]> git.karo-electronics.de Git - mv-sheeva.git/blob - fs/cifs/connect.c
Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6
[mv-sheeva.git] / fs / cifs / connect.c
1 /*
2  *   fs/cifs/connect.c
3  *
4  *   Copyright (C) International Business Machines  Corp., 2002,2009
5  *   Author(s): Steve French (sfrench@us.ibm.com)
6  *
7  *   This library is free software; you can redistribute it and/or modify
8  *   it under the terms of the GNU Lesser General Public License as published
9  *   by the Free Software Foundation; either version 2.1 of the License, or
10  *   (at your option) any later version.
11  *
12  *   This library is distributed in the hope that it will be useful,
13  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
14  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
15  *   the GNU Lesser General Public License for more details.
16  *
17  *   You should have received a copy of the GNU Lesser General Public License
18  *   along with this library; if not, write to the Free Software
19  *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20  */
21 #include <linux/fs.h>
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/slab.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/kthread.h>
34 #include <linux/pagevec.h>
35 #include <linux/freezer.h>
36 #include <linux/namei.h>
37 #include <asm/uaccess.h>
38 #include <asm/processor.h>
39 #include <linux/inet.h>
40 #include <net/ipv6.h>
41 #include "cifspdu.h"
42 #include "cifsglob.h"
43 #include "cifsproto.h"
44 #include "cifs_unicode.h"
45 #include "cifs_debug.h"
46 #include "cifs_fs_sb.h"
47 #include "ntlmssp.h"
48 #include "nterr.h"
49 #include "rfc1002pdu.h"
50 #include "fscache.h"
51
52 #define CIFS_PORT 445
53 #define RFC1001_PORT 139
54
55 extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
56                          unsigned char *p24);
57
58 extern mempool_t *cifs_req_poolp;
59
60 struct smb_vol {
61         char *username;
62         char *password;
63         char *domainname;
64         char *UNC;
65         char *UNCip;
66         char *iocharset;  /* local code page for mapping to and from Unicode */
67         char source_rfc1001_name[RFC1001_NAME_LEN_WITH_NULL]; /* clnt nb name */
68         char target_rfc1001_name[RFC1001_NAME_LEN_WITH_NULL]; /* srvr nb name */
69         uid_t cred_uid;
70         uid_t linux_uid;
71         gid_t linux_gid;
72         mode_t file_mode;
73         mode_t dir_mode;
74         unsigned secFlg;
75         bool retry:1;
76         bool intr:1;
77         bool setuids:1;
78         bool override_uid:1;
79         bool override_gid:1;
80         bool dynperm:1;
81         bool noperm:1;
82         bool no_psx_acl:1; /* set if posix acl support should be disabled */
83         bool cifs_acl:1;
84         bool no_xattr:1;   /* set if xattr (EA) support should be disabled*/
85         bool server_ino:1; /* use inode numbers from server ie UniqueId */
86         bool direct_io:1;
87         bool remap:1;      /* set to remap seven reserved chars in filenames */
88         bool posix_paths:1; /* unset to not ask for posix pathnames. */
89         bool no_linux_ext:1;
90         bool sfu_emul:1;
91         bool nullauth:1;   /* attempt to authenticate with null user */
92         bool nocase:1;     /* request case insensitive filenames */
93         bool nobrl:1;      /* disable sending byte range locks to srv */
94         bool mand_lock:1;  /* send mandatory not posix byte range lock reqs */
95         bool seal:1;       /* request transport encryption on share */
96         bool nodfs:1;      /* Do not request DFS, even if available */
97         bool local_lease:1; /* check leases only on local system, not remote */
98         bool noblocksnd:1;
99         bool noautotune:1;
100         bool nostrictsync:1; /* do not force expensive SMBflush on every sync */
101         bool fsc:1;     /* enable fscache */
102         bool mfsymlinks:1; /* use Minshall+French Symlinks */
103         bool multiuser:1;
104         unsigned int rsize;
105         unsigned int wsize;
106         bool sockopt_tcp_nodelay:1;
107         unsigned short int port;
108         unsigned long actimeo; /* attribute cache timeout (jiffies) */
109         char *prepath;
110         struct sockaddr_storage srcaddr; /* allow binding to a local IP */
111         struct nls_table *local_nls;
112 };
113
114 /* FIXME: should these be tunable? */
115 #define TLINK_ERROR_EXPIRE      (1 * HZ)
116 #define TLINK_IDLE_EXPIRE       (600 * HZ)
117
118 static int ip_connect(struct TCP_Server_Info *server);
119 static int generic_ip_connect(struct TCP_Server_Info *server);
120 static void tlink_rb_insert(struct rb_root *root, struct tcon_link *new_tlink);
121 static void cifs_prune_tlinks(struct work_struct *work);
122
123 /*
124  * cifs tcp session reconnection
125  *
126  * mark tcp session as reconnecting so temporarily locked
127  * mark all smb sessions as reconnecting for tcp session
128  * reconnect tcp session
129  * wake up waiters on reconnection? - (not needed currently)
130  */
131 static int
132 cifs_reconnect(struct TCP_Server_Info *server)
133 {
134         int rc = 0;
135         struct list_head *tmp, *tmp2;
136         struct cifsSesInfo *ses;
137         struct cifsTconInfo *tcon;
138         struct mid_q_entry *mid_entry;
139
140         spin_lock(&GlobalMid_Lock);
141         if (server->tcpStatus == CifsExiting) {
142                 /* the demux thread will exit normally
143                 next time through the loop */
144                 spin_unlock(&GlobalMid_Lock);
145                 return rc;
146         } else
147                 server->tcpStatus = CifsNeedReconnect;
148         spin_unlock(&GlobalMid_Lock);
149         server->maxBuf = 0;
150
151         cFYI(1, "Reconnecting tcp session");
152
153         /* before reconnecting the tcp session, mark the smb session (uid)
154                 and the tid bad so they are not used until reconnected */
155         spin_lock(&cifs_tcp_ses_lock);
156         list_for_each(tmp, &server->smb_ses_list) {
157                 ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
158                 ses->need_reconnect = true;
159                 ses->ipc_tid = 0;
160                 list_for_each(tmp2, &ses->tcon_list) {
161                         tcon = list_entry(tmp2, struct cifsTconInfo, tcon_list);
162                         tcon->need_reconnect = true;
163                 }
164         }
165         spin_unlock(&cifs_tcp_ses_lock);
166         /* do not want to be sending data on a socket we are freeing */
167         mutex_lock(&server->srv_mutex);
168         if (server->ssocket) {
169                 cFYI(1, "State: 0x%x Flags: 0x%lx", server->ssocket->state,
170                         server->ssocket->flags);
171                 kernel_sock_shutdown(server->ssocket, SHUT_WR);
172                 cFYI(1, "Post shutdown state: 0x%x Flags: 0x%lx",
173                         server->ssocket->state,
174                         server->ssocket->flags);
175                 sock_release(server->ssocket);
176                 server->ssocket = NULL;
177         }
178         server->sequence_number = 0;
179         server->session_estab = false;
180         kfree(server->session_key.response);
181         server->session_key.response = NULL;
182         server->session_key.len = 0;
183
184         spin_lock(&GlobalMid_Lock);
185         list_for_each(tmp, &server->pending_mid_q) {
186                 mid_entry = list_entry(tmp, struct
187                                         mid_q_entry,
188                                         qhead);
189                 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
190                                 /* Mark other intransit requests as needing
191                                    retry so we do not immediately mark the
192                                    session bad again (ie after we reconnect
193                                    below) as they timeout too */
194                         mid_entry->midState = MID_RETRY_NEEDED;
195                 }
196         }
197         spin_unlock(&GlobalMid_Lock);
198         mutex_unlock(&server->srv_mutex);
199
200         while ((server->tcpStatus != CifsExiting) &&
201                (server->tcpStatus != CifsGood)) {
202                 try_to_freeze();
203
204                 /* we should try only the port we connected to before */
205                 rc = generic_ip_connect(server);
206                 if (rc) {
207                         cFYI(1, "reconnect error %d", rc);
208                         msleep(3000);
209                 } else {
210                         atomic_inc(&tcpSesReconnectCount);
211                         spin_lock(&GlobalMid_Lock);
212                         if (server->tcpStatus != CifsExiting)
213                                 server->tcpStatus = CifsGood;
214                         spin_unlock(&GlobalMid_Lock);
215         /*              atomic_set(&server->inFlight,0);*/
216                         wake_up(&server->response_q);
217                 }
218         }
219         return rc;
220 }
221
222 /*
223         return codes:
224                 0       not a transact2, or all data present
225                 >0      transact2 with that much data missing
226                 -EINVAL = invalid transact2
227
228  */
229 static int check2ndT2(struct smb_hdr *pSMB, unsigned int maxBufSize)
230 {
231         struct smb_t2_rsp *pSMBt;
232         int total_data_size;
233         int data_in_this_rsp;
234         int remaining;
235
236         if (pSMB->Command != SMB_COM_TRANSACTION2)
237                 return 0;
238
239         /* check for plausible wct, bcc and t2 data and parm sizes */
240         /* check for parm and data offset going beyond end of smb */
241         if (pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
242                 cFYI(1, "invalid transact2 word count");
243                 return -EINVAL;
244         }
245
246         pSMBt = (struct smb_t2_rsp *)pSMB;
247
248         total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
249         data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
250
251         remaining = total_data_size - data_in_this_rsp;
252
253         if (remaining == 0)
254                 return 0;
255         else if (remaining < 0) {
256                 cFYI(1, "total data %d smaller than data in frame %d",
257                         total_data_size, data_in_this_rsp);
258                 return -EINVAL;
259         } else {
260                 cFYI(1, "missing %d bytes from transact2, check next response",
261                         remaining);
262                 if (total_data_size > maxBufSize) {
263                         cERROR(1, "TotalDataSize %d is over maximum buffer %d",
264                                 total_data_size, maxBufSize);
265                         return -EINVAL;
266                 }
267                 return remaining;
268         }
269 }
270
271 static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
272 {
273         struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
274         struct smb_t2_rsp *pSMBt  = (struct smb_t2_rsp *)pTargetSMB;
275         int total_data_size;
276         int total_in_buf;
277         int remaining;
278         int total_in_buf2;
279         char *data_area_of_target;
280         char *data_area_of_buf2;
281         __u16 byte_count;
282
283         total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
284
285         if (total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
286                 cFYI(1, "total data size of primary and secondary t2 differ");
287         }
288
289         total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
290
291         remaining = total_data_size - total_in_buf;
292
293         if (remaining < 0)
294                 return -EINVAL;
295
296         if (remaining == 0) /* nothing to do, ignore */
297                 return 0;
298
299         total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
300         if (remaining < total_in_buf2) {
301                 cFYI(1, "transact2 2nd response contains too much data");
302         }
303
304         /* find end of first SMB data area */
305         data_area_of_target = (char *)&pSMBt->hdr.Protocol +
306                                 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
307         /* validate target area */
308
309         data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
310                                         le16_to_cpu(pSMB2->t2_rsp.DataOffset);
311
312         data_area_of_target += total_in_buf;
313
314         /* copy second buffer into end of first buffer */
315         memcpy(data_area_of_target, data_area_of_buf2, total_in_buf2);
316         total_in_buf += total_in_buf2;
317         pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
318         byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
319         byte_count += total_in_buf2;
320         BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
321
322         byte_count = pTargetSMB->smb_buf_length;
323         byte_count += total_in_buf2;
324
325         /* BB also add check that we are not beyond maximum buffer size */
326
327         pTargetSMB->smb_buf_length = byte_count;
328
329         if (remaining == total_in_buf2) {
330                 cFYI(1, "found the last secondary response");
331                 return 0; /* we are done */
332         } else /* more responses to go */
333                 return 1;
334
335 }
336
337 static int
338 cifs_demultiplex_thread(struct TCP_Server_Info *server)
339 {
340         int length;
341         unsigned int pdu_length, total_read;
342         struct smb_hdr *smb_buffer = NULL;
343         struct smb_hdr *bigbuf = NULL;
344         struct smb_hdr *smallbuf = NULL;
345         struct msghdr smb_msg;
346         struct kvec iov;
347         struct socket *csocket = server->ssocket;
348         struct list_head *tmp;
349         struct cifsSesInfo *ses;
350         struct task_struct *task_to_wake = NULL;
351         struct mid_q_entry *mid_entry;
352         char temp;
353         bool isLargeBuf = false;
354         bool isMultiRsp;
355         int reconnect;
356
357         current->flags |= PF_MEMALLOC;
358         cFYI(1, "Demultiplex PID: %d", task_pid_nr(current));
359
360         length = atomic_inc_return(&tcpSesAllocCount);
361         if (length > 1)
362                 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
363                                 GFP_KERNEL);
364
365         set_freezable();
366         while (server->tcpStatus != CifsExiting) {
367                 if (try_to_freeze())
368                         continue;
369                 if (bigbuf == NULL) {
370                         bigbuf = cifs_buf_get();
371                         if (!bigbuf) {
372                                 cERROR(1, "No memory for large SMB response");
373                                 msleep(3000);
374                                 /* retry will check if exiting */
375                                 continue;
376                         }
377                 } else if (isLargeBuf) {
378                         /* we are reusing a dirty large buf, clear its start */
379                         memset(bigbuf, 0, sizeof(struct smb_hdr));
380                 }
381
382                 if (smallbuf == NULL) {
383                         smallbuf = cifs_small_buf_get();
384                         if (!smallbuf) {
385                                 cERROR(1, "No memory for SMB response");
386                                 msleep(1000);
387                                 /* retry will check if exiting */
388                                 continue;
389                         }
390                         /* beginning of smb buffer is cleared in our buf_get */
391                 } else /* if existing small buf clear beginning */
392                         memset(smallbuf, 0, sizeof(struct smb_hdr));
393
394                 isLargeBuf = false;
395                 isMultiRsp = false;
396                 smb_buffer = smallbuf;
397                 iov.iov_base = smb_buffer;
398                 iov.iov_len = 4;
399                 smb_msg.msg_control = NULL;
400                 smb_msg.msg_controllen = 0;
401                 pdu_length = 4; /* enough to get RFC1001 header */
402 incomplete_rcv:
403                 length =
404                     kernel_recvmsg(csocket, &smb_msg,
405                                 &iov, 1, pdu_length, 0 /* BB other flags? */);
406
407                 if (server->tcpStatus == CifsExiting) {
408                         break;
409                 } else if (server->tcpStatus == CifsNeedReconnect) {
410                         cFYI(1, "Reconnect after server stopped responding");
411                         cifs_reconnect(server);
412                         cFYI(1, "call to reconnect done");
413                         csocket = server->ssocket;
414                         continue;
415                 } else if (length == -ERESTARTSYS ||
416                            length == -EAGAIN ||
417                            length == -EINTR) {
418                         msleep(1); /* minimum sleep to prevent looping
419                                 allowing socket to clear and app threads to set
420                                 tcpStatus CifsNeedReconnect if server hung */
421                         if (pdu_length < 4) {
422                                 iov.iov_base = (4 - pdu_length) +
423                                                         (char *)smb_buffer;
424                                 iov.iov_len = pdu_length;
425                                 smb_msg.msg_control = NULL;
426                                 smb_msg.msg_controllen = 0;
427                                 goto incomplete_rcv;
428                         } else
429                                 continue;
430                 } else if (length <= 0) {
431                         cFYI(1, "Reconnect after unexpected peek error %d",
432                                 length);
433                         cifs_reconnect(server);
434                         csocket = server->ssocket;
435                         wake_up(&server->response_q);
436                         continue;
437                 } else if (length < pdu_length) {
438                         cFYI(1, "requested %d bytes but only got %d bytes",
439                                   pdu_length, length);
440                         pdu_length -= length;
441                         msleep(1);
442                         goto incomplete_rcv;
443                 }
444
445                 /* The right amount was read from socket - 4 bytes */
446                 /* so we can now interpret the length field */
447
448                 /* the first byte big endian of the length field,
449                 is actually not part of the length but the type
450                 with the most common, zero, as regular data */
451                 temp = *((char *) smb_buffer);
452
453                 /* Note that FC 1001 length is big endian on the wire,
454                 but we convert it here so it is always manipulated
455                 as host byte order */
456                 pdu_length = be32_to_cpu((__force __be32)smb_buffer->smb_buf_length);
457                 smb_buffer->smb_buf_length = pdu_length;
458
459                 cFYI(1, "rfc1002 length 0x%x", pdu_length+4);
460
461                 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
462                         continue;
463                 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
464                         cFYI(1, "Good RFC 1002 session rsp");
465                         continue;
466                 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
467                         /* we get this from Windows 98 instead of
468                            an error on SMB negprot response */
469                         cFYI(1, "Negative RFC1002 Session Response Error 0x%x)",
470                                 pdu_length);
471                         /* give server a second to clean up  */
472                         msleep(1000);
473                         /* always try 445 first on reconnect since we get NACK
474                          * on some if we ever connected to port 139 (the NACK
475                          * is since we do not begin with RFC1001 session
476                          * initialize frame)
477                          */
478                         cifs_set_port((struct sockaddr *)
479                                         &server->dstaddr, CIFS_PORT);
480                         cifs_reconnect(server);
481                         csocket = server->ssocket;
482                         wake_up(&server->response_q);
483                         continue;
484                 } else if (temp != (char) 0) {
485                         cERROR(1, "Unknown RFC 1002 frame");
486                         cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
487                                       length);
488                         cifs_reconnect(server);
489                         csocket = server->ssocket;
490                         continue;
491                 }
492
493                 /* else we have an SMB response */
494                 if ((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
