Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6

	  mounted by the cifs client to be displayed in /proc/fs/cifs/Stats

config CIFS_STATS2

	bool "CIFS extended statistics"

	bool "Extended statistics"

	depends on CIFS_STATS

	help

	  Enabling this option will allow more detailed statistics on SMB

	  Unless you are a developer or are doing network performance analysis

	  or tuning, say N.

config CIFS_WEAK_PW_HASH

	bool "Support legacy servers which use weaker LANMAN security"

	depends on CIFS

	help

	  Modern CIFS servers including Samba and most Windows versions

	  (since 1997) support stronger NTLM (and even NTLMv2 and Kerberos)

	  security mechanisms. These hash the password more securely

	  than the mechanisms used in the older LANMAN version of the

          SMB protocol needed to establish sessions with old SMB servers.

	  Enabling this option allows the cifs module to mount to older

	  LANMAN based servers such as OS/2 and Windows 95, but such

	  mounts may be less secure than mounts using NTLM or more recent

	  security mechanisms if you are on a public network.  Unless you

	  have a need to access old SMB servers (and are on a private 

	  network) you probably want to say N.  Even if this support

	  is enabled in the kernel build, they will not be used

	  automatically. At runtime LANMAN mounts are disabled but

	  can be set to required (or optional) either in

	  /proc/fs/cifs (see fs/cifs/README for more detail) or via an

	  option on the mount command. This support is disabled by 

	  default in order to reduce the possibility of a downgrade

	  attack.

	  If unsure, say N.

config CIFS_XATTR

        bool "CIFS extended attributes"

        depends on CIFS

	  (such as Samba 3.10 and later) which can negotiate

	  CIFS POSIX ACL support.  If unsure, say N.

config CIFS_DEBUG2

	bool "Enable additional CIFS debugging routines"

	help

	   Enabling this option adds a few more debugging routines

	   to the cifs code which slightly increases the size of

	   the cifs module and can cause additional logging of debug

	   messages in some error paths, slowing performance. This

	   option can be turned off unless you are debugging

	   cifs problems.  If unsure, say N.

config CIFS_EXPERIMENTAL

	  bool "CIFS Experimental Features (EXPERIMENTAL)"

	  depends on CIFS && EXPERIMENTAL

	    If unsure, say N.

config CIFS_UPCALL

	  bool "CIFS Kerberos/SPNEGO advanced session setup (EXPERIMENTAL)"

	  bool "Kerberos/SPNEGO advanced session setup (EXPERIMENTAL)"

	  depends on CIFS_EXPERIMENTAL

	  select CONNECTOR

	  help

Version 1.44

------------

Rewritten sessionsetup support, including support for legacy SMB

session setup needed for OS/2 and older servers such as Windows 95 and 98.

Fix oops on ls to OS/2 servers.  Add support for level 1 FindFirst

so we can do search (ls etc.) to OS/2.  Do not send NTCreateX

or recent levels of FindFirst unless server says it supports NT SMBs

(instead use legacy equivalents from LANMAN dialect). Fix to allow

NTLMv2 authentication support (now can use stronger password hashing

on mount if corresponding /proc/fs/cifs/SecurityFlags is set (0x4004).

Allow override of global cifs security flags on mount via "sec=" option(s).

Version 1.43

------------

POSIX locking to servers which support CIFS POSIX Extensions

(disabled by default controlled by proc/fs/cifs/Experimental).

Handle conversion of long share names (especially Asian languages)

to Unicode during mount. 

to Unicode during mount. Fix memory leak in sess struct on reconnect.

Fix rare oops after acpi suspend.  Fix O_TRUNC opens to overwrite on

cifs open which helps rare case when setpathinfo fails or server does

not support it. 

Version 1.42

------------

#

obj-$(CONFIG_CIFS) += cifs.o

cifs-objs := cifsfs.o cifssmb.o cifs_debug.o connect.o dir.o file.o inode.o link.o misc.o netmisc.o smbdes.o smbencrypt.o transport.o asn1.o md4.o md5.o cifs_unicode.o nterr.o xattr.o cifsencrypt.o fcntl.o readdir.o ioctl.o ntlmssp.o

cifs-objs := cifsfs.o cifssmb.o cifs_debug.o connect.o dir.o file.o inode.o link.o misc.o netmisc.o smbdes.o smbencrypt.o transport.o asn1.o md4.o md5.o cifs_unicode.o nterr.o xattr.o cifsencrypt.o fcntl.o readdir.o ioctl.o sess.o

		SFU does).  In the future the bottom 9 bits of the mode

		mode also will be emulated using queries of the security

		descriptor (ACL).

 sign           Must use packet signing (helps avoid unwanted data modification

		by intermediate systems in the route).  Note that signing

		does not work with lanman or plaintext authentication.

