fs/smbsrv/smb_mbuf_marshaling.c

da6c28aaSamw/*
da6c28aaSamw * CDDL HEADER START
da6c28aaSamw *
da6c28aaSamw * The contents of this file are subject to the terms of the
da6c28aaSamw * Common Development and Distribution License (the "License").
da6c28aaSamw * You may not use this file except in compliance with the License.
da6c28aaSamw *
da6c28aaSamw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
da6c28aaSamw * or http://www.opensolaris.org/os/licensing.
da6c28aaSamw * See the License for the specific language governing permissions
da6c28aaSamw * and limitations under the License.
da6c28aaSamw *
da6c28aaSamw * When distributing Covered Code, include this CDDL HEADER in each
da6c28aaSamw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
da6c28aaSamw * If applicable, add the following below this CDDL HEADER, with the
da6c28aaSamw * fields enclosed by brackets "[]" replaced with your own identifying
da6c28aaSamw * information: Portions Copyright [yyyy] [name of copyright owner]
da6c28aaSamw *
da6c28aaSamw * CDDL HEADER END
da6c28aaSamw */
da6c28aaSamw/*
f96bd5c8SAlan Wright * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
da6c28aaSamw * Use is subject to license terms.
12b65585SGordon Ross *
*897907ceSGordon Ross * Copyright 2013-2021 Tintri by DDN, Inc. All rights reserved.
da6c28aaSamw */
da6c28aaSamw
da6c28aaSamw/*
da6c28aaSamw * SMB mbuf marshaling encode/decode.
da6c28aaSamw */
da6c28aaSamw
bbf6f00cSJordan Brown#include <smbsrv/smb_kproto.h>
e3f2c991SKeyur Desai
e3f2c991SKeyur Desai
da6c28aaSamw#define	MALLOC_QUANTUM	80
da6c28aaSamw
da6c28aaSamw#define	DECODE_NO_ERROR		0
da6c28aaSamw#define	DECODE_NO_MORE_DATA	1
da6c28aaSamw#define	DECODE_ALLOCATION_ERROR	2
da6c28aaSamw#define	DECODE_CONVERSION_ERROR	3
da6c28aaSamw
3db3f65cSamwstatic int mbc_marshal_make_room(mbuf_chain_t *, int32_t);
3db3f65cSamwstatic void mbc_marshal_store_byte(mbuf_chain_t *, uint8_t);
3db3f65cSamwstatic int mbc_marshal_put_char(mbuf_chain_t *mbc, uint8_t);
3db3f65cSamwstatic int mbc_marshal_put_short(mbuf_chain_t *mbc, uint16_t);
3db3f65cSamwstatic int mbc_marshal_put_long(mbuf_chain_t *mbc, uint32_t);
3db3f65cSamwstatic int mbc_marshal_put_long_long(mbuf_chain_t *mbc, uint64_t);
7d1ffc32SGordon Rossstatic int mbc_marshal_put_oem_string(mbuf_chain_t *, char *, int);
3db3f65cSamwstatic int mbc_marshal_put_unicode_string(mbuf_chain_t *, char *, int);
3db3f65cSamwstatic int mbc_marshal_put_uio(mbuf_chain_t *, struct uio *);
3db3f65cSamwstatic int mbc_marshal_put_mbufs(mbuf_chain_t *mbc, mbuf_t *m);
3db3f65cSamwstatic int mbc_marshal_put_mbuf_chain(mbuf_chain_t *mbc, mbuf_chain_t *nmbc);
3db3f65cSamwstatic uint8_t mbc_marshal_fetch_byte(mbuf_chain_t *mbc);
3db3f65cSamwstatic int mbc_marshal_get_char(mbuf_chain_t *mbc, uint8_t *data);
3db3f65cSamwstatic int mbc_marshal_get_short(mbuf_chain_t *mbc, uint16_t *data);
3db3f65cSamwstatic int mbc_marshal_get_long(mbuf_chain_t *mbc, uint32_t *data);
3db3f65cSamwstatic uint64_t qswap(uint64_t ll);
3db3f65cSamwstatic int mbc_marshal_get_odd_long_long(mbuf_chain_t *mbc, uint64_t *data);
3db3f65cSamwstatic int mbc_marshal_get_long_long(mbuf_chain_t *mbc, uint64_t *data);
07a6ae61SGordon Rossstatic int mbc_marshal_get_oem_string(smb_request_t *, mbuf_chain_t *,
07a6ae61SGordon Ross    char **, int);
bbf6f00cSJordan Brownstatic int mbc_marshal_get_unicode_string(smb_request_t *, mbuf_chain_t *,
07a6ae61SGordon Ross    char **, int);
3db3f65cSamwstatic int mbc_marshal_get_mbufs(mbuf_chain_t *, int32_t, mbuf_t **);
3db3f65cSamwstatic int mbc_marshal_get_mbuf_chain(mbuf_chain_t *, int32_t, mbuf_chain_t *);
3db3f65cSamwstatic int mbc_marshal_get_uio(mbuf_chain_t *, struct uio *);
3db3f65cSamwstatic int mbc_marshal_get_skip(mbuf_chain_t *, uint_t);
da6c28aaSamw
da6c28aaSamw/*
3db3f65cSamw * smb_mbc_vdecodef
da6c28aaSamw *
3db3f65cSamw * This function reads the contents of the mbc chain passed in under the list
3db3f65cSamw * of arguments passed in.
da6c28aaSamw *
da6c28aaSamw * The format string provides a description of the parameters passed in as well
3db3f65cSamw * as an action to be taken by smb_mbc_vdecodef().
da6c28aaSamw *
da6c28aaSamw *	%	Pointer to an SMB request structure (smb_request_t *). There
da6c28aaSamw *		should be only one of these in the string.
da6c28aaSamw *
da6c28aaSamw *	C	Pointer to an mbuf chain. Copy to that mbuf chain the number of
da6c28aaSamw *		bytes specified (number preceding C).
da6c28aaSamw *
da6c28aaSamw *	m	Pointer to an mbuf. Copy to that mbuf the number of bytes
da6c28aaSamw *		specified (number preceding m).
da6c28aaSamw *
da6c28aaSamw *	M	Read the 32 bit value at the current location of the mbuf chain
a90cf9f2SGordon Ross *		and check if it matches the signature of an SMB1 request (SMBx).
a90cf9f2SGordon Ross *
a90cf9f2SGordon Ross *	N	Read the 32 bit value at the current location of the mbuf chain
a90cf9f2SGordon Ross *		and check if it matches the signature of an SMB2 request (SMBx).
da6c28aaSamw *
da6c28aaSamw *	b	Pointer to a buffer. Copy to that buffer the number of bytes
da6c28aaSamw *		specified (number preceding b).
da6c28aaSamw *
da6c28aaSamw *	c	Same as 'b'.
da6c28aaSamw *
da6c28aaSamw *	w	Pointer to a word (16bit value). Copy the next 16bit value into
da6c28aaSamw *		that location.
da6c28aaSamw *
da6c28aaSamw *	l	Pointer to a long (32bit value). Copy the next 32bit value into
da6c28aaSamw *		that location.
da6c28aaSamw *
da6c28aaSamw *	q	Pointer to a quad (64bit value). Copy the next 64bit value into
da6c28aaSamw *		that location.
da6c28aaSamw *
da6c28aaSamw *	Q	Same as above with a call to qswap().
da6c28aaSamw *
da6c28aaSamw *	B	Pointer to a vardata_block structure. That structure is used to
da6c28aaSamw *		retrieve data from the mbuf chain (an iovec type structure is
da6c28aaSamw *		embedded in a vardata_block).
da6c28aaSamw *
da6c28aaSamw *	D	Pointer to a vardata_block structure. That structure is used to
da6c28aaSamw *		retrieve data from the mbuf chain, however, two fields of the
da6c28aaSamw *		vardata_block structure (tag and len) are first initialized
da6c28aaSamw *		using the mbuf chain itself.
da6c28aaSamw *
da6c28aaSamw *	V	Same as 'D'.
da6c28aaSamw *
da6c28aaSamw *	L
da6c28aaSamw *
da6c28aaSamw *	A
da6c28aaSamw *
da6c28aaSamw *	P	Same as 'A'
da6c28aaSamw *
da6c28aaSamw *	S	Same as 'A'
da6c28aaSamw *
da6c28aaSamw *	u	Pointer to a string pointer. Allocate memory and retrieve the
da6c28aaSamw *		string at the current location in the mbuf chain. Store the
da6c28aaSamw *		address to the buffer allocated at the address specified by
da6c28aaSamw *		the pointer. In addition if an sr was passed and it indicates
da6c28aaSamw *		that the string is an unicode string, convert it.
da6c28aaSamw *
da6c28aaSamw *	s	Same as 'u' without convertion.
da6c28aaSamw *
da6c28aaSamw *	U	Same as 'u'. The string to retrieve is unicode.
da6c28aaSamw *
da6c28aaSamw *	y	Pointer to a 32bit value. Read the dos time at the current mbuf
da6c28aaSamw *		chain location, convert it to unix time and store it at the
da6c28aaSamw *		location indicated by the pointer.
da6c28aaSamw *
da6c28aaSamw *	Y	Same as 'y' bt the dos time coded in the mbuf chain is inverted.
da6c28aaSamw *
da6c28aaSamw *	.	Skip the number of bytes indicated by the number preceding '.'.
da6c28aaSamw *
da6c28aaSamw *	,	Same as '.' but take in account it is an unicode string.
