xref: /titanic_41/usr/src/uts/common/fs/smbclnt/netsmb/smb_smb.c (revision 39f633a09e54fab2b9cf8d9d3ddc2a043b3e7465)
1 /*
2  * Copyright (c) 2000-2001 Boris Popov
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 3. All advertising materials mentioning features or use of this software
14  *    must display the following acknowledgement:
15  *    This product includes software developed by Boris Popov.
16  * 4. Neither the name of the author nor the names of any co-contributors
17  *    may be used to endorse or promote products derived from this software
18  *    without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30  * SUCH DAMAGE.
31  *
32  * $Id: smb_smb.c,v 1.35.100.2 2005/06/02 00:55:39 lindak Exp $
33  */
34 
35 /*
36  * Copyright 2012 Nexenta Systems, Inc.  All rights reserved.
37  * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
38  */
39 
40 /*
41  * various SMB requests. Most of the routines merely packs data into mbufs.
42  */
43 #include <sys/param.h>
44 #include <sys/systm.h>
45 #include <sys/kmem.h>
46 #include <sys/proc.h>
47 #include <sys/lock.h>
48 #include <sys/socket.h>
49 #include <sys/uio.h>
50 #include <sys/random.h>
51 #include <sys/note.h>
52 #include <sys/cmn_err.h>
53 
54 #include <netsmb/smb_osdep.h>
55 
56 #include <netsmb/smb.h>
57 #include <netsmb/smb_conn.h>
58 #include <netsmb/smb_rq.h>
59 #include <netsmb/smb_subr.h>
60 #include <netsmb/smb_tran.h>
61 
62 #define	STYPE_LEN	8	/* share type strings */
63 
64 /*
65  * Largest size to use with LARGE_READ/LARGE_WRITE.
66  * Specs say up to 64k data bytes, but Windows traffic
67  * uses 60k... no doubt for some good reason.
68  * (Probably to keep 4k block alignment.)
69  * XXX: Move to smb.h maybe?
70  */
71 #define	SMB_MAX_LARGE_RW_SIZE (60*1024)
72 
73 /*
74  * Default timeout values, all in seconds.
75  * Make these tunable (only via mdb for now).
76  */
77 int smb_timo_notice = 15;
78 int smb_timo_default = 30;	/* was SMB_DEFRQTIMO */
79 int smb_timo_open = 45;
80 int smb_timo_read = 45;
81 int smb_timo_write = 60;	/* was SMBWRTTIMO */
82 int smb_timo_append = 90;
83 
84 static int smb_smb_read(struct smb_share *ssp, uint16_t fid,
85 	uint32_t *lenp, uio_t *uiop, smb_cred_t *scred, int timo);
86 static int smb_smb_write(struct smb_share *ssp, uint16_t fid,
87 	uint32_t *lenp, uio_t *uiop, smb_cred_t *scred, int timo);
88 
89 static int smb_smb_readx(struct smb_share *ssp, uint16_t fid,
90 	uint32_t *lenp, uio_t *uiop, smb_cred_t *scred, int timo);
91 static int smb_smb_writex(struct smb_share *ssp, uint16_t fid,
92 	uint32_t *lenp, uio_t *uiop, smb_cred_t *scred, int timo);
93 
94 /*
95  * Get the string representation of a share "use" type,
96  * as needed for the "service" in tree connect.
97  */
98 static const char *
smb_share_typename(uint32_t stype)99 smb_share_typename(uint32_t stype)
100 {
101 	const char *p;
102 
103 	switch (stype) {
104 	case STYPE_DISKTREE:
105 		p = "A:";
106 		break;
107 	case STYPE_PRINTQ:
108 		p = "LPT1:";
109 		break;
110 	case STYPE_DEVICE:
111 		p = "COMM";
112 		break;
113 	case STYPE_IPC:
114 		p = "IPC";
115 		break;
116 	case STYPE_UNKNOWN:
117 	default:
118 		p = "?????";
119 		break;
120 	}
121 	return (p);
122 }
123 
124 /*
125  * Parse a share type name (inverse of above)
126  */
127 static uint32_t
smb_share_parsetype(char * name)128 smb_share_parsetype(char *name)
129 {
130 	int stype;
131 
132 	switch (*name) {
133 	case 'A':	/* A: */
134 		stype = STYPE_DISKTREE;
135 		break;
136 	case 'C':	/* COMM */
137 		stype = STYPE_DEVICE;
138 		break;
139 	case 'I':	/* IPC */
140 		stype = STYPE_IPC;
141 		break;
142 	case 'L':	/* LPT: */
143 		stype = STYPE_PRINTQ;
144 		break;
145 	default:
146 		stype = STYPE_UNKNOWN;
147 		break;
148 	}
149 	return (stype);
150 }
151 
152 int
smb_smb_treeconnect(struct smb_share * ssp,struct smb_cred * scred)153 smb_smb_treeconnect(struct smb_share *ssp, struct smb_cred *scred)
154 {
155 	struct smb_vc *vcp;
156 	struct smb_rq *rqp = NULL;
157 	struct mbchain *mbp;
158 	struct mdchain *mdp;
159 	const char *tname;
160 	char *pbuf, *unc_name = NULL;
161 	int error, tlen, plen, unc_len;
162 	uint16_t bcnt, options;
163 	uint8_t wc;
164 	char stype_str[STYPE_LEN];
165 
166 	vcp = SSTOVC(ssp);
167 
168 	/*
169 	 * Make this a "VC-level" request, so it will have
170 	 * rqp->sr_share == NULL, and smb_iod_sendrq()
171 	 * will send it with TID = SMB_TID_UNKNOWN
172 	 *
173 	 * This also serves to bypass the wait for
174 	 * share state changes, which this call is
175 	 * trying to carry out.