495                             (pdu_length < sizeof(struct smb_hdr) - 1 - 4)) {
496                         cERROR(1, "Invalid size SMB length %d pdu_length %d",
497                                         length, pdu_length+4);
498                         cifs_reconnect(server);
499                         csocket = server->ssocket;
500                         wake_up(&server->response_q);
501                         continue;
502                 }
503
504                 /* else length ok */
505                 reconnect = 0;
506
507                 if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
508                         isLargeBuf = true;
509                         memcpy(bigbuf, smallbuf, 4);
510                         smb_buffer = bigbuf;
511                 }
512                 length = 0;
513                 iov.iov_base = 4 + (char *)smb_buffer;
514                 iov.iov_len = pdu_length;
515                 for (total_read = 0; total_read < pdu_length;
516                      total_read += length) {
517                         length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
518                                                 pdu_length - total_read, 0);
519                         if (server->tcpStatus == CifsExiting) {
520                                 /* then will exit */
521                                 reconnect = 2;
522                                 break;
523                         } else if (server->tcpStatus == CifsNeedReconnect) {
524                                 cifs_reconnect(server);
525                                 csocket = server->ssocket;
526                                 /* Reconnect wakes up rspns q */
527                                 /* Now we will reread sock */
528                                 reconnect = 1;
529                                 break;
530                         } else if (length == -ERESTARTSYS ||
531                                    length == -EAGAIN ||
532                                    length == -EINTR) {
533                                 msleep(1); /* minimum sleep to prevent looping,
534                                               allowing socket to clear and app
535                                               threads to set tcpStatus
536                                               CifsNeedReconnect if server hung*/
537                                 length = 0;
538                                 continue;
539                         } else if (length <= 0) {
540                                 cERROR(1, "Received no data, expecting %d",
541                                               pdu_length - total_read);
542                                 cifs_reconnect(server);
543                                 csocket = server->ssocket;
544                                 reconnect = 1;
545                                 break;
546                         }
547                 }
548                 if (reconnect == 2)
549                         break;
550                 else if (reconnect == 1)
551                         continue;
552
553                 length += 4; /* account for rfc1002 hdr */
554
555
556                 dump_smb(smb_buffer, length);
557                 if (checkSMB(smb_buffer, smb_buffer->Mid, total_read+4)) {
558                         cifs_dump_mem("Bad SMB: ", smb_buffer, 48);
559                         continue;
560                 }
561
562
563                 task_to_wake = NULL;
564                 spin_lock(&GlobalMid_Lock);
565                 list_for_each(tmp, &server->pending_mid_q) {
566                         mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
567
568                         if ((mid_entry->mid == smb_buffer->Mid) &&
569                             (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
570                             (mid_entry->command == smb_buffer->Command)) {
571                                 if (check2ndT2(smb_buffer,server->maxBuf) > 0) {
572                                         /* We have a multipart transact2 resp */
573                                         isMultiRsp = true;
574                                         if (mid_entry->resp_buf) {
575                                                 /* merge response - fix up 1st*/
576                                                 if (coalesce_t2(smb_buffer,
577                                                         mid_entry->resp_buf)) {
578                                                         mid_entry->multiRsp =
579                                                                  true;
580                                                         break;
581                                                 } else {
582                                                         /* all parts received */
583                                                         mid_entry->multiEnd =
584                                                                  true;
585                                                         goto multi_t2_fnd;
586                                                 }
587                                         } else {
588                                                 if (!isLargeBuf) {
589                                                         cERROR(1, "1st trans2 resp needs bigbuf");
590                                         /* BB maybe we can fix this up,  switch
591                                            to already allocated large buffer? */
592                                                 } else {
593                                                         /* Have first buffer */
594                                                         mid_entry->resp_buf =
595                                                                  smb_buffer;
596                                                         mid_entry->largeBuf =
597                                                                  true;
598                                                         bigbuf = NULL;
599                                                 }
600                                         }
601                                         break;
602                                 }
603                                 mid_entry->resp_buf = smb_buffer;
604                                 mid_entry->largeBuf = isLargeBuf;
605 multi_t2_fnd:
606                                 task_to_wake = mid_entry->tsk;
607                                 mid_entry->midState = MID_RESPONSE_RECEIVED;
608 #ifdef CONFIG_CIFS_STATS2
609                                 mid_entry->when_received = jiffies;
610 #endif
611                                 /* so we do not time out requests to  server
612                                 which is still responding (since server could
613                                 be busy but not dead) */
614                                 server->lstrp = jiffies;
615                                 break;
616                         }
617                 }
618                 spin_unlock(&GlobalMid_Lock);
619                 if (task_to_wake) {
620                         /* Was previous buf put in mpx struct for multi-rsp? */
621                         if (!isMultiRsp) {
622                                 /* smb buffer will be freed by user thread */
623                                 if (isLargeBuf)
624                                         bigbuf = NULL;
625                                 else
626                                         smallbuf = NULL;
627                         }
628                         wake_up_process(task_to_wake);
629                 } else if (!is_valid_oplock_break(smb_buffer, server) &&
630                            !isMultiRsp) {
631                         cERROR(1, "No task to wake, unknown frame received! "
632                                    "NumMids %d", midCount.counter);
633                         cifs_dump_mem("Received Data is: ", (char *)smb_buffer,
634                                       sizeof(struct smb_hdr));
635 #ifdef CONFIG_CIFS_DEBUG2
636                         cifs_dump_detail(smb_buffer);
637                         cifs_dump_mids(server);
638 #endif /* CIFS_DEBUG2 */
639
640                 }
641         } /* end while !EXITING */
642
643         /* take it off the list, if it's not already */
644         spin_lock(&cifs_tcp_ses_lock);
645         list_del_init(&server->tcp_ses_list);
646         spin_unlock(&cifs_tcp_ses_lock);
647
648         spin_lock(&GlobalMid_Lock);
649         server->tcpStatus = CifsExiting;
650         spin_unlock(&GlobalMid_Lock);
651         wake_up_all(&server->response_q);
652
653         /* check if we have blocked requests that need to free */
654         /* Note that cifs_max_pending is normally 50, but
655         can be set at module install time to as little as two */
656         spin_lock(&GlobalMid_Lock);
657         if (atomic_read(&server->inFlight) >= cifs_max_pending)
658                 atomic_set(&server->inFlight, cifs_max_pending - 1);
659         /* We do not want to set the max_pending too low or we
660         could end up with the counter going negative */
661         spin_unlock(&GlobalMid_Lock);
662         /* Although there should not be any requests blocked on
663         this queue it can not hurt to be paranoid and try to wake up requests
664         that may haven been blocked when more than 50 at time were on the wire
665         to the same server - they now will see the session is in exit state
666         and get out of SendReceive.  */
667         wake_up_all(&server->request_q);
668         /* give those requests time to exit */
669         msleep(125);
670
671         if (server->ssocket) {
672                 sock_release(csocket);
673                 server->ssocket = NULL;
674         }
675         /* buffer usuallly freed in free_mid - need to free it here on exit */
676         cifs_buf_release(bigbuf);
677         if (smallbuf) /* no sense logging a debug message if NULL */
678                 cifs_small_buf_release(smallbuf);
679
680         /*
681          * BB: we shouldn't have to do any of this. It shouldn't be
682          * possible to exit from the thread with active SMB sessions
683          */
684         spin_lock(&cifs_tcp_ses_lock);
685         if (list_empty(&server->pending_mid_q)) {
686                 /* loop through server session structures attached to this and
687                     mark them dead */
688                 list_for_each(tmp, &server->smb_ses_list) {
689                         ses = list_entry(tmp, struct cifsSesInfo,
690                                          smb_ses_list);
691                         ses->status = CifsExiting;
692                         ses->server = NULL;
693                 }
694                 spin_unlock(&cifs_tcp_ses_lock);
695         } else {
696                 /* although we can not zero the server struct pointer yet,
697                 since there are active requests which may depnd on them,
698                 mark the corresponding SMB sessions as exiting too */
699                 list_for_each(tmp, &server->smb_ses_list) {
700                         ses = list_entry(tmp, struct cifsSesInfo,
701                                          smb_ses_list);
702                         ses->status = CifsExiting;
703                 }
704
705                 spin_lock(&GlobalMid_Lock);
706                 list_for_each(tmp, &server->pending_mid_q) {
707                 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
708                         if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
709                                 cFYI(1, "Clearing Mid 0x%x - waking up ",
710                                          mid_entry->mid);
711                                 task_to_wake = mid_entry->tsk;
712                                 if (task_to_wake)
713                                         wake_up_process(task_to_wake);
714                         }
715                 }
716                 spin_unlock(&GlobalMid_Lock);
717                 spin_unlock(&cifs_tcp_ses_lock);
718                 /* 1/8th of sec is more than enough time for them to exit */
719                 msleep(125);
720         }
721
722         if (!list_empty(&server->pending_mid_q)) {
723                 /* mpx threads have not exited yet give them
724                 at least the smb send timeout time for long ops */
725                 /* due to delays on oplock break requests, we need
726                 to wait at least 45 seconds before giving up
727                 on a request getting a response and going ahead
728                 and killing cifsd */
729                 cFYI(1, "Wait for exit from demultiplex thread");
730                 msleep(46000);
731                 /* if threads still have not exited they are probably never
732                 coming home not much else we can do but free the memory */
733         }
734
735         /* last chance to mark ses pointers invalid
736         if there are any pointing to this (e.g
737         if a crazy root user tried to kill cifsd
738         kernel thread explicitly this might happen) */
739         /* BB: This shouldn't be necessary, see above */
740         spin_lock(&cifs_tcp_ses_lock);
741         list_for_each(tmp, &server->smb_ses_list) {
742                 ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
743                 ses->server = NULL;
744         }
745         spin_unlock(&cifs_tcp_ses_lock);
746
747         kfree(server->hostname);
748         task_to_wake = xchg(&server->tsk, NULL);
749         kfree(server);
750
751         length = atomic_dec_return(&tcpSesAllocCount);
752         if (length  > 0)
753                 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
754                                 GFP_KERNEL);
755
756         /* if server->tsk was NULL then wait for a signal before exiting */
757         if (!task_to_wake) {
758                 set_current_state(TASK_INTERRUPTIBLE);
759                 while (!signal_pending(current)) {
760                         schedule();
761                         set_current_state(TASK_INTERRUPTIBLE);
762                 }
763                 set_current_state(TASK_RUNNING);
764         }
765
766         module_put_and_exit(0);
767 }
768
769 /* extract the host portion of the UNC string */
770 static char *
771 extract_hostname(const char *unc)
772 {
773         const char *src;
774         char *dst, *delim;
775         unsigned int len;
776
777         /* skip double chars at beginning of string */
778         /* BB: check validity of these bytes? */
779         src = unc + 2;
780
781         /* delimiter between hostname and sharename is always '\\' now */
782         delim = strchr(src, '\\');
783         if (!delim)
784                 return ERR_PTR(-EINVAL);
785
786         len = delim - src;
787         dst = kmalloc((len + 1), GFP_KERNEL);
788         if (dst == NULL)
789                 return ERR_PTR(-ENOMEM);
790
791         memcpy(dst, src, len);
792         dst[len] = '\0';
793
794         return dst;
795 }
796
797 static int
798 cifs_parse_mount_options(char *options, const char *devname,
799                          struct smb_vol *vol)
800 {
801         char *value;
802         char *data;
803         unsigned int  temp_len, i, j;
804         char separator[2];
805         short int override_uid = -1;
806         short int override_gid = -1;
807         bool uid_specified = false;
808         bool gid_specified = false;
809         char *nodename = utsname()->nodename;
810
811         separator[0] = ',';
812         separator[1] = 0;
813
814         /*
815          * does not have to be perfect mapping since field is
816          * informational, only used for servers that do not support
817          * port 445 and it can be overridden at mount time
818          */
819         memset(vol->source_rfc1001_name, 0x20, RFC1001_NAME_LEN);
820         for (i = 0; i < strnlen(nodename, RFC1001_NAME_LEN); i++)
821                 vol->source_rfc1001_name[i] = toupper(nodename[i]);
822
823         vol->source_rfc1001_name[RFC1001_NAME_LEN] = 0;
824         /* null target name indicates to use *SMBSERVR default called name
825            if we end up sending RFC1001 session initialize */
826         vol->target_rfc1001_name[0] = 0;
827         vol->cred_uid = current_uid();
828         vol->linux_uid = current_uid();
829         vol->linux_gid = current_gid();
830
831         /* default to only allowing write access to owner of the mount */
832         vol->dir_mode = vol->file_mode = S_IRUGO | S_IXUGO | S_IWUSR;
833
834         /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
835         /* default is always to request posix paths. */
836         vol->posix_paths = 1;
837         /* default to using server inode numbers where available */
838         vol->server_ino = 1;
839
840         vol->actimeo = CIFS_DEF_ACTIMEO;
841
842         if (!options)
843                 return 1;
844
845         if (strncmp(options, "sep=", 4) == 0) {
846                 if (options[4] != 0) {
847                         separator[0] = options[4];
848                         options += 5;
849                 } else {
850                         cFYI(1, "Null separator not allowed");
851                 }
852         }
853
854         while ((data = strsep(&options, separator)) != NULL) {
855                 if (!*data)
856                         continue;
857                 if ((value = strchr(data, '=')) != NULL)
858                         *value++ = '\0';
859
860                 /* Have to parse this before we parse for "user" */
861                 if (strnicmp(data, "user_xattr", 10) == 0) {
862                         vol->no_xattr = 0;
863                 } else if (strnicmp(data, "nouser_xattr", 12) == 0) {
864                         vol->no_xattr = 1;
865                 } else if (strnicmp(data, "user", 4) == 0) {
866                         if (!value) {
867                                 printk(KERN_WARNING
868                                        "CIFS: invalid or missing username\n");
869                                 return 1;       /* needs_arg; */
870                         } else if (!*value) {
871                                 /* null user, ie anonymous, authentication */
872                                 vol->nullauth = 1;
873                         }
874                         if (strnlen(value, 200) < 200) {
875                                 vol->username = value;
876                         } else {
877                                 printk(KERN_WARNING "CIFS: username too long\n");
878                                 return 1;
879                         }
880                 } else if (strnicmp(data, "pass", 4) == 0) {
881                         if (!value) {
882                                 vol->password = NULL;
883                                 continue;
884                         } else if (value[0] == 0) {
885                                 /* check if string begins with double comma
886                                    since that would mean the password really
887                                    does start with a comma, and would not
888                                    indicate an empty string */
889                                 if (value[1] != separator[0]) {
890                                         vol->password = NULL;
891                                         continue;
892                                 }
893                         }
894                         temp_len = strlen(value);
895                         /* removed password length check, NTLM passwords
896                                 can be arbitrarily long */
897
898                         /* if comma in password, the string will be
899                         prematurely null terminated.  Commas in password are
900                         specified across the cifs mount interface by a double
901                         comma ie ,, and a comma used as in other cases ie ','
902                         as a parameter delimiter/separator is single and due
903                         to the strsep above is temporarily zeroed. */
904
905                         /* NB: password legally can have multiple commas and
906                         the only illegal character in a password is null */
907
908                         if ((value[temp_len] == 0) &&
909                             (value[temp_len+1] == separator[0])) {
910                                 /* reinsert comma */
911                                 value[temp_len] = separator[0];
912                                 temp_len += 2;  /* move after second comma */
913                                 while (value[temp_len] != 0)  {
914                                         if (value[temp_len] == separator[0]) {
915                                                 if (value[temp_len+1] ==
916                                                      separator[0]) {
917                                                 /* skip second comma */
918                                                         temp_len++;
919                                                 } else {
920                                                 /* single comma indicating start
921                                                          of next parm */
922                                                         break;
