cifs: no need to mark smb_ses_list as cifs_demultiplex_thread is exiting
[linux-2.6.git] / fs / cifs / connect.c
1 /*
2  *   fs/cifs/connect.c
3  *
4  *   Copyright (C) International Business Machines  Corp., 2002,2009
5  *   Author(s): Steve French (sfrench@us.ibm.com)
6  *
7  *   This library is free software; you can redistribute it and/or modify
8  *   it under the terms of the GNU Lesser General Public License as published
9  *   by the Free Software Foundation; either version 2.1 of the License, or
10  *   (at your option) any later version.
11  *
12  *   This library is distributed in the hope that it will be useful,
13  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
14  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
15  *   the GNU Lesser General Public License for more details.
16  *
17  *   You should have received a copy of the GNU Lesser General Public License
18  *   along with this library; if not, write to the Free Software
19  *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20  */
21 #include <linux/fs.h>
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/slab.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/kthread.h>
34 #include <linux/pagevec.h>
35 #include <linux/freezer.h>
36 #include <linux/namei.h>
37 #include <asm/uaccess.h>
38 #include <asm/processor.h>
39 #include <linux/inet.h>
40 #include <net/ipv6.h>
41 #include "cifspdu.h"
42 #include "cifsglob.h"
43 #include "cifsproto.h"
44 #include "cifs_unicode.h"
45 #include "cifs_debug.h"
46 #include "cifs_fs_sb.h"
47 #include "ntlmssp.h"
48 #include "nterr.h"
49 #include "rfc1002pdu.h"
50 #include "fscache.h"
51
52 #define CIFS_PORT 445
53 #define RFC1001_PORT 139
54
55 extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
56                          unsigned char *p24);
57
58 extern mempool_t *cifs_req_poolp;
59
60 struct smb_vol {
61         char *username;
62         char *password;
63         char *domainname;
64         char *UNC;
65         char *UNCip;
66         char *iocharset;  /* local code page for mapping to and from Unicode */
67         char source_rfc1001_name[RFC1001_NAME_LEN_WITH_NULL]; /* clnt nb name */
68         char target_rfc1001_name[RFC1001_NAME_LEN_WITH_NULL]; /* srvr nb name */
69         uid_t cred_uid;
70         uid_t linux_uid;
71         gid_t linux_gid;
72         mode_t file_mode;
73         mode_t dir_mode;
74         unsigned secFlg;
75         bool retry:1;
76         bool intr:1;
77         bool setuids:1;
78         bool override_uid:1;
79         bool override_gid:1;
80         bool dynperm:1;
81         bool noperm:1;
82         bool no_psx_acl:1; /* set if posix acl support should be disabled */
83         bool cifs_acl:1;
84         bool no_xattr:1;   /* set if xattr (EA) support should be disabled*/
85         bool server_ino:1; /* use inode numbers from server ie UniqueId */
86         bool direct_io:1;
87         bool remap:1;      /* set to remap seven reserved chars in filenames */
88         bool posix_paths:1; /* unset to not ask for posix pathnames. */
89         bool no_linux_ext:1;
90         bool sfu_emul:1;
91         bool nullauth:1;   /* attempt to authenticate with null user */
92         bool nocase:1;     /* request case insensitive filenames */
93         bool nobrl:1;      /* disable sending byte range locks to srv */
94         bool mand_lock:1;  /* send mandatory not posix byte range lock reqs */
95         bool seal:1;       /* request transport encryption on share */
96         bool nodfs:1;      /* Do not request DFS, even if available */
97         bool local_lease:1; /* check leases only on local system, not remote */
98         bool noblocksnd:1;
99         bool noautotune:1;
100         bool nostrictsync:1; /* do not force expensive SMBflush on every sync */
101         bool fsc:1;     /* enable fscache */
102         bool mfsymlinks:1; /* use Minshall+French Symlinks */
103         bool multiuser:1;
104         unsigned int rsize;
105         unsigned int wsize;
106         bool sockopt_tcp_nodelay:1;
107         unsigned short int port;
108         unsigned long actimeo; /* attribute cache timeout (jiffies) */
109         char *prepath;
110         struct sockaddr_storage srcaddr; /* allow binding to a local IP */
111         struct nls_table *local_nls;
112 };
113
114 /* FIXME: should these be tunable? */
115 #define TLINK_ERROR_EXPIRE      (1 * HZ)
116 #define TLINK_IDLE_EXPIRE       (600 * HZ)
117
118 static int ip_connect(struct TCP_Server_Info *server);
119 static int generic_ip_connect(struct TCP_Server_Info *server);
120 static void tlink_rb_insert(struct rb_root *root, struct tcon_link *new_tlink);
121 static void cifs_prune_tlinks(struct work_struct *work);
122
123 /*
124  * cifs tcp session reconnection
125  *
126  * mark tcp session as reconnecting so temporarily locked
127  * mark all smb sessions as reconnecting for tcp session
128  * reconnect tcp session
129  * wake up waiters on reconnection? - (not needed currently)
130  */
131 static int
132 cifs_reconnect(struct TCP_Server_Info *server)
133 {
134         int rc = 0;
135         struct list_head *tmp, *tmp2;
136         struct cifsSesInfo *ses;
137         struct cifsTconInfo *tcon;
138         struct mid_q_entry *mid_entry;
139
140         spin_lock(&GlobalMid_Lock);
141         if (server->tcpStatus == CifsExiting) {
142                 /* the demux thread will exit normally
143                 next time through the loop */
144                 spin_unlock(&GlobalMid_Lock);
145                 return rc;
146         } else
147                 server->tcpStatus = CifsNeedReconnect;
148         spin_unlock(&GlobalMid_Lock);
149         server->maxBuf = 0;
150
151         cFYI(1, "Reconnecting tcp session");
152
153         /* before reconnecting the tcp session, mark the smb session (uid)
154                 and the tid bad so they are not used until reconnected */
155         spin_lock(&cifs_tcp_ses_lock);
156         list_for_each(tmp, &server->smb_ses_list) {
157                 ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
158                 ses->need_reconnect = true;
159                 ses->ipc_tid = 0;
160                 list_for_each(tmp2, &ses->tcon_list) {
161                         tcon = list_entry(tmp2, struct cifsTconInfo, tcon_list);
162                         tcon->need_reconnect = true;
163                 }
164         }
165         spin_unlock(&cifs_tcp_ses_lock);
166         /* do not want to be sending data on a socket we are freeing */
167         mutex_lock(&server->srv_mutex);
168         if (server->ssocket) {
169                 cFYI(1, "State: 0x%x Flags: 0x%lx", server->ssocket->state,
170                         server->ssocket->flags);
171                 kernel_sock_shutdown(server->ssocket, SHUT_WR);
172                 cFYI(1, "Post shutdown state: 0x%x Flags: 0x%lx",
173                         server->ssocket->state,
174                         server->ssocket->flags);
175                 sock_release(server->ssocket);
176                 server->ssocket = NULL;
177         }
178         server->sequence_number = 0;
179         server->session_estab = false;
180         kfree(server->session_key.response);
181         server->session_key.response = NULL;
182         server->session_key.len = 0;
183
184         spin_lock(&GlobalMid_Lock);
185         list_for_each(tmp, &server->pending_mid_q) {
186                 mid_entry = list_entry(tmp, struct
187                                         mid_q_entry,
188                                         qhead);
189                 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
190                                 /* Mark other intransit requests as needing
191                                    retry so we do not immediately mark the
192                                    session bad again (ie after we reconnect
193                                    below) as they timeout too */
194                         mid_entry->midState = MID_RETRY_NEEDED;
195                 }
196         }
197         spin_unlock(&GlobalMid_Lock);
198         mutex_unlock(&server->srv_mutex);
199
200         while ((server->tcpStatus != CifsExiting) &&
201                (server->tcpStatus != CifsGood)) {
202                 try_to_freeze();
203
204                 /* we should try only the port we connected to before */
205                 rc = generic_ip_connect(server);
206                 if (rc) {
207                         cFYI(1, "reconnect error %d", rc);
208                         msleep(3000);
209                 } else {
210                         atomic_inc(&tcpSesReconnectCount);
211                         spin_lock(&GlobalMid_Lock);
212                         if (server->tcpStatus != CifsExiting)
213                                 server->tcpStatus = CifsGood;
214                         spin_unlock(&GlobalMid_Lock);
215         /*              atomic_set(&server->inFlight,0);*/
216                         wake_up(&server->response_q);
217                 }
218         }
219         return rc;
220 }
221
222 /*
223         return codes:
224                 0       not a transact2, or all data present
225                 >0      transact2 with that much data missing
226                 -EINVAL = invalid transact2
227
228  */
229 static int check2ndT2(struct smb_hdr *pSMB, unsigned int maxBufSize)
230 {
231         struct smb_t2_rsp *pSMBt;
232         int total_data_size;
233         int data_in_this_rsp;
234         int remaining;
235
236         if (pSMB->Command != SMB_COM_TRANSACTION2)
237                 return 0;
238
239         /* check for plausible wct, bcc and t2 data and parm sizes */
240         /* check for parm and data offset going beyond end of smb */
241         if (pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
242                 cFYI(1, "invalid transact2 word count");
243                 return -EINVAL;
244         }
245
246         pSMBt = (struct smb_t2_rsp *)pSMB;
247
248         total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
249         data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
250
251         remaining = total_data_size - data_in_this_rsp;
252
253         if (remaining == 0)
254                 return 0;
255         else if (remaining < 0) {
256                 cFYI(1, "total data %d smaller than data in frame %d",
257                         total_data_size, data_in_this_rsp);
258                 return -EINVAL;
259         } else {
260                 cFYI(1, "missing %d bytes from transact2, check next response",
261                         remaining);
262                 if (total_data_size > maxBufSize) {
263                         cERROR(1, "TotalDataSize %d is over maximum buffer %d",
264                                 total_data_size, maxBufSize);
265                         return -EINVAL;
266                 }
267                 return remaining;
268         }
269 }
270
271 static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
272 {
273         struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
274         struct smb_t2_rsp *pSMBt  = (struct smb_t2_rsp *)pTargetSMB;
275         int total_data_size;
276         int total_in_buf;
277         int remaining;
278         int total_in_buf2;
279         char *data_area_of_target;
280         char *data_area_of_buf2;
281         __u16 byte_count;
282
283         total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
284
285         if (total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
286                 cFYI(1, "total data size of primary and secondary t2 differ");
287         }
288
289         total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
290
291         remaining = total_data_size - total_in_buf;
292
293         if (remaining < 0)
294                 return -EINVAL;
295
296         if (remaining == 0) /* nothing to do, ignore */
297                 return 0;
298
299         total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
300         if (remaining < total_in_buf2) {
301                 cFYI(1, "transact2 2nd response contains too much data");
302         }
303
304         /* find end of first SMB data area */
305         data_area_of_target = (char *)&pSMBt->hdr.Protocol +
306                                 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
307         /* validate target area */
308
309         data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
310                                         le16_to_cpu(pSMB2->t2_rsp.DataOffset);
311
312         data_area_of_target += total_in_buf;
313
314         /* copy second buffer into end of first buffer */
315         memcpy(data_area_of_target, data_area_of_buf2, total_in_buf2);
316         total_in_buf += total_in_buf2;
317         pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
318         byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
319         byte_count += total_in_buf2;
320         BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
321
322         byte_count = pTargetSMB->smb_buf_length;
323         byte_count += total_in_buf2;
324
325         /* BB also add check that we are not beyond maximum buffer size */
326
327         pTargetSMB->smb_buf_length = byte_count;
328
329         if (remaining == total_in_buf2) {
330                 cFYI(1, "found the last secondary response");
331                 return 0; /* we are done */
332         } else /* more responses to go */
333                 return 1;
334
335 }
336
337 static int
338 cifs_demultiplex_thread(struct TCP_Server_Info *server)
339 {
340         int length;
341         unsigned int pdu_length, total_read;
342         struct smb_hdr *smb_buffer = NULL;
343         struct smb_hdr *bigbuf = NULL;
344         struct smb_hdr *smallbuf = NULL;
345         struct msghdr smb_msg;
346         struct kvec iov;
347         struct socket *csocket = server->ssocket;
348         struct list_head *tmp;
349         struct task_struct *task_to_wake = NULL;
350         struct mid_q_entry *mid_entry;
351         char temp;
352         bool isLargeBuf = false;
353         bool isMultiRsp;
354         int reconnect;
355
356         current->flags |= PF_MEMALLOC;
357         cFYI(1, "Demultiplex PID: %d", task_pid_nr(current));
358
359         length = atomic_inc_return(&tcpSesAllocCount);
360         if (length > 1)
361                 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
362                                 GFP_KERNEL);
363
364         set_freezable();
365         while (server->tcpStatus != CifsExiting) {
366                 if (try_to_freeze())
367                         continue;
368                 if (bigbuf == NULL) {
369                         bigbuf = cifs_buf_get();
370                         if (!bigbuf) {
371                                 cERROR(1, "No memory for large SMB response");
372                                 msleep(3000);
373                                 /* retry will check if exiting */
374                                 continue;
375                         }
376                 } else if (isLargeBuf) {
377                         /* we are reusing a dirty large buf, clear its start */
378                         memset(bigbuf, 0, sizeof(struct smb_hdr));
379                 }
380
381                 if (smallbuf == NULL) {
382                         smallbuf = cifs_small_buf_get();
383                         if (!smallbuf) {
384                                 cERROR(1, "No memory for SMB response");
385                                 msleep(1000);
386                                 /* retry will check if exiting */
387                                 continue;
388                         }
389                         /* beginning of smb buffer is cleared in our buf_get */
390                 } else /* if existing small buf clear beginning */
391                         memset(smallbuf, 0, sizeof(struct smb_hdr));
392
393                 isLargeBuf = false;
394                 isMultiRsp = false;
395                 smb_buffer = smallbuf;
396                 iov.iov_base = smb_buffer;
397                 iov.iov_len = 4;
398                 smb_msg.msg_control = NULL;
399                 smb_msg.msg_controllen = 0;
400                 pdu_length = 4; /* enough to get RFC1001 header */
401 incomplete_rcv:
402                 length =
403                     kernel_recvmsg(csocket, &smb_msg,
404                                 &iov, 1, pdu_length, 0 /* BB other flags? */);
405
406                 if (server->tcpStatus == CifsExiting) {
407                         break;
408                 } else if (server->tcpStatus == CifsNeedReconnect) {
409                         cFYI(1, "Reconnect after server stopped responding");
410                         cifs_reconnect(server);
411                         cFYI(1, "call to reconnect done");
412                         csocket = server->ssocket;
413                         continue;
414                 } else if (length == -ERESTARTSYS ||
415                            length == -EAGAIN ||
416                            length == -EINTR) {
417                         msleep(1); /* minimum sleep to prevent looping
418                                 allowing socket to clear and app threads to set
419                                 tcpStatus CifsNeedReconnect if server hung */
420                         if (pdu_length < 4) {
421                                 iov.iov_base = (4 - pdu_length) +
422                                                         (char *)smb_buffer;
423                                 iov.iov_len = pdu_length;
424                                 smb_msg.msg_control = NULL;
425                                 smb_msg.msg_controllen = 0;
426                                 goto incomplete_rcv;
427                         } else
428                                 continue;
429                 } else if (length <= 0) {
430                         cFYI(1, "Reconnect after unexpected peek error %d",
431                                 length);
432                         cifs_reconnect(server);
433                         csocket = server->ssocket;
434                         wake_up(&server->response_q);
435                         continue;
436                 } else if (length < pdu_length) {
437                         cFYI(1, "requested %d bytes but only got %d bytes",
438                                   pdu_length, length);
439                         pdu_length -= length;
440                         msleep(1);
441                         goto incomplete_rcv;
442                 }
443
444                 /* The right amount was read from socket - 4 bytes */
445                 /* so we can now interpret the length field */
446
447                 /* the first byte big endian of the length field,
448                 is actually not part of the length but the type
449                 with the most common, zero, as regular data */
450                 temp = *((char *) smb_buffer);
451
452                 /* Note that FC 1001 length is big endian on the wire,
453                 but we convert it here so it is always manipulated
454                 as host byte order */
455                 pdu_length = be32_to_cpu((__force __be32)smb_buffer->smb_buf_length);
456                 smb_buffer->smb_buf_length = pdu_length;
457
458                 cFYI(1, "rfc1002 length 0x%x", pdu_length+4);
459
460                 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
461                         continue;
462                 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
463                         cFYI(1, "Good RFC 1002 session rsp");
464                         continue;
465                 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
466                         /* we get this from Windows 98 instead of
467                            an error on SMB negprot response */
468                         cFYI(1, "Negative RFC1002 Session Response Error 0x%x)",
469                                 pdu_length);
470                         /* give server a second to clean up  */
471                         msleep(1000);
472                         /* always try 445 first on reconnect since we get NACK
473                          * on some if we ever connected to port 139 (the NACK
474                          * is since we do not begin with RFC1001 session
475                          * initialize frame)
476                          */
477                         cifs_set_port((struct sockaddr *)
478                                         &server->dstaddr, CIFS_PORT);
479                         cifs_reconnect(server);
480                         csocket = server->ssocket;
481                         wake_up(&server->response_q);
482                         continue;
483                 } else if (temp != (char) 0) {
484                         cERROR(1, "Unknown RFC 1002 frame");
485                         cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
486                                       length);
487                         cifs_reconnect(server);
488                         csocket = server->ssocket;
489                         continue;
490                 }
491
492                 /* else we have an SMB response */
493                 if ((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
494                             (pdu_length < sizeof(struct smb_hdr) - 1 - 4)) {
495                         cERROR(1, "Invalid size SMB length %d pdu_length %d",
496                                         length, pdu_length+4);
497                         cifs_reconnect(server);
498                         csocket = server->ssocket;
499                         wake_up(&server->response_q);
500                         continue;
501                 }
502
503                 /* else length ok */
504                 reconnect = 0;
505
506                 if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
507                         isLargeBuf = true;
508                         memcpy(bigbuf, smallbuf, 4);
509                         smb_buffer = bigbuf;
510                 }
511                 length = 0;
512                 iov.iov_base = 4 + (char *)smb_buffer;
513                 iov.iov_len = pdu_length;
514                 for (total_read = 0; total_read < pdu_length;
515                      total_read += length) {
516                         length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
517                                                 pdu_length - total_read, 0);
518                         if (server->tcpStatus == CifsExiting) {
519                                 /* then will exit */
520                                 reconnect = 2;
521                                 break;
522                         } else if (server->tcpStatus == CifsNeedReconnect) {
523                                 cifs_reconnect(server);
524                                 csocket = server->ssocket;
525                                 /* Reconnect wakes up rspns q */
526                                 /* Now we will reread sock */
527                                 reconnect = 1;
528                                 break;
529                         } else if (length == -ERESTARTSYS ||
530                                    length == -EAGAIN ||
531                                    length == -EINTR) {
532                                 msleep(1); /* minimum sleep to prevent looping,
533                                               allowing socket to clear and app
534                                               threads to set tcpStatus
535                                               CifsNeedReconnect if server hung*/
536                                 length = 0;
537                                 continue;
538                         } else if (length <= 0) {
539                                 cERROR(1, "Received no data, expecting %d",
540                                               pdu_length - total_read);
