]> www.pilppa.org Git - linux-2.6-omap-h63xx.git/blob - fs/cifs/connect.c
f2259db075c4f265b2537641a8d21e22a06f2674
[linux-2.6-omap-h63xx.git] / fs / cifs / connect.c
1 /*
2  *   fs/cifs/connect.c
3  *
4  *   Copyright (C) International Business Machines  Corp., 2002,2008
5  *   Author(s): Steve French (sfrench@us.ibm.com)
6  *
7  *   This library is free software; you can redistribute it and/or modify
8  *   it under the terms of the GNU Lesser General Public License as published
9  *   by the Free Software Foundation; either version 2.1 of the License, or
10  *   (at your option) any later version.
11  *
12  *   This library is distributed in the hope that it will be useful,
13  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
14  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
15  *   the GNU Lesser General Public License for more details.
16  *
17  *   You should have received a copy of the GNU Lesser General Public License
18  *   along with this library; if not, write to the Free Software
19  *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20  */
21 #include <linux/fs.h>
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/ipv6.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/kthread.h>
34 #include <linux/pagevec.h>
35 #include <linux/freezer.h>
36 #include <asm/uaccess.h>
37 #include <asm/processor.h>
38 #include "cifspdu.h"
39 #include "cifsglob.h"
40 #include "cifsproto.h"
41 #include "cifs_unicode.h"
42 #include "cifs_debug.h"
43 #include "cifs_fs_sb.h"
44 #include "ntlmssp.h"
45 #include "nterr.h"
46 #include "rfc1002pdu.h"
47 #include "cn_cifs.h"
48
49 #define CIFS_PORT 445
50 #define RFC1001_PORT 139
51
52 static DECLARE_COMPLETION(cifsd_complete);
53
54 extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
55                          unsigned char *p24);
56
57 extern mempool_t *cifs_req_poolp;
58
59 struct smb_vol {
60         char *username;
61         char *password;
62         char *domainname;
63         char *UNC;
64         char *UNCip;
65         char *in6_addr;  /* ipv6 address as human readable form of in6_addr */
66         char *iocharset;  /* local code page for mapping to and from Unicode */
67         char source_rfc1001_name[16]; /* netbios name of client */
68         char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
69         uid_t linux_uid;
70         gid_t linux_gid;
71         mode_t file_mode;
72         mode_t dir_mode;
73         unsigned secFlg;
74         bool rw:1;
75         bool retry:1;
76         bool intr:1;
77         bool setuids:1;
78         bool override_uid:1;
79         bool override_gid:1;
80         bool noperm:1;
81         bool no_psx_acl:1; /* set if posix acl support should be disabled */
82         bool cifs_acl:1;
83         bool no_xattr:1;   /* set if xattr (EA) support should be disabled*/
84         bool server_ino:1; /* use inode numbers from server ie UniqueId */
85         bool direct_io:1;
86         bool remap:1;     /* set to remap seven reserved chars in filenames */
87         bool posix_paths:1;   /* unset to not ask for posix pathnames. */
88         bool no_linux_ext:1;
89         bool sfu_emul:1;
90         bool nullauth:1; /* attempt to authenticate with null user */
91         unsigned nocase;     /* request case insensitive filenames */
92         unsigned nobrl;      /* disable sending byte range locks to srv */
93         unsigned int rsize;
94         unsigned int wsize;
95         unsigned int sockopt;
96         unsigned short int port;
97         char *prepath;
98 };
99
100 static int ipv4_connect(struct sockaddr_in *psin_server,
101                         struct socket **csocket,
102                         char *netb_name,
103                         char *server_netb_name);
104 static int ipv6_connect(struct sockaddr_in6 *psin_server,
105                         struct socket **csocket);
106
107
108         /*
109          * cifs tcp session reconnection
110          *
111          * mark tcp session as reconnecting so temporarily locked
112          * mark all smb sessions as reconnecting for tcp session
113          * reconnect tcp session
114          * wake up waiters on reconnection? - (not needed currently)
115          */
116
117 static int
118 cifs_reconnect(struct TCP_Server_Info *server)
119 {
120         int rc = 0;
121         struct list_head *tmp;
122         struct cifsSesInfo *ses;
123         struct cifsTconInfo *tcon;
124         struct mid_q_entry *mid_entry;
125
126         spin_lock(&GlobalMid_Lock);
127         if (kthread_should_stop()) {
128                 /* the demux thread will exit normally
129                 next time through the loop */
130                 spin_unlock(&GlobalMid_Lock);
131                 return rc;
132         } else
133                 server->tcpStatus = CifsNeedReconnect;
134         spin_unlock(&GlobalMid_Lock);
135         server->maxBuf = 0;
136
137         cFYI(1, ("Reconnecting tcp session"));
138
139         /* before reconnecting the tcp session, mark the smb session (uid)
140                 and the tid bad so they are not used until reconnected */
141         read_lock(&GlobalSMBSeslock);
142         list_for_each(tmp, &GlobalSMBSessionList) {
143                 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
144                 if (ses->server) {
145                         if (ses->server == server) {
146                                 ses->status = CifsNeedReconnect;
147                                 ses->ipc_tid = 0;
148                         }
149                 }
150                 /* else tcp and smb sessions need reconnection */
151         }
152         list_for_each(tmp, &GlobalTreeConnectionList) {
153                 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
154                 if ((tcon) && (tcon->ses) && (tcon->ses->server == server))
155                         tcon->tidStatus = CifsNeedReconnect;
156         }
157         read_unlock(&GlobalSMBSeslock);
158         /* do not want to be sending data on a socket we are freeing */
159         down(&server->tcpSem);
160         if (server->ssocket) {
161                 cFYI(1, ("State: 0x%x Flags: 0x%lx", server->ssocket->state,
162                         server->ssocket->flags));
163                 kernel_sock_shutdown(server->ssocket, SHUT_WR);
164                 cFYI(1, ("Post shutdown state: 0x%x Flags: 0x%lx",
165                         server->ssocket->state,
166                         server->ssocket->flags));
167                 sock_release(server->ssocket);
168                 server->ssocket = NULL;
169         }
170
171         spin_lock(&GlobalMid_Lock);
172         list_for_each(tmp, &server->pending_mid_q) {
173                 mid_entry = list_entry(tmp, struct
174                                         mid_q_entry,
175                                         qhead);
176                 if (mid_entry) {
177                         if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
178                                 /* Mark other intransit requests as needing
179                                    retry so we do not immediately mark the
180                                    session bad again (ie after we reconnect
181                                    below) as they timeout too */
182                                 mid_entry->midState = MID_RETRY_NEEDED;
183                         }
184                 }
185         }
186         spin_unlock(&GlobalMid_Lock);
187         up(&server->tcpSem);
188
189         while ((!kthread_should_stop()) && (server->tcpStatus != CifsGood)) {
190                 try_to_freeze();
191                 if (server->protocolType == IPV6) {
192                         rc = ipv6_connect(&server->addr.sockAddr6,
193                                           &server->ssocket);
194                 } else {
195                         rc = ipv4_connect(&server->addr.sockAddr,
196                                         &server->ssocket,
197                                         server->workstation_RFC1001_name,
198                                         server->server_RFC1001_name);
199                 }
200                 if (rc) {
201                         cFYI(1, ("reconnect error %d", rc));
202                         msleep(3000);
203                 } else {
204                         atomic_inc(&tcpSesReconnectCount);
205                         spin_lock(&GlobalMid_Lock);
206                         if (!kthread_should_stop())
207                                 server->tcpStatus = CifsGood;
208                         server->sequence_number = 0;
209                         spin_unlock(&GlobalMid_Lock);
210         /*              atomic_set(&server->inFlight,0);*/
211                         wake_up(&server->response_q);
212                 }
213         }
214         return rc;
215 }
216
217 /*
218         return codes:
219                 0       not a transact2, or all data present
220                 >0      transact2 with that much data missing
221                 -EINVAL = invalid transact2
222
223  */
224 static int check2ndT2(struct smb_hdr *pSMB, unsigned int maxBufSize)
225 {
226         struct smb_t2_rsp *pSMBt;
227         int total_data_size;
228         int data_in_this_rsp;
229         int remaining;
230
231         if (pSMB->Command != SMB_COM_TRANSACTION2)
232                 return 0;
233
234         /* check for plausible wct, bcc and t2 data and parm sizes */
235         /* check for parm and data offset going beyond end of smb */
236         if (pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
237                 cFYI(1, ("invalid transact2 word count"));
238                 return -EINVAL;
239         }
240
241         pSMBt = (struct smb_t2_rsp *)pSMB;
242
243         total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
244         data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
245
246         remaining = total_data_size - data_in_this_rsp;
247
248         if (remaining == 0)
249                 return 0;
250         else if (remaining < 0) {
251                 cFYI(1, ("total data %d smaller than data in frame %d",
252                         total_data_size, data_in_this_rsp));
253                 return -EINVAL;
254         } else {
255                 cFYI(1, ("missing %d bytes from transact2, check next response",
256                         remaining));
257                 if (total_data_size > maxBufSize) {
258                         cERROR(1, ("TotalDataSize %d is over maximum buffer %d",
259                                 total_data_size, maxBufSize));
260                         return -EINVAL;
261                 }
262                 return remaining;
263         }
264 }
265
266 static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
267 {
268         struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
269         struct smb_t2_rsp *pSMBt  = (struct smb_t2_rsp *)pTargetSMB;
270         int total_data_size;
271         int total_in_buf;
272         int remaining;
273         int total_in_buf2;
274         char *data_area_of_target;
275         char *data_area_of_buf2;
276         __u16 byte_count;
277
278         total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
279
280         if (total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
281                 cFYI(1, ("total data size of primary and secondary t2 differ"));
282         }
283
284         total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
285
286         remaining = total_data_size - total_in_buf;
287
288         if (remaining < 0)
289                 return -EINVAL;
290
291         if (remaining == 0) /* nothing to do, ignore */
292                 return 0;
293
294         total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
295         if (remaining < total_in_buf2) {
296                 cFYI(1, ("transact2 2nd response contains too much data"));
297         }
298
299         /* find end of first SMB data area */
300         data_area_of_target = (char *)&pSMBt->hdr.Protocol +
301                                 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
302         /* validate target area */
303
304         data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
305                                         le16_to_cpu(pSMB2->t2_rsp.DataOffset);
306
307         data_area_of_target += total_in_buf;
308
309         /* copy second buffer into end of first buffer */
310         memcpy(data_area_of_target, data_area_of_buf2, total_in_buf2);
311         total_in_buf += total_in_buf2;
312         pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
313         byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
314         byte_count += total_in_buf2;
315         BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
316
317         byte_count = pTargetSMB->smb_buf_length;
318         byte_count += total_in_buf2;
319
320         /* BB also add check that we are not beyond maximum buffer size */
321
322         pTargetSMB->smb_buf_length = byte_count;
323
324         if (remaining == total_in_buf2) {
325                 cFYI(1, ("found the last secondary response"));
326                 return 0; /* we are done */
327         } else /* more responses to go */
328                 return 1;
329
330 }
331
332 static int
333 cifs_demultiplex_thread(struct TCP_Server_Info *server)
334 {
335         int length;
336         unsigned int pdu_length, total_read;
337         struct smb_hdr *smb_buffer = NULL;
338         struct smb_hdr *bigbuf = NULL;
339         struct smb_hdr *smallbuf = NULL;
340         struct msghdr smb_msg;
341         struct kvec iov;
342         struct socket *csocket = server->ssocket;
343         struct list_head *tmp;
344         struct cifsSesInfo *ses;
345         struct task_struct *task_to_wake = NULL;
346         struct mid_q_entry *mid_entry;
347         char temp;
348         bool isLargeBuf = false;
349         bool isMultiRsp;
350         int reconnect;
351
352         current->flags |= PF_MEMALLOC;
353         server->tsk = current;  /* save process info to wake at shutdown */
354         cFYI(1, ("Demultiplex PID: %d", task_pid_nr(current)));
355         write_lock(&GlobalSMBSeslock);
356         atomic_inc(&tcpSesAllocCount);
357         length = tcpSesAllocCount.counter;
358         write_unlock(&GlobalSMBSeslock);
359         complete(&cifsd_complete);
360         if (length  > 1)
361                 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
362                                 GFP_KERNEL);
363
364         set_freezable();
365         while (!kthread_should_stop()) {
366                 if (try_to_freeze())
367                         continue;
368                 if (bigbuf == NULL) {
369                         bigbuf = cifs_buf_get();
370                         if (!bigbuf) {
371                                 cERROR(1, ("No memory for large SMB response"));
372                                 msleep(3000);
373                                 /* retry will check if exiting */
374                                 continue;
375                         }
376                 } else if (isLargeBuf) {
377                         /* we are reusing a dirty large buf, clear its start */
378                         memset(bigbuf, 0, sizeof(struct smb_hdr));
379                 }
380
381                 if (smallbuf == NULL) {
382                         smallbuf = cifs_small_buf_get();
383                         if (!smallbuf) {
384                                 cERROR(1, ("No memory for SMB response"));
385                                 msleep(1000);
386                                 /* retry will check if exiting */
387                                 continue;
388                         }
389                         /* beginning of smb buffer is cleared in our buf_get */
390                 } else /* if existing small buf clear beginning */
391                         memset(smallbuf, 0, sizeof(struct smb_hdr));
392
393                 isLargeBuf = false;
394                 isMultiRsp = false;
395                 smb_buffer = smallbuf;
396                 iov.iov_base = smb_buffer;
397                 iov.iov_len = 4;
398                 smb_msg.msg_control = NULL;
399                 smb_msg.msg_controllen = 0;
400                 pdu_length = 4; /* enough to get RFC1001 header */
401 incomplete_rcv:
402                 length =
403                     kernel_recvmsg(csocket, &smb_msg,
404                                 &iov, 1, pdu_length, 0 /* BB other flags? */);
405
406                 if (kthread_should_stop()) {
407                         break;
408                 } else if (server->tcpStatus == CifsNeedReconnect) {
409                         cFYI(1, ("Reconnect after server stopped responding"));
410                         cifs_reconnect(server);
411                         cFYI(1, ("call to reconnect done"));
412                         csocket = server->ssocket;
413                         continue;
414                 } else if ((length == -ERESTARTSYS) || (length == -EAGAIN)) {
415                         msleep(1); /* minimum sleep to prevent looping
416                                 allowing socket to clear and app threads to set
417                                 tcpStatus CifsNeedReconnect if server hung */
418                         if (pdu_length < 4)
419                                 goto incomplete_rcv;
420                         else
421                                 continue;
422                 } else if (length <= 0) {
423                         if (server->tcpStatus == CifsNew) {
424                                 cFYI(1, ("tcp session abend after SMBnegprot"));
425                                 /* some servers kill the TCP session rather than
426                                    returning an SMB negprot error, in which
427                                    case reconnecting here is not going to help,
428                                    and so simply return error to mount */
429                                 break;
430                         }
431                         if (!try_to_freeze() && (length == -EINTR)) {
432                                 cFYI(1, ("cifsd thread killed"));
433                                 break;
434                         }
435                         cFYI(1, ("Reconnect after unexpected peek error %d",
436                                 length));
437                         cifs_reconnect(server);
438                         csocket = server->ssocket;
439                         wake_up(&server->response_q);
440                         continue;
441                 } else if (length < pdu_length) {
442                         cFYI(1, ("requested %d bytes but only got %d bytes",
443                                   pdu_length, length));
444                         pdu_length -= length;
445                         msleep(1);
446                         goto incomplete_rcv;
447                 }
448
449                 /* The right amount was read from socket - 4 bytes */
450                 /* so we can now interpret the length field */
451
452                 /* the first byte big endian of the length field,
453                 is actually not part of the length but the type
454                 with the most common, zero, as regular data */
455                 temp = *((char *) smb_buffer);
456
457                 /* Note that FC 1001 length is big endian on the wire,
458                 but we convert it here so it is always manipulated
459                 as host byte order */
460                 pdu_length = ntohl(smb_buffer->smb_buf_length);
461                 smb_buffer->smb_buf_length = pdu_length;
462
463                 cFYI(1, ("rfc1002 length 0x%x", pdu_length+4));
464
465                 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
466                         continue;
467                 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
468                         cFYI(1, ("Good RFC 1002 session rsp"));
469                         continue;
470                 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
471                         /* we get this from Windows 98 instead of
472                            an error on SMB negprot response */
473                         cFYI(1, ("Negative RFC1002 Session Response Error 0x%x)",
474                                 pdu_length));
475                         if (server->tcpStatus == CifsNew) {
476                                 /* if nack on negprot (rather than
477                                 ret of smb negprot error) reconnecting
478                                 not going to help, ret error to mount */
479                                 break;
480                         } else {
481                                 /* give server a second to
482                                 clean up before reconnect attempt */
483                                 msleep(1000);
484                                 /* always try 445 first on reconnect
485                                 since we get NACK on some if we ever
486                                 connected to port 139 (the NACK is
487                                 since we do not begin with RFC1001
488                                 session initialize frame) */
489                                 server->addr.sockAddr.sin_port =
490                                         htons(CIFS_PORT);
491                                 cifs_reconnect(server);
492                                 csocket = server->ssocket;
493                                 wake_up(&server->response_q);
494                                 continue;
495                         }
496                 } else if (temp != (char) 0) {
497                         cERROR(1, ("Unknown RFC 1002 frame"));
498                         cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
499                                       length);
500                         cifs_reconnect(server);
501                         csocket = server->ssocket;
502                         continue;
503                 }
504
505                 /* else we have an SMB response */
506                 if ((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
507                             (pdu_length < sizeof(struct smb_hdr) - 1 - 4)) {
508                         cERROR(1, ("Invalid size SMB length %d pdu_length %d",
509                                         length, pdu_length+4));
510                         cifs_reconnect(server);
511                         csocket = server->ssocket;
512                         wake_up(&server->response_q);
513                         continue;
514                 }
515
516                 /* else length ok */
517                 reconnect = 0;
518
519                 if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
520                         isLargeBuf = true;
521                         memcpy(bigbuf, smallbuf, 4);
522                         smb_buffer = bigbuf;
523                 }
524                 length = 0;
525                 iov.iov_base = 4 + (char *)smb_buffer;
526                 iov.iov_len = pdu_length;
527                 for (total_read = 0; total_read < pdu_length;
528                      total_read += length) {
529                         length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
530                                                 pdu_length - total_read, 0);
531                         if (kthread_should_stop() ||
532                             (length == -EINTR)) {
533                                 /* then will exit */
534                                 reconnect = 2;
535                                 break;
536                         } else if (server->tcpStatus == CifsNeedReconnect) {
537                                 cifs_reconnect(server);
538                                 csocket = server->ssocket;
539                                 /* Reconnect wakes up rspns q */
540                                 /* Now we will reread sock */
541                                 reconnect = 1;
542                                 break;
543                         } else if ((length == -ERESTARTSYS) ||
544                                    (length == -EAGAIN)) {
545                                 msleep(1); /* minimum sleep to prevent looping,
546                                               allowing socket to clear and app
