]> git.ipfire.org Git - thirdparty/linux.git/blame - fs/cifs/connect.c
projects / thirdparty / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[CIFS] cifs_mkdir and cifs_create should respect the setgid bit on parent dir
[thirdparty/linux.git] / fs / cifs / connect.c
CommitLineData
1da177e4
LT		 1/*
2 * fs/cifs/connect.c
3 *
366781c1 4 * Copyright (C) International Business Machines Corp., 2002,2008
1da177e4
LT		 5 * Author(s): Steve French (sfrench@us.ibm.com)
6 *
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
fb8c4b14 19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
1da177e4
LT		 20 */
21#include <linux/fs.h>
22#include <linux/net.h>
23#include <linux/string.h>
24#include <linux/list.h>
25#include <linux/wait.h>
26#include <linux/ipv6.h>
27#include <linux/pagemap.h>
28#include <linux/ctype.h>
29#include <linux/utsname.h>
30#include <linux/mempool.h>
b8643e1b 31#include <linux/delay.h>
f191401f 32#include <linux/completion.h>
aaf737ad 33#include <linux/kthread.h>
0ae0efad 34#include <linux/pagevec.h>
7dfb7103 35#include <linux/freezer.h>
1da177e4
LT		 36#include <asm/uaccess.h>
37#include <asm/processor.h>
38#include "cifspdu.h"
39#include "cifsglob.h"
40#include "cifsproto.h"
41#include "cifs_unicode.h"
42#include "cifs_debug.h"
43#include "cifs_fs_sb.h"
44#include "ntlmssp.h"
45#include "nterr.h"
46#include "rfc1002pdu.h"
a2653eba 47#include "cn_cifs.h"
1da177e4
LT		 48
49#define CIFS_PORT 445
50#define RFC1001_PORT 139
51
1da177e4
LT		 52extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
53 unsigned char *p24);
54
55extern mempool_t *cifs_req_poolp;
56
57struct smb_vol {
58 char *username;
59 char *password;
60 char *domainname;
61 char *UNC;
62 char *UNCip;
95b1cb90 63 char *in6_addr; /* ipv6 address as human readable form of in6_addr */
1da177e4
LT		 64 char *iocharset; /* local code page for mapping to and from Unicode */
65 char source_rfc1001_name[16]; /* netbios name of client */
a10faeb2 66 char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
1da177e4
LT		 67 uid_t linux_uid;
68 gid_t linux_gid;
69 mode_t file_mode;
70 mode_t dir_mode;
189acaae 71 unsigned secFlg;
4b18f2a9
SF		 72 bool rw:1;
73 bool retry:1;
74 bool intr:1;
75 bool setuids:1;
76 bool override_uid:1;
77 bool override_gid:1;
d0a9c078 78 bool dynperm:1;
4b18f2a9
SF		 79 bool noperm:1;
80 bool no_psx_acl:1; /* set if posix acl support should be disabled */
81 bool cifs_acl:1;
82 bool no_xattr:1; /* set if xattr (EA) support should be disabled*/
83 bool server_ino:1; /* use inode numbers from server ie UniqueId */
84 bool direct_io:1;
95b1cb90
SF		 85 bool remap:1; /* set to remap seven reserved chars in filenames */
86 bool posix_paths:1; /* unset to not ask for posix pathnames. */
4b18f2a9
SF		 87 bool no_linux_ext:1;
88 bool sfu_emul:1;
95b1cb90
SF		 89 bool nullauth:1; /* attempt to authenticate with null user */
90 bool nocase:1; /* request case insensitive filenames */
91 bool nobrl:1; /* disable sending byte range locks to srv */
92 bool seal:1; /* request transport encryption on share */
1da177e4
LT		 93 unsigned int rsize;
94 unsigned int wsize;
95 unsigned int sockopt;
96 unsigned short int port;
fb8c4b14 97 char *prepath;
1da177e4
LT		 98};
99
fb8c4b14 100static int ipv4_connect(struct sockaddr_in *psin_server,
1da177e4 101 struct socket **csocket,
fb8c4b14
SF		 102 char *netb_name,
103 char *server_netb_name);
104static int ipv6_connect(struct sockaddr_in6 *psin_server,
1da177e4
LT		 105 struct socket **csocket);
106
107
fb8c4b14 108 /*
1da177e4 109 * cifs tcp session reconnection
fb8c4b14 110 *
1da177e4
LT		 111 * mark tcp session as reconnecting so temporarily locked
112 * mark all smb sessions as reconnecting for tcp session
113 * reconnect tcp session
114 * wake up waiters on reconnection? - (not needed currently)
115 */
116
2cd646a2 117static int
1da177e4
LT		 118cifs_reconnect(struct TCP_Server_Info *server)
119{
120 int rc = 0;
121 struct list_head *tmp;
122 struct cifsSesInfo *ses;
123 struct cifsTconInfo *tcon;
fb8c4b14 124 struct mid_q_entry *mid_entry;
50c2f753 125
1da177e4 126 spin_lock(&GlobalMid_Lock);
26f57364 127 if (kthread_should_stop()) {
fb8c4b14 128 /* the demux thread will exit normally
1da177e4
LT		 129 next time through the loop */
130 spin_unlock(&GlobalMid_Lock);
131 return rc;
132 } else
133 server->tcpStatus = CifsNeedReconnect;
134 spin_unlock(&GlobalMid_Lock);
135 server->maxBuf = 0;
136
e4eb295d 137 cFYI(1, ("Reconnecting tcp session"));
1da177e4
LT		 138
139 /* before reconnecting the tcp session, mark the smb session (uid)
140 and the tid bad so they are not used until reconnected */
141 read_lock(&GlobalSMBSeslock);
142 list_for_each(tmp, &GlobalSMBSessionList) {
143 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
144 if (ses->server) {
145 if (ses->server == server) {
146 ses->status = CifsNeedReconnect;
147 ses->ipc_tid = 0;
148 }
149 }
150 /* else tcp and smb sessions need reconnection */
151 }
152 list_for_each(tmp, &GlobalTreeConnectionList) {
153 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
26f57364 154 if ((tcon) && (tcon->ses) && (tcon->ses->server == server))
1da177e4 155 tcon->tidStatus = CifsNeedReconnect;
1da177e4
LT		 156 }
157 read_unlock(&GlobalSMBSeslock);
158 /* do not want to be sending data on a socket we are freeing */
fb8c4b14
SF		 159 down(&server->tcpSem);
160 if (server->ssocket) {
467a8f8d 161 cFYI(1, ("State: 0x%x Flags: 0x%lx", server->ssocket->state,
1da177e4 162 server->ssocket->flags));
91cf45f0 163 kernel_sock_shutdown(server->ssocket, SHUT_WR);
fb8c4b14 164 cFYI(1, ("Post shutdown state: 0x%x Flags: 0x%lx",
467a8f8d 165 server->ssocket->state,
1da177e4
LT		 166 server->ssocket->flags));
167 sock_release(server->ssocket);
168 server->ssocket = NULL;
169 }
170
171 spin_lock(&GlobalMid_Lock);
172 list_for_each(tmp, &server->pending_mid_q) {
173 mid_entry = list_entry(tmp, struct
174 mid_q_entry,
175 qhead);
fb8c4b14
SF		 176 if (mid_entry) {
177 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
09d1db5c
SF		 178 /* Mark other intransit requests as needing
179 retry so we do not immediately mark the
180 session bad again (ie after we reconnect
181 below) as they timeout too */
1da177e4
LT		 182 mid_entry->midState = MID_RETRY_NEEDED;
183 }
184 }
185 }
186 spin_unlock(&GlobalMid_Lock);
fb8c4b14 187 up(&server->tcpSem);
1da177e4 188
26f57364 189 while ((!kthread_should_stop()) && (server->tcpStatus != CifsGood)) {
6c3d8909 190 try_to_freeze();
fb8c4b14
SF		 191 if (server->protocolType == IPV6) {
192 rc = ipv6_connect(&server->addr.sockAddr6,
193 &server->ssocket);
1da177e4 194 } else {
fb8c4b14 195 rc = ipv4_connect(&server->addr.sockAddr,
1da177e4 196 &server->ssocket,
a10faeb2
SF		 197 server->workstation_RFC1001_name,
198 server->server_RFC1001_name);
1da177e4 199 }
fb8c4b14
SF		 200 if (rc) {
201 cFYI(1, ("reconnect error %d", rc));
0cb766ae 202 msleep(3000);
1da177e4
LT		 203 } else {
204 atomic_inc(&tcpSesReconnectCount);
205 spin_lock(&GlobalMid_Lock);
26f57364 206 if (!kthread_should_stop())
1da177e4 207 server->tcpStatus = CifsGood;
ad009ac9 208 server->sequence_number = 0;
fb8c4b14 209 spin_unlock(&GlobalMid_Lock);
1da177e4
LT		 210 /* atomic_set(&server->inFlight,0);*/
211 wake_up(&server->response_q);
212 }
213 }
214 return rc;
215}
216
fb8c4b14 217/*
e4eb295d
SF		 218 return codes:
219 0 not a transact2, or all data present
220 >0 transact2 with that much data missing
221 -EINVAL = invalid transact2
222
223 */
fb8c4b14 224static int check2ndT2(struct smb_hdr *pSMB, unsigned int maxBufSize)
e4eb295d 225{
fb8c4b14
SF		 226 struct smb_t2_rsp *pSMBt;
227 int total_data_size;
e4eb295d
SF		 228 int data_in_this_rsp;
229 int remaining;
230
fb8c4b14 231 if (pSMB->Command != SMB_COM_TRANSACTION2)
e4eb295d
SF		 232 return 0;
233
fb8c4b14
SF		 234 /* check for plausible wct, bcc and t2 data and parm sizes */
235 /* check for parm and data offset going beyond end of smb */
236 if (pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
467a8f8d 237 cFYI(1, ("invalid transact2 word count"));
e4eb295d
SF		 238 return -EINVAL;
239 }
240
241 pSMBt = (struct smb_t2_rsp *)pSMB;
242
243 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
244 data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
245
246 remaining = total_data_size - data_in_this_rsp;
247
fb8c4b14 248 if (remaining == 0)
e4eb295d 249 return 0;
fb8c4b14 250 else if (remaining < 0) {
467a8f8d 251 cFYI(1, ("total data %d smaller than data in frame %d",
e4eb295d
SF		 252 total_data_size, data_in_this_rsp));
253 return -EINVAL;
254 } else {
467a8f8d 255 cFYI(1, ("missing %d bytes from transact2, check next response",
e4eb295d 256 remaining));
fb8c4b14
SF		 257 if (total_data_size > maxBufSize) {
258 cERROR(1, ("TotalDataSize %d is over maximum buffer %d",
259 total_data_size, maxBufSize));
260 return -EINVAL;
e4eb295d
SF		 261 }
262 return remaining;
263 }
264}
265
fb8c4b14 266static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
e4eb295d
SF		 267{
268 struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
269 struct smb_t2_rsp *pSMBt = (struct smb_t2_rsp *)pTargetSMB;
270 int total_data_size;
271 int total_in_buf;
272 int remaining;
273 int total_in_buf2;
fb8c4b14
SF		 274 char *data_area_of_target;
275 char *data_area_of_buf2;
e4eb295d
SF		 276 __u16 byte_count;
277
278 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
279
fb8c4b14 280 if (total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
63135e08 281 cFYI(1, ("total data size of primary and secondary t2 differ"));
e4eb295d
SF		 282 }
283
284 total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
285
286 remaining = total_data_size - total_in_buf;
50c2f753 287
fb8c4b14 288 if (remaining < 0)
e4eb295d
SF		 289 return -EINVAL;
290
fb8c4b14 291 if (remaining == 0) /* nothing to do, ignore */
e4eb295d 292 return 0;
50c2f753 293
e4eb295d 294 total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
fb8c4b14 295 if (remaining < total_in_buf2) {
467a8f8d 296 cFYI(1, ("transact2 2nd response contains too much data"));
e4eb295d
SF		 297 }
298
299 /* find end of first SMB data area */
fb8c4b14 300 data_area_of_target = (char *)&pSMBt->hdr.Protocol +
e4eb295d
SF		 301 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
302 /* validate target area */
303
304 data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
fb8c4b14 305 le16_to_cpu(pSMB2->t2_rsp.DataOffset);
e4eb295d
SF		 306
307 data_area_of_target += total_in_buf;
308
309 /* copy second buffer into end of first buffer */
fb8c4b14 310 memcpy(data_area_of_target, data_area_of_buf2, total_in_buf2);
e4eb295d
SF		 311 total_in_buf += total_in_buf2;
312 pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
313 byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
314 byte_count += total_in_buf2;
315 BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
316
70ca734a 317 byte_count = pTargetSMB->smb_buf_length;
e4eb295d
SF		 318 byte_count += total_in_buf2;
319
320 /* BB also add check that we are not beyond maximum buffer size */
50c2f753 321
70ca734a 322 pTargetSMB->smb_buf_length = byte_count;
e4eb295d 323
fb8c4b14 324 if (remaining == total_in_buf2) {
467a8f8d 325 cFYI(1, ("found the last secondary response"));
e4eb295d
SF		 326 return 0; /* we are done */
327 } else /* more responses to go */
328 return 1;
329
330}
331
1da177e4
LT		 332static int
333cifs_demultiplex_thread(struct TCP_Server_Info *server)
334{
335 int length;
336 unsigned int pdu_length, total_read;
337 struct smb_hdr *smb_buffer = NULL;
b8643e1b
SF		 338 struct smb_hdr *bigbuf = NULL;
339 struct smb_hdr *smallbuf = NULL;
1da177e4
LT		 340 struct msghdr smb_msg;
341 struct kvec iov;
342 struct socket *csocket = server->ssocket;
343 struct list_head *tmp;
344 struct cifsSesInfo *ses;
345 struct task_struct *task_to_wake = NULL;
346 struct mid_q_entry *mid_entry;
70ca734a 347 char temp;
4b18f2a9
SF		 348 bool isLargeBuf = false;
349 bool isMultiRsp;
e4eb295d 350 int reconnect;
1da177e4 351
1da177e4 352 current->flags |= PF_MEMALLOC;
ba25f9dc 353 cFYI(1, ("Demultiplex PID: %d", task_pid_nr(current)));
93d0ec85
JL		 354
355 length = atomic_inc_return(&tcpSesAllocCount);
356 if (length > 1)
26f57364
SF		 357 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
358 GFP_KERNEL);
1da177e4 359
83144186 360 set_freezable();
aaf737ad 361 while (!kthread_should_stop()) {
ede1327e
SF		 362 if (try_to_freeze())
363 continue;
b8643e1b
SF		 364 if (bigbuf == NULL) {
365 bigbuf = cifs_buf_get();
0fd1ffe0
PM		 366 if (!bigbuf) {
367 cERROR(1, ("No memory for large SMB response"));
b8643e1b
SF		 368 msleep(3000);
369 /* retry will check if exiting */
370 continue;
371 }
0fd1ffe0
PM		 372 } else if (isLargeBuf) {
373 /* we are reusing a dirty large buf, clear its start */
26f57364 374 memset(bigbuf, 0, sizeof(struct smb_hdr));
1da177e4 375 }
b8643e1b
SF		 376
377 if (smallbuf == NULL) {
378 smallbuf = cifs_small_buf_get();
0fd1ffe0
PM		 379 if (!smallbuf) {
380 cERROR(1, ("No memory for SMB response"));
b8643e1b
SF		 381 msleep(1000);
382 /* retry will check if exiting */
383 continue;
384 }
385 /* beginning of smb buffer is cleared in our buf_get */
386 } else /* if existing small buf clear beginning */
26f57364 387 memset(smallbuf, 0, sizeof(struct smb_hdr));
b8643e1b 388
4b18f2a9
SF		 389 isLargeBuf = false;
390 isMultiRsp = false;
b8643e1b 391 smb_buffer = smallbuf;
1da177e4
LT		 392 iov.iov_base = smb_buffer;
393 iov.iov_len = 4;
394 smb_msg.msg_control = NULL;
395 smb_msg.msg_controllen = 0;
f01d5e14
SF		 396 pdu_length = 4; /* enough to get RFC1001 header */
397incomplete_rcv:
1da177e4
LT		 398 length =
399 kernel_recvmsg(csocket, &smb_msg,
f01d5e14 400 &iov, 1, pdu_length, 0 /* BB other flags? */);
1da177e4 401
26f57364 402 if (kthread_should_stop()) {
1da177e4
LT		 403 break;
404 } else if (server->tcpStatus == CifsNeedReconnect) {
0fd1ffe0 405 cFYI(1, ("Reconnect after server stopped responding"));
1da177e4 406 cifs_reconnect(server);
0fd1ffe0 407 cFYI(1, ("call to reconnect done"));
1da177e4
LT		 408 csocket = server->ssocket;
409 continue;
410 } else if ((length == -ERESTARTSYS) || (length == -EAGAIN)) {
b8643e1b 411 msleep(1); /* minimum sleep to prevent looping
1da177e4
LT		 412 allowing socket to clear and app threads to set
413 tcpStatus CifsNeedReconnect if server hung */
c18c732e
SF		 414 if (pdu_length < 4)
415 goto incomplete_rcv;
416 else
417 continue;
1da177e4 418 } else if (length <= 0) {
0fd1ffe0
PM		 419 if (server->tcpStatus == CifsNew) {
420 cFYI(1, ("tcp session abend after SMBnegprot"));
09d1db5c
SF		 421 /* some servers kill the TCP session rather than
422 returning an SMB negprot error, in which
423 case reconnecting here is not going to help,
424 and so simply return error to mount */
1da177e4
LT		 425 break;
426 }
0fd1ffe0 427 if (!try_to_freeze() && (length == -EINTR)) {
467a8f8d 428 cFYI(1, ("cifsd thread killed"));
1da177e4
LT		 429 break;
430 }
467a8f8d 431 cFYI(1, ("Reconnect after unexpected peek error %d",
57337e42 432 length));
1da177e4
LT		 433 cifs_reconnect(server);
434 csocket = server->ssocket;
435 wake_up(&server->response_q);
436 continue;
2a974680
PT		 437 } else if (length < pdu_length) {
438 cFYI(1, ("requested %d bytes but only got %d bytes",
439 pdu_length, length));
f01d5e14 440 pdu_length -= length;
f01d5e14
SF		 441 msleep(1);
442 goto incomplete_rcv;
46810cbf 443 }
1da177e4 444
70ca734a
SF		 445 /* The right amount was read from socket - 4 bytes */
446 /* so we can now interpret the length field */
46810cbf 447
70ca734a
SF		 448 /* the first byte big endian of the length field,
449 is actually not part of the length but the type
450 with the most common, zero, as regular data */
451 temp = *((char *) smb_buffer);
46810cbf 452
fb8c4b14 453 /* Note that FC 1001 length is big endian on the wire,
70ca734a
SF		 454 but we convert it here so it is always manipulated
455 as host byte order */
5ca33c6a 456 pdu_length = be32_to_cpu((__force __be32)smb_buffer->smb_buf_length);
70ca734a
SF		 457 smb_buffer->smb_buf_length = pdu_length;
458
467a8f8d 459 cFYI(1, ("rfc1002 length 0x%x", pdu_length+4));
46810cbf 460
70ca734a 461 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
fb8c4b14 462 continue;
70ca734a 463 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
467a8f8d 464 cFYI(1, ("Good RFC 1002 session rsp"));
e4eb295d 465 continue;
70ca734a 466 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
fb8c4b14 467 /* we get this from Windows 98 instead of
46810cbf 468 an error on SMB negprot response */
fb8c4b14 469 cFYI(1, ("Negative RFC1002 Session Response Error 0x%x)",
70ca734a 470 pdu_length));
fb8c4b14
SF		 471 if (server->tcpStatus == CifsNew) {
472 /* if nack on negprot (rather than
46810cbf
SF		 473 ret of smb negprot error) reconnecting
474 not going to help, ret error to mount */
475 break;
476 } else {
477 /* give server a second to
478 clean up before reconnect attempt */
479 msleep(1000);
