linux/fs/cifs/connect.c
<<
>>
Prefs
   1/*
   2 *   fs/cifs/connect.c
   3 *
   4 *   Copyright (C) International Business Machines  Corp., 2002,2009
   5 *   Author(s): Steve French (sfrench@us.ibm.com)
   6 *
   7 *   This library is free software; you can redistribute it and/or modify
   8 *   it under the terms of the GNU Lesser General Public License as published
   9 *   by the Free Software Foundation; either version 2.1 of the License, or
  10 *   (at your option) any later version.
  11 *
  12 *   This library is distributed in the hope that it will be useful,
  13 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
  14 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
  15 *   the GNU Lesser General Public License for more details.
  16 *
  17 *   You should have received a copy of the GNU Lesser General Public License
  18 *   along with this library; if not, write to the Free Software
  19 *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  20 */
  21#include <linux/fs.h>
  22#include <linux/net.h>
  23#include <linux/string.h>
  24#include <linux/list.h>
  25#include <linux/wait.h>
  26#include <linux/slab.h>
  27#include <linux/pagemap.h>
  28#include <linux/ctype.h>
  29#include <linux/utsname.h>
  30#include <linux/mempool.h>
  31#include <linux/delay.h>
  32#include <linux/completion.h>
  33#include <linux/kthread.h>
  34#include <linux/pagevec.h>
  35#include <linux/freezer.h>
  36#include <linux/namei.h>
  37#include <asm/uaccess.h>
  38#include <asm/processor.h>
  39#include <linux/inet.h>
  40#include <net/ipv6.h>
  41#include "cifspdu.h"
  42#include "cifsglob.h"
  43#include "cifsproto.h"
  44#include "cifs_unicode.h"
  45#include "cifs_debug.h"
  46#include "cifs_fs_sb.h"
  47#include "ntlmssp.h"
  48#include "nterr.h"
  49#include "rfc1002pdu.h"
  50#include "fscache.h"
  51
  52#define CIFS_PORT 445
  53#define RFC1001_PORT 139
  54
  55/* SMB echo "timeout" -- FIXME: tunable? */
  56#define SMB_ECHO_INTERVAL (60 * HZ)
  57
  58extern mempool_t *cifs_req_poolp;
  59
  60struct smb_vol {
  61        char *username;
  62        char *password;
  63        char *domainname;
  64        char *UNC;
  65        char *UNCip;
  66        char *iocharset;  /* local code page for mapping to and from Unicode */
  67        char source_rfc1001_name[RFC1001_NAME_LEN_WITH_NULL]; /* clnt nb name */
  68        char target_rfc1001_name[RFC1001_NAME_LEN_WITH_NULL]; /* srvr nb name */
  69        uid_t cred_uid;
  70        uid_t linux_uid;
  71        gid_t linux_gid;
  72        mode_t file_mode;
  73        mode_t dir_mode;
  74        unsigned secFlg;
  75        bool retry:1;
  76        bool intr:1;
  77        bool setuids:1;
  78        bool override_uid:1;
  79        bool override_gid:1;
  80        bool dynperm:1;
  81        bool noperm:1;
  82        bool no_psx_acl:1; /* set if posix acl support should be disabled */
  83        bool cifs_acl:1;
  84        bool no_xattr:1;   /* set if xattr (EA) support should be disabled*/
  85        bool server_ino:1; /* use inode numbers from server ie UniqueId */
  86        bool direct_io:1;
  87        bool strict_io:1; /* strict cache behavior */
  88        bool remap:1;      /* set to remap seven reserved chars in filenames */
  89        bool posix_paths:1; /* unset to not ask for posix pathnames. */
  90        bool no_linux_ext:1;
  91        bool sfu_emul:1;
  92        bool nullauth:1;   /* attempt to authenticate with null user */
  93        bool nocase:1;     /* request case insensitive filenames */
  94        bool nobrl:1;      /* disable sending byte range locks to srv */
  95        bool mand_lock:1;  /* send mandatory not posix byte range lock reqs */
  96        bool seal:1;       /* request transport encryption on share */
  97        bool nodfs:1;      /* Do not request DFS, even if available */
  98        bool local_lease:1; /* check leases only on local system, not remote */
  99        bool noblocksnd:1;
 100        bool noautotune:1;
 101        bool nostrictsync:1; /* do not force expensive SMBflush on every sync */
 102        bool fsc:1;     /* enable fscache */
 103        bool mfsymlinks:1; /* use Minshall+French Symlinks */
 104        bool multiuser:1;
 105        unsigned int rsize;
 106        unsigned int wsize;
 107        bool sockopt_tcp_nodelay:1;
 108        unsigned short int port;
 109        unsigned long actimeo; /* attribute cache timeout (jiffies) */
 110        char *prepath;
 111        struct sockaddr_storage srcaddr; /* allow binding to a local IP */
 112        struct nls_table *local_nls;
 113};
 114
 115/* FIXME: should these be tunable? */
 116#define TLINK_ERROR_EXPIRE      (1 * HZ)
 117#define TLINK_IDLE_EXPIRE       (600 * HZ)
 118
 119static int ip_connect(struct TCP_Server_Info *server);
 120static int generic_ip_connect(struct TCP_Server_Info *server);
 121static void tlink_rb_insert(struct rb_root *root, struct tcon_link *new_tlink);
 122static void cifs_prune_tlinks(struct work_struct *work);
 123
 124/*
 125 * cifs tcp session reconnection
 126 *
 127 * mark tcp session as reconnecting so temporarily locked
 128 * mark all smb sessions as reconnecting for tcp session
 129 * reconnect tcp session
 130 * wake up waiters on reconnection? - (not needed currently)
 131 */
 132static int
 133cifs_reconnect(struct TCP_Server_Info *server)
 134{
 135        int rc = 0;
 136        struct list_head *tmp, *tmp2;
 137        struct cifsSesInfo *ses;
 138        struct cifsTconInfo *tcon;
 139        struct mid_q_entry *mid_entry;
 140
 141        spin_lock(&GlobalMid_Lock);
 142        if (server->tcpStatus == CifsExiting) {
 143                /* the demux thread will exit normally
 144                next time through the loop */
 145                spin_unlock(&GlobalMid_Lock);
 146                return rc;
 147        } else
 148                server->tcpStatus = CifsNeedReconnect;
 149        spin_unlock(&GlobalMid_Lock);
 150        server->maxBuf = 0;
 151
 152        cFYI(1, "Reconnecting tcp session");
 153
 154        /* before reconnecting the tcp session, mark the smb session (uid)
 155                and the tid bad so they are not used until reconnected */
 156        cFYI(1, "%s: marking sessions and tcons for reconnect", __func__);
 157        spin_lock(&cifs_tcp_ses_lock);
 158        list_for_each(tmp, &server->smb_ses_list) {
 159                ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
 160                ses->need_reconnect = true;
 161                ses->ipc_tid = 0;
 162                list_for_each(tmp2, &ses->tcon_list) {
 163                        tcon = list_entry(tmp2, struct cifsTconInfo, tcon_list);
 164                        tcon->need_reconnect = true;
 165                }
 166        }
 167        spin_unlock(&cifs_tcp_ses_lock);
 168
 169        /* do not want to be sending data on a socket we are freeing */
 170        cFYI(1, "%s: tearing down socket", __func__);
 171        mutex_lock(&server->srv_mutex);
 172        if (server->ssocket) {
 173                cFYI(1, "State: 0x%x Flags: 0x%lx", server->ssocket->state,
 174                        server->ssocket->flags);
 175                kernel_sock_shutdown(server->ssocket, SHUT_WR);
 176                cFYI(1, "Post shutdown state: 0x%x Flags: 0x%lx",
 177                        server->ssocket->state,
 178                        server->ssocket->flags);
 179                sock_release(server->ssocket);
 180                server->ssocket = NULL;
 181        }
 182        server->sequence_number = 0;
 183        server->session_estab = false;
 184        kfree(server->session_key.response);
 185        server->session_key.response = NULL;
 186        server->session_key.len = 0;
 187        server->lstrp = jiffies;
 188        mutex_unlock(&server->srv_mutex);
 189
 190        /* mark submitted MIDs for retry and issue callback */
 191        cFYI(1, "%s: issuing mid callbacks", __func__);
 192        spin_lock(&GlobalMid_Lock);
 193        list_for_each_safe(tmp, tmp2, &server->pending_mid_q) {
 194                mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
 195                if (mid_entry->midState == MID_REQUEST_SUBMITTED)
 196                        mid_entry->midState = MID_RETRY_NEEDED;
 197                list_del_init(&mid_entry->qhead);
 198                mid_entry->callback(mid_entry);
 199        }
 200        spin_unlock(&GlobalMid_Lock);
 201
 202        while (server->tcpStatus == CifsNeedReconnect) {
 203                try_to_freeze();
 204
 205                /* we should try only the port we connected to before */
 206                rc = generic_ip_connect(server);
 207                if (rc) {
 208                        cFYI(1, "reconnect error %d", rc);
 209                        msleep(3000);
 210                } else {
 211                        atomic_inc(&tcpSesReconnectCount);
 212                        spin_lock(&GlobalMid_Lock);
 213                        if (server->tcpStatus != CifsExiting)
 214                                server->tcpStatus = CifsNeedNegotiate;
 215                        spin_unlock(&GlobalMid_Lock);
 216                }
 217        }
 218
 219        return rc;
 220}
 221
 222/*
 223        return codes:
 224                0       not a transact2, or all data present
 225                >0      transact2 with that much data missing
 226                -EINVAL = invalid transact2
 227
 228 */
 229static int check2ndT2(struct smb_hdr *pSMB, unsigned int maxBufSize)
 230{
 231        struct smb_t2_rsp *pSMBt;
 232        int remaining;
 233        __u16 total_data_size, data_in_this_rsp;
 234
 235        if (pSMB->Command != SMB_COM_TRANSACTION2)
 236                return 0;
 237
 238        /* check for plausible wct, bcc and t2 data and parm sizes */
 239        /* check for parm and data offset going beyond end of smb */
 240        if (pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
 241                cFYI(1, "invalid transact2 word count");
 242                return -EINVAL;
 243        }
 244
 245        pSMBt = (struct smb_t2_rsp *)pSMB;
 246
 247        total_data_size = get_unaligned_le16(&pSMBt->t2_rsp.TotalDataCount);
 248        data_in_this_rsp = get_unaligned_le16(&pSMBt->t2_rsp.DataCount);
 249
 250        if (total_data_size == data_in_this_rsp)
 251                return 0;
 252        else if (total_data_size < data_in_this_rsp) {
 253                cFYI(1, "total data %d smaller than data in frame %d",
 254                        total_data_size, data_in_this_rsp);
 255                return -EINVAL;
 256        }
 257
 258        remaining = total_data_size - data_in_this_rsp;
 259
 260        cFYI(1, "missing %d bytes from transact2, check next response",
 261                remaining);
 262        if (total_data_size > maxBufSize) {
 263                cERROR(1, "TotalDataSize %d is over maximum buffer %d",
 264                        total_data_size, maxBufSize);
 265                return -EINVAL;
 266        }
 267        return remaining;
 268}
 269
 270static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
 271{
 272        struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
 273        struct smb_t2_rsp *pSMBt  = (struct smb_t2_rsp *)pTargetSMB;
 274        char *data_area_of_target;
 275        char *data_area_of_buf2;
 276        int remaining;
 277        unsigned int byte_count, total_in_buf;
 278        __u16 total_data_size, total_in_buf2;
 279
 280        total_data_size = get_unaligned_le16(&pSMBt->t2_rsp.TotalDataCount);
 281
 282        if (total_data_size !=
 283            get_unaligned_le16(&pSMB2->t2_rsp.TotalDataCount))
 284                cFYI(1, "total data size of primary and secondary t2 differ");
 285
 286        total_in_buf = get_unaligned_le16(&pSMBt->t2_rsp.DataCount);
 287
 288        remaining = total_data_size - total_in_buf;
 289
 290        if (remaining < 0)
 291                return -EPROTO;
 292
 293        if (remaining == 0) /* nothing to do, ignore */
 294                return 0;
 295
 296        total_in_buf2 = get_unaligned_le16(&pSMB2->t2_rsp.DataCount);
 297        if (remaining < total_in_buf2) {
 298                cFYI(1, "transact2 2nd response contains too much data");
 299        }
 300
 301        /* find end of first SMB data area */
 302        data_area_of_target = (char *)&pSMBt->hdr.Protocol +
 303                                get_unaligned_le16(&pSMBt->t2_rsp.DataOffset);
 304        /* validate target area */
 305
 306        data_area_of_buf2 = (char *)&pSMB2->hdr.Protocol +
 307                                get_unaligned_le16(&pSMB2->t2_rsp.DataOffset);
 308
 309        data_area_of_target += total_in_buf;
 310
 311        /* copy second buffer into end of first buffer */
 312        total_in_buf += total_in_buf2;
 313        /* is the result too big for the field? */
 314        if (total_in_buf > USHRT_MAX)
 315                return -EPROTO;
 316        put_unaligned_le16(total_in_buf, &pSMBt->t2_rsp.DataCount);
 317
 318        /* fix up the BCC */
 319        byte_count = get_bcc_le(pTargetSMB);
 320        byte_count += total_in_buf2;
 321        /* is the result too big for the field? */
 322        if (byte_count > USHRT_MAX)
 323                return -EPROTO;
 324        put_bcc_le(byte_count, pTargetSMB);
 325
 326        byte_count = pTargetSMB->smb_buf_length;
 327        byte_count += total_in_buf2;
 328        /* don't allow buffer to overflow */
 329        if (byte_count > CIFSMaxBufSize)
 330                return -ENOBUFS;
 331        pTargetSMB->smb_buf_length = byte_count;
 332
 333        memcpy(data_area_of_target, data_area_of_buf2, total_in_buf2);
 334
 335        if (remaining == total_in_buf2) {
 336                cFYI(1, "found the last secondary response");
 337                return 0; /* we are done */
 338        } else /* more responses to go */
 339                return 1;
 340}
 341
 342static void
 343cifs_echo_request(struct work_struct *work)
 344{
 345        int rc;
 346        struct TCP_Server_Info *server = container_of(work,
 347                                        struct TCP_Server_Info, echo.work);
 348
 349        /*
 350         * We cannot send an echo until the NEGOTIATE_PROTOCOL request is
 351         * done, which is indicated by maxBuf != 0. Also, no need to ping if
 352         * we got a response recently
 353         */
 354        if (server->maxBuf == 0 ||
 355            time_before(jiffies, server->lstrp + SMB_ECHO_INTERVAL - HZ))
 356                goto requeue_echo;
 357
 358        rc = CIFSSMBEcho(server);
 359        if (rc)
 360                cFYI(1, "Unable to send echo request to server: %s",
 361                        server->hostname);
 362
 363requeue_echo:
 364        queue_delayed_work(system_nrt_wq, &server->echo, SMB_ECHO_INTERVAL);
 365}
 366
 367static int
 368cifs_demultiplex_thread(struct TCP_Server_Info *server)
 369{
 370        int length;
 371        unsigned int pdu_length, total_read;
 372        struct smb_hdr *smb_buffer = NULL;
 373        struct smb_hdr *bigbuf = NULL;
 374        struct smb_hdr *smallbuf = NULL;
 375        struct msghdr smb_msg;
 376        struct kvec iov;
 377        struct socket *csocket = server->ssocket;
 378        struct list_head *tmp, *tmp2;
 379        struct task_struct *task_to_wake = NULL;
 380        struct mid_q_entry *mid_entry;
 381        char temp;
 382        bool isLargeBuf = false;
 383        bool isMultiRsp;
 384        int reconnect;
 385
 386        current->flags |= PF_MEMALLOC;
 387        cFYI(1, "Demultiplex PID: %d", task_pid_nr(current));
 388
 389        length = atomic_inc_return(&tcpSesAllocCount);
 390        if (length > 1)
 391                mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
 392                                GFP_KERNEL);
 393
 394        set_freezable();
 395        while (server->tcpStatus != CifsExiting) {
 396                if (try_to_freeze())
 397                        continue;
 398                if (bigbuf == NULL) {
 399                        bigbuf = cifs_buf_get();
 400                        if (!bigbuf) {
 401                                cERROR(1, "No memory for large SMB response");
 402                                msleep(3000);
 403                                /* retry will check if exiting */
 404                                continue;
 405                        }
 406                } else if (isLargeBuf) {
 407                        /* we are reusing a dirty large buf, clear its start */
 408                        memset(bigbuf, 0, sizeof(struct smb_hdr));
 409                }
 410
 411                if (smallbuf == NULL) {
 412                        smallbuf = cifs_small_buf_get();
 413                        if (!smallbuf) {
 414                                cERROR(1, "No memory for SMB response");
 415                                msleep(1000);
 416                                /* retry will check if exiting */
 417                                continue;
 418                        }
 419                        /* beginning of smb buffer is cleared in our buf_get */
 420                } else /* if existing small buf clear beginning */
 421                        memset(smallbuf, 0, sizeof(struct smb_hdr));
 422
 423                isLargeBuf = false;
 424                isMultiRsp = false;
 425                smb_buffer = smallbuf;
 426                iov.iov_base = smb_buffer;
 427                iov.iov_len = 4;
 428                smb_msg.msg_control = NULL;
 429                smb_msg.msg_controllen = 0;
 430                pdu_length = 4; /* enough to get RFC1001 header */
 431
 432incomplete_rcv:
 433                if (echo_retries > 0 && server->tcpStatus == CifsGood &&
 434                    time_after(jiffies, server->lstrp +
 435                                        (echo_retries * SMB_ECHO_INTERVAL))) {
 436                        cERROR(1, "Server %s has not responded in %d seconds. "
 437                                  "Reconnecting...", server->hostname,
 438                                  (echo_retries * SMB_ECHO_INTERVAL / HZ));
 439                        cifs_reconnect(server);
 440                        csocket = server->ssocket;
 441                        wake_up(&server->response_q);
 442                        continue;
 443                }
 444
 445                length =
 446                    kernel_recvmsg(csocket, &smb_msg,
 447                                &iov, 1, pdu_length, 0 /* BB other flags? */);
 448
 449                if (server->tcpStatus == CifsExiting) {
 450                        break;
 451                } else if (server->tcpStatus == CifsNeedReconnect) {
 452                        cFYI(1, "Reconnect after server stopped responding");
 453                        cifs_reconnect(server);
 454                        cFYI(1, "call to reconnect done");
 455                        csocket = server->ssocket;
 456                        continue;
 457                } else if (length == -ERESTARTSYS ||
 458                           length == -EAGAIN ||
 459                           length == -EINTR) {
 460                        msleep(1); /* minimum sleep to prevent looping
 461                                allowing socket to clear and app threads to set
 462                                tcpStatus CifsNeedReconnect if server hung */
 463                        if (pdu_length < 4) {
 464                                iov.iov_base = (4 - pdu_length) +
 465                                                        (char *)smb_buffer;
 466                                iov.iov_len = pdu_length;
 467                                smb_msg.msg_control = NULL;
 468                                smb_msg.msg_controllen = 0;
 469                                goto incomplete_rcv;
