]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - fs/cifs/connect.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[CIFS] Fallback to standard mkdir if server incorrectly claims support for
[mirror_ubuntu-artful-kernel.git] / fs / cifs / connect.c
CommitLineData
1da177e4
LT		 1/*
2 * fs/cifs/connect.c
3 *
75865f8c 4 * Copyright (C) International Business Machines Corp., 2002,2007
1da177e4
LT		 5 * Author(s): Steve French (sfrench@us.ibm.com)
6 *
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
fb8c4b14 19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
1da177e4
LT		 20 */
21#include <linux/fs.h>
22#include <linux/net.h>
23#include <linux/string.h>
24#include <linux/list.h>
25#include <linux/wait.h>
26#include <linux/ipv6.h>
27#include <linux/pagemap.h>
28#include <linux/ctype.h>
29#include <linux/utsname.h>
30#include <linux/mempool.h>
b8643e1b 31#include <linux/delay.h>
f191401f 32#include <linux/completion.h>
aaf737ad 33#include <linux/kthread.h>
0ae0efad 34#include <linux/pagevec.h>
7dfb7103 35#include <linux/freezer.h>
1da177e4
LT		 36#include <asm/uaccess.h>
37#include <asm/processor.h>
38#include "cifspdu.h"
39#include "cifsglob.h"
40#include "cifsproto.h"
41#include "cifs_unicode.h"
42#include "cifs_debug.h"
43#include "cifs_fs_sb.h"
44#include "ntlmssp.h"
45#include "nterr.h"
46#include "rfc1002pdu.h"
a2653eba 47#include "cn_cifs.h"
1da177e4
LT		 48
49#define CIFS_PORT 445
50#define RFC1001_PORT 139
51
f191401f
SF		 52static DECLARE_COMPLETION(cifsd_complete);
53
1da177e4
LT		 54extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
55 unsigned char *p24);
56
57extern mempool_t *cifs_req_poolp;
58
59struct smb_vol {
60 char *username;
61 char *password;
62 char *domainname;
63 char *UNC;
64 char *UNCip;
65 char *in6_addr; /* ipv6 address as human readable form of in6_addr */
66 char *iocharset; /* local code page for mapping to and from Unicode */
67 char source_rfc1001_name[16]; /* netbios name of client */
a10faeb2 68 char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
1da177e4
LT		 69 uid_t linux_uid;
70 gid_t linux_gid;
71 mode_t file_mode;
72 mode_t dir_mode;
189acaae 73 unsigned secFlg;
1da177e4
LT		 74 unsigned rw:1;
75 unsigned retry:1;
76 unsigned intr:1;
77 unsigned setuids:1;
4523cc30
SF		 78 unsigned override_uid:1;
79 unsigned override_gid:1;
1da177e4
LT		 80 unsigned noperm:1;
81 unsigned no_psx_acl:1; /* set if posix acl support should be disabled */
0a4b92c0 82 unsigned cifs_acl:1;
1da177e4
LT		 83 unsigned no_xattr:1; /* set if xattr (EA) support should be disabled*/
84 unsigned server_ino:1; /* use inode numbers from server ie UniqueId */
85 unsigned direct_io:1;
6a0b4824 86 unsigned remap:1; /* set to remap seven reserved chars in filenames */
ac67055e 87 unsigned posix_paths:1; /* unset to not ask for posix pathnames. */
c18c842b 88 unsigned no_linux_ext:1;
d7245c2c 89 unsigned sfu_emul:1;
bf820679 90 unsigned nullauth:1; /* attempt to authenticate with null user */
c46fa8ac
SF		 91 unsigned nocase; /* request case insensitive filenames */
92 unsigned nobrl; /* disable sending byte range locks to srv */
1da177e4
LT		 93 unsigned int rsize;
94 unsigned int wsize;
95 unsigned int sockopt;
96 unsigned short int port;
fb8c4b14 97 char *prepath;
1da177e4
LT		 98};
99
fb8c4b14 100static int ipv4_connect(struct sockaddr_in *psin_server,
1da177e4 101 struct socket **csocket,
fb8c4b14
SF		 102 char *netb_name,
103 char *server_netb_name);
104static int ipv6_connect(struct sockaddr_in6 *psin_server,
1da177e4
LT		 105 struct socket **csocket);
106
107
fb8c4b14 108 /*
1da177e4 109 * cifs tcp session reconnection
fb8c4b14 110 *
1da177e4
LT		 111 * mark tcp session as reconnecting so temporarily locked
112 * mark all smb sessions as reconnecting for tcp session
113 * reconnect tcp session
114 * wake up waiters on reconnection? - (not needed currently)
115 */
116
2cd646a2 117static int
1da177e4
LT		 118cifs_reconnect(struct TCP_Server_Info *server)
119{
120 int rc = 0;
121 struct list_head *tmp;
122 struct cifsSesInfo *ses;
123 struct cifsTconInfo *tcon;
fb8c4b14 124 struct mid_q_entry *mid_entry;
50c2f753 125
1da177e4 126 spin_lock(&GlobalMid_Lock);
26f57364 127 if (kthread_should_stop()) {
fb8c4b14 128 /* the demux thread will exit normally
1da177e4
LT		 129 next time through the loop */
130 spin_unlock(&GlobalMid_Lock);
131 return rc;
132 } else
133 server->tcpStatus = CifsNeedReconnect;
134 spin_unlock(&GlobalMid_Lock);
135 server->maxBuf = 0;
136
e4eb295d 137 cFYI(1, ("Reconnecting tcp session"));
1da177e4
LT		 138
139 /* before reconnecting the tcp session, mark the smb session (uid)
140 and the tid bad so they are not used until reconnected */
141 read_lock(&GlobalSMBSeslock);
142 list_for_each(tmp, &GlobalSMBSessionList) {
143 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
144 if (ses->server) {
145 if (ses->server == server) {
146 ses->status = CifsNeedReconnect;
147 ses->ipc_tid = 0;
148 }
149 }
150 /* else tcp and smb sessions need reconnection */
151 }
152 list_for_each(tmp, &GlobalTreeConnectionList) {
153 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
26f57364 154 if ((tcon) && (tcon->ses) && (tcon->ses->server == server))
1da177e4 155 tcon->tidStatus = CifsNeedReconnect;
1da177e4
LT		 156 }
157 read_unlock(&GlobalSMBSeslock);
158 /* do not want to be sending data on a socket we are freeing */
fb8c4b14
SF		 159 down(&server->tcpSem);
160 if (server->ssocket) {
467a8f8d 161 cFYI(1, ("State: 0x%x Flags: 0x%lx", server->ssocket->state,
1da177e4 162 server->ssocket->flags));
fb8c4b14
SF		 163 server->ssocket->ops->shutdown(server->ssocket, SEND_SHUTDOWN);
164 cFYI(1, ("Post shutdown state: 0x%x Flags: 0x%lx",
467a8f8d 165 server->ssocket->state,
1da177e4
LT		 166 server->ssocket->flags));
167 sock_release(server->ssocket);
168 server->ssocket = NULL;
169 }
170
171 spin_lock(&GlobalMid_Lock);
172 list_for_each(tmp, &server->pending_mid_q) {
173 mid_entry = list_entry(tmp, struct
174 mid_q_entry,
175 qhead);
fb8c4b14
SF		 176 if (mid_entry) {
177 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
09d1db5c
SF		 178 /* Mark other intransit requests as needing
179 retry so we do not immediately mark the
180 session bad again (ie after we reconnect
181 below) as they timeout too */
1da177e4
LT		 182 mid_entry->midState = MID_RETRY_NEEDED;
183 }
184 }
185 }
186 spin_unlock(&GlobalMid_Lock);
fb8c4b14 187 up(&server->tcpSem);
1da177e4 188
26f57364 189 while ((!kthread_should_stop()) && (server->tcpStatus != CifsGood)) {
6c3d8909 190 try_to_freeze();
fb8c4b14
SF		 191 if (server->protocolType == IPV6) {
192 rc = ipv6_connect(&server->addr.sockAddr6,
193 &server->ssocket);
1da177e4 194 } else {
fb8c4b14 195 rc = ipv4_connect(&server->addr.sockAddr,
1da177e4 196 &server->ssocket,
a10faeb2
SF		 197 server->workstation_RFC1001_name,
198 server->server_RFC1001_name);
1da177e4 199 }
fb8c4b14
SF		 200 if (rc) {
201 cFYI(1, ("reconnect error %d", rc));
0cb766ae 202 msleep(3000);
1da177e4
LT		 203 } else {
204 atomic_inc(&tcpSesReconnectCount);
205 spin_lock(&GlobalMid_Lock);
26f57364 206 if (!kthread_should_stop())
1da177e4 207 server->tcpStatus = CifsGood;
ad009ac9 208 server->sequence_number = 0;
fb8c4b14 209 spin_unlock(&GlobalMid_Lock);
1da177e4
LT		 210 /* atomic_set(&server->inFlight,0);*/
211 wake_up(&server->response_q);
212 }
213 }
214 return rc;
215}
216
fb8c4b14 217/*
e4eb295d
SF		 218 return codes:
219 0 not a transact2, or all data present
220 >0 transact2 with that much data missing
221 -EINVAL = invalid transact2
222
223 */
fb8c4b14 224static int check2ndT2(struct smb_hdr *pSMB, unsigned int maxBufSize)
e4eb295d 225{
fb8c4b14
SF		 226 struct smb_t2_rsp *pSMBt;
227 int total_data_size;
e4eb295d
SF		 228 int data_in_this_rsp;
229 int remaining;
230
fb8c4b14 231 if (pSMB->Command != SMB_COM_TRANSACTION2)
e4eb295d
SF		 232 return 0;
233
fb8c4b14
SF		 234 /* check for plausible wct, bcc and t2 data and parm sizes */
235 /* check for parm and data offset going beyond end of smb */
236 if (pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
467a8f8d 237 cFYI(1, ("invalid transact2 word count"));
e4eb295d
SF		 238 return -EINVAL;
239 }
240
241 pSMBt = (struct smb_t2_rsp *)pSMB;
242
243 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
244 data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
245
246 remaining = total_data_size - data_in_this_rsp;
247
fb8c4b14 248 if (remaining == 0)
e4eb295d 249 return 0;
fb8c4b14 250 else if (remaining < 0) {
467a8f8d 251 cFYI(1, ("total data %d smaller than data in frame %d",
e4eb295d
SF		 252 total_data_size, data_in_this_rsp));
253 return -EINVAL;
254 } else {
467a8f8d 255 cFYI(1, ("missing %d bytes from transact2, check next response",
e4eb295d 256 remaining));
fb8c4b14
SF		 257 if (total_data_size > maxBufSize) {
258 cERROR(1, ("TotalDataSize %d is over maximum buffer %d",
259 total_data_size, maxBufSize));
260 return -EINVAL;
e4eb295d
SF		 261 }
262 return remaining;
263 }
264}
265
fb8c4b14 266static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
e4eb295d
SF		 267{
268 struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
269 struct smb_t2_rsp *pSMBt = (struct smb_t2_rsp *)pTargetSMB;
270 int total_data_size;
271 int total_in_buf;
272 int remaining;
273 int total_in_buf2;
fb8c4b14
SF		 274 char *data_area_of_target;
275 char *data_area_of_buf2;
e4eb295d
SF		 276 __u16 byte_count;
277
278 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
279
fb8c4b14 280 if (total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
63135e08 281 cFYI(1, ("total data size of primary and secondary t2 differ"));
e4eb295d
SF		 282 }
283
284 total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
285
286 remaining = total_data_size - total_in_buf;
50c2f753 287
fb8c4b14 288 if (remaining < 0)
e4eb295d
SF		 289 return -EINVAL;
290
fb8c4b14 291 if (remaining == 0) /* nothing to do, ignore */
e4eb295d 292 return 0;
50c2f753 293
e4eb295d 294 total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
fb8c4b14 295 if (remaining < total_in_buf2) {
467a8f8d 296 cFYI(1, ("transact2 2nd response contains too much data"));
e4eb295d
SF		 297 }
298
299 /* find end of first SMB data area */
fb8c4b14 300 data_area_of_target = (char *)&pSMBt->hdr.Protocol +
e4eb295d
SF		 301 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
302 /* validate target area */
303
304 data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
fb8c4b14 305 le16_to_cpu(pSMB2->t2_rsp.DataOffset);
e4eb295d
SF		 306
307 data_area_of_target += total_in_buf;
308
309 /* copy second buffer into end of first buffer */
fb8c4b14 310 memcpy(data_area_of_target, data_area_of_buf2, total_in_buf2);
e4eb295d
SF		 311 total_in_buf += total_in_buf2;
312 pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
313 byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
314 byte_count += total_in_buf2;
315 BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
316
70ca734a 317 byte_count = pTargetSMB->smb_buf_length;
e4eb295d
SF		 318 byte_count += total_in_buf2;
319
320 /* BB also add check that we are not beyond maximum buffer size */
50c2f753 321
70ca734a 322 pTargetSMB->smb_buf_length = byte_count;
e4eb295d 323
fb8c4b14 324 if (remaining == total_in_buf2) {
467a8f8d 325 cFYI(1, ("found the last secondary response"));
e4eb295d
SF		 326 return 0; /* we are done */
327 } else /* more responses to go */
328 return 1;
329
330}
331
1da177e4
LT		 332static int
333cifs_demultiplex_thread(struct TCP_Server_Info *server)
334{
335 int length;
336 unsigned int pdu_length, total_read;
337 struct smb_hdr *smb_buffer = NULL;
b8643e1b
SF		 338 struct smb_hdr *bigbuf = NULL;
339 struct smb_hdr *smallbuf = NULL;
1da177e4
LT		 340 struct msghdr smb_msg;
341 struct kvec iov;
342 struct socket *csocket = server->ssocket;
343 struct list_head *tmp;
344 struct cifsSesInfo *ses;
345 struct task_struct *task_to_wake = NULL;
346 struct mid_q_entry *mid_entry;
70ca734a 347 char temp;
b8643e1b 348 int isLargeBuf = FALSE;
e4eb295d
SF		 349 int isMultiRsp;
350 int reconnect;
1da177e4 351
1da177e4
LT		 352 current->flags |= PF_MEMALLOC;
353 server->tsk = current; /* save process info to wake at shutdown */
354 cFYI(1, ("Demultiplex PID: %d", current->pid));
fb8c4b14 355 write_lock(&GlobalSMBSeslock);
1da177e4
LT		 356 atomic_inc(&tcpSesAllocCount);
357 length = tcpSesAllocCount.counter;
358 write_unlock(&GlobalSMBSeslock);
f191401f 359 complete(&cifsd_complete);
26f57364
SF		 360 if (length > 1)
361 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
362 GFP_KERNEL);
1da177e4 363
83144186 364 set_freezable();
aaf737ad 365 while (!kthread_should_stop()) {
ede1327e
SF		 366 if (try_to_freeze())
367 continue;
b8643e1b
SF		 368 if (bigbuf == NULL) {
369 bigbuf = cifs_buf_get();
0fd1ffe0
PM		 370 if (!bigbuf) {
371 cERROR(1, ("No memory for large SMB response"));
b8643e1b
SF		 372 msleep(3000);
373 /* retry will check if exiting */
374 continue;
375 }
0fd1ffe0
PM		 376 } else if (isLargeBuf) {
377 /* we are reusing a dirty large buf, clear its start */
26f57364 378 memset(bigbuf, 0, sizeof(struct smb_hdr));
1da177e4 379 }
b8643e1b
SF		 380
381 if (smallbuf == NULL) {
382 smallbuf = cifs_small_buf_get();
0fd1ffe0
PM		 383 if (!smallbuf) {
384 cERROR(1, ("No memory for SMB response"));
b8643e1b
SF		 385 msleep(1000);
386 /* retry will check if exiting */
387 continue;
388 }
389 /* beginning of smb buffer is cleared in our buf_get */
390 } else /* if existing small buf clear beginning */
26f57364 391 memset(smallbuf, 0, sizeof(struct smb_hdr));
b8643e1b
SF		 392
393 isLargeBuf = FALSE;
e4eb295d 394 isMultiRsp = FALSE;
b8643e1b 395 smb_buffer = smallbuf;
1da177e4
LT		 396 iov.iov_base = smb_buffer;
397 iov.iov_len = 4;
398 smb_msg.msg_control = NULL;
399 smb_msg.msg_controllen = 0;
f01d5e14
SF		 400 pdu_length = 4; /* enough to get RFC1001 header */
401incomplete_rcv:
1da177e4
LT		 402 length =
403 kernel_recvmsg(csocket, &smb_msg,
f01d5e14 404 &iov, 1, pdu_length, 0 /* BB other flags? */);
1da177e4 405
26f57364 406 if (kthread_should_stop()) {
1da177e4
LT		 407 break;
408 } else if (server->tcpStatus == CifsNeedReconnect) {
0fd1ffe0 409 cFYI(1, ("Reconnect after server stopped responding"));
1da177e4 410 cifs_reconnect(server);
0fd1ffe0 411 cFYI(1, ("call to reconnect done"));
1da177e4
LT		 412 csocket = server->ssocket;
413 continue;
414 } else if ((length == -ERESTARTSYS) || (length == -EAGAIN)) {
b8643e1b 415 msleep(1); /* minimum sleep to prevent looping
1da177e4
LT		 416 allowing socket to clear and app threads to set
417 tcpStatus CifsNeedReconnect if server hung */
418 continue;
419 } else if (length <= 0) {
0fd1ffe0
PM		 420 if (server->tcpStatus == CifsNew) {
421 cFYI(1, ("tcp session abend after SMBnegprot"));
09d1db5c
SF		 422 /* some servers kill the TCP session rather than
423 returning an SMB negprot error, in which
424 case reconnecting here is not going to help,
425 and so simply return error to mount */
1da177e4
LT		 426 break;
427 }
0fd1ffe0 428 if (!try_to_freeze() && (length == -EINTR)) {
467a8f8d 429 cFYI(1, ("cifsd thread killed"));
1da177e4
LT		 430 break;
431 }
467a8f8d 432 cFYI(1, ("Reconnect after unexpected peek error %d",
57337e42 433 length));
1da177e4
LT		 434 cifs_reconnect(server);
435 csocket = server->ssocket;
436 wake_up(&server->response_q);
437 continue;
46810cbf 438 } else if (length < 4) {
f01d5e14 439 cFYI(1, ("less than four bytes received (%d bytes)",
46810cbf 440 length));
f01d5e14 441 pdu_length -= length;
f01d5e14
SF		 442 msleep(1);
443 goto incomplete_rcv;
46810cbf 444 }
1da177e4 445
70ca734a
SF		 446 /* The right amount was read from socket - 4 bytes */
447 /* so we can now interpret the length field */
46810cbf 448
70ca734a
SF		 449 /* the first byte big endian of the length field,
450 is actually not part of the length but the type
451 with the most common, zero, as regular data */
452 temp = *((char *) smb_buffer);
46810cbf 453
fb8c4b14 454 /* Note that FC 1001 length is big endian on the wire,
70ca734a
SF		 455 but we convert it here so it is always manipulated
456 as host byte order */
46810cbf 457 pdu_length = ntohl(smb_buffer->smb_buf_length);
70ca734a
SF		 458 smb_buffer->smb_buf_length = pdu_length;
459
467a8f8d 460 cFYI(1, ("rfc1002 length 0x%x", pdu_length+4));
46810cbf 461