480 /* always try 445 first on reconnect
481 since we get NACK on some if we ever
fb8c4b14 482 connected to port 139 (the NACK is
46810cbf
SF		 483 since we do not begin with RFC1001
484 session initialize frame) */
fb8c4b14 485 server->addr.sockAddr.sin_port =
46810cbf 486 htons(CIFS_PORT);
1da177e4
LT		 487 cifs_reconnect(server);
488 csocket = server->ssocket;
46810cbf 489 wake_up(&server->response_q);
1da177e4 490 continue;
46810cbf 491 }
70ca734a 492 } else if (temp != (char) 0) {
fb8c4b14 493 cERROR(1, ("Unknown RFC 1002 frame"));
70ca734a
SF		 494 cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
495 length);
46810cbf
SF		 496 cifs_reconnect(server);
497 csocket = server->ssocket;
498 continue;
e4eb295d
SF		 499 }
500
501 /* else we have an SMB response */
fb8c4b14 502 if ((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
26f57364 503 (pdu_length < sizeof(struct smb_hdr) - 1 - 4)) {
e4eb295d 504 cERROR(1, ("Invalid size SMB length %d pdu_length %d",
46810cbf 505 length, pdu_length+4));
e4eb295d
SF		 506 cifs_reconnect(server);
507 csocket = server->ssocket;
508 wake_up(&server->response_q);
509 continue;
fb8c4b14 510 }
e4eb295d
SF		 511
512 /* else length ok */
513 reconnect = 0;
514
fb8c4b14 515 if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
4b18f2a9 516 isLargeBuf = true;
e4eb295d
SF		 517 memcpy(bigbuf, smallbuf, 4);
518 smb_buffer = bigbuf;
519 }
520 length = 0;
521 iov.iov_base = 4 + (char *)smb_buffer;
522 iov.iov_len = pdu_length;
fb8c4b14 523 for (total_read = 0; total_read < pdu_length;
e4eb295d
SF		 524 total_read += length) {
525 length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
526 pdu_length - total_read, 0);
26f57364 527 if (kthread_should_stop() ||
e4eb295d
SF		 528 (length == -EINTR)) {
529 /* then will exit */
530 reconnect = 2;
531 break;
532 } else if (server->tcpStatus == CifsNeedReconnect) {
46810cbf
SF		 533 cifs_reconnect(server);
534 csocket = server->ssocket;
fb8c4b14 535 /* Reconnect wakes up rspns q */
e4eb295d
SF		 536 /* Now we will reread sock */
537 reconnect = 1;
538 break;
fb8c4b14 539 } else if ((length == -ERESTARTSYS) ||
e4eb295d
SF		 540 (length == -EAGAIN)) {
541 msleep(1); /* minimum sleep to prevent looping,
fb8c4b14 542 allowing socket to clear and app
e4eb295d
SF		 543 threads to set tcpStatus
544 CifsNeedReconnect if server hung*/
c18c732e 545 length = 0;
46810cbf 546 continue;
e4eb295d 547 } else if (length <= 0) {
fb8c4b14 548 cERROR(1, ("Received no data, expecting %d",
e4eb295d
SF		 549 pdu_length - total_read));
550 cifs_reconnect(server);
551 csocket = server->ssocket;
552 reconnect = 1;
553 break;
46810cbf 554 }
e4eb295d 555 }
fb8c4b14 556 if (reconnect == 2)
e4eb295d 557 break;
fb8c4b14 558 else if (reconnect == 1)
e4eb295d 559 continue;
1da177e4 560
e4eb295d 561 length += 4; /* account for rfc1002 hdr */
50c2f753 562
09d1db5c 563
e4eb295d 564 dump_smb(smb_buffer, length);
184ed211 565 if (checkSMB(smb_buffer, smb_buffer->Mid, total_read+4)) {
b387eaeb 566 cifs_dump_mem("Bad SMB: ", smb_buffer, 48);
e4eb295d
SF		 567 continue;
568 }
1da177e4 569
e4eb295d
SF		 570
571 task_to_wake = NULL;
572 spin_lock(&GlobalMid_Lock);
573 list_for_each(tmp, &server->pending_mid_q) {
574 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
575
50c2f753 576 if ((mid_entry->mid == smb_buffer->Mid) &&
e4eb295d
SF		 577 (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
578 (mid_entry->command == smb_buffer->Command)) {
fb8c4b14 579 if (check2ndT2(smb_buffer,server->maxBuf) > 0) {
e4eb295d 580 /* We have a multipart transact2 resp */
4b18f2a9 581 isMultiRsp = true;
fb8c4b14 582 if (mid_entry->resp_buf) {
e4eb295d 583 /* merge response - fix up 1st*/
50c2f753 584 if (coalesce_t2(smb_buffer,
e4eb295d 585 mid_entry->resp_buf)) {
4b18f2a9
SF		 586 mid_entry->multiRsp =
587 true;
e4eb295d
SF		 588 break;
589 } else {
590 /* all parts received */
4b18f2a9
SF		 591 mid_entry->multiEnd =
592 true;
50c2f753 593 goto multi_t2_fnd;
e4eb295d
SF		 594 }
595 } else {
fb8c4b14 596 if (!isLargeBuf) {
e4eb295d
SF		 597 cERROR(1,("1st trans2 resp needs bigbuf"));
598 /* BB maybe we can fix this up, switch
50c2f753 599 to already allocated large buffer? */
e4eb295d 600 } else {
cd63499c 601 /* Have first buffer */
e4eb295d
SF		 602 mid_entry->resp_buf =
603 smb_buffer;
4b18f2a9
SF		 604 mid_entry->largeBuf =
605 true;
e4eb295d
SF		 606 bigbuf = NULL;
607 }
608 }
609 break;
50c2f753 610 }
e4eb295d 611 mid_entry->resp_buf = smb_buffer;
4b18f2a9 612 mid_entry->largeBuf = isLargeBuf;
e4eb295d
SF		 613multi_t2_fnd:
614 task_to_wake = mid_entry->tsk;
615 mid_entry->midState = MID_RESPONSE_RECEIVED;
1047abc1
SF		 616#ifdef CONFIG_CIFS_STATS2
617 mid_entry->when_received = jiffies;
618#endif
3a5ff61c
SF		 619 /* so we do not time out requests to server
620 which is still responding (since server could
621 be busy but not dead) */
622 server->lstrp = jiffies;
e4eb295d 623 break;
46810cbf 624 }
1da177e4 625 }
e4eb295d
SF		 626 spin_unlock(&GlobalMid_Lock);
627 if (task_to_wake) {
cd63499c 628 /* Was previous buf put in mpx struct for multi-rsp? */
fb8c4b14 629 if (!isMultiRsp) {
cd63499c 630 /* smb buffer will be freed by user thread */
26f57364 631 if (isLargeBuf)
cd63499c 632 bigbuf = NULL;
26f57364 633 else
cd63499c
SF		 634 smallbuf = NULL;
635 }
e4eb295d 636 wake_up_process(task_to_wake);
4b18f2a9
SF		 637 } else if (!is_valid_oplock_break(smb_buffer, server) &&
638 !isMultiRsp) {
50c2f753
SF		 639 cERROR(1, ("No task to wake, unknown frame received! "
640 "NumMids %d", midCount.counter));
641 cifs_dump_mem("Received Data is: ", (char *)smb_buffer,
70ca734a 642 sizeof(struct smb_hdr));
3979877e
SF		 643#ifdef CONFIG_CIFS_DEBUG2
644 cifs_dump_detail(smb_buffer);
645 cifs_dump_mids(server);
646#endif /* CIFS_DEBUG2 */
50c2f753 647
e4eb295d
SF		 648 }
649 } /* end while !EXITING */
650
1da177e4
LT		 651 spin_lock(&GlobalMid_Lock);
652 server->tcpStatus = CifsExiting;
e691b9d1 653 spin_unlock(&GlobalMid_Lock);
dbdbb876 654 wake_up_all(&server->response_q);
e691b9d1
SF		 655
656 /* don't exit until kthread_stop is called */
657 set_current_state(TASK_UNINTERRUPTIBLE);
658 while (!kthread_should_stop()) {
659 schedule();
660 set_current_state(TASK_UNINTERRUPTIBLE);
661 }
662 set_current_state(TASK_RUNNING);
663
31ca3bc3
SF		 664 /* check if we have blocked requests that need to free */
665 /* Note that cifs_max_pending is normally 50, but
666 can be set at module install time to as little as two */
e691b9d1 667 spin_lock(&GlobalMid_Lock);
fb8c4b14 668 if (atomic_read(&server->inFlight) >= cifs_max_pending)
31ca3bc3
SF		 669 atomic_set(&server->inFlight, cifs_max_pending - 1);
670 /* We do not want to set the max_pending too low or we
671 could end up with the counter going negative */
1da177e4 672 spin_unlock(&GlobalMid_Lock);
50c2f753 673 /* Although there should not be any requests blocked on
1da177e4 674 this queue it can not hurt to be paranoid and try to wake up requests
09d1db5c 675 that may haven been blocked when more than 50 at time were on the wire
1da177e4
LT		 676 to the same server - they now will see the session is in exit state
677 and get out of SendReceive. */
678 wake_up_all(&server->request_q);
679 /* give those requests time to exit */
b8643e1b 680 msleep(125);
50c2f753 681
fb8c4b14 682 if (server->ssocket) {
1da177e4
LT		 683 sock_release(csocket);
684 server->ssocket = NULL;
685 }
b8643e1b 686 /* buffer usuallly freed in free_mid - need to free it here on exit */
a8a11d39
MK		 687 cifs_buf_release(bigbuf);
688 if (smallbuf) /* no sense logging a debug message if NULL */
b8643e1b 689 cifs_small_buf_release(smallbuf);
1da177e4
LT		 690
691 read_lock(&GlobalSMBSeslock);
692 if (list_empty(&server->pending_mid_q)) {
09d1db5c
SF		 693 /* loop through server session structures attached to this and
694 mark them dead */
1da177e4
LT		 695 list_for_each(tmp, &GlobalSMBSessionList) {
696 ses =
697 list_entry(tmp, struct cifsSesInfo,
698 cifsSessionList);
699 if (ses->server == server) {
700 ses->status = CifsExiting;
701 ses->server = NULL;
702 }
703 }
704 read_unlock(&GlobalSMBSeslock);
705 } else {
31ca3bc3
SF		 706 /* although we can not zero the server struct pointer yet,
707 since there are active requests which may depnd on them,
708 mark the corresponding SMB sessions as exiting too */
709 list_for_each(tmp, &GlobalSMBSessionList) {
710 ses = list_entry(tmp, struct cifsSesInfo,
711 cifsSessionList);
26f57364 712 if (ses->server == server)
31ca3bc3 713 ses->status = CifsExiting;
31ca3bc3
SF		 714 }
715
1da177e4
LT		 716 spin_lock(&GlobalMid_Lock);
717 list_for_each(tmp, &server->pending_mid_q) {
718 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
719 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
50c2f753
SF		 720 cFYI(1, ("Clearing Mid 0x%x - waking up ",
721 mid_entry->mid));
1da177e4 722 task_to_wake = mid_entry->tsk;
26f57364 723 if (task_to_wake)
1da177e4 724 wake_up_process(task_to_wake);
1da177e4
LT		 725 }
726 }
727 spin_unlock(&GlobalMid_Lock);
728 read_unlock(&GlobalSMBSeslock);
1da177e4 729 /* 1/8th of sec is more than enough time for them to exit */
b8643e1b 730 msleep(125);
1da177e4
LT		 731 }
732
f191401f 733 if (!list_empty(&server->pending_mid_q)) {
50c2f753 734 /* mpx threads have not exited yet give them
1da177e4 735 at least the smb send timeout time for long ops */
31ca3bc3
SF		 736 /* due to delays on oplock break requests, we need
737 to wait at least 45 seconds before giving up
738 on a request getting a response and going ahead
739 and killing cifsd */
1da177e4 740 cFYI(1, ("Wait for exit from demultiplex thread"));
31ca3bc3 741 msleep(46000);
1da177e4
LT		 742 /* if threads still have not exited they are probably never
743 coming home not much else we can do but free the memory */
744 }
1da177e4 745
31ca3bc3
SF		 746 /* last chance to mark ses pointers invalid
747 if there are any pointing to this (e.g
50c2f753 748 if a crazy root user tried to kill cifsd
31ca3bc3 749 kernel thread explicitly this might happen) */
93d0ec85 750 write_lock(&GlobalSMBSeslock);
31ca3bc3
SF		 751 list_for_each(tmp, &GlobalSMBSessionList) {
752 ses = list_entry(tmp, struct cifsSesInfo,
753 cifsSessionList);
26f57364 754 if (ses->server == server)
31ca3bc3 755 ses->server = NULL;
31ca3bc3 756 }
1da177e4 757 write_unlock(&GlobalSMBSeslock);
31ca3bc3 758
c359cf3c 759 kfree(server->hostname);
31ca3bc3 760 kfree(server);
93d0ec85
JL		 761
762 length = atomic_dec_return(&tcpSesAllocCount);
26f57364
SF		 763 if (length > 0)
764 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
765 GFP_KERNEL);
50c2f753 766
1da177e4
LT		 767 return 0;
768}
769
c359cf3c
JL		 770/* extract the host portion of the UNC string */
771static char *
772extract_hostname(const char *unc)
773{
774 const char *src;
775 char *dst, *delim;
776 unsigned int len;
777
778 /* skip double chars at beginning of string */
779 /* BB: check validity of these bytes? */
780 src = unc + 2;
781
782 /* delimiter between hostname and sharename is always '\\' now */
783 delim = strchr(src, '\\');
784 if (!delim)
785 return ERR_PTR(-EINVAL);
786
787 len = delim - src;
788 dst = kmalloc((len + 1), GFP_KERNEL);
789 if (dst == NULL)
790 return ERR_PTR(-ENOMEM);
791
792 memcpy(dst, src, len);
793 dst[len] = '\0';
794
795 return dst;
796}
797
1da177e4 798static int
50c2f753
SF		 799cifs_parse_mount_options(char *options, const char *devname,
800 struct smb_vol *vol)
1da177e4
LT		 801{
802 char *value;
803 char *data;
804 unsigned int temp_len, i, j;
805 char separator[2];
806
807 separator[0] = ',';
50c2f753 808 separator[1] = 0;
1da177e4 809
12e36b2f 810 if (Local_System_Name[0] != 0)
50c2f753 811 memcpy(vol->source_rfc1001_name, Local_System_Name, 15);
2cd646a2 812 else {
12e36b2f 813 char *nodename = utsname()->nodename;
50c2f753
SF		 814 int n = strnlen(nodename, 15);
815 memset(vol->source_rfc1001_name, 0x20, 15);
816 for (i = 0; i < n; i++) {
2cd646a2
SF		 817 /* does not have to be perfect mapping since field is
818 informational, only used for servers that do not support
819 port 445 and it can be overridden at mount time */
12e36b2f 820 vol->source_rfc1001_name[i] = toupper(nodename[i]);
2cd646a2 821 }
1da177e4
LT		 822 }
823 vol->source_rfc1001_name[15] = 0;
a10faeb2
SF		 824 /* null target name indicates to use *SMBSERVR default called name
825 if we end up sending RFC1001 session initialize */
826 vol->target_rfc1001_name[0] = 0;
1da177e4
LT		 827 vol->linux_uid = current->uid; /* current->euid instead? */
828 vol->linux_gid = current->gid;
829 vol->dir_mode = S_IRWXUGO;
830 /* 2767 perms indicate mandatory locking support */
7505e052 831 vol->file_mode = (S_IRWXUGO | S_ISGID) & (~S_IXGRP);
1da177e4
LT		 832
833 /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
4b18f2a9 834 vol->rw = true;
ac67055e
JA		 835 /* default is always to request posix paths. */
836 vol->posix_paths = 1;
837
1da177e4
LT		 838 if (!options)
839 return 1;
840
50c2f753 841 if (strncmp(options, "sep=", 4) == 0) {
fb8c4b14 842 if (options[4] != 0) {
1da177e4
LT		 843 separator[0] = options[4];
844 options += 5;
845 } else {
467a8f8d 846 cFYI(1, ("Null separator not allowed"));
1da177e4
LT		 847 }
848 }
50c2f753 849
1da177e4
LT		 850 while ((data = strsep(&options, separator)) != NULL) {
851 if (!*data)
852 continue;
853 if ((value = strchr(data, '=')) != NULL)
854 *value++ = '\0';
855
50c2f753
SF		 856 /* Have to parse this before we parse for "user" */
857 if (strnicmp(data, "user_xattr", 10) == 0) {
1da177e4 858 vol->no_xattr = 0;
50c2f753 859 } else if (strnicmp(data, "nouser_xattr", 12) == 0) {
1da177e4
LT		 860 vol->no_xattr = 1;
861 } else if (strnicmp(data, "user", 4) == 0) {
4b952a9b 862 if (!value) {
1da177e4
LT		 863 printk(KERN_WARNING
864 "CIFS: invalid or missing username\n");
865 return 1; /* needs_arg; */
fb8c4b14 866 } else if (!*value) {
4b952a9b
SF		 867 /* null user, ie anonymous, authentication */
868 vol->nullauth = 1;
1da177e4
LT		 869 }
870 if (strnlen(value, 200) < 200) {
871 vol->username = value;
872 } else {
873 printk(KERN_WARNING "CIFS: username too long\n");
874 return 1;
875 }
876 } else if (strnicmp(data, "pass", 4) == 0) {
877 if (!value) {
878 vol->password = NULL;
879 continue;
fb8c4b14 880 } else if (value[0] == 0) {
1da177e4
LT		 881 /* check if string begins with double comma
882 since that would mean the password really
883 does start with a comma, and would not
884 indicate an empty string */
fb8c4b14 885 if (value[1] != separator[0]) {
1da177e4
LT		 886 vol->password = NULL;
887 continue;
888 }
889 }
890 temp_len = strlen(value);
891 /* removed password length check, NTLM passwords
892 can be arbitrarily long */
893
50c2f753 894 /* if comma in password, the string will be
1da177e4
LT		 895 prematurely null terminated. Commas in password are
896 specified across the cifs mount interface by a double
897 comma ie ,, and a comma used as in other cases ie ','
898 as a parameter delimiter/separator is single and due
899 to the strsep above is temporarily zeroed. */
900
901 /* NB: password legally can have multiple commas and
902 the only illegal character in a password is null */
903
50c2f753 904 if ((value[temp_len] == 0) &&
09d1db5c 905 (value[temp_len+1] == separator[0])) {
1da177e4
LT		 906 /* reinsert comma */
907 value[temp_len] = separator[0];
50c2f753
SF		 908 temp_len += 2; /* move after second comma */
909 while (value[temp_len] != 0) {
1da177e4 910 if (value[temp_len] == separator[0]) {
50c2f753 911 if (value[temp_len+1] ==
09d1db5c
SF		 912 separator[0]) {
913 /* skip second comma */
914 temp_len++;
50c2f753 915 } else {
1da177e4
LT		 916 /* single comma indicating start
917 of next parm */
918 break;
919 }
920 }
921 temp_len++;
922 }
fb8c4b14 923 if (value[temp_len] == 0) {
1da177e4
LT		 924 options = NULL;
925 } else {
926 value[temp_len] = 0;
927 /* point option to start of next parm */
928 options = value + temp_len + 1;
929 }
50c2f753 930 /* go from value to value + temp_len condensing
1da177e4
LT		 931 double commas to singles. Note that this ends up
932 allocating a few bytes too many, which is ok */
e915fc49 933 vol->password = kzalloc(temp_len, GFP_KERNEL);
fb8c4b14 934 if (vol->password == NULL) {
50c2f753
SF		 935 printk(KERN_WARNING "CIFS: no memory "
936 "for password\n");
433dc24f
SF		 937 return 1;
938 }
50c2f753 939 for (i = 0, j = 0; i < temp_len; i++, j++) {
1da177e4 940 vol->password[j] = value[i];
fb8c4b14 941 if (value[i] == separator[0]
09d1db5c 942 && value[i+1] == separator[0]) {
1da177e4
LT		 943 /* skip second comma */
944 i++;
945 }
946 }
947 vol->password[j] = 0;
948 } else {
e915fc49 949 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
fb8c4b14 950 if (vol->password == NULL) {
50c2f753
SF		 951 printk(KERN_WARNING "CIFS: no memory "
952 "for password\n");
433dc24f
SF		 953 return 1;
954 }
1da177e4
LT		 955 strcpy(vol->password, value);
956 }
957 } else if (strnicmp(data, "ip", 2) == 0) {
