Linux 2.6.31-rc6
[linux-2.6] / fs / cifs / connect.c
1 /*
2  *   fs/cifs/connect.c
3  *
4  *   Copyright (C) International Business Machines  Corp., 2002,2009
5  *   Author(s): Steve French (sfrench@us.ibm.com)
6  *
7  *   This library is free software; you can redistribute it and/or modify
8  *   it under the terms of the GNU Lesser General Public License as published
9  *   by the Free Software Foundation; either version 2.1 of the License, or
10  *   (at your option) any later version.
11  *
12  *   This library is distributed in the hope that it will be useful,
13  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
14  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
15  *   the GNU Lesser General Public License for more details.
16  *
17  *   You should have received a copy of the GNU Lesser General Public License
18  *   along with this library; if not, write to the Free Software
19  *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20  */
21 #include <linux/fs.h>
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/pagemap.h>
27 #include <linux/ctype.h>
28 #include <linux/utsname.h>
29 #include <linux/mempool.h>
30 #include <linux/delay.h>
31 #include <linux/completion.h>
32 #include <linux/kthread.h>
33 #include <linux/pagevec.h>
34 #include <linux/freezer.h>
35 #include <linux/namei.h>
36 #include <asm/uaccess.h>
37 #include <asm/processor.h>
38 #include <linux/inet.h>
39 #include <net/ipv6.h>
40 #include "cifspdu.h"
41 #include "cifsglob.h"
42 #include "cifsproto.h"
43 #include "cifs_unicode.h"
44 #include "cifs_debug.h"
45 #include "cifs_fs_sb.h"
46 #include "ntlmssp.h"
47 #include "nterr.h"
48 #include "rfc1002pdu.h"
49 #include "cn_cifs.h"
50
51 #define CIFS_PORT 445
52 #define RFC1001_PORT 139
53
54 extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
55                          unsigned char *p24);
56
57 extern mempool_t *cifs_req_poolp;
58
59 struct smb_vol {
60         char *username;
61         char *password;
62         char *domainname;
63         char *UNC;
64         char *UNCip;
65         char *iocharset;  /* local code page for mapping to and from Unicode */
66         char source_rfc1001_name[16]; /* netbios name of client */
67         char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
68         uid_t linux_uid;
69         gid_t linux_gid;
70         mode_t file_mode;
71         mode_t dir_mode;
72         unsigned secFlg;
73         bool retry:1;
74         bool intr:1;
75         bool setuids:1;
76         bool override_uid:1;
77         bool override_gid:1;
78         bool dynperm:1;
79         bool noperm:1;
80         bool no_psx_acl:1; /* set if posix acl support should be disabled */
81         bool cifs_acl:1;
82         bool no_xattr:1;   /* set if xattr (EA) support should be disabled*/
83         bool server_ino:1; /* use inode numbers from server ie UniqueId */
84         bool direct_io:1;
85         bool remap:1;      /* set to remap seven reserved chars in filenames */
86         bool posix_paths:1; /* unset to not ask for posix pathnames. */
87         bool no_linux_ext:1;
88         bool sfu_emul:1;
89         bool nullauth:1;   /* attempt to authenticate with null user */
90         bool nocase:1;     /* request case insensitive filenames */
91         bool nobrl:1;      /* disable sending byte range locks to srv */
92         bool mand_lock:1;  /* send mandatory not posix byte range lock reqs */
93         bool seal:1;       /* request transport encryption on share */
94         bool nodfs:1;      /* Do not request DFS, even if available */
95         bool local_lease:1; /* check leases only on local system, not remote */
96         bool noblocksnd:1;
97         bool noautotune:1;
98         bool nostrictsync:1; /* do not force expensive SMBflush on every sync */
99         unsigned int rsize;
100         unsigned int wsize;
101         unsigned int sockopt;
102         unsigned short int port;
103         char *prepath;
104 };
105
106 static int ipv4_connect(struct TCP_Server_Info *server);
107 static int ipv6_connect(struct TCP_Server_Info *server);
108
109 /*
110  * cifs tcp session reconnection
111  *
112  * mark tcp session as reconnecting so temporarily locked
113  * mark all smb sessions as reconnecting for tcp session
114  * reconnect tcp session
115  * wake up waiters on reconnection? - (not needed currently)
116  */
117 static int
118 cifs_reconnect(struct TCP_Server_Info *server)
119 {
120         int rc = 0;
121         struct list_head *tmp, *tmp2;
122         struct cifsSesInfo *ses;
123         struct cifsTconInfo *tcon;
124         struct mid_q_entry *mid_entry;
125
126         spin_lock(&GlobalMid_Lock);
127         if (server->tcpStatus == CifsExiting) {
128                 /* the demux thread will exit normally
129                 next time through the loop */
130                 spin_unlock(&GlobalMid_Lock);
131                 return rc;
132         } else
133                 server->tcpStatus = CifsNeedReconnect;
134         spin_unlock(&GlobalMid_Lock);
135         server->maxBuf = 0;
136
137         cFYI(1, ("Reconnecting tcp session"));
138
139         /* before reconnecting the tcp session, mark the smb session (uid)
140                 and the tid bad so they are not used until reconnected */
141         read_lock(&cifs_tcp_ses_lock);
142         list_for_each(tmp, &server->smb_ses_list) {
143                 ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
144                 ses->need_reconnect = true;
145                 ses->ipc_tid = 0;
146                 list_for_each(tmp2, &ses->tcon_list) {
147                         tcon = list_entry(tmp2, struct cifsTconInfo, tcon_list);
148                         tcon->need_reconnect = true;
149                 }
150         }
151         read_unlock(&cifs_tcp_ses_lock);
152         /* do not want to be sending data on a socket we are freeing */
153         mutex_lock(&server->srv_mutex);
154         if (server->ssocket) {
155                 cFYI(1, ("State: 0x%x Flags: 0x%lx", server->ssocket->state,
156                         server->ssocket->flags));
157                 kernel_sock_shutdown(server->ssocket, SHUT_WR);
158                 cFYI(1, ("Post shutdown state: 0x%x Flags: 0x%lx",
159                         server->ssocket->state,
160                         server->ssocket->flags));
161                 sock_release(server->ssocket);
162                 server->ssocket = NULL;
163         }
164
165         spin_lock(&GlobalMid_Lock);
166         list_for_each(tmp, &server->pending_mid_q) {
167                 mid_entry = list_entry(tmp, struct
168                                         mid_q_entry,
169                                         qhead);
170                 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
171                                 /* Mark other intransit requests as needing
172                                    retry so we do not immediately mark the
173                                    session bad again (ie after we reconnect
174                                    below) as they timeout too */
175                         mid_entry->midState = MID_RETRY_NEEDED;
176                 }
177         }
178         spin_unlock(&GlobalMid_Lock);
179         mutex_unlock(&server->srv_mutex);
180
181         while ((server->tcpStatus != CifsExiting) &&
182                (server->tcpStatus != CifsGood)) {
183                 try_to_freeze();
184                 if (server->addr.sockAddr6.sin6_family == AF_INET6)
185                         rc = ipv6_connect(server);
186                 else
187                         rc = ipv4_connect(server);
188                 if (rc) {
189                         cFYI(1, ("reconnect error %d", rc));
190                         msleep(3000);
191                 } else {
192                         atomic_inc(&tcpSesReconnectCount);
193                         spin_lock(&GlobalMid_Lock);
194                         if (server->tcpStatus != CifsExiting)
195                                 server->tcpStatus = CifsGood;
196                         server->sequence_number = 0;
197                         spin_unlock(&GlobalMid_Lock);
198         /*              atomic_set(&server->inFlight,0);*/
199                         wake_up(&server->response_q);
200                 }
201         }
202         return rc;
203 }
204
205 /*
206         return codes:
207                 0       not a transact2, or all data present
208                 >0      transact2 with that much data missing
209                 -EINVAL = invalid transact2
210
211  */
212 static int check2ndT2(struct smb_hdr *pSMB, unsigned int maxBufSize)
213 {
214         struct smb_t2_rsp *pSMBt;
215         int total_data_size;
216         int data_in_this_rsp;
217         int remaining;
218
219         if (pSMB->Command != SMB_COM_TRANSACTION2)
220                 return 0;
221
222         /* check for plausible wct, bcc and t2 data and parm sizes */
223         /* check for parm and data offset going beyond end of smb */
224         if (pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
225                 cFYI(1, ("invalid transact2 word count"));
226                 return -EINVAL;
227         }
228
229         pSMBt = (struct smb_t2_rsp *)pSMB;
230
231         total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
232         data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
233
234         remaining = total_data_size - data_in_this_rsp;
235
236         if (remaining == 0)
237                 return 0;
238         else if (remaining < 0) {
239                 cFYI(1, ("total data %d smaller than data in frame %d",
240                         total_data_size, data_in_this_rsp));
241                 return -EINVAL;
242         } else {
243                 cFYI(1, ("missing %d bytes from transact2, check next response",
244                         remaining));
245                 if (total_data_size > maxBufSize) {
246                         cERROR(1, ("TotalDataSize %d is over maximum buffer %d",
247                                 total_data_size, maxBufSize));
248                         return -EINVAL;
249                 }
250                 return remaining;
251         }
252 }
253
254 static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
255 {
256         struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
257         struct smb_t2_rsp *pSMBt  = (struct smb_t2_rsp *)pTargetSMB;
258         int total_data_size;
259         int total_in_buf;
260         int remaining;
261         int total_in_buf2;
262         char *data_area_of_target;
263         char *data_area_of_buf2;
264         __u16 byte_count;
265
266         total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
267
268         if (total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
269                 cFYI(1, ("total data size of primary and secondary t2 differ"));
270         }
271
272         total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
273
274         remaining = total_data_size - total_in_buf;
275
276         if (remaining < 0)
277                 return -EINVAL;
278
279         if (remaining == 0) /* nothing to do, ignore */
280                 return 0;
281
282         total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
283         if (remaining < total_in_buf2) {
284                 cFYI(1, ("transact2 2nd response contains too much data"));
285         }
286
287         /* find end of first SMB data area */
288         data_area_of_target = (char *)&pSMBt->hdr.Protocol +
289                                 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
290         /* validate target area */
291
292         data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
293                                         le16_to_cpu(pSMB2->t2_rsp.DataOffset);
294
295         data_area_of_target += total_in_buf;
296
297         /* copy second buffer into end of first buffer */
298         memcpy(data_area_of_target, data_area_of_buf2, total_in_buf2);
299         total_in_buf += total_in_buf2;
300         pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
301         byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
302         byte_count += total_in_buf2;
303         BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
304
305         byte_count = pTargetSMB->smb_buf_length;
306         byte_count += total_in_buf2;
307
308         /* BB also add check that we are not beyond maximum buffer size */
309
310         pTargetSMB->smb_buf_length = byte_count;
311
312         if (remaining == total_in_buf2) {
313                 cFYI(1, ("found the last secondary response"));
314                 return 0; /* we are done */
315         } else /* more responses to go */
316                 return 1;
317
318 }
319
320 static int
321 cifs_demultiplex_thread(struct TCP_Server_Info *server)
322 {
323         int length;
324         unsigned int pdu_length, total_read;
325         struct smb_hdr *smb_buffer = NULL;
326         struct smb_hdr *bigbuf = NULL;
327         struct smb_hdr *smallbuf = NULL;
328         struct msghdr smb_msg;
329         struct kvec iov;
330         struct socket *csocket = server->ssocket;
331         struct list_head *tmp;
332         struct cifsSesInfo *ses;
333         struct task_struct *task_to_wake = NULL;
334         struct mid_q_entry *mid_entry;
335         char temp;
336         bool isLargeBuf = false;
337         bool isMultiRsp;
338         int reconnect;
339
340         current->flags |= PF_MEMALLOC;
341         cFYI(1, ("Demultiplex PID: %d", task_pid_nr(current)));
342
343         length = atomic_inc_return(&tcpSesAllocCount);
344         if (length > 1)
345                 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
346                                 GFP_KERNEL);
347
348         set_freezable();
349         while (server->tcpStatus != CifsExiting) {
350                 if (try_to_freeze())
351                         continue;
352                 if (bigbuf == NULL) {
353                         bigbuf = cifs_buf_get();
354                         if (!bigbuf) {
355                                 cERROR(1, ("No memory for large SMB response"));
356                                 msleep(3000);
357                                 /* retry will check if exiting */
358                                 continue;
359                         }
360                 } else if (isLargeBuf) {
361                         /* we are reusing a dirty large buf, clear its start */
362                         memset(bigbuf, 0, sizeof(struct smb_hdr));
363                 }
364
365                 if (smallbuf == NULL) {
366                         smallbuf = cifs_small_buf_get();
367                         if (!smallbuf) {
368                                 cERROR(1, ("No memory for SMB response"));
369                                 msleep(1000);
370                                 /* retry will check if exiting */
371                                 continue;
372                         }
373                         /* beginning of smb buffer is cleared in our buf_get */
374                 } else /* if existing small buf clear beginning */
375                         memset(smallbuf, 0, sizeof(struct smb_hdr));
376
377                 isLargeBuf = false;
378                 isMultiRsp = false;
379                 smb_buffer = smallbuf;
380                 iov.iov_base = smb_buffer;
381                 iov.iov_len = 4;
382                 smb_msg.msg_control = NULL;
383                 smb_msg.msg_controllen = 0;
384                 pdu_length = 4; /* enough to get RFC1001 header */
385 incomplete_rcv:
386                 length =
387                     kernel_recvmsg(csocket, &smb_msg,
388                                 &iov, 1, pdu_length, 0 /* BB other flags? */);
389
390                 if (server->tcpStatus == CifsExiting) {
391                         break;
392                 } else if (server->tcpStatus == CifsNeedReconnect) {
393                         cFYI(1, ("Reconnect after server stopped responding"));
394                         cifs_reconnect(server);
395                         cFYI(1, ("call to reconnect done"));
396                         csocket = server->ssocket;
397                         continue;
398                 } else if ((length == -ERESTARTSYS) || (length == -EAGAIN)) {
399                         msleep(1); /* minimum sleep to prevent looping
400                                 allowing socket to clear and app threads to set
401                                 tcpStatus CifsNeedReconnect if server hung */
402                         if (pdu_length < 4) {
403                                 iov.iov_base = (4 - pdu_length) +
404                                                         (char *)smb_buffer;
405                                 iov.iov_len = pdu_length;
406                                 smb_msg.msg_control = NULL;
407                                 smb_msg.msg_controllen = 0;
408                                 goto incomplete_rcv;
409                         } else
410                                 continue;
411                 } else if (length <= 0) {
412                         if (server->tcpStatus == CifsNew) {
413                                 cFYI(1, ("tcp session abend after SMBnegprot"));
414                                 /* some servers kill the TCP session rather than
415                                    returning an SMB negprot error, in which
416                                    case reconnecting here is not going to help,
417                                    and so simply return error to mount */
418                                 break;
419                         }
420                         if (!try_to_freeze() && (length == -EINTR)) {
421                                 cFYI(1, ("cifsd thread killed"));
422                                 break;
423                         }
424                         cFYI(1, ("Reconnect after unexpected peek error %d",
425                                 length));
