/*
   *   fs/cifs/smb2pdu.c
   *

   *   Copyright (C) International Business Machines  Corp., 2009, 2013

   *                 Etersoft, 2012
   *   Author(s): Steve French (sfrench@us.ibm.com)
   *              Pavel Shilovsky (pshilovsky@samba.org) 2012
   *
   *   Contains the routines for constructing the SMB2 PDUs themselves
   *
   *   This library is free software; you can redistribute it and/or modify
   *   it under the terms of the GNU Lesser General Public License as published
   *   by the Free Software Foundation; either version 2.1 of the License, or
   *   (at your option) any later version.
   *
   *   This library is distributed in the hope that it will be useful,
   *   but WITHOUT ANY WARRANTY; without even the implied warranty of
   *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
   *   the GNU Lesser General Public License for more details.
   *
   *   You should have received a copy of the GNU Lesser General Public License
   *   along with this library; if not, write to the Free Software
   *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
   */
  
   /* SMB2 PDU handling routines here - except for leftovers (eg session setup) */
   /* Note that there are handle based routines which must be		      */
   /* treated slightly differently for reconnection purposes since we never     */
   /* want to reuse a stale file handle and only the caller knows the file info */
  
  #include <linux/fs.h>
  #include <linux/kernel.h>
  #include <linux/vfs.h>

  #include <linux/task_io_accounting_ops.h>

  #include <linux/uaccess.h>

  #include <linux/uuid.h>

  #include <linux/pagemap.h>

  #include <linux/xattr.h>
  #include "smb2pdu.h"
  #include "cifsglob.h"
  #include "cifsacl.h"
  #include "cifsproto.h"
  #include "smb2proto.h"
  #include "cifs_unicode.h"
  #include "cifs_debug.h"
  #include "ntlmssp.h"
  #include "smb2status.h"

  #include "smb2glob.h"

  #include "cifspdu.h"

  #include "cifs_spnego.h"

  #include "smbdirect.h"

  #include "trace.h"

  
  /*
   *  The following table defines the expected "StructureSize" of SMB2 requests
   *  in order by SMB2 command.  This is similar to "wct" in SMB/CIFS requests.
   *
   *  Note that commands are defined in smb2pdu.h in le16 but the array below is
   *  indexed by command in host byte order.
   */
  static const int smb2_req_struct_sizes[NUMBER_OF_SMB2_COMMANDS] = {
  	/* SMB2_NEGOTIATE */ 36,
  	/* SMB2_SESSION_SETUP */ 25,
  	/* SMB2_LOGOFF */ 4,
  	/* SMB2_TREE_CONNECT */	9,
  	/* SMB2_TREE_DISCONNECT */ 4,
  	/* SMB2_CREATE */ 57,
  	/* SMB2_CLOSE */ 24,
  	/* SMB2_FLUSH */ 24,
  	/* SMB2_READ */	49,
  	/* SMB2_WRITE */ 49,
  	/* SMB2_LOCK */	48,
  	/* SMB2_IOCTL */ 57,
  	/* SMB2_CANCEL */ 4,
  	/* SMB2_ECHO */ 4,
  	/* SMB2_QUERY_DIRECTORY */ 33,
  	/* SMB2_CHANGE_NOTIFY */ 32,
  	/* SMB2_QUERY_INFO */ 41,
  	/* SMB2_SET_INFO */ 33,
  	/* SMB2_OPLOCK_BREAK */ 24 /* BB this is 36 for LEASE_BREAK variant */
  };

  int smb3_encryption_required(const struct cifs_tcon *tcon)

  {

  	if (!tcon)
  		return 0;

  	if ((tcon->ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) ||
  	    (tcon->share_flags & SHI1005_FLAGS_ENCRYPT_DATA))
  		return 1;

  	if (tcon->seal &&
  	    (tcon->ses->server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION))
  		return 1;

  	return 0;
  }

  
  static void

  smb2_hdr_assemble(struct smb2_sync_hdr *shdr, __le16 smb2_cmd,

  		  const struct cifs_tcon *tcon)
  {

  	shdr->ProtocolId = SMB2_PROTO_NUMBER;
  	shdr->StructureSize = cpu_to_le16(64);
  	shdr->Command = smb2_cmd;

  	if (tcon && tcon->ses && tcon->ses->server) {
  		struct TCP_Server_Info *server = tcon->ses->server;
  
  		spin_lock(&server->req_lock);
  		/* Request up to 2 credits but don't go over the limit. */

  		if (server->credits >= server->max_credits)

  			shdr->CreditRequest = cpu_to_le16(0);

  		else

  			shdr->CreditRequest = cpu_to_le16(

  				min_t(int, server->max_credits -

  						server->credits, 2));
  		spin_unlock(&server->req_lock);
  	} else {

  		shdr->CreditRequest = cpu_to_le16(2);

  	}

  	shdr->ProcessId = cpu_to_le32((__u16)current->tgid);

  
  	if (!tcon)
  		goto out;

  	/* GLOBAL_CAP_LARGE_MTU will only be set if dialect > SMB2.02 */
  	/* See sections 2.2.4 and 3.2.4.1.5 of MS-SMB2 */

  	if ((tcon->ses) && (tcon->ses->server) &&

  	    (tcon->ses->server->capabilities & SMB2_GLOBAL_CAP_LARGE_MTU))

  		shdr->CreditCharge = cpu_to_le16(1);

  	/* else CreditCharge MBZ */

  	shdr->TreeId = tcon->tid;

  	/* Uid is not converted */
  	if (tcon->ses)

  		shdr->SessionId = tcon->ses->Suid;

  
  	/*
  	 * If we would set SMB2_FLAGS_DFS_OPERATIONS on open we also would have
  	 * to pass the path on the Open SMB prefixed by \\server\share.
  	 * Not sure when we would need to do the augmented path (if ever) and
  	 * setting this flag breaks the SMB2 open operation since it is
  	 * illegal to send an empty path name (without \\server\share prefix)
  	 * when the DFS flag is set in the SMB open header. We could
  	 * consider setting the flag on all operations other than open
  	 * but it is safer to net set it for now.
  	 */
  /*	if (tcon->share_flags & SHI1005_FLAGS_DFS)

  		shdr->Flags |= SMB2_FLAGS_DFS_OPERATIONS; */

  	if (tcon->ses && tcon->ses->server && tcon->ses->server->sign &&

  	    !smb3_encryption_required(tcon))

  		shdr->Flags |= SMB2_FLAGS_SIGNED;

  out:

  	return;
  }
  
  static int
  smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon)
  {

  	int rc;

  	struct nls_table *nls_codepage;
  	struct cifs_ses *ses;
  	struct TCP_Server_Info *server;
  
  	/*
  	 * SMB2s NegProt, SessSetup, Logoff do not have tcon yet so
  	 * check for tcp and smb session status done differently
  	 * for those three - in the calling routine.
  	 */
  	if (tcon == NULL)

  		return 0;

  
  	if (smb2_command == SMB2_TREE_CONNECT)

  		return 0;

  
  	if (tcon->tidStatus == CifsExiting) {
  		/*
  		 * only tree disconnect, open, and write,
  		 * (and ulogoff which does not have tcon)
  		 * are allowed as we start force umount.
  		 */
  		if ((smb2_command != SMB2_WRITE) &&
  		   (smb2_command != SMB2_CREATE) &&
  		   (smb2_command != SMB2_TREE_DISCONNECT)) {

  			cifs_dbg(FYI, "can not send cmd %d while umounting
  ",
  				 smb2_command);

  			return -ENODEV;
  		}
  	}
  	if ((!tcon->ses) || (tcon->ses->status == CifsExiting) ||
  	    (!tcon->ses->server))
  		return -EIO;
  
  	ses = tcon->ses;
  	server = ses->server;
  
  	/*
  	 * Give demultiplex thread up to 10 seconds to reconnect, should be
  	 * greater than cifs socket timeout which is 7 seconds
  	 */
  	while (server->tcpStatus == CifsNeedReconnect) {
  		/*
  		 * Return to caller for TREE_DISCONNECT and LOGOFF and CLOSE
  		 * here since they are implicitly done when session drops.
  		 */
  		switch (smb2_command) {
  		/*
  		 * BB Should we keep oplock break and add flush to exceptions?
  		 */
  		case SMB2_TREE_DISCONNECT:
  		case SMB2_CANCEL:
  		case SMB2_CLOSE:
  		case SMB2_OPLOCK_BREAK:
  			return -EAGAIN;
  		}

  		rc = wait_event_interruptible_timeout(server->response_q,
  						      (server->tcpStatus != CifsNeedReconnect),
  						      10 * HZ);
  		if (rc < 0) {
  			cifs_dbg(FYI, "%s: aborting reconnect due to a received"
  				 " signal by the process
  ", __func__);
  			return -ERESTARTSYS;
  		}

  
  		/* are we still trying to reconnect? */
  		if (server->tcpStatus != CifsNeedReconnect)
  			break;
  
  		/*
  		 * on "soft" mounts we wait once. Hard mounts keep
  		 * retrying until process is killed or server comes
  		 * back on-line
  		 */
  		if (!tcon->retry) {

  			cifs_dbg(FYI, "gave up waiting on reconnect in smb_init
  ");

  			return -EHOSTDOWN;
  		}
  	}
  
  	if (!tcon->ses->need_reconnect && !tcon->need_reconnect)

  		return 0;

  
  	nls_codepage = load_nls_default();
  
  	/*
  	 * need to prevent multiple threads trying to simultaneously reconnect
  	 * the same SMB session
  	 */
  	mutex_lock(&tcon->ses->session_mutex);

  
  	/*
  	 * Recheck after acquire mutex. If another thread is negotiating
  	 * and the server never sends an answer the socket will be closed
  	 * and tcpStatus set to reconnect.
  	 */
  	if (server->tcpStatus == CifsNeedReconnect) {
  		rc = -EHOSTDOWN;
  		mutex_unlock(&tcon->ses->session_mutex);
  		goto out;
  	}

  	rc = cifs_negotiate_protocol(0, tcon->ses);
  	if (!rc && tcon->ses->need_reconnect)
  		rc = cifs_setup_session(0, tcon->ses, nls_codepage);
  
  	if (rc || !tcon->need_reconnect) {
  		mutex_unlock(&tcon->ses->session_mutex);
  		goto out;
  	}
  
  	cifs_mark_open_files_invalid(tcon);

  	if (tcon->use_persistent)
  		tcon->need_reopen_files = true;

  	rc = SMB2_tcon(0, tcon->ses, tcon->treeName, tcon, nls_codepage);
  	mutex_unlock(&tcon->ses->session_mutex);

  	cifs_dbg(FYI, "reconnect tcon rc = %d
  ", rc);

  	if (rc) {
  		/* If sess reconnected but tcon didn't, something strange ... */
  		printk_once(KERN_WARNING "reconnect tcon failed rc = %d
  ", rc);

  		goto out;