70ca734a 462 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
fb8c4b14 463 continue;
70ca734a 464 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
467a8f8d 465 cFYI(1, ("Good RFC 1002 session rsp"));
e4eb295d 466 continue;
70ca734a 467 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
fb8c4b14 468 /* we get this from Windows 98 instead of
46810cbf 469 an error on SMB negprot response */
fb8c4b14 470 cFYI(1, ("Negative RFC1002 Session Response Error 0x%x)",
70ca734a 471 pdu_length));
fb8c4b14
SF		 472 if (server->tcpStatus == CifsNew) {
473 /* if nack on negprot (rather than
46810cbf
SF		 474 ret of smb negprot error) reconnecting
475 not going to help, ret error to mount */
476 break;
477 } else {
478 /* give server a second to
479 clean up before reconnect attempt */
480 msleep(1000);
481 /* always try 445 first on reconnect
482 since we get NACK on some if we ever
fb8c4b14 483 connected to port 139 (the NACK is
46810cbf
SF		 484 since we do not begin with RFC1001
485 session initialize frame) */
fb8c4b14 486 server->addr.sockAddr.sin_port =
46810cbf 487 htons(CIFS_PORT);
1da177e4
LT		 488 cifs_reconnect(server);
489 csocket = server->ssocket;
46810cbf 490 wake_up(&server->response_q);
1da177e4 491 continue;
46810cbf 492 }
70ca734a 493 } else if (temp != (char) 0) {
fb8c4b14 494 cERROR(1, ("Unknown RFC 1002 frame"));
70ca734a
SF		 495 cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
496 length);
46810cbf
SF		 497 cifs_reconnect(server);
498 csocket = server->ssocket;
499 continue;
e4eb295d
SF		 500 }
501
502 /* else we have an SMB response */
fb8c4b14 503 if ((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
26f57364 504 (pdu_length < sizeof(struct smb_hdr) - 1 - 4)) {
e4eb295d 505 cERROR(1, ("Invalid size SMB length %d pdu_length %d",
46810cbf 506 length, pdu_length+4));
e4eb295d
SF		 507 cifs_reconnect(server);
508 csocket = server->ssocket;
509 wake_up(&server->response_q);
510 continue;
fb8c4b14 511 }
e4eb295d
SF		 512
513 /* else length ok */
514 reconnect = 0;
515
fb8c4b14 516 if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
e4eb295d
SF		 517 isLargeBuf = TRUE;
518 memcpy(bigbuf, smallbuf, 4);
519 smb_buffer = bigbuf;
520 }
521 length = 0;
522 iov.iov_base = 4 + (char *)smb_buffer;
523 iov.iov_len = pdu_length;
fb8c4b14 524 for (total_read = 0; total_read < pdu_length;
e4eb295d
SF		 525 total_read += length) {
526 length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
527 pdu_length - total_read, 0);
26f57364 528 if (kthread_should_stop() ||
e4eb295d
SF		 529 (length == -EINTR)) {
530 /* then will exit */
531 reconnect = 2;
532 break;
533 } else if (server->tcpStatus == CifsNeedReconnect) {
46810cbf
SF		 534 cifs_reconnect(server);
535 csocket = server->ssocket;
fb8c4b14 536 /* Reconnect wakes up rspns q */
e4eb295d
SF		 537 /* Now we will reread sock */
538 reconnect = 1;
539 break;
fb8c4b14 540 } else if ((length == -ERESTARTSYS) ||
e4eb295d
SF		 541 (length == -EAGAIN)) {
542 msleep(1); /* minimum sleep to prevent looping,
fb8c4b14 543 allowing socket to clear and app
e4eb295d
SF		 544 threads to set tcpStatus
545 CifsNeedReconnect if server hung*/
46810cbf 546 continue;
e4eb295d 547 } else if (length <= 0) {
fb8c4b14 548 cERROR(1, ("Received no data, expecting %d",
e4eb295d
SF		 549 pdu_length - total_read));
550 cifs_reconnect(server);
551 csocket = server->ssocket;
552 reconnect = 1;
553 break;
46810cbf 554 }
e4eb295d 555 }
fb8c4b14 556 if (reconnect == 2)
e4eb295d 557 break;
fb8c4b14 558 else if (reconnect == 1)
e4eb295d 559 continue;
1da177e4 560
e4eb295d 561 length += 4; /* account for rfc1002 hdr */
50c2f753 562
09d1db5c 563
e4eb295d 564 dump_smb(smb_buffer, length);
184ed211 565 if (checkSMB(smb_buffer, smb_buffer->Mid, total_read+4)) {
b387eaeb 566 cifs_dump_mem("Bad SMB: ", smb_buffer, 48);
e4eb295d
SF		 567 continue;
568 }
1da177e4 569
e4eb295d
SF		 570
571 task_to_wake = NULL;
572 spin_lock(&GlobalMid_Lock);
573 list_for_each(tmp, &server->pending_mid_q) {
574 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
575
50c2f753 576 if ((mid_entry->mid == smb_buffer->Mid) &&
e4eb295d
SF		 577 (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
578 (mid_entry->command == smb_buffer->Command)) {
fb8c4b14 579 if (check2ndT2(smb_buffer,server->maxBuf) > 0) {
e4eb295d 580 /* We have a multipart transact2 resp */
cd63499c 581 isMultiRsp = TRUE;
fb8c4b14 582 if (mid_entry->resp_buf) {
e4eb295d 583 /* merge response - fix up 1st*/
50c2f753 584 if (coalesce_t2(smb_buffer,
e4eb295d 585 mid_entry->resp_buf)) {
3979877e 586 mid_entry->multiRsp = 1;
e4eb295d
SF		 587 break;
588 } else {
589 /* all parts received */
3979877e 590 mid_entry->multiEnd = 1;
50c2f753 591 goto multi_t2_fnd;
e4eb295d
SF		 592 }
593 } else {
fb8c4b14 594 if (!isLargeBuf) {
e4eb295d
SF		 595 cERROR(1,("1st trans2 resp needs bigbuf"));
596 /* BB maybe we can fix this up, switch
50c2f753 597 to already allocated large buffer? */
e4eb295d 598 } else {
cd63499c 599 /* Have first buffer */
e4eb295d
SF		 600 mid_entry->resp_buf =
601 smb_buffer;
602 mid_entry->largeBuf = 1;
e4eb295d
SF		 603 bigbuf = NULL;
604 }
605 }
606 break;
50c2f753 607 }
e4eb295d 608 mid_entry->resp_buf = smb_buffer;
fb8c4b14 609 if (isLargeBuf)
e4eb295d 610 mid_entry->largeBuf = 1;
46810cbf 611 else
e4eb295d
SF		 612 mid_entry->largeBuf = 0;
613multi_t2_fnd:
614 task_to_wake = mid_entry->tsk;
615 mid_entry->midState = MID_RESPONSE_RECEIVED;
1047abc1
SF		 616#ifdef CONFIG_CIFS_STATS2
617 mid_entry->when_received = jiffies;
618#endif
3a5ff61c
SF		 619 /* so we do not time out requests to server
620 which is still responding (since server could
621 be busy but not dead) */
622 server->lstrp = jiffies;
e4eb295d 623 break;
46810cbf 624 }
1da177e4 625 }
e4eb295d
SF		 626 spin_unlock(&GlobalMid_Lock);
627 if (task_to_wake) {
cd63499c 628 /* Was previous buf put in mpx struct for multi-rsp? */
fb8c4b14 629 if (!isMultiRsp) {
cd63499c 630 /* smb buffer will be freed by user thread */
26f57364 631 if (isLargeBuf)
cd63499c 632 bigbuf = NULL;
26f57364 633 else
cd63499c
SF		 634 smallbuf = NULL;
635 }
e4eb295d 636 wake_up_process(task_to_wake);
d7c8c94d 637 } else if ((is_valid_oplock_break(smb_buffer, server) == FALSE)
50c2f753
SF		 638 && (isMultiRsp == FALSE)) {
639 cERROR(1, ("No task to wake, unknown frame received! "
640 "NumMids %d", midCount.counter));
641 cifs_dump_mem("Received Data is: ", (char *)smb_buffer,
70ca734a 642 sizeof(struct smb_hdr));
3979877e
SF		 643#ifdef CONFIG_CIFS_DEBUG2
644 cifs_dump_detail(smb_buffer);
645 cifs_dump_mids(server);
646#endif /* CIFS_DEBUG2 */
50c2f753 647
e4eb295d
SF		 648 }
649 } /* end while !EXITING */
650
1da177e4
LT		 651 spin_lock(&GlobalMid_Lock);
652 server->tcpStatus = CifsExiting;
653 server->tsk = NULL;
31ca3bc3
SF		 654 /* check if we have blocked requests that need to free */
655 /* Note that cifs_max_pending is normally 50, but
656 can be set at module install time to as little as two */
fb8c4b14 657 if (atomic_read(&server->inFlight) >= cifs_max_pending)
31ca3bc3
SF		 658 atomic_set(&server->inFlight, cifs_max_pending - 1);
659 /* We do not want to set the max_pending too low or we
660 could end up with the counter going negative */
1da177e4 661 spin_unlock(&GlobalMid_Lock);
50c2f753 662 /* Although there should not be any requests blocked on
1da177e4 663 this queue it can not hurt to be paranoid and try to wake up requests
09d1db5c 664 that may haven been blocked when more than 50 at time were on the wire
1da177e4
LT		 665 to the same server - they now will see the session is in exit state
666 and get out of SendReceive. */
667 wake_up_all(&server->request_q);
668 /* give those requests time to exit */
b8643e1b 669 msleep(125);
50c2f753 670
fb8c4b14 671 if (server->ssocket) {
1da177e4
LT		 672 sock_release(csocket);
673 server->ssocket = NULL;
674 }
b8643e1b
SF		 675 /* buffer usuallly freed in free_mid - need to free it here on exit */
676 if (bigbuf != NULL)
677 cifs_buf_release(bigbuf);
678 if (smallbuf != NULL)
679 cifs_small_buf_release(smallbuf);
1da177e4
LT		 680
681 read_lock(&GlobalSMBSeslock);
682 if (list_empty(&server->pending_mid_q)) {
09d1db5c
SF		 683 /* loop through server session structures attached to this and
684 mark them dead */
1da177e4
LT		 685 list_for_each(tmp, &GlobalSMBSessionList) {
686 ses =
687 list_entry(tmp, struct cifsSesInfo,
688 cifsSessionList);
689 if (ses->server == server) {
690 ses->status = CifsExiting;
691 ses->server = NULL;
692 }
693 }
694 read_unlock(&GlobalSMBSeslock);
695 } else {
31ca3bc3
SF		 696 /* although we can not zero the server struct pointer yet,
697 since there are active requests which may depnd on them,
698 mark the corresponding SMB sessions as exiting too */
699 list_for_each(tmp, &GlobalSMBSessionList) {
700 ses = list_entry(tmp, struct cifsSesInfo,
701 cifsSessionList);
26f57364 702 if (ses->server == server)
31ca3bc3 703 ses->status = CifsExiting;
31ca3bc3
SF		 704 }
705
1da177e4
LT		 706 spin_lock(&GlobalMid_Lock);
707 list_for_each(tmp, &server->pending_mid_q) {
708 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
709 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
50c2f753
SF		 710 cFYI(1, ("Clearing Mid 0x%x - waking up ",
711 mid_entry->mid));
1da177e4 712 task_to_wake = mid_entry->tsk;
26f57364 713 if (task_to_wake)
1da177e4 714 wake_up_process(task_to_wake);
1da177e4
LT		 715 }
716 }
717 spin_unlock(&GlobalMid_Lock);
718 read_unlock(&GlobalSMBSeslock);
1da177e4 719 /* 1/8th of sec is more than enough time for them to exit */
b8643e1b 720 msleep(125);
1da177e4
LT		 721 }
722
f191401f 723 if (!list_empty(&server->pending_mid_q)) {
50c2f753 724 /* mpx threads have not exited yet give them
1da177e4 725 at least the smb send timeout time for long ops */
31ca3bc3
SF		 726 /* due to delays on oplock break requests, we need
727 to wait at least 45 seconds before giving up
728 on a request getting a response and going ahead
729 and killing cifsd */
1da177e4 730 cFYI(1, ("Wait for exit from demultiplex thread"));
31ca3bc3 731 msleep(46000);
1da177e4
LT		 732 /* if threads still have not exited they are probably never
733 coming home not much else we can do but free the memory */
734 }
1da177e4
LT		 735
736 write_lock(&GlobalSMBSeslock);
737 atomic_dec(&tcpSesAllocCount);
738 length = tcpSesAllocCount.counter;
31ca3bc3
SF		 739
740 /* last chance to mark ses pointers invalid
741 if there are any pointing to this (e.g
50c2f753 742 if a crazy root user tried to kill cifsd
31ca3bc3
SF		 743 kernel thread explicitly this might happen) */
744 list_for_each(tmp, &GlobalSMBSessionList) {
745 ses = list_entry(tmp, struct cifsSesInfo,
746 cifsSessionList);
26f57364 747 if (ses->server == server)
31ca3bc3 748 ses->server = NULL;
31ca3bc3 749 }
1da177e4 750 write_unlock(&GlobalSMBSeslock);
31ca3bc3
SF		 751
752 kfree(server);
26f57364
SF		 753 if (length > 0)
754 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
755 GFP_KERNEL);
50c2f753 756
1da177e4
LT		 757 return 0;
758}
759
1da177e4 760static int
50c2f753
SF		 761cifs_parse_mount_options(char *options, const char *devname,
762 struct smb_vol *vol)
1da177e4
LT		 763{
764 char *value;
765 char *data;
766 unsigned int temp_len, i, j;
767 char separator[2];
768
769 separator[0] = ',';
50c2f753 770 separator[1] = 0;
1da177e4 771
12e36b2f 772 if (Local_System_Name[0] != 0)
50c2f753 773 memcpy(vol->source_rfc1001_name, Local_System_Name, 15);
2cd646a2 774 else {
12e36b2f 775 char *nodename = utsname()->nodename;
50c2f753
SF		 776 int n = strnlen(nodename, 15);
777 memset(vol->source_rfc1001_name, 0x20, 15);
778 for (i = 0; i < n; i++) {
2cd646a2
SF		 779 /* does not have to be perfect mapping since field is
780 informational, only used for servers that do not support
781 port 445 and it can be overridden at mount time */
12e36b2f 782 vol->source_rfc1001_name[i] = toupper(nodename[i]);
2cd646a2 783 }
1da177e4
LT		 784 }
785 vol->source_rfc1001_name[15] = 0;
a10faeb2
SF		 786 /* null target name indicates to use *SMBSERVR default called name
787 if we end up sending RFC1001 session initialize */
788 vol->target_rfc1001_name[0] = 0;
1da177e4
LT		 789 vol->linux_uid = current->uid; /* current->euid instead? */
790 vol->linux_gid = current->gid;
791 vol->dir_mode = S_IRWXUGO;
792 /* 2767 perms indicate mandatory locking support */
793 vol->file_mode = S_IALLUGO & ~(S_ISUID | S_IXGRP);
794
795 /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
796 vol->rw = TRUE;
ac67055e
JA		 797 /* default is always to request posix paths. */
798 vol->posix_paths = 1;
799
1da177e4
LT		 800 if (!options)
801 return 1;
802
50c2f753 803 if (strncmp(options, "sep=", 4) == 0) {
fb8c4b14 804 if (options[4] != 0) {
1da177e4
LT		 805 separator[0] = options[4];
806 options += 5;
807 } else {
467a8f8d 808 cFYI(1, ("Null separator not allowed"));
1da177e4
LT		 809 }
810 }
50c2f753 811
1da177e4
LT		 812 while ((data = strsep(&options, separator)) != NULL) {
813 if (!*data)
814 continue;
815 if ((value = strchr(data, '=')) != NULL)
816 *value++ = '\0';
817
50c2f753
SF		 818 /* Have to parse this before we parse for "user" */
819 if (strnicmp(data, "user_xattr", 10) == 0) {
1da177e4 820 vol->no_xattr = 0;
50c2f753 821 } else if (strnicmp(data, "nouser_xattr", 12) == 0) {
1da177e4
LT		 822 vol->no_xattr = 1;
823 } else if (strnicmp(data, "user", 4) == 0) {
4b952a9b 824 if (!value) {
1da177e4
LT		 825 printk(KERN_WARNING
826 "CIFS: invalid or missing username\n");
827 return 1; /* needs_arg; */
fb8c4b14 828 } else if (!*value) {
4b952a9b
SF		 829 /* null user, ie anonymous, authentication */
830 vol->nullauth = 1;
1da177e4
LT		 831 }
832 if (strnlen(value, 200) < 200) {
833 vol->username = value;
834 } else {
835 printk(KERN_WARNING "CIFS: username too long\n");
836 return 1;
837 }
838 } else if (strnicmp(data, "pass", 4) == 0) {
839 if (!value) {
840 vol->password = NULL;
841 continue;
fb8c4b14 842 } else if (value[0] == 0) {
1da177e4
LT		 843 /* check if string begins with double comma
844 since that would mean the password really
845 does start with a comma, and would not
846 indicate an empty string */
fb8c4b14 847 if (value[1] != separator[0]) {
1da177e4
LT		 848 vol->password = NULL;
849 continue;
850 }
851 }
852 temp_len = strlen(value);
853 /* removed password length check, NTLM passwords
854 can be arbitrarily long */
855
50c2f753 856 /* if comma in password, the string will be
1da177e4
LT		 857 prematurely null terminated. Commas in password are
858 specified across the cifs mount interface by a double
859 comma ie ,, and a comma used as in other cases ie ','
860 as a parameter delimiter/separator is single and due
861 to the strsep above is temporarily zeroed. */
862
863 /* NB: password legally can have multiple commas and
864 the only illegal character in a password is null */
865
50c2f753 866 if ((value[temp_len] == 0) &&
09d1db5c 867 (value[temp_len+1] == separator[0])) {
1da177e4
LT		 868 /* reinsert comma */
869 value[temp_len] = separator[0];
50c2f753
SF		 870 temp_len += 2; /* move after second comma */
871 while (value[temp_len] != 0) {
1da177e4 872 if (value[temp_len] == separator[0]) {
50c2f753 873 if (value[temp_len+1] ==
09d1db5c
SF		 874 separator[0]) {
875 /* skip second comma */
876 temp_len++;
50c2f753 877 } else {
1da177e4
LT		 878 /* single comma indicating start
879 of next parm */
880 break;
881 }
882 }
883 temp_len++;
884 }
fb8c4b14 885 if (value[temp_len] == 0) {
1da177e4
LT		 886 options = NULL;
887 } else {
888 value[temp_len] = 0;
889 /* point option to start of next parm */
890 options = value + temp_len + 1;
891 }
50c2f753 892 /* go from value to value + temp_len condensing
1da177e4
LT		 893 double commas to singles. Note that this ends up
894 allocating a few bytes too many, which is ok */
e915fc49 895 vol->password = kzalloc(temp_len, GFP_KERNEL);
fb8c4b14 896 if (vol->password == NULL) {
50c2f753
SF		 897 printk(KERN_WARNING "CIFS: no memory "
898 "for password\n");
433dc24f
SF		 899 return 1;
900 }
50c2f753 901 for (i = 0, j = 0; i < temp_len; i++, j++) {
1da177e4 902 vol->password[j] = value[i];
fb8c4b14 903 if (value[i] == separator[0]
09d1db5c 904 && value[i+1] == separator[0]) {
1da177e4
LT		 905 /* skip second comma */
906 i++;
907 }
908 }
909 vol->password[j] = 0;
910 } else {