547                                               threads to set tcpStatus
548                                               CifsNeedReconnect if server hung*/
549                                 length = 0;
550                                 continue;
551                         } else if (length <= 0) {
552                                 cERROR(1, ("Received no data, expecting %d",
553                                               pdu_length - total_read));
554                                 cifs_reconnect(server);
555                                 csocket = server->ssocket;
556                                 reconnect = 1;
557                                 break;
558                         }
559                 }
560                 if (reconnect == 2)
561                         break;
562                 else if (reconnect == 1)
563                         continue;
564
565                 length += 4; /* account for rfc1002 hdr */
566
567
568                 dump_smb(smb_buffer, length);
569                 if (checkSMB(smb_buffer, smb_buffer->Mid, total_read+4)) {
570                         cifs_dump_mem("Bad SMB: ", smb_buffer, 48);
571                         continue;
572                 }
573
574
575                 task_to_wake = NULL;
576                 spin_lock(&GlobalMid_Lock);
577                 list_for_each(tmp, &server->pending_mid_q) {
578                         mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
579
580                         if ((mid_entry->mid == smb_buffer->Mid) &&
581                             (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
582                             (mid_entry->command == smb_buffer->Command)) {
583                                 if (check2ndT2(smb_buffer,server->maxBuf) > 0) {
584                                         /* We have a multipart transact2 resp */
585                                         isMultiRsp = true;
586                                         if (mid_entry->resp_buf) {
587                                                 /* merge response - fix up 1st*/
588                                                 if (coalesce_t2(smb_buffer,
589                                                         mid_entry->resp_buf)) {
590                                                         mid_entry->multiRsp =
591                                                                  true;
592                                                         break;
593                                                 } else {
594                                                         /* all parts received */
595                                                         mid_entry->multiEnd =
596                                                                  true;
597                                                         goto multi_t2_fnd;
598                                                 }
599                                         } else {
600                                                 if (!isLargeBuf) {
601                                                         cERROR(1,("1st trans2 resp needs bigbuf"));
602                                         /* BB maybe we can fix this up,  switch
603                                            to already allocated large buffer? */
604                                                 } else {
605                                                         /* Have first buffer */
606                                                         mid_entry->resp_buf =
607                                                                  smb_buffer;
608                                                         mid_entry->largeBuf =
609                                                                  true;
610                                                         bigbuf = NULL;
611                                                 }
612                                         }
613                                         break;
614                                 }
615                                 mid_entry->resp_buf = smb_buffer;
616                                 mid_entry->largeBuf = isLargeBuf;
617 multi_t2_fnd:
618                                 task_to_wake = mid_entry->tsk;
619                                 mid_entry->midState = MID_RESPONSE_RECEIVED;
620 #ifdef CONFIG_CIFS_STATS2
621                                 mid_entry->when_received = jiffies;
622 #endif
623                                 /* so we do not time out requests to  server
624                                 which is still responding (since server could
625                                 be busy but not dead) */
626                                 server->lstrp = jiffies;
627                                 break;
628                         }
629                 }
630                 spin_unlock(&GlobalMid_Lock);
631                 if (task_to_wake) {
632                         /* Was previous buf put in mpx struct for multi-rsp? */
633                         if (!isMultiRsp) {
634                                 /* smb buffer will be freed by user thread */
635                                 if (isLargeBuf)
636                                         bigbuf = NULL;
637                                 else
638                                         smallbuf = NULL;
639                         }
640                         wake_up_process(task_to_wake);
641                 } else if (!is_valid_oplock_break(smb_buffer, server) &&
642                            !isMultiRsp) {
643                         cERROR(1, ("No task to wake, unknown frame received! "
644                                    "NumMids %d", midCount.counter));
645                         cifs_dump_mem("Received Data is: ", (char *)smb_buffer,
646                                       sizeof(struct smb_hdr));
647 #ifdef CONFIG_CIFS_DEBUG2
648                         cifs_dump_detail(smb_buffer);
649                         cifs_dump_mids(server);
650 #endif /* CIFS_DEBUG2 */
651
652                 }
653         } /* end while !EXITING */
654
655         spin_lock(&GlobalMid_Lock);
656         server->tcpStatus = CifsExiting;
657         server->tsk = NULL;
658         /* check if we have blocked requests that need to free */
659         /* Note that cifs_max_pending is normally 50, but
660         can be set at module install time to as little as two */
661         if (atomic_read(&server->inFlight) >= cifs_max_pending)
662                 atomic_set(&server->inFlight, cifs_max_pending - 1);
663         /* We do not want to set the max_pending too low or we
664         could end up with the counter going negative */
665         spin_unlock(&GlobalMid_Lock);
666         /* Although there should not be any requests blocked on
667         this queue it can not hurt to be paranoid and try to wake up requests
668         that may haven been blocked when more than 50 at time were on the wire
669         to the same server - they now will see the session is in exit state
670         and get out of SendReceive.  */
671         wake_up_all(&server->request_q);
672         /* give those requests time to exit */
673         msleep(125);
674
675         if (server->ssocket) {
676                 sock_release(csocket);
677                 server->ssocket = NULL;
678         }
679         /* buffer usuallly freed in free_mid - need to free it here on exit */
680         cifs_buf_release(bigbuf);
681         if (smallbuf) /* no sense logging a debug message if NULL */
682                 cifs_small_buf_release(smallbuf);
683
684         read_lock(&GlobalSMBSeslock);
685         if (list_empty(&server->pending_mid_q)) {
686                 /* loop through server session structures attached to this and
687                     mark them dead */
688                 list_for_each(tmp, &GlobalSMBSessionList) {
689                         ses =
690                             list_entry(tmp, struct cifsSesInfo,
691                                        cifsSessionList);
692                         if (ses->server == server) {
693                                 ses->status = CifsExiting;
694                                 ses->server = NULL;
695                         }
696                 }
697                 read_unlock(&GlobalSMBSeslock);
698         } else {
699                 /* although we can not zero the server struct pointer yet,
700                 since there are active requests which may depnd on them,
701                 mark the corresponding SMB sessions as exiting too */
702                 list_for_each(tmp, &GlobalSMBSessionList) {
703                         ses = list_entry(tmp, struct cifsSesInfo,
704                                          cifsSessionList);
705                         if (ses->server == server)
706                                 ses->status = CifsExiting;
707                 }
708
709                 spin_lock(&GlobalMid_Lock);
710                 list_for_each(tmp, &server->pending_mid_q) {
711                 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
712                         if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
713                                 cFYI(1, ("Clearing Mid 0x%x - waking up ",
714                                          mid_entry->mid));
715                                 task_to_wake = mid_entry->tsk;
716                                 if (task_to_wake)
717                                         wake_up_process(task_to_wake);
718                         }
719                 }
720                 spin_unlock(&GlobalMid_Lock);
721                 read_unlock(&GlobalSMBSeslock);
722                 /* 1/8th of sec is more than enough time for them to exit */
723                 msleep(125);
724         }
725
726         if (!list_empty(&server->pending_mid_q)) {
727                 /* mpx threads have not exited yet give them
728                 at least the smb send timeout time for long ops */
729                 /* due to delays on oplock break requests, we need
730                 to wait at least 45 seconds before giving up
731                 on a request getting a response and going ahead
732                 and killing cifsd */
733                 cFYI(1, ("Wait for exit from demultiplex thread"));
734                 msleep(46000);
735                 /* if threads still have not exited they are probably never
736                 coming home not much else we can do but free the memory */
737         }
738
739         write_lock(&GlobalSMBSeslock);
740         atomic_dec(&tcpSesAllocCount);
741         length = tcpSesAllocCount.counter;
742
743         /* last chance to mark ses pointers invalid
744         if there are any pointing to this (e.g
745         if a crazy root user tried to kill cifsd
746         kernel thread explicitly this might happen) */
747         list_for_each(tmp, &GlobalSMBSessionList) {
748                 ses = list_entry(tmp, struct cifsSesInfo,
749                                 cifsSessionList);
750                 if (ses->server == server)
751                         ses->server = NULL;
752         }
753         write_unlock(&GlobalSMBSeslock);
754
755         kfree(server->hostname);
756         kfree(server);
757         if (length  > 0)
758                 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
759                                 GFP_KERNEL);
760
761         return 0;
762 }
763
764 /* extract the host portion of the UNC string */
765 static char *
766 extract_hostname(const char *unc)
767 {
768         const char *src;
769         char *dst, *delim;
770         unsigned int len;
771
772         /* skip double chars at beginning of string */
773         /* BB: check validity of these bytes? */
774         src = unc + 2;
775
776         /* delimiter between hostname and sharename is always '\\' now */
777         delim = strchr(src, '\\');
778         if (!delim)
779                 return ERR_PTR(-EINVAL);
780
781         len = delim - src;
782         dst = kmalloc((len + 1), GFP_KERNEL);
783         if (dst == NULL)
784                 return ERR_PTR(-ENOMEM);
785
786         memcpy(dst, src, len);
787         dst[len] = '\0';
788
789         return dst;
790 }
791
792 static int
793 cifs_parse_mount_options(char *options, const char *devname,
794                          struct smb_vol *vol)
795 {
796         char *value;
797         char *data;
798         unsigned int  temp_len, i, j;
799         char separator[2];
800
801         separator[0] = ',';
802         separator[1] = 0;
803
804         if (Local_System_Name[0] != 0)
805                 memcpy(vol->source_rfc1001_name, Local_System_Name, 15);
806         else {
807                 char *nodename = utsname()->nodename;
808                 int n = strnlen(nodename, 15);
809                 memset(vol->source_rfc1001_name, 0x20, 15);
810                 for (i = 0; i < n; i++) {
811                         /* does not have to be perfect mapping since field is
812                         informational, only used for servers that do not support
813                         port 445 and it can be overridden at mount time */
814                         vol->source_rfc1001_name[i] = toupper(nodename[i]);
815                 }
816         }
817         vol->source_rfc1001_name[15] = 0;
818         /* null target name indicates to use *SMBSERVR default called name
819            if we end up sending RFC1001 session initialize */
820         vol->target_rfc1001_name[0] = 0;
821         vol->linux_uid = current->uid;  /* current->euid instead? */
822         vol->linux_gid = current->gid;
823         vol->dir_mode = S_IRWXUGO;
824         /* 2767 perms indicate mandatory locking support */
825         vol->file_mode = (S_IRWXUGO | S_ISGID) & (~S_IXGRP);
826
827         /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
828         vol->rw = true;
829         /* default is always to request posix paths. */
830         vol->posix_paths = 1;
831
832         if (!options)
833                 return 1;
834
835         if (strncmp(options, "sep=", 4) == 0) {
836                 if (options[4] != 0) {
837                         separator[0] = options[4];
838                         options += 5;
839                 } else {
840                         cFYI(1, ("Null separator not allowed"));
841                 }
842         }
843
844         while ((data = strsep(&options, separator)) != NULL) {
845                 if (!*data)
846                         continue;
847                 if ((value = strchr(data, '=')) != NULL)
848                         *value++ = '\0';
849
850                 /* Have to parse this before we parse for "user" */
851                 if (strnicmp(data, "user_xattr", 10) == 0) {
852                         vol->no_xattr = 0;
853                 } else if (strnicmp(data, "nouser_xattr", 12) == 0) {
854                         vol->no_xattr = 1;
855                 } else if (strnicmp(data, "user", 4) == 0) {
856                         if (!value) {
857                                 printk(KERN_WARNING
858                                        "CIFS: invalid or missing username\n");
859                                 return 1;       /* needs_arg; */
860                         } else if (!*value) {
861                                 /* null user, ie anonymous, authentication */
862                                 vol->nullauth = 1;
863                         }
864                         if (strnlen(value, 200) < 200) {
865                                 vol->username = value;
866                         } else {
867                                 printk(KERN_WARNING "CIFS: username too long\n");
868                                 return 1;
869                         }
870                 } else if (strnicmp(data, "pass", 4) == 0) {
871                         if (!value) {
872                                 vol->password = NULL;
873                                 continue;
874                         } else if (value[0] == 0) {
875                                 /* check if string begins with double comma
876                                    since that would mean the password really
877                                    does start with a comma, and would not
878                                    indicate an empty string */
879                                 if (value[1] != separator[0]) {
880                                         vol->password = NULL;
881                                         continue;
882                                 }
883                         }
884                         temp_len = strlen(value);
885                         /* removed password length check, NTLM passwords
886                                 can be arbitrarily long */
887
888                         /* if comma in password, the string will be
889                         prematurely null terminated.  Commas in password are
890                         specified across the cifs mount interface by a double
891                         comma ie ,, and a comma used as in other cases ie ','
892                         as a parameter delimiter/separator is single and due
893                         to the strsep above is temporarily zeroed. */
894
895                         /* NB: password legally can have multiple commas and
896                         the only illegal character in a password is null */
897
898                         if ((value[temp_len] == 0) &&
899                             (value[temp_len+1] == separator[0])) {
900                                 /* reinsert comma */
901                                 value[temp_len] = separator[0];
902                                 temp_len += 2;  /* move after second comma */
903                                 while (value[temp_len] != 0)  {
904                                         if (value[temp_len] == separator[0]) {
905                                                 if (value[temp_len+1] ==
906                                                      separator[0]) {
907                                                 /* skip second comma */
908                                                         temp_len++;
909                                                 } else {
910                                                 /* single comma indicating start
911                                                          of next parm */
912                                                         break;
913                                                 }
914                                         }
915                                         temp_len++;
916                                 }
917                                 if (value[temp_len] == 0) {
918                                         options = NULL;
919                                 } else {
920                                         value[temp_len] = 0;
921                                         /* point option to start of next parm */
922                                         options = value + temp_len + 1;
923                                 }
924                                 /* go from value to value + temp_len condensing
925                                 double commas to singles. Note that this ends up
926                                 allocating a few bytes too many, which is ok */
927                                 vol->password = kzalloc(temp_len, GFP_KERNEL);
928                                 if (vol->password == NULL) {
929                                         printk(KERN_WARNING "CIFS: no memory "
930                                                             "for password\n");
931                                         return 1;
932                                 }
933                                 for (i = 0, j = 0; i < temp_len; i++, j++) {
934                                         vol->password[j] = value[i];
935                                         if (value[i] == separator[0]
936                                                 && value[i+1] == separator[0]) {
937                                                 /* skip second comma */
938                                                 i++;
939                                         }
940                                 }
941                                 vol->password[j] = 0;
942                         } else {
943                                 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
944                                 if (vol->password == NULL) {
945                                         printk(KERN_WARNING "CIFS: no memory "
946                                                             "for password\n");
947                                         return 1;
948                                 }
949                                 strcpy(vol->password, value);
950                         }
951                 } else if (strnicmp(data, "ip", 2) == 0) {
952                         if (!value || !*value) {
953                                 vol->UNCip = NULL;
954                         } else if (strnlen(value, 35) < 35) {
955                                 vol->UNCip = value;
956                         } else {
957                                 printk(KERN_WARNING "CIFS: ip address "
958                                                     "too long\n");
959                                 return 1;
960                         }
961                 } else if (strnicmp(data, "sec", 3) == 0) {
962                         if (!value || !*value) {
963                                 cERROR(1, ("no security value specified"));
964                                 continue;
965                         } else if (strnicmp(value, "krb5i", 5) == 0) {
966                                 vol->secFlg |= CIFSSEC_MAY_KRB5 |
967                                         CIFSSEC_MUST_SIGN;
968                         } else if (strnicmp(value, "krb5p", 5) == 0) {
969                                 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
970                                         CIFSSEC_MAY_KRB5; */
971                                 cERROR(1, ("Krb5 cifs privacy not supported"));
972                                 return 1;
973                         } else if (strnicmp(value, "krb5", 4) == 0) {
974                                 vol->secFlg |= CIFSSEC_MAY_KRB5;
975                         } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
976                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
977                                         CIFSSEC_MUST_SIGN;
978                         } else if (strnicmp(value, "ntlmv2", 6) == 0) {
979                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
980                         } else if (strnicmp(value, "ntlmi", 5) == 0) {
981                                 vol->secFlg |= CIFSSEC_MAY_NTLM |
982                                         CIFSSEC_MUST_SIGN;
983                         } else if (strnicmp(value, "ntlm", 4) == 0) {
984                                 /* ntlm is default so can be turned off too */
985                                 vol->secFlg |= CIFSSEC_MAY_NTLM;
986                         } else if (strnicmp(value, "nontlm", 6) == 0) {
987                                 /* BB is there a better way to do this? */
988                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
989 #ifdef CONFIG_CIFS_WEAK_PW_HASH
990                         } else if (strnicmp(value, "lanman", 6) == 0) {
991                                 vol->secFlg |= CIFSSEC_MAY_LANMAN;
992 #endif
993                         } else if (strnicmp(value, "none", 4) == 0) {
994                                 vol->nullauth = 1;
995                         } else {
996                                 cERROR(1, ("bad security option: %s", value));
997                                 return 1;
998                         }
999                 } else if ((strnicmp(data, "unc", 3) == 0)
1000                            || (strnicmp(data, "target", 6) == 0)
1001                            || (strnicmp(data, "path", 4) == 0)) {
1002                         if (!value || !*value) {
1003                                 printk(KERN_WARNING "CIFS: invalid path to "
1004                                                     "network resource\n");
1005                                 return 1;       /* needs_arg; */
