[CIFS] Allow disabling CIFS Unix Extensions as mount option
[linux-2.6] / fs / cifs / connect.c
1 /*
2  *   fs/cifs/connect.c
3  *
4  *   Copyright (C) International Business Machines  Corp., 2002,2007
5  *   Author(s): Steve French (sfrench@us.ibm.com)
6  *
7  *   This library is free software; you can redistribute it and/or modify
8  *   it under the terms of the GNU Lesser General Public License as published
9  *   by the Free Software Foundation; either version 2.1 of the License, or
10  *   (at your option) any later version.
11  *
12  *   This library is distributed in the hope that it will be useful,
13  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
14  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
15  *   the GNU Lesser General Public License for more details.
16  *
17  *   You should have received a copy of the GNU Lesser General Public License
18  *   along with this library; if not, write to the Free Software
19  *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20  */
21 #include <linux/fs.h>
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/ipv6.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/kthread.h>
34 #include <linux/pagevec.h>
35 #include <linux/freezer.h>
36 #include <asm/uaccess.h>
37 #include <asm/processor.h>
38 #include "cifspdu.h"
39 #include "cifsglob.h"
40 #include "cifsproto.h"
41 #include "cifs_unicode.h"
42 #include "cifs_debug.h"
43 #include "cifs_fs_sb.h"
44 #include "ntlmssp.h"
45 #include "nterr.h"
46 #include "rfc1002pdu.h"
47 #include "cn_cifs.h"
48
49 #define CIFS_PORT 445
50 #define RFC1001_PORT 139
51
52 static DECLARE_COMPLETION(cifsd_complete);
53
54 extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
55                          unsigned char *p24);
56
57 extern mempool_t *cifs_req_poolp;
58
59 struct smb_vol {
60         char *username;
61         char *password;
62         char *domainname;
63         char *UNC;
64         char *UNCip;
65         char *in6_addr;  /* ipv6 address as human readable form of in6_addr */
66         char *iocharset;  /* local code page for mapping to and from Unicode */
67         char source_rfc1001_name[16]; /* netbios name of client */
68         char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
69         uid_t linux_uid;
70         gid_t linux_gid;
71         mode_t file_mode;
72         mode_t dir_mode;
73         unsigned secFlg;
74         unsigned rw:1;
75         unsigned retry:1;
76         unsigned intr:1;
77         unsigned setuids:1;
78         unsigned override_uid:1;
79         unsigned override_gid:1;
80         unsigned noperm:1;
81         unsigned no_psx_acl:1; /* set if posix acl support should be disabled */
82         unsigned cifs_acl:1;
83         unsigned no_xattr:1;   /* set if xattr (EA) support should be disabled*/
84         unsigned server_ino:1; /* use inode numbers from server ie UniqueId */
85         unsigned direct_io:1;
86         unsigned remap:1;   /* set to remap seven reserved chars in filenames */
87         unsigned posix_paths:1;   /* unset to not ask for posix pathnames. */
88         unsigned no_linux_ext:1;
89         unsigned sfu_emul:1;
90         unsigned nullauth:1; /* attempt to authenticate with null user */
91         unsigned nocase;     /* request case insensitive filenames */
92         unsigned nobrl;      /* disable sending byte range locks to srv */
93         unsigned int rsize;
94         unsigned int wsize;
95         unsigned int sockopt;
96         unsigned short int port;
97         char *prepath;
98 };
99
100 static int ipv4_connect(struct sockaddr_in *psin_server,
101                         struct socket **csocket,
102                         char *netb_name,
103                         char *server_netb_name);
104 static int ipv6_connect(struct sockaddr_in6 *psin_server,
105                         struct socket **csocket);
106
107
108         /*
109          * cifs tcp session reconnection
110          *
111          * mark tcp session as reconnecting so temporarily locked
112          * mark all smb sessions as reconnecting for tcp session
113          * reconnect tcp session
114          * wake up waiters on reconnection? - (not needed currently)
115          */
116
117 static int
118 cifs_reconnect(struct TCP_Server_Info *server)
119 {
120         int rc = 0;
121         struct list_head *tmp;
122         struct cifsSesInfo *ses;
123         struct cifsTconInfo *tcon;
124         struct mid_q_entry *mid_entry;
125
126         spin_lock(&GlobalMid_Lock);
127         if ( kthread_should_stop() ) {
128                 /* the demux thread will exit normally
129                 next time through the loop */
130                 spin_unlock(&GlobalMid_Lock);
131                 return rc;
132         } else
133                 server->tcpStatus = CifsNeedReconnect;
134         spin_unlock(&GlobalMid_Lock);
135         server->maxBuf = 0;
136
137         cFYI(1, ("Reconnecting tcp session"));
138
139         /* before reconnecting the tcp session, mark the smb session (uid)
140                 and the tid bad so they are not used until reconnected */
141         read_lock(&GlobalSMBSeslock);
142         list_for_each(tmp, &GlobalSMBSessionList) {
143                 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
144                 if (ses->server) {
145                         if (ses->server == server) {
146                                 ses->status = CifsNeedReconnect;
147                                 ses->ipc_tid = 0;
148                         }
149                 }
150                 /* else tcp and smb sessions need reconnection */
151         }
152         list_for_each(tmp, &GlobalTreeConnectionList) {
153                 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
154                 if ((tcon) && (tcon->ses) && (tcon->ses->server == server)) {
155                         tcon->tidStatus = CifsNeedReconnect;
156                 }
157         }
158         read_unlock(&GlobalSMBSeslock);
159         /* do not want to be sending data on a socket we are freeing */
160         down(&server->tcpSem);
161         if (server->ssocket) {
162                 cFYI(1, ("State: 0x%x Flags: 0x%lx", server->ssocket->state,
163                         server->ssocket->flags));
164                 server->ssocket->ops->shutdown(server->ssocket, SEND_SHUTDOWN);
165                 cFYI(1, ("Post shutdown state: 0x%x Flags: 0x%lx",
166                         server->ssocket->state,
167                         server->ssocket->flags));
168                 sock_release(server->ssocket);
169                 server->ssocket = NULL;
170         }
171
172         spin_lock(&GlobalMid_Lock);
173         list_for_each(tmp, &server->pending_mid_q) {
174                 mid_entry = list_entry(tmp, struct
175                                         mid_q_entry,
176                                         qhead);
177                 if (mid_entry) {
178                         if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
179                                 /* Mark other intransit requests as needing
180                                    retry so we do not immediately mark the
181                                    session bad again (ie after we reconnect
182                                    below) as they timeout too */
183                                 mid_entry->midState = MID_RETRY_NEEDED;
184                         }
185                 }
186         }
187         spin_unlock(&GlobalMid_Lock);
188         up(&server->tcpSem);
189
190         while ( (!kthread_should_stop()) && (server->tcpStatus != CifsGood)) {
191                 try_to_freeze();
192                 if (server->protocolType == IPV6) {
193                         rc = ipv6_connect(&server->addr.sockAddr6,
194                                           &server->ssocket);
195                 } else {
196                         rc = ipv4_connect(&server->addr.sockAddr,
197                                         &server->ssocket,
198                                         server->workstation_RFC1001_name,
199                                         server->server_RFC1001_name);
200                 }
201                 if (rc) {
202                         cFYI(1, ("reconnect error %d", rc));
203                         msleep(3000);
204                 } else {
205                         atomic_inc(&tcpSesReconnectCount);
206                         spin_lock(&GlobalMid_Lock);
207                         if ( !kthread_should_stop() )
208                                 server->tcpStatus = CifsGood;
209                         server->sequence_number = 0;
210                         spin_unlock(&GlobalMid_Lock);
211         /*              atomic_set(&server->inFlight,0);*/
212                         wake_up(&server->response_q);
213                 }
214         }
215         return rc;
216 }
217
218 /*
219         return codes:
220                 0       not a transact2, or all data present
221                 >0      transact2 with that much data missing
222                 -EINVAL = invalid transact2
223
224  */
225 static int check2ndT2(struct smb_hdr *pSMB, unsigned int maxBufSize)
226 {
227         struct smb_t2_rsp *pSMBt;
228         int total_data_size;
229         int data_in_this_rsp;
230         int remaining;
231
232         if (pSMB->Command != SMB_COM_TRANSACTION2)
233                 return 0;
234
235         /* check for plausible wct, bcc and t2 data and parm sizes */
236         /* check for parm and data offset going beyond end of smb */
237         if (pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
238                 cFYI(1, ("invalid transact2 word count"));
239                 return -EINVAL;
240         }
241
242         pSMBt = (struct smb_t2_rsp *)pSMB;
243
244         total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
245         data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
246
247         remaining = total_data_size - data_in_this_rsp;
248
249         if (remaining == 0)
250                 return 0;
251         else if (remaining < 0) {
252                 cFYI(1, ("total data %d smaller than data in frame %d",
253                         total_data_size, data_in_this_rsp));
254                 return -EINVAL;
255         } else {
256                 cFYI(1, ("missing %d bytes from transact2, check next response",
257                         remaining));
258                 if (total_data_size > maxBufSize) {
259                         cERROR(1, ("TotalDataSize %d is over maximum buffer %d",
260                                 total_data_size, maxBufSize));
261                         return -EINVAL;
262                 }
263                 return remaining;
264         }
265 }
266
267 static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
268 {
269         struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
270         struct smb_t2_rsp *pSMBt  = (struct smb_t2_rsp *)pTargetSMB;
271         int total_data_size;
272         int total_in_buf;
273         int remaining;
274         int total_in_buf2;
275         char *data_area_of_target;
276         char *data_area_of_buf2;
277         __u16 byte_count;
278
279         total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
280
281         if (total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
282                 cFYI(1, ("total data size of primary and secondary t2 differ"));
283         }
284
285         total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
286
287         remaining = total_data_size - total_in_buf;
288
289         if (remaining < 0)
290                 return -EINVAL;
291
292         if (remaining == 0) /* nothing to do, ignore */
293                 return 0;
294
295         total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
296         if (remaining < total_in_buf2) {
297                 cFYI(1, ("transact2 2nd response contains too much data"));
298         }
299
300         /* find end of first SMB data area */
301         data_area_of_target = (char *)&pSMBt->hdr.Protocol +
302                                 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
303         /* validate target area */
304
305         data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
306                                         le16_to_cpu(pSMB2->t2_rsp.DataOffset);
307
308         data_area_of_target += total_in_buf;
309
310         /* copy second buffer into end of first buffer */
311         memcpy(data_area_of_target, data_area_of_buf2, total_in_buf2);
312         total_in_buf += total_in_buf2;
313         pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
314         byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
315         byte_count += total_in_buf2;
316         BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
317
318         byte_count = pTargetSMB->smb_buf_length;
319         byte_count += total_in_buf2;
320
321         /* BB also add check that we are not beyond maximum buffer size */
322
323         pTargetSMB->smb_buf_length = byte_count;
324
325         if (remaining == total_in_buf2) {
326                 cFYI(1, ("found the last secondary response"));
327                 return 0; /* we are done */
328         } else /* more responses to go */
329                 return 1;
330
331 }
332
333 static int
334 cifs_demultiplex_thread(struct TCP_Server_Info *server)
335 {
336         int length;
337         unsigned int pdu_length, total_read;
338         struct smb_hdr *smb_buffer = NULL;
339         struct smb_hdr *bigbuf = NULL;
340         struct smb_hdr *smallbuf = NULL;
341         struct msghdr smb_msg;
342         struct kvec iov;
343         struct socket *csocket = server->ssocket;
344         struct list_head *tmp;
345         struct cifsSesInfo *ses;
346         struct task_struct *task_to_wake = NULL;
347         struct mid_q_entry *mid_entry;
348         char temp;
349         int isLargeBuf = FALSE;
350         int isMultiRsp;
351         int reconnect;
352
353         current->flags |= PF_MEMALLOC;
354         server->tsk = current;  /* save process info to wake at shutdown */
355         cFYI(1, ("Demultiplex PID: %d", current->pid));
356         write_lock(&GlobalSMBSeslock);
357         atomic_inc(&tcpSesAllocCount);
358         length = tcpSesAllocCount.counter;
359         write_unlock(&GlobalSMBSeslock);
360         complete(&cifsd_complete);
361         if (length  > 1) {
362                 mempool_resize(cifs_req_poolp,
363                         length + cifs_min_rcv,
364                         GFP_KERNEL);
365         }
366
367         while (!kthread_should_stop()) {
368                 if (try_to_freeze())
369                         continue;
370                 if (bigbuf == NULL) {
371                         bigbuf = cifs_buf_get();
372                         if (!bigbuf) {
373                                 cERROR(1, ("No memory for large SMB response"));
374                                 msleep(3000);
375                                 /* retry will check if exiting */
376                                 continue;
377                         }
378                 } else if (isLargeBuf) {
379                         /* we are reusing a dirty large buf, clear its start */
380                         memset(bigbuf, 0, sizeof (struct smb_hdr));
381                 }
382
383                 if (smallbuf == NULL) {
384                         smallbuf = cifs_small_buf_get();
385                         if (!smallbuf) {
386                                 cERROR(1, ("No memory for SMB response"));
387                                 msleep(1000);
388                                 /* retry will check if exiting */
389                                 continue;
390                         }
391                         /* beginning of smb buffer is cleared in our buf_get */
392                 } else /* if existing small buf clear beginning */
393                         memset(smallbuf, 0, sizeof (struct smb_hdr));
394
395                 isLargeBuf = FALSE;
396                 isMultiRsp = FALSE;
397                 smb_buffer = smallbuf;
398                 iov.iov_base = smb_buffer;
399                 iov.iov_len = 4;
400                 smb_msg.msg_control = NULL;
401                 smb_msg.msg_controllen = 0;
402                 length =
403                     kernel_recvmsg(csocket, &smb_msg,
404                                  &iov, 1, 4, 0 /* BB see socket.h flags */);
405
406                 if ( kthread_should_stop() ) {
407                         break;
408                 } else if (server->tcpStatus == CifsNeedReconnect) {
409                         cFYI(1, ("Reconnect after server stopped responding"));
410                         cifs_reconnect(server);
411                         cFYI(1, ("call to reconnect done"));
412                         csocket = server->ssocket;
413                         continue;
414                 } else if ((length == -ERESTARTSYS) || (length == -EAGAIN)) {
415                         msleep(1); /* minimum sleep to prevent looping
416                                 allowing socket to clear and app threads to set
417                                 tcpStatus CifsNeedReconnect if server hung */
418                         continue;
419                 } else if (length <= 0) {
420                         if (server->tcpStatus == CifsNew) {
421                                 cFYI(1, ("tcp session abend after SMBnegprot"));
422                                 /* some servers kill the TCP session rather than
423                                    returning an SMB negprot error, in which
424                                    case reconnecting here is not going to help,
425                                    and so simply return error to mount */
426                                 break;
427                         }
428                         if (!try_to_freeze() && (length == -EINTR)) {
429                                 cFYI(1, ("cifsd thread killed"));
430                                 break;
431                         }
432                         cFYI(1, ("Reconnect after unexpected peek error %d",
433                                 length));
434                         cifs_reconnect(server);
435                         csocket = server->ssocket;
436                         wake_up(&server->response_q);
437                         continue;
438                 } else if (length < 4) {
439                         cFYI(1,
440                             ("Frame under four bytes received (%d bytes long)",
441                               length));
442                         cifs_reconnect(server);
443                         csocket = server->ssocket;
444                         wake_up(&server->response_q);
445                         continue;
446                 }
447
448                 /* The right amount was read from socket - 4 bytes */
449                 /* so we can now interpret the length field */
450
451                 /* the first byte big endian of the length field,
452                 is actually not part of the length but the type
453                 with the most common, zero, as regular data */
454                 temp = *((char *) smb_buffer);
455
456                 /* Note that FC 1001 length is big endian on the wire,
457                 but we convert it here so it is always manipulated
458                 as host byte order */
459                 pdu_length = ntohl(smb_buffer->smb_buf_length);
460                 smb_buffer->smb_buf_length = pdu_length;
461
462                 cFYI(1, ("rfc1002 length 0x%x", pdu_length+4));
463
464                 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
465                         continue;
466                 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
467                         cFYI(1, ("Good RFC 1002 session rsp"));
468                         continue;
469                 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
470                         /* we get this from Windows 98 instead of
471                            an error on SMB negprot response */
472                         cFYI(1, ("Negative RFC1002 Session Response Error 0x%x)",
473                                 pdu_length));
474                         if (server->tcpStatus == CifsNew) {
475                                 /* if nack on negprot (rather than
476                                 ret of smb negprot error) reconnecting
477                                 not going to help, ret error to mount */
478                                 break;
479                         } else {
480                                 /* give server a second to
481                                 clean up before reconnect attempt */
482                                 msleep(1000);
483                                 /* always try 445 first on reconnect
484                                 since we get NACK on some if we ever
485                                 connected to port 139 (the NACK is
486                                 since we do not begin with RFC1001
487                                 session initialize frame) */
488                                 server->addr.sockAddr.sin_port =
489                                         htons(CIFS_PORT);
490                                 cifs_reconnect(server);
491                                 csocket = server->ssocket;
492                                 wake_up(&server->response_q);
493                                 continue;
494                         }
495                 } else if (temp != (char) 0) {
496                         cERROR(1, ("Unknown RFC 1002 frame"));
497                         cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
498                                       length);
499                         cifs_reconnect(server);
500                         csocket = server->ssocket;
501                         continue;
502                 }
503
504                 /* else we have an SMB response */
505                 if ((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
506                             (pdu_length < sizeof (struct smb_hdr) - 1 - 4)) {
507                         cERROR(1, ("Invalid size SMB length %d pdu_length %d",
508                                         length, pdu_length+4));
509                         cifs_reconnect(server);
510                         csocket = server->ssocket;
511                         wake_up(&server->response_q);
512                         continue;
513                 }
514
515                 /* else length ok */
516                 reconnect = 0;
517
518                 if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
519                         isLargeBuf = TRUE;
520                         memcpy(bigbuf, smallbuf, 4);
521                         smb_buffer = bigbuf;
522                 }
523                 length = 0;
524                 iov.iov_base = 4 + (char *)smb_buffer;
525                 iov.iov_len = pdu_length;
526                 for (total_read = 0; total_read < pdu_length;
527                      total_read += length) {
