1 /* 2 * This file and its contents are supplied under the terms of the 3 * Common Development and Distribution License ("CDDL"), version 1.0. 4 * You may only use this file in accordance with the terms of version 5 * 1.0 of the CDDL. 6 * 7 * A full copy of the text of the CDDL should have accompanied this 8 * source. A copy of the CDDL is also available via the Internet at 9 * http://www.illumos.org/license/CDDL. 10 */ 11 12 /* 13 * Copyright 2020 Tintri by DDN, Inc. All rights reserved. 14 */ 15 16 /* 17 * SMB2 Durable Handle support 18 */ 19 20 #include <sys/types.h> 21 #include <sys/cmn_err.h> 22 #include <sys/fcntl.h> 23 #include <sys/nbmlock.h> 24 #include <sys/sid.h> 25 #include <smbsrv/string.h> 26 #include <smbsrv/smb_kproto.h> 27 #include <smbsrv/smb_fsops.h> 28 #include <smbsrv/smbinfo.h> 29 #include <smbsrv/smb2_kproto.h> 30 31 /* Windows default values from [MS-SMB2] */ 32 /* 33 * (times in seconds) 34 * resilient: 35 * MaxTimeout = 300 (win7+) 36 * if timeout > MaxTimeout, ERROR 37 * if timeout != 0, timeout = req.timeout 38 * if timeout == 0, timeout = (infinity) (Win7/w2k8r2) 39 * if timeout == 0, timeout = 120 (Win8+) 40 * v2: 41 * if timeout != 0, timeout = MIN(timeout, 300) (spec) 42 * if timeout != 0, timeout = timeout (win8/2k12) 43 * if timeout == 0, timeout = Share.CATimeout. \ 44 * if Share.CATimeout == 0, timeout = 60 (win8/w2k12) 45 * if timeout == 0, timeout = 180 (win8.1/w2k12r2) 46 * open.timeout = 60 (win8/w2k12r2) (i.e. we ignore the request) 47 * v1: 48 * open.timeout = 16 minutes 49 */ 50 51 uint32_t smb2_dh_def_timeout = 60 * MILLISEC; /* mSec. */ 52 uint32_t smb2_dh_max_timeout = 300 * MILLISEC; /* mSec. */ 53 54 uint32_t smb2_res_def_timeout = 120 * MILLISEC; /* mSec. */ 55 uint32_t smb2_res_max_timeout = 300 * MILLISEC; /* mSec. */ 56 57 uint32_t smb2_persist_timeout = 300 * MILLISEC; /* mSec. */ 58 59 /* Max. size of the file used to store a CA handle. */ 60 static uint32_t smb2_dh_max_cah_size = 64 * 1024; 61 static uint32_t smb2_ca_info_version = 1; 62 63 /* 64 * Want this to have invariant layout on disk, where the 65 * last two uint32_t values are stored as a uint64_t 66 */ 67 struct nvlk { 68 uint64_t lk_start; 69 uint64_t lk_len; 70 /* (lk_pid << 32) | lk_type */ 71 #ifdef _BIG_ENDIAN 72 uint32_t lk_pid, lk_type; 73 #else 74 uint32_t lk_type, lk_pid; 75 #endif 76 }; 77 78 static void smb2_dh_import_share(void *); 79 static smb_ofile_t *smb2_dh_import_handle(smb_request_t *, smb_node_t *, 80 uint64_t); 81 static int smb2_dh_read_nvlist(smb_request_t *, smb_node_t *, struct nvlist **); 82 static int smb2_dh_import_cred(smb_ofile_t *, char *); 83 84 #define DH_SN_SIZE 24 /* size of DH stream name buffers */ 85 /* 86 * Build the stream name used to store a CA handle. 87 * i.e. ":0123456789abcdef:$CA" 88 * Note: smb_fsop_create adds the SUNWsmb prefix, 89 * so we compose the name without the prefix. 90 */ 91 static inline void 92 smb2_dh_make_stream_name(char *buf, size_t buflen, uint64_t id) 93 { 94 ASSERT(buflen >= DH_SN_SIZE); 95 (void) snprintf(buf, buflen, 96 ":%016" PRIx64 ":$CA", id); 97 } 98 99 /* 100 * smb_dh_should_save 101 * 102 * During session tear-down, decide whether to keep a durable handle. 103 * 104 * There are two cases where we save durable handles: 105 * 1. An SMB2 LOGOFF request was received 106 * 2. An unexpected disconnect from the client 107 * Note: Specifying a PrevSessionID in session setup 108 * is considered a disconnect (we just haven't learned about it yet) 109 * In every other case, we close durable handles. 110 * 111 * [MS-SMB2] 3.3.5.6 SMB2_LOGOFF 112 * [MS-SMB2] 3.3.7.1 Handling Loss of a Connection 113 * 114 * If any of the following are true, preserve for reconnect: 115 * 116 * - Open.IsResilient is TRUE. 117 * 118 * - Open.OplockLevel == SMB2_OPLOCK_LEVEL_BATCH and 119 * Open.OplockState == Held, and Open.IsDurable is TRUE. 120 * 121 * - Open.OplockLevel == SMB2_OPLOCK_LEVEL_LEASE, 122 * Lease.LeaseState SMB2_LEASE_HANDLE_CACHING, 123 * Open.OplockState == Held, and Open.IsDurable is TRUE. 124 * 125 * - Open.IsPersistent is TRUE. 126 * 127 * We also deal with some special cases for shutdown of the 128 * server, session, user, tree (in that order). Other than 129 * the cases above, shutdown (or forced termination) should 130 * destroy durable handles. 131 */ 132 boolean_t 133 smb_dh_should_save(smb_ofile_t *of) 134 { 135 ASSERT(MUTEX_HELD(&of->f_mutex)); 136 ASSERT(of->dh_vers != SMB2_NOT_DURABLE); 137 138 /* SMB service shutting down, destroy DH */ 139 if (of->f_server->sv_state == SMB_SERVER_STATE_STOPPING) 140 return (B_FALSE); 141 142 /* 143 * SMB Session (connection) going away (server up). 144 * If server initiated disconnect, destroy DH 145 * If client initiated disconnect, save all DH. 146 */ 147 if (of->f_session->s_state == SMB_SESSION_STATE_TERMINATED) 148 return (B_FALSE); 149 if (of->f_session->s_state == SMB_SESSION_STATE_DISCONNECTED) 150 return (B_TRUE); 151 152 /* 153 * SMB User logoff, session still "up". 154 * Action depends on why/how this logoff happened, 155 * determined based on user->preserve_opens 156 */ 157 if (of->f_user->u_state == SMB_USER_STATE_LOGGING_OFF) { 158 switch (of->f_user->preserve_opens) { 159 case SMB2_DH_PRESERVE_NONE: 160 /* Server-initiated */ 161 return (B_FALSE); 162 case SMB2_DH_PRESERVE_SOME: 163 /* Previous session logoff. */ 164 goto preserve_some; 165 case SMB2_DH_PRESERVE_ALL: 166 /* Protocol logoff request */ 167 return (B_TRUE); 168 } 169 } 170 171 /* 172 * SMB tree disconnecting (user still logged on) 173 * i.e. when kshare export forces disconnection. 