Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
[linux-2.6] / fs / cifs / connect.c
1 /*
2  *   fs/cifs/connect.c
3  *
4  *   Copyright (C) International Business Machines  Corp., 2002,2007
5  *   Author(s): Steve French (sfrench@us.ibm.com)
6  *
7  *   This library is free software; you can redistribute it and/or modify
8  *   it under the terms of the GNU Lesser General Public License as published
9  *   by the Free Software Foundation; either version 2.1 of the License, or
10  *   (at your option) any later version.
11  *
12  *   This library is distributed in the hope that it will be useful,
13  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
14  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
15  *   the GNU Lesser General Public License for more details.
16  *
17  *   You should have received a copy of the GNU Lesser General Public License
18  *   along with this library; if not, write to the Free Software
19  *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20  */
21 #include <linux/fs.h>
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/ipv6.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/kthread.h>
34 #include <linux/pagevec.h>
35 #include <linux/freezer.h>
36 #include <asm/uaccess.h>
37 #include <asm/processor.h>
38 #include "cifspdu.h"
39 #include "cifsglob.h"
40 #include "cifsproto.h"
41 #include "cifs_unicode.h"
42 #include "cifs_debug.h"
43 #include "cifs_fs_sb.h"
44 #include "ntlmssp.h"
45 #include "nterr.h"
46 #include "rfc1002pdu.h"
47 #include "cn_cifs.h"
48
49 #define CIFS_PORT 445
50 #define RFC1001_PORT 139
51
52 static DECLARE_COMPLETION(cifsd_complete);
53
54 extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
55                          unsigned char *p24);
56
57 extern mempool_t *cifs_req_poolp;
58
59 struct smb_vol {
60         char *username;
61         char *password;
62         char *domainname;
63         char *UNC;
64         char *UNCip;
65         char *in6_addr;  /* ipv6 address as human readable form of in6_addr */
66         char *iocharset;  /* local code page for mapping to and from Unicode */
67         char source_rfc1001_name[16]; /* netbios name of client */
68         char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
69         uid_t linux_uid;
70         gid_t linux_gid;
71         mode_t file_mode;
72         mode_t dir_mode;
73         unsigned secFlg;
74         unsigned rw:1;
75         unsigned retry:1;
76         unsigned intr:1;
77         unsigned setuids:1;
78         unsigned override_uid:1;
79         unsigned override_gid:1;
80         unsigned noperm:1;
81         unsigned no_psx_acl:1; /* set if posix acl support should be disabled */
82         unsigned cifs_acl:1;
83         unsigned no_xattr:1;   /* set if xattr (EA) support should be disabled*/
84         unsigned server_ino:1; /* use inode numbers from server ie UniqueId */
85         unsigned direct_io:1;
86         unsigned remap:1;   /* set to remap seven reserved chars in filenames */
87         unsigned posix_paths:1;   /* unset to not ask for posix pathnames. */
88         unsigned no_linux_ext:1;
89         unsigned sfu_emul:1;
90         unsigned nullauth:1; /* attempt to authenticate with null user */
91         unsigned nocase;     /* request case insensitive filenames */
92         unsigned nobrl;      /* disable sending byte range locks to srv */
93         unsigned int rsize;
94         unsigned int wsize;
95         unsigned int sockopt;
96         unsigned short int port;
97         char *prepath;
98 };
99
100 static int ipv4_connect(struct sockaddr_in *psin_server,
101                         struct socket **csocket,
102                         char *netb_name,
103                         char *server_netb_name);
104 static int ipv6_connect(struct sockaddr_in6 *psin_server,
105                         struct socket **csocket);
106
107
108         /*
109          * cifs tcp session reconnection
110          *
111          * mark tcp session as reconnecting so temporarily locked
112          * mark all smb sessions as reconnecting for tcp session
113          * reconnect tcp session
114          * wake up waiters on reconnection? - (not needed currently)
115          */
116
117 static int
118 cifs_reconnect(struct TCP_Server_Info *server)
119 {
120         int rc = 0;
121         struct list_head *tmp;
122         struct cifsSesInfo *ses;
123         struct cifsTconInfo *tcon;
124         struct mid_q_entry *mid_entry;
125
126         spin_lock(&GlobalMid_Lock);
127         if (kthread_should_stop()) {
128                 /* the demux thread will exit normally
129                 next time through the loop */
130                 spin_unlock(&GlobalMid_Lock);
131                 return rc;
132         } else
133                 server->tcpStatus = CifsNeedReconnect;
134         spin_unlock(&GlobalMid_Lock);
135         server->maxBuf = 0;
136
137         cFYI(1, ("Reconnecting tcp session"));
138
139         /* before reconnecting the tcp session, mark the smb session (uid)
140                 and the tid bad so they are not used until reconnected */
141         read_lock(&GlobalSMBSeslock);
142         list_for_each(tmp, &GlobalSMBSessionList) {
143                 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
144                 if (ses->server) {
145                         if (ses->server == server) {
146                                 ses->status = CifsNeedReconnect;
147                                 ses->ipc_tid = 0;
148                         }
149                 }
150                 /* else tcp and smb sessions need reconnection */
151         }
152         list_for_each(tmp, &GlobalTreeConnectionList) {
153                 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
154                 if ((tcon) && (tcon->ses) && (tcon->ses->server == server))
155                         tcon->tidStatus = CifsNeedReconnect;
156         }
157         read_unlock(&GlobalSMBSeslock);
158         /* do not want to be sending data on a socket we are freeing */
159         down(&server->tcpSem);
160         if (server->ssocket) {
161                 cFYI(1, ("State: 0x%x Flags: 0x%lx", server->ssocket->state,
162                         server->ssocket->flags));
163                 kernel_sock_shutdown(server->ssocket, SHUT_WR);
164                 cFYI(1, ("Post shutdown state: 0x%x Flags: 0x%lx",
165                         server->ssocket->state,
166                         server->ssocket->flags));
167                 sock_release(server->ssocket);
168                 server->ssocket = NULL;
169         }
170
171         spin_lock(&GlobalMid_Lock);
172         list_for_each(tmp, &server->pending_mid_q) {
173                 mid_entry = list_entry(tmp, struct
174                                         mid_q_entry,
175                                         qhead);
176                 if (mid_entry) {
177                         if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
178                                 /* Mark other intransit requests as needing
179                                    retry so we do not immediately mark the
180                                    session bad again (ie after we reconnect
181                                    below) as they timeout too */
182                                 mid_entry->midState = MID_RETRY_NEEDED;
183                         }
184                 }
185         }
186         spin_unlock(&GlobalMid_Lock);
187         up(&server->tcpSem);
188
189         while ((!kthread_should_stop()) && (server->tcpStatus != CifsGood)) {
190                 try_to_freeze();
191                 if (server->protocolType == IPV6) {
192                         rc = ipv6_connect(&server->addr.sockAddr6,
193                                           &server->ssocket);
194                 } else {
195                         rc = ipv4_connect(&server->addr.sockAddr,
196                                         &server->ssocket,
197                                         server->workstation_RFC1001_name,
198                                         server->server_RFC1001_name);
199                 }
200                 if (rc) {
201                         cFYI(1, ("reconnect error %d", rc));
202                         msleep(3000);
203                 } else {
204                         atomic_inc(&tcpSesReconnectCount);
205                         spin_lock(&GlobalMid_Lock);
206                         if (!kthread_should_stop())
207                                 server->tcpStatus = CifsGood;
208                         server->sequence_number = 0;
209                         spin_unlock(&GlobalMid_Lock);
210         /*              atomic_set(&server->inFlight,0);*/
211                         wake_up(&server->response_q);
212                 }
213         }
214         return rc;
215 }
216
217 /*
218         return codes:
219                 0       not a transact2, or all data present
220                 >0      transact2 with that much data missing
221                 -EINVAL = invalid transact2
222
223  */
224 static int check2ndT2(struct smb_hdr *pSMB, unsigned int maxBufSize)
225 {
226         struct smb_t2_rsp *pSMBt;
227         int total_data_size;
228         int data_in_this_rsp;
229         int remaining;
230
231         if (pSMB->Command != SMB_COM_TRANSACTION2)
232                 return 0;
233
234         /* check for plausible wct, bcc and t2 data and parm sizes */
235         /* check for parm and data offset going beyond end of smb */
236         if (pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
237                 cFYI(1, ("invalid transact2 word count"));
238                 return -EINVAL;
239         }
240
241         pSMBt = (struct smb_t2_rsp *)pSMB;
242
243         total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
244         data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
245
246         remaining = total_data_size - data_in_this_rsp;
247
248         if (remaining == 0)
249                 return 0;
250         else if (remaining < 0) {
251                 cFYI(1, ("total data %d smaller than data in frame %d",
252                         total_data_size, data_in_this_rsp));
253                 return -EINVAL;
254         } else {
255                 cFYI(1, ("missing %d bytes from transact2, check next response",
256                         remaining));
257                 if (total_data_size > maxBufSize) {
258                         cERROR(1, ("TotalDataSize %d is over maximum buffer %d",
259                                 total_data_size, maxBufSize));
260                         return -EINVAL;
261                 }
262                 return remaining;
263         }
264 }
265
266 static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
267 {
268         struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
269         struct smb_t2_rsp *pSMBt  = (struct smb_t2_rsp *)pTargetSMB;
270         int total_data_size;
271         int total_in_buf;
272         int remaining;
273         int total_in_buf2;
274         char *data_area_of_target;
275         char *data_area_of_buf2;
276         __u16 byte_count;
277
278         total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
279
280         if (total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
281                 cFYI(1, ("total data size of primary and secondary t2 differ"));
282         }
283
284         total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
285
286         remaining = total_data_size - total_in_buf;
287
288         if (remaining < 0)
289                 return -EINVAL;
290
291         if (remaining == 0) /* nothing to do, ignore */
292                 return 0;
293
294         total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
295         if (remaining < total_in_buf2) {
296                 cFYI(1, ("transact2 2nd response contains too much data"));
297         }
298
299         /* find end of first SMB data area */
300         data_area_of_target = (char *)&pSMBt->hdr.Protocol +
301                                 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
302         /* validate target area */
303
304         data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
305                                         le16_to_cpu(pSMB2->t2_rsp.DataOffset);
306
307         data_area_of_target += total_in_buf;
308
309         /* copy second buffer into end of first buffer */
310         memcpy(data_area_of_target, data_area_of_buf2, total_in_buf2);
311         total_in_buf += total_in_buf2;
312         pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
313         byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
314         byte_count += total_in_buf2;
315         BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
316
317         byte_count = pTargetSMB->smb_buf_length;
318         byte_count += total_in_buf2;
319
320         /* BB also add check that we are not beyond maximum buffer size */
321
322         pTargetSMB->smb_buf_length = byte_count;
323
324         if (remaining == total_in_buf2) {
325                 cFYI(1, ("found the last secondary response"));
326                 return 0; /* we are done */
327         } else /* more responses to go */
328                 return 1;
329
330 }
331
332 static int
333 cifs_demultiplex_thread(struct TCP_Server_Info *server)
334 {
335         int length;
336         unsigned int pdu_length, total_read;
337         struct smb_hdr *smb_buffer = NULL;
338         struct smb_hdr *bigbuf = NULL;
339         struct smb_hdr *smallbuf = NULL;
340         struct msghdr smb_msg;
341         struct kvec iov;
342         struct socket *csocket = server->ssocket;
343         struct list_head *tmp;
344         struct cifsSesInfo *ses;
345         struct task_struct *task_to_wake = NULL;
346         struct mid_q_entry *mid_entry;
347         char temp;
348         int isLargeBuf = FALSE;
349         int isMultiRsp;
350         int reconnect;
351
352         current->flags |= PF_MEMALLOC;
353         server->tsk = current;  /* save process info to wake at shutdown */
354         cFYI(1, ("Demultiplex PID: %d", task_pid_nr(current)));
355         write_lock(&GlobalSMBSeslock);
356         atomic_inc(&tcpSesAllocCount);
357         length = tcpSesAllocCount.counter;
358         write_unlock(&GlobalSMBSeslock);
359         complete(&cifsd_complete);
360         if (length  > 1)
361                 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
362                                 GFP_KERNEL);
363
364         set_freezable();
365         while (!kthread_should_stop()) {
366                 if (try_to_freeze())
367                         continue;
368                 if (bigbuf == NULL) {
369                         bigbuf = cifs_buf_get();
370                         if (!bigbuf) {
371                                 cERROR(1, ("No memory for large SMB response"));
372                                 msleep(3000);
373                                 /* retry will check if exiting */
374                                 continue;
375                         }
376                 } else if (isLargeBuf) {
377                         /* we are reusing a dirty large buf, clear its start */
378                         memset(bigbuf, 0, sizeof(struct smb_hdr));
379                 }
380
381                 if (smallbuf == NULL) {
382                         smallbuf = cifs_small_buf_get();
383                         if (!smallbuf) {
384                                 cERROR(1, ("No memory for SMB response"));
385                                 msleep(1000);
386                                 /* retry will check if exiting */
387                                 continue;
388                         }
389                         /* beginning of smb buffer is cleared in our buf_get */
390                 } else /* if existing small buf clear beginning */
391                         memset(smallbuf, 0, sizeof(struct smb_hdr));
392
393                 isLargeBuf = FALSE;
394                 isMultiRsp = FALSE;
395                 smb_buffer = smallbuf;
396                 iov.iov_base = smb_buffer;
397                 iov.iov_len = 4;
398                 smb_msg.msg_control = NULL;
399                 smb_msg.msg_controllen = 0;
400                 pdu_length = 4; /* enough to get RFC1001 header */
401 incomplete_rcv:
402                 length =
403                     kernel_recvmsg(csocket, &smb_msg,
404                                 &iov, 1, pdu_length, 0 /* BB other flags? */);
405
406                 if (kthread_should_stop()) {
407                         break;
408                 } else if (server->tcpStatus == CifsNeedReconnect) {
409                         cFYI(1, ("Reconnect after server stopped responding"));
410                         cifs_reconnect(server);
411                         cFYI(1, ("call to reconnect done"));
412                         csocket = server->ssocket;
413                         continue;
414                 } else if ((length == -ERESTARTSYS) || (length == -EAGAIN)) {
415                         msleep(1); /* minimum sleep to prevent looping
416                                 allowing socket to clear and app threads to set
417                                 tcpStatus CifsNeedReconnect if server hung */
418                         if (pdu_length < 4)
419                                 goto incomplete_rcv;
420                         else
421                                 continue;
422                 } else if (length <= 0) {
423                         if (server->tcpStatus == CifsNew) {
424                                 cFYI(1, ("tcp session abend after SMBnegprot"));
425                                 /* some servers kill the TCP session rather than
426                                    returning an SMB negprot error, in which
427                                    case reconnecting here is not going to help,
428                                    and so simply return error to mount */
429                                 break;
430                         }
431                         if (!try_to_freeze() && (length == -EINTR)) {
432                                 cFYI(1, ("cifsd thread killed"));
433                                 break;
434                         }
435                         cFYI(1, ("Reconnect after unexpected peek error %d",
436                                 length));
437                         cifs_reconnect(server);
438                         csocket = server->ssocket;
439                         wake_up(&server->response_q);
440                         continue;
441                 } else if (length < 4) {
442                         cFYI(1, ("less than four bytes received (%d bytes)",
443                               length));
444                         pdu_length -= length;
445                         msleep(1);
446                         goto incomplete_rcv;
447                 }
448
449                 /* The right amount was read from socket - 4 bytes */
450                 /* so we can now interpret the length field */
451
452                 /* the first byte big endian of the length field,
453                 is actually not part of the length but the type
454                 with the most common, zero, as regular data */
455                 temp = *((char *) smb_buffer);
456
457                 /* Note that FC 1001 length is big endian on the wire,
458                 but we convert it here so it is always manipulated
459                 as host byte order */
460                 pdu_length = ntohl(smb_buffer->smb_buf_length);
461                 smb_buffer->smb_buf_length = pdu_length;
462
463                 cFYI(1, ("rfc1002 length 0x%x", pdu_length+4));
464
465                 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
466                         continue;
467                 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
468                         cFYI(1, ("Good RFC 1002 session rsp"));
469                         continue;
470                 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
471                         /* we get this from Windows 98 instead of
472                            an error on SMB negprot response */
473                         cFYI(1, ("Negative RFC1002 Session Response Error 0x%x)",
474                                 pdu_length));
475                         if (server->tcpStatus == CifsNew) {
476                                 /* if nack on negprot (rather than
477                                 ret of smb negprot error) reconnecting
478                                 not going to help, ret error to mount */
479                                 break;
480                         } else {
481                                 /* give server a second to
482                                 clean up before reconnect attempt */
483                                 msleep(1000);
484                                 /* always try 445 first on reconnect
485                                 since we get NACK on some if we ever
486                                 connected to port 139 (the NACK is
487                                 since we do not begin with RFC1001
488                                 session initialize frame) */
489                                 server->addr.sockAddr.sin_port =
490                                         htons(CIFS_PORT);
491                                 cifs_reconnect(server);
492                                 csocket = server->ssocket;
493                                 wake_up(&server->response_q);
494                                 continue;
495                         }
496                 } else if (temp != (char) 0) {
497                         cERROR(1, ("Unknown RFC 1002 frame"));
498                         cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
499                                       length);
500                         cifs_reconnect(server);
501                         csocket = server->ssocket;
502                         continue;
503                 }
504
505                 /* else we have an SMB response */
506                 if ((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
507                             (pdu_length < sizeof(struct smb_hdr) - 1 - 4)) {
508                         cERROR(1, ("Invalid size SMB length %d pdu_length %d",
509                                         length, pdu_length+4));
510                         cifs_reconnect(server);
511                         csocket = server->ssocket;
512                         wake_up(&server->response_q);
513                         continue;
514                 }
515
516                 /* else length ok */
517                 reconnect = 0;
518
519                 if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
520                         isLargeBuf = TRUE;
521                         memcpy(bigbuf, smallbuf, 4);
522                         smb_buffer = bigbuf;
523                 }
524                 length = 0;
525                 iov.iov_base = 4 + (char *)smb_buffer;
526                 iov.iov_len = pdu_length;
527                 for (total_read = 0; total_read < pdu_length;