528                         length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
529                                                 pdu_length - total_read, 0);
530                         if ( kthread_should_stop() ||
531                             (length == -EINTR)) {
532                                 /* then will exit */
533                                 reconnect = 2;
534                                 break;
535                         } else if (server->tcpStatus == CifsNeedReconnect) {
536                                 cifs_reconnect(server);
537                                 csocket = server->ssocket;
538                                 /* Reconnect wakes up rspns q */
539                                 /* Now we will reread sock */
540                                 reconnect = 1;
541                                 break;
542                         } else if ((length == -ERESTARTSYS) ||
543                                    (length == -EAGAIN)) {
544                                 msleep(1); /* minimum sleep to prevent looping,
545                                               allowing socket to clear and app
546                                               threads to set tcpStatus
547                                               CifsNeedReconnect if server hung*/
548                                 continue;
549                         } else if (length <= 0) {
550                                 cERROR(1, ("Received no data, expecting %d",
551                                               pdu_length - total_read));
552                                 cifs_reconnect(server);
553                                 csocket = server->ssocket;
554                                 reconnect = 1;
555                                 break;
556                         }
557                 }
558                 if (reconnect == 2)
559                         break;
560                 else if (reconnect == 1)
561                         continue;
562
563                 length += 4; /* account for rfc1002 hdr */
564
565
566                 dump_smb(smb_buffer, length);
567                 if (checkSMB(smb_buffer, smb_buffer->Mid, total_read+4)) {
568                         cifs_dump_mem("Bad SMB: ", smb_buffer, 48);
569                         continue;
570                 }
571
572
573                 task_to_wake = NULL;
574                 spin_lock(&GlobalMid_Lock);
575                 list_for_each(tmp, &server->pending_mid_q) {
576                         mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
577
578                         if ((mid_entry->mid == smb_buffer->Mid) &&
579                             (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
580                             (mid_entry->command == smb_buffer->Command)) {
581                                 if (check2ndT2(smb_buffer,server->maxBuf) > 0) {
582                                         /* We have a multipart transact2 resp */
583                                         isMultiRsp = TRUE;
584                                         if (mid_entry->resp_buf) {
585                                                 /* merge response - fix up 1st*/
586                                                 if (coalesce_t2(smb_buffer,
587                                                         mid_entry->resp_buf)) {
588                                                         mid_entry->multiRsp = 1;
589                                                         break;
590                                                 } else {
591                                                         /* all parts received */
592                                                         mid_entry->multiEnd = 1;
593                                                         goto multi_t2_fnd;
594                                                 }
595                                         } else {
596                                                 if (!isLargeBuf) {
597                                                         cERROR(1,("1st trans2 resp needs bigbuf"));
598                                         /* BB maybe we can fix this up,  switch
599                                            to already allocated large buffer? */
600                                                 } else {
601                                                         /* Have first buffer */
602                                                         mid_entry->resp_buf =
603                                                                  smb_buffer;
604                                                         mid_entry->largeBuf = 1;
605                                                         bigbuf = NULL;
606                                                 }
607                                         }
608                                         break;
609                                 }
610                                 mid_entry->resp_buf = smb_buffer;
611                                 if (isLargeBuf)
612                                         mid_entry->largeBuf = 1;
613                                 else
614                                         mid_entry->largeBuf = 0;
615 multi_t2_fnd:
616                                 task_to_wake = mid_entry->tsk;
617                                 mid_entry->midState = MID_RESPONSE_RECEIVED;
618 #ifdef CONFIG_CIFS_STATS2
619                                 mid_entry->when_received = jiffies;
620 #endif
621                                 /* so we do not time out requests to  server
622                                 which is still responding (since server could
623                                 be busy but not dead) */
624                                 server->lstrp = jiffies;
625                                 break;
626                         }
627                 }
628                 spin_unlock(&GlobalMid_Lock);
629                 if (task_to_wake) {
630                         /* Was previous buf put in mpx struct for multi-rsp? */
631                         if (!isMultiRsp) {
632                                 /* smb buffer will be freed by user thread */
633                                 if (isLargeBuf) {
634                                         bigbuf = NULL;
635                                 } else
636                                         smallbuf = NULL;
637                         }
638                         wake_up_process(task_to_wake);
639                 } else if ((is_valid_oplock_break(smb_buffer, server) == FALSE)
640                     && (isMultiRsp == FALSE)) {
641                         cERROR(1, ("No task to wake, unknown frame received! "
642                                    "NumMids %d", midCount.counter));
643                         cifs_dump_mem("Received Data is: ", (char *)smb_buffer,
644                                       sizeof(struct smb_hdr));
645 #ifdef CONFIG_CIFS_DEBUG2
646                         cifs_dump_detail(smb_buffer);
647                         cifs_dump_mids(server);
648 #endif /* CIFS_DEBUG2 */
649
650                 }
651         } /* end while !EXITING */
652
653         spin_lock(&GlobalMid_Lock);
654         server->tcpStatus = CifsExiting;
655         server->tsk = NULL;
656         /* check if we have blocked requests that need to free */
657         /* Note that cifs_max_pending is normally 50, but
658         can be set at module install time to as little as two */
659         if (atomic_read(&server->inFlight) >= cifs_max_pending)
660                 atomic_set(&server->inFlight, cifs_max_pending - 1);
661         /* We do not want to set the max_pending too low or we
662         could end up with the counter going negative */
663         spin_unlock(&GlobalMid_Lock);
664         /* Although there should not be any requests blocked on
665         this queue it can not hurt to be paranoid and try to wake up requests
666         that may haven been blocked when more than 50 at time were on the wire
667         to the same server - they now will see the session is in exit state
668         and get out of SendReceive.  */
669         wake_up_all(&server->request_q);
670         /* give those requests time to exit */
671         msleep(125);
672
673         if (server->ssocket) {
674                 sock_release(csocket);
675                 server->ssocket = NULL;
676         }
677         /* buffer usuallly freed in free_mid - need to free it here on exit */
678         if (bigbuf != NULL)
679                 cifs_buf_release(bigbuf);
680         if (smallbuf != NULL)
681                 cifs_small_buf_release(smallbuf);
682
683         read_lock(&GlobalSMBSeslock);
684         if (list_empty(&server->pending_mid_q)) {
685                 /* loop through server session structures attached to this and
686                     mark them dead */
687                 list_for_each(tmp, &GlobalSMBSessionList) {
688                         ses =
689                             list_entry(tmp, struct cifsSesInfo,
690                                        cifsSessionList);
691                         if (ses->server == server) {
692                                 ses->status = CifsExiting;
693                                 ses->server = NULL;
694                         }
695                 }
696                 read_unlock(&GlobalSMBSeslock);
697         } else {
698                 /* although we can not zero the server struct pointer yet,
699                 since there are active requests which may depnd on them,
700                 mark the corresponding SMB sessions as exiting too */
701                 list_for_each(tmp, &GlobalSMBSessionList) {
702                         ses = list_entry(tmp, struct cifsSesInfo,
703                                          cifsSessionList);
704                         if (ses->server == server) {
705                                 ses->status = CifsExiting;
706                         }
707                 }
708
709                 spin_lock(&GlobalMid_Lock);
710                 list_for_each(tmp, &server->pending_mid_q) {
711                 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
712                         if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
713                                 cFYI(1, ("Clearing Mid 0x%x - waking up ",
714                                          mid_entry->mid));
715                                 task_to_wake = mid_entry->tsk;
716                                 if (task_to_wake) {
717                                         wake_up_process(task_to_wake);
718                                 }
719                         }
720                 }
721                 spin_unlock(&GlobalMid_Lock);
722                 read_unlock(&GlobalSMBSeslock);
723                 /* 1/8th of sec is more than enough time for them to exit */
724                 msleep(125);
725         }
726
727         if (!list_empty(&server->pending_mid_q)) {
728                 /* mpx threads have not exited yet give them
729                 at least the smb send timeout time for long ops */
730                 /* due to delays on oplock break requests, we need
731                 to wait at least 45 seconds before giving up
732                 on a request getting a response and going ahead
733                 and killing cifsd */
734                 cFYI(1, ("Wait for exit from demultiplex thread"));
735                 msleep(46000);
736                 /* if threads still have not exited they are probably never
737                 coming home not much else we can do but free the memory */
738         }
739
740         write_lock(&GlobalSMBSeslock);
741         atomic_dec(&tcpSesAllocCount);
742         length = tcpSesAllocCount.counter;
743
744         /* last chance to mark ses pointers invalid
745         if there are any pointing to this (e.g
746         if a crazy root user tried to kill cifsd
747         kernel thread explicitly this might happen) */
748         list_for_each(tmp, &GlobalSMBSessionList) {
749                 ses = list_entry(tmp, struct cifsSesInfo,
750                                 cifsSessionList);
751                 if (ses->server == server) {
752                         ses->server = NULL;
753                 }
754         }
755         write_unlock(&GlobalSMBSeslock);
756
757         kfree(server);
758         if (length  > 0) {
759                 mempool_resize(cifs_req_poolp,
760                         length + cifs_min_rcv,
761                         GFP_KERNEL);
762         }
763
764         return 0;
765 }
766
767 static int
768 cifs_parse_mount_options(char *options, const char *devname,
769                          struct smb_vol *vol)
770 {
771         char *value;
772         char *data;
773         unsigned int  temp_len, i, j;
774         char separator[2];
775
776         separator[0] = ',';
777         separator[1] = 0;
778
779         if (Local_System_Name[0] != 0)
780                 memcpy(vol->source_rfc1001_name, Local_System_Name, 15);
781         else {
782                 char *nodename = utsname()->nodename;
783                 int n = strnlen(nodename, 15);
784                 memset(vol->source_rfc1001_name, 0x20, 15);
785                 for (i = 0; i < n; i++) {
786                         /* does not have to be perfect mapping since field is
787                         informational, only used for servers that do not support
788                         port 445 and it can be overridden at mount time */
789                         vol->source_rfc1001_name[i] = toupper(nodename[i]);
790                 }
791         }
792         vol->source_rfc1001_name[15] = 0;
793         /* null target name indicates to use *SMBSERVR default called name
794            if we end up sending RFC1001 session initialize */
795         vol->target_rfc1001_name[0] = 0;
796         vol->linux_uid = current->uid;  /* current->euid instead? */
797         vol->linux_gid = current->gid;
798         vol->dir_mode = S_IRWXUGO;
799         /* 2767 perms indicate mandatory locking support */
800         vol->file_mode = S_IALLUGO & ~(S_ISUID | S_IXGRP);
801
802         /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
803         vol->rw = TRUE;
804         /* default is always to request posix paths. */
805         vol->posix_paths = 1;
806
807         if (!options)
808                 return 1;
809
810         if (strncmp(options, "sep=", 4) == 0) {
811                 if (options[4] != 0) {
812                         separator[0] = options[4];
813                         options += 5;
814                 } else {
815                         cFYI(1, ("Null separator not allowed"));
816                 }
817         }
818
819         while ((data = strsep(&options, separator)) != NULL) {
820                 if (!*data)
821                         continue;
822                 if ((value = strchr(data, '=')) != NULL)
823                         *value++ = '\0';
824
825                 /* Have to parse this before we parse for "user" */
826                 if (strnicmp(data, "user_xattr", 10) == 0) {
827                         vol->no_xattr = 0;
828                 } else if (strnicmp(data, "nouser_xattr", 12) == 0) {
829                         vol->no_xattr = 1;
830                 } else if (strnicmp(data, "user", 4) == 0) {
831                         if (!value) {
832                                 printk(KERN_WARNING
833                                        "CIFS: invalid or missing username\n");
834                                 return 1;       /* needs_arg; */
835                         } else if (!*value) {
836                                 /* null user, ie anonymous, authentication */
837                                 vol->nullauth = 1;
838                         }
839                         if (strnlen(value, 200) < 200) {
840                                 vol->username = value;
841                         } else {
842                                 printk(KERN_WARNING "CIFS: username too long\n");
843                                 return 1;
844                         }
845                 } else if (strnicmp(data, "pass", 4) == 0) {
846                         if (!value) {
847                                 vol->password = NULL;
848                                 continue;
849                         } else if (value[0] == 0) {
850                                 /* check if string begins with double comma
851                                    since that would mean the password really
852                                    does start with a comma, and would not
853                                    indicate an empty string */
854                                 if (value[1] != separator[0]) {
855                                         vol->password = NULL;
856                                         continue;
857                                 }
858                         }
859                         temp_len = strlen(value);
860                         /* removed password length check, NTLM passwords
861                                 can be arbitrarily long */
862
863                         /* if comma in password, the string will be
864                         prematurely null terminated.  Commas in password are
865                         specified across the cifs mount interface by a double
866                         comma ie ,, and a comma used as in other cases ie ','
867                         as a parameter delimiter/separator is single and due
868                         to the strsep above is temporarily zeroed. */
869
870                         /* NB: password legally can have multiple commas and
871                         the only illegal character in a password is null */
872
873                         if ((value[temp_len] == 0) &&
874                             (value[temp_len+1] == separator[0])) {
875                                 /* reinsert comma */
876                                 value[temp_len] = separator[0];
877                                 temp_len += 2;  /* move after second comma */
878                                 while (value[temp_len] != 0)  {
879                                         if (value[temp_len] == separator[0]) {
880                                                 if (value[temp_len+1] ==
881                                                      separator[0]) {
882                                                 /* skip second comma */
883                                                         temp_len++;
884                                                 } else {
885                                                 /* single comma indicating start
886                                                          of next parm */
887                                                         break;
888                                                 }
889                                         }
890                                         temp_len++;
891                                 }
892                                 if (value[temp_len] == 0) {
893                                         options = NULL;
894                                 } else {
895                                         value[temp_len] = 0;
896                                         /* point option to start of next parm */
897                                         options = value + temp_len + 1;
898                                 }
899                                 /* go from value to value + temp_len condensing
900                                 double commas to singles. Note that this ends up
901                                 allocating a few bytes too many, which is ok */
902                                 vol->password = kzalloc(temp_len, GFP_KERNEL);
903                                 if (vol->password == NULL) {
904                                         printk(KERN_WARNING "CIFS: no memory "
905                                                             "for password\n");
906                                         return 1;
907                                 }
908                                 for (i = 0, j = 0; i < temp_len; i++, j++) {
909                                         vol->password[j] = value[i];
910                                         if (value[i] == separator[0]
911                                                 && value[i+1] == separator[0]) {
912                                                 /* skip second comma */
913                                                 i++;
914                                         }
915                                 }
916                                 vol->password[j] = 0;
917                         } else {
918                                 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
919                                 if (vol->password == NULL) {
920                                         printk(KERN_WARNING "CIFS: no memory "
921                                                             "for password\n");
922                                         return 1;
923                                 }
924                                 strcpy(vol->password, value);
925                         }
926                 } else if (strnicmp(data, "ip", 2) == 0) {
927                         if (!value || !*value) {
928                                 vol->UNCip = NULL;
929                         } else if (strnlen(value, 35) < 35) {
930                                 vol->UNCip = value;
931                         } else {
932                                 printk(KERN_WARNING "CIFS: ip address "
933                                                     "too long\n");
934                                 return 1;
935                         }
936                 } else if (strnicmp(data, "sec", 3) == 0) {
937                         if (!value || !*value) {
938                                 cERROR(1, ("no security value specified"));
939                                 continue;
940                         } else if (strnicmp(value, "krb5i", 5) == 0) {
941                                 vol->secFlg |= CIFSSEC_MAY_KRB5 |
942                                         CIFSSEC_MUST_SIGN;
943                         } else if (strnicmp(value, "krb5p", 5) == 0) {
944                                 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
945                                         CIFSSEC_MAY_KRB5; */
946                                 cERROR(1, ("Krb5 cifs privacy not supported"));
947                                 return 1;
948                         } else if (strnicmp(value, "krb5", 4) == 0) {
949                                 vol->secFlg |= CIFSSEC_MAY_KRB5;
950                         } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
951                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
952                                         CIFSSEC_MUST_SIGN;
953                         } else if (strnicmp(value, "ntlmv2", 6) == 0) {
954                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
955                         } else if (strnicmp(value, "ntlmi", 5) == 0) {
956                                 vol->secFlg |= CIFSSEC_MAY_NTLM |