541                                 cifs_reconnect(server);
542                                 csocket = server->ssocket;
543                                 reconnect = 1;
544                                 break;
545                         }
546                 }
547                 if (reconnect == 2)
548                         break;
549                 else if (reconnect == 1)
550                         continue;
551
552                 length += 4; /* account for rfc1002 hdr */
553
554
555                 dump_smb(smb_buffer, length);
556                 if (checkSMB(smb_buffer, smb_buffer->Mid, total_read+4)) {
557                         cifs_dump_mem("Bad SMB: ", smb_buffer, 48);
558                         continue;
559                 }
560
561
562                 task_to_wake = NULL;
563                 spin_lock(&GlobalMid_Lock);
564                 list_for_each(tmp, &server->pending_mid_q) {
565                         mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
566
567                         if ((mid_entry->mid == smb_buffer->Mid) &&
568                             (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
569                             (mid_entry->command == smb_buffer->Command)) {
570                                 if (check2ndT2(smb_buffer,server->maxBuf) > 0) {
571                                         /* We have a multipart transact2 resp */
572                                         isMultiRsp = true;
573                                         if (mid_entry->resp_buf) {
574                                                 /* merge response - fix up 1st*/
575                                                 if (coalesce_t2(smb_buffer,
576                                                         mid_entry->resp_buf)) {
577                                                         mid_entry->multiRsp =
578                                                                  true;
579                                                         break;
580                                                 } else {
581                                                         /* all parts received */
582                                                         mid_entry->multiEnd =
583                                                                  true;
584                                                         goto multi_t2_fnd;
585                                                 }
586                                         } else {
587                                                 if (!isLargeBuf) {
588                                                         cERROR(1, "1st trans2 resp needs bigbuf");
589                                         /* BB maybe we can fix this up,  switch
590                                            to already allocated large buffer? */
591                                                 } else {
592                                                         /* Have first buffer */
593                                                         mid_entry->resp_buf =
594                                                                  smb_buffer;
595                                                         mid_entry->largeBuf =
596                                                                  true;
597                                                         bigbuf = NULL;
598                                                 }
599                                         }
600                                         break;
601                                 }
602                                 mid_entry->resp_buf = smb_buffer;
603                                 mid_entry->largeBuf = isLargeBuf;
604 multi_t2_fnd:
605                                 task_to_wake = mid_entry->tsk;
606                                 mid_entry->midState = MID_RESPONSE_RECEIVED;
607 #ifdef CONFIG_CIFS_STATS2
608                                 mid_entry->when_received = jiffies;
609 #endif
610                                 /* so we do not time out requests to  server
611                                 which is still responding (since server could
612                                 be busy but not dead) */
613                                 server->lstrp = jiffies;
614                                 break;
615                         }
616                 }
617                 spin_unlock(&GlobalMid_Lock);
618                 if (task_to_wake) {
619                         /* Was previous buf put in mpx struct for multi-rsp? */
620                         if (!isMultiRsp) {
621                                 /* smb buffer will be freed by user thread */
622                                 if (isLargeBuf)
623                                         bigbuf = NULL;
624                                 else
625                                         smallbuf = NULL;
626                         }
627                         wake_up_process(task_to_wake);
628                 } else if (!is_valid_oplock_break(smb_buffer, server) &&
629                            !isMultiRsp) {
630                         cERROR(1, "No task to wake, unknown frame received! "
631                                    "NumMids %d", midCount.counter);
632                         cifs_dump_mem("Received Data is: ", (char *)smb_buffer,
633                                       sizeof(struct smb_hdr));
634 #ifdef CONFIG_CIFS_DEBUG2
635                         cifs_dump_detail(smb_buffer);
636                         cifs_dump_mids(server);
637 #endif /* CIFS_DEBUG2 */
638
639                 }
640         } /* end while !EXITING */
641
642         /* take it off the list, if it's not already */
643         spin_lock(&cifs_tcp_ses_lock);
644         list_del_init(&server->tcp_ses_list);
645         spin_unlock(&cifs_tcp_ses_lock);
646
647         spin_lock(&GlobalMid_Lock);
648         server->tcpStatus = CifsExiting;
649         spin_unlock(&GlobalMid_Lock);
650         wake_up_all(&server->response_q);
651
652         /* check if we have blocked requests that need to free */
653         /* Note that cifs_max_pending is normally 50, but
654         can be set at module install time to as little as two */
655         spin_lock(&GlobalMid_Lock);
656         if (atomic_read(&server->inFlight) >= cifs_max_pending)
657                 atomic_set(&server->inFlight, cifs_max_pending - 1);
658         /* We do not want to set the max_pending too low or we
659         could end up with the counter going negative */
660         spin_unlock(&GlobalMid_Lock);
661         /* Although there should not be any requests blocked on
662         this queue it can not hurt to be paranoid and try to wake up requests
663         that may haven been blocked when more than 50 at time were on the wire
664         to the same server - they now will see the session is in exit state
665         and get out of SendReceive.  */
666         wake_up_all(&server->request_q);
667         /* give those requests time to exit */
668         msleep(125);
669
670         if (server->ssocket) {
671                 sock_release(csocket);
672                 server->ssocket = NULL;
673         }
674         /* buffer usuallly freed in free_mid - need to free it here on exit */
675         cifs_buf_release(bigbuf);
676         if (smallbuf) /* no sense logging a debug message if NULL */
677                 cifs_small_buf_release(smallbuf);
678
679         if (!list_empty(&server->pending_mid_q)) {
680                 spin_lock(&GlobalMid_Lock);
681                 list_for_each(tmp, &server->pending_mid_q) {
682                         mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
683                         if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
684                                 cFYI(1, "Clearing Mid 0x%x - waking up ",
685                                         mid_entry->mid);
686                                 task_to_wake = mid_entry->tsk;
687                                 if (task_to_wake)
688                                         wake_up_process(task_to_wake);
689                         }
690                 }
691                 spin_unlock(&GlobalMid_Lock);
692                 /* 1/8th of sec is more than enough time for them to exit */
693                 msleep(125);
694         }
695
696         if (!list_empty(&server->pending_mid_q)) {
697                 /* mpx threads have not exited yet give them
698                 at least the smb send timeout time for long ops */
699                 /* due to delays on oplock break requests, we need
700                 to wait at least 45 seconds before giving up
701                 on a request getting a response and going ahead
702                 and killing cifsd */
703                 cFYI(1, "Wait for exit from demultiplex thread");
704                 msleep(46000);
705                 /* if threads still have not exited they are probably never
706                 coming home not much else we can do but free the memory */
707         }
708
709         kfree(server->hostname);
710         task_to_wake = xchg(&server->tsk, NULL);
711         kfree(server);
712
713         length = atomic_dec_return(&tcpSesAllocCount);
714         if (length  > 0)
715                 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
716                                 GFP_KERNEL);
717
718         /* if server->tsk was NULL then wait for a signal before exiting */
719         if (!task_to_wake) {
720                 set_current_state(TASK_INTERRUPTIBLE);
721                 while (!signal_pending(current)) {
722                         schedule();
723                         set_current_state(TASK_INTERRUPTIBLE);
724                 }
725                 set_current_state(TASK_RUNNING);
726         }
727
728         module_put_and_exit(0);
729 }
730
731 /* extract the host portion of the UNC string */
732 static char *
733 extract_hostname(const char *unc)
734 {
735         const char *src;
736         char *dst, *delim;
737         unsigned int len;
738
739         /* skip double chars at beginning of string */
740         /* BB: check validity of these bytes? */
741         src = unc + 2;
742
743         /* delimiter between hostname and sharename is always '\\' now */
744         delim = strchr(src, '\\');
745         if (!delim)
746                 return ERR_PTR(-EINVAL);
747
748         len = delim - src;
749         dst = kmalloc((len + 1), GFP_KERNEL);
750         if (dst == NULL)
751                 return ERR_PTR(-ENOMEM);
752
753         memcpy(dst, src, len);
754         dst[len] = '\0';
755
756         return dst;
757 }
758
759 static int
760 cifs_parse_mount_options(char *options, const char *devname,
761                          struct smb_vol *vol)
762 {
763         char *value;
764         char *data;
765         unsigned int  temp_len, i, j;
766         char separator[2];
767         short int override_uid = -1;
768         short int override_gid = -1;
769         bool uid_specified = false;
770         bool gid_specified = false;
771         char *nodename = utsname()->nodename;
772
773         separator[0] = ',';
774         separator[1] = 0;
775
776         /*
777          * does not have to be perfect mapping since field is
778          * informational, only used for servers that do not support
779          * port 445 and it can be overridden at mount time
780          */
781         memset(vol->source_rfc1001_name, 0x20, RFC1001_NAME_LEN);
782         for (i = 0; i < strnlen(nodename, RFC1001_NAME_LEN); i++)
783                 vol->source_rfc1001_name[i] = toupper(nodename[i]);
784
785         vol->source_rfc1001_name[RFC1001_NAME_LEN] = 0;
786         /* null target name indicates to use *SMBSERVR default called name
787            if we end up sending RFC1001 session initialize */
788         vol->target_rfc1001_name[0] = 0;
789         vol->cred_uid = current_uid();
790         vol->linux_uid = current_uid();
791         vol->linux_gid = current_gid();
792
793         /* default to only allowing write access to owner of the mount */
794         vol->dir_mode = vol->file_mode = S_IRUGO | S_IXUGO | S_IWUSR;
795
796         /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
797         /* default is always to request posix paths. */
798         vol->posix_paths = 1;
799         /* default to using server inode numbers where available */
800         vol->server_ino = 1;
801
802         vol->actimeo = CIFS_DEF_ACTIMEO;
803
804         if (!options)
805                 return 1;
806
807         if (strncmp(options, "sep=", 4) == 0) {
808                 if (options[4] != 0) {
809                         separator[0] = options[4];
810                         options += 5;
811                 } else {
812                         cFYI(1, "Null separator not allowed");
813                 }
814         }
815
816         while ((data = strsep(&options, separator)) != NULL) {
817                 if (!*data)
818                         continue;
819                 if ((value = strchr(data, '=')) != NULL)
820                         *value++ = '\0';
821
822                 /* Have to parse this before we parse for "user" */
823                 if (strnicmp(data, "user_xattr", 10) == 0) {
824                         vol->no_xattr = 0;
825                 } else if (strnicmp(data, "nouser_xattr", 12) == 0) {
826                         vol->no_xattr = 1;
827                 } else if (strnicmp(data, "user", 4) == 0) {
828                         if (!value) {
829                                 printk(KERN_WARNING
830                                        "CIFS: invalid or missing username\n");
831                                 return 1;       /* needs_arg; */
832                         } else if (!*value) {
833                                 /* null user, ie anonymous, authentication */
834                                 vol->nullauth = 1;
835                         }
836                         if (strnlen(value, 200) < 200) {
837                                 vol->username = value;
838                         } else {
839                                 printk(KERN_WARNING "CIFS: username too long\n");
840                                 return 1;
841                         }
842                 } else if (strnicmp(data, "pass", 4) == 0) {
843                         if (!value) {
844                                 vol->password = NULL;
845                                 continue;
846                         } else if (value[0] == 0) {
847                                 /* check if string begins with double comma
848                                    since that would mean the password really
849                                    does start with a comma, and would not
850                                    indicate an empty string */
851                                 if (value[1] != separator[0]) {
852                                         vol->password = NULL;
853                                         continue;
854                                 }
855                         }
856                         temp_len = strlen(value);
857                         /* removed password length check, NTLM passwords
858                                 can be arbitrarily long */
859
860                         /* if comma in password, the string will be
861                         prematurely null terminated.  Commas in password are
862                         specified across the cifs mount interface by a double
863                         comma ie ,, and a comma used as in other cases ie ','
864                         as a parameter delimiter/separator is single and due
865                         to the strsep above is temporarily zeroed. */
866
867                         /* NB: password legally can have multiple commas and
868                         the only illegal character in a password is null */
869
870                         if ((value[temp_len] == 0) &&
871                             (value[temp_len+1] == separator[0])) {
872                                 /* reinsert comma */
873                                 value[temp_len] = separator[0];
874                                 temp_len += 2;  /* move after second comma */
875                                 while (value[temp_len] != 0)  {
876                                         if (value[temp_len] == separator[0]) {
877                                                 if (value[temp_len+1] ==
878                                                      separator[0]) {
879                                                 /* skip second comma */
880                                                         temp_len++;
881                                                 } else {
882                                                 /* single comma indicating start
883                                                          of next parm */
884                                                         break;
885                                                 }
886                                         }
887                                         temp_len++;
888                                 }
889                                 if (value[temp_len] == 0) {
890                                         options = NULL;
891                                 } else {
892                                         value[temp_len] = 0;
893                                         /* point option to start of next parm */
894                                         options = value + temp_len + 1;
895                                 }
896                                 /* go from value to value + temp_len condensing
897                                 double commas to singles. Note that this ends up
898                                 allocating a few bytes too many, which is ok */
899                                 vol->password = kzalloc(temp_len, GFP_KERNEL);
900                                 if (vol->password == NULL) {
901                                         printk(KERN_WARNING "CIFS: no memory "
902                                                             "for password\n");
903                                         return 1;
904                                 }
905                                 for (i = 0, j = 0; i < temp_len; i++, j++) {
906                                         vol->password[j] = value[i];
907                                         if (value[i] == separator[0]
908                                                 && value[i+1] == separator[0]) {
909                                                 /* skip second comma */
910                                                 i++;
911                                         }
912                                 }
913                                 vol->password[j] = 0;
914                         } else {
915                                 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
916                                 if (vol->password == NULL) {
917                                         printk(KERN_WARNING "CIFS: no memory "
918                                                             "for password\n");
919                                         return 1;
920                                 }
921                                 strcpy(vol->password, value);
922                         }
923                 } else if (!strnicmp(data, "ip", 2) ||
924                            !strnicmp(data, "addr", 4)) {
925                         if (!value || !*value) {
926                                 vol->UNCip = NULL;
927                         } else if (strnlen(value, INET6_ADDRSTRLEN) <
928                                                         INET6_ADDRSTRLEN) {
929                                 vol->UNCip = value;
930                         } else {
931                                 printk(KERN_WARNING "CIFS: ip address "
932                                                     "too long\n");
933                                 return 1;
934                         }
935                 } else if (strnicmp(data, "sec", 3) == 0) {
936                         if (!value || !*value) {
937                                 cERROR(1, "no security value specified");
938                                 continue;
939                         } else if (strnicmp(value, "krb5i", 5) == 0) {
940                                 vol->secFlg |= CIFSSEC_MAY_KRB5 |
941                                         CIFSSEC_MUST_SIGN;
942                         } else if (strnicmp(value, "krb5p", 5) == 0) {
943                                 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
944                                         CIFSSEC_MAY_KRB5; */
945                                 cERROR(1, "Krb5 cifs privacy not supported");
946                                 return 1;
947                         } else if (strnicmp(value, "krb5", 4) == 0) {
948                                 vol->secFlg |= CIFSSEC_MAY_KRB5;
949                         } else if (strnicmp(value, "ntlmsspi", 8) == 0) {
950                                 vol->secFlg |= CIFSSEC_MAY_NTLMSSP |
951                                         CIFSSEC_MUST_SIGN;
952                         } else if (strnicmp(value, "ntlmssp", 7) == 0) {
953                                 vol->secFlg |= CIFSSEC_MAY_NTLMSSP;
954                         } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
955                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
956                                         CIFSSEC_MUST_SIGN;
957                         } else if (strnicmp(value, "ntlmv2", 6) == 0) {
958                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
959                         } else if (strnicmp(value, "ntlmi", 5) == 0) {
960                                 vol->secFlg |= CIFSSEC_MAY_NTLM |
961                                         CIFSSEC_MUST_SIGN;
962                         } else if (strnicmp(value, "ntlm", 4) == 0) {
963                                 /* ntlm is default so can be turned off too */
964                                 vol->secFlg |= CIFSSEC_MAY_NTLM;
965                         } else if (strnicmp(value, "nontlm", 6) == 0) {
966                                 /* BB is there a better way to do this? */
967                                 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
968 #ifdef CONFIG_CIFS_WEAK_PW_HASH
969                         } else if (strnicmp(value, "lanman", 6) == 0) {
970                                 vol->secFlg |= CIFSSEC_MAY_LANMAN;
971 #endif
972                         } else if (strnicmp(value, "none", 4) == 0) {
973                                 vol->nullauth = 1;
974                         } else {
975                                 cERROR(1, "bad security option: %s", value);
976                                 return 1;
977                         }
978                 } else if ((strnicmp(data, "unc", 3) == 0)
979                            || (strnicmp(data, "target", 6) == 0)
980                            || (strnicmp(data, "path", 4) == 0)) {
981                         if (!value || !*value) {
982                                 printk(KERN_WARNING "CIFS: invalid path to "
983                                                     "network resource\n");
984                                 return 1;       /* needs_arg; */
985                         }
986                         if ((temp_len = strnlen(value, 300)) < 300) {
987                                 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
988                                 if (vol->UNC == NULL)
989                                         return 1;
990                                 strcpy(vol->UNC, value);
991                                 if (strncmp(vol->UNC, "//", 2) == 0) {
992                                         vol->UNC[0] = '\\';