528                      total_read += length) {
529                         length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
530                                                 pdu_length - total_read, 0);
531                         if (kthread_should_stop() ||
532                             (length == -EINTR)) {
533                                 /* then will exit */
534                                 reconnect = 2;
535                                 break;
536                         } else if (server->tcpStatus == CifsNeedReconnect) {
537                                 cifs_reconnect(server);
538                                 csocket = server->ssocket;
539                                 /* Reconnect wakes up rspns q */
540                                 /* Now we will reread sock */
541                                 reconnect = 1;
542                                 break;
543                         } else if ((length == -ERESTARTSYS) ||
544                                    (length == -EAGAIN)) {
545                                 msleep(1); /* minimum sleep to prevent looping,
546                                               allowing socket to clear and app
547                                               threads to set tcpStatus
548                                               CifsNeedReconnect if server hung*/
549                                 length = 0;
550                                 continue;
551                         } else if (length <= 0) {
552                                 cERROR(1, ("Received no data, expecting %d",
553                                               pdu_length - total_read));
554                                 cifs_reconnect(server);
555                                 csocket = server->ssocket;
556                                 reconnect = 1;
557                                 break;
558                         }
559                 }
560                 if (reconnect == 2)
561                         break;
562                 else if (reconnect == 1)
563                         continue;
564
565                 length += 4; /* account for rfc1002 hdr */
566
567
568                 dump_smb(smb_buffer, length);
569                 if (checkSMB(smb_buffer, smb_buffer->Mid, total_read+4)) {
570                         cifs_dump_mem("Bad SMB: ", smb_buffer, 48);
571                         continue;
572                 }
573
574
575                 task_to_wake = NULL;
576                 spin_lock(&GlobalMid_Lock);
577                 list_for_each(tmp, &server->pending_mid_q) {
578                         mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
579
580                         if ((mid_entry->mid == smb_buffer->Mid) &&
581                             (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
582                             (mid_entry->command == smb_buffer->Command)) {
583                                 if (check2ndT2(smb_buffer,server->maxBuf) > 0) {
584                                         /* We have a multipart transact2 resp */
585                                         isMultiRsp = TRUE;
586                                         if (mid_entry->resp_buf) {
587                                                 /* merge response - fix up 1st*/
588                                                 if (coalesce_t2(smb_buffer,
589                                                         mid_entry->resp_buf)) {
590                                                         mid_entry->multiRsp = 1;
591                                                         break;
592                                                 } else {
593                                                         /* all parts received */
594                                                         mid_entry->multiEnd = 1;
595                                                         goto multi_t2_fnd;
596                                                 }
597                                         } else {
598                                                 if (!isLargeBuf) {
599                                                         cERROR(1,("1st trans2 resp needs bigbuf"));
600                                         /* BB maybe we can fix this up,  switch
601                                            to already allocated large buffer? */
602                                                 } else {
603                                                         /* Have first buffer */
604                                                         mid_entry->resp_buf =
605                                                                  smb_buffer;
606                                                         mid_entry->largeBuf = 1;
607                                                         bigbuf = NULL;
608                                                 }
609                                         }
610                                         break;
611                                 }
612                                 mid_entry->resp_buf = smb_buffer;
613                                 if (isLargeBuf)
614                                         mid_entry->largeBuf = 1;
615                                 else
616                                         mid_entry->largeBuf = 0;
617 multi_t2_fnd:
618                                 task_to_wake = mid_entry->tsk;
619                                 mid_entry->midState = MID_RESPONSE_RECEIVED;
620 #ifdef CONFIG_CIFS_STATS2
621                                 mid_entry->when_received = jiffies;
622 #endif
623                                 /* so we do not time out requests to  server
624                                 which is still responding (since server could
625                                 be busy but not dead) */
626                                 server->lstrp = jiffies;
627                                 break;
628                         }
629                 }
630                 spin_unlock(&GlobalMid_Lock);
631                 if (task_to_wake) {
632                         /* Was previous buf put in mpx struct for multi-rsp? */
633                         if (!isMultiRsp) {
634                                 /* smb buffer will be freed by user thread */
635                                 if (isLargeBuf)
636                                         bigbuf = NULL;
637                                 else
638                                         smallbuf = NULL;
639                         }
640                         wake_up_process(task_to_wake);
641                 } else if ((is_valid_oplock_break(smb_buffer, server) == FALSE)
642                     && (isMultiRsp == FALSE)) {
643                         cERROR(1, ("No task to wake, unknown frame received! "
644                                    "NumMids %d", midCount.counter));
645                         cifs_dump_mem("Received Data is: ", (char *)smb_buffer,
646                                       sizeof(struct smb_hdr));
647 #ifdef CONFIG_CIFS_DEBUG2
648                         cifs_dump_detail(smb_buffer);
649                         cifs_dump_mids(server);
650 #endif /* CIFS_DEBUG2 */
651
652                 }
653         } /* end while !EXITING */
654
655         spin_lock(&GlobalMid_Lock);
656         server->tcpStatus = CifsExiting;
657         server->tsk = NULL;
658         /* check if we have blocked requests that need to free */
659         /* Note that cifs_max_pending is normally 50, but
660         can be set at module install time to as little as two */
661         if (atomic_read(&server->inFlight) >= cifs_max_pending)
662                 atomic_set(&server->inFlight, cifs_max_pending - 1);
663         /* We do not want to set the max_pending too low or we
664         could end up with the counter going negative */
665         spin_unlock(&GlobalMid_Lock);
666         /* Although there should not be any requests blocked on
667         this queue it can not hurt to be paranoid and try to wake up requests
668         that may haven been blocked when more than 50 at time were on the wire
669         to the same server - they now will see the session is in exit state
670         and get out of SendReceive.  */
671         wake_up_all(&server->request_q);
672         /* give those requests time to exit */
673         msleep(125);
674
675         if (server->ssocket) {
676                 sock_release(csocket);
677                 server->ssocket = NULL;
678         }
679         /* buffer usuallly freed in free_mid - need to free it here on exit */
680         cifs_buf_release(bigbuf);
681         if (smallbuf) /* no sense logging a debug message if NULL */
682                 cifs_small_buf_release(smallbuf);
683
684         read_lock(&GlobalSMBSeslock);
685         if (list_empty(&server->pending_mid_q)) {
686                 /* loop through server session structures attached to this and
687                     mark them dead */
688                 list_for_each(tmp, &GlobalSMBSessionList) {
689                         ses =
690                             list_entry(tmp, struct cifsSesInfo,
691                                        cifsSessionList);
692                         if (ses->server == server) {
693                                 ses->status = CifsExiting;
694                                 ses->server = NULL;
695                         }
696                 }
697                 read_unlock(&GlobalSMBSeslock);
698         } else {
699                 /* although we can not zero the server struct pointer yet,
700                 since there are active requests which may depnd on them,
701                 mark the corresponding SMB sessions as exiting too */
702                 list_for_each(tmp, &GlobalSMBSessionList) {
703                         ses = list_entry(tmp, struct cifsSesInfo,
704                                          cifsSessionList);
705                         if (ses->server == server)
706                                 ses->status = CifsExiting;
707                 }
708
709                 spin_lock(&GlobalMid_Lock);
710                 list_for_each(tmp, &server->pending_mid_q) {
711                 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
712                         if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
713                                 cFYI(1, ("Clearing Mid 0x%x - waking up ",
714                                          mid_entry->mid));
715                                 task_to_wake = mid_entry->tsk;
716                                 if (task_to_wake)
717                                         wake_up_process(task_to_wake);
718                         }
719                 }
720                 spin_unlock(&GlobalMid_Lock);
721                 read_unlock(&GlobalSMBSeslock);
722                 /* 1/8th of sec is more than enough time for them to exit */
723                 msleep(125);
724         }
725
726         if (!list_empty(&server->pending_mid_q)) {
727                 /* mpx threads have not exited yet give them
728                 at least the smb send timeout time for long ops */
729                 /* due to delays on oplock break requests, we need
730                 to wait at least 45 seconds before giving up
731                 on a request getting a response and going ahead
732                 and killing cifsd */
733                 cFYI(1, ("Wait for exit from demultiplex thread"));
734                 msleep(46000);
735                 /* if threads still have not exited they are probably never
736                 coming home not much else we can do but free the memory */
737         }
738
739         write_lock(&GlobalSMBSeslock);
740         atomic_dec(&tcpSesAllocCount);
741         length = tcpSesAllocCount.counter;
742
743         /* last chance to mark ses pointers invalid
744         if there are any pointing to this (e.g
745         if a crazy root user tried to kill cifsd
746         kernel thread explicitly this might happen) */
747         list_for_each(tmp, &GlobalSMBSessionList) {
748                 ses = list_entry(tmp, struct cifsSesInfo,
749                                 cifsSessionList);
750                 if (ses->server == server)
751                         ses->server = NULL;
752         }
753         write_unlock(&GlobalSMBSeslock);
754
755         kfree(server);
756         if (length  > 0)
757                 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
758                                 GFP_KERNEL);
759
760         return 0;
761 }
762
763 static int
764 cifs_parse_mount_options(char *options, const char *devname,
765                          struct smb_vol *vol)
766 {
767         char *value;
768         char *data;
769         unsigned int  temp_len, i, j;
770         char separator[2];
771
772         separator[0] = ',';
773         separator[1] = 0;
774
775         if (Local_System_Name[0] != 0)
776                 memcpy(vol->source_rfc1001_name, Local_System_Name, 15);
777         else {
778                 char *nodename = utsname()->nodename;
779                 int n = strnlen(nodename, 15);
780                 memset(vol->source_rfc1001_name, 0x20, 15);
781                 for (i = 0; i < n; i++) {
782                         /* does not have to be perfect mapping since field is
783                         informational, only used for servers that do not support
784                         port 445 and it can be overridden at mount time */
785                         vol->source_rfc1001_name[i] = toupper(nodename[i]);
786                 }
787         }
788         vol->source_rfc1001_name[15] = 0;
789         /* null target name indicates to use *SMBSERVR default called name
790            if we end up sending RFC1001 session initialize */
791         vol->target_rfc1001_name[0] = 0;
792         vol->linux_uid = current->uid;  /* current->euid instead? */
793         vol->linux_gid = current->gid;
794         vol->dir_mode = S_IRWXUGO;
795         /* 2767 perms indicate mandatory locking support */
796         vol->file_mode = (S_IRWXUGO | S_ISGID) & (~S_IXGRP);
797
798         /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
799         vol->rw = TRUE;
800         /* default is always to request posix paths. */
801         vol->posix_paths = 1;
802
803         if (!options)
804                 return 1;
805
806         if (strncmp(options, "sep=", 4) == 0) {
807                 if (options[4] != 0) {
808                         separator[0] = options[4];
809                         options += 5;
810                 } else {
811                         cFYI(1, ("Null separator not allowed"));
812                 }
813         }
814
815         while ((data = strsep(&options, separator)) != NULL) {
816                 if (!*data)
817                         continue;
818                 if ((value = strchr(data, '=')) != NULL)
819                         *value++ = '\0';
820
821                 /* Have to parse this before we parse for "user" */
822                 if (strnicmp(data, "user_xattr", 10) == 0) {
823                         vol->no_xattr = 0;
824                 } else if (strnicmp(data, "nouser_xattr", 12) == 0) {
825                         vol->no_xattr = 1;
826                 } else if (strnicmp(data, "user", 4) == 0) {
827                         if (!value) {
828                                 printk(KERN_WARNING
829                                        "CIFS: invalid or missing username\n");
830                                 return 1;       /* needs_arg; */
831                         } else if (!*value) {
832                                 /* null user, ie anonymous, authentication */
833                                 vol->nullauth = 1;
834                         }
835                         if (strnlen(value, 200) < 200) {
836                                 vol->username = value;
837                         } else {
838                                 printk(KERN_WARNING "CIFS: username too long\n");
839                                 return 1;
840                         }
841                 } else if (strnicmp(data, "pass", 4) == 0) {
842                         if (!value) {
843                                 vol->password = NULL;
844                                 continue;
845                         } else if (value[0] == 0) {
846                                 /* check if string begins with double comma
847                                    since that would mean the password really
848                                    does start with a comma, and would not
849                                    indicate an empty string */
850                                 if (value[1] != separator[0]) {
851                                         vol->password = NULL;
852                                         continue;
853                                 }
854                         }
855                         temp_len = strlen(value);
856                         /* removed password length check, NTLM passwords
857                                 can be arbitrarily long */
858
859                         /* if comma in password, the string will be
860                         prematurely null terminated.  Commas in password are
861                         specified across the cifs mount interface by a double
862                         comma ie ,, and a comma used as in other cases ie ','
863                         as a parameter delimiter/separator is single and due
864                         to the strsep above is temporarily zeroed. */
865
866                         /* NB: password legally can have multiple commas and
867                         the only illegal character in a password is null */
868
869                         if ((value[temp_len] == 0) &&
870                             (value[temp_len+1] == separator[0])) {
871                                 /* reinsert comma */
872                                 value[temp_len] = separator[0];
873                                 temp_len += 2;  /* move after second comma */
874                                 while (value[temp_len] != 0)  {
875                                         if (value[temp_len] == separator[0]) {
876                                                 if (value[temp_len+1] ==
877                                                      separator[0]) {
878                                                 /* skip second comma */
879                                                         temp_len++;
880                                                 } else {
881                                                 /* single comma indicating start
882                                                          of next parm */
883                                                         break;
884                                                 }
885                                         }
886                                         temp_len++;
887                                 }
888                                 if (value[temp_len] == 0) {
889                                         options = NULL;
890                                 } else {
891                                         value[temp_len] = 0;
892                                         /* point option to start of next parm */
893                                         options = value + temp_len + 1;
894                                 }
895                                 /* go from value to value + temp_len condensing
896                                 double commas to singles. Note that this ends up
897                                 allocating a few bytes too many, which is ok */
898                                 vol->password = kzalloc(temp_len, GFP_KERNEL);
899                                 if (vol->password == NULL) {
900                                         printk(KERN_WARNING "CIFS: no memory "
901                                                             "for password\n");
902                                         return 1;
903                                 }
904                                 for (i = 0, j = 0; i < temp_len; i++, j++) {
905                                         vol->password[j] = value[i];
906                                         if (value[i] == separator[0]
907                                                 && value[i+1] == separator[0]) {
908                                                 /* skip second comma */
909                                                 i++;
910                                         }
911                                 }
912                                 vol->password[j] = 0;
913                         } else {
914                                 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
915                                 if (vol->password == NULL) {
916                                         printk(KERN_WARNING "CIFS: no memory "
917                                                             "for password\n");
918                                         return 1;
919                                 }
920                                 strcpy(vol->password, value);
921                         }
922                 } else if (strnicmp(data, "ip", 2) == 0) {
923                         if (!value || !*value) {
924                                 vol->UNCip = NULL;
925                         } else if (strnlen(value, 35) < 35) {
926                                 vol->UNCip = value;
927                         } else {
928                                 printk(KERN_WARNING "CIFS: ip address "
929                                                     "too long\n");
930                                 return 1;
931                         }
932                 } else if (strnicmp(data, "sec", 3) == 0) {
933                         if (!value || !*value) {
934                                 cERROR(1, ("no security value specified"));
935                                 continue;
936                         } else if (strnicmp(value, "krb5i", 5) == 0) {
937                                 vol->secFlg |= CIFSSEC_MAY_KRB5 |
938                                         CIFSSEC_MUST_SIGN;
939                         } else if (strnicmp(value, "krb5p", 5) == 0) {
940                                 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
941                                         CIFSSEC_MAY_KRB5; */
942                                 cERROR(1, ("Krb5 cifs privacy not supported"));
943                                 return 1;
944                         } else if (strnicmp(value, "krb5", 4) == 0) {
945                                 vol->secFlg |= CIFSSEC_MAY_KRB5;
946                         } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
947                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
948                                         CIFSSEC_MUST_SIGN;
949                         } else if (strnicmp(value, "ntlmv2", 6) == 0) {
950                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
951                         } else if (strnicmp(value, "ntlmi", 5) == 0) {
952                                 vol->secFlg |= CIFSSEC_MAY_NTLM |
