Merge git://git.kernel.org/pub/scm/linux/kernel/git/brodo/pcmcia-fixes-2.6
[linux-2.6] / fs / cifs / connect.c
1 /*
2  *   fs/cifs/connect.c
3  *
4  *   Copyright (C) International Business Machines  Corp., 2002,2006
5  *   Author(s): Steve French (sfrench@us.ibm.com)
6  *
7  *   This library is free software; you can redistribute it and/or modify
8  *   it under the terms of the GNU Lesser General Public License as published
9  *   by the Free Software Foundation; either version 2.1 of the License, or
10  *   (at your option) any later version.
11  *
12  *   This library is distributed in the hope that it will be useful,
13  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
14  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
15  *   the GNU Lesser General Public License for more details.
16  *
17  *   You should have received a copy of the GNU Lesser General Public License
18  *   along with this library; if not, write to the Free Software
19  *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 
20  */
21 #include <linux/fs.h>
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/ipv6.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/pagevec.h>
34 #include <asm/uaccess.h>
35 #include <asm/processor.h>
36 #include "cifspdu.h"
37 #include "cifsglob.h"
38 #include "cifsproto.h"
39 #include "cifs_unicode.h"
40 #include "cifs_debug.h"
41 #include "cifs_fs_sb.h"
42 #include "ntlmssp.h"
43 #include "nterr.h"
44 #include "rfc1002pdu.h"
45 #include "cn_cifs.h"
46
47 #define CIFS_PORT 445
48 #define RFC1001_PORT 139
49
50 static DECLARE_COMPLETION(cifsd_complete);
51
52 extern void SMBencrypt(unsigned char *passwd, unsigned char *c8,
53                        unsigned char *p24);
54 extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
55                          unsigned char *p24);
56
57 extern mempool_t *cifs_req_poolp;
58
59 struct smb_vol {
60         char *username;
61         char *password;
62         char *domainname;
63         char *UNC;
64         char *UNCip;
65         char *in6_addr;  /* ipv6 address as human readable form of in6_addr */
66         char *iocharset;  /* local code page for mapping to and from Unicode */
67         char source_rfc1001_name[16]; /* netbios name of client */
68         char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
69         uid_t linux_uid;
70         gid_t linux_gid;
71         mode_t file_mode;
72         mode_t dir_mode;
73         unsigned rw:1;
74         unsigned retry:1;
75         unsigned intr:1;
76         unsigned setuids:1;
77         unsigned noperm:1;
78         unsigned no_psx_acl:1; /* set if posix acl support should be disabled */
79         unsigned cifs_acl:1;
80         unsigned no_xattr:1;   /* set if xattr (EA) support should be disabled*/
81         unsigned server_ino:1; /* use inode numbers from server ie UniqueId */
82         unsigned direct_io:1;
83         unsigned remap:1;   /* set to remap seven reserved chars in filenames */
84         unsigned posix_paths:1;   /* unset to not ask for posix pathnames. */
85         unsigned sfu_emul:1;
86         unsigned krb5:1;
87         unsigned ntlm:1;
88         unsigned ntlmv2:1;
89         unsigned nullauth:1; /* attempt to authenticate with null user */
90         unsigned sign:1;
91         unsigned seal:1;     /* encrypt */
92         unsigned nocase;     /* request case insensitive filenames */
93         unsigned nobrl;      /* disable sending byte range locks to srv */
94         unsigned int rsize;
95         unsigned int wsize;
96         unsigned int sockopt;
97         unsigned short int port;
98 };
99
100 static int ipv4_connect(struct sockaddr_in *psin_server, 
101                         struct socket **csocket,
102                         char * netb_name,
103                         char * server_netb_name);
104 static int ipv6_connect(struct sockaddr_in6 *psin_server, 
105                         struct socket **csocket);
106
107
108         /* 
109          * cifs tcp session reconnection
110          * 
111          * mark tcp session as reconnecting so temporarily locked
112          * mark all smb sessions as reconnecting for tcp session
113          * reconnect tcp session
114          * wake up waiters on reconnection? - (not needed currently)
115          */
116
117 int
118 cifs_reconnect(struct TCP_Server_Info *server)
119 {
120         int rc = 0;
121         struct list_head *tmp;
122         struct cifsSesInfo *ses;
123         struct cifsTconInfo *tcon;
124         struct mid_q_entry * mid_entry;
125         
126         spin_lock(&GlobalMid_Lock);
127         if(server->tcpStatus == CifsExiting) {
128                 /* the demux thread will exit normally 
129                 next time through the loop */
130                 spin_unlock(&GlobalMid_Lock);
131                 return rc;
132         } else
133                 server->tcpStatus = CifsNeedReconnect;
134         spin_unlock(&GlobalMid_Lock);
135         server->maxBuf = 0;
136
137         cFYI(1, ("Reconnecting tcp session"));
138
139         /* before reconnecting the tcp session, mark the smb session (uid)
140                 and the tid bad so they are not used until reconnected */
141         read_lock(&GlobalSMBSeslock);
142         list_for_each(tmp, &GlobalSMBSessionList) {
143                 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
144                 if (ses->server) {
145                         if (ses->server == server) {
146                                 ses->status = CifsNeedReconnect;
147                                 ses->ipc_tid = 0;
148                         }
149                 }
150                 /* else tcp and smb sessions need reconnection */
151         }
152         list_for_each(tmp, &GlobalTreeConnectionList) {
153                 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
154                 if((tcon) && (tcon->ses) && (tcon->ses->server == server)) {
155                         tcon->tidStatus = CifsNeedReconnect;
156                 }
157         }
158         read_unlock(&GlobalSMBSeslock);
159         /* do not want to be sending data on a socket we are freeing */
160         down(&server->tcpSem); 
161         if(server->ssocket) {
162                 cFYI(1,("State: 0x%x Flags: 0x%lx", server->ssocket->state,
163                         server->ssocket->flags));
164                 server->ssocket->ops->shutdown(server->ssocket,SEND_SHUTDOWN);
165                 cFYI(1,("Post shutdown state: 0x%x Flags: 0x%lx", server->ssocket->state,
166                         server->ssocket->flags));
167                 sock_release(server->ssocket);
168                 server->ssocket = NULL;
169         }
170
171         spin_lock(&GlobalMid_Lock);
172         list_for_each(tmp, &server->pending_mid_q) {
173                 mid_entry = list_entry(tmp, struct
174                                         mid_q_entry,
175                                         qhead);
176                 if(mid_entry) {
177                         if(mid_entry->midState == MID_REQUEST_SUBMITTED) {
178                                 /* Mark other intransit requests as needing
179                                    retry so we do not immediately mark the
180                                    session bad again (ie after we reconnect
181                                    below) as they timeout too */
182                                 mid_entry->midState = MID_RETRY_NEEDED;
183                         }
184                 }
185         }
186         spin_unlock(&GlobalMid_Lock);
187         up(&server->tcpSem); 
188
189         while ((server->tcpStatus != CifsExiting) && (server->tcpStatus != CifsGood))
190         {
191                 if(server->protocolType == IPV6) {
192                         rc = ipv6_connect(&server->addr.sockAddr6,&server->ssocket);
193                 } else {
194                         rc = ipv4_connect(&server->addr.sockAddr, 
195                                         &server->ssocket,
196                                         server->workstation_RFC1001_name,
197                                         server->server_RFC1001_name);
198                 }
199                 if(rc) {
200                         cFYI(1,("reconnect error %d",rc));
201                         msleep(3000);
202                 } else {
203                         atomic_inc(&tcpSesReconnectCount);
204                         spin_lock(&GlobalMid_Lock);
205                         if(server->tcpStatus != CifsExiting)
206                                 server->tcpStatus = CifsGood;
207                         server->sequence_number = 0;
208                         spin_unlock(&GlobalMid_Lock);                   
209         /*              atomic_set(&server->inFlight,0);*/
210                         wake_up(&server->response_q);
211                 }
212         }
213         return rc;
214 }
215
216 /* 
217         return codes:
218                 0       not a transact2, or all data present
219                 >0      transact2 with that much data missing
220                 -EINVAL = invalid transact2
221
222  */
223 static int check2ndT2(struct smb_hdr * pSMB, unsigned int maxBufSize)
224 {
225         struct smb_t2_rsp * pSMBt;
226         int total_data_size;
227         int data_in_this_rsp;
228         int remaining;
229
230         if(pSMB->Command != SMB_COM_TRANSACTION2)
231                 return 0;
232
233         /* check for plausible wct, bcc and t2 data and parm sizes */
234         /* check for parm and data offset going beyond end of smb */
235         if(pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
236                 cFYI(1,("invalid transact2 word count"));
237                 return -EINVAL;
238         }
239
240         pSMBt = (struct smb_t2_rsp *)pSMB;
241
242         total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
243         data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
244
245         remaining = total_data_size - data_in_this_rsp;
246
247         if(remaining == 0)
248                 return 0;
249         else if(remaining < 0) {
250                 cFYI(1,("total data %d smaller than data in frame %d",
251                         total_data_size, data_in_this_rsp));
252                 return -EINVAL;
253         } else {
254                 cFYI(1,("missing %d bytes from transact2, check next response",
255                         remaining));
256                 if(total_data_size > maxBufSize) {
257                         cERROR(1,("TotalDataSize %d is over maximum buffer %d",
258                                 total_data_size,maxBufSize));
259                         return -EINVAL; 
260                 }
261                 return remaining;
262         }
263 }
264
265 static int coalesce_t2(struct smb_hdr * psecond, struct smb_hdr *pTargetSMB)
266 {
267         struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
268         struct smb_t2_rsp *pSMBt  = (struct smb_t2_rsp *)pTargetSMB;
269         int total_data_size;
270         int total_in_buf;
271         int remaining;
272         int total_in_buf2;
273         char * data_area_of_target;
274         char * data_area_of_buf2;
275         __u16 byte_count;
276
277         total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
278
279         if(total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
280                 cFYI(1,("total data sizes of primary and secondary t2 differ"));
281         }
282
283         total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
284
285         remaining = total_data_size - total_in_buf;
286         
287         if(remaining < 0)
288                 return -EINVAL;
289
290         if(remaining == 0) /* nothing to do, ignore */
291                 return 0;
292         
293         total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
294         if(remaining < total_in_buf2) {
295                 cFYI(1,("transact2 2nd response contains too much data"));
296         }
297
298         /* find end of first SMB data area */
299         data_area_of_target = (char *)&pSMBt->hdr.Protocol + 
300                                 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
301         /* validate target area */
302
303         data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
304                                         le16_to_cpu(pSMB2->t2_rsp.DataOffset);
305
306         data_area_of_target += total_in_buf;
307
308         /* copy second buffer into end of first buffer */
309         memcpy(data_area_of_target,data_area_of_buf2,total_in_buf2);
310         total_in_buf += total_in_buf2;
311         pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
312         byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
313         byte_count += total_in_buf2;
314         BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
315
316         byte_count = pTargetSMB->smb_buf_length;
317         byte_count += total_in_buf2;
318
319         /* BB also add check that we are not beyond maximum buffer size */
320                 
321         pTargetSMB->smb_buf_length = byte_count;
322
323         if(remaining == total_in_buf2) {
324                 cFYI(1,("found the last secondary response"));
325                 return 0; /* we are done */
326         } else /* more responses to go */
327                 return 1;
328
329 }
330
331 static int
332 cifs_demultiplex_thread(struct TCP_Server_Info *server)
333 {
334         int length;
335         unsigned int pdu_length, total_read;
336         struct smb_hdr *smb_buffer = NULL;
337         struct smb_hdr *bigbuf = NULL;
338         struct smb_hdr *smallbuf = NULL;
339         struct msghdr smb_msg;
340         struct kvec iov;
341         struct socket *csocket = server->ssocket;
342         struct list_head *tmp;
343         struct cifsSesInfo *ses;
344         struct task_struct *task_to_wake = NULL;
345         struct mid_q_entry *mid_entry;
346         char temp;
347         int isLargeBuf = FALSE;
348         int isMultiRsp;
349         int reconnect;
350
351         daemonize("cifsd");
352         allow_signal(SIGKILL);
353         current->flags |= PF_MEMALLOC;
354         server->tsk = current;  /* save process info to wake at shutdown */
355         cFYI(1, ("Demultiplex PID: %d", current->pid));
356         write_lock(&GlobalSMBSeslock); 
357         atomic_inc(&tcpSesAllocCount);
358         length = tcpSesAllocCount.counter;
359         write_unlock(&GlobalSMBSeslock);
360         complete(&cifsd_complete);
361         if(length  > 1) {
362                 mempool_resize(cifs_req_poolp,
363                         length + cifs_min_rcv,
364                         GFP_KERNEL);
365         }
366
367         while (server->tcpStatus != CifsExiting) {
368                 if (try_to_freeze())
369                         continue;
370                 if (bigbuf == NULL) {
371                         bigbuf = cifs_buf_get();
372                         if(bigbuf == NULL) {
373                                 cERROR(1,("No memory for large SMB response"));
374                                 msleep(3000);
375                                 /* retry will check if exiting */
376                                 continue;
377                         }
378                 } else if(isLargeBuf) {
379                         /* we are reusing a dirtry large buf, clear its start */
380                         memset(bigbuf, 0, sizeof (struct smb_hdr));
381                 }
382
383                 if (smallbuf == NULL) {
384                         smallbuf = cifs_small_buf_get();
385                         if(smallbuf == NULL) {
386                                 cERROR(1,("No memory for SMB response"));
387                                 msleep(1000);
388                                 /* retry will check if exiting */
389                                 continue;
390                         }
391                         /* beginning of smb buffer is cleared in our buf_get */
392                 } else /* if existing small buf clear beginning */
393                         memset(smallbuf, 0, sizeof (struct smb_hdr));
394
395                 isLargeBuf = FALSE;
396                 isMultiRsp = FALSE;
397                 smb_buffer = smallbuf;
398                 iov.iov_base = smb_buffer;
399                 iov.iov_len = 4;
400                 smb_msg.msg_control = NULL;
401                 smb_msg.msg_controllen = 0;
402                 length =
403                     kernel_recvmsg(csocket, &smb_msg,
404                                  &iov, 1, 4, 0 /* BB see socket.h flags */);
405
406                 if(server->tcpStatus == CifsExiting) {
407                         break;
408                 } else if (server->tcpStatus == CifsNeedReconnect) {
409                         cFYI(1,("Reconnect after server stopped responding"));
410                         cifs_reconnect(server);
411                         cFYI(1,("call to reconnect done"));
412                         csocket = server->ssocket;
413                         continue;
414                 } else if ((length == -ERESTARTSYS) || (length == -EAGAIN)) {
415                         msleep(1); /* minimum sleep to prevent looping
416                                 allowing socket to clear and app threads to set
417                                 tcpStatus CifsNeedReconnect if server hung */
418                         continue;
419                 } else if (length <= 0) {
420                         if(server->tcpStatus == CifsNew) {
421                                 cFYI(1,("tcp session abend after SMBnegprot"));
422                                 /* some servers kill the TCP session rather than
423                                    returning an SMB negprot error, in which
424                                    case reconnecting here is not going to help,
425                                    and so simply return error to mount */
426                                 break;
427                         }
428                         if(length == -EINTR) { 
429                                 cFYI(1,("cifsd thread killed"));
430                                 break;
431                         }
432                         cFYI(1,("Reconnect after unexpected peek error %d",
433                                 length));
434                         cifs_reconnect(server);
435                         csocket = server->ssocket;
436                         wake_up(&server->response_q);
437                         continue;
438                 } else if (length < 4) {
439                         cFYI(1,
440                             ("Frame under four bytes received (%d bytes long)",
441                               length));
442                         cifs_reconnect(server);
443                         csocket = server->ssocket;
444                         wake_up(&server->response_q);
445                         continue;
446                 }
447
448                 /* The right amount was read from socket - 4 bytes */
449                 /* so we can now interpret the length field */
450
451                 /* the first byte big endian of the length field,
452                 is actually not part of the length but the type
453                 with the most common, zero, as regular data */
454                 temp = *((char *) smb_buffer);
455
456                 /* Note that FC 1001 length is big endian on the wire, 
457                 but we convert it here so it is always manipulated
458                 as host byte order */
459                 pdu_length = ntohl(smb_buffer->smb_buf_length);
460                 smb_buffer->smb_buf_length = pdu_length;
461
462                 cFYI(1,("rfc1002 length 0x%x)", pdu_length+4));
463
464                 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
465                         continue; 
466                 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
467                         cFYI(1,("Good RFC 1002 session rsp"));
468                         continue;
469                 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
470                         /* we get this from Windows 98 instead of 
471                            an error on SMB negprot response */
472                         cFYI(1,("Negative RFC1002 Session Response Error 0x%x)",
473                                 pdu_length));
474                         if(server->tcpStatus == CifsNew) {
475                                 /* if nack on negprot (rather than 
476                                 ret of smb negprot error) reconnecting
477                                 not going to help, ret error to mount */
478                                 break;
479                         } else {
480                                 /* give server a second to
481                                 clean up before reconnect attempt */
482                                 msleep(1000);
483                                 /* always try 445 first on reconnect
484                                 since we get NACK on some if we ever
485                                 connected to port 139 (the NACK is 
486                                 since we do not begin with RFC1001
487                                 session initialize frame) */
488                                 server->addr.sockAddr.sin_port = 
489                                         htons(CIFS_PORT);
490                                 cifs_reconnect(server);
491                                 csocket = server->ssocket;