e915fc49 911 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
fb8c4b14 912 if (vol->password == NULL) {
50c2f753
SF		 913 printk(KERN_WARNING "CIFS: no memory "
914 "for password\n");
433dc24f
SF		 915 return 1;
916 }
1da177e4
LT		 917 strcpy(vol->password, value);
918 }
919 } else if (strnicmp(data, "ip", 2) == 0) {
920 if (!value || !*value) {
921 vol->UNCip = NULL;
922 } else if (strnlen(value, 35) < 35) {
923 vol->UNCip = value;
924 } else {
50c2f753
SF		 925 printk(KERN_WARNING "CIFS: ip address "
926 "too long\n");
1da177e4
LT		 927 return 1;
928 }
50c2f753
SF		 929 } else if (strnicmp(data, "sec", 3) == 0) {
930 if (!value || !*value) {
931 cERROR(1, ("no security value specified"));
932 continue;
933 } else if (strnicmp(value, "krb5i", 5) == 0) {
934 vol->secFlg |= CIFSSEC_MAY_KRB5 |
189acaae 935 CIFSSEC_MUST_SIGN;
bf820679 936 } else if (strnicmp(value, "krb5p", 5) == 0) {
50c2f753
SF		 937 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
938 CIFSSEC_MAY_KRB5; */
939 cERROR(1, ("Krb5 cifs privacy not supported"));
bf820679
SF		 940 return 1;
941 } else if (strnicmp(value, "krb5", 4) == 0) {
750d1151 942 vol->secFlg |= CIFSSEC_MAY_KRB5;
bf820679 943 } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
750d1151 944 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
189acaae 945 CIFSSEC_MUST_SIGN;
bf820679 946 } else if (strnicmp(value, "ntlmv2", 6) == 0) {
750d1151 947 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
bf820679 948 } else if (strnicmp(value, "ntlmi", 5) == 0) {
750d1151 949 vol->secFlg |= CIFSSEC_MAY_NTLM |
189acaae 950 CIFSSEC_MUST_SIGN;
bf820679
SF		 951 } else if (strnicmp(value, "ntlm", 4) == 0) {
952 /* ntlm is default so can be turned off too */
750d1151 953 vol->secFlg |= CIFSSEC_MAY_NTLM;
bf820679 954 } else if (strnicmp(value, "nontlm", 6) == 0) {
189acaae 955 /* BB is there a better way to do this? */
750d1151 956 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
189acaae
SF		 957#ifdef CONFIG_CIFS_WEAK_PW_HASH
958 } else if (strnicmp(value, "lanman", 6) == 0) {
50c2f753 959 vol->secFlg |= CIFSSEC_MAY_LANMAN;
189acaae 960#endif
bf820679 961 } else if (strnicmp(value, "none", 4) == 0) {
189acaae 962 vol->nullauth = 1;
50c2f753
SF		 963 } else {
964 cERROR(1, ("bad security option: %s", value));
965 return 1;
966 }
1da177e4
LT		 967 } else if ((strnicmp(data, "unc", 3) == 0)
968 || (strnicmp(data, "target", 6) == 0)
969 || (strnicmp(data, "path", 4) == 0)) {
970 if (!value || !*value) {
50c2f753
SF		 971 printk(KERN_WARNING "CIFS: invalid path to "
972 "network resource\n");
1da177e4
LT		 973 return 1; /* needs_arg; */
974 }
975 if ((temp_len = strnlen(value, 300)) < 300) {
50c2f753 976 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
4523cc30 977 if (vol->UNC == NULL)
1da177e4 978 return 1;
50c2f753 979 strcpy(vol->UNC, value);
1da177e4
LT		 980 if (strncmp(vol->UNC, "//", 2) == 0) {
981 vol->UNC[0] = '\\';
982 vol->UNC[1] = '\\';
50c2f753 983 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1da177e4 984 printk(KERN_WARNING
50c2f753
SF		 985 "CIFS: UNC Path does not begin "
986 "with // or \\\\ \n");
1da177e4
LT		 987 return 1;
988 }
989 } else {
990 printk(KERN_WARNING "CIFS: UNC name too long\n");
991 return 1;
992 }
993 } else if ((strnicmp(data, "domain", 3) == 0)
994 || (strnicmp(data, "workgroup", 5) == 0)) {
995 if (!value || !*value) {
996 printk(KERN_WARNING "CIFS: invalid domain name\n");
997 return 1; /* needs_arg; */
998 }
999 /* BB are there cases in which a comma can be valid in
1000 a domain name and need special handling? */
3979877e 1001 if (strnlen(value, 256) < 256) {
1da177e4
LT		 1002 vol->domainname = value;
1003 cFYI(1, ("Domain name set"));
1004 } else {
50c2f753
SF		 1005 printk(KERN_WARNING "CIFS: domain name too "
1006 "long\n");
1da177e4
LT		 1007 return 1;
1008 }
50c2f753
SF		 1009 } else if (strnicmp(data, "prefixpath", 10) == 0) {
1010 if (!value || !*value) {
1011 printk(KERN_WARNING
1012 "CIFS: invalid path prefix\n");
1013 return 1; /* needs_argument */
1014 }
1015 if ((temp_len = strnlen(value, 1024)) < 1024) {
4523cc30 1016 if (value[0] != '/')
2fe87f02 1017 temp_len++; /* missing leading slash */
50c2f753
SF		 1018 vol->prepath = kmalloc(temp_len+1, GFP_KERNEL);
1019 if (vol->prepath == NULL)
1020 return 1;
4523cc30 1021 if (value[0] != '/') {
2fe87f02 1022 vol->prepath[0] = '/';
50c2f753 1023 strcpy(vol->prepath+1, value);
2fe87f02 1024 } else
50c2f753
SF		 1025 strcpy(vol->prepath, value);
1026 cFYI(1, ("prefix path %s", vol->prepath));
1027 } else {
1028 printk(KERN_WARNING "CIFS: prefix too long\n");
1029 return 1;
1030 }
1da177e4
LT		 1031 } else if (strnicmp(data, "iocharset", 9) == 0) {
1032 if (!value || !*value) {
63135e08
SF		 1033 printk(KERN_WARNING "CIFS: invalid iocharset "
1034 "specified\n");
1da177e4
LT		 1035 return 1; /* needs_arg; */
1036 }
1037 if (strnlen(value, 65) < 65) {
50c2f753 1038 if (strnicmp(value, "default", 7))
1da177e4 1039 vol->iocharset = value;
50c2f753
SF		 1040 /* if iocharset not set then load_nls_default
1041 is used by caller */
1042 cFYI(1, ("iocharset set to %s", value));
1da177e4 1043 } else {
63135e08
SF		 1044 printk(KERN_WARNING "CIFS: iocharset name "
1045 "too long.\n");
1da177e4
LT		 1046 return 1;
1047 }
1048 } else if (strnicmp(data, "uid", 3) == 0) {
1049 if (value && *value) {
1050 vol->linux_uid =
1051 simple_strtoul(value, &value, 0);
4523cc30 1052 vol->override_uid = 1;
1da177e4
LT		 1053 }
1054 } else if (strnicmp(data, "gid", 3) == 0) {
1055 if (value && *value) {
1056 vol->linux_gid =
1057 simple_strtoul(value, &value, 0);
4523cc30 1058 vol->override_gid = 1;
1da177e4
LT		 1059 }
1060 } else if (strnicmp(data, "file_mode", 4) == 0) {
1061 if (value && *value) {
1062 vol->file_mode =
1063 simple_strtoul(value, &value, 0);
1064 }
1065 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1066 if (value && *value) {
1067 vol->dir_mode =
1068 simple_strtoul(value, &value, 0);
1069 }
1070 } else if (strnicmp(data, "dirmode", 4) == 0) {
1071 if (value && *value) {
1072 vol->dir_mode =
1073 simple_strtoul(value, &value, 0);
1074 }
1075 } else if (strnicmp(data, "port", 4) == 0) {
1076 if (value && *value) {
1077 vol->port =
1078 simple_strtoul(value, &value, 0);
1079 }
1080 } else if (strnicmp(data, "rsize", 5) == 0) {
1081 if (value && *value) {
1082 vol->rsize =
1083 simple_strtoul(value, &value, 0);
1084 }
1085 } else if (strnicmp(data, "wsize", 5) == 0) {
1086 if (value && *value) {
1087 vol->wsize =
1088 simple_strtoul(value, &value, 0);
1089 }
1090 } else if (strnicmp(data, "sockopt", 5) == 0) {
1091 if (value && *value) {
1092 vol->sockopt =
1093 simple_strtoul(value, &value, 0);
1094 }
1095 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1096 if (!value || !*value || (*value == ' ')) {
63135e08 1097 cFYI(1, ("invalid (empty) netbiosname"));
1da177e4 1098 } else {
50c2f753
SF		 1099 memset(vol->source_rfc1001_name, 0x20, 15);
1100 for (i = 0; i < 15; i++) {
1101 /* BB are there cases in which a comma can be
1da177e4
LT		 1102 valid in this workstation netbios name (and need
1103 special handling)? */
1104
1105 /* We do not uppercase netbiosname for user */
50c2f753 1106 if (value[i] == 0)
1da177e4 1107 break;
50c2f753
SF		 1108 else
1109 vol->source_rfc1001_name[i] =
1110 value[i];
1da177e4
LT		 1111 }
1112 /* The string has 16th byte zero still from
1113 set at top of the function */
50c2f753
SF		 1114 if ((i == 15) && (value[i] != 0))
1115 printk(KERN_WARNING "CIFS: netbiosname"
1116 " longer than 15 truncated.\n");
a10faeb2
SF		 1117 }
1118 } else if (strnicmp(data, "servern", 7) == 0) {
1119 /* servernetbiosname specified override *SMBSERVER */
1120 if (!value || !*value || (*value == ' ')) {
467a8f8d 1121 cFYI(1, ("empty server netbiosname specified"));
a10faeb2
SF		 1122 } else {
1123 /* last byte, type, is 0x20 for servr type */
50c2f753 1124 memset(vol->target_rfc1001_name, 0x20, 16);
a10faeb2 1125
50c2f753 1126 for (i = 0; i < 15; i++) {
a10faeb2 1127 /* BB are there cases in which a comma can be
50c2f753
SF		 1128 valid in this workstation netbios name
1129 (and need special handling)? */
a10faeb2 1130
50c2f753
SF		 1131 /* user or mount helper must uppercase
1132 the netbiosname */
1133 if (value[i] == 0)
a10faeb2
SF		 1134 break;
1135 else
50c2f753
SF		 1136 vol->target_rfc1001_name[i] =
1137 value[i];
a10faeb2
SF		 1138 }
1139 /* The string has 16th byte zero still from
1140 set at top of the function */
50c2f753
SF		 1141 if ((i == 15) && (value[i] != 0))
1142 printk(KERN_WARNING "CIFS: server net"
1143 "biosname longer than 15 truncated.\n");
1da177e4
LT		 1144 }
1145 } else if (strnicmp(data, "credentials", 4) == 0) {
1146 /* ignore */
1147 } else if (strnicmp(data, "version", 3) == 0) {
1148 /* ignore */
50c2f753 1149 } else if (strnicmp(data, "guest", 5) == 0) {
1da177e4
LT		 1150 /* ignore */
1151 } else if (strnicmp(data, "rw", 2) == 0) {
1152 vol->rw = TRUE;
1153 } else if ((strnicmp(data, "suid", 4) == 0) ||
1154 (strnicmp(data, "nosuid", 6) == 0) ||
1155 (strnicmp(data, "exec", 4) == 0) ||
1156 (strnicmp(data, "noexec", 6) == 0) ||
1157 (strnicmp(data, "nodev", 5) == 0) ||
1158 (strnicmp(data, "noauto", 6) == 0) ||
1159 (strnicmp(data, "dev", 3) == 0)) {
1160 /* The mount tool or mount.cifs helper (if present)
50c2f753
SF		 1161 uses these opts to set flags, and the flags are read
1162 by the kernel vfs layer before we get here (ie
1163 before read super) so there is no point trying to
1164 parse these options again and set anything and it
1165 is ok to just ignore them */
1da177e4
LT		 1166 continue;
1167 } else if (strnicmp(data, "ro", 2) == 0) {
1168 vol->rw = FALSE;
1169 } else if (strnicmp(data, "hard", 4) == 0) {
1170 vol->retry = 1;
1171 } else if (strnicmp(data, "soft", 4) == 0) {
1172 vol->retry = 0;
1173 } else if (strnicmp(data, "perm", 4) == 0) {
1174 vol->noperm = 0;
1175 } else if (strnicmp(data, "noperm", 6) == 0) {
1176 vol->noperm = 1;
6a0b4824
SF		 1177 } else if (strnicmp(data, "mapchars", 8) == 0) {
1178 vol->remap = 1;
1179 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1180 vol->remap = 0;
50c2f753
SF		 1181 } else if (strnicmp(data, "sfu", 3) == 0) {
1182 vol->sfu_emul = 1;
1183 } else if (strnicmp(data, "nosfu", 5) == 0) {
1184 vol->sfu_emul = 0;
ac67055e
JA		 1185 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1186 vol->posix_paths = 1;
1187 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1188 vol->posix_paths = 0;
c18c842b
SF		 1189 } else if (strnicmp(data, "nounix", 6) == 0) {
1190 vol->no_linux_ext = 1;
1191 } else if (strnicmp(data, "nolinux", 7) == 0) {
1192 vol->no_linux_ext = 1;
50c2f753 1193 } else if ((strnicmp(data, "nocase", 6) == 0) ||
a10faeb2 1194 (strnicmp(data, "ignorecase", 10) == 0)) {
50c2f753 1195 vol->nocase = 1;
c46fa8ac
SF		 1196 } else if (strnicmp(data, "brl", 3) == 0) {
1197 vol->nobrl = 0;
50c2f753 1198 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1c955187 1199 (strnicmp(data, "nolock", 6) == 0)) {
c46fa8ac 1200 vol->nobrl = 1;
d3485d37
SF		 1201 /* turn off mandatory locking in mode
1202 if remote locking is turned off since the
1203 local vfs will do advisory */
50c2f753
SF		 1204 if (vol->file_mode ==
1205 (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
d3485d37 1206 vol->file_mode = S_IALLUGO;
1da177e4
LT		 1207 } else if (strnicmp(data, "setuids", 7) == 0) {
1208 vol->setuids = 1;
1209 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1210 vol->setuids = 0;
1211 } else if (strnicmp(data, "nohard", 6) == 0) {
1212 vol->retry = 0;
1213 } else if (strnicmp(data, "nosoft", 6) == 0) {
1214 vol->retry = 1;
1215 } else if (strnicmp(data, "nointr", 6) == 0) {
1216 vol->intr = 0;
1217 } else if (strnicmp(data, "intr", 4) == 0) {
1218 vol->intr = 1;
50c2f753 1219 } else if (strnicmp(data, "serverino", 7) == 0) {
1da177e4 1220 vol->server_ino = 1;
50c2f753 1221 } else if (strnicmp(data, "noserverino", 9) == 0) {
1da177e4 1222 vol->server_ino = 0;
50c2f753 1223 } else if (strnicmp(data, "cifsacl", 7) == 0) {
0a4b92c0
SF		 1224 vol->cifs_acl = 1;
1225 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1226 vol->cifs_acl = 0;
50c2f753 1227 } else if (strnicmp(data, "acl", 3) == 0) {
1da177e4 1228 vol->no_psx_acl = 0;
50c2f753 1229 } else if (strnicmp(data, "noacl", 5) == 0) {
1da177e4 1230 vol->no_psx_acl = 1;
50c2f753 1231 } else if (strnicmp(data, "sign", 4) == 0) {
750d1151
SF		 1232 vol->secFlg |= CIFSSEC_MUST_SIGN;
1233/* } else if (strnicmp(data, "seal",4) == 0) {
1234 vol->secFlg |= CIFSSEC_MUST_SEAL; */
50c2f753 1235 } else if (strnicmp(data, "direct", 6) == 0) {
1da177e4 1236 vol->direct_io = 1;
50c2f753 1237 } else if (strnicmp(data, "forcedirectio", 13) == 0) {
1da177e4 1238 vol->direct_io = 1;
50c2f753 1239 } else if (strnicmp(data, "in6_addr", 8) == 0) {
1da177e4
LT		 1240 if (!value || !*value) {
1241 vol->in6_addr = NULL;
1242 } else if (strnlen(value, 49) == 48) {
1243 vol->in6_addr = value;
1244 } else {
50c2f753
SF		 1245 printk(KERN_WARNING "CIFS: ip v6 address not "
1246 "48 characters long\n");
1da177e4
LT		 1247 return 1;
1248 }
1249 } else if (strnicmp(data, "noac", 4) == 0) {
50c2f753
SF		 1250 printk(KERN_WARNING "CIFS: Mount option noac not "
1251 "supported. Instead set "
1252 "/proc/fs/cifs/LookupCacheEnabled to 0\n");
1da177e4 1253 } else
50c2f753
SF		 1254 printk(KERN_WARNING "CIFS: Unknown mount option %s\n",
1255 data);
1da177e4
LT		 1256 }
1257 if (vol->UNC == NULL) {
4523cc30 1258 if (devname == NULL) {
50c2f753
SF		 1259 printk(KERN_WARNING "CIFS: Missing UNC name for mount "
1260 "target\n");
1da177e4
LT		 1261 return 1;
1262 }
1263 if ((temp_len = strnlen(devname, 300)) < 300) {
50c2f753 1264 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
4523cc30 1265 if (vol->UNC == NULL)
1da177e4 1266 return 1;
50c2f753 1267 strcpy(vol->UNC, devname);
1da177e4
LT		 1268 if (strncmp(vol->UNC, "//", 2) == 0) {
1269 vol->UNC[0] = '\\';
1270 vol->UNC[1] = '\\';
1271 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
50c2f753
SF		 1272 printk(KERN_WARNING "CIFS: UNC Path does not "
1273 "begin with // or \\\\ \n");
1da177e4
LT		 1274 return 1;
1275 }
1276 } else {
1277 printk(KERN_WARNING "CIFS: UNC name too long\n");
1278 return 1;
1279 }
1280 }
fb8c4b14 1281 if (vol->UNCip == NULL)
1da177e4
LT		 1282 vol->UNCip = &vol->UNC[2];
1283
1284 return 0;
1285}
1286
1287static struct cifsSesInfo *
50c2f753 1288cifs_find_tcp_session(struct in_addr *target_ip_addr,
1da177e4
LT		 1289 struct in6_addr *target_ip6_addr,
1290 char *userName, struct TCP_Server_Info **psrvTcp)
1291{
1292 struct list_head *tmp;
1293 struct cifsSesInfo *ses;
1294 *psrvTcp = NULL;
1295 read_lock(&GlobalSMBSeslock);
1296
1297 list_for_each(tmp, &GlobalSMBSessionList) {
1298 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
1299 if (ses->server) {
50c2f753 1300 if ((target_ip_addr &&
1da177e4
LT		 1301 (ses->server->addr.sockAddr.sin_addr.s_addr
1302 == target_ip_addr->s_addr)) || (target_ip6_addr
1303 && memcmp(&ses->server->addr.sockAddr6.sin6_addr,
50c2f753
SF		 1304 target_ip6_addr, sizeof(*target_ip6_addr)))) {
1305 /* BB lock server and tcp session and increment
1306 use count here?? */
1307
1308 /* found a match on the TCP session */
1309 *psrvTcp = ses->server;
1310
1da177e4
LT		 1311 /* BB check if reconnection needed */
1312 if (strncmp
1313 (ses->userName, userName,
1314 MAX_USERNAME_SIZE) == 0){
1315 read_unlock(&GlobalSMBSeslock);
50c2f753
SF		 1316 /* Found exact match on both TCP and
1317 SMB sessions */
1318 return ses;
1da177e4
LT		 1319 }
1320 }
1321 }
1322 /* else tcp and smb sessions need reconnection */
1323 }
1324 read_unlock(&GlobalSMBSeslock);
1325 return NULL;
1326}
1327
1328static struct cifsTconInfo *
1329find_unc(__be32 new_target_ip_addr, char *uncName, char *userName)
1330{
1331 struct list_head *tmp;
1332 struct cifsTconInfo *tcon;
1333
1334 read_lock(&GlobalSMBSeslock);
1335 list_for_each(tmp, &GlobalTreeConnectionList) {
e466e487 1336 cFYI(1, ("Next tcon"));
1da177e4
LT		 1337 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
1338 if (tcon->ses) {
1339 if (tcon->ses->server) {
1340 cFYI(1,
e466e487 1341 ("old ip addr: %x == new ip %x ?",
1da177e4
LT		 1342 tcon->ses->server->addr.sockAddr.sin_addr.
1343 s_addr, new_target_ip_addr));
1344 if (tcon->ses->server->addr.sockAddr.sin_addr.
