1 /* 2 * This file and its contents are supplied under the terms of the 3 * Common Development and Distribution License ("CDDL"), version 1.0. 4 * You may only use this file in accordance with the terms of version 5 * 1.0 of the CDDL. 6 * 7 * A full copy of the text of the CDDL should have accompanied this 8 * source. A copy of the CDDL is also available via the Internet at 9 * http://www.illumos.org/license/CDDL. 10 */ 11 12 /* 13 * Copyright 2017 Nexenta Systems, Inc. All rights reserved. 14 */ 15 16 /* 17 * SMB2 Durable Handle support 18 */ 19 20 #include <sys/types.h> 21 #include <sys/cmn_err.h> 22 #include <sys/fcntl.h> 23 #include <sys/nbmlock.h> 24 #include <sys/sid.h> 25 #include <smbsrv/string.h> 26 #include <smbsrv/smb_kproto.h> 27 #include <smbsrv/smb_fsops.h> 28 #include <smbsrv/smbinfo.h> 29 #include <smbsrv/smb2_kproto.h> 30 31 /* Windows default values from [MS-SMB2] */ 32 /* 33 * (times in seconds) 34 * resilient: 35 * MaxTimeout = 300 (win7+) 36 * if timeout > MaxTimeout, ERROR 37 * if timeout != 0, timeout = req.timeout 38 * if timeout == 0, timeout = (infinity) (Win7/w2k8r2) 39 * if timeout == 0, timeout = 120 (Win8+) 40 * v2: 41 * if timeout != 0, timeout = MIN(timeout, 300) (spec) 42 * if timeout != 0, timeout = timeout (win8/2k12) 43 * if timeout == 0, timeout = Share.CATimeout. \ 44 * if Share.CATimeout == 0, timeout = 60 (win8/w2k12) 45 * if timeout == 0, timeout = 180 (win8.1/w2k12r2) 46 * open.timeout = 60 (win8/w2k12r2) (i.e. we ignore the request) 47 * v1: 48 * open.timeout = 16 minutes 49 */ 50 51 uint32_t smb2_dh_def_timeout = 60 * MILLISEC; /* mSec. */ 52 uint32_t smb2_dh_max_timeout = 300 * MILLISEC; /* mSec. */ 53 54 uint32_t smb2_res_def_timeout = 120 * MILLISEC; /* mSec. */ 55 uint32_t smb2_res_max_timeout = 300 * MILLISEC; /* mSec. */ 56 57 uint32_t smb2_persist_timeout = 300 * MILLISEC; /* mSec. */ 58 59 /* Max. size of the file used to store a CA handle. */ 60 static uint32_t smb2_dh_max_cah_size = 64 * 1024; 61 static uint32_t smb2_ca_info_version = 1; 62 63 /* 64 * Want this to have invariant layout on disk, where the 65 * last two uint32_t values are stored as a uint64_t 66 */ 67 struct nvlk { 68 uint64_t lk_start; 69 uint64_t lk_len; 70 /* (lk_pid << 32) | lk_type */ 71 #ifdef _BIG_ENDIAN 72 uint32_t lk_pid, lk_type; 73 #else 74 uint32_t lk_type, lk_pid; 75 #endif 76 }; 77 78 static void smb2_dh_import_share(void *); 79 static smb_ofile_t *smb2_dh_import_handle(smb_request_t *, smb_node_t *, 80 uint64_t); 81 static int smb2_dh_read_nvlist(smb_request_t *, smb_node_t *, struct nvlist **); 82 static int smb2_dh_import_cred(smb_ofile_t *, char *); 83 84 #define DH_SN_SIZE 24 /* size of DH stream name buffers */ 85 /* 86 * Build the stream name used to store a CA handle. 87 * i.e. ":0123456789abcdef:$CA" 88 * Note: smb_fsop_create adds the SUNWsmb prefix, 89 * so we compose the name without the prefix. 90 */ 91 static inline void 92 smb2_dh_make_stream_name(char *buf, size_t buflen, uint64_t id) 93 { 94 ASSERT(buflen >= DH_SN_SIZE); 95 (void) snprintf(buf, buflen, 96 ":%016" PRIx64 ":$CA", id); 97 } 98 99 /* 100 * smb_dh_should_save 101 * 102 * During session tear-down, decide whether to keep a durable handle. 103 * 104 * There are two cases where we save durable handles: 105 * 1. An SMB2 LOGOFF request was received 106 * 2. An unexpected disconnect from the client 107 * Note: Specifying a PrevSessionID in session setup 108 * is considered a disconnect (we just haven't learned about it yet) 109 * In every other case, we close durable handles. 110 * 111 * [MS-SMB2] 3.3.5.6 SMB2_LOGOFF 112 * [MS-SMB2] 3.3.7.1 Handling Loss of a Connection 113 * 114 * If any of the following are true, preserve for reconnect: 115 * 116 * - Open.IsResilient is TRUE. 117 * 118 * - Open.OplockLevel == SMB2_OPLOCK_LEVEL_BATCH and 119 * Open.OplockState == Held, and Open.IsDurable is TRUE. 120 * 121 * - Open.OplockLevel == SMB2_OPLOCK_LEVEL_LEASE, 122 * Lease.LeaseState SMB2_LEASE_HANDLE_CACHING, 123 * Open.OplockState == Held, and Open.IsDurable is TRUE. 124 * 125 * - Open.IsPersistent is TRUE. 126 * 127 * We also deal with some special cases for shutdown of the 128 * server, session, user, tree (in that order). Other than 129 * the cases above, shutdown (or forced termination) should 130 * destroy durable handles. 131 */ 132 boolean_t 133 smb_dh_should_save(smb_ofile_t *of) 134 { 135 ASSERT(MUTEX_HELD(&of->f_mutex)); 136 ASSERT(of->dh_vers != SMB2_NOT_DURABLE); 137 138 /* SMB service shutting down, destroy DH */ 139 if (of->f_server->sv_state == SMB_SERVER_STATE_STOPPING) 140 return (B_FALSE); 141 142 /* 143 * SMB Session (connection) going away (server up). 144 * If server initiated disconnect, destroy DH 145 * If client initiated disconnect, save all DH. 146 */ 147 if (of->f_session->s_state == SMB_SESSION_STATE_TERMINATED) 148 return (B_FALSE); 149 if (of->f_session->s_state == SMB_SESSION_STATE_DISCONNECTED) 150 return (B_TRUE); 151 152 /* 153 * SMB User logoff, session still "up". 154 * Action depends on why/how this logoff happened, 155 * determined based on user->preserve_opens 156 */ 157 if (of->f_user->u_state == SMB_USER_STATE_LOGGING_OFF) { 158 switch (of->f_user->preserve_opens) { 159 case SMB2_DH_PRESERVE_NONE: 160 /* Server-initiated */ 161 return (B_FALSE); 162 case SMB2_DH_PRESERVE_SOME: 163 /* Previous session logoff. */ 164 goto preserve_some; 165 case SMB2_DH_PRESERVE_ALL: 166 /* Protocol logoff request */ 167 return (B_TRUE); 168 } 169 } 170 171 /* 172 * SMB tree disconnecting (user still logged on) 173 * i.e. when kshare export forces disconnection. 