426                         cifs_reconnect(server);
427                         csocket = server->ssocket;
428                         wake_up(&server->response_q);
429                         continue;
430                 } else if (length < pdu_length) {
431                         cFYI(1, ("requested %d bytes but only got %d bytes",
432                                   pdu_length, length));
433                         pdu_length -= length;
434                         msleep(1);
435                         goto incomplete_rcv;
436                 }
437
438                 /* The right amount was read from socket - 4 bytes */
439                 /* so we can now interpret the length field */
440
441                 /* the first byte big endian of the length field,
442                 is actually not part of the length but the type
443                 with the most common, zero, as regular data */
444                 temp = *((char *) smb_buffer);
445
446                 /* Note that FC 1001 length is big endian on the wire,
447                 but we convert it here so it is always manipulated
448                 as host byte order */
449                 pdu_length = be32_to_cpu((__force __be32)smb_buffer->smb_buf_length);
450                 smb_buffer->smb_buf_length = pdu_length;
451
452                 cFYI(1, ("rfc1002 length 0x%x", pdu_length+4));
453
454                 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
455                         continue;
456                 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
457                         cFYI(1, ("Good RFC 1002 session rsp"));
458                         continue;
459                 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
460                         /* we get this from Windows 98 instead of
461                            an error on SMB negprot response */
462                         cFYI(1, ("Negative RFC1002 Session Response Error 0x%x)",
463                                 pdu_length));
464                         if (server->tcpStatus == CifsNew) {
465                                 /* if nack on negprot (rather than
466                                 ret of smb negprot error) reconnecting
467                                 not going to help, ret error to mount */
468                                 break;
469                         } else {
470                                 /* give server a second to
471                                 clean up before reconnect attempt */
472                                 msleep(1000);
473                                 /* always try 445 first on reconnect
474                                 since we get NACK on some if we ever
475                                 connected to port 139 (the NACK is
476                                 since we do not begin with RFC1001
477                                 session initialize frame) */
478                                 server->addr.sockAddr.sin_port =
479                                         htons(CIFS_PORT);
480                                 cifs_reconnect(server);
481                                 csocket = server->ssocket;
482                                 wake_up(&server->response_q);
483                                 continue;
484                         }
485                 } else if (temp != (char) 0) {
486                         cERROR(1, ("Unknown RFC 1002 frame"));
487                         cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
488                                       length);
489                         cifs_reconnect(server);
490                         csocket = server->ssocket;
491                         continue;
492                 }
493
494                 /* else we have an SMB response */
495                 if ((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
496                             (pdu_length < sizeof(struct smb_hdr) - 1 - 4)) {
497                         cERROR(1, ("Invalid size SMB length %d pdu_length %d",
498                                         length, pdu_length+4));
499                         cifs_reconnect(server);
500                         csocket = server->ssocket;
501                         wake_up(&server->response_q);
502                         continue;
503                 }
504
505                 /* else length ok */
506                 reconnect = 0;
507
508                 if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
509                         isLargeBuf = true;
510                         memcpy(bigbuf, smallbuf, 4);
511                         smb_buffer = bigbuf;
512                 }
513                 length = 0;
514                 iov.iov_base = 4 + (char *)smb_buffer;
515                 iov.iov_len = pdu_length;
516                 for (total_read = 0; total_read < pdu_length;
517                      total_read += length) {
518                         length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
519                                                 pdu_length - total_read, 0);
520                         if ((server->tcpStatus == CifsExiting) ||
521                             (length == -EINTR)) {
522                                 /* then will exit */
523                                 reconnect = 2;
524                                 break;
525                         } else if (server->tcpStatus == CifsNeedReconnect) {
526                                 cifs_reconnect(server);
527                                 csocket = server->ssocket;
528                                 /* Reconnect wakes up rspns q */
529                                 /* Now we will reread sock */
530                                 reconnect = 1;
531                                 break;
532                         } else if ((length == -ERESTARTSYS) ||
533                                    (length == -EAGAIN)) {
534                                 msleep(1); /* minimum sleep to prevent looping,
535                                               allowing socket to clear and app
536                                               threads to set tcpStatus
537                                               CifsNeedReconnect if server hung*/
538                                 length = 0;
539                                 continue;
540                         } else if (length <= 0) {
541                                 cERROR(1, ("Received no data, expecting %d",
542                                               pdu_length - total_read));
543                                 cifs_reconnect(server);
544                                 csocket = server->ssocket;
545                                 reconnect = 1;
546                                 break;
547                         }
548                 }
549                 if (reconnect == 2)
550                         break;
551                 else if (reconnect == 1)
552                         continue;
553
554                 length += 4; /* account for rfc1002 hdr */
555
556
557                 dump_smb(smb_buffer, length);
558                 if (checkSMB(smb_buffer, smb_buffer->Mid, total_read+4)) {
559                         cifs_dump_mem("Bad SMB: ", smb_buffer, 48);
560                         continue;
561                 }
562
563
564                 task_to_wake = NULL;
565                 spin_lock(&GlobalMid_Lock);
566                 list_for_each(tmp, &server->pending_mid_q) {
567                         mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
568
569                         if ((mid_entry->mid == smb_buffer->Mid) &&
570                             (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
571                             (mid_entry->command == smb_buffer->Command)) {
572                                 if (check2ndT2(smb_buffer,server->maxBuf) > 0) {
573                                         /* We have a multipart transact2 resp */
574                                         isMultiRsp = true;
575                                         if (mid_entry->resp_buf) {
576                                                 /* merge response - fix up 1st*/
577                                                 if (coalesce_t2(smb_buffer,
578                                                         mid_entry->resp_buf)) {
579                                                         mid_entry->multiRsp =
580                                                                  true;
581                                                         break;
582                                                 } else {
583                                                         /* all parts received */
584                                                         mid_entry->multiEnd =
585                                                                  true;
586                                                         goto multi_t2_fnd;
587                                                 }
588                                         } else {
589                                                 if (!isLargeBuf) {
590                                                         cERROR(1,("1st trans2 resp needs bigbuf"));
591                                         /* BB maybe we can fix this up,  switch
592                                            to already allocated large buffer? */
593                                                 } else {
594                                                         /* Have first buffer */
595                                                         mid_entry->resp_buf =
596                                                                  smb_buffer;
597                                                         mid_entry->largeBuf =
598                                                                  true;
599                                                         bigbuf = NULL;
600                                                 }
601                                         }
602                                         break;
603                                 }
604                                 mid_entry->resp_buf = smb_buffer;
605                                 mid_entry->largeBuf = isLargeBuf;
606 multi_t2_fnd:
607                                 task_to_wake = mid_entry->tsk;
608                                 mid_entry->midState = MID_RESPONSE_RECEIVED;
609 #ifdef CONFIG_CIFS_STATS2
610                                 mid_entry->when_received = jiffies;
611 #endif
612                                 /* so we do not time out requests to  server
613                                 which is still responding (since server could
614                                 be busy but not dead) */
615                                 server->lstrp = jiffies;
616                                 break;
617                         }
618                 }
619                 spin_unlock(&GlobalMid_Lock);
620                 if (task_to_wake) {
621                         /* Was previous buf put in mpx struct for multi-rsp? */
622                         if (!isMultiRsp) {
623                                 /* smb buffer will be freed by user thread */
624                                 if (isLargeBuf)
625                                         bigbuf = NULL;
626                                 else
627                                         smallbuf = NULL;
628                         }
629                         wake_up_process(task_to_wake);
630                 } else if (!is_valid_oplock_break(smb_buffer, server) &&
631                            !isMultiRsp) {
632                         cERROR(1, ("No task to wake, unknown frame received! "
633                                    "NumMids %d", midCount.counter));
634                         cifs_dump_mem("Received Data is: ", (char *)smb_buffer,
635                                       sizeof(struct smb_hdr));
636 #ifdef CONFIG_CIFS_DEBUG2
637                         cifs_dump_detail(smb_buffer);
638                         cifs_dump_mids(server);
639 #endif /* CIFS_DEBUG2 */
640
641                 }
642         } /* end while !EXITING */
643
644         /* take it off the list, if it's not already */
645         write_lock(&cifs_tcp_ses_lock);
646         list_del_init(&server->tcp_ses_list);
647         write_unlock(&cifs_tcp_ses_lock);
648
649         spin_lock(&GlobalMid_Lock);
650         server->tcpStatus = CifsExiting;
651         spin_unlock(&GlobalMid_Lock);
652         wake_up_all(&server->response_q);
653
654         /* check if we have blocked requests that need to free */
655         /* Note that cifs_max_pending is normally 50, but
656         can be set at module install time to as little as two */
657         spin_lock(&GlobalMid_Lock);
658         if (atomic_read(&server->inFlight) >= cifs_max_pending)
659                 atomic_set(&server->inFlight, cifs_max_pending - 1);
660         /* We do not want to set the max_pending too low or we
661         could end up with the counter going negative */
662         spin_unlock(&GlobalMid_Lock);
663         /* Although there should not be any requests blocked on
664         this queue it can not hurt to be paranoid and try to wake up requests
665         that may haven been blocked when more than 50 at time were on the wire
666         to the same server - they now will see the session is in exit state
667         and get out of SendReceive.  */
668         wake_up_all(&server->request_q);
669         /* give those requests time to exit */
670         msleep(125);
671
672         if (server->ssocket) {
673                 sock_release(csocket);
674                 server->ssocket = NULL;
675         }
676         /* buffer usuallly freed in free_mid - need to free it here on exit */
677         cifs_buf_release(bigbuf);
678         if (smallbuf) /* no sense logging a debug message if NULL */
679                 cifs_small_buf_release(smallbuf);
680
681         /*
682          * BB: we shouldn't have to do any of this. It shouldn't be
683          * possible to exit from the thread with active SMB sessions
684          */
685         read_lock(&cifs_tcp_ses_lock);
686         if (list_empty(&server->pending_mid_q)) {
687                 /* loop through server session structures attached to this and
688                     mark them dead */
689                 list_for_each(tmp, &server->smb_ses_list) {
690                         ses = list_entry(tmp, struct cifsSesInfo,
691                                          smb_ses_list);
692                         ses->status = CifsExiting;
693                         ses->server = NULL;
694                 }
695                 read_unlock(&cifs_tcp_ses_lock);
696         } else {
697                 /* although we can not zero the server struct pointer yet,
698                 since there are active requests which may depnd on them,
699                 mark the corresponding SMB sessions as exiting too */
700                 list_for_each(tmp, &server->smb_ses_list) {
701                         ses = list_entry(tmp, struct cifsSesInfo,
702                                          smb_ses_list);
703                         ses->status = CifsExiting;
704                 }
705
706                 spin_lock(&GlobalMid_Lock);
707                 list_for_each(tmp, &server->pending_mid_q) {
708                 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
709                         if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
710                                 cFYI(1, ("Clearing Mid 0x%x - waking up ",
711                                          mid_entry->mid));
712                                 task_to_wake = mid_entry->tsk;
713                                 if (task_to_wake)
714                                         wake_up_process(task_to_wake);
715                         }
716                 }
717                 spin_unlock(&GlobalMid_Lock);
718                 read_unlock(&cifs_tcp_ses_lock);
719                 /* 1/8th of sec is more than enough time for them to exit */
720                 msleep(125);
721         }
722
723         if (!list_empty(&server->pending_mid_q)) {
724                 /* mpx threads have not exited yet give them
725                 at least the smb send timeout time for long ops */
726                 /* due to delays on oplock break requests, we need
727                 to wait at least 45 seconds before giving up
728                 on a request getting a response and going ahead
729                 and killing cifsd */
730                 cFYI(1, ("Wait for exit from demultiplex thread"));
731                 msleep(46000);
732                 /* if threads still have not exited they are probably never
733                 coming home not much else we can do but free the memory */
734         }
735
736         /* last chance to mark ses pointers invalid
737         if there are any pointing to this (e.g
738         if a crazy root user tried to kill cifsd
739         kernel thread explicitly this might happen) */
740         /* BB: This shouldn't be necessary, see above */
741         read_lock(&cifs_tcp_ses_lock);
742         list_for_each(tmp, &server->smb_ses_list) {
743                 ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
744                 ses->server = NULL;
745         }
746         read_unlock(&cifs_tcp_ses_lock);
747
748         kfree(server->hostname);
749         task_to_wake = xchg(&server->tsk, NULL);
750         kfree(server);
751
752         length = atomic_dec_return(&tcpSesAllocCount);
753         if (length  > 0)
754                 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
755                                 GFP_KERNEL);
756
757         /* if server->tsk was NULL then wait for a signal before exiting */
758         if (!task_to_wake) {
759                 set_current_state(TASK_INTERRUPTIBLE);
760                 while (!signal_pending(current)) {
761                         schedule();
762                         set_current_state(TASK_INTERRUPTIBLE);
