--- /dev/null
+From 6b74583bd62e2b6ed6b76ff72d8fc7c2d8f26510 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Atte=20Heikkil=C3=A4?= <atteh.mailbox@gmail.com>
+Date: Thu, 13 Oct 2022 20:08:47 +0300
+Subject: [PATCH] ksmbd-tools: build utilities as a single binary
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Rather than have four different binaries, i.e. ksmbd.addshare,
+ksmbd.adduser, ksmbd.control, and ksmbd.mountd, each one including
+its own libksmbdtools.a copy, build them instead as a single binary.
+This resulting ksmbd.tools acts like BusyBox in that its behavior
+depends on the name by which it is called. Then, each utility is made
+into a symlink to it, meaning that users keep using the utilities as
+usual. ksmbd.tools itself is installed to libexecdir as it is not
+something the user should run.
+
+Instead of libksmbdtools.a, each utility becomes its own static
+library, i.e. libaddshare.a, libadduser.a, libcontrol.a, libmountd.a,
+which are all linked to the single binary. Note that the single binary
+approach is also beneficial when statically linking to any of the
+external dependencies, e.g. GLib, as it greatly reduces the overall
+binary size when there is overlap in copies otherwise made separately
+for multiple utilities.
+
+Due to install_symlink(), minimum meson version is bumped to 0.62.1,
+meaning that it has to be installed using `pip' in Travis, since no
+Ubuntu release currently packages that version or newer. However, bump
+to Ubuntu Jammy anyways, just for the sake of building against newer
+versions of ksmbd-tools' dependencies.
+
+Signed-off-by: Atte Heikkilä <atteh.mailbox@gmail.com>
+---
+ .travis.yml | 6 ++++--
+ Makefile.am | 2 +-
+ addshare/Makefile.am | 15 ++++++++-----
+ addshare/addshare.c | 4 ++--
+ addshare/meson.build | 22 ++++++++++---------
+ addshare/share_admin.c | 2 +-
+ adduser/Makefile.am | 16 ++++++++------
+ adduser/adduser.c | 4 ++--
+ adduser/meson.build | 22 ++++++++++---------
+ adduser/user_admin.c | 2 +-
+ configure.ac | 8 ++++---
+ control/Makefile.am | 15 ++++++++-----
+ control/control.c | 4 ++--
+ control/meson.build | 22 ++++++++++---------
+ include/{ksmbdtools.h => tools.h} | 11 +++++++---
+ ksmbd-tools.spec | 3 ++-
+ meson.build | 6 +++---
+ mountd/Makefile.am | 17 +++++++++------
+ mountd/ipc.c | 2 +-
+ mountd/meson.build | 23 +++++++++++---------
+ mountd/mountd.c | 4 ++--
+ mountd/rpc.c | 2 +-
+ mountd/rpc_lsarpc.c | 2 +-
+ mountd/rpc_samr.c | 2 +-
+ mountd/rpc_srvsvc.c | 2 +-
+ mountd/rpc_wkssvc.c | 2 +-
+ mountd/smbacl.c | 2 +-
+ mountd/worker.c | 2 +-
+ {lib => tools}/Makefile.am | 15 +++++++------
+ {lib => tools}/asn1.c | 0
+ {lib => tools}/config_parser.c | 2 +-
+ {lib => tools}/management/session.c | 2 +-
+ {lib => tools}/management/share.c | 2 +-
+ {lib => tools}/management/spnego.c | 2 +-
+ {lib => tools}/management/spnego_krb5.c | 2 +-
+ {lib => tools}/management/spnego_mech.h | 0
+ {lib => tools}/management/tree_conn.c | 2 +-
+ {lib => tools}/management/user.c | 2 +-
+ {lib => tools}/meson.build | 28 ++++++++++++++++---------
+ lib/ksmbdtools.c => tools/tools.c | 27 +++++++++++++++++++++++-
+ 40 files changed, 191 insertions(+), 117 deletions(-)
+ rename include/{ksmbdtools.h => tools.h} (94%)
+ rename {lib => tools}/Makefile.am (53%)
+ rename {lib => tools}/asn1.c (100%)
+ rename {lib => tools}/config_parser.c (99%)
+ rename {lib => tools}/management/session.c (99%)
+ rename {lib => tools}/management/share.c (99%)
+ rename {lib => tools}/management/spnego.c (99%)
+ rename {lib => tools}/management/spnego_krb5.c (99%)
+ rename {lib => tools}/management/spnego_mech.h (100%)
+ rename {lib => tools}/management/tree_conn.c (99%)
+ rename {lib => tools}/management/user.c (99%)
+ rename {lib => tools}/meson.build (60%)
+ rename lib/ksmbdtools.c => tools/tools.c (89%)
+
+--- a/.travis.yml
++++ b/.travis.yml
+@@ -1,4 +1,4 @@
+-dist: focal
++dist: jammy
+
+ language: c
+
+@@ -6,9 +6,11 @@ notifications:
+ - email: true
+
+ before_install:
+- - sudo apt-get install libnl-3-dev libnl-genl-3-dev krb5-multidev heimdal-multidev meson
++ - sudo apt-get install libnl-3-dev libnl-genl-3-dev krb5-multidev heimdal-multidev ninja-build
+ - gcc --version
+ - g++ --version
++ - pip3 install --user meson
++ - PATH=$HOME/.local/bin:$PATH
+
+ jobs:
+ include:
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -1,6 +1,6 @@
+ ACLOCAL_AMFLAGS = -I m4
+
+-SUBDIRS = lib mountd adduser addshare control
++SUBDIRS = addshare adduser control mountd tools
+
+ EXTRA_DIST = include \
+ README.md \
+--- a/addshare/Makefile.am
++++ b/addshare/Makefile.am
+@@ -1,11 +1,8 @@
+ AM_CFLAGS = -DSYSCONFDIR='"${sysconfdir}"' -DRUNSTATEDIR='"${runstatedir}"' \
+ -I$(top_srcdir)/include $(GLIB_CFLAGS) $(LIBNL_CFLAGS) -fno-common
+-LIBS = $(GLIB_LIBS)
+-ksmbd_addshare_LDADD = $(top_builddir)/lib/libksmbdtools.a
+
+-sbin_PROGRAMS = ksmbd.addshare
+-
+-ksmbd_addshare_SOURCES = share_admin.c addshare.c share_admin.h
++noinst_LIBRARIES = libaddshare.a
++libaddshare_a_SOURCES = share_admin.c addshare.c share_admin.h
+
+ EXTRA_DIST = ksmbd.addshare.8.in
+
+@@ -13,3 +10,11 @@ man_MANS = ksmbd.addshare.8
+ $(man_MANS): %: %.in; @$(in_script) $< >$@
+
+ CLEANFILES = $(man_MANS)
++
++install-exec-hook: uninstall-hook
++ $(MKDIR_P) $(DESTDIR)$(sbindir)
++ ( cd $(DESTDIR)$(sbindir) && \
++ $(LN_S) $(libexecdir)/ksmbd.tools ksmbd.addshare )
++
++uninstall-hook:
++ -rm $(DESTDIR)$(sbindir)/ksmbd.addshare
+--- a/addshare/addshare.c
++++ b/addshare/addshare.c
+@@ -18,7 +18,7 @@
+ #include <ctype.h>
+
+ #include "config_parser.h"
+-#include "ksmbdtools.h"
++#include "tools.h"
+ #include "management/share.h"
+ #include "linux/ksmbd_server.h"
+ #include "share_admin.h"
+@@ -111,7 +111,7 @@ static int sanity_check_share_name_simpl
+ return 0;
+ }
+
+-int main(int argc, char *argv[])
++int addshare_main(int argc, char **argv)
+ {
+ int ret = -EINVAL;
+ char *share = NULL, *options = NULL, *smbconf = NULL;
+--- a/addshare/meson.build
++++ b/addshare/meson.build
+@@ -1,20 +1,16 @@
+-executable(
+- 'ksmbd.addshare',
++addshare_lib = static_library(
++ 'addshare',
+ 'share_admin.c',
+ 'addshare.c',
+ 'share_admin.h',
+- dependencies: [
+- glib_dep,
+- libnl_dep,
+- ],
+- include_directories: tools_incdir,
+- link_with: libksmbdtools,
+- install: true,
+- install_dir: get_option('sbindir'),
++ include_directories: include_dirs,
+ c_args: [
+ '-DSYSCONFDIR="@0@"'.format(get_option('prefix') / get_option('sysconfdir')),
+ '-DRUNSTATEDIR="@0@"'.format(runstatedir),
+ ],
++ dependencies: [
++ glib_dep,
++ ],
+ )
+
+ configure_file(
+@@ -23,3 +19,9 @@ configure_file(
+ install_dir: get_option('mandir') / 'man8',
+ configuration: in_data,
+ )
++
++install_symlink(
++ 'ksmbd.addshare',
++ install_dir: get_option('sbindir'),
++ pointing_to: '..' / get_option('libexecdir') / 'ksmbd.tools',
++)
+--- a/addshare/share_admin.c
++++ b/addshare/share_admin.c
+@@ -14,7 +14,7 @@
+ #include <fcntl.h>
+
+ #include <config_parser.h>
+-#include <ksmbdtools.h>
++#include <tools.h>
+
+ #include <management/share.h>
+
+--- a/adduser/Makefile.am
++++ b/adduser/Makefile.am
+@@ -1,12 +1,8 @@
+ AM_CFLAGS = -DSYSCONFDIR='"${sysconfdir}"' -DRUNSTATEDIR='"${runstatedir}"' \
+ -I$(top_srcdir)/include $(GLIB_CFLAGS) $(LIBNL_CFLAGS) -fno-common
+-LIBS = $(GLIB_LIBS)
+-ksmbd_adduser_LDADD = $(top_builddir)/lib/libksmbdtools.a
+
+-sbin_PROGRAMS = ksmbd.adduser
+-
+-ksmbd_adduser_SOURCES = md4_hash.c user_admin.c adduser.c md4_hash.h \
+- user_admin.h
++noinst_LIBRARIES = libadduser.a
++libadduser_a_SOURCES = md4_hash.c user_admin.c adduser.c md4_hash.h user_admin.h
+
+ EXTRA_DIST = ksmbd.adduser.8.in
+
+@@ -14,3 +10,11 @@ man_MANS = ksmbd.adduser.8
+ $(man_MANS): %: %.in; @$(in_script) $< >$@
+
+ CLEANFILES = $(man_MANS)
++
++install-exec-hook: uninstall-hook
++ $(MKDIR_P) $(DESTDIR)$(sbindir)
++ ( cd $(DESTDIR)$(sbindir) && \
++ $(LN_S) $(libexecdir)/ksmbd.tools ksmbd.adduser )
++
++uninstall-hook:
++ -rm $(DESTDIR)$(sbindir)/ksmbd.adduser
+--- a/adduser/adduser.c
++++ b/adduser/adduser.c
+@@ -18,7 +18,7 @@
+ #include <ctype.h>
+
+ #include "config_parser.h"
+-#include "ksmbdtools.h"
++#include "tools.h"
+ #include "management/user.h"
+ #include "management/share.h"
+ #include "user_admin.h"
+@@ -121,7 +121,7 @@ static int sanity_check_user_name_simple
+ return 0;
+ }
+
+-int main(int argc, char *argv[])
++int adduser_main(int argc, char **argv)
+ {
+ int ret = -EINVAL;
+ char *account = NULL, *password = NULL, *pwddb = NULL, *smbconf = NULL;
+--- a/adduser/meson.build
++++ b/adduser/meson.build
+@@ -1,22 +1,18 @@
+-executable(
+- 'ksmbd.adduser',
++adduser_lib = static_library(
++ 'adduser',
+ 'md4_hash.c',
+ 'user_admin.c',
+ 'adduser.c',
+ 'md4_hash.h',
+ 'user_admin.h',
+- dependencies: [
+- glib_dep,
+- libnl_dep,
+- ],
+- include_directories: tools_incdir,
+- link_with: libksmbdtools,
+- install: true,
+- install_dir: get_option('sbindir'),
++ include_directories: include_dirs,
+ c_args: [
+ '-DSYSCONFDIR="@0@"'.format(get_option('prefix') / get_option('sysconfdir')),
+ '-DRUNSTATEDIR="@0@"'.format(runstatedir),
+ ],
++ dependencies: [
++ glib_dep,
++ ],
+ )
+
+ configure_file(
+@@ -25,3 +21,9 @@ configure_file(
+ install_dir: get_option('mandir') / 'man8',
+ configuration: in_data,
+ )
++
++install_symlink(
++ 'ksmbd.adduser',
++ install_dir: get_option('sbindir'),
++ pointing_to: '..' / get_option('libexecdir') / 'ksmbd.tools',
++)
+--- a/adduser/user_admin.c
++++ b/adduser/user_admin.c
+@@ -15,7 +15,7 @@
+ #include <termios.h>
+
+ #include <config_parser.h>
+-#include <ksmbdtools.h>
++#include <tools.h>
+
+ #include <md4_hash.h>
+ #include <user_admin.h>
+--- a/configure.ac
++++ b/configure.ac
+@@ -24,6 +24,8 @@ AC_PROG_CC_STDC
+ AM_SILENT_RULES([yes])
+ AC_PROG_LIBTOOL
+ AC_PROG_SED
++AC_PROG_MKDIR_P
++AC_PROG_LN_S
+
+ AC_SUBST([in_script], [[\
+ '$(SED) -e "s,[@]sbindir[@],$(sbindir),g" \
+@@ -143,11 +145,11 @@ AM_CONDITIONAL(HAVE_LIBKRB5, [test "x$en
+
+ AC_CONFIG_FILES([
+ Makefile
+- lib/Makefile
+- mountd/Makefile
+- adduser/Makefile
+ addshare/Makefile
++ adduser/Makefile
+ control/Makefile
++ mountd/Makefile
++ tools/Makefile
+ ])
+
+ AC_OUTPUT
+--- a/control/Makefile.am
++++ b/control/Makefile.am
+@@ -1,11 +1,8 @@
+ AM_CFLAGS = -DSYSCONFDIR='"${sysconfdir}"' -DRUNSTATEDIR='"${runstatedir}"' \
+ -I$(top_srcdir)/include $(GLIB_CFLAGS) $(LIBNL_CFLAGS) -fno-common
+-LIBS = $(GLIB_LIBS)
+-ksmbd_control_LDADD = $(top_builddir)/lib/libksmbdtools.a
+
+-sbin_PROGRAMS = ksmbd.control
+-
+-ksmbd_control_SOURCES = control.c
++noinst_LIBRARIES = libcontrol.a
++libcontrol_a_SOURCES = control.c
+
+ EXTRA_DIST = ksmbd.control.8.in
+
+@@ -13,3 +10,11 @@ man_MANS = ksmbd.control.8
+ $(man_MANS): %: %.in; @$(in_script) $< >$@
+
+ CLEANFILES = $(man_MANS)
++
++install-exec-hook: uninstall-hook
++ $(MKDIR_P) $(DESTDIR)$(sbindir)
++ ( cd $(DESTDIR)$(sbindir) && \
++ $(LN_S) $(libexecdir)/ksmbd.tools ksmbd.control )
++
++uninstall-hook:
++ -rm $(DESTDIR)$(sbindir)/ksmbd.control
+--- a/control/control.c
++++ b/control/control.c
+@@ -9,7 +9,7 @@
+ #include <fcntl.h>
+ #include <errno.h>
+
+-#include "ksmbdtools.h"
++#include "tools.h"
+ #include "version.h"
+
+ static void usage(int status)
+@@ -146,7 +146,7 @@ out:
+ return ret;
+ }
+
+-int main(int argc, char *argv[])
++int control_main(int argc, char **argv)
+ {
+ int ret = -EINVAL;
+ int c;
+--- a/control/meson.build
++++ b/control/meson.build
+@@ -1,18 +1,14 @@
+-executable(
+- 'ksmbd.control',
++control_lib = static_library(
++ 'control',
+ 'control.c',
+- dependencies: [
+- glib_dep,
+- libnl_dep,
+- ],
+- include_directories: tools_incdir,
+- link_with: libksmbdtools,
+- install: true,
+- install_dir: get_option('sbindir'),
++ include_directories: include_dirs,
+ c_args: [
+ '-DSYSCONFDIR="@0@"'.format(get_option('prefix') / get_option('sysconfdir')),
+ '-DRUNSTATEDIR="@0@"'.format(runstatedir),
+ ],
++ dependencies: [
++ glib_dep,
++ ],
+ )
+
+ configure_file(
+@@ -21,3 +17,9 @@ configure_file(
+ install_dir: get_option('mandir') / 'man8',
+ configuration: in_data,
+ )
++
++install_symlink(
++ 'ksmbd.control',
++ install_dir: get_option('sbindir'),
++ pointing_to: '..' / get_option('libexecdir') / 'ksmbd.tools',
++)
+--- a/include/ksmbdtools.h
++++ /dev/null
+@@ -1,172 +0,0 @@
+-/* SPDX-License-Identifier: GPL-2.0-or-later */
+-/*
+- * Copyright (C) 2018 Samsung Electronics Co., Ltd.
+- *
+- * linux-cifsd-devel@lists.sourceforge.net
+- */
+-
+-#ifndef __KSMBDTOOLS_H__
+-#define __KSMBDTOOLS_H__
+-
+-#ifndef _GNU_SOURCE
+-#define _GNU_SOURCE 1
+-#endif
+-
+-#include <errno.h>
+-#include <getopt.h>
+-#include <glib.h>
+-#include <poll.h>
+-#include <stdio.h>
+-#include <stdlib.h>
+-#include <string.h>
+-#include <sys/types.h>
+-#include <sys/wait.h>
+-#include <time.h>
+-#include <unistd.h>
+-
+-#ifdef HAVE_CONFIG_H
+-#include <config.h>
+-#endif
+-
+-struct smbconf_global {
+- int flags;
+- int map_to_guest;
+- char *guest_account;
+-
+- char *server_string;
+- char *work_group;
+- char *netbios_name;
+- char *server_min_protocol;
+- char *server_max_protocol;
+- char *root_dir;
+- int server_signing;
+- int sessions_cap;
+- int restrict_anon;
+- unsigned short tcp_port;
+- unsigned short ipc_timeout;
+- unsigned int deadtime;
+- int bind_interfaces_only;
+- char **interfaces;
+- unsigned long file_max;
+- unsigned int smb2_max_read;
+- unsigned int smb2_max_write;
+- unsigned int smb2_max_trans;
+- unsigned int smb2_max_credits;
+- unsigned int smbd_max_io_size;
+- unsigned int share_fake_fscaps;
+- unsigned int gen_subauth[3];
+- char *krb5_keytab_file;
+- char *krb5_service_name;
+- char *pwddb;
+- char *smbconf;
+-};
+-
+-#define KSMBD_LOCK_FILE RUNSTATEDIR "/ksmbd.lock"
+-
+-#define KSMBD_RESTRICT_ANON_TYPE_1 1
+-#define KSMBD_RESTRICT_ANON_TYPE_2 2
+-
+-extern struct smbconf_global global_conf;
+-
+-#define KSMBD_CONF_MAP_TO_GUEST_NEVER (0)
+-#define KSMBD_CONF_MAP_TO_GUEST_BAD_USER (1 << 0)
+-#define KSMBD_CONF_MAP_TO_GUEST_BAD_PASSWORD (1 << 1)
+-#define KSMBD_CONF_MAP_TO_GUEST_BAD_UID (1 << 2)
+-
+-#define KSMBD_CONF_DEFAULT_NETBIOS_NAME "KSMBD SERVER"
+-#define KSMBD_CONF_DEFAULT_SERVER_STRING "SMB SERVER"
+-#define KSMBD_CONF_DEFAULT_WORK_GROUP "WORKGROUP"
+-
+-#define KSMBD_CONF_DEFAULT_GUEST_ACCOUNT "nobody"
+-
+-#define KSMBD_CONF_DEFAULT_SESS_CAP 1024
+-#define KSMBD_CONF_DEFAULT_TCP_PORT 445
+-
+-#define KSMBD_CONF_FILE_MAX 10000
+-
+-#define PATH_PWDDB SYSCONFDIR "/ksmbd/ksmbdpwd.db"
+-#define PATH_SMBCONF SYSCONFDIR "/ksmbd/ksmbd.conf"
+-#define PATH_SMBCONF_FALLBACK SYSCONFDIR "/ksmbd/smb.conf"
+-#define PATH_SUBAUTH SYSCONFDIR "/ksmbd/ksmbd.subauth"
+-
+-#define KSMBD_HEALTH_START (0)
+-#define KSMBD_HEALTH_RUNNING (1 << 0)
+-#define KSMBD_SHOULD_RELOAD_CONFIG (1 << 1)
+-
+-extern int ksmbd_health_status;
+-
+-#define TRACING_DUMP_NL_MSG 0
+-
+-#define ARRAY_SIZE(X) (sizeof(X) / sizeof((X)[0]))
+-
+-#define STR_HELPER(x) #x
+-#define STR(x) STR_HELPER(x)
+-
+-//---------------------------------------------------------------//
+-#define LOGAPP "[%s/%d]:"
+-#define PRERR LOGAPP" ERROR: "
+-#define PRINF LOGAPP" INFO: "
+-#define PRDEBUG LOGAPP" DEBUG: "
+-
+-#define PR_ERROR 0
+-#define PR_INFO 1
+-#define PR_DEBUG 2
+-
+-extern int log_level;
+-
+-#define PR_LOGGER_STDIO 0
+-#define PR_LOGGER_SYSLOG 1
+-
+-G_GNUC_PRINTF(2, 3)
+-extern void __pr_log(int level, const char *fmt, ...);
+-extern void set_logger_app_name(const char *an);
+-extern const char *get_logger_app_name(void);
+-extern void pr_logger_init(int flags);
+-extern int set_log_level(int level);
+-
+-#define pr_log(l, f, ...) \
+- do { \
+- if ((l) <= log_level) \
+- __pr_log((l), (f), get_logger_app_name(), \
+- getpid(), \
+- ##__VA_ARGS__); \
+- } while (0)
+-
+-#define pr_debug(f, ...) \
+- pr_log(PR_DEBUG, PRDEBUG f, ##__VA_ARGS__)
+-#define pr_info(f, ...) \
+- pr_log(PR_INFO, PRINF f, ##__VA_ARGS__)
+-#define pr_err(f, ...) \
+- pr_log(PR_ERROR, PRERR f, ##__VA_ARGS__)
+-
+-//---------------------------------------------------------------//
+-
+-void pr_hex_dump(const void *mem, size_t sz);
+-
+-char *base64_encode(unsigned char *src, size_t srclen);
+-unsigned char *base64_decode(char const *src, size_t *dstlen);
+-
+-gchar *ksmbd_gconvert(const gchar *str,
+- gssize str_len,
+- int to_codeset,
+- int from_codeset,
+- gsize *bytes_read,
+- gsize *bytes_written);
+-
+-enum charset_idx {
+- KSMBD_CHARSET_UTF8 = 0,
+- KSMBD_CHARSET_UTF16LE,
+- KSMBD_CHARSET_UCS2LE,
+- KSMBD_CHARSET_UTF16BE,
+- KSMBD_CHARSET_UCS2BE,
+- KSMBD_CHARSET_MAX = 5,
+-};
+-
+-#define KSMBD_CHARSET_DEFAULT KSMBD_CHARSET_UTF8
+-
+-extern char *ksmbd_conv_charsets[KSMBD_CHARSET_MAX + 1];
+-
+-int send_signal_to_ksmbd_mountd(int signo);
+-int test_file_access(char *conf);
+-
+-#endif /* __KSMBDTOOLS_H__ */
+--- /dev/null
++++ b/include/tools.h
+@@ -0,0 +1,177 @@
++/* SPDX-License-Identifier: GPL-2.0-or-later */
++/*
++ * Copyright (C) 2018 Samsung Electronics Co., Ltd.
++ *
++ * linux-cifsd-devel@lists.sourceforge.net
++ */
++
++#ifndef __TOOLS_H__
++#define __TOOLS_H__
++
++#ifndef _GNU_SOURCE
++#define _GNU_SOURCE 1
++#endif
++
++#include <errno.h>
++#include <getopt.h>
++#include <glib.h>
++#include <poll.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <sys/types.h>
++#include <sys/wait.h>
++#include <time.h>
++#include <unistd.h>
++
++#ifdef HAVE_CONFIG_H
++#include <config.h>
++#endif
++
++struct smbconf_global {
++ int flags;
++ int map_to_guest;
++ char *guest_account;
++
++ char *server_string;
++ char *work_group;
++ char *netbios_name;
++ char *server_min_protocol;
++ char *server_max_protocol;
++ char *root_dir;
++ int server_signing;
++ int sessions_cap;
++ int restrict_anon;
++ unsigned short tcp_port;
++ unsigned short ipc_timeout;
++ unsigned int deadtime;
++ int bind_interfaces_only;
++ char **interfaces;
++ unsigned long file_max;
++ unsigned int smb2_max_read;
++ unsigned int smb2_max_write;
++ unsigned int smb2_max_trans;
++ unsigned int smb2_max_credits;
++ unsigned int smbd_max_io_size;
++ unsigned int share_fake_fscaps;
++ unsigned int gen_subauth[3];
++ char *krb5_keytab_file;
++ char *krb5_service_name;
++ char *pwddb;
++ char *smbconf;
++};
++
++#define KSMBD_LOCK_FILE RUNSTATEDIR "/ksmbd.lock"
++
++#define KSMBD_RESTRICT_ANON_TYPE_1 1
++#define KSMBD_RESTRICT_ANON_TYPE_2 2
++
++extern struct smbconf_global global_conf;
++
++#define KSMBD_CONF_MAP_TO_GUEST_NEVER (0)
++#define KSMBD_CONF_MAP_TO_GUEST_BAD_USER (1 << 0)
++#define KSMBD_CONF_MAP_TO_GUEST_BAD_PASSWORD (1 << 1)
++#define KSMBD_CONF_MAP_TO_GUEST_BAD_UID (1 << 2)
++
++#define KSMBD_CONF_DEFAULT_NETBIOS_NAME "KSMBD SERVER"
++#define KSMBD_CONF_DEFAULT_SERVER_STRING "SMB SERVER"
++#define KSMBD_CONF_DEFAULT_WORK_GROUP "WORKGROUP"
++
++#define KSMBD_CONF_DEFAULT_GUEST_ACCOUNT "nobody"
++
++#define KSMBD_CONF_DEFAULT_SESS_CAP 1024
++#define KSMBD_CONF_DEFAULT_TCP_PORT 445
++
++#define KSMBD_CONF_FILE_MAX 10000
++
++#define PATH_PWDDB SYSCONFDIR "/ksmbd/ksmbdpwd.db"
++#define PATH_SMBCONF SYSCONFDIR "/ksmbd/ksmbd.conf"
++#define PATH_SMBCONF_FALLBACK SYSCONFDIR "/ksmbd/smb.conf"
++#define PATH_SUBAUTH SYSCONFDIR "/ksmbd/ksmbd.subauth"
++
++#define KSMBD_HEALTH_START (0)
++#define KSMBD_HEALTH_RUNNING (1 << 0)
++#define KSMBD_SHOULD_RELOAD_CONFIG (1 << 1)
++
++extern int ksmbd_health_status;
++
++#define TRACING_DUMP_NL_MSG 0
++
++#define ARRAY_SIZE(X) (sizeof(X) / sizeof((X)[0]))
++
++#define STR_HELPER(x) #x
++#define STR(x) STR_HELPER(x)
++
++//---------------------------------------------------------------//
++#define LOGAPP "[%s/%d]:"
++#define PRERR LOGAPP" ERROR: "
++#define PRINF LOGAPP" INFO: "
++#define PRDEBUG LOGAPP" DEBUG: "
++
++#define PR_ERROR 0
++#define PR_INFO 1
++#define PR_DEBUG 2
++
++extern int log_level;
++
++#define PR_LOGGER_STDIO 0
++#define PR_LOGGER_SYSLOG 1
++
++G_GNUC_PRINTF(2, 3)
++extern void __pr_log(int level, const char *fmt, ...);
++extern void set_logger_app_name(const char *an);
++extern const char *get_logger_app_name(void);
++extern void pr_logger_init(int flags);
++extern int set_log_level(int level);
++
++#define pr_log(l, f, ...) \
++ do { \
++ if ((l) <= log_level) \
++ __pr_log((l), (f), get_logger_app_name(), \
++ getpid(), \
++ ##__VA_ARGS__); \
++ } while (0)
++
++#define pr_debug(f, ...) \
++ pr_log(PR_DEBUG, PRDEBUG f, ##__VA_ARGS__)
++#define pr_info(f, ...) \
++ pr_log(PR_INFO, PRINF f, ##__VA_ARGS__)
++#define pr_err(f, ...) \
++ pr_log(PR_ERROR, PRERR f, ##__VA_ARGS__)
++
++//---------------------------------------------------------------//
++
++void pr_hex_dump(const void *mem, size_t sz);
++
++char *base64_encode(unsigned char *src, size_t srclen);
++unsigned char *base64_decode(char const *src, size_t *dstlen);
++
++gchar *ksmbd_gconvert(const gchar *str,
++ gssize str_len,
++ int to_codeset,
++ int from_codeset,
++ gsize *bytes_read,
++ gsize *bytes_written);
++
++enum charset_idx {
++ KSMBD_CHARSET_UTF8 = 0,
++ KSMBD_CHARSET_UTF16LE,
++ KSMBD_CHARSET_UCS2LE,
++ KSMBD_CHARSET_UTF16BE,
++ KSMBD_CHARSET_UCS2BE,
++ KSMBD_CHARSET_MAX = 5,
++};
++
++#define KSMBD_CHARSET_DEFAULT KSMBD_CHARSET_UTF8
++
++extern char *ksmbd_conv_charsets[KSMBD_CHARSET_MAX + 1];
++
++int send_signal_to_ksmbd_mountd(int signo);
++int test_file_access(char *conf);
++
++int addshare_main(int argc, char **argv);
++int adduser_main(int argc, char **argv);
++int control_main(int argc, char **argv);
++int mountd_main(int argc, char **argv);
++
++#endif /* __TOOLS_H__ */
+--- a/ksmbd-tools.spec
++++ b/ksmbd-tools.spec
+@@ -16,7 +16,7 @@
+ #
+
+ Name: ksmbd-tools
+-Version: 3.4.6
++Version: master
+ Release: 0
+ Summary: ksmbd kernel server userspace utilities
+ License: GPL-2.0-or-later
+@@ -53,6 +53,7 @@ make %{?_smp_mflags}
+ %{_sbindir}/ksmbd.adduser
+ %{_sbindir}/ksmbd.control
+ %{_sbindir}/ksmbd.mountd
++%{_libexecdir}/ksmbd.tools
+ %{_mandir}/man8/ksmbd.addshare.8*
+ %{_mandir}/man8/ksmbd.adduser.8*
+ %{_mandir}/man8/ksmbd.control.8*
+--- a/meson.build
++++ b/meson.build
+@@ -10,10 +10,10 @@ exec awk '/define KSMBD_TOOLS_VERSION /
+ check: true,
+ ).stdout(),
+ default_options: 'c_std=gnu99',
+- meson_version: '>= 0.51.0',
++ meson_version: '>= 0.61.5',
+ )
+
+-tools_incdir = include_directories(
++include_dirs = include_directories(
+ '.',
+ 'include',
+ )
+@@ -151,8 +151,8 @@ configure_file(
+ configuration: in_data,
+ )
+
+-subdir('lib')
+ subdir('addshare')
+ subdir('adduser')
+ subdir('control')
+ subdir('mountd')
++subdir('tools')
+--- a/mountd/Makefile.am
++++ b/mountd/Makefile.am
+@@ -1,12 +1,9 @@
+ AM_CFLAGS = -DSYSCONFDIR='"${sysconfdir}"' -DRUNSTATEDIR='"${runstatedir}"' \
+ -I$(top_srcdir)/include $(GLIB_CFLAGS) $(LIBNL_CFLAGS) -fno-common
+-LIBS = $(GLIB_LIBS) $(LIBNL_LIBS) $(LIBKRB5_LIBS)
+-ksmbd_mountd_LDADD = $(top_builddir)/lib/libksmbdtools.a
+
+-sbin_PROGRAMS = ksmbd.mountd
+-
+-ksmbd_mountd_SOURCES = worker.c ipc.c rpc.c rpc_srvsvc.c rpc_wkssvc.c \
+- mountd.c smbacl.c rpc_samr.c rpc_lsarpc.c
++noinst_LIBRARIES = libmountd.a
++libmountd_a_SOURCES = worker.c ipc.c rpc.c rpc_srvsvc.c rpc_wkssvc.c mountd.c \
++ smbacl.c rpc_samr.c rpc_lsarpc.c
+
+ EXTRA_DIST = ksmbd.mountd.8.in
+
+@@ -14,3 +11,11 @@ man_MANS = ksmbd.mountd.8
+ $(man_MANS): %: %.in; @$(in_script) $< >$@
+
+ CLEANFILES = $(man_MANS)
++
++install-exec-hook: uninstall-hook
++ $(MKDIR_P) $(DESTDIR)$(sbindir)
++ ( cd $(DESTDIR)$(sbindir) && \
++ $(LN_S) $(libexecdir)/ksmbd.tools ksmbd.mountd )
++
++uninstall-hook:
++ -rm $(DESTDIR)$(sbindir)/ksmbd.mountd
+--- a/mountd/ipc.c
++++ b/mountd/ipc.c
+@@ -17,7 +17,7 @@
+
+ #include <linux/ksmbd_server.h>
+
+-#include <ksmbdtools.h>
++#include <tools.h>
+ #include <ipc.h>
+ #include <worker.h>
+ #include <config_parser.h>
+--- a/mountd/meson.build
++++ b/mountd/meson.build
+@@ -1,5 +1,5 @@
+-executable(
+- 'ksmbd.mountd',
++mountd_lib = static_library(
++ 'mountd',
+ 'worker.c',
+ 'ipc.c',
+ 'rpc.c',
+@@ -9,18 +9,15 @@ executable(
+ 'smbacl.c',
+ 'rpc_samr.c',
+ 'rpc_lsarpc.c',
+- dependencies: [
+- glib_dep,
+- libnl_dep,
+- ],
+- include_directories: tools_incdir,
+- link_with: libksmbdtools,
+- install: true,
+- install_dir: get_option('sbindir'),
++ include_directories: include_dirs,
+ c_args: [
+ '-DSYSCONFDIR="@0@"'.format(get_option('prefix') / get_option('sysconfdir')),
+ '-DRUNSTATEDIR="@0@"'.format(runstatedir),
+ ],
++ dependencies: [
++ glib_dep,
++ libnl_dep,
++ ],
+ )
+
+ configure_file(
+@@ -29,3 +26,9 @@ configure_file(
+ install_dir: get_option('mandir') / 'man8',
+ configuration: in_data,
+ )
++
++install_symlink(
++ 'ksmbd.mountd',
++ install_dir: get_option('sbindir'),
++ pointing_to: '..' / get_option('libexecdir') / 'ksmbd.tools',
++)
+--- a/mountd/mountd.c
++++ b/mountd/mountd.c
+@@ -5,7 +5,7 @@
+ * linux-cifsd-devel@lists.sourceforge.net
+ */
+
+-#include <ksmbdtools.h>
++#include <tools.h>
+
+ #ifndef _GNU_SOURCE
+ #define _GNU_SOURCE
+@@ -509,7 +509,7 @@ out:
+ return 0;
+ }
+
+-int main(int argc, char *argv[])
++int mountd_main(int argc, char **argv)
+ {
+ int ret = -EINVAL;
+ int c;
+--- a/mountd/rpc.c
++++ b/mountd/rpc.c
+@@ -16,7 +16,7 @@
+ #include <rpc_wkssvc.h>
+ #include <rpc_samr.h>
+ #include <rpc_lsarpc.h>
+-#include <ksmbdtools.h>
++#include <tools.h>
+
+ static GHashTable *pipes_table;
+ static GRWLock pipes_table_lock;
+--- a/mountd/rpc_lsarpc.c
++++ b/mountd/rpc_lsarpc.c
+@@ -16,7 +16,7 @@
+ #include <rpc.h>
+ #include <rpc_lsarpc.h>
+ #include <smbacl.h>
+-#include <ksmbdtools.h>
++#include <tools.h>
+
+ #define LSARPC_OPNUM_DS_ROLE_GET_PRIMARY_DOMAIN_INFO 0
+ #define LSARPC_OPNUM_OPEN_POLICY2 44
+--- a/mountd/rpc_samr.c
++++ b/mountd/rpc_samr.c
+@@ -15,7 +15,7 @@
+ #include <rpc.h>
+ #include <rpc_samr.h>
+ #include <smbacl.h>
+-#include <ksmbdtools.h>
++#include <tools.h>
+
+ #define SAMR_OPNUM_CONNECT5 64
+ #define SAMR_OPNUM_ENUM_DOMAIN 6
+--- a/mountd/rpc_srvsvc.c
++++ b/mountd/rpc_srvsvc.c
+@@ -15,7 +15,7 @@
+
+ #include <rpc.h>
+ #include <rpc_srvsvc.h>
+-#include <ksmbdtools.h>
++#include <tools.h>
+
+ #define SHARE_TYPE_TEMP 0x40000000
+ #define SHARE_TYPE_HIDDEN 0x80000000
+--- a/mountd/rpc_wkssvc.c
++++ b/mountd/rpc_wkssvc.c
+@@ -15,7 +15,7 @@
+
+ #include <rpc.h>
+ #include <rpc_wkssvc.h>
+-#include <ksmbdtools.h>
++#include <tools.h>
+
+ #define WKSSVC_NETWKSTA_GET_INFO (0)
+
+--- a/mountd/smbacl.c
++++ b/mountd/smbacl.c
+@@ -7,7 +7,7 @@
+ */
+
+ #include <smbacl.h>
+-#include <ksmbdtools.h>
++#include <tools.h>
+ #include <glib.h>
+
+ static const struct smb_sid sid_domain = {1, 1, {0, 0, 0, 0, 0, 5},
+--- a/mountd/worker.c
++++ b/mountd/worker.c
+@@ -9,7 +9,7 @@
+ #include <errno.h>
+ #include <linux/ksmbd_server.h>
+
+-#include <ksmbdtools.h>
++#include <tools.h>
+ #include <worker.h>
+ #include <ipc.h>
+ #include <rpc.h>
+--- a/lib/Makefile.am
++++ /dev/null
+@@ -1,18 +0,0 @@
+-AM_CFLAGS = -DSYSCONFDIR='"${sysconfdir}"' -DRUNSTATEDIR='"${runstatedir}"' \
+- -I$(top_srcdir)/include $(GLIB_CFLAGS) $(LIBKRB5_CFLAGS) -fno-common
+-LIBS = $(GLIB_LIBS)
+-
+-noinst_LIBRARIES = libksmbdtools.a
+-libksmbdtools_a_SOURCES = management/tree_conn.c \
+- management/user.c \
+- management/share.c \
+- management/session.c \
+- config_parser.c \
+- ksmbdtools.c
+-
+-if HAVE_LIBKRB5
+-libksmbdtools_a_SOURCES += management/spnego.c \
+- asn1.c \
+- management/spnego_krb5.c \
+- management/spnego_mech.h
+-endif
+--- /dev/null
++++ b/tools/Makefile.am
+@@ -0,0 +1,21 @@
++AM_CFLAGS = -DSYSCONFDIR='"${sysconfdir}"' -DRUNSTATEDIR='"${runstatedir}"' \
++ -I$(top_srcdir)/include $(GLIB_CFLAGS) $(LIBKRB5_CFLAGS) -fno-common
++LIBS = $(GLIB_LIBS) $(LIBNL_LIBS) $(LIBKRB5_LIBS)
++
++libexec_PROGRAMS = ksmbd.tools
++ksmbd_tools_SOURCES = management/tree_conn.c \
++ management/user.c \
++ management/share.c \
++ management/session.c \
++ config_parser.c \
++ tools.c
++if HAVE_LIBKRB5
++ksmbd_tools_SOURCES += management/spnego.c \
++ asn1.c \
++ management/spnego_krb5.c \
++ management/spnego_mech.h
++endif
++ksmbd_tools_LDADD = $(top_builddir)/addshare/libaddshare.a \
++ $(top_builddir)/adduser/libadduser.a \
++ $(top_builddir)/control/libcontrol.a \
++ $(top_builddir)/mountd/libmountd.a
+--- a/lib/config_parser.c
++++ /dev/null
+@@ -1,770 +0,0 @@
+-// SPDX-License-Identifier: GPL-2.0-or-later
+-/*
+- * Copyright (C) 2018 Samsung Electronics Co., Ltd.