993                                         vol->UNC[1] = '\\';
994                                 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
995                                         printk(KERN_WARNING
996                                                "CIFS: UNC Path does not begin "
997                                                "with // or \\\\ \n");
998                                         return 1;
999                                 }
1000                         } else {
1001                                 printk(KERN_WARNING "CIFS: UNC name too long\n");
1002                                 return 1;
1003                         }
1004                 } else if ((strnicmp(data, "domain", 3) == 0)
1005                            || (strnicmp(data, "workgroup", 5) == 0)) {
1006                         if (!value || !*value) {
1007                                 printk(KERN_WARNING "CIFS: invalid domain name\n");
1008                                 return 1;       /* needs_arg; */
1009                         }
1010                         /* BB are there cases in which a comma can be valid in
1011                         a domain name and need special handling? */
1012                         if (strnlen(value, 256) < 256) {
1013                                 vol->domainname = value;
1014                                 cFYI(1, "Domain name set");
1015                         } else {
1016                                 printk(KERN_WARNING "CIFS: domain name too "
1017                                                     "long\n");
1018                                 return 1;
1019                         }
1020                 } else if (strnicmp(data, "srcaddr", 7) == 0) {
1021                         vol->srcaddr.ss_family = AF_UNSPEC;
1022
1023                         if (!value || !*value) {
1024                                 printk(KERN_WARNING "CIFS: srcaddr value"
1025                                        " not specified.\n");
1026                                 return 1;       /* needs_arg; */
1027                         }
1028                         i = cifs_convert_address((struct sockaddr *)&vol->srcaddr,
1029                                                  value, strlen(value));
1030                         if (i == 0) {
1031                                 printk(KERN_WARNING "CIFS:  Could not parse"
1032                                        " srcaddr: %s\n",
1033                                        value);
1034                                 return 1;
1035                         }
1036                 } else if (strnicmp(data, "prefixpath", 10) == 0) {
1037                         if (!value || !*value) {
1038                                 printk(KERN_WARNING
1039                                         "CIFS: invalid path prefix\n");
1040                                 return 1;       /* needs_argument */
1041                         }
1042                         if ((temp_len = strnlen(value, 1024)) < 1024) {
1043                                 if (value[0] != '/')
1044                                         temp_len++;  /* missing leading slash */
1045                                 vol->prepath = kmalloc(temp_len+1, GFP_KERNEL);
1046                                 if (vol->prepath == NULL)
1047                                         return 1;
1048                                 if (value[0] != '/') {
1049                                         vol->prepath[0] = '/';
1050                                         strcpy(vol->prepath+1, value);
1051                                 } else
1052                                         strcpy(vol->prepath, value);
1053                                 cFYI(1, "prefix path %s", vol->prepath);
1054                         } else {
1055                                 printk(KERN_WARNING "CIFS: prefix too long\n");
1056                                 return 1;
1057                         }
1058                 } else if (strnicmp(data, "iocharset", 9) == 0) {
1059                         if (!value || !*value) {
1060                                 printk(KERN_WARNING "CIFS: invalid iocharset "
1061                                                     "specified\n");
1062                                 return 1;       /* needs_arg; */
1063                         }
1064                         if (strnlen(value, 65) < 65) {
1065                                 if (strnicmp(value, "default", 7))
1066                                         vol->iocharset = value;
1067                                 /* if iocharset not set then load_nls_default
1068                                    is used by caller */
1069                                 cFYI(1, "iocharset set to %s", value);
1070                         } else {
1071                                 printk(KERN_WARNING "CIFS: iocharset name "
1072                                                     "too long.\n");
1073                                 return 1;
1074                         }
1075                 } else if (!strnicmp(data, "uid", 3) && value && *value) {
1076                         vol->linux_uid = simple_strtoul(value, &value, 0);
1077                         uid_specified = true;
1078                 } else if (!strnicmp(data, "cruid", 5) && value && *value) {
1079                         vol->cred_uid = simple_strtoul(value, &value, 0);
1080                 } else if (!strnicmp(data, "forceuid", 8)) {
1081                         override_uid = 1;
1082                 } else if (!strnicmp(data, "noforceuid", 10)) {
1083                         override_uid = 0;
1084                 } else if (!strnicmp(data, "gid", 3) && value && *value) {
1085                         vol->linux_gid = simple_strtoul(value, &value, 0);
1086                         gid_specified = true;
1087                 } else if (!strnicmp(data, "forcegid", 8)) {
1088                         override_gid = 1;
1089                 } else if (!strnicmp(data, "noforcegid", 10)) {
1090                         override_gid = 0;
1091                 } else if (strnicmp(data, "file_mode", 4) == 0) {
1092                         if (value && *value) {
1093                                 vol->file_mode =
1094                                         simple_strtoul(value, &value, 0);
1095                         }
1096                 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1097                         if (value && *value) {
1098                                 vol->dir_mode =
1099                                         simple_strtoul(value, &value, 0);
1100                         }
1101                 } else if (strnicmp(data, "dirmode", 4) == 0) {
1102                         if (value && *value) {
1103                                 vol->dir_mode =
1104                                         simple_strtoul(value, &value, 0);
1105                         }
1106                 } else if (strnicmp(data, "port", 4) == 0) {
1107                         if (value && *value) {
1108                                 vol->port =
1109                                         simple_strtoul(value, &value, 0);
1110                         }
1111                 } else if (strnicmp(data, "rsize", 5) == 0) {
1112                         if (value && *value) {
1113                                 vol->rsize =
1114                                         simple_strtoul(value, &value, 0);
1115                         }
1116                 } else if (strnicmp(data, "wsize", 5) == 0) {
1117                         if (value && *value) {
1118                                 vol->wsize =
1119                                         simple_strtoul(value, &value, 0);
1120                         }
1121                 } else if (strnicmp(data, "sockopt", 5) == 0) {
1122                         if (!value || !*value) {
1123                                 cERROR(1, "no socket option specified");
1124                                 continue;
1125                         } else if (strnicmp(value, "TCP_NODELAY", 11) == 0) {
1126                                 vol->sockopt_tcp_nodelay = 1;
1127                         }
1128                 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1129                         if (!value || !*value || (*value == ' ')) {
1130                                 cFYI(1, "invalid (empty) netbiosname");
1131                         } else {
1132                                 memset(vol->source_rfc1001_name, 0x20,
1133                                         RFC1001_NAME_LEN);
1134                                 /*
1135                                  * FIXME: are there cases in which a comma can
1136                                  * be valid in workstation netbios name (and
1137                                  * need special handling)?
1138                                  */
1139                                 for (i = 0; i < RFC1001_NAME_LEN; i++) {
1140                                         /* don't ucase netbiosname for user */
1141                                         if (value[i] == 0)
1142                                                 break;
1143                                         vol->source_rfc1001_name[i] = value[i];
1144                                 }
1145                                 /* The string has 16th byte zero still from
1146                                 set at top of the function  */
1147                                 if (i == RFC1001_NAME_LEN && value[i] != 0)
1148                                         printk(KERN_WARNING "CIFS: netbiosname"
1149                                                 " longer than 15 truncated.\n");
1150                         }
1151                 } else if (strnicmp(data, "servern", 7) == 0) {
1152                         /* servernetbiosname specified override *SMBSERVER */
1153                         if (!value || !*value || (*value == ' ')) {
1154                                 cFYI(1, "empty server netbiosname specified");
1155                         } else {
1156                                 /* last byte, type, is 0x20 for servr type */
1157                                 memset(vol->target_rfc1001_name, 0x20,
1158                                         RFC1001_NAME_LEN_WITH_NULL);
1159
1160                                 for (i = 0; i < 15; i++) {
1161                                 /* BB are there cases in which a comma can be
1162                                    valid in this workstation netbios name
1163                                    (and need special handling)? */
1164
1165                                 /* user or mount helper must uppercase
1166                                    the netbiosname */
1167                                         if (value[i] == 0)
1168                                                 break;
1169                                         else
1170                                                 vol->target_rfc1001_name[i] =
1171                                                                 value[i];
1172                                 }
1173                                 /* The string has 16th byte zero still from
1174                                    set at top of the function  */
1175                                 if (i == RFC1001_NAME_LEN && value[i] != 0)
1176                                         printk(KERN_WARNING "CIFS: server net"
1177                                         "biosname longer than 15 truncated.\n");
1178                         }
1179                 } else if (strnicmp(data, "actimeo", 7) == 0) {
1180                         if (value && *value) {
1181                                 vol->actimeo = HZ * simple_strtoul(value,
1182                                                                    &value, 0);
1183                                 if (vol->actimeo > CIFS_MAX_ACTIMEO) {
1184                                         cERROR(1, "CIFS: attribute cache"
1185                                                         "timeout too large");
1186                                         return 1;
1187                                 }
1188                         }
1189                 } else if (strnicmp(data, "credentials", 4) == 0) {
1190                         /* ignore */
1191                 } else if (strnicmp(data, "version", 3) == 0) {
1192                         /* ignore */
1193                 } else if (strnicmp(data, "guest", 5) == 0) {
1194                         /* ignore */
1195                 } else if (strnicmp(data, "rw", 2) == 0) {
1196                         /* ignore */
1197                 } else if (strnicmp(data, "ro", 2) == 0) {
1198                         /* ignore */
1199                 } else if (strnicmp(data, "noblocksend", 11) == 0) {
1200                         vol->noblocksnd = 1;
1201                 } else if (strnicmp(data, "noautotune", 10) == 0) {
1202                         vol->noautotune = 1;
1203                 } else if ((strnicmp(data, "suid", 4) == 0) ||
1204                                    (strnicmp(data, "nosuid", 6) == 0) ||
1205                                    (strnicmp(data, "exec", 4) == 0) ||
1206                                    (strnicmp(data, "noexec", 6) == 0) ||
1207                                    (strnicmp(data, "nodev", 5) == 0) ||
1208                                    (strnicmp(data, "noauto", 6) == 0) ||
1209                                    (strnicmp(data, "dev", 3) == 0)) {
1210                         /*  The mount tool or mount.cifs helper (if present)
1211                             uses these opts to set flags, and the flags are read
1212                             by the kernel vfs layer before we get here (ie
1213                             before read super) so there is no point trying to
1214                             parse these options again and set anything and it
1215                             is ok to just ignore them */
1216                         continue;
1217                 } else if (strnicmp(data, "hard", 4) == 0) {
1218                         vol->retry = 1;
1219                 } else if (strnicmp(data, "soft", 4) == 0) {
1220                         vol->retry = 0;
1221                 } else if (strnicmp(data, "perm", 4) == 0) {
1222                         vol->noperm = 0;
1223                 } else if (strnicmp(data, "noperm", 6) == 0) {
1224                         vol->noperm = 1;
1225                 } else if (strnicmp(data, "mapchars", 8) == 0) {
1226                         vol->remap = 1;
1227                 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1228                         vol->remap = 0;
1229                 } else if (strnicmp(data, "sfu", 3) == 0) {
1230                         vol->sfu_emul = 1;
1231                 } else if (strnicmp(data, "nosfu", 5) == 0) {
1232                         vol->sfu_emul = 0;
1233                 } else if (strnicmp(data, "nodfs", 5) == 0) {
1234                         vol->nodfs = 1;
1235                 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1236                         vol->posix_paths = 1;
1237                 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1238                         vol->posix_paths = 0;
1239                 } else if (strnicmp(data, "nounix", 6) == 0) {
1240                         vol->no_linux_ext = 1;
1241                 } else if (strnicmp(data, "nolinux", 7) == 0) {
1242                         vol->no_linux_ext = 1;
1243                 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1244                            (strnicmp(data, "ignorecase", 10)  == 0)) {
1245                         vol->nocase = 1;
1246                 } else if (strnicmp(data, "mand", 4) == 0) {
1247                         /* ignore */
1248                 } else if (strnicmp(data, "nomand", 6) == 0) {
1249                         /* ignore */
1250                 } else if (strnicmp(data, "_netdev", 7) == 0) {
1251                         /* ignore */
1252                 } else if (strnicmp(data, "brl", 3) == 0) {
1253                         vol->nobrl =  0;
1254                 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1255                            (strnicmp(data, "nolock", 6) == 0)) {
1256                         vol->nobrl =  1;
1257                         /* turn off mandatory locking in mode
1258                         if remote locking is turned off since the
1259                         local vfs will do advisory */
1260                         if (vol->file_mode ==
1261                                 (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1262                                 vol->file_mode = S_IALLUGO;
1263                 } else if (strnicmp(data, "forcemandatorylock", 9) == 0) {
1264                         /* will take the shorter form "forcemand" as well */
1265                         /* This mount option will force use of mandatory
1266                           (DOS/Windows style) byte range locks, instead of
1267                           using posix advisory byte range locks, even if the
1268                           Unix extensions are available and posix locks would
1269                           be supported otherwise. If Unix extensions are not
1270                           negotiated this has no effect since mandatory locks
1271                           would be used (mandatory locks is all that those
1272                           those servers support) */
1273                         vol->mand_lock = 1;
1274                 } else if (strnicmp(data, "setuids", 7) == 0) {
1275                         vol->setuids = 1;
1276                 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1277                         vol->setuids = 0;
1278                 } else if (strnicmp(data, "dynperm", 7) == 0) {
1279                         vol->dynperm = true;
1280                 } else if (strnicmp(data, "nodynperm", 9) == 0) {
1281                         vol->dynperm = false;
1282                 } else if (strnicmp(data, "nohard", 6) == 0) {
1283                         vol->retry = 0;
1284                 } else if (strnicmp(data, "nosoft", 6) == 0) {
1285                         vol->retry = 1;
1286                 } else if (strnicmp(data, "nointr", 6) == 0) {
1287                         vol->intr = 0;
1288                 } else if (strnicmp(data, "intr", 4) == 0) {
1289                         vol->intr = 1;
1290                 } else if (strnicmp(data, "nostrictsync", 12) == 0) {
1291                         vol->nostrictsync = 1;
1292                 } else if (strnicmp(data, "strictsync", 10) == 0) {
1293                         vol->nostrictsync = 0;
1294                 } else if (strnicmp(data, "serverino", 7) == 0) {
1295                         vol->server_ino = 1;
1296                 } else if (strnicmp(data, "noserverino", 9) == 0) {
1297                         vol->server_ino = 0;
1298                 } else if (strnicmp(data, "cifsacl", 7) == 0) {
1299                         vol->cifs_acl = 1;
1300                 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1301                         vol->cifs_acl = 0;
1302                 } else if (strnicmp(data, "acl", 3) == 0) {
1303                         vol->no_psx_acl = 0;
1304                 } else if (strnicmp(data, "noacl", 5) == 0) {
1305                         vol->no_psx_acl = 1;
1306                 } else if (strnicmp(data, "locallease", 6) == 0) {
1307                         vol->local_lease = 1;
1308                 } else if (strnicmp(data, "sign", 4) == 0) {
1309                         vol->secFlg |= CIFSSEC_MUST_SIGN;
1310                 } else if (strnicmp(data, "seal", 4) == 0) {
1311                         /* we do not do the following in secFlags because seal
1312                            is a per tree connection (mount) not a per socket
1313                            or per-smb connection option in the protocol */
1314                         /* vol->secFlg |= CIFSSEC_MUST_SEAL; */
1315                         vol->seal = 1;
1316                 } else if (strnicmp(data, "direct", 6) == 0) {
1317                         vol->direct_io = 1;
1318                 } else if (strnicmp(data, "forcedirectio", 13) == 0) {
1319                         vol->direct_io = 1;
1320                 } else if (strnicmp(data, "noac", 4) == 0) {
1321                         printk(KERN_WARNING "CIFS: Mount option noac not "
1322                                 "supported. Instead set "
1323                                 "/proc/fs/cifs/LookupCacheEnabled to 0\n");
1324                 } else if (strnicmp(data, "fsc", 3) == 0) {
1325 #ifndef CONFIG_CIFS_FSCACHE
1326                         cERROR(1, "FS-Cache support needs CONFIG_CIFS_FSCACHE"
1327                                   "kernel config option set");
1328                         return 1;
1329 #endif
1330                         vol->fsc = true;
1331                 } else if (strnicmp(data, "mfsymlinks", 10) == 0) {
1332                         vol->mfsymlinks = true;
1333                 } else if (strnicmp(data, "multiuser", 8) == 0) {
1334                         vol->multiuser = true;
1335                 } else
1336                         printk(KERN_WARNING "CIFS: Unknown mount option %s\n",
1337                                                 data);
1338         }
1339         if (vol->UNC == NULL) {
1340                 if (devname == NULL) {
1341                         printk(KERN_WARNING "CIFS: Missing UNC name for mount "
1342                                                 "target\n");
1343                         return 1;
1344                 }
1345                 if ((temp_len = strnlen(devname, 300)) < 300) {
1346                         vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1347                         if (vol->UNC == NULL)
1348                                 return 1;
1349                         strcpy(vol->UNC, devname);
1350                         if (strncmp(vol->UNC, "//", 2) == 0) {
1351                                 vol->UNC[0] = '\\';
1352                                 vol->UNC[1] = '\\';
1353                         } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1354                                 printk(KERN_WARNING "CIFS: UNC Path does not "
1355                                                     "begin with // or \\\\ \n");
1356                                 return 1;
1357                         }
1358                         value = strpbrk(vol->UNC+2, "/\\");
1359                         if (value)
1360                                 *value = '\\';
1361                 } else {
1362                         printk(KERN_WARNING "CIFS: UNC name too long\n");
1363                         return 1;
1364                 }
1365         }
1366
1367         if (vol->multiuser && !(vol->secFlg & CIFSSEC_MAY_KRB5)) {
1368                 cERROR(1, "Multiuser mounts currently require krb5 "
1369                           "authentication!");
1370                 return 1;
1371         }
1372
1373         if (vol->UNCip == NULL)
1374                 vol->UNCip = &vol->UNC[2];
1375
1376         if (uid_specified)
1377                 vol->override_uid = override_uid;
1378         else if (override_uid == 1)
1379                 printk(KERN_NOTICE "CIFS: ignoring forceuid mount option "
1380                                    "specified with no uid= option.\n");
1381
1382         if (gid_specified)
1383                 vol->override_gid = override_gid;
1384         else if (override_gid == 1)
1385                 printk(KERN_NOTICE "CIFS: ignoring forcegid mount option "
1386                                    "specified with no gid= option.\n");
1387
1388         return 0;
1389 }
1390
1391 /** Returns true if srcaddr isn't specified and rhs isn't
1392  * specified, or if srcaddr is specified and
1393  * matches the IP address of the rhs argument.