  	}

  
  	if (smb2_command != SMB2_INTERNAL_CMD)
  		queue_delayed_work(cifsiod_wq, &server->reconnect, 0);

  	atomic_inc(&tconInfoReconnectCount);

  out:
  	/*
  	 * Check if handle based operation so we know whether we can continue
  	 * or not without returning to caller to reset file handle.
  	 */
  	/*
  	 * BB Is flush done by server on drop of tcp session? Should we special
  	 * case it and skip above?
  	 */
  	switch (smb2_command) {
  	case SMB2_FLUSH:
  	case SMB2_READ:
  	case SMB2_WRITE:
  	case SMB2_LOCK:
  	case SMB2_IOCTL:
  	case SMB2_QUERY_DIRECTORY:
  	case SMB2_CHANGE_NOTIFY:
  	case SMB2_QUERY_INFO:
  	case SMB2_SET_INFO:

  		rc = -EAGAIN;

  	}
  	unload_nls(nls_codepage);

  	return rc;
  }

  static void
  fill_small_buf(__le16 smb2_command, struct cifs_tcon *tcon, void *buf,
  	       unsigned int *total_len)
  {
  	struct smb2_sync_pdu *spdu = (struct smb2_sync_pdu *)buf;
  	/* lookup word count ie StructureSize from table */
  	__u16 parmsize = smb2_req_struct_sizes[le16_to_cpu(smb2_command)];
  
  	/*
  	 * smaller than SMALL_BUFFER_SIZE but bigger than fixed area of
  	 * largest operations (Create)
  	 */
  	memset(buf, 0, 256);
  
  	smb2_hdr_assemble(&spdu->sync_hdr, smb2_command, tcon);
  	spdu->StructureSize2 = cpu_to_le16(parmsize);
  
  	*total_len = parmsize + sizeof(struct smb2_sync_hdr);
  }

  /*
   * Allocate and return pointer to an SMB request hdr, and set basic
   * SMB information in the SMB header. If the return code is zero, this

   * function must have filled in request_buf pointer.

   */
  static int

  smb2_plain_req_init(__le16 smb2_command, struct cifs_tcon *tcon,
  		    void **request_buf, unsigned int *total_len)

  {

  	int rc;

  
  	rc = smb2_reconnect(smb2_command, tcon);
  	if (rc)
  		return rc;
  
  	/* BB eventually switch this to SMB2 specific small buf size */

  	if (smb2_command == SMB2_SET_INFO)
  		*request_buf = cifs_buf_get();
  	else
  		*request_buf = cifs_small_buf_get();

  	if (*request_buf == NULL) {
  		/* BB should we add a retry in here if not a writepage? */
  		return -ENOMEM;
  	}

  	fill_small_buf(smb2_command, tcon,
  		       (struct smb2_sync_hdr *)(*request_buf),
  		       total_len);

  
  	if (tcon != NULL) {

  		uint16_t com_code = le16_to_cpu(smb2_command);
  		cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_sent[com_code]);

  		cifs_stats_inc(&tcon->num_smbs_sent);
  	}
  
  	return rc;
  }

  /* offset is sizeof smb2_negotiate_req but rounded up to 8 bytes */
  #define OFFSET_OF_NEG_CONTEXT 0x68  /* sizeof(struct smb2_negotiate_req) */

  
  
  #define SMB2_PREAUTH_INTEGRITY_CAPABILITIES	cpu_to_le16(1)
  #define SMB2_ENCRYPTION_CAPABILITIES		cpu_to_le16(2)

  #define SMB2_POSIX_EXTENSIONS_AVAILABLE		cpu_to_le16(0x100)

  
  static void
  build_preauth_ctxt(struct smb2_preauth_neg_context *pneg_ctxt)
  {
  	pneg_ctxt->ContextType = SMB2_PREAUTH_INTEGRITY_CAPABILITIES;
  	pneg_ctxt->DataLength = cpu_to_le16(38);
  	pneg_ctxt->HashAlgorithmCount = cpu_to_le16(1);
  	pneg_ctxt->SaltLength = cpu_to_le16(SMB311_SALT_SIZE);
  	get_random_bytes(pneg_ctxt->Salt, SMB311_SALT_SIZE);
  	pneg_ctxt->HashAlgorithms = SMB2_PREAUTH_INTEGRITY_SHA512;
  }
  
  static void
  build_encrypt_ctxt(struct smb2_encryption_neg_context *pneg_ctxt)
  {
  	pneg_ctxt->ContextType = SMB2_ENCRYPTION_CAPABILITIES;

  	pneg_ctxt->DataLength = cpu_to_le16(4); /* Cipher Count + le16 cipher */
  	pneg_ctxt->CipherCount = cpu_to_le16(1);
  /* pneg_ctxt->Ciphers[0] = SMB2_ENCRYPTION_AES128_GCM;*/ /* not supported yet */
  	pneg_ctxt->Ciphers[0] = SMB2_ENCRYPTION_AES128_CCM;

  }
  
  static void

  build_posix_ctxt(struct smb2_posix_neg_context *pneg_ctxt)
  {
  	pneg_ctxt->ContextType = SMB2_POSIX_EXTENSIONS_AVAILABLE;
  	pneg_ctxt->DataLength = cpu_to_le16(POSIX_CTXT_DATA_LEN);
  }
  
  static void

  assemble_neg_contexts(struct smb2_negotiate_req *req,
  		      unsigned int *total_len)

  {

  	char *pneg_ctxt = (char *)req + OFFSET_OF_NEG_CONTEXT;

  	unsigned int ctxt_len;

  	*total_len += 2; /* Add 2 due to round to 8 byte boundary for 1st ctxt */

  	build_preauth_ctxt((struct smb2_preauth_neg_context *)pneg_ctxt);

  	ctxt_len = DIV_ROUND_UP(sizeof(struct smb2_preauth_neg_context), 8) * 8;
  	*total_len += ctxt_len;
  	pneg_ctxt += ctxt_len;

  	build_encrypt_ctxt((struct smb2_encryption_neg_context *)pneg_ctxt);

  	ctxt_len = DIV_ROUND_UP(sizeof(struct smb2_encryption_neg_context), 8) * 8;
  	*total_len += ctxt_len;
  	pneg_ctxt += ctxt_len;
  
  	build_posix_ctxt((struct smb2_posix_neg_context *)pneg_ctxt);
  	*total_len += sizeof(struct smb2_posix_neg_context);

  	req->NegotiateContextOffset = cpu_to_le32(OFFSET_OF_NEG_CONTEXT);
  	req->NegotiateContextCount = cpu_to_le16(3);

  }

  
  static void decode_preauth_context(struct smb2_preauth_neg_context *ctxt)
  {
  	unsigned int len = le16_to_cpu(ctxt->DataLength);
  
  	/* If invalid preauth context warn but use what we requested, SHA-512 */
  	if (len < MIN_PREAUTH_CTXT_DATA_LEN) {
  		printk_once(KERN_WARNING "server sent bad preauth context
  ");
  		return;
  	}
  	if (le16_to_cpu(ctxt->HashAlgorithmCount) != 1)
  		printk_once(KERN_WARNING "illegal SMB3 hash algorithm count
  ");
  	if (ctxt->HashAlgorithms != SMB2_PREAUTH_INTEGRITY_SHA512)
  		printk_once(KERN_WARNING "unknown SMB3 hash algorithm
  ");
  }
  
  static int decode_encrypt_ctx(struct TCP_Server_Info *server,
  			      struct smb2_encryption_neg_context *ctxt)
  {
  	unsigned int len = le16_to_cpu(ctxt->DataLength);
  
  	cifs_dbg(FYI, "decode SMB3.11 encryption neg context of len %d
  ", len);
  	if (len < MIN_ENCRYPT_CTXT_DATA_LEN) {
  		printk_once(KERN_WARNING "server sent bad crypto ctxt len
  ");
  		return -EINVAL;
  	}
  
  	if (le16_to_cpu(ctxt->CipherCount) != 1) {
  		printk_once(KERN_WARNING "illegal SMB3.11 cipher count
  ");
  		return -EINVAL;
  	}
  	cifs_dbg(FYI, "SMB311 cipher type:%d
  ", le16_to_cpu(ctxt->Ciphers[0]));
  	if ((ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES128_CCM) &&
  	    (ctxt->Ciphers[0] != SMB2_ENCRYPTION_AES128_GCM)) {
  		printk_once(KERN_WARNING "invalid SMB3.11 cipher returned
  ");
  		return -EINVAL;
  	}
  	server->cipher_type = ctxt->Ciphers[0];

  	server->capabilities |= SMB2_GLOBAL_CAP_ENCRYPTION;

  	return 0;
  }
  
  static int smb311_decode_neg_context(struct smb2_negotiate_rsp *rsp,

  				     struct TCP_Server_Info *server,
  				     unsigned int len_of_smb)

  {
  	struct smb2_neg_context *pctx;
  	unsigned int offset = le32_to_cpu(rsp->NegotiateContextOffset);
  	unsigned int ctxt_cnt = le16_to_cpu(rsp->NegotiateContextCount);

  	unsigned int len_of_ctxts, i;
  	int rc = 0;
  
  	cifs_dbg(FYI, "decoding %d negotiate contexts
  ", ctxt_cnt);
  	if (len_of_smb <= offset) {
  		cifs_dbg(VFS, "Invalid response: negotiate context offset
  ");
  		return -EINVAL;
  	}
  
  	len_of_ctxts = len_of_smb - offset;
  
  	for (i = 0; i < ctxt_cnt; i++) {
  		int clen;
  		/* check that offset is not beyond end of SMB */
  		if (len_of_ctxts == 0)
  			break;
  
  		if (len_of_ctxts < sizeof(struct smb2_neg_context))
  			break;

  		pctx = (struct smb2_neg_context *)(offset + (char *)rsp);

  		clen = le16_to_cpu(pctx->DataLength);
  		if (clen > len_of_ctxts)
  			break;
  
  		if (pctx->ContextType == SMB2_PREAUTH_INTEGRITY_CAPABILITIES)
  			decode_preauth_context(
  				(struct smb2_preauth_neg_context *)pctx);
  		else if (pctx->ContextType == SMB2_ENCRYPTION_CAPABILITIES)
  			rc = decode_encrypt_ctx(server,
  				(struct smb2_encryption_neg_context *)pctx);

  		else if (pctx->ContextType == SMB2_POSIX_EXTENSIONS_AVAILABLE)
  			server->posix_ext_supported = true;

  		else
  			cifs_dbg(VFS, "unknown negcontext of type %d ignored
  ",
  				le16_to_cpu(pctx->ContextType));
  
  		if (rc)
  			break;
  		/* offsets must be 8 byte aligned */
  		clen = (clen + 7) & ~0x7;
  		offset += clen + sizeof(struct smb2_neg_context);
  		len_of_ctxts -= clen;
  	}
  	return rc;
  }

  static struct create_posix *
  create_posix_buf(umode_t mode)
  {
  	struct create_posix *buf;
  
  	buf = kzalloc(sizeof(struct create_posix),
  			GFP_KERNEL);
  	if (!buf)
  		return NULL;
  
  	buf->ccontext.DataOffset =
  		cpu_to_le16(offsetof(struct create_posix, Mode));
  	buf->ccontext.DataLength = cpu_to_le32(4);
  	buf->ccontext.NameOffset =
  		cpu_to_le16(offsetof(struct create_posix, Name));
  	buf->ccontext.NameLength = cpu_to_le16(16);
  