958 if (!value || !*value) {
959 vol->UNCip = NULL;
960 } else if (strnlen(value, 35) < 35) {
961 vol->UNCip = value;
962 } else {
50c2f753
SF		 963 printk(KERN_WARNING "CIFS: ip address "
964 "too long\n");
1da177e4
LT		 965 return 1;
966 }
50c2f753
SF		 967 } else if (strnicmp(data, "sec", 3) == 0) {
968 if (!value || !*value) {
969 cERROR(1, ("no security value specified"));
970 continue;
971 } else if (strnicmp(value, "krb5i", 5) == 0) {
972 vol->secFlg |= CIFSSEC_MAY_KRB5 |
189acaae 973 CIFSSEC_MUST_SIGN;
bf820679 974 } else if (strnicmp(value, "krb5p", 5) == 0) {
50c2f753
SF		 975 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
976 CIFSSEC_MAY_KRB5; */
977 cERROR(1, ("Krb5 cifs privacy not supported"));
bf820679
SF		 978 return 1;
979 } else if (strnicmp(value, "krb5", 4) == 0) {
750d1151 980 vol->secFlg |= CIFSSEC_MAY_KRB5;
bf820679 981 } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
750d1151 982 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
189acaae 983 CIFSSEC_MUST_SIGN;
bf820679 984 } else if (strnicmp(value, "ntlmv2", 6) == 0) {
750d1151 985 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
bf820679 986 } else if (strnicmp(value, "ntlmi", 5) == 0) {
750d1151 987 vol->secFlg |= CIFSSEC_MAY_NTLM |
189acaae 988 CIFSSEC_MUST_SIGN;
bf820679
SF		 989 } else if (strnicmp(value, "ntlm", 4) == 0) {
990 /* ntlm is default so can be turned off too */
750d1151 991 vol->secFlg |= CIFSSEC_MAY_NTLM;
bf820679 992 } else if (strnicmp(value, "nontlm", 6) == 0) {
189acaae 993 /* BB is there a better way to do this? */
750d1151 994 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
189acaae
SF		 995#ifdef CONFIG_CIFS_WEAK_PW_HASH
996 } else if (strnicmp(value, "lanman", 6) == 0) {
50c2f753 997 vol->secFlg |= CIFSSEC_MAY_LANMAN;
189acaae 998#endif
bf820679 999 } else if (strnicmp(value, "none", 4) == 0) {
189acaae 1000 vol->nullauth = 1;
50c2f753
SF		 1001 } else {
1002 cERROR(1, ("bad security option: %s", value));
1003 return 1;
1004 }
1da177e4
LT		 1005 } else if ((strnicmp(data, "unc", 3) == 0)
1006 || (strnicmp(data, "target", 6) == 0)
1007 || (strnicmp(data, "path", 4) == 0)) {
1008 if (!value || !*value) {
50c2f753
SF		 1009 printk(KERN_WARNING "CIFS: invalid path to "
1010 "network resource\n");
1da177e4
LT		 1011 return 1; /* needs_arg; */
1012 }
1013 if ((temp_len = strnlen(value, 300)) < 300) {
50c2f753 1014 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
4523cc30 1015 if (vol->UNC == NULL)
1da177e4 1016 return 1;
50c2f753 1017 strcpy(vol->UNC, value);
1da177e4
LT		 1018 if (strncmp(vol->UNC, "//", 2) == 0) {
1019 vol->UNC[0] = '\\';
1020 vol->UNC[1] = '\\';
50c2f753 1021 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1da177e4 1022 printk(KERN_WARNING
50c2f753
SF		 1023 "CIFS: UNC Path does not begin "
1024 "with // or \\\\ \n");
1da177e4
LT		 1025 return 1;
1026 }
1027 } else {
1028 printk(KERN_WARNING "CIFS: UNC name too long\n");
1029 return 1;
1030 }
1031 } else if ((strnicmp(data, "domain", 3) == 0)
1032 || (strnicmp(data, "workgroup", 5) == 0)) {
1033 if (!value || !*value) {
1034 printk(KERN_WARNING "CIFS: invalid domain name\n");
1035 return 1; /* needs_arg; */
1036 }
1037 /* BB are there cases in which a comma can be valid in
1038 a domain name and need special handling? */
3979877e 1039 if (strnlen(value, 256) < 256) {
1da177e4
LT		 1040 vol->domainname = value;
1041 cFYI(1, ("Domain name set"));
1042 } else {
50c2f753
SF		 1043 printk(KERN_WARNING "CIFS: domain name too "
1044 "long\n");
1da177e4
LT		 1045 return 1;
1046 }
50c2f753
SF		 1047 } else if (strnicmp(data, "prefixpath", 10) == 0) {
1048 if (!value || !*value) {
1049 printk(KERN_WARNING
1050 "CIFS: invalid path prefix\n");
1051 return 1; /* needs_argument */
1052 }
1053 if ((temp_len = strnlen(value, 1024)) < 1024) {
4523cc30 1054 if (value[0] != '/')
2fe87f02 1055 temp_len++; /* missing leading slash */
50c2f753
SF		 1056 vol->prepath = kmalloc(temp_len+1, GFP_KERNEL);
1057 if (vol->prepath == NULL)
1058 return 1;
4523cc30 1059 if (value[0] != '/') {
2fe87f02 1060 vol->prepath[0] = '/';
50c2f753 1061 strcpy(vol->prepath+1, value);
2fe87f02 1062 } else
50c2f753
SF		 1063 strcpy(vol->prepath, value);
1064 cFYI(1, ("prefix path %s", vol->prepath));
1065 } else {
1066 printk(KERN_WARNING "CIFS: prefix too long\n");
1067 return 1;
1068 }
1da177e4
LT		 1069 } else if (strnicmp(data, "iocharset", 9) == 0) {
1070 if (!value || !*value) {
63135e08
SF		 1071 printk(KERN_WARNING "CIFS: invalid iocharset "
1072 "specified\n");
1da177e4
LT		 1073 return 1; /* needs_arg; */
1074 }
1075 if (strnlen(value, 65) < 65) {
50c2f753 1076 if (strnicmp(value, "default", 7))
1da177e4 1077 vol->iocharset = value;
50c2f753
SF		 1078 /* if iocharset not set then load_nls_default
1079 is used by caller */
1080 cFYI(1, ("iocharset set to %s", value));
1da177e4 1081 } else {
63135e08
SF		 1082 printk(KERN_WARNING "CIFS: iocharset name "
1083 "too long.\n");
1da177e4
LT		 1084 return 1;
1085 }
1086 } else if (strnicmp(data, "uid", 3) == 0) {
1087 if (value && *value) {
1088 vol->linux_uid =
1089 simple_strtoul(value, &value, 0);
4523cc30 1090 vol->override_uid = 1;
1da177e4
LT		 1091 }
1092 } else if (strnicmp(data, "gid", 3) == 0) {
1093 if (value && *value) {
1094 vol->linux_gid =
1095 simple_strtoul(value, &value, 0);
4523cc30 1096 vol->override_gid = 1;
1da177e4
LT		 1097 }
1098 } else if (strnicmp(data, "file_mode", 4) == 0) {
1099 if (value && *value) {
1100 vol->file_mode =
1101 simple_strtoul(value, &value, 0);
1102 }
1103 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1104 if (value && *value) {
1105 vol->dir_mode =
1106 simple_strtoul(value, &value, 0);
1107 }
1108 } else if (strnicmp(data, "dirmode", 4) == 0) {
1109 if (value && *value) {
1110 vol->dir_mode =
1111 simple_strtoul(value, &value, 0);
1112 }
1113 } else if (strnicmp(data, "port", 4) == 0) {
1114 if (value && *value) {
1115 vol->port =
1116 simple_strtoul(value, &value, 0);
1117 }
1118 } else if (strnicmp(data, "rsize", 5) == 0) {
1119 if (value && *value) {
1120 vol->rsize =
1121 simple_strtoul(value, &value, 0);
1122 }
1123 } else if (strnicmp(data, "wsize", 5) == 0) {
1124 if (value && *value) {
1125 vol->wsize =
1126 simple_strtoul(value, &value, 0);
1127 }
1128 } else if (strnicmp(data, "sockopt", 5) == 0) {
1129 if (value && *value) {
1130 vol->sockopt =
1131 simple_strtoul(value, &value, 0);
1132 }
1133 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1134 if (!value || !*value || (*value == ' ')) {
63135e08 1135 cFYI(1, ("invalid (empty) netbiosname"));
1da177e4 1136 } else {
50c2f753
SF		 1137 memset(vol->source_rfc1001_name, 0x20, 15);
1138 for (i = 0; i < 15; i++) {
1139 /* BB are there cases in which a comma can be
1da177e4
LT		 1140 valid in this workstation netbios name (and need
1141 special handling)? */
1142
1143 /* We do not uppercase netbiosname for user */
50c2f753 1144 if (value[i] == 0)
1da177e4 1145 break;
50c2f753
SF		 1146 else
1147 vol->source_rfc1001_name[i] =
1148 value[i];
1da177e4
LT		 1149 }
1150 /* The string has 16th byte zero still from
1151 set at top of the function */
50c2f753
SF		 1152 if ((i == 15) && (value[i] != 0))
1153 printk(KERN_WARNING "CIFS: netbiosname"
1154 " longer than 15 truncated.\n");
a10faeb2
SF		 1155 }
1156 } else if (strnicmp(data, "servern", 7) == 0) {
1157 /* servernetbiosname specified override *SMBSERVER */
1158 if (!value || !*value || (*value == ' ')) {
467a8f8d 1159 cFYI(1, ("empty server netbiosname specified"));
a10faeb2
SF		 1160 } else {
1161 /* last byte, type, is 0x20 for servr type */
50c2f753 1162 memset(vol->target_rfc1001_name, 0x20, 16);
a10faeb2 1163
50c2f753 1164 for (i = 0; i < 15; i++) {
a10faeb2 1165 /* BB are there cases in which a comma can be
50c2f753
SF		 1166 valid in this workstation netbios name
1167 (and need special handling)? */
a10faeb2 1168
50c2f753
SF		 1169 /* user or mount helper must uppercase
1170 the netbiosname */
1171 if (value[i] == 0)
a10faeb2
SF		 1172 break;
1173 else
50c2f753
SF		 1174 vol->target_rfc1001_name[i] =
1175 value[i];
a10faeb2
SF		 1176 }
1177 /* The string has 16th byte zero still from
1178 set at top of the function */
50c2f753
SF		 1179 if ((i == 15) && (value[i] != 0))
1180 printk(KERN_WARNING "CIFS: server net"
1181 "biosname longer than 15 truncated.\n");
1da177e4
LT		 1182 }
1183 } else if (strnicmp(data, "credentials", 4) == 0) {
1184 /* ignore */
1185 } else if (strnicmp(data, "version", 3) == 0) {
1186 /* ignore */
50c2f753 1187 } else if (strnicmp(data, "guest", 5) == 0) {
1da177e4
LT		 1188 /* ignore */
1189 } else if (strnicmp(data, "rw", 2) == 0) {
4b18f2a9 1190 vol->rw = true;
1da177e4
LT		 1191 } else if ((strnicmp(data, "suid", 4) == 0) ||
1192 (strnicmp(data, "nosuid", 6) == 0) ||
1193 (strnicmp(data, "exec", 4) == 0) ||
1194 (strnicmp(data, "noexec", 6) == 0) ||
1195 (strnicmp(data, "nodev", 5) == 0) ||
1196 (strnicmp(data, "noauto", 6) == 0) ||
1197 (strnicmp(data, "dev", 3) == 0)) {
1198 /* The mount tool or mount.cifs helper (if present)
50c2f753
SF		 1199 uses these opts to set flags, and the flags are read
1200 by the kernel vfs layer before we get here (ie
1201 before read super) so there is no point trying to
1202 parse these options again and set anything and it
1203 is ok to just ignore them */
1da177e4
LT		 1204 continue;
1205 } else if (strnicmp(data, "ro", 2) == 0) {
4b18f2a9 1206 vol->rw = false;
1da177e4
LT		 1207 } else if (strnicmp(data, "hard", 4) == 0) {
1208 vol->retry = 1;
1209 } else if (strnicmp(data, "soft", 4) == 0) {
1210 vol->retry = 0;
1211 } else if (strnicmp(data, "perm", 4) == 0) {
1212 vol->noperm = 0;
1213 } else if (strnicmp(data, "noperm", 6) == 0) {
1214 vol->noperm = 1;
6a0b4824
SF		 1215 } else if (strnicmp(data, "mapchars", 8) == 0) {
1216 vol->remap = 1;
1217 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1218 vol->remap = 0;
50c2f753
SF		 1219 } else if (strnicmp(data, "sfu", 3) == 0) {
1220 vol->sfu_emul = 1;
1221 } else if (strnicmp(data, "nosfu", 5) == 0) {
1222 vol->sfu_emul = 0;
ac67055e
JA		 1223 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1224 vol->posix_paths = 1;
1225 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1226 vol->posix_paths = 0;
c18c842b
SF		 1227 } else if (strnicmp(data, "nounix", 6) == 0) {
1228 vol->no_linux_ext = 1;
1229 } else if (strnicmp(data, "nolinux", 7) == 0) {
1230 vol->no_linux_ext = 1;
50c2f753 1231 } else if ((strnicmp(data, "nocase", 6) == 0) ||
a10faeb2 1232 (strnicmp(data, "ignorecase", 10) == 0)) {
50c2f753 1233 vol->nocase = 1;
c46fa8ac
SF		 1234 } else if (strnicmp(data, "brl", 3) == 0) {
1235 vol->nobrl = 0;
50c2f753 1236 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1c955187 1237 (strnicmp(data, "nolock", 6) == 0)) {
c46fa8ac 1238 vol->nobrl = 1;
d3485d37
SF		 1239 /* turn off mandatory locking in mode
1240 if remote locking is turned off since the
1241 local vfs will do advisory */
50c2f753
SF		 1242 if (vol->file_mode ==
1243 (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
d3485d37 1244 vol->file_mode = S_IALLUGO;
1da177e4
LT		 1245 } else if (strnicmp(data, "setuids", 7) == 0) {
1246 vol->setuids = 1;
1247 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1248 vol->setuids = 0;
d0a9c078
JL		 1249 } else if (strnicmp(data, "dynperm", 7) == 0) {
1250 vol->dynperm = true;
1251 } else if (strnicmp(data, "nodynperm", 9) == 0) {
1252 vol->dynperm = false;
1da177e4
LT		 1253 } else if (strnicmp(data, "nohard", 6) == 0) {
1254 vol->retry = 0;
1255 } else if (strnicmp(data, "nosoft", 6) == 0) {
1256 vol->retry = 1;
1257 } else if (strnicmp(data, "nointr", 6) == 0) {
1258 vol->intr = 0;
1259 } else if (strnicmp(data, "intr", 4) == 0) {
1260 vol->intr = 1;
50c2f753 1261 } else if (strnicmp(data, "serverino", 7) == 0) {
1da177e4 1262 vol->server_ino = 1;
50c2f753 1263 } else if (strnicmp(data, "noserverino", 9) == 0) {
1da177e4 1264 vol->server_ino = 0;
50c2f753 1265 } else if (strnicmp(data, "cifsacl", 7) == 0) {
0a4b92c0
SF		 1266 vol->cifs_acl = 1;
1267 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1268 vol->cifs_acl = 0;
50c2f753 1269 } else if (strnicmp(data, "acl", 3) == 0) {
1da177e4 1270 vol->no_psx_acl = 0;
50c2f753 1271 } else if (strnicmp(data, "noacl", 5) == 0) {
1da177e4 1272 vol->no_psx_acl = 1;
50c2f753 1273 } else if (strnicmp(data, "sign", 4) == 0) {
750d1151 1274 vol->secFlg |= CIFSSEC_MUST_SIGN;
95b1cb90
SF		 1275 } else if (strnicmp(data, "seal", 4) == 0) {
1276 /* we do not do the following in secFlags because seal
1277 is a per tree connection (mount) not a per socket
1278 or per-smb connection option in the protocol */
1279 /* vol->secFlg |= CIFSSEC_MUST_SEAL; */
1280 vol->seal = 1;
50c2f753 1281 } else if (strnicmp(data, "direct", 6) == 0) {
1da177e4 1282 vol->direct_io = 1;
50c2f753 1283 } else if (strnicmp(data, "forcedirectio", 13) == 0) {
1da177e4 1284 vol->direct_io = 1;
50c2f753 1285 } else if (strnicmp(data, "in6_addr", 8) == 0) {
1da177e4
LT		 1286 if (!value || !*value) {
1287 vol->in6_addr = NULL;
1288 } else if (strnlen(value, 49) == 48) {
1289 vol->in6_addr = value;
1290 } else {
50c2f753
SF		 1291 printk(KERN_WARNING "CIFS: ip v6 address not "
1292 "48 characters long\n");
1da177e4
LT		 1293 return 1;
1294 }
1295 } else if (strnicmp(data, "noac", 4) == 0) {
50c2f753
SF		 1296 printk(KERN_WARNING "CIFS: Mount option noac not "
1297 "supported. Instead set "
1298 "/proc/fs/cifs/LookupCacheEnabled to 0\n");
1da177e4 1299 } else
50c2f753
SF		 1300 printk(KERN_WARNING "CIFS: Unknown mount option %s\n",
1301 data);
1da177e4
LT		 1302 }
1303 if (vol->UNC == NULL) {
4523cc30 1304 if (devname == NULL) {
50c2f753
SF		 1305 printk(KERN_WARNING "CIFS: Missing UNC name for mount "
1306 "target\n");
1da177e4
LT		 1307 return 1;
1308 }
1309 if ((temp_len = strnlen(devname, 300)) < 300) {
50c2f753 1310 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
4523cc30 1311 if (vol->UNC == NULL)
1da177e4 1312 return 1;
50c2f753 1313 strcpy(vol->UNC, devname);
1da177e4
LT		 1314 if (strncmp(vol->UNC, "//", 2) == 0) {
1315 vol->UNC[0] = '\\';
1316 vol->UNC[1] = '\\';
1317 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
50c2f753
SF		 1318 printk(KERN_WARNING "CIFS: UNC Path does not "
1319 "begin with // or \\\\ \n");
1da177e4
LT		 1320 return 1;
1321 }
7c5e628f
IM		 1322 value = strpbrk(vol->UNC+2, "/\\");
1323 if (value)
1324 *value = '\\';
1da177e4
LT		 1325 } else {
1326 printk(KERN_WARNING "CIFS: UNC name too long\n");
1327 return 1;
1328 }
1329 }
fb8c4b14 1330 if (vol->UNCip == NULL)
1da177e4
LT		 1331 vol->UNCip = &vol->UNC[2];
1332
1333 return 0;
1334}
1335
1336static struct cifsSesInfo *
50c2f753 1337cifs_find_tcp_session(struct in_addr *target_ip_addr,
1b20d672
CG		 1338 struct in6_addr *target_ip6_addr,
1339 char *userName, struct TCP_Server_Info **psrvTcp)
1da177e4
LT		 1340{
1341 struct list_head *tmp;
1342 struct cifsSesInfo *ses;
1b20d672 1343
1da177e4 1344 *psrvTcp = NULL;
1da177e4 1345
1b20d672 1346 read_lock(&GlobalSMBSeslock);
1da177e4
LT		 1347 list_for_each(tmp, &GlobalSMBSessionList) {
1348 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
1b20d672
CG		 1349 if (!ses->server)
1350 continue;
1351
1352 if (target_ip_addr &&
1353 ses->server->addr.sockAddr.sin_addr.s_addr != target_ip_addr->s_addr)
1354 continue;
1355 else if (target_ip6_addr &&
1356 memcmp(&ses->server->addr.sockAddr6.sin6_addr,
1357 target_ip6_addr, sizeof(*target_ip6_addr)))
1358 continue;
02eadeff 1359 /* BB lock server and tcp session; increment use count here?? */
1b20d672
CG		 1360
1361 /* found a match on the TCP session */
1362 *psrvTcp = ses->server;
1363
1364 /* BB check if reconnection needed */
1365 if (strncmp(ses->userName, userName, MAX_USERNAME_SIZE) == 0) {
1366 read_unlock(&GlobalSMBSeslock);
1367 /* Found exact match on both TCP and
1368 SMB sessions */
1369 return ses;
1da177e4
LT		 1370 }
1371 /* else tcp and smb sessions need reconnection */
1372 }
1373 read_unlock(&GlobalSMBSeslock);
1b20d672 1374
1da177e4
LT		 1375 return NULL;
1376}
1377
1378static struct cifsTconInfo *
1379find_unc(__be32 new_target_ip_addr, char *uncName, char *userName)
1380{
1381 struct list_head *tmp;
1382 struct cifsTconInfo *tcon;
dea570e0 1383 __be32 old_ip;
1da177e4
LT		 1384
1385 read_lock(&GlobalSMBSeslock);
dea570e0 1386
1da177e4 1387 list_for_each(tmp, &GlobalTreeConnectionList) {
e466e487 1388 cFYI(1, ("Next tcon"));
1da177e4 1389 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
dea570e0
SF		 1390 if (!tcon->ses || !tcon->ses->server)
1391 continue;
1392
1393 old_ip = tcon->ses->server->addr.sockAddr.sin_addr.s_addr;
1394 cFYI(1, ("old ip addr: %x == new ip %x ?",
1395 old_ip, new_target_ip_addr));
1396
1397 if (old_ip != new_target_ip_addr)
1398 continue;
1399
1400 /* BB lock tcon, server, tcp session and increment use count? */
1401 /* found a match on the TCP session */
1402 /* BB check if reconnection needed */
1403 cFYI(1, ("IP match, old UNC: %s new: %s",