 470                        } else
 471                                continue;
 472                } else if (length <= 0) {
 473                        cFYI(1, "Reconnect after unexpected peek error %d",
 474                                length);
 475                        cifs_reconnect(server);
 476                        csocket = server->ssocket;
 477                        wake_up(&server->response_q);
 478                        continue;
 479                } else if (length < pdu_length) {
 480                        cFYI(1, "requested %d bytes but only got %d bytes",
 481                                  pdu_length, length);
 482                        pdu_length -= length;
 483                        msleep(1);
 484                        goto incomplete_rcv;
 485                }
 486
 487                /* The right amount was read from socket - 4 bytes */
 488                /* so we can now interpret the length field */
 489
 490                /* the first byte big endian of the length field,
 491                is actually not part of the length but the type
 492                with the most common, zero, as regular data */
 493                temp = *((char *) smb_buffer);
 494
 495                /* Note that FC 1001 length is big endian on the wire,
 496                but we convert it here so it is always manipulated
 497                as host byte order */
 498                pdu_length = be32_to_cpu((__force __be32)smb_buffer->smb_buf_length);
 499                smb_buffer->smb_buf_length = pdu_length;
 500
 501                cFYI(1, "rfc1002 length 0x%x", pdu_length+4);
 502
 503                if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
 504                        continue;
 505                } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
 506                        cFYI(1, "Good RFC 1002 session rsp");
 507                        continue;
 508                } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
 509                        /* we get this from Windows 98 instead of
 510                           an error on SMB negprot response */
 511                        cFYI(1, "Negative RFC1002 Session Response Error 0x%x)",
 512                                pdu_length);
 513                        /* give server a second to clean up  */
 514                        msleep(1000);
 515                        /* always try 445 first on reconnect since we get NACK
 516                         * on some if we ever connected to port 139 (the NACK
 517                         * is since we do not begin with RFC1001 session
 518                         * initialize frame)
 519                         */
 520                        cifs_set_port((struct sockaddr *)
 521                                        &server->dstaddr, CIFS_PORT);
 522                        cifs_reconnect(server);
 523                        csocket = server->ssocket;
 524                        wake_up(&server->response_q);
 525                        continue;
 526                } else if (temp != (char) 0) {
 527                        cERROR(1, "Unknown RFC 1002 frame");
 528                        cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
 529                                      length);
 530                        cifs_reconnect(server);
 531                        csocket = server->ssocket;
 532                        continue;
 533                }
 534
 535                /* else we have an SMB response */
 536                if ((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
 537                            (pdu_length < sizeof(struct smb_hdr) - 1 - 4)) {
 538                        cERROR(1, "Invalid size SMB length %d pdu_length %d",
 539                                        length, pdu_length+4);
 540                        cifs_reconnect(server);
 541                        csocket = server->ssocket;
 542                        wake_up(&server->response_q);
 543                        continue;
 544                }
 545
 546                /* else length ok */
 547                reconnect = 0;
 548
 549                if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
 550                        isLargeBuf = true;
 551                        memcpy(bigbuf, smallbuf, 4);
 552                        smb_buffer = bigbuf;
 553                }
 554                length = 0;
 555                iov.iov_base = 4 + (char *)smb_buffer;
 556                iov.iov_len = pdu_length;
 557                for (total_read = 0; total_read < pdu_length;
 558                     total_read += length) {
 559                        length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
 560                                                pdu_length - total_read, 0);
 561                        if (server->tcpStatus == CifsExiting) {
 562                                /* then will exit */
 563                                reconnect = 2;
 564                                break;
 565                        } else if (server->tcpStatus == CifsNeedReconnect) {
 566                                cifs_reconnect(server);
 567                                csocket = server->ssocket;
 568                                /* Reconnect wakes up rspns q */
 569                                /* Now we will reread sock */
 570                                reconnect = 1;
 571                                break;
 572                        } else if (length == -ERESTARTSYS ||
 573                                   length == -EAGAIN ||
 574                                   length == -EINTR) {
 575                                msleep(1); /* minimum sleep to prevent looping,
 576                                              allowing socket to clear and app
 577                                              threads to set tcpStatus
 578                                              CifsNeedReconnect if server hung*/
 579                                length = 0;
 580                                continue;
 581                        } else if (length <= 0) {
 582                                cERROR(1, "Received no data, expecting %d",
 583                                              pdu_length - total_read);
 584                                cifs_reconnect(server);
 585                                csocket = server->ssocket;
 586                                reconnect = 1;
 587                                break;
 588                        }
 589                }
 590                if (reconnect == 2)
 591                        break;
 592                else if (reconnect == 1)
 593                        continue;
 594
 595                total_read += 4; /* account for rfc1002 hdr */
 596
 597                dump_smb(smb_buffer, total_read);
 598
 599                /*
 600                 * We know that we received enough to get to the MID as we
 601                 * checked the pdu_length earlier. Now check to see
 602                 * if the rest of the header is OK. We borrow the length
 603                 * var for the rest of the loop to avoid a new stack var.
 604                 *
 605                 * 48 bytes is enough to display the header and a little bit
 606                 * into the payload for debugging purposes.
 607                 */
 608                length = checkSMB(smb_buffer, smb_buffer->Mid, total_read);
 609                if (length != 0)
 610                        cifs_dump_mem("Bad SMB: ", smb_buffer,
 611                                        min_t(unsigned int, total_read, 48));
 612
 613                mid_entry = NULL;
 614                server->lstrp = jiffies;
 615
 616                spin_lock(&GlobalMid_Lock);
 617                list_for_each_safe(tmp, tmp2, &server->pending_mid_q) {
 618                        mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
 619
 620                        if (mid_entry->mid != smb_buffer->Mid ||
 621                            mid_entry->midState != MID_REQUEST_SUBMITTED ||
 622                            mid_entry->command != smb_buffer->Command) {
 623                                mid_entry = NULL;
 624                                continue;
 625                        }
 626
 627                        if (length == 0 &&
 628                            check2ndT2(smb_buffer, server->maxBuf) > 0) {
 629                                /* We have a multipart transact2 resp */
 630                                isMultiRsp = true;
 631                                if (mid_entry->resp_buf) {
 632                                        /* merge response - fix up 1st*/
 633                                        length = coalesce_t2(smb_buffer,
 634                                                        mid_entry->resp_buf);
 635                                        if (length > 0) {
 636                                                length = 0;
 637                                                mid_entry->multiRsp = true;
 638                                                break;
 639                                        } else {
 640                                                /* all parts received or
 641                                                 * packet is malformed
 642                                                 */
 643                                                mid_entry->multiEnd = true;
 644                                                goto multi_t2_fnd;
 645                                        }
 646                                } else {
 647                                        if (!isLargeBuf) {
 648                                                /*
 649                                                 * FIXME: switch to already
 650                                                 *        allocated largebuf?
 651                                                 */
 652                                                cERROR(1, "1st trans2 resp "
 653                                                          "needs bigbuf");
 654                                        } else {
 655                                                /* Have first buffer */
 656                                                mid_entry->resp_buf =
 657                                                         smb_buffer;
 658                                                mid_entry->largeBuf = true;
 659                                                bigbuf = NULL;
 660                                        }
 661                                }
 662                                break;
 663                        }
 664                        mid_entry->resp_buf = smb_buffer;
 665                        mid_entry->largeBuf = isLargeBuf;
 666multi_t2_fnd:
 667                        if (length == 0)
 668                                mid_entry->midState = MID_RESPONSE_RECEIVED;
 669                        else
 670                                mid_entry->midState = MID_RESPONSE_MALFORMED;
 671#ifdef CONFIG_CIFS_STATS2
 672                        mid_entry->when_received = jiffies;
 673#endif
 674                        list_del_init(&mid_entry->qhead);
 675                        mid_entry->callback(mid_entry);
 676                        break;
 677                }
 678                spin_unlock(&GlobalMid_Lock);
 679
 680                if (mid_entry != NULL) {
 681                        /* Was previous buf put in mpx struct for multi-rsp? */
 682                        if (!isMultiRsp) {
 683                                /* smb buffer will be freed by user thread */
 684                                if (isLargeBuf)
 685                                        bigbuf = NULL;
 686                                else
 687                                        smallbuf = NULL;
 688                        }
 689                } else if (length != 0) {
 690                        /* response sanity checks failed */
 691                        continue;
 692                } else if (!is_valid_oplock_break(smb_buffer, server) &&
 693                           !isMultiRsp) {
 694                        cERROR(1, "No task to wake, unknown frame received! "
 695                                   "NumMids %d", atomic_read(&midCount));
 696                        cifs_dump_mem("Received Data is: ", (char *)smb_buffer,
 697                                      sizeof(struct smb_hdr));
 698#ifdef CONFIG_CIFS_DEBUG2
 699                        cifs_dump_detail(smb_buffer);
 700                        cifs_dump_mids(server);
 701#endif /* CIFS_DEBUG2 */
 702
 703                }
 704        } /* end while !EXITING */
 705
 706        /* take it off the list, if it's not already */
 707        spin_lock(&cifs_tcp_ses_lock);
 708        list_del_init(&server->tcp_ses_list);
 709        spin_unlock(&cifs_tcp_ses_lock);
 710
 711        spin_lock(&GlobalMid_Lock);
 712        server->tcpStatus = CifsExiting;
 713        spin_unlock(&GlobalMid_Lock);
 714        wake_up_all(&server->response_q);
 715
 716        /* check if we have blocked requests that need to free */
 717        /* Note that cifs_max_pending is normally 50, but
 718        can be set at module install time to as little as two */
 719        spin_lock(&GlobalMid_Lock);
 720        if (atomic_read(&server->inFlight) >= cifs_max_pending)
 721                atomic_set(&server->inFlight, cifs_max_pending - 1);
 722        /* We do not want to set the max_pending too low or we
 723        could end up with the counter going negative */
 724        spin_unlock(&GlobalMid_Lock);
 725        /* Although there should not be any requests blocked on
 726        this queue it can not hurt to be paranoid and try to wake up requests
 727        that may haven been blocked when more than 50 at time were on the wire
 728        to the same server - they now will see the session is in exit state
 729        and get out of SendReceive.  */
 730        wake_up_all(&server->request_q);
 731        /* give those requests time to exit */
 732        msleep(125);
 733
 734        if (server->ssocket) {
 735                sock_release(csocket);
 736                server->ssocket = NULL;
 737        }
 738        /* buffer usuallly freed in free_mid - need to free it here on exit */
 739        cifs_buf_release(bigbuf);
 740        if (smallbuf) /* no sense logging a debug message if NULL */
 741                cifs_small_buf_release(smallbuf);
 742
 743        if (!list_empty(&server->pending_mid_q)) {
 744                spin_lock(&GlobalMid_Lock);
 745                list_for_each_safe(tmp, tmp2, &server->pending_mid_q) {
 746                        mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
 747                        cFYI(1, "Clearing Mid 0x%x - issuing callback",
 748                                         mid_entry->mid);
 749                        list_del_init(&mid_entry->qhead);
 750                        mid_entry->callback(mid_entry);
 751                }
 752                spin_unlock(&GlobalMid_Lock);
 753                /* 1/8th of sec is more than enough time for them to exit */
 754                msleep(125);
 755        }
 756
 757        if (!list_empty(&server->pending_mid_q)) {
 758                /* mpx threads have not exited yet give them
 759                at least the smb send timeout time for long ops */
 760                /* due to delays on oplock break requests, we need
 761                to wait at least 45 seconds before giving up
 762                on a request getting a response and going ahead
 763                and killing cifsd */
 764                cFYI(1, "Wait for exit from demultiplex thread");
 765                msleep(46000);
 766                /* if threads still have not exited they are probably never
 767                coming home not much else we can do but free the memory */
 768        }
 769
 770        kfree(server->hostname);
 771        task_to_wake = xchg(&server->tsk, NULL);
 772        kfree(server);
 773
 774        length = atomic_dec_return(&tcpSesAllocCount);
 775        if (length  > 0)
 776                mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
 777                                GFP_KERNEL);
 778
 779        /* if server->tsk was NULL then wait for a signal before exiting */
 780        if (!task_to_wake) {
 781                set_current_state(TASK_INTERRUPTIBLE);
 782                while (!signal_pending(current)) {
 783                        schedule();
 784                        set_current_state(TASK_INTERRUPTIBLE);
 785                }
 786                set_current_state(TASK_RUNNING);
 787        }
 788
 789        module_put_and_exit(0);
 790}
 791
 792/* extract the host portion of the UNC string */
 793static char *
 794extract_hostname(const char *unc)
 795{
 796        const char *src;
 797        char *dst, *delim;
 798        unsigned int len;
 799
 800        /* skip double chars at beginning of string */
 801        /* BB: check validity of these bytes? */
 802        src = unc + 2;
 803
 804        /* delimiter between hostname and sharename is always '\\' now */
 805        delim = strchr(src, '\\');
 806        if (!delim)
 807                return ERR_PTR(-EINVAL);
 808
 809        len = delim - src;
 810        dst = kmalloc((len + 1), GFP_KERNEL);
 811        if (dst == NULL)
 812                return ERR_PTR(-ENOMEM);
 813
 814        memcpy(dst, src, len);
 815        dst[len] = '\0';
 816
 817        return dst;
 818}
 819
 820static int
 821cifs_parse_mount_options(char *options, const char *devname,
 822                         struct smb_vol *vol)
 823{
 824        char *value, *data, *end;
 825        unsigned int  temp_len, i, j;
 826        char separator[2];
 827        short int override_uid = -1;
 828        short int override_gid = -1;
 829        bool uid_specified = false;
 830        bool gid_specified = false;
 831        char *nodename = utsname()->nodename;
 832
 833        separator[0] = ',';
 834        separator[1] = 0;
 835
 836        /*
 837         * does not have to be perfect mapping since field is
 838         * informational, only used for servers that do not support
 839         * port 445 and it can be overridden at mount time
 840         */
 841        memset(vol->source_rfc1001_name, 0x20, RFC1001_NAME_LEN);
 842        for (i = 0; i < strnlen(nodename, RFC1001_NAME_LEN); i++)
 843                vol->source_rfc1001_name[i] = toupper(nodename[i]);
 844
 845        vol->source_rfc1001_name[RFC1001_NAME_LEN] = 0;
 846        /* null target name indicates to use *SMBSERVR default called name
 847           if we end up sending RFC1001 session initialize */
 848        vol->target_rfc1001_name[0] = 0;
 849        vol->cred_uid = current_uid();
 850        vol->linux_uid = current_uid();
 851        vol->linux_gid = current_gid();
 852
 853        /* default to only allowing write access to owner of the mount */
 854        vol->dir_mode = vol->file_mode = S_IRUGO | S_IXUGO | S_IWUSR;
 855
 856        /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
 857        /* default is always to request posix paths. */
 858        vol->posix_paths = 1;
 859        /* default to using server inode numbers where available */
 860        vol->server_ino = 1;
 861
 862        vol->actimeo = CIFS_DEF_ACTIMEO;
 863
 864        if (!options)
 865                return 1;
 866
 867        end = options + strlen(options);
 868        if (strncmp(options, "sep=", 4) == 0) {
 869                if (options[4] != 0) {
 870                        separator[0] = options[4];
 871                        options += 5;
 872                } else {
 873                        cFYI(1, "Null separator not allowed");
 874                }
 875        }
 876
 877        while ((data = strsep(&options, separator)) != NULL) {