1345 s_addr == new_target_ip_addr) {
e466e487 1346 /* BB lock tcon, server and tcp session and increment use count here? */
1da177e4
LT		 1347 /* found a match on the TCP session */
1348 /* BB check if reconnection needed */
50c2f753
SF		 1349 cFYI(1,
1350 ("IP match, old UNC: %s new: %s",
1da177e4
LT		 1351 tcon->treeName, uncName));
1352 if (strncmp
1353 (tcon->treeName, uncName,
1354 MAX_TREE_SIZE) == 0) {
1355 cFYI(1,
e466e487 1356 ("and old usr: %s new: %s",
1da177e4
LT		 1357 tcon->treeName, uncName));
1358 if (strncmp
1359 (tcon->ses->userName,
1360 userName,
1361 MAX_USERNAME_SIZE) == 0) {
1362 read_unlock(&GlobalSMBSeslock);
e466e487
SF		 1363 /* matched smb session
1364 (user name */
1365 return tcon;
1da177e4
LT		 1366 }
1367 }
1368 }
1369 }
1370 }
1371 }
1372 read_unlock(&GlobalSMBSeslock);
1373 return NULL;
1374}
1375
1376int
1377connect_to_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
737b758c
SF		 1378 const char *old_path, const struct nls_table *nls_codepage,
1379 int remap)
1da177e4
LT		 1380{
1381 unsigned char *referrals = NULL;
1382 unsigned int num_referrals;
1383 int rc = 0;
1384
50c2f753 1385 rc = get_dfs_path(xid, pSesInfo, old_path, nls_codepage,
737b758c 1386 &num_referrals, &referrals, remap);
1da177e4
LT		 1387
1388 /* BB Add in code to: if valid refrl, if not ip address contact
50c2f753 1389 the helper that resolves tcp names, mount to it, try to
1da177e4
LT		 1390 tcon to it unmount it if fail */
1391
f99d49ad 1392 kfree(referrals);
1da177e4
LT		 1393
1394 return rc;
1395}
1396
1397int
50c2f753
SF		 1398get_dfs_path(int xid, struct cifsSesInfo *pSesInfo, const char *old_path,
1399 const struct nls_table *nls_codepage, unsigned int *pnum_referrals,
1400 unsigned char **preferrals, int remap)
1da177e4
LT		 1401{
1402 char *temp_unc;
1403 int rc = 0;
1404
1405 *pnum_referrals = 0;
1406
1407 if (pSesInfo->ipc_tid == 0) {
1408 temp_unc = kmalloc(2 /* for slashes */ +
50c2f753
SF		 1409 strnlen(pSesInfo->serverName,
1410 SERVER_NAME_LEN_WITH_NULL * 2)
1da177e4
LT		 1411 + 1 + 4 /* slash IPC$ */ + 2,
1412 GFP_KERNEL);
1413 if (temp_unc == NULL)
1414 return -ENOMEM;
1415 temp_unc[0] = '\\';
1416 temp_unc[1] = '\\';
1417 strcpy(temp_unc + 2, pSesInfo->serverName);
1418 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
1419 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
1420 cFYI(1,
50c2f753 1421 ("CIFS Tcon rc = %d ipc_tid = %d", rc, pSesInfo->ipc_tid));
1da177e4
LT		 1422 kfree(temp_unc);
1423 }
1424 if (rc == 0)
1425 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
737b758c 1426 pnum_referrals, nls_codepage, remap);
1da177e4
LT		 1427
1428 return rc;
1429}
1430
1431/* See RFC1001 section 14 on representation of Netbios names */
50c2f753 1432static void rfc1002mangle(char *target, char *source, unsigned int length)
1da177e4 1433{
50c2f753 1434 unsigned int i, j;
1da177e4 1435
50c2f753 1436 for (i = 0, j = 0; i < (length); i++) {
1da177e4
LT		 1437 /* mask a nibble at a time and encode */
1438 target[j] = 'A' + (0x0F & (source[i] >> 4));
1439 target[j+1] = 'A' + (0x0F & source[i]);
50c2f753 1440 j += 2;
1da177e4
LT		 1441 }
1442
1443}
1444
1445
1446static int
50c2f753
SF		 1447ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket,
1448 char *netbios_name, char *target_name)
1da177e4
LT		 1449{
1450 int rc = 0;
1451 int connected = 0;
1452 __be16 orig_port = 0;
1453
fb8c4b14 1454 if (*csocket == NULL) {
50c2f753
SF		 1455 rc = sock_create_kern(PF_INET, SOCK_STREAM,
1456 IPPROTO_TCP, csocket);
1da177e4 1457 if (rc < 0) {
50c2f753 1458 cERROR(1, ("Error %d creating socket", rc));
1da177e4
LT		 1459 *csocket = NULL;
1460 return rc;
1461 } else {
1462 /* BB other socket options to set KEEPALIVE, NODELAY? */
467a8f8d 1463 cFYI(1, ("Socket created"));
50c2f753 1464 (*csocket)->sk->sk_allocation = GFP_NOFS;
1da177e4
LT		 1465 }
1466 }
1467
1468 psin_server->sin_family = AF_INET;
fb8c4b14 1469 if (psin_server->sin_port) { /* user overrode default port */
1da177e4
LT		 1470 rc = (*csocket)->ops->connect(*csocket,
1471 (struct sockaddr *) psin_server,
50c2f753 1472 sizeof (struct sockaddr_in), 0);
1da177e4
LT		 1473 if (rc >= 0)
1474 connected = 1;
50c2f753 1475 }
1da177e4 1476
fb8c4b14 1477 if (!connected) {
50c2f753 1478 /* save original port so we can retry user specified port
1da177e4
LT		 1479 later if fall back ports fail this time */
1480 orig_port = psin_server->sin_port;
1481
1482 /* do not retry on the same port we just failed on */
fb8c4b14 1483 if (psin_server->sin_port != htons(CIFS_PORT)) {
1da177e4
LT		 1484 psin_server->sin_port = htons(CIFS_PORT);
1485
1486 rc = (*csocket)->ops->connect(*csocket,
1487 (struct sockaddr *) psin_server,
50c2f753 1488 sizeof (struct sockaddr_in), 0);
1da177e4
LT		 1489 if (rc >= 0)
1490 connected = 1;
1491 }
1492 }
1493 if (!connected) {
1494 psin_server->sin_port = htons(RFC1001_PORT);
1495 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
50c2f753
SF		 1496 psin_server,
1497 sizeof (struct sockaddr_in), 0);
1498 if (rc >= 0)
1da177e4
LT		 1499 connected = 1;
1500 }
1501
1502 /* give up here - unless we want to retry on different
1503 protocol families some day */
1504 if (!connected) {
fb8c4b14 1505 if (orig_port)
1da177e4 1506 psin_server->sin_port = orig_port;
50c2f753 1507 cFYI(1, ("Error %d connecting to server via ipv4", rc));
1da177e4
LT		 1508 sock_release(*csocket);
1509 *csocket = NULL;
1510 return rc;
1511 }
50c2f753
SF		 1512 /* Eventually check for other socket options to change from
1513 the default. sock_setsockopt not used because it expects
1da177e4 1514 user space buffer */
50c2f753
SF		 1515 cFYI(1, ("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",
1516 (*csocket)->sk->sk_sndbuf,
b387eaeb 1517 (*csocket)->sk->sk_rcvbuf, (*csocket)->sk->sk_rcvtimeo));
1da177e4 1518 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
b387eaeb 1519 /* make the bufsizes depend on wsize/rsize and max requests */
fb8c4b14 1520 if ((*csocket)->sk->sk_sndbuf < (200 * 1024))
b387eaeb 1521 (*csocket)->sk->sk_sndbuf = 200 * 1024;
fb8c4b14 1522 if ((*csocket)->sk->sk_rcvbuf < (140 * 1024))
b387eaeb 1523 (*csocket)->sk->sk_rcvbuf = 140 * 1024;
1da177e4
LT		 1524
1525 /* send RFC1001 sessinit */
fb8c4b14 1526 if (psin_server->sin_port == htons(RFC1001_PORT)) {
1da177e4 1527 /* some servers require RFC1001 sessinit before sending
50c2f753 1528 negprot - BB check reconnection in case where second
1da177e4 1529 sessinit is sent but no second negprot */
50c2f753
SF		 1530 struct rfc1002_session_packet *ses_init_buf;
1531 struct smb_hdr *smb_buf;
1532 ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet),
1533 GFP_KERNEL);
fb8c4b14 1534 if (ses_init_buf) {
1da177e4 1535 ses_init_buf->trailer.session_req.called_len = 32;
fb8c4b14 1536 if (target_name && (target_name[0] != 0)) {
a10faeb2
SF		 1537 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1538 target_name, 16);
1539 } else {
1540 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
50c2f753 1541 DEFAULT_CIFS_CALLED_NAME, 16);
a10faeb2
SF		 1542 }
1543
1da177e4
LT		 1544 ses_init_buf->trailer.session_req.calling_len = 32;
1545 /* calling name ends in null (byte 16) from old smb
1546 convention. */
50c2f753 1547 if (netbios_name && (netbios_name[0] != 0)) {
1da177e4 1548 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
50c2f753 1549 netbios_name, 16);
1da177e4
LT		 1550 } else {
1551 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
50c2f753 1552 "LINUX_CIFS_CLNT", 16);
1da177e4
LT		 1553 }
1554 ses_init_buf->trailer.session_req.scope1 = 0;
1555 ses_init_buf->trailer.session_req.scope2 = 0;
1556 smb_buf = (struct smb_hdr *)ses_init_buf;
1557 /* sizeof RFC1002_SESSION_REQUEST with no scope */
1558 smb_buf->smb_buf_length = 0x81000044;
1559 rc = smb_send(*csocket, smb_buf, 0x44,
1560 (struct sockaddr *)psin_server);
1561 kfree(ses_init_buf);
50c2f753 1562 msleep(1); /* RFC1001 layer in at least one server
083d3a2c
SF		 1563 requires very short break before negprot
1564 presumably because not expecting negprot
1565 to follow so fast. This is a simple
50c2f753 1566 solution that works without
083d3a2c
SF		 1567 complicating the code and causes no
1568 significant slowing down on mount
1569 for everyone else */
1da177e4 1570 }
50c2f753 1571 /* else the negprot may still work without this
1da177e4 1572 even though malloc failed */
50c2f753 1573
1da177e4 1574 }
50c2f753 1575
1da177e4
LT		 1576 return rc;
1577}
1578
1579static int
1580ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket)
1581{
1582 int rc = 0;
1583 int connected = 0;
1584 __be16 orig_port = 0;
1585
fb8c4b14 1586 if (*csocket == NULL) {
50c2f753
SF		 1587 rc = sock_create_kern(PF_INET6, SOCK_STREAM,
1588 IPPROTO_TCP, csocket);
1da177e4 1589 if (rc < 0) {
50c2f753 1590 cERROR(1, ("Error %d creating ipv6 socket", rc));
1da177e4
LT		 1591 *csocket = NULL;
1592 return rc;
1593 } else {
1594 /* BB other socket options to set KEEPALIVE, NODELAY? */
fb8c4b14 1595 cFYI(1, ("ipv6 Socket created"));
1da177e4
LT		 1596 (*csocket)->sk->sk_allocation = GFP_NOFS;
1597 }
1598 }
1599
1600 psin_server->sin6_family = AF_INET6;
1601
fb8c4b14 1602 if (psin_server->sin6_port) { /* user overrode default port */
1da177e4
LT		 1603 rc = (*csocket)->ops->connect(*csocket,
1604 (struct sockaddr *) psin_server,
50c2f753 1605 sizeof (struct sockaddr_in6), 0);
1da177e4
LT		 1606 if (rc >= 0)
1607 connected = 1;
50c2f753 1608 }
1da177e4 1609
fb8c4b14 1610 if (!connected) {
50c2f753 1611 /* save original port so we can retry user specified port
1da177e4
LT		 1612 later if fall back ports fail this time */
1613
1614 orig_port = psin_server->sin6_port;
1615 /* do not retry on the same port we just failed on */
fb8c4b14 1616 if (psin_server->sin6_port != htons(CIFS_PORT)) {
1da177e4
LT		 1617 psin_server->sin6_port = htons(CIFS_PORT);
1618
1619 rc = (*csocket)->ops->connect(*csocket,
1620 (struct sockaddr *) psin_server,
50c2f753 1621 sizeof (struct sockaddr_in6), 0);
1da177e4
LT		 1622 if (rc >= 0)
1623 connected = 1;
1624 }
1625 }
1626 if (!connected) {
1627 psin_server->sin6_port = htons(RFC1001_PORT);
1628 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
50c2f753
SF		 1629 psin_server, sizeof (struct sockaddr_in6), 0);
1630 if (rc >= 0)
1da177e4
LT		 1631 connected = 1;
1632 }
1633
1634 /* give up here - unless we want to retry on different
1635 protocol families some day */
1636 if (!connected) {
fb8c4b14 1637 if (orig_port)
1da177e4 1638 psin_server->sin6_port = orig_port;
50c2f753 1639 cFYI(1, ("Error %d connecting to server via ipv6", rc));
1da177e4
LT		 1640 sock_release(*csocket);
1641 *csocket = NULL;
1642 return rc;
1643 }
50c2f753
SF		 1644 /* Eventually check for other socket options to change from
1645 the default. sock_setsockopt not used because it expects
1da177e4
LT		 1646 user space buffer */
1647 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
50c2f753 1648
1da177e4
LT		 1649 return rc;
1650}
1651
50c2f753
SF		 1652void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon,
1653 struct super_block *sb, struct smb_vol *vol_info)
8af18971
SF		 1654{
1655 /* if we are reconnecting then should we check to see if
1656 * any requested capabilities changed locally e.g. via
1657 * remount but we can not do much about it here
1658 * if they have (even if we could detect it by the following)
1659 * Perhaps we could add a backpointer to array of sb from tcon
1660 * or if we change to make all sb to same share the same
1661 * sb as NFS - then we only have one backpointer to sb.
1662 * What if we wanted to mount the server share twice once with
1663 * and once without posixacls or posix paths? */
1664 __u64 saved_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
50c2f753 1665
c18c842b
SF		 1666 if (vol_info && vol_info->no_linux_ext) {
1667 tcon->fsUnixInfo.Capability = 0;
1668 tcon->unix_ext = 0; /* Unix Extensions disabled */
1669 cFYI(1, ("Linux protocol extensions disabled"));
1670 return;
1671 } else if (vol_info)
1672 tcon->unix_ext = 1; /* Unix Extensions supported */
1673
1674 if (tcon->unix_ext == 0) {
1675 cFYI(1, ("Unix extensions disabled so not set on reconnect"));
1676 return;
1677 }
50c2f753 1678
fb8c4b14 1679 if (!CIFSSMBQFSUnixInfo(xid, tcon)) {
8af18971 1680 __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
50c2f753 1681
8af18971
SF		 1682 /* check for reconnect case in which we do not
1683 want to change the mount behavior if we can avoid it */
fb8c4b14 1684 if (vol_info == NULL) {
50c2f753 1685 /* turn off POSIX ACL and PATHNAMES if not set
8af18971
SF		 1686 originally at mount time */
1687 if ((saved_cap & CIFS_UNIX_POSIX_ACL_CAP) == 0)
1688 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
1689 if ((saved_cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0)
1690 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
8af18971 1691 }
50c2f753 1692
8af18971 1693 cap &= CIFS_UNIX_CAP_MASK;
75865f8c 1694 if (vol_info && vol_info->no_psx_acl)
8af18971 1695 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
75865f8c 1696 else if (CIFS_UNIX_POSIX_ACL_CAP & cap) {
fb8c4b14
SF		 1697 cFYI(1, ("negotiated posix acl support"));
1698 if (sb)
8af18971
SF		 1699 sb->s_flags |= MS_POSIXACL;
1700 }
1701
75865f8c 1702 if (vol_info && vol_info->posix_paths == 0)
8af18971 1703 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
75865f8c 1704 else if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
fb8c4b14 1705 cFYI(1, ("negotiate posix pathnames"));
75865f8c 1706 if (sb)
50c2f753 1707 CIFS_SB(sb)->mnt_cifs_flags |=
8af18971
SF		 1708 CIFS_MOUNT_POSIX_PATHS;
1709 }
50c2f753 1710
984acfe1
SF		 1711 /* We might be setting the path sep back to a different
1712 form if we are reconnecting and the server switched its
50c2f753 1713 posix path capability for this share */
75865f8c 1714 if (sb && (CIFS_SB(sb)->prepathlen > 0))
984acfe1 1715 CIFS_SB(sb)->prepath[0] = CIFS_DIR_SEP(CIFS_SB(sb));
75865f8c
SF		 1716
1717 if (sb && (CIFS_SB(sb)->rsize > 127 * 1024)) {
1718 if ((cap & CIFS_UNIX_LARGE_READ_CAP) == 0) {
1719 CIFS_SB(sb)->rsize = 127 * 1024;
1720#ifdef CONFIG_CIFS_DEBUG2
fb8c4b14 1721 cFYI(1, ("larger reads not supported by srv"));
75865f8c
SF		 1722#endif
1723 }
1724 }
50c2f753
SF		 1725
1726
1727 cFYI(1, ("Negotiate caps 0x%x", (int)cap));
8af18971 1728#ifdef CONFIG_CIFS_DEBUG2
75865f8c 1729 if (cap & CIFS_UNIX_FCNTL_CAP)
fb8c4b14 1730 cFYI(1, ("FCNTL cap"));
75865f8c 1731 if (cap & CIFS_UNIX_EXTATTR_CAP)
fb8c4b14 1732 cFYI(1, ("EXTATTR cap"));
75865f8c 1733 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
fb8c4b14 1734 cFYI(1, ("POSIX path cap"));
75865f8c 1735 if (cap & CIFS_UNIX_XATTR_CAP)
fb8c4b14 1736 cFYI(1, ("XATTR cap"));
75865f8c 1737 if (cap & CIFS_UNIX_POSIX_ACL_CAP)
fb8c4b14 1738 cFYI(1, ("POSIX ACL cap"));
75865f8c 1739 if (cap & CIFS_UNIX_LARGE_READ_CAP)
fb8c4b14 1740 cFYI(1, ("very large read cap"));
75865f8c 1741 if (cap & CIFS_UNIX_LARGE_WRITE_CAP)
fb8c4b14 1742 cFYI(1, ("very large write cap"));
8af18971
SF		 1743#endif /* CIFS_DEBUG2 */
1744 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
fb8c4b14 1745 cFYI(1, ("setting capabilities failed"));
8af18971
SF		 1746 }
1747 }
1748}
1749
1da177e4
LT		 1750int
1751cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
1752 char *mount_data, const char *devname)
1753{
1754 int rc = 0;
1755 int xid;
1756 int address_type = AF_INET;
1757 struct socket *csocket = NULL;
1758 struct sockaddr_in sin_server;
1759 struct sockaddr_in6 sin_server6;
1760 struct smb_vol volume_info;
1761 struct cifsSesInfo *pSesInfo = NULL;
1762 struct cifsSesInfo *existingCifsSes = NULL;
1763 struct cifsTconInfo *tcon = NULL;
1764 struct TCP_Server_Info *srvTcp = NULL;
1765
1766 xid = GetXid();
1767
1768/* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */
50c2f753
SF		 1769
1770 memset(&volume_info, 0, sizeof(struct smb_vol));
1da177e4 1771 if (cifs_parse_mount_options(mount_data, devname, &volume_info)) {
f99d49ad
JJ		 1772 kfree(volume_info.UNC);
1773 kfree(volume_info.password);
2fe87f02 1774 kfree(volume_info.prepath);
1da177e4
LT		 1775 FreeXid(xid);
1776 return -EINVAL;
1777 }
1778
8426c39c 1779 if (volume_info.nullauth) {
fb8c4b14 1780 cFYI(1, ("null user"));
8426c39c
JL		 1781 volume_info.username = NULL;
1782 } else if (volume_info.username) {
1da177e4 1783 /* BB fixme parse for domain name here */
467a8f8d 1784 cFYI(1, ("Username: %s", volume_info.username));
1da177e4 1785 } else {