1394  */
1395 static bool
1396 srcip_matches(struct sockaddr *srcaddr, struct sockaddr *rhs)
1397 {
1398         switch (srcaddr->sa_family) {
1399         case AF_UNSPEC:
1400                 return (rhs->sa_family == AF_UNSPEC);
1401         case AF_INET: {
1402                 struct sockaddr_in *saddr4 = (struct sockaddr_in *)srcaddr;
1403                 struct sockaddr_in *vaddr4 = (struct sockaddr_in *)rhs;
1404                 return (saddr4->sin_addr.s_addr == vaddr4->sin_addr.s_addr);
1405         }
1406         case AF_INET6: {
1407                 struct sockaddr_in6 *saddr6 = (struct sockaddr_in6 *)srcaddr;
1408                 struct sockaddr_in6 *vaddr6 = (struct sockaddr_in6 *)&rhs;
1409                 return ipv6_addr_equal(&saddr6->sin6_addr, &vaddr6->sin6_addr);
1410         }
1411         default:
1412                 WARN_ON(1);
1413                 return false; /* don't expect to be here */
1414         }
1415 }
1416
1417 /*
1418  * If no port is specified in addr structure, we try to match with 445 port
1419  * and if it fails - with 139 ports. It should be called only if address
1420  * families of server and addr are equal.
1421  */
1422 static bool
1423 match_port(struct TCP_Server_Info *server, struct sockaddr *addr)
1424 {
1425         unsigned short int port, *sport;
1426
1427         switch (addr->sa_family) {
1428         case AF_INET:
1429                 sport = &((struct sockaddr_in *) &server->dstaddr)->sin_port;
1430                 port = ((struct sockaddr_in *) addr)->sin_port;
1431                 break;
1432         case AF_INET6:
1433                 sport = &((struct sockaddr_in6 *) &server->dstaddr)->sin6_port;
1434                 port = ((struct sockaddr_in6 *) addr)->sin6_port;
1435                 break;
1436         default:
1437                 WARN_ON(1);
1438                 return false;
1439         }
1440
1441         if (!port) {
1442                 port = htons(CIFS_PORT);
1443                 if (port == *sport)
1444                         return true;
1445
1446                 port = htons(RFC1001_PORT);
1447         }
1448
1449         return port == *sport;
1450 }
1451
1452 static bool
1453 match_address(struct TCP_Server_Info *server, struct sockaddr *addr,
1454               struct sockaddr *srcaddr)
1455 {
1456         switch (addr->sa_family) {
1457         case AF_INET: {
1458                 struct sockaddr_in *addr4 = (struct sockaddr_in *)addr;
1459                 struct sockaddr_in *srv_addr4 =
1460                                         (struct sockaddr_in *)&server->dstaddr;
1461
1462                 if (addr4->sin_addr.s_addr != srv_addr4->sin_addr.s_addr)
1463                         return false;
1464                 break;
1465         }
1466         case AF_INET6: {
1467                 struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)addr;
1468                 struct sockaddr_in6 *srv_addr6 =
1469                                         (struct sockaddr_in6 *)&server->dstaddr;
1470
1471                 if (!ipv6_addr_equal(&addr6->sin6_addr,
1472                                      &srv_addr6->sin6_addr))
1473                         return false;
1474                 if (addr6->sin6_scope_id != srv_addr6->sin6_scope_id)
1475                         return false;
1476                 break;
1477         }
1478         default:
1479                 WARN_ON(1);
1480                 return false; /* don't expect to be here */
1481         }
1482
1483         if (!srcip_matches(srcaddr, (struct sockaddr *)&server->srcaddr))
1484                 return false;
1485
1486         return true;
1487 }
1488
1489 static bool
1490 match_security(struct TCP_Server_Info *server, struct smb_vol *vol)
1491 {
1492         unsigned int secFlags;
1493
1494         if (vol->secFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL)))
1495                 secFlags = vol->secFlg;
1496         else
1497                 secFlags = global_secflags | vol->secFlg;
1498
1499         switch (server->secType) {
1500         case LANMAN:
1501                 if (!(secFlags & (CIFSSEC_MAY_LANMAN|CIFSSEC_MAY_PLNTXT)))
1502                         return false;
1503                 break;
1504         case NTLMv2:
1505                 if (!(secFlags & CIFSSEC_MAY_NTLMV2))
1506                         return false;
1507                 break;
1508         case NTLM:
1509                 if (!(secFlags & CIFSSEC_MAY_NTLM))
1510                         return false;
1511                 break;
1512         case Kerberos:
1513                 if (!(secFlags & CIFSSEC_MAY_KRB5))
1514                         return false;
1515                 break;
1516         case RawNTLMSSP:
1517                 if (!(secFlags & CIFSSEC_MAY_NTLMSSP))
1518                         return false;
1519                 break;
1520         default:
1521                 /* shouldn't happen */
1522                 return false;
1523         }
1524
1525         /* now check if signing mode is acceptible */
1526         if ((secFlags & CIFSSEC_MAY_SIGN) == 0 &&
1527             (server->secMode & SECMODE_SIGN_REQUIRED))
1528                         return false;
1529         else if (((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) &&
1530                  (server->secMode &
1531                   (SECMODE_SIGN_ENABLED|SECMODE_SIGN_REQUIRED)) == 0)
1532                         return false;
1533
1534         return true;
1535 }
1536
1537 static struct TCP_Server_Info *
1538 cifs_find_tcp_session(struct sockaddr *addr, struct smb_vol *vol)
1539 {
1540         struct TCP_Server_Info *server;
1541
1542         spin_lock(&cifs_tcp_ses_lock);
1543         list_for_each_entry(server, &cifs_tcp_ses_list, tcp_ses_list) {
1544                 if (!match_address(server, addr,
1545                                    (struct sockaddr *)&vol->srcaddr))
1546                         continue;
1547
1548                 if (!match_port(server, addr))
1549                         continue;
1550
1551                 if (!match_security(server, vol))
1552                         continue;
1553
1554                 ++server->srv_count;
1555                 spin_unlock(&cifs_tcp_ses_lock);
1556                 cFYI(1, "Existing tcp session with server found");
1557                 return server;
1558         }
1559         spin_unlock(&cifs_tcp_ses_lock);
1560         return NULL;
1561 }
1562
1563 static void
1564 cifs_put_tcp_session(struct TCP_Server_Info *server)
1565 {
1566         struct task_struct *task;
1567
1568         spin_lock(&cifs_tcp_ses_lock);
1569         if (--server->srv_count > 0) {
1570                 spin_unlock(&cifs_tcp_ses_lock);
1571                 return;
1572         }
1573
1574         list_del_init(&server->tcp_ses_list);
1575         spin_unlock(&cifs_tcp_ses_lock);
1576
1577         spin_lock(&GlobalMid_Lock);
1578         server->tcpStatus = CifsExiting;
1579         spin_unlock(&GlobalMid_Lock);
1580
1581         cifs_crypto_shash_release(server);
1582         cifs_fscache_release_client_cookie(server);
1583
1584         kfree(server->session_key.response);
1585         server->session_key.response = NULL;
1586         server->session_key.len = 0;
1587
1588         task = xchg(&server->tsk, NULL);
1589         if (task)
1590                 force_sig(SIGKILL, task);
1591 }
1592
1593 static struct TCP_Server_Info *
1594 cifs_get_tcp_session(struct smb_vol *volume_info)
1595 {
1596         struct TCP_Server_Info *tcp_ses = NULL;
1597         struct sockaddr_storage addr;
1598         struct sockaddr_in *sin_server = (struct sockaddr_in *) &addr;
1599         struct sockaddr_in6 *sin_server6 = (struct sockaddr_in6 *) &addr;
1600         int rc;
1601
1602         memset(&addr, 0, sizeof(struct sockaddr_storage));
1603
1604         cFYI(1, "UNC: %s ip: %s", volume_info->UNC, volume_info->UNCip);
1605
1606         if (volume_info->UNCip && volume_info->UNC) {
1607                 rc = cifs_fill_sockaddr((struct sockaddr *)&addr,
1608                                         volume_info->UNCip,
1609                                         strlen(volume_info->UNCip),
1610                                         volume_info->port);
1611                 if (!rc) {
1612                         /* we failed translating address */
1613                         rc = -EINVAL;
1614                         goto out_err;
1615                 }
1616         } else if (volume_info->UNCip) {
1617                 /* BB using ip addr as tcp_ses name to connect to the
1618                    DFS root below */
1619                 cERROR(1, "Connecting to DFS root not implemented yet");
1620                 rc = -EINVAL;
1621                 goto out_err;
1622         } else /* which tcp_sess DFS root would we conect to */ {
1623                 cERROR(1, "CIFS mount error: No UNC path (e.g. -o "
1624                         "unc=//192.168.1.100/public) specified");
1625                 rc = -EINVAL;
1626                 goto out_err;
1627         }
1628
1629         /* see if we already have a matching tcp_ses */
1630         tcp_ses = cifs_find_tcp_session((struct sockaddr *)&addr, volume_info);
1631         if (tcp_ses)
1632                 return tcp_ses;
1633
1634         tcp_ses = kzalloc(sizeof(struct TCP_Server_Info), GFP_KERNEL);
1635         if (!tcp_ses) {
1636                 rc = -ENOMEM;
1637                 goto out_err;
1638         }
1639
1640         rc = cifs_crypto_shash_allocate(tcp_ses);
1641         if (rc) {
1642                 cERROR(1, "could not setup hash structures rc %d", rc);
1643                 goto out_err;
1644         }
1645
1646         tcp_ses->hostname = extract_hostname(volume_info->UNC);
1647         if (IS_ERR(tcp_ses->hostname)) {
1648                 rc = PTR_ERR(tcp_ses->hostname);
1649                 goto out_err_crypto_release;
1650         }
1651
1652         tcp_ses->noblocksnd = volume_info->noblocksnd;
1653         tcp_ses->noautotune = volume_info->noautotune;
1654         tcp_ses->tcp_nodelay = volume_info->sockopt_tcp_nodelay;
1655         atomic_set(&tcp_ses->inFlight, 0);
1656         init_waitqueue_head(&tcp_ses->response_q);
1657         init_waitqueue_head(&tcp_ses->request_q);
1658         INIT_LIST_HEAD(&tcp_ses->pending_mid_q);
1659         mutex_init(&tcp_ses->srv_mutex);
1660         memcpy(tcp_ses->workstation_RFC1001_name,
1661                 volume_info->source_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1662         memcpy(tcp_ses->server_RFC1001_name,
1663                 volume_info->target_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1664         tcp_ses->session_estab = false;
1665         tcp_ses->sequence_number = 0;
1666         INIT_LIST_HEAD(&tcp_ses->tcp_ses_list);
1667         INIT_LIST_HEAD(&tcp_ses->smb_ses_list);
1668
1669         /*
1670          * at this point we are the only ones with the pointer
1671          * to the struct since the kernel thread not created yet
1672          * no need to spinlock this init of tcpStatus or srv_count
1673          */
1674         tcp_ses->tcpStatus = CifsNew;
1675         memcpy(&tcp_ses->srcaddr, &volume_info->srcaddr,
1676                sizeof(tcp_ses->srcaddr));
1677         ++tcp_ses->srv_count;
1678
1679         if (addr.ss_family == AF_INET6) {
1680                 cFYI(1, "attempting ipv6 connect");
1681                 /* BB should we allow ipv6 on port 139? */
1682                 /* other OS never observed in Wild doing 139 with v6 */
1683                 memcpy(&tcp_ses->dstaddr, sin_server6,
1684                        sizeof(struct sockaddr_in6));
1685         } else
1686                 memcpy(&tcp_ses->dstaddr, sin_server,
1687                        sizeof(struct sockaddr_in));
1688
1689         rc = ip_connect(tcp_ses);
1690         if (rc < 0) {
1691                 cERROR(1, "Error connecting to socket. Aborting operation");
1692                 goto out_err_crypto_release;
1693         }
1694
1695         /*
1696          * since we're in a cifs function already, we know that
1697          * this will succeed. No need for try_module_get().
