian on the wire,
446                 but we convert it here so it is always manipulated
447                 as host byte order */
448                 pdu_length = be32_to_cpu((__force __be32)smb_buffer->smb_buf_length);
449                 smb_buffer->smb_buf_length = pdu_length;
450
451                 cFYI(1, ("rfc1002 length 0x%x", pdu_length+4));
452
453                 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
454                         continue;
455                 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
456                         cFYI(1, ("Good RFC 1002 session rsp"));
457                         continue;
458                 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
459                         /* we get this from Windows 98 instead of
460                            an error on SMB negprot response */
461                         cFYI(1, ("Negative RFC1002 Session Response Error 0x%x)",
462                                 pdu_length));
463                         if (server->tcpStatus == CifsNew) {
464                                 /* if nack on negprot (rather than
465                                 ret of smb negprot error) reconnecting
466                                 not going to help, ret error to mount */
467                                 break;
468                         } else {
469                                 /* give server a second to
470                                 clean up before reconnect attempt */
471                                 msleep(1000);
472                                 /* always try 445 first on reconnect
473                                 since we get NACK on some if we ever
474                                 connected to port 139 (the NACK is
475                                 since we do not begin with RFC1001
476                                 session initialize frame) */
477                                 server->addr.sockAddr.sin_port =
478                                         htons(CIFS_PORT);
479                                 cifs_reconnect(server);
480                                 csocket = server->ssocket;
481                                 wake_up(&server->response_q);
482                                 continue;
483                         }
484                 } else if (temp != (char) 0) {
485                         cERROR(1, ("Unknown RFC 1002 frame"));
486                         cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
487                                       length);
488                         cifs_reconnect(server);
489                         csocket = server->ssocket;
490                         continue;
491                 }
492
493                 /* else we have an SMB response */
494                 if ((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
495                             (pdu_length < sizeof(struct smb_hdr) - 1 - 4)) {
496                         cERROR(1, ("Invalid size SMB length %d pdu_length %d",
497                                         length, pdu_length+4));
498                         cifs_reconnect(server);
499                         csocket = server->ssocket;
500                         wake_up(&server->response_q);
501                         continue;
502                 }
503
504                 /* else length ok */
505                 reconnect = 0;
506
507                 if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
508                         isLargeBuf = true;
509                         memcpy(bigbuf, smallbuf, 4);
510                         smb_buffer = bigbuf;
511                 }
512                 length = 0;
513                 iov.iov_base = 4 + (char *)smb_buffer;
514                 iov.iov_len = pdu_length;
515                 for (total_read = 0; total_read < pdu_length;
516                      total_read += length) {
517                         length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
518                                                 pdu_length - total_read, 0);
519                         if ((server->tcpStatus == CifsExiting) ||
520                             (length == -EINTR)) {
521                                 /* then will exit */
522                                 reconnect = 2;
523                                 break;
524                         } else if (server->tcpStatus == CifsNeedReconnect) {
525                                 cifs_reconnect(server);
526                                 csocket = server->ssocket;
527                                 /* Reconnect wakes up rspns q */
528                                 /* Now we will reread sock */
529                                 reconnect = 1;
530                                 break;
531                         } else if ((length == -ERESTARTSYS) ||
532                                    (length == -EAGAIN)) {
533                                 msleep(1); /* minimum sleep to prevent looping,
534                                               allowing socket to clear and app
535                                               threads to set tcpStatus
536                                               CifsNeedReconnect if server hung*/
537                                 length = 0;
538                                 continue;
539                         } else if (length <= 0) {
540                                 cERROR(1, ("Received no data, expecting %d",
541                                               pdu_length - total_read));
542                                 cifs_reconnect(server);
543                                 csocket = server->ssocket;
544                                 reconnect = 1;
545                                 break;
546                         }
547                 }
548                 if (reconnect == 2)
549                         break;
550                 else if (reconnect == 1)
551                         continue;
552
553                 length += 4; /* account for rfc1002 hdr */
554
555
556                 dump_smb(smb_buffer, length);
557                 if (checkSMB(smb_buffer, smb_buffer->Mid, total_read+4)) {
558                         cifs_dump_mem("Bad SMB: ", smb_buffer, 48);
559                         continue;
560                 }
561
562
563                 task_to_wake = NULL;
564                 spin_lock(&GlobalMid_Lock);
565                 list_for_each(tmp, &server->pending_mid_q) {
566                         mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
567
568                         if ((mid_entry->mid == smb_buffer->Mid) &&
569                             (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
570                             (mid_entry->command == smb_buffer->Command)) {
571                                 if (check2ndT2(smb_buffer,server->maxBuf) > 0) {
572                                         /* We have a multipart transact2 resp */
573                                         isMultiRsp = true;
574                                         if (mid_entry->resp_buf) {
575                                                 /* merge response - fix up 1st*/
576                                                 if (coalesce_t2(smb_buffer,
577                                                         mid_entry->resp_buf)) {
578                                                         mid_entry->multiRsp =
579                                                                  true;
580                                                         break;
581                                                 } else {
582                                                         /* all parts received */
583                                                         mid_entry->multiEnd =
584                                                                  true;
585                                                         goto multi_t2_fnd;
586                                                 }
587                                         } else {
588                                                 if (!isLargeBuf) {
589                                                         cERROR(1,("1st trans2 resp needs bigbuf"));
590                                         /* BB maybe we can fix this up,  switch
591                                            to already allocated large buffer? */
592                                                 } else {
593                                                         /* Have first buffer */
594                                                         mid_entry->resp_buf =
595                                                                  smb_buffer;
596                                                         mid_entry->largeBuf =
597                                                                  true;
598                                                         bigbuf = NULL;
599                                                 }
600                                         }
601                                         break;
602                                 }
603                                 mid_entry->resp_buf = smb_buffer;
604                                 mid_entry->largeBuf = isLargeBuf;
605 multi_t2_fnd:
606                                 task_to_wake = mid_entry->tsk;
607                                 mid_entry->midState = MID_RESPONSE_RECEIVED;
608 #ifdef CONFIG_CIFS_STATS2
609                                 mid_entry->when_received = jiffies;
610 #endif
611                                 /* so we do not time out requests to  server
612                                 which is still responding (since server could
613                                 be busy but not dead) */
614                                 server->lstrp = jiffies;
615                                 break;
616                         }
617                 }
618                 spin_unlock(&GlobalMid_Lock);
619                 if (task_to_wake) {
620                         /* Was previous buf put in mpx struct for multi-rsp? */
621                         if (!isMultiRsp) {
622                                 /* smb buffer will be freed by user thread */
623                                 if (isLargeBuf)
624                                         bigbuf = NULL;
625                                 else
626                                         smallbuf = NULL;
627                         }
628                         wake_up_process(task_to_wake);
629                 } else if (!is_valid_oplock_break(smb_buffer, server) &&
630                            !isMultiRsp) {
631                         cERROR(1, ("No task to wake, unknown frame received! "
632                                    "NumMids %d", midCount.counter));
633                         cifs_dump_mem("Received Data is: ", (char *)smb_buffer,
634                                       sizeof(struct smb_hdr));
635 #ifdef CONFIG_CIFS_DEBUG2
636                         cifs_dump_detail(smb_buffer);
637                         cifs_dump_mids(server);
638 #endif /* CIFS_DEBUG2 */
639
640                 }
641         } /* end while !EXITING */
642
643         /* take it off the list, if it's not already */
644         write_lock(&cifs_tcp_ses_lock);
645         list_del_init(&server->tcp_ses_list);
646         write_unlock(&cifs_tcp_ses_lock);
647
648         spin_lock(&GlobalMid_Lock);
649         server->tcpStatus = CifsExiting;
650         spin_unlock(&GlobalMid_Lock);
651         wake_up_all(&server->response_q);
652
653         /* check if we have blocked requests that need to free */
654         /* Note that cifs_max_pending is normally 50, but
655         can be set at module install time to as little as two */
656         spin_lock(&GlobalMid_Lock);
657         if (atomic_read(&server->inFlight) >= cifs_max_pending)
658                 atomic_set(&server->inFlight, cifs_max_pending - 1);
659         /* We do not want to set the max_pending too low or we
660         could end up with the counter going negative */
661         spin_unlock(&GlobalMid_Lock);
662         /* Although there should not be any requests blocked on
663         this queue it can not hurt to be paranoid and try to wake up requests
664         that may haven been blocked when more than 50 at time were on the wire
665         to the same server - they now will see the session is in exit state
666         and get out of SendReceive.  */
667         wake_up_all(&server->request_q);
668         /* give those requests time to exit */
669         msleep(125);
670
671         if (server->ssocket) {
672                 sock_release(csocket);
673                 server->ssocket = NULL;
674         }
675         /* buffer usuallly freed in free_mid - need to free it here on exit */
676         cifs_buf_release(bigbuf);
677         if (smallbuf) /* no sense logging a debug message if NULL */
678                 cifs_small_buf_release(smallbuf);
679
680         /*
681          * BB: we shouldn't have to do any of this. It shouldn't be
682          * possible to exit from the thread with active SMB sessions
683          */
684         read_lock(&cifs_tcp_ses_lock);
685         if (list_empty(&server->pending_mid_q)) {
686                 /* loop through server session structures attached to this and
687                     mark them dead */
688                 list_for_each(tmp, &server->smb_ses_list) {
689                         ses = list_entry(tmp, struct cifsSesInfo,
690                                          smb_ses_list);
691                         ses->status = CifsExiting;
692                         ses->server = NULL;
693                 }
694                 read_unlock(&cifs_tcp_ses_lock);
695         } else {
696                 /* although we can not zero the server struct pointer yet,
697                 since there are active requests which may depnd on them,
698                 mark the corresponding SMB sessions as exiting too */
699                 list_for_each(tmp, &server->smb_ses_list) {
700                         ses = list_entry(tmp, struct cifsSesInfo,
701                                          smb_ses_list);
702                         ses->status = CifsExiting;
703                 }
704
705                 spin_lock(&GlobalMid_Lock);
706                 list_for_each(tmp, &server->pending_mid_q) {
707                 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
708                         if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
709                                 cFYI(1, ("Clearing Mid 0x%x - waking up ",
710                                          mid_entry->mid));
711                                 task_to_wake = mid_entry->tsk;
712                                 if (task_to_wake)
713                                         wake_up_process(task_to_wake);
714                         }
715                 }
716                 spin_unlock(&GlobalMid_Lock);
717                 read_unlock(&cifs_tcp_ses_lock);
718                 /* 1/8th of sec is more than enough time for them to exit */
719                 msleep(125);
720         }
721
722         if (!list_empty(&server->pending_mid_q)) {
723                 /* mpx threads have not exited yet give them
724                 at least the smb send timeout time for long ops */
725                 /* due to delays on oplock break requests, we need
726                 to wait at least 45 seconds before giving up
727                 on a request getting a response and going ahead
728                 and killing cifsd */
729                 cFYI(1, ("Wait for exit from demultiplex thread"));
730                 msleep(46000);
731                 /* if threads still have not exited they are probably never
732                 coming home not much else we can do but free the memory */
733         }
734
735         /* last chance to mark ses pointers invalid
736         if there are any pointing to this (e.g
737         if a crazy root user tried to kill cifsd
738         kernel thread explicitly this might happen) */
739         /* BB: This shouldn't be necessary, see above */
740         read_lock(&cifs_tcp_ses_lock);
741         list_for_each(tmp, &server->smb_ses_list) {
742                 ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
743                 ses->server = NULL;
744         }
745         read_unlock(&cifs_tcp_ses_lock);
746
747         kfree(server->hostname);
748         task_to_wake = xchg(&server->tsk, NULL);
749         kfree(server);
750
751         length = atomic_dec_return(&tcpSesAllocCount);
752         if (length  > 0)
753                 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
754                                 GFP_KERNEL);
755
756         /* if server->tsk was NULL then wait for a signal before exiting */
757         if (!task_to_wake) {
758                 set_current_state(TASK_INTERRUPTIBLE);
759                 while (!signal_pending(current)) {
760                         schedule();
761                         set_current_state(TASK_INTERRUPTIBLE);
762                 }
763                 set_current_state(TASK_RUNNING);
764         }
765
766         module_put_and_exit(0);
767 }
768
769 /* extract the host portion of the UNC string */
770 static char *
771 extract_hostname(const char *unc)
772 {
773         const char *src;
774         char *dst, *delim;
775         unsigned int len;
776
777         /* skip double chars at beginning of string */
778         /* BB: check validity of these bytes? */
779         src = unc + 2;
780
781         /* delimiter between hostname and sharename is always '\\' now */
782         delim = strchr(src, '\\');
783         if (!delim)
784                 return ERR_PTR(-EINVAL);
785
786         len = delim - src;
787         dst = kmalloc((len + 1), GFP_KERNEL);
788         if (dst == NULL)
789                 return ERR_PTR(-ENOMEM);
790
791         memcpy(dst, src, len);
792         dst[len] = '\0';
793
794         return dst;
795 }
796
797 static int
798 cifs_parse_mount_options(char *options, const char *devname,
799                          struct smb_vol *vol)
800 {
801         char *value;
802         char *data;
803         unsigned int  temp_len, i, j;
804         char separator[2];
805
806         separator[0] = ',';
807         separator[1] = 0;
808
809         if (Local_System_Name[0] != 0)
810                 memcpy(vol->source_rfc1001_name, Local_System_Name, 15);
811         else {
812                 char *nodename = utsname()->nodename;
813                 int n = strnlen(nodename, 15);
814                 memset(vol->source_rfc1001_name, 0x20, 15);
815                 for (i = 0; i < n; i++) {
816                         /* does not have to be perfect mapping since field is
817                         informational, only used for servers that do not support
818                         port 445 and it can be overridden at mount time */
819                         vol->source_rfc1001_name[i] = toupper(nodename[i]);
820                 }
821         }
822         vol->source_rfc1001_name[15] = 0;
823         /* null target name indicates to use *SMBSERVR default called name
824            if we end up sending RFC1001 session initialize */
825         vol->target_rfc1001_name[0] = 0;
826         vol->linux_uid = current_uid();  /* use current_euid() instead? */
827         vol->linux_gid = current_gid();
828         vol->dir_mode = S_IRWXUGO;
829         /* 2767 perms indicate mandatory locking support */
830         vol->file_mode = (S_IRWXUGO | S_ISGID) & (~S_IXGRP);
831
832         /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
833         vol->rw = true;
834         /* default is always to request posix paths. */
835         vol->posix_paths = 1;
836
837         if (!options)
838                 return 1;
839
840         if (strncmp(options, "sep=", 4) == 0) {
841                 if (options[4] != 0) {
842                         separator[0] = options[4];
843                         options += 5;
844                 } else {
845                         cFYI(1, ("Null separator not allowed"));
846                 }
847         }
848
849         while ((data = strsep(&options, separator)) != NULL) {
850                 if (!*data)
851                         continue;
852                 if ((value = strchr(data, '=')) != NULL)
853                         *value++ = '\0';
854
855                 /* Have to parse this before we parse for "user" */
856                 if (strnicmp(data, "user_xattr", 10) == 0) {
857                         vol->no_xattr = 0;
858                 } else if (strnicmp(data, "nouser_xattr", 12) == 0) {
859                         vol->no_xattr = 1;
860                 } else if (strnicmp(data, "user", 4) == 0) {
861                         if (!value) {
862                                 printk(KERN_WARNING
863                                        "CIFS: invalid or missing username\n");
864                                 return 1;       /* needs_arg; */
865                         } else if (!*value) {
866                                 /* null user, ie anonymous, authentication */
867                                 vol->nullauth = 1;
868                         }
869                         if (strnlen(value, 200) < 200) {
870                                 vol->username = value;
871                         } else {
872                                 printk(KERN_WARNING "CIFS: username too long\n");
873                                 return 1;
874                         }
875                 } else if (strnicmp(data, "pass", 4) == 0) {
876                         if (!value) {
877                                 vol->password = NULL;
878                                 continue;
879                         } else if (value[0] == 0) {
880                                 /* check if string begins with double comma
881                                    since that would mean the password really
882                                    does start with a comma, and would not
883                                    indicate an empty string */
884                                 if (value[1] != separator[0]) {
885                                         vol->password = NULL;
886                                         continue;
887                                 }
888                         }
889                         temp_len = strlen(value);
890                         /* removed password length check, NTLM passwords
891                                 can be arbitrarily long */
892
893                         /* if comma in password, the string will be
894                         prematurely null terminated.  Commas in password are
895                         specified across the cifs mount interface by a double
896                         comma ie ,, and a comma used as in other cases ie ','
897                         as a parameter delimiter/separator is single and due
898                         to the strsep above is temporarily zeroed. */
899
900                         /* NB: password legally can have multiple commas and
901                         the only illegal character in a password is null */
902
903                         if ((value[temp_len] == 0) &&
904                             (value[temp_len+1] == separator[0])) {
905                                 /* reinsert comma */
906                                 value[temp_len] = separator[0];
907                                 temp_len += 2;  /* move after second comma */
908                                 while (value[temp_len] != 0)  {
909                                         if (value[temp_len] == separator[0]) {
910                                                 if (value[temp_len+1] ==
911                                                      separator[0]) {
912                                                 /* skip second comma */
913                                                         temp_len++;
914                                                 } else {
915                                                 /* single comma indicating start
916                                                          of next parm */
917                                                         break;
918                                                 }
919                                         }
920                                         temp_len++;
921                                 }
922                                 if (value[temp_len] == 0) {
923                                         options = NULL;
924                                 } else {
925                                         value[temp_len] = 0;
926                                         /* point option to start of next parm */
927                                         options = value + temp_len + 1;
928                                 }
929                                 /* go from value to value + temp_len condensing
930                                 double commas to singles. Note that this ends up
931                                 allocating a few bytes too many, which is ok */
932                                 vol->password = kzalloc(temp_len, GFP_KERNEL);
933                                 if (vol->password == NULL) {
934                                         printk(KERN_WARNING "CIFS: no memory "
935                                                             "for password\n");
936                                         return 1;
937                                 }
938                                 for (i = 0, j = 0; i < temp_len; i++, j++) {
939                                         vol->password[j] = value[i];
940                                         if (value[i] == separator[0]
941                                                 && value[i+1] == separator[0]) {
942                                                 /* skip second comma */
943                                                 i++;