763                 }
764                 set_current_state(TASK_RUNNING);
765         }
766
767         module_put_and_exit(0);
768 }
769
770 /* extract the host portion of the UNC string */
771 static char *
772 extract_hostname(const char *unc)
773 {
774         const char *src;
775         char *dst, *delim;
776         unsigned int len;
777
778         /* skip double chars at beginning of string */
779         /* BB: check validity of these bytes? */
780         src = unc + 2;
781
782         /* delimiter between hostname and sharename is always '\\' now */
783         delim = strchr(src, '\\');
784         if (!delim)
785                 return ERR_PTR(-EINVAL);
786
787         len = delim - src;
788         dst = kmalloc((len + 1), GFP_KERNEL);
789         if (dst == NULL)
790                 return ERR_PTR(-ENOMEM);
791
792         memcpy(dst, src, len);
793         dst[len] = '\0';
794
795         return dst;
796 }
797
798 static int
799 cifs_parse_mount_options(char *options, const char *devname,
800                          struct smb_vol *vol)
801 {
802         char *value;
803         char *data;
804         unsigned int  temp_len, i, j;
805         char separator[2];
806         short int override_uid = -1;
807         short int override_gid = -1;
808         bool uid_specified = false;
809         bool gid_specified = false;
810
811         separator[0] = ',';
812         separator[1] = 0;
813
814         if (Local_System_Name[0] != 0)
815                 memcpy(vol->source_rfc1001_name, Local_System_Name, 15);
816         else {
817                 char *nodename = utsname()->nodename;
818                 int n = strnlen(nodename, 15);
819                 memset(vol->source_rfc1001_name, 0x20, 15);
820                 for (i = 0; i < n; i++) {
821                         /* does not have to be perfect mapping since field is
822                         informational, only used for servers that do not support
823                         port 445 and it can be overridden at mount time */
824                         vol->source_rfc1001_name[i] = toupper(nodename[i]);
825                 }
826         }
827         vol->source_rfc1001_name[15] = 0;
828         /* null target name indicates to use *SMBSERVR default called name
829            if we end up sending RFC1001 session initialize */
830         vol->target_rfc1001_name[0] = 0;
831         vol->linux_uid = current_uid();  /* use current_euid() instead? */
832         vol->linux_gid = current_gid();
833
834         /* default to only allowing write access to owner of the mount */
835         vol->dir_mode = vol->file_mode = S_IRUGO | S_IXUGO | S_IWUSR;
836
837         /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
838         /* default is always to request posix paths. */
839         vol->posix_paths = 1;
840         /* default to using server inode numbers where available */
841         vol->server_ino = 1;
842
843         if (!options)
844                 return 1;
845
846         if (strncmp(options, "sep=", 4) == 0) {
847                 if (options[4] != 0) {
848                         separator[0] = options[4];
849                         options += 5;
850                 } else {
851                         cFYI(1, ("Null separator not allowed"));
852                 }
853         }
854
855         while ((data = strsep(&options, separator)) != NULL) {
856                 if (!*data)
857                         continue;
858                 if ((value = strchr(data, '=')) != NULL)
859                         *value++ = '\0';
860
861                 /* Have to parse this before we parse for "user" */
862                 if (strnicmp(data, "user_xattr", 10) == 0) {
863                         vol->no_xattr = 0;
864                 } else if (strnicmp(data, "nouser_xattr", 12) == 0) {
865                         vol->no_xattr = 1;
866                 } else if (strnicmp(data, "user", 4) == 0) {
867                         if (!value) {
868                                 printk(KERN_WARNING
869                                        "CIFS: invalid or missing username\n");
870                                 return 1;       /* needs_arg; */
871                         } else if (!*value) {
872                                 /* null user, ie anonymous, authentication */
873                                 vol->nullauth = 1;
874                         }
875                         if (strnlen(value, 200) < 200) {
876                                 vol->username = value;
877                         } else {
878                                 printk(KERN_WARNING "CIFS: username too long\n");
879                                 return 1;
880                         }
881                 } else if (strnicmp(data, "pass", 4) == 0) {
882                         if (!value) {
883                                 vol->password = NULL;
884                                 continue;
885                         } else if (value[0] == 0) {
886                                 /* check if string begins with double comma
887                                    since that would mean the password really
888                                    does start with a comma, and would not
889                                    indicate an empty string */
890                                 if (value[1] != separator[0]) {
891                                         vol->password = NULL;
892                                         continue;
893                                 }
894                         }
895                         temp_len = strlen(value);
896                         /* removed password length check, NTLM passwords
897                                 can be arbitrarily long */
898
899                         /* if comma in password, the string will be
900                         prematurely null terminated.  Commas in password are
901                         specified across the cifs mount interface by a double
902                         comma ie ,, and a comma used as in other cases ie ','
903                         as a parameter delimiter/separator is single and due
904                         to the strsep above is temporarily zeroed. */
905
906                         /* NB: password legally can have multiple commas and
907                         the only illegal character in a password is null */
908
909                         if ((value[temp_len] == 0) &&
910                             (value[temp_len+1] == separator[0])) {
911                                 /* reinsert comma */
912                                 value[temp_len] = separator[0];
913                                 temp_len += 2;  /* move after second comma */
914                                 while (value[temp_len] != 0)  {
915                                         if (value[temp_len] == separator[0]) {
916                                                 if (value[temp_len+1] ==
917                                                      separator[0]) {
918                                                 /* skip second comma */
919                                                         temp_len++;
920                                                 } else {
921                                                 /* single comma indicating start
922                                                          of next parm */
923                                                         break;
924                                                 }
925                                         }
926                                         temp_len++;
927                                 }
928                                 if (value[temp_len] == 0) {
929                                         options = NULL;
930                                 } else {
931                                         value[temp_len] = 0;
932                                         /* point option to start of next parm */
933                                         options = value + temp_len + 1;
934                                 }
935                                 /* go from value to value + temp_len condensing
936                                 double commas to singles. Note that this ends up
937                                 allocating a few bytes too many, which is ok */
938                                 vol->password = kzalloc(temp_len, GFP_KERNEL);
939                                 if (vol->password == NULL) {
940                                         printk(KERN_WARNING "CIFS: no memory "
941                                                             "for password\n");
942                                         return 1;
943                                 }
944                                 for (i = 0, j = 0; i < temp_len; i++, j++) {
945                                         vol->password[j] = value[i];
946                                         if (value[i] == separator[0]
947                                                 && value[i+1] == separator[0]) {
948                                                 /* skip second comma */
949                                                 i++;
950                                         }
951                                 }
952                                 vol->password[j] = 0;
953                         } else {
954                                 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
955                                 if (vol->password == NULL) {
956                                         printk(KERN_WARNING "CIFS: no memory "
957                                                             "for password\n");
958                                         return 1;
959                                 }
960                                 strcpy(vol->password, value);
961                         }
962                 } else if (!strnicmp(data, "ip", 2) ||
963                            !strnicmp(data, "addr", 4)) {
964                         if (!value || !*value) {
965                                 vol->UNCip = NULL;
966                         } else if (strnlen(value, INET6_ADDRSTRLEN) <
967                                                         INET6_ADDRSTRLEN) {
968                                 vol->UNCip = value;
969                         } else {
970                                 printk(KERN_WARNING "CIFS: ip address "
971                                                     "too long\n");
972                                 return 1;
973                         }
974                 } else if (strnicmp(data, "sec", 3) == 0) {
975                         if (!value || !*value) {
976                                 cERROR(1, ("no security value specified"));
977                                 continue;
978                         } else if (strnicmp(value, "krb5i", 5) == 0) {
979                                 vol->secFlg |= CIFSSEC_MAY_KRB5 |
980                                         CIFSSEC_MUST_SIGN;
981                         } else if (strnicmp(value, "krb5p", 5) == 0) {
982                                 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
983                                         CIFSSEC_MAY_KRB5; */
984                                 cERROR(1, ("Krb5 cifs privacy not supported"));
985                                 return 1;
986                         } else if (strnicmp(value, "krb5", 4) == 0) {
987                                 vol->secFlg |= CIFSSEC_MAY_KRB5;
988 #ifdef CONFIG_CIFS_EXPERIMENTAL
989                         } else if (strnicmp(value, "ntlmsspi", 8) == 0) {
990                                 vol->secFlg |= CIFSSEC_MAY_NTLMSSP |
991                                         CIFSSEC_MUST_SIGN;
992                         } else if (strnicmp(value, "ntlmssp", 7) == 0) {
993                                 vol->secFlg |= CIFSSEC_MAY_NTLMSSP;
994 #endif
995                         } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
996                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
997                                         CIFSSEC_MUST_SIGN;
998                         } else if (strnicmp(value, "ntlmv2", 6) == 0) {
999                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
1000                         } else if (strnicmp(value, "ntlmi", 5) == 0) {
1001                                 vol->secFlg |= CIFSSEC_MAY_NTLM |
1002                                         CIFSSEC_MUST_SIGN;
1003                         } else if (strnicmp(value, "ntlm", 4) == 0) {
1004                                 /* ntlm is default so can be turned off too */
1005                                 vol->secFlg |= CIFSSEC_MAY_NTLM;
1006                         } else if (strnicmp(value, "nontlm", 6) == 0) {
1007                                 /* BB is there a better way to do this? */
1008                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
1009 #ifdef CONFIG_CIFS_WEAK_PW_HASH
1010                         } else if (strnicmp(value, "lanman", 6) == 0) {
1011                                 vol->secFlg |= CIFSSEC_MAY_LANMAN;
1012 #endif
1013                         } else if (strnicmp(value, "none", 4) == 0) {
1014                                 vol->nullauth = 1;
1015                         } else {
1016                                 cERROR(1, ("bad security option: %s", value));
1017                                 return 1;
1018                         }
1019                 } else if ((strnicmp(data, "unc", 3) == 0)
1020                            || (strnicmp(data, "target", 6) == 0)
1021                            || (strnicmp(data, "path", 4) == 0)) {
1022                         if (!value || !*value) {
1023                                 printk(KERN_WARNING "CIFS: invalid path to "
1024                                                     "network resource\n");
1025                                 return 1;       /* needs_arg; */
1026                         }
1027                         if ((temp_len = strnlen(value, 300)) < 300) {
1028                                 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1029                                 if (vol->UNC == NULL)
1030                                         return 1;
1031                                 strcpy(vol->UNC, value);
1032                                 if (strncmp(vol->UNC, "//", 2) == 0) {
1033                                         vol->UNC[0] = '\\';
1034                                         vol->UNC[1] = '\\';
1035                                 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1036                                         printk(KERN_WARNING
1037                                                "CIFS: UNC Path does not begin "
1038                                                "with // or \\\\ \n");
1039                                         return 1;
1040                                 }
1041                         } else {
1042                                 printk(KERN_WARNING "CIFS: UNC name too long\n");
1043                                 return 1;
1044                         }
1045                 } else if ((strnicmp(data, "domain", 3) == 0)
1046                            || (strnicmp(data, "workgroup", 5) == 0)) {
1047                         if (!value || !*value) {
1048                                 printk(KERN_WARNING "CIFS: invalid domain name\n");
1049                                 return 1;       /* needs_arg; */
1050                         }
1051                         /* BB are there cases in which a comma can be valid in
1052                         a domain name and need special handling? */
1053                         if (strnlen(value, 256) < 256) {
1054                                 vol->domainname = value;
1055                                 cFYI(1, ("Domain name set"));
1056                         } else {
1057                                 printk(KERN_WARNING "CIFS: domain name too "
1058                                                     "long\n");
1059                                 return 1;
1060                         }
1061                 } else if (strnicmp(data, "prefixpath", 10) == 0) {
1062                         if (!value || !*value) {
1063                                 printk(KERN_WARNING
1064                                         "CIFS: invalid path prefix\n");
1065                                 return 1;       /* needs_argument */
1066                         }
1067                         if ((temp_len = strnlen(value, 1024)) < 1024) {
1068                                 if (value[0] != '/')
1069                                         temp_len++;  /* missing leading slash */
1070                                 vol->prepath = kmalloc(temp_len+1, GFP_KERNEL);
1071                                 if (vol->prepath == NULL)
1072                                         return 1;
1073                                 if (value[0] != '/') {
1074                                         vol->prepath[0] = '/';
1075                                         strcpy(vol->prepath+1, value);
1076                                 } else
1077                                         strcpy(vol->prepath, value);
1078                                 cFYI(1, ("prefix path %s", vol->prepath));
1079                         } else {
1080                                 printk(KERN_WARNING "CIFS: prefix too long\n");
1081                                 return 1;
1082                         }
1083                 } else if (strnicmp(data, "iocharset", 9) == 0) {
1084                         if (!value || !*value) {
1085                                 printk(KERN_WARNING "CIFS: invalid iocharset "
1086                                                     "specified\n");
1087                                 return 1;       /* needs_arg; */
1088                         }
1089                         if (strnlen(value, 65) < 65) {
1090                                 if (strnicmp(value, "default", 7))