bf820679 1786 cifserror("No username specified");
50c2f753
SF		 1787 /* In userspace mount helper we can get user name from alternate
1788 locations such as env variables and files on disk */
f99d49ad
JJ		 1789 kfree(volume_info.UNC);
1790 kfree(volume_info.password);
2fe87f02 1791 kfree(volume_info.prepath);
1da177e4
LT		 1792 FreeXid(xid);
1793 return -EINVAL;
1794 }
1795
1796 if (volume_info.UNCip && volume_info.UNC) {
50c2f753
SF		 1797 rc = cifs_inet_pton(AF_INET, volume_info.UNCip,
1798 &sin_server.sin_addr.s_addr);
1da177e4 1799
fb8c4b14 1800 if (rc <= 0) {
1da177e4 1801 /* not ipv4 address, try ipv6 */
50c2f753
SF		 1802 rc = cifs_inet_pton(AF_INET6, volume_info.UNCip,
1803 &sin_server6.sin6_addr.in6_u);
fb8c4b14 1804 if (rc > 0)
1da177e4
LT		 1805 address_type = AF_INET6;
1806 } else {
1807 address_type = AF_INET;
1808 }
50c2f753 1809
fb8c4b14 1810 if (rc <= 0) {
1da177e4 1811 /* we failed translating address */
f99d49ad
JJ		 1812 kfree(volume_info.UNC);
1813 kfree(volume_info.password);
2fe87f02 1814 kfree(volume_info.prepath);
1da177e4
LT		 1815 FreeXid(xid);
1816 return -EINVAL;
1817 }
1818
1819 cFYI(1, ("UNC: %s ip: %s", volume_info.UNC, volume_info.UNCip));
1820 /* success */
1821 rc = 0;
50c2f753
SF		 1822 } else if (volume_info.UNCip) {
1823 /* BB using ip addr as server name to connect to the
1824 DFS root below */
1825 cERROR(1, ("Connecting to DFS root not implemented yet"));
f99d49ad
JJ		 1826 kfree(volume_info.UNC);
1827 kfree(volume_info.password);
2fe87f02 1828 kfree(volume_info.prepath);
1da177e4
LT		 1829 FreeXid(xid);
1830 return -EINVAL;
1831 } else /* which servers DFS root would we conect to */ {
1832 cERROR(1,
50c2f753
SF		 1833 ("CIFS mount error: No UNC path (e.g. -o "
1834 "unc=//192.168.1.100/public) specified"));
f99d49ad
JJ		 1835 kfree(volume_info.UNC);
1836 kfree(volume_info.password);
2fe87f02 1837 kfree(volume_info.prepath);
1da177e4
LT		 1838 FreeXid(xid);
1839 return -EINVAL;
1840 }
1841
1842 /* this is needed for ASCII cp to Unicode converts */
fb8c4b14 1843 if (volume_info.iocharset == NULL) {
1da177e4
LT		 1844 cifs_sb->local_nls = load_nls_default();
1845 /* load_nls_default can not return null */
1846 } else {
1847 cifs_sb->local_nls = load_nls(volume_info.iocharset);
fb8c4b14 1848 if (cifs_sb->local_nls == NULL) {
50c2f753
SF		 1849 cERROR(1, ("CIFS mount error: iocharset %s not found",
1850 volume_info.iocharset));
f99d49ad
JJ		 1851 kfree(volume_info.UNC);
1852 kfree(volume_info.password);
2fe87f02 1853 kfree(volume_info.prepath);
1da177e4
LT		 1854 FreeXid(xid);
1855 return -ELIBACC;
1856 }
1857 }
1858
fb8c4b14 1859 if (address_type == AF_INET)
1da177e4
LT		 1860 existingCifsSes = cifs_find_tcp_session(&sin_server.sin_addr,
1861 NULL /* no ipv6 addr */,
1862 volume_info.username, &srvTcp);
fb8c4b14
SF		 1863 else if (address_type == AF_INET6) {
1864 cFYI(1, ("looking for ipv6 address"));
1da177e4
LT		 1865 existingCifsSes = cifs_find_tcp_session(NULL /* no ipv4 addr */,
1866 &sin_server6.sin6_addr,
1867 volume_info.username, &srvTcp);
5858ae44 1868 } else {
f99d49ad
JJ		 1869 kfree(volume_info.UNC);
1870 kfree(volume_info.password);
2fe87f02 1871 kfree(volume_info.prepath);
1da177e4
LT		 1872 FreeXid(xid);
1873 return -EINVAL;
1874 }
1875
1da177e4 1876 if (srvTcp) {
50c2f753 1877 cFYI(1, ("Existing tcp session with server found"));
1da177e4 1878 } else { /* create socket */
4523cc30 1879 if (volume_info.port)
1da177e4
LT		 1880 sin_server.sin_port = htons(volume_info.port);
1881 else
1882 sin_server.sin_port = 0;
5858ae44 1883 if (address_type == AF_INET6) {
fb8c4b14 1884 cFYI(1, ("attempting ipv6 connect"));
5858ae44
SF		 1885 /* BB should we allow ipv6 on port 139? */
1886 /* other OS never observed in Wild doing 139 with v6 */
50c2f753
SF		 1887 rc = ipv6_connect(&sin_server6, &csocket);
1888 } else
1889 rc = ipv4_connect(&sin_server, &csocket,
a10faeb2
SF		 1890 volume_info.source_rfc1001_name,
1891 volume_info.target_rfc1001_name);
1da177e4 1892 if (rc < 0) {
50c2f753
SF		 1893 cERROR(1, ("Error connecting to IPv4 socket. "
1894 "Aborting operation"));
4523cc30 1895 if (csocket != NULL)
1da177e4 1896 sock_release(csocket);
f99d49ad
JJ		 1897 kfree(volume_info.UNC);
1898 kfree(volume_info.password);
2fe87f02 1899 kfree(volume_info.prepath);
1da177e4
LT		 1900 FreeXid(xid);
1901 return rc;
1902 }
1903
1904 srvTcp = kmalloc(sizeof (struct TCP_Server_Info), GFP_KERNEL);
1905 if (srvTcp == NULL) {
1906 rc = -ENOMEM;
1907 sock_release(csocket);
f99d49ad
JJ		 1908 kfree(volume_info.UNC);
1909 kfree(volume_info.password);
2fe87f02 1910 kfree(volume_info.prepath);
1da177e4
LT		 1911 FreeXid(xid);
1912 return rc;
1913 } else {
1914 memset(srvTcp, 0, sizeof (struct TCP_Server_Info));
50c2f753
SF		 1915 memcpy(&srvTcp->addr.sockAddr, &sin_server,
1916 sizeof (struct sockaddr_in));
1917 atomic_set(&srvTcp->inFlight, 0);
1da177e4
LT		 1918 /* BB Add code for ipv6 case too */
1919 srvTcp->ssocket = csocket;
1920 srvTcp->protocolType = IPV4;
1921 init_waitqueue_head(&srvTcp->response_q);
1922 init_waitqueue_head(&srvTcp->request_q);
1923 INIT_LIST_HEAD(&srvTcp->pending_mid_q);
1924 /* at this point we are the only ones with the pointer
1925 to the struct since the kernel thread not created yet
1926 so no need to spinlock this init of tcpStatus */
1927 srvTcp->tcpStatus = CifsNew;
1928 init_MUTEX(&srvTcp->tcpSem);
aaf737ad 1929 srvTcp->tsk = kthread_run((void *)(void *)cifs_demultiplex_thread, srvTcp, "cifsd");
4523cc30 1930 if ( IS_ERR(srvTcp->tsk) ) {
aaf737ad 1931 rc = PTR_ERR(srvTcp->tsk);
50c2f753 1932 cERROR(1, ("error %d create cifsd thread", rc));
aaf737ad 1933 srvTcp->tsk = NULL;
1da177e4 1934 sock_release(csocket);
f99d49ad
JJ		 1935 kfree(volume_info.UNC);
1936 kfree(volume_info.password);
2fe87f02 1937 kfree(volume_info.prepath);
1da177e4
LT		 1938 FreeXid(xid);
1939 return rc;
f191401f
SF		 1940 }
1941 wait_for_completion(&cifsd_complete);
1942 rc = 0;
50c2f753
SF		 1943 memcpy(srvTcp->workstation_RFC1001_name,
1944 volume_info.source_rfc1001_name, 16);
1945 memcpy(srvTcp->server_RFC1001_name,
1946 volume_info.target_rfc1001_name, 16);
ad009ac9 1947 srvTcp->sequence_number = 0;
1da177e4
LT		 1948 }
1949 }
1950
1951 if (existingCifsSes) {
1952 pSesInfo = existingCifsSes;
bf820679 1953 cFYI(1, ("Existing smb sess found"));
f99d49ad 1954 kfree(volume_info.password);
1da177e4
LT		 1955 /* volume_info.UNC freed at end of function */
1956 } else if (!rc) {
bf820679 1957 cFYI(1, ("Existing smb sess not found"));
1da177e4
LT		 1958 pSesInfo = sesInfoAlloc();
1959 if (pSesInfo == NULL)
1960 rc = -ENOMEM;
1961 else {
1962 pSesInfo->server = srvTcp;
1963 sprintf(pSesInfo->serverName, "%u.%u.%u.%u",
1964 NIPQUAD(sin_server.sin_addr.s_addr));
1965 }
1966
50c2f753
SF		 1967 if (!rc) {
1968 /* volume_info.password freed at unmount */
1da177e4
LT		 1969 if (volume_info.password)
1970 pSesInfo->password = volume_info.password;
1971 if (volume_info.username)
1972 strncpy(pSesInfo->userName,
50c2f753
SF		 1973 volume_info.username,
1974 MAX_USERNAME_SIZE);
3979877e
SF		 1975 if (volume_info.domainname) {
1976 int len = strlen(volume_info.domainname);
50c2f753 1977 pSesInfo->domainName =
3979877e 1978 kmalloc(len + 1, GFP_KERNEL);
4523cc30 1979 if (pSesInfo->domainName)
3979877e
SF		 1980 strcpy(pSesInfo->domainName,
1981 volume_info.domainname);
1982 }
1da177e4 1983 pSesInfo->linux_uid = volume_info.linux_uid;
750d1151 1984 pSesInfo->overrideSecFlg = volume_info.secFlg;
1da177e4 1985 down(&pSesInfo->sesSem);
189acaae 1986 /* BB FIXME need to pass vol->secFlgs BB */
50c2f753
SF		 1987 rc = cifs_setup_session(xid, pSesInfo,
1988 cifs_sb->local_nls);
1da177e4 1989 up(&pSesInfo->sesSem);
4523cc30 1990 if (!rc)
1da177e4
LT		 1991 atomic_inc(&srvTcp->socketUseCount);
1992 } else
f99d49ad 1993 kfree(volume_info.password);
1da177e4 1994 }
50c2f753 1995
1da177e4
LT		 1996 /* search for existing tcon to this server share */
1997 if (!rc) {
4523cc30 1998 if (volume_info.rsize > CIFSMaxBufSize) {
50c2f753 1999 cERROR(1, ("rsize %d too large, using MaxBufSize",
0ae0efad
SF		 2000 volume_info.rsize));
2001 cifs_sb->rsize = CIFSMaxBufSize;
75865f8c
SF		 2002 } else if ((volume_info.rsize) &&
2003 (volume_info.rsize <= CIFSMaxBufSize))
1da177e4 2004 cifs_sb->rsize = volume_info.rsize;
0ae0efad
SF		 2005 else /* default */
2006 cifs_sb->rsize = CIFSMaxBufSize;
2007
4523cc30 2008 if (volume_info.wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
50c2f753 2009 cERROR(1, ("wsize %d too large, using 4096 instead",
0ae0efad
SF		 2010 volume_info.wsize));
2011 cifs_sb->wsize = 4096;
4523cc30 2012 } else if (volume_info.wsize)
1da177e4
LT		 2013 cifs_sb->wsize = volume_info.wsize;
2014 else
50c2f753 2015 cifs_sb->wsize =
1877c9ea
SF		 2016 min_t(const int, PAGEVEC_SIZE * PAGE_CACHE_SIZE,
2017 127*1024);
17cbbafe 2018 /* old default of CIFSMaxBufSize was too small now
50c2f753 2019 that SMB Write2 can send multiple pages in kvec.
17cbbafe
SF		 2020 RFC1001 does not describe what happens when frame
2021 bigger than 128K is sent so use that as max in
2022 conjunction with 52K kvec constraint on arch with 4K
2023 page size */
2024
4523cc30 2025 if (cifs_sb->rsize < 2048) {
50c2f753 2026 cifs_sb->rsize = 2048;
6cec2aed 2027 /* Windows ME may prefer this */
467a8f8d 2028 cFYI(1, ("readsize set to minimum: 2048"));
1da177e4 2029 }
2fe87f02
SF		 2030 /* calculate prepath */
2031 cifs_sb->prepath = volume_info.prepath;
4523cc30 2032 if (cifs_sb->prepath) {
2fe87f02
SF		 2033 cifs_sb->prepathlen = strlen(cifs_sb->prepath);
2034 cifs_sb->prepath[0] = CIFS_DIR_SEP(cifs_sb);
2035 volume_info.prepath = NULL;
50c2f753 2036 } else
2fe87f02 2037 cifs_sb->prepathlen = 0;
1da177e4
LT		 2038 cifs_sb->mnt_uid = volume_info.linux_uid;
2039 cifs_sb->mnt_gid = volume_info.linux_gid;
2040 cifs_sb->mnt_file_mode = volume_info.file_mode;
2041 cifs_sb->mnt_dir_mode = volume_info.dir_mode;
467a8f8d
SF		 2042 cFYI(1, ("file mode: 0x%x dir mode: 0x%x",
2043 cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode));
1da177e4 2044
4523cc30 2045 if (volume_info.noperm)
1da177e4 2046 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
4523cc30 2047 if (volume_info.setuids)
1da177e4 2048 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
4523cc30 2049 if (volume_info.server_ino)
1da177e4 2050 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
4523cc30 2051 if (volume_info.remap)
6a0b4824 2052 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
4523cc30 2053 if (volume_info.no_xattr)
1da177e4 2054 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
4523cc30 2055 if (volume_info.sfu_emul)
d7245c2c 2056 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
4523cc30 2057 if (volume_info.nobrl)
c46fa8ac 2058 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
4523cc30 2059 if (volume_info.cifs_acl)
0a4b92c0 2060 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
4523cc30
SF		 2061 if (volume_info.override_uid)
2062 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
2063 if (volume_info.override_gid)
2064 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
2065 if (volume_info.direct_io) {
467a8f8d 2066 cFYI(1, ("mounting share using direct i/o"));
1da177e4
LT		 2067 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
2068 }
2069
2070 tcon =
2071 find_unc(sin_server.sin_addr.s_addr, volume_info.UNC,
2072 volume_info.username);
2073 if (tcon) {
bf820679 2074 cFYI(1, ("Found match on UNC path"));
1da177e4
LT		 2075 /* we can have only one retry value for a connection
2076 to a share so for resources mounted more than once
50c2f753 2077 to the same server share the last value passed in
1da177e4
LT		 2078 for the retry flag is used */
2079 tcon->retry = volume_info.retry;
d3485d37 2080 tcon->nocase = volume_info.nocase;
1da177e4
LT		 2081 } else {
2082 tcon = tconInfoAlloc();
2083 if (tcon == NULL)
2084 rc = -ENOMEM;
2085 else {
50c2f753 2086 /* check for null share name ie connecting to
8af18971 2087 * dfs root */
1da177e4 2088
50c2f753 2089 /* BB check if this works for exactly length
8af18971 2090 * three strings */
1da177e4
LT		 2091 if ((strchr(volume_info.UNC + 3, '\\') == NULL)
2092 && (strchr(volume_info.UNC + 3, '/') ==
2093 NULL)) {
737b758c 2094 rc = connect_to_dfs_path(xid, pSesInfo,
8af18971 2095 "", cifs_sb->local_nls,
50c2f753 2096 cifs_sb->mnt_cifs_flags &
8af18971 2097 CIFS_MOUNT_MAP_SPECIAL_CHR);
f99d49ad 2098 kfree(volume_info.UNC);
1da177e4
LT		 2099 FreeXid(xid);
2100 return -ENODEV;
2101 } else {
8af18971
SF		 2102 /* BB Do we need to wrap sesSem around
2103 * this TCon call and Unix SetFS as
2104 * we do on SessSetup and reconnect? */
50c2f753 2105 rc = CIFSTCon(xid, pSesInfo,
1da177e4
LT		 2106 volume_info.UNC,
2107 tcon, cifs_sb->local_nls);
2108 cFYI(1, ("CIFS Tcon rc = %d", rc));
2109 }
2110 if (!rc) {
2111 atomic_inc(&pSesInfo->inUse);
2112 tcon->retry = volume_info.retry;
d3485d37 2113 tcon->nocase = volume_info.nocase;
1da177e4
LT		 2114 }
2115 }
2116 }
2117 }
4523cc30 2118 if (pSesInfo) {
1da177e4
LT		 2119 if (pSesInfo->capabilities & CAP_LARGE_FILES) {
2120 sb->s_maxbytes = (u64) 1 << 63;
2121 } else
2122 sb->s_maxbytes = (u64) 1 << 31; /* 2 GB */
2123 }
2124
8af18971 2125 /* BB FIXME fix time_gran to be larger for LANMAN sessions */
1da177e4
LT		 2126 sb->s_time_gran = 100;
2127
2128/* on error free sesinfo and tcon struct if needed */
2129 if (rc) {
2130 /* if session setup failed, use count is zero but
2131 we still need to free cifsd thread */
4523cc30 2132 if (atomic_read(&srvTcp->socketUseCount) == 0) {
1da177e4
LT		 2133 spin_lock(&GlobalMid_Lock);
2134 srvTcp->tcpStatus = CifsExiting;
2135 spin_unlock(&GlobalMid_Lock);
4523cc30 2136 if (srvTcp->tsk) {
28356a16
SF		 2137 struct task_struct *tsk;
2138 /* If we could verify that kthread_stop would
2139 always wake up processes blocked in
2140 tcp in recv_mesg then we could remove the
2141 send_sig call */
50c2f753 2142 force_sig(SIGKILL, srvTcp->tsk);
28356a16 2143 tsk = srvTcp->tsk;
fb8c4b14 2144 if (tsk)
f7f7c31c 2145 kthread_stop(tsk);
f191401f 2146 }
1da177e4
LT		 2147 }
2148 /* If find_unc succeeded then rc == 0 so we can not end */
2149 if (tcon) /* up accidently freeing someone elses tcon struct */
2150 tconInfoFree(tcon);
2151 if (existingCifsSes == NULL) {
2152 if (pSesInfo) {
50c2f753 2153 if ((pSesInfo->server) &&
1da177e4
LT		 2154 (pSesInfo->status == CifsGood)) {
2155 int temp_rc;
2156 temp_rc = CIFSSMBLogoff(xid, pSesInfo);
2157 /* if the socketUseCount is now zero */
4523cc30 2158 if ((temp_rc == -ESHUTDOWN) &&
50c2f753 2159 (pSesInfo->server) &&
5d9c7206 2160 (pSesInfo->server->tsk)) {
28356a16 2161 struct task_struct *tsk;
5d9c7206
J		 2162 force_sig(SIGKILL,
2163 pSesInfo->server->tsk);
28356a16 2164 tsk = pSesInfo->server->tsk;
f7f7c31c 2165 if (tsk)
28356a16 2166 kthread_stop(tsk);
f191401f 2167 }
1da177e4
LT		 2168 } else
2169 cFYI(1, ("No session or bad tcon"));
2170 sesInfoFree(pSesInfo);
2171 /* pSesInfo = NULL; */
2172 }
2173 }
2174 } else {
2175 atomic_inc(&tcon->useCount);
2176 cifs_sb->tcon = tcon;
2177 tcon->ses = pSesInfo;
2178
82940a46 2179 /* do not care if following two calls succeed - informational */
737b758c
SF		 2180 CIFSSMBQFSDeviceInfo(xid, tcon);
2181 CIFSSMBQFSAttributeInfo(xid, tcon);
50c2f753 2182
8af18971
SF		 2183 /* tell server which Unix caps we support */
2184 if (tcon->ses->capabilities & CAP_UNIX)
c18c842b
SF		 2185 /* reset of caps checks mount to see if unix extensions
2186 disabled for just this mount */
8af18971 2187 reset_cifs_unix_caps(xid, tcon, sb, &volume_info);
c18c842b
SF		 2188 else
2189 tcon->unix_ext = 0; /* server does not support them */
2190
2191 if ((tcon->unix_ext == 0) && (cifs_sb->rsize > (1024 * 127))) {
75865f8c
SF		 2192 cifs_sb->rsize = 1024 * 127;
2193#ifdef CONFIG_CIFS_DEBUG2
c18c842b 2194 cFYI(1, ("no very large read support, rsize now 127K"));
75865f8c 2195#endif
75865f8c 2196 }
3e84469d
SF		 2197 if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
2198 cifs_sb->wsize = min(cifs_sb->wsize,
2199 (tcon->ses->server->maxBuf -
2200 MAX_CIFS_HDR_SIZE));
0ae0efad 2201 if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
50c2f753
SF		 2202 cifs_sb->rsize = min(cifs_sb->rsize,
2203 (tcon->ses->server->maxBuf -
2204 MAX_CIFS_HDR_SIZE));
1da177e4
LT		 2205 }
2206
2207 /* volume_info.password is freed above when existing session found
2208 (in which case it is not needed anymore) but when new sesion is created
2209 the password ptr is put in the new session structure (in which case the