923                                                 }
924                                         }
925                                         temp_len++;
926                                 }
927                                 if (value[temp_len] == 0) {
928                                         options = NULL;
929                                 } else {
930                                         value[temp_len] = 0;
931                                         /* point option to start of next parm */
932                                         options = value + temp_len + 1;
933                                 }
934                                 /* go from value to value + temp_len condensing
935                                 double commas to singles. Note that this ends up
936                                 allocating a few bytes too many, which is ok */
937                                 vol->password = kzalloc(temp_len, GFP_KERNEL);
938                                 if (vol->password == NULL) {
939                                         printk(KERN_WARNING "CIFS: no memory "
940                                                             "for password\n");
941                                         return 1;
942                                 }
943                                 for (i = 0, j = 0; i < temp_len; i++, j++) {
944                                         vol->password[j] = value[i];
945                                         if (value[i] == separator[0]
946                                                 && value[i+1] == separator[0]) {
947                                                 /* skip second comma */
948                                                 i++;
949                                         }
950                                 }
951                                 vol->password[j] = 0;
952                         } else {
953                                 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
954                                 if (vol->password == NULL) {
955                                         printk(KERN_WARNING "CIFS: no memory "
956                                                             "for password\n");
957                                         return 1;
958                                 }
959                                 strcpy(vol->password, value);
960                         }
961                 } else if (!strnicmp(data, "ip", 2) ||
962                            !strnicmp(data, "addr", 4)) {
963                         if (!value || !*value) {
964                                 vol->UNCip = NULL;
965                         } else if (strnlen(value, INET6_ADDRSTRLEN) <
966                                                         INET6_ADDRSTRLEN) {
967                                 vol->UNCip = value;
968                         } else {
969                                 printk(KERN_WARNING "CIFS: ip address "
970                                                     "too long\n");
971                                 return 1;
972                         }
973                 } else if (strnicmp(data, "sec", 3) == 0) {
974                         if (!value || !*value) {
975                                 cERROR(1, "no security value specified");
976                                 continue;
977                         } else if (strnicmp(value, "krb5i", 5) == 0) {
978                                 vol->secFlg |= CIFSSEC_MAY_KRB5 |
979                                         CIFSSEC_MUST_SIGN;
980                         } else if (strnicmp(value, "krb5p", 5) == 0) {
981                                 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
982                                         CIFSSEC_MAY_KRB5; */
983                                 cERROR(1, "Krb5 cifs privacy not supported");
984                                 return 1;
985                         } else if (strnicmp(value, "krb5", 4) == 0) {
986                                 vol->secFlg |= CIFSSEC_MAY_KRB5;
987                         } else if (strnicmp(value, "ntlmsspi", 8) == 0) {
988                                 vol->secFlg |= CIFSSEC_MAY_NTLMSSP |
989                                         CIFSSEC_MUST_SIGN;
990                         } else if (strnicmp(value, "ntlmssp", 7) == 0) {
991                                 vol->secFlg |= CIFSSEC_MAY_NTLMSSP;
992                         } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
993                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
994                                         CIFSSEC_MUST_SIGN;
995                         } else if (strnicmp(value, "ntlmv2", 6) == 0) {
996                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
997                         } else if (strnicmp(value, "ntlmi", 5) == 0) {
998                                 vol->secFlg |= CIFSSEC_MAY_NTLM |
999                                         CIFSSEC_MUST_SIGN;
1000                         } else if (strnicmp(value, "ntlm", 4) == 0) {
1001                                 /* ntlm is default so can be turned off too */
1002                                 vol->secFlg |= CIFSSEC_MAY_NTLM;
1003                         } else if (strnicmp(value, "nontlm", 6) == 0) {
1004                                 /* BB is there a better way to do this? */
1005                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
1006 #ifdef CONFIG_CIFS_WEAK_PW_HASH
1007                         } else if (strnicmp(value, "lanman", 6) == 0) {
1008                                 vol->secFlg |= CIFSSEC_MAY_LANMAN;
1009 #endif
1010                         } else if (strnicmp(value, "none", 4) == 0) {
1011                                 vol->nullauth = 1;
1012                         } else {
1013                                 cERROR(1, "bad security option: %s", value);
1014                                 return 1;
1015                         }
1016                 } else if ((strnicmp(data, "unc", 3) == 0)
1017                            || (strnicmp(data, "target", 6) == 0)
1018                            || (strnicmp(data, "path", 4) == 0)) {
1019                         if (!value || !*value) {
1020                                 printk(KERN_WARNING "CIFS: invalid path to "
1021                                                     "network resource\n");
1022                                 return 1;       /* needs_arg; */
1023                         }
1024                         if ((temp_len = strnlen(value, 300)) < 300) {
1025                                 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1026                                 if (vol->UNC == NULL)
1027                                         return 1;
1028                                 strcpy(vol->UNC, value);
1029                                 if (strncmp(vol->UNC, "//", 2) == 0) {
1030                                         vol->UNC[0] = '\\';
1031                                         vol->UNC[1] = '\\';
1032                                 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1033                                         printk(KERN_WARNING
1034                                                "CIFS: UNC Path does not begin "
1035                                                "with // or \\\\ \n");
1036                                         return 1;
1037                                 }
1038                         } else {
1039                                 printk(KERN_WARNING "CIFS: UNC name too long\n");
1040                                 return 1;
1041                         }
1042                 } else if ((strnicmp(data, "domain", 3) == 0)
1043                            || (strnicmp(data, "workgroup", 5) == 0)) {
1044                         if (!value || !*value) {
1045                                 printk(KERN_WARNING "CIFS: invalid domain name\n");
1046                                 return 1;       /* needs_arg; */
1047                         }
1048                         /* BB are there cases in which a comma can be valid in
1049                         a domain name and need special handling? */
1050                         if (strnlen(value, 256) < 256) {
1051                                 vol->domainname = value;
1052                                 cFYI(1, "Domain name set");
1053                         } else {
1054                                 printk(KERN_WARNING "CIFS: domain name too "
1055                                                     "long\n");
1056                                 return 1;
1057                         }
1058                 } else if (strnicmp(data, "srcaddr", 7) == 0) {
1059                         vol->srcaddr.ss_family = AF_UNSPEC;
1060
1061                         if (!value || !*value) {
1062                                 printk(KERN_WARNING "CIFS: srcaddr value"
1063                                        " not specified.\n");
1064                                 return 1;       /* needs_arg; */
1065                         }
1066                         i = cifs_convert_address((struct sockaddr *)&vol->srcaddr,
1067                                                  value, strlen(value));
1068                         if (i == 0) {
1069                                 printk(KERN_WARNING "CIFS:  Could not parse"
1070                                        " srcaddr: %s\n",
1071                                        value);
1072                                 return 1;
1073                         }
1074                 } else if (strnicmp(data, "prefixpath", 10) == 0) {
1075                         if (!value || !*value) {
1076                                 printk(KERN_WARNING
1077                                         "CIFS: invalid path prefix\n");
1078                                 return 1;       /* needs_argument */
1079                         }
1080                         if ((temp_len = strnlen(value, 1024)) < 1024) {
1081                                 if (value[0] != '/')
1082                                         temp_len++;  /* missing leading slash */
1083                                 vol->prepath = kmalloc(temp_len+1, GFP_KERNEL);
1084                                 if (vol->prepath == NULL)
1085                                         return 1;
1086                                 if (value[0] != '/') {
1087                                         vol->prepath[0] = '/';
1088                                         strcpy(vol->prepath+1, value);
1089                                 } else
1090                                         strcpy(vol->prepath, value);
1091                                 cFYI(1, "prefix path %s", vol->prepath);
1092                         } else {
1093                                 printk(KERN_WARNING "CIFS: prefix too long\n");
1094                                 return 1;
1095                         }
1096                 } else if (strnicmp(data, "iocharset", 9) == 0) {
1097                         if (!value || !*value) {
1098                                 printk(KERN_WARNING "CIFS: invalid iocharset "
1099                                                     "specified\n");
1100                                 return 1;       /* needs_arg; */
1101                         }
1102                         if (strnlen(value, 65) < 65) {
1103                                 if (strnicmp(value, "default", 7))
1104                                         vol->iocharset = value;
1105                                 /* if iocharset not set then load_nls_default
1106                                    is used by caller */
1107                                 cFYI(1, "iocharset set to %s", value);
1108                         } else {
1109                                 printk(KERN_WARNING "CIFS: iocharset name "
1110                                                     "too long.\n");
1111                                 return 1;
1112                         }
1113                 } else if (!strnicmp(data, "uid", 3) && value && *value) {
1114                         vol->linux_uid = simple_strtoul(value, &value, 0);
1115                         uid_specified = true;
1116                 } else if (!strnicmp(data, "forceuid", 8)) {
1117                         override_uid = 1;
1118                 } else if (!strnicmp(data, "noforceuid", 10)) {
1119                         override_uid = 0;
1120                 } else if (!strnicmp(data, "gid", 3) && value && *value) {
1121                         vol->linux_gid = simple_strtoul(value, &value, 0);
1122                         gid_specified = true;
1123                 } else if (!strnicmp(data, "forcegid", 8)) {
1124                         override_gid = 1;
1125                 } else if (!strnicmp(data, "noforcegid", 10)) {
1126                         override_gid = 0;
1127                 } else if (strnicmp(data, "file_mode", 4) == 0) {
1128                         if (value && *value) {
1129                                 vol->file_mode =
1130                                         simple_strtoul(value, &value, 0);
1131                         }
1132                 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1133                         if (value && *value) {
1134                                 vol->dir_mode =
1135                                         simple_strtoul(value, &value, 0);
1136                         }
1137                 } else if (strnicmp(data, "dirmode", 4) == 0) {
1138                         if (value && *value) {
1139                                 vol->dir_mode =
1140                                         simple_strtoul(value, &value, 0);
1141                         }
1142                 } else if (strnicmp(data, "port", 4) == 0) {
1143                         if (value && *value) {
1144                                 vol->port =
1145                                         simple_strtoul(value, &value, 0);
1146                         }
1147                 } else if (strnicmp(data, "rsize", 5) == 0) {
1148                         if (value && *value) {
1149                                 vol->rsize =
1150                                         simple_strtoul(value, &value, 0);
1151                         }
1152                 } else if (strnicmp(data, "wsize", 5) == 0) {
1153                         if (value && *value) {
1154                                 vol->wsize =
1155                                         simple_strtoul(value, &value, 0);
1156                         }
1157                 } else if (strnicmp(data, "sockopt", 5) == 0) {
1158                         if (!value || !*value) {
1159                                 cERROR(1, "no socket option specified");
1160                                 continue;
1161                         } else if (strnicmp(value, "TCP_NODELAY", 11) == 0) {
1162                                 vol->sockopt_tcp_nodelay = 1;
1163                         }
1164                 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1165                         if (!value || !*value || (*value == ' ')) {
1166                                 cFYI(1, "invalid (empty) netbiosname");
1167                         } else {
1168                                 memset(vol->source_rfc1001_name, 0x20,
1169                                         RFC1001_NAME_LEN);
1170                                 /*
1171                                  * FIXME: are there cases in which a comma can
1172                                  * be valid in workstation netbios name (and
1173                                  * need special handling)?
1174                                  */
1175                                 for (i = 0; i < RFC1001_NAME_LEN; i++) {
1176                                         /* don't ucase netbiosname for user */
1177                                         if (value[i] == 0)
1178                                                 break;
1179                                         vol->source_rfc1001_name[i] = value[i];
1180                                 }
1181                                 /* The string has 16th byte zero still from
1182                                 set at top of the function  */
1183                                 if (i == RFC1001_NAME_LEN && value[i] != 0)
1184                                         printk(KERN_WARNING "CIFS: netbiosname"
1185                                                 " longer than 15 truncated.\n");
1186                         }
1187                 } else if (strnicmp(data, "servern", 7) == 0) {
1188                         /* servernetbiosname specified override *SMBSERVER */
1189                         if (!value || !*value || (*value == ' ')) {
1190                                 cFYI(1, "empty server netbiosname specified");
1191                         } else {
1192                                 /* last byte, type, is 0x20 for servr type */
1193                                 memset(vol->target_rfc1001_name, 0x20,
1194                                         RFC1001_NAME_LEN_WITH_NULL);
1195
1196                                 for (i = 0; i < 15; i++) {
1197                                 /* BB are there cases in which a comma can be
1198                                    valid in this workstation netbios name
1199                                    (and need special handling)? */
1200
1201                                 /* user or mount helper must uppercase
1202                                    the netbiosname */
1203                                         if (value[i] == 0)
1204                                                 break;
1205                                         else
1206                                                 vol->target_rfc1001_name[i] =
1207                                                                 value[i];
1208                                 }
1209                                 /* The string has 16th byte zero still from
1210                                    set at top of the function  */
1211                                 if (i == RFC1001_NAME_LEN && value[i] != 0)
1212                                         printk(KERN_WARNING "CIFS: server net"
1213                                         "biosname longer than 15 truncated.\n");
1214                         }
1215                 } else if (strnicmp(data, "actimeo", 7) == 0) {
1216                         if (value && *value) {
1217                                 vol->actimeo = HZ * simple_strtoul(value,
1218                                                                    &value, 0);
1219                                 if (vol->actimeo > CIFS_MAX_ACTIMEO) {
1220                                         cERROR(1, "CIFS: attribute cache"
1221                                                         "timeout too large");
1222                                         return 1;
1223                                 }
1224                         }
1225                 } else if (strnicmp(data, "credentials", 4) == 0) {
1226                         /* ignore */
1227                 } else if (strnicmp(data, "version", 3) == 0) {
1228                         /* ignore */
1229                 } else if (strnicmp(data, "guest", 5) == 0) {
1230                         /* ignore */
1231                 } else if (strnicmp(data, "rw", 2) == 0) {
1232                         /* ignore */
1233                 } else if (strnicmp(data, "ro", 2) == 0) {
1234                         /* ignore */
1235                 } else if (strnicmp(data, "noblocksend", 11) == 0) {
1236                         vol->noblocksnd = 1;
1237                 } else if (strnicmp(data, "noautotune", 10) == 0) {
1238                         vol->noautotune = 1;
1239                 } else if ((strnicmp(data, "suid", 4) == 0) ||
1240                                    (strnicmp(data, "nosuid", 6) == 0) ||
1241                                    (strnicmp(data, "exec", 4) == 0) ||
1242                                    (strnicmp(data, "noexec", 6) == 0) ||
1243                                    (strnicmp(data, "nodev", 5) == 0) ||
1244                                    (strnicmp(data, "noauto", 6) == 0) ||
1245                                    (strnicmp(data, "dev", 3) == 0)) {
1246                         /*  The mount tool or mount.cifs helper (if present)
1247                             uses these opts to set flags, and the flags are read
1248                             by the kernel vfs layer before we get here (ie
1249                             before read super) so there is no point trying to
1250                             parse these options again and set anything and it
1251                             is ok to just ignore them */
1252                         continue;
1253                 } else if (strnicmp(data, "hard", 4) == 0) {
1254                         vol->retry = 1;
1255                 } else if (strnicmp(data, "soft", 4) == 0) {
1256                         vol->retry = 0;
1257                 } else if (strnicmp(data, "perm", 4) == 0) {
1258                         vol->noperm = 0;
1259                 } else if (strnicmp(data, "noperm", 6) == 0) {
1260                         vol->noperm = 1;
1261                 } else if (strnicmp(data, "mapchars", 8) == 0) {
1262                         vol->remap = 1;
1263                 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1264                         vol->remap = 0;