1091                                         vol->iocharset = value;
1092                                 /* if iocharset not set then load_nls_default
1093                                    is used by caller */
1094                                 cFYI(1, ("iocharset set to %s", value));
1095                         } else {
1096                                 printk(KERN_WARNING "CIFS: iocharset name "
1097                                                     "too long.\n");
1098                                 return 1;
1099                         }
1100                 } else if (!strnicmp(data, "uid", 3) && value && *value) {
1101                         vol->linux_uid = simple_strtoul(value, &value, 0);
1102                         uid_specified = true;
1103                 } else if (!strnicmp(data, "forceuid", 8)) {
1104                         override_uid = 1;
1105                 } else if (!strnicmp(data, "noforceuid", 10)) {
1106                         override_uid = 0;
1107                 } else if (!strnicmp(data, "gid", 3) && value && *value) {
1108                         vol->linux_gid = simple_strtoul(value, &value, 0);
1109                         gid_specified = true;
1110                 } else if (!strnicmp(data, "forcegid", 8)) {
1111                         override_gid = 1;
1112                 } else if (!strnicmp(data, "noforcegid", 10)) {
1113                         override_gid = 0;
1114                 } else if (strnicmp(data, "file_mode", 4) == 0) {
1115                         if (value && *value) {
1116                                 vol->file_mode =
1117                                         simple_strtoul(value, &value, 0);
1118                         }
1119                 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1120                         if (value && *value) {
1121                                 vol->dir_mode =
1122                                         simple_strtoul(value, &value, 0);
1123                         }
1124                 } else if (strnicmp(data, "dirmode", 4) == 0) {
1125                         if (value && *value) {
1126                                 vol->dir_mode =
1127                                         simple_strtoul(value, &value, 0);
1128                         }
1129                 } else if (strnicmp(data, "port", 4) == 0) {
1130                         if (value && *value) {
1131                                 vol->port =
1132                                         simple_strtoul(value, &value, 0);
1133                         }
1134                 } else if (strnicmp(data, "rsize", 5) == 0) {
1135                         if (value && *value) {
1136                                 vol->rsize =
1137                                         simple_strtoul(value, &value, 0);
1138                         }
1139                 } else if (strnicmp(data, "wsize", 5) == 0) {
1140                         if (value && *value) {
1141                                 vol->wsize =
1142                                         simple_strtoul(value, &value, 0);
1143                         }
1144                 } else if (strnicmp(data, "sockopt", 5) == 0) {
1145                         if (value && *value) {
1146                                 vol->sockopt =
1147                                         simple_strtoul(value, &value, 0);
1148                         }
1149                 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1150                         if (!value || !*value || (*value == ' ')) {
1151                                 cFYI(1, ("invalid (empty) netbiosname"));
1152                         } else {
1153                                 memset(vol->source_rfc1001_name, 0x20, 15);
1154                                 for (i = 0; i < 15; i++) {
1155                                 /* BB are there cases in which a comma can be
1156                                 valid in this workstation netbios name (and need
1157                                 special handling)? */
1158
1159                                 /* We do not uppercase netbiosname for user */
1160                                         if (value[i] == 0)
1161                                                 break;
1162                                         else
1163                                                 vol->source_rfc1001_name[i] =
1164                                                                 value[i];
1165                                 }
1166                                 /* The string has 16th byte zero still from
1167                                 set at top of the function  */
1168                                 if ((i == 15) && (value[i] != 0))
1169                                         printk(KERN_WARNING "CIFS: netbiosname"
1170                                                 " longer than 15 truncated.\n");
1171                         }
1172                 } else if (strnicmp(data, "servern", 7) == 0) {
1173                         /* servernetbiosname specified override *SMBSERVER */
1174                         if (!value || !*value || (*value == ' ')) {
1175                                 cFYI(1, ("empty server netbiosname specified"));
1176                         } else {
1177                                 /* last byte, type, is 0x20 for servr type */
1178                                 memset(vol->target_rfc1001_name, 0x20, 16);
1179
1180                                 for (i = 0; i < 15; i++) {
1181                                 /* BB are there cases in which a comma can be
1182                                    valid in this workstation netbios name
1183                                    (and need special handling)? */
1184
1185                                 /* user or mount helper must uppercase
1186                                    the netbiosname */
1187                                         if (value[i] == 0)
1188                                                 break;
1189                                         else
1190                                                 vol->target_rfc1001_name[i] =
1191                                                                 value[i];
1192                                 }
1193                                 /* The string has 16th byte zero still from
1194                                    set at top of the function  */
1195                                 if ((i == 15) && (value[i] != 0))
1196                                         printk(KERN_WARNING "CIFS: server net"
1197                                         "biosname longer than 15 truncated.\n");
1198                         }
1199                 } else if (strnicmp(data, "credentials", 4) == 0) {
1200                         /* ignore */
1201                 } else if (strnicmp(data, "version", 3) == 0) {
1202                         /* ignore */
1203                 } else if (strnicmp(data, "guest", 5) == 0) {
1204                         /* ignore */
1205                 } else if (strnicmp(data, "rw", 2) == 0) {
1206                         /* ignore */
1207                 } else if (strnicmp(data, "ro", 2) == 0) {
1208                         /* ignore */
1209                 } else if (strnicmp(data, "noblocksend", 11) == 0) {
1210                         vol->noblocksnd = 1;
1211                 } else if (strnicmp(data, "noautotune", 10) == 0) {
1212                         vol->noautotune = 1;
1213                 } else if ((strnicmp(data, "suid", 4) == 0) ||
1214                                    (strnicmp(data, "nosuid", 6) == 0) ||
1215                                    (strnicmp(data, "exec", 4) == 0) ||
1216                                    (strnicmp(data, "noexec", 6) == 0) ||
1217                                    (strnicmp(data, "nodev", 5) == 0) ||
1218                                    (strnicmp(data, "noauto", 6) == 0) ||
1219                                    (strnicmp(data, "dev", 3) == 0)) {
1220                         /*  The mount tool or mount.cifs helper (if present)
1221                             uses these opts to set flags, and the flags are read
1222                             by the kernel vfs layer before we get here (ie
1223                             before read super) so there is no point trying to
1224                             parse these options again and set anything and it
1225                             is ok to just ignore them */
1226                         continue;
1227                 } else if (strnicmp(data, "hard", 4) == 0) {
1228                         vol->retry = 1;
1229                 } else if (strnicmp(data, "soft", 4) == 0) {
1230                         vol->retry = 0;
1231                 } else if (strnicmp(data, "perm", 4) == 0) {
1232                         vol->noperm = 0;
1233                 } else if (strnicmp(data, "noperm", 6) == 0) {
1234                         vol->noperm = 1;
1235                 } else if (strnicmp(data, "mapchars", 8) == 0) {
1236                         vol->remap = 1;
1237                 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1238                         vol->remap = 0;
1239                 } else if (strnicmp(data, "sfu", 3) == 0) {
1240                         vol->sfu_emul = 1;
1241                 } else if (strnicmp(data, "nosfu", 5) == 0) {
1242                         vol->sfu_emul = 0;
1243                 } else if (strnicmp(data, "nodfs", 5) == 0) {
1244                         vol->nodfs = 1;
1245                 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1246                         vol->posix_paths = 1;
1247                 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1248                         vol->posix_paths = 0;
1249                 } else if (strnicmp(data, "nounix", 6) == 0) {
1250                         vol->no_linux_ext = 1;
1251                 } else if (strnicmp(data, "nolinux", 7) == 0) {
1252                         vol->no_linux_ext = 1;
1253                 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1254                            (strnicmp(data, "ignorecase", 10)  == 0)) {
1255                         vol->nocase = 1;
1256                 } else if (strnicmp(data, "brl", 3) == 0) {
1257                         vol->nobrl =  0;
1258                 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1259                            (strnicmp(data, "nolock", 6) == 0)) {
1260                         vol->nobrl =  1;
1261                         /* turn off mandatory locking in mode
1262                         if remote locking is turned off since the
1263                         local vfs will do advisory */
1264                         if (vol->file_mode ==
1265                                 (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1266                                 vol->file_mode = S_IALLUGO;
1267                 } else if (strnicmp(data, "forcemandatorylock", 9) == 0) {
1268                         /* will take the shorter form "forcemand" as well */
1269                         /* This mount option will force use of mandatory
1270                           (DOS/Windows style) byte range locks, instead of
1271                           using posix advisory byte range locks, even if the
1272                           Unix extensions are available and posix locks would
1273                           be supported otherwise. If Unix extensions are not
1274                           negotiated this has no effect since mandatory locks
1275                           would be used (mandatory locks is all that those
1276                           those servers support) */
1277                         vol->mand_lock = 1;
1278                 } else if (strnicmp(data, "setuids", 7) == 0) {
1279                         vol->setuids = 1;
1280                 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1281                         vol->setuids = 0;
1282                 } else if (strnicmp(data, "dynperm", 7) == 0) {
1283                         vol->dynperm = true;
1284                 } else if (strnicmp(data, "nodynperm", 9) == 0) {
1285                         vol->dynperm = false;
1286                 } else if (strnicmp(data, "nohard", 6) == 0) {
1287                         vol->retry = 0;
1288                 } else if (strnicmp(data, "nosoft", 6) == 0) {
1289                         vol->retry = 1;
1290                 } else if (strnicmp(data, "nointr", 6) == 0) {
1291                         vol->intr = 0;
1292                 } else if (strnicmp(data, "intr", 4) == 0) {
1293                         vol->intr = 1;
1294                 } else if (strnicmp(data, "nostrictsync", 12) == 0) {
1295                         vol->nostrictsync = 1;
1296                 } else if (strnicmp(data, "strictsync", 10) == 0) {
1297                         vol->nostrictsync = 0;
1298                 } else if (strnicmp(data, "serverino", 7) == 0) {
1299                         vol->server_ino = 1;
1300                 } else if (strnicmp(data, "noserverino", 9) == 0) {
1301                         vol->server_ino = 0;
1302                 } else if (strnicmp(data, "cifsacl", 7) == 0) {
1303                         vol->cifs_acl = 1;
1304                 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1305                         vol->cifs_acl = 0;
1306                 } else if (strnicmp(data, "acl", 3) == 0) {
1307                         vol->no_psx_acl = 0;
1308                 } else if (strnicmp(data, "noacl", 5) == 0) {
1309                         vol->no_psx_acl = 1;
1310 #ifdef CONFIG_CIFS_EXPERIMENTAL
1311                 } else if (strnicmp(data, "locallease", 6) == 0) {
1312                         vol->local_lease = 1;
1313 #endif
1314                 } else if (strnicmp(data, "sign", 4) == 0) {
1315                         vol->secFlg |= CIFSSEC_MUST_SIGN;
1316                 } else if (strnicmp(data, "seal", 4) == 0) {
1317                         /* we do not do the following in secFlags because seal
1318                            is a per tree connection (mount) not a per socket
1319                            or per-smb connection option in the protocol */
1320                         /* vol->secFlg |= CIFSSEC_MUST_SEAL; */
1321                         vol->seal = 1;
1322                 } else if (strnicmp(data, "direct", 6) == 0) {
1323                         vol->direct_io = 1;
1324                 } else if (strnicmp(data, "forcedirectio", 13) == 0) {
1325                         vol->direct_io = 1;
1326                 } else if (strnicmp(data, "noac", 4) == 0) {
1327                         printk(KERN_WARNING "CIFS: Mount option noac not "
1328                                 "supported. Instead set "
1329                                 "/proc/fs/cifs/LookupCacheEnabled to 0\n");
1330                 } else
1331                         printk(KERN_WARNING "CIFS: Unknown mount option %s\n",
1332                                                 data);
1333         }
1334         if (vol->UNC == NULL) {
1335                 if (devname == NULL) {
1336                         printk(KERN_WARNING "CIFS: Missing UNC name for mount "
1337                                                 "target\n");
1338                         return 1;
1339                 }
1340                 if ((temp_len = strnlen(devname, 300)) < 300) {
1341                         vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1342                         if (vol->UNC == NULL)
1343                                 return 1;
1344                         strcpy(vol->UNC, devname);
1345                         if (strncmp(vol->UNC, "//", 2) == 0) {
1346                                 vol->UNC[0] = '\\';
1347                                 vol->UNC[1] = '\\';
1348                         } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1349                                 printk(KERN_WARNING "CIFS: UNC Path does not "
1350                                                     "begin with // or \\\\ \n");
1351                                 return 1;
1352                         }
1353                         value = strpbrk(vol->UNC+2, "/\\");
1354                         if (value)
1355                                 *value = '\\';
1356                 } else {
1357                         printk(KERN_WARNING "CIFS: UNC name too long\n");
1358                         return 1;
1359                 }
1360         }
1361         if (vol->UNCip == NULL)
1362                 vol->UNCip = &vol->UNC[2];
1363
1364         if (uid_specified)
1365                 vol->override_uid = override_uid;
1366         else if (override_uid == 1)
1367                 printk(KERN_NOTICE "CIFS: ignoring forceuid mount option "
1368                                    "specified with no uid= option.\n");
1369
1370         if (gid_specified)
1371                 vol->override_gid = override_gid;
1372         else if (override_gid == 1)
1373                 printk(KERN_NOTICE "CIFS: ignoring forcegid mount option "
1374                                    "specified with no gid= option.\n");
1375
1376         return 0;
1377 }
1378
1379 static struct TCP_Server_Info *
1380 cifs_find_tcp_session(struct sockaddr_storage *addr)
1381 {
1382         struct list_head *tmp;
1383         struct TCP_Server_Info *server;
1384         struct sockaddr_in *addr4 = (struct sockaddr_in *) addr;
1385         struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) addr;
1386
1387         write_lock(&cifs_tcp_ses_lock);
1388         list_for_each(tmp, &cifs_tcp_ses_list) {
1389                 server = list_entry(tmp, struct TCP_Server_Info,
1390                                     tcp_ses_list);
1391                 /*
1392                  * the demux thread can exit on its own while still in CifsNew
1393                  * so don't accept any sockets in that state. Since the
1394                  * tcpStatus never changes back to CifsNew it's safe to check
1395                  * for this without a lock.
