[CIFS] Support for setting up SMB sessions to legacy lanman servers
[linux-2.6.git] / fs / cifs / connect.c
1 /*
2  *   fs/cifs/connect.c
3  *
4  *   Copyright (C) International Business Machines  Corp., 2002,2006
5  *   Author(s): Steve French (sfrench@us.ibm.com)
6  *
7  *   This library is free software; you can redistribute it and/or modify
8  *   it under the terms of the GNU Lesser General Public License as published
9  *   by the Free Software Foundation; either version 2.1 of the License, or
10  *   (at your option) any later version.
11  *
12  *   This library is distributed in the hope that it will be useful,
13  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
14  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
15  *   the GNU Lesser General Public License for more details.
16  *
17  *   You should have received a copy of the GNU Lesser General Public License
18  *   along with this library; if not, write to the Free Software
19  *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 
20  */
21 #include <linux/fs.h>
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/ipv6.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/pagevec.h>
34 #include <asm/uaccess.h>
35 #include <asm/processor.h>
36 #include "cifspdu.h"
37 #include "cifsglob.h"
38 #include "cifsproto.h"
39 #include "cifs_unicode.h"
40 #include "cifs_debug.h"
41 #include "cifs_fs_sb.h"
42 #include "ntlmssp.h"
43 #include "nterr.h"
44 #include "rfc1002pdu.h"
45 #include "cn_cifs.h"
46
47 #define CIFS_PORT 445
48 #define RFC1001_PORT 139
49
50 static DECLARE_COMPLETION(cifsd_complete);
51
52 extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
53                          unsigned char *p24);
54
55 extern mempool_t *cifs_req_poolp;
56
57 struct smb_vol {
58         char *username;
59         char *password;
60         char *domainname;
61         char *UNC;
62         char *UNCip;
63         char *in6_addr;  /* ipv6 address as human readable form of in6_addr */
64         char *iocharset;  /* local code page for mapping to and from Unicode */
65         char source_rfc1001_name[16]; /* netbios name of client */
66         char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
67         uid_t linux_uid;
68         gid_t linux_gid;
69         mode_t file_mode;
70         mode_t dir_mode;
71         unsigned rw:1;
72         unsigned retry:1;
73         unsigned intr:1;
74         unsigned setuids:1;
75         unsigned noperm:1;
76         unsigned no_psx_acl:1; /* set if posix acl support should be disabled */
77         unsigned cifs_acl:1;
78         unsigned no_xattr:1;   /* set if xattr (EA) support should be disabled*/
79         unsigned server_ino:1; /* use inode numbers from server ie UniqueId */
80         unsigned direct_io:1;
81         unsigned remap:1;   /* set to remap seven reserved chars in filenames */
82         unsigned posix_paths:1;   /* unset to not ask for posix pathnames. */
83         unsigned sfu_emul:1;
84         unsigned krb5:1;
85         unsigned ntlm:1;
86         unsigned ntlmv2:1;
87         unsigned nullauth:1; /* attempt to authenticate with null user */
88         unsigned sign:1;
89         unsigned seal:1;     /* encrypt */
90         unsigned nocase;     /* request case insensitive filenames */
91         unsigned nobrl;      /* disable sending byte range locks to srv */
92         unsigned int rsize;
93         unsigned int wsize;
94         unsigned int sockopt;
95         unsigned short int port;
96 };
97
98 static int ipv4_connect(struct sockaddr_in *psin_server, 
99                         struct socket **csocket,
100                         char * netb_name,
101                         char * server_netb_name);
102 static int ipv6_connect(struct sockaddr_in6 *psin_server, 
103                         struct socket **csocket);
104
105
106         /* 
107          * cifs tcp session reconnection
108          * 
109          * mark tcp session as reconnecting so temporarily locked
110          * mark all smb sessions as reconnecting for tcp session
111          * reconnect tcp session
112          * wake up waiters on reconnection? - (not needed currently)
113          */
114
115 int
116 cifs_reconnect(struct TCP_Server_Info *server)
117 {
118         int rc = 0;
119         struct list_head *tmp;
120         struct cifsSesInfo *ses;
121         struct cifsTconInfo *tcon;
122         struct mid_q_entry * mid_entry;
123         
124         spin_lock(&GlobalMid_Lock);
125         if(server->tcpStatus == CifsExiting) {
126                 /* the demux thread will exit normally 
127                 next time through the loop */
128                 spin_unlock(&GlobalMid_Lock);
129                 return rc;
130         } else
131                 server->tcpStatus = CifsNeedReconnect;
132         spin_unlock(&GlobalMid_Lock);
133         server->maxBuf = 0;
134
135         cFYI(1, ("Reconnecting tcp session"));
136
137         /* before reconnecting the tcp session, mark the smb session (uid)
138                 and the tid bad so they are not used until reconnected */
139         read_lock(&GlobalSMBSeslock);
140         list_for_each(tmp, &GlobalSMBSessionList) {
141                 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
142                 if (ses->server) {
143                         if (ses->server == server) {
144                                 ses->status = CifsNeedReconnect;
145                                 ses->ipc_tid = 0;
146                         }
147                 }
148                 /* else tcp and smb sessions need reconnection */
149         }
150         list_for_each(tmp, &GlobalTreeConnectionList) {
151                 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
152                 if((tcon) && (tcon->ses) && (tcon->ses->server == server)) {
153                         tcon->tidStatus = CifsNeedReconnect;
154                 }
155         }
156         read_unlock(&GlobalSMBSeslock);
157         /* do not want to be sending data on a socket we are freeing */
158         down(&server->tcpSem); 
159         if(server->ssocket) {
160                 cFYI(1,("State: 0x%x Flags: 0x%lx", server->ssocket->state,
161                         server->ssocket->flags));
162                 server->ssocket->ops->shutdown(server->ssocket,SEND_SHUTDOWN);
163                 cFYI(1,("Post shutdown state: 0x%x Flags: 0x%lx", server->ssocket->state,
164                         server->ssocket->flags));
165                 sock_release(server->ssocket);
166                 server->ssocket = NULL;
167         }
168
169         spin_lock(&GlobalMid_Lock);
170         list_for_each(tmp, &server->pending_mid_q) {
171                 mid_entry = list_entry(tmp, struct
172                                         mid_q_entry,
173                                         qhead);
174                 if(mid_entry) {
175                         if(mid_entry->midState == MID_REQUEST_SUBMITTED) {
176                                 /* Mark other intransit requests as needing
177                                    retry so we do not immediately mark the
178                                    session bad again (ie after we reconnect
179                                    below) as they timeout too */
180                                 mid_entry->midState = MID_RETRY_NEEDED;
181                         }
182                 }
183         }
184         spin_unlock(&GlobalMid_Lock);
185         up(&server->tcpSem); 
186
187         while ((server->tcpStatus != CifsExiting) && (server->tcpStatus != CifsGood))
188         {
189                 if(server->protocolType == IPV6) {
190                         rc = ipv6_connect(&server->addr.sockAddr6,&server->ssocket);
191                 } else {
192                         rc = ipv4_connect(&server->addr.sockAddr, 
193                                         &server->ssocket,
194                                         server->workstation_RFC1001_name,
195                                         server->server_RFC1001_name);
196                 }
197                 if(rc) {
198                         cFYI(1,("reconnect error %d",rc));
199                         msleep(3000);
200                 } else {
201                         atomic_inc(&tcpSesReconnectCount);
202                         spin_lock(&GlobalMid_Lock);
203                         if(server->tcpStatus != CifsExiting)
204                                 server->tcpStatus = CifsGood;
205                         server->sequence_number = 0;
206                         spin_unlock(&GlobalMid_Lock);                   
207         /*              atomic_set(&server->inFlight,0);*/
208                         wake_up(&server->response_q);
209                 }
210         }
211         return rc;
212 }
213
214 /* 
215         return codes:
216                 0       not a transact2, or all data present
217                 >0      transact2 with that much data missing
218                 -EINVAL = invalid transact2
219
220  */
221 static int check2ndT2(struct smb_hdr * pSMB, unsigned int maxBufSize)
222 {
223         struct smb_t2_rsp * pSMBt;
224         int total_data_size;
225         int data_in_this_rsp;
226         int remaining;
227
228         if(pSMB->Command != SMB_COM_TRANSACTION2)
229                 return 0;
230
231         /* check for plausible wct, bcc and t2 data and parm sizes */
232         /* check for parm and data offset going beyond end of smb */
233         if(pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
234                 cFYI(1,("invalid transact2 word count"));
235                 return -EINVAL;
236         }
237
238         pSMBt = (struct smb_t2_rsp *)pSMB;
239
240         total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
241         data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
242
243         remaining = total_data_size - data_in_this_rsp;
244
245         if(remaining == 0)
246                 return 0;
247         else if(remaining < 0) {
248                 cFYI(1,("total data %d smaller than data in frame %d",
249                         total_data_size, data_in_this_rsp));
250                 return -EINVAL;
251         } else {
252                 cFYI(1,("missing %d bytes from transact2, check next response",
253                         remaining));
254                 if(total_data_size > maxBufSize) {
255                         cERROR(1,("TotalDataSize %d is over maximum buffer %d",
256                                 total_data_size,maxBufSize));
257                         return -EINVAL; 
258                 }
259                 return remaining;
260         }
261 }
262
263 static int coalesce_t2(struct smb_hdr * psecond, struct smb_hdr *pTargetSMB)
264 {
265         struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
266         struct smb_t2_rsp *pSMBt  = (struct smb_t2_rsp *)pTargetSMB;
267         int total_data_size;
268         int total_in_buf;
269         int remaining;
270         int total_in_buf2;
271         char * data_area_of_target;
272         char * data_area_of_buf2;
273         __u16 byte_count;
274
275         total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
276
277         if(total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
278                 cFYI(1,("total data sizes of primary and secondary t2 differ"));
279         }
280
281         total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
282
283         remaining = total_data_size - total_in_buf;
284         
285         if(remaining < 0)
286                 return -EINVAL;
287
288         if(remaining == 0) /* nothing to do, ignore */
289                 return 0;
290         
291         total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
292         if(remaining < total_in_buf2) {
293                 cFYI(1,("transact2 2nd response contains too much data"));
294         }
295
296         /* find end of first SMB data area */
297         data_area_of_target = (char *)&pSMBt->hdr.Protocol + 
298                                 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
299         /* validate target area */
300
301         data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
302                                         le16_to_cpu(pSMB2->t2_rsp.DataOffset);
303
304         data_area_of_target += total_in_buf;
305
306         /* copy second buffer into end of first buffer */
307         memcpy(data_area_of_target,data_area_of_buf2,total_in_buf2);
308         total_in_buf += total_in_buf2;
309         pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
310         byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
311         byte_count += total_in_buf2;
312         BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
313
314         byte_count = pTargetSMB->smb_buf_length;
315         byte_count += total_in_buf2;
316
317         /* BB also add check that we are not beyond maximum buffer size */
318                 
319         pTargetSMB->smb_buf_length = byte_count;
320
321         if(remaining == total_in_buf2) {
322                 cFYI(1,("found the last secondary response"));
323                 return 0; /* we are done */
324         } else /* more responses to go */
325                 return 1;
326
327 }
328
329 static int
330 cifs_demultiplex_thread(struct TCP_Server_Info *server)
331 {
332         int length;
333         unsigned int pdu_length, total_read;
334         struct smb_hdr *smb_buffer = NULL;
335         struct smb_hdr *bigbuf = NULL;
336         struct smb_hdr *smallbuf = NULL;
337         struct msghdr smb_msg;
338         struct kvec iov;
339         struct socket *csocket = server->ssocket;
340         struct list_head *tmp;
341         struct cifsSesInfo *ses;
342         struct task_struct *task_to_wake = NULL;
343         struct mid_q_entry *mid_entry;
344         char temp;
345         int isLargeBuf = FALSE;
346         int isMultiRsp;
347         int reconnect;
348
349         daemonize("cifsd");
350         allow_signal(SIGKILL);
351         current->flags |= PF_MEMALLOC;
352         server->tsk = current;  /* save process info to wake at shutdown */
353         cFYI(1, ("Demultiplex PID: %d", current->pid));
354         write_lock(&GlobalSMBSeslock); 
355         atomic_inc(&tcpSesAllocCount);
356         length = tcpSesAllocCount.counter;
357         write_unlock(&GlobalSMBSeslock);
358         complete(&cifsd_complete);
359         if(length  > 1) {
360                 mempool_resize(cifs_req_poolp,
361                         length + cifs_min_rcv,
362                         GFP_KERNEL);
363         }
364
365         while (server->tcpStatus != CifsExiting) {
366                 if (try_to_freeze())
367                         continue;
368                 if (bigbuf == NULL) {
369                         bigbuf = cifs_buf_get();
370                         if(bigbuf == NULL) {
371                                 cERROR(1,("No memory for large SMB response"));
372                                 msleep(3000);
373                                 /* retry will check if exiting */
374                                 continue;
375                         }
376                 } else if(isLargeBuf) {
377                         /* we are reusing a dirtry large buf, clear its start */
378                         memset(bigbuf, 0, sizeof (struct smb_hdr));
379                 }
380
381                 if (smallbuf == NULL) {
382                         smallbuf = cifs_small_buf_get();
383                         if(smallbuf == NULL) {
384                                 cERROR(1,("No memory for SMB response"));
385                                 msleep(1000);
386                                 /* retry will check if exiting */
387                                 continue;
388                         }
389                         /* beginning of smb buffer is cleared in our buf_get */
390                 } else /* if existing small buf clear beginning */
391                         memset(smallbuf, 0, sizeof (struct smb_hdr));
392
393                 isLargeBuf = FALSE;
394                 isMultiRsp = FALSE;
395                 smb_buffer = smallbuf;
396                 iov.iov_base = smb_buffer;
397                 iov.iov_len = 4;
398                 smb_msg.msg_control = NULL;
399                 smb_msg.msg_controllen = 0;
400                 length =
401                     kernel_recvmsg(csocket, &smb_msg,
402                                  &iov, 1, 4, 0 /* BB see socket.h flags */);
403
404                 if(server->tcpStatus == CifsExiting) {
405                         break;
406                 } else if (server->tcpStatus == CifsNeedReconnect) {
407                         cFYI(1,("Reconnect after server stopped responding"));
408                         cifs_reconnect(server);
409                         cFYI(1,("call to reconnect done"));
410                         csocket = server->ssocket;
411                         continue;
412                 } else if ((length == -ERESTARTSYS) || (length == -EAGAIN)) {
413                         msleep(1); /* minimum sleep to prevent looping
414                                 allowing socket to clear and app threads to set
415                                 tcpStatus CifsNeedReconnect if server hung */
416                         continue;
417                 } else if (length <= 0) {
418                         if(server->tcpStatus == CifsNew) {
419                                 cFYI(1,("tcp session abend after SMBnegprot"));
420                                 /* some servers kill the TCP session rather than
421                                    returning an SMB negprot error, in which
422                                    case reconnecting here is not going to help,
423                                    and so simply return error to mount */
424                                 break;
425                         }
426                         if(length == -EINTR) { 
427                                 cFYI(1,("cifsd thread killed"));
428                                 break;
429                         }
430                         cFYI(1,("Reconnect after unexpected peek error %d",
431                                 length));
432                         cifs_reconnect(server);
433                         csocket = server->ssocket;
434                         wake_up(&server->response_q);
435                         continue;
436                 } else if (length < 4) {
437                         cFYI(1,
438                             ("Frame under four bytes received (%d bytes long)",
439                               length));
440                         cifs_reconnect(server);
441                         csocket = server->ssocket;
442                         wake_up(&server->response_q);
443                         continue;
444                 }
445
446                 /* The right amount was read from socket - 4 bytes */
447                 /* so we can now interpret the length field */
448
449                 /* the first byte big endian of the length field,
450                 is actually not part of the length but the type
451                 with the most common, zero, as regular data */
452                 temp = *((char *) smb_buffer);
453
454                 /* Note that FC 1001 length is big endian on the wire, 
455                 but we convert it here so it is always manipulated
456                 as host byte order */
457                 pdu_length = ntohl(smb_buffer->smb_buf_length);
458                 smb_buffer->smb_buf_length = pdu_length;
459
460                 cFYI(1,("rfc1002 length 0x%x)", pdu_length+4));
461
462                 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
463                         continue; 
464                 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
465                         cFYI(1,("Good RFC 1002 session rsp"));
466                         continue;
467                 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
468                         /* we get this from Windows 98 instead of 
469                            an error on SMB negprot response */
470                         cFYI(1,("Negative RFC1002 Session Response Error 0x%x)",
471                                 pdu_length));
472                         if(server->tcpStatus == CifsNew) {
473                                 /* if nack on negprot (rather than 
474                                 ret of smb negprot error) reconnecting
475                                 not going to help, ret error to mount */
476                                 break;
477                         } else {
478                                 /* give server a second to
479                                 clean up before reconnect attempt */
480                                 msleep(1000);
481                                 /* always try 445 first on reconnect
482                                 since we get NACK on some if we ever
483                                 connected to port 139 (the NACK is 
484                                 since we do not begin with RFC1001
485                                 session initialize frame) */
486                                 server->addr.sockAddr.sin_port = 
487                                         htons(CIFS_PORT);
488                                 cifs_reconnect(server);
489                                 csocket = server->ssocket;
490                                 wake_up(&server->response_q);
491                                 continue;
492                         }
493                 } else if (temp != (char) 0) {
494                         cERROR(1,("Unknown RFC 1002 frame"));
495                         cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
496                                       length);
497                         cifs_reconnect(server);
498                         csocket = server->ssocket;
499                         continue;
500                 }
501
502                 /* else we have an SMB response */
503                 if((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
504                             (pdu_length < sizeof (struct smb_hdr) - 1 - 4)) {
505                         cERROR(1, ("Invalid size SMB length %d pdu_length %d",
506                                         length, pdu_length+4));
507                         cifs_reconnect(server);
508                         csocket = server->ssocket;
509                         wake_up(&server->response_q);
510                         continue;
511                 } 
512
513                 /* else length ok */
514                 reconnect = 0;
515
516                 if(pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
517                         isLargeBuf = TRUE;
518                         memcpy(bigbuf, smallbuf, 4);