174 */ 175 if (of->f_tree->t_state == SMB_TREE_STATE_DISCONNECTING) 176 return (B_FALSE); 177 178 preserve_some: 179 /* preserve_opens == SMB2_DH_PRESERVE_SOME */ 180 181 switch (of->dh_vers) { 182 case SMB2_RESILIENT: 183 return (B_TRUE); 184 185 case SMB2_DURABLE_V2: 186 if (of->dh_persist) 187 return (B_TRUE); 188 /* FALLTHROUGH */ 189 case SMB2_DURABLE_V1: 190 /* IS durable (v1 or v2) */ 191 if ((of->f_oplock.og_state & (OPLOCK_LEVEL_BATCH | 192 OPLOCK_LEVEL_CACHE_HANDLE)) != 0) 193 return (B_TRUE); 194 /* FALLTHROUGH */ 195 case SMB2_NOT_DURABLE: 196 default: 197 break; 198 } 199 200 return (B_FALSE); 201 } 202 203 /* 204 * Is this stream name a CA handle? i.e. 205 * ":0123456789abcdef:$CA" 206 */ 207 static boolean_t 208 smb2_dh_match_ca_name(const char *name, uint64_t *idp) 209 { 210 static const char suffix[] = ":$CA"; 211 u_longlong_t ull; 212 const char *p = name; 213 char *p2 = NULL; 214 int len, rc; 215 216 if (*p++ != ':') 217 return (B_FALSE); 218 219 rc = ddi_strtoull(p, &p2, 16, &ull); 220 if (rc != 0 || p2 != (p + 16)) 221 return (B_FALSE); 222 p += 16; 223 224 len = sizeof (suffix) - 1; 225 if (strncmp(p, suffix, len) != 0) 226 return (B_FALSE); 227 p += len; 228 229 if (*p != '\0') 230 return (B_FALSE); 231 232 *idp = (uint64_t)ull; 233 return (B_TRUE); 234 } 235 236 /* 237 * smb2_dh_new_ca_share 238 * 239 * Called when a new share has ca=true. Find or create the CA dir, 240 * and start a thread to import persistent handles. 241 */ 242 int 243 smb2_dh_new_ca_share(smb_server_t *sv, smb_kshare_t *shr) 244 { 245 smb_kshare_t *shr2; 246 smb_request_t *sr; 247 248 ASSERT(STYPE_ISDSK(shr->shr_type)); 249 250 /* 251 * Need to lookup the kshare again, to get a hold. 252 * Add a function to just get the hold? 253 */ 254 shr2 = smb_kshare_lookup(sv, shr->shr_name); 255 if (shr2 != shr) 256 return (EINVAL); 257 258 sr = smb_request_alloc(sv->sv_session, 0); 259 if (sr == NULL) { 260 /* shutting down? */ 261 smb_kshare_release(sv, shr); 262 return (EINTR); 263 } 264 sr->sr_state = SMB_REQ_STATE_SUBMITTED; 265 266 /* 267 * Mark this share as "busy importing persistent handles" 268 * so we can hold off tree connect until that's done. 269 * Will clear and wakeup below. 270 */ 271 mutex_enter(&shr->shr_mutex); 272 shr->shr_import_busy = sr; 273 mutex_exit(&shr->shr_mutex); 274 275 /* 276 * Start a taskq job to import any CA handles. 277 * The hold on the kshare is given to this job, 278 * which releases it when it's done. 279 */ 280 sr->arg.tcon.si = shr; /* hold from above */ 281 (void) taskq_dispatch( 282 sv->sv_worker_pool, 283 smb2_dh_import_share, sr, TQ_SLEEP); 284 285 return (0); 286 } 287 288 int smb2_dh_import_delay = 0; 289 290 static void 291 smb2_dh_import_share(void *arg) 292 { 293 smb_request_t *sr = arg; 294 smb_kshare_t *shr = sr->arg.tcon.si; 295 smb_node_t *snode; 296 cred_t *kcr = zone_kcred(); 297 smb_streaminfo_t *str_info = NULL; 298 uint64_t id; 299 smb_node_t *str_node; 300 smb_odir_t *od = NULL; 301 smb_ofile_t *of; 302 int rc; 303 boolean_t eof; 304 305 sr->sr_state = SMB_REQ_STATE_ACTIVE; 306 307 if (smb2_dh_import_delay > 0) 308 delay(SEC_TO_TICK(smb2_dh_import_delay)); 309 310 /* 311 * Borrow the server's "root" user. 312 * 313 * This takes the place of smb_session_lookup_ssnid() 314 * that would happen in smb2_dispatch for a normal SR. 315 * As usual, this hold is released in smb_request_free. 316 */ 317 sr->uid_user = sr->sr_server->sv_rootuser; 318 smb_user_hold_internal(sr->uid_user); 319 sr->user_cr = sr->uid_user->u_cred; 320 321 /* 322 * Create a temporary tree connect 323 */ 324 sr->arg.tcon.path = shr->shr_name; 325 sr->tid_tree = smb_tree_alloc(sr, shr, shr->shr_root_node, 326 ACE_ALL_PERMS, 0); 327 if (sr->tid_tree == NULL) { 328 cmn_err(CE_NOTE, "smb2_dh_import_share: " 329 "failed connect share <%s>", shr->shr_name); 330 goto out; 331 } 332 snode = sr->tid_tree->t_snode; 333 334 /* 335 * Get the buffers we'll use to read CA handle data. 336 * Stash in sr_request_buf for smb2_dh_import_handle(). 337 * Also a buffer for the stream name info. 338 */ 339 sr->sr_req_length = smb2_dh_max_cah_size; 340 sr->sr_request_buf = kmem_alloc(sr->sr_req_length, KM_SLEEP); 341 str_info = kmem_alloc(sizeof (smb_streaminfo_t), KM_SLEEP); 342 343 /* 344 * Open the ext. attr dir under the share root and 345 * import CA handles for this share. 346 */ 347 if (smb_odir_openat(sr, snode, &od) != 0) { 348 cmn_err(CE_NOTE, "Share [%s] CA import, no xattr dir?", 349 shr->shr_name); 350 goto out; 351 } 352 353 eof = B_FALSE; 354 do { 355 /* 356 * If the kshare gets unshared before we finish, 357 * bail out so we don't hold things up. 358 */ 359 if (shr->shr_flags & SMB_SHRF_REMOVED) 360 break; 361 362 /* 363 * Read a stream name and info 364 */ 365 rc = smb_odir_read_streaminfo(sr, od, str_info, &eof); 366 if ((rc != 0) || (eof)) 367 break; 368 369 /* 370 * Skip anything not a CA handle. 371 */ 372 if (!smb2_dh_match_ca_name(str_info->si_name, &id)) { 373 continue; 374 } 375 376 /* 377 * Lookup stream node and import 378 */ 379 str_node = NULL; 380 rc = smb_fsop_lookup_name(sr, kcr, SMB_CASE_SENSITIVE, 381 snode, snode, str_info->si_name, &str_node); 382 if (rc != 0) { 383 cmn_err(CE_NOTE, "Share [%s] CA import, " 384 "lookup <%s> failed rc=%d", 385 shr->shr_name, str_info->si_name, rc); 386 continue; 387 } 388 of = smb2_dh_import_handle(sr, str_node, id); 389 smb_node_release(str_node); 390 if (of != NULL) { 391 smb_ofile_release(of); 392 of = NULL; 393 } 394 sr->fid_ofile = NULL; 395 396 } while (!eof); 397 398 out: 399 if (od != NULL) { 400 smb_odir_close(od); 401 smb_odir_release(od); 402 } 403 404 if (str_info != NULL) 405 kmem_free(str_info, sizeof (smb_streaminfo_t)); 406 /* Let smb_request_free clean up sr->sr_request_buf */ 407 408 /* 409 * We did a (temporary, internal) tree connect above, 410 * which we need to undo before we return. Note that 411 * smb_request_free will do the final release of 412 * sr->tid_tree, sr->uid_user 413 */ 414 if (sr->tid_tree != NULL) 415 smb_tree_disconnect(sr->tid_tree, B_FALSE); 416 417 /* 418 * Wake up any waiting tree connect(s). 419 * See smb_tree_connect_disk(). 420 */ 421 mutex_enter(&shr->shr_mutex); 422 shr->shr_import_busy = NULL; 423 cv_broadcast(&shr->shr_cv); 424 mutex_exit(&shr->shr_mutex); 425 426 smb_kshare_release(sr->sr_server, shr); 427 smb_request_free(sr); 428 } 429 430 /* 431 * This returns the new ofile mostly for dtrace. 