953                                         CIFSSEC_MUST_SIGN;
954                         } else if (strnicmp(value, "ntlm", 4) == 0) {
955                                 /* ntlm is default so can be turned off too */
956                                 vol->secFlg |= CIFSSEC_MAY_NTLM;
957                         } else if (strnicmp(value, "nontlm", 6) == 0) {
958                                 /* BB is there a better way to do this? */
959                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
960 #ifdef CONFIG_CIFS_WEAK_PW_HASH
961                         } else if (strnicmp(value, "lanman", 6) == 0) {
962                                 vol->secFlg |= CIFSSEC_MAY_LANMAN;
963 #endif
964                         } else if (strnicmp(value, "none", 4) == 0) {
965                                 vol->nullauth = 1;
966                         } else {
967                                 cERROR(1, ("bad security option: %s", value));
968                                 return 1;
969                         }
970                 } else if ((strnicmp(data, "unc", 3) == 0)
971                            || (strnicmp(data, "target", 6) == 0)
972                            || (strnicmp(data, "path", 4) == 0)) {
973                         if (!value || !*value) {
974                                 printk(KERN_WARNING "CIFS: invalid path to "
975                                                     "network resource\n");
976                                 return 1;       /* needs_arg; */
977                         }
978                         if ((temp_len = strnlen(value, 300)) < 300) {
979                                 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
980                                 if (vol->UNC == NULL)
981                                         return 1;
982                                 strcpy(vol->UNC, value);
983                                 if (strncmp(vol->UNC, "//", 2) == 0) {
984                                         vol->UNC[0] = '\\';
985                                         vol->UNC[1] = '\\';
986                                 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
987                                         printk(KERN_WARNING
988                                                "CIFS: UNC Path does not begin "
989                                                "with // or \\\\ \n");
990                                         return 1;
991                                 }
992                         } else {
993                                 printk(KERN_WARNING "CIFS: UNC name too long\n");
994                                 return 1;
995                         }
996                 } else if ((strnicmp(data, "domain", 3) == 0)
997                            || (strnicmp(data, "workgroup", 5) == 0)) {
998                         if (!value || !*value) {
999                                 printk(KERN_WARNING "CIFS: invalid domain name\n");
1000                                 return 1;       /* needs_arg; */
1001                         }
1002                         /* BB are there cases in which a comma can be valid in
1003                         a domain name and need special handling? */
1004                         if (strnlen(value, 256) < 256) {
1005                                 vol->domainname = value;
1006                                 cFYI(1, ("Domain name set"));
1007                         } else {
1008                                 printk(KERN_WARNING "CIFS: domain name too "
1009                                                     "long\n");
1010                                 return 1;
1011                         }
1012                 } else if (strnicmp(data, "prefixpath", 10) == 0) {
1013                         if (!value || !*value) {
1014                                 printk(KERN_WARNING
1015                                         "CIFS: invalid path prefix\n");
1016                                 return 1;       /* needs_argument */
1017                         }
1018                         if ((temp_len = strnlen(value, 1024)) < 1024) {
1019                                 if (value[0] != '/')
1020                                         temp_len++;  /* missing leading slash */
1021                                 vol->prepath = kmalloc(temp_len+1, GFP_KERNEL);
1022                                 if (vol->prepath == NULL)
1023                                         return 1;
1024                                 if (value[0] != '/') {
1025                                         vol->prepath[0] = '/';
1026                                         strcpy(vol->prepath+1, value);
1027                                 } else
1028                                         strcpy(vol->prepath, value);
1029                                 cFYI(1, ("prefix path %s", vol->prepath));
1030                         } else {
1031                                 printk(KERN_WARNING "CIFS: prefix too long\n");
1032                                 return 1;
1033                         }
1034                 } else if (strnicmp(data, "iocharset", 9) == 0) {
1035                         if (!value || !*value) {
1036                                 printk(KERN_WARNING "CIFS: invalid iocharset "
1037                                                     "specified\n");
1038                                 return 1;       /* needs_arg; */
1039                         }
1040                         if (strnlen(value, 65) < 65) {
1041                                 if (strnicmp(value, "default", 7))
1042                                         vol->iocharset = value;
1043                                 /* if iocharset not set then load_nls_default
1044                                    is used by caller */
1045                                 cFYI(1, ("iocharset set to %s", value));
1046                         } else {
1047                                 printk(KERN_WARNING "CIFS: iocharset name "
1048                                                     "too long.\n");
1049                                 return 1;
1050                         }
1051                 } else if (strnicmp(data, "uid", 3) == 0) {
1052                         if (value && *value) {
1053                                 vol->linux_uid =
1054                                         simple_strtoul(value, &value, 0);
1055                                 vol->override_uid = 1;
1056                         }
1057                 } else if (strnicmp(data, "gid", 3) == 0) {
1058                         if (value && *value) {
1059                                 vol->linux_gid =
1060                                         simple_strtoul(value, &value, 0);
1061                                 vol->override_gid = 1;
1062                         }
1063                 } else if (strnicmp(data, "file_mode", 4) == 0) {
1064                         if (value && *value) {
1065                                 vol->file_mode =
1066                                         simple_strtoul(value, &value, 0);
1067                         }
1068                 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1069                         if (value && *value) {
1070                                 vol->dir_mode =
1071                                         simple_strtoul(value, &value, 0);
1072                         }
1073                 } else if (strnicmp(data, "dirmode", 4) == 0) {
1074                         if (value && *value) {
1075                                 vol->dir_mode =
1076                                         simple_strtoul(value, &value, 0);
1077                         }
1078                 } else if (strnicmp(data, "port", 4) == 0) {
1079                         if (value && *value) {
1080                                 vol->port =
1081                                         simple_strtoul(value, &value, 0);
1082                         }
1083                 } else if (strnicmp(data, "rsize", 5) == 0) {
1084                         if (value && *value) {
1085                                 vol->rsize =
1086                                         simple_strtoul(value, &value, 0);
1087                         }
1088                 } else if (strnicmp(data, "wsize", 5) == 0) {
1089                         if (value && *value) {
1090                                 vol->wsize =
1091                                         simple_strtoul(value, &value, 0);
1092                         }
1093                 } else if (strnicmp(data, "sockopt", 5) == 0) {
1094                         if (value && *value) {
1095                                 vol->sockopt =
1096                                         simple_strtoul(value, &value, 0);
1097                         }
1098                 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1099                         if (!value || !*value || (*value == ' ')) {
1100                                 cFYI(1, ("invalid (empty) netbiosname"));
1101                         } else {
1102                                 memset(vol->source_rfc1001_name, 0x20, 15);
1103                                 for (i = 0; i < 15; i++) {
1104                                 /* BB are there cases in which a comma can be
1105                                 valid in this workstation netbios name (and need
1106                                 special handling)? */
1107
1108                                 /* We do not uppercase netbiosname for user */
1109                                         if (value[i] == 0)
1110                                                 break;
1111                                         else
1112                                                 vol->source_rfc1001_name[i] =
1113                                                                 value[i];
1114                                 }
1115                                 /* The string has 16th byte zero still from
1116                                 set at top of the function  */
1117                                 if ((i == 15) && (value[i] != 0))
1118                                         printk(KERN_WARNING "CIFS: netbiosname"
1119                                                 " longer than 15 truncated.\n");
1120                         }
1121                 } else if (strnicmp(data, "servern", 7) == 0) {
1122                         /* servernetbiosname specified override *SMBSERVER */
1123                         if (!value || !*value || (*value == ' ')) {
1124                                 cFYI(1, ("empty server netbiosname specified"));
1125                         } else {
1126                                 /* last byte, type, is 0x20 for servr type */
1127                                 memset(vol->target_rfc1001_name, 0x20, 16);
1128
1129                                 for (i = 0; i < 15; i++) {
1130                                 /* BB are there cases in which a comma can be
1131                                    valid in this workstation netbios name
1132                                    (and need special handling)? */
1133
1134                                 /* user or mount helper must uppercase
1135                                    the netbiosname */
1136                                         if (value[i] == 0)
1137                                                 break;
1138                                         else
1139                                                 vol->target_rfc1001_name[i] =
1140                                                                 value[i];
1141                                 }
1142                                 /* The string has 16th byte zero still from
1143                                    set at top of the function  */
1144                                 if ((i == 15) && (value[i] != 0))
1145                                         printk(KERN_WARNING "CIFS: server net"
1146                                         "biosname longer than 15 truncated.\n");
1147                         }
1148                 } else if (strnicmp(data, "credentials", 4) == 0) {
1149                         /* ignore */
1150                 } else if (strnicmp(data, "version", 3) == 0) {
1151                         /* ignore */
1152                 } else if (strnicmp(data, "guest", 5) == 0) {
1153                         /* ignore */
1154                 } else if (strnicmp(data, "rw", 2) == 0) {
1155                         vol->rw = TRUE;
1156                 } else if ((strnicmp(data, "suid", 4) == 0) ||
1157                                    (strnicmp(data, "nosuid", 6) == 0) ||
1158                                    (strnicmp(data, "exec", 4) == 0) ||
1159                                    (strnicmp(data, "noexec", 6) == 0) ||
1160                                    (strnicmp(data, "nodev", 5) == 0) ||
1161                                    (strnicmp(data, "noauto", 6) == 0) ||
1162                                    (strnicmp(data, "dev", 3) == 0)) {
1163                         /*  The mount tool or mount.cifs helper (if present)
1164                             uses these opts to set flags, and the flags are read
1165                             by the kernel vfs layer before we get here (ie
1166                             before read super) so there is no point trying to
1167                             parse these options again and set anything and it
1168                             is ok to just ignore them */
1169                         continue;
1170                 } else if (strnicmp(data, "ro", 2) == 0) {
1171                         vol->rw = FALSE;
1172                 } else if (strnicmp(data, "hard", 4) == 0) {
1173                         vol->retry = 1;
1174                 } else if (strnicmp(data, "soft", 4) == 0) {
1175                         vol->retry = 0;
1176                 } else if (strnicmp(data, "perm", 4) == 0) {
1177                         vol->noperm = 0;
1178                 } else if (strnicmp(data, "noperm", 6) == 0) {
1179                         vol->noperm = 1;
1180                 } else if (strnicmp(data, "mapchars", 8) == 0) {
1181                         vol->remap = 1;
1182                 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1183                         vol->remap = 0;
1184                 } else if (strnicmp(data, "sfu", 3) == 0) {
1185                         vol->sfu_emul = 1;
1186                 } else if (strnicmp(data, "nosfu", 5) == 0) {
1187                         vol->sfu_emul = 0;
1188                 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1189                         vol->posix_paths = 1;
1190                 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1191                         vol->posix_paths = 0;
1192                 } else if (strnicmp(data, "nounix", 6) == 0) {
1193                         vol->no_linux_ext = 1;
1194                 } else if (strnicmp(data, "nolinux", 7) == 0) {
1195                         vol->no_linux_ext = 1;
1196                 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1197                            (strnicmp(data, "ignorecase", 10)  == 0)) {
1198                         vol->nocase = 1;
1199                 } else if (strnicmp(data, "brl", 3) == 0) {
1200                         vol->nobrl =  0;
1201                 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1202                            (strnicmp(data, "nolock", 6) == 0)) {
1203                         vol->nobrl =  1;
1204                         /* turn off mandatory locking in mode
1205                         if remote locking is turned off since the
1206                         local vfs will do advisory */
1207                         if (vol->file_mode ==
1208                                 (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1209                                 vol->file_mode = S_IALLUGO;
1210                 } else if (strnicmp(data, "setuids", 7) == 0) {
1211                         vol->setuids = 1;
1212                 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1213                         vol->setuids = 0;
1214                 } else if (strnicmp(data, "nohard", 6) == 0) {
1215                         vol->retry = 0;
1216                 } else if (strnicmp(data, "nosoft", 6) == 0) {
1217                         vol->retry = 1;
1218                 } else if (strnicmp(data, "nointr", 6) == 0) {
1219                         vol->intr = 0;
1220                 } else if (strnicmp(data, "intr", 4) == 0) {
1221                         vol->intr = 1;
1222                 } else if (strnicmp(data, "serverino", 7) == 0) {
1223                         vol->server_ino = 1;
1224                 } else if (strnicmp(data, "noserverino", 9) == 0) {
1225                         vol->server_ino = 0;
1226                 } else if (strnicmp(data, "cifsacl", 7) == 0) {
1227                         vol->cifs_acl = 1;
1228                 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1229                         vol->cifs_acl = 0;
1230                 } else if (strnicmp(data, "acl", 3) == 0) {
1231                         vol->no_psx_acl = 0;
1232                 } else if (strnicmp(data, "noacl", 5) == 0) {
1233                         vol->no_psx_acl = 1;
1234                 } else if (strnicmp(data, "sign", 4) == 0) {
1235                         vol->secFlg |= CIFSSEC_MUST_SIGN;
1236 /*              } else if (strnicmp(data, "seal",4) == 0) {
1237                         vol->secFlg |= CIFSSEC_MUST_SEAL; */
1238                 } else if (strnicmp(data, "direct", 6) == 0) {
1239                         vol->direct_io = 1;
1240                 } else if (strnicmp(data, "forcedirectio", 13) == 0) {
1241                         vol->direct_io = 1;
1242                 } else if (strnicmp(data, "in6_addr", 8) == 0) {
1243                         if (!value || !*value) {
1244                                 vol->in6_addr = NULL;
1245                         } else if (strnlen(value, 49) == 48) {
1246                                 vol->in6_addr = value;
1247                         } else {
1248                                 printk(KERN_WARNING "CIFS: ip v6 address not "
1249                                                     "48 characters long\n");
1250                                 return 1;
1251                         }
1252                 } else if (strnicmp(data, "noac", 4) == 0) {
1253                         printk(KERN_WARNING "CIFS: Mount option noac not "
1254                                 "supported. Instead set "
1255                                 "/proc/fs/cifs/LookupCacheEnabled to 0\n");
1256                 } else
1257                         printk(KERN_WARNING "CIFS: Unknown mount option %s\n",
1258                                                 data);
1259         }
1260         if (vol->UNC == NULL) {
1261                 if (devname == NULL) {
1262                         printk(KERN_WARNING "CIFS: Missing UNC name for mount "
1263                                                 "target\n");
1264                         return 1;
1265                 }
1266                 if ((temp_len = strnlen(devname, 300)) < 300) {
1267                         vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1268                         if (vol->UNC == NULL)
1269                                 return 1;
1270                         strcpy(vol->UNC, devname);
1271                         if (strncmp(vol->UNC, "//", 2) == 0) {
1272                                 vol->UNC[0] = '\\';
1273                                 vol->UNC[1] = '\\';
1274                         } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1275                                 printk(KERN_WARNING "CIFS: UNC Path does not "
1276                                                     "begin with // or \\\\ \n");
1277                                 return 1;
1278                         }
1279                 } else {
1280                         printk(KERN_WARNING "CIFS: UNC name too long\n");
1281                         return 1;
1282                 }
1283         }
1284         if (vol->UNCip == NULL)
1285                 vol->UNCip = &vol->UNC[2];
1286
1287         return 0;
1288 }
1289
1290 static struct cifsSesInfo *
1291 cifs_find_tcp_session(struct in_addr *target_ip_addr,
1292                 struct in6_addr *target_ip6_addr,
1293                  char *userName, struct TCP_Server_Info **psrvTcp)
1294 {
1295         struct list_head *tmp;
1296         struct cifsSesInfo *ses;
1297         *psrvTcp = NULL;
1298         read_lock(&GlobalSMBSeslock);
1299
1300         list_for_each(tmp, &GlobalSMBSessionList) {
1301                 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
1302                 if (ses->server) {
1303                         if ((target_ip_addr &&
1304                                 (ses->server->addr.sockAddr.sin_addr.s_addr
1305                                   == target_ip_addr->s_addr)) || (target_ip6_addr
1306                                 && memcmp(&ses->server->addr.sockAddr6.sin6_addr,
1307                                         target_ip6_addr, sizeof(*target_ip6_addr)))) {
1308                                 /* BB lock server and tcp session and increment
1309                                       use count here?? */
1310
1311                                 /* found a match on the TCP session */
1312                                 *psrvTcp = ses->server;
1313
1314                                 /* BB check if reconnection needed */
1315                                 if (strncmp
1316                                     (ses->userName, userName,
1317                                      MAX_USERNAME_SIZE) == 0){
1318                                         read_unlock(&GlobalSMBSeslock);
1319                                         /* Found exact match on both TCP and
1320                                            SMB sessions */
1321                                         return ses;
1322                                 }
1323                         }
1324                 }
1325                 /* else tcp and smb sessions need reconnection */
1326         }
1327         read_unlock(&GlobalSMBSeslock);
1328         return NULL;
1329 }
1330
1331 static struct cifsTconInfo *
1332 find_unc(__be32 new_target_ip_addr, char *uncName, char *userName)
1333 {
1334         struct list_head *tmp;
1335         struct cifsTconInfo *tcon;
1336
1337         read_lock(&GlobalSMBSeslock);
1338         list_for_each(tmp, &GlobalTreeConnectionList) {
1339                 cFYI(1, ("Next tcon"));
1340                 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
1341                 if (tcon->ses) {
1342                         if (tcon->ses->server) {
1343                                 cFYI(1,
1344                                      ("old ip addr: %x == new ip %x ?",
1345                                       tcon->ses->server->addr.sockAddr.sin_addr.
1346                                       s_addr, new_target_ip_addr));
1347                                 if (tcon->ses->server->addr.sockAddr.sin_addr.