492                                 wake_up(&server->response_q);
493                                 continue;
494                         }
495                 } else if (temp != (char) 0) {
496                         cERROR(1,("Unknown RFC 1002 frame"));
497                         cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
498                                       length);
499                         cifs_reconnect(server);
500                         csocket = server->ssocket;
501                         continue;
502                 }
503
504                 /* else we have an SMB response */
505                 if((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
506                             (pdu_length < sizeof (struct smb_hdr) - 1 - 4)) {
507                         cERROR(1, ("Invalid size SMB length %d pdu_length %d",
508                                         length, pdu_length+4));
509                         cifs_reconnect(server);
510                         csocket = server->ssocket;
511                         wake_up(&server->response_q);
512                         continue;
513                 } 
514
515                 /* else length ok */
516                 reconnect = 0;
517
518                 if(pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
519                         isLargeBuf = TRUE;
520                         memcpy(bigbuf, smallbuf, 4);
521                         smb_buffer = bigbuf;
522                 }
523                 length = 0;
524                 iov.iov_base = 4 + (char *)smb_buffer;
525                 iov.iov_len = pdu_length;
526                 for (total_read = 0; total_read < pdu_length; 
527                      total_read += length) {
528                         length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
529                                                 pdu_length - total_read, 0);
530                         if((server->tcpStatus == CifsExiting) ||
531                             (length == -EINTR)) {
532                                 /* then will exit */
533                                 reconnect = 2;
534                                 break;
535                         } else if (server->tcpStatus == CifsNeedReconnect) {
536                                 cifs_reconnect(server);
537                                 csocket = server->ssocket;
538                                 /* Reconnect wakes up rspns q */
539                                 /* Now we will reread sock */
540                                 reconnect = 1;
541                                 break;
542                         } else if ((length == -ERESTARTSYS) || 
543                                    (length == -EAGAIN)) {
544                                 msleep(1); /* minimum sleep to prevent looping,
545                                               allowing socket to clear and app 
546                                               threads to set tcpStatus
547                                               CifsNeedReconnect if server hung*/
548                                 continue;
549                         } else if (length <= 0) {
550                                 cERROR(1,("Received no data, expecting %d",
551                                               pdu_length - total_read));
552                                 cifs_reconnect(server);
553                                 csocket = server->ssocket;
554                                 reconnect = 1;
555                                 break;
556                         }
557                 }
558                 if(reconnect == 2)
559                         break;
560                 else if(reconnect == 1)
561                         continue;
562
563                 length += 4; /* account for rfc1002 hdr */
564         
565
566                 dump_smb(smb_buffer, length);
567                 if (checkSMB(smb_buffer, smb_buffer->Mid, total_read+4)) {
568                         cifs_dump_mem("Bad SMB: ", smb_buffer, 48);
569                         continue;
570                 }
571
572
573                 task_to_wake = NULL;
574                 spin_lock(&GlobalMid_Lock);
575                 list_for_each(tmp, &server->pending_mid_q) {
576                         mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
577
578                         if ((mid_entry->mid == smb_buffer->Mid) && 
579                             (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
580                             (mid_entry->command == smb_buffer->Command)) {
581                                 if(check2ndT2(smb_buffer,server->maxBuf) > 0) {
582                                         /* We have a multipart transact2 resp */
583                                         isMultiRsp = TRUE;
584                                         if(mid_entry->resp_buf) {
585                                                 /* merge response - fix up 1st*/
586                                                 if(coalesce_t2(smb_buffer, 
587                                                         mid_entry->resp_buf)) {
588                                                         break;
589                                                 } else {
590                                                         /* all parts received */
591                                                         goto multi_t2_fnd; 
592                                                 }
593                                         } else {
594                                                 if(!isLargeBuf) {
595                                                         cERROR(1,("1st trans2 resp needs bigbuf"));
596                                         /* BB maybe we can fix this up,  switch
597                                            to already allocated large buffer? */
598                                                 } else {
599                                                         /* Have first buffer */
600                                                         mid_entry->resp_buf =
601                                                                  smb_buffer;
602                                                         mid_entry->largeBuf = 1;
603                                                         bigbuf = NULL;
604                                                 }
605                                         }
606                                         break;
607                                 } 
608                                 mid_entry->resp_buf = smb_buffer;
609                                 if(isLargeBuf)
610                                         mid_entry->largeBuf = 1;
611                                 else
612                                         mid_entry->largeBuf = 0;
613 multi_t2_fnd:
614                                 task_to_wake = mid_entry->tsk;
615                                 mid_entry->midState = MID_RESPONSE_RECEIVED;
616 #ifdef CONFIG_CIFS_STATS2
617                                 mid_entry->when_received = jiffies;
618 #endif
619                                 break;
620                         }
621                 }
622                 spin_unlock(&GlobalMid_Lock);
623                 if (task_to_wake) {
624                         /* Was previous buf put in mpx struct for multi-rsp? */
625                         if(!isMultiRsp) {
626                                 /* smb buffer will be freed by user thread */
627                                 if(isLargeBuf) {
628                                         bigbuf = NULL;
629                                 } else
630                                         smallbuf = NULL;
631                         }
632                         wake_up_process(task_to_wake);
633                 } else if ((is_valid_oplock_break(smb_buffer, server) == FALSE)
634                     && (isMultiRsp == FALSE)) {                          
635                         cERROR(1, ("No task to wake, unknown frame rcvd!"));
636                         cifs_dump_mem("Received Data is: ",(char *)smb_buffer,
637                                       sizeof(struct smb_hdr));
638                 }
639         } /* end while !EXITING */
640
641         spin_lock(&GlobalMid_Lock);
642         server->tcpStatus = CifsExiting;
643         server->tsk = NULL;
644         /* check if we have blocked requests that need to free */
645         /* Note that cifs_max_pending is normally 50, but
646         can be set at module install time to as little as two */
647         if(atomic_read(&server->inFlight) >= cifs_max_pending)
648                 atomic_set(&server->inFlight, cifs_max_pending - 1);
649         /* We do not want to set the max_pending too low or we
650         could end up with the counter going negative */
651         spin_unlock(&GlobalMid_Lock);
652         /* Although there should not be any requests blocked on 
653         this queue it can not hurt to be paranoid and try to wake up requests
654         that may haven been blocked when more than 50 at time were on the wire
655         to the same server - they now will see the session is in exit state
656         and get out of SendReceive.  */
657         wake_up_all(&server->request_q);
658         /* give those requests time to exit */
659         msleep(125);
660         
661         if(server->ssocket) {
662                 sock_release(csocket);
663                 server->ssocket = NULL;
664         }
665         /* buffer usuallly freed in free_mid - need to free it here on exit */
666         if (bigbuf != NULL)
667                 cifs_buf_release(bigbuf);
668         if (smallbuf != NULL)
669                 cifs_small_buf_release(smallbuf);
670
671         read_lock(&GlobalSMBSeslock);
672         if (list_empty(&server->pending_mid_q)) {
673                 /* loop through server session structures attached to this and
674                     mark them dead */
675                 list_for_each(tmp, &GlobalSMBSessionList) {
676                         ses =
677                             list_entry(tmp, struct cifsSesInfo,
678                                        cifsSessionList);
679                         if (ses->server == server) {
680                                 ses->status = CifsExiting;
681                                 ses->server = NULL;
682                         }
683                 }
684                 read_unlock(&GlobalSMBSeslock);
685         } else {
686                 /* although we can not zero the server struct pointer yet,
687                 since there are active requests which may depnd on them,
688                 mark the corresponding SMB sessions as exiting too */
689                 list_for_each(tmp, &GlobalSMBSessionList) {
690                         ses = list_entry(tmp, struct cifsSesInfo,
691                                          cifsSessionList);
692                         if (ses->server == server) {
693                                 ses->status = CifsExiting;
694                         }
695                 }
696
697                 spin_lock(&GlobalMid_Lock);
698                 list_for_each(tmp, &server->pending_mid_q) {
699                 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
700                         if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
701                                 cFYI(1,
702                                   ("Clearing Mid 0x%x - waking up ",mid_entry->mid));
703                                 task_to_wake = mid_entry->tsk;
704                                 if(task_to_wake) {
705                                         wake_up_process(task_to_wake);
706                                 }
707                         }
708                 }
709                 spin_unlock(&GlobalMid_Lock);
710                 read_unlock(&GlobalSMBSeslock);
711                 /* 1/8th of sec is more than enough time for them to exit */
712                 msleep(125);
713         }
714
715         if (!list_empty(&server->pending_mid_q)) {
716                 /* mpx threads have not exited yet give them 
717                 at least the smb send timeout time for long ops */
718                 /* due to delays on oplock break requests, we need
719                 to wait at least 45 seconds before giving up
720                 on a request getting a response and going ahead
721                 and killing cifsd */
722                 cFYI(1, ("Wait for exit from demultiplex thread"));
723                 msleep(46000);
724                 /* if threads still have not exited they are probably never
725                 coming home not much else we can do but free the memory */
726         }
727
728         write_lock(&GlobalSMBSeslock);
729         atomic_dec(&tcpSesAllocCount);
730         length = tcpSesAllocCount.counter;
731
732         /* last chance to mark ses pointers invalid
733         if there are any pointing to this (e.g
734         if a crazy root user tried to kill cifsd 
735         kernel thread explicitly this might happen) */
736         list_for_each(tmp, &GlobalSMBSessionList) {
737                 ses = list_entry(tmp, struct cifsSesInfo,
738                                 cifsSessionList);
739                 if (ses->server == server) {
740                         ses->server = NULL;
741                 }
742         }
743         write_unlock(&GlobalSMBSeslock);
744
745         kfree(server);
746         if(length  > 0) {
747                 mempool_resize(cifs_req_poolp,
748                         length + cifs_min_rcv,
749                         GFP_KERNEL);
750         }
751         
752         complete_and_exit(&cifsd_complete, 0);
753         return 0;
754 }
755
756 static int
757 cifs_parse_mount_options(char *options, const char *devname,struct smb_vol *vol)
758 {
759         char *value;
760         char *data;
761         unsigned int  temp_len, i, j;
762         char separator[2];
763
764         separator[0] = ',';
765         separator[1] = 0; 
766
767         memset(vol->source_rfc1001_name,0x20,15);
768         for(i=0;i < strnlen(system_utsname.nodename,15);i++) {
769                 /* does not have to be a perfect mapping since the field is
770                 informational, only used for servers that do not support
771                 port 445 and it can be overridden at mount time */
772                 vol->source_rfc1001_name[i] = 
773                         toupper(system_utsname.nodename[i]);
774         }
775         vol->source_rfc1001_name[15] = 0;
776         /* null target name indicates to use *SMBSERVR default called name
777            if we end up sending RFC1001 session initialize */
778         vol->target_rfc1001_name[0] = 0;
779         vol->linux_uid = current->uid;  /* current->euid instead? */
780         vol->linux_gid = current->gid;
781         vol->dir_mode = S_IRWXUGO;
782         /* 2767 perms indicate mandatory locking support */
783         vol->file_mode = S_IALLUGO & ~(S_ISUID | S_IXGRP);
784
785         /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
786         vol->rw = TRUE;
787         vol->ntlm = TRUE;
788         /* default is always to request posix paths. */
789         vol->posix_paths = 1;
790
791         if (!options)
792                 return 1;
793
794         if(strncmp(options,"sep=",4) == 0) {
795                 if(options[4] != 0) {
796                         separator[0] = options[4];
797                         options += 5;
798                 } else {
799                         cFYI(1,("Null separator not allowed"));
800                 }
801         }
802                 
803         while ((data = strsep(&options, separator)) != NULL) {
804                 if (!*data)
805                         continue;
806                 if ((value = strchr(data, '=')) != NULL)
807                         *value++ = '\0';
808
809                 if (strnicmp(data, "user_xattr",10) == 0) {/*parse before user*/
810                         vol->no_xattr = 0;
811                 } else if (strnicmp(data, "nouser_xattr",12) == 0) {
812                         vol->no_xattr = 1;
813                 } else if (strnicmp(data, "user", 4) == 0) {
814                         if (!value || !*value) {
815                                 printk(KERN_WARNING
816                                        "CIFS: invalid or missing username\n");
817                                 return 1;       /* needs_arg; */
818                         }
819                         if (strnlen(value, 200) < 200) {
820                                 vol->username = value;
821                         } else {
822                                 printk(KERN_WARNING "CIFS: username too long\n");
823                                 return 1;
824                         }
825                 } else if (strnicmp(data, "pass", 4) == 0) {
826                         if (!value) {
827                                 vol->password = NULL;
828                                 continue;
829                         } else if(value[0] == 0) {
830                                 /* check if string begins with double comma
831                                    since that would mean the password really
832                                    does start with a comma, and would not
833                                    indicate an empty string */
834                                 if(value[1] != separator[0]) {
835                                         vol->password = NULL;
836                                         continue;
837                                 }
838                         }
839                         temp_len = strlen(value);
840                         /* removed password length check, NTLM passwords
841                                 can be arbitrarily long */
842
843                         /* if comma in password, the string will be 
844                         prematurely null terminated.  Commas in password are
845                         specified across the cifs mount interface by a double
846                         comma ie ,, and a comma used as in other cases ie ','
847                         as a parameter delimiter/separator is single and due
848                         to the strsep above is temporarily zeroed. */
849
850                         /* NB: password legally can have multiple commas and
851                         the only illegal character in a password is null */
852
853                         if ((value[temp_len] == 0) && 
854                             (value[temp_len+1] == separator[0])) {
855                                 /* reinsert comma */
856                                 value[temp_len] = separator[0];
857                                 temp_len+=2;  /* move after the second comma */
858                                 while(value[temp_len] != 0)  {
859                                         if (value[temp_len] == separator[0]) {
860                                                 if (value[temp_len+1] == 
861                                                      separator[0]) {
862                                                 /* skip second comma */
863                                                         temp_len++;
864                                                 } else { 
865                                                 /* single comma indicating start
866                                                          of next parm */
867                                                         break;
868                                                 }
869                                         }
870                                         temp_len++;
871                                 }
872                                 if(value[temp_len] == 0) {
873                                         options = NULL;
874                                 } else {
875                                         value[temp_len] = 0;
876                                         /* point option to start of next parm */
877                                         options = value + temp_len + 1;
878                                 }
879                                 /* go from value to value + temp_len condensing 
880                                 double commas to singles. Note that this ends up
881                                 allocating a few bytes too many, which is ok */
882                                 vol->password = kzalloc(temp_len, GFP_KERNEL);
883                                 if(vol->password == NULL) {
884                                         printk("CIFS: no memory for pass\n");
885                                         return 1;
886                                 }
887                                 for(i=0,j=0;i<temp_len;i++,j++) {
888                                         vol->password[j] = value[i];
889                                         if(value[i] == separator[0]
890                                                 && value[i+1] == separator[0]) {
891                                                 /* skip second comma */
892                                                 i++;
893                                         }
894                                 }
895                                 vol->password[j] = 0;
896                         } else {
897                                 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
898                                 if(vol->password == NULL) {
899                                         printk("CIFS: no memory for pass\n");
900                                         return 1;