1006                         }
1007                         if ((temp_len = strnlen(value, 300)) < 300) {
1008                                 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1009                                 if (vol->UNC == NULL)
1010                                         return 1;
1011                                 strcpy(vol->UNC, value);
1012                                 if (strncmp(vol->UNC, "//", 2) == 0) {
1013                                         vol->UNC[0] = '\\';
1014                                         vol->UNC[1] = '\\';
1015                                 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1016                                         printk(KERN_WARNING
1017                                                "CIFS: UNC Path does not begin "
1018                                                "with // or \\\\ \n");
1019                                         return 1;
1020                                 }
1021                         } else {
1022                                 printk(KERN_WARNING "CIFS: UNC name too long\n");
1023                                 return 1;
1024                         }
1025                 } else if ((strnicmp(data, "domain", 3) == 0)
1026                            || (strnicmp(data, "workgroup", 5) == 0)) {
1027                         if (!value || !*value) {
1028                                 printk(KERN_WARNING "CIFS: invalid domain name\n");
1029                                 return 1;       /* needs_arg; */
1030                         }
1031                         /* BB are there cases in which a comma can be valid in
1032                         a domain name and need special handling? */
1033                         if (strnlen(value, 256) < 256) {
1034                                 vol->domainname = value;
1035                                 cFYI(1, ("Domain name set"));
1036                         } else {
1037                                 printk(KERN_WARNING "CIFS: domain name too "
1038                                                     "long\n");
1039                                 return 1;
1040                         }
1041                 } else if (strnicmp(data, "prefixpath", 10) == 0) {
1042                         if (!value || !*value) {
1043                                 printk(KERN_WARNING
1044                                         "CIFS: invalid path prefix\n");
1045                                 return 1;       /* needs_argument */
1046                         }
1047                         if ((temp_len = strnlen(value, 1024)) < 1024) {
1048                                 if (value[0] != '/')
1049                                         temp_len++;  /* missing leading slash */
1050                                 vol->prepath = kmalloc(temp_len+1, GFP_KERNEL);
1051                                 if (vol->prepath == NULL)
1052                                         return 1;
1053                                 if (value[0] != '/') {
1054                                         vol->prepath[0] = '/';
1055                                         strcpy(vol->prepath+1, value);
1056                                 } else
1057                                         strcpy(vol->prepath, value);
1058                                 cFYI(1, ("prefix path %s", vol->prepath));
1059                         } else {
1060                                 printk(KERN_WARNING "CIFS: prefix too long\n");
1061                                 return 1;
1062                         }
1063                 } else if (strnicmp(data, "iocharset", 9) == 0) {
1064                         if (!value || !*value) {
1065                                 printk(KERN_WARNING "CIFS: invalid iocharset "
1066                                                     "specified\n");
1067                                 return 1;       /* needs_arg; */
1068                         }
1069                         if (strnlen(value, 65) < 65) {
1070                                 if (strnicmp(value, "default", 7))
1071                                         vol->iocharset = value;
1072                                 /* if iocharset not set then load_nls_default
1073                                    is used by caller */
1074                                 cFYI(1, ("iocharset set to %s", value));
1075                         } else {
1076                                 printk(KERN_WARNING "CIFS: iocharset name "
1077                                                     "too long.\n");
1078                                 return 1;
1079                         }
1080                 } else if (strnicmp(data, "uid", 3) == 0) {
1081                         if (value && *value) {
1082                                 vol->linux_uid =
1083                                         simple_strtoul(value, &value, 0);
1084                                 vol->override_uid = 1;
1085                         }
1086                 } else if (strnicmp(data, "gid", 3) == 0) {
1087                         if (value && *value) {
1088                                 vol->linux_gid =
1089                                         simple_strtoul(value, &value, 0);
1090                                 vol->override_gid = 1;
1091                         }
1092                 } else if (strnicmp(data, "file_mode", 4) == 0) {
1093                         if (value && *value) {
1094                                 vol->file_mode =
1095                                         simple_strtoul(value, &value, 0);
1096                         }
1097                 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1098                         if (value && *value) {
1099                                 vol->dir_mode =
1100                                         simple_strtoul(value, &value, 0);
1101                         }
1102                 } else if (strnicmp(data, "dirmode", 4) == 0) {
1103                         if (value && *value) {
1104                                 vol->dir_mode =
1105                                         simple_strtoul(value, &value, 0);
1106                         }
1107                 } else if (strnicmp(data, "port", 4) == 0) {
1108                         if (value && *value) {
1109                                 vol->port =
1110                                         simple_strtoul(value, &value, 0);
1111                         }
1112                 } else if (strnicmp(data, "rsize", 5) == 0) {
1113                         if (value && *value) {
1114                                 vol->rsize =
1115                                         simple_strtoul(value, &value, 0);
1116                         }
1117                 } else if (strnicmp(data, "wsize", 5) == 0) {
1118                         if (value && *value) {
1119                                 vol->wsize =
1120                                         simple_strtoul(value, &value, 0);
1121                         }
1122                 } else if (strnicmp(data, "sockopt", 5) == 0) {
1123                         if (value && *value) {
1124                                 vol->sockopt =
1125                                         simple_strtoul(value, &value, 0);
1126                         }
1127                 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1128                         if (!value || !*value || (*value == ' ')) {
1129                                 cFYI(1, ("invalid (empty) netbiosname"));
1130                         } else {
1131                                 memset(vol->source_rfc1001_name, 0x20, 15);
1132                                 for (i = 0; i < 15; i++) {
1133                                 /* BB are there cases in which a comma can be
1134                                 valid in this workstation netbios name (and need
1135                                 special handling)? */
1136
1137                                 /* We do not uppercase netbiosname for user */
1138                                         if (value[i] == 0)
1139                                                 break;
1140                                         else
1141                                                 vol->source_rfc1001_name[i] =
1142                                                                 value[i];
1143                                 }
1144                                 /* The string has 16th byte zero still from
1145                                 set at top of the function  */
1146                                 if ((i == 15) && (value[i] != 0))
1147                                         printk(KERN_WARNING "CIFS: netbiosname"
1148                                                 " longer than 15 truncated.\n");
1149                         }
1150                 } else if (strnicmp(data, "servern", 7) == 0) {
1151                         /* servernetbiosname specified override *SMBSERVER */
1152                         if (!value || !*value || (*value == ' ')) {
1153                                 cFYI(1, ("empty server netbiosname specified"));
1154                         } else {
1155                                 /* last byte, type, is 0x20 for servr type */
1156                                 memset(vol->target_rfc1001_name, 0x20, 16);
1157
1158                                 for (i = 0; i < 15; i++) {
1159                                 /* BB are there cases in which a comma can be
1160                                    valid in this workstation netbios name
1161                                    (and need special handling)? */
1162
1163                                 /* user or mount helper must uppercase
1164                                    the netbiosname */
1165                                         if (value[i] == 0)
1166                                                 break;
1167                                         else
1168                                                 vol->target_rfc1001_name[i] =
1169                                                                 value[i];
1170                                 }
1171                                 /* The string has 16th byte zero still from
1172                                    set at top of the function  */
1173                                 if ((i == 15) && (value[i] != 0))
1174                                         printk(KERN_WARNING "CIFS: server net"
1175                                         "biosname longer than 15 truncated.\n");
1176                         }
1177                 } else if (strnicmp(data, "credentials", 4) == 0) {
1178                         /* ignore */
1179                 } else if (strnicmp(data, "version", 3) == 0) {
1180                         /* ignore */
1181                 } else if (strnicmp(data, "guest", 5) == 0) {
1182                         /* ignore */
1183                 } else if (strnicmp(data, "rw", 2) == 0) {
1184                         vol->rw = true;
1185                 } else if ((strnicmp(data, "suid", 4) == 0) ||
1186                                    (strnicmp(data, "nosuid", 6) == 0) ||
1187                                    (strnicmp(data, "exec", 4) == 0) ||
1188                                    (strnicmp(data, "noexec", 6) == 0) ||
1189                                    (strnicmp(data, "nodev", 5) == 0) ||
1190                                    (strnicmp(data, "noauto", 6) == 0) ||
1191                                    (strnicmp(data, "dev", 3) == 0)) {
1192                         /*  The mount tool or mount.cifs helper (if present)
1193                             uses these opts to set flags, and the flags are read
1194                             by the kernel vfs layer before we get here (ie
1195                             before read super) so there is no point trying to
1196                             parse these options again and set anything and it
1197                             is ok to just ignore them */
1198                         continue;
1199                 } else if (strnicmp(data, "ro", 2) == 0) {
1200                         vol->rw = false;
1201                 } else if (strnicmp(data, "hard", 4) == 0) {
1202                         vol->retry = 1;
1203                 } else if (strnicmp(data, "soft", 4) == 0) {
1204                         vol->retry = 0;
1205                 } else if (strnicmp(data, "perm", 4) == 0) {
1206                         vol->noperm = 0;
1207                 } else if (strnicmp(data, "noperm", 6) == 0) {
1208                         vol->noperm = 1;
1209                 } else if (strnicmp(data, "mapchars", 8) == 0) {
1210                         vol->remap = 1;
1211                 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1212                         vol->remap = 0;
1213                 } else if (strnicmp(data, "sfu", 3) == 0) {
1214                         vol->sfu_emul = 1;
1215                 } else if (strnicmp(data, "nosfu", 5) == 0) {
1216                         vol->sfu_emul = 0;
1217                 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1218                         vol->posix_paths = 1;
1219                 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1220                         vol->posix_paths = 0;
1221                 } else if (strnicmp(data, "nounix", 6) == 0) {
1222                         vol->no_linux_ext = 1;
1223                 } else if (strnicmp(data, "nolinux", 7) == 0) {
1224                         vol->no_linux_ext = 1;
1225                 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1226                            (strnicmp(data, "ignorecase", 10)  == 0)) {
1227                         vol->nocase = 1;
1228                 } else if (strnicmp(data, "brl", 3) == 0) {
1229                         vol->nobrl =  0;
1230                 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1231                            (strnicmp(data, "nolock", 6) == 0)) {
1232                         vol->nobrl =  1;
1233                         /* turn off mandatory locking in mode
1234                         if remote locking is turned off since the
1235                         local vfs will do advisory */
1236                         if (vol->file_mode ==
1237                                 (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1238                                 vol->file_mode = S_IALLUGO;
1239                 } else if (strnicmp(data, "setuids", 7) == 0) {
1240                         vol->setuids = 1;
1241                 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1242                         vol->setuids = 0;
1243                 } else if (strnicmp(data, "nohard", 6) == 0) {
1244                         vol->retry = 0;
1245                 } else if (strnicmp(data, "nosoft", 6) == 0) {
1246                         vol->retry = 1;
1247                 } else if (strnicmp(data, "nointr", 6) == 0) {
1248                         vol->intr = 0;
1249                 } else if (strnicmp(data, "intr", 4) == 0) {
1250                         vol->intr = 1;
1251                 } else if (strnicmp(data, "serverino", 7) == 0) {
1252                         vol->server_ino = 1;
1253                 } else if (strnicmp(data, "noserverino", 9) == 0) {
1254                         vol->server_ino = 0;
1255                 } else if (strnicmp(data, "cifsacl", 7) == 0) {
1256                         vol->cifs_acl = 1;
1257                 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1258                         vol->cifs_acl = 0;
1259                 } else if (strnicmp(data, "acl", 3) == 0) {
1260                         vol->no_psx_acl = 0;
1261                 } else if (strnicmp(data, "noacl", 5) == 0) {
1262                         vol->no_psx_acl = 1;
1263                 } else if (strnicmp(data, "sign", 4) == 0) {
1264                         vol->secFlg |= CIFSSEC_MUST_SIGN;
1265 /*              } else if (strnicmp(data, "seal",4) == 0) {
1266                         vol->secFlg |= CIFSSEC_MUST_SEAL; */
1267                 } else if (strnicmp(data, "direct", 6) == 0) {
1268                         vol->direct_io = 1;
1269                 } else if (strnicmp(data, "forcedirectio", 13) == 0) {
1270                         vol->direct_io = 1;
1271                 } else if (strnicmp(data, "in6_addr", 8) == 0) {
1272                         if (!value || !*value) {
1273                                 vol->in6_addr = NULL;
1274                         } else if (strnlen(value, 49) == 48) {
1275                                 vol->in6_addr = value;
1276                         } else {
1277                                 printk(KERN_WARNING "CIFS: ip v6 address not "
1278                                                     "48 characters long\n");
1279                                 return 1;
1280                         }
1281                 } else if (strnicmp(data, "noac", 4) == 0) {
1282                         printk(KERN_WARNING "CIFS: Mount option noac not "
1283                                 "supported. Instead set "
1284                                 "/proc/fs/cifs/LookupCacheEnabled to 0\n");
1285                 } else
1286                         printk(KERN_WARNING "CIFS: Unknown mount option %s\n",
1287                                                 data);
1288         }
1289         if (vol->UNC == NULL) {
1290                 if (devname == NULL) {
1291                         printk(KERN_WARNING "CIFS: Missing UNC name for mount "
1292                                                 "target\n");
1293                         return 1;
1294                 }
1295                 if ((temp_len = strnlen(devname, 300)) < 300) {
1296                         vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1297                         if (vol->UNC == NULL)
1298                                 return 1;
1299                         strcpy(vol->UNC, devname);
1300                         if (strncmp(vol->UNC, "//", 2) == 0) {
1301                                 vol->UNC[0] = '\\';
1302                                 vol->UNC[1] = '\\';
1303                         } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1304                                 printk(KERN_WARNING "CIFS: UNC Path does not "
1305                                                     "begin with // or \\\\ \n");
1306                                 return 1;
1307                         }
1308                 } else {
1309                         printk(KERN_WARNING "CIFS: UNC name too long\n");
1310                         return 1;
1311                 }
1312         }
1313         if (vol->UNCip == NULL)
1314                 vol->UNCip = &vol->UNC[2];
1315
1316         return 0;
1317 }
1318
1319 static struct cifsSesInfo *
1320 cifs_find_tcp_session(struct in_addr *target_ip_addr,
1321                 struct in6_addr *target_ip6_addr,
1322                  char *userName, struct TCP_Server_Info **psrvTcp)
1323 {
1324         struct list_head *tmp;
1325         struct cifsSesInfo *ses;
1326         *psrvTcp = NULL;
1327         read_lock(&GlobalSMBSeslock);
1328
1329         list_for_each(tmp, &GlobalSMBSessionList) {
1330                 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
1331                 if (ses->server) {
1332                         if ((target_ip_addr &&
1333                                 (ses->server->addr.sockAddr.sin_addr.s_addr
1334                                   == target_ip_addr->s_addr)) || (target_ip6_addr
1335                                 && memcmp(&ses->server->addr.sockAddr6.sin6_addr,
1336                                         target_ip6_addr, sizeof(*target_ip6_addr)))) {
1337                                 /* BB lock server and tcp session and increment
1338                                       use count here?? */
1339
1340                                 /* found a match on the TCP session */
1341                                 *psrvTcp = ses->server;
1342
1343                                 /* BB check if reconnection needed */
1344                                 if (strncmp
1345                                     (ses->userName, userName,
1346                                      MAX_USERNAME_SIZE) == 0){
1347                                         read_unlock(&GlobalSMBSeslock);
1348                                         /* Found exact match on both TCP and
1349                                            SMB sessions */
1350                                         return ses;
1351                                 }
1352                         }
1353                 }
1354                 /* else tcp and smb sessions need reconnection */
1355         }
1356         read_unlock(&GlobalSMBSeslock);
1357         return NULL;
1358 }
1359
1360 static struct cifsTconInfo *
1361 find_unc(__be32 new_target_ip_addr, char *uncName, char *userName)
1362 {
1363         struct list_head *tmp;
1364         struct cifsTconInfo *tcon;
1365         __be32 old_ip;
1366
1367         read_lock(&GlobalSMBSeslock);
1368
1369         list_for_each(tmp, &GlobalTreeConnectionList) {
1370                 cFYI(1, ("Next tcon"));
1371                 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
1372                 if (!tcon->ses || !tcon->ses->server)
1373                         continue;
1374
1375                 old_ip = tcon->ses->server->addr.sockAddr.sin_addr.s_addr;
1376                 cFYI(1, ("old ip addr: %x == new ip %x ?",
1377                         old_ip, new_target_ip_addr));
1378
1379                 if (old_ip != new_target_ip_addr)
1380                         continue;
1381
1382                 /* BB lock tcon, server, tcp session and increment use count? */
1383                 /* found a match on the TCP session */
1384                 /* BB check if reconnection needed */
1385                 cFYI(1, ("IP match, old UNC: %s new: %s",
1386                         tcon->treeName, uncName));
1387
1388                 if (strncmp(tcon->treeName, uncName, MAX_TREE_SIZE))
1389                         continue;
1390
1391                 cFYI(1, ("and old usr: %s new: %s",
1392                         tcon->treeName, uncName));
1393
1394                 if (strncmp(tcon->ses->userName, userName, MAX_USERNAME_SIZE))
1395                         continue;
1396
1397                 /* matched smb session (user name) */
1398                 read_unlock(&GlobalSMBSeslock);
1399                 return tcon;
1400         }
1401
1402         read_unlock(&GlobalSMBSeslock);
1403         return NULL;
1404 }
1405
1406 int
1407 connect_to_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
1408                     const char *old_path, const struct nls_table *nls_codepage,
1409                     int remap)
1410 {
1411         struct dfs_info3_param *referrals = NULL;
1412         unsigned int num_referrals;
1413         int rc = 0;
1414
1415         rc = get_dfs_path(xid, pSesInfo, old_path, nls_codepage,
1416                         &num_referrals, &referrals, remap);
1417
1418         /* BB Add in code to: if valid refrl, if not ip address contact
1419                 the helper that resolves tcp names, mount to it, try to
1420                 tcon to it unmount it if fail */
1421
1422         kfree(referrals);
1423
1424         return rc;
1425 }
1426
1427 int
1428 get_dfs_path(int xid, struct cifsSesInfo *pSesInfo, const char *old_path,
1429              const struct nls_table *nls_codepage, unsigned int *pnum_referrals,
1430              struct dfs_info3_param **preferrals, int remap)
1431 {
1432         char *temp_unc;
1433         int rc = 0;
1434         unsigned char *targetUNCs;
1435
1436         *pnum_referrals = 0;
1437         *preferrals = NULL;
1438
1439         if (pSesInfo->ipc_tid == 0) {
1440                 temp_unc = kmalloc(2 /* for slashes */ +
1441                         strnlen(pSesInfo->serverName,
1442                                 SERVER_NAME_LEN_WITH_NULL * 2)
1443                                  + 1 + 4 /* slash IPC$ */  + 2,
1444                                 GFP_KERNEL);
1445                 if (temp_unc == NULL)
1446                         return -ENOMEM;
1447                 temp_unc[0] = '\\';
1448                 temp_unc[1] = '\\';
1449                 strcpy(temp_unc + 2, pSesInfo->serverName);
1450                 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