519                         smb_buffer = bigbuf;
520                 }
521                 length = 0;
522                 iov.iov_base = 4 + (char *)smb_buffer;
523                 iov.iov_len = pdu_length;
524                 for (total_read = 0; total_read < pdu_length; 
525                      total_read += length) {
526                         length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
527                                                 pdu_length - total_read, 0);
528                         if((server->tcpStatus == CifsExiting) ||
529                             (length == -EINTR)) {
530                                 /* then will exit */
531                                 reconnect = 2;
532                                 break;
533                         } else if (server->tcpStatus == CifsNeedReconnect) {
534                                 cifs_reconnect(server);
535                                 csocket = server->ssocket;
536                                 /* Reconnect wakes up rspns q */
537                                 /* Now we will reread sock */
538                                 reconnect = 1;
539                                 break;
540                         } else if ((length == -ERESTARTSYS) || 
541                                    (length == -EAGAIN)) {
542                                 msleep(1); /* minimum sleep to prevent looping,
543                                               allowing socket to clear and app 
544                                               threads to set tcpStatus
545                                               CifsNeedReconnect if server hung*/
546                                 continue;
547                         } else if (length <= 0) {
548                                 cERROR(1,("Received no data, expecting %d",
549                                               pdu_length - total_read));
550                                 cifs_reconnect(server);
551                                 csocket = server->ssocket;
552                                 reconnect = 1;
553                                 break;
554                         }
555                 }
556                 if(reconnect == 2)
557                         break;
558                 else if(reconnect == 1)
559                         continue;
560
561                 length += 4; /* account for rfc1002 hdr */
562         
563
564                 dump_smb(smb_buffer, length);
565                 if (checkSMB(smb_buffer, smb_buffer->Mid, total_read+4)) {
566                         cifs_dump_mem("Bad SMB: ", smb_buffer, 48);
567                         continue;
568                 }
569
570
571                 task_to_wake = NULL;
572                 spin_lock(&GlobalMid_Lock);
573                 list_for_each(tmp, &server->pending_mid_q) {
574                         mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
575
576                         if ((mid_entry->mid == smb_buffer->Mid) && 
577                             (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
578                             (mid_entry->command == smb_buffer->Command)) {
579                                 if(check2ndT2(smb_buffer,server->maxBuf) > 0) {
580                                         /* We have a multipart transact2 resp */
581                                         isMultiRsp = TRUE;
582                                         if(mid_entry->resp_buf) {
583                                                 /* merge response - fix up 1st*/
584                                                 if(coalesce_t2(smb_buffer, 
585                                                         mid_entry->resp_buf)) {
586                                                         mid_entry->multiRsp = 1;
587                                                         break;
588                                                 } else {
589                                                         /* all parts received */
590                                                         mid_entry->multiEnd = 1;
591                                                         goto multi_t2_fnd; 
592                                                 }
593                                         } else {
594                                                 if(!isLargeBuf) {
595                                                         cERROR(1,("1st trans2 resp needs bigbuf"));
596                                         /* BB maybe we can fix this up,  switch
597                                            to already allocated large buffer? */
598                                                 } else {
599                                                         /* Have first buffer */
600                                                         mid_entry->resp_buf =
601                                                                  smb_buffer;
602                                                         mid_entry->largeBuf = 1;
603                                                         bigbuf = NULL;
604                                                 }
605                                         }
606                                         break;
607                                 } 
608                                 mid_entry->resp_buf = smb_buffer;
609                                 if(isLargeBuf)
610                                         mid_entry->largeBuf = 1;
611                                 else
612                                         mid_entry->largeBuf = 0;
613 multi_t2_fnd:
614                                 task_to_wake = mid_entry->tsk;
615                                 mid_entry->midState = MID_RESPONSE_RECEIVED;
616 #ifdef CONFIG_CIFS_STATS2
617                                 mid_entry->when_received = jiffies;
618 #endif
619                                 break;
620                         }
621                 }
622                 spin_unlock(&GlobalMid_Lock);
623                 if (task_to_wake) {
624                         /* Was previous buf put in mpx struct for multi-rsp? */
625                         if(!isMultiRsp) {
626                                 /* smb buffer will be freed by user thread */
627                                 if(isLargeBuf) {
628                                         bigbuf = NULL;
629                                 } else
630                                         smallbuf = NULL;
631                         }
632                         wake_up_process(task_to_wake);
633                 } else if ((is_valid_oplock_break(smb_buffer, server) == FALSE)
634                     && (isMultiRsp == FALSE)) {                          
635                         cERROR(1, ("No task to wake, unknown frame rcvd! NumMids %d", midCount.counter));
636                         cifs_dump_mem("Received Data is: ",(char *)smb_buffer,
637                                       sizeof(struct smb_hdr));
638 #ifdef CONFIG_CIFS_DEBUG2
639                         cifs_dump_detail(smb_buffer);
640                         cifs_dump_mids(server);
641 #endif /* CIFS_DEBUG2 */
642                         
643                 }
644         } /* end while !EXITING */
645
646         spin_lock(&GlobalMid_Lock);
647         server->tcpStatus = CifsExiting;
648         server->tsk = NULL;
649         /* check if we have blocked requests that need to free */
650         /* Note that cifs_max_pending is normally 50, but
651         can be set at module install time to as little as two */
652         if(atomic_read(&server->inFlight) >= cifs_max_pending)
653                 atomic_set(&server->inFlight, cifs_max_pending - 1);
654         /* We do not want to set the max_pending too low or we
655         could end up with the counter going negative */
656         spin_unlock(&GlobalMid_Lock);
657         /* Although there should not be any requests blocked on 
658         this queue it can not hurt to be paranoid and try to wake up requests
659         that may haven been blocked when more than 50 at time were on the wire
660         to the same server - they now will see the session is in exit state
661         and get out of SendReceive.  */
662         wake_up_all(&server->request_q);
663         /* give those requests time to exit */
664         msleep(125);
665         
666         if(server->ssocket) {
667                 sock_release(csocket);
668                 server->ssocket = NULL;
669         }
670         /* buffer usuallly freed in free_mid - need to free it here on exit */
671         if (bigbuf != NULL)
672                 cifs_buf_release(bigbuf);
673         if (smallbuf != NULL)
674                 cifs_small_buf_release(smallbuf);
675
676         read_lock(&GlobalSMBSeslock);
677         if (list_empty(&server->pending_mid_q)) {
678                 /* loop through server session structures attached to this and
679                     mark them dead */
680                 list_for_each(tmp, &GlobalSMBSessionList) {
681                         ses =
682                             list_entry(tmp, struct cifsSesInfo,
683                                        cifsSessionList);
684                         if (ses->server == server) {
685                                 ses->status = CifsExiting;
686                                 ses->server = NULL;
687                         }
688                 }
689                 read_unlock(&GlobalSMBSeslock);
690         } else {
691                 /* although we can not zero the server struct pointer yet,
692                 since there are active requests which may depnd on them,
693                 mark the corresponding SMB sessions as exiting too */
694                 list_for_each(tmp, &GlobalSMBSessionList) {
695                         ses = list_entry(tmp, struct cifsSesInfo,
696                                          cifsSessionList);
697                         if (ses->server == server) {
698                                 ses->status = CifsExiting;
699                         }
700                 }
701
702                 spin_lock(&GlobalMid_Lock);
703                 list_for_each(tmp, &server->pending_mid_q) {
704                 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
705                         if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
706                                 cFYI(1,
707                                   ("Clearing Mid 0x%x - waking up ",mid_entry->mid));
708                                 task_to_wake = mid_entry->tsk;
709                                 if(task_to_wake) {
710                                         wake_up_process(task_to_wake);
711                                 }
712                         }
713                 }
714                 spin_unlock(&GlobalMid_Lock);
715                 read_unlock(&GlobalSMBSeslock);
716                 /* 1/8th of sec is more than enough time for them to exit */
717                 msleep(125);
718         }
719
720         if (!list_empty(&server->pending_mid_q)) {
721                 /* mpx threads have not exited yet give them 
722                 at least the smb send timeout time for long ops */
723                 /* due to delays on oplock break requests, we need
724                 to wait at least 45 seconds before giving up
725                 on a request getting a response and going ahead
726                 and killing cifsd */
727                 cFYI(1, ("Wait for exit from demultiplex thread"));
728                 msleep(46000);
729                 /* if threads still have not exited they are probably never
730                 coming home not much else we can do but free the memory */
731         }
732
733         write_lock(&GlobalSMBSeslock);
734         atomic_dec(&tcpSesAllocCount);
735         length = tcpSesAllocCount.counter;
736
737         /* last chance to mark ses pointers invalid
738         if there are any pointing to this (e.g
739         if a crazy root user tried to kill cifsd 
740         kernel thread explicitly this might happen) */
741         list_for_each(tmp, &GlobalSMBSessionList) {
742                 ses = list_entry(tmp, struct cifsSesInfo,
743                                 cifsSessionList);
744                 if (ses->server == server) {
745                         ses->server = NULL;
746                 }
747         }
748         write_unlock(&GlobalSMBSeslock);
749
750         kfree(server);
751         if(length  > 0) {
752                 mempool_resize(cifs_req_poolp,
753                         length + cifs_min_rcv,
754                         GFP_KERNEL);
755         }
756         
757         complete_and_exit(&cifsd_complete, 0);
758         return 0;
759 }
760
761 static int
762 cifs_parse_mount_options(char *options, const char *devname,struct smb_vol *vol)
763 {
764         char *value;
765         char *data;
766         unsigned int  temp_len, i, j;
767         char separator[2];
768
769         separator[0] = ',';
770         separator[1] = 0; 
771
772         memset(vol->source_rfc1001_name,0x20,15);
773         for(i=0;i < strnlen(system_utsname.nodename,15);i++) {
774                 /* does not have to be a perfect mapping since the field is
775                 informational, only used for servers that do not support
776                 port 445 and it can be overridden at mount time */
777                 vol->source_rfc1001_name[i] = 
778                         toupper(system_utsname.nodename[i]);
779         }
780         vol->source_rfc1001_name[15] = 0;
781         /* null target name indicates to use *SMBSERVR default called name
782            if we end up sending RFC1001 session initialize */
783         vol->target_rfc1001_name[0] = 0;
784         vol->linux_uid = current->uid;  /* current->euid instead? */
785         vol->linux_gid = current->gid;
786         vol->dir_mode = S_IRWXUGO;
787         /* 2767 perms indicate mandatory locking support */
788         vol->file_mode = S_IALLUGO & ~(S_ISUID | S_IXGRP);
789
790         /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
791         vol->rw = TRUE;
792         vol->ntlm = TRUE;
793         /* default is always to request posix paths. */
794         vol->posix_paths = 1;
795
796         if (!options)
797                 return 1;
798
799         if(strncmp(options,"sep=",4) == 0) {
800                 if(options[4] != 0) {
801                         separator[0] = options[4];
802                         options += 5;
803                 } else {
804                         cFYI(1,("Null separator not allowed"));
805                 }
806         }
807                 
808         while ((data = strsep(&options, separator)) != NULL) {
809                 if (!*data)
810                         continue;
811                 if ((value = strchr(data, '=')) != NULL)
812                         *value++ = '\0';
813
814                 if (strnicmp(data, "user_xattr",10) == 0) {/*parse before user*/
815                         vol->no_xattr = 0;
816                 } else if (strnicmp(data, "nouser_xattr",12) == 0) {
817                         vol->no_xattr = 1;
818                 } else if (strnicmp(data, "user", 4) == 0) {
819                         if (!value || !*value) {
820                                 printk(KERN_WARNING
821                                        "CIFS: invalid or missing username\n");
822                                 return 1;       /* needs_arg; */
823                         }
824                         if (strnlen(value, 200) < 200) {
825                                 vol->username = value;
826                         } else {
827                                 printk(KERN_WARNING "CIFS: username too long\n");
828                                 return 1;
829                         }
830                 } else if (strnicmp(data, "pass", 4) == 0) {
831                         if (!value) {
832                                 vol->password = NULL;
833                                 continue;
834                         } else if(value[0] == 0) {
835                                 /* check if string begins with double comma
836                                    since that would mean the password really
837                                    does start with a comma, and would not
838                                    indicate an empty string */
839                                 if(value[1] != separator[0]) {
840                                         vol->password = NULL;
841                                         continue;
842                                 }
843                         }
844                         temp_len = strlen(value);
845                         /* removed password length check, NTLM passwords
846                                 can be arbitrarily long */
847
848                         /* if comma in password, the string will be 
849                         prematurely null terminated.  Commas in password are
850                         specified across the cifs mount interface by a double
851                         comma ie ,, and a comma used as in other cases ie ','
852                         as a parameter delimiter/separator is single and due
853                         to the strsep above is temporarily zeroed. */
854
855                         /* NB: password legally can have multiple commas and
856                         the only illegal character in a password is null */
857
858                         if ((value[temp_len] == 0) && 
859                             (value[temp_len+1] == separator[0])) {
860                                 /* reinsert comma */
861                                 value[temp_len] = separator[0];
862                                 temp_len+=2;  /* move after the second comma */
863                                 while(value[temp_len] != 0)  {
864                                         if (value[temp_len] == separator[0]) {
865                                                 if (value[temp_len+1] == 
866                                                      separator[0]) {
867                                                 /* skip second comma */
868                                                         temp_len++;
869                                                 } else { 
870                                                 /* single comma indicating start
871                                                          of next parm */
872                                                         break;
873                                                 }
874                                         }
875                                         temp_len++;
876                                 }
877                                 if(value[temp_len] == 0) {
878                                         options = NULL;
879                                 } else {
880                                         value[temp_len] = 0;
881                                         /* point option to start of next parm */
882                                         options = value + temp_len + 1;
883                                 }
884                                 /* go from value to value + temp_len condensing 
885                                 double commas to singles. Note that this ends up
886                                 allocating a few bytes too many, which is ok */
887                                 vol->password = kzalloc(temp_len, GFP_KERNEL);
888                                 if(vol->password == NULL) {
889                                         printk("CIFS: no memory for pass\n");
890                                         return 1;
891                                 }
892                                 for(i=0,j=0;i<temp_len;i++,j++) {
893                                         vol->password[j] = value[i];
894                                         if(value[i] == separator[0]
895                                                 && value[i+1] == separator[0]) {
896                                                 /* skip second comma */
897                                                 i++;
898                                         }
899                                 }
900                                 vol->password[j] = 0;
901                         } else {
902                                 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
903                                 if(vol->password == NULL) {
904                                         printk("CIFS: no memory for pass\n");
905                                         return 1;
906                                 }
907                                 strcpy(vol->password, value);
908                         }
909                 } else if (strnicmp(data, "ip", 2) == 0) {
910                         if (!value || !*value) {
911                                 vol->UNCip = NULL;
912                         } else if (strnlen(value, 35) < 35) {
913                                 vol->UNCip = value;
914                         } else {
915                                 printk(KERN_WARNING "CIFS: ip address too long\n");
916                                 return 1;
917                         }
918                 } else if (strnicmp(data, "sec", 3) == 0) { 
919                         if (!value || !*value) {
920                                 cERROR(1,("no security value specified"));
921                                 continue;
922                         } else if (strnicmp(value, "krb5i", 5) == 0) {
923                                 vol->sign = 1;
924                                 vol->krb5 = 1;
925                         } else if (strnicmp(value, "krb5p", 5) == 0) {
926                                 /* vol->seal = 1; 
927                                    vol->krb5 = 1; */
928                                 cERROR(1,("Krb5 cifs privacy not supported"));
929                                 return 1;
930                         } else if (strnicmp(value, "krb5", 4) == 0) {
931                                 vol->krb5 = 1;
932                         } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
933                                 vol->ntlmv2 = 1;
934                                 vol->sign = 1;
935                         } else if (strnicmp(value, "ntlmv2", 6) == 0) {
936                                 vol->ntlmv2 = 1;
937                         } else if (strnicmp(value, "ntlmi", 5) == 0) {
938                                 vol->ntlm = 1;
939                                 vol->sign = 1;
940                         } else if (strnicmp(value, "ntlm", 4) == 0) {
941                                 /* ntlm is default so can be turned off too */
942                                 vol->ntlm = 1;
943                         } else if (strnicmp(value, "nontlm", 6) == 0) {
