/*
   *   fs/cifs/cifssmb.c
   *

   *   Copyright (C) International Business Machines  Corp., 2002,2010

   *   Author(s): Steve French (sfrench@us.ibm.com)
   *
   *   Contains the routines for constructing the SMB PDUs themselves
   *
   *   This library is free software; you can redistribute it and/or modify
   *   it under the terms of the GNU Lesser General Public License as published
   *   by the Free Software Foundation; either version 2.1 of the License, or
   *   (at your option) any later version.
   *
   *   This library is distributed in the hope that it will be useful,
   *   but WITHOUT ANY WARRANTY; without even the implied warranty of
   *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
   *   the GNU Lesser General Public License for more details.
   *
   *   You should have received a copy of the GNU Lesser General Public License
   *   along with this library; if not, write to the Free Software
   *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
   */
  
   /* SMB/CIFS PDU handling routines here - except for leftovers in connect.c   */
   /* These are mostly routines that operate on a pathname, or on a tree id     */
   /* (mounted volume), but there are eight handle based routines which must be */

   /* treated slightly differently for reconnection purposes since we never     */
   /* want to reuse a stale file handle and only the caller knows the file info */

  
  #include <linux/fs.h>
  #include <linux/kernel.h>
  #include <linux/vfs.h>

  #include <linux/slab.h>

  #include <linux/posix_acl_xattr.h>

  #include <linux/pagemap.h>

  #include <linux/swap.h>
  #include <linux/task_io_accounting_ops.h>

  #include <asm/uaccess.h>
  #include "cifspdu.h"
  #include "cifsglob.h"

  #include "cifsacl.h"

  #include "cifsproto.h"
  #include "cifs_unicode.h"
  #include "cifs_debug.h"

  #include "fscache.h"

  
  #ifdef CONFIG_CIFS_POSIX
  static struct {
  	int index;
  	char *name;
  } protocols[] = {

  #ifdef CONFIG_CIFS_WEAK_PW_HASH
  	{LANMAN_PROT, "\2LM1.2X002"},

  	{LANMAN2_PROT, "\2LANMAN2.1"},

  #endif /* weak password hashing for legacy clients */

  	{CIFS_PROT, "\2NT LM 0.12"},

  	{POSIX_PROT, "\2POSIX 2"},

  	{BAD_PROT, "\2"}
  };
  #else
  static struct {
  	int index;
  	char *name;
  } protocols[] = {

  #ifdef CONFIG_CIFS_WEAK_PW_HASH
  	{LANMAN_PROT, "\2LM1.2X002"},

  	{LANMAN2_PROT, "\2LANMAN2.1"},

  #endif /* weak password hashing for legacy clients */

  	{CIFS_PROT, "\2NT LM 0.12"},

  	{BAD_PROT, "\2"}
  };
  #endif

  /* define the number of elements in the cifs dialect array */
  #ifdef CONFIG_CIFS_POSIX
  #ifdef CONFIG_CIFS_WEAK_PW_HASH

  #define CIFS_NUM_PROT 4

  #else
  #define CIFS_NUM_PROT 2
  #endif /* CIFS_WEAK_PW_HASH */
  #else /* not posix */
  #ifdef CONFIG_CIFS_WEAK_PW_HASH

  #define CIFS_NUM_PROT 3

  #else
  #define CIFS_NUM_PROT 1
  #endif /* CONFIG_CIFS_WEAK_PW_HASH */
  #endif /* CIFS_POSIX */

  /*
   * Mark as invalid, all open files on tree connections since they
   * were closed when session to server was lost.
   */
  void
  cifs_mark_open_files_invalid(struct cifs_tcon *tcon)

  {
  	struct cifsFileInfo *open_file = NULL;

  	struct list_head *tmp;
  	struct list_head *tmp1;

  	/* list all files open on tree connection and mark them invalid */

  	spin_lock(&cifs_file_list_lock);

  	list_for_each_safe(tmp, tmp1, &tcon->openFileList) {

  		open_file = list_entry(tmp, struct cifsFileInfo, tlist);

  		open_file->invalidHandle = true;

  		open_file->oplock_break_cancelled = true;

  	}

  	spin_unlock(&cifs_file_list_lock);

  	/*
  	 * BB Add call to invalidate_inodes(sb) for all superblocks mounted
  	 * to this tcon.
  	 */

  }

  /* reconnect the socket, tcon, and smb session if needed */
  static int

  cifs_reconnect_tcon(struct cifs_tcon *tcon, int smb_command)

  {

  	int rc;

  	struct cifs_ses *ses;

  	struct TCP_Server_Info *server;
  	struct nls_table *nls_codepage;
  
  	/*
  	 * SMBs NegProt, SessSetup, uLogoff do not have tcon yet so check for
  	 * tcp and smb session status done differently for those three - in the
  	 * calling routine
  	 */
  	if (!tcon)
  		return 0;
  
  	ses = tcon->ses;
  	server = ses->server;
  
  	/*
  	 * only tree disconnect, open, and write, (and ulogoff which does not
  	 * have tcon) are allowed as we start force umount
  	 */
  	if (tcon->tidStatus == CifsExiting) {
  		if (smb_command != SMB_COM_WRITE_ANDX &&
  		    smb_command != SMB_COM_OPEN_ANDX &&
  		    smb_command != SMB_COM_TREE_DISCONNECT) {

  			cifs_dbg(FYI, "can not send cmd %d while umounting
  ",
  				 smb_command);

  			return -ENODEV;
  		}
  	}

  	/*
  	 * Give demultiplex thread up to 10 seconds to reconnect, should be
  	 * greater than cifs socket timeout which is 7 seconds
  	 */
  	while (server->tcpStatus == CifsNeedReconnect) {
  		wait_event_interruptible_timeout(server->response_q,

  			(server->tcpStatus != CifsNeedReconnect), 10 * HZ);

  		/* are we still trying to reconnect? */

  		if (server->tcpStatus != CifsNeedReconnect)
  			break;
  
  		/*
  		 * on "soft" mounts we wait once. Hard mounts keep
  		 * retrying until process is killed or server comes
  		 * back on-line
  		 */

  		if (!tcon->retry) {

  			cifs_dbg(FYI, "gave up waiting on reconnect in smb_init
  ");

  			return -EHOSTDOWN;
  		}
  	}
  
  	if (!ses->need_reconnect && !tcon->need_reconnect)
  		return 0;
  
  	nls_codepage = load_nls_default();
  
  	/*
  	 * need to prevent multiple threads trying to simultaneously
  	 * reconnect the same SMB session
  	 */

  	mutex_lock(&ses->session_mutex);

  	rc = cifs_negotiate_protocol(0, ses);
  	if (rc == 0 && ses->need_reconnect)

  		rc = cifs_setup_session(0, ses, nls_codepage);
  
  	/* do we need to reconnect tcon? */
  	if (rc || !tcon->need_reconnect) {

  		mutex_unlock(&ses->session_mutex);

  		goto out;
  	}

  	cifs_mark_open_files_invalid(tcon);

  	rc = CIFSTCon(0, ses, tcon->treeName, tcon, nls_codepage);

  	mutex_unlock(&ses->session_mutex);

  	cifs_dbg(FYI, "reconnect tcon rc = %d
  ", rc);

  
  	if (rc)
  		goto out;

  	atomic_inc(&tconInfoReconnectCount);
  
  	/* tell server Unix caps we support */
  	if (ses->capabilities & CAP_UNIX)
  		reset_cifs_unix_caps(0, tcon, NULL, NULL);
  
  	/*
  	 * Removed call to reopen open files here. It is safer (and faster) to
  	 * reopen files one at a time as needed in read and write.
  	 *
  	 * FIXME: what about file locks? don't we need to reclaim them ASAP?
  	 */
  
  out:
  	/*
  	 * Check if handle based operation so we know whether we can continue
  	 * or not without returning to caller to reset file handle
  	 */
  	switch (smb_command) {
  	case SMB_COM_READ_ANDX:
  	case SMB_COM_WRITE_ANDX:
  	case SMB_COM_CLOSE:
  	case SMB_COM_FIND_CLOSE2:
  	case SMB_COM_LOCKING_ANDX:
  		rc = -EAGAIN;
  	}
  
  	unload_nls(nls_codepage);
  	return rc;
  }

  /* Allocate and return pointer to an SMB request buffer, and set basic
     SMB information in the SMB header.  If the return code is zero, this
     function must have filled in request_buf pointer */

  static int

  small_smb_init(int smb_command, int wct, struct cifs_tcon *tcon,

  		void **request_buf)

  {

  	int rc;

  	rc = cifs_reconnect_tcon(tcon, smb_command);

  	if (rc)

  		return rc;
  