1698          */
1699         __module_get(THIS_MODULE);
1700         tcp_ses->tsk = kthread_run((void *)(void *)cifs_demultiplex_thread,
1701                                   tcp_ses, "cifsd");
1702         if (IS_ERR(tcp_ses->tsk)) {
1703                 rc = PTR_ERR(tcp_ses->tsk);
1704                 cERROR(1, "error %d create cifsd thread", rc);
1705                 module_put(THIS_MODULE);
1706                 goto out_err_crypto_release;
1707         }
1708
1709         /* thread spawned, put it on the list */
1710         spin_lock(&cifs_tcp_ses_lock);
1711         list_add(&tcp_ses->tcp_ses_list, &cifs_tcp_ses_list);
1712         spin_unlock(&cifs_tcp_ses_lock);
1713
1714         cifs_fscache_get_client_cookie(tcp_ses);
1715
1716         return tcp_ses;
1717
1718 out_err_crypto_release:
1719         cifs_crypto_shash_release(tcp_ses);
1720
1721 out_err:
1722         if (tcp_ses) {
1723                 if (!IS_ERR(tcp_ses->hostname))
1724                         kfree(tcp_ses->hostname);
1725                 if (tcp_ses->ssocket)
1726                         sock_release(tcp_ses->ssocket);
1727                 kfree(tcp_ses);
1728         }
1729         return ERR_PTR(rc);
1730 }
1731
1732 static struct cifsSesInfo *
1733 cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb_vol *vol)
1734 {
1735         struct cifsSesInfo *ses;
1736
1737         spin_lock(&cifs_tcp_ses_lock);
1738         list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
1739                 switch (server->secType) {
1740                 case Kerberos:
1741                         if (vol->cred_uid != ses->cred_uid)
1742                                 continue;
1743                         break;
1744                 default:
1745                         /* anything else takes username/password */
1746                         if (strncmp(ses->userName, vol->username,
1747                                     MAX_USERNAME_SIZE))
1748                                 continue;
1749                         if (strlen(vol->username) != 0 &&
1750                             ses->password != NULL &&
1751                             strncmp(ses->password,
1752                                     vol->password ? vol->password : "",
1753                                     MAX_PASSWORD_SIZE))
1754                                 continue;
1755                 }
1756                 ++ses->ses_count;
1757                 spin_unlock(&cifs_tcp_ses_lock);
1758                 return ses;
1759         }
1760         spin_unlock(&cifs_tcp_ses_lock);
1761         return NULL;
1762 }
1763
1764 static void
1765 cifs_put_smb_ses(struct cifsSesInfo *ses)
1766 {
1767         int xid;
1768         struct TCP_Server_Info *server = ses->server;
1769
1770         cFYI(1, "%s: ses_count=%d\n", __func__, ses->ses_count);
1771         spin_lock(&cifs_tcp_ses_lock);
1772         if (--ses->ses_count > 0) {
1773                 spin_unlock(&cifs_tcp_ses_lock);
1774                 return;
1775         }
1776
1777         list_del_init(&ses->smb_ses_list);
1778         spin_unlock(&cifs_tcp_ses_lock);
1779
1780         if (ses->status == CifsGood) {
1781                 xid = GetXid();
1782                 CIFSSMBLogoff(xid, ses);
1783                 _FreeXid(xid);
1784         }
1785         sesInfoFree(ses);
1786         cifs_put_tcp_session(server);
1787 }
1788
1789 static struct cifsSesInfo *
1790 cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb_vol *volume_info)
1791 {
1792         int rc = -ENOMEM, xid;
1793         struct cifsSesInfo *ses;
1794         struct sockaddr_in *addr = (struct sockaddr_in *)&server->dstaddr;
1795         struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)&server->dstaddr;
1796
1797         xid = GetXid();
1798
1799         ses = cifs_find_smb_ses(server, volume_info);
1800         if (ses) {
1801                 cFYI(1, "Existing smb sess found (status=%d)", ses->status);
1802
1803                 mutex_lock(&ses->session_mutex);
1804                 rc = cifs_negotiate_protocol(xid, ses);
1805                 if (rc) {
1806                         mutex_unlock(&ses->session_mutex);
1807                         /* problem -- put our ses reference */
1808                         cifs_put_smb_ses(ses);
1809                         FreeXid(xid);
1810                         return ERR_PTR(rc);
1811                 }
1812                 if (ses->need_reconnect) {
1813                         cFYI(1, "Session needs reconnect");
1814                         rc = cifs_setup_session(xid, ses,
1815                                                 volume_info->local_nls);
1816                         if (rc) {
1817                                 mutex_unlock(&ses->session_mutex);
1818                                 /* problem -- put our reference */
1819                                 cifs_put_smb_ses(ses);
1820                                 FreeXid(xid);
1821                                 return ERR_PTR(rc);
1822                         }
1823                 }
1824                 mutex_unlock(&ses->session_mutex);
1825
1826                 /* existing SMB ses has a server reference already */
1827                 cifs_put_tcp_session(server);
1828                 FreeXid(xid);
1829                 return ses;
1830         }
1831
1832         cFYI(1, "Existing smb sess not found");
1833         ses = sesInfoAlloc();
1834         if (ses == NULL)
1835                 goto get_ses_fail;
1836
1837         /* new SMB session uses our server ref */
1838         ses->server = server;
1839         if (server->dstaddr.ss_family == AF_INET6)
1840                 sprintf(ses->serverName, "%pI6", &addr6->sin6_addr);
1841         else
1842                 sprintf(ses->serverName, "%pI4", &addr->sin_addr);
1843
1844         if (volume_info->username)
1845                 strncpy(ses->userName, volume_info->username,
1846                         MAX_USERNAME_SIZE);
1847
1848         /* volume_info->password freed at unmount */
1849         if (volume_info->password) {
1850                 ses->password = kstrdup(volume_info->password, GFP_KERNEL);
1851                 if (!ses->password)
1852                         goto get_ses_fail;
1853         }
1854         if (volume_info->domainname) {
1855                 ses->domainName = kstrdup(volume_info->domainname, GFP_KERNEL);
1856                 if (!ses->domainName)
1857                         goto get_ses_fail;
1858         }
1859         ses->cred_uid = volume_info->cred_uid;
1860         ses->linux_uid = volume_info->linux_uid;
1861         ses->overrideSecFlg = volume_info->secFlg;
1862
1863         mutex_lock(&ses->session_mutex);
1864         rc = cifs_negotiate_protocol(xid, ses);
1865         if (!rc)
1866                 rc = cifs_setup_session(xid, ses, volume_info->local_nls);
1867         mutex_unlock(&ses->session_mutex);
1868         if (rc)
1869                 goto get_ses_fail;
1870
1871         /* success, put it on the list */
1872         spin_lock(&cifs_tcp_ses_lock);
1873         list_add(&ses->smb_ses_list, &server->smb_ses_list);
1874         spin_unlock(&cifs_tcp_ses_lock);
1875
1876         FreeXid(xid);
1877         return ses;
1878
1879 get_ses_fail:
1880         sesInfoFree(ses);
1881         FreeXid(xid);
1882         return ERR_PTR(rc);
1883 }
1884
1885 static struct cifsTconInfo *
1886 cifs_find_tcon(struct cifsSesInfo *ses, const char *unc)
1887 {
1888         struct list_head *tmp;
1889         struct cifsTconInfo *tcon;
1890
1891         spin_lock(&cifs_tcp_ses_lock);
1892         list_for_each(tmp, &ses->tcon_list) {
1893                 tcon = list_entry(tmp, struct cifsTconInfo, tcon_list);
1894                 if (tcon->tidStatus == CifsExiting)
1895                         continue;
1896                 if (strncmp(tcon->treeName, unc, MAX_TREE_SIZE))
1897                         continue;
1898
1899                 ++tcon->tc_count;
1900                 spin_unlock(&cifs_tcp_ses_lock);
1901                 return tcon;
1902         }
1903         spin_unlock(&cifs_tcp_ses_lock);
1904         return NULL;
1905 }
1906
1907 static void
1908 cifs_put_tcon(struct cifsTconInfo *tcon)
1909 {
1910         int xid;
1911         struct cifsSesInfo *ses = tcon->ses;
1912
1913         cFYI(1, "%s: tc_count=%d\n", __func__, tcon->tc_count);
1914         spin_lock(&cifs_tcp_ses_lock);
1915         if (--tcon->tc_count > 0) {
1916                 spin_unlock(&cifs_tcp_ses_lock);
1917                 return;
1918         }
1919
1920         list_del_init(&tcon->tcon_list);
1921         spin_unlock(&cifs_tcp_ses_lock);
1922
1923         xid = GetXid();
1924         CIFSSMBTDis(xid, tcon);
1925         _FreeXid(xid);
1926
1927         cifs_fscache_release_super_cookie(tcon);
1928         tconInfoFree(tcon);
1929         cifs_put_smb_ses(ses);
1930 }
1931
1932 static struct cifsTconInfo *
1933 cifs_get_tcon(struct cifsSesInfo *ses, struct smb_vol *volume_info)
1934 {
1935         int rc, xid;
1936         struct cifsTconInfo *tcon;
1937
1938         tcon = cifs_find_tcon(ses, volume_info->UNC);
1939         if (tcon) {
1940                 cFYI(1, "Found match on UNC path");
1941                 /* existing tcon already has a reference */
1942                 cifs_put_smb_ses(ses);
1943                 if (tcon->seal != volume_info->seal)
1944                         cERROR(1, "transport encryption setting "
1945                                    "conflicts with existing tid");
1946                 return tcon;
1947         }
1948
1949         tcon = tconInfoAlloc();
1950         if (tcon == NULL) {
1951                 rc = -ENOMEM;
1952                 goto out_fail;
1953         }
1954
1955         tcon->ses = ses;
1956         if (volume_info->password) {
1957                 tcon->password = kstrdup(volume_info->password, GFP_KERNEL);
1958                 if (!tcon->password) {
1959                         rc = -ENOMEM;
1960                         goto out_fail;
1961                 }
1962         }
1963
1964         if (strchr(volume_info->UNC + 3, '\\') == NULL
1965             && strchr(volume_info->UNC + 3, '/') == NULL) {
1966                 cERROR(1, "Missing share name");
1967                 rc = -ENODEV;
1968                 goto out_fail;
1969         }
1970
1971         /* BB Do we need to wrap session_mutex around
1972          * this TCon call and Unix SetFS as
1973          * we do on SessSetup and reconnect? */
1974         xid = GetXid();
1975         rc = CIFSTCon(xid, ses, volume_info->UNC, tcon, volume_info->local_nls);
1976         FreeXid(xid);
1977         cFYI(1, "CIFS Tcon rc = %d", rc);
1978         if (rc)
1979                 goto out_fail;
1980
1981         if (volume_info->nodfs) {
1982                 tcon->Flags &= ~SMB_SHARE_IS_IN_DFS;
1983                 cFYI(1, "DFS disabled (%d)", tcon->Flags);
1984         }
1985         tcon->seal = volume_info->seal;
1986         /* we can have only one retry value for a connection
1987            to a share so for resources mounted more than once
1988            to the same server share the last value passed in
1989            for the retry flag is used */
1990         tcon->retry = volume_info->retry;
1991         tcon->nocase = volume_info->nocase;
1992         tcon->local_lease = volume_info->local_lease;
1993
1994         spin_lock(&cifs_tcp_ses_lock);
1995         list_add(&tcon->tcon_list, &ses->tcon_list);
1996         spin_unlock(&cifs_tcp_ses_lock);
1997
1998         cifs_fscache_get_super_cookie(tcon);
1999
2000         return tcon;
2001
2002 out_fail:
2003         tconInfoFree(tcon);
2004         return ERR_PTR(rc);
2005 }
2006
2007 void
2008 cifs_put_tlink(struct tcon_link *tlink)
2009 {
2010         if (!tlink || IS_ERR(tlink))
2011                 return;
2012
2013         if (!atomic_dec_and_test(&tlink->tl_count) ||
2014             test_bit(TCON_LINK_IN_TREE, &tlink->tl_flags)) {
2015                 tlink->tl_time = jiffies;
2016                 return;
2017         }
2018
2019         if (!IS_ERR(tlink_tcon(tlink)))
2020                 cifs_put_tcon(tlink_tcon(tlink));
2021         kfree(tlink);
2022         return;
2023 }
2024
2025 int
2026 get_dfs_path(int xid, struct cifsSesInfo *pSesInfo, const char *old_path,
2027              const struct nls_table *nls_codepage, unsigned int *pnum_referrals,
2028              struct dfs_info3_param **preferrals, int remap)
2029 {
2030         char *temp_unc;
2031         int rc = 0;
2032
2033         *pnum_referrals = 0;
2034         *preferrals = NULL;
2035
2036         if (pSesInfo->ipc_tid == 0) {
2037                 temp_unc = kmalloc(2 /* for slashes */ +
2038                         strnlen(pSesInfo->serverName,
2039                                 SERVER_NAME_LEN_WITH_NULL * 2)
2040                                  + 1 + 4 /* slash IPC$ */  + 2,
2041                                 GFP_KERNEL);
2042                 if (temp_unc == NULL)
2043                         return -ENOMEM;
2044                 temp_unc[0] = '\\';
2045                 temp_unc[1] = '\\';
2046                 strcpy(temp_unc + 2, pSesInfo->serverName);
2047                 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
2048                 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
2049                 cFYI(1, "CIFS Tcon rc = %d ipc_tid = %d", rc, pSesInfo->ipc_tid);
2050                 kfree(temp_unc);
2051         }
2052         if (rc == 0)
2053                 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
2054                                      pnum_referrals, nls_codepage, remap);
2055         /* BB map targetUNCs to dfs_info3 structures, here or
2056                 in CIFSGetDFSRefer BB */
2057
2058         return rc;
2059 }
2060
2061 #ifdef CONFIG_DEBUG_LOCK_ALLOC
2062 static struct lock_class_key cifs_key[2];
2063 static struct lock_class_key cifs_slock_key[2];
2064
2065 static inline void
2066 cifs_reclassify_socket4(struct socket *sock)
2067 {
2068         struct sock *sk = sock->sk;
2069         BUG_ON(sock_owned_by_user(sk));
2070         sock_lock_init_class_and_name(sk, "slock-AF_INET-CIFS",
2071                 &cifs_slock_key[0], "sk_lock-AF_INET-CIFS", &cifs_key[0]);
2072 }
2073
2074 static inline void
2075 cifs_reclassify_socket6(struct socket *sock)
2076 {
2077         struct sock *sk = sock->sk;
2078         BUG_ON(sock_owned_by_user(sk));
2079         sock_lock_init_class_and_name(sk, "slock-AF_INET6-CIFS",
2080                 &cifs_slock_key[1], "sk_lock-AF_INET6-CIFS", &cifs_key[1]);
2081 }
2082 #else
2083 static inline void
2084 cifs_reclassify_socket4(struct socket *sock)
2085 {
2086 }
2087
2088 static inline void
2089 cifs_reclassify_socket6(struct socket *sock)
2090 {
2091 }
2092 #endif
2093
2094 /* See RFC1001 section 14 on representation of Netbios names */
2095 static void rfc1002mangle(char *target, char *source, unsigned int length)
2096 {
2097         unsigned int i, j;
2098
2099         for (i = 0, j = 0; i < (length); i++) {
2100                 /* mask a nibble at a time and encode */
2101                 target[j] = 'A' + (0x0F & (source[i] >> 4));
2102                 target[j+1] = 'A' + (0x0F & source[i]);
2103                 j += 2;
2104         }
2105
2106 }
2107
2108 static int
2109 bind_socket(struct TCP_Server_Info *server)
2110 {
2111         int rc = 0;
2112         if (server->srcaddr.ss_family != AF_UNSPEC) {
2113                 /* Bind to the specified local IP address */
2114                 struct socket *socket = server->ssocket;
2115                 rc = socket->ops->bind(socket,
2116                                        (struct sockaddr *) &server->srcaddr,
2117                                        sizeof(server->srcaddr));
2118                 if (rc < 0) {
2119                         struct sockaddr_in *saddr4;
2120                         struct sockaddr_in6 *saddr6;
2121                         saddr4 = (struct sockaddr_in *)&server->srcaddr;
2122                         saddr6 = (struct sockaddr_in6 *)&server->srcaddr;
2123                         if (saddr6->sin6_family == AF_INET6)
2124                                 cERROR(1, "cifs: "
2125                                        "Failed to bind to: %pI6c, error: %d\n",
2126                                        &saddr6->sin6_addr, rc);
2127                         else
2128                                 cERROR(1, "cifs: "
2129                                        "Failed to bind to: %pI4, error: %d\n",
2130                                        &saddr4->sin_addr.s_addr, rc);
2131                 }
2132         }
2133         return rc;
2134 }
2135
2136 static int
2137 ip_rfc1001_connect(struct TCP_Server_Info *server)
2138 {
2139         int rc = 0;
2140         /*
2141          * some servers require RFC1001 sessinit before sending
2142          * negprot - BB check reconnection in case where second
2143          * sessinit is sent but no second negprot
2144          */
2145         struct rfc1002_session_packet *ses_init_buf;
2146         struct smb_hdr *smb_buf;
2147         ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet),
2148                                GFP_KERNEL);
2149         if (ses_init_buf) {
2150                 ses_init_buf->trailer.session_req.called_len = 32;
2151
2152                 if (server->server_RFC1001_name &&
2153                     server->server_RFC1001_name[0] != 0)
2154                         rfc1002mangle(ses_init_buf->trailer.