901                                 }
902                                 strcpy(vol->password, value);
903                         }
904                 } else if (strnicmp(data, "ip", 2) == 0) {
905                         if (!value || !*value) {
906                                 vol->UNCip = NULL;
907                         } else if (strnlen(value, 35) < 35) {
908                                 vol->UNCip = value;
909                         } else {
910                                 printk(KERN_WARNING "CIFS: ip address too long\n");
911                                 return 1;
912                         }
913                 } else if (strnicmp(data, "sec", 3) == 0) { 
914                         if (!value || !*value) {
915                                 cERROR(1,("no security value specified"));
916                                 continue;
917                         } else if (strnicmp(value, "krb5i", 5) == 0) {
918                                 vol->sign = 1;
919                                 vol->krb5 = 1;
920                         } else if (strnicmp(value, "krb5p", 5) == 0) {
921                                 /* vol->seal = 1; 
922                                    vol->krb5 = 1; */
923                                 cERROR(1,("Krb5 cifs privacy not supported"));
924                                 return 1;
925                         } else if (strnicmp(value, "krb5", 4) == 0) {
926                                 vol->krb5 = 1;
927                         } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
928                                 vol->ntlmv2 = 1;
929                                 vol->sign = 1;
930                         } else if (strnicmp(value, "ntlmv2", 6) == 0) {
931                                 vol->ntlmv2 = 1;
932                         } else if (strnicmp(value, "ntlmi", 5) == 0) {
933                                 vol->ntlm = 1;
934                                 vol->sign = 1;
935                         } else if (strnicmp(value, "ntlm", 4) == 0) {
936                                 /* ntlm is default so can be turned off too */
937                                 vol->ntlm = 1;
938                         } else if (strnicmp(value, "nontlm", 6) == 0) {
939                                 vol->ntlm = 0;
940                         } else if (strnicmp(value, "none", 4) == 0) {
941                                 vol->nullauth = 1; 
942                         } else {
943                                 cERROR(1,("bad security option: %s", value));
944                                 return 1;
945                         }
946                 } else if ((strnicmp(data, "unc", 3) == 0)
947                            || (strnicmp(data, "target", 6) == 0)
948                            || (strnicmp(data, "path", 4) == 0)) {
949                         if (!value || !*value) {
950                                 printk(KERN_WARNING
951                                        "CIFS: invalid path to network resource\n");
952                                 return 1;       /* needs_arg; */
953                         }
954                         if ((temp_len = strnlen(value, 300)) < 300) {
955                                 vol->UNC = kmalloc(temp_len+1,GFP_KERNEL);
956                                 if(vol->UNC == NULL)
957                                         return 1;
958                                 strcpy(vol->UNC,value);
959                                 if (strncmp(vol->UNC, "//", 2) == 0) {
960                                         vol->UNC[0] = '\\';
961                                         vol->UNC[1] = '\\';
962                                 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {                    
963                                         printk(KERN_WARNING
964                                                "CIFS: UNC Path does not begin with // or \\\\ \n");
965                                         return 1;
966                                 }
967                         } else {
968                                 printk(KERN_WARNING "CIFS: UNC name too long\n");
969                                 return 1;
970                         }
971                 } else if ((strnicmp(data, "domain", 3) == 0)
972                            || (strnicmp(data, "workgroup", 5) == 0)) {
973                         if (!value || !*value) {
974                                 printk(KERN_WARNING "CIFS: invalid domain name\n");
975                                 return 1;       /* needs_arg; */
976                         }
977                         /* BB are there cases in which a comma can be valid in
978                         a domain name and need special handling? */
979                         if (strnlen(value, 65) < 65) {
980                                 vol->domainname = value;
981                                 cFYI(1, ("Domain name set"));
982                         } else {
983                                 printk(KERN_WARNING "CIFS: domain name too long\n");
984                                 return 1;
985                         }
986                 } else if (strnicmp(data, "iocharset", 9) == 0) {
987                         if (!value || !*value) {
988                                 printk(KERN_WARNING "CIFS: invalid iocharset specified\n");
989                                 return 1;       /* needs_arg; */
990                         }
991                         if (strnlen(value, 65) < 65) {
992                                 if(strnicmp(value,"default",7))
993                                         vol->iocharset = value;
994                                 /* if iocharset not set load_nls_default used by caller */
995                                 cFYI(1, ("iocharset set to %s",value));
996                         } else {
997                                 printk(KERN_WARNING "CIFS: iocharset name too long.\n");
998                                 return 1;
999                         }
1000                 } else if (strnicmp(data, "uid", 3) == 0) {
1001                         if (value && *value) {
1002                                 vol->linux_uid =
1003                                         simple_strtoul(value, &value, 0);
1004                         }
1005                 } else if (strnicmp(data, "gid", 3) == 0) {
1006                         if (value && *value) {
1007                                 vol->linux_gid =
1008                                         simple_strtoul(value, &value, 0);
1009                         }
1010                 } else if (strnicmp(data, "file_mode", 4) == 0) {
1011                         if (value && *value) {
1012                                 vol->file_mode =
1013                                         simple_strtoul(value, &value, 0);
1014                         }
1015                 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1016                         if (value && *value) {
1017                                 vol->dir_mode =
1018                                         simple_strtoul(value, &value, 0);
1019                         }
1020                 } else if (strnicmp(data, "dirmode", 4) == 0) {
1021                         if (value && *value) {
1022                                 vol->dir_mode =
1023                                         simple_strtoul(value, &value, 0);
1024                         }
1025                 } else if (strnicmp(data, "port", 4) == 0) {
1026                         if (value && *value) {
1027                                 vol->port =
1028                                         simple_strtoul(value, &value, 0);
1029                         }
1030                 } else if (strnicmp(data, "rsize", 5) == 0) {
1031                         if (value && *value) {
1032                                 vol->rsize =
1033                                         simple_strtoul(value, &value, 0);
1034                         }
1035                 } else if (strnicmp(data, "wsize", 5) == 0) {
1036                         if (value && *value) {
1037                                 vol->wsize =
1038                                         simple_strtoul(value, &value, 0);
1039                         }
1040                 } else if (strnicmp(data, "sockopt", 5) == 0) {
1041                         if (value && *value) {
1042                                 vol->sockopt =
1043                                         simple_strtoul(value, &value, 0);
1044                         }
1045                 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1046                         if (!value || !*value || (*value == ' ')) {
1047                                 cFYI(1,("invalid (empty) netbiosname specified"));
1048                         } else {
1049                                 memset(vol->source_rfc1001_name,0x20,15);
1050                                 for(i=0;i<15;i++) {
1051                                 /* BB are there cases in which a comma can be 
1052                                 valid in this workstation netbios name (and need
1053                                 special handling)? */
1054
1055                                 /* We do not uppercase netbiosname for user */
1056                                         if (value[i]==0)
1057                                                 break;
1058                                         else 
1059                                                 vol->source_rfc1001_name[i] = value[i];
1060                                 }
1061                                 /* The string has 16th byte zero still from
1062                                 set at top of the function  */
1063                                 if((i==15) && (value[i] != 0))
1064                                         printk(KERN_WARNING "CIFS: netbiosname longer than 15 truncated.\n");
1065                         }
1066                 } else if (strnicmp(data, "servern", 7) == 0) {
1067                         /* servernetbiosname specified override *SMBSERVER */
1068                         if (!value || !*value || (*value == ' ')) {
1069                                 cFYI(1,("empty server netbiosname specified"));
1070                         } else {
1071                                 /* last byte, type, is 0x20 for servr type */
1072                                 memset(vol->target_rfc1001_name,0x20,16);
1073
1074                                 for(i=0;i<15;i++) {
1075                                 /* BB are there cases in which a comma can be
1076                                    valid in this workstation netbios name (and need
1077                                    special handling)? */
1078
1079                                 /* user or mount helper must uppercase netbiosname */
1080                                         if (value[i]==0)
1081                                                 break;
1082                                         else
1083                                                 vol->target_rfc1001_name[i] = value[i];
1084                                 }
1085                                 /* The string has 16th byte zero still from
1086                                    set at top of the function  */
1087                                 if((i==15) && (value[i] != 0))
1088                                         printk(KERN_WARNING "CIFS: server netbiosname longer than 15 truncated.\n");
1089                         }
1090                 } else if (strnicmp(data, "credentials", 4) == 0) {
1091                         /* ignore */
1092                 } else if (strnicmp(data, "version", 3) == 0) {
1093                         /* ignore */
1094                 } else if (strnicmp(data, "guest",5) == 0) {
1095                         /* ignore */
1096                 } else if (strnicmp(data, "rw", 2) == 0) {
1097                         vol->rw = TRUE;
1098                 } else if ((strnicmp(data, "suid", 4) == 0) ||
1099                                    (strnicmp(data, "nosuid", 6) == 0) ||
1100                                    (strnicmp(data, "exec", 4) == 0) ||
1101                                    (strnicmp(data, "noexec", 6) == 0) ||
1102                                    (strnicmp(data, "nodev", 5) == 0) ||
1103                                    (strnicmp(data, "noauto", 6) == 0) ||
1104                                    (strnicmp(data, "dev", 3) == 0)) {
1105                         /*  The mount tool or mount.cifs helper (if present)
1106                                 uses these opts to set flags, and the flags are read
1107                                 by the kernel vfs layer before we get here (ie
1108                                 before read super) so there is no point trying to
1109                                 parse these options again and set anything and it
1110                                 is ok to just ignore them */
1111                         continue;
1112                 } else if (strnicmp(data, "ro", 2) == 0) {
1113                         vol->rw = FALSE;
1114                 } else if (strnicmp(data, "hard", 4) == 0) {
1115                         vol->retry = 1;
1116                 } else if (strnicmp(data, "soft", 4) == 0) {
1117                         vol->retry = 0;
1118                 } else if (strnicmp(data, "perm", 4) == 0) {
1119                         vol->noperm = 0;
1120                 } else if (strnicmp(data, "noperm", 6) == 0) {
1121                         vol->noperm = 1;
1122                 } else if (strnicmp(data, "mapchars", 8) == 0) {
1123                         vol->remap = 1;
1124                 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1125                         vol->remap = 0;
1126                 } else if (strnicmp(data, "sfu", 3) == 0) {
1127                         vol->sfu_emul = 1;
1128                 } else if (strnicmp(data, "nosfu", 5) == 0) {
1129                         vol->sfu_emul = 0;
1130                 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1131                         vol->posix_paths = 1;
1132                 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1133                         vol->posix_paths = 0;
1134                 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1135                            (strnicmp(data, "ignorecase", 10)  == 0)) {
1136                         vol->nocase = 1;
1137                 } else if (strnicmp(data, "brl", 3) == 0) {
1138                         vol->nobrl =  0;
1139                 } else if ((strnicmp(data, "nobrl", 5) == 0) || 
1140                            (strnicmp(data, "nolock", 6) == 0)) {
1141                         vol->nobrl =  1;
1142                         /* turn off mandatory locking in mode
1143                         if remote locking is turned off since the
1144                         local vfs will do advisory */
1145                         if(vol->file_mode == (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1146                                 vol->file_mode = S_IALLUGO;
1147                 } else if (strnicmp(data, "setuids", 7) == 0) {
1148                         vol->setuids = 1;
1149                 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1150                         vol->setuids = 0;
1151                 } else if (strnicmp(data, "nohard", 6) == 0) {
1152                         vol->retry = 0;
1153                 } else if (strnicmp(data, "nosoft", 6) == 0) {
1154                         vol->retry = 1;
1155                 } else if (strnicmp(data, "nointr", 6) == 0) {
1156                         vol->intr = 0;
1157                 } else if (strnicmp(data, "intr", 4) == 0) {
1158                         vol->intr = 1;
1159                 } else if (strnicmp(data, "serverino",7) == 0) {
1160                         vol->server_ino = 1;
1161                 } else if (strnicmp(data, "noserverino",9) == 0) {
1162                         vol->server_ino = 0;
1163                 } else if (strnicmp(data, "cifsacl",7) == 0) {
1164                         vol->cifs_acl = 1;
1165                 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1166                         vol->cifs_acl = 0;
1167                 } else if (strnicmp(data, "acl",3) == 0) {
1168                         vol->no_psx_acl = 0;
1169                 } else if (strnicmp(data, "noacl",5) == 0) {
1170                         vol->no_psx_acl = 1;
1171                 } else if (strnicmp(data, "direct",6) == 0) {
1172                         vol->direct_io = 1;
1173                 } else if (strnicmp(data, "forcedirectio",13) == 0) {
1174                         vol->direct_io = 1;
1175                 } else if (strnicmp(data, "in6_addr",8) == 0) {
1176                         if (!value || !*value) {
1177                                 vol->in6_addr = NULL;
1178                         } else if (strnlen(value, 49) == 48) {
1179                                 vol->in6_addr = value;
1180                         } else {
1181                                 printk(KERN_WARNING "CIFS: ip v6 address not 48 characters long\n");
1182                                 return 1;
1183                         }
1184                 } else if (strnicmp(data, "noac", 4) == 0) {
1185                         printk(KERN_WARNING "CIFS: Mount option noac not supported. Instead set /proc/fs/cifs/LookupCacheEnabled to 0\n");
1186                 } else
1187                         printk(KERN_WARNING "CIFS: Unknown mount option %s\n",data);
1188         }
1189         if (vol->UNC == NULL) {
1190                 if(devname == NULL) {
1191                         printk(KERN_WARNING "CIFS: Missing UNC name for mount target\n");
1192                         return 1;
1193                 }
1194                 if ((temp_len = strnlen(devname, 300)) < 300) {
1195                         vol->UNC = kmalloc(temp_len+1,GFP_KERNEL);
1196                         if(vol->UNC == NULL)
1197                                 return 1;
1198                         strcpy(vol->UNC,devname);
1199                         if (strncmp(vol->UNC, "//", 2) == 0) {
1200                                 vol->UNC[0] = '\\';
1201                                 vol->UNC[1] = '\\';
1202                         } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1203                                 printk(KERN_WARNING "CIFS: UNC Path does not begin with // or \\\\ \n");
1204                                 return 1;
1205                         }
1206                 } else {
1207                         printk(KERN_WARNING "CIFS: UNC name too long\n");
1208                         return 1;
1209                 }
1210         }
1211         if(vol->UNCip == NULL)
1212                 vol->UNCip = &vol->UNC[2];
1213
1214         return 0;
1215 }
1216
1217 static struct cifsSesInfo *
1218 cifs_find_tcp_session(struct in_addr * target_ip_addr, 
1219                 struct in6_addr *target_ip6_addr,
1220                  char *userName, struct TCP_Server_Info **psrvTcp)
1221 {
1222         struct list_head *tmp;
1223         struct cifsSesInfo *ses;
1224         *psrvTcp = NULL;
1225         read_lock(&GlobalSMBSeslock);
1226
1227         list_for_each(tmp, &GlobalSMBSessionList) {
1228                 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
1229                 if (ses->server) {
1230                         if((target_ip_addr && 
1231                                 (ses->server->addr.sockAddr.sin_addr.s_addr
1232                                   == target_ip_addr->s_addr)) || (target_ip6_addr
1233                                 && memcmp(&ses->server->addr.sockAddr6.sin6_addr,
1234                                         target_ip6_addr,sizeof(*target_ip6_addr)))){
1235                                 /* BB lock server and tcp session and increment use count here?? */
1236                                 *psrvTcp = ses->server; /* found a match on the TCP session */
1237                                 /* BB check if reconnection needed */
1238                                 if (strncmp
1239                                     (ses->userName, userName,
1240                                      MAX_USERNAME_SIZE) == 0){
1241                                         read_unlock(&GlobalSMBSeslock);
1242                                         return ses;     /* found exact match on both tcp and SMB sessions */
1243                                 }
1244                         }
1245                 }
1246                 /* else tcp and smb sessions need reconnection */
1247         }
1248         read_unlock(&GlobalSMBSeslock);
1249         return NULL;
1250 }
1251
1252 static struct cifsTconInfo *
1253 find_unc(__be32 new_target_ip_addr, char *uncName, char *userName)
1254 {
1255         struct list_head *tmp;
1256         struct cifsTconInfo *tcon;
1257
1258         read_lock(&GlobalSMBSeslock);
1259         list_for_each(tmp, &GlobalTreeConnectionList) {
1260                 cFYI(1, ("Next tcon - "));
1261                 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
1262                 if (tcon->ses) {
1263                         if (tcon->ses->server) {
1264                                 cFYI(1,
1265                                      (" old ip addr: %x == new ip %x ?",
1266                                       tcon->ses->server->addr.sockAddr.sin_addr.
1267                                       s_addr, new_target_ip_addr));
1268                                 if (tcon->ses->server->addr.sockAddr.sin_addr.