944                                         }
945                                 }
946                                 vol->password[j] = 0;
947                         } else {
948                                 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
949                                 if (vol->password == NULL) {
950                                         printk(KERN_WARNING "CIFS: no memory "
951                                                             "for password\n");
952                                         return 1;
953                                 }
954                                 strcpy(vol->password, value);
955                         }
956                 } else if (strnicmp(data, "ip", 2) == 0) {
957                         if (!value || !*value) {
958                                 vol->UNCip = NULL;
959                         } else if (strnlen(value, 35) < 35) {
960                                 vol->UNCip = value;
961                         } else {
962                                 printk(KERN_WARNING "CIFS: ip address "
963                                                     "too long\n");
964                                 return 1;
965                         }
966                 } else if (strnicmp(data, "sec", 3) == 0) {
967                         if (!value || !*value) {
968                                 cERROR(1, ("no security value specified"));
969                                 continue;
970                         } else if (strnicmp(value, "krb5i", 5) == 0) {
971                                 vol->secFlg |= CIFSSEC_MAY_KRB5 |
972                                         CIFSSEC_MUST_SIGN;
973                         } else if (strnicmp(value, "krb5p", 5) == 0) {
974                                 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
975                                         CIFSSEC_MAY_KRB5; */
976                                 cERROR(1, ("Krb5 cifs privacy not supported"));
977                                 return 1;
978                         } else if (strnicmp(value, "krb5", 4) == 0) {
979                                 vol->secFlg |= CIFSSEC_MAY_KRB5;
980                         } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
981                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
982                                         CIFSSEC_MUST_SIGN;
983                         } else if (strnicmp(value, "ntlmv2", 6) == 0) {
984                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
985                         } else if (strnicmp(value, "ntlmi", 5) == 0) {
986                                 vol->secFlg |= CIFSSEC_MAY_NTLM |
987                                         CIFSSEC_MUST_SIGN;
988                         } else if (strnicmp(value, "ntlm", 4) == 0) {
989                                 /* ntlm is default so can be turned off too */
990                                 vol->secFlg |= CIFSSEC_MAY_NTLM;
991                         } else if (strnicmp(value, "nontlm", 6) == 0) {
992                                 /* BB is there a better way to do this? */
993                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
994 #ifdef CONFIG_CIFS_WEAK_PW_HASH
995                         } else if (strnicmp(value, "lanman", 6) == 0) {
996                                 vol->secFlg |= CIFSSEC_MAY_LANMAN;
997 #endif
998                         } else if (strnicmp(value, "none", 4) == 0) {
999                                 vol->nullauth = 1;
1000                         } else {
1001                                 cERROR(1, ("bad security option: %s", value));
1002                                 return 1;
1003                         }
1004                 } else if ((strnicmp(data, "unc", 3) == 0)
1005                            || (strnicmp(data, "target", 6) == 0)
1006                            || (strnicmp(data, "path", 4) == 0)) {
1007                         if (!value || !*value) {
1008                                 printk(KERN_WARNING "CIFS: invalid path to "
1009                                                     "network resource\n");
1010                                 return 1;       /* needs_arg; */
1011                         }
1012                         if ((temp_len = strnlen(value, 300)) < 300) {
1013                                 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1014                                 if (vol->UNC == NULL)
1015                                         return 1;
1016                                 strcpy(vol->UNC, value);
1017                                 if (strncmp(vol->UNC, "//", 2) == 0) {
1018                                         vol->UNC[0] = '\\';
1019                                         vol->UNC[1] = '\\';
1020                                 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1021                                         printk(KERN_WARNING
1022                                                "CIFS: UNC Path does not begin "
1023                                                "with // or \\\\ \n");
1024                                         return 1;
1025                                 }
1026                         } else {
1027                                 printk(KERN_WARNING "CIFS: UNC name too long\n");
1028                                 return 1;
1029                         }
1030                 } else if ((strnicmp(data, "domain", 3) == 0)
1031                            || (strnicmp(data, "workgroup", 5) == 0)) {
1032                         if (!value || !*value) {
1033                                 printk(KERN_WARNING "CIFS: invalid domain name\n");
1034                                 return 1;       /* needs_arg; */
1035                         }
1036                         /* BB are there cases in which a comma can be valid in
1037                         a domain name and need special handling? */
1038                         if (strnlen(value, 256) < 256) {
1039                                 vol->domainname = value;
1040                                 cFYI(1, ("Domain name set"));
1041                         } else {
1042                                 printk(KERN_WARNING "CIFS: domain name too "
1043                                                     "long\n");
1044                                 return 1;
1045                         }
1046                 } else if (strnicmp(data, "prefixpath", 10) == 0) {
1047                         if (!value || !*value) {
1048                                 printk(KERN_WARNING
1049                                         "CIFS: invalid path prefix\n");
1050                                 return 1;       /* needs_argument */
1051                         }
1052                         if ((temp_len = strnlen(value, 1024)) < 1024) {
1053                                 if (value[0] != '/')
1054                                         temp_len++;  /* missing leading slash */
1055                                 vol->prepath = kmalloc(temp_len+1, GFP_KERNEL);
1056                                 if (vol->prepath == NULL)
1057                                         return 1;
1058                                 if (value[0] != '/') {
1059                                         vol->prepath[0] = '/';
1060                                         strcpy(vol->prepath+1, value);
1061                                 } else
1062                                         strcpy(vol->prepath, value);
1063                                 cFYI(1, ("prefix path %s", vol->prepath));
1064                         } else {
1065                                 printk(KERN_WARNING "CIFS: prefix too long\n");
1066                                 return 1;
1067                         }
1068                 } else if (strnicmp(data, "iocharset", 9) == 0) {
1069                         if (!value || !*value) {
1070                                 printk(KERN_WARNING "CIFS: invalid iocharset "
1071                                                     "specified\n");
1072                                 return 1;       /* needs_arg; */
1073                         }
1074                         if (strnlen(value, 65) < 65) {
1075                                 if (strnicmp(value, "default", 7))
1076                                         vol->iocharset = value;
1077                                 /* if iocharset not set then load_nls_default
1078                                    is used by caller */
1079                                 cFYI(1, ("iocharset set to %s", value));
1080                         } else {
1081                                 printk(KERN_WARNING "CIFS: iocharset name "
1082                                                     "too long.\n");
1083                                 return 1;
1084                         }
1085                 } else if (strnicmp(data, "uid", 3) == 0) {
1086                         if (value && *value) {
1087                                 vol->linux_uid =
1088                                         simple_strtoul(value, &value, 0);
1089                                 vol->override_uid = 1;
1090                         }
1091                 } else if (strnicmp(data, "gid", 3) == 0) {
1092                         if (value && *value) {
1093                                 vol->linux_gid =
1094                                         simple_strtoul(value, &value, 0);
1095                                 vol->override_gid = 1;
1096                         }
1097                 } else if (strnicmp(data, "file_mode", 4) == 0) {
1098                         if (value && *value) {
1099                                 vol->file_mode =
1100                                         simple_strtoul(value, &value, 0);
1101                         }
1102                 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1103                         if (value && *value) {
1104                                 vol->dir_mode =
1105                                         simple_strtoul(value, &value, 0);
1106                         }
1107                 } else if (strnicmp(data, "dirmode", 4) == 0) {
1108                         if (value && *value) {
1109                                 vol->dir_mode =
1110                                         simple_strtoul(value, &value, 0);
1111                         }
1112                 } else if (strnicmp(data, "port", 4) == 0) {
1113                         if (value && *value) {
1114                                 vol->port =
1115                                         simple_strtoul(value, &value, 0);
1116                         }
1117                 } else if (strnicmp(data, "rsize", 5) == 0) {
1118                         if (value && *value) {
1119                                 vol->rsize =
1120                                         simple_strtoul(value, &value, 0);
1121                         }
1122                 } else if (strnicmp(data, "wsize", 5) == 0) {
1123                         if (value && *value) {
1124                                 vol->wsize =
1125                                         simple_strtoul(value, &value, 0);
1126                         }
1127                 } else if (strnicmp(data, "sockopt", 5) == 0) {
1128                         if (value && *value) {
1129                                 vol->sockopt =
1130                                         simple_strtoul(value, &value, 0);
1131                         }
1132                 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1133                         if (!value || !*value || (*value == ' ')) {
1134                                 cFYI(1, ("invalid (empty) netbiosname"));
1135                         } else {
1136                                 memset(vol->source_rfc1001_name, 0x20, 15);
1137                                 for (i = 0; i < 15; i++) {
1138                                 /* BB are there cases in which a comma can be
1139                                 valid in this workstation netbios name (and need
1140                                 special handling)? */
1141
1142                                 /* We do not uppercase netbiosname for user */
1143                                         if (value[i] == 0)
1144                                                 break;
1145                                         else
1146                                                 vol->source_rfc1001_name[i] =
1147                                                                 value[i];
1148                                 }
1149                                 /* The string has 16th byte zero still from
1150                                 set at top of the function  */
1151                                 if ((i == 15) && (value[i] != 0))
1152                                         printk(KERN_WARNING "CIFS: netbiosname"
1153                                                 " longer than 15 truncated.\n");
1154                         }
1155                 } else if (strnicmp(data, "servern", 7) == 0) {
1156                         /* servernetbiosname specified override *SMBSERVER */
1157                         if (!value || !*value || (*value == ' ')) {
1158                                 cFYI(1, ("empty server netbiosname specified"));
1159                         } else {
1160                                 /* last byte, type, is 0x20 for servr type */
1161                                 memset(vol->target_rfc1001_name, 0x20, 16);
1162
1163                                 for (i = 0; i < 15; i++) {
1164                                 /* BB are there cases in which a comma can be
1165                                    valid in this workstation netbios name
1166                                    (and need special handling)? */
1167
1168                                 /* user or mount helper must uppercase
1169                                    the netbiosname */
1170                                         if (value[i] == 0)
1171                                                 break;
1172                                         else
1173                                                 vol->target_rfc1001_name[i] =
1174                                                                 value[i];
1175                                 }
1176                                 /* The string has 16th byte zero still from
1177                                    set at top of the function  */
1178                                 if ((i == 15) && (value[i] != 0))
1179                                         printk(KERN_WARNING "CIFS: server net"
1180                                         "biosname longer than 15 truncated.\n");
1181                         }
1182                 } else if (strnicmp(data, "credentials", 4) == 0) {
1183                         /* ignore */
1184                 } else if (strnicmp(data, "version", 3) == 0) {
1185                         /* ignore */
1186                 } else if (strnicmp(data, "guest", 5) == 0) {
1187                         /* ignore */
1188                 } else if (strnicmp(data, "rw", 2) == 0) {
1189                         vol->rw = true;
1190                 } else if (strnicmp(data, "noblocksend", 11) == 0) {
1191                         vol->noblocksnd = 1;
1192                 } else if (strnicmp(data, "noautotune", 10) == 0) {
1193                         vol->noautotune = 1;
1194                 } else if ((strnicmp(data, "suid", 4) == 0) ||
1195                                    (strnicmp(data, "nosuid", 6) == 0) ||
1196                                    (strnicmp(data, "exec", 4) == 0) ||
1197                                    (strnicmp(data, "noexec", 6) == 0) ||
1198                                    (strnicmp(data, "nodev", 5) == 0) ||
1199                                    (strnicmp(data, "noauto", 6) == 0) ||
1200                                    (strnicmp(data, "dev", 3) == 0)) {
1201                         /*  The mount tool or mount.cifs helper (if present)
1202                             uses these opts to set flags, and the flags are read
1203                             by the kernel vfs layer before we get here (ie
1204                             before read super) so there is no point trying to
1205                             parse these options again and set anything and it
1206                             is ok to just ignore them */
1207                         continue;
1208                 } else if (strnicmp(data, "ro", 2) == 0) {
1209                         vol->rw = false;
1210                 } else if (strnicmp(data, "hard", 4) == 0) {
1211                         vol->retry = 1;
1212                 } else if (strnicmp(data, "soft", 4) == 0) {
1213                         vol->retry = 0;
1214                 } else if (strnicmp(data, "perm", 4) == 0) {
1215                         vol->noperm = 0;
1216                 } else if (strnicmp(data, "noperm", 6) == 0) {
1217                         vol->noperm = 1;
1218                 } else if (strnicmp(data, "mapchars", 8) == 0) {
1219                         vol->remap = 1;
1220                 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1221                         vol->remap = 0;
1222                 } else if (strnicmp(data, "sfu", 3) == 0) {
1223                         vol->sfu_emul = 1;
1224                 } else if (strnicmp(data, "nosfu", 5) == 0) {
1225                         vol->sfu_emul = 0;
1226                 } else if (strnicmp(data, "nodfs", 5) == 0) {
1227                         vol->nodfs = 1;
1228                 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1229                         vol->posix_paths = 1;
1230                 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1231                         vol->posix_paths = 0;
1232                 } else if (strnicmp(data, "nounix", 6) == 0) {
1233                         vol->no_linux_ext = 1;
1234                 } else if (strnicmp(data, "nolinux", 7) == 0) {
1235                         vol->no_linux_ext = 1;
1236                 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1237                            (strnicmp(data, "ignorecase", 10)  == 0)) {
1238                         vol->nocase = 1;
1239                 } else if (strnicmp(data, "brl", 3) == 0) {
1240                         vol->nobrl =  0;
1241                 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1242                            (strnicmp(data, "nolock", 6) == 0)) {
1243                         vol->nobrl =  1;
1244                         /* turn off mandatory locking in mode
1245                         if remote locking is turned off since the
1246                         local vfs will do advisory */
1247                         if (vol->file_mode ==
1248                                 (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1249                                 vol->file_mode = S_IALLUGO;
1250                 } else if (strnicmp(data, "forcemandatorylock", 9) == 0) {
1251                         /* will take the shorter form "forcemand" as well */
1252                         /* This mount option will force use of mandatory
1253                           (DOS/Windows style) byte range locks, instead of
1254                           using posix advisory byte range locks, even if the
1255                           Unix extensions are available and posix locks would
1256                           be supported otherwise. If Unix extensions are not
1257                           negotiated this has no effect since mandatory locks
1258                           would be used (mandatory locks is all that those
1259                           those servers support) */
1260                         vol->mand_lock = 1;
1261                 } else if (strnicmp(data, "setuids", 7) == 0) {
1262                         vol->setuids = 1;
1263                 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1264                         vol->setuids = 0;
1265                 } else if (strnicmp(data, "dynperm", 7) == 0) {
1266                         vol->dynperm = true;
1267                 } else if (strnicmp(data, "nodynperm", 9) == 0) {
1268                         vol->dynperm = false;
1269                 } else if (strnicmp(data, "nohard", 6) == 0) {
1270                         vol->retry = 0;
1271                 } else if (strnicmp(data, "nosoft", 6) == 0) {
1272                         vol->retry = 1;
1273                 } else if (strnicmp(data, "nointr", 6) == 0) {
1274                         vol->intr = 0;
1275                 } else if (strnicmp(data, "intr", 4) == 0) {
1276                         vol->intr = 1;
1277                 } else if (strnicmp(data, "serverino", 7) == 0) {
1278                         vol->server_ino = 1;
1279                 } else if (strnicmp(data, "noserverino", 9) == 0) {
1280                         vol->server_ino = 0;
1281                 } else if (strnicmp(data, "cifsacl", 7) == 0) {
1282                         vol->cifs_acl = 1;
1283                 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1284                         vol->cifs_acl = 0;
1285                 } else if (strnicmp(data, "acl", 3) == 0) {
1286                         vol->no_psx_acl = 0;
1287                 } else if (strnicmp(data, "noacl", 5) == 0) {
1288                         vol->no_psx_acl = 1;
1289 #ifdef CONFIG_CIFS_EXPERIMENTAL
1290                 } else if (strnicmp(data, "locallease", 6) == 0) {
1291                         vol->local_lease = 1;
1292 #endif
1293                 } else if (strnicmp(data, "sign", 4) == 0) {
1294                         vol->secFlg |= CIFSSEC_MUST_SIGN;
1295                 } else if (strnicmp(data, "seal", 4) == 0) {
1296                         /* we do not do the following in secFlags because seal
1297                            is a per tree connection (mount) not a per socket
1298                            or per-smb connection option in the protocol */
1299                         /* vol->secFlg |= CIFSSEC_MUST_SEAL; */
1300                         vol->seal = 1;
1301                 } else if (strnicmp(data, "direct", 6) == 0) {
1302                         vol->direct_io = 1;
1303                 } else if (strnicmp(data, "forcedirectio", 13) == 0) {
1304                         vol->direct_io = 1;
1305                 } else if (strnicmp(data, "in6_addr", 8) == 0) {
1306                         if (!value || !*value) {
1307                                 vol->in6_addr = NULL;
1308                         } else if (strnlen(value, 49) == 48) {
1309                                 vol->in6_addr = value;
1310                         } else {
1311                                 printk(KERN_WARNING "CIFS: ip v6 address not "
1312                                                     "48 characters long\n");
1313                                 return 1;
1314                         }
1315                 } else if (strnicmp(data, "noac", 4) == 0) {
1316                         printk(KERN_WARNING "CIFS: Mount option noac not "
1317                                 "supported. Instead set "
1318                                 "/proc/fs/cifs/LookupCacheEnabled to 0\n");
1319                 } else
1320                         printk(KERN_WARNING "CIFS: Unknown mount option %s\n",
1321                                                 data);
1322         }
1323         if (vol->UNC == NULL) {
1324                 if (devname == NULL) {
1325                         printk(KERN_WARNING "CIFS: Missing UNC name for mount "
1326                                                 "target\n");
1327                         return 1;
1328                 }
1329                 if ((temp_len = strnlen(devname, 300)) < 300) {
1330                         vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1331                         if (vol->UNC == NULL)
1332                                 return 1;
1333                         strcpy(vol->UNC, devname);
1334                         if (strncmp(vol->UNC, "//", 2) == 0) {
1335                                 vol->UNC[0] = '\\';
1336                                 vol->UNC[1] = '\\';
1337                         } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1338                                 printk(KERN_WARNING "CIFS: UNC Path does not "
1339                                                     "begin with // or \\\\ \n");
1340                                 return 1;
1341                         }
1342                         value = strpbrk(vol->UNC+2, "/\\");
1343                         if (value)
1344                                 *value = '\\';
1345                 } else {
1346                         printk(KERN_WARNING "CIFS: UNC name too long\n");
1347                         return 1;
1348                 }
1349         }
1350         if (vol->UNCip == NULL)
1351                 vol->UNCip = &vol->UNC[2];
1352
1353         return 0;
1354 }
1355
1356 static struct TCP_Server_Info *
1357 cifs_find_tcp_session(struct sockaddr *addr)
1358 {
1359         struct list_head *tmp;
1360         struct TCP_Server_Info *server;
1361         struct sockaddr_in *addr4 = (struct sockaddr_in *) addr;
1362         struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) addr;
1363
1364         write_lock(&cifs_tcp_ses_lock);
1365         list_for_each(tmp, &cifs_tcp_ses_list) {
1366                 server = list_entry(tmp, struct TCP_Server_Info,
1367                                     tcp_ses_list);
1368                 /*
1369                  * the demux thread can exit on its own while still in CifsNew
1370                  * so don't accept any sockets in that state. Since the
1371                  * tcpStatus never changes back to CifsNew it's safe to check
1372                  * for this without a lock.