432 */ 433 static smb_ofile_t * 434 smb2_dh_import_handle(smb_request_t *sr, smb_node_t *str_node, 435 uint64_t persist_id) 436 { 437 uint8_t client_uuid[UUID_LEN]; 438 smb_tree_t *tree = sr->tid_tree; 439 smb_arg_open_t *op = &sr->arg.open; 440 smb_pathname_t *pn = &op->fqi.fq_path; 441 cred_t *kcr = zone_kcred(); 442 struct nvlist *nvl = NULL; 443 char *sidstr = NULL; 444 smb_ofile_t *of = NULL; 445 smb_attr_t *pa; 446 boolean_t did_open = B_FALSE; 447 boolean_t have_lease = B_FALSE; 448 hrtime_t hrt; 449 uint64_t *u64p; 450 uint64_t u64; 451 uint32_t u32; 452 uint32_t status; 453 char *s; 454 uint8_t *u8p; 455 uint_t alen; 456 int rc; 457 458 /* 459 * While we're called with arg.tcon, we now want to use 460 * smb_arg_open for the rest of import, so clear it. 461 */ 462 bzero(op, sizeof (*op)); 463 op->create_disposition = FILE_OPEN; 464 465 /* 466 * Read and unpack the NVL 467 */ 468 rc = smb2_dh_read_nvlist(sr, str_node, &nvl); 469 if (rc != 0) 470 return (NULL); 471 472 /* 473 * Known CA info version? 474 */ 475 u32 = 0; 476 rc = nvlist_lookup_uint32(nvl, "info_version", &u32); 477 if (rc != 0 || u32 != smb2_ca_info_version) { 478 cmn_err(CE_NOTE, "CA import (%s/%s) bad vers=%d", 479 tree->t_resource, str_node->od_name, u32); 480 goto errout; 481 } 482 483 /* 484 * The persist ID in the nvlist should match the one 485 * encoded in the file name. (not enforced) 486 */ 487 u64 = 0; 488 rc = nvlist_lookup_uint64(nvl, "file_persistid", &u64); 489 if (rc != 0 || u64 != persist_id) { 490 cmn_err(CE_WARN, "CA import (%s/%s) bad id=%016" PRIx64, 491 tree->t_resource, str_node->od_name, u64); 492 /* goto errout? (allow) */ 493 } 494 495 /* 496 * Does it belong in the share being imported? 497 */ 498 s = NULL; 499 rc = nvlist_lookup_string(nvl, "share_name", &s); 500 if (rc != 0) { 501 cmn_err(CE_NOTE, "CA import (%s/%s) no share_name", 502 tree->t_resource, str_node->od_name); 503 goto errout; 504 } 505 if (smb_strcasecmp(s, tree->t_sharename, 0) != 0) { 506 /* Normal (not an error) */ 507 #ifdef DEBUG 508 cmn_err(CE_NOTE, "CA import (%s/%s) other share", 509 tree->t_resource, str_node->od_name); 510 #endif 511 goto errout; 512 } 513 514 /* 515 * Get the path name (for lookup) 516 */ 517 rc = nvlist_lookup_string(nvl, "path_name", &pn->pn_path); 518 if (rc != 0) { 519 cmn_err(CE_NOTE, "CA import (%s/%s) no path_name", 520 tree->t_resource, str_node->od_name); 521 goto errout; 522 } 523 524 /* 525 * owner sid 526 */ 527 rc = nvlist_lookup_string(nvl, "owner_sid", &sidstr); 528 if (rc != 0) { 529 cmn_err(CE_NOTE, "CA import (%s/%s) no owner_sid", 530 tree->t_resource, str_node->od_name); 531 goto errout; 532 } 533 534 /* 535 * granted access 536 */ 537 rc = nvlist_lookup_uint32(nvl, 538 "granted_access", &op->desired_access); 539 if (rc != 0) { 540 cmn_err(CE_NOTE, "CA import (%s/%s) no granted_access", 541 tree->t_resource, str_node->od_name); 542 goto errout; 543 } 544 545 /* 546 * share access 547 */ 548 rc = nvlist_lookup_uint32(nvl, 549 "share_access", &op->share_access); 550 if (rc != 0) { 551 cmn_err(CE_NOTE, "CA import (%s/%s) no share_access", 552 tree->t_resource, str_node->od_name); 553 goto errout; 554 } 555 556 /* 557 * create options 558 */ 559 rc = nvlist_lookup_uint32(nvl, 560 "create_options", &op->create_options); 561 if (rc != 0) { 562 cmn_err(CE_NOTE, "CA import (%s/%s) no create_options", 563 tree->t_resource, str_node->od_name); 564 goto errout; 565 } 566 567 /* 568 * create guid (client-assigned) 569 */ 570 alen = UUID_LEN; 571 u8p = NULL; 572 rc = nvlist_lookup_uint8_array(nvl, "file_guid", &u8p, &alen); 573 if (rc != 0 || alen != UUID_LEN) { 574 cmn_err(CE_NOTE, "CA import (%s/%s) bad file_guid", 575 tree->t_resource, str_node->od_name); 576 goto errout; 577 } 578 bcopy(u8p, op->create_guid, UUID_LEN); 579 580 /* 581 * client uuid (identifies the client) 582 */ 583 alen = UUID_LEN; 584 u8p = NULL; 585 rc = nvlist_lookup_uint8_array(nvl, "client_uuid", &u8p, &alen); 586 if (rc != 0 || alen != UUID_LEN) { 587 cmn_err(CE_NOTE, "CA import (%s/%s) no client_uuid", 588 tree->t_resource, str_node->od_name); 589 goto errout; 590 } 591 bcopy(u8p, client_uuid, UUID_LEN); 592 593 /* 594 * Lease key (optional) 595 */ 596 alen = SMB_LEASE_KEY_SZ; 597 u8p = NULL; 598 rc = nvlist_lookup_uint8_array(nvl, "lease_uuid", &u8p, &alen); 599 if (rc == 0) { 600 bcopy(u8p, op->lease_key, UUID_LEN); 601 (void) nvlist_lookup_uint32(nvl, 602 "lease_state", &op->lease_state); 603 (void) nvlist_lookup_uint16(nvl, 604 "lease_epoch", &op->lease_epoch); 605 (void) nvlist_lookup_uint16(nvl, 606 "lease_version", &op->lease_version); 607 have_lease = B_TRUE; 608 } else { 609 (void) nvlist_lookup_uint32(nvl, 610 "oplock_state", &op->op_oplock_state); 611 } 612 613 /* 614 * Done getting what we need from the NV list. 615 * (re)open the file 616 */ 617 status = smb_common_open(sr); 618 if (status != 0) { 619 cmn_err(CE_NOTE, "CA import (%s/%s) open failed 0x%x", 620 tree->t_resource, str_node->od_name, status); 621 (void) smb_node_set_delete_on_close(str_node, kcr, 0); 622 goto errout; 623 } 624 of = sr->fid_ofile; 625 did_open = B_TRUE; 626 627 /* 628 * Now restore the rest of the SMB2 level state. 629 * See smb2_create after smb_common_open 630 */ 631 632 /* 633 * Setup of->f_cr with owner SID 634 */ 635 rc = smb2_dh_import_cred(of, sidstr); 636 if (rc != 0) { 637 cmn_err(CE_NOTE, "CA import (%s/%s) import cred failed", 638 tree->t_resource, str_node->od_name); 639 goto errout; 640 } 641 642 /* 643 * Use the persist ID we previously assigned. 644 * Like smb_ofile_set_persistid_ph() 645 */ 646 rc = smb_ofile_insert_persistid(of, persist_id); 647 if (rc != 0) { 648 cmn_err(CE_NOTE, "CA import (%s/%s) " 649 "insert_persistid rc=%d", 650 tree->t_resource, str_node->od_name, rc); 651 goto errout; 652 } 653 654 /* 655 * Like smb2_lease_create() 656 * 657 * Lease state is stored in each persistent handle, but 658 * only one handle has the state we want. As we import 659 * each handle, "upgrade" the lease if the handle we're 660 * importing has a "better" lease state (higher epoch or 661 * more cache rights). After all handles are imported, 662 * that will get the lease to the right state. 