1265                 } else if (strnicmp(data, "sfu", 3) == 0) {
1266                         vol->sfu_emul = 1;
1267                 } else if (strnicmp(data, "nosfu", 5) == 0) {
1268                         vol->sfu_emul = 0;
1269                 } else if (strnicmp(data, "nodfs", 5) == 0) {
1270                         vol->nodfs = 1;
1271                 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1272                         vol->posix_paths = 1;
1273                 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1274                         vol->posix_paths = 0;
1275                 } else if (strnicmp(data, "nounix", 6) == 0) {
1276                         vol->no_linux_ext = 1;
1277                 } else if (strnicmp(data, "nolinux", 7) == 0) {
1278                         vol->no_linux_ext = 1;
1279                 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1280                            (strnicmp(data, "ignorecase", 10)  == 0)) {
1281                         vol->nocase = 1;
1282                 } else if (strnicmp(data, "mand", 4) == 0) {
1283                         /* ignore */
1284                 } else if (strnicmp(data, "nomand", 6) == 0) {
1285                         /* ignore */
1286                 } else if (strnicmp(data, "_netdev", 7) == 0) {
1287                         /* ignore */
1288                 } else if (strnicmp(data, "brl", 3) == 0) {
1289                         vol->nobrl =  0;
1290                 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1291                            (strnicmp(data, "nolock", 6) == 0)) {
1292                         vol->nobrl =  1;
1293                         /* turn off mandatory locking in mode
1294                         if remote locking is turned off since the
1295                         local vfs will do advisory */
1296                         if (vol->file_mode ==
1297                                 (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1298                                 vol->file_mode = S_IALLUGO;
1299                 } else if (strnicmp(data, "forcemandatorylock", 9) == 0) {
1300                         /* will take the shorter form "forcemand" as well */
1301                         /* This mount option will force use of mandatory
1302                           (DOS/Windows style) byte range locks, instead of
1303                           using posix advisory byte range locks, even if the
1304                           Unix extensions are available and posix locks would
1305                           be supported otherwise. If Unix extensions are not
1306                           negotiated this has no effect since mandatory locks
1307                           would be used (mandatory locks is all that those
1308                           those servers support) */
1309                         vol->mand_lock = 1;
1310                 } else if (strnicmp(data, "setuids", 7) == 0) {
1311                         vol->setuids = 1;
1312                 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1313                         vol->setuids = 0;
1314                 } else if (strnicmp(data, "dynperm", 7) == 0) {
1315                         vol->dynperm = true;
1316                 } else if (strnicmp(data, "nodynperm", 9) == 0) {
1317                         vol->dynperm = false;
1318                 } else if (strnicmp(data, "nohard", 6) == 0) {
1319                         vol->retry = 0;
1320                 } else if (strnicmp(data, "nosoft", 6) == 0) {
1321                         vol->retry = 1;
1322                 } else if (strnicmp(data, "nointr", 6) == 0) {
1323                         vol->intr = 0;
1324                 } else if (strnicmp(data, "intr", 4) == 0) {
1325                         vol->intr = 1;
1326                 } else if (strnicmp(data, "nostrictsync", 12) == 0) {
1327                         vol->nostrictsync = 1;
1328                 } else if (strnicmp(data, "strictsync", 10) == 0) {
1329                         vol->nostrictsync = 0;
1330                 } else if (strnicmp(data, "serverino", 7) == 0) {
1331                         vol->server_ino = 1;
1332                 } else if (strnicmp(data, "noserverino", 9) == 0) {
1333                         vol->server_ino = 0;
1334                 } else if (strnicmp(data, "cifsacl", 7) == 0) {
1335                         vol->cifs_acl = 1;
1336                 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1337                         vol->cifs_acl = 0;
1338                 } else if (strnicmp(data, "acl", 3) == 0) {
1339                         vol->no_psx_acl = 0;
1340                 } else if (strnicmp(data, "noacl", 5) == 0) {
1341                         vol->no_psx_acl = 1;
1342                 } else if (strnicmp(data, "locallease", 6) == 0) {
1343                         vol->local_lease = 1;
1344                 } else if (strnicmp(data, "sign", 4) == 0) {
1345                         vol->secFlg |= CIFSSEC_MUST_SIGN;
1346                 } else if (strnicmp(data, "seal", 4) == 0) {
1347                         /* we do not do the following in secFlags because seal
1348                            is a per tree connection (mount) not a per socket
1349                            or per-smb connection option in the protocol */
1350                         /* vol->secFlg |= CIFSSEC_MUST_SEAL; */
1351                         vol->seal = 1;
1352                 } else if (strnicmp(data, "direct", 6) == 0) {
1353                         vol->direct_io = 1;
1354                 } else if (strnicmp(data, "forcedirectio", 13) == 0) {
1355                         vol->direct_io = 1;
1356                 } else if (strnicmp(data, "noac", 4) == 0) {
1357                         printk(KERN_WARNING "CIFS: Mount option noac not "
1358                                 "supported. Instead set "
1359                                 "/proc/fs/cifs/LookupCacheEnabled to 0\n");
1360                 } else if (strnicmp(data, "fsc", 3) == 0) {
1361 #ifndef CONFIG_CIFS_FSCACHE
1362                         cERROR(1, "FS-Cache support needs CONFIG_CIFS_FSCACHE"
1363                                   "kernel config option set");
1364                         return 1;
1365 #endif
1366                         vol->fsc = true;
1367                 } else if (strnicmp(data, "mfsymlinks", 10) == 0) {
1368                         vol->mfsymlinks = true;
1369                 } else if (strnicmp(data, "multiuser", 8) == 0) {
1370                         vol->multiuser = true;
1371                 } else
1372                         printk(KERN_WARNING "CIFS: Unknown mount option %s\n",
1373                                                 data);
1374         }
1375         if (vol->UNC == NULL) {
1376                 if (devname == NULL) {
1377                         printk(KERN_WARNING "CIFS: Missing UNC name for mount "
1378                                                 "target\n");
1379                         return 1;
1380                 }
1381                 if ((temp_len = strnlen(devname, 300)) < 300) {
1382                         vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1383                         if (vol->UNC == NULL)
1384                                 return 1;
1385                         strcpy(vol->UNC, devname);
1386                         if (strncmp(vol->UNC, "//", 2) == 0) {
1387                                 vol->UNC[0] = '\\';
1388                                 vol->UNC[1] = '\\';
1389                         } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1390                                 printk(KERN_WARNING "CIFS: UNC Path does not "
1391                                                     "begin with // or \\\\ \n");
1392                                 return 1;
1393                         }
1394                         value = strpbrk(vol->UNC+2, "/\\");
1395                         if (value)
1396                                 *value = '\\';
1397                 } else {
1398                         printk(KERN_WARNING "CIFS: UNC name too long\n");
1399                         return 1;
1400                 }
1401         }
1402
1403         if (vol->multiuser && !(vol->secFlg & CIFSSEC_MAY_KRB5)) {
1404                 cERROR(1, "Multiuser mounts currently require krb5 "
1405                           "authentication!");
1406                 return 1;
1407         }
1408
1409         if (vol->UNCip == NULL)
1410                 vol->UNCip = &vol->UNC[2];
1411
1412         if (uid_specified)
1413                 vol->override_uid = override_uid;
1414         else if (override_uid == 1)
1415                 printk(KERN_NOTICE "CIFS: ignoring forceuid mount option "
1416                                    "specified with no uid= option.\n");
1417
1418         if (gid_specified)
1419                 vol->override_gid = override_gid;
1420         else if (override_gid == 1)
1421                 printk(KERN_NOTICE "CIFS: ignoring forcegid mount option "
1422                                    "specified with no gid= option.\n");
1423
1424         return 0;
1425 }
1426
1427 /** Returns true if srcaddr isn't specified and rhs isn't
1428  * specified, or if srcaddr is specified and
1429  * matches the IP address of the rhs argument.
1430  */
1431 static bool
1432 srcip_matches(struct sockaddr *srcaddr, struct sockaddr *rhs)
1433 {
1434         switch (srcaddr->sa_family) {
1435         case AF_UNSPEC:
1436                 return (rhs->sa_family == AF_UNSPEC);
1437         case AF_INET: {
1438                 struct sockaddr_in *saddr4 = (struct sockaddr_in *)srcaddr;
1439                 struct sockaddr_in *vaddr4 = (struct sockaddr_in *)rhs;
1440                 return (saddr4->sin_addr.s_addr == vaddr4->sin_addr.s_addr);
1441         }
1442         case AF_INET6: {
1443                 struct sockaddr_in6 *saddr6 = (struct sockaddr_in6 *)srcaddr;
1444                 struct sockaddr_in6 *vaddr6 = (struct sockaddr_in6 *)&rhs;
1445                 return ipv6_addr_equal(&saddr6->sin6_addr, &vaddr6->sin6_addr);
1446         }
1447         default:
1448                 WARN_ON(1);
1449                 return false; /* don't expect to be here */
1450         }
1451 }
1452
1453 /*
1454  * If no port is specified in addr structure, we try to match with 445 port
1455  * and if it fails - with 139 ports. It should be called only if address
1456  * families of server and addr are equal.
1457  */
1458 static bool
1459 match_port(struct TCP_Server_Info *server, struct sockaddr *addr)
1460 {
1461         unsigned short int port, *sport;
1462
1463         switch (addr->sa_family) {
1464         case AF_INET:
1465                 sport = &((struct sockaddr_in *) &server->dstaddr)->sin_port;
1466                 port = ((struct sockaddr_in *) addr)->sin_port;
1467                 break;
1468         case AF_INET6:
1469                 sport = &((struct sockaddr_in6 *) &server->dstaddr)->sin6_port;
1470                 port = ((struct sockaddr_in6 *) addr)->sin6_port;
1471                 break;
1472         default:
1473                 WARN_ON(1);
1474                 return false;
1475         }
1476
1477         if (!port) {
1478                 port = htons(CIFS_PORT);
1479                 if (port == *sport)
1480                         return true;
1481
1482                 port = htons(RFC1001_PORT);
1483         }
1484
1485         return port == *sport;
1486 }
1487
1488 static bool
1489 match_address(struct TCP_Server_Info *server, struct sockaddr *addr,
1490               struct sockaddr *srcaddr)
1491 {
1492         switch (addr->sa_family) {
1493         case AF_INET: {
1494                 struct sockaddr_in *addr4 = (struct sockaddr_in *)addr;
1495                 struct sockaddr_in *srv_addr4 =
1496                                         (struct sockaddr_in *)&server->dstaddr;
1497
1498                 if (addr4->sin_addr.s_addr != srv_addr4->sin_addr.s_addr)
1499                         return false;
1500                 break;
1501         }
1502         case AF_INET6: {
1503                 struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)addr;
1504                 struct sockaddr_in6 *srv_addr6 =
1505                                         (struct sockaddr_in6 *)&server->dstaddr;
1506
1507                 if (!ipv6_addr_equal(&addr6->sin6_addr,
1508                                      &srv_addr6->sin6_addr))
1509                         return false;
1510                 if (addr6->sin6_scope_id != srv_addr6->sin6_scope_id)
1511                         return false;
1512                 break;
1513         }
1514         default:
1515                 WARN_ON(1);
1516                 return false; /* don't expect to be here */
1517         }
1518
1519         if (!srcip_matches(srcaddr, (struct sockaddr *)&server->srcaddr))
1520                 return false;
1521
1522         return true;
1523 }
1524
1525 static bool
1526 match_security(struct TCP_Server_Info *server, struct smb_vol *vol)
1527 {
1528         unsigned int secFlags;
1529
1530         if (vol->secFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL)))
1531                 secFlags = vol->secFlg;
1532         else
1533                 secFlags = global_secflags | vol->secFlg;
1534
1535         switch (server->secType) {
1536         case LANMAN:
1537                 if (!(secFlags & (CIFSSEC_MAY_LANMAN|CIFSSEC_MAY_PLNTXT)))
1538                         return false;
1539                 break;
1540         case NTLMv2:
1541                 if (!(secFlags & CIFSSEC_MAY_NTLMV2))
1542                         return false;
1543                 break;
1544         case NTLM:
1545                 if (!(secFlags & CIFSSEC_MAY_NTLM))
1546                         return false;
1547                 break;
1548         case Kerberos:
1549                 if (!(secFlags & CIFSSEC_MAY_KRB5))
1550                         return false;
1551                 break;
1552         case RawNTLMSSP:
1553                 if (!(secFlags & CIFSSEC_MAY_NTLMSSP))
1554                         return false;
1555                 break;
1556         default:
1557                 /* shouldn't happen */
1558                 return false;
1559         }
1560
1561         /* now check if signing mode is acceptible */
1562         if ((secFlags & CIFSSEC_MAY_SIGN) == 0 &&
1563             (server->secMode & SECMODE_SIGN_REQUIRED))
1564                         return false;
1565         else if (((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) &&
1566                  (server->secMode &
1567                   (SECMODE_SIGN_ENABLED|SECMODE_SIGN_REQUIRED)) == 0)
1568                         return false;
1569
1570         return true;
1571 }
1572
1573 static struct TCP_Server_Info *
1574 cifs_find_tcp_session(struct sockaddr *addr, struct smb_vol *vol)
1575 {
1576         struct TCP_Server_Info *server;
1577
1578         spin_lock(&cifs_tcp_ses_lock);
1579         list_for_each_entry(server, &cifs_tcp_ses_list, tcp_ses_list) {
1580                 if (!match_address(server, addr,
1581                                    (struct sockaddr *)&vol->srcaddr))
1582                         continue;
1583
1584                 if (!match_port(server, addr))
1585                         continue;
1586
1587                 if (!match_security(server, vol))
1588                         continue;
1589
1590                 ++server->srv_count;
1591                 spin_unlock(&cifs_tcp_ses_lock);
1592                 cFYI(1, "Existing tcp session with server found");
1593                 return server;
1594         }
1595         spin_unlock(&cifs_tcp_ses_lock);
1596         return NULL;
1597 }
1598
1599 static void
1600 cifs_put_tcp_session(struct TCP_Server_Info *server)
1601 {
1602         struct task_struct *task;
1603
1604         spin_lock(&cifs_tcp_ses_lock);
1605         if (--server->srv_count > 0) {
1606                 spin_unlock(&cifs_tcp_ses_lock);
1607                 return;
1608         }
1609
1610         list_del_init(&server->tcp_ses_list);
1611         spin_unlock(&cifs_tcp_ses_lock);
1612
1613         spin_lock(&GlobalMid_Lock);
1614         server->tcpStatus = CifsExiting;
1615         spin_unlock(&GlobalMid_Lock);
1616
1617         cifs_crypto_shash_release(server);
1618         cifs_fscache_release_client_cookie(server);
1619
1620         kfree(server->session_key.response);
1621         server->session_key.response = NULL;
1622         server->session_key.len = 0;
1623
1624         task = xchg(&server->tsk, NULL);
1625         if (task)
1626                 force_sig(SIGKILL, task);
1627 }
1628
1629 static struct TCP_Server_Info *
1630 cifs_get_tcp_session(struct smb_vol *volume_info)
1631 {
1632         struct TCP_Server_Info *tcp_ses = NULL;
1633         struct sockaddr_storage addr;
1634         struct sockaddr_in *sin_server = (struct sockaddr_in *) &addr;
1635         struct sockaddr_in6 *sin_server6 = (struct sockaddr_in6 *) &addr;
1636         int rc;
1637
1638         memset(&addr, 0, sizeof(struct sockaddr_storage));
1639
1640         cFYI(1, "UNC: %s ip: %s", volume_info->UNC, volume_info->UNCip);
1641
1642         if (volume_info->UNCip && volume_info->UNC) {
1643                 rc = cifs_fill_sockaddr((struct sockaddr *)&addr,
1644                                         volume_info->UNCip,
1645                                         strlen(volume_info->UNCip),
1646                                         volume_info->port);
1647                 if (!rc) {
1648                         /* we failed translating address */
1649                         rc = -EINVAL;
1650                         goto out_err;
1651                 }
1652         } else if (volume_info->UNCip) {
1653                 /* BB using ip addr as tcp_ses name to connect to the
1654                    DFS root below */
1655                 cERROR(1, "Connecting to DFS root not implemented yet");
1656                 rc = -EINVAL;
1657                 goto out_err;
1658         } else /* which tcp_sess DFS root would we conect to */ {
1659                 cERROR(1, "CIFS mount error: No UNC path (e.g. -o "
1660                         "unc=//192.168.1.100/public) specified");
1661                 rc = -EINVAL;
1662                 goto out_err;
1663         }
1664
1665         /* see if we already have a matching tcp_ses */
1666         tcp_ses = cifs_find_tcp_session((struct sockaddr *)&addr, volume_info);
1667         if (tcp_ses)
1668                 return tcp_ses;
1669
1670         tcp_ses = kzalloc(sizeof(struct TCP_Server_Info), GFP_KERNEL);
1671         if (!tcp_ses) {
1672                 rc = -ENOMEM;
1673                 goto out_err;
1674         }
1675
1676         rc = cifs_crypto_shash_allocate(tcp_ses);
1677         if (rc) {
1678                 cERROR(1, "could not setup hash structures rc %d", rc);
1679                 goto out_err;
1680         }
1681
1682         tcp_ses->hostname = extract_hostname(volume_info->UNC);
1683         if (IS_ERR(tcp_ses->hostname)) {
1684                 rc = PTR_ERR(tcp_ses->hostname);
1685                 goto out_err_crypto_release;
1686         }
1687
1688         tcp_ses->noblocksnd = volume_info->noblocksnd;
1689         tcp_ses->noautotune = volume_info->noautotune;
1690         tcp_ses->tcp_nodelay = volume_info->sockopt_tcp_nodelay;
1691         atomic_set(&tcp_ses->inFlight, 0);
1692         init_waitqueue_head(&tcp_ses->response_q);
1693         init_waitqueue_head(&tcp_ses->request_q);
1694         INIT_LIST_HEAD(&tcp_ses->pending_mid_q);
1695         mutex_init(&tcp_ses->srv_mutex);
1696         memcpy(tcp_ses->workstation_RFC1001_name,
1697                 volume_info->source_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1698         memcpy(tcp_ses->server_RFC1001_name,
1699                 volume_info->target_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1700         tcp_ses->session_estab = false;
1701         tcp_ses->sequence_number = 0;
1702         INIT_LIST_HEAD(&tcp_ses->tcp_ses_list);
1703         INIT_LIST_HEAD(&tcp_ses->smb_ses_list);
1704
1705         /*
1706          * at this point we are the only ones with the pointer
1707          * to the struct since the kernel thread not created yet
1708          * no need to spinlock this init of tcpStatus or srv_count
1709          */
1710         tcp_ses->tcpStatus = CifsNew;
1711         memcpy(&tcp_ses->srcaddr, &volume_info->srcaddr,
1712                sizeof(tcp_ses->srcaddr));
1713         ++tcp_ses->srv_count;
1714
1715         if (addr.ss_family == AF_INET6) {
1716                 cFYI(1, "attempting ipv6 connect");
1717                 /* BB should we allow ipv6 on port 139? */
1718                 /* other OS never observed in Wild doing 139 with v6 */
1719                 memcpy(&tcp_ses->dstaddr, sin_server6,
1720                        sizeof(struct sockaddr_in6));
1721         } else
1722                 memcpy(&tcp_ses->dstaddr, sin_server,
1723                        sizeof(struct sockaddr_in));
1724
1725         rc = ip_connect(tcp_ses);
1726         if (rc < 0) {
1727                 cERROR(1, "Error connecting to socket. Aborting operation");
1728                 goto out_err_crypto_release;
1729         }
1730
1731         /*
1732          * since we're in a cifs function already, we know that
1733          * this will succeed. No need for try_module_get().