da6c28aaSamw */
da6c28aaSamwint
a90cf9f2SGordon Rosssmb_mbc_vdecodef(mbuf_chain_t *mbc, const char *fmt, va_list ap)
da6c28aaSamw{
3db3f65cSamw	uint8_t		c;
3db3f65cSamw	uint8_t		cval;
3db3f65cSamw	uint8_t		*cvalp;
07a6ae61SGordon Ross	char		**charpp;
2c2961f8Sjose borrego	uint16_t	wval;
3db3f65cSamw	uint16_t	*wvalp;
da6c28aaSamw	uint32_t	*lvalp;
da6c28aaSamw	uint64_t	*llvalp;
3db3f65cSamw	smb_vdb_t	*vdp;
3db3f65cSamw	smb_request_t	*sr = NULL;
da6c28aaSamw	uint32_t	lval;
da6c28aaSamw	int		unicode = 0;
da6c28aaSamw	int		repc;
12b65585SGordon Ross	boolean_t	repc_specified;
da6c28aaSamw
da6c28aaSamw	while ((c = *fmt++) != 0) {
12b65585SGordon Ross		repc_specified = B_FALSE;
da6c28aaSamw		repc = 1;
da6c28aaSamw
da6c28aaSamw		if ('0' <= c && c <= '9') {
da6c28aaSamw			repc = 0;
da6c28aaSamw			do {
da6c28aaSamw				repc = repc * 10 + c - '0';
da6c28aaSamw				c = *fmt++;
da6c28aaSamw			} while ('0' <= c && c <= '9');
12b65585SGordon Ross			repc_specified = B_TRUE;
da6c28aaSamw		} else if (c == '#') {
da6c28aaSamw			repc = va_arg(ap, int);
da6c28aaSamw			c = *fmt++;
12b65585SGordon Ross			repc_specified = B_TRUE;
da6c28aaSamw		}
da6c28aaSamw
da6c28aaSamw		switch (c) {
da6c28aaSamw		case '%':
da6c28aaSamw			sr = va_arg(ap, struct smb_request *);
a90cf9f2SGordon Ross			if (sr->session->dialect >= SMB_VERS_2_BASE) {
a90cf9f2SGordon Ross				unicode = 1;
a90cf9f2SGordon Ross				break;
a90cf9f2SGordon Ross			}
da6c28aaSamw			unicode = sr->smb_flg2 & SMB_FLAGS2_UNICODE;
da6c28aaSamw			break;
da6c28aaSamw
da6c28aaSamw		case 'C':	/* Mbuf_chain */
da6c28aaSamw			if (mbc_marshal_get_mbuf_chain(mbc, repc,
3db3f65cSamw			    va_arg(ap, mbuf_chain_t *)) != 0)
3db3f65cSamw				return (-1);
da6c28aaSamw			break;
da6c28aaSamw
da6c28aaSamw		case 'm':	/* struct_mbuf */
da6c28aaSamw			if (mbc_marshal_get_mbufs(mbc, repc,
3db3f65cSamw			    va_arg(ap, mbuf_t **)) != 0)
3db3f65cSamw				return (-1);
da6c28aaSamw			break;
da6c28aaSamw
da6c28aaSamw		case 'M':
3db3f65cSamw			if (mbc_marshal_get_long(mbc, &lval) != 0)
3db3f65cSamw				return (-1);
da6c28aaSamw			if (lval != 0x424D53FF) /* 0xFF S M B */
3db3f65cSamw				return (-1);
da6c28aaSamw			break;
da6c28aaSamw
a90cf9f2SGordon Ross		case 'N':
a90cf9f2SGordon Ross			if (mbc_marshal_get_long(mbc, &lval) != 0)
a90cf9f2SGordon Ross				return (-1);
a90cf9f2SGordon Ross			if (lval != 0x424D53FE) /* 0xFE S M B */
a90cf9f2SGordon Ross				return (-1);
a90cf9f2SGordon Ross			break;
a90cf9f2SGordon Ross
da6c28aaSamw		case 'b':
da6c28aaSamw		case 'c':
3db3f65cSamw			cvalp = va_arg(ap, uint8_t *);
3db3f65cSamw			if (MBC_ROOM_FOR(mbc, repc) == 0)
da6c28aaSamw				/* Data will never be available */
3db3f65cSamw				return (-1);
3db3f65cSamw
da6c28aaSamw			while (repc-- > 0)
da6c28aaSamw				*cvalp++ = mbc_marshal_fetch_byte(mbc);
da6c28aaSamw			break;
da6c28aaSamw
da6c28aaSamw		case 'w':
3db3f65cSamw			wvalp = va_arg(ap, uint16_t *);
da6c28aaSamw			while (repc-- > 0)
da6c28aaSamw				if (mbc_marshal_get_short(mbc, wvalp++) != 0)
3db3f65cSamw					return (-1);
da6c28aaSamw			break;
da6c28aaSamw
da6c28aaSamw		case 'l':
da6c28aaSamw			lvalp = va_arg(ap, uint32_t *);
da6c28aaSamw			while (repc-- > 0)
da6c28aaSamw				if (mbc_marshal_get_long(mbc, lvalp++) != 0)
3db3f65cSamw					return (-1);
da6c28aaSamw			break;
da6c28aaSamw
da6c28aaSamw		case 'q':
da6c28aaSamw			llvalp = va_arg(ap, uint64_t *);
da6c28aaSamw			while (repc-- > 0)
da6c28aaSamw				if (mbc_marshal_get_long_long(
da6c28aaSamw				    mbc, llvalp++) != 0)
3db3f65cSamw					return (-1);
da6c28aaSamw			break;
da6c28aaSamw
da6c28aaSamw		case 'Q':
da6c28aaSamw			llvalp = va_arg(ap, uint64_t *);
da6c28aaSamw			while (repc-- > 0)
da6c28aaSamw				if (mbc_marshal_get_odd_long_long(
da6c28aaSamw				    mbc, llvalp++) != 0)
3db3f65cSamw					return (-1);
da6c28aaSamw			break;
da6c28aaSamw
da6c28aaSamw		case 'B':
da6c28aaSamw			vdp = va_arg(ap, struct vardata_block *);
2c2961f8Sjose borrego			vdp->vdb_tag = 0;
2c2961f8Sjose borrego			vdp->vdb_len = repc;
2c2961f8Sjose borrego			vdp->vdb_uio.uio_iov = &vdp->vdb_iovec[0];
2c2961f8Sjose borrego			vdp->vdb_uio.uio_iovcnt = MAX_IOVEC;
f96bd5c8SAlan Wright			vdp->vdb_uio.uio_extflg = UIO_COPY_DEFAULT;
2c2961f8Sjose borrego			vdp->vdb_uio.uio_resid = repc;
2c2961f8Sjose borrego			if (mbc_marshal_get_uio(mbc, &vdp->vdb_uio) != 0)
3db3f65cSamw				return (-1);
da6c28aaSamw			break;
da6c28aaSamw
3db3f65cSamw		case 'D':
3db3f65cSamw		case 'V':
da6c28aaSamw			vdp = va_arg(ap, struct vardata_block *);
2c2961f8Sjose borrego			if (mbc_marshal_get_char(mbc, &vdp->vdb_tag) != 0)
3db3f65cSamw				return (-1);
2c2961f8Sjose borrego			if (mbc_marshal_get_short(mbc, &wval) != 0)
3db3f65cSamw				return (-1);
2c2961f8Sjose borrego			vdp->vdb_len = (uint32_t)wval;
2c2961f8Sjose borrego			vdp->vdb_uio.uio_iov = &vdp->vdb_iovec[0];
2c2961f8Sjose borrego			vdp->vdb_uio.uio_iovcnt = MAX_IOVEC;
f96bd5c8SAlan Wright			vdp->vdb_uio.uio_extflg = UIO_COPY_DEFAULT;
2c2961f8Sjose borrego			vdp->vdb_uio.uio_resid = vdp->vdb_len;
2c2961f8Sjose borrego			if (vdp->vdb_len != 0) {
2c2961f8Sjose borrego				if (mbc_marshal_get_uio(mbc,
2c2961f8Sjose borrego				    &vdp->vdb_uio) != 0)
3db3f65cSamw					return (-1);
da6c28aaSamw			}
da6c28aaSamw			break;
da6c28aaSamw
da6c28aaSamw		case 'L':
da6c28aaSamw			if (mbc_marshal_get_char(mbc, &cval) != 0)
3db3f65cSamw				return (-1);
da6c28aaSamw			if (cval != 2)
3db3f65cSamw				return (-1);
07a6ae61SGordon Ross			goto oem_conversion;
da6c28aaSamw
3db3f65cSamw		case 'A':
3db3f65cSamw		case 'S':
da6c28aaSamw			if (mbc_marshal_get_char(mbc, &cval) != 0)
3db3f65cSamw				return (-1);
da6c28aaSamw			if (((c == 'A' || c == 'S') && cval != 4) ||
3db3f65cSamw			    (c == 'L' && cval != 2))
3db3f65cSamw				return (-1);
da6c28aaSamw			/* FALLTHROUGH */
da6c28aaSamw
da6c28aaSamw		case 'u': /* Convert from unicode if flags are set */
da6c28aaSamw			if (unicode)
da6c28aaSamw				goto unicode_translation;
da6c28aaSamw			/* FALLTHROUGH */
da6c28aaSamw
7d1ffc32SGordon Ross		case 's':	/* get OEM string */
07a6ae61SGordon Rossoem_conversion:
da6c28aaSamw			ASSERT(sr != NULL);
07a6ae61SGordon Ross			charpp = va_arg(ap, char **);
12b65585SGordon Ross			if (!repc_specified)
da6c28aaSamw				repc = 0;
07a6ae61SGordon Ross			if (mbc_marshal_get_oem_string(sr,
07a6ae61SGordon Ross			    mbc, charpp, repc) != 0)
3db3f65cSamw				return (-1);
da6c28aaSamw			break;
da6c28aaSamw
7d1ffc32SGordon Ross		case 'U':	/* get UTF-16 string */
da6c28aaSamwunicode_translation:
da6c28aaSamw			ASSERT(sr != 0);
07a6ae61SGordon Ross			charpp = va_arg(ap, char **);
12b65585SGordon Ross			if (!repc_specified)
da6c28aaSamw				repc = 0;
bbf6f00cSJordan Brown			if (mbc_marshal_get_unicode_string(sr,
07a6ae61SGordon Ross			    mbc, charpp, repc) != 0)
3db3f65cSamw				return (-1);
da6c28aaSamw			break;
da6c28aaSamw
da6c28aaSamw		case 'Y': /* dos time to unix time tt/dd */
da6c28aaSamw			lvalp = va_arg(ap, uint32_t *);
da6c28aaSamw			while (repc-- > 0) {
da6c28aaSamw				short	d, t;
da6c28aaSamw
da6c28aaSamw				if (mbc_marshal_get_short(mbc,
3db3f65cSamw				    (uint16_t *)&t) != 0)
3db3f65cSamw					return (-1);
da6c28aaSamw				if (mbc_marshal_get_short(mbc,
3db3f65cSamw				    (uint16_t *)&d) != 0)
3db3f65cSamw					return (-1);
e3f2c991SKeyur Desai				*lvalp++ = smb_time_dos_to_unix(d, t);
da6c28aaSamw			}
da6c28aaSamw			break;
da6c28aaSamw
da6c28aaSamw		case 'y': /* dos time to unix time dd/tt */
da6c28aaSamw			lvalp = va_arg(ap, uint32_t *);
da6c28aaSamw			while (repc-- > 0) {
da6c28aaSamw				short	d, t;
da6c28aaSamw
da6c28aaSamw				if (mbc_marshal_get_short(mbc,
3db3f65cSamw				    (uint16_t *)&d) != 0)
3db3f65cSamw					return (-1);
da6c28aaSamw				if (mbc_marshal_get_short(mbc,
3db3f65cSamw				    (uint16_t *)&t) != 0)
3db3f65cSamw					return (-1);
e3f2c991SKeyur Desai				*lvalp++ = smb_time_dos_to_unix(d, t);
da6c28aaSamw			}
da6c28aaSamw			break;
da6c28aaSamw
da6c28aaSamw		case ',':
da6c28aaSamw			if (unicode)
da6c28aaSamw				repc *= 2;
da6c28aaSamw			/* FALLTHROUGH */
da6c28aaSamw
da6c28aaSamw		case '.':
da6c28aaSamw			if (mbc_marshal_get_skip(mbc, repc) != 0)
3db3f65cSamw				return (-1);
da6c28aaSamw			break;
3db3f65cSamw
3db3f65cSamw		default:
3db3f65cSamw			ASSERT(0);
3db3f65cSamw			return (-1);
da6c28aaSamw		}
da6c28aaSamw	}
da6c28aaSamw	return (0);
da6c28aaSamw}
da6c28aaSamw
3db3f65cSamw/*
3db3f65cSamw * smb_mbc_decodef
3db3f65cSamw *
3db3f65cSamw * This function reads the contents of the mbc chain passed in under the
3db3f65cSamw * control of the format fmt.
3db3f65cSamw *
3db3f65cSamw * (for a description of the format string see smb_mbc_vencodef()).
3db3f65cSamw */
da6c28aaSamwint
a90cf9f2SGordon Rosssmb_mbc_decodef(mbuf_chain_t *mbc, const char *fmt, ...)
da6c28aaSamw{
da6c28aaSamw	int	xx;
da6c28aaSamw	va_list	ap;
da6c28aaSamw
da6c28aaSamw	va_start(ap, fmt);
3db3f65cSamw	xx = smb_mbc_vdecodef(mbc, fmt, ap);
da6c28aaSamw	va_end(ap);
da6c28aaSamw	return (xx);
da6c28aaSamw}
da6c28aaSamw
3db3f65cSamw/*
3db3f65cSamw * smb_mbc_peek
3db3f65cSamw *
3db3f65cSamw * This function reads the contents of the mbc passed in at the specified offset
3db3f65cSamw * under the control of the format fmt. The offset of the chain passed in is not
3db3f65cSamw * modified.
3db3f65cSamw *
3db3f65cSamw * (for a description of the format string see smb_mbc_vdecodef()).
3db3f65cSamw */
da6c28aaSamwint
a90cf9f2SGordon Rosssmb_mbc_peek(mbuf_chain_t *mbc, int offset, const char *fmt, ...)
da6c28aaSamw{
3db3f65cSamw	mbuf_chain_t	tmp;
da6c28aaSamw	va_list		ap;
3db3f65cSamw	int		xx;
da6c28aaSamw
da6c28aaSamw	va_start(ap, fmt);
da6c28aaSamw
3db3f65cSamw	(void) MBC_SHADOW_CHAIN(&tmp, mbc, offset, mbc->max_bytes - offset);
3db3f65cSamw	xx = smb_mbc_vdecodef(&tmp, fmt, ap);
da6c28aaSamw	va_end(ap);
3db3f65cSamw	return (xx);
da6c28aaSamw}
da6c28aaSamw
da6c28aaSamw/*
3db3f65cSamw * smb_mbc_vencodef
3db3f65cSamw *
3db3f65cSamw * This function builds a stream of bytes in the mbc chain passed in under the
3db3f65cSamw * control of the list of arguments passed in.
da6c28aaSamw *
da6c28aaSamw * The format string provides a description of the parameters passed in as well
3db3f65cSamw * as an action to be taken by smb_mbc_vencodef().
da6c28aaSamw *
da6c28aaSamw *	\b	Restore the mbuf chain offset to its initial value.
da6c28aaSamw *
da6c28aaSamw *	%	Pointer to an SMB request structure (smb_request_t *). There
da6c28aaSamw *		should be only one of these in the string. If an sr in present
da6c28aaSamw *		it will be used to determine if unicode conversion should be
da6c28aaSamw *		applied to the strings.
da6c28aaSamw *
da6c28aaSamw *	C	Pointer to an mbuf chain. Copy that mbuf chain into the
da6c28aaSamw *		destination mbuf chain.
da6c28aaSamw *
da6c28aaSamw *	D	Pointer to a vardata_block structure. Copy the data described
da6c28aaSamw *		by that structure into the mbuf chain. The tag field is hard
da6c28aaSamw *		coded to '1'.
