Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6

	int (*clone_range)(const unsigned int, struct cifsFileInfo *src_file,

			struct cifsFileInfo *target_file, u64 src_off, u64 len,

			u64 dest_off);

	int (*validate_negotiate)(const unsigned int, struct cifs_tcon *);

};

struct smb_version_values {

#include <linux/mount.h>

#include <linux/mm.h>

#include <linux/pagemap.h>

#include <linux/btrfs.h>

#include "cifspdu.h"

#include "cifsglob.h"

#include "cifsproto.h"

#include "cifs_debug.h"

#include "cifsfs.h"

#define CIFS_IOCTL_MAGIC	0xCF

#define CIFS_IOC_COPYCHUNK_FILE	_IOW(CIFS_IOCTL_MAGIC, 3, int)

static long cifs_ioctl_clone(unsigned int xid, struct file *dst_file,

			unsigned long srcfd, u64 off, u64 len, u64 destoff)

{

				cifs_dbg(FYI, "set compress flag rc %d\n", rc);

			}

			break;

		case BTRFS_IOC_CLONE:

		case CIFS_IOC_COPYCHUNK_FILE:

			rc = cifs_ioctl_clone(xid, filep, arg, 0, 0, 0);

			break;

		default:

	int rc;

	unsigned int ret_data_len;

	struct copychunk_ioctl *pcchunk;

	char *retbuf = NULL;

	struct copychunk_ioctl_rsp *retbuf = NULL;

	struct cifs_tcon *tcon;

	int chunks_copied = 0;

	bool chunk_sizes_updated = false;

	pcchunk = kmalloc(sizeof(struct copychunk_ioctl), GFP_KERNEL);

	/* Note: request_res_key sets res_key null only if rc !=0 */

	if (rc)

		return rc;

		goto cchunk_out;

	/* For now array only one chunk long, will make more flexible later */

	pcchunk->ChunkCount = __constant_cpu_to_le32(1);

	pcchunk->Reserved = 0;

	pcchunk->Reserved2 = 0;

	tcon = tlink_tcon(trgtfile->tlink);

	while (len > 0) {

		pcchunk->SourceOffset = cpu_to_le64(src_off);

		pcchunk->TargetOffset = cpu_to_le64(dest_off);

	pcchunk->Length = cpu_to_le32(len);

	pcchunk->Reserved2 = 0;

		pcchunk->Length =

			cpu_to_le32(min_t(u32, len, tcon->max_bytes_chunk));

	/* Request that server copy to target from src file identified by key */

	rc = SMB2_ioctl(xid, tlink_tcon(trgtfile->tlink),

			trgtfile->fid.persistent_fid,

		/* Request server copy to target from src identified by key */

		rc = SMB2_ioctl(xid, tcon, trgtfile->fid.persistent_fid,

			trgtfile->fid.volatile_fid, FSCTL_SRV_COPYCHUNK_WRITE,

			true /* is_fsctl */, (char *)pcchunk,

			sizeof(struct copychunk_ioctl),	&retbuf, &ret_data_len);

			sizeof(struct copychunk_ioctl),	(char **)&retbuf,

			&ret_data_len);

		if (rc == 0) {

			if (ret_data_len !=

					sizeof(struct copychunk_ioctl_rsp)) {

				cifs_dbg(VFS, "invalid cchunk response size\n");

				rc = -EIO;

				goto cchunk_out;

			}

			if (retbuf->TotalBytesWritten == 0) {

				cifs_dbg(FYI, "no bytes copied\n");

				rc = -EIO;

				goto cchunk_out;

			}

			/*

			 * Check if server claimed to write more than we asked

			 */

			if (le32_to_cpu(retbuf->TotalBytesWritten) >

			    le32_to_cpu(pcchunk->Length)) {

				cifs_dbg(VFS, "invalid copy chunk response\n");

				rc = -EIO;

				goto cchunk_out;

			}

			if (le32_to_cpu(retbuf->ChunksWritten) != 1) {

				cifs_dbg(VFS, "invalid num chunks written\n");

				rc = -EIO;

				goto cchunk_out;