 878                if (!*data)
 879                        continue;
 880                if ((value = strchr(data, '=')) != NULL)
 881                        *value++ = '\0';
 882
 883                /* Have to parse this before we parse for "user" */
 884                if (strnicmp(data, "user_xattr", 10) == 0) {
 885                        vol->no_xattr = 0;
 886                } else if (strnicmp(data, "nouser_xattr", 12) == 0) {
 887                        vol->no_xattr = 1;
 888                } else if (strnicmp(data, "user", 4) == 0) {
 889                        if (!value) {
 890                                printk(KERN_WARNING
 891                                       "CIFS: invalid or missing username\n");
 892                                return 1;       /* needs_arg; */
 893                        } else if (!*value) {
 894                                /* null user, ie anonymous, authentication */
 895                                vol->nullauth = 1;
 896                        }
 897                        if (strnlen(value, MAX_USERNAME_SIZE) <
 898                                                MAX_USERNAME_SIZE) {
 899                                vol->username = value;
 900                        } else {
 901                                printk(KERN_WARNING "CIFS: username too long\n");
 902                                return 1;
 903                        }
 904                } else if (strnicmp(data, "pass", 4) == 0) {
 905                        if (!value) {
 906                                vol->password = NULL;
 907                                continue;
 908                        } else if (value[0] == 0) {
 909                                /* check if string begins with double comma
 910                                   since that would mean the password really
 911                                   does start with a comma, and would not
 912                                   indicate an empty string */
 913                                if (value[1] != separator[0]) {
 914                                        vol->password = NULL;
 915                                        continue;
 916                                }
 917                        }
 918                        temp_len = strlen(value);
 919                        /* removed password length check, NTLM passwords
 920                                can be arbitrarily long */
 921
 922                        /* if comma in password, the string will be
 923                        prematurely null terminated.  Commas in password are
 924                        specified across the cifs mount interface by a double
 925                        comma ie ,, and a comma used as in other cases ie ','
 926                        as a parameter delimiter/separator is single and due
 927                        to the strsep above is temporarily zeroed. */
 928
 929                        /* NB: password legally can have multiple commas and
 930                        the only illegal character in a password is null */
 931
 932                        if ((value[temp_len] == 0) &&
 933                            (value + temp_len < end) &&
 934                            (value[temp_len+1] == separator[0])) {
 935                                /* reinsert comma */
 936                                value[temp_len] = separator[0];
 937                                temp_len += 2;  /* move after second comma */
 938                                while (value[temp_len] != 0)  {
 939                                        if (value[temp_len] == separator[0]) {
 940                                                if (value[temp_len+1] ==
 941                                                     separator[0]) {
 942                                                /* skip second comma */
 943                                                        temp_len++;
 944                                                } else {
 945                                                /* single comma indicating start
 946                                                         of next parm */
 947                                                        break;
 948                                                }
 949                                        }
 950                                        temp_len++;
 951                                }
 952                                if (value[temp_len] == 0) {
 953                                        options = NULL;
 954                                } else {
 955                                        value[temp_len] = 0;
 956                                        /* point option to start of next parm */
 957                                        options = value + temp_len + 1;
 958                                }
 959                                /* go from value to value + temp_len condensing
 960                                double commas to singles. Note that this ends up
 961                                allocating a few bytes too many, which is ok */
 962                                vol->password = kzalloc(temp_len, GFP_KERNEL);
 963                                if (vol->password == NULL) {
 964                                        printk(KERN_WARNING "CIFS: no memory "
 965                                                            "for password\n");
 966                                        return 1;
 967                                }
 968                                for (i = 0, j = 0; i < temp_len; i++, j++) {
 969                                        vol->password[j] = value[i];
 970                                        if (value[i] == separator[0]
 971                                                && value[i+1] == separator[0]) {
 972                                                /* skip second comma */
 973                                                i++;
 974                                        }
 975                                }
 976                                vol->password[j] = 0;
 977                        } else {
 978                                vol->password = kzalloc(temp_len+1, GFP_KERNEL);
 979                                if (vol->password == NULL) {
 980                                        printk(KERN_WARNING "CIFS: no memory "
 981                                                            "for password\n");
 982                                        return 1;
 983                                }
 984                                strcpy(vol->password, value);
 985                        }
 986                } else if (!strnicmp(data, "ip", 2) ||
 987                           !strnicmp(data, "addr", 4)) {
 988                        if (!value || !*value) {
 989                                vol->UNCip = NULL;
 990                        } else if (strnlen(value, INET6_ADDRSTRLEN) <
 991                                                        INET6_ADDRSTRLEN) {
 992                                vol->UNCip = value;
 993                        } else {
 994                                printk(KERN_WARNING "CIFS: ip address "
 995                                                    "too long\n");
 996                                return 1;
 997                        }
 998                } else if (strnicmp(data, "sec", 3) == 0) {
 999                        if (!value || !*value) {
1000                                cERROR(1, "no security value specified");
1001                                continue;
1002                        } else if (strnicmp(value, "krb5i", 5) == 0) {
1003                                vol->secFlg |= CIFSSEC_MAY_KRB5 |
1004                                        CIFSSEC_MUST_SIGN;
1005                        } else if (strnicmp(value, "krb5p", 5) == 0) {
1006                                /* vol->secFlg |= CIFSSEC_MUST_SEAL |
1007                                        CIFSSEC_MAY_KRB5; */
1008                                cERROR(1, "Krb5 cifs privacy not supported");
1009                                return 1;
1010                        } else if (strnicmp(value, "krb5", 4) == 0) {
1011                                vol->secFlg |= CIFSSEC_MAY_KRB5;
1012                        } else if (strnicmp(value, "ntlmsspi", 8) == 0) {
1013                                vol->secFlg |= CIFSSEC_MAY_NTLMSSP |
1014                                        CIFSSEC_MUST_SIGN;
1015                        } else if (strnicmp(value, "ntlmssp", 7) == 0) {
1016                                vol->secFlg |= CIFSSEC_MAY_NTLMSSP;
1017                        } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
1018                                vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
1019                                        CIFSSEC_MUST_SIGN;
1020                        } else if (strnicmp(value, "ntlmv2", 6) == 0) {
1021                                vol->secFlg |= CIFSSEC_MAY_NTLMV2;
1022                        } else if (strnicmp(value, "ntlmi", 5) == 0) {
1023                                vol->secFlg |= CIFSSEC_MAY_NTLM |
1024                                        CIFSSEC_MUST_SIGN;
1025                        } else if (strnicmp(value, "ntlm", 4) == 0) {
1026                                /* ntlm is default so can be turned off too */
1027                                vol->secFlg |= CIFSSEC_MAY_NTLM;
1028                        } else if (strnicmp(value, "nontlm", 6) == 0) {
1029                                /* BB is there a better way to do this? */
1030                                vol->secFlg |= CIFSSEC_MAY_NTLMV2;
1031#ifdef CONFIG_CIFS_WEAK_PW_HASH
1032                        } else if (strnicmp(value, "lanman", 6) == 0) {
1033                                vol->secFlg |= CIFSSEC_MAY_LANMAN;
1034#endif
1035                        } else if (strnicmp(value, "none", 4) == 0) {
1036                                vol->nullauth = 1;
1037                        } else {
1038                                cERROR(1, "bad security option: %s", value);
1039                                return 1;
1040                        }
1041                } else if ((strnicmp(data, "unc", 3) == 0)
1042                           || (strnicmp(data, "target", 6) == 0)
1043                           || (strnicmp(data, "path", 4) == 0)) {
1044                        if (!value || !*value) {
1045                                printk(KERN_WARNING "CIFS: invalid path to "
1046                                                    "network resource\n");
1047                                return 1;       /* needs_arg; */
1048                        }
1049                        if ((temp_len = strnlen(value, 300)) < 300) {
1050                                vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1051                                if (vol->UNC == NULL)
1052                                        return 1;
1053                                strcpy(vol->UNC, value);
1054                                if (strncmp(vol->UNC, "//", 2) == 0) {
1055                                        vol->UNC[0] = '\\';
1056                                        vol->UNC[1] = '\\';
1057                                } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1058                                        printk(KERN_WARNING
1059                                               "CIFS: UNC Path does not begin "
1060                                               "with // or \\\\ \n");
1061                                        return 1;
1062                                }
1063                        } else {
1064                                printk(KERN_WARNING "CIFS: UNC name too long\n");
1065                                return 1;
1066                        }
1067                } else if ((strnicmp(data, "domain", 3) == 0)
1068                           || (strnicmp(data, "workgroup", 5) == 0)) {
1069                        if (!value || !*value) {
1070                                printk(KERN_WARNING "CIFS: invalid domain name\n");
1071                                return 1;       /* needs_arg; */
1072                        }
1073                        /* BB are there cases in which a comma can be valid in
1074                        a domain name and need special handling? */
1075                        if (strnlen(value, 256) < 256) {
1076                                vol->domainname = value;
1077                                cFYI(1, "Domain name set");
1078                        } else {
1079                                printk(KERN_WARNING "CIFS: domain name too "
1080                                                    "long\n");
1081                                return 1;
1082                        }
1083                } else if (strnicmp(data, "srcaddr", 7) == 0) {
1084                        vol->srcaddr.ss_family = AF_UNSPEC;
1085
1086                        if (!value || !*value) {
1087                                printk(KERN_WARNING "CIFS: srcaddr value"
1088                                       " not specified.\n");
1089                                return 1;       /* needs_arg; */
1090                        }
1091                        i = cifs_convert_address((struct sockaddr *)&vol->srcaddr,
1092                                                 value, strlen(value));
1093                        if (i == 0) {
1094                                printk(KERN_WARNING "CIFS:  Could not parse"
1095                                       " srcaddr: %s\n",
1096                                       value);
1097                                return 1;
1098                        }
1099                } else if (strnicmp(data, "prefixpath", 10) == 0) {
1100                        if (!value || !*value) {
1101                                printk(KERN_WARNING
1102                                        "CIFS: invalid path prefix\n");
1103                                return 1;       /* needs_argument */
1104                        }
1105                        if ((temp_len = strnlen(value, 1024)) < 1024) {
1106                                if (value[0] != '/')
1107                                        temp_len++;  /* missing leading slash */
1108                                vol->prepath = kmalloc(temp_len+1, GFP_KERNEL);
1109                                if (vol->prepath == NULL)
1110                                        return 1;
1111                                if (value[0] != '/') {
1112                                        vol->prepath[0] = '/';
1113                                        strcpy(vol->prepath+1, value);
1114                                } else
1115                                        strcpy(vol->prepath, value);
1116                                cFYI(1, "prefix path %s", vol->prepath);
1117                        } else {
1118                                printk(KERN_WARNING "CIFS: prefix too long\n");
1119                                return 1;
1120                        }
1121                } else if (strnicmp(data, "iocharset", 9) == 0) {
1122                        if (!value || !*value) {
1123                                printk(KERN_WARNING "CIFS: invalid iocharset "
1124                                                    "specified\n");
1125                                return 1;       /* needs_arg; */
1126                        }
1127                        if (strnlen(value, 65) < 65) {
1128                                if (strnicmp(value, "default", 7))
1129                                        vol->iocharset = value;
1130                                /* if iocharset not set then load_nls_default
1131                                   is used by caller */
1132                                cFYI(1, "iocharset set to %s", value);
1133                        } else {
1134                                printk(KERN_WARNING "CIFS: iocharset name "
1135                                                    "too long.\n");
1136                                return 1;
1137                        }
1138                } else if (!strnicmp(data, "uid", 3) && value && *value) {
1139                        vol->linux_uid = simple_strtoul(value, &value, 0);
1140                        uid_specified = true;
1141                } else if (!strnicmp(data, "cruid", 5) && value && *value) {
1142                        vol->cred_uid = simple_strtoul(value, &value, 0);
1143                } else if (!strnicmp(data, "forceuid", 8)) {
1144                        override_uid = 1;
1145                } else if (!strnicmp(data, "noforceuid", 10)) {
1146                        override_uid = 0;
1147                } else if (!strnicmp(data, "gid", 3) && value && *value) {
1148                        vol->linux_gid = simple_strtoul(value, &value, 0);
1149                        gid_specified = true;
1150                } else if (!strnicmp(data, "forcegid", 8)) {
1151                        override_gid = 1;
1152                } else if (!strnicmp(data, "noforcegid", 10)) {
1153                        override_gid = 0;
1154                } else if (strnicmp(data, "file_mode", 4) == 0) {
1155                        if (value && *value) {
1156                                vol->file_mode =
1157                                        simple_strtoul(value, &value, 0);
1158                        }
1159                } else if (strnicmp(data, "dir_mode", 4) == 0) {
1160                        if (value && *value) {
1161                                vol->dir_mode =
1162                                        simple_strtoul(value, &value, 0);
1163                        }
1164                } else if (strnicmp(data, "dirmode", 4) == 0) {
1165                        if (value && *value) {
1166                                vol->dir_mode =
1167                                        simple_strtoul(value, &value, 0);
1168                        }
1169                } else if (strnicmp(data, "port", 4) == 0) {
1170                        if (value && *value) {
1171                                vol->port =
1172                                        simple_strtoul(value, &value, 0);
1173                        }
1174                } else if (strnicmp(data, "rsize", 5) == 0) {
1175                        if (value && *value) {
1176                                vol->rsize =
1177                                        simple_strtoul(value, &value, 0);
1178                        }
1179                } else if (strnicmp(data, "wsize", 5) == 0) {
1180                        if (value && *value) {
1181                                vol->wsize =
1182                                        simple_strtoul(value, &value, 0);
1183                        }
1184                } else if (strnicmp(data, "sockopt", 5) == 0) {
1185                        if (!value || !*value) {
1186                                cERROR(1, "no socket option specified");
1187                                continue;
1188                        } else if (strnicmp(value, "TCP_NODELAY", 11) == 0) {
1189                                vol->sockopt_tcp_nodelay = 1;
1190                        }
1191                } else if (strnicmp(data, "netbiosname", 4) == 0) {
1192                        if (!value || !*value || (*value == ' ')) {
1193                                cFYI(1, "invalid (empty) netbiosname");
1194                        } else {
1195                                memset(vol->source_rfc1001_name, 0x20,
1196                                        RFC1001_NAME_LEN);
1197                                /*
1198                                 * FIXME: are there cases in which a comma can
1199                                 * be valid in workstation netbios name (and
1200                                 * need special handling)?
