1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "@(#)smb_session.c 1.7 08/08/07 SMI" 27 28 #include <sys/atomic.h> 29 #include <sys/strsubr.h> 30 #include <sys/synch.h> 31 #include <sys/types.h> 32 #include <sys/socketvar.h> 33 #include <sys/sdt.h> 34 #include <smbsrv/netbios.h> 35 #include <smbsrv/smb_incl.h> 36 #include <smbsrv/smb_i18n.h> 37 38 static volatile uint64_t smb_kids; 39 40 uint32_t smb_keep_alive = SSN_KEEP_ALIVE_TIMEOUT; 41 42 static int smb_session_message(smb_session_t *); 43 static int smb_session_xprt_puthdr(smb_session_t *, smb_xprt_t *, 44 uint8_t *, size_t); 45 46 static void smb_request_init_command_mbuf(smb_request_t *sr); 47 48 49 void 50 smb_session_timers(smb_session_list_t *se) 51 { 52 smb_session_t *session; 53 54 rw_enter(&se->se_lock, RW_READER); 55 session = list_head(&se->se_act.lst); 56 while (session) { 57 /* 58 * Walk through the table and decrement each keep_alive 59 * timer that has not timed out yet. (keepalive > 0) 60 */ 61 ASSERT(session->s_magic == SMB_SESSION_MAGIC); 62 if (session->keep_alive && 63 (session->keep_alive != (uint32_t)-1)) 64 session->keep_alive--; 65 session = list_next(&se->se_act.lst, session); 66 } 67 rw_exit(&se->se_lock); 68 } 69 70 void 71 smb_session_correct_keep_alive_values( 72 smb_session_list_t *se, 73 uint32_t new_keep_alive) 74 { 75 smb_session_t *sn; 76 77 if (new_keep_alive == smb_keep_alive) 78 return; 79 /* 80 * keep alive == 0 means do not drop connection if it's idle 81 */ 82 smb_keep_alive = (new_keep_alive) ? new_keep_alive : -1; 83 84 /* 85 * Walk through the table and set each session to the new keep_alive 86 * value if they have not already timed out. Block clock interrupts. 87 */ 88 rw_enter(&se->se_lock, RW_READER); 89 sn = list_head(&se->se_rdy.lst); 90 while (sn) { 91 ASSERT(sn->s_magic == SMB_SESSION_MAGIC); 92 sn->keep_alive = new_keep_alive; 93 sn = list_next(&se->se_rdy.lst, sn); 94 } 95 sn = list_head(&se->se_act.lst); 96 while (sn) { 97 ASSERT(sn->s_magic == SMB_SESSION_MAGIC); 98 if (sn->keep_alive) 99 sn->keep_alive = new_keep_alive; 100 sn = list_next(&se->se_act.lst, sn); 101 } 102 rw_exit(&se->se_lock); 103 } 104 105 /* 106 * smb_reconnection_check 107 * 108 * This function is called when a client indicates its current connection 109 * should be the only one it has with the server, as indicated by VC=0 in 110 * a SessionSetupX request. We go through the session list and destroy any 111 * stale connections for that client. 112 * 113 * Clients don't associate IP addresses and servers. So a client may make 114 * independent connections (i.e. with VC=0) to a server with multiple 115 * IP addresses. So, when checking for a reconnection, we need to include 116 * the local IP address, to which the client is connecting, when checking 117 * for stale sessions. 118 * 119 * Also check the server's NetBIOS name to support simultaneous access by 120 * multiple clients behind a NAT server. This will only work for SMB over 121 * NetBIOS on TCP port 139, it will not work SMB over TCP port 445 because 122 * there is no NetBIOS name. See also Knowledge Base article Q301673. 