176 	 */
177 	error = smb_rq_alloc(VCTOCP(vcp), SMB_COM_TREE_CONNECT_ANDX,
178 	    scred, &rqp);
179 	if (error)
180 		return (error);
181 
182 	/*
183 	 * Build the UNC name, i.e. "//server/share"
184 	 * but with backslashes of course.
185 	 * size math: three slashes, one null.
186 	 */
187 	unc_len = 4 + strlen(vcp->vc_srvname) + strlen(ssp->ss_name);
188 	unc_name = kmem_alloc(unc_len, KM_SLEEP);
189 	(void) snprintf(unc_name, unc_len, "\\\\%s\\%s",
190 	    vcp->vc_srvname, ssp->ss_name);
191 	SMBSDEBUG("unc_name: \"%s\"", unc_name);
192 
193 
194 	/*
195 	 * Share-level password (pre-computed in user-space)
196 	 * MS-SMB 2.2.6 says this should be null terminated,
197 	 * and the pw length includes the null.
198 	 */
199 	pbuf = ssp->ss_pass;
200 	plen = strlen(pbuf) + 1;
201 
202 	/*
203 	 * Build the request.
204 	 */
205 	mbp = &rqp->sr_rq;
206 	smb_rq_wstart(rqp);
207 	mb_put_uint8(mbp, 0xff);
208 	mb_put_uint8(mbp, 0);
209 	mb_put_uint16le(mbp, 0);
210 	mb_put_uint16le(mbp, 0);		/* Flags */
211 	mb_put_uint16le(mbp, plen);
212 	smb_rq_wend(rqp);
213 	smb_rq_bstart(rqp);
214 
215 	/* Tree connect password, if any */
216 	error = mb_put_mem(mbp, pbuf, plen, MB_MSYSTEM);
217 	if (error)
218 		goto out;
219 
220 	/* UNC resource name */
221 	error = smb_put_dstring(mbp, vcp, unc_name, SMB_CS_NONE);
222 	if (error)
223 		goto out;
224 
225 	/*
226 	 * Put the type string (always ASCII),
227 	 * including the null.
228 	 */
229 	tname = smb_share_typename(ssp->ss_use);
230 	tlen = strlen(tname) + 1;
231 	error = mb_put_mem(mbp, tname, tlen, MB_MSYSTEM);
232 	if (error)
233 		goto out;
234 
235 	smb_rq_bend(rqp);
236 
237 	/*
238 	 * Run the request.
239 	 *
240 	 * Using NOINTR_RECV because we don't want to risk
241 	 * missing a successful tree connect response,
242 	 * which would "leak" Tree IDs.
243 	 */
244 	rqp->sr_flags |= SMBR_NOINTR_RECV;
245 	error = smb_rq_simple(rqp);
246 	SMBSDEBUG("%d\n", error);
247 	if (error) {
248 		/*
249 		 * If we get the server name wrong, i.e. due to
250 		 * mis-configured name services, this will be
251 		 * NT_STATUS_DUPLICATE_NAME.  Log this error.
252 		 */
253 		SMBERROR("(%s) failed, status=0x%x",
254 		    unc_name, rqp->sr_error);
255 		goto out;
256 	}
257 
258 	/*
259 	 * Parse the TCON response
260 	 */
261 	smb_rq_getreply(rqp, &mdp);
262 	md_get_uint8(mdp, &wc);
263 	if (wc != 3 && wc != 7) {
264 		error = EBADRPC;
265 		goto out;
266 	}
267 	md_get_uint16le(mdp, NULL);		/* AndX cmd */
268 	md_get_uint16le(mdp, NULL);		/* AndX off */
269 	md_get_uint16le(mdp, &options);		/* option bits (DFS, search) */
270 	if (wc == 7) {
271 		md_get_uint32le(mdp, NULL);	/* MaximalShareAccessRights */
272 		md_get_uint32le(mdp, NULL);	/* GuestMaximalShareAcc... */
273 	}
274 	error = md_get_uint16le(mdp, &bcnt);	/* byte count */
275 	if (error)
276 		goto out;
277 
278 	/*
279 	 * Get the returned share type string, i.e. "IPC" or whatever.
280 	 * (See smb_share_typename, smb_share_parsetype).  If we get
281 	 * an error reading the type, just say STYPE_UNKNOWN.