1201                                 */
1202                                for (i = 0; i < RFC1001_NAME_LEN; i++) {
1203                                        /* don't ucase netbiosname for user */
1204                                        if (value[i] == 0)
1205                                                break;
1206                                        vol->source_rfc1001_name[i] = value[i];
1207                                }
1208                                /* The string has 16th byte zero still from
1209                                set at top of the function  */
1210                                if (i == RFC1001_NAME_LEN && value[i] != 0)
1211                                        printk(KERN_WARNING "CIFS: netbiosname"
1212                                                " longer than 15 truncated.\n");
1213                        }
1214                } else if (strnicmp(data, "servern", 7) == 0) {
1215                        /* servernetbiosname specified override *SMBSERVER */
1216                        if (!value || !*value || (*value == ' ')) {
1217                                cFYI(1, "empty server netbiosname specified");
1218                        } else {
1219                                /* last byte, type, is 0x20 for servr type */
1220                                memset(vol->target_rfc1001_name, 0x20,
1221                                        RFC1001_NAME_LEN_WITH_NULL);
1222
1223                                for (i = 0; i < 15; i++) {
1224                                /* BB are there cases in which a comma can be
1225                                   valid in this workstation netbios name
1226                                   (and need special handling)? */
1227
1228                                /* user or mount helper must uppercase
1229                                   the netbiosname */
1230                                        if (value[i] == 0)
1231                                                break;
1232                                        else
1233                                                vol->target_rfc1001_name[i] =
1234                                                                value[i];
1235                                }
1236                                /* The string has 16th byte zero still from
1237                                   set at top of the function  */
1238                                if (i == RFC1001_NAME_LEN && value[i] != 0)
1239                                        printk(KERN_WARNING "CIFS: server net"
1240                                        "biosname longer than 15 truncated.\n");
1241                        }
1242                } else if (strnicmp(data, "actimeo", 7) == 0) {
1243                        if (value && *value) {
1244                                vol->actimeo = HZ * simple_strtoul(value,
1245                                                                   &value, 0);
1246                                if (vol->actimeo > CIFS_MAX_ACTIMEO) {
1247                                        cERROR(1, "CIFS: attribute cache"
1248                                                        "timeout too large");
1249                                        return 1;
1250                                }
1251                        }
1252                } else if (strnicmp(data, "credentials", 4) == 0) {
1253                        /* ignore */
1254                } else if (strnicmp(data, "version", 3) == 0) {
1255                        /* ignore */
1256                } else if (strnicmp(data, "guest", 5) == 0) {
1257                        /* ignore */
1258                } else if (strnicmp(data, "rw", 2) == 0) {
1259                        /* ignore */
1260                } else if (strnicmp(data, "ro", 2) == 0) {
1261                        /* ignore */
1262                } else if (strnicmp(data, "noblocksend", 11) == 0) {
1263                        vol->noblocksnd = 1;
1264                } else if (strnicmp(data, "noautotune", 10) == 0) {
1265                        vol->noautotune = 1;
1266                } else if ((strnicmp(data, "suid", 4) == 0) ||
1267                                   (strnicmp(data, "nosuid", 6) == 0) ||
1268                                   (strnicmp(data, "exec", 4) == 0) ||
1269                                   (strnicmp(data, "noexec", 6) == 0) ||
1270                                   (strnicmp(data, "nodev", 5) == 0) ||
1271                                   (strnicmp(data, "noauto", 6) == 0) ||
1272                                   (strnicmp(data, "dev", 3) == 0)) {
1273                        /*  The mount tool or mount.cifs helper (if present)
1274                            uses these opts to set flags, and the flags are read
1275                            by the kernel vfs layer before we get here (ie
1276                            before read super) so there is no point trying to
1277                            parse these options again and set anything and it
1278                            is ok to just ignore them */
1279                        continue;
1280                } else if (strnicmp(data, "hard", 4) == 0) {
1281                        vol->retry = 1;
1282                } else if (strnicmp(data, "soft", 4) == 0) {
1283                        vol->retry = 0;
1284                } else if (strnicmp(data, "perm", 4) == 0) {
1285                        vol->noperm = 0;
1286                } else if (strnicmp(data, "noperm", 6) == 0) {
1287                        vol->noperm = 1;
1288                } else if (strnicmp(data, "mapchars", 8) == 0) {
1289                        vol->remap = 1;
1290                } else if (strnicmp(data, "nomapchars", 10) == 0) {
1291                        vol->remap = 0;
1292                } else if (strnicmp(data, "sfu", 3) == 0) {
1293                        vol->sfu_emul = 1;
1294                } else if (strnicmp(data, "nosfu", 5) == 0) {
1295                        vol->sfu_emul = 0;
1296                } else if (strnicmp(data, "nodfs", 5) == 0) {
1297                        vol->nodfs = 1;
1298                } else if (strnicmp(data, "posixpaths", 10) == 0) {
1299                        vol->posix_paths = 1;
1300                } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1301                        vol->posix_paths = 0;
1302                } else if (strnicmp(data, "nounix", 6) == 0) {
1303                        vol->no_linux_ext = 1;
1304                } else if (strnicmp(data, "nolinux", 7) == 0) {
1305                        vol->no_linux_ext = 1;
1306                } else if ((strnicmp(data, "nocase", 6) == 0) ||
1307                           (strnicmp(data, "ignorecase", 10)  == 0)) {
1308                        vol->nocase = 1;
1309                } else if (strnicmp(data, "mand", 4) == 0) {
1310                        /* ignore */
1311                } else if (strnicmp(data, "nomand", 6) == 0) {
1312                        /* ignore */
1313                } else if (strnicmp(data, "_netdev", 7) == 0) {
1314                        /* ignore */
1315                } else if (strnicmp(data, "brl", 3) == 0) {
1316                        vol->nobrl =  0;
1317                } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1318                           (strnicmp(data, "nolock", 6) == 0)) {
1319                        vol->nobrl =  1;
1320                        /* turn off mandatory locking in mode
1321                        if remote locking is turned off since the
1322                        local vfs will do advisory */
1323                        if (vol->file_mode ==
1324                                (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1325                                vol->file_mode = S_IALLUGO;
1326                } else if (strnicmp(data, "forcemandatorylock", 9) == 0) {
1327                        /* will take the shorter form "forcemand" as well */
1328                        /* This mount option will force use of mandatory
1329                          (DOS/Windows style) byte range locks, instead of
1330                          using posix advisory byte range locks, even if the
1331                          Unix extensions are available and posix locks would
1332                          be supported otherwise. If Unix extensions are not
1333                          negotiated this has no effect since mandatory locks
1334                          would be used (mandatory locks is all that those
1335                          those servers support) */
1336                        vol->mand_lock = 1;
1337                } else if (strnicmp(data, "setuids", 7) == 0) {
1338                        vol->setuids = 1;
1339                } else if (strnicmp(data, "nosetuids", 9) == 0) {
1340                        vol->setuids = 0;
1341                } else if (strnicmp(data, "dynperm", 7) == 0) {
1342                        vol->dynperm = true;
1343                } else if (strnicmp(data, "nodynperm", 9) == 0) {
1344                        vol->dynperm = false;
1345                } else if (strnicmp(data, "nohard", 6) == 0) {
1346                        vol->retry = 0;
1347                } else if (strnicmp(data, "nosoft", 6) == 0) {
1348                        vol->retry = 1;
1349                } else if (strnicmp(data, "nointr", 6) == 0) {
1350                        vol->intr = 0;
1351                } else if (strnicmp(data, "intr", 4) == 0) {
1352                        vol->intr = 1;
1353                } else if (strnicmp(data, "nostrictsync", 12) == 0) {
1354                        vol->nostrictsync = 1;
1355                } else if (strnicmp(data, "strictsync", 10) == 0) {
1356                        vol->nostrictsync = 0;
1357                } else if (strnicmp(data, "serverino", 7) == 0) {
1358                        vol->server_ino = 1;
1359                } else if (strnicmp(data, "noserverino", 9) == 0) {
1360                        vol->server_ino = 0;
1361                } else if (strnicmp(data, "cifsacl", 7) == 0) {
1362                        vol->cifs_acl = 1;
1363                } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1364                        vol->cifs_acl = 0;
1365                } else if (strnicmp(data, "acl", 3) == 0) {
1366                        vol->no_psx_acl = 0;
1367                } else if (strnicmp(data, "noacl", 5) == 0) {
1368                        vol->no_psx_acl = 1;
1369                } else if (strnicmp(data, "locallease", 6) == 0) {
1370                        vol->local_lease = 1;
1371                } else if (strnicmp(data, "sign", 4) == 0) {
1372                        vol->secFlg |= CIFSSEC_MUST_SIGN;
1373                } else if (strnicmp(data, "seal", 4) == 0) {
1374                        /* we do not do the following in secFlags because seal
1375                           is a per tree connection (mount) not a per socket
1376                           or per-smb connection option in the protocol */
1377                        /* vol->secFlg |= CIFSSEC_MUST_SEAL; */
1378                        vol->seal = 1;
1379                } else if (strnicmp(data, "direct", 6) == 0) {
1380                        vol->direct_io = 1;
1381                } else if (strnicmp(data, "forcedirectio", 13) == 0) {
1382                        vol->direct_io = 1;
1383                } else if (strnicmp(data, "strictcache", 11) == 0) {
1384                        vol->strict_io = 1;
1385                } else if (strnicmp(data, "noac", 4) == 0) {
1386                        printk(KERN_WARNING "CIFS: Mount option noac not "
1387                                "supported. Instead set "
1388                                "/proc/fs/cifs/LookupCacheEnabled to 0\n");
1389                } else if (strnicmp(data, "fsc", 3) == 0) {
1390#ifndef CONFIG_CIFS_FSCACHE
1391                        cERROR(1, "FS-Cache support needs CONFIG_CIFS_FSCACHE"
1392                                  "kernel config option set");
1393                        return 1;
1394#endif
1395                        vol->fsc = true;
1396                } else if (strnicmp(data, "mfsymlinks", 10) == 0) {
1397                        vol->mfsymlinks = true;
1398                } else if (strnicmp(data, "multiuser", 8) == 0) {
1399                        vol->multiuser = true;
1400                } else
1401                        printk(KERN_WARNING "CIFS: Unknown mount option %s\n",
1402                                                data);
1403        }
1404        if (vol->UNC == NULL) {
1405                if (devname == NULL) {
1406                        printk(KERN_WARNING "CIFS: Missing UNC name for mount "
1407                                                "target\n");
1408                        return 1;
1409                }
1410                if ((temp_len = strnlen(devname, 300)) < 300) {
1411                        vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1412                        if (vol->UNC == NULL)
1413                                return 1;
1414                        strcpy(vol->UNC, devname);
1415                        if (strncmp(vol->UNC, "//", 2) == 0) {
1416                                vol->UNC[0] = '\\';
1417                                vol->UNC[1] = '\\';
1418                        } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1419                                printk(KERN_WARNING "CIFS: UNC Path does not "
1420                                                    "begin with // or \\\\ \n");
1421                                return 1;
1422                        }
1423                        value = strpbrk(vol->UNC+2, "/\\");
1424                        if (value)
1425                                *value = '\\';
1426                } else {
1427                        printk(KERN_WARNING "CIFS: UNC name too long\n");
1428                        return 1;
1429                }
1430        }
1431
1432        if (vol->multiuser && !(vol->secFlg & CIFSSEC_MAY_KRB5)) {
1433                cERROR(1, "Multiuser mounts currently require krb5 "
1434                          "authentication!");
1435                return 1;
1436        }
1437
1438        if (vol->UNCip == NULL)
1439                vol->UNCip = &vol->UNC[2];
1440
1441        if (uid_specified)
1442                vol->override_uid = override_uid;
1443        else if (override_uid == 1)
1444                printk(KERN_NOTICE "CIFS: ignoring forceuid mount option "
1445                                   "specified with no uid= option.\n");
1446
1447        if (gid_specified)
1448                vol->override_gid = override_gid;
1449        else if (override_gid == 1)
1450                printk(KERN_NOTICE "CIFS: ignoring forcegid mount option "
1451                                   "specified with no gid= option.\n");
1452
1453        return 0;
1454}
1455
1456/** Returns true if srcaddr isn't specified and rhs isn't
1457 * specified, or if srcaddr is specified and
1458 * matches the IP address of the rhs argument.
1459 */
1460static bool
1461srcip_matches(struct sockaddr *srcaddr, struct sockaddr *rhs)
1462{
1463        switch (srcaddr->sa_family) {
1464        case AF_UNSPEC:
1465                return (rhs->sa_family == AF_UNSPEC);
1466        case AF_INET: {
1467                struct sockaddr_in *saddr4 = (struct sockaddr_in *)srcaddr;
1468                struct sockaddr_in *vaddr4 = (struct sockaddr_in *)rhs;
1469                return (saddr4->sin_addr.s_addr == vaddr4->sin_addr.s_addr);
1470        }
1471        case AF_INET6: {
1472                struct sockaddr_in6 *saddr6 = (struct sockaddr_in6 *)srcaddr;
1473                struct sockaddr_in6 *vaddr6 = (struct sockaddr_in6 *)&rhs;
1474                return ipv6_addr_equal(&saddr6->sin6_addr, &vaddr6->sin6_addr);
1475        }
1476        default:
1477                WARN_ON(1);
1478                return false; /* don't expect to be here */
1479        }
1480}
1481
1482/*
1483 * If no port is specified in addr structure, we try to match with 445 port
1484 * and if it fails - with 139 ports. It should be called only if address
1485 * families of server and addr are equal.
1486 */
1487static bool
1488match_port(struct TCP_Server_Info *server, struct sockaddr *addr)
1489{
1490        __be16 port, *sport;
1491
1492        switch (addr->sa_family) {
1493        case AF_INET:
1494                sport = &((struct sockaddr_in *) &server->dstaddr)->sin_port;
1495                port = ((struct sockaddr_in *) addr)->sin_port;
1496                break;
1497        case AF_INET6:
1498                sport = &((struct sockaddr_in6 *) &server->dstaddr)->sin6_port;
1499                port = ((struct sockaddr_in6 *) addr)->sin6_port;
1500                break;
1501        default:
1502                WARN_ON(1);
1503                return false;
1504        }
1505
1506        if (!port) {
1507                port = htons(CIFS_PORT);
1508                if (port == *sport)
1509                        return true;
1510
1511                port = htons(RFC1001_PORT);
1512        }
1513
1514        return port == *sport;
1515}
1516
1517static bool
1518match_address(struct TCP_Server_Info *server, struct sockaddr *addr,
1519              struct sockaddr *srcaddr)
1520{
1521        switch (addr->sa_family) {
1522        case AF_INET: {
1523                struct sockaddr_in *addr4 = (struct sockaddr_in *)addr;
1524                struct sockaddr_in *srv_addr4 =
1525                                        (struct sockaddr_in *)&server->dstaddr;
1526
1527                if (addr4->sin_addr.s_addr != srv_addr4->sin_addr.s_addr)
1528                        return false;
1529                break;
1530        }
1531        case AF_INET6: {
1532                struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)addr;
1533                struct sockaddr_in6 *srv_addr6 =
1534                                        (struct sockaddr_in6 *)&server->dstaddr;
1535
1536                if (!ipv6_addr_equal(&addr6->sin6_addr,
1537                                     &srv_addr6->sin6_addr))
1538                        return false;
1539                if (addr6->sin6_scope_id != srv_addr6->sin6_scope_id)
1540                        return false;
1541                break;
1542        }
1543        default:
1544                WARN_ON(1);
1545                return false; /* don't expect to be here */
1546        }
1547
1548        if (!srcip_matches(srcaddr, (struct sockaddr *)&server->srcaddr))
1549                return false;
1550
1551        return true;
1552}
1553
1554static bool
1555match_security(struct TCP_Server_Info *server, struct smb_vol *vol)
1556{
1557        unsigned int secFlags;
1558
1559        if (vol->secFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL)))
1560                secFlags = vol->secFlg;
1561        else
1562                secFlags = global_secflags | vol->secFlg;
1563
1564        switch (server->secType) {
1565        case LANMAN:
1566                if (!(secFlags & (CIFSSEC_MAY_LANMAN|CIFSSEC_MAY_PLNTXT)))
1567                        return false;
1568                break;
1569        case NTLMv2:
1570                if (!(secFlags & CIFSSEC_MAY_NTLMV2))
1571                        return false;
1572                break;
1573        case NTLM:
1574                if (!(secFlags & CIFSSEC_MAY_NTLM))
1575                        return false;
1576                break;
1577        case Kerberos:
1578                if (!(secFlags & CIFSSEC_MAY_KRB5))
1579                        return false;
1580                break;
1581        case RawNTLMSSP:
1582                if (!(secFlags & CIFSSEC_MAY_NTLMSSP))
1583                        return false;
1584                break;
1585        default:
1586                /* shouldn't happen */
1587                return false;
1588        }
1589
1590        /* now check if signing mode is acceptable */
1591        if ((secFlags & CIFSSEC_MAY_SIGN) == 0 &&
1592            (server->secMode & SECMODE_SIGN_REQUIRED))
1593                        return false;
1594        else if (((secFlags & CIFSSEC_MUST_SIGN) == CIFSSEC_MUST_SIGN) &&
1595                 (server->secMode &
1596                  (SECMODE_SIGN_ENABLED|SECMODE_SIGN_REQUIRED)) == 0)
1597                        return false;
1598
1599        return true;
1600}
1601
1602static struct TCP_Server_Info *
1603cifs_find_tcp_session(struct sockaddr *addr, struct smb_vol *vol)
1604{
1605        struct TCP_Server_Info *server;
1606
1607        spin_lock(&cifs_tcp_ses_lock);
1608        list_for_each_entry(server, &cifs_tcp_ses_list, tcp_ses_list) {
1609                if (!net_eq(cifs_net_ns(server), current->nsproxy->net_ns))
1610                        continue;
1611
1612                if (!match_address(server, addr,
1613                                   (struct sockaddr *)&vol->srcaddr))
1614                        continue;
1615
1616                if (!match_port(server, addr))
1617                        continue;
1618
1619                if (!match_security(server, vol))
1620                        continue;
1621
1622                ++server->srv_count;
1623                spin_unlock(&cifs_tcp_ses_lock);
1624                cFYI(1, "Existing tcp session with server found");
1625                return server;
1626        }
1627        spin_unlock(&cifs_tcp_ses_lock);
1628        return NULL;
1629}
1630
1631static void
1632cifs_put_tcp_session(struct TCP_Server_Info *server)
1633{
1634        struct task_struct *task;
1635
1636        spin_lock(&cifs_tcp_ses_lock);
1637        if (--server->srv_count > 0) {
1638                spin_unlock(&cifs_tcp_ses_lock);
1639                return;
1640        }
1641
1642        put_net(cifs_net_ns(server));
1643
1644        list_del_init(&server->tcp_ses_list);
1645        spin_unlock(&cifs_tcp_ses_lock);
1646
1647        cancel_delayed_work_sync(&server->echo);
1648
1649        spin_lock(&GlobalMid_Lock);
1650        server->tcpStatus = CifsExiting;
1651        spin_unlock(&GlobalMid_Lock);
1652
1653        cifs_crypto_shash_release(server);
1654        cifs_fscache_release_client_cookie(server);
1655
1656        kfree(server->session_key.response);
1657        server->session_key.response = NULL;
1658        server->session_key.len = 0;
1659
1660        task = xchg(&server->tsk, NULL);
1661        if (task)
1662                force_sig(SIGKILL, task);
1663}
1664
1665static struct TCP_Server_Info *
1666cifs_get_tcp_session(struct smb_vol *volume_info)
1667{
1668        struct TCP_Server_Info *tcp_ses = NULL;
1669        struct sockaddr_storage addr;
1670        struct sockaddr_in *sin_server = (struct sockaddr_in *) &addr;
1671        struct sockaddr_in6 *sin_server6 = (struct sockaddr_in6 *) &addr;
1672        int rc;
1673
1674        memset(&addr, 0, sizeof(struct sockaddr_storage));
1675
1676        cFYI(1, "UNC: %s ip: %s", volume_info->UNC, volume_info->UNCip);
1677
1678        if (volume_info->UNCip && volume_info->UNC) {
1679                rc = cifs_fill_sockaddr((struct sockaddr *)&addr,
1680                                        volume_info->UNCip,
1681                                        strlen(volume_info->UNCip),
1682                                        volume_info->port);
1683                if (!rc) {
1684                        /* we failed translating address */
1685                        rc = -EINVAL;
1686                        goto out_err;
1687                }
1688        } else if (volume_info->UNCip) {
1689                /* BB using ip addr as tcp_ses name to connect to the
1690                   DFS root below */
1691                cERROR(1, "Connecting to DFS root not implemented yet");
1692                rc = -EINVAL;
1693                goto out_err;
1694        } else /* which tcp_sess DFS root would we conect to */ {
1695                cERROR(1, "CIFS mount error: No UNC path (e.g. -o "
1696                        "unc=//192.168.1.100/public) specified");
1697                rc = -EINVAL;
1698                goto out_err;
1699        }
1700
1701        /* see if we already have a matching tcp_ses */
1702        tcp_ses = cifs_find_tcp_session((struct sockaddr *)&addr, volume_info);
1703        if (tcp_ses)
1704                return tcp_ses;
1705
1706        tcp_ses = kzalloc(sizeof(struct TCP_Server_Info), GFP_KERNEL);
1707        if (!tcp_ses) {
1708                rc = -ENOMEM;
1709                goto out_err;
1710        }
1711
1712        rc = cifs_crypto_shash_allocate(tcp_ses);
1713        if (rc) {
1714                cERROR(1, "could not setup hash structures rc %d", rc);
1715                goto out_err;
1716        }
1717
1718        cifs_set_net_ns(tcp_ses, get_net(current->nsproxy->net_ns));
1719        tcp_ses->hostname = extract_hostname(volume_info->UNC);
1720        if (IS_ERR(tcp_ses->hostname)) {
1721                rc = PTR_ERR(tcp_ses->hostname);
1722                goto out_err_crypto_release;
1723        }
1724
1725        tcp_ses->noblocksnd = volume_info->noblocksnd;
1726        tcp_ses->noautotune = volume_info->noautotune;
1727        tcp_ses->tcp_nodelay = volume_info->sockopt_tcp_nodelay;
1728        atomic_set(&tcp_ses->inFlight, 0);
1729        init_waitqueue_head(&tcp_ses->response_q);
1730        init_waitqueue_head(&tcp_ses->request_q);
1731        INIT_LIST_HEAD(&tcp_ses->pending_mid_q);
1732        mutex_init(&tcp_ses->srv_mutex);
1733        memcpy(tcp_ses->workstation_RFC1001_name,
1734                volume_info->source_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1735        memcpy(tcp_ses->server_RFC1001_name,
1736                volume_info->target_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
1737        tcp_ses->session_estab = false;
1738        tcp_ses->sequence_number = 0;
1739        tcp_ses->lstrp = jiffies;
1740        INIT_LIST_HEAD(&tcp_ses->tcp_ses_list);
1741        INIT_LIST_HEAD(&tcp_ses->smb_ses_list);
1742        INIT_DELAYED_WORK(&tcp_ses->echo, cifs_echo_request);
1743
1744        /*
1745         * at this point we are the only ones with the pointer
1746         * to the struct since the kernel thread not created yet
1747         * no need to spinlock this init of tcpStatus or srv_count
1748         */
1749        tcp_ses->tcpStatus = CifsNew;
1750        memcpy(&tcp_ses->srcaddr, &volume_info->srcaddr,
1751               sizeof(tcp_ses->srcaddr));
1752        ++tcp_ses->srv_count;
1753
1754        if (addr.ss_family == AF_INET6) {
1755                cFYI(1, "attempting ipv6 connect");
1756                /* BB should we allow ipv6 on port 139? */
1757                /* other OS never observed in Wild doing 139 with v6 */
1758                memcpy(&tcp_ses->dstaddr, sin_server6,
1759                       sizeof(struct sockaddr_in6));
1760        } else
1761                memcpy(&tcp_ses->dstaddr, sin_server,
1762                       sizeof(struct sockaddr_in));
1763
1764        rc = ip_connect(tcp_ses);
1765        if (rc < 0) {
1766                cERROR(1, "Error connecting to socket. Aborting operation");
1767                goto out_err_crypto_release;
1768        }
1769
1770        /*
1771         * since we're in a cifs function already, we know that
1772         * this will succeed. No need for try_module_get().