  	/* SMB2_CREATE_TAG_POSIX is "0x93AD25509CB411E7B42383DE968BCD7C" */
  	buf->Name[0] = 0x93;
  	buf->Name[1] = 0xAD;
  	buf->Name[2] = 0x25;
  	buf->Name[3] = 0x50;
  	buf->Name[4] = 0x9C;
  	buf->Name[5] = 0xB4;
  	buf->Name[6] = 0x11;
  	buf->Name[7] = 0xE7;
  	buf->Name[8] = 0xB4;
  	buf->Name[9] = 0x23;
  	buf->Name[10] = 0x83;
  	buf->Name[11] = 0xDE;
  	buf->Name[12] = 0x96;
  	buf->Name[13] = 0x8B;
  	buf->Name[14] = 0xCD;
  	buf->Name[15] = 0x7C;
  	buf->Mode = cpu_to_le32(mode);
  	cifs_dbg(FYI, "mode on posix create 0%o", mode);
  	return buf;
  }
  
  static int
  add_posix_context(struct kvec *iov, unsigned int *num_iovec, umode_t mode)
  {
  	struct smb2_create_req *req = iov[0].iov_base;
  	unsigned int num = *num_iovec;
  
  	iov[num].iov_base = create_posix_buf(mode);
  	if (iov[num].iov_base == NULL)
  		return -ENOMEM;
  	iov[num].iov_len = sizeof(struct create_posix);
  	if (!req->CreateContextsOffset)
  		req->CreateContextsOffset = cpu_to_le32(
  				sizeof(struct smb2_create_req) +
  				iov[num - 1].iov_len);
  	le32_add_cpu(&req->CreateContextsLength, sizeof(struct create_posix));
  	*num_iovec = num + 1;
  	return 0;
  }

  /*
   *
   *	SMB2 Worker functions follow:
   *
   *	The general structure of the worker functions is:
   *	1) Call smb2_init (assembles SMB2 header)
   *	2) Initialize SMB2 command specific fields in fixed length area of SMB
   *	3) Call smb_sendrcv2 (sends request on socket and waits for response)
   *	4) Decode SMB2 command specific fields in the fixed length area
   *	5) Decode variable length data area (if any for this SMB2 command type)
   *	6) Call free smb buffer
   *	7) return
   *
   */
  
  int
  SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses)
  {

  	struct smb_rqst rqst;

  	struct smb2_negotiate_req *req;
  	struct smb2_negotiate_rsp *rsp;
  	struct kvec iov[1];

  	struct kvec rsp_iov;

  	int rc = 0;
  	int resp_buftype;

  	struct TCP_Server_Info *server = ses->server;

  	int blob_offset, blob_length;
  	char *security_blob;
  	int flags = CIFS_NEG_OP;

  	unsigned int total_len;

  	cifs_dbg(FYI, "Negotiate protocol
  ");

  	if (!server) {
  		WARN(1, "%s: server is NULL!
  ", __func__);
  		return -EIO;

  	}

  	rc = smb2_plain_req_init(SMB2_NEGOTIATE, NULL, (void **) &req, &total_len);

  	if (rc)
  		return rc;

  	req->sync_hdr.SessionId = 0;

  	memset(server->preauth_sha_hash, 0, SMB2_PREAUTH_HASH_SIZE);
  	memset(ses->preauth_sha_hash, 0, SMB2_PREAUTH_HASH_SIZE);

  	if (strcmp(ses->server->vals->version_string,
  		   SMB3ANY_VERSION_STRING) == 0) {
  		req->Dialects[0] = cpu_to_le16(SMB30_PROT_ID);
  		req->Dialects[1] = cpu_to_le16(SMB302_PROT_ID);
  		req->DialectCount = cpu_to_le16(2);

  		total_len += 4;

  	} else if (strcmp(ses->server->vals->version_string,
  		   SMBDEFAULT_VERSION_STRING) == 0) {
  		req->Dialects[0] = cpu_to_le16(SMB21_PROT_ID);
  		req->Dialects[1] = cpu_to_le16(SMB30_PROT_ID);
  		req->Dialects[2] = cpu_to_le16(SMB302_PROT_ID);
  		req->DialectCount = cpu_to_le16(3);

  		total_len += 6;

  	} else {
  		/* otherwise send specific dialect */
  		req->Dialects[0] = cpu_to_le16(ses->server->vals->protocol_id);
  		req->DialectCount = cpu_to_le16(1);

  		total_len += 2;

  	}

  
  	/* only one of SMB2 signing flags may be set in SMB2 request */

  	if (ses->sign)

  		req->SecurityMode = cpu_to_le16(SMB2_NEGOTIATE_SIGNING_REQUIRED);

  	else if (global_secflags & CIFSSEC_MAY_SIGN)

  		req->SecurityMode = cpu_to_le16(SMB2_NEGOTIATE_SIGNING_ENABLED);

  	else
  		req->SecurityMode = 0;

  	req->Capabilities = cpu_to_le32(ses->server->vals->req_capabilities);

  	/* ClientGUID must be zero for SMB2.02 dialect */
  	if (ses->server->vals->protocol_id == SMB20_PROT_ID)
  		memset(req->ClientGUID, 0, SMB2_CLIENT_GUID_SIZE);

  	else {

  		memcpy(req->ClientGUID, server->client_guid,
  			SMB2_CLIENT_GUID_SIZE);

  		if (ses->server->vals->protocol_id == SMB311_PROT_ID)

  			assemble_neg_contexts(req, &total_len);

  	}

  	iov[0].iov_base = (char *)req;

  	iov[0].iov_len = total_len;

  	memset(&rqst, 0, sizeof(struct smb_rqst));
  	rqst.rq_iov = iov;
  	rqst.rq_nvec = 1;
  
  	rc = cifs_send_recv(xid, ses, &rqst, &resp_buftype, flags, &rsp_iov);

  	cifs_small_buf_release(req);
  	rsp = (struct smb2_negotiate_rsp *)rsp_iov.iov_base;

  	/*
  	 * No tcon so can't do
  	 * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]);
  	 */

  	if (rc == -EOPNOTSUPP) {
  		cifs_dbg(VFS, "Dialect not supported by server. Consider "

  			"specifying vers=1.0 or vers=2.0 on mount for accessing"

  			" older servers
  ");
  		goto neg_exit;
  	} else if (rc != 0)

  		goto neg_exit;

  	if (strcmp(ses->server->vals->version_string,
  		   SMB3ANY_VERSION_STRING) == 0) {
  		if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) {
  			cifs_dbg(VFS,
  				"SMB2 dialect returned but not requested
  ");
  			return -EIO;
  		} else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) {
  			cifs_dbg(VFS,
  				"SMB2.1 dialect returned but not requested
  ");
  			return -EIO;
  		}
  	} else if (strcmp(ses->server->vals->version_string,
  		   SMBDEFAULT_VERSION_STRING) == 0) {
  		if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) {
  			cifs_dbg(VFS,
  				"SMB2 dialect returned but not requested
  ");
  			return -EIO;
  		} else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) {
  			/* ops set to 3.0 by default for default so update */
  			ses->server->ops = &smb21_operations;
  		}

  	} else if (le16_to_cpu(rsp->DialectRevision) !=
  				ses->server->vals->protocol_id) {

  		/* if requested single dialect ensure returned dialect matched */
  		cifs_dbg(VFS, "Illegal 0x%x dialect returned: not requested
  ",

  			le16_to_cpu(rsp->DialectRevision));

  		return -EIO;
  	}

  	cifs_dbg(FYI, "mode 0x%x
  ", rsp->SecurityMode);

  	if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID))

  		cifs_dbg(FYI, "negotiated smb2.0 dialect
  ");

  	else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID))

  		cifs_dbg(FYI, "negotiated smb2.1 dialect
  ");

  	else if (rsp->DialectRevision == cpu_to_le16(SMB30_PROT_ID))

  		cifs_dbg(FYI, "negotiated smb3.0 dialect
  ");

  	else if (rsp->DialectRevision == cpu_to_le16(SMB302_PROT_ID))
  		cifs_dbg(FYI, "negotiated smb3.02 dialect
  ");

  	else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID))
  		cifs_dbg(FYI, "negotiated smb3.1.1 dialect
  ");

  	else {

  		cifs_dbg(VFS, "Illegal dialect returned by server 0x%x
  ",

  			 le16_to_cpu(rsp->DialectRevision));

  		rc = -EIO;
  		goto neg_exit;
  	}
  	server->dialect = le16_to_cpu(rsp->DialectRevision);

  	/*
  	 * Keep a copy of the hash after negprot. This hash will be
  	 * the starting hash value for all sessions made from this
  	 * server.
  	 */
  	memcpy(server->preauth_sha_hash, ses->preauth_sha_hash,
  	       SMB2_PREAUTH_HASH_SIZE);

  	/* SMB2 only has an extended negflavor */
  	server->negflavor = CIFS_NEGFLAVOR_EXTENDED;

  	/* set it to the maximum buffer size value we can send with 1 credit */
  	server->maxBuf = min_t(unsigned int, le32_to_cpu(rsp->MaxTransactSize),
  			       SMB2_MAX_BUFFER_SIZE);

  	server->max_read = le32_to_cpu(rsp->MaxReadSize);
  	server->max_write = le32_to_cpu(rsp->MaxWriteSize);

  	server->sec_mode = le16_to_cpu(rsp->SecurityMode);

  	if ((server->sec_mode & SMB2_SEC_MODE_FLAGS_ALL) != server->sec_mode)
  		cifs_dbg(FYI, "Server returned unexpected security mode 0x%x
  ",
  				server->sec_mode);

  	server->capabilities = le32_to_cpu(rsp->Capabilities);

  	/* Internal types */
  	server->capabilities |= SMB2_NT_FIND | SMB2_LARGE_FILES;

  
  	security_blob = smb2_get_data_area_len(&blob_offset, &blob_length,

  					       (struct smb2_sync_hdr *)rsp);

  	/*
  	 * See MS-SMB2 section 2.2.4: if no blob, client picks default which
  	 * for us will be
  	 *	ses->sectype = RawNTLMSSP;
  	 * but for time being this is our only auth choice so doesn't matter.
  	 * We just found a server which sets blob length to zero expecting raw.
  	 */

  	if (blob_length == 0) {

  		cifs_dbg(FYI, "missing security blob on negprot
  ");

  		server->sec_ntlmssp = true;
  	}

  	rc = cifs_enable_signing(server, ses->sign);

  	if (rc)
  		goto neg_exit;

  	if (blob_length) {

  		rc = decode_negTokenInit(security_blob, blob_length, server);

  		if (rc == 1)
  			rc = 0;
  		else if (rc == 0)
  			rc = -EIO;

  	}

  	if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) {
  		if (rsp->NegotiateContextCount)

  			rc = smb311_decode_neg_context(rsp, server,
  						       rsp_iov.iov_len);

  		else
  			cifs_dbg(VFS, "Missing expected negotiate contexts
  ");
  	}

  neg_exit:
  	free_rsp_buf(resp_buftype, rsp);
  	return rc;
  }

  int smb3_validate_negotiate(const unsigned int xid, struct cifs_tcon *tcon)
  {

  	int rc;
  	struct validate_negotiate_info_req *pneg_inbuf;

  	struct validate_negotiate_info_rsp *pneg_rsp = NULL;

  	u32 rsplen;

  	u32 inbuflen; /* max of 4 dialects */

  
  	cifs_dbg(FYI, "validate negotiate
  ");

  	/* In SMB3.11 preauth integrity supersedes validate negotiate */
  	if (tcon->ses->server->dialect == SMB311_PROT_ID)
  		return 0;

  	/*
  	 * validation ioctl must be signed, so no point sending this if we

  	 * can not sign it (ie are not known user).  Even if signing is not
  	 * required (enabled but not negotiated), in those cases we selectively

  	 * sign just this, the first and only signed request on a connection.