2210 password will be freed at unmount time) */
f99d49ad 2211 kfree(volume_info.UNC);
2fe87f02 2212 kfree(volume_info.prepath);
1da177e4
LT		 2213 FreeXid(xid);
2214 return rc;
2215}
2216
2217static int
2218CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
7c7b25bc 2219 char session_key[CIFS_SESS_KEY_SIZE],
1da177e4
LT		 2220 const struct nls_table *nls_codepage)
2221{
2222 struct smb_hdr *smb_buffer;
2223 struct smb_hdr *smb_buffer_response;
2224 SESSION_SETUP_ANDX *pSMB;
2225 SESSION_SETUP_ANDX *pSMBr;
2226 char *bcc_ptr;
2227 char *user;
2228 char *domain;
2229 int rc = 0;
2230 int remaining_words = 0;
2231 int bytes_returned = 0;
2232 int len;
2233 __u32 capabilities;
2234 __u16 count;
2235
eeac8047 2236 cFYI(1, ("In sesssetup"));
4523cc30 2237 if (ses == NULL)
1da177e4
LT		 2238 return -EINVAL;
2239 user = ses->userName;
2240 domain = ses->domainName;
2241 smb_buffer = cifs_buf_get();
2242 if (smb_buffer == NULL) {
2243 return -ENOMEM;
2244 }
2245 smb_buffer_response = smb_buffer;
2246 pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2247
2248 /* send SMBsessionSetup here */
2249 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2250 NULL /* no tCon exists yet */ , 13 /* wct */ );
2251
1982c344 2252 smb_buffer->Mid = GetNextMid(ses->server);
1da177e4
LT		 2253 pSMB->req_no_secext.AndXCommand = 0xFF;
2254 pSMB->req_no_secext.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2255 pSMB->req_no_secext.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2256
50c2f753
SF		 2257 if (ses->server->secMode &
2258 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
1da177e4
LT		 2259 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2260
2261 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2262 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
2263 if (ses->capabilities & CAP_UNICODE) {
2264 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2265 capabilities |= CAP_UNICODE;
2266 }
2267 if (ses->capabilities & CAP_STATUS32) {
2268 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2269 capabilities |= CAP_STATUS32;
2270 }
2271 if (ses->capabilities & CAP_DFS) {
2272 smb_buffer->Flags2 |= SMBFLG2_DFS;
2273 capabilities |= CAP_DFS;
2274 }
2275 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
2276
50c2f753 2277 pSMB->req_no_secext.CaseInsensitivePasswordLength =
7c7b25bc 2278 cpu_to_le16(CIFS_SESS_KEY_SIZE);
1da177e4
LT		 2279
2280 pSMB->req_no_secext.CaseSensitivePasswordLength =
7c7b25bc 2281 cpu_to_le16(CIFS_SESS_KEY_SIZE);
1da177e4 2282 bcc_ptr = pByteArea(smb_buffer);
7c7b25bc
SF		 2283 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2284 bcc_ptr += CIFS_SESS_KEY_SIZE;
2285 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2286 bcc_ptr += CIFS_SESS_KEY_SIZE;
1da177e4
LT		 2287
2288 if (ses->capabilities & CAP_UNICODE) {
2289 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode */
2290 *bcc_ptr = 0;
2291 bcc_ptr++;
2292 }
4523cc30 2293 if (user == NULL)
3979877e 2294 bytes_returned = 0; /* skip null user */
50c2f753 2295 else
1da177e4 2296 bytes_returned =
50c2f753 2297 cifs_strtoUCS((__le16 *) bcc_ptr, user, 100,
1da177e4
LT		 2298 nls_codepage);
2299 /* convert number of 16 bit words to bytes */
2300 bcc_ptr += 2 * bytes_returned;
2301 bcc_ptr += 2; /* trailing null */
2302 if (domain == NULL)
2303 bytes_returned =
e89dc920 2304 cifs_strtoUCS((__le16 *) bcc_ptr,
1da177e4
LT		 2305 "CIFS_LINUX_DOM", 32, nls_codepage);
2306 else
2307 bytes_returned =
e89dc920 2308 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
1da177e4
LT		 2309 nls_codepage);
2310 bcc_ptr += 2 * bytes_returned;
2311 bcc_ptr += 2;
2312 bytes_returned =
e89dc920 2313 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
1da177e4
LT		 2314 32, nls_codepage);
2315 bcc_ptr += 2 * bytes_returned;
2316 bytes_returned =
e9ff3990 2317 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release,
1da177e4
LT		 2318 32, nls_codepage);
2319 bcc_ptr += 2 * bytes_returned;
2320 bcc_ptr += 2;
2321 bytes_returned =
e89dc920 2322 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
1da177e4
LT		 2323 64, nls_codepage);
2324 bcc_ptr += 2 * bytes_returned;
2325 bcc_ptr += 2;
2326 } else {
50c2f753 2327 if (user != NULL) {
1da177e4
LT		 2328 strncpy(bcc_ptr, user, 200);
2329 bcc_ptr += strnlen(user, 200);
2330 }
2331 *bcc_ptr = 0;
2332 bcc_ptr++;
2333 if (domain == NULL) {
2334 strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2335 bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2336 } else {
2337 strncpy(bcc_ptr, domain, 64);
2338 bcc_ptr += strnlen(domain, 64);
2339 *bcc_ptr = 0;
2340 bcc_ptr++;
2341 }
2342 strcpy(bcc_ptr, "Linux version ");
2343 bcc_ptr += strlen("Linux version ");
e9ff3990
SH		 2344 strcpy(bcc_ptr, utsname()->release);
2345 bcc_ptr += strlen(utsname()->release) + 1;
1da177e4
LT		 2346 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2347 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2348 }
2349 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2350 smb_buffer->smb_buf_length += count;
2351 pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
2352
2353 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2354 &bytes_returned, 1);
2355 if (rc) {
2356/* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2357 } else if ((smb_buffer_response->WordCount == 3)
2358 || (smb_buffer_response->WordCount == 4)) {
2359 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2360 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2361 if (action & GUEST_LOGIN)
50c2f753
SF		 2362 cFYI(1, (" Guest login")); /* BB mark SesInfo struct? */
2363 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format
2364 (little endian) */
1da177e4 2365 cFYI(1, ("UID = %d ", ses->Suid));
50c2f753
SF		 2366 /* response can have either 3 or 4 word count - Samba sends 3 */
2367 bcc_ptr = pByteArea(smb_buffer_response);
1da177e4
LT		 2368 if ((pSMBr->resp.hdr.WordCount == 3)
2369 || ((pSMBr->resp.hdr.WordCount == 4)
2370 && (blob_len < pSMBr->resp.ByteCount))) {
2371 if (pSMBr->resp.hdr.WordCount == 4)
2372 bcc_ptr += blob_len;
2373
2374 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2375 if ((long) (bcc_ptr) % 2) {
2376 remaining_words =
50c2f753
SF		 2377 (BCC(smb_buffer_response) - 1) / 2;
2378 /* Unicode strings must be word
2379 aligned */
2380 bcc_ptr++;
1da177e4
LT		 2381 } else {
2382 remaining_words =
2383 BCC(smb_buffer_response) / 2;
2384 }
2385 len =
2386 UniStrnlen((wchar_t *) bcc_ptr,
2387 remaining_words - 1);
2388/* We look for obvious messed up bcc or strings in response so we do not go off
2389 the end since (at least) WIN2K and Windows XP have a major bug in not null
2390 terminating last Unicode string in response */
fb8c4b14 2391 if (ses->serverOS)
a424f8bf 2392 kfree(ses->serverOS);
50c2f753
SF		 2393 ses->serverOS = kzalloc(2 * (len + 1),
2394 GFP_KERNEL);
fb8c4b14 2395 if (ses->serverOS == NULL)
433dc24f 2396 goto sesssetup_nomem;
1da177e4 2397 cifs_strfromUCS_le(ses->serverOS,
50c2f753
SF		 2398 (__le16 *)bcc_ptr,
2399 len, nls_codepage);
1da177e4
LT		 2400 bcc_ptr += 2 * (len + 1);
2401 remaining_words -= len + 1;
2402 ses->serverOS[2 * len] = 0;
2403 ses->serverOS[1 + (2 * len)] = 0;
2404 if (remaining_words > 0) {
2405 len = UniStrnlen((wchar_t *)bcc_ptr,
2406 remaining_words-1);
cd49b492 2407 kfree(ses->serverNOS);
50c2f753
SF		 2408 ses->serverNOS = kzalloc(2 * (len + 1),
2409 GFP_KERNEL);
fb8c4b14 2410 if (ses->serverNOS == NULL)
433dc24f 2411 goto sesssetup_nomem;
1da177e4 2412 cifs_strfromUCS_le(ses->serverNOS,
50c2f753
SF		 2413 (__le16 *)bcc_ptr,
2414 len, nls_codepage);
1da177e4
LT		 2415 bcc_ptr += 2 * (len + 1);
2416 ses->serverNOS[2 * len] = 0;
2417 ses->serverNOS[1 + (2 * len)] = 0;
fb8c4b14 2418 if (strncmp(ses->serverNOS,
50c2f753 2419 "NT LAN Manager 4", 16) == 0) {
467a8f8d 2420 cFYI(1, ("NT4 server"));
1da177e4
LT		 2421 ses->flags |= CIFS_SES_NT4;
2422 }
2423 remaining_words -= len + 1;
2424 if (remaining_words > 0) {
433dc24f 2425 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
50c2f753
SF		 2426 /* last string is not always null terminated
2427 (for e.g. for Windows XP & 2000) */
fb8c4b14 2428 if (ses->serverDomain)
a424f8bf 2429 kfree(ses->serverDomain);
1da177e4 2430 ses->serverDomain =
50c2f753
SF		 2431 kzalloc(2*(len+1),
2432 GFP_KERNEL);
fb8c4b14 2433 if (ses->serverDomain == NULL)
433dc24f 2434 goto sesssetup_nomem;
1da177e4 2435 cifs_strfromUCS_le(ses->serverDomain,
50c2f753
SF		 2436 (__le16 *)bcc_ptr,
2437 len, nls_codepage);
1da177e4
LT		 2438 bcc_ptr += 2 * (len + 1);
2439 ses->serverDomain[2*len] = 0;
2440 ses->serverDomain[1+(2*len)] = 0;
50c2f753
SF		 2441 } else { /* else no more room so create
2442 dummy domain string */
fb8c4b14 2443 if (ses->serverDomain)
a424f8bf 2444 kfree(ses->serverDomain);
50c2f753 2445 ses->serverDomain =
e915fc49 2446 kzalloc(2, GFP_KERNEL);
a424f8bf 2447 }
50c2f753
SF		 2448 } else { /* no room so create dummy domain
2449 and NOS string */
2450
433dc24f
SF		 2451 /* if these kcallocs fail not much we
2452 can do, but better to not fail the
2453 sesssetup itself */
cd49b492 2454 kfree(ses->serverDomain);
1da177e4 2455 ses->serverDomain =
e915fc49 2456 kzalloc(2, GFP_KERNEL);
cd49b492 2457 kfree(ses->serverNOS);
1da177e4 2458 ses->serverNOS =
e915fc49 2459 kzalloc(2, GFP_KERNEL);
1da177e4
LT		 2460 }
2461 } else { /* ASCII */
2462 len = strnlen(bcc_ptr, 1024);
2463 if (((long) bcc_ptr + len) - (long)
2464 pByteArea(smb_buffer_response)
2465 <= BCC(smb_buffer_response)) {
cd49b492 2466 kfree(ses->serverOS);
50c2f753
SF		 2467 ses->serverOS = kzalloc(len + 1,
2468 GFP_KERNEL);
fb8c4b14 2469 if (ses->serverOS == NULL)
433dc24f 2470 goto sesssetup_nomem;
50c2f753 2471 strncpy(ses->serverOS, bcc_ptr, len);
1da177e4
LT		 2472
2473 bcc_ptr += len;
50c2f753
SF		 2474 /* null terminate the string */
2475 bcc_ptr[0] = 0;
1da177e4
LT		 2476 bcc_ptr++;
2477
2478 len = strnlen(bcc_ptr, 1024);
cd49b492 2479 kfree(ses->serverNOS);
50c2f753
SF		 2480 ses->serverNOS = kzalloc(len + 1,
2481 GFP_KERNEL);
fb8c4b14 2482 if (ses->serverNOS == NULL)
433dc24f 2483 goto sesssetup_nomem;
1da177e4
LT		 2484 strncpy(ses->serverNOS, bcc_ptr, len);
2485 bcc_ptr += len;
2486 bcc_ptr[0] = 0;
2487 bcc_ptr++;
2488
2489 len = strnlen(bcc_ptr, 1024);
fb8c4b14 2490 if (ses->serverDomain)
a424f8bf 2491 kfree(ses->serverDomain);
50c2f753
SF		 2492 ses->serverDomain = kzalloc(len + 1,
2493 GFP_KERNEL);
fb8c4b14 2494 if (ses->serverDomain == NULL)
433dc24f 2495 goto sesssetup_nomem;
50c2f753
SF		 2496 strncpy(ses->serverDomain, bcc_ptr,
2497 len);
1da177e4
LT		 2498 bcc_ptr += len;
2499 bcc_ptr[0] = 0;
2500 bcc_ptr++;
2501 } else
2502 cFYI(1,
50c2f753
SF		 2503 ("Variable field of length %d "
2504 "extends beyond end of smb ",
1da177e4
LT		 2505 len));
2506 }
2507 } else {
2508 cERROR(1,
50c2f753
SF		 2509 (" Security Blob Length extends beyond "
2510 "end of SMB"));
1da177e4
LT		 2511 }
2512 } else {
2513 cERROR(1,
2514 (" Invalid Word count %d: ",
2515 smb_buffer_response->WordCount));
2516 rc = -EIO;
2517 }
433dc24f
SF		 2518sesssetup_nomem: /* do not return an error on nomem for the info strings,
2519 since that could make reconnection harder, and
2520 reconnection might be needed to free memory */
1da177e4
LT		 2521 if (smb_buffer)
2522 cifs_buf_release(smb_buffer);
2523
2524 return rc;
2525}
2526
1da177e4
LT		 2527static int
2528CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
50c2f753 2529 struct cifsSesInfo *ses, int *pNTLMv2_flag,
1da177e4
LT		 2530 const struct nls_table *nls_codepage)
2531{
2532 struct smb_hdr *smb_buffer;
2533 struct smb_hdr *smb_buffer_response;
2534 SESSION_SETUP_ANDX *pSMB;
2535 SESSION_SETUP_ANDX *pSMBr;
2536 char *bcc_ptr;
2537 char *domain;
2538 int rc = 0;
2539 int remaining_words = 0;
2540 int bytes_returned = 0;
2541 int len;
2542 int SecurityBlobLength = sizeof (NEGOTIATE_MESSAGE);
2543 PNEGOTIATE_MESSAGE SecurityBlob;
2544 PCHALLENGE_MESSAGE SecurityBlob2;
2545 __u32 negotiate_flags, capabilities;
2546 __u16 count;
2547
12b3b8ff 2548 cFYI(1, ("In NTLMSSP sesssetup (negotiate)"));
fb8c4b14 2549 if (ses == NULL)
1da177e4
LT		 2550 return -EINVAL;
2551 domain = ses->domainName;
2552 *pNTLMv2_flag = FALSE;
2553 smb_buffer = cifs_buf_get();
2554 if (smb_buffer == NULL) {
2555 return -ENOMEM;
2556 }
2557 smb_buffer_response = smb_buffer;
2558 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2559 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2560
2561 /* send SMBsessionSetup here */
2562 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2563 NULL /* no tCon exists yet */ , 12 /* wct */ );
1982c344
SF		 2564
2565 smb_buffer->Mid = GetNextMid(ses->server);
1da177e4
LT		 2566 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2567 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2568
2569 pSMB->req.AndXCommand = 0xFF;
2570 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2571 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2572
fb8c4b14 2573 if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
1da177e4
LT		 2574 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2575
2576 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2577 CAP_EXTENDED_SECURITY;
2578 if (ses->capabilities & CAP_UNICODE) {
2579 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2580 capabilities |= CAP_UNICODE;
2581 }
2582 if (ses->capabilities & CAP_STATUS32) {
2583 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2584 capabilities |= CAP_STATUS32;
2585 }
2586 if (ses->capabilities & CAP_DFS) {
2587 smb_buffer->Flags2 |= SMBFLG2_DFS;
2588 capabilities |= CAP_DFS;
2589 }
2590 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2591
2592 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2593 SecurityBlob = (PNEGOTIATE_MESSAGE) bcc_ptr;
2594 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2595 SecurityBlob->MessageType = NtLmNegotiate;
2596 negotiate_flags =
2597 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
12b3b8ff
SF		 2598 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM |
2599 NTLMSSP_NEGOTIATE_56 |
1da177e4 2600 /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
fb8c4b14 2601 if (sign_CIFS_PDUs)
1da177e4 2602 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
fb8c4b14 2603/* if (ntlmv2_support)
3979877e 2604 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;*/
1da177e4
LT		 2605 /* setup pointers to domain name and workstation name */
2606 bcc_ptr += SecurityBlobLength;
2607
2608 SecurityBlob->WorkstationName.Buffer = 0;
2609 SecurityBlob->WorkstationName.Length = 0;
2610 SecurityBlob->WorkstationName.MaximumLength = 0;
2611
12b3b8ff
SF		 2612 /* Domain not sent on first Sesssetup in NTLMSSP, instead it is sent
2613 along with username on auth request (ie the response to challenge) */
2614 SecurityBlob->DomainName.Buffer = 0;
2615 SecurityBlob->DomainName.Length = 0;
2616 SecurityBlob->DomainName.MaximumLength = 0;
1da177e4
LT		 2617 if (ses->capabilities & CAP_UNICODE) {
2618 if ((long) bcc_ptr % 2) {
2619 *bcc_ptr = 0;
2620 bcc_ptr++;
2621 }
2622
2623 bytes_returned =
e89dc920 2624 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
1da177e4
LT		 2625 32, nls_codepage);
2626 bcc_ptr += 2 * bytes_returned;
2627 bytes_returned =
e9ff3990 2628 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
1da177e4
LT		 2629 nls_codepage);
2630 bcc_ptr += 2 * bytes_returned;
2631 bcc_ptr += 2; /* null terminate Linux version */
2632 bytes_returned =
e89dc920 2633 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
1da177e4
LT		 2634 64, nls_codepage);
2635 bcc_ptr += 2 * bytes_returned;
2636 *(bcc_ptr + 1) = 0;
2637 *(bcc_ptr + 2) = 0;
2638 bcc_ptr += 2; /* null terminate network opsys string */
2639 *(bcc_ptr + 1) = 0;
2640 *(bcc_ptr + 2) = 0;
2641 bcc_ptr += 2; /* null domain */
2642 } else { /* ASCII */
2643 strcpy(bcc_ptr, "Linux version ");
2644 bcc_ptr += strlen("Linux version ");
e9ff3990
SH		 2645 strcpy(bcc_ptr, utsname()->release);
2646 bcc_ptr += strlen(utsname()->release) + 1;
1da177e4
LT		 2647 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2648 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2649 bcc_ptr++; /* empty domain field */
2650 *bcc_ptr = 0;
2651 }
2652 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2653 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2654 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2655 smb_buffer->smb_buf_length += count;