da6c28aaSamw *
a90cf9f2SGordon Ross *	M	Write the SMB1 request signature ('SMBX') into the mbuf chain.
a90cf9f2SGordon Ross *
a90cf9f2SGordon Ross *	N	Write the SMB2 request signature ('SMBX') into the mbuf chain.
da6c28aaSamw *
da6c28aaSamw *	T	Pointer to a timestruc_t. Convert the content of the structure
da6c28aaSamw *		into NT time and store the result of the conversion in the
da6c28aaSamw *		mbuf chain.
da6c28aaSamw *
da6c28aaSamw *	V	Same as 'D' but the tag field is hard coded to '5'.
da6c28aaSamw *
da6c28aaSamw *	b	Byte. Store the byte or the nymber of bytes specified into the
da6c28aaSamw *		the mbuf chain. A format string like this "2b" would require 2
da6c28aaSamw *		bytes to be passed in.
da6c28aaSamw *
da6c28aaSamw *	m	Pointer to an mbuf. Copy the contents of the mbuf into the mbuf
da6c28aaSamw *		chain.
da6c28aaSamw *
da6c28aaSamw *	c	Pointer to a buffer. Copy the buffer into the mbuf chain. The
da6c28aaSamw *		size of the buffer is indicated by the number preceding 'c'.
da6c28aaSamw *
da6c28aaSamw *	w	Word (16bit value). Store the word or the number of words
da6c28aaSamw *              specified into the the mbuf chain. A format string like this
da6c28aaSamw *		"2w" would require 2 words to be passed in.
da6c28aaSamw *
da6c28aaSamw *	l	Long (32bit value). Store the long or the number of longs
da6c28aaSamw *		specified into the the mbuf chain. A format string like this
da6c28aaSamw *		"2l" would require 2 longs to be passed in.
da6c28aaSamw *
da6c28aaSamw *	q	Quad (64bit value). Store the quad or the number of quads
da6c28aaSamw *		specified into the the mbuf chain. A format string like this
da6c28aaSamw *		"2q" would require 2 quads to be passed in.
da6c28aaSamw *
da6c28aaSamw *	L	Pointer to a string. Store the string passed in into the mbuf
da6c28aaSamw *		chain preceded with a tag value of '2'.
da6c28aaSamw *
da6c28aaSamw *	S	Pointer to a string. Store the string passed in into the mbuf
da6c28aaSamw *		chain preceded with a tag value of '4'. Applied a unicode
da6c28aaSamw *		conversion is appropriate.
da6c28aaSamw *
da6c28aaSamw *	A	Same as 'S'
da6c28aaSamw *
da6c28aaSamw *	P	Pointer to a string. Store the string passed in into the mbuf
da6c28aaSamw *		chain preceded with a tag value of '5'. Applied a unicode
da6c28aaSamw *		conversion is appropriate.
da6c28aaSamw *
da6c28aaSamw *	u	Pointer to a string. Store the string passed in into the mbuf
da6c28aaSamw *		chain. Applied a unicode conversion is appropriate.
da6c28aaSamw *
da6c28aaSamw *	s	Pointer to a string. Store the string passed in into the mbuf
da6c28aaSamw *		chain.
da6c28aaSamw *
da6c28aaSamw *	Y	Date/Time.  Store the Date/Time or the number of Date/Time(s)
da6c28aaSamw *		specified into the the mbuf chain. A format string like this
da6c28aaSamw *		"2Y" would require 2 Date/Time values. The Date/Time is
da6c28aaSamw *		converted to DOS before storing.
da6c28aaSamw *
da6c28aaSamw *	y	Same as 'Y'. The order of Date and Time is reversed.
da6c28aaSamw *
da6c28aaSamw *	,	Character. Store the character or number of character specified
da6c28aaSamw *		into the mbuf chain.  A format string like this "2c" would
da6c28aaSamw *		require 2 characters to be passed in. A unicode conversion is
da6c28aaSamw *		applied if appropriate.
da6c28aaSamw *
da6c28aaSamw *	.	Same as '`' without unicode conversion.
da6c28aaSamw *
da6c28aaSamw *	U	Align the offset of the mbuf chain on a 16bit boundary.
da6c28aaSamw */
da6c28aaSamwint
a90cf9f2SGordon Rosssmb_mbc_vencodef(mbuf_chain_t *mbc, const char *fmt, va_list ap)
da6c28aaSamw{
07a6ae61SGordon Ross	char		*charp;
3db3f65cSamw	uint8_t		*cvalp;
da6c28aaSamw	timestruc_t	*tvp;
3db3f65cSamw	smb_vdb_t	*vdp;
3db3f65cSamw	smb_request_t	*sr = NULL;
3db3f65cSamw	uint64_t	llval;
da6c28aaSamw	int64_t		nt_time;
3db3f65cSamw	uint32_t	lval;
3db3f65cSamw	uint_t		tag;
da6c28aaSamw	int		unicode = 0;
12b65585SGordon Ross	int		repc;
12b65585SGordon Ross	boolean_t	repc_specified;
3db3f65cSamw	uint16_t	wval;
3db3f65cSamw	uint8_t		cval;
3db3f65cSamw	uint8_t		c;
da6c28aaSamw
da6c28aaSamw	while ((c = *fmt++) != 0) {
12b65585SGordon Ross		repc_specified = B_FALSE;
da6c28aaSamw		repc = 1;
da6c28aaSamw
da6c28aaSamw		if ('0' <= c && c <= '9') {
da6c28aaSamw			repc = 0;
da6c28aaSamw			do {
da6c28aaSamw				repc = repc * 10 + c - '0';
da6c28aaSamw				c = *fmt++;
da6c28aaSamw			} while ('0' <= c && c <= '9');
12b65585SGordon Ross			repc_specified = B_TRUE;
da6c28aaSamw		} else if (c == '#') {
da6c28aaSamw			repc = va_arg(ap, int);
da6c28aaSamw			c = *fmt++;
12b65585SGordon Ross			repc_specified = B_TRUE;
da6c28aaSamw		}
da6c28aaSamw
da6c28aaSamw		switch (c) {
da6c28aaSamw		case '%':
da6c28aaSamw			sr = va_arg(ap, struct smb_request *);
a90cf9f2SGordon Ross			if (sr->session->dialect >= SMB_VERS_2_BASE) {
a90cf9f2SGordon Ross				unicode = 1;
a90cf9f2SGordon Ross				break;
a90cf9f2SGordon Ross			}
da6c28aaSamw			unicode = sr->smb_flg2 & SMB_FLAGS2_UNICODE;
da6c28aaSamw			break;
da6c28aaSamw
da6c28aaSamw		case 'C':	/* Mbuf_chain */
da6c28aaSamw			if (mbc_marshal_put_mbuf_chain(mbc,
3db3f65cSamw			    va_arg(ap, mbuf_chain_t *)) != 0)
da6c28aaSamw				return (DECODE_NO_MORE_DATA);
da6c28aaSamw			break;
da6c28aaSamw
da6c28aaSamw		case 'D':
da6c28aaSamw			vdp = va_arg(ap, struct vardata_block *);
da6c28aaSamw
da6c28aaSamw			if (mbc_marshal_put_char(mbc, 1) != 0)
da6c28aaSamw				return (DECODE_NO_MORE_DATA);
2c2961f8Sjose borrego			if (mbc_marshal_put_short(mbc, vdp->vdb_len) != 0)
da6c28aaSamw				return (DECODE_NO_MORE_DATA);
2c2961f8Sjose borrego			if (mbc_marshal_put_uio(mbc, &vdp->vdb_uio) != 0)
da6c28aaSamw				return (DECODE_NO_MORE_DATA);
da6c28aaSamw			break;
da6c28aaSamw
da6c28aaSamw		case 'M':
da6c28aaSamw			/* 0xFF S M B */
da6c28aaSamw			if (mbc_marshal_put_long(mbc, 0x424D53FF))
da6c28aaSamw				return (DECODE_NO_MORE_DATA);
da6c28aaSamw			break;
da6c28aaSamw
a90cf9f2SGordon Ross		case 'N':
a90cf9f2SGordon Ross			/* 0xFE S M B */
a90cf9f2SGordon Ross			if (mbc_marshal_put_long(mbc, 0x424D53FE))
a90cf9f2SGordon Ross				return (DECODE_NO_MORE_DATA);
a90cf9f2SGordon Ross			break;
a90cf9f2SGordon Ross
da6c28aaSamw		case 'T':
da6c28aaSamw			tvp = va_arg(ap, timestruc_t *);
e3f2c991SKeyur Desai			nt_time = smb_time_unix_to_nt(tvp);
da6c28aaSamw			if (mbc_marshal_put_long_long(mbc, nt_time) != 0)
da6c28aaSamw				return (DECODE_NO_MORE_DATA);
da6c28aaSamw			break;
da6c28aaSamw
da6c28aaSamw		case 'V':
da6c28aaSamw			vdp = va_arg(ap, struct vardata_block *);
da6c28aaSamw
da6c28aaSamw			if (mbc_marshal_put_char(mbc, 5) != 0)
da6c28aaSamw				return (DECODE_NO_MORE_DATA);
2c2961f8Sjose borrego			if (mbc_marshal_put_short(mbc, vdp->vdb_len) != 0)
da6c28aaSamw				return (DECODE_NO_MORE_DATA);
2c2961f8Sjose borrego			if (mbc_marshal_put_uio(mbc, &vdp->vdb_uio) != 0)
da6c28aaSamw				return (DECODE_NO_MORE_DATA);
da6c28aaSamw			break;
da6c28aaSamw
da6c28aaSamw		case 'b':
da6c28aaSamw			while (repc-- > 0) {
da6c28aaSamw				cval = va_arg(ap, int);
da6c28aaSamw				if (mbc_marshal_put_char(mbc, cval) != 0)
da6c28aaSamw					return (DECODE_NO_MORE_DATA);
da6c28aaSamw			}
da6c28aaSamw			break;
da6c28aaSamw
da6c28aaSamw		case 'm':	/* struct_mbuf */
da6c28aaSamw			if (mbc_marshal_put_mbufs(mbc,
3db3f65cSamw			    va_arg(ap, mbuf_t *)) != 0)
da6c28aaSamw				return (DECODE_NO_MORE_DATA);
da6c28aaSamw			break;
da6c28aaSamw
da6c28aaSamw		case 'c':
3db3f65cSamw			cvalp = va_arg(ap, uint8_t *);
da6c28aaSamw			while (repc-- > 0) {
da6c28aaSamw				if (mbc_marshal_put_char(mbc,
da6c28aaSamw				    *cvalp++) != 0)
da6c28aaSamw					return (DECODE_NO_MORE_DATA);
da6c28aaSamw			}
da6c28aaSamw			break;
da6c28aaSamw
da6c28aaSamw		case 'w':
da6c28aaSamw			while (repc-- > 0) {
da6c28aaSamw				wval = va_arg(ap, int);
da6c28aaSamw				if (mbc_marshal_put_short(mbc, wval) != 0)
da6c28aaSamw					return (DECODE_NO_MORE_DATA);
da6c28aaSamw			}
da6c28aaSamw			break;
da6c28aaSamw
da6c28aaSamw		case 'l':
da6c28aaSamw			while (repc-- > 0) {
da6c28aaSamw				lval = va_arg(ap, uint32_t);
da6c28aaSamw				if (mbc_marshal_put_long(mbc, lval) != 0)
da6c28aaSamw					return (DECODE_NO_MORE_DATA);
da6c28aaSamw			}
da6c28aaSamw			break;
da6c28aaSamw
da6c28aaSamw		case 'q':
da6c28aaSamw			while (repc-- > 0) {
da6c28aaSamw				llval = va_arg(ap, uint64_t);
da6c28aaSamw				if (mbc_marshal_put_long_long(mbc, llval) != 0)
da6c28aaSamw					return (DECODE_NO_MORE_DATA);
da6c28aaSamw			}
da6c28aaSamw			break;
da6c28aaSamw
da6c28aaSamw
da6c28aaSamw		case 'L':
da6c28aaSamw			tag = 2;
07a6ae61SGordon Ross			goto oem_conversion;
da6c28aaSamw
da6c28aaSamw		case 'S':
3db3f65cSamw		case 'A':
3db3f65cSamw			tag = 4;
3db3f65cSamw			goto tagged_str;
3db3f65cSamw
3db3f65cSamw		case 'P':
3db3f65cSamw			tag = 3;
3db3f65cSamw			goto tagged_str;
3db3f65cSamw
da6c28aaSamw		tagged_str:
da6c28aaSamw			if (mbc_marshal_put_char(mbc, tag) != 0)