2155                                       session_req.called_name,
2156                                       server->server_RFC1001_name,
2157                                       RFC1001_NAME_LEN_WITH_NULL);
2158                 else
2159                         rfc1002mangle(ses_init_buf->trailer.
2160                                       session_req.called_name,
2161                                       DEFAULT_CIFS_CALLED_NAME,
2162                                       RFC1001_NAME_LEN_WITH_NULL);
2163
2164                 ses_init_buf->trailer.session_req.calling_len = 32;
2165
2166                 /*
2167                  * calling name ends in null (byte 16) from old smb
2168                  * convention.
2169                  */
2170                 if (server->workstation_RFC1001_name &&
2171                     server->workstation_RFC1001_name[0] != 0)
2172                         rfc1002mangle(ses_init_buf->trailer.
2173                                       session_req.calling_name,
2174                                       server->workstation_RFC1001_name,
2175                                       RFC1001_NAME_LEN_WITH_NULL);
2176                 else
2177                         rfc1002mangle(ses_init_buf->trailer.
2178                                       session_req.calling_name,
2179                                       "LINUX_CIFS_CLNT",
2180                                       RFC1001_NAME_LEN_WITH_NULL);
2181
2182                 ses_init_buf->trailer.session_req.scope1 = 0;
2183                 ses_init_buf->trailer.session_req.scope2 = 0;
2184                 smb_buf = (struct smb_hdr *)ses_init_buf;
2185
2186                 /* sizeof RFC1002_SESSION_REQUEST with no scope */
2187                 smb_buf->smb_buf_length = 0x81000044;
2188                 rc = smb_send(server, smb_buf, 0x44);
2189                 kfree(ses_init_buf);
2190                 /*
2191                  * RFC1001 layer in at least one server
2192                  * requires very short break before negprot
2193                  * presumably because not expecting negprot
2194                  * to follow so fast.  This is a simple
2195                  * solution that works without
2196                  * complicating the code and causes no
2197                  * significant slowing down on mount
2198                  * for everyone else
2199                  */
2200                 usleep_range(1000, 2000);
2201         }
2202         /*
2203          * else the negprot may still work without this
2204          * even though malloc failed
2205          */
2206
2207         return rc;
2208 }
2209
2210 static int
2211 generic_ip_connect(struct TCP_Server_Info *server)
2212 {
2213         int rc = 0;
2214         unsigned short int sport;
2215         int slen, sfamily;
2216         struct socket *socket = server->ssocket;
2217         struct sockaddr *saddr;
2218
2219         saddr = (struct sockaddr *) &server->dstaddr;
2220
2221         if (server->dstaddr.ss_family == AF_INET6) {
2222                 sport = ((struct sockaddr_in6 *) saddr)->sin6_port;
2223                 slen = sizeof(struct sockaddr_in6);
2224                 sfamily = AF_INET6;
2225         } else {
2226                 sport = ((struct sockaddr_in *) saddr)->sin_port;
2227                 slen = sizeof(struct sockaddr_in);
2228                 sfamily = AF_INET;
2229         }
2230
2231         if (socket == NULL) {
2232                 rc = sock_create_kern(sfamily, SOCK_STREAM,
2233                                       IPPROTO_TCP, &socket);
2234                 if (rc < 0) {
2235                         cERROR(1, "Error %d creating socket", rc);
2236                         server->ssocket = NULL;
2237                         return rc;
2238                 }
2239
2240                 /* BB other socket options to set KEEPALIVE, NODELAY? */
2241                 cFYI(1, "Socket created");
2242                 server->ssocket = socket;
2243                 socket->sk->sk_allocation = GFP_NOFS;
2244                 if (sfamily == AF_INET6)
2245                         cifs_reclassify_socket6(socket);
2246                 else
2247                         cifs_reclassify_socket4(socket);
2248         }
2249
2250         rc = bind_socket(server);
2251         if (rc < 0)
2252                 return rc;
2253
2254         rc = socket->ops->connect(socket, saddr, slen, 0);
2255         if (rc < 0) {
2256                 cFYI(1, "Error %d connecting to server", rc);
2257                 sock_release(socket);
2258                 server->ssocket = NULL;
2259                 return rc;
2260         }
2261
2262         /*
2263          * Eventually check for other socket options to change from
2264          * the default. sock_setsockopt not used because it expects
2265          * user space buffer
2266          */
2267         socket->sk->sk_rcvtimeo = 7 * HZ;
2268         socket->sk->sk_sndtimeo = 5 * HZ;
2269
2270         /* make the bufsizes depend on wsize/rsize and max requests */
2271         if (server->noautotune) {
2272                 if (socket->sk->sk_sndbuf < (200 * 1024))
2273                         socket->sk->sk_sndbuf = 200 * 1024;
2274                 if (socket->sk->sk_rcvbuf < (140 * 1024))
2275                         socket->sk->sk_rcvbuf = 140 * 1024;
2276         }
2277
2278         if (server->tcp_nodelay) {
2279                 int val = 1;
2280                 rc = kernel_setsockopt(socket, SOL_TCP, TCP_NODELAY,
2281                                 (char *)&val, sizeof(val));
2282                 if (rc)
2283                         cFYI(1, "set TCP_NODELAY socket option error %d", rc);
2284         }
2285
2286          cFYI(1, "sndbuf %d rcvbuf %d rcvtimeo 0x%lx",
2287                  socket->sk->sk_sndbuf,
2288                  socket->sk->sk_rcvbuf, socket->sk->sk_rcvtimeo);
2289
2290         if (sport == htons(RFC1001_PORT))
2291                 rc = ip_rfc1001_connect(server);
2292
2293         return rc;
2294 }
2295
2296 static int
2297 ip_connect(struct TCP_Server_Info *server)
2298 {
2299         unsigned short int *sport;
2300         struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)&server->dstaddr;
2301         struct sockaddr_in *addr = (struct sockaddr_in *)&server->dstaddr;
2302
2303         if (server->dstaddr.ss_family == AF_INET6)
2304                 sport = &addr6->sin6_port;
2305         else
2306                 sport = &addr->sin_port;
2307
2308         if (*sport == 0) {
2309                 int rc;
2310
2311                 /* try with 445 port at first */
2312                 *sport = htons(CIFS_PORT);
2313
2314                 rc = generic_ip_connect(server);
2315                 if (rc >= 0)
2316                         return rc;
2317
2318                 /* if it failed, try with 139 port */
2319                 *sport = htons(RFC1001_PORT);
2320         }
2321
2322         return generic_ip_connect(server);
2323 }
2324
2325 void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon,
2326                           struct super_block *sb, struct smb_vol *vol_info)
2327 {
2328         /* if we are reconnecting then should we check to see if
2329          * any requested capabilities changed locally e.g. via
2330          * remount but we can not do much about it here
2331          * if they have (even if we could detect it by the following)
2332          * Perhaps we could add a backpointer to array of sb from tcon
2333          * or if we change to make all sb to same share the same
2334          * sb as NFS - then we only have one backpointer to sb.
2335          * What if we wanted to mount the server share twice once with
2336          * and once without posixacls or posix paths? */
2337         __u64 saved_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
2338
2339         if (vol_info && vol_info->no_linux_ext) {
2340                 tcon->fsUnixInfo.Capability = 0;
2341                 tcon->unix_ext = 0; /* Unix Extensions disabled */
2342                 cFYI(1, "Linux protocol extensions disabled");
2343                 return;
2344         } else if (vol_info)
2345                 tcon->unix_ext = 1; /* Unix Extensions supported */
2346
2347         if (tcon->unix_ext == 0) {
2348                 cFYI(1, "Unix extensions disabled so not set on reconnect");
2349                 return;
2350         }
2351
2352         if (!CIFSSMBQFSUnixInfo(xid, tcon)) {
2353                 __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
2354
2355                 /* check for reconnect case in which we do not
2356                    want to change the mount behavior if we can avoid it */
2357                 if (vol_info == NULL) {
2358                         /* turn off POSIX ACL and PATHNAMES if not set
2359                            originally at mount time */
2360                         if ((saved_cap & CIFS_UNIX_POSIX_ACL_CAP) == 0)
2361                                 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2362                         if ((saved_cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2363                                 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2364                                         cERROR(1, "POSIXPATH support change");
2365                                 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2366                         } else if ((cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2367                                 cERROR(1, "possible reconnect error");
2368                                 cERROR(1, "server disabled POSIX path support");
2369                         }
2370                 }
2371
2372                 cap &= CIFS_UNIX_CAP_MASK;
2373                 if (vol_info && vol_info->no_psx_acl)
2374                         cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2375                 else if (CIFS_UNIX_POSIX_ACL_CAP & cap) {
2376                         cFYI(1, "negotiated posix acl support");
2377                         if (sb)
2378                                 sb->s_flags |= MS_POSIXACL;
2379                 }
2380
2381                 if (vol_info && vol_info->posix_paths == 0)
2382                         cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2383                 else if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
2384                         cFYI(1, "negotiate posix pathnames");
2385                         if (sb)
2386                                 CIFS_SB(sb)->mnt_cifs_flags |=
2387                                         CIFS_MOUNT_POSIX_PATHS;
2388                 }
2389
2390                 /* We might be setting the path sep back to a different
2391                 form if we are reconnecting and the server switched its
2392                 posix path capability for this share */
2393                 if (sb && (CIFS_SB(sb)->prepathlen > 0))
2394                         CIFS_SB(sb)->prepath[0] = CIFS_DIR_SEP(CIFS_SB(sb));
2395
2396                 if (sb && (CIFS_SB(sb)->rsize > 127 * 1024)) {
2397                         if ((cap & CIFS_UNIX_LARGE_READ_CAP) == 0) {
2398                                 CIFS_SB(sb)->rsize = 127 * 1024;
2399                                 cFYI(DBG2, "larger reads not supported by srv");
2400                         }
2401                 }
2402
2403
2404                 cFYI(1, "Negotiate caps 0x%x", (int)cap);
2405 #ifdef CONFIG_CIFS_DEBUG2
2406                 if (cap & CIFS_UNIX_FCNTL_CAP)
2407                         cFYI(1, "FCNTL cap");
2408                 if (cap & CIFS_UNIX_EXTATTR_CAP)
2409                         cFYI(1, "EXTATTR cap");
2410                 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2411                         cFYI(1, "POSIX path cap");
2412                 if (cap & CIFS_UNIX_XATTR_CAP)
2413                         cFYI(1, "XATTR cap");
2414                 if (cap & CIFS_UNIX_POSIX_ACL_CAP)
2415                         cFYI(1, "POSIX ACL cap");
2416                 if (cap & CIFS_UNIX_LARGE_READ_CAP)
2417                         cFYI(1, "very large read cap");
2418                 if (cap & CIFS_UNIX_LARGE_WRITE_CAP)
2419                         cFYI(1, "very large write cap");
2420 #endif /* CIFS_DEBUG2 */
2421                 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
2422                         if (vol_info == NULL) {
2423                                 cFYI(1, "resetting capabilities failed");
2424                         } else
2425                                 cERROR(1, "Negotiating Unix capabilities "
2426                                            "with the server failed.  Consider "
2427                                            "mounting with the Unix Extensions\n"
2428                                            "disabled, if problems are found, "
2429                                            "by specifying the nounix mount "
2430                                            "option.");
2431
2432                 }
2433         }
2434 }
2435
2436 static void
2437 convert_delimiter(char *path, char delim)
2438 {
2439         int i;
2440         char old_delim;
2441
2442         if (path == NULL)
2443                 return;
2444
2445         if (delim == '/')
2446                 old_delim = '\\';
2447         else
2448                 old_delim = '/';
2449
2450         for (i = 0; path[i] != '\0'; i++) {
2451                 if (path[i] == old_delim)
2452                         path[i] = delim;
2453         }
2454 }
2455
2456 static void setup_cifs_sb(struct smb_vol *pvolume_info,
2457                           struct cifs_sb_info *cifs_sb)
2458 {
2459         INIT_DELAYED_WORK(&cifs_sb->prune_tlinks, cifs_prune_tlinks);
2460
2461         if (pvolume_info->rsize > CIFSMaxBufSize) {
2462                 cERROR(1, "rsize %d too large, using MaxBufSize",
2463                         pvolume_info->rsize);
2464                 cifs_sb->rsize = CIFSMaxBufSize;
2465         } else if ((pvolume_info->rsize) &&
2466                         (pvolume_info->rsize <= CIFSMaxBufSize))
2467                 cifs_sb->rsize = pvolume_info->rsize;
2468         else /* default */
2469                 cifs_sb->rsize = CIFSMaxBufSize;
2470
2471         if (pvolume_info->wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
2472                 cERROR(1, "wsize %d too large, using 4096 instead",
2473                           pvolume_info->wsize);
2474                 cifs_sb->wsize = 4096;
2475         } else if (pvolume_info->wsize)
2476                 cifs_sb->wsize = pvolume_info->wsize;
2477         else
2478                 cifs_sb->wsize = min_t(const int,
2479                                         PAGEVEC_SIZE * PAGE_CACHE_SIZE,
2480                                         127*1024);
2481                 /* old default of CIFSMaxBufSize was too small now
2482                    that SMB Write2 can send multiple pages in kvec.