1373                  */
1374                 if (server->tcpStatus == CifsNew)
1375                         continue;
1376
1377                 if (addr->sa_family == AF_INET &&
1378                     (addr4->sin_addr.s_addr !=
1379                      server->addr.sockAddr.sin_addr.s_addr))
1380                         continue;
1381                 else if (addr->sa_family == AF_INET6 &&
1382                          memcmp(&server->addr.sockAddr6.sin6_addr,
1383                                 &addr6->sin6_addr, sizeof(addr6->sin6_addr)))
1384                         continue;
1385
1386                 ++server->srv_count;
1387                 write_unlock(&cifs_tcp_ses_lock);
1388                 cFYI(1, ("Existing tcp session with server found"));
1389                 return server;
1390         }
1391         write_unlock(&cifs_tcp_ses_lock);
1392         return NULL;
1393 }
1394
1395 static void
1396 cifs_put_tcp_session(struct TCP_Server_Info *server)
1397 {
1398         struct task_struct *task;
1399
1400         write_lock(&cifs_tcp_ses_lock);
1401         if (--server->srv_count > 0) {
1402                 write_unlock(&cifs_tcp_ses_lock);
1403                 return;
1404         }
1405
1406         list_del_init(&server->tcp_ses_list);
1407         write_unlock(&cifs_tcp_ses_lock);
1408
1409         spin_lock(&GlobalMid_Lock);
1410         server->tcpStatus = CifsExiting;
1411         spin_unlock(&GlobalMid_Lock);
1412
1413         task = xchg(&server->tsk, NULL);
1414         if (task)
1415                 force_sig(SIGKILL, task);
1416 }
1417
1418 static struct TCP_Server_Info *
1419 cifs_get_tcp_session(struct smb_vol *volume_info)
1420 {
1421         struct TCP_Server_Info *tcp_ses = NULL;
1422         struct sockaddr addr;
1423         struct sockaddr_in *sin_server = (struct sockaddr_in *) &addr;
1424         struct sockaddr_in6 *sin_server6 = (struct sockaddr_in6 *) &addr;
1425         int rc;
1426
1427         memset(&addr, 0, sizeof(struct sockaddr));
1428
1429         if (volume_info->UNCip && volume_info->UNC) {
1430                 rc = cifs_inet_pton(AF_INET, volume_info->UNCip,
1431                                     &sin_server->sin_addr.s_addr);
1432
1433                 if (rc <= 0) {
1434                         /* not ipv4 address, try ipv6 */
1435                         rc = cifs_inet_pton(AF_INET6, volume_info->UNCip,
1436                                             &sin_server6->sin6_addr.in6_u);
1437                         if (rc > 0)
1438                                 addr.sa_family = AF_INET6;
1439                 } else {
1440                         addr.sa_family = AF_INET;
1441                 }
1442
1443                 if (rc <= 0) {
1444                         /* we failed translating address */
1445                         rc = -EINVAL;
1446                         goto out_err;
1447                 }
1448
1449                 cFYI(1, ("UNC: %s ip: %s", volume_info->UNC,
1450                          volume_info->UNCip));
1451         } else if (volume_info->UNCip) {
1452                 /* BB using ip addr as tcp_ses name to connect to the
1453                    DFS root below */
1454                 cERROR(1, ("Connecting to DFS root not implemented yet"));
1455                 rc = -EINVAL;
1456                 goto out_err;
1457         } else /* which tcp_sess DFS root would we conect to */ {
1458                 cERROR(1,
1459                        ("CIFS mount error: No UNC path (e.g. -o "
1460                         "unc=//192.168.1.100/public) specified"));
1461                 rc = -EINVAL;
1462                 goto out_err;
1463         }
1464
1465         /* see if we already have a matching tcp_ses */
1466         tcp_ses = cifs_find_tcp_session(&addr);
1467         if (tcp_ses)
1468                 return tcp_ses;
1469
1470         tcp_ses = kzalloc(sizeof(struct TCP_Server_Info), GFP_KERNEL);
1471         if (!tcp_ses) {
1472                 rc = -ENOMEM;
1473                 goto out_err;
1474         }
1475
1476         tcp_ses->hostname = extract_hostname(volume_info->UNC);
1477         if (IS_ERR(tcp_ses->hostname)) {
1478                 rc = PTR_ERR(tcp_ses->hostname);
1479                 goto out_err;
1480         }
1481
1482         tcp_ses->noblocksnd = volume_info->noblocksnd;
1483         tcp_ses->noautotune = volume_info->noautotune;
1484         atomic_set(&tcp_ses->inFlight, 0);
1485         init_waitqueue_head(&tcp_ses->response_q);
1486         init_waitqueue_head(&tcp_ses->request_q);
1487         INIT_LIST_HEAD(&tcp_ses->pending_mid_q);
1488         mutex_init(&tcp_ses->srv_mutex);
1489         memcpy(tcp_ses->workstation_RFC1001_name,
1490                 volume_info->source_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1491         memcpy(tcp_ses->server_RFC1001_name,
1492                 volume_info->target_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1493         tcp_ses->sequence_number = 0;
1494         INIT_LIST_HEAD(&tcp_ses->tcp_ses_list);
1495         INIT_LIST_HEAD(&tcp_ses->smb_ses_list);
1496
1497         /*
1498          * at this point we are the only ones with the pointer
1499          * to the struct since the kernel thread not created yet
1500          * no need to spinlock this init of tcpStatus or srv_count
1501          */
1502         tcp_ses->tcpStatus = CifsNew;
1503         ++tcp_ses->srv_count;
1504
1505         if (addr.sa_family == AF_INET6) {
1506                 cFYI(1, ("attempting ipv6 connect"));
1507                 /* BB should we allow ipv6 on port 139? */
1508                 /* other OS never observed in Wild doing 139 with v6 */
1509                 memcpy(&tcp_ses->addr.sockAddr6, sin_server6,
1510                         sizeof(struct sockaddr_in6));
1511                 sin_server6->sin6_port = htons(volume_info->port);
1512                 rc = ipv6_connect(tcp_ses);
1513         } else {
1514                 memcpy(&tcp_ses->addr.sockAddr, sin_server,
1515                         sizeof(struct sockaddr_in));
1516                 sin_server->sin_port = htons(volume_info->port);
1517                 rc = ipv4_connect(tcp_ses);
1518         }
1519         if (rc < 0) {
1520                 cERROR(1, ("Error connecting to socket. Aborting operation"));
1521                 goto out_err;
1522         }
1523
1524         /*
1525          * since we're in a cifs function already, we know that
1526          * this will succeed. No need for try_module_get().
1527          */
1528         __module_get(THIS_MODULE);
1529         tcp_ses->tsk = kthread_run((void *)(void *)cifs_demultiplex_thread,
1530                                   tcp_ses, "cifsd");
1531         if (IS_ERR(tcp_ses->tsk)) {
1532                 rc = PTR_ERR(tcp_ses->tsk);
1533                 cERROR(1, ("error %d create cifsd thread", rc));
1534                 module_put(THIS_MODULE);
1535                 goto out_err;
1536         }
1537
1538         /* thread spawned, put it on the list */
1539         write_lock(&cifs_tcp_ses_lock);
1540         list_add(&tcp_ses->tcp_ses_list, &cifs_tcp_ses_list);
1541         write_unlock(&cifs_tcp_ses_lock);
1542
1543         return tcp_ses;
1544
1545 out_err:
1546         if (tcp_ses) {
1547                 kfree(tcp_ses->hostname);
1548                 if (tcp_ses->ssocket)
1549                         sock_release(tcp_ses->ssocket);
1550                 kfree(tcp_ses);
1551         }
1552         return ERR_PTR(rc);
1553 }
1554
1555 static struct cifsSesInfo *
1556 cifs_find_smb_ses(struct TCP_Server_Info *server, char *username)
1557 {
1558         struct list_head *tmp;
1559         struct cifsSesInfo *ses;
1560
1561         write_lock(&cifs_tcp_ses_lock);
1562         list_for_each(tmp, &server->smb_ses_list) {
1563                 ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
1564                 if (strncmp(ses->userName, username, MAX_USERNAME_SIZE))
1565                         continue;
1566
1567                 ++ses->ses_count;
1568                 write_unlock(&cifs_tcp_ses_lock);
1569                 return ses;
1570         }
1571         write_unlock(&cifs_tcp_ses_lock);
1572         return NULL;
1573 }
1574
1575 static void
1576 cifs_put_smb_ses(struct cifsSesInfo *ses)
1577 {
1578         int xid;
1579         struct TCP_Server_Info *server = ses->server;
1580
1581         write_lock(&cifs_tcp_ses_lock);
1582         if (--ses->ses_count > 0) {
1583                 write_unlock(&cifs_tcp_ses_lock);
1584                 return;
1585         }
1586
1587         list_del_init(&ses->smb_ses_list);
1588         write_unlock(&cifs_tcp_ses_lock);
1589
1590         if (ses->status == CifsGood) {
1591                 xid = GetXid();
1592                 CIFSSMBLogoff(xid, ses);
1593                 _FreeXid(xid);
1594         }
1595         sesInfoFree(ses);
1596         cifs_put_tcp_session(server);
1597 }
1598
1599 static struct cifsTconInfo *
1600 cifs_find_tcon(struct cifsSesInfo *ses, const char *unc)
1601 {
1602         struct list_head *tmp;
1603         struct cifsTconInfo *tcon;
1604
1605         write_lock(&cifs_tcp_ses_lock);
1606         list_for_each(tmp, &ses->tcon_list) {
1607                 tcon = list_entry(tmp, struct cifsTconInfo, tcon_list);
1608                 if (tcon->tidStatus == CifsExiting)
1609                         continue;
1610                 if (strncmp(tcon->treeName, unc, MAX_TREE_SIZE))
1611                         continue;
1612
1613                 ++tcon->tc_count;
1614                 write_unlock(&cifs_tcp_ses_lock);
1615                 return tcon;
1616         }
1617         write_unlock(&cifs_tcp_ses_lock);
1618         return NULL;
1619 }
1620
1621 static void
1622 cifs_put_tcon(struct cifsTconInfo *tcon)
1623 {
1624         int xid;
1625         struct cifsSesInfo *ses = tcon->ses;
1626
1627         write_lock(&cifs_tcp_ses_lock);
1628         if (--tcon->tc_count > 0) {
1629                 write_unlock(&cifs_tcp_ses_lock);
1630                 return;
1631         }
1632
1633         list_del_init(&tcon->tcon_list);
1634         write_unlock(&cifs_tcp_ses_lock);
1635
1636         xid = GetXid();
1637         CIFSSMBTDis(xid, tcon);
1638         _FreeXid(xid);
1639
1640         DeleteTconOplockQEntries(tcon);
1641         tconInfoFree(tcon);
1642         cifs_put_smb_ses(ses);
1643 }
1644
1645 int
1646 get_dfs_path(int xid, struct cifsSesInfo *pSesInfo, const char *old_path,
1647              const struct nls_table *nls_codepage, unsigned int *pnum_referrals,
1648              struct dfs_info3_param **preferrals, int remap)
1649 {
1650         char *temp_unc;
1651         int rc = 0;
1652
1653         *pnum_referrals = 0;
1654         *preferrals = NULL;
1655
1656         if (pSesInfo->ipc_tid == 0) {
1657                 temp_unc = kmalloc(2 /* for slashes */ +
1658                         strnlen(pSesInfo->serverName,
1659                                 SERVER_NAME_LEN_WITH_NULL * 2)
1660                                  + 1 + 4 /* slash IPC$ */  + 2,
1661                                 GFP_KERNEL);
1662                 if (temp_unc == NULL)
1663                         return -ENOMEM;
1664                 temp_unc[0] = '\\';
1665                 temp_unc[1] = '\\';
1666                 strcpy(temp_unc + 2, pSesInfo->serverName);
1667                 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
1668                 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
1669                 cFYI(1,
1670                      ("CIFS Tcon rc = %d ipc_tid = %d", rc, pSesInfo->ipc_tid));
1671                 kfree(temp_unc);
1672         }
1673         if (rc == 0)
1674                 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
1675                                      pnum_referrals, nls_codepage, remap);
1676         /* BB map targetUNCs to dfs_info3 structures, here or
1677                 in CIFSGetDFSRefer BB */
1678
1679         return rc;
1680 }
1681
1682 #ifdef CONFIG_DEBUG_LOCK_ALLOC
1683 static struct lock_class_key cifs_key[2];
1684 static struct lock_class_key cifs_slock_key[2];
1685
1686 static inline void
1687 cifs_reclassify_socket4(struct socket *sock)
1688 {
1689         struct sock *sk = sock->sk;
1690         BUG_ON(sock_owned_by_user(sk));
1691         sock_lock_init_class_and_name(sk, "slock-AF_INET-CIFS",
1692                 &cifs_slock_key[0], "sk_lock-AF_INET-CIFS", &cifs_key[0]);
1693 }
1694
1695 static inline void
1696 cifs_reclassify_socket6(struct socket *sock)
1697 {
1698         struct sock *sk = sock->sk;
1699         BUG_ON(sock_owned_by_user(sk));
1700         sock_lock_init_class_and_name(sk, "slock-AF_INET6-CIFS",
1701                 &cifs_slock_key[1], "sk_lock-AF_INET6-CIFS", &cifs_key[1]);
1702 }
1703 #else
1704 static inline void
1705 cifs_reclassify_socket4(struct socket *sock)
1706 {
1707 }
1708
1709 static inline void
1710 cifs_reclassify_socket6(struct socket *sock)
1711 {
1712 }
1713 #endif
1714
1715 /* See RFC1001 section 14 on representation of Netbios names */
1716 static void rfc1002mangle(char *target, char *source, unsigned int length)
1717 {
1718         unsigned int i, j;
1719
1720         for (i = 0, j = 0; i < (length); i++) {
1721                 /* mask a nibble at a time and encode */
1722                 target[j] = 'A' + (0x0F & (source[i] >> 4));
1723                 target[j+1] = 'A' + (0x0F & source[i]);
1724                 j += 2;
1725         }
1726
1727 }
1728
1729
1730 static int
1731 ipv4_connect(struct TCP_Server_Info *server)
1732 {
1733         int rc = 0;
1734         bool connected = false;
1735         __be16 orig_port = 0;
1736         struct socket *socket = server->ssocket;
1737
1738         if (socket == NULL) {
1739                 rc = sock_create_kern(PF_INET, SOCK_STREAM,
1740                                       IPPROTO_TCP, &socket);
1741                 if (rc < 0) {
1742                         cERROR(1, ("Error %d creating socket", rc));
1743                         return rc;
1744                 }
1745
1746                 /* BB other socket options to set KEEPALIVE, NODELAY? */
1747                 cFYI(1, ("Socket created"));
1748                 server->ssocket = socket;
1749                 socket->sk->sk_allocation = GFP_NOFS;
1750                 cifs_reclassify_socket4(socket);
1751         }
1752
1753         /* user overrode default port */
1754         if (server->addr.sockAddr.sin_port) {
1755                 rc = socket->ops->connect(socket, (struct sockaddr *)
1756                                           &server->addr.sockAddr,
1757                                           sizeof(struct sockaddr_in), 0);
1758                 if (rc >= 0)
1759                         connected = true;
1760         }
1761
1762         if (!connected) {
1763                 /* save original port so we can retry user specified port
1764                         later if fall back ports fail this time  */
1765                 orig_port = server->addr.sockAddr.sin_port;
1766
1767                 /* do not retry on the same port we just failed on */
1768                 if (server->addr.sockAddr.sin_port != htons(CIFS_PORT)) {
1769                         server->addr.sockAddr.sin_port = htons(CIFS_PORT);
1770                         rc = socket->ops->connect(socket,
1771                                                 (struct sockaddr *)
1772                                                 &server->addr.sockAddr,
1773                                                 sizeof(struct sockaddr_in), 0);
1774                         if (rc >= 0)
1775                                 connected = true;
1776                 }
1777         }
1778         if (!connected) {
1779                 server->addr.sockAddr.sin_port = htons(RFC1001_PORT);
1780                 rc = socket->ops->connect(socket, (struct sockaddr *)
1781                                               &server->addr.sockAddr,
1782                                               sizeof(struct sockaddr_in), 0);
1783                 if (rc >= 0)
1784                         connected = true;
1785         }
1786
1787         /* give up here - unless we want to retry on different
1788                 protocol families some day */
1789         if (!connected) {
1790                 if (orig_port)
1791                         server->addr.sockAddr.sin_port = orig_port;
1792                 cFYI(1, ("Error %d connecting to server via ipv4", rc));
1793                 sock_release(socket);
1794                 server->ssocket = NULL;
1795                 return rc;
1796         }
1797
1798
1799         /*
1800          * Eventually check for other socket options to change from
1801          *  the default. sock_setsockopt not used because it expects
1802          *  user space buffer
1803          */
1804         socket->sk->sk_rcvtimeo = 7 * HZ;
1805         socket->sk->sk_sndtimeo = 3 * HZ;
1806
1807         /* make the bufsizes depend on wsize/rsize and max requests */
1808         if (server->noautotune) {
1809                 if (socket->sk->sk_sndbuf < (200 * 1024))
1810                         socket->sk->sk_sndbuf = 200 * 1024;
1811                 if (socket->sk->sk_rcvbuf < (140 * 1024))
1812                         socket->sk->sk_rcvbuf = 140 * 1024;
1813         }
1814
1815          cFYI(1, ("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",
1816                  socket->sk->sk_sndbuf,
1817                  socket->sk->sk_rcvbuf, socket->sk->sk_rcvtimeo));
1818
1819         /* send RFC1001 sessinit */
1820         if (server->addr.sockAddr.sin_port == htons(RFC1001_PORT)) {
1821                 /* some servers require RFC1001 sessinit before sending
1822                 negprot - BB check reconnection in case where second
1823                 sessinit is sent but no second negprot */
1824                 struct rfc1002_session_packet *ses_init_buf;
1825                 struct smb_hdr *smb_buf;
1826                 ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet),
1827                                        GFP_KERNEL);
1828                 if (ses_init_buf) {
1829                         ses_init_buf->trailer.session_req.called_len = 32;
1830                         if (server->server_RFC1001_name &&
1831                             server->server_RFC1001_name[0] != 0)
1832                                 rfc1002mangle(ses_init_buf->trailer.