 sec            Security mode.  Allowed values are:

			none	attempt to connection as a null user (no name)

			krb5    Use Kerberos version 5 authentication

				server requires signing also can be the default) 

			ntlmv2  Use NTLMv2 password hashing      

			ntlmv2i Use NTLMv2 password hashing with packet signing

			lanman  (if configured in kernel config) use older

				lanman hash

The mount.cifs mount helper also accepts a few mount options before -o

including:

			it.  If set to two, cifs packet signing is

			required even if the server considers packet

			signing optional. (default 1)

SecurityFlags		Flags which control security negotiation and

			also packet signing. Authentication (may/must)

			flags (e.g. for NTLM and/or NTLMv2) may be combined with

			the signing flags.  Specifying two different password

			hashing mechanisms (as "must use") on the other hand 

			does not make much sense. Default flags are 

				0x07007 

			(NTLM, NTLMv2 and packet signing allowed).  Maximum 

			allowable flags if you want to allow mounts to servers

			using weaker password hashes is 0x37037 (lanman,

			plaintext, ntlm, ntlmv2, signing allowed):

			may use packet signing 				0x00001

			must use packet signing				0x01001

			may use NTLM (most common password hash)	0x00002

			must use NTLM					0x02002

			may use NTLMv2					0x00004

			must use NTLMv2					0x04004

			may use Kerberos security (not implemented yet) 0x00008

			must use Kerberos (not implemented yet)         0x08008

			may use lanman (weak) password hash  		0x00010

			must use lanman password hash			0x10010

			may use plaintext passwords    			0x00020

			must use plaintext passwords			0x20020

			(reserved for future packet encryption)		0x00040

cifsFYI			If set to one, additional debug information is

			logged to the system error log. (default 0)

ExtendedSecurity	If set to one, SPNEGO session establishment

			is allowed which enables more advanced 

			secure CIFS session establishment (default 0)

NTLMV2Enabled		If set to one, more secure password hashes

			are used when the server supports them and

			when kerberos is not negotiated (default 0)

traceSMB		If set to one, debug information is logged to the

			system error log with the start of smb requests

			and responses (default 0)

	char *charptr = data;

	char buf[10], line[80];

	printk(KERN_DEBUG "%s: dump of %d bytes of data at 0x%p\n\n", 

	printk(KERN_DEBUG "%s: dump of %d bytes of data at 0x%p\n", 

		label, length, data);

	for (i = 0; i < length; i += 16) {

		line[0] = 0;

	}

}

#ifdef CONFIG_CIFS_DEBUG2

void cifs_dump_detail(struct smb_hdr * smb)

{

	cERROR(1,("Cmd: %d Err: 0x%x Flags: 0x%x Flgs2: 0x%x Mid: %d Pid: %d",

		  smb->Command, smb->Status.CifsError,

		  smb->Flags, smb->Flags2, smb->Mid, smb->Pid));

	cERROR(1,("smb buf %p len %d", smb, smbCalcSize_LE(smb)));

}

void cifs_dump_mids(struct TCP_Server_Info * server)

{

	struct list_head *tmp;

	struct mid_q_entry * mid_entry;

	if(server == NULL)

		return;

	cERROR(1,("Dump pending requests:"));

	spin_lock(&GlobalMid_Lock);

	list_for_each(tmp, &server->pending_mid_q) {

		mid_entry = list_entry(tmp, struct mid_q_entry, qhead);

		if(mid_entry) {

			cERROR(1,("State: %d Cmd: %d Pid: %d Tsk: %p Mid %d",

				mid_entry->midState,

				(int)mid_entry->command,

				mid_entry->pid,

				mid_entry->tsk,

				mid_entry->mid));

#ifdef CONFIG_CIFS_STATS2

			cERROR(1,("IsLarge: %d buf: %p time rcv: %ld now: %ld",

				mid_entry->largeBuf,

				mid_entry->resp_buf,

				mid_entry->when_received,

				jiffies));

#endif /* STATS2 */

			cERROR(1,("IsMult: %d IsEnd: %d", mid_entry->multiRsp,

				  mid_entry->multiEnd));

			if(mid_entry->resp_buf) {

				cifs_dump_detail(mid_entry->resp_buf);

				cifs_dump_mem("existing buf: ",

					mid_entry->resp_buf,

					62 /* fixme */);

			}

		}

	}

	spin_unlock(&GlobalMid_Lock);

}

#endif /* CONFIG_CIFS_DEBUG2 */

#ifdef CONFIG_PROC_FS

static int

cifs_debug_data_read(char *buf, char **beginBuffer, off_t offset,

	*beginBuffer = buf + offset;

	length =

	    sprintf(buf,

		    "Display Internal CIFS Data Structures for Debugging\n"

static write_proc_t traceSMB_write;

static read_proc_t multiuser_mount_read;

static write_proc_t multiuser_mount_write;

static read_proc_t extended_security_read;

static write_proc_t extended_security_write;

static read_proc_t ntlmv2_enabled_read;

static read_proc_t security_flags_read;

static write_proc_t security_flags_write;