957                                         CIFSSEC_MUST_SIGN;
958                         } else if (strnicmp(value, "ntlm", 4) == 0) {
959                                 /* ntlm is default so can be turned off too */
960                                 vol->secFlg |= CIFSSEC_MAY_NTLM;
961                         } else if (strnicmp(value, "nontlm", 6) == 0) {
962                                 /* BB is there a better way to do this? */
963                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
964 #ifdef CONFIG_CIFS_WEAK_PW_HASH
965                         } else if (strnicmp(value, "lanman", 6) == 0) {
966                                 vol->secFlg |= CIFSSEC_MAY_LANMAN;
967 #endif
968                         } else if (strnicmp(value, "none", 4) == 0) {
969                                 vol->nullauth = 1;
970                         } else {
971                                 cERROR(1, ("bad security option: %s", value));
972                                 return 1;
973                         }
974                 } else if ((strnicmp(data, "unc", 3) == 0)
975                            || (strnicmp(data, "target", 6) == 0)
976                            || (strnicmp(data, "path", 4) == 0)) {
977                         if (!value || !*value) {
978                                 printk(KERN_WARNING "CIFS: invalid path to "
979                                                     "network resource\n");
980                                 return 1;       /* needs_arg; */
981                         }
982                         if ((temp_len = strnlen(value, 300)) < 300) {
983                                 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
984                                 if (vol->UNC == NULL)
985                                         return 1;
986                                 strcpy(vol->UNC, value);
987                                 if (strncmp(vol->UNC, "//", 2) == 0) {
988                                         vol->UNC[0] = '\\';
989                                         vol->UNC[1] = '\\';
990                                 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
991                                         printk(KERN_WARNING
992                                                "CIFS: UNC Path does not begin "
993                                                "with // or \\\\ \n");
994                                         return 1;
995                                 }
996                         } else {
997                                 printk(KERN_WARNING "CIFS: UNC name too long\n");
998                                 return 1;
999                         }
1000                 } else if ((strnicmp(data, "domain", 3) == 0)
1001                            || (strnicmp(data, "workgroup", 5) == 0)) {
1002                         if (!value || !*value) {
1003                                 printk(KERN_WARNING "CIFS: invalid domain name\n");
1004                                 return 1;       /* needs_arg; */
1005                         }
1006                         /* BB are there cases in which a comma can be valid in
1007                         a domain name and need special handling? */
1008                         if (strnlen(value, 256) < 256) {
1009                                 vol->domainname = value;
1010                                 cFYI(1, ("Domain name set"));
1011                         } else {
1012                                 printk(KERN_WARNING "CIFS: domain name too "
1013                                                     "long\n");
1014                                 return 1;
1015                         }
1016                 } else if (strnicmp(data, "prefixpath", 10) == 0) {
1017                         if (!value || !*value) {
1018                                 printk(KERN_WARNING
1019                                         "CIFS: invalid path prefix\n");
1020                                 return 1;       /* needs_argument */
1021                         }
1022                         if ((temp_len = strnlen(value, 1024)) < 1024) {
1023                                 if (value[0] != '/')
1024                                         temp_len++;  /* missing leading slash */
1025                                 vol->prepath = kmalloc(temp_len+1, GFP_KERNEL);
1026                                 if (vol->prepath == NULL)
1027                                         return 1;
1028                                 if (value[0] != '/') {
1029                                         vol->prepath[0] = '/';
1030                                         strcpy(vol->prepath+1, value);
1031                                 } else
1032                                         strcpy(vol->prepath, value);
1033                                 cFYI(1, ("prefix path %s", vol->prepath));
1034                         } else {
1035                                 printk(KERN_WARNING "CIFS: prefix too long\n");
1036                                 return 1;
1037                         }
1038                 } else if (strnicmp(data, "iocharset", 9) == 0) {
1039                         if (!value || !*value) {
1040                                 printk(KERN_WARNING "CIFS: invalid iocharset "
1041                                                     "specified\n");
1042                                 return 1;       /* needs_arg; */
1043                         }
1044                         if (strnlen(value, 65) < 65) {
1045                                 if (strnicmp(value, "default", 7))
1046                                         vol->iocharset = value;
1047                                 /* if iocharset not set then load_nls_default
1048                                    is used by caller */
1049                                 cFYI(1, ("iocharset set to %s", value));
1050                         } else {
1051                                 printk(KERN_WARNING "CIFS: iocharset name "
1052                                                     "too long.\n");
1053                                 return 1;
1054                         }
1055                 } else if (strnicmp(data, "uid", 3) == 0) {
1056                         if (value && *value) {
1057                                 vol->linux_uid =
1058                                         simple_strtoul(value, &value, 0);
1059                                 vol->override_uid = 1;
1060                         }
1061                 } else if (strnicmp(data, "gid", 3) == 0) {
1062                         if (value && *value) {
1063                                 vol->linux_gid =
1064                                         simple_strtoul(value, &value, 0);
1065                                 vol->override_gid = 1;
1066                         }
1067                 } else if (strnicmp(data, "file_mode", 4) == 0) {
1068                         if (value && *value) {
1069                                 vol->file_mode =
1070                                         simple_strtoul(value, &value, 0);
1071                         }
1072                 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1073                         if (value && *value) {
1074                                 vol->dir_mode =
1075                                         simple_strtoul(value, &value, 0);
1076                         }
1077                 } else if (strnicmp(data, "dirmode", 4) == 0) {
1078                         if (value && *value) {
1079                                 vol->dir_mode =
1080                                         simple_strtoul(value, &value, 0);
1081                         }
1082                 } else if (strnicmp(data, "port", 4) == 0) {
1083                         if (value && *value) {
1084                                 vol->port =
1085                                         simple_strtoul(value, &value, 0);
1086                         }
1087                 } else if (strnicmp(data, "rsize", 5) == 0) {
1088                         if (value && *value) {
1089                                 vol->rsize =
1090                                         simple_strtoul(value, &value, 0);
1091                         }
1092                 } else if (strnicmp(data, "wsize", 5) == 0) {
1093                         if (value && *value) {
1094                                 vol->wsize =
1095                                         simple_strtoul(value, &value, 0);
1096                         }
1097                 } else if (strnicmp(data, "sockopt", 5) == 0) {
1098                         if (value && *value) {
1099                                 vol->sockopt =
1100                                         simple_strtoul(value, &value, 0);
1101                         }
1102                 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1103                         if (!value || !*value || (*value == ' ')) {
1104                                 cFYI(1, ("invalid (empty) netbiosname"));
1105                         } else {
1106                                 memset(vol->source_rfc1001_name, 0x20, 15);
1107                                 for (i = 0; i < 15; i++) {
1108                                 /* BB are there cases in which a comma can be
1109                                 valid in this workstation netbios name (and need
1110                                 special handling)? */
1111
1112                                 /* We do not uppercase netbiosname for user */
1113                                         if (value[i] == 0)
1114                                                 break;
1115                                         else
1116                                                 vol->source_rfc1001_name[i] =
1117                                                                 value[i];
1118                                 }
1119                                 /* The string has 16th byte zero still from
1120                                 set at top of the function  */
1121                                 if ((i == 15) && (value[i] != 0))
1122                                         printk(KERN_WARNING "CIFS: netbiosname"
1123                                                 " longer than 15 truncated.\n");
1124                         }
1125                 } else if (strnicmp(data, "servern", 7) == 0) {
1126                         /* servernetbiosname specified override *SMBSERVER */
1127                         if (!value || !*value || (*value == ' ')) {
1128                                 cFYI(1, ("empty server netbiosname specified"));
1129                         } else {
1130                                 /* last byte, type, is 0x20 for servr type */
1131                                 memset(vol->target_rfc1001_name, 0x20, 16);
1132
1133                                 for (i = 0; i < 15; i++) {
1134                                 /* BB are there cases in which a comma can be
1135                                    valid in this workstation netbios name
1136                                    (and need special handling)? */
1137
1138                                 /* user or mount helper must uppercase
1139                                    the netbiosname */
1140                                         if (value[i] == 0)
1141                                                 break;
1142                                         else
1143                                                 vol->target_rfc1001_name[i] =
1144                                                                 value[i];
1145                                 }
1146                                 /* The string has 16th byte zero still from
1147                                    set at top of the function  */
1148                                 if ((i == 15) && (value[i] != 0))
1149                                         printk(KERN_WARNING "CIFS: server net"
1150                                         "biosname longer than 15 truncated.\n");
1151                         }
1152                 } else if (strnicmp(data, "credentials", 4) == 0) {
1153                         /* ignore */
1154                 } else if (strnicmp(data, "version", 3) == 0) {
1155                         /* ignore */
1156                 } else if (strnicmp(data, "guest", 5) == 0) {
1157                         /* ignore */
1158                 } else if (strnicmp(data, "rw", 2) == 0) {
1159                         vol->rw = TRUE;
1160                 } else if ((strnicmp(data, "suid", 4) == 0) ||
1161                                    (strnicmp(data, "nosuid", 6) == 0) ||
1162                                    (strnicmp(data, "exec", 4) == 0) ||
1163                                    (strnicmp(data, "noexec", 6) == 0) ||
1164                                    (strnicmp(data, "nodev", 5) == 0) ||
1165                                    (strnicmp(data, "noauto", 6) == 0) ||
1166                                    (strnicmp(data, "dev", 3) == 0)) {
1167                         /*  The mount tool or mount.cifs helper (if present)
1168                             uses these opts to set flags, and the flags are read
1169                             by the kernel vfs layer before we get here (ie
1170                             before read super) so there is no point trying to
1171                             parse these options again and set anything and it
1172                             is ok to just ignore them */
1173                         continue;
1174                 } else if (strnicmp(data, "ro", 2) == 0) {
1175                         vol->rw = FALSE;
1176                 } else if (strnicmp(data, "hard", 4) == 0) {
1177                         vol->retry = 1;
1178                 } else if (strnicmp(data, "soft", 4) == 0) {
1179                         vol->retry = 0;
1180                 } else if (strnicmp(data, "perm", 4) == 0) {
1181                         vol->noperm = 0;
1182                 } else if (strnicmp(data, "noperm", 6) == 0) {
1183                         vol->noperm = 1;
1184                 } else if (strnicmp(data, "mapchars", 8) == 0) {
1185                         vol->remap = 1;
1186                 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1187                         vol->remap = 0;
1188                 } else if (strnicmp(data, "sfu", 3) == 0) {
1189                         vol->sfu_emul = 1;
1190                 } else if (strnicmp(data, "nosfu", 5) == 0) {
1191                         vol->sfu_emul = 0;
1192                 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1193                         vol->posix_paths = 1;
1194                 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1195                         vol->posix_paths = 0;
1196                 } else if (strnicmp(data, "nounix", 6) == 0) {
1197                         vol->no_linux_ext = 1;
1198                 } else if (strnicmp(data, "nolinux", 7) == 0) {
1199                         vol->no_linux_ext = 1;
1200                 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1201                            (strnicmp(data, "ignorecase", 10)  == 0)) {
1202                         vol->nocase = 1;
1203                 } else if (strnicmp(data, "brl", 3) == 0) {
1204                         vol->nobrl =  0;
1205                 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1206                            (strnicmp(data, "nolock", 6) == 0)) {
1207                         vol->nobrl =  1;
1208                         /* turn off mandatory locking in mode
1209                         if remote locking is turned off since the
1210                         local vfs will do advisory */
1211                         if (vol->file_mode ==
1212                                 (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1213                                 vol->file_mode = S_IALLUGO;
1214                 } else if (strnicmp(data, "setuids", 7) == 0) {
1215                         vol->setuids = 1;
1216                 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1217                         vol->setuids = 0;
1218                 } else if (strnicmp(data, "nohard", 6) == 0) {
1219                         vol->retry = 0;
1220                 } else if (strnicmp(data, "nosoft", 6) == 0) {
1221                         vol->retry = 1;
1222                 } else if (strnicmp(data, "nointr", 6) == 0) {
1223                         vol->intr = 0;
1224                 } else if (strnicmp(data, "intr", 4) == 0) {
1225                         vol->intr = 1;
1226                 } else if (strnicmp(data, "serverino", 7) == 0) {
1227                         vol->server_ino = 1;
1228                 } else if (strnicmp(data, "noserverino", 9) == 0) {
1229                         vol->server_ino = 0;
1230                 } else if (strnicmp(data, "cifsacl", 7) == 0) {
1231                         vol->cifs_acl = 1;
1232                 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1233                         vol->cifs_acl = 0;
1234                 } else if (strnicmp(data, "acl", 3) == 0) {
1235                         vol->no_psx_acl = 0;
1236                 } else if (strnicmp(data, "noacl", 5) == 0) {
1237                         vol->no_psx_acl = 1;
1238                 } else if (strnicmp(data, "sign", 4) == 0) {
1239                         vol->secFlg |= CIFSSEC_MUST_SIGN;
1240 /*              } else if (strnicmp(data, "seal",4) == 0) {
1241                         vol->secFlg |= CIFSSEC_MUST_SEAL; */
1242                 } else if (strnicmp(data, "direct", 6) == 0) {
1243                         vol->direct_io = 1;
1244                 } else if (strnicmp(data, "forcedirectio", 13) == 0) {
1245                         vol->direct_io = 1;
1246                 } else if (strnicmp(data, "in6_addr", 8) == 0) {
1247                         if (!value || !*value) {
1248                                 vol->in6_addr = NULL;
1249                         } else if (strnlen(value, 49) == 48) {
1250                                 vol->in6_addr = value;
1251                         } else {
1252                                 printk(KERN_WARNING "CIFS: ip v6 address not "
1253                                                     "48 characters long\n");
1254                                 return 1;
1255                         }
1256                 } else if (strnicmp(data, "noac", 4) == 0) {
1257                         printk(KERN_WARNING "CIFS: Mount option noac not "
1258                                 "supported. Instead set "
1259                                 "/proc/fs/cifs/LookupCacheEnabled to 0\n");
1260                 } else
1261                         printk(KERN_WARNING "CIFS: Unknown mount option %s\n",
1262                                                 data);
1263         }
1264         if (vol->UNC == NULL) {
1265                 if (devname == NULL) {
1266                         printk(KERN_WARNING "CIFS: Missing UNC name for mount "
1267                                                 "target\n");
1268                         return 1;
1269                 }
1270                 if ((temp_len = strnlen(devname, 300)) < 300) {
1271                         vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1272                         if (vol->UNC == NULL)
1273                                 return 1;
1274                         strcpy(vol->UNC, devname);
1275                         if (strncmp(vol->UNC, "//", 2) == 0) {
1276                                 vol->UNC[0] = '\\';
1277                                 vol->UNC[1] = '\\';
1278                         } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1279                                 printk(KERN_WARNING "CIFS: UNC Path does not "
1280                                                     "begin with // or \\\\ \n");
1281                                 return 1;
1282                         }
1283                 } else {
1284                         printk(KERN_WARNING "CIFS: UNC name too long\n");
1285                         return 1;
1286                 }
1287         }
1288         if (vol->UNCip == NULL)
1289                 vol->UNCip = &vol->UNC[2];
1290
1291         return 0;
1292 }
1293
1294 static struct cifsSesInfo *
1295 cifs_find_tcp_session(struct in_addr *target_ip_addr,
1296                 struct in6_addr *target_ip6_addr,
1297                  char *userName, struct TCP_Server_Info **psrvTcp)
1298 {
1299         struct list_head *tmp;
1300         struct cifsSesInfo *ses;
1301         *psrvTcp = NULL;
1302         read_lock(&GlobalSMBSeslock);
1303
1304         list_for_each(tmp, &GlobalSMBSessionList) {
1305                 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
1306                 if (ses->server) {
1307                         if ((target_ip_addr &&
1308                                 (ses->server->addr.sockAddr.sin_addr.s_addr
1309                                   == target_ip_addr->s_addr)) || (target_ip6_addr
1310                                 && memcmp(&ses->server->addr.sockAddr6.sin6_addr,
1311                                         target_ip6_addr, sizeof(*target_ip6_addr)))) {
1312                                 /* BB lock server and tcp session and increment
1313                                       use count here?? */
1314
1315                                 /* found a match on the TCP session */
1316                                 *psrvTcp = ses->server;
1317
1318                                 /* BB check if reconnection needed */
1319                                 if (strncmp
1320                                     (ses->userName, userName,
1321                                      MAX_USERNAME_SIZE) == 0){
1322                                         read_unlock(&GlobalSMBSeslock);
1323                                         /* Found exact match on both TCP and
1324                                            SMB sessions */
1325                                         return ses;
1326                                 }
1327                         }
1328                 }
1329                 /* else tcp and smb sessions need reconnection */
1330         }
1331         read_unlock(&GlobalSMBSeslock);
1332         return NULL;
1333 }
1334
1335 static struct cifsTconInfo *
1336 find_unc(__be32 new_target_ip_addr, char *uncName, char *userName)
1337 {
1338         struct list_head *tmp;
1339         struct cifsTconInfo *tcon;
1340
1341         read_lock(&GlobalSMBSeslock);
1342         list_for_each(tmp, &GlobalTreeConnectionList) {
1343                 cFYI(1, ("Next tcon"));
1344                 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
1345                 if (tcon->ses) {
1346                         if (tcon->ses->server) {
1347                                 cFYI(1,
1348                                      ("old ip addr: %x == new ip %x ?",
1349                                       tcon->ses->server->addr.sockAddr.sin_addr.
1350                                       s_addr, new_target_ip_addr));
1351                                 if (tcon->ses->server->addr.sockAddr.sin_addr.