1451                 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
1452                 cFYI(1,
1453                      ("CIFS Tcon rc = %d ipc_tid = %d", rc, pSesInfo->ipc_tid));
1454                 kfree(temp_unc);
1455         }
1456         if (rc == 0)
1457                 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, &targetUNCs,
1458                                      pnum_referrals, nls_codepage, remap);
1459         /* BB map targetUNCs to dfs_info3 structures, here or
1460                 in CIFSGetDFSRefer BB */
1461
1462         return rc;
1463 }
1464
1465 /* See RFC1001 section 14 on representation of Netbios names */
1466 static void rfc1002mangle(char *target, char *source, unsigned int length)
1467 {
1468         unsigned int i, j;
1469
1470         for (i = 0, j = 0; i < (length); i++) {
1471                 /* mask a nibble at a time and encode */
1472                 target[j] = 'A' + (0x0F & (source[i] >> 4));
1473                 target[j+1] = 'A' + (0x0F & source[i]);
1474                 j += 2;
1475         }
1476
1477 }
1478
1479
1480 static int
1481 ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket,
1482              char *netbios_name, char *target_name)
1483 {
1484         int rc = 0;
1485         int connected = 0;
1486         __be16 orig_port = 0;
1487
1488         if (*csocket == NULL) {
1489                 rc = sock_create_kern(PF_INET, SOCK_STREAM,
1490                                       IPPROTO_TCP, csocket);
1491                 if (rc < 0) {
1492                         cERROR(1, ("Error %d creating socket", rc));
1493                         *csocket = NULL;
1494                         return rc;
1495                 } else {
1496                 /* BB other socket options to set KEEPALIVE, NODELAY? */
1497                         cFYI(1, ("Socket created"));
1498                         (*csocket)->sk->sk_allocation = GFP_NOFS;
1499                 }
1500         }
1501
1502         psin_server->sin_family = AF_INET;
1503         if (psin_server->sin_port) { /* user overrode default port */
1504                 rc = (*csocket)->ops->connect(*csocket,
1505                                 (struct sockaddr *) psin_server,
1506                                 sizeof(struct sockaddr_in), 0);
1507                 if (rc >= 0)
1508                         connected = 1;
1509         }
1510
1511         if (!connected) {
1512                 /* save original port so we can retry user specified port
1513                         later if fall back ports fail this time  */
1514                 orig_port = psin_server->sin_port;
1515
1516                 /* do not retry on the same port we just failed on */
1517                 if (psin_server->sin_port != htons(CIFS_PORT)) {
1518                         psin_server->sin_port = htons(CIFS_PORT);
1519
1520                         rc = (*csocket)->ops->connect(*csocket,
1521                                         (struct sockaddr *) psin_server,
1522                                         sizeof(struct sockaddr_in), 0);
1523                         if (rc >= 0)
1524                                 connected = 1;
1525                 }
1526         }
1527         if (!connected) {
1528                 psin_server->sin_port = htons(RFC1001_PORT);
1529                 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1530                                               psin_server,
1531                                               sizeof(struct sockaddr_in), 0);
1532                 if (rc >= 0)
1533                         connected = 1;
1534         }
1535
1536         /* give up here - unless we want to retry on different
1537                 protocol families some day */
1538         if (!connected) {
1539                 if (orig_port)
1540                         psin_server->sin_port = orig_port;
1541                 cFYI(1, ("Error %d connecting to server via ipv4", rc));
1542                 sock_release(*csocket);
1543                 *csocket = NULL;
1544                 return rc;
1545         }
1546         /* Eventually check for other socket options to change from
1547                 the default. sock_setsockopt not used because it expects
1548                 user space buffer */
1549          cFYI(1, ("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",
1550                  (*csocket)->sk->sk_sndbuf,
1551                  (*csocket)->sk->sk_rcvbuf, (*csocket)->sk->sk_rcvtimeo));
1552         (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1553         /* make the bufsizes depend on wsize/rsize and max requests */
1554         if ((*csocket)->sk->sk_sndbuf < (200 * 1024))
1555                 (*csocket)->sk->sk_sndbuf = 200 * 1024;
1556         if ((*csocket)->sk->sk_rcvbuf < (140 * 1024))
1557                 (*csocket)->sk->sk_rcvbuf = 140 * 1024;
1558
1559         /* send RFC1001 sessinit */
1560         if (psin_server->sin_port == htons(RFC1001_PORT)) {
1561                 /* some servers require RFC1001 sessinit before sending
1562                 negprot - BB check reconnection in case where second
1563                 sessinit is sent but no second negprot */
1564                 struct rfc1002_session_packet *ses_init_buf;
1565                 struct smb_hdr *smb_buf;
1566                 ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet),
1567                                        GFP_KERNEL);
1568                 if (ses_init_buf) {
1569                         ses_init_buf->trailer.session_req.called_len = 32;
1570                         if (target_name && (target_name[0] != 0)) {
1571                                 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1572                                         target_name, 16);
1573                         } else {
1574                                 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1575                                         DEFAULT_CIFS_CALLED_NAME, 16);
1576                         }
1577
1578                         ses_init_buf->trailer.session_req.calling_len = 32;
1579                         /* calling name ends in null (byte 16) from old smb
1580                         convention. */
1581                         if (netbios_name && (netbios_name[0] != 0)) {
1582                                 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1583                                         netbios_name, 16);
1584                         } else {
1585                                 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1586                                         "LINUX_CIFS_CLNT", 16);
1587                         }
1588                         ses_init_buf->trailer.session_req.scope1 = 0;
1589                         ses_init_buf->trailer.session_req.scope2 = 0;
1590                         smb_buf = (struct smb_hdr *)ses_init_buf;
1591                         /* sizeof RFC1002_SESSION_REQUEST with no scope */
1592                         smb_buf->smb_buf_length = 0x81000044;
1593                         rc = smb_send(*csocket, smb_buf, 0x44,
1594                                 (struct sockaddr *)psin_server);
1595                         kfree(ses_init_buf);
1596                         msleep(1); /* RFC1001 layer in at least one server
1597                                       requires very short break before negprot
1598                                       presumably because not expecting negprot
1599                                       to follow so fast.  This is a simple
1600                                       solution that works without
1601                                       complicating the code and causes no
1602                                       significant slowing down on mount
1603                                       for everyone else */
1604                 }
1605                 /* else the negprot may still work without this
1606                 even though malloc failed */
1607
1608         }
1609
1610         return rc;
1611 }
1612
1613 static int
1614 ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket)
1615 {
1616         int rc = 0;
1617         int connected = 0;
1618         __be16 orig_port = 0;
1619
1620         if (*csocket == NULL) {
1621                 rc = sock_create_kern(PF_INET6, SOCK_STREAM,
1622                                       IPPROTO_TCP, csocket);
1623                 if (rc < 0) {
1624                         cERROR(1, ("Error %d creating ipv6 socket", rc));
1625                         *csocket = NULL;
1626                         return rc;
1627                 } else {
1628                 /* BB other socket options to set KEEPALIVE, NODELAY? */
1629                          cFYI(1, ("ipv6 Socket created"));
1630                         (*csocket)->sk->sk_allocation = GFP_NOFS;
1631                 }
1632         }
1633
1634         psin_server->sin6_family = AF_INET6;
1635
1636         if (psin_server->sin6_port) { /* user overrode default port */
1637                 rc = (*csocket)->ops->connect(*csocket,
1638                                 (struct sockaddr *) psin_server,
1639                                 sizeof(struct sockaddr_in6), 0);
1640                 if (rc >= 0)
1641                         connected = 1;
1642         }
1643
1644         if (!connected) {
1645                 /* save original port so we can retry user specified port
1646                         later if fall back ports fail this time  */
1647
1648                 orig_port = psin_server->sin6_port;
1649                 /* do not retry on the same port we just failed on */
1650                 if (psin_server->sin6_port != htons(CIFS_PORT)) {
1651                         psin_server->sin6_port = htons(CIFS_PORT);
1652
1653                         rc = (*csocket)->ops->connect(*csocket,
1654                                         (struct sockaddr *) psin_server,
1655                                         sizeof(struct sockaddr_in6), 0);
1656                         if (rc >= 0)
1657                                 connected = 1;
1658                 }
1659         }
1660         if (!connected) {
1661                 psin_server->sin6_port = htons(RFC1001_PORT);
1662                 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1663                                  psin_server, sizeof(struct sockaddr_in6), 0);
1664                 if (rc >= 0)
1665                         connected = 1;
1666         }
1667
1668         /* give up here - unless we want to retry on different
1669                 protocol families some day */
1670         if (!connected) {
1671                 if (orig_port)
1672                         psin_server->sin6_port = orig_port;
1673                 cFYI(1, ("Error %d connecting to server via ipv6", rc));
1674                 sock_release(*csocket);
1675                 *csocket = NULL;
1676                 return rc;
1677         }
1678         /* Eventually check for other socket options to change from
1679                 the default. sock_setsockopt not used because it expects
1680                 user space buffer */
1681         (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1682
1683         return rc;
1684 }
1685
1686 void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon,
1687                           struct super_block *sb, struct smb_vol *vol_info)
1688 {
1689         /* if we are reconnecting then should we check to see if
1690          * any requested capabilities changed locally e.g. via
1691          * remount but we can not do much about it here
1692          * if they have (even if we could detect it by the following)
1693          * Perhaps we could add a backpointer to array of sb from tcon
1694          * or if we change to make all sb to same share the same
1695          * sb as NFS - then we only have one backpointer to sb.
1696          * What if we wanted to mount the server share twice once with
1697          * and once without posixacls or posix paths? */
1698         __u64 saved_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
1699
1700         if (vol_info && vol_info->no_linux_ext) {
1701                 tcon->fsUnixInfo.Capability = 0;
1702                 tcon->unix_ext = 0; /* Unix Extensions disabled */
1703                 cFYI(1, ("Linux protocol extensions disabled"));
1704                 return;
1705         } else if (vol_info)
1706                 tcon->unix_ext = 1; /* Unix Extensions supported */
1707
1708         if (tcon->unix_ext == 0) {
1709                 cFYI(1, ("Unix extensions disabled so not set on reconnect"));
1710                 return;
1711         }
1712
1713         if (!CIFSSMBQFSUnixInfo(xid, tcon)) {
1714                 __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
1715
1716                 /* check for reconnect case in which we do not
1717                    want to change the mount behavior if we can avoid it */
1718                 if (vol_info == NULL) {
1719                         /* turn off POSIX ACL and PATHNAMES if not set
1720                            originally at mount time */
1721                         if ((saved_cap & CIFS_UNIX_POSIX_ACL_CAP) == 0)
1722                                 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
1723                         if ((saved_cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
1724                                 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
1725                                         cERROR(1, ("POSIXPATH support change"));
1726                                 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
1727                         } else if ((cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
1728                                 cERROR(1, ("possible reconnect error"));
1729                                 cERROR(1,
1730                                         ("server disabled POSIX path support"));
1731                         }
1732                 }
1733
1734                 cap &= CIFS_UNIX_CAP_MASK;
1735                 if (vol_info && vol_info->no_psx_acl)
1736                         cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
1737                 else if (CIFS_UNIX_POSIX_ACL_CAP & cap) {
1738                         cFYI(1, ("negotiated posix acl support"));
1739                         if (sb)
1740                                 sb->s_flags |= MS_POSIXACL;
1741                 }
1742
1743                 if (vol_info && vol_info->posix_paths == 0)
1744                         cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
1745                 else if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
1746                         cFYI(1, ("negotiate posix pathnames"));
1747                         if (sb)
1748                                 CIFS_SB(sb)->mnt_cifs_flags |=
1749                                         CIFS_MOUNT_POSIX_PATHS;
1750                 }
1751
1752                 /* We might be setting the path sep back to a different
1753                 form if we are reconnecting and the server switched its
1754                 posix path capability for this share */
1755                 if (sb && (CIFS_SB(sb)->prepathlen > 0))
1756                         CIFS_SB(sb)->prepath[0] = CIFS_DIR_SEP(CIFS_SB(sb));
1757
1758                 if (sb && (CIFS_SB(sb)->rsize > 127 * 1024)) {
1759                         if ((cap & CIFS_UNIX_LARGE_READ_CAP) == 0) {
1760                                 CIFS_SB(sb)->rsize = 127 * 1024;
1761                                 cFYI(DBG2,
1762                                         ("larger reads not supported by srv"));
1763                         }
1764                 }
1765
1766
1767                 cFYI(1, ("Negotiate caps 0x%x", (int)cap));
1768 #ifdef CONFIG_CIFS_DEBUG2
1769                 if (cap & CIFS_UNIX_FCNTL_CAP)
1770                         cFYI(1, ("FCNTL cap"));
1771                 if (cap & CIFS_UNIX_EXTATTR_CAP)
1772                         cFYI(1, ("EXTATTR cap"));
1773                 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
1774                         cFYI(1, ("POSIX path cap"));
1775                 if (cap & CIFS_UNIX_XATTR_CAP)
1776                         cFYI(1, ("XATTR cap"));
1777                 if (cap & CIFS_UNIX_POSIX_ACL_CAP)
1778                         cFYI(1, ("POSIX ACL cap"));
1779                 if (cap & CIFS_UNIX_LARGE_READ_CAP)
1780                         cFYI(1, ("very large read cap"));
1781                 if (cap & CIFS_UNIX_LARGE_WRITE_CAP)
1782                         cFYI(1, ("very large write cap"));
1783 #endif /* CIFS_DEBUG2 */
1784                 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
1785                         if (vol_info == NULL) {
1786                                 cFYI(1, ("resetting capabilities failed"));
1787                         } else
1788                                 cERROR(1, ("Negotiating Unix capabilities "
1789                                            "with the server failed.  Consider "
1790                                            "mounting with the Unix Extensions\n"
1791                                            "disabled, if problems are found, "
1792                                            "by specifying the nounix mount "
1793                                            "option."));
1794
1795                 }
1796         }
1797 }
1798
1799 static void
1800 convert_delimiter(char *path, char delim)
1801 {
1802         int i;
1803         char old_delim;
1804
1805         if (path == NULL)
1806                 return;
1807
1808         if (delim == '/') 
1809                 old_delim = '\\';
1810         else
1811                 old_delim = '/';
1812
1813         for (i = 0; path[i] != '\0'; i++) {
1814                 if (path[i] == old_delim)
1815                         path[i] = delim;
1816         }
1817 }
1818
1819 int
1820 cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
1821            char *mount_data, const char *devname)
1822 {
1823         int rc = 0;
1824         int xid;
1825         int address_type = AF_INET;
1826         struct socket *csocket = NULL;
1827         struct sockaddr_in sin_server;
1828         struct sockaddr_in6 sin_server6;
1829         struct smb_vol volume_info;
1830         struct cifsSesInfo *pSesInfo = NULL;
1831         struct cifsSesInfo *existingCifsSes = NULL;
1832         struct cifsTconInfo *tcon = NULL;
1833         struct TCP_Server_Info *srvTcp = NULL;
1834
1835         xid = GetXid();
1836
1837 /* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */
1838
1839         memset(&volume_info, 0, sizeof(struct smb_vol));
1840         if (cifs_parse_mount_options(mount_data, devname, &volume_info)) {
1841                 rc = -EINVAL;
1842                 goto out;
1843         }
1844
1845         if (volume_info.nullauth) {
1846                 cFYI(1, ("null user"));
1847                 volume_info.username = "";
1848         } else if (volume_info.username) {
1849                 /* BB fixme parse for domain name here */
1850                 cFYI(1, ("Username: %s", volume_info.username));
1851         } else {
1852                 cifserror("No username specified");
1853         /* In userspace mount helper we can get user name from alternate
1854            locations such as env variables and files on disk */
1855                 rc = -EINVAL;
1856                 goto out;
1857         }
1858
1859         if (volume_info.UNCip && volume_info.UNC) {
1860                 rc = cifs_inet_pton(AF_INET, volume_info.UNCip,
1861                                     &sin_server.sin_addr.s_addr);
1862
1863                 if (rc <= 0) {
1864                         /* not ipv4 address, try ipv6 */
1865                         rc = cifs_inet_pton(AF_INET6, volume_info.UNCip,
1866                                             &sin_server6.sin6_addr.in6_u);
1867                         if (rc > 0)
1868                                 address_type = AF_INET6;
1869                 } else {
1870                         address_type = AF_INET;
1871                 }
1872
1873                 if (rc <= 0) {
1874                         /* we failed translating address */
1875                         rc = -EINVAL;
1876                         goto out;
1877                 }
1878
1879                 cFYI(1, ("UNC: %s ip: %s", volume_info.UNC, volume_info.UNCip));
1880                 /* success */
1881                 rc = 0;
1882         } else if (volume_info.UNCip) {
1883                 /* BB using ip addr as server name to connect to the
1884                    DFS root below */
1885                 cERROR(1, ("Connecting to DFS root not implemented yet"));
1886                 rc = -EINVAL;
1887                 goto out;
1888         } else /* which servers DFS root would we conect to */ {
1889                 cERROR(1,
1890                        ("CIFS mount error: No UNC path (e.g. -o "
1891                         "unc=//192.168.1.100/public) specified"));
1892                 rc = -EINVAL;
1893                 goto out;
1894         }
1895
1896         /* this is needed for ASCII cp to Unicode converts */
1897         if (volume_info.iocharset == NULL) {
1898                 cifs_sb->local_nls = load_nls_default();
1899         /* load_nls_default can not return null */
1900         } else {
1901                 cifs_sb->local_nls = load_nls(volume_info.iocharset);
1902                 if (cifs_sb->local_nls == NULL) {
1903                         cERROR(1, ("CIFS mount error: iocharset %s not found",
1904                                  volume_info.iocharset));
1905                         rc = -ELIBACC;
1906                         goto out;
1907                 }
1908         }
1909
1910         if (address_type == AF_INET)
1911                 existingCifsSes = cifs_find_tcp_session(&sin_server.sin_addr,
1912                         NULL /* no ipv6 addr */,
1913                         volume_info.username, &srvTcp);
1914         else if (address_type == AF_INET6) {
1915                 cFYI(1, ("looking for ipv6 address"));
1916                 existingCifsSes = cifs_find_tcp_session(NULL /* no ipv4 addr */,
1917                         &sin_server6.sin6_addr,
1918                         volume_info.username, &srvTcp);
1919         } else {
1920                 rc = -EINVAL;
1921                 goto out;
1922         }
1923
1924         if (srvTcp) {
1925                 cFYI(1, ("Existing tcp session with server found"));
1926         } else {        /* create socket */
1927                 if (volume_info.port)
1928                         sin_server.sin_port = htons(volume_info.port);
1929                 else
1930                         sin_server.sin_port = 0;
1931                 if (address_type == AF_INET6) {
1932                         cFYI(1, ("attempting ipv6 connect"));
1933                         /* BB should we allow ipv6 on port 139? */
1934                         /* other OS never observed in Wild doing 139 with v6 */
1935                         rc = ipv6_connect(&sin_server6, &csocket);
1936                 } else
1937                         rc = ipv4_connect(&sin_server, &csocket,
1938                                   volume_info.source_rfc1001_name,
1939                                   volume_info.target_rfc1001_name);
1940                 if (rc < 0) {
1941                         cERROR(1, ("Error connecting to IPv4 socket. "
1942                                    "Aborting operation"));
1943                         if (csocket != NULL)
1944                                 sock_release(csocket);
1945                         goto out;
1946                 }
1947
1948                 srvTcp = kzalloc(sizeof(struct TCP_Server_Info), GFP_KERNEL);
1949                 if (!srvTcp) {
1950                         rc = -ENOMEM;
1951                         sock_release(csocket);
1952                         goto out;
1953                 } else {
1954                         memcpy(&srvTcp->addr.sockAddr, &sin_server,
1955                                 sizeof(struct sockaddr_in));
1956                         atomic_set(&srvTcp->inFlight, 0);
1957                         /* BB Add code for ipv6 case too */
1958                         srvTcp->ssocket = csocket;
1959                         srvTcp->protocolType = IPV4;
1960                         srvTcp->hostname = extract_hostname(volume_info.UNC);
