Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6

int

decode_negTokenInit(unsigned char *security_blob, int length,

		    enum securityEnum *secType)

		    struct TCP_Server_Info *server)

{

	struct asn1_ctx ctx;

	unsigned char *end;

	unsigned char *sequence_end;

	unsigned long *oid = NULL;

	unsigned int cls, con, tag, oidlen, rc;

	bool use_ntlmssp = false;

	bool use_kerberos = false;

	bool use_kerberosu2u = false;

	bool use_mskerberos = false;

	/* cifs_dump_mem(" Received SecBlob ", security_blob, length); */

	/* GSSAPI header */

	if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {

		cFYI(1, ("Error decoding negTokenInit header"));

		cFYI(1, "Error decoding negTokenInit header");

		return 0;

	} else if ((cls != ASN1_APL) || (con != ASN1_CON)

		   || (tag != ASN1_EOC)) {

		cFYI(1, ("cls = %d con = %d tag = %d", cls, con, tag));

		cFYI(1, "cls = %d con = %d tag = %d", cls, con, tag);

		return 0;

	}

	/* SPNEGO OID not present or garbled -- bail out */

	if (!rc) {

		cFYI(1, ("Error decoding negTokenInit header"));

		cFYI(1, "Error decoding negTokenInit header");

		return 0;

	}

	/* SPNEGO */

	if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {

		cFYI(1, ("Error decoding negTokenInit"));

		cFYI(1, "Error decoding negTokenInit");

		return 0;

	} else if ((cls != ASN1_CTX) || (con != ASN1_CON)

		   || (tag != ASN1_EOC)) {

		cFYI(1,

		     ("cls = %d con = %d tag = %d end = %p (%d) exit 0",

		      cls, con, tag, end, *end));

		cFYI(1, "cls = %d con = %d tag = %d end = %p (%d) exit 0",

		     cls, con, tag, end, *end);

		return 0;

	}

	/* negTokenInit */

	if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {

		cFYI(1, ("Error decoding negTokenInit"));

		cFYI(1, "Error decoding negTokenInit");

		return 0;

	} else if ((cls != ASN1_UNI) || (con != ASN1_CON)

		   || (tag != ASN1_SEQ)) {

		cFYI(1,

		     ("cls = %d con = %d tag = %d end = %p (%d) exit 1",

		      cls, con, tag, end, *end));

		cFYI(1, "cls = %d con = %d tag = %d end = %p (%d) exit 1",

		     cls, con, tag, end, *end);

		return 0;

	}

	/* sequence */

	if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {

		cFYI(1, ("Error decoding 2nd part of negTokenInit"));

		cFYI(1, "Error decoding 2nd part of negTokenInit");

		return 0;

	} else if ((cls != ASN1_CTX) || (con != ASN1_CON)

		   || (tag != ASN1_EOC)) {

		cFYI(1,

		     ("cls = %d con = %d tag = %d end = %p (%d) exit 0",

		      cls, con, tag, end, *end));

		cFYI(1, "cls = %d con = %d tag = %d end = %p (%d) exit 0",

		     cls, con, tag, end, *end);

		return 0;

	}

	/* sequence of */

	if (asn1_header_decode

	    (&ctx, &sequence_end, &cls, &con, &tag) == 0) {

		cFYI(1, ("Error decoding 2nd part of negTokenInit"));

		cFYI(1, "Error decoding 2nd part of negTokenInit");

		return 0;

	} else if ((cls != ASN1_UNI) || (con != ASN1_CON)

		   || (tag != ASN1_SEQ)) {

		cFYI(1,

		     ("cls = %d con = %d tag = %d end = %p (%d) exit 1",

		      cls, con, tag, end, *end));

		cFYI(1, "cls = %d con = %d tag = %d end = %p (%d) exit 1",

		     cls, con, tag, end, *end);

		return 0;

	}

	while (!asn1_eoc_decode(&ctx, sequence_end)) {

		rc = asn1_header_decode(&ctx, &end, &cls, &con, &tag);

		if (!rc) {

			cFYI(1,

			     ("Error decoding negTokenInit hdr exit2"));

			cFYI(1, "Error decoding negTokenInit hdr exit2");

			return 0;