da6c28aaSamw				return (DECODE_NO_MORE_DATA);
da6c28aaSamw			/* FALLTHROUGH */
da6c28aaSamw
da6c28aaSamw		case 'u':	/* Convert from unicode if flags are set */
da6c28aaSamw			if (unicode)
da6c28aaSamw				goto unicode_translation;
da6c28aaSamw			/* FALLTHROUGH */
da6c28aaSamw
7d1ffc32SGordon Ross		case 's':	/* put OEM string */
07a6ae61SGordon Rossoem_conversion:
07a6ae61SGordon Ross			charp = va_arg(ap, char *);
12b65585SGordon Ross			if (!repc_specified)
12b65585SGordon Ross				repc = 0;
7d1ffc32SGordon Ross			if (mbc_marshal_put_oem_string(mbc,
07a6ae61SGordon Ross			    charp, repc) != 0)
07a6ae61SGordon Ross				return (DECODE_NO_MORE_DATA);
07a6ae61SGordon Ross			break;
07a6ae61SGordon Ross
7d1ffc32SGordon Ross		case 'U':	/* put UTF-16 string */
07a6ae61SGordon Rossunicode_translation:
07a6ae61SGordon Ross			charp = va_arg(ap, char *);
07a6ae61SGordon Ross			if (!repc_specified)
07a6ae61SGordon Ross				repc = 0;
07a6ae61SGordon Ross			if (mbc_marshal_put_unicode_string(mbc,
07a6ae61SGordon Ross			    charp, repc) != 0)
da6c28aaSamw				return (DECODE_NO_MORE_DATA);
da6c28aaSamw			break;
da6c28aaSamw
da6c28aaSamw		case 'Y':		/* int32_t, encode dos date/time */
da6c28aaSamw			while (repc-- > 0) {
3db3f65cSamw				uint16_t	d, t;
da6c28aaSamw
da6c28aaSamw				lval = va_arg(ap, uint32_t);
e3f2c991SKeyur Desai				smb_time_unix_to_dos(lval,
da6c28aaSamw				    (short *)&d, (short *)&t);
da6c28aaSamw				if (mbc_marshal_put_short(mbc, t) != 0)
da6c28aaSamw					return (DECODE_NO_MORE_DATA);
da6c28aaSamw				if (mbc_marshal_put_short(mbc, d) != 0)
da6c28aaSamw					return (DECODE_NO_MORE_DATA);
da6c28aaSamw			}
da6c28aaSamw			break;
da6c28aaSamw
da6c28aaSamw		case 'y':		/* int32_t, encode dos date/time */
da6c28aaSamw			while (repc-- > 0) {
3db3f65cSamw				uint16_t	d, t;
da6c28aaSamw
da6c28aaSamw				lval = va_arg(ap, uint32_t);
e3f2c991SKeyur Desai				smb_time_unix_to_dos(lval,
da6c28aaSamw				    (short *)&d, (short *)&t);
da6c28aaSamw				if (mbc_marshal_put_short(mbc, d) != 0)
da6c28aaSamw					return (DECODE_NO_MORE_DATA);
da6c28aaSamw				if (mbc_marshal_put_short(mbc, t) != 0)
da6c28aaSamw					return (DECODE_NO_MORE_DATA);
da6c28aaSamw			}
da6c28aaSamw			break;
da6c28aaSamw
da6c28aaSamw		case ',':
da6c28aaSamw			if (unicode)
da6c28aaSamw				repc *= 2;
da6c28aaSamw			/* FALLTHROUGH */
da6c28aaSamw
da6c28aaSamw		case '.':
da6c28aaSamw			while (repc-- > 0)
da6c28aaSamw				if (mbc_marshal_put_char(mbc, 0) != 0)
da6c28aaSamw					return (DECODE_NO_MORE_DATA);
da6c28aaSamw			break;
da6c28aaSamw
3db3f65cSamw		default:
3db3f65cSamw			ASSERT(0);
3db3f65cSamw			return (-1);
da6c28aaSamw		}
da6c28aaSamw	}
da6c28aaSamw	return (0);
da6c28aaSamw}
da6c28aaSamw
3db3f65cSamw/*
3db3f65cSamw * smb_mbc_encodef
3db3f65cSamw *
3db3f65cSamw * This function builds a stream of bytes in the mbc chain passed in under the
3db3f65cSamw * control of the format fmt.
3db3f65cSamw *
3db3f65cSamw * (for a description of the format string see smb_mbc_vencodef()).
3db3f65cSamw */
da6c28aaSamwint
a90cf9f2SGordon Rosssmb_mbc_encodef(mbuf_chain_t *mbc, const char *fmt, ...)
da6c28aaSamw{
da6c28aaSamw	int	rc;
da6c28aaSamw	va_list	ap;
da6c28aaSamw
da6c28aaSamw	va_start(ap, fmt);
3db3f65cSamw	rc = smb_mbc_vencodef(mbc, fmt, ap);
da6c28aaSamw	va_end(ap);
da6c28aaSamw	return (rc);
da6c28aaSamw}
da6c28aaSamw
3db3f65cSamw/*
3db3f65cSamw * smb_mbc_poke
3db3f65cSamw *
3db3f65cSamw * This function writes a stream of bytes in the mbc passed in at the specified
3db3f65cSamw * offset under the control of the format fmt. The offset of the chain passed in
3db3f65cSamw * is not modified.
3db3f65cSamw *
3db3f65cSamw * (for a description of the format string see smb_mbc_vencodef()).
3db3f65cSamw */
da6c28aaSamwint
a90cf9f2SGordon Rosssmb_mbc_poke(mbuf_chain_t *mbc, int offset, const char *fmt, ...)
da6c28aaSamw{
a90cf9f2SGordon Ross	int		len, rc;
3db3f65cSamw	mbuf_chain_t	tmp;
da6c28aaSamw	va_list		ap;
da6c28aaSamw
a90cf9f2SGordon Ross	if ((len = mbc->max_bytes - offset) < 0)
a90cf9f2SGordon Ross		return (DECODE_NO_MORE_DATA);
a90cf9f2SGordon Ross	rc = MBC_SHADOW_CHAIN(&tmp, mbc, offset, len);
a90cf9f2SGordon Ross	if (rc)
a90cf9f2SGordon Ross		return (DECODE_NO_MORE_DATA);
a90cf9f2SGordon Ross
da6c28aaSamw	va_start(ap, fmt);
a90cf9f2SGordon Ross	rc = smb_mbc_vencodef(&tmp, fmt, ap);
da6c28aaSamw	va_end(ap);
a90cf9f2SGordon Ross
a90cf9f2SGordon Ross	return (rc);
da6c28aaSamw}
3db3f65cSamw
3db3f65cSamw/*
7f3ef643SGordon Ross * Copy data from the src mbuf chain to the dst mbuf chain,
7f3ef643SGordon Ross * at the given offset in the src and current offset in dst,
7f3ef643SGordon Ross * for copy_len bytes.  Does NOT update src->chain_offset.
7f3ef643SGordon Ross */
7f3ef643SGordon Rossint
7f3ef643SGordon Rosssmb_mbc_copy(mbuf_chain_t *dst_mbc, const mbuf_chain_t *src_mbc,
7f3ef643SGordon Ross    int copy_offset, int copy_len)
7f3ef643SGordon Ross{
7f3ef643SGordon Ross	mbuf_t	*src_m;
7f3ef643SGordon Ross	int offset, len;
7f3ef643SGordon Ross	int rc;
7f3ef643SGordon Ross
7f3ef643SGordon Ross	if (copy_len <= 0)
7f3ef643SGordon Ross		return (0);
7f3ef643SGordon Ross	if (copy_offset < 0)
7f3ef643SGordon Ross		return (EINVAL);
7f3ef643SGordon Ross	if ((copy_offset + copy_len) > src_mbc->max_bytes)
7f3ef643SGordon Ross		return (EMSGSIZE);
7f3ef643SGordon Ross
7f3ef643SGordon Ross	/*
7f3ef643SGordon Ross	 * Advance to the src mbuf where we start copying.
7f3ef643SGordon Ross	 */
7f3ef643SGordon Ross	offset = copy_offset;
7f3ef643SGordon Ross	src_m = src_mbc->chain;
7f3ef643SGordon Ross	while (src_m && offset >= src_m->m_len) {
7f3ef643SGordon Ross		offset -= src_m->m_len;
7f3ef643SGordon Ross		src_m = src_m->m_next;
7f3ef643SGordon Ross	}
7f3ef643SGordon Ross	if (src_m == NULL)
7f3ef643SGordon Ross		return (EFAULT);
7f3ef643SGordon Ross
7f3ef643SGordon Ross	/*
7f3ef643SGordon Ross	 * Copy the first part, which may start somewhere past
7f3ef643SGordon Ross	 * the beginning of the current mbuf.
7f3ef643SGordon Ross	 */
7f3ef643SGordon Ross	len = src_m->m_len - offset;
7f3ef643SGordon Ross	if (len > copy_len)
7f3ef643SGordon Ross		len = copy_len;
7f3ef643SGordon Ross	rc = smb_mbc_put_mem(dst_mbc, src_m->m_data + offset, len);
7f3ef643SGordon Ross	if (rc != 0)
7f3ef643SGordon Ross		return (rc);
7f3ef643SGordon Ross	copy_len -= len;
7f3ef643SGordon Ross
7f3ef643SGordon Ross	/*
7f3ef643SGordon Ross	 * Copy remaining mbufs...
7f3ef643SGordon Ross	 */
7f3ef643SGordon Ross	while (copy_len > 0) {
7f3ef643SGordon Ross		src_m = src_m->m_next;
7f3ef643SGordon Ross		if (src_m == NULL)
7f3ef643SGordon Ross			break;
7f3ef643SGordon Ross		len = src_m->m_len;
7f3ef643SGordon Ross		if (len > copy_len)
7f3ef643SGordon Ross			len = copy_len;
7f3ef643SGordon Ross		rc = smb_mbc_put_mem(dst_mbc, src_m->m_data, len);
7f3ef643SGordon Ross		copy_len -= len;
7f3ef643SGordon Ross	}
7f3ef643SGordon Ross
7f3ef643SGordon Ross	return (0);
7f3ef643SGordon Ross}
7f3ef643SGordon Ross
7f3ef643SGordon Ross/*
7f3ef643SGordon Ross * Copy data from the passed memory buffer into the mbuf chain
7f3ef643SGordon Ross * at the current offset.
7f3ef643SGordon Ross */
7f3ef643SGordon Rossint
7f3ef643SGordon Rosssmb_mbc_put_mem(mbuf_chain_t *mbc, void *vmem, int mem_len)
7f3ef643SGordon Ross{
7f3ef643SGordon Ross	caddr_t mem = vmem;
7f3ef643SGordon Ross	mbuf_t	*m;
7f3ef643SGordon Ross	int32_t	offset, tlen;
7f3ef643SGordon Ross	int rc;
7f3ef643SGordon Ross
7f3ef643SGordon Ross	if (mem_len <= 0)
7f3ef643SGordon Ross		return (0);
7f3ef643SGordon Ross
7f3ef643SGordon Ross	if ((rc = mbc_marshal_make_room(mbc, mem_len)) != 0)
7f3ef643SGordon Ross		return (rc);
7f3ef643SGordon Ross
7f3ef643SGordon Ross	/*
7f3ef643SGordon Ross	 * Advance to the dst mbuf where we start copying.
7f3ef643SGordon Ross	 * Allocations were done by _make_room().
7f3ef643SGordon Ross	 */
7f3ef643SGordon Ross	offset = mbc->chain_offset;
7f3ef643SGordon Ross	m = mbc->chain;
7f3ef643SGordon Ross	while (offset >= m->m_len) {
7f3ef643SGordon Ross		ASSERT(m->m_len > 0);
7f3ef643SGordon Ross		offset -= m->m_len;
7f3ef643SGordon Ross		m = m->m_next;
7f3ef643SGordon Ross	}
7f3ef643SGordon Ross
7f3ef643SGordon Ross	/*
7f3ef643SGordon Ross	 * Copy the first part, which may start somewhere past
7f3ef643SGordon Ross	 * the beginning of the current mbuf.
7f3ef643SGordon Ross	 */
7f3ef643SGordon Ross	tlen = m->m_len - offset;
7f3ef643SGordon Ross	if (tlen > mem_len)
7f3ef643SGordon Ross		tlen = mem_len;
7f3ef643SGordon Ross	bcopy(mem, m->m_data + offset, tlen);
7f3ef643SGordon Ross	mbc->chain_offset += tlen;
7f3ef643SGordon Ross	mem += tlen;
7f3ef643SGordon Ross	mem_len -= tlen;
7f3ef643SGordon Ross
7f3ef643SGordon Ross	/*
7f3ef643SGordon Ross	 * Copy remaining mem into mbufs.  These all start
7f3ef643SGordon Ross	 * at the beginning of each mbuf, and the last may
7f3ef643SGordon Ross	 * end somewhere short of m_len.