1833                                                 session_req.called_name,
1834                                               server->server_RFC1001_name,
1835                                               RFC1001_NAME_LEN_WITH_NULL);
1836                         else
1837                                 rfc1002mangle(ses_init_buf->trailer.
1838                                                 session_req.called_name,
1839                                               DEFAULT_CIFS_CALLED_NAME,
1840                                               RFC1001_NAME_LEN_WITH_NULL);
1841
1842                         ses_init_buf->trailer.session_req.calling_len = 32;
1843
1844                         /* calling name ends in null (byte 16) from old smb
1845                         convention. */
1846                         if (server->workstation_RFC1001_name &&
1847                             server->workstation_RFC1001_name[0] != 0)
1848                                 rfc1002mangle(ses_init_buf->trailer.
1849                                                 session_req.calling_name,
1850                                               server->workstation_RFC1001_name,
1851                                               RFC1001_NAME_LEN_WITH_NULL);
1852                         else
1853                                 rfc1002mangle(ses_init_buf->trailer.
1854                                                 session_req.calling_name,
1855                                               "LINUX_CIFS_CLNT",
1856                                               RFC1001_NAME_LEN_WITH_NULL);
1857
1858                         ses_init_buf->trailer.session_req.scope1 = 0;
1859                         ses_init_buf->trailer.session_req.scope2 = 0;
1860                         smb_buf = (struct smb_hdr *)ses_init_buf;
1861                         /* sizeof RFC1002_SESSION_REQUEST with no scope */
1862                         smb_buf->smb_buf_length = 0x81000044;
1863                         rc = smb_send(socket, smb_buf, 0x44,
1864                                 (struct sockaddr *) &server->addr.sockAddr,
1865                                 server->noblocksnd);
1866                         kfree(ses_init_buf);
1867                         msleep(1); /* RFC1001 layer in at least one server
1868                                       requires very short break before negprot
1869                                       presumably because not expecting negprot
1870                                       to follow so fast.  This is a simple
1871                                       solution that works without
1872                                       complicating the code and causes no
1873                                       significant slowing down on mount
1874                                       for everyone else */
1875                 }
1876                 /* else the negprot may still work without this
1877                 even though malloc failed */
1878
1879         }
1880
1881         return rc;
1882 }
1883
1884 static int
1885 ipv6_connect(struct TCP_Server_Info *server)
1886 {
1887         int rc = 0;
1888         bool connected = false;
1889         __be16 orig_port = 0;
1890         struct socket *socket = server->ssocket;
1891
1892         if (socket == NULL) {
1893                 rc = sock_create_kern(PF_INET6, SOCK_STREAM,
1894                                       IPPROTO_TCP, &socket);
1895                 if (rc < 0) {
1896                         cERROR(1, ("Error %d creating ipv6 socket", rc));
1897                         socket = NULL;
1898                         return rc;
1899                 }
1900
1901                 /* BB other socket options to set KEEPALIVE, NODELAY? */
1902                 cFYI(1, ("ipv6 Socket created"));
1903                 server->ssocket = socket;
1904                 socket->sk->sk_allocation = GFP_NOFS;
1905                 cifs_reclassify_socket6(socket);
1906         }
1907
1908         /* user overrode default port */
1909         if (server->addr.sockAddr6.sin6_port) {
1910                 rc = socket->ops->connect(socket,
1911                                 (struct sockaddr *) &server->addr.sockAddr6,
1912                                 sizeof(struct sockaddr_in6), 0);
1913                 if (rc >= 0)
1914                         connected = true;
1915         }
1916
1917         if (!connected) {
1918                 /* save original port so we can retry user specified port
1919                         later if fall back ports fail this time  */
1920
1921                 orig_port = server->addr.sockAddr6.sin6_port;
1922                 /* do not retry on the same port we just failed on */
1923                 if (server->addr.sockAddr6.sin6_port != htons(CIFS_PORT)) {
1924                         server->addr.sockAddr6.sin6_port = htons(CIFS_PORT);
1925                         rc = socket->ops->connect(socket, (struct sockaddr *)
1926                                         &server->addr.sockAddr6,
1927                                         sizeof(struct sockaddr_in6), 0);
1928                         if (rc >= 0)
1929                                 connected = true;
1930                 }
1931         }
1932         if (!connected) {
1933                 server->addr.sockAddr6.sin6_port = htons(RFC1001_PORT);
1934                 rc = socket->ops->connect(socket, (struct sockaddr *)
1935                                 &server->addr.sockAddr6,
1936                                 sizeof(struct sockaddr_in6), 0);
1937                 if (rc >= 0)
1938                         connected = true;
1939         }
1940
1941         /* give up here - unless we want to retry on different
1942                 protocol families some day */
1943         if (!connected) {
1944                 if (orig_port)
1945                         server->addr.sockAddr6.sin6_port = orig_port;
1946                 cFYI(1, ("Error %d connecting to server via ipv6", rc));
1947                 sock_release(socket);
1948                 server->ssocket = NULL;
1949                 return rc;
1950         }
1951
1952         /*
1953          * Eventually check for other socket options to change from
1954          * the default. sock_setsockopt not used because it expects
1955          * user space buffer
1956          */
1957         socket->sk->sk_rcvtimeo = 7 * HZ;
1958         socket->sk->sk_sndtimeo = 3 * HZ;
1959         server->ssocket = socket;
1960
1961         return rc;
1962 }
1963
1964 void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon,
1965                           struct super_block *sb, struct smb_vol *vol_info)
1966 {
1967         /* if we are reconnecting then should we check to see if
1968          * any requested capabilities changed locally e.g. via
1969          * remount but we can not do much about it here
1970          * if they have (even if we could detect it by the following)
1971          * Perhaps we could add a backpointer to array of sb from tcon
1972          * or if we change to make all sb to same share the same
1973          * sb as NFS - then we only have one backpointer to sb.
1974          * What if we wanted to mount the server share twice once with
1975          * and once without posixacls or posix paths? */
1976         __u64 saved_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
1977
1978         if (vol_info && vol_info->no_linux_ext) {
1979                 tcon->fsUnixInfo.Capability = 0;
1980                 tcon->unix_ext = 0; /* Unix Extensions disabled */
1981                 cFYI(1, ("Linux protocol extensions disabled"));
1982                 return;
1983         } else if (vol_info)
1984                 tcon->unix_ext = 1; /* Unix Extensions supported */
1985
1986         if (tcon->unix_ext == 0) {
1987                 cFYI(1, ("Unix extensions disabled so not set on reconnect"));
1988                 return;
1989         }
1990
1991         if (!CIFSSMBQFSUnixInfo(xid, tcon)) {
1992                 __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
1993
1994                 /* check for reconnect case in which we do not
1995                    want to change the mount behavior if we can avoid it */
1996                 if (vol_info == NULL) {
1997                         /* turn off POSIX ACL and PATHNAMES if not set
1998                            originally at mount time */
1999                         if ((saved_cap & CIFS_UNIX_POSIX_ACL_CAP) == 0)
2000                                 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2001                         if ((saved_cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2002                                 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2003                                         cERROR(1, ("POSIXPATH support change"));
2004                                 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2005                         } else if ((cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2006                                 cERROR(1, ("possible reconnect error"));
2007                                 cERROR(1,
2008                                         ("server disabled POSIX path support"));
2009                         }
2010                 }
2011
2012                 cap &= CIFS_UNIX_CAP_MASK;
2013                 if (vol_info && vol_info->no_psx_acl)
2014                         cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2015                 else if (CIFS_UNIX_POSIX_ACL_CAP & cap) {
2016                         cFYI(1, ("negotiated posix acl support"));
2017                         if (sb)
2018                                 sb->s_flags |= MS_POSIXACL;
2019                 }
2020
2021                 if (vol_info && vol_info->posix_paths == 0)
2022                         cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2023                 else if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
2024                         cFYI(1, ("negotiate posix pathnames"));
2025                         if (sb)
2026                                 CIFS_SB(sb)->mnt_cifs_flags |=
2027                                         CIFS_MOUNT_POSIX_PATHS;
2028                 }
2029
2030                 /* We might be setting the path sep back to a different
2031                 form if we are reconnecting and the server switched its
2032                 posix path capability for this share */
2033                 if (sb && (CIFS_SB(sb)->prepathlen > 0))
2034                         CIFS_SB(sb)->prepath[0] = CIFS_DIR_SEP(CIFS_SB(sb));
2035
2036                 if (sb && (CIFS_SB(sb)->rsize > 127 * 1024)) {
2037                         if ((cap & CIFS_UNIX_LARGE_READ_CAP) == 0) {
2038                                 CIFS_SB(sb)->rsize = 127 * 1024;
2039                                 cFYI(DBG2,
2040                                         ("larger reads not supported by srv"));
2041                         }
2042                 }
2043
2044
2045                 cFYI(1, ("Negotiate caps 0x%x", (int)cap));
2046 #ifdef CONFIG_CIFS_DEBUG2
2047                 if (cap & CIFS_UNIX_FCNTL_CAP)
2048                         cFYI(1, ("FCNTL cap"));
2049                 if (cap & CIFS_UNIX_EXTATTR_CAP)
2050                         cFYI(1, ("EXTATTR cap"));
2051                 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2052                         cFYI(1, ("POSIX path cap"));
2053                 if (cap & CIFS_UNIX_XATTR_CAP)
2054                         cFYI(1, ("XATTR cap"));
2055                 if (cap & CIFS_UNIX_POSIX_ACL_CAP)
2056                         cFYI(1, ("POSIX ACL cap"));
2057                 if (cap & CIFS_UNIX_LARGE_READ_CAP)
2058                         cFYI(1, ("very large read cap"));
2059                 if (cap & CIFS_UNIX_LARGE_WRITE_CAP)
2060                         cFYI(1, ("very large write cap"));
2061 #endif /* CIFS_DEBUG2 */
2062                 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
2063                         if (vol_info == NULL) {
2064                                 cFYI(1, ("resetting capabilities failed"));
2065                         } else
2066                                 cERROR(1, ("Negotiating Unix capabilities "
2067                                            "with the server failed.  Consider "
2068                                            "mounting with the Unix Extensions\n"
2069                                            "disabled, if problems are found, "
2070                                            "by specifying the nounix mount "
2071                                            "option."));
2072
2073                 }
2074         }
2075 }
2076
2077 static void
2078 convert_delimiter(char *path, char delim)
2079 {
2080         int i;
2081         char old_delim;
2082
2083         if (path == NULL)
2084                 return;
2085
2086         if (delim == '/')
2087                 old_delim = '\\';
2088         else
2089                 old_delim = '/';
2090
2091         for (i = 0; path[i] != '\0'; i++) {
2092                 if (path[i] == old_delim)
2093                         path[i] = delim;
2094         }
2095 }
2096
2097 static void setup_cifs_sb(struct smb_vol *pvolume_info,
2098                           struct cifs_sb_info *cifs_sb)
2099 {
2100         if (pvolume_info->rsize > CIFSMaxBufSize) {
2101                 cERROR(1, ("rsize %d too large, using MaxBufSize",
2102                         pvolume_info->rsize));
2103                 cifs_sb->rsize = CIFSMaxBufSize;
2104         } else if ((pvolume_info->rsize) &&
2105                         (pvolume_info->rsize <= CIFSMaxBufSize))
2106                 cifs_sb->rsize = pvolume_info->rsize;
2107         else /* default */
2108                 cifs_sb->rsize = CIFSMaxBufSize;
2109
2110         if (pvolume_info->wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
2111                 cERROR(1, ("wsize %d too large, using 4096 instead",
2112                           pvolume_info->wsize));
2113                 cifs_sb->wsize = 4096;
2114         } else if (pvolume_info->wsize)
2115                 cifs_sb->wsize = pvolume_info->wsize;
2116         else
2117                 cifs_sb->wsize = min_t(const int,
2118                                         PAGEVEC_SIZE * PAGE_CACHE_SIZE,
2119                                         127*1024);
2120                 /* old default of CIFSMaxBufSize was too small now
2121                    that SMB Write2 can send multiple pages in kvec.