		}

		if ((tag == ASN1_OJI) && (con == ASN1_PRI)) {

			if (asn1_oid_decode(&ctx, end, &oid, &oidlen)) {

				cFYI(1, ("OID len = %d oid = 0x%lx 0x%lx "

				cFYI(1, "OID len = %d oid = 0x%lx 0x%lx "

					"0x%lx 0x%lx", oidlen, *oid,

					 *(oid + 1), *(oid + 2), *(oid + 3)));

					*(oid + 1), *(oid + 2), *(oid + 3));

				if (compare_oid(oid, oidlen, MSKRB5_OID,

						MSKRB5_OID_LEN) &&

						!use_mskerberos)

					use_mskerberos = true;

						MSKRB5_OID_LEN))

					server->sec_mskerberos = true;

				else if (compare_oid(oid, oidlen, KRB5U2U_OID,

						     KRB5U2U_OID_LEN) &&

						     !use_kerberosu2u)

					use_kerberosu2u = true;

						     KRB5U2U_OID_LEN))

					server->sec_kerberosu2u = true;

				else if (compare_oid(oid, oidlen, KRB5_OID,

						     KRB5_OID_LEN) &&

						     !use_kerberos)

					use_kerberos = true;

						     KRB5_OID_LEN))

					server->sec_kerberos = true;

				else if (compare_oid(oid, oidlen, NTLMSSP_OID,

						     NTLMSSP_OID_LEN))

					use_ntlmssp = true;

					server->sec_ntlmssp = true;

				kfree(oid);

			}

		} else {

			cFYI(1, ("Should be an oid what is going on?"));

			cFYI(1, "Should be an oid what is going on?");

		}

	}

		   no mechListMic (e.g. NTLMSSP instead of KRB5) */

		if (ctx.error == ASN1_ERR_DEC_EMPTY)

			goto decode_negtoken_exit;

		cFYI(1, ("Error decoding last part negTokenInit exit3"));

		cFYI(1, "Error decoding last part negTokenInit exit3");

		return 0;

	} else if ((cls != ASN1_CTX) || (con != ASN1_CON)) {

		/* tag = 3 indicating mechListMIC */

		cFYI(1, ("Exit 4 cls = %d con = %d tag = %d end = %p (%d)",

			 cls, con, tag, end, *end));

		cFYI(1, "Exit 4 cls = %d con = %d tag = %d end = %p (%d)",

			cls, con, tag, end, *end);

		return 0;

	}

	/* sequence */

	if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {

		cFYI(1, ("Error decoding last part negTokenInit exit5"));

		cFYI(1, "Error decoding last part negTokenInit exit5");

		return 0;

	} else if ((cls != ASN1_UNI) || (con != ASN1_CON)

		   || (tag != ASN1_SEQ)) {

		cFYI(1, ("cls = %d con = %d tag = %d end = %p (%d)",

			cls, con, tag, end, *end));

		cFYI(1, "cls = %d con = %d tag = %d end = %p (%d)",

			cls, con, tag, end, *end);

	}

	/* sequence of */

	if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {

		cFYI(1, ("Error decoding last part negTokenInit exit 7"));

		cFYI(1, "Error decoding last part negTokenInit exit 7");

		return 0;

	} else if ((cls != ASN1_CTX) || (con != ASN1_CON)) {

		cFYI(1, ("Exit 8 cls = %d con = %d tag = %d end = %p (%d)",

			 cls, con, tag, end, *end));

		cFYI(1, "Exit 8 cls = %d con = %d tag = %d end = %p (%d)",

			cls, con, tag, end, *end);

		return 0;

	}

	/* general string */

	if (asn1_header_decode(&ctx, &end, &cls, &con, &tag) == 0) {

		cFYI(1, ("Error decoding last part negTokenInit exit9"));

		cFYI(1, "Error decoding last part negTokenInit exit9");

		return 0;