1269                                     s_addr == new_target_ip_addr) {
1270         /* BB lock tcon and server and tcp session and increment use count here? */
1271                                         /* found a match on the TCP session */
1272                                         /* BB check if reconnection needed */
1273                                         cFYI(1,("Matched ip, old UNC: %s == new: %s ?",
1274                                               tcon->treeName, uncName));
1275                                         if (strncmp
1276                                             (tcon->treeName, uncName,
1277                                              MAX_TREE_SIZE) == 0) {
1278                                                 cFYI(1,
1279                                                      ("Matched UNC, old user: %s == new: %s ?",
1280                                                       tcon->treeName, uncName));
1281                                                 if (strncmp
1282                                                     (tcon->ses->userName,
1283                                                      userName,
1284                                                      MAX_USERNAME_SIZE) == 0) {
1285                                                         read_unlock(&GlobalSMBSeslock);
1286                                                         return tcon;/* also matched user (smb session)*/
1287                                                 }
1288                                         }
1289                                 }
1290                         }
1291                 }
1292         }
1293         read_unlock(&GlobalSMBSeslock);
1294         return NULL;
1295 }
1296
1297 int
1298 connect_to_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
1299                     const char *old_path, const struct nls_table *nls_codepage,
1300                     int remap)
1301 {
1302         unsigned char *referrals = NULL;
1303         unsigned int num_referrals;
1304         int rc = 0;
1305
1306         rc = get_dfs_path(xid, pSesInfo,old_path, nls_codepage, 
1307                         &num_referrals, &referrals, remap);
1308
1309         /* BB Add in code to: if valid refrl, if not ip address contact
1310                 the helper that resolves tcp names, mount to it, try to 
1311                 tcon to it unmount it if fail */
1312
1313         kfree(referrals);
1314
1315         return rc;
1316 }
1317
1318 int
1319 get_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
1320                         const char *old_path, const struct nls_table *nls_codepage, 
1321                         unsigned int *pnum_referrals, 
1322                         unsigned char ** preferrals, int remap)
1323 {
1324         char *temp_unc;
1325         int rc = 0;
1326
1327         *pnum_referrals = 0;
1328
1329         if (pSesInfo->ipc_tid == 0) {
1330                 temp_unc = kmalloc(2 /* for slashes */ +
1331                         strnlen(pSesInfo->serverName,SERVER_NAME_LEN_WITH_NULL * 2)
1332                                  + 1 + 4 /* slash IPC$ */  + 2,
1333                                 GFP_KERNEL);
1334                 if (temp_unc == NULL)
1335                         return -ENOMEM;
1336                 temp_unc[0] = '\\';
1337                 temp_unc[1] = '\\';
1338                 strcpy(temp_unc + 2, pSesInfo->serverName);
1339                 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
1340                 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
1341                 cFYI(1,
1342                      ("CIFS Tcon rc = %d ipc_tid = %d", rc,pSesInfo->ipc_tid));
1343                 kfree(temp_unc);
1344         }
1345         if (rc == 0)
1346                 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
1347                                      pnum_referrals, nls_codepage, remap);
1348
1349         return rc;
1350 }
1351
1352 /* See RFC1001 section 14 on representation of Netbios names */
1353 static void rfc1002mangle(char * target,char * source, unsigned int length)
1354 {
1355         unsigned int i,j;
1356
1357         for(i=0,j=0;i<(length);i++) {
1358                 /* mask a nibble at a time and encode */
1359                 target[j] = 'A' + (0x0F & (source[i] >> 4));
1360                 target[j+1] = 'A' + (0x0F & source[i]);
1361                 j+=2;
1362         }
1363
1364 }
1365
1366
1367 static int
1368 ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket, 
1369              char * netbios_name, char * target_name)
1370 {
1371         int rc = 0;
1372         int connected = 0;
1373         __be16 orig_port = 0;
1374
1375         if(*csocket == NULL) {
1376                 rc = sock_create_kern(PF_INET, SOCK_STREAM, IPPROTO_TCP, csocket);
1377                 if (rc < 0) {
1378                         cERROR(1, ("Error %d creating socket",rc));
1379                         *csocket = NULL;
1380                         return rc;
1381                 } else {
1382                 /* BB other socket options to set KEEPALIVE, NODELAY? */
1383                         cFYI(1,("Socket created"));
1384                         (*csocket)->sk->sk_allocation = GFP_NOFS; 
1385                 }
1386         }
1387
1388         psin_server->sin_family = AF_INET;
1389         if(psin_server->sin_port) { /* user overrode default port */
1390                 rc = (*csocket)->ops->connect(*csocket,
1391                                 (struct sockaddr *) psin_server,
1392                                 sizeof (struct sockaddr_in),0);
1393                 if (rc >= 0)
1394                         connected = 1;
1395         } 
1396
1397         if(!connected) {
1398                 /* save original port so we can retry user specified port  
1399                         later if fall back ports fail this time  */
1400                 orig_port = psin_server->sin_port;
1401
1402                 /* do not retry on the same port we just failed on */
1403                 if(psin_server->sin_port != htons(CIFS_PORT)) {
1404                         psin_server->sin_port = htons(CIFS_PORT);
1405
1406                         rc = (*csocket)->ops->connect(*csocket,
1407                                         (struct sockaddr *) psin_server,
1408                                         sizeof (struct sockaddr_in),0);
1409                         if (rc >= 0)
1410                                 connected = 1;
1411                 }
1412         }
1413         if (!connected) {
1414                 psin_server->sin_port = htons(RFC1001_PORT);
1415                 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1416                                               psin_server, sizeof (struct sockaddr_in),0);
1417                 if (rc >= 0) 
1418                         connected = 1;
1419         }
1420
1421         /* give up here - unless we want to retry on different
1422                 protocol families some day */
1423         if (!connected) {
1424                 if(orig_port)
1425                         psin_server->sin_port = orig_port;
1426                 cFYI(1,("Error %d connecting to server via ipv4",rc));
1427                 sock_release(*csocket);
1428                 *csocket = NULL;
1429                 return rc;
1430         }
1431         /* Eventually check for other socket options to change from 
1432                 the default. sock_setsockopt not used because it expects 
1433                 user space buffer */
1434          cFYI(1,("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",(*csocket)->sk->sk_sndbuf,
1435                  (*csocket)->sk->sk_rcvbuf, (*csocket)->sk->sk_rcvtimeo));
1436         (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1437         /* make the bufsizes depend on wsize/rsize and max requests */
1438         if((*csocket)->sk->sk_sndbuf < (200 * 1024))
1439                 (*csocket)->sk->sk_sndbuf = 200 * 1024;
1440         if((*csocket)->sk->sk_rcvbuf < (140 * 1024))
1441                 (*csocket)->sk->sk_rcvbuf = 140 * 1024;
1442
1443         /* send RFC1001 sessinit */
1444         if(psin_server->sin_port == htons(RFC1001_PORT)) {
1445                 /* some servers require RFC1001 sessinit before sending
1446                 negprot - BB check reconnection in case where second 
1447                 sessinit is sent but no second negprot */
1448                 struct rfc1002_session_packet * ses_init_buf;
1449                 struct smb_hdr * smb_buf;
1450                 ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet), GFP_KERNEL);
1451                 if(ses_init_buf) {
1452                         ses_init_buf->trailer.session_req.called_len = 32;
1453                         if(target_name && (target_name[0] != 0)) {
1454                                 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1455                                         target_name, 16);
1456                         } else {
1457                                 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1458                                         DEFAULT_CIFS_CALLED_NAME,16);
1459                         }
1460
1461                         ses_init_buf->trailer.session_req.calling_len = 32;
1462                         /* calling name ends in null (byte 16) from old smb
1463                         convention. */
1464                         if(netbios_name && (netbios_name[0] !=0)) {
1465                                 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1466                                         netbios_name,16);
1467                         } else {
1468                                 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1469                                         "LINUX_CIFS_CLNT",16);
1470                         }
1471                         ses_init_buf->trailer.session_req.scope1 = 0;
1472                         ses_init_buf->trailer.session_req.scope2 = 0;
1473                         smb_buf = (struct smb_hdr *)ses_init_buf;
1474                         /* sizeof RFC1002_SESSION_REQUEST with no scope */
1475                         smb_buf->smb_buf_length = 0x81000044;
1476                         rc = smb_send(*csocket, smb_buf, 0x44,
1477                                 (struct sockaddr *)psin_server);
1478                         kfree(ses_init_buf);
1479                         msleep(1); /* RFC1001 layer in at least one server 
1480                                       requires very short break before negprot
1481                                       presumably because not expecting negprot
1482                                       to follow so fast.  This is a simple
1483                                       solution that works without 
1484                                       complicating the code and causes no
1485                                       significant slowing down on mount
1486                                       for everyone else */
1487                 }
1488                 /* else the negprot may still work without this 
1489                 even though malloc failed */
1490                 
1491         }
1492                 
1493         return rc;
1494 }
1495
1496 static int
1497 ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket)
1498 {
1499         int rc = 0;
1500         int connected = 0;
1501         __be16 orig_port = 0;
1502
1503         if(*csocket == NULL) {
1504                 rc = sock_create_kern(PF_INET6, SOCK_STREAM, IPPROTO_TCP, csocket);
1505                 if (rc < 0) {
1506                         cERROR(1, ("Error %d creating ipv6 socket",rc));
1507                         *csocket = NULL;
1508                         return rc;
1509                 } else {
1510                 /* BB other socket options to set KEEPALIVE, NODELAY? */
1511                          cFYI(1,("ipv6 Socket created"));
1512                         (*csocket)->sk->sk_allocation = GFP_NOFS;
1513                 }
1514         }
1515
1516         psin_server->sin6_family = AF_INET6;
1517
1518         if(psin_server->sin6_port) { /* user overrode default port */
1519                 rc = (*csocket)->ops->connect(*csocket,
1520                                 (struct sockaddr *) psin_server,
1521                                 sizeof (struct sockaddr_in6),0);
1522                 if (rc >= 0)
1523                         connected = 1;
1524         } 
1525
1526         if(!connected) {
1527                 /* save original port so we can retry user specified port  
1528                         later if fall back ports fail this time  */
1529
1530                 orig_port = psin_server->sin6_port;
1531                 /* do not retry on the same port we just failed on */
1532                 if(psin_server->sin6_port != htons(CIFS_PORT)) {
1533                         psin_server->sin6_port = htons(CIFS_PORT);
1534
1535                         rc = (*csocket)->ops->connect(*csocket,
1536                                         (struct sockaddr *) psin_server,
1537                                         sizeof (struct sockaddr_in6),0);
1538                         if (rc >= 0)
1539                                 connected = 1;
1540                 }
1541         }
1542         if (!connected) {
1543                 psin_server->sin6_port = htons(RFC1001_PORT);
1544                 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1545                                          psin_server, sizeof (struct sockaddr_in6),0);
1546                 if (rc >= 0) 
1547                         connected = 1;
1548         }
1549
1550         /* give up here - unless we want to retry on different
1551                 protocol families some day */
1552         if (!connected) {
1553                 if(orig_port)
1554                         psin_server->sin6_port = orig_port;
1555                 cFYI(1,("Error %d connecting to server via ipv6",rc));
1556                 sock_release(*csocket);
1557                 *csocket = NULL;
1558                 return rc;
1559         }
1560         /* Eventually check for other socket options to change from 
1561                 the default. sock_setsockopt not used because it expects 
1562                 user space buffer */
1563         (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1564                 
1565         return rc;
1566 }
1567
1568 int
1569 cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
1570            char *mount_data, const char *devname)
1571 {
1572         int rc = 0;
1573         int xid;
1574         int address_type = AF_INET;
1575         struct socket *csocket = NULL;
1576         struct sockaddr_in sin_server;
1577         struct sockaddr_in6 sin_server6;
1578         struct smb_vol volume_info;
1579         struct cifsSesInfo *pSesInfo = NULL;
1580         struct cifsSesInfo *existingCifsSes = NULL;
1581         struct cifsTconInfo *tcon = NULL;
1582         struct TCP_Server_Info *srvTcp = NULL;
1583
1584         xid = GetXid();
1585
1586 /* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */
1587         
1588         memset(&volume_info,0,sizeof(struct smb_vol));
1589         if (cifs_parse_mount_options(mount_data, devname, &volume_info)) {
1590                 kfree(volume_info.UNC);
1591                 kfree(volume_info.password);
1592                 FreeXid(xid);
1593                 return -EINVAL;
1594         }
1595
1596         if (volume_info.username) {
1597                 /* BB fixme parse for domain name here */
1598                 cFYI(1, ("Username: %s ", volume_info.username));
1599
1600         } else {
1601                 cifserror("No username specified");
1602         /* In userspace mount helper we can get user name from alternate
1603            locations such as env variables and files on disk */
1604                 kfree(volume_info.UNC);
1605                 kfree(volume_info.password);
1606                 FreeXid(xid);
1607                 return -EINVAL;
1608         }
1609
1610         if (volume_info.UNCip && volume_info.UNC) {
1611                 rc = cifs_inet_pton(AF_INET, volume_info.UNCip,&sin_server.sin_addr.s_addr);
1612
1613                 if(rc <= 0) {
1614                         /* not ipv4 address, try ipv6 */
1615                         rc = cifs_inet_pton(AF_INET6,volume_info.UNCip,&sin_server6.sin6_addr.in6_u); 
1616                         if(rc > 0)
1617                                 address_type = AF_INET6;
1618                 } else {
1619                         address_type = AF_INET;
1620                 }
1621        
1622                 if(rc <= 0) {
1623                         /* we failed translating address */
1624                         kfree(volume_info.UNC);
1625                         kfree(volume_info.password);
1626                         FreeXid(xid);
1627                         return -EINVAL;
1628                 }
1629
1630                 cFYI(1, ("UNC: %s ip: %s", volume_info.UNC, volume_info.UNCip));
1631                 /* success */
1632                 rc = 0;
1633         } else if (volume_info.UNCip){
1634                 /* BB using ip addr as server name connect to the DFS root below */
1635                 cERROR(1,("Connecting to DFS root not implemented yet"));
1636                 kfree(volume_info.UNC);
1637                 kfree(volume_info.password);
1638                 FreeXid(xid);
1639                 return -EINVAL;
1640         } else /* which servers DFS root would we conect to */ {
1641                 cERROR(1,
1642                        ("CIFS mount error: No UNC path (e.g. -o unc=//192.168.1.100/public) specified"));
1643                 kfree(volume_info.UNC);
1644                 kfree(volume_info.password);
1645                 FreeXid(xid);
1646                 return -EINVAL;
1647         }
1648
1649         /* this is needed for ASCII cp to Unicode converts */
1650         if(volume_info.iocharset == NULL) {
1651                 cifs_sb->local_nls = load_nls_default();
1652         /* load_nls_default can not return null */
1653         } else {
1654                 cifs_sb->local_nls = load_nls(volume_info.iocharset);
1655                 if(cifs_sb->local_nls == NULL) {
1656                         cERROR(1,("CIFS mount error: iocharset %s not found",volume_info.iocharset));
1657                         kfree(volume_info.UNC);
1658                         kfree(volume_info.password);
1659                         FreeXid(xid);
1660                         return -ELIBACC;
1661                 }
1662         }
1663
1664         if(address_type == AF_INET)
1665                 existingCifsSes = cifs_find_tcp_session(&sin_server.sin_addr,
1666                         NULL /* no ipv6 addr */,
1667                         volume_info.username, &srvTcp);
1668         else if(address_type == AF_INET6)
1669                 existingCifsSes = cifs_find_tcp_session(NULL /* no ipv4 addr */,
1670                         &sin_server6.sin6_addr,
1671                         volume_info.username, &srvTcp);
1672         else {
1673                 kfree(volume_info.UNC);
1674                 kfree(volume_info.password);
1675                 FreeXid(xid);
1676                 return -EINVAL;
1677         }
1678
1679
1680         if (srvTcp) {
1681                 cFYI(1, ("Existing tcp session with server found"));                
1682         } else {        /* create socket */
1683                 if(volume_info.port)
1684                         sin_server.sin_port = htons(volume_info.port);
1685                 else
1686                         sin_server.sin_port = 0;
1687                 rc = ipv4_connect(&sin_server,&csocket,
1688                                   volume_info.source_rfc1001_name,
1689                                   volume_info.target_rfc1001_name);
1690                 if (rc < 0) {
1691                         cERROR(1,
1692                                ("Error connecting to IPv4 socket. Aborting operation"));
1693                         if(csocket != NULL)
1694                                 sock_release(csocket);
1695                         kfree(volume_info.UNC);
1696                         kfree(volume_info.password);
1697                         FreeXid(xid);
1698                         return rc;
1699                 }
1700
1701                 srvTcp = kmalloc(sizeof (struct TCP_Server_Info), GFP_KERNEL);
1702                 if (srvTcp == NULL) {
1703                         rc = -ENOMEM;
1704                         sock_release(csocket);
1705                         kfree(volume_info.UNC);
1706                         kfree(volume_info.password);
1707                         FreeXid(xid);
1708                         return rc;
1709                 } else {
1710                         memset(srvTcp, 0, sizeof (struct TCP_Server_Info));
1711                         memcpy(&srvTcp->addr.sockAddr, &sin_server, sizeof (struct sockaddr_in));
1712                         atomic_set(&srvTcp->inFlight,0);
1713                         /* BB Add code for ipv6 case too */
1714                         srvTcp->ssocket = csocket;
1715                         srvTcp->protocolType = IPV4;
1716                         init_waitqueue_head(&srvTcp->response_q);
1717                         init_waitqueue_head(&srvTcp->request_q);
1718                         INIT_LIST_HEAD(&srvTcp->pending_mid_q);
1719                         /* at this point we are the only ones with the pointer
1720                         to the struct since the kernel thread not created yet
1721                         so no need to spinlock this init of tcpStatus */
1722                         srvTcp->tcpStatus = CifsNew;
1723                         init_MUTEX(&srvTcp->tcpSem);
1724                         rc = (int)kernel_thread((void *)(void *)cifs_demultiplex_thread, srvTcp,
1725                                       CLONE_FS | CLONE_FILES | CLONE_VM);
1726                         if(rc < 0) {
1727                                 rc = -ENOMEM;
1728                                 sock_release(csocket);
1729                                 kfree(volume_info.UNC);
1730                                 kfree(volume_info.password);
1731                                 FreeXid(xid);
1732                                 return rc;
1733                         }
1734                         wait_for_completion(&cifsd_complete);
1735                         rc = 0;
1736                         memcpy(srvTcp->workstation_RFC1001_name, volume_info.source_rfc1001_name,16);
1737                         memcpy(srvTcp->server_RFC1001_name, volume_info.target_rfc1001_name,16);
1738                         srvTcp->sequence_number = 0;
1739                 }
1740         }
1741
1742         if (existingCifsSes) {
1743                 pSesInfo = existingCifsSes;
1744                 cFYI(1, ("Existing smb sess found"));
1745                 kfree(volume_info.password);
1746                 /* volume_info.UNC freed at end of function */
1747         } else if (!rc) {
1748                 cFYI(1, ("Existing smb sess not found"));
1749                 pSesInfo = sesInfoAlloc();
1750                 if (pSesInfo == NULL)
1751                         rc = -ENOMEM;
1752                 else {
1753                         pSesInfo->server = srvTcp;
1754                         sprintf(pSesInfo->serverName, "%u.%u.%u.%u",
1755                                 NIPQUAD(sin_server.sin_addr.s_addr));
1756                 }
1757
1758                 if (!rc){
1759                         /* volume_info.password freed at unmount */   
1760                         if (volume_info.password)
1761                                 pSesInfo->password = volume_info.password;
1762                         if (volume_info.username)
1763                                 strncpy(pSesInfo->userName,
1764                                         volume_info.username,MAX_USERNAME_SIZE);
1765                         if (volume_info.domainname)
1766                                 strncpy(pSesInfo->domainName,
1767                                         volume_info.domainname,MAX_USERNAME_SIZE);
1768                         pSesInfo->linux_uid = volume_info.linux_uid;
1769                         down(&pSesInfo->sesSem);
1770                         rc = cifs_setup_session(xid,pSesInfo, cifs_sb->local_nls);
1771                         up(&pSesInfo->sesSem);
1772                         if(!rc)
1773                                 atomic_inc(&srvTcp->socketUseCount);
1774                 } else
1775                         kfree(volume_info.password);
1776         }
1777     
1778         /* search for existing tcon to this server share */
1779         if (!rc) {
1780                 if(volume_info.rsize > CIFSMaxBufSize) {
1781                         cERROR(1,("rsize %d too large, using MaxBufSize",
1782                                 volume_info.rsize));
1783                         cifs_sb->rsize = CIFSMaxBufSize;
1784                 } else if((volume_info.rsize) && (volume_info.rsize <= CIFSMaxBufSize))
1785                         cifs_sb->rsize = volume_info.rsize;
1786                 else /* default */
1787                         cifs_sb->rsize = CIFSMaxBufSize;
1788
1789                 if(volume_info.wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
1790                         cERROR(1,("wsize %d too large using 4096 instead",
1791                                   volume_info.wsize));
1792                         cifs_sb->wsize = 4096;
1793                 } else if(volume_info.wsize)
1794                         cifs_sb->wsize = volume_info.wsize;
1795                 else
1796                         cifs_sb->wsize = 
1797                                 min_t(const int, PAGEVEC_SIZE * PAGE_CACHE_SIZE,
1798                                         127*1024);
1799                         /* old default of CIFSMaxBufSize was too small now
1800                            that SMB Write2 can send multiple pages in kvec.   