663 */ 664 if (have_lease) { 665 smb_lease_t *ls; 666 status = smb2_lease_create(sr, client_uuid); 667 if (status != 0) { 668 cmn_err(CE_NOTE, "CA import (%s/%s) get lease 0x%x", 669 tree->t_resource, str_node->od_name, status); 670 goto errout; 671 } 672 ls = of->f_lease; 673 674 /* Use most current "epoch". */ 675 mutex_enter(&ls->ls_mutex); 676 if (ls->ls_epoch < op->lease_epoch) 677 ls->ls_epoch = op->lease_epoch; 678 mutex_exit(&ls->ls_mutex); 679 680 /* 681 * Get the lease (and oplock) 682 * uses op->lease_state 683 */ 684 op->op_oplock_level = SMB2_OPLOCK_LEVEL_LEASE; 685 smb2_lease_acquire(sr); 686 687 } else { 688 /* 689 * No lease; maybe get an oplock 690 * uses: op->op_oplock_level 691 */ 692 if (op->op_oplock_state & OPLOCK_LEVEL_BATCH) { 693 op->op_oplock_level = SMB2_OPLOCK_LEVEL_BATCH; 694 } else if (op->op_oplock_state & OPLOCK_LEVEL_ONE) { 695 op->op_oplock_level = SMB2_OPLOCK_LEVEL_EXCLUSIVE; 696 } else if (op->op_oplock_state & OPLOCK_LEVEL_TWO) { 697 op->op_oplock_level = SMB2_OPLOCK_LEVEL_II; 698 } else { 699 op->op_oplock_level = SMB2_OPLOCK_LEVEL_NONE; 700 } 701 smb2_oplock_acquire(sr); 702 } 703 704 /* 705 * Byte range locks 706 */ 707 alen = 0; 708 u64p = NULL; 709 if (nvlist_lookup_uint64_array(nvl, "locks", &u64p, &alen) == 0) { 710 uint_t i; 711 uint_t nlocks = alen / 3; 712 struct nvlk *nlp; 713 714 nlp = (struct nvlk *)u64p; 715 for (i = 0; i < nlocks; i++) { 716 status = smb_lock_range( 717 sr, 718 nlp->lk_start, 719 nlp->lk_len, 720 nlp->lk_pid, 721 nlp->lk_type, 722 0); 723 if (status != 0) { 724 cmn_err(CE_NOTE, "CA import (%s/%s) " 725 "get lock %d failed 0x%x", 726 tree->t_resource, 727 str_node->od_name, 728 i, status); 729 } 730 nlp++; 731 } 732 } 733 alen = SMB_OFILE_LSEQ_MAX; 734 u8p = NULL; 735 if (nvlist_lookup_uint8_array(nvl, "lockseq", &u8p, &alen) == 0) { 736 if (alen != SMB_OFILE_LSEQ_MAX) { 737 cmn_err(CE_NOTE, "CA import (%s/%s) " 738 "get lockseq bad len=%d", 739 tree->t_resource, 740 str_node->od_name, 741 alen); 742 } else { 743 mutex_enter(&of->f_mutex); 744 bcopy(u8p, of->f_lock_seq, alen); 745 mutex_exit(&of->f_mutex); 746 } 747 } 748 749 /* 750 * Optional "sticky" times (set pending attributes) 751 */ 752 mutex_enter(&of->f_mutex); 753 pa = &of->f_pending_attr; 754 if (nvlist_lookup_hrtime(nvl, "atime", &hrt) == 0) { 755 hrt2ts(hrt, &pa->sa_vattr.va_atime); 756 pa->sa_mask |= SMB_AT_ATIME; 757 } 758 if (nvlist_lookup_hrtime(nvl, "mtime", &hrt) == 0) { 759 hrt2ts(hrt, &pa->sa_vattr.va_mtime); 760 pa->sa_mask |= SMB_AT_MTIME; 761 } 762 if (nvlist_lookup_hrtime(nvl, "ctime", &hrt) == 0) { 763 hrt2ts(hrt, &pa->sa_vattr.va_ctime); 764 pa->sa_mask |= SMB_AT_CTIME; 765 } 766 mutex_exit(&of->f_mutex); 767 768 /* 769 * Make durable and persistent. 770 * See smb2_dh_make_persistent() 771 */ 772 of->dh_vers = SMB2_DURABLE_V2; 773 bcopy(op->create_guid, of->dh_create_guid, UUID_LEN); 774 of->dh_persist = B_TRUE; 775 of->dh_nvfile = str_node; 776 smb_node_ref(str_node); 777 of->dh_nvlist = nvl; 778 nvl = NULL; 779 780 /* 781 * Now make it state orphaned... 782 * See smb_ofile_drop(), then 783 * smb_ofile_save_dh() 784 */ 785 mutex_enter(&of->f_mutex); 786 of->f_state = SMB_OFILE_STATE_SAVE_DH; 787 of->dh_timeout_offset = MSEC2NSEC(smb2_persist_timeout); 788 mutex_exit(&of->f_mutex); 789 790 /* 791 * Finished! 792 */ 793 return (of); 794 795 errout: 796 if (did_open) { 797 smb_ofile_close(of, 0); 798 smb_ofile_release(of); 799 } else { 800 ASSERT(of == NULL); 801 } 802 803 if (nvl != NULL) 804 nvlist_free(nvl); 805 806 return (NULL); 807 } 808 809 static int 810 smb2_dh_read_nvlist(smb_request_t *sr, smb_node_t *node, 811 struct nvlist **nvlpp) 812 { 813 smb_attr_t attr; 814 iovec_t iov; 815 uio_t uio; 816 smb_kshare_t *shr = sr->arg.tcon.si; 817 cred_t *kcr = zone_kcred(); 818 size_t flen; 819 int rc; 820 821 bzero(&attr, sizeof (attr)); 822 attr.sa_mask = SMB_AT_SIZE; 823 rc = smb_node_getattr(NULL, node, kcr, NULL, &attr); 824 if (rc != 0) { 825 cmn_err(CE_NOTE, "CA import (%s/%s) getattr rc=%d", 826 shr->shr_path, node->od_name, rc); 827 return (rc); 828 } 829 830 if (attr.sa_vattr.va_size < 4 || 831 attr.sa_vattr.va_size > sr->sr_req_length) { 832 cmn_err(CE_NOTE, "CA import (%s/%s) bad size=%" PRIu64, 833 shr->shr_path, node->od_name, 834 (uint64_t)attr.sa_vattr.va_size); 835 return (EINVAL); 836 } 837 flen = (size_t)attr.sa_vattr.va_size; 838 839 bzero(&uio, sizeof (uio)); 840 iov.iov_base = sr->sr_request_buf; 841 iov.iov_len = flen; 842 uio.uio_iov = &iov; 843 uio.uio_iovcnt = 1; 844 uio.uio_resid = flen; 845 uio.uio_segflg = UIO_SYSSPACE; 846 uio.uio_extflg = UIO_COPY_DEFAULT; 847 rc = smb_fsop_read(sr, kcr, node, NULL, &uio); 848 if (rc != 0) { 849 cmn_err(CE_NOTE, "CA import (%s/%s) read, rc=%d", 850 shr->shr_path, node->od_name, rc); 851 return (rc); 852 } 853 if (uio.uio_resid != 0) { 854 cmn_err(CE_NOTE, "CA import (%s/%s) short read", 855 shr->shr_path, node->od_name); 856 return (EIO); 857 } 858 859 rc = nvlist_unpack(sr->sr_request_buf, flen, nvlpp, KM_SLEEP); 860 if (rc != 0) { 861 cmn_err(CE_NOTE, "CA import (%s/%s) unpack, rc=%d", 862 shr->shr_path, node->od_name, rc); 863 return (rc); 864 } 865 866 return (0); 867 } 868 869 /* 870 * Setup a vestigial credential in of->f_cr just good enough for 871 * smb_is_same_user to determine if the caller owned this ofile. 872 * At reconnect, of->f_cr will be replaced with the caller's. 873 */ 874 static int 875 smb2_dh_import_cred(smb_ofile_t *of, char *sidstr) 876 { 877 #ifdef _FAKE_KERNEL 878 _NOTE(ARGUNUSED(sidstr)) 879 /* fksmbd doesn't have real credentials. */ 880 of->f_cr = CRED(); 881 crhold(of->f_cr); 882 #else 883 char tmpstr[SMB_SID_STRSZ]; 884 ksid_t ksid; 885 cred_t *cr, *oldcr; 886 int rc; 887 888 (void) strlcpy(tmpstr, sidstr, sizeof (tmpstr)); 889 bzero(&ksid, sizeof (ksid)); 890 891 rc = smb_sid_splitstr(tmpstr, &ksid.ks_rid); 892 if (rc != 0) 893 return (rc); 894 cr = crget(); 895 896 ksid.ks_domain = ksid_lookupdomain(tmpstr); 897 crsetsid(cr, &ksid, KSID_USER); 898 ksiddomain_hold(ksid.ks_domain); 899 crsetsid(cr, &ksid, KSID_OWNER); 900 901 /* 902 * Just to avoid leaving the KSID_GROUP slot NULL, 903 * put the "everyone" SID there (S-1-1-0). 