1404 tcon->treeName, uncName));
1405
1406 if (strncmp(tcon->treeName, uncName, MAX_TREE_SIZE))
1407 continue;
1408
1409 cFYI(1, ("and old usr: %s new: %s",
1410 tcon->treeName, uncName));
1411
1412 if (strncmp(tcon->ses->userName, userName, MAX_USERNAME_SIZE))
1413 continue;
1414
1415 /* matched smb session (user name) */
1416 read_unlock(&GlobalSMBSeslock);
1417 return tcon;
1da177e4 1418 }
dea570e0 1419
1da177e4
LT		 1420 read_unlock(&GlobalSMBSeslock);
1421 return NULL;
1422}
1423
1da177e4 1424int
50c2f753
SF		 1425get_dfs_path(int xid, struct cifsSesInfo *pSesInfo, const char *old_path,
1426 const struct nls_table *nls_codepage, unsigned int *pnum_referrals,
366781c1 1427 struct dfs_info3_param **preferrals, int remap)
1da177e4
LT		 1428{
1429 char *temp_unc;
1430 int rc = 0;
1431
1432 *pnum_referrals = 0;
366781c1 1433 *preferrals = NULL;
1da177e4
LT		 1434
1435 if (pSesInfo->ipc_tid == 0) {
1436 temp_unc = kmalloc(2 /* for slashes */ +
50c2f753
SF		 1437 strnlen(pSesInfo->serverName,
1438 SERVER_NAME_LEN_WITH_NULL * 2)
1da177e4
LT		 1439 + 1 + 4 /* slash IPC$ */ + 2,
1440 GFP_KERNEL);
1441 if (temp_unc == NULL)
1442 return -ENOMEM;
1443 temp_unc[0] = '\\';
1444 temp_unc[1] = '\\';
1445 strcpy(temp_unc + 2, pSesInfo->serverName);
1446 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
1447 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
1448 cFYI(1,
50c2f753 1449 ("CIFS Tcon rc = %d ipc_tid = %d", rc, pSesInfo->ipc_tid));
1da177e4
LT		 1450 kfree(temp_unc);
1451 }
1452 if (rc == 0)
c2cf07d5 1453 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
737b758c 1454 pnum_referrals, nls_codepage, remap);
366781c1
SF		 1455 /* BB map targetUNCs to dfs_info3 structures, here or
1456 in CIFSGetDFSRefer BB */
1da177e4
LT		 1457
1458 return rc;
1459}
1460
09e50d55
JL		 1461#ifdef CONFIG_DEBUG_LOCK_ALLOC
1462static struct lock_class_key cifs_key[2];
1463static struct lock_class_key cifs_slock_key[2];
1464
1465static inline void
1466cifs_reclassify_socket4(struct socket *sock)
1467{
1468 struct sock *sk = sock->sk;
1469 BUG_ON(sock_owned_by_user(sk));
1470 sock_lock_init_class_and_name(sk, "slock-AF_INET-CIFS",
1471 &cifs_slock_key[0], "sk_lock-AF_INET-CIFS", &cifs_key[0]);
1472}
1473
1474static inline void
1475cifs_reclassify_socket6(struct socket *sock)
1476{
1477 struct sock *sk = sock->sk;
1478 BUG_ON(sock_owned_by_user(sk));
1479 sock_lock_init_class_and_name(sk, "slock-AF_INET6-CIFS",
1480 &cifs_slock_key[1], "sk_lock-AF_INET6-CIFS", &cifs_key[1]);
1481}
1482#else
1483static inline void
1484cifs_reclassify_socket4(struct socket *sock)
1485{
1486}
1487
1488static inline void
1489cifs_reclassify_socket6(struct socket *sock)
1490{
1491}
1492#endif
1493
1da177e4 1494/* See RFC1001 section 14 on representation of Netbios names */
50c2f753 1495static void rfc1002mangle(char *target, char *source, unsigned int length)
1da177e4 1496{
50c2f753 1497 unsigned int i, j;
1da177e4 1498
50c2f753 1499 for (i = 0, j = 0; i < (length); i++) {
1da177e4
LT		 1500 /* mask a nibble at a time and encode */
1501 target[j] = 'A' + (0x0F & (source[i] >> 4));
1502 target[j+1] = 'A' + (0x0F & source[i]);
50c2f753 1503 j += 2;
1da177e4
LT		 1504 }
1505
1506}
1507
1508
1509static int
50c2f753
SF		 1510ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket,
1511 char *netbios_name, char *target_name)
1da177e4
LT		 1512{
1513 int rc = 0;
1514 int connected = 0;
1515 __be16 orig_port = 0;
1516
fb8c4b14 1517 if (*csocket == NULL) {
50c2f753
SF		 1518 rc = sock_create_kern(PF_INET, SOCK_STREAM,
1519 IPPROTO_TCP, csocket);
1da177e4 1520 if (rc < 0) {
50c2f753 1521 cERROR(1, ("Error %d creating socket", rc));
1da177e4
LT		 1522 *csocket = NULL;
1523 return rc;
1524 } else {
1525 /* BB other socket options to set KEEPALIVE, NODELAY? */
467a8f8d 1526 cFYI(1, ("Socket created"));
50c2f753 1527 (*csocket)->sk->sk_allocation = GFP_NOFS;
09e50d55 1528 cifs_reclassify_socket4(*csocket);
1da177e4
LT		 1529 }
1530 }
1531
1532 psin_server->sin_family = AF_INET;
fb8c4b14 1533 if (psin_server->sin_port) { /* user overrode default port */
1da177e4
LT		 1534 rc = (*csocket)->ops->connect(*csocket,
1535 (struct sockaddr *) psin_server,
6345a3a8 1536 sizeof(struct sockaddr_in), 0);
1da177e4
LT		 1537 if (rc >= 0)
1538 connected = 1;
50c2f753 1539 }
1da177e4 1540
fb8c4b14 1541 if (!connected) {
50c2f753 1542 /* save original port so we can retry user specified port
1da177e4
LT		 1543 later if fall back ports fail this time */
1544 orig_port = psin_server->sin_port;
1545
1546 /* do not retry on the same port we just failed on */
fb8c4b14 1547 if (psin_server->sin_port != htons(CIFS_PORT)) {
1da177e4
LT		 1548 psin_server->sin_port = htons(CIFS_PORT);
1549
1550 rc = (*csocket)->ops->connect(*csocket,
1551 (struct sockaddr *) psin_server,
6345a3a8 1552 sizeof(struct sockaddr_in), 0);
1da177e4
LT		 1553 if (rc >= 0)
1554 connected = 1;
1555 }
1556 }
1557 if (!connected) {
1558 psin_server->sin_port = htons(RFC1001_PORT);
1559 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
50c2f753 1560 psin_server,
6345a3a8 1561 sizeof(struct sockaddr_in), 0);
50c2f753 1562 if (rc >= 0)
1da177e4
LT		 1563 connected = 1;
1564 }
1565
1566 /* give up here - unless we want to retry on different
1567 protocol families some day */
1568 if (!connected) {
fb8c4b14 1569 if (orig_port)
1da177e4 1570 psin_server->sin_port = orig_port;
50c2f753 1571 cFYI(1, ("Error %d connecting to server via ipv4", rc));
1da177e4
LT		 1572 sock_release(*csocket);
1573 *csocket = NULL;
1574 return rc;
1575 }
50c2f753
SF		 1576 /* Eventually check for other socket options to change from
1577 the default. sock_setsockopt not used because it expects
1da177e4 1578 user space buffer */
50c2f753
SF		 1579 cFYI(1, ("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",
1580 (*csocket)->sk->sk_sndbuf,
b387eaeb 1581 (*csocket)->sk->sk_rcvbuf, (*csocket)->sk->sk_rcvtimeo));
1da177e4 1582 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
b387eaeb 1583 /* make the bufsizes depend on wsize/rsize and max requests */
fb8c4b14 1584 if ((*csocket)->sk->sk_sndbuf < (200 * 1024))
b387eaeb 1585 (*csocket)->sk->sk_sndbuf = 200 * 1024;
fb8c4b14 1586 if ((*csocket)->sk->sk_rcvbuf < (140 * 1024))
b387eaeb 1587 (*csocket)->sk->sk_rcvbuf = 140 * 1024;
1da177e4
LT		 1588
1589 /* send RFC1001 sessinit */
fb8c4b14 1590 if (psin_server->sin_port == htons(RFC1001_PORT)) {
1da177e4 1591 /* some servers require RFC1001 sessinit before sending
50c2f753 1592 negprot - BB check reconnection in case where second
1da177e4 1593 sessinit is sent but no second negprot */
50c2f753
SF		 1594 struct rfc1002_session_packet *ses_init_buf;
1595 struct smb_hdr *smb_buf;
1596 ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet),
1597 GFP_KERNEL);
fb8c4b14 1598 if (ses_init_buf) {
1da177e4 1599 ses_init_buf->trailer.session_req.called_len = 32;
fb8c4b14 1600 if (target_name && (target_name[0] != 0)) {
a10faeb2
SF		 1601 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1602 target_name, 16);
1603 } else {
1604 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
50c2f753 1605 DEFAULT_CIFS_CALLED_NAME, 16);
a10faeb2
SF		 1606 }
1607
1da177e4
LT		 1608 ses_init_buf->trailer.session_req.calling_len = 32;
1609 /* calling name ends in null (byte 16) from old smb
1610 convention. */
50c2f753 1611 if (netbios_name && (netbios_name[0] != 0)) {
1da177e4 1612 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
50c2f753 1613 netbios_name, 16);
1da177e4
LT		 1614 } else {
1615 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
50c2f753 1616 "LINUX_CIFS_CLNT", 16);
1da177e4
LT		 1617 }
1618 ses_init_buf->trailer.session_req.scope1 = 0;
1619 ses_init_buf->trailer.session_req.scope2 = 0;
1620 smb_buf = (struct smb_hdr *)ses_init_buf;
1621 /* sizeof RFC1002_SESSION_REQUEST with no scope */
1622 smb_buf->smb_buf_length = 0x81000044;
1623 rc = smb_send(*csocket, smb_buf, 0x44,
1624 (struct sockaddr *)psin_server);
1625 kfree(ses_init_buf);
50c2f753 1626 msleep(1); /* RFC1001 layer in at least one server
083d3a2c
SF		 1627 requires very short break before negprot
1628 presumably because not expecting negprot
1629 to follow so fast. This is a simple
50c2f753 1630 solution that works without
083d3a2c
SF		 1631 complicating the code and causes no
1632 significant slowing down on mount
1633 for everyone else */
1da177e4 1634 }
50c2f753 1635 /* else the negprot may still work without this
1da177e4 1636 even though malloc failed */
50c2f753 1637
1da177e4 1638 }
50c2f753 1639
1da177e4
LT		 1640 return rc;
1641}
1642
1643static int
1644ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket)
1645{
1646 int rc = 0;
1647 int connected = 0;
1648 __be16 orig_port = 0;
1649
fb8c4b14 1650 if (*csocket == NULL) {
50c2f753
SF		 1651 rc = sock_create_kern(PF_INET6, SOCK_STREAM,
1652 IPPROTO_TCP, csocket);
1da177e4 1653 if (rc < 0) {
50c2f753 1654 cERROR(1, ("Error %d creating ipv6 socket", rc));
1da177e4
LT		 1655 *csocket = NULL;
1656 return rc;
1657 } else {
1658 /* BB other socket options to set KEEPALIVE, NODELAY? */
fb8c4b14 1659 cFYI(1, ("ipv6 Socket created"));
1da177e4 1660 (*csocket)->sk->sk_allocation = GFP_NOFS;
09e50d55 1661 cifs_reclassify_socket6(*csocket);
1da177e4
LT		 1662 }
1663 }
1664
1665 psin_server->sin6_family = AF_INET6;
1666
fb8c4b14 1667 if (psin_server->sin6_port) { /* user overrode default port */
1da177e4
LT		 1668 rc = (*csocket)->ops->connect(*csocket,
1669 (struct sockaddr *) psin_server,
6345a3a8 1670 sizeof(struct sockaddr_in6), 0);
1da177e4
LT		 1671 if (rc >= 0)
1672 connected = 1;
50c2f753 1673 }
1da177e4 1674
fb8c4b14 1675 if (!connected) {
50c2f753 1676 /* save original port so we can retry user specified port
1da177e4
LT		 1677 later if fall back ports fail this time */
1678
1679 orig_port = psin_server->sin6_port;
1680 /* do not retry on the same port we just failed on */
fb8c4b14 1681 if (psin_server->sin6_port != htons(CIFS_PORT)) {
1da177e4
LT		 1682 psin_server->sin6_port = htons(CIFS_PORT);
1683
1684 rc = (*csocket)->ops->connect(*csocket,
1685 (struct sockaddr *) psin_server,
6345a3a8 1686 sizeof(struct sockaddr_in6), 0);
1da177e4
LT		 1687 if (rc >= 0)
1688 connected = 1;
1689 }
1690 }
1691 if (!connected) {
1692 psin_server->sin6_port = htons(RFC1001_PORT);
1693 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
6345a3a8 1694 psin_server, sizeof(struct sockaddr_in6), 0);
50c2f753 1695 if (rc >= 0)
1da177e4
LT		 1696 connected = 1;
1697 }
1698
1699 /* give up here - unless we want to retry on different
1700 protocol families some day */
1701 if (!connected) {
fb8c4b14 1702 if (orig_port)
1da177e4 1703 psin_server->sin6_port = orig_port;
50c2f753 1704 cFYI(1, ("Error %d connecting to server via ipv6", rc));
1da177e4
LT		 1705 sock_release(*csocket);
1706 *csocket = NULL;
1707 return rc;
1708 }
50c2f753
SF		 1709 /* Eventually check for other socket options to change from
1710 the default. sock_setsockopt not used because it expects
1da177e4
LT		 1711 user space buffer */
1712 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
50c2f753 1713
1da177e4
LT		 1714 return rc;
1715}
1716
50c2f753
SF		 1717void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon,
1718 struct super_block *sb, struct smb_vol *vol_info)
8af18971
SF		 1719{
1720 /* if we are reconnecting then should we check to see if
1721 * any requested capabilities changed locally e.g. via
1722 * remount but we can not do much about it here
1723 * if they have (even if we could detect it by the following)
1724 * Perhaps we could add a backpointer to array of sb from tcon
1725 * or if we change to make all sb to same share the same
1726 * sb as NFS - then we only have one backpointer to sb.
1727 * What if we wanted to mount the server share twice once with
1728 * and once without posixacls or posix paths? */
1729 __u64 saved_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
50c2f753 1730
c18c842b
SF		 1731 if (vol_info && vol_info->no_linux_ext) {
1732 tcon->fsUnixInfo.Capability = 0;
1733 tcon->unix_ext = 0; /* Unix Extensions disabled */
1734 cFYI(1, ("Linux protocol extensions disabled"));
1735 return;
1736 } else if (vol_info)
1737 tcon->unix_ext = 1; /* Unix Extensions supported */
1738
1739 if (tcon->unix_ext == 0) {
1740 cFYI(1, ("Unix extensions disabled so not set on reconnect"));
1741 return;
1742 }
50c2f753 1743
fb8c4b14 1744 if (!CIFSSMBQFSUnixInfo(xid, tcon)) {
8af18971 1745 __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
50c2f753 1746
8af18971
SF		 1747 /* check for reconnect case in which we do not
1748 want to change the mount behavior if we can avoid it */
fb8c4b14 1749 if (vol_info == NULL) {
50c2f753 1750 /* turn off POSIX ACL and PATHNAMES if not set
8af18971
SF		 1751 originally at mount time */
1752 if ((saved_cap & CIFS_UNIX_POSIX_ACL_CAP) == 0)
1753 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
11b6d645
IM		 1754 if ((saved_cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
1755 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
1756 cERROR(1, ("POSIXPATH support change"));
8af18971 1757 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
11b6d645
IM		 1758 } else if ((cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
1759 cERROR(1, ("possible reconnect error"));
1760 cERROR(1,
1761 ("server disabled POSIX path support"));
1762 }
8af18971 1763 }
50c2f753 1764
8af18971 1765 cap &= CIFS_UNIX_CAP_MASK;
75865f8c 1766 if (vol_info && vol_info->no_psx_acl)
8af18971 1767 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
75865f8c 1768 else if (CIFS_UNIX_POSIX_ACL_CAP & cap) {
fb8c4b14
SF		 1769 cFYI(1, ("negotiated posix acl support"));
1770 if (sb)
8af18971
SF		 1771 sb->s_flags |= MS_POSIXACL;
1772 }
1773
75865f8c 1774 if (vol_info && vol_info->posix_paths == 0)
8af18971 1775 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
75865f8c 1776 else if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
fb8c4b14 1777 cFYI(1, ("negotiate posix pathnames"));
75865f8c 1778 if (sb)
50c2f753 1779 CIFS_SB(sb)->mnt_cifs_flags |=
8af18971
SF		 1780 CIFS_MOUNT_POSIX_PATHS;
1781 }
50c2f753 1782
984acfe1
SF		 1783 /* We might be setting the path sep back to a different
1784 form if we are reconnecting and the server switched its
50c2f753 1785 posix path capability for this share */
75865f8c 1786 if (sb && (CIFS_SB(sb)->prepathlen > 0))
984acfe1 1787 CIFS_SB(sb)->prepath[0] = CIFS_DIR_SEP(CIFS_SB(sb));
75865f8c
SF		 1788
1789 if (sb && (CIFS_SB(sb)->rsize > 127 * 1024)) {
1790 if ((cap & CIFS_UNIX_LARGE_READ_CAP) == 0) {
1791 CIFS_SB(sb)->rsize = 127 * 1024;
90c81e0b
SF		 1792 cFYI(DBG2,
1793 ("larger reads not supported by srv"));
75865f8c
SF		 1794 }
1795 }
50c2f753
SF		 1796
1797
1798 cFYI(1, ("Negotiate caps 0x%x", (int)cap));
8af18971 1799#ifdef CONFIG_CIFS_DEBUG2
75865f8c 1800 if (cap & CIFS_UNIX_FCNTL_CAP)
fb8c4b14 1801 cFYI(1, ("FCNTL cap"));
75865f8c 1802 if (cap & CIFS_UNIX_EXTATTR_CAP)
fb8c4b14 1803 cFYI(1, ("EXTATTR cap"));
75865f8c 1804 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
fb8c4b14 1805 cFYI(1, ("POSIX path cap"));
75865f8c 1806 if (cap & CIFS_UNIX_XATTR_CAP)
fb8c4b14 1807 cFYI(1, ("XATTR cap"));
75865f8c 1808 if (cap & CIFS_UNIX_POSIX_ACL_CAP)
fb8c4b14 1809 cFYI(1, ("POSIX ACL cap"));
75865f8c 1810 if (cap & CIFS_UNIX_LARGE_READ_CAP)
fb8c4b14 1811 cFYI(1, ("very large read cap"));
75865f8c 1812 if (cap & CIFS_UNIX_LARGE_WRITE_CAP)
fb8c4b14 1813 cFYI(1, ("very large write cap"));
8af18971
SF		 1814#endif /* CIFS_DEBUG2 */
1815 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
442aa310 1816 if (vol_info == NULL) {
5a44b319 1817 cFYI(1, ("resetting capabilities failed"));
442aa310 1818 } else
5a44b319
SF		 1819 cERROR(1, ("Negotiating Unix capabilities "
1820 "with the server failed. Consider "
1821 "mounting with the Unix Extensions\n"
1822 "disabled, if problems are found, "
1823 "by specifying the nounix mount "
2224f4e5 1824 "option."));
5a44b319 1825
8af18971
SF		 1826 }
1827 }
1828}
1829
03a143c9
SF		 1830static void
1831convert_delimiter(char *path, char delim)
1832{
1833 int i;
c2d68ea6 1834 char old_delim;
03a143c9
SF		 1835
1836 if (path == NULL)
1837 return;
1838
582d21e5 1839 if (delim == '/')
c2d68ea6
SF		 1840 old_delim = '\\';
1841 else
1842 old_delim = '/';
1843
03a143c9 1844 for (i = 0; path[i] != '\0'; i++) {
c2d68ea6 1845 if (path[i] == old_delim)
03a143c9
SF		 1846 path[i] = delim;
1847 }
1848}
1849
1da177e4
LT		 1850int
1851cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
1852 char *mount_data, const char *devname)
1853{
1854 int rc = 0;
1855 int xid;
1856 int address_type = AF_INET;
1857 struct socket *csocket = NULL;
1858 struct sockaddr_in sin_server;
1859 struct sockaddr_in6 sin_server6;
1860 struct smb_vol volume_info;
1861 struct cifsSesInfo *pSesInfo = NULL;
1862 struct cifsSesInfo *existingCifsSes = NULL;
1863 struct cifsTconInfo *tcon = NULL;
1864 struct TCP_Server_Info *srvTcp = NULL;
1865
1866 xid = GetXid();