1961                         if (IS_ERR(srvTcp->hostname)) {
1962                                 rc = PTR_ERR(srvTcp->hostname);
1963                                 sock_release(csocket);
1964                                 goto out;
1965                         }
1966                         init_waitqueue_head(&srvTcp->response_q);
1967                         init_waitqueue_head(&srvTcp->request_q);
1968                         INIT_LIST_HEAD(&srvTcp->pending_mid_q);
1969                         /* at this point we are the only ones with the pointer
1970                         to the struct since the kernel thread not created yet
1971                         so no need to spinlock this init of tcpStatus */
1972                         srvTcp->tcpStatus = CifsNew;
1973                         init_MUTEX(&srvTcp->tcpSem);
1974                         srvTcp->tsk = kthread_run((void *)(void *)cifs_demultiplex_thread, srvTcp, "cifsd");
1975                         if (IS_ERR(srvTcp->tsk)) {
1976                                 rc = PTR_ERR(srvTcp->tsk);
1977                                 cERROR(1, ("error %d create cifsd thread", rc));
1978                                 srvTcp->tsk = NULL;
1979                                 sock_release(csocket);
1980                                 kfree(srvTcp->hostname);
1981                                 goto out;
1982                         }
1983                         wait_for_completion(&cifsd_complete);
1984                         rc = 0;
1985                         memcpy(srvTcp->workstation_RFC1001_name,
1986                                 volume_info.source_rfc1001_name, 16);
1987                         memcpy(srvTcp->server_RFC1001_name,
1988                                 volume_info.target_rfc1001_name, 16);
1989                         srvTcp->sequence_number = 0;
1990                 }
1991         }
1992
1993         if (existingCifsSes) {
1994                 pSesInfo = existingCifsSes;
1995                 cFYI(1, ("Existing smb sess found (status=%d)",
1996                         pSesInfo->status));
1997                 down(&pSesInfo->sesSem);
1998                 if (pSesInfo->status == CifsNeedReconnect) {
1999                         cFYI(1, ("Session needs reconnect"));
2000                         rc = cifs_setup_session(xid, pSesInfo,
2001                                                 cifs_sb->local_nls);
2002                 }
2003                 up(&pSesInfo->sesSem);
2004         } else if (!rc) {
2005                 cFYI(1, ("Existing smb sess not found"));
2006                 pSesInfo = sesInfoAlloc();
2007                 if (pSesInfo == NULL)
2008                         rc = -ENOMEM;
2009                 else {
2010                         pSesInfo->server = srvTcp;
2011                         sprintf(pSesInfo->serverName, "%u.%u.%u.%u",
2012                                 NIPQUAD(sin_server.sin_addr.s_addr));
2013                 }
2014
2015                 if (!rc) {
2016                         /* volume_info.password freed at unmount */
2017                         if (volume_info.password) {
2018                                 pSesInfo->password = volume_info.password;
2019                                 /* set to NULL to prevent freeing on exit */
2020                                 volume_info.password = NULL;
2021                         }
2022                         if (volume_info.username)
2023                                 strncpy(pSesInfo->userName,
2024                                         volume_info.username,
2025                                         MAX_USERNAME_SIZE);
2026                         if (volume_info.domainname) {
2027                                 int len = strlen(volume_info.domainname);
2028                                 pSesInfo->domainName =
2029                                         kmalloc(len + 1, GFP_KERNEL);
2030                                 if (pSesInfo->domainName)
2031                                         strcpy(pSesInfo->domainName,
2032                                                 volume_info.domainname);
2033                         }
2034                         pSesInfo->linux_uid = volume_info.linux_uid;
2035                         pSesInfo->overrideSecFlg = volume_info.secFlg;
2036                         down(&pSesInfo->sesSem);
2037                         /* BB FIXME need to pass vol->secFlgs BB */
2038                         rc = cifs_setup_session(xid, pSesInfo,
2039                                                 cifs_sb->local_nls);
2040                         up(&pSesInfo->sesSem);
2041                         if (!rc)
2042                                 atomic_inc(&srvTcp->socketUseCount);
2043                 }
2044         }
2045
2046         /* search for existing tcon to this server share */
2047         if (!rc) {
2048                 if (volume_info.rsize > CIFSMaxBufSize) {
2049                         cERROR(1, ("rsize %d too large, using MaxBufSize",
2050                                 volume_info.rsize));
2051                         cifs_sb->rsize = CIFSMaxBufSize;
2052                 } else if ((volume_info.rsize) &&
2053                                 (volume_info.rsize <= CIFSMaxBufSize))
2054                         cifs_sb->rsize = volume_info.rsize;
2055                 else /* default */
2056                         cifs_sb->rsize = CIFSMaxBufSize;
2057
2058                 if (volume_info.wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
2059                         cERROR(1, ("wsize %d too large, using 4096 instead",
2060                                   volume_info.wsize));
2061                         cifs_sb->wsize = 4096;
2062                 } else if (volume_info.wsize)
2063                         cifs_sb->wsize = volume_info.wsize;
2064                 else
2065                         cifs_sb->wsize =
2066                                 min_t(const int, PAGEVEC_SIZE * PAGE_CACHE_SIZE,
2067                                         127*1024);
2068                         /* old default of CIFSMaxBufSize was too small now
2069                            that SMB Write2 can send multiple pages in kvec.
2070                            RFC1001 does not describe what happens when frame
2071                            bigger than 128K is sent so use that as max in
2072                            conjunction with 52K kvec constraint on arch with 4K
2073                            page size  */
2074
2075                 if (cifs_sb->rsize < 2048) {
2076                         cifs_sb->rsize = 2048;
2077                         /* Windows ME may prefer this */
2078                         cFYI(1, ("readsize set to minimum: 2048"));
2079                 }
2080                 /* calculate prepath */
2081                 cifs_sb->prepath = volume_info.prepath;
2082                 if (cifs_sb->prepath) {
2083                         cifs_sb->prepathlen = strlen(cifs_sb->prepath);
2084                         /* we can not convert the / to \ in the path
2085                         separators in the prefixpath yet because we do not
2086                         know (until reset_cifs_unix_caps is called later)
2087                         whether POSIX PATH CAP is available. We normalize
2088                         the / to \ after reset_cifs_unix_caps is called */
2089                         volume_info.prepath = NULL;
2090                 } else
2091                         cifs_sb->prepathlen = 0;
2092                 cifs_sb->mnt_uid = volume_info.linux_uid;
2093                 cifs_sb->mnt_gid = volume_info.linux_gid;
2094                 cifs_sb->mnt_file_mode = volume_info.file_mode;
2095                 cifs_sb->mnt_dir_mode = volume_info.dir_mode;
2096                 cFYI(1, ("file mode: 0x%x  dir mode: 0x%x",
2097                         cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode));
2098
2099                 if (volume_info.noperm)
2100                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
2101                 if (volume_info.setuids)
2102                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
2103                 if (volume_info.server_ino)
2104                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
2105                 if (volume_info.remap)
2106                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
2107                 if (volume_info.no_xattr)
2108                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
2109                 if (volume_info.sfu_emul)
2110                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
2111                 if (volume_info.nobrl)
2112                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
2113                 if (volume_info.cifs_acl)
2114                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
2115                 if (volume_info.override_uid)
2116                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
2117                 if (volume_info.override_gid)
2118                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
2119                 if (volume_info.direct_io) {
2120                         cFYI(1, ("mounting share using direct i/o"));
2121                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
2122                 }
2123
2124                 tcon =
2125                     find_unc(sin_server.sin_addr.s_addr, volume_info.UNC,
2126                              volume_info.username);
2127                 if (tcon) {
2128                         cFYI(1, ("Found match on UNC path"));
2129                         /* we can have only one retry value for a connection
2130                            to a share so for resources mounted more than once
2131                            to the same server share the last value passed in
2132                            for the retry flag is used */
2133                         tcon->retry = volume_info.retry;
2134                         tcon->nocase = volume_info.nocase;
2135                 } else {
2136                         tcon = tconInfoAlloc();
2137                         if (tcon == NULL)
2138                                 rc = -ENOMEM;
2139                         else {
2140                                 /* check for null share name ie connecting to
2141                                  * dfs root */
2142
2143                                 /* BB check if this works for exactly length
2144                                  * three strings */
2145                                 if ((strchr(volume_info.UNC + 3, '\\') == NULL)
2146                                     && (strchr(volume_info.UNC + 3, '/') ==
2147                                         NULL)) {
2148                                         rc = connect_to_dfs_path(xid, pSesInfo,
2149                                                 "", cifs_sb->local_nls,
2150                                                 cifs_sb->mnt_cifs_flags &
2151                                                   CIFS_MOUNT_MAP_SPECIAL_CHR);
2152                                         rc = -ENODEV;
2153                                         goto out;
2154                                 } else {
2155                                         /* BB Do we need to wrap sesSem around
2156                                          * this TCon call and Unix SetFS as
2157                                          * we do on SessSetup and reconnect? */
2158                                         rc = CIFSTCon(xid, pSesInfo,
2159                                                 volume_info.UNC,
2160                                                 tcon, cifs_sb->local_nls);
2161                                         cFYI(1, ("CIFS Tcon rc = %d", rc));
2162                                 }
2163                                 if (!rc) {
2164                                         atomic_inc(&pSesInfo->inUse);
2165                                         tcon->retry = volume_info.retry;
2166                                         tcon->nocase = volume_info.nocase;
2167                                 }
2168                         }
2169                 }
2170         }
2171         if (pSesInfo) {
2172                 if (pSesInfo->capabilities & CAP_LARGE_FILES) {
2173                         sb->s_maxbytes = (u64) 1 << 63;
2174                 } else
2175                         sb->s_maxbytes = (u64) 1 << 31; /* 2 GB */
2176         }
2177
2178         /* BB FIXME fix time_gran to be larger for LANMAN sessions */
2179         sb->s_time_gran = 100;
2180
2181 /* on error free sesinfo and tcon struct if needed */
2182         if (rc) {
2183                 /* if session setup failed, use count is zero but
2184                 we still need to free cifsd thread */
2185                 if (atomic_read(&srvTcp->socketUseCount) == 0) {
2186                         spin_lock(&GlobalMid_Lock);
2187                         srvTcp->tcpStatus = CifsExiting;
2188                         spin_unlock(&GlobalMid_Lock);
2189                         if (srvTcp->tsk) {
2190                                 struct task_struct *tsk;
2191                                 /* If we could verify that kthread_stop would
2192                                    always wake up processes blocked in
2193                                    tcp in recv_mesg then we could remove the
2194                                    send_sig call */
2195                                 force_sig(SIGKILL, srvTcp->tsk);
2196                                 tsk = srvTcp->tsk;
2197                                 if (tsk)
2198                                         kthread_stop(tsk);
2199                         }
2200                 }
2201                  /* If find_unc succeeded then rc == 0 so we can not end */
2202                 if (tcon)  /* up accidently freeing someone elses tcon struct */
2203                         tconInfoFree(tcon);
2204                 if (existingCifsSes == NULL) {
2205                         if (pSesInfo) {
2206                                 if ((pSesInfo->server) &&
2207                                     (pSesInfo->status == CifsGood)) {
2208                                         int temp_rc;
2209                                         temp_rc = CIFSSMBLogoff(xid, pSesInfo);
2210                                         /* if the socketUseCount is now zero */
2211                                         if ((temp_rc == -ESHUTDOWN) &&
2212                                             (pSesInfo->server) &&
2213                                             (pSesInfo->server->tsk)) {
2214                                                 struct task_struct *tsk;
2215                                                 force_sig(SIGKILL,
2216                                                         pSesInfo->server->tsk);
2217                                                 tsk = pSesInfo->server->tsk;
2218                                                 if (tsk)
2219                                                         kthread_stop(tsk);
2220                                         }
2221                                 } else {
2222                                         cFYI(1, ("No session or bad tcon"));
2223                                         if ((pSesInfo->server) &&
2224                                             (pSesInfo->server->tsk)) {
2225                                                 struct task_struct *tsk;
2226                                                 force_sig(SIGKILL,
2227                                                         pSesInfo->server->tsk);
2228                                                 tsk = pSesInfo->server->tsk;
2229                                                 if (tsk)
2230                                                         kthread_stop(tsk);
2231                                         }
2232                                 }
2233                                 sesInfoFree(pSesInfo);
2234                                 /* pSesInfo = NULL; */
2235                         }
2236                 }
2237         } else {
2238                 atomic_inc(&tcon->useCount);
2239                 cifs_sb->tcon = tcon;
2240                 tcon->ses = pSesInfo;
2241
2242                 /* do not care if following two calls succeed - informational */
2243                 if (!tcon->ipc) {
2244                         CIFSSMBQFSDeviceInfo(xid, tcon);
2245                         CIFSSMBQFSAttributeInfo(xid, tcon);
2246                 }
2247
2248                 /* tell server which Unix caps we support */
2249                 if (tcon->ses->capabilities & CAP_UNIX)
2250                         /* reset of caps checks mount to see if unix extensions
2251                            disabled for just this mount */
2252                         reset_cifs_unix_caps(xid, tcon, sb, &volume_info);
2253                 else
2254                         tcon->unix_ext = 0; /* server does not support them */
2255
2256                 /* convert forward to back slashes in prepath here if needed */
2257                 if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0)
2258                         convert_delimiter(cifs_sb->prepath,
2259                                           CIFS_DIR_SEP(cifs_sb));
2260
2261                 if ((tcon->unix_ext == 0) && (cifs_sb->rsize > (1024 * 127))) {
2262                         cifs_sb->rsize = 1024 * 127;
2263                         cFYI(DBG2,
2264                                 ("no very large read support, rsize now 127K"));
2265                 }
2266                 if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
2267                         cifs_sb->wsize = min(cifs_sb->wsize,
2268                                              (tcon->ses->server->maxBuf -
2269                                               MAX_CIFS_HDR_SIZE));
2270                 if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
2271                         cifs_sb->rsize = min(cifs_sb->rsize,
2272                                              (tcon->ses->server->maxBuf -
2273                                               MAX_CIFS_HDR_SIZE));
2274         }
2275
2276         /* volume_info.password is freed above when existing session found
2277         (in which case it is not needed anymore) but when new sesion is created
2278         the password ptr is put in the new session structure (in which case the
2279         password will be freed at unmount time) */
2280 out:
2281         /* zero out password before freeing */
2282         if (volume_info.password != NULL) {
2283                 memset(volume_info.password, 0, strlen(volume_info.password));
2284                 kfree(volume_info.password);
2285         }
2286         kfree(volume_info.UNC);
2287         kfree(volume_info.prepath);
2288         FreeXid(xid);
2289         return rc;
2290 }
2291
2292 static int
2293 CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2294               char session_key[CIFS_SESS_KEY_SIZE],
2295               const struct nls_table *nls_codepage)
2296 {
2297         struct smb_hdr *smb_buffer;
2298         struct smb_hdr *smb_buffer_response;
2299         SESSION_SETUP_ANDX *pSMB;
2300         SESSION_SETUP_ANDX *pSMBr;
2301         char *bcc_ptr;
2302         char *user;
2303         char *domain;
2304         int rc = 0;
2305         int remaining_words = 0;
2306         int bytes_returned = 0;
2307         int len;
2308         __u32 capabilities;
2309         __u16 count;
2310
2311         cFYI(1, ("In sesssetup"));
2312         if (ses == NULL)
2313                 return -EINVAL;
2314         user = ses->userName;
2315         domain = ses->domainName;
2316         smb_buffer = cifs_buf_get();
2317         if (smb_buffer == NULL) {
2318                 return -ENOMEM;
2319         }
2320         smb_buffer_response = smb_buffer;
2321         pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2322
2323         /* send SMBsessionSetup here */
2324         header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2325                         NULL /* no tCon exists yet */ , 13 /* wct */ );
2326
2327         smb_buffer->Mid = GetNextMid(ses->server);
2328         pSMB->req_no_secext.AndXCommand = 0xFF;
2329         pSMB->req_no_secext.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2330         pSMB->req_no_secext.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2331
2332         if (ses->server->secMode &
2333                         (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2334                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2335
2336         capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2337                 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
2338         if (ses->capabilities & CAP_UNICODE) {
2339                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2340                 capabilities |= CAP_UNICODE;
2341         }
2342         if (ses->capabilities & CAP_STATUS32) {
2343                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2344                 capabilities |= CAP_STATUS32;
2345         }
2346         if (ses->capabilities & CAP_DFS) {
2347                 smb_buffer->Flags2 |= SMBFLG2_DFS;
2348                 capabilities |= CAP_DFS;
2349         }
2350         pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
2351
2352         pSMB->req_no_secext.CaseInsensitivePasswordLength =
2353                 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2354
2355         pSMB->req_no_secext.CaseSensitivePasswordLength =
2356             cpu_to_le16(CIFS_SESS_KEY_SIZE);
2357         bcc_ptr = pByteArea(smb_buffer);
2358         memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2359         bcc_ptr += CIFS_SESS_KEY_SIZE;
2360         memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2361         bcc_ptr += CIFS_SESS_KEY_SIZE;
2362
2363         if (ses->capabilities & CAP_UNICODE) {
2364                 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode */
2365                         *bcc_ptr = 0;
2366                         bcc_ptr++;
2367                 }
2368                 if (user == NULL)
2369                         bytes_returned = 0; /* skip null user */
2370                 else
2371                         bytes_returned =
2372                                 cifs_strtoUCS((__le16 *) bcc_ptr, user, 100,
2373                                         nls_codepage);
2374                 /* convert number of 16 bit words to bytes */
2375                 bcc_ptr += 2 * bytes_returned;
2376                 bcc_ptr += 2;   /* trailing null */
2377                 if (domain == NULL)
2378                         bytes_returned =
2379                             cifs_strtoUCS((__le16 *) bcc_ptr,
2380                                           "CIFS_LINUX_DOM", 32, nls_codepage);
2381                 else
2382                         bytes_returned =
2383                             cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2384                                           nls_codepage);
2385                 bcc_ptr += 2 * bytes_returned;
2386                 bcc_ptr += 2;
2387                 bytes_returned =
2388                     cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2389                                   32, nls_codepage);
2390                 bcc_ptr += 2 * bytes_returned;
2391                 bytes_returned =
2392                     cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release,
2393                                   32, nls_codepage);
2394                 bcc_ptr += 2 * bytes_returned;
2395                 bcc_ptr += 2;
2396                 bytes_returned =
2397                     cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2398                                   64, nls_codepage);
2399                 bcc_ptr += 2 * bytes_returned;
2400                 bcc_ptr += 2;
2401         } else {
2402                 if (user != NULL) {
2403                     strncpy(bcc_ptr, user, 200);
2404                     bcc_ptr += strnlen(user, 200);
2405                 }
2406                 *bcc_ptr = 0;
2407                 bcc_ptr++;
2408                 if (domain == NULL) {