2122                    RFC1001 does not describe what happens when frame
2123                    bigger than 128K is sent so use that as max in
2124                    conjunction with 52K kvec constraint on arch with 4K
2125                    page size  */
2126
2127         if (cifs_sb->rsize < 2048) {
2128                 cifs_sb->rsize = 2048;
2129                 /* Windows ME may prefer this */
2130                 cFYI(1, ("readsize set to minimum: 2048"));
2131         }
2132         /* calculate prepath */
2133         cifs_sb->prepath = pvolume_info->prepath;
2134         if (cifs_sb->prepath) {
2135                 cifs_sb->prepathlen = strlen(cifs_sb->prepath);
2136                 /* we can not convert the / to \ in the path
2137                 separators in the prefixpath yet because we do not
2138                 know (until reset_cifs_unix_caps is called later)
2139                 whether POSIX PATH CAP is available. We normalize
2140                 the / to \ after reset_cifs_unix_caps is called */
2141                 pvolume_info->prepath = NULL;
2142         } else
2143                 cifs_sb->prepathlen = 0;
2144         cifs_sb->mnt_uid = pvolume_info->linux_uid;
2145         cifs_sb->mnt_gid = pvolume_info->linux_gid;
2146         cifs_sb->mnt_file_mode = pvolume_info->file_mode;
2147         cifs_sb->mnt_dir_mode = pvolume_info->dir_mode;
2148         cFYI(1, ("file mode: 0x%x  dir mode: 0x%x",
2149                 cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode));
2150
2151         if (pvolume_info->noperm)
2152                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
2153         if (pvolume_info->setuids)
2154                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
2155         if (pvolume_info->server_ino)
2156                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
2157         if (pvolume_info->remap)
2158                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
2159         if (pvolume_info->no_xattr)
2160                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
2161         if (pvolume_info->sfu_emul)
2162                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
2163         if (pvolume_info->nobrl)
2164                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
2165         if (pvolume_info->mand_lock)
2166                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOPOSIXBRL;
2167         if (pvolume_info->cifs_acl)
2168                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
2169         if (pvolume_info->override_uid)
2170                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
2171         if (pvolume_info->override_gid)
2172                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
2173         if (pvolume_info->dynperm)
2174                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DYNPERM;
2175         if (pvolume_info->direct_io) {
2176                 cFYI(1, ("mounting share using direct i/o"));
2177                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
2178         }
2179
2180         if ((pvolume_info->cifs_acl) && (pvolume_info->dynperm))
2181                 cERROR(1, ("mount option dynperm ignored if cifsacl "
2182                            "mount option supported"));
2183 }
2184
2185 int
2186 cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
2187            char *mount_data, const char *devname)
2188 {
2189         int rc = 0;
2190         int xid;
2191         struct smb_vol *volume_info;
2192         struct cifsSesInfo *pSesInfo = NULL;
2193         struct cifsTconInfo *tcon = NULL;
2194         struct TCP_Server_Info *srvTcp = NULL;
2195
2196         xid = GetXid();
2197
2198         volume_info = kzalloc(sizeof(struct smb_vol), GFP_KERNEL);
2199         if (!volume_info) {
2200                 rc = -ENOMEM;
2201                 goto out;
2202         }
2203
2204         if (cifs_parse_mount_options(mount_data, devname, volume_info)) {
2205                 rc = -EINVAL;
2206                 goto out;
2207         }
2208
2209         if (volume_info->nullauth) {
2210                 cFYI(1, ("null user"));
2211                 volume_info->username = "";
2212         } else if (volume_info->username) {
2213                 /* BB fixme parse for domain name here */
2214                 cFYI(1, ("Username: %s", volume_info->username));
2215         } else {
2216                 cifserror("No username specified");
2217         /* In userspace mount helper we can get user name from alternate
2218            locations such as env variables and files on disk */
2219                 rc = -EINVAL;
2220                 goto out;
2221         }
2222
2223
2224         /* this is needed for ASCII cp to Unicode converts */
2225         if (volume_info->iocharset == NULL) {
2226                 cifs_sb->local_nls = load_nls_default();
2227         /* load_nls_default can not return null */
2228         } else {
2229                 cifs_sb->local_nls = load_nls(volume_info->iocharset);
2230                 if (cifs_sb->local_nls == NULL) {
2231                         cERROR(1, ("CIFS mount error: iocharset %s not found",
2232                                  volume_info->iocharset));
2233                         rc = -ELIBACC;
2234                         goto out;
2235                 }
2236         }
2237
2238         /* get a reference to a tcp session */
2239         srvTcp = cifs_get_tcp_session(volume_info);
2240         if (IS_ERR(srvTcp)) {
2241                 rc = PTR_ERR(srvTcp);
2242                 goto out;
2243         }
2244
2245         pSesInfo = cifs_find_smb_ses(srvTcp, volume_info->username);
2246         if (pSesInfo) {
2247                 cFYI(1, ("Existing smb sess found (status=%d)",
2248                         pSesInfo->status));
2249                 /*
2250                  * The existing SMB session already has a reference to srvTcp,
2251                  * so we can put back the extra one we got before
2252                  */
2253                 cifs_put_tcp_session(srvTcp);
2254
2255                 down(&pSesInfo->sesSem);
2256                 if (pSesInfo->need_reconnect) {
2257                         cFYI(1, ("Session needs reconnect"));
2258                         rc = cifs_setup_session(xid, pSesInfo,
2259                                                 cifs_sb->local_nls);
2260                 }
2261                 up(&pSesInfo->sesSem);
2262         } else if (!rc) {
2263                 cFYI(1, ("Existing smb sess not found"));
2264                 pSesInfo = sesInfoAlloc();
2265                 if (pSesInfo == NULL) {
2266                         rc = -ENOMEM;
2267                         goto mount_fail_check;
2268                 }
2269
2270                 /* new SMB session uses our srvTcp ref */
2271                 pSesInfo->server = srvTcp;
2272                 if (srvTcp->addr.sockAddr6.sin6_family == AF_INET6)
2273                         sprintf(pSesInfo->serverName, "%pI6",
2274                                 &srvTcp->addr.sockAddr6.sin6_addr);
2275                 else
2276                         sprintf(pSesInfo->serverName, "%pI4",
2277                                 &srvTcp->addr.sockAddr.sin_addr.s_addr);
2278
2279                 write_lock(&cifs_tcp_ses_lock);
2280                 list_add(&pSesInfo->smb_ses_list, &srvTcp->smb_ses_list);
2281                 write_unlock(&cifs_tcp_ses_lock);
2282
2283                 /* volume_info->password freed at unmount */
2284                 if (volume_info->password) {
2285                         pSesInfo->password = kstrdup(volume_info->password,
2286                                                      GFP_KERNEL);
2287                         if (!pSesInfo->password) {
2288                                 rc = -ENOMEM;
2289                                 goto mount_fail_check;
2290                         }
2291                 }
2292                 if (volume_info->username)
2293                         strncpy(pSesInfo->userName, volume_info->username,
2294                                 MAX_USERNAME_SIZE);
2295                 if (volume_info->domainname) {
2296                         int len = strlen(volume_info->domainname);
2297                         pSesInfo->domainName = kmalloc(len + 1, GFP_KERNEL);
2298                         if (pSesInfo->domainName)
2299                                 strcpy(pSesInfo->domainName,
2300                                         volume_info->domainname);
2301                 }
2302                 pSesInfo->linux_uid = volume_info->linux_uid;
2303                 pSesInfo->overrideSecFlg = volume_info->secFlg;
2304                 down(&pSesInfo->sesSem);
2305
2306                 /* BB FIXME need to pass vol->secFlgs BB */
2307                 rc = cifs_setup_session(xid, pSesInfo,
2308                                         cifs_sb->local_nls);
2309                 up(&pSesInfo->sesSem);
2310         }
2311
2312         /* search for existing tcon to this server share */
2313         if (!rc) {
2314                 setup_cifs_sb(volume_info, cifs_sb);
2315
2316                 tcon = cifs_find_tcon(pSesInfo, volume_info->UNC);
2317                 if (tcon) {
2318                         cFYI(1, ("Found match on UNC path"));
2319                         /* existing tcon already has a reference */
2320                         cifs_put_smb_ses(pSesInfo);
2321                         if (tcon->seal != volume_info->seal)
2322                                 cERROR(1, ("transport encryption setting "
2323                                            "conflicts with existing tid"));
2324                 } else {
2325                         tcon = tconInfoAlloc();
2326                         if (tcon == NULL) {
2327                                 rc = -ENOMEM;
2328                                 goto mount_fail_check;
2329                         }
2330
2331                         tcon->ses = pSesInfo;
2332                         if (volume_info->password) {
2333                                 tcon->password = kstrdup(volume_info->password,
2334                                                          GFP_KERNEL);
2335                                 if (!tcon->password) {
2336                                         rc = -ENOMEM;
2337                                         goto mount_fail_check;
2338                                 }
2339                         }
2340
2341                         /* check for null share name ie connect to dfs root */
2342                         if ((strchr(volume_info->UNC + 3, '\\') == NULL)
2343                             && (strchr(volume_info->UNC + 3, '/') == NULL)) {
2344                                 /* rc = connect_to_dfs_path(...) */
2345                                 cFYI(1, ("DFS root not supported"));
2346                                 rc = -ENODEV;
2347                                 goto mount_fail_check;
2348                         } else {
2349                                 /* BB Do we need to wrap sesSem around
2350                                  * this TCon call and Unix SetFS as
2351                                  * we do on SessSetup and reconnect? */
2352                                 rc = CIFSTCon(xid, pSesInfo, volume_info->UNC,
2353                                               tcon, cifs_sb->local_nls);
2354                                 cFYI(1, ("CIFS Tcon rc = %d", rc));
2355                                 if (volume_info->nodfs) {
2356                                         tcon->Flags &= ~SMB_SHARE_IS_IN_DFS;
2357                                         cFYI(1, ("DFS disabled (%d)",
2358                                                 tcon->Flags));
2359                                 }
2360                         }
2361                         if (rc)
2362                                 goto mount_fail_check;
2363                         tcon->seal = volume_info->seal;
2364                         write_lock(&cifs_tcp_ses_lock);
2365                         list_add(&tcon->tcon_list, &pSesInfo->tcon_list);
2366                         write_unlock(&cifs_tcp_ses_lock);
2367                 }
2368
2369                 /* we can have only one retry value for a connection
2370                    to a share so for resources mounted more than once
2371                    to the same server share the last value passed in
2372                    for the retry flag is used */
2373                 tcon->retry = volume_info->retry;
2374                 tcon->nocase = volume_info->nocase;
2375                 tcon->local_lease = volume_info->local_lease;
2376         }
2377         if (pSesInfo) {
2378                 if (pSesInfo->capabilities & CAP_LARGE_FILES) {
2379                         sb->s_maxbytes = (u64) 1 << 63;
2380                 } else
2381                         sb->s_maxbytes = (u64) 1 << 31; /* 2 GB */
2382         }
2383
2384         /* BB FIXME fix time_gran to be larger for LANMAN sessions */
2385         sb->s_time_gran = 100;
2386
2387 mount_fail_check:
2388         /* on error free sesinfo and tcon struct if needed */
2389         if (rc) {
2390                 /* If find_unc succeeded then rc == 0 so we can not end */
2391                 /* up accidently freeing someone elses tcon struct */
2392                 if (tcon)
2393                         cifs_put_tcon(tcon);
2394                 else if (pSesInfo)
2395                         cifs_put_smb_ses(pSesInfo);
2396                 else
2397                         cifs_put_tcp_session(srvTcp);
2398                 goto out;
2399         }
2400         cifs_sb->tcon = tcon;
2401
2402         /* do not care if following two calls succeed - informational */
2403         if (!tcon->ipc) {
2404                 CIFSSMBQFSDeviceInfo(xid, tcon);
2405                 CIFSSMBQFSAttributeInfo(xid, tcon);
2406         }
2407
2408         /* tell server which Unix caps we support */
2409         if (tcon->ses->capabilities & CAP_UNIX)
2410                 /* reset of caps checks mount to see if unix extensions
2411                    disabled for just this mount */
2412                 reset_cifs_unix_caps(xid, tcon, sb, volume_info);
2413         else
2414                 tcon->unix_ext = 0; /* server does not support them */
2415
2416         /* convert forward to back slashes in prepath here if needed */
2417         if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0)
2418                 convert_delimiter(cifs_sb->prepath, CIFS_DIR_SEP(cifs_sb));
2419
2420         if ((tcon->unix_ext == 0) && (cifs_sb->rsize > (1024 * 127))) {
2421                 cifs_sb->rsize = 1024 * 127;
2422                 cFYI(DBG2, ("no very large read support, rsize now 127K"));
2423         }
2424         if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
2425                 cifs_sb->wsize = min(cifs_sb->wsize,
2426                                (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE));
2427         if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
2428                 cifs_sb->rsize = min(cifs_sb->rsize,
2429                                (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE));
2430
2431         /* volume_info->password is freed above when existing session found
2432         (in which case it is not needed anymore) but when new sesion is created
2433         the password ptr is put in the new session structure (in which case the
2434         password will be freed at unmount time) */
2435 out:
2436         /* zero out password before freeing */
2437         if (volume_info) {
2438                 if (volume_info->password != NULL) {
2439                         memset(volume_info->password, 0,
2440                                 strlen(volume_info->password));
2441                         kfree(volume_info->password);
2442                 }
2443                 kfree(volume_info->UNC);
2444                 kfree(volume_info->prepath);
2445                 kfree(volume_info);
2446         }
2447         FreeXid(xid);
2448         return rc;
2449 }
2450
2451 static int
2452 CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2453               char session_key[CIFS_SESS_KEY_SIZE],
2454               const struct nls_table *nls_codepage)
2455 {
2456         struct smb_hdr *smb_buffer;
2457         struct smb_hdr *smb_buffer_response;
2458         SESSION_SETUP_ANDX *pSMB;
2459         SESSION_SETUP_ANDX *pSMBr;
2460         char *bcc_ptr;
2461         char *user;
2462         char *domain;
2463         int rc = 0;
2464         int remaining_words = 0;
2465         int bytes_returned = 0;
2466         int len;
2467         __u32 capabilities;
2468         __u16 count;
2469
2470         cFYI(1, ("In sesssetup"));
2471         if (ses == NULL)
2472                 return -EINVAL;
2473         user = ses->userName;
2474         domain = ses->domainName;
2475         smb_buffer = cifs_buf_get();
2476
2477         if (smb_buffer == NULL)
2478                 return -ENOMEM;
2479
2480         smb_buffer_response = smb_buffer;
2481         pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2482
2483         /* send SMBsessionSetup here */
2484         header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2485                         NULL /* no tCon exists yet */ , 13 /* wct */ );
2486
2487         smb_buffer->Mid = GetNextMid(ses->server);
2488         pSMB->req_no_secext.AndXCommand = 0xFF;
2489         pSMB->req_no_secext.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2490         pSMB->req_no_secext.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2491
2492         if (ses->server->secMode &
2493                         (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2494                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2495
2496         capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2497                 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
2498         if (ses->capabilities & CAP_UNICODE) {
2499                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2500                 capabilities |= CAP_UNICODE;
2501         }
2502         if (ses->capabilities & CAP_STATUS32) {
2503                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2504                 capabilities |= CAP_STATUS32;
2505         }
2506         if (ses->capabilities & CAP_DFS) {
2507                 smb_buffer->Flags2 |= SMBFLG2_DFS;
2508                 capabilities |= CAP_DFS;
2509         }
2510         pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
2511
2512         pSMB->req_no_secext.CaseInsensitivePasswordLength =
2513                 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2514
2515         pSMB->req_no_secext.CaseSensitivePasswordLength =
2516             cpu_to_le16(CIFS_SESS_KEY_SIZE);
2517         bcc_ptr = pByteArea(smb_buffer);
2518         memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2519         bcc_ptr += CIFS_SESS_KEY_SIZE;
2520         memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2521         bcc_ptr += CIFS_SESS_KEY_SIZE;
2522
2523         if (ses->capabilities & CAP_UNICODE) {
2524                 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode */
2525                         *bcc_ptr = 0;
2526                         bcc_ptr++;
2527                 }
2528                 if (user == NULL)
2529                         bytes_returned = 0; /* skip null user */
2530                 else
2531                         bytes_returned =
2532                                 cifs_strtoUCS((__le16 *) bcc_ptr, user, 100,
2533                                         nls_codepage);
2534                 /* convert number of 16 bit words to bytes */
2535                 bcc_ptr += 2 * bytes_returned;
2536                 bcc_ptr += 2;   /* trailing null */
2537                 if (domain == NULL)
2538                         bytes_returned =
2539                             cifs_strtoUCS((__le16 *) bcc_ptr,
2540                                           "CIFS_LINUX_DOM", 32, nls_codepage);
2541                 else
2542                         bytes_returned =
2543                             cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2544                                           nls_codepage);
2545                 bcc_ptr += 2 * bytes_returned;
2546                 bcc_ptr += 2;
2547                 bytes_returned =
2548                     cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2549                                   32, nls_codepage);
2550                 bcc_ptr += 2 * bytes_returned;
2551                 bytes_returned =
2552                     cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release,
2553                                   32, nls_codepage);
2554                 bcc_ptr += 2 * bytes_returned;
2555                 bcc_ptr += 2;
2556                 bytes_returned =
2557                     cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2558                                   64, nls_codepage);
2559                 bcc_ptr += 2 * bytes_returned;
2560                 bcc_ptr += 2;
2561         } else {
2562                 if (user != NULL) {
2563                     strncpy(bcc_ptr, user, 200);
2564                     bcc_ptr += strnlen(user, 200);
2565                 }
2566                 *bcc_ptr = 0;
2567                 bcc_ptr++;
2568                 if (domain == NULL) {
2569                         strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2570                         bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2571                 } else {
2572                         strncpy(bcc_ptr, domain, 64);
2573                         bcc_ptr += strnlen(domain, 64);
2574                         *bcc_ptr = 0;
2575                         bcc_ptr++;
2576                 }
2577                 strcpy(bcc_ptr, "Linux version ");
2578                 bcc_ptr += strlen("Linux version ");
2579                 strcpy(bcc_ptr, utsname()->release);
2580                 bcc_ptr += strlen(utsname()->release) + 1;
2581                 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2582                 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2583         }
2584         count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2585         smb_buffer->smb_buf_length += count;
2586         pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
2587
2588         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2589                          &bytes_returned, CIFS_LONG_OP);
2590         if (rc) {
2591 /* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2592         } else if ((smb_buffer_response->WordCount == 3)
2593                    || (smb_buffer_response->WordCount == 4)) {
2594                 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2595                 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2596                 if (action & GUEST_LOGIN)
2597                         cFYI(1, ("Guest login")); /* BB mark SesInfo struct? */
