Merge branch '3.2-without-smb2' of git://git.samba.org/sfrench/cifs-2.6

create cifs.spnego * * /usr/local/sbin/cifs.upcall %k

create dns_resolver * * /usr/local/sbin/cifs.upcall %k

CIFS kernel module parameters

=============================

These module parameters can be specified or modified either during the time of

module loading or during the runtime by using the interface

	/proc/module/cifs/parameters/<param>

i.e. echo "value" > /sys/module/cifs/parameters/<param>

1. echo_retries - The number of echo attempts before giving up and

		  reconnecting to the server. The default is 5. The value 0

		  means never reconnect.

2. enable_oplocks - Enable or disable oplocks. Oplocks are enabled by default.

		    [Y/y/1]. To disable use any of [N/n/0].

static int cifs_oplock_proc_show(struct seq_file *m, void *v)

{

	seq_printf(m, "%d\n", oplockEnabled);

	seq_printf(m, "%d\n", enable_oplocks);

	return 0;

}

	char c;

	int rc;

	printk(KERN_WARNING "CIFS: The /proc/fs/cifs/OplockEnabled interface "

	       "will be removed in kernel version 3.4. Please migrate to "

	       "using the 'enable_oplocks' module parameter in cifs.ko.\n");

	rc = get_user(c, buffer);

	if (rc)

		return rc;

	if (c == '0' || c == 'n' || c == 'N')

		oplockEnabled = 0;

		enable_oplocks = false;

	else if (c == '1' || c == 'y' || c == 'Y')

		oplockEnabled = 1;

		enable_oplocks = true;

	return count;

}

#define CIFS_MOUNT_STRICT_IO	0x40000 /* strict cache mode */

#define CIFS_MOUNT_RWPIDFORWARD	0x80000 /* use pid forwarding for rw */

#define CIFS_MOUNT_POSIXACL	0x100000 /* mirror of MS_POSIXACL in mnt_cifs_flags */

#define CIFS_MOUNT_CIFS_BACKUPUID 0x200000 /* backup intent bit for a user */

#define CIFS_MOUNT_CIFS_BACKUPGID 0x400000 /* backup intent bit for a group */

struct cifs_sb_info {

	struct rb_root tlink_tree;

	atomic_t active;

	uid_t	mnt_uid;

	gid_t	mnt_gid;

	uid_t	mnt_backupuid;

	gid_t	mnt_backupgid;

	mode_t	mnt_file_mode;

	mode_t	mnt_dir_mode;

	unsigned int mnt_cifs_flags;

	shrink_idmap_tree(root, nr_to_scan, &nr_rem, &nr_del);

	spin_unlock(&sidgidlock);

	root = &siduidtree;

	spin_lock(&uidsidlock);

	shrink_idmap_tree(root, nr_to_scan, &nr_rem, &nr_del);

	spin_unlock(&uidsidlock);

	root = &sidgidtree;

	spin_lock(&gidsidlock);

	shrink_idmap_tree(root, nr_to_scan, &nr_rem, &nr_del);

	spin_unlock(&gidsidlock);

	return nr_rem;

}

static void

sid_rb_insert(struct rb_root *root, unsigned long cid,

		struct cifs_sid_id **psidid, char *typestr)

{

	char *strptr;

	struct rb_node *node = root->rb_node;

	struct rb_node *parent = NULL;

	struct rb_node **linkto = &(root->rb_node);

	struct cifs_sid_id *lsidid;

	while (node) {

		lsidid = rb_entry(node, struct cifs_sid_id, rbnode);

		parent = node;

		if (cid > lsidid->id) {

			linkto = &(node->rb_left);

			node = node->rb_left;

		}

		if (cid < lsidid->id) {

			linkto = &(node->rb_right);

			node = node->rb_right;

		}

	}

	(*psidid)->id = cid;

	(*psidid)->time = jiffies - (SID_MAP_RETRY + 1);

	(*psidid)->refcount = 0;

	sprintf((*psidid)->sidstr, "%s", typestr);

	strptr = (*psidid)->sidstr + strlen((*psidid)->sidstr);

	sprintf(strptr, "%ld", cid);

	clear_bit(SID_ID_PENDING, &(*psidid)->state);

	clear_bit(SID_ID_MAPPED, &(*psidid)->state);

	rb_link_node(&(*psidid)->rbnode, parent, linkto);

	rb_insert_color(&(*psidid)->rbnode, root);

}

static struct cifs_sid_id *

sid_rb_search(struct rb_root *root, unsigned long cid)

