cifs: break out lanman NEGOTIATE handling into separate function

	return 0;

}

int

CIFSSMBNegotiate(const unsigned int xid, struct cifs_ses *ses)

{

	NEGOTIATE_REQ *pSMB;

	NEGOTIATE_RSP *pSMBr;

	int rc = 0;

	int bytes_returned;

	int i;

	struct TCP_Server_Info *server = ses->server;

	u16 count;

	unsigned int secFlags;

	if (!server) {

		WARN(1, "%s: server is NULL!\n", __func__);

		return -EIO;

	}

	rc = smb_init(SMB_COM_NEGOTIATE, 0, NULL /* no tcon yet */ ,

		      (void **) &pSMB, (void **) &pSMBr);

	if (rc)

		return rc;

	/* if any of auth flags (ie not sign or seal) are overriden use them */

	if (ses->overrideSecFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL)))

		secFlags = ses->overrideSecFlg;  /* BB FIXME fix sign flags? */

	else /* if override flags set only sign/seal OR them with global auth */

		secFlags = global_secflags | ses->overrideSecFlg;

	cifs_dbg(FYI, "secFlags 0x%x\n", secFlags);

	pSMB->hdr.Mid = get_next_mid(server);

	pSMB->hdr.Flags2 |= (SMBFLG2_UNICODE | SMBFLG2_ERR_STATUS);

	if ((secFlags & CIFSSEC_MUST_KRB5) == CIFSSEC_MUST_KRB5)

		pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC;

	else if ((secFlags & CIFSSEC_AUTH_MASK) == CIFSSEC_MAY_KRB5) {

		cifs_dbg(FYI, "Kerberos only mechanism, enable extended security\n");

		pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC;

	} else if ((secFlags & CIFSSEC_MUST_NTLMSSP) == CIFSSEC_MUST_NTLMSSP)

		pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC;

	else if ((secFlags & CIFSSEC_AUTH_MASK) == CIFSSEC_MAY_NTLMSSP) {

		cifs_dbg(FYI, "NTLMSSP only mechanism, enable extended security\n");

		pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC;

	}

	count = 0;

	for (i = 0; i < CIFS_NUM_PROT; i++) {

		strncpy(pSMB->DialectsArray+count, protocols[i].name, 16);

		count += strlen(protocols[i].name) + 1;

		/* null at end of source and target buffers anyway */

	}

	inc_rfc1001_len(pSMB, count);

	pSMB->ByteCount = cpu_to_le16(count);

	rc = SendReceive(xid, ses, (struct smb_hdr *) pSMB,

			 (struct smb_hdr *) pSMBr, &bytes_returned, 0);

	if (rc != 0)

		goto neg_err_exit;

	server->dialect = le16_to_cpu(pSMBr->DialectIndex);

	cifs_dbg(FYI, "Dialect: %d\n", server->dialect);

	/* Check wct = 1 error case */

	if ((pSMBr->hdr.WordCount < 13) || (server->dialect == BAD_PROT)) {

		/* core returns wct = 1, but we do not ask for core - otherwise

		small wct just comes when dialect index is -1 indicating we

		could not negotiate a common dialect */

		rc = -EOPNOTSUPP;

		goto neg_err_exit;

#ifdef CONFIG_CIFS_WEAK_PW_HASH

	} else if ((pSMBr->hdr.WordCount == 13)

			&& ((server->dialect == LANMAN_PROT)

				|| (server->dialect == LANMAN2_PROT))) {

static int

decode_lanman_negprot_rsp(struct TCP_Server_Info *server, NEGOTIATE_RSP *pSMBr,

			  unsigned int secFlags)

{

	__s16 tmp;

	struct lanman_neg_rsp *rsp = (struct lanman_neg_rsp *)pSMBr;

		if ((secFlags & CIFSSEC_MAY_LANMAN) ||

			(secFlags & CIFSSEC_MAY_PLNTXT))

	if (server->dialect != LANMAN_PROT && server->dialect != LANMAN2_PROT)

		return -EOPNOTSUPP;

	if ((secFlags & CIFSSEC_MAY_LANMAN) || (secFlags & CIFSSEC_MAY_PLNTXT))

		server->secType = LANMAN;

	else {

		cifs_dbg(VFS, "mount failed weak security disabled in /proc/fs/cifs/SecurityFlags\n");

			rc = -EOPNOTSUPP;

			goto neg_err_exit;

		return -EOPNOTSUPP;

	}

	server->sec_mode = le16_to_cpu(rsp->SecurityMode);

	server->maxReq = min_t(unsigned int,

	if (rsp->EncryptionKeyLength ==

			cpu_to_le16(CIFS_CRYPTO_KEY_SIZE)) {

			memcpy(ses->server->cryptkey, rsp->EncryptionKey,

		memcpy(server->cryptkey, rsp->EncryptionKey,

			CIFS_CRYPTO_KEY_SIZE);