1867
1868/* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */
50c2f753
SF		 1869
1870 memset(&volume_info, 0, sizeof(struct smb_vol));
1da177e4 1871 if (cifs_parse_mount_options(mount_data, devname, &volume_info)) {
70fe7dc0
JL		 1872 rc = -EINVAL;
1873 goto out;
1da177e4
LT		 1874 }
1875
8426c39c 1876 if (volume_info.nullauth) {
fb8c4b14 1877 cFYI(1, ("null user"));
9b8f5f57 1878 volume_info.username = "";
8426c39c 1879 } else if (volume_info.username) {
1da177e4 1880 /* BB fixme parse for domain name here */
467a8f8d 1881 cFYI(1, ("Username: %s", volume_info.username));
1da177e4 1882 } else {
bf820679 1883 cifserror("No username specified");
50c2f753
SF		 1884 /* In userspace mount helper we can get user name from alternate
1885 locations such as env variables and files on disk */
70fe7dc0
JL		 1886 rc = -EINVAL;
1887 goto out;
1da177e4
LT		 1888 }
1889
1890 if (volume_info.UNCip && volume_info.UNC) {
50c2f753
SF		 1891 rc = cifs_inet_pton(AF_INET, volume_info.UNCip,
1892 &sin_server.sin_addr.s_addr);
1da177e4 1893
fb8c4b14 1894 if (rc <= 0) {
1da177e4 1895 /* not ipv4 address, try ipv6 */
50c2f753
SF		 1896 rc = cifs_inet_pton(AF_INET6, volume_info.UNCip,
1897 &sin_server6.sin6_addr.in6_u);
fb8c4b14 1898 if (rc > 0)
1da177e4
LT		 1899 address_type = AF_INET6;
1900 } else {
1901 address_type = AF_INET;
1902 }
50c2f753 1903
fb8c4b14 1904 if (rc <= 0) {
1da177e4 1905 /* we failed translating address */
70fe7dc0
JL		 1906 rc = -EINVAL;
1907 goto out;
1da177e4
LT		 1908 }
1909
1910 cFYI(1, ("UNC: %s ip: %s", volume_info.UNC, volume_info.UNCip));
1911 /* success */
1912 rc = 0;
50c2f753
SF		 1913 } else if (volume_info.UNCip) {
1914 /* BB using ip addr as server name to connect to the
1915 DFS root below */
1916 cERROR(1, ("Connecting to DFS root not implemented yet"));
70fe7dc0
JL		 1917 rc = -EINVAL;
1918 goto out;
1da177e4
LT		 1919 } else /* which servers DFS root would we conect to */ {
1920 cERROR(1,
50c2f753
SF		 1921 ("CIFS mount error: No UNC path (e.g. -o "
1922 "unc=//192.168.1.100/public) specified"));
70fe7dc0
JL		 1923 rc = -EINVAL;
1924 goto out;
1da177e4
LT		 1925 }
1926
1927 /* this is needed for ASCII cp to Unicode converts */
fb8c4b14 1928 if (volume_info.iocharset == NULL) {
1da177e4
LT		 1929 cifs_sb->local_nls = load_nls_default();
1930 /* load_nls_default can not return null */
1931 } else {
1932 cifs_sb->local_nls = load_nls(volume_info.iocharset);
fb8c4b14 1933 if (cifs_sb->local_nls == NULL) {
50c2f753
SF		 1934 cERROR(1, ("CIFS mount error: iocharset %s not found",
1935 volume_info.iocharset));
70fe7dc0
JL		 1936 rc = -ELIBACC;
1937 goto out;
1da177e4
LT		 1938 }
1939 }
1940
fb8c4b14 1941 if (address_type == AF_INET)
1da177e4
LT		 1942 existingCifsSes = cifs_find_tcp_session(&sin_server.sin_addr,
1943 NULL /* no ipv6 addr */,
1944 volume_info.username, &srvTcp);
fb8c4b14
SF		 1945 else if (address_type == AF_INET6) {
1946 cFYI(1, ("looking for ipv6 address"));
1da177e4
LT		 1947 existingCifsSes = cifs_find_tcp_session(NULL /* no ipv4 addr */,
1948 &sin_server6.sin6_addr,
1949 volume_info.username, &srvTcp);
5858ae44 1950 } else {
70fe7dc0
JL		 1951 rc = -EINVAL;
1952 goto out;
1da177e4
LT		 1953 }
1954
1da177e4 1955 if (srvTcp) {
50c2f753 1956 cFYI(1, ("Existing tcp session with server found"));
1da177e4 1957 } else { /* create socket */
4523cc30 1958 if (volume_info.port)
1da177e4
LT		 1959 sin_server.sin_port = htons(volume_info.port);
1960 else
1961 sin_server.sin_port = 0;
5858ae44 1962 if (address_type == AF_INET6) {
fb8c4b14 1963 cFYI(1, ("attempting ipv6 connect"));
5858ae44
SF		 1964 /* BB should we allow ipv6 on port 139? */
1965 /* other OS never observed in Wild doing 139 with v6 */
50c2f753
SF		 1966 rc = ipv6_connect(&sin_server6, &csocket);
1967 } else
1968 rc = ipv4_connect(&sin_server, &csocket,
a10faeb2
SF		 1969 volume_info.source_rfc1001_name,
1970 volume_info.target_rfc1001_name);
1da177e4 1971 if (rc < 0) {
50c2f753
SF		 1972 cERROR(1, ("Error connecting to IPv4 socket. "
1973 "Aborting operation"));
4523cc30 1974 if (csocket != NULL)
1da177e4 1975 sock_release(csocket);
70fe7dc0 1976 goto out;
1da177e4
LT		 1977 }
1978
a8a11d39
MK		 1979 srvTcp = kzalloc(sizeof(struct TCP_Server_Info), GFP_KERNEL);
1980 if (!srvTcp) {
1da177e4
LT		 1981 rc = -ENOMEM;
1982 sock_release(csocket);
70fe7dc0 1983 goto out;
1da177e4 1984 } else {
50c2f753 1985 memcpy(&srvTcp->addr.sockAddr, &sin_server,
6345a3a8 1986 sizeof(struct sockaddr_in));
50c2f753 1987 atomic_set(&srvTcp->inFlight, 0);
1da177e4
LT		 1988 /* BB Add code for ipv6 case too */
1989 srvTcp->ssocket = csocket;
1990 srvTcp->protocolType = IPV4;
c359cf3c
JL		 1991 srvTcp->hostname = extract_hostname(volume_info.UNC);
1992 if (IS_ERR(srvTcp->hostname)) {
1993 rc = PTR_ERR(srvTcp->hostname);
1994 sock_release(csocket);
1995 goto out;
1996 }
1da177e4
LT		 1997 init_waitqueue_head(&srvTcp->response_q);
1998 init_waitqueue_head(&srvTcp->request_q);
1999 INIT_LIST_HEAD(&srvTcp->pending_mid_q);
2000 /* at this point we are the only ones with the pointer
2001 to the struct since the kernel thread not created yet
2002 so no need to spinlock this init of tcpStatus */
2003 srvTcp->tcpStatus = CifsNew;
2004 init_MUTEX(&srvTcp->tcpSem);
aaf737ad 2005 srvTcp->tsk = kthread_run((void *)(void *)cifs_demultiplex_thread, srvTcp, "cifsd");
8840dee9 2006 if (IS_ERR(srvTcp->tsk)) {
aaf737ad 2007 rc = PTR_ERR(srvTcp->tsk);
50c2f753 2008 cERROR(1, ("error %d create cifsd thread", rc));
aaf737ad 2009 srvTcp->tsk = NULL;
1da177e4 2010 sock_release(csocket);
c359cf3c 2011 kfree(srvTcp->hostname);
70fe7dc0 2012 goto out;
f191401f 2013 }
f191401f 2014 rc = 0;
50c2f753
SF		 2015 memcpy(srvTcp->workstation_RFC1001_name,
2016 volume_info.source_rfc1001_name, 16);
2017 memcpy(srvTcp->server_RFC1001_name,
2018 volume_info.target_rfc1001_name, 16);
ad009ac9 2019 srvTcp->sequence_number = 0;
1da177e4
LT		 2020 }
2021 }
2022
2023 if (existingCifsSes) {
2024 pSesInfo = existingCifsSes;
1d9a8852
JL		 2025 cFYI(1, ("Existing smb sess found (status=%d)",
2026 pSesInfo->status));
88e7d705 2027 down(&pSesInfo->sesSem);
1d9a8852
JL		 2028 if (pSesInfo->status == CifsNeedReconnect) {
2029 cFYI(1, ("Session needs reconnect"));
1d9a8852
JL		 2030 rc = cifs_setup_session(xid, pSesInfo,
2031 cifs_sb->local_nls);
1d9a8852 2032 }
88e7d705 2033 up(&pSesInfo->sesSem);
1da177e4 2034 } else if (!rc) {
bf820679 2035 cFYI(1, ("Existing smb sess not found"));
1da177e4
LT		 2036 pSesInfo = sesInfoAlloc();
2037 if (pSesInfo == NULL)
2038 rc = -ENOMEM;
2039 else {
2040 pSesInfo->server = srvTcp;
2041 sprintf(pSesInfo->serverName, "%u.%u.%u.%u",
2042 NIPQUAD(sin_server.sin_addr.s_addr));
2043 }
2044
50c2f753
SF		 2045 if (!rc) {
2046 /* volume_info.password freed at unmount */
70fe7dc0 2047 if (volume_info.password) {
1da177e4 2048 pSesInfo->password = volume_info.password;
70fe7dc0
JL		 2049 /* set to NULL to prevent freeing on exit */
2050 volume_info.password = NULL;
2051 }
1da177e4
LT		 2052 if (volume_info.username)
2053 strncpy(pSesInfo->userName,
50c2f753
SF		 2054 volume_info.username,
2055 MAX_USERNAME_SIZE);
3979877e
SF		 2056 if (volume_info.domainname) {
2057 int len = strlen(volume_info.domainname);
50c2f753 2058 pSesInfo->domainName =
3979877e 2059 kmalloc(len + 1, GFP_KERNEL);
4523cc30 2060 if (pSesInfo->domainName)
3979877e
SF		 2061 strcpy(pSesInfo->domainName,
2062 volume_info.domainname);
2063 }
1da177e4 2064 pSesInfo->linux_uid = volume_info.linux_uid;
750d1151 2065 pSesInfo->overrideSecFlg = volume_info.secFlg;
1da177e4 2066 down(&pSesInfo->sesSem);
189acaae 2067 /* BB FIXME need to pass vol->secFlgs BB */
50c2f753
SF		 2068 rc = cifs_setup_session(xid, pSesInfo,
2069 cifs_sb->local_nls);
1da177e4 2070 up(&pSesInfo->sesSem);
4523cc30 2071 if (!rc)
1da177e4 2072 atomic_inc(&srvTcp->socketUseCount);
70fe7dc0 2073 }
1da177e4 2074 }
50c2f753 2075
1da177e4
LT		 2076 /* search for existing tcon to this server share */
2077 if (!rc) {
4523cc30 2078 if (volume_info.rsize > CIFSMaxBufSize) {
50c2f753 2079 cERROR(1, ("rsize %d too large, using MaxBufSize",
0ae0efad
SF		 2080 volume_info.rsize));
2081 cifs_sb->rsize = CIFSMaxBufSize;
75865f8c
SF		 2082 } else if ((volume_info.rsize) &&
2083 (volume_info.rsize <= CIFSMaxBufSize))
1da177e4 2084 cifs_sb->rsize = volume_info.rsize;
0ae0efad
SF		 2085 else /* default */
2086 cifs_sb->rsize = CIFSMaxBufSize;
2087
4523cc30 2088 if (volume_info.wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
50c2f753 2089 cERROR(1, ("wsize %d too large, using 4096 instead",
0ae0efad
SF		 2090 volume_info.wsize));
2091 cifs_sb->wsize = 4096;
4523cc30 2092 } else if (volume_info.wsize)
1da177e4
LT		 2093 cifs_sb->wsize = volume_info.wsize;
2094 else
50c2f753 2095 cifs_sb->wsize =
1877c9ea
SF		 2096 min_t(const int, PAGEVEC_SIZE * PAGE_CACHE_SIZE,
2097 127*1024);
17cbbafe 2098 /* old default of CIFSMaxBufSize was too small now
50c2f753 2099 that SMB Write2 can send multiple pages in kvec.
17cbbafe
SF		 2100 RFC1001 does not describe what happens when frame
2101 bigger than 128K is sent so use that as max in
2102 conjunction with 52K kvec constraint on arch with 4K
2103 page size */
2104
4523cc30 2105 if (cifs_sb->rsize < 2048) {
50c2f753 2106 cifs_sb->rsize = 2048;
6cec2aed 2107 /* Windows ME may prefer this */
467a8f8d 2108 cFYI(1, ("readsize set to minimum: 2048"));
1da177e4 2109 }
2fe87f02
SF		 2110 /* calculate prepath */
2111 cifs_sb->prepath = volume_info.prepath;
4523cc30 2112 if (cifs_sb->prepath) {
2fe87f02 2113 cifs_sb->prepathlen = strlen(cifs_sb->prepath);
03a143c9
SF		 2114 /* we can not convert the / to \ in the path
2115 separators in the prefixpath yet because we do not
2116 know (until reset_cifs_unix_caps is called later)
2117 whether POSIX PATH CAP is available. We normalize
2118 the / to \ after reset_cifs_unix_caps is called */
2fe87f02 2119 volume_info.prepath = NULL;
50c2f753 2120 } else
2fe87f02 2121 cifs_sb->prepathlen = 0;
1da177e4
LT		 2122 cifs_sb->mnt_uid = volume_info.linux_uid;
2123 cifs_sb->mnt_gid = volume_info.linux_gid;
2124 cifs_sb->mnt_file_mode = volume_info.file_mode;
2125 cifs_sb->mnt_dir_mode = volume_info.dir_mode;
467a8f8d
SF		 2126 cFYI(1, ("file mode: 0x%x dir mode: 0x%x",
2127 cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode));
1da177e4 2128
4523cc30 2129 if (volume_info.noperm)
1da177e4 2130 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
4523cc30 2131 if (volume_info.setuids)
1da177e4 2132 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
4523cc30 2133 if (volume_info.server_ino)
1da177e4 2134 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
4523cc30 2135 if (volume_info.remap)
6a0b4824 2136 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
4523cc30 2137 if (volume_info.no_xattr)
1da177e4 2138 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
4523cc30 2139 if (volume_info.sfu_emul)
d7245c2c 2140 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
4523cc30 2141 if (volume_info.nobrl)
c46fa8ac 2142 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
4523cc30 2143 if (volume_info.cifs_acl)
0a4b92c0 2144 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
4523cc30
SF		 2145 if (volume_info.override_uid)
2146 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
2147 if (volume_info.override_gid)
2148 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
d0a9c078
JL		 2149 if (volume_info.dynperm)
2150 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DYNPERM;
4523cc30 2151 if (volume_info.direct_io) {
467a8f8d 2152 cFYI(1, ("mounting share using direct i/o"));
1da177e4
LT		 2153 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
2154 }
2155
27adb44c
SF		 2156 if ((volume_info.cifs_acl) && (volume_info.dynperm))
2157 cERROR(1, ("mount option dynperm ignored if cifsacl "
2158 "mount option supported"));
2159
1da177e4
LT		 2160 tcon =
2161 find_unc(sin_server.sin_addr.s_addr, volume_info.UNC,
2162 volume_info.username);
2163 if (tcon) {
bf820679 2164 cFYI(1, ("Found match on UNC path"));
1da177e4
LT		 2165 /* we can have only one retry value for a connection
2166 to a share so for resources mounted more than once
50c2f753 2167 to the same server share the last value passed in
1da177e4
LT		 2168 for the retry flag is used */
2169 tcon->retry = volume_info.retry;
d3485d37 2170 tcon->nocase = volume_info.nocase;
95b1cb90
SF		 2171 if (tcon->seal != volume_info.seal)
2172 cERROR(1, ("transport encryption setting "
2173 "conflicts with existing tid"));
1da177e4
LT		 2174 } else {
2175 tcon = tconInfoAlloc();
2176 if (tcon == NULL)
2177 rc = -ENOMEM;
2178 else {
50c2f753 2179 /* check for null share name ie connecting to
8af18971 2180 * dfs root */
1da177e4 2181
50c2f753 2182 /* BB check if this works for exactly length
8af18971 2183 * three strings */
1da177e4
LT		 2184 if ((strchr(volume_info.UNC + 3, '\\') == NULL)
2185 && (strchr(volume_info.UNC + 3, '/') ==
2186 NULL)) {
646dd539 2187/* rc = connect_to_dfs_path(xid, pSesInfo,
8af18971 2188 "", cifs_sb->local_nls,
50c2f753 2189 cifs_sb->mnt_cifs_flags &
646dd539
SF		 2190 CIFS_MOUNT_MAP_SPECIAL_CHR);*/
2191 cFYI(1, ("DFS root not supported"));
70fe7dc0
JL		 2192 rc = -ENODEV;
2193 goto out;
1da177e4 2194 } else {
8af18971
SF		 2195 /* BB Do we need to wrap sesSem around
2196 * this TCon call and Unix SetFS as
2197 * we do on SessSetup and reconnect? */
50c2f753 2198 rc = CIFSTCon(xid, pSesInfo,
1da177e4
LT		 2199 volume_info.UNC,
2200 tcon, cifs_sb->local_nls);
2201 cFYI(1, ("CIFS Tcon rc = %d", rc));
2202 }
2203 if (!rc) {
2204 atomic_inc(&pSesInfo->inUse);
2205 tcon->retry = volume_info.retry;
d3485d37 2206 tcon->nocase = volume_info.nocase;
95b1cb90 2207 tcon->seal = volume_info.seal;
1da177e4
LT		 2208 }
2209 }
2210 }
2211 }
4523cc30 2212 if (pSesInfo) {
1da177e4
LT		 2213 if (pSesInfo->capabilities & CAP_LARGE_FILES) {
2214 sb->s_maxbytes = (u64) 1 << 63;
2215 } else
2216 sb->s_maxbytes = (u64) 1 << 31; /* 2 GB */
2217 }
2218
8af18971 2219 /* BB FIXME fix time_gran to be larger for LANMAN sessions */
1da177e4
LT		 2220 sb->s_time_gran = 100;
2221
2222/* on error free sesinfo and tcon struct if needed */
2223 if (rc) {
2224 /* if session setup failed, use count is zero but
2225 we still need to free cifsd thread */
4523cc30 2226 if (atomic_read(&srvTcp->socketUseCount) == 0) {
1da177e4
LT		 2227 spin_lock(&GlobalMid_Lock);
2228 srvTcp->tcpStatus = CifsExiting;
2229 spin_unlock(&GlobalMid_Lock);
4523cc30 2230 if (srvTcp->tsk) {
28356a16
SF		 2231 /* If we could verify that kthread_stop would
2232 always wake up processes blocked in
2233 tcp in recv_mesg then we could remove the
2234 send_sig call */
50c2f753 2235 force_sig(SIGKILL, srvTcp->tsk);
e691b9d1 2236 kthread_stop(srvTcp->tsk);
f191401f 2237 }
1da177e4
LT		 2238 }
2239 /* If find_unc succeeded then rc == 0 so we can not end */
2240 if (tcon) /* up accidently freeing someone elses tcon struct */
2241 tconInfoFree(tcon);
2242 if (existingCifsSes == NULL) {
2243 if (pSesInfo) {
50c2f753 2244 if ((pSesInfo->server) &&
1da177e4
LT		 2245 (pSesInfo->status == CifsGood)) {
2246 int temp_rc;
2247 temp_rc = CIFSSMBLogoff(xid, pSesInfo);
2248 /* if the socketUseCount is now zero */
4523cc30 2249 if ((temp_rc == -ESHUTDOWN) &&
50c2f753 2250 (pSesInfo->server) &&
5d9c7206 2251 (pSesInfo->server->tsk)) {
5d9c7206
JL		 2252 force_sig(SIGKILL,
2253 pSesInfo->server->tsk);
e691b9d1 2254 kthread_stop(pSesInfo->server->tsk);
f191401f 2255 }
a013689d 2256 } else {
1da177e4 2257 cFYI(1, ("No session or bad tcon"));
a013689d
SF		 2258 if ((pSesInfo->server) &&
2259 (pSesInfo->server->tsk)) {
a013689d
SF		 2260 force_sig(SIGKILL,
2261 pSesInfo->server->tsk);
e691b9d1 2262 kthread_stop(pSesInfo->server->tsk);
a013689d
SF		 2263 }
2264 }
1da177e4
LT		 2265 sesInfoFree(pSesInfo);
2266 /* pSesInfo = NULL; */
2267 }
2268 }
2269 } else {
2270 atomic_inc(&tcon->useCount);
2271 cifs_sb->tcon = tcon;
2272 tcon->ses = pSesInfo;
2273
82940a46 2274 /* do not care if following two calls succeed - informational */
7f8ed420
SF		 2275 if (!tcon->ipc) {
2276 CIFSSMBQFSDeviceInfo(xid, tcon);
2277 CIFSSMBQFSAttributeInfo(xid, tcon);
2278 }
50c2f753 2279
8af18971
SF		 2280 /* tell server which Unix caps we support */
2281 if (tcon->ses->capabilities & CAP_UNIX)
c18c842b
SF		 2282 /* reset of caps checks mount to see if unix extensions
2283 disabled for just this mount */
8af18971 2284 reset_cifs_unix_caps(xid, tcon, sb, &volume_info);
c18c842b
SF		 2285 else
2286 tcon->unix_ext = 0; /* server does not support them */
2287
03a143c9 2288 /* convert forward to back slashes in prepath here if needed */
11b6d645
IM		 2289 if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0)
2290 convert_delimiter(cifs_sb->prepath,
2291 CIFS_DIR_SEP(cifs_sb));
03a143c9 2292
c18c842b 2293 if ((tcon->unix_ext == 0) && (cifs_sb->rsize > (1024 * 127))) {
75865f8c 2294 cifs_sb->rsize = 1024 * 127;
90c81e0b
SF		 2295 cFYI(DBG2,
2296 ("no very large read support, rsize now 127K"));