			}

			chunks_copied++;

			src_off += le32_to_cpu(retbuf->TotalBytesWritten);

			dest_off += le32_to_cpu(retbuf->TotalBytesWritten);

			len -= le32_to_cpu(retbuf->TotalBytesWritten);

			cifs_dbg(FYI, "Chunks %d PartialChunk %d Total %d\n",

				le32_to_cpu(retbuf->ChunksWritten),

				le32_to_cpu(retbuf->ChunkBytesWritten),

				le32_to_cpu(retbuf->TotalBytesWritten));

		} else if (rc == -EINVAL) {

			if (ret_data_len != sizeof(struct copychunk_ioctl_rsp))

				goto cchunk_out;

			cifs_dbg(FYI, "MaxChunks %d BytesChunk %d MaxCopy %d\n",

				le32_to_cpu(retbuf->ChunksWritten),

				le32_to_cpu(retbuf->ChunkBytesWritten),

				le32_to_cpu(retbuf->TotalBytesWritten));

			/*

			 * Check if this is the first request using these sizes,

			 * (ie check if copy succeed once with original sizes

			 * and check if the server gave us different sizes after

			 * we already updated max sizes on previous request).

			 * if not then why is the server returning an error now

			 */

			if ((chunks_copied != 0) || chunk_sizes_updated)

				goto cchunk_out;

	/* BB need to special case rc = EINVAL to alter chunk size */

			/* Check that server is not asking us to grow size */

			if (le32_to_cpu(retbuf->ChunkBytesWritten) <

					tcon->max_bytes_chunk)

				tcon->max_bytes_chunk =

					le32_to_cpu(retbuf->ChunkBytesWritten);

			else

				goto cchunk_out; /* server gave us bogus size */

	cifs_dbg(FYI, "rc %d data length out %d\n", rc, ret_data_len);

			/* No need to change MaxChunks since already set to 1 */

			chunk_sizes_updated = true;

		}

	}

cchunk_out:

	kfree(pcchunk);

	return rc;

}

	.create_lease_buf = smb3_create_lease_buf,

	.parse_lease_buf = smb3_parse_lease_buf,

	.clone_range = smb2_clone_range,

	.validate_negotiate = smb3_validate_negotiate,

};

struct smb_version_values smb20_values = {

	return rc;

}

int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *tcon)

{

	int rc = 0;

	struct validate_negotiate_info_req vneg_inbuf;

	struct validate_negotiate_info_rsp *pneg_rsp;

	u32 rsplen;

	cifs_dbg(FYI, "validate negotiate\n");

	/*

	 * validation ioctl must be signed, so no point sending this if we

	 * can not sign it.  We could eventually change this to selectively

	 * sign just this, the first and only signed request on a connection.

	 * This is good enough for now since a user who wants better security

	 * would also enable signing on the mount. Having validation of

	 * negotiate info for signed connections helps reduce attack vectors

	 */

	if (tcon->ses->server->sign == false)

		return 0; /* validation requires signing */

	vneg_inbuf.Capabilities =

			cpu_to_le32(tcon->ses->server->vals->req_capabilities);

	memcpy(vneg_inbuf.Guid, cifs_client_guid, SMB2_CLIENT_GUID_SIZE);

	if (tcon->ses->sign)

		vneg_inbuf.SecurityMode =

			cpu_to_le16(SMB2_NEGOTIATE_SIGNING_REQUIRED);

	else if (global_secflags & CIFSSEC_MAY_SIGN)

		vneg_inbuf.SecurityMode =

			cpu_to_le16(SMB2_NEGOTIATE_SIGNING_ENABLED);

	else

		vneg_inbuf.SecurityMode = 0;

	vneg_inbuf.DialectCount = cpu_to_le16(1);

	vneg_inbuf.Dialects[0] =

		cpu_to_le16(tcon->ses->server->vals->protocol_id);

	rc = SMB2_ioctl(xid, tcon, NO_FILE_ID, NO_FILE_ID,

		FSCTL_VALIDATE_NEGOTIATE_INFO, true /* is_fsctl */,

		(char *)&vneg_inbuf, sizeof(struct validate_negotiate_info_req),

		(char **)&pneg_rsp, &rsplen);

	if (rc != 0) {

		cifs_dbg(VFS, "validate protocol negotiate failed: %d\n", rc);

		return -EIO;