  	 * Having validation of negotiate info  helps reduce attack vectors.

  	 */

  	if (tcon->ses->session_flags & SMB2_SESSION_FLAG_IS_GUEST)

  		return 0; /* validation requires signing */

  	if (tcon->ses->user_name == NULL) {
  		cifs_dbg(FYI, "Can't validate negotiate: null user mount
  ");
  		return 0; /* validation requires signing */
  	}
  
  	if (tcon->ses->session_flags & SMB2_SESSION_FLAG_IS_NULL)
  		cifs_dbg(VFS, "Unexpected null user (anonymous) auth flag sent by server
  ");

  	pneg_inbuf = kmalloc(sizeof(*pneg_inbuf), GFP_NOFS);
  	if (!pneg_inbuf)
  		return -ENOMEM;
  
  	pneg_inbuf->Capabilities =

  			cpu_to_le32(tcon->ses->server->vals->req_capabilities);

  	memcpy(pneg_inbuf->Guid, tcon->ses->server->client_guid,

  					SMB2_CLIENT_GUID_SIZE);

  
  	if (tcon->ses->sign)

  		pneg_inbuf->SecurityMode =

  			cpu_to_le16(SMB2_NEGOTIATE_SIGNING_REQUIRED);
  	else if (global_secflags & CIFSSEC_MAY_SIGN)

  		pneg_inbuf->SecurityMode =

  			cpu_to_le16(SMB2_NEGOTIATE_SIGNING_ENABLED);
  	else

  		pneg_inbuf->SecurityMode = 0;

  
  	if (strcmp(tcon->ses->server->vals->version_string,
  		SMB3ANY_VERSION_STRING) == 0) {

  		pneg_inbuf->Dialects[0] = cpu_to_le16(SMB30_PROT_ID);
  		pneg_inbuf->Dialects[1] = cpu_to_le16(SMB302_PROT_ID);
  		pneg_inbuf->DialectCount = cpu_to_le16(2);

  		/* structure is big enough for 3 dialects, sending only 2 */

  		inbuflen = sizeof(*pneg_inbuf) -
  				sizeof(pneg_inbuf->Dialects[0]);

  	} else if (strcmp(tcon->ses->server->vals->version_string,
  		SMBDEFAULT_VERSION_STRING) == 0) {

  		pneg_inbuf->Dialects[0] = cpu_to_le16(SMB21_PROT_ID);
  		pneg_inbuf->Dialects[1] = cpu_to_le16(SMB30_PROT_ID);
  		pneg_inbuf->Dialects[2] = cpu_to_le16(SMB302_PROT_ID);
  		pneg_inbuf->DialectCount = cpu_to_le16(3);

  		/* structure is big enough for 3 dialects */

  		inbuflen = sizeof(*pneg_inbuf);

  	} else {
  		/* otherwise specific dialect was requested */

  		pneg_inbuf->Dialects[0] =

  			cpu_to_le16(tcon->ses->server->vals->protocol_id);

  		pneg_inbuf->DialectCount = cpu_to_le16(1);

  		/* structure is big enough for 3 dialects, sending only 1 */

  		inbuflen = sizeof(*pneg_inbuf) -
  				sizeof(pneg_inbuf->Dialects[0]) * 2;

  	}

  
  	rc = SMB2_ioctl(xid, tcon, NO_FILE_ID, NO_FILE_ID,
  		FSCTL_VALIDATE_NEGOTIATE_INFO, true /* is_fsctl */,

  		(char *)pneg_inbuf, inbuflen, (char **)&pneg_rsp, &rsplen);

  	if (rc == -EOPNOTSUPP) {
  		/*
  		 * Old Windows versions or Netapp SMB server can return
  		 * not supported error. Client should accept it.
  		 */
  		cifs_dbg(VFS, "Server does not support validate negotiate
  ");
  		return 0;
  	} else if (rc != 0) {

  		cifs_dbg(VFS, "validate protocol negotiate failed: %d
  ", rc);

  		rc = -EIO;
  		goto out_free_inbuf;

  	}

  	rc = -EIO;
  	if (rsplen != sizeof(*pneg_rsp)) {

  		cifs_dbg(VFS, "invalid protocol negotiate response size: %d
  ",
  			 rsplen);
  
  		/* relax check since Mac returns max bufsize allowed on ioctl */

  		if (rsplen > CIFSMaxBufSize || rsplen < sizeof(*pneg_rsp))
  			goto out_free_rsp;

  	}
  
  	/* check validate negotiate info response matches what we got earlier */

  	if (pneg_rsp->Dialect != cpu_to_le16(tcon->ses->server->dialect))

  		goto vneg_out;
  
  	if (pneg_rsp->SecurityMode != cpu_to_le16(tcon->ses->server->sec_mode))
  		goto vneg_out;
  
  	/* do not validate server guid because not saved at negprot time yet */
  
  	if ((le32_to_cpu(pneg_rsp->Capabilities) | SMB2_NT_FIND |
  	      SMB2_LARGE_FILES) != tcon->ses->server->capabilities)
  		goto vneg_out;
  
  	/* validate negotiate successful */

  	rc = 0;

  	cifs_dbg(FYI, "validate negotiate info successful
  ");

  	goto out_free_rsp;

  
  vneg_out:
  	cifs_dbg(VFS, "protocol revalidation - security settings mismatch
  ");

  out_free_rsp:

  	kfree(pneg_rsp);

  out_free_inbuf:
  	kfree(pneg_inbuf);
  	return rc;

  }

  enum securityEnum
  smb2_select_sectype(struct TCP_Server_Info *server, enum securityEnum requested)
  {
  	switch (requested) {
  	case Kerberos:
  	case RawNTLMSSP:
  		return requested;
  	case NTLMv2:
  		return RawNTLMSSP;
  	case Unspecified:
  		if (server->sec_ntlmssp &&
  			(global_secflags & CIFSSEC_MAY_NTLMSSP))
  			return RawNTLMSSP;
  		if ((server->sec_kerberos || server->sec_mskerberos) &&
  			(global_secflags & CIFSSEC_MAY_KRB5))
  			return Kerberos;
  		/* Fallthrough */
  	default:
  		return Unspecified;
  	}
  }

  struct SMB2_sess_data {
  	unsigned int xid;
  	struct cifs_ses *ses;
  	struct nls_table *nls_cp;
  	void (*func)(struct SMB2_sess_data *);
  	int result;
  	u64 previous_session;
  
  	/* we will send the SMB in three pieces:
  	 * a fixed length beginning part, an optional
  	 * SPNEGO blob (which can be zero length), and a
  	 * last part which will include the strings
  	 * and rest of bcc area. This allows us to avoid
  	 * a large buffer 17K allocation
  	 */
  	int buf0_type;
  	struct kvec iov[2];
  };
  
  static int
  SMB2_sess_alloc_buffer(struct SMB2_sess_data *sess_data)
  {
  	int rc;
  	struct cifs_ses *ses = sess_data->ses;
  	struct smb2_sess_setup_req *req;
  	struct TCP_Server_Info *server = ses->server;

  	unsigned int total_len;

  	rc = smb2_plain_req_init(SMB2_SESSION_SETUP, NULL, (void **) &req,
  			     &total_len);

  	if (rc)
  		return rc;

  	/* First session, not a reauthenticate */

  	req->sync_hdr.SessionId = 0;

  
  	/* if reconnect, we need to send previous sess id, otherwise it is 0 */
  	req->PreviousSessionId = sess_data->previous_session;
  
  	req->Flags = 0; /* MBZ */

  
  	/* enough to enable echos and oplocks and one max size write */
  	req->sync_hdr.CreditRequest = cpu_to_le16(130);

  
  	/* only one of SMB2 signing flags may be set in SMB2 request */
  	if (server->sign)
  		req->SecurityMode = SMB2_NEGOTIATE_SIGNING_REQUIRED;
  	else if (global_secflags & CIFSSEC_MAY_SIGN) /* one flag unlike MUST_ */
  		req->SecurityMode = SMB2_NEGOTIATE_SIGNING_ENABLED;
  	else
  		req->SecurityMode = 0;
  
  	req->Capabilities = 0;
  	req->Channel = 0; /* MBZ */
  
  	sess_data->iov[0].iov_base = (char *)req;

  	/* 1 for pad */
  	sess_data->iov[0].iov_len = total_len - 1;

  	/*
  	 * This variable will be used to clear the buffer
  	 * allocated above in case of any error in the calling function.
  	 */
  	sess_data->buf0_type = CIFS_SMALL_BUFFER;
  
  	return 0;
  }
  
  static void
  SMB2_sess_free_buffer(struct SMB2_sess_data *sess_data)
  {
  	free_rsp_buf(sess_data->buf0_type, sess_data->iov[0].iov_base);
  	sess_data->buf0_type = CIFS_NO_BUFFER;
  }
  
  static int
  SMB2_sess_sendreceive(struct SMB2_sess_data *sess_data)
  {
  	int rc;

  	struct smb_rqst rqst;

  	struct smb2_sess_setup_req *req = sess_data->iov[0].iov_base;

  	struct kvec rsp_iov = { NULL, 0 };

  
  	/* Testing shows that buffer offset must be at location of Buffer[0] */
  	req->SecurityBufferOffset =

  		cpu_to_le16(sizeof(struct smb2_sess_setup_req) - 1 /* pad */);

  	req->SecurityBufferLength = cpu_to_le16(sess_data->iov[1].iov_len);

  	memset(&rqst, 0, sizeof(struct smb_rqst));
  	rqst.rq_iov = sess_data->iov;
  	rqst.rq_nvec = 2;

  	/* BB add code to build os and lm fields */
  	rc = cifs_send_recv(sess_data->xid, sess_data->ses,
  			    &rqst,

  			    &sess_data->buf0_type,
  			    CIFS_LOG_ERROR | CIFS_NEG_OP, &rsp_iov);

  	cifs_small_buf_release(sess_data->iov[0].iov_base);
  	memcpy(&sess_data->iov[0], &rsp_iov, sizeof(struct kvec));

  
  	return rc;
  }
  
  static int
  SMB2_sess_establish_session(struct SMB2_sess_data *sess_data)
  {
  	int rc = 0;
  	struct cifs_ses *ses = sess_data->ses;
  
  	mutex_lock(&ses->server->srv_mutex);

  	if (ses->server->ops->generate_signingkey) {

  		rc = ses->server->ops->generate_signingkey(ses);

  		if (rc) {
  			cifs_dbg(FYI,
  				"SMB3 session key generation failed
  ");
  			mutex_unlock(&ses->server->srv_mutex);

  			return rc;