174 */ 175 if (of->f_tree->t_state == SMB_TREE_STATE_DISCONNECTING) 176 return (B_FALSE); 177 178 preserve_some: 179 /* preserve_opens == SMB2_DH_PRESERVE_SOME */ 180 181 switch (of->dh_vers) { 182 uint32_t ol_state; 183 184 case SMB2_RESILIENT: 185 return (B_TRUE); 186 187 case SMB2_DURABLE_V2: 188 if (of->dh_persist) 189 return (B_TRUE); 190 /* FALLTHROUGH */ 191 case SMB2_DURABLE_V1: 192 /* IS durable (v1 or v2) */ 193 if (of->f_lease != NULL) 194 ol_state = of->f_lease->ls_state; 195 else 196 ol_state = of->f_oplock.og_state; 197 if ((ol_state & (OPLOCK_LEVEL_BATCH | 198 OPLOCK_LEVEL_CACHE_HANDLE)) != 0) 199 return (B_TRUE); 200 /* FALLTHROUGH */ 201 case SMB2_NOT_DURABLE: 202 default: 203 break; 204 } 205 206 return (B_FALSE); 207 } 208 209 /* 210 * Is this stream name a CA handle? i.e. 211 * ":0123456789abcdef:$CA" 212 */ 213 static boolean_t 214 smb2_dh_match_ca_name(const char *name, uint64_t *idp) 215 { 216 static const char suffix[] = ":$CA"; 217 u_longlong_t ull; 218 const char *p = name; 219 char *p2 = NULL; 220 int len, rc; 221 222 if (*p++ != ':') 223 return (B_FALSE); 224 225 rc = ddi_strtoull(p, &p2, 16, &ull); 226 if (rc != 0 || p2 != (p + 16)) 227 return (B_FALSE); 228 p += 16; 229 230 len = sizeof (suffix) - 1; 231 if (strncmp(p, suffix, len) != 0) 232 return (B_FALSE); 233 p += len; 234 235 if (*p != '\0') 236 return (B_FALSE); 237 238 *idp = (uint64_t)ull; 239 return (B_TRUE); 240 } 241 242 /* 243 * smb2_dh_new_ca_share 244 * 245 * Called when a new share has ca=true. Find or create the CA dir, 246 * and start a thread to import persistent handles. 247 */ 248 int 249 smb2_dh_new_ca_share(smb_server_t *sv, smb_kshare_t *shr) 250 { 251 smb_kshare_t *shr2; 252 smb_request_t *sr; 253 254 ASSERT(STYPE_ISDSK(shr->shr_type)); 255 256 /* 257 * Need to lookup the kshare again, to get a hold. 258 * Add a function to just get the hold? 259 */ 260 shr2 = smb_kshare_lookup(sv, shr->shr_name); 261 if (shr2 != shr) 262 return (EINVAL); 263 264 sr = smb_request_alloc(sv->sv_session, 0); 265 if (sr == NULL) { 266 /* shutting down? */ 267 smb_kshare_release(sv, shr); 268 return (EINTR); 269 } 270 sr->sr_state = SMB_REQ_STATE_SUBMITTED; 271 272 /* 273 * Mark this share as "busy importing persistent handles" 274 * so we can hold off tree connect until that's done. 275 * Will clear and wakeup below. 276 */ 277 mutex_enter(&shr->shr_mutex); 278 shr->shr_import_busy = sr; 279 mutex_exit(&shr->shr_mutex); 280 281 /* 282 * Start a taskq job to import any CA handles. 283 * The hold on the kshare is given to this job, 284 * which releases it when it's done. 285 */ 286 sr->arg.tcon.si = shr; /* hold from above */ 287 (void) taskq_dispatch( 288 sv->sv_worker_pool, 289 smb2_dh_import_share, sr, TQ_SLEEP); 290 291 return (0); 292 } 293 294 int smb2_dh_import_delay = 0; 295 296 static void 297 smb2_dh_import_share(void *arg) 298 { 299 smb_request_t *sr = arg; 300 smb_kshare_t *shr = sr->arg.tcon.si; 301 smb_node_t *snode; 302 cred_t *kcr = zone_kcred(); 303 smb_streaminfo_t *str_info = NULL; 304 uint64_t id; 305 smb_node_t *str_node; 306 smb_odir_t *od = NULL; 307 smb_ofile_t *of; 308 int rc; 309 boolean_t eof; 310 311 sr->sr_state = SMB_REQ_STATE_ACTIVE; 312 313 if (smb2_dh_import_delay > 0) 314 delay(SEC_TO_TICK(smb2_dh_import_delay)); 315 316 /* 317 * Borrow the server's "root" user. 318 * 319 * This takes the place of smb_session_lookup_ssnid() 320 * that would happen in smb2_dispatch for a normal SR. 321 * As usual, this hold is released in smb_request_free. 322 */ 323 sr->uid_user = sr->sr_server->sv_rootuser; 324 smb_user_hold_internal(sr->uid_user); 325 sr->user_cr = sr->uid_user->u_cred; 326 327 /* 328 * Create a temporary tree connect 329 */ 330 sr->arg.tcon.path = shr->shr_name; 331 sr->tid_tree = smb_tree_alloc(sr, shr, shr->shr_root_node, 332 ACE_ALL_PERMS, 0); 333 if (sr->tid_tree == NULL) { 334 cmn_err(CE_NOTE, "smb2_dh_import_share: " 335 "failed connect share <%s>", shr->shr_name); 336 goto out; 337 } 338 snode = sr->tid_tree->t_snode; 339 340 /* 341 * Get the buffers we'll use to read CA handle data. 342 * Stash in sr_request_buf for smb2_dh_import_handle(). 343 * Also a buffer for the stream name info. 344 */ 345 sr->sr_req_length = smb2_dh_max_cah_size; 346 sr->sr_request_buf = kmem_alloc(sr->sr_req_length, KM_SLEEP); 347 str_info = kmem_alloc(sizeof (smb_streaminfo_t), KM_SLEEP); 348 349 /* 350 * Open the ext. attr dir under the share root and 351 * import CA handles for this share. 352 */ 353 if (smb_odir_openat(sr, snode, &od) != 0) { 354 cmn_err(CE_NOTE, "Share [%s] CA import, no xattr dir?", 355 shr->shr_name); 356 goto out; 357 } 358 359 eof = B_FALSE; 360 do { 361 /* 362 * If the kshare gets unshared before we finish, 363 * bail out so we don't hold things up. 364 */ 365 if (shr->shr_flags & SMB_SHRF_REMOVED) 366 break; 367 368 /* 369 * If the server's stopping, no point importing. 370 */ 371 if (smb_server_is_stopping(sr->sr_server)) 372 break; 373 374 /* 375 * Read a stream name and info 376 */ 377 rc = smb_odir_read_streaminfo(sr, od, str_info, &eof); 378 if ((rc != 0) || (eof)) 379 break; 380 381 /* 382 * Skip anything not a CA handle. 383 */ 384 if (!smb2_dh_match_ca_name(str_info->si_name, &id)) { 385 continue; 386 } 387 388 /* 389 * Lookup stream node and import 390 */ 391 str_node = NULL; 392 rc = smb_fsop_lookup_name(sr, kcr, SMB_CASE_SENSITIVE, 393 snode, snode, str_info->si_name, &str_node); 394 if (rc != 0) { 395 cmn_err(CE_NOTE, "Share [%s] CA import, " 396 "lookup <%s> failed rc=%d", 397 shr->shr_name, str_info->si_name, rc); 398 continue; 399 } 400 of = smb2_dh_import_handle(sr, str_node, id); 401 smb_node_release(str_node); 402 if (of != NULL) { 403 smb_ofile_release(of); 404 of = NULL; 405 } 406 sr->fid_ofile = NULL; 407 smb_llist_flush(&sr->tid_tree->t_ofile_list); 408 409 } while (!eof); 410 411 out: 412 if (od != NULL) { 413 smb_odir_close(od); 414 smb_odir_release(od); 415 } 416 417 if (str_info != NULL) 418 kmem_free(str_info, sizeof (smb_streaminfo_t)); 419 /* Let smb_request_free clean up sr->sr_request_buf */ 420 421 /* 422 * We did a (temporary, internal) tree connect above, 423 * which we need to undo before we return. Note that 424 * smb_request_free will do the final release of 425 * sr->tid_tree, sr->uid_user 426 */ 427 if (sr->tid_tree != NULL) 428 smb_tree_disconnect(sr->tid_tree, B_FALSE); 429 430 /* 431 * Wake up any waiting tree connect(s). 432 * See smb_tree_connect_disk(). 