	}

	if (rsplen != sizeof(struct validate_negotiate_info_rsp)) {

		cifs_dbg(VFS, "invalid size of protocol negotiate response\n");

		return -EIO;

	}

	/* check validate negotiate info response matches what we got earlier */

	if (pneg_rsp->Dialect !=

			cpu_to_le16(tcon->ses->server->vals->protocol_id))

		goto vneg_out;

	if (pneg_rsp->SecurityMode != cpu_to_le16(tcon->ses->server->sec_mode))

		goto vneg_out;

	/* do not validate server guid because not saved at negprot time yet */

	if ((le32_to_cpu(pneg_rsp->Capabilities) | SMB2_NT_FIND |

	      SMB2_LARGE_FILES) != tcon->ses->server->capabilities)

		goto vneg_out;

	/* validate negotiate successful */

	cifs_dbg(FYI, "validate negotiate info successful\n");

	return 0;

vneg_out:

	cifs_dbg(VFS, "protocol revalidation - security settings mismatch\n");

	return -EIO;

}

int

SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses,

		const struct nls_table *nls_cp)

	    ((tcon->share_flags & SHI1005_FLAGS_DFS) == 0))

		cifs_dbg(VFS, "DFS capability contradicts DFS flag\n");

	init_copy_chunk_defaults(tcon);

	if (tcon->ses->server->ops->validate_negotiate)

		rc = tcon->ses->server->ops->validate_negotiate(xid, tcon);

tcon_exit:

	free_rsp_buf(resp_buftype, rsp);

	kfree(unc_path);

	rc = SendReceive2(xid, ses, iov, num_iovecs, &resp_buftype, 0);

	rsp = (struct smb2_ioctl_rsp *)iov[0].iov_base;

	if (rc != 0) {

	if ((rc != 0) && (rc != -EINVAL)) {

		if (tcon)

			cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE);

		goto ioctl_exit;

	} else if (rc == -EINVAL) {

		if ((opcode != FSCTL_SRV_COPYCHUNK_WRITE) &&

		    (opcode != FSCTL_SRV_COPYCHUNK)) {

			if (tcon)

				cifs_stats_fail_inc(tcon, SMB2_IOCTL_HE);

			goto ioctl_exit;

		}

	}

	/* check if caller wants to look at return data or just return rc */

	if ((plen == NULL) || (out_data == NULL))

	rc = SendReceive2(xid, ses, iov, num, &resp_buftype, 0);

	rsp = (struct smb2_set_info_rsp *)iov[0].iov_base;

	if (rc != 0) {

	if (rc != 0)

		cifs_stats_fail_inc(tcon, SMB2_SET_INFO_HE);

		goto out;

	}

out:

	free_rsp_buf(resp_buftype, rsp);

	kfree(iov);

	return rc;

	__le32 TotalBytesWritten;

} __packed;

/* Response and Request are the same format */

struct validate_negotiate_info {

struct validate_negotiate_info_req {

	__le32 Capabilities;

	__u8   Guid[SMB2_CLIENT_GUID_SIZE];

	__le16 SecurityMode;

	__le16 DialectCount;

	__le16 Dialect[1];

	__le16 Dialects[1]; /* dialect (someday maybe list) client asked for */

} __packed;

struct validate_negotiate_info_rsp {

	__le32 Capabilities;

	__u8   Guid[SMB2_CLIENT_GUID_SIZE];

	__le16 SecurityMode;

	__le16 Dialect; /* Dialect in use for the connection */

} __packed;

#define RSS_CAPABLE	0x00000001