  	*request_buf = cifs_small_buf_get();
  	if (*request_buf == NULL) {
  		/* BB should we add a retry in here if not a writepage? */
  		return -ENOMEM;
  	}

  	header_assemble((struct smb_hdr *) *request_buf, smb_command,

  			tcon, wct);

  	if (tcon != NULL)
  		cifs_stats_inc(&tcon->num_smbs_sent);

  	return 0;

  }

  int

  small_smb_init_no_tc(const int smb_command, const int wct,

  		     struct cifs_ses *ses, void **request_buf)

  {
  	int rc;

  	struct smb_hdr *buffer;

  	rc = small_smb_init(smb_command, wct, NULL, request_buf);

  	if (rc)

  		return rc;

  	buffer = (struct smb_hdr *)*request_buf;

  	buffer->Mid = get_next_mid(ses->server);

  	if (ses->capabilities & CAP_UNICODE)
  		buffer->Flags2 |= SMBFLG2_UNICODE;

  	if (ses->capabilities & CAP_STATUS32)

  		buffer->Flags2 |= SMBFLG2_ERR_STATUS;
  
  	/* uid, tid can stay at zero as set in header assemble */

  	/* BB add support for turning on the signing when

  	this function is used after 1st of session setup requests */
  
  	return rc;
  }

  
  /* If the return code is zero, this function must fill in request_buf pointer */
  static int

  __smb_init(int smb_command, int wct, struct cifs_tcon *tcon,

  			void **request_buf, void **response_buf)

  {

  	*request_buf = cifs_buf_get();
  	if (*request_buf == NULL) {
  		/* BB should we add a retry in here if not a writepage? */
  		return -ENOMEM;
  	}
      /* Although the original thought was we needed the response buf for  */
      /* potential retries of smb operations it turns out we can determine */
      /* from the mid flags when the request buffer can be resent without  */
      /* having to use a second distinct buffer for the response */

  	if (response_buf)

  		*response_buf = *request_buf;

  
  	header_assemble((struct smb_hdr *) *request_buf, smb_command, tcon,

  			wct);

  	if (tcon != NULL)
  		cifs_stats_inc(&tcon->num_smbs_sent);

  	return 0;
  }
  
  /* If the return code is zero, this function must fill in request_buf pointer */
  static int

  smb_init(int smb_command, int wct, struct cifs_tcon *tcon,

  	 void **request_buf, void **response_buf)
  {
  	int rc;
  
  	rc = cifs_reconnect_tcon(tcon, smb_command);
  	if (rc)
  		return rc;
  
  	return __smb_init(smb_command, wct, tcon, request_buf, response_buf);
  }
  
  static int

  smb_init_no_reconnect(int smb_command, int wct, struct cifs_tcon *tcon,

  			void **request_buf, void **response_buf)
  {
  	if (tcon->ses->need_reconnect || tcon->need_reconnect)
  		return -EHOSTDOWN;
  
  	return __smb_init(smb_command, wct, tcon, request_buf, response_buf);

  }

  static int validate_t2(struct smb_t2_rsp *pSMB)

  {

  	unsigned int total_size;
  
  	/* check for plausible wct */
  	if (pSMB->hdr.WordCount < 10)
  		goto vt2_err;

  	/* check for parm and data offset going beyond end of smb */

  	if (get_unaligned_le16(&pSMB->t2_rsp.ParameterOffset) > 1024 ||
  	    get_unaligned_le16(&pSMB->t2_rsp.DataOffset) > 1024)
  		goto vt2_err;

  	total_size = get_unaligned_le16(&pSMB->t2_rsp.ParameterCount);
  	if (total_size >= 512)
  		goto vt2_err;

  	/* check that bcc is at least as big as parms + data, and that it is
  	 * less than negotiated smb buffer
  	 */

  	total_size += get_unaligned_le16(&pSMB->t2_rsp.DataCount);
  	if (total_size > get_bcc(&pSMB->hdr) ||
  	    total_size >= CIFSMaxBufSize + MAX_CIFS_HDR_SIZE)
  		goto vt2_err;
  
  	return 0;
  vt2_err:

  	cifs_dump_mem("Invalid transact2 SMB: ", (char *)pSMB,

  		sizeof(struct smb_t2_rsp) + 16);

  	return -EINVAL;

  }

  static int

  decode_ext_sec_blob(struct cifs_ses *ses, NEGOTIATE_RSP *pSMBr)

  {
  	int	rc = 0;
  	u16	count;
  	char	*guid = pSMBr->u.extended_response.GUID;

  	struct TCP_Server_Info *server = ses->server;

  
  	count = get_bcc(&pSMBr->hdr);
  	if (count < SMB1_CLIENT_GUID_SIZE)
  		return -EIO;
  
  	spin_lock(&cifs_tcp_ses_lock);
  	if (server->srv_count > 1) {
  		spin_unlock(&cifs_tcp_ses_lock);
  		if (memcmp(server->server_GUID, guid, SMB1_CLIENT_GUID_SIZE) != 0) {
  			cifs_dbg(FYI, "server UID changed
  ");
  			memcpy(server->server_GUID, guid, SMB1_CLIENT_GUID_SIZE);
  		}
  	} else {
  		spin_unlock(&cifs_tcp_ses_lock);
  		memcpy(server->server_GUID, guid, SMB1_CLIENT_GUID_SIZE);
  	}
  
  	if (count == SMB1_CLIENT_GUID_SIZE) {

  		server->sec_ntlmssp = true;

  	} else {
  		count -= SMB1_CLIENT_GUID_SIZE;
  		rc = decode_negTokenInit(
  			pSMBr->u.extended_response.SecurityBlob, count, server);
  		if (rc != 1)
  			return -EINVAL;

  	}
  
  	return 0;
  }

  int

  cifs_enable_signing(struct TCP_Server_Info *server, bool mnt_sign_required)

  {

  	bool srv_sign_required = server->sec_mode & server->vals->signing_required;
  	bool srv_sign_enabled = server->sec_mode & server->vals->signing_enabled;

  	bool mnt_sign_enabled = global_secflags & CIFSSEC_MAY_SIGN;
  
  	/*
  	 * Is signing required by mnt options? If not then check
  	 * global_secflags to see if it is there.
  	 */
  	if (!mnt_sign_required)
  		mnt_sign_required = ((global_secflags & CIFSSEC_MUST_SIGN) ==
  						CIFSSEC_MUST_SIGN);
  
  	/*
  	 * If signing is required then it's automatically enabled too,
  	 * otherwise, check to see if the secflags allow it.
  	 */
  	mnt_sign_enabled = mnt_sign_required ? mnt_sign_required :
  				(global_secflags & CIFSSEC_MAY_SIGN);
  
  	/* If server requires signing, does client allow it? */
  	if (srv_sign_required) {
  		if (!mnt_sign_enabled) {
  			cifs_dbg(VFS, "Server requires signing, but it's disabled in SecurityFlags!");
  			return -ENOTSUPP;

  		}

  		server->sign = true;
  	}
  
  	/* If client requires signing, does server allow it? */
  	if (mnt_sign_required) {
  		if (!srv_sign_enabled) {
  			cifs_dbg(VFS, "Server does not support signing!");
  			return -ENOTSUPP;
  		}
  		server->sign = true;

  	}
  
  	return 0;
  }

  #ifdef CONFIG_CIFS_WEAK_PW_HASH
  static int

  decode_lanman_negprot_rsp(struct TCP_Server_Info *server, NEGOTIATE_RSP *pSMBr)

  {
  	__s16 tmp;
  	struct lanman_neg_rsp *rsp = (struct lanman_neg_rsp *)pSMBr;
  
  	if (server->dialect != LANMAN_PROT && server->dialect != LANMAN2_PROT)
  		return -EOPNOTSUPP;

  	server->sec_mode = le16_to_cpu(rsp->SecurityMode);
  	server->maxReq = min_t(unsigned int,
  			       le16_to_cpu(rsp->MaxMpxCount),
  			       cifs_max_pending);
  	set_credits(server, server->maxReq);
  	server->maxBuf = le16_to_cpu(rsp->MaxBufSize);