904 */ 905 ksid.ks_domain = ksid_lookupdomain("S-1-1"); 906 ksid.ks_rid = 0; 907 crsetsid(cr, &ksid, KSID_GROUP); 908 909 oldcr = of->f_cr; 910 of->f_cr = cr; 911 if (oldcr != NULL) 912 crfree(oldcr); 913 #endif 914 915 return (0); 916 } 917 918 /* 919 * Set Delete-on-Close (DoC) on the persistent state file so it will be 920 * removed when the last ref. goes away (in smb2_dh_close_persistent). 921 * 922 * This is called in just two places: 923 * (1) SMB2_close request -- client tells us to destroy the handle. 924 * (2) smb2_dh_expire -- client has forgotten about this handle. 925 * All other (server-initiated) close calls should leave these 926 * persistent state files in the file system. 927 */ 928 void 929 smb2_dh_setdoc_persistent(smb_ofile_t *of) 930 { 931 smb_node_t *strnode; 932 uint32_t status; 933 934 mutex_enter(&of->dh_nvlock); 935 if ((strnode = of->dh_nvfile) != NULL) 936 smb_node_ref(strnode); 937 mutex_exit(&of->dh_nvlock); 938 939 if (strnode != NULL) { 940 status = smb_node_set_delete_on_close(strnode, 941 zone_kcred(), SMB_CASE_SENSITIVE); 942 if (status != 0) { 943 cmn_err(CE_WARN, "Can't set DoC on CA file: %s", 944 strnode->od_name); 945 DTRACE_PROBE1(rm__ca__err, smb_ofile_t *, of); 946 } 947 smb_node_release(strnode); 948 } 949 } 950 951 /* 952 * During ofile close, free the persistent handle state nvlist and 953 * drop our reference to the state file node (which may unlink it 954 * if smb2_dh_setdoc_persistent was called). 955 */ 956 void 957 smb2_dh_close_persistent(smb_ofile_t *of) 958 { 959 smb_node_t *strnode; 960 struct nvlist *nvl; 961 962 /* 963 * Clear out nvlist and stream linkage 964 */ 965 mutex_enter(&of->dh_nvlock); 966 strnode = of->dh_nvfile; 967 of->dh_nvfile = NULL; 968 nvl = of->dh_nvlist; 969 of->dh_nvlist = NULL; 970 mutex_exit(&of->dh_nvlock); 971 972 if (nvl != NULL) 973 nvlist_free(nvl); 974 975 if (strnode != NULL) 976 smb_node_release(strnode); 977 } 978 979 /* 980 * Make this durable handle persistent. 981 * If we succeed, set of->dh_persist = TRUE. 982 */ 983 int 984 smb2_dh_make_persistent(smb_request_t *sr, smb_ofile_t *of) 985 { 986 char fname[DH_SN_SIZE]; 987 char sidstr[SMB_SID_STRSZ]; 988 smb_attr_t attr; 989 smb_arg_open_t *op = &sr->arg.open; 990 cred_t *kcr = zone_kcred(); 991 smb_node_t *dnode = of->f_tree->t_snode; 992 smb_node_t *fnode = NULL; 993 ksid_t *ksid; 994 int rc; 995 996 ASSERT(of->dh_nvfile == NULL); 997 998 /* 999 * Create the persistent handle nvlist file. 1000 * It's a named stream in the share root. 1001 */ 1002 smb2_dh_make_stream_name(fname, sizeof (fname), of->f_persistid); 1003 1004 bzero(&attr, sizeof (attr)); 1005 attr.sa_mask = SMB_AT_TYPE | SMB_AT_MODE | SMB_AT_SIZE; 1006 attr.sa_vattr.va_type = VREG; 1007 attr.sa_vattr.va_mode = 0640; 1008 attr.sa_vattr.va_size = 4; 1009 rc = smb_fsop_create(sr, kcr, dnode, fname, &attr, &fnode); 1010 if (rc != 0) 1011 return (rc); 1012 1013 mutex_enter(&of->dh_nvlock); 1014 1015 /* fnode is held. rele in smb2_dh_close_persistent */ 1016 of->dh_nvfile = fnode; 1017 (void) nvlist_alloc(&of->dh_nvlist, NV_UNIQUE_NAME, KM_SLEEP); 1018 1019 /* 1020 * Want the ksid as a string 1021 */ 1022 ksid = crgetsid(of->f_user->u_cred, KSID_USER); 1023 (void) snprintf(sidstr, sizeof (sidstr), "%s-%u", 1024 ksid->ks_domain->kd_name, ksid->ks_rid); 1025 1026 /* 1027 * Fill in the fixed parts of the nvlist 1028 */ 1029 (void) nvlist_add_uint32(of->dh_nvlist, 1030 "info_version", smb2_ca_info_version); 1031 (void) nvlist_add_string(of->dh_nvlist, 1032 "owner_sid", sidstr); 1033 (void) nvlist_add_string(of->dh_nvlist, 1034 "share_name", of->f_tree->t_sharename); 1035 (void) nvlist_add_uint64(of->dh_nvlist, 1036 "file_persistid", of->f_persistid); 1037 (void) nvlist_add_uint8_array(of->dh_nvlist, 1038 "file_guid", of->dh_create_guid, UUID_LEN); 1039 (void) nvlist_add_string(of->dh_nvlist, 1040 "client_ipaddr", sr->session->ip_addr_str); 1041 (void) nvlist_add_uint8_array(of->dh_nvlist, 1042 "client_uuid", sr->session->clnt_uuid, UUID_LEN); 1043 (void) nvlist_add_string(of->dh_nvlist, 1044 "path_name", op->fqi.fq_path.pn_path); 1045 (void) nvlist_add_uint32(of->dh_nvlist, 1046 "granted_access", of->f_granted_access); 1047 (void) nvlist_add_uint32(of->dh_nvlist, 1048 "share_access", of->f_share_access); 1049 (void) nvlist_add_uint32(of->dh_nvlist, 1050 "create_options", of->f_create_options); 1051 if (of->f_lease != NULL) { 1052 smb_lease_t *ls = of->f_lease; 1053 (void) nvlist_add_uint8_array(of->dh_nvlist, 1054 "lease_uuid", ls->ls_key, 16); 1055 (void) nvlist_add_uint32(of->dh_nvlist, 1056 "lease_state", ls->ls_state); 1057 (void) nvlist_add_uint16(of->dh_nvlist, 1058 "lease_epoch", ls->ls_epoch); 1059 (void) nvlist_add_uint16(of->dh_nvlist, 1060 "lease_version", ls->ls_version); 1061 } else { 1062 (void) nvlist_add_uint32(of->dh_nvlist, 1063 "oplock_state", of->f_oplock.og_state); 1064 } 1065 mutex_exit(&of->dh_nvlock); 1066 1067 smb2_dh_update_locks(sr, of); 1068 1069 /* Tell sr update nvlist file */ 1070 sr->dh_nvl_dirty = B_TRUE; 1071 1072 return (0); 1073 } 1074 1075 void 1076 smb2_dh_update_nvfile(smb_request_t *sr) 1077 { 1078 smb_attr_t attr; 1079 iovec_t iov; 1080 uio_t uio; 1081 smb_ofile_t *of = sr->fid_ofile; 1082 cred_t *kcr = zone_kcred(); 1083 char *buf = NULL; 1084 size_t buflen = 0; 1085 uint32_t wcnt; 1086 int rc; 1087 1088 if (of == NULL || of->dh_persist == B_FALSE) 1089 return; 1090 1091 mutex_enter(&of->dh_nvlock); 1092 if (of->dh_nvlist == NULL || of->dh_nvfile == NULL) { 1093 mutex_exit(&of->dh_nvlock); 1094 return; 1095 } 1096 1097 rc = nvlist_size(of->dh_nvlist, &buflen, NV_ENCODE_XDR); 1098 if (rc != 0) 1099 goto out; 1100 buf = kmem_zalloc(buflen, KM_SLEEP); 