433 */ 434 mutex_enter(&shr->shr_mutex); 435 shr->shr_import_busy = NULL; 436 cv_broadcast(&shr->shr_cv); 437 mutex_exit(&shr->shr_mutex); 438 439 smb_kshare_release(sr->sr_server, shr); 440 smb_request_free(sr); 441 } 442 443 /* 444 * This returns the new ofile mostly for dtrace. 445 */ 446 static smb_ofile_t * 447 smb2_dh_import_handle(smb_request_t *sr, smb_node_t *str_node, 448 uint64_t persist_id) 449 { 450 uint8_t client_uuid[UUID_LEN]; 451 smb_tree_t *tree = sr->tid_tree; 452 smb_arg_open_t *op = &sr->arg.open; 453 smb_pathname_t *pn = &op->fqi.fq_path; 454 cred_t *kcr = zone_kcred(); 455 struct nvlist *nvl = NULL; 456 char *sidstr = NULL; 457 smb_ofile_t *of = NULL; 458 smb_attr_t *pa; 459 boolean_t did_open = B_FALSE; 460 boolean_t have_lease = B_FALSE; 461 hrtime_t hrt; 462 uint64_t *u64p; 463 uint64_t u64; 464 uint32_t u32; 465 uint32_t status; 466 char *s; 467 uint8_t *u8p; 468 uint_t alen; 469 int rc; 470 471 /* 472 * While we're called with arg.tcon, we now want to use 473 * smb_arg_open for the rest of import, so clear it. 474 */ 475 bzero(op, sizeof (*op)); 476 op->create_disposition = FILE_OPEN; 477 478 /* 479 * Read and unpack the NVL 480 */ 481 rc = smb2_dh_read_nvlist(sr, str_node, &nvl); 482 if (rc != 0) 483 return (NULL); 484 485 /* 486 * Known CA info version? 487 */ 488 u32 = 0; 489 rc = nvlist_lookup_uint32(nvl, "info_version", &u32); 490 if (rc != 0 || u32 != smb2_ca_info_version) { 491 cmn_err(CE_NOTE, "CA import (%s/%s) bad vers=%d", 492 tree->t_resource, str_node->od_name, u32); 493 goto errout; 494 } 495 496 /* 497 * The persist ID in the nvlist should match the one 498 * encoded in the file name. (not enforced) 499 */ 500 u64 = 0; 501 rc = nvlist_lookup_uint64(nvl, "file_persistid", &u64); 502 if (rc != 0 || u64 != persist_id) { 503 cmn_err(CE_WARN, "CA import (%s/%s) bad id=%016" PRIx64, 504 tree->t_resource, str_node->od_name, u64); 505 /* goto errout? (allow) */ 506 } 507 508 /* 509 * Does it belong in the share being imported? 510 */ 511 s = NULL; 512 rc = nvlist_lookup_string(nvl, "share_name", &s); 513 if (rc != 0) { 514 cmn_err(CE_NOTE, "CA import (%s/%s) no share_name", 515 tree->t_resource, str_node->od_name); 516 goto errout; 517 } 518 if (smb_strcasecmp(s, tree->t_sharename, 0) != 0) { 519 /* Normal (not an error) */ 520 #ifdef DEBUG 521 cmn_err(CE_NOTE, "CA import (%s/%s) other share", 522 tree->t_resource, str_node->od_name); 523 #endif 524 goto errout; 525 } 526 527 /* 528 * Get the path name (for lookup) 529 */ 530 rc = nvlist_lookup_string(nvl, "path_name", &pn->pn_path); 531 if (rc != 0) { 532 cmn_err(CE_NOTE, "CA import (%s/%s) no path_name", 533 tree->t_resource, str_node->od_name); 534 goto errout; 535 } 536 537 /* 538 * owner sid 539 */ 540 rc = nvlist_lookup_string(nvl, "owner_sid", &sidstr); 541 if (rc != 0) { 542 cmn_err(CE_NOTE, "CA import (%s/%s) no owner_sid", 543 tree->t_resource, str_node->od_name); 544 goto errout; 545 } 546 547 /* 548 * granted access 549 */ 550 rc = nvlist_lookup_uint32(nvl, 551 "granted_access", &op->desired_access); 552 if (rc != 0) { 553 cmn_err(CE_NOTE, "CA import (%s/%s) no granted_access", 554 tree->t_resource, str_node->od_name); 555 goto errout; 556 } 557 558 /* 559 * share access 560 */ 561 rc = nvlist_lookup_uint32(nvl, 562 "share_access", &op->share_access); 563 if (rc != 0) { 564 cmn_err(CE_NOTE, "CA import (%s/%s) no share_access", 565 tree->t_resource, str_node->od_name); 566 goto errout; 567 } 568 569 /* 570 * create options 571 */ 572 rc = nvlist_lookup_uint32(nvl, 573 "create_options", &op->create_options); 574 if (rc != 0) { 575 cmn_err(CE_NOTE, "CA import (%s/%s) no create_options", 576 tree->t_resource, str_node->od_name); 577 goto errout; 578 } 579 580 /* 581 * create guid (client-assigned) 582 */ 583 alen = UUID_LEN; 584 u8p = NULL; 585 rc = nvlist_lookup_uint8_array(nvl, "file_guid", &u8p, &alen); 586 if (rc != 0 || alen != UUID_LEN) { 587 cmn_err(CE_NOTE, "CA import (%s/%s) bad file_guid", 588 tree->t_resource, str_node->od_name); 589 goto errout; 590 } 591 bcopy(u8p, op->create_guid, UUID_LEN); 592 593 /* 594 * client uuid (identifies the client) 595 */ 596 alen = UUID_LEN; 597 u8p = NULL; 598 rc = nvlist_lookup_uint8_array(nvl, "client_uuid", &u8p, &alen); 599 if (rc != 0 || alen != UUID_LEN) { 600 cmn_err(CE_NOTE, "CA import (%s/%s) no client_uuid", 601 tree->t_resource, str_node->od_name); 602 goto errout; 603 } 604 bcopy(u8p, client_uuid, UUID_LEN); 605 606 /* 607 * Lease key (optional) 608 */ 609 alen = SMB_LEASE_KEY_SZ; 610 u8p = NULL; 611 rc = nvlist_lookup_uint8_array(nvl, "lease_uuid", &u8p, &alen); 612 if (rc == 0) { 613 bcopy(u8p, op->lease_key, UUID_LEN); 614 (void) nvlist_lookup_uint32(nvl, 615 "lease_state", &op->lease_state); 616 (void) nvlist_lookup_uint16(nvl, 617 "lease_epoch", &op->lease_epoch); 618 (void) nvlist_lookup_uint16(nvl, 619 "lease_version", &op->lease_version); 620 have_lease = B_TRUE; 621 } else { 622 (void) nvlist_lookup_uint32(nvl, 623 "oplock_state", &op->op_oplock_state); 624 } 625 626 /* 627 * Done getting what we need from the NV list. 628 * (re)open the file 629 */ 630 status = smb_common_open(sr); 631 if (status != 0) { 632 cmn_err(CE_NOTE, "CA import (%s/%s) open failed 0x%x", 633 tree->t_resource, str_node->od_name, status); 634 (void) smb_node_set_delete_on_close(str_node, kcr, 0); 635 goto errout; 636 } 637 of = sr->fid_ofile; 638 did_open = B_TRUE; 639 640 /* 641 * Now restore the rest of the SMB2 level state. 642 * See smb2_create after smb_common_open 643 */ 644 645 /* 646 * Setup of->f_cr with owner SID 647 */ 648 rc = smb2_dh_import_cred(of, sidstr); 649 if (rc != 0) { 650 cmn_err(CE_NOTE, "CA import (%s/%s) import cred failed", 651 tree->t_resource, str_node->od_name); 652 goto errout; 653 } 654 655 /* 656 * Use the persist ID we previously assigned. 