282 	 */
283 	tlen = STYPE_LEN;
284 	bzero(stype_str, tlen--);
285 	if (tlen > bcnt)
286 		tlen = bcnt;
287 	md_get_mem(mdp, stype_str, tlen, MB_MSYSTEM);
288 	stype_str[tlen] = '\0';
289 	ssp->ss_type = smb_share_parsetype(stype_str);
290 
291 	/* Success! */
292 	SMB_SS_LOCK(ssp);
293 	ssp->ss_tid = rqp->sr_rptid;
294 	ssp->ss_vcgenid = vcp->vc_genid;
295 	ssp->ss_options = options;
296 	ssp->ss_flags |= SMBS_CONNECTED;
297 	SMB_SS_UNLOCK(ssp);
298 
299 out:
300 	if (unc_name)
301 		kmem_free(unc_name, unc_len);
302 	smb_rq_done(rqp);
303 	return (error);
304 }
305 
306 int
smb_smb_treedisconnect(struct smb_share * ssp,struct smb_cred * scred)307 smb_smb_treedisconnect(struct smb_share *ssp, struct smb_cred *scred)
308 {
309 	struct smb_vc *vcp;
310 	struct smb_rq *rqp;
311 	int error;
312 
313 	if (ssp->ss_tid == SMB_TID_UNKNOWN)
314 		return (0);
315 
316 	/*
317 	 * Build this as a "VC-level" request, so it will
318 	 * avoid testing the _GONE flag on the share,
319 	 * which has already been set at this point.
320 	 * Add the share pointer "by hand" below, so
321 	 * smb_iod_sendrq will plug in the TID.
322 	 */
323 	vcp = SSTOVC(ssp);
324 	error = smb_rq_alloc(VCTOCP(vcp), SMB_COM_TREE_DISCONNECT, scred, &rqp);
325 	if (error)
326 		return (error);
327 	rqp->sr_share = ssp; /* by hand */
328 
329 	smb_rq_wstart(rqp);
330 	smb_rq_wend(rqp);
331 	smb_rq_bstart(rqp);
332 	smb_rq_bend(rqp);
333 
334 	/*
335 	 * Run this with a relatively short timeout. (5 sec.)
336 	 * We don't really care about the result here, but we
337 	 * do need to make sure we send this out, or we could
338 	 * "leak" active tree IDs on interrupt or timeout.
339 	 * The NOINTR_SEND flag makes this request immune to
340 	 * interrupt or timeout until the send is done.
341 	 * Also, don't reconnect for this, of course!
342 	 */
343 	rqp->sr_flags |= (SMBR_NOINTR_SEND | SMBR_NORECONNECT);
344 	error = smb_rq_simple_timed(rqp, 5);
345 	SMBSDEBUG("%d\n", error);
346 	smb_rq_done(rqp);
347 	ssp->ss_tid = SMB_TID_UNKNOWN;
348 	return (error);
349 }
350 
351 /*
352  * Modern create/open of file or directory.
353  */
354 int
smb_smb_ntcreate(struct smb_share * ssp,struct mbchain * name_mb,uint32_t cr_flags,uint32_t req_acc,uint32_t efa,uint32_t share_acc,uint32_t open_disp,uint32_t createopt,uint32_t impersonate,struct smb_cred * scrp,uint16_t * fidp,uint32_t * cr_act_p,struct smbfattr * fap)355 smb_smb_ntcreate(
356 	struct smb_share *ssp,
357 	struct mbchain	*name_mb,
358 	uint32_t cr_flags,	/* create flags */
359 	uint32_t req_acc,	/* requested access */
360 	uint32_t efa,		/* ext. file attrs (DOS attr +) */
361 	uint32_t share_acc,
362 	uint32_t open_disp,	/* open disposition */
363 	uint32_t createopt,	/* NTCREATEX_OPTIONS_ */
364 	uint32_t impersonate,	/* NTCREATEX_IMPERSONATION_... */
365 	struct smb_cred *scrp,
366 	uint16_t *fidp,		/* returned FID */
367 	uint32_t *cr_act_p,	/* optional create action */
368 	struct smbfattr *fap)	/* optional attributes */
369 {
370 	struct smb_rq rq, *rqp = &rq;
371 	struct smb_vc *vcp = SSTOVC(ssp);
372 	struct mbchain *mbp;
373 	struct mdchain *mdp;
374 	struct smbfattr fa;
375 	uint64_t llongint;
376 	uint32_t longint, createact;
377 	uint16_t fid;
378 	uint8_t wc;
379 	int error;
380 
381 	bzero(&fa, sizeof (fa));
382 	error = smb_rq_init(rqp, SSTOCP(ssp), SMB_COM_NT_CREATE_ANDX, scrp);
383 	if (error)
384 		return (error);
385 	smb_rq_getrequest(rqp, &mbp);
386 
387 	/* Word parameters */
388 	smb_rq_wstart(rqp);
389 	mb_put_uint8(mbp, 0xff);	/* secondary command */
390 	mb_put_uint8(mbp, 0);		/* MBZ */
391 	mb_put_uint16le(mbp, 0);	/* offset to next command (none) */
392 	mb_put_uint8(mbp, 0);		/* MBZ */
393 	mb_put_uint16le(mbp, name_mb->mb_count);
394 	mb_put_uint32le(mbp, cr_flags);	/* NTCREATEX_FLAGS_* */
395 	mb_put_uint32le(mbp, 0);	/* FID - basis for path if not root */
396 	mb_put_uint32le(mbp, req_acc);
397 	mb_put_uint64le(mbp, 0);	/* "initial allocation size" */
398 	mb_put_uint32le(mbp, efa);
399 	mb_put_uint32le(mbp, share_acc);
400 	mb_put_uint32le(mbp, open_disp);
401 	mb_put_uint32le(mbp, createopt);
402 	mb_put_uint32le(mbp, impersonate);
403 	mb_put_uint8(mbp, 0);   /* security flags (?) */
404 	smb_rq_wend(rqp);
405 
406 	/*
407 	 * Byte parameters: Just the path name, aligned.