1352                                     s_addr == new_target_ip_addr) {
1353         /* BB lock tcon, server and tcp session and increment use count here? */
1354                                         /* found a match on the TCP session */
1355                                         /* BB check if reconnection needed */
1356                                         cFYI(1,
1357                                               ("IP match, old UNC: %s new: %s",
1358                                               tcon->treeName, uncName));
1359                                         if (strncmp
1360                                             (tcon->treeName, uncName,
1361                                              MAX_TREE_SIZE) == 0) {
1362                                                 cFYI(1,
1363                                                      ("and old usr: %s new: %s",
1364                                                       tcon->treeName, uncName));
1365                                                 if (strncmp
1366                                                     (tcon->ses->userName,
1367                                                      userName,
1368                                                      MAX_USERNAME_SIZE) == 0) {
1369                                                         read_unlock(&GlobalSMBSeslock);
1370                                                         /* matched smb session
1371                                                         (user name */
1372                                                         return tcon;
1373                                                 }
1374                                         }
1375                                 }
1376                         }
1377                 }
1378         }
1379         read_unlock(&GlobalSMBSeslock);
1380         return NULL;
1381 }
1382
1383 int
1384 connect_to_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
1385                     const char *old_path, const struct nls_table *nls_codepage,
1386                     int remap)
1387 {
1388         unsigned char *referrals = NULL;
1389         unsigned int num_referrals;
1390         int rc = 0;
1391
1392         rc = get_dfs_path(xid, pSesInfo, old_path, nls_codepage,
1393                         &num_referrals, &referrals, remap);
1394
1395         /* BB Add in code to: if valid refrl, if not ip address contact
1396                 the helper that resolves tcp names, mount to it, try to
1397                 tcon to it unmount it if fail */
1398
1399         kfree(referrals);
1400
1401         return rc;
1402 }
1403
1404 int
1405 get_dfs_path(int xid, struct cifsSesInfo *pSesInfo, const char *old_path,
1406              const struct nls_table *nls_codepage, unsigned int *pnum_referrals,
1407              unsigned char **preferrals, int remap)
1408 {
1409         char *temp_unc;
1410         int rc = 0;
1411
1412         *pnum_referrals = 0;
1413
1414         if (pSesInfo->ipc_tid == 0) {
1415                 temp_unc = kmalloc(2 /* for slashes */ +
1416                         strnlen(pSesInfo->serverName,
1417                                 SERVER_NAME_LEN_WITH_NULL * 2)
1418                                  + 1 + 4 /* slash IPC$ */  + 2,
1419                                 GFP_KERNEL);
1420                 if (temp_unc == NULL)
1421                         return -ENOMEM;
1422                 temp_unc[0] = '\\';
1423                 temp_unc[1] = '\\';
1424                 strcpy(temp_unc + 2, pSesInfo->serverName);
1425                 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
1426                 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
1427                 cFYI(1,
1428                      ("CIFS Tcon rc = %d ipc_tid = %d", rc, pSesInfo->ipc_tid));
1429                 kfree(temp_unc);
1430         }
1431         if (rc == 0)
1432                 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
1433                                      pnum_referrals, nls_codepage, remap);
1434
1435         return rc;
1436 }
1437
1438 /* See RFC1001 section 14 on representation of Netbios names */
1439 static void rfc1002mangle(char *target, char *source, unsigned int length)
1440 {
1441         unsigned int i, j;
1442
1443         for (i = 0, j = 0; i < (length); i++) {
1444                 /* mask a nibble at a time and encode */
1445                 target[j] = 'A' + (0x0F & (source[i] >> 4));
1446                 target[j+1] = 'A' + (0x0F & source[i]);
1447                 j += 2;
1448         }
1449
1450 }
1451
1452
1453 static int
1454 ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket,
1455              char *netbios_name, char *target_name)
1456 {
1457         int rc = 0;
1458         int connected = 0;
1459         __be16 orig_port = 0;
1460
1461         if (*csocket == NULL) {
1462                 rc = sock_create_kern(PF_INET, SOCK_STREAM,
1463                                       IPPROTO_TCP, csocket);
1464                 if (rc < 0) {
1465                         cERROR(1, ("Error %d creating socket", rc));
1466                         *csocket = NULL;
1467                         return rc;
1468                 } else {
1469                 /* BB other socket options to set KEEPALIVE, NODELAY? */
1470                         cFYI(1, ("Socket created"));
1471                         (*csocket)->sk->sk_allocation = GFP_NOFS;
1472                 }
1473         }
1474
1475         psin_server->sin_family = AF_INET;
1476         if (psin_server->sin_port) { /* user overrode default port */
1477                 rc = (*csocket)->ops->connect(*csocket,
1478                                 (struct sockaddr *) psin_server,
1479                                 sizeof (struct sockaddr_in), 0);
1480                 if (rc >= 0)
1481                         connected = 1;
1482         }
1483
1484         if (!connected) {
1485                 /* save original port so we can retry user specified port
1486                         later if fall back ports fail this time  */
1487                 orig_port = psin_server->sin_port;
1488
1489                 /* do not retry on the same port we just failed on */
1490                 if (psin_server->sin_port != htons(CIFS_PORT)) {
1491                         psin_server->sin_port = htons(CIFS_PORT);
1492
1493                         rc = (*csocket)->ops->connect(*csocket,
1494                                         (struct sockaddr *) psin_server,
1495                                         sizeof (struct sockaddr_in), 0);
1496                         if (rc >= 0)
1497                                 connected = 1;
1498                 }
1499         }
1500         if (!connected) {
1501                 psin_server->sin_port = htons(RFC1001_PORT);
1502                 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1503                                               psin_server,
1504                                               sizeof (struct sockaddr_in), 0);
1505                 if (rc >= 0)
1506                         connected = 1;
1507         }
1508
1509         /* give up here - unless we want to retry on different
1510                 protocol families some day */
1511         if (!connected) {
1512                 if (orig_port)
1513                         psin_server->sin_port = orig_port;
1514                 cFYI(1, ("Error %d connecting to server via ipv4", rc));
1515                 sock_release(*csocket);
1516                 *csocket = NULL;
1517                 return rc;
1518         }
1519         /* Eventually check for other socket options to change from
1520                 the default. sock_setsockopt not used because it expects
1521                 user space buffer */
1522          cFYI(1, ("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",
1523                  (*csocket)->sk->sk_sndbuf,
1524                  (*csocket)->sk->sk_rcvbuf, (*csocket)->sk->sk_rcvtimeo));
1525         (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1526         /* make the bufsizes depend on wsize/rsize and max requests */
1527         if ((*csocket)->sk->sk_sndbuf < (200 * 1024))
1528                 (*csocket)->sk->sk_sndbuf = 200 * 1024;
1529         if ((*csocket)->sk->sk_rcvbuf < (140 * 1024))
1530                 (*csocket)->sk->sk_rcvbuf = 140 * 1024;
1531
1532         /* send RFC1001 sessinit */
1533         if (psin_server->sin_port == htons(RFC1001_PORT)) {
1534                 /* some servers require RFC1001 sessinit before sending
1535                 negprot - BB check reconnection in case where second
1536                 sessinit is sent but no second negprot */
1537                 struct rfc1002_session_packet *ses_init_buf;
1538                 struct smb_hdr *smb_buf;
1539                 ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet),
1540                                        GFP_KERNEL);
1541                 if (ses_init_buf) {
1542                         ses_init_buf->trailer.session_req.called_len = 32;
1543                         if (target_name && (target_name[0] != 0)) {
1544                                 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1545                                         target_name, 16);
1546                         } else {
1547                                 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1548                                         DEFAULT_CIFS_CALLED_NAME, 16);
1549                         }
1550
1551                         ses_init_buf->trailer.session_req.calling_len = 32;
1552                         /* calling name ends in null (byte 16) from old smb
1553                         convention. */
1554                         if (netbios_name && (netbios_name[0] != 0)) {
1555                                 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1556                                         netbios_name, 16);
1557                         } else {
1558                                 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1559                                         "LINUX_CIFS_CLNT", 16);
1560                         }
1561                         ses_init_buf->trailer.session_req.scope1 = 0;
1562                         ses_init_buf->trailer.session_req.scope2 = 0;
1563                         smb_buf = (struct smb_hdr *)ses_init_buf;
1564                         /* sizeof RFC1002_SESSION_REQUEST with no scope */
1565                         smb_buf->smb_buf_length = 0x81000044;
1566                         rc = smb_send(*csocket, smb_buf, 0x44,
1567                                 (struct sockaddr *)psin_server);
1568                         kfree(ses_init_buf);
1569                         msleep(1); /* RFC1001 layer in at least one server
1570                                       requires very short break before negprot
1571                                       presumably because not expecting negprot
1572                                       to follow so fast.  This is a simple
1573                                       solution that works without
1574                                       complicating the code and causes no
1575                                       significant slowing down on mount
1576                                       for everyone else */
1577                 }
1578                 /* else the negprot may still work without this
1579                 even though malloc failed */
1580
1581         }
1582
1583         return rc;
1584 }
1585
1586 static int
1587 ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket)
1588 {
1589         int rc = 0;
1590         int connected = 0;
1591         __be16 orig_port = 0;
1592
1593         if (*csocket == NULL) {
1594                 rc = sock_create_kern(PF_INET6, SOCK_STREAM,
1595                                       IPPROTO_TCP, csocket);
1596                 if (rc < 0) {
1597                         cERROR(1, ("Error %d creating ipv6 socket", rc));
1598                         *csocket = NULL;
1599                         return rc;
1600                 } else {
1601                 /* BB other socket options to set KEEPALIVE, NODELAY? */
1602                          cFYI(1, ("ipv6 Socket created"));
1603                         (*csocket)->sk->sk_allocation = GFP_NOFS;
1604                 }
1605         }
1606
1607         psin_server->sin6_family = AF_INET6;
1608
1609         if (psin_server->sin6_port) { /* user overrode default port */
1610                 rc = (*csocket)->ops->connect(*csocket,
1611                                 (struct sockaddr *) psin_server,
1612                                 sizeof (struct sockaddr_in6), 0);
1613                 if (rc >= 0)
1614                         connected = 1;
1615         }
1616
1617         if (!connected) {
1618                 /* save original port so we can retry user specified port
1619                         later if fall back ports fail this time  */
1620
1621                 orig_port = psin_server->sin6_port;
1622                 /* do not retry on the same port we just failed on */
1623                 if (psin_server->sin6_port != htons(CIFS_PORT)) {
1624                         psin_server->sin6_port = htons(CIFS_PORT);
1625
1626                         rc = (*csocket)->ops->connect(*csocket,
1627                                         (struct sockaddr *) psin_server,
1628                                         sizeof (struct sockaddr_in6), 0);
1629                         if (rc >= 0)
1630                                 connected = 1;
1631                 }
1632         }
1633         if (!connected) {
1634                 psin_server->sin6_port = htons(RFC1001_PORT);
1635                 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1636                                  psin_server, sizeof (struct sockaddr_in6), 0);
1637                 if (rc >= 0)
1638                         connected = 1;
1639         }
1640
1641         /* give up here - unless we want to retry on different
1642                 protocol families some day */
1643         if (!connected) {
1644                 if (orig_port)
1645                         psin_server->sin6_port = orig_port;
1646                 cFYI(1, ("Error %d connecting to server via ipv6", rc));
1647                 sock_release(*csocket);
1648                 *csocket = NULL;
1649                 return rc;
1650         }
1651         /* Eventually check for other socket options to change from
1652                 the default. sock_setsockopt not used because it expects
1653                 user space buffer */
1654         (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1655
1656         return rc;
1657 }
1658
1659 void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon,
1660                           struct super_block *sb, struct smb_vol *vol_info)
1661 {
1662         /* if we are reconnecting then should we check to see if
1663          * any requested capabilities changed locally e.g. via
1664          * remount but we can not do much about it here
1665          * if they have (even if we could detect it by the following)
1666          * Perhaps we could add a backpointer to array of sb from tcon
1667          * or if we change to make all sb to same share the same
1668          * sb as NFS - then we only have one backpointer to sb.
1669          * What if we wanted to mount the server share twice once with
1670          * and once without posixacls or posix paths? */
1671         __u64 saved_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
1672
1673         if (vol_info && vol_info->no_linux_ext) {
1674                 tcon->fsUnixInfo.Capability = 0;
1675                 tcon->unix_ext = 0; /* Unix Extensions disabled */
1676                 cFYI(1, ("Linux protocol extensions disabled"));
1677                 return;
1678         } else if (vol_info)
1679                 tcon->unix_ext = 1; /* Unix Extensions supported */
1680
1681         if (tcon->unix_ext == 0) {
1682                 cFYI(1, ("Unix extensions disabled so not set on reconnect"));
1683                 return;
1684         }
1685
1686         if (!CIFSSMBQFSUnixInfo(xid, tcon)) {
1687                 __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
1688
1689                 /* check for reconnect case in which we do not
1690                    want to change the mount behavior if we can avoid it */
1691                 if (vol_info == NULL) {
1692                         /* turn off POSIX ACL and PATHNAMES if not set
1693                            originally at mount time */
1694                         if ((saved_cap & CIFS_UNIX_POSIX_ACL_CAP) == 0)
1695                                 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
1696                         if ((saved_cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0)
1697                                 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
1698                 }
1699
1700                 cap &= CIFS_UNIX_CAP_MASK;
1701                 if (vol_info && vol_info->no_psx_acl)
1702                         cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
1703                 else if (CIFS_UNIX_POSIX_ACL_CAP & cap) {
1704                         cFYI(1, ("negotiated posix acl support"));
1705                         if (sb)
1706                                 sb->s_flags |= MS_POSIXACL;
1707                 }
1708
1709                 if (vol_info && vol_info->posix_paths == 0)
1710                         cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
1711                 else if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
1712                         cFYI(1, ("negotiate posix pathnames"));
1713                         if (sb)
1714                                 CIFS_SB(sb)->mnt_cifs_flags |=
1715                                         CIFS_MOUNT_POSIX_PATHS;
1716                 }
1717
1718                 /* We might be setting the path sep back to a different
1719                 form if we are reconnecting and the server switched its
1720                 posix path capability for this share */
1721                 if (sb && (CIFS_SB(sb)->prepathlen > 0))
1722                         CIFS_SB(sb)->prepath[0] = CIFS_DIR_SEP(CIFS_SB(sb));
1723
1724                 if (sb && (CIFS_SB(sb)->rsize > 127 * 1024)) {
1725                         if ((cap & CIFS_UNIX_LARGE_READ_CAP) == 0) {
1726                                 CIFS_SB(sb)->rsize = 127 * 1024;
1727 #ifdef CONFIG_CIFS_DEBUG2
1728                                 cFYI(1, ("larger reads not supported by srv"));
1729 #endif
1730                         }
1731                 }
1732
1733
1734                 cFYI(1, ("Negotiate caps 0x%x", (int)cap));
1735 #ifdef CONFIG_CIFS_DEBUG2
1736                 if (cap & CIFS_UNIX_FCNTL_CAP)
1737                         cFYI(1, ("FCNTL cap"));
1738                 if (cap & CIFS_UNIX_EXTATTR_CAP)
1739                         cFYI(1, ("EXTATTR cap"));
1740                 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
1741                         cFYI(1, ("POSIX path cap"));
1742                 if (cap & CIFS_UNIX_XATTR_CAP)
1743                         cFYI(1, ("XATTR cap"));
1744                 if (cap & CIFS_UNIX_POSIX_ACL_CAP)
1745                         cFYI(1, ("POSIX ACL cap"));
1746                 if (cap & CIFS_UNIX_LARGE_READ_CAP)
1747                         cFYI(1, ("very large read cap"));
1748                 if (cap & CIFS_UNIX_LARGE_WRITE_CAP)
1749                         cFYI(1, ("very large write cap"));
1750 #endif /* CIFS_DEBUG2 */
1751                 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
1752                         cFYI(1, ("setting capabilities failed"));
1753                 }
1754         }
1755 }
1756
1757 int
1758 cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
1759            char *mount_data, const char *devname)
1760 {
1761         int rc = 0;
1762         int xid;
1763         int address_type = AF_INET;
1764         struct socket *csocket = NULL;
1765         struct sockaddr_in sin_server;
1766         struct sockaddr_in6 sin_server6;
1767         struct smb_vol volume_info;
1768         struct cifsSesInfo *pSesInfo = NULL;
1769         struct cifsSesInfo *existingCifsSes = NULL;
1770         struct cifsTconInfo *tcon = NULL;
1771         struct TCP_Server_Info *srvTcp = NULL;
1772
1773         xid = GetXid();
1774
1775 /* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */
1776
1777         memset(&volume_info, 0, sizeof(struct smb_vol));
1778         if (cifs_parse_mount_options(mount_data, devname, &volume_info)) {
1779                 kfree(volume_info.UNC);
1780                 kfree(volume_info.password);
1781                 kfree(volume_info.prepath);
1782                 FreeXid(xid);
1783                 return -EINVAL;
1784         }
1785
1786         if (volume_info.nullauth) {
1787                 cFYI(1, ("null user"));
1788                 volume_info.username = NULL;
1789         } else if (volume_info.username) {
1790                 /* BB fixme parse for domain name here */
1791                 cFYI(1, ("Username: %s", volume_info.username));
1792         } else {
1793                 cifserror("No username specified");
1794         /* In userspace mount helper we can get user name from alternate
1795            locations such as env variables and files on disk */
1796                 kfree(volume_info.UNC);
1797                 kfree(volume_info.password);
1798                 kfree(volume_info.prepath);
1799                 FreeXid(xid);
1800                 return -EINVAL;
1801         }
1802
1803         if (volume_info.UNCip && volume_info.UNC) {
1804                 rc = cifs_inet_pton(AF_INET, volume_info.UNCip,
1805                                     &sin_server.sin_addr.s_addr);
1806
1807                 if (rc <= 0) {
1808                         /* not ipv4 address, try ipv6 */
1809                         rc = cifs_inet_pton(AF_INET6, volume_info.UNCip,
1810                                             &sin_server6.sin6_addr.in6_u);
1811                         if (rc > 0)
1812                                 address_type = AF_INET6;
1813                 } else {
1814                         address_type = AF_INET;
1815                 }
1816
1817                 if (rc <= 0) {
1818                         /* we failed translating address */
1819                         kfree(volume_info.UNC);
1820                         kfree(volume_info.password);
1821                         kfree(volume_info.prepath);
1822                         FreeXid(xid);
1823                         return -EINVAL;
1824                 }
1825
1826                 cFYI(1, ("UNC: %s ip: %s", volume_info.UNC, volume_info.UNCip));
1827                 /* success */
1828                 rc = 0;
1829         } else if (volume_info.UNCip) {
1830                 /* BB using ip addr as server name to connect to the
1831                    DFS root below */
1832                 cERROR(1, ("Connecting to DFS root not implemented yet"));
1833                 kfree(volume_info.UNC);
1834                 kfree(volume_info.password);
1835                 kfree(volume_info.prepath);
1836                 FreeXid(xid);
1837                 return -EINVAL;
1838         } else /* which servers DFS root would we conect to */ {
1839                 cERROR(1,
1840                        ("CIFS mount error: No UNC path (e.g. -o "
1841                         "unc=//192.168.1.100/public) specified"));
1842                 kfree(volume_info.UNC);
1843                 kfree(volume_info.password);
1844                 kfree(volume_info.prepath);
1845                 FreeXid(xid);
1846                 return -EINVAL;
1847         }
1848
1849         /* this is needed for ASCII cp to Unicode converts */
1850         if (volume_info.iocharset == NULL) {
1851                 cifs_sb->local_nls = load_nls_default();
1852         /* load_nls_default can not return null */
1853         } else {
1854                 cifs_sb->local_nls = load_nls(volume_info.iocharset);
1855                 if (cifs_sb->local_nls == NULL) {
1856                         cERROR(1, ("CIFS mount error: iocharset %s not found",
1857                                  volume_info.iocharset));
1858                         kfree(volume_info.UNC);
1859                         kfree(volume_info.password);
1860                         kfree(volume_info.prepath);
1861                         FreeXid(xid);
1862                         return -ELIBACC;
1863                 }