	} else if ((cls != ASN1_UNI) || (con != ASN1_PRI)

		   || (tag != ASN1_GENSTR)) {

		cFYI(1, ("Exit10 cls = %d con = %d tag = %d end = %p (%d)",

			 cls, con, tag, end, *end));

		cFYI(1, "Exit10 cls = %d con = %d tag = %d end = %p (%d)",

			cls, con, tag, end, *end);

		return 0;

	}

	cFYI(1, ("Need to call asn1_octets_decode() function for %s",

		 ctx.pointer));	/* is this UTF-8 or ASCII? */

	cFYI(1, "Need to call asn1_octets_decode() function for %s",

		ctx.pointer);	/* is this UTF-8 or ASCII? */

decode_negtoken_exit:

	if (use_kerberos)

		*secType = Kerberos;

	else if (use_mskerberos)

		*secType = MSKerberos;

	else if (use_ntlmssp)

		*secType = RawNTLMSSP;

	return 1;

}

#ifdef CONFIG_CIFS_DEBUG2

void cifs_dump_detail(struct smb_hdr *smb)

{

	cERROR(1, ("Cmd: %d Err: 0x%x Flags: 0x%x Flgs2: 0x%x Mid: %d Pid: %d",

	cERROR(1, "Cmd: %d Err: 0x%x Flags: 0x%x Flgs2: 0x%x Mid: %d Pid: %d",

		  smb->Command, smb->Status.CifsError,

		  smb->Flags, smb->Flags2, smb->Mid, smb->Pid));

	cERROR(1, ("smb buf %p len %d", smb, smbCalcSize_LE(smb)));

		  smb->Flags, smb->Flags2, smb->Mid, smb->Pid);

	cERROR(1, "smb buf %p len %d", smb, smbCalcSize_LE(smb));

}

	if (server == NULL)

		return;

	cERROR(1, ("Dump pending requests:"));

	cERROR(1, "Dump pending requests:");

	spin_lock(&GlobalMid_Lock);

	list_for_each(tmp, &server->pending_mid_q) {

		mid_entry = list_entry(tmp, struct mid_q_entry, qhead);

		cERROR(1, ("State: %d Cmd: %d Pid: %d Tsk: %p Mid %d",

		cERROR(1, "State: %d Cmd: %d Pid: %d Tsk: %p Mid %d",

			mid_entry->midState,

			(int)mid_entry->command,

			mid_entry->pid,

			mid_entry->tsk,

			mid_entry->mid));

			mid_entry->mid);

#ifdef CONFIG_CIFS_STATS2

		cERROR(1, ("IsLarge: %d buf: %p time rcv: %ld now: %ld",

		cERROR(1, "IsLarge: %d buf: %p time rcv: %ld now: %ld",

			mid_entry->largeBuf,

			mid_entry->resp_buf,

			mid_entry->when_received,

			jiffies));

			jiffies);

#endif /* STATS2 */

		cERROR(1, ("IsMult: %d IsEnd: %d", mid_entry->multiRsp,

			  mid_entry->multiEnd));

		cERROR(1, "IsMult: %d IsEnd: %d", mid_entry->multiRsp,

			  mid_entry->multiEnd);

		if (mid_entry->resp_buf) {

			cifs_dump_detail(mid_entry->resp_buf);

			cifs_dump_mem("existing buf: ",

static int cifs_security_flags_proc_show(struct seq_file *m, void *v)

{

	seq_printf(m, "0x%x\n", extended_security);

	seq_printf(m, "0x%x\n", global_secflags);

	return 0;

}

		/* single char or single char followed by null */

		c = flags_string[0];

		if (c == '0' || c == 'n' || c == 'N') {

			extended_security = CIFSSEC_DEF; /* default */

			global_secflags = CIFSSEC_DEF; /* default */

			return count;

		} else if (c == '1' || c == 'y' || c == 'Y') {

			extended_security = CIFSSEC_MAX;

			global_secflags = CIFSSEC_MAX;

			return count;

		} else if (!isdigit(c)) {

			cERROR(1, ("invalid flag %c", c));

			cERROR(1, "invalid flag %c", c);

			return -EINVAL;