1396                  */
1397                 if (server->tcpStatus == CifsNew)
1398                         continue;
1399
1400                 if (addr->ss_family == AF_INET &&
1401                     (addr4->sin_addr.s_addr !=
1402                      server->addr.sockAddr.sin_addr.s_addr))
1403                         continue;
1404                 else if (addr->ss_family == AF_INET6 &&
1405                          (!ipv6_addr_equal(&server->addr.sockAddr6.sin6_addr,
1406                                            &addr6->sin6_addr) ||
1407                           server->addr.sockAddr6.sin6_scope_id !=
1408                                            addr6->sin6_scope_id))
1409                         continue;
1410
1411                 ++server->srv_count;
1412                 write_unlock(&cifs_tcp_ses_lock);
1413                 cFYI(1, ("Existing tcp session with server found"));
1414                 return server;
1415         }
1416         write_unlock(&cifs_tcp_ses_lock);
1417         return NULL;
1418 }
1419
1420 static void
1421 cifs_put_tcp_session(struct TCP_Server_Info *server)
1422 {
1423         struct task_struct *task;
1424
1425         write_lock(&cifs_tcp_ses_lock);
1426         if (--server->srv_count > 0) {
1427                 write_unlock(&cifs_tcp_ses_lock);
1428                 return;
1429         }
1430
1431         list_del_init(&server->tcp_ses_list);
1432         write_unlock(&cifs_tcp_ses_lock);
1433
1434         spin_lock(&GlobalMid_Lock);
1435         server->tcpStatus = CifsExiting;
1436         spin_unlock(&GlobalMid_Lock);
1437
1438         task = xchg(&server->tsk, NULL);
1439         if (task)
1440                 force_sig(SIGKILL, task);
1441 }
1442
1443 static struct TCP_Server_Info *
1444 cifs_get_tcp_session(struct smb_vol *volume_info)
1445 {
1446         struct TCP_Server_Info *tcp_ses = NULL;
1447         struct sockaddr_storage addr;
1448         struct sockaddr_in *sin_server = (struct sockaddr_in *) &addr;
1449         struct sockaddr_in6 *sin_server6 = (struct sockaddr_in6 *) &addr;
1450         int rc;
1451
1452         memset(&addr, 0, sizeof(struct sockaddr_storage));
1453
1454         cFYI(1, ("UNC: %s ip: %s", volume_info->UNC, volume_info->UNCip));
1455
1456         if (volume_info->UNCip && volume_info->UNC) {
1457                 rc = cifs_convert_address(volume_info->UNCip, &addr);
1458                 if (!rc) {
1459                         /* we failed translating address */
1460                         rc = -EINVAL;
1461                         goto out_err;
1462                 }
1463         } else if (volume_info->UNCip) {
1464                 /* BB using ip addr as tcp_ses name to connect to the
1465                    DFS root below */
1466                 cERROR(1, ("Connecting to DFS root not implemented yet"));
1467                 rc = -EINVAL;
1468                 goto out_err;
1469         } else /* which tcp_sess DFS root would we conect to */ {
1470                 cERROR(1,
1471                        ("CIFS mount error: No UNC path (e.g. -o "
1472                         "unc=//192.168.1.100/public) specified"));
1473                 rc = -EINVAL;
1474                 goto out_err;
1475         }
1476
1477         /* see if we already have a matching tcp_ses */
1478         tcp_ses = cifs_find_tcp_session(&addr);
1479         if (tcp_ses)
1480                 return tcp_ses;
1481
1482         tcp_ses = kzalloc(sizeof(struct TCP_Server_Info), GFP_KERNEL);
1483         if (!tcp_ses) {
1484                 rc = -ENOMEM;
1485                 goto out_err;
1486         }
1487
1488         tcp_ses->hostname = extract_hostname(volume_info->UNC);
1489         if (IS_ERR(tcp_ses->hostname)) {
1490                 rc = PTR_ERR(tcp_ses->hostname);
1491                 goto out_err;
1492         }
1493
1494         tcp_ses->noblocksnd = volume_info->noblocksnd;
1495         tcp_ses->noautotune = volume_info->noautotune;
1496         atomic_set(&tcp_ses->inFlight, 0);
1497         init_waitqueue_head(&tcp_ses->response_q);
1498         init_waitqueue_head(&tcp_ses->request_q);
1499         INIT_LIST_HEAD(&tcp_ses->pending_mid_q);
1500         mutex_init(&tcp_ses->srv_mutex);
1501         memcpy(tcp_ses->workstation_RFC1001_name,
1502                 volume_info->source_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1503         memcpy(tcp_ses->server_RFC1001_name,
1504                 volume_info->target_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1505         tcp_ses->sequence_number = 0;
1506         INIT_LIST_HEAD(&tcp_ses->tcp_ses_list);
1507         INIT_LIST_HEAD(&tcp_ses->smb_ses_list);
1508
1509         /*
1510          * at this point we are the only ones with the pointer
1511          * to the struct since the kernel thread not created yet
1512          * no need to spinlock this init of tcpStatus or srv_count
1513          */
1514         tcp_ses->tcpStatus = CifsNew;
1515         ++tcp_ses->srv_count;
1516
1517         if (addr.ss_family == AF_INET6) {
1518                 cFYI(1, ("attempting ipv6 connect"));
1519                 /* BB should we allow ipv6 on port 139? */
1520                 /* other OS never observed in Wild doing 139 with v6 */
1521                 sin_server6->sin6_port = htons(volume_info->port);
1522                 memcpy(&tcp_ses->addr.sockAddr6, sin_server6,
1523                         sizeof(struct sockaddr_in6));
1524                 rc = ipv6_connect(tcp_ses);
1525         } else {
1526                 sin_server->sin_port = htons(volume_info->port);
1527                 memcpy(&tcp_ses->addr.sockAddr, sin_server,
1528                         sizeof(struct sockaddr_in));
1529                 rc = ipv4_connect(tcp_ses);
1530         }
1531         if (rc < 0) {
1532                 cERROR(1, ("Error connecting to socket. Aborting operation"));
1533                 goto out_err;
1534         }
1535
1536         /*
1537          * since we're in a cifs function already, we know that
1538          * this will succeed. No need for try_module_get().
1539          */
1540         __module_get(THIS_MODULE);
1541         tcp_ses->tsk = kthread_run((void *)(void *)cifs_demultiplex_thread,
1542                                   tcp_ses, "cifsd");
1543         if (IS_ERR(tcp_ses->tsk)) {
1544                 rc = PTR_ERR(tcp_ses->tsk);
1545                 cERROR(1, ("error %d create cifsd thread", rc));
1546                 module_put(THIS_MODULE);
1547                 goto out_err;
1548         }
1549
1550         /* thread spawned, put it on the list */
1551         write_lock(&cifs_tcp_ses_lock);
1552         list_add(&tcp_ses->tcp_ses_list, &cifs_tcp_ses_list);
1553         write_unlock(&cifs_tcp_ses_lock);
1554
1555         return tcp_ses;
1556
1557 out_err:
1558         if (tcp_ses) {
1559                 kfree(tcp_ses->hostname);
1560                 if (tcp_ses->ssocket)
1561                         sock_release(tcp_ses->ssocket);
1562                 kfree(tcp_ses);
1563         }
1564         return ERR_PTR(rc);
1565 }
1566
1567 static struct cifsSesInfo *
1568 cifs_find_smb_ses(struct TCP_Server_Info *server, char *username)
1569 {
1570         struct list_head *tmp;
1571         struct cifsSesInfo *ses;
1572
1573         write_lock(&cifs_tcp_ses_lock);
1574         list_for_each(tmp, &server->smb_ses_list) {
1575                 ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
1576                 if (strncmp(ses->userName, username, MAX_USERNAME_SIZE))
1577                         continue;
1578
1579                 ++ses->ses_count;
1580                 write_unlock(&cifs_tcp_ses_lock);
1581                 return ses;
1582         }
1583         write_unlock(&cifs_tcp_ses_lock);
1584         return NULL;
1585 }
1586
1587 static void
1588 cifs_put_smb_ses(struct cifsSesInfo *ses)
1589 {
1590         int xid;
1591         struct TCP_Server_Info *server = ses->server;
1592
1593         write_lock(&cifs_tcp_ses_lock);
1594         if (--ses->ses_count > 0) {
1595                 write_unlock(&cifs_tcp_ses_lock);
1596                 return;
1597         }
1598
1599         list_del_init(&ses->smb_ses_list);
1600         write_unlock(&cifs_tcp_ses_lock);
1601
1602         if (ses->status == CifsGood) {
1603                 xid = GetXid();
1604                 CIFSSMBLogoff(xid, ses);
1605                 _FreeXid(xid);
1606         }
1607         sesInfoFree(ses);
1608         cifs_put_tcp_session(server);
1609 }
1610
1611 static struct cifsTconInfo *
1612 cifs_find_tcon(struct cifsSesInfo *ses, const char *unc)
1613 {
1614         struct list_head *tmp;
1615         struct cifsTconInfo *tcon;
1616
1617         write_lock(&cifs_tcp_ses_lock);
1618         list_for_each(tmp, &ses->tcon_list) {
1619                 tcon = list_entry(tmp, struct cifsTconInfo, tcon_list);
1620                 if (tcon->tidStatus == CifsExiting)
1621                         continue;
1622                 if (strncmp(tcon->treeName, unc, MAX_TREE_SIZE))
1623                         continue;
1624
1625                 ++tcon->tc_count;
1626                 write_unlock(&cifs_tcp_ses_lock);
1627                 return tcon;
1628         }
1629         write_unlock(&cifs_tcp_ses_lock);
1630         return NULL;
1631 }
1632
1633 static void
1634 cifs_put_tcon(struct cifsTconInfo *tcon)
1635 {
1636         int xid;
1637         struct cifsSesInfo *ses = tcon->ses;
1638
1639         write_lock(&cifs_tcp_ses_lock);
1640         if (--tcon->tc_count > 0) {
1641                 write_unlock(&cifs_tcp_ses_lock);
1642                 return;
1643         }
1644
1645         list_del_init(&tcon->tcon_list);
1646         write_unlock(&cifs_tcp_ses_lock);
1647
1648         xid = GetXid();
1649         CIFSSMBTDis(xid, tcon);
1650         _FreeXid(xid);
1651
1652         DeleteTconOplockQEntries(tcon);
1653         tconInfoFree(tcon);
1654         cifs_put_smb_ses(ses);
1655 }
1656
1657 int
1658 get_dfs_path(int xid, struct cifsSesInfo *pSesInfo, const char *old_path,
1659              const struct nls_table *nls_codepage, unsigned int *pnum_referrals,
1660              struct dfs_info3_param **preferrals, int remap)
1661 {
1662         char *temp_unc;
1663         int rc = 0;
1664
1665         *pnum_referrals = 0;
1666         *preferrals = NULL;
1667
1668         if (pSesInfo->ipc_tid == 0) {
1669                 temp_unc = kmalloc(2 /* for slashes */ +
1670                         strnlen(pSesInfo->serverName,
1671                                 SERVER_NAME_LEN_WITH_NULL * 2)
1672                                  + 1 + 4 /* slash IPC$ */  + 2,
1673                                 GFP_KERNEL);
1674                 if (temp_unc == NULL)
1675                         return -ENOMEM;
1676                 temp_unc[0] = '\\';
1677                 temp_unc[1] = '\\';
1678                 strcpy(temp_unc + 2, pSesInfo->serverName);
1679                 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
1680                 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
1681                 cFYI(1,
1682                      ("CIFS Tcon rc = %d ipc_tid = %d", rc, pSesInfo->ipc_tid));
1683                 kfree(temp_unc);
1684         }
1685         if (rc == 0)
1686                 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
1687                                      pnum_referrals, nls_codepage, remap);
1688         /* BB map targetUNCs to dfs_info3 structures, here or
1689                 in CIFSGetDFSRefer BB */
1690
1691         return rc;
1692 }
1693
1694 #ifdef CONFIG_DEBUG_LOCK_ALLOC
1695 static struct lock_class_key cifs_key[2];
1696 static struct lock_class_key cifs_slock_key[2];
1697
1698 static inline void
1699 cifs_reclassify_socket4(struct socket *sock)
1700 {
1701         struct sock *sk = sock->sk;
1702         BUG_ON(sock_owned_by_user(sk));
1703         sock_lock_init_class_and_name(sk, "slock-AF_INET-CIFS",
1704                 &cifs_slock_key[0], "sk_lock-AF_INET-CIFS", &cifs_key[0]);
1705 }
1706
1707 static inline void
1708 cifs_reclassify_socket6(struct socket *sock)
1709 {
1710         struct sock *sk = sock->sk;
1711         BUG_ON(sock_owned_by_user(sk));
1712         sock_lock_init_class_and_name(sk, "slock-AF_INET6-CIFS",
1713                 &cifs_slock_key[1], "sk_lock-AF_INET6-CIFS", &cifs_key[1]);
1714 }
1715 #else
1716 static inline void
1717 cifs_reclassify_socket4(struct socket *sock)
1718 {
1719 }
1720
1721 static inline void
1722 cifs_reclassify_socket6(struct socket *sock)
1723 {
1724 }
1725 #endif
1726
1727 /* See RFC1001 section 14 on representation of Netbios names */
1728 static void rfc1002mangle(char *target, char *source, unsigned int length)
1729 {
1730         unsigned int i, j;
1731
1732         for (i = 0, j = 0; i < (length); i++) {
1733                 /* mask a nibble at a time and encode */
1734                 target[j] = 'A' + (0x0F & (source[i] >> 4));
1735                 target[j+1] = 'A' + (0x0F & source[i]);
1736                 j += 2;
1737         }
1738
1739 }
1740
1741
1742 static int
1743 ipv4_connect(struct TCP_Server_Info *server)
1744 {
1745         int rc = 0;
1746         bool connected = false;
1747         __be16 orig_port = 0;
1748         struct socket *socket = server->ssocket;
1749
1750         if (socket == NULL) {
1751                 rc = sock_create_kern(PF_INET, SOCK_STREAM,
1752                                       IPPROTO_TCP, &socket);
1753                 if (rc < 0) {
1754                         cERROR(1, ("Error %d creating socket", rc));
1755                         return rc;
1756                 }
1757
1758                 /* BB other socket options to set KEEPALIVE, NODELAY? */
1759                 cFYI(1, ("Socket created"));
1760                 server->ssocket = socket;
1761                 socket->sk->sk_allocation = GFP_NOFS;
1762                 cifs_reclassify_socket4(socket);
1763         }
1764
1765         /* user overrode default port */
1766         if (server->addr.sockAddr.sin_port) {
1767                 rc = socket->ops->connect(socket, (struct sockaddr *)
1768                                           &server->addr.sockAddr,
1769                                           sizeof(struct sockaddr_in), 0);
1770                 if (rc >= 0)
1771                         connected = true;
1772         }
1773
1774         if (!connected) {
1775                 /* save original port so we can retry user specified port
1776                         later if fall back ports fail this time  */
1777                 orig_port = server->addr.sockAddr.sin_port;
1778
1779                 /* do not retry on the same port we just failed on */
1780                 if (server->addr.sockAddr.sin_port != htons(CIFS_PORT)) {
1781                         server->addr.sockAddr.sin_port = htons(CIFS_PORT);
1782                         rc = socket->ops->connect(socket,
1783                                                 (struct sockaddr *)
1784                                                 &server->addr.sockAddr,
1785                                                 sizeof(struct sockaddr_in), 0);
1786                         if (rc >= 0)
1787                                 connected = true;
1788                 }
1789         }
1790         if (!connected) {
1791                 server->addr.sockAddr.sin_port = htons(RFC1001_PORT);
1792                 rc = socket->ops->connect(socket, (struct sockaddr *)
1793                                               &server->addr.sockAddr,
1794                                               sizeof(struct sockaddr_in), 0);
1795                 if (rc >= 0)
1796                         connected = true;
1797         }
1798
1799         /* give up here - unless we want to retry on different
1800                 protocol families some day */
1801         if (!connected) {
1802                 if (orig_port)
1803                         server->addr.sockAddr.sin_port = orig_port;
1804                 cFYI(1, ("Error %d connecting to server via ipv4", rc));
1805                 sock_release(socket);
1806                 server->ssocket = NULL;
1807                 return rc;
1808         }
1809
1810
1811         /*
1812          * Eventually check for other socket options to change from
1813          *  the default. sock_setsockopt not used because it expects
1814          *  user space buffer
1815          */
1816         socket->sk->sk_rcvtimeo = 7 * HZ;
1817         socket->sk->sk_sndtimeo = 5 * HZ;
1818
1819         /* make the bufsizes depend on wsize/rsize and max requests */
1820         if (server->noautotune) {
1821                 if (socket->sk->sk_sndbuf < (200 * 1024))
1822                         socket->sk->sk_sndbuf = 200 * 1024;
1823                 if (socket->sk->sk_rcvbuf < (140 * 1024))
1824                         socket->sk->sk_rcvbuf = 140 * 1024;
1825         }
1826
1827          cFYI(1, ("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",
1828                  socket->sk->sk_sndbuf,
1829                  socket->sk->sk_rcvbuf, socket->sk->sk_rcvtimeo));
1830
1831         /* send RFC1001 sessinit */
1832         if (server->addr.sockAddr.sin_port == htons(RFC1001_PORT)) {
1833                 /* some servers require RFC1001 sessinit before sending
1834                 negprot - BB check reconnection in case where second
1835                 sessinit is sent but no second negprot */
1836                 struct rfc1002_session_packet *ses_init_buf;
1837                 struct smb_hdr *smb_buf;
1838                 ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet),
1839                                        GFP_KERNEL);
1840                 if (ses_init_buf) {
1841                         ses_init_buf->trailer.session_req.called_len = 32;
1842                         if (server->server_RFC1001_name &&
1843                             server->server_RFC1001_name[0] != 0)
1844                                 rfc1002mangle(ses_init_buf->trailer.