1864         }
1865
1866         if (address_type == AF_INET)
1867                 existingCifsSes = cifs_find_tcp_session(&sin_server.sin_addr,
1868                         NULL /* no ipv6 addr */,
1869                         volume_info.username, &srvTcp);
1870         else if (address_type == AF_INET6) {
1871                 cFYI(1, ("looking for ipv6 address"));
1872                 existingCifsSes = cifs_find_tcp_session(NULL /* no ipv4 addr */,
1873                         &sin_server6.sin6_addr,
1874                         volume_info.username, &srvTcp);
1875         } else {
1876                 kfree(volume_info.UNC);
1877                 kfree(volume_info.password);
1878                 kfree(volume_info.prepath);
1879                 FreeXid(xid);
1880                 return -EINVAL;
1881         }
1882
1883         if (srvTcp) {
1884                 cFYI(1, ("Existing tcp session with server found"));
1885         } else {        /* create socket */
1886                 if (volume_info.port)
1887                         sin_server.sin_port = htons(volume_info.port);
1888                 else
1889                         sin_server.sin_port = 0;
1890                 if (address_type == AF_INET6) {
1891                         cFYI(1, ("attempting ipv6 connect"));
1892                         /* BB should we allow ipv6 on port 139? */
1893                         /* other OS never observed in Wild doing 139 with v6 */
1894                         rc = ipv6_connect(&sin_server6, &csocket);
1895                 } else
1896                         rc = ipv4_connect(&sin_server, &csocket,
1897                                   volume_info.source_rfc1001_name,
1898                                   volume_info.target_rfc1001_name);
1899                 if (rc < 0) {
1900                         cERROR(1, ("Error connecting to IPv4 socket. "
1901                                    "Aborting operation"));
1902                         if (csocket != NULL)
1903                                 sock_release(csocket);
1904                         kfree(volume_info.UNC);
1905                         kfree(volume_info.password);
1906                         kfree(volume_info.prepath);
1907                         FreeXid(xid);
1908                         return rc;
1909                 }
1910
1911                 srvTcp = kmalloc(sizeof (struct TCP_Server_Info), GFP_KERNEL);
1912                 if (srvTcp == NULL) {
1913                         rc = -ENOMEM;
1914                         sock_release(csocket);
1915                         kfree(volume_info.UNC);
1916                         kfree(volume_info.password);
1917                         kfree(volume_info.prepath);
1918                         FreeXid(xid);
1919                         return rc;
1920                 } else {
1921                         memset(srvTcp, 0, sizeof (struct TCP_Server_Info));
1922                         memcpy(&srvTcp->addr.sockAddr, &sin_server,
1923                                 sizeof (struct sockaddr_in));
1924                         atomic_set(&srvTcp->inFlight, 0);
1925                         /* BB Add code for ipv6 case too */
1926                         srvTcp->ssocket = csocket;
1927                         srvTcp->protocolType = IPV4;
1928                         init_waitqueue_head(&srvTcp->response_q);
1929                         init_waitqueue_head(&srvTcp->request_q);
1930                         INIT_LIST_HEAD(&srvTcp->pending_mid_q);
1931                         /* at this point we are the only ones with the pointer
1932                         to the struct since the kernel thread not created yet
1933                         so no need to spinlock this init of tcpStatus */
1934                         srvTcp->tcpStatus = CifsNew;
1935                         init_MUTEX(&srvTcp->tcpSem);
1936                         srvTcp->tsk = kthread_run((void *)(void *)cifs_demultiplex_thread, srvTcp, "cifsd");
1937                         if ( IS_ERR(srvTcp->tsk) ) {
1938                                 rc = PTR_ERR(srvTcp->tsk);
1939                                 cERROR(1, ("error %d create cifsd thread", rc));
1940                                 srvTcp->tsk = NULL;
1941                                 sock_release(csocket);
1942                                 kfree(volume_info.UNC);
1943                                 kfree(volume_info.password);
1944                                 kfree(volume_info.prepath);
1945                                 FreeXid(xid);
1946                                 return rc;
1947                         }
1948                         wait_for_completion(&cifsd_complete);
1949                         rc = 0;
1950                         memcpy(srvTcp->workstation_RFC1001_name,
1951                                 volume_info.source_rfc1001_name, 16);
1952                         memcpy(srvTcp->server_RFC1001_name,
1953                                 volume_info.target_rfc1001_name, 16);
1954                         srvTcp->sequence_number = 0;
1955                 }
1956         }
1957
1958         if (existingCifsSes) {
1959                 pSesInfo = existingCifsSes;
1960                 cFYI(1, ("Existing smb sess found"));
1961                 kfree(volume_info.password);
1962                 /* volume_info.UNC freed at end of function */
1963         } else if (!rc) {
1964                 cFYI(1, ("Existing smb sess not found"));
1965                 pSesInfo = sesInfoAlloc();
1966                 if (pSesInfo == NULL)
1967                         rc = -ENOMEM;
1968                 else {
1969                         pSesInfo->server = srvTcp;
1970                         sprintf(pSesInfo->serverName, "%u.%u.%u.%u",
1971                                 NIPQUAD(sin_server.sin_addr.s_addr));
1972                 }
1973
1974                 if (!rc) {
1975                         /* volume_info.password freed at unmount */
1976                         if (volume_info.password)
1977                                 pSesInfo->password = volume_info.password;
1978                         if (volume_info.username)
1979                                 strncpy(pSesInfo->userName,
1980                                         volume_info.username,
1981                                         MAX_USERNAME_SIZE);
1982                         if (volume_info.domainname) {
1983                                 int len = strlen(volume_info.domainname);
1984                                 pSesInfo->domainName =
1985                                         kmalloc(len + 1, GFP_KERNEL);
1986                                 if (pSesInfo->domainName)
1987                                         strcpy(pSesInfo->domainName,
1988                                                 volume_info.domainname);
1989                         }
1990                         pSesInfo->linux_uid = volume_info.linux_uid;
1991                         pSesInfo->overrideSecFlg = volume_info.secFlg;
1992                         down(&pSesInfo->sesSem);
1993                         /* BB FIXME need to pass vol->secFlgs BB */
1994                         rc = cifs_setup_session(xid, pSesInfo,
1995                                                 cifs_sb->local_nls);
1996                         up(&pSesInfo->sesSem);
1997                         if (!rc)
1998                                 atomic_inc(&srvTcp->socketUseCount);
1999                 } else
2000                         kfree(volume_info.password);
2001         }
2002
2003         /* search for existing tcon to this server share */
2004         if (!rc) {
2005                 if (volume_info.rsize > CIFSMaxBufSize) {
2006                         cERROR(1, ("rsize %d too large, using MaxBufSize",
2007                                 volume_info.rsize));
2008                         cifs_sb->rsize = CIFSMaxBufSize;
2009                 } else if ((volume_info.rsize) &&
2010                                 (volume_info.rsize <= CIFSMaxBufSize))
2011                         cifs_sb->rsize = volume_info.rsize;
2012                 else /* default */
2013                         cifs_sb->rsize = CIFSMaxBufSize;
2014
2015                 if (volume_info.wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
2016                         cERROR(1, ("wsize %d too large, using 4096 instead",
2017                                   volume_info.wsize));
2018                         cifs_sb->wsize = 4096;
2019                 } else if (volume_info.wsize)
2020                         cifs_sb->wsize = volume_info.wsize;
2021                 else
2022                         cifs_sb->wsize =
2023                                 min_t(const int, PAGEVEC_SIZE * PAGE_CACHE_SIZE,
2024                                         127*1024);
2025                         /* old default of CIFSMaxBufSize was too small now
2026                            that SMB Write2 can send multiple pages in kvec.
2027                            RFC1001 does not describe what happens when frame
2028                            bigger than 128K is sent so use that as max in
2029                            conjunction with 52K kvec constraint on arch with 4K
2030                            page size  */
2031
2032                 if (cifs_sb->rsize < 2048) {
2033                         cifs_sb->rsize = 2048;
2034                         /* Windows ME may prefer this */
2035                         cFYI(1, ("readsize set to minimum: 2048"));
2036                 }
2037                 /* calculate prepath */
2038                 cifs_sb->prepath = volume_info.prepath;
2039                 if (cifs_sb->prepath) {
2040                         cifs_sb->prepathlen = strlen(cifs_sb->prepath);
2041                         cifs_sb->prepath[0] = CIFS_DIR_SEP(cifs_sb);
2042                         volume_info.prepath = NULL;
2043                 } else
2044                         cifs_sb->prepathlen = 0;
2045                 cifs_sb->mnt_uid = volume_info.linux_uid;
2046                 cifs_sb->mnt_gid = volume_info.linux_gid;
2047                 cifs_sb->mnt_file_mode = volume_info.file_mode;
2048                 cifs_sb->mnt_dir_mode = volume_info.dir_mode;
2049                 cFYI(1, ("file mode: 0x%x  dir mode: 0x%x",
2050                         cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode));
2051
2052                 if (volume_info.noperm)
2053                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
2054                 if (volume_info.setuids)
2055                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
2056                 if (volume_info.server_ino)
2057                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
2058                 if (volume_info.remap)
2059                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
2060                 if (volume_info.no_xattr)
2061                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
2062                 if (volume_info.sfu_emul)
2063                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
2064                 if (volume_info.nobrl)
2065                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
2066                 if (volume_info.cifs_acl)
2067                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
2068                 if (volume_info.override_uid)
2069                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
2070                 if (volume_info.override_gid)
2071                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
2072                 if (volume_info.direct_io) {
2073                         cFYI(1, ("mounting share using direct i/o"));
2074                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
2075                 }
2076
2077                 tcon =
2078                     find_unc(sin_server.sin_addr.s_addr, volume_info.UNC,
2079                              volume_info.username);
2080                 if (tcon) {
2081                         cFYI(1, ("Found match on UNC path"));
2082                         /* we can have only one retry value for a connection
2083                            to a share so for resources mounted more than once
2084                            to the same server share the last value passed in
2085                            for the retry flag is used */
2086                         tcon->retry = volume_info.retry;
2087                         tcon->nocase = volume_info.nocase;
2088                 } else {
2089                         tcon = tconInfoAlloc();
2090                         if (tcon == NULL)
2091                                 rc = -ENOMEM;
2092                         else {
2093                                 /* check for null share name ie connecting to
2094                                  * dfs root */
2095
2096                                 /* BB check if this works for exactly length
2097                                  * three strings */
2098                                 if ((strchr(volume_info.UNC + 3, '\\') == NULL)
2099                                     && (strchr(volume_info.UNC + 3, '/') ==
2100                                         NULL)) {
2101                                         rc = connect_to_dfs_path(xid, pSesInfo,
2102                                                 "", cifs_sb->local_nls,
2103                                                 cifs_sb->mnt_cifs_flags &
2104                                                   CIFS_MOUNT_MAP_SPECIAL_CHR);
2105                                         kfree(volume_info.UNC);
2106                                         FreeXid(xid);
2107                                         return -ENODEV;
2108                                 } else {
2109                                         /* BB Do we need to wrap sesSem around
2110                                          * this TCon call and Unix SetFS as
2111                                          * we do on SessSetup and reconnect? */
2112                                         rc = CIFSTCon(xid, pSesInfo,
2113                                                 volume_info.UNC,
2114                                                 tcon, cifs_sb->local_nls);
2115                                         cFYI(1, ("CIFS Tcon rc = %d", rc));
2116                                 }
2117                                 if (!rc) {
2118                                         atomic_inc(&pSesInfo->inUse);
2119                                         tcon->retry = volume_info.retry;
2120                                         tcon->nocase = volume_info.nocase;
2121                                 }
2122                         }
2123                 }
2124         }
2125         if (pSesInfo) {
2126                 if (pSesInfo->capabilities & CAP_LARGE_FILES) {
2127                         sb->s_maxbytes = (u64) 1 << 63;
2128                 } else
2129                         sb->s_maxbytes = (u64) 1 << 31; /* 2 GB */
2130         }
2131
2132         /* BB FIXME fix time_gran to be larger for LANMAN sessions */
2133         sb->s_time_gran = 100;
2134
2135 /* on error free sesinfo and tcon struct if needed */
2136         if (rc) {
2137                 /* if session setup failed, use count is zero but
2138                 we still need to free cifsd thread */
2139                 if (atomic_read(&srvTcp->socketUseCount) == 0) {
2140                         spin_lock(&GlobalMid_Lock);
2141                         srvTcp->tcpStatus = CifsExiting;
2142                         spin_unlock(&GlobalMid_Lock);
2143                         if (srvTcp->tsk) {
2144                                 struct task_struct *tsk;
2145                                 /* If we could verify that kthread_stop would
2146                                    always wake up processes blocked in
2147                                    tcp in recv_mesg then we could remove the
2148                                    send_sig call */
2149                                 force_sig(SIGKILL, srvTcp->tsk);
2150                                 tsk = srvTcp->tsk;
2151                                 if (tsk)
2152                                         kthread_stop(tsk);
2153                         }
2154                 }
2155                  /* If find_unc succeeded then rc == 0 so we can not end */
2156                 if (tcon)  /* up accidently freeing someone elses tcon struct */
2157                         tconInfoFree(tcon);
2158                 if (existingCifsSes == NULL) {
2159                         if (pSesInfo) {
2160                                 if ((pSesInfo->server) &&
2161                                     (pSesInfo->status == CifsGood)) {
2162                                         int temp_rc;
2163                                         temp_rc = CIFSSMBLogoff(xid, pSesInfo);
2164                                         /* if the socketUseCount is now zero */
2165                                         if ((temp_rc == -ESHUTDOWN) &&
2166                                             (pSesInfo->server) &&
2167                                             (pSesInfo->server->tsk)) {
2168                                                 struct task_struct *tsk;
2169                                                 force_sig(SIGKILL,
2170                                                         pSesInfo->server->tsk);
2171                                                 tsk = pSesInfo->server->tsk;
2172                                                 if (tsk)
2173                                                         kthread_stop(tsk);
2174                                         }
2175                                 } else
2176                                         cFYI(1, ("No session or bad tcon"));
2177                                 sesInfoFree(pSesInfo);
2178                                 /* pSesInfo = NULL; */
2179                         }
2180                 }
2181         } else {
2182                 atomic_inc(&tcon->useCount);
2183                 cifs_sb->tcon = tcon;
2184                 tcon->ses = pSesInfo;
2185
2186                 /* do not care if following two calls succeed - informational */
2187                 CIFSSMBQFSDeviceInfo(xid, tcon);
2188                 CIFSSMBQFSAttributeInfo(xid, tcon);
2189
2190                 /* tell server which Unix caps we support */
2191                 if (tcon->ses->capabilities & CAP_UNIX)
2192                         /* reset of caps checks mount to see if unix extensions
2193                            disabled for just this mount */
2194                         reset_cifs_unix_caps(xid, tcon, sb, &volume_info);
2195                 else
2196                         tcon->unix_ext = 0; /* server does not support them */
2197
2198                 if ((tcon->unix_ext == 0) && (cifs_sb->rsize > (1024 * 127))) {
2199                         cifs_sb->rsize = 1024 * 127;
2200 #ifdef CONFIG_CIFS_DEBUG2
2201                         cFYI(1, ("no very large read support, rsize now 127K"));
2202 #endif
2203                 }
2204                 if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
2205                         cifs_sb->wsize = min(cifs_sb->wsize,
2206                                              (tcon->ses->server->maxBuf -
2207                                               MAX_CIFS_HDR_SIZE));
2208                 if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
2209                         cifs_sb->rsize = min(cifs_sb->rsize,
2210                                              (tcon->ses->server->maxBuf -
2211                                               MAX_CIFS_HDR_SIZE));
2212         }
2213
2214         /* volume_info.password is freed above when existing session found
2215         (in which case it is not needed anymore) but when new sesion is created
2216         the password ptr is put in the new session structure (in which case the
2217         password will be freed at unmount time) */
2218         kfree(volume_info.UNC);
2219         kfree(volume_info.prepath);
2220         FreeXid(xid);
2221         return rc;
2222 }
2223
2224 static int
2225 CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2226               char session_key[CIFS_SESS_KEY_SIZE],
2227               const struct nls_table *nls_codepage)
2228 {
2229         struct smb_hdr *smb_buffer;
2230         struct smb_hdr *smb_buffer_response;
2231         SESSION_SETUP_ANDX *pSMB;
2232         SESSION_SETUP_ANDX *pSMBr;
2233         char *bcc_ptr;
2234         char *user;
2235         char *domain;
2236         int rc = 0;
2237         int remaining_words = 0;
2238         int bytes_returned = 0;
2239         int len;
2240         __u32 capabilities;
2241         __u16 count;
2242
2243         cFYI(1, ("In sesssetup"));
2244         if (ses == NULL)
2245                 return -EINVAL;
2246         user = ses->userName;
2247         domain = ses->domainName;
2248         smb_buffer = cifs_buf_get();
2249         if (smb_buffer == NULL) {
2250                 return -ENOMEM;
2251         }
2252         smb_buffer_response = smb_buffer;
2253         pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2254
2255         /* send SMBsessionSetup here */
2256         header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2257                         NULL /* no tCon exists yet */ , 13 /* wct */ );
2258
2259         smb_buffer->Mid = GetNextMid(ses->server);
2260         pSMB->req_no_secext.AndXCommand = 0xFF;
2261         pSMB->req_no_secext.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2262         pSMB->req_no_secext.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2263
2264         if (ses->server->secMode &
2265                         (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2266                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2267
2268         capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2269                 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
2270         if (ses->capabilities & CAP_UNICODE) {
2271                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2272                 capabilities |= CAP_UNICODE;
2273         }
2274         if (ses->capabilities & CAP_STATUS32) {
2275                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2276                 capabilities |= CAP_STATUS32;
2277         }
2278         if (ses->capabilities & CAP_DFS) {
2279                 smb_buffer->Flags2 |= SMBFLG2_DFS;
2280                 capabilities |= CAP_DFS;
2281         }
2282         pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
2283
2284         pSMB->req_no_secext.CaseInsensitivePasswordLength =
2285                 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2286
2287         pSMB->req_no_secext.CaseSensitivePasswordLength =
2288             cpu_to_le16(CIFS_SESS_KEY_SIZE);
2289         bcc_ptr = pByteArea(smb_buffer);
2290         memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2291         bcc_ptr += CIFS_SESS_KEY_SIZE;
2292         memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2293         bcc_ptr += CIFS_SESS_KEY_SIZE;
2294
2295         if (ses->capabilities & CAP_UNICODE) {
2296                 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode */
2297                         *bcc_ptr = 0;
2298                         bcc_ptr++;
2299                 }
2300                 if (user == NULL)
2301                         bytes_returned = 0; /* skip null user */
2302                 else
2303                         bytes_returned =
2304                                 cifs_strtoUCS((__le16 *) bcc_ptr, user, 100,
2305                                         nls_codepage);
2306                 /* convert number of 16 bit words to bytes */
2307                 bcc_ptr += 2 * bytes_returned;
2308                 bcc_ptr += 2;   /* trailing null */
2309                 if (domain == NULL)
2310                         bytes_returned =
2311                             cifs_strtoUCS((__le16 *) bcc_ptr,
2312                                           "CIFS_LINUX_DOM", 32, nls_codepage);
2313                 else
2314                         bytes_returned =
2315                             cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2316                                           nls_codepage);
2317                 bcc_ptr += 2 * bytes_returned;
2318                 bcc_ptr += 2;
2319                 bytes_returned =
2320                     cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2321                                   32, nls_codepage);