1101 1102 rc = nvlist_pack(of->dh_nvlist, &buf, &buflen, 1103 NV_ENCODE_XDR, KM_SLEEP); 1104 if (rc != 0) 1105 goto out; 1106 1107 bzero(&attr, sizeof (attr)); 1108 attr.sa_mask = SMB_AT_SIZE; 1109 attr.sa_vattr.va_size = buflen; 1110 rc = smb_node_setattr(sr, of->dh_nvfile, kcr, NULL, &attr); 1111 if (rc != 0) 1112 goto out; 1113 1114 bzero(&uio, sizeof (uio)); 1115 iov.iov_base = (void *) buf; 1116 iov.iov_len = buflen; 1117 uio.uio_iov = &iov; 1118 uio.uio_iovcnt = 1; 1119 uio.uio_resid = buflen; 1120 uio.uio_segflg = UIO_SYSSPACE; 1121 uio.uio_extflg = UIO_COPY_DEFAULT; 1122 rc = smb_fsop_write(sr, kcr, of->dh_nvfile, 1123 NULL, &uio, &wcnt, 0); 1124 if (rc == 0 && wcnt != buflen) 1125 rc = EIO; 1126 1127 out: 1128 mutex_exit(&of->dh_nvlock); 1129 1130 if (rc != 0) { 1131 cmn_err(CE_WARN, 1132 "clnt(%s) failed to update persistent handle, rc=%d", 1133 sr->session->ip_addr_str, rc); 1134 } 1135 1136 if (buf != NULL) { 1137 kmem_free(buf, buflen); 1138 } 1139 } 1140 1141 /* 1142 * Called after f_oplock (and lease) changes 1143 * If lease, update: lease_state, lease_epoch 1144 * else (oplock) update: oplock_state 1145 */ 1146 void 1147 smb2_dh_update_oplock(smb_request_t *sr, smb_ofile_t *of) 1148 { 1149 smb_lease_t *ls; 1150 1151 mutex_enter(&of->dh_nvlock); 1152 if (of->dh_nvlist == NULL) { 1153 mutex_exit(&of->dh_nvlock); 1154 return; 1155 } 1156 1157 if (of->f_lease != NULL) { 1158 ls = of->f_lease; 1159 (void) nvlist_add_uint32(of->dh_nvlist, 1160 "lease_state", ls->ls_state); 1161 (void) nvlist_add_uint16(of->dh_nvlist, 1162 "lease_epoch", ls->ls_epoch); 1163 } else { 1164 (void) nvlist_add_uint32(of->dh_nvlist, 1165 "oplock_state", of->f_oplock.og_state); 1166 } 1167 mutex_exit(&of->dh_nvlock); 1168 1169 sr->dh_nvl_dirty = B_TRUE; 1170 } 1171 1172 /* 1173 * Save locks from this ofile as an array of uint64_t, where the 1174 * elements are triplets: (start, length, (pid << 32) | type) 1175 * Note pid should always be zero for SMB2, so we could use 1176 * that 32-bit spot for something else if needed. 1177 */ 1178 void 1179 smb2_dh_update_locks(smb_request_t *sr, smb_ofile_t *of) 1180 { 1181 uint8_t lseq[SMB_OFILE_LSEQ_MAX]; 1182 smb_node_t *node = of->f_node; 1183 smb_llist_t *llist = &node->n_lock_list; 1184 size_t vec_sz; // storage size 1185 uint_t my_cnt = 0; 1186 uint64_t *vec = NULL; 1187 struct nvlk *nlp; 1188 smb_lock_t *lock; 1189 1190 smb_llist_enter(llist, RW_READER); 1191 vec_sz = (llist->ll_count + 1) * sizeof (struct nvlk); 1192 vec = kmem_alloc(vec_sz, KM_SLEEP); 1193 nlp = (struct nvlk *)vec; 1194 for (lock = smb_llist_head(llist); 1195 lock != NULL; 1196 lock = smb_llist_next(llist, lock)) { 1197 if (lock->l_file != of) 1198 continue; 1199 nlp->lk_start = lock->l_start; 1200 nlp->lk_len = lock->l_length; 1201 nlp->lk_pid = lock->l_pid; 1202 nlp->lk_type = lock->l_type; 1203 nlp++; 1204 my_cnt++; 1205 } 1206 smb_llist_exit(llist); 1207 1208 mutex_enter(&of->f_mutex); 1209 bcopy(of->f_lock_seq, lseq, sizeof (lseq)); 1210 mutex_exit(&of->f_mutex); 1211 1212 mutex_enter(&of->dh_nvlock); 1213 if (of->dh_nvlist != NULL) { 1214 1215 (void) nvlist_add_uint64_array(of->dh_nvlist, 1216 "locks", vec, my_cnt * 3); 1217 1218 (void) nvlist_add_uint8_array(of->dh_nvlist, 1219 "lockseq", lseq, sizeof (lseq)); 1220 } 1221 mutex_exit(&of->dh_nvlock); 1222 1223 kmem_free(vec, vec_sz); 1224 1225 sr->dh_nvl_dirty = B_TRUE; 1226 } 1227 1228 /* 1229 * Save "sticky" times 1230 */ 1231 void 1232 smb2_dh_update_times(smb_request_t *sr, smb_ofile_t *of, smb_attr_t *attr) 1233 { 1234 hrtime_t t; 1235 1236 mutex_enter(&of->dh_nvlock); 1237 if (of->dh_nvlist == NULL) { 1238 mutex_exit(&of->dh_nvlock); 1239 return; 1240 } 1241 1242 if (attr->sa_mask & SMB_AT_ATIME) { 1243 t = ts2hrt(&attr->sa_vattr.va_atime); 1244 (void) nvlist_add_hrtime(of->dh_nvlist, "atime", t); 1245 } 1246 if (attr->sa_mask & SMB_AT_MTIME) { 1247 t = ts2hrt(&attr->sa_vattr.va_mtime); 1248 (void) nvlist_add_hrtime(of->dh_nvlist, "mtime", t); 1249 } 1250 if (attr->sa_mask & SMB_AT_CTIME) { 1251 t = ts2hrt(&attr->sa_vattr.va_ctime); 1252 (void) nvlist_add_hrtime(of->dh_nvlist, "ctime", t); 1253 } 1254 mutex_exit(&of->dh_nvlock); 1255 1256 sr->dh_nvl_dirty = B_TRUE; 1257 } 1258 1259 1260 /* 1261 * Requirements for ofile found during reconnect (MS-SMB2 3.3.5.9.7): 1262 * - security descriptor must match provided descriptor 1263 * 1264 * If file is leased: 1265 * - lease must be requested 1266 * - client guid must match session guid 1267 * - file name must match given name 1268 * - lease key must match provided lease key 1269 * If file is not leased: 1270 * - Lease must not be requested 1271 * 1272 * dh_v2 only: 1273 * - SMB2_DHANDLE_FLAG_PERSISTENT must be set if dh_persist is true 1274 * - SMB2_DHANDLE_FLAG_PERSISTENT must not be set if dh_persist is false 1275 * - desired access, share access, and create_options must be ignored 1276 * - createguid must match 1277 */ 1278 static uint32_t 1279 smb2_dh_reconnect_checks(smb_request_t *sr, smb_ofile_t *of) 1280 { 1281 smb_arg_open_t *op = &sr->sr_open; 1282 char *fname; 1283 1284 if (of->f_lease != NULL) { 1285 if (bcmp(sr->session->clnt_uuid, 1286 of->f_lease->ls_clnt, 16) != 0) 1287 return (NT_STATUS_OBJECT_NAME_NOT_FOUND); 1288 1289 if (op->op_oplock_level != SMB2_OPLOCK_LEVEL_LEASE) 1290 return (NT_STATUS_OBJECT_NAME_NOT_FOUND); 1291 if (bcmp(op->lease_key, of->f_lease->ls_key, 1292 SMB_LEASE_KEY_SZ) != 0) 1293 return (NT_STATUS_OBJECT_NAME_NOT_FOUND); 1294 1295 /* 1296 * We're supposed to check the name is the same. 1297 * Not really necessary to do this, so just do 1298 * minimal effort (check last component) 1299 */ 1300 fname = strrchr(op->fqi.fq_path.pn_path, '\\'); 1301 if (fname != NULL) 1302 fname++; 1303 else 1304 fname = op->fqi.fq_path.pn_path; 1305 if (smb_strcasecmp(fname, of->f_node->od_name, 0) != 0) { 1306 #ifdef DEBUG 1307 cmn_err(CE_NOTE, "reconnect name <%s> of name <%s>", 1308 fname, of->f_node->od_name); 1309 #endif 1310 return (NT_STATUS_INVALID_PARAMETER); 1311 } 1312 } else { 1313 if (op->op_oplock_level == SMB2_OPLOCK_LEVEL_LEASE) 1314 return (NT_STATUS_OBJECT_NAME_NOT_FOUND); 1315 } 1316 1317 if (op->dh_vers == SMB2_DURABLE_V2) { 1318 boolean_t op_persist = 1319 ((op->dh_v2_flags & SMB2_DHANDLE_FLAG_PERSISTENT) != 0); 1320 if (of->dh_persist != op_persist) 1321 return (NT_STATUS_OBJECT_NAME_NOT_FOUND); 1322 if (memcmp(op->create_guid, of->dh_create_guid, UUID_LEN)) 1323 return (NT_STATUS_OBJECT_NAME_NOT_FOUND); 1324 } 1325 1326 if (!smb_is_same_user(sr->user_cr, of->f_cr)) 1327 return (NT_STATUS_ACCESS_DENIED); 1328 1329 return (NT_STATUS_SUCCESS); 1330 } 1331 1332 /* 1333 * [MS-SMB2] 3.3.5.9.7 and 3.3.5.9.12 (durable reconnect v1/v2) 1334 * 1335 * Looks up an ofile on the server's sv_dh_list by the persistid. 