1734          */
1735         __module_get(THIS_MODULE);
1736         tcp_ses->tsk = kthread_run((void *)(void *)cifs_demultiplex_thread,
1737                                   tcp_ses, "cifsd");
1738         if (IS_ERR(tcp_ses->tsk)) {
1739                 rc = PTR_ERR(tcp_ses->tsk);
1740                 cERROR(1, "error %d create cifsd thread", rc);
1741                 module_put(THIS_MODULE);
1742                 goto out_err_crypto_release;
1743         }
1744
1745         /* thread spawned, put it on the list */
1746         spin_lock(&cifs_tcp_ses_lock);
1747         list_add(&tcp_ses->tcp_ses_list, &cifs_tcp_ses_list);
1748         spin_unlock(&cifs_tcp_ses_lock);
1749
1750         cifs_fscache_get_client_cookie(tcp_ses);
1751
1752         return tcp_ses;
1753
1754 out_err_crypto_release:
1755         cifs_crypto_shash_release(tcp_ses);
1756
1757 out_err:
1758         if (tcp_ses) {
1759                 if (!IS_ERR(tcp_ses->hostname))
1760                         kfree(tcp_ses->hostname);
1761                 if (tcp_ses->ssocket)
1762                         sock_release(tcp_ses->ssocket);
1763                 kfree(tcp_ses);
1764         }
1765         return ERR_PTR(rc);
1766 }
1767
1768 static struct cifsSesInfo *
1769 cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb_vol *vol)
1770 {
1771         struct cifsSesInfo *ses;
1772
1773         spin_lock(&cifs_tcp_ses_lock);
1774         list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
1775                 switch (server->secType) {
1776                 case Kerberos:
1777                         if (vol->cred_uid != ses->cred_uid)
1778                                 continue;
1779                         break;
1780                 default:
1781                         /* anything else takes username/password */
1782                         if (strncmp(ses->userName, vol->username,
1783                                     MAX_USERNAME_SIZE))
1784                                 continue;
1785                         if (strlen(vol->username) != 0 &&
1786                             ses->password != NULL &&
1787                             strncmp(ses->password,
1788                                     vol->password ? vol->password : "",
1789                                     MAX_PASSWORD_SIZE))
1790                                 continue;
1791                 }
1792                 ++ses->ses_count;
1793                 spin_unlock(&cifs_tcp_ses_lock);
1794                 return ses;
1795         }
1796         spin_unlock(&cifs_tcp_ses_lock);
1797         return NULL;
1798 }
1799
1800 static void
1801 cifs_put_smb_ses(struct cifsSesInfo *ses)
1802 {
1803         int xid;
1804         struct TCP_Server_Info *server = ses->server;
1805
1806         cFYI(1, "%s: ses_count=%d\n", __func__, ses->ses_count);
1807         spin_lock(&cifs_tcp_ses_lock);
1808         if (--ses->ses_count > 0) {
1809                 spin_unlock(&cifs_tcp_ses_lock);
1810                 return;
1811         }
1812
1813         list_del_init(&ses->smb_ses_list);
1814         spin_unlock(&cifs_tcp_ses_lock);
1815
1816         if (ses->status == CifsGood) {
1817                 xid = GetXid();
1818                 CIFSSMBLogoff(xid, ses);
1819                 _FreeXid(xid);
1820         }
1821         sesInfoFree(ses);
1822         cifs_put_tcp_session(server);
1823 }
1824
1825 static struct cifsSesInfo *
1826 cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb_vol *volume_info)
1827 {
1828         int rc = -ENOMEM, xid;
1829         struct cifsSesInfo *ses;
1830         struct sockaddr_in *addr = (struct sockaddr_in *)&server->dstaddr;
1831         struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)&server->dstaddr;
1832
1833         xid = GetXid();
1834
1835         ses = cifs_find_smb_ses(server, volume_info);
1836         if (ses) {
1837                 cFYI(1, "Existing smb sess found (status=%d)", ses->status);
1838
1839                 mutex_lock(&ses->session_mutex);
1840                 rc = cifs_negotiate_protocol(xid, ses);
1841                 if (rc) {
1842                         mutex_unlock(&ses->session_mutex);
1843                         /* problem -- put our ses reference */
1844                         cifs_put_smb_ses(ses);
1845                         FreeXid(xid);
1846                         return ERR_PTR(rc);
1847                 }
1848                 if (ses->need_reconnect) {
1849                         cFYI(1, "Session needs reconnect");
1850                         rc = cifs_setup_session(xid, ses,
1851                                                 volume_info->local_nls);
1852                         if (rc) {
1853                                 mutex_unlock(&ses->session_mutex);
1854                                 /* problem -- put our reference */
1855                                 cifs_put_smb_ses(ses);
1856                                 FreeXid(xid);
1857                                 return ERR_PTR(rc);
1858                         }
1859                 }
1860                 mutex_unlock(&ses->session_mutex);
1861
1862                 /* existing SMB ses has a server reference already */
1863                 cifs_put_tcp_session(server);
1864                 FreeXid(xid);
1865                 return ses;
1866         }
1867
1868         cFYI(1, "Existing smb sess not found");
1869         ses = sesInfoAlloc();
1870         if (ses == NULL)
1871                 goto get_ses_fail;
1872
1873         /* new SMB session uses our server ref */
1874         ses->server = server;
1875         if (server->dstaddr.ss_family == AF_INET6)
1876                 sprintf(ses->serverName, "%pI6", &addr6->sin6_addr);
1877         else
1878                 sprintf(ses->serverName, "%pI4", &addr->sin_addr);
1879
1880         if (volume_info->username)
1881                 strncpy(ses->userName, volume_info->username,
1882                         MAX_USERNAME_SIZE);
1883
1884         /* volume_info->password freed at unmount */
1885         if (volume_info->password) {
1886                 ses->password = kstrdup(volume_info->password, GFP_KERNEL);
1887                 if (!ses->password)
1888                         goto get_ses_fail;
1889         }
1890         if (volume_info->domainname) {
1891                 ses->domainName = kstrdup(volume_info->domainname, GFP_KERNEL);
1892                 if (!ses->domainName)
1893                         goto get_ses_fail;
1894         }
1895         ses->cred_uid = volume_info->cred_uid;
1896         ses->linux_uid = volume_info->linux_uid;
1897         ses->overrideSecFlg = volume_info->secFlg;
1898
1899         mutex_lock(&ses->session_mutex);
1900         rc = cifs_negotiate_protocol(xid, ses);
1901         if (!rc)
1902                 rc = cifs_setup_session(xid, ses, volume_info->local_nls);
1903         mutex_unlock(&ses->session_mutex);
1904         if (rc)
1905                 goto get_ses_fail;
1906
1907         /* success, put it on the list */
1908         spin_lock(&cifs_tcp_ses_lock);
1909         list_add(&ses->smb_ses_list, &server->smb_ses_list);
1910         spin_unlock(&cifs_tcp_ses_lock);
1911
1912         FreeXid(xid);
1913         return ses;
1914
1915 get_ses_fail:
1916         sesInfoFree(ses);
1917         FreeXid(xid);
1918         return ERR_PTR(rc);
1919 }
1920
1921 static struct cifsTconInfo *
1922 cifs_find_tcon(struct cifsSesInfo *ses, const char *unc)
1923 {
1924         struct list_head *tmp;
1925         struct cifsTconInfo *tcon;
1926
1927         spin_lock(&cifs_tcp_ses_lock);
1928         list_for_each(tmp, &ses->tcon_list) {
1929                 tcon = list_entry(tmp, struct cifsTconInfo, tcon_list);
1930                 if (tcon->tidStatus == CifsExiting)
1931                         continue;
1932                 if (strncmp(tcon->treeName, unc, MAX_TREE_SIZE))
1933                         continue;
1934
1935                 ++tcon->tc_count;
1936                 spin_unlock(&cifs_tcp_ses_lock);
1937                 return tcon;
1938         }
1939         spin_unlock(&cifs_tcp_ses_lock);
1940         return NULL;
1941 }
1942
1943 static void
1944 cifs_put_tcon(struct cifsTconInfo *tcon)
1945 {
1946         int xid;
1947         struct cifsSesInfo *ses = tcon->ses;
1948
1949         cFYI(1, "%s: tc_count=%d\n", __func__, tcon->tc_count);
1950         spin_lock(&cifs_tcp_ses_lock);
1951         if (--tcon->tc_count > 0) {
1952                 spin_unlock(&cifs_tcp_ses_lock);
1953                 return;
1954         }
1955
1956         list_del_init(&tcon->tcon_list);
1957         spin_unlock(&cifs_tcp_ses_lock);
1958
1959         xid = GetXid();
1960         CIFSSMBTDis(xid, tcon);
1961         _FreeXid(xid);
1962
1963         cifs_fscache_release_super_cookie(tcon);
1964         tconInfoFree(tcon);
1965         cifs_put_smb_ses(ses);
1966 }
1967
1968 static struct cifsTconInfo *
1969 cifs_get_tcon(struct cifsSesInfo *ses, struct smb_vol *volume_info)
1970 {
1971         int rc, xid;
1972         struct cifsTconInfo *tcon;
1973
1974         tcon = cifs_find_tcon(ses, volume_info->UNC);
1975         if (tcon) {
1976                 cFYI(1, "Found match on UNC path");
1977                 /* existing tcon already has a reference */
1978                 cifs_put_smb_ses(ses);
1979                 if (tcon->seal != volume_info->seal)
1980                         cERROR(1, "transport encryption setting "
1981                                    "conflicts with existing tid");
1982                 return tcon;
1983         }
1984
1985         tcon = tconInfoAlloc();
1986         if (tcon == NULL) {
1987                 rc = -ENOMEM;
1988                 goto out_fail;
1989         }
1990
1991         tcon->ses = ses;
1992         if (volume_info->password) {
1993                 tcon->password = kstrdup(volume_info->password, GFP_KERNEL);
1994                 if (!tcon->password) {
1995                         rc = -ENOMEM;
1996                         goto out_fail;
1997                 }
1998         }
1999
2000         if (strchr(volume_info->UNC + 3, '\\') == NULL
2001             && strchr(volume_info->UNC + 3, '/') == NULL) {
2002                 cERROR(1, "Missing share name");
2003                 rc = -ENODEV;
2004                 goto out_fail;
2005         }
2006
2007         /* BB Do we need to wrap session_mutex around
2008          * this TCon call and Unix SetFS as
2009          * we do on SessSetup and reconnect? */
2010         xid = GetXid();
2011         rc = CIFSTCon(xid, ses, volume_info->UNC, tcon, volume_info->local_nls);
2012         FreeXid(xid);
2013         cFYI(1, "CIFS Tcon rc = %d", rc);
2014         if (rc)
2015                 goto out_fail;
2016
2017         if (volume_info->nodfs) {
2018                 tcon->Flags &= ~SMB_SHARE_IS_IN_DFS;
2019                 cFYI(1, "DFS disabled (%d)", tcon->Flags);
2020         }
2021         tcon->seal = volume_info->seal;
2022         /* we can have only one retry value for a connection
2023            to a share so for resources mounted more than once
2024            to the same server share the last value passed in
2025            for the retry flag is used */
2026         tcon->retry = volume_info->retry;
2027         tcon->nocase = volume_info->nocase;
2028         tcon->local_lease = volume_info->local_lease;
2029
2030         spin_lock(&cifs_tcp_ses_lock);
2031         list_add(&tcon->tcon_list, &ses->tcon_list);
2032         spin_unlock(&cifs_tcp_ses_lock);
2033
2034         cifs_fscache_get_super_cookie(tcon);
2035
2036         return tcon;
2037
2038 out_fail:
2039         tconInfoFree(tcon);
2040         return ERR_PTR(rc);
2041 }
2042
2043 void
2044 cifs_put_tlink(struct tcon_link *tlink)
2045 {
2046         if (!tlink || IS_ERR(tlink))
2047                 return;
2048
2049         if (!atomic_dec_and_test(&tlink->tl_count) ||
2050             test_bit(TCON_LINK_IN_TREE, &tlink->tl_flags)) {
2051                 tlink->tl_time = jiffies;
2052                 return;
2053         }
2054
2055         if (!IS_ERR(tlink_tcon(tlink)))
2056                 cifs_put_tcon(tlink_tcon(tlink));
2057         kfree(tlink);
2058         return;
2059 }
2060
2061 int
2062 get_dfs_path(int xid, struct cifsSesInfo *pSesInfo, const char *old_path,
2063              const struct nls_table *nls_codepage, unsigned int *pnum_referrals,
2064              struct dfs_info3_param **preferrals, int remap)
2065 {
2066         char *temp_unc;
2067         int rc = 0;
2068
2069         *pnum_referrals = 0;
2070         *preferrals = NULL;
2071
2072         if (pSesInfo->ipc_tid == 0) {
2073                 temp_unc = kmalloc(2 /* for slashes */ +
2074                         strnlen(pSesInfo->serverName,
2075                                 SERVER_NAME_LEN_WITH_NULL * 2)
2076                                  + 1 + 4 /* slash IPC$ */  + 2,
2077                                 GFP_KERNEL);
2078                 if (temp_unc == NULL)
2079                         return -ENOMEM;
2080                 temp_unc[0] = '\\';
2081                 temp_unc[1] = '\\';
2082                 strcpy(temp_unc + 2, pSesInfo->serverName);
2083                 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
2084                 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
2085                 cFYI(1, "CIFS Tcon rc = %d ipc_tid = %d", rc, pSesInfo->ipc_tid);
2086                 kfree(temp_unc);
2087         }
2088         if (rc == 0)
2089                 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
2090                                      pnum_referrals, nls_codepage, remap);
2091         /* BB map targetUNCs to dfs_info3 structures, here or
2092                 in CIFSGetDFSRefer BB */
2093
2094         return rc;
2095 }
2096
2097 #ifdef CONFIG_DEBUG_LOCK_ALLOC
2098 static struct lock_class_key cifs_key[2];
2099 static struct lock_class_key cifs_slock_key[2];
2100
2101 static inline void
2102 cifs_reclassify_socket4(struct socket *sock)
2103 {
2104         struct sock *sk = sock->sk;
2105         BUG_ON(sock_owned_by_user(sk));
2106         sock_lock_init_class_and_name(sk, "slock-AF_INET-CIFS",
2107                 &cifs_slock_key[0], "sk_lock-AF_INET-CIFS", &cifs_key[0]);
2108 }
2109
2110 static inline void
2111 cifs_reclassify_socket6(struct socket *sock)
2112 {
2113         struct sock *sk = sock->sk;
2114         BUG_ON(sock_owned_by_user(sk));
2115         sock_lock_init_class_and_name(sk, "slock-AF_INET6-CIFS",
2116                 &cifs_slock_key[1], "sk_lock-AF_INET6-CIFS", &cifs_key[1]);
2117 }
2118 #else
2119 static inline void
2120 cifs_reclassify_socket4(struct socket *sock)
2121 {
2122 }
2123
2124 static inline void
2125 cifs_reclassify_socket6(struct socket *sock)
2126 {
2127 }
2128 #endif
2129
2130 /* See RFC1001 section 14 on representation of Netbios names */
2131 static void rfc1002mangle(char *target, char *source, unsigned int length)
2132 {
2133         unsigned int i, j;
2134
2135         for (i = 0, j = 0; i < (length); i++) {
2136                 /* mask a nibble at a time and encode */
2137                 target[j] = 'A' + (0x0F & (source[i] >> 4));
2138                 target[j+1] = 'A' + (0x0F & source[i]);
2139                 j += 2;
2140         }
2141
2142 }
2143
2144 static int
2145 bind_socket(struct TCP_Server_Info *server)
2146 {
2147         int rc = 0;
2148         if (server->srcaddr.ss_family != AF_UNSPEC) {
2149                 /* Bind to the specified local IP address */
2150                 struct socket *socket = server->ssocket;
2151                 rc = socket->ops->bind(socket,
2152                                        (struct sockaddr *) &server->srcaddr,
2153                                        sizeof(server->srcaddr));
2154                 if (rc < 0) {
2155                         struct sockaddr_in *saddr4;
2156                         struct sockaddr_in6 *saddr6;
2157                         saddr4 = (struct sockaddr_in *)&server->srcaddr;
2158                         saddr6 = (struct sockaddr_in6 *)&server->srcaddr;
2159                         if (saddr6->sin6_family == AF_INET6)
2160                                 cERROR(1, "cifs: "
2161                                        "Failed to bind to: %pI6c, error: %d\n",
2162                                        &saddr6->sin6_addr, rc);
2163                         else
2164                                 cERROR(1, "cifs: "
2165                                        "Failed to bind to: %pI4, error: %d\n",
2166                                        &saddr4->sin_addr.s_addr, rc);
2167                 }
2168         }
2169         return rc;
2170 }
2171
2172 static int
2173 ip_rfc1001_connect(struct TCP_Server_Info *server)
2174 {
2175         int rc = 0;
2176         /*
2177          * some servers require RFC1001 sessinit before sending
2178          * negprot - BB check reconnection in case where second
2179          * sessinit is sent but no second negprot
2180          */
2181         struct rfc1002_session_packet *ses_init_buf;
2182         struct smb_hdr *smb_buf;
2183         ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet),
2184                                GFP_KERNEL);
2185         if (ses_init_buf) {
2186                 ses_init_buf->trailer.session_req.called_len = 32;
2187
2188                 if (server->server_RFC1001_name &&
2189                     server->server_RFC1001_name[0] != 0)
2190                         rfc1002mangle(ses_init_buf->trailer.