1773         */
1774        __module_get(THIS_MODULE);
1775        tcp_ses->tsk = kthread_run((void *)(void *)cifs_demultiplex_thread,
1776                                  tcp_ses, "cifsd");
1777        if (IS_ERR(tcp_ses->tsk)) {
1778                rc = PTR_ERR(tcp_ses->tsk);
1779                cERROR(1, "error %d create cifsd thread", rc);
1780                module_put(THIS_MODULE);
1781                goto out_err_crypto_release;
1782        }
1783        tcp_ses->tcpStatus = CifsNeedNegotiate;
1784
1785        /* thread spawned, put it on the list */
1786        spin_lock(&cifs_tcp_ses_lock);
1787        list_add(&tcp_ses->tcp_ses_list, &cifs_tcp_ses_list);
1788        spin_unlock(&cifs_tcp_ses_lock);
1789
1790        cifs_fscache_get_client_cookie(tcp_ses);
1791
1792        /* queue echo request delayed work */
1793        queue_delayed_work(system_nrt_wq, &tcp_ses->echo, SMB_ECHO_INTERVAL);
1794
1795        return tcp_ses;
1796
1797out_err_crypto_release:
1798        cifs_crypto_shash_release(tcp_ses);
1799
1800        put_net(cifs_net_ns(tcp_ses));
1801
1802out_err:
1803        if (tcp_ses) {
1804                if (!IS_ERR(tcp_ses->hostname))
1805                        kfree(tcp_ses->hostname);
1806                if (tcp_ses->ssocket)
1807                        sock_release(tcp_ses->ssocket);
1808                kfree(tcp_ses);
1809        }
1810        return ERR_PTR(rc);
1811}
1812
1813static struct cifsSesInfo *
1814cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb_vol *vol)
1815{
1816        struct cifsSesInfo *ses;
1817
1818        spin_lock(&cifs_tcp_ses_lock);
1819        list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
1820                switch (server->secType) {
1821                case Kerberos:
1822                        if (vol->cred_uid != ses->cred_uid)
1823                                continue;
1824                        break;
1825                default:
1826                        /* anything else takes username/password */
1827                        if (ses->user_name == NULL)
1828                                continue;
1829                        if (strncmp(ses->user_name, vol->username,
1830                                    MAX_USERNAME_SIZE))
1831                                continue;
1832                        if (strlen(vol->username) != 0 &&
1833                            ses->password != NULL &&
1834                            strncmp(ses->password,
1835                                    vol->password ? vol->password : "",
1836                                    MAX_PASSWORD_SIZE))
1837                                continue;
1838                }
1839                ++ses->ses_count;
1840                spin_unlock(&cifs_tcp_ses_lock);
1841                return ses;
1842        }
1843        spin_unlock(&cifs_tcp_ses_lock);
1844        return NULL;
1845}
1846
1847static void
1848cifs_put_smb_ses(struct cifsSesInfo *ses)
1849{
1850        int xid;
1851        struct TCP_Server_Info *server = ses->server;
1852
1853        cFYI(1, "%s: ses_count=%d\n", __func__, ses->ses_count);
1854        spin_lock(&cifs_tcp_ses_lock);
1855        if (--ses->ses_count > 0) {
1856                spin_unlock(&cifs_tcp_ses_lock);
1857                return;
1858        }
1859
1860        list_del_init(&ses->smb_ses_list);
1861        spin_unlock(&cifs_tcp_ses_lock);
1862
1863        if (ses->status == CifsGood) {
1864                xid = GetXid();
1865                CIFSSMBLogoff(xid, ses);
1866                _FreeXid(xid);
1867        }
1868        sesInfoFree(ses);
1869        cifs_put_tcp_session(server);
1870}
1871
1872static bool warned_on_ntlm;  /* globals init to false automatically */
1873
1874static struct cifsSesInfo *
1875cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb_vol *volume_info)
1876{
1877        int rc = -ENOMEM, xid;
1878        struct cifsSesInfo *ses;
1879        struct sockaddr_in *addr = (struct sockaddr_in *)&server->dstaddr;
1880        struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)&server->dstaddr;
1881
1882        xid = GetXid();
1883
1884        ses = cifs_find_smb_ses(server, volume_info);
1885        if (ses) {
1886                cFYI(1, "Existing smb sess found (status=%d)", ses->status);
1887
1888                mutex_lock(&ses->session_mutex);
1889                rc = cifs_negotiate_protocol(xid, ses);
1890                if (rc) {
1891                        mutex_unlock(&ses->session_mutex);
1892                        /* problem -- put our ses reference */
1893                        cifs_put_smb_ses(ses);
1894                        FreeXid(xid);
1895                        return ERR_PTR(rc);
1896                }
1897                if (ses->need_reconnect) {
1898                        cFYI(1, "Session needs reconnect");
1899                        rc = cifs_setup_session(xid, ses,
1900                                                volume_info->local_nls);
1901                        if (rc) {
1902                                mutex_unlock(&ses->session_mutex);
1903                                /* problem -- put our reference */
1904                                cifs_put_smb_ses(ses);
1905                                FreeXid(xid);
1906                                return ERR_PTR(rc);
1907                        }
1908                }
1909                mutex_unlock(&ses->session_mutex);
1910
1911                /* existing SMB ses has a server reference already */
1912                cifs_put_tcp_session(server);
1913                FreeXid(xid);
1914                return ses;
1915        }
1916
1917        cFYI(1, "Existing smb sess not found");
1918        ses = sesInfoAlloc();
1919        if (ses == NULL)
1920                goto get_ses_fail;
1921
1922        /* new SMB session uses our server ref */
1923        ses->server = server;
1924        if (server->dstaddr.ss_family == AF_INET6)
1925                sprintf(ses->serverName, "%pI6", &addr6->sin6_addr);
1926        else
1927                sprintf(ses->serverName, "%pI4", &addr->sin_addr);
1928
1929        if (volume_info->username) {
1930                ses->user_name = kstrdup(volume_info->username, GFP_KERNEL);
1931                if (!ses->user_name)
1932                        goto get_ses_fail;
1933        }
1934
1935        /* volume_info->password freed at unmount */
1936        if (volume_info->password) {
1937                ses->password = kstrdup(volume_info->password, GFP_KERNEL);
1938                if (!ses->password)
1939                        goto get_ses_fail;
1940        }
1941        if (volume_info->domainname) {
1942                ses->domainName = kstrdup(volume_info->domainname, GFP_KERNEL);
1943                if (!ses->domainName)
1944                        goto get_ses_fail;
1945        }
1946        ses->cred_uid = volume_info->cred_uid;
1947        ses->linux_uid = volume_info->linux_uid;
1948
1949        /* ntlmv2 is much stronger than ntlm security, and has been broadly
1950        supported for many years, time to update default security mechanism */
1951        if ((volume_info->secFlg == 0) && warned_on_ntlm == false) {
1952                warned_on_ntlm = true;
1953                cERROR(1, "default security mechanism requested.  The default "
1954                        "security mechanism will be upgraded from ntlm to "
1955                        "ntlmv2 in kernel release 2.6.41");
1956        }
1957        ses->overrideSecFlg = volume_info->secFlg;
1958
1959        mutex_lock(&ses->session_mutex);
1960        rc = cifs_negotiate_protocol(xid, ses);
1961        if (!rc)
1962                rc = cifs_setup_session(xid, ses, volume_info->local_nls);
1963        mutex_unlock(&ses->session_mutex);
1964        if (rc)
1965                goto get_ses_fail;
1966
1967        /* success, put it on the list */
1968        spin_lock(&cifs_tcp_ses_lock);
1969        list_add(&ses->smb_ses_list, &server->smb_ses_list);
1970        spin_unlock(&cifs_tcp_ses_lock);
1971
1972        FreeXid(xid);
1973        return ses;
1974
1975get_ses_fail:
1976        sesInfoFree(ses);
1977        FreeXid(xid);
1978        return ERR_PTR(rc);
1979}
1980
1981static struct cifsTconInfo *
1982cifs_find_tcon(struct cifsSesInfo *ses, const char *unc)
1983{
1984        struct list_head *tmp;
1985        struct cifsTconInfo *tcon;
1986
1987        spin_lock(&cifs_tcp_ses_lock);
1988        list_for_each(tmp, &ses->tcon_list) {
1989                tcon = list_entry(tmp, struct cifsTconInfo, tcon_list);
1990                if (tcon->tidStatus == CifsExiting)
1991                        continue;
1992                if (strncmp(tcon->treeName, unc, MAX_TREE_SIZE))
1993                        continue;
1994
1995                ++tcon->tc_count;
1996                spin_unlock(&cifs_tcp_ses_lock);
1997                return tcon;
1998        }
1999        spin_unlock(&cifs_tcp_ses_lock);
2000        return NULL;
2001}
2002
2003static void
2004cifs_put_tcon(struct cifsTconInfo *tcon)
2005{
2006        int xid;
2007        struct cifsSesInfo *ses = tcon->ses;
2008
2009        cFYI(1, "%s: tc_count=%d\n", __func__, tcon->tc_count);
2010        spin_lock(&cifs_tcp_ses_lock);
2011        if (--tcon->tc_count > 0) {
2012                spin_unlock(&cifs_tcp_ses_lock);
2013                return;
2014        }
2015
2016        list_del_init(&tcon->tcon_list);
2017        spin_unlock(&cifs_tcp_ses_lock);
2018
2019        xid = GetXid();
2020        CIFSSMBTDis(xid, tcon);
2021        _FreeXid(xid);
2022
2023        cifs_fscache_release_super_cookie(tcon);
2024        tconInfoFree(tcon);
2025        cifs_put_smb_ses(ses);
2026}
2027
2028static struct cifsTconInfo *
2029cifs_get_tcon(struct cifsSesInfo *ses, struct smb_vol *volume_info)
2030{
2031        int rc, xid;
2032        struct cifsTconInfo *tcon;
2033
2034        tcon = cifs_find_tcon(ses, volume_info->UNC);
2035        if (tcon) {
2036                cFYI(1, "Found match on UNC path");
2037                /* existing tcon already has a reference */
2038                cifs_put_smb_ses(ses);
2039                if (tcon->seal != volume_info->seal)
2040                        cERROR(1, "transport encryption setting "
2041                                   "conflicts with existing tid");
2042                return tcon;
2043        }
2044
2045        tcon = tconInfoAlloc();
2046        if (tcon == NULL) {
2047                rc = -ENOMEM;
2048                goto out_fail;
2049        }
2050
2051        tcon->ses = ses;
2052        if (volume_info->password) {
2053                tcon->password = kstrdup(volume_info->password, GFP_KERNEL);
2054                if (!tcon->password) {
2055                        rc = -ENOMEM;
2056                        goto out_fail;
2057                }
2058        }
2059
2060        if (strchr(volume_info->UNC + 3, '\\') == NULL
2061            && strchr(volume_info->UNC + 3, '/') == NULL) {
2062                cERROR(1, "Missing share name");
2063                rc = -ENODEV;
2064                goto out_fail;
2065        }
2066
2067        /* BB Do we need to wrap session_mutex around
2068         * this TCon call and Unix SetFS as
2069         * we do on SessSetup and reconnect? */
2070        xid = GetXid();
2071        rc = CIFSTCon(xid, ses, volume_info->UNC, tcon, volume_info->local_nls);
2072        FreeXid(xid);
2073        cFYI(1, "CIFS Tcon rc = %d", rc);
2074        if (rc)
2075                goto out_fail;
2076
2077        if (volume_info->nodfs) {
2078                tcon->Flags &= ~SMB_SHARE_IS_IN_DFS;
2079                cFYI(1, "DFS disabled (%d)", tcon->Flags);
2080        }
2081        tcon->seal = volume_info->seal;
2082        /* we can have only one retry value for a connection
2083           to a share so for resources mounted more than once
2084           to the same server share the last value passed in
2085           for the retry flag is used */
2086        tcon->retry = volume_info->retry;
2087        tcon->nocase = volume_info->nocase;
2088        tcon->local_lease = volume_info->local_lease;
2089
2090        spin_lock(&cifs_tcp_ses_lock);
2091        list_add(&tcon->tcon_list, &ses->tcon_list);
2092        spin_unlock(&cifs_tcp_ses_lock);
2093
2094        cifs_fscache_get_super_cookie(tcon);
2095
2096        return tcon;
2097
2098out_fail:
2099        tconInfoFree(tcon);
2100        return ERR_PTR(rc);
2101}
2102
2103void
2104cifs_put_tlink(struct tcon_link *tlink)
2105{
2106        if (!tlink || IS_ERR(tlink))
2107                return;
2108
2109        if (!atomic_dec_and_test(&tlink->tl_count) ||
2110            test_bit(TCON_LINK_IN_TREE, &tlink->tl_flags)) {
2111                tlink->tl_time = jiffies;
2112                return;
2113        }
2114
2115        if (!IS_ERR(tlink_tcon(tlink)))
2116                cifs_put_tcon(tlink_tcon(tlink));
2117        kfree(tlink);
2118        return;
2119}
2120
2121int
2122get_dfs_path(int xid, struct cifsSesInfo *pSesInfo, const char *old_path,
2123             const struct nls_table *nls_codepage, unsigned int *pnum_referrals,
2124             struct dfs_info3_param **preferrals, int remap)
2125{
2126        char *temp_unc;
2127        int rc = 0;
2128
2129        *pnum_referrals = 0;
2130        *preferrals = NULL;
2131
2132        if (pSesInfo->ipc_tid == 0) {
2133                temp_unc = kmalloc(2 /* for slashes */ +
2134                        strnlen(pSesInfo->serverName,
2135                                SERVER_NAME_LEN_WITH_NULL * 2)
2136                                 + 1 + 4 /* slash IPC$ */  + 2,
2137                                GFP_KERNEL);
2138                if (temp_unc == NULL)
2139                        return -ENOMEM;
2140                temp_unc[0] = '\\';
2141                temp_unc[1] = '\\';
2142                strcpy(temp_unc + 2, pSesInfo->serverName);
2143                strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
2144                rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
2145                cFYI(1, "CIFS Tcon rc = %d ipc_tid = %d", rc, pSesInfo->ipc_tid);
2146                kfree(temp_unc);
2147        }
2148        if (rc == 0)
2149                rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
2150                                     pnum_referrals, nls_codepage, remap);
2151        /* BB map targetUNCs to dfs_info3 structures, here or
2152                in CIFSGetDFSRefer BB */
2153
2154        return rc;
2155}
2156
2157#ifdef CONFIG_DEBUG_LOCK_ALLOC
2158static struct lock_class_key cifs_key[2];
2159static struct lock_class_key cifs_slock_key[2];
2160
2161static inline void
2162cifs_reclassify_socket4(struct socket *sock)
2163{
2164        struct sock *sk = sock->sk;
2165        BUG_ON(sock_owned_by_user(sk));
2166        sock_lock_init_class_and_name(sk, "slock-AF_INET-CIFS",
2167                &cifs_slock_key[0], "sk_lock-AF_INET-CIFS", &cifs_key[0]);
2168}
2169
2170static inline void
2171cifs_reclassify_socket6(struct socket *sock)
2172{
2173        struct sock *sk = sock->sk;
2174        BUG_ON(sock_owned_by_user(sk));
2175        sock_lock_init_class_and_name(sk, "slock-AF_INET6-CIFS",
2176                &cifs_slock_key[1], "sk_lock-AF_INET6-CIFS", &cifs_key[1]);
2177}
2178#else
2179static inline void
2180cifs_reclassify_socket4(struct socket *sock)
2181{
2182}
2183
2184static inline void
2185cifs_reclassify_socket6(struct socket *sock)
2186{
2187}
2188#endif
2189
2190/* See RFC1001 section 14 on representation of Netbios names */
2191static void rfc1002mangle(char *target, char *source, unsigned int length)
2192{
2193        unsigned int i, j;
2194
2195        for (i = 0, j = 0; i < (length); i++) {
2196                /* mask a nibble at a time and encode */
2197                target[j] = 'A' + (0x0F & (source[i] >> 4));
2198                target[j+1] = 'A' + (0x0F & source[i]);
2199                j += 2;
2200        }
2201
2202}
2203
2204static int
2205bind_socket(struct TCP_Server_Info *server)
2206{
2207        int rc = 0;
2208        if (server->srcaddr.ss_family != AF_UNSPEC) {
2209                /* Bind to the specified local IP address */
2210                struct socket *socket = server->ssocket;
2211                rc = socket->ops->bind(socket,
2212                                       (struct sockaddr *) &server->srcaddr,
2213                                       sizeof(server->srcaddr));
2214                if (rc < 0) {
2215                        struct sockaddr_in *saddr4;
2216                        struct sockaddr_in6 *saddr6;
2217                        saddr4 = (struct sockaddr_in *)&server->srcaddr;
2218                        saddr6 = (struct sockaddr_in6 *)&server->srcaddr;
2219                        if (saddr6->sin6_family == AF_INET6)
2220                                cERROR(1, "cifs: "
2221                                       "Failed to bind to: %pI6c, error: %d\n",
2222                                       &saddr6->sin6_addr, rc);
2223                        else
2224                                cERROR(1, "cifs: "
2225                                       "Failed to bind to: %pI4, error: %d\n",
2226                                       &saddr4->sin_addr.s_addr, rc);
2227                }
2228        }
2229        return rc;
2230}
2231
2232static int
2233ip_rfc1001_connect(struct TCP_Server_Info *server)
2234{
2235        int rc = 0;
2236        /*
2237         * some servers require RFC1001 sessinit before sending
2238         * negprot - BB check reconnection in case where second
2239         * sessinit is sent but no second negprot
2240         */
2241        struct rfc1002_session_packet *ses_init_buf;
2242        struct smb_hdr *smb_buf;
2243        ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet),
2244                               GFP_KERNEL);
2245        if (ses_init_buf) {
2246                ses_init_buf->trailer.session_req.called_len = 32;
2247
2248                if (server->server_RFC1001_name &&
2249                    server->server_RFC1001_name[0] != 0)
2250                        rfc1002mangle(ses_init_buf->trailer.