1336 * If found, it validates the request. 1337 * (see smb2_dh_reconnect_checks() for details) 1338 * If the checks are passed, add it onto the new tree's list. 1339 * 1340 * Note that the oplock break code path can get to an ofile via the node 1341 * ofile list. It starts with a ref taken in smb_ofile_hold_olbrk, which 1342 * waits if the ofile is found in state RECONNECT. That wait happens with 1343 * the node ofile list lock held as reader, and the oplock mutex held. 1344 * Implications of that are: While we're in state RECONNECT, we shoud NOT 1345 * block (at least, not for long) and must not try to enter any of the 1346 * node ofile list lock or oplock mutex. Thankfully, we don't need to 1347 * enter those while reclaiming an orphaned ofile. 1348 */ 1349 uint32_t 1350 smb2_dh_reconnect(smb_request_t *sr) 1351 { 1352 smb_arg_open_t *op = &sr->sr_open; 1353 smb_tree_t *tree = sr->tid_tree; 1354 smb_ofile_t *of; 1355 cred_t *old_cr; 1356 uint32_t status = NT_STATUS_OBJECT_NAME_NOT_FOUND; 1357 uint16_t fid = 0; 1358 1359 if (smb_idpool_alloc(&tree->t_fid_pool, &fid)) 1360 return (NT_STATUS_TOO_MANY_OPENED_FILES); 1361 1362 /* Find orphaned handle. */ 1363 of = smb_ofile_lookup_by_persistid(sr, op->dh_fileid.persistent); 1364 if (of == NULL) 1365 goto errout; 1366 1367 mutex_enter(&of->f_mutex); 1368 if (of->f_state != SMB_OFILE_STATE_ORPHANED) { 1369 mutex_exit(&of->f_mutex); 1370 goto errout; 1371 } 1372 1373 status = smb2_dh_reconnect_checks(sr, of); 1374 if (status != NT_STATUS_SUCCESS) { 1375 mutex_exit(&of->f_mutex); 1376 goto errout; 1377 } 1378 1379 /* 1380 * Note: cv_broadcast(&of->f_cv) when we're 1381 * done messing around in this state. 1382 * See: smb_ofile_hold_olbrk() 1383 */ 1384 of->f_state = SMB_OFILE_STATE_RECONNECT; 1385 mutex_exit(&of->f_mutex); 1386 1387 /* 1388 * At this point, we should be the only thread with a ref on the 1389 * ofile, and the RECONNECT state should prevent new refs from 1390 * being granted, or other durable threads from observing or 1391 * reclaiming it. Put this ofile in the new tree, similar to 1392 * the last part of smb_ofile_open. 1393 */ 1394 1395 old_cr = of->f_cr; 1396 of->f_cr = sr->user_cr; 1397 crhold(of->f_cr); 1398 crfree(old_cr); 1399 1400 of->f_session = sr->session; /* hold is via user and tree */ 1401 smb_user_hold_internal(sr->uid_user); 1402 of->f_user = sr->uid_user; 1403 smb_tree_hold_internal(tree); 1404 of->f_tree = tree; 1405 of->f_fid = fid; 1406 1407 smb_llist_enter(&tree->t_ofile_list, RW_WRITER); 1408 smb_llist_insert_tail(&tree->t_ofile_list, of); 1409 smb_llist_exit(&tree->t_ofile_list); 1410 atomic_inc_32(&tree->t_open_files); 1411 atomic_inc_32(&sr->session->s_file_cnt); 1412 1413 /* 1414 * The ofile is now in the caller's session & tree. 1415 * 1416 * In case smb_ofile_hold or smb_oplock_send_brk() are 1417 * waiting for state RECONNECT to complete, wakeup. 1418 */ 1419 mutex_enter(&of->f_mutex); 1420 of->dh_expire_time = 0; 1421 of->f_state = SMB_OFILE_STATE_OPEN; 1422 cv_broadcast(&of->f_cv); 1423 mutex_exit(&of->f_mutex); 1424 1425 /* 1426 * The ofile is now visible in the new session. 1427 * From here, this is similar to the last part of 1428 * smb_common_open(). 1429 */ 1430 op->fqi.fq_fattr.sa_mask = SMB_AT_ALL; 1431 (void) smb_node_getattr(sr, of->f_node, zone_kcred(), of, 1432 &op->fqi.fq_fattr); 1433 1434 /* 1435 * Set up the fileid and dosattr in open_param for response 1436 */ 1437 op->fileid = op->fqi.fq_fattr.sa_vattr.va_nodeid; 1438 op->dattr = op->fqi.fq_fattr.sa_dosattr; 1439 1440 /* 1441 * Set up the file type in open_param for the response 1442 * The ref. from ofile lookup is "given" to fid_ofile. 1443 */ 1444 op->ftype = SMB_FTYPE_DISK; 1445 sr->smb_fid = of->f_fid; 1446 sr->fid_ofile = of; 1447 1448 if (smb_node_is_file(of->f_node)) { 1449 op->dsize = op->fqi.fq_fattr.sa_vattr.va_size; 1450 } else { 1451 /* directory or symlink */ 1452 op->dsize = 0; 1453 } 1454 1455 op->create_options = 0; /* no more modifications wanted */ 1456 op->action_taken = SMB_OACT_OPENED; 1457 return (NT_STATUS_SUCCESS); 1458 1459 errout: 1460 if (of != NULL) 1461 smb_ofile_release(of); 1462 if (fid != 0) 1463 smb_idpool_free(&tree->t_fid_pool, fid); 1464 1465 return (status); 1466 } 1467 1468 /* 1469 * Durable handle expiration 1470 * ofile state is _EXPIRED 1471 */ 1472 static void 1473 smb2_dh_expire(void *arg) 1474 { 1475 smb_ofile_t *of = (smb_ofile_t *)arg; 1476 1477 if (of->dh_persist) 1478 smb2_dh_setdoc_persistent(of); 1479 smb_ofile_close(of, 0); 1480 smb_ofile_release(of); 1481 } 1482 1483 void 1484 smb2_durable_timers(smb_server_t *sv) 1485 { 1486 smb_hash_t *hash; 1487 smb_llist_t *bucket; 1488 smb_ofile_t *of; 1489 hrtime_t now; 1490 int i; 1491 1492 hash = sv->sv_persistid_ht; 1493 now = gethrtime(); 1494 1495 for (i = 0; i < hash->num_buckets; i++) { 1496 bucket = &hash->buckets[i].b_list; 1497 smb_llist_enter(bucket, RW_READER); 1498 for (of = smb_llist_head(bucket); 1499 of != NULL; 1500 of = smb_llist_next(bucket, of)) { 1501 SMB_OFILE_VALID(of); 1502 1503 /* 1504 * Check outside the mutex first to avoid some 1505 * mutex_enter work in this loop. If the state 1506 * changes under foot, the worst that happens 1507 * is we either enter the mutex when we might 1508 * not have needed to, or we miss some DH in 1509 * this pass and get it on the next. 1510 */ 1511 if (of->f_state != SMB_OFILE_STATE_ORPHANED) 1512 continue; 1513 1514 mutex_enter(&of->f_mutex); 1515 /* STATE_ORPHANED implies dh_expire_time != 0 */ 1516 if (of->f_state == SMB_OFILE_STATE_ORPHANED && 1517 of->dh_expire_time <= now) { 1518 of->f_state = SMB_OFILE_STATE_EXPIRED; 1519 /* inline smb_ofile_hold_internal() */ 1520 of->f_refcnt++; 1521 smb_llist_post(bucket, of, smb2_dh_expire); 1522 } 1523 mutex_exit(&of->f_mutex); 1524 } 1525 smb_llist_exit(bucket); 1526 } 1527 } 1528 1529 /* 1530 * This is called when we're about to add a new open to some node. 1531 * If we still have orphaned durable handles on this node, let's 1532 * assume the client has lost interest in those and close them, 1533 * otherwise we might conflict with our own orphaned handles. 