944                                 vol->ntlm = 0;
945                         } else if (strnicmp(value, "none", 4) == 0) {
946                                 vol->nullauth = 1; 
947                         } else {
948                                 cERROR(1,("bad security option: %s", value));
949                                 return 1;
950                         }
951                 } else if ((strnicmp(data, "unc", 3) == 0)
952                            || (strnicmp(data, "target", 6) == 0)
953                            || (strnicmp(data, "path", 4) == 0)) {
954                         if (!value || !*value) {
955                                 printk(KERN_WARNING
956                                        "CIFS: invalid path to network resource\n");
957                                 return 1;       /* needs_arg; */
958                         }
959                         if ((temp_len = strnlen(value, 300)) < 300) {
960                                 vol->UNC = kmalloc(temp_len+1,GFP_KERNEL);
961                                 if(vol->UNC == NULL)
962                                         return 1;
963                                 strcpy(vol->UNC,value);
964                                 if (strncmp(vol->UNC, "//", 2) == 0) {
965                                         vol->UNC[0] = '\\';
966                                         vol->UNC[1] = '\\';
967                                 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {                    
968                                         printk(KERN_WARNING
969                                                "CIFS: UNC Path does not begin with // or \\\\ \n");
970                                         return 1;
971                                 }
972                         } else {
973                                 printk(KERN_WARNING "CIFS: UNC name too long\n");
974                                 return 1;
975                         }
976                 } else if ((strnicmp(data, "domain", 3) == 0)
977                            || (strnicmp(data, "workgroup", 5) == 0)) {
978                         if (!value || !*value) {
979                                 printk(KERN_WARNING "CIFS: invalid domain name\n");
980                                 return 1;       /* needs_arg; */
981                         }
982                         /* BB are there cases in which a comma can be valid in
983                         a domain name and need special handling? */
984                         if (strnlen(value, 256) < 256) {
985                                 vol->domainname = value;
986                                 cFYI(1, ("Domain name set"));
987                         } else {
988                                 printk(KERN_WARNING "CIFS: domain name too long\n");
989                                 return 1;
990                         }
991                 } else if (strnicmp(data, "iocharset", 9) == 0) {
992                         if (!value || !*value) {
993                                 printk(KERN_WARNING "CIFS: invalid iocharset specified\n");
994                                 return 1;       /* needs_arg; */
995                         }
996                         if (strnlen(value, 65) < 65) {
997                                 if(strnicmp(value,"default",7))
998                                         vol->iocharset = value;
999                                 /* if iocharset not set load_nls_default used by caller */
1000                                 cFYI(1, ("iocharset set to %s",value));
1001                         } else {
1002                                 printk(KERN_WARNING "CIFS: iocharset name too long.\n");
1003                                 return 1;
1004                         }
1005                 } else if (strnicmp(data, "uid", 3) == 0) {
1006                         if (value && *value) {
1007                                 vol->linux_uid =
1008                                         simple_strtoul(value, &value, 0);
1009                         }
1010                 } else if (strnicmp(data, "gid", 3) == 0) {
1011                         if (value && *value) {
1012                                 vol->linux_gid =
1013                                         simple_strtoul(value, &value, 0);
1014                         }
1015                 } else if (strnicmp(data, "file_mode", 4) == 0) {
1016                         if (value && *value) {
1017                                 vol->file_mode =
1018                                         simple_strtoul(value, &value, 0);
1019                         }
1020                 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1021                         if (value && *value) {
1022                                 vol->dir_mode =
1023                                         simple_strtoul(value, &value, 0);
1024                         }
1025                 } else if (strnicmp(data, "dirmode", 4) == 0) {
1026                         if (value && *value) {
1027                                 vol->dir_mode =
1028                                         simple_strtoul(value, &value, 0);
1029                         }
1030                 } else if (strnicmp(data, "port", 4) == 0) {
1031                         if (value && *value) {
1032                                 vol->port =
1033                                         simple_strtoul(value, &value, 0);
1034                         }
1035                 } else if (strnicmp(data, "rsize", 5) == 0) {
1036                         if (value && *value) {
1037                                 vol->rsize =
1038                                         simple_strtoul(value, &value, 0);
1039                         }
1040                 } else if (strnicmp(data, "wsize", 5) == 0) {
1041                         if (value && *value) {
1042                                 vol->wsize =
1043                                         simple_strtoul(value, &value, 0);
1044                         }
1045                 } else if (strnicmp(data, "sockopt", 5) == 0) {
1046                         if (value && *value) {
1047                                 vol->sockopt =
1048                                         simple_strtoul(value, &value, 0);
1049                         }
1050                 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1051                         if (!value || !*value || (*value == ' ')) {
1052                                 cFYI(1,("invalid (empty) netbiosname specified"));
1053                         } else {
1054                                 memset(vol->source_rfc1001_name,0x20,15);
1055                                 for(i=0;i<15;i++) {
1056                                 /* BB are there cases in which a comma can be 
1057                                 valid in this workstation netbios name (and need
1058                                 special handling)? */
1059
1060                                 /* We do not uppercase netbiosname for user */
1061                                         if (value[i]==0)
1062                                                 break;
1063                                         else 
1064                                                 vol->source_rfc1001_name[i] = value[i];
1065                                 }
1066                                 /* The string has 16th byte zero still from
1067                                 set at top of the function  */
1068                                 if((i==15) && (value[i] != 0))
1069                                         printk(KERN_WARNING "CIFS: netbiosname longer than 15 truncated.\n");
1070                         }
1071                 } else if (strnicmp(data, "servern", 7) == 0) {
1072                         /* servernetbiosname specified override *SMBSERVER */
1073                         if (!value || !*value || (*value == ' ')) {
1074                                 cFYI(1,("empty server netbiosname specified"));
1075                         } else {
1076                                 /* last byte, type, is 0x20 for servr type */
1077                                 memset(vol->target_rfc1001_name,0x20,16);
1078
1079                                 for(i=0;i<15;i++) {
1080                                 /* BB are there cases in which a comma can be
1081                                    valid in this workstation netbios name (and need
1082                                    special handling)? */
1083
1084                                 /* user or mount helper must uppercase netbiosname */
1085                                         if (value[i]==0)
1086                                                 break;
1087                                         else
1088                                                 vol->target_rfc1001_name[i] = value[i];
1089                                 }
1090                                 /* The string has 16th byte zero still from
1091                                    set at top of the function  */
1092                                 if((i==15) && (value[i] != 0))
1093                                         printk(KERN_WARNING "CIFS: server netbiosname longer than 15 truncated.\n");
1094                         }
1095                 } else if (strnicmp(data, "credentials", 4) == 0) {
1096                         /* ignore */
1097                 } else if (strnicmp(data, "version", 3) == 0) {
1098                         /* ignore */
1099                 } else if (strnicmp(data, "guest",5) == 0) {
1100                         /* ignore */
1101                 } else if (strnicmp(data, "rw", 2) == 0) {
1102                         vol->rw = TRUE;
1103                 } else if ((strnicmp(data, "suid", 4) == 0) ||
1104                                    (strnicmp(data, "nosuid", 6) == 0) ||
1105                                    (strnicmp(data, "exec", 4) == 0) ||
1106                                    (strnicmp(data, "noexec", 6) == 0) ||
1107                                    (strnicmp(data, "nodev", 5) == 0) ||
1108                                    (strnicmp(data, "noauto", 6) == 0) ||
1109                                    (strnicmp(data, "dev", 3) == 0)) {
1110                         /*  The mount tool or mount.cifs helper (if present)
1111                                 uses these opts to set flags, and the flags are read
1112                                 by the kernel vfs layer before we get here (ie
1113                                 before read super) so there is no point trying to
1114                                 parse these options again and set anything and it
1115                                 is ok to just ignore them */
1116                         continue;
1117                 } else if (strnicmp(data, "ro", 2) == 0) {
1118                         vol->rw = FALSE;
1119                 } else if (strnicmp(data, "hard", 4) == 0) {
1120                         vol->retry = 1;
1121                 } else if (strnicmp(data, "soft", 4) == 0) {
1122                         vol->retry = 0;
1123                 } else if (strnicmp(data, "perm", 4) == 0) {
1124                         vol->noperm = 0;
1125                 } else if (strnicmp(data, "noperm", 6) == 0) {
1126                         vol->noperm = 1;
1127                 } else if (strnicmp(data, "mapchars", 8) == 0) {
1128                         vol->remap = 1;
1129                 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1130                         vol->remap = 0;
1131                 } else if (strnicmp(data, "sfu", 3) == 0) {
1132                         vol->sfu_emul = 1;
1133                 } else if (strnicmp(data, "nosfu", 5) == 0) {
1134                         vol->sfu_emul = 0;
1135                 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1136                         vol->posix_paths = 1;
1137                 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1138                         vol->posix_paths = 0;
1139                 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1140                            (strnicmp(data, "ignorecase", 10)  == 0)) {
1141                         vol->nocase = 1;
1142                 } else if (strnicmp(data, "brl", 3) == 0) {
1143                         vol->nobrl =  0;
1144                 } else if ((strnicmp(data, "nobrl", 5) == 0) || 
1145                            (strnicmp(data, "nolock", 6) == 0)) {
1146                         vol->nobrl =  1;
1147                         /* turn off mandatory locking in mode
1148                         if remote locking is turned off since the
1149                         local vfs will do advisory */
1150                         if(vol->file_mode == (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1151                                 vol->file_mode = S_IALLUGO;
1152                 } else if (strnicmp(data, "setuids", 7) == 0) {
1153                         vol->setuids = 1;
1154                 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1155                         vol->setuids = 0;
1156                 } else if (strnicmp(data, "nohard", 6) == 0) {
1157                         vol->retry = 0;
1158                 } else if (strnicmp(data, "nosoft", 6) == 0) {
1159                         vol->retry = 1;
1160                 } else if (strnicmp(data, "nointr", 6) == 0) {
1161                         vol->intr = 0;
1162                 } else if (strnicmp(data, "intr", 4) == 0) {
1163                         vol->intr = 1;
1164                 } else if (strnicmp(data, "serverino",7) == 0) {
1165                         vol->server_ino = 1;
1166                 } else if (strnicmp(data, "noserverino",9) == 0) {
1167                         vol->server_ino = 0;
1168                 } else if (strnicmp(data, "cifsacl",7) == 0) {
1169                         vol->cifs_acl = 1;
1170                 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1171                         vol->cifs_acl = 0;
1172                 } else if (strnicmp(data, "acl",3) == 0) {
1173                         vol->no_psx_acl = 0;
1174                 } else if (strnicmp(data, "noacl",5) == 0) {
1175                         vol->no_psx_acl = 1;
1176                 } else if (strnicmp(data, "direct",6) == 0) {
1177                         vol->direct_io = 1;
1178                 } else if (strnicmp(data, "forcedirectio",13) == 0) {
1179                         vol->direct_io = 1;
1180                 } else if (strnicmp(data, "in6_addr",8) == 0) {
1181                         if (!value || !*value) {
1182                                 vol->in6_addr = NULL;
1183                         } else if (strnlen(value, 49) == 48) {
1184                                 vol->in6_addr = value;
1185                         } else {
1186                                 printk(KERN_WARNING "CIFS: ip v6 address not 48 characters long\n");
1187                                 return 1;
1188                         }
1189                 } else if (strnicmp(data, "noac", 4) == 0) {
1190                         printk(KERN_WARNING "CIFS: Mount option noac not supported. Instead set /proc/fs/cifs/LookupCacheEnabled to 0\n");
1191                 } else
1192                         printk(KERN_WARNING "CIFS: Unknown mount option %s\n",data);
1193         }
1194         if (vol->UNC == NULL) {
1195                 if(devname == NULL) {
1196                         printk(KERN_WARNING "CIFS: Missing UNC name for mount target\n");
1197                         return 1;
1198                 }
1199                 if ((temp_len = strnlen(devname, 300)) < 300) {
1200                         vol->UNC = kmalloc(temp_len+1,GFP_KERNEL);
1201                         if(vol->UNC == NULL)
1202                                 return 1;
1203                         strcpy(vol->UNC,devname);
1204                         if (strncmp(vol->UNC, "//", 2) == 0) {
1205                                 vol->UNC[0] = '\\';
1206                                 vol->UNC[1] = '\\';
1207                         } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1208                                 printk(KERN_WARNING "CIFS: UNC Path does not begin with // or \\\\ \n");
1209                                 return 1;
1210                         }
1211                 } else {
1212                         printk(KERN_WARNING "CIFS: UNC name too long\n");
1213                         return 1;
1214                 }
1215         }
1216         if(vol->UNCip == NULL)
1217                 vol->UNCip = &vol->UNC[2];
1218
1219         return 0;
1220 }
1221
1222 static struct cifsSesInfo *
1223 cifs_find_tcp_session(struct in_addr * target_ip_addr, 
1224                 struct in6_addr *target_ip6_addr,
1225                  char *userName, struct TCP_Server_Info **psrvTcp)
1226 {
1227         struct list_head *tmp;
1228         struct cifsSesInfo *ses;
1229         *psrvTcp = NULL;
1230         read_lock(&GlobalSMBSeslock);
1231
1232         list_for_each(tmp, &GlobalSMBSessionList) {
1233                 ses = list_entry(tmp, struct cifsSesInfo, cifsSessionList);
1234                 if (ses->server) {
1235                         if((target_ip_addr && 
1236                                 (ses->server->addr.sockAddr.sin_addr.s_addr
1237                                   == target_ip_addr->s_addr)) || (target_ip6_addr
1238                                 && memcmp(&ses->server->addr.sockAddr6.sin6_addr,
1239                                         target_ip6_addr,sizeof(*target_ip6_addr)))){
1240                                 /* BB lock server and tcp session and increment use count here?? */
1241                                 *psrvTcp = ses->server; /* found a match on the TCP session */
1242                                 /* BB check if reconnection needed */
1243                                 if (strncmp
1244                                     (ses->userName, userName,
1245                                      MAX_USERNAME_SIZE) == 0){
1246                                         read_unlock(&GlobalSMBSeslock);
1247                                         return ses;     /* found exact match on both tcp and SMB sessions */
1248                                 }
1249                         }
1250                 }
1251                 /* else tcp and smb sessions need reconnection */
1252         }
1253         read_unlock(&GlobalSMBSeslock);
1254         return NULL;
1255 }
1256
1257 static struct cifsTconInfo *
1258 find_unc(__be32 new_target_ip_addr, char *uncName, char *userName)
1259 {
1260         struct list_head *tmp;
1261         struct cifsTconInfo *tcon;
1262
1263         read_lock(&GlobalSMBSeslock);
1264         list_for_each(tmp, &GlobalTreeConnectionList) {
1265                 cFYI(1, ("Next tcon - "));
1266                 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
1267                 if (tcon->ses) {
1268                         if (tcon->ses->server) {
1269                                 cFYI(1,
1270                                      (" old ip addr: %x == new ip %x ?",
1271                                       tcon->ses->server->addr.sockAddr.sin_addr.
1272                                       s_addr, new_target_ip_addr));
1273                                 if (tcon->ses->server->addr.sockAddr.sin_addr.
1274                                     s_addr == new_target_ip_addr) {
1275         /* BB lock tcon and server and tcp session and increment use count here? */
1276                                         /* found a match on the TCP session */
1277                                         /* BB check if reconnection needed */
1278                                         cFYI(1,("Matched ip, old UNC: %s == new: %s ?",
1279                                               tcon->treeName, uncName));
1280                                         if (strncmp
1281                                             (tcon->treeName, uncName,
1282                                              MAX_TREE_SIZE) == 0) {
1283                                                 cFYI(1,
1284                                                      ("Matched UNC, old user: %s == new: %s ?",
1285                                                       tcon->treeName, uncName));
1286                                                 if (strncmp
1287                                                     (tcon->ses->userName,
1288                                                      userName,
1289                                                      MAX_USERNAME_SIZE) == 0) {
1290                                                         read_unlock(&GlobalSMBSeslock);
1291                                                         return tcon;/* also matched user (smb session)*/
1292                                                 }
1293                                         }
1294                                 }
1295                         }
1296                 }
1297         }
1298         read_unlock(&GlobalSMBSeslock);
1299         return NULL;
1300 }
1301
1302 int
1303 connect_to_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
1304                     const char *old_path, const struct nls_table *nls_codepage,
1305                     int remap)
1306 {
1307         unsigned char *referrals = NULL;
1308         unsigned int num_referrals;
1309         int rc = 0;
1310
1311         rc = get_dfs_path(xid, pSesInfo,old_path, nls_codepage, 
1312                         &num_referrals, &referrals, remap);
1313
1314         /* BB Add in code to: if valid refrl, if not ip address contact
1315                 the helper that resolves tcp names, mount to it, try to 
1316                 tcon to it unmount it if fail */
1317
1318         kfree(referrals);
1319
1320         return rc;
1321 }
1322
1323 int
1324 get_dfs_path(int xid, struct cifsSesInfo *pSesInfo,
1325                         const char *old_path, const struct nls_table *nls_codepage, 
1326                         unsigned int *pnum_referrals, 
1327                         unsigned char ** preferrals, int remap)
1328 {
1329         char *temp_unc;
1330         int rc = 0;
1331
1332         *pnum_referrals = 0;
1333
1334         if (pSesInfo->ipc_tid == 0) {
1335                 temp_unc = kmalloc(2 /* for slashes */ +
1336                         strnlen(pSesInfo->serverName,SERVER_NAME_LEN_WITH_NULL * 2)
1337                                  + 1 + 4 /* slash IPC$ */  + 2,
1338                                 GFP_KERNEL);
1339                 if (temp_unc == NULL)
1340                         return -ENOMEM;
1341                 temp_unc[0] = '\\';
1342                 temp_unc[1] = '\\';
1343                 strcpy(temp_unc + 2, pSesInfo->serverName);
1344                 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