  	/* even though we do not use raw we might as well set this
  	accurately, in case we ever find a need for it */
  	if ((le16_to_cpu(rsp->RawMode) & RAW_ENABLE) == RAW_ENABLE) {
  		server->max_rw = 0xFF00;
  		server->capabilities = CAP_MPX_MODE | CAP_RAW_MODE;
  	} else {
  		server->max_rw = 0;/* do not need to use raw anyway */
  		server->capabilities = CAP_MPX_MODE;
  	}
  	tmp = (__s16)le16_to_cpu(rsp->ServerTimeZone);
  	if (tmp == -1) {
  		/* OS/2 often does not set timezone therefore
  		 * we must use server time to calc time zone.
  		 * Could deviate slightly from the right zone.
  		 * Smallest defined timezone difference is 15 minutes
  		 * (i.e. Nepal).  Rounding up/down is done to match
  		 * this requirement.
  		 */
  		int val, seconds, remain, result;
  		struct timespec ts, utc;
  		utc = CURRENT_TIME;
  		ts = cnvrtDosUnixTm(rsp->SrvTime.Date,
  				    rsp->SrvTime.Time, 0);
  		cifs_dbg(FYI, "SrvTime %d sec since 1970 (utc: %d) diff: %d
  ",
  			 (int)ts.tv_sec, (int)utc.tv_sec,
  			 (int)(utc.tv_sec - ts.tv_sec));
  		val = (int)(utc.tv_sec - ts.tv_sec);
  		seconds = abs(val);
  		result = (seconds / MIN_TZ_ADJ) * MIN_TZ_ADJ;
  		remain = seconds % MIN_TZ_ADJ;
  		if (remain >= (MIN_TZ_ADJ / 2))
  			result += MIN_TZ_ADJ;
  		if (val < 0)
  			result = -result;
  		server->timeAdj = result;
  	} else {
  		server->timeAdj = (int)tmp;
  		server->timeAdj *= 60; /* also in seconds */
  	}
  	cifs_dbg(FYI, "server->timeAdj: %d seconds
  ", server->timeAdj);
  
  
  	/* BB get server time for time conversions and add
  	code to use it and timezone since this is not UTC */
  
  	if (rsp->EncryptionKeyLength ==
  			cpu_to_le16(CIFS_CRYPTO_KEY_SIZE)) {
  		memcpy(server->cryptkey, rsp->EncryptionKey,
  			CIFS_CRYPTO_KEY_SIZE);
  	} else if (server->sec_mode & SECMODE_PW_ENCRYPT) {
  		return -EIO; /* need cryptkey unless plain text */
  	}
  
  	cifs_dbg(FYI, "LANMAN negotiated
  ");
  	return 0;
  }
  #else
  static inline int

  decode_lanman_negprot_rsp(struct TCP_Server_Info *server, NEGOTIATE_RSP *pSMBr)

  {
  	cifs_dbg(VFS, "mount failed, cifs module not built with CIFS_WEAK_PW_HASH support
  ");
  	return -EOPNOTSUPP;
  }
  #endif

  static bool

  should_set_ext_sec_flag(enum securityEnum sectype)

  {

  	switch (sectype) {
  	case RawNTLMSSP:
  	case Kerberos:

  		return true;

  	case Unspecified:
  		if (global_secflags &
  		    (CIFSSEC_MAY_KRB5 | CIFSSEC_MAY_NTLMSSP))
  			return true;
  		/* Fallthrough */
  	default:
  		return false;
  	}

  }

  int

  CIFSSMBNegotiate(const unsigned int xid, struct cifs_ses *ses)

  {
  	NEGOTIATE_REQ *pSMB;
  	NEGOTIATE_RSP *pSMBr;
  	int rc = 0;
  	int bytes_returned;

  	int i;

  	struct TCP_Server_Info *server = ses->server;

  	u16 count;

  	if (!server) {
  		WARN(1, "%s: server is NULL!
  ", __func__);
  		return -EIO;

  	}

  	rc = smb_init(SMB_COM_NEGOTIATE, 0, NULL /* no tcon yet */ ,
  		      (void **) &pSMB, (void **) &pSMBr);
  	if (rc)
  		return rc;

  	pSMB->hdr.Mid = get_next_mid(server);

  	pSMB->hdr.Flags2 |= (SMBFLG2_UNICODE | SMBFLG2_ERR_STATUS);

  	if (should_set_ext_sec_flag(ses->sectype)) {

  		cifs_dbg(FYI, "Requesting extended security.");

  		pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC;
  	}

  	count = 0;

  	for (i = 0; i < CIFS_NUM_PROT; i++) {

  		strncpy(pSMB->DialectsArray+count, protocols[i].name, 16);
  		count += strlen(protocols[i].name) + 1;
  		/* null at end of source and target buffers anyway */
  	}

  	inc_rfc1001_len(pSMB, count);

  	pSMB->ByteCount = cpu_to_le16(count);
  
  	rc = SendReceive(xid, ses, (struct smb_hdr *) pSMB,
  			 (struct smb_hdr *) pSMBr, &bytes_returned, 0);

  	if (rc != 0)

  		goto neg_err_exit;

  	server->dialect = le16_to_cpu(pSMBr->DialectIndex);

  	cifs_dbg(FYI, "Dialect: %d
  ", server->dialect);

  	/* Check wct = 1 error case */

  	if ((pSMBr->hdr.WordCount < 13) || (server->dialect == BAD_PROT)) {

  		/* core returns wct = 1, but we do not ask for core - otherwise

  		small wct just comes when dialect index is -1 indicating we

  		could not negotiate a common dialect */
  		rc = -EOPNOTSUPP;
  		goto neg_err_exit;

  	} else if (pSMBr->hdr.WordCount == 13) {

  		server->negflavor = CIFS_NEGFLAVOR_LANMAN;

  		rc = decode_lanman_negprot_rsp(server, pSMBr);

  		goto signing_check;

  	} else if (pSMBr->hdr.WordCount != 17) {

  		/* unknown wct */
  		rc = -EOPNOTSUPP;
  		goto neg_err_exit;
  	}

  	/* else wct == 17, NTLM or better */

  	server->sec_mode = pSMBr->SecurityMode;
  	if ((server->sec_mode & SECMODE_USER) == 0)

  		cifs_dbg(FYI, "share mode security
  ");

  	/* one byte, so no need to convert this or EncryptionKeyLen from
  	   little endian */

  	server->maxReq = min_t(unsigned int, le16_to_cpu(pSMBr->MaxMpxCount),
  			       cifs_max_pending);

  	set_credits(server, server->maxReq);

  	/* probably no need to store and check maxvcs */

  	server->maxBuf = le32_to_cpu(pSMBr->MaxBufferSize);

  	server->max_rw = le32_to_cpu(pSMBr->MaxRawSize);

  	cifs_dbg(NOISY, "Max buf = %d
  ", ses->server->maxBuf);

  	server->capabilities = le32_to_cpu(pSMBr->Capabilities);

  	server->timeAdj = (int)(__s16)le16_to_cpu(pSMBr->ServerTimeZone);
  	server->timeAdj *= 60;

  	if (pSMBr->EncryptionKeyLength == CIFS_CRYPTO_KEY_SIZE) {
  		server->negflavor = CIFS_NEGFLAVOR_UNENCAP;

  		memcpy(ses->server->cryptkey, pSMBr->u.EncryptionKey,

  		       CIFS_CRYPTO_KEY_SIZE);

  	} else if (pSMBr->hdr.Flags2 & SMBFLG2_EXT_SEC ||
  			server->capabilities & CAP_EXTENDED_SECURITY) {

  		server->negflavor = CIFS_NEGFLAVOR_EXTENDED;

  		rc = decode_ext_sec_blob(ses, pSMBr);

  	} else if (server->sec_mode & SECMODE_PW_ENCRYPT) {

  		rc = -EIO; /* no crypt key only if plain text pwd */

  	} else {
  		server->negflavor = CIFS_NEGFLAVOR_UNENCAP;

  		server->capabilities &= ~CAP_EXTENDED_SECURITY;

  	}

  
  signing_check:

  	if (!rc)

  		rc = cifs_enable_signing(server, ses->sign);

  neg_err_exit:

  	cifs_buf_release(pSMB);

  	cifs_dbg(FYI, "negprot rc %d
  ", rc);

  	return rc;
  }
  
  int

  CIFSSMBTDis(const unsigned int xid, struct cifs_tcon *tcon)

  {
  	struct smb_hdr *smb_buffer;

  	int rc = 0;

  	cifs_dbg(FYI, "In tree disconnect
  ");

  	/* BB: do we need to check this? These should never be NULL. */
  	if ((tcon->ses == NULL) || (tcon->ses->server == NULL))
  		return -EIO;

  	/*
  	 * No need to return error on this operation if tid invalidated and
  	 * closed on server already e.g. due to tcp session crashing. Also,
  	 * the tcon is no longer on the list, so no need to take lock before
  	 * checking this.
  	 */

  	if ((tcon->need_reconnect) || (tcon->ses->need_reconnect))

  		return 0;

  	rc = small_smb_init(SMB_COM_TREE_DISCONNECT, 0, tcon,

  			    (void **)&smb_buffer);

  	if (rc)

  		return rc;

  	rc = SendReceiveNoRsp(xid, tcon->ses, (char *)smb_buffer, 0);

  	if (rc)

  		cifs_dbg(FYI, "Tree disconnect failed %d
  ", rc);