2251                                      session_req.called_name,
2252                                      server->server_RFC1001_name,
2253                                      RFC1001_NAME_LEN_WITH_NULL);
2254                else
2255                        rfc1002mangle(ses_init_buf->trailer.
2256                                      session_req.called_name,
2257                                      DEFAULT_CIFS_CALLED_NAME,
2258                                      RFC1001_NAME_LEN_WITH_NULL);
2259
2260                ses_init_buf->trailer.session_req.calling_len = 32;
2261
2262                /*
2263                 * calling name ends in null (byte 16) from old smb
2264                 * convention.
2265                 */
2266                if (server->workstation_RFC1001_name &&
2267                    server->workstation_RFC1001_name[0] != 0)
2268                        rfc1002mangle(ses_init_buf->trailer.
2269                                      session_req.calling_name,
2270                                      server->workstation_RFC1001_name,
2271                                      RFC1001_NAME_LEN_WITH_NULL);
2272                else
2273                        rfc1002mangle(ses_init_buf->trailer.
2274                                      session_req.calling_name,
2275                                      "LINUX_CIFS_CLNT",
2276                                      RFC1001_NAME_LEN_WITH_NULL);
2277
2278                ses_init_buf->trailer.session_req.scope1 = 0;
2279                ses_init_buf->trailer.session_req.scope2 = 0;
2280                smb_buf = (struct smb_hdr *)ses_init_buf;
2281
2282                /* sizeof RFC1002_SESSION_REQUEST with no scope */
2283                smb_buf->smb_buf_length = 0x81000044;
2284                rc = smb_send(server, smb_buf, 0x44);
2285                kfree(ses_init_buf);
2286                /*
2287                 * RFC1001 layer in at least one server
2288                 * requires very short break before negprot
2289                 * presumably because not expecting negprot
2290                 * to follow so fast.  This is a simple
2291                 * solution that works without
2292                 * complicating the code and causes no
2293                 * significant slowing down on mount
2294                 * for everyone else
2295                 */
2296                usleep_range(1000, 2000);
2297        }
2298        /*
2299         * else the negprot may still work without this
2300         * even though malloc failed
2301         */
2302
2303        return rc;
2304}
2305
2306static int
2307generic_ip_connect(struct TCP_Server_Info *server)
2308{
2309        int rc = 0;
2310        __be16 sport;
2311        int slen, sfamily;
2312        struct socket *socket = server->ssocket;
2313        struct sockaddr *saddr;
2314
2315        saddr = (struct sockaddr *) &server->dstaddr;
2316
2317        if (server->dstaddr.ss_family == AF_INET6) {
2318                sport = ((struct sockaddr_in6 *) saddr)->sin6_port;
2319                slen = sizeof(struct sockaddr_in6);
2320                sfamily = AF_INET6;
2321        } else {
2322                sport = ((struct sockaddr_in *) saddr)->sin_port;
2323                slen = sizeof(struct sockaddr_in);
2324                sfamily = AF_INET;
2325        }
2326
2327        if (socket == NULL) {
2328                rc = __sock_create(cifs_net_ns(server), sfamily, SOCK_STREAM,
2329                                   IPPROTO_TCP, &socket, 1);
2330                if (rc < 0) {
2331                        cERROR(1, "Error %d creating socket", rc);
2332                        server->ssocket = NULL;
2333                        return rc;
2334                }
2335
2336                /* BB other socket options to set KEEPALIVE, NODELAY? */
2337                cFYI(1, "Socket created");
2338                server->ssocket = socket;
2339                socket->sk->sk_allocation = GFP_NOFS;
2340                if (sfamily == AF_INET6)
2341                        cifs_reclassify_socket6(socket);
2342                else
2343                        cifs_reclassify_socket4(socket);
2344        }
2345
2346        rc = bind_socket(server);
2347        if (rc < 0)
2348                return rc;
2349
2350        rc = socket->ops->connect(socket, saddr, slen, 0);
2351        if (rc < 0) {
2352                cFYI(1, "Error %d connecting to server", rc);
2353                sock_release(socket);
2354                server->ssocket = NULL;
2355                return rc;
2356        }
2357
2358        /*
2359         * Eventually check for other socket options to change from
2360         * the default. sock_setsockopt not used because it expects
2361         * user space buffer
2362         */
2363        socket->sk->sk_rcvtimeo = 7 * HZ;
2364        socket->sk->sk_sndtimeo = 5 * HZ;
2365
2366        /* make the bufsizes depend on wsize/rsize and max requests */
2367        if (server->noautotune) {
2368                if (socket->sk->sk_sndbuf < (200 * 1024))
2369                        socket->sk->sk_sndbuf = 200 * 1024;
2370                if (socket->sk->sk_rcvbuf < (140 * 1024))
2371                        socket->sk->sk_rcvbuf = 140 * 1024;
2372        }
2373
2374        if (server->tcp_nodelay) {
2375                int val = 1;
2376                rc = kernel_setsockopt(socket, SOL_TCP, TCP_NODELAY,
2377                                (char *)&val, sizeof(val));
2378                if (rc)
2379                        cFYI(1, "set TCP_NODELAY socket option error %d", rc);
2380        }
2381
2382         cFYI(1, "sndbuf %d rcvbuf %d rcvtimeo 0x%lx",
2383                 socket->sk->sk_sndbuf,
2384                 socket->sk->sk_rcvbuf, socket->sk->sk_rcvtimeo);
2385
2386        if (sport == htons(RFC1001_PORT))
2387                rc = ip_rfc1001_connect(server);
2388
2389        return rc;
2390}
2391
2392static int
2393ip_connect(struct TCP_Server_Info *server)
2394{
2395        __be16 *sport;
2396        struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)&server->dstaddr;
2397        struct sockaddr_in *addr = (struct sockaddr_in *)&server->dstaddr;
2398
2399        if (server->dstaddr.ss_family == AF_INET6)
2400                sport = &addr6->sin6_port;
2401        else
2402                sport = &addr->sin_port;
2403
2404        if (*sport == 0) {
2405                int rc;
2406
2407                /* try with 445 port at first */
2408                *sport = htons(CIFS_PORT);
2409
2410                rc = generic_ip_connect(server);
2411                if (rc >= 0)
2412                        return rc;
2413
2414                /* if it failed, try with 139 port */
2415                *sport = htons(RFC1001_PORT);
2416        }
2417
2418        return generic_ip_connect(server);
2419}
2420
2421void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon,
2422                          struct super_block *sb, struct smb_vol *vol_info)
2423{
2424        /* if we are reconnecting then should we check to see if
2425         * any requested capabilities changed locally e.g. via
2426         * remount but we can not do much about it here
2427         * if they have (even if we could detect it by the following)
2428         * Perhaps we could add a backpointer to array of sb from tcon
2429         * or if we change to make all sb to same share the same
2430         * sb as NFS - then we only have one backpointer to sb.
2431         * What if we wanted to mount the server share twice once with
2432         * and once without posixacls or posix paths? */
2433        __u64 saved_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
2434
2435        if (vol_info && vol_info->no_linux_ext) {
2436                tcon->fsUnixInfo.Capability = 0;
2437                tcon->unix_ext = 0; /* Unix Extensions disabled */
2438                cFYI(1, "Linux protocol extensions disabled");
2439                return;
2440        } else if (vol_info)
2441                tcon->unix_ext = 1; /* Unix Extensions supported */
2442
2443        if (tcon->unix_ext == 0) {
2444                cFYI(1, "Unix extensions disabled so not set on reconnect");
2445                return;
2446        }
2447
2448        if (!CIFSSMBQFSUnixInfo(xid, tcon)) {
2449                __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
2450                cFYI(1, "unix caps which server supports %lld", cap);
2451                /* check for reconnect case in which we do not
2452                   want to change the mount behavior if we can avoid it */
2453                if (vol_info == NULL) {
2454                        /* turn off POSIX ACL and PATHNAMES if not set
2455                           originally at mount time */
2456                        if ((saved_cap & CIFS_UNIX_POSIX_ACL_CAP) == 0)
2457                                cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2458                        if ((saved_cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2459                                if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2460                                        cERROR(1, "POSIXPATH support change");
2461                                cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2462                        } else if ((cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
2463                                cERROR(1, "possible reconnect error");
2464                                cERROR(1, "server disabled POSIX path support");
2465                        }
2466                }
2467
2468                if (cap & CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP)
2469                        cERROR(1, "per-share encryption not supported yet");
2470
2471                cap &= CIFS_UNIX_CAP_MASK;
2472                if (vol_info && vol_info->no_psx_acl)
2473                        cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
2474                else if (CIFS_UNIX_POSIX_ACL_CAP & cap) {
2475                        cFYI(1, "negotiated posix acl support");
2476                        if (sb)
2477                                sb->s_flags |= MS_POSIXACL;
2478                }
2479
2480                if (vol_info && vol_info->posix_paths == 0)
2481                        cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
2482                else if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
2483                        cFYI(1, "negotiate posix pathnames");
2484                        if (sb)
2485                                CIFS_SB(sb)->mnt_cifs_flags |=
2486                                        CIFS_MOUNT_POSIX_PATHS;
2487                }
2488
2489                /* We might be setting the path sep back to a different
2490                form if we are reconnecting and the server switched its
2491                posix path capability for this share */
2492                if (sb && (CIFS_SB(sb)->prepathlen > 0))
2493                        CIFS_SB(sb)->prepath[0] = CIFS_DIR_SEP(CIFS_SB(sb));
2494
2495                if (sb && (CIFS_SB(sb)->rsize > 127 * 1024)) {
2496                        if ((cap & CIFS_UNIX_LARGE_READ_CAP) == 0) {
2497                                CIFS_SB(sb)->rsize = 127 * 1024;
2498                                cFYI(DBG2, "larger reads not supported by srv");
2499                        }
2500                }
2501
2502
2503                cFYI(1, "Negotiate caps 0x%x", (int)cap);
2504#ifdef CONFIG_CIFS_DEBUG2
2505                if (cap & CIFS_UNIX_FCNTL_CAP)
2506                        cFYI(1, "FCNTL cap");
2507                if (cap & CIFS_UNIX_EXTATTR_CAP)
2508                        cFYI(1, "EXTATTR cap");
2509                if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
2510                        cFYI(1, "POSIX path cap");
2511                if (cap & CIFS_UNIX_XATTR_CAP)
2512                        cFYI(1, "XATTR cap");
2513                if (cap & CIFS_UNIX_POSIX_ACL_CAP)
2514                        cFYI(1, "POSIX ACL cap");
2515                if (cap & CIFS_UNIX_LARGE_READ_CAP)
2516                        cFYI(1, "very large read cap");
2517                if (cap & CIFS_UNIX_LARGE_WRITE_CAP)
2518                        cFYI(1, "very large write cap");
2519                if (cap & CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP)
2520                        cFYI(1, "transport encryption cap");
2521                if (cap & CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP)
2522                        cFYI(1, "mandatory transport encryption cap");
2523#endif /* CIFS_DEBUG2 */
2524                if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
2525                        if (vol_info == NULL) {
2526                                cFYI(1, "resetting capabilities failed");
2527                        } else
2528                                cERROR(1, "Negotiating Unix capabilities "
2529                                           "with the server failed.  Consider "
2530                                           "mounting with the Unix Extensions\n"
2531                                           "disabled, if problems are found, "
2532                                           "by specifying the nounix mount "
2533                                           "option.");
2534
2535                }
2536        }
2537}
2538
2539static void
2540convert_delimiter(char *path, char delim)
2541{
2542        int i;
2543        char old_delim;
2544
2545        if (path == NULL)
2546                return;
2547
2548        if (delim == '/')
2549                old_delim = '\\';
2550        else
2551                old_delim = '/';
2552
2553        for (i = 0; path[i] != '\0'; i++) {
2554                if (path[i] == old_delim)
2555                        path[i] = delim;
2556        }
2557}
2558
2559static void setup_cifs_sb(struct smb_vol *pvolume_info,
2560                          struct cifs_sb_info *cifs_sb)
2561{
2562        INIT_DELAYED_WORK(&cifs_sb->prune_tlinks, cifs_prune_tlinks);
2563
2564        if (pvolume_info->rsize > CIFSMaxBufSize) {
2565                cERROR(1, "rsize %d too large, using MaxBufSize",
2566                        pvolume_info->rsize);
2567                cifs_sb->rsize = CIFSMaxBufSize;
2568        } else if ((pvolume_info->rsize) &&
2569                        (pvolume_info->rsize <= CIFSMaxBufSize))
2570                cifs_sb->rsize = pvolume_info->rsize;
2571        else /* default */
2572                cifs_sb->rsize = CIFSMaxBufSize;
2573
2574        if (pvolume_info->wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
2575                cERROR(1, "wsize %d too large, using 4096 instead",
2576                          pvolume_info->wsize);
2577                cifs_sb->wsize = 4096;
2578        } else if (pvolume_info->wsize)
2579                cifs_sb->wsize = pvolume_info->wsize;
2580        else
2581                cifs_sb->wsize = min_t(const int,
2582                                        PAGEVEC_SIZE * PAGE_CACHE_SIZE,
2583                                        127*1024);
2584                /* old default of CIFSMaxBufSize was too small now
2585                   that SMB Write2 can send multiple pages in kvec.