{

	struct rb_node *node = root->rb_node;

	struct cifs_sid_id *lsidid;

	while (node) {

		lsidid = rb_entry(node, struct cifs_sid_id, rbnode);

		if (cid > lsidid->id)

			node = node->rb_left;

		else if (cid < lsidid->id)

			node = node->rb_right;

		else /* node found */

			return lsidid;

	}

	return NULL;

}

static struct shrinker cifs_shrinker = {

	.shrink = cifs_idmap_shrinker,

	.seeks = DEFAULT_SEEKS,

	memcpy(payload, data, datalen);

	key->payload.data = payload;

	key->datalen = datalen;

	return 0;

}

	return signal_pending(current) ? -ERESTARTSYS : 0;

}

static int

id_to_sid(unsigned long cid, uint sidtype, struct cifs_sid *ssid)

{

	int rc = 0;

	struct key *sidkey;

	const struct cred *saved_cred;

	struct cifs_sid *lsid;

	struct cifs_sid_id *psidid, *npsidid;

	struct rb_root *cidtree;

	spinlock_t *cidlock;

	if (sidtype == SIDOWNER) {

		cidlock = &siduidlock;

		cidtree = &uidtree;

	} else if (sidtype == SIDGROUP) {

		cidlock = &sidgidlock;

		cidtree = &gidtree;

	} else

		return -EINVAL;

	spin_lock(cidlock);

	psidid = sid_rb_search(cidtree, cid);

	if (!psidid) { /* node does not exist, allocate one & attempt adding */

		spin_unlock(cidlock);

		npsidid = kzalloc(sizeof(struct cifs_sid_id), GFP_KERNEL);

		if (!npsidid)

			return -ENOMEM;

		npsidid->sidstr = kmalloc(SIDLEN, GFP_KERNEL);

		if (!npsidid->sidstr) {

			kfree(npsidid);

			return -ENOMEM;

		}

		spin_lock(cidlock);

		psidid = sid_rb_search(cidtree, cid);

		if (psidid) { /* node happened to get inserted meanwhile */

			++psidid->refcount;

			spin_unlock(cidlock);

			kfree(npsidid->sidstr);

			kfree(npsidid);

		} else {

			psidid = npsidid;

			sid_rb_insert(cidtree, cid, &psidid,

					sidtype == SIDOWNER ? "oi:" : "gi:");

			++psidid->refcount;

			spin_unlock(cidlock);

		}

	} else {

		++psidid->refcount;

		spin_unlock(cidlock);

	}

	/*

	 * If we are here, it is safe to access psidid and its fields

	 * since a reference was taken earlier while holding the spinlock.

	 * A reference on the node is put without holding the spinlock

	 * and it is OK to do so in this case, shrinker will not erase

	 * this node until all references are put and we do not access

	 * any fields of the node after a reference is put .

	 */

	if (test_bit(SID_ID_MAPPED, &psidid->state)) {

		memcpy(ssid, &psidid->sid, sizeof(struct cifs_sid));

		psidid->time = jiffies; /* update ts for accessing */

		goto id_sid_out;

	}

	if (time_after(psidid->time + SID_MAP_RETRY, jiffies)) {

		rc = -EINVAL;

		goto id_sid_out;

	}

	if (!test_and_set_bit(SID_ID_PENDING, &psidid->state)) {

		saved_cred = override_creds(root_cred);

		sidkey = request_key(&cifs_idmap_key_type, psidid->sidstr, "");

		if (IS_ERR(sidkey)) {

			rc = -EINVAL;

			cFYI(1, "%s: Can't map and id to a SID", __func__);

		} else {

			lsid = (struct cifs_sid *)sidkey->payload.data;

			memcpy(&psidid->sid, lsid,

				sidkey->datalen < sizeof(struct cifs_sid) ?

				sidkey->datalen : sizeof(struct cifs_sid));

			memcpy(ssid, &psidid->sid,

				sidkey->datalen < sizeof(struct cifs_sid) ?

				sidkey->datalen : sizeof(struct cifs_sid));

			set_bit(SID_ID_MAPPED, &psidid->state);

			key_put(sidkey);

			kfree(psidid->sidstr);

		}

		psidid->time = jiffies; /* update ts for accessing */

		revert_creds(saved_cred);

		clear_bit(SID_ID_PENDING, &psidid->state);

		wake_up_bit(&psidid->state, SID_ID_PENDING);

	} else {

		rc = wait_on_bit(&psidid->state, SID_ID_PENDING,

				sidid_pending_wait, TASK_INTERRUPTIBLE);

		if (rc) {

			cFYI(1, "%s: sidid_pending_wait interrupted %d",

					__func__, rc);

			--psidid->refcount;

			return rc;