657 * Like smb_ofile_set_persistid_ph() 658 */ 659 rc = smb_ofile_insert_persistid(of, persist_id); 660 if (rc != 0) { 661 cmn_err(CE_NOTE, "CA import (%s/%s) " 662 "insert_persistid rc=%d", 663 tree->t_resource, str_node->od_name, rc); 664 goto errout; 665 } 666 667 /* 668 * Like smb2_lease_create() 669 * 670 * Lease state is stored in each persistent handle, but 671 * only one handle has the state we want. As we import 672 * each handle, "upgrade" the lease if the handle we're 673 * importing has a "better" lease state (higher epoch or 674 * more cache rights). After all handles are imported, 675 * that will get the lease to the right state. 676 */ 677 if (have_lease) { 678 smb_lease_t *ls; 679 status = smb2_lease_create(sr, client_uuid); 680 if (status != 0) { 681 cmn_err(CE_NOTE, "CA import (%s/%s) get lease 0x%x", 682 tree->t_resource, str_node->od_name, status); 683 goto errout; 684 } 685 ls = of->f_lease; 686 687 /* Use most current "epoch". */ 688 mutex_enter(&ls->ls_mutex); 689 if (ls->ls_epoch < op->lease_epoch) 690 ls->ls_epoch = op->lease_epoch; 691 mutex_exit(&ls->ls_mutex); 692 693 /* 694 * Get the lease (and oplock) 695 * uses op->lease_state 696 */ 697 op->op_oplock_level = SMB2_OPLOCK_LEVEL_LEASE; 698 smb2_lease_acquire(sr); 699 700 } else { 701 /* 702 * No lease; maybe get an oplock 703 * uses: op->op_oplock_level 704 */ 705 if (op->op_oplock_state & OPLOCK_LEVEL_BATCH) { 706 op->op_oplock_level = SMB2_OPLOCK_LEVEL_BATCH; 707 } else if (op->op_oplock_state & OPLOCK_LEVEL_ONE) { 708 op->op_oplock_level = SMB2_OPLOCK_LEVEL_EXCLUSIVE; 709 } else if (op->op_oplock_state & OPLOCK_LEVEL_TWO) { 710 op->op_oplock_level = SMB2_OPLOCK_LEVEL_II; 711 } else { 712 op->op_oplock_level = SMB2_OPLOCK_LEVEL_NONE; 713 } 714 smb2_oplock_acquire(sr); 715 } 716 717 /* 718 * Byte range locks 719 */ 720 alen = 0; 721 u64p = NULL; 722 if (nvlist_lookup_uint64_array(nvl, "locks", &u64p, &alen) == 0) { 723 uint_t i; 724 uint_t nlocks = alen / 3; 725 struct nvlk *nlp; 726 727 nlp = (struct nvlk *)u64p; 728 for (i = 0; i < nlocks; i++) { 729 status = smb_lock_range( 730 sr, 731 nlp->lk_start, 732 nlp->lk_len, 733 nlp->lk_pid, 734 nlp->lk_type, 735 0); 736 if (status != 0) { 737 cmn_err(CE_NOTE, "CA import (%s/%s) " 738 "get lock %d failed 0x%x", 739 tree->t_resource, 740 str_node->od_name, 741 i, status); 742 } 743 nlp++; 744 } 745 } 746 alen = SMB_OFILE_LSEQ_MAX; 747 u8p = NULL; 748 if (nvlist_lookup_uint8_array(nvl, "lockseq", &u8p, &alen) == 0) { 749 if (alen != SMB_OFILE_LSEQ_MAX) { 750 cmn_err(CE_NOTE, "CA import (%s/%s) " 751 "get lockseq bad len=%d", 752 tree->t_resource, 753 str_node->od_name, 754 alen); 755 } else { 756 mutex_enter(&of->f_mutex); 757 bcopy(u8p, of->f_lock_seq, alen); 758 mutex_exit(&of->f_mutex); 759 } 760 } 761 762 /* 763 * Optional "sticky" times (set pending attributes) 764 */ 765 mutex_enter(&of->f_mutex); 766 pa = &of->f_pending_attr; 767 if (nvlist_lookup_hrtime(nvl, "atime", &hrt) == 0) { 768 hrt2ts(hrt, &pa->sa_vattr.va_atime); 769 pa->sa_mask |= SMB_AT_ATIME; 770 } 771 if (nvlist_lookup_hrtime(nvl, "mtime", &hrt) == 0) { 772 hrt2ts(hrt, &pa->sa_vattr.va_mtime); 773 pa->sa_mask |= SMB_AT_MTIME; 774 } 775 if (nvlist_lookup_hrtime(nvl, "ctime", &hrt) == 0) { 776 hrt2ts(hrt, &pa->sa_vattr.va_ctime); 777 pa->sa_mask |= SMB_AT_CTIME; 778 } 779 mutex_exit(&of->f_mutex); 780 781 /* 782 * Make durable and persistent. 783 * See smb2_dh_make_persistent() 784 */ 785 of->dh_vers = SMB2_DURABLE_V2; 786 bcopy(op->create_guid, of->dh_create_guid, UUID_LEN); 787 of->dh_persist = B_TRUE; 788 of->dh_nvfile = str_node; 789 smb_node_ref(str_node); 790 of->dh_nvlist = nvl; 791 nvl = NULL; 792 793 /* 794 * Now make it state orphaned... 795 * See smb_ofile_drop(), then 796 * smb_ofile_save_dh() 797 */ 798 mutex_enter(&of->f_mutex); 799 of->f_state = SMB_OFILE_STATE_SAVE_DH; 800 of->dh_timeout_offset = MSEC2NSEC(smb2_persist_timeout); 801 mutex_exit(&of->f_mutex); 802 803 /* 804 * Finished! 805 */ 806 return (of); 807 808 errout: 809 if (did_open) { 810 smb_ofile_close(of, 0); 811 smb_ofile_release(of); 812 } else { 813 ASSERT(of == NULL); 814 } 815 816 if (nvl != NULL) 817 nvlist_free(nvl); 818 819 return (NULL); 820 } 821 822 static int 823 smb2_dh_read_nvlist(smb_request_t *sr, smb_node_t *node, 824 struct nvlist **nvlpp) 825 { 826 smb_attr_t attr; 827 iovec_t iov; 828 uio_t uio; 829 smb_tree_t *tree = sr->tid_tree; 830 cred_t *kcr = zone_kcred(); 831 size_t flen; 832 int rc; 833 834 bzero(&attr, sizeof (attr)); 835 attr.sa_mask = SMB_AT_SIZE; 836 rc = smb_node_getattr(NULL, node, kcr, NULL, &attr); 837 if (rc != 0) { 838 cmn_err(CE_NOTE, "CA import (%s/%s) getattr rc=%d", 839 tree->t_resource, node->od_name, rc); 840 return (rc); 841 } 842 843 if (attr.sa_vattr.va_size < 4 || 844 attr.sa_vattr.va_size > sr->sr_req_length) { 845 cmn_err(CE_NOTE, "CA import (%s/%s) bad size=%" PRIu64, 846 tree->t_resource, node->od_name, 847 (uint64_t)attr.sa_vattr.va_size); 848 return (EINVAL); 849 } 850 flen = (size_t)attr.sa_vattr.va_size; 851 852 bzero(&uio, sizeof (uio)); 853 iov.iov_base = sr->sr_request_buf; 854 iov.iov_len = flen; 855 uio.uio_iov = &iov; 856 uio.uio_iovcnt = 1; 857 uio.uio_resid = flen; 858 uio.uio_segflg = UIO_SYSSPACE; 859 uio.uio_extflg = UIO_COPY_DEFAULT; 860 rc = smb_fsop_read(sr, kcr, node, NULL, &uio, 0); 861 if (rc != 0) { 862 cmn_err(CE_NOTE, "CA import (%s/%s) read, rc=%d", 863 tree->t_resource, node->od_name, rc); 864 return (rc); 865 } 866 if (uio.uio_resid != 0) { 867 cmn_err(CE_NOTE, "CA import (%s/%s) short read", 868 tree->t_resource, node->od_name); 869 return (EIO); 870 } 871 872 rc = nvlist_unpack(sr->sr_request_buf, flen, nvlpp, KM_SLEEP); 873 if (rc != 0) { 874 cmn_err(CE_NOTE, "CA import (%s/%s) unpack, rc=%d", 875 tree->t_resource, node->od_name, rc); 876 return (rc); 877 } 878 879 return (0); 880 } 881 882 /* 883 * Setup a vestigial credential in of->f_cr just good enough for 884 * smb_is_same_user to determine if the caller owned this ofile. 