1348                                     s_addr == new_target_ip_addr) {
1349         /* BB lock tcon, server and tcp session and increment use count here? */
1350                                         /* found a match on the TCP session */
1351                                         /* BB check if reconnection needed */
1352                                         cFYI(1,
1353                                               ("IP match, old UNC: %s new: %s",
1354                                               tcon->treeName, uncName));
1355                                         if (strncmp
1356                                             (tcon->treeName, uncName,
1357                                              MAX_TREE_SIZE) == 0) {
1358                                                 cFYI(1,
1359                                                      ("and old usr: %s new: %s",
1360                                                       tcon->treeName, uncName));
1361                                                 if (strncmp
1362                                                     (tcon->ses->userName,
1363                                                      userName,
1364                                                      MAX_USERNAME_SIZE) == 0) {
1365                                                         read_unlock(&GlobalSMBSeslock);
1366                                                         /* matched smb session
1367                                                         (user name */
1368                                                         return tcon;
1369                                                 }
1370                                         }
1371                                 }
1372                         }
1373                 }
1374         }
1375         read_unlock(&GlobalSMBSeslock);
1376         return NULL;
1377 }
1378
1379 int
1380 connect_to_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
1381                     const char *old_path, const struct nls_table *nls_codepage,
1382                     int remap)
1383 {
1384         unsigned char *referrals = NULL;
1385         unsigned int num_referrals;
1386         int rc = 0;
1387
1388         rc = get_dfs_path(xid, pSesInfo, old_path, nls_codepage,
1389                         &num_referrals, &referrals, remap);
1390
1391         /* BB Add in code to: if valid refrl, if not ip address contact
1392                 the helper that resolves tcp names, mount to it, try to
1393                 tcon to it unmount it if fail */
1394
1395         kfree(referrals);
1396
1397         return rc;
1398 }
1399
1400 int
1401 get_dfs_path(int xid, struct cifsSesInfo *pSesInfo, const char *old_path,
1402              const struct nls_table *nls_codepage, unsigned int *pnum_referrals,
1403              unsigned char **preferrals, int remap)
1404 {
1405         char *temp_unc;
1406         int rc = 0;
1407
1408         *pnum_referrals = 0;
1409
1410         if (pSesInfo->ipc_tid == 0) {
1411                 temp_unc = kmalloc(2 /* for slashes */ +
1412                         strnlen(pSesInfo->serverName,
1413                                 SERVER_NAME_LEN_WITH_NULL * 2)
1414                                  + 1 + 4 /* slash IPC$ */  + 2,
1415                                 GFP_KERNEL);
1416                 if (temp_unc == NULL)
1417                         return -ENOMEM;
1418                 temp_unc[0] = '\\';
1419                 temp_unc[1] = '\\';
1420                 strcpy(temp_unc + 2, pSesInfo->serverName);
1421                 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
1422                 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
1423                 cFYI(1,
1424                      ("CIFS Tcon rc = %d ipc_tid = %d", rc, pSesInfo->ipc_tid));
1425                 kfree(temp_unc);
1426         }
1427         if (rc == 0)
1428                 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
1429                                      pnum_referrals, nls_codepage, remap);
1430
1431         return rc;
1432 }
1433
1434 /* See RFC1001 section 14 on representation of Netbios names */
1435 static void rfc1002mangle(char *target, char *source, unsigned int length)
1436 {
1437         unsigned int i, j;
1438
1439         for (i = 0, j = 0; i < (length); i++) {
1440                 /* mask a nibble at a time and encode */
1441                 target[j] = 'A' + (0x0F & (source[i] >> 4));
1442                 target[j+1] = 'A' + (0x0F & source[i]);
1443                 j += 2;
1444         }
1445
1446 }
1447
1448
1449 static int
1450 ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket,
1451              char *netbios_name, char *target_name)
1452 {
1453         int rc = 0;
1454         int connected = 0;
1455         __be16 orig_port = 0;
1456
1457         if (*csocket == NULL) {
1458                 rc = sock_create_kern(PF_INET, SOCK_STREAM,
1459                                       IPPROTO_TCP, csocket);
1460                 if (rc < 0) {
1461                         cERROR(1, ("Error %d creating socket", rc));
1462                         *csocket = NULL;
1463                         return rc;
1464                 } else {
1465                 /* BB other socket options to set KEEPALIVE, NODELAY? */
1466                         cFYI(1, ("Socket created"));
1467                         (*csocket)->sk->sk_allocation = GFP_NOFS;
1468                 }
1469         }
1470
1471         psin_server->sin_family = AF_INET;
1472         if (psin_server->sin_port) { /* user overrode default port */
1473                 rc = (*csocket)->ops->connect(*csocket,
1474                                 (struct sockaddr *) psin_server,
1475                                 sizeof(struct sockaddr_in), 0);
1476                 if (rc >= 0)
1477                         connected = 1;
1478         }
1479
1480         if (!connected) {
1481                 /* save original port so we can retry user specified port
1482                         later if fall back ports fail this time  */
1483                 orig_port = psin_server->sin_port;
1484
1485                 /* do not retry on the same port we just failed on */
1486                 if (psin_server->sin_port != htons(CIFS_PORT)) {
1487                         psin_server->sin_port = htons(CIFS_PORT);
1488
1489                         rc = (*csocket)->ops->connect(*csocket,
1490                                         (struct sockaddr *) psin_server,
1491                                         sizeof(struct sockaddr_in), 0);
1492                         if (rc >= 0)
1493                                 connected = 1;
1494                 }
1495         }
1496         if (!connected) {
1497                 psin_server->sin_port = htons(RFC1001_PORT);
1498                 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1499                                               psin_server,
1500                                               sizeof(struct sockaddr_in), 0);
1501                 if (rc >= 0)
1502                         connected = 1;
1503         }
1504
1505         /* give up here - unless we want to retry on different
1506                 protocol families some day */
1507         if (!connected) {
1508                 if (orig_port)
1509                         psin_server->sin_port = orig_port;
1510                 cFYI(1, ("Error %d connecting to server via ipv4", rc));
1511                 sock_release(*csocket);
1512                 *csocket = NULL;
1513                 return rc;
1514         }
1515         /* Eventually check for other socket options to change from
1516                 the default. sock_setsockopt not used because it expects
1517                 user space buffer */
1518          cFYI(1, ("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",
1519                  (*csocket)->sk->sk_sndbuf,
1520                  (*csocket)->sk->sk_rcvbuf, (*csocket)->sk->sk_rcvtimeo));
1521         (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1522         /* make the bufsizes depend on wsize/rsize and max requests */
1523         if ((*csocket)->sk->sk_sndbuf < (200 * 1024))
1524                 (*csocket)->sk->sk_sndbuf = 200 * 1024;
1525         if ((*csocket)->sk->sk_rcvbuf < (140 * 1024))
1526                 (*csocket)->sk->sk_rcvbuf = 140 * 1024;
1527
1528         /* send RFC1001 sessinit */
1529         if (psin_server->sin_port == htons(RFC1001_PORT)) {
1530                 /* some servers require RFC1001 sessinit before sending
1531                 negprot - BB check reconnection in case where second
1532                 sessinit is sent but no second negprot */
1533                 struct rfc1002_session_packet *ses_init_buf;
1534                 struct smb_hdr *smb_buf;
1535                 ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet),
1536                                        GFP_KERNEL);
1537                 if (ses_init_buf) {
1538                         ses_init_buf->trailer.session_req.called_len = 32;
1539                         if (target_name && (target_name[0] != 0)) {
1540                                 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1541                                         target_name, 16);
1542                         } else {
1543                                 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1544                                         DEFAULT_CIFS_CALLED_NAME, 16);
1545                         }
1546
1547                         ses_init_buf->trailer.session_req.calling_len = 32;
1548                         /* calling name ends in null (byte 16) from old smb
1549                         convention. */
1550                         if (netbios_name && (netbios_name[0] != 0)) {
1551                                 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1552                                         netbios_name, 16);
1553                         } else {
1554                                 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1555                                         "LINUX_CIFS_CLNT", 16);
1556                         }
1557                         ses_init_buf->trailer.session_req.scope1 = 0;
1558                         ses_init_buf->trailer.session_req.scope2 = 0;
1559                         smb_buf = (struct smb_hdr *)ses_init_buf;
1560                         /* sizeof RFC1002_SESSION_REQUEST with no scope */
1561                         smb_buf->smb_buf_length = 0x81000044;
1562                         rc = smb_send(*csocket, smb_buf, 0x44,
1563                                 (struct sockaddr *)psin_server);
1564                         kfree(ses_init_buf);
1565                         msleep(1); /* RFC1001 layer in at least one server
1566                                       requires very short break before negprot
1567                                       presumably because not expecting negprot
1568                                       to follow so fast.  This is a simple
1569                                       solution that works without
1570                                       complicating the code and causes no
1571                                       significant slowing down on mount
1572                                       for everyone else */
1573                 }
1574                 /* else the negprot may still work without this
1575                 even though malloc failed */
1576
1577         }
1578
1579         return rc;
1580 }
1581
1582 static int
1583 ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket)
1584 {
1585         int rc = 0;
1586         int connected = 0;
1587         __be16 orig_port = 0;
1588
1589         if (*csocket == NULL) {
1590                 rc = sock_create_kern(PF_INET6, SOCK_STREAM,
1591                                       IPPROTO_TCP, csocket);
1592                 if (rc < 0) {
1593                         cERROR(1, ("Error %d creating ipv6 socket", rc));
1594                         *csocket = NULL;
1595                         return rc;
1596                 } else {
1597                 /* BB other socket options to set KEEPALIVE, NODELAY? */
1598                          cFYI(1, ("ipv6 Socket created"));
1599                         (*csocket)->sk->sk_allocation = GFP_NOFS;
1600                 }
1601         }
1602
1603         psin_server->sin6_family = AF_INET6;
1604
1605         if (psin_server->sin6_port) { /* user overrode default port */
1606                 rc = (*csocket)->ops->connect(*csocket,
1607                                 (struct sockaddr *) psin_server,
1608                                 sizeof(struct sockaddr_in6), 0);
1609                 if (rc >= 0)
1610                         connected = 1;
1611         }
1612
1613         if (!connected) {
1614                 /* save original port so we can retry user specified port
1615                         later if fall back ports fail this time  */
1616
1617                 orig_port = psin_server->sin6_port;
1618                 /* do not retry on the same port we just failed on */
1619                 if (psin_server->sin6_port != htons(CIFS_PORT)) {
1620                         psin_server->sin6_port = htons(CIFS_PORT);
1621
1622                         rc = (*csocket)->ops->connect(*csocket,
1623                                         (struct sockaddr *) psin_server,
1624                                         sizeof(struct sockaddr_in6), 0);
1625                         if (rc >= 0)
1626                                 connected = 1;
1627                 }
1628         }
1629         if (!connected) {
1630                 psin_server->sin6_port = htons(RFC1001_PORT);
1631                 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1632                                  psin_server, sizeof(struct sockaddr_in6), 0);
1633                 if (rc >= 0)
1634                         connected = 1;
1635         }
1636
1637         /* give up here - unless we want to retry on different
1638                 protocol families some day */
1639         if (!connected) {
1640                 if (orig_port)
1641                         psin_server->sin6_port = orig_port;
1642                 cFYI(1, ("Error %d connecting to server via ipv6", rc));
1643                 sock_release(*csocket);
1644                 *csocket = NULL;
1645                 return rc;
1646         }
1647         /* Eventually check for other socket options to change from
1648                 the default. sock_setsockopt not used because it expects
1649                 user space buffer */
1650         (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1651
1652         return rc;
1653 }
1654
1655 void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon,
1656                           struct super_block *sb, struct smb_vol *vol_info)
1657 {
1658         /* if we are reconnecting then should we check to see if
1659          * any requested capabilities changed locally e.g. via
1660          * remount but we can not do much about it here
1661          * if they have (even if we could detect it by the following)
1662          * Perhaps we could add a backpointer to array of sb from tcon
1663          * or if we change to make all sb to same share the same
1664          * sb as NFS - then we only have one backpointer to sb.
1665          * What if we wanted to mount the server share twice once with
1666          * and once without posixacls or posix paths? */
1667         __u64 saved_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
1668
1669         if (vol_info && vol_info->no_linux_ext) {
1670                 tcon->fsUnixInfo.Capability = 0;
1671                 tcon->unix_ext = 0; /* Unix Extensions disabled */
1672                 cFYI(1, ("Linux protocol extensions disabled"));
1673                 return;
1674         } else if (vol_info)
1675                 tcon->unix_ext = 1; /* Unix Extensions supported */
1676
1677         if (tcon->unix_ext == 0) {
1678                 cFYI(1, ("Unix extensions disabled so not set on reconnect"));
1679                 return;
1680         }
1681
1682         if (!CIFSSMBQFSUnixInfo(xid, tcon)) {
1683                 __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
1684
1685                 /* check for reconnect case in which we do not
1686                    want to change the mount behavior if we can avoid it */
1687                 if (vol_info == NULL) {
1688                         /* turn off POSIX ACL and PATHNAMES if not set
1689                            originally at mount time */
1690                         if ((saved_cap & CIFS_UNIX_POSIX_ACL_CAP) == 0)
1691                                 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
1692                         if ((saved_cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0)
1693                                 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
1694                 }
1695
1696                 cap &= CIFS_UNIX_CAP_MASK;
1697                 if (vol_info && vol_info->no_psx_acl)
1698                         cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
1699                 else if (CIFS_UNIX_POSIX_ACL_CAP & cap) {
1700                         cFYI(1, ("negotiated posix acl support"));
1701                         if (sb)
1702                                 sb->s_flags |= MS_POSIXACL;
1703                 }
1704
1705                 if (vol_info && vol_info->posix_paths == 0)
1706                         cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
1707                 else if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
1708                         cFYI(1, ("negotiate posix pathnames"));
1709                         if (sb)
1710                                 CIFS_SB(sb)->mnt_cifs_flags |=
1711                                         CIFS_MOUNT_POSIX_PATHS;
1712                 }
1713
1714                 /* We might be setting the path sep back to a different
1715                 form if we are reconnecting and the server switched its
1716                 posix path capability for this share */
1717                 if (sb && (CIFS_SB(sb)->prepathlen > 0))
1718                         CIFS_SB(sb)->prepath[0] = CIFS_DIR_SEP(CIFS_SB(sb));
1719
1720                 if (sb && (CIFS_SB(sb)->rsize > 127 * 1024)) {
1721                         if ((cap & CIFS_UNIX_LARGE_READ_CAP) == 0) {
1722                                 CIFS_SB(sb)->rsize = 127 * 1024;
1723 #ifdef CONFIG_CIFS_DEBUG2
1724                                 cFYI(1, ("larger reads not supported by srv"));
1725 #endif
1726                         }
1727                 }
1728
1729
1730                 cFYI(1, ("Negotiate caps 0x%x", (int)cap));
1731 #ifdef CONFIG_CIFS_DEBUG2
1732                 if (cap & CIFS_UNIX_FCNTL_CAP)
1733                         cFYI(1, ("FCNTL cap"));
1734                 if (cap & CIFS_UNIX_EXTATTR_CAP)
1735                         cFYI(1, ("EXTATTR cap"));
1736                 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
1737                         cFYI(1, ("POSIX path cap"));
1738                 if (cap & CIFS_UNIX_XATTR_CAP)
1739                         cFYI(1, ("XATTR cap"));
1740                 if (cap & CIFS_UNIX_POSIX_ACL_CAP)
1741                         cFYI(1, ("POSIX ACL cap"));
1742                 if (cap & CIFS_UNIX_LARGE_READ_CAP)
1743                         cFYI(1, ("very large read cap"));
1744                 if (cap & CIFS_UNIX_LARGE_WRITE_CAP)
1745                         cFYI(1, ("very large write cap"));
1746 #endif /* CIFS_DEBUG2 */
1747                 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
1748                         if (vol_info == NULL) {
1749                                 cFYI(1, ("resetting capabilities failed"));
1750                         } else
1751                                 cERROR(1, ("Negotiating Unix capabilities "
1752                                            "with the server failed.  Consider "
1753                                            "mounting with the Unix Extensions\n"
1754                                            "disabled, if problems are found, "
1755                                            "by specifying the nounix mount "
1756                                            "option."));
1757
1758                 }
1759         }
1760 }
1761
1762 int
1763 cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
1764            char *mount_data, const char *devname)
1765 {
1766         int rc = 0;
1767         int xid;
1768         int address_type = AF_INET;
1769         struct socket *csocket = NULL;
1770         struct sockaddr_in sin_server;
1771         struct sockaddr_in6 sin_server6;
1772         struct smb_vol volume_info;
1773         struct cifsSesInfo *pSesInfo = NULL;
1774         struct cifsSesInfo *existingCifsSes = NULL;
1775         struct cifsTconInfo *tcon = NULL;
1776         struct TCP_Server_Info *srvTcp = NULL;
1777
1778         xid = GetXid();
1779
1780 /* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */
1781
1782         memset(&volume_info, 0, sizeof(struct smb_vol));
1783         if (cifs_parse_mount_options(mount_data, devname, &volume_info)) {
1784                 kfree(volume_info.UNC);
1785                 kfree(volume_info.password);
1786                 kfree(volume_info.prepath);
1787                 FreeXid(xid);
1788                 return -EINVAL;
1789         }
1790
1791         if (volume_info.nullauth) {
1792                 cFYI(1, ("null user"));
1793                 volume_info.username = "";
1794         } else if (volume_info.username) {
1795                 /* BB fixme parse for domain name here */
1796                 cFYI(1, ("Username: %s", volume_info.username));
1797         } else {
1798                 cifserror("No username specified");
1799         /* In userspace mount helper we can get user name from alternate
1800            locations such as env variables and files on disk */
1801                 kfree(volume_info.UNC);
1802                 kfree(volume_info.password);
1803                 kfree(volume_info.prepath);
1804                 FreeXid(xid);
1805                 return -EINVAL;
1806         }
1807
1808         if (volume_info.UNCip && volume_info.UNC) {
1809                 rc = cifs_inet_pton(AF_INET, volume_info.UNCip,
1810                                     &sin_server.sin_addr.s_addr);
1811
1812                 if (rc <= 0) {
1813                         /* not ipv4 address, try ipv6 */
1814                         rc = cifs_inet_pton(AF_INET6, volume_info.UNCip,
1815                                             &sin_server6.sin6_addr.in6_u);
1816                         if (rc > 0)
1817                                 address_type = AF_INET6;
1818                 } else {
1819                         address_type = AF_INET;
1820                 }
1821
1822                 if (rc <= 0) {
1823                         /* we failed translating address */
1824                         kfree(volume_info.UNC);
1825                         kfree(volume_info.password);
1826                         kfree(volume_info.prepath);
1827                         FreeXid(xid);
1828                         return -EINVAL;
1829                 }
1830
1831                 cFYI(1, ("UNC: %s ip: %s", volume_info.UNC, volume_info.UNCip));
1832                 /* success */
1833                 rc = 0;
1834         } else if (volume_info.UNCip) {
1835                 /* BB using ip addr as server name to connect to the
1836                    DFS root below */
1837                 cERROR(1, ("Connecting to DFS root not implemented yet"));
1838                 kfree(volume_info.UNC);
1839                 kfree(volume_info.password);
1840                 kfree(volume_info.prepath);
1841                 FreeXid(xid);
1842                 return -EINVAL;
1843         } else /* which servers DFS root would we conect to */ {
1844                 cERROR(1,
1845                        ("CIFS mount error: No UNC path (e.g. -o "
1846                         "unc=//192.168.1.100/public) specified"));
1847                 kfree(volume_info.UNC);
1848                 kfree(volume_info.password);
1849                 kfree(volume_info.prepath);
1850                 FreeXid(xid);
1851                 return -EINVAL;
1852         }
1853
1854         /* this is needed for ASCII cp to Unicode converts */
1855         if (volume_info.iocharset == NULL) {
1856                 cifs_sb->local_nls = load_nls_default();
1857         /* load_nls_default can not return null */
1858         } else {
1859                 cifs_sb->local_nls = load_nls(volume_info.iocharset);
1860                 if (cifs_sb->local_nls == NULL) {
1861                         cERROR(1, ("CIFS mount error: iocharset %s not found",
1862                                  volume_info.iocharset));
1863                         kfree(volume_info.UNC);