1801                            RFC1001 does not describe what happens when frame
1802                            bigger than 128K is sent so use that as max in
1803                            conjunction with 52K kvec constraint on arch with 4K
1804                            page size  */
1805
1806                 if(cifs_sb->rsize < 2048) {
1807                         cifs_sb->rsize = 2048; 
1808                         /* Windows ME may prefer this */
1809                         cFYI(1,("readsize set to minimum 2048"));
1810                 }
1811                 cifs_sb->mnt_uid = volume_info.linux_uid;
1812                 cifs_sb->mnt_gid = volume_info.linux_gid;
1813                 cifs_sb->mnt_file_mode = volume_info.file_mode;
1814                 cifs_sb->mnt_dir_mode = volume_info.dir_mode;
1815                 cFYI(1,("file mode: 0x%x  dir mode: 0x%x",
1816                         cifs_sb->mnt_file_mode,cifs_sb->mnt_dir_mode));
1817
1818                 if(volume_info.noperm)
1819                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
1820                 if(volume_info.setuids)
1821                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
1822                 if(volume_info.server_ino)
1823                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
1824                 if(volume_info.remap)
1825                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
1826                 if(volume_info.no_xattr)
1827                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
1828                 if(volume_info.sfu_emul)
1829                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
1830                 if(volume_info.nobrl)
1831                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
1832                 if(volume_info.cifs_acl)
1833                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
1834
1835                 if(volume_info.direct_io) {
1836                         cFYI(1,("mounting share using direct i/o"));
1837                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
1838                 }
1839
1840                 tcon =
1841                     find_unc(sin_server.sin_addr.s_addr, volume_info.UNC,
1842                              volume_info.username);
1843                 if (tcon) {
1844                         cFYI(1, ("Found match on UNC path"));
1845                         /* we can have only one retry value for a connection
1846                            to a share so for resources mounted more than once
1847                            to the same server share the last value passed in 
1848                            for the retry flag is used */
1849                         tcon->retry = volume_info.retry;
1850                         tcon->nocase = volume_info.nocase;
1851                 } else {
1852                         tcon = tconInfoAlloc();
1853                         if (tcon == NULL)
1854                                 rc = -ENOMEM;
1855                         else {
1856                                 /* check for null share name ie connect to dfs root */
1857
1858                                 /* BB check if this works for exactly length three strings */
1859                                 if ((strchr(volume_info.UNC + 3, '\\') == NULL)
1860                                     && (strchr(volume_info.UNC + 3, '/') ==
1861                                         NULL)) {
1862                                         rc = connect_to_dfs_path(xid, pSesInfo,
1863                                                         "", cifs_sb->local_nls,
1864                                                         cifs_sb->mnt_cifs_flags & 
1865                                                           CIFS_MOUNT_MAP_SPECIAL_CHR);
1866                                         kfree(volume_info.UNC);
1867                                         FreeXid(xid);
1868                                         return -ENODEV;
1869                                 } else {
1870                                         rc = CIFSTCon(xid, pSesInfo, 
1871                                                 volume_info.UNC,
1872                                                 tcon, cifs_sb->local_nls);
1873                                         cFYI(1, ("CIFS Tcon rc = %d", rc));
1874                                 }
1875                                 if (!rc) {
1876                                         atomic_inc(&pSesInfo->inUse);
1877                                         tcon->retry = volume_info.retry;
1878                                         tcon->nocase = volume_info.nocase;
1879                                 }
1880                         }
1881                 }
1882         }
1883         if(pSesInfo) {
1884                 if (pSesInfo->capabilities & CAP_LARGE_FILES) {
1885                         sb->s_maxbytes = (u64) 1 << 63;
1886                 } else
1887                         sb->s_maxbytes = (u64) 1 << 31; /* 2 GB */
1888         }
1889
1890         sb->s_time_gran = 100;
1891
1892 /* on error free sesinfo and tcon struct if needed */
1893         if (rc) {
1894                 /* if session setup failed, use count is zero but
1895                 we still need to free cifsd thread */
1896                 if(atomic_read(&srvTcp->socketUseCount) == 0) {
1897                         spin_lock(&GlobalMid_Lock);
1898                         srvTcp->tcpStatus = CifsExiting;
1899                         spin_unlock(&GlobalMid_Lock);
1900                         if(srvTcp->tsk) {
1901                                 send_sig(SIGKILL,srvTcp->tsk,1);
1902                                 wait_for_completion(&cifsd_complete);
1903                         }
1904                 }
1905                  /* If find_unc succeeded then rc == 0 so we can not end */
1906                 if (tcon)  /* up accidently freeing someone elses tcon struct */
1907                         tconInfoFree(tcon);
1908                 if (existingCifsSes == NULL) {
1909                         if (pSesInfo) {
1910                                 if ((pSesInfo->server) && 
1911                                     (pSesInfo->status == CifsGood)) {
1912                                         int temp_rc;
1913                                         temp_rc = CIFSSMBLogoff(xid, pSesInfo);
1914                                         /* if the socketUseCount is now zero */
1915                                         if((temp_rc == -ESHUTDOWN) &&
1916                                            (pSesInfo->server->tsk)) {
1917                                                 send_sig(SIGKILL,pSesInfo->server->tsk,1);
1918                                                 wait_for_completion(&cifsd_complete);
1919                                         }
1920                                 } else
1921                                         cFYI(1, ("No session or bad tcon"));
1922                                 sesInfoFree(pSesInfo);
1923                                 /* pSesInfo = NULL; */
1924                         }
1925                 }
1926         } else {
1927                 atomic_inc(&tcon->useCount);
1928                 cifs_sb->tcon = tcon;
1929                 tcon->ses = pSesInfo;
1930
1931                 /* do not care if following two calls succeed - informational */
1932                 CIFSSMBQFSDeviceInfo(xid, tcon);
1933                 CIFSSMBQFSAttributeInfo(xid, tcon);
1934
1935                 if (tcon->ses->capabilities & CAP_UNIX) {
1936                         if(!CIFSSMBQFSUnixInfo(xid, tcon)) {
1937                                 __u64 cap = 
1938                                        le64_to_cpu(tcon->fsUnixInfo.Capability);
1939                                 cap &= CIFS_UNIX_CAP_MASK;
1940                                 if(volume_info.no_psx_acl)
1941                                         cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
1942                                 else if(CIFS_UNIX_POSIX_ACL_CAP & cap) {
1943                                         cFYI(1,("negotiated posix acl support"));
1944                                         sb->s_flags |= MS_POSIXACL;
1945                                 }
1946
1947                                 if(volume_info.posix_paths == 0)
1948                                         cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
1949                                 else if(cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
1950                                         cFYI(1,("negotiate posix pathnames"));
1951                                         cifs_sb->mnt_cifs_flags |= 
1952                                                 CIFS_MOUNT_POSIX_PATHS;
1953                                 }
1954                                         
1955                                 cFYI(1,("Negotiate caps 0x%x",(int)cap));
1956
1957                                 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
1958                                         cFYI(1,("setting capabilities failed"));
1959                                 }
1960                         }
1961                 }
1962                 if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
1963                         cifs_sb->wsize = min(cifs_sb->wsize,
1964                                              (tcon->ses->server->maxBuf -
1965                                               MAX_CIFS_HDR_SIZE));
1966                 if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
1967                         cifs_sb->rsize = min(cifs_sb->rsize,
1968                                              (tcon->ses->server->maxBuf -
1969                                               MAX_CIFS_HDR_SIZE));
1970         }
1971
1972         /* volume_info.password is freed above when existing session found
1973         (in which case it is not needed anymore) but when new sesion is created
1974         the password ptr is put in the new session structure (in which case the
1975         password will be freed at unmount time) */
1976         kfree(volume_info.UNC);
1977         FreeXid(xid);
1978         return rc;
1979 }
1980
1981 static int
1982 CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
1983               char session_key[CIFS_SESSION_KEY_SIZE],
1984               const struct nls_table *nls_codepage)
1985 {
1986         struct smb_hdr *smb_buffer;
1987         struct smb_hdr *smb_buffer_response;
1988         SESSION_SETUP_ANDX *pSMB;
1989         SESSION_SETUP_ANDX *pSMBr;
1990         char *bcc_ptr;
1991         char *user;
1992         char *domain;
1993         int rc = 0;
1994         int remaining_words = 0;
1995         int bytes_returned = 0;
1996         int len;
1997         __u32 capabilities;
1998         __u16 count;
1999
2000         cFYI(1, ("In sesssetup"));
2001         if(ses == NULL)
2002                 return -EINVAL;
2003         user = ses->userName;
2004         domain = ses->domainName;
2005         smb_buffer = cifs_buf_get();
2006         if (smb_buffer == NULL) {
2007                 return -ENOMEM;
2008         }
2009         smb_buffer_response = smb_buffer;
2010         pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2011
2012         /* send SMBsessionSetup here */
2013         header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2014                         NULL /* no tCon exists yet */ , 13 /* wct */ );
2015
2016         smb_buffer->Mid = GetNextMid(ses->server);
2017         pSMB->req_no_secext.AndXCommand = 0xFF;
2018         pSMB->req_no_secext.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2019         pSMB->req_no_secext.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2020
2021         if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2022                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2023
2024         capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2025                 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
2026         if (ses->capabilities & CAP_UNICODE) {
2027                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2028                 capabilities |= CAP_UNICODE;
2029         }
2030         if (ses->capabilities & CAP_STATUS32) {
2031                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2032                 capabilities |= CAP_STATUS32;
2033         }
2034         if (ses->capabilities & CAP_DFS) {
2035                 smb_buffer->Flags2 |= SMBFLG2_DFS;
2036                 capabilities |= CAP_DFS;
2037         }
2038         pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
2039
2040         pSMB->req_no_secext.CaseInsensitivePasswordLength = 
2041                 cpu_to_le16(CIFS_SESSION_KEY_SIZE);
2042
2043         pSMB->req_no_secext.CaseSensitivePasswordLength =
2044             cpu_to_le16(CIFS_SESSION_KEY_SIZE);
2045         bcc_ptr = pByteArea(smb_buffer);
2046         memcpy(bcc_ptr, (char *) session_key, CIFS_SESSION_KEY_SIZE);
2047         bcc_ptr += CIFS_SESSION_KEY_SIZE;
2048         memcpy(bcc_ptr, (char *) session_key, CIFS_SESSION_KEY_SIZE);
2049         bcc_ptr += CIFS_SESSION_KEY_SIZE;
2050
2051         if (ses->capabilities & CAP_UNICODE) {
2052                 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode */
2053                         *bcc_ptr = 0;
2054                         bcc_ptr++;
2055                 }
2056                 if(user == NULL)
2057                         bytes_returned = 0; /* skill null user */
2058                 else
2059                         bytes_returned =
2060                                 cifs_strtoUCS((__le16 *) bcc_ptr, user, 100,
2061                                         nls_codepage);
2062                 /* convert number of 16 bit words to bytes */
2063                 bcc_ptr += 2 * bytes_returned;
2064                 bcc_ptr += 2;   /* trailing null */
2065                 if (domain == NULL)
2066                         bytes_returned =
2067                             cifs_strtoUCS((__le16 *) bcc_ptr,
2068                                           "CIFS_LINUX_DOM", 32, nls_codepage);
2069                 else
2070                         bytes_returned =
2071                             cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2072                                           nls_codepage);
2073                 bcc_ptr += 2 * bytes_returned;
2074                 bcc_ptr += 2;
2075                 bytes_returned =
2076                     cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2077                                   32, nls_codepage);
2078                 bcc_ptr += 2 * bytes_returned;
2079                 bytes_returned =
2080                     cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release,
2081                                   32, nls_codepage);
2082                 bcc_ptr += 2 * bytes_returned;
2083                 bcc_ptr += 2;
2084                 bytes_returned =
2085                     cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2086                                   64, nls_codepage);
2087                 bcc_ptr += 2 * bytes_returned;
2088                 bcc_ptr += 2;
2089         } else {
2090                 if(user != NULL) {                
2091                     strncpy(bcc_ptr, user, 200);
2092                     bcc_ptr += strnlen(user, 200);
2093                 }
2094                 *bcc_ptr = 0;
2095                 bcc_ptr++;
2096                 if (domain == NULL) {
2097                         strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2098                         bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2099                 } else {
2100                         strncpy(bcc_ptr, domain, 64);
2101                         bcc_ptr += strnlen(domain, 64);
2102                         *bcc_ptr = 0;
2103                         bcc_ptr++;
2104                 }
2105                 strcpy(bcc_ptr, "Linux version ");
2106                 bcc_ptr += strlen("Linux version ");
2107                 strcpy(bcc_ptr, system_utsname.release);
2108                 bcc_ptr += strlen(system_utsname.release) + 1;
2109                 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2110                 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2111         }
2112         count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2113         smb_buffer->smb_buf_length += count;
2114         pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
2115
2116         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2117                          &bytes_returned, 1);
2118         if (rc) {
2119 /* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2120         } else if ((smb_buffer_response->WordCount == 3)
2121                    || (smb_buffer_response->WordCount == 4)) {
2122                 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2123                 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2124                 if (action & GUEST_LOGIN)
2125                         cFYI(1, (" Guest login"));      /* do we want to mark SesInfo struct ? */
2126                 ses->Suid = smb_buffer_response->Uid;   /* UID left in wire format (le) */
2127                 cFYI(1, ("UID = %d ", ses->Suid));
2128          /* response can have either 3 or 4 word count - Samba sends 3 */
2129                 bcc_ptr = pByteArea(smb_buffer_response);       
2130                 if ((pSMBr->resp.hdr.WordCount == 3)
2131                     || ((pSMBr->resp.hdr.WordCount == 4)
2132                         && (blob_len < pSMBr->resp.ByteCount))) {
2133                         if (pSMBr->resp.hdr.WordCount == 4)
2134                                 bcc_ptr += blob_len;
2135
2136                         if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2137                                 if ((long) (bcc_ptr) % 2) {
2138                                         remaining_words =
2139                                             (BCC(smb_buffer_response) - 1) /2;
2140                                         bcc_ptr++;      /* Unicode strings must be word aligned */
2141                                 } else {
2142                                         remaining_words =
2143                                                 BCC(smb_buffer_response) / 2;
2144                                 }
2145                                 len =
2146                                     UniStrnlen((wchar_t *) bcc_ptr,
2147                                                remaining_words - 1);
2148 /* We look for obvious messed up bcc or strings in response so we do not go off
2149    the end since (at least) WIN2K and Windows XP have a major bug in not null
2150    terminating last Unicode string in response  */
2151                                 ses->serverOS = kzalloc(2 * (len + 1), GFP_KERNEL);
2152                                 if(ses->serverOS == NULL)
2153                                         goto sesssetup_nomem;
2154                                 cifs_strfromUCS_le(ses->serverOS,
2155                                            (__le16 *)bcc_ptr, len,nls_codepage);
2156                                 bcc_ptr += 2 * (len + 1);
2157                                 remaining_words -= len + 1;
2158                                 ses->serverOS[2 * len] = 0;
2159                                 ses->serverOS[1 + (2 * len)] = 0;
2160                                 if (remaining_words > 0) {
2161                                         len = UniStrnlen((wchar_t *)bcc_ptr,
2162                                                          remaining_words-1);
2163                                         ses->serverNOS = kzalloc(2 * (len + 1),GFP_KERNEL);
2164                                         if(ses->serverNOS == NULL)
2165                                                 goto sesssetup_nomem;
2166                                         cifs_strfromUCS_le(ses->serverNOS,
2167                                                            (__le16 *)bcc_ptr,len,nls_codepage);
2168                                         bcc_ptr += 2 * (len + 1);
2169                                         ses->serverNOS[2 * len] = 0;
2170                                         ses->serverNOS[1 + (2 * len)] = 0;
2171                                         if(strncmp(ses->serverNOS,
2172                                                 "NT LAN Manager 4",16) == 0) {
2173                                                 cFYI(1,("NT4 server"));
2174                                                 ses->flags |= CIFS_SES_NT4;
2175                                         }
2176                                         remaining_words -= len + 1;
2177                                         if (remaining_words > 0) {
2178                                                 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2179           /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2180                                                 ses->serverDomain =
2181                                                     kzalloc(2*(len+1),GFP_KERNEL);
2182                                                 if(ses->serverDomain == NULL)
2183                                                         goto sesssetup_nomem;
2184                                                 cifs_strfromUCS_le(ses->serverDomain,
2185                                                      (__le16 *)bcc_ptr,len,nls_codepage);
2186                                                 bcc_ptr += 2 * (len + 1);
2187                                                 ses->serverDomain[2*len] = 0;
2188                                                 ses->serverDomain[1+(2*len)] = 0;
2189                                         } /* else no more room so create dummy domain string */
2190                                         else
2191                                                 ses->serverDomain = 
2192                                                         kzalloc(2, GFP_KERNEL);
2193                                 } else {        /* no room so create dummy domain and NOS string */
2194                                         /* if these kcallocs fail not much we
2195                                            can do, but better to not fail the
2196                                            sesssetup itself */
2197                                         ses->serverDomain =
2198                                             kzalloc(2, GFP_KERNEL);
2199                                         ses->serverNOS =
2200                                             kzalloc(2, GFP_KERNEL);
2201                                 }
2202                         } else {        /* ASCII */
2203                                 len = strnlen(bcc_ptr, 1024);
2204                                 if (((long) bcc_ptr + len) - (long)
2205                                     pByteArea(smb_buffer_response)
2206                                             <= BCC(smb_buffer_response)) {
2207                                         ses->serverOS = kzalloc(len + 1,GFP_KERNEL);
2208                                         if(ses->serverOS == NULL)
2209                                                 goto sesssetup_nomem;
2210                                         strncpy(ses->serverOS,bcc_ptr, len);
2211
2212                                         bcc_ptr += len;
2213                                         bcc_ptr[0] = 0; /* null terminate the string */
2214                                         bcc_ptr++;
2215
2216                                         len = strnlen(bcc_ptr, 1024);
2217                                         ses->serverNOS = kzalloc(len + 1,GFP_KERNEL);
2218                                         if(ses->serverNOS == NULL)
2219                                                 goto sesssetup_nomem;
2220                                         strncpy(ses->serverNOS, bcc_ptr, len);
2221                                         bcc_ptr += len;
2222                                         bcc_ptr[0] = 0;
2223                                         bcc_ptr++;
2224
2225                                         len = strnlen(bcc_ptr, 1024);
2226                                         ses->serverDomain = kzalloc(len + 1,GFP_KERNEL);
2227                                         if(ses->serverDomain == NULL)