2598                 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format
2599                                                          (little endian) */
2600                 cFYI(1, ("UID = %d ", ses->Suid));
2601         /* response can have either 3 or 4 word count - Samba sends 3 */
2602                 bcc_ptr = pByteArea(smb_buffer_response);
2603                 if ((pSMBr->resp.hdr.WordCount == 3)
2604                     || ((pSMBr->resp.hdr.WordCount == 4)
2605                         && (blob_len < pSMBr->resp.ByteCount))) {
2606                         if (pSMBr->resp.hdr.WordCount == 4)
2607                                 bcc_ptr += blob_len;
2608
2609                         if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2610                                 if ((long) (bcc_ptr) % 2) {
2611                                         remaining_words =
2612                                             (BCC(smb_buffer_response) - 1) / 2;
2613                                         /* Unicode strings must be word
2614                                            aligned */
2615                                         bcc_ptr++;
2616                                 } else {
2617                                         remaining_words =
2618                                                 BCC(smb_buffer_response) / 2;
2619                                 }
2620                                 len =
2621                                     UniStrnlen((wchar_t *) bcc_ptr,
2622                                                remaining_words - 1);
2623 /* We look for obvious messed up bcc or strings in response so we do not go off
2624    the end since (at least) WIN2K and Windows XP have a major bug in not null
2625    terminating last Unicode string in response  */
2626                                 if (ses->serverOS)
2627                                         kfree(ses->serverOS);
2628                                 ses->serverOS = kzalloc(2 * (len + 1),
2629                                                         GFP_KERNEL);
2630                                 if (ses->serverOS == NULL)
2631                                         goto sesssetup_nomem;
2632                                 cifs_strfromUCS_le(ses->serverOS,
2633                                                    (__le16 *)bcc_ptr,
2634                                                    len, nls_codepage);
2635                                 bcc_ptr += 2 * (len + 1);
2636                                 remaining_words -= len + 1;
2637                                 ses->serverOS[2 * len] = 0;
2638                                 ses->serverOS[1 + (2 * len)] = 0;
2639                                 if (remaining_words > 0) {
2640                                         len = UniStrnlen((wchar_t *)bcc_ptr,
2641                                                          remaining_words-1);
2642                                         kfree(ses->serverNOS);
2643                                         ses->serverNOS = kzalloc(2 * (len + 1),
2644                                                                  GFP_KERNEL);
2645                                         if (ses->serverNOS == NULL)
2646                                                 goto sesssetup_nomem;
2647                                         cifs_strfromUCS_le(ses->serverNOS,
2648                                                            (__le16 *)bcc_ptr,
2649                                                            len, nls_codepage);
2650                                         bcc_ptr += 2 * (len + 1);
2651                                         ses->serverNOS[2 * len] = 0;
2652                                         ses->serverNOS[1 + (2 * len)] = 0;
2653                                         if (strncmp(ses->serverNOS,
2654                                                 "NT LAN Manager 4", 16) == 0) {
2655                                                 cFYI(1, ("NT4 server"));
2656                                                 ses->flags |= CIFS_SES_NT4;
2657                                         }
2658                                         remaining_words -= len + 1;
2659                                         if (remaining_words > 0) {
2660                                                 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2661                                 /* last string is not always null terminated
2662                                    (for e.g. for Windows XP & 2000) */
2663                                                 if (ses->serverDomain)
2664                                                         kfree(ses->serverDomain);
2665                                                 ses->serverDomain =
2666                                                     kzalloc(2*(len+1),
2667                                                             GFP_KERNEL);
2668                                                 if (ses->serverDomain == NULL)
2669                                                         goto sesssetup_nomem;
2670                                                 cifs_strfromUCS_le(ses->serverDomain,
2671                                                         (__le16 *)bcc_ptr,
2672                                                         len, nls_codepage);
2673                                                 bcc_ptr += 2 * (len + 1);
2674                                                 ses->serverDomain[2*len] = 0;
2675                                                 ses->serverDomain[1+(2*len)] = 0;
2676                                         } else { /* else no more room so create
2677                                                   dummy domain string */
2678                                                 if (ses->serverDomain)
2679                                                         kfree(ses->serverDomain);
2680                                                 ses->serverDomain =
2681                                                         kzalloc(2, GFP_KERNEL);
2682                                         }
2683                                 } else { /* no room so create dummy domain
2684                                             and NOS string */
2685
2686                                         /* if these kcallocs fail not much we
2687                                            can do, but better to not fail the
2688                                            sesssetup itself */
2689                                         kfree(ses->serverDomain);
2690                                         ses->serverDomain =
2691                                             kzalloc(2, GFP_KERNEL);
2692                                         kfree(ses->serverNOS);
2693                                         ses->serverNOS =
2694                                             kzalloc(2, GFP_KERNEL);
2695                                 }
2696                         } else {        /* ASCII */
2697                                 len = strnlen(bcc_ptr, 1024);
2698                                 if (((long) bcc_ptr + len) - (long)
2699                                     pByteArea(smb_buffer_response)
2700                                             <= BCC(smb_buffer_response)) {
2701                                         kfree(ses->serverOS);
2702                                         ses->serverOS = kzalloc(len + 1,
2703                                                                 GFP_KERNEL);
2704                                         if (ses->serverOS == NULL)
2705                                                 goto sesssetup_nomem;
2706                                         strncpy(ses->serverOS, bcc_ptr, len);
2707
2708                                         bcc_ptr += len;
2709                                         /* null terminate the string */
2710                                         bcc_ptr[0] = 0;
2711                                         bcc_ptr++;
2712
2713                                         len = strnlen(bcc_ptr, 1024);
2714                                         kfree(ses->serverNOS);
2715                                         ses->serverNOS = kzalloc(len + 1,
2716                                                                  GFP_KERNEL);
2717                                         if (ses->serverNOS == NULL)
2718                                                 goto sesssetup_nomem;
2719                                         strncpy(ses->serverNOS, bcc_ptr, len);
2720                                         bcc_ptr += len;
2721                                         bcc_ptr[0] = 0;
2722                                         bcc_ptr++;
2723
2724                                         len = strnlen(bcc_ptr, 1024);
2725                                         if (ses->serverDomain)
2726                                                 kfree(ses->serverDomain);
2727                                         ses->serverDomain = kzalloc(len + 1,
2728                                                                     GFP_KERNEL);
2729                                         if (ses->serverDomain == NULL)
2730                                                 goto sesssetup_nomem;
2731                                         strncpy(ses->serverDomain, bcc_ptr,
2732                                                 len);
2733                                         bcc_ptr += len;
2734                                         bcc_ptr[0] = 0;
2735                                         bcc_ptr++;
2736                                 } else
2737                                         cFYI(1,
2738                                              ("Variable field of length %d "
2739                                                 "extends beyond end of smb ",
2740                                               len));
2741                         }
2742                 } else {
2743                         cERROR(1, ("Security Blob Length extends beyond "
2744                                 "end of SMB"));
2745                 }
2746         } else {
2747                 cERROR(1, ("Invalid Word count %d: ",
2748                         smb_buffer_response->WordCount));
2749                 rc = -EIO;
2750         }
2751 sesssetup_nomem:        /* do not return an error on nomem for the info strings,
2752                            since that could make reconnection harder, and
2753                            reconnection might be needed to free memory */
2754         cifs_buf_release(smb_buffer);
2755
2756         return rc;
2757 }
2758
2759 static int
2760 CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2761                               struct cifsSesInfo *ses, bool *pNTLMv2_flag,
2762                               const struct nls_table *nls_codepage)
2763 {
2764         struct smb_hdr *smb_buffer;
2765         struct smb_hdr *smb_buffer_response;
2766         SESSION_SETUP_ANDX *pSMB;
2767         SESSION_SETUP_ANDX *pSMBr;
2768         char *bcc_ptr;
2769         char *domain;
2770         int rc = 0;
2771         int remaining_words = 0;
2772         int bytes_returned = 0;
2773         int len;
2774         int SecurityBlobLength = sizeof(NEGOTIATE_MESSAGE);
2775         PNEGOTIATE_MESSAGE SecurityBlob;
2776         PCHALLENGE_MESSAGE SecurityBlob2;
2777         __u32 negotiate_flags, capabilities;
2778         __u16 count;
2779
2780         cFYI(1, ("In NTLMSSP sesssetup (negotiate)"));
2781         if (ses == NULL)
2782                 return -EINVAL;
2783         domain = ses->domainName;
2784         *pNTLMv2_flag = false;
2785         smb_buffer = cifs_buf_get();
2786         if (smb_buffer == NULL) {
2787                 return -ENOMEM;
2788         }
2789         smb_buffer_response = smb_buffer;
2790         pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2791         pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2792
2793         /* send SMBsessionSetup here */
2794         header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2795                         NULL /* no tCon exists yet */ , 12 /* wct */ );
2796
2797         smb_buffer->Mid = GetNextMid(ses->server);
2798         pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2799         pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2800
2801         pSMB->req.AndXCommand = 0xFF;
2802         pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2803         pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2804
2805         if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2806                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2807
2808         capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2809             CAP_EXTENDED_SECURITY;
2810         if (ses->capabilities & CAP_UNICODE) {
2811                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2812                 capabilities |= CAP_UNICODE;
2813         }
2814         if (ses->capabilities & CAP_STATUS32) {
2815                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2816                 capabilities |= CAP_STATUS32;
2817         }
2818         if (ses->capabilities & CAP_DFS) {
2819                 smb_buffer->Flags2 |= SMBFLG2_DFS;
2820                 capabilities |= CAP_DFS;
2821         }
2822         pSMB->req.Capabilities = cpu_to_le32(capabilities);
2823
2824         bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2825         SecurityBlob = (PNEGOTIATE_MESSAGE) bcc_ptr;
2826         strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2827         SecurityBlob->MessageType = NtLmNegotiate;
2828         negotiate_flags =
2829             NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
2830             NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM |
2831             NTLMSSP_NEGOTIATE_56 |
2832             /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
2833         if (sign_CIFS_PDUs)
2834                 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
2835 /*      if (ntlmv2_support)
2836                 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;*/
2837         /* setup pointers to domain name and workstation name */
2838         bcc_ptr += SecurityBlobLength;
2839
2840         SecurityBlob->WorkstationName.Buffer = 0;
2841         SecurityBlob->WorkstationName.Length = 0;
2842         SecurityBlob->WorkstationName.MaximumLength = 0;
2843
2844         /* Domain not sent on first Sesssetup in NTLMSSP, instead it is sent
2845         along with username on auth request (ie the response to challenge) */
2846         SecurityBlob->DomainName.Buffer = 0;
2847         SecurityBlob->DomainName.Length = 0;
2848         SecurityBlob->DomainName.MaximumLength = 0;
2849         if (ses->capabilities & CAP_UNICODE) {
2850                 if ((long) bcc_ptr % 2) {
2851                         *bcc_ptr = 0;
2852                         bcc_ptr++;
2853                 }
2854
2855                 bytes_returned =
2856                     cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2857                                   32, nls_codepage);
2858                 bcc_ptr += 2 * bytes_returned;
2859                 bytes_returned =
2860                     cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
2861                                   nls_codepage);
2862                 bcc_ptr += 2 * bytes_returned;
2863                 bcc_ptr += 2;   /* null terminate Linux version */
2864                 bytes_returned =
2865                     cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2866                                   64, nls_codepage);
2867                 bcc_ptr += 2 * bytes_returned;
2868                 *(bcc_ptr + 1) = 0;
2869                 *(bcc_ptr + 2) = 0;
2870                 bcc_ptr += 2;   /* null terminate network opsys string */
2871                 *(bcc_ptr + 1) = 0;
2872                 *(bcc_ptr + 2) = 0;
2873                 bcc_ptr += 2;   /* null domain */
2874         } else {                /* ASCII */
2875                 strcpy(bcc_ptr, "Linux version ");
2876                 bcc_ptr += strlen("Linux version ");
2877                 strcpy(bcc_ptr, utsname()->release);
2878                 bcc_ptr += strlen(utsname()->release) + 1;
2879                 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2880                 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2881                 bcc_ptr++;      /* empty domain field */
2882                 *bcc_ptr = 0;
2883         }
2884         SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2885         pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2886         count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2887         smb_buffer->smb_buf_length += count;
2888         pSMB->req.ByteCount = cpu_to_le16(count);
2889
2890         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2891                          &bytes_returned, CIFS_LONG_OP);
2892
2893         if (smb_buffer_response->Status.CifsError ==
2894             cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
2895                 rc = 0;
2896
2897         if (rc) {
2898 /*    rc = map_smb_to_linux_error(smb_buffer_response);  *//* done in SendReceive now */
2899         } else if ((smb_buffer_response->WordCount == 3)
2900                    || (smb_buffer_response->WordCount == 4)) {
2901                 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2902                 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2903
2904                 if (action & GUEST_LOGIN)
2905                         cFYI(1, ("Guest login"));
2906         /* Do we want to set anything in SesInfo struct when guest login? */
2907
2908                 bcc_ptr = pByteArea(smb_buffer_response);
2909         /* response can have either 3 or 4 word count - Samba sends 3 */
2910
2911                 SecurityBlob2 = (PCHALLENGE_MESSAGE) bcc_ptr;
2912                 if (SecurityBlob2->MessageType != NtLmChallenge) {
2913                         cFYI(1, ("Unexpected NTLMSSP message type received %d",
2914                               SecurityBlob2->MessageType));
2915                 } else if (ses) {
2916                         ses->Suid = smb_buffer_response->Uid; /* UID left in le format */
2917                         cFYI(1, ("UID = %d", ses->Suid));
2918                         if ((pSMBr->resp.hdr.WordCount == 3)
2919                             || ((pSMBr->resp.hdr.WordCount == 4)
2920                                 && (blob_len <
2921                                     pSMBr->resp.ByteCount))) {
2922
2923                                 if (pSMBr->resp.hdr.WordCount == 4) {
2924                                         bcc_ptr += blob_len;
2925                                         cFYI(1, ("Security Blob Length %d",
2926                                               blob_len));
2927                                 }
2928
2929                                 cFYI(1, ("NTLMSSP Challenge rcvd"));
2930
2931                                 memcpy(ses->server->cryptKey,
2932                                        SecurityBlob2->Challenge,
2933                                        CIFS_CRYPTO_KEY_SIZE);
2934                                 if (SecurityBlob2->NegotiateFlags &
2935                                         cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
2936                                         *pNTLMv2_flag = true;
2937
2938                                 if ((SecurityBlob2->NegotiateFlags &
2939                                         cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN))
2940                                         || (sign_CIFS_PDUs > 1))
2941                                                 ses->server->secMode |=
2942                                                         SECMODE_SIGN_REQUIRED;
2943                                 if ((SecurityBlob2->NegotiateFlags &
2944                                         cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN)) && (sign_CIFS_PDUs))
2945                                                 ses->server->secMode |=
2946                                                         SECMODE_SIGN_ENABLED;
2947
2948                                 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2949                                         if ((long) (bcc_ptr) % 2) {
2950                                                 remaining_words =
2951                                                     (BCC(smb_buffer_response)
2952                                                      - 1) / 2;
2953                                          /* Must word align unicode strings */
2954                                                 bcc_ptr++;
2955                                         } else {
2956                                                 remaining_words =
2957                                                     BCC
2958                                                     (smb_buffer_response) / 2;
2959                                         }
2960                                         len =
2961                                             UniStrnlen((wchar_t *) bcc_ptr,
2962                                                        remaining_words - 1);
2963 /* We look for obvious messed up bcc or strings in response so we do not go off
2964    the end since (at least) WIN2K and Windows XP have a major bug in not null
2965    terminating last Unicode string in response  */
2966                                         if (ses->serverOS)
2967                                                 kfree(ses->serverOS);
2968                                         ses->serverOS =
2969                                             kzalloc(2 * (len + 1), GFP_KERNEL);
2970                                         cifs_strfromUCS_le(ses->serverOS,
2971                                                            (__le16 *)
2972                                                            bcc_ptr, len,
2973                                                            nls_codepage);
2974                                         bcc_ptr += 2 * (len + 1);
2975                                         remaining_words -= len + 1;
2976                                         ses->serverOS[2 * len] = 0;
2977                                         ses->serverOS[1 + (2 * len)] = 0;
2978                                         if (remaining_words > 0) {
2979                                                 len = UniStrnlen((wchar_t *)
2980                                                                  bcc_ptr,
2981                                                                  remaining_words
2982                                                                  - 1);
2983                                                 kfree(ses->serverNOS);
2984                                                 ses->serverNOS =
2985                                                     kzalloc(2 * (len + 1),
2986                                                             GFP_KERNEL);