2322                 bcc_ptr += 2 * bytes_returned;
2323                 bytes_returned =
2324                     cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release,
2325                                   32, nls_codepage);
2326                 bcc_ptr += 2 * bytes_returned;
2327                 bcc_ptr += 2;
2328                 bytes_returned =
2329                     cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2330                                   64, nls_codepage);
2331                 bcc_ptr += 2 * bytes_returned;
2332                 bcc_ptr += 2;
2333         } else {
2334                 if (user != NULL) {
2335                     strncpy(bcc_ptr, user, 200);
2336                     bcc_ptr += strnlen(user, 200);
2337                 }
2338                 *bcc_ptr = 0;
2339                 bcc_ptr++;
2340                 if (domain == NULL) {
2341                         strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2342                         bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2343                 } else {
2344                         strncpy(bcc_ptr, domain, 64);
2345                         bcc_ptr += strnlen(domain, 64);
2346                         *bcc_ptr = 0;
2347                         bcc_ptr++;
2348                 }
2349                 strcpy(bcc_ptr, "Linux version ");
2350                 bcc_ptr += strlen("Linux version ");
2351                 strcpy(bcc_ptr, utsname()->release);
2352                 bcc_ptr += strlen(utsname()->release) + 1;
2353                 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2354                 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2355         }
2356         count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2357         smb_buffer->smb_buf_length += count;
2358         pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
2359
2360         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2361                          &bytes_returned, 1);
2362         if (rc) {
2363 /* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2364         } else if ((smb_buffer_response->WordCount == 3)
2365                    || (smb_buffer_response->WordCount == 4)) {
2366                 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2367                 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2368                 if (action & GUEST_LOGIN)
2369                         cFYI(1, (" Guest login")); /* BB mark SesInfo struct? */
2370                 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format
2371                                                          (little endian) */
2372                 cFYI(1, ("UID = %d ", ses->Suid));
2373         /* response can have either 3 or 4 word count - Samba sends 3 */
2374                 bcc_ptr = pByteArea(smb_buffer_response);
2375                 if ((pSMBr->resp.hdr.WordCount == 3)
2376                     || ((pSMBr->resp.hdr.WordCount == 4)
2377                         && (blob_len < pSMBr->resp.ByteCount))) {
2378                         if (pSMBr->resp.hdr.WordCount == 4)
2379                                 bcc_ptr += blob_len;
2380
2381                         if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2382                                 if ((long) (bcc_ptr) % 2) {
2383                                         remaining_words =
2384                                             (BCC(smb_buffer_response) - 1) / 2;
2385                                         /* Unicode strings must be word
2386                                            aligned */
2387                                         bcc_ptr++;
2388                                 } else {
2389                                         remaining_words =
2390                                                 BCC(smb_buffer_response) / 2;
2391                                 }
2392                                 len =
2393                                     UniStrnlen((wchar_t *) bcc_ptr,
2394                                                remaining_words - 1);
2395 /* We look for obvious messed up bcc or strings in response so we do not go off
2396    the end since (at least) WIN2K and Windows XP have a major bug in not null
2397    terminating last Unicode string in response  */
2398                                 if (ses->serverOS)
2399                                         kfree(ses->serverOS);
2400                                 ses->serverOS = kzalloc(2 * (len + 1),
2401                                                         GFP_KERNEL);
2402                                 if (ses->serverOS == NULL)
2403                                         goto sesssetup_nomem;
2404                                 cifs_strfromUCS_le(ses->serverOS,
2405                                                    (__le16 *)bcc_ptr,
2406                                                    len, nls_codepage);
2407                                 bcc_ptr += 2 * (len + 1);
2408                                 remaining_words -= len + 1;
2409                                 ses->serverOS[2 * len] = 0;
2410                                 ses->serverOS[1 + (2 * len)] = 0;
2411                                 if (remaining_words > 0) {
2412                                         len = UniStrnlen((wchar_t *)bcc_ptr,
2413                                                          remaining_words-1);
2414                                         kfree(ses->serverNOS);
2415                                         ses->serverNOS = kzalloc(2 * (len + 1),
2416                                                                  GFP_KERNEL);
2417                                         if (ses->serverNOS == NULL)
2418                                                 goto sesssetup_nomem;
2419                                         cifs_strfromUCS_le(ses->serverNOS,
2420                                                            (__le16 *)bcc_ptr,
2421                                                            len, nls_codepage);
2422                                         bcc_ptr += 2 * (len + 1);
2423                                         ses->serverNOS[2 * len] = 0;
2424                                         ses->serverNOS[1 + (2 * len)] = 0;
2425                                         if (strncmp(ses->serverNOS,
2426                                                 "NT LAN Manager 4", 16) == 0) {
2427                                                 cFYI(1, ("NT4 server"));
2428                                                 ses->flags |= CIFS_SES_NT4;
2429                                         }
2430                                         remaining_words -= len + 1;
2431                                         if (remaining_words > 0) {
2432                                                 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2433                                 /* last string is not always null terminated
2434                                    (for e.g. for Windows XP & 2000) */
2435                                                 if (ses->serverDomain)
2436                                                         kfree(ses->serverDomain);
2437                                                 ses->serverDomain =
2438                                                     kzalloc(2*(len+1),
2439                                                             GFP_KERNEL);
2440                                                 if (ses->serverDomain == NULL)
2441                                                         goto sesssetup_nomem;
2442                                                 cifs_strfromUCS_le(ses->serverDomain,
2443                                                         (__le16 *)bcc_ptr,
2444                                                         len, nls_codepage);
2445                                                 bcc_ptr += 2 * (len + 1);
2446                                                 ses->serverDomain[2*len] = 0;
2447                                                 ses->serverDomain[1+(2*len)] = 0;
2448                                         } else { /* else no more room so create
2449                                                   dummy domain string */
2450                                                 if (ses->serverDomain)
2451                                                         kfree(ses->serverDomain);
2452                                                 ses->serverDomain =
2453                                                         kzalloc(2, GFP_KERNEL);
2454                                         }
2455                                 } else { /* no room so create dummy domain
2456                                             and NOS string */
2457
2458                                         /* if these kcallocs fail not much we
2459                                            can do, but better to not fail the
2460                                            sesssetup itself */
2461                                         kfree(ses->serverDomain);
2462                                         ses->serverDomain =
2463                                             kzalloc(2, GFP_KERNEL);
2464                                         kfree(ses->serverNOS);
2465                                         ses->serverNOS =
2466                                             kzalloc(2, GFP_KERNEL);
2467                                 }
2468                         } else {        /* ASCII */
2469                                 len = strnlen(bcc_ptr, 1024);
2470                                 if (((long) bcc_ptr + len) - (long)
2471                                     pByteArea(smb_buffer_response)
2472                                             <= BCC(smb_buffer_response)) {
2473                                         kfree(ses->serverOS);
2474                                         ses->serverOS = kzalloc(len + 1,
2475                                                                 GFP_KERNEL);
2476                                         if (ses->serverOS == NULL)
2477                                                 goto sesssetup_nomem;
2478                                         strncpy(ses->serverOS, bcc_ptr, len);
2479
2480                                         bcc_ptr += len;
2481                                         /* null terminate the string */
2482                                         bcc_ptr[0] = 0;
2483                                         bcc_ptr++;
2484
2485                                         len = strnlen(bcc_ptr, 1024);
2486                                         kfree(ses->serverNOS);
2487                                         ses->serverNOS = kzalloc(len + 1,
2488                                                                  GFP_KERNEL);
2489                                         if (ses->serverNOS == NULL)
2490                                                 goto sesssetup_nomem;
2491                                         strncpy(ses->serverNOS, bcc_ptr, len);
2492                                         bcc_ptr += len;
2493                                         bcc_ptr[0] = 0;
2494                                         bcc_ptr++;
2495
2496                                         len = strnlen(bcc_ptr, 1024);
2497                                         if (ses->serverDomain)
2498                                                 kfree(ses->serverDomain);
2499                                         ses->serverDomain = kzalloc(len + 1,
2500                                                                     GFP_KERNEL);
2501                                         if (ses->serverDomain == NULL)
2502                                                 goto sesssetup_nomem;
2503                                         strncpy(ses->serverDomain, bcc_ptr,
2504                                                 len);
2505                                         bcc_ptr += len;
2506                                         bcc_ptr[0] = 0;
2507                                         bcc_ptr++;
2508                                 } else
2509                                         cFYI(1,
2510                                              ("Variable field of length %d "
2511                                                 "extends beyond end of smb ",
2512                                               len));
2513                         }
2514                 } else {
2515                         cERROR(1,
2516                                (" Security Blob Length extends beyond "
2517                                 "end of SMB"));
2518                 }
2519         } else {
2520                 cERROR(1,
2521                        (" Invalid Word count %d: ",
2522                         smb_buffer_response->WordCount));
2523                 rc = -EIO;
2524         }
2525 sesssetup_nomem:        /* do not return an error on nomem for the info strings,
2526                            since that could make reconnection harder, and
2527                            reconnection might be needed to free memory */
2528         if (smb_buffer)
2529                 cifs_buf_release(smb_buffer);
2530
2531         return rc;
2532 }
2533
2534 static int
2535 CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2536                               struct cifsSesInfo *ses, int *pNTLMv2_flag,
2537                               const struct nls_table *nls_codepage)
2538 {
2539         struct smb_hdr *smb_buffer;
2540         struct smb_hdr *smb_buffer_response;
2541         SESSION_SETUP_ANDX *pSMB;
2542         SESSION_SETUP_ANDX *pSMBr;
2543         char *bcc_ptr;
2544         char *domain;
2545         int rc = 0;
2546         int remaining_words = 0;
2547         int bytes_returned = 0;
2548         int len;
2549         int SecurityBlobLength = sizeof (NEGOTIATE_MESSAGE);
2550         PNEGOTIATE_MESSAGE SecurityBlob;
2551         PCHALLENGE_MESSAGE SecurityBlob2;
2552         __u32 negotiate_flags, capabilities;
2553         __u16 count;
2554
2555         cFYI(1, ("In NTLMSSP sesssetup (negotiate)"));
2556         if (ses == NULL)
2557                 return -EINVAL;
2558         domain = ses->domainName;
2559         *pNTLMv2_flag = FALSE;
2560         smb_buffer = cifs_buf_get();
2561         if (smb_buffer == NULL) {
2562                 return -ENOMEM;
2563         }
2564         smb_buffer_response = smb_buffer;
2565         pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2566         pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2567
2568         /* send SMBsessionSetup here */
2569         header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2570                         NULL /* no tCon exists yet */ , 12 /* wct */ );
2571
2572         smb_buffer->Mid = GetNextMid(ses->server);
2573         pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2574         pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2575
2576         pSMB->req.AndXCommand = 0xFF;
2577         pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2578         pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2579
2580         if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2581                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2582
2583         capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2584             CAP_EXTENDED_SECURITY;
2585         if (ses->capabilities & CAP_UNICODE) {
2586                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2587                 capabilities |= CAP_UNICODE;
2588         }
2589         if (ses->capabilities & CAP_STATUS32) {
2590                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2591                 capabilities |= CAP_STATUS32;
2592         }
2593         if (ses->capabilities & CAP_DFS) {
2594                 smb_buffer->Flags2 |= SMBFLG2_DFS;
2595                 capabilities |= CAP_DFS;
2596         }
2597         pSMB->req.Capabilities = cpu_to_le32(capabilities);
2598
2599         bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2600         SecurityBlob = (PNEGOTIATE_MESSAGE) bcc_ptr;
2601         strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2602         SecurityBlob->MessageType = NtLmNegotiate;
2603         negotiate_flags =
2604             NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
2605             NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM |
2606             NTLMSSP_NEGOTIATE_56 |
2607             /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
2608         if (sign_CIFS_PDUs)
2609                 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
2610 /*      if (ntlmv2_support)
2611                 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;*/
2612         /* setup pointers to domain name and workstation name */
2613         bcc_ptr += SecurityBlobLength;
2614
2615         SecurityBlob->WorkstationName.Buffer = 0;
2616         SecurityBlob->WorkstationName.Length = 0;
2617         SecurityBlob->WorkstationName.MaximumLength = 0;
2618
2619         /* Domain not sent on first Sesssetup in NTLMSSP, instead it is sent
2620         along with username on auth request (ie the response to challenge) */
2621         SecurityBlob->DomainName.Buffer = 0;
2622         SecurityBlob->DomainName.Length = 0;
2623         SecurityBlob->DomainName.MaximumLength = 0;
2624         if (ses->capabilities & CAP_UNICODE) {
2625                 if ((long) bcc_ptr % 2) {
2626                         *bcc_ptr = 0;
2627                         bcc_ptr++;
2628                 }
2629
2630                 bytes_returned =
2631                     cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2632                                   32, nls_codepage);
2633                 bcc_ptr += 2 * bytes_returned;
2634                 bytes_returned =
2635                     cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
2636                                   nls_codepage);
2637                 bcc_ptr += 2 * bytes_returned;
2638                 bcc_ptr += 2;   /* null terminate Linux version */
2639                 bytes_returned =
2640                     cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2641                                   64, nls_codepage);
2642                 bcc_ptr += 2 * bytes_returned;
2643                 *(bcc_ptr + 1) = 0;
2644                 *(bcc_ptr + 2) = 0;
2645                 bcc_ptr += 2;   /* null terminate network opsys string */
2646                 *(bcc_ptr + 1) = 0;
2647                 *(bcc_ptr + 2) = 0;
2648                 bcc_ptr += 2;   /* null domain */
2649         } else {                /* ASCII */
2650                 strcpy(bcc_ptr, "Linux version ");
2651                 bcc_ptr += strlen("Linux version ");
2652                 strcpy(bcc_ptr, utsname()->release);
2653                 bcc_ptr += strlen(utsname()->release) + 1;
2654                 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2655                 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2656                 bcc_ptr++;      /* empty domain field */
2657                 *bcc_ptr = 0;
2658         }
2659         SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2660         pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2661         count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2662         smb_buffer->smb_buf_length += count;
2663         pSMB->req.ByteCount = cpu_to_le16(count);
2664
2665         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2666                          &bytes_returned, 1);
2667
2668         if (smb_buffer_response->Status.CifsError ==
2669             cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
2670                 rc = 0;
2671
2672         if (rc) {
2673 /*    rc = map_smb_to_linux_error(smb_buffer_response);  *//* done in SendReceive now */
2674         } else if ((smb_buffer_response->WordCount == 3)
2675                    || (smb_buffer_response->WordCount == 4)) {
2676                 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2677                 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2678
2679                 if (action & GUEST_LOGIN)
2680                         cFYI(1, (" Guest login"));
2681         /* Do we want to set anything in SesInfo struct when guest login? */
2682
2683                 bcc_ptr = pByteArea(smb_buffer_response);
2684         /* response can have either 3 or 4 word count - Samba sends 3 */
2685
2686                 SecurityBlob2 = (PCHALLENGE_MESSAGE) bcc_ptr;
2687                 if (SecurityBlob2->MessageType != NtLmChallenge) {
2688                         cFYI(1,
2689                              ("Unexpected NTLMSSP message type received %d",
2690                               SecurityBlob2->MessageType));
2691                 } else if (ses) {
2692                         ses->Suid = smb_buffer_response->Uid; /* UID left in le format */
2693                         cFYI(1, ("UID = %d", ses->Suid));
2694                         if ((pSMBr->resp.hdr.WordCount == 3)
2695                             || ((pSMBr->resp.hdr.WordCount == 4)
2696                                 && (blob_len <
2697                                     pSMBr->resp.ByteCount))) {
2698
2699                                 if (pSMBr->resp.hdr.WordCount == 4) {
2700                                         bcc_ptr += blob_len;
2701                                         cFYI(1, ("Security Blob Length %d",
2702                                               blob_len));
2703                                 }
2704
2705                                 cFYI(1, ("NTLMSSP Challenge rcvd"));
2706
2707                                 memcpy(ses->server->cryptKey,
2708                                        SecurityBlob2->Challenge,
2709                                        CIFS_CRYPTO_KEY_SIZE);
2710                                 if (SecurityBlob2->NegotiateFlags &
2711                                         cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
2712                                         *pNTLMv2_flag = TRUE;
2713
2714                                 if ((SecurityBlob2->NegotiateFlags &
2715                                         cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN))
2716                                         || (sign_CIFS_PDUs > 1))
2717                                                 ses->server->secMode |=
2718                                                         SECMODE_SIGN_REQUIRED;
2719                                 if ((SecurityBlob2->NegotiateFlags &
2720                                         cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN)) && (sign_CIFS_PDUs))
2721                                                 ses->server->secMode |=
2722                                                         SECMODE_SIGN_ENABLED;
2723
2724                                 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2725                                         if ((long) (bcc_ptr) % 2) {
2726                                                 remaining_words =
2727                                                     (BCC(smb_buffer_response)
2728                                                      - 1) / 2;
2729                                          /* Must word align unicode strings */
2730                                                 bcc_ptr++;
2731                                         } else {
2732                                                 remaining_words =
2733                                                     BCC
2734                                                     (smb_buffer_response) / 2;
2735                                         }
2736                                         len =
2737                                             UniStrnlen((wchar_t *) bcc_ptr,
2738                                                        remaining_words - 1);
2739 /* We look for obvious messed up bcc or strings in response so we do not go off
2740    the end since (at least) WIN2K and Windows XP have a major bug in not null
2741    terminating last Unicode string in response  */
2742                                         if (ses->serverOS)
2743                                                 kfree(ses->serverOS);
2744                                         ses->serverOS =
2745                                             kzalloc(2 * (len + 1), GFP_KERNEL);
2746                                         cifs_strfromUCS_le(ses->serverOS,
2747                                                            (__le16 *)