2483                    RFC1001 does not describe what happens when frame
2484                    bigger than 128K is sent so use that as max in
2485                    conjunction with 52K kvec constraint on arch with 4K
2486                    page size  */
2487
2488         if (cifs_sb->rsize < 2048) {
2489                 cifs_sb->rsize = 2048;
2490                 /* Windows ME may prefer this */
2491                 cFYI(1, "readsize set to minimum: 2048");
2492         }
2493         /* calculate prepath */
2494         cifs_sb->prepath = pvolume_info->prepath;
2495         if (cifs_sb->prepath) {
2496                 cifs_sb->prepathlen = strlen(cifs_sb->prepath);
2497                 /* we can not convert the / to \ in the path
2498                 separators in the prefixpath yet because we do not
2499                 know (until reset_cifs_unix_caps is called later)
2500                 whether POSIX PATH CAP is available. We normalize
2501                 the / to \ after reset_cifs_unix_caps is called */
2502                 pvolume_info->prepath = NULL;
2503         } else
2504                 cifs_sb->prepathlen = 0;
2505         cifs_sb->mnt_uid = pvolume_info->linux_uid;
2506         cifs_sb->mnt_gid = pvolume_info->linux_gid;
2507         cifs_sb->mnt_file_mode = pvolume_info->file_mode;
2508         cifs_sb->mnt_dir_mode = pvolume_info->dir_mode;
2509         cFYI(1, "file mode: 0x%x  dir mode: 0x%x",
2510                 cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode);
2511
2512         cifs_sb->actimeo = pvolume_info->actimeo;
2513
2514         if (pvolume_info->noperm)
2515                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
2516         if (pvolume_info->setuids)
2517                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
2518         if (pvolume_info->server_ino)
2519                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
2520         if (pvolume_info->remap)
2521                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
2522         if (pvolume_info->no_xattr)
2523                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
2524         if (pvolume_info->sfu_emul)
2525                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
2526         if (pvolume_info->nobrl)
2527                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
2528         if (pvolume_info->nostrictsync)
2529                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOSSYNC;
2530         if (pvolume_info->mand_lock)
2531                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOPOSIXBRL;
2532         if (pvolume_info->cifs_acl)
2533                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
2534         if (pvolume_info->override_uid)
2535                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
2536         if (pvolume_info->override_gid)
2537                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
2538         if (pvolume_info->dynperm)
2539                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DYNPERM;
2540         if (pvolume_info->fsc)
2541                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_FSCACHE;
2542         if (pvolume_info->multiuser)
2543                 cifs_sb->mnt_cifs_flags |= (CIFS_MOUNT_MULTIUSER |
2544                                             CIFS_MOUNT_NO_PERM);
2545         if (pvolume_info->direct_io) {
2546                 cFYI(1, "mounting share using direct i/o");
2547                 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
2548         }
2549         if (pvolume_info->mfsymlinks) {
2550                 if (pvolume_info->sfu_emul) {
2551                         cERROR(1,  "mount option mfsymlinks ignored if sfu "
2552                                    "mount option is used");
2553                 } else {
2554                         cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MF_SYMLINKS;
2555                 }
2556         }
2557
2558         if ((pvolume_info->cifs_acl) && (pvolume_info->dynperm))
2559                 cERROR(1, "mount option dynperm ignored if cifsacl "
2560                            "mount option supported");
2561 }
2562
2563 static int
2564 is_path_accessible(int xid, struct cifsTconInfo *tcon,
2565                    struct cifs_sb_info *cifs_sb, const char *full_path)
2566 {
2567         int rc;
2568         FILE_ALL_INFO *pfile_info;
2569
2570         pfile_info = kmalloc(sizeof(FILE_ALL_INFO), GFP_KERNEL);
2571         if (pfile_info == NULL)
2572                 return -ENOMEM;
2573
2574         rc = CIFSSMBQPathInfo(xid, tcon, full_path, pfile_info,
2575                               0 /* not legacy */, cifs_sb->local_nls,
2576                               cifs_sb->mnt_cifs_flags &
2577                                 CIFS_MOUNT_MAP_SPECIAL_CHR);
2578         kfree(pfile_info);
2579         return rc;
2580 }
2581
2582 static void
2583 cleanup_volume_info(struct smb_vol **pvolume_info)
2584 {
2585         struct smb_vol *volume_info;
2586
2587         if (!pvolume_info || !*pvolume_info)
2588                 return;
2589
2590         volume_info = *pvolume_info;
2591         kzfree(volume_info->password);
2592         kfree(volume_info->UNC);
2593         kfree(volume_info->prepath);
2594         kfree(volume_info);
2595         *pvolume_info = NULL;
2596         return;
2597 }
2598
2599 #ifdef CONFIG_CIFS_DFS_UPCALL
2600 /* build_path_to_root returns full path to root when
2601  * we do not have an exiting connection (tcon) */
2602 static char *
2603 build_unc_path_to_root(const struct smb_vol *volume_info,
2604                 const struct cifs_sb_info *cifs_sb)
2605 {
2606         char *full_path;
2607
2608         int unc_len = strnlen(volume_info->UNC, MAX_TREE_SIZE + 1);
2609         full_path = kmalloc(unc_len + cifs_sb->prepathlen + 1, GFP_KERNEL);
2610         if (full_path == NULL)
2611                 return ERR_PTR(-ENOMEM);
2612
2613         strncpy(full_path, volume_info->UNC, unc_len);
2614         if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) {
2615                 int i;
2616                 for (i = 0; i < unc_len; i++) {
2617                         if (full_path[i] == '\\')
2618                                 full_path[i] = '/';
2619                 }
2620         }
2621
2622         if (cifs_sb->prepathlen)
2623                 strncpy(full_path + unc_len, cifs_sb->prepath,
2624                                 cifs_sb->prepathlen);
2625
2626         full_path[unc_len + cifs_sb->prepathlen] = 0; /* add trailing null */
2627         return full_path;
2628 }
2629 #endif
2630
2631 int
2632 cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
2633                 char *mount_data_global, const char *devname)
2634 {
2635         int rc;
2636         int xid;
2637         struct smb_vol *volume_info;
2638         struct cifsSesInfo *pSesInfo;
2639         struct cifsTconInfo *tcon;
2640         struct TCP_Server_Info *srvTcp;
2641         char   *full_path;
2642         char *mount_data = mount_data_global;
2643         struct tcon_link *tlink;
2644 #ifdef CONFIG_CIFS_DFS_UPCALL
2645         struct dfs_info3_param *referrals = NULL;
2646         unsigned int num_referrals = 0;
2647         int referral_walks_count = 0;
2648 try_mount_again:
2649 #endif
2650         rc = 0;
2651         tcon = NULL;
2652         pSesInfo = NULL;
2653         srvTcp = NULL;
2654         full_path = NULL;
2655         tlink = NULL;
2656
2657         xid = GetXid();
2658
2659         volume_info = kzalloc(sizeof(struct smb_vol), GFP_KERNEL);
2660         if (!volume_info) {
2661                 rc = -ENOMEM;
2662                 goto out;
2663         }
2664
2665         if (cifs_parse_mount_options(mount_data, devname, volume_info)) {
2666                 rc = -EINVAL;
2667                 goto out;
2668         }
2669
2670         if (volume_info->nullauth) {
2671                 cFYI(1, "null user");
2672                 volume_info->username = "";
2673         } else if (volume_info->username) {
2674                 /* BB fixme parse for domain name here */
2675                 cFYI(1, "Username: %s", volume_info->username);
2676         } else {
2677                 cifserror("No username specified");
2678         /* In userspace mount helper we can get user name from alternate
2679            locations such as env variables and files on disk */
2680                 rc = -EINVAL;
2681                 goto out;
2682         }
2683
2684         /* this is needed for ASCII cp to Unicode converts */
2685         if (volume_info->iocharset == NULL) {
2686                 /* load_nls_default cannot return null */
2687                 volume_info->local_nls = load_nls_default();
2688         } else {
2689                 volume_info->local_nls = load_nls(volume_info->iocharset);
2690                 if (volume_info->local_nls == NULL) {
2691                         cERROR(1, "CIFS mount error: iocharset %s not found",
2692                                  volume_info->iocharset);
2693                         rc = -ELIBACC;
2694                         goto out;
2695                 }
2696         }
2697         cifs_sb->local_nls = volume_info->local_nls;
2698
2699         /* get a reference to a tcp session */
2700         srvTcp = cifs_get_tcp_session(volume_info);
2701         if (IS_ERR(srvTcp)) {
2702                 rc = PTR_ERR(srvTcp);
2703                 goto out;
2704         }
2705
2706         /* get a reference to a SMB session */
2707         pSesInfo = cifs_get_smb_ses(srvTcp, volume_info);
2708         if (IS_ERR(pSesInfo)) {
2709                 rc = PTR_ERR(pSesInfo);
2710                 pSesInfo = NULL;
2711                 goto mount_fail_check;
2712         }
2713
2714         setup_cifs_sb(volume_info, cifs_sb);
2715         if (pSesInfo->capabilities & CAP_LARGE_FILES)
2716                 sb->s_maxbytes = MAX_LFS_FILESIZE;
2717         else
2718                 sb->s_maxbytes = MAX_NON_LFS;
2719
2720         /* BB FIXME fix time_gran to be larger for LANMAN sessions */
2721         sb->s_time_gran = 100;
2722
2723         /* search for existing tcon to this server share */
2724         tcon = cifs_get_tcon(pSesInfo, volume_info);
2725         if (IS_ERR(tcon)) {
2726                 rc = PTR_ERR(tcon);
2727                 tcon = NULL;
2728                 goto remote_path_check;
2729         }
2730
2731         /* do not care if following two calls succeed - informational */
2732         if (!tcon->ipc) {
2733                 CIFSSMBQFSDeviceInfo(xid, tcon);
2734                 CIFSSMBQFSAttributeInfo(xid, tcon);
2735         }
2736
2737         /* tell server which Unix caps we support */
2738         if (tcon->ses->capabilities & CAP_UNIX)
2739                 /* reset of caps checks mount to see if unix extensions
2740                    disabled for just this mount */
2741                 reset_cifs_unix_caps(xid, tcon, sb, volume_info);
2742         else
2743                 tcon->unix_ext = 0; /* server does not support them */
2744
2745         /* convert forward to back slashes in prepath here if needed */
2746         if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0)
2747                 convert_delimiter(cifs_sb->prepath, CIFS_DIR_SEP(cifs_sb));
2748
2749         if ((tcon->unix_ext == 0) && (cifs_sb->rsize > (1024 * 127))) {
2750                 cifs_sb->rsize = 1024 * 127;
2751                 cFYI(DBG2, "no very large read support, rsize now 127K");
2752         }
2753         if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
2754                 cifs_sb->wsize = min(cifs_sb->wsize,
2755                                (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE));
2756         if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
2757                 cifs_sb->rsize = min(cifs_sb->rsize,
2758                                (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE));
2759
2760 remote_path_check:
2761         /* check if a whole path (including prepath) is not remote */
2762         if (!rc && cifs_sb->prepathlen && tcon) {
2763                 /* build_path_to_root works only when we have a valid tcon */
2764                 full_path = cifs_build_path_to_root(cifs_sb, tcon);
2765                 if (full_path == NULL) {
2766                         rc = -ENOMEM;
2767                         goto mount_fail_check;
2768                 }
2769                 rc = is_path_accessible(xid, tcon, cifs_sb, full_path);
2770                 if (rc != 0 && rc != -EREMOTE) {
2771                         kfree(full_path);
2772                         goto mount_fail_check;
2773                 }
2774                 kfree(full_path);
2775         }
2776
2777         /* get referral if needed */
2778         if (rc == -EREMOTE) {
2779 #ifdef CONFIG_CIFS_DFS_UPCALL
2780                 if (referral_walks_count > MAX_NESTED_LINKS) {
2781                         /*
2782                          * BB: when we implement proper loop detection,
2783                          *     we will remove this check. But now we need it
2784                          *     to prevent an indefinite loop if 'DFS tree' is
2785                          *     misconfigured (i.e. has loops).
2786                          */
2787                         rc = -ELOOP;
2788                         goto mount_fail_check;
2789                 }
2790                 /* convert forward to back slashes in prepath here if needed */
2791                 if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0)
2792                         convert_delimiter(cifs_sb->prepath,
2793                                         CIFS_DIR_SEP(cifs_sb));
2794                 full_path = build_unc_path_to_root(volume_info, cifs_sb);
2795                 if (IS_ERR(full_path)) {
2796                         rc = PTR_ERR(full_path);
2797                         goto mount_fail_check;
2798                 }
2799
2800                 cFYI(1, "Getting referral for: %s", full_path);
2801                 rc = get_dfs_path(xid, pSesInfo , full_path + 1,
2802                         cifs_sb->local_nls, &num_referrals, &referrals,
2803                         cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR);
2804                 if (!rc && num_referrals > 0) {
2805                         char *fake_devname = NULL;
2806
2807                         if (mount_data != mount_data_global)
2808                                 kfree(mount_data);
2809
2810                         mount_data = cifs_compose_mount_options(
2811                                         cifs_sb->mountdata, full_path + 1,
2812                                         referrals, &fake_devname);
2813
2814                         free_dfs_info_array(referrals, num_referrals);
2815                         kfree(fake_devname);
2816                         kfree(full_path);
2817
2818                         if (IS_ERR(mount_data)) {
2819                                 rc = PTR_ERR(mount_data);
2820                                 mount_data = NULL;
2821                                 goto mount_fail_check;
2822                         }
2823
2824                         if (tcon)
2825                                 cifs_put_tcon(tcon);
2826                         else if (pSesInfo)
2827                                 cifs_put_smb_ses(pSesInfo);
2828
2829                         cleanup_volume_info(&volume_info);
2830                         referral_walks_count++;
2831                         FreeXid(xid);
2832                         goto try_mount_again;
2833                 }
2834 #else /* No DFS support, return error on mount */
2835                 rc = -EOPNOTSUPP;
2836 #endif
2837         }
2838
2839         if (rc)
2840                 goto mount_fail_check;
2841
2842         /* now, hang the tcon off of the superblock */
2843         tlink = kzalloc(sizeof *tlink, GFP_KERNEL);
2844         if (tlink == NULL) {
2845                 rc = -ENOMEM;
2846                 goto mount_fail_check;
2847         }
2848
2849         tlink->tl_uid = pSesInfo->linux_uid;
2850         tlink->tl_tcon = tcon;
2851         tlink->tl_time = jiffies;
2852         set_bit(TCON_LINK_MASTER, &tlink->tl_flags);
2853         set_bit(TCON_LINK_IN_TREE, &tlink->tl_flags);
2854
2855         cifs_sb->master_tlink = tlink;
2856         spin_lock(&cifs_sb->tlink_tree_lock);
2857         tlink_rb_insert(&cifs_sb->tlink_tree, tlink);
2858         spin_unlock(&cifs_sb->tlink_tree_lock);
2859
2860         queue_delayed_work(system_nrt_wq, &cifs_sb->prune_tlinks,
2861                                 TLINK_IDLE_EXPIRE);
2862
2863 mount_fail_check:
2864         /* on error free sesinfo and tcon struct if needed */
2865         if (rc) {
2866                 if (mount_data != mount_data_global)
2867                         kfree(mount_data);
2868                 /* If find_unc succeeded then rc == 0 so we can not end */
2869                 /* up accidently freeing someone elses tcon struct */
2870                 if (tcon)
2871                         cifs_put_tcon(tcon);
2872                 else if (pSesInfo)
2873                         cifs_put_smb_ses(pSesInfo);
2874                 else
2875                         cifs_put_tcp_session(srvTcp);
2876                 goto out;
2877         }
2878
2879         /* volume_info->password is freed above when existing session found
2880         (in which case it is not needed anymore) but when new sesion is created
2881         the password ptr is put in the new session structure (in which case the
2882         password will be freed at unmount time) */
2883 out:
2884         /* zero out password before freeing */
2885         cleanup_volume_info(&volume_info);
2886         FreeXid(xid);
2887         return rc;
2888 }
2889
2890 int
2891 CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
2892          const char *tree, struct cifsTconInfo *tcon,
2893          const struct nls_table *nls_codepage)
2894 {
2895         struct smb_hdr *smb_buffer;
2896         struct smb_hdr *smb_buffer_response;
2897         TCONX_REQ *pSMB;
2898         TCONX_RSP *pSMBr;
2899         unsigned char *bcc_ptr;
2900         int rc = 0;
2901         int length, bytes_left;
2902         __u16 count;
2903
2904         if (ses == NULL)
2905                 return -EIO;
2906
2907         smb_buffer = cifs_buf_get();
2908         if (smb_buffer == NULL)
2909                 return -ENOMEM;
2910
2911         smb_buffer_response = smb_buffer;
2912
2913         header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
2914                         NULL /*no tid */ , 4 /*wct */ );
2915
2916         smb_buffer->Mid = GetNextMid(ses->server);
2917         smb_buffer->Uid = ses->Suid;
2918         pSMB = (TCONX_REQ *) smb_buffer;
2919         pSMBr = (TCONX_RSP *) smb_buffer_response;
2920
2921         pSMB->AndXCommand = 0xFF;
2922         pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
2923         bcc_ptr = &pSMB->Password[0];
2924         if ((ses->server->secMode) & SECMODE_USER) {
2925                 pSMB->PasswordLength = cpu_to_le16(1);  /* minimum */
2926                 *bcc_ptr = 0; /* password is null byte */
2927                 bcc_ptr++;              /* skip password */
2928                 /* already aligned so no need to do it below */