2987                                                 cifs_strfromUCS_le(ses->
2988                                                                    serverNOS,
2989                                                                    (__le16 *)
2990                                                                    bcc_ptr,
2991                                                                    len,
2992                                                                    nls_codepage);
2993                                                 bcc_ptr += 2 * (len + 1);
2994                                                 ses->serverNOS[2 * len] = 0;
2995                                                 ses->serverNOS[1 +
2996                                                                (2 * len)] = 0;
2997                                                 remaining_words -= len + 1;
2998                                                 if (remaining_words > 0) {
2999                                                         len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
3000                                 /* last string not always null terminated
3001                                    (for e.g. for Windows XP & 2000) */
3002                                                         kfree(ses->serverDomain);
3003                                                         ses->serverDomain =
3004                                                             kzalloc(2 *
3005                                                                     (len +
3006                                                                      1),
3007                                                                     GFP_KERNEL);
3008                                                         cifs_strfromUCS_le
3009                                                             (ses->serverDomain,
3010                                                              (__le16 *)bcc_ptr,
3011                                                              len, nls_codepage);
3012                                                         bcc_ptr +=
3013                                                             2 * (len + 1);
3014                                                         ses->serverDomain[2*len]
3015                                                             = 0;
3016                                                         ses->serverDomain
3017                                                                 [1 + (2 * len)]
3018                                                             = 0;
3019                                                 } /* else no more room so create dummy domain string */
3020                                                 else {
3021                                                         kfree(ses->serverDomain);
3022                                                         ses->serverDomain =
3023                                                             kzalloc(2,
3024                                                                     GFP_KERNEL);
3025                                                 }
3026                                         } else {        /* no room so create dummy domain and NOS string */
3027                                                 kfree(ses->serverDomain);
3028                                                 ses->serverDomain =
3029                                                     kzalloc(2, GFP_KERNEL);
3030                                                 kfree(ses->serverNOS);
3031                                                 ses->serverNOS =
3032                                                     kzalloc(2, GFP_KERNEL);
3033                                         }
3034                                 } else {        /* ASCII */
3035                                         len = strnlen(bcc_ptr, 1024);
3036                                         if (((long) bcc_ptr + len) - (long)
3037                                             pByteArea(smb_buffer_response)
3038                                             <= BCC(smb_buffer_response)) {
3039                                                 if (ses->serverOS)
3040                                                         kfree(ses->serverOS);
3041                                                 ses->serverOS =
3042                                                     kzalloc(len + 1,
3043                                                             GFP_KERNEL);
3044                                                 strncpy(ses->serverOS,
3045                                                         bcc_ptr, len);
3046
3047                                                 bcc_ptr += len;
3048                                                 bcc_ptr[0] = 0; /* null terminate string */
3049                                                 bcc_ptr++;
3050
3051                                                 len = strnlen(bcc_ptr, 1024);
3052                                                 kfree(ses->serverNOS);
3053                                                 ses->serverNOS =
3054                                                     kzalloc(len + 1,
3055                                                             GFP_KERNEL);
3056                                                 strncpy(ses->serverNOS, bcc_ptr, len);
3057                                                 bcc_ptr += len;
3058                                                 bcc_ptr[0] = 0;
3059                                                 bcc_ptr++;
3060
3061                                                 len = strnlen(bcc_ptr, 1024);
3062                                                 kfree(ses->serverDomain);
3063                                                 ses->serverDomain =
3064                                                     kzalloc(len + 1,
3065                                                             GFP_KERNEL);
3066                                                 strncpy(ses->serverDomain,
3067                                                         bcc_ptr, len);
3068                                                 bcc_ptr += len;
3069                                                 bcc_ptr[0] = 0;
3070                                                 bcc_ptr++;
3071                                         } else
3072                                                 cFYI(1,
3073                                                      ("field of length %d "
3074                                                     "extends beyond end of smb",
3075                                                       len));
3076                                 }
3077                         } else {
3078                                 cERROR(1, ("Security Blob Length extends beyond"
3079                                            " end of SMB"));
3080                         }
3081                 } else {
3082                         cERROR(1, ("No session structure passed in."));
3083                 }
3084         } else {
3085                 cERROR(1, ("Invalid Word count %d:",
3086                         smb_buffer_response->WordCount));
3087                 rc = -EIO;
3088         }
3089
3090         cifs_buf_release(smb_buffer);
3091
3092         return rc;
3093 }
3094 static int
3095 CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
3096                         char *ntlm_session_key, bool ntlmv2_flag,
3097                         const struct nls_table *nls_codepage)
3098 {
3099         struct smb_hdr *smb_buffer;
3100         struct smb_hdr *smb_buffer_response;
3101         SESSION_SETUP_ANDX *pSMB;
3102         SESSION_SETUP_ANDX *pSMBr;
3103         char *bcc_ptr;
3104         char *user;
3105         char *domain;
3106         int rc = 0;
3107         int remaining_words = 0;
3108         int bytes_returned = 0;
3109         int len;
3110         int SecurityBlobLength = sizeof(AUTHENTICATE_MESSAGE);
3111         PAUTHENTICATE_MESSAGE SecurityBlob;
3112         __u32 negotiate_flags, capabilities;
3113         __u16 count;
3114
3115         cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
3116         if (ses == NULL)
3117                 return -EINVAL;
3118         user = ses->userName;
3119         domain = ses->domainName;
3120         smb_buffer = cifs_buf_get();
3121         if (smb_buffer == NULL) {
3122                 return -ENOMEM;
3123         }
3124         smb_buffer_response = smb_buffer;
3125         pSMB = (SESSION_SETUP_ANDX *)smb_buffer;
3126         pSMBr = (SESSION_SETUP_ANDX *)smb_buffer_response;
3127
3128         /* send SMBsessionSetup here */
3129         header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
3130                         NULL /* no tCon exists yet */ , 12 /* wct */ );
3131
3132         smb_buffer->Mid = GetNextMid(ses->server);
3133         pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
3134         pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
3135         pSMB->req.AndXCommand = 0xFF;
3136         pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
3137         pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
3138
3139         pSMB->req.hdr.Uid = ses->Suid;
3140
3141         if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3142                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3143
3144         capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
3145                         CAP_EXTENDED_SECURITY;
3146         if (ses->capabilities & CAP_UNICODE) {
3147                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3148                 capabilities |= CAP_UNICODE;
3149         }
3150         if (ses->capabilities & CAP_STATUS32) {
3151                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3152                 capabilities |= CAP_STATUS32;
3153         }
3154         if (ses->capabilities & CAP_DFS) {
3155                 smb_buffer->Flags2 |= SMBFLG2_DFS;
3156                 capabilities |= CAP_DFS;
3157         }
3158         pSMB->req.Capabilities = cpu_to_le32(capabilities);
3159
3160         bcc_ptr = (char *)&pSMB->req.SecurityBlob;
3161         SecurityBlob = (PAUTHENTICATE_MESSAGE)bcc_ptr;
3162         strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
3163         SecurityBlob->MessageType = NtLmAuthenticate;
3164         bcc_ptr += SecurityBlobLength;
3165         negotiate_flags = NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
3166                         NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
3167                         0x80000000 | NTLMSSP_NEGOTIATE_128;
3168         if (sign_CIFS_PDUs)
3169                 negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
3170         if (ntlmv2_flag)
3171                 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
3172
3173 /* setup pointers to domain name and workstation name */
3174
3175         SecurityBlob->WorkstationName.Buffer = 0;
3176         SecurityBlob->WorkstationName.Length = 0;
3177         SecurityBlob->WorkstationName.MaximumLength = 0;
3178         SecurityBlob->SessionKey.Length = 0;
3179         SecurityBlob->SessionKey.MaximumLength = 0;
3180         SecurityBlob->SessionKey.Buffer = 0;
3181
3182         SecurityBlob->LmChallengeResponse.Length = 0;
3183         SecurityBlob->LmChallengeResponse.MaximumLength = 0;
3184         SecurityBlob->LmChallengeResponse.Buffer = 0;
3185
3186         SecurityBlob->NtChallengeResponse.Length =
3187             cpu_to_le16(CIFS_SESS_KEY_SIZE);
3188         SecurityBlob->NtChallengeResponse.MaximumLength =
3189             cpu_to_le16(CIFS_SESS_KEY_SIZE);
3190         memcpy(bcc_ptr, ntlm_session_key, CIFS_SESS_KEY_SIZE);
3191         SecurityBlob->NtChallengeResponse.Buffer =
3192             cpu_to_le32(SecurityBlobLength);
3193         SecurityBlobLength += CIFS_SESS_KEY_SIZE;
3194         bcc_ptr += CIFS_SESS_KEY_SIZE;
3195
3196         if (ses->capabilities & CAP_UNICODE) {
3197                 if (domain == NULL) {
3198                         SecurityBlob->DomainName.Buffer = 0;
3199                         SecurityBlob->DomainName.Length = 0;
3200                         SecurityBlob->DomainName.MaximumLength = 0;
3201                 } else {
3202                         __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
3203                                           nls_codepage);
3204                         ln *= 2;
3205                         SecurityBlob->DomainName.MaximumLength =
3206                             cpu_to_le16(ln);
3207                         SecurityBlob->DomainName.Buffer =
3208                             cpu_to_le32(SecurityBlobLength);
3209                         bcc_ptr += ln;
3210                         SecurityBlobLength += ln;
3211                         SecurityBlob->DomainName.Length = cpu_to_le16(ln);
3212                 }
3213                 if (user == NULL) {
3214                         SecurityBlob->UserName.Buffer = 0;
3215                         SecurityBlob->UserName.Length = 0;
3216                         SecurityBlob->UserName.MaximumLength = 0;
3217                 } else {
3218                         __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, user, 64,
3219                                           nls_codepage);
3220                         ln *= 2;
3221                         SecurityBlob->UserName.MaximumLength =
3222                             cpu_to_le16(ln);
3223                         SecurityBlob->UserName.Buffer =
3224                             cpu_to_le32(SecurityBlobLength);
3225                         bcc_ptr += ln;
3226                         SecurityBlobLength += ln;
3227                         SecurityBlob->UserName.Length = cpu_to_le16(ln);
3228                 }
3229
3230                 /* SecurityBlob->WorkstationName.Length =
3231                  cifs_strtoUCS((__le16 *) bcc_ptr, "AMACHINE",64, nls_codepage);
3232                    SecurityBlob->WorkstationName.Length *= 2;
3233                    SecurityBlob->WorkstationName.MaximumLength =
3234                         cpu_to_le16(SecurityBlob->WorkstationName.Length);
3235                    SecurityBlob->WorkstationName.Buffer =
3236                                  cpu_to_le32(SecurityBlobLength);
3237                    bcc_ptr += SecurityBlob->WorkstationName.Length;
3238                    SecurityBlobLength += SecurityBlob->WorkstationName.Length;
3239                    SecurityBlob->WorkstationName.Length =
3240                         cpu_to_le16(SecurityBlob->WorkstationName.Length);  */
3241
3242                 if ((long) bcc_ptr % 2) {
3243                         *bcc_ptr = 0;
3244                         bcc_ptr++;
3245                 }
3246                 bytes_returned =
3247                     cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
3248                                   32, nls_codepage);
3249                 bcc_ptr += 2 * bytes_returned;
3250                 bytes_returned =
3251                     cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
3252                                   nls_codepage);
3253                 bcc_ptr += 2 * bytes_returned;
3254                 bcc_ptr += 2;   /* null term version string */
3255                 bytes_returned =
3256                     cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
3257                                   64, nls_codepage);
3258                 bcc_ptr += 2 * bytes_returned;
3259                 *(bcc_ptr + 1) = 0;
3260                 *(bcc_ptr + 2) = 0;
3261                 bcc_ptr += 2;   /* null terminate network opsys string */
3262                 *(bcc_ptr + 1) = 0;
3263                 *(bcc_ptr + 2) = 0;
3264                 bcc_ptr += 2;   /* null domain */
3265         } else {                /* ASCII */
3266                 if (domain == NULL) {
3267                         SecurityBlob->DomainName.Buffer = 0;
3268                         SecurityBlob->DomainName.Length = 0;
3269                         SecurityBlob->DomainName.MaximumLength = 0;
3270                 } else {
3271                         __u16 ln;
3272                         negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
3273                         strncpy(bcc_ptr, domain, 63);
3274                         ln = strnlen(domain, 64);
3275                         SecurityBlob->DomainName.MaximumLength =
3276                             cpu_to_le16(ln);
3277                         SecurityBlob->DomainName.Buffer =
3278                             cpu_to_le32(SecurityBlobLength);
3279                         bcc_ptr += ln;
3280                         SecurityBlobLength += ln;
3281                         SecurityBlob->DomainName.Length = cpu_to_le16(ln);
3282                 }
3283                 if (user == NULL) {
3284                         SecurityBlob->UserName.Buffer = 0;
3285                         SecurityBlob->UserName.Length = 0;
3286                         SecurityBlob->UserName.MaximumLength = 0;
3287                 } else {
3288                         __u16 ln;
3289                         strncpy(bcc_ptr, user, 63);
3290                         ln = strnlen(user, 64);
3291                         SecurityBlob->UserName.MaximumLength = cpu_to_le16(ln);
3292                         SecurityBlob->UserName.Buffer =
3293                                                 cpu_to_le32(SecurityBlobLength);
3294                         bcc_ptr += ln;
3295                         SecurityBlobLength += ln;
3296                         SecurityBlob->UserName.Length = cpu_to_le16(ln);
3297                 }
3298                 /* BB fill in our workstation name if known BB */
3299
3300                 strcpy(bcc_ptr, "Linux version ");
3301                 bcc_ptr += strlen("Linux version ");
3302                 strcpy(bcc_ptr, utsname()->release);
3303                 bcc_ptr += strlen(utsname()->release) + 1;
3304                 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
3305                 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
3306                 bcc_ptr++;      /* null domain */
3307                 *bcc_ptr = 0;
3308         }
3309         SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
3310         pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
3311         count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
3312         smb_buffer->smb_buf_length += count;
3313         pSMB->req.ByteCount = cpu_to_le16(count);
3314
3315         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
3316                          &bytes_returned, CIFS_LONG_OP);
3317         if (rc) {
3318 /*   rc = map_smb_to_linux_error(smb_buffer_response) done in SendReceive now */
3319         } else if ((smb_buffer_response->WordCount == 3) ||
3320                    (smb_buffer_response->WordCount == 4)) {
3321                 __u16 action = le16_to_cpu(pSMBr->resp.Action);
3322                 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
3323                 if (action & GUEST_LOGIN)
3324                         cFYI(1, ("Guest login")); /* BB Should we set anything
3325                                                          in SesInfo struct ? */
3326 /*              if (SecurityBlob2->MessageType != NtLm??) {
3327                         cFYI("Unexpected message type on auth response is %d"));
3328                 } */
3329
3330                 if (ses) {
3331                         cFYI(1,
3332                              ("Check challenge UID %d vs auth response UID %d",
3333                               ses->Suid, smb_buffer_response->Uid));
3334                         /* UID left in wire format */
3335                         ses->Suid = smb_buffer_response->Uid;
3336                         bcc_ptr = pByteArea(smb_buffer_response);
3337                 /* response can have either 3 or 4 word count - Samba sends 3 */
3338                         if ((pSMBr->resp.hdr.WordCount == 3)
3339                             || ((pSMBr->resp.hdr.WordCount == 4)
3340                                 && (blob_len <
3341                                     pSMBr->resp.ByteCount))) {
3342                                 if (pSMBr->resp.hdr.WordCount == 4) {
3343                                         bcc_ptr +=
3344                                             blob_len;
3345                                         cFYI(1,
3346                                              ("Security Blob Length %d ",
3347                                               blob_len));
3348                                 }
3349
3350                                 cFYI(1,
3351                                      ("NTLMSSP response to Authenticate "));
3352
3353                                 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3354                                         if ((long) (bcc_ptr) % 2) {
3355                                                 remaining_words =
3356                                                     (BCC(smb_buffer_response)
3357                                                      - 1) / 2;
3358                                                 bcc_ptr++;      /* Unicode strings must be word aligned */
3359                                         } else {
3360                                                 remaining_words = BCC(smb_buffer_response) / 2;
3361                                         }
3362                                         len = UniStrnlen((wchar_t *) bcc_ptr,
3363                                                         remaining_words - 1);
3364 /* We look for obvious messed up bcc or strings in response so we do not go off
3365   the end since (at least) WIN2K and Windows XP have a major bug in not null
3366   terminating last Unicode string in response  */
3367                                         if (ses->serverOS)
3368                                                 kfree(ses->serverOS);
3369                                         ses->serverOS =
3370                                             kzalloc(2 * (len + 1), GFP_KERNEL);
3371                                         cifs_strfromUCS_le(ses->serverOS,
3372                                                            (__le16 *)
3373                                                            bcc_ptr, len,
3374                                                            nls_codepage);
3375                                         bcc_ptr += 2 * (len + 1);
3376                                         remaining_words -= len + 1;
3377                                         ses->serverOS[2 * len] = 0;
3378                                         ses->serverOS[1 + (2 * len)] = 0;
3379                                         if (remaining_words > 0) {
3380                                                 len = UniStrnlen((wchar_t *)
3381                                                                  bcc_ptr,
3382                                                                  remaining_words
3383                                                                  - 1);