75865f8c 2297 }
3e84469d
SF		 2298 if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
2299 cifs_sb->wsize = min(cifs_sb->wsize,
2300 (tcon->ses->server->maxBuf -
2301 MAX_CIFS_HDR_SIZE));
0ae0efad 2302 if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
50c2f753
SF		 2303 cifs_sb->rsize = min(cifs_sb->rsize,
2304 (tcon->ses->server->maxBuf -
2305 MAX_CIFS_HDR_SIZE));
1da177e4
LT		 2306 }
2307
2308 /* volume_info.password is freed above when existing session found
2309 (in which case it is not needed anymore) but when new sesion is created
2310 the password ptr is put in the new session structure (in which case the
2311 password will be freed at unmount time) */
70fe7dc0
JL		 2312out:
2313 /* zero out password before freeing */
2314 if (volume_info.password != NULL) {
2315 memset(volume_info.password, 0, strlen(volume_info.password));
2316 kfree(volume_info.password);
2317 }
f99d49ad 2318 kfree(volume_info.UNC);
2fe87f02 2319 kfree(volume_info.prepath);
1da177e4
LT		 2320 FreeXid(xid);
2321 return rc;
2322}
2323
2324static int
2325CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
7c7b25bc 2326 char session_key[CIFS_SESS_KEY_SIZE],
1da177e4
LT		 2327 const struct nls_table *nls_codepage)
2328{
2329 struct smb_hdr *smb_buffer;
2330 struct smb_hdr *smb_buffer_response;
2331 SESSION_SETUP_ANDX *pSMB;
2332 SESSION_SETUP_ANDX *pSMBr;
2333 char *bcc_ptr;
2334 char *user;
2335 char *domain;
2336 int rc = 0;
2337 int remaining_words = 0;
2338 int bytes_returned = 0;
2339 int len;
2340 __u32 capabilities;
2341 __u16 count;
2342
eeac8047 2343 cFYI(1, ("In sesssetup"));
4523cc30 2344 if (ses == NULL)
1da177e4
LT		 2345 return -EINVAL;
2346 user = ses->userName;
2347 domain = ses->domainName;
2348 smb_buffer = cifs_buf_get();
582d21e5
SF		 2349
2350 if (smb_buffer == NULL)
1da177e4 2351 return -ENOMEM;
582d21e5 2352
1da177e4
LT		 2353 smb_buffer_response = smb_buffer;
2354 pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2355
2356 /* send SMBsessionSetup here */
2357 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2358 NULL /* no tCon exists yet */ , 13 /* wct */ );
2359
1982c344 2360 smb_buffer->Mid = GetNextMid(ses->server);
1da177e4
LT		 2361 pSMB->req_no_secext.AndXCommand = 0xFF;
2362 pSMB->req_no_secext.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2363 pSMB->req_no_secext.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2364
50c2f753
SF		 2365 if (ses->server->secMode &
2366 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
1da177e4
LT		 2367 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2368
2369 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2370 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
2371 if (ses->capabilities & CAP_UNICODE) {
2372 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2373 capabilities |= CAP_UNICODE;
2374 }
2375 if (ses->capabilities & CAP_STATUS32) {
2376 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2377 capabilities |= CAP_STATUS32;
2378 }
2379 if (ses->capabilities & CAP_DFS) {
2380 smb_buffer->Flags2 |= SMBFLG2_DFS;
2381 capabilities |= CAP_DFS;
2382 }
2383 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
2384
50c2f753 2385 pSMB->req_no_secext.CaseInsensitivePasswordLength =
7c7b25bc 2386 cpu_to_le16(CIFS_SESS_KEY_SIZE);
1da177e4
LT		 2387
2388 pSMB->req_no_secext.CaseSensitivePasswordLength =
7c7b25bc 2389 cpu_to_le16(CIFS_SESS_KEY_SIZE);
1da177e4 2390 bcc_ptr = pByteArea(smb_buffer);
7c7b25bc
SF		 2391 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2392 bcc_ptr += CIFS_SESS_KEY_SIZE;
2393 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2394 bcc_ptr += CIFS_SESS_KEY_SIZE;
1da177e4
LT		 2395
2396 if (ses->capabilities & CAP_UNICODE) {
2397 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode */
2398 *bcc_ptr = 0;
2399 bcc_ptr++;
2400 }
4523cc30 2401 if (user == NULL)
3979877e 2402 bytes_returned = 0; /* skip null user */
50c2f753 2403 else
1da177e4 2404 bytes_returned =
50c2f753 2405 cifs_strtoUCS((__le16 *) bcc_ptr, user, 100,
1da177e4
LT		 2406 nls_codepage);
2407 /* convert number of 16 bit words to bytes */
2408 bcc_ptr += 2 * bytes_returned;
2409 bcc_ptr += 2; /* trailing null */
2410 if (domain == NULL)
2411 bytes_returned =
e89dc920 2412 cifs_strtoUCS((__le16 *) bcc_ptr,
1da177e4
LT		 2413 "CIFS_LINUX_DOM", 32, nls_codepage);
2414 else
2415 bytes_returned =
e89dc920 2416 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
1da177e4
LT		 2417 nls_codepage);
2418 bcc_ptr += 2 * bytes_returned;
2419 bcc_ptr += 2;
2420 bytes_returned =
e89dc920 2421 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
1da177e4
LT		 2422 32, nls_codepage);
2423 bcc_ptr += 2 * bytes_returned;
2424 bytes_returned =
e9ff3990 2425 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release,
1da177e4
LT		 2426 32, nls_codepage);
2427 bcc_ptr += 2 * bytes_returned;
2428 bcc_ptr += 2;
2429 bytes_returned =
e89dc920 2430 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
1da177e4
LT		 2431 64, nls_codepage);
2432 bcc_ptr += 2 * bytes_returned;
2433 bcc_ptr += 2;
2434 } else {
50c2f753 2435 if (user != NULL) {
1da177e4
LT		 2436 strncpy(bcc_ptr, user, 200);
2437 bcc_ptr += strnlen(user, 200);
2438 }
2439 *bcc_ptr = 0;
2440 bcc_ptr++;
2441 if (domain == NULL) {
2442 strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2443 bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2444 } else {
2445 strncpy(bcc_ptr, domain, 64);
2446 bcc_ptr += strnlen(domain, 64);
2447 *bcc_ptr = 0;
2448 bcc_ptr++;
2449 }
2450 strcpy(bcc_ptr, "Linux version ");
2451 bcc_ptr += strlen("Linux version ");
e9ff3990
SH		 2452 strcpy(bcc_ptr, utsname()->release);
2453 bcc_ptr += strlen(utsname()->release) + 1;
1da177e4
LT		 2454 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2455 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2456 }
2457 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2458 smb_buffer->smb_buf_length += count;
2459 pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
2460
2461 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
133672ef 2462 &bytes_returned, CIFS_LONG_OP);
1da177e4
LT		 2463 if (rc) {
2464/* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2465 } else if ((smb_buffer_response->WordCount == 3)
2466 || (smb_buffer_response->WordCount == 4)) {
2467 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2468 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2469 if (action & GUEST_LOGIN)
50c2f753
SF		 2470 cFYI(1, (" Guest login")); /* BB mark SesInfo struct? */
2471 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format
2472 (little endian) */
1da177e4 2473 cFYI(1, ("UID = %d ", ses->Suid));
50c2f753
SF		 2474 /* response can have either 3 or 4 word count - Samba sends 3 */
2475 bcc_ptr = pByteArea(smb_buffer_response);
1da177e4
LT		 2476 if ((pSMBr->resp.hdr.WordCount == 3)
2477 || ((pSMBr->resp.hdr.WordCount == 4)
2478 && (blob_len < pSMBr->resp.ByteCount))) {
2479 if (pSMBr->resp.hdr.WordCount == 4)
2480 bcc_ptr += blob_len;
2481
2482 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2483 if ((long) (bcc_ptr) % 2) {
2484 remaining_words =
50c2f753
SF		 2485 (BCC(smb_buffer_response) - 1) / 2;
2486 /* Unicode strings must be word
2487 aligned */
2488 bcc_ptr++;
1da177e4
LT		 2489 } else {
2490 remaining_words =
2491 BCC(smb_buffer_response) / 2;
2492 }
2493 len =
2494 UniStrnlen((wchar_t *) bcc_ptr,
2495 remaining_words - 1);
2496/* We look for obvious messed up bcc or strings in response so we do not go off
2497 the end since (at least) WIN2K and Windows XP have a major bug in not null
2498 terminating last Unicode string in response */
fb8c4b14 2499 if (ses->serverOS)
a424f8bf 2500 kfree(ses->serverOS);
50c2f753
SF		 2501 ses->serverOS = kzalloc(2 * (len + 1),
2502 GFP_KERNEL);
fb8c4b14 2503 if (ses->serverOS == NULL)
433dc24f 2504 goto sesssetup_nomem;
1da177e4 2505 cifs_strfromUCS_le(ses->serverOS,
50c2f753
SF		 2506 (__le16 *)bcc_ptr,
2507 len, nls_codepage);
1da177e4
LT		 2508 bcc_ptr += 2 * (len + 1);
2509 remaining_words -= len + 1;
2510 ses->serverOS[2 * len] = 0;
2511 ses->serverOS[1 + (2 * len)] = 0;
2512 if (remaining_words > 0) {
2513 len = UniStrnlen((wchar_t *)bcc_ptr,
2514 remaining_words-1);
cd49b492 2515 kfree(ses->serverNOS);
50c2f753
SF		 2516 ses->serverNOS = kzalloc(2 * (len + 1),
2517 GFP_KERNEL);
fb8c4b14 2518 if (ses->serverNOS == NULL)
433dc24f 2519 goto sesssetup_nomem;
1da177e4 2520 cifs_strfromUCS_le(ses->serverNOS,
50c2f753
SF		 2521 (__le16 *)bcc_ptr,
2522 len, nls_codepage);
1da177e4
LT		 2523 bcc_ptr += 2 * (len + 1);
2524 ses->serverNOS[2 * len] = 0;
2525 ses->serverNOS[1 + (2 * len)] = 0;
fb8c4b14 2526 if (strncmp(ses->serverNOS,
50c2f753 2527 "NT LAN Manager 4", 16) == 0) {
467a8f8d 2528 cFYI(1, ("NT4 server"));
1da177e4
LT		 2529 ses->flags |= CIFS_SES_NT4;
2530 }
2531 remaining_words -= len + 1;
2532 if (remaining_words > 0) {
433dc24f 2533 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
50c2f753
SF		 2534 /* last string is not always null terminated
2535 (for e.g. for Windows XP & 2000) */
fb8c4b14 2536 if (ses->serverDomain)
a424f8bf 2537 kfree(ses->serverDomain);
1da177e4 2538 ses->serverDomain =
50c2f753
SF		 2539 kzalloc(2*(len+1),
2540 GFP_KERNEL);
fb8c4b14 2541 if (ses->serverDomain == NULL)
433dc24f 2542 goto sesssetup_nomem;
1da177e4 2543 cifs_strfromUCS_le(ses->serverDomain,
50c2f753
SF		 2544 (__le16 *)bcc_ptr,
2545 len, nls_codepage);
1da177e4
LT		 2546 bcc_ptr += 2 * (len + 1);
2547 ses->serverDomain[2*len] = 0;
2548 ses->serverDomain[1+(2*len)] = 0;
50c2f753
SF		 2549 } else { /* else no more room so create
2550 dummy domain string */
fb8c4b14 2551 if (ses->serverDomain)
a424f8bf 2552 kfree(ses->serverDomain);
50c2f753 2553 ses->serverDomain =
e915fc49 2554 kzalloc(2, GFP_KERNEL);
a424f8bf 2555 }
50c2f753
SF		 2556 } else { /* no room so create dummy domain
2557 and NOS string */
2558
433dc24f
SF		 2559 /* if these kcallocs fail not much we
2560 can do, but better to not fail the
2561 sesssetup itself */
cd49b492 2562 kfree(ses->serverDomain);
1da177e4 2563 ses->serverDomain =
e915fc49 2564 kzalloc(2, GFP_KERNEL);
cd49b492 2565 kfree(ses->serverNOS);
1da177e4 2566 ses->serverNOS =
e915fc49 2567 kzalloc(2, GFP_KERNEL);
1da177e4
LT		 2568 }
2569 } else { /* ASCII */
2570 len = strnlen(bcc_ptr, 1024);
2571 if (((long) bcc_ptr + len) - (long)
2572 pByteArea(smb_buffer_response)
2573 <= BCC(smb_buffer_response)) {
cd49b492 2574 kfree(ses->serverOS);
50c2f753
SF		 2575 ses->serverOS = kzalloc(len + 1,
2576 GFP_KERNEL);
fb8c4b14 2577 if (ses->serverOS == NULL)
433dc24f 2578 goto sesssetup_nomem;
50c2f753 2579 strncpy(ses->serverOS, bcc_ptr, len);
1da177e4
LT		 2580
2581 bcc_ptr += len;
50c2f753
SF		 2582 /* null terminate the string */
2583 bcc_ptr[0] = 0;
1da177e4
LT		 2584 bcc_ptr++;
2585
2586 len = strnlen(bcc_ptr, 1024);
cd49b492 2587 kfree(ses->serverNOS);
50c2f753
SF		 2588 ses->serverNOS = kzalloc(len + 1,
2589 GFP_KERNEL);
fb8c4b14 2590 if (ses->serverNOS == NULL)
433dc24f 2591 goto sesssetup_nomem;
1da177e4
LT		 2592 strncpy(ses->serverNOS, bcc_ptr, len);
2593 bcc_ptr += len;
2594 bcc_ptr[0] = 0;
2595 bcc_ptr++;
2596
2597 len = strnlen(bcc_ptr, 1024);
fb8c4b14 2598 if (ses->serverDomain)
a424f8bf 2599 kfree(ses->serverDomain);
50c2f753
SF		 2600 ses->serverDomain = kzalloc(len + 1,
2601 GFP_KERNEL);
fb8c4b14 2602 if (ses->serverDomain == NULL)
433dc24f 2603 goto sesssetup_nomem;
50c2f753
SF		 2604 strncpy(ses->serverDomain, bcc_ptr,
2605 len);
1da177e4
LT		 2606 bcc_ptr += len;
2607 bcc_ptr[0] = 0;
2608 bcc_ptr++;
2609 } else
2610 cFYI(1,
50c2f753
SF		 2611 ("Variable field of length %d "
2612 "extends beyond end of smb ",
1da177e4
LT		 2613 len));
2614 }
2615 } else {
2616 cERROR(1,
50c2f753
SF		 2617 (" Security Blob Length extends beyond "
2618 "end of SMB"));
1da177e4
LT		 2619 }
2620 } else {
2621 cERROR(1,
2622 (" Invalid Word count %d: ",
2623 smb_buffer_response->WordCount));
2624 rc = -EIO;
2625 }
433dc24f
SF		 2626sesssetup_nomem: /* do not return an error on nomem for the info strings,
2627 since that could make reconnection harder, and
2628 reconnection might be needed to free memory */
a8a11d39 2629 cifs_buf_release(smb_buffer);
1da177e4
LT		 2630
2631 return rc;
2632}
2633
1da177e4
LT		 2634static int
2635CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
4b18f2a9 2636 struct cifsSesInfo *ses, bool *pNTLMv2_flag,
1da177e4
LT		 2637 const struct nls_table *nls_codepage)
2638{
2639 struct smb_hdr *smb_buffer;
2640 struct smb_hdr *smb_buffer_response;
2641 SESSION_SETUP_ANDX *pSMB;
2642 SESSION_SETUP_ANDX *pSMBr;
2643 char *bcc_ptr;
2644 char *domain;
2645 int rc = 0;
2646 int remaining_words = 0;
2647 int bytes_returned = 0;
2648 int len;
6345a3a8 2649 int SecurityBlobLength = sizeof(NEGOTIATE_MESSAGE);
1da177e4
LT		 2650 PNEGOTIATE_MESSAGE SecurityBlob;
2651 PCHALLENGE_MESSAGE SecurityBlob2;
2652 __u32 negotiate_flags, capabilities;
2653 __u16 count;
2654
12b3b8ff 2655 cFYI(1, ("In NTLMSSP sesssetup (negotiate)"));
fb8c4b14 2656 if (ses == NULL)
1da177e4
LT		 2657 return -EINVAL;
2658 domain = ses->domainName;
4b18f2a9 2659 *pNTLMv2_flag = false;
1da177e4
LT		 2660 smb_buffer = cifs_buf_get();
2661 if (smb_buffer == NULL) {
2662 return -ENOMEM;
2663 }
2664 smb_buffer_response = smb_buffer;
2665 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2666 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2667
2668 /* send SMBsessionSetup here */
2669 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2670 NULL /* no tCon exists yet */ , 12 /* wct */ );
1982c344
SF		 2671
2672 smb_buffer->Mid = GetNextMid(ses->server);
1da177e4
LT		 2673 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2674 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2675
2676 pSMB->req.AndXCommand = 0xFF;
2677 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2678 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2679
fb8c4b14 2680 if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
1da177e4
LT		 2681 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2682
2683 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2684 CAP_EXTENDED_SECURITY;
2685 if (ses->capabilities & CAP_UNICODE) {
2686 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2687 capabilities |= CAP_UNICODE;
2688 }
2689 if (ses->capabilities & CAP_STATUS32) {
2690 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2691 capabilities |= CAP_STATUS32;
2692 }
2693 if (ses->capabilities & CAP_DFS) {
2694 smb_buffer->Flags2 |= SMBFLG2_DFS;
2695 capabilities |= CAP_DFS;
2696 }
2697 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2698
2699 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2700 SecurityBlob = (PNEGOTIATE_MESSAGE) bcc_ptr;
2701 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2702 SecurityBlob->MessageType = NtLmNegotiate;
2703 negotiate_flags =
2704 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
12b3b8ff
SF		 2705 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM |
2706 NTLMSSP_NEGOTIATE_56 |
1da177e4 2707 /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
fb8c4b14 2708 if (sign_CIFS_PDUs)
1da177e4 2709 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
fb8c4b14 2710/* if (ntlmv2_support)
3979877e 2711 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;*/
1da177e4
LT		 2712 /* setup pointers to domain name and workstation name */
2713 bcc_ptr += SecurityBlobLength;
2714
2715 SecurityBlob->WorkstationName.Buffer = 0;
2716 SecurityBlob->WorkstationName.Length = 0;
2717 SecurityBlob->WorkstationName.MaximumLength = 0;
2718
12b3b8ff
SF		 2719 /* Domain not sent on first Sesssetup in NTLMSSP, instead it is sent
2720 along with username on auth request (ie the response to challenge) */
2721 SecurityBlob->DomainName.Buffer = 0;
2722 SecurityBlob->DomainName.Length = 0;
2723 SecurityBlob->DomainName.MaximumLength = 0;
1da177e4
LT		 2724 if (ses->capabilities & CAP_UNICODE) {
2725 if ((long) bcc_ptr % 2) {
2726 *bcc_ptr = 0;
2727 bcc_ptr++;
2728 }
2729
2730 bytes_returned =
e89dc920 2731 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
1da177e4
LT		 2732 32, nls_codepage);
2733 bcc_ptr += 2 * bytes_returned;
2734 bytes_returned =
e9ff3990 2735 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
1da177e4
LT		 2736 nls_codepage);
2737 bcc_ptr += 2 * bytes_returned;
2738 bcc_ptr += 2; /* null terminate Linux version */
2739 bytes_returned =
e89dc920 2740 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
1da177e4
LT		 2741 64, nls_codepage);
2742 bcc_ptr += 2 * bytes_returned;
2743 *(bcc_ptr + 1) = 0;
2744 *(bcc_ptr + 2) = 0;
2745 bcc_ptr += 2; /* null terminate network opsys string */
2746 *(bcc_ptr + 1) = 0;
2747 *(bcc_ptr + 2) = 0;
2748 bcc_ptr += 2; /* null domain */
2749 } else { /* ASCII */
2750 strcpy(bcc_ptr, "Linux version ");
2751 bcc_ptr += strlen("Linux version ");
e9ff3990
SH		 2752 strcpy(bcc_ptr, utsname()->release);
2753 bcc_ptr += strlen(utsname()->release) + 1;