2929         } else {
2930                 pSMB->PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);
2931                 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
2932                    specified as required (when that support is added to
2933                    the vfs in the future) as only NTLM or the much
2934                    weaker LANMAN (which we do not send by default) is accepted
2935                    by Samba (not sure whether other servers allow
2936                    NTLMv2 password here) */
2937 #ifdef CONFIG_CIFS_WEAK_PW_HASH
2938                 if ((global_secflags & CIFSSEC_MAY_LANMAN) &&
2939                     (ses->server->secType == LANMAN))
2940                         calc_lanman_hash(tcon->password, ses->server->cryptkey,
2941                                          ses->server->secMode &
2942                                             SECMODE_PW_ENCRYPT ? true : false,
2943                                          bcc_ptr);
2944                 else
2945 #endif /* CIFS_WEAK_PW_HASH */
2946                 SMBNTencrypt(tcon->password, ses->server->cryptkey, bcc_ptr);
2947
2948                 bcc_ptr += CIFS_SESS_KEY_SIZE;
2949                 if (ses->capabilities & CAP_UNICODE) {
2950                         /* must align unicode strings */
2951                         *bcc_ptr = 0; /* null byte password */
2952                         bcc_ptr++;
2953                 }
2954         }
2955
2956         if (ses->server->secMode &
2957                         (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2958                 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2959
2960         if (ses->capabilities & CAP_STATUS32) {
2961                 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2962         }
2963         if (ses->capabilities & CAP_DFS) {
2964                 smb_buffer->Flags2 |= SMBFLG2_DFS;
2965         }
2966         if (ses->capabilities & CAP_UNICODE) {
2967                 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2968                 length =
2969                     cifs_strtoUCS((__le16 *) bcc_ptr, tree,
2970                         6 /* max utf8 char length in bytes */ *
2971                         (/* server len*/ + 256 /* share len */), nls_codepage);
2972                 bcc_ptr += 2 * length;  /* convert num 16 bit words to bytes */
2973                 bcc_ptr += 2;   /* skip trailing null */
2974         } else {                /* ASCII */
2975                 strcpy(bcc_ptr, tree);
2976                 bcc_ptr += strlen(tree) + 1;
2977         }
2978         strcpy(bcc_ptr, "?????");
2979         bcc_ptr += strlen("?????");
2980         bcc_ptr += 1;
2981         count = bcc_ptr - &pSMB->Password[0];
2982         pSMB->hdr.smb_buf_length += count;
2983         pSMB->ByteCount = cpu_to_le16(count);
2984
2985         rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length,
2986                          CIFS_STD_OP);
2987
2988         /* above now done in SendReceive */
2989         if ((rc == 0) && (tcon != NULL)) {
2990                 bool is_unicode;
2991
2992                 tcon->tidStatus = CifsGood;
2993                 tcon->need_reconnect = false;
2994                 tcon->tid = smb_buffer_response->Tid;
2995                 bcc_ptr = pByteArea(smb_buffer_response);
2996                 bytes_left = BCC(smb_buffer_response);
2997                 length = strnlen(bcc_ptr, bytes_left - 2);
2998                 if (smb_buffer->Flags2 & SMBFLG2_UNICODE)
2999                         is_unicode = true;
3000                 else
3001                         is_unicode = false;
3002
3003
3004                 /* skip service field (NB: this field is always ASCII) */
3005                 if (length == 3) {
3006                         if ((bcc_ptr[0] == 'I') && (bcc_ptr[1] == 'P') &&
3007                             (bcc_ptr[2] == 'C')) {
3008                                 cFYI(1, "IPC connection");
3009                                 tcon->ipc = 1;
3010                         }
3011                 } else if (length == 2) {
3012                         if ((bcc_ptr[0] == 'A') && (bcc_ptr[1] == ':')) {
3013                                 /* the most common case */
3014                                 cFYI(1, "disk share connection");
3015                         }
3016                 }
3017                 bcc_ptr += length + 1;
3018                 bytes_left -= (length + 1);
3019                 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3020
3021                 /* mostly informational -- no need to fail on error here */
3022                 kfree(tcon->nativeFileSystem);
3023                 tcon->nativeFileSystem = cifs_strndup_from_ucs(bcc_ptr,
3024                                                       bytes_left, is_unicode,
3025                                                       nls_codepage);
3026
3027                 cFYI(1, "nativeFileSystem=%s", tcon->nativeFileSystem);
3028
3029                 if ((smb_buffer_response->WordCount == 3) ||
3030                          (smb_buffer_response->WordCount == 7))
3031                         /* field is in same location */
3032                         tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3033                 else
3034                         tcon->Flags = 0;
3035                 cFYI(1, "Tcon flags: 0x%x ", tcon->Flags);
3036         } else if ((rc == 0) && tcon == NULL) {
3037                 /* all we need to save for IPC$ connection */
3038                 ses->ipc_tid = smb_buffer_response->Tid;
3039         }
3040
3041         cifs_buf_release(smb_buffer);
3042         return rc;
3043 }
3044
3045 int
3046 cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3047 {
3048         struct rb_root *root = &cifs_sb->tlink_tree;
3049         struct rb_node *node;
3050         struct tcon_link *tlink;
3051         char *tmp;
3052
3053         cancel_delayed_work_sync(&cifs_sb->prune_tlinks);
3054
3055         spin_lock(&cifs_sb->tlink_tree_lock);
3056         while ((node = rb_first(root))) {
3057                 tlink = rb_entry(node, struct tcon_link, tl_rbnode);
3058                 cifs_get_tlink(tlink);
3059                 clear_bit(TCON_LINK_IN_TREE, &tlink->tl_flags);
3060                 rb_erase(node, root);
3061
3062                 spin_unlock(&cifs_sb->tlink_tree_lock);
3063                 cifs_put_tlink(tlink);
3064                 spin_lock(&cifs_sb->tlink_tree_lock);
3065         }
3066         spin_unlock(&cifs_sb->tlink_tree_lock);
3067
3068         tmp = cifs_sb->prepath;
3069         cifs_sb->prepathlen = 0;
3070         cifs_sb->prepath = NULL;
3071         kfree(tmp);
3072
3073         return 0;
3074 }
3075
3076 int cifs_negotiate_protocol(unsigned int xid, struct cifsSesInfo *ses)
3077 {
3078         int rc = 0;
3079         struct TCP_Server_Info *server = ses->server;
3080
3081         /* only send once per connect */
3082         if (server->maxBuf != 0)
3083                 return 0;
3084
3085         rc = CIFSSMBNegotiate(xid, ses);
3086         if (rc == -EAGAIN) {
3087                 /* retry only once on 1st time connection */
3088                 rc = CIFSSMBNegotiate(xid, ses);
3089                 if (rc == -EAGAIN)
3090                         rc = -EHOSTDOWN;
3091         }
3092         if (rc == 0) {
3093                 spin_lock(&GlobalMid_Lock);
3094                 if (server->tcpStatus != CifsExiting)
3095                         server->tcpStatus = CifsGood;
3096                 else
3097                         rc = -EHOSTDOWN;
3098                 spin_unlock(&GlobalMid_Lock);
3099
3100         }
3101
3102         return rc;
3103 }
3104
3105
3106 int cifs_setup_session(unsigned int xid, struct cifsSesInfo *ses,
3107                         struct nls_table *nls_info)
3108 {
3109         int rc = 0;
3110         struct TCP_Server_Info *server = ses->server;
3111
3112         ses->flags = 0;
3113         ses->capabilities = server->capabilities;
3114         if (linuxExtEnabled == 0)
3115                 ses->capabilities &= (~CAP_UNIX);
3116
3117         cFYI(1, "Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d",
3118                  server->secMode, server->capabilities, server->timeAdj);
3119
3120         rc = CIFS_SessSetup(xid, ses, nls_info);
3121         if (rc) {
3122                 cERROR(1, "Send error in SessSetup = %d", rc);
3123         } else {
3124                 mutex_lock(&ses->server->srv_mutex);
3125                 if (!server->session_estab) {
3126                         server->session_key.response = ses->auth_key.response;
3127                         server->session_key.len = ses->auth_key.len;
3128                         server->sequence_number = 0x2;
3129                         server->session_estab = true;
3130                         ses->auth_key.response = NULL;
3131                 }
3132                 mutex_unlock(&server->srv_mutex);
3133
3134                 cFYI(1, "CIFS Session Established successfully");
3135                 spin_lock(&GlobalMid_Lock);
3136                 ses->status = CifsGood;
3137                 ses->need_reconnect = false;
3138                 spin_unlock(&GlobalMid_Lock);
3139         }
3140
3141         kfree(ses->auth_key.response);
3142         ses->auth_key.response = NULL;
3143         ses->auth_key.len = 0;
3144         kfree(ses->ntlmssp);
3145         ses->ntlmssp = NULL;
3146
3147         return rc;
3148 }
3149
3150 static struct cifsTconInfo *
3151 cifs_construct_tcon(struct cifs_sb_info *cifs_sb, uid_t fsuid)
3152 {
3153         struct cifsTconInfo *master_tcon = cifs_sb_master_tcon(cifs_sb);
3154         struct cifsSesInfo *ses;
3155         struct cifsTconInfo *tcon = NULL;
3156         struct smb_vol *vol_info;
3157         char username[MAX_USERNAME_SIZE + 1];
3158
3159         vol_info = kzalloc(sizeof(*vol_info), GFP_KERNEL);
3160         if (vol_info == NULL) {
3161                 tcon = ERR_PTR(-ENOMEM);
3162                 goto out;
3163         }
3164
3165         snprintf(username, MAX_USERNAME_SIZE, "krb50x%x", fsuid);
3166         vol_info->username = username;
3167         vol_info->local_nls = cifs_sb->local_nls;
3168         vol_info->linux_uid = fsuid;
3169         vol_info->cred_uid = fsuid;
3170         vol_info->UNC = master_tcon->treeName;
3171         vol_info->retry = master_tcon->retry;
3172         vol_info->nocase = master_tcon->nocase;
3173         vol_info->local_lease = master_tcon->local_lease;
3174         vol_info->no_linux_ext = !master_tcon->unix_ext;
3175
3176         /* FIXME: allow for other secFlg settings */
3177         vol_info->secFlg = CIFSSEC_MUST_KRB5;
3178
3179         /* get a reference for the same TCP session */
3180         spin_lock(&cifs_tcp_ses_lock);
3181         ++master_tcon->ses->server->srv_count;
3182         spin_unlock(&cifs_tcp_ses_lock);
3183
3184         ses = cifs_get_smb_ses(master_tcon->ses->server, vol_info);
3185         if (IS_ERR(ses)) {
3186                 tcon = (struct cifsTconInfo *)ses;
3187                 cifs_put_tcp_session(master_tcon->ses->server);
3188                 goto out;
3189         }
3190
3191         tcon = cifs_get_tcon(ses, vol_info);
3192         if (IS_ERR(tcon)) {
3193                 cifs_put_smb_ses(ses);
3194                 goto out;
3195         }
3196
3197         if (ses->capabilities & CAP_UNIX)
3198                 reset_cifs_unix_caps(0, tcon, NULL, vol_info);
3199 out:
3200         kfree(vol_info);
3201
3202         return tcon;
3203 }
3204
3205 static inline struct tcon_link *
3206 cifs_sb_master_tlink(struct cifs_sb_info *cifs_sb)
3207 {
3208         return cifs_sb->master_tlink;
3209 }
3210
3211 struct cifsTconInfo *
3212 cifs_sb_master_tcon(struct cifs_sb_info *cifs_sb)
3213 {
3214         return tlink_tcon(cifs_sb_master_tlink(cifs_sb));
3215 }
3216
3217 static int
3218 cifs_sb_tcon_pending_wait(void *unused)
3219 {
3220         schedule();
3221         return signal_pending(current) ? -ERESTARTSYS : 0;
3222 }
3223
3224 /* find and return a tlink with given uid */
3225 static struct tcon_link *
3226 tlink_rb_search(struct rb_root *root, uid_t uid)
3227 {
3228         struct rb_node *node = root->rb_node;
3229         struct tcon_link *tlink;
3230
3231         while (node) {
3232                 tlink = rb_entry(node, struct tcon_link, tl_rbnode);
3233
3234                 if (tlink->tl_uid > uid)
3235                         node = node->rb_left;
3236                 else if (tlink->tl_uid < uid)
3237                         node = node->rb_right;
3238                 else
3239                         return tlink;
3240         }
3241         return NULL;
3242 }
3243
3244 /* insert a tcon_link into the tree */
3245 static void
3246 tlink_rb_insert(struct rb_root *root, struct tcon_link *new_tlink)
3247 {
3248         struct rb_node **new = &(root->rb_node), *parent = NULL;
3249         struct tcon_link *tlink;
3250
3251         while (*new) {
3252                 tlink = rb_entry(*new, struct tcon_link, tl_rbnode);
3253                 parent = *new;
3254
3255                 if (tlink->tl_uid > new_tlink->tl_uid)
3256                         new = &((*new)->rb_left);
3257                 else
3258                         new = &((*new)->rb_right);
3259         }
3260
3261         rb_link_node(&new_tlink->tl_rbnode, parent, new);
3262         rb_insert_color(&new_tlink->tl_rbnode, root);
3263 }
3264
3265 /*
3266  * Find or construct an appropriate tcon given a cifs_sb and the fsuid of the
3267  * current task.
3268  *
3269  * If the superblock doesn't refer to a multiuser mount, then just return
3270  * the master tcon for the mount.
3271  *
3272  * First, search the rbtree for an existing tcon for this fsuid. If one
3273  * exists, then check to see if it's pending construction. If it is then wait
3274  * for construction to complete. Once it's no longer pending, check to see if
3275  * it failed and either return an error or retry construction, depending on
3276  * the timeout.
3277  *
3278  * If one doesn't exist then insert a new tcon_link struct into the tree and
3279  * try to construct a new one.
3280  */
3281 struct tcon_link *
3282 cifs_sb_tlink(struct cifs_sb_info *cifs_sb)
3283 {
3284         int ret;
3285         uid_t fsuid = current_fsuid();
3286         struct tcon_link *tlink, *newtlink;
3287
3288         if (!(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MULTIUSER))
3289                 return cifs_get_tlink(cifs_sb_master_tlink(cifs_sb));
3290
3291         spin_lock(&cifs_sb->tlink_tree_lock);
3292         tlink = tlink_rb_search(&cifs_sb->tlink_tree, fsuid);
3293         if (tlink)
3294                 cifs_get_tlink(tlink);
3295         spin_unlock(&cifs_sb->tlink_tree_lock);
3296
3297         if (tlink == NULL) {
3298                 newtlink = kzalloc(sizeof(*tlink), GFP_KERNEL);
3299                 if (newtlink == NULL)
3300                         return ERR_PTR(-ENOMEM);
3301                 newtlink->tl_uid = fsuid;
3302                 newtlink->tl_tcon = ERR_PTR(-EACCES);
3303                 set_bit(TCON_LINK_PENDING, &newtlink->tl_flags);
3304                 set_bit(TCON_LINK_IN_TREE, &newtlink->tl_flags);
3305                 cifs_get_tlink(newtlink);
3306
3307                 spin_lock(&cifs_sb->tlink_tree_lock);
3308                 /* was one inserted after previous search? */
3309                 tlink = tlink_rb_search(&cifs_sb->tlink_tree, fsuid);
3310                 if (tlink) {
3311                         cifs_get_tlink(tlink);
3312                         spin_unlock(&cifs_sb->tlink_tree_lock);
3313                         kfree(newtlink);
3314                         goto wait_for_construction;
3315                 }
3316                 tlink = newtlink;
3317                 tlink_rb_insert(&cifs_sb->tlink_tree, tlink);
3318                 spin_unlock(&cifs_sb->tlink_tree_lock);
3319         } else {
3320 wait_for_construction:
3321                 ret = wait_on_bit(&tlink->tl_flags, TCON_LINK_PENDING,
3322                                   cifs_sb_tcon_pending_wait,
3323                                   TASK_INTERRUPTIBLE);
3324                 if (ret) {
3325                         cifs_put_tlink(tlink);
3326                         return ERR_PTR(ret);
3327                 }
3328
3329                 /* if it's good, return it */
3330                 if (!IS_ERR(tlink->tl_tcon))
3331                         return tlink;
3332
3333                 /* return error if we tried this already recently */
3334                 if (time_before(jiffies, tlink->tl_time + TLINK_ERROR_EXPIRE)) {
3335                         cifs_put_tlink(tlink);
3336                         return ERR_PTR(-EACCES);
3337                 }
3338
3339                 if (test_and_set_bit(TCON_LINK_PENDING, &tlink->tl_flags))
3340                         goto wait_for_construction;
3341         }
3342
3343         tlink->tl_tcon = cifs_construct_tcon(cifs_sb, fsuid);
3344         clear_bit(TCON_LINK_PENDING, &tlink->tl_flags);
3345         wake_up_bit(&tlink->tl_flags, TCON_LINK_PENDING);
3346
3347         if (IS_ERR(tlink->tl_tcon)) {
3348                 cifs_put_tlink(tlink);
3349                 return ERR_PTR(-EACCES);
3350         }
3351
3352         return tlink;
3353 }
3354
3355 /*
3356  * periodic workqueue job that scans tcon_tree for a superblock and closes
3357  * out tcons.
3358  */
3359 static void
3360 cifs_prune_tlinks(struct work_struct *work)
3361 {
3362         struct cifs_sb_info *cifs_sb = container_of(work, struct cifs_sb_info,
3363                                                     prune_tlinks.work);
3364         struct rb_root *root = &cifs_sb->tlink_tree;
3365         struct rb_node *node = rb_first(root);
3366         struct rb_node *tmp;
3367         struct tcon_link *tlink;
3368
3369         /*
3370          * Because we drop the spinlock in the loop in order to put the tlink
3371          * it's not guarded against removal of links from the tree. The only
3372          * places that remove entries from the tree are this function and
3373          * umounts. Because this function is non-reentrant and is canceled
3374          * before umount can proceed, this is safe.
3375          */
3376         spin_lock(&cifs_sb->tlink_tree_lock);
3377         node = rb_first(root);
3378         while (node != NULL) {
3379                 tmp = node;
3380                 node = rb_next(tmp);
3381                 tlink = rb_entry(tmp, struct tcon_link, tl_rbnode);
3382
3383                 if (test_bit(TCON_LINK_MASTER, &tlink->tl_flags) ||
3384                     atomic_read(&tlink->tl_count) != 0 ||
3385                     time_after(tlink->tl_time + TLINK_IDLE_EXPIRE, jiffies))
3386                         continue;
3387
3388                 cifs_get_tlink(tlink);
3389                 clear_bit(TCON_LINK_IN_TREE, &tlink->tl_flags);
3390                 rb_erase(tmp, root);
3391
3392                 spin_unlock(&cifs_sb->tlink_tree_lock);
3393                 cifs_put_tlink(tlink);
3394                 spin_lock(&cifs_sb->tlink_tree_lock);
3395         }
3396         spin_unlock(&cifs_sb->tlink_tree_lock);
3397
3398         queue_delayed_work(system_nrt_wq, &cifs_sb->prune_tlinks,
3399                                 TLINK_IDLE_EXPIRE);
3400 }