3384                                                 kfree(ses->serverNOS);
3385                                                 ses->serverNOS =
3386                                                     kzalloc(2 * (len + 1),
3387                                                             GFP_KERNEL);
3388                                                 cifs_strfromUCS_le(ses->
3389                                                                    serverNOS,
3390                                                                    (__le16 *)
3391                                                                    bcc_ptr,
3392                                                                    len,
3393                                                                    nls_codepage);
3394                                                 bcc_ptr += 2 * (len + 1);
3395                                                 ses->serverNOS[2 * len] = 0;
3396                                                 ses->serverNOS[1+(2*len)] = 0;
3397                                                 remaining_words -= len + 1;
3398                                                 if (remaining_words > 0) {
3399                                                         len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
3400      /* last string not always null terminated (e.g. for Windows XP & 2000) */
3401                                                         if (ses->serverDomain)
3402                                                                 kfree(ses->serverDomain);
3403                                                         ses->serverDomain =
3404                                                             kzalloc(2 *
3405                                                                     (len +
3406                                                                      1),
3407                                                                     GFP_KERNEL);
3408                                                         cifs_strfromUCS_le
3409                                                             (ses->
3410                                                              serverDomain,
3411                                                              (__le16 *)
3412                                                              bcc_ptr, len,
3413                                                              nls_codepage);
3414                                                         bcc_ptr +=
3415                                                             2 * (len + 1);
3416                                                         ses->
3417                                                             serverDomain[2
3418                                                                          * len]
3419                                                             = 0;
3420                                                         ses->
3421                                                             serverDomain[1
3422                                                                          +
3423                                                                          (2
3424                                                                           *
3425                                                                           len)]
3426                                                             = 0;
3427                                                 } /* else no more room so create dummy domain string */
3428                                                 else {
3429                                                         if (ses->serverDomain)
3430                                                                 kfree(ses->serverDomain);
3431                                                         ses->serverDomain = kzalloc(2,GFP_KERNEL);
3432                                                 }
3433                                         } else {  /* no room so create dummy domain and NOS string */
3434                                                 if (ses->serverDomain)
3435                                                         kfree(ses->serverDomain);
3436                                                 ses->serverDomain = kzalloc(2, GFP_KERNEL);
3437                                                 kfree(ses->serverNOS);
3438                                                 ses->serverNOS = kzalloc(2, GFP_KERNEL);
3439                                         }
3440                                 } else {        /* ASCII */
3441                                         len = strnlen(bcc_ptr, 1024);
3442                                         if (((long) bcc_ptr + len) -
3443                                            (long) pByteArea(smb_buffer_response)
3444                                                 <= BCC(smb_buffer_response)) {
3445                                                 if (ses->serverOS)
3446                                                         kfree(ses->serverOS);
3447                                                 ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
3448                                                 strncpy(ses->serverOS,bcc_ptr, len);
3449
3450                                                 bcc_ptr += len;
3451                                                 bcc_ptr[0] = 0; /* null terminate the string */
3452                                                 bcc_ptr++;
3453
3454                                                 len = strnlen(bcc_ptr, 1024);
3455                                                 kfree(ses->serverNOS);
3456                                                 ses->serverNOS = kzalloc(len+1,
3457                                                                     GFP_KERNEL);
3458                                                 strncpy(ses->serverNOS,
3459                                                         bcc_ptr, len);
3460                                                 bcc_ptr += len;
3461                                                 bcc_ptr[0] = 0;
3462                                                 bcc_ptr++;
3463
3464                                                 len = strnlen(bcc_ptr, 1024);
3465                                                 if (ses->serverDomain)
3466                                                         kfree(ses->serverDomain);
3467                                                 ses->serverDomain =
3468                                                                 kzalloc(len+1,
3469                                                                     GFP_KERNEL);
3470                                                 strncpy(ses->serverDomain,
3471                                                         bcc_ptr, len);
3472                                                 bcc_ptr += len;
3473                                                 bcc_ptr[0] = 0;
3474                                                 bcc_ptr++;
3475                                         } else
3476                                                 cFYI(1, ("field of length %d "
3477                                                    "extends beyond end of smb ",
3478                                                       len));
3479                                 }
3480                         } else {
3481                                 cERROR(1, ("Security Blob extends beyond end "
3482                                         "of SMB"));
3483                         }
3484                 } else {
3485                         cERROR(1, ("No session structure passed in."));
3486                 }
3487         } else {
3488                 cERROR(1, ("Invalid Word count %d: ",
3489                         smb_buffer_response->WordCount));
3490                 rc = -EIO;
3491         }
3492
3493         cifs_buf_release(smb_buffer);
3494
3495         return rc;
3496 }
3497
3498 int
3499 CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3500          const char *tree, struct cifsTconInfo *tcon,
3501          const struct nls_table *nls_codepage)
3502 {
3503         struct smb_hdr *smb_buffer;
3504         struct smb_hdr *smb_buffer_response;
3505         TCONX_REQ *pSMB;
3506         TCONX_RSP *pSMBr;
3507         unsigned char *bcc_ptr;
3508         int rc = 0;
3509         int length;
3510         __u16 count;
3511
3512         if (ses == NULL)
3513                 return -EIO;
3514
3515         smb_buffer = cifs_buf_get();
3516         if (smb_buffer == NULL) {
3517                 return -ENOMEM;
3518         }
3519         smb_buffer_response = smb_buffer;
3520
3521         header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3522                         NULL /*no tid */ , 4 /*wct */ );
3523
3524         smb_buffer->Mid = GetNextMid(ses->server);
3525         smb_buffer->Uid = ses->Suid;
3526         pSMB = (TCONX_REQ *) smb_buffer;
3527         pSMBr = (TCONX_RSP *) smb_buffer_response;
3528
3529         pSMB->AndXCommand = 0xFF;
3530         pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
3531         bcc_ptr = &pSMB->Password[0];
3532         if ((ses->server->secMode) & SECMODE_USER) {
3533                 pSMB->PasswordLength = cpu_to_le16(1);  /* minimum */
3534                 *bcc_ptr = 0; /* password is null byte */
3535                 bcc_ptr++;              /* skip password */
3536                 /* already aligned so no need to do it below */
3537         } else {
3538                 pSMB->PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);
3539                 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3540                    specified as required (when that support is added to
3541                    the vfs in the future) as only NTLM or the much
3542                    weaker LANMAN (which we do not send by default) is accepted
3543                    by Samba (not sure whether other servers allow
3544                    NTLMv2 password here) */
3545 #ifdef CONFIG_CIFS_WEAK_PW_HASH
3546                 if ((extended_security & CIFSSEC_MAY_LANMAN) &&
3547                     (ses->server->secType == LANMAN))
3548                         calc_lanman_hash(tcon->password, ses->server->cryptKey,
3549                                          ses->server->secMode &
3550                                             SECMODE_PW_ENCRYPT ? true : false,
3551                                          bcc_ptr);
3552                 else
3553 #endif /* CIFS_WEAK_PW_HASH */
3554                 SMBNTencrypt(tcon->password, ses->server->cryptKey,
3555                              bcc_ptr);
3556
3557                 bcc_ptr += CIFS_SESS_KEY_SIZE;
3558                 if (ses->capabilities & CAP_UNICODE) {
3559                         /* must align unicode strings */
3560                         *bcc_ptr = 0; /* null byte password */
3561                         bcc_ptr++;
3562                 }
3563         }
3564
3565         if (ses->server->secMode &
3566                         (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3567                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3568
3569         if (ses->capabilities & CAP_STATUS32) {
3570                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3571         }
3572         if (ses->capabilities & CAP_DFS) {
3573                 smb_buffer->Flags2 |= SMBFLG2_DFS;
3574         }
3575         if (ses->capabilities & CAP_UNICODE) {
3576                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3577                 length =
3578                     cifs_strtoUCS((__le16 *) bcc_ptr, tree,
3579                         6 /* max utf8 char length in bytes */ *
3580                         (/* server len*/ + 256 /* share len */), nls_codepage);
3581                 bcc_ptr += 2 * length;  /* convert num 16 bit words to bytes */
3582                 bcc_ptr += 2;   /* skip trailing null */
3583         } else {                /* ASCII */
3584                 strcpy(bcc_ptr, tree);
3585                 bcc_ptr += strlen(tree) + 1;
3586         }
3587         strcpy(bcc_ptr, "?????");
3588         bcc_ptr += strlen("?????");
3589         bcc_ptr += 1;
3590         count = bcc_ptr - &pSMB->Password[0];
3591         pSMB->hdr.smb_buf_length += count;
3592         pSMB->ByteCount = cpu_to_le16(count);
3593
3594         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length,
3595                          CIFS_STD_OP);
3596
3597         /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3598         /* above now done in SendReceive */
3599         if ((rc == 0) && (tcon != NULL)) {
3600                 tcon->tidStatus = CifsGood;
3601                 tcon->need_reconnect = false;
3602                 tcon->tid = smb_buffer_response->Tid;
3603                 bcc_ptr = pByteArea(smb_buffer_response);
3604                 length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2);
3605                 /* skip service field (NB: this field is always ASCII) */
3606                 if (length == 3) {
3607                         if ((bcc_ptr[0] == 'I') && (bcc_ptr[1] == 'P') &&
3608                             (bcc_ptr[2] == 'C')) {
3609                                 cFYI(1, ("IPC connection"));
3610                                 tcon->ipc = 1;
3611                         }
3612                 } else if (length == 2) {
3613                         if ((bcc_ptr[0] == 'A') && (bcc_ptr[1] == ':')) {
3614                                 /* the most common case */
3615                                 cFYI(1, ("disk share connection"));
3616                         }
3617                 }
3618                 bcc_ptr += length + 1;
3619                 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3620                 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3621                         length = UniStrnlen((wchar_t *) bcc_ptr, 512);
3622                         if ((bcc_ptr + (2 * length)) -
3623                              pByteArea(smb_buffer_response) <=
3624                             BCC(smb_buffer_response)) {
3625                                 kfree(tcon->nativeFileSystem);
3626                                 tcon->nativeFileSystem =
3627                                     kzalloc(length + 2, GFP_KERNEL);
3628                                 if (tcon->nativeFileSystem)
3629                                         cifs_strfromUCS_le(
3630                                                 tcon->nativeFileSystem,
3631                                                 (__le16 *) bcc_ptr,
3632                                                 length, nls_codepage);
3633                                 bcc_ptr += 2 * length;
3634                                 bcc_ptr[0] = 0; /* null terminate the string */
3635                                 bcc_ptr[1] = 0;
3636                                 bcc_ptr += 2;
3637                         }
3638                         /* else do not bother copying these information fields*/
3639                 } else {
3640                         length = strnlen(bcc_ptr, 1024);
3641                         if ((bcc_ptr + length) -
3642                             pByteArea(smb_buffer_response) <=
3643                             BCC(smb_buffer_response)) {
3644                                 kfree(tcon->nativeFileSystem);
3645                                 tcon->nativeFileSystem =
3646                                     kzalloc(length + 1, GFP_KERNEL);
3647                                 if (tcon->nativeFileSystem)
3648                                         strncpy(tcon->nativeFileSystem, bcc_ptr,
3649                                                 length);
3650                         }
3651                         /* else do not bother copying these information fields*/
3652                 }
3653                 if ((smb_buffer_response->WordCount == 3) ||
3654                          (smb_buffer_response->WordCount == 7))
3655                         /* field is in same location */
3656                         tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3657                 else
3658                         tcon->Flags = 0;
3659                 cFYI(1, ("Tcon flags: 0x%x ", tcon->Flags));
3660         } else if ((rc == 0) && tcon == NULL) {
3661                 /* all we need to save for IPC$ connection */
3662                 ses->ipc_tid = smb_buffer_response->Tid;
3663         }
3664
3665         cifs_buf_release(smb_buffer);
3666         return rc;
3667 }
3668
3669 int
3670 cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3671 {
3672         int rc = 0;
3673         char *tmp;
3674
3675         if (cifs_sb->tcon)
3676                 cifs_put_tcon(cifs_sb->tcon);
3677
3678         cifs_sb->tcon = NULL;
3679         tmp = cifs_sb->prepath;
3680         cifs_sb->prepathlen = 0;
3681         cifs_sb->prepath = NULL;
3682         kfree(tmp);
3683
3684         return rc;
3685 }
3686
3687 int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
3688                                            struct nls_table *nls_info)
3689 {
3690         int rc = 0;
3691         char ntlm_session_key[CIFS_SESS_KEY_SIZE];
3692         bool ntlmv2_flag = false;
3693         int first_time = 0;
3694         struct TCP_Server_Info *server = pSesInfo->server;
3695
3696         /* what if server changes its buffer size after dropping the session? */
3697         if (server->maxBuf == 0) /* no need to send on reconnect */ {
3698                 rc = CIFSSMBNegotiate(xid, pSesInfo);
3699                 if (rc == -EAGAIN) {
3700                         /* retry only once on 1st time connection */
3701                         rc = CIFSSMBNegotiate(xid, pSesInfo);
3702                         if (rc == -EAGAIN)
3703                                 rc = -EHOSTDOWN;
3704                 }
3705                 if (rc == 0) {
3706                         spin_lock(&GlobalMid_Lock);
3707                         if (server->tcpStatus != CifsExiting)
3708                                 server->tcpStatus = CifsGood;
3709                         else
3710                                 rc = -EHOSTDOWN;
3711                         spin_unlock(&GlobalMid_Lock);
3712
3713                 }
3714                 first_time = 1;
3715         }
3716
3717         if (rc)
3718                 goto ss_err_exit;
3719
3720         pSesInfo->flags = 0;
3721         pSesInfo->capabilities = server->capabilities;
3722         if (linuxExtEnabled == 0)
3723                 pSesInfo->capabilities &= (~CAP_UNIX);
3724         /*      pSesInfo->sequence_number = 0;*/
3725         cFYI(1, ("Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d",
3726                  server->secMode, server->capabilities, server->timeAdj));
3727
3728         if (experimEnabled < 2)
3729                 rc = CIFS_SessSetup(xid, pSesInfo, first_time, nls_info);
3730         else if (extended_security
3731                         && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3732                         && (server->secType == NTLMSSP)) {
3733                 rc = -EOPNOTSUPP;
3734         } else if (extended_security
3735                         && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3736                         && (server->secType == RawNTLMSSP)) {
3737                 cFYI(1, ("NTLMSSP sesssetup"));
3738                 rc = CIFSNTLMSSPNegotiateSessSetup(xid, pSesInfo, &ntlmv2_flag,
3739                                                    nls_info);
3740                 if (!rc) {
3741                         if (ntlmv2_flag) {
3742                                 char *v2_response;
3743                                 cFYI(1, ("more secure NTLM ver2 hash"));
3744                                 if (CalcNTLMv2_partial_mac_key(pSesInfo,
3745                                                                 nls_info)) {
3746                                         rc = -ENOMEM;
3747                                         goto ss_err_exit;
3748                                 } else
3749                                         v2_response = kmalloc(16 + 64 /* blob*/,
3750                                                                 GFP_KERNEL);
3751                                 if (v2_response) {
3752                                         CalcNTLMv2_response(pSesInfo,
3753                                                                 v2_response);
3754                                 /*      if (first_time)
3755                                                 cifs_calculate_ntlmv2_mac_key */
3756                                         kfree(v2_response);
3757                                         /* BB Put dummy sig in SessSetup PDU? */
3758                                 } else {
3759                                         rc = -ENOMEM;
3760                                         goto ss_err_exit;
3761                                 }
3762
3763                         } else {
3764                                 SMBNTencrypt(pSesInfo->password,
3765                                              server->cryptKey,
3766                                              ntlm_session_key);
3767
3768                                 if (first_time)
3769                                         cifs_calculate_mac_key(
3770                                              &server->mac_signing_key,
3771                                              ntlm_session_key,
3772                                              pSesInfo->password);
3773                         }
3774                         /* for better security the weaker lanman hash not sent
3775                            in AuthSessSetup so we no longer calculate it */
3776
3777                         rc = CIFSNTLMSSPAuthSessSetup(xid, pSesInfo,
3778                                                       ntlm_session_key,
3779                                                       ntlmv2_flag,
3780                                                       nls_info);
3781                 }
3782         } else { /* old style NTLM 0.12 session setup */
3783                 SMBNTencrypt(pSesInfo->password, server->cryptKey,
3784                              ntlm_session_key);
3785
3786                 if (first_time)
3787                         cifs_calculate_mac_key(&server->mac_signing_key,
3788                                                 ntlm_session_key,
3789                                                 pSesInfo->password);
3790
3791                 rc = CIFSSessSetup(xid, pSesInfo, ntlm_session_key, nls_info);
3792         }
3793         if (rc) {
3794                 cERROR(1, ("Send error in SessSetup = %d", rc));
3795         } else {
3796                 cFYI(1, ("CIFS Session Established successfully"));
3797                         spin_lock(&GlobalMid_Lock);
3798                         pSesInfo->status = CifsGood;
3799                         pSesInfo->need_reconnect = false;
3800                         spin_unlock(&GlobalMid_Lock);
3801         }
3802
3803 ss_err_exit:
3804         return rc;
3805 }
3806