885 * At reconnect, of->f_cr will be replaced with the caller's. 886 */ 887 static int 888 smb2_dh_import_cred(smb_ofile_t *of, char *sidstr) 889 { 890 #ifdef _FAKE_KERNEL 891 _NOTE(ARGUNUSED(sidstr)) 892 /* fksmbd doesn't have real credentials. */ 893 of->f_cr = CRED(); 894 crhold(of->f_cr); 895 #else 896 char tmpstr[SMB_SID_STRSZ]; 897 ksid_t ksid; 898 cred_t *cr, *oldcr; 899 int rc; 900 901 (void) strlcpy(tmpstr, sidstr, sizeof (tmpstr)); 902 bzero(&ksid, sizeof (ksid)); 903 904 rc = smb_sid_splitstr(tmpstr, &ksid.ks_rid); 905 if (rc != 0) 906 return (rc); 907 cr = crget(); 908 909 ksid.ks_domain = ksid_lookupdomain(tmpstr); 910 crsetsid(cr, &ksid, KSID_USER); 911 ksiddomain_hold(ksid.ks_domain); 912 crsetsid(cr, &ksid, KSID_OWNER); 913 914 /* 915 * Just to avoid leaving the KSID_GROUP slot NULL, 916 * put the "everyone" SID there (S-1-1-0). 917 */ 918 ksid.ks_domain = ksid_lookupdomain("S-1-1"); 919 ksid.ks_rid = 0; 920 crsetsid(cr, &ksid, KSID_GROUP); 921 922 oldcr = of->f_cr; 923 of->f_cr = cr; 924 if (oldcr != NULL) 925 crfree(oldcr); 926 #endif 927 928 return (0); 929 } 930 931 /* 932 * Set Delete-on-Close (DoC) on the persistent state file so it will be 933 * removed when the last ref. goes away (in smb2_dh_close_persistent). 934 * 935 * This is called in just two places: 936 * (1) SMB2_close request -- client tells us to destroy the handle. 937 * (2) smb2_dh_expire -- client has forgotten about this handle. 938 * All other (server-initiated) close calls should leave these 939 * persistent state files in the file system. 940 */ 941 void 942 smb2_dh_setdoc_persistent(smb_ofile_t *of) 943 { 944 smb_node_t *strnode; 945 uint32_t status; 946 947 mutex_enter(&of->dh_nvlock); 948 if ((strnode = of->dh_nvfile) != NULL) 949 smb_node_ref(strnode); 950 mutex_exit(&of->dh_nvlock); 951 952 if (strnode != NULL) { 953 status = smb_node_set_delete_on_close(strnode, 954 zone_kcred(), SMB_CASE_SENSITIVE); 955 if (status != 0) { 956 cmn_err(CE_WARN, "Can't set DoC on CA file: %s", 957 strnode->od_name); 958 DTRACE_PROBE1(rm__ca__err, smb_ofile_t *, of); 959 } 960 smb_node_release(strnode); 961 } 962 } 963 964 /* 965 * During ofile close, free the persistent handle state nvlist and 966 * drop our reference to the state file node (which may unlink it 967 * if smb2_dh_setdoc_persistent was called). 968 */ 969 void 970 smb2_dh_close_persistent(smb_ofile_t *of) 971 { 972 smb_node_t *strnode; 973 struct nvlist *nvl; 974 975 /* 976 * Clear out nvlist and stream linkage 977 */ 978 mutex_enter(&of->dh_nvlock); 979 strnode = of->dh_nvfile; 980 of->dh_nvfile = NULL; 981 nvl = of->dh_nvlist; 982 of->dh_nvlist = NULL; 983 mutex_exit(&of->dh_nvlock); 984 985 if (nvl != NULL) 986 nvlist_free(nvl); 987 988 if (strnode != NULL) 989 smb_node_release(strnode); 990 } 991 992 /* 993 * Make this durable handle persistent. 994 * If we succeed, set of->dh_persist = TRUE. 995 */ 996 int 997 smb2_dh_make_persistent(smb_request_t *sr, smb_ofile_t *of) 998 { 999 char fname[DH_SN_SIZE]; 1000 char sidstr[SMB_SID_STRSZ]; 1001 smb_attr_t attr; 1002 smb_arg_open_t *op = &sr->arg.open; 1003 cred_t *kcr = zone_kcred(); 1004 smb_node_t *dnode = of->f_tree->t_snode; 1005 smb_node_t *fnode = NULL; 1006 ksid_t *ksid; 1007 int rc; 1008 1009 ASSERT(of->dh_nvfile == NULL); 1010 1011 /* 1012 * Create the persistent handle nvlist file. 1013 * It's a named stream in the share root. 1014 */ 1015 smb2_dh_make_stream_name(fname, sizeof (fname), of->f_persistid); 1016 1017 bzero(&attr, sizeof (attr)); 1018 attr.sa_mask = SMB_AT_TYPE | SMB_AT_MODE | SMB_AT_SIZE; 1019 attr.sa_vattr.va_type = VREG; 1020 attr.sa_vattr.va_mode = 0640; 1021 attr.sa_vattr.va_size = 4; 1022 rc = smb_fsop_create(sr, kcr, dnode, fname, &attr, &fnode); 1023 if (rc != 0) 1024 return (rc); 1025 1026 mutex_enter(&of->dh_nvlock); 1027 1028 /* fnode is held. rele in smb2_dh_close_persistent */ 1029 of->dh_nvfile = fnode; 1030 (void) nvlist_alloc(&of->dh_nvlist, NV_UNIQUE_NAME, KM_SLEEP); 1031 1032 /* 1033 * Want the ksid as a string 1034 */ 1035 ksid = crgetsid(of->f_user->u_cred, KSID_USER); 1036 (void) snprintf(sidstr, sizeof (sidstr), "%s-%u", 1037 ksid->ks_domain->kd_name, ksid->ks_rid); 1038 1039 /* 1040 * Fill in the fixed parts of the nvlist 1041 */ 1042 (void) nvlist_add_uint32(of->dh_nvlist, 1043 "info_version", smb2_ca_info_version); 1044 (void) nvlist_add_string(of->dh_nvlist, 1045 "owner_sid", sidstr); 1046 (void) nvlist_add_string(of->dh_nvlist, 1047 "share_name", of->f_tree->t_sharename); 1048 (void) nvlist_add_uint64(of->dh_nvlist, 1049 "file_persistid", of->f_persistid); 1050 (void) nvlist_add_uint8_array(of->dh_nvlist, 1051 "file_guid", of->dh_create_guid, UUID_LEN); 1052 (void) nvlist_add_string(of->dh_nvlist, 1053 "client_ipaddr", sr->session->ip_addr_str); 1054 (void) nvlist_add_uint8_array(of->dh_nvlist, 1055 "client_uuid", sr->session->clnt_uuid, UUID_LEN); 1056 (void) nvlist_add_string(of->dh_nvlist, 1057 "path_name", op->fqi.fq_path.pn_path); 1058 (void) nvlist_add_uint32(of->dh_nvlist, 1059 "granted_access", of->f_granted_access); 1060 (void) nvlist_add_uint32(of->dh_nvlist, 1061 "share_access", of->f_share_access); 1062 (void) nvlist_add_uint32(of->dh_nvlist, 1063 "create_options", of->f_create_options); 1064 if (of->f_lease != NULL) { 1065 smb_lease_t *ls = of->f_lease; 1066 (void) nvlist_add_uint8_array(of->dh_nvlist, 1067 "lease_uuid", ls->ls_key, 16); 1068 (void) nvlist_add_uint32(of->dh_nvlist, 1069 "lease_state", ls->ls_state); 1070 (void) nvlist_add_uint16(of->dh_nvlist, 1071 "lease_epoch", ls->ls_epoch); 1072 (void) nvlist_add_uint16(of->dh_nvlist, 1073 "lease_version", ls->ls_version); 1074 } else { 1075 (void) nvlist_add_uint32(of->dh_nvlist, 1076 "oplock_state", of->f_oplock.og_state); 1077 } 1078 mutex_exit(&of->dh_nvlock); 1079 1080 smb2_dh_update_locks(sr, of); 1081 1082 /* Tell sr update nvlist file */ 1083 sr->dh_nvl_dirty = B_TRUE; 1084 1085 return (0); 1086 } 1087 1088 void 1089 smb2_dh_update_nvfile(smb_request_t *sr) 1090 { 1091 smb_attr_t attr; 1092 iovec_t iov; 1093 uio_t uio; 1094 smb_ofile_t *of = sr->fid_ofile; 1095 cred_t *kcr = zone_kcred(); 1096 char *buf = NULL; 1097 size_t buflen = 0; 1098 uint32_t wcnt; 1099 int rc; 1100 1101 if (of == NULL || of->dh_persist == B_FALSE) 1102 return; 1103 1104 mutex_enter(&of->dh_nvlock); 1105 if (of->dh_nvlist == NULL || of->dh_nvfile == NULL) { 1106 mutex_exit(&of->dh_nvlock); 1107 return; 1108 } 1109 1110 rc = nvlist_size(of->dh_nvlist, &buflen, NV_ENCODE_XDR); 1111 if (rc != 0) 1112 goto out; 1113 buf = kmem_zalloc(buflen, KM_SLEEP); 1114 1115 rc = nvlist_pack(of->dh_nvlist, &buf, &buflen, 1116 NV_ENCODE_XDR, KM_SLEEP); 1117 if (rc != 0) 1118 goto out; 1119 1120 bzero(&attr, sizeof (attr)); 1121 attr.sa_mask = SMB_AT_SIZE; 1122 attr.sa_vattr.va_size = buflen; 1123 rc = smb_node_setattr(sr, of->dh_nvfile, kcr, NULL, &attr); 1124 if (rc != 0) 1125 goto out; 1126 1127 bzero(&uio, sizeof (uio)); 1128 iov.iov_base = (void *) buf; 1129 iov.iov_len = buflen; 1130 uio.uio_iov = &iov; 1131 uio.uio_iovcnt = 1; 1132 uio.uio_resid = buflen; 1133 uio.uio_segflg = UIO_SYSSPACE; 1134 uio.uio_extflg = UIO_COPY_DEFAULT; 1135 rc = smb_fsop_write(sr, kcr, of->dh_nvfile, 1136 NULL, &uio, &wcnt, 0); 1137 if (rc == 0 && wcnt != buflen) 1138 rc = EIO; 1139 1140 out: 1141 mutex_exit(&of->dh_nvlock); 1142 1143 if (rc != 0) { 1144 cmn_err(CE_WARN, 1145 "clnt(%s) failed to update persistent handle, rc=%d", 1146 sr->session->ip_addr_str, rc); 1147 } 1148 1149 if (buf != NULL) { 1150 kmem_free(buf, buflen); 1151 } 1152 } 1153 1154 /* 1155 * Called after f_oplock (and lease) changes 1156 * If lease, update: lease_state, lease_epoch 1157 * else (oplock) update: oplock_state 1158 */ 1159 void 1160 smb2_dh_update_oplock(smb_request_t *sr, smb_ofile_t *of) 1161 { 1162 smb_lease_t *ls; 1163 1164 mutex_enter(&of->dh_nvlock); 1165 if (of->dh_nvlist == NULL) { 1166 mutex_exit(&of->dh_nvlock); 1167 return; 1168 } 1169 1170 if (of->f_lease != NULL) { 1171 ls = of->f_lease; 1172 (void) nvlist_add_uint32(of->dh_nvlist, 1173 "lease_state", ls->ls_state); 1174 (void) nvlist_add_uint16(of->dh_nvlist, 1175 "lease_epoch", ls->ls_epoch); 1176 } else { 1177 (void) nvlist_add_uint32(of->dh_nvlist, 1178 "oplock_state", of->f_oplock.og_state); 1179 } 1180 mutex_exit(&of->dh_nvlock); 1181 1182 sr->dh_nvl_dirty = B_TRUE; 1183 } 1184 1185 /* 1186 * Save locks from this ofile as an array of uint64_t, where the 1187 * elements are triplets: (start, length, (pid << 32) | type) 1188 * Note pid should always be zero for SMB2, so we could use 1189 * that 32-bit spot for something else if needed. 1190 */ 1191 void 1192 smb2_dh_update_locks(smb_request_t *sr, smb_ofile_t *of) 1193 { 1194 uint8_t lseq[SMB_OFILE_LSEQ_MAX]; 1195 smb_node_t *node = of->f_node; 1196 smb_llist_t *llist = &node->n_lock_list; 1197 size_t vec_sz; // storage size 1198 uint_t my_cnt = 0; 1199 uint64_t *vec = NULL; 1200 struct nvlk *nlp; 1201 smb_lock_t *lock; 1202 1203 smb_llist_enter(llist, RW_READER); 1204 vec_sz = (llist->ll_count + 1) * sizeof (struct nvlk); 1205 vec = kmem_alloc(vec_sz, KM_SLEEP); 1206 nlp = (struct nvlk *)vec; 1207 for (lock = smb_llist_head(llist); 1208 lock != NULL; 1209 lock = smb_llist_next(llist, lock)) { 1210 if (lock->l_file != of) 1211 continue; 1212 nlp->lk_start = lock->l_start; 1213 nlp->lk_len = lock->l_length; 1214 nlp->lk_pid = lock->l_pid; 1215 nlp->lk_type = lock->l_type; 1216 nlp++; 1217 my_cnt++; 1218 } 1219 smb_llist_exit(llist); 1220 1221 mutex_enter(&of->f_mutex); 1222 bcopy(of->f_lock_seq, lseq, sizeof (lseq)); 1223 mutex_exit(&of->f_mutex); 1224 1225 mutex_enter(&of->dh_nvlock); 1226 if (of->dh_nvlist != NULL) { 1227 1228 (void) nvlist_add_uint64_array(of->dh_nvlist, 1229 "locks", vec, my_cnt * 3); 1230 1231 (void) nvlist_add_uint8_array(of->dh_nvlist, 1232 "lockseq", lseq, sizeof (lseq)); 1233 } 1234 mutex_exit(&of->dh_nvlock); 1235 1236 kmem_free(vec, vec_sz); 1237 1238 sr->dh_nvl_dirty = B_TRUE; 1239 } 1240 1241 /* 1242 * Save "sticky" times 1243 */ 1244 void 1245 smb2_dh_update_times(smb_request_t *sr, smb_ofile_t *of, smb_attr_t *attr) 1246 { 1247 hrtime_t t; 1248 1249 mutex_enter(&of->dh_nvlock); 1250 if (of->dh_nvlist == NULL) { 1251 mutex_exit(&of->dh_nvlock); 1252 return; 1253 } 1254 1255 if (attr->sa_mask & SMB_AT_ATIME) { 1256 t = ts2hrt(&attr->sa_vattr.va_atime); 1257 (void) nvlist_add_hrtime(of->dh_nvlist, "atime", t); 1258 } 1259 if (attr->sa_mask & SMB_AT_MTIME) { 1260 t = ts2hrt(&attr->sa_vattr.va_mtime); 1261 (void) nvlist_add_hrtime(of->dh_nvlist, "mtime", t); 1262 } 1263 if (attr->sa_mask & SMB_AT_CTIME) { 1264 t = ts2hrt(&attr->sa_vattr.va_ctime); 1265 (void) nvlist_add_hrtime(of->dh_nvlist, "ctime", t); 1266 } 1267 mutex_exit(&of->dh_nvlock); 1268 1269 sr->dh_nvl_dirty = B_TRUE; 1270 } 1271 1272 1273 /* 1274 * Requirements for ofile found during reconnect (MS-SMB2 3.3.5.9.7): 1275 * - security descriptor must match provided descriptor 1276 * 1277 * If file is leased: 1278 * - lease must be requested 1279 * - client guid must match session guid 1280 * - file name must match given name 1281 * - lease key must match provided lease key 1282 * If file is not leased: 1283 * - Lease must not be requested 1284 * 1285 * dh_v2 only: 1286 * - SMB2_DHANDLE_FLAG_PERSISTENT must be set if dh_persist is true 1287 * - SMB2_DHANDLE_FLAG_PERSISTENT must not be set if dh_persist is false 1288 * - desired access, share access, and create_options must be ignored 1289 * - createguid must match 1290 */ 1291 static uint32_t 1292 smb2_dh_reconnect_checks(smb_request_t *sr, smb_ofile_t *of) 1293 { 1294 smb_arg_open_t *op = &sr->sr_open; 1295 char *fname; 1296 1297 if (of->f_lease != NULL) { 1298 if (bcmp(sr->session->clnt_uuid, 1299 of->f_lease->ls_clnt, 16) != 0) 1300 return (NT_STATUS_OBJECT_NAME_NOT_FOUND); 1301 1302 if (op->op_oplock_level != SMB2_OPLOCK_LEVEL_LEASE) 1303 return (NT_STATUS_OBJECT_NAME_NOT_FOUND); 1304 if (bcmp(op->lease_key, of->f_lease->ls_key, 1305 SMB_LEASE_KEY_SZ) != 0) 1306 return (NT_STATUS_OBJECT_NAME_NOT_FOUND); 1307 1308 /* 1309 * We're supposed to check the name is the same. 1310 * Not really necessary to do this, so just do 1311 * minimal effort (check last component) 1312 */ 1313 fname = strrchr(op->fqi.fq_path.pn_path, '\\'); 1314 if (fname != NULL) 1315 fname++; 1316 else 1317 fname = op->fqi.fq_path.pn_path; 1318 if (smb_strcasecmp(fname, of->f_node->od_name, 0) != 0) { 1319 #ifdef DEBUG 1320 cmn_err(CE_NOTE, "reconnect name <%s> of name <%s>", 1321 fname, of->f_node->od_name); 1322 #endif 1323 return (NT_STATUS_INVALID_PARAMETER); 1324 } 1325 } else { 1326 if (op->op_oplock_level == SMB2_OPLOCK_LEVEL_LEASE) 1327 return (NT_STATUS_OBJECT_NAME_NOT_FOUND); 1328 } 1329 1330 if (op->dh_vers == SMB2_DURABLE_V2) { 1331 boolean_t op_persist = 1332 ((op->dh_v2_flags & SMB2_DHANDLE_FLAG_PERSISTENT) != 0); 1333 if (of->dh_persist != op_persist) 1334 return (NT_STATUS_OBJECT_NAME_NOT_FOUND); 1335 if (memcmp(op->create_guid, of->dh_create_guid, UUID_LEN)) 1336 return (NT_STATUS_OBJECT_NAME_NOT_FOUND); 1337 } 1338 1339 if (!smb_is_same_user(sr->user_cr, of->f_cr)) 1340 return (NT_STATUS_ACCESS_DENIED); 1341 1342 return (NT_STATUS_SUCCESS); 1343 } 1344 1345 /* 1346 * [MS-SMB2] 3.3.5.9.7 and 3.3.5.9.12 (durable reconnect v1/v2) 1347 * 1348 * Looks up an ofile on the server's sv_dh_list by the persistid. 