408 	 * Note: mb_put_mbuf consumes mb_top, so clear it.
409 	 */
410 	smb_rq_bstart(rqp);
411 	if (SMB_UNICODE_STRINGS(vcp))
412 		mb_put_padbyte(mbp);
413 	mb_put_mbuf(mbp, name_mb->mb_top);
414 	bzero(name_mb, sizeof (*name_mb));
415 	smb_rq_bend(rqp);
416 
417 	/*
418 	 * Don't want to risk missing a successful
419 	 * open response, or we could "leak" FIDs.
420 	 */
421 	rqp->sr_flags |= SMBR_NOINTR_RECV;
422 	error = smb_rq_simple_timed(rqp, smb_timo_open);
423 	if (error)
424 		goto done;
425 	smb_rq_getreply(rqp, &mdp);
426 	/*
427 	 * spec says 26 for word count, but 34 words are defined
428 	 * and observed from win2000
429 	 */
430 	error = md_get_uint8(mdp, &wc);
431 	if (error)
432 		goto done;
433 	if (wc != 26 && wc < 34) {
434 		error = EBADRPC;
435 		goto done;
436 	}
437 	md_get_uint8(mdp, NULL);		/* secondary cmd */
438 	md_get_uint8(mdp, NULL);		/* mbz */
439 	md_get_uint16le(mdp, NULL);		/* andxoffset */
440 	md_get_uint8(mdp, NULL);		/* oplock lvl granted */
441 	md_get_uint16le(mdp, &fid);		/* file ID */
442 	md_get_uint32le(mdp, &createact);	/* create_action */
443 
444 	md_get_uint64le(mdp, &llongint);	/* creation time */
445 	smb_time_NT2local(llongint, &fa.fa_createtime);
446 	md_get_uint64le(mdp, &llongint);	/* access time */
447 	smb_time_NT2local(llongint, &fa.fa_atime);
448 	md_get_uint64le(mdp, &llongint);	/* write time */
449 	smb_time_NT2local(llongint, &fa.fa_mtime);
450 	md_get_uint64le(mdp, &llongint);	/* change time */
451 	smb_time_NT2local(llongint, &fa.fa_ctime);
452 
453 	md_get_uint32le(mdp, &longint);		/* attributes */
454 	fa.fa_attr = longint;
455 	md_get_uint64le(mdp, &llongint);	/* allocation size */
456 	fa.fa_allocsz = llongint;
457 	md_get_uint64le(mdp, &llongint);	/* EOF position */
458 	fa.fa_size = llongint;
459 
460 	error = md_get_uint16le(mdp, NULL);	/* file type */
461 	/* other stuff we don't care about */
462 
463 done:
464 	smb_rq_done(rqp);
465 	if (error)
466 		return (error);
467 
468 	*fidp = fid;
469 	if (cr_act_p)
470 		*cr_act_p = createact;
471 	if (fap)
472 		*fap = fa; /* struct copy */
473 
474 	return (0);
475 }
476 
477 int
smb_smb_close(struct smb_share * ssp,uint16_t fid,struct timespec * mtime,struct smb_cred * scrp)478 smb_smb_close(struct smb_share *ssp, uint16_t fid, struct timespec *mtime,
479 	struct smb_cred *scrp)
480 {
481 	struct smb_rq rq, *rqp = &rq;
482 	struct mbchain *mbp;
483 	long time;
484 	int error;
485 
486 	error = smb_rq_init(rqp, SSTOCP(ssp), SMB_COM_CLOSE, scrp);
487 	if (error)
488 		return (error);
489 	smb_rq_getrequest(rqp, &mbp);
490 	smb_rq_wstart(rqp);
491 	mb_put_uint16le(mbp, fid);
492 	if (mtime) {
493 		int sv_tz = SSTOVC(ssp)->vc_sopt.sv_tz;
494 		smb_time_local2server(mtime, sv_tz, &time);
495 	} else {
496 		time = 0;
497 	}
498 	mb_put_uint32le(mbp, time);
499 	smb_rq_wend(rqp);
500 	smb_rq_bstart(rqp);
501 	smb_rq_bend(rqp);
502 
503 	/* Make sure we send, but only if already connected */
504 	rqp->sr_flags |= (SMBR_NOINTR_SEND | SMBR_NORECONNECT);
505 	error = smb_rq_simple(rqp);
506 	smb_rq_done(rqp);
507 	return (error);
508 }
509 
510 int
smb_smb_open_prjob(struct smb_share * ssp,char * title,uint16_t setuplen,uint16_t mode,struct smb_cred * scrp,uint16_t * fidp)511 smb_smb_open_prjob(
512 	struct smb_share *ssp,
513 	char	*title,
514 	uint16_t setuplen,
515 	uint16_t mode,
516 	struct smb_cred *scrp,
517 	uint16_t *fidp)
518 {
519 	struct smb_rq rq, *rqp = &rq;
520 	struct smb_vc *vcp = SSTOVC(ssp);
521 	struct mbchain *mbp;
522 	struct mdchain *mdp;
523 	uint16_t fid;
524 	uint8_t wc;
525 	int error;
526 
527 	error = smb_rq_init(rqp, SSTOCP(ssp), SMB_COM_OPEN_PRINT_FILE, scrp);
528 	if (error)
529 		return (error);
530 	smb_rq_getrequest(rqp, &mbp);
531 
532 	/* Word parameters */
533 	smb_rq_wstart(rqp);
534 	mb_put_uint16le(mbp, setuplen);
535 	mb_put_uint16le(mbp, mode);
536 	smb_rq_wend(rqp);
537 
538 	/*
539 	 * Byte parameters: Just the title
540 	 */
541 	smb_rq_bstart(rqp);
542 	mb_put_uint8(mbp, SMB_DT_ASCII);
543 	error = smb_put_dstring(mbp, vcp, title, SMB_CS_NONE);
544 	smb_rq_bend(rqp);
545 	if (error)
546 		goto done;
547 
548 	/*
549 	 * Don't want to risk missing a successful
550 	 * open response, or we could "leak" FIDs.