123 */ 124 void 125 smb_session_reconnection_check(smb_session_list_t *se, smb_session_t *session) 126 { 127 smb_session_t *sn; 128 129 rw_enter(&se->se_lock, RW_READER); 130 sn = list_head(&se->se_act.lst); 131 while (sn) { 132 ASSERT(sn->s_magic == SMB_SESSION_MAGIC); 133 if ((sn != session) && 134 (sn->ipaddr == session->ipaddr) && 135 (sn->local_ipaddr == session->local_ipaddr) && 136 (strcasecmp(sn->workstation, session->workstation) == 0) && 137 (sn->opentime <= session->opentime) && 138 (sn->s_kid < session->s_kid)) { 139 tsignal(sn->s_thread, SIGINT); 140 } 141 sn = list_next(&se->se_act.lst, sn); 142 } 143 rw_exit(&se->se_lock); 144 } 145 146 /* 147 * Send a session message - supports SMB-over-NBT and SMB-over-TCP. 148 * 149 * The mbuf chain is copied into a contiguous buffer so that the whole 150 * message is submitted to smb_sosend as a single request. This should 151 * help Ethereal/Wireshark delineate the packets correctly even though 152 * TCP_NODELAY has been set on the socket. 153 * 154 * If an mbuf chain is provided, it will be freed and set to NULL here. 155 */ 156 int 157 smb_session_send(smb_session_t *session, uint8_t type, mbuf_chain_t *mbc) 158 { 159 smb_txreq_t *txr; 160 smb_xprt_t hdr; 161 int rc; 162 163 switch (session->s_state) { 164 case SMB_SESSION_STATE_DISCONNECTED: 165 case SMB_SESSION_STATE_TERMINATED: 166 if ((mbc != NULL) && (mbc->chain != NULL)) { 167 m_freem(mbc->chain); 168 mbc->chain = NULL; 169 mbc->flags = 0; 170 } 171 return (ENOTCONN); 172 default: 173 break; 174 } 175 176 txr = smb_net_txr_alloc(); 177 178 if ((mbc != NULL) && (mbc->chain != NULL)) { 179 rc = mbc_moveout(mbc, (caddr_t)&txr->tr_buf[NETBIOS_HDR_SZ], 180 sizeof (txr->tr_buf) - NETBIOS_HDR_SZ, &txr->tr_len); 181 if (rc != 0) { 182 smb_net_txr_free(txr); 183 return (rc); 184 } 185 } 186 187 hdr.xh_type = type; 188 hdr.xh_length = (uint32_t)txr->tr_len; 189 190 rc = smb_session_xprt_puthdr(session, &hdr, txr->tr_buf, 191 NETBIOS_HDR_SZ); 192 193 if (rc != 0) { 194 smb_net_txr_free(txr); 195 return (rc); 196 } 197 txr->tr_len += NETBIOS_HDR_SZ; 198 return (smb_net_txr_send(session->sock, &session->s_txlst, txr)); 199 } 200 201 /* 202 * Read, process and respond to a NetBIOS session request. 203 * 204 * A NetBIOS session must be established for SMB-over-NetBIOS. Validate 205 * the calling and called name format and save the client NetBIOS name, 206 * which is used when a NetBIOS session is established to check for and 207 * cleanup leftover state from a previous session. 208 * 209 * Session requests are not valid for SMB-over-TCP, which is unfortunate 210 * because without the client name leftover state cannot be cleaned up 211 * if the client is behind a NAT server. 212 */ 213 static int 214 smb_session_request(struct smb_session *session) 215 { 216 int rc; 217 char *calling_name; 218 char *called_name; 219 char client_name[NETBIOS_NAME_SZ]; 220 struct mbuf_chain mbc; 221 char *names = NULL; 222 mts_wchar_t *wbuf = NULL; 223 smb_xprt_t hdr; 224 char *p; 225 unsigned int cpid = oem_get_smb_cpid(); 226 int rc1, rc2; 227 228 session->keep_alive = smb_keep_alive; 229 230 if ((rc = smb_session_xprt_gethdr(session, &hdr)) != 0) 231 return (rc); 232 233 DTRACE_PROBE2(receive__session__req__xprthdr, struct session *, session, 234 smb_xprt_t *, &hdr); 235 236 if ((hdr.xh_type != SESSION_REQUEST) || 237 (hdr.xh_length != NETBIOS_SESSION_REQUEST_DATA_LENGTH)) { 238 DTRACE_PROBE1(receive__session__req__failed, 239 struct session *, session); 240 return (EINVAL); 241 } 242 243 names = kmem_alloc(hdr.xh_length, KM_SLEEP); 244 245 if ((rc = smb_sorecv(session->sock, names, hdr.xh_length)) != 0) { 246 kmem_free(names, hdr.xh_length); 247 DTRACE_PROBE1(receive__session__req__failed, 248 struct session *, session); 249 return (rc); 250 } 251 252 DTRACE_PROBE3(receive__session__req__data, struct session *, session, 253 char *, names, uint32_t, hdr.xh_length); 254 255 called_name = &names[0]; 256 calling_name = &names[NETBIOS_ENCODED_NAME_SZ + 2]; 257 258 rc1 = netbios_name_isvalid(called_name, 0); 259 rc2 = netbios_name_isvalid(calling_name, client_name); 260 261 if (rc1 == 0 || rc2 == 0) { 262 263 DTRACE_PROBE3(receive__invalid__session__req, 264 struct session *, session, char *, names, 265 uint32_t, hdr.xh_length); 266 267 kmem_free(names, hdr.xh_length); 268 MBC_INIT(&mbc, MAX_DATAGRAM_LENGTH); 269 (void) smb_mbc_encodef(&mbc, "b", 270 DATAGRAM_INVALID_SOURCE_NAME_FORMAT); 271 (void) smb_session_send(session, NEGATIVE_SESSION_RESPONSE, 272 &mbc); 273 return (EINVAL); 274 } 275 276 DTRACE_PROBE3(receive__session__req__calling__decoded, 277 struct session *, session, 278 char *, calling_name, char *, client_name); 279 280 /* 281 * The client NetBIOS name is in oem codepage format. 282 * We need to convert it to unicode and store it in 283 * multi-byte format. We also need to strip off any 284 * spaces added as part of the NetBIOS name encoding. 285 */ 286 wbuf = kmem_alloc((SMB_PI_MAX_HOST * sizeof (mts_wchar_t)), KM_SLEEP); 287 (void) oemstounicodes(wbuf, client_name, SMB_PI_MAX_HOST, cpid); 288 (void) mts_wcstombs(session->workstation, wbuf, SMB_PI_MAX_HOST); 289 kmem_free(wbuf, (SMB_PI_MAX_HOST * sizeof (mts_wchar_t))); 290 291 if ((p = strchr(session->workstation, ' ')) != 0) 292 *p = '\0'; 293 294 kmem_free(names, hdr.xh_length); 295 return (smb_session_send(session, POSITIVE_SESSION_RESPONSE, NULL)); 296 } 297 298 /* 299 * Read 4-byte header from the session socket and build an in-memory 300 * session transport header. See smb_xprt_t definition for header 301 * format information. 302 * 303 * Direct hosted NetBIOS-less SMB (SMB-over-TCP) uses port 445. The 304 * first byte of the four-byte header must be 0 and the next three 305 * bytes contain the length of the remaining data. 306 */ 307 int 308 smb_session_xprt_gethdr(smb_session_t *session, smb_xprt_t *ret_hdr) 309 { 310 int rc; 311 unsigned char buf[NETBIOS_HDR_SZ]; 312 313 if ((rc = smb_sorecv(session->sock, buf, NETBIOS_HDR_SZ)) != 0) 314 return (rc); 315 316 switch (session->s_local_port) { 317 case SSN_SRVC_TCP_PORT: 318 ret_hdr->xh_type = buf[0]; 319 ret_hdr->xh_length = (((uint32_t)buf[1] & 1) << 16) | 320 ((uint32_t)buf[2] << 8) | 321 ((uint32_t)buf[3]); 322 break; 323 324 case SMB_SRVC_TCP_PORT: 325 ret_hdr->xh_type = buf[0]; 326 327 if (ret_hdr->xh_type != 0) { 328 cmn_err(CE_WARN, "0x%08x: invalid type (%u)", 329 session->ipaddr, ret_hdr->xh_type); 330 return (EPROTO); 331 } 332 333 ret_hdr->xh_length = ((uint32_t)buf[1] << 16) | 334 ((uint32_t)buf[2] << 8) | 335 ((uint32_t)buf[3]); 336 break; 337 338 default: 339 cmn_err(CE_WARN, "0x%08x: invalid port %u", 340 session->ipaddr, session->s_local_port); 341 return (EPROTO); 342 } 343 344 return (0); 345 } 346 347 /* 348 * Encode a transport session packet header into a 4-byte buffer. 