		}

		if (test_bit(SID_ID_MAPPED, &psidid->state))

			memcpy(ssid, &psidid->sid, sizeof(struct cifs_sid));

		else

			rc = -EINVAL;

	}

id_sid_out:

	--psidid->refcount;

	return rc;

}

static int

sid_to_id(struct cifs_sb_info *cifs_sb, struct cifs_sid *psid,

		struct cifs_fattr *fattr, uint sidtype)

	spin_lock_init(&sidgidlock);

	gidtree = RB_ROOT;

	spin_lock_init(&uidsidlock);

	siduidtree = RB_ROOT;

	spin_lock_init(&gidsidlock);

	sidgidtree = RB_ROOT;

	register_shrinker(&cifs_shrinker);

	cFYI(1, "cifs idmap keyring: %d\n", key_serial(keyring));

	while ((node = rb_first(root)))

		rb_erase(node, root);

	spin_unlock(&sidgidlock);

	root = &siduidtree;

	spin_lock(&uidsidlock);

	while ((node = rb_first(root)))

		rb_erase(node, root);

	spin_unlock(&uidsidlock);

	root = &sidgidtree;

	spin_lock(&gidsidlock);

	while ((node = rb_first(root)))

		rb_erase(node, root);

	spin_unlock(&gidsidlock);

}

/* if the two SIDs (roughly equivalent to a UUID for a user or group) are

	else

		cFYI(1, "no ACL"); /* BB grant all or default perms? */

/*	cifscred->uid = owner_sid_ptr->rid;

	cifscred->gid = group_sid_ptr->rid;

	memcpy((void *)(&(cifscred->osid)), (void *)owner_sid_ptr,

			sizeof(struct cifs_sid));

	memcpy((void *)(&(cifscred->gsid)), (void *)group_sid_ptr,

			sizeof(struct cifs_sid)); */

	return rc;

}

/* Convert permission bits from mode to equivalent CIFS ACL */

static int build_sec_desc(struct cifs_ntsd *pntsd, struct cifs_ntsd *pnntsd,

				struct inode *inode, __u64 nmode)

	__u32 secdesclen, __u64 nmode, uid_t uid, gid_t gid, int *aclflag)

{

	int rc = 0;

	__u32 dacloffset;

	__u32 ndacloffset;

	__u32 sidsoffset;

	struct cifs_sid *owner_sid_ptr, *group_sid_ptr;

	struct cifs_sid *nowner_sid_ptr, *ngroup_sid_ptr;

	struct cifs_acl *dacl_ptr = NULL;  /* no need for SACL ptr */

	struct cifs_acl *ndacl_ptr = NULL; /* no need for SACL ptr */

	if ((inode == NULL) || (pntsd == NULL) || (pnntsd == NULL))

		return -EIO;

	if (nmode != NO_CHANGE_64) { /* chmod */

		owner_sid_ptr = (struct cifs_sid *)((char *)pntsd +

				le32_to_cpu(pntsd->osidoffset));

		group_sid_ptr = (struct cifs_sid *)((char *)pntsd +

				le32_to_cpu(pntsd->gsidoffset));

		dacloffset = le32_to_cpu(pntsd->dacloffset);

		dacl_ptr = (struct cifs_acl *)((char *)pntsd + dacloffset);

		ndacloffset = sizeof(struct cifs_ntsd);

		ndacl_ptr = (struct cifs_acl *)((char *)pnntsd + ndacloffset);

		ndacl_ptr->revision = dacl_ptr->revision;

		ndacl_ptr->size = 0;

		ndacl_ptr->num_aces = 0;

	rc = set_chmod_dacl(ndacl_ptr, owner_sid_ptr, group_sid_ptr, nmode);

		rc = set_chmod_dacl(ndacl_ptr, owner_sid_ptr, group_sid_ptr,

					nmode);

		sidsoffset = ndacloffset + le16_to_cpu(ndacl_ptr->size);

	/* copy security descriptor control portion and owner and group sid */

		/* copy sec desc control portion & owner and group sids */

		copy_sec_desc(pntsd, pnntsd, sidsoffset);

		*aclflag = CIFS_ACL_DACL;

	} else {

		memcpy(pnntsd, pntsd, secdesclen);

		if (uid != NO_CHANGE_32) { /* chown */

			owner_sid_ptr = (struct cifs_sid *)((char *)pnntsd +

					le32_to_cpu(pnntsd->osidoffset));

			nowner_sid_ptr = kmalloc(sizeof(struct cifs_sid),

								GFP_KERNEL);

			if (!nowner_sid_ptr)

				return -ENOMEM;

			rc = id_to_sid(uid, SIDOWNER, nowner_sid_ptr);

			if (rc) {

				cFYI(1, "%s: Mapping error %d for owner id %d",

						__func__, rc, uid);

				kfree(nowner_sid_ptr);

				return rc;