  		}
  	}
  	if (!ses->server->session_estab) {
  		ses->server->sequence_number = 0x2;
  		ses->server->session_estab = true;
  	}
  	mutex_unlock(&ses->server->srv_mutex);
  
  	cifs_dbg(FYI, "SMB2/3 session established successfully
  ");
  	spin_lock(&GlobalMid_Lock);
  	ses->status = CifsGood;
  	ses->need_reconnect = false;
  	spin_unlock(&GlobalMid_Lock);

  	return rc;
  }
  
  #ifdef CONFIG_CIFS_UPCALL
  static void
  SMB2_auth_kerberos(struct SMB2_sess_data *sess_data)
  {
  	int rc;
  	struct cifs_ses *ses = sess_data->ses;
  	struct cifs_spnego_msg *msg;
  	struct key *spnego_key = NULL;
  	struct smb2_sess_setup_rsp *rsp = NULL;
  
  	rc = SMB2_sess_alloc_buffer(sess_data);
  	if (rc)
  		goto out;
  
  	spnego_key = cifs_get_spnego_key(ses);
  	if (IS_ERR(spnego_key)) {
  		rc = PTR_ERR(spnego_key);
  		spnego_key = NULL;
  		goto out;
  	}
  
  	msg = spnego_key->payload.data[0];
  	/*
  	 * check version field to make sure that cifs.upcall is
  	 * sending us a response in an expected form
  	 */
  	if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) {
  		cifs_dbg(VFS,
  			  "bad cifs.upcall version. Expected %d got %d",
  			  CIFS_SPNEGO_UPCALL_VERSION, msg->version);
  		rc = -EKEYREJECTED;
  		goto out_put_spnego_key;
  	}
  
  	ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len,
  					 GFP_KERNEL);
  	if (!ses->auth_key.response) {
  		cifs_dbg(VFS,
  			"Kerberos can't allocate (%u bytes) memory",
  			msg->sesskey_len);
  		rc = -ENOMEM;
  		goto out_put_spnego_key;
  	}
  	ses->auth_key.len = msg->sesskey_len;
  
  	sess_data->iov[1].iov_base = msg->data + msg->sesskey_len;
  	sess_data->iov[1].iov_len = msg->secblob_len;
  
  	rc = SMB2_sess_sendreceive(sess_data);
  	if (rc)
  		goto out_put_spnego_key;
  
  	rsp = (struct smb2_sess_setup_rsp *)sess_data->iov[0].iov_base;

  	ses->Suid = rsp->sync_hdr.SessionId;

  
  	ses->session_flags = le16_to_cpu(rsp->SessionFlags);

  
  	rc = SMB2_sess_establish_session(sess_data);
  out_put_spnego_key:
  	key_invalidate(spnego_key);
  	key_put(spnego_key);
  out:
  	sess_data->result = rc;
  	sess_data->func = NULL;
  	SMB2_sess_free_buffer(sess_data);
  }
  #else
  static void
  SMB2_auth_kerberos(struct SMB2_sess_data *sess_data)
  {
  	cifs_dbg(VFS, "Kerberos negotiated but upcall support disabled!
  ");
  	sess_data->result = -EOPNOTSUPP;
  	sess_data->func = NULL;
  }
  #endif

  static void
  SMB2_sess_auth_rawntlmssp_authenticate(struct SMB2_sess_data *sess_data);
  
  static void
  SMB2_sess_auth_rawntlmssp_negotiate(struct SMB2_sess_data *sess_data)

  {

  	int rc;
  	struct cifs_ses *ses = sess_data->ses;

  	struct smb2_sess_setup_rsp *rsp = NULL;

  	char *ntlmssp_blob = NULL;

  	bool use_spnego = false; /* else use raw ntlmssp */

  	u16 blob_length = 0;

  
  	/*

  	 * If memory allocation is successful, caller of this function
  	 * frees it.
  	 */
  	ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL);

  	if (!ses->ntlmssp) {
  		rc = -ENOMEM;
  		goto out_err;
  	}

  	ses->ntlmssp->sesskey_per_smbsess = true;

  	rc = SMB2_sess_alloc_buffer(sess_data);

  	if (rc)

  		goto out_err;

  	ntlmssp_blob = kmalloc(sizeof(struct _NEGOTIATE_MESSAGE),
  			       GFP_KERNEL);
  	if (ntlmssp_blob == NULL) {
  		rc = -ENOMEM;
  		goto out;
  	}

  	build_ntlmssp_negotiate_blob(ntlmssp_blob, ses);
  	if (use_spnego) {
  		/* BB eventually need to add this */
  		cifs_dbg(VFS, "spnego not supported for SMB2 yet
  ");
  		rc = -EOPNOTSUPP;
  		goto out;
  	} else {
  		blob_length = sizeof(struct _NEGOTIATE_MESSAGE);
  		/* with raw NTLMSSP we don't encapsulate in SPNEGO */
  	}
  	sess_data->iov[1].iov_base = ntlmssp_blob;
  	sess_data->iov[1].iov_len = blob_length;

  	rc = SMB2_sess_sendreceive(sess_data);
  	rsp = (struct smb2_sess_setup_rsp *)sess_data->iov[0].iov_base;

  	/* If true, rc here is expected and not an error */
  	if (sess_data->buf0_type != CIFS_NO_BUFFER &&

  		rsp->sync_hdr.Status == STATUS_MORE_PROCESSING_REQUIRED)

  		rc = 0;

  	if (rc)
  		goto out;

  	if (offsetof(struct smb2_sess_setup_rsp, Buffer) !=

  			le16_to_cpu(rsp->SecurityBufferOffset)) {
  		cifs_dbg(VFS, "Invalid security buffer offset %d
  ",
  			le16_to_cpu(rsp->SecurityBufferOffset));

  		rc = -EIO;

  		goto out;

  	}

  	rc = decode_ntlmssp_challenge(rsp->Buffer,
  			le16_to_cpu(rsp->SecurityBufferLength), ses);
  	if (rc)
  		goto out;

  	cifs_dbg(FYI, "rawntlmssp session setup challenge phase
  ");

  	ses->Suid = rsp->sync_hdr.SessionId;

  	ses->session_flags = le16_to_cpu(rsp->SessionFlags);

  
  out:
  	kfree(ntlmssp_blob);
  	SMB2_sess_free_buffer(sess_data);
  	if (!rc) {
  		sess_data->result = 0;
  		sess_data->func = SMB2_sess_auth_rawntlmssp_authenticate;
  		return;
  	}
  out_err:
  	kfree(ses->ntlmssp);
  	ses->ntlmssp = NULL;
  	sess_data->result = rc;
  	sess_data->func = NULL;
  }

  static void
  SMB2_sess_auth_rawntlmssp_authenticate(struct SMB2_sess_data *sess_data)
  {
  	int rc;
  	struct cifs_ses *ses = sess_data->ses;
  	struct smb2_sess_setup_req *req;
  	struct smb2_sess_setup_rsp *rsp = NULL;
  	unsigned char *ntlmssp_blob = NULL;
  	bool use_spnego = false; /* else use raw ntlmssp */
  	u16 blob_length = 0;

  	rc = SMB2_sess_alloc_buffer(sess_data);
  	if (rc)
  		goto out;

  	req = (struct smb2_sess_setup_req *) sess_data->iov[0].iov_base;

  	req->sync_hdr.SessionId = ses->Suid;

  
  	rc = build_ntlmssp_auth_blob(&ntlmssp_blob, &blob_length, ses,
  					sess_data->nls_cp);
  	if (rc) {
  		cifs_dbg(FYI, "build_ntlmssp_auth_blob failed %d
  ", rc);
  		goto out;

  	}

  	if (use_spnego) {
  		/* BB eventually need to add this */
  		cifs_dbg(VFS, "spnego not supported for SMB2 yet
  ");
  		rc = -EOPNOTSUPP;
  		goto out;
  	}
  	sess_data->iov[1].iov_base = ntlmssp_blob;
  	sess_data->iov[1].iov_len = blob_length;

  	rc = SMB2_sess_sendreceive(sess_data);
  	if (rc)
  		goto out;
  
  	rsp = (struct smb2_sess_setup_rsp *)sess_data->iov[0].iov_base;

  	ses->Suid = rsp->sync_hdr.SessionId;

  	ses->session_flags = le16_to_cpu(rsp->SessionFlags);

  	rc = SMB2_sess_establish_session(sess_data);
  out:
  	kfree(ntlmssp_blob);
  	SMB2_sess_free_buffer(sess_data);
  	kfree(ses->ntlmssp);
  	ses->ntlmssp = NULL;
  	sess_data->result = rc;
  	sess_data->func = NULL;
  }

  static int
  SMB2_select_sec(struct cifs_ses *ses, struct SMB2_sess_data *sess_data)
  {

  	int type;
  
  	type = smb2_select_sectype(ses->server, ses->sectype);
  	cifs_dbg(FYI, "sess setup type %d
  ", type);
  	if (type == Unspecified) {
  		cifs_dbg(VFS,
  			"Unable to select appropriate authentication method!");
  		return -EINVAL;
  	}

  	switch (type) {

  	case Kerberos:
  		sess_data->func = SMB2_auth_kerberos;
  		break;
  	case RawNTLMSSP:
  		sess_data->func = SMB2_sess_auth_rawntlmssp_negotiate;
  		break;
  	default:

  		cifs_dbg(VFS, "secType %d not supported!
  ", type);

  		return -EOPNOTSUPP;

  	}

  	return 0;
  }
  
  int
  SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses,
  		const struct nls_table *nls_cp)
  {
  	int rc = 0;
  	struct TCP_Server_Info *server = ses->server;
  	struct SMB2_sess_data *sess_data;
  
  	cifs_dbg(FYI, "Session Setup
  ");
  
  	if (!server) {
  		WARN(1, "%s: server is NULL!
  ", __func__);
  		return -EIO;

  	}

  	sess_data = kzalloc(sizeof(struct SMB2_sess_data), GFP_KERNEL);
  	if (!sess_data)
  		return -ENOMEM;
  
  	rc = SMB2_select_sec(ses, sess_data);
  	if (rc)
  		goto out;
  	sess_data->xid = xid;
  	sess_data->ses = ses;
  	sess_data->buf0_type = CIFS_NO_BUFFER;
  	sess_data->nls_cp = (struct nls_table *) nls_cp;

  	sess_data->previous_session = ses->Suid;

  	/*
  	 * Initialize the session hash with the server one.
  	 */
  	memcpy(ses->preauth_sha_hash, ses->server->preauth_sha_hash,
  	       SMB2_PREAUTH_HASH_SIZE);

  	while (sess_data->func)
  		sess_data->func(sess_data);

  	if ((ses->session_flags & SMB2_SESSION_FLAG_IS_GUEST) && (ses->sign))
  		cifs_dbg(VFS, "signing requested but authenticated as guest
  ");

  	rc = sess_data->result;

  out:

  	kfree(sess_data);
  	return rc;