1da177e4
LT		 2754 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2755 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2756 bcc_ptr++; /* empty domain field */
2757 *bcc_ptr = 0;
2758 }
2759 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2760 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2761 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2762 smb_buffer->smb_buf_length += count;
2763 pSMB->req.ByteCount = cpu_to_le16(count);
2764
2765 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
133672ef 2766 &bytes_returned, CIFS_LONG_OP);
1da177e4
LT		 2767
2768 if (smb_buffer_response->Status.CifsError ==
2769 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
2770 rc = 0;
2771
2772 if (rc) {
2773/* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2774 } else if ((smb_buffer_response->WordCount == 3)
2775 || (smb_buffer_response->WordCount == 4)) {
2776 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2777 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2778
2779 if (action & GUEST_LOGIN)
50c2f753
SF		 2780 cFYI(1, (" Guest login"));
2781 /* Do we want to set anything in SesInfo struct when guest login? */
1da177e4 2782
50c2f753
SF		 2783 bcc_ptr = pByteArea(smb_buffer_response);
2784 /* response can have either 3 or 4 word count - Samba sends 3 */
1da177e4
LT		 2785
2786 SecurityBlob2 = (PCHALLENGE_MESSAGE) bcc_ptr;
2787 if (SecurityBlob2->MessageType != NtLmChallenge) {
2788 cFYI(1,
2789 ("Unexpected NTLMSSP message type received %d",
2790 SecurityBlob2->MessageType));
2791 } else if (ses) {
50c2f753 2792 ses->Suid = smb_buffer_response->Uid; /* UID left in le format */
12b3b8ff 2793 cFYI(1, ("UID = %d", ses->Suid));
1da177e4
LT		 2794 if ((pSMBr->resp.hdr.WordCount == 3)
2795 || ((pSMBr->resp.hdr.WordCount == 4)
2796 && (blob_len <
2797 pSMBr->resp.ByteCount))) {
2798
2799 if (pSMBr->resp.hdr.WordCount == 4) {
2800 bcc_ptr += blob_len;
12b3b8ff 2801 cFYI(1, ("Security Blob Length %d",
1da177e4
LT		 2802 blob_len));
2803 }
2804
12b3b8ff 2805 cFYI(1, ("NTLMSSP Challenge rcvd"));
1da177e4
LT		 2806
2807 memcpy(ses->server->cryptKey,
2808 SecurityBlob2->Challenge,
2809 CIFS_CRYPTO_KEY_SIZE);
50c2f753 2810 if (SecurityBlob2->NegotiateFlags &
12b3b8ff 2811 cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
4b18f2a9 2812 *pNTLMv2_flag = true;
1da177e4 2813
50c2f753
SF		 2814 if ((SecurityBlob2->NegotiateFlags &
2815 cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN))
1da177e4 2816 || (sign_CIFS_PDUs > 1))
50c2f753
SF		 2817 ses->server->secMode |=
2818 SECMODE_SIGN_REQUIRED;
2819 if ((SecurityBlob2->NegotiateFlags &
1da177e4 2820 cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN)) && (sign_CIFS_PDUs))
50c2f753 2821 ses->server->secMode |=
1da177e4
LT		 2822 SECMODE_SIGN_ENABLED;
2823
2824 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2825 if ((long) (bcc_ptr) % 2) {
2826 remaining_words =
2827 (BCC(smb_buffer_response)
2828 - 1) / 2;
50c2f753
SF		 2829 /* Must word align unicode strings */
2830 bcc_ptr++;
1da177e4
LT		 2831 } else {
2832 remaining_words =
2833 BCC
2834 (smb_buffer_response) / 2;
2835 }
2836 len =
2837 UniStrnlen((wchar_t *) bcc_ptr,
2838 remaining_words - 1);
2839/* We look for obvious messed up bcc or strings in response so we do not go off
2840 the end since (at least) WIN2K and Windows XP have a major bug in not null
2841 terminating last Unicode string in response */
fb8c4b14 2842 if (ses->serverOS)
a424f8bf 2843 kfree(ses->serverOS);
1da177e4 2844 ses->serverOS =
e915fc49 2845 kzalloc(2 * (len + 1), GFP_KERNEL);
1da177e4 2846 cifs_strfromUCS_le(ses->serverOS,
e89dc920 2847 (__le16 *)
1da177e4
LT		 2848 bcc_ptr, len,
2849 nls_codepage);
2850 bcc_ptr += 2 * (len + 1);
2851 remaining_words -= len + 1;
2852 ses->serverOS[2 * len] = 0;
2853 ses->serverOS[1 + (2 * len)] = 0;
2854 if (remaining_words > 0) {
2855 len = UniStrnlen((wchar_t *)
2856 bcc_ptr,
2857 remaining_words
2858 - 1);
cd49b492 2859 kfree(ses->serverNOS);
1da177e4 2860 ses->serverNOS =
e915fc49 2861 kzalloc(2 * (len + 1),
1da177e4
LT		 2862 GFP_KERNEL);
2863 cifs_strfromUCS_le(ses->
2864 serverNOS,
e89dc920 2865 (__le16 *)
1da177e4
LT		 2866 bcc_ptr,
2867 len,
2868 nls_codepage);
2869 bcc_ptr += 2 * (len + 1);
2870 ses->serverNOS[2 * len] = 0;
2871 ses->serverNOS[1 +
2872 (2 * len)] = 0;
2873 remaining_words -= len + 1;
2874 if (remaining_words > 0) {
50c2f753
SF		 2875 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2876 /* last string not always null terminated
2877 (for e.g. for Windows XP & 2000) */
cd49b492 2878 kfree(ses->serverDomain);
1da177e4 2879 ses->serverDomain =
e915fc49 2880 kzalloc(2 *
1da177e4
LT		 2881 (len +
2882 1),
2883 GFP_KERNEL);
2884 cifs_strfromUCS_le
e89dc920
SF		 2885 (ses->serverDomain,
2886 (__le16 *)bcc_ptr,
2887 len, nls_codepage);
1da177e4
LT		 2888 bcc_ptr +=
2889 2 * (len + 1);
e89dc920 2890 ses->serverDomain[2*len]
1da177e4 2891 = 0;
e89dc920
SF		 2892 ses->serverDomain
2893 [1 + (2 * len)]
1da177e4
LT		 2894 = 0;
2895 } /* else no more room so create dummy domain string */
a424f8bf 2896 else {
cd49b492 2897 kfree(ses->serverDomain);
1da177e4 2898 ses->serverDomain =
e915fc49 2899 kzalloc(2,
1da177e4 2900 GFP_KERNEL);
a424f8bf 2901 }
1da177e4 2902 } else { /* no room so create dummy domain and NOS string */
cd49b492 2903 kfree(ses->serverDomain);
1da177e4 2904 ses->serverDomain =
e915fc49 2905 kzalloc(2, GFP_KERNEL);
cd49b492 2906 kfree(ses->serverNOS);
1da177e4 2907 ses->serverNOS =
e915fc49 2908 kzalloc(2, GFP_KERNEL);
1da177e4
LT		 2909 }
2910 } else { /* ASCII */
2911 len = strnlen(bcc_ptr, 1024);
2912 if (((long) bcc_ptr + len) - (long)
2913 pByteArea(smb_buffer_response)
2914 <= BCC(smb_buffer_response)) {
fb8c4b14 2915 if (ses->serverOS)
a424f8bf 2916 kfree(ses->serverOS);
1da177e4 2917 ses->serverOS =
e915fc49 2918 kzalloc(len + 1,
1da177e4
LT		 2919 GFP_KERNEL);
2920 strncpy(ses->serverOS,
2921 bcc_ptr, len);
2922
2923 bcc_ptr += len;
2924 bcc_ptr[0] = 0; /* null terminate string */
2925 bcc_ptr++;
2926
2927 len = strnlen(bcc_ptr, 1024);
cd49b492 2928 kfree(ses->serverNOS);
1da177e4 2929 ses->serverNOS =
e915fc49 2930 kzalloc(len + 1,
1da177e4
LT		 2931 GFP_KERNEL);
2932 strncpy(ses->serverNOS, bcc_ptr, len);
2933 bcc_ptr += len;
2934 bcc_ptr[0] = 0;
2935 bcc_ptr++;
2936
2937 len = strnlen(bcc_ptr, 1024);
cd49b492 2938 kfree(ses->serverDomain);
1da177e4 2939 ses->serverDomain =
e915fc49 2940 kzalloc(len + 1,
1da177e4 2941 GFP_KERNEL);
50c2f753
SF		 2942 strncpy(ses->serverDomain,
2943 bcc_ptr, len);
1da177e4
LT		 2944 bcc_ptr += len;
2945 bcc_ptr[0] = 0;
2946 bcc_ptr++;
2947 } else
2948 cFYI(1,
63135e08
SF		 2949 ("field of length %d "
2950 "extends beyond end of smb",
1da177e4
LT		 2951 len));
2952 }
2953 } else {
50c2f753
SF		 2954 cERROR(1, ("Security Blob Length extends beyond"
2955 " end of SMB"));
1da177e4
LT		 2956 }
2957 } else {
2958 cERROR(1, ("No session structure passed in."));
2959 }
2960 } else {
2961 cERROR(1,
5815449d 2962 (" Invalid Word count %d:",
1da177e4
LT		 2963 smb_buffer_response->WordCount));
2964 rc = -EIO;
2965 }
2966
a8a11d39 2967 cifs_buf_release(smb_buffer);
1da177e4
LT		 2968
2969 return rc;
2970}
2971static int
2972CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
4b18f2a9 2973 char *ntlm_session_key, bool ntlmv2_flag,
6345a3a8 2974 const struct nls_table *nls_codepage)
1da177e4
LT		 2975{
2976 struct smb_hdr *smb_buffer;
2977 struct smb_hdr *smb_buffer_response;
2978 SESSION_SETUP_ANDX *pSMB;
2979 SESSION_SETUP_ANDX *pSMBr;
2980 char *bcc_ptr;
2981 char *user;
2982 char *domain;
2983 int rc = 0;
2984 int remaining_words = 0;
2985 int bytes_returned = 0;
2986 int len;
6345a3a8 2987 int SecurityBlobLength = sizeof(AUTHENTICATE_MESSAGE);
1da177e4
LT		 2988 PAUTHENTICATE_MESSAGE SecurityBlob;
2989 __u32 negotiate_flags, capabilities;
2990 __u16 count;
2991
2992 cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
fb8c4b14 2993 if (ses == NULL)
1da177e4
LT		 2994 return -EINVAL;
2995 user = ses->userName;
2996 domain = ses->domainName;
2997 smb_buffer = cifs_buf_get();
2998 if (smb_buffer == NULL) {
2999 return -ENOMEM;
3000 }
3001 smb_buffer_response = smb_buffer;
6345a3a8
CG		 3002 pSMB = (SESSION_SETUP_ANDX *)smb_buffer;
3003 pSMBr = (SESSION_SETUP_ANDX *)smb_buffer_response;
1da177e4
LT		 3004
3005 /* send SMBsessionSetup here */
3006 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
3007 NULL /* no tCon exists yet */ , 12 /* wct */ );
1982c344
SF		 3008
3009 smb_buffer->Mid = GetNextMid(ses->server);
1da177e4
LT		 3010 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
3011 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
3012 pSMB->req.AndXCommand = 0xFF;
3013 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
3014 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
3015
3016 pSMB->req.hdr.Uid = ses->Suid;
3017
fb8c4b14 3018 if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
1da177e4
LT		 3019 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3020
3021 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
6345a3a8 3022 CAP_EXTENDED_SECURITY;
1da177e4
LT		 3023 if (ses->capabilities & CAP_UNICODE) {
3024 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3025 capabilities |= CAP_UNICODE;
3026 }
3027 if (ses->capabilities & CAP_STATUS32) {
3028 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3029 capabilities |= CAP_STATUS32;
3030 }
3031 if (ses->capabilities & CAP_DFS) {
3032 smb_buffer->Flags2 |= SMBFLG2_DFS;
3033 capabilities |= CAP_DFS;
3034 }
3035 pSMB->req.Capabilities = cpu_to_le32(capabilities);
3036
6345a3a8
CG		 3037 bcc_ptr = (char *)&pSMB->req.SecurityBlob;
3038 SecurityBlob = (PAUTHENTICATE_MESSAGE)bcc_ptr;
1da177e4
LT		 3039 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
3040 SecurityBlob->MessageType = NtLmAuthenticate;
3041 bcc_ptr += SecurityBlobLength;
6345a3a8
CG		 3042 negotiate_flags = NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
3043 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
3044 0x80000000 | NTLMSSP_NEGOTIATE_128;
fb8c4b14 3045 if (sign_CIFS_PDUs)
1da177e4 3046 negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
fb8c4b14 3047 if (ntlmv2_flag)
1da177e4
LT		 3048 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
3049
3050/* setup pointers to domain name and workstation name */
3051
3052 SecurityBlob->WorkstationName.Buffer = 0;
3053 SecurityBlob->WorkstationName.Length = 0;
3054 SecurityBlob->WorkstationName.MaximumLength = 0;
3055 SecurityBlob->SessionKey.Length = 0;
3056 SecurityBlob->SessionKey.MaximumLength = 0;
3057 SecurityBlob->SessionKey.Buffer = 0;
3058
3059 SecurityBlob->LmChallengeResponse.Length = 0;
3060 SecurityBlob->LmChallengeResponse.MaximumLength = 0;
3061 SecurityBlob->LmChallengeResponse.Buffer = 0;
3062
3063 SecurityBlob->NtChallengeResponse.Length =
7c7b25bc 3064 cpu_to_le16(CIFS_SESS_KEY_SIZE);
1da177e4 3065 SecurityBlob->NtChallengeResponse.MaximumLength =
7c7b25bc
SF		 3066 cpu_to_le16(CIFS_SESS_KEY_SIZE);
3067 memcpy(bcc_ptr, ntlm_session_key, CIFS_SESS_KEY_SIZE);
1da177e4
LT		 3068 SecurityBlob->NtChallengeResponse.Buffer =
3069 cpu_to_le32(SecurityBlobLength);
7c7b25bc
SF		 3070 SecurityBlobLength += CIFS_SESS_KEY_SIZE;
3071 bcc_ptr += CIFS_SESS_KEY_SIZE;
1da177e4
LT		 3072
3073 if (ses->capabilities & CAP_UNICODE) {
3074 if (domain == NULL) {
3075 SecurityBlob->DomainName.Buffer = 0;
3076 SecurityBlob->DomainName.Length = 0;
3077 SecurityBlob->DomainName.MaximumLength = 0;
3078 } else {
77159b4d 3079 __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
1da177e4 3080 nls_codepage);
77159b4d 3081 ln *= 2;
1da177e4 3082 SecurityBlob->DomainName.MaximumLength =
77159b4d 3083 cpu_to_le16(ln);
1da177e4
LT		 3084 SecurityBlob->DomainName.Buffer =
3085 cpu_to_le32(SecurityBlobLength);
77159b4d
SF		 3086 bcc_ptr += ln;
3087 SecurityBlobLength += ln;
3088 SecurityBlob->DomainName.Length = cpu_to_le16(ln);
1da177e4
LT		 3089 }
3090 if (user == NULL) {
3091 SecurityBlob->UserName.Buffer = 0;
3092 SecurityBlob->UserName.Length = 0;
3093 SecurityBlob->UserName.MaximumLength = 0;
3094 } else {
77159b4d 3095 __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, user, 64,
1da177e4 3096 nls_codepage);
77159b4d 3097 ln *= 2;
1da177e4 3098 SecurityBlob->UserName.MaximumLength =
77159b4d 3099 cpu_to_le16(ln);
1da177e4
LT		 3100 SecurityBlob->UserName.Buffer =
3101 cpu_to_le32(SecurityBlobLength);
77159b4d
SF		 3102 bcc_ptr += ln;
3103 SecurityBlobLength += ln;
3104 SecurityBlob->UserName.Length = cpu_to_le16(ln);
1da177e4
LT		 3105 }
3106
63135e08
SF		 3107 /* SecurityBlob->WorkstationName.Length =
3108 cifs_strtoUCS((__le16 *) bcc_ptr, "AMACHINE",64, nls_codepage);
1da177e4 3109 SecurityBlob->WorkstationName.Length *= 2;
63135e08
SF		 3110 SecurityBlob->WorkstationName.MaximumLength =
3111 cpu_to_le16(SecurityBlob->WorkstationName.Length);
3112 SecurityBlob->WorkstationName.Buffer =
3113 cpu_to_le32(SecurityBlobLength);
1da177e4
LT		 3114 bcc_ptr += SecurityBlob->WorkstationName.Length;
3115 SecurityBlobLength += SecurityBlob->WorkstationName.Length;
63135e08
SF		 3116 SecurityBlob->WorkstationName.Length =
3117 cpu_to_le16(SecurityBlob->WorkstationName.Length); */
1da177e4
LT		 3118
3119 if ((long) bcc_ptr % 2) {
3120 *bcc_ptr = 0;
3121 bcc_ptr++;
3122 }
3123 bytes_returned =
e89dc920 3124 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
1da177e4
LT		 3125 32, nls_codepage);
3126 bcc_ptr += 2 * bytes_returned;
3127 bytes_returned =
e9ff3990 3128 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
1da177e4
LT		 3129 nls_codepage);
3130 bcc_ptr += 2 * bytes_returned;
3131 bcc_ptr += 2; /* null term version string */
3132 bytes_returned =
e89dc920 3133 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
1da177e4
LT		 3134 64, nls_codepage);
3135 bcc_ptr += 2 * bytes_returned;
3136 *(bcc_ptr + 1) = 0;
3137 *(bcc_ptr + 2) = 0;
3138 bcc_ptr += 2; /* null terminate network opsys string */
3139 *(bcc_ptr + 1) = 0;
3140 *(bcc_ptr + 2) = 0;
3141 bcc_ptr += 2; /* null domain */
3142 } else { /* ASCII */
3143 if (domain == NULL) {
3144 SecurityBlob->DomainName.Buffer = 0;
3145 SecurityBlob->DomainName.Length = 0;
3146 SecurityBlob->DomainName.MaximumLength = 0;
3147 } else {
77159b4d 3148 __u16 ln;
1da177e4
LT		 3149 negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
3150 strncpy(bcc_ptr, domain, 63);
77159b4d 3151 ln = strnlen(domain, 64);
1da177e4 3152 SecurityBlob->DomainName.MaximumLength =
77159b4d 3153 cpu_to_le16(ln);
1da177e4
LT		 3154 SecurityBlob->DomainName.Buffer =
3155 cpu_to_le32(SecurityBlobLength);
77159b4d
SF		 3156 bcc_ptr += ln;
3157 SecurityBlobLength += ln;
3158 SecurityBlob->DomainName.Length = cpu_to_le16(ln);
1da177e4
LT		 3159 }
3160 if (user == NULL) {
3161 SecurityBlob->UserName.Buffer = 0;
3162 SecurityBlob->UserName.Length = 0;
3163 SecurityBlob->UserName.MaximumLength = 0;
3164 } else {
77159b4d 3165 __u16 ln;
1da177e4 3166 strncpy(bcc_ptr, user, 63);
77159b4d
SF		 3167 ln = strnlen(user, 64);
3168 SecurityBlob->UserName.MaximumLength = cpu_to_le16(ln);
1da177e4 3169 SecurityBlob->UserName.Buffer =
77159b4d
SF		 3170 cpu_to_le32(SecurityBlobLength);
3171 bcc_ptr += ln;
3172 SecurityBlobLength += ln;
3173 SecurityBlob->UserName.Length = cpu_to_le16(ln);
1da177e4
LT		 3174 }
3175 /* BB fill in our workstation name if known BB */
3176
3177 strcpy(bcc_ptr, "Linux version ");
3178 bcc_ptr += strlen("Linux version ");
e9ff3990
SH		 3179 strcpy(bcc_ptr, utsname()->release);
3180 bcc_ptr += strlen(utsname()->release) + 1;
1da177e4
LT		 3181 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
3182 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
3183 bcc_ptr++; /* null domain */
3184 *bcc_ptr = 0;
3185 }
3186 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
3187 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
3188 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
3189 smb_buffer->smb_buf_length += count;
3190 pSMB->req.ByteCount = cpu_to_le16(count);
3191
3192 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
133672ef 3193 &bytes_returned, CIFS_LONG_OP);
1da177e4 3194 if (rc) {
6345a3a8
CG		 3195/* rc = map_smb_to_linux_error(smb_buffer_response) done in SendReceive now */
3196 } else if ((smb_buffer_response->WordCount == 3) ||
3197 (smb_buffer_response->WordCount == 4)) {
1da177e4 3198 __u16 action = le16_to_cpu(pSMBr->resp.Action);
6345a3a8 3199 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
1da177e4 3200 if (action & GUEST_LOGIN)
50c2f753
SF		 3201 cFYI(1, (" Guest login")); /* BB Should we set anything
3202 in SesInfo struct ? */
3203/* if (SecurityBlob2->MessageType != NtLm??) {
3204 cFYI("Unexpected message type on auth response is %d"));
3205 } */
3206
1da177e4
LT		 3207 if (ses) {
3208 cFYI(1,
50c2f753 3209 ("Check challenge UID %d vs auth response UID %d",
1da177e4 3210 ses->Suid, smb_buffer_response->Uid));
50c2f753
SF		 3211 /* UID left in wire format */