  	/* No need to return error on this operation if tid invalidated and

  	   closed on server already e.g. due to tcp session crashing */

  	if (rc == -EAGAIN)
  		rc = 0;
  
  	return rc;
  }

  /*
   * This is a no-op for now. We're not really interested in the reply, but
   * rather in the fact that the server sent one and that server->lstrp
   * gets updated.
   *
   * FIXME: maybe we should consider checking that the reply matches request?
   */
  static void
  cifs_echo_callback(struct mid_q_entry *mid)
  {
  	struct TCP_Server_Info *server = mid->callback_data;

  	mutex_lock(&server->srv_mutex);

  	DeleteMidQEntry(mid);

  	mutex_unlock(&server->srv_mutex);

  	add_credits(server, 1, CIFS_ECHO_OP);

  }
  
  int
  CIFSSMBEcho(struct TCP_Server_Info *server)
  {
  	ECHO_REQ *smb;
  	int rc = 0;

  	struct kvec iov;

  	struct smb_rqst rqst = { .rq_iov = &iov,
  				 .rq_nvec = 1 };

  	cifs_dbg(FYI, "In echo request
  ");

  
  	rc = small_smb_init(SMB_COM_ECHO, 0, NULL, (void **)&smb);
  	if (rc)
  		return rc;
  
  	/* set up echo request */

  	smb->hdr.Tid = 0xffff;

  	smb->hdr.WordCount = 1;
  	put_unaligned_le16(1, &smb->EchoCount);

  	put_bcc(1, &smb->hdr);

  	smb->Data[0] = 'a';

  	inc_rfc1001_len(smb, 3);

  	iov.iov_base = smb;
  	iov.iov_len = be32_to_cpu(smb->hdr.smb_buf_length) + 4;

  	rc = cifs_call_async(server, &rqst, NULL, cifs_echo_callback,

  			     server, CIFS_ASYNC_OP | CIFS_ECHO_OP);

  	if (rc)

  		cifs_dbg(FYI, "Echo request failed: %d
  ", rc);

  
  	cifs_small_buf_release(smb);
  
  	return rc;
  }

  int

  CIFSSMBLogoff(const unsigned int xid, struct cifs_ses *ses)

  {

  	LOGOFF_ANDX_REQ *pSMB;
  	int rc = 0;

  	cifs_dbg(FYI, "In SMBLogoff for session disconnect
  ");

  	/*
  	 * BB: do we need to check validity of ses and server? They should
  	 * always be valid since we have an active reference. If not, that
  	 * should probably be a BUG()
  	 */
  	if (!ses || !ses->server)

  		return -EIO;

  	mutex_lock(&ses->session_mutex);

  	if (ses->need_reconnect)
  		goto session_already_dead; /* no need to send SMBlogoff if uid
  					      already closed due to reconnect */

  	rc = small_smb_init(SMB_COM_LOGOFF_ANDX, 2, NULL, (void **)&pSMB);
  	if (rc) {

  		mutex_unlock(&ses->session_mutex);

  		return rc;
  	}

  	pSMB->hdr.Mid = get_next_mid(ses->server);

  	if (ses->server->sign)
  		pSMB->hdr.Flags2 |= SMBFLG2_SECURITY_SIGNATURE;

  
  	pSMB->hdr.Uid = ses->Suid;
  
  	pSMB->AndXCommand = 0xFF;

  	rc = SendReceiveNoRsp(xid, ses, (char *) pSMB, 0);

  session_already_dead:

  	mutex_unlock(&ses->session_mutex);

  
  	/* if session dead then we do not need to do ulogoff,

  		since server closed smb session, no sense reporting

  		error */
  	if (rc == -EAGAIN)
  		rc = 0;
  	return rc;
  }
  
  int

  CIFSPOSIXDelFile(const unsigned int xid, struct cifs_tcon *tcon,
  		 const char *fileName, __u16 type,
  		 const struct nls_table *nls_codepage, int remap)

  {
  	TRANSACTION2_SPI_REQ *pSMB = NULL;
  	TRANSACTION2_SPI_RSP *pSMBr = NULL;
  	struct unlink_psx_rq *pRqD;
  	int name_len;
  	int rc = 0;
  	int bytes_returned = 0;
  	__u16 params, param_offset, offset, byte_count;

  	cifs_dbg(FYI, "In POSIX delete
  ");

  PsxDelete:
  	rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB,
  		      (void **) &pSMBr);
  	if (rc)
  		return rc;
  
  	if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) {
  		name_len =

  		    cifsConvertToUTF16((__le16 *) pSMB->FileName, fileName,
  				       PATH_MAX, nls_codepage, remap);

  		name_len++;	/* trailing null */
  		name_len *= 2;
  	} else { /* BB add path length overrun check */
  		name_len = strnlen(fileName, PATH_MAX);
  		name_len++;	/* trailing null */
  		strncpy(pSMB->FileName, fileName, name_len);
  	}
  
  	params = 6 + name_len;
  	pSMB->MaxParameterCount = cpu_to_le16(2);
  	pSMB->MaxDataCount = 0; /* BB double check this with jra */
  	pSMB->MaxSetupCount = 0;
  	pSMB->Reserved = 0;
  	pSMB->Flags = 0;
  	pSMB->Timeout = 0;
  	pSMB->Reserved2 = 0;
  	param_offset = offsetof(struct smb_com_transaction2_spi_req,
  				InformationLevel) - 4;
  	offset = param_offset + params;
  
  	/* Setup pointer to Request Data (inode type) */
  	pRqD = (struct unlink_psx_rq *)(((char *)&pSMB->hdr.Protocol) + offset);
  	pRqD->type = cpu_to_le16(type);
  	pSMB->ParameterOffset = cpu_to_le16(param_offset);
  	pSMB->DataOffset = cpu_to_le16(offset);
  	pSMB->SetupCount = 1;
  	pSMB->Reserved3 = 0;
  	pSMB->SubCommand = cpu_to_le16(TRANS2_SET_PATH_INFORMATION);
  	byte_count = 3 /* pad */  + params + sizeof(struct unlink_psx_rq);
  
  	pSMB->DataCount = cpu_to_le16(sizeof(struct unlink_psx_rq));
  	pSMB->TotalDataCount = cpu_to_le16(sizeof(struct unlink_psx_rq));
  	pSMB->ParameterCount = cpu_to_le16(params);
  	pSMB->TotalParameterCount = pSMB->ParameterCount;
  	pSMB->InformationLevel = cpu_to_le16(SMB_POSIX_UNLINK);
  	pSMB->Reserved4 = 0;

  	inc_rfc1001_len(pSMB, byte_count);

  	pSMB->ByteCount = cpu_to_le16(byte_count);
  	rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,
  			 (struct smb_hdr *) pSMBr, &bytes_returned, 0);

  	if (rc)

  		cifs_dbg(FYI, "Posix delete returned %d
  ", rc);

  	cifs_buf_release(pSMB);

  	cifs_stats_inc(&tcon->stats.cifs_stats.num_deletes);

  
  	if (rc == -EAGAIN)
  		goto PsxDelete;
  
  	return rc;
  }
  
  int

  CIFSSMBDelFile(const unsigned int xid, struct cifs_tcon *tcon, const char *name,
  	       struct cifs_sb_info *cifs_sb)

  {
  	DELETE_FILE_REQ *pSMB = NULL;
  	DELETE_FILE_RSP *pSMBr = NULL;
  	int rc = 0;
  	int bytes_returned;
  	int name_len;

  	int remap = cifs_remap(cifs_sb);

  
  DelFileRetry:
  	rc = smb_init(SMB_COM_DELETE, 1, tcon, (void **) &pSMB,
  		      (void **) &pSMBr);
  	if (rc)
  		return rc;
  
  	if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) {

  		name_len = cifsConvertToUTF16((__le16 *) pSMB->fileName, name,
  					      PATH_MAX, cifs_sb->local_nls,
  					      remap);

  		name_len++;	/* trailing null */
  		name_len *= 2;

  	} else {		/* BB improve check for buffer overruns BB */

  		name_len = strnlen(name, PATH_MAX);

  		name_len++;	/* trailing null */

  		strncpy(pSMB->fileName, name, name_len);

  	}
  	pSMB->SearchAttributes =
  	    cpu_to_le16(ATTR_READONLY | ATTR_HIDDEN | ATTR_SYSTEM);
  	pSMB->BufferFormat = 0x04;

  	inc_rfc1001_len(pSMB, name_len + 1);

  	pSMB->ByteCount = cpu_to_le16(name_len + 1);
  	rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,
  			 (struct smb_hdr *) pSMBr, &bytes_returned, 0);

  	cifs_stats_inc(&tcon->stats.cifs_stats.num_deletes);

  	if (rc)

  		cifs_dbg(FYI, "Error in RMFile = %d
  ", rc);

  
  	cifs_buf_release(pSMB);
  	if (rc == -EAGAIN)
  		goto DelFileRetry;
  
  	return rc;
  }
  
  int

  CIFSSMBRmDir(const unsigned int xid, struct cifs_tcon *tcon, const char *name,
  	     struct cifs_sb_info *cifs_sb)