  }
  
  int
  SMB2_logoff(const unsigned int xid, struct cifs_ses *ses)
  {

  	struct smb_rqst rqst;

  	struct smb2_logoff_req *req; /* response is also trivial struct */
  	int rc = 0;
  	struct TCP_Server_Info *server;

  	int flags = 0;

  	unsigned int total_len;
  	struct kvec iov[1];
  	struct kvec rsp_iov;
  	int resp_buf_type;

  	cifs_dbg(FYI, "disconnect session %p
  ", ses);

  
  	if (ses && (ses->server))
  		server = ses->server;
  	else
  		return -EIO;

  	/* no need to send SMB logoff if uid already closed due to reconnect */
  	if (ses->need_reconnect)
  		goto smb2_session_already_dead;

  	rc = smb2_plain_req_init(SMB2_LOGOFF, NULL, (void **) &req, &total_len);

  	if (rc)
  		return rc;
  
  	 /* since no tcon, smb2_init can not do this, so do here */

  	req->sync_hdr.SessionId = ses->Suid;

  
  	if (ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA)
  		flags |= CIFS_TRANSFORM_REQ;
  	else if (server->sign)

  		req->sync_hdr.Flags |= SMB2_FLAGS_SIGNED;
  
  	flags |= CIFS_NO_RESP;
  
  	iov[0].iov_base = (char *)req;
  	iov[0].iov_len = total_len;

  	memset(&rqst, 0, sizeof(struct smb_rqst));
  	rqst.rq_iov = iov;
  	rqst.rq_nvec = 1;
  
  	rc = cifs_send_recv(xid, ses, &rqst, &resp_buf_type, flags, &rsp_iov);

  	cifs_small_buf_release(req);

  	/*
  	 * No tcon so can't do
  	 * cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_fail[SMB2...]);
  	 */

  
  smb2_session_already_dead:

  	return rc;
  }

  
  static inline void cifs_stats_fail_inc(struct cifs_tcon *tcon, uint16_t code)
  {

  	cifs_stats_inc(&tcon->stats.smb2_stats.smb2_com_failed[code]);

  }
  
  #define MAX_SHARENAME_LENGTH (255 /* server */ + 80 /* share */ + 1 /* NULL */)

  /* These are similar values to what Windows uses */
  static inline void init_copy_chunk_defaults(struct cifs_tcon *tcon)
  {
  	tcon->max_chunks = 256;
  	tcon->max_bytes_chunk = 1048576;
  	tcon->max_bytes_copy = 16777216;
  }

  int
  SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree,
  	  struct cifs_tcon *tcon, const struct nls_table *cp)
  {

  	struct smb_rqst rqst;

  	struct smb2_tree_connect_req *req;
  	struct smb2_tree_connect_rsp *rsp = NULL;
  	struct kvec iov[2];

  	struct kvec rsp_iov = { NULL, 0 };

  	int rc = 0;
  	int resp_buftype;
  	int unc_path_len;

  	__le16 *unc_path = NULL;

  	int flags = 0;

  	unsigned int total_len;

  	cifs_dbg(FYI, "TCON
  ");

  	if (!(ses->server) || !tree)

  		return -EIO;

  	unc_path = kmalloc(MAX_SHARENAME_LENGTH * 2, GFP_KERNEL);
  	if (unc_path == NULL)
  		return -ENOMEM;
  
  	unc_path_len = cifs_strtoUTF16(unc_path, tree, strlen(tree), cp) + 1;
  	unc_path_len *= 2;
  	if (unc_path_len < 2) {
  		kfree(unc_path);
  		return -EINVAL;
  	}

  	/* SMB2 TREE_CONNECT request must be called with TreeId == 0 */

  	tcon->tid = 0;

  	rc = smb2_plain_req_init(SMB2_TREE_CONNECT, tcon, (void **) &req,
  			     &total_len);

  	if (rc) {
  		kfree(unc_path);
  		return rc;
  	}

  	if (smb3_encryption_required(tcon))

  		flags |= CIFS_TRANSFORM_REQ;

  
  	iov[0].iov_base = (char *)req;

  	/* 1 for pad */
  	iov[0].iov_len = total_len - 1;

  
  	/* Testing shows that buffer offset must be at location of Buffer[0] */
  	req->PathOffset = cpu_to_le16(sizeof(struct smb2_tree_connect_req)

  			- 1 /* pad */);

  	req->PathLength = cpu_to_le16(unc_path_len - 2);
  	iov[1].iov_base = unc_path;
  	iov[1].iov_len = unc_path_len;

  	/*
  	 * 3.11 tcon req must be signed if not encrypted. See MS-SMB2 3.2.4.1.1
  	 * unless it is guest or anonymous user. See MS-SMB2 3.2.5.3.1

  	 * (Samba servers don't always set the flag so also check if null user)

  	 */

  	if ((ses->server->dialect == SMB311_PROT_ID) &&

  	    !smb3_encryption_required(tcon) &&

  	    !(ses->session_flags &
  		    (SMB2_SESSION_FLAG_IS_GUEST|SMB2_SESSION_FLAG_IS_NULL)) &&
  	    ((ses->user_name != NULL) || (ses->sectype == Kerberos)))

  		req->sync_hdr.Flags |= SMB2_FLAGS_SIGNED;

  	memset(&rqst, 0, sizeof(struct smb_rqst));
  	rqst.rq_iov = iov;
  	rqst.rq_nvec = 2;
  
  	rc = cifs_send_recv(xid, ses, &rqst, &resp_buftype, flags, &rsp_iov);

  	cifs_small_buf_release(req);
  	rsp = (struct smb2_tree_connect_rsp *)rsp_iov.iov_base;

  
  	if (rc != 0) {
  		if (tcon) {
  			cifs_stats_fail_inc(tcon, SMB2_TREE_CONNECT_HE);
  			tcon->need_reconnect = true;
  		}
  		goto tcon_error_exit;
  	}

  	switch (rsp->ShareType) {
  	case SMB2_SHARE_TYPE_DISK:

  		cifs_dbg(FYI, "connection to disk share
  ");

  		break;
  	case SMB2_SHARE_TYPE_PIPE:

  		tcon->pipe = true;

  		cifs_dbg(FYI, "connection to pipe share
  ");

  		break;
  	case SMB2_SHARE_TYPE_PRINT:

  		tcon->print = true;

  		cifs_dbg(FYI, "connection to printer
  ");

  		break;
  	default:

  		cifs_dbg(VFS, "unknown share type %d
  ", rsp->ShareType);

  		rc = -EOPNOTSUPP;
  		goto tcon_error_exit;
  	}
  
  	tcon->share_flags = le32_to_cpu(rsp->ShareFlags);

  	tcon->capabilities = rsp->Capabilities; /* we keep caps little endian */

  	tcon->maximal_access = le32_to_cpu(rsp->MaximalAccess);
  	tcon->tidStatus = CifsGood;
  	tcon->need_reconnect = false;

  	tcon->tid = rsp->sync_hdr.TreeId;

  	strlcpy(tcon->treeName, tree, sizeof(tcon->treeName));

  
  	if ((rsp->Capabilities & SMB2_SHARE_CAP_DFS) &&
  	    ((tcon->share_flags & SHI1005_FLAGS_DFS) == 0))

  		cifs_dbg(VFS, "DFS capability contradicts DFS flag
  ");

  
  	if (tcon->seal &&
  	    !(tcon->ses->server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION))
  		cifs_dbg(VFS, "Encryption is requested but not supported
  ");

  	init_copy_chunk_defaults(tcon);

  	if (tcon->ses->server->ops->validate_negotiate)
  		rc = tcon->ses->server->ops->validate_negotiate(xid, tcon);

  tcon_exit:
  	free_rsp_buf(resp_buftype, rsp);
  	kfree(unc_path);
  	return rc;
  
  tcon_error_exit:

  	if (rsp && rsp->sync_hdr.Status == STATUS_BAD_NETWORK_NAME) {

  		cifs_dbg(VFS, "BAD_NETWORK_NAME: %s
  ", tree);

  	}
  	goto tcon_exit;
  }
  
  int
  SMB2_tdis(const unsigned int xid, struct cifs_tcon *tcon)
  {

  	struct smb_rqst rqst;

  	struct smb2_tree_disconnect_req *req; /* response is trivial */
  	int rc = 0;

  	struct cifs_ses *ses = tcon->ses;

  	int flags = 0;

  	unsigned int total_len;
  	struct kvec iov[1];
  	struct kvec rsp_iov;
  	int resp_buf_type;

  	cifs_dbg(FYI, "Tree Disconnect
  ");

  	if (!ses || !(ses->server))

  		return -EIO;
  
  	if ((tcon->need_reconnect) || (tcon->ses->need_reconnect))
  		return 0;

  	rc = smb2_plain_req_init(SMB2_TREE_DISCONNECT, tcon, (void **) &req,
  			     &total_len);

  	if (rc)
  		return rc;

  	if (smb3_encryption_required(tcon))

  		flags |= CIFS_TRANSFORM_REQ;

  	flags |= CIFS_NO_RESP;
  
  	iov[0].iov_base = (char *)req;
  	iov[0].iov_len = total_len;

  	memset(&rqst, 0, sizeof(struct smb_rqst));
  	rqst.rq_iov = iov;
  	rqst.rq_nvec = 1;
  
  	rc = cifs_send_recv(xid, ses, &rqst, &resp_buf_type, flags, &rsp_iov);

  	cifs_small_buf_release(req);

  	if (rc)
  		cifs_stats_fail_inc(tcon, SMB2_TREE_DISCONNECT_HE);
  
  	return rc;
  }

  static struct create_durable *
  create_durable_buf(void)
  {
  	struct create_durable *buf;
  
  	buf = kzalloc(sizeof(struct create_durable), GFP_KERNEL);
  	if (!buf)
  		return NULL;
  
  	buf->ccontext.DataOffset = cpu_to_le16(offsetof

  					(struct create_durable, Data));

  	buf->ccontext.DataLength = cpu_to_le32(16);
  	buf->ccontext.NameOffset = cpu_to_le16(offsetof
  				(struct create_durable, Name));
  	buf->ccontext.NameLength = cpu_to_le16(4);

  	/* SMB2_CREATE_DURABLE_HANDLE_REQUEST is "DHnQ" */

  	buf->Name[0] = 'D';
  	buf->Name[1] = 'H';
  	buf->Name[2] = 'n';
  	buf->Name[3] = 'Q';
  	return buf;
  }

  static struct create_durable *
  create_reconnect_durable_buf(struct cifs_fid *fid)
  {
  	struct create_durable *buf;
  
  	buf = kzalloc(sizeof(struct create_durable), GFP_KERNEL);
  	if (!buf)
  		return NULL;
  
  	buf->ccontext.DataOffset = cpu_to_le16(offsetof
  					(struct create_durable, Data));
  	buf->ccontext.DataLength = cpu_to_le32(16);
  	buf->ccontext.NameOffset = cpu_to_le16(offsetof
  				(struct create_durable, Name));
  	buf->ccontext.NameLength = cpu_to_le16(4);
  	buf->Data.Fid.PersistentFileId = fid->persistent_fid;
  	buf->Data.Fid.VolatileFileId = fid->volatile_fid;