1349 * If found, it validates the request. 1350 * (see smb2_dh_reconnect_checks() for details) 1351 * If the checks are passed, add it onto the new tree's list. 1352 * 1353 * Note that the oplock break code path can get to an ofile via the node 1354 * ofile list. It starts with a ref taken in smb_ofile_hold_olbrk, which 1355 * waits if the ofile is found in state RECONNECT. That wait happens with 1356 * the node ofile list lock held as reader, and the oplock mutex held. 1357 * Implications of that are: While we're in state RECONNECT, we shoud NOT 1358 * block (at least, not for long) and must not try to enter any of the 1359 * node ofile list lock or oplock mutex. Thankfully, we don't need to 1360 * enter those while reclaiming an orphaned ofile. 1361 */ 1362 uint32_t 1363 smb2_dh_reconnect(smb_request_t *sr) 1364 { 1365 smb_arg_open_t *op = &sr->sr_open; 1366 smb_tree_t *tree = sr->tid_tree; 1367 smb_ofile_t *of; 1368 cred_t *old_cr; 1369 uint32_t status = NT_STATUS_OBJECT_NAME_NOT_FOUND; 1370 uint16_t fid = 0; 1371 1372 if (smb_idpool_alloc(&tree->t_fid_pool, &fid)) 1373 return (NT_STATUS_TOO_MANY_OPENED_FILES); 1374 1375 /* Find orphaned handle. */ 1376 of = smb_ofile_lookup_by_persistid(sr, op->dh_fileid.persistent); 1377 if (of == NULL) 1378 goto errout; 1379 1380 mutex_enter(&of->f_mutex); 1381 if (of->f_state != SMB_OFILE_STATE_ORPHANED) { 1382 mutex_exit(&of->f_mutex); 1383 goto errout; 1384 } 1385 1386 status = smb2_dh_reconnect_checks(sr, of); 1387 if (status != NT_STATUS_SUCCESS) { 1388 mutex_exit(&of->f_mutex); 1389 goto errout; 1390 } 1391 1392 /* 1393 * Note: cv_broadcast(&of->f_cv) when we're 1394 * done messing around in this state. 1395 * See: smb_ofile_hold_olbrk() 1396 */ 1397 of->f_state = SMB_OFILE_STATE_RECONNECT; 1398 mutex_exit(&of->f_mutex); 1399 1400 /* 1401 * At this point, we should be the only thread with a ref on the 1402 * ofile, and the RECONNECT state should prevent new refs from 1403 * being granted, or other durable threads from observing or 1404 * reclaiming it. Put this ofile in the new tree, similar to 1405 * the last part of smb_ofile_open. 1406 */ 1407 1408 old_cr = of->f_cr; 1409 of->f_cr = sr->user_cr; 1410 crhold(of->f_cr); 1411 crfree(old_cr); 1412 1413 of->f_session = sr->session; /* hold is via user and tree */ 1414 smb_user_hold_internal(sr->uid_user); 1415 of->f_user = sr->uid_user; 1416 smb_tree_hold_internal(tree); 1417 of->f_tree = tree; 1418 of->f_fid = fid; 1419 1420 smb_llist_enter(&tree->t_ofile_list, RW_WRITER); 1421 smb_llist_insert_tail(&tree->t_ofile_list, of); 1422 smb_llist_exit(&tree->t_ofile_list); 1423 atomic_inc_32(&tree->t_open_files); 1424 atomic_inc_32(&sr->session->s_file_cnt); 1425 1426 /* 1427 * The ofile is now in the caller's session & tree. 1428 * 1429 * In case smb_ofile_hold or smb_oplock_send_brk() are 1430 * waiting for state RECONNECT to complete, wakeup. 1431 */ 1432 mutex_enter(&of->f_mutex); 1433 of->dh_expire_time = 0; 1434 of->f_state = SMB_OFILE_STATE_OPEN; 1435 cv_broadcast(&of->f_cv); 1436 mutex_exit(&of->f_mutex); 1437 1438 /* 1439 * The ofile is now visible in the new session. 1440 * From here, this is similar to the last part of 1441 * smb_common_open(). 1442 */ 1443 op->fqi.fq_fattr.sa_mask = SMB_AT_ALL; 1444 (void) smb_node_getattr(sr, of->f_node, zone_kcred(), of, 1445 &op->fqi.fq_fattr); 1446 1447 /* 1448 * Set up the fileid and dosattr in open_param for response 1449 */ 1450 op->fileid = op->fqi.fq_fattr.sa_vattr.va_nodeid; 1451 op->dattr = op->fqi.fq_fattr.sa_dosattr; 1452 1453 /* 1454 * Set up the file type in open_param for the response 1455 * The ref. from ofile lookup is "given" to fid_ofile. 1456 */ 1457 op->ftype = SMB_FTYPE_DISK; 1458 sr->smb_fid = of->f_fid; 1459 sr->fid_ofile = of; 1460 1461 if (smb_node_is_file(of->f_node)) { 1462 op->dsize = op->fqi.fq_fattr.sa_vattr.va_size; 1463 } else { 1464 /* directory or symlink */ 1465 op->dsize = 0; 1466 } 1467 1468 op->create_options = 0; /* no more modifications wanted */ 1469 op->action_taken = SMB_OACT_OPENED; 1470 return (NT_STATUS_SUCCESS); 1471 1472 errout: 1473 if (of != NULL) 1474 smb_ofile_release(of); 1475 if (fid != 0) 1476 smb_idpool_free(&tree->t_fid_pool, fid); 1477 1478 return (status); 1479 } 1480 1481 /* 1482 * Durable handle expiration 1483 * ofile state is _EXPIRED 1484 */ 1485 static void 1486 smb2_dh_expire(void *arg) 1487 { 1488 smb_ofile_t *of = (smb_ofile_t *)arg; 1489 1490 if (of->dh_persist) 1491 smb2_dh_setdoc_persistent(of); 1492 smb_ofile_close(of, 0); 1493 smb_ofile_release(of); 1494 } 1495 1496 void 1497 smb2_durable_timers(smb_server_t *sv) 1498 { 1499 smb_hash_t *hash; 1500 smb_llist_t *bucket; 1501 smb_ofile_t *of; 1502 hrtime_t now; 1503 int i; 1504 1505 hash = sv->sv_persistid_ht; 1506 now = gethrtime(); 1507 1508 for (i = 0; i < hash->num_buckets; i++) { 1509 bucket = &hash->buckets[i].b_list; 1510 smb_llist_enter(bucket, RW_READER); 1511 for (of = smb_llist_head(bucket); 1512 of != NULL; 1513 of = smb_llist_next(bucket, of)) { 1514 SMB_OFILE_VALID(of); 1515 1516 /* 1517 * Check outside the mutex first to avoid some 1518 * mutex_enter work in this loop. If the state 1519 * changes under foot, the worst that happens 1520 * is