1345                 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
1346                 cFYI(1,
1347                      ("CIFS Tcon rc = %d ipc_tid = %d", rc,pSesInfo->ipc_tid));
1348                 kfree(temp_unc);
1349         }
1350         if (rc == 0)
1351                 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
1352                                      pnum_referrals, nls_codepage, remap);
1353
1354         return rc;
1355 }
1356
1357 /* See RFC1001 section 14 on representation of Netbios names */
1358 static void rfc1002mangle(char * target,char * source, unsigned int length)
1359 {
1360         unsigned int i,j;
1361
1362         for(i=0,j=0;i<(length);i++) {
1363                 /* mask a nibble at a time and encode */
1364                 target[j] = 'A' + (0x0F & (source[i] >> 4));
1365                 target[j+1] = 'A' + (0x0F & source[i]);
1366                 j+=2;
1367         }
1368
1369 }
1370
1371
1372 static int
1373 ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket, 
1374              char * netbios_name, char * target_name)
1375 {
1376         int rc = 0;
1377         int connected = 0;
1378         __be16 orig_port = 0;
1379
1380         if(*csocket == NULL) {
1381                 rc = sock_create_kern(PF_INET, SOCK_STREAM, IPPROTO_TCP, csocket);
1382                 if (rc < 0) {
1383                         cERROR(1, ("Error %d creating socket",rc));
1384                         *csocket = NULL;
1385                         return rc;
1386                 } else {
1387                 /* BB other socket options to set KEEPALIVE, NODELAY? */
1388                         cFYI(1,("Socket created"));
1389                         (*csocket)->sk->sk_allocation = GFP_NOFS; 
1390                 }
1391         }
1392
1393         psin_server->sin_family = AF_INET;
1394         if(psin_server->sin_port) { /* user overrode default port */
1395                 rc = (*csocket)->ops->connect(*csocket,
1396                                 (struct sockaddr *) psin_server,
1397                                 sizeof (struct sockaddr_in),0);
1398                 if (rc >= 0)
1399                         connected = 1;
1400         } 
1401
1402         if(!connected) {
1403                 /* save original port so we can retry user specified port  
1404                         later if fall back ports fail this time  */
1405                 orig_port = psin_server->sin_port;
1406
1407                 /* do not retry on the same port we just failed on */
1408                 if(psin_server->sin_port != htons(CIFS_PORT)) {
1409                         psin_server->sin_port = htons(CIFS_PORT);
1410
1411                         rc = (*csocket)->ops->connect(*csocket,
1412                                         (struct sockaddr *) psin_server,
1413                                         sizeof (struct sockaddr_in),0);
1414                         if (rc >= 0)
1415                                 connected = 1;
1416                 }
1417         }
1418         if (!connected) {
1419                 psin_server->sin_port = htons(RFC1001_PORT);
1420                 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1421                                               psin_server, sizeof (struct sockaddr_in),0);
1422                 if (rc >= 0) 
1423                         connected = 1;
1424         }
1425
1426         /* give up here - unless we want to retry on different
1427                 protocol families some day */
1428         if (!connected) {
1429                 if(orig_port)
1430                         psin_server->sin_port = orig_port;
1431                 cFYI(1,("Error %d connecting to server via ipv4",rc));
1432                 sock_release(*csocket);
1433                 *csocket = NULL;
1434                 return rc;
1435         }
1436         /* Eventually check for other socket options to change from 
1437                 the default. sock_setsockopt not used because it expects 
1438                 user space buffer */
1439          cFYI(1,("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",(*csocket)->sk->sk_sndbuf,
1440                  (*csocket)->sk->sk_rcvbuf, (*csocket)->sk->sk_rcvtimeo));
1441         (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1442         /* make the bufsizes depend on wsize/rsize and max requests */
1443         if((*csocket)->sk->sk_sndbuf < (200 * 1024))
1444                 (*csocket)->sk->sk_sndbuf = 200 * 1024;
1445         if((*csocket)->sk->sk_rcvbuf < (140 * 1024))
1446                 (*csocket)->sk->sk_rcvbuf = 140 * 1024;
1447
1448         /* send RFC1001 sessinit */
1449         if(psin_server->sin_port == htons(RFC1001_PORT)) {
1450                 /* some servers require RFC1001 sessinit before sending
1451                 negprot - BB check reconnection in case where second 
1452                 sessinit is sent but no second negprot */
1453                 struct rfc1002_session_packet * ses_init_buf;
1454                 struct smb_hdr * smb_buf;
1455                 ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet), GFP_KERNEL);
1456                 if(ses_init_buf) {
1457                         ses_init_buf->trailer.session_req.called_len = 32;
1458                         if(target_name && (target_name[0] != 0)) {
1459                                 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1460                                         target_name, 16);
1461                         } else {
1462                                 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1463                                         DEFAULT_CIFS_CALLED_NAME,16);
1464                         }
1465
1466                         ses_init_buf->trailer.session_req.calling_len = 32;
1467                         /* calling name ends in null (byte 16) from old smb
1468                         convention. */
1469                         if(netbios_name && (netbios_name[0] !=0)) {
1470                                 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1471                                         netbios_name,16);
1472                         } else {
1473                                 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1474                                         "LINUX_CIFS_CLNT",16);
1475                         }
1476                         ses_init_buf->trailer.session_req.scope1 = 0;
1477                         ses_init_buf->trailer.session_req.scope2 = 0;
1478                         smb_buf = (struct smb_hdr *)ses_init_buf;
1479                         /* sizeof RFC1002_SESSION_REQUEST with no scope */
1480                         smb_buf->smb_buf_length = 0x81000044;
1481                         rc = smb_send(*csocket, smb_buf, 0x44,
1482                                 (struct sockaddr *)psin_server);
1483                         kfree(ses_init_buf);
1484                         msleep(1); /* RFC1001 layer in at least one server 
1485                                       requires very short break before negprot
1486                                       presumably because not expecting negprot
1487                                       to follow so fast.  This is a simple
1488                                       solution that works without 
1489                                       complicating the code and causes no
1490                                       significant slowing down on mount
1491                                       for everyone else */
1492                 }
1493                 /* else the negprot may still work without this 
1494                 even though malloc failed */
1495                 
1496         }
1497                 
1498         return rc;
1499 }
1500
1501 static int
1502 ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket)
1503 {
1504         int rc = 0;
1505         int connected = 0;
1506         __be16 orig_port = 0;
1507
1508         if(*csocket == NULL) {
1509                 rc = sock_create_kern(PF_INET6, SOCK_STREAM, IPPROTO_TCP, csocket);
1510                 if (rc < 0) {
1511                         cERROR(1, ("Error %d creating ipv6 socket",rc));
1512                         *csocket = NULL;
1513                         return rc;
1514                 } else {
1515                 /* BB other socket options to set KEEPALIVE, NODELAY? */
1516                          cFYI(1,("ipv6 Socket created"));
1517                         (*csocket)->sk->sk_allocation = GFP_NOFS;
1518                 }
1519         }
1520
1521         psin_server->sin6_family = AF_INET6;
1522
1523         if(psin_server->sin6_port) { /* user overrode default port */
1524                 rc = (*csocket)->ops->connect(*csocket,
1525                                 (struct sockaddr *) psin_server,
1526                                 sizeof (struct sockaddr_in6),0);
1527                 if (rc >= 0)
1528                         connected = 1;
1529         } 
1530
1531         if(!connected) {
1532                 /* save original port so we can retry user specified port  
1533                         later if fall back ports fail this time  */
1534
1535                 orig_port = psin_server->sin6_port;
1536                 /* do not retry on the same port we just failed on */
1537                 if(psin_server->sin6_port != htons(CIFS_PORT)) {
1538                         psin_server->sin6_port = htons(CIFS_PORT);
1539
1540                         rc = (*csocket)->ops->connect(*csocket,
1541                                         (struct sockaddr *) psin_server,
1542                                         sizeof (struct sockaddr_in6),0);
1543                         if (rc >= 0)
1544                                 connected = 1;
1545                 }
1546         }
1547         if (!connected) {
1548                 psin_server->sin6_port = htons(RFC1001_PORT);
1549                 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1550                                          psin_server, sizeof (struct sockaddr_in6),0);
1551                 if (rc >= 0) 
1552                         connected = 1;
1553         }
1554
1555         /* give up here - unless we want to retry on different
1556                 protocol families some day */
1557         if (!connected) {
1558                 if(orig_port)
1559                         psin_server->sin6_port = orig_port;
1560                 cFYI(1,("Error %d connecting to server via ipv6",rc));
1561                 sock_release(*csocket);
1562                 *csocket = NULL;
1563                 return rc;
1564         }
1565         /* Eventually check for other socket options to change from 
1566                 the default. sock_setsockopt not used because it expects 
1567                 user space buffer */
1568         (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1569                 
1570         return rc;
1571 }
1572
1573 int
1574 cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
1575            char *mount_data, const char *devname)
1576 {
1577         int rc = 0;
1578         int xid;
1579         int address_type = AF_INET;
1580         struct socket *csocket = NULL;
1581         struct sockaddr_in sin_server;
1582         struct sockaddr_in6 sin_server6;
1583         struct smb_vol volume_info;
1584         struct cifsSesInfo *pSesInfo = NULL;
1585         struct cifsSesInfo *existingCifsSes = NULL;
1586         struct cifsTconInfo *tcon = NULL;
1587         struct TCP_Server_Info *srvTcp = NULL;
1588
1589         xid = GetXid();
1590
1591 /* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */
1592         
1593         memset(&volume_info,0,sizeof(struct smb_vol));
1594         if (cifs_parse_mount_options(mount_data, devname, &volume_info)) {
1595                 kfree(volume_info.UNC);
1596                 kfree(volume_info.password);
1597                 FreeXid(xid);
1598                 return -EINVAL;
1599         }
1600
1601         if (volume_info.username) {
1602                 /* BB fixme parse for domain name here */
1603                 cFYI(1, ("Username: %s ", volume_info.username));
1604
1605         } else {
1606                 cifserror("No username specified");
1607         /* In userspace mount helper we can get user name from alternate
1608            locations such as env variables and files on disk */
1609                 kfree(volume_info.UNC);
1610                 kfree(volume_info.password);
1611                 FreeXid(xid);
1612                 return -EINVAL;
1613         }
1614
1615         if (volume_info.UNCip && volume_info.UNC) {
1616                 rc = cifs_inet_pton(AF_INET, volume_info.UNCip,&sin_server.sin_addr.s_addr);
1617
1618                 if(rc <= 0) {
1619                         /* not ipv4 address, try ipv6 */
1620                         rc = cifs_inet_pton(AF_INET6,volume_info.UNCip,&sin_server6.sin6_addr.in6_u); 
1621                         if(rc > 0)
1622                                 address_type = AF_INET6;
1623                 } else {
1624                         address_type = AF_INET;
1625                 }
1626        
1627                 if(rc <= 0) {
1628                         /* we failed translating address */
1629                         kfree(volume_info.UNC);
1630                         kfree(volume_info.password);
1631                         FreeXid(xid);
1632                         return -EINVAL;
1633                 }
1634
1635                 cFYI(1, ("UNC: %s ip: %s", volume_info.UNC, volume_info.UNCip));
1636                 /* success */
1637                 rc = 0;
1638         } else if (volume_info.UNCip){
1639                 /* BB using ip addr as server name connect to the DFS root below */
1640                 cERROR(1,("Connecting to DFS root not implemented yet"));
1641                 kfree(volume_info.UNC);
1642                 kfree(volume_info.password);
1643                 FreeXid(xid);
1644                 return -EINVAL;
1645         } else /* which servers DFS root would we conect to */ {
1646                 cERROR(1,
1647                        ("CIFS mount error: No UNC path (e.g. -o unc=//192.168.1.100/public) specified"));
1648                 kfree(volume_info.UNC);
1649                 kfree(volume_info.password);
1650                 FreeXid(xid);
1651                 return -EINVAL;
1652         }
1653
1654         /* this is needed for ASCII cp to Unicode converts */
1655         if(volume_info.iocharset == NULL) {
1656                 cifs_sb->local_nls = load_nls_default();
1657         /* load_nls_default can not return null */
1658         } else {
1659                 cifs_sb->local_nls = load_nls(volume_info.iocharset);
1660                 if(cifs_sb->local_nls == NULL) {
1661                         cERROR(1,("CIFS mount error: iocharset %s not found",volume_info.iocharset));
1662                         kfree(volume_info.UNC);
1663                         kfree(volume_info.password);
1664                         FreeXid(xid);
1665                         return -ELIBACC;
1666                 }
1667         }
1668
1669         if(address_type == AF_INET)
1670                 existingCifsSes = cifs_find_tcp_session(&sin_server.sin_addr,
1671                         NULL /* no ipv6 addr */,
1672                         volume_info.username, &srvTcp);
1673         else if(address_type == AF_INET6)
1674                 existingCifsSes = cifs_find_tcp_session(NULL /* no ipv4 addr */,
1675                         &sin_server6.sin6_addr,
1676                         volume_info.username, &srvTcp);
1677         else {
1678                 kfree(volume_info.UNC);
1679                 kfree(volume_info.password);
1680                 FreeXid(xid);
1681                 return -EINVAL;
1682         }
1683
1684
1685         if (srvTcp) {
1686                 cFYI(1, ("Existing tcp session with server found"));                
1687         } else {        /* create socket */
1688                 if(volume_info.port)
1689                         sin_server.sin_port = htons(volume_info.port);
1690                 else
1691                         sin_server.sin_port = 0;
1692                 rc = ipv4_connect(&sin_server,&csocket,
1693                                   volume_info.source_rfc1001_name,
1694                                   volume_info.target_rfc1001_name);
1695                 if (rc < 0) {
1696                         cERROR(1,
1697                                ("Error connecting to IPv4 socket. Aborting operation"));
1698                         if(csocket != NULL)
1699                                 sock_release(csocket);
1700                         kfree(volume_info.UNC);
1701                         kfree(volume_info.password);
1702                         FreeXid(xid);
1703                         return rc;
1704                 }
1705
1706                 srvTcp = kmalloc(sizeof (struct TCP_Server_Info), GFP_KERNEL);
1707                 if (srvTcp == NULL) {
1708                         rc = -ENOMEM;
1709                         sock_release(csocket);
1710                         kfree(volume_info.UNC);
1711                         kfree(volume_info.password);
1712                         FreeXid(xid);
1713                         return rc;
1714                 } else {
1715                         memset(srvTcp, 0, sizeof (struct TCP_Server_Info));
1716                         memcpy(&srvTcp->addr.sockAddr, &sin_server, sizeof (struct sockaddr_in));
1717                         atomic_set(&srvTcp->inFlight,0);
1718                         /* BB Add code for ipv6 case too */
1719                         srvTcp->ssocket = csocket;
1720                         srvTcp->protocolType = IPV4;
1721                         init_waitqueue_head(&srvTcp->response_q);
1722                         init_waitqueue_head(&srvTcp->request_q);
1723                         INIT_LIST_HEAD(&srvTcp->pending_mid_q);
1724                         /* at this point we are the only ones with the pointer
1725                         to the struct since the kernel thread not created yet
1726                         so no need to spinlock this init of tcpStatus */
1727                         srvTcp->tcpStatus = CifsNew;
1728                         init_MUTEX(&srvTcp->tcpSem);
1729                         rc = (int)kernel_thread((void *)(void *)cifs_demultiplex_thread, srvTcp,
1730                                       CLONE_FS | CLONE_FILES | CLONE_VM);
1731                         if(rc < 0) {
1732                                 rc = -ENOMEM;
1733                                 sock_release(csocket);
1734                                 kfree(volume_info.UNC);
1735                                 kfree(volume_info.password);
1736                                 FreeXid(xid);
1737                                 return rc;
1738                         }
1739                         wait_for_completion(&cifsd_complete);
1740                         rc = 0;
1741                         memcpy(srvTcp->workstation_RFC1001_name, volume_info.source_rfc1001_name,16);
1742                         memcpy(srvTcp->server_RFC1001_name, volume_info.target_rfc1001_name,16);
1743                         srvTcp->sequence_number = 0;
1744                 }
1745         }
1746
1747         if (existingCifsSes) {
1748                 pSesInfo = existingCifsSes;
1749                 cFYI(1, ("Existing smb sess found"));
1750                 kfree(volume_info.password);
1751                 /* volume_info.UNC freed at end of function */
1752         } else if (!rc) {
1753                 cFYI(1, ("Existing smb sess not found"));
1754                 pSesInfo = sesInfoAlloc();
1755                 if (pSesInfo == NULL)
1756                         rc = -ENOMEM;
1757                 else {
1758                         pSesInfo->server = srvTcp;
1759                         sprintf(pSesInfo->serverName, "%u.%u.%u.%u",
1760                                 NIPQUAD(sin_server.sin_addr.s_addr));
1761                 }
1762
1763                 if (!rc){
1764                         /* volume_info.password freed at unmount */   
1765                         if (volume_info.password)
1766                                 pSesInfo->password = volume_info.password;
1767                         if (volume_info.username)
1768                                 strncpy(pSesInfo->userName,
1769                                         volume_info.username,MAX_USERNAME_SIZE);
1770                         if (volume_info.domainname) {
1771                                 int len = strlen(volume_info.domainname);
1772                                 pSesInfo->domainName = 
1773                                         kmalloc(len + 1, GFP_KERNEL);
1774                                 if(pSesInfo->domainName)
1775                                         strcpy(pSesInfo->domainName,
1776                                                 volume_info.domainname);
1777                         }
1778                         pSesInfo->linux_uid = volume_info.linux_uid;
1779                         down(&pSesInfo->sesSem);
1780                         rc = cifs_setup_session(xid,pSesInfo, cifs_sb->local_nls);
1781                         up(&pSesInfo->sesSem);
1782                         if(!rc)
1783                                 atomic_inc(&srvTcp->socketUseCount);
1784                 } else
1785                         kfree(volume_info.password);
1786         }
1787     
1788         /* search for existing tcon to this server share */
1789         if (!rc) {
1790                 if(volume_info.rsize > CIFSMaxBufSize) {
1791                         cERROR(1,("rsize %d too large, using MaxBufSize",
1792                                 volume_info.rsize));
1793                         cifs_sb->rsize = CIFSMaxBufSize;
1794                 } else if((volume_info.rsize) && (volume_info.rsize <= CIFSMaxBufSize))
1795                         cifs_sb->rsize = volume_info.rsize;
1796                 else /* default */
1797                         cifs_sb->rsize = CIFSMaxBufSize;
1798
1799                 if(volume_info.wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
1800                         cERROR(1,("wsize %d too large using 4096 instead",
1801                                   volume_info.wsize));
1802                         cifs_sb->wsize = 4096;
1803                 } else if(volume_info.wsize)
1804                         cifs_sb->wsize = volume_info.wsize;
1805                 else
1806                         cifs_sb->wsize = 
1807                                 min_t(const int, PAGEVEC_SIZE * PAGE_CACHE_SIZE,
1808                                         127*1024);
1809                         /* old default of CIFSMaxBufSize was too small now
1810                            that SMB Write2 can send multiple pages in kvec.   