551 	 */
552 	rqp->sr_flags |= SMBR_NOINTR_RECV;
553 	error = smb_rq_simple_timed(rqp, smb_timo_open);
554 	if (error)
555 		goto done;
556 
557 	smb_rq_getreply(rqp, &mdp);
558 	error = md_get_uint8(mdp, &wc);
559 	if (error || wc < 1) {
560 		error = EBADRPC;
561 		goto done;
562 	}
563 	error = md_get_uint16le(mdp, &fid);
564 
565 done:
566 	smb_rq_done(rqp);
567 	if (error)
568 		return (error);
569 
570 	*fidp = fid;
571 	return (0);
572 }
573 
574 /*
575  * Like smb_smb_close, but for print shares.
576  */
577 int
smb_smb_close_prjob(struct smb_share * ssp,uint16_t fid,struct smb_cred * scrp)578 smb_smb_close_prjob(struct smb_share *ssp, uint16_t fid,
579 	struct smb_cred *scrp)
580 {
581 	struct smb_rq rq, *rqp = &rq;
582 	struct mbchain *mbp;
583 	int error;
584 
585 	error = smb_rq_init(rqp, SSTOCP(ssp),
586 	    SMB_COM_CLOSE_PRINT_FILE, scrp);
587 	if (error)
588 		return (error);
589 	smb_rq_getrequest(rqp, &mbp);
590 	smb_rq_wstart(rqp);
591 	mb_put_uint16le(mbp, fid);
592 	smb_rq_wend(rqp);
593 	smb_rq_bstart(rqp);
594 	smb_rq_bend(rqp);
595 
596 	/* Make sure we send but only if already connected */
597 	rqp->sr_flags |= (SMBR_NOINTR_SEND | SMBR_NORECONNECT);
598 	error = smb_rq_simple(rqp);
599 	smb_rq_done(rqp);
600 	return (error);
601 }
602 
603 /*
604  * Common function for read/write with UIO.
605  * Called by netsmb smb_usr_rw,
606  *  smbfs_readvnode, smbfs_writevnode
607  */
608 int
smb_rwuio(struct smb_share * ssp,uint16_t fid,uio_rw_t rw,uio_t * uiop,smb_cred_t * scred,int timo)609 smb_rwuio(struct smb_share *ssp, uint16_t fid, uio_rw_t rw,
610 	uio_t *uiop, smb_cred_t *scred, int timo)
611 {
612 	struct smb_vc *vcp = SSTOVC(ssp);
613 	ssize_t  save_resid;
614 	uint32_t len, rlen, maxlen;
615 	int error = 0;
616 	int (*iofun)(struct smb_share *, uint16_t, uint32_t *,
617 	    uio_t *, smb_cred_t *, int);
618 
619 	/*
620 	 * Determine which function to use,
621 	 * and the transfer size per call.
622 	 */
623 	if (SMB_DIALECT(vcp) >= SMB_DIALECT_NTLM0_12) {
624 		/*
625 		 * Using NT LM 0.12, so readx, writex.
626 		 * Make sure we can represent the offset.
627 		 */
628 		if ((vcp->vc_sopt.sv_caps & SMB_CAP_LARGE_FILES) == 0 &&
629 		    (uiop->uio_loffset + uiop->uio_resid) > UINT32_MAX)
630 			return (EFBIG);
631 
632 		if (rw == UIO_READ) {
633 			iofun = smb_smb_readx;
634 			if (vcp->vc_sopt.sv_caps & SMB_CAP_LARGE_READX)
635 				maxlen = SMB_MAX_LARGE_RW_SIZE;
636 			else
637 				maxlen = vcp->vc_rxmax;
638 		} else { /* UIO_WRITE */
639 			iofun = smb_smb_writex;
640 			if (vcp->vc_sopt.sv_caps & SMB_CAP_LARGE_WRITEX)
641 				maxlen = SMB_MAX_LARGE_RW_SIZE;
642 			else
643 				maxlen = vcp->vc_wxmax;
644 		}
645 	} else {
646 		/*
647 		 * Using the old SMB_READ and SMB_WRITE so
648 		 * we're limited to 32-bit offsets, etc.
649 		 * XXX: Someday, punt the old dialects.