2586                   RFC1001 does not describe what happens when frame
2587                   bigger than 128K is sent so use that as max in
2588                   conjunction with 52K kvec constraint on arch with 4K
2589                   page size  */
2590
2591        if (cifs_sb->rsize < 2048) {
2592                cifs_sb->rsize = 2048;
2593                /* Windows ME may prefer this */
2594                cFYI(1, "readsize set to minimum: 2048");
2595        }
2596        /* calculate prepath */
2597        cifs_sb->prepath = pvolume_info->prepath;
2598        if (cifs_sb->prepath) {
2599                cifs_sb->prepathlen = strlen(cifs_sb->prepath);
2600                /* we can not convert the / to \ in the path
2601                separators in the prefixpath yet because we do not
2602                know (until reset_cifs_unix_caps is called later)
2603                whether POSIX PATH CAP is available. We normalize
2604                the / to \ after reset_cifs_unix_caps is called */
2605                pvolume_info->prepath = NULL;
2606        } else
2607                cifs_sb->prepathlen = 0;
2608        cifs_sb->mnt_uid = pvolume_info->linux_uid;
2609        cifs_sb->mnt_gid = pvolume_info->linux_gid;
2610        cifs_sb->mnt_file_mode = pvolume_info->file_mode;
2611        cifs_sb->mnt_dir_mode = pvolume_info->dir_mode;
2612        cFYI(1, "file mode: 0x%x  dir mode: 0x%x",
2613                cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode);
2614
2615        cifs_sb->actimeo = pvolume_info->actimeo;
2616
2617        if (pvolume_info->noperm)
2618                cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
2619        if (pvolume_info->setuids)
2620                cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
2621        if (pvolume_info->server_ino)
2622                cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
2623        if (pvolume_info->remap)
2624                cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
2625        if (pvolume_info->no_xattr)
2626                cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
2627        if (pvolume_info->sfu_emul)
2628                cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
2629        if (pvolume_info->nobrl)
2630                cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
2631        if (pvolume_info->nostrictsync)
2632                cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOSSYNC;
2633        if (pvolume_info->mand_lock)
2634                cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NOPOSIXBRL;
2635        if (pvolume_info->cifs_acl)
2636                cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
2637        if (pvolume_info->override_uid)
2638                cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
2639        if (pvolume_info->override_gid)
2640                cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
2641        if (pvolume_info->dynperm)
2642                cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DYNPERM;
2643        if (pvolume_info->fsc)
2644                cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_FSCACHE;
2645        if (pvolume_info->multiuser)
2646                cifs_sb->mnt_cifs_flags |= (CIFS_MOUNT_MULTIUSER |
2647                                            CIFS_MOUNT_NO_PERM);
2648        if (pvolume_info->strict_io)
2649                cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_STRICT_IO;
2650        if (pvolume_info->direct_io) {
2651                cFYI(1, "mounting share using direct i/o");
2652                cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
2653        }
2654        if (pvolume_info->mfsymlinks) {
2655                if (pvolume_info->sfu_emul) {
2656                        cERROR(1,  "mount option mfsymlinks ignored if sfu "
2657                                   "mount option is used");
2658                } else {
2659                        cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MF_SYMLINKS;
2660                }
2661        }
2662
2663        if ((pvolume_info->cifs_acl) && (pvolume_info->dynperm))
2664                cERROR(1, "mount option dynperm ignored if cifsacl "
2665                           "mount option supported");
2666}
2667
2668static int
2669is_path_accessible(int xid, struct cifsTconInfo *tcon,
2670                   struct cifs_sb_info *cifs_sb, const char *full_path)
2671{
2672        int rc;
2673        FILE_ALL_INFO *pfile_info;
2674
2675        pfile_info = kmalloc(sizeof(FILE_ALL_INFO), GFP_KERNEL);
2676        if (pfile_info == NULL)
2677                return -ENOMEM;
2678
2679        rc = CIFSSMBQPathInfo(xid, tcon, full_path, pfile_info,
2680                              0 /* not legacy */, cifs_sb->local_nls,
2681                              cifs_sb->mnt_cifs_flags &
2682                                CIFS_MOUNT_MAP_SPECIAL_CHR);
2683
2684        if (rc == -EOPNOTSUPP || rc == -EINVAL)
2685                rc = SMBQueryInformation(xid, tcon, full_path, pfile_info,
2686                                cifs_sb->local_nls, cifs_sb->mnt_cifs_flags &
2687                                  CIFS_MOUNT_MAP_SPECIAL_CHR);
2688        kfree(pfile_info);
2689        return rc;
2690}
2691
2692static void
2693cleanup_volume_info(struct smb_vol **pvolume_info)
2694{
2695        struct smb_vol *volume_info;
2696
2697        if (!pvolume_info || !*pvolume_info)
2698                return;
2699
2700        volume_info = *pvolume_info;
2701        kzfree(volume_info->password);
2702        kfree(volume_info->UNC);
2703        kfree(volume_info->prepath);
2704        kfree(volume_info);
2705        *pvolume_info = NULL;
2706        return;
2707}
2708
2709#ifdef CONFIG_CIFS_DFS_UPCALL
2710/* build_path_to_root returns full path to root when
2711 * we do not have an exiting connection (tcon) */
2712static char *
2713build_unc_path_to_root(const struct smb_vol *volume_info,
2714                const struct cifs_sb_info *cifs_sb)
2715{
2716        char *full_path;
2717
2718        int unc_len = strnlen(volume_info->UNC, MAX_TREE_SIZE + 1);
2719        full_path = kmalloc(unc_len + cifs_sb->prepathlen + 1, GFP_KERNEL);
2720        if (full_path == NULL)
2721                return ERR_PTR(-ENOMEM);
2722
2723        strncpy(full_path, volume_info->UNC, unc_len);
2724        if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) {
2725                int i;
2726                for (i = 0; i < unc_len; i++) {
2727                        if (full_path[i] == '\\')
2728                                full_path[i] = '/';
2729                }
2730        }
2731
2732        if (cifs_sb->prepathlen)
2733                strncpy(full_path + unc_len, cifs_sb->prepath,
2734                                cifs_sb->prepathlen);
2735
2736        full_path[unc_len + cifs_sb->prepathlen] = 0; /* add trailing null */
2737        return full_path;
2738}
2739#endif
2740
2741int
2742cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
2743                char *mount_data_global, const char *devname)
2744{
2745        int rc;
2746        int xid;
2747        struct smb_vol *volume_info;
2748        struct cifsSesInfo *pSesInfo;
2749        struct cifsTconInfo *tcon;
2750        struct TCP_Server_Info *srvTcp;
2751        char   *full_path;
2752        char *mount_data = mount_data_global;
2753        struct tcon_link *tlink;
2754#ifdef CONFIG_CIFS_DFS_UPCALL
2755        struct dfs_info3_param *referrals = NULL;
2756        unsigned int num_referrals = 0;
2757        int referral_walks_count = 0;
2758try_mount_again:
2759#endif
2760        rc = 0;
2761        tcon = NULL;
2762        pSesInfo = NULL;
2763        srvTcp = NULL;
2764        full_path = NULL;
2765        tlink = NULL;
2766
2767        xid = GetXid();
2768
2769        volume_info = kzalloc(sizeof(struct smb_vol), GFP_KERNEL);
2770        if (!volume_info) {
2771                rc = -ENOMEM;
2772                goto out;
2773        }
2774
2775        if (cifs_parse_mount_options(mount_data, devname, volume_info)) {
2776                rc = -EINVAL;
2777                goto out;
2778        }
2779
2780        if (volume_info->nullauth) {
2781                cFYI(1, "null user");
2782                volume_info->username = "";
2783        } else if (volume_info->username) {
2784                /* BB fixme parse for domain name here */
2785                cFYI(1, "Username: %s", volume_info->username);
2786        } else {
2787                cifserror("No username specified");
2788        /* In userspace mount helper we can get user name from alternate
2789           locations such as env variables and files on disk */
2790                rc = -EINVAL;
2791                goto out;
2792        }
2793
2794        /* this is needed for ASCII cp to Unicode converts */
2795        if (volume_info->iocharset == NULL) {
2796                /* load_nls_default cannot return null */
2797                volume_info->local_nls = load_nls_default();
2798        } else {
2799                volume_info->local_nls = load_nls(volume_info->iocharset);
2800                if (volume_info->local_nls == NULL) {
2801                        cERROR(1, "CIFS mount error: iocharset %s not found",
2802                                 volume_info->iocharset);
2803                        rc = -ELIBACC;
2804                        goto out;
2805                }
2806        }
2807        cifs_sb->local_nls = volume_info->local_nls;
2808
2809        /* get a reference to a tcp session */
2810        srvTcp = cifs_get_tcp_session(volume_info);
2811        if (IS_ERR(srvTcp)) {
2812                rc = PTR_ERR(srvTcp);
2813                goto out;
2814        }
2815
2816        /* get a reference to a SMB session */
2817        pSesInfo = cifs_get_smb_ses(srvTcp, volume_info);
2818        if (IS_ERR(pSesInfo)) {
2819                rc = PTR_ERR(pSesInfo);
2820                pSesInfo = NULL;
2821                goto mount_fail_check;
2822        }
2823
2824        setup_cifs_sb(volume_info, cifs_sb);
2825        if (pSesInfo->capabilities & CAP_LARGE_FILES)
2826                sb->s_maxbytes = MAX_LFS_FILESIZE;
2827        else
2828                sb->s_maxbytes = MAX_NON_LFS;
2829
2830        /* BB FIXME fix time_gran to be larger for LANMAN sessions */
2831        sb->s_time_gran = 100;
2832
2833        /* search for existing tcon to this server share */
2834        tcon = cifs_get_tcon(pSesInfo, volume_info);
2835        if (IS_ERR(tcon)) {
2836                rc = PTR_ERR(tcon);
2837                tcon = NULL;
2838                goto remote_path_check;
2839        }
2840
2841        /* tell server which Unix caps we support */
2842        if (tcon->ses->capabilities & CAP_UNIX) {
2843                /* reset of caps checks mount to see if unix extensions
2844                   disabled for just this mount */
2845                reset_cifs_unix_caps(xid, tcon, sb, volume_info);
2846                if ((tcon->ses->server->tcpStatus == CifsNeedReconnect) &&
2847                    (le64_to_cpu(tcon->fsUnixInfo.Capability) &
2848                     CIFS_UNIX_TRANSPORT_ENCRYPTION_MANDATORY_CAP)) {
2849                        rc = -EACCES;
2850                        goto mount_fail_check;
2851                }
2852        } else
2853                tcon->unix_ext = 0; /* server does not support them */
2854
2855        /* do not care if following two calls succeed - informational */
2856        if (!tcon->ipc) {
2857                CIFSSMBQFSDeviceInfo(xid, tcon);
2858                CIFSSMBQFSAttributeInfo(xid, tcon);
2859        }
2860
2861        /* convert forward to back slashes in prepath here if needed */
2862        if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0)
2863                convert_delimiter(cifs_sb->prepath, CIFS_DIR_SEP(cifs_sb));
2864
2865        if ((tcon->unix_ext == 0) && (cifs_sb->rsize > (1024 * 127))) {
2866                cifs_sb->rsize = 1024 * 127;
2867                cFYI(DBG2, "no very large read support, rsize now 127K");
2868        }
2869        if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
2870                cifs_sb->wsize = min(cifs_sb->wsize,
2871                               (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE));
2872        if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
2873                cifs_sb->rsize = min(cifs_sb->rsize,
2874                               (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE));
2875
2876remote_path_check:
2877        /* check if a whole path (including prepath) is not remote */
2878        if (!rc && tcon) {
2879                /* build_path_to_root works only when we have a valid tcon */
2880                full_path = cifs_build_path_to_root(cifs_sb, tcon);
2881                if (full_path == NULL) {
2882                        rc = -ENOMEM;
2883                        goto mount_fail_check;
2884                }
2885                rc = is_path_accessible(xid, tcon, cifs_sb, full_path);
2886                if (rc != 0 && rc != -EREMOTE) {
2887                        kfree(full_path);
2888                        goto mount_fail_check;
2889                }
2890                kfree(full_path);
2891        }
2892
2893        /* get referral if needed */
2894        if (rc == -EREMOTE) {
2895#ifdef CONFIG_CIFS_DFS_UPCALL
2896                if (referral_walks_count > MAX_NESTED_LINKS) {
2897                        /*
2898                         * BB: when we implement proper loop detection,
2899                         *     we will remove this check. But now we need it
2900                         *     to prevent an indefinite loop if 'DFS tree' is
2901                         *     misconfigured (i.e. has loops).
2902                         */
2903                        rc = -ELOOP;
2904                        goto mount_fail_check;
2905                }
2906                /* convert forward to back slashes in prepath here if needed */
2907                if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0)
2908                        convert_delimiter(cifs_sb->prepath,
2909                                        CIFS_DIR_SEP(cifs_sb));
2910                full_path = build_unc_path_to_root(volume_info, cifs_sb);
2911                if (IS_ERR(full_path)) {
2912                        rc = PTR_ERR(full_path);
2913                        goto mount_fail_check;
2914                }
2915
2916                cFYI(1, "Getting referral for: %s", full_path);
2917                rc = get_dfs_path(xid, pSesInfo , full_path + 1,
2918                        cifs_sb->local_nls, &num_referrals, &referrals,
2919                        cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR);
2920                if (!rc && num_referrals > 0) {
2921                        char *fake_devname = NULL;
2922
2923                        if (mount_data != mount_data_global)
2924                                kfree(mount_data);
2925
2926                        mount_data = cifs_compose_mount_options(
2927                                        cifs_sb->mountdata, full_path + 1,
2928                                        referrals, &fake_devname);
2929
2930                        free_dfs_info_array(referrals, num_referrals);
2931                        kfree(fake_devname);
2932                        kfree(full_path);
2933
2934                        if (IS_ERR(mount_data)) {
2935                                rc = PTR_ERR(mount_data);
2936                                mount_data = NULL;
2937                                goto mount_fail_check;
2938                        }
2939
2940                        if (tcon)
2941                                cifs_put_tcon(tcon);
2942                        else if (pSesInfo)
2943                                cifs_put_smb_ses(pSesInfo);
2944
2945                        cleanup_volume_info(&volume_info);
2946                        referral_walks_count++;
2947                        FreeXid(xid);
2948                        goto try_mount_again;
2949                }
2950#else /* No DFS support, return error on mount */
2951                rc = -EOPNOTSUPP;
2952#endif
2953        }
2954
2955        if (rc)
2956                goto mount_fail_check;
2957
2958        /* now, hang the tcon off of the superblock */
2959        tlink = kzalloc(sizeof *tlink, GFP_KERNEL);
2960        if (tlink == NULL) {
2961                rc = -ENOMEM;
2962                goto mount_fail_check;
2963        }
2964
2965        tlink->tl_uid = pSesInfo->linux_uid;
2966        tlink->tl_tcon = tcon;
2967        tlink->tl_time = jiffies;
2968        set_bit(TCON_LINK_MASTER, &tlink->tl_flags);
2969        set_bit(TCON_LINK_IN_TREE, &tlink->tl_flags);
2970
2971        cifs_sb->master_tlink = tlink;
2972        spin_lock(&cifs_sb->tlink_tree_lock);
2973        tlink_rb_insert(&cifs_sb->tlink_tree, tlink);
2974        spin_unlock(&cifs_sb->tlink_tree_lock);
2975
2976        queue_delayed_work(system_nrt_wq, &cifs_sb->prune_tlinks,
2977                                TLINK_IDLE_EXPIRE);
2978
2979mount_fail_check:
2980        /* on error free sesinfo and tcon struct if needed */
2981        if (rc) {
2982                if (mount_data != mount_data_global)
2983                        kfree(mount_data);
2984                /* If find_unc succeeded then rc == 0 so we can not end */
2985                /* up accidentally freeing someone elses tcon struct */
2986                if (tcon)
2987                        cifs_put_tcon(tcon);
2988                else if (pSesInfo)
2989                        cifs_put_smb_ses(pSesInfo);
2990                else
2991                        cifs_put_tcp_session(srvTcp);
2992                goto out;
2993        }
2994
2995        /* volume_info->password is freed above when existing session found
2996        (in which case it is not needed anymore) but when new sesion is created
2997        the password ptr is put in the new session structure (in which case the
2998        password will be freed at unmount time) */
2999out:
3000        /* zero out password before freeing */
3001        cleanup_volume_info(&volume_info);
3002        FreeXid(xid);
3003        return rc;
3004}
3005
3006int
3007CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3008         const char *tree, struct cifsTconInfo *tcon,
3009         const struct nls_table *nls_codepage)
3010{
3011        struct smb_hdr *smb_buffer;
3012        struct smb_hdr *smb_buffer_response;
3013        TCONX_REQ *pSMB;
3014        TCONX_RSP *pSMBr;
3015        unsigned char *bcc_ptr;
3016        int rc = 0;
3017        int length;
3018        __u16 bytes_left, count;
3019
3020        if (ses == NULL)
3021                return -EIO;
3022
3023        smb_buffer = cifs_buf_get();
3024        if (smb_buffer == NULL)
3025                return -ENOMEM;
3026
3027        smb_buffer_response = smb_buffer;
3028
3029        header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3030                        NULL /*no tid */ , 4 /*wct */ );
3031
3032        smb_buffer->Mid = GetNextMid(ses->server);
3033        smb_buffer->Uid = ses->Suid;
3034        pSMB = (TCONX_REQ *) smb_buffer;
3035        pSMBr = (TCONX_RSP *) smb_buffer_response;
3036
3037        pSMB->AndXCommand = 0xFF;
3038        pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