7f3ef643SGordon Ross	 */
7f3ef643SGordon Ross	while (mem_len > 0) {
7f3ef643SGordon Ross		m = m->m_next;
7f3ef643SGordon Ross		tlen = m->m_len;
7f3ef643SGordon Ross		if (tlen > mem_len)
7f3ef643SGordon Ross			tlen = mem_len;
7f3ef643SGordon Ross		bcopy(mem, m->m_data, tlen);
7f3ef643SGordon Ross		mbc->chain_offset += tlen;
7f3ef643SGordon Ross		mem += tlen;
7f3ef643SGordon Ross		mem_len -= tlen;
7f3ef643SGordon Ross	}
7f3ef643SGordon Ross
7f3ef643SGordon Ross	return (0);
7f3ef643SGordon Ross}
7f3ef643SGordon Ross
7f3ef643SGordon Ross/*
d2488fe8SGordon Ross * Put padding sufficient to align to A, where
d2488fe8SGordon Ross * A is some power of 2 greater than zero.
d2488fe8SGordon Ross */
d2488fe8SGordon Rossint
d2488fe8SGordon Rosssmb_mbc_put_align(mbuf_chain_t *mbc, int align)
d2488fe8SGordon Ross{
d2488fe8SGordon Ross	int mask = align - 1;
d2488fe8SGordon Ross	int padsz;
d2488fe8SGordon Ross
d2488fe8SGordon Ross	ASSERT(align > 0 && (align & mask) == 0);
d2488fe8SGordon Ross	if ((mbc->chain_offset & mask) == 0)
d2488fe8SGordon Ross		return (0);
d2488fe8SGordon Ross	padsz = align - (mbc->chain_offset & mask);
d2488fe8SGordon Ross	return (smb_mbc_encodef(mbc, "#.", padsz));
d2488fe8SGordon Ross}
d2488fe8SGordon Ross
d2488fe8SGordon Ross/*
3db3f65cSamw * Put data into mbuf chain allocating as needed.
3db3f65cSamw * Adds room to end of mbuf chain if needed.
3db3f65cSamw */
3db3f65cSamwstatic int
3db3f65cSamwmbc_marshal_make_room(mbuf_chain_t *mbc, int32_t bytes_needed)
3db3f65cSamw{
3db3f65cSamw	mbuf_t	*m;
*897907ceSGordon Ross	mbuf_t	*last;
3db3f65cSamw	int32_t	bytes_available;
3db3f65cSamw
3db3f65cSamw	bytes_needed += mbc->chain_offset;
3db3f65cSamw	if (bytes_needed > mbc->max_bytes)
3db3f65cSamw		return (EMSGSIZE);
3db3f65cSamw
*897907ceSGordon Ross	/*
*897907ceSGordon Ross	 * First mbuf in chain should have prepend space.
*897907ceSGordon Ross	 * See M_LEADINGSPACE() below.
*897907ceSGordon Ross	 */
*897907ceSGordon Ross	if ((m = mbc->chain) == NULL) {
3db3f65cSamw		MGET(m, M_WAIT, MT_DATA);
3db3f65cSamw		m->m_len = 0;
3db3f65cSamw		MCLGET(m, M_WAIT);
*897907ceSGordon Ross		m->m_data += MH_PREPEND_SPACE;
3db3f65cSamw		mbc->chain = m;
3db3f65cSamw		/* xxxx */
3db3f65cSamw		/* ^    */
3db3f65cSamw	}
3db3f65cSamw
3db3f65cSamw	/* ---- ----- --xx ---xxx */
3db3f65cSamw	/* ^			  */
3db3f65cSamw
*897907ceSGordon Ross	last = NULL;
*897907ceSGordon Ross	while ((m != NULL) && (bytes_needed >= m->m_len)) {
*897907ceSGordon Ross		last = m;
3db3f65cSamw		bytes_needed -= m->m_len;
3db3f65cSamw		m = m->m_next;
3db3f65cSamw	}
3db3f65cSamw
*897907ceSGordon Ross	if ((bytes_needed == 0) || (m != NULL)) {
3db3f65cSamw		/* We have enough room already */
3db3f65cSamw		return (0);
3db3f65cSamw	}
3db3f65cSamw
3db3f65cSamw	/* ---- ----- --xx ---xxx */
3db3f65cSamw	/*			 ^ */
3db3f65cSamw	/* Back up to start of last mbuf */
*897907ceSGordon Ross	m = last;
3db3f65cSamw	bytes_needed += m->m_len;
3db3f65cSamw
3db3f65cSamw	/* ---- ----- --xx ---xxx */
3db3f65cSamw	/*		   ^	  */
*897907ceSGordon Ross	bytes_available = M_SIZE(m) - M_LEADINGSPACE(m);
3db3f65cSamw
3db3f65cSamw	/* ---- ----- --xx ---xxx */
3db3f65cSamw	/*		   ^	  */
3db3f65cSamw	while ((bytes_needed != 0) && (bytes_needed > bytes_available)) {
3db3f65cSamw		m->m_len = bytes_available;
3db3f65cSamw		bytes_needed -= m->m_len;
3db3f65cSamw		/* ---- ----- --xx ------ */
3db3f65cSamw		/*		   ^	  */
3db3f65cSamw
3db3f65cSamw		MGET(m->m_next, M_WAIT, MT_DATA);
3db3f65cSamw		m = m->m_next;
3db3f65cSamw		m->m_len = 0;
3db3f65cSamw		MCLGET(m, M_WAIT);
3db3f65cSamw
*897907ceSGordon Ross		ASSERT(M_LEADINGSPACE(m) == 0);
*897907ceSGordon Ross		bytes_available = M_SIZE(m);
3db3f65cSamw
3db3f65cSamw		/* ---- ----- --xx ------ xxxx */
3db3f65cSamw		/*			  ^    */
3db3f65cSamw	}
3db3f65cSamw
3db3f65cSamw	/* ---- ----- --xx ------ xxxx */
3db3f65cSamw	/*			  ^    */
3db3f65cSamw	/* Expand last tail as needed */
3db3f65cSamw	if (m->m_len <= bytes_needed) {
3db3f65cSamw		m->m_len = bytes_needed;
3db3f65cSamw		/* ---- ----- --xx ------ --xx */
3db3f65cSamw		/*			   ^   */
3db3f65cSamw	}
3db3f65cSamw
3db3f65cSamw	return (0);
3db3f65cSamw}
3db3f65cSamw
3db3f65cSamwstatic void
3db3f65cSamwmbc_marshal_store_byte(mbuf_chain_t *mbc, uint8_t data)
3db3f65cSamw{
3db3f65cSamw	mbuf_t	*m = mbc->chain;
3db3f65cSamw	int32_t	cur_offset = mbc->chain_offset;
3db3f65cSamw
3db3f65cSamw	/*
3db3f65cSamw	 * Scan forward looking for the last data currently in chain.
3db3f65cSamw	 */
3db3f65cSamw	while (cur_offset >= m->m_len) {
3db3f65cSamw		cur_offset -= m->m_len;
3db3f65cSamw		m = m->m_next;
3db3f65cSamw	}
3db3f65cSamw	((char *)m->m_data)[cur_offset] = data;
3db3f65cSamw	mbc->chain_offset++;
3db3f65cSamw}
3db3f65cSamw
3db3f65cSamwstatic int
3db3f65cSamwmbc_marshal_put_char(mbuf_chain_t *mbc, uint8_t data)
3db3f65cSamw{
3db3f65cSamw	if (mbc_marshal_make_room(mbc, sizeof (char)) != 0)
3db3f65cSamw		return (DECODE_NO_MORE_DATA);
3db3f65cSamw	mbc_marshal_store_byte(mbc, data);
3db3f65cSamw	return (0);
3db3f65cSamw}
3db3f65cSamw
3db3f65cSamwstatic int
3db3f65cSamwmbc_marshal_put_short(mbuf_chain_t *mbc, uint16_t data)
3db3f65cSamw{
3db3f65cSamw	if (mbc_marshal_make_room(mbc, sizeof (short)))
3db3f65cSamw		return (DECODE_NO_MORE_DATA);
3db3f65cSamw	mbc_marshal_store_byte(mbc, data);
3db3f65cSamw	mbc_marshal_store_byte(mbc, data >> 8);
3db3f65cSamw	return (0);
3db3f65cSamw}
3db3f65cSamw
3db3f65cSamwstatic int
3db3f65cSamwmbc_marshal_put_long(mbuf_chain_t *mbc, uint32_t data)
3db3f65cSamw{
3db3f65cSamw	if (mbc_marshal_make_room(mbc, sizeof (int32_t)))
3db3f65cSamw		return (DECODE_NO_MORE_DATA);
3db3f65cSamw	mbc_marshal_store_byte(mbc, data);
3db3f65cSamw	mbc_marshal_store_byte(mbc, data >> 8);
3db3f65cSamw	mbc_marshal_store_byte(mbc, data >> 16);
3db3f65cSamw	mbc_marshal_store_byte(mbc, data >> 24);
3db3f65cSamw	return (0);
3db3f65cSamw}
3db3f65cSamw
3db3f65cSamwstatic int
3db3f65cSamwmbc_marshal_put_long_long(mbuf_chain_t *mbc, uint64_t data)
3db3f65cSamw{
3db3f65cSamw	if (mbc_marshal_make_room(mbc, sizeof (int64_t)))
3db3f65cSamw		return (DECODE_NO_MORE_DATA);
3db3f65cSamw
3db3f65cSamw	mbc_marshal_store_byte(mbc, data);
3db3f65cSamw	mbc_marshal_store_byte(mbc, data >> 8);
3db3f65cSamw	mbc_marshal_store_byte(mbc, data >> 16);
3db3f65cSamw	mbc_marshal_store_byte(mbc, data >> 24);
3db3f65cSamw	mbc_marshal_store_byte(mbc, data >> 32);
3db3f65cSamw	mbc_marshal_store_byte(mbc, data >> 40);
3db3f65cSamw	mbc_marshal_store_byte(mbc, data >> 48);
3db3f65cSamw	mbc_marshal_store_byte(mbc, data >> 56);
3db3f65cSamw	return (0);
3db3f65cSamw}
3db3f65cSamw
3db3f65cSamw/*
07a6ae61SGordon Ross * Marshal a UTF-8 string (str) into mbc, converting to OEM codeset.
07a6ae61SGordon Ross * Also write a null unless the repc count limits the length we put.
7d1ffc32SGordon Ross * When (repc > 0) the length we marshal must be exactly repc, and
7d1ffc32SGordon Ross * truncate or pad the mbc data as necessary.
7d1ffc32SGordon Ross * See also: msgbuf_put_oem_string
3db3f65cSamw */
3db3f65cSamwstatic int
7d1ffc32SGordon Rossmbc_marshal_put_oem_string(mbuf_chain_t *mbc, char *mbs, int repc)
3db3f65cSamw{
7d1ffc32SGordon Ross	uint8_t		*oembuf = NULL;
7d1ffc32SGordon Ross	uint8_t		*s;
07a6ae61SGordon Ross	int		oemlen;
7d1ffc32SGordon Ross	int		rlen;
7d1ffc32SGordon Ross	int		rc;
3db3f65cSamw
3db3f65cSamw	/*
7d1ffc32SGordon Ross	 * Compute length of converted OEM string,
7d1ffc32SGordon Ross	 * NOT including null terminator
3db3f65cSamw	 */
7d1ffc32SGordon Ross	if ((oemlen = smb_sbequiv_strlen(mbs)) == -1)
3db3f65cSamw		return (DECODE_NO_MORE_DATA);
3db3f65cSamw
7d1ffc32SGordon Ross	/*
7d1ffc32SGordon Ross	 * If repc not specified, put whole string + NULL,
7d1ffc32SGordon Ross	 * otherwise will truncate or pad as needed.
7d1ffc32SGordon Ross	 */
7d1ffc32SGordon Ross	if (repc <= 0)
7d1ffc32SGordon Ross		repc = oemlen + 1;
07a6ae61SGordon Ross
7d1ffc32SGordon Ross	/*
7d1ffc32SGordon Ross	 * Convert into a temporary buffer
7d1ffc32SGordon Ross	 * Free oembuf before return.
7d1ffc32SGordon Ross	 */
7d1ffc32SGordon Ross	oembuf = smb_mem_zalloc(oemlen + 1);
7d1ffc32SGordon Ross	ASSERT(oembuf != NULL);
7d1ffc32SGordon Ross	rlen = smb_mbstooem(oembuf, mbs, oemlen);
7d1ffc32SGordon Ross	if (rlen < 0) {
7d1ffc32SGordon Ross		rc = DECODE_NO_MORE_DATA;
7d1ffc32SGordon Ross		goto out;
3db3f65cSamw	}
7d1ffc32SGordon Ross	if (rlen > oemlen)
7d1ffc32SGordon Ross		rlen = oemlen;
7d1ffc32SGordon Ross	oembuf[rlen] = '\0';
3db3f65cSamw
7d1ffc32SGordon Ross	/*
7d1ffc32SGordon Ross	 * Copy the converted string into the message,
7d1ffc32SGordon Ross	 * truncated or paded as required.