2748                                                            bcc_ptr, len,
2749                                                            nls_codepage);
2750                                         bcc_ptr += 2 * (len + 1);
2751                                         remaining_words -= len + 1;
2752                                         ses->serverOS[2 * len] = 0;
2753                                         ses->serverOS[1 + (2 * len)] = 0;
2754                                         if (remaining_words > 0) {
2755                                                 len = UniStrnlen((wchar_t *)
2756                                                                  bcc_ptr,
2757                                                                  remaining_words
2758                                                                  - 1);
2759                                                 kfree(ses->serverNOS);
2760                                                 ses->serverNOS =
2761                                                     kzalloc(2 * (len + 1),
2762                                                             GFP_KERNEL);
2763                                                 cifs_strfromUCS_le(ses->
2764                                                                    serverNOS,
2765                                                                    (__le16 *)
2766                                                                    bcc_ptr,
2767                                                                    len,
2768                                                                    nls_codepage);
2769                                                 bcc_ptr += 2 * (len + 1);
2770                                                 ses->serverNOS[2 * len] = 0;
2771                                                 ses->serverNOS[1 +
2772                                                                (2 * len)] = 0;
2773                                                 remaining_words -= len + 1;
2774                                                 if (remaining_words > 0) {
2775                                                         len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2776                                 /* last string not always null terminated
2777                                    (for e.g. for Windows XP & 2000) */
2778                                                         kfree(ses->serverDomain);
2779                                                         ses->serverDomain =
2780                                                             kzalloc(2 *
2781                                                                     (len +
2782                                                                      1),
2783                                                                     GFP_KERNEL);
2784                                                         cifs_strfromUCS_le
2785                                                             (ses->serverDomain,
2786                                                              (__le16 *)bcc_ptr,
2787                                                              len, nls_codepage);
2788                                                         bcc_ptr +=
2789                                                             2 * (len + 1);
2790                                                         ses->serverDomain[2*len]
2791                                                             = 0;
2792                                                         ses->serverDomain
2793                                                                 [1 + (2 * len)]
2794                                                             = 0;
2795                                                 } /* else no more room so create dummy domain string */
2796                                                 else {
2797                                                         kfree(ses->serverDomain);
2798                                                         ses->serverDomain =
2799                                                             kzalloc(2,
2800                                                                     GFP_KERNEL);
2801                                                 }
2802                                         } else {        /* no room so create dummy domain and NOS string */
2803                                                 kfree(ses->serverDomain);
2804                                                 ses->serverDomain =
2805                                                     kzalloc(2, GFP_KERNEL);
2806                                                 kfree(ses->serverNOS);
2807                                                 ses->serverNOS =
2808                                                     kzalloc(2, GFP_KERNEL);
2809                                         }
2810                                 } else {        /* ASCII */
2811                                         len = strnlen(bcc_ptr, 1024);
2812                                         if (((long) bcc_ptr + len) - (long)
2813                                             pByteArea(smb_buffer_response)
2814                                             <= BCC(smb_buffer_response)) {
2815                                                 if (ses->serverOS)
2816                                                         kfree(ses->serverOS);
2817                                                 ses->serverOS =
2818                                                     kzalloc(len + 1,
2819                                                             GFP_KERNEL);
2820                                                 strncpy(ses->serverOS,
2821                                                         bcc_ptr, len);
2822
2823                                                 bcc_ptr += len;
2824                                                 bcc_ptr[0] = 0; /* null terminate string */
2825                                                 bcc_ptr++;
2826
2827                                                 len = strnlen(bcc_ptr, 1024);
2828                                                 kfree(ses->serverNOS);
2829                                                 ses->serverNOS =
2830                                                     kzalloc(len + 1,
2831                                                             GFP_KERNEL);
2832                                                 strncpy(ses->serverNOS, bcc_ptr, len);
2833                                                 bcc_ptr += len;
2834                                                 bcc_ptr[0] = 0;
2835                                                 bcc_ptr++;
2836
2837                                                 len = strnlen(bcc_ptr, 1024);
2838                                                 kfree(ses->serverDomain);
2839                                                 ses->serverDomain =
2840                                                     kzalloc(len + 1,
2841                                                             GFP_KERNEL);
2842                                                 strncpy(ses->serverDomain,
2843                                                         bcc_ptr, len);
2844                                                 bcc_ptr += len;
2845                                                 bcc_ptr[0] = 0;
2846                                                 bcc_ptr++;
2847                                         } else
2848                                                 cFYI(1,
2849                                                      ("field of length %d "
2850                                                     "extends beyond end of smb",
2851                                                       len));
2852                                 }
2853                         } else {
2854                                 cERROR(1, ("Security Blob Length extends beyond"
2855                                            " end of SMB"));
2856                         }
2857                 } else {
2858                         cERROR(1, ("No session structure passed in."));
2859                 }
2860         } else {
2861                 cERROR(1,
2862                        (" Invalid Word count %d:",
2863                         smb_buffer_response->WordCount));
2864                 rc = -EIO;
2865         }
2866
2867         if (smb_buffer)
2868                 cifs_buf_release(smb_buffer);
2869
2870         return rc;
2871 }
2872 static int
2873 CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2874                 char *ntlm_session_key, int ntlmv2_flag,
2875                 const struct nls_table *nls_codepage)
2876 {
2877         struct smb_hdr *smb_buffer;
2878         struct smb_hdr *smb_buffer_response;
2879         SESSION_SETUP_ANDX *pSMB;
2880         SESSION_SETUP_ANDX *pSMBr;
2881         char *bcc_ptr;
2882         char *user;
2883         char *domain;
2884         int rc = 0;
2885         int remaining_words = 0;
2886         int bytes_returned = 0;
2887         int len;
2888         int SecurityBlobLength = sizeof (AUTHENTICATE_MESSAGE);
2889         PAUTHENTICATE_MESSAGE SecurityBlob;
2890         __u32 negotiate_flags, capabilities;
2891         __u16 count;
2892
2893         cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
2894         if (ses == NULL)
2895                 return -EINVAL;
2896         user = ses->userName;
2897         domain = ses->domainName;
2898         smb_buffer = cifs_buf_get();
2899         if (smb_buffer == NULL) {
2900                 return -ENOMEM;
2901         }
2902         smb_buffer_response = smb_buffer;
2903         pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2904         pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2905
2906         /* send SMBsessionSetup here */
2907         header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2908                         NULL /* no tCon exists yet */ , 12 /* wct */ );
2909
2910         smb_buffer->Mid = GetNextMid(ses->server);
2911         pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2912         pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2913         pSMB->req.AndXCommand = 0xFF;
2914         pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2915         pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2916
2917         pSMB->req.hdr.Uid = ses->Suid;
2918
2919         if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2920                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2921
2922         capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2923             CAP_EXTENDED_SECURITY;
2924         if (ses->capabilities & CAP_UNICODE) {
2925                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2926                 capabilities |= CAP_UNICODE;
2927         }
2928         if (ses->capabilities & CAP_STATUS32) {
2929                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2930                 capabilities |= CAP_STATUS32;
2931         }
2932         if (ses->capabilities & CAP_DFS) {
2933                 smb_buffer->Flags2 |= SMBFLG2_DFS;
2934                 capabilities |= CAP_DFS;
2935         }
2936         pSMB->req.Capabilities = cpu_to_le32(capabilities);
2937
2938         bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2939         SecurityBlob = (PAUTHENTICATE_MESSAGE) bcc_ptr;
2940         strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2941         SecurityBlob->MessageType = NtLmAuthenticate;
2942         bcc_ptr += SecurityBlobLength;
2943         negotiate_flags =
2944             NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
2945             NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
2946             0x80000000 | NTLMSSP_NEGOTIATE_128;
2947         if (sign_CIFS_PDUs)
2948                 negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
2949         if (ntlmv2_flag)
2950                 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
2951
2952 /* setup pointers to domain name and workstation name */
2953
2954         SecurityBlob->WorkstationName.Buffer = 0;
2955         SecurityBlob->WorkstationName.Length = 0;
2956         SecurityBlob->WorkstationName.MaximumLength = 0;
2957         SecurityBlob->SessionKey.Length = 0;
2958         SecurityBlob->SessionKey.MaximumLength = 0;
2959         SecurityBlob->SessionKey.Buffer = 0;
2960
2961         SecurityBlob->LmChallengeResponse.Length = 0;
2962         SecurityBlob->LmChallengeResponse.MaximumLength = 0;
2963         SecurityBlob->LmChallengeResponse.Buffer = 0;
2964
2965         SecurityBlob->NtChallengeResponse.Length =
2966             cpu_to_le16(CIFS_SESS_KEY_SIZE);
2967         SecurityBlob->NtChallengeResponse.MaximumLength =
2968             cpu_to_le16(CIFS_SESS_KEY_SIZE);
2969         memcpy(bcc_ptr, ntlm_session_key, CIFS_SESS_KEY_SIZE);
2970         SecurityBlob->NtChallengeResponse.Buffer =
2971             cpu_to_le32(SecurityBlobLength);
2972         SecurityBlobLength += CIFS_SESS_KEY_SIZE;
2973         bcc_ptr += CIFS_SESS_KEY_SIZE;
2974
2975         if (ses->capabilities & CAP_UNICODE) {
2976                 if (domain == NULL) {
2977                         SecurityBlob->DomainName.Buffer = 0;
2978                         SecurityBlob->DomainName.Length = 0;
2979                         SecurityBlob->DomainName.MaximumLength = 0;
2980                 } else {
2981                         __u16 len =
2982                             cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2983                                           nls_codepage);
2984                         len *= 2;
2985                         SecurityBlob->DomainName.MaximumLength =
2986                             cpu_to_le16(len);
2987                         SecurityBlob->DomainName.Buffer =
2988                             cpu_to_le32(SecurityBlobLength);
2989                         bcc_ptr += len;
2990                         SecurityBlobLength += len;
2991                         SecurityBlob->DomainName.Length =
2992                             cpu_to_le16(len);
2993                 }
2994                 if (user == NULL) {
2995                         SecurityBlob->UserName.Buffer = 0;
2996                         SecurityBlob->UserName.Length = 0;
2997                         SecurityBlob->UserName.MaximumLength = 0;
2998                 } else {
2999                         __u16 len =
3000                             cifs_strtoUCS((__le16 *) bcc_ptr, user, 64,
3001                                           nls_codepage);
3002                         len *= 2;
3003                         SecurityBlob->UserName.MaximumLength =
3004                             cpu_to_le16(len);
3005                         SecurityBlob->UserName.Buffer =
3006                             cpu_to_le32(SecurityBlobLength);
3007                         bcc_ptr += len;
3008                         SecurityBlobLength += len;
3009                         SecurityBlob->UserName.Length =
3010                             cpu_to_le16(len);
3011                 }
3012
3013                 /* SecurityBlob->WorkstationName.Length =
3014                  cifs_strtoUCS((__le16 *) bcc_ptr, "AMACHINE",64, nls_codepage);
3015                    SecurityBlob->WorkstationName.Length *= 2;
3016                    SecurityBlob->WorkstationName.MaximumLength =
3017                         cpu_to_le16(SecurityBlob->WorkstationName.Length);
3018                    SecurityBlob->WorkstationName.Buffer =
3019                                  cpu_to_le32(SecurityBlobLength);
3020                    bcc_ptr += SecurityBlob->WorkstationName.Length;
3021                    SecurityBlobLength += SecurityBlob->WorkstationName.Length;
3022                    SecurityBlob->WorkstationName.Length =
3023                         cpu_to_le16(SecurityBlob->WorkstationName.Length);  */
3024
3025                 if ((long) bcc_ptr % 2) {
3026                         *bcc_ptr = 0;
3027                         bcc_ptr++;
3028                 }
3029                 bytes_returned =
3030                     cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
3031                                   32, nls_codepage);
3032                 bcc_ptr += 2 * bytes_returned;
3033                 bytes_returned =
3034                     cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
3035                                   nls_codepage);
3036                 bcc_ptr += 2 * bytes_returned;
3037                 bcc_ptr += 2;   /* null term version string */
3038                 bytes_returned =
3039                     cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
3040                                   64, nls_codepage);
3041                 bcc_ptr += 2 * bytes_returned;
3042                 *(bcc_ptr + 1) = 0;
3043                 *(bcc_ptr + 2) = 0;
3044                 bcc_ptr += 2;   /* null terminate network opsys string */
3045                 *(bcc_ptr + 1) = 0;
3046                 *(bcc_ptr + 2) = 0;
3047                 bcc_ptr += 2;   /* null domain */
3048         } else {                /* ASCII */
3049                 if (domain == NULL) {
3050                         SecurityBlob->DomainName.Buffer = 0;
3051                         SecurityBlob->DomainName.Length = 0;
3052                         SecurityBlob->DomainName.MaximumLength = 0;
3053                 } else {
3054                         __u16 len;
3055                         negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
3056                         strncpy(bcc_ptr, domain, 63);
3057                         len = strnlen(domain, 64);
3058                         SecurityBlob->DomainName.MaximumLength =
3059                             cpu_to_le16(len);
3060                         SecurityBlob->DomainName.Buffer =
3061                             cpu_to_le32(SecurityBlobLength);
3062                         bcc_ptr += len;
3063                         SecurityBlobLength += len;
3064                         SecurityBlob->DomainName.Length = cpu_to_le16(len);
3065                 }
3066                 if (user == NULL) {
3067                         SecurityBlob->UserName.Buffer = 0;
3068                         SecurityBlob->UserName.Length = 0;
3069                         SecurityBlob->UserName.MaximumLength = 0;
3070                 } else {
3071                         __u16 len;
3072                         strncpy(bcc_ptr, user, 63);
3073                         len = strnlen(user, 64);
3074                         SecurityBlob->UserName.MaximumLength =
3075                             cpu_to_le16(len);
3076                         SecurityBlob->UserName.Buffer =
3077                             cpu_to_le32(SecurityBlobLength);
3078                         bcc_ptr += len;
3079                         SecurityBlobLength += len;
3080                         SecurityBlob->UserName.Length = cpu_to_le16(len);
3081                 }
3082                 /* BB fill in our workstation name if known BB */
3083
3084                 strcpy(bcc_ptr, "Linux version ");
3085                 bcc_ptr += strlen("Linux version ");
3086                 strcpy(bcc_ptr, utsname()->release);
3087                 bcc_ptr += strlen(utsname()->release) + 1;
3088                 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
3089                 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
3090                 bcc_ptr++;      /* null domain */
3091                 *bcc_ptr = 0;
3092         }
3093         SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
3094         pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
3095         count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
3096         smb_buffer->smb_buf_length += count;
3097         pSMB->req.ByteCount = cpu_to_le16(count);
3098
3099         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
3100                          &bytes_returned, 1);
3101         if (rc) {
3102 /*    rc = map_smb_to_linux_error(smb_buffer_response);  *//* done in SendReceive now */
3103         } else if ((smb_buffer_response->WordCount == 3)
3104                    || (smb_buffer_response->WordCount == 4)) {
3105                 __u16 action = le16_to_cpu(pSMBr->resp.Action);
3106                 __u16 blob_len =
3107                     le16_to_cpu(pSMBr->resp.SecurityBlobLength);
3108                 if (action & GUEST_LOGIN)
3109                         cFYI(1, (" Guest login")); /* BB Should we set anything
3110                                                          in SesInfo struct ? */
3111 /*              if (SecurityBlob2->MessageType != NtLm??) {
3112                         cFYI("Unexpected message type on auth response is %d"));
3113                 } */
3114
3115                 if (ses) {
3116                         cFYI(1,
3117                              ("Check challenge UID %d vs auth response UID %d",
3118                               ses->Suid, smb_buffer_response->Uid));
3119                         /* UID left in wire format */
3120                         ses->Suid = smb_buffer_response->Uid;
3121                         bcc_ptr = pByteArea(smb_buffer_response);
3122                 /* response can have either 3 or 4 word count - Samba sends 3 */
3123                         if ((pSMBr->resp.hdr.WordCount == 3)
3124                             || ((pSMBr->resp.hdr.WordCount == 4)
3125                                 && (blob_len <
3126                                     pSMBr->resp.ByteCount))) {
3127                                 if (pSMBr->resp.hdr.WordCount == 4) {
3128                                         bcc_ptr +=
3129                                             blob_len;
3130                                         cFYI(1,
3131                                              ("Security Blob Length %d ",
3132                                               blob_len));
3133                                 }
3134
3135                                 cFYI(1,
3136                                      ("NTLMSSP response to Authenticate "));
3137
3138                                 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3139                                         if ((long) (bcc_ptr) % 2) {
3140                                                 remaining_words =
3141                                                     (BCC(smb_buffer_response)
3142                                                      - 1) / 2;
3143                                                 bcc_ptr++;      /* Unicode strings must be word aligned */
3144                                         } else {
3145                                                 remaining_words = BCC(smb_buffer_response) / 2;
3146                                         }
3147                                         len =
3148                                             UniStrnlen((wchar_t *) bcc_ptr,remaining_words - 1);
3149 /* We look for obvious messed up bcc or strings in response so we do not go off
3150   the end since (at least) WIN2K and Windows XP have a major bug in not null
3151   terminating last Unicode string in response  */
3152                                         if (ses->serverOS)
3153                                                 kfree(ses->serverOS);
3154                                         ses->serverOS =
3155                                             kzalloc(2 * (len + 1), GFP_KERNEL);
3156                                         cifs_strfromUCS_le(ses->serverOS,
3157                                                            (__le16 *)
3158                                                            bcc_ptr, len,
3159                                                            nls_codepage);
3160                                         bcc_ptr += 2 * (len + 1);
3161                                         remaining_words -= len + 1;
3162                                         ses->serverOS[2 * len] = 0;
3163                                         ses->serverOS[1 + (2 * len)] = 0;
3164                                         if (remaining_words > 0) {
3165                                                 len = UniStrnlen((wchar_t *)
3166                                                                  bcc_ptr,
3167                                                                  remaining_words
3168                                                                  - 1);
3169                                                 kfree(ses->serverNOS);