1811                            RFC1001 does not describe what happens when frame
1812                            bigger than 128K is sent so use that as max in
1813                            conjunction with 52K kvec constraint on arch with 4K
1814                            page size  */
1815
1816                 if(cifs_sb->rsize < 2048) {
1817                         cifs_sb->rsize = 2048; 
1818                         /* Windows ME may prefer this */
1819                         cFYI(1,("readsize set to minimum 2048"));
1820                 }
1821                 cifs_sb->mnt_uid = volume_info.linux_uid;
1822                 cifs_sb->mnt_gid = volume_info.linux_gid;
1823                 cifs_sb->mnt_file_mode = volume_info.file_mode;
1824                 cifs_sb->mnt_dir_mode = volume_info.dir_mode;
1825                 cFYI(1,("file mode: 0x%x  dir mode: 0x%x",
1826                         cifs_sb->mnt_file_mode,cifs_sb->mnt_dir_mode));
1827
1828                 if(volume_info.noperm)
1829                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
1830                 if(volume_info.setuids)
1831                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
1832                 if(volume_info.server_ino)
1833                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
1834                 if(volume_info.remap)
1835                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
1836                 if(volume_info.no_xattr)
1837                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
1838                 if(volume_info.sfu_emul)
1839                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
1840                 if(volume_info.nobrl)
1841                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
1842                 if(volume_info.cifs_acl)
1843                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
1844
1845                 if(volume_info.direct_io) {
1846                         cFYI(1,("mounting share using direct i/o"));
1847                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
1848                 }
1849
1850                 tcon =
1851                     find_unc(sin_server.sin_addr.s_addr, volume_info.UNC,
1852                              volume_info.username);
1853                 if (tcon) {
1854                         cFYI(1, ("Found match on UNC path"));
1855                         /* we can have only one retry value for a connection
1856                            to a share so for resources mounted more than once
1857                            to the same server share the last value passed in 
1858                            for the retry flag is used */
1859                         tcon->retry = volume_info.retry;
1860                         tcon->nocase = volume_info.nocase;
1861                 } else {
1862                         tcon = tconInfoAlloc();
1863                         if (tcon == NULL)
1864                                 rc = -ENOMEM;
1865                         else {
1866                                 /* check for null share name ie connect to dfs root */
1867
1868                                 /* BB check if this works for exactly length three strings */
1869                                 if ((strchr(volume_info.UNC + 3, '\\') == NULL)
1870                                     && (strchr(volume_info.UNC + 3, '/') ==
1871                                         NULL)) {
1872                                         rc = connect_to_dfs_path(xid, pSesInfo,
1873                                                         "", cifs_sb->local_nls,
1874                                                         cifs_sb->mnt_cifs_flags & 
1875                                                           CIFS_MOUNT_MAP_SPECIAL_CHR);
1876                                         kfree(volume_info.UNC);
1877                                         FreeXid(xid);
1878                                         return -ENODEV;
1879                                 } else {
1880                                         rc = CIFSTCon(xid, pSesInfo, 
1881                                                 volume_info.UNC,
1882                                                 tcon, cifs_sb->local_nls);
1883                                         cFYI(1, ("CIFS Tcon rc = %d", rc));
1884                                 }
1885                                 if (!rc) {
1886                                         atomic_inc(&pSesInfo->inUse);
1887                                         tcon->retry = volume_info.retry;
1888                                         tcon->nocase = volume_info.nocase;
1889                                 }
1890                         }
1891                 }
1892         }
1893         if(pSesInfo) {
1894                 if (pSesInfo->capabilities & CAP_LARGE_FILES) {
1895                         sb->s_maxbytes = (u64) 1 << 63;
1896                 } else
1897                         sb->s_maxbytes = (u64) 1 << 31; /* 2 GB */
1898         }
1899
1900         sb->s_time_gran = 100;
1901
1902 /* on error free sesinfo and tcon struct if needed */
1903         if (rc) {
1904                 /* if session setup failed, use count is zero but
1905                 we still need to free cifsd thread */
1906                 if(atomic_read(&srvTcp->socketUseCount) == 0) {
1907                         spin_lock(&GlobalMid_Lock);
1908                         srvTcp->tcpStatus = CifsExiting;
1909                         spin_unlock(&GlobalMid_Lock);
1910                         if(srvTcp->tsk) {
1911                                 send_sig(SIGKILL,srvTcp->tsk,1);
1912                                 wait_for_completion(&cifsd_complete);
1913                         }
1914                 }
1915                  /* If find_unc succeeded then rc == 0 so we can not end */
1916                 if (tcon)  /* up accidently freeing someone elses tcon struct */
1917                         tconInfoFree(tcon);
1918                 if (existingCifsSes == NULL) {
1919                         if (pSesInfo) {
1920                                 if ((pSesInfo->server) && 
1921                                     (pSesInfo->status == CifsGood)) {
1922                                         int temp_rc;
1923                                         temp_rc = CIFSSMBLogoff(xid, pSesInfo);
1924                                         /* if the socketUseCount is now zero */
1925                                         if((temp_rc == -ESHUTDOWN) &&
1926                                            (pSesInfo->server->tsk)) {
1927                                                 send_sig(SIGKILL,pSesInfo->server->tsk,1);
1928                                                 wait_for_completion(&cifsd_complete);
1929                                         }
1930                                 } else
1931                                         cFYI(1, ("No session or bad tcon"));
1932                                 sesInfoFree(pSesInfo);
1933                                 /* pSesInfo = NULL; */
1934                         }
1935                 }
1936         } else {
1937                 atomic_inc(&tcon->useCount);
1938                 cifs_sb->tcon = tcon;
1939                 tcon->ses = pSesInfo;
1940
1941                 /* do not care if following two calls succeed - informational */
1942                 CIFSSMBQFSDeviceInfo(xid, tcon);
1943                 CIFSSMBQFSAttributeInfo(xid, tcon);
1944
1945                 if (tcon->ses->capabilities & CAP_UNIX) {
1946                         if(!CIFSSMBQFSUnixInfo(xid, tcon)) {
1947                                 __u64 cap = 
1948                                        le64_to_cpu(tcon->fsUnixInfo.Capability);
1949                                 cap &= CIFS_UNIX_CAP_MASK;
1950                                 if(volume_info.no_psx_acl)
1951                                         cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
1952                                 else if(CIFS_UNIX_POSIX_ACL_CAP & cap) {
1953                                         cFYI(1,("negotiated posix acl support"));
1954                                         sb->s_flags |= MS_POSIXACL;
1955                                 }
1956
1957                                 if(volume_info.posix_paths == 0)
1958                                         cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
1959                                 else if(cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
1960                                         cFYI(1,("negotiate posix pathnames"));
1961                                         cifs_sb->mnt_cifs_flags |= 
1962                                                 CIFS_MOUNT_POSIX_PATHS;
1963                                 }
1964                                         
1965                                 cFYI(1,("Negotiate caps 0x%x",(int)cap));
1966
1967                                 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
1968                                         cFYI(1,("setting capabilities failed"));
1969                                 }
1970                         }
1971                 }
1972                 if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
1973                         cifs_sb->wsize = min(cifs_sb->wsize,
1974                                              (tcon->ses->server->maxBuf -
1975                                               MAX_CIFS_HDR_SIZE));
1976                 if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
1977                         cifs_sb->rsize = min(cifs_sb->rsize,
1978                                              (tcon->ses->server->maxBuf -
1979                                               MAX_CIFS_HDR_SIZE));
1980         }
1981
1982         /* volume_info.password is freed above when existing session found
1983         (in which case it is not needed anymore) but when new sesion is created
1984         the password ptr is put in the new session structure (in which case the
1985         password will be freed at unmount time) */
1986         kfree(volume_info.UNC);
1987         FreeXid(xid);
1988         return rc;
1989 }
1990
1991 static int
1992 CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
1993               char session_key[CIFS_SESSION_KEY_SIZE],
1994               const struct nls_table *nls_codepage)
1995 {
1996         struct smb_hdr *smb_buffer;
1997         struct smb_hdr *smb_buffer_response;
1998         SESSION_SETUP_ANDX *pSMB;
1999         SESSION_SETUP_ANDX *pSMBr;
2000         char *bcc_ptr;
2001         char *user;
2002         char *domain;
2003         int rc = 0;
2004         int remaining_words = 0;
2005         int bytes_returned = 0;
2006         int len;
2007         __u32 capabilities;
2008         __u16 count;
2009
2010         cFYI(1, ("In sesssetup"));
2011         if(ses == NULL)
2012                 return -EINVAL;
2013         user = ses->userName;
2014         domain = ses->domainName;
2015         smb_buffer = cifs_buf_get();
2016         if (smb_buffer == NULL) {
2017                 return -ENOMEM;
2018         }
2019         smb_buffer_response = smb_buffer;
2020         pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2021
2022         /* send SMBsessionSetup here */
2023         header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2024                         NULL /* no tCon exists yet */ , 13 /* wct */ );
2025
2026         smb_buffer->Mid = GetNextMid(ses->server);
2027         pSMB->req_no_secext.AndXCommand = 0xFF;
2028         pSMB->req_no_secext.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2029         pSMB->req_no_secext.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2030
2031         if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2032                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2033
2034         capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2035                 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
2036         if (ses->capabilities & CAP_UNICODE) {
2037                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2038                 capabilities |= CAP_UNICODE;
2039         }
2040         if (ses->capabilities & CAP_STATUS32) {
2041                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2042                 capabilities |= CAP_STATUS32;
2043         }
2044         if (ses->capabilities & CAP_DFS) {
2045                 smb_buffer->Flags2 |= SMBFLG2_DFS;
2046                 capabilities |= CAP_DFS;
2047         }
2048         pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
2049
2050         pSMB->req_no_secext.CaseInsensitivePasswordLength = 
2051                 cpu_to_le16(CIFS_SESSION_KEY_SIZE);
2052
2053         pSMB->req_no_secext.CaseSensitivePasswordLength =
2054             cpu_to_le16(CIFS_SESSION_KEY_SIZE);
2055         bcc_ptr = pByteArea(smb_buffer);
2056         memcpy(bcc_ptr, (char *) session_key, CIFS_SESSION_KEY_SIZE);
2057         bcc_ptr += CIFS_SESSION_KEY_SIZE;
2058         memcpy(bcc_ptr, (char *) session_key, CIFS_SESSION_KEY_SIZE);
2059         bcc_ptr += CIFS_SESSION_KEY_SIZE;
2060
2061         if (ses->capabilities & CAP_UNICODE) {
2062                 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode */
2063                         *bcc_ptr = 0;
2064                         bcc_ptr++;
2065                 }
2066                 if(user == NULL)
2067                         bytes_returned = 0; /* skip null user */
2068                 else
2069                         bytes_returned =
2070                                 cifs_strtoUCS((__le16 *) bcc_ptr, user, 100,
2071                                         nls_codepage);
2072                 /* convert number of 16 bit words to bytes */
2073                 bcc_ptr += 2 * bytes_returned;
2074                 bcc_ptr += 2;   /* trailing null */
2075                 if (domain == NULL)
2076                         bytes_returned =
2077                             cifs_strtoUCS((__le16 *) bcc_ptr,
2078                                           "CIFS_LINUX_DOM", 32, nls_codepage);
2079                 else
2080                         bytes_returned =
2081                             cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2082                                           nls_codepage);
2083                 bcc_ptr += 2 * bytes_returned;
2084                 bcc_ptr += 2;
2085                 bytes_returned =
2086                     cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2087                                   32, nls_codepage);
2088                 bcc_ptr += 2 * bytes_returned;
2089                 bytes_returned =
2090                     cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release,
2091                                   32, nls_codepage);
2092                 bcc_ptr += 2 * bytes_returned;
2093                 bcc_ptr += 2;
2094                 bytes_returned =
2095                     cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2096                                   64, nls_codepage);
2097                 bcc_ptr += 2 * bytes_returned;
2098                 bcc_ptr += 2;
2099         } else {
2100                 if(user != NULL) {                
2101                     strncpy(bcc_ptr, user, 200);
2102                     bcc_ptr += strnlen(user, 200);
2103                 }
2104                 *bcc_ptr = 0;
2105                 bcc_ptr++;
2106                 if (domain == NULL) {
2107                         strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2108                         bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2109                 } else {
2110                         strncpy(bcc_ptr, domain, 64);
2111                         bcc_ptr += strnlen(domain, 64);
2112                         *bcc_ptr = 0;
2113                         bcc_ptr++;
2114                 }
2115                 strcpy(bcc_ptr, "Linux version ");
2116                 bcc_ptr += strlen("Linux version ");
2117                 strcpy(bcc_ptr, system_utsname.release);
2118                 bcc_ptr += strlen(system_utsname.release) + 1;
2119                 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2120                 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2121         }
2122         count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2123         smb_buffer->smb_buf_length += count;
2124         pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
2125
2126         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2127                          &bytes_returned, 1);
2128         if (rc) {
2129 /* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2130         } else if ((smb_buffer_response->WordCount == 3)
2131                    || (smb_buffer_response->WordCount == 4)) {
2132                 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2133                 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2134                 if (action & GUEST_LOGIN)
2135                         cFYI(1, (" Guest login"));      /* do we want to mark SesInfo struct ? */
2136                 ses->Suid = smb_buffer_response->Uid;   /* UID left in wire format (le) */
2137                 cFYI(1, ("UID = %d ", ses->Suid));
2138          /* response can have either 3 or 4 word count - Samba sends 3 */
2139                 bcc_ptr = pByteArea(smb_buffer_response);       
2140                 if ((pSMBr->resp.hdr.WordCount == 3)
2141                     || ((pSMBr->resp.hdr.WordCount == 4)
2142                         && (blob_len < pSMBr->resp.ByteCount))) {
2143                         if (pSMBr->resp.hdr.WordCount == 4)
2144                                 bcc_ptr += blob_len;
2145
2146                         if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2147                                 if ((long) (bcc_ptr) % 2) {
2148                                         remaining_words =
2149                                             (BCC(smb_buffer_response) - 1) /2;
2150                                         bcc_ptr++;      /* Unicode strings must be word aligned */
2151                                 } else {
2152                                         remaining_words =
2153                                                 BCC(smb_buffer_response) / 2;
2154                                 }
2155                                 len =
2156                                     UniStrnlen((wchar_t *) bcc_ptr,
2157                                                remaining_words - 1);
2158 /* We look for obvious messed up bcc or strings in response so we do not go off
2159    the end since (at least) WIN2K and Windows XP have a major bug in not null
2160    terminating last Unicode string in response  */
2161                                 if(ses->serverOS)
2162                                         kfree(ses->serverOS);
2163                                 ses->serverOS = kzalloc(2 * (len + 1), GFP_KERNEL);
2164                                 if(ses->serverOS == NULL)
2165                                         goto sesssetup_nomem;
2166                                 cifs_strfromUCS_le(ses->serverOS,
2167                                            (__le16 *)bcc_ptr, len,nls_codepage);
2168                                 bcc_ptr += 2 * (len + 1);
2169                                 remaining_words -= len + 1;
2170                                 ses->serverOS[2 * len] = 0;
2171                                 ses->serverOS[1 + (2 * len)] = 0;
2172                                 if (remaining_words > 0) {
2173                                         len = UniStrnlen((wchar_t *)bcc_ptr,
2174                                                          remaining_words-1);
2175                                         if(ses->serverNOS)
2176                                                 kfree(ses->serverNOS);
2177                                         ses->serverNOS = kzalloc(2 * (len + 1),GFP_KERNEL);
2178                                         if(ses->serverNOS == NULL)
2179                                                 goto sesssetup_nomem;
2180                                         cifs_strfromUCS_le(ses->serverNOS,
2181                                                            (__le16 *)bcc_ptr,len,nls_codepage);
2182                                         bcc_ptr += 2 * (len + 1);
2183                                         ses->serverNOS[2 * len] = 0;
2184                                         ses->serverNOS[1 + (2 * len)] = 0;
2185                                         if(strncmp(ses->serverNOS,
2186                                                 "NT LAN Manager 4",16) == 0) {
2187                                                 cFYI(1,("NT4 server"));
2188                                                 ses->flags |= CIFS_SES_NT4;
2189                                         }
2190                                         remaining_words -= len + 1;
2191                                         if (remaining_words > 0) {
2192                                                 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2193           /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2194                                                 if(ses->serverDomain)
2195                                                         kfree(ses->serverDomain);
2196                                                 ses->serverDomain =
2197                                                     kzalloc(2*(len+1),GFP_KERNEL);
2198                                                 if(ses->serverDomain == NULL)
2199                                                         goto sesssetup_nomem;
2200                                                 cifs_strfromUCS_le(ses->serverDomain,
2201                                                      (__le16 *)bcc_ptr,len,nls_codepage);
2202                                                 bcc_ptr += 2 * (len + 1);
2203                                                 ses->serverDomain[2*len] = 0;
2204                                                 ses->serverDomain[1+(2*len)] = 0;
2205                                         } /* else no more room so create dummy domain string */
2206                                         else {
2207                                                 if(ses->serverDomain)
2208                                                         kfree(ses->serverDomain);
2209                                                 ses->serverDomain = 
2210                                                         kzalloc(2, GFP_KERNEL);
2211                                         }
2212                                 } else {        /* no room so create dummy domain and NOS string */
2213                                         /* if these kcallocs fail not much we
2214                                            can do, but better to not fail the
2215                                            sesssetup itself */
2216                                         if(ses->serverDomain)
2217                                                 kfree(ses->serverDomain);
2218                                         ses->serverDomain =
2219                                             kzalloc(2, GFP_KERNEL);
2220                                         if(ses->serverNOS)
2221                                                 kfree(ses->serverNOS);
2222                                         ses->serverNOS =
2223                                             kzalloc(2, GFP_KERNEL);
2224                                 }
2225                         } else {        /* ASCII */
2226                                 len = strnlen(bcc_ptr, 1024);
2227                                 if (((long) bcc_ptr + len) - (long)
2228                                     pByteArea(smb_buffer_response)
2229                                             <= BCC(smb_buffer_response)) {
2230                                         if(ses->serverOS)
2231                                                 kfree(ses->serverOS);
2232                                         ses->serverOS = kzalloc(len + 1,GFP_KERNEL);
2233                                         if(ses->serverOS == NULL)
2234                                                 goto sesssetup_nomem;
2235                                         strncpy(ses->serverOS,bcc_ptr, len);
2236
2237                                         bcc_ptr += len;
2238                                         bcc_ptr[0] = 0; /* null terminate the string */
2239                                         bcc_ptr++;
2240
2241                                         len = strnlen(bcc_ptr, 1024);
2242                                         if(ses->serverNOS)
2243                                                 kfree(ses->serverNOS);
2244                                         ses->serverNOS = kzalloc(len + 1,GFP_KERNEL);
2245                                         if(ses->serverNOS == NULL)
2246                                                 goto sesssetup_nomem;
2247                                         strncpy(ses->serverNOS, bcc_ptr, len);
2248                                         bcc_ptr += len;
2249                                         bcc_ptr[0] = 0;
2250                                         bcc_ptr++;
2251
2252                                         len = strnlen(bcc_ptr, 1024);
2253                                         if(ses->serverDomain)
2254                                                 kfree(ses->serverDomain);
2255                                         ses->serverDomain = kzalloc(len + 1,GFP_KERNEL);
2256                                         if(ses->serverDomain == NULL)
2257                                                 goto sesssetup_nomem;
2258                                         strncpy(ses->serverDomain, bcc_ptr, len);