	} else if (server->sec_mode & SECMODE_PW_ENCRYPT) {

			rc = -EIO; /* need cryptkey unless plain text */

			goto neg_err_exit;

		return -EIO; /* need cryptkey unless plain text */

	}

	cifs_dbg(FYI, "LANMAN negotiated\n");

		/* we will not end up setting signing flags - as no signing

		was in LANMAN and server did not return the flags on */

		goto signing_check;

#else /* weak security disabled */

	} else if (pSMBr->hdr.WordCount == 13) {

	return 0;

}

#else

static inline int

decode_lanman_negprot_rsp(struct TCP_Server_Info *server, NEGOTIATE_RSP *pSMBr,

			  unsigned int secFlags)

{

	cifs_dbg(VFS, "mount failed, cifs module not built with CIFS_WEAK_PW_HASH support\n");

	return -EOPNOTSUPP;

}

#endif

int

CIFSSMBNegotiate(const unsigned int xid, struct cifs_ses *ses)

{

	NEGOTIATE_REQ *pSMB;

	NEGOTIATE_RSP *pSMBr;

	int rc = 0;

	int bytes_returned;

	int i;

	struct TCP_Server_Info *server = ses->server;

	u16 count;

	unsigned int secFlags;

	if (!server) {

		WARN(1, "%s: server is NULL!\n", __func__);

		return -EIO;

	}

	rc = smb_init(SMB_COM_NEGOTIATE, 0, NULL /* no tcon yet */ ,

		      (void **) &pSMB, (void **) &pSMBr);

	if (rc)

		return rc;

	/* if any of auth flags (ie not sign or seal) are overriden use them */

	if (ses->overrideSecFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL)))

		secFlags = ses->overrideSecFlg;  /* BB FIXME fix sign flags? */

	else /* if override flags set only sign/seal OR them with global auth */

		secFlags = global_secflags | ses->overrideSecFlg;

	cifs_dbg(FYI, "secFlags 0x%x\n", secFlags);

	pSMB->hdr.Mid = get_next_mid(server);

	pSMB->hdr.Flags2 |= (SMBFLG2_UNICODE | SMBFLG2_ERR_STATUS);

	if ((secFlags & CIFSSEC_MUST_KRB5) == CIFSSEC_MUST_KRB5)

		pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC;

	else if ((secFlags & CIFSSEC_AUTH_MASK) == CIFSSEC_MAY_KRB5) {

		cifs_dbg(FYI, "Kerberos only mechanism, enable extended security\n");

		pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC;

	} else if ((secFlags & CIFSSEC_MUST_NTLMSSP) == CIFSSEC_MUST_NTLMSSP)

		pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC;

	else if ((secFlags & CIFSSEC_AUTH_MASK) == CIFSSEC_MAY_NTLMSSP) {

		cifs_dbg(FYI, "NTLMSSP only mechanism, enable extended security\n");

		pSMB->hdr.Flags2 |= SMBFLG2_EXT_SEC;

	}

	count = 0;

	for (i = 0; i < CIFS_NUM_PROT; i++) {

		strncpy(pSMB->DialectsArray+count, protocols[i].name, 16);

		count += strlen(protocols[i].name) + 1;

		/* null at end of source and target buffers anyway */

	}

	inc_rfc1001_len(pSMB, count);

	pSMB->ByteCount = cpu_to_le16(count);

	rc = SendReceive(xid, ses, (struct smb_hdr *) pSMB,

			 (struct smb_hdr *) pSMBr, &bytes_returned, 0);

	if (rc != 0)

		goto neg_err_exit;

	server->dialect = le16_to_cpu(pSMBr->DialectIndex);

	cifs_dbg(FYI, "Dialect: %d\n", server->dialect);

	/* Check wct = 1 error case */

	if ((pSMBr->hdr.WordCount < 13) || (server->dialect == BAD_PROT)) {

		/* core returns wct = 1, but we do not ask for core - otherwise

		small wct just comes when dialect index is -1 indicating we

		could not negotiate a common dialect */

		rc = -EOPNOTSUPP;

#endif /* WEAK_PW_HASH */

		goto neg_err_exit;

	} else if (pSMBr->hdr.WordCount == 13) {

		rc = decode_lanman_negprot_rsp(server, pSMBr, secFlags);

		if (!rc)

			goto signing_check;

		else

			goto neg_err_exit;

	} else if (pSMBr->hdr.WordCount != 17) {

		/* unknown wct */

		rc = -EOPNOTSUPP;

		goto neg_err_exit;

	}

	/* else wct == 17 NTLM */

	/* else wct == 17, NTLM or better */

	server->sec_mode = pSMBr->SecurityMode;

	if ((server->sec_mode & SECMODE_USER) == 0)

		cifs_dbg(FYI, "share mode security\n");

	if (rc)

		goto neg_err_exit;

#ifdef CONFIG_CIFS_WEAK_PW_HASH

signing_check:

#endif

	if ((secFlags & CIFSSEC_MAY_SIGN) == 0) {

		/* MUST_SIGN already includes the MAY_SIGN FLAG

		   so if this is zero it means that signing is disabled */