		}

	}

	flags = simple_strtoul(flags_string, NULL, 0);

	cFYI(1, ("sec flags 0x%x", flags));

	cFYI(1, "sec flags 0x%x", flags);

	if (flags <= 0)  {

		cERROR(1, ("invalid security flags %s", flags_string));

		cERROR(1, "invalid security flags %s", flags_string);

		return -EINVAL;

	}

	if (flags & ~CIFSSEC_MASK) {

		cERROR(1, ("attempt to set unsupported security flags 0x%x",

			flags & ~CIFSSEC_MASK));

		cERROR(1, "attempt to set unsupported security flags 0x%x",

			flags & ~CIFSSEC_MASK);

		return -EINVAL;

	}

	/* flags look ok - update the global security flags for cifs module */

	extended_security = flags;

	if (extended_security & CIFSSEC_MUST_SIGN) {

	global_secflags = flags;

	if (global_secflags & CIFSSEC_MUST_SIGN) {

		/* requiring signing implies signing is allowed */

		extended_security |= CIFSSEC_MAY_SIGN;

		cFYI(1, ("packet signing now required"));

	} else if ((extended_security & CIFSSEC_MAY_SIGN) == 0) {

		cFYI(1, ("packet signing disabled"));

		global_secflags |= CIFSSEC_MAY_SIGN;

		cFYI(1, "packet signing now required");

	} else if ((global_secflags & CIFSSEC_MAY_SIGN) == 0) {

		cFYI(1, "packet signing disabled");

	}

	/* BB should we turn on MAY flags for other MUST options? */

	return count;

 */

#ifdef CIFS_DEBUG

/* information message: e.g., configuration, major event */

extern int cifsFYI;

#define cifsfyi(format,arg...) if (cifsFYI & CIFS_INFO) printk(KERN_DEBUG " " __FILE__ ": " format "\n" "" , ## arg)

#define cifsfyi(fmt, arg...)						\

do {									\

	if (cifsFYI & CIFS_INFO)					\

		printk(KERN_DEBUG "%s: " fmt "\n", __FILE__, ##arg);	\

} while (0)

#define cFYI(button,prspec) if (button) cifsfyi prspec

#define cFYI(set, fmt, arg...)			\

do {						\

	if (set)				\

		cifsfyi(fmt, ##arg);		\

} while (0)

#define cifswarn(format, arg...) printk(KERN_WARNING ": " format "\n" , ## arg)

#define cifswarn(fmt, arg...)			\

	printk(KERN_WARNING fmt "\n", ##arg)

/* debug event message: */

extern int cifsERROR;

#define cEVENT(format,arg...) if (cifsERROR) printk(KERN_EVENT __FILE__ ": " format "\n" , ## arg)

#define cEVENT(fmt, arg...)						\

do {									\

	if (cifsERROR)							\

		printk(KERN_EVENT "%s: " fmt "\n", __FILE__, ##arg);	\

} while (0)

/* error event message: e.g., i/o error */

#define cifserror(format,arg...) if (cifsERROR) printk(KERN_ERR " CIFS VFS: " format "\n" "" , ## arg)

#define cifserror(fmt, arg...)					\

do {								\

	if (cifsERROR)						\

		printk(KERN_ERR "CIFS VFS: " fmt "\n", ##arg);	\

} while (0)

#define cERROR(button, prspec) if (button) cifserror prspec

#define cERROR(set, fmt, arg...)		\

do {						\

	if (set)				\

		cifserror(fmt, ##arg);		\

} while (0)

/*

 *	debug OFF

 *	---------

 */

#else		/* _CIFS_DEBUG */

#define cERROR(button, prspec)

#define cEVENT(format, arg...)

#define cFYI(button, prspec)

#define cifserror(format, arg...)

#define cERROR(set, fmt, arg...)

#define cEVENT(fmt, arg...)

#define cFYI(set, fmt, arg...)

#define cifserror(fmt, arg...)