3212 ses->Suid = smb_buffer_response->Uid;
3213 bcc_ptr = pByteArea(smb_buffer_response);
3214 /* response can have either 3 or 4 word count - Samba sends 3 */
1da177e4
LT		 3215 if ((pSMBr->resp.hdr.WordCount == 3)
3216 || ((pSMBr->resp.hdr.WordCount == 4)
3217 && (blob_len <
3218 pSMBr->resp.ByteCount))) {
3219 if (pSMBr->resp.hdr.WordCount == 4) {
3220 bcc_ptr +=
3221 blob_len;
3222 cFYI(1,
3223 ("Security Blob Length %d ",
3224 blob_len));
3225 }
3226
3227 cFYI(1,
3228 ("NTLMSSP response to Authenticate "));
3229
3230 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3231 if ((long) (bcc_ptr) % 2) {
3232 remaining_words =
3233 (BCC(smb_buffer_response)
3234 - 1) / 2;
3235 bcc_ptr++; /* Unicode strings must be word aligned */
3236 } else {
3237 remaining_words = BCC(smb_buffer_response) / 2;
3238 }
77159b4d
SF		 3239 len = UniStrnlen((wchar_t *) bcc_ptr,
3240 remaining_words - 1);
1da177e4
LT		 3241/* We look for obvious messed up bcc or strings in response so we do not go off
3242 the end since (at least) WIN2K and Windows XP have a major bug in not null
3243 terminating last Unicode string in response */
fb8c4b14 3244 if (ses->serverOS)
08775834 3245 kfree(ses->serverOS);
1da177e4 3246 ses->serverOS =
e915fc49 3247 kzalloc(2 * (len + 1), GFP_KERNEL);
1da177e4 3248 cifs_strfromUCS_le(ses->serverOS,
e89dc920 3249 (__le16 *)
1da177e4
LT		 3250 bcc_ptr, len,
3251 nls_codepage);
3252 bcc_ptr += 2 * (len + 1);
3253 remaining_words -= len + 1;
3254 ses->serverOS[2 * len] = 0;
3255 ses->serverOS[1 + (2 * len)] = 0;
3256 if (remaining_words > 0) {
3257 len = UniStrnlen((wchar_t *)
3258 bcc_ptr,
3259 remaining_words
3260 - 1);
cd49b492 3261 kfree(ses->serverNOS);
1da177e4 3262 ses->serverNOS =
e915fc49 3263 kzalloc(2 * (len + 1),
1da177e4
LT		 3264 GFP_KERNEL);
3265 cifs_strfromUCS_le(ses->
3266 serverNOS,
e89dc920 3267 (__le16 *)
1da177e4
LT		 3268 bcc_ptr,
3269 len,
3270 nls_codepage);
3271 bcc_ptr += 2 * (len + 1);
3272 ses->serverNOS[2 * len] = 0;
3273 ses->serverNOS[1+(2*len)] = 0;
3274 remaining_words -= len + 1;
3275 if (remaining_words > 0) {
50c2f753 3276 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
1da177e4 3277 /* last string not always null terminated (e.g. for Windows XP & 2000) */
fb8c4b14 3278 if (ses->serverDomain)
a424f8bf 3279 kfree(ses->serverDomain);
1da177e4 3280 ses->serverDomain =
e915fc49 3281 kzalloc(2 *
1da177e4
LT		 3282 (len +
3283 1),
3284 GFP_KERNEL);
3285 cifs_strfromUCS_le
3286 (ses->
3287 serverDomain,
e89dc920 3288 (__le16 *)
1da177e4
LT		 3289 bcc_ptr, len,
3290 nls_codepage);
3291 bcc_ptr +=
3292 2 * (len + 1);
3293 ses->
3294 serverDomain[2
3295 * len]
3296 = 0;
3297 ses->
3298 serverDomain[1
3299 +
3300 (2
3301 *
3302 len)]
3303 = 0;
3304 } /* else no more room so create dummy domain string */
a424f8bf 3305 else {
fb8c4b14 3306 if (ses->serverDomain)
a424f8bf 3307 kfree(ses->serverDomain);
e915fc49 3308 ses->serverDomain = kzalloc(2,GFP_KERNEL);
a424f8bf 3309 }
1da177e4 3310 } else { /* no room so create dummy domain and NOS string */
fb8c4b14 3311 if (ses->serverDomain)
a424f8bf 3312 kfree(ses->serverDomain);
e915fc49 3313 ses->serverDomain = kzalloc(2, GFP_KERNEL);
cd49b492 3314 kfree(ses->serverNOS);
e915fc49 3315 ses->serverNOS = kzalloc(2, GFP_KERNEL);
1da177e4
LT		 3316 }
3317 } else { /* ASCII */
3318 len = strnlen(bcc_ptr, 1024);
50c2f753
SF		 3319 if (((long) bcc_ptr + len) -
3320 (long) pByteArea(smb_buffer_response)
63135e08 3321 <= BCC(smb_buffer_response)) {
fb8c4b14 3322 if (ses->serverOS)
a424f8bf 3323 kfree(ses->serverOS);
77159b4d 3324 ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
1da177e4
LT		 3325 strncpy(ses->serverOS,bcc_ptr, len);
3326
3327 bcc_ptr += len;
3328 bcc_ptr[0] = 0; /* null terminate the string */
3329 bcc_ptr++;
3330
3331 len = strnlen(bcc_ptr, 1024);
cd49b492 3332 kfree(ses->serverNOS);
50c2f753
SF		 3333 ses->serverNOS = kzalloc(len+1,
3334 GFP_KERNEL);
63135e08
SF		 3335 strncpy(ses->serverNOS,
3336 bcc_ptr, len);
1da177e4
LT		 3337 bcc_ptr += len;
3338 bcc_ptr[0] = 0;
3339 bcc_ptr++;
3340
3341 len = strnlen(bcc_ptr, 1024);
fb8c4b14 3342 if (ses->serverDomain)
a424f8bf 3343 kfree(ses->serverDomain);
63135e08
SF		 3344 ses->serverDomain =
3345 kzalloc(len+1,
3346 GFP_KERNEL);
3347 strncpy(ses->serverDomain,
3348 bcc_ptr, len);
1da177e4
LT		 3349 bcc_ptr += len;
3350 bcc_ptr[0] = 0;
3351 bcc_ptr++;
3352 } else
6345a3a8 3353 cFYI(1, ("field of length %d "
63135e08 3354 "extends beyond end of smb ",
1da177e4
LT		 3355 len));
3356 }
3357 } else {
6345a3a8 3358 cERROR(1, ("Security Blob extends beyond end "
63135e08 3359 "of SMB"));
1da177e4
LT		 3360 }
3361 } else {
3362 cERROR(1, ("No session structure passed in."));
3363 }
3364 } else {
6345a3a8 3365 cERROR(1, ("Invalid Word count %d: ",
1da177e4
LT		 3366 smb_buffer_response->WordCount));
3367 rc = -EIO;
3368 }
3369
a8a11d39 3370 cifs_buf_release(smb_buffer);
1da177e4
LT		 3371
3372 return rc;
3373}
3374
3375int
3376CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3377 const char *tree, struct cifsTconInfo *tcon,
3378 const struct nls_table *nls_codepage)
3379{
3380 struct smb_hdr *smb_buffer;
3381 struct smb_hdr *smb_buffer_response;
3382 TCONX_REQ *pSMB;
3383 TCONX_RSP *pSMBr;
3384 unsigned char *bcc_ptr;
3385 int rc = 0;
3386 int length;
3387 __u16 count;
3388
3389 if (ses == NULL)
3390 return -EIO;
3391
3392 smb_buffer = cifs_buf_get();
3393 if (smb_buffer == NULL) {
3394 return -ENOMEM;
3395 }
3396 smb_buffer_response = smb_buffer;
3397
3398 header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3399 NULL /*no tid */ , 4 /*wct */ );
1982c344
SF		 3400
3401 smb_buffer->Mid = GetNextMid(ses->server);
1da177e4
LT		 3402 smb_buffer->Uid = ses->Suid;
3403 pSMB = (TCONX_REQ *) smb_buffer;
3404 pSMBr = (TCONX_RSP *) smb_buffer_response;
3405
3406 pSMB->AndXCommand = 0xFF;
3407 pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
1da177e4 3408 bcc_ptr = &pSMB->Password[0];
fb8c4b14 3409 if ((ses->server->secMode) & SECMODE_USER) {
eeac8047 3410 pSMB->PasswordLength = cpu_to_le16(1); /* minimum */
7c7b25bc 3411 *bcc_ptr = 0; /* password is null byte */
eeac8047 3412 bcc_ptr++; /* skip password */
7c7b25bc 3413 /* already aligned so no need to do it below */
eeac8047 3414 } else {
7c7b25bc 3415 pSMB->PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);
eeac8047
SF		 3416 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3417 specified as required (when that support is added to
3418 the vfs in the future) as only NTLM or the much
7c7b25bc 3419 weaker LANMAN (which we do not send by default) is accepted
eeac8047
SF		 3420 by Samba (not sure whether other servers allow
3421 NTLMv2 password here) */
7c7b25bc 3422#ifdef CONFIG_CIFS_WEAK_PW_HASH
50c2f753 3423 if ((extended_security & CIFSSEC_MAY_LANMAN) &&
7c7b25bc
SF		 3424 (ses->server->secType == LANMAN))
3425 calc_lanman_hash(ses, bcc_ptr);
3426 else
3427#endif /* CIFS_WEAK_PW_HASH */
eeac8047
SF		 3428 SMBNTencrypt(ses->password,
3429 ses->server->cryptKey,
3430 bcc_ptr);
3431
7c7b25bc 3432 bcc_ptr += CIFS_SESS_KEY_SIZE;
fb8c4b14 3433 if (ses->capabilities & CAP_UNICODE) {
7c7b25bc
SF		 3434 /* must align unicode strings */
3435 *bcc_ptr = 0; /* null byte password */
3436 bcc_ptr++;
3437 }
eeac8047 3438 }
1da177e4 3439
50c2f753 3440 if (ses->server->secMode &
a878fb22 3441 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
1da177e4
LT		 3442 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3443
3444 if (ses->capabilities & CAP_STATUS32) {
3445 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3446 }
3447 if (ses->capabilities & CAP_DFS) {
3448 smb_buffer->Flags2 |= SMBFLG2_DFS;
3449 }
3450 if (ses->capabilities & CAP_UNICODE) {
3451 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3452 length =
50c2f753
SF		 3453 cifs_strtoUCS((__le16 *) bcc_ptr, tree,
3454 6 /* max utf8 char length in bytes */ *
a878fb22
SF		 3455 (/* server len*/ + 256 /* share len */), nls_codepage);
3456 bcc_ptr += 2 * length; /* convert num 16 bit words to bytes */
1da177e4
LT		 3457 bcc_ptr += 2; /* skip trailing null */
3458 } else { /* ASCII */
1da177e4
LT		 3459 strcpy(bcc_ptr, tree);
3460 bcc_ptr += strlen(tree) + 1;
3461 }
3462 strcpy(bcc_ptr, "?????");
3463 bcc_ptr += strlen("?????");
3464 bcc_ptr += 1;
3465 count = bcc_ptr - &pSMB->Password[0];
3466 pSMB->hdr.smb_buf_length += count;
3467 pSMB->ByteCount = cpu_to_le16(count);
3468
133672ef
SF		 3469 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length,
3470 CIFS_STD_OP);
1da177e4
LT		 3471
3472 /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3473 /* above now done in SendReceive */
3474 if ((rc == 0) && (tcon != NULL)) {
3475 tcon->tidStatus = CifsGood;
3476 tcon->tid = smb_buffer_response->Tid;
3477 bcc_ptr = pByteArea(smb_buffer_response);
3478 length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2);
50c2f753 3479 /* skip service field (NB: this field is always ASCII) */
7f8ed420
SF		 3480 if (length == 3) {
3481 if ((bcc_ptr[0] == 'I') && (bcc_ptr[1] == 'P') &&
3482 (bcc_ptr[2] == 'C')) {
3483 cFYI(1, ("IPC connection"));
3484 tcon->ipc = 1;
3485 }
3486 } else if (length == 2) {
3487 if ((bcc_ptr[0] == 'A') && (bcc_ptr[1] == ':')) {
3488 /* the most common case */
3489 cFYI(1, ("disk share connection"));
3490 }
3491 }
50c2f753 3492 bcc_ptr += length + 1;
1da177e4
LT		 3493 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3494 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3495 length = UniStrnlen((wchar_t *) bcc_ptr, 512);
3496 if ((bcc_ptr + (2 * length)) -
3497 pByteArea(smb_buffer_response) <=
3498 BCC(smb_buffer_response)) {
f99d49ad 3499 kfree(tcon->nativeFileSystem);
1da177e4 3500 tcon->nativeFileSystem =
e915fc49 3501 kzalloc(length + 2, GFP_KERNEL);
88f370a6
SF		 3502 if (tcon->nativeFileSystem)
3503 cifs_strfromUCS_le(
3504 tcon->nativeFileSystem,
3505 (__le16 *) bcc_ptr,
3506 length, nls_codepage);
1da177e4
LT		 3507 bcc_ptr += 2 * length;
3508 bcc_ptr[0] = 0; /* null terminate the string */
3509 bcc_ptr[1] = 0;
3510 bcc_ptr += 2;
3511 }
50c2f753 3512 /* else do not bother copying these information fields*/
1da177e4
LT		 3513 } else {
3514 length = strnlen(bcc_ptr, 1024);
3515 if ((bcc_ptr + length) -
3516 pByteArea(smb_buffer_response) <=
3517 BCC(smb_buffer_response)) {
f99d49ad 3518 kfree(tcon->nativeFileSystem);
1da177e4 3519 tcon->nativeFileSystem =
e915fc49 3520 kzalloc(length + 1, GFP_KERNEL);
88f370a6
SF		 3521 if (tcon->nativeFileSystem)
3522 strncpy(tcon->nativeFileSystem, bcc_ptr,
3523 length);
1da177e4 3524 }
50c2f753 3525 /* else do not bother copying these information fields*/
1da177e4 3526 }
fb8c4b14 3527 if ((smb_buffer_response->WordCount == 3) ||
1a4e15a0
SF		 3528 (smb_buffer_response->WordCount == 7))
3529 /* field is in same location */
3979877e
SF		 3530 tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3531 else
3532 tcon->Flags = 0;
1da177e4
LT		 3533 cFYI(1, ("Tcon flags: 0x%x ", tcon->Flags));
3534 } else if ((rc == 0) && tcon == NULL) {
50c2f753 3535 /* all we need to save for IPC$ connection */
1da177e4
LT		 3536 ses->ipc_tid = smb_buffer_response->Tid;
3537 }
3538
a8a11d39 3539 cifs_buf_release(smb_buffer);
1da177e4
LT		 3540 return rc;
3541}
3542
3543int
3544cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3545{
3546 int rc = 0;
3547 int xid;
3548 struct cifsSesInfo *ses = NULL;
3549 struct task_struct *cifsd_task;
50c2f753 3550 char *tmp;
1da177e4
LT		 3551
3552 xid = GetXid();
3553
3554 if (cifs_sb->tcon) {
3555 ses = cifs_sb->tcon->ses; /* save ptr to ses before delete tcon!*/
3556 rc = CIFSSMBTDis(xid, cifs_sb->tcon);
3557 if (rc == -EBUSY) {
3558 FreeXid(xid);
3559 return 0;
3560 }
5d941ca6 3561 DeleteTconOplockQEntries(cifs_sb->tcon);
1da177e4
LT		 3562 tconInfoFree(cifs_sb->tcon);
3563 if ((ses) && (ses->server)) {
3564 /* save off task so we do not refer to ses later */
3565 cifsd_task = ses->server->tsk;
3566 cFYI(1, ("About to do SMBLogoff "));
3567 rc = CIFSSMBLogoff(xid, ses);
3568 if (rc == -EBUSY) {
3569 FreeXid(xid);
3570 return 0;
3571 } else if (rc == -ESHUTDOWN) {
467a8f8d 3572 cFYI(1, ("Waking up socket by sending signal"));
f7f7c31c 3573 if (cifsd_task) {
50c2f753 3574 force_sig(SIGKILL, cifsd_task);
aaf737ad 3575 kthread_stop(cifsd_task);
f191401f 3576 }
1da177e4
LT		 3577 rc = 0;
3578 } /* else - we have an smb session
3579 left on this socket do not kill cifsd */
3580 } else
3581 cFYI(1, ("No session or bad tcon"));
3582 }
50c2f753 3583
1da177e4 3584 cifs_sb->tcon = NULL;
2fe87f02
SF		 3585 tmp = cifs_sb->prepath;
3586 cifs_sb->prepathlen = 0;
3587 cifs_sb->prepath = NULL;
3588 kfree(tmp);
1da177e4
LT		 3589 if (ses)
3590 sesInfoFree(ses);
3591
3592 FreeXid(xid);
88e7d705 3593 return rc;
50c2f753 3594}
1da177e4
LT		 3595
3596int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
50c2f753 3597 struct nls_table *nls_info)
1da177e4
LT		 3598{
3599 int rc = 0;
7c7b25bc 3600 char ntlm_session_key[CIFS_SESS_KEY_SIZE];
4b18f2a9 3601 bool ntlmv2_flag = false;
ad009ac9 3602 int first_time = 0;
1da177e4
LT		 3603
3604 /* what if server changes its buffer size after dropping the session? */
fb8c4b14 3605 if (pSesInfo->server->maxBuf == 0) /* no need to send on reconnect */ {
1da177e4 3606 rc = CIFSSMBNegotiate(xid, pSesInfo);
fb8c4b14 3607 if (rc == -EAGAIN) /* retry only once on 1st time connection */ {
1da177e4 3608 rc = CIFSSMBNegotiate(xid, pSesInfo);
50c2f753 3609 if (rc == -EAGAIN)
1da177e4
LT		 3610 rc = -EHOSTDOWN;
3611 }
fb8c4b14 3612 if (rc == 0) {
1da177e4 3613 spin_lock(&GlobalMid_Lock);
fb8c4b14 3614 if (pSesInfo->server->tcpStatus != CifsExiting)
1da177e4
LT		 3615 pSesInfo->server->tcpStatus = CifsGood;
3616 else
3617 rc = -EHOSTDOWN;
3618 spin_unlock(&GlobalMid_Lock);
3619
3620 }
ad009ac9 3621 first_time = 1;
1da177e4
LT		 3622 }
3623 if (!rc) {
9ac00b7d 3624 pSesInfo->flags = 0;
1da177e4 3625 pSesInfo->capabilities = pSesInfo->server->capabilities;
fb8c4b14 3626 if (linuxExtEnabled == 0)
1da177e4 3627 pSesInfo->capabilities &= (~CAP_UNIX);
ad009ac9 3628 /* pSesInfo->sequence_number = 0;*/
50c2f753
SF		 3629 cFYI(1,
3630 ("Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d",
1da177e4
LT		 3631 pSesInfo->server->secMode,
3632 pSesInfo->server->capabilities,
175ec9e1 3633 pSesInfo->server->timeAdj));
fb8c4b14 3634 if (experimEnabled < 2)
3979877e
SF		 3635 rc = CIFS_SessSetup(xid, pSesInfo,
3636 first_time, nls_info);
189acaae 3637 else if (extended_security
50c2f753 3638 && (pSesInfo->capabilities
175ec9e1 3639 & CAP_EXTENDED_SECURITY)
1da177e4 3640 && (pSesInfo->server->secType == NTLMSSP)) {
189acaae 3641 rc = -EOPNOTSUPP;
1da177e4
LT		 3642 } else if (extended_security
3643 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3644 && (pSesInfo->server->secType == RawNTLMSSP)) {
5815449d 3645 cFYI(1, ("NTLMSSP sesssetup"));
1da177e4
LT		 3646 rc = CIFSNTLMSSPNegotiateSessSetup(xid,
3647 pSesInfo,
3648 &ntlmv2_flag,
3649 nls_info);
3650 if (!rc) {
fb8c4b14 3651 if (ntlmv2_flag) {
50c2f753 3652 char *v2_response;
467a8f8d 3653 cFYI(1, ("more secure NTLM ver2 hash"));
50c2f753 3654 if (CalcNTLMv2_partial_mac_key(pSesInfo,
1da177e4
LT		 3655 nls_info)) {
3656 rc = -ENOMEM;
3657 goto ss_err_exit;
3658 } else
3659 v2_response = kmalloc(16 + 64 /* blob */, GFP_KERNEL);
fb8c4b14 3660 if (v2_response) {
50c2f753
SF		 3661 CalcNTLMv2_response(pSesInfo,
3662 v2_response);
fb8c4b14 3663 /* if (first_time)
50c2f753
SF		 3664 cifs_calculate_ntlmv2_mac_key(
3665 pSesInfo->server->mac_signing_key,
3666 response, ntlm_session_key,*/
1da177e4
LT		 3667 kfree(v2_response);
3668 /* BB Put dummy sig in SessSetup PDU? */
3669 } else {
3670 rc = -ENOMEM;
3671 goto ss_err_exit;
3672 }
3673
3674 } else {
3675 SMBNTencrypt(pSesInfo->password,
3676 pSesInfo->server->cryptKey,
3677 ntlm_session_key);
3678
fb8c4b14 3679 if (first_time)
ad009ac9 3680 cifs_calculate_mac_key(
b609f06a 3681 &pSesInfo->server->mac_signing_key,
ad009ac9
SF		 3682 ntlm_session_key,
3683 pSesInfo->password);
1da177e4
LT		 3684 }
3685 /* for better security the weaker lanman hash not sent
3686 in AuthSessSetup so we no longer calculate it */
3687
3688 rc = CIFSNTLMSSPAuthSessSetup(xid,
3689 pSesInfo,
3690 ntlm_session_key,
3691 ntlmv2_flag,
3692 nls_info);
3693 }
3694 } else { /* old style NTLM 0.12 session setup */
3695 SMBNTencrypt(pSesInfo->password,
3696 pSesInfo->server->cryptKey,
3697 ntlm_session_key);
3698
fb8c4b14 3699 if (first_time)
ad009ac9 3700 cifs_calculate_mac_key(
b609f06a 3701 &pSesInfo->server->mac_signing_key,
ad009ac9
SF		 3702 ntlm_session_key, pSesInfo->password);
3703
1da177e4
LT		 3704 rc = CIFSSessSetup(xid, pSesInfo,
3705 ntlm_session_key, nls_info);
3706 }
3707 if (rc) {
fb8c4b14 3708 cERROR(1, ("Send error in SessSetup = %d", rc));
1da177e4 3709 } else {
467a8f8d 3710 cFYI(1, ("CIFS Session Established successfully"));
1da177e4
LT		 3711 pSesInfo->status = CifsGood;
3712 }
3713 }
3714ss_err_exit:
3715 return rc;
3716}
3717
A mirror of Linus' kernel repository