			}

			memcpy(owner_sid_ptr, nowner_sid_ptr,

					sizeof(struct cifs_sid));

			kfree(nowner_sid_ptr);

			*aclflag = CIFS_ACL_OWNER;

		}

		if (gid != NO_CHANGE_32) { /* chgrp */

			group_sid_ptr = (struct cifs_sid *)((char *)pnntsd +

					le32_to_cpu(pnntsd->gsidoffset));

			ngroup_sid_ptr = kmalloc(sizeof(struct cifs_sid),

								GFP_KERNEL);

			if (!ngroup_sid_ptr)

				return -ENOMEM;

			rc = id_to_sid(gid, SIDGROUP, ngroup_sid_ptr);

			if (rc) {

				cFYI(1, "%s: Mapping error %d for group id %d",

						__func__, rc, gid);

				kfree(ngroup_sid_ptr);

				return rc;

			}

			memcpy(group_sid_ptr, ngroup_sid_ptr,

					sizeof(struct cifs_sid));

			kfree(ngroup_sid_ptr);

			*aclflag = CIFS_ACL_GROUP;

		}

	}

	return rc;

}

{

	struct cifs_ntsd *pntsd = NULL;

	int oplock = 0;

	int xid, rc;

	int xid, rc, create_options = 0;

	__u16 fid;

	struct cifs_tcon *tcon;

	struct tcon_link *tlink = cifs_sb_tlink(cifs_sb);

	tcon = tlink_tcon(tlink);

	xid = GetXid();

	rc = CIFSSMBOpen(xid, tcon, path, FILE_OPEN, READ_CONTROL, 0,

			 &fid, &oplock, NULL, cifs_sb->local_nls,

	if (backup_cred(cifs_sb))

		create_options |= CREATE_OPEN_BACKUP_INTENT;

	rc = CIFSSMBOpen(xid, tcon, path, FILE_OPEN, READ_CONTROL,

			create_options, &fid, &oplock, NULL, cifs_sb->local_nls,

			cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR);

	if (!rc) {

		rc = CIFSSMBGetCIFSACL(xid, tcon, fid, &pntsd, pacllen);

	return pntsd;

}

static int set_cifs_acl_by_path(struct cifs_sb_info *cifs_sb, const char *path,

		struct cifs_ntsd *pnntsd, u32 acllen)

 /* Set an ACL on the server */

int set_cifs_acl(struct cifs_ntsd *pnntsd, __u32 acllen,

			struct inode *inode, const char *path, int aclflag)

{

	int oplock = 0;

	int xid, rc;

	int xid, rc, access_flags, create_options = 0;

	__u16 fid;

	struct cifs_tcon *tcon;

	struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb);

	struct tcon_link *tlink = cifs_sb_tlink(cifs_sb);

	if (IS_ERR(tlink))

	tcon = tlink_tcon(tlink);

	xid = GetXid();

	rc = CIFSSMBOpen(xid, tcon, path, FILE_OPEN, WRITE_DAC, 0,

			 &fid, &oplock, NULL, cifs_sb->local_nls,

	if (backup_cred(cifs_sb))

		create_options |= CREATE_OPEN_BACKUP_INTENT;

	if (aclflag == CIFS_ACL_OWNER || aclflag == CIFS_ACL_GROUP)

		access_flags = WRITE_OWNER;

	else

		access_flags = WRITE_DAC;

	rc = CIFSSMBOpen(xid, tcon, path, FILE_OPEN, access_flags,

			create_options, &fid, &oplock, NULL, cifs_sb->local_nls,

			cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR);

	if (rc) {

		cERROR(1, "Unable to open file to set ACL");

		goto out;

	}

	rc = CIFSSMBSetCIFSACL(xid, tcon, fid, pnntsd, acllen);

	rc = CIFSSMBSetCIFSACL(xid, tcon, fid, pnntsd, acllen, aclflag);

	cFYI(DBG2, "SetCIFSACL rc = %d", rc);

	CIFSSMBClose(xid, tcon, fid);

	return rc;

}

/* Set an ACL on the server */

int set_cifs_acl(struct cifs_ntsd *pnntsd, __u32 acllen,

				struct inode *inode, const char *path)

{

	struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb);

	cFYI(DBG2, "set ACL for %s from mode 0x%x", path, inode->i_mode);

	return set_cifs_acl_by_path(cifs_sb, path, pnntsd, acllen);