2656 pSMB->req.ByteCount = cpu_to_le16(count);
2657
2658 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2659 &bytes_returned, 1);
2660
2661 if (smb_buffer_response->Status.CifsError ==
2662 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
2663 rc = 0;
2664
2665 if (rc) {
2666/* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2667 } else if ((smb_buffer_response->WordCount == 3)
2668 || (smb_buffer_response->WordCount == 4)) {
2669 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2670 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2671
2672 if (action & GUEST_LOGIN)
50c2f753
SF		 2673 cFYI(1, (" Guest login"));
2674 /* Do we want to set anything in SesInfo struct when guest login? */
1da177e4 2675
50c2f753
SF		 2676 bcc_ptr = pByteArea(smb_buffer_response);
2677 /* response can have either 3 or 4 word count - Samba sends 3 */
1da177e4
LT		 2678
2679 SecurityBlob2 = (PCHALLENGE_MESSAGE) bcc_ptr;
2680 if (SecurityBlob2->MessageType != NtLmChallenge) {
2681 cFYI(1,
2682 ("Unexpected NTLMSSP message type received %d",
2683 SecurityBlob2->MessageType));
2684 } else if (ses) {
50c2f753 2685 ses->Suid = smb_buffer_response->Uid; /* UID left in le format */
12b3b8ff 2686 cFYI(1, ("UID = %d", ses->Suid));
1da177e4
LT		 2687 if ((pSMBr->resp.hdr.WordCount == 3)
2688 || ((pSMBr->resp.hdr.WordCount == 4)
2689 && (blob_len <
2690 pSMBr->resp.ByteCount))) {
2691
2692 if (pSMBr->resp.hdr.WordCount == 4) {
2693 bcc_ptr += blob_len;
12b3b8ff 2694 cFYI(1, ("Security Blob Length %d",
1da177e4
LT		 2695 blob_len));
2696 }
2697
12b3b8ff 2698 cFYI(1, ("NTLMSSP Challenge rcvd"));
1da177e4
LT		 2699
2700 memcpy(ses->server->cryptKey,
2701 SecurityBlob2->Challenge,
2702 CIFS_CRYPTO_KEY_SIZE);
50c2f753 2703 if (SecurityBlob2->NegotiateFlags &
12b3b8ff 2704 cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
1da177e4
LT		 2705 *pNTLMv2_flag = TRUE;
2706
50c2f753
SF		 2707 if ((SecurityBlob2->NegotiateFlags &
2708 cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN))
1da177e4 2709 || (sign_CIFS_PDUs > 1))
50c2f753
SF		 2710 ses->server->secMode |=
2711 SECMODE_SIGN_REQUIRED;
2712 if ((SecurityBlob2->NegotiateFlags &
1da177e4 2713 cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN)) && (sign_CIFS_PDUs))
50c2f753 2714 ses->server->secMode |=
1da177e4
LT		 2715 SECMODE_SIGN_ENABLED;
2716
2717 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2718 if ((long) (bcc_ptr) % 2) {
2719 remaining_words =
2720 (BCC(smb_buffer_response)
2721 - 1) / 2;
50c2f753
SF		 2722 /* Must word align unicode strings */
2723 bcc_ptr++;
1da177e4
LT		 2724 } else {
2725 remaining_words =
2726 BCC
2727 (smb_buffer_response) / 2;
2728 }
2729 len =
2730 UniStrnlen((wchar_t *) bcc_ptr,
2731 remaining_words - 1);
2732/* We look for obvious messed up bcc or strings in response so we do not go off
2733 the end since (at least) WIN2K and Windows XP have a major bug in not null
2734 terminating last Unicode string in response */
fb8c4b14 2735 if (ses->serverOS)
a424f8bf 2736 kfree(ses->serverOS);
1da177e4 2737 ses->serverOS =
e915fc49 2738 kzalloc(2 * (len + 1), GFP_KERNEL);
1da177e4 2739 cifs_strfromUCS_le(ses->serverOS,
e89dc920 2740 (__le16 *)
1da177e4
LT		 2741 bcc_ptr, len,
2742 nls_codepage);
2743 bcc_ptr += 2 * (len + 1);
2744 remaining_words -= len + 1;
2745 ses->serverOS[2 * len] = 0;
2746 ses->serverOS[1 + (2 * len)] = 0;
2747 if (remaining_words > 0) {
2748 len = UniStrnlen((wchar_t *)
2749 bcc_ptr,
2750 remaining_words
2751 - 1);
cd49b492 2752 kfree(ses->serverNOS);
1da177e4 2753 ses->serverNOS =
e915fc49 2754 kzalloc(2 * (len + 1),
1da177e4
LT		 2755 GFP_KERNEL);
2756 cifs_strfromUCS_le(ses->
2757 serverNOS,
e89dc920 2758 (__le16 *)
1da177e4
LT		 2759 bcc_ptr,
2760 len,
2761 nls_codepage);
2762 bcc_ptr += 2 * (len + 1);
2763 ses->serverNOS[2 * len] = 0;
2764 ses->serverNOS[1 +
2765 (2 * len)] = 0;
2766 remaining_words -= len + 1;
2767 if (remaining_words > 0) {
50c2f753
SF		 2768 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2769 /* last string not always null terminated
2770 (for e.g. for Windows XP & 2000) */
cd49b492 2771 kfree(ses->serverDomain);
1da177e4 2772 ses->serverDomain =
e915fc49 2773 kzalloc(2 *
1da177e4
LT		 2774 (len +
2775 1),
2776 GFP_KERNEL);
2777 cifs_strfromUCS_le
e89dc920
SF		 2778 (ses->serverDomain,
2779 (__le16 *)bcc_ptr,
2780 len, nls_codepage);
1da177e4
LT		 2781 bcc_ptr +=
2782 2 * (len + 1);
e89dc920 2783 ses->serverDomain[2*len]
1da177e4 2784 = 0;
e89dc920
SF		 2785 ses->serverDomain
2786 [1 + (2 * len)]
1da177e4
LT		 2787 = 0;
2788 } /* else no more room so create dummy domain string */
a424f8bf 2789 else {
cd49b492 2790 kfree(ses->serverDomain);
1da177e4 2791 ses->serverDomain =
e915fc49 2792 kzalloc(2,
1da177e4 2793 GFP_KERNEL);
a424f8bf 2794 }
1da177e4 2795 } else { /* no room so create dummy domain and NOS string */
cd49b492 2796 kfree(ses->serverDomain);
1da177e4 2797 ses->serverDomain =
e915fc49 2798 kzalloc(2, GFP_KERNEL);
cd49b492 2799 kfree(ses->serverNOS);
1da177e4 2800 ses->serverNOS =
e915fc49 2801 kzalloc(2, GFP_KERNEL);
1da177e4
LT		 2802 }
2803 } else { /* ASCII */
2804 len = strnlen(bcc_ptr, 1024);
2805 if (((long) bcc_ptr + len) - (long)
2806 pByteArea(smb_buffer_response)
2807 <= BCC(smb_buffer_response)) {
fb8c4b14 2808 if (ses->serverOS)
a424f8bf 2809 kfree(ses->serverOS);
1da177e4 2810 ses->serverOS =
e915fc49 2811 kzalloc(len + 1,
1da177e4
LT		 2812 GFP_KERNEL);
2813 strncpy(ses->serverOS,
2814 bcc_ptr, len);
2815
2816 bcc_ptr += len;
2817 bcc_ptr[0] = 0; /* null terminate string */
2818 bcc_ptr++;
2819
2820 len = strnlen(bcc_ptr, 1024);
cd49b492 2821 kfree(ses->serverNOS);
1da177e4 2822 ses->serverNOS =
e915fc49 2823 kzalloc(len + 1,
1da177e4
LT		 2824 GFP_KERNEL);
2825 strncpy(ses->serverNOS, bcc_ptr, len);
2826 bcc_ptr += len;
2827 bcc_ptr[0] = 0;
2828 bcc_ptr++;
2829
2830 len = strnlen(bcc_ptr, 1024);
cd49b492 2831 kfree(ses->serverDomain);
1da177e4 2832 ses->serverDomain =
e915fc49 2833 kzalloc(len + 1,
1da177e4 2834 GFP_KERNEL);
50c2f753
SF		 2835 strncpy(ses->serverDomain,
2836 bcc_ptr, len);
1da177e4
LT		 2837 bcc_ptr += len;
2838 bcc_ptr[0] = 0;
2839 bcc_ptr++;
2840 } else
2841 cFYI(1,
63135e08
SF		 2842 ("field of length %d "
2843 "extends beyond end of smb",
1da177e4
LT		 2844 len));
2845 }
2846 } else {
50c2f753
SF		 2847 cERROR(1, ("Security Blob Length extends beyond"
2848 " end of SMB"));
1da177e4
LT		 2849 }
2850 } else {
2851 cERROR(1, ("No session structure passed in."));
2852 }
2853 } else {
2854 cERROR(1,
5815449d 2855 (" Invalid Word count %d:",
1da177e4
LT		 2856 smb_buffer_response->WordCount));
2857 rc = -EIO;
2858 }
2859
2860 if (smb_buffer)
2861 cifs_buf_release(smb_buffer);
2862
2863 return rc;
2864}
2865static int
2866CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2867 char *ntlm_session_key, int ntlmv2_flag,
2868 const struct nls_table *nls_codepage)
2869{
2870 struct smb_hdr *smb_buffer;
2871 struct smb_hdr *smb_buffer_response;
2872 SESSION_SETUP_ANDX *pSMB;
2873 SESSION_SETUP_ANDX *pSMBr;
2874 char *bcc_ptr;
2875 char *user;
2876 char *domain;
2877 int rc = 0;
2878 int remaining_words = 0;
2879 int bytes_returned = 0;
2880 int len;
2881 int SecurityBlobLength = sizeof (AUTHENTICATE_MESSAGE);
2882 PAUTHENTICATE_MESSAGE SecurityBlob;
2883 __u32 negotiate_flags, capabilities;
2884 __u16 count;
2885
2886 cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
fb8c4b14 2887 if (ses == NULL)
1da177e4
LT		 2888 return -EINVAL;
2889 user = ses->userName;
2890 domain = ses->domainName;
2891 smb_buffer = cifs_buf_get();
2892 if (smb_buffer == NULL) {
2893 return -ENOMEM;
2894 }
2895 smb_buffer_response = smb_buffer;
2896 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2897 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2898
2899 /* send SMBsessionSetup here */
2900 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2901 NULL /* no tCon exists yet */ , 12 /* wct */ );
1982c344
SF		 2902
2903 smb_buffer->Mid = GetNextMid(ses->server);
1da177e4
LT		 2904 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2905 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2906 pSMB->req.AndXCommand = 0xFF;
2907 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2908 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2909
2910 pSMB->req.hdr.Uid = ses->Suid;
2911
fb8c4b14 2912 if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
1da177e4
LT		 2913 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2914
2915 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2916 CAP_EXTENDED_SECURITY;
2917 if (ses->capabilities & CAP_UNICODE) {
2918 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2919 capabilities |= CAP_UNICODE;
2920 }
2921 if (ses->capabilities & CAP_STATUS32) {
2922 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2923 capabilities |= CAP_STATUS32;
2924 }
2925 if (ses->capabilities & CAP_DFS) {
2926 smb_buffer->Flags2 |= SMBFLG2_DFS;
2927 capabilities |= CAP_DFS;
2928 }
2929 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2930
2931 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2932 SecurityBlob = (PAUTHENTICATE_MESSAGE) bcc_ptr;
2933 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2934 SecurityBlob->MessageType = NtLmAuthenticate;
2935 bcc_ptr += SecurityBlobLength;
50c2f753 2936 negotiate_flags =
1da177e4
LT		 2937 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
2938 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
2939 0x80000000 | NTLMSSP_NEGOTIATE_128;
fb8c4b14 2940 if (sign_CIFS_PDUs)
1da177e4 2941 negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
fb8c4b14 2942 if (ntlmv2_flag)
1da177e4
LT		 2943 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
2944
2945/* setup pointers to domain name and workstation name */
2946
2947 SecurityBlob->WorkstationName.Buffer = 0;
2948 SecurityBlob->WorkstationName.Length = 0;
2949 SecurityBlob->WorkstationName.MaximumLength = 0;
2950 SecurityBlob->SessionKey.Length = 0;
2951 SecurityBlob->SessionKey.MaximumLength = 0;
2952 SecurityBlob->SessionKey.Buffer = 0;
2953
2954 SecurityBlob->LmChallengeResponse.Length = 0;
2955 SecurityBlob->LmChallengeResponse.MaximumLength = 0;
2956 SecurityBlob->LmChallengeResponse.Buffer = 0;
2957
2958 SecurityBlob->NtChallengeResponse.Length =
7c7b25bc 2959 cpu_to_le16(CIFS_SESS_KEY_SIZE);
1da177e4 2960 SecurityBlob->NtChallengeResponse.MaximumLength =
7c7b25bc
SF		 2961 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2962 memcpy(bcc_ptr, ntlm_session_key, CIFS_SESS_KEY_SIZE);
1da177e4
LT		 2963 SecurityBlob->NtChallengeResponse.Buffer =
2964 cpu_to_le32(SecurityBlobLength);
7c7b25bc
SF		 2965 SecurityBlobLength += CIFS_SESS_KEY_SIZE;
2966 bcc_ptr += CIFS_SESS_KEY_SIZE;
1da177e4
LT		 2967
2968 if (ses->capabilities & CAP_UNICODE) {
2969 if (domain == NULL) {
2970 SecurityBlob->DomainName.Buffer = 0;
2971 SecurityBlob->DomainName.Length = 0;
2972 SecurityBlob->DomainName.MaximumLength = 0;
2973 } else {
77159b4d 2974 __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
1da177e4 2975 nls_codepage);
77159b4d 2976 ln *= 2;
1da177e4 2977 SecurityBlob->DomainName.MaximumLength =
77159b4d 2978 cpu_to_le16(ln);
1da177e4
LT		 2979 SecurityBlob->DomainName.Buffer =
2980 cpu_to_le32(SecurityBlobLength);
77159b4d
SF		 2981 bcc_ptr += ln;
2982 SecurityBlobLength += ln;
2983 SecurityBlob->DomainName.Length = cpu_to_le16(ln);
1da177e4
LT		 2984 }
2985 if (user == NULL) {
2986 SecurityBlob->UserName.Buffer = 0;
2987 SecurityBlob->UserName.Length = 0;
2988 SecurityBlob->UserName.MaximumLength = 0;
2989 } else {
77159b4d 2990 __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, user, 64,
1da177e4 2991 nls_codepage);
77159b4d 2992 ln *= 2;
1da177e4 2993 SecurityBlob->UserName.MaximumLength =
77159b4d 2994 cpu_to_le16(ln);
1da177e4
LT		 2995 SecurityBlob->UserName.Buffer =
2996 cpu_to_le32(SecurityBlobLength);
77159b4d
SF		 2997 bcc_ptr += ln;
2998 SecurityBlobLength += ln;
2999 SecurityBlob->UserName.Length = cpu_to_le16(ln);
1da177e4
LT		 3000 }
3001
63135e08
SF		 3002 /* SecurityBlob->WorkstationName.Length =
3003 cifs_strtoUCS((__le16 *) bcc_ptr, "AMACHINE",64, nls_codepage);
1da177e4 3004 SecurityBlob->WorkstationName.Length *= 2;
63135e08
SF		 3005 SecurityBlob->WorkstationName.MaximumLength =
3006 cpu_to_le16(SecurityBlob->WorkstationName.Length);
3007 SecurityBlob->WorkstationName.Buffer =
3008 cpu_to_le32(SecurityBlobLength);
1da177e4
LT		 3009 bcc_ptr += SecurityBlob->WorkstationName.Length;
3010 SecurityBlobLength += SecurityBlob->WorkstationName.Length;
63135e08
SF		 3011 SecurityBlob->WorkstationName.Length =
3012 cpu_to_le16(SecurityBlob->WorkstationName.Length); */
1da177e4
LT		 3013
3014 if ((long) bcc_ptr % 2) {
3015 *bcc_ptr = 0;
3016 bcc_ptr++;
3017 }
3018 bytes_returned =
e89dc920 3019 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
1da177e4
LT		 3020 32, nls_codepage);
3021 bcc_ptr += 2 * bytes_returned;
3022 bytes_returned =
e9ff3990 3023 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
1da177e4
LT		 3024 nls_codepage);
3025 bcc_ptr += 2 * bytes_returned;
3026 bcc_ptr += 2; /* null term version string */
3027 bytes_returned =
e89dc920 3028 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
1da177e4
LT		 3029 64, nls_codepage);
3030 bcc_ptr += 2 * bytes_returned;
3031 *(bcc_ptr + 1) = 0;
3032 *(bcc_ptr + 2) = 0;
3033 bcc_ptr += 2; /* null terminate network opsys string */
3034 *(bcc_ptr + 1) = 0;
3035 *(bcc_ptr + 2) = 0;
3036 bcc_ptr += 2; /* null domain */
3037 } else { /* ASCII */
3038 if (domain == NULL) {
3039 SecurityBlob->DomainName.Buffer = 0;
3040 SecurityBlob->DomainName.Length = 0;
3041 SecurityBlob->DomainName.MaximumLength = 0;
3042 } else {
77159b4d 3043 __u16 ln;
1da177e4
LT		 3044 negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
3045 strncpy(bcc_ptr, domain, 63);
77159b4d 3046 ln = strnlen(domain, 64);
1da177e4 3047 SecurityBlob->DomainName.MaximumLength =
77159b4d 3048 cpu_to_le16(ln);
1da177e4
LT		 3049 SecurityBlob->DomainName.Buffer =
3050 cpu_to_le32(SecurityBlobLength);
77159b4d
SF		 3051 bcc_ptr += ln;
3052 SecurityBlobLength += ln;
3053 SecurityBlob->DomainName.Length = cpu_to_le16(ln);
1da177e4
LT		 3054 }
3055 if (user == NULL) {
3056 SecurityBlob->UserName.Buffer = 0;
3057 SecurityBlob->UserName.Length = 0;
3058 SecurityBlob->UserName.MaximumLength = 0;
3059 } else {
77159b4d 3060 __u16 ln;
1da177e4 3061 strncpy(bcc_ptr, user, 63);
77159b4d
SF		 3062 ln = strnlen(user, 64);
3063 SecurityBlob->UserName.MaximumLength = cpu_to_le16(ln);
1da177e4 3064 SecurityBlob->UserName.Buffer =
77159b4d
SF		 3065 cpu_to_le32(SecurityBlobLength);
3066 bcc_ptr += ln;
3067 SecurityBlobLength += ln;
3068 SecurityBlob->UserName.Length = cpu_to_le16(ln);
1da177e4
LT		 3069 }
3070 /* BB fill in our workstation name if known BB */
3071
3072 strcpy(bcc_ptr, "Linux version ");
3073 bcc_ptr += strlen("Linux version ");
e9ff3990
SH		 3074 strcpy(bcc_ptr, utsname()->release);
3075 bcc_ptr += strlen(utsname()->release) + 1;
1da177e4
LT		 3076 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
3077 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
3078 bcc_ptr++; /* null domain */
3079 *bcc_ptr = 0;
3080 }
3081 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
3082 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
3083 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
3084 smb_buffer->smb_buf_length += count;
3085 pSMB->req.ByteCount = cpu_to_le16(count);
3086
3087 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
3088 &bytes_returned, 1);
3089 if (rc) {
3090/* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
3091 } else if ((smb_buffer_response->WordCount == 3)
3092 || (smb_buffer_response->WordCount == 4)) {
3093 __u16 action = le16_to_cpu(pSMBr->resp.Action);
3094 __u16 blob_len =
3095 le16_to_cpu(pSMBr->resp.SecurityBlobLength);
3096 if (action & GUEST_LOGIN)
50c2f753
SF		 3097 cFYI(1, (" Guest login")); /* BB Should we set anything
3098 in SesInfo struct ? */
3099/* if (SecurityBlob2->MessageType != NtLm??) {
3100 cFYI("Unexpected message type on auth response is %d"));
3101 } */
3102
1da177e4
LT		 3103 if (ses) {
3104 cFYI(1,
50c2f753 3105 ("Check challenge UID %d vs auth response UID %d",
1da177e4 3106 ses->Suid, smb_buffer_response->Uid));
50c2f753
SF		 3107 /* UID left in wire format */
3108 ses->Suid = smb_buffer_response->Uid;
3109 bcc_ptr = pByteArea(smb_buffer_response);
3110 /* response can have either 3 or 4 word count - Samba sends 3 */