2259                                         bcc_ptr += len;
2260                                         bcc_ptr[0] = 0;
2261                                         bcc_ptr++;
2262                                 } else
2263                                         cFYI(1,
2264                                              ("Variable field of length %d extends beyond end of smb ",
2265                                               len));
2266                         }
2267                 } else {
2268                         cERROR(1,
2269                                (" Security Blob Length extends beyond end of SMB"));
2270                 }
2271         } else {
2272                 cERROR(1,
2273                        (" Invalid Word count %d: ",
2274                         smb_buffer_response->WordCount));
2275                 rc = -EIO;
2276         }
2277 sesssetup_nomem:        /* do not return an error on nomem for the info strings,
2278                            since that could make reconnection harder, and
2279                            reconnection might be needed to free memory */
2280         if (smb_buffer)
2281                 cifs_buf_release(smb_buffer);
2282
2283         return rc;
2284 }
2285
2286 static int
2287 CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2288                 char *SecurityBlob,int SecurityBlobLength,
2289                 const struct nls_table *nls_codepage)
2290 {
2291         struct smb_hdr *smb_buffer;
2292         struct smb_hdr *smb_buffer_response;
2293         SESSION_SETUP_ANDX *pSMB;
2294         SESSION_SETUP_ANDX *pSMBr;
2295         char *bcc_ptr;
2296         char *user;
2297         char *domain;
2298         int rc = 0;
2299         int remaining_words = 0;
2300         int bytes_returned = 0;
2301         int len;
2302         __u32 capabilities;
2303         __u16 count;
2304
2305         cFYI(1, ("In spnego sesssetup "));
2306         if(ses == NULL)
2307                 return -EINVAL;
2308         user = ses->userName;
2309         domain = ses->domainName;
2310
2311         smb_buffer = cifs_buf_get();
2312         if (smb_buffer == NULL) {
2313                 return -ENOMEM;
2314         }
2315         smb_buffer_response = smb_buffer;
2316         pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2317
2318         /* send SMBsessionSetup here */
2319         header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2320                         NULL /* no tCon exists yet */ , 12 /* wct */ );
2321
2322         smb_buffer->Mid = GetNextMid(ses->server);
2323         pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2324         pSMB->req.AndXCommand = 0xFF;
2325         if(ses->server->maxBuf > 64*1024)
2326                 ses->server->maxBuf = (64*1023);
2327         pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2328         pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2329
2330         if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2331                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2332
2333         capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2334             CAP_EXTENDED_SECURITY;
2335         if (ses->capabilities & CAP_UNICODE) {
2336                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2337                 capabilities |= CAP_UNICODE;
2338         }
2339         if (ses->capabilities & CAP_STATUS32) {
2340                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2341                 capabilities |= CAP_STATUS32;
2342         }
2343         if (ses->capabilities & CAP_DFS) {
2344                 smb_buffer->Flags2 |= SMBFLG2_DFS;
2345                 capabilities |= CAP_DFS;
2346         }
2347         pSMB->req.Capabilities = cpu_to_le32(capabilities);
2348
2349         pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2350         bcc_ptr = pByteArea(smb_buffer);
2351         memcpy(bcc_ptr, SecurityBlob, SecurityBlobLength);
2352         bcc_ptr += SecurityBlobLength;
2353
2354         if (ses->capabilities & CAP_UNICODE) {
2355                 if ((long) bcc_ptr % 2) {       /* must be word aligned for Unicode strings */
2356                         *bcc_ptr = 0;
2357                         bcc_ptr++;
2358                 }
2359                 bytes_returned =
2360                     cifs_strtoUCS((__le16 *) bcc_ptr, user, 100, nls_codepage);
2361                 bcc_ptr += 2 * bytes_returned;  /* convert num of 16 bit words to bytes */
2362                 bcc_ptr += 2;   /* trailing null */
2363                 if (domain == NULL)
2364                         bytes_returned =
2365                             cifs_strtoUCS((__le16 *) bcc_ptr,
2366                                           "CIFS_LINUX_DOM", 32, nls_codepage);
2367                 else
2368                         bytes_returned =
2369                             cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2370                                           nls_codepage);
2371                 bcc_ptr += 2 * bytes_returned;
2372                 bcc_ptr += 2;
2373                 bytes_returned =
2374                     cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2375                                   32, nls_codepage);
2376                 bcc_ptr += 2 * bytes_returned;
2377                 bytes_returned =
2378                     cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release, 32,
2379                                   nls_codepage);
2380                 bcc_ptr += 2 * bytes_returned;
2381                 bcc_ptr += 2;
2382                 bytes_returned =
2383                     cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2384                                   64, nls_codepage);
2385                 bcc_ptr += 2 * bytes_returned;
2386                 bcc_ptr += 2;
2387         } else {
2388                 strncpy(bcc_ptr, user, 200);
2389                 bcc_ptr += strnlen(user, 200);
2390                 *bcc_ptr = 0;
2391                 bcc_ptr++;
2392                 if (domain == NULL) {
2393                         strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2394                         bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2395                 } else {
2396                         strncpy(bcc_ptr, domain, 64);
2397                         bcc_ptr += strnlen(domain, 64);
2398                         *bcc_ptr = 0;
2399                         bcc_ptr++;
2400                 }
2401                 strcpy(bcc_ptr, "Linux version ");
2402                 bcc_ptr += strlen("Linux version ");
2403                 strcpy(bcc_ptr, system_utsname.release);
2404                 bcc_ptr += strlen(system_utsname.release) + 1;
2405                 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2406                 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2407         }
2408         count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2409         smb_buffer->smb_buf_length += count;
2410         pSMB->req.ByteCount = cpu_to_le16(count);
2411
2412         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2413                          &bytes_returned, 1);
2414         if (rc) {
2415 /*    rc = map_smb_to_linux_error(smb_buffer_response);  *//* done in SendReceive now */
2416         } else if ((smb_buffer_response->WordCount == 3)
2417                    || (smb_buffer_response->WordCount == 4)) {
2418                 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2419                 __u16 blob_len =
2420                     le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2421                 if (action & GUEST_LOGIN)
2422                         cFYI(1, (" Guest login"));      /* BB do we want to set anything in SesInfo struct ? */
2423                 if (ses) {
2424                         ses->Suid = smb_buffer_response->Uid;   /* UID left in wire format (le) */
2425                         cFYI(1, ("UID = %d ", ses->Suid));
2426                         bcc_ptr = pByteArea(smb_buffer_response);       /* response can have either 3 or 4 word count - Samba sends 3 */
2427
2428                         /* BB Fix below to make endian neutral !! */
2429
2430                         if ((pSMBr->resp.hdr.WordCount == 3)
2431                             || ((pSMBr->resp.hdr.WordCount == 4)
2432                                 && (blob_len <
2433                                     pSMBr->resp.ByteCount))) {
2434                                 if (pSMBr->resp.hdr.WordCount == 4) {
2435                                         bcc_ptr +=
2436                                             blob_len;
2437                                         cFYI(1,
2438                                              ("Security Blob Length %d ",
2439                                               blob_len));
2440                                 }
2441
2442                                 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2443                                         if ((long) (bcc_ptr) % 2) {
2444                                                 remaining_words =
2445                                                     (BCC(smb_buffer_response)
2446                                                      - 1) / 2;
2447                                                 bcc_ptr++;      /* Unicode strings must be word aligned */
2448                                         } else {
2449                                                 remaining_words =
2450                                                     BCC
2451                                                     (smb_buffer_response) / 2;
2452                                         }
2453                                         len =
2454                                             UniStrnlen((wchar_t *) bcc_ptr,
2455                                                        remaining_words - 1);
2456 /* We look for obvious messed up bcc or strings in response so we do not go off
2457    the end since (at least) WIN2K and Windows XP have a major bug in not null
2458    terminating last Unicode string in response  */
2459                                         if(ses->serverOS)
2460                                                 kfree(ses->serverOS);
2461                                         ses->serverOS =
2462                                             kzalloc(2 * (len + 1), GFP_KERNEL);
2463                                         cifs_strfromUCS_le(ses->serverOS,
2464                                                            (__le16 *)
2465                                                            bcc_ptr, len,
2466                                                            nls_codepage);
2467                                         bcc_ptr += 2 * (len + 1);
2468                                         remaining_words -= len + 1;
2469                                         ses->serverOS[2 * len] = 0;
2470                                         ses->serverOS[1 + (2 * len)] = 0;
2471                                         if (remaining_words > 0) {
2472                                                 len = UniStrnlen((wchar_t *)bcc_ptr,
2473                                                                  remaining_words
2474                                                                  - 1);
2475                                                 if(ses->serverNOS)
2476                                                         kfree(ses->serverNOS);
2477                                                 ses->serverNOS =
2478                                                     kzalloc(2 * (len + 1),
2479                                                             GFP_KERNEL);
2480                                                 cifs_strfromUCS_le(ses->serverNOS,
2481                                                                    (__le16 *)bcc_ptr,
2482                                                                    len,
2483                                                                    nls_codepage);
2484                                                 bcc_ptr += 2 * (len + 1);
2485                                                 ses->serverNOS[2 * len] = 0;
2486                                                 ses->serverNOS[1 + (2 * len)] = 0;
2487                                                 remaining_words -= len + 1;
2488                                                 if (remaining_words > 0) {
2489                                                         len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words); 
2490                      /* last string not null terminated (e.g.Windows XP/2000) */
2491                                                         if(ses->serverDomain)
2492                                                                 kfree(ses->serverDomain);
2493                                                         ses->serverDomain = kzalloc(2*(len+1),GFP_KERNEL);
2494                                                         cifs_strfromUCS_le(ses->serverDomain,
2495                                                              (__le16 *)bcc_ptr, 
2496                                                              len, nls_codepage);
2497                                                         bcc_ptr += 2*(len+1);
2498                                                         ses->serverDomain[2*len] = 0;
2499                                                         ses->serverDomain[1+(2*len)] = 0;
2500                                                 } /* else no more room so create dummy domain string */
2501                                                 else {
2502                                                         if(ses->serverDomain)
2503                                                                 kfree(ses->serverDomain);
2504                                                         ses->serverDomain =
2505                                                             kzalloc(2,GFP_KERNEL);
2506                                                 }
2507                                         } else {/* no room use dummy domain&NOS */
2508                                                 if(ses->serverDomain)
2509                                                         kfree(ses->serverDomain);
2510                                                 ses->serverDomain = kzalloc(2, GFP_KERNEL);
2511                                                 if(ses->serverNOS)
2512                                                         kfree(ses->serverNOS);
2513                                                 ses->serverNOS = kzalloc(2, GFP_KERNEL);
2514                                         }
2515                                 } else {        /* ASCII */
2516
2517                                         len = strnlen(bcc_ptr, 1024);
2518                                         if (((long) bcc_ptr + len) - (long)
2519                                             pByteArea(smb_buffer_response)
2520                                             <= BCC(smb_buffer_response)) {
2521                                                 if(ses->serverOS)
2522                                                         kfree(ses->serverOS);
2523                                                 ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
2524                                                 strncpy(ses->serverOS, bcc_ptr, len);
2525
2526                                                 bcc_ptr += len;
2527                                                 bcc_ptr[0] = 0; /* null terminate the string */
2528                                                 bcc_ptr++;
2529
2530                                                 len = strnlen(bcc_ptr, 1024);
2531                                                 if(ses->serverNOS)
2532                                                         kfree(ses->serverNOS);
2533                                                 ses->serverNOS = kzalloc(len + 1,GFP_KERNEL);
2534                                                 strncpy(ses->serverNOS, bcc_ptr, len);
2535                                                 bcc_ptr += len;
2536                                                 bcc_ptr[0] = 0;
2537                                                 bcc_ptr++;
2538
2539                                                 len = strnlen(bcc_ptr, 1024);
2540                                                 if(ses->serverDomain)
2541                                                         kfree(ses->serverDomain);
2542                                                 ses->serverDomain = kzalloc(len + 1, GFP_KERNEL);
2543                                                 strncpy(ses->serverDomain, bcc_ptr, len);
2544                                                 bcc_ptr += len;
2545                                                 bcc_ptr[0] = 0;
2546                                                 bcc_ptr++;
2547                                         } else
2548                                                 cFYI(1,
2549                                                      ("Variable field of length %d extends beyond end of smb ",
2550                                                       len));
2551                                 }
2552                         } else {
2553                                 cERROR(1,
2554                                        (" Security Blob Length extends beyond end of SMB"));
2555                         }
2556                 } else {
2557                         cERROR(1, ("No session structure passed in."));
2558                 }
2559         } else {
2560                 cERROR(1,
2561                        (" Invalid Word count %d: ",
2562                         smb_buffer_response->WordCount));
2563                 rc = -EIO;
2564         }
2565
2566         if (smb_buffer)
2567                 cifs_buf_release(smb_buffer);
2568
2569         return rc;
2570 }
2571
2572 static int
2573 CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2574                               struct cifsSesInfo *ses, int * pNTLMv2_flag,
2575                               const struct nls_table *nls_codepage)
2576 {
2577         struct smb_hdr *smb_buffer;
2578         struct smb_hdr *smb_buffer_response;
2579         SESSION_SETUP_ANDX *pSMB;
2580         SESSION_SETUP_ANDX *pSMBr;
2581         char *bcc_ptr;
2582         char *domain;
2583         int rc = 0;
2584         int remaining_words = 0;
2585         int bytes_returned = 0;
2586         int len;
2587         int SecurityBlobLength = sizeof (NEGOTIATE_MESSAGE);
2588         PNEGOTIATE_MESSAGE SecurityBlob;
2589         PCHALLENGE_MESSAGE SecurityBlob2;
2590         __u32 negotiate_flags, capabilities;
2591         __u16 count;
2592
2593         cFYI(1, ("In NTLMSSP sesssetup (negotiate)"));
2594         if(ses == NULL)
2595                 return -EINVAL;
2596         domain = ses->domainName;
2597         *pNTLMv2_flag = FALSE;
2598         smb_buffer = cifs_buf_get();
2599         if (smb_buffer == NULL) {
2600                 return -ENOMEM;
2601         }
2602         smb_buffer_response = smb_buffer;
2603         pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2604         pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2605
2606         /* send SMBsessionSetup here */
2607         header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2608                         NULL /* no tCon exists yet */ , 12 /* wct */ );
2609
2610         smb_buffer->Mid = GetNextMid(ses->server);
2611         pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2612         pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2613
2614         pSMB->req.AndXCommand = 0xFF;
2615         pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2616         pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2617
2618         if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2619                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2620
2621         capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2622             CAP_EXTENDED_SECURITY;
2623         if (ses->capabilities & CAP_UNICODE) {
2624                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2625                 capabilities |= CAP_UNICODE;
2626         }
2627         if (ses->capabilities & CAP_STATUS32) {
2628                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2629                 capabilities |= CAP_STATUS32;
2630         }
2631         if (ses->capabilities & CAP_DFS) {
2632                 smb_buffer->Flags2 |= SMBFLG2_DFS;
2633                 capabilities |= CAP_DFS;
2634         }
2635         pSMB->req.Capabilities = cpu_to_le32(capabilities);
2636
2637         bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2638         SecurityBlob = (PNEGOTIATE_MESSAGE) bcc_ptr;
2639         strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2640         SecurityBlob->MessageType = NtLmNegotiate;
2641         negotiate_flags =
2642             NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
2643             NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM |
2644             NTLMSSP_NEGOTIATE_56 |
2645             /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
2646         if(sign_CIFS_PDUs)
2647                 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
2648 /*      if(ntlmv2_support)
2649                 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;*/
2650         /* setup pointers to domain name and workstation name */
2651         bcc_ptr += SecurityBlobLength;
2652
2653         SecurityBlob->WorkstationName.Buffer = 0;
2654         SecurityBlob->WorkstationName.Length = 0;
2655         SecurityBlob->WorkstationName.MaximumLength = 0;
2656
2657         /* Domain not sent on first Sesssetup in NTLMSSP, instead it is sent
2658         along with username on auth request (ie the response to challenge) */
2659         SecurityBlob->DomainName.Buffer = 0;
2660         SecurityBlob->DomainName.Length = 0;
2661         SecurityBlob->DomainName.MaximumLength = 0;
2662         if (ses->capabilities & CAP_UNICODE) {
2663                 if ((long) bcc_ptr % 2) {
2664                         *bcc_ptr = 0;
2665                         bcc_ptr++;
2666                 }
2667
2668                 bytes_returned =
2669                     cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2670                                   32, nls_codepage);
2671                 bcc_ptr += 2 * bytes_returned;
2672                 bytes_returned =
2673                     cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release, 32,
2674                                   nls_codepage);
2675                 bcc_ptr += 2 * bytes_returned;
2676                 bcc_ptr += 2;   /* null terminate Linux version */
2677                 bytes_returned =
2678                     cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2679                                   64, nls_codepage);
2680                 bcc_ptr += 2 * bytes_returned;
2681                 *(bcc_ptr + 1) = 0;
2682                 *(bcc_ptr + 2) = 0;
2683                 bcc_ptr += 2;   /* null terminate network opsys string */
2684                 *(bcc_ptr + 1) = 0;
2685                 *(bcc_ptr + 2) = 0;
2686                 bcc_ptr += 2;   /* null domain */
2687         } else {                /* ASCII */
2688                 strcpy(bcc_ptr, "Linux version ");
2689                 bcc_ptr += strlen("Linux version ");
2690                 strcpy(bcc_ptr, system_utsname.release);
2691                 bcc_ptr += strlen(system_utsname.release) + 1;
2692                 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2693                 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2694                 bcc_ptr++;      /* empty domain field */
2695                 *bcc_ptr = 0;
2696         }
2697         SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2698         pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2699         count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2700         smb_buffer->smb_buf_length += count;
2701         pSMB->req.ByteCount = cpu_to_le16(count);
2702
2703         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2704                          &bytes_returned, 1);
2705
2706         if (smb_buffer_response->Status.CifsError ==
2707             cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
2708                 rc = 0;
2709
2710         if (rc) {
2711 /*    rc = map_smb_to_linux_error(smb_buffer_response);  *//* done in SendReceive now */
2712         } else if ((smb_buffer_response->WordCount == 3)
2713                    || (smb_buffer_response->WordCount == 4)) {
2714                 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2715                 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2716
2717                 if (action & GUEST_LOGIN)
2718                         cFYI(1, (" Guest login"));      
2719         /* Do we want to set anything in SesInfo struct when guest login? */
2720
2721                 bcc_ptr = pByteArea(smb_buffer_response);       
2722         /* response can have either 3 or 4 word count - Samba sends 3 */
2723
2724                 SecurityBlob2 = (PCHALLENGE_MESSAGE) bcc_ptr;
2725                 if (SecurityBlob2->MessageType != NtLmChallenge) {
2726                         cFYI(1,
2727                              ("Unexpected NTLMSSP message type received %d",
2728                               SecurityBlob2->MessageType));
2729                 } else if (ses) {
2730                         ses->Suid = smb_buffer_response->Uid; /* UID left in le format */ 
2731                         cFYI(1, ("UID = %d", ses->Suid));
2732                         if ((pSMBr->resp.hdr.WordCount == 3)
2733                             || ((pSMBr->resp.hdr.WordCount == 4)
2734                                 && (blob_len <