7d1ffc32SGordon Ross	 */
7d1ffc32SGordon Ross	s = oembuf;
7d1ffc32SGordon Ross	while (repc > 0) {
25a9a7aaSGordon Ross		if (mbc_marshal_make_room(mbc, 1)) {
25a9a7aaSGordon Ross			rc = DECODE_NO_MORE_DATA;
25a9a7aaSGordon Ross			goto out;
25a9a7aaSGordon Ross		}
7d1ffc32SGordon Ross		mbc_marshal_store_byte(mbc, *s);
7d1ffc32SGordon Ross		if (*s != '\0')
7d1ffc32SGordon Ross			s++;
7d1ffc32SGordon Ross		repc--;
7d1ffc32SGordon Ross	}
7d1ffc32SGordon Ross	rc = 0;
7d1ffc32SGordon Ross
7d1ffc32SGordon Rossout:
7d1ffc32SGordon Ross	if (oembuf != NULL)
7d1ffc32SGordon Ross		smb_mem_free(oembuf);
7d1ffc32SGordon Ross	return (rc);
3db3f65cSamw}
3db3f65cSamw
07a6ae61SGordon Ross/*
07a6ae61SGordon Ross * Marshal a UTF-8 string (str) into mbc, converting to UTF-16.
7d1ffc32SGordon Ross * Also write a null unless the repc count limits the length.
7d1ffc32SGordon Ross * When (repc > 0) the length we marshal must be exactly repc,
7d1ffc32SGordon Ross * and truncate or pad the mbc data as necessary.
7d1ffc32SGordon Ross * See also: msgbuf_put_unicode_string
07a6ae61SGordon Ross */
3db3f65cSamwstatic int
7d1ffc32SGordon Rossmbc_marshal_put_unicode_string(mbuf_chain_t *mbc, char *mbs, int repc)
3db3f65cSamw{
7d1ffc32SGordon Ross	smb_wchar_t	*wcsbuf = NULL;
7d1ffc32SGordon Ross	smb_wchar_t	*wp;
25a9a7aaSGordon Ross	smb_wchar_t	wchar;
7d1ffc32SGordon Ross	size_t		wcslen, wcsbytes;
7d1ffc32SGordon Ross	size_t		rlen;
7d1ffc32SGordon Ross	int		rc;
3db3f65cSamw
7d1ffc32SGordon Ross	/* align to word boundary */
7d1ffc32SGordon Ross	if (mbc->chain_offset & 1) {
7d1ffc32SGordon Ross		if (mbc_marshal_make_room(mbc, 1))
3db3f65cSamw			return (DECODE_NO_MORE_DATA);
7d1ffc32SGordon Ross		mbc_marshal_store_byte(mbc, 0);
7d1ffc32SGordon Ross	}
3db3f65cSamw
3db3f65cSamw	/*
7d1ffc32SGordon Ross	 * Compute length of converted UTF-16 string,
7d1ffc32SGordon Ross	 * NOT including null terminator (in bytes).
3db3f65cSamw	 */
7d1ffc32SGordon Ross	wcsbytes = smb_wcequiv_strlen(mbs);
7d1ffc32SGordon Ross	if (wcsbytes == (size_t)-1)
7d1ffc32SGordon Ross		return (DECODE_NO_MORE_DATA);
7d1ffc32SGordon Ross
7d1ffc32SGordon Ross	/*
7d1ffc32SGordon Ross	 * If repc not specified, put whole string + NULL,
7d1ffc32SGordon Ross	 * otherwise will truncate or pad as needed.
7d1ffc32SGordon Ross	 */
7d1ffc32SGordon Ross	if (repc <= 0)
7d1ffc32SGordon Ross		repc = wcsbytes + 2;
7d1ffc32SGordon Ross
7d1ffc32SGordon Ross	/*
7d1ffc32SGordon Ross	 * Convert into a temporary buffer
7d1ffc32SGordon Ross	 * Free wcsbuf before return.
7d1ffc32SGordon Ross	 */
7d1ffc32SGordon Ross	wcslen = wcsbytes / 2;
7d1ffc32SGordon Ross	wcsbuf = smb_mem_zalloc(wcsbytes + 2);
7d1ffc32SGordon Ross	ASSERT(wcsbuf != NULL);
7d1ffc32SGordon Ross	rlen = smb_mbstowcs(wcsbuf, mbs, wcslen);
7d1ffc32SGordon Ross	if (rlen == (size_t)-1) {
7d1ffc32SGordon Ross		rc = DECODE_NO_MORE_DATA;
7d1ffc32SGordon Ross		goto out;
7d1ffc32SGordon Ross	}
7d1ffc32SGordon Ross	if (rlen > wcslen)
7d1ffc32SGordon Ross		rlen = wcslen;
7d1ffc32SGordon Ross	wcsbuf[rlen] = 0;
7d1ffc32SGordon Ross
7d1ffc32SGordon Ross	/*
7d1ffc32SGordon Ross	 * Copy the converted string into the message,
7d1ffc32SGordon Ross	 * truncated or paded as required.  Preserve
7d1ffc32SGordon Ross	 * little-endian order while copying.
7d1ffc32SGordon Ross	 */
7d1ffc32SGordon Ross	wp = wcsbuf;
25a9a7aaSGordon Ross	while (repc >= sizeof (smb_wchar_t)) {
25a9a7aaSGordon Ross		if (mbc_marshal_make_room(mbc, sizeof (smb_wchar_t))) {
25a9a7aaSGordon Ross			rc = DECODE_NO_MORE_DATA;
25a9a7aaSGordon Ross			goto out;
25a9a7aaSGordon Ross		}
25a9a7aaSGordon Ross		wchar = LE_IN16(wp);
3db3f65cSamw		mbc_marshal_store_byte(mbc, wchar);
3db3f65cSamw		mbc_marshal_store_byte(mbc, wchar >> 8);
7d1ffc32SGordon Ross		if (wchar != 0)
7d1ffc32SGordon Ross			wp++;
7d1ffc32SGordon Ross		repc -= sizeof (smb_wchar_t);
3db3f65cSamw	}
25a9a7aaSGordon Ross	if (repc > 0) {
25a9a7aaSGordon Ross		if (mbc_marshal_make_room(mbc, 1)) {
25a9a7aaSGordon Ross			rc = DECODE_NO_MORE_DATA;
25a9a7aaSGordon Ross			goto out;
25a9a7aaSGordon Ross		}
7d1ffc32SGordon Ross		mbc_marshal_store_byte(mbc, 0);
25a9a7aaSGordon Ross	}
7d1ffc32SGordon Ross	rc = 0;
25a9a7aaSGordon Ross
7d1ffc32SGordon Rossout:
7d1ffc32SGordon Ross	if (wcsbuf != NULL)
7d1ffc32SGordon Ross		smb_mem_free(wcsbuf);
7d1ffc32SGordon Ross	return (rc);
3db3f65cSamw}
3db3f65cSamw
*897907ceSGordon Rossstatic void /*ARGSUSED*/
*897907ceSGordon Rossuiorefnoop(mbuf_t *m)
a90cf9f2SGordon Ross{
a90cf9f2SGordon Ross}
a90cf9f2SGordon Ross
3db3f65cSamwstatic int
3db3f65cSamwmbc_marshal_put_uio(mbuf_chain_t *mbc, struct uio *uio)
3db3f65cSamw{
3db3f65cSamw	mbuf_t		**t;
3db3f65cSamw	mbuf_t		*m = NULL;
3db3f65cSamw	struct iovec	*iov = uio->uio_iov;
3db3f65cSamw	int32_t		i, iov_cnt = uio->uio_iovcnt;
3db3f65cSamw
3db3f65cSamw	iov = uio->uio_iov;
3db3f65cSamw	t = &mbc->chain;
3db3f65cSamw	for (i = 0; i < iov_cnt; i++) {
3db3f65cSamw		MGET(m, M_WAIT, MT_DATA);
3db3f65cSamw		m->m_ext.ext_buf = iov->iov_base;
*897907ceSGordon Ross		m->m_ext.ext_free = uiorefnoop;
3db3f65cSamw		m->m_data = m->m_ext.ext_buf;
3db3f65cSamw		m->m_flags |= M_EXT;
3db3f65cSamw		m->m_len = m->m_ext.ext_size = iov->iov_len;
3db3f65cSamw		mbc->max_bytes += m->m_len;
3db3f65cSamw		m->m_next = 0;
3db3f65cSamw		*t = m;
3db3f65cSamw		t = &m->m_next;
3db3f65cSamw		iov++;
3db3f65cSamw	}
3db3f65cSamw	return (0);
3db3f65cSamw}
3db3f65cSamw
*897907ceSGordon Rossint smb_mbuf_put_copy_threshold = 128;
*897907ceSGordon Ross/*
*897907ceSGordon Ross * Append an mbuf to the chain at chain_offset, with some optimizations:
*897907ceSGordon Ross * If the chain is empty, just set the head (done).
*897907ceSGordon Ross * If m is no larger than the copy threshold, copy.
*897907ceSGordon Ross * Always consumes (or free's) the mbuf passed in.
*897907ceSGordon Ross */
3db3f65cSamwstatic int
*897907ceSGordon Rossmbc_marshal_put_mbufs(mbuf_chain_t *mbc, mbuf_t *mbuf)
3db3f65cSamw{
*897907ceSGordon Ross	mbuf_t	*m;
*897907ceSGordon Ross	int	bytes, rc;
3db3f65cSamw
*897907ceSGordon Ross	/*
*897907ceSGordon Ross	 * Length of mbuf(s) to be appended
*897907ceSGordon Ross	 */
*897907ceSGordon Ross	bytes = 0;
*897907ceSGordon Ross	m = mbuf;
*897907ceSGordon Ross	while (m != NULL) {
*897907ceSGordon Ross		bytes += m->m_len;
*897907ceSGordon Ross		m = m->m_next;
3db3f65cSamw	}
*897907ceSGordon Ross	if (bytes == 0) {
*897907ceSGordon Ross		m_freem(mbuf);
*897907ceSGordon Ross		return (0);
3db3f65cSamw	}
*897907ceSGordon Ross
*897907ceSGordon Ross	/*
*897907ceSGordon Ross	 * Check for space vs max_bytes
*897907ceSGordon Ross	 */
*897907ceSGordon Ross	if (!MBC_ROOM_FOR(mbc, bytes)) {
*897907ceSGordon Ross		m_freem(mbuf);
*897907ceSGordon Ross		return (EMSGSIZE);
*897907ceSGordon Ross	}
*897907ceSGordon Ross
*897907ceSGordon Ross	/*
*897907ceSGordon Ross	 * Empty mbc? (probably rare)
*897907ceSGordon Ross	 */
*897907ceSGordon Ross	if (mbc->chain == NULL) {
*897907ceSGordon Ross		mbc->chain = mbuf;
3db3f65cSamw		mbc->chain_offset = bytes;
*897907ceSGordon Ross		return (0);
3db3f65cSamw	}
*897907ceSGordon Ross
*897907ceSGordon Ross	/*
*897907ceSGordon Ross	 * Copy optimization.  We've already checked that there's room
*897907ceSGordon Ross	 * for the _put_mem operations, and that's the only error case
*897907ceSGordon Ross	 * for that call, so just assert success and continue.
*897907ceSGordon Ross	 */
*897907ceSGordon Ross	if (bytes <= smb_mbuf_put_copy_threshold) {
*897907ceSGordon Ross		m = mbuf;
*897907ceSGordon Ross		while (m != NULL) {
*897907ceSGordon Ross			rc = smb_mbc_put_mem(mbc, m->m_data, m->m_len);
*897907ceSGordon Ross			ASSERT3S(rc, ==, 0);
*897907ceSGordon Ross			m = m_free(m);
3db3f65cSamw		}
3db3f65cSamw		return (0);
3db3f65cSamw	}
3db3f65cSamw
*897907ceSGordon Ross	/*
*897907ceSGordon Ross	 * Trim existing chain and append
*897907ceSGordon Ross	 */
*897907ceSGordon Ross	smb_mbuf_trim(mbc->chain, mbc->chain_offset);
*897907ceSGordon Ross	m = mbc->chain;
*897907ceSGordon Ross	while (m->m_next != NULL)
*897907ceSGordon Ross		m = m->m_next;
*897907ceSGordon Ross	m->m_next = mbuf;
*897907ceSGordon Ross	mbc->chain_offset += bytes;
*897907ceSGordon Ross
*897907ceSGordon Ross	return (0);
*897907ceSGordon Ross}
*897907ceSGordon Ross
*897907ceSGordon Ross/*
*897907ceSGordon Ross * Append a new mbc (nmbc) to the existing chain mbc
*897907ceSGordon Ross * Assumes the new mbc has been "trimmed" to length.