1845                                                 session_req.called_name,
1846                                               server->server_RFC1001_name,
1847                                               RFC1001_NAME_LEN_WITH_NULL);
1848                         else
1849                                 rfc1002mangle(ses_init_buf->trailer.
1850                                                 session_req.called_name,
1851                                               DEFAULT_CIFS_CALLED_NAME,
1852                                               RFC1001_NAME_LEN_WITH_NULL);
1853
1854                         ses_init_buf->trailer.session_req.calling_len = 32;
1855
1856                         /* calling name ends in null (byte 16) from old smb
1857                         convention. */
1858                         if (server->workstation_RFC1001_name &&
1859                             server->workstation_RFC1001_name[0] != 0)
1860                                 rfc1002mangle(ses_init_buf->trailer.
1861                                                 session_req.calling_name,
1862                                               server->workstation_RFC1001_name,
1863                                               RFC1001_NAME_LEN_WITH_NULL);
1864                         else
1865                                 rfc1002mangle(ses_init_buf->trailer.
1866                                                 session_req.calling_name,
1867                                               "LINUX_CIFS_CLNT",
1868                                               RFC1001_NAME_LEN_WITH_NULL);
1869
1870                         ses_init_buf->trailer.session_req.scope1 = 0;
1871                         ses_init_buf->trailer.session_req.scope2 = 0;
1872                         smb_buf = (struct smb_hdr *)ses_init_buf;
1873                         /* sizeof RFC1002_SESSION_REQUEST with no scope */
1874                         smb_buf->smb_buf_length = 0x81000044;
1875                         rc = smb_send(server, smb_buf, 0x44);
1876                         kfree(ses_init_buf);
1877                         msleep(1); /* RFC1001 layer in at least one server
1878                                       requires very short break before negprot
1879                                       presumably because not expecting negprot
1880                                       to follow so fast.  This is a simple
1881                                       solution that works without
1882                                       complicating the code and causes no
1883                                       significant slowing down on mount
1884                                       for everyone else */
1885                 }
1886                 /* else the negprot may still work without this
1887                 even though malloc failed */
1888
1889         }
1890
1891         return rc;
1892 }
1893
1894 static int
1895 ipv6_connect(struct TCP_Server_Info *server)
1896 {
1897         int rc = 0;
1898         bool connected = false;
1899         __be16 orig_port = 0;
1900         struct socket *socket = server->ssocket;
1901
1902         if (socket == NULL) {
1903                 rc = sock_create_kern(PF_INET6, SOCK_STREAM,
1904                                       IPPROTO_TCP, &socket);
1905                 if (rc < 0) {
1906                         cERROR(1, ("Error %d creating ipv6 socket", rc));
1907                         socket = NULL;
1908                         return rc;
1909                 }
1910
1911                 /* BB other socket options to set KEEPALIVE, NODELAY? */
1912                 cFYI(1, ("ipv6 Socket created"));
1913                 server->ssocket = socket;
1914                 socket->sk->sk_allocation = GFP_NOFS;
1915                 cifs_reclassify_socket6(socket);
1916         }
1917
1918         /* user overrode default port */
1919         if (server->addr.sockAddr6.sin6_port) {
1920                 rc = socket->ops->connect(socket,
1921                                 (struct sockaddr *) &server->addr.sockAddr6,
1922                                 sizeof(struct sockaddr_in6), 0);
1923                 if (rc >= 0)
1924                         connected = true;
1925         }
1926
1927         if (!connected) {
1928                 /* save original port so we can retry user specified port
1929                         later if fall back ports fail this time  */
1930
1931                 orig_port = server->addr.sockAddr6.sin6_port;
1932                 /* do not retry on the same port we just failed on */
1933                 if (server->addr.sockAddr6.sin6_port != htons(CIFS_PORT)) {
1934                         server->addr.sockAddr6.sin6_port = htons(CIFS_PORT);
1935                         rc = socket->ops->connect(socket, (struct sockaddr *)
1936                                         &server->addr.sockAddr6,
1937                                         sizeof(struct sockaddr_in6), 0);
1938                         if (rc >= 0)
1939                                 connected = true;
1940                 }
1941         }
1942         if (!connected) {
1943                 server->addr.sockAddr6.sin6_port = htons(RFC1001_PORT);
1944                 rc = socket->ops->connect(socket, (struct sockaddr *)
1945                                 &server->addr.sockAddr6,
1946                                 sizeof(struct sockaddr_in6), 0);
1947                 if (rc >= 0)
1948                         connected = true;
1949         }
1950
1951         /* give up here - unless we want to retry on different
1952                 protocol families some day */
1953         if (!connected) {
1954                 if (orig_port)
1955                         server->addr.sockAddr6.sin6_port = orig_port;
1956                 cFYI(1, ("Error %d connecting to server via ipv6", rc));
1957                 sock_release(socket);
1958                 server->ssocket = NULL;
1959                 return rc;
1960         }
1961
1962         /*
1963          * Eventually check for other socket options to change from
1964          * the default. sock_setsockopt not used because it expects
1965          * user space buffer
1966          */
1967         socket->sk->sk_rcvtimeo = 7 * HZ;
1968         socket->sk->sk_sndtimeo = 5 * HZ;
1969         server->ssocket = socket;
1970
1971         return rc;
1972 }
1973
1974 void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon,
1975                           struct super_block *sb, struct smb_vol *vol_info)
1976 {
1977         /* if we are reconnecting then should we check to see if
1978          * any requested capabilities changed locally e.g. via
1979          * remount but we can not do much about it here
1980          * if they have (even if we could detect it by the following)
1981          * Perhaps we could add a backpointer to array of sb from tcon
1982          * or if we change to make all sb to same share the same
1983          * sb as NFS - then we only have one backpointer to sb.
1984          * What if we wanted to mount the server share twice once with
1985          * and once without posixacls or posix paths? */
1986         __u64 saved_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
1987
1988         if (vol_info && vol_info->no_linux_ext) {
1989                 tcon->fsUnixInfo.Capability = 0;
1990                 tcon->unix_ext = 0; /* Unix Extensions disabled */
1991                 cFYI(1, ("Linux protocol extensions disabled"));
1992                 return;
1993         } else if (vol_info)
1994                 tcon->unix_ext = 1; /* Unix Extensions supported */
1995
1996         if (tcon->unix_ext == 0) {
1997                 cFYI(1, ("Unix extensions disabled so not set on reconnect"));
1998                 return;
1999         }
2000
2001         if (!CIFSSMBQFSUnixInfo(xid, tcon)) {
2002                 __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
2003
2004                 /* check for reconnect case in which we do not
2005                    want to change the mount behavior if we can avoid it */
2006                 if (vol_info == NULL) {
2007                         /* turn off POSIX ACL and PATHNAMES if not set
2008                            originally at mount time */
2009                         if ((saved_cap & CIFS_UNIX_POSIX_ACL_CAP) == 0)
2010                                 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2011                         if ((saved_cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2012                                 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2013                                         cERROR(1, ("POSIXPATH support change"));
2014                                 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2015                         } else if ((cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2016                                 cERROR(1, ("possible reconnect error"));
2017                                 cERROR(1,
2018                                         ("server disabled POSIX path support"));
2019                         }
2020                 }
2021
2022                 cap &= CIFS_UNIX_CAP_MASK;
2023                 if (vol_info && vol_info->no_psx_acl)
2024                         cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2025                 else if (CIFS_UNIX_POSIX_ACL_CAP & cap) {
2026                         cFYI(1, ("negotiated posix acl support"));
2027                         if (sb)
2028                                 sb->s_flags |= MS_POSIXACL;
2029                 }
2030
2031                 if (vol_info && vol_info->posix_paths == 0)
2032                         cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2033                 else if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
2034                         cFYI(1, ("negotiate posix pathnames"));
2035                         if (sb)
2036                                 CIFS_SB(sb)->mnt_cifs_flags |=
2037                                         CIFS_MOUNT_POSIX_PATHS;
2038                 }
2039
2040                 /* We might be setting the path sep back to a different
2041                 form if we are reconnecting and the server switched its
2042                 posix path capability for this share */
2043                 if (sb && (CIFS_SB(sb)->prepathlen > 0))
2044                         CIFS_SB(sb)->prepath[0] = CIFS_DIR_SEP(CIFS_SB(sb));
2045
2046                 if (sb && (CIFS_SB(sb)->rsize > 127 * 1024)) {
2047                         if ((cap & CIFS_UNIX_LARGE_READ_CAP) == 0) {
2048                                 CIFS_SB(sb)->rsize = 127 * 1024;
2049                                 cFYI(DBG2,
2050                                         ("larger reads not supported by srv"));
2051                         }
2052                 }
2053
2054
2055                 cFYI(1, ("Negotiate caps 0x%x", (int)cap));
2056 #ifdef CONFIG_CIFS_DEBUG2
2057                 if (cap & CIFS_UNIX_FCNTL_CAP)
2058                         cFYI(1, ("FCNTL cap"));
2059                 if (cap & CIFS_UNIX_EXTATTR_CAP)
2060                         cFYI(1, ("EXTATTR cap"));
2061                 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2062                         cFYI(1, ("POSIX path cap"));
2063                 if (cap & CIFS_UNIX_XATTR_CAP)
2064                         cFYI(1, ("XATTR cap"));
2065                 if (cap & CIFS_UNIX_POSIX_ACL_CAP)
2066                         cFYI(1, ("POSIX ACL cap"));
2067                 if (cap & CIFS_UNIX_LARGE_READ_CAP)
2068                         cFYI(1, ("very large read cap"));
2069                 if (cap & CIFS_UNIX_LARGE_WRITE_CAP)
2070                         cFYI(1, ("very large write cap"));
2071 #endif /* CIFS_DEBUG2 */
2072                 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
2073                         if (vol_info == NULL) {
2074                                 cFYI(1, ("resetting capabilities failed"));
2075                         } else
2076                                 cERROR(1, ("Negotiating Unix capabilities "
2077                                            "with the server failed.  Consider "
2078                                            "mounting with the Unix Extensions\n"
2079                                            "disabled, if problems are found, "
2080                                            "by specifying the nounix mount "
2081                                            "option."));
2082
2083                 }
2084         }
2085 }
2086
2087 static void
2088 convert_delimiter(char *path, char delim)
2089 {
2090         int i;
2091         char old_delim;
2092
2093         if (path == NULL)
2094                 return;
2095
2096         if (delim == '/')
2097                 old_delim = '\\';
2098         else
2099                 old_delim = '/';
2100
2101         for (i = 0; path[i] != '\0'; i++) {
2102                 if (path[i] == old_delim)
2103                         path[i] = delim;
2104         }
2105 }
2106
2107 static void setup_cifs_sb(struct smb_vol *pvolume_info,
2108                           struct cifs_sb_info *cifs_sb)
2109 {
2110         if (pvolume_info->rsize > CIFSMaxBufSize) {
2111                 cERROR(1, ("rsize %d too large, using MaxBufSize",
2112                         pvolume_info->rsize));
2113                 cifs_sb->rsize = CIFSMaxBufSize;
2114         } else if ((pvolume_info->rsize) &&
2115                         (pvolume_info->rsize <= CIFSMaxBufSize))
2116                 cifs_sb->rsize = pvolume_info->rsize;
2117         else /* default */
2118                 cifs_sb->rsize = CIFSMaxBufSize;
2119
2120         if (pvolume_info->wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
2121                 cERROR(1, ("wsize %d too large, using 4096 instead",
2122                           pvolume_info->wsize));
2123                 cifs_sb->wsize = 4096;
2124         } else if (pvolume_info->wsize)
2125                 cifs_sb->wsize = pvolume_info->wsize;
2126         else
2127                 cifs_sb->wsize = min_t(const int,
2128                                         PAGEVEC_SIZE * PAGE_CACHE_SIZE,
2129                                         127*1024);
2130                 /* old default of CIFSMaxBufSize was too small now
2131                    that SMB Write2 can send multiple pages in kvec.