  	/* SMB2_CREATE_DURABLE_HANDLE_RECONNECT is "DHnC" */

  	buf->Name[0] = 'D';
  	buf->Name[1] = 'H';
  	buf->Name[2] = 'n';
  	buf->Name[3] = 'C';
  	return buf;
  }

  static __u8

  parse_lease_state(struct TCP_Server_Info *server, struct smb2_create_rsp *rsp,

  		  unsigned int *epoch, char *lease_key)

  {
  	char *data_offset;

  	struct create_context *cc;

  	unsigned int next;
  	unsigned int remaining;

  	char *name;

  	data_offset = (char *)rsp + le32_to_cpu(rsp->CreateContextsOffset);

  	remaining = le32_to_cpu(rsp->CreateContextsLength);

  	cc = (struct create_context *)data_offset;

  	while (remaining >= sizeof(struct create_context)) {

  		name = le16_to_cpu(cc->NameOffset) + (char *)cc;

  		if (le16_to_cpu(cc->NameLength) == 4 &&
  		    strncmp(name, "RqLs", 4) == 0)

  			return server->ops->parse_lease_buf(cc, epoch,
  							    lease_key);

  
  		next = le32_to_cpu(cc->Next);
  		if (!next)
  			break;
  		remaining -= next;
  		cc = (struct create_context *)((char *)cc + next);
  	}

  	return 0;

  }

  static int

  add_lease_context(struct TCP_Server_Info *server, struct kvec *iov,

  		  unsigned int *num_iovec, u8 *lease_key, __u8 *oplock)

  {
  	struct smb2_create_req *req = iov[0].iov_base;
  	unsigned int num = *num_iovec;

  	iov[num].iov_base = server->ops->create_lease_buf(lease_key, *oplock);

  	if (iov[num].iov_base == NULL)
  		return -ENOMEM;

  	iov[num].iov_len = server->vals->create_lease_size;

  	req->RequestedOplockLevel = SMB2_OPLOCK_LEVEL_LEASE;
  	if (!req->CreateContextsOffset)
  		req->CreateContextsOffset = cpu_to_le32(

  				sizeof(struct smb2_create_req) +

  				iov[num - 1].iov_len);

  	le32_add_cpu(&req->CreateContextsLength,
  		     server->vals->create_lease_size);

  	*num_iovec = num + 1;
  	return 0;
  }

  static struct create_durable_v2 *
  create_durable_v2_buf(struct cifs_fid *pfid)
  {
  	struct create_durable_v2 *buf;
  
  	buf = kzalloc(sizeof(struct create_durable_v2), GFP_KERNEL);
  	if (!buf)
  		return NULL;
  
  	buf->ccontext.DataOffset = cpu_to_le16(offsetof
  					(struct create_durable_v2, dcontext));
  	buf->ccontext.DataLength = cpu_to_le32(sizeof(struct durable_context_v2));
  	buf->ccontext.NameOffset = cpu_to_le16(offsetof
  				(struct create_durable_v2, Name));
  	buf->ccontext.NameLength = cpu_to_le16(4);
  
  	buf->dcontext.Timeout = 0; /* Should this be configurable by workload */
  	buf->dcontext.Flags = cpu_to_le32(SMB2_DHANDLE_FLAG_PERSISTENT);

  	generate_random_uuid(buf->dcontext.CreateGuid);

  	memcpy(pfid->create_guid, buf->dcontext.CreateGuid, 16);
  
  	/* SMB2_CREATE_DURABLE_HANDLE_REQUEST is "DH2Q" */
  	buf->Name[0] = 'D';
  	buf->Name[1] = 'H';
  	buf->Name[2] = '2';
  	buf->Name[3] = 'Q';
  	return buf;
  }
  
  static struct create_durable_handle_reconnect_v2 *
  create_reconnect_durable_v2_buf(struct cifs_fid *fid)
  {
  	struct create_durable_handle_reconnect_v2 *buf;
  
  	buf = kzalloc(sizeof(struct create_durable_handle_reconnect_v2),
  			GFP_KERNEL);
  	if (!buf)
  		return NULL;
  
  	buf->ccontext.DataOffset =
  		cpu_to_le16(offsetof(struct create_durable_handle_reconnect_v2,
  				     dcontext));
  	buf->ccontext.DataLength =
  		cpu_to_le32(sizeof(struct durable_reconnect_context_v2));
  	buf->ccontext.NameOffset =
  		cpu_to_le16(offsetof(struct create_durable_handle_reconnect_v2,
  			    Name));
  	buf->ccontext.NameLength = cpu_to_le16(4);
  
  	buf->dcontext.Fid.PersistentFileId = fid->persistent_fid;
  	buf->dcontext.Fid.VolatileFileId = fid->volatile_fid;
  	buf->dcontext.Flags = cpu_to_le32(SMB2_DHANDLE_FLAG_PERSISTENT);
  	memcpy(buf->dcontext.CreateGuid, fid->create_guid, 16);
  
  	/* SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2 is "DH2C" */
  	buf->Name[0] = 'D';
  	buf->Name[1] = 'H';
  	buf->Name[2] = '2';
  	buf->Name[3] = 'C';
  	return buf;
  }

  static int

  add_durable_v2_context(struct kvec *iov, unsigned int *num_iovec,
  		    struct cifs_open_parms *oparms)
  {
  	struct smb2_create_req *req = iov[0].iov_base;
  	unsigned int num = *num_iovec;
  
  	iov[num].iov_base = create_durable_v2_buf(oparms->fid);
  	if (iov[num].iov_base == NULL)
  		return -ENOMEM;
  	iov[num].iov_len = sizeof(struct create_durable_v2);
  	if (!req->CreateContextsOffset)
  		req->CreateContextsOffset =

  			cpu_to_le32(sizeof(struct smb2_create_req) +

  								iov[1].iov_len);
  	le32_add_cpu(&req->CreateContextsLength, sizeof(struct create_durable_v2));

  	*num_iovec = num + 1;
  	return 0;
  }
  
  static int
  add_durable_reconnect_v2_context(struct kvec *iov, unsigned int *num_iovec,

  		    struct cifs_open_parms *oparms)

  {
  	struct smb2_create_req *req = iov[0].iov_base;
  	unsigned int num = *num_iovec;

  	/* indicate that we don't need to relock the file */
  	oparms->reconnect = false;
  
  	iov[num].iov_base = create_reconnect_durable_v2_buf(oparms->fid);
  	if (iov[num].iov_base == NULL)
  		return -ENOMEM;
  	iov[num].iov_len = sizeof(struct create_durable_handle_reconnect_v2);
  	if (!req->CreateContextsOffset)
  		req->CreateContextsOffset =

  			cpu_to_le32(sizeof(struct smb2_create_req) +

  								iov[1].iov_len);
  	le32_add_cpu(&req->CreateContextsLength,
  			sizeof(struct create_durable_handle_reconnect_v2));

  	*num_iovec = num + 1;
  	return 0;
  }
  
  static int
  add_durable_context(struct kvec *iov, unsigned int *num_iovec,
  		    struct cifs_open_parms *oparms, bool use_persistent)
  {
  	struct smb2_create_req *req = iov[0].iov_base;
  	unsigned int num = *num_iovec;
  
  	if (use_persistent) {
  		if (oparms->reconnect)
  			return add_durable_reconnect_v2_context(iov, num_iovec,
  								oparms);
  		else
  			return add_durable_v2_context(iov, num_iovec, oparms);
  	}

  	if (oparms->reconnect) {
  		iov[num].iov_base = create_reconnect_durable_buf(oparms->fid);
  		/* indicate that we don't need to relock the file */
  		oparms->reconnect = false;
  	} else
  		iov[num].iov_base = create_durable_buf();

  	if (iov[num].iov_base == NULL)
  		return -ENOMEM;
  	iov[num].iov_len = sizeof(struct create_durable);
  	if (!req->CreateContextsOffset)
  		req->CreateContextsOffset =

  			cpu_to_le32(sizeof(struct smb2_create_req) +

  								iov[1].iov_len);

  	le32_add_cpu(&req->CreateContextsLength, sizeof(struct create_durable));

  	*num_iovec = num + 1;
  	return 0;
  }

  /* See MS-SMB2 2.2.13.2.7 */
  static struct crt_twarp_ctxt *
  create_twarp_buf(__u64 timewarp)
  {
  	struct crt_twarp_ctxt *buf;
  
  	buf = kzalloc(sizeof(struct crt_twarp_ctxt), GFP_KERNEL);
  	if (!buf)
  		return NULL;
  
  	buf->ccontext.DataOffset = cpu_to_le16(offsetof
  					(struct crt_twarp_ctxt, Timestamp));
  	buf->ccontext.DataLength = cpu_to_le32(8);
  	buf->ccontext.NameOffset = cpu_to_le16(offsetof
  				(struct crt_twarp_ctxt, Name));
  	buf->ccontext.NameLength = cpu_to_le16(4);
  	/* SMB2_CREATE_TIMEWARP_TOKEN is "TWrp" */
  	buf->Name[0] = 'T';
  	buf->Name[1] = 'W';
  	buf->Name[2] = 'r';
  	buf->Name[3] = 'p';
  	buf->Timestamp = cpu_to_le64(timewarp);
  	return buf;
  }
  
  /* See MS-SMB2 2.2.13.2.7 */
  static int
  add_twarp_context(struct kvec *iov, unsigned int *num_iovec, __u64 timewarp)
  {
  	struct smb2_create_req *req = iov[0].iov_base;
  	unsigned int num = *num_iovec;
  
  	iov[num].iov_base = create_twarp_buf(timewarp);
  	if (iov[num].iov_base == NULL)
  		return -ENOMEM;
  	iov[num].iov_len = sizeof(struct crt_twarp_ctxt);
  	if (!req->CreateContextsOffset)
  		req->CreateContextsOffset = cpu_to_le32(
  				sizeof(struct smb2_create_req) +
  				iov[num - 1].iov_len);
  	le32_add_cpu(&req->CreateContextsLength, sizeof(struct crt_twarp_ctxt));
  	*num_iovec = num + 1;
  	return 0;
  }

  static int
  alloc_path_with_tree_prefix(__le16 **out_path, int *out_size, int *out_len,
  			    const char *treename, const __le16 *path)
  {
  	int treename_len, path_len;
  	struct nls_table *cp;
  	const __le16 sep[] = {cpu_to_le16('\\'), cpu_to_le16(0x0000)};
  
  	/*
  	 * skip leading "\\"
  	 */
  	treename_len = strlen(treename);
  	if (treename_len < 2 || !(treename[0] == '\\' && treename[1] == '\\'))
  		return -EINVAL;
  
  	treename += 2;
  	treename_len -= 2;
  
  	path_len = UniStrnlen((wchar_t *)path, PATH_MAX);
  
  	/*
  	 * make room for one path separator between the treename and
  	 * path
  	 */
  	*out_len = treename_len + 1 + path_len;
  
  	/*
  	 * final path needs to be null-terminated UTF16 with a
  	 * size aligned to 8
  	 */
  