}

/* Translate the CIFS ACL (simlar to NTFS ACL) for a file into mode bits */

int

cifs_acl_to_fattr(struct cifs_sb_info *cifs_sb, struct cifs_fattr *fattr,

}

/* Convert mode bits to an ACL so we can update the ACL on the server */

int mode_to_cifs_acl(struct inode *inode, const char *path, __u64 nmode)

int

id_mode_to_cifs_acl(struct inode *inode, const char *path, __u64 nmode,

			uid_t uid, gid_t gid)

{

	int rc = 0;

	int aclflag = CIFS_ACL_DACL; /* default flag to set */

	__u32 secdesclen = 0;

	struct cifs_ntsd *pntsd = NULL; /* acl obtained from server */

	struct cifs_ntsd *pnntsd = NULL; /* modified acl to be sent to server */

			return -ENOMEM;

		}

		rc = build_sec_desc(pntsd, pnntsd, inode, nmode);

		rc = build_sec_desc(pntsd, pnntsd, secdesclen, nmode, uid, gid,

					&aclflag);

		cFYI(DBG2, "build_sec_desc rc: %d", rc);

		if (!rc) {

			/* Set the security descriptor */

			rc = set_cifs_acl(pnntsd, secdesclen, inode, path);

			rc = set_cifs_acl(pnntsd, secdesclen, inode,

						path, aclflag);

			cFYI(DBG2, "set_cifs_acl rc: %d", rc);

		}

 * the sequence number before this function is called. Also, this function

 * should be called with the server->srv_mutex held.

 */

static int cifs_calculate_signature(const struct smb_hdr *cifs_pdu,

				struct TCP_Server_Info *server, char *signature)

{

	int rc;

	if (cifs_pdu == NULL || signature == NULL || server == NULL)

		return -EINVAL;

	if (!server->secmech.sdescmd5) {

		cERROR(1, "%s: Can't generate signature\n", __func__);

		return -1;

	}

	rc = crypto_shash_init(&server->secmech.sdescmd5->shash);

	if (rc) {

		cERROR(1, "%s: Could not init md5\n", __func__);

		return rc;

	}

	rc = crypto_shash_update(&server->secmech.sdescmd5->shash,

		server->session_key.response, server->session_key.len);

	if (rc) {

		cERROR(1, "%s: Could not update with response\n", __func__);

		return rc;

	}

	rc = crypto_shash_update(&server->secmech.sdescmd5->shash,

		cifs_pdu->Protocol, be32_to_cpu(cifs_pdu->smb_buf_length));

	if (rc) {

		cERROR(1, "%s: Could not update with payload\n", __func__);

		return rc;

	}

	rc = crypto_shash_final(&server->secmech.sdescmd5->shash, signature);

	if (rc)

		cERROR(1, "%s: Could not generate md5 hash\n", __func__);

	return rc;

}

/* must be called with server->srv_mutex held */

int cifs_sign_smb(struct smb_hdr *cifs_pdu, struct TCP_Server_Info *server,

		  __u32 *pexpected_response_sequence_number)

{

	int rc = 0;

	char smb_signature[20];

	if ((cifs_pdu == NULL) || (server == NULL))

		return -EINVAL;

	if (!(cifs_pdu->Flags2 & SMBFLG2_SECURITY_SIGNATURE) ||

	    server->tcpStatus == CifsNeedNegotiate)

		return rc;

	if (!server->session_estab) {

		strncpy(cifs_pdu->Signature.SecuritySignature, "BSRSPYL", 8);

		return rc;

	}

	cifs_pdu->Signature.Sequence.SequenceNumber =

			cpu_to_le32(server->sequence_number);

	cifs_pdu->Signature.Sequence.Reserved = 0;

	*pexpected_response_sequence_number = server->sequence_number++;

	server->sequence_number++;

	rc = cifs_calculate_signature(cifs_pdu, server, smb_signature);

	if (rc)

		memset(cifs_pdu->Signature.SecuritySignature, 0, 8);

	else

		memcpy(cifs_pdu->Signature.SecuritySignature, smb_signature, 8);

	return rc;

}

static int cifs_calc_signature2(const struct kvec *iov, int n_vec,

static int cifs_calc_signature(const struct kvec *iov, int n_vec,

			struct TCP_Server_Info *server, char *signature)

{

	int i;

{

	int rc = 0;

	char smb_signature[20];

	struct smb_hdr *cifs_pdu = iov[0].iov_base;

	struct smb_hdr *cifs_pdu = (struct smb_hdr *)iov[0].iov_base;

	if ((cifs_pdu == NULL) || (server == NULL))

		return -EINVAL;