2228                                                 goto sesssetup_nomem;
2229                                         strncpy(ses->serverDomain, bcc_ptr, len);
2230                                         bcc_ptr += len;
2231                                         bcc_ptr[0] = 0;
2232                                         bcc_ptr++;
2233                                 } else
2234                                         cFYI(1,
2235                                              ("Variable field of length %d extends beyond end of smb ",
2236                                               len));
2237                         }
2238                 } else {
2239                         cERROR(1,
2240                                (" Security Blob Length extends beyond end of SMB"));
2241                 }
2242         } else {
2243                 cERROR(1,
2244                        (" Invalid Word count %d: ",
2245                         smb_buffer_response->WordCount));
2246                 rc = -EIO;
2247         }
2248 sesssetup_nomem:        /* do not return an error on nomem for the info strings,
2249                            since that could make reconnection harder, and
2250                            reconnection might be needed to free memory */
2251         if (smb_buffer)
2252                 cifs_buf_release(smb_buffer);
2253
2254         return rc;
2255 }
2256
2257 static int
2258 CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2259                 char *SecurityBlob,int SecurityBlobLength,
2260                 const struct nls_table *nls_codepage)
2261 {
2262         struct smb_hdr *smb_buffer;
2263         struct smb_hdr *smb_buffer_response;
2264         SESSION_SETUP_ANDX *pSMB;
2265         SESSION_SETUP_ANDX *pSMBr;
2266         char *bcc_ptr;
2267         char *user;
2268         char *domain;
2269         int rc = 0;
2270         int remaining_words = 0;
2271         int bytes_returned = 0;
2272         int len;
2273         __u32 capabilities;
2274         __u16 count;
2275
2276         cFYI(1, ("In spnego sesssetup "));
2277         if(ses == NULL)
2278                 return -EINVAL;
2279         user = ses->userName;
2280         domain = ses->domainName;
2281
2282         smb_buffer = cifs_buf_get();
2283         if (smb_buffer == NULL) {
2284                 return -ENOMEM;
2285         }
2286         smb_buffer_response = smb_buffer;
2287         pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2288
2289         /* send SMBsessionSetup here */
2290         header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2291                         NULL /* no tCon exists yet */ , 12 /* wct */ );
2292
2293         smb_buffer->Mid = GetNextMid(ses->server);
2294         pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2295         pSMB->req.AndXCommand = 0xFF;
2296         if(ses->server->maxBuf > 64*1024)
2297                 ses->server->maxBuf = (64*1023);
2298         pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2299         pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2300
2301         if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2302                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2303
2304         capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2305             CAP_EXTENDED_SECURITY;
2306         if (ses->capabilities & CAP_UNICODE) {
2307                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2308                 capabilities |= CAP_UNICODE;
2309         }
2310         if (ses->capabilities & CAP_STATUS32) {
2311                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2312                 capabilities |= CAP_STATUS32;
2313         }
2314         if (ses->capabilities & CAP_DFS) {
2315                 smb_buffer->Flags2 |= SMBFLG2_DFS;
2316                 capabilities |= CAP_DFS;
2317         }
2318         pSMB->req.Capabilities = cpu_to_le32(capabilities);
2319
2320         pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2321         bcc_ptr = pByteArea(smb_buffer);
2322         memcpy(bcc_ptr, SecurityBlob, SecurityBlobLength);
2323         bcc_ptr += SecurityBlobLength;
2324
2325         if (ses->capabilities & CAP_UNICODE) {
2326                 if ((long) bcc_ptr % 2) {       /* must be word aligned for Unicode strings */
2327                         *bcc_ptr = 0;
2328                         bcc_ptr++;
2329                 }
2330                 bytes_returned =
2331                     cifs_strtoUCS((__le16 *) bcc_ptr, user, 100, nls_codepage);
2332                 bcc_ptr += 2 * bytes_returned;  /* convert num of 16 bit words to bytes */
2333                 bcc_ptr += 2;   /* trailing null */
2334                 if (domain == NULL)
2335                         bytes_returned =
2336                             cifs_strtoUCS((__le16 *) bcc_ptr,
2337                                           "CIFS_LINUX_DOM", 32, nls_codepage);
2338                 else
2339                         bytes_returned =
2340                             cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2341                                           nls_codepage);
2342                 bcc_ptr += 2 * bytes_returned;
2343                 bcc_ptr += 2;
2344                 bytes_returned =
2345                     cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2346                                   32, nls_codepage);
2347                 bcc_ptr += 2 * bytes_returned;
2348                 bytes_returned =
2349                     cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release, 32,
2350                                   nls_codepage);
2351                 bcc_ptr += 2 * bytes_returned;
2352                 bcc_ptr += 2;
2353                 bytes_returned =
2354                     cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2355                                   64, nls_codepage);
2356                 bcc_ptr += 2 * bytes_returned;
2357                 bcc_ptr += 2;
2358         } else {
2359                 strncpy(bcc_ptr, user, 200);
2360                 bcc_ptr += strnlen(user, 200);
2361                 *bcc_ptr = 0;
2362                 bcc_ptr++;
2363                 if (domain == NULL) {
2364                         strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2365                         bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2366                 } else {
2367                         strncpy(bcc_ptr, domain, 64);
2368                         bcc_ptr += strnlen(domain, 64);
2369                         *bcc_ptr = 0;
2370                         bcc_ptr++;
2371                 }
2372                 strcpy(bcc_ptr, "Linux version ");
2373                 bcc_ptr += strlen("Linux version ");
2374                 strcpy(bcc_ptr, system_utsname.release);
2375                 bcc_ptr += strlen(system_utsname.release) + 1;
2376                 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2377                 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2378         }
2379         count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2380         smb_buffer->smb_buf_length += count;
2381         pSMB->req.ByteCount = cpu_to_le16(count);
2382
2383         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2384                          &bytes_returned, 1);
2385         if (rc) {
2386 /*    rc = map_smb_to_linux_error(smb_buffer_response);  *//* done in SendReceive now */
2387         } else if ((smb_buffer_response->WordCount == 3)
2388                    || (smb_buffer_response->WordCount == 4)) {
2389                 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2390                 __u16 blob_len =
2391                     le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2392                 if (action & GUEST_LOGIN)
2393                         cFYI(1, (" Guest login"));      /* BB do we want to set anything in SesInfo struct ? */
2394                 if (ses) {
2395                         ses->Suid = smb_buffer_response->Uid;   /* UID left in wire format (le) */
2396                         cFYI(1, ("UID = %d ", ses->Suid));
2397                         bcc_ptr = pByteArea(smb_buffer_response);       /* response can have either 3 or 4 word count - Samba sends 3 */
2398
2399                         /* BB Fix below to make endian neutral !! */
2400
2401                         if ((pSMBr->resp.hdr.WordCount == 3)
2402                             || ((pSMBr->resp.hdr.WordCount == 4)
2403                                 && (blob_len <
2404                                     pSMBr->resp.ByteCount))) {
2405                                 if (pSMBr->resp.hdr.WordCount == 4) {
2406                                         bcc_ptr +=
2407                                             blob_len;
2408                                         cFYI(1,
2409                                              ("Security Blob Length %d ",
2410                                               blob_len));
2411                                 }
2412
2413                                 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2414                                         if ((long) (bcc_ptr) % 2) {
2415                                                 remaining_words =
2416                                                     (BCC(smb_buffer_response)
2417                                                      - 1) / 2;
2418                                                 bcc_ptr++;      /* Unicode strings must be word aligned */
2419                                         } else {
2420                                                 remaining_words =
2421                                                     BCC
2422                                                     (smb_buffer_response) / 2;
2423                                         }
2424                                         len =
2425                                             UniStrnlen((wchar_t *) bcc_ptr,
2426                                                        remaining_words - 1);
2427 /* We look for obvious messed up bcc or strings in response so we do not go off
2428    the end since (at least) WIN2K and Windows XP have a major bug in not null
2429    terminating last Unicode string in response  */
2430                                         ses->serverOS =
2431                                             kzalloc(2 * (len + 1), GFP_KERNEL);
2432                                         cifs_strfromUCS_le(ses->serverOS,
2433                                                            (__le16 *)
2434                                                            bcc_ptr, len,
2435                                                            nls_codepage);
2436                                         bcc_ptr += 2 * (len + 1);
2437                                         remaining_words -= len + 1;
2438                                         ses->serverOS[2 * len] = 0;
2439                                         ses->serverOS[1 + (2 * len)] = 0;
2440                                         if (remaining_words > 0) {
2441                                                 len = UniStrnlen((wchar_t *)bcc_ptr,
2442                                                                  remaining_words
2443                                                                  - 1);
2444                                                 ses->serverNOS =
2445                                                     kzalloc(2 * (len + 1),
2446                                                             GFP_KERNEL);
2447                                                 cifs_strfromUCS_le(ses->serverNOS,
2448                                                                    (__le16 *)bcc_ptr,
2449                                                                    len,
2450                                                                    nls_codepage);
2451                                                 bcc_ptr += 2 * (len + 1);
2452                                                 ses->serverNOS[2 * len] = 0;
2453                                                 ses->serverNOS[1 + (2 * len)] = 0;
2454                                                 remaining_words -= len + 1;
2455                                                 if (remaining_words > 0) {
2456                                                         len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words); 
2457                             /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2458                                                         ses->serverDomain = kzalloc(2*(len+1),GFP_KERNEL);
2459                                                         cifs_strfromUCS_le(ses->serverDomain,
2460                                                              (__le16 *)bcc_ptr, 
2461                                                              len, nls_codepage);
2462                                                         bcc_ptr += 2*(len+1);
2463                                                         ses->serverDomain[2*len] = 0;
2464                                                         ses->serverDomain[1+(2*len)] = 0;
2465                                                 } /* else no more room so create dummy domain string */
2466                                                 else
2467                                                         ses->serverDomain =
2468                                                             kzalloc(2,GFP_KERNEL);
2469                                         } else {        /* no room so create dummy domain and NOS string */
2470                                                 ses->serverDomain = kzalloc(2, GFP_KERNEL);
2471                                                 ses->serverNOS = kzalloc(2, GFP_KERNEL);
2472                                         }
2473                                 } else {        /* ASCII */
2474
2475                                         len = strnlen(bcc_ptr, 1024);
2476                                         if (((long) bcc_ptr + len) - (long)
2477                                             pByteArea(smb_buffer_response)
2478                                             <= BCC(smb_buffer_response)) {
2479                                                 ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
2480                                                 strncpy(ses->serverOS, bcc_ptr, len);
2481
2482                                                 bcc_ptr += len;
2483                                                 bcc_ptr[0] = 0; /* null terminate the string */
2484                                                 bcc_ptr++;
2485
2486                                                 len = strnlen(bcc_ptr, 1024);
2487                                                 ses->serverNOS = kzalloc(len + 1,GFP_KERNEL);
2488                                                 strncpy(ses->serverNOS, bcc_ptr, len);
2489                                                 bcc_ptr += len;
2490                                                 bcc_ptr[0] = 0;
2491                                                 bcc_ptr++;
2492
2493                                                 len = strnlen(bcc_ptr, 1024);
2494                                                 ses->serverDomain = kzalloc(len + 1, GFP_KERNEL);
2495                                                 strncpy(ses->serverDomain, bcc_ptr, len);
2496                                                 bcc_ptr += len;
2497                                                 bcc_ptr[0] = 0;
2498                                                 bcc_ptr++;
2499                                         } else
2500                                                 cFYI(1,
2501                                                      ("Variable field of length %d extends beyond end of smb ",
2502                                                       len));
2503                                 }
2504                         } else {
2505                                 cERROR(1,
2506                                        (" Security Blob Length extends beyond end of SMB"));
2507                         }
2508                 } else {
2509                         cERROR(1, ("No session structure passed in."));
2510                 }
2511         } else {
2512                 cERROR(1,
2513                        (" Invalid Word count %d: ",
2514                         smb_buffer_response->WordCount));
2515                 rc = -EIO;
2516         }
2517
2518         if (smb_buffer)
2519                 cifs_buf_release(smb_buffer);
2520
2521         return rc;
2522 }
2523
2524 static int
2525 CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2526                               struct cifsSesInfo *ses, int * pNTLMv2_flag,
2527                               const struct nls_table *nls_codepage)
2528 {
2529         struct smb_hdr *smb_buffer;
2530         struct smb_hdr *smb_buffer_response;
2531         SESSION_SETUP_ANDX *pSMB;
2532         SESSION_SETUP_ANDX *pSMBr;
2533         char *bcc_ptr;
2534         char *domain;
2535         int rc = 0;
2536         int remaining_words = 0;
2537         int bytes_returned = 0;
2538         int len;
2539         int SecurityBlobLength = sizeof (NEGOTIATE_MESSAGE);
2540         PNEGOTIATE_MESSAGE SecurityBlob;
2541         PCHALLENGE_MESSAGE SecurityBlob2;
2542         __u32 negotiate_flags, capabilities;
2543         __u16 count;
2544
2545         cFYI(1, ("In NTLMSSP sesssetup (negotiate)"));
2546         if(ses == NULL)
2547                 return -EINVAL;
2548         domain = ses->domainName;
2549         *pNTLMv2_flag = FALSE;
2550         smb_buffer = cifs_buf_get();
2551         if (smb_buffer == NULL) {
2552                 return -ENOMEM;
2553         }
2554         smb_buffer_response = smb_buffer;
2555         pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2556         pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2557
2558         /* send SMBsessionSetup here */
2559         header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2560                         NULL /* no tCon exists yet */ , 12 /* wct */ );
2561
2562         smb_buffer->Mid = GetNextMid(ses->server);
2563         pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2564         pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2565
2566         pSMB->req.AndXCommand = 0xFF;
2567         pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2568         pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2569
2570         if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2571                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2572
2573         capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2574             CAP_EXTENDED_SECURITY;
2575         if (ses->capabilities & CAP_UNICODE) {
2576                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2577                 capabilities |= CAP_UNICODE;
2578         }
2579         if (ses->capabilities & CAP_STATUS32) {
2580                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2581                 capabilities |= CAP_STATUS32;
2582         }
2583         if (ses->capabilities & CAP_DFS) {
2584                 smb_buffer->Flags2 |= SMBFLG2_DFS;
2585                 capabilities |= CAP_DFS;
2586         }
2587         pSMB->req.Capabilities = cpu_to_le32(capabilities);
2588
2589         bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2590         SecurityBlob = (PNEGOTIATE_MESSAGE) bcc_ptr;
2591         strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2592         SecurityBlob->MessageType = NtLmNegotiate;
2593         negotiate_flags =
2594             NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
2595             NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM |
2596             NTLMSSP_NEGOTIATE_56 |
2597             /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
2598         if(sign_CIFS_PDUs)
2599                 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
2600         if(ntlmv2_support)
2601                 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
2602         /* setup pointers to domain name and workstation name */
2603         bcc_ptr += SecurityBlobLength;
2604
2605         SecurityBlob->WorkstationName.Buffer = 0;
2606         SecurityBlob->WorkstationName.Length = 0;
2607         SecurityBlob->WorkstationName.MaximumLength = 0;
2608
2609         /* Domain not sent on first Sesssetup in NTLMSSP, instead it is sent
2610         along with username on auth request (ie the response to challenge) */
2611         SecurityBlob->DomainName.Buffer = 0;
2612         SecurityBlob->DomainName.Length = 0;
2613         SecurityBlob->DomainName.MaximumLength = 0;
2614         if (ses->capabilities & CAP_UNICODE) {
2615                 if ((long) bcc_ptr % 2) {
2616                         *bcc_ptr = 0;
2617                         bcc_ptr++;
2618                 }
2619
2620                 bytes_returned =
2621                     cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2622                                   32, nls_codepage);
2623                 bcc_ptr += 2 * bytes_returned;
2624                 bytes_returned =
2625                     cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release, 32,
2626                                   nls_codepage);
2627                 bcc_ptr += 2 * bytes_returned;
2628                 bcc_ptr += 2;   /* null terminate Linux version */
2629                 bytes_returned =
2630                     cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2631                                   64, nls_codepage);
2632                 bcc_ptr += 2 * bytes_returned;
2633                 *(bcc_ptr + 1) = 0;
2634                 *(bcc_ptr + 2) = 0;
2635                 bcc_ptr += 2;   /* null terminate network opsys string */
2636                 *(bcc_ptr + 1) = 0;
2637                 *(bcc_ptr + 2) = 0;
2638                 bcc_ptr += 2;   /* null domain */
2639         } else {                /* ASCII */
2640                 strcpy(bcc_ptr, "Linux version ");
2641                 bcc_ptr += strlen("Linux version ");
2642                 strcpy(bcc_ptr, system_utsname.release);
2643                 bcc_ptr += strlen(system_utsname.release) + 1;
2644                 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2645                 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2646                 bcc_ptr++;      /* empty domain field */
2647                 *bcc_ptr = 0;
2648         }
2649         SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2650         pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2651         count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2652         smb_buffer->smb_buf_length += count;
2653         pSMB->req.ByteCount = cpu_to_le16(count);
2654
2655         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2656                          &bytes_returned, 1);
2657
2658         if (smb_buffer_response->Status.CifsError ==
2659             cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
2660                 rc = 0;
2661
2662         if (rc) {
2663 /*    rc = map_smb_to_linux_error(smb_buffer_response);  *//* done in SendReceive now */
2664         } else if ((smb_buffer_response->WordCount == 3)
2665                    || (smb_buffer_response->WordCount == 4)) {
2666                 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2667                 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2668
2669                 if (action & GUEST_LOGIN)
2670                         cFYI(1, (" Guest login"));      
2671         /* Do we want to set anything in SesInfo struct when guest login? */
2672
2673                 bcc_ptr = pByteArea(smb_buffer_response);       
2674         /* response can have either 3 or 4 word count - Samba sends 3 */
2675
2676                 SecurityBlob2 = (PCHALLENGE_MESSAGE) bcc_ptr;
2677                 if (SecurityBlob2->MessageType != NtLmChallenge) {
2678                         cFYI(1,
2679                              ("Unexpected NTLMSSP message type received %d",
2680                               SecurityBlob2->MessageType));
2681                 } else if (ses) {
2682                         ses->Suid = smb_buffer_response->Uid; /* UID left in le format */ 