2132                    RFC1001 does not describe what happens when frame
2133                    bigger than 128K is sent so use that as max in
2134                    conjunction with 52K kvec constraint on arch with 4K
2135                    page size  */
2136
2137         if (cifs_sb->rsize < 2048) {
2138                 cifs_sb->rsize = 2048;
2139                 /* Windows ME may prefer this */
2140                 cFYI(1, ("readsize set to minimum: 2048"));
2141         }
2142         /* calculate prepath */
2143         cifs_sb->prepath = pvolume_info->prepath;
2144         if (cifs_sb->prepath) {
2145                 cifs_sb->prepathlen = strlen(cifs_sb->prepath);
2146                 /* we can not convert the / to \ in the path
2147                 separators in the prefixpath yet because we do not
2148                 know (until reset_cifs_unix_caps is called later)
2149                 whether POSIX PATH CAP is available. We normalize
2150                 the / to \ after reset_cifs_unix_caps is called */
2151                 pvolume_info->prepath = NULL;
2152         } else
2153                 cifs_sb->prepathlen = 0;
2154         cifs_sb->mnt_uid = pvolume_info->linux_uid;
2155         cifs_sb->mnt_gid = pvolume_info->linux_gid;
2156         cifs_sb->mnt_file_mode = pvolume_info->file_mode;
2157         cifs_sb->mnt_dir_mode = pvolume_info->dir_mode;
2158         cFYI(1, ("file mode: 0x%x  dir mode: 0x%x",
2159                 cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode));
2160
2161         if (pvolume_info->noperm)
2162                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
2163         if (pvolume_info->setuids)
2164                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
2165         if (pvolume_info->server_ino)
2166                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
2167         if (pvolume_info->remap)
2168                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
2169         if (pvolume_info->no_xattr)
2170                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
2171         if (pvolume_info->sfu_emul)
2172                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
2173         if (pvolume_info->nobrl)
2174                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
2175         if (pvolume_info->nostrictsync)
2176                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOSSYNC;
2177         if (pvolume_info->mand_lock)
2178                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOPOSIXBRL;
2179         if (pvolume_info->cifs_acl)
2180                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
2181         if (pvolume_info->override_uid)
2182                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
2183         if (pvolume_info->override_gid)
2184                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
2185         if (pvolume_info->dynperm)
2186                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DYNPERM;
2187         if (pvolume_info->direct_io) {
2188                 cFYI(1, ("mounting share using direct i/o"));
2189                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
2190         }
2191
2192         if ((pvolume_info->cifs_acl) && (pvolume_info->dynperm))
2193                 cERROR(1, ("mount option dynperm ignored if cifsacl "
2194                            "mount option supported"));
2195 }
2196
2197 static int
2198 is_path_accessible(int xid, struct cifsTconInfo *tcon,
2199                    struct cifs_sb_info *cifs_sb, const char *full_path)
2200 {
2201         int rc;
2202         __u64 inode_num;
2203         FILE_ALL_INFO *pfile_info;
2204
2205         rc = CIFSGetSrvInodeNumber(xid, tcon, full_path, &inode_num,
2206                                    cifs_sb->local_nls,
2207                                    cifs_sb->mnt_cifs_flags &
2208                                                 CIFS_MOUNT_MAP_SPECIAL_CHR);
2209         if (rc != -EOPNOTSUPP)
2210                 return rc;
2211
2212         pfile_info = kmalloc(sizeof(FILE_ALL_INFO), GFP_KERNEL);
2213         if (pfile_info == NULL)
2214                 return -ENOMEM;
2215
2216         rc = CIFSSMBQPathInfo(xid, tcon, full_path, pfile_info,
2217                               0 /* not legacy */, cifs_sb->local_nls,
2218                               cifs_sb->mnt_cifs_flags &
2219                                 CIFS_MOUNT_MAP_SPECIAL_CHR);
2220         kfree(pfile_info);
2221         return rc;
2222 }
2223
2224 static void
2225 cleanup_volume_info(struct smb_vol **pvolume_info)
2226 {
2227         struct smb_vol *volume_info;
2228
2229         if (!pvolume_info && !*pvolume_info)
2230                 return;
2231
2232         volume_info = *pvolume_info;
2233         kzfree(volume_info->password);
2234         kfree(volume_info->UNC);
2235         kfree(volume_info->prepath);
2236         kfree(volume_info);
2237         *pvolume_info = NULL;
2238         return;
2239 }
2240
2241 #ifdef CONFIG_CIFS_DFS_UPCALL
2242 /* build_path_to_root returns full path to root when
2243  * we do not have an exiting connection (tcon) */
2244 static char *
2245 build_unc_path_to_root(const struct smb_vol *volume_info,
2246                 const struct cifs_sb_info *cifs_sb)
2247 {
2248         char *full_path;
2249
2250         int unc_len = strnlen(volume_info->UNC, MAX_TREE_SIZE + 1);
2251         full_path = kmalloc(unc_len + cifs_sb->prepathlen + 1, GFP_KERNEL);
2252         if (full_path == NULL)
2253                 return ERR_PTR(-ENOMEM);
2254
2255         strncpy(full_path, volume_info->UNC, unc_len);
2256         if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) {
2257                 int i;
2258                 for (i = 0; i < unc_len; i++) {
2259                         if (full_path[i] == '\\')
2260                                 full_path[i] = '/';
2261                 }
2262         }
2263
2264         if (cifs_sb->prepathlen)
2265                 strncpy(full_path + unc_len, cifs_sb->prepath,
2266                                 cifs_sb->prepathlen);
2267
2268         full_path[unc_len + cifs_sb->prepathlen] = 0; /* add trailing null */
2269         return full_path;
2270 }
2271 #endif
2272
2273 int
2274 cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
2275                 char *mount_data_global, const char *devname)
2276 {
2277         int rc = 0;
2278         int xid;
2279         struct smb_vol *volume_info;
2280         struct cifsSesInfo *pSesInfo = NULL;
2281         struct cifsTconInfo *tcon = NULL;
2282         struct TCP_Server_Info *srvTcp = NULL;
2283         char   *full_path;
2284         char *mount_data = mount_data_global;
2285 #ifdef CONFIG_CIFS_DFS_UPCALL
2286         struct dfs_info3_param *referrals = NULL;
2287         unsigned int num_referrals = 0;
2288         int referral_walks_count = 0;
2289 try_mount_again:
2290 #endif
2291         full_path = NULL;
2292
2293         xid = GetXid();
2294
2295         volume_info = kzalloc(sizeof(struct smb_vol), GFP_KERNEL);
2296         if (!volume_info) {
2297                 rc = -ENOMEM;
2298                 goto out;
2299         }
2300
2301         if (cifs_parse_mount_options(mount_data, devname, volume_info)) {
2302                 rc = -EINVAL;
2303                 goto out;
2304         }
2305
2306         if (volume_info->nullauth) {
2307                 cFYI(1, ("null user"));
2308                 volume_info->username = "";
2309         } else if (volume_info->username) {
2310                 /* BB fixme parse for domain name here */
2311                 cFYI(1, ("Username: %s", volume_info->username));
2312         } else {
2313                 cifserror("No username specified");
2314         /* In userspace mount helper we can get user name from alternate
2315            locations such as env variables and files on disk */
2316                 rc = -EINVAL;
2317                 goto out;
2318         }
2319
2320
2321         /* this is needed for ASCII cp to Unicode converts */
2322         if (volume_info->iocharset == NULL) {
2323                 cifs_sb->local_nls = load_nls_default();
2324         /* load_nls_default can not return null */
2325         } else {
2326                 cifs_sb->local_nls = load_nls(volume_info->iocharset);
2327                 if (cifs_sb->local_nls == NULL) {
2328                         cERROR(1, ("CIFS mount error: iocharset %s not found",
2329                                  volume_info->iocharset));
2330                         rc = -ELIBACC;
2331                         goto out;
2332                 }
2333         }
2334
2335         /* get a reference to a tcp session */
2336         srvTcp = cifs_get_tcp_session(volume_info);
2337         if (IS_ERR(srvTcp)) {
2338                 rc = PTR_ERR(srvTcp);
2339                 goto out;
2340         }
2341
2342         pSesInfo = cifs_find_smb_ses(srvTcp, volume_info->username);
2343         if (pSesInfo) {
2344                 cFYI(1, ("Existing smb sess found (status=%d)",
2345                         pSesInfo->status));
2346                 /*
2347                  * The existing SMB session already has a reference to srvTcp,
2348                  * so we can put back the extra one we got before
2349                  */
2350                 cifs_put_tcp_session(srvTcp);
2351
2352                 down(&pSesInfo->sesSem);
2353                 if (pSesInfo->need_reconnect) {
2354                         cFYI(1, ("Session needs reconnect"));
2355                         rc = cifs_setup_session(xid, pSesInfo,
2356                                                 cifs_sb->local_nls);
2357                 }
2358                 up(&pSesInfo->sesSem);
2359         } else if (!rc) {
2360                 cFYI(1, ("Existing smb sess not found"));
2361                 pSesInfo = sesInfoAlloc();
2362                 if (pSesInfo == NULL) {
2363                         rc = -ENOMEM;
2364                         goto mount_fail_check;
2365                 }
2366
2367                 /* new SMB session uses our srvTcp ref */
2368                 pSesInfo->server = srvTcp;
2369                 if (srvTcp->addr.sockAddr6.sin6_family == AF_INET6)
2370                         sprintf(pSesInfo->serverName, "%pI6",
2371                                 &srvTcp->addr.sockAddr6.sin6_addr);
2372                 else
2373                         sprintf(pSesInfo->serverName, "%pI4",
2374                                 &srvTcp->addr.sockAddr.sin_addr.s_addr);
2375
2376                 write_lock(&cifs_tcp_ses_lock);
2377                 list_add(&pSesInfo->smb_ses_list, &srvTcp->smb_ses_list);
2378                 write_unlock(&cifs_tcp_ses_lock);
2379
2380                 /* volume_info->password freed at unmount */
2381                 if (volume_info->password) {
2382                         pSesInfo->password = kstrdup(volume_info->password,
2383                                                      GFP_KERNEL);
2384                         if (!pSesInfo->password) {
2385                                 rc = -ENOMEM;
2386                                 goto mount_fail_check;
2387                         }
2388                 }
2389                 if (volume_info->username)
2390                         strncpy(pSesInfo->userName, volume_info->username,
2391                                 MAX_USERNAME_SIZE);
2392                 if (volume_info->domainname) {
2393                         int len = strlen(volume_info->domainname);
2394                         pSesInfo->domainName = kmalloc(len + 1, GFP_KERNEL);
2395                         if (pSesInfo->domainName)
2396                                 strcpy(pSesInfo->domainName,
2397                                         volume_info->domainname);
2398                 }
2399                 pSesInfo->linux_uid = volume_info->linux_uid;
2400                 pSesInfo->overrideSecFlg = volume_info->secFlg;
2401                 down(&pSesInfo->sesSem);
2402
2403                 /* BB FIXME need to pass vol->secFlgs BB */
2404                 rc = cifs_setup_session(xid, pSesInfo,
2405                                         cifs_sb->local_nls);
2406                 up(&pSesInfo->sesSem);
2407         }
2408
2409         /* search for existing tcon to this server share */
2410         if (!rc) {
2411                 setup_cifs_sb(volume_info, cifs_sb);
2412
2413                 tcon = cifs_find_tcon(pSesInfo, volume_info->UNC);
2414                 if (tcon) {
2415                         cFYI(1, ("Found match on UNC path"));
2416                         /* existing tcon already has a reference */
2417                         cifs_put_smb_ses(pSesInfo);
2418                         if (tcon->seal != volume_info->seal)
2419                                 cERROR(1, ("transport encryption setting "
2420                                            "conflicts with existing tid"));
2421                 } else {
2422                         tcon = tconInfoAlloc();
2423                         if (tcon == NULL) {
2424                                 rc = -ENOMEM;
2425                                 goto mount_fail_check;
2426                         }
2427
2428                         tcon->ses = pSesInfo;
2429                         if (volume_info->password) {
2430                                 tcon->password = kstrdup(volume_info->password,
2431                                                          GFP_KERNEL);
2432                                 if (!tcon->password) {
2433                                         rc = -ENOMEM;
2434                                         goto mount_fail_check;
2435                                 }
2436                         }
2437
2438                         if ((strchr(volume_info->UNC + 3, '\\') == NULL)
2439                             && (strchr(volume_info->UNC + 3, '/') == NULL)) {
2440                                 cERROR(1, ("Missing share name"));
2441                                 rc = -ENODEV;
2442                                 goto mount_fail_check;
2443                         } else {
2444                                 /* BB Do we need to wrap sesSem around
2445                                  * this TCon call and Unix SetFS as
2446                                  * we do on SessSetup and reconnect? */
2447                                 rc = CIFSTCon(xid, pSesInfo, volume_info->UNC,
2448                                               tcon, cifs_sb->local_nls);
2449                                 cFYI(1, ("CIFS Tcon rc = %d", rc));
2450                                 if (volume_info->nodfs) {
2451                                         tcon->Flags &= ~SMB_SHARE_IS_IN_DFS;
2452                                         cFYI(1, ("DFS disabled (%d)",
2453                                                 tcon->Flags));
2454                                 }
2455                         }
2456                         if (rc)
2457                                 goto remote_path_check;
2458                         tcon->seal = volume_info->seal;
2459                         write_lock(&cifs_tcp_ses_lock);
2460                         list_add(&tcon->tcon_list, &pSesInfo->tcon_list);
2461                         write_unlock(&cifs_tcp_ses_lock);
2462                 }
2463
2464                 /* we can have only one retry value for a connection
2465                    to a share so for resources mounted more than once
2466                    to the same server share the last value passed in
2467                    for the retry flag is used */
2468                 tcon->retry = volume_info->retry;
2469                 tcon->nocase = volume_info->nocase;
2470                 tcon->local_lease = volume_info->local_lease;
2471         }
2472         if (pSesInfo) {
2473                 if (pSesInfo->capabilities & CAP_LARGE_FILES)
2474                         sb->s_maxbytes = MAX_LFS_FILESIZE;
2475                 else
2476                         sb->s_maxbytes = MAX_NON_LFS;
2477         }
2478
2479         /* BB FIXME fix time_gran to be larger for LANMAN sessions */
2480         sb->s_time_gran = 100;
2481
2482         if (rc)
2483                 goto remote_path_check;
2484
2485         cifs_sb->tcon = tcon;
2486
2487         /* do not care if following two calls succeed - informational */
2488         if (!tcon->ipc) {
2489                 CIFSSMBQFSDeviceInfo(xid, tcon);
2490                 CIFSSMBQFSAttributeInfo(xid, tcon);
2491         }
2492
2493         /* tell server which Unix caps we support */
2494         if (tcon->ses->capabilities & CAP_UNIX)
2495                 /* reset of caps checks mount to see if unix extensions
2496                    disabled for just this mount */
2497                 reset_cifs_unix_caps(xid, tcon, sb, volume_info);
2498         else
2499                 tcon->unix_ext = 0; /* server does not support them */
2500
2501         /* convert forward to back slashes in prepath here if needed */
2502         if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0)
2503                 convert_delimiter(cifs_sb->prepath, CIFS_DIR_SEP(cifs_sb));
2504
2505         if ((tcon->unix_ext == 0) && (cifs_sb->rsize > (1024 * 127))) {
2506                 cifs_sb->rsize = 1024 * 127;
2507                 cFYI(DBG2, ("no very large read support, rsize now 127K"));
2508         }
2509         if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
2510                 cifs_sb->wsize = min(cifs_sb->wsize,
2511                                (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE));
2512         if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
2513                 cifs_sb->rsize = min(cifs_sb->rsize,
2514                                (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE));
2515
2516 remote_path_check:
2517         /* check if a whole path (including prepath) is not remote */
2518         if (!rc && cifs_sb->prepathlen && tcon) {
2519                 /* build_path_to_root works only when we have a valid tcon */
2520                 full_path = cifs_build_path_to_root(cifs_sb);
2521                 if (full_path == NULL) {
2522                         rc = -ENOMEM;
2523                         goto mount_fail_check;
2524                 }
2525                 rc = is_path_accessible(xid, tcon, cifs_sb, full_path);
2526                 if (rc != -EREMOTE) {
2527                         kfree(full_path);
2528                         goto mount_fail_check;
2529                 }
2530                 kfree(full_path);
2531         }
2532
2533         /* get referral if needed */
2534         if (rc == -EREMOTE) {
2535 #ifdef CONFIG_CIFS_DFS_UPCALL
2536                 if (referral_walks_count > MAX_NESTED_LINKS) {
2537                         /*
2538                          * BB: when we implement proper loop detection,
2539                          *     we will remove this check. But now we need it
2540                          *     to prevent an indefinite loop if 'DFS tree' is
2541                          *     misconfigured (i.e. has loops).