1864                         kfree(volume_info.password);
1865                         kfree(volume_info.prepath);
1866                         FreeXid(xid);
1867                         return -ELIBACC;
1868                 }
1869         }
1870
1871         if (address_type == AF_INET)
1872                 existingCifsSes = cifs_find_tcp_session(&sin_server.sin_addr,
1873                         NULL /* no ipv6 addr */,
1874                         volume_info.username, &srvTcp);
1875         else if (address_type == AF_INET6) {
1876                 cFYI(1, ("looking for ipv6 address"));
1877                 existingCifsSes = cifs_find_tcp_session(NULL /* no ipv4 addr */,
1878                         &sin_server6.sin6_addr,
1879                         volume_info.username, &srvTcp);
1880         } else {
1881                 kfree(volume_info.UNC);
1882                 kfree(volume_info.password);
1883                 kfree(volume_info.prepath);
1884                 FreeXid(xid);
1885                 return -EINVAL;
1886         }
1887
1888         if (srvTcp) {
1889                 cFYI(1, ("Existing tcp session with server found"));
1890         } else {        /* create socket */
1891                 if (volume_info.port)
1892                         sin_server.sin_port = htons(volume_info.port);
1893                 else
1894                         sin_server.sin_port = 0;
1895                 if (address_type == AF_INET6) {
1896                         cFYI(1, ("attempting ipv6 connect"));
1897                         /* BB should we allow ipv6 on port 139? */
1898                         /* other OS never observed in Wild doing 139 with v6 */
1899                         rc = ipv6_connect(&sin_server6, &csocket);
1900                 } else
1901                         rc = ipv4_connect(&sin_server, &csocket,
1902                                   volume_info.source_rfc1001_name,
1903                                   volume_info.target_rfc1001_name);
1904                 if (rc < 0) {
1905                         cERROR(1, ("Error connecting to IPv4 socket. "
1906                                    "Aborting operation"));
1907                         if (csocket != NULL)
1908                                 sock_release(csocket);
1909                         kfree(volume_info.UNC);
1910                         kfree(volume_info.password);
1911                         kfree(volume_info.prepath);
1912                         FreeXid(xid);
1913                         return rc;
1914                 }
1915
1916                 srvTcp = kzalloc(sizeof(struct TCP_Server_Info), GFP_KERNEL);
1917                 if (!srvTcp) {
1918                         rc = -ENOMEM;
1919                         sock_release(csocket);
1920                         kfree(volume_info.UNC);
1921                         kfree(volume_info.password);
1922                         kfree(volume_info.prepath);
1923                         FreeXid(xid);
1924                         return rc;
1925                 } else {
1926                         memcpy(&srvTcp->addr.sockAddr, &sin_server,
1927                                 sizeof(struct sockaddr_in));
1928                         atomic_set(&srvTcp->inFlight, 0);
1929                         /* BB Add code for ipv6 case too */
1930                         srvTcp->ssocket = csocket;
1931                         srvTcp->protocolType = IPV4;
1932                         init_waitqueue_head(&srvTcp->response_q);
1933                         init_waitqueue_head(&srvTcp->request_q);
1934                         INIT_LIST_HEAD(&srvTcp->pending_mid_q);
1935                         /* at this point we are the only ones with the pointer
1936                         to the struct since the kernel thread not created yet
1937                         so no need to spinlock this init of tcpStatus */
1938                         srvTcp->tcpStatus = CifsNew;
1939                         init_MUTEX(&srvTcp->tcpSem);
1940                         srvTcp->tsk = kthread_run((void *)(void *)cifs_demultiplex_thread, srvTcp, "cifsd");
1941                         if ( IS_ERR(srvTcp->tsk) ) {
1942                                 rc = PTR_ERR(srvTcp->tsk);
1943                                 cERROR(1, ("error %d create cifsd thread", rc));
1944                                 srvTcp->tsk = NULL;
1945                                 sock_release(csocket);
1946                                 kfree(volume_info.UNC);
1947                                 kfree(volume_info.password);
1948                                 kfree(volume_info.prepath);
1949                                 FreeXid(xid);
1950                                 return rc;
1951                         }
1952                         wait_for_completion(&cifsd_complete);
1953                         rc = 0;
1954                         memcpy(srvTcp->workstation_RFC1001_name,
1955                                 volume_info.source_rfc1001_name, 16);
1956                         memcpy(srvTcp->server_RFC1001_name,
1957                                 volume_info.target_rfc1001_name, 16);
1958                         srvTcp->sequence_number = 0;
1959                 }
1960         }
1961
1962         if (existingCifsSes) {
1963                 pSesInfo = existingCifsSes;
1964                 cFYI(1, ("Existing smb sess found"));
1965                 kfree(volume_info.password);
1966                 /* volume_info.UNC freed at end of function */
1967         } else if (!rc) {
1968                 cFYI(1, ("Existing smb sess not found"));
1969                 pSesInfo = sesInfoAlloc();
1970                 if (pSesInfo == NULL)
1971                         rc = -ENOMEM;
1972                 else {
1973                         pSesInfo->server = srvTcp;
1974                         sprintf(pSesInfo->serverName, "%u.%u.%u.%u",
1975                                 NIPQUAD(sin_server.sin_addr.s_addr));
1976                 }
1977
1978                 if (!rc) {
1979                         /* volume_info.password freed at unmount */
1980                         if (volume_info.password)
1981                                 pSesInfo->password = volume_info.password;
1982                         if (volume_info.username)
1983                                 strncpy(pSesInfo->userName,
1984                                         volume_info.username,
1985                                         MAX_USERNAME_SIZE);
1986                         if (volume_info.domainname) {
1987                                 int len = strlen(volume_info.domainname);
1988                                 pSesInfo->domainName =
1989                                         kmalloc(len + 1, GFP_KERNEL);
1990                                 if (pSesInfo->domainName)
1991                                         strcpy(pSesInfo->domainName,
1992                                                 volume_info.domainname);
1993                         }
1994                         pSesInfo->linux_uid = volume_info.linux_uid;
1995                         pSesInfo->overrideSecFlg = volume_info.secFlg;
1996                         down(&pSesInfo->sesSem);
1997                         /* BB FIXME need to pass vol->secFlgs BB */
1998                         rc = cifs_setup_session(xid, pSesInfo,
1999                                                 cifs_sb->local_nls);
2000                         up(&pSesInfo->sesSem);
2001                         if (!rc)
2002                                 atomic_inc(&srvTcp->socketUseCount);
2003                 } else
2004                         kfree(volume_info.password);
2005         }
2006
2007         /* search for existing tcon to this server share */
2008         if (!rc) {
2009                 if (volume_info.rsize > CIFSMaxBufSize) {
2010                         cERROR(1, ("rsize %d too large, using MaxBufSize",
2011                                 volume_info.rsize));
2012                         cifs_sb->rsize = CIFSMaxBufSize;
2013                 } else if ((volume_info.rsize) &&
2014                                 (volume_info.rsize <= CIFSMaxBufSize))
2015                         cifs_sb->rsize = volume_info.rsize;
2016                 else /* default */
2017                         cifs_sb->rsize = CIFSMaxBufSize;
2018
2019                 if (volume_info.wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
2020                         cERROR(1, ("wsize %d too large, using 4096 instead",
2021                                   volume_info.wsize));
2022                         cifs_sb->wsize = 4096;
2023                 } else if (volume_info.wsize)
2024                         cifs_sb->wsize = volume_info.wsize;
2025                 else
2026                         cifs_sb->wsize =
2027                                 min_t(const int, PAGEVEC_SIZE * PAGE_CACHE_SIZE,
2028                                         127*1024);
2029                         /* old default of CIFSMaxBufSize was too small now
2030                            that SMB Write2 can send multiple pages in kvec.
2031                            RFC1001 does not describe what happens when frame
2032                            bigger than 128K is sent so use that as max in
2033                            conjunction with 52K kvec constraint on arch with 4K
2034                            page size  */
2035
2036                 if (cifs_sb->rsize < 2048) {
2037                         cifs_sb->rsize = 2048;
2038                         /* Windows ME may prefer this */
2039                         cFYI(1, ("readsize set to minimum: 2048"));
2040                 }
2041                 /* calculate prepath */
2042                 cifs_sb->prepath = volume_info.prepath;
2043                 if (cifs_sb->prepath) {
2044                         cifs_sb->prepathlen = strlen(cifs_sb->prepath);
2045                         cifs_sb->prepath[0] = CIFS_DIR_SEP(cifs_sb);
2046                         volume_info.prepath = NULL;
2047                 } else
2048                         cifs_sb->prepathlen = 0;
2049                 cifs_sb->mnt_uid = volume_info.linux_uid;
2050                 cifs_sb->mnt_gid = volume_info.linux_gid;
2051                 cifs_sb->mnt_file_mode = volume_info.file_mode;
2052                 cifs_sb->mnt_dir_mode = volume_info.dir_mode;
2053                 cFYI(1, ("file mode: 0x%x  dir mode: 0x%x",
2054                         cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode));
2055
2056                 if (volume_info.noperm)
2057                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
2058                 if (volume_info.setuids)
2059                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
2060                 if (volume_info.server_ino)
2061                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
2062                 if (volume_info.remap)
2063                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
2064                 if (volume_info.no_xattr)
2065                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
2066                 if (volume_info.sfu_emul)
2067                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
2068                 if (volume_info.nobrl)
2069                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
2070                 if (volume_info.cifs_acl)
2071                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
2072                 if (volume_info.override_uid)
2073                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
2074                 if (volume_info.override_gid)
2075                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
2076                 if (volume_info.direct_io) {
2077                         cFYI(1, ("mounting share using direct i/o"));
2078                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
2079                 }
2080
2081                 tcon =
2082                     find_unc(sin_server.sin_addr.s_addr, volume_info.UNC,
2083                              volume_info.username);
2084                 if (tcon) {
2085                         cFYI(1, ("Found match on UNC path"));
2086                         /* we can have only one retry value for a connection
2087                            to a share so for resources mounted more than once
2088                            to the same server share the last value passed in
2089                            for the retry flag is used */
2090                         tcon->retry = volume_info.retry;
2091                         tcon->nocase = volume_info.nocase;
2092                 } else {
2093                         tcon = tconInfoAlloc();
2094                         if (tcon == NULL)
2095                                 rc = -ENOMEM;
2096                         else {
2097                                 /* check for null share name ie connecting to
2098                                  * dfs root */
2099
2100                                 /* BB check if this works for exactly length
2101                                  * three strings */
2102                                 if ((strchr(volume_info.UNC + 3, '\\') == NULL)
2103                                     && (strchr(volume_info.UNC + 3, '/') ==
2104                                         NULL)) {
2105                                         rc = connect_to_dfs_path(xid, pSesInfo,
2106                                                 "", cifs_sb->local_nls,
2107                                                 cifs_sb->mnt_cifs_flags &
2108                                                   CIFS_MOUNT_MAP_SPECIAL_CHR);
2109                                         kfree(volume_info.UNC);
2110                                         FreeXid(xid);
2111                                         return -ENODEV;
2112                                 } else {
2113                                         /* BB Do we need to wrap sesSem around
2114                                          * this TCon call and Unix SetFS as
2115                                          * we do on SessSetup and reconnect? */
2116                                         rc = CIFSTCon(xid, pSesInfo,
2117                                                 volume_info.UNC,
2118                                                 tcon, cifs_sb->local_nls);
2119                                         cFYI(1, ("CIFS Tcon rc = %d", rc));
2120                                 }
2121                                 if (!rc) {
2122                                         atomic_inc(&pSesInfo->inUse);
2123                                         tcon->retry = volume_info.retry;
2124                                         tcon->nocase = volume_info.nocase;
2125                                 }
2126                         }
2127                 }
2128         }
2129         if (pSesInfo) {
2130                 if (pSesInfo->capabilities & CAP_LARGE_FILES) {
2131                         sb->s_maxbytes = (u64) 1 << 63;
2132                 } else
2133                         sb->s_maxbytes = (u64) 1 << 31; /* 2 GB */
2134         }
2135
2136         /* BB FIXME fix time_gran to be larger for LANMAN sessions */
2137         sb->s_time_gran = 100;
2138
2139 /* on error free sesinfo and tcon struct if needed */
2140         if (rc) {
2141                 /* if session setup failed, use count is zero but
2142                 we still need to free cifsd thread */
2143                 if (atomic_read(&srvTcp->socketUseCount) == 0) {
2144                         spin_lock(&GlobalMid_Lock);
2145                         srvTcp->tcpStatus = CifsExiting;
2146                         spin_unlock(&GlobalMid_Lock);
2147                         if (srvTcp->tsk) {
2148                                 struct task_struct *tsk;
2149                                 /* If we could verify that kthread_stop would
2150                                    always wake up processes blocked in
2151                                    tcp in recv_mesg then we could remove the
2152                                    send_sig call */
2153                                 force_sig(SIGKILL, srvTcp->tsk);
2154                                 tsk = srvTcp->tsk;
2155                                 if (tsk)
2156                                         kthread_stop(tsk);
2157                         }
2158                 }
2159                  /* If find_unc succeeded then rc == 0 so we can not end */
2160                 if (tcon)  /* up accidently freeing someone elses tcon struct */
2161                         tconInfoFree(tcon);
2162                 if (existingCifsSes == NULL) {
2163                         if (pSesInfo) {
2164                                 if ((pSesInfo->server) &&
2165                                     (pSesInfo->status == CifsGood)) {
2166                                         int temp_rc;
2167                                         temp_rc = CIFSSMBLogoff(xid, pSesInfo);
2168                                         /* if the socketUseCount is now zero */
2169                                         if ((temp_rc == -ESHUTDOWN) &&
2170                                             (pSesInfo->server) &&
2171                                             (pSesInfo->server->tsk)) {
2172                                                 struct task_struct *tsk;
2173                                                 force_sig(SIGKILL,
2174                                                         pSesInfo->server->tsk);
2175                                                 tsk = pSesInfo->server->tsk;
2176                                                 if (tsk)
2177                                                         kthread_stop(tsk);
2178                                         }
2179                                 } else {
2180                                         cFYI(1, ("No session or bad tcon"));
2181                                         if ((pSesInfo->server) &&
2182                                             (pSesInfo->server->tsk)) {
2183                                                 struct task_struct *tsk;
2184                                                 force_sig(SIGKILL,
2185                                                         pSesInfo->server->tsk);
2186                                                 tsk = pSesInfo->server->tsk;
2187                                                 if (tsk)
2188                                                         kthread_stop(tsk);
2189                                         }
2190                                 }
2191                                 sesInfoFree(pSesInfo);
2192                                 /* pSesInfo = NULL; */
2193                         }
2194                 }
2195         } else {
2196                 atomic_inc(&tcon->useCount);
2197                 cifs_sb->tcon = tcon;
2198                 tcon->ses = pSesInfo;
2199
2200                 /* do not care if following two calls succeed - informational */
2201                 if (!tcon->ipc) {
2202                         CIFSSMBQFSDeviceInfo(xid, tcon);
2203                         CIFSSMBQFSAttributeInfo(xid, tcon);
2204                 }
2205
2206                 /* tell server which Unix caps we support */
2207                 if (tcon->ses->capabilities & CAP_UNIX)
2208                         /* reset of caps checks mount to see if unix extensions
2209                            disabled for just this mount */
2210                         reset_cifs_unix_caps(xid, tcon, sb, &volume_info);
2211                 else
2212                         tcon->unix_ext = 0; /* server does not support them */
2213
2214                 if ((tcon->unix_ext == 0) && (cifs_sb->rsize > (1024 * 127))) {
2215                         cifs_sb->rsize = 1024 * 127;
2216 #ifdef CONFIG_CIFS_DEBUG2
2217                         cFYI(1, ("no very large read support, rsize now 127K"));
2218 #endif
2219                 }
2220                 if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
2221                         cifs_sb->wsize = min(cifs_sb->wsize,
2222                                              (tcon->ses->server->maxBuf -
2223                                               MAX_CIFS_HDR_SIZE));
2224                 if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
2225                         cifs_sb->rsize = min(cifs_sb->rsize,
2226                                              (tcon->ses->server->maxBuf -
2227                                               MAX_CIFS_HDR_SIZE));
2228         }
2229
2230         /* volume_info.password is freed above when existing session found
2231         (in which case it is not needed anymore) but when new sesion is created
2232         the password ptr is put in the new session structure (in which case the
2233         password will be freed at unmount time) */
2234         kfree(volume_info.UNC);
2235         kfree(volume_info.prepath);
2236         FreeXid(xid);
2237         return rc;
2238 }
2239
2240 static int
2241 CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2242               char session_key[CIFS_SESS_KEY_SIZE],
2243               const struct nls_table *nls_codepage)
2244 {
2245         struct smb_hdr *smb_buffer;
2246         struct smb_hdr *smb_buffer_response;
2247         SESSION_SETUP_ANDX *pSMB;
2248         SESSION_SETUP_ANDX *pSMBr;
2249         char *bcc_ptr;
2250         char *user;
2251         char *domain;
2252         int rc = 0;
2253         int remaining_words = 0;
2254         int bytes_returned = 0;
2255         int len;
2256         __u32 capabilities;
2257         __u16 count;
2258
2259         cFYI(1, ("In sesssetup"));
2260         if (ses == NULL)
2261                 return -EINVAL;
2262         user = ses->userName;
2263         domain = ses->domainName;
2264         smb_buffer = cifs_buf_get();
2265         if (smb_buffer == NULL) {
2266                 return -ENOMEM;
2267         }
2268         smb_buffer_response = smb_buffer;
2269         pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2270
2271         /* send SMBsessionSetup here */
2272         header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2273                         NULL /* no tCon exists yet */ , 13 /* wct */ );
2274
2275         smb_buffer->Mid = GetNextMid(ses->server);
2276         pSMB->req_no_secext.AndXCommand = 0xFF;
2277         pSMB->req_no_secext.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2278         pSMB->req_no_secext.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2279
2280         if (ses->server->secMode &
2281                         (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2282                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2283
2284         capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2285                 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
2286         if (ses->capabilities & CAP_UNICODE) {
2287                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2288                 capabilities |= CAP_UNICODE;
2289         }
2290         if (ses->capabilities & CAP_STATUS32) {
2291                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2292                 capabilities |= CAP_STATUS32;
2293         }
2294         if (ses->capabilities & CAP_DFS) {
2295                 smb_buffer->Flags2 |= SMBFLG2_DFS;
2296                 capabilities |= CAP_DFS;
2297         }
2298         pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
2299
2300         pSMB->req_no_secext.CaseInsensitivePasswordLength =
2301                 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2302
2303         pSMB->req_no_secext.CaseSensitivePasswordLength =
2304             cpu_to_le16(CIFS_SESS_KEY_SIZE);
2305         bcc_ptr = pByteArea(smb_buffer);
2306         memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2307         bcc_ptr += CIFS_SESS_KEY_SIZE;
2308         memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2309         bcc_ptr += CIFS_SESS_KEY_SIZE;
2310
2311         if (ses->capabilities & CAP_UNICODE) {
2312                 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode */
2313                         *bcc_ptr = 0;
2314                         bcc_ptr++;
2315                 }
2316                 if (user == NULL)
2317                         bytes_returned = 0; /* skip null user */
2318                 else
2319                         bytes_returned =
2320                                 cifs_strtoUCS((__le16 *) bcc_ptr, user, 100,
2321                                         nls_codepage);
2322                 /* convert number of 16 bit words to bytes */
2323                 bcc_ptr += 2 * bytes_returned;
2324                 bcc_ptr += 2;   /* trailing null */
2325                 if (domain == NULL)
2326                         bytes_returned =