3170                                                 ses->serverNOS =
3171                                                     kzalloc(2 * (len + 1),
3172                                                             GFP_KERNEL);
3173                                                 cifs_strfromUCS_le(ses->
3174                                                                    serverNOS,
3175                                                                    (__le16 *)
3176                                                                    bcc_ptr,
3177                                                                    len,
3178                                                                    nls_codepage);
3179                                                 bcc_ptr += 2 * (len + 1);
3180                                                 ses->serverNOS[2 * len] = 0;
3181                                                 ses->serverNOS[1+(2*len)] = 0;
3182                                                 remaining_words -= len + 1;
3183                                                 if (remaining_words > 0) {
3184                                                         len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
3185      /* last string not always null terminated (e.g. for Windows XP & 2000) */
3186                                                         if (ses->serverDomain)
3187                                                                 kfree(ses->serverDomain);
3188                                                         ses->serverDomain =
3189                                                             kzalloc(2 *
3190                                                                     (len +
3191                                                                      1),
3192                                                                     GFP_KERNEL);
3193                                                         cifs_strfromUCS_le
3194                                                             (ses->
3195                                                              serverDomain,
3196                                                              (__le16 *)
3197                                                              bcc_ptr, len,
3198                                                              nls_codepage);
3199                                                         bcc_ptr +=
3200                                                             2 * (len + 1);
3201                                                         ses->
3202                                                             serverDomain[2
3203                                                                          * len]
3204                                                             = 0;
3205                                                         ses->
3206                                                             serverDomain[1
3207                                                                          +
3208                                                                          (2
3209                                                                           *
3210                                                                           len)]
3211                                                             = 0;
3212                                                 } /* else no more room so create dummy domain string */
3213                                                 else {
3214                                                         if (ses->serverDomain)
3215                                                                 kfree(ses->serverDomain);
3216                                                         ses->serverDomain = kzalloc(2,GFP_KERNEL);
3217                                                 }
3218                                         } else {  /* no room so create dummy domain and NOS string */
3219                                                 if (ses->serverDomain)
3220                                                         kfree(ses->serverDomain);
3221                                                 ses->serverDomain = kzalloc(2, GFP_KERNEL);
3222                                                 kfree(ses->serverNOS);
3223                                                 ses->serverNOS = kzalloc(2, GFP_KERNEL);
3224                                         }
3225                                 } else {        /* ASCII */
3226                                         len = strnlen(bcc_ptr, 1024);
3227                                         if (((long) bcc_ptr + len) -
3228                                            (long) pByteArea(smb_buffer_response)
3229                                                 <= BCC(smb_buffer_response)) {
3230                                                 if (ses->serverOS)
3231                                                         kfree(ses->serverOS);
3232                                                 ses->serverOS = kzalloc(len + 1,GFP_KERNEL);
3233                                                 strncpy(ses->serverOS,bcc_ptr, len);
3234
3235                                                 bcc_ptr += len;
3236                                                 bcc_ptr[0] = 0; /* null terminate the string */
3237                                                 bcc_ptr++;
3238
3239                                                 len = strnlen(bcc_ptr, 1024);
3240                                                 kfree(ses->serverNOS);
3241                                                 ses->serverNOS = kzalloc(len+1,
3242                                                                     GFP_KERNEL);
3243                                                 strncpy(ses->serverNOS,
3244                                                         bcc_ptr, len);
3245                                                 bcc_ptr += len;
3246                                                 bcc_ptr[0] = 0;
3247                                                 bcc_ptr++;
3248
3249                                                 len = strnlen(bcc_ptr, 1024);
3250                                                 if (ses->serverDomain)
3251                                                         kfree(ses->serverDomain);
3252                                                 ses->serverDomain =
3253                                                                 kzalloc(len+1,
3254                                                                     GFP_KERNEL);
3255                                                 strncpy(ses->serverDomain,
3256                                                         bcc_ptr, len);
3257                                                 bcc_ptr += len;
3258                                                 bcc_ptr[0] = 0;
3259                                                 bcc_ptr++;
3260                                         } else
3261                                                 cFYI(1,
3262                                                      ("field of length %d "
3263                                                    "extends beyond end of smb ",
3264                                                       len));
3265                                 }
3266                         } else {
3267                                 cERROR(1,
3268                                        (" Security Blob extends beyond end "
3269                                         "of SMB"));
3270                         }
3271                 } else {
3272                         cERROR(1, ("No session structure passed in."));
3273                 }
3274         } else {
3275                 cERROR(1,
3276                        (" Invalid Word count %d: ",
3277                         smb_buffer_response->WordCount));
3278                 rc = -EIO;
3279         }
3280
3281         if (smb_buffer)
3282                 cifs_buf_release(smb_buffer);
3283
3284         return rc;
3285 }
3286
3287 int
3288 CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3289          const char *tree, struct cifsTconInfo *tcon,
3290          const struct nls_table *nls_codepage)
3291 {
3292         struct smb_hdr *smb_buffer;
3293         struct smb_hdr *smb_buffer_response;
3294         TCONX_REQ *pSMB;
3295         TCONX_RSP *pSMBr;
3296         unsigned char *bcc_ptr;
3297         int rc = 0;
3298         int length;
3299         __u16 count;
3300
3301         if (ses == NULL)
3302                 return -EIO;
3303
3304         smb_buffer = cifs_buf_get();
3305         if (smb_buffer == NULL) {
3306                 return -ENOMEM;
3307         }
3308         smb_buffer_response = smb_buffer;
3309
3310         header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3311                         NULL /*no tid */ , 4 /*wct */ );
3312
3313         smb_buffer->Mid = GetNextMid(ses->server);
3314         smb_buffer->Uid = ses->Suid;
3315         pSMB = (TCONX_REQ *) smb_buffer;
3316         pSMBr = (TCONX_RSP *) smb_buffer_response;
3317
3318         pSMB->AndXCommand = 0xFF;
3319         pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
3320         bcc_ptr = &pSMB->Password[0];
3321         if ((ses->server->secMode) & SECMODE_USER) {
3322                 pSMB->PasswordLength = cpu_to_le16(1);  /* minimum */
3323                 *bcc_ptr = 0; /* password is null byte */
3324                 bcc_ptr++;              /* skip password */
3325                 /* already aligned so no need to do it below */
3326         } else {
3327                 pSMB->PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);
3328                 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3329                    specified as required (when that support is added to
3330                    the vfs in the future) as only NTLM or the much
3331                    weaker LANMAN (which we do not send by default) is accepted
3332                    by Samba (not sure whether other servers allow
3333                    NTLMv2 password here) */
3334 #ifdef CONFIG_CIFS_WEAK_PW_HASH
3335                 if ((extended_security & CIFSSEC_MAY_LANMAN) &&
3336                         (ses->server->secType == LANMAN))
3337                         calc_lanman_hash(ses, bcc_ptr);
3338                 else
3339 #endif /* CIFS_WEAK_PW_HASH */
3340                 SMBNTencrypt(ses->password,
3341                              ses->server->cryptKey,
3342                              bcc_ptr);
3343
3344                 bcc_ptr += CIFS_SESS_KEY_SIZE;
3345                 if (ses->capabilities & CAP_UNICODE) {
3346                         /* must align unicode strings */
3347                         *bcc_ptr = 0; /* null byte password */
3348                         bcc_ptr++;
3349                 }
3350         }
3351
3352         if (ses->server->secMode &
3353                         (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3354                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3355
3356         if (ses->capabilities & CAP_STATUS32) {
3357                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3358         }
3359         if (ses->capabilities & CAP_DFS) {
3360                 smb_buffer->Flags2 |= SMBFLG2_DFS;
3361         }
3362         if (ses->capabilities & CAP_UNICODE) {
3363                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3364                 length =
3365                     cifs_strtoUCS((__le16 *) bcc_ptr, tree,
3366                         6 /* max utf8 char length in bytes */ *
3367                         (/* server len*/ + 256 /* share len */), nls_codepage);
3368                 bcc_ptr += 2 * length;  /* convert num 16 bit words to bytes */
3369                 bcc_ptr += 2;   /* skip trailing null */
3370         } else {                /* ASCII */
3371                 strcpy(bcc_ptr, tree);
3372                 bcc_ptr += strlen(tree) + 1;
3373         }
3374         strcpy(bcc_ptr, "?????");
3375         bcc_ptr += strlen("?????");
3376         bcc_ptr += 1;
3377         count = bcc_ptr - &pSMB->Password[0];
3378         pSMB->hdr.smb_buf_length += count;
3379         pSMB->ByteCount = cpu_to_le16(count);
3380
3381         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length, 0);
3382
3383         /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3384         /* above now done in SendReceive */
3385         if ((rc == 0) && (tcon != NULL)) {
3386                 tcon->tidStatus = CifsGood;
3387                 tcon->tid = smb_buffer_response->Tid;
3388                 bcc_ptr = pByteArea(smb_buffer_response);
3389                 length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2);
3390                 /* skip service field (NB: this field is always ASCII) */
3391                 bcc_ptr += length + 1;
3392                 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3393                 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3394                         length = UniStrnlen((wchar_t *) bcc_ptr, 512);
3395                         if ((bcc_ptr + (2 * length)) -
3396                              pByteArea(smb_buffer_response) <=
3397                             BCC(smb_buffer_response)) {
3398                                 kfree(tcon->nativeFileSystem);
3399                                 tcon->nativeFileSystem =
3400                                     kzalloc(length + 2, GFP_KERNEL);
3401                                 cifs_strfromUCS_le(tcon->nativeFileSystem,
3402                                                    (__le16 *) bcc_ptr,
3403                                                    length, nls_codepage);
3404                                 bcc_ptr += 2 * length;
3405                                 bcc_ptr[0] = 0; /* null terminate the string */
3406                                 bcc_ptr[1] = 0;
3407                                 bcc_ptr += 2;
3408                         }
3409                         /* else do not bother copying these information fields*/
3410                 } else {
3411                         length = strnlen(bcc_ptr, 1024);
3412                         if ((bcc_ptr + length) -
3413                             pByteArea(smb_buffer_response) <=
3414                             BCC(smb_buffer_response)) {
3415                                 kfree(tcon->nativeFileSystem);
3416                                 tcon->nativeFileSystem =
3417                                     kzalloc(length + 1, GFP_KERNEL);
3418                                 strncpy(tcon->nativeFileSystem, bcc_ptr,
3419                                         length);
3420                         }
3421                         /* else do not bother copying these information fields*/
3422                 }
3423                 if ((smb_buffer_response->WordCount == 3) ||
3424                          (smb_buffer_response->WordCount == 7))
3425                         /* field is in same location */
3426                         tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3427                 else
3428                         tcon->Flags = 0;
3429                 cFYI(1, ("Tcon flags: 0x%x ", tcon->Flags));
3430         } else if ((rc == 0) && tcon == NULL) {
3431                 /* all we need to save for IPC$ connection */
3432                 ses->ipc_tid = smb_buffer_response->Tid;
3433         }
3434
3435         if (smb_buffer)
3436                 cifs_buf_release(smb_buffer);
3437         return rc;
3438 }
3439
3440 int
3441 cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3442 {
3443         int rc = 0;
3444         int xid;
3445         struct cifsSesInfo *ses = NULL;
3446         struct task_struct *cifsd_task;
3447         char *tmp;
3448
3449         xid = GetXid();
3450
3451         if (cifs_sb->tcon) {
3452                 ses = cifs_sb->tcon->ses; /* save ptr to ses before delete tcon!*/
3453                 rc = CIFSSMBTDis(xid, cifs_sb->tcon);
3454                 if (rc == -EBUSY) {
3455                         FreeXid(xid);
3456                         return 0;
3457                 }
3458                 tconInfoFree(cifs_sb->tcon);
3459                 if ((ses) && (ses->server)) {
3460                         /* save off task so we do not refer to ses later */
3461                         cifsd_task = ses->server->tsk;
3462                         cFYI(1, ("About to do SMBLogoff "));
3463                         rc = CIFSSMBLogoff(xid, ses);
3464                         if (rc == -EBUSY) {
3465                                 FreeXid(xid);
3466                                 return 0;
3467                         } else if (rc == -ESHUTDOWN) {
3468                                 cFYI(1, ("Waking up socket by sending signal"));
3469                                 if (cifsd_task) {
3470                                         force_sig(SIGKILL, cifsd_task);
3471                                         kthread_stop(cifsd_task);
3472                                 }
3473                                 rc = 0;
3474                         } /* else - we have an smb session
3475                                 left on this socket do not kill cifsd */
3476                 } else
3477                         cFYI(1, ("No session or bad tcon"));
3478         }
3479
3480         cifs_sb->tcon = NULL;
3481         tmp = cifs_sb->prepath;
3482         cifs_sb->prepathlen = 0;
3483         cifs_sb->prepath = NULL;
3484         kfree(tmp);
3485         if (ses)
3486                 schedule_timeout_interruptible(msecs_to_jiffies(500));
3487         if (ses)
3488                 sesInfoFree(ses);
3489
3490         FreeXid(xid);
3491         return rc;      /* BB check if we should always return zero here */
3492 }
3493
3494 int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
3495                                            struct nls_table *nls_info)
3496 {
3497         int rc = 0;
3498         char ntlm_session_key[CIFS_SESS_KEY_SIZE];
3499         int ntlmv2_flag = FALSE;
3500         int first_time = 0;
3501
3502         /* what if server changes its buffer size after dropping the session? */
3503         if (pSesInfo->server->maxBuf == 0) /* no need to send on reconnect */ {
3504                 rc = CIFSSMBNegotiate(xid, pSesInfo);
3505                 if (rc == -EAGAIN) /* retry only once on 1st time connection */ {
3506                         rc = CIFSSMBNegotiate(xid, pSesInfo);
3507                         if (rc == -EAGAIN)
3508                                 rc = -EHOSTDOWN;
3509                 }
3510                 if (rc == 0) {
3511                         spin_lock(&GlobalMid_Lock);
3512                         if (pSesInfo->server->tcpStatus != CifsExiting)
3513                                 pSesInfo->server->tcpStatus = CifsGood;
3514                         else
3515                                 rc = -EHOSTDOWN;
3516                         spin_unlock(&GlobalMid_Lock);
3517
3518                 }
3519                 first_time = 1;
3520         }
3521         if (!rc) {
3522                 pSesInfo->flags = 0;
3523                 pSesInfo->capabilities = pSesInfo->server->capabilities;
3524                 if (linuxExtEnabled == 0)
3525                         pSesInfo->capabilities &= (~CAP_UNIX);
3526         /*      pSesInfo->sequence_number = 0;*/
3527                 cFYI(1,
3528                       ("Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d",
3529                         pSesInfo->server->secMode,
3530                         pSesInfo->server->capabilities,
3531                         pSesInfo->server->timeAdj));
3532                 if (experimEnabled < 2)
3533                         rc = CIFS_SessSetup(xid, pSesInfo,
3534                                             first_time, nls_info);
3535                 else if (extended_security
3536                                 && (pSesInfo->capabilities
3537                                         & CAP_EXTENDED_SECURITY)
3538                                 && (pSesInfo->server->secType == NTLMSSP)) {
3539                         rc = -EOPNOTSUPP;
3540                 } else if (extended_security
3541                            && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3542                            && (pSesInfo->server->secType == RawNTLMSSP)) {
3543                         cFYI(1, ("NTLMSSP sesssetup"));
3544                         rc = CIFSNTLMSSPNegotiateSessSetup(xid,
3545                                                 pSesInfo,
3546                                                 &ntlmv2_flag,
3547                                                 nls_info);
3548                         if (!rc) {
3549                                 if (ntlmv2_flag) {
3550                                         char *v2_response;
3551                                         cFYI(1, ("more secure NTLM ver2 hash"));
3552                                         if (CalcNTLMv2_partial_mac_key(pSesInfo,
3553                                                 nls_info)) {
3554                                                 rc = -ENOMEM;
3555                                                 goto ss_err_exit;
3556                                         } else
3557                                                 v2_response = kmalloc(16 + 64 /* blob */, GFP_KERNEL);
3558                                         if (v2_response) {
3559                                                 CalcNTLMv2_response(pSesInfo,
3560                                                                    v2_response);
3561                                 /*              if (first_time)
3562                                                   cifs_calculate_ntlmv2_mac_key(
3563                                                    pSesInfo->server->mac_signing_key,
3564                                                    response, ntlm_session_key,*/
3565                                                 kfree(v2_response);
3566                                         /* BB Put dummy sig in SessSetup PDU? */
3567                                         } else {
3568                                                 rc = -ENOMEM;
3569                                                 goto ss_err_exit;
3570                                         }
3571
3572                                 } else {
3573                                         SMBNTencrypt(pSesInfo->password,
3574                                                 pSesInfo->server->cryptKey,
3575                                                 ntlm_session_key);
3576
3577                                         if (first_time)
3578                                                 cifs_calculate_mac_key(
3579                                                         &pSesInfo->server->mac_signing_key,
3580                                                         ntlm_session_key,
3581                                                         pSesInfo->password);
3582                                 }
3583                         /* for better security the weaker lanman hash not sent
3584                            in AuthSessSetup so we no longer calculate it */
3585
3586                                 rc = CIFSNTLMSSPAuthSessSetup(xid,
3587                                         pSesInfo,
3588                                         ntlm_session_key,
3589                                         ntlmv2_flag,
3590                                         nls_info);
3591                         }
3592                 } else { /* old style NTLM 0.12 session setup */
3593                         SMBNTencrypt(pSesInfo->password,
3594                                 pSesInfo->server->cryptKey,
3595                                 ntlm_session_key);
3596
3597                         if (first_time)
3598                                 cifs_calculate_mac_key(
3599                                         &pSesInfo->server->mac_signing_key,
3600                                         ntlm_session_key, pSesInfo->password);
3601
3602                         rc = CIFSSessSetup(xid, pSesInfo,
3603                                 ntlm_session_key, nls_info);
3604                 }
3605                 if (rc) {
3606                         cERROR(1, ("Send error in SessSetup = %d", rc));
3607                 } else {
3608                         cFYI(1, ("CIFS Session Established successfully"));
3609                         pSesInfo->status = CifsGood;
3610                 }
3611         }
3612 ss_err_exit:
3613         return rc;
3614 }
3615