2409                         strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2410                         bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2411                 } else {
2412                         strncpy(bcc_ptr, domain, 64);
2413                         bcc_ptr += strnlen(domain, 64);
2414                         *bcc_ptr = 0;
2415                         bcc_ptr++;
2416                 }
2417                 strcpy(bcc_ptr, "Linux version ");
2418                 bcc_ptr += strlen("Linux version ");
2419                 strcpy(bcc_ptr, utsname()->release);
2420                 bcc_ptr += strlen(utsname()->release) + 1;
2421                 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2422                 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2423         }
2424         count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2425         smb_buffer->smb_buf_length += count;
2426         pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
2427
2428         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2429                          &bytes_returned, CIFS_LONG_OP);
2430         if (rc) {
2431 /* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2432         } else if ((smb_buffer_response->WordCount == 3)
2433                    || (smb_buffer_response->WordCount == 4)) {
2434                 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2435                 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2436                 if (action & GUEST_LOGIN)
2437                         cFYI(1, (" Guest login")); /* BB mark SesInfo struct? */
2438                 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format
2439                                                          (little endian) */
2440                 cFYI(1, ("UID = %d ", ses->Suid));
2441         /* response can have either 3 or 4 word count - Samba sends 3 */
2442                 bcc_ptr = pByteArea(smb_buffer_response);
2443                 if ((pSMBr->resp.hdr.WordCount == 3)
2444                     || ((pSMBr->resp.hdr.WordCount == 4)
2445                         && (blob_len < pSMBr->resp.ByteCount))) {
2446                         if (pSMBr->resp.hdr.WordCount == 4)
2447                                 bcc_ptr += blob_len;
2448
2449                         if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2450                                 if ((long) (bcc_ptr) % 2) {
2451                                         remaining_words =
2452                                             (BCC(smb_buffer_response) - 1) / 2;
2453                                         /* Unicode strings must be word
2454                                            aligned */
2455                                         bcc_ptr++;
2456                                 } else {
2457                                         remaining_words =
2458                                                 BCC(smb_buffer_response) / 2;
2459                                 }
2460                                 len =
2461                                     UniStrnlen((wchar_t *) bcc_ptr,
2462                                                remaining_words - 1);
2463 /* We look for obvious messed up bcc or strings in response so we do not go off
2464    the end since (at least) WIN2K and Windows XP have a major bug in not null
2465    terminating last Unicode string in response  */
2466                                 if (ses->serverOS)
2467                                         kfree(ses->serverOS);
2468                                 ses->serverOS = kzalloc(2 * (len + 1),
2469                                                         GFP_KERNEL);
2470                                 if (ses->serverOS == NULL)
2471                                         goto sesssetup_nomem;
2472                                 cifs_strfromUCS_le(ses->serverOS,
2473                                                    (__le16 *)bcc_ptr,
2474                                                    len, nls_codepage);
2475                                 bcc_ptr += 2 * (len + 1);
2476                                 remaining_words -= len + 1;
2477                                 ses->serverOS[2 * len] = 0;
2478                                 ses->serverOS[1 + (2 * len)] = 0;
2479                                 if (remaining_words > 0) {
2480                                         len = UniStrnlen((wchar_t *)bcc_ptr,
2481                                                          remaining_words-1);
2482                                         kfree(ses->serverNOS);
2483                                         ses->serverNOS = kzalloc(2 * (len + 1),
2484                                                                  GFP_KERNEL);
2485                                         if (ses->serverNOS == NULL)
2486                                                 goto sesssetup_nomem;
2487                                         cifs_strfromUCS_le(ses->serverNOS,
2488                                                            (__le16 *)bcc_ptr,
2489                                                            len, nls_codepage);
2490                                         bcc_ptr += 2 * (len + 1);
2491                                         ses->serverNOS[2 * len] = 0;
2492                                         ses->serverNOS[1 + (2 * len)] = 0;
2493                                         if (strncmp(ses->serverNOS,
2494                                                 "NT LAN Manager 4", 16) == 0) {
2495                                                 cFYI(1, ("NT4 server"));
2496                                                 ses->flags |= CIFS_SES_NT4;
2497                                         }
2498                                         remaining_words -= len + 1;
2499                                         if (remaining_words > 0) {
2500                                                 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2501                                 /* last string is not always null terminated
2502                                    (for e.g. for Windows XP & 2000) */
2503                                                 if (ses->serverDomain)
2504                                                         kfree(ses->serverDomain);
2505                                                 ses->serverDomain =
2506                                                     kzalloc(2*(len+1),
2507                                                             GFP_KERNEL);
2508                                                 if (ses->serverDomain == NULL)
2509                                                         goto sesssetup_nomem;
2510                                                 cifs_strfromUCS_le(ses->serverDomain,
2511                                                         (__le16 *)bcc_ptr,
2512                                                         len, nls_codepage);
2513                                                 bcc_ptr += 2 * (len + 1);
2514                                                 ses->serverDomain[2*len] = 0;
2515                                                 ses->serverDomain[1+(2*len)] = 0;
2516                                         } else { /* else no more room so create
2517                                                   dummy domain string */
2518                                                 if (ses->serverDomain)
2519                                                         kfree(ses->serverDomain);
2520                                                 ses->serverDomain =
2521                                                         kzalloc(2, GFP_KERNEL);
2522                                         }
2523                                 } else { /* no room so create dummy domain
2524                                             and NOS string */
2525
2526                                         /* if these kcallocs fail not much we
2527                                            can do, but better to not fail the
2528                                            sesssetup itself */
2529                                         kfree(ses->serverDomain);
2530                                         ses->serverDomain =
2531                                             kzalloc(2, GFP_KERNEL);
2532                                         kfree(ses->serverNOS);
2533                                         ses->serverNOS =
2534                                             kzalloc(2, GFP_KERNEL);
2535                                 }
2536                         } else {        /* ASCII */
2537                                 len = strnlen(bcc_ptr, 1024);
2538                                 if (((long) bcc_ptr + len) - (long)
2539                                     pByteArea(smb_buffer_response)
2540                                             <= BCC(smb_buffer_response)) {
2541                                         kfree(ses->serverOS);
2542                                         ses->serverOS = kzalloc(len + 1,
2543                                                                 GFP_KERNEL);
2544                                         if (ses->serverOS == NULL)
2545                                                 goto sesssetup_nomem;
2546                                         strncpy(ses->serverOS, bcc_ptr, len);
2547
2548                                         bcc_ptr += len;
2549                                         /* null terminate the string */
2550                                         bcc_ptr[0] = 0;
2551                                         bcc_ptr++;
2552
2553                                         len = strnlen(bcc_ptr, 1024);
2554                                         kfree(ses->serverNOS);
2555                                         ses->serverNOS = kzalloc(len + 1,
2556                                                                  GFP_KERNEL);
2557                                         if (ses->serverNOS == NULL)
2558                                                 goto sesssetup_nomem;
2559                                         strncpy(ses->serverNOS, bcc_ptr, len);
2560                                         bcc_ptr += len;
2561                                         bcc_ptr[0] = 0;
2562                                         bcc_ptr++;
2563
2564                                         len = strnlen(bcc_ptr, 1024);
2565                                         if (ses->serverDomain)
2566                                                 kfree(ses->serverDomain);
2567                                         ses->serverDomain = kzalloc(len + 1,
2568                                                                     GFP_KERNEL);
2569                                         if (ses->serverDomain == NULL)
2570                                                 goto sesssetup_nomem;
2571                                         strncpy(ses->serverDomain, bcc_ptr,
2572                                                 len);
2573                                         bcc_ptr += len;
2574                                         bcc_ptr[0] = 0;
2575                                         bcc_ptr++;
2576                                 } else
2577                                         cFYI(1,
2578                                              ("Variable field of length %d "
2579                                                 "extends beyond end of smb ",
2580                                               len));
2581                         }
2582                 } else {
2583                         cERROR(1,
2584                                (" Security Blob Length extends beyond "
2585                                 "end of SMB"));
2586                 }
2587         } else {
2588                 cERROR(1,
2589                        (" Invalid Word count %d: ",
2590                         smb_buffer_response->WordCount));
2591                 rc = -EIO;
2592         }
2593 sesssetup_nomem:        /* do not return an error on nomem for the info strings,
2594                            since that could make reconnection harder, and
2595                            reconnection might be needed to free memory */
2596         cifs_buf_release(smb_buffer);
2597
2598         return rc;
2599 }
2600
2601 static int
2602 CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2603                               struct cifsSesInfo *ses, bool *pNTLMv2_flag,
2604                               const struct nls_table *nls_codepage)
2605 {
2606         struct smb_hdr *smb_buffer;
2607         struct smb_hdr *smb_buffer_response;
2608         SESSION_SETUP_ANDX *pSMB;
2609         SESSION_SETUP_ANDX *pSMBr;
2610         char *bcc_ptr;
2611         char *domain;
2612         int rc = 0;
2613         int remaining_words = 0;
2614         int bytes_returned = 0;
2615         int len;
2616         int SecurityBlobLength = sizeof(NEGOTIATE_MESSAGE);
2617         PNEGOTIATE_MESSAGE SecurityBlob;
2618         PCHALLENGE_MESSAGE SecurityBlob2;
2619         __u32 negotiate_flags, capabilities;
2620         __u16 count;
2621
2622         cFYI(1, ("In NTLMSSP sesssetup (negotiate)"));
2623         if (ses == NULL)
2624                 return -EINVAL;
2625         domain = ses->domainName;
2626         *pNTLMv2_flag = false;
2627         smb_buffer = cifs_buf_get();
2628         if (smb_buffer == NULL) {
2629                 return -ENOMEM;
2630         }
2631         smb_buffer_response = smb_buffer;
2632         pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2633         pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2634
2635         /* send SMBsessionSetup here */
2636         header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2637                         NULL /* no tCon exists yet */ , 12 /* wct */ );
2638
2639         smb_buffer->Mid = GetNextMid(ses->server);
2640         pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2641         pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2642
2643         pSMB->req.AndXCommand = 0xFF;
2644         pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2645         pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2646
2647         if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2648                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2649
2650         capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2651             CAP_EXTENDED_SECURITY;
2652         if (ses->capabilities & CAP_UNICODE) {
2653                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2654                 capabilities |= CAP_UNICODE;
2655         }
2656         if (ses->capabilities & CAP_STATUS32) {
2657                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2658                 capabilities |= CAP_STATUS32;
2659         }
2660         if (ses->capabilities & CAP_DFS) {
2661                 smb_buffer->Flags2 |= SMBFLG2_DFS;
2662                 capabilities |= CAP_DFS;
2663         }
2664         pSMB->req.Capabilities = cpu_to_le32(capabilities);
2665
2666         bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2667         SecurityBlob = (PNEGOTIATE_MESSAGE) bcc_ptr;
2668         strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2669         SecurityBlob->MessageType = NtLmNegotiate;
2670         negotiate_flags =
2671             NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
2672             NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM |
2673             NTLMSSP_NEGOTIATE_56 |
2674             /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
2675         if (sign_CIFS_PDUs)
2676                 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
2677 /*      if (ntlmv2_support)
2678                 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;*/
2679         /* setup pointers to domain name and workstation name */
2680         bcc_ptr += SecurityBlobLength;
2681
2682         SecurityBlob->WorkstationName.Buffer = 0;
2683         SecurityBlob->WorkstationName.Length = 0;
2684         SecurityBlob->WorkstationName.MaximumLength = 0;
2685
2686         /* Domain not sent on first Sesssetup in NTLMSSP, instead it is sent
2687         along with username on auth request (ie the response to challenge) */
2688         SecurityBlob->DomainName.Buffer = 0;
2689         SecurityBlob->DomainName.Length = 0;
2690         SecurityBlob->DomainName.MaximumLength = 0;
2691         if (ses->capabilities & CAP_UNICODE) {
2692                 if ((long) bcc_ptr % 2) {
2693                         *bcc_ptr = 0;
2694                         bcc_ptr++;
2695                 }
2696
2697                 bytes_returned =
2698                     cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2699                                   32, nls_codepage);
2700                 bcc_ptr += 2 * bytes_returned;
2701                 bytes_returned =
2702                     cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
2703                                   nls_codepage);
2704                 bcc_ptr += 2 * bytes_returned;
2705                 bcc_ptr += 2;   /* null terminate Linux version */
2706                 bytes_returned =
2707                     cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2708                                   64, nls_codepage);
2709                 bcc_ptr += 2 * bytes_returned;
2710                 *(bcc_ptr + 1) = 0;
2711                 *(bcc_ptr + 2) = 0;
2712                 bcc_ptr += 2;   /* null terminate network opsys string */
2713                 *(bcc_ptr + 1) = 0;
2714                 *(bcc_ptr + 2) = 0;
2715                 bcc_ptr += 2;   /* null domain */
2716         } else {                /* ASCII */
2717                 strcpy(bcc_ptr, "Linux version ");
2718                 bcc_ptr += strlen("Linux version ");
2719                 strcpy(bcc_ptr, utsname()->release);
2720                 bcc_ptr += strlen(utsname()->release) + 1;
2721                 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2722                 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2723                 bcc_ptr++;      /* empty domain field */
2724                 *bcc_ptr = 0;
2725         }
2726         SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2727         pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2728         count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2729         smb_buffer->smb_buf_length += count;
2730         pSMB->req.ByteCount = cpu_to_le16(count);
2731
2732         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2733                          &bytes_returned, CIFS_LONG_OP);
2734
2735         if (smb_buffer_response->Status.CifsError ==
2736             cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
2737                 rc = 0;
2738
2739         if (rc) {
2740 /*    rc = map_smb_to_linux_error(smb_buffer_response);  *//* done in SendReceive now */
2741         } else if ((smb_buffer_response->WordCount == 3)
2742                    || (smb_buffer_response->WordCount == 4)) {
2743                 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2744                 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2745
2746                 if (action & GUEST_LOGIN)
2747                         cFYI(1, (" Guest login"));
2748         /* Do we want to set anything in SesInfo struct when guest login? */
2749
2750                 bcc_ptr = pByteArea(smb_buffer_response);
2751         /* response can have either 3 or 4 word count - Samba sends 3 */
2752
2753                 SecurityBlob2 = (PCHALLENGE_MESSAGE) bcc_ptr;
2754                 if (SecurityBlob2->MessageType != NtLmChallenge) {
2755                         cFYI(1,
2756                              ("Unexpected NTLMSSP message type received %d",
2757                               SecurityBlob2->MessageType));
2758                 } else if (ses) {
2759                         ses->Suid = smb_buffer_response->Uid; /* UID left in le format */
2760                         cFYI(1, ("UID = %d", ses->Suid));
2761                         if ((pSMBr->resp.hdr.WordCount == 3)
2762                             || ((pSMBr->resp.hdr.WordCount == 4)
2763                                 && (blob_len <
2764                                     pSMBr->resp.ByteCount))) {
2765
2766                                 if (pSMBr->resp.hdr.WordCount == 4) {
2767                                         bcc_ptr += blob_len;
2768                                         cFYI(1, ("Security Blob Length %d",
2769                                               blob_len));
2770                                 }
2771
2772                                 cFYI(1, ("NTLMSSP Challenge rcvd"));
2773
2774                                 memcpy(ses->server->cryptKey,
2775                                        SecurityBlob2->Challenge,
2776                                        CIFS_CRYPTO_KEY_SIZE);
2777                                 if (SecurityBlob2->NegotiateFlags &
2778                                         cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
2779                                         *pNTLMv2_flag = true;
2780
2781                                 if ((SecurityBlob2->NegotiateFlags &
2782                                         cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN))
2783                                         || (sign_CIFS_PDUs > 1))
2784                                                 ses->server->secMode |=
2785                                                         SECMODE_SIGN_REQUIRED;
2786                                 if ((SecurityBlob2->NegotiateFlags &
2787                                         cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN)) && (sign_CIFS_PDUs))
2788                                                 ses->server->secMode |=
2789                                                         SECMODE_SIGN_ENABLED;
2790
2791                                 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2792                                         if ((long) (bcc_ptr) % 2) {
2793                                                 remaining_words =
2794                                                     (BCC(smb_buffer_response)
2795                                                      - 1) / 2;
2796                                          /* Must word align unicode strings */
2797                                                 bcc_ptr++;
2798                                         } else {
2799                                                 remaining_words =
2800                                                     BCC
2801                                                     (smb_buffer_response) / 2;
2802                                         }
2803                                         len =
2804                                             UniStrnlen((wchar_t *) bcc_ptr,
2805                                                        remaining_words - 1);
2806 /* We look for obvious messed up bcc or strings in response so we do not go off
2807    the end since (at least) WIN2K and Windows XP have a major bug in not null
2808    terminating last Unicode string in response  */
2809                                         if (ses->serverOS)
2810                                                 kfree(ses->serverOS);
2811                                         ses->serverOS =
2812                                             kzalloc(2 * (len + 1), GFP_KERNEL);
2813                                         cifs_strfromUCS_le(ses->serverOS,
2814                                                            (__le16 *)
2815                                                            bcc_ptr, len,
2816                                                            nls_codepage);
2817                                         bcc_ptr += 2 * (len + 1);
2818                                         remaining_words -= len + 1;
2819                                         ses->serverOS[2 * len] = 0;
2820                                         ses->serverOS[1 + (2 * len)] = 0;
2821                                         if (remaining_words > 0) {
2822                                                 len = UniStrnlen((wchar_t *)
2823                                                                  bcc_ptr,
2824                                                                  remaining_words
2825                                                                  - 1);