2191                                       session_req.called_name,
2192                                       server->server_RFC1001_name,
2193                                       RFC1001_NAME_LEN_WITH_NULL);
2194                 else
2195                         rfc1002mangle(ses_init_buf->trailer.
2196                                       session_req.called_name,
2197                                       DEFAULT_CIFS_CALLED_NAME,
2198                                       RFC1001_NAME_LEN_WITH_NULL);
2199
2200                 ses_init_buf->trailer.session_req.calling_len = 32;
2201
2202                 /*
2203                  * calling name ends in null (byte 16) from old smb
2204                  * convention.
2205                  */
2206                 if (server->workstation_RFC1001_name &&
2207                     server->workstation_RFC1001_name[0] != 0)
2208                         rfc1002mangle(ses_init_buf->trailer.
2209                                       session_req.calling_name,
2210                                       server->workstation_RFC1001_name,
2211                                       RFC1001_NAME_LEN_WITH_NULL);
2212                 else
2213                         rfc1002mangle(ses_init_buf->trailer.
2214                                       session_req.calling_name,
2215                                       "LINUX_CIFS_CLNT",
2216                                       RFC1001_NAME_LEN_WITH_NULL);
2217
2218                 ses_init_buf->trailer.session_req.scope1 = 0;
2219                 ses_init_buf->trailer.session_req.scope2 = 0;
2220                 smb_buf = (struct smb_hdr *)ses_init_buf;
2221
2222                 /* sizeof RFC1002_SESSION_REQUEST with no scope */
2223                 smb_buf->smb_buf_length = 0x81000044;
2224                 rc = smb_send(server, smb_buf, 0x44);
2225                 kfree(ses_init_buf);
2226                 /*
2227                  * RFC1001 layer in at least one server
2228                  * requires very short break before negprot
2229                  * presumably because not expecting negprot
2230                  * to follow so fast.  This is a simple
2231                  * solution that works without
2232                  * complicating the code and causes no
2233                  * significant slowing down on mount
2234                  * for everyone else
2235                  */
2236                 usleep_range(1000, 2000);
2237         }
2238         /*
2239          * else the negprot may still work without this
2240          * even though malloc failed
2241          */
2242
2243         return rc;
2244 }
2245
2246 static int
2247 generic_ip_connect(struct TCP_Server_Info *server)
2248 {
2249         int rc = 0;
2250         unsigned short int sport;
2251         int slen, sfamily;
2252         struct socket *socket = server->ssocket;
2253         struct sockaddr *saddr;
2254
2255         saddr = (struct sockaddr *) &server->dstaddr;
2256
2257         if (server->dstaddr.ss_family == AF_INET6) {
2258                 sport = ((struct sockaddr_in6 *) saddr)->sin6_port;
2259                 slen = sizeof(struct sockaddr_in6);
2260                 sfamily = AF_INET6;
2261         } else {
2262                 sport = ((struct sockaddr_in *) saddr)->sin_port;
2263                 slen = sizeof(struct sockaddr_in);
2264                 sfamily = AF_INET;
2265         }
2266
2267         if (socket == NULL) {
2268                 rc = sock_create_kern(sfamily, SOCK_STREAM,
2269                                       IPPROTO_TCP, &socket);
2270                 if (rc < 0) {
2271                         cERROR(1, "Error %d creating socket", rc);
2272                         server->ssocket = NULL;
2273                         return rc;
2274                 }
2275
2276                 /* BB other socket options to set KEEPALIVE, NODELAY? */
2277                 cFYI(1, "Socket created");
2278                 server->ssocket = socket;
2279                 socket->sk->sk_allocation = GFP_NOFS;
2280                 if (sfamily == AF_INET6)
2281                         cifs_reclassify_socket6(socket);
2282                 else
2283                         cifs_reclassify_socket4(socket);
2284         }
2285
2286         rc = bind_socket(server);
2287         if (rc < 0)
2288                 return rc;
2289
2290         rc = socket->ops->connect(socket, saddr, slen, 0);
2291         if (rc < 0) {
2292                 cFYI(1, "Error %d connecting to server", rc);
2293                 sock_release(socket);
2294                 server->ssocket = NULL;
2295                 return rc;
2296         }
2297
2298         /*
2299          * Eventually check for other socket options to change from
2300          * the default. sock_setsockopt not used because it expects
2301          * user space buffer
2302          */
2303         socket->sk->sk_rcvtimeo = 7 * HZ;
2304         socket->sk->sk_sndtimeo = 5 * HZ;
2305
2306         /* make the bufsizes depend on wsize/rsize and max requests */
2307         if (server->noautotune) {
2308                 if (socket->sk->sk_sndbuf < (200 * 1024))
2309                         socket->sk->sk_sndbuf = 200 * 1024;
2310                 if (socket->sk->sk_rcvbuf < (140 * 1024))
2311                         socket->sk->sk_rcvbuf = 140 * 1024;
2312         }
2313
2314         if (server->tcp_nodelay) {
2315                 int val = 1;
2316                 rc = kernel_setsockopt(socket, SOL_TCP, TCP_NODELAY,
2317                                 (char *)&val, sizeof(val));
2318                 if (rc)
2319                         cFYI(1, "set TCP_NODELAY socket option error %d", rc);
2320         }
2321
2322          cFYI(1, "sndbuf %d rcvbuf %d rcvtimeo 0x%lx",
2323                  socket->sk->sk_sndbuf,
2324                  socket->sk->sk_rcvbuf, socket->sk->sk_rcvtimeo);
2325
2326         if (sport == htons(RFC1001_PORT))
2327                 rc = ip_rfc1001_connect(server);
2328
2329         return rc;
2330 }
2331
2332 static int
2333 ip_connect(struct TCP_Server_Info *server)
2334 {
2335         unsigned short int *sport;
2336         struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)&server->dstaddr;
2337         struct sockaddr_in *addr = (struct sockaddr_in *)&server->dstaddr;
2338
2339         if (server->dstaddr.ss_family == AF_INET6)
2340                 sport = &addr6->sin6_port;
2341         else
2342                 sport = &addr->sin_port;
2343
2344         if (*sport == 0) {
2345                 int rc;
2346
2347                 /* try with 445 port at first */
2348                 *sport = htons(CIFS_PORT);
2349
2350                 rc = generic_ip_connect(server);
2351                 if (rc >= 0)
2352                         return rc;
2353
2354                 /* if it failed, try with 139 port */
2355                 *sport = htons(RFC1001_PORT);
2356         }
2357
2358         return generic_ip_connect(server);
2359 }
2360
2361 void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon,
2362                           struct super_block *sb, struct smb_vol *vol_info)
2363 {
2364         /* if we are reconnecting then should we check to see if
2365          * any requested capabilities changed locally e.g. via
2366          * remount but we can not do much about it here
2367          * if they have (even if we could detect it by the following)
2368          * Perhaps we could add a backpointer to array of sb from tcon
2369          * or if we change to make all sb to same share the same
2370          * sb as NFS - then we only have one backpointer to sb.
2371          * What if we wanted to mount the server share twice once with
2372          * and once without posixacls or posix paths? */
2373         __u64 saved_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
2374
2375         if (vol_info && vol_info->no_linux_ext) {
2376                 tcon->fsUnixInfo.Capability = 0;
2377                 tcon->unix_ext = 0; /* Unix Extensions disabled */
2378                 cFYI(1, "Linux protocol extensions disabled");
2379                 return;
2380         } else if (vol_info)
2381                 tcon->unix_ext = 1; /* Unix Extensions supported */
2382
2383         if (tcon->unix_ext == 0) {
2384                 cFYI(1, "Unix extensions disabled so not set on reconnect");
2385                 return;
2386         }
2387
2388         if (!CIFSSMBQFSUnixInfo(xid, tcon)) {
2389                 __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
2390
2391                 /* check for reconnect case in which we do not
2392                    want to change the mount behavior if we can avoid it */
2393                 if (vol_info == NULL) {
2394                         /* turn off POSIX ACL and PATHNAMES if not set
2395                            originally at mount time */
2396                         if ((saved_cap & CIFS_UNIX_POSIX_ACL_CAP) == 0)
2397                                 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2398                         if ((saved_cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2399                                 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2400                                         cERROR(1, "POSIXPATH support change");
2401                                 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2402                         } else if ((cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2403                                 cERROR(1, "possible reconnect error");
2404                                 cERROR(1, "server disabled POSIX path support");
2405                         }
2406                 }
2407
2408                 cap &= CIFS_UNIX_CAP_MASK;
2409                 if (vol_info && vol_info->no_psx_acl)
2410                         cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2411                 else if (CIFS_UNIX_POSIX_ACL_CAP & cap) {
2412                         cFYI(1, "negotiated posix acl support");
2413                         if (sb)
2414                                 sb->s_flags |= MS_POSIXACL;
2415                 }
2416
2417                 if (vol_info && vol_info->posix_paths == 0)
2418                         cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2419                 else if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
2420                         cFYI(1, "negotiate posix pathnames");
2421                         if (sb)
2422                                 CIFS_SB(sb)->mnt_cifs_flags |=
2423                                         CIFS_MOUNT_POSIX_PATHS;
2424                 }
2425
2426                 /* We might be setting the path sep back to a different
2427                 form if we are reconnecting and the server switched its
2428                 posix path capability for this share */
2429                 if (sb && (CIFS_SB(sb)->prepathlen > 0))
2430                         CIFS_SB(sb)->prepath[0] = CIFS_DIR_SEP(CIFS_SB(sb));
2431
2432                 if (sb && (CIFS_SB(sb)->rsize > 127 * 1024)) {
2433                         if ((cap & CIFS_UNIX_LARGE_READ_CAP) == 0) {
2434                                 CIFS_SB(sb)->rsize = 127 * 1024;
2435                                 cFYI(DBG2, "larger reads not supported by srv");
2436                         }
2437                 }
2438
2439
2440                 cFYI(1, "Negotiate caps 0x%x", (int)cap);
2441 #ifdef CONFIG_CIFS_DEBUG2
2442                 if (cap & CIFS_UNIX_FCNTL_CAP)
2443                         cFYI(1, "FCNTL cap");
2444                 if (cap & CIFS_UNIX_EXTATTR_CAP)
2445                         cFYI(1, "EXTATTR cap");
2446                 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2447                         cFYI(1, "POSIX path cap");
2448                 if (cap & CIFS_UNIX_XATTR_CAP)
2449                         cFYI(1, "XATTR cap");
2450                 if (cap & CIFS_UNIX_POSIX_ACL_CAP)
2451                         cFYI(1, "POSIX ACL cap");
2452                 if (cap & CIFS_UNIX_LARGE_READ_CAP)
2453                         cFYI(1, "very large read cap");
2454                 if (cap & CIFS_UNIX_LARGE_WRITE_CAP)
2455                         cFYI(1, "very large write cap");
2456 #endif /* CIFS_DEBUG2 */
2457                 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
2458                         if (vol_info == NULL) {
2459                                 cFYI(1, "resetting capabilities failed");
2460                         } else
2461                                 cERROR(1, "Negotiating Unix capabilities "
2462                                            "with the server failed.  Consider "
2463                                            "mounting with the Unix Extensions\n"
2464                                            "disabled, if problems are found, "
2465                                            "by specifying the nounix mount "
2466                                            "option.");
2467
2468                 }
2469         }
2470 }
2471
2472 static void
2473 convert_delimiter(char *path, char delim)
2474 {
2475         int i;
2476         char old_delim;
2477
2478         if (path == NULL)
2479                 return;
2480
2481         if (delim == '/')
2482                 old_delim = '\\';
2483         else
2484                 old_delim = '/';
2485
2486         for (i = 0; path[i] != '\0'; i++) {
2487                 if (path[i] == old_delim)
2488                         path[i] = delim;
2489         }
2490 }
2491
2492 static void setup_cifs_sb(struct smb_vol *pvolume_info,
2493                           struct cifs_sb_info *cifs_sb)
2494 {
2495         INIT_DELAYED_WORK(&cifs_sb->prune_tlinks, cifs_prune_tlinks);
2496
2497         if (pvolume_info->rsize > CIFSMaxBufSize) {
2498                 cERROR(1, "rsize %d too large, using MaxBufSize",
2499                         pvolume_info->rsize);
2500                 cifs_sb->rsize = CIFSMaxBufSize;
2501         } else if ((pvolume_info->rsize) &&
2502                         (pvolume_info->rsize <= CIFSMaxBufSize))
2503                 cifs_sb->rsize = pvolume_info->rsize;
2504         else /* default */
2505                 cifs_sb->rsize = CIFSMaxBufSize;
2506
2507         if (pvolume_info->wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
2508                 cERROR(1, "wsize %d too large, using 4096 instead",
2509                           pvolume_info->wsize);
2510                 cifs_sb->wsize = 4096;
2511         } else if (pvolume_info->wsize)
2512                 cifs_sb->wsize = pvolume_info->wsize;
2513         else
2514                 cifs_sb->wsize = min_t(const int,
2515                                         PAGEVEC_SIZE * PAGE_CACHE_SIZE,
2516                                         127*1024);
2517                 /* old default of CIFSMaxBufSize was too small now
2518                    that SMB Write2 can send multiple pages in kvec.