2735                                     pSMBr->resp.ByteCount))) {
2736
2737                                 if (pSMBr->resp.hdr.WordCount == 4) {
2738                                         bcc_ptr += blob_len;
2739                                         cFYI(1, ("Security Blob Length %d",
2740                                               blob_len));
2741                                 }
2742
2743                                 cFYI(1, ("NTLMSSP Challenge rcvd"));
2744
2745                                 memcpy(ses->server->cryptKey,
2746                                        SecurityBlob2->Challenge,
2747                                        CIFS_CRYPTO_KEY_SIZE);
2748                                 if(SecurityBlob2->NegotiateFlags & 
2749                                         cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
2750                                         *pNTLMv2_flag = TRUE;
2751
2752                                 if((SecurityBlob2->NegotiateFlags & 
2753                                         cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN)) 
2754                                         || (sign_CIFS_PDUs > 1))
2755                                                 ses->server->secMode |= 
2756                                                         SECMODE_SIGN_REQUIRED;  
2757                                 if ((SecurityBlob2->NegotiateFlags & 
2758                                         cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN)) && (sign_CIFS_PDUs))
2759                                                 ses->server->secMode |= 
2760                                                         SECMODE_SIGN_ENABLED;
2761
2762                                 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2763                                         if ((long) (bcc_ptr) % 2) {
2764                                                 remaining_words =
2765                                                     (BCC(smb_buffer_response)
2766                                                      - 1) / 2;
2767                                                 bcc_ptr++;      /* Unicode strings must be word aligned */
2768                                         } else {
2769                                                 remaining_words =
2770                                                     BCC
2771                                                     (smb_buffer_response) / 2;
2772                                         }
2773                                         len =
2774                                             UniStrnlen((wchar_t *) bcc_ptr,
2775                                                        remaining_words - 1);
2776 /* We look for obvious messed up bcc or strings in response so we do not go off
2777    the end since (at least) WIN2K and Windows XP have a major bug in not null
2778    terminating last Unicode string in response  */
2779                                         if(ses->serverOS)
2780                                                 kfree(ses->serverOS);
2781                                         ses->serverOS =
2782                                             kzalloc(2 * (len + 1), GFP_KERNEL);
2783                                         cifs_strfromUCS_le(ses->serverOS,
2784                                                            (__le16 *)
2785                                                            bcc_ptr, len,
2786                                                            nls_codepage);
2787                                         bcc_ptr += 2 * (len + 1);
2788                                         remaining_words -= len + 1;
2789                                         ses->serverOS[2 * len] = 0;
2790                                         ses->serverOS[1 + (2 * len)] = 0;
2791                                         if (remaining_words > 0) {
2792                                                 len = UniStrnlen((wchar_t *)
2793                                                                  bcc_ptr,
2794                                                                  remaining_words
2795                                                                  - 1);
2796                                                 if(ses->serverNOS)
2797                                                         kfree(ses->serverNOS);
2798                                                 ses->serverNOS =
2799                                                     kzalloc(2 * (len + 1),
2800                                                             GFP_KERNEL);
2801                                                 cifs_strfromUCS_le(ses->
2802                                                                    serverNOS,
2803                                                                    (__le16 *)
2804                                                                    bcc_ptr,
2805                                                                    len,
2806                                                                    nls_codepage);
2807                                                 bcc_ptr += 2 * (len + 1);
2808                                                 ses->serverNOS[2 * len] = 0;
2809                                                 ses->serverNOS[1 +
2810                                                                (2 * len)] = 0;
2811                                                 remaining_words -= len + 1;
2812                                                 if (remaining_words > 0) {
2813                                                         len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words); 
2814            /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2815                                                         if(ses->serverDomain)
2816                                                                 kfree(ses->serverDomain);
2817                                                         ses->serverDomain =
2818                                                             kzalloc(2 *
2819                                                                     (len +
2820                                                                      1),
2821                                                                     GFP_KERNEL);
2822                                                         cifs_strfromUCS_le
2823                                                             (ses->serverDomain,
2824                                                              (__le16 *)bcc_ptr,
2825                                                              len, nls_codepage);
2826                                                         bcc_ptr +=
2827                                                             2 * (len + 1);
2828                                                         ses->serverDomain[2*len]
2829                                                             = 0;
2830                                                         ses->serverDomain
2831                                                                 [1 + (2 * len)]
2832                                                             = 0;
2833                                                 } /* else no more room so create dummy domain string */
2834                                                 else {
2835                                                         if(ses->serverDomain)
2836                                                                 kfree(ses->serverDomain);
2837                                                         ses->serverDomain =
2838                                                             kzalloc(2,
2839                                                                     GFP_KERNEL);
2840                                                 }
2841                                         } else {        /* no room so create dummy domain and NOS string */
2842                                                 if(ses->serverDomain);
2843                                                         kfree(ses->serverDomain);
2844                                                 ses->serverDomain =
2845                                                     kzalloc(2, GFP_KERNEL);
2846                                                 if(ses->serverNOS)
2847                                                         kfree(ses->serverNOS);
2848                                                 ses->serverNOS =
2849                                                     kzalloc(2, GFP_KERNEL);
2850                                         }
2851                                 } else {        /* ASCII */
2852                                         len = strnlen(bcc_ptr, 1024);
2853                                         if (((long) bcc_ptr + len) - (long)
2854                                             pByteArea(smb_buffer_response)
2855                                             <= BCC(smb_buffer_response)) {
2856                                                 if(ses->serverOS)
2857                                                         kfree(ses->serverOS);
2858                                                 ses->serverOS =
2859                                                     kzalloc(len + 1,
2860                                                             GFP_KERNEL);
2861                                                 strncpy(ses->serverOS,
2862                                                         bcc_ptr, len);
2863
2864                                                 bcc_ptr += len;
2865                                                 bcc_ptr[0] = 0; /* null terminate string */
2866                                                 bcc_ptr++;
2867
2868                                                 len = strnlen(bcc_ptr, 1024);
2869                                                 if(ses->serverNOS)
2870                                                         kfree(ses->serverNOS);
2871                                                 ses->serverNOS =
2872                                                     kzalloc(len + 1,
2873                                                             GFP_KERNEL);
2874                                                 strncpy(ses->serverNOS, bcc_ptr, len);
2875                                                 bcc_ptr += len;
2876                                                 bcc_ptr[0] = 0;
2877                                                 bcc_ptr++;
2878
2879                                                 len = strnlen(bcc_ptr, 1024);
2880                                                 if(ses->serverDomain)
2881                                                         kfree(ses->serverDomain);
2882                                                 ses->serverDomain =
2883                                                     kzalloc(len + 1,
2884                                                             GFP_KERNEL);
2885                                                 strncpy(ses->serverDomain, bcc_ptr, len);       
2886                                                 bcc_ptr += len;
2887                                                 bcc_ptr[0] = 0;
2888                                                 bcc_ptr++;
2889                                         } else
2890                                                 cFYI(1,
2891                                                      ("Variable field of length %d extends beyond end of smb",
2892                                                       len));
2893                                 }
2894                         } else {
2895                                 cERROR(1,
2896                                        (" Security Blob Length extends beyond end of SMB"));
2897                         }
2898                 } else {
2899                         cERROR(1, ("No session structure passed in."));
2900                 }
2901         } else {
2902                 cERROR(1,
2903                        (" Invalid Word count %d:",
2904                         smb_buffer_response->WordCount));
2905                 rc = -EIO;
2906         }
2907
2908         if (smb_buffer)
2909                 cifs_buf_release(smb_buffer);
2910
2911         return rc;
2912 }
2913 static int
2914 CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2915                 char *ntlm_session_key, int ntlmv2_flag,
2916                 const struct nls_table *nls_codepage)
2917 {
2918         struct smb_hdr *smb_buffer;
2919         struct smb_hdr *smb_buffer_response;
2920         SESSION_SETUP_ANDX *pSMB;
2921         SESSION_SETUP_ANDX *pSMBr;
2922         char *bcc_ptr;
2923         char *user;
2924         char *domain;
2925         int rc = 0;
2926         int remaining_words = 0;
2927         int bytes_returned = 0;
2928         int len;
2929         int SecurityBlobLength = sizeof (AUTHENTICATE_MESSAGE);
2930         PAUTHENTICATE_MESSAGE SecurityBlob;
2931         __u32 negotiate_flags, capabilities;
2932         __u16 count;
2933
2934         cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
2935         if(ses == NULL)
2936                 return -EINVAL;
2937         user = ses->userName;
2938         domain = ses->domainName;
2939         smb_buffer = cifs_buf_get();
2940         if (smb_buffer == NULL) {
2941                 return -ENOMEM;
2942         }
2943         smb_buffer_response = smb_buffer;
2944         pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2945         pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2946
2947         /* send SMBsessionSetup here */
2948         header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2949                         NULL /* no tCon exists yet */ , 12 /* wct */ );
2950
2951         smb_buffer->Mid = GetNextMid(ses->server);
2952         pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2953         pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2954         pSMB->req.AndXCommand = 0xFF;
2955         pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2956         pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2957
2958         pSMB->req.hdr.Uid = ses->Suid;
2959
2960         if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2961                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2962
2963         capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2964             CAP_EXTENDED_SECURITY;
2965         if (ses->capabilities & CAP_UNICODE) {
2966                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2967                 capabilities |= CAP_UNICODE;
2968         }
2969         if (ses->capabilities & CAP_STATUS32) {
2970                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2971                 capabilities |= CAP_STATUS32;
2972         }
2973         if (ses->capabilities & CAP_DFS) {
2974                 smb_buffer->Flags2 |= SMBFLG2_DFS;
2975                 capabilities |= CAP_DFS;
2976         }
2977         pSMB->req.Capabilities = cpu_to_le32(capabilities);
2978
2979         bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2980         SecurityBlob = (PAUTHENTICATE_MESSAGE) bcc_ptr;
2981         strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2982         SecurityBlob->MessageType = NtLmAuthenticate;
2983         bcc_ptr += SecurityBlobLength;
2984         negotiate_flags = 
2985             NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
2986             NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
2987             0x80000000 | NTLMSSP_NEGOTIATE_128;
2988         if(sign_CIFS_PDUs)
2989                 negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
2990         if(ntlmv2_flag)
2991                 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
2992
2993 /* setup pointers to domain name and workstation name */
2994
2995         SecurityBlob->WorkstationName.Buffer = 0;
2996         SecurityBlob->WorkstationName.Length = 0;
2997         SecurityBlob->WorkstationName.MaximumLength = 0;
2998         SecurityBlob->SessionKey.Length = 0;
2999         SecurityBlob->SessionKey.MaximumLength = 0;
3000         SecurityBlob->SessionKey.Buffer = 0;
3001
3002         SecurityBlob->LmChallengeResponse.Length = 0;
3003         SecurityBlob->LmChallengeResponse.MaximumLength = 0;
3004         SecurityBlob->LmChallengeResponse.Buffer = 0;
3005
3006         SecurityBlob->NtChallengeResponse.Length =
3007             cpu_to_le16(CIFS_SESSION_KEY_SIZE);
3008         SecurityBlob->NtChallengeResponse.MaximumLength =
3009             cpu_to_le16(CIFS_SESSION_KEY_SIZE);
3010         memcpy(bcc_ptr, ntlm_session_key, CIFS_SESSION_KEY_SIZE);
3011         SecurityBlob->NtChallengeResponse.Buffer =
3012             cpu_to_le32(SecurityBlobLength);
3013         SecurityBlobLength += CIFS_SESSION_KEY_SIZE;
3014         bcc_ptr += CIFS_SESSION_KEY_SIZE;
3015
3016         if (ses->capabilities & CAP_UNICODE) {
3017                 if (domain == NULL) {
3018                         SecurityBlob->DomainName.Buffer = 0;
3019                         SecurityBlob->DomainName.Length = 0;
3020                         SecurityBlob->DomainName.MaximumLength = 0;
3021                 } else {
3022                         __u16 len =
3023                             cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
3024                                           nls_codepage);
3025                         len *= 2;
3026                         SecurityBlob->DomainName.MaximumLength =
3027                             cpu_to_le16(len);
3028                         SecurityBlob->DomainName.Buffer =
3029                             cpu_to_le32(SecurityBlobLength);
3030                         bcc_ptr += len;
3031                         SecurityBlobLength += len;
3032                         SecurityBlob->DomainName.Length =
3033                             cpu_to_le16(len);
3034                 }
3035                 if (user == NULL) {
3036                         SecurityBlob->UserName.Buffer = 0;
3037                         SecurityBlob->UserName.Length = 0;
3038                         SecurityBlob->UserName.MaximumLength = 0;
3039                 } else {
3040                         __u16 len =
3041                             cifs_strtoUCS((__le16 *) bcc_ptr, user, 64,
3042                                           nls_codepage);
3043                         len *= 2;
3044                         SecurityBlob->UserName.MaximumLength =
3045                             cpu_to_le16(len);
3046                         SecurityBlob->UserName.Buffer =
3047                             cpu_to_le32(SecurityBlobLength);
3048                         bcc_ptr += len;
3049                         SecurityBlobLength += len;
3050                         SecurityBlob->UserName.Length =
3051                             cpu_to_le16(len);
3052                 }
3053
3054                 /* SecurityBlob->WorkstationName.Length = cifs_strtoUCS((__le16 *) bcc_ptr, "AMACHINE",64, nls_codepage);
3055                    SecurityBlob->WorkstationName.Length *= 2;
3056                    SecurityBlob->WorkstationName.MaximumLength = cpu_to_le16(SecurityBlob->WorkstationName.Length);
3057                    SecurityBlob->WorkstationName.Buffer = cpu_to_le32(SecurityBlobLength);
3058                    bcc_ptr += SecurityBlob->WorkstationName.Length;
3059                    SecurityBlobLength += SecurityBlob->WorkstationName.Length;
3060                    SecurityBlob->WorkstationName.Length = cpu_to_le16(SecurityBlob->WorkstationName.Length);  */
3061
3062                 if ((long) bcc_ptr % 2) {
3063                         *bcc_ptr = 0;
3064                         bcc_ptr++;
3065                 }
3066                 bytes_returned =
3067                     cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
3068                                   32, nls_codepage);
3069                 bcc_ptr += 2 * bytes_returned;
3070                 bytes_returned =
3071                     cifs_strtoUCS((__le16 *) bcc_ptr, system_utsname.release, 32,
3072                                   nls_codepage);
3073                 bcc_ptr += 2 * bytes_returned;
3074                 bcc_ptr += 2;   /* null term version string */
3075                 bytes_returned =
3076                     cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
3077                                   64, nls_codepage);
3078                 bcc_ptr += 2 * bytes_returned;
3079                 *(bcc_ptr + 1) = 0;
3080                 *(bcc_ptr + 2) = 0;
3081                 bcc_ptr += 2;   /* null terminate network opsys string */
3082                 *(bcc_ptr + 1) = 0;
3083                 *(bcc_ptr + 2) = 0;
3084                 bcc_ptr += 2;   /* null domain */
3085         } else {                /* ASCII */
3086                 if (domain == NULL) {
3087                         SecurityBlob->DomainName.Buffer = 0;
3088                         SecurityBlob->DomainName.Length = 0;
3089                         SecurityBlob->DomainName.MaximumLength = 0;
3090                 } else {
3091                         __u16 len;
3092                         negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
3093                         strncpy(bcc_ptr, domain, 63);
3094                         len = strnlen(domain, 64);
3095                         SecurityBlob->DomainName.MaximumLength =
3096                             cpu_to_le16(len);
3097                         SecurityBlob->DomainName.Buffer =
3098                             cpu_to_le32(SecurityBlobLength);
3099                         bcc_ptr += len;
3100                         SecurityBlobLength += len;
3101                         SecurityBlob->DomainName.Length = cpu_to_le16(len);
3102                 }
3103                 if (user == NULL) {
3104                         SecurityBlob->UserName.Buffer = 0;
3105                         SecurityBlob->UserName.Length = 0;
3106                         SecurityBlob->UserName.MaximumLength = 0;
3107                 } else {
3108                         __u16 len;
3109                         strncpy(bcc_ptr, user, 63);
3110                         len = strnlen(user, 64);
3111                         SecurityBlob->UserName.MaximumLength =
3112                             cpu_to_le16(len);
3113                         SecurityBlob->UserName.Buffer =
3114                             cpu_to_le32(SecurityBlobLength);
3115                         bcc_ptr += len;
3116                         SecurityBlobLength += len;
3117                         SecurityBlob->UserName.Length = cpu_to_le16(len);
3118                 }
3119                 /* BB fill in our workstation name if known BB */
3120
3121                 strcpy(bcc_ptr, "Linux version ");
3122                 bcc_ptr += strlen("Linux version ");
3123                 strcpy(bcc_ptr, system_utsname.release);
3124                 bcc_ptr += strlen(system_utsname.release) + 1;
3125                 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
3126                 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
3127                 bcc_ptr++;      /* null domain */
3128                 *bcc_ptr = 0;
3129         }
3130         SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
3131         pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
3132         count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
3133         smb_buffer->smb_buf_length += count;
3134         pSMB->req.ByteCount = cpu_to_le16(count);
3135
3136         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
3137                          &bytes_returned, 1);
3138         if (rc) {
3139 /*    rc = map_smb_to_linux_error(smb_buffer_response);  *//* done in SendReceive now */
3140         } else if ((smb_buffer_response->WordCount == 3)
3141                    || (smb_buffer_response->WordCount == 4)) {
3142                 __u16 action = le16_to_cpu(pSMBr->resp.Action);
3143                 __u16 blob_len =
3144                     le16_to_cpu(pSMBr->resp.SecurityBlobLength);
3145                 if (action & GUEST_LOGIN)
3146                         cFYI(1, (" Guest login"));      /* BB do we want to set anything in SesInfo struct ? */
3147 /*        if(SecurityBlob2->MessageType != NtLm??){                               
3148                  cFYI("Unexpected message type on auth response is %d ")); 
3149         } */
3150                 if (ses) {
3151                         cFYI(1,
3152                              ("Does UID on challenge %d match auth response UID %d ",
3153                               ses->Suid, smb_buffer_response->Uid));
3154                         ses->Suid = smb_buffer_response->Uid; /* UID left in wire format */
3155                         bcc_ptr = pByteArea(smb_buffer_response);       
3156             /* response can have either 3 or 4 word count - Samba sends 3 */
3157                         if ((pSMBr->resp.hdr.WordCount == 3)
3158                             || ((pSMBr->resp.hdr.WordCount == 4)
3159                                 && (blob_len <
3160                                     pSMBr->resp.ByteCount))) {
3161                                 if (pSMBr->resp.hdr.WordCount == 4) {
3162                                         bcc_ptr +=
3163                                             blob_len;
3164                                         cFYI(1,
3165                                              ("Security Blob Length %d ",
3166                                               blob_len));
3167                                 }
3168
3169                                 cFYI(1,
3170                                      ("NTLMSSP response to Authenticate "));
3171
3172                                 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3173                                         if ((long) (bcc_ptr) % 2) {