#endif		/* _CIFS_DEBUG */

#endif				/* _H_CIFS_DEBUG */

	/* find server name end */

	pSep = memchr(UNC+2, '\\', len-2);

	if (!pSep) {

		cERROR(1, ("%s: no server name end in node name: %s",

			__func__, node_name));

		cERROR(1, "%s: no server name end in node name: %s",

			__func__, node_name);

		kfree(UNC);

		return ERR_PTR(-EINVAL);

	}

	rc = dns_resolve_server_name_to_ip(*devname, &srvIP);

	if (rc != 0) {

		cERROR(1, ("%s: Failed to resolve server part of %s to IP: %d",

			  __func__, *devname, rc));

		cERROR(1, "%s: Failed to resolve server part of %s to IP: %d",

			  __func__, *devname, rc);

		goto compose_mount_options_err;

	}

	/* md_len = strlen(...) + 12 for 'sep+prefixpath='

		strcat(mountdata, fullpath + ref->path_consumed);

	}

	/*cFYI(1,("%s: parent mountdata: %s", __func__,sb_mountdata));*/

	/*cFYI(1, ("%s: submount mountdata: %s", __func__, mountdata ));*/

	/*cFYI(1, "%s: parent mountdata: %s", __func__,sb_mountdata);*/

	/*cFYI(1, "%s: submount mountdata: %s", __func__, mountdata );*/

compose_mount_options_out:

	kfree(srvIP);

static void dump_referral(const struct dfs_info3_param *ref)

{

	cFYI(1, ("DFS: ref path: %s", ref->path_name));

	cFYI(1, ("DFS: node path: %s", ref->node_name));

	cFYI(1, ("DFS: fl: %hd, srv_type: %hd", ref->flags, ref->server_type));

	cFYI(1, ("DFS: ref_flags: %hd, path_consumed: %hd", ref->ref_flag,

				ref->path_consumed));

	cFYI(1, "DFS: ref path: %s", ref->path_name);

	cFYI(1, "DFS: node path: %s", ref->node_name);

	cFYI(1, "DFS: fl: %hd, srv_type: %hd", ref->flags, ref->server_type);

	cFYI(1, "DFS: ref_flags: %hd, path_consumed: %hd", ref->ref_flag,

				ref->path_consumed);

}

	int rc = 0;

	struct vfsmount *mnt = ERR_PTR(-ENOENT);

	cFYI(1, ("in %s", __func__));

	cFYI(1, "in %s", __func__);

	BUG_ON(IS_ROOT(dentry));

	xid = GetXid();

		/* connect to a node */

		len = strlen(referrals[i].node_name);

		if (len < 2) {

			cERROR(1, ("%s: Net Address path too short: %s",

					__func__, referrals[i].node_name));

			cERROR(1, "%s: Net Address path too short: %s",

					__func__, referrals[i].node_name);

			rc = -EINVAL;

			goto out_err;

		}

		mnt = cifs_dfs_do_refmount(nd->path.mnt,

				nd->path.dentry, referrals + i);

		cFYI(1, ("%s: cifs_dfs_do_refmount:%s , mnt:%p", __func__,

					referrals[i].node_name, mnt));

		cFYI(1, "%s: cifs_dfs_do_refmount:%s , mnt:%p", __func__,

					referrals[i].node_name, mnt);

		/* complete mount procedure if we accured submount */

		if (!IS_ERR(mnt))

	FreeXid(xid);

	free_dfs_info_array(referrals, num_referrals);

	kfree(full_path);

	cFYI(1, ("leaving %s" , __func__));

	cFYI(1, "leaving %s" , __func__);

	return ERR_PTR(rc);

out_err:

	path_put(&nd->path);

	dp = description + strlen(description);

	/* for now, only sec=krb5 and sec=mskrb5 are valid */

	if (server->secType == Kerberos)

	if (server->sec_kerberos)

		sprintf(dp, ";sec=krb5");

	else if (server->secType == MSKerberos)

	else if (server->sec_mskerberos)

		sprintf(dp, ";sec=mskrb5");

	else

		goto out;

	dp = description + strlen(description);

	sprintf(dp, ";pid=0x%x", current->pid);

	cFYI(1, ("key description = %s", description));

	cFYI(1, "key description = %s", description);

	spnego_key = request_key(&cifs_spnego_key_type, description, "");

#ifdef CONFIG_CIFS_DEBUG2