  {
  	DELETE_DIRECTORY_REQ *pSMB = NULL;
  	DELETE_DIRECTORY_RSP *pSMBr = NULL;
  	int rc = 0;
  	int bytes_returned;
  	int name_len;

  	int remap = cifs_remap(cifs_sb);

  	cifs_dbg(FYI, "In CIFSSMBRmDir
  ");

  RmDirRetry:
  	rc = smb_init(SMB_COM_DELETE_DIRECTORY, 0, tcon, (void **) &pSMB,
  		      (void **) &pSMBr);
  	if (rc)
  		return rc;
  
  	if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) {

  		name_len = cifsConvertToUTF16((__le16 *) pSMB->DirName, name,
  					      PATH_MAX, cifs_sb->local_nls,
  					      remap);

  		name_len++;	/* trailing null */
  		name_len *= 2;

  	} else {		/* BB improve check for buffer overruns BB */

  		name_len = strnlen(name, PATH_MAX);

  		name_len++;	/* trailing null */

  		strncpy(pSMB->DirName, name, name_len);

  	}
  
  	pSMB->BufferFormat = 0x04;

  	inc_rfc1001_len(pSMB, name_len + 1);

  	pSMB->ByteCount = cpu_to_le16(name_len + 1);
  	rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,
  			 (struct smb_hdr *) pSMBr, &bytes_returned, 0);

  	cifs_stats_inc(&tcon->stats.cifs_stats.num_rmdirs);

  	if (rc)

  		cifs_dbg(FYI, "Error in RMDir = %d
  ", rc);

  
  	cifs_buf_release(pSMB);
  	if (rc == -EAGAIN)
  		goto RmDirRetry;
  	return rc;
  }
  
  int

  CIFSSMBMkDir(const unsigned int xid, struct cifs_tcon *tcon, const char *name,
  	     struct cifs_sb_info *cifs_sb)

  {
  	int rc = 0;
  	CREATE_DIRECTORY_REQ *pSMB = NULL;
  	CREATE_DIRECTORY_RSP *pSMBr = NULL;
  	int bytes_returned;
  	int name_len;

  	int remap = cifs_remap(cifs_sb);

  	cifs_dbg(FYI, "In CIFSSMBMkDir
  ");

  MkDirRetry:
  	rc = smb_init(SMB_COM_CREATE_DIRECTORY, 0, tcon, (void **) &pSMB,
  		      (void **) &pSMBr);
  	if (rc)
  		return rc;
  
  	if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) {

  		name_len = cifsConvertToUTF16((__le16 *) pSMB->DirName, name,

  					      PATH_MAX, cifs_sb->local_nls,
  					      remap);

  		name_len++;	/* trailing null */
  		name_len *= 2;

  	} else {		/* BB improve check for buffer overruns BB */

  		name_len = strnlen(name, PATH_MAX);
  		name_len++;	/* trailing null */
  		strncpy(pSMB->DirName, name, name_len);
  	}
  
  	pSMB->BufferFormat = 0x04;

  	inc_rfc1001_len(pSMB, name_len + 1);

  	pSMB->ByteCount = cpu_to_le16(name_len + 1);
  	rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,
  			 (struct smb_hdr *) pSMBr, &bytes_returned, 0);

  	cifs_stats_inc(&tcon->stats.cifs_stats.num_mkdirs);

  	if (rc)

  		cifs_dbg(FYI, "Error in Mkdir = %d
  ", rc);

  	cifs_buf_release(pSMB);
  	if (rc == -EAGAIN)
  		goto MkDirRetry;
  	return rc;
  }

  int

  CIFSPOSIXCreate(const unsigned int xid, struct cifs_tcon *tcon,
  		__u32 posix_flags, __u64 mode, __u16 *netfid,
  		FILE_UNIX_BASIC_INFO *pRetData, __u32 *pOplock,
  		const char *name, const struct nls_table *nls_codepage,
  		int remap)

  {
  	TRANSACTION2_SPI_REQ *pSMB = NULL;
  	TRANSACTION2_SPI_RSP *pSMBr = NULL;
  	int name_len;
  	int rc = 0;
  	int bytes_returned = 0;

  	__u16 params, param_offset, offset, byte_count, count;

  	OPEN_PSX_REQ *pdata;
  	OPEN_PSX_RSP *psx_rsp;

  	cifs_dbg(FYI, "In POSIX Create
  ");

  PsxCreat:
  	rc = smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB,
  		      (void **) &pSMBr);
  	if (rc)
  		return rc;
  
  	if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) {
  		name_len =

  		    cifsConvertToUTF16((__le16 *) pSMB->FileName, name,
  				       PATH_MAX, nls_codepage, remap);

  		name_len++;	/* trailing null */
  		name_len *= 2;
  	} else {	/* BB improve the check for buffer overruns BB */
  		name_len = strnlen(name, PATH_MAX);
  		name_len++;	/* trailing null */
  		strncpy(pSMB->FileName, name, name_len);
  	}
  
  	params = 6 + name_len;
  	count = sizeof(OPEN_PSX_REQ);
  	pSMB->MaxParameterCount = cpu_to_le16(2);
  	pSMB->MaxDataCount = cpu_to_le16(1000);	/* large enough */
  	pSMB->MaxSetupCount = 0;
  	pSMB->Reserved = 0;
  	pSMB->Flags = 0;
  	pSMB->Timeout = 0;
  	pSMB->Reserved2 = 0;
  	param_offset = offsetof(struct smb_com_transaction2_spi_req,

  				InformationLevel) - 4;

  	offset = param_offset + params;

  	pdata = (OPEN_PSX_REQ *)(((char *)&pSMB->hdr.Protocol) + offset);

  	pdata->Level = cpu_to_le16(SMB_QUERY_FILE_UNIX_BASIC);

  	pdata->Permissions = cpu_to_le64(mode);

  	pdata->PosixOpenFlags = cpu_to_le32(posix_flags);

  	pdata->OpenFlags =  cpu_to_le32(*pOplock);
  	pSMB->ParameterOffset = cpu_to_le16(param_offset);
  	pSMB->DataOffset = cpu_to_le16(offset);
  	pSMB->SetupCount = 1;
  	pSMB->Reserved3 = 0;
  	pSMB->SubCommand = cpu_to_le16(TRANS2_SET_PATH_INFORMATION);
  	byte_count = 3 /* pad */  + params + count;
  
  	pSMB->DataCount = cpu_to_le16(count);
  	pSMB->ParameterCount = cpu_to_le16(params);
  	pSMB->TotalDataCount = pSMB->DataCount;
  	pSMB->TotalParameterCount = pSMB->ParameterCount;
  	pSMB->InformationLevel = cpu_to_le16(SMB_POSIX_OPEN);
  	pSMB->Reserved4 = 0;

  	inc_rfc1001_len(pSMB, byte_count);

  	pSMB->ByteCount = cpu_to_le16(byte_count);
  	rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,
  			 (struct smb_hdr *) pSMBr, &bytes_returned, 0);
  	if (rc) {

  		cifs_dbg(FYI, "Posix create returned %d
  ", rc);

  		goto psx_create_err;
  	}

  	cifs_dbg(FYI, "copying inode info
  ");

  	rc = validate_t2((struct smb_t2_rsp *)pSMBr);

  	if (rc || get_bcc(&pSMBr->hdr) < sizeof(OPEN_PSX_RSP)) {

  		rc = -EIO;	/* bad smb */
  		goto psx_create_err;
  	}
  
  	/* copy return information to pRetData */

  	psx_rsp = (OPEN_PSX_RSP *)((char *) &pSMBr->hdr.Protocol

  			+ le16_to_cpu(pSMBr->t2.DataOffset));

  	*pOplock = le16_to_cpu(psx_rsp->OplockFlags);

  	if (netfid)

  		*netfid = psx_rsp->Fid;   /* cifs fid stays in le */
  	/* Let caller know file was created so we can set the mode. */
  	/* Do we care about the CreateAction in any other cases? */

  	if (cpu_to_le32(FILE_CREATE) == psx_rsp->CreateAction)

  		*pOplock |= CIFS_CREATE_ACTION;
  	/* check to make sure response data is there */

  	if (psx_rsp->ReturnedLevel != cpu_to_le16(SMB_QUERY_FILE_UNIX_BASIC)) {
  		pRetData->Type = cpu_to_le32(-1); /* unknown */

  		cifs_dbg(NOISY, "unknown type
  ");