/* static read_proc_t ntlmv2_enabled_read;

static write_proc_t ntlmv2_enabled_write;

static read_proc_t packet_signing_enabled_read;

static write_proc_t packet_signing_enabled_write;

static write_proc_t packet_signing_enabled_write;*/

static read_proc_t experimEnabled_read;

static write_proc_t experimEnabled_write;

static read_proc_t linuxExtensionsEnabled_read;

		pde->write_proc = multiuser_mount_write;

	pde =

	    create_proc_read_entry("ExtendedSecurity", 0, proc_fs_cifs,

				extended_security_read, NULL);

	    create_proc_read_entry("SecurityFlags", 0, proc_fs_cifs,

				security_flags_read, NULL);

	if (pde)

		pde->write_proc = extended_security_write;

		pde->write_proc = security_flags_write;

	pde =

	create_proc_read_entry("LookupCacheEnabled", 0, proc_fs_cifs,

	if (pde)

		pde->write_proc = lookupFlag_write;

	pde =

/*	pde =

	    create_proc_read_entry("NTLMV2Enabled", 0, proc_fs_cifs,

				ntlmv2_enabled_read, NULL);

	if (pde)

	    create_proc_read_entry("PacketSigningEnabled", 0, proc_fs_cifs,

				packet_signing_enabled_read, NULL);

	if (pde)

		pde->write_proc = packet_signing_enabled_write;

		pde->write_proc = packet_signing_enabled_write;*/

}

void

#endif

	remove_proc_entry("MultiuserMount", proc_fs_cifs);

	remove_proc_entry("OplockEnabled", proc_fs_cifs);

	remove_proc_entry("NTLMV2Enabled",proc_fs_cifs);

	remove_proc_entry("ExtendedSecurity",proc_fs_cifs);

	remove_proc_entry("PacketSigningEnabled",proc_fs_cifs);

/*	remove_proc_entry("NTLMV2Enabled",proc_fs_cifs); */

	remove_proc_entry("SecurityFlags",proc_fs_cifs);

/*	remove_proc_entry("PacketSigningEnabled",proc_fs_cifs); */

	remove_proc_entry("LinuxExtensionsEnabled",proc_fs_cifs);

	remove_proc_entry("Experimental",proc_fs_cifs);

	remove_proc_entry("LookupCacheEnabled",proc_fs_cifs);

}

static int

extended_security_read(char *page, char **start, off_t off,

security_flags_read(char *page, char **start, off_t off,

		       int count, int *eof, void *data)

{

	int len;

	len = sprintf(page, "%d\n", extended_security);

	len = sprintf(page, "0x%x\n", extended_security);

	len -= off;

	*start = page + off;

	return len;

}

static int

extended_security_write(struct file *file, const char __user *buffer,

security_flags_write(struct file *file, const char __user *buffer,

			unsigned long count, void *data)

{

	unsigned int flags;

	char flags_string[12];

	char c;

	int rc;

	rc = get_user(c, buffer);

	if (rc)

		return rc;

	if((count < 1) || (count > 11))

		return -EINVAL;

	memset(flags_string, 0, 12);

	if(copy_from_user(flags_string, buffer, count))

		return -EFAULT;

	if(count < 3) {

		/* single char or single char followed by null */

		c = flags_string[0];

		if (c == '0' || c == 'n' || c == 'N')

		extended_security = 0;

			extended_security = CIFSSEC_DEF; /* default */

		else if (c == '1' || c == 'y' || c == 'Y')

		extended_security = 1;

			extended_security = CIFSSEC_MAX;

		return count;

	}

	/* else we have a number */

	flags = simple_strtoul(flags_string, NULL, 0);

	cFYI(1,("sec flags 0x%x", flags));

	if(flags <= 0)  {

		cERROR(1,("invalid security flags %s",flags_string));

		return -EINVAL;

	}

	if(flags & ~CIFSSEC_MASK) {

		cERROR(1,("attempt to set unsupported security flags 0x%x",

			flags & ~CIFSSEC_MASK));

		return -EINVAL;

	}

	/* flags look ok - update the global security flags for cifs module */

	extended_security = flags;

	return count;

}

static int

/* static int

ntlmv2_enabled_read(char *page, char **start, off_t off,

		       int count, int *eof, void *data)

{

		ntlmv2_support = 0;

	else if (c == '1' || c == 'y' || c == 'Y')

		ntlmv2_support = 1;

	else if (c == '2')

		ntlmv2_support = 2;

	return count;

}

		sign_CIFS_PDUs = 2;

	return count;

}

} */

#endif