2519                    RFC1001 does not describe what happens when frame
2520                    bigger than 128K is sent so use that as max in
2521                    conjunction with 52K kvec constraint on arch with 4K
2522                    page size  */
2523
2524         if (cifs_sb->rsize < 2048) {
2525                 cifs_sb->rsize = 2048;
2526                 /* Windows ME may prefer this */
2527                 cFYI(1, "readsize set to minimum: 2048");
2528         }
2529         /* calculate prepath */
2530         cifs_sb->prepath = pvolume_info->prepath;
2531         if (cifs_sb->prepath) {
2532                 cifs_sb->prepathlen = strlen(cifs_sb->prepath);
2533                 /* we can not convert the / to \ in the path
2534                 separators in the prefixpath yet because we do not
2535                 know (until reset_cifs_unix_caps is called later)
2536                 whether POSIX PATH CAP is available. We normalize
2537                 the / to \ after reset_cifs_unix_caps is called */
2538                 pvolume_info->prepath = NULL;
2539         } else
2540                 cifs_sb->prepathlen = 0;
2541         cifs_sb->mnt_uid = pvolume_info->linux_uid;
2542         cifs_sb->mnt_gid = pvolume_info->linux_gid;
2543         cifs_sb->mnt_file_mode = pvolume_info->file_mode;
2544         cifs_sb->mnt_dir_mode = pvolume_info->dir_mode;
2545         cFYI(1, "file mode: 0x%x  dir mode: 0x%x",
2546                 cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode);
2547
2548         cifs_sb->actimeo = pvolume_info->actimeo;
2549
2550         if (pvolume_info->noperm)
2551                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
2552         if (pvolume_info->setuids)
2553                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
2554         if (pvolume_info->server_ino)
2555                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
2556         if (pvolume_info->remap)
2557                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
2558         if (pvolume_info->no_xattr)
2559                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
2560         if (pvolume_info->sfu_emul)
2561                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
2562         if (pvolume_info->nobrl)
2563                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
2564         if (pvolume_info->nostrictsync)
2565                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOSSYNC;
2566         if (pvolume_info->mand_lock)
2567                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOPOSIXBRL;
2568         if (pvolume_info->cifs_acl)
2569                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
2570         if (pvolume_info->override_uid)
2571                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
2572         if (pvolume_info->override_gid)
2573                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
2574         if (pvolume_info->dynperm)
2575                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DYNPERM;
2576         if (pvolume_info->fsc)
2577                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_FSCACHE;
2578         if (pvolume_info->multiuser)
2579                 cifs_sb->mnt_cifs_flags |= (CIFS_MOUNT_MULTIUSER |
2580                                             CIFS_MOUNT_NO_PERM);
2581         if (pvolume_info->direct_io) {
2582                 cFYI(1, "mounting share using direct i/o");
2583                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
2584         }
2585         if (pvolume_info->mfsymlinks) {
2586                 if (pvolume_info->sfu_emul) {
2587                         cERROR(1,  "mount option mfsymlinks ignored if sfu "
2588                                    "mount option is used");
2589                 } else {
2590                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MF_SYMLINKS;
2591                 }
2592         }
2593
2594         if ((pvolume_info->cifs_acl) && (pvolume_info->dynperm))
2595                 cERROR(1, "mount option dynperm ignored if cifsacl "
2596                            "mount option supported");
2597 }
2598
2599 static int
2600 is_path_accessible(int xid, struct cifsTconInfo *tcon,
2601                    struct cifs_sb_info *cifs_sb, const char *full_path)
2602 {
2603         int rc;
2604         FILE_ALL_INFO *pfile_info;
2605
2606         pfile_info = kmalloc(sizeof(FILE_ALL_INFO), GFP_KERNEL);
2607         if (pfile_info == NULL)
2608                 return -ENOMEM;
2609
2610         rc = CIFSSMBQPathInfo(xid, tcon, full_path, pfile_info,
2611                               0 /* not legacy */, cifs_sb->local_nls,
2612                               cifs_sb->mnt_cifs_flags &
2613                                 CIFS_MOUNT_MAP_SPECIAL_CHR);
2614         kfree(pfile_info);
2615         return rc;
2616 }
2617
2618 static void
2619 cleanup_volume_info(struct smb_vol **pvolume_info)
2620 {
2621         struct smb_vol *volume_info;
2622
2623         if (!pvolume_info || !*pvolume_info)
2624                 return;
2625
2626         volume_info = *pvolume_info;
2627         kzfree(volume_info->password);
2628         kfree(volume_info->UNC);
2629         kfree(volume_info->prepath);
2630         kfree(volume_info);
2631         *pvolume_info = NULL;
2632         return;
2633 }
2634
2635 #ifdef CONFIG_CIFS_DFS_UPCALL
2636 /* build_path_to_root returns full path to root when
2637  * we do not have an exiting connection (tcon) */
2638 static char *
2639 build_unc_path_to_root(const struct smb_vol *volume_info,
2640                 const struct cifs_sb_info *cifs_sb)
2641 {
2642         char *full_path;
2643
2644         int unc_len = strnlen(volume_info->UNC, MAX_TREE_SIZE + 1);
2645         full_path = kmalloc(unc_len + cifs_sb->prepathlen + 1, GFP_KERNEL);
2646         if (full_path == NULL)
2647                 return ERR_PTR(-ENOMEM);
2648
2649         strncpy(full_path, volume_info->UNC, unc_len);
2650         if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) {
2651                 int i;
2652                 for (i = 0; i < unc_len; i++) {
2653                         if (full_path[i] == '\\')
2654                                 full_path[i] = '/';
2655                 }
2656         }
2657
2658         if (cifs_sb->prepathlen)
2659                 strncpy(full_path + unc_len, cifs_sb->prepath,
2660                                 cifs_sb->prepathlen);
2661
2662         full_path[unc_len + cifs_sb->prepathlen] = 0; /* add trailing null */
2663         return full_path;
2664 }
2665 #endif
2666
2667 int
2668 cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
2669                 char *mount_data_global, const char *devname)
2670 {
2671         int rc;
2672         int xid;
2673         struct smb_vol *volume_info;
2674         struct cifsSesInfo *pSesInfo;
2675         struct cifsTconInfo *tcon;
2676         struct TCP_Server_Info *srvTcp;
2677         char   *full_path;
2678         char *mount_data = mount_data_global;
2679         struct tcon_link *tlink;
2680 #ifdef CONFIG_CIFS_DFS_UPCALL
2681         struct dfs_info3_param *referrals = NULL;
2682         unsigned int num_referrals = 0;
2683         int referral_walks_count = 0;
2684 try_mount_again:
2685 #endif
2686         rc = 0;
2687         tcon = NULL;
2688         pSesInfo = NULL;
2689         srvTcp = NULL;
2690         full_path = NULL;
2691         tlink = NULL;
2692
2693         xid = GetXid();
2694
2695         volume_info = kzalloc(sizeof(struct smb_vol), GFP_KERNEL);
2696         if (!volume_info) {
2697                 rc = -ENOMEM;
2698                 goto out;
2699         }
2700
2701         if (cifs_parse_mount_options(mount_data, devname, volume_info)) {
2702                 rc = -EINVAL;
2703                 goto out;
2704         }
2705
2706         if (volume_info->nullauth) {
2707                 cFYI(1, "null user");
2708                 volume_info->username = "";
2709         } else if (volume_info->username) {
2710                 /* BB fixme parse for domain name here */
2711                 cFYI(1, "Username: %s", volume_info->username);
2712         } else {
2713                 cifserror("No username specified");
2714         /* In userspace mount helper we can get user name from alternate
2715            locations such as env variables and files on disk */
2716                 rc = -EINVAL;
2717                 goto out;
2718         }
2719
2720         /* this is needed for ASCII cp to Unicode converts */
2721         if (volume_info->iocharset == NULL) {
2722                 /* load_nls_default cannot return null */
2723                 volume_info->local_nls = load_nls_default();
2724         } else {
2725                 volume_info->local_nls = load_nls(volume_info->iocharset);
2726                 if (volume_info->local_nls == NULL) {
2727                         cERROR(1, "CIFS mount error: iocharset %s not found",
2728                                  volume_info->iocharset);
2729                         rc = -ELIBACC;
2730                         goto out;
2731                 }
2732         }
2733         cifs_sb->local_nls = volume_info->local_nls;
2734
2735         /* get a reference to a tcp session */
2736         srvTcp = cifs_get_tcp_session(volume_info);
2737         if (IS_ERR(srvTcp)) {
2738                 rc = PTR_ERR(srvTcp);
2739                 goto out;
2740         }
2741
2742         /* get a reference to a SMB session */
2743         pSesInfo = cifs_get_smb_ses(srvTcp, volume_info);
2744         if (IS_ERR(pSesInfo)) {
2745                 rc = PTR_ERR(pSesInfo);
2746                 pSesInfo = NULL;
2747                 goto mount_fail_check;
2748         }
2749
2750         setup_cifs_sb(volume_info, cifs_sb);
2751         if (pSesInfo->capabilities & CAP_LARGE_FILES)
2752                 sb->s_maxbytes = MAX_LFS_FILESIZE;
2753         else
2754                 sb->s_maxbytes = MAX_NON_LFS;
2755
2756         /* BB FIXME fix time_gran to be larger for LANMAN sessions */
2757         sb->s_time_gran = 100;
2758
2759         /* search for existing tcon to this server share */
2760         tcon = cifs_get_tcon(pSesInfo, volume_info);
2761         if (IS_ERR(tcon)) {
2762                 rc = PTR_ERR(tcon);
2763                 tcon = NULL;
2764                 goto remote_path_check;
2765         }
2766
2767         /* do not care if following two calls succeed - informational */
2768         if (!tcon->ipc) {
2769                 CIFSSMBQFSDeviceInfo(xid, tcon);
2770                 CIFSSMBQFSAttributeInfo(xid, tcon);
2771         }
2772
2773         /* tell server which Unix caps we support */
2774         if (tcon->ses->capabilities & CAP_UNIX)
2775                 /* reset of caps checks mount to see if unix extensions
2776                    disabled for just this mount */
2777                 reset_cifs_unix_caps(xid, tcon, sb, volume_info);
2778         else
2779                 tcon->unix_ext = 0; /* server does not support them */
2780
2781         /* convert forward to back slashes in prepath here if needed */
2782         if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0)
2783                 convert_delimiter(cifs_sb->prepath, CIFS_DIR_SEP(cifs_sb));
2784
2785         if ((tcon->unix_ext == 0) && (cifs_sb->rsize > (1024 * 127))) {
2786                 cifs_sb->rsize = 1024 * 127;
2787                 cFYI(DBG2, "no very large read support, rsize now 127K");
2788         }
2789         if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
2790                 cifs_sb->wsize = min(cifs_sb->wsize,
2791                                (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE));
2792         if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
2793                 cifs_sb->rsize = min(cifs_sb->rsize,
2794                                (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE));
2795
2796 remote_path_check:
2797         /* check if a whole path (including prepath) is not remote */
2798         if (!rc && cifs_sb->prepathlen && tcon) {
2799                 /* build_path_to_root works only when we have a valid tcon */
2800                 full_path = cifs_build_path_to_root(cifs_sb, tcon);
2801                 if (full_path == NULL) {
2802                         rc = -ENOMEM;
2803                         goto mount_fail_check;
2804                 }
2805                 rc = is_path_accessible(xid, tcon, cifs_sb, full_path);
2806                 if (rc != 0 && rc != -EREMOTE) {
2807                         kfree(full_path);
2808                         goto mount_fail_check;
2809                 }
2810                 kfree(full_path);
2811         }
2812
2813         /* get referral if needed */
2814         if (rc == -EREMOTE) {
2815 #ifdef CONFIG_CIFS_DFS_UPCALL
2816                 if (referral_walks_count > MAX_NESTED_LINKS) {
2817                         /*
2818                          * BB: when we implement proper loop detection,
2819                          *     we will remove this check. But now we need it
2820                          *     to prevent an indefinite loop if 'DFS tree' is
2821                          *     misconfigured (i.e. has loops).
2822                          */
2823                         rc = -ELOOP;
2824                         goto mount_fail_check;
2825                 }
2826                 /* convert forward to back slashes in prepath here if needed */
2827                 if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0)
2828                         convert_delimiter(cifs_sb->prepath,
2829                                         CIFS_DIR_SEP(cifs_sb));
2830                 full_path = build_unc_path_to_root(volume_info, cifs_sb);
2831                 if (IS_ERR(full_path)) {
2832                         rc = PTR_ERR(full_path);
2833                         goto mount_fail_check;
2834                 }
2835
2836                 cFYI(1, "Getting referral for: %s", full_path);
2837                 rc = get_dfs_path(xid, pSesInfo , full_path + 1,
2838                         cifs_sb->local_nls, &num_referrals, &referrals,
2839                         cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR);
2840                 if (!rc && num_referrals > 0) {
2841                         char *fake_devname = NULL;
2842
2843                         if (mount_data != mount_data_global)
2844                                 kfree(mount_data);
2845
2846                         mount_data = cifs_compose_mount_options(
2847                                         cifs_sb->mountdata, full_path + 1,
2848                                         referrals, &fake_devname);
2849
2850                         free_dfs_info_array(referrals, num_referrals);
2851                         kfree(fake_devname);
2852                         kfree(full_path);
2853
2854                         if (IS_ERR(mount_data)) {
2855                                 rc = PTR_ERR(mount_data);
2856                                 mount_data = NULL;
2857                                 goto mount_fail_check;
2858                         }
2859
2860                         if (tcon)
2861                                 cifs_put_tcon(tcon);
2862                         else if (pSesInfo)
2863                                 cifs_put_smb_ses(pSesInfo);
2864
2865                         cleanup_volume_info(&volume_info);
2866                         referral_walks_count++;
2867                         FreeXid(xid);
2868                         goto try_mount_again;
2869                 }
2870 #else /* No DFS support, return error on mount */
2871                 rc = -EOPNOTSUPP;
2872 #endif
2873         }
2874
2875         if (rc)
2876                 goto mount_fail_check;
2877
2878         /* now, hang the tcon off of the superblock */
2879         tlink = kzalloc(sizeof *tlink, GFP_KERNEL);
2880         if (tlink == NULL) {
2881                 rc = -ENOMEM;
2882                 goto mount_fail_check;
2883         }
2884
2885         tlink->tl_uid = pSesInfo->linux_uid;
2886         tlink->tl_tcon = tcon;
2887         tlink->tl_time = jiffies;
2888         set_bit(TCON_LINK_MASTER, &tlink->tl_flags);
2889         set_bit(TCON_LINK_IN_TREE, &tlink->tl_flags);
2890
2891         cifs_sb->master_tlink = tlink;
2892         spin_lock(&cifs_sb->tlink_tree_lock);
2893         tlink_rb_insert(&cifs_sb->tlink_tree, tlink);
2894         spin_unlock(&cifs_sb->tlink_tree_lock);
2895
2896         queue_delayed_work(system_nrt_wq, &cifs_sb->prune_tlinks,
2897                                 TLINK_IDLE_EXPIRE);
2898
2899 mount_fail_check:
2900         /* on error free sesinfo and tcon struct if needed */
2901         if (rc) {
2902                 if (mount_data != mount_data_global)
2903                         kfree(mount_data);
2904                 /* If find_unc succeeded then rc == 0 so we can not end */
2905                 /* up accidently freeing someone elses tcon struct */
2906                 if (tcon)
2907                         cifs_put_tcon(tcon);
2908                 else if (pSesInfo)
2909                         cifs_put_smb_ses(pSesInfo);
2910                 else
2911                         cifs_put_tcp_session(srvTcp);
2912                 goto out;
2913         }
2914
2915         /* volume_info->password is freed above when existing session found
2916         (in which case it is not needed anymore) but when new sesion is created
2917         the password ptr is put in the new session structure (in which case the
2918         password will be freed at unmount time) */
2919 out:
2920         /* zero out password before freeing */
2921         cleanup_volume_info(&volume_info);
2922         FreeXid(xid);
2923         return rc;
2924 }
2925
2926 int
2927 CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
2928          const char *tree, struct cifsTconInfo *tcon,
2929          const struct nls_table *nls_codepage)
2930 {
2931         struct smb_hdr *smb_buffer;
2932         struct smb_hdr *smb_buffer_response;
2933         TCONX_REQ *pSMB;
2934         TCONX_RSP *pSMBr;
2935         unsigned char *bcc_ptr;
2936         int rc = 0;
2937         int length, bytes_left;
2938         __u16 count;
2939
2940         if (ses == NULL)
2941                 return -EIO;
2942
2943         smb_buffer = cifs_buf_get();
2944         if (smb_buffer == NULL)
2945                 return -ENOMEM;
2946
2947         smb_buffer_response = smb_buffer;
2948
2949         header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
2950                         NULL /*no tid */ , 4 /*wct */ );
2951
2952         smb_buffer->Mid = GetNextMid(ses->server);
2953         smb_buffer->Uid = ses->Suid;
2954         pSMB = (TCONX_REQ *) smb_buffer;
2955         pSMBr = (TCONX_RSP *) smb_buffer_response;
2956
2957         pSMB->AndXCommand = 0xFF;
2958         pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
2959         bcc_ptr = &pSMB->Password[0];
2960         if ((ses->server->secMode) & SECMODE_USER) {
2961                 pSMB->PasswordLength = cpu_to_le16(1);  /* minimum */
2962                 *bcc_ptr = 0; /* password is null byte */
2963                 bcc_ptr++;              /* skip password */
2964                 /* already aligned so no need to do it below */