1da177e4
LT		 3111 if ((pSMBr->resp.hdr.WordCount == 3)
3112 || ((pSMBr->resp.hdr.WordCount == 4)
3113 && (blob_len <
3114 pSMBr->resp.ByteCount))) {
3115 if (pSMBr->resp.hdr.WordCount == 4) {
3116 bcc_ptr +=
3117 blob_len;
3118 cFYI(1,
3119 ("Security Blob Length %d ",
3120 blob_len));
3121 }
3122
3123 cFYI(1,
3124 ("NTLMSSP response to Authenticate "));
3125
3126 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3127 if ((long) (bcc_ptr) % 2) {
3128 remaining_words =
3129 (BCC(smb_buffer_response)
3130 - 1) / 2;
3131 bcc_ptr++; /* Unicode strings must be word aligned */
3132 } else {
3133 remaining_words = BCC(smb_buffer_response) / 2;
3134 }
77159b4d
SF		 3135 len = UniStrnlen((wchar_t *) bcc_ptr,
3136 remaining_words - 1);
1da177e4
LT		 3137/* We look for obvious messed up bcc or strings in response so we do not go off
3138 the end since (at least) WIN2K and Windows XP have a major bug in not null
3139 terminating last Unicode string in response */
fb8c4b14 3140 if (ses->serverOS)
08775834 3141 kfree(ses->serverOS);
1da177e4 3142 ses->serverOS =
e915fc49 3143 kzalloc(2 * (len + 1), GFP_KERNEL);
1da177e4 3144 cifs_strfromUCS_le(ses->serverOS,
e89dc920 3145 (__le16 *)
1da177e4
LT		 3146 bcc_ptr, len,
3147 nls_codepage);
3148 bcc_ptr += 2 * (len + 1);
3149 remaining_words -= len + 1;
3150 ses->serverOS[2 * len] = 0;
3151 ses->serverOS[1 + (2 * len)] = 0;
3152 if (remaining_words > 0) {
3153 len = UniStrnlen((wchar_t *)
3154 bcc_ptr,
3155 remaining_words
3156 - 1);
cd49b492 3157 kfree(ses->serverNOS);
1da177e4 3158 ses->serverNOS =
e915fc49 3159 kzalloc(2 * (len + 1),
1da177e4
LT		 3160 GFP_KERNEL);
3161 cifs_strfromUCS_le(ses->
3162 serverNOS,
e89dc920 3163 (__le16 *)
1da177e4
LT		 3164 bcc_ptr,
3165 len,
3166 nls_codepage);
3167 bcc_ptr += 2 * (len + 1);
3168 ses->serverNOS[2 * len] = 0;
3169 ses->serverNOS[1+(2*len)] = 0;
3170 remaining_words -= len + 1;
3171 if (remaining_words > 0) {
50c2f753 3172 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
1da177e4 3173 /* last string not always null terminated (e.g. for Windows XP & 2000) */
fb8c4b14 3174 if (ses->serverDomain)
a424f8bf 3175 kfree(ses->serverDomain);
1da177e4 3176 ses->serverDomain =
e915fc49 3177 kzalloc(2 *
1da177e4
LT		 3178 (len +
3179 1),
3180 GFP_KERNEL);
3181 cifs_strfromUCS_le
3182 (ses->
3183 serverDomain,
e89dc920 3184 (__le16 *)
1da177e4
LT		 3185 bcc_ptr, len,
3186 nls_codepage);
3187 bcc_ptr +=
3188 2 * (len + 1);
3189 ses->
3190 serverDomain[2
3191 * len]
3192 = 0;
3193 ses->
3194 serverDomain[1
3195 +
3196 (2
3197 *
3198 len)]
3199 = 0;
3200 } /* else no more room so create dummy domain string */
a424f8bf 3201 else {
fb8c4b14 3202 if (ses->serverDomain)
a424f8bf 3203 kfree(ses->serverDomain);
e915fc49 3204 ses->serverDomain = kzalloc(2,GFP_KERNEL);
a424f8bf 3205 }
1da177e4 3206 } else { /* no room so create dummy domain and NOS string */
fb8c4b14 3207 if (ses->serverDomain)
a424f8bf 3208 kfree(ses->serverDomain);
e915fc49 3209 ses->serverDomain = kzalloc(2, GFP_KERNEL);
cd49b492 3210 kfree(ses->serverNOS);
e915fc49 3211 ses->serverNOS = kzalloc(2, GFP_KERNEL);
1da177e4
LT		 3212 }
3213 } else { /* ASCII */
3214 len = strnlen(bcc_ptr, 1024);
50c2f753
SF		 3215 if (((long) bcc_ptr + len) -
3216 (long) pByteArea(smb_buffer_response)
63135e08 3217 <= BCC(smb_buffer_response)) {
fb8c4b14 3218 if (ses->serverOS)
a424f8bf 3219 kfree(ses->serverOS);
77159b4d 3220 ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
1da177e4
LT		 3221 strncpy(ses->serverOS,bcc_ptr, len);
3222
3223 bcc_ptr += len;
3224 bcc_ptr[0] = 0; /* null terminate the string */
3225 bcc_ptr++;
3226
3227 len = strnlen(bcc_ptr, 1024);
cd49b492 3228 kfree(ses->serverNOS);
50c2f753
SF		 3229 ses->serverNOS = kzalloc(len+1,
3230 GFP_KERNEL);
63135e08
SF		 3231 strncpy(ses->serverNOS,
3232 bcc_ptr, len);
1da177e4
LT		 3233 bcc_ptr += len;
3234 bcc_ptr[0] = 0;
3235 bcc_ptr++;
3236
3237 len = strnlen(bcc_ptr, 1024);
fb8c4b14 3238 if (ses->serverDomain)
a424f8bf 3239 kfree(ses->serverDomain);
63135e08
SF		 3240 ses->serverDomain =
3241 kzalloc(len+1,
3242 GFP_KERNEL);
3243 strncpy(ses->serverDomain,
3244 bcc_ptr, len);
1da177e4
LT		 3245 bcc_ptr += len;
3246 bcc_ptr[0] = 0;
3247 bcc_ptr++;
3248 } else
3249 cFYI(1,
63135e08
SF		 3250 ("field of length %d "
3251 "extends beyond end of smb ",
1da177e4
LT		 3252 len));
3253 }
3254 } else {
3255 cERROR(1,
63135e08
SF		 3256 (" Security Blob extends beyond end "
3257 "of SMB"));
1da177e4
LT		 3258 }
3259 } else {
3260 cERROR(1, ("No session structure passed in."));
3261 }
3262 } else {
3263 cERROR(1,
3264 (" Invalid Word count %d: ",
3265 smb_buffer_response->WordCount));
3266 rc = -EIO;
3267 }
3268
3269 if (smb_buffer)
3270 cifs_buf_release(smb_buffer);
3271
3272 return rc;
3273}
3274
3275int
3276CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3277 const char *tree, struct cifsTconInfo *tcon,
3278 const struct nls_table *nls_codepage)
3279{
3280 struct smb_hdr *smb_buffer;
3281 struct smb_hdr *smb_buffer_response;
3282 TCONX_REQ *pSMB;
3283 TCONX_RSP *pSMBr;
3284 unsigned char *bcc_ptr;
3285 int rc = 0;
3286 int length;
3287 __u16 count;
3288
3289 if (ses == NULL)
3290 return -EIO;
3291
3292 smb_buffer = cifs_buf_get();
3293 if (smb_buffer == NULL) {
3294 return -ENOMEM;
3295 }
3296 smb_buffer_response = smb_buffer;
3297
3298 header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3299 NULL /*no tid */ , 4 /*wct */ );
1982c344
SF		 3300
3301 smb_buffer->Mid = GetNextMid(ses->server);
1da177e4
LT		 3302 smb_buffer->Uid = ses->Suid;
3303 pSMB = (TCONX_REQ *) smb_buffer;
3304 pSMBr = (TCONX_RSP *) smb_buffer_response;
3305
3306 pSMB->AndXCommand = 0xFF;
3307 pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
1da177e4 3308 bcc_ptr = &pSMB->Password[0];
fb8c4b14 3309 if ((ses->server->secMode) & SECMODE_USER) {
eeac8047 3310 pSMB->PasswordLength = cpu_to_le16(1); /* minimum */
7c7b25bc 3311 *bcc_ptr = 0; /* password is null byte */
eeac8047 3312 bcc_ptr++; /* skip password */
7c7b25bc 3313 /* already aligned so no need to do it below */
eeac8047 3314 } else {
7c7b25bc 3315 pSMB->PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);
eeac8047
SF		 3316 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3317 specified as required (when that support is added to
3318 the vfs in the future) as only NTLM or the much
7c7b25bc 3319 weaker LANMAN (which we do not send by default) is accepted
eeac8047
SF		 3320 by Samba (not sure whether other servers allow
3321 NTLMv2 password here) */
7c7b25bc 3322#ifdef CONFIG_CIFS_WEAK_PW_HASH
50c2f753 3323 if ((extended_security & CIFSSEC_MAY_LANMAN) &&
7c7b25bc
SF		 3324 (ses->server->secType == LANMAN))
3325 calc_lanman_hash(ses, bcc_ptr);
3326 else
3327#endif /* CIFS_WEAK_PW_HASH */
eeac8047
SF		 3328 SMBNTencrypt(ses->password,
3329 ses->server->cryptKey,
3330 bcc_ptr);
3331
7c7b25bc 3332 bcc_ptr += CIFS_SESS_KEY_SIZE;
fb8c4b14 3333 if (ses->capabilities & CAP_UNICODE) {
7c7b25bc
SF		 3334 /* must align unicode strings */
3335 *bcc_ptr = 0; /* null byte password */
3336 bcc_ptr++;
3337 }
eeac8047 3338 }
1da177e4 3339
50c2f753 3340 if (ses->server->secMode &
a878fb22 3341 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
1da177e4
LT		 3342 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3343
3344 if (ses->capabilities & CAP_STATUS32) {
3345 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3346 }
3347 if (ses->capabilities & CAP_DFS) {
3348 smb_buffer->Flags2 |= SMBFLG2_DFS;
3349 }
3350 if (ses->capabilities & CAP_UNICODE) {
3351 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3352 length =
50c2f753
SF		 3353 cifs_strtoUCS((__le16 *) bcc_ptr, tree,
3354 6 /* max utf8 char length in bytes */ *
a878fb22
SF		 3355 (/* server len*/ + 256 /* share len */), nls_codepage);
3356 bcc_ptr += 2 * length; /* convert num 16 bit words to bytes */
1da177e4
LT		 3357 bcc_ptr += 2; /* skip trailing null */
3358 } else { /* ASCII */
1da177e4
LT		 3359 strcpy(bcc_ptr, tree);
3360 bcc_ptr += strlen(tree) + 1;
3361 }
3362 strcpy(bcc_ptr, "?????");
3363 bcc_ptr += strlen("?????");
3364 bcc_ptr += 1;
3365 count = bcc_ptr - &pSMB->Password[0];
3366 pSMB->hdr.smb_buf_length += count;
3367 pSMB->ByteCount = cpu_to_le16(count);
3368
3369 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length, 0);
3370
3371 /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3372 /* above now done in SendReceive */
3373 if ((rc == 0) && (tcon != NULL)) {
3374 tcon->tidStatus = CifsGood;
3375 tcon->tid = smb_buffer_response->Tid;
3376 bcc_ptr = pByteArea(smb_buffer_response);
3377 length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2);
50c2f753
SF		 3378 /* skip service field (NB: this field is always ASCII) */
3379 bcc_ptr += length + 1;
1da177e4
LT		 3380 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3381 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3382 length = UniStrnlen((wchar_t *) bcc_ptr, 512);
3383 if ((bcc_ptr + (2 * length)) -
3384 pByteArea(smb_buffer_response) <=
3385 BCC(smb_buffer_response)) {
f99d49ad 3386 kfree(tcon->nativeFileSystem);
1da177e4 3387 tcon->nativeFileSystem =
e915fc49 3388 kzalloc(length + 2, GFP_KERNEL);
88f370a6
SF		 3389 if (tcon->nativeFileSystem)
3390 cifs_strfromUCS_le(
3391 tcon->nativeFileSystem,
3392 (__le16 *) bcc_ptr,
3393 length, nls_codepage);
1da177e4
LT		 3394 bcc_ptr += 2 * length;
3395 bcc_ptr[0] = 0; /* null terminate the string */
3396 bcc_ptr[1] = 0;
3397 bcc_ptr += 2;
3398 }
50c2f753 3399 /* else do not bother copying these information fields*/
1da177e4
LT		 3400 } else {
3401 length = strnlen(bcc_ptr, 1024);
3402 if ((bcc_ptr + length) -
3403 pByteArea(smb_buffer_response) <=
3404 BCC(smb_buffer_response)) {
f99d49ad 3405 kfree(tcon->nativeFileSystem);
1da177e4 3406 tcon->nativeFileSystem =
e915fc49 3407 kzalloc(length + 1, GFP_KERNEL);
88f370a6
SF		 3408 if (tcon->nativeFileSystem)
3409 strncpy(tcon->nativeFileSystem, bcc_ptr,
3410 length);
1da177e4 3411 }
50c2f753 3412 /* else do not bother copying these information fields*/
1da177e4 3413 }
fb8c4b14 3414 if ((smb_buffer_response->WordCount == 3) ||
1a4e15a0
SF		 3415 (smb_buffer_response->WordCount == 7))
3416 /* field is in same location */
3979877e
SF		 3417 tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3418 else
3419 tcon->Flags = 0;
1da177e4
LT		 3420 cFYI(1, ("Tcon flags: 0x%x ", tcon->Flags));
3421 } else if ((rc == 0) && tcon == NULL) {
50c2f753 3422 /* all we need to save for IPC$ connection */
1da177e4
LT		 3423 ses->ipc_tid = smb_buffer_response->Tid;
3424 }
3425
3426 if (smb_buffer)
3427 cifs_buf_release(smb_buffer);
3428 return rc;
3429}
3430
3431int
3432cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3433{
3434 int rc = 0;
3435 int xid;
3436 struct cifsSesInfo *ses = NULL;
3437 struct task_struct *cifsd_task;
50c2f753 3438 char *tmp;
1da177e4
LT		 3439
3440 xid = GetXid();
3441
3442 if (cifs_sb->tcon) {
3443 ses = cifs_sb->tcon->ses; /* save ptr to ses before delete tcon!*/
3444 rc = CIFSSMBTDis(xid, cifs_sb->tcon);
3445 if (rc == -EBUSY) {
3446 FreeXid(xid);
3447 return 0;
3448 }
3449 tconInfoFree(cifs_sb->tcon);
3450 if ((ses) && (ses->server)) {
3451 /* save off task so we do not refer to ses later */
3452 cifsd_task = ses->server->tsk;
3453 cFYI(1, ("About to do SMBLogoff "));
3454 rc = CIFSSMBLogoff(xid, ses);
3455 if (rc == -EBUSY) {
3456 FreeXid(xid);
3457 return 0;
3458 } else if (rc == -ESHUTDOWN) {
467a8f8d 3459 cFYI(1, ("Waking up socket by sending signal"));
f7f7c31c 3460 if (cifsd_task) {
50c2f753 3461 force_sig(SIGKILL, cifsd_task);
aaf737ad 3462 kthread_stop(cifsd_task);
f191401f 3463 }
1da177e4
LT		 3464 rc = 0;
3465 } /* else - we have an smb session
3466 left on this socket do not kill cifsd */
3467 } else
3468 cFYI(1, ("No session or bad tcon"));
3469 }
50c2f753 3470
1da177e4 3471 cifs_sb->tcon = NULL;
2fe87f02
SF		 3472 tmp = cifs_sb->prepath;
3473 cifs_sb->prepathlen = 0;
3474 cifs_sb->prepath = NULL;
3475 kfree(tmp);
041e0e3b
NA		 3476 if (ses)
3477 schedule_timeout_interruptible(msecs_to_jiffies(500));
1da177e4
LT		 3478 if (ses)
3479 sesInfoFree(ses);
3480
3481 FreeXid(xid);
50c2f753
SF		 3482 return rc; /* BB check if we should always return zero here */
3483}
1da177e4
LT		 3484
3485int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
50c2f753 3486 struct nls_table *nls_info)
1da177e4
LT		 3487{
3488 int rc = 0;
7c7b25bc 3489 char ntlm_session_key[CIFS_SESS_KEY_SIZE];
1da177e4 3490 int ntlmv2_flag = FALSE;
ad009ac9 3491 int first_time = 0;
1da177e4
LT		 3492
3493 /* what if server changes its buffer size after dropping the session? */
fb8c4b14 3494 if (pSesInfo->server->maxBuf == 0) /* no need to send on reconnect */ {
1da177e4 3495 rc = CIFSSMBNegotiate(xid, pSesInfo);
fb8c4b14 3496 if (rc == -EAGAIN) /* retry only once on 1st time connection */ {
1da177e4 3497 rc = CIFSSMBNegotiate(xid, pSesInfo);
50c2f753 3498 if (rc == -EAGAIN)
1da177e4
LT		 3499 rc = -EHOSTDOWN;
3500 }
fb8c4b14 3501 if (rc == 0) {
1da177e4 3502 spin_lock(&GlobalMid_Lock);
fb8c4b14 3503 if (pSesInfo->server->tcpStatus != CifsExiting)
1da177e4
LT		 3504 pSesInfo->server->tcpStatus = CifsGood;
3505 else
3506 rc = -EHOSTDOWN;
3507 spin_unlock(&GlobalMid_Lock);
3508
3509 }
ad009ac9 3510 first_time = 1;
1da177e4
LT		 3511 }
3512 if (!rc) {
9ac00b7d 3513 pSesInfo->flags = 0;
1da177e4 3514 pSesInfo->capabilities = pSesInfo->server->capabilities;
fb8c4b14 3515 if (linuxExtEnabled == 0)
1da177e4 3516 pSesInfo->capabilities &= (~CAP_UNIX);
ad009ac9 3517 /* pSesInfo->sequence_number = 0;*/
50c2f753
SF		 3518 cFYI(1,
3519 ("Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d",
1da177e4
LT		 3520 pSesInfo->server->secMode,
3521 pSesInfo->server->capabilities,
175ec9e1 3522 pSesInfo->server->timeAdj));
fb8c4b14 3523 if (experimEnabled < 2)
3979877e
SF		 3524 rc = CIFS_SessSetup(xid, pSesInfo,
3525 first_time, nls_info);
189acaae 3526 else if (extended_security
50c2f753 3527 && (pSesInfo->capabilities
175ec9e1 3528 & CAP_EXTENDED_SECURITY)
1da177e4 3529 && (pSesInfo->server->secType == NTLMSSP)) {
189acaae 3530 rc = -EOPNOTSUPP;
1da177e4
LT		 3531 } else if (extended_security
3532 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3533 && (pSesInfo->server->secType == RawNTLMSSP)) {
5815449d 3534 cFYI(1, ("NTLMSSP sesssetup"));
1da177e4
LT		 3535 rc = CIFSNTLMSSPNegotiateSessSetup(xid,
3536 pSesInfo,
3537 &ntlmv2_flag,
3538 nls_info);
3539 if (!rc) {
fb8c4b14 3540 if (ntlmv2_flag) {
50c2f753 3541 char *v2_response;
467a8f8d 3542 cFYI(1, ("more secure NTLM ver2 hash"));
50c2f753 3543 if (CalcNTLMv2_partial_mac_key(pSesInfo,
1da177e4
LT		 3544 nls_info)) {
3545 rc = -ENOMEM;
3546 goto ss_err_exit;
3547 } else
3548 v2_response = kmalloc(16 + 64 /* blob */, GFP_KERNEL);
fb8c4b14 3549 if (v2_response) {
50c2f753
SF		 3550 CalcNTLMv2_response(pSesInfo,
3551 v2_response);
fb8c4b14 3552 /* if (first_time)
50c2f753
SF		 3553 cifs_calculate_ntlmv2_mac_key(
3554 pSesInfo->server->mac_signing_key,
3555 response, ntlm_session_key,*/
1da177e4
LT		 3556 kfree(v2_response);
3557 /* BB Put dummy sig in SessSetup PDU? */
3558 } else {
3559 rc = -ENOMEM;
3560 goto ss_err_exit;
3561 }
3562
3563 } else {
3564 SMBNTencrypt(pSesInfo->password,
3565 pSesInfo->server->cryptKey,
3566 ntlm_session_key);
3567
fb8c4b14 3568 if (first_time)
ad009ac9 3569 cifs_calculate_mac_key(
b609f06a 3570 &pSesInfo->server->mac_signing_key,
ad009ac9
SF		 3571 ntlm_session_key,
3572 pSesInfo->password);
1da177e4
LT		 3573 }
3574 /* for better security the weaker lanman hash not sent
3575 in AuthSessSetup so we no longer calculate it */
3576
3577 rc = CIFSNTLMSSPAuthSessSetup(xid,
3578 pSesInfo,
3579 ntlm_session_key,
3580 ntlmv2_flag,
3581 nls_info);
3582 }
3583 } else { /* old style NTLM 0.12 session setup */
3584 SMBNTencrypt(pSesInfo->password,
3585 pSesInfo->server->cryptKey,
3586 ntlm_session_key);
3587
fb8c4b14 3588 if (first_time)
ad009ac9 3589 cifs_calculate_mac_key(
b609f06a 3590 &pSesInfo->server->mac_signing_key,
ad009ac9
SF		 3591 ntlm_session_key, pSesInfo->password);
3592
1da177e4
LT		 3593 rc = CIFSSessSetup(xid, pSesInfo,
3594 ntlm_session_key, nls_info);
3595 }
3596 if (rc) {
fb8c4b14 3597 cERROR(1, ("Send error in SessSetup = %d", rc));
1da177e4 3598 } else {
467a8f8d 3599 cFYI(1, ("CIFS Session Established successfully"));
1da177e4
LT		 3600 pSesInfo->status = CifsGood;
3601 }
3602 }
3603ss_err_exit:
3604 return rc;
3605}
3606
Ubuntu Artful kernel mirror