  	*out_size = roundup((*out_len+1)*2, 8);
  	*out_path = kzalloc(*out_size, GFP_KERNEL);
  	if (!*out_path)
  		return -ENOMEM;
  
  	cp = load_nls_default();
  	cifs_strtoUTF16(*out_path, treename, treename_len, cp);
  	UniStrcat(*out_path, sep);
  	UniStrcat(*out_path, path);
  	unload_nls(cp);
  
  	return 0;
  }

  int smb311_posix_mkdir(const unsigned int xid, struct inode *inode,
  			       umode_t mode, struct cifs_tcon *tcon,
  			       const char *full_path,
  			       struct cifs_sb_info *cifs_sb)
  {
  	struct smb_rqst rqst;
  	struct smb2_create_req *req;

  	struct smb2_create_rsp *rsp = NULL;

  	struct TCP_Server_Info *server;
  	struct cifs_ses *ses = tcon->ses;
  	struct kvec iov[3]; /* make sure at least one for each open context */
  	struct kvec rsp_iov = {NULL, 0};
  	int resp_buftype;
  	int uni_path_len;
  	__le16 *copy_path = NULL;
  	int copy_size;
  	int rc = 0;
  	unsigned int n_iov = 2;
  	__u32 file_attributes = 0;
  	char *pc_buf = NULL;
  	int flags = 0;
  	unsigned int total_len;

  	__le16 *utf16_path = NULL;

  
  	cifs_dbg(FYI, "mkdir
  ");

  	/* resource #1: path allocation */
  	utf16_path = cifs_convert_path_to_utf16(full_path, cifs_sb);
  	if (!utf16_path)
  		return -ENOMEM;

  	if (ses && (ses->server))
  		server = ses->server;

  	else {
  		rc = -EIO;
  		goto err_free_path;
  	}

  	/* resource #2: request */

  	rc = smb2_plain_req_init(SMB2_CREATE, tcon, (void **) &req, &total_len);

  	if (rc)

  		goto err_free_path;

  
  	if (smb3_encryption_required(tcon))
  		flags |= CIFS_TRANSFORM_REQ;

  	req->ImpersonationLevel = IL_IMPERSONATION;
  	req->DesiredAccess = cpu_to_le32(FILE_WRITE_ATTRIBUTES);
  	/* File attributes ignored on open (used in create though) */
  	req->FileAttributes = cpu_to_le32(file_attributes);
  	req->ShareAccess = FILE_SHARE_ALL_LE;
  	req->CreateDisposition = cpu_to_le32(FILE_CREATE);
  	req->CreateOptions = cpu_to_le32(CREATE_NOT_FILE);
  
  	iov[0].iov_base = (char *)req;
  	/* -1 since last byte is buf[0] which is sent below (path) */
  	iov[0].iov_len = total_len - 1;
  
  	req->NameOffset = cpu_to_le16(sizeof(struct smb2_create_req));
  
  	/* [MS-SMB2] 2.2.13 NameOffset:
  	 * If SMB2_FLAGS_DFS_OPERATIONS is set in the Flags field of
  	 * the SMB2 header, the file name includes a prefix that will
  	 * be processed during DFS name normalization as specified in
  	 * section 3.3.5.9. Otherwise, the file name is relative to
  	 * the share that is identified by the TreeId in the SMB2
  	 * header.
  	 */
  	if (tcon->share_flags & SHI1005_FLAGS_DFS) {
  		int name_len;
  
  		req->sync_hdr.Flags |= SMB2_FLAGS_DFS_OPERATIONS;
  		rc = alloc_path_with_tree_prefix(&copy_path, &copy_size,
  						 &name_len,

  						 tcon->treeName, utf16_path);
  		if (rc)
  			goto err_free_req;

  		req->NameLength = cpu_to_le16(name_len * 2);
  		uni_path_len = copy_size;

  		/* free before overwriting resource */
  		kfree(utf16_path);
  		utf16_path = copy_path;

  	} else {

  		uni_path_len = (2 * UniStrnlen((wchar_t *)utf16_path, PATH_MAX)) + 2;

  		/* MUST set path len (NameLength) to 0 opening root of share */
  		req->NameLength = cpu_to_le16(uni_path_len - 2);
  		if (uni_path_len % 8 != 0) {
  			copy_size = roundup(uni_path_len, 8);
  			copy_path = kzalloc(copy_size, GFP_KERNEL);
  			if (!copy_path) {

  				rc = -ENOMEM;
  				goto err_free_req;

  			}

  			memcpy((char *)copy_path, (const char *)utf16_path,

  			       uni_path_len);
  			uni_path_len = copy_size;

  			/* free before overwriting resource */
  			kfree(utf16_path);
  			utf16_path = copy_path;

  		}
  	}
  
  	iov[1].iov_len = uni_path_len;

  	iov[1].iov_base = utf16_path;

  	req->RequestedOplockLevel = SMB2_OPLOCK_LEVEL_NONE;
  
  	if (tcon->posix_extensions) {

  		/* resource #3: posix buf */

  		rc = add_posix_context(iov, &n_iov, mode);

  		if (rc)
  			goto err_free_req;

  		pc_buf = iov[n_iov-1].iov_base;
  	}
  
  
  	memset(&rqst, 0, sizeof(struct smb_rqst));
  	rqst.rq_iov = iov;
  	rqst.rq_nvec = n_iov;

  	/* resource #4: response buffer */
  	rc = cifs_send_recv(xid, ses, &rqst, &resp_buftype, flags, &rsp_iov);
  	if (rc) {

  		cifs_stats_fail_inc(tcon, SMB2_CREATE_HE);
  		trace_smb3_posix_mkdir_err(xid, tcon->tid, ses->Suid,

  					   CREATE_NOT_FILE,
  					   FILE_WRITE_ATTRIBUTES, rc);
  		goto err_free_rsp_buf;
  	}
  
  	rsp = (struct smb2_create_rsp *)rsp_iov.iov_base;
  	trace_smb3_posix_mkdir_done(xid, rsp->PersistentFileId, tcon->tid,
  				    ses->Suid, CREATE_NOT_FILE,
  				    FILE_WRITE_ATTRIBUTES);

  
  	SMB2_close(xid, tcon, rsp->PersistentFileId, rsp->VolatileFileId);
  
  	/* Eventually save off posix specific response info and timestaps */

  err_free_rsp_buf:

  	free_rsp_buf(resp_buftype, rsp);

  	kfree(pc_buf);
  err_free_req:
  	cifs_small_buf_release(req);
  err_free_path:
  	kfree(utf16_path);

  	return rc;

  }

  int

  SMB2_open_init(struct cifs_tcon *tcon, struct smb_rqst *rqst, __u8 *oplock,
  	       struct cifs_open_parms *oparms, __le16 *path)

  {

  	struct TCP_Server_Info *server = tcon->ses->server;

  	struct smb2_create_req *req;

  	unsigned int n_iov = 2;

  	__u32 file_attributes = 0;

  	int copy_size;
  	int uni_path_len;

  	unsigned int total_len;

  	struct kvec *iov = rqst->rq_iov;
  	__le16 *copy_path;
  	int rc;

  	rc = smb2_plain_req_init(SMB2_CREATE, tcon, (void **) &req, &total_len);

  	if (rc)
  		return rc;

  	iov[0].iov_base = (char *)req;
  	/* -1 since last byte is buf[0] which is sent below (path) */
  	iov[0].iov_len = total_len - 1;

  	if (oparms->create_options & CREATE_OPTION_READONLY)

  		file_attributes |= ATTR_READONLY;

  	if (oparms->create_options & CREATE_OPTION_SPECIAL)
  		file_attributes |= ATTR_SYSTEM;

  	req->ImpersonationLevel = IL_IMPERSONATION;

  	req->DesiredAccess = cpu_to_le32(oparms->desired_access);

  	/* File attributes ignored on open (used in create though) */
  	req->FileAttributes = cpu_to_le32(file_attributes);
  	req->ShareAccess = FILE_SHARE_ALL_LE;

  	req->CreateDisposition = cpu_to_le32(oparms->disposition);
  	req->CreateOptions = cpu_to_le32(oparms->create_options & CREATE_OPTIONS_MASK);

  	req->NameOffset = cpu_to_le16(sizeof(struct smb2_create_req));

  
  	/* [MS-SMB2] 2.2.13 NameOffset:
  	 * If SMB2_FLAGS_DFS_OPERATIONS is set in the Flags field of
  	 * the SMB2 header, the file name includes a prefix that will
  	 * be processed during DFS name normalization as specified in
  	 * section 3.3.5.9. Otherwise, the file name is relative to
  	 * the share that is identified by the TreeId in the SMB2
  	 * header.
  	 */
  	if (tcon->share_flags & SHI1005_FLAGS_DFS) {
  		int name_len;

  		req->sync_hdr.Flags |= SMB2_FLAGS_DFS_OPERATIONS;

  		rc = alloc_path_with_tree_prefix(&copy_path, &copy_size,
  						 &name_len,
  						 tcon->treeName, path);

  		if (rc)

  			return rc;
  		req->NameLength = cpu_to_le16(name_len * 2);

  		uni_path_len = copy_size;
  		path = copy_path;

  	} else {
  		uni_path_len = (2 * UniStrnlen((wchar_t *)path, PATH_MAX)) + 2;
  		/* MUST set path len (NameLength) to 0 opening root of share */
  		req->NameLength = cpu_to_le16(uni_path_len - 2);

  		copy_size = uni_path_len;
  		if (copy_size % 8 != 0)
  			copy_size = roundup(copy_size, 8);
  		copy_path = kzalloc(copy_size, GFP_KERNEL);
  		if (!copy_path)
  			return -ENOMEM;
  		memcpy((char *)copy_path, (const char *)path,
  		       uni_path_len);
  		uni_path_len = copy_size;
  		path = copy_path;

  	}

  	iov[1].iov_len = uni_path_len;
  	iov[1].iov_base = path;

  	if (!server->oplocks)
  		*oplock = SMB2_OPLOCK_LEVEL_NONE;

  	if (!(server->capabilities & SMB2_GLOBAL_CAP_LEASING) ||

  	    *oplock == SMB2_OPLOCK_LEVEL_NONE)
  		req->RequestedOplockLevel = *oplock;

  	else if (!(server->capabilities & SMB2_GLOBAL_CAP_DIRECTORY_LEASING) &&
  		  (oparms->create_options & CREATE_NOT_FILE))
  		req->RequestedOplockLevel = *oplock; /* no srv lease support */

  	else {

  		rc = add_lease_context(server, iov, &n_iov,
  				       oparms->fid->lease_key, oplock);

  		if (rc)

  			return rc;

  	}

  	if (*oplock == SMB2_OPLOCK_LEVEL_BATCH) {
  		/* need to set Next field of lease context if we request it */

  		if (server->capabilities & SMB2_GLOBAL_CAP_LEASING) {

  			struct create_context *ccontext =

  			    (struct create_context *)iov[n_iov-1].iov_base;

  			ccontext->Next =

  				cpu_to_le32(server->vals->create_lease_size);

  		}

  		rc = add_durable_context(iov, &n_iov, oparms,

  					tcon->use_persistent);