2965         } else {
2966                 pSMB->PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);
2967                 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
2968                    specified as required (when that support is added to
2969                    the vfs in the future) as only NTLM or the much
2970                    weaker LANMAN (which we do not send by default) is accepted
2971                    by Samba (not sure whether other servers allow
2972                    NTLMv2 password here) */
2973 #ifdef CONFIG_CIFS_WEAK_PW_HASH
2974                 if ((global_secflags & CIFSSEC_MAY_LANMAN) &&
2975                     (ses->server->secType == LANMAN))
2976                         calc_lanman_hash(tcon->password, ses->server->cryptkey,
2977                                          ses->server->secMode &
2978                                             SECMODE_PW_ENCRYPT ? true : false,
2979                                          bcc_ptr);
2980                 else
2981 #endif /* CIFS_WEAK_PW_HASH */
2982                 SMBNTencrypt(tcon->password, ses->server->cryptkey, bcc_ptr);
2983
2984                 bcc_ptr += CIFS_SESS_KEY_SIZE;
2985                 if (ses->capabilities & CAP_UNICODE) {
2986                         /* must align unicode strings */
2987                         *bcc_ptr = 0; /* null byte password */
2988                         bcc_ptr++;
2989                 }
2990         }
2991
2992         if (ses->server->secMode &
2993                         (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2994                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2995
2996         if (ses->capabilities & CAP_STATUS32) {
2997                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2998         }
2999         if (ses->capabilities & CAP_DFS) {
3000                 smb_buffer->Flags2 |= SMBFLG2_DFS;
3001         }
3002         if (ses->capabilities & CAP_UNICODE) {
3003                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3004                 length =
3005                     cifs_strtoUCS((__le16 *) bcc_ptr, tree,
3006                         6 /* max utf8 char length in bytes */ *
3007                         (/* server len*/ + 256 /* share len */), nls_codepage);
3008                 bcc_ptr += 2 * length;  /* convert num 16 bit words to bytes */
3009                 bcc_ptr += 2;   /* skip trailing null */
3010         } else {                /* ASCII */
3011                 strcpy(bcc_ptr, tree);
3012                 bcc_ptr += strlen(tree) + 1;
3013         }
3014         strcpy(bcc_ptr, "?????");
3015         bcc_ptr += strlen("?????");
3016         bcc_ptr += 1;
3017         count = bcc_ptr - &pSMB->Password[0];
3018         pSMB->hdr.smb_buf_length += count;
3019         pSMB->ByteCount = cpu_to_le16(count);
3020
3021         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length,
3022                          CIFS_STD_OP);
3023
3024         /* above now done in SendReceive */
3025         if ((rc == 0) && (tcon != NULL)) {
3026                 bool is_unicode;
3027
3028                 tcon->tidStatus = CifsGood;
3029                 tcon->need_reconnect = false;
3030                 tcon->tid = smb_buffer_response->Tid;
3031                 bcc_ptr = pByteArea(smb_buffer_response);
3032                 bytes_left = BCC(smb_buffer_response);
3033                 length = strnlen(bcc_ptr, bytes_left - 2);
3034                 if (smb_buffer->Flags2 & SMBFLG2_UNICODE)
3035                         is_unicode = true;
3036                 else
3037                         is_unicode = false;
3038
3039
3040                 /* skip service field (NB: this field is always ASCII) */
3041                 if (length == 3) {
3042                         if ((bcc_ptr[0] == 'I') && (bcc_ptr[1] == 'P') &&
3043                             (bcc_ptr[2] == 'C')) {
3044                                 cFYI(1, "IPC connection");
3045                                 tcon->ipc = 1;
3046                         }
3047                 } else if (length == 2) {
3048                         if ((bcc_ptr[0] == 'A') && (bcc_ptr[1] == ':')) {
3049                                 /* the most common case */
3050                                 cFYI(1, "disk share connection");
3051                         }
3052                 }
3053                 bcc_ptr += length + 1;
3054                 bytes_left -= (length + 1);
3055                 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3056
3057                 /* mostly informational -- no need to fail on error here */
3058                 kfree(tcon->nativeFileSystem);
3059                 tcon->nativeFileSystem = cifs_strndup_from_ucs(bcc_ptr,
3060                                                       bytes_left, is_unicode,
3061                                                       nls_codepage);
3062
3063                 cFYI(1, "nativeFileSystem=%s", tcon->nativeFileSystem);
3064
3065                 if ((smb_buffer_response->WordCount == 3) ||
3066                          (smb_buffer_response->WordCount == 7))
3067                         /* field is in same location */
3068                         tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3069                 else
3070                         tcon->Flags = 0;
3071                 cFYI(1, "Tcon flags: 0x%x ", tcon->Flags);
3072         } else if ((rc == 0) && tcon == NULL) {
3073                 /* all we need to save for IPC$ connection */
3074                 ses->ipc_tid = smb_buffer_response->Tid;
3075         }
3076
3077         cifs_buf_release(smb_buffer);
3078         return rc;
3079 }
3080
3081 int
3082 cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3083 {
3084         struct rb_root *root = &cifs_sb->tlink_tree;
3085         struct rb_node *node;
3086         struct tcon_link *tlink;
3087         char *tmp;
3088
3089         cancel_delayed_work_sync(&cifs_sb->prune_tlinks);
3090
3091         spin_lock(&cifs_sb->tlink_tree_lock);
3092         while ((node = rb_first(root))) {
3093                 tlink = rb_entry(node, struct tcon_link, tl_rbnode);
3094                 cifs_get_tlink(tlink);
3095                 clear_bit(TCON_LINK_IN_TREE, &tlink->tl_flags);
3096                 rb_erase(node, root);
3097
3098                 spin_unlock(&cifs_sb->tlink_tree_lock);
3099                 cifs_put_tlink(tlink);
3100                 spin_lock(&cifs_sb->tlink_tree_lock);
3101         }
3102         spin_unlock(&cifs_sb->tlink_tree_lock);
3103
3104         tmp = cifs_sb->prepath;
3105         cifs_sb->prepathlen = 0;
3106         cifs_sb->prepath = NULL;
3107         kfree(tmp);
3108
3109         return 0;
3110 }
3111
3112 int cifs_negotiate_protocol(unsigned int xid, struct cifsSesInfo *ses)
3113 {
3114         int rc = 0;
3115         struct TCP_Server_Info *server = ses->server;
3116
3117         /* only send once per connect */
3118         if (server->maxBuf != 0)
3119                 return 0;
3120
3121         rc = CIFSSMBNegotiate(xid, ses);
3122         if (rc == -EAGAIN) {
3123                 /* retry only once on 1st time connection */
3124                 rc = CIFSSMBNegotiate(xid, ses);
3125                 if (rc == -EAGAIN)
3126                         rc = -EHOSTDOWN;
3127         }
3128         if (rc == 0) {
3129                 spin_lock(&GlobalMid_Lock);
3130                 if (server->tcpStatus != CifsExiting)
3131                         server->tcpStatus = CifsGood;
3132                 else
3133                         rc = -EHOSTDOWN;
3134                 spin_unlock(&GlobalMid_Lock);
3135
3136         }
3137
3138         return rc;
3139 }
3140
3141
3142 int cifs_setup_session(unsigned int xid, struct cifsSesInfo *ses,
3143                         struct nls_table *nls_info)
3144 {
3145         int rc = 0;
3146         struct TCP_Server_Info *server = ses->server;
3147
3148         ses->flags = 0;
3149         ses->capabilities = server->capabilities;
3150         if (linuxExtEnabled == 0)
3151                 ses->capabilities &= (~CAP_UNIX);
3152
3153         cFYI(1, "Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d",
3154                  server->secMode, server->capabilities, server->timeAdj);
3155
3156         rc = CIFS_SessSetup(xid, ses, nls_info);
3157         if (rc) {
3158                 cERROR(1, "Send error in SessSetup = %d", rc);
3159         } else {
3160                 mutex_lock(&ses->server->srv_mutex);
3161                 if (!server->session_estab) {
3162                         server->session_key.response = ses->auth_key.response;
3163                         server->session_key.len = ses->auth_key.len;
3164                         server->sequence_number = 0x2;
3165                         server->session_estab = true;
3166                         ses->auth_key.response = NULL;
3167                 }
3168                 mutex_unlock(&server->srv_mutex);
3169
3170                 cFYI(1, "CIFS Session Established successfully");
3171                 spin_lock(&GlobalMid_Lock);
3172                 ses->status = CifsGood;
3173                 ses->need_reconnect = false;
3174                 spin_unlock(&GlobalMid_Lock);
3175         }
3176
3177         kfree(ses->auth_key.response);
3178         ses->auth_key.response = NULL;
3179         ses->auth_key.len = 0;
3180         kfree(ses->ntlmssp);
3181         ses->ntlmssp = NULL;
3182
3183         return rc;
3184 }
3185
3186 static struct cifsTconInfo *
3187 cifs_construct_tcon(struct cifs_sb_info *cifs_sb, uid_t fsuid)
3188 {
3189         struct cifsTconInfo *master_tcon = cifs_sb_master_tcon(cifs_sb);
3190         struct cifsSesInfo *ses;
3191         struct cifsTconInfo *tcon = NULL;
3192         struct smb_vol *vol_info;
3193         char username[MAX_USERNAME_SIZE + 1];
3194
3195         vol_info = kzalloc(sizeof(*vol_info), GFP_KERNEL);
3196         if (vol_info == NULL) {
3197                 tcon = ERR_PTR(-ENOMEM);
3198                 goto out;
3199         }
3200
3201         snprintf(username, MAX_USERNAME_SIZE, "krb50x%x", fsuid);
3202         vol_info->username = username;
3203         vol_info->local_nls = cifs_sb->local_nls;
3204         vol_info->linux_uid = fsuid;
3205         vol_info->cred_uid = fsuid;
3206         vol_info->UNC = master_tcon->treeName;
3207         vol_info->retry = master_tcon->retry;
3208         vol_info->nocase = master_tcon->nocase;
3209         vol_info->local_lease = master_tcon->local_lease;
3210         vol_info->no_linux_ext = !master_tcon->unix_ext;
3211
3212         /* FIXME: allow for other secFlg settings */
3213         vol_info->secFlg = CIFSSEC_MUST_KRB5;
3214
3215         /* get a reference for the same TCP session */
3216         spin_lock(&cifs_tcp_ses_lock);
3217         ++master_tcon->ses->server->srv_count;
3218         spin_unlock(&cifs_tcp_ses_lock);
3219
3220         ses = cifs_get_smb_ses(master_tcon->ses->server, vol_info);
3221         if (IS_ERR(ses)) {
3222                 tcon = (struct cifsTconInfo *)ses;
3223                 cifs_put_tcp_session(master_tcon->ses->server);
3224                 goto out;
3225         }
3226
3227         tcon = cifs_get_tcon(ses, vol_info);
3228         if (IS_ERR(tcon)) {
3229                 cifs_put_smb_ses(ses);
3230                 goto out;
3231         }
3232
3233         if (ses->capabilities & CAP_UNIX)
3234                 reset_cifs_unix_caps(0, tcon, NULL, vol_info);
3235 out:
3236         kfree(vol_info);
3237
3238         return tcon;
3239 }
3240
3241 static inline struct tcon_link *
3242 cifs_sb_master_tlink(struct cifs_sb_info *cifs_sb)
3243 {
3244         return cifs_sb->master_tlink;
3245 }
3246
3247 struct cifsTconInfo *
3248 cifs_sb_master_tcon(struct cifs_sb_info *cifs_sb)
3249 {
3250         return tlink_tcon(cifs_sb_master_tlink(cifs_sb));
3251 }
3252
3253 static int
3254 cifs_sb_tcon_pending_wait(void *unused)
3255 {
3256         schedule();
3257         return signal_pending(current) ? -ERESTARTSYS : 0;
3258 }
3259
3260 /* find and return a tlink with given uid */
3261 static struct tcon_link *
3262 tlink_rb_search(struct rb_root *root, uid_t uid)
3263 {
3264         struct rb_node *node = root->rb_node;
3265         struct tcon_link *tlink;
3266
3267         while (node) {
3268                 tlink = rb_entry(node, struct tcon_link, tl_rbnode);
3269
3270                 if (tlink->tl_uid > uid)
3271                         node = node->rb_left;
3272                 else if (tlink->tl_uid < uid)
3273                         node = node->rb_right;
3274                 else
3275                         return tlink;
3276         }
3277         return NULL;
3278 }
3279
3280 /* insert a tcon_link into the tree */
3281 static void
3282 tlink_rb_insert(struct rb_root *root, struct tcon_link *new_tlink)
3283 {
3284         struct rb_node **new = &(root->rb_node), *parent = NULL;
3285         struct tcon_link *tlink;
3286
3287         while (*new) {
3288                 tlink = rb_entry(*new, struct tcon_link, tl_rbnode);
3289                 parent = *new;
3290
3291                 if (tlink->tl_uid > new_tlink->tl_uid)
3292                         new = &((*new)->rb_left);
3293                 else
3294                         new = &((*new)->rb_right);
3295         }
3296
3297         rb_link_node(&new_tlink->tl_rbnode, parent, new);
3298         rb_insert_color(&new_tlink->tl_rbnode, root);
3299 }
3300
3301 /*
3302  * Find or construct an appropriate tcon given a cifs_sb and the fsuid of the
3303  * current task.
3304  *
3305  * If the superblock doesn't refer to a multiuser mount, then just return
3306  * the master tcon for the mount.
3307  *
3308  * First, search the rbtree for an existing tcon for this fsuid. If one
3309  * exists, then check to see if it's pending construction. If it is then wait
3310  * for construction to complete. Once it's no longer pending, check to see if
3311  * it failed and either return an error or retry construction, depending on
3312  * the timeout.
3313  *
3314  * If one doesn't exist then insert a new tcon_link struct into the tree and
3315  * try to construct a new one.
3316  */
3317 struct tcon_link *
3318 cifs_sb_tlink(struct cifs_sb_info *cifs_sb)
3319 {
3320         int ret;
3321         uid_t fsuid = current_fsuid();
3322         struct tcon_link *tlink, *newtlink;
3323
3324         if (!(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MULTIUSER))
3325                 return cifs_get_tlink(cifs_sb_master_tlink(cifs_sb));
3326
3327         spin_lock(&cifs_sb->tlink_tree_lock);
3328         tlink = tlink_rb_search(&cifs_sb->tlink_tree, fsuid);
3329         if (tlink)
3330                 cifs_get_tlink(tlink);
3331         spin_unlock(&cifs_sb->tlink_tree_lock);
3332
3333         if (tlink == NULL) {
3334                 newtlink = kzalloc(sizeof(*tlink), GFP_KERNEL);
3335                 if (newtlink == NULL)
3336                         return ERR_PTR(-ENOMEM);
3337                 newtlink->tl_uid = fsuid;
3338                 newtlink->tl_tcon = ERR_PTR(-EACCES);
3339                 set_bit(TCON_LINK_PENDING, &newtlink->tl_flags);
3340                 set_bit(TCON_LINK_IN_TREE, &newtlink->tl_flags);
3341                 cifs_get_tlink(newtlink);
3342
3343                 spin_lock(&cifs_sb->tlink_tree_lock);
3344                 /* was one inserted after previous search? */
3345                 tlink = tlink_rb_search(&cifs_sb->tlink_tree, fsuid);
3346                 if (tlink) {
3347                         cifs_get_tlink(tlink);
3348                         spin_unlock(&cifs_sb->tlink_tree_lock);
3349                         kfree(newtlink);
3350                         goto wait_for_construction;
3351                 }
3352                 tlink = newtlink;
3353                 tlink_rb_insert(&cifs_sb->tlink_tree, tlink);
3354                 spin_unlock(&cifs_sb->tlink_tree_lock);
3355         } else {
3356 wait_for_construction:
3357                 ret = wait_on_bit(&tlink->tl_flags, TCON_LINK_PENDING,
3358                                   cifs_sb_tcon_pending_wait,
3359                                   TASK_INTERRUPTIBLE);
3360                 if (ret) {
3361                         cifs_put_tlink(tlink);
3362                         return ERR_PTR(ret);
3363                 }
3364
3365                 /* if it's good, return it */
3366                 if (!IS_ERR(tlink->tl_tcon))
3367                         return tlink;
3368
3369                 /* return error if we tried this already recently */
3370                 if (time_before(jiffies, tlink->tl_time + TLINK_ERROR_EXPIRE)) {
3371                         cifs_put_tlink(tlink);
3372                         return ERR_PTR(-EACCES);
3373                 }
3374
3375                 if (test_and_set_bit(TCON_LINK_PENDING, &tlink->tl_flags))
3376                         goto wait_for_construction;
3377         }
3378
3379         tlink->tl_tcon = cifs_construct_tcon(cifs_sb, fsuid);
3380         clear_bit(TCON_LINK_PENDING, &tlink->tl_flags);
3381         wake_up_bit(&tlink->tl_flags, TCON_LINK_PENDING);
3382
3383         if (IS_ERR(tlink->tl_tcon)) {
3384                 cifs_put_tlink(tlink);
3385                 return ERR_PTR(-EACCES);
3386         }
3387
3388         return tlink;
3389 }
3390
3391 /*
3392  * periodic workqueue job that scans tcon_tree for a superblock and closes
3393  * out tcons.
3394  */
3395 static void
3396 cifs_prune_tlinks(struct work_struct *work)
3397 {
3398         struct cifs_sb_info *cifs_sb = container_of(work, struct cifs_sb_info,
3399                                                     prune_tlinks.work);
3400         struct rb_root *root = &cifs_sb->tlink_tree;
3401         struct rb_node *node = rb_first(root);
3402         struct rb_node *tmp;
3403         struct tcon_link *tlink;
3404
3405         /*
3406          * Because we drop the spinlock in the loop in order to put the tlink
3407          * it's not guarded against removal of links from the tree. The only
3408          * places that remove entries from the tree are this function and
3409          * umounts. Because this function is non-reentrant and is canceled
3410          * before umount can proceed, this is safe.
3411          */
3412         spin_lock(&cifs_sb->tlink_tree_lock);
3413         node = rb_first(root);
3414         while (node != NULL) {
3415                 tmp = node;
3416                 node = rb_next(tmp);
3417                 tlink = rb_entry(tmp, struct tcon_link, tl_rbnode);
3418
3419                 if (test_bit(TCON_LINK_MASTER, &tlink->tl_flags) ||
3420                     atomic_read(&tlink->tl_count) != 0 ||
3421                     time_after(tlink->tl_time + TLINK_IDLE_EXPIRE, jiffies))
3422                         continue;
3423
3424                 cifs_get_tlink(tlink);
3425                 clear_bit(TCON_LINK_IN_TREE, &tlink->tl_flags);
3426                 rb_erase(tmp, root);
3427
3428                 spin_unlock(&cifs_sb->tlink_tree_lock);
3429                 cifs_put_tlink(tlink);
3430                 spin_lock(&cifs_sb->tlink_tree_lock);
3431         }
3432         spin_unlock(&cifs_sb->tlink_tree_lock);
3433
3434         queue_delayed_work(system_nrt_wq, &cifs_sb->prune_tlinks,
3435                                 TLINK_IDLE_EXPIRE);
3436 }