650 		 */
651 		if ((uiop->uio_loffset + uiop->uio_resid) > UINT32_MAX)
652 			return (EFBIG);
653 
654 		if (rw == UIO_READ) {
655 			iofun = smb_smb_read;
656 			maxlen = vcp->vc_rxmax;
657 		} else { /* UIO_WRITE */
658 			iofun = smb_smb_write;
659 			maxlen = vcp->vc_wxmax;
660 		}
661 	}
662 
663 	save_resid = uiop->uio_resid;
664 	while (uiop->uio_resid > 0) {
665 		/* Lint: uio_resid may be 64-bits */
666 		rlen = len = (uint32_t)min(maxlen, uiop->uio_resid);
667 		error = (*iofun)(ssp, fid, &rlen, uiop, scred, timo);
668 
669 		/*
670 		 * Note: the iofun called uio_update, so
671 		 * not doing that here as one might expect.
672 		 *
673 		 * Quit the loop either on error, or if we
674 		 * transferred less then requested.
675 		 */
676 		if (error || (rlen < len))
677 			break;
678 
679 		timo = 0; /* only first I/O should wait */
680 	}
681 	if (error && (save_resid != uiop->uio_resid)) {
682 		/*
683 		 * Stopped on an error after having
684 		 * successfully transferred data.
685 		 * Suppress this error.
686 		 */
687 		SMBSDEBUG("error %d suppressed\n", error);
688 		error = 0;
689 	}
690 
691 	return (error);
692 }
693 
694 static int
smb_smb_readx(struct smb_share * ssp,uint16_t fid,uint32_t * lenp,uio_t * uiop,smb_cred_t * scred,int timo)695 smb_smb_readx(struct smb_share *ssp, uint16_t fid, uint32_t *lenp,
696 	uio_t *uiop, smb_cred_t *scred, int timo)
697 {
698 	struct smb_rq *rqp;
699 	struct mbchain *mbp;
700 	struct mdchain *mdp;
701 	int error;
702 	uint32_t offlo, offhi, rlen;
703 	uint16_t lenhi, lenlo, off, doff;
704 	uint8_t wc;
705 
706 	lenhi = (uint16_t)(*lenp >> 16);
707 	lenlo = (uint16_t)*lenp;
708 	offhi = (uint32_t)(uiop->uio_loffset >> 32);
709 	offlo = (uint32_t)uiop->uio_loffset;
710 
711 	error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_READ_ANDX, scred, &rqp);
712 	if (error)
713 		return (error);
714 	smb_rq_getrequest(rqp, &mbp);
715 	smb_rq_wstart(rqp);
716 	mb_put_uint8(mbp, 0xff);	/* no secondary command */
717 	mb_put_uint8(mbp, 0);		/* MBZ */
718 	mb_put_uint16le(mbp, 0);	/* offset to secondary */
719 	mb_put_uint16le(mbp, fid);
720 	mb_put_uint32le(mbp, offlo);	/* offset (low part) */
721 	mb_put_uint16le(mbp, lenlo);	/* MaxCount */
722 	mb_put_uint16le(mbp, 1);	/* MinCount */
723 					/* (only indicates blocking) */
724 	mb_put_uint32le(mbp, lenhi);	/* MaxCountHigh */
725 	mb_put_uint16le(mbp, lenlo);	/* Remaining ("obsolete") */
726 	mb_put_uint32le(mbp, offhi);	/* offset (high part) */
727 	smb_rq_wend(rqp);
728 	smb_rq_bstart(rqp);
729 	smb_rq_bend(rqp);
730 
731 	if (timo == 0)
732 		timo = smb_timo_read;
733 	error = smb_rq_simple_timed(rqp, timo);
734 	if (error)
735 		goto out;
736 
737 	smb_rq_getreply(rqp, &mdp);
738 	error = md_get_uint8(mdp, &wc);
739 	if (error)
740 		goto out;
741 	if (wc != 12) {
742 		error = EBADRPC;
743 		goto out;
744 	}
745 	md_get_uint8(mdp, NULL);
746 	md_get_uint8(mdp, NULL);
747 	md_get_uint16le(mdp, NULL);
748 	md_get_uint16le(mdp, NULL);
749 	md_get_uint16le(mdp, NULL);	/* data compaction mode */
750 	md_get_uint16le(mdp, NULL);
751 	md_get_uint16le(mdp, &lenlo);	/* data len ret. */
752 	md_get_uint16le(mdp, &doff);	/* data offset */
753 	md_get_uint16le(mdp, &lenhi);
754 	rlen = (lenhi << 16) | lenlo;
755 	md_get_mem(mdp, NULL, 4 * 2, MB_MSYSTEM);
756 	error = md_get_uint16le(mdp, NULL);	/* ByteCount */
757 	if (error)
758 		goto out;
759 	/*
760 	 * Does the data offset indicate padding?
761 	 * The current offset is a constant, found
762 	 * by counting the md_get_ calls above.