*897907ceSGordon Ross * (This ignores nmbc.chain_offset)
*897907ceSGordon Ross *
*897907ceSGordon Ross * Always consume or dispose of nmbc->chain
*897907ceSGordon Ross */
3db3f65cSamwstatic int
3db3f65cSamwmbc_marshal_put_mbuf_chain(mbuf_chain_t *mbc, mbuf_chain_t *nmbc)
3db3f65cSamw{
*897907ceSGordon Ross	int rc = 0;
*897907ceSGordon Ross
*897907ceSGordon Ross	if (nmbc->chain != NULL) {
*897907ceSGordon Ross		rc = mbc_marshal_put_mbufs(mbc, nmbc->chain);
*897907ceSGordon Ross		nmbc->chain = NULL;
3db3f65cSamw	}
*897907ceSGordon Ross	return (rc);
3db3f65cSamw}
3db3f65cSamw
3db3f65cSamwstatic uint8_t
3db3f65cSamwmbc_marshal_fetch_byte(mbuf_chain_t *mbc)
3db3f65cSamw{
3db3f65cSamw	uint8_t	data;
3db3f65cSamw	mbuf_t	*m = mbc->chain;
3db3f65cSamw	int32_t	offset = mbc->chain_offset;
3db3f65cSamw
3db3f65cSamw	while (offset >= m->m_len) {
3db3f65cSamw		offset -= m->m_len;
3db3f65cSamw		m = m->m_next;
3db3f65cSamw	}
3db3f65cSamw	data = ((uint8_t *)m->m_data)[offset];
3db3f65cSamw	mbc->chain_offset++;
3db3f65cSamw	return (data);
3db3f65cSamw}
3db3f65cSamw
3db3f65cSamwstatic int
3db3f65cSamwmbc_marshal_get_char(mbuf_chain_t *mbc, uint8_t *data)
3db3f65cSamw{
3db3f65cSamw	if (MBC_ROOM_FOR(mbc, sizeof (char)) == 0) {
3db3f65cSamw		/* Data will never be available */
3db3f65cSamw		return (DECODE_NO_MORE_DATA);
3db3f65cSamw	}
3db3f65cSamw	*data = mbc_marshal_fetch_byte(mbc);
3db3f65cSamw	return (0);
3db3f65cSamw}
3db3f65cSamw
3db3f65cSamwstatic int
3db3f65cSamwmbc_marshal_get_short(mbuf_chain_t *mbc, uint16_t *data)
3db3f65cSamw{
3db3f65cSamw	uint16_t	tmp;
3db3f65cSamw	mbuf_t		*m = mbc->chain;
3db3f65cSamw	int32_t		offset = mbc->chain_offset;
3db3f65cSamw
3db3f65cSamw	if (MBC_ROOM_FOR(mbc, sizeof (short)) == 0) {
3db3f65cSamw		/* Data will never be available */
3db3f65cSamw		return (DECODE_NO_MORE_DATA);
3db3f65cSamw	}
3db3f65cSamw
3db3f65cSamw	while (offset >= m->m_len) {
3db3f65cSamw		offset -= m->m_len;
3db3f65cSamw		m = m->m_next;
3db3f65cSamw	}
3db3f65cSamw	if ((m->m_len - offset) >= sizeof (short)) {
3db3f65cSamw		*data = LE_IN16(m->m_data + offset);
3db3f65cSamw		mbc->chain_offset += sizeof (short);
3db3f65cSamw	} else {
3db3f65cSamw		tmp = (uint16_t)mbc_marshal_fetch_byte(mbc);
3db3f65cSamw		tmp |= ((uint16_t)mbc_marshal_fetch_byte(mbc)) << 8;
3db3f65cSamw		*data = tmp;
3db3f65cSamw	}
3db3f65cSamw	return (0);
3db3f65cSamw}
3db3f65cSamw
3db3f65cSamwstatic int
3db3f65cSamwmbc_marshal_get_long(mbuf_chain_t *mbc, uint32_t *data)
3db3f65cSamw{
3db3f65cSamw	uint32_t	tmp;
3db3f65cSamw	mbuf_t		*m = mbc->chain;
3db3f65cSamw	int32_t		offset = mbc->chain_offset;
3db3f65cSamw
3db3f65cSamw	if (MBC_ROOM_FOR(mbc, sizeof (int32_t)) == 0) {
3db3f65cSamw		/* Data will never be available */
3db3f65cSamw		return (DECODE_NO_MORE_DATA);
3db3f65cSamw	}
3db3f65cSamw	while (offset >= m->m_len) {
3db3f65cSamw		offset -= m->m_len;
3db3f65cSamw		m = m->m_next;
3db3f65cSamw	}
3db3f65cSamw	if ((m->m_len - offset) >= sizeof (int32_t)) {
3db3f65cSamw		*data = LE_IN32(m->m_data + offset);
3db3f65cSamw		mbc->chain_offset += sizeof (int32_t);
3db3f65cSamw	} else {
3db3f65cSamw		tmp = (uint32_t)mbc_marshal_fetch_byte(mbc);
3db3f65cSamw		tmp |= ((uint32_t)mbc_marshal_fetch_byte(mbc)) << 8;
3db3f65cSamw		tmp |= ((uint32_t)mbc_marshal_fetch_byte(mbc)) << 16;
3db3f65cSamw		tmp |= ((uint32_t)mbc_marshal_fetch_byte(mbc)) << 24;
3db3f65cSamw		*data = tmp;
3db3f65cSamw	}
3db3f65cSamw	return (0);
3db3f65cSamw}
3db3f65cSamw
3db3f65cSamwstatic uint64_t
3db3f65cSamwqswap(uint64_t ll)
3db3f65cSamw{
3db3f65cSamw	uint64_t v;
3db3f65cSamw
3db3f65cSamw	v = ll >> 32;
3db3f65cSamw	v |= ll << 32;
3db3f65cSamw
3db3f65cSamw	return (v);
3db3f65cSamw}
3db3f65cSamw
3db3f65cSamwstatic int
3db3f65cSamwmbc_marshal_get_odd_long_long(mbuf_chain_t *mbc, uint64_t *data)
3db3f65cSamw{
3db3f65cSamw	uint64_t	tmp;
3db3f65cSamw	mbuf_t		*m = mbc->chain;
3db3f65cSamw	int32_t		offset = mbc->chain_offset;
3db3f65cSamw
3db3f65cSamw	if (MBC_ROOM_FOR(mbc, sizeof (int64_t)) == 0) {
3db3f65cSamw		/* Data will never be available */
3db3f65cSamw		return (DECODE_NO_MORE_DATA);
3db3f65cSamw	}
3db3f65cSamw	while (offset >= m->m_len) {
3db3f65cSamw		offset -= m->m_len;
3db3f65cSamw		m = m->m_next;
3db3f65cSamw	}
3db3f65cSamw
3db3f65cSamw	if ((m->m_len - offset) >= sizeof (int64_t)) {
3db3f65cSamw		*data = qswap(LE_IN64(m->m_data + offset));
3db3f65cSamw		mbc->chain_offset += sizeof (int64_t);
3db3f65cSamw	} else {
3db3f65cSamw		tmp = (uint64_t)mbc_marshal_fetch_byte(mbc) << 32;
3db3f65cSamw		tmp |= (uint64_t)mbc_marshal_fetch_byte(mbc) << 40;
3db3f65cSamw		tmp |= (uint64_t)mbc_marshal_fetch_byte(mbc) << 48;
3db3f65cSamw		tmp |= (uint64_t)mbc_marshal_fetch_byte(mbc) << 56;
3db3f65cSamw		tmp |= (uint64_t)mbc_marshal_fetch_byte(mbc);
3db3f65cSamw		tmp |= (uint64_t)mbc_marshal_fetch_byte(mbc) << 8;
3db3f65cSamw		tmp |= (uint64_t)mbc_marshal_fetch_byte(mbc) << 16;
3db3f65cSamw		tmp |= (uint64_t)mbc_marshal_fetch_byte(mbc) << 24;
3db3f65cSamw
3db3f65cSamw		*(uint64_t *)data = tmp;
3db3f65cSamw	}
3db3f65cSamw	return (0);
3db3f65cSamw}
3db3f65cSamw
3db3f65cSamwstatic int
3db3f65cSamwmbc_marshal_get_long_long(mbuf_chain_t *mbc, uint64_t *data)
3db3f65cSamw{
3db3f65cSamw	uint64_t	tmp;
3db3f65cSamw	mbuf_t		*m = mbc->chain;
3db3f65cSamw	int32_t		offset = mbc->chain_offset;
3db3f65cSamw
3db3f65cSamw	if (MBC_ROOM_FOR(mbc, sizeof (int64_t)) == 0) {
3db3f65cSamw		/* Data will never be available */
3db3f65cSamw		return (DECODE_NO_MORE_DATA);
3db3f65cSamw	}
3db3f65cSamw	while (offset >= m->m_len) {
3db3f65cSamw		offset -= m->m_len;
3db3f65cSamw		m = m->m_next;
3db3f65cSamw	}
3db3f65cSamw	if ((m->m_len - offset) >= sizeof (int64_t)) {
3db3f65cSamw		*data = LE_IN64(m->m_data + offset);
3db3f65cSamw		mbc->chain_offset += sizeof (int64_t);
3db3f65cSamw	} else {
3db3f65cSamw		tmp = (uint32_t)mbc_marshal_fetch_byte(mbc);
3db3f65cSamw		tmp |= ((uint64_t)mbc_marshal_fetch_byte(mbc)) << 8;
3db3f65cSamw		tmp |= ((uint64_t)mbc_marshal_fetch_byte(mbc)) << 16;
3db3f65cSamw		tmp |= ((uint64_t)mbc_marshal_fetch_byte(mbc)) << 24;
3db3f65cSamw		tmp |= ((uint64_t)mbc_marshal_fetch_byte(mbc)) << 32;
3db3f65cSamw		tmp |= ((uint64_t)mbc_marshal_fetch_byte(mbc)) << 40;
3db3f65cSamw		tmp |= ((uint64_t)mbc_marshal_fetch_byte(mbc)) << 48;
3db3f65cSamw		tmp |= ((uint64_t)mbc_marshal_fetch_byte(mbc)) << 56;
3db3f65cSamw		*(uint64_t *)data = tmp;
3db3f65cSamw	}
3db3f65cSamw	return (0);
3db3f65cSamw}
3db3f65cSamw
3db3f65cSamw/*
07a6ae61SGordon Ross * mbc_marshal_get_oem_string
3db3f65cSamw *
07a6ae61SGordon Ross * Decode an OEM string, returning its UTF-8 form in strpp,
07a6ae61SGordon Ross * allocated using smb_srm_zalloc (automatically freed).
7d1ffc32SGordon Ross * If max_bytes != 0, consume at most max_bytes of the mbc.
7d1ffc32SGordon Ross * See also: msgbuf_get_oem_string
3db3f65cSamw */
3db3f65cSamwstatic int
7d1ffc32SGordon Rossmbc_marshal_get_oem_string(smb_request_t *sr,
7d1ffc32SGordon Ross    mbuf_chain_t *mbc, char **strpp, int max_bytes)
3db3f65cSamw{
7d1ffc32SGordon Ross	char		*mbs;
7d1ffc32SGordon Ross	uint8_t		*oembuf = NULL;
7d1ffc32SGordon Ross	int		oemlen, oemmax;
7d1ffc32SGordon Ross	int		mbsmax;
7d1ffc32SGordon Ross	int		rlen;
7d1ffc32SGordon Ross	int		rc;
3db3f65cSamw
7d1ffc32SGordon Ross	if (max_bytes == 0)
7d1ffc32SGordon Ross		max_bytes = 0xffff;
3db3f65cSamw
3db3f65cSamw	/*
7d1ffc32SGordon Ross	 * Get the OtW data into a temporary buffer.
7d1ffc32SGordon Ross	 * Free oembuf before return.
3db3f65cSamw	 */
7d1ffc32SGordon Ross	oemlen = 0;
7d1ffc32SGordon Ross	oemmax = MALLOC_QUANTUM;
7d1ffc32SGordon Ross	oembuf = smb_mem_alloc(oemmax);
7d1ffc32SGordon Ross	for (;;) {
7d1ffc32SGordon Ross		uint8_t ch;
07a6ae61SGordon Ross
7d1ffc32SGordon Ross		if (oemlen >= max_bytes)
7d1ffc32SGordon Ross			break;
7d1ffc32SGordon Ross		if ((oemlen + 2) >= oemmax) {
7d1ffc32SGordon Ross			oemmax += MALLOC_QUANTUM;
7d1ffc32SGordon Ross			oembuf = smb_mem_realloc(oembuf, oemmax);
7d1ffc32SGordon Ross		}
7d1ffc32SGordon Ross		if (mbc_marshal_get_char(mbc, &ch) != 0) {
7d1ffc32SGordon Ross			rc = DECODE_NO_MORE_DATA;
7d1ffc32SGordon Ross			goto out;
7d1ffc32SGordon Ross		}
7d1ffc32SGordon Ross		if (ch == 0)
7d1ffc32SGordon Ross			break;
7d1ffc32SGordon Ross		oembuf[oemlen++] = ch;
7d1ffc32SGordon Ross	}
7d1ffc32SGordon Ross	oembuf[oemlen] = '\0';
7d1ffc32SGordon Ross
7d1ffc32SGordon Ross	/*
7d1ffc32SGordon Ross	 * Get the buffer we'll return and convert to UTF-8.