1534 * 1535 * We need this because we import persistent handles "speculatively" 1536 * during share import (before the client ever asks for reconnect). 1537 * That allows us to avoid any need for a "create blackout" (or 1538 * "grace period") because the imported handles prevent unwanted 1539 * conflicting opens from other clients. However, if some client 1540 * "forgets" about a persistent handle (*cough* Hyper-V) and tries 1541 * a new (conflicting) open instead of a reconnect, that might 1542 * fail unless we expire our orphaned durables handle first. 1543 * 1544 * Logic similar to smb_node_open_check() 1545 */ 1546 void 1547 smb2_dh_close_my_orphans(smb_request_t *sr, smb_ofile_t *new_of) 1548 { 1549 smb_node_t *node = new_of->f_node; 1550 smb_ofile_t *of; 1551 1552 SMB_NODE_VALID(node); 1553 1554 smb_llist_enter(&node->n_ofile_list, RW_READER); 1555 for (of = smb_llist_head(&node->n_ofile_list); 1556 of != NULL; 1557 of = smb_llist_next(&node->n_ofile_list, of)) { 1558 1559 /* Same client? */ 1560 if (of->f_lease != NULL && 1561 bcmp(sr->session->clnt_uuid, 1562 of->f_lease->ls_clnt, 16) != 0) 1563 continue; 1564 1565 if (!smb_is_same_user(sr->user_cr, of->f_cr)) 1566 continue; 1567 1568 mutex_enter(&of->f_mutex); 1569 if (of->f_state == SMB_OFILE_STATE_ORPHANED) { 1570 of->f_state = SMB_OFILE_STATE_EXPIRED; 1571 /* inline smb_ofile_hold_internal() */ 1572 of->f_refcnt++; 1573 smb_llist_post(&node->n_ofile_list, 1574 of, smb2_dh_expire); 1575 } 1576 mutex_exit(&of->f_mutex); 1577 } 1578 1579 smb_llist_exit(&node->n_ofile_list); 1580 } 1581 1582 /* 1583 * Called for each orphaned DH during shutdown. 1584 * Clean out any in-memory state, but leave any 1585 * on-disk persistent handle state in place. 1586 */ 1587 static void 1588 smb2_dh_cleanup(void *arg) 1589 { 1590 smb_ofile_t *of = (smb_ofile_t *)arg; 1591 smb_node_t *strnode; 1592 struct nvlist *nvl; 1593 1594 /* 1595 * Intentionally skip smb2_dh_close_persistent by 1596 * clearing dh_nvfile before smb_ofile_close(). 1597 */ 1598 mutex_enter(&of->dh_nvlock); 1599 strnode = of->dh_nvfile; 1600 of->dh_nvfile = NULL; 1601 nvl = of->dh_nvlist; 1602 of->dh_nvlist = NULL; 1603 mutex_exit(&of->dh_nvlock); 1604 1605 if (nvl != NULL) 1606 nvlist_free(nvl); 1607 1608 if (strnode != NULL) 1609 smb_node_release(strnode); 1610 1611 smb_ofile_close(of, 0); 1612 smb_ofile_release(of); 1613 } 1614 1615 /* 1616 * Clean out durable handles during shutdown. 1617 * 1618 * Like, smb2_durable_timers but cleanup only in-memory state, 1619 * and leave any persistent state there for later reconnect. 1620 */ 1621 void 1622 smb2_dh_shutdown(smb_server_t *sv) 1623 { 1624 smb_hash_t *hash; 1625 smb_llist_t *bucket; 1626 smb_ofile_t *of; 1627 int i; 1628 1629 hash = sv->sv_persistid_ht; 1630 1631 for (i = 0; i < hash->num_buckets; i++) { 1632 bucket = &hash->buckets[i].b_list; 1633 smb_llist_enter(bucket, RW_READER); 1634 of = smb_llist_head(bucket); 1635 while (of != NULL) { 1636 SMB_OFILE_VALID(of); 1637 mutex_enter(&of->f_mutex); 1638 1639 switch (of->f_state) { 1640 case SMB_OFILE_STATE_ORPHANED: 1641 of->f_state = SMB_OFILE_STATE_EXPIRED; 1642 /* inline smb_ofile_hold_internal() */ 1643 of->f_refcnt++; 1644 smb_llist_post(bucket, of, smb2_dh_cleanup); 1645 break; 1646 default: 1647 break; 1648 } 1649 mutex_exit(&of->f_mutex); 1650 of = smb_llist_next(bucket, of); 1651 } 1652 smb_llist_exit(bucket); 1653 } 1654 1655 #ifdef DEBUG 1656 for (i = 0; i < hash->num_buckets; i++) { 1657 bucket = &hash->buckets[i].b_list; 1658 smb_llist_enter(bucket, RW_READER); 1659 of = smb_llist_head(bucket); 1660 while (of != NULL) { 1661 SMB_OFILE_VALID(of); 1662 cmn_err(CE_NOTE, "dh_shutdown leaked of=%p", 1663 (void *)of); 1664 of = smb_llist_next(bucket, of); 1665 } 1666 smb_llist_exit(bucket); 1667 } 1668 #endif // DEBUG 1669 } 1670 1671 uint32_t 1672 smb2_fsctl_set_resilient(smb_request_t *sr, smb_fsctl_t *fsctl) 1673 { 1674 uint32_t timeout; 1675 smb_ofile_t *of = sr->fid_ofile; 1676 1677 /* 1678 * Note: The spec does not explicitly prohibit resilient directories 1679 * the same way it prohibits durable directories. We prohibit them 1680 * anyway as a simplifying assumption, as there doesn't seem to be 1681 * much use for it. (HYPER-V only seems to use it on files anyway) 1682 */ 1683 if (fsctl->InputCount < 8 || !smb_node_is_file(of->f_node)) 1684 return (NT_STATUS_INVALID_PARAMETER); 1685 1686 (void) smb_mbc_decodef(fsctl->in_mbc, "l4.", 1687 &timeout); /* milliseconds */ 1688 1689 if (smb2_enable_dh == 0) 1690 return (NT_STATUS_NOT_SUPPORTED); 1691 1692 /* 1693 * The spec wants us to return INVALID_PARAMETER if the timeout 1694 * is too large, but we have no way of informing the client 1695 * what an appropriate timeout is, so just set the timeout to 1696 * our max and return SUCCESS. 1697 */ 1698 if (timeout == 0) 1699 timeout = smb2_res_def_timeout; 1700 if (timeout > smb2_res_max_timeout) 1701 timeout = smb2_res_max_timeout; 1702 1703 mutex_enter(&of->f_mutex); 1704 of->dh_vers = SMB2_RESILIENT; 1705 of->dh_timeout_offset = MSEC2NSEC(timeout); 1706 mutex_exit(&of->f_mutex); 1707 1708 return (NT_STATUS_SUCCESS); 1709 } 1710