2542                          */
2543                         rc = -ELOOP;
2544                         goto mount_fail_check;
2545                 }
2546                 /* convert forward to back slashes in prepath here if needed */
2547                 if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0)
2548                         convert_delimiter(cifs_sb->prepath,
2549                                         CIFS_DIR_SEP(cifs_sb));
2550                 full_path = build_unc_path_to_root(volume_info, cifs_sb);
2551                 if (IS_ERR(full_path)) {
2552                         rc = PTR_ERR(full_path);
2553                         goto mount_fail_check;
2554                 }
2555
2556                 cFYI(1, ("Getting referral for: %s", full_path));
2557                 rc = get_dfs_path(xid, pSesInfo , full_path + 1,
2558                         cifs_sb->local_nls, &num_referrals, &referrals,
2559                         cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR);
2560                 if (!rc && num_referrals > 0) {
2561                         char *fake_devname = NULL;
2562
2563                         if (mount_data != mount_data_global)
2564                                 kfree(mount_data);
2565
2566                         mount_data = cifs_compose_mount_options(
2567                                         cifs_sb->mountdata, full_path + 1,
2568                                         referrals, &fake_devname);
2569
2570                         free_dfs_info_array(referrals, num_referrals);
2571                         kfree(fake_devname);
2572                         kfree(full_path);
2573
2574                         if (IS_ERR(mount_data)) {
2575                                 rc = PTR_ERR(mount_data);
2576                                 mount_data = NULL;
2577                                 goto mount_fail_check;
2578                         }
2579
2580                         if (tcon)
2581                                 cifs_put_tcon(tcon);
2582                         else if (pSesInfo)
2583                                 cifs_put_smb_ses(pSesInfo);
2584
2585                         cleanup_volume_info(&volume_info);
2586                         referral_walks_count++;
2587                         goto try_mount_again;
2588                 }
2589 #else /* No DFS support, return error on mount */
2590                 rc = -EOPNOTSUPP;
2591 #endif
2592         }
2593
2594 mount_fail_check:
2595         /* on error free sesinfo and tcon struct if needed */
2596         if (rc) {
2597                 if (mount_data != mount_data_global)
2598                         kfree(mount_data);
2599                 /* If find_unc succeeded then rc == 0 so we can not end */
2600                 /* up accidently freeing someone elses tcon struct */
2601                 if (tcon)
2602                         cifs_put_tcon(tcon);
2603                 else if (pSesInfo)
2604                         cifs_put_smb_ses(pSesInfo);
2605                 else
2606                         cifs_put_tcp_session(srvTcp);
2607                 goto out;
2608         }
2609
2610         /* volume_info->password is freed above when existing session found
2611         (in which case it is not needed anymore) but when new sesion is created
2612         the password ptr is put in the new session structure (in which case the
2613         password will be freed at unmount time) */
2614 out:
2615         /* zero out password before freeing */
2616         cleanup_volume_info(&volume_info);
2617         FreeXid(xid);
2618         return rc;
2619 }
2620
2621 int
2622 CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
2623          const char *tree, struct cifsTconInfo *tcon,
2624          const struct nls_table *nls_codepage)
2625 {
2626         struct smb_hdr *smb_buffer;
2627         struct smb_hdr *smb_buffer_response;
2628         TCONX_REQ *pSMB;
2629         TCONX_RSP *pSMBr;
2630         unsigned char *bcc_ptr;
2631         int rc = 0;
2632         int length, bytes_left;
2633         __u16 count;
2634
2635         if (ses == NULL)
2636                 return -EIO;
2637
2638         smb_buffer = cifs_buf_get();
2639         if (smb_buffer == NULL) {
2640                 return -ENOMEM;
2641         }
2642         smb_buffer_response = smb_buffer;
2643
2644         header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
2645                         NULL /*no tid */ , 4 /*wct */ );
2646
2647         smb_buffer->Mid = GetNextMid(ses->server);
2648         smb_buffer->Uid = ses->Suid;
2649         pSMB = (TCONX_REQ *) smb_buffer;
2650         pSMBr = (TCONX_RSP *) smb_buffer_response;
2651
2652         pSMB->AndXCommand = 0xFF;
2653         pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
2654         bcc_ptr = &pSMB->Password[0];
2655         if ((ses->server->secMode) & SECMODE_USER) {
2656                 pSMB->PasswordLength = cpu_to_le16(1);  /* minimum */
2657                 *bcc_ptr = 0; /* password is null byte */
2658                 bcc_ptr++;              /* skip password */
2659                 /* already aligned so no need to do it below */
2660         } else {
2661                 pSMB->PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);
2662                 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
2663                    specified as required (when that support is added to
2664                    the vfs in the future) as only NTLM or the much
2665                    weaker LANMAN (which we do not send by default) is accepted
2666                    by Samba (not sure whether other servers allow
2667                    NTLMv2 password here) */
2668 #ifdef CONFIG_CIFS_WEAK_PW_HASH
2669                 if ((extended_security & CIFSSEC_MAY_LANMAN) &&
2670                     (ses->server->secType == LANMAN))
2671                         calc_lanman_hash(tcon->password, ses->server->cryptKey,
2672                                          ses->server->secMode &
2673                                             SECMODE_PW_ENCRYPT ? true : false,
2674                                          bcc_ptr);
2675                 else
2676 #endif /* CIFS_WEAK_PW_HASH */
2677                 SMBNTencrypt(tcon->password, ses->server->cryptKey,
2678                              bcc_ptr);
2679
2680                 bcc_ptr += CIFS_SESS_KEY_SIZE;
2681                 if (ses->capabilities & CAP_UNICODE) {
2682                         /* must align unicode strings */
2683                         *bcc_ptr = 0; /* null byte password */
2684                         bcc_ptr++;
2685                 }
2686         }
2687
2688         if (ses->server->secMode &
2689                         (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2690                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2691
2692         if (ses->capabilities & CAP_STATUS32) {
2693                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2694         }
2695         if (ses->capabilities & CAP_DFS) {
2696                 smb_buffer->Flags2 |= SMBFLG2_DFS;
2697         }
2698         if (ses->capabilities & CAP_UNICODE) {
2699                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2700                 length =
2701                     cifs_strtoUCS((__le16 *) bcc_ptr, tree,
2702                         6 /* max utf8 char length in bytes */ *
2703                         (/* server len*/ + 256 /* share len */), nls_codepage);
2704                 bcc_ptr += 2 * length;  /* convert num 16 bit words to bytes */
2705                 bcc_ptr += 2;   /* skip trailing null */
2706         } else {                /* ASCII */
2707                 strcpy(bcc_ptr, tree);
2708                 bcc_ptr += strlen(tree) + 1;
2709         }
2710         strcpy(bcc_ptr, "?????");
2711         bcc_ptr += strlen("?????");
2712         bcc_ptr += 1;
2713         count = bcc_ptr - &pSMB->Password[0];
2714         pSMB->hdr.smb_buf_length += count;
2715         pSMB->ByteCount = cpu_to_le16(count);
2716
2717         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length,
2718                          CIFS_STD_OP);
2719
2720         /* above now done in SendReceive */
2721         if ((rc == 0) && (tcon != NULL)) {
2722                 bool is_unicode;
2723
2724                 tcon->tidStatus = CifsGood;
2725                 tcon->need_reconnect = false;
2726                 tcon->tid = smb_buffer_response->Tid;
2727                 bcc_ptr = pByteArea(smb_buffer_response);
2728                 bytes_left = BCC(smb_buffer_response);
2729                 length = strnlen(bcc_ptr, bytes_left - 2);
2730                 if (smb_buffer->Flags2 & SMBFLG2_UNICODE)
2731                         is_unicode = true;
2732                 else
2733                         is_unicode = false;
2734
2735
2736                 /* skip service field (NB: this field is always ASCII) */
2737                 if (length == 3) {
2738                         if ((bcc_ptr[0] == 'I') && (bcc_ptr[1] == 'P') &&
2739                             (bcc_ptr[2] == 'C')) {
2740                                 cFYI(1, ("IPC connection"));
2741                                 tcon->ipc = 1;
2742                         }
2743                 } else if (length == 2) {
2744                         if ((bcc_ptr[0] == 'A') && (bcc_ptr[1] == ':')) {
2745                                 /* the most common case */
2746                                 cFYI(1, ("disk share connection"));
2747                         }
2748                 }
2749                 bcc_ptr += length + 1;
2750                 bytes_left -= (length + 1);
2751                 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
2752
2753                 /* mostly informational -- no need to fail on error here */
2754                 kfree(tcon->nativeFileSystem);
2755                 tcon->nativeFileSystem = cifs_strndup_from_ucs(bcc_ptr,
2756                                                       bytes_left, is_unicode,
2757                                                       nls_codepage);
2758
2759                 cFYI(1, ("nativeFileSystem=%s", tcon->nativeFileSystem));
2760
2761                 if ((smb_buffer_response->WordCount == 3) ||
2762                          (smb_buffer_response->WordCount == 7))
2763                         /* field is in same location */
2764                         tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
2765                 else
2766                         tcon->Flags = 0;
2767                 cFYI(1, ("Tcon flags: 0x%x ", tcon->Flags));
2768         } else if ((rc == 0) && tcon == NULL) {
2769                 /* all we need to save for IPC$ connection */
2770                 ses->ipc_tid = smb_buffer_response->Tid;
2771         }
2772
2773         cifs_buf_release(smb_buffer);
2774         return rc;
2775 }
2776
2777 int
2778 cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
2779 {
2780         int rc = 0;
2781         char *tmp;
2782
2783         if (cifs_sb->tcon)
2784                 cifs_put_tcon(cifs_sb->tcon);
2785
2786         cifs_sb->tcon = NULL;
2787         tmp = cifs_sb->prepath;
2788         cifs_sb->prepathlen = 0;
2789         cifs_sb->prepath = NULL;
2790         kfree(tmp);
2791
2792         return rc;
2793 }
2794
2795 int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
2796                                            struct nls_table *nls_info)
2797 {
2798         int rc = 0;
2799         int first_time = 0;
2800         struct TCP_Server_Info *server = pSesInfo->server;
2801
2802         /* what if server changes its buffer size after dropping the session? */
2803         if (server->maxBuf == 0) /* no need to send on reconnect */ {
2804                 rc = CIFSSMBNegotiate(xid, pSesInfo);
2805                 if (rc == -EAGAIN) {
2806                         /* retry only once on 1st time connection */
2807                         rc = CIFSSMBNegotiate(xid, pSesInfo);
2808                         if (rc == -EAGAIN)
2809                                 rc = -EHOSTDOWN;
2810                 }
2811                 if (rc == 0) {
2812                         spin_lock(&GlobalMid_Lock);
2813                         if (server->tcpStatus != CifsExiting)
2814                                 server->tcpStatus = CifsGood;
2815                         else
2816                                 rc = -EHOSTDOWN;
2817                         spin_unlock(&GlobalMid_Lock);
2818
2819                 }
2820                 first_time = 1;
2821         }
2822
2823         if (rc)
2824                 goto ss_err_exit;
2825
2826         pSesInfo->flags = 0;
2827         pSesInfo->capabilities = server->capabilities;
2828         if (linuxExtEnabled == 0)
2829                 pSesInfo->capabilities &= (~CAP_UNIX);
2830
2831         cFYI(1, ("Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d",
2832                  server->secMode, server->capabilities, server->timeAdj));
2833
2834         rc = CIFS_SessSetup(xid, pSesInfo, first_time, nls_info);
2835         if (rc) {
2836                 cERROR(1, ("Send error in SessSetup = %d", rc));
2837         } else {
2838                 cFYI(1, ("CIFS Session Established successfully"));
2839                 spin_lock(&GlobalMid_Lock);
2840                 pSesInfo->status = CifsGood;
2841                 pSesInfo->need_reconnect = false;
2842                 spin_unlock(&GlobalMid_Lock);
2843         }
2844
2845 ss_err_exit:
2846         return rc;
2847 }
2848