2683                         cFYI(1, ("UID = %d", ses->Suid));
2684                         if ((pSMBr->resp.hdr.WordCount == 3)
2685                             || ((pSMBr->resp.hdr.WordCount == 4)
2686                                 && (blob_len <
2687                                     pSMBr->resp.ByteCount))) {
2688
2689                                 if (pSMBr->resp.hdr.WordCount == 4) {
2690                                         bcc_ptr += blob_len;
2691                                         cFYI(1, ("Security Blob Length %d",
2692                                               blob_len));
2693                                 }
2694
2695                                 cFYI(1, ("NTLMSSP Challenge rcvd"));
2696
2697                                 memcpy(ses->server->cryptKey,
2698                                        SecurityBlob2->Challenge,
2699                                        CIFS_CRYPTO_KEY_SIZE);
2700                                 if(SecurityBlob2->NegotiateFlags & 
2701                                         cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
2702                                         *pNTLMv2_flag = TRUE;
2703
2704                                 if((SecurityBlob2->NegotiateFlags & 
2705                                         cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN)) 
2706                                         || (sign_CIFS_PDUs > 1))
2707                                                 ses->server->secMode |= 
2708                                                         SECMODE_SIGN_REQUIRED;  
2709                                 if ((SecurityBlob2->NegotiateFlags & 
2710                                         cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN)) && (sign_CIFS_PDUs))
2711                                                 ses->server->secMode |= 
2712                                                         SECMODE_SIGN_ENABLED;
2713
2714                                 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2715                                         if ((long) (bcc_ptr) % 2) {
2716                                                 remaining_words =
2717                                                     (BCC(smb_buffer_response)
2718                                                      - 1) / 2;
2719                                                 bcc_ptr++;      /* Unicode strings must be word aligned */
2720                                         } else {
2721                                                 remaining_words =
2722                                                     BCC
2723                                                     (smb_buffer_response) / 2;
2724                                         }
2725                                         len =
2726                                             UniStrnlen((wchar_t *) bcc_ptr,
2727                                                        remaining_words - 1);
2728 /* We look for obvious messed up bcc or strings in response so we do not go off
2729    the end since (at least) WIN2K and Windows XP have a major bug in not null
2730    terminating last Unicode string in response  */
2731                                         ses->serverOS =
2732                                             kzalloc(2 * (len + 1), GFP_KERNEL);
2733                                         cifs_strfromUCS_le(ses->serverOS,
2734                                                            (__le16 *)
2735                                                            bcc_ptr, len,
2736                                                            nls_codepage);
2737                                         bcc_ptr += 2 * (len + 1);
2738                                         remaining_words -= len + 1;
2739                                         ses->serverOS[2 * len] = 0;
2740                                         ses->serverOS[1 + (2 * len)] = 0;
2741                                         if (remaining_words > 0) {
2742                                                 len = UniStrnlen((wchar_t *)
2743                                                                  bcc_ptr,
2744                                                                  remaining_words
2745                                                                  - 1);
2746                                                 ses->serverNOS =
2747                                                     kzalloc(2 * (len + 1),
2748                                                             GFP_KERNEL);
2749                                                 cifs_strfromUCS_le(ses->
2750                                                                    serverNOS,
2751                                                                    (__le16 *)
2752                                                                    bcc_ptr,
2753                                                                    len,
2754                                                                    nls_codepage);
2755                                                 bcc_ptr += 2 * (len + 1);
2756                                                 ses->serverNOS[2 * len] = 0;
2757                                                 ses->serverNOS[1 +
2758                                                                (2 * len)] = 0;
2759                                                 remaining_words -= len + 1;
2760                                                 if (remaining_words > 0) {
2761                                                         len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words); 
2762            /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2763                                                         ses->serverDomain =
2764                                                             kzalloc(2 *
2765                                                                     (len +
2766                                                                      1),
2767                                                                     GFP_KERNEL);
2768                                                         cifs_strfromUCS_le
2769                                                             (ses->serverDomain,
2770                                                              (__le16 *)bcc_ptr,
2771                                                              len, nls_codepage);
2772                                                         bcc_ptr +=
2773                                                             2 * (len + 1);
2774                                                         ses->serverDomain[2*len]
2775                                                             = 0;
2776                                                         ses->serverDomain
2777                                                                 [1 + (2 * len)]
2778                                                             = 0;
2779                                                 } /* else no more room so create dummy domain string */
2780                                                 else
2781                                                         ses->serverDomain =
2782                                                             kzalloc(2,
2783                                                                     GFP_KERNEL);
2784                                         } else {        /* no room so create dummy domain and NOS string */
2785                                                 ses->serverDomain =
2786                                                     kzalloc(2, GFP_KERNEL);
2787                                                 ses->serverNOS =
2788                                                     kzalloc(2, GFP_KERNEL);
2789                                         }
2790                                 } else {        /* ASCII */
2791                                         len = strnlen(bcc_ptr, 1024);
2792                                         if (((long) bcc_ptr + len) - (long)
2793                                             pByteArea(smb_buffer_response)
2794                                             <= BCC(smb_buffer_response)) {
2795                                                 ses->serverOS =
2796                                                     kzalloc(len + 1,
2797                                                             GFP_KERNEL);
2798                                                 strncpy(ses->serverOS,
2799                                                         bcc_ptr, len);
2800
2801                                                 bcc_ptr += len;
2802                                                 bcc_ptr[0] = 0; /* null terminate string */
2803                                                 bcc_ptr++;
2804
2805                                                 len = strnlen(bcc_ptr, 1024);
2806                                                 ses->serverNOS =
2807                                                     kzalloc(len + 1,
2808                                                             GFP_KERNEL);
2809                                                 strncpy(ses->serverNOS, bcc_ptr, len);
2810                                                 bcc_ptr += len;
2811                                                 bcc_ptr[0] = 0;
2812                                                 bcc_ptr++;
2813
2814                                                 len = strnlen(bcc_ptr, 1024);
2815                                                 ses->serverDomain =
2816                                                     kzalloc(len + 1,
2817                                                             GFP_KERNEL);
2818                                                 strncpy(ses->serverDomain, bcc_ptr, len);       
2819                                                 bcc_ptr += len;
2820                                                 bcc_ptr[0] = 0;
2821                                                 bcc_ptr++;
2822                                         } else
2823                                                 cFYI(1,
2824                                                      ("Variable field of length %d extends beyond end of smb",
2825                                                       len));
2826                                 }
2827                         } else {
2828                                 cERROR(1,
2829                                        (" Security Blob Length extends beyond end of SMB"));
2830                         }
2831                 } else {
2832                         cERROR(1, ("No session structure passed in."));
2833                 }
2834         } else {
2835                 cERROR(1,
2836                        (" Invalid Word count %d:",
2837                         smb_buffer_response->WordCount));
2838                 rc = -EIO;
2839         }
2840
2841         if (smb_buffer)
2842                 cifs_buf_release(smb_buffer);
2843
2844         return rc;
2845 }
2846 static int
2847 CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2848                 char *ntlm_session_key, int ntlmv2_flag,
2849                 const struct nls_table *nls_codepage)
2850 {
2851         struct smb_hdr *smb_buffer;
2852         struct smb_hdr *smb_buffer_response;
2853         SESSION_SETUP_ANDX *pSMB;
2854         SESSION_SETUP_ANDX *pSMBr;
2855         char *bcc_ptr;
2856         char *user;
2857         char *domain;
2858         int rc = 0;
2859         int remaining_words = 0;
2860         int bytes_returned = 0;
2861         int len;
2862         int SecurityBlobLength = sizeof (AUTHENTICATE_MESSAGE);
2863         PAUTHENTICATE_MESSAGE SecurityBlob;
2864         __u32 negotiate_flags, capabilities;
2865         __u16 count;
2866
2867         cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
2868         if(ses == NULL)
2869                 return -EINVAL;
2870         user = ses->userName;
2871         domain = ses->domainName;
2872         smb_buffer = cifs_buf_get();
2873         if (smb_buffer == NULL) {
2874                 return -ENOMEM;
2875         }
2876         smb_buffer_response = smb_buffer;
2877         pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2878         pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2879
2880         /* send SMBsessionSetup here */
2881         header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2882                         NULL /* no tCon exists yet */ , 12 /* wct */ );
2883
2884         smb_buffer->Mid = GetNextMid(ses->server);
2885         pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2886         pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2887         pSMB->req.AndXCommand = 0xFF;
2888         pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2889         pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2890
2891         pSMB->req.hdr.Uid = ses->Suid;
2892
2893         if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2894                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2895
2896         capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2897             CAP_EXTENDED_SECURITY;
2898         if (ses->capabilities & CAP_UNICODE) {
2899                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2900                 capabilities |= CAP_UNICODE;
2901         }
2902         if (ses->capabilities & CAP_STATUS32) {
2903                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2904                 capabilities |= CAP_STATUS32;
2905         }
2906         if (ses->capabilities & CAP_DFS) {
2907                 smb_buffer->Flags2 |= SMBFLG2_DFS;
2908                 capabilities |= CAP_DFS;
2909         }
2910         pSMB->req.Capabilities = cpu_to_le32(capabilities);
2911
2912         bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2913         SecurityBlob = (PAUTHENTICATE_MESSAGE) bcc_ptr;
2914         strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2915         SecurityBlob->MessageType = NtLmAuthenticate;
2916         bcc_ptr += SecurityBlobLength;
2917         negotiate_flags = 
2918             NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
2919             NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
2920             0x80000000 | NTLMSSP_NEGOTIATE_128;
2921         if(sign_CIFS_PDUs)
2922                 negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
2923         if(ntlmv2_flag)
2924                 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
2925
2926 /* setup pointers to domain name and workstation name */
2927
2928         SecurityBlob->WorkstationName.Buffer = 0;
2929         SecurityBlob->WorkstationName.Length = 0;
2930         SecurityBlob->WorkstationName.MaximumLength = 0;
2931         SecurityBlob->SessionKey.Length = 0;
2932         SecurityBlob->SessionKey.MaximumLength = 0;
2933         SecurityBlob->SessionKey.Buffer = 0;
2934
2935         SecurityBlob->LmChallengeResponse.Length = 0;
2936         SecurityBlob->LmChallengeResponse.MaximumLength = 0;
2937         SecurityBlob->LmChallengeResponse.Buffer = 0;
2938
2939         SecurityBlob->NtChallengeResponse.Length =
2940             cpu_to_le16(CIFS_SESSION_KEY_SIZE);
2941         SecurityBlob->NtChallengeResponse.MaximumLength =
2942             cpu_to_le16(CIFS_SESSION_KEY_SIZE);
2943         memcpy(bcc_ptr, ntlm_session_key, CIFS_SESSION_KEY_SIZE);
2944         SecurityBlob->NtChallengeResponse.Buffer =
2945             cpu_to_le32(SecurityBlobLength);
2946         SecurityBlobLength += CIFS_SESSION_KEY_SIZE;
2947         bcc_ptr += CIFS_SESSION_KEY_SIZE;
2948
2949         if (ses->capabilities & CAP_UNICODE) {
2950                 if (domain == NULL) {
2951                         SecurityBlob->DomainName.Buffer = 0;
2952                         SecurityBlob->DomainName.Length = 0;
2953                         SecurityBlob->DomainName.MaximumLength = 0;
2954                 } else {
2955                         __u16 len =
2956                             cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2957                                           nls_codepage);
2958                         len *= 2;
2959                         SecurityBlob->DomainName.MaximumLength =
2960                             cpu_to_le16(len);
2961                         SecurityBlob->DomainName.Buffer =
2962                             cpu_to_le32(SecurityBlobLength);
2963                         bcc_ptr += len;
2964                         SecurityBlobLength += len;
2965                         SecurityBlob->DomainName.Length =
2966                             cpu_to_le16(len);
2967                 }
2968                 if (user == NULL) {
2969                         SecurityBlob->UserName.Buffer = 0;
2970                         SecurityBlob->UserName.Length = 0;
2971                         SecurityBlob->UserName.MaximumLength = 0;
2972                 } else {
2973                         __u16 len =
2974                             cifs_strtoUCS((__le16 *) bcc_ptr, user, 64,
2975                                           nls_codepage);
2976                         len *= 2;
2977                         SecurityBlob->UserName.MaximumLength =
2978                             cpu_to_le16(len);
2979                         SecurityBlob->UserName.Buffer =
2980                             cpu_to_le32(SecurityBlobLength);
2981                         bcc_ptr += len;
2982                         SecurityBlobLength += len;
2983                         SecurityBlob->UserName.Length =
2984                             cpu_to_le16(len);
2985                 }
2986
2987                 /* SecurityBlob->WorkstationName.Length = cifs_strtoUCS((__le16 *) bcc_ptr, "AMACHINE",64, nls_codepage);
2988                    SecurityBlob->WorkstationName.Length *= 2;
2989                    SecurityBlob->WorkstationName.MaximumLength = cpu_to_le16(SecurityBlob->WorkstationName.Length);
2990                    SecurityBlob->WorkstationName.Buffer = cpu_to_le32(SecurityBlobLength);
2991                    bcc_ptr += SecurityBlob->WorkstationName.Length;
2992                    SecurityBlobLength += SecurityBlob->WorkstationName.Length;
2993                    SecurityBlob->WorkstationName.Length = cpu_to_le16(SecurityBlob->WorkstationName.Length);  */
2994
2995                 if ((long) bcc_ptr % 2) {
2996                         *bcc_ptr = 0;
2997                         bcc_ptr++;
2998                 }
2999                 bytes_returned =
3000                     cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
3001                                   32, nls_codepage);
3002                 bcc_ptr += 2 * bytes_returned;
3003                 bytes_returned =
3004                     cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release, 32,
3005                                   nls_codepage);
3006                 bcc_ptr += 2 * bytes_returned;
3007                 bcc_ptr += 2;   /* null term version string */
3008                 bytes_returned =
3009                     cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
3010                                   64, nls_codepage);
3011                 bcc_ptr += 2 * bytes_returned;
3012                 *(bcc_ptr + 1) = 0;
3013                 *(bcc_ptr + 2) = 0;
3014                 bcc_ptr += 2;   /* null terminate network opsys string */
3015                 *(bcc_ptr + 1) = 0;
3016                 *(bcc_ptr + 2) = 0;
3017                 bcc_ptr += 2;   /* null domain */
3018         } else {                /* ASCII */
3019                 if (domain == NULL) {
3020                         SecurityBlob->DomainName.Buffer = 0;
3021                         SecurityBlob->DomainName.Length = 0;
3022                         SecurityBlob->DomainName.MaximumLength = 0;
3023                 } else {
3024                         __u16 len;
3025                         negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
3026                         strncpy(bcc_ptr, domain, 63);
3027                         len = strnlen(domain, 64);
3028                         SecurityBlob->DomainName.MaximumLength =
3029                             cpu_to_le16(len);
3030                         SecurityBlob->DomainName.Buffer =
3031                             cpu_to_le32(SecurityBlobLength);
3032                         bcc_ptr += len;
3033                         SecurityBlobLength += len;
3034                         SecurityBlob->DomainName.Length = cpu_to_le16(len);
3035                 }
3036                 if (user == NULL) {
3037                         SecurityBlob->UserName.Buffer = 0;
3038                         SecurityBlob->UserName.Length = 0;
3039                         SecurityBlob->UserName.MaximumLength = 0;
3040                 } else {
3041                         __u16 len;
3042                         strncpy(bcc_ptr, user, 63);
3043                         len = strnlen(user, 64);
3044                         SecurityBlob->UserName.MaximumLength =
3045                             cpu_to_le16(len);
3046                         SecurityBlob->UserName.Buffer =
3047                             cpu_to_le32(SecurityBlobLength);
3048                         bcc_ptr += len;
3049                         SecurityBlobLength += len;
3050                         SecurityBlob->UserName.Length = cpu_to_le16(len);
3051                 }
3052                 /* BB fill in our workstation name if known BB */
3053
3054                 strcpy(bcc_ptr, "Linux version ");
3055                 bcc_ptr += strlen("Linux version ");
3056                 strcpy(bcc_ptr, system_utsname.release);
3057                 bcc_ptr += strlen(system_utsname.release) + 1;
3058                 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
3059                 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
3060                 bcc_ptr++;      /* null domain */
3061                 *bcc_ptr = 0;
3062         }
3063         SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
3064         pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
3065         count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
3066         smb_buffer->smb_buf_length += count;
3067         pSMB->req.ByteCount = cpu_to_le16(count);
3068
3069         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
3070                          &bytes_returned, 1);
3071         if (rc) {
3072 /*    rc = map_smb_to_linux_error(smb_buffer_response);  *//* done in SendReceive now */
3073         } else if ((smb_buffer_response->WordCount == 3)
3074                    || (smb_buffer_response->WordCount == 4)) {
3075                 __u16 action = le16_to_cpu(pSMBr->resp.Action);
3076                 __u16 blob_len =
3077                     le16_to_cpu(pSMBr->resp.SecurityBlobLength);
3078                 if (action & GUEST_LOGIN)
3079                         cFYI(1, (" Guest login"));      /* BB do we want to set anything in SesInfo struct ? */
3080 /*        if(SecurityBlob2->MessageType != NtLm??){                               
3081                  cFYI("Unexpected message type on auth response is %d ")); 
3082         } */
3083                 if (ses) {
3084                         cFYI(1,
3085                              ("Does UID on challenge %d match auth response UID %d ",
3086                               ses->Suid, smb_buffer_response->Uid));
3087                         ses->Suid = smb_buffer_response->Uid; /* UID left in wire format */
3088                         bcc_ptr = pByteArea(smb_buffer_response);       
3089             /* response can have either 3 or 4 word count - Samba sends 3 */
3090                         if ((pSMBr->resp.hdr.WordCount == 3)
3091                             || ((pSMBr->resp.hdr.WordCount == 4)
3092                                 && (blob_len <
3093                                     pSMBr->resp.ByteCount))) {
3094                                 if (pSMBr->resp.hdr.WordCount == 4) {
3095                                         bcc_ptr +=
3096                                             blob_len;
3097                                         cFYI(1,
3098                                              ("Security Blob Length %d ",
3099                                               blob_len));
3100                                 }