349 * See smb_xprt_t definition for header format information. 350 */ 351 static int 352 smb_session_xprt_puthdr(smb_session_t *session, smb_xprt_t *hdr, 353 uint8_t *buf, size_t buflen) 354 { 355 if (session == NULL || hdr == NULL || 356 buf == NULL || buflen < NETBIOS_HDR_SZ) { 357 return (-1); 358 } 359 360 switch (session->s_local_port) { 361 case SSN_SRVC_TCP_PORT: 362 buf[0] = hdr->xh_type; 363 buf[1] = ((hdr->xh_length >> 16) & 1); 364 buf[2] = (hdr->xh_length >> 8) & 0xff; 365 buf[3] = hdr->xh_length & 0xff; 366 break; 367 368 case SMB_SRVC_TCP_PORT: 369 buf[0] = hdr->xh_type; 370 buf[1] = (hdr->xh_length >> 16) & 0xff; 371 buf[2] = (hdr->xh_length >> 8) & 0xff; 372 buf[3] = hdr->xh_length & 0xff; 373 break; 374 375 default: 376 cmn_err(CE_WARN, "0x%08x: invalid port (%u)", 377 session->ipaddr, session->s_local_port); 378 return (-1); 379 } 380 381 return (0); 382 } 383 384 static void 385 smb_request_init_command_mbuf(smb_request_t *sr) 386 { 387 MGET(sr->command.chain, 0, MT_DATA); 388 389 /* 390 * Setup mbuf, mimic MCLGET but use the complete packet buffer. 391 */ 392 sr->command.chain->m_ext.ext_buf = sr->sr_request_buf; 393 sr->command.chain->m_data = sr->command.chain->m_ext.ext_buf; 394 sr->command.chain->m_len = sr->sr_req_length; 395 sr->command.chain->m_flags |= M_EXT; 396 sr->command.chain->m_ext.ext_size = sr->sr_req_length; 397 sr->command.chain->m_ext.ext_ref = &mclrefnoop; 398 399 /* 400 * Initialize the rest of the mbuf_chain fields 401 */ 402 sr->command.flags = 0; 403 sr->command.shadow_of = 0; 404 sr->command.max_bytes = sr->sr_req_length; 405 sr->command.chain_offset = 0; 406 } 407 408 /* 409 * smb_request_cancel 410 * 411 * Handle a cancel for a request properly depending on the current request 412 * state. 413 */ 414 void 415 smb_request_cancel(smb_request_t *sr) 416 { 417 mutex_enter(&sr->sr_mutex); 418 switch (sr->sr_state) { 419 420 case SMB_REQ_STATE_SUBMITTED: 421 case SMB_REQ_STATE_ACTIVE: 422 case SMB_REQ_STATE_CLEANED_UP: 423 sr->sr_state = SMB_REQ_STATE_CANCELED; 424 break; 425 426 case SMB_REQ_STATE_WAITING_LOCK: 427 /* 428 * This request is waiting on a lock. Wakeup everything 429 * waiting on the lock so that the relevant thread regains 430 * control and notices that is has been canceled. The 431 * other lock request threads waiting on this lock will go 432 * back to sleep when they discover they are still blocked. 433 */ 434 sr->sr_state = SMB_REQ_STATE_CANCELED; 435 436 ASSERT(sr->sr_awaiting != NULL); 437 mutex_enter(&sr->sr_awaiting->l_mutex); 438 cv_broadcast(&sr->sr_awaiting->l_cv); 439 mutex_exit(&sr->sr_awaiting->l_mutex); 440 441 break; 442 443 case SMB_REQ_STATE_WAITING_EVENT: 444 case SMB_REQ_STATE_EVENT_OCCURRED: 445 /* 446 * Cancellations for these states are handled by the 447 * notify-change code 448 */ 449 break; 450 451 case SMB_REQ_STATE_COMPLETED: 452 case SMB_REQ_STATE_CANCELED: 453 /* 454 * No action required for these states since the request 455 * is completing. 456 */ 457 break; 458 /* 459 * Cases included: 460 * SMB_REQ_STATE_FREE: 461 * SMB_REQ_STATE_INITIALIZING: 462 */ 463 default: 464 ASSERT(0); 465 break; 466 } 467 mutex_exit(&sr->sr_mutex); 468 } 469 470 /* 471 * This is the entry point for processing SMB messages over NetBIOS or 472 * SMB-over-TCP. 473 * 474 * NetBIOS connections require a