2327                             cifs_strtoUCS((__le16 *) bcc_ptr,
2328                                           "CIFS_LINUX_DOM", 32, nls_codepage);
2329                 else
2330                         bytes_returned =
2331                             cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2332                                           nls_codepage);
2333                 bcc_ptr += 2 * bytes_returned;
2334                 bcc_ptr += 2;
2335                 bytes_returned =
2336                     cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2337                                   32, nls_codepage);
2338                 bcc_ptr += 2 * bytes_returned;
2339                 bytes_returned =
2340                     cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release,
2341                                   32, nls_codepage);
2342                 bcc_ptr += 2 * bytes_returned;
2343                 bcc_ptr += 2;
2344                 bytes_returned =
2345                     cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2346                                   64, nls_codepage);
2347                 bcc_ptr += 2 * bytes_returned;
2348                 bcc_ptr += 2;
2349         } else {
2350                 if (user != NULL) {
2351                     strncpy(bcc_ptr, user, 200);
2352                     bcc_ptr += strnlen(user, 200);
2353                 }
2354                 *bcc_ptr = 0;
2355                 bcc_ptr++;
2356                 if (domain == NULL) {
2357                         strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2358                         bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2359                 } else {
2360                         strncpy(bcc_ptr, domain, 64);
2361                         bcc_ptr += strnlen(domain, 64);
2362                         *bcc_ptr = 0;
2363                         bcc_ptr++;
2364                 }
2365                 strcpy(bcc_ptr, "Linux version ");
2366                 bcc_ptr += strlen("Linux version ");
2367                 strcpy(bcc_ptr, utsname()->release);
2368                 bcc_ptr += strlen(utsname()->release) + 1;
2369                 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2370                 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2371         }
2372         count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2373         smb_buffer->smb_buf_length += count;
2374         pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
2375
2376         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2377                          &bytes_returned, 1);
2378         if (rc) {
2379 /* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2380         } else if ((smb_buffer_response->WordCount == 3)
2381                    || (smb_buffer_response->WordCount == 4)) {
2382                 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2383                 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2384                 if (action & GUEST_LOGIN)
2385                         cFYI(1, (" Guest login")); /* BB mark SesInfo struct? */
2386                 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format
2387                                                          (little endian) */
2388                 cFYI(1, ("UID = %d ", ses->Suid));
2389         /* response can have either 3 or 4 word count - Samba sends 3 */
2390                 bcc_ptr = pByteArea(smb_buffer_response);
2391                 if ((pSMBr->resp.hdr.WordCount == 3)
2392                     || ((pSMBr->resp.hdr.WordCount == 4)
2393                         && (blob_len < pSMBr->resp.ByteCount))) {
2394                         if (pSMBr->resp.hdr.WordCount == 4)
2395                                 bcc_ptr += blob_len;
2396
2397                         if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2398                                 if ((long) (bcc_ptr) % 2) {
2399                                         remaining_words =
2400                                             (BCC(smb_buffer_response) - 1) / 2;
2401                                         /* Unicode strings must be word
2402                                            aligned */
2403                                         bcc_ptr++;
2404                                 } else {
2405                                         remaining_words =
2406                                                 BCC(smb_buffer_response) / 2;
2407                                 }
2408                                 len =
2409                                     UniStrnlen((wchar_t *) bcc_ptr,
2410                                                remaining_words - 1);
2411 /* We look for obvious messed up bcc or strings in response so we do not go off
2412    the end since (at least) WIN2K and Windows XP have a major bug in not null
2413    terminating last Unicode string in response  */
2414                                 if (ses->serverOS)
2415                                         kfree(ses->serverOS);
2416                                 ses->serverOS = kzalloc(2 * (len + 1),
2417                                                         GFP_KERNEL);
2418                                 if (ses->serverOS == NULL)
2419                                         goto sesssetup_nomem;
2420                                 cifs_strfromUCS_le(ses->serverOS,
2421                                                    (__le16 *)bcc_ptr,
2422                                                    len, nls_codepage);
2423                                 bcc_ptr += 2 * (len + 1);
2424                                 remaining_words -= len + 1;
2425                                 ses->serverOS[2 * len] = 0;
2426                                 ses->serverOS[1 + (2 * len)] = 0;
2427                                 if (remaining_words > 0) {
2428                                         len = UniStrnlen((wchar_t *)bcc_ptr,
2429                                                          remaining_words-1);
2430                                         kfree(ses->serverNOS);
2431                                         ses->serverNOS = kzalloc(2 * (len + 1),
2432                                                                  GFP_KERNEL);
2433                                         if (ses->serverNOS == NULL)
2434                                                 goto sesssetup_nomem;
2435                                         cifs_strfromUCS_le(ses->serverNOS,
2436                                                            (__le16 *)bcc_ptr,
2437                                                            len, nls_codepage);
2438                                         bcc_ptr += 2 * (len + 1);
2439                                         ses->serverNOS[2 * len] = 0;
2440                                         ses->serverNOS[1 + (2 * len)] = 0;
2441                                         if (strncmp(ses->serverNOS,
2442                                                 "NT LAN Manager 4", 16) == 0) {
2443                                                 cFYI(1, ("NT4 server"));
2444                                                 ses->flags |= CIFS_SES_NT4;
2445                                         }
2446                                         remaining_words -= len + 1;
2447                                         if (remaining_words > 0) {
2448                                                 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2449                                 /* last string is not always null terminated
2450                                    (for e.g. for Windows XP & 2000) */
2451                                                 if (ses->serverDomain)
2452                                                         kfree(ses->serverDomain);
2453                                                 ses->serverDomain =
2454                                                     kzalloc(2*(len+1),
2455                                                             GFP_KERNEL);
2456                                                 if (ses->serverDomain == NULL)
2457                                                         goto sesssetup_nomem;
2458                                                 cifs_strfromUCS_le(ses->serverDomain,
2459                                                         (__le16 *)bcc_ptr,
2460                                                         len, nls_codepage);
2461                                                 bcc_ptr += 2 * (len + 1);
2462                                                 ses->serverDomain[2*len] = 0;
2463                                                 ses->serverDomain[1+(2*len)] = 0;
2464                                         } else { /* else no more room so create
2465                                                   dummy domain string */
2466                                                 if (ses->serverDomain)
2467                                                         kfree(ses->serverDomain);
2468                                                 ses->serverDomain =
2469                                                         kzalloc(2, GFP_KERNEL);
2470                                         }
2471                                 } else { /* no room so create dummy domain
2472                                             and NOS string */
2473
2474                                         /* if these kcallocs fail not much we
2475                                            can do, but better to not fail the
2476                                            sesssetup itself */
2477                                         kfree(ses->serverDomain);
2478                                         ses->serverDomain =
2479                                             kzalloc(2, GFP_KERNEL);
2480                                         kfree(ses->serverNOS);
2481                                         ses->serverNOS =
2482                                             kzalloc(2, GFP_KERNEL);
2483                                 }
2484                         } else {        /* ASCII */
2485                                 len = strnlen(bcc_ptr, 1024);
2486                                 if (((long) bcc_ptr + len) - (long)
2487                                     pByteArea(smb_buffer_response)
2488                                             <= BCC(smb_buffer_response)) {
2489                                         kfree(ses->serverOS);
2490                                         ses->serverOS = kzalloc(len + 1,
2491                                                                 GFP_KERNEL);
2492                                         if (ses->serverOS == NULL)
2493                                                 goto sesssetup_nomem;
2494                                         strncpy(ses->serverOS, bcc_ptr, len);
2495
2496                                         bcc_ptr += len;
2497                                         /* null terminate the string */
2498                                         bcc_ptr[0] = 0;
2499                                         bcc_ptr++;
2500
2501                                         len = strnlen(bcc_ptr, 1024);
2502                                         kfree(ses->serverNOS);
2503                                         ses->serverNOS = kzalloc(len + 1,
2504                                                                  GFP_KERNEL);
2505                                         if (ses->serverNOS == NULL)
2506                                                 goto sesssetup_nomem;
2507                                         strncpy(ses->serverNOS, bcc_ptr, len);
2508                                         bcc_ptr += len;
2509                                         bcc_ptr[0] = 0;
2510                                         bcc_ptr++;
2511
2512                                         len = strnlen(bcc_ptr, 1024);
2513                                         if (ses->serverDomain)
2514                                                 kfree(ses->serverDomain);
2515                                         ses->serverDomain = kzalloc(len + 1,
2516                                                                     GFP_KERNEL);
2517                                         if (ses->serverDomain == NULL)
2518                                                 goto sesssetup_nomem;
2519                                         strncpy(ses->serverDomain, bcc_ptr,
2520                                                 len);
2521                                         bcc_ptr += len;
2522                                         bcc_ptr[0] = 0;
2523                                         bcc_ptr++;
2524                                 } else
2525                                         cFYI(1,
2526                                              ("Variable field of length %d "
2527                                                 "extends beyond end of smb ",
2528                                               len));
2529                         }
2530                 } else {
2531                         cERROR(1,
2532                                (" Security Blob Length extends beyond "
2533                                 "end of SMB"));
2534                 }
2535         } else {
2536                 cERROR(1,
2537                        (" Invalid Word count %d: ",
2538                         smb_buffer_response->WordCount));
2539                 rc = -EIO;
2540         }
2541 sesssetup_nomem:        /* do not return an error on nomem for the info strings,
2542                            since that could make reconnection harder, and
2543                            reconnection might be needed to free memory */
2544         cifs_buf_release(smb_buffer);
2545
2546         return rc;
2547 }
2548
2549 static int
2550 CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2551                               struct cifsSesInfo *ses, int *pNTLMv2_flag,
2552                               const struct nls_table *nls_codepage)
2553 {
2554         struct smb_hdr *smb_buffer;
2555         struct smb_hdr *smb_buffer_response;
2556         SESSION_SETUP_ANDX *pSMB;
2557         SESSION_SETUP_ANDX *pSMBr;
2558         char *bcc_ptr;
2559         char *domain;
2560         int rc = 0;
2561         int remaining_words = 0;
2562         int bytes_returned = 0;
2563         int len;
2564         int SecurityBlobLength = sizeof(NEGOTIATE_MESSAGE);
2565         PNEGOTIATE_MESSAGE SecurityBlob;
2566         PCHALLENGE_MESSAGE SecurityBlob2;
2567         __u32 negotiate_flags, capabilities;
2568         __u16 count;
2569
2570         cFYI(1, ("In NTLMSSP sesssetup (negotiate)"));
2571         if (ses == NULL)
2572                 return -EINVAL;
2573         domain = ses->domainName;
2574         *pNTLMv2_flag = FALSE;
2575         smb_buffer = cifs_buf_get();
2576         if (smb_buffer == NULL) {
2577                 return -ENOMEM;
2578         }
2579         smb_buffer_response = smb_buffer;
2580         pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2581         pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2582
2583         /* send SMBsessionSetup here */
2584         header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2585                         NULL /* no tCon exists yet */ , 12 /* wct */ );
2586
2587         smb_buffer->Mid = GetNextMid(ses->server);
2588         pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2589         pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2590
2591         pSMB->req.AndXCommand = 0xFF;
2592         pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2593         pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2594
2595         if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2596                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2597
2598         capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2599             CAP_EXTENDED_SECURITY;
2600         if (ses->capabilities & CAP_UNICODE) {
2601                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2602                 capabilities |= CAP_UNICODE;
2603         }
2604         if (ses->capabilities & CAP_STATUS32) {
2605                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2606                 capabilities |= CAP_STATUS32;
2607         }
2608         if (ses->capabilities & CAP_DFS) {
2609                 smb_buffer->Flags2 |= SMBFLG2_DFS;
2610                 capabilities |= CAP_DFS;
2611         }
2612         pSMB->req.Capabilities = cpu_to_le32(capabilities);
2613
2614         bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2615         SecurityBlob = (PNEGOTIATE_MESSAGE) bcc_ptr;
2616         strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2617         SecurityBlob->MessageType = NtLmNegotiate;
2618         negotiate_flags =
2619             NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
2620             NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM |
2621             NTLMSSP_NEGOTIATE_56 |
2622             /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
2623         if (sign_CIFS_PDUs)
2624                 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
2625 /*      if (ntlmv2_support)
2626                 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;*/
2627         /* setup pointers to domain name and workstation name */
2628         bcc_ptr += SecurityBlobLength;
2629
2630         SecurityBlob->WorkstationName.Buffer = 0;
2631         SecurityBlob->WorkstationName.Length = 0;
2632         SecurityBlob->WorkstationName.MaximumLength = 0;
2633
2634         /* Domain not sent on first Sesssetup in NTLMSSP, instead it is sent
2635         along with username on auth request (ie the response to challenge) */
2636         SecurityBlob->DomainName.Buffer = 0;
2637         SecurityBlob->DomainName.Length = 0;
2638         SecurityBlob->DomainName.MaximumLength = 0;
2639         if (ses->capabilities & CAP_UNICODE) {
2640                 if ((long) bcc_ptr % 2) {
2641                         *bcc_ptr = 0;
2642                         bcc_ptr++;
2643                 }
2644
2645                 bytes_returned =
2646                     cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2647                                   32, nls_codepage);
2648                 bcc_ptr += 2 * bytes_returned;
2649                 bytes_returned =
2650                     cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
2651                                   nls_codepage);
2652                 bcc_ptr += 2 * bytes_returned;
2653                 bcc_ptr += 2;   /* null terminate Linux version */
2654                 bytes_returned =
2655                     cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2656                                   64, nls_codepage);
2657                 bcc_ptr += 2 * bytes_returned;
2658                 *(bcc_ptr + 1) = 0;
2659                 *(bcc_ptr + 2) = 0;
2660                 bcc_ptr += 2;   /* null terminate network opsys string */
2661                 *(bcc_ptr + 1) = 0;
2662                 *(bcc_ptr + 2) = 0;
2663                 bcc_ptr += 2;   /* null domain */
2664         } else {                /* ASCII */
2665                 strcpy(bcc_ptr, "Linux version ");
2666                 bcc_ptr += strlen("Linux version ");
2667                 strcpy(bcc_ptr, utsname()->release);
2668                 bcc_ptr += strlen(utsname()->release) + 1;
2669                 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2670                 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2671                 bcc_ptr++;      /* empty domain field */
2672                 *bcc_ptr = 0;
2673         }
2674         SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2675         pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2676         count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2677         smb_buffer->smb_buf_length += count;
2678         pSMB->req.ByteCount = cpu_to_le16(count);
2679
2680         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2681                          &bytes_returned, 1);
2682
2683         if (smb_buffer_response->Status.CifsError ==
2684             cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
2685                 rc = 0;
2686
2687         if (rc) {
2688 /*    rc = map_smb_to_linux_error(smb_buffer_response);  *//* done in SendReceive now */
2689         } else if ((smb_buffer_response->WordCount == 3)
2690                    || (smb_buffer_response->WordCount == 4)) {
2691                 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2692                 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2693
2694                 if (action & GUEST_LOGIN)
2695                         cFYI(1, (" Guest login"));
2696         /* Do we want to set anything in SesInfo struct when guest login? */
2697
2698                 bcc_ptr = pByteArea(smb_buffer_response);
2699         /* response can have either 3 or 4 word count - Samba sends 3 */
2700
2701                 SecurityBlob2 = (PCHALLENGE_MESSAGE) bcc_ptr;
2702                 if (SecurityBlob2->MessageType != NtLmChallenge) {
2703                         cFYI(1,
2704                              ("Unexpected NTLMSSP message type received %d",
2705                               SecurityBlob2->MessageType));
2706                 } else if (ses) {
2707                         ses->Suid = smb_buffer_response->Uid; /* UID left in le format */
2708                         cFYI(1, ("UID = %d", ses->Suid));
2709                         if ((pSMBr->resp.hdr.WordCount == 3)
2710                             || ((pSMBr->resp.hdr.WordCount == 4)
2711                                 && (blob_len <
2712                                     pSMBr->resp.ByteCount))) {
2713
2714                                 if (pSMBr->resp.hdr.WordCount == 4) {
2715                                         bcc_ptr += blob_len;
2716                                         cFYI(1, ("Security Blob Length %d",
2717                                               blob_len));
2718                                 }
2719
2720                                 cFYI(1, ("NTLMSSP Challenge rcvd"));
2721
2722                                 memcpy(ses->server->cryptKey,
2723                                        SecurityBlob2->Challenge,
2724                                        CIFS_CRYPTO_KEY_SIZE);
2725                                 if (SecurityBlob2->NegotiateFlags &
2726                                         cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
2727                                         *pNTLMv2_flag = TRUE;
2728
2729                                 if ((SecurityBlob2->NegotiateFlags &
2730                                         cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN))
2731                                         || (sign_CIFS_PDUs > 1))
2732                                                 ses->server->secMode |=
2733                                                         SECMODE_SIGN_REQUIRED;
2734                                 if ((SecurityBlob2->NegotiateFlags &
2735                                         cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN)) && (sign_CIFS_PDUs))
2736                                                 ses->server->secMode |=
2737                                                         SECMODE_SIGN_ENABLED;
2738
2739                                 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2740                                         if ((long) (bcc_ptr) % 2) {
2741                                                 remaining_words =
2742                                                     (BCC(smb_buffer_response)
2743                                                      - 1) / 2;
2744                                          /* Must word align unicode strings */
2745                                                 bcc_ptr++;
2746                                         } else {
2747                                                 remaining_words =
2748                                                     BCC
2749                                                     (smb_buffer_response) / 2;
2750                                         }
2751                                         len =
2752                                             UniStrnlen((wchar_t *) bcc_ptr,
2753                                                        remaining_words - 1);
2754 /* We look for obvious messed up bcc or strings in response so we do not go off
2755    the end since (at least) WIN2K and Windows XP have a major bug in not null
2756    terminating last Unicode string in response  */
2757                                         if (ses->serverOS)
2758                                                 kfree(ses->serverOS);
2759                                         ses->serverOS =