+- *
+- * linux-cifsd-devel@lists.sourceforge.net
+- */
+-
+-#include <glib.h>
+-#include <string.h>
+-#include <glib/gstdio.h>
+-#include <sys/stat.h>
+-#include <sys/types.h>
+-#include <unistd.h>
+-#include <fcntl.h>
+-#include <linux/ksmbd_server.h>
+-
+-#include <config_parser.h>
+-#include <ksmbdtools.h>
+-#include <management/user.h>
+-#include <management/share.h>
+-
+-struct smbconf_global global_conf;
+-struct smbconf_parser parser;
+-struct smbconf_group *global_group, *ipc_group;
+-
+-unsigned long long memparse(const char *v)
+-{
+- char *eptr;
+-
+- unsigned long long ret = strtoull(v, &eptr, 0);
+-
+- switch (*eptr) {
+- case 'E':
+- case 'e':
+- ret <<= 10;
+- case 'P':
+- case 'p':
+- ret <<= 10;
+- case 'T':
+- case 't':
+- ret <<= 10;
+- case 'G':
+- case 'g':
+- ret <<= 10;
+- case 'M':
+- case 'm':
+- ret <<= 10;
+- case 'K':
+- case 'k':
+- ret <<= 10;
+- }
+-
+- return ret;
+-}
+-
+-static void kv_release_cb(gpointer p)
+-{
+- g_free(p);
+-}
+-
+-static int is_ascii_space_tab(char c)
+-{
+- return c == ' ' || c == '\t';
+-}
+-
+-static int is_a_comment(char *line)
+-{
+- return (*line == 0x00 || *line == ';' || *line == '\n' || *line == '#');
+-}
+-
+-static int is_a_group(char *line)
+-{
+- char *p = line;
+-
+- if (*p != '[')
+- return 0;
+- p++;
+- while (*p && *p != ']')
+- p = g_utf8_find_next_char(p, NULL);
+- if (*p != ']')
+- return 0;
+- return 1;
+-}
+-
+-static int add_new_group(char *line)
+-{
+- char *begin = line;
+- char *end = line;
+- char *name = NULL;
+- struct smbconf_group *group = NULL;
+- struct smbconf_group *lookup;
+-
+- while (*end && *end != ']')
+- end = g_utf8_find_next_char(end, NULL);
+-
+- name = g_strndup(begin + 1, end - begin - 1);
+- if (!name)
+- goto out_free;
+-
+- lookup = g_hash_table_lookup(parser.groups, name);
+- if (lookup) {
+- parser.current = lookup;
+- pr_info("Multiple definitions for group `%s'\n", name);
+- g_free(name);
+- return 0;
+- }
+-
+- group = g_malloc(sizeof(struct smbconf_group));
+- group->cb_mode = GROUPS_CALLBACK_NONE;
+- group->name = name;
+- group->kv = g_hash_table_new_full(g_str_hash,
+- g_str_equal,
+- kv_release_cb,
+- kv_release_cb);
+- if (!group->kv)
+- goto out_free;
+-
+- parser.current = group;
+- g_hash_table_insert(parser.groups, group->name, group);
+- return 0;
+-
+-out_free:
+- g_free(name);
+- if (group && group->kv)
+- g_hash_table_destroy(group->kv);
+- g_free(group);
+- return -ENOMEM;
+-}
+-
+-static int add_group_key_value(char *line)
+-{
+- char *key, *value;
+-
+- key = strchr(line, '=');
+- if (!key)
+- return -EINVAL;
+-
+- value = key;
+- *key = 0x00;
+- key--;
+- value++;
+-
+- while (is_ascii_space_tab(*key))
+- key--;
+- while (is_ascii_space_tab(*value))
+- value++;
+-
+- if (is_a_comment(value))
+- return 0;
+-
+- if (g_hash_table_lookup(parser.current->kv, key)) {
+- pr_info("Multiple key-value definitions [%s] %s\n",
+- parser.current->name, key);
+- return 0;
+- }
+-
+- key = g_strndup(line, key - line + 1);
+- value = g_strdup(value);
+-
+- if (!key || !value) {
+- g_free(key);
+- g_free(value);
+- return -ENOMEM;
+- }
+-
+- g_hash_table_insert(parser.current->kv, key, value);
+- return 0;
+-}
+-
+-static int process_smbconf_entry(char *data)
+-{
+- while (is_ascii_space_tab(*data))
+- data++;
+-
+- if (is_a_comment(data))
+- return 0;
+-
+- if (is_a_group(data))
+- return add_new_group(data);
+-
+- return add_group_key_value(data);
+-}
+-
+-static int __mmap_parse_file(const char *fname, int (*callback)(char *data))
+-{
+- GMappedFile *file;
+- GError *err = NULL;
+- gchar *contents;
+- int len;
+- char *delim;
+- int fd, ret = 0;
+-
+- fd = g_open(fname, O_RDONLY, 0);
+- if (fd == -1) {
+- ret = -errno;
+- pr_debug("Can't open `%s': %m\n", fname);
+- return ret;
+- }
+-
+- file = g_mapped_file_new_from_fd(fd, FALSE, &err);
+- if (err) {
+- pr_err("Can't map `%s' to memory: %s\n", fname, err->message);
+- g_error_free(err);
+- ret = -EINVAL;
+- goto out;
+- }
+-
+- contents = g_mapped_file_get_contents(file);
+- if (!contents)
+- goto out;
+-
+- len = g_mapped_file_get_length(file);
+- while (len > 0) {
+- delim = strchr(contents, '\n');
+- if (!delim)
+- delim = contents + len - 1;
+-
+- if (delim) {
+- size_t sz = delim - contents;
+- char *data;
+-
+- if (delim == contents) {
+- contents = delim + 1;
+- len--;
+- continue;
+- }
+-
+- if (!sz)
+- break;
+-
+- data = g_strndup(contents, sz);
+- ret = callback(data);
+- if (ret) {
+- g_free(data);
+- goto out;
+- }
+-
+- g_free(data);
+- contents = delim + 1;
+- len -= (sz + 1);
+- }
+- }
+-
+- ret = 0;
+-out:
+- if (file)
+- g_mapped_file_unref(file);
+-
+- if (fd) {
+- g_close(fd, &err);
+- if (err) {
+- pr_err("Can't close `%s': %s\n", fname, err->message);
+- g_error_free(err);
+- }
+- }
+- return ret;
+-}
+-
+-static int init_smbconf_parser(void)
+-{
+- if (parser.groups)
+- return 0;
+-
+- parser.groups = g_hash_table_new(shm_share_name_hash,
+- shm_share_name_equal);
+- if (!parser.groups)
+- return -ENOMEM;
+- return 0;
+-}
+-
+-static void release_smbconf_group(gpointer k, gpointer v, gpointer user_data)
+-{
+- struct smbconf_group *g = v;
+-
+- g_hash_table_destroy(g->kv);
+- g_free(g->name);
+- g_free(g);
+-}
+-
+-static void release_smbconf_parser(void)
+-{
+- if (!parser.groups)
+- return;
+-
+- g_hash_table_foreach(parser.groups, release_smbconf_group, NULL);
+- g_hash_table_destroy(parser.groups);
+- parser.groups = NULL;
+-}
+-
+-char *cp_ltrim(char *v)
+-{
+- if (!v)
+- return NULL;
+-
+- while (*v && *v == ' ')
+- v++;
+- if (*v == 0x00)
+- return NULL;
+- return v;
+-}
+-
+-int cp_key_cmp(char *k, char *v)
+-{
+- if (!k || !v)
+- return -1;
+- return g_ascii_strncasecmp(k, v, strlen(v));
+-}
+-
+-char *cp_get_group_kv_string(char *v)
+-{
+- return g_strdup(v);
+-}
+-
+-int cp_get_group_kv_bool(char *v)
+-{
+- if (!g_ascii_strncasecmp(v, "yes", 3) ||
+- !g_ascii_strncasecmp(v, "1", 1) ||
+- !g_ascii_strncasecmp(v, "true", 4) ||
+- !g_ascii_strncasecmp(v, "enable", 6))
+- return 1;
+- return 0;
+-}
+-
+-int cp_get_group_kv_config_opt(char *v)
+-{
+- if (!g_ascii_strncasecmp(v, "disabled", 8))
+- return KSMBD_CONFIG_OPT_DISABLED;
+- if (!g_ascii_strncasecmp(v, "enabled", 7))
+- return KSMBD_CONFIG_OPT_ENABLED;
+- if (!g_ascii_strncasecmp(v, "auto", 4))
+- return KSMBD_CONFIG_OPT_AUTO;
+- if (!g_ascii_strncasecmp(v, "mandatory", 9))
+- return KSMBD_CONFIG_OPT_MANDATORY;
+- return KSMBD_CONFIG_OPT_DISABLED;
+-}
+-
+-unsigned long cp_get_group_kv_long_base(char *v, int base)
+-{
+- return strtoul(v, NULL, base);
+-}
+-
+-unsigned long cp_get_group_kv_long(char *v)
+-{
+- return cp_get_group_kv_long_base(v, 10);
+-}
+-
+-char **cp_get_group_kv_list(char *v)
+-{
+- /*
+- * SMB conf lists are "tabs, spaces, commas" separated.
+- */
+- return g_strsplit_set(v, "\t ,", -1);
+-}
+-
+-void cp_group_kv_list_free(char **list)
+-{
+- g_strfreev(list);
+-}
+-
+-static int cp_add_global_guest_account(gpointer _v)
+-{
+- struct ksmbd_user *user;
+-
+- if (usm_add_new_user(cp_get_group_kv_string(_v),
+- g_strdup("NULL"))) {
+- pr_err("Unable to add guest account\n");
+- return -ENOMEM;
+- }
+-
+- user = usm_lookup_user(_v);
+- if (!user) {
+- pr_err("Unable to find user `%s'\n", (char *) _v);
+- return -EINVAL;
+- }
+-
+- set_user_flag(user, KSMBD_USER_FLAG_GUEST_ACCOUNT);
+- put_ksmbd_user(user);
+- global_conf.guest_account = cp_get_group_kv_string(_v);
+- return 0;
+-}
+-
+-static gboolean global_group_kv(gpointer _k, gpointer _v, gpointer user_data)
+-{
+- if (!cp_key_cmp(_k, "server string")) {
+- global_conf.server_string = cp_get_group_kv_string(_v);
+- return TRUE;
+- }
+-
+- if (!cp_key_cmp(_k, "workgroup")) {
+- global_conf.work_group = cp_get_group_kv_string(_v);
+- return TRUE;
+- }
+-
+- if (!cp_key_cmp(_k, "netbios name")) {
+- global_conf.netbios_name = cp_get_group_kv_string(_v);
+- return TRUE;
+- }
+-
+- if (!cp_key_cmp(_k, "server min protocol")) {
+- global_conf.server_min_protocol = cp_get_group_kv_string(_v);
+- return TRUE;
+- }
+-
+- if (!cp_key_cmp(_k, "server signing")) {
+- global_conf.server_signing = cp_get_group_kv_config_opt(_v);
+- return TRUE;
+- }
+-
+- if (!cp_key_cmp(_k, "server max protocol")) {
+- global_conf.server_max_protocol = cp_get_group_kv_string(_v);
+- return TRUE;
+- }
+-
+- if (!cp_key_cmp(_k, "guest account")) {
+- cp_add_global_guest_account(_v);
+- return TRUE;
+- }
+-
+- if (!cp_key_cmp(_k, "max active sessions")) {
+- global_conf.sessions_cap = cp_get_group_kv_long(_v);
+- return TRUE;
+- }
+-
+- if (!cp_key_cmp(_k, "tcp port")) {
+- if (!global_conf.tcp_port)
+- global_conf.tcp_port = cp_get_group_kv_long(_v);
+- return TRUE;
+- }
+-
+- if (!cp_key_cmp(_k, "ipc timeout")) {
+- global_conf.ipc_timeout = cp_get_group_kv_long(_v);
+- return TRUE;
+- }
+-
+- if (!cp_key_cmp(_k, "max open files")) {
+- global_conf.file_max = cp_get_group_kv_long(_v);
+- return TRUE;
+- }
+-
+- if (!cp_key_cmp(_k, "restrict anonymous")) {
+- global_conf.restrict_anon = cp_get_group_kv_long(_v);
+- if (global_conf.restrict_anon > KSMBD_RESTRICT_ANON_TYPE_2 ||
+- global_conf.restrict_anon < 0) {
+- global_conf.restrict_anon = 0;
+- pr_err("Invalid restrict anonymous value\n");
+- }
+-
+- return TRUE;
+- }
+-
+- if (!cp_key_cmp(_k, "map to guest")) {
+- global_conf.map_to_guest = KSMBD_CONF_MAP_TO_GUEST_NEVER;
+- if (!cp_key_cmp(_v, "bad user"))
+- global_conf.map_to_guest =
+- KSMBD_CONF_MAP_TO_GUEST_BAD_USER;
+- if (!cp_key_cmp(_v, "bad password"))
+- global_conf.map_to_guest =
+- KSMBD_CONF_MAP_TO_GUEST_BAD_PASSWORD;
+- if (!cp_key_cmp(_v, "bad uid"))
+- global_conf.map_to_guest =
+- KSMBD_CONF_MAP_TO_GUEST_BAD_UID;
+- return TRUE;
+- }
+-
+- if (!cp_key_cmp(_k, "bind interfaces only")) {
+- global_conf.bind_interfaces_only = cp_get_group_kv_bool(_v);
+- return TRUE;
+- }
+-
+- if (!cp_key_cmp(_k, "interfaces")) {
+- global_conf.interfaces = cp_get_group_kv_list(_v);
+- return TRUE;
+- }
+-
+- if (!cp_key_cmp(_k, "deadtime")) {
+- global_conf.deadtime = cp_get_group_kv_long(_v);
+- return TRUE;
+- }
+-
+- if (!cp_key_cmp(_k, "smb2 leases")) {
+- if (cp_get_group_kv_bool(_v))
+- global_conf.flags |= KSMBD_GLOBAL_FLAG_SMB2_LEASES;
+- else
+- global_conf.flags &= ~KSMBD_GLOBAL_FLAG_SMB2_LEASES;
+-
+- return TRUE;
+- }
+-
+- if (!cp_key_cmp(_k, "root directory")) {
+- global_conf.root_dir = cp_get_group_kv_string(_v);
+- return TRUE;
+- }
+-
+- if (!cp_key_cmp(_k, "smb2 max read")) {
+- global_conf.smb2_max_read = memparse(_v);
+- return TRUE;
+- }
+-
+- if (!cp_key_cmp(_k, "smb2 max write")) {
+- global_conf.smb2_max_write = memparse(_v);
+- return TRUE;
+- }
+-
+- if (!cp_key_cmp(_k, "smb2 max trans")) {
+- global_conf.smb2_max_trans = memparse(_v);
+- return TRUE;
+- }
+-
+- if (!cp_key_cmp(_k, "smb3 encryption")) {
+- if (cp_get_group_kv_bool(_v))
+- global_conf.flags |= KSMBD_GLOBAL_FLAG_SMB3_ENCRYPTION;
+- else
+- global_conf.flags &= ~KSMBD_GLOBAL_FLAG_SMB3_ENCRYPTION;
+-
+- return TRUE;
+- }
+-
+- if (!cp_key_cmp(_k, "share:fake_fscaps")) {
+- global_conf.share_fake_fscaps = cp_get_group_kv_long(_v);
+- return TRUE;
+- }
+-
+- if (!cp_key_cmp(_k, "kerberos service name")) {
+- global_conf.krb5_service_name = cp_get_group_kv_string(_v);
+- return TRUE;
+- }
+-
+- if (!cp_key_cmp(_k, "kerberos keytab file")) {
+- global_conf.krb5_keytab_file = cp_get_group_kv_string(_v);
+- return TRUE;
+- }
+-
+- if (!cp_key_cmp(_k, "server multi channel support")) {
+- if (cp_get_group_kv_bool(_v))
+- global_conf.flags |= KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL;
+- else
+- global_conf.flags &= ~KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL;
+-
+- return TRUE;
+- }
+-
+- if (!cp_key_cmp(_k, "smb2 max credits")) {
+- global_conf.smb2_max_credits = memparse(_v);
+- return TRUE;
+- }
+-
+- if (!cp_key_cmp(_k, "smbd max io size")) {
+- global_conf.smbd_max_io_size = memparse(_v);
+- return TRUE;
+- }
+-
+- /* At this point, this is an option that must be applied to all shares */
+- return FALSE;
+-}
+-
+-static void global_conf_default(void)
+-{
+- /* The SPARSE_FILES file system capability flag is set by default */
+- global_conf.share_fake_fscaps = 64;
+-}
+-
+-static void global_conf_create(void)
+-{
+- if (!global_group || global_group->cb_mode != GROUPS_CALLBACK_INIT)
+- return;
+-
+- /*
+- * This will transfer server options to global_conf, and leave behind
+- * in the global parser group, the options that must be applied to every
+- * share
+- */
+- g_hash_table_foreach_remove(global_group->kv, global_group_kv, NULL);
+-}
+-
+-static void append_key_value(gpointer _k, gpointer _v, gpointer user_data)
+-{
+- GHashTable *receiver = (GHashTable *)user_data;
+-
+- /* Don't override local share options */
+- if (!g_hash_table_lookup(receiver, _k))
+- g_hash_table_insert(receiver, g_strdup(_k), g_strdup(_v));
+-}
+-
+-static void global_conf_update(struct smbconf_group *group)
+-{
+- if (!global_group)
+- return;
+-
+- g_hash_table_foreach(global_group->kv, append_key_value, group->kv);
+-}
+-
+-static void global_conf_fixup_missing(void)
+-{
+- /*
+- * Set default global parameters which were not specified
+- * in smb.conf
+- */
+- if (!global_conf.file_max)
+- global_conf.file_max = KSMBD_CONF_FILE_MAX;
+- if (!global_conf.server_string)
+- global_conf.server_string =
+- cp_get_group_kv_string(
+- KSMBD_CONF_DEFAULT_SERVER_STRING);
+- if (!global_conf.netbios_name)
+- global_conf.netbios_name =
+- cp_get_group_kv_string(KSMBD_CONF_DEFAULT_NETBIOS_NAME);
+- if (!global_conf.work_group)
+- global_conf.work_group =
+- cp_get_group_kv_string(KSMBD_CONF_DEFAULT_WORK_GROUP);
+- if (!global_conf.tcp_port)
+- global_conf.tcp_port = KSMBD_CONF_DEFAULT_TCP_PORT;
+-
+- if (global_conf.sessions_cap <= 0)
+- global_conf.sessions_cap = KSMBD_CONF_DEFAULT_SESS_CAP;
+-
+- if (!global_conf.guest_account &&
+- cp_add_global_guest_account(KSMBD_CONF_DEFAULT_GUEST_ACCOUNT))
+- pr_err("Unable to add guest account\n");
+-}
+-
+-static void groups_callback(gpointer _k, gpointer _v, gpointer user_data)
+-{
+- struct smbconf_group *group = (struct smbconf_group *)_v;
+- unsigned short cb_mode = *(unsigned short *)user_data;
+-
+- if (group == global_group)
+- return;
+-
+- group->cb_mode = cb_mode;
+-
+- if (group != ipc_group)
+- global_conf_update(group);
+-
+- shm_add_new_share(group);
+-}
+-
+-static int cp_add_ipc_group(void)
+-{
+- char *comment = NULL, *guest = NULL;
+- int ret = 0;
+-
+- if (ipc_group)
+- return ret;
+-
+- comment = g_strdup("comment = IPC share");
+- guest = g_strdup("guest ok = yes");
+- ret = add_new_group("[IPC$]");
+- ret |= add_group_key_value(comment);
+- ret |= add_group_key_value(guest);
+- if (ret) {
+- pr_err("Unable to add IPC$ share\n");
+- ret = -EINVAL;
+- goto out;
+- }
+-
+- ipc_group = g_hash_table_lookup(parser.groups, "ipc$");
+-out:
+- g_free(comment);
+- g_free(guest);
+- return ret;
+-}
+-
+-static int __cp_parse_smbconfig(const char *smbconf, GHFunc cb,
+- unsigned short cb_mode)
+-{
+- int ret;
+-
+- global_conf_default();
+-
+- ret = cp_smbconfig_hash_create(smbconf);
+- if (ret)
+- return ret;
+-
+- ret = cp_add_ipc_group();
+- if (ret)
+- goto out;
+-
+- global_group = g_hash_table_lookup(parser.groups, "global");
+- if (global_group)
+- global_group->cb_mode = cb_mode;
+-
+- global_conf_create();
+- g_hash_table_foreach(parser.groups, groups_callback, &cb_mode);
+- global_conf_fixup_missing();
+-out:
+- cp_smbconfig_destroy();
+- return ret;
+-}
+-
+-int cp_parse_reload_smbconf(const char *smbconf)
+-{
+- return __cp_parse_smbconfig(smbconf, groups_callback,
+- GROUPS_CALLBACK_REINIT);
+-}
+-
+-int cp_parse_smbconf(const char *smbconf)
+-{
+- return __cp_parse_smbconfig(smbconf, groups_callback,
+- GROUPS_CALLBACK_INIT);
+-}
+-
+-int cp_parse_pwddb(const char *pwddb)
+-{
+- return __mmap_parse_file(pwddb, usm_add_update_user_from_pwdentry);
+-}
+-
+-int cp_smbconfig_hash_create(const char *smbconf)
+-{
+- int ret = init_smbconf_parser();
+-
+- if (ret)
+- return ret;
+- return __mmap_parse_file(smbconf, process_smbconf_entry);
+-}
+-
+-int cp_parse_subauth(void)
+-{
+- return __mmap_parse_file(PATH_SUBAUTH, usm_add_subauth_global_conf);
+-}
+-
+-void cp_smbconfig_destroy(void)
+-{
+- release_smbconf_parser();
+-}
+-
+-int cp_parse_external_smbconf_group(char *name, char *opts)
+-{
+- char *pos;
+- int i, len;
+-
+- if (init_smbconf_parser())
+- return -EINVAL;
+-
+- if (!opts || !name)
+- return -EINVAL;
+-
+- len = strlen(opts);
+- /* fake smb.conf input */
+- for (i = 0; i < KSMBD_SHARE_CONF_MAX; i++) {
+- pos = strstr(opts, KSMBD_SHARE_CONF[i]);
+- if (!pos)
+- continue;
+- if (pos != opts)
+- *(pos - 1) = '\n';
+- }
+-
+- if (add_new_group(name))
+- goto error;
+-
+- /* split input and feed to normal process_smbconf_entry() */
+- while (len) {
+- char *delim = strchr(opts, '\n');
+-
+- if (delim) {
+- *delim = 0x00;
+- len -= delim - opts;
+- } else {
+- len = 0;
+- }
+-
+- process_smbconf_entry(opts);
+- if (delim)
+- opts = delim + 1;
+- }
+- return 0;
+-
+-error:
+- cp_smbconfig_destroy();
+- return -EINVAL;
+-}
+--- /dev/null
++++ b/tools/config_parser.c
+@@ -0,0 +1,770 @@
++// SPDX-License-Identifier: GPL-2.0-or-later
++/*
++ * Copyright (C) 2018 Samsung Electronics Co., Ltd.
++ *
++ * linux-cifsd-devel@lists.sourceforge.net
++ */
++
++#include <glib.h>
++#include <string.h>
++#include <glib/gstdio.h>
++#include <sys/stat.h>
++#include <sys/types.h>
++#include <unistd.h>
++#include <fcntl.h>
++#include <linux/ksmbd_server.h>
++
++#include <config_parser.h>
++#include <tools.h>
++#include <management/user.h>
++#include <management/share.h>
++
++struct smbconf_global global_conf;
++struct smbconf_parser parser;
++struct smbconf_group *global_group, *ipc_group;
++
++unsigned long long memparse(const char *v)
++{
++ char *eptr;
++
++ unsigned long long ret = strtoull(v, &eptr, 0);
++
++ switch (*eptr) {
++ case 'E':
++ case 'e':
++ ret <<= 10;
++ case 'P':
++ case 'p':
++ ret <<= 10;
++ case 'T':
++ case 't':
++ ret <<= 10;
++ case 'G':
++ case 'g':
++ ret <<= 10;
++ case 'M':
++ case 'm':
++ ret <<= 10;
++ case 'K':
++ case 'k':
++ ret <<= 10;
++ }
++
++ return ret;
++}
++
++static void kv_release_cb(gpointer p)
++{
++ g_free(p);
++}
++
++static int is_ascii_space_tab(char c)
++{
++ return c == ' ' || c == '\t';
++}
++
++static int is_a_comment(char *line)
++{
++ return (*line == 0x00 || *line == ';' || *line == '\n' || *line == '#');
++}
++
++static int is_a_group(char *line)
++{
++ char *p = line;
++
++ if (*p != '[')
++ return 0;
++ p++;
++ while (*p && *p != ']')
++ p = g_utf8_find_next_char(p, NULL);
++ if (*p != ']')
++ return 0;
++ return 1;
++}
++
++static int add_new_group(char *line)
++{
++ char *begin = line;
++ char *end = line;
++ char *name = NULL;
++ struct smbconf_group *group = NULL;
++ struct smbconf_group *lookup;
++
++ while (*end && *end != ']')
++ end = g_utf8_find_next_char(end, NULL);
++
++ name = g_strndup(begin + 1, end - begin - 1);
++ if (!name)
++ goto out_free;
++
++ lookup = g_hash_table_lookup(parser.groups, name);
++ if (lookup) {
++ parser.current = lookup;
++ pr_info("Multiple definitions for group `%s'\n", name);
++ g_free(name);
++ return 0;
++ }
++
++ group = g_malloc(sizeof(struct smbconf_group));
++ group->cb_mode = GROUPS_CALLBACK_NONE;
++ group->name = name;
++ group->kv = g_hash_table_new_full(g_str_hash,
++ g_str_equal,
++ kv_release_cb,
++ kv_release_cb);
++ if (!group->kv)
++ goto out_free;
++
++ parser.current = group;
++ g_hash_table_insert(parser.groups, group->name, group);
++ return 0;
++
++out_free:
++ g_free(name);
++ if (group && group->kv)
++ g_hash_table_destroy(group->kv);
++ g_free(group);
++ return -ENOMEM;
++}
++
++static int add_group_key_value(char *line)
++{
++ char *key, *value;
++
++ key = strchr(line, '=');
++ if (!key)
++ return -EINVAL;
++
++ value = key;
++ *key = 0x00;
++ key--;
++ value++;
++
++ while (is_ascii_space_tab(*key))
++ key--;
++ while (is_ascii_space_tab(*value))
++ value++;
++
++ if (is_a_comment(value))
++ return 0;
++
++ if (g_hash_table_lookup(parser.current->kv, key)) {
++ pr_info("Multiple key-value definitions [%s] %s\n",
++ parser.current->name, key);
++ return 0;
++ }
++
++ key = g_strndup(line, key - line + 1);
++ value = g_strdup(value);
++
++ if (!key || !value) {
++ g_free(key);
++ g_free(value);
++ return -ENOMEM;
++ }
++
++ g_hash_table_insert(parser.current->kv, key, value);
++ return 0;
++}
++
++static int process_smbconf_entry(char *data)
++{
++ while (is_ascii_space_tab(*data))
++ data++;
++
++ if (is_a_comment(data))
++ return 0;
++
++ if (is_a_group(data))
++ return add_new_group(data);
++
++ return add_group_key_value(data);
++}
++
++static int __mmap_parse_file(const char *fname, int (*callback)(char *data))
++{
++ GMappedFile *file;
++ GError *err = NULL;
++ gchar *contents;
++ int len;
++ char *delim;
++ int fd, ret = 0;
++
++ fd = g_open(fname, O_RDONLY, 0);
++ if (fd == -1) {
++ ret = -errno;
++ pr_debug("Can't open `%s': %m\n", fname);
++ return ret;
++ }
++
++ file = g_mapped_file_new_from_fd(fd, FALSE, &err);
++ if (err) {
++ pr_err("Can't map `%s' to memory: %s\n", fname, err->message);
++ g_error_free(err);
++ ret = -EINVAL;
++ goto out;
++ }
++
++ contents = g_mapped_file_get_contents(file);
++ if (!contents)
++ goto out;
++
++ len = g_mapped_file_get_length(file);
++ while (len > 0) {
++ delim = strchr(contents, '\n');
++ if (!delim)
++ delim = contents + len - 1;
++
++ if (delim) {
++ size_t sz = delim - contents;
++ char *data;
++
++ if (delim == contents) {
++ contents = delim + 1;
++ len--;
++ continue;
++ }
++
++ if (!sz)
++ break;
++
++ data = g_strndup(contents, sz);
++ ret = callback(data);
++ if (ret) {
++ g_free(data);
++ goto out;
++ }
++
++ g_free(data);
++ contents = delim + 1;
++ len -= (sz + 1);
++ }
++ }
++
++ ret = 0;
++out:
++ if (file)
++ g_mapped_file_unref(file);
++
++ if (fd) {
++ g_close(fd, &err);
++ if (err) {
++ pr_err("Can't close `%s': %s\n", fname, err->message);
++ g_error_free(err);
++ }
++ }
++ return ret;
++}
++
++static int init_smbconf_parser(void)
++{
++ if (parser.groups)
++ return 0;
++
++ parser.groups = g_hash_table_new(shm_share_name_hash,
++ shm_share_name_equal);
++ if (!parser.groups)
++ return -ENOMEM;
++ return 0;
++}
++
++static void release_smbconf_group(gpointer k, gpointer v, gpointer user_data)
++{
++ struct smbconf_group *g = v;
++
++ g_hash_table_destroy(g->kv);
++ g_free(g->name);
++ g_free(g);
++}
++
++static void release_smbconf_parser(void)
++{
++ if (!parser.groups)
++ return;
++
++ g_hash_table_foreach(parser.groups, release_smbconf_group, NULL);
++ g_hash_table_destroy(parser.groups);
++ parser.groups = NULL;
++}
++
++char *cp_ltrim(char *v)
++{
++ if (!v)
++ return NULL;
++
++ while (*v && *v == ' ')
++ v++;
++ if (*v == 0x00)
++ return NULL;
++ return v;
++}
++
++int cp_key_cmp(char *k, char *v)
++{
++ if (!k || !v)
++ return -1;
++ return g_ascii_strncasecmp(k, v, strlen(v));
++}
++
++char *cp_get_group_kv_string(char *v)
++{
++ return g_strdup(v);
++}
++
++int cp_get_group_kv_bool(char *v)
++{
++ if (!g_ascii_strncasecmp(v, "yes", 3) ||
++ !g_ascii_strncasecmp(v, "1", 1) ||
++ !g_ascii_strncasecmp(v, "true", 4) ||
++ !g_ascii_strncasecmp(v, "enable", 6))
++ return 1;
++ return 0;
++}
++
++int cp_get_group_kv_config_opt(char *v)
++{
++ if (!g_ascii_strncasecmp(v, "disabled", 8))
++ return KSMBD_CONFIG_OPT_DISABLED;
++ if (!g_ascii_strncasecmp(v, "enabled", 7))
++ return KSMBD_CONFIG_OPT_ENABLED;
++ if (!g_ascii_strncasecmp(v, "auto", 4))
++ return KSMBD_CONFIG_OPT_AUTO;
++ if (!g_ascii_strncasecmp(v, "mandatory", 9))
++ return KSMBD_CONFIG_OPT_MANDATORY;
++ return KSMBD_CONFIG_OPT_DISABLED;
++}
++
++unsigned long cp_get_group_kv_long_base(char *v, int base)
++{
++ return strtoul(v, NULL, base);
++}
++
++unsigned long cp_get_group_kv_long(char *v)
++{
++ return cp_get_group_kv_long_base(v, 10);
++}
++
++char **cp_get_group_kv_list(char *v)
++{
++ /*
++ * SMB conf lists are "tabs, spaces, commas" separated.