  	} else {

  		if (get_bcc(&pSMBr->hdr) < sizeof(OPEN_PSX_RSP)

  					+ sizeof(FILE_UNIX_BASIC_INFO)) {

  			cifs_dbg(VFS, "Open response data too small
  ");

  			pRetData->Type = cpu_to_le32(-1);

  			goto psx_create_err;
  		}

  		memcpy((char *) pRetData,

  			(char *)psx_rsp + sizeof(OPEN_PSX_RSP),

  			sizeof(FILE_UNIX_BASIC_INFO));

  	}

  
  psx_create_err:
  	cifs_buf_release(pSMB);

  	if (posix_flags & SMB_O_DIRECTORY)

  		cifs_stats_inc(&tcon->stats.cifs_stats.num_posixmkdirs);

  	else

  		cifs_stats_inc(&tcon->stats.cifs_stats.num_posixopens);

  
  	if (rc == -EAGAIN)
  		goto PsxCreat;

  	return rc;

  }

  static __u16 convert_disposition(int disposition)
  {
  	__u16 ofun = 0;
  
  	switch (disposition) {
  		case FILE_SUPERSEDE:
  			ofun = SMBOPEN_OCREATE | SMBOPEN_OTRUNC;
  			break;
  		case FILE_OPEN:
  			ofun = SMBOPEN_OAPPEND;
  			break;
  		case FILE_CREATE:
  			ofun = SMBOPEN_OCREATE;
  			break;
  		case FILE_OPEN_IF:
  			ofun = SMBOPEN_OCREATE | SMBOPEN_OAPPEND;
  			break;
  		case FILE_OVERWRITE:
  			ofun = SMBOPEN_OTRUNC;
  			break;
  		case FILE_OVERWRITE_IF:
  			ofun = SMBOPEN_OCREATE | SMBOPEN_OTRUNC;
  			break;
  		default:

  			cifs_dbg(FYI, "unknown disposition %d
  ", disposition);

  			ofun =  SMBOPEN_OAPPEND; /* regular open */
  	}
  	return ofun;
  }

  static int
  access_flags_to_smbopen_mode(const int access_flags)
  {
  	int masked_flags = access_flags & (GENERIC_READ | GENERIC_WRITE);
  
  	if (masked_flags == GENERIC_READ)
  		return SMBOPEN_READ;
  	else if (masked_flags == GENERIC_WRITE)
  		return SMBOPEN_WRITE;
  
  	/* just go for read/write */
  	return SMBOPEN_READWRITE;
  }

  int

  SMBLegacyOpen(const unsigned int xid, struct cifs_tcon *tcon,

  	    const char *fileName, const int openDisposition,

  	    const int access_flags, const int create_options, __u16 *netfid,
  	    int *pOplock, FILE_ALL_INFO *pfile_info,

  	    const struct nls_table *nls_codepage, int remap)
  {
  	int rc = -EACCES;
  	OPENX_REQ *pSMB = NULL;
  	OPENX_RSP *pSMBr = NULL;
  	int bytes_returned;
  	int name_len;
  	__u16 count;
  
  OldOpenRetry:
  	rc = smb_init(SMB_COM_OPEN_ANDX, 15, tcon, (void **) &pSMB,
  		      (void **) &pSMBr);
  	if (rc)
  		return rc;
  
  	pSMB->AndXCommand = 0xFF;       /* none */
  
  	if (pSMB->hdr.Flags2 & SMBFLG2_UNICODE) {
  		count = 1;      /* account for one byte pad to word boundary */
  		name_len =

  		   cifsConvertToUTF16((__le16 *) (pSMB->fileName + 1),
  				      fileName, PATH_MAX, nls_codepage, remap);

  		name_len++;     /* trailing null */
  		name_len *= 2;
  	} else {                /* BB improve check for buffer overruns BB */
  		count = 0;      /* no pad */
  		name_len = strnlen(fileName, PATH_MAX);
  		name_len++;     /* trailing null */
  		strncpy(pSMB->fileName, fileName, name_len);
  	}
  	if (*pOplock & REQ_OPLOCK)
  		pSMB->OpenFlags = cpu_to_le16(REQ_OPLOCK);

  	else if (*pOplock & REQ_BATCHOPLOCK)

  		pSMB->OpenFlags = cpu_to_le16(REQ_BATCHOPLOCK);

  	pSMB->OpenFlags |= cpu_to_le16(REQ_MORE_INFO);

  	pSMB->Mode = cpu_to_le16(access_flags_to_smbopen_mode(access_flags));

  	pSMB->Mode |= cpu_to_le16(0x40); /* deny none */
  	/* set file as system file if special file such
  	   as fifo and server expecting SFU style and
  	   no Unix extensions */

  	if (create_options & CREATE_OPTION_SPECIAL)
  		pSMB->FileAttributes = cpu_to_le16(ATTR_SYSTEM);

  	else /* BB FIXME BB */
  		pSMB->FileAttributes = cpu_to_le16(0/*ATTR_NORMAL*/);

  	if (create_options & CREATE_OPTION_READONLY)
  		pSMB->FileAttributes |= cpu_to_le16(ATTR_READONLY);

  
  	/* BB FIXME BB */

  /*	pSMB->CreateOptions = cpu_to_le32(create_options &
  						 CREATE_OPTIONS_MASK); */

  	/* BB FIXME END BB */

  
  	pSMB->Sattr = cpu_to_le16(ATTR_HIDDEN | ATTR_SYSTEM | ATTR_DIRECTORY);

  	pSMB->OpenFunction = cpu_to_le16(convert_disposition(openDisposition));

  	count += name_len;

  	inc_rfc1001_len(pSMB, count);

  
  	pSMB->ByteCount = cpu_to_le16(count);
  	/* long_op set to 1 to allow for oplock break timeouts */
  	rc = SendReceive(xid, tcon->ses, (struct smb_hdr *) pSMB,

  			(struct smb_hdr *)pSMBr, &bytes_returned, 0);

  	cifs_stats_inc(&tcon->stats.cifs_stats.num_opens);

  	if (rc) {

  		cifs_dbg(FYI, "Error in Open = %d
  ", rc);

  	} else {
  	/* BB verify if wct == 15 */

  /*		*pOplock = pSMBr->OplockLevel; */ /* BB take from action field*/

  
  		*netfid = pSMBr->Fid;   /* cifs fid stays in le */
  		/* Let caller know file was created so we can set the mode. */
  		/* Do we care about the CreateAction in any other cases? */
  	/* BB FIXME BB */

  /*		if (cpu_to_le32(FILE_CREATE) == pSMBr->CreateAction)

  			*pOplock |= CIFS_CREATE_ACTION; */
  	/* BB FIXME END */

  		if (pfile_info) {

  			pfile_info->CreationTime = 0; /* BB convert CreateTime*/
  			pfile_info->LastAccessTime = 0; /* BB fixme */
  			pfile_info->LastWriteTime = 0; /* BB fixme */
  			pfile_info->ChangeTime = 0;  /* BB fixme */

  			pfile_info->Attributes =

  				cpu_to_le32(le16_to_cpu(pSMBr->FileAttributes));

  			/* the file_info buf is endian converted by caller */

  			pfile_info->AllocationSize =
  				cpu_to_le64(le32_to_cpu(pSMBr->EndOfFile));
  			pfile_info->EndOfFile = pfile_info->AllocationSize;

  			pfile_info->NumberOfLinks = cpu_to_le32(1);

  			pfile_info->DeletePending = 0;

  		}
  	}
  
  	cifs_buf_release(pSMB);
  	if (rc == -EAGAIN)
  		goto OldOpenRetry;
  	return rc;
  }

  int

  CIFS_open(const unsigned int xid, struct cifs_open_parms *oparms, int *oplock,
  	  FILE_ALL_INFO *buf)

  {
  	int rc = -EACCES;

  	OPEN_REQ *req = NULL;
  	OPEN_RSP *rsp = NULL;

  	int bytes_returned;
  	int name_len;
  	__u16 count;

  	struct cifs_sb_info *cifs_sb = oparms->cifs_sb;
  	struct cifs_tcon *tcon = oparms->tcon;

  	int remap = cifs_remap(cifs_sb);

  	const struct nls_table *nls = cifs_sb->local_nls;
  	int create_options = oparms->create_options;
  	int desired_access = oparms->desired_access;
  	int disposition = oparms->disposition;
  	const char *path = oparms->path;

  
  openRetry:

  	rc = smb_init(SMB_COM_NT_CREATE_ANDX, 24, tcon, (void **)&req,
  		      (void **)&rsp);

  	if (rc)
  		return rc;