2760                                             kzalloc(2 * (len + 1), GFP_KERNEL);
2761                                         cifs_strfromUCS_le(ses->serverOS,
2762                                                            (__le16 *)
2763                                                            bcc_ptr, len,
2764                                                            nls_codepage);
2765                                         bcc_ptr += 2 * (len + 1);
2766                                         remaining_words -= len + 1;
2767                                         ses->serverOS[2 * len] = 0;
2768                                         ses->serverOS[1 + (2 * len)] = 0;
2769                                         if (remaining_words > 0) {
2770                                                 len = UniStrnlen((wchar_t *)
2771                                                                  bcc_ptr,
2772                                                                  remaining_words
2773                                                                  - 1);
2774                                                 kfree(ses->serverNOS);
2775                                                 ses->serverNOS =
2776                                                     kzalloc(2 * (len + 1),
2777                                                             GFP_KERNEL);
2778                                                 cifs_strfromUCS_le(ses->
2779                                                                    serverNOS,
2780                                                                    (__le16 *)
2781                                                                    bcc_ptr,
2782                                                                    len,
2783                                                                    nls_codepage);
2784                                                 bcc_ptr += 2 * (len + 1);
2785                                                 ses->serverNOS[2 * len] = 0;
2786                                                 ses->serverNOS[1 +
2787                                                                (2 * len)] = 0;
2788                                                 remaining_words -= len + 1;
2789                                                 if (remaining_words > 0) {
2790                                                         len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2791                                 /* last string not always null terminated
2792                                    (for e.g. for Windows XP & 2000) */
2793                                                         kfree(ses->serverDomain);
2794                                                         ses->serverDomain =
2795                                                             kzalloc(2 *
2796                                                                     (len +
2797                                                                      1),
2798                                                                     GFP_KERNEL);
2799                                                         cifs_strfromUCS_le
2800                                                             (ses->serverDomain,
2801                                                              (__le16 *)bcc_ptr,
2802                                                              len, nls_codepage);
2803                                                         bcc_ptr +=
2804                                                             2 * (len + 1);
2805                                                         ses->serverDomain[2*len]
2806                                                             = 0;
2807                                                         ses->serverDomain
2808                                                                 [1 + (2 * len)]
2809                                                             = 0;
2810                                                 } /* else no more room so create dummy domain string */
2811                                                 else {
2812                                                         kfree(ses->serverDomain);
2813                                                         ses->serverDomain =
2814                                                             kzalloc(2,
2815                                                                     GFP_KERNEL);
2816                                                 }
2817                                         } else {        /* no room so create dummy domain and NOS string */
2818                                                 kfree(ses->serverDomain);
2819                                                 ses->serverDomain =
2820                                                     kzalloc(2, GFP_KERNEL);
2821                                                 kfree(ses->serverNOS);
2822                                                 ses->serverNOS =
2823                                                     kzalloc(2, GFP_KERNEL);
2824                                         }
2825                                 } else {        /* ASCII */
2826                                         len = strnlen(bcc_ptr, 1024);
2827                                         if (((long) bcc_ptr + len) - (long)
2828                                             pByteArea(smb_buffer_response)
2829                                             <= BCC(smb_buffer_response)) {
2830                                                 if (ses->serverOS)
2831                                                         kfree(ses->serverOS);
2832                                                 ses->serverOS =
2833                                                     kzalloc(len + 1,
2834                                                             GFP_KERNEL);
2835                                                 strncpy(ses->serverOS,
2836                                                         bcc_ptr, len);
2837
2838                                                 bcc_ptr += len;
2839                                                 bcc_ptr[0] = 0; /* null terminate string */
2840                                                 bcc_ptr++;
2841
2842                                                 len = strnlen(bcc_ptr, 1024);
2843                                                 kfree(ses->serverNOS);
2844                                                 ses->serverNOS =
2845                                                     kzalloc(len + 1,
2846                                                             GFP_KERNEL);
2847                                                 strncpy(ses->serverNOS, bcc_ptr, len);
2848                                                 bcc_ptr += len;
2849                                                 bcc_ptr[0] = 0;
2850                                                 bcc_ptr++;
2851
2852                                                 len = strnlen(bcc_ptr, 1024);
2853                                                 kfree(ses->serverDomain);
2854                                                 ses->serverDomain =
2855                                                     kzalloc(len + 1,
2856                                                             GFP_KERNEL);
2857                                                 strncpy(ses->serverDomain,
2858                                                         bcc_ptr, len);
2859                                                 bcc_ptr += len;
2860                                                 bcc_ptr[0] = 0;
2861                                                 bcc_ptr++;
2862                                         } else
2863                                                 cFYI(1,
2864                                                      ("field of length %d "
2865                                                     "extends beyond end of smb",
2866                                                       len));
2867                                 }
2868                         } else {
2869                                 cERROR(1, ("Security Blob Length extends beyond"
2870                                            " end of SMB"));
2871                         }
2872                 } else {
2873                         cERROR(1, ("No session structure passed in."));
2874                 }
2875         } else {
2876                 cERROR(1,
2877                        (" Invalid Word count %d:",
2878                         smb_buffer_response->WordCount));
2879                 rc = -EIO;
2880         }
2881
2882         cifs_buf_release(smb_buffer);
2883
2884         return rc;
2885 }
2886 static int
2887 CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2888                         char *ntlm_session_key, int ntlmv2_flag,
2889                         const struct nls_table *nls_codepage)
2890 {
2891         struct smb_hdr *smb_buffer;
2892         struct smb_hdr *smb_buffer_response;
2893         SESSION_SETUP_ANDX *pSMB;
2894         SESSION_SETUP_ANDX *pSMBr;
2895         char *bcc_ptr;
2896         char *user;
2897         char *domain;
2898         int rc = 0;
2899         int remaining_words = 0;
2900         int bytes_returned = 0;
2901         int len;
2902         int SecurityBlobLength = sizeof(AUTHENTICATE_MESSAGE);
2903         PAUTHENTICATE_MESSAGE SecurityBlob;
2904         __u32 negotiate_flags, capabilities;
2905         __u16 count;
2906
2907         cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
2908         if (ses == NULL)
2909                 return -EINVAL;
2910         user = ses->userName;
2911         domain = ses->domainName;
2912         smb_buffer = cifs_buf_get();
2913         if (smb_buffer == NULL) {
2914                 return -ENOMEM;
2915         }
2916         smb_buffer_response = smb_buffer;
2917         pSMB = (SESSION_SETUP_ANDX *)smb_buffer;
2918         pSMBr = (SESSION_SETUP_ANDX *)smb_buffer_response;
2919
2920         /* send SMBsessionSetup here */
2921         header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2922                         NULL /* no tCon exists yet */ , 12 /* wct */ );
2923
2924         smb_buffer->Mid = GetNextMid(ses->server);
2925         pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2926         pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2927         pSMB->req.AndXCommand = 0xFF;
2928         pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2929         pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2930
2931         pSMB->req.hdr.Uid = ses->Suid;
2932
2933         if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2934                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2935
2936         capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2937                         CAP_EXTENDED_SECURITY;
2938         if (ses->capabilities & CAP_UNICODE) {
2939                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2940                 capabilities |= CAP_UNICODE;
2941         }
2942         if (ses->capabilities & CAP_STATUS32) {
2943                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2944                 capabilities |= CAP_STATUS32;
2945         }
2946         if (ses->capabilities & CAP_DFS) {
2947                 smb_buffer->Flags2 |= SMBFLG2_DFS;
2948                 capabilities |= CAP_DFS;
2949         }
2950         pSMB->req.Capabilities = cpu_to_le32(capabilities);
2951
2952         bcc_ptr = (char *)&pSMB->req.SecurityBlob;
2953         SecurityBlob = (PAUTHENTICATE_MESSAGE)bcc_ptr;
2954         strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2955         SecurityBlob->MessageType = NtLmAuthenticate;
2956         bcc_ptr += SecurityBlobLength;
2957         negotiate_flags = NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
2958                         NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
2959                         0x80000000 | NTLMSSP_NEGOTIATE_128;
2960         if (sign_CIFS_PDUs)
2961                 negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
2962         if (ntlmv2_flag)
2963                 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
2964
2965 /* setup pointers to domain name and workstation name */
2966
2967         SecurityBlob->WorkstationName.Buffer = 0;
2968         SecurityBlob->WorkstationName.Length = 0;
2969         SecurityBlob->WorkstationName.MaximumLength = 0;
2970         SecurityBlob->SessionKey.Length = 0;
2971         SecurityBlob->SessionKey.MaximumLength = 0;
2972         SecurityBlob->SessionKey.Buffer = 0;
2973
2974         SecurityBlob->LmChallengeResponse.Length = 0;
2975         SecurityBlob->LmChallengeResponse.MaximumLength = 0;
2976         SecurityBlob->LmChallengeResponse.Buffer = 0;
2977
2978         SecurityBlob->NtChallengeResponse.Length =
2979             cpu_to_le16(CIFS_SESS_KEY_SIZE);
2980         SecurityBlob->NtChallengeResponse.MaximumLength =
2981             cpu_to_le16(CIFS_SESS_KEY_SIZE);
2982         memcpy(bcc_ptr, ntlm_session_key, CIFS_SESS_KEY_SIZE);
2983         SecurityBlob->NtChallengeResponse.Buffer =
2984             cpu_to_le32(SecurityBlobLength);
2985         SecurityBlobLength += CIFS_SESS_KEY_SIZE;
2986         bcc_ptr += CIFS_SESS_KEY_SIZE;
2987
2988         if (ses->capabilities & CAP_UNICODE) {
2989                 if (domain == NULL) {
2990                         SecurityBlob->DomainName.Buffer = 0;
2991                         SecurityBlob->DomainName.Length = 0;
2992                         SecurityBlob->DomainName.MaximumLength = 0;
2993                 } else {
2994                         __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2995                                           nls_codepage);
2996                         ln *= 2;
2997                         SecurityBlob->DomainName.MaximumLength =
2998                             cpu_to_le16(ln);
2999                         SecurityBlob->DomainName.Buffer =
3000                             cpu_to_le32(SecurityBlobLength);
3001                         bcc_ptr += ln;
3002                         SecurityBlobLength += ln;
3003                         SecurityBlob->DomainName.Length = cpu_to_le16(ln);
3004                 }
3005                 if (user == NULL) {
3006                         SecurityBlob->UserName.Buffer = 0;
3007                         SecurityBlob->UserName.Length = 0;
3008                         SecurityBlob->UserName.MaximumLength = 0;
3009                 } else {
3010                         __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, user, 64,
3011                                           nls_codepage);
3012                         ln *= 2;
3013                         SecurityBlob->UserName.MaximumLength =
3014                             cpu_to_le16(ln);
3015                         SecurityBlob->UserName.Buffer =
3016                             cpu_to_le32(SecurityBlobLength);
3017                         bcc_ptr += ln;
3018                         SecurityBlobLength += ln;
3019                         SecurityBlob->UserName.Length = cpu_to_le16(ln);
3020                 }
3021
3022                 /* SecurityBlob->WorkstationName.Length =
3023                  cifs_strtoUCS((__le16 *) bcc_ptr, "AMACHINE",64, nls_codepage);
3024                    SecurityBlob->WorkstationName.Length *= 2;
3025                    SecurityBlob->WorkstationName.MaximumLength =
3026                         cpu_to_le16(SecurityBlob->WorkstationName.Length);
3027                    SecurityBlob->WorkstationName.Buffer =
3028                                  cpu_to_le32(SecurityBlobLength);
3029                    bcc_ptr += SecurityBlob->WorkstationName.Length;
3030                    SecurityBlobLength += SecurityBlob->WorkstationName.Length;
3031                    SecurityBlob->WorkstationName.Length =
3032                         cpu_to_le16(SecurityBlob->WorkstationName.Length);  */
3033
3034                 if ((long) bcc_ptr % 2) {
3035                         *bcc_ptr = 0;
3036                         bcc_ptr++;
3037                 }
3038                 bytes_returned =
3039                     cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
3040                                   32, nls_codepage);
3041                 bcc_ptr += 2 * bytes_returned;
3042                 bytes_returned =
3043                     cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
3044                                   nls_codepage);
3045                 bcc_ptr += 2 * bytes_returned;
3046                 bcc_ptr += 2;   /* null term version string */
3047                 bytes_returned =
3048                     cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
3049                                   64, nls_codepage);
3050                 bcc_ptr += 2 * bytes_returned;
3051                 *(bcc_ptr + 1) = 0;
3052                 *(bcc_ptr + 2) = 0;
3053                 bcc_ptr += 2;   /* null terminate network opsys string */
3054                 *(bcc_ptr + 1) = 0;
3055                 *(bcc_ptr + 2) = 0;
3056                 bcc_ptr += 2;   /* null domain */
3057         } else {                /* ASCII */
3058                 if (domain == NULL) {
3059                         SecurityBlob->DomainName.Buffer = 0;
3060                         SecurityBlob->DomainName.Length = 0;
3061                         SecurityBlob->DomainName.MaximumLength = 0;
3062                 } else {
3063                         __u16 ln;
3064                         negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
3065                         strncpy(bcc_ptr, domain, 63);
3066                         ln = strnlen(domain, 64);
3067                         SecurityBlob->DomainName.MaximumLength =
3068                             cpu_to_le16(ln);
3069                         SecurityBlob->DomainName.Buffer =
3070                             cpu_to_le32(SecurityBlobLength);
3071                         bcc_ptr += ln;
3072                         SecurityBlobLength += ln;
3073                         SecurityBlob->DomainName.Length = cpu_to_le16(ln);
3074                 }
3075                 if (user == NULL) {
3076                         SecurityBlob->UserName.Buffer = 0;
3077                         SecurityBlob->UserName.Length = 0;
3078                         SecurityBlob->UserName.MaximumLength = 0;
3079                 } else {
3080                         __u16 ln;
3081                         strncpy(bcc_ptr, user, 63);
3082                         ln = strnlen(user, 64);
3083                         SecurityBlob->UserName.MaximumLength = cpu_to_le16(ln);
3084                         SecurityBlob->UserName.Buffer =
3085                                                 cpu_to_le32(SecurityBlobLength);
3086                         bcc_ptr += ln;
3087                         SecurityBlobLength += ln;
3088                         SecurityBlob->UserName.Length = cpu_to_le16(ln);
3089                 }
3090                 /* BB fill in our workstation name if known BB */
3091
3092                 strcpy(bcc_ptr, "Linux version ");
3093                 bcc_ptr += strlen("Linux version ");
3094                 strcpy(bcc_ptr, utsname()->release);
3095                 bcc_ptr += strlen(utsname()->release) + 1;
3096                 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
3097                 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
3098                 bcc_ptr++;      /* null domain */
3099                 *bcc_ptr = 0;
3100         }
3101         SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
3102         pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
3103         count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
3104         smb_buffer->smb_buf_length += count;
3105         pSMB->req.ByteCount = cpu_to_le16(count);
3106
3107         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
3108                          &bytes_returned, 1);
3109         if (rc) {
3110 /*   rc = map_smb_to_linux_error(smb_buffer_response) done in SendReceive now */
3111         } else if ((smb_buffer_response->WordCount == 3) ||
3112                    (smb_buffer_response->WordCount == 4)) {
3113                 __u16 action = le16_to_cpu(pSMBr->resp.Action);
3114                 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
3115                 if (action & GUEST_LOGIN)
3116                         cFYI(1, (" Guest login")); /* BB Should we set anything
3117                                                          in SesInfo struct ? */
3118 /*              if (SecurityBlob2->MessageType != NtLm??) {
3119                         cFYI("Unexpected message type on auth response is %d"));
3120                 } */
3121
3122                 if (ses) {
3123                         cFYI(1,
3124                              ("Check challenge UID %d vs auth response UID %d",
3125                               ses->Suid, smb_buffer_response->Uid));
3126                         /* UID left in wire format */
3127                         ses->Suid = smb_buffer_response->Uid;
3128                         bcc_ptr = pByteArea(smb_buffer_response);
3129                 /* response can have either 3 or 4 word count - Samba sends 3 */
3130                         if ((pSMBr->resp.hdr.WordCount == 3)
3131                             || ((pSMBr->resp.hdr.WordCount == 4)
3132                                 && (blob_len <
3133                                     pSMBr->resp.ByteCount))) {
3134                                 if (pSMBr->resp.hdr.WordCount == 4) {
3135                                         bcc_ptr +=
3136                                             blob_len;
3137                                         cFYI(1,
3138                                              ("Security Blob Length %d ",
3139                                               blob_len));
3140                                 }
3141
3142                                 cFYI(1,
3143                                      ("NTLMSSP response to Authenticate "));
3144
3145                                 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3146                                         if ((long) (bcc_ptr) % 2) {
3147                                                 remaining_words =
3148                                                     (BCC(smb_buffer_response)
3149                                                      - 1) / 2;
3150                                                 bcc_ptr++;      /* Unicode strings must be word aligned */
3151                                         } else {
3152                                                 remaining_words = BCC(smb_buffer_response) / 2;
3153                                         }
3154                                         len = UniStrnlen((wchar_t *) bcc_ptr,
3155                                                         remaining_words - 1);
3156 /* We look for obvious messed up bcc or strings in response so we do not go off
3157   the end since (at least) WIN2K and Windows XP have a major bug in not null
3158   terminating last Unicode string in response  */
3159                                         if (ses->serverOS)
3160                                                 kfree(ses->serverOS);
3161                                         ses->serverOS =
3162                                             kzalloc(2 * (len + 1), GFP_KERNEL);
3163                                         cifs_strfromUCS_le(ses->serverOS,
3164                                                            (__le16 *)
3165                                                            bcc_ptr, len,
3166                                                            nls_codepage);
3167                                         bcc_ptr += 2 * (len + 1);
3168                                         remaining_words -= len + 1;
3169                                         ses->serverOS[2 * len] = 0;
3170                                         ses->serverOS[1 + (2 * len)] = 0;
3171                                         if (remaining_words > 0) {
3172                                                 len = UniStrnlen((wchar_t *)
3173                                                                  bcc_ptr,
3174                                                                  remaining_words
3175                                                                  - 1);
3176                                                 kfree(ses->serverNOS);
3177                                                 ses->serverNOS =
3178                                                     kzalloc(2 * (len + 1),
3179                                                             GFP_KERNEL);
3180                                                 cifs_strfromUCS_le(ses->