3039        bcc_ptr = &pSMB->Password[0];
3040        if ((ses->server->secMode) & SECMODE_USER) {
3041                pSMB->PasswordLength = cpu_to_le16(1);  /* minimum */
3042                *bcc_ptr = 0; /* password is null byte */
3043                bcc_ptr++;              /* skip password */
3044                /* already aligned so no need to do it below */
3045        } else {
3046                pSMB->PasswordLength = cpu_to_le16(CIFS_AUTH_RESP_SIZE);
3047                /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3048                   specified as required (when that support is added to
3049                   the vfs in the future) as only NTLM or the much
3050                   weaker LANMAN (which we do not send by default) is accepted
3051                   by Samba (not sure whether other servers allow
3052                   NTLMv2 password here) */
3053#ifdef CONFIG_CIFS_WEAK_PW_HASH
3054                if ((global_secflags & CIFSSEC_MAY_LANMAN) &&
3055                    (ses->server->secType == LANMAN))
3056                        calc_lanman_hash(tcon->password, ses->server->cryptkey,
3057                                         ses->server->secMode &
3058                                            SECMODE_PW_ENCRYPT ? true : false,
3059                                         bcc_ptr);
3060                else
3061#endif /* CIFS_WEAK_PW_HASH */
3062                rc = SMBNTencrypt(tcon->password, ses->server->cryptkey,
3063                                        bcc_ptr);
3064
3065                bcc_ptr += CIFS_AUTH_RESP_SIZE;
3066                if (ses->capabilities & CAP_UNICODE) {
3067                        /* must align unicode strings */
3068                        *bcc_ptr = 0; /* null byte password */
3069                        bcc_ptr++;
3070                }
3071        }
3072
3073        if (ses->server->secMode &
3074                        (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3075                smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3076
3077        if (ses->capabilities & CAP_STATUS32) {
3078                smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3079        }
3080        if (ses->capabilities & CAP_DFS) {
3081                smb_buffer->Flags2 |= SMBFLG2_DFS;
3082        }
3083        if (ses->capabilities & CAP_UNICODE) {
3084                smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3085                length =
3086                    cifs_strtoUCS((__le16 *) bcc_ptr, tree,
3087                        6 /* max utf8 char length in bytes */ *
3088                        (/* server len*/ + 256 /* share len */), nls_codepage);
3089                bcc_ptr += 2 * length;  /* convert num 16 bit words to bytes */
3090                bcc_ptr += 2;   /* skip trailing null */
3091        } else {                /* ASCII */
3092                strcpy(bcc_ptr, tree);
3093                bcc_ptr += strlen(tree) + 1;
3094        }
3095        strcpy(bcc_ptr, "?????");
3096        bcc_ptr += strlen("?????");
3097        bcc_ptr += 1;
3098        count = bcc_ptr - &pSMB->Password[0];
3099        pSMB->hdr.smb_buf_length += count;
3100        pSMB->ByteCount = cpu_to_le16(count);
3101
3102        rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length,
3103                         0);
3104
3105        /* above now done in SendReceive */
3106        if ((rc == 0) && (tcon != NULL)) {
3107                bool is_unicode;
3108
3109                tcon->tidStatus = CifsGood;
3110                tcon->need_reconnect = false;
3111                tcon->tid = smb_buffer_response->Tid;
3112                bcc_ptr = pByteArea(smb_buffer_response);
3113                bytes_left = get_bcc(smb_buffer_response);
3114                length = strnlen(bcc_ptr, bytes_left - 2);
3115                if (smb_buffer->Flags2 & SMBFLG2_UNICODE)
3116                        is_unicode = true;
3117                else
3118                        is_unicode = false;
3119
3120
3121                /* skip service field (NB: this field is always ASCII) */
3122                if (length == 3) {
3123                        if ((bcc_ptr[0] == 'I') && (bcc_ptr[1] == 'P') &&
3124                            (bcc_ptr[2] == 'C')) {
3125                                cFYI(1, "IPC connection");
3126                                tcon->ipc = 1;
3127                        }
3128                } else if (length == 2) {
3129                        if ((bcc_ptr[0] == 'A') && (bcc_ptr[1] == ':')) {
3130                                /* the most common case */
3131                                cFYI(1, "disk share connection");
3132                        }
3133                }
3134                bcc_ptr += length + 1;
3135                bytes_left -= (length + 1);
3136                strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3137
3138                /* mostly informational -- no need to fail on error here */
3139                kfree(tcon->nativeFileSystem);
3140                tcon->nativeFileSystem = cifs_strndup_from_ucs(bcc_ptr,
3141                                                      bytes_left, is_unicode,
3142                                                      nls_codepage);
3143
3144                cFYI(1, "nativeFileSystem=%s", tcon->nativeFileSystem);
3145
3146                if ((smb_buffer_response->WordCount == 3) ||
3147                         (smb_buffer_response->WordCount == 7))
3148                        /* field is in same location */
3149                        tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3150                else
3151                        tcon->Flags = 0;
3152                cFYI(1, "Tcon flags: 0x%x ", tcon->Flags);
3153        } else if ((rc == 0) && tcon == NULL) {
3154                /* all we need to save for IPC$ connection */
3155                ses->ipc_tid = smb_buffer_response->Tid;
3156        }
3157
3158        cifs_buf_release(smb_buffer);
3159        return rc;
3160}
3161
3162int
3163cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3164{
3165        struct rb_root *root = &cifs_sb->tlink_tree;
3166        struct rb_node *node;
3167        struct tcon_link *tlink;
3168        char *tmp;
3169
3170        cancel_delayed_work_sync(&cifs_sb->prune_tlinks);
3171
3172        spin_lock(&cifs_sb->tlink_tree_lock);
3173        while ((node = rb_first(root))) {
3174                tlink = rb_entry(node, struct tcon_link, tl_rbnode);
3175                cifs_get_tlink(tlink);
3176                clear_bit(TCON_LINK_IN_TREE, &tlink->tl_flags);
3177                rb_erase(node, root);
3178
3179                spin_unlock(&cifs_sb->tlink_tree_lock);
3180                cifs_put_tlink(tlink);
3181                spin_lock(&cifs_sb->tlink_tree_lock);
3182        }
3183        spin_unlock(&cifs_sb->tlink_tree_lock);
3184
3185        tmp = cifs_sb->prepath;
3186        cifs_sb->prepathlen = 0;
3187        cifs_sb->prepath = NULL;
3188        kfree(tmp);
3189
3190        return 0;
3191}
3192
3193int cifs_negotiate_protocol(unsigned int xid, struct cifsSesInfo *ses)
3194{
3195        int rc = 0;
3196        struct TCP_Server_Info *server = ses->server;
3197
3198        /* only send once per connect */
3199        if (server->maxBuf != 0)
3200                return 0;
3201
3202        rc = CIFSSMBNegotiate(xid, ses);
3203        if (rc == -EAGAIN) {
3204                /* retry only once on 1st time connection */
3205                rc = CIFSSMBNegotiate(xid, ses);
3206                if (rc == -EAGAIN)
3207                        rc = -EHOSTDOWN;
3208        }
3209        if (rc == 0) {
3210                spin_lock(&GlobalMid_Lock);
3211                if (server->tcpStatus != CifsExiting)
3212                        server->tcpStatus = CifsGood;
3213                else
3214                        rc = -EHOSTDOWN;
3215                spin_unlock(&GlobalMid_Lock);
3216
3217        }
3218
3219        return rc;
3220}
3221
3222
3223int cifs_setup_session(unsigned int xid, struct cifsSesInfo *ses,
3224                        struct nls_table *nls_info)
3225{
3226        int rc = 0;
3227        struct TCP_Server_Info *server = ses->server;
3228
3229        ses->flags = 0;
3230        ses->capabilities = server->capabilities;
3231        if (linuxExtEnabled == 0)
3232                ses->capabilities &= (~CAP_UNIX);
3233
3234        cFYI(1, "Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d",
3235                 server->secMode, server->capabilities, server->timeAdj);
3236
3237        rc = CIFS_SessSetup(xid, ses, nls_info);
3238        if (rc) {
3239                cERROR(1, "Send error in SessSetup = %d", rc);
3240        } else {
3241                mutex_lock(&ses->server->srv_mutex);
3242                if (!server->session_estab) {
3243                        server->session_key.response = ses->auth_key.response;
3244                        server->session_key.len = ses->auth_key.len;
3245                        server->sequence_number = 0x2;
3246                        server->session_estab = true;
3247                        ses->auth_key.response = NULL;
3248                }
3249                mutex_unlock(&server->srv_mutex);
3250
3251                cFYI(1, "CIFS Session Established successfully");
3252                spin_lock(&GlobalMid_Lock);
3253                ses->status = CifsGood;
3254                ses->need_reconnect = false;
3255                spin_unlock(&GlobalMid_Lock);
3256        }
3257
3258        kfree(ses->auth_key.response);
3259        ses->auth_key.response = NULL;
3260        ses->auth_key.len = 0;
3261        kfree(ses->ntlmssp);
3262        ses->ntlmssp = NULL;
3263
3264        return rc;
3265}
3266
3267static struct cifsTconInfo *
3268cifs_construct_tcon(struct cifs_sb_info *cifs_sb, uid_t fsuid)
3269{
3270        struct cifsTconInfo *master_tcon = cifs_sb_master_tcon(cifs_sb);
3271        struct cifsSesInfo *ses;
3272        struct cifsTconInfo *tcon = NULL;
3273        struct smb_vol *vol_info;
3274        char username[MAX_USERNAME_SIZE + 1];
3275
3276        vol_info = kzalloc(sizeof(*vol_info), GFP_KERNEL);
3277        if (vol_info == NULL) {
3278                tcon = ERR_PTR(-ENOMEM);
3279                goto out;
3280        }
3281
3282        snprintf(username, MAX_USERNAME_SIZE, "krb50x%x", fsuid);
3283        vol_info->username = username;
3284        vol_info->local_nls = cifs_sb->local_nls;
3285        vol_info->linux_uid = fsuid;
3286        vol_info->cred_uid = fsuid;
3287        vol_info->UNC = master_tcon->treeName;
3288        vol_info->retry = master_tcon->retry;
3289        vol_info->nocase = master_tcon->nocase;
3290        vol_info->local_lease = master_tcon->local_lease;
3291        vol_info->no_linux_ext = !master_tcon->unix_ext;
3292
3293        /* FIXME: allow for other secFlg settings */
3294        vol_info->secFlg = CIFSSEC_MUST_KRB5;
3295
3296        /* get a reference for the same TCP session */
3297        spin_lock(&cifs_tcp_ses_lock);
3298        ++master_tcon->ses->server->srv_count;
3299        spin_unlock(&cifs_tcp_ses_lock);
3300
3301        ses = cifs_get_smb_ses(master_tcon->ses->server, vol_info);
3302        if (IS_ERR(ses)) {
3303                tcon = (struct cifsTconInfo *)ses;
3304                cifs_put_tcp_session(master_tcon->ses->server);
3305                goto out;
3306        }
3307
3308        tcon = cifs_get_tcon(ses, vol_info);
3309        if (IS_ERR(tcon)) {
3310                cifs_put_smb_ses(ses);
3311                goto out;
3312        }
3313
3314        if (ses->capabilities & CAP_UNIX)
3315                reset_cifs_unix_caps(0, tcon, NULL, vol_info);
3316out:
3317        kfree(vol_info);
3318
3319        return tcon;
3320}
3321
3322static inline struct tcon_link *
3323cifs_sb_master_tlink(struct cifs_sb_info *cifs_sb)
3324{
3325        return cifs_sb->master_tlink;
3326}
3327
3328struct cifsTconInfo *
3329cifs_sb_master_tcon(struct cifs_sb_info *cifs_sb)
3330{
3331        return tlink_tcon(cifs_sb_master_tlink(cifs_sb));
3332}
3333
3334static int
3335cifs_sb_tcon_pending_wait(void *unused)
3336{
3337        schedule();
3338        return signal_pending(current) ? -ERESTARTSYS : 0;
3339}
3340
3341/* find and return a tlink with given uid */
3342static struct tcon_link *
3343tlink_rb_search(struct rb_root *root, uid_t uid)
3344{
3345        struct rb_node *node = root->rb_node;
3346        struct tcon_link *tlink;
3347
3348        while (node) {
3349                tlink = rb_entry(node, struct tcon_link, tl_rbnode);
3350
3351                if (tlink->tl_uid > uid)
3352                        node = node->rb_left;
3353                else if (tlink->tl_uid < uid)
3354                        node = node->rb_right;
3355                else
3356                        return tlink;
3357        }
3358        return NULL;
3359}
3360
3361/* insert a tcon_link into the tree */
3362static void
3363tlink_rb_insert(struct rb_root *root, struct tcon_link *new_tlink)
3364{
3365        struct rb_node **new = &(root->rb_node), *parent = NULL;
3366        struct tcon_link *tlink;
3367
3368        while (*new) {
3369                tlink = rb_entry(*new, struct tcon_link, tl_rbnode);
3370                parent = *new;
3371
3372                if (tlink->tl_uid > new_tlink->tl_uid)
3373                        new = &((*new)->rb_left);
3374                else
3375                        new = &((*new)->rb_right);
3376        }
3377
3378        rb_link_node(&new_tlink->tl_rbnode, parent, new);
3379        rb_insert_color(&new_tlink->tl_rbnode, root);
3380}
3381
3382/*
3383 * Find or construct an appropriate tcon given a cifs_sb and the fsuid of the
3384 * current task.
3385 *
3386 * If the superblock doesn't refer to a multiuser mount, then just return
3387 * the master tcon for the mount.
3388 *
3389 * First, search the rbtree for an existing tcon for this fsuid. If one
3390 * exists, then check to see if it's pending construction. If it is then wait
3391 * for construction to complete. Once it's no longer pending, check to see if
3392 * it failed and either return an error or retry construction, depending on
3393 * the timeout.
3394 *
3395 * If one doesn't exist then insert a new tcon_link struct into the tree and
3396 * try to construct a new one.
3397 */
3398struct tcon_link *
3399cifs_sb_tlink(struct cifs_sb_info *cifs_sb)
3400{
3401        int ret;
3402        uid_t fsuid = current_fsuid();
3403        struct tcon_link *tlink, *newtlink;
3404
3405        if (!(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MULTIUSER))
3406                return cifs_get_tlink(cifs_sb_master_tlink(cifs_sb));
3407
3408        spin_lock(&cifs_sb->tlink_tree_lock);
3409        tlink = tlink_rb_search(&cifs_sb->tlink_tree, fsuid);
3410        if (tlink)
3411                cifs_get_tlink(tlink);
3412        spin_unlock(&cifs_sb->tlink_tree_lock);
3413
3414        if (tlink == NULL) {
3415                newtlink = kzalloc(sizeof(*tlink), GFP_KERNEL);
3416                if (newtlink == NULL)
3417                        return ERR_PTR(-ENOMEM);
3418                newtlink->tl_uid = fsuid;
3419                newtlink->tl_tcon = ERR_PTR(-EACCES);
3420                set_bit(TCON_LINK_PENDING, &newtlink->tl_flags);
3421                set_bit(TCON_LINK_IN_TREE, &newtlink->tl_flags);
3422                cifs_get_tlink(newtlink);
3423
3424                spin_lock(&cifs_sb->tlink_tree_lock);
3425                /* was one inserted after previous search? */
3426                tlink = tlink_rb_search(&cifs_sb->tlink_tree, fsuid);
3427                if (tlink) {
3428                        cifs_get_tlink(tlink);
3429                        spin_unlock(&cifs_sb->tlink_tree_lock);
3430                        kfree(newtlink);
3431                        goto wait_for_construction;
3432                }
3433                tlink = newtlink;
3434                tlink_rb_insert(&cifs_sb->tlink_tree, tlink);
3435                spin_unlock(&cifs_sb->tlink_tree_lock);
3436        } else {
3437wait_for_construction:
3438                ret = wait_on_bit(&tlink->tl_flags, TCON_LINK_PENDING,
3439                                  cifs_sb_tcon_pending_wait,
3440                                  TASK_INTERRUPTIBLE);
3441                if (ret) {
3442                        cifs_put_tlink(tlink);
3443                        return ERR_PTR(ret);
3444                }
3445
3446                /* if it's good, return it */
3447                if (!IS_ERR(tlink->tl_tcon))
3448                        return tlink;
3449
3450                /* return error if we tried this already recently */
3451                if (time_before(jiffies, tlink->tl_time + TLINK_ERROR_EXPIRE)) {
3452                        cifs_put_tlink(tlink);
3453                        return ERR_PTR(-EACCES);
3454                }
3455
3456                if (test_and_set_bit(TCON_LINK_PENDING, &tlink->tl_flags))
3457                        goto wait_for_construction;
3458        }
3459
3460        tlink->tl_tcon = cifs_construct_tcon(cifs_sb, fsuid);
3461        clear_bit(TCON_LINK_PENDING, &tlink->tl_flags);
3462        wake_up_bit(&tlink->tl_flags, TCON_LINK_PENDING);
3463
3464        if (IS_ERR(tlink->tl_tcon)) {
3465                cifs_put_tlink(tlink);
3466                return ERR_PTR(-EACCES);
3467        }
3468
3469        return tlink;
3470}
3471
3472/*
3473 * periodic workqueue job that scans tcon_tree for a superblock and closes
3474 * out tcons.
3475 */
3476static void
3477cifs_prune_tlinks(struct work_struct *work)
3478{
3479        struct cifs_sb_info *cifs_sb = container_of(work, struct cifs_sb_info,
3480                                                    prune_tlinks.work);
3481        struct rb_root *root = &cifs_sb->tlink_tree;
3482        struct rb_node *node = rb_first(root);
3483        struct rb_node *tmp;
3484        struct tcon_link *tlink;
3485
3486        /*
3487         * Because we drop the spinlock in the loop in order to put the tlink
3488         * it's not guarded against removal of links from the tree. The only
3489         * places that remove entries from the tree are this function and
3490         * umounts. Because this function is non-reentrant and is canceled
3491         * before umount can proceed, this is safe.
3492         */
3493        spin_lock(&cifs_sb->tlink_tree_lock);
3494        node = rb_first(root);
3495        while (node != NULL) {
3496                tmp = node;
3497                node = rb_next(tmp);
3498                tlink = rb_entry(tmp, struct tcon_link, tl_rbnode);
3499
3500                if (test_bit(TCON_LINK_MASTER, &tlink->tl_flags) ||
3501                    atomic_read(&tlink->tl_count) != 0 ||
3502                    time_after(tlink->tl_time + TLINK_IDLE_EXPIRE, jiffies))
3503                        continue;
3504
3505                cifs_get_tlink(tlink);
3506                clear_bit(TCON_LINK_IN_TREE, &tlink->tl_flags);
3507                rb_erase(tmp, root);
3508
3509                spin_unlock(&cifs_sb->tlink_tree_lock);
3510                cifs_put_tlink(tlink);
3511                spin_lock(&cifs_sb->tlink_tree_lock);
3512        }
3513        spin_unlock(&cifs_sb->tlink_tree_lock);
3514
3515        queue_delayed_work(system_nrt_wq, &cifs_sb->prune_tlinks,
3516                                TLINK_IDLE_EXPIRE);
3517}
3518