we either enter the mutex when we might 1521 * not have needed to, or we miss some DH in 1522 * this pass and get it on the next. 1523 */ 1524 if (of->f_state != SMB_OFILE_STATE_ORPHANED) 1525 continue; 1526 1527 mutex_enter(&of->f_mutex); 1528 /* STATE_ORPHANED implies dh_expire_time != 0 */ 1529 if (of->f_state == SMB_OFILE_STATE_ORPHANED && 1530 of->dh_expire_time <= now) { 1531 of->f_state = SMB_OFILE_STATE_EXPIRED; 1532 /* inline smb_ofile_hold_internal() */ 1533 of->f_refcnt++; 1534 smb_llist_post(bucket, of, smb2_dh_expire); 1535 } 1536 mutex_exit(&of->f_mutex); 1537 } 1538 smb_llist_exit(bucket); 1539 } 1540 } 1541 1542 /* 1543 * This is called when we're about to add a new open to some node. 1544 * If we still have orphaned durable handles on this node, let's 1545 * assume the client has lost interest in those and close them, 1546 * otherwise we might conflict with our own orphaned handles. 1547 * 1548 * We need this because we import persistent handles "speculatively" 1549 * during share import (before the client ever asks for reconnect). 1550 * That allows us to avoid any need for a "create blackout" (or 1551 * "grace period") because the imported handles prevent unwanted 1552 * conflicting opens from other clients. However, if some client 1553 * "forgets" about a persistent handle (*cough* Hyper-V) and tries 1554 * a new (conflicting) open instead of a reconnect, that might 1555 * fail unless we expire our orphaned durables handle first. 1556 * 1557 * Logic similar to smb_node_open_check() 1558 */ 1559 void 1560 smb2_dh_close_my_orphans(smb_request_t *sr, smb_ofile_t *new_of) 1561 { 1562 smb_node_t *node = new_of->f_node; 1563 smb_ofile_t *of; 1564 1565 SMB_NODE_VALID(node); 1566 1567 smb_llist_enter(&node->n_ofile_list, RW_READER); 1568 for (of = smb_llist_head(&node->n_ofile_list); 1569 of != NULL; 1570 of = smb_llist_next(&node->n_ofile_list, of)) { 1571 1572 /* Same client? */ 1573 if (of->f_lease != NULL && 1574 bcmp(sr->session->clnt_uuid, 1575 of->f_lease->ls_clnt, 16) != 0) 1576 continue; 1577 1578 if (!smb_is_same_user(sr->user_cr, of->f_cr)) 1579 continue; 1580 1581 mutex_enter(&of->f_mutex); 1582 if (of->f_state == SMB_OFILE_STATE_ORPHANED) { 1583 of->f_state = SMB_OFILE_STATE_EXPIRED; 1584 /* inline smb_ofile_hold_internal() */ 1585 of->f_refcnt++; 1586 smb_llist_post(&node->n_ofile_list, 1587 of, smb2_dh_expire); 1588 } 1589 mutex_exit(&of->f_mutex); 1590 } 1591 1592 smb_llist_exit(&node->n_ofile_list); 1593 } 1594 1595 /* 1596 * Called for each orphaned DH during shutdown. 1597 * Clean out any in-memory state, but leave any 1598 * on-disk persistent handle state in place. 1599 */ 1600 static void 1601 smb2_dh_cleanup(void *arg) 1602 { 1603 smb_ofile_t *of = (smb_ofile_t *)arg; 1604 smb_node_t *strnode; 1605 struct nvlist *nvl; 1606 1607 /* 1608 * Intentionally skip smb2_dh_close_persistent by 1609 * clearing dh_nvfile before smb_ofile_close(). 1610 */ 1611 mutex_enter(&of->dh_nvlock); 1612 strnode = of->dh_nvfile; 1613 of->dh_nvfile = NULL; 1614 nvl = of->dh_nvlist; 1615 of->dh_nvlist = NULL; 1616 mutex_exit(&of->dh_nvlock); 1617 1618 if (nvl != NULL) 1619 nvlist_free(nvl); 1620 1621 if (strnode != NULL) 1622 smb_node_release(strnode); 1623 1624 smb_ofile_close(of, 0); 1625 smb_ofile_release(of); 1626 } 1627 1628 /* 1629 * Clean out durable handles during shutdown. 1630 * 1631 * Like, smb2_durable_timers but cleanup only in-memory state, 1632 * and leave any persistent state there for later reconnect. 1633 */ 1634 void 1635 smb2_dh_shutdown(smb_server_t *sv) 1636 { 1637 smb_hash_t *hash; 1638 smb_llist_t *bucket; 1639 smb_ofile_t *of; 1640 int i; 1641 1642 hash = sv->sv_persistid_ht; 1643 1644 for (i = 0; i < hash->num_buckets; i++) { 1645 bucket = &hash->buckets[i].b_list; 1646 smb_llist_enter(bucket, RW_READER); 1647 of = smb_llist_head(bucket); 1648 while (of != NULL) { 1649 SMB_OFILE_VALID(of); 1650 mutex_enter(&of->f_mutex); 1651 1652 switch (of->f_state) { 1653 case SMB_OFILE_STATE_ORPHANED: 1654 of->f_state = SMB_OFILE_STATE_EXPIRED; 1655 /* inline smb_ofile_hold_internal() */ 1656 of->f_refcnt++; 1657 smb_llist_post(bucket, of, smb2_dh_cleanup); 1658 break; 1659 default: 1660 break; 1661 } 1662 mutex_exit(&of->f_mutex); 1663 of = smb_llist_next(bucket, of); 1664 } 1665 smb_llist_exit(bucket); 1666 } 1667 1668 #ifdef DEBUG 1669 for (i = 0; i < hash->num_buckets; i++) { 1670 bucket = &hash->buckets[i].b_list; 1671 smb_llist_enter(bucket, RW_READER); 1672 of = smb_llist_head(bucket); 1673 while (of != NULL) { 1674 SMB_OFILE_VALID(of); 1675 cmn_err(CE_NOTE, "dh_shutdown leaked of=%p", 1676 (void *)of); 1677 of = smb_llist_next(bucket, of); 1678 } 1679 smb_llist_exit(bucket); 1680 } 1681 #endif // DEBUG 1682 } 1683 1684 uint32_t 1685 smb2_fsctl_set_resilient(smb_request_t *sr, smb_fsctl_t *fsctl) 1686 { 1687 uint32_t timeout; 1688 smb_ofile_t *of = sr->fid_ofile; 1689 1690 /* 1691 * Note: The spec does not explicitly prohibit resilient directories 1692 * the same way it prohibits durable directories. We prohibit them 1693 * anyway as a simplifying assumption, as there doesn't seem to be 1694 * much use for it. (HYPER-V only seems to use it on files anyway) 1695 */ 1696 if (fsctl->InputCount < 8 || !smb_node_is_file(of->f_node)) 1697 return (NT_STATUS_INVALID_PARAMETER); 1698 1699 (void) smb_mbc_decodef(fsctl->in_mbc, "l4.", 1700 &timeout); /* milliseconds */ 1701 1702 if (smb2_enable_dh == 0) 1703 return (NT_STATUS_NOT_SUPPORTED); 1704 1705 /* 1706 * The spec wants us to return INVALID_PARAMETER if the timeout 1707 * is too large, but we have no way of informing the client 1708 * what an appropriate timeout is, so just set the timeout to 1709 * our max and return SUCCESS. 1710 */ 1711 if (timeout == 0) 1712 timeout = smb2_res_def_timeout; 1713 if (timeout > smb2_res_max_timeout) 1714 timeout = smb2_res_max_timeout; 1715 1716 mutex_enter(&of->f_mutex); 1717 of->dh_vers = SMB2_RESILIENT; 1718 of->dh_timeout_offset = MSEC2NSEC(timeout); 1719 mutex_exit(&of->f_mutex); 1720 1721 return (NT_STATUS_SUCCESS); 1722 } 1723