++ */
++ return g_strsplit_set(v, "\t ,", -1);
++}
++
++void cp_group_kv_list_free(char **list)
++{
++ g_strfreev(list);
++}
++
++static int cp_add_global_guest_account(gpointer _v)
++{
++ struct ksmbd_user *user;
++
++ if (usm_add_new_user(cp_get_group_kv_string(_v),
++ g_strdup("NULL"))) {
++ pr_err("Unable to add guest account\n");
++ return -ENOMEM;
++ }
++
++ user = usm_lookup_user(_v);
++ if (!user) {
++ pr_err("Unable to find user `%s'\n", (char *) _v);
++ return -EINVAL;
++ }
++
++ set_user_flag(user, KSMBD_USER_FLAG_GUEST_ACCOUNT);
++ put_ksmbd_user(user);
++ global_conf.guest_account = cp_get_group_kv_string(_v);
++ return 0;
++}
++
++static gboolean global_group_kv(gpointer _k, gpointer _v, gpointer user_data)
++{
++ if (!cp_key_cmp(_k, "server string")) {
++ global_conf.server_string = cp_get_group_kv_string(_v);
++ return TRUE;
++ }
++
++ if (!cp_key_cmp(_k, "workgroup")) {
++ global_conf.work_group = cp_get_group_kv_string(_v);
++ return TRUE;
++ }
++
++ if (!cp_key_cmp(_k, "netbios name")) {
++ global_conf.netbios_name = cp_get_group_kv_string(_v);
++ return TRUE;
++ }
++
++ if (!cp_key_cmp(_k, "server min protocol")) {
++ global_conf.server_min_protocol = cp_get_group_kv_string(_v);
++ return TRUE;
++ }
++
++ if (!cp_key_cmp(_k, "server signing")) {
++ global_conf.server_signing = cp_get_group_kv_config_opt(_v);
++ return TRUE;
++ }
++
++ if (!cp_key_cmp(_k, "server max protocol")) {
++ global_conf.server_max_protocol = cp_get_group_kv_string(_v);
++ return TRUE;
++ }
++
++ if (!cp_key_cmp(_k, "guest account")) {
++ cp_add_global_guest_account(_v);
++ return TRUE;
++ }
++
++ if (!cp_key_cmp(_k, "max active sessions")) {
++ global_conf.sessions_cap = cp_get_group_kv_long(_v);
++ return TRUE;
++ }
++
++ if (!cp_key_cmp(_k, "tcp port")) {
++ if (!global_conf.tcp_port)
++ global_conf.tcp_port = cp_get_group_kv_long(_v);
++ return TRUE;
++ }
++
++ if (!cp_key_cmp(_k, "ipc timeout")) {
++ global_conf.ipc_timeout = cp_get_group_kv_long(_v);
++ return TRUE;
++ }
++
++ if (!cp_key_cmp(_k, "max open files")) {
++ global_conf.file_max = cp_get_group_kv_long(_v);
++ return TRUE;
++ }
++
++ if (!cp_key_cmp(_k, "restrict anonymous")) {
++ global_conf.restrict_anon = cp_get_group_kv_long(_v);
++ if (global_conf.restrict_anon > KSMBD_RESTRICT_ANON_TYPE_2 ||
++ global_conf.restrict_anon < 0) {
++ global_conf.restrict_anon = 0;
++ pr_err("Invalid restrict anonymous value\n");
++ }
++
++ return TRUE;
++ }
++
++ if (!cp_key_cmp(_k, "map to guest")) {
++ global_conf.map_to_guest = KSMBD_CONF_MAP_TO_GUEST_NEVER;
++ if (!cp_key_cmp(_v, "bad user"))
++ global_conf.map_to_guest =
++ KSMBD_CONF_MAP_TO_GUEST_BAD_USER;
++ if (!cp_key_cmp(_v, "bad password"))
++ global_conf.map_to_guest =
++ KSMBD_CONF_MAP_TO_GUEST_BAD_PASSWORD;
++ if (!cp_key_cmp(_v, "bad uid"))
++ global_conf.map_to_guest =
++ KSMBD_CONF_MAP_TO_GUEST_BAD_UID;
++ return TRUE;
++ }
++
++ if (!cp_key_cmp(_k, "bind interfaces only")) {
++ global_conf.bind_interfaces_only = cp_get_group_kv_bool(_v);
++ return TRUE;
++ }
++
++ if (!cp_key_cmp(_k, "interfaces")) {
++ global_conf.interfaces = cp_get_group_kv_list(_v);
++ return TRUE;
++ }
++
++ if (!cp_key_cmp(_k, "deadtime")) {
++ global_conf.deadtime = cp_get_group_kv_long(_v);
++ return TRUE;
++ }
++
++ if (!cp_key_cmp(_k, "smb2 leases")) {
++ if (cp_get_group_kv_bool(_v))
++ global_conf.flags |= KSMBD_GLOBAL_FLAG_SMB2_LEASES;
++ else
++ global_conf.flags &= ~KSMBD_GLOBAL_FLAG_SMB2_LEASES;
++
++ return TRUE;
++ }
++
++ if (!cp_key_cmp(_k, "root directory")) {
++ global_conf.root_dir = cp_get_group_kv_string(_v);
++ return TRUE;
++ }
++
++ if (!cp_key_cmp(_k, "smb2 max read")) {
++ global_conf.smb2_max_read = memparse(_v);
++ return TRUE;
++ }
++
++ if (!cp_key_cmp(_k, "smb2 max write")) {
++ global_conf.smb2_max_write = memparse(_v);
++ return TRUE;
++ }
++
++ if (!cp_key_cmp(_k, "smb2 max trans")) {
++ global_conf.smb2_max_trans = memparse(_v);
++ return TRUE;
++ }
++
++ if (!cp_key_cmp(_k, "smb3 encryption")) {
++ if (cp_get_group_kv_bool(_v))
++ global_conf.flags |= KSMBD_GLOBAL_FLAG_SMB3_ENCRYPTION;
++ else
++ global_conf.flags &= ~KSMBD_GLOBAL_FLAG_SMB3_ENCRYPTION;
++
++ return TRUE;
++ }
++
++ if (!cp_key_cmp(_k, "share:fake_fscaps")) {
++ global_conf.share_fake_fscaps = cp_get_group_kv_long(_v);
++ return TRUE;
++ }
++
++ if (!cp_key_cmp(_k, "kerberos service name")) {
++ global_conf.krb5_service_name = cp_get_group_kv_string(_v);
++ return TRUE;
++ }
++
++ if (!cp_key_cmp(_k, "kerberos keytab file")) {
++ global_conf.krb5_keytab_file = cp_get_group_kv_string(_v);
++ return TRUE;
++ }
++
++ if (!cp_key_cmp(_k, "server multi channel support")) {
++ if (cp_get_group_kv_bool(_v))
++ global_conf.flags |= KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL;
++ else
++ global_conf.flags &= ~KSMBD_GLOBAL_FLAG_SMB3_MULTICHANNEL;
++
++ return TRUE;
++ }
++
++ if (!cp_key_cmp(_k, "smb2 max credits")) {
++ global_conf.smb2_max_credits = memparse(_v);
++ return TRUE;
++ }
++
++ if (!cp_key_cmp(_k, "smbd max io size")) {
++ global_conf.smbd_max_io_size = memparse(_v);
++ return TRUE;
++ }
++
++ /* At this point, this is an option that must be applied to all shares */
++ return FALSE;
++}
++
++static void global_conf_default(void)
++{
++ /* The SPARSE_FILES file system capability flag is set by default */
++ global_conf.share_fake_fscaps = 64;
++}
++
++static void global_conf_create(void)
++{
++ if (!global_group || global_group->cb_mode != GROUPS_CALLBACK_INIT)
++ return;
++
++ /*
++ * This will transfer server options to global_conf, and leave behind
++ * in the global parser group, the options that must be applied to every
++ * share
++ */
++ g_hash_table_foreach_remove(global_group->kv, global_group_kv, NULL);
++}
++
++static void append_key_value(gpointer _k, gpointer _v, gpointer user_data)
++{
++ GHashTable *receiver = (GHashTable *)user_data;
++
++ /* Don't override local share options */
++ if (!g_hash_table_lookup(receiver, _k))
++ g_hash_table_insert(receiver, g_strdup(_k), g_strdup(_v));
++}
++
++static void global_conf_update(struct smbconf_group *group)
++{
++ if (!global_group)
++ return;
++
++ g_hash_table_foreach(global_group->kv, append_key_value, group->kv);
++}
++
++static void global_conf_fixup_missing(void)
++{
++ /*
++ * Set default global parameters which were not specified
++ * in smb.conf
++ */
++ if (!global_conf.file_max)
++ global_conf.file_max = KSMBD_CONF_FILE_MAX;
++ if (!global_conf.server_string)
++ global_conf.server_string =
++ cp_get_group_kv_string(
++ KSMBD_CONF_DEFAULT_SERVER_STRING);
++ if (!global_conf.netbios_name)
++ global_conf.netbios_name =
++ cp_get_group_kv_string(KSMBD_CONF_DEFAULT_NETBIOS_NAME);
++ if (!global_conf.work_group)
++ global_conf.work_group =
++ cp_get_group_kv_string(KSMBD_CONF_DEFAULT_WORK_GROUP);
++ if (!global_conf.tcp_port)
++ global_conf.tcp_port = KSMBD_CONF_DEFAULT_TCP_PORT;
++
++ if (global_conf.sessions_cap <= 0)
++ global_conf.sessions_cap = KSMBD_CONF_DEFAULT_SESS_CAP;
++
++ if (!global_conf.guest_account &&
++ cp_add_global_guest_account(KSMBD_CONF_DEFAULT_GUEST_ACCOUNT))
++ pr_err("Unable to add guest account\n");
++}
++
++static void groups_callback(gpointer _k, gpointer _v, gpointer user_data)
++{
++ struct smbconf_group *group = (struct smbconf_group *)_v;
++ unsigned short cb_mode = *(unsigned short *)user_data;
++
++ if (group == global_group)
++ return;
++
++ group->cb_mode = cb_mode;
++
++ if (group != ipc_group)
++ global_conf_update(group);
++
++ shm_add_new_share(group);
++}
++
++static int cp_add_ipc_group(void)
++{
++ char *comment = NULL, *guest = NULL;
++ int ret = 0;
++
++ if (ipc_group)
++ return ret;
++
++ comment = g_strdup("comment = IPC share");
++ guest = g_strdup("guest ok = yes");
++ ret = add_new_group("[IPC$]");
++ ret |= add_group_key_value(comment);
++ ret |= add_group_key_value(guest);
++ if (ret) {
++ pr_err("Unable to add IPC$ share\n");
++ ret = -EINVAL;
++ goto out;
++ }
++
++ ipc_group = g_hash_table_lookup(parser.groups, "ipc$");
++out:
++ g_free(comment);
++ g_free(guest);
++ return ret;
++}
++
++static int __cp_parse_smbconfig(const char *smbconf, GHFunc cb,
++ unsigned short cb_mode)
++{
++ int ret;
++
++ global_conf_default();
++
++ ret = cp_smbconfig_hash_create(smbconf);
++ if (ret)
++ return ret;
++
++ ret = cp_add_ipc_group();
++ if (ret)
++ goto out;
++
++ global_group = g_hash_table_lookup(parser.groups, "global");
++ if (global_group)
++ global_group->cb_mode = cb_mode;
++
++ global_conf_create();
++ g_hash_table_foreach(parser.groups, groups_callback, &cb_mode);
++ global_conf_fixup_missing();
++out:
++ cp_smbconfig_destroy();
++ return ret;
++}
++
++int cp_parse_reload_smbconf(const char *smbconf)
++{
++ return __cp_parse_smbconfig(smbconf, groups_callback,
++ GROUPS_CALLBACK_REINIT);
++}
++
++int cp_parse_smbconf(const char *smbconf)
++{
++ return __cp_parse_smbconfig(smbconf, groups_callback,
++ GROUPS_CALLBACK_INIT);
++}
++
++int cp_parse_pwddb(const char *pwddb)
++{
++ return __mmap_parse_file(pwddb, usm_add_update_user_from_pwdentry);
++}
++
++int cp_smbconfig_hash_create(const char *smbconf)
++{
++ int ret = init_smbconf_parser();
++
++ if (ret)
++ return ret;
++ return __mmap_parse_file(smbconf, process_smbconf_entry);
++}
++
++int cp_parse_subauth(void)
++{
++ return __mmap_parse_file(PATH_SUBAUTH, usm_add_subauth_global_conf);
++}
++
++void cp_smbconfig_destroy(void)
++{
++ release_smbconf_parser();
++}
++
++int cp_parse_external_smbconf_group(char *name, char *opts)
++{
++ char *pos;
++ int i, len;
++
++ if (init_smbconf_parser())
++ return -EINVAL;
++
++ if (!opts || !name)
++ return -EINVAL;
++
++ len = strlen(opts);
++ /* fake smb.conf input */
++ for (i = 0; i < KSMBD_SHARE_CONF_MAX; i++) {
++ pos = strstr(opts, KSMBD_SHARE_CONF[i]);
++ if (!pos)
++ continue;
++ if (pos != opts)
++ *(pos - 1) = '\n';
++ }
++
++ if (add_new_group(name))
++ goto error;
++
++ /* split input and feed to normal process_smbconf_entry() */
++ while (len) {
++ char *delim = strchr(opts, '\n');
++
++ if (delim) {
++ *delim = 0x00;
++ len -= delim - opts;
++ } else {
++ len = 0;
++ }
++
++ process_smbconf_entry(opts);
++ if (delim)
++ opts = delim + 1;
++ }
++ return 0;
++
++error:
++ cp_smbconfig_destroy();
++ return -EINVAL;
++}
+--- a/lib/management/session.c
++++ /dev/null
+@@ -1,235 +0,0 @@
+-// SPDX-License-Identifier: GPL-2.0-or-later
+-/*
+- * Copyright (C) 2018 Samsung Electronics Co., Ltd.
+- *
+- * linux-cifsd-devel@lists.sourceforge.net
+- */
+-
+-#include <stdlib.h>
+-#include <string.h>
+-#include <glib.h>
+-
+-#include "linux/ksmbd_server.h"
+-#include "management/session.h"
+-#include "management/tree_conn.h"
+-#include "management/user.h"
+-#include "ksmbdtools.h"
+-
+-static GHashTable *sessions_table;
+-static GRWLock sessions_table_lock;
+-
+-static void __free_func(gpointer data, gpointer user_data)
+-{
+- struct ksmbd_tree_conn *tree_conn;
+-
+- tree_conn = (struct ksmbd_tree_conn *)data;
+- tcm_tree_conn_free(tree_conn);
+-}
+-
+-static void kill_ksmbd_session(struct ksmbd_session *sess)
+-{
+- g_list_foreach(sess->tree_conns, __free_func, NULL);
+- g_list_free(sess->tree_conns);
+- g_rw_lock_clear(&sess->update_lock);
+- g_free(sess);
+-}
+-
+-static struct ksmbd_session *new_ksmbd_session(unsigned long long id,
+- struct ksmbd_user *user)
+-{
+- struct ksmbd_session *sess;
+-
+- sess = g_try_malloc0(sizeof(struct ksmbd_session));
+- if (!sess)
+- return NULL;
+-
+- g_rw_lock_init(&sess->update_lock);
+- sess->ref_counter = 1;
+- sess->id = id;
+- sess->user = user;
+- return sess;
+-}
+-
+-static void free_hash_entry(gpointer k, gpointer s, gpointer user_data)
+-{
+- kill_ksmbd_session(s);
+-}
+-
+-static void sm_clear_sessions(void)
+-{
+- g_hash_table_foreach(sessions_table, free_hash_entry, NULL);
+-}
+-
+-static int __sm_remove_session(struct ksmbd_session *sess)
+-{
+- int ret = -EINVAL;
+-
+- g_rw_lock_writer_lock(&sessions_table_lock);
+- if (g_hash_table_remove(sessions_table, &sess->id))
+- ret = 0;
+- g_rw_lock_writer_unlock(&sessions_table_lock);
+-
+- if (!ret)
+- kill_ksmbd_session(sess);
+- return ret;
+-}
+-
+-static struct ksmbd_session *__get_session(struct ksmbd_session *sess)
+-{
+- struct ksmbd_session *ret = NULL;
+-
+- g_rw_lock_writer_lock(&sess->update_lock);
+- if (sess->ref_counter != 0) {
+- sess->ref_counter++;
+- ret = sess;
+- } else {
+- ret = NULL;
+- }
+- g_rw_lock_writer_unlock(&sess->update_lock);
+- return ret;
+-}
+-
+-static void __put_session(struct ksmbd_session *sess)
+-{
+- int drop = 0;
+-
+- g_rw_lock_writer_lock(&sess->update_lock);
+- sess->ref_counter--;
+- drop = !sess->ref_counter;
+- g_rw_lock_writer_unlock(&sess->update_lock);
+-
+- if (drop)
+- __sm_remove_session(sess);
+-}
+-
+-static struct ksmbd_session *__sm_lookup_session(unsigned long long id)
+-{
+- return g_hash_table_lookup(sessions_table, &id);
+-}
+-
+-static struct ksmbd_session *sm_lookup_session(unsigned long long id)
+-{
+- struct ksmbd_session *sess;
+-
+- g_rw_lock_reader_lock(&sessions_table_lock);
+- sess = __sm_lookup_session(id);
+- if (sess)
+- sess = __get_session(sess);
+- g_rw_lock_reader_unlock(&sessions_table_lock);
+- return sess;
+-}
+-
+-int sm_handle_tree_connect(unsigned long long id,
+- struct ksmbd_user *user,
+- struct ksmbd_tree_conn *tree_conn)
+-{
+- struct ksmbd_session *sess, *lookup;
+-
+-retry:
+- sess = sm_lookup_session(id);
+- if (!sess) {
+- sess = new_ksmbd_session(id, user);
+- if (!sess)
+- return -EINVAL;
+-
+- g_rw_lock_writer_lock(&sessions_table_lock);
+- lookup = __sm_lookup_session(id);
+- if (lookup)
+- lookup = __get_session(lookup);
+- if (lookup) {
+- kill_ksmbd_session(sess);
+- sess = lookup;
+- }
+- if (!g_hash_table_insert(sessions_table, &(sess->id), sess)) {
+- kill_ksmbd_session(sess);
+- sess = NULL;
+- }
+- g_rw_lock_writer_unlock(&sessions_table_lock);
+-
+- if (!sess)
+- goto retry;
+- }
+-
+- g_rw_lock_writer_lock(&sess->update_lock);
+- sess->tree_conns = g_list_insert(sess->tree_conns, tree_conn, -1);
+- g_rw_lock_writer_unlock(&sess->update_lock);
+- return 0;
+-}
+-
+-int sm_check_sessions_capacity(unsigned long long id)
+-{
+- int ret = 0;
+- struct ksmbd_session *sess;
+-
+- sess = sm_lookup_session(id);
+- if (sess) {
+- __put_session(sess);
+- return ret;
+- }
+-
+- if (g_atomic_int_add(&global_conf.sessions_cap, -1) < 1) {
+- ret = -EINVAL;
+- g_atomic_int_inc(&global_conf.sessions_cap);
+- }
+- return ret;
+-}
+-
+-static gint lookup_tree_conn(gconstpointer data, gconstpointer user_data)
+-{
+- struct ksmbd_tree_conn *tree_conn = (struct ksmbd_tree_conn *)data;
+- struct ksmbd_tree_conn *dummy = (struct ksmbd_tree_conn *)user_data;
+-
+- if (tree_conn->id == dummy->id)
+- return 0;
+- return 1;
+-}
+-
+-int sm_handle_tree_disconnect(unsigned long long sess_id,
+- unsigned long long tree_conn_id)
+-{
+- struct ksmbd_tree_conn dummy;
+- struct ksmbd_session *sess;
+- GList *tc_list;
+-
+- sess = sm_lookup_session(sess_id);
+- if (!sess)
+- return 0;
+-
+- g_atomic_int_inc(&global_conf.sessions_cap);
+- g_rw_lock_writer_lock(&sess->update_lock);
+- dummy.id = tree_conn_id;
+- tc_list = g_list_find_custom(sess->tree_conns,
+- &dummy,
+- lookup_tree_conn);
+- if (tc_list) {
+- struct ksmbd_tree_conn *tree_conn;
+-
+- tree_conn = (struct ksmbd_tree_conn *)tc_list->data;
+- sess->tree_conns = g_list_remove(sess->tree_conns, tree_conn);
+- sess->ref_counter--;
+- tcm_tree_conn_free(tree_conn);
+- }
+- g_rw_lock_writer_unlock(&sess->update_lock);
+-
+- put_ksmbd_user(sess->user);
+- __put_session(sess);
+- return 0;
+-}
+-
+-void sm_destroy(void)
+-{
+- if (sessions_table) {
+- sm_clear_sessions();
+- g_hash_table_destroy(sessions_table);
+- }
+- g_rw_lock_clear(&sessions_table_lock);
+-}
+-
+-int sm_init(void)
+-{
+- sessions_table = g_hash_table_new(g_int64_hash, g_int64_equal);
+- if (!sessions_table)
+- return -ENOMEM;
+- g_rw_lock_init(&sessions_table_lock);
+- return 0;
+-}
+--- /dev/null
++++ b/tools/management/session.c
+@@ -0,0 +1,235 @@
++// SPDX-License-Identifier: GPL-2.0-or-later
++/*
++ * Copyright (C) 2018 Samsung Electronics Co., Ltd.
++ *
++ * linux-cifsd-devel@lists.sourceforge.net
++ */
++
++#include <stdlib.h>
++#include <string.h>
++#include <glib.h>
++
++#include "linux/ksmbd_server.h"
++#include "management/session.h"
++#include "management/tree_conn.h"
++#include "management/user.h"
++#include "tools.h"
++
++static GHashTable *sessions_table;
++static GRWLock sessions_table_lock;
++
++static void __free_func(gpointer data, gpointer user_data)
++{
++ struct ksmbd_tree_conn *tree_conn;
++
++ tree_conn = (struct ksmbd_tree_conn *)data;
++ tcm_tree_conn_free(tree_conn);
++}
++
++static void kill_ksmbd_session(struct ksmbd_session *sess)
++{
++ g_list_foreach(sess->tree_conns, __free_func, NULL);
++ g_list_free(sess->tree_conns);
++ g_rw_lock_clear(&sess->update_lock);
++ g_free(sess);
++}
++
++static struct ksmbd_session *new_ksmbd_session(unsigned long long id,
++ struct ksmbd_user *user)
++{
++ struct ksmbd_session *sess;
++
++ sess = g_try_malloc0(sizeof(struct ksmbd_session));
++ if (!sess)
++ return NULL;
++
++ g_rw_lock_init(&sess->update_lock);
++ sess->ref_counter = 1;
++ sess->id = id;
++ sess->user = user;
++ return sess;
++}
++
++static void free_hash_entry(gpointer k, gpointer s, gpointer user_data)
++{
++ kill_ksmbd_session(s);
++}
++
++static void sm_clear_sessions(void)
++{
++ g_hash_table_foreach(sessions_table, free_hash_entry, NULL);
++}
++
++static int __sm_remove_session(struct ksmbd_session *sess)
++{
++ int ret = -EINVAL;
++
++ g_rw_lock_writer_lock(&sessions_table_lock);
++ if (g_hash_table_remove(sessions_table, &sess->id))
++ ret = 0;
++ g_rw_lock_writer_unlock(&sessions_table_lock);
++
++ if (!ret)
++ kill_ksmbd_session(sess);
++ return ret;
++}
++
++static struct ksmbd_session *__get_session(struct ksmbd_session *sess)
++{
++ struct ksmbd_session *ret = NULL;
++
++ g_rw_lock_writer_lock(&sess->update_lock);
++ if (sess->ref_counter != 0) {
++ sess->ref_counter++;
++ ret = sess;
++ } else {
++ ret = NULL;
++ }
++ g_rw_lock_writer_unlock(&sess->update_lock);
++ return ret;
++}
++
++static void __put_session(struct ksmbd_session *sess)
++{
++ int drop = 0;
++
++ g_rw_lock_writer_lock(&sess->update_lock);
++ sess->ref_counter--;
++ drop = !sess->ref_counter;
++ g_rw_lock_writer_unlock(&sess->update_lock);
++
++ if (drop)
++ __sm_remove_session(sess);
++}
++
++static struct ksmbd_session *__sm_lookup_session(unsigned long long id)
++{
++ return g_hash_table_lookup(sessions_table, &id);
++}
++
++static struct ksmbd_session *sm_lookup_session(unsigned long long id)
++{
++ struct ksmbd_session *sess;
++
++ g_rw_lock_reader_lock(&sessions_table_lock);
++ sess = __sm_lookup_session(id);
++ if (sess)
++ sess = __get_session(sess);
++ g_rw_lock_reader_unlock(&sessions_table_lock);
++ return sess;
++}
++
++int sm_handle_tree_connect(unsigned long long id,
++ struct ksmbd_user *user,
++ struct ksmbd_tree_conn *tree_conn)
++{
++ struct ksmbd_session *sess, *lookup;
++
++retry:
++ sess = sm_lookup_session(id);
++ if (!sess) {
++ sess = new_ksmbd_session(id, user);
++ if (!sess)
++ return -EINVAL;
++
++ g_rw_lock_writer_lock(&sessions_table_lock);
++ lookup = __sm_lookup_session(id);
++ if (lookup)
++ lookup = __get_session(lookup);
++ if (lookup) {
++ kill_ksmbd_session(sess);
++ sess = lookup;
++ }
++ if (!g_hash_table_insert(sessions_table, &(sess->id), sess)) {
++ kill_ksmbd_session(sess);
++ sess = NULL;
++ }
++ g_rw_lock_writer_unlock(&sessions_table_lock);
++
++ if (!sess)
++ goto retry;
++ }
++
++ g_rw_lock_writer_lock(&sess->update_lock);
++ sess->tree_conns = g_list_insert(sess->tree_conns, tree_conn, -1);
++ g_rw_lock_writer_unlock(&sess->update_lock);
++ return 0;
++}
++
++int sm_check_sessions_capacity(unsigned long long id)
++{
++ int ret = 0;
++ struct ksmbd_session *sess;
++
++ sess = sm_lookup_session(id);
++ if (sess) {
++ __put_session(sess);
++ return ret;
++ }
++
++ if (g_atomic_int_add(&global_conf.sessions_cap, -1) < 1) {
++ ret = -EINVAL;
++ g_atomic_int_inc(&global_conf.sessions_cap);
++ }
++ return ret;
++}
++
++static gint lookup_tree_conn(gconstpointer data, gconstpointer user_data)
++{
++ struct ksmbd_tree_conn *tree_conn = (struct ksmbd_tree_conn *)data;
++ struct ksmbd_tree_conn *dummy = (struct ksmbd_tree_conn *)user_data;
++
++ if (tree_conn->id == dummy->id)
++ return 0;
++ return 1;
++}
++
++int sm_handle_tree_disconnect(unsigned long long sess_id,
++ unsigned long long tree_conn_id)
++{
++ struct ksmbd_tree_conn dummy;
++ struct ksmbd_session *sess;
++ GList *tc_list;
++
++ sess = sm_lookup_session(sess_id);
++ if (!sess)
++ return 0;
++
++ g_atomic_int_inc(&global_conf.sessions_cap);
++ g_rw_lock_writer_lock(&sess->update_lock);
++ dummy.id = tree_conn_id;
++ tc_list = g_list_find_custom(sess->tree_conns,
++ &dummy,
++ lookup_tree_conn);
++ if (tc_list) {
++ struct ksmbd_tree_conn *tree_conn;
++
++ tree_conn = (struct ksmbd_tree_conn *)tc_list->data;
++ sess->tree_conns = g_list_remove(sess->tree_conns, tree_conn);
++ sess->ref_counter--;
++ tcm_tree_conn_free(tree_conn);
++ }
++ g_rw_lock_writer_unlock(&sess->update_lock);
++
++ put_ksmbd_user(sess->user);
++ __put_session(sess);
++ return 0;
++}
++
++void sm_destroy(void)
++{
++ if (sessions_table) {
++ sm_clear_sessions();
++ g_hash_table_destroy(sessions_table);
++ }
++ g_rw_lock_clear(&sessions_table_lock);
++}
++
++int sm_init(void)
++{
++ sessions_table = g_hash_table_new(g_int64_hash, g_int64_equal);
++ if (!sessions_table)
++ return -ENOMEM;
++ g_rw_lock_init(&sessions_table_lock);
++ return 0;
++}
+--- a/lib/management/share.c
++++ /dev/null
+@@ -1,868 +0,0 @@
+-// SPDX-License-Identifier: GPL-2.0-or-later
+-/*
+- * Copyright (C) 2018 Samsung Electronics Co., Ltd.
+- *
+- * linux-cifsd-devel@lists.sourceforge.net
+- */
+-
+-#include <stdlib.h>
+-#include <string.h>
+-#include <glib.h>
+-#include <sys/types.h>
+-#include <pwd.h>
+-#include <grp.h>
+-
+-#include "config_parser.h"
+-#include "linux/ksmbd_server.h"
+-#include "management/share.h"
+-#include "management/user.h"
+-#include "ksmbdtools.h"
+-
+-#define KSMBD_SHARE_STATE_FREEING 1
+-
+-/*
+- * WARNING:
+- *
+- * This must match KSMBD_SHARE_CONF enum 1:1.
+- * Add new entries ONLY to the bottom.
+- */
+-char *KSMBD_SHARE_CONF[KSMBD_SHARE_CONF_MAX] = {
+- "comment", /* 0 */
+- "path",
+- "guest ok",
+- "guest account",
+- "read only",
+- "browseable", /* 5 */
+- "write ok",
+- "writeable",
+- "store dos attributes",
+- "oplocks",
+- "create mask", /* 10 */
+- "directory mask",
+- "force create mode",
+- "force directory mode",
+- "force group",
+- "force user", /* 15 */
+- "hide dot files",
+- "valid users",
+- "invalid users",
+- "read list",
+- "write list", /* 20 */
+- "admin users",
+- "hosts allow",
+- "hosts deny",
+- "max connections",
+- "veto files", /* 25 */
+- "inherit owner",
+- "follow symlinks",
+- "vfs objects",
+- "writable",
+-};
+-
+-static GHashTable *shares_table;
+-static GRWLock shares_table_lock;
+-
+-int shm_share_config(char *k, enum KSMBD_SHARE_CONF c)
+-{
+- if (c >= KSMBD_SHARE_CONF_MAX)
+- return 0;
+-
+- return !cp_key_cmp(k, KSMBD_SHARE_CONF[c]);
+-}
+-
+-static void list_hosts_callback(gpointer k, gpointer v, gpointer user_data)
+-{
+- free(k);
+- free(v);
+-}
+-
+-static void free_hosts_map(GHashTable *map)
+-{
+- if (map) {
+- g_hash_table_foreach(map, list_hosts_callback, NULL);
+- g_hash_table_destroy(map);
+- }
+-}
+-
+-static void list_user_callback(gpointer k, gpointer u, gpointer user_data)
+-{
+- put_ksmbd_user((struct ksmbd_user *)u);
+-}
+-
+-static void free_user_map(GHashTable *map)
+-{
+- if (map) {
+- g_hash_table_foreach(map, list_user_callback, NULL);
+- g_hash_table_destroy(map);
+- }
+-}
+-
+-static void kill_ksmbd_share(struct ksmbd_share *share)
+-{
+- int i;
+-
+- pr_debug("Kill share `%s'\n", share->name);
+-
+- for (i = 0; i < KSMBD_SHARE_USERS_MAX; i++)
+- free_user_map(share->maps[i]);
+-
+- free_hosts_map(share->hosts_allow_map);
+- free_hosts_map(share->hosts_deny_map);
+-
+- g_rw_lock_clear(&share->maps_lock);
+-
+- free(share->name);
+- free(share->path);
+- free(share->comment);
+- free(share->veto_list);
+- free(share->guest_account);
+- g_rw_lock_clear(&share->update_lock);
+- g_free(share);
+-}
+-
+-static int __shm_remove_share(struct ksmbd_share *share)
+-{
+- int ret = 0;
+-
+- if (share->state != KSMBD_SHARE_STATE_FREEING) {
+- g_rw_lock_writer_lock(&shares_table_lock);
+- if (!g_hash_table_remove(shares_table, share->name))
+- ret = -EINVAL;
+- g_rw_lock_writer_unlock(&shares_table_lock);
+- }
+- if (!ret)
+- kill_ksmbd_share(share);
+- return ret;
+-}
+-
+-struct ksmbd_share *get_ksmbd_share(struct ksmbd_share *share)
+-{
+- g_rw_lock_writer_lock(&share->update_lock);
+- if (share->ref_count != 0) {
+- share->ref_count++;
+- g_rw_lock_writer_unlock(&share->update_lock);
+- } else {
+- g_rw_lock_writer_unlock(&share->update_lock);
+- share = NULL;
+- }
+-
+- return share;
+-}
+-
+-void put_ksmbd_share(struct ksmbd_share *share)
+-{
+- int drop;
+-
+- if (!share)
+- return;
+-
+- g_rw_lock_writer_lock(&share->update_lock);
+- share->ref_count--;
+- drop = !share->ref_count;
+- g_rw_lock_writer_unlock(&share->update_lock);
+-
+- if (!drop)
+- return;
+-
+- __shm_remove_share(share);
+-}
+-
+-static gboolean put_share_callback(gpointer _k, gpointer _v, gpointer data)
+-{
+- struct ksmbd_share *share = (struct ksmbd_share *)_v;
+-
+- share->state = KSMBD_SHARE_STATE_FREEING;
+- put_ksmbd_share(share);
+- return TRUE;
+-}
+-
+-void shm_remove_all_shares(void)
+-{
+- g_rw_lock_writer_lock(&shares_table_lock);
+- g_hash_table_foreach_remove(shares_table, put_share_callback, NULL);
+- g_rw_lock_writer_unlock(&shares_table_lock);
+-}
+-
+-static struct ksmbd_share *new_ksmbd_share(void)
+-{
+- struct ksmbd_share *share;
+- int i;
+-
+- share = g_try_malloc0(sizeof(struct ksmbd_share));
+- if (!share)
+- return NULL;
+-
+- share->ref_count = 1;
+- /*
+- * Create maps as needed. NULL maps means that share
+- * does not have a corresponding shmbconf entry.
+- */
+- for (i = 0; i < KSMBD_SHARE_USERS_MAX; i++)
+- share->maps[i] = NULL;
+-
+- share->hosts_allow_map = NULL;
+- share->hosts_deny_map = NULL;
+- g_rw_lock_init(&share->maps_lock);
+- g_rw_lock_init(&share->update_lock);
+-
+- return share;
+-}
+-
+-static void free_hash_entry(gpointer k, gpointer s, gpointer user_data)
+-{
+- kill_ksmbd_share(s);
+-}
+-
+-static void shm_clear_shares(void)
+-{
+- g_hash_table_foreach(shares_table, free_hash_entry, NULL);
+-}
+-
+-void shm_destroy(void)
+-{
+- if (shares_table) {
+- shm_clear_shares();
+- g_hash_table_destroy(shares_table);
+- }
+- g_rw_lock_clear(&shares_table_lock);
+-}
+-
+-static char *shm_casefold_share_name(const char *name, size_t len)
+-{
+- char *nfdi_name, *nfdicf_name;
+-
+- nfdi_name = g_utf8_normalize(name, len, G_NORMALIZE_NFD);
+- if (!nfdi_name)
+- goto out_ascii;
+-
+- nfdicf_name = g_utf8_casefold(nfdi_name, strlen(nfdi_name));
+- g_free(nfdi_name);
+- return nfdicf_name;
+-out_ascii:
+- g_free(nfdi_name);
+- return g_ascii_strdown(name, len);
+-}
+-
+-guint shm_share_name_hash(gconstpointer name)
+-{
+- char *cf_name;
+- guint hash;
+-
+- cf_name = shm_casefold_share_name(name, strlen(name));
+- hash = g_str_hash(cf_name);
+- g_free(cf_name);
+- return hash;
+-}
+-
+-gboolean shm_share_name_equal(gconstpointer lname, gconstpointer rname)
+-{
+- char *cf_lname, *cf_rname;
+- gboolean equal;
+-
+- cf_lname = shm_casefold_share_name(lname, strlen(lname));
+- cf_rname = shm_casefold_share_name(rname, strlen(rname));
+- equal = g_str_equal(cf_lname, cf_rname);
+- g_free(cf_lname);
+- g_free(cf_rname);
+- return equal;
+-}
+-
+-int shm_init(void)
+-{
+- shares_table = g_hash_table_new(shm_share_name_hash,
+- shm_share_name_equal);
+- if (!shares_table)
+- return -ENOMEM;
+- g_rw_lock_init(&shares_table_lock);
+- return 0;
+-}
+-
+-static struct ksmbd_share *__shm_lookup_share(char *name)
+-{
+- return g_hash_table_lookup(shares_table, name);
+-}
+-
+-struct ksmbd_share *shm_lookup_share(char *name)
+-{
+- struct ksmbd_share *share, *ret;
+-
+- g_rw_lock_reader_lock(&shares_table_lock);
+- share = __shm_lookup_share(name);
+- if (share) {
+- ret = get_ksmbd_share(share);
+- if (!ret)
+- share = NULL;
+- }
+- g_rw_lock_reader_unlock(&shares_table_lock);
+- return share;
+-}
+-
+-static GHashTable *parse_list(GHashTable *map, char **list, char grc)
+-{
+- int i;
+-
+- if (!list)
+- return map;
+-
+- if (!map)
+- map = g_hash_table_new(g_str_hash, g_str_equal);
+- if (!map)
+- return map;
+-
+- for (i = 0; list[i] != NULL; i++) {
+- struct ksmbd_user *user;
+- char *p = list[i];
+-
+- p = cp_ltrim(p);
+- if (!p)
+- continue;
+-
+- if (*p == grc) {
+- struct group *gr;
+-
+- gr = getgrnam(p + 1);
+- if (gr)
+- parse_list(map, gr->gr_mem, 0x00);
+- continue;
+- }
+-
+- user = usm_lookup_user(p);
+- if (!user) {
+- pr_info("Drop non-existing user `%s'\n", p);
+- continue;
+- }
+-
+- if (g_hash_table_lookup(map, user->name)) {
+- pr_debug("User `%s' already exists in a map\n",
+- user->name);
+- continue;
+- }
+-
+- g_hash_table_insert(map, user->name, user);
+- }
+-
+- return map;
+-}
+-
+-static void make_veto_list(struct ksmbd_share *share)
+-{
+- int i;
+-
+- for (i = 0; i < share->veto_list_sz; i++) {
+- if (share->veto_list[i] == '/')
+- share->veto_list[i] = 0x00;
+- }
+-}
+-
+-static void force_group(struct ksmbd_share *share, char *name)
+-{
+- struct group *grp;
+-
+- grp = getgrnam(name);
+- if (grp) {
+- share->force_gid = grp->gr_gid;
+- if (share->force_gid == KSMBD_SHARE_INVALID_GID)
+- pr_err("Invalid force GID: %u\n", share->force_gid);
+- } else
+- pr_err("Unable to lookup up `/etc/group' entry: %s\n", name);
+-}
+-
+-static void force_user(struct ksmbd_share *share, char *name)
+-{
+- struct passwd *passwd;
+-
+- passwd = getpwnam(name);
+- if (passwd) {
+- share->force_uid = passwd->pw_uid;
+- /*
+- * smb.conf 'force group' has higher priority than
+- * 'force user'.
+- */
+- if (share->force_gid == KSMBD_SHARE_INVALID_GID)
+- share->force_gid = passwd->pw_gid;
+- if (share->force_uid == KSMBD_SHARE_INVALID_UID ||
+- share->force_gid == KSMBD_SHARE_INVALID_GID)
+- pr_err("Invalid force UID/GID: %u/%u\n",
+- share->force_uid, share->force_gid);
+- } else {
+- pr_err("Unable to lookup up `/etc/passwd' entry: %s\n", name);
+- }
+-}
+-
+-static void process_group_kv(gpointer _k, gpointer _v, gpointer user_data)
+-{
+- struct ksmbd_share *share = user_data;
+- char *k = _k;
+- char *v = _v;
+-
+- if (shm_share_config(k, KSMBD_SHARE_CONF_COMMENT)) {
+- share->comment = cp_get_group_kv_string(v);
+- if (share->comment == NULL)
+- set_share_flag(share, KSMBD_SHARE_FLAG_INVALID);
+- return;
+- }
+-
+- if (shm_share_config(k, KSMBD_SHARE_CONF_PATH)) {
+- share->path = cp_get_group_kv_string(v);
+- if (share->path == NULL)
+- set_share_flag(share, KSMBD_SHARE_FLAG_INVALID);
+- return;
+- }
+-
+- if (shm_share_config(k, KSMBD_SHARE_CONF_GUEST_OK)) {
+- if (cp_get_group_kv_bool(v))
+- set_share_flag(share, KSMBD_SHARE_FLAG_GUEST_OK);
+- return;
+- }
+-
+- if (shm_share_config(k, KSMBD_SHARE_CONF_GUEST_ACCOUNT)) {
+- struct ksmbd_user *user;
+-
+- if (usm_add_new_user(cp_get_group_kv_string(_v),
+- g_strdup("NULL"))) {
+- pr_err("Unable to add guest account\n");
+- set_share_flag(share, KSMBD_SHARE_FLAG_INVALID);
+- return;
+- }
+-
+- user = usm_lookup_user(_v);
+- if (user) {
+- set_user_flag(user, KSMBD_USER_FLAG_GUEST_ACCOUNT);
+- put_ksmbd_user(user);
+- }
+- share->guest_account = cp_get_group_kv_string(_v);
+- if (!share->guest_account)
+- set_share_flag(share, KSMBD_SHARE_FLAG_INVALID);
+- return;
+- }
+-
+- if (shm_share_config(k, KSMBD_SHARE_CONF_READ_ONLY)) {
+- if (cp_get_group_kv_bool(v)) {
+- set_share_flag(share, KSMBD_SHARE_FLAG_READONLY);
+- clear_share_flag(share, KSMBD_SHARE_FLAG_WRITEABLE);
+- } else {
+- clear_share_flag(share, KSMBD_SHARE_FLAG_READONLY);
+- set_share_flag(share, KSMBD_SHARE_FLAG_WRITEABLE);
+- }
+- return;
+- }
+-
+- if (shm_share_config(k, KSMBD_SHARE_CONF_BROWSEABLE)) {
+- if (cp_get_group_kv_bool(v))
+- set_share_flag(share, KSMBD_SHARE_FLAG_BROWSEABLE);
+- else
+- clear_share_flag(share, KSMBD_SHARE_FLAG_BROWSEABLE);
+- return;
+- }
+-
+- if (shm_share_config(k, KSMBD_SHARE_CONF_WRITE_OK) ||
+- shm_share_config(k, KSMBD_SHARE_CONF_WRITEABLE) ||
+- shm_share_config(k, KSMBD_SHARE_CONF_WRITABLE)) {
+- if (cp_get_group_kv_bool(v))
+- set_share_flag(share, KSMBD_SHARE_FLAG_WRITEABLE);
+- else
+- clear_share_flag(share, KSMBD_SHARE_FLAG_WRITEABLE);
+- return;
+- }
+-
+- if (shm_share_config(k, KSMBD_SHARE_CONF_STORE_DOS_ATTRIBUTES)) {
+- if (cp_get_group_kv_bool(v))
+- set_share_flag(share, KSMBD_SHARE_FLAG_STORE_DOS_ATTRS);
+- else
+- clear_share_flag(share,
+- KSMBD_SHARE_FLAG_STORE_DOS_ATTRS);
+- return;
+- }
+-
+- if (shm_share_config(k, KSMBD_SHARE_CONF_OPLOCKS)) {
+- if (cp_get_group_kv_bool(v))
+- set_share_flag(share, KSMBD_SHARE_FLAG_OPLOCKS);
+- else
+- clear_share_flag(share, KSMBD_SHARE_FLAG_OPLOCKS);
+- return;
+- }
+-
+- if (shm_share_config(k, KSMBD_SHARE_CONF_CREATE_MASK)) {
+- share->create_mask = cp_get_group_kv_long_base(v, 8);
+- return;
+- }
+-
+- if (shm_share_config(k, KSMBD_SHARE_CONF_DIRECTORY_MASK)) {
+- share->directory_mask = cp_get_group_kv_long_base(v, 8);
+- return;
+- }
+-
+- if (shm_share_config(k, KSMBD_SHARE_CONF_FORCE_CREATE_MODE)) {
+- share->force_create_mode = cp_get_group_kv_long_base(v, 8);
+- return;
+- }
+-
+- if (shm_share_config(k, KSMBD_SHARE_CONF_FORCE_DIRECTORY_MODE)) {
+- share->force_directory_mode = cp_get_group_kv_long_base(v, 8);
+- return;
+- }
+-
+- if (shm_share_config(k, KSMBD_SHARE_CONF_FORCE_GROUP)) {
+- force_group(share, v);
+- return;
+- }
+-
+- if (shm_share_config(k, KSMBD_SHARE_CONF_FORCE_USER)) {
+- force_user(share, v);
+- return;
+- }
+-
+- if (shm_share_config(k, KSMBD_SHARE_CONF_HIDE_DOT_FILES)) {
+- if (cp_get_group_kv_bool(v))
+- set_share_flag(share, KSMBD_SHARE_FLAG_HIDE_DOT_FILES);
+- else
+- clear_share_flag(share,
+- KSMBD_SHARE_FLAG_HIDE_DOT_FILES);
+- }
+-
+- if (shm_share_config(k, KSMBD_SHARE_CONF_VALID_USERS)) {
+- char **users_list;
+-
+- users_list = cp_get_group_kv_list(v);
+- share->maps[KSMBD_SHARE_VALID_USERS_MAP] =
+- parse_list(share->maps[KSMBD_SHARE_VALID_USERS_MAP],
+- users_list, '@');
+- if (share->maps[KSMBD_SHARE_VALID_USERS_MAP] == NULL)
+- set_share_flag(share, KSMBD_SHARE_FLAG_INVALID);
+- cp_group_kv_list_free(users_list);
+- return;
+- }
+-
+- if (shm_share_config(k, KSMBD_SHARE_CONF_INVALID_USERS)) {
+- char **users_list;
+-
+- users_list = cp_get_group_kv_list(v);
+- share->maps[KSMBD_SHARE_INVALID_USERS_MAP] =
+- parse_list(share->maps[KSMBD_SHARE_INVALID_USERS_MAP],
+- users_list, '@');
+- if (share->maps[KSMBD_SHARE_INVALID_USERS_MAP] == NULL)
+- set_share_flag(share, KSMBD_SHARE_FLAG_INVALID);
+- cp_group_kv_list_free(users_list);
+- return;
+- }
+-
+- if (shm_share_config(k, KSMBD_SHARE_CONF_READ_LIST)) {
+- char **users_list;
+-
+- users_list = cp_get_group_kv_list(v);
+- share->maps[KSMBD_SHARE_READ_LIST_MAP] =
+- parse_list(share->maps[KSMBD_SHARE_READ_LIST_MAP],
+- users_list, '@');
+- if (share->maps[KSMBD_SHARE_READ_LIST_MAP] == NULL)
+- set_share_flag(share, KSMBD_SHARE_FLAG_INVALID);
+- cp_group_kv_list_free(users_list);
+- return;
+- }
+-
+- if (shm_share_config(k, KSMBD_SHARE_CONF_WRITE_LIST)) {
+- char **users_list;
+-
+- users_list = cp_get_group_kv_list(v);
+- share->maps[KSMBD_SHARE_WRITE_LIST_MAP] =
+- parse_list(share->maps[KSMBD_SHARE_WRITE_LIST_MAP],
+- users_list, '@');
+- if (share->maps[KSMBD_SHARE_WRITE_LIST_MAP] == NULL)
+- set_share_flag(share, KSMBD_SHARE_FLAG_INVALID);
+- cp_group_kv_list_free(users_list);
+- return;
+- }
+-
+- if (shm_share_config(k, KSMBD_SHARE_CONF_ADMIN_USERS)) {
+- char **users_list;
+-
+- users_list = cp_get_group_kv_list(v);
+- share->maps[KSMBD_SHARE_ADMIN_USERS_MAP] =
+- parse_list(share->maps[KSMBD_SHARE_ADMIN_USERS_MAP],
+- users_list, '@');
+- if (share->maps[KSMBD_SHARE_ADMIN_USERS_MAP] == NULL)
+- set_share_flag(share, KSMBD_SHARE_FLAG_INVALID);
+- cp_group_kv_list_free(users_list);
+- return;
+- }
+-
+- if (shm_share_config(k, KSMBD_SHARE_CONF_HOSTS_ALLOW)) {
+- char **hosts_list;
+-
+- hosts_list = cp_get_group_kv_list(v);
+- share->hosts_allow_map = parse_list(share->hosts_allow_map,
+- hosts_list, 0x00);
+- if (share->hosts_allow_map == NULL)
+- set_share_flag(share, KSMBD_SHARE_FLAG_INVALID);
+- cp_group_kv_list_free(hosts_list);
+- return;
+- }
+-
+- if (shm_share_config(k, KSMBD_SHARE_CONF_HOSTS_DENY)) {
+- char **hosts_list;
+-
+- hosts_list = cp_get_group_kv_list(v);
+- share->hosts_deny_map = parse_list(share->hosts_deny_map,
+- hosts_list, 0x00);
+- if (share->hosts_deny_map == NULL)
+- set_share_flag(share, KSMBD_SHARE_FLAG_INVALID);
+- cp_group_kv_list_free(hosts_list);
+- return;
+- }
+-
+- if (shm_share_config(k, KSMBD_SHARE_CONF_MAX_CONNECTIONS)) {
+- share->max_connections = cp_get_group_kv_long_base(v, 10);
+- return;
+- }
+-
+- if (shm_share_config(k, KSMBD_SHARE_CONF_VETO_FILES)) {
+- share->veto_list = cp_get_group_kv_string(v + 1);
+- if (share->veto_list == NULL) {
+- set_share_flag(share, KSMBD_SHARE_FLAG_INVALID);
+- } else {
+- share->veto_list_sz = strlen(share->veto_list);
+- make_veto_list(share);
+- }
+- return;
+- }
+-
+- if (shm_share_config(k, KSMBD_SHARE_CONF_INHERIT_OWNER)) {
+- if (cp_get_group_kv_bool(v))
+- set_share_flag(share, KSMBD_SHARE_FLAG_INHERIT_OWNER);
+- else
+- clear_share_flag(share, KSMBD_SHARE_FLAG_INHERIT_OWNER);
+- }
+-
+- if (shm_share_config(k, KSMBD_SHARE_CONF_VFS_OBJECTS)) {
+- char *p;
+- int i;
+- char **objects = cp_get_group_kv_list(v);
+-
+- if (objects) {
+- clear_share_flag(share, KSMBD_SHARE_FLAG_ACL_XATTR);
+- clear_share_flag(share, KSMBD_SHARE_FLAG_STREAMS);
+- for (i = 0; objects[i] != NULL; i++) {
+- p = cp_ltrim(objects[i]);
+- if (!p)
+- continue;
+- if (!strcmp(p, "acl_xattr"))
+- set_share_flag(share, KSMBD_SHARE_FLAG_ACL_XATTR);
+- else if (!strcmp(p, "streams_xattr"))
+- set_share_flag(share, KSMBD_SHARE_FLAG_STREAMS);
+- }
+- cp_group_kv_list_free(objects);
+- }
+- }
+-
+-}
+-
+-static void fixup_missing_fields(struct ksmbd_share *share)
+-{
+- if (!share->comment)
+- share->comment = strdup("");
+-}
+-
+-static void init_share_from_group(struct ksmbd_share *share,
+- struct smbconf_group *group)
+-{
+- share->name = g_strdup(group->name);
+- share->create_mask = KSMBD_SHARE_DEFAULT_CREATE_MASK;
+- share->directory_mask = KSMBD_SHARE_DEFAULT_DIRECTORY_MASK;
+- share->force_create_mode = 0;
+- share->force_directory_mode = 0;
+-
+- share->force_uid = KSMBD_SHARE_INVALID_UID;
+- share->force_gid = KSMBD_SHARE_INVALID_GID;
+-
+- set_share_flag(share, KSMBD_SHARE_FLAG_AVAILABLE);
+- set_share_flag(share, KSMBD_SHARE_FLAG_BROWSEABLE);
+- set_share_flag(share, KSMBD_SHARE_FLAG_READONLY);
+- set_share_flag(share, KSMBD_SHARE_FLAG_HIDE_DOT_FILES);
+- set_share_flag(share, KSMBD_SHARE_FLAG_OPLOCKS);
+- set_share_flag(share, KSMBD_SHARE_FLAG_STORE_DOS_ATTRS);
+-
+- if (!g_ascii_strcasecmp(share->name, "ipc$"))
+- set_share_flag(share, KSMBD_SHARE_FLAG_PIPE);
+-
+- if (group->cb_mode == GROUPS_CALLBACK_REINIT)
+- set_share_flag(share, KSMBD_SHARE_FLAG_UPDATE);
+-
+- g_hash_table_foreach(group->kv, process_group_kv, share);
+-
+- fixup_missing_fields(share);
+-}
+-
+-int shm_add_new_share(struct smbconf_group *group)
+-{
+- int ret = 0;
+- struct ksmbd_share *share = new_ksmbd_share();
+-
+- if (!share)
+- return -ENOMEM;
+-
+- init_share_from_group(share, group);
+- if (test_share_flag(share, KSMBD_SHARE_FLAG_INVALID)) {
+- pr_err("Share `%s' is invalid\n", share->name);
+- kill_ksmbd_share(share);
+- return 0;
+- }
+-
+- g_rw_lock_writer_lock(&shares_table_lock);
+- if (__shm_lookup_share(share->name)) {
+- g_rw_lock_writer_unlock(&shares_table_lock);
+- pr_info("Share `%s' already exists\n", share->name);
+- kill_ksmbd_share(share);
+- return 0;
+- }
+-
+- pr_debug("New share `%s'\n", share->name);
+- if (!g_hash_table_insert(shares_table, share->name, share)) {
+- kill_ksmbd_share(share);
+- ret = -EINVAL;
+- }
+- g_rw_lock_writer_unlock(&shares_table_lock);
+- return ret;
+-}
+-
+-int shm_lookup_users_map(struct ksmbd_share *share,
+- enum share_users map,
+- char *name)
+-{
+- int ret = -ENOENT;
+-
+- if (map >= KSMBD_SHARE_USERS_MAX) {
+- pr_err("Invalid users map index: %d\n", map);
+- return 0;
+- }
+-
+- if (!share->maps[map])
+- return -EINVAL;
+-
+- g_rw_lock_reader_lock(&share->maps_lock);
+- if (g_hash_table_lookup(share->maps[map], name))
+- ret = 0;
+- g_rw_lock_reader_unlock(&share->maps_lock);
+-
+- return ret;
+-}
+-
+-/*
+- * FIXME
+- * Do a real hosts lookup. IP masks, etc.
+- */
+-int shm_lookup_hosts_map(struct ksmbd_share *share,
+- enum share_hosts map,
+- char *host)
+-{
+- GHashTable *lookup_map = NULL;
+- int ret = -ENOENT;
+-
+- if (map >= KSMBD_SHARE_HOSTS_MAX) {
+- pr_err("Invalid hosts map index: %d\n", map);
+- return 0;
+- }
+-
+- if (map == KSMBD_SHARE_HOSTS_ALLOW_MAP)
+- lookup_map = share->hosts_allow_map;
+- if (map == KSMBD_SHARE_HOSTS_DENY_MAP)
+- lookup_map = share->hosts_deny_map;
+-
+- if (!lookup_map)
+- return -EINVAL;
+-
+- g_rw_lock_reader_lock(&share->maps_lock);
+- if (g_hash_table_lookup(lookup_map, host))
+- ret = 0;
+- g_rw_lock_reader_unlock(&share->maps_lock);
+-
+- return ret;
+-}
+-
+-int shm_open_connection(struct ksmbd_share *share)
+-{
+- int ret = 0;
+-
+- g_rw_lock_writer_lock(&share->update_lock);
+- share->num_connections++;
+- if (share->max_connections) {
+- if (share->num_connections >= share->max_connections)
+- ret = -EINVAL;
+- }
+- g_rw_lock_writer_unlock(&share->update_lock);
+- return ret;
+-}
+-
+-int shm_close_connection(struct ksmbd_share *share)
+-{
+- if (!share)
+- return 0;
+-
+- g_rw_lock_writer_lock(&share->update_lock);
+- share->num_connections--;
+- g_rw_lock_writer_unlock(&share->update_lock);
+- return 0;
+-}
+-
+-void for_each_ksmbd_share(walk_shares cb, gpointer user_data)
+-{
+- g_rw_lock_reader_lock(&shares_table_lock);
+- g_hash_table_foreach(shares_table, cb, user_data);
+- g_rw_lock_reader_unlock(&shares_table_lock);
+-}
+-
+-int shm_share_config_payload_size(struct ksmbd_share *share)
+-{
+- int sz = 1;
+-
+- if (share && !test_share_flag(share, KSMBD_SHARE_FLAG_PIPE)) {
+- if (share->path)
+- sz += strlen(share->path);
+- if (global_conf.root_dir)
+- sz += strlen(global_conf.root_dir) + 1;
+- if (share->veto_list_sz)
+- sz += share->veto_list_sz + 1;
+- }
+-
+- return sz;
+-}
+-
+-int shm_handle_share_config_request(struct ksmbd_share *share,
+- struct ksmbd_share_config_response *resp)
+-{
+- unsigned char *config_payload;
+-
+- if (!share)
+- return -EINVAL;
+-
+- resp->flags = share->flags;
+- resp->create_mask = share->create_mask;
+- resp->directory_mask = share->directory_mask;
+- resp->force_create_mode = share->force_create_mode;
+- resp->force_directory_mode = share->force_directory_mode;
+- resp->force_uid = share->force_uid;
+- resp->force_gid = share->force_gid;
+- *resp->share_name = 0x00;
+- strncat(resp->share_name, share->name, KSMBD_REQ_MAX_SHARE_NAME - 1);
+- resp->veto_list_sz = share->veto_list_sz;
+-
+- if (test_share_flag(share, KSMBD_SHARE_FLAG_PIPE))
+- return 0;
+-
+- if (!share->path)
+- return 0;
+-
+- config_payload = KSMBD_SHARE_CONFIG_VETO_LIST(resp);
+- if (resp->veto_list_sz) {
+- memcpy(config_payload,
+- share->veto_list,
+- resp->veto_list_sz);
+- config_payload += resp->veto_list_sz + 1;
+- }
+- if (global_conf.root_dir)
+- sprintf(config_payload,
+- "%s%s",
+- global_conf.root_dir,
+- share->path);
+- else
+- sprintf(config_payload, "%s", share->path);
+- return 0;
+-}
+--- /dev/null
++++ b/tools/management/share.c
+@@ -0,0 +1,868 @@
++// SPDX-License-Identifier: GPL-2.0-or-later
++/*
++ * Copyright (C) 2018 Samsung Electronics Co., Ltd.
++ *
++ * linux-cifsd-devel@lists.sourceforge.net
++ */
++
++#include <stdlib.h>
++#include <string.h>
++#include <glib.h>
++#include <sys/types.h>
++#include <pwd.h>
++#include <grp.h>
++
++#include "config_parser.h"
++#include "linux/ksmbd_server.h"
++#include "management/share.h"
++#include "management/user.h"
++#include "tools.h"
++
++#define KSMBD_SHARE_STATE_FREEING 1
++
++/*
++ * WARNING:
++ *
++ * This must match KSMBD_SHARE_CONF enum 1:1.
++ * Add new entries ONLY to the bottom.
++ */
++char *KSMBD_SHARE_CONF[KSMBD_SHARE_CONF_MAX] = {
++ "comment", /* 0 */
++ "path",
++ "guest ok",
++ "guest account",
++ "read only",
++ "browseable", /* 5 */
++ "write ok",
++ "writeable",
++ "store dos attributes",
++ "oplocks",
++ "create mask", /* 10 */
++ "directory mask",
++ "force create mode",
++ "force directory mode",
++ "force group",
++ "force user", /* 15 */
++ "hide dot files",
++ "valid users",
++ "invalid users",
++ "read list",
++ "write list", /* 20 */
++ "admin users",
++ "hosts allow",
++ "hosts deny",
++ "max connections",
++ "veto files", /* 25 */
++ "inherit owner",
++ "follow symlinks",
++ "vfs objects",
++ "writable",
++};
++
++static GHashTable *shares_table;
++static GRWLock shares_table_lock;
++
++int shm_share_config(char *k, enum KSMBD_SHARE_CONF c)
++{
++ if (c >= KSMBD_SHARE_CONF_MAX)
++ return 0;
++
++ return !cp_key_cmp(k, KSMBD_SHARE_CONF[c]);
++}
++
++static void list_hosts_callback(gpointer k, gpointer v, gpointer user_data)
++{
++ free(k);
++ free(v);
++}
++
++static void free_hosts_map(GHashTable *map)
++{
++ if (map) {
++ g_hash_table_foreach(map, list_hosts_callback, NULL);
++ g_hash_table_destroy(map);
++ }
++}
++
++static void list_user_callback(gpointer k, gpointer u, gpointer user_data)
++{
++ put_ksmbd_user((struct ksmbd_user *)u);
++}
++
++static void free_user_map(GHashTable *map)
++{
++ if (map) {
++ g_hash_table_foreach(map, list_user_callback, NULL);
++ g_hash_table_destroy(map);
++ }
++}
++
++static void kill_ksmbd_share(struct ksmbd_share *share)
++{
++ int i;
++
++ pr_debug("Kill share `%s'\n", share->name);
++
++ for (i = 0; i < KSMBD_SHARE_USERS_MAX; i++)
++ free_user_map(share->maps[i]);
++
++ free_hosts_map(share->hosts_allow_map);
++ free_hosts_map(share->hosts_deny_map);
++
++ g_rw_lock_clear(&share->maps_lock);
++
++ free(share->name);
++ free(share->path);
++ free(share->comment);
++ free(share->veto_list);
++ free(share->guest_account);
++ g_rw_lock_clear(&share->update_lock);
++ g_free(share);
++}
++
++static int __shm_remove_share(struct ksmbd_share *share)
++{
++ int ret = 0;
++
++ if (share->state != KSMBD_SHARE_STATE_FREEING) {
++ g_rw_lock_writer_lock(&shares_table_lock);
++ if (!g_hash_table_remove(shares_table, share->name))
++ ret = -EINVAL;
++ g_rw_lock_writer_unlock(&shares_table_lock);
++ }
++ if (!ret)
++ kill_ksmbd_share(share);
++ return ret;
++}
++
++struct ksmbd_share *get_ksmbd_share(struct ksmbd_share *share)
++{
++ g_rw_lock_writer_lock(&share->update_lock);
++ if (share->ref_count != 0) {
++ share->ref_count++;
++ g_rw_lock_writer_unlock(&share->update_lock);
++ } else {
++ g_rw_lock_writer_unlock(&share->update_lock);
++ share = NULL;
++ }
++
++ return share;
++}
++
++void put_ksmbd_share(struct ksmbd_share *share)
++{
++ int drop;
++
++ if (!share)
++ return;
++
++ g_rw_lock_writer_lock(&share->update_lock);
++ share->ref_count--;
++ drop = !share->ref_count;
++ g_rw_lock_writer_unlock(&share->update_lock);
++
++ if (!drop)
++ return;
++
++ __shm_remove_share(share);
++}
++
++static gboolean put_share_callback(gpointer _k, gpointer _v, gpointer data)
++{
++ struct ksmbd_share *share = (struct ksmbd_share *)_v;
++
++ share->state = KSMBD_SHARE_STATE_FREEING;
++ put_ksmbd_share(share);
++ return TRUE;
++}
++
++void shm_remove_all_shares(void)
++{
++ g_rw_lock_writer_lock(&shares_table_lock);
++ g_hash_table_foreach_remove(shares_table, put_share_callback, NULL);
++ g_rw_lock_writer_unlock(&shares_table_lock);
++}
++
++static struct ksmbd_share *new_ksmbd_share(void)
++{
++ struct ksmbd_share *share;
++ int i;
++
++ share = g_try_malloc0(sizeof(struct ksmbd_share));
++ if (!share)
++ return NULL;
++
++ share->ref_count = 1;
++ /*
++ * Create maps as needed. NULL maps means that share
++ * does not have a corresponding shmbconf entry.
++ */
++ for (i = 0; i < KSMBD_SHARE_USERS_MAX; i++)
++ share->maps[i] = NULL;
++
++ share->hosts_allow_map = NULL;
++ share->hosts_deny_map = NULL;
++ g_rw_lock_init(&share->maps_lock);
++ g_rw_lock_init(&share->update_lock);
++
++ return share;
++}
++
++static void free_hash_entry(gpointer k, gpointer s, gpointer user_data)
++{
++ kill_ksmbd_share(s);
++}
++
++static void shm_clear_shares(void)
++{
++ g_hash_table_foreach(shares_table, free_hash_entry, NULL);
++}
++
++void shm_destroy(void)
++{
++ if (shares_table) {
++ shm_clear_shares();
++ g_hash_table_destroy(shares_table);
++ }
++ g_rw_lock_clear(&shares_table_lock);
++}
++
++static char *shm_casefold_share_name(const char *name, size_t len)
++{
++ char *nfdi_name, *nfdicf_name;
++
++ nfdi_name = g_utf8_normalize(name, len, G_NORMALIZE_NFD);
++ if (!nfdi_name)
++ goto out_ascii;
++
++ nfdicf_name = g_utf8_casefold(nfdi_name, strlen(nfdi_name));
++ g_free(nfdi_name);
++ return nfdicf_name;
++out_ascii:
++ g_free(nfdi_name);
++ return g_ascii_strdown(name, len);
++}
++
++guint shm_share_name_hash(gconstpointer name)
++{
++ char *cf_name;
++ guint hash;
++
++ cf_name = shm_casefold_share_name(name, strlen(name));
++ hash = g_str_hash(cf_name);
++ g_free(cf_name);
++ return hash;
++}
++
++gboolean shm_share_name_equal(gconstpointer lname, gconstpointer rname)
++{
++ char *cf_lname, *cf_rname;
++ gboolean equal;
++
++ cf_lname = shm_casefold_share_name(lname, strlen(lname));
++ cf_rname = shm_casefold_share_name(rname, strlen(rname));
++ equal = g_str_equal(cf_lname, cf_rname);
++ g_free(cf_lname);
++ g_free(cf_rname);
++ return equal;
++}
++
++int shm_init(void)
++{
++ shares_table = g_hash_table_new(shm_share_name_hash,
++ shm_share_name_equal);
++ if (!shares_table)
++ return -ENOMEM;
++ g_rw_lock_init(&shares_table_lock);
++ return 0;
++}
++
++static struct ksmbd_share *__shm_lookup_share(char *name)
++{
++ return g_hash_table_lookup(shares_table, name);
++}
++
++struct ksmbd_share *shm_lookup_share(char *name)
++{
++ struct ksmbd_share *share, *ret;
++
++ g_rw_lock_reader_lock(&shares_table_lock);
++ share = __shm_lookup_share(name);
++ if (share) {
++ ret = get_ksmbd_share(share);
++ if (!ret)
++ share = NULL;
++ }
++ g_rw_lock_reader_unlock(&shares_table_lock);
++ return share;
++}
++
++static GHashTable *parse_list(GHashTable *map, char **list, char grc)
++{
++ int i;
++
++ if (!list)
++ return map;
++
++ if (!map)
++ map = g_hash_table_new(g_str_hash, g_str_equal);
++ if (!map)
++ return map;
++
++ for (i = 0; list[i] != NULL; i++) {
++ struct ksmbd_user *user;
++ char *p = list[i];
++
++ p = cp_ltrim(p);
++ if (!p)
++ continue;
++
++ if (*p == grc) {
++ struct group *gr;
++
++ gr = getgrnam(p + 1);
++ if (gr)
++ parse_list(map, gr->gr_mem, 0x00);
++ continue;
++ }
++
++ user = usm_lookup_user(p);
++ if (!user) {
++ pr_info("Drop non-existing user `%s'\n", p);
++ continue;
++ }
++
++ if (g_hash_table_lookup(map, user->name)) {
++ pr_debug("User `%s' already exists in a map\n",
++ user->name);
++ continue;
++ }
++
++ g_hash_table_insert(map, user->name, user);
++ }
++
++ return map;
++}
++
++static void make_veto_list(struct ksmbd_share *share)
++{
++ int i;
++
++ for (i = 0; i < share->veto_list_sz; i++) {
++ if (share->veto_list[i] == '/')
++ share->veto_list[i] = 0x00;
++ }
++}
++
++static void force_group(struct ksmbd_share *share, char *name)
++{
++ struct group *grp;
++
++ grp = getgrnam(name);
++ if (grp) {
++ share->force_gid = grp->gr_gid;
++ if (share->force_gid == KSMBD_SHARE_INVALID_GID)
++ pr_err("Invalid force GID: %u\n", share->force_gid);
++ } else
++ pr_err("Unable to lookup up `/etc/group' entry: %s\n", name);
++}
++
++static void force_user(struct ksmbd_share *share, char *name)
++{
++ struct passwd *passwd;
++
++ passwd = getpwnam(name);
++ if (passwd) {
++ share->force_uid = passwd->pw_uid;
++ /*
++ * smb.conf 'force group' has higher priority than
++ * 'force user'.
++ */
++ if (share->force_gid == KSMBD_SHARE_INVALID_GID)
++ share->force_gid = passwd->pw_gid;
++ if (share->force_uid == KSMBD_SHARE_INVALID_UID ||
++ share->force_gid == KSMBD_SHARE_INVALID_GID)
++ pr_err("Invalid force UID/GID: %u/%u\n",
++ share->force_uid, share->force_gid);
++ } else {
++ pr_err("Unable to lookup up `/etc/passwd' entry: %s\n", name);
++ }
++}
++
++static void process_group_kv(gpointer _k, gpointer _v, gpointer user_data)
++{
++ struct ksmbd_share *share = user_data;
++ char *k = _k;
++ char *v = _v;
++
++ if (shm_share_config(k, KSMBD_SHARE_CONF_COMMENT)) {
++ share->comment = cp_get_group_kv_string(v);
++ if (share->comment == NULL)
++ set_share_flag(share, KSMBD_SHARE_FLAG_INVALID);
++ return;
++ }
++
++ if (shm_share_config(k, KSMBD_SHARE_CONF_PATH)) {
++ share->path = cp_get_group_kv_string(v);
++ if (share->path == NULL)
++ set_share_flag(share, KSMBD_SHARE_FLAG_INVALID);
++ return;
++ }
++
++ if (shm_share_config(k, KSMBD_SHARE_CONF_GUEST_OK)) {
++ if (cp_get_group_kv_bool(v))
++ set_share_flag(share, KSMBD_SHARE_FLAG_GUEST_OK);
++ return;
++ }
++
++ if (shm_share_config(k, KSMBD_SHARE_CONF_GUEST_ACCOUNT)) {
++ struct ksmbd_user *user;
++
++ if (usm_add_new_user(cp_get_group_kv_string(_v),
++ g_strdup("NULL"))) {
++ pr_err("Unable to add guest account\n");
++ set_share_flag(share, KSMBD_SHARE_FLAG_INVALID);
++ return;
++ }
++
++ user = usm_lookup_user(_v);
++ if (user) {
++ set_user_flag(user, KSMBD_USER_FLAG_GUEST_ACCOUNT);
++ put_ksmbd_user(user);
++ }
++ share->guest_account = cp_get_group_kv_string(_v);
++ if (!share->guest_account)
++ set_share_flag(share, KSMBD_SHARE_FLAG_INVALID);
++ return;
++ }
++
++ if (shm_share_config(k, KSMBD_SHARE_CONF_READ_ONLY)) {
++ if (cp_get_group_kv_bool(v)) {
++ set_share_flag(share, KSMBD_SHARE_FLAG_READONLY);
++ clear_share_flag(share, KSMBD_SHARE_FLAG_WRITEABLE);
++ } else {
++ clear_share_flag(share, KSMBD_SHARE_FLAG_READONLY);
++ set_share_flag(share, KSMBD_SHARE_FLAG_WRITEABLE);
++ }
++ return;
++ }
++
++ if (shm_share_config(k, KSMBD_SHARE_CONF_BROWSEABLE)) {
++ if (cp_get_group_kv_bool(v))
++ set_share_flag(share, KSMBD_SHARE_FLAG_BROWSEABLE);
++ else
++ clear_share_flag(share, KSMBD_SHARE_FLAG_BROWSEABLE);
++ return;
++ }
++
++ if (shm_share_config(k, KSMBD_SHARE_CONF_WRITE_OK) ||
++ shm_share_config(k, KSMBD_SHARE_CONF_WRITEABLE) ||
++ shm_share_config(k, KSMBD_SHARE_CONF_WRITABLE)) {
++ if (cp_get_group_kv_bool(v))
++ set_share_flag(share, KSMBD_SHARE_FLAG_WRITEABLE);
++ else
++ clear_share_flag(share, KSMBD_SHARE_FLAG_WRITEABLE);
++ return;
++ }
++
++ if (shm_share_config(k, KSMBD_SHARE_CONF_STORE_DOS_ATTRIBUTES)) {
++ if (cp_get_group_kv_bool(v))
++ set_share_flag(share, KSMBD_SHARE_FLAG_STORE_DOS_ATTRS);
++ else
++ clear_share_flag(share,
++ KSMBD_SHARE_FLAG_STORE_DOS_ATTRS);
++ return;
++ }
++
++ if (shm_share_config(k, KSMBD_SHARE_CONF_OPLOCKS)) {
++ if (cp_get_group_kv_bool(v))
++ set_share_flag(share, KSMBD_SHARE_FLAG_OPLOCKS);
++ else
++ clear_share_flag(share, KSMBD_SHARE_FLAG_OPLOCKS);
++ return;
++ }
++
++ if (shm_share_config(k, KSMBD_SHARE_CONF_CREATE_MASK)) {
++ share->create_mask = cp_get_group_kv_long_base(v, 8);
++ return;
++ }
++
++ if (shm_share_config(k, KSMBD_SHARE_CONF_DIRECTORY_MASK)) {
++ share->directory_mask = cp_get_group_kv_long_base(v, 8);
++ return;
++ }
++
++ if (shm_share_config(k, KSMBD_SHARE_CONF_FORCE_CREATE_MODE)) {
++ share->force_create_mode = cp_get_group_kv_long_base(v, 8);
++ return;
++ }
++
++ if (shm_share_config(k, KSMBD_SHARE_CONF_FORCE_DIRECTORY_MODE)) {
++ share->force_directory_mode = cp_get_group_kv_long_base(v, 8);
++ return;
++ }
++
++ if (shm_share_config(k, KSMBD_SHARE_CONF_FORCE_GROUP)) {
++ force_group(share, v);
++ return;
++ }
++
++ if (shm_share_config(k, KSMBD_SHARE_CONF_FORCE_USER)) {
++ force_user(share, v);
++ return;
++ }
++
++ if (shm_share_config(k, KSMBD_SHARE_CONF_HIDE_DOT_FILES)) {
++ if (cp_get_group_kv_bool(v))
++ set_share_flag(share, KSMBD_SHARE_FLAG_HIDE_DOT_FILES);
++ else
++ clear_share_flag(share,
++ KSMBD_SHARE_FLAG_HIDE_DOT_FILES);
++ }
++
++ if (shm_share_config(k, KSMBD_SHARE_CONF_VALID_USERS)) {
++ char **users_list;
++
++ users_list = cp_get_group_kv_list(v);
++ share->maps[KSMBD_SHARE_VALID_USERS_MAP] =
++ parse_list(share->maps[KSMBD_SHARE_VALID_USERS_MAP],
++ users_list, '@');
++ if (share->maps[KSMBD_SHARE_VALID_USERS_MAP] == NULL)
++ set_share_flag(share, KSMBD_SHARE_FLAG_INVALID);
++ cp_group_kv_list_free(users_list);
++ return;
++ }
++
++ if (shm_share_config(k, KSMBD_SHARE_CONF_INVALID_USERS)) {
++ char **users_list;
++
++ users_list = cp_get_group_kv_list(v);
++ share->maps[KSMBD_SHARE_INVALID_USERS_MAP] =
++ parse_list(share->maps[KSMBD_SHARE_INVALID_USERS_MAP],
++ users_list, '@');
++ if (share->maps[KSMBD_SHARE_INVALID_USERS_MAP] == NULL)
++ set_share_flag(share, KSMBD_SHARE_FLAG_INVALID);
++ cp_group_kv_list_free(users_list);
++ return;
++ }
++
++ if (shm_share_config(k, KSMBD_SHARE_CONF_READ_LIST)) {
++ char **users_list;
++
++ users_list = cp_get_group_kv_list(v);
++ share->maps[KSMBD_SHARE_READ_LIST_MAP] =
++ parse_list(share->maps[KSMBD_SHARE_READ_LIST_MAP],
++ users_list, '@');
++ if (share->maps[KSMBD_SHARE_READ_LIST_MAP] == NULL)
++ set_share_flag(share, KSMBD_SHARE_FLAG_INVALID);
++ cp_group_kv_list_free(users_list);
++ return;
++ }
++
++ if (shm_share_config(k, KSMBD_SHARE_CONF_WRITE_LIST)) {
++ char **users_list;
++
++ users_list = cp_get_group_kv_list(v);
++ share->maps[KSMBD_SHARE_WRITE_LIST_MAP] =
++ parse_list(share->maps[KSMBD_SHARE_WRITE_LIST_MAP],
++ users_list, '@');
++ if (share->maps[KSMBD_SHARE_WRITE_LIST_MAP] == NULL)
++ set_share_flag(share, KSMBD_SHARE_FLAG_INVALID);
++ cp_group_kv_list_free(users_list);
++ return;
++ }
++
++ if (shm_share_config(k, KSMBD_SHARE_CONF_ADMIN_USERS)) {
++ char **users_list;
++
++ users_list = cp_get_group_kv_list(v);
++ share->maps[KSMBD_SHARE_ADMIN_USERS_MAP] =
++ parse_list(share->maps[KSMBD_SHARE_ADMIN_USERS_MAP],
++ users_list, '@');
++ if (share->maps[KSMBD_SHARE_ADMIN_USERS_MAP] == NULL)
++ set_share_flag(share, KSMBD_SHARE_FLAG_INVALID);
++ cp_group_kv_list_free(users_list);
++ return;
++ }
++
++ if (shm_share_config(k, KSMBD_SHARE_CONF_HOSTS_ALLOW)) {
++ char **hosts_list;
++
++ hosts_list = cp_get_group_kv_list(v);
++ share->hosts_allow_map = parse_list(share->hosts_allow_map,
++ hosts_list, 0x00);
++ if (share->hosts_allow_map == NULL)
++ set_share_flag(share, KSMBD_SHARE_FLAG_INVALID);
++ cp_group_kv_list_free(hosts_list);
++ return;
++ }
++
++ if (shm_share_config(k, KSMBD_SHARE_CONF_HOSTS_DENY)) {
++ char **hosts_list;
++
++ hosts_list = cp_get_group_kv_list(v);
++ share->hosts_deny_map = parse_list(share->hosts_deny_map,
++ hosts_list, 0x00);
++ if (share->hosts_deny_map == NULL)
++ set_share_flag(share, KSMBD_SHARE_FLAG_INVALID);
++ cp_group_kv_list_free(hosts_list);
++ return;
++ }
++
++ if (shm_share_config(k, KSMBD_SHARE_CONF_MAX_CONNECTIONS)) {
++ share->max_connections = cp_get_group_kv_long_base(v, 10);
++ return;
++ }
++
++ if (shm_share_config(k, KSMBD_SHARE_CONF_VETO_FILES)) {
++ share->veto_list = cp_get_group_kv_string(v + 1);
++ if (share->veto_list == NULL) {
++ set_share_flag(share, KSMBD_SHARE_FLAG_INVALID);
++ } else {
++ share->veto_list_sz = strlen(share->veto_list);
++ make_veto_list(share);
++ }
++ return;
++ }
++
++ if (shm_share_config(k, KSMBD_SHARE_CONF_INHERIT_OWNER)) {
++ if (cp_get_group_kv_bool(v))
++ set_share_flag(share, KSMBD_SHARE_FLAG_INHERIT_OWNER);
++ else
++ clear_share_flag(share, KSMBD_SHARE_FLAG_INHERIT_OWNER);
++ }
++
++ if (shm_share_config(k, KSMBD_SHARE_CONF_VFS_OBJECTS)) {
++ char *p;
++ int i;
++ char **objects = cp_get_group_kv_list(v);
++
++ if (objects) {
++ clear_share_flag(share, KSMBD_SHARE_FLAG_ACL_XATTR);
++ clear_share_flag(share, KSMBD_SHARE_FLAG_STREAMS);
++ for (i = 0; objects[i] != NULL; i++) {
++ p = cp_ltrim(objects[i]);
++ if (!p)
++ continue;
++ if (!strcmp(p, "acl_xattr"))
++ set_share_flag(share, KSMBD_SHARE_FLAG_ACL_XATTR);
++ else if (!strcmp(p, "streams_xattr"))
++ set_share_flag(share, KSMBD_SHARE_FLAG_STREAMS);
++ }
++ cp_group_kv_list_free(objects);
++ }
++ }
++
++}
++
++static void fixup_missing_fields(struct ksmbd_share *share)
++{
++ if (!share->comment)
++ share->comment = strdup("");
++}
++
++static void init_share_from_group(struct ksmbd_share *share,
++ struct smbconf_group *group)
++{
++ share->name = g_strdup(group->name);
++ share->create_mask = KSMBD_SHARE_DEFAULT_CREATE_MASK;
++ share->directory_mask = KSMBD_SHARE_DEFAULT_DIRECTORY_MASK;
++ share->force_create_mode = 0;
++ share->force_directory_mode = 0;
++
++ share->force_uid = KSMBD_SHARE_INVALID_UID;
++ share->force_gid = KSMBD_SHARE_INVALID_GID;
++
++ set_share_flag(share, KSMBD_SHARE_FLAG_AVAILABLE);
++ set_share_flag(share, KSMBD_SHARE_FLAG_BROWSEABLE);
++ set_share_flag(share, KSMBD_SHARE_FLAG_READONLY);
++ set_share_flag(share, KSMBD_SHARE_FLAG_HIDE_DOT_FILES);
++ set_share_flag(share, KSMBD_SHARE_FLAG_OPLOCKS);
++ set_share_flag(share, KSMBD_SHARE_FLAG_STORE_DOS_ATTRS);
++
++ if (!g_ascii_strcasecmp(share->name, "ipc$"))
++ set_share_flag(share, KSMBD_SHARE_FLAG_PIPE);
++
++ if (group->cb_mode == GROUPS_CALLBACK_REINIT)
++ set_share_flag(share, KSMBD_SHARE_FLAG_UPDATE);
++
++ g_hash_table_foreach(group->kv, process_group_kv, share);
++
++ fixup_missing_fields(share);
++}
++
++int shm_add_new_share(struct smbconf_group *group)
++{
++ int ret = 0;
++ struct ksmbd_share *share = new_ksmbd_share();
++
++ if (!share)
++ return -ENOMEM;
++
++ init_share_from_group(share, group);
++ if (test_share_flag(share, KSMBD_SHARE_FLAG_INVALID)) {
++ pr_err("Share `%s' is invalid\n", share->name);
++ kill_ksmbd_share(share);
++ return 0;
++ }
++
++ g_rw_lock_writer_lock(&shares_table_lock);
++ if (__shm_lookup_share(share->name)) {
++ g_rw_lock_writer_unlock(&shares_table_lock);
++ pr_info("Share `%s' already exists\n", share->name);
++ kill_ksmbd_share(share);
++ return 0;
++ }
++
++ pr_debug("New share `%s'\n", share->name);
++ if (!g_hash_table_insert(shares_table, share->name, share)) {
++ kill_ksmbd_share(share);
++ ret = -EINVAL;
++ }
++ g_rw_lock_writer_unlock(&shares_table_lock);
++ return ret;
++}
++
++int shm_lookup_users_map(struct ksmbd_share *share,
++ enum share_users map,
++ char *name)
++{
++ int ret = -ENOENT;
++
++ if (map >= KSMBD_SHARE_USERS_MAX) {
++ pr_err("Invalid users map index: %d\n", map);
++ return 0;
++ }
++
++ if (!share->maps[map])
++ return -EINVAL;
++
++ g_rw_lock_reader_lock(&share->maps_lock);
++ if (g_hash_table_lookup(share->maps[map], name))
++ ret = 0;
++ g_rw_lock_reader_unlock(&share->maps_lock);
++
++ return ret;
++}
++
++/*
++ * FIXME
++ * Do a real hosts lookup. IP masks, etc.
++ */
++int shm_lookup_hosts_map(struct ksmbd_share *share,
++ enum share_hosts map,
++ char *host)
++{
++ GHashTable *lookup_map = NULL;
++ int ret = -ENOENT;
++
++ if (map >= KSMBD_SHARE_HOSTS_MAX) {
++ pr_err("Invalid hosts map index: %d\n", map);
++ return 0;
++ }
++
++ if (map == KSMBD_SHARE_HOSTS_ALLOW_MAP)
++ lookup_map = share->hosts_allow_map;
++ if (map == KSMBD_SHARE_HOSTS_DENY_MAP)
++ lookup_map = share->hosts_deny_map;
++
++ if (!lookup_map)
++ return -EINVAL;
++
++ g_rw_lock_reader_lock(&share->maps_lock);
++ if (g_hash_table_lookup(lookup_map, host))
++ ret = 0;
++ g_rw_lock_reader_unlock(&share->maps_lock);
++
++ return ret;
++}
++
++int shm_open_connection(struct ksmbd_share *share)
++{
++ int ret = 0;
++
++ g_rw_lock_writer_lock(&share->update_lock);
++ share->num_connections++;
++ if (share->max_connections) {
++ if (share->num_connections >= share->max_connections)
++ ret = -EINVAL;
++ }
++ g_rw_lock_writer_unlock(&share->update_lock);
++ return ret;
++}
++
++int shm_close_connection(struct ksmbd_share *share)
++{
++ if (!share)
++ return 0;
++
++ g_rw_lock_writer_lock(&share->update_lock);
++ share->num_connections--;
++ g_rw_lock_writer_unlock(&share->update_lock);
++ return 0;
++}
++
++void for_each_ksmbd_share(walk_shares cb, gpointer user_data)
++{
++ g_rw_lock_reader_lock(&shares_table_lock);
++ g_hash_table_foreach(shares_table, cb, user_data);
++ g_rw_lock_reader_unlock(&shares_table_lock);
++}
++
++int shm_share_config_payload_size(struct ksmbd_share *share)
++{
++ int sz = 1;
++
++ if (share && !test_share_flag(share, KSMBD_SHARE_FLAG_PIPE)) {
++ if (share->path)
++ sz += strlen(share->path);
++ if (global_conf.root_dir)
++ sz += strlen(global_conf.root_dir) + 1;
++ if (share->veto_list_sz)
++ sz += share->veto_list_sz + 1;
++ }
++
++ return sz;
++}
++
++int shm_handle_share_config_request(struct ksmbd_share *share,
++ struct ksmbd_share_config_response *resp)
++{
++ unsigned char *config_payload;
++
++ if (!share)
++ return -EINVAL;
++
++ resp->flags = share->flags;
++ resp->create_mask = share->create_mask;
++ resp->directory_mask = share->directory_mask;
++ resp->force_create_mode = share->force_create_mode;
++ resp->force_directory_mode = share->force_directory_mode;
++ resp->force_uid = share->force_uid;
++ resp->force_gid = share->force_gid;
++ *resp->share_name = 0x00;
++ strncat(resp->share_name, share->name, KSMBD_REQ_MAX_SHARE_NAME - 1);
++ resp->veto_list_sz = share->veto_list_sz;
++
++ if (test_share_flag(share, KSMBD_SHARE_FLAG_PIPE))
++ return 0;
++
++ if (!share->path)
++ return 0;
++
++ config_payload = KSMBD_SHARE_CONFIG_VETO_LIST(resp);
++ if (resp->veto_list_sz) {
++ memcpy(config_payload,
++ share->veto_list,
++ resp->veto_list_sz);
++ config_payload += resp->veto_list_sz + 1;
++ }
++ if (global_conf.root_dir)
++ sprintf(config_payload,
++ "%s%s",
++ global_conf.root_dir,
++ share->path);
++ else
++ sprintf(config_payload, "%s", share->path);
++ return 0;
++}
+--- a/lib/management/spnego.c
++++ /dev/null
+@@ -1,348 +0,0 @@
+-// SPDX-License-Identifier: GPL-2.0-or-later
+-/*
+- * Copyright (C) 2020 LG Electronics
+- *
+- * linux-cifsd-devel@lists.sourceforge.net
+- */
+-
+-#include "ksmbdtools.h"
+-
+-#ifndef _GNU_SOURCE
+-#define _GNU_SOURCE
+-#endif
+-
+-#include <stdlib.h>
+-#include <stdio.h>
+-#include <unistd.h>
+-#include <sys/types.h>
+-#include <fcntl.h>
+-#include <stdint.h>
+-#include <stdbool.h>
+-
+-#include <linux/ksmbd_server.h>
+-#include <management/spnego.h>
+-#include <asn1.h>
+-#include "spnego_mech.h"
+-
+-static struct spnego_mech_ctx mech_ctxs[SPNEGO_MAX_MECHS];
+-
+-static struct spnego_mech_ctx *get_mech(int mech_type)
+-{
+- if (mech_type >= SPNEGO_MAX_MECHS)
+- return NULL;
+- return &mech_ctxs[mech_type];
+-}
+-
+-int spnego_init(void)
+-{
+- struct spnego_mech_ctx *mech_ctx;
+- int i;
+-
+- mech_ctx = &mech_ctxs[SPNEGO_MECH_MSKRB5];
+- mech_ctx->ops = &spnego_mskrb5_operations;
+- if (global_conf.krb5_service_name)
+- mech_ctx->params.krb5.service_name =
+- strdup(global_conf.krb5_service_name);
+- if (global_conf.krb5_keytab_file)
+- mech_ctx->params.krb5.keytab_name =
+- strdup(global_conf.krb5_keytab_file);
+-
+- mech_ctx = &mech_ctxs[SPNEGO_MECH_KRB5];
+- mech_ctx->ops = &spnego_krb5_operations;
+- if (global_conf.krb5_service_name)
+- mech_ctx->params.krb5.service_name =
+- strdup(global_conf.krb5_service_name);
+- if (global_conf.krb5_keytab_file)
+- mech_ctx->params.krb5.keytab_name =
+- strdup(global_conf.krb5_keytab_file);
+-
+- for (i = 0; i < SPNEGO_MAX_MECHS; i++) {
+- if (mech_ctxs[i].ops->setup &&
+- mech_ctxs[i].ops->setup(&mech_ctxs[i])) {
+- pr_err("Failed to init Kerberos 5\n");
+- goto out_err;
+- }
+- }
+-
+- return 0;
+-out_err:
+- for (; i >= 0; i--) {
+- if (mech_ctxs[i].ops->cleanup)
+- mech_ctxs[i].ops->cleanup(&mech_ctxs[i]);
+- }
+- return -ENOTSUP;
+-}
+-
+-void spnego_destroy(void)
+-{
+- int i;
+-
+- for (i = 0; i < SPNEGO_MAX_MECHS; i++) {
+- if (mech_ctxs[i].ops && mech_ctxs[i].ops->cleanup)
+- mech_ctxs[i].ops->cleanup(&mech_ctxs[i]);
+- }
+-}
+-
+-static int compare_oid(unsigned long *oid1, unsigned int oid1len,
+- unsigned long *oid2, unsigned int oid2len)
+-{
+- unsigned int i;
+-
+- if (oid1len != oid2len)
+- return 1;
+-
+- for (i = 0; i < oid1len; i++) {
+- if (oid1[i] != oid2[i])
+- return 1;
+- }
+- return 0;
+-}
+-
+-static bool is_supported_mech(unsigned long *oid, unsigned int len,
+- int *mech_type)
+-{
+- if (!compare_oid(oid, len, MSKRB5_OID, ARRAY_SIZE(MSKRB5_OID))) {
+- *mech_type = SPNEGO_MECH_MSKRB5;
+- return true;
+- }
+-
+- if (!compare_oid(oid, len, KRB5_OID, ARRAY_SIZE(KRB5_OID))) {
+- *mech_type = SPNEGO_MECH_KRB5;
+- return true;
+- }
+-
+- *mech_type = SPNEGO_MAX_MECHS;
+- return false;
+-}
+-
+-static int decode_asn1_header(struct asn1_ctx *ctx, unsigned char **end,
+- unsigned int cls, unsigned int con, unsigned int tag)
+-{
+- unsigned int d_cls, d_con, d_tag;
+-
+- if (asn1_header_decode(ctx, end, &d_cls, &d_con, &d_tag) == 0 ||
+- (d_cls != cls || d_con != con || d_tag != tag))
+- return -EINVAL;
+- return 0;
+-}
+-
+-static int decode_negTokenInit(unsigned char *negToken, int token_len,
+- int *mech_type, unsigned char **krb5_ap_req,
+- unsigned int *req_len)
+-{
+- struct asn1_ctx ctx;
+- unsigned char *end, *mech_types_end, *id;
+- unsigned long *oid = NULL;
+- unsigned int len;
+-
+- asn1_open(&ctx, negToken, token_len);
+-
+- /* GSSAPI header */
+- if (decode_asn1_header(&ctx, &end, ASN1_APL, ASN1_CON, ASN1_EOC)) {
+- pr_debug("Error decoding SPNEGO application tag\n");
+- return -EINVAL;
+- }
+-
+- /* SPNEGO oid */
+- if (decode_asn1_header(&ctx, &end, ASN1_UNI, ASN1_PRI, ASN1_OJI) ||
+- asn1_oid_decode(&ctx, end, &oid, &len) == 0 ||
+- compare_oid(oid, len, SPNEGO_OID, SPNEGO_OID_LEN)) {
+- pr_debug("Error decoding SPNEGO OID\n");
+- g_free(oid);
+- return -EINVAL;
+- }
+- g_free(oid);
+-
+- /* negoTokenInit */
+- if (decode_asn1_header(&ctx, &end, ASN1_CTX, ASN1_CON, 0) ||
+- decode_asn1_header(&ctx, &end,
+- ASN1_UNI, ASN1_CON, ASN1_SEQ)) {
+- pr_debug("Error decoding negTokenInit tag\n");
+- return -EINVAL;
+- }
+-
+- /* mechTypes */
+- if (decode_asn1_header(&ctx, &end, ASN1_CTX, ASN1_CON, 0) ||
+- decode_asn1_header(&ctx, &end,
+- ASN1_UNI, ASN1_CON, ASN1_SEQ)) {
+- pr_debug("Error decoding mechTypes tag\n");
+- return -EINVAL;
+- }
+-
+- mech_types_end = end;
+- if (decode_asn1_header(&ctx, &end, ASN1_UNI, ASN1_PRI, ASN1_OJI) ||
+- asn1_oid_decode(&ctx, end, &oid, &len) == 0) {
+- pr_debug("Error decoding Kerberos 5 OIDs\n");
+- return -EINVAL;
+- }
+-
+- if (!is_supported_mech(oid, len, mech_type)) {
+- g_free(oid);
+- pr_debug("Not a supported mechanism\n");
+- return -EINVAL;
+- }
+- g_free(oid);
+-
+- ctx.pointer = mech_types_end;
+- /* mechToken */
+- if (decode_asn1_header(&ctx, &end, ASN1_CTX, ASN1_CON, 2) ||
+- decode_asn1_header(&ctx, &end,
+- ASN1_UNI, ASN1_PRI, ASN1_OTS)) {
+- pr_debug("Error decoding krb5_blob\n");
+- return -EINVAL;
+- }
+-
+- if (decode_asn1_header(&ctx, &end, ASN1_APL, ASN1_CON, ASN1_EOC)) {
+- pr_debug("Error decoding GSSAPI application tag\n");
+- return -EINVAL;
+- }
+-
+- /* Kerberos 5 oid */
+- if (decode_asn1_header(&ctx, &end, ASN1_UNI, ASN1_PRI, ASN1_OJI)) {
+- pr_debug("Error decoding Kerberos 5 OID tag\n");
+- return -EINVAL;
+- }
+-
+- if (asn1_oid_decode(&ctx, end, &oid, &len) == 0 ||
+- compare_oid(oid, len, KRB5_OID,
+- ARRAY_SIZE(KRB5_OID))) {
+- pr_debug("Not a Kerberos 5 OID\n");
+- g_free(oid);
+- return -EINVAL;
+- }
+- g_free(oid);
+-
+- /* AP_REQ id */
+- if (asn1_read(&ctx, &id, 2) == 0 || id[0] != 1 || id[1] != 0) {
+- if (id)
+- free(id);
+- pr_debug("Error decoding AP_REQ ID\n");
+- return -EINVAL;
+- }
+- free(id);
+-
+- /* AP_REQ */
+- *req_len = (unsigned int)(ctx.end - ctx.pointer);
+- *krb5_ap_req = ctx.pointer;
+- return 0;
+-}
+-
+-static int encode_negTokenTarg(char *in_blob, int in_len,
+- const unsigned long *oid, int oid_len,
+- char **out_blob, int *out_len)
+-{
+- unsigned char *buf;
+- unsigned char *sup_oid, *krb5_oid;
+- int sup_oid_len, krb5_oid_len;
+- unsigned int neg_result_len, sup_mech_len, rep_token_len, len;
+-
+- if (asn1_oid_encode(oid, oid_len, &sup_oid, &sup_oid_len))
+- return -ENOMEM;
+- if (asn1_oid_encode(KRB5_OID, ARRAY_SIZE(KRB5_OID),
+- &krb5_oid, &krb5_oid_len)) {
+- g_free(sup_oid);
+- return -ENOMEM;
+- }
+-
+- neg_result_len = asn1_header_len(1, 2);
+- sup_mech_len = asn1_header_len(sup_oid_len, 2);
+- rep_token_len = asn1_header_len(krb5_oid_len, 1);
+- rep_token_len += 2 + in_len;
+- rep_token_len = asn1_header_len(rep_token_len, 3);
+-
+- *out_len = asn1_header_len(
+- neg_result_len + sup_mech_len + rep_token_len, 2);
+- *out_blob = g_try_malloc0(*out_len);
+- if (*out_blob == NULL)
+- return -ENOMEM;
+- buf = *out_blob;
+-
+- /* negTokenTarg */
+- len = *out_len;
+- asn1_header_encode(&buf,
+- ASN1_CTX, ASN1_CON, 1,
+- &len);
+- asn1_header_encode(&buf,
+- ASN1_UNI, ASN1_CON, ASN1_SEQ,
+- &len);
+-
+- /* negTokenTarg/negResult */
+- len = neg_result_len;
+- asn1_header_encode(&buf,
+- ASN1_CTX, ASN1_CON, 0,
+- &len);
+- asn1_header_encode(&buf,
+- ASN1_UNI, ASN1_PRI, ASN1_ENUM,
+- &len);
+- *buf++ = 0;
+-
+- /* negTokenTarg/supportedMechType */
+- len = sup_mech_len;
+- asn1_header_encode(&buf,
+- ASN1_CTX, ASN1_CON, 1,
+- &len);
+- asn1_header_encode(&buf,
+- ASN1_UNI, ASN1_PRI, ASN1_OJI,
+- &len);
+- memcpy(buf, sup_oid, sup_oid_len);
+- buf += len;
+-
+- /* negTokenTarg/responseToken */
+- len = rep_token_len;
+- asn1_header_encode(&buf,
+- ASN1_CTX, ASN1_CON, 2,
+- &len);
+- asn1_header_encode(&buf,
+- ASN1_UNI, ASN1_PRI, ASN1_OTS,
+- &len);
+- asn1_header_encode(&buf,
+- ASN1_APL, ASN1_CON, 0,
+- &len);
+- /* negTokenTarg/responseToken/OID */
+- len = asn1_header_len(krb5_oid_len, 1);
+- asn1_header_encode(&buf,
+- ASN1_UNI, ASN1_PRI, ASN1_OJI,
+- &len);
+- /* negTokenTarg/responseToken/mechToken*/
+- memcpy(buf, krb5_oid, krb5_oid_len);
+- buf += len;
+- /* AP_REP id */
+- *buf++ = 2;
+- *buf++ = 0;
+- memcpy(buf, in_blob, in_len);
+-
+- g_free(sup_oid);
+- g_free(krb5_oid);
+-}
+-
+-int spnego_handle_authen_request(struct ksmbd_spnego_authen_request *req,
+- struct ksmbd_spnego_auth_out *auth_out)
+-{
+- struct spnego_mech_ctx *mech_ctx;
+- unsigned char *mech_token;
+- int token_len, mech_type;
+- int retval = 0;
+-
+- if (decode_negTokenInit(req->spnego_blob, (int)req->spnego_blob_len,
+- &mech_type, &mech_token, &token_len)) {
+- pr_info("Error decoding negTokenInit\n");
+- return -EINVAL;
+- }
+-
+- mech_ctx = get_mech(mech_type);
+- if (!mech_ctx) {
+- retval = -ENOTSUP;
+- pr_info("No support for Kerberos 5\n");
+- goto out;
+- }
+-
+- if (mech_ctx->ops->handle_authen(mech_ctx,
+- mech_token, token_len,
+- auth_out, encode_negTokenTarg)) {
+- retval = -EPERM;
+- pr_info("Error authenticating\n");
+- goto out;
+- }
+-out:
+- return retval;
+-}
+--- /dev/null
++++ b/tools/management/spnego.c
+@@ -0,0 +1,348 @@
++// SPDX-License-Identifier: GPL-2.0-or-later
++/*
++ * Copyright (C) 2020 LG Electronics
++ *
++ * linux-cifsd-devel@lists.sourceforge.net
++ */
++
++#include "tools.h"
++
++#ifndef _GNU_SOURCE
++#define _GNU_SOURCE
++#endif
++
++#include <stdlib.h>
++#include <stdio.h>
++#include <unistd.h>
++#include <sys/types.h>
++#include <fcntl.h>
++#include <stdint.h>
++#include <stdbool.h>
++
++#include <linux/ksmbd_server.h>
++#include <management/spnego.h>
++#include <asn1.h>
++#include "spnego_mech.h"
++
++static struct spnego_mech_ctx mech_ctxs[SPNEGO_MAX_MECHS];
++
++static struct spnego_mech_ctx *get_mech(int mech_type)
++{
++ if (mech_type >= SPNEGO_MAX_MECHS)
++ return NULL;
++ return &mech_ctxs[mech_type];
++}
++
++int spnego_init(void)
++{
++ struct spnego_mech_ctx *mech_ctx;
++ int i;
++
++ mech_ctx = &mech_ctxs[SPNEGO_MECH_MSKRB5];
++ mech_ctx->ops = &spnego_mskrb5_operations;
++ if (global_conf.krb5_service_name)
++ mech_ctx->params.krb5.service_name =
++ strdup(global_conf.krb5_service_name);
++ if (global_conf.krb5_keytab_file)
++ mech_ctx->params.krb5.keytab_name =
++ strdup(global_conf.krb5_keytab_file);
++
++ mech_ctx = &mech_ctxs[SPNEGO_MECH_KRB5];
++ mech_ctx->ops = &spnego_krb5_operations;
++ if (global_conf.krb5_service_name)
++ mech_ctx->params.krb5.service_name =
++ strdup(global_conf.krb5_service_name);
++ if (global_conf.krb5_keytab_file)
++ mech_ctx->params.krb5.keytab_name =
++ strdup(global_conf.krb5_keytab_file);
++
++ for (i = 0; i < SPNEGO_MAX_MECHS; i++) {
++ if (mech_ctxs[i].ops->setup &&
++ mech_ctxs[i].ops->setup(&mech_ctxs[i])) {
++ pr_err("Failed to init Kerberos 5\n");
++ goto out_err;
++ }
++ }
++
++ return 0;
++out_err:
++ for (; i >= 0; i--) {
++ if (mech_ctxs[i].ops->cleanup)
++ mech_ctxs[i].ops->cleanup(&mech_ctxs[i]);
++ }
++ return -ENOTSUP;
++}
++
++void spnego_destroy(void)
++{
++ int i;
++
++ for (i = 0; i < SPNEGO_MAX_MECHS; i++) {
++ if (mech_ctxs[i].ops && mech_ctxs[i].ops->cleanup)
++ mech_ctxs[i].ops->cleanup(&mech_ctxs[i]);
++ }
++}
++
++static int compare_oid(unsigned long *oid1, unsigned int oid1len,
++ unsigned long *oid2, unsigned int oid2len)
++{
++ unsigned int i;
++
++ if (oid1len != oid2len)
++ return 1;
++
++ for (i = 0; i < oid1len; i++) {
++ if (oid1[i] != oid2[i])
++ return 1;
++ }
++ return 0;
++}
++
++static bool is_supported_mech(unsigned long *oid, unsigned int len,
++ int *mech_type)
++{
++ if (!compare_oid(oid, len, MSKRB5_OID, ARRAY_SIZE(MSKRB5_OID))) {
++ *mech_type = SPNEGO_MECH_MSKRB5;
++ return true;
++ }
++
++ if (!compare_oid(oid, len, KRB5_OID, ARRAY_SIZE(KRB5_OID))) {
++ *mech_type = SPNEGO_MECH_KRB5;
++ return true;
++ }
++
++ *mech_type = SPNEGO_MAX_MECHS;
++ return false;
++}
++
++static int decode_asn1_header(struct asn1_ctx *ctx, unsigned char **end,
++ unsigned int cls, unsigned int con, unsigned int tag)
++{
++ unsigned int d_cls, d_con, d_tag;
++
++ if (asn1_header_decode(ctx, end, &d_cls, &d_con, &d_tag) == 0 ||
++ (d_cls != cls || d_con != con || d_tag != tag))
++ return -EINVAL;
++ return 0;
++}
++
++static int decode_negTokenInit(unsigned char *negToken, int token_len,
++ int *mech_type, unsigned char **krb5_ap_req,
++ unsigned int *req_len)
++{
++ struct asn1_ctx ctx;
++ unsigned char *end, *mech_types_end, *id;
++ unsigned long *oid = NULL;
++ unsigned int len;
++
++ asn1_open(&ctx, negToken, token_len);
++
++ /* GSSAPI header */
++ if (decode_asn1_header(&ctx, &end, ASN1_APL, ASN1_CON, ASN1_EOC)) {
++ pr_debug("Error decoding SPNEGO application tag\n");
++ return -EINVAL;
++ }
++
++ /* SPNEGO oid */
++ if (decode_asn1_header(&ctx, &end, ASN1_UNI, ASN1_PRI, ASN1_OJI) ||
++ asn1_oid_decode(&ctx, end, &oid, &len) == 0 ||
++ compare_oid(oid, len, SPNEGO_OID, SPNEGO_OID_LEN)) {
++ pr_debug("Error decoding SPNEGO OID\n");
++ g_free(oid);
++ return -EINVAL;
++ }
++ g_free(oid);
++
++ /* negoTokenInit */
++ if (decode_asn1_header(&ctx, &end, ASN1_CTX, ASN1_CON, 0) ||
++ decode_asn1_header(&ctx, &end,
++ ASN1_UNI, ASN1_CON, ASN1_SEQ)) {
++ pr_debug("Error decoding negTokenInit tag\n");
++ return -EINVAL;
++ }
++
++ /* mechTypes */
++ if (decode_asn1_header(&ctx, &end, ASN1_CTX, ASN1_CON, 0) ||
++ decode_asn1_header(&ctx, &end,
++ ASN1_UNI, ASN1_CON, ASN1_SEQ)) {
++ pr_debug("Error decoding mechTypes tag\n");
++ return -EINVAL;
++ }
++
++ mech_types_end = end;
++ if (decode_asn1_header(&ctx, &end, ASN1_UNI, ASN1_PRI, ASN1_OJI) ||
++ asn1_oid_decode(&ctx, end, &oid, &len) == 0) {
++ pr_debug("Error decoding Kerberos 5 OIDs\n");
++ return -EINVAL;
++ }
++
++ if (!is_supported_mech(oid, len, mech_type)) {
++ g_free(oid);
++ pr_debug("Not a supported mechanism\n");
++ return -EINVAL;
++ }
++ g_free(oid);
++
++ ctx.pointer = mech_types_end;
++ /* mechToken */
++ if (decode_asn1_header(&ctx, &end, ASN1_CTX, ASN1_CON, 2) ||
++ decode_asn1_header(&ctx, &end,
++ ASN1_UNI, ASN1_PRI, ASN1_OTS)) {
++ pr_debug("Error decoding krb5_blob\n");
++ return -EINVAL;
++ }
++
++ if (decode_asn1_header(&ctx, &end, ASN1_APL, ASN1_CON, ASN1_EOC)) {
++ pr_debug("Error decoding GSSAPI application tag\n");
++ return -EINVAL;
++ }
++
++ /* Kerberos 5 oid */
++ if (decode_asn1_header(&ctx, &end, ASN1_UNI, ASN1_PRI, ASN1_OJI)) {
++ pr_debug("Error decoding Kerberos 5 OID tag\n");
++ return -EINVAL;
++ }
++
++ if (asn1_oid_decode(&ctx, end, &oid, &len) == 0 ||
++ compare_oid(oid, len, KRB5_OID,
++ ARRAY_SIZE(KRB5_OID))) {
++ pr_debug("Not a Kerberos 5 OID\n");
++ g_free(oid);
++ return -EINVAL;
++ }
++ g_free(oid);
++
++ /* AP_REQ id */
++ if (asn1_read(&ctx, &id, 2) == 0 || id[0] != 1 || id[1] != 0) {
++ if (id)
++ free(id);
++ pr_debug("Error decoding AP_REQ ID\n");
++ return -EINVAL;
++ }
++ free(id);
++
++ /* AP_REQ */
++ *req_len = (unsigned int)(ctx.end - ctx.pointer);
++ *krb5_ap_req = ctx.pointer;
++ return 0;
++}
++
++static int encode_negTokenTarg(char *in_blob, int in_len,
++ const unsigned long *oid, int oid_len,
++ char **out_blob, int *out_len)
++{
++ unsigned char *buf;
++ unsigned char *sup_oid, *krb5_oid;
++ int sup_oid_len, krb5_oid_len;
++ unsigned int neg_result_len, sup_mech_len, rep_token_len, len;
++
++ if (asn1_oid_encode(oid, oid_len, &sup_oid, &sup_oid_len))
++ return -ENOMEM;
++ if (asn1_oid_encode(KRB5_OID, ARRAY_SIZE(KRB5_OID),
++ &krb5_oid, &krb5_oid_len)) {
++ g_free(sup_oid);
++ return -ENOMEM;
++ }
++
++ neg_result_len = asn1_header_len(1, 2);
++ sup_mech_len = asn1_header_len(sup_oid_len, 2);
++ rep_token_len = asn1_header_len(krb5_oid_len, 1);
++ rep_token_len += 2 + in_len;
++ rep_token_len = asn1_header_len(rep_token_len, 3);
++
++ *out_len = asn1_header_len(
++ neg_result_len + sup_mech_len + rep_token_len, 2);
++ *out_blob = g_try_malloc0(*out_len);
++ if (*out_blob == NULL)
++ return -ENOMEM;
++ buf = *out_blob;
++
++ /* negTokenTarg */
++ len = *out_len;
++ asn1_header_encode(&buf,
++ ASN1_CTX, ASN1_CON, 1,
++ &len);
++ asn1_header_encode(&buf,
++ ASN1_UNI, ASN1_CON, ASN1_SEQ,
++ &len);
++
++ /* negTokenTarg/negResult */
++ len = neg_result_len;
++ asn1_header_encode(&buf,
++ ASN1_CTX, ASN1_CON, 0,
++ &len);
++ asn1_header_encode(&buf,
++ ASN1_UNI, ASN1_PRI, ASN1_ENUM,
++ &len);
++ *buf++ = 0;
++
++ /* negTokenTarg/supportedMechType */
++ len = sup_mech_len;
++ asn1_header_encode(&buf,
++ ASN1_CTX, ASN1_CON, 1,
++ &len);
++ asn1_header_encode(&buf,
++ ASN1_UNI, ASN1_PRI, ASN1_OJI,
++ &len);
++ memcpy(buf, sup_oid, sup_oid_len);
++ buf += len;
++
++ /* negTokenTarg/responseToken */
++ len = rep_token_len;
++ asn1_header_encode(&buf,
++ ASN1_CTX, ASN1_CON, 2,
++ &len);
++ asn1_header_encode(&buf,
++ ASN1_UNI, ASN1_PRI, ASN1_OTS,
++ &len);
++ asn1_header_encode(&buf,
++ ASN1_APL, ASN1_CON, 0,
++ &len);
++ /* negTokenTarg/responseToken/OID */
++ len = asn1_header_len(krb5_oid_len, 1);
++ asn1_header_encode(&buf,
++ ASN1_UNI, ASN1_PRI, ASN1_OJI,
++ &len);
++ /* negTokenTarg/responseToken/mechToken*/
++ memcpy(buf, krb5_oid, krb5_oid_len);
++ buf += len;
++ /* AP_REP id */
++ *buf++ = 2;
++ *buf++ = 0;
++ memcpy(buf, in_blob, in_len);
++
++ g_free(sup_oid);
++ g_free(krb5_oid);
++}
++
++int spnego_handle_authen_request(struct ksmbd_spnego_authen_request *req,
++ struct ksmbd_spnego_auth_out *auth_out)
++{
++ struct spnego_mech_ctx *mech_ctx;
++ unsigned char *mech_token;
++ int token_len, mech_type;
++ int retval = 0;
++
++ if (decode_negTokenInit(req->spnego_blob, (int)req->spnego_blob_len,
++ &mech_type, &mech_token, &token_len)) {
++ pr_info("Error decoding negTokenInit\n");
++ return -EINVAL;
++ }
++
++ mech_ctx = get_mech(mech_type);
++ if (!mech_ctx) {
++ retval = -ENOTSUP;
++ pr_info("No support for Kerberos 5\n");
++ goto out;
++ }
++
++ if (mech_ctx->ops->handle_authen(mech_ctx,
++ mech_token, token_len,
++ auth_out, encode_negTokenTarg)) {
++ retval = -EPERM;
++ pr_info("Error authenticating\n");
++ goto out;
++ }
++out:
++ return retval;
++}
+--- a/lib/management/spnego_krb5.c
++++ /dev/null
+@@ -1,408 +0,0 @@
+-// SPDX-License-Identifier: GPL-2.0-or-later
+-/*
+- * Copyright (C) 2020 LG Electronics
+- *
+- * linux-cifsd-devel@lists.sourceforge.net
+- */
+-
+-#include "ksmbdtools.h"
+-
+-#include <stdlib.h>
+-#include <string.h>
+-#include <unistd.h>
+-#include <sys/types.h>
+-#include <sys/socket.h>
+-#include <netdb.h>
+-#include <krb5.h>
+-
+-#include <management/spnego.h>
+-#include <asn1.h>
+-#include "spnego_mech.h"
+-
+-#ifndef HAVE_KRB5_AUTH_CON_GETRECVSUBKEY
+-krb5_error_code krb5_auth_con_getrecvsubkey(krb5_context context,
+- krb5_auth_context auth_context, krb5_keyblock **keyblock)
+-{
+- return krb5_auth_con_getremotesubkey(context, auth_context, keyblock);
+-}
+-#endif /* HAVE_KRB5_AUTH_CON_GETRECVSUBKEY */
+-
+-#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE
+-#define KRB5_KEY_TYPE(k) ((k)->keytype)
+-#define KRB5_KEY_LENGTH(k) ((k)->keyvalue.length)
+-#define KRB5_KEY_DATA(k) ((k)->keyvalue.data)
+-#else
+-#define KRB5_KEY_TYPE(k) ((k)->enctype)
+-#define KRB5_KEY_LENGTH(k) ((k)->length)
+-#define KRB5_KEY_DATA(k) ((k)->contents)
+-#endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */
+-
+-struct spnego_krb5_ctx {
+- krb5_context context;
+- krb5_keytab keytab;
+- krb5_creds creds;
+-};
+-
+-#define SERVICE_NAME "cifs"
+-
+-#define pr_krb5_err(_context, _retval, _fmt, ...) \
+- do { \
+- const char *msg = krb5_get_error_message(_context, _retval); \
+- pr_err("%s: " _fmt, msg, ##__VA_ARGS__); \
+- krb5_free_error_message(_context, msg); \
+- } while (0)
+-
+-static char *get_service_name(void)
+-{
+- return strdup(SERVICE_NAME);
+-}
+-
+-static char *get_host_name(void)
+-{
+- struct addrinfo hint, *ai;
+- char *host_name;
+- char hostname[NI_MAXHOST];
+-
+- if (gethostname(hostname, sizeof(hostname)))
+- return NULL;
+-
+- memset(&hint, 0, sizeof(hint));
+- hint.ai_family = AF_UNSPEC;
+- hint.ai_flags = AI_CANONNAME | AI_ADDRCONFIG;
+- if (getaddrinfo(hostname, NULL, &hint, &ai))
+- return NULL;
+-
+- host_name = strdup(ai->ai_canonname);
+- freeaddrinfo(ai);
+- return host_name;
+-}
+-
+-/* Service full name is <service name>[/<host FQDN>[@REALM>]] */
+-static int parse_service_full_name(char *service_full_name,
+- char **service_name,
+- char **host_name)
+-{
+- char *name, *delim;
+-
+- *service_name = NULL;
+- *host_name = NULL;
+-
+- if (!service_full_name) {
+- *service_name = get_service_name();
+- *host_name = get_host_name();
+- goto out;
+- }
+-
+- name = service_full_name;
+- delim = strchr(name, '/');
+- if (!delim) {
+- *service_name = strdup(name);
+- *host_name = get_host_name();
+- goto out;
+- }
+- *service_name = strndup(name, delim - name);
+- if (*service_name == NULL)
+- return -ENOMEM;
+-
+- name = delim + 1;
+- delim = strchr(name, '@');
+- if (!delim) {
+- *host_name = strdup(name);
+- goto out;
+- }
+- *host_name = strndup(name, delim - name);
+- if (*host_name == NULL) {
+- free(*service_name);
+- *service_name = NULL;
+- return -ENOMEM;
+- }
+-out:
+- /* we assume the host name is FQDN if it has "." */
+- if (*host_name && strchr(*host_name, '.'))
+- return 0;
+-
+- free(*service_name);
+- free(*host_name);
+- *service_name = NULL;
+- *host_name = NULL;
+- return -EINVAL;
+-}
+-
+-static krb5_error_code acquire_creds_from_keytab(krb5_context context,
+- char *service_full_name, char *keytab_name,
+- krb5_creds *out_creds, krb5_keytab *keytab)
+-{
+- krb5_error_code retval;
+- krb5_principal sprinc = NULL;
+- char *host_name = NULL, *service_name = NULL;
+-
+- if (keytab_name)
+- retval = krb5_kt_resolve(context, keytab_name, keytab);
+- else
+- retval = krb5_kt_default(context, keytab);
+- if (retval) {
+- pr_krb5_err(context, retval, "while resolving keytab\n");
+- return retval;
+- }
+-
+- if (parse_service_full_name(service_full_name,
+- &service_name, &host_name)) {
+- retval = KRB5_ERR_HOST_REALM_UNKNOWN;
+- pr_krb5_err(context, retval, "while getting host name\n");
+- goto out_err;
+- }
+-
+- retval = krb5_sname_to_principal(context, host_name, service_name,
+- KRB5_NT_UNKNOWN, &sprinc);
+- if (retval) {
+- pr_krb5_err(context, retval, "while generating service name\n");
+- goto out_err;
+- }
+-
+- retval = krb5_get_init_creds_keytab(context, out_creds, sprinc,
+- *keytab, 0, NULL, NULL);
+- if (retval) {
+- char *name;
+-
+- krb5_unparse_name(context, sprinc, &name);
+- pr_krb5_err(context, retval,
+- "while getting credentials for %s\n", name);
+- krb5_free_unparsed_name(context, name);
+- goto out_err;
+- }
+-
+- free(host_name);
+- free(service_name);
+- return 0;
+-out_err:
+- if (sprinc)
+- krb5_free_principal(context, sprinc);
+- if (service_name)
+- free(service_name);
+- if (host_name)
+- free(host_name);
+- if (*keytab)
+- krb5_kt_close(context, *keytab);
+- return retval;
+-}
+-
+-static int handle_krb5_authen(struct spnego_mech_ctx *mech_ctx,
+- char *in_blob, unsigned int in_len,
+- struct ksmbd_spnego_auth_out *auth_out,
+- spnego_encode_t spnego_encode)
+-{
+- struct spnego_krb5_ctx *krb5_ctx;
+- char *client_name;
+- krb5_auth_context auth_context;
+- krb5_data packet, ap_rep;
+- krb5_ticket *ticket = NULL;
+- krb5_keyblock *session_key;
+-#ifdef HAVE_KRB5_AUTH_CON_GETAUTHENTICATOR_DOUBLE_POINTER
+- krb5_authenticator *authenti;
+-#else
+- krb5_authenticator authenti;
+-#endif /* HAVE_KRB5_AUTH_CON_GETAUTHENTICATOR_DOUBLE_POINTER */
+- krb5_principal client;
+- int retval = -EINVAL;
+- krb5_error_code krb_retval;
+-
+- krb5_ctx = (struct spnego_krb5_ctx *)mech_ctx->private;
+- if (!krb5_ctx)
+- return -EINVAL;
+-
+- krb_retval = krb5_auth_con_init(krb5_ctx->context, &auth_context);
+- if (krb_retval) {
+- pr_krb5_err(krb5_ctx->context, krb_retval,
+- "while initializing auth context\n");
+- return -EINVAL;
+- }
+-
+- packet.length = in_len;
+- packet.data = (krb5_pointer)in_blob;
+- krb_retval = krb5_rd_req(krb5_ctx->context, &auth_context, &packet,
+- krb5_ctx->creds.client, krb5_ctx->keytab,
+- NULL, &ticket);
+- if (krb_retval) {
+- char *name;
+-
+- krb5_unparse_name(krb5_ctx->context, krb5_ctx->creds.client,
+- &name);
+- krb5_auth_con_free(krb5_ctx->context, auth_context);
+- pr_krb5_err(krb5_ctx->context, krb_retval,
+- "while decoding AP_REQ with %s creds\n", name);
+- krb5_free_unparsed_name(krb5_ctx->context, name);
+- return -EINVAL;
+- }
+-
+- krb_retval = krb5_auth_con_getrecvsubkey(krb5_ctx->context,
+- auth_context, &session_key);
+- if (krb_retval) {
+- pr_krb5_err(krb5_ctx->context, krb_retval,
+- "while reading session key\n");
+- goto out_free_con_auth;
+- }
+-
+- krb_retval = krb5_mk_rep(krb5_ctx->context, auth_context, &ap_rep);
+- if (krb_retval) {
+- pr_krb5_err(krb5_ctx->context, krb_retval,
+- "while making AP_REP\n");
+- goto out_free_key;
+- }
+-
+- krb_retval = krb5_auth_con_getauthenticator(krb5_ctx->context,
+- auth_context, &authenti);
+- if (krb_retval) {
+- pr_krb5_err(krb5_ctx->context, krb_retval,
+- "while getting authenticator\n");
+- goto out_free_rep;
+- }
+-
+-#ifndef HAVE_KRB5_AUTHENTICATOR_CLIENT
+- krb_retval = krb5_build_principal_ext(krb5_ctx->context, &client,
+- strlen(authenti->crealm), authenti->crealm, 0);
+- if (krb_retval) {
+- pr_krb5_err(krb5_ctx->context, krb_retval,
+- "while getting authenticator client\n");
+- goto out_free_auth;
+- }
+- krb_retval = copy_PrincipalName(&authenti->cname, &client->name);
+- if (krb_retval) {
+- pr_krb5_err(krb5_ctx->context, krb_retval,
+- "while copying authenticator client name\n");
+- goto out_free_client;
+- }
+-#else
+- client = authenti->client;
+-#endif /* HAVE_KRB5_AUTHENTICATOR_CLIENT */
+-
+- krb_retval = krb5_unparse_name_flags(krb5_ctx->context,
+- client,
+- KRB5_PRINCIPAL_UNPARSE_NO_REALM, &client_name);
+- if (krb_retval) {
+- pr_krb5_err(krb5_ctx->context, krb_retval,
+- "while unparsing client name\n");
+- goto out_free_client;
+- }
+-
+- memset(auth_out, 0, sizeof(*auth_out));
+- auth_out->user_name = strdup(client_name);
+- if (!auth_out->user_name) {
+- krb5_free_unparsed_name(krb5_ctx->context, client_name);
+- retval = -ENOMEM;
+- goto out_free_client;
+- }
+- krb5_free_unparsed_name(krb5_ctx->context, client_name);
+-
+- auth_out->sess_key = malloc(KRB5_KEY_LENGTH(session_key));
+- if (!auth_out->sess_key) {
+- free(auth_out->user_name);
+- retval = -ENOMEM;
+- goto out_free_client;
+- }
+- memcpy(auth_out->sess_key, KRB5_KEY_DATA(session_key), KRB5_KEY_LENGTH(session_key));
+- auth_out->key_len = KRB5_KEY_LENGTH(session_key);
+-
+- if (spnego_encode(ap_rep.data, ap_rep.length,
+- mech_ctx->oid, mech_ctx->oid_len,
+- &auth_out->spnego_blob, &auth_out->blob_len)) {
+- free(auth_out->user_name);
+- free(auth_out->sess_key);
+- goto out_free_client;
+- }
+-
+- pr_info("Authenticated user `%s'\n", auth_out->user_name);
+- retval = 0;
+-
+-out_free_client:
+-#ifndef HAVE_KRB5_AUTHENTICATOR_CLIENT
+- krb5_free_principal(krb5_ctx->context, client);
+-#endif /* HAVE_KRB5_AUTHENTICATOR_CLIENT */
+-out_free_auth:
+-#ifdef HAVE_KRB5_AUTH_CON_GETAUTHENTICATOR_DOUBLE_POINTER
+- krb5_free_authenticator(krb5_ctx->context, authenti);
+-#else
+- krb5_free_authenticator(krb5_ctx->context, &authenti);
+-#endif /* HAVE_KRB5_AUTH_CON_GETAUTHENTICATOR_DOUBLE_POINTER */
+-out_free_rep:
+- krb5_free_data_contents(krb5_ctx->context, &ap_rep);
+-out_free_key:
+- krb5_free_keyblock(krb5_ctx->context, session_key);
+-out_free_con_auth:
+- krb5_free_ticket(krb5_ctx->context, ticket);
+- krb5_auth_con_free(krb5_ctx->context, auth_context);
+- return retval;
+-}
+-
+-static int setup_krb5_ctx(struct spnego_mech_ctx *mech_ctx)
+-{
+- struct spnego_krb5_ctx *krb5_ctx;
+- krb5_error_code krb_retval;
+-
+- krb5_ctx = g_try_malloc0(sizeof(*krb5_ctx));
+- if (!krb5_ctx)
+- return -ENOMEM;
+-
+- krb_retval = krb5_init_context(&krb5_ctx->context);
+- if (krb_retval) {
+- g_free(krb5_ctx);
+- pr_err("while initializing krb5 context\n");
+- return -EINVAL;
+- }
+-
+- krb_retval = acquire_creds_from_keytab(krb5_ctx->context,
+- mech_ctx->params.krb5.service_name,
+- mech_ctx->params.krb5.keytab_name,
+- &krb5_ctx->creds, &krb5_ctx->keytab);
+- if (krb_retval) {
+- krb5_free_context(krb5_ctx->context);
+- g_free(krb5_ctx);
+- return -EINVAL;
+- }
+-
+- mech_ctx->private = krb5_ctx;
+- return 0;
+-}
+-
+-static int setup_krb5(struct spnego_mech_ctx *mech_ctx)
+-{
+- mech_ctx->oid = KRB5_OID;
+- mech_ctx->oid_len = ARRAY_SIZE(KRB5_OID);
+- return setup_krb5_ctx(mech_ctx);
+-}
+-
+-static int setup_mskrb5(struct spnego_mech_ctx *mech_ctx)
+-{
+- mech_ctx->oid = MSKRB5_OID;
+- mech_ctx->oid_len = ARRAY_SIZE(MSKRB5_OID);
+- return setup_krb5_ctx(mech_ctx);
+-}
+-
+-static void cleanup_krb5(struct spnego_mech_ctx *mech_ctx)
+-{
+- if (mech_ctx->private) {
+- struct spnego_krb5_ctx *krb5_ctx;
+-
+- krb5_ctx = (struct spnego_krb5_ctx *)mech_ctx->private;
+- krb5_free_cred_contents(krb5_ctx->context, &krb5_ctx->creds);
+- krb5_kt_close(krb5_ctx->context, krb5_ctx->keytab);
+- krb5_free_context(krb5_ctx->context);
+- g_free(krb5_ctx);
+- mech_ctx->private = NULL;
+- }
+- if (mech_ctx->params.krb5.service_name)
+- free(mech_ctx->params.krb5.service_name);
+- if (mech_ctx->params.krb5.keytab_name)
+- free(mech_ctx->params.krb5.keytab_name);
+-}
+-
+-struct spnego_mech_operations spnego_krb5_operations = {
+- .setup = setup_krb5,
+- .cleanup = cleanup_krb5,
+- .handle_authen = handle_krb5_authen,
+-};
+-
+-struct spnego_mech_operations spnego_mskrb5_operations = {
+- .setup = setup_mskrb5,
+- .cleanup = cleanup_krb5,
+- .handle_authen = handle_krb5_authen,
+-};
+--- /dev/null
++++ b/tools/management/spnego_krb5.c
+@@ -0,0 +1,408 @@
++// SPDX-License-Identifier: GPL-2.0-or-later
++/*
++ * Copyright (C) 2020 LG Electronics
++ *
++ * linux-cifsd-devel@lists.sourceforge.net
++ */
++
++#include "tools.h"
++
++#include <stdlib.h>
++#include <string.h>
++#include <unistd.h>
++#include <sys/types.h>
++#include <sys/socket.h>
++#include <netdb.h>
++#include <krb5.h>
++
++#include <management/spnego.h>
++#include <asn1.h>
++#include "spnego_mech.h"
++
++#ifndef HAVE_KRB5_AUTH_CON_GETRECVSUBKEY
++krb5_error_code krb5_auth_con_getrecvsubkey(krb5_context context,
++ krb5_auth_context auth_context, krb5_keyblock **keyblock)
++{
++ return krb5_auth_con_getremotesubkey(context, auth_context, keyblock);
++}
++#endif /* HAVE_KRB5_AUTH_CON_GETRECVSUBKEY */
++
++#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE
++#define KRB5_KEY_TYPE(k) ((k)->keytype)
++#define KRB5_KEY_LENGTH(k) ((k)->keyvalue.length)
++#define KRB5_KEY_DATA(k) ((k)->keyvalue.data)
++#else
++#define KRB5_KEY_TYPE(k) ((k)->enctype)
++#define KRB5_KEY_LENGTH(k) ((k)->length)
++#define KRB5_KEY_DATA(k) ((k)->contents)
++#endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */
++
++struct spnego_krb5_ctx {
++ krb5_context context;
++ krb5_keytab keytab;
++ krb5_creds creds;
++};
++
++#define SERVICE_NAME "cifs"
++
++#define pr_krb5_err(_context, _retval, _fmt, ...) \
++ do { \
++ const char *msg = krb5_get_error_message(_context, _retval); \
++ pr_err("%s: " _fmt, msg, ##__VA_ARGS__); \
++ krb5_free_error_message(_context, msg); \
++ } while (0)
++
++static char *get_service_name(void)
++{
++ return strdup(SERVICE_NAME);
++}
++
++static char *get_host_name(void)
++{
++ struct addrinfo hint, *ai;
++ char *host_name;
++ char hostname[NI_MAXHOST];
++
++ if (gethostname(hostname, sizeof(hostname)))
++ return NULL;
++
++ memset(&hint, 0, sizeof(hint));
++ hint.ai_family = AF_UNSPEC;
++ hint.ai_flags = AI_CANONNAME | AI_ADDRCONFIG;
++ if (getaddrinfo(hostname, NULL, &hint, &ai))
++ return NULL;
++
++ host_name = strdup(ai->ai_canonname);
++ freeaddrinfo(ai);
++ return host_name;
++}
++
++/* Service full name is <service name>[/<host FQDN>[@REALM>]] */
++static int parse_service_full_name(char *service_full_name,
++ char **service_name,
++ char **host_name)
++{
++ char *name, *delim;
++
++ *service_name = NULL;
++ *host_name = NULL;
++
++ if (!service_full_name) {
++ *service_name = get_service_name();
++ *host_name = get_host_name();
++ goto out;
++ }
++
++ name = service_full_name;
++ delim = strchr(name, '/');
++ if (!delim) {
++ *service_name = strdup(name);
++ *host_name = get_host_name();
++ goto out;
++ }
++ *service_name = strndup(name, delim - name);
++ if (*service_name == NULL)
++ return -ENOMEM;
++
++ name = delim + 1;
++ delim = strchr(name, '@');
++ if (!delim) {
++ *host_name = strdup(name);
++ goto out;
++ }
++ *host_name = strndup(name, delim - name);
++ if (*host_name == NULL) {
++ free(*service_name);
++ *service_name = NULL;
++ return -ENOMEM;
++ }
++out:
++ /* we assume the host name is FQDN if it has "." */
++ if (*host_name && strchr(*host_name, '.'))
++ return 0;
++
++ free(*service_name);
++ free(*host_name);
++ *service_name = NULL;
++ *host_name = NULL;
++ return -EINVAL;
++}
++
++static krb5_error_code acquire_creds_from_keytab(krb5_context context,
++ char *service_full_name, char *keytab_name,
++ krb5_creds *out_creds, krb5_keytab *keytab)
++{
++ krb5_error_code retval;
++ krb5_principal sprinc = NULL;
++ char *host_name = NULL, *service_name = NULL;
++
++ if (keytab_name)
++ retval = krb5_kt_resolve(context, keytab_name, keytab);
++ else
++ retval = krb5_kt_default(context, keytab);
++ if (retval) {
++ pr_krb5_err(context, retval, "while resolving keytab\n");
++ return retval;
++ }
++
++ if (parse_service_full_name(service_full_name,
++ &service_name, &host_name)) {
++ retval = KRB5_ERR_HOST_REALM_UNKNOWN;
++ pr_krb5_err(context, retval, "while getting host name\n");
++ goto out_err;
++ }
++
++ retval = krb5_sname_to_principal(context, host_name, service_name,
++ KRB5_NT_UNKNOWN, &sprinc);
++ if (retval) {
++ pr_krb5_err(context, retval, "while generating service name\n");
++ goto out_err;
++ }
++
++ retval = krb5_get_init_creds_keytab(context, out_creds, sprinc,
++ *keytab, 0, NULL, NULL);
++ if (retval) {
++ char *name;
++
++ krb5_unparse_name(context, sprinc, &name);
++ pr_krb5_err(context, retval,
++ "while getting credentials for %s\n", name);
++ krb5_free_unparsed_name(context, name);
++ goto out_err;
++ }
++
++ free(host_name);
++ free(service_name);
++ return 0;
++out_err:
++ if (sprinc)
++ krb5_free_principal(context, sprinc);
++ if (service_name)
++ free(service_name);
++ if (host_name)
++ free(host_name);
++ if (*keytab)
++ krb5_kt_close(context, *keytab);
++ return retval;
++}
++
++static int handle_krb5_authen(struct spnego_mech_ctx *mech_ctx,
++ char *in_blob, unsigned int in_len,
++ struct ksmbd_spnego_auth_out *auth_out,
++ spnego_encode_t spnego_encode)
++{
++ struct spnego_krb5_ctx *krb5_ctx;
++ char *client_name;
++ krb5_auth_context auth_context;
++ krb5_data packet, ap_rep;
++ krb5_ticket *ticket = NULL;
++ krb5_keyblock *session_key;
++#ifdef HAVE_KRB5_AUTH_CON_GETAUTHENTICATOR_DOUBLE_POINTER
++ krb5_authenticator *authenti;
++#else
++ krb5_authenticator authenti;
++#endif /* HAVE_KRB5_AUTH_CON_GETAUTHENTICATOR_DOUBLE_POINTER */
++ krb5_principal client;
++ int retval = -EINVAL;
++ krb5_error_code krb_retval;
++
++ krb5_ctx = (struct spnego_krb5_ctx *)mech_ctx->private;
++ if (!krb5_ctx)
++ return -EINVAL;
++
++ krb_retval = krb5_auth_con_init(krb5_ctx->context, &auth_context);
++ if (krb_retval) {
++ pr_krb5_err(krb5_ctx->context, krb_retval,
++ "while initializing auth context\n");
++ return -EINVAL;
++ }
++
++ packet.length = in_len;
++ packet.data = (krb5_pointer)in_blob;
++ krb_retval = krb5_rd_req(krb5_ctx->context, &auth_context, &packet,
++ krb5_ctx->creds.client, krb5_ctx->keytab,
++ NULL, &ticket);
++ if (krb_retval) {
++ char *name;
++
++ krb5_unparse_name(krb5_ctx->context, krb5_ctx->creds.client,
++ &name);
++ krb5_auth_con_free(krb5_ctx->context, auth_context);
++ pr_krb5_err(krb5_ctx->context, krb_retval,
++ "while decoding AP_REQ with %s creds\n", name);
++ krb5_free_unparsed_name(krb5_ctx->context, name);
++ return -EINVAL;
++ }
++
++ krb_retval = krb5_auth_con_getrecvsubkey(krb5_ctx->context,
++ auth_context, &session_key);
++ if (krb_retval) {
++ pr_krb5_err(krb5_ctx->context, krb_retval,
++ "while reading session key\n");
++ goto out_free_con_auth;
++ }
++
++ krb_retval = krb5_mk_rep(krb5_ctx->context, auth_context, &ap_rep);
++ if (krb_retval) {
++ pr_krb5_err(krb5_ctx->context, krb_retval,
++ "while making AP_REP\n");
++ goto out_free_key;
++ }
++
++ krb_retval = krb5_auth_con_getauthenticator(krb5_ctx->context,
++ auth_context, &authenti);
++ if (krb_retval) {
++ pr_krb5_err(krb5_ctx->context, krb_retval,
++ "while getting authenticator\n");
++ goto out_free_rep;
++ }
++
++#ifndef HAVE_KRB5_AUTHENTICATOR_CLIENT
++ krb_retval = krb5_build_principal_ext(krb5_ctx->context, &client,
++ strlen(authenti->crealm), authenti->crealm, 0);
++ if (krb_retval) {
++ pr_krb5_err(krb5_ctx->context, krb_retval,
++ "while getting authenticator client\n");
++ goto out_free_auth;
++ }
++ krb_retval = copy_PrincipalName(&authenti->cname, &client->name);
++ if (krb_retval) {
++ pr_krb5_err(krb5_ctx->context, krb_retval,
++ "while copying authenticator client name\n");
++ goto out_free_client;
++ }
++#else
++ client = authenti->client;
++#endif /* HAVE_KRB5_AUTHENTICATOR_CLIENT */
++
++ krb_retval = krb5_unparse_name_flags(krb5_ctx->context,
++ client,
++ KRB5_PRINCIPAL_UNPARSE_NO_REALM, &client_name);
++ if (krb_retval) {
++ pr_krb5_err(krb5_ctx->context, krb_retval,
++ "while unparsing client name\n");
++ goto out_free_client;
++ }
++
++ memset(auth_out, 0, sizeof(*auth_out));
++ auth_out->user_name = strdup(client_name);
++ if (!auth_out->user_name) {
++ krb5_free_unparsed_name(krb5_ctx->context, client_name);
++ retval = -ENOMEM;
++ goto out_free_client;
++ }
++ krb5_free_unparsed_name(krb5_ctx->context, client_name);
++
++ auth_out->sess_key = malloc(KRB5_KEY_LENGTH(session_key));
++ if (!auth_out->sess_key) {
++ free(auth_out->user_name);
++ retval = -ENOMEM;
++ goto out_free_client;
++ }
++ memcpy(auth_out->sess_key, KRB5_KEY_DATA(session_key), KRB5_KEY_LENGTH(session_key));
++ auth_out->key_len = KRB5_KEY_LENGTH(session_key);
++
++ if (spnego_encode(ap_rep.data, ap_rep.length,
++ mech_ctx->oid, mech_ctx->oid_len,
++ &auth_out->spnego_blob, &auth_out->blob_len)) {
++ free(auth_out->user_name);
++ free(auth_out->sess_key);
++ goto out_free_client;
++ }
++
++ pr_info("Authenticated user `%s'\n", auth_out->user_name);
++ retval = 0;
++
++out_free_client:
++#ifndef HAVE_KRB5_AUTHENTICATOR_CLIENT
++ krb5_free_principal(krb5_ctx->context, client);
++#endif /* HAVE_KRB5_AUTHENTICATOR_CLIENT */
++out_free_auth:
++#ifdef HAVE_KRB5_AUTH_CON_GETAUTHENTICATOR_DOUBLE_POINTER
++ krb5_free_authenticator(krb5_ctx->context, authenti);
++#else
++ krb5_free_authenticator(krb5_ctx->context, &authenti);
++#endif /* HAVE_KRB5_AUTH_CON_GETAUTHENTICATOR_DOUBLE_POINTER */
++out_free_rep:
++ krb5_free_data_contents(krb5_ctx->context, &ap_rep);
++out_free_key:
++ krb5_free_keyblock(krb5_ctx->context, session_key);
++out_free_con_auth:
++ krb5_free_ticket(krb5_ctx->context, ticket);
++ krb5_auth_con_free(krb5_ctx->context, auth_context);
++ return retval;
++}
++
++static int setup_krb5_ctx(struct spnego_mech_ctx *mech_ctx)
++{
++ struct spnego_krb5_ctx *krb5_ctx;
++ krb5_error_code krb_retval;
++
++ krb5_ctx = g_try_malloc0(sizeof(*krb5_ctx));
++ if (!krb5_ctx)
++ return -ENOMEM;
++
++ krb_retval = krb5_init_context(&krb5_ctx->context);
++ if (krb_retval) {
++ g_free(krb5_ctx);
++ pr_err("while initializing krb5 context\n");
++ return -EINVAL;
++ }
++
++ krb_retval = acquire_creds_from_keytab(krb5_ctx->context,
++ mech_ctx->params.krb5.service_name,
++ mech_ctx->params.krb5.keytab_name,
++ &krb5_ctx->creds, &krb5_ctx->keytab);
++ if (krb_retval) {
++ krb5_free_context(krb5_ctx->context);
++ g_free(krb5_ctx);
++ return -EINVAL;
++ }
++
++ mech_ctx->private = krb5_ctx;
++ return 0;
++}
++
++static int setup_krb5(struct spnego_mech_ctx *mech_ctx)
++{
++ mech_ctx->oid = KRB5_OID;
++ mech_ctx->oid_len = ARRAY_SIZE(KRB5_OID);
++ return setup_krb5_ctx(mech_ctx);
++}
++
++static int setup_mskrb5(struct spnego_mech_ctx *mech_ctx)
++{
++ mech_ctx->oid = MSKRB5_OID;
++ mech_ctx->oid_len = ARRAY_SIZE(MSKRB5_OID);
++ return setup_krb5_ctx(mech_ctx);
++}
++
++static void cleanup_krb5(struct spnego_mech_ctx *mech_ctx)
++{
++ if (mech_ctx->private) {
++ struct spnego_krb5_ctx *krb5_ctx;
++
++ krb5_ctx = (struct spnego_krb5_ctx *)mech_ctx->private;
++ krb5_free_cred_contents(krb5_ctx->context, &krb5_ctx->creds);
++ krb5_kt_close(krb5_ctx->context, krb5_ctx->keytab);
++ krb5_free_context(krb5_ctx->context);
++ g_free(krb5_ctx);
++ mech_ctx->private = NULL;
++ }
++ if (mech_ctx->params.krb5.service_name)
++ free(mech_ctx->params.krb5.service_name);
++ if (mech_ctx->params.krb5.keytab_name)
++ free(mech_ctx->params.krb5.keytab_name);
++}
++
++struct spnego_mech_operations spnego_krb5_operations = {
++ .setup = setup_krb5,
++ .cleanup = cleanup_krb5,
++ .handle_authen = handle_krb5_authen,
++};
++
++struct spnego_mech_operations spnego_mskrb5_operations = {
++ .setup = setup_mskrb5,
++ .cleanup = cleanup_krb5,
++ .handle_authen = handle_krb5_authen,
++};
+--- a/lib/management/tree_conn.c
++++ /dev/null
+@@ -1,231 +0,0 @@
+-// SPDX-License-Identifier: GPL-2.0-or-later
+-/*
+- * Copyright (C) 2018 Samsung Electronics Co., Ltd.
+- *
+- * linux-cifsd-devel@lists.sourceforge.net
+- */
+-
+-#include <stdlib.h>
+-#include <string.h>
+-#include <glib.h>
+-
+-#include "linux/ksmbd_server.h"
+-#include "management/tree_conn.h"
+-#include "management/session.h"
+-#include "management/share.h"
+-#include "management/user.h"
+-#include "ksmbdtools.h"
+-
+-static struct ksmbd_tree_conn *new_ksmbd_tree_conn(void)
+-{
+- struct ksmbd_tree_conn *conn;
+-
+- conn = g_try_malloc0(sizeof(struct ksmbd_tree_conn));
+- if (!conn)
+- return NULL;
+-
+- conn->id = 0;
+- return conn;
+-}
+-
+-void tcm_tree_conn_free(struct ksmbd_tree_conn *conn)
+-{
+- shm_close_connection(conn->share);
+- put_ksmbd_share(conn->share);
+- g_free(conn);
+-}
+-
+-int tcm_handle_tree_connect(struct ksmbd_tree_connect_request *req,
+- struct ksmbd_tree_connect_response *resp)
+-{
+- struct ksmbd_user *user = NULL;
+- struct ksmbd_share *share = NULL;
+- struct ksmbd_tree_conn *conn = new_ksmbd_tree_conn();
+- int ret;
+-
+- if (!conn) {
+- resp->status = KSMBD_TREE_CONN_STATUS_NOMEM;
+- return -ENOMEM;
+- }
+-
+- if (sm_check_sessions_capacity(req->session_id)) {
+- resp->status = KSMBD_TREE_CONN_STATUS_TOO_MANY_SESSIONS;
+- pr_debug("treecon: Too many active sessions\n");
+- goto out_error;
+- }
+-
+- if (global_conf.map_to_guest == KSMBD_CONF_MAP_TO_GUEST_NEVER) {
+- if (req->account_flags & KSMBD_USER_FLAG_BAD_PASSWORD) {
+- resp->status = KSMBD_TREE_CONN_STATUS_INVALID_USER;
+- pr_debug("treecon: Bad user password\n");
+- goto out_error;
+- }
+- }
+-
+- share = shm_lookup_share(req->share);
+- if (!share) {
+- resp->status = KSMBD_TREE_CONN_STATUS_NO_SHARE;
+- pr_err("treecon: Unknown net share: %s\n", req->share);
+- goto out_error;
+- }
+-
+- if (test_share_flag(share, KSMBD_SHARE_FLAG_WRITEABLE))
+- set_conn_flag(conn, KSMBD_TREE_CONN_FLAG_WRITABLE);
+- if (test_share_flag(share, KSMBD_SHARE_FLAG_READONLY))
+- set_conn_flag(conn, KSMBD_TREE_CONN_FLAG_READ_ONLY);
+- if (test_share_flag(share, KSMBD_SHARE_FLAG_UPDATE))
+- set_conn_flag(conn, KSMBD_TREE_CONN_FLAG_UPDATE);
+-
+- if (shm_open_connection(share)) {
+- resp->status = KSMBD_TREE_CONN_STATUS_TOO_MANY_CONNS;
+- pr_debug("treecon: Too many connections to net share\n");
+- goto out_error;
+- }
+-
+- ret = shm_lookup_hosts_map(share,
+- KSMBD_SHARE_HOSTS_ALLOW_MAP,
+- req->peer_addr);
+- if (ret == -ENOENT) {
+- resp->status = KSMBD_TREE_CONN_STATUS_HOST_DENIED;
+- pr_debug("treecon: Host denied: %s\n", req->peer_addr);
+- goto out_error;
+- }
+-
+- if (ret != 0) {
+- ret = shm_lookup_hosts_map(share,
+- KSMBD_SHARE_HOSTS_DENY_MAP,
+- req->peer_addr);
+- if (ret == 0) {
+- resp->status = KSMBD_TREE_CONN_STATUS_HOST_DENIED;
+- pr_err("treecon: Host denied: %s\n", req->peer_addr);
+- goto out_error;
+- }
+- }
+-
+- if (global_conf.restrict_anon >= KSMBD_RESTRICT_ANON_TYPE_1) {
+- int deny;
+-
+- deny = !test_share_flag(share, KSMBD_SHARE_FLAG_GUEST_OK);
+- deny |= test_share_flag(share, KSMBD_SHARE_FLAG_PIPE);
+-
+- if (req->account_flags & KSMBD_USER_FLAG_GUEST_ACCOUNT &&
+- deny) {
+- pr_debug("treecon: Deny, restricted session\n");
+- resp->status = KSMBD_TREE_CONN_STATUS_ERROR;
+- goto out_error;
+- }
+- }
+-
+- if ((req->account_flags & KSMBD_USER_FLAG_GUEST_ACCOUNT) &&
+- !test_share_flag(share, KSMBD_SHARE_FLAG_PIPE) &&
+- !test_share_flag(share, KSMBD_SHARE_FLAG_GUEST_OK)) {
+- pr_debug("treecon: Deny, guest not allowed\n");
+- resp->status = KSMBD_TREE_CONN_STATUS_ERROR;
+- goto out_error;
+- }
+-
+- if ((req->account_flags & KSMBD_USER_FLAG_GUEST_ACCOUNT) &&
+- test_share_flag(share, KSMBD_SHARE_FLAG_GUEST_OK)) {
+- pr_debug("treecon: Net share permits guest login\n");
+- user = usm_lookup_user(share->guest_account);
+- if (user) {
+- set_conn_flag(conn, KSMBD_TREE_CONN_FLAG_GUEST_ACCOUNT);
+- goto bind;
+- }
+-
+- user = usm_lookup_user(global_conf.guest_account);
+- if (user) {
+- set_conn_flag(conn, KSMBD_TREE_CONN_FLAG_GUEST_ACCOUNT);
+- goto bind;
+- }
+- }
+-
+- user = usm_lookup_user(req->account);
+- if (!user) {
+- resp->status = KSMBD_TREE_CONN_STATUS_NO_USER;
+- pr_err("treecon: User `%s' not found\n", req->account);
+- goto out_error;
+- }
+-
+- user->failed_login_count = 0;
+- user->flags &= ~KSMBD_USER_FLAG_DELAY_SESSION;
+-
+- if (test_user_flag(user, KSMBD_USER_FLAG_GUEST_ACCOUNT))
+- set_conn_flag(conn, KSMBD_TREE_CONN_FLAG_GUEST_ACCOUNT);
+-
+- ret = shm_lookup_users_map(share,
+- KSMBD_SHARE_ADMIN_USERS_MAP,
+- req->account);
+- if (ret == 0) {
+- set_conn_flag(conn, KSMBD_TREE_CONN_FLAG_ADMIN_ACCOUNT);
+- goto bind;
+- }
+-
+- ret = shm_lookup_users_map(share,
+- KSMBD_SHARE_INVALID_USERS_MAP,
+- req->account);
+- if (ret == 0) {
+- resp->status = KSMBD_TREE_CONN_STATUS_INVALID_USER;
+- pr_err("treecon: User is on invalid users list\n");
+- goto out_error;
+- }
+-
+- ret = shm_lookup_users_map(share,
+- KSMBD_SHARE_READ_LIST_MAP,
+- req->account);
+- if (ret == 0) {
+- set_conn_flag(conn, KSMBD_TREE_CONN_FLAG_READ_ONLY);
+- clear_conn_flag(conn, KSMBD_TREE_CONN_FLAG_WRITABLE);
+- goto bind;
+- }
+-
+- ret = shm_lookup_users_map(share,
+- KSMBD_SHARE_WRITE_LIST_MAP,
+- req->account);
+- if (ret == 0) {
+- set_conn_flag(conn, KSMBD_TREE_CONN_FLAG_WRITABLE);
+- goto bind;
+- }
+-
+- ret = shm_lookup_users_map(share,
+- KSMBD_SHARE_VALID_USERS_MAP,
+- req->account);
+- if (ret == 0)
+- goto bind;
+- if (ret == -ENOENT) {
+- resp->status = KSMBD_TREE_CONN_STATUS_INVALID_USER;
+- pr_err("treecon: User is not on valid users list\n");
+- goto out_error;
+- }
+-
+-bind:
+- conn->id = req->connect_id;
+- conn->share = share;
+- resp->status = KSMBD_TREE_CONN_STATUS_OK;
+- resp->connection_flags = conn->flags;
+-
+- if (sm_handle_tree_connect(req->session_id, user, conn)) {
+- pr_err("treecon: Unable to bind tree connection\n");
+- tcm_tree_conn_free(conn);
+- put_ksmbd_user(user);
+- }
+-
+- g_rw_lock_writer_lock(&share->update_lock);
+- clear_share_flag(share, KSMBD_SHARE_FLAG_UPDATE);
+- g_rw_lock_writer_unlock(&share->update_lock);
+-
+- return 0;
+-out_error:
+- tcm_tree_conn_free(conn);
+- shm_close_connection(share);
+- put_ksmbd_share(share);
+- put_ksmbd_user(user);
+- return -EINVAL;
+-}
+-
+-int tcm_handle_tree_disconnect(unsigned long long sess_id,
+- unsigned long long tree_conn_id)
+-{
+- sm_handle_tree_disconnect(sess_id, tree_conn_id);
+- return 0;
+-}
+--- /dev/null
++++ b/tools/management/tree_conn.c
+@@ -0,0 +1,231 @@
++// SPDX-License-Identifier: GPL-2.0-or-later
++/*
++ * Copyright (C) 2018 Samsung Electronics Co., Ltd.
++ *
++ * linux-cifsd-devel@lists.sourceforge.net
++ */
++
++#include <stdlib.h>
++#include <string.h>
++#include <glib.h>
++
++#include "linux/ksmbd_server.h"
++#include "management/tree_conn.h"
++#include "management/session.h"
++#include "management/share.h"
++#include "management/user.h"
++#include "tools.h"
++
++static struct ksmbd_tree_conn *new_ksmbd_tree_conn(void)
++{
++ struct ksmbd_tree_conn *conn;
++
++ conn = g_try_malloc0(sizeof(struct ksmbd_tree_conn));
++ if (!conn)
++ return NULL;
++
++ conn->id = 0;
++ return conn;
++}
++
++void tcm_tree_conn_free(struct ksmbd_tree_conn *conn)
++{
++ shm_close_connection(conn->share);
++ put_ksmbd_share(conn->share);
++ g_free(conn);
++}
++
++int tcm_handle_tree_connect(struct ksmbd_tree_connect_request *req,
++ struct ksmbd_tree_connect_response *resp)
++{
++ struct ksmbd_user *user = NULL;
++ struct ksmbd_share *share = NULL;
++ struct ksmbd_tree_conn *conn = new_ksmbd_tree_conn();
++ int ret;
++
++ if (!conn) {
++ resp->status = KSMBD_TREE_CONN_STATUS_NOMEM;
++ return -ENOMEM;
++ }
++
++ if (sm_check_sessions_capacity(req->session_id)) {
++ resp->status = KSMBD_TREE_CONN_STATUS_TOO_MANY_SESSIONS;
++ pr_debug("treecon: Too many active sessions\n");
++ goto out_error;
++ }
++
++ if (global_conf.map_to_guest == KSMBD_CONF_MAP_TO_GUEST_NEVER) {
++ if (req->account_flags & KSMBD_USER_FLAG_BAD_PASSWORD) {
++ resp->status = KSMBD_TREE_CONN_STATUS_INVALID_USER;
++ pr_debug("treecon: Bad user password\n");
++ goto out_error;
++ }
++ }
++
++ share = shm_lookup_share(req->share);
++ if (!share) {
++ resp->status = KSMBD_TREE_CONN_STATUS_NO_SHARE;
++ pr_err("treecon: Unknown net share: %s\n", req->share);
++ goto out_error;
++ }
++
++ if (test_share_flag(share, KSMBD_SHARE_FLAG_WRITEABLE))
++ set_conn_flag(conn, KSMBD_TREE_CONN_FLAG_WRITABLE);
++ if (test_share_flag(share, KSMBD_SHARE_FLAG_READONLY))
++ set_conn_flag(conn, KSMBD_TREE_CONN_FLAG_READ_ONLY);
++ if (test_share_flag(share, KSMBD_SHARE_FLAG_UPDATE))
++ set_conn_flag(conn, KSMBD_TREE_CONN_FLAG_UPDATE);
++
++ if (shm_open_connection(share)) {
++ resp->status = KSMBD_TREE_CONN_STATUS_TOO_MANY_CONNS;
++ pr_debug("treecon: Too many connections to net share\n");
++ goto out_error;
++ }
++
++ ret = shm_lookup_hosts_map(share,
++ KSMBD_SHARE_HOSTS_ALLOW_MAP,
++ req->peer_addr);
++ if (ret == -ENOENT) {
++ resp->status = KSMBD_TREE_CONN_STATUS_HOST_DENIED;
++ pr_debug("treecon: Host denied: %s\n", req->peer_addr);
++ goto out_error;
++ }
++
++ if (ret != 0) {
++ ret = shm_lookup_hosts_map(share,
++ KSMBD_SHARE_HOSTS_DENY_MAP,
++ req->peer_addr);
++ if (ret == 0) {
++ resp->status = KSMBD_TREE_CONN_STATUS_HOST_DENIED;
++ pr_err("treecon: Host denied: %s\n", req->peer_addr);
++ goto out_error;
++ }
++ }
++
++ if (global_conf.restrict_anon >= KSMBD_RESTRICT_ANON_TYPE_1) {
++ int deny;
++
++ deny = !test_share_flag(share, KSMBD_SHARE_FLAG_GUEST_OK);
++ deny |= test_share_flag(share, KSMBD_SHARE_FLAG_PIPE);
++
++ if (req->account_flags & KSMBD_USER_FLAG_GUEST_ACCOUNT &&
++ deny) {
++ pr_debug("treecon: Deny, restricted session\n");
++ resp->status = KSMBD_TREE_CONN_STATUS_ERROR;
++ goto out_error;
++ }
++ }
++
++ if ((req->account_flags & KSMBD_USER_FLAG_GUEST_ACCOUNT) &&
++ !test_share_flag(share, KSMBD_SHARE_FLAG_PIPE) &&
++ !test_share_flag(share, KSMBD_SHARE_FLAG_GUEST_OK)) {
++ pr_debug("treecon: Deny, guest not allowed\n");
++ resp->status = KSMBD_TREE_CONN_STATUS_ERROR;
++ goto out_error;
++ }
++
++ if ((req->account_flags & KSMBD_USER_FLAG_GUEST_ACCOUNT) &&
++ test_share_flag(share, KSMBD_SHARE_FLAG_GUEST_OK)) {
++ pr_debug("treecon: Net share permits guest login\n");
++ user = usm_lookup_user(share->guest_account);
++ if (user) {
++ set_conn_flag(conn, KSMBD_TREE_CONN_FLAG_GUEST_ACCOUNT);
++ goto bind;
++ }
++
++ user = usm_lookup_user(global_conf.guest_account);
++ if (user) {
++ set_conn_flag(conn, KSMBD_TREE_CONN_FLAG_GUEST_ACCOUNT);
++ goto bind;
++ }
++ }
++
++ user = usm_lookup_user(req->account);
++ if (!user) {
++ resp->status = KSMBD_TREE_CONN_STATUS_NO_USER;
++ pr_err("treecon: User `%s' not found\n", req->account);
++ goto out_error;
++ }
++
++ user->failed_login_count = 0;
++ user->flags &= ~KSMBD_USER_FLAG_DELAY_SESSION;
++
++ if (test_user_flag(user, KSMBD_USER_FLAG_GUEST_ACCOUNT))
++ set_conn_flag(conn, KSMBD_TREE_CONN_FLAG_GUEST_ACCOUNT);
++
++ ret = shm_lookup_users_map(share,
++ KSMBD_SHARE_ADMIN_USERS_MAP,
++ req->account);
++ if (ret == 0) {
++ set_conn_flag(conn, KSMBD_TREE_CONN_FLAG_ADMIN_ACCOUNT);
++ goto bind;
++ }
++
++ ret = shm_lookup_users_map(share,
++ KSMBD_SHARE_INVALID_USERS_MAP,
++ req->account);
++ if (ret == 0) {
++ resp->status = KSMBD_TREE_CONN_STATUS_INVALID_USER;
++ pr_err("treecon: User is on invalid users list\n");
++ goto out_error;
++ }
++
++ ret = shm_lookup_users_map(share,
++ KSMBD_SHARE_READ_LIST_MAP,
++ req->account);
++ if (ret == 0) {
++ set_conn_flag(conn, KSMBD_TREE_CONN_FLAG_READ_ONLY);
++ clear_conn_flag(conn, KSMBD_TREE_CONN_FLAG_WRITABLE);
++ goto bind;
++ }
++
++ ret = shm_lookup_users_map(share,
++ KSMBD_SHARE_WRITE_LIST_MAP,
++ req->account);
++ if (ret == 0) {
++ set_conn_flag(conn, KSMBD_TREE_CONN_FLAG_WRITABLE);
++ goto bind;
++ }
++
++ ret = shm_lookup_users_map(share,
++ KSMBD_SHARE_VALID_USERS_MAP,
++ req->account);
++ if (ret == 0)
++ goto bind;
++ if (ret == -ENOENT) {
++ resp->status = KSMBD_TREE_CONN_STATUS_INVALID_USER;
++ pr_err("treecon: User is not on valid users list\n");
++ goto out_error;
++ }
++
++bind:
++ conn->id = req->connect_id;
++ conn->share = share;
++ resp->status = KSMBD_TREE_CONN_STATUS_OK;
++ resp->connection_flags = conn->flags;
++
++ if (sm_handle_tree_connect(req->session_id, user, conn)) {
++ pr_err("treecon: Unable to bind tree connection\n");
++ tcm_tree_conn_free(conn);
++ put_ksmbd_user(user);
++ }
++
++ g_rw_lock_writer_lock(&share->update_lock);
++ clear_share_flag(share, KSMBD_SHARE_FLAG_UPDATE);
++ g_rw_lock_writer_unlock(&share->update_lock);
++
++ return 0;
++out_error:
++ tcm_tree_conn_free(conn);
++ shm_close_connection(share);
++ put_ksmbd_share(share);
++ put_ksmbd_user(user);
++ return -EINVAL;
++}
++
++int tcm_handle_tree_disconnect(unsigned long long sess_id,
++ unsigned long long tree_conn_id)
++{
++ sm_handle_tree_disconnect(sess_id, tree_conn_id);
++ return 0;
++}
+--- a/lib/management/user.c
++++ /dev/null
+@@ -1,412 +0,0 @@
+-// SPDX-License-Identifier: GPL-2.0-or-later
+-/*
+- * Copyright (C) 2018 Samsung Electronics Co., Ltd.
+- *
+- * linux-cifsd-devel@lists.sourceforge.net
+- */
+-
+-#include <stdlib.h>
+-#include <string.h>
+-#include <glib.h>
+-
+-#include "linux/ksmbd_server.h"
+-#include "management/user.h"
+-#include "ksmbdtools.h"
+-
+-#define KSMBD_USER_STATE_FREEING 1
+-
+-static GHashTable *users_table;
+-static GRWLock users_table_lock;
+-
+-static void kill_ksmbd_user(struct ksmbd_user *user)
+-{
+- pr_debug("Kill user `%s'\n", user->name);
+-
+- free(user->name);
+- free(user->pass_b64);
+- free(user->pass);
+- g_rw_lock_clear(&user->update_lock);
+- g_free(user);
+-}
+-
+-static int __usm_remove_user(struct ksmbd_user *user)
+-{
+- int ret = 0;
+-
+- if (user->state != KSMBD_USER_STATE_FREEING) {
+- g_rw_lock_writer_lock(&users_table_lock);
+- if (!g_hash_table_remove(users_table, user->name))
+- ret = -EINVAL;
+- g_rw_lock_writer_unlock(&users_table_lock);
+- }
+- if (!ret)
+- kill_ksmbd_user(user);
+- return ret;
+-}
+-
+-struct ksmbd_user *get_ksmbd_user(struct ksmbd_user *user)
+-{
+- g_rw_lock_writer_lock(&user->update_lock);
+- if (user->ref_count != 0) {
+- user->ref_count++;
+- g_rw_lock_writer_unlock(&user->update_lock);
+- } else {
+- g_rw_lock_writer_unlock(&user->update_lock);
+- user = NULL;
+- }
+- return user;
+-}
+-
+-void put_ksmbd_user(struct ksmbd_user *user)
+-{
+- int drop;
+-
+- if (!user)
+- return;
+-
+- g_rw_lock_writer_lock(&user->update_lock);
+- user->ref_count--;
+- drop = !user->ref_count;
+- g_rw_lock_writer_unlock(&user->update_lock);
+-
+- if (!drop)
+- return;
+-
+- __usm_remove_user(user);
+-}
+-
+-static gboolean put_user_callback(gpointer _k, gpointer _v, gpointer data)
+-{
+- struct ksmbd_user *user = (struct ksmbd_user *)_v;
+-
+- user->state = KSMBD_USER_STATE_FREEING;
+- put_ksmbd_user(user);
+- return TRUE;
+-}
+-
+-void usm_remove_all_users(void)
+-{
+- g_rw_lock_writer_lock(&users_table_lock);
+- g_hash_table_foreach_remove(users_table, put_user_callback, NULL);
+- g_rw_lock_writer_unlock(&users_table_lock);
+-}
+-
+-static struct ksmbd_user *new_ksmbd_user(char *name, char *pwd)
+-{
+- struct ksmbd_user *user;
+- struct passwd *passwd;
+- size_t pass_sz;
+-
+- user = g_try_malloc0(sizeof(struct ksmbd_user));
+- if (!user)
+- return NULL;
+-
+- g_rw_lock_init(&user->update_lock);
+- user->name = name;
+- user->pass_b64 = pwd;
+- user->ref_count = 1;
+- user->gid = 9999;
+- user->uid = 9999;
+- passwd = getpwnam(name);
+- if (passwd) {
+- user->uid = passwd->pw_uid;
+- user->gid = passwd->pw_gid;
+- }
+-
+- user->pass = base64_decode(user->pass_b64, &pass_sz);
+- user->pass_sz = (int)pass_sz;
+- return user;
+-}
+-
+-static void free_hash_entry(gpointer k, gpointer u, gpointer user_data)
+-{
+- kill_ksmbd_user(u);
+-}
+-
+-static void usm_clear_users(void)
+-{
+- g_hash_table_foreach(users_table, free_hash_entry, NULL);
+-}
+-
+-void usm_destroy(void)
+-{
+- if (users_table) {
+- usm_clear_users();
+- g_hash_table_destroy(users_table);
+- }
+- g_rw_lock_clear(&users_table_lock);
+-}
+-
+-int usm_init(void)
+-{
+- users_table = g_hash_table_new(g_str_hash, g_str_equal);
+- if (!users_table)
+- return -ENOMEM;
+- g_rw_lock_init(&users_table_lock);
+- return 0;
+-}
+-
+-static struct ksmbd_user *__usm_lookup_user(char *name)
+-{
+- return g_hash_table_lookup(users_table, name);
+-}
+-
+-struct ksmbd_user *usm_lookup_user(char *name)
+-{
+- struct ksmbd_user *user, *ret;
+-
+- if (!name)
+- return NULL;
+-
+- g_rw_lock_reader_lock(&users_table_lock);
+- user = __usm_lookup_user(name);
+- if (user) {
+- ret = get_ksmbd_user(user);
+- if (!ret)
+- user = NULL;
+- }
+- g_rw_lock_reader_unlock(&users_table_lock);
+- return user;
+-}
+-
+-int usm_add_new_user(char *name, char *pwd)
+-{
+- int ret = 0;
+- struct ksmbd_user *user = new_ksmbd_user(name, pwd);
+-
+- if (!user) {
+- free(name);
+- free(pwd);
+- return -ENOMEM;
+- }
+-
+- g_rw_lock_writer_lock(&users_table_lock);
+- if (__usm_lookup_user(name)) {
+- g_rw_lock_writer_unlock(&users_table_lock);
+- pr_info("User `%s' already exists\n", name);
+- kill_ksmbd_user(user);
+- return 0;
+- }
+-
+- pr_debug("New user `%s'\n", user->name);
+- if (!g_hash_table_insert(users_table, user->name, user)) {
+- kill_ksmbd_user(user);
+- ret = -EINVAL;
+- }
+- g_rw_lock_writer_unlock(&users_table_lock);
+- return ret;
+-}
+-
+-int usm_add_update_user_from_pwdentry(char *data)
+-{
+- struct ksmbd_user *user;
+- char *name;
+- char *pwd;
+- char *pos = strchr(data, ':');
+- int ret;
+-
+- if (!pos) {
+- pr_err("Invalid pwd entry: %s\n", data);
+- return -EINVAL;
+- }
+-
+- *pos = 0x00;
+- name = g_strdup(data);
+- pwd = g_strdup(pos + 1);
+-
+- if (!name || !pwd) {
+- free(name);
+- free(pwd);
+- return -ENOMEM;
+- }
+-
+- user = usm_lookup_user(name);
+- if (user) {
+- ret = usm_update_user_password(user, pwd);
+- put_ksmbd_user(user);
+-
+- free(name);
+- free(pwd);
+- return ret;
+- }
+- return usm_add_new_user(name, pwd);
+-}
+-
+-int usm_add_subauth_global_conf(char *data)
+-{
+- char *pos = data;
+- char *spos;
+-
+- if (!pos)
+- return -EINVAL;
+-
+- spos = strchr(pos, ':');
+- if (!spos) {
+- pr_err("Invalid subauth entry: %s\n", data);
+- return -EINVAL;
+- }
+-
+- *spos = 0x00;
+- global_conf.gen_subauth[0] = atoi(pos);
+- pos = spos + 1;
+-
+- spos = strchr(pos, ':');
+- if (!spos) {
+- pr_err("Invalid subauth entry: %s\n", data);
+- return -EINVAL;
+- }
+- *spos = 0x00;
+- global_conf.gen_subauth[1] = atoi(pos);
+- global_conf.gen_subauth[2] = atoi(spos + 1);
+-
+- return 0;
+-}
+-
+-void for_each_ksmbd_user(walk_users cb, gpointer user_data)
+-{
+- g_rw_lock_reader_lock(&users_table_lock);
+- g_hash_table_foreach(users_table, cb, user_data);
+- g_rw_lock_reader_unlock(&users_table_lock);
+-}
+-
+-int usm_update_user_password(struct ksmbd_user *user, char *pswd)
+-{
+- size_t pass_sz;
+- char *pass_b64 = g_strdup(pswd);
+- char *pass = base64_decode(pass_b64, &pass_sz);
+-
+- if (!pass_b64 || !pass) {
+- free(pass_b64);
+- free(pass);
+- pr_err("Out of memory\n");
+- return -ENOMEM;
+- }
+-
+- pr_debug("Update user password: %s\n", user->name);
+- g_rw_lock_writer_lock(&user->update_lock);
+- free(user->pass_b64);
+- free(user->pass);
+- user->pass_b64 = pass_b64;
+- user->pass = pass;
+- user->pass_sz = (int)pass_sz;
+- g_rw_lock_writer_unlock(&user->update_lock);
+-
+- return 0;
+-}
+-
+-static int usm_copy_user_passhash(struct ksmbd_user *user,
+- char *pass,
+- size_t sz)
+-{
+- int ret = -ENOSPC;
+-
+- if (test_user_flag(user, KSMBD_USER_FLAG_GUEST_ACCOUNT))
+- return 0;
+-
+- g_rw_lock_reader_lock(&user->update_lock);
+- if (sz >= user->pass_sz) {
+- memcpy(pass, user->pass, user->pass_sz);
+- ret = user->pass_sz;
+- }
+- g_rw_lock_reader_unlock(&user->update_lock);
+-
+- return ret;
+-}
+-
+-static int usm_copy_user_account(struct ksmbd_user *user,
+- char *account,
+- size_t sz)
+-{
+- int account_sz;
+-
+- if (test_user_flag(user, KSMBD_USER_FLAG_GUEST_ACCOUNT))
+- return 0;
+-
+- account_sz = strlen(user->name);
+- if (sz >= account_sz) {
+- memcpy(account, user->name, account_sz);
+- return 0;
+- }
+- pr_err("Cannot copy user data, buffer overrun\n");
+- return -ENOSPC;
+-}
+-
+-static void __handle_login_request(struct ksmbd_login_response *resp,
+- struct ksmbd_user *user)
+-{
+- int hash_sz;
+-
+- resp->gid = user->gid;
+- resp->uid = user->uid;
+- resp->status = user->flags;
+- resp->status |= KSMBD_USER_FLAG_OK;
+-
+- hash_sz = usm_copy_user_passhash(user,
+- resp->hash,
+- sizeof(resp->hash));
+- if (hash_sz < 0) {
+- resp->status = KSMBD_USER_FLAG_INVALID;
+- } else {
+- resp->hash_sz = (unsigned short)hash_sz;
+- if (usm_copy_user_account(user,
+- resp->account,
+- sizeof(resp->account)))
+- resp->status = KSMBD_USER_FLAG_INVALID;
+- }
+-}
+-
+-int usm_handle_login_request(struct ksmbd_login_request *req,
+- struct ksmbd_login_response *resp)
+-{
+- struct ksmbd_user *user = NULL;
+- int null_session = 0;
+-
+- if (req->account[0] == '\0')
+- null_session = 1;
+-
+- if (!null_session)
+- user = usm_lookup_user(req->account);
+- if (user) {
+- __handle_login_request(resp, user);
+- put_ksmbd_user(user);
+- return 0;
+- }
+-
+- resp->status = KSMBD_USER_FLAG_BAD_USER;
+- if (!null_session &&
+- global_conf.map_to_guest == KSMBD_CONF_MAP_TO_GUEST_NEVER)
+- return 0;
+-
+- if (null_session ||
+- global_conf.map_to_guest == KSMBD_CONF_MAP_TO_GUEST_BAD_USER)
+- user = usm_lookup_user(global_conf.guest_account);
+-
+- if (!user)
+- return 0;
+-
+- __handle_login_request(resp, user);
+- put_ksmbd_user(user);
+- return 0;
+-}
+-
+-int usm_handle_logout_request(struct ksmbd_logout_request *req)
+-{
+- struct ksmbd_user *user;
+-
+- user = usm_lookup_user(req->account);
+- if (!user)
+- return -ENOENT;
+-
+- if (req->account_flags & KSMBD_USER_FLAG_BAD_PASSWORD) {
+- if (user->failed_login_count < 10)
+- user->failed_login_count++;
+- else
+- user->flags |= KSMBD_USER_FLAG_DELAY_SESSION;
+- } else {
+- user->failed_login_count = 0;
+- user->flags &= ~KSMBD_USER_FLAG_DELAY_SESSION;
+- }
+-
+- put_ksmbd_user(user);
+- return 0;
+-}
+--- /dev/null
++++ b/tools/management/user.c
+@@ -0,0 +1,412 @@
++// SPDX-License-Identifier: GPL-2.0-or-later
++/*
++ * Copyright (C) 2018 Samsung Electronics Co., Ltd.
++ *
++ * linux-cifsd-devel@lists.sourceforge.net
++ */
++
++#include <stdlib.h>
++#include <string.h>
++#include <glib.h>
++
++#include "linux/ksmbd_server.h"
++#include "management/user.h"
++#include "tools.h"
++
++#define KSMBD_USER_STATE_FREEING 1
++
++static GHashTable *users_table;
++static GRWLock users_table_lock;
++
++static void kill_ksmbd_user(struct ksmbd_user *user)
++{
++ pr_debug("Kill user `%s'\n", user->name);
++
++ free(user->name);
++ free(user->pass_b64);
++ free(user->pass);
++ g_rw_lock_clear(&user->update_lock);
++ g_free(user);
++}
++
++static int __usm_remove_user(struct ksmbd_user *user)
++{
++ int ret = 0;
++
++ if (user->state != KSMBD_USER_STATE_FREEING) {
++ g_rw_lock_writer_lock(&users_table_lock);
++ if (!g_hash_table_remove(users_table, user->name))
++ ret = -EINVAL;
++ g_rw_lock_writer_unlock(&users_table_lock);
++ }
++ if (!ret)
++ kill_ksmbd_user(user);
++ return ret;
++}
++
++struct ksmbd_user *get_ksmbd_user(struct ksmbd_user *user)
++{
++ g_rw_lock_writer_lock(&user->update_lock);
++ if (user->ref_count != 0) {
++ user->ref_count++;
++ g_rw_lock_writer_unlock(&user->update_lock);
++ } else {
++ g_rw_lock_writer_unlock(&user->update_lock);
++ user = NULL;
++ }
++ return user;
++}
++
++void put_ksmbd_user(struct ksmbd_user *user)
++{
++ int drop;
++
++ if (!user)
++ return;
++
++ g_rw_lock_writer_lock(&user->update_lock);
++ user->ref_count--;
++ drop = !user->ref_count;
++ g_rw_lock_writer_unlock(&user->update_lock);
++
++ if (!drop)
++ return;
++
++ __usm_remove_user(user);
++}
++
++static gboolean put_user_callback(gpointer _k, gpointer _v, gpointer data)
++{
++ struct ksmbd_user *user = (struct ksmbd_user *)_v;
++
++ user->state = KSMBD_USER_STATE_FREEING;
++ put_ksmbd_user(user);
++ return TRUE;
++}
++
++void usm_remove_all_users(void)
++{
++ g_rw_lock_writer_lock(&users_table_lock);
++ g_hash_table_foreach_remove(users_table, put_user_callback, NULL);
++ g_rw_lock_writer_unlock(&users_table_lock);
++}
++
++static struct ksmbd_user *new_ksmbd_user(char *name, char *pwd)
++{
++ struct ksmbd_user *user;
++ struct passwd *passwd;
++ size_t pass_sz;
++
++ user = g_try_malloc0(sizeof(struct ksmbd_user));
++ if (!user)
++ return NULL;
++
++ g_rw_lock_init(&user->update_lock);
++ user->name = name;
++ user->pass_b64 = pwd;
++ user->ref_count = 1;
++ user->gid = 9999;
++ user->uid = 9999;
++ passwd = getpwnam(name);
++ if (passwd) {
++ user->uid = passwd->pw_uid;
++ user->gid = passwd->pw_gid;
++ }
++
++ user->pass = base64_decode(user->pass_b64, &pass_sz);
++ user->pass_sz = (int)pass_sz;
++ return user;
++}
++
++static void free_hash_entry(gpointer k, gpointer u, gpointer user_data)
++{
++ kill_ksmbd_user(u);
++}
++
++static void usm_clear_users(void)
++{
++ g_hash_table_foreach(users_table, free_hash_entry, NULL);
++}
++
++void usm_destroy(void)
++{
++ if (users_table) {
++ usm_clear_users();
++ g_hash_table_destroy(users_table);
++ }
++ g_rw_lock_clear(&users_table_lock);
++}
++
++int usm_init(void)
++{
++ users_table = g_hash_table_new(g_str_hash, g_str_equal);
++ if (!users_table)
++ return -ENOMEM;
++ g_rw_lock_init(&users_table_lock);
++ return 0;
++}
++
++static struct ksmbd_user *__usm_lookup_user(char *name)
++{
++ return g_hash_table_lookup(users_table, name);
++}
++
++struct ksmbd_user *usm_lookup_user(char *name)
++{
++ struct ksmbd_user *user, *ret;
++
++ if (!name)
++ return NULL;
++
++ g_rw_lock_reader_lock(&users_table_lock);
++ user = __usm_lookup_user(name);
++ if (user) {
++ ret = get_ksmbd_user(user);
++ if (!ret)
++ user = NULL;
++ }
++ g_rw_lock_reader_unlock(&users_table_lock);
++ return user;
++}
++
++int usm_add_new_user(char *name, char *pwd)
++{
++ int ret = 0;
++ struct ksmbd_user *user = new_ksmbd_user(name, pwd);
++
++ if (!user) {
++ free(name);
++ free(pwd);
++ return -ENOMEM;
++ }
++
++ g_rw_lock_writer_lock(&users_table_lock);
++ if (__usm_lookup_user(name)) {
++ g_rw_lock_writer_unlock(&users_table_lock);
++ pr_info("User `%s' already exists\n", name);
++ kill_ksmbd_user(user);
++ return 0;
++ }
++
++ pr_debug("New user `%s'\n", user->name);
++ if (!g_hash_table_insert(users_table, user->name, user)) {
++ kill_ksmbd_user(user);
++ ret = -EINVAL;
++ }
++ g_rw_lock_writer_unlock(&users_table_lock);
++ return ret;
++}
++
++int usm_add_update_user_from_pwdentry(char *data)
++{
++ struct ksmbd_user *user;
++ char *name;
++ char *pwd;
++ char *pos = strchr(data, ':');
++ int ret;
++
++ if (!pos) {
++ pr_err("Invalid pwd entry: %s\n", data);
++ return -EINVAL;
++ }
++
++ *pos = 0x00;
++ name = g_strdup(data);
++ pwd = g_strdup(pos + 1);
++
++ if (!name || !pwd) {
++ free(name);
++ free(pwd);
++ return -ENOMEM;
++ }
++
++ user = usm_lookup_user(name);
++ if (user) {
++ ret = usm_update_user_password(user, pwd);
++ put_ksmbd_user(user);
++
++ free(name);
++ free(pwd);
++ return ret;
++ }
++ return usm_add_new_user(name, pwd);
++}
++
++int usm_add_subauth_global_conf(char *data)
++{
++ char *pos = data;
++ char *spos;
++
++ if (!pos)
++ return -EINVAL;
++
++ spos = strchr(pos, ':');
++ if (!spos) {
++ pr_err("Invalid subauth entry: %s\n", data);
++ return -EINVAL;
++ }
++
++ *spos = 0x00;
++ global_conf.gen_subauth[0] = atoi(pos);
++ pos = spos + 1;
++
++ spos = strchr(pos, ':');
++ if (!spos) {
++ pr_err("Invalid subauth entry: %s\n", data);
++ return -EINVAL;
++ }
++ *spos = 0x00;
++ global_conf.gen_subauth[1] = atoi(pos);
++ global_conf.gen_subauth[2] = atoi(spos + 1);
++
++ return 0;
++}
++
++void for_each_ksmbd_user(walk_users cb, gpointer user_data)
++{
++ g_rw_lock_reader_lock(&users_table_lock);
++ g_hash_table_foreach(users_table, cb, user_data);
++ g_rw_lock_reader_unlock(&users_table_lock);
++}
++
++int usm_update_user_password(struct ksmbd_user *user, char *pswd)
++{
++ size_t pass_sz;
++ char *pass_b64 = g_strdup(pswd);
++ char *pass = base64_decode(pass_b64, &pass_sz);
++
++ if (!pass_b64 || !pass) {
++ free(pass_b64);
++ free(pass);
++ pr_err("Out of memory\n");
++ return -ENOMEM;
++ }
++
++ pr_debug("Update user password: %s\n", user->name);
++ g_rw_lock_writer_lock(&user->update_lock);
++ free(user->pass_b64);
++ free(user->pass);
++ user->pass_b64 = pass_b64;
++ user->pass = pass;
++ user->pass_sz = (int)pass_sz;
++ g_rw_lock_writer_unlock(&user->update_lock);
++
++ return 0;
++}
++
++static int usm_copy_user_passhash(struct ksmbd_user *user,
++ char *pass,
++ size_t sz)
++{
++ int ret = -ENOSPC;
++
++ if (test_user_flag(user, KSMBD_USER_FLAG_GUEST_ACCOUNT))
++ return 0;
++
++ g_rw_lock_reader_lock(&user->update_lock);
++ if (sz >= user->pass_sz) {
++ memcpy(pass, user->pass, user->pass_sz);
++ ret = user->pass_sz;
++ }
++ g_rw_lock_reader_unlock(&user->update_lock);
++
++ return ret;
++}
++
++static int usm_copy_user_account(struct ksmbd_user *user,
++ char *account,
++ size_t sz)
++{
++ int account_sz;
++
++ if (test_user_flag(user, KSMBD_USER_FLAG_GUEST_ACCOUNT))
++ return 0;
++
++ account_sz = strlen(user->name);
++ if (sz >= account_sz) {
++ memcpy(account, user->name, account_sz);
++ return 0;
++ }
++ pr_err("Cannot copy user data, buffer overrun\n");
++ return -ENOSPC;
++}
++
++static void __handle_login_request(struct ksmbd_login_response *resp,
++ struct ksmbd_user *user)
++{
++ int hash_sz;
++
++ resp->gid = user->gid;
++ resp->uid = user->uid;
++ resp->status = user->flags;
++ resp->status |= KSMBD_USER_FLAG_OK;
++
++ hash_sz = usm_copy_user_passhash(user,
++ resp->hash,
++ sizeof(resp->hash));
++ if (hash_sz < 0) {
++ resp->status = KSMBD_USER_FLAG_INVALID;
++ } else {
++ resp->hash_sz = (unsigned short)hash_sz;
++ if (usm_copy_user_account(user,
++ resp->account,
++ sizeof(resp->account)))
++ resp->status = KSMBD_USER_FLAG_INVALID;
++ }
++}
++
++int usm_handle_login_request(struct ksmbd_login_request *req,
++ struct ksmbd_login_response *resp)
++{
++ struct ksmbd_user *user = NULL;
++ int null_session = 0;
++
++ if (req->account[0] == '\0')
++ null_session = 1;
++
++ if (!null_session)
++ user = usm_lookup_user(req->account);
++ if (user) {
++ __handle_login_request(resp, user);
++ put_ksmbd_user(user);
++ return 0;
++ }
++
++ resp->status = KSMBD_USER_FLAG_BAD_USER;
++ if (!null_session &&
++ global_conf.map_to_guest == KSMBD_CONF_MAP_TO_GUEST_NEVER)
++ return 0;
++
++ if (null_session ||
++ global_conf.map_to_guest == KSMBD_CONF_MAP_TO_GUEST_BAD_USER)
++ user = usm_lookup_user(global_conf.guest_account);
++
++ if (!user)
++ return 0;
++
++ __handle_login_request(resp, user);
++ put_ksmbd_user(user);
++ return 0;
++}
++
++int usm_handle_logout_request(struct ksmbd_logout_request *req)
++{
++ struct ksmbd_user *user;
++
++ user = usm_lookup_user(req->account);
++ if (!user)
++ return -ENOENT;
++
++ if (req->account_flags & KSMBD_USER_FLAG_BAD_PASSWORD) {
++ if (user->failed_login_count < 10)
++ user->failed_login_count++;
++ else
++ user->flags |= KSMBD_USER_FLAG_DELAY_SESSION;
++ } else {
++ user->failed_login_count = 0;
++ user->flags &= ~KSMBD_USER_FLAG_DELAY_SESSION;
++ }
++
++ put_ksmbd_user(user);
++ return 0;
++}
+--- a/lib/meson.build
++++ /dev/null
+@@ -1,31 +0,0 @@
+-core_files = [
+- 'management/tree_conn.c',
+- 'management/user.c',
+- 'management/share.c',
+- 'management/session.c',
+- 'config_parser.c',
+- 'ksmbdtools.c',
+-]
+-
+-if krb5_dep.found()
+- core_files += [
+- 'management/spnego.c',
+- 'asn1.c',
+- 'management/spnego_krb5.c',
+- ]
+-endif
+-
+-libksmbdtools = static_library(
+- 'ksmbdtools',
+- core_files,
+- include_directories: tools_incdir,
+- dependencies: [
+- glib_dep,
+- krb5_dep,
+- asn1_lib,
+- ],
+- c_args: [
+- '-DSYSCONFDIR="@0@"'.format(get_option('prefix') / get_option('sysconfdir')),
+- '-DRUNSTATEDIR="@0@"'.format(runstatedir),
+- ],
+-)
+--- /dev/null
++++ b/tools/meson.build
+@@ -0,0 +1,39 @@
++ksmbd_tools_files = [
++ 'management/tree_conn.c',
++ 'management/user.c',
++ 'management/share.c',
++ 'management/session.c',
++ 'config_parser.c',
++ 'tools.c',
++]
++
++if krb5_dep.found()
++ ksmbd_tools_files += [
++ 'management/spnego.c',
++ 'asn1.c',
++ 'management/spnego_krb5.c',
++ ]
++endif
++
++executable(
++ 'ksmbd.tools',
++ ksmbd_tools_files,
++ include_directories: include_dirs,
++ c_args: [
++ '-DSYSCONFDIR="@0@"'.format(get_option('prefix') / get_option('sysconfdir')),
++ '-DRUNSTATEDIR="@0@"'.format(runstatedir),
++ ],
++ dependencies: [
++ glib_dep,
++ krb5_dep,
++ asn1_lib,
++ ],
++ link_with: [
++ addshare_lib,
++ adduser_lib,
++ control_lib,
++ mountd_lib,
++ ],
++ install: true,
++ install_dir: get_option('libexecdir'),
++)
+--- a/lib/ksmbdtools.c
++++ /dev/null
+@@ -1,276 +0,0 @@
+-// SPDX-License-Identifier: GPL-2.0-or-later
+-/*
+- * Copyright (C) 2018 Samsung Electronics Co., Ltd.
+- *
+- * linux-cifsd-devel@lists.sourceforge.net
+- */
+-
+-#include <syslog.h>
+-
+-#include <unistd.h>
+-#include <sys/stat.h>
+-#include <fcntl.h>
+-
+-#include <stdio.h>
+-#include <ksmbdtools.h>
+-
+-int log_level = PR_INFO;
+-int ksmbd_health_status;
+-
+-static const char *app_name = "unknown";
+-static int log_open;
+-
+-typedef void (*logger)(int level, const char *fmt, va_list list);
+-
+-char *ksmbd_conv_charsets[KSMBD_CHARSET_MAX + 1] = {
+- "UTF-8",
+- "UTF-16LE",
+- "UCS-2LE",
+- "UTF-16BE",
+- "UCS-2BE",
+- "OOPS"
+-};
+-
+-static int syslog_level(int level)
+-{
+- if (level == PR_ERROR)
+- return LOG_ERR;
+- if (level == PR_INFO)
+- return LOG_INFO;
+- if (level == PR_DEBUG)
+- return LOG_DEBUG;
+-
+- return LOG_ERR;
+-}
+-
+-G_GNUC_PRINTF(2, 0)
+-static void __pr_log_stdio(int level, const char *fmt, va_list list)
+-{
+- char buf[1024];
+-
+- vsnprintf(buf, sizeof(buf), fmt, list);
+- printf("%s", buf);
+-}
+-
+-G_GNUC_PRINTF(2, 0)
+-static void __pr_log_syslog(int level, const char *fmt, va_list list)
+-{
+- vsyslog(syslog_level(level), fmt, list);
+-}
+-
+-static logger __logger = __pr_log_stdio;
+-
+-void set_logger_app_name(const char *an)
+-{
+- app_name = an;
+-}
+-
+-const char *get_logger_app_name(void)
+-{
+- return app_name;
+-}
+-
+-void __pr_log(int level, const char *fmt, ...)
+-{
+- va_list list;
+-
+- va_start(list, fmt);
+- __logger(level, fmt, list);
+- va_end(list);
+-}
+-
+-void pr_logger_init(int flag)
+-{
+- if (flag == PR_LOGGER_SYSLOG) {
+- if (log_open) {
+- closelog();
+- log_open = 0;
+- }
+- openlog("ksmbd", LOG_NDELAY, LOG_LOCAL5);
+- __logger = __pr_log_syslog;
+- log_open = 1;
+- }
+-}
+-
+-int set_log_level(int level)
+-{
+- int old_level;
+-
+- if (log_level == PR_DEBUG)
+- return log_level;
+-
+- old_level = log_level;
+- log_level = level;
+- return old_level;
+-}
+-
+-#if TRACING_DUMP_NL_MSG
+-#define PR_HEX_DUMP_WIDTH 160
+-void pr_hex_dump(const void *mem, size_t sz)
+-{
+- char xline[PR_HEX_DUMP_WIDTH];
+- char sline[PR_HEX_DUMP_WIDTH];
+- int xi = 0, si = 0, mi = 0;
+-
+- while (mi < sz) {
+- char c = *((char *)mem + mi);
+-
+- mi++;
+- xi += sprintf(xline + xi, "%02X ", 0xff & c);
+- if (c > ' ' && c < '~')
+- si += sprintf(sline + si, "%c", c);
+- else
+- si += sprintf(sline + si, ".");
+- if (xi >= PR_HEX_DUMP_WIDTH / 2) {
+- pr_err("%s %s\n", xline, sline);
+- xi = 0;
+- si = 0;
+- }
+- }
+-
+- if (xi) {
+- int sz = PR_HEX_DUMP_WIDTH / 2 - xi + 1;
+-
+- if (sz > 0) {
+- memset(xline + xi, ' ', sz);
+- xline[PR_HEX_DUMP_WIDTH / 2 + 1] = 0x00;
+- }
+- pr_err("%s %s\n", xline, sline);
+- }
+-}
+-#else
+-void pr_hex_dump(const void *mem, size_t sz)
+-{
+-}
+-#endif
+-
+-char *base64_encode(unsigned char *src, size_t srclen)
+-{
+- return g_base64_encode(src, srclen);
+-}
+-
+-unsigned char *base64_decode(char const *src, size_t *dstlen)
+-{
+- unsigned char *ret = g_base64_decode(src, dstlen);
+-
+- if (ret)
+- ret[*dstlen] = 0x00;
+- return ret;
+-}
+-
+-static int codeset_has_altname(int codeset)
+-{
+- if (codeset == KSMBD_CHARSET_UTF16LE ||
+- codeset == KSMBD_CHARSET_UTF16BE)
+- return 1;
+- return 0;
+-}
+-
+-gchar *ksmbd_gconvert(const gchar *str,
+- gssize str_len,
+- int to_codeset,
+- int from_codeset,
+- gsize *bytes_read,
+- gsize *bytes_written)
+-{
+- gchar *converted;
+- GError *err;
+-
+-retry:
+- err = NULL;
+- if (from_codeset >= KSMBD_CHARSET_MAX) {
+- pr_err("Unknown source codeset: %d\n", from_codeset);
+- return NULL;
+- }
+-
+- if (to_codeset >= KSMBD_CHARSET_MAX) {
+- pr_err("Unknown target codeset: %d\n", to_codeset);
+- return NULL;
+- }
+-
+- converted = g_convert(str,
+- str_len,
+- ksmbd_conv_charsets[to_codeset],
+- ksmbd_conv_charsets[from_codeset],
+- bytes_read,
+- bytes_written,
+- &err);
+- if (err) {
+- int has_altname = 0;
+-
+- if (codeset_has_altname(to_codeset)) {
+- to_codeset++;
+- has_altname = 1;
+- }
+-
+- if (codeset_has_altname(from_codeset)) {
+- from_codeset++;
+- has_altname = 1;
+- }
+-
+- pr_info("%s\n", err->message);
+- g_error_free(err);
+-
+- if (has_altname) {
+- pr_info("Will try `%s' and `%s'\n",
+- ksmbd_conv_charsets[to_codeset],
+- ksmbd_conv_charsets[from_codeset]);
+- goto retry;
+- }
+-
+- pr_err("Can't convert string: %s\n", err->message);
+- g_error_free(err);
+- return NULL;
+- }
+-
+- return converted;
+-}
+-
+-int send_signal_to_ksmbd_mountd(int signo)
+-{
+- int fd, ret = -EINVAL;
+- char pid_buf[10] = {0};
+- int pid;
+-
+- fd = open(KSMBD_LOCK_FILE, O_RDONLY);
+- if (fd < 0) {
+- pr_debug("Can't open `%s': %m\n", KSMBD_LOCK_FILE);
+- return ret;
+- }
+-
+- if (read(fd, &pid_buf, sizeof(pid_buf)) == -1) {
+- pr_err("Can't read manager PID: %m\n");
+- goto out;
+- }
+-
+- pid = strtol(pid_buf, NULL, 10);
+- if (signo)
+- pr_debug("Send signal %d (%s) to PID %d\n",
+- signo, strsignal(signo), pid);
+- if (kill(pid, signo) == -1) {
+- ret = -errno;
+- if (signo)
+- pr_err("Unable to send signal %d (%s) to PID %d: %m\n",
+- signo, strsignal(signo), pid);
+- goto out;
+- }
+-
+- ret = 0;
+-out:
+- close(fd);
+- return ret;
+-}
+-
+-int test_file_access(char *conf)
+-{
+- int fd;
+-
+- fd = open(conf, O_RDWR | O_CREAT, S_IRWXU | S_IRGRP);
+- if (fd < 0) {
+- pr_debug("Can't open `%s': %m\n", conf);
+- return -EINVAL;
+- }
+-
+- close(fd);
+- return 0;
+-}
+--- /dev/null
++++ b/tools/tools.c
+@@ -0,0 +1,301 @@
++// SPDX-License-Identifier: GPL-2.0-or-later
++/*
++ * Copyright (C) 2018 Samsung Electronics Co., Ltd.
++ *
++ * linux-cifsd-devel@lists.sourceforge.net
++ */
++
++#include <syslog.h>
++
++#include <unistd.h>
++#include <sys/stat.h>
++#include <fcntl.h>
++
++#include <stdio.h>
++#include <tools.h>
++
++int log_level = PR_INFO;
++int ksmbd_health_status;
++
++static const char *app_name = "unknown";
++static int log_open;
++
++typedef void (*logger)(int level, const char *fmt, va_list list);
++
++char *ksmbd_conv_charsets[KSMBD_CHARSET_MAX + 1] = {
++ "UTF-8",
++ "UTF-16LE",
++ "UCS-2LE",
++ "UTF-16BE",
++ "UCS-2BE",
++ "OOPS"
++};
++
++static int syslog_level(int level)
++{
++ if (level == PR_ERROR)
++ return LOG_ERR;
++ if (level == PR_INFO)
++ return LOG_INFO;
++ if (level == PR_DEBUG)
++ return LOG_DEBUG;
++
++ return LOG_ERR;
++}
++
++G_GNUC_PRINTF(2, 0)
++static void __pr_log_stdio(int level, const char *fmt, va_list list)
++{
++ char buf[1024];
++
++ vsnprintf(buf, sizeof(buf), fmt, list);
++ printf("%s", buf);
++}
++
++G_GNUC_PRINTF(2, 0)
++static void __pr_log_syslog(int level, const char *fmt, va_list list)
++{
++ vsyslog(syslog_level(level), fmt, list);
++}
++
++static logger __logger = __pr_log_stdio;
++
++void set_logger_app_name(const char *an)
++{
++ app_name = an;
++}
++
++const char *get_logger_app_name(void)
++{
++ return app_name;
++}
++
++void __pr_log(int level, const char *fmt, ...)
++{
++ va_list list;
++
++ va_start(list, fmt);
++ __logger(level, fmt, list);
++ va_end(list);
++}
++
++void pr_logger_init(int flag)
++{
++ if (flag == PR_LOGGER_SYSLOG) {
++ if (log_open) {
++ closelog();
++ log_open = 0;
++ }
++ openlog("ksmbd", LOG_NDELAY, LOG_LOCAL5);
++ __logger = __pr_log_syslog;
++ log_open = 1;
++ }
++}
++
++int set_log_level(int level)
++{
++ int old_level;
++
++ if (log_level == PR_DEBUG)
++ return log_level;
++
++ old_level = log_level;
++ log_level = level;
++ return old_level;
++}
++
++#if TRACING_DUMP_NL_MSG
++#define PR_HEX_DUMP_WIDTH 160
++void pr_hex_dump(const void *mem, size_t sz)
++{
++ char xline[PR_HEX_DUMP_WIDTH];
++ char sline[PR_HEX_DUMP_WIDTH];
++ int xi = 0, si = 0, mi = 0;
++
++ while (mi < sz) {
++ char c = *((char *)mem + mi);
++
++ mi++;
++ xi += sprintf(xline + xi, "%02X ", 0xff & c);
++ if (c > ' ' && c < '~')
++ si += sprintf(sline + si, "%c", c);
++ else
++ si += sprintf(sline + si, ".");
++ if (xi >= PR_HEX_DUMP_WIDTH / 2) {
++ pr_err("%s %s\n", xline, sline);
++ xi = 0;
++ si = 0;
++ }
++ }
++
++ if (xi) {
++ int sz = PR_HEX_DUMP_WIDTH / 2 - xi + 1;
++
++ if (sz > 0) {
++ memset(xline + xi, ' ', sz);
++ xline[PR_HEX_DUMP_WIDTH / 2 + 1] = 0x00;
++ }
++ pr_err("%s %s\n", xline, sline);
++ }
++}
++#else
++void pr_hex_dump(const void *mem, size_t sz)
++{
++}
++#endif
++
++char *base64_encode(unsigned char *src, size_t srclen)
++{
++ return g_base64_encode(src, srclen);
++}
++
++unsigned char *base64_decode(char const *src, size_t *dstlen)
++{
++ unsigned char *ret = g_base64_decode(src, dstlen);
++
++ if (ret)
++ ret[*dstlen] = 0x00;
++ return ret;
++}
++
++static int codeset_has_altname(int codeset)
++{
++ if (codeset == KSMBD_CHARSET_UTF16LE ||
++ codeset == KSMBD_CHARSET_UTF16BE)
++ return 1;
++ return 0;
++}
++
++gchar *ksmbd_gconvert(const gchar *str,
++ gssize str_len,
++ int to_codeset,
++ int from_codeset,
++ gsize *bytes_read,
++ gsize *bytes_written)
++{
++ gchar *converted;
++ GError *err;
++
++retry:
++ err = NULL;
++ if (from_codeset >= KSMBD_CHARSET_MAX) {
++ pr_err("Unknown source codeset: %d\n", from_codeset);
++ return NULL;
++ }
++
++ if (to_codeset >= KSMBD_CHARSET_MAX) {
++ pr_err("Unknown target codeset: %d\n", to_codeset);
++ return NULL;
++ }
++
++ converted = g_convert(str,
++ str_len,
++ ksmbd_conv_charsets[to_codeset],
++ ksmbd_conv_charsets[from_codeset],
++ bytes_read,
++ bytes_written,
++ &err);
++ if (err) {
++ int has_altname = 0;
++
++ if (codeset_has_altname(to_codeset)) {
++ to_codeset++;
++ has_altname = 1;
++ }
++
++ if (codeset_has_altname(from_codeset)) {
++ from_codeset++;
++ has_altname = 1;
++ }
++
++ pr_info("%s\n", err->message);
++ g_error_free(err);
++
++ if (has_altname) {
++ pr_info("Will try `%s' and `%s'\n",
++ ksmbd_conv_charsets[to_codeset],
++ ksmbd_conv_charsets[from_codeset]);
++ goto retry;
++ }
++
++ pr_err("Can't convert string: %s\n", err->message);
++ g_error_free(err);
++ return NULL;
++ }
++
++ return converted;
++}
++
++int send_signal_to_ksmbd_mountd(int signo)
++{
++ int fd, ret = -EINVAL;
++ char pid_buf[10] = {0};
++ int pid;
++
++ fd = open(KSMBD_LOCK_FILE, O_RDONLY);
++ if (fd < 0) {
++ pr_debug("Can't open `%s': %m\n", KSMBD_LOCK_FILE);
++ return ret;
++ }
++
++ if (read(fd, &pid_buf, sizeof(pid_buf)) == -1) {
++ pr_err("Can't read manager PID: %m\n");
++ goto out;
++ }
++
++ pid = strtol(pid_buf, NULL, 10);
++ if (signo)
++ pr_debug("Send signal %d (%s) to PID %d\n",
++ signo, strsignal(signo), pid);
++ if (kill(pid, signo) == -1) {
++ ret = -errno;
++ if (signo)
++ pr_err("Unable to send signal %d (%s) to PID %d: %m\n",
++ signo, strsignal(signo), pid);
++ goto out;
++ }
++
++ ret = 0;
++out:
++ close(fd);
++ return ret;
++}
++
++int test_file_access(char *conf)
++{
++ int fd;
++
++ fd = open(conf, O_RDWR | O_CREAT, S_IRWXU | S_IRGRP);
++ if (fd < 0) {
++ pr_debug("Can't open `%s': %m\n", conf);
++ return -EINVAL;
++ }
++
++ close(fd);
++ return 0;
++}
++
++int main(int argc, char **argv)
++{
++ char *base_name;
++
++ set_logger_app_name("ksmbd.tools");
++
++ if (!*argv)
++ return EXIT_FAILURE;
++
++ base_name = strrchr(*argv, '/');
++ base_name = base_name ? base_name + 1 : *argv;
++
++ if (!strcmp(base_name, "ksmbd.addshare"))
++ return addshare_main(argc, argv);
++ if (!strcmp(base_name, "ksmbd.adduser"))
++ return adduser_main(argc, argv);
++ if (!strcmp(base_name, "ksmbd.control"))
++ return control_main(argc, argv);
++ if (!strcmp(base_name, "ksmbd.mountd"))
++ return mountd_main(argc, argv);
++
++ pr_err("Unknown base name: %s\n", base_name);
++ return EXIT_FAILURE;
++}
+--- a/lib/asn1.c
++++ /dev/null
+@@ -1,391 +0,0 @@
+-// SPDX-License-Identifier: GPL-2.0-or-later
+-/*
+- * The ASB.1/BER parsing code is derived from ip_nat_snmp_basic.c which was in
+- * turn derived from the gxsnmp package by Gregory McLean & Jochen Friedrich
+- *
+- * Copyright (c) 2000 RP Internet (www.rpi.net.au).
+- */
+-
+-/*****************************************************************************
+- *
+- * Basic ASN.1 decoding routines (gxsnmp author Dirk Wisse)
+- *
+- *****************************************************************************/
+-#include <stdlib.h>
+-#include <limits.h>
+-#include <string.h>
+-#include <errno.h>
+-#include <glib.h>
+-
+-#include "asn1.h"
+-
+-void
+-asn1_open(struct asn1_ctx *ctx, unsigned char *buf, unsigned int len)
+-{
+- ctx->begin = buf;
+- ctx->end = buf + len;
+- ctx->pointer = buf;
+- ctx->error = ASN1_ERR_NOERROR;
+-}
+-
+-static unsigned char
+-asn1_octet_decode(struct asn1_ctx *ctx, unsigned char *ch)
+-{
+- if (ctx->pointer >= ctx->end) {
+- ctx->error = ASN1_ERR_DEC_EMPTY;
+- return 0;
+- }
+- *ch = *(ctx->pointer)++;
+- return 1;
+-}
+-
+-static unsigned char
+-asn1_tag_decode(struct asn1_ctx *ctx, unsigned int *tag)
+-{
+- unsigned char ch;
+-
+- *tag = 0;
+-
+- do {
+- if (!asn1_octet_decode(ctx, &ch))
+- return 0;
+- *tag <<= 7;
+- *tag |= ch & 0x7F;
+- } while ((ch & 0x80) == 0x80);
+- return 1;
+-}
+-
+-static unsigned char
+-asn1_id_decode(struct asn1_ctx *ctx,
+- unsigned int *cls, unsigned int *con, unsigned int *tag)
+-{
+- unsigned char ch;
+-
+- if (!asn1_octet_decode(ctx, &ch))
+- return 0;
+-
+- *cls = (ch & 0xC0) >> 6;
+- *con = (ch & 0x20) >> 5;
+- *tag = (ch & 0x1F);
+-
+- if (*tag == 0x1F) {
+- if (!asn1_tag_decode(ctx, tag))
+- return 0;
+- }
+- return 1;
+-}
+-
+-static unsigned char
+-asn1_length_decode(struct asn1_ctx *ctx, unsigned int *def, unsigned int *len)
+-{
+- unsigned char ch, cnt;
+-
+- if (!asn1_octet_decode(ctx, &ch))
+- return 0;
+-
+- if (ch == 0x80)
+- *def = 0;
+- else {
+- *def = 1;
+-
+- if (ch < 0x80)
+- *len = ch;
+- else {
+- cnt = (unsigned char) (ch & 0x7F);
+- *len = 0;
+-
+- while (cnt > 0) {
+- if (!asn1_octet_decode(ctx, &ch))
+- return 0;
+- *len <<= 8;
+- *len |= ch;
+- cnt--;
+- }
+- }
+- }
+-
+- /* don't trust len bigger than ctx buffer */
+- if (*len > ctx->end - ctx->pointer)
+- return 0;
+-
+- return 1;
+-}
+-
+-unsigned char
+-asn1_header_decode(struct asn1_ctx *ctx,
+- unsigned char **eoc,
+- unsigned int *cls, unsigned int *con, unsigned int *tag)
+-{
+- unsigned int def = 0;
+- unsigned int len = 0;
+-
+- if (!asn1_id_decode(ctx, cls, con, tag))
+- return 0;
+-
+- if (!asn1_length_decode(ctx, &def, &len))
+- return 0;
+-
+- /* primitive shall be definite, indefinite shall be constructed */
+- if (*con == ASN1_PRI && !def)
+- return 0;
+-
+- if (def)
+- *eoc = ctx->pointer + len;
+- else
+- *eoc = NULL;
+- return 1;
+-}
+-
+-static unsigned char
+-asn1_eoc_decode(struct asn1_ctx *ctx, unsigned char *eoc)
+-{
+- unsigned char ch;
+-
+- if (eoc == NULL) {
+- if (!asn1_octet_decode(ctx, &ch))
+- return 0;
+-
+- if (ch != 0x00) {
+- ctx->error = ASN1_ERR_DEC_EOC_MISMATCH;
+- return 0;
+- }
+-
+- if (!asn1_octet_decode(ctx, &ch))
+- return 0;
+-
+- if (ch != 0x00) {
+- ctx->error = ASN1_ERR_DEC_EOC_MISMATCH;
+- return 0;
+- }
+- return 1;
+- }
+-
+- if (ctx->pointer != eoc) {
+- ctx->error = ASN1_ERR_DEC_LENGTH_MISMATCH;
+- return 0;
+- }
+- return 1;
+-}
+-
+-unsigned char
+-asn1_octets_decode(struct asn1_ctx *ctx,
+- unsigned char *eoc,
+- unsigned char **octets, unsigned int *len)
+-{
+- unsigned char *ptr;
+-
+- *len = 0;
+-
+- *octets = malloc(eoc - ctx->pointer);
+- if (*octets == NULL)
+- return 0;
+-
+- ptr = *octets;
+- while (ctx->pointer < eoc) {
+- if (!asn1_octet_decode(ctx, (unsigned char *) ptr++)) {
+- free(*octets);
+- *octets = NULL;
+- return 0;
+- }
+- (*len)++;
+- }
+- return 1;
+-}
+-
+-unsigned char asn1_read(struct asn1_ctx *ctx,
+- unsigned char **buf, unsigned int len)
+-{
+- *buf = NULL;
+- if (ctx->end - ctx->pointer < len) {
+- ctx->error = ASN1_ERR_DEC_EMPTY;
+- return 0;
+- }
+-
+- *buf = malloc(len);
+- if (!*buf)
+- return 0;
+- memcpy(*buf, ctx->pointer, len);
+- ctx->pointer += len;
+- return 1;
+-}
+-
+-static unsigned char
+-asn1_subid_decode(struct asn1_ctx *ctx, unsigned long *subid)
+-{
+- unsigned char ch;
+-
+- *subid = 0;
+-
+- do {
+- if (!asn1_octet_decode(ctx, &ch))
+- return 0;
+-
+- *subid <<= 7;
+- *subid |= ch & 0x7F;
+- } while ((ch & 0x80) == 0x80);
+- return 1;
+-}
+-
+-int
+-asn1_oid_decode(struct asn1_ctx *ctx,
+- unsigned char *eoc, unsigned long **oid, unsigned int *len)
+-{
+- unsigned long subid;
+- unsigned int size;
+- unsigned long *optr;
+-
+- size = eoc - ctx->pointer + 1;
+-
+- /* first subid actually encodes first two subids */
+- if (size < 2 || size > UINT_MAX/sizeof(unsigned long))
+- return 0;
+-
+- *oid = g_try_malloc0_n(size, sizeof(unsigned long));
+- if (*oid == NULL)
+- return 0;
+-
+- optr = *oid;
+-
+- if (!asn1_subid_decode(ctx, &subid)) {
+- g_free(*oid);
+- *oid = NULL;
+- return 0;
+- }
+-
+- if (subid < 40) {
+- optr[0] = 0;
+- optr[1] = subid;
+- } else if (subid < 80) {
+- optr[0] = 1;
+- optr[1] = subid - 40;
+- } else {
+- optr[0] = 2;
+- optr[1] = subid - 80;
+- }
+-
+- *len = 2;
+- optr += 2;
+-
+- while (ctx->pointer < eoc) {
+- if (++(*len) > size) {
+- ctx->error = ASN1_ERR_DEC_BADVALUE;
+- g_free(*oid);
+- *oid = NULL;
+- return 0;
+- }
+-
+- if (!asn1_subid_decode(ctx, optr++)) {
+- g_free(*oid);
+- *oid = NULL;
+- return 0;
+- }
+- }
+- return 1;
+-}
+-
+-/* return the size of @depth-nested headers + payload */
+-int asn1_header_len(unsigned int payload_len, int depth)
+-{
+- unsigned int len;
+- int i;
+-
+- len = payload_len;
+- for (i = 0; i < depth; i++) {
+- /* length */
+- if (len >= (1 << 24))
+- len += 5;
+- else if (len >= (1 << 16))
+- len += 4;
+- else if (len >= (1 << 8))
+- len += 3;
+- else if (len >= (1 << 7))
+- len += 2;
+- else
+- len += 1;
+- /* 1-byte header */
+- len += 1;
+- }
+- return len;
+-}
+-
+-int asn1_oid_encode(const unsigned long *in_oid, int in_len,
+- unsigned char **out_oid, int *out_len)
+-{
+- unsigned char *oid;
+- unsigned long id;
+- int i;
+-
+- *out_oid = g_try_malloc0_n(in_len, 5);
+- if (*out_oid == NULL)
+- return -ENOMEM;
+-
+- oid = *out_oid;
+- *oid++ = (unsigned char)(40 * in_oid[0] + in_oid[1]);
+- for (i = 2; i < in_len; i++) {
+- id = in_oid[i];
+- if (id >= (1 << 28))
+- *oid++ = (0x80 | ((id>>28) & 0x7F));
+- if (id >= (1 << 21))
+- *oid++ = (0x80 | ((id>>21) & 0x7F));
+- if (id >= (1 << 14))
+- *oid++ = (0x80 | ((id>>14) & 0x7F));
+- if (id >= (1 << 7))
+- *oid++ = (0x80 | ((id>>7) & 0x7F));
+- *oid++ = id & 0x7F;
+- }
+- *out_len = (int)(oid - *out_oid);
+- return 0;
+-}
+-
+-/*
+- * @len is the sum of all sizes of header, length and payload.
+- * it will be decreased by the sum of sizes of header and length.
+- */
+-int asn1_header_encode(unsigned char **buf,
+- unsigned int cls, unsigned int con, unsigned int tag,
+- unsigned int *len)
+-{
+- unsigned char *loc;
+- unsigned int r_len;
+-
+- /* at least, 1-byte header + 1-byte length is needed. */
+- if (*len < 2)
+- return -EINVAL;
+-
+- loc = *buf;
+- r_len = *len;
+-
+- *loc++ = ((cls & 0x3) << 6) | ((con & 0x1) << 5) | (tag & 0x1F);
+- r_len -= 1;
+-
+- if (r_len - 1 < (1 << 7)) {
+- r_len -= 1;
+- *loc++ = (unsigned char)(r_len & 0x7F);
+- } else if (r_len - 2 < (1 << 8)) {
+- r_len -= 2;
+- *loc++ = 0x81;
+- *loc++ = (unsigned char)(r_len & 0xFF);
+- } else if (r_len - 3 < (1 << 16)) {
+- r_len -= 3;
+- *loc++ = 0x82;
+- *loc++ = (unsigned char)((r_len>>8) & 0xFF);
+- *loc++ = (unsigned char)(r_len & 0xFF);
+- } else if (r_len - 4 < (1 << 24)) {
+- r_len -= 4;
+- *loc++ = 0x83;
+- *loc++ = (unsigned char)((r_len>>16) & 0xFF);
+- *loc++ = (unsigned char)((r_len>>8) & 0xFF);
+- *loc++ = (unsigned char)(r_len & 0xFF);
+- } else {
+- r_len -= 5;
+- *loc++ = 0x84;
+- *loc++ = (unsigned char)((r_len>>24) & 0xFF);
+- *loc++ = (unsigned char)((r_len>>16) & 0xFF);
+- *loc++ = (unsigned char)((r_len>>8) & 0xFF);
+- *loc++ = (unsigned char)(r_len & 0xFF);
+- }
+-
+- *buf = loc;
+- *len = r_len;
+- return 0;
+-}
+--- a/lib/management/spnego_mech.h
++++ /dev/null
+@@ -1,48 +0,0 @@
+-/* SPDX-License-Identifier: GPL-2.0-or-later */
+-/*
+- * Copyright (C) 2020 LG Electronics
+- *
+- * linux-cifsd-devel@lists.sourceforge.net
+- */
+-
+-#ifndef _SPNEGO_MECH_H_
+-#define _SPNEGO_MECH_H_
+-
+-enum {
+- SPNEGO_MECH_MSKRB5 = 0,
+- SPNEGO_MECH_KRB5,
+- SPNEGO_MAX_MECHS,
+-};
+-
+-struct spnego_mech_ctx;
+-
+-typedef int (*spnego_encode_t)(char *in_blob, int in_len,
+- const unsigned long *oid, int oid_len,
+- char **out_blob, int *out_len);
+-
+-struct spnego_mech_operations {
+- int (*setup)(struct spnego_mech_ctx *mech_ctx);
+- void (*cleanup)(struct spnego_mech_ctx *mech_ctx);
+- int (*handle_authen)(struct spnego_mech_ctx *mech_ctx,
+- char *in_blob, unsigned int in_len,
+- struct ksmbd_spnego_auth_out *auth_out,
+- spnego_encode_t encode);
+-};
+-
+-struct spnego_mech_ctx {
+- const unsigned long *oid;
+- int oid_len;
+- void *private;
+- union {
+- struct {
+- void *keytab_name;
+- void *service_name;
+- } krb5;
+- } params;
+- struct spnego_mech_operations *ops;
+-};
+-
+-extern struct spnego_mech_operations spnego_krb5_operations;
+-extern struct spnego_mech_operations spnego_mskrb5_operations;
+-
+-#endif
+--- /dev/null
++++ b/tools/asn1.c
+@@ -0,0 +1,391 @@
++// SPDX-License-Identifier: GPL-2.0-or-later
++/*
++ * The ASB.1/BER parsing code is derived from ip_nat_snmp_basic.c which was in
++ * turn derived from the gxsnmp package by Gregory McLean & Jochen Friedrich
++ *
++ * Copyright (c) 2000 RP Internet (www.rpi.net.au).
++ */
++
++/*****************************************************************************
++ *
++ * Basic ASN.1 decoding routines (gxsnmp author Dirk Wisse)
++ *
++ *****************************************************************************/
++#include <stdlib.h>
++#include <limits.h>
++#include <string.h>
++#include <errno.h>
++#include <glib.h>
++
++#include "asn1.h"
++
++void
++asn1_open(struct asn1_ctx *ctx, unsigned char *buf, unsigned int len)
++{
++ ctx->begin = buf;
++ ctx->end = buf + len;
++ ctx->pointer = buf;
++ ctx->error = ASN1_ERR_NOERROR;
++}
++
++static unsigned char
++asn1_octet_decode(struct asn1_ctx *ctx, unsigned char *ch)
++{
++ if (ctx->pointer >= ctx->end) {
++ ctx->error = ASN1_ERR_DEC_EMPTY;
++ return 0;
++ }
++ *ch = *(ctx->pointer)++;
++ return 1;
++}
++
++static unsigned char
++asn1_tag_decode(struct asn1_ctx *ctx, unsigned int *tag)
++{
++ unsigned char ch;
++
++ *tag = 0;
++
++ do {
++ if (!asn1_octet_decode(ctx, &ch))
++ return 0;
++ *tag <<= 7;
++ *tag |= ch & 0x7F;
++ } while ((ch & 0x80) == 0x80);
++ return 1;
++}
++
++static unsigned char
++asn1_id_decode(struct asn1_ctx *ctx,
++ unsigned int *cls, unsigned int *con, unsigned int *tag)
++{
++ unsigned char ch;
++
++ if (!asn1_octet_decode(ctx, &ch))
++ return 0;
++
++ *cls = (ch & 0xC0) >> 6;
++ *con = (ch & 0x20) >> 5;
++ *tag = (ch & 0x1F);
++
++ if (*tag == 0x1F) {
++ if (!asn1_tag_decode(ctx, tag))
++ return 0;
++ }
++ return 1;
++}
++
++static unsigned char
++asn1_length_decode(struct asn1_ctx *ctx, unsigned int *def, unsigned int *len)
++{
++ unsigned char ch, cnt;
++
++ if (!asn1_octet_decode(ctx, &ch))
++ return 0;
++
++ if (ch == 0x80)
++ *def = 0;
++ else {
++ *def = 1;
++
++ if (ch < 0x80)
++ *len = ch;
++ else {
++ cnt = (unsigned char) (ch & 0x7F);
++ *len = 0;
++
++ while (cnt > 0) {
++ if (!asn1_octet_decode(ctx, &ch))
++ return 0;
++ *len <<= 8;
++ *len |= ch;
++ cnt--;
++ }
++ }
++ }
++
++ /* don't trust len bigger than ctx buffer */
++ if (*len > ctx->end - ctx->pointer)
++ return 0;
++
++ return 1;
++}
++
++unsigned char
++asn1_header_decode(struct asn1_ctx *ctx,
++ unsigned char **eoc,
++ unsigned int *cls, unsigned int *con, unsigned int *tag)
++{
++ unsigned int def = 0;
++ unsigned int len = 0;
++
++ if (!asn1_id_decode(ctx, cls, con, tag))
++ return 0;
++
++ if (!asn1_length_decode(ctx, &def, &len))
++ return 0;
++
++ /* primitive shall be definite, indefinite shall be constructed */
++ if (*con == ASN1_PRI && !def)
++ return 0;
++
++ if (def)
++ *eoc = ctx->pointer + len;
++ else
++ *eoc = NULL;
++ return 1;
++}
++
++static unsigned char
++asn1_eoc_decode(struct asn1_ctx *ctx, unsigned char *eoc)
++{
++ unsigned char ch;
++
++ if (eoc == NULL) {
++ if (!asn1_octet_decode(ctx, &ch))
++ return 0;
++
++ if (ch != 0x00) {
++ ctx->error = ASN1_ERR_DEC_EOC_MISMATCH;
++ return 0;
++ }
++
++ if (!asn1_octet_decode(ctx, &ch))
++ return 0;
++
++ if (ch != 0x00) {
++ ctx->error = ASN1_ERR_DEC_EOC_MISMATCH;
++ return 0;
++ }
++ return 1;
++ }
++
++ if (ctx->pointer != eoc) {
++ ctx->error = ASN1_ERR_DEC_LENGTH_MISMATCH;
++ return 0;
++ }
++ return 1;
++}
++
++unsigned char
++asn1_octets_decode(struct asn1_ctx *ctx,
++ unsigned char *eoc,
++ unsigned char **octets, unsigned int *len)
++{
++ unsigned char *ptr;
++
++ *len = 0;
++
++ *octets = malloc(eoc - ctx->pointer);
++ if (*octets == NULL)
++ return 0;
++
++ ptr = *octets;
++ while (ctx->pointer < eoc) {
++ if (!asn1_octet_decode(ctx, (unsigned char *) ptr++)) {
++ free(*octets);
++ *octets = NULL;
++ return 0;
++ }
++ (*len)++;
++ }
++ return 1;
++}
++
++unsigned char asn1_read(struct asn1_ctx *ctx,
++ unsigned char **buf, unsigned int len)
++{
++ *buf = NULL;
++ if (ctx->end - ctx->pointer < len) {
++ ctx->error = ASN1_ERR_DEC_EMPTY;
++ return 0;
++ }
++
++ *buf = malloc(len);
++ if (!*buf)
++ return 0;
++ memcpy(*buf, ctx->pointer, len);
++ ctx->pointer += len;
++ return 1;
++}
++
++static unsigned char
++asn1_subid_decode(struct asn1_ctx *ctx, unsigned long *subid)
++{
++ unsigned char ch;
++
++ *subid = 0;
++
++ do {
++ if (!asn1_octet_decode(ctx, &ch))
++ return 0;
++
++ *subid <<= 7;
++ *subid |= ch & 0x7F;
++ } while ((ch & 0x80) == 0x80);
++ return 1;
++}
++
++int
++asn1_oid_decode(struct asn1_ctx *ctx,
++ unsigned char *eoc, unsigned long **oid, unsigned int *len)
++{
++ unsigned long subid;
++ unsigned int size;
++ unsigned long *optr;
++
++ size = eoc - ctx->pointer + 1;
++
++ /* first subid actually encodes first two subids */
++ if (size < 2 || size > UINT_MAX/sizeof(unsigned long))
++ return 0;
++
++ *oid = g_try_malloc0_n(size, sizeof(unsigned long));
++ if (*oid == NULL)
++ return 0;
++
++ optr = *oid;
++
++ if (!asn1_subid_decode(ctx, &subid)) {
++ g_free(*oid);
++ *oid = NULL;
++ return 0;
++ }
++
++ if (subid < 40) {
++ optr[0] = 0;
++ optr[1] = subid;
++ } else if (subid < 80) {
++ optr[0] = 1;
++ optr[1] = subid - 40;
++ } else {
++ optr[0] = 2;
++ optr[1] = subid - 80;
++ }
++
++ *len = 2;
++ optr += 2;
++
++ while (ctx->pointer < eoc) {
++ if (++(*len) > size) {
++ ctx->error = ASN1_ERR_DEC_BADVALUE;
++ g_free(*oid);
++ *oid = NULL;
++ return 0;
++ }
++
++ if (!asn1_subid_decode(ctx, optr++)) {
++ g_free(*oid);
++ *oid = NULL;
++ return 0;
++ }
++ }
++ return 1;
++}
++
++/* return the size of @depth-nested headers + payload */
++int asn1_header_len(unsigned int payload_len, int depth)
++{
++ unsigned int len;
++ int i;
++
++ len = payload_len;
++ for (i = 0; i < depth; i++) {
++ /* length */
++ if (len >= (1 << 24))
++ len += 5;
++ else if (len >= (1 << 16))
++ len += 4;
++ else if (len >= (1 << 8))
++ len += 3;
++ else if (len >= (1 << 7))
++ len += 2;
++ else
++ len += 1;
++ /* 1-byte header */
++ len += 1;
++ }
++ return len;
++}
++
++int asn1_oid_encode(const unsigned long *in_oid, int in_len,
++ unsigned char **out_oid, int *out_len)
++{
++ unsigned char *oid;
++ unsigned long id;
++ int i;
++
++ *out_oid = g_try_malloc0_n(in_len, 5);
++ if (*out_oid == NULL)
++ return -ENOMEM;
++
++ oid = *out_oid;
++ *oid++ = (unsigned char)(40 * in_oid[0] + in_oid[1]);
++ for (i = 2; i < in_len; i++) {
++ id = in_oid[i];
++ if (id >= (1 << 28))
++ *oid++ = (0x80 | ((id>>28) & 0x7F));
++ if (id >= (1 << 21))
++ *oid++ = (0x80 | ((id>>21) & 0x7F));
++ if (id >= (1 << 14))
++ *oid++ = (0x80 | ((id>>14) & 0x7F));
++ if (id >= (1 << 7))
++ *oid++ = (0x80 | ((id>>7) & 0x7F));
++ *oid++ = id & 0x7F;
++ }
++ *out_len = (int)(oid - *out_oid);
++ return 0;
++}
++
++/*
++ * @len is the sum of all sizes of header, length and payload.
++ * it will be decreased by the sum of sizes of header and length.
++ */
++int asn1_header_encode(unsigned char **buf,
++ unsigned int cls, unsigned int con, unsigned int tag,
++ unsigned int *len)
++{
++ unsigned char *loc;
++ unsigned int r_len;
++
++ /* at least, 1-byte header + 1-byte length is needed. */
++ if (*len < 2)
++ return -EINVAL;
++
++ loc = *buf;
++ r_len = *len;
++
++ *loc++ = ((cls & 0x3) << 6) | ((con & 0x1) << 5) | (tag & 0x1F);
++ r_len -= 1;
++
++ if (r_len - 1 < (1 << 7)) {
++ r_len -= 1;
++ *loc++ = (unsigned char)(r_len & 0x7F);
++ } else if (r_len - 2 < (1 << 8)) {
++ r_len -= 2;
++ *loc++ = 0x81;
++ *loc++ = (unsigned char)(r_len & 0xFF);
++ } else if (r_len - 3 < (1 << 16)) {
++ r_len -= 3;
++ *loc++ = 0x82;
++ *loc++ = (unsigned char)((r_len>>8) & 0xFF);
++ *loc++ = (unsigned char)(r_len & 0xFF);
++ } else if (r_len - 4 < (1 << 24)) {
++ r_len -= 4;
++ *loc++ = 0x83;
++ *loc++ = (unsigned char)((r_len>>16) & 0xFF);
++ *loc++ = (unsigned char)((r_len>>8) & 0xFF);
++ *loc++ = (unsigned char)(r_len & 0xFF);
++ } else {
++ r_len -= 5;
++ *loc++ = 0x84;
++ *loc++ = (unsigned char)((r_len>>24) & 0xFF);
++ *loc++ = (unsigned char)((r_len>>16) & 0xFF);
++ *loc++ = (unsigned char)((r_len>>8) & 0xFF);
++ *loc++ = (unsigned char)(r_len & 0xFF);
++ }
++
++ *buf = loc;
++ *len = r_len;
++ return 0;
++}
+--- /dev/null
++++ b/tools/management/spnego_mech.h
+@@ -0,0 +1,48 @@
++/* SPDX-License-Identifier: GPL-2.0-or-later */
++/*
++ * Copyright (C) 2020 LG Electronics
++ *
++ * linux-cifsd-devel@lists.sourceforge.net
++ */
++
++#ifndef _SPNEGO_MECH_H_
++#define _SPNEGO_MECH_H_
++
++enum {
++ SPNEGO_MECH_MSKRB5 = 0,
++ SPNEGO_MECH_KRB5,
++ SPNEGO_MAX_MECHS,
++};
++
++struct spnego_mech_ctx;
++
++typedef int (*spnego_encode_t)(char *in_blob, int in_len,
++ const unsigned long *oid, int oid_len,
++ char **out_blob, int *out_len);
++
++struct spnego_mech_operations {
++ int (*setup)(struct spnego_mech_ctx *mech_ctx);
++ void (*cleanup)(struct spnego_mech_ctx *mech_ctx);
++ int (*handle_authen)(struct spnego_mech_ctx *mech_ctx,
++ char *in_blob, unsigned int in_len,
++ struct ksmbd_spnego_auth_out *auth_out,
++ spnego_encode_t encode);
++};
++
++struct spnego_mech_ctx {
++ const unsigned long *oid;
++ int oid_len;
++ void *private;
++ union {
++ struct {
++ void *keytab_name;
++ void *service_name;
++ } krb5;
++ } params;
++ struct spnego_mech_operations *ops;
++};
++
++extern struct spnego_mech_operations spnego_krb5_operations;
++extern struct spnego_mech_operations spnego_mskrb5_operations;
++
++#endif
projects / feed / packages.git / commitdiff