2826                                                 kfree(ses->serverNOS);
2827                                                 ses->serverNOS =
2828                                                     kzalloc(2 * (len + 1),
2829                                                             GFP_KERNEL);
2830                                                 cifs_strfromUCS_le(ses->
2831                                                                    serverNOS,
2832                                                                    (__le16 *)
2833                                                                    bcc_ptr,
2834                                                                    len,
2835                                                                    nls_codepage);
2836                                                 bcc_ptr += 2 * (len + 1);
2837                                                 ses->serverNOS[2 * len] = 0;
2838                                                 ses->serverNOS[1 +
2839                                                                (2 * len)] = 0;
2840                                                 remaining_words -= len + 1;
2841                                                 if (remaining_words > 0) {
2842                                                         len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2843                                 /* last string not always null terminated
2844                                    (for e.g. for Windows XP & 2000) */
2845                                                         kfree(ses->serverDomain);
2846                                                         ses->serverDomain =
2847                                                             kzalloc(2 *
2848                                                                     (len +
2849                                                                      1),
2850                                                                     GFP_KERNEL);
2851                                                         cifs_strfromUCS_le
2852                                                             (ses->serverDomain,
2853                                                              (__le16 *)bcc_ptr,
2854                                                              len, nls_codepage);
2855                                                         bcc_ptr +=
2856                                                             2 * (len + 1);
2857                                                         ses->serverDomain[2*len]
2858                                                             = 0;
2859                                                         ses->serverDomain
2860                                                                 [1 + (2 * len)]
2861                                                             = 0;
2862                                                 } /* else no more room so create dummy domain string */
2863                                                 else {
2864                                                         kfree(ses->serverDomain);
2865                                                         ses->serverDomain =
2866                                                             kzalloc(2,
2867                                                                     GFP_KERNEL);
2868                                                 }
2869                                         } else {        /* no room so create dummy domain and NOS string */
2870                                                 kfree(ses->serverDomain);
2871                                                 ses->serverDomain =
2872                                                     kzalloc(2, GFP_KERNEL);
2873                                                 kfree(ses->serverNOS);
2874                                                 ses->serverNOS =
2875                                                     kzalloc(2, GFP_KERNEL);
2876                                         }
2877                                 } else {        /* ASCII */
2878                                         len = strnlen(bcc_ptr, 1024);
2879                                         if (((long) bcc_ptr + len) - (long)
2880                                             pByteArea(smb_buffer_response)
2881                                             <= BCC(smb_buffer_response)) {
2882                                                 if (ses->serverOS)
2883                                                         kfree(ses->serverOS);
2884                                                 ses->serverOS =
2885                                                     kzalloc(len + 1,
2886                                                             GFP_KERNEL);
2887                                                 strncpy(ses->serverOS,
2888                                                         bcc_ptr, len);
2889
2890                                                 bcc_ptr += len;
2891                                                 bcc_ptr[0] = 0; /* null terminate string */
2892                                                 bcc_ptr++;
2893
2894                                                 len = strnlen(bcc_ptr, 1024);
2895                                                 kfree(ses->serverNOS);
2896                                                 ses->serverNOS =
2897                                                     kzalloc(len + 1,
2898                                                             GFP_KERNEL);
2899                                                 strncpy(ses->serverNOS, bcc_ptr, len);
2900                                                 bcc_ptr += len;
2901                                                 bcc_ptr[0] = 0;
2902                                                 bcc_ptr++;
2903
2904                                                 len = strnlen(bcc_ptr, 1024);
2905                                                 kfree(ses->serverDomain);
2906                                                 ses->serverDomain =
2907                                                     kzalloc(len + 1,
2908                                                             GFP_KERNEL);
2909                                                 strncpy(ses->serverDomain,
2910                                                         bcc_ptr, len);
2911                                                 bcc_ptr += len;
2912                                                 bcc_ptr[0] = 0;
2913                                                 bcc_ptr++;
2914                                         } else
2915                                                 cFYI(1,
2916                                                      ("field of length %d "
2917                                                     "extends beyond end of smb",
2918                                                       len));
2919                                 }
2920                         } else {
2921                                 cERROR(1, ("Security Blob Length extends beyond"
2922                                            " end of SMB"));
2923                         }
2924                 } else {
2925                         cERROR(1, ("No session structure passed in."));
2926                 }
2927         } else {
2928                 cERROR(1,
2929                        (" Invalid Word count %d:",
2930                         smb_buffer_response->WordCount));
2931                 rc = -EIO;
2932         }
2933
2934         cifs_buf_release(smb_buffer);
2935
2936         return rc;
2937 }
2938 static int
2939 CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2940                         char *ntlm_session_key, bool ntlmv2_flag,
2941                         const struct nls_table *nls_codepage)
2942 {
2943         struct smb_hdr *smb_buffer;
2944         struct smb_hdr *smb_buffer_response;
2945         SESSION_SETUP_ANDX *pSMB;
2946         SESSION_SETUP_ANDX *pSMBr;
2947         char *bcc_ptr;
2948         char *user;
2949         char *domain;
2950         int rc = 0;
2951         int remaining_words = 0;
2952         int bytes_returned = 0;
2953         int len;
2954         int SecurityBlobLength = sizeof(AUTHENTICATE_MESSAGE);
2955         PAUTHENTICATE_MESSAGE SecurityBlob;
2956         __u32 negotiate_flags, capabilities;
2957         __u16 count;
2958
2959         cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
2960         if (ses == NULL)
2961                 return -EINVAL;
2962         user = ses->userName;
2963         domain = ses->domainName;
2964         smb_buffer = cifs_buf_get();
2965         if (smb_buffer == NULL) {
2966                 return -ENOMEM;
2967         }
2968         smb_buffer_response = smb_buffer;
2969         pSMB = (SESSION_SETUP_ANDX *)smb_buffer;
2970         pSMBr = (SESSION_SETUP_ANDX *)smb_buffer_response;
2971
2972         /* send SMBsessionSetup here */
2973         header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2974                         NULL /* no tCon exists yet */ , 12 /* wct */ );
2975
2976         smb_buffer->Mid = GetNextMid(ses->server);
2977         pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2978         pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2979         pSMB->req.AndXCommand = 0xFF;
2980         pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2981         pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2982
2983         pSMB->req.hdr.Uid = ses->Suid;
2984
2985         if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2986                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2987
2988         capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2989                         CAP_EXTENDED_SECURITY;
2990         if (ses->capabilities & CAP_UNICODE) {
2991                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2992                 capabilities |= CAP_UNICODE;
2993         }
2994         if (ses->capabilities & CAP_STATUS32) {
2995                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2996                 capabilities |= CAP_STATUS32;
2997         }
2998         if (ses->capabilities & CAP_DFS) {
2999                 smb_buffer->Flags2 |= SMBFLG2_DFS;
3000                 capabilities |= CAP_DFS;
3001         }
3002         pSMB->req.Capabilities = cpu_to_le32(capabilities);
3003
3004         bcc_ptr = (char *)&pSMB->req.SecurityBlob;
3005         SecurityBlob = (PAUTHENTICATE_MESSAGE)bcc_ptr;
3006         strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
3007         SecurityBlob->MessageType = NtLmAuthenticate;
3008         bcc_ptr += SecurityBlobLength;
3009         negotiate_flags = NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
3010                         NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
3011                         0x80000000 | NTLMSSP_NEGOTIATE_128;
3012         if (sign_CIFS_PDUs)
3013                 negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
3014         if (ntlmv2_flag)
3015                 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
3016
3017 /* setup pointers to domain name and workstation name */
3018
3019         SecurityBlob->WorkstationName.Buffer = 0;
3020         SecurityBlob->WorkstationName.Length = 0;
3021         SecurityBlob->WorkstationName.MaximumLength = 0;
3022         SecurityBlob->SessionKey.Length = 0;
3023         SecurityBlob->SessionKey.MaximumLength = 0;
3024         SecurityBlob->SessionKey.Buffer = 0;
3025
3026         SecurityBlob->LmChallengeResponse.Length = 0;
3027         SecurityBlob->LmChallengeResponse.MaximumLength = 0;
3028         SecurityBlob->LmChallengeResponse.Buffer = 0;
3029
3030         SecurityBlob->NtChallengeResponse.Length =
3031             cpu_to_le16(CIFS_SESS_KEY_SIZE);
3032         SecurityBlob->NtChallengeResponse.MaximumLength =
3033             cpu_to_le16(CIFS_SESS_KEY_SIZE);
3034         memcpy(bcc_ptr, ntlm_session_key, CIFS_SESS_KEY_SIZE);
3035         SecurityBlob->NtChallengeResponse.Buffer =
3036             cpu_to_le32(SecurityBlobLength);
3037         SecurityBlobLength += CIFS_SESS_KEY_SIZE;
3038         bcc_ptr += CIFS_SESS_KEY_SIZE;
3039
3040         if (ses->capabilities & CAP_UNICODE) {
3041                 if (domain == NULL) {
3042                         SecurityBlob->DomainName.Buffer = 0;
3043                         SecurityBlob->DomainName.Length = 0;
3044                         SecurityBlob->DomainName.MaximumLength = 0;
3045                 } else {
3046                         __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
3047                                           nls_codepage);
3048                         ln *= 2;
3049                         SecurityBlob->DomainName.MaximumLength =
3050                             cpu_to_le16(ln);
3051                         SecurityBlob->DomainName.Buffer =
3052                             cpu_to_le32(SecurityBlobLength);
3053                         bcc_ptr += ln;
3054                         SecurityBlobLength += ln;
3055                         SecurityBlob->DomainName.Length = cpu_to_le16(ln);
3056                 }
3057                 if (user == NULL) {
3058                         SecurityBlob->UserName.Buffer = 0;
3059                         SecurityBlob->UserName.Length = 0;
3060                         SecurityBlob->UserName.MaximumLength = 0;
3061                 } else {
3062                         __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, user, 64,
3063                                           nls_codepage);
3064                         ln *= 2;
3065                         SecurityBlob->UserName.MaximumLength =
3066                             cpu_to_le16(ln);
3067                         SecurityBlob->UserName.Buffer =
3068                             cpu_to_le32(SecurityBlobLength);
3069                         bcc_ptr += ln;
3070                         SecurityBlobLength += ln;
3071                         SecurityBlob->UserName.Length = cpu_to_le16(ln);
3072                 }
3073
3074                 /* SecurityBlob->WorkstationName.Length =
3075                  cifs_strtoUCS((__le16 *) bcc_ptr, "AMACHINE",64, nls_codepage);
3076                    SecurityBlob->WorkstationName.Length *= 2;
3077                    SecurityBlob->WorkstationName.MaximumLength =
3078                         cpu_to_le16(SecurityBlob->WorkstationName.Length);
3079                    SecurityBlob->WorkstationName.Buffer =
3080                                  cpu_to_le32(SecurityBlobLength);
3081                    bcc_ptr += SecurityBlob->WorkstationName.Length;
3082                    SecurityBlobLength += SecurityBlob->WorkstationName.Length;
3083                    SecurityBlob->WorkstationName.Length =
3084                         cpu_to_le16(SecurityBlob->WorkstationName.Length);  */
3085
3086                 if ((long) bcc_ptr % 2) {
3087                         *bcc_ptr = 0;
3088                         bcc_ptr++;
3089                 }
3090                 bytes_returned =
3091                     cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
3092                                   32, nls_codepage);
3093                 bcc_ptr += 2 * bytes_returned;
3094                 bytes_returned =
3095                     cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
3096                                   nls_codepage);
3097                 bcc_ptr += 2 * bytes_returned;
3098                 bcc_ptr += 2;   /* null term version string */
3099                 bytes_returned =
3100                     cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
3101                                   64, nls_codepage);
3102                 bcc_ptr += 2 * bytes_returned;
3103                 *(bcc_ptr + 1) = 0;
3104                 *(bcc_ptr + 2) = 0;
3105                 bcc_ptr += 2;   /* null terminate network opsys string */
3106                 *(bcc_ptr + 1) = 0;
3107                 *(bcc_ptr + 2) = 0;
3108                 bcc_ptr += 2;   /* null domain */
3109         } else {                /* ASCII */
3110                 if (domain == NULL) {
3111                         SecurityBlob->DomainName.Buffer = 0;
3112                         SecurityBlob->DomainName.Length = 0;
3113                         SecurityBlob->DomainName.MaximumLength = 0;
3114                 } else {
3115                         __u16 ln;
3116                         negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
3117                         strncpy(bcc_ptr, domain, 63);
3118                         ln = strnlen(domain, 64);
3119                         SecurityBlob->DomainName.MaximumLength =
3120                             cpu_to_le16(ln);
3121                         SecurityBlob->DomainName.Buffer =
3122                             cpu_to_le32(SecurityBlobLength);
3123                         bcc_ptr += ln;
3124                         SecurityBlobLength += ln;
3125                         SecurityBlob->DomainName.Length = cpu_to_le16(ln);
3126                 }
3127                 if (user == NULL) {
3128                         SecurityBlob->UserName.Buffer = 0;
3129                         SecurityBlob->UserName.Length = 0;
3130                         SecurityBlob->UserName.MaximumLength = 0;
3131                 } else {
3132                         __u16 ln;
3133                         strncpy(bcc_ptr, user, 63);
3134                         ln = strnlen(user, 64);
3135                         SecurityBlob->UserName.MaximumLength = cpu_to_le16(ln);
3136                         SecurityBlob->UserName.Buffer =
3137                                                 cpu_to_le32(SecurityBlobLength);
3138                         bcc_ptr += ln;
3139                         SecurityBlobLength += ln;
3140                         SecurityBlob->UserName.Length = cpu_to_le16(ln);
3141                 }
3142                 /* BB fill in our workstation name if known BB */
3143
3144                 strcpy(bcc_ptr, "Linux version ");
3145                 bcc_ptr += strlen("Linux version ");
3146                 strcpy(bcc_ptr, utsname()->release);
3147                 bcc_ptr += strlen(utsname()->release) + 1;
3148                 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
3149                 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
3150                 bcc_ptr++;      /* null domain */
3151                 *bcc_ptr = 0;
3152         }
3153         SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
3154         pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
3155         count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
3156         smb_buffer->smb_buf_length += count;
3157         pSMB->req.ByteCount = cpu_to_le16(count);
3158
3159         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
3160                          &bytes_returned, CIFS_LONG_OP);
3161         if (rc) {
3162 /*   rc = map_smb_to_linux_error(smb_buffer_response) done in SendReceive now */
3163         } else if ((smb_buffer_response->WordCount == 3) ||
3164                    (smb_buffer_response->WordCount == 4)) {
3165                 __u16 action = le16_to_cpu(pSMBr->resp.Action);
3166                 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
3167                 if (action & GUEST_LOGIN)
3168                         cFYI(1, (" Guest login")); /* BB Should we set anything
3169                                                          in SesInfo struct ? */
3170 /*              if (SecurityBlob2->MessageType != NtLm??) {
3171                         cFYI("Unexpected message type on auth response is %d"));
3172                 } */
3173
3174                 if (ses) {
3175                         cFYI(1,
3176                              ("Check challenge UID %d vs auth response UID %d",
3177                               ses->Suid, smb_buffer_response->Uid));
3178                         /* UID left in wire format */
3179                         ses->Suid = smb_buffer_response->Uid;
3180                         bcc_ptr = pByteArea(smb_buffer_response);
3181                 /* response can have either 3 or 4 word count - Samba sends 3 */
3182                         if ((pSMBr->resp.hdr.WordCount == 3)
3183                             || ((pSMBr->resp.hdr.WordCount == 4)
3184                                 && (blob_len <
3185                                     pSMBr->resp.ByteCount))) {
3186                                 if (pSMBr->resp.hdr.WordCount == 4) {
3187                                         bcc_ptr +=
3188                                             blob_len;
3189                                         cFYI(1,
3190                                              ("Security Blob Length %d ",
3191                                               blob_len));
3192                                 }
3193
3194                                 cFYI(1,
3195                                      ("NTLMSSP response to Authenticate "));
3196
3197                                 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3198                                         if ((long) (bcc_ptr) % 2) {
3199                                                 remaining_words =
3200                                                     (BCC(smb_buffer_response)
3201                                                      - 1) / 2;
3202                                                 bcc_ptr++;      /* Unicode strings must be word aligned */
3203                                         } else {
3204                                                 remaining_words = BCC(smb_buffer_response) / 2;
3205                                         }
3206                                         len = UniStrnlen((wchar_t *) bcc_ptr,
3207                                                         remaining_words - 1);
3208 /* We look for obvious messed up bcc or strings in response so we do not go off
3209   the end since (at least) WIN2K and Windows XP have a major bug in not null
3210   terminating last Unicode string in response  */
3211                                         if (ses->serverOS)
3212                                                 kfree(ses->serverOS);
3213                                         ses->serverOS =
3214                                             kzalloc(2 * (len + 1), GFP_KERNEL);
3215                                         cifs_strfromUCS_le(ses->serverOS,
3216                                                            (__le16 *)
3217                                                            bcc_ptr, len,
3218                                                            nls_codepage);
3219                                         bcc_ptr += 2 * (len + 1);
3220                                         remaining_words -= len + 1;
3221                                         ses->serverOS[2 * len] = 0;
3222                                         ses->serverOS[1 + (2 * len)] = 0;
3223                                         if (remaining_words > 0) {
3224                                                 len = UniStrnlen((wchar_t *)
3225                                                                  bcc_ptr,
3226                                                                  remaining_words
3227                                                                  - 1);
3228                                                 kfree(ses->serverNOS);
3229                                                 ses->serverNOS =
3230                                                     kzalloc(2 * (len + 1),
3231                                                             GFP_KERNEL);
3232                                                 cifs_strfromUCS_le(ses->
3233                                                                    serverNOS,
3234                                                                    (__le16 *)
3235                                                                    bcc_ptr,
3236                                                                    len,
3237                                                                    nls_codepage);
3238                                                 bcc_ptr += 2 * (len + 1);
3239                                                 ses->serverNOS[2 * len] = 0;