3101
3102                                 cFYI(1,
3103                                      ("NTLMSSP response to Authenticate "));
3104
3105                                 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3106                                         if ((long) (bcc_ptr) % 2) {
3107                                                 remaining_words =
3108                                                     (BCC(smb_buffer_response)
3109                                                      - 1) / 2;
3110                                                 bcc_ptr++;      /* Unicode strings must be word aligned */
3111                                         } else {
3112                                                 remaining_words = BCC(smb_buffer_response) / 2;
3113                                         }
3114                                         len =
3115                                             UniStrnlen((wchar_t *) bcc_ptr,remaining_words - 1);
3116 /* We look for obvious messed up bcc or strings in response so we do not go off
3117   the end since (at least) WIN2K and Windows XP have a major bug in not null
3118   terminating last Unicode string in response  */
3119                                         ses->serverOS =
3120                                             kzalloc(2 * (len + 1), GFP_KERNEL);
3121                                         cifs_strfromUCS_le(ses->serverOS,
3122                                                            (__le16 *)
3123                                                            bcc_ptr, len,
3124                                                            nls_codepage);
3125                                         bcc_ptr += 2 * (len + 1);
3126                                         remaining_words -= len + 1;
3127                                         ses->serverOS[2 * len] = 0;
3128                                         ses->serverOS[1 + (2 * len)] = 0;
3129                                         if (remaining_words > 0) {
3130                                                 len = UniStrnlen((wchar_t *)
3131                                                                  bcc_ptr,
3132                                                                  remaining_words
3133                                                                  - 1);
3134                                                 ses->serverNOS =
3135                                                     kzalloc(2 * (len + 1),
3136                                                             GFP_KERNEL);
3137                                                 cifs_strfromUCS_le(ses->
3138                                                                    serverNOS,
3139                                                                    (__le16 *)
3140                                                                    bcc_ptr,
3141                                                                    len,
3142                                                                    nls_codepage);
3143                                                 bcc_ptr += 2 * (len + 1);
3144                                                 ses->serverNOS[2 * len] = 0;
3145                                                 ses->serverNOS[1+(2*len)] = 0;
3146                                                 remaining_words -= len + 1;
3147                                                 if (remaining_words > 0) {
3148                                                         len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words); 
3149      /* last string not always null terminated (e.g. for Windows XP & 2000) */
3150                                                         ses->serverDomain =
3151                                                             kzalloc(2 *
3152                                                                     (len +
3153                                                                      1),
3154                                                                     GFP_KERNEL);
3155                                                         cifs_strfromUCS_le
3156                                                             (ses->
3157                                                              serverDomain,
3158                                                              (__le16 *)
3159                                                              bcc_ptr, len,
3160                                                              nls_codepage);
3161                                                         bcc_ptr +=
3162                                                             2 * (len + 1);
3163                                                         ses->
3164                                                             serverDomain[2
3165                                                                          * len]
3166                                                             = 0;
3167                                                         ses->
3168                                                             serverDomain[1
3169                                                                          +
3170                                                                          (2
3171                                                                           *
3172                                                                           len)]
3173                                                             = 0;
3174                                                 } /* else no more room so create dummy domain string */
3175                                                 else
3176                                                         ses->serverDomain = kzalloc(2,GFP_KERNEL);
3177                                         } else {  /* no room so create dummy domain and NOS string */
3178                                                 ses->serverDomain = kzalloc(2, GFP_KERNEL);
3179                                                 ses->serverNOS = kzalloc(2, GFP_KERNEL);
3180                                         }
3181                                 } else {        /* ASCII */
3182                                         len = strnlen(bcc_ptr, 1024);
3183                                         if (((long) bcc_ptr + len) - 
3184                         (long) pByteArea(smb_buffer_response) 
3185                             <= BCC(smb_buffer_response)) {
3186                                                 ses->serverOS = kzalloc(len + 1,GFP_KERNEL);
3187                                                 strncpy(ses->serverOS,bcc_ptr, len);
3188
3189                                                 bcc_ptr += len;
3190                                                 bcc_ptr[0] = 0; /* null terminate the string */
3191                                                 bcc_ptr++;
3192
3193                                                 len = strnlen(bcc_ptr, 1024);
3194                                                 ses->serverNOS = kzalloc(len+1,GFP_KERNEL);
3195                                                 strncpy(ses->serverNOS, bcc_ptr, len);  
3196                                                 bcc_ptr += len;
3197                                                 bcc_ptr[0] = 0;
3198                                                 bcc_ptr++;
3199
3200                                                 len = strnlen(bcc_ptr, 1024);
3201                                                 ses->serverDomain = kzalloc(len+1,GFP_KERNEL);
3202                                                 strncpy(ses->serverDomain, bcc_ptr, len);
3203                                                 bcc_ptr += len;
3204                                                 bcc_ptr[0] = 0;
3205                                                 bcc_ptr++;
3206                                         } else
3207                                                 cFYI(1,
3208                                                      ("Variable field of length %d extends beyond end of smb ",
3209                                                       len));
3210                                 }
3211                         } else {
3212                                 cERROR(1,
3213                                        (" Security Blob Length extends beyond end of SMB"));
3214                         }
3215                 } else {
3216                         cERROR(1, ("No session structure passed in."));
3217                 }
3218         } else {
3219                 cERROR(1,
3220                        (" Invalid Word count %d: ",
3221                         smb_buffer_response->WordCount));
3222                 rc = -EIO;
3223         }
3224
3225         if (smb_buffer)
3226                 cifs_buf_release(smb_buffer);
3227
3228         return rc;
3229 }
3230
3231 int
3232 CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3233          const char *tree, struct cifsTconInfo *tcon,
3234          const struct nls_table *nls_codepage)
3235 {
3236         struct smb_hdr *smb_buffer;
3237         struct smb_hdr *smb_buffer_response;
3238         TCONX_REQ *pSMB;
3239         TCONX_RSP *pSMBr;
3240         unsigned char *bcc_ptr;
3241         int rc = 0;
3242         int length;
3243         __u16 count;
3244
3245         if (ses == NULL)
3246                 return -EIO;
3247
3248         smb_buffer = cifs_buf_get();
3249         if (smb_buffer == NULL) {
3250                 return -ENOMEM;
3251         }
3252         smb_buffer_response = smb_buffer;
3253
3254         header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3255                         NULL /*no tid */ , 4 /*wct */ );
3256
3257         smb_buffer->Mid = GetNextMid(ses->server);
3258         smb_buffer->Uid = ses->Suid;
3259         pSMB = (TCONX_REQ *) smb_buffer;
3260         pSMBr = (TCONX_RSP *) smb_buffer_response;
3261
3262         pSMB->AndXCommand = 0xFF;
3263         pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
3264         bcc_ptr = &pSMB->Password[0];
3265         if((ses->server->secMode) & SECMODE_USER) {
3266                 pSMB->PasswordLength = cpu_to_le16(1);  /* minimum */
3267                 bcc_ptr++;              /* skip password */
3268         } else {
3269                 pSMB->PasswordLength = cpu_to_le16(CIFS_SESSION_KEY_SIZE);
3270                 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3271                    specified as required (when that support is added to
3272                    the vfs in the future) as only NTLM or the much
3273                    weaker LANMAN (which we do not send) is accepted
3274                    by Samba (not sure whether other servers allow
3275                    NTLMv2 password here) */
3276                 SMBNTencrypt(ses->password,
3277                              ses->server->cryptKey,
3278                              bcc_ptr);
3279
3280                 bcc_ptr += CIFS_SESSION_KEY_SIZE;
3281                 *bcc_ptr = 0;
3282                 bcc_ptr++; /* align */
3283         }
3284
3285         if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3286                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3287
3288         if (ses->capabilities & CAP_STATUS32) {
3289                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3290         }
3291         if (ses->capabilities & CAP_DFS) {
3292                 smb_buffer->Flags2 |= SMBFLG2_DFS;
3293         }
3294         if (ses->capabilities & CAP_UNICODE) {
3295                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3296                 length =
3297                     cifs_strtoUCS((__le16 *) bcc_ptr, tree, 100, nls_codepage);
3298                 bcc_ptr += 2 * length;  /* convert num of 16 bit words to bytes */
3299                 bcc_ptr += 2;   /* skip trailing null */
3300         } else {                /* ASCII */
3301                 strcpy(bcc_ptr, tree);
3302                 bcc_ptr += strlen(tree) + 1;
3303         }
3304         strcpy(bcc_ptr, "?????");
3305         bcc_ptr += strlen("?????");
3306         bcc_ptr += 1;
3307         count = bcc_ptr - &pSMB->Password[0];
3308         pSMB->hdr.smb_buf_length += count;
3309         pSMB->ByteCount = cpu_to_le16(count);
3310
3311         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length, 0);
3312
3313         /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3314         /* above now done in SendReceive */
3315         if ((rc == 0) && (tcon != NULL)) {
3316                 tcon->tidStatus = CifsGood;
3317                 tcon->tid = smb_buffer_response->Tid;
3318                 bcc_ptr = pByteArea(smb_buffer_response);
3319                 length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2);
3320         /* skip service field (NB: this field is always ASCII) */
3321                 bcc_ptr += length + 1;  
3322                 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3323                 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3324                         length = UniStrnlen((wchar_t *) bcc_ptr, 512);
3325                         if ((bcc_ptr + (2 * length)) -
3326                              pByteArea(smb_buffer_response) <=
3327                             BCC(smb_buffer_response)) {
3328                                 kfree(tcon->nativeFileSystem);
3329                                 tcon->nativeFileSystem =
3330                                     kzalloc(length + 2, GFP_KERNEL);
3331                                 cifs_strfromUCS_le(tcon->nativeFileSystem,
3332                                                    (__le16 *) bcc_ptr,
3333                                                    length, nls_codepage);
3334                                 bcc_ptr += 2 * length;
3335                                 bcc_ptr[0] = 0; /* null terminate the string */
3336                                 bcc_ptr[1] = 0;
3337                                 bcc_ptr += 2;
3338                         }
3339                         /* else do not bother copying these informational fields */
3340                 } else {
3341                         length = strnlen(bcc_ptr, 1024);
3342                         if ((bcc_ptr + length) -
3343                             pByteArea(smb_buffer_response) <=
3344                             BCC(smb_buffer_response)) {
3345                                 kfree(tcon->nativeFileSystem);
3346                                 tcon->nativeFileSystem =
3347                                     kzalloc(length + 1, GFP_KERNEL);
3348                                 strncpy(tcon->nativeFileSystem, bcc_ptr,
3349                                         length);
3350                         }
3351                         /* else do not bother copying these informational fields */
3352                 }
3353                 tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3354                 cFYI(1, ("Tcon flags: 0x%x ", tcon->Flags));
3355         } else if ((rc == 0) && tcon == NULL) {
3356         /* all we need to save for IPC$ connection */
3357                 ses->ipc_tid = smb_buffer_response->Tid;
3358         }
3359
3360         if (smb_buffer)
3361                 cifs_buf_release(smb_buffer);
3362         return rc;
3363 }
3364
3365 int
3366 cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3367 {
3368         int rc = 0;
3369         int xid;
3370         struct cifsSesInfo *ses = NULL;
3371         struct task_struct *cifsd_task;
3372
3373         xid = GetXid();
3374
3375         if (cifs_sb->tcon) {
3376                 ses = cifs_sb->tcon->ses; /* save ptr to ses before delete tcon!*/
3377                 rc = CIFSSMBTDis(xid, cifs_sb->tcon);
3378                 if (rc == -EBUSY) {
3379                         FreeXid(xid);
3380                         return 0;
3381                 }
3382                 tconInfoFree(cifs_sb->tcon);
3383                 if ((ses) && (ses->server)) {
3384                         /* save off task so we do not refer to ses later */
3385                         cifsd_task = ses->server->tsk;
3386                         cFYI(1, ("About to do SMBLogoff "));
3387                         rc = CIFSSMBLogoff(xid, ses);
3388                         if (rc == -EBUSY) {
3389                                 FreeXid(xid);
3390                                 return 0;
3391                         } else if (rc == -ESHUTDOWN) {
3392                                 cFYI(1,("Waking up socket by sending it signal"));
3393                                 if(cifsd_task) {
3394                                         send_sig(SIGKILL,cifsd_task,1);
3395                                         wait_for_completion(&cifsd_complete);
3396                                 }
3397                                 rc = 0;
3398                         } /* else - we have an smb session
3399                                 left on this socket do not kill cifsd */
3400                 } else
3401                         cFYI(1, ("No session or bad tcon"));
3402         }
3403         
3404         cifs_sb->tcon = NULL;
3405         if (ses)
3406                 schedule_timeout_interruptible(msecs_to_jiffies(500));
3407         if (ses)
3408                 sesInfoFree(ses);
3409
3410         FreeXid(xid);
3411         return rc;              /* BB check if we should always return zero here */
3412
3413
3414 int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
3415                                            struct nls_table * nls_info)
3416 {
3417         int rc = 0;
3418         char ntlm_session_key[CIFS_SESSION_KEY_SIZE];
3419         int ntlmv2_flag = FALSE;
3420         int first_time = 0;
3421
3422         /* what if server changes its buffer size after dropping the session? */
3423         if(pSesInfo->server->maxBuf == 0) /* no need to send on reconnect */ {
3424                 rc = CIFSSMBNegotiate(xid, pSesInfo);
3425                 if(rc == -EAGAIN) /* retry only once on 1st time connection */ {
3426                         rc = CIFSSMBNegotiate(xid, pSesInfo);
3427                         if(rc == -EAGAIN) 
3428                                 rc = -EHOSTDOWN;
3429                 }
3430                 if(rc == 0) {
3431                         spin_lock(&GlobalMid_Lock);
3432                         if(pSesInfo->server->tcpStatus != CifsExiting)
3433                                 pSesInfo->server->tcpStatus = CifsGood;
3434                         else
3435                                 rc = -EHOSTDOWN;
3436                         spin_unlock(&GlobalMid_Lock);
3437
3438                 }
3439                 first_time = 1;
3440         }
3441         if (!rc) {
3442                 pSesInfo->capabilities = pSesInfo->server->capabilities;
3443                 if(linuxExtEnabled == 0)
3444                         pSesInfo->capabilities &= (~CAP_UNIX);
3445         /*      pSesInfo->sequence_number = 0;*/
3446                 cFYI(1,("Security Mode: 0x%x Capabilities: 0x%x Time Zone: %d",
3447                         pSesInfo->server->secMode,
3448                         pSesInfo->server->capabilities,
3449                         pSesInfo->server->timeZone));
3450                 if(experimEnabled > 1)
3451                         rc = CIFS_SessSetup(xid, pSesInfo, CIFS_NTLM /* type */,
3452                                             &ntlmv2_flag, nls_info);    
3453                 else if (extended_security
3454                                 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3455                                 && (pSesInfo->server->secType == NTLMSSP)) {
3456                         cFYI(1, ("New style sesssetup"));
3457                         rc = CIFSSpnegoSessSetup(xid, pSesInfo,
3458                                 NULL /* security blob */, 
3459                                 0 /* blob length */,
3460                                 nls_info);
3461                 } else if (extended_security
3462                            && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3463                            && (pSesInfo->server->secType == RawNTLMSSP)) {
3464                         cFYI(1, ("NTLMSSP sesssetup"));
3465                         rc = CIFSNTLMSSPNegotiateSessSetup(xid,
3466                                                 pSesInfo,
3467                                                 &ntlmv2_flag,
3468                                                 nls_info);
3469                         if (!rc) {
3470                                 if(ntlmv2_flag) {
3471                                         char * v2_response;
3472                                         cFYI(1,("Can use more secure NTLM version 2 password hash"));
3473                                         if(CalcNTLMv2_partial_mac_key(pSesInfo, 
3474                                                 nls_info)) {
3475                                                 rc = -ENOMEM;
3476                                                 goto ss_err_exit;
3477                                         } else
3478                                                 v2_response = kmalloc(16 + 64 /* blob */, GFP_KERNEL);
3479                                         if(v2_response) {
3480                                                 CalcNTLMv2_response(pSesInfo,v2_response);
3481                                 /*              if(first_time)
3482                                                         cifs_calculate_ntlmv2_mac_key(
3483                                                           pSesInfo->server->mac_signing_key, 
3484                                                           response, ntlm_session_key, */
3485                                                 kfree(v2_response);
3486                                         /* BB Put dummy sig in SessSetup PDU? */
3487                                         } else {
3488                                                 rc = -ENOMEM;
3489                                                 goto ss_err_exit;
3490                                         }
3491
3492                                 } else {
3493                                         SMBNTencrypt(pSesInfo->password,
3494                                                 pSesInfo->server->cryptKey,
3495                                                 ntlm_session_key);
3496
3497                                         if(first_time)
3498                                                 cifs_calculate_mac_key(
3499                                                         pSesInfo->server->mac_signing_key,
3500                                                         ntlm_session_key,
3501                                                         pSesInfo->password);
3502                                 }
3503                         /* for better security the weaker lanman hash not sent
3504                            in AuthSessSetup so we no longer calculate it */
3505
3506                                 rc = CIFSNTLMSSPAuthSessSetup(xid,
3507                                         pSesInfo,
3508                                         ntlm_session_key,
3509                                         ntlmv2_flag,
3510                                         nls_info);
3511                         }
3512                 } else { /* old style NTLM 0.12 session setup */
3513                         SMBNTencrypt(pSesInfo->password,
3514                                 pSesInfo->server->cryptKey,
3515                                 ntlm_session_key);
3516
3517                         if(first_time)          
3518                                 cifs_calculate_mac_key(
3519                                         pSesInfo->server->mac_signing_key,
3520                                         ntlm_session_key, pSesInfo->password);
3521
3522                         rc = CIFSSessSetup(xid, pSesInfo,
3523                                 ntlm_session_key, nls_info);
3524                 }
3525                 if (rc) {
3526                         cERROR(1,("Send error in SessSetup = %d",rc));
3527                 } else {
3528                         cFYI(1,("CIFS Session Established successfully"));
3529                         pSesInfo->status = CifsGood;
3530                 }
3531         }
3532 ss_err_exit:
3533         return rc;
3534 }
3535