7d1ffc32SGordon Ross	 * May take as much as double the space.
7d1ffc32SGordon Ross	 */
7d1ffc32SGordon Ross	mbsmax = oemlen * 2;
7d1ffc32SGordon Ross	mbs = smb_srm_zalloc(sr, mbsmax + 1);
7d1ffc32SGordon Ross	ASSERT(mbs != NULL);
7d1ffc32SGordon Ross	rlen = smb_oemtombs(mbs, oembuf, mbsmax);
7d1ffc32SGordon Ross	if (rlen < 0) {
7d1ffc32SGordon Ross		rc = DECODE_NO_MORE_DATA;
7d1ffc32SGordon Ross		goto out;
7d1ffc32SGordon Ross	}
7d1ffc32SGordon Ross	if (rlen > mbsmax)
7d1ffc32SGordon Ross		rlen = mbsmax;
7d1ffc32SGordon Ross	mbs[rlen] = '\0';
7d1ffc32SGordon Ross	*strpp = mbs;
7d1ffc32SGordon Ross	rc = 0;
7d1ffc32SGordon Ross
7d1ffc32SGordon Rossout:
7d1ffc32SGordon Ross	if (oembuf != NULL)
7d1ffc32SGordon Ross		smb_mem_free(oembuf);
7d1ffc32SGordon Ross	return (rc);
3db3f65cSamw}
3db3f65cSamw
07a6ae61SGordon Ross/*
07a6ae61SGordon Ross * mbc_marshal_get_unicode_string
07a6ae61SGordon Ross *
07a6ae61SGordon Ross * Decode a UTF-16 string, returning its UTF-8 form in strpp,
07a6ae61SGordon Ross * allocated using smb_srm_zalloc (automatically freed).
7d1ffc32SGordon Ross * If max_bytes != 0, consume at most max_bytes of the mbc.
7d1ffc32SGordon Ross * See also: msgbuf_get_unicode_string
07a6ae61SGordon Ross */
3db3f65cSamwstatic int
bbf6f00cSJordan Brownmbc_marshal_get_unicode_string(smb_request_t *sr,
7d1ffc32SGordon Ross    mbuf_chain_t *mbc, char **strpp, int max_bytes)
3db3f65cSamw{
7d1ffc32SGordon Ross	char		*mbs;
7d1ffc32SGordon Ross	uint16_t	*wcsbuf = NULL;
7d1ffc32SGordon Ross	int		wcslen;		// wchar count
7d1ffc32SGordon Ross	int		wcsmax;		// byte count
7d1ffc32SGordon Ross	size_t		mbsmax;
7d1ffc32SGordon Ross	size_t		rlen;
7d1ffc32SGordon Ross	int		rc;
3db3f65cSamw
7d1ffc32SGordon Ross	if (max_bytes == 0)
7d1ffc32SGordon Ross		max_bytes = 0xffff;
3db3f65cSamw
7d1ffc32SGordon Ross	/*
7d1ffc32SGordon Ross	 * Unicode strings are always word aligned.
7d1ffc32SGordon Ross	 */
7d1ffc32SGordon Ross	if (mbc->chain_offset & 1) {
7d1ffc32SGordon Ross		if (MBC_ROOM_FOR(mbc, sizeof (char)) == 0)
3db3f65cSamw			return (DECODE_NO_MORE_DATA);
7d1ffc32SGordon Ross		mbc->chain_offset++;
3db3f65cSamw	}
7d1ffc32SGordon Ross
7d1ffc32SGordon Ross	/*
7d1ffc32SGordon Ross	 * Get the OtW data into a temporary buffer.
7d1ffc32SGordon Ross	 * Free wcsbuf before return.
7d1ffc32SGordon Ross	 */
7d1ffc32SGordon Ross	wcslen = 0;
7d1ffc32SGordon Ross	wcsmax = MALLOC_QUANTUM;
7d1ffc32SGordon Ross	wcsbuf = smb_mem_alloc(wcsmax);
7d1ffc32SGordon Ross	for (;;) {
7d1ffc32SGordon Ross		uint16_t	wchar;
7d1ffc32SGordon Ross
7d1ffc32SGordon Ross		if ((wcslen * 2) >= max_bytes)
7d1ffc32SGordon Ross			break;
7d1ffc32SGordon Ross		if (((wcslen * 2) + 4) >= wcsmax) {
7d1ffc32SGordon Ross			wcsmax += MALLOC_QUANTUM;
7d1ffc32SGordon Ross			wcsbuf = smb_mem_realloc(wcsbuf, wcsmax);
3db3f65cSamw		}
7d1ffc32SGordon Ross		if (mbc_marshal_get_short(mbc, &wchar) != 0) {
7d1ffc32SGordon Ross			rc = DECODE_NO_MORE_DATA;
7d1ffc32SGordon Ross			goto out;
7d1ffc32SGordon Ross		}
7d1ffc32SGordon Ross		if (wchar == 0)
7d1ffc32SGordon Ross			break;
7d1ffc32SGordon Ross		/* Keep in little-endian form. */
7d1ffc32SGordon Ross		LE_OUT16(wcsbuf + wcslen, wchar);
7d1ffc32SGordon Ross		wcslen++;
7d1ffc32SGordon Ross	}
7d1ffc32SGordon Ross	wcsbuf[wcslen] = 0;
7d1ffc32SGordon Ross
7d1ffc32SGordon Ross	/*
7d1ffc32SGordon Ross	 * Get the buffer we'll return and convert to UTF-8.
7d1ffc32SGordon Ross	 * May take as much 4X number of wide chars.
7d1ffc32SGordon Ross	 */
7d1ffc32SGordon Ross	mbsmax = wcslen * MTS_MB_CUR_MAX;
7d1ffc32SGordon Ross	mbs = smb_srm_zalloc(sr, mbsmax + 1);
7d1ffc32SGordon Ross	ASSERT(mbs != NULL);
7d1ffc32SGordon Ross	rlen = smb_wcstombs(mbs, wcsbuf, mbsmax);
7d1ffc32SGordon Ross	if (rlen == (size_t)-1) {
7d1ffc32SGordon Ross		rc = DECODE_NO_MORE_DATA;
7d1ffc32SGordon Ross		goto out;
7d1ffc32SGordon Ross	}
7d1ffc32SGordon Ross	if (rlen > mbsmax)
7d1ffc32SGordon Ross		rlen = mbsmax;
7d1ffc32SGordon Ross	mbs[rlen] = '\0';
7d1ffc32SGordon Ross	*strpp = mbs;
7d1ffc32SGordon Ross	rc = 0;
7d1ffc32SGordon Ross
7d1ffc32SGordon Rossout:
7d1ffc32SGordon Ross	if (wcsbuf != NULL)
7d1ffc32SGordon Ross		smb_mem_free(wcsbuf);
7d1ffc32SGordon Ross	return (rc);
3db3f65cSamw}
3db3f65cSamw
3db3f65cSamwstatic int /*ARGSUSED*/
3db3f65cSamwmbc_marshal_get_mbufs(mbuf_chain_t *mbc, int32_t bytes, mbuf_t **m)
3db3f65cSamw{
7f3ef643SGordon Ross	*m = NULL;
3db3f65cSamw	if (MBC_ROOM_FOR(mbc, bytes) == 0) {
3db3f65cSamw		/* Data will never be available */
3db3f65cSamw		return (DECODE_NO_MORE_DATA);
3db3f65cSamw	}
7f3ef643SGordon Ross	/* not yet implemented */
7f3ef643SGordon Ross	return (-1);
3db3f65cSamw}
3db3f65cSamw
3db3f65cSamwstatic int
3db3f65cSamwmbc_marshal_get_mbuf_chain(mbuf_chain_t *mbc, int32_t bytes, mbuf_chain_t *nmbc)
3db3f65cSamw{
3db3f65cSamw	int	rc;
3db3f65cSamw	mbuf_t	*m;
3db3f65cSamw
3db3f65cSamw	if (bytes == 0) {
3db3f65cSamw		/* Get all the rest */
3db3f65cSamw		bytes = mbc->max_bytes - mbc->chain_offset;
3db3f65cSamw	}
3db3f65cSamw
3db3f65cSamw	MBC_SETUP(nmbc, mbc->max_bytes);
3db3f65cSamw	if ((rc = mbc_marshal_get_mbufs(mbc, bytes, &m)) != 0) {
3db3f65cSamw		if (m)
3db3f65cSamw			m_freem(m);
3db3f65cSamw		return (rc);
3db3f65cSamw	}
3db3f65cSamw	nmbc->chain = m;
3db3f65cSamw	while (m != 0) {
3db3f65cSamw		bytes += m->m_len;
3db3f65cSamw		m = m->m_next;
3db3f65cSamw	}
3db3f65cSamw	nmbc->max_bytes = bytes;
3db3f65cSamw	return (0);
3db3f65cSamw}
3db3f65cSamw
3db3f65cSamwstatic int
3db3f65cSamwmbc_marshal_get_uio(mbuf_chain_t *mbc, struct uio *uio)
3db3f65cSamw{
3db3f65cSamw	int		i, offset;
3db3f65cSamw	int32_t		bytes = uio->uio_resid;
3db3f65cSamw	int32_t		remainder;
3db3f65cSamw	struct iovec	*iov;
3db3f65cSamw	mbuf_t		*m;
3db3f65cSamw
3db3f65cSamw	/*
3db3f65cSamw	 * The residual count is tested because in the case of write requests
3db3f65cSamw	 * with no data (smbtorture RAW-WRITE test will generate that type of
3db3f65cSamw	 * request) this function is called with a residual count of zero
3db3f65cSamw	 * bytes.
3db3f65cSamw	 */
7b6a044aSjose borrego	if (bytes != 0) {
3db3f65cSamw		iov = uio->uio_iov;
3db3f65cSamw		uio->uio_segflg = UIO_SYSSPACE;
f96bd5c8SAlan Wright		uio->uio_extflg = UIO_COPY_DEFAULT;
3db3f65cSamw
3db3f65cSamw		if (MBC_ROOM_FOR(mbc, bytes) == 0) {
3db3f65cSamw			/* Data will never be available */
3db3f65cSamw			return (DECODE_NO_MORE_DATA);
3db3f65cSamw		}
3db3f65cSamw
3db3f65cSamw		m = mbc->chain;
3db3f65cSamw		offset = mbc->chain_offset;
3db3f65cSamw		while (offset >= m->m_len) {
3db3f65cSamw			offset -= m->m_len;
3db3f65cSamw			m = m->m_next;
3db3f65cSamw			ASSERT((offset == 0) || (offset && m));
3db3f65cSamw		}
3db3f65cSamw
3db3f65cSamw		for (i = 0; (bytes > 0) && (i < uio->uio_iovcnt); i++) {
3db3f65cSamw			iov[i].iov_base = &m->m_data[offset];
3db3f65cSamw			remainder = m->m_len - offset;
3db3f65cSamw			if (remainder >= bytes) {
3db3f65cSamw				iov[i].iov_len = bytes;
3db3f65cSamw				mbc->chain_offset += bytes;
7b6a044aSjose borrego				uio->uio_iovcnt = i + 1;
7b6a044aSjose borrego				return (0);
3db3f65cSamw			}
3db3f65cSamw			iov[i].iov_len = remainder;
3db3f65cSamw			mbc->chain_offset += remainder;
3db3f65cSamw			bytes -= remainder;
3db3f65cSamw			m = m->m_next;
3db3f65cSamw			offset = 0;
3db3f65cSamw		}
3db3f65cSamw		return (DECODE_NO_MORE_DATA);
3db3f65cSamw	}
3db3f65cSamw	return (0);
3db3f65cSamw}
3db3f65cSamw
3db3f65cSamwstatic int
3db3f65cSamwmbc_marshal_get_skip(mbuf_chain_t *mbc, uint_t skip)
3db3f65cSamw{
3db3f65cSamw	if (MBC_ROOM_FOR(mbc, skip) == 0)
3db3f65cSamw		return (DECODE_NO_MORE_DATA);
3db3f65cSamw	mbc->chain_offset += skip;
3db3f65cSamw	return (0);
3db3f65cSamw}