3240                                                 ses->serverNOS[1+(2*len)] = 0;
3241                                                 remaining_words -= len + 1;
3242                                                 if (remaining_words > 0) {
3243                                                         len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
3244      /* last string not always null terminated (e.g. for Windows XP & 2000) */
3245                                                         if (ses->serverDomain)
3246                                                                 kfree(ses->serverDomain);
3247                                                         ses->serverDomain =
3248                                                             kzalloc(2 *
3249                                                                     (len +
3250                                                                      1),
3251                                                                     GFP_KERNEL);
3252                                                         cifs_strfromUCS_le
3253                                                             (ses->
3254                                                              serverDomain,
3255                                                              (__le16 *)
3256                                                              bcc_ptr, len,
3257                                                              nls_codepage);
3258                                                         bcc_ptr +=
3259                                                             2 * (len + 1);
3260                                                         ses->
3261                                                             serverDomain[2
3262                                                                          * len]
3263                                                             = 0;
3264                                                         ses->
3265                                                             serverDomain[1
3266                                                                          +
3267                                                                          (2
3268                                                                           *
3269                                                                           len)]
3270                                                             = 0;
3271                                                 } /* else no more room so create dummy domain string */
3272                                                 else {
3273                                                         if (ses->serverDomain)
3274                                                                 kfree(ses->serverDomain);
3275                                                         ses->serverDomain = kzalloc(2,GFP_KERNEL);
3276                                                 }
3277                                         } else {  /* no room so create dummy domain and NOS string */
3278                                                 if (ses->serverDomain)
3279                                                         kfree(ses->serverDomain);
3280                                                 ses->serverDomain = kzalloc(2, GFP_KERNEL);
3281                                                 kfree(ses->serverNOS);
3282                                                 ses->serverNOS = kzalloc(2, GFP_KERNEL);
3283                                         }
3284                                 } else {        /* ASCII */
3285                                         len = strnlen(bcc_ptr, 1024);
3286                                         if (((long) bcc_ptr + len) -
3287                                            (long) pByteArea(smb_buffer_response)
3288                                                 <= BCC(smb_buffer_response)) {
3289                                                 if (ses->serverOS)
3290                                                         kfree(ses->serverOS);
3291                                                 ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
3292                                                 strncpy(ses->serverOS,bcc_ptr, len);
3293
3294                                                 bcc_ptr += len;
3295                                                 bcc_ptr[0] = 0; /* null terminate the string */
3296                                                 bcc_ptr++;
3297
3298                                                 len = strnlen(bcc_ptr, 1024);
3299                                                 kfree(ses->serverNOS);
3300                                                 ses->serverNOS = kzalloc(len+1,
3301                                                                     GFP_KERNEL);
3302                                                 strncpy(ses->serverNOS,
3303                                                         bcc_ptr, len);
3304                                                 bcc_ptr += len;
3305                                                 bcc_ptr[0] = 0;
3306                                                 bcc_ptr++;
3307
3308                                                 len = strnlen(bcc_ptr, 1024);
3309                                                 if (ses->serverDomain)
3310                                                         kfree(ses->serverDomain);
3311                                                 ses->serverDomain =
3312                                                                 kzalloc(len+1,
3313                                                                     GFP_KERNEL);
3314                                                 strncpy(ses->serverDomain,
3315                                                         bcc_ptr, len);
3316                                                 bcc_ptr += len;
3317                                                 bcc_ptr[0] = 0;
3318                                                 bcc_ptr++;
3319                                         } else
3320                                                 cFYI(1, ("field of length %d "
3321                                                    "extends beyond end of smb ",
3322                                                       len));
3323                                 }
3324                         } else {
3325                                 cERROR(1, ("Security Blob extends beyond end "
3326                                         "of SMB"));
3327                         }
3328                 } else {
3329                         cERROR(1, ("No session structure passed in."));
3330                 }
3331         } else {
3332                 cERROR(1, ("Invalid Word count %d: ",
3333                         smb_buffer_response->WordCount));
3334                 rc = -EIO;
3335         }
3336
3337         cifs_buf_release(smb_buffer);
3338
3339         return rc;
3340 }
3341
3342 int
3343 CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3344          const char *tree, struct cifsTconInfo *tcon,
3345          const struct nls_table *nls_codepage)
3346 {
3347         struct smb_hdr *smb_buffer;
3348         struct smb_hdr *smb_buffer_response;
3349         TCONX_REQ *pSMB;
3350         TCONX_RSP *pSMBr;
3351         unsigned char *bcc_ptr;
3352         int rc = 0;
3353         int length;
3354         __u16 count;
3355
3356         if (ses == NULL)
3357                 return -EIO;
3358
3359         smb_buffer = cifs_buf_get();
3360         if (smb_buffer == NULL) {
3361                 return -ENOMEM;
3362         }
3363         smb_buffer_response = smb_buffer;
3364
3365         header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3366                         NULL /*no tid */ , 4 /*wct */ );
3367
3368         smb_buffer->Mid = GetNextMid(ses->server);
3369         smb_buffer->Uid = ses->Suid;
3370         pSMB = (TCONX_REQ *) smb_buffer;
3371         pSMBr = (TCONX_RSP *) smb_buffer_response;
3372
3373         pSMB->AndXCommand = 0xFF;
3374         pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
3375         bcc_ptr = &pSMB->Password[0];
3376         if ((ses->server->secMode) & SECMODE_USER) {
3377                 pSMB->PasswordLength = cpu_to_le16(1);  /* minimum */
3378                 *bcc_ptr = 0; /* password is null byte */
3379                 bcc_ptr++;              /* skip password */
3380                 /* already aligned so no need to do it below */
3381         } else {
3382                 pSMB->PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);
3383                 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3384                    specified as required (when that support is added to
3385                    the vfs in the future) as only NTLM or the much
3386                    weaker LANMAN (which we do not send by default) is accepted
3387                    by Samba (not sure whether other servers allow
3388                    NTLMv2 password here) */
3389 #ifdef CONFIG_CIFS_WEAK_PW_HASH
3390                 if ((extended_security & CIFSSEC_MAY_LANMAN) &&
3391                         (ses->server->secType == LANMAN))
3392                         calc_lanman_hash(ses, bcc_ptr);
3393                 else
3394 #endif /* CIFS_WEAK_PW_HASH */
3395                 SMBNTencrypt(ses->password,
3396                              ses->server->cryptKey,
3397                              bcc_ptr);
3398
3399                 bcc_ptr += CIFS_SESS_KEY_SIZE;
3400                 if (ses->capabilities & CAP_UNICODE) {
3401                         /* must align unicode strings */
3402                         *bcc_ptr = 0; /* null byte password */
3403                         bcc_ptr++;
3404                 }
3405         }
3406
3407         if (ses->server->secMode &
3408                         (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3409                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3410
3411         if (ses->capabilities & CAP_STATUS32) {
3412                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3413         }
3414         if (ses->capabilities & CAP_DFS) {
3415                 smb_buffer->Flags2 |= SMBFLG2_DFS;
3416         }
3417         if (ses->capabilities & CAP_UNICODE) {
3418                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3419                 length =
3420                     cifs_strtoUCS((__le16 *) bcc_ptr, tree,
3421                         6 /* max utf8 char length in bytes */ *
3422                         (/* server len*/ + 256 /* share len */), nls_codepage);
3423                 bcc_ptr += 2 * length;  /* convert num 16 bit words to bytes */
3424                 bcc_ptr += 2;   /* skip trailing null */
3425         } else {                /* ASCII */
3426                 strcpy(bcc_ptr, tree);
3427                 bcc_ptr += strlen(tree) + 1;
3428         }
3429         strcpy(bcc_ptr, "?????");
3430         bcc_ptr += strlen("?????");
3431         bcc_ptr += 1;
3432         count = bcc_ptr - &pSMB->Password[0];
3433         pSMB->hdr.smb_buf_length += count;
3434         pSMB->ByteCount = cpu_to_le16(count);
3435
3436         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length,
3437                          CIFS_STD_OP);
3438
3439         /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3440         /* above now done in SendReceive */
3441         if ((rc == 0) && (tcon != NULL)) {
3442                 tcon->tidStatus = CifsGood;
3443                 tcon->tid = smb_buffer_response->Tid;
3444                 bcc_ptr = pByteArea(smb_buffer_response);
3445                 length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2);
3446                 /* skip service field (NB: this field is always ASCII) */
3447                 if (length == 3) {
3448                         if ((bcc_ptr[0] == 'I') && (bcc_ptr[1] == 'P') &&
3449                             (bcc_ptr[2] == 'C')) {
3450                                 cFYI(1, ("IPC connection"));
3451                                 tcon->ipc = 1;
3452                         }
3453                 } else if (length == 2) {
3454                         if ((bcc_ptr[0] == 'A') && (bcc_ptr[1] == ':')) {
3455                                 /* the most common case */
3456                                 cFYI(1, ("disk share connection"));
3457                         }
3458                 }
3459                 bcc_ptr += length + 1;
3460                 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3461                 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3462                         length = UniStrnlen((wchar_t *) bcc_ptr, 512);
3463                         if ((bcc_ptr + (2 * length)) -
3464                              pByteArea(smb_buffer_response) <=
3465                             BCC(smb_buffer_response)) {
3466                                 kfree(tcon->nativeFileSystem);
3467                                 tcon->nativeFileSystem =
3468                                     kzalloc(length + 2, GFP_KERNEL);
3469                                 if (tcon->nativeFileSystem)
3470                                         cifs_strfromUCS_le(
3471                                                 tcon->nativeFileSystem,
3472                                                 (__le16 *) bcc_ptr,
3473                                                 length, nls_codepage);
3474                                 bcc_ptr += 2 * length;
3475                                 bcc_ptr[0] = 0; /* null terminate the string */
3476                                 bcc_ptr[1] = 0;
3477                                 bcc_ptr += 2;
3478                         }
3479                         /* else do not bother copying these information fields*/
3480                 } else {
3481                         length = strnlen(bcc_ptr, 1024);
3482                         if ((bcc_ptr + length) -
3483                             pByteArea(smb_buffer_response) <=
3484                             BCC(smb_buffer_response)) {
3485                                 kfree(tcon->nativeFileSystem);
3486                                 tcon->nativeFileSystem =
3487                                     kzalloc(length + 1, GFP_KERNEL);
3488                                 if (tcon->nativeFileSystem)
3489                                         strncpy(tcon->nativeFileSystem, bcc_ptr,
3490                                                 length);
3491                         }
3492                         /* else do not bother copying these information fields*/
3493                 }
3494                 if ((smb_buffer_response->WordCount == 3) ||
3495                          (smb_buffer_response->WordCount == 7))
3496                         /* field is in same location */
3497                         tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3498                 else
3499                         tcon->Flags = 0;
3500                 cFYI(1, ("Tcon flags: 0x%x ", tcon->Flags));
3501         } else if ((rc == 0) && tcon == NULL) {
3502                 /* all we need to save for IPC$ connection */
3503                 ses->ipc_tid = smb_buffer_response->Tid;
3504         }
3505
3506         cifs_buf_release(smb_buffer);
3507         return rc;
3508 }
3509
3510 int
3511 cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3512 {
3513         int rc = 0;
3514         int xid;
3515         struct cifsSesInfo *ses = NULL;
3516         struct task_struct *cifsd_task;
3517         char *tmp;
3518
3519         xid = GetXid();
3520
3521         if (cifs_sb->tcon) {
3522                 ses = cifs_sb->tcon->ses; /* save ptr to ses before delete tcon!*/
3523                 rc = CIFSSMBTDis(xid, cifs_sb->tcon);
3524                 if (rc == -EBUSY) {
3525                         FreeXid(xid);
3526                         return 0;
3527                 }
3528                 DeleteTconOplockQEntries(cifs_sb->tcon);
3529                 tconInfoFree(cifs_sb->tcon);
3530                 if ((ses) && (ses->server)) {
3531                         /* save off task so we do not refer to ses later */
3532                         cifsd_task = ses->server->tsk;
3533                         cFYI(1, ("About to do SMBLogoff "));
3534                         rc = CIFSSMBLogoff(xid, ses);
3535                         if (rc == -EBUSY) {
3536                                 FreeXid(xid);
3537                                 return 0;
3538                         } else if (rc == -ESHUTDOWN) {
3539                                 cFYI(1, ("Waking up socket by sending signal"));
3540                                 if (cifsd_task) {
3541                                         force_sig(SIGKILL, cifsd_task);
3542                                         kthread_stop(cifsd_task);
3543                                 }
3544                                 rc = 0;
3545                         } /* else - we have an smb session
3546                                 left on this socket do not kill cifsd */
3547                 } else
3548                         cFYI(1, ("No session or bad tcon"));
3549         }
3550
3551         cifs_sb->tcon = NULL;
3552         tmp = cifs_sb->prepath;
3553         cifs_sb->prepathlen = 0;
3554         cifs_sb->prepath = NULL;
3555         kfree(tmp);
3556         if (ses)
3557                 schedule_timeout_interruptible(msecs_to_jiffies(500));
3558         if (ses)
3559                 sesInfoFree(ses);
3560
3561         FreeXid(xid);
3562         return rc;
3563 }
3564
3565 int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
3566                                            struct nls_table *nls_info)
3567 {
3568         int rc = 0;
3569         char ntlm_session_key[CIFS_SESS_KEY_SIZE];
3570         bool ntlmv2_flag = false;
3571         int first_time = 0;
3572
3573         /* what if server changes its buffer size after dropping the session? */
3574         if (pSesInfo->server->maxBuf == 0) /* no need to send on reconnect */ {
3575                 rc = CIFSSMBNegotiate(xid, pSesInfo);
3576                 if (rc == -EAGAIN) /* retry only once on 1st time connection */ {
3577                         rc = CIFSSMBNegotiate(xid, pSesInfo);
3578                         if (rc == -EAGAIN)
3579                                 rc = -EHOSTDOWN;
3580                 }
3581                 if (rc == 0) {
3582                         spin_lock(&GlobalMid_Lock);
3583                         if (pSesInfo->server->tcpStatus != CifsExiting)
3584                                 pSesInfo->server->tcpStatus = CifsGood;
3585                         else
3586                                 rc = -EHOSTDOWN;
3587                         spin_unlock(&GlobalMid_Lock);
3588
3589                 }
3590                 first_time = 1;
3591         }
3592         if (!rc) {
3593                 pSesInfo->flags = 0;
3594                 pSesInfo->capabilities = pSesInfo->server->capabilities;
3595                 if (linuxExtEnabled == 0)
3596                         pSesInfo->capabilities &= (~CAP_UNIX);
3597         /*      pSesInfo->sequence_number = 0;*/
3598                 cFYI(1,
3599                       ("Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d",
3600                         pSesInfo->server->secMode,
3601                         pSesInfo->server->capabilities,
3602                         pSesInfo->server->timeAdj));
3603                 if (experimEnabled < 2)
3604                         rc = CIFS_SessSetup(xid, pSesInfo,
3605                                             first_time, nls_info);
3606                 else if (extended_security
3607                                 && (pSesInfo->capabilities
3608                                         & CAP_EXTENDED_SECURITY)
3609                                 && (pSesInfo->server->secType == NTLMSSP)) {
3610                         rc = -EOPNOTSUPP;
3611                 } else if (extended_security
3612                            && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3613                            && (pSesInfo->server->secType == RawNTLMSSP)) {
3614                         cFYI(1, ("NTLMSSP sesssetup"));
3615                         rc = CIFSNTLMSSPNegotiateSessSetup(xid,
3616                                                 pSesInfo,
3617                                                 &ntlmv2_flag,
3618                                                 nls_info);
3619                         if (!rc) {
3620                                 if (ntlmv2_flag) {
3621                                         char *v2_response;
3622                                         cFYI(1, ("more secure NTLM ver2 hash"));
3623                                         if (CalcNTLMv2_partial_mac_key(pSesInfo,
3624                                                 nls_info)) {
3625                                                 rc = -ENOMEM;
3626                                                 goto ss_err_exit;
3627                                         } else
3628                                                 v2_response = kmalloc(16 + 64 /* blob */, GFP_KERNEL);
3629                                         if (v2_response) {
3630                                                 CalcNTLMv2_response(pSesInfo,
3631                                                                    v2_response);
3632                                 /*              if (first_time)
3633                                                   cifs_calculate_ntlmv2_mac_key(
3634                                                    pSesInfo->server->mac_signing_key,
3635                                                    response, ntlm_session_key,*/
3636                                                 kfree(v2_response);
3637                                         /* BB Put dummy sig in SessSetup PDU? */
3638                                         } else {
3639                                                 rc = -ENOMEM;
3640                                                 goto ss_err_exit;
3641                                         }
3642
3643                                 } else {
3644                                         SMBNTencrypt(pSesInfo->password,
3645                                                 pSesInfo->server->cryptKey,
3646                                                 ntlm_session_key);
3647
3648                                         if (first_time)
3649                                                 cifs_calculate_mac_key(
3650                                                         &pSesInfo->server->mac_signing_key,
3651                                                         ntlm_session_key,
3652                                                         pSesInfo->password);
3653                                 }
3654                         /* for better security the weaker lanman hash not sent
3655                            in AuthSessSetup so we no longer calculate it */
3656
3657                                 rc = CIFSNTLMSSPAuthSessSetup(xid,
3658                                         pSesInfo,
3659                                         ntlm_session_key,
3660                                         ntlmv2_flag,
3661                                         nls_info);
3662                         }
3663                 } else { /* old style NTLM 0.12 session setup */
3664                         SMBNTencrypt(pSesInfo->password,
3665                                 pSesInfo->server->cryptKey,
3666                                 ntlm_session_key);
3667
3668                         if (first_time)
3669                                 cifs_calculate_mac_key(
3670                                         &pSesInfo->server->mac_signing_key,
3671                                         ntlm_session_key, pSesInfo->password);
3672
3673                         rc = CIFSSessSetup(xid, pSesInfo,
3674                                 ntlm_session_key, nls_info);
3675                 }
3676                 if (rc) {
3677                         cERROR(1, ("Send error in SessSetup = %d", rc));
3678                 } else {
3679                         cFYI(1, ("CIFS Session Established successfully"));
3680                         pSesInfo->status = CifsGood;
3681                 }
3682         }
3683 ss_err_exit:
3684         return rc;
3685 }
3686