  	/* no commands go after this */
  	req->AndXCommand = 0xFF;

  	if (req->hdr.Flags2 & SMBFLG2_UNICODE) {
  		/* account for one byte pad to word boundary */
  		count = 1;
  		name_len = cifsConvertToUTF16((__le16 *)(req->fileName + 1),
  					      path, PATH_MAX, nls, remap);
  		/* trailing null */
  		name_len++;

  		name_len *= 2;

  		req->NameLength = cpu_to_le16(name_len);
  	} else {
  		/* BB improve check for buffer overruns BB */
  		/* no pad */
  		count = 0;
  		name_len = strnlen(path, PATH_MAX);
  		/* trailing null */
  		name_len++;
  		req->NameLength = cpu_to_le16(name_len);
  		strncpy(req->fileName, path, name_len);

  	}

  
  	if (*oplock & REQ_OPLOCK)
  		req->OpenFlags = cpu_to_le32(REQ_OPLOCK);
  	else if (*oplock & REQ_BATCHOPLOCK)
  		req->OpenFlags = cpu_to_le32(REQ_BATCHOPLOCK);
  
  	req->DesiredAccess = cpu_to_le32(desired_access);
  	req->AllocationSize = 0;
  
  	/*
  	 * Set file as system file if special file such as fifo and server
  	 * expecting SFU style and no Unix extensions.
  	 */

  	if (create_options & CREATE_OPTION_SPECIAL)

  		req->FileAttributes = cpu_to_le32(ATTR_SYSTEM);

  	else

  		req->FileAttributes = cpu_to_le32(ATTR_NORMAL);

  	/*
  	 * XP does not handle ATTR_POSIX_SEMANTICS but it helps speed up case
  	 * sensitive checks for other servers such as Samba.
  	 */

  	if (tcon->ses->capabilities & CAP_UNIX)

  		req->FileAttributes |= cpu_to_le32(ATTR_POSIX_SEMANTICS);

  	if (create_options & CREATE_OPTION_READONLY)

  		req->FileAttributes |= cpu_to_le32(ATTR_READONLY);
  
  	req->ShareAccess = cpu_to_le32(FILE_SHARE_ALL);
  	req->CreateDisposition = cpu_to_le32(disposition);
  	req->CreateOptions = cpu_to_le32(create_options & CREATE_OPTIONS_MASK);

  	/* BB Expirement with various impersonation levels and verify */

  	req->ImpersonationLevel = cpu_to_le32(SECURITY_IMPERSONATION);
  	req->SecurityFlags = SECURITY_CONTEXT_TRACKING|SECURITY_EFFECTIVE_ONLY;

  
  	count += name_len;

  	inc_rfc1001_len(req, count);

  	req->ByteCount = cpu_to_le16(count);
  	rc = SendReceive(xid, tcon->ses, (struct smb_hdr *)req,
  			 (struct smb_hdr *)rsp, &bytes_returned, 0);

  	cifs_stats_inc(&tcon->stats.cifs_stats.num_opens);

  	if (rc) {

  		cifs_dbg(FYI, "Error in Open = %d
  ", rc);

  		cifs_buf_release(req);
  		if (rc == -EAGAIN)
  			goto openRetry;
  		return rc;

  	}

  	/* 1 byte no need to le_to_cpu */
  	*oplock = rsp->OplockLevel;
  	/* cifs fid stays in le */

  	oparms->fid->netfid = rsp->Fid;

  
  	/* Let caller know file was created so we can set the mode. */
  	/* Do we care about the CreateAction in any other cases? */
  	if (cpu_to_le32(FILE_CREATE) == rsp->CreateAction)
  		*oplock |= CIFS_CREATE_ACTION;
  
  	if (buf) {
  		/* copy from CreationTime to Attributes */
  		memcpy((char *)buf, (char *)&rsp->CreationTime, 36);
  		/* the file_info buf is endian converted by caller */
  		buf->AllocationSize = rsp->AllocationSize;
  		buf->EndOfFile = rsp->EndOfFile;
  		buf->NumberOfLinks = cpu_to_le32(1);
  		buf->DeletePending = 0;
  	}
  
  	cifs_buf_release(req);

  	return rc;
  }

  /*
   * Discard any remaining data in the current SMB. To do this, we borrow the
   * current bigbuf.
   */
  static int

  discard_remaining_data(struct TCP_Server_Info *server)

  {

  	unsigned int rfclen = get_rfc1002_length(server->smallbuf);

  	int remaining = rfclen + 4 - server->total_read;

  
  	while (remaining > 0) {
  		int length;
  
  		length = cifs_read_from_socket(server, server->bigbuf,
  				min_t(unsigned int, remaining,

  				    CIFSMaxBufSize + MAX_HEADER_SIZE(server)));

  		if (length < 0)
  			return length;
  		server->total_read += length;
  		remaining -= length;
  	}

  	return 0;
  }

  static int
  cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid)
  {
  	int length;
  	struct cifs_readdata *rdata = mid->callback_data;
  
  	length = discard_remaining_data(server);
  	dequeue_mid(mid, rdata->result);
  	return length;
  }

  int

  cifs_readv_receive(struct TCP_Server_Info *server, struct mid_q_entry *mid)
  {
  	int length, len;

  	unsigned int data_offset, data_len;

  	struct cifs_readdata *rdata = mid->callback_data;

  	char *buf = server->smallbuf;
  	unsigned int buflen = get_rfc1002_length(buf) + 4;

  	cifs_dbg(FYI, "%s: mid=%llu offset=%llu bytes=%u
  ",
  		 __func__, mid->mid, rdata->offset, rdata->bytes);

  
  	/*
  	 * read the rest of READ_RSP header (sans Data array), or whatever we
  	 * can if there's not enough data. At this point, we've read down to
  	 * the Mid.
  	 */

  	len = min_t(unsigned int, buflen, server->vals->read_rsp_size) -

  							HEADER_SIZE(server) + 1;

  	length = cifs_read_from_socket(server,
  				       buf + HEADER_SIZE(server) - 1, len);

  	if (length < 0)
  		return length;
  	server->total_read += length;

  	if (server->ops->is_status_pending &&
  	    server->ops->is_status_pending(buf, server, 0)) {
  		discard_remaining_data(server);
  		return -1;
  	}

  	/* Was the SMB read successful? */

  	rdata->result = server->ops->map_error(buf, false);

  	if (rdata->result != 0) {

  		cifs_dbg(FYI, "%s: server returned error %d
  ",
  			 __func__, rdata->result);

  		return cifs_readv_discard(server, mid);
  	}
  
  	/* Is there enough to get to the rest of the READ_RSP header? */

  	if (server->total_read < server->vals->read_rsp_size) {

  		cifs_dbg(FYI, "%s: server returned short header. got=%u expected=%zu
  ",
  			 __func__, server->total_read,
  			 server->vals->read_rsp_size);

  		rdata->result = -EIO;
  		return cifs_readv_discard(server, mid);
  	}

  	data_offset = server->ops->read_data_offset(buf) + 4;

  	if (data_offset < server->total_read) {
  		/*
  		 * win2k8 sometimes sends an offset of 0 when the read
  		 * is beyond the EOF. Treat it as if the data starts just after
  		 * the header.
  		 */

  		cifs_dbg(FYI, "%s: data offset (%u) inside read response header
  ",
  			 __func__, data_offset);

  		data_offset = server->total_read;
  	} else if (data_offset > MAX_CIFS_SMALL_BUFFER_SIZE) {
  		/* data_offset is beyond the end of smallbuf */

  		cifs_dbg(FYI, "%s: data offset (%u) beyond end of smallbuf
  ",
  			 __func__, data_offset);

  		rdata->result = -EIO;
  		return cifs_readv_discard(server, mid);
  	}

  	cifs_dbg(FYI, "%s: total_read=%u data_offset=%u
  ",
  		 __func__, server->total_read, data_offset);

  
  	len = data_offset - server->total_read;
  	if (len > 0) {
  		/* read any junk before data into the rest of smallbuf */

  		length = cifs_read_from_socket(server,
  					       buf + server->total_read, len);

  		if (length < 0)
  			return length;
  		server->total_read += length;
  	}
  
  	/* set up first iov for signature check */

  	rdata->iov.iov_base = buf;
  	rdata->iov.iov_len = server->total_read;

  	cifs_dbg(FYI, "0: iov_base=%p iov_len=%zu
  ",
  		 rdata->iov.iov_base, rdata->iov.iov_len);