3181                                                                    serverNOS,
3182                                                                    (__le16 *)
3183                                                                    bcc_ptr,
3184                                                                    len,
3185                                                                    nls_codepage);
3186                                                 bcc_ptr += 2 * (len + 1);
3187                                                 ses->serverNOS[2 * len] = 0;
3188                                                 ses->serverNOS[1+(2*len)] = 0;
3189                                                 remaining_words -= len + 1;
3190                                                 if (remaining_words > 0) {
3191                                                         len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
3192      /* last string not always null terminated (e.g. for Windows XP & 2000) */
3193                                                         if (ses->serverDomain)
3194                                                                 kfree(ses->serverDomain);
3195                                                         ses->serverDomain =
3196                                                             kzalloc(2 *
3197                                                                     (len +
3198                                                                      1),
3199                                                                     GFP_KERNEL);
3200                                                         cifs_strfromUCS_le
3201                                                             (ses->
3202                                                              serverDomain,
3203                                                              (__le16 *)
3204                                                              bcc_ptr, len,
3205                                                              nls_codepage);
3206                                                         bcc_ptr +=
3207                                                             2 * (len + 1);
3208                                                         ses->
3209                                                             serverDomain[2
3210                                                                          * len]
3211                                                             = 0;
3212                                                         ses->
3213                                                             serverDomain[1
3214                                                                          +
3215                                                                          (2
3216                                                                           *
3217                                                                           len)]
3218                                                             = 0;
3219                                                 } /* else no more room so create dummy domain string */
3220                                                 else {
3221                                                         if (ses->serverDomain)
3222                                                                 kfree(ses->serverDomain);
3223                                                         ses->serverDomain = kzalloc(2,GFP_KERNEL);
3224                                                 }
3225                                         } else {  /* no room so create dummy domain and NOS string */
3226                                                 if (ses->serverDomain)
3227                                                         kfree(ses->serverDomain);
3228                                                 ses->serverDomain = kzalloc(2, GFP_KERNEL);
3229                                                 kfree(ses->serverNOS);
3230                                                 ses->serverNOS = kzalloc(2, GFP_KERNEL);
3231                                         }
3232                                 } else {        /* ASCII */
3233                                         len = strnlen(bcc_ptr, 1024);
3234                                         if (((long) bcc_ptr + len) -
3235                                            (long) pByteArea(smb_buffer_response)
3236                                                 <= BCC(smb_buffer_response)) {
3237                                                 if (ses->serverOS)
3238                                                         kfree(ses->serverOS);
3239                                                 ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
3240                                                 strncpy(ses->serverOS,bcc_ptr, len);
3241
3242                                                 bcc_ptr += len;
3243                                                 bcc_ptr[0] = 0; /* null terminate the string */
3244                                                 bcc_ptr++;
3245
3246                                                 len = strnlen(bcc_ptr, 1024);
3247                                                 kfree(ses->serverNOS);
3248                                                 ses->serverNOS = kzalloc(len+1,
3249                                                                     GFP_KERNEL);
3250                                                 strncpy(ses->serverNOS,
3251                                                         bcc_ptr, len);
3252                                                 bcc_ptr += len;
3253                                                 bcc_ptr[0] = 0;
3254                                                 bcc_ptr++;
3255
3256                                                 len = strnlen(bcc_ptr, 1024);
3257                                                 if (ses->serverDomain)
3258                                                         kfree(ses->serverDomain);
3259                                                 ses->serverDomain =
3260                                                                 kzalloc(len+1,
3261                                                                     GFP_KERNEL);
3262                                                 strncpy(ses->serverDomain,
3263                                                         bcc_ptr, len);
3264                                                 bcc_ptr += len;
3265                                                 bcc_ptr[0] = 0;
3266                                                 bcc_ptr++;
3267                                         } else
3268                                                 cFYI(1, ("field of length %d "
3269                                                    "extends beyond end of smb ",
3270                                                       len));
3271                                 }
3272                         } else {
3273                                 cERROR(1, ("Security Blob extends beyond end "
3274                                         "of SMB"));
3275                         }
3276                 } else {
3277                         cERROR(1, ("No session structure passed in."));
3278                 }
3279         } else {
3280                 cERROR(1, ("Invalid Word count %d: ",
3281                         smb_buffer_response->WordCount));
3282                 rc = -EIO;
3283         }
3284
3285         cifs_buf_release(smb_buffer);
3286
3287         return rc;
3288 }
3289
3290 int
3291 CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3292          const char *tree, struct cifsTconInfo *tcon,
3293          const struct nls_table *nls_codepage)
3294 {
3295         struct smb_hdr *smb_buffer;
3296         struct smb_hdr *smb_buffer_response;
3297         TCONX_REQ *pSMB;
3298         TCONX_RSP *pSMBr;
3299         unsigned char *bcc_ptr;
3300         int rc = 0;
3301         int length;
3302         __u16 count;
3303
3304         if (ses == NULL)
3305                 return -EIO;
3306
3307         smb_buffer = cifs_buf_get();
3308         if (smb_buffer == NULL) {
3309                 return -ENOMEM;
3310         }
3311         smb_buffer_response = smb_buffer;
3312
3313         header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3314                         NULL /*no tid */ , 4 /*wct */ );
3315
3316         smb_buffer->Mid = GetNextMid(ses->server);
3317         smb_buffer->Uid = ses->Suid;
3318         pSMB = (TCONX_REQ *) smb_buffer;
3319         pSMBr = (TCONX_RSP *) smb_buffer_response;
3320
3321         pSMB->AndXCommand = 0xFF;
3322         pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
3323         bcc_ptr = &pSMB->Password[0];
3324         if ((ses->server->secMode) & SECMODE_USER) {
3325                 pSMB->PasswordLength = cpu_to_le16(1);  /* minimum */
3326                 *bcc_ptr = 0; /* password is null byte */
3327                 bcc_ptr++;              /* skip password */
3328                 /* already aligned so no need to do it below */
3329         } else {
3330                 pSMB->PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);
3331                 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3332                    specified as required (when that support is added to
3333                    the vfs in the future) as only NTLM or the much
3334                    weaker LANMAN (which we do not send by default) is accepted
3335                    by Samba (not sure whether other servers allow
3336                    NTLMv2 password here) */
3337 #ifdef CONFIG_CIFS_WEAK_PW_HASH
3338                 if ((extended_security & CIFSSEC_MAY_LANMAN) &&
3339                         (ses->server->secType == LANMAN))
3340                         calc_lanman_hash(ses, bcc_ptr);
3341                 else
3342 #endif /* CIFS_WEAK_PW_HASH */
3343                 SMBNTencrypt(ses->password,
3344                              ses->server->cryptKey,
3345                              bcc_ptr);
3346
3347                 bcc_ptr += CIFS_SESS_KEY_SIZE;
3348                 if (ses->capabilities & CAP_UNICODE) {
3349                         /* must align unicode strings */
3350                         *bcc_ptr = 0; /* null byte password */
3351                         bcc_ptr++;
3352                 }
3353         }
3354
3355         if (ses->server->secMode &
3356                         (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3357                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3358
3359         if (ses->capabilities & CAP_STATUS32) {
3360                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3361         }
3362         if (ses->capabilities & CAP_DFS) {
3363                 smb_buffer->Flags2 |= SMBFLG2_DFS;
3364         }
3365         if (ses->capabilities & CAP_UNICODE) {
3366                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3367                 length =
3368                     cifs_strtoUCS((__le16 *) bcc_ptr, tree,
3369                         6 /* max utf8 char length in bytes */ *
3370                         (/* server len*/ + 256 /* share len */), nls_codepage);
3371                 bcc_ptr += 2 * length;  /* convert num 16 bit words to bytes */
3372                 bcc_ptr += 2;   /* skip trailing null */
3373         } else {                /* ASCII */
3374                 strcpy(bcc_ptr, tree);
3375                 bcc_ptr += strlen(tree) + 1;
3376         }
3377         strcpy(bcc_ptr, "?????");
3378         bcc_ptr += strlen("?????");
3379         bcc_ptr += 1;
3380         count = bcc_ptr - &pSMB->Password[0];
3381         pSMB->hdr.smb_buf_length += count;
3382         pSMB->ByteCount = cpu_to_le16(count);
3383
3384         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length, 0);
3385
3386         /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3387         /* above now done in SendReceive */
3388         if ((rc == 0) && (tcon != NULL)) {
3389                 tcon->tidStatus = CifsGood;
3390                 tcon->tid = smb_buffer_response->Tid;
3391                 bcc_ptr = pByteArea(smb_buffer_response);
3392                 length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2);
3393                 /* skip service field (NB: this field is always ASCII) */
3394                 if (length == 3) {
3395                         if ((bcc_ptr[0] == 'I') && (bcc_ptr[1] == 'P') &&
3396                             (bcc_ptr[2] == 'C')) {
3397                                 cFYI(1, ("IPC connection"));
3398                                 tcon->ipc = 1;
3399                         }
3400                 } else if (length == 2) {
3401                         if ((bcc_ptr[0] == 'A') && (bcc_ptr[1] == ':')) {
3402                                 /* the most common case */
3403                                 cFYI(1, ("disk share connection"));
3404                         }
3405                 }
3406                 bcc_ptr += length + 1;
3407                 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3408                 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3409                         length = UniStrnlen((wchar_t *) bcc_ptr, 512);
3410                         if ((bcc_ptr + (2 * length)) -
3411                              pByteArea(smb_buffer_response) <=
3412                             BCC(smb_buffer_response)) {
3413                                 kfree(tcon->nativeFileSystem);
3414                                 tcon->nativeFileSystem =
3415                                     kzalloc(length + 2, GFP_KERNEL);
3416                                 if (tcon->nativeFileSystem)
3417                                         cifs_strfromUCS_le(
3418                                                 tcon->nativeFileSystem,
3419                                                 (__le16 *) bcc_ptr,
3420                                                 length, nls_codepage);
3421                                 bcc_ptr += 2 * length;
3422                                 bcc_ptr[0] = 0; /* null terminate the string */
3423                                 bcc_ptr[1] = 0;
3424                                 bcc_ptr += 2;
3425                         }
3426                         /* else do not bother copying these information fields*/
3427                 } else {
3428                         length = strnlen(bcc_ptr, 1024);
3429                         if ((bcc_ptr + length) -
3430                             pByteArea(smb_buffer_response) <=
3431                             BCC(smb_buffer_response)) {
3432                                 kfree(tcon->nativeFileSystem);
3433                                 tcon->nativeFileSystem =
3434                                     kzalloc(length + 1, GFP_KERNEL);
3435                                 if (tcon->nativeFileSystem)
3436                                         strncpy(tcon->nativeFileSystem, bcc_ptr,
3437                                                 length);
3438                         }
3439                         /* else do not bother copying these information fields*/
3440                 }
3441                 if ((smb_buffer_response->WordCount == 3) ||
3442                          (smb_buffer_response->WordCount == 7))
3443                         /* field is in same location */
3444                         tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3445                 else
3446                         tcon->Flags = 0;
3447                 cFYI(1, ("Tcon flags: 0x%x ", tcon->Flags));
3448         } else if ((rc == 0) && tcon == NULL) {
3449                 /* all we need to save for IPC$ connection */
3450                 ses->ipc_tid = smb_buffer_response->Tid;
3451         }
3452
3453         cifs_buf_release(smb_buffer);
3454         return rc;
3455 }
3456
3457 int
3458 cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3459 {
3460         int rc = 0;
3461         int xid;
3462         struct cifsSesInfo *ses = NULL;
3463         struct task_struct *cifsd_task;
3464         char *tmp;
3465
3466         xid = GetXid();
3467
3468         if (cifs_sb->tcon) {
3469                 ses = cifs_sb->tcon->ses; /* save ptr to ses before delete tcon!*/
3470                 rc = CIFSSMBTDis(xid, cifs_sb->tcon);
3471                 if (rc == -EBUSY) {
3472                         FreeXid(xid);
3473                         return 0;
3474                 }
3475                 tconInfoFree(cifs_sb->tcon);
3476                 if ((ses) && (ses->server)) {
3477                         /* save off task so we do not refer to ses later */
3478                         cifsd_task = ses->server->tsk;
3479                         cFYI(1, ("About to do SMBLogoff "));
3480                         rc = CIFSSMBLogoff(xid, ses);
3481                         if (rc == -EBUSY) {
3482                                 FreeXid(xid);
3483                                 return 0;
3484                         } else if (rc == -ESHUTDOWN) {
3485                                 cFYI(1, ("Waking up socket by sending signal"));
3486                                 if (cifsd_task) {
3487                                         force_sig(SIGKILL, cifsd_task);
3488                                         kthread_stop(cifsd_task);
3489                                 }
3490                                 rc = 0;
3491                         } /* else - we have an smb session
3492                                 left on this socket do not kill cifsd */
3493                 } else
3494                         cFYI(1, ("No session or bad tcon"));
3495         }
3496
3497         cifs_sb->tcon = NULL;
3498         tmp = cifs_sb->prepath;
3499         cifs_sb->prepathlen = 0;
3500         cifs_sb->prepath = NULL;
3501         kfree(tmp);
3502         if (ses)
3503                 schedule_timeout_interruptible(msecs_to_jiffies(500));
3504         if (ses)
3505                 sesInfoFree(ses);
3506
3507         FreeXid(xid);
3508         return rc;      /* BB check if we should always return zero here */
3509 }
3510
3511 int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
3512                                            struct nls_table *nls_info)
3513 {
3514         int rc = 0;
3515         char ntlm_session_key[CIFS_SESS_KEY_SIZE];
3516         int ntlmv2_flag = FALSE;
3517         int first_time = 0;
3518
3519         /* what if server changes its buffer size after dropping the session? */
3520         if (pSesInfo->server->maxBuf == 0) /* no need to send on reconnect */ {
3521                 rc = CIFSSMBNegotiate(xid, pSesInfo);
3522                 if (rc == -EAGAIN) /* retry only once on 1st time connection */ {
3523                         rc = CIFSSMBNegotiate(xid, pSesInfo);
3524                         if (rc == -EAGAIN)
3525                                 rc = -EHOSTDOWN;
3526                 }
3527                 if (rc == 0) {
3528                         spin_lock(&GlobalMid_Lock);
3529                         if (pSesInfo->server->tcpStatus != CifsExiting)
3530                                 pSesInfo->server->tcpStatus = CifsGood;
3531                         else
3532                                 rc = -EHOSTDOWN;
3533                         spin_unlock(&GlobalMid_Lock);
3534
3535                 }
3536                 first_time = 1;
3537         }
3538         if (!rc) {
3539                 pSesInfo->flags = 0;
3540                 pSesInfo->capabilities = pSesInfo->server->capabilities;
3541                 if (linuxExtEnabled == 0)
3542                         pSesInfo->capabilities &= (~CAP_UNIX);
3543         /*      pSesInfo->sequence_number = 0;*/
3544                 cFYI(1,
3545                       ("Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d",
3546                         pSesInfo->server->secMode,
3547                         pSesInfo->server->capabilities,
3548                         pSesInfo->server->timeAdj));
3549                 if (experimEnabled < 2)
3550                         rc = CIFS_SessSetup(xid, pSesInfo,
3551                                             first_time, nls_info);
3552                 else if (extended_security
3553                                 && (pSesInfo->capabilities
3554                                         & CAP_EXTENDED_SECURITY)
3555                                 && (pSesInfo->server->secType == NTLMSSP)) {
3556                         rc = -EOPNOTSUPP;
3557                 } else if (extended_security
3558                            && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3559                            && (pSesInfo->server->secType == RawNTLMSSP)) {
3560                         cFYI(1, ("NTLMSSP sesssetup"));
3561                         rc = CIFSNTLMSSPNegotiateSessSetup(xid,
3562                                                 pSesInfo,
3563                                                 &ntlmv2_flag,
3564                                                 nls_info);
3565                         if (!rc) {
3566                                 if (ntlmv2_flag) {
3567                                         char *v2_response;
3568                                         cFYI(1, ("more secure NTLM ver2 hash"));
3569                                         if (CalcNTLMv2_partial_mac_key(pSesInfo,
3570                                                 nls_info)) {
3571                                                 rc = -ENOMEM;
3572                                                 goto ss_err_exit;
3573                                         } else
3574                                                 v2_response = kmalloc(16 + 64 /* blob */, GFP_KERNEL);
3575                                         if (v2_response) {
3576                                                 CalcNTLMv2_response(pSesInfo,
3577                                                                    v2_response);
3578                                 /*              if (first_time)
3579                                                   cifs_calculate_ntlmv2_mac_key(
3580                                                    pSesInfo->server->mac_signing_key,
3581                                                    response, ntlm_session_key,*/
3582                                                 kfree(v2_response);
3583                                         /* BB Put dummy sig in SessSetup PDU? */
3584                                         } else {
3585                                                 rc = -ENOMEM;
3586                                                 goto ss_err_exit;
3587                                         }
3588
3589                                 } else {
3590                                         SMBNTencrypt(pSesInfo->password,
3591                                                 pSesInfo->server->cryptKey,
3592                                                 ntlm_session_key);
3593
3594                                         if (first_time)
3595                                                 cifs_calculate_mac_key(
3596                                                         &pSesInfo->server->mac_signing_key,
3597                                                         ntlm_session_key,
3598                                                         pSesInfo->password);
3599                                 }
3600                         /* for better security the weaker lanman hash not sent
3601                            in AuthSessSetup so we no longer calculate it */
3602
3603                                 rc = CIFSNTLMSSPAuthSessSetup(xid,
3604                                         pSesInfo,
3605                                         ntlm_session_key,
3606                                         ntlmv2_flag,
3607                                         nls_info);
3608                         }
3609                 } else { /* old style NTLM 0.12 session setup */
3610                         SMBNTencrypt(pSesInfo->password,
3611                                 pSesInfo->server->cryptKey,
3612                                 ntlm_session_key);
3613
3614                         if (first_time)
3615                                 cifs_calculate_mac_key(
3616                                         &pSesInfo->server->mac_signing_key,
3617                                         ntlm_session_key, pSesInfo->password);
3618
3619                         rc = CIFSSessSetup(xid, pSesInfo,
3620                                 ntlm_session_key, nls_info);
3621                 }
3622                 if (rc) {
3623                         cERROR(1, ("Send error in SessSetup = %d", rc));
3624                 } else {
3625                         cFYI(1, ("CIFS Session Established successfully"));
3626                         pSesInfo->status = CifsGood;
3627                 }
3628         }
3629 ss_err_exit:
3630         return rc;
3631 }
3632