3174                                                 remaining_words =
3175                                                     (BCC(smb_buffer_response)
3176                                                      - 1) / 2;
3177                                                 bcc_ptr++;      /* Unicode strings must be word aligned */
3178                                         } else {
3179                                                 remaining_words = BCC(smb_buffer_response) / 2;
3180                                         }
3181                                         len =
3182                                             UniStrnlen((wchar_t *) bcc_ptr,remaining_words - 1);
3183 /* We look for obvious messed up bcc or strings in response so we do not go off
3184   the end since (at least) WIN2K and Windows XP have a major bug in not null
3185   terminating last Unicode string in response  */
3186                                         if(ses->serverOS)
3187                                                 kfree(ses->serverOS);
3188                                         ses->serverOS =
3189                                             kzalloc(2 * (len + 1), GFP_KERNEL);
3190                                         cifs_strfromUCS_le(ses->serverOS,
3191                                                            (__le16 *)
3192                                                            bcc_ptr, len,
3193                                                            nls_codepage);
3194                                         bcc_ptr += 2 * (len + 1);
3195                                         remaining_words -= len + 1;
3196                                         ses->serverOS[2 * len] = 0;
3197                                         ses->serverOS[1 + (2 * len)] = 0;
3198                                         if (remaining_words > 0) {
3199                                                 len = UniStrnlen((wchar_t *)
3200                                                                  bcc_ptr,
3201                                                                  remaining_words
3202                                                                  - 1);
3203                                                 if(ses->serverNOS)
3204                                                         kfree(ses->serverNOS);
3205                                                 ses->serverNOS =
3206                                                     kzalloc(2 * (len + 1),
3207                                                             GFP_KERNEL);
3208                                                 cifs_strfromUCS_le(ses->
3209                                                                    serverNOS,
3210                                                                    (__le16 *)
3211                                                                    bcc_ptr,
3212                                                                    len,
3213                                                                    nls_codepage);
3214                                                 bcc_ptr += 2 * (len + 1);
3215                                                 ses->serverNOS[2 * len] = 0;
3216                                                 ses->serverNOS[1+(2*len)] = 0;
3217                                                 remaining_words -= len + 1;
3218                                                 if (remaining_words > 0) {
3219                                                         len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words); 
3220      /* last string not always null terminated (e.g. for Windows XP & 2000) */
3221                                                         if(ses->serverDomain)
3222                                                                 kfree(ses->serverDomain);
3223                                                         ses->serverDomain =
3224                                                             kzalloc(2 *
3225                                                                     (len +
3226                                                                      1),
3227                                                                     GFP_KERNEL);
3228                                                         cifs_strfromUCS_le
3229                                                             (ses->
3230                                                              serverDomain,
3231                                                              (__le16 *)
3232                                                              bcc_ptr, len,
3233                                                              nls_codepage);
3234                                                         bcc_ptr +=
3235                                                             2 * (len + 1);
3236                                                         ses->
3237                                                             serverDomain[2
3238                                                                          * len]
3239                                                             = 0;
3240                                                         ses->
3241                                                             serverDomain[1
3242                                                                          +
3243                                                                          (2
3244                                                                           *
3245                                                                           len)]
3246                                                             = 0;
3247                                                 } /* else no more room so create dummy domain string */
3248                                                 else {
3249                                                         if(ses->serverDomain)
3250                                                                 kfree(ses->serverDomain);
3251                                                         ses->serverDomain = kzalloc(2,GFP_KERNEL);
3252                                                 }
3253                                         } else {  /* no room so create dummy domain and NOS string */
3254                                                 if(ses->serverDomain)
3255                                                         kfree(ses->serverDomain);
3256                                                 ses->serverDomain = kzalloc(2, GFP_KERNEL);
3257                                                 if(ses->serverNOS)
3258                                                         kfree(ses->serverNOS);
3259                                                 ses->serverNOS = kzalloc(2, GFP_KERNEL);
3260                                         }
3261                                 } else {        /* ASCII */
3262                                         len = strnlen(bcc_ptr, 1024);
3263                                         if (((long) bcc_ptr + len) - 
3264                         (long) pByteArea(smb_buffer_response) 
3265                             <= BCC(smb_buffer_response)) {
3266                                                 if(ses->serverOS)
3267                                                         kfree(ses->serverOS);
3268                                                 ses->serverOS = kzalloc(len + 1,GFP_KERNEL);
3269                                                 strncpy(ses->serverOS,bcc_ptr, len);
3270
3271                                                 bcc_ptr += len;
3272                                                 bcc_ptr[0] = 0; /* null terminate the string */
3273                                                 bcc_ptr++;
3274
3275                                                 len = strnlen(bcc_ptr, 1024);
3276                                                 if(ses->serverNOS)
3277                                                         kfree(ses->serverNOS);
3278                                                 ses->serverNOS = kzalloc(len+1,GFP_KERNEL);
3279                                                 strncpy(ses->serverNOS, bcc_ptr, len);  
3280                                                 bcc_ptr += len;
3281                                                 bcc_ptr[0] = 0;
3282                                                 bcc_ptr++;
3283
3284                                                 len = strnlen(bcc_ptr, 1024);
3285                                                 if(ses->serverDomain)
3286                                                         kfree(ses->serverDomain);
3287                                                 ses->serverDomain = kzalloc(len+1,GFP_KERNEL);
3288                                                 strncpy(ses->serverDomain, bcc_ptr, len);
3289                                                 bcc_ptr += len;
3290                                                 bcc_ptr[0] = 0;
3291                                                 bcc_ptr++;
3292                                         } else
3293                                                 cFYI(1,
3294                                                      ("Variable field of length %d extends beyond end of smb ",
3295                                                       len));
3296                                 }
3297                         } else {
3298                                 cERROR(1,
3299                                        (" Security Blob Length extends beyond end of SMB"));
3300                         }
3301                 } else {
3302                         cERROR(1, ("No session structure passed in."));
3303                 }
3304         } else {
3305                 cERROR(1,
3306                        (" Invalid Word count %d: ",
3307                         smb_buffer_response->WordCount));
3308                 rc = -EIO;
3309         }
3310
3311         if (smb_buffer)
3312                 cifs_buf_release(smb_buffer);
3313
3314         return rc;
3315 }
3316
3317 int
3318 CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3319          const char *tree, struct cifsTconInfo *tcon,
3320          const struct nls_table *nls_codepage)
3321 {
3322         struct smb_hdr *smb_buffer;
3323         struct smb_hdr *smb_buffer_response;
3324         TCONX_REQ *pSMB;
3325         TCONX_RSP *pSMBr;
3326         unsigned char *bcc_ptr;
3327         int rc = 0;
3328         int length;
3329         __u16 count;
3330
3331         if (ses == NULL)
3332                 return -EIO;
3333
3334         smb_buffer = cifs_buf_get();
3335         if (smb_buffer == NULL) {
3336                 return -ENOMEM;
3337         }
3338         smb_buffer_response = smb_buffer;
3339
3340         header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3341                         NULL /*no tid */ , 4 /*wct */ );
3342
3343         smb_buffer->Mid = GetNextMid(ses->server);
3344         smb_buffer->Uid = ses->Suid;
3345         pSMB = (TCONX_REQ *) smb_buffer;
3346         pSMBr = (TCONX_RSP *) smb_buffer_response;
3347
3348         pSMB->AndXCommand = 0xFF;
3349         pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
3350         bcc_ptr = &pSMB->Password[0];
3351         if((ses->server->secMode) & SECMODE_USER) {
3352                 pSMB->PasswordLength = cpu_to_le16(1);  /* minimum */
3353                 bcc_ptr++;              /* skip password */
3354         } else {
3355                 pSMB->PasswordLength = cpu_to_le16(CIFS_SESSION_KEY_SIZE);
3356                 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3357                    specified as required (when that support is added to
3358                    the vfs in the future) as only NTLM or the much
3359                    weaker LANMAN (which we do not send) is accepted
3360                    by Samba (not sure whether other servers allow
3361                    NTLMv2 password here) */
3362                 SMBNTencrypt(ses->password,
3363                              ses->server->cryptKey,
3364                              bcc_ptr);
3365
3366                 bcc_ptr += CIFS_SESSION_KEY_SIZE;
3367                 *bcc_ptr = 0;
3368                 bcc_ptr++; /* align */
3369         }
3370
3371         if(ses->server->secMode & 
3372                         (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3373                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3374
3375         if (ses->capabilities & CAP_STATUS32) {
3376                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3377         }
3378         if (ses->capabilities & CAP_DFS) {
3379                 smb_buffer->Flags2 |= SMBFLG2_DFS;
3380         }
3381         if (ses->capabilities & CAP_UNICODE) {
3382                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3383                 length =
3384                     cifs_strtoUCS((__le16 *) bcc_ptr, tree, 
3385                         6 /* max utf8 char length in bytes */ * 
3386                         (/* server len*/ + 256 /* share len */), nls_codepage);
3387                 bcc_ptr += 2 * length;  /* convert num 16 bit words to bytes */
3388                 bcc_ptr += 2;   /* skip trailing null */
3389         } else {                /* ASCII */
3390                 strcpy(bcc_ptr, tree);
3391                 bcc_ptr += strlen(tree) + 1;
3392         }
3393         strcpy(bcc_ptr, "?????");
3394         bcc_ptr += strlen("?????");
3395         bcc_ptr += 1;
3396         count = bcc_ptr - &pSMB->Password[0];
3397         pSMB->hdr.smb_buf_length += count;
3398         pSMB->ByteCount = cpu_to_le16(count);
3399
3400         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length, 0);
3401
3402         /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3403         /* above now done in SendReceive */
3404         if ((rc == 0) && (tcon != NULL)) {
3405                 tcon->tidStatus = CifsGood;
3406                 tcon->tid = smb_buffer_response->Tid;
3407                 bcc_ptr = pByteArea(smb_buffer_response);
3408                 length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2);
3409         /* skip service field (NB: this field is always ASCII) */
3410                 bcc_ptr += length + 1;  
3411                 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3412                 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3413                         length = UniStrnlen((wchar_t *) bcc_ptr, 512);
3414                         if ((bcc_ptr + (2 * length)) -
3415                              pByteArea(smb_buffer_response) <=
3416                             BCC(smb_buffer_response)) {
3417                                 kfree(tcon->nativeFileSystem);
3418                                 tcon->nativeFileSystem =
3419                                     kzalloc(length + 2, GFP_KERNEL);
3420                                 cifs_strfromUCS_le(tcon->nativeFileSystem,
3421                                                    (__le16 *) bcc_ptr,
3422                                                    length, nls_codepage);
3423                                 bcc_ptr += 2 * length;
3424                                 bcc_ptr[0] = 0; /* null terminate the string */
3425                                 bcc_ptr[1] = 0;
3426                                 bcc_ptr += 2;
3427                         }
3428                         /* else do not bother copying these informational fields */
3429                 } else {
3430                         length = strnlen(bcc_ptr, 1024);
3431                         if ((bcc_ptr + length) -
3432                             pByteArea(smb_buffer_response) <=
3433                             BCC(smb_buffer_response)) {
3434                                 kfree(tcon->nativeFileSystem);
3435                                 tcon->nativeFileSystem =
3436                                     kzalloc(length + 1, GFP_KERNEL);
3437                                 strncpy(tcon->nativeFileSystem, bcc_ptr,
3438                                         length);
3439                         }
3440                         /* else do not bother copying these informational fields */
3441                 }
3442                 if(smb_buffer_response->WordCount == 3)
3443                         tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3444                 else
3445                         tcon->Flags = 0;
3446                 cFYI(1, ("Tcon flags: 0x%x ", tcon->Flags));
3447         } else if ((rc == 0) && tcon == NULL) {
3448         /* all we need to save for IPC$ connection */
3449                 ses->ipc_tid = smb_buffer_response->Tid;
3450         }
3451
3452         if (smb_buffer)
3453                 cifs_buf_release(smb_buffer);
3454         return rc;
3455 }
3456
3457 int
3458 cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3459 {
3460         int rc = 0;
3461         int xid;
3462         struct cifsSesInfo *ses = NULL;
3463         struct task_struct *cifsd_task;
3464
3465         xid = GetXid();
3466
3467         if (cifs_sb->tcon) {
3468                 ses = cifs_sb->tcon->ses; /* save ptr to ses before delete tcon!*/
3469                 rc = CIFSSMBTDis(xid, cifs_sb->tcon);
3470                 if (rc == -EBUSY) {
3471                         FreeXid(xid);
3472                         return 0;
3473                 }
3474                 tconInfoFree(cifs_sb->tcon);
3475                 if ((ses) && (ses->server)) {
3476                         /* save off task so we do not refer to ses later */
3477                         cifsd_task = ses->server->tsk;
3478                         cFYI(1, ("About to do SMBLogoff "));
3479                         rc = CIFSSMBLogoff(xid, ses);
3480                         if (rc == -EBUSY) {
3481                                 FreeXid(xid);
3482                                 return 0;
3483                         } else if (rc == -ESHUTDOWN) {
3484                                 cFYI(1,("Waking up socket by sending it signal"));
3485                                 if(cifsd_task) {
3486                                         send_sig(SIGKILL,cifsd_task,1);
3487                                         wait_for_completion(&cifsd_complete);
3488                                 }
3489                                 rc = 0;
3490                         } /* else - we have an smb session
3491                                 left on this socket do not kill cifsd */
3492                 } else
3493                         cFYI(1, ("No session or bad tcon"));
3494         }
3495         
3496         cifs_sb->tcon = NULL;
3497         if (ses)
3498                 schedule_timeout_interruptible(msecs_to_jiffies(500));
3499         if (ses)
3500                 sesInfoFree(ses);
3501
3502         FreeXid(xid);
3503         return rc;              /* BB check if we should always return zero here */
3504
3505
3506 int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
3507                                            struct nls_table * nls_info)
3508 {
3509         int rc = 0;
3510         char ntlm_session_key[CIFS_SESSION_KEY_SIZE];
3511         int ntlmv2_flag = FALSE;
3512         int first_time = 0;
3513
3514         /* what if server changes its buffer size after dropping the session? */
3515         if(pSesInfo->server->maxBuf == 0) /* no need to send on reconnect */ {
3516                 rc = CIFSSMBNegotiate(xid, pSesInfo);
3517                 if(rc == -EAGAIN) /* retry only once on 1st time connection */ {
3518                         rc = CIFSSMBNegotiate(xid, pSesInfo);
3519                         if(rc == -EAGAIN) 
3520                                 rc = -EHOSTDOWN;
3521                 }
3522                 if(rc == 0) {
3523                         spin_lock(&GlobalMid_Lock);
3524                         if(pSesInfo->server->tcpStatus != CifsExiting)
3525                                 pSesInfo->server->tcpStatus = CifsGood;
3526                         else
3527                                 rc = -EHOSTDOWN;
3528                         spin_unlock(&GlobalMid_Lock);
3529
3530                 }
3531                 first_time = 1;
3532         }
3533         if (!rc) {
3534                 pSesInfo->capabilities = pSesInfo->server->capabilities;
3535                 if(linuxExtEnabled == 0)
3536                         pSesInfo->capabilities &= (~CAP_UNIX);
3537         /*      pSesInfo->sequence_number = 0;*/
3538                 cFYI(1,("Security Mode: 0x%x Capabilities: 0x%x Time Zone: %d",
3539                         pSesInfo->server->secMode,
3540                         pSesInfo->server->capabilities,
3541                         pSesInfo->server->timeZone));
3542 #ifdef CONFIG_CIFS_EXPERIMENTAL
3543                 if(experimEnabled > 1)
3544                         rc = CIFS_SessSetup(xid, pSesInfo,
3545                                             first_time, nls_info);
3546                 else
3547 #endif
3548                 if (extended_security
3549                                 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3550                                 && (pSesInfo->server->secType == NTLMSSP)) {
3551                         cFYI(1, ("New style sesssetup"));
3552                         rc = CIFSSpnegoSessSetup(xid, pSesInfo,
3553                                 NULL /* security blob */, 
3554                                 0 /* blob length */,
3555                                 nls_info);
3556                 } else if (extended_security
3557                            && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3558                            && (pSesInfo->server->secType == RawNTLMSSP)) {
3559                         cFYI(1, ("NTLMSSP sesssetup"));
3560                         rc = CIFSNTLMSSPNegotiateSessSetup(xid,
3561                                                 pSesInfo,
3562                                                 &ntlmv2_flag,
3563                                                 nls_info);
3564                         if (!rc) {
3565                                 if(ntlmv2_flag) {
3566                                         char * v2_response;
3567                                         cFYI(1,("Can use more secure NTLM version 2 password hash"));
3568                                         if(CalcNTLMv2_partial_mac_key(pSesInfo, 
3569                                                 nls_info)) {
3570                                                 rc = -ENOMEM;
3571                                                 goto ss_err_exit;
3572                                         } else
3573                                                 v2_response = kmalloc(16 + 64 /* blob */, GFP_KERNEL);
3574                                         if(v2_response) {
3575                                                 CalcNTLMv2_response(pSesInfo,v2_response);
3576                                 /*              if(first_time)
3577                                                         cifs_calculate_ntlmv2_mac_key(
3578                                                           pSesInfo->server->mac_signing_key, 
3579                                                           response, ntlm_session_key, */
3580                                                 kfree(v2_response);
3581                                         /* BB Put dummy sig in SessSetup PDU? */
3582                                         } else {
3583                                                 rc = -ENOMEM;
3584                                                 goto ss_err_exit;
3585                                         }
3586
3587                                 } else {
3588                                         SMBNTencrypt(pSesInfo->password,
3589                                                 pSesInfo->server->cryptKey,
3590                                                 ntlm_session_key);
3591
3592                                         if(first_time)
3593                                                 cifs_calculate_mac_key(
3594                                                         pSesInfo->server->mac_signing_key,
3595                                                         ntlm_session_key,
3596                                                         pSesInfo->password);
3597                                 }
3598                         /* for better security the weaker lanman hash not sent
3599                            in AuthSessSetup so we no longer calculate it */
3600
3601                                 rc = CIFSNTLMSSPAuthSessSetup(xid,
3602                                         pSesInfo,
3603                                         ntlm_session_key,
3604                                         ntlmv2_flag,
3605                                         nls_info);
3606                         }
3607                 } else { /* old style NTLM 0.12 session setup */
3608                         SMBNTencrypt(pSesInfo->password,
3609                                 pSesInfo->server->cryptKey,
3610                                 ntlm_session_key);
3611
3612                         if(first_time)          
3613                                 cifs_calculate_mac_key(
3614                                         pSesInfo->server->mac_signing_key,
3615                                         ntlm_session_key, pSesInfo->password);
3616
3617                         rc = CIFSSessSetup(xid, pSesInfo,
3618                                 ntlm_session_key, nls_info);
3619                 }
3620                 if (rc) {
3621                         cERROR(1,("Send error in SessSetup = %d",rc));
3622                 } else {
3623                         cFYI(1,("CIFS Session Established successfully"));
3624                         pSesInfo->status = CifsGood;
3625                 }
3626         }
3627 ss_err_exit:
3628         return rc;
3629 }
3630