  
  	/* how much data is in the response? */

  	data_len = server->ops->read_data_length(buf);

  	if (data_offset + data_len > buflen) {

  		/* data_len is corrupt -- discard frame */
  		rdata->result = -EIO;
  		return cifs_readv_discard(server, mid);
  	}

  	length = rdata->read_into_pages(server, rdata, data_len);
  	if (length < 0)
  		return length;

  	server->total_read += length;

  	cifs_dbg(FYI, "total_read=%u buflen=%u remaining=%u
  ",
  		 server->total_read, buflen, data_len);

  
  	/* discard anything left over */

  	if (server->total_read < buflen)

  		return cifs_readv_discard(server, mid);
  
  	dequeue_mid(mid, false);
  	return length;
  }
  
  static void

  cifs_readv_callback(struct mid_q_entry *mid)
  {
  	struct cifs_readdata *rdata = mid->callback_data;
  	struct cifs_tcon *tcon = tlink_tcon(rdata->cfile->tlink);
  	struct TCP_Server_Info *server = tcon->ses->server;

  	struct smb_rqst rqst = { .rq_iov = &rdata->iov,
  				 .rq_nvec = 1,

  				 .rq_pages = rdata->pages,
  				 .rq_npages = rdata->nr_pages,
  				 .rq_pagesz = rdata->pagesz,
  				 .rq_tailsz = rdata->tailsz };

  	cifs_dbg(FYI, "%s: mid=%llu state=%d result=%d bytes=%u
  ",
  		 __func__, mid->mid, mid->mid_state, rdata->result,
  		 rdata->bytes);

  	switch (mid->mid_state) {

  	case MID_RESPONSE_RECEIVED:
  		/* result already set, check signature */

  		if (server->sign) {

  			int rc = 0;

  			rc = cifs_verify_signature(&rqst, server,

  						  mid->sequence_number);

  			if (rc)

  				cifs_dbg(VFS, "SMB signature verification returned error = %d
  ",
  					 rc);

  		}
  		/* FIXME: should this be counted toward the initiating task? */

  		task_io_account_read(rdata->got_bytes);
  		cifs_stats_bytes_read(tcon, rdata->got_bytes);

  		break;
  	case MID_REQUEST_SUBMITTED:
  	case MID_RETRY_NEEDED:
  		rdata->result = -EAGAIN;

  		if (server->sign && rdata->got_bytes)
  			/* reset bytes number since we can not check a sign */
  			rdata->got_bytes = 0;
  		/* FIXME: should this be counted toward the initiating task? */
  		task_io_account_read(rdata->got_bytes);
  		cifs_stats_bytes_read(tcon, rdata->got_bytes);

  		break;
  	default:
  		rdata->result = -EIO;
  	}

  	queue_work(cifsiod_wq, &rdata->work);

  	mutex_lock(&server->srv_mutex);

  	DeleteMidQEntry(mid);

  	mutex_unlock(&server->srv_mutex);

  	add_credits(server, 1, 0);

  }
  
  /* cifs_async_readv - send an async write, and set up mid to handle result */
  int
  cifs_async_readv(struct cifs_readdata *rdata)
  {
  	int rc;
  	READ_REQ *smb = NULL;
  	int wct;
  	struct cifs_tcon *tcon = tlink_tcon(rdata->cfile->tlink);

  	struct smb_rqst rqst = { .rq_iov = &rdata->iov,

  				 .rq_nvec = 1 };

  	cifs_dbg(FYI, "%s: offset=%llu bytes=%u
  ",
  		 __func__, rdata->offset, rdata->bytes);

  
  	if (tcon->ses->capabilities & CAP_LARGE_FILES)
  		wct = 12;
  	else {
  		wct = 10; /* old style read */
  		if ((rdata->offset >> 32) > 0)  {
  			/* can not handle this big offset for old */
  			return -EIO;
  		}
  	}
  
  	rc = small_smb_init(SMB_COM_READ_ANDX, wct, tcon, (void **)&smb);
  	if (rc)
  		return rc;
  
  	smb->hdr.Pid = cpu_to_le16((__u16)rdata->pid);
  	smb->hdr.PidHigh = cpu_to_le16((__u16)(rdata->pid >> 16));
  
  	smb->AndXCommand = 0xFF;	/* none */

  	smb->Fid = rdata->cfile->fid.netfid;

  	smb->OffsetLow = cpu_to_le32(rdata->offset & 0xFFFFFFFF);
  	if (wct == 12)
  		smb->OffsetHigh = cpu_to_le32(rdata->offset >> 32);
  	smb->Remaining = 0;
  	smb->MaxCount = cpu_to_le16(rdata->bytes & 0xFFFF);
  	smb->MaxCountHigh = cpu_to_le32(rdata->bytes >> 16);
  	if (wct == 12)
  		smb->ByteCount = 0;
  	else {
  		/* old style read */
  		struct smb_com_readx_req *smbr =
  			(struct smb_com_readx_req *)smb;
  		smbr->ByteCount = 0;
  	}
  
  	/* 4 for RFC1001 length + 1 for BCC */

  	rdata->iov.iov_base = smb;
  	rdata->iov.iov_len = be32_to_cpu(smb->hdr.smb_buf_length) + 4;

  	kref_get(&rdata->refcount);

  	rc = cifs_call_async(tcon->ses->server, &rqst, cifs_readv_receive,
  			     cifs_readv_callback, rdata, 0);

  
  	if (rc == 0)

  		cifs_stats_inc(&tcon->stats.cifs_stats.num_reads);

  	else
  		kref_put(&rdata->refcount, cifs_readdata_release);

  
  	cifs_small_buf_release(smb);
  	return rc;
  }

  int

  CIFSSMBRead(const unsigned int xid, struct cifs_io_parms *io_parms,
  	    unsigned int *nbytes, char **buf, int *pbuf_type)

  {
  	int rc = -EACCES;
  	READ_REQ *pSMB = NULL;
  	READ_RSP *pSMBr = NULL;
  	char *pReadData = NULL;

  	int wct;

  	int resp_buf_type = 0;
  	struct kvec iov[1];

  	__u32 pid = io_parms->pid;
  	__u16 netfid = io_parms->netfid;
  	__u64 offset = io_parms->offset;

  	struct cifs_tcon *tcon = io_parms->tcon;

  	unsigned int count = io_parms->length;

  	cifs_dbg(FYI, "Reading %d bytes on fid %d
  ", count, netfid);

  	if (tcon->ses->capabilities & CAP_LARGE_FILES)

  		wct = 12;

  	else {

  		wct = 10; /* old style read */

  		if ((offset >> 32) > 0)  {

  			/* can not handle this big offset for old */
  			return -EIO;
  		}
  	}

  
  	*nbytes = 0;

  	rc = small_smb_init(SMB_COM_READ_ANDX, wct, tcon, (void **) &pSMB);

  	if (rc)
  		return rc;

  	pSMB->hdr.Pid = cpu_to_le16((__u16)pid);
  	pSMB->hdr.PidHigh = cpu_to_le16((__u16)(pid >> 16));

  	/* tcon and ses pointer are checked in smb_init */
  	if (tcon->ses->server == NULL)
  		return -ECONNABORTED;

  	pSMB->AndXCommand = 0xFF;       /* none */

  	pSMB->Fid = netfid;

  	pSMB->OffsetLow = cpu_to_le32(offset & 0xFFFFFFFF);

  	if (wct == 12)

  		pSMB->OffsetHigh = cpu_to_le32(offset >> 32);

  	pSMB->Remaining = 0;
  	pSMB->MaxCount = cpu_to_le16(count & 0xFFFF);
  	pSMB->MaxCountHigh = cpu_to_le32(count >> 16);

  	if (wct == 12)

  		pSMB->ByteCount = 0;  /* no need to do le conversion since 0 */
  	else {
  		/* old style read */

  		struct smb_com_readx_req *pSMBW =

  			(struct smb_com_readx_req *)pSMB;

  		pSMBW->ByteCount = 0;

  	}

  
  	iov[0].iov_base = (char *)pSMB;

  	iov[0].iov_len = be32_to_cpu(pSMB->hdr.smb_buf_length) + 4;

  	rc = SendReceive2(xid, tcon->ses, iov, 1 /* num iovecs */,

  			 &resp_buf_type, CIFS_LOG_ERROR);

  	cifs_stats_inc(&tcon->stats.cifs_stats.num_reads);

  	pSMBr = (READ_RSP *)iov[0].iov_base;

  	if (rc) {

  		cifs_dbg(VFS, "Send error in read = %d
  ", rc);

  	} else {
  		int data_length = le16_to_cpu(pSMBr->DataLengthHigh);
  		data_length = data_length << 16;
  		data_length += le16_to_cpu(pSMBr->DataLength);
  		*nbytes = data_length;
  
  		/*check that DataLength would not go beyond end of SMB */

  		if ((data_length > CIFSMaxBufSize)

  				|| (data_length > count)) {

  			cifs_dbg(FYI, "bad length %d for count %d
  ",