763 	 */
764 	off = SMB_HDRLEN + 3 + (12 * 2); /* =59 */
765 	if (doff > off)	/* pad byte(s)? */
766 		md_get_mem(mdp, NULL, doff - off, MB_MSYSTEM);
767 	if (rlen == 0) {
768 		*lenp = rlen;
769 		goto out;
770 	}
771 	/* paranoid */
772 	if (rlen > *lenp) {
773 		SMBSDEBUG("bad server! rlen %d, len %d\n",
774 		    rlen, *lenp);
775 		rlen = *lenp;
776 	}
777 	error = md_get_uio(mdp, uiop, rlen);
778 	if (error)
779 		goto out;
780 
781 	/* Success */
782 	*lenp = rlen;
783 
784 out:
785 	smb_rq_done(rqp);
786 	return (error);
787 }
788 
789 static int
smb_smb_writex(struct smb_share * ssp,uint16_t fid,uint32_t * lenp,uio_t * uiop,smb_cred_t * scred,int timo)790 smb_smb_writex(struct smb_share *ssp, uint16_t fid, uint32_t *lenp,
791 	uio_t *uiop, smb_cred_t *scred, int timo)
792 {
793 	struct smb_rq *rqp;
794 	struct mbchain *mbp;
795 	struct mdchain *mdp;
796 	int error;
797 	uint32_t offlo, offhi, rlen;
798 	uint16_t lenhi, lenlo;
799 	uint8_t wc;
800 
801 	lenhi = (uint16_t)(*lenp >> 16);
802 	lenlo = (uint16_t)*lenp;
803 	offhi = (uint32_t)(uiop->uio_loffset >> 32);
804 	offlo = (uint32_t)uiop->uio_loffset;
805 
806 	error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_WRITE_ANDX, scred, &rqp);
807 	if (error)
808 		return (error);
809 	smb_rq_getrequest(rqp, &mbp);
810 	smb_rq_wstart(rqp);
811 	mb_put_uint8(mbp, 0xff);	/* no secondary command */
812 	mb_put_uint8(mbp, 0);		/* MBZ */
813 	mb_put_uint16le(mbp, 0);	/* offset to secondary */
814 	mb_put_uint16le(mbp, fid);
815 	mb_put_uint32le(mbp, offlo);	/* offset (low part) */
816 	mb_put_uint32le(mbp, 0);	/* MBZ (timeout) */
817 	mb_put_uint16le(mbp, 0);	/* !write-thru */
818 	mb_put_uint16le(mbp, 0);
819 	mb_put_uint16le(mbp, lenhi);
820 	mb_put_uint16le(mbp, lenlo);
821 	mb_put_uint16le(mbp, 64);	/* data offset from header start */
822 	mb_put_uint32le(mbp, offhi);	/* offset (high part) */
823 	smb_rq_wend(rqp);
824 	smb_rq_bstart(rqp);
825 
826 	mb_put_uint8(mbp, 0);	/* pad byte */
827 	error = mb_put_uio(mbp, uiop, *lenp);
828 	if (error)
829 		goto out;
830 	smb_rq_bend(rqp);
831 	if (timo == 0)
832 		timo = smb_timo_write;
833 	error = smb_rq_simple_timed(rqp, timo);
834 	if (error)
835 		goto out;
836 	smb_rq_getreply(rqp, &mdp);
837 	error = md_get_uint8(mdp, &wc);
838 	if (error)
839 		goto out;
840 	if (wc != 6) {
841 		error = EBADRPC;
842 		goto out;
843 	}
844 	md_get_uint8(mdp, NULL);	/* andx cmd */
845 	md_get_uint8(mdp, NULL);	/* reserved */
846 	md_get_uint16le(mdp, NULL);	/* andx offset */
847 	md_get_uint16le(mdp, &lenlo);	/* data len ret. */
848 	md_get_uint16le(mdp, NULL);	/* remaining */
849 	error = md_get_uint16le(mdp, &lenhi);
850 	if (error)
851 		goto out;
852 
853 	/* Success */
854 	rlen = (lenhi << 16) | lenlo;
855 	*lenp = rlen;
856 
857 out:
858 	smb_rq_done(rqp);
859 	return (error);
860 }
861 
862 static int
smb_smb_read(struct smb_share * ssp,uint16_t fid,uint32_t * lenp,uio_t * uiop,smb_cred_t * scred,int timo)863 smb_smb_read(struct smb_share *ssp, uint16_t fid, uint32_t *lenp,
864 	uio_t *uiop, smb_cred_t *scred, int timo)
865 {
866 	struct smb_rq *rqp;
867 	struct mbchain *mbp;
868 	struct mdchain *mdp;
869 	int error;
870 	uint32_t off32;
871 	uint16_t bc, cnt, dlen, rcnt, todo;
872 	uint8_t wc;
873 
874 	ASSERT(uiop->uio_loffset <= UINT32_MAX);
875 	off32 = (uint32_t)uiop->uio_loffset;
876 	ASSERT(*lenp <= UINT16_MAX);
877 	cnt = (uint16_t)*lenp;
878 	/* This next is an "estimate" of planned reads. */
879 	todo = (uint16_t)min(uiop->uio_resid, UINT16_MAX);
880 
881 	error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_READ, scred, &rqp);
882 	if (error)
883 		return (error);
884 	smb_rq_getrequest(rqp, &mbp);
885 	smb_rq_wstart(rqp);
886 	mb_put_uint16le(mbp, fid);
887 	mb_put_uint16le(mbp, cnt);
888 	mb_put_uint32le(mbp, off32);
889 	mb_put_uint16le(mbp, todo);
890 	smb_rq_wend(rqp);
891 	smb_rq_bstart(rqp);
892 	smb_rq_bend(rqp);
893 
894 	if (timo == 0)
895 		timo = smb_timo_read;
896 	error = smb_rq_simple_timed(rqp, timo);
897 	if (error)
898 		goto out;
899 	smb_rq_getreply(rqp, &mdp);
900 	error = md_get_uint8(mdp, &wc);
901 	if (error)
902 		goto out;
903 	if (wc != 5) {
904 		error = EBADRPC;
905 		goto out;
906 	}
907 	md_get_uint16le(mdp, &rcnt);		/* ret. count */
908 	md_get_mem(mdp, NULL, 4 * 2, MB_MSYSTEM);  /* res. */
909 	md_get_uint16le(mdp, &bc);		/* byte count */
910 	md_get_uint8(mdp, NULL);		/* buffer format */
911 	error = md_get_uint16le(mdp, &dlen);	/* data len */
912 	if (error)
913 		goto out;
914 	if (dlen < rcnt) {
915 		SMBSDEBUG("oops: dlen=%d rcnt=%d\n",
916 		    (int)dlen, (int)rcnt);
917 		rcnt = dlen;
918 	}
919 	if (rcnt == 0) {
920 		*lenp = 0;
921 		goto out;
922 	}
923 	/* paranoid */
924 	if (rcnt > cnt) {
925 		SMBSDEBUG("bad server! rcnt %d, cnt %d\n",
926 		    (int)rcnt, (int)cnt);
927 		rcnt = cnt;
928 	}
929 	error = md_get_uio(mdp, uiop, (int)rcnt);
930 	if (error)
931 		goto out;
932 
933 	/* success */
934 	*lenp = (int)rcnt;
935 
936 out:
937 	smb_rq_done(rqp);
938 	return (error);
939 }
940 
941 static int
smb_smb_write(struct smb_share * ssp,uint16_t fid,uint32_t * lenp,uio_t * uiop,smb_cred_t * scred,int timo)942 smb_smb_write(struct smb_share *ssp, uint16_t fid, uint32_t *lenp,
943 	uio_t *uiop, smb_cred_t *scred, int timo)
944 {
945 	struct smb_rq *rqp;
946 	struct mbchain *mbp;
947 	struct mdchain *mdp;
948 	int error;
949 	uint32_t off32;
950 	uint16_t cnt, rcnt, todo;
951 	uint8_t wc;
952 
953 	ASSERT(uiop->uio_loffset <= UINT32_MAX);
954 	off32 = (uint32_t)uiop->uio_loffset;
955 	ASSERT(*lenp <= UINT16_MAX);
956 	cnt = (uint16_t)*lenp;
957 	/* This next is an "estimate" of planned writes. */
958 	todo = (uint16_t)min(uiop->uio_resid, UINT16_MAX);
959 
960 	error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_WRITE, scred, &rqp);
961 	if (error)
962 		return (error);
963 	smb_rq_getrequest(rqp, &mbp);
964 	smb_rq_wstart(rqp);
965 	mb_put_uint16le(mbp, fid);
966 	mb_put_uint16le(mbp, cnt);
967 	mb_put_uint32le(mbp, off32);
968 	mb_put_uint16le(mbp, todo);
969 	smb_rq_wend(rqp);
970 	smb_rq_bstart(rqp);
971 	mb_put_uint8(mbp, SMB_DT_DATA);
972 	mb_put_uint16le(mbp, cnt);
973 
974 	error = mb_put_uio(mbp, uiop, *lenp);
975 	if (error)
976 		goto out;
977 	smb_rq_bend(rqp);
978 	if (timo == 0)
979 		timo = smb_timo_write;
980 	error = smb_rq_simple_timed(rqp, timo);
981 	if (error)
982 		goto out;
983 	smb_rq_getreply(rqp, &mdp);
984 	error = md_get_uint8(mdp, &wc);
985 	if (error)
986 		goto out;
987 	if (wc != 1) {
988 		error = EBADRPC;
989 		goto out;
990 	}
991 	error = md_get_uint16le(mdp, &rcnt);
992 	if (error)
993 		goto out;
994 	*lenp = rcnt;
995 
996 out:
997 	smb_rq_done(rqp);
998 	return (error);
999 }
1000 
1001 
1002 static u_int32_t	smbechoes = 0;
1003 
1004 int
smb_smb_echo(struct smb_vc * vcp,struct smb_cred * scred,int timo)1005 smb_smb_echo(struct smb_vc *vcp, struct smb_cred *scred, int timo)
1006 {
1007 	struct smb_rq *rqp;
1008 	struct mbchain *mbp;
1009 	int error;
1010 
1011 	error = smb_rq_alloc(VCTOCP(vcp), SMB_COM_ECHO, scred, &rqp);
1012 	if (error)
1013 		return (error);
1014 	mbp = &rqp->sr_rq;
1015 	smb_rq_wstart(rqp);
1016 	mb_put_uint16le(mbp, 1); /* echo count */
1017 	smb_rq_wend(rqp);
1018 	smb_rq_bstart(rqp);
1019 	mb_put_uint32le(mbp, atomic_inc_32_nv(&smbechoes));
1020 	smb_rq_bend(rqp);
1021 	/*
1022 	 * Note: the IOD calls this, so
1023 	 * this request must not wait for
1024 	 * connection state changes, etc.
1025 	 */
1026 	rqp->sr_flags |= SMBR_NORECONNECT;
1027 	error = smb_rq_simple_timed(rqp, timo);
1028 	SMBSDEBUG("%d\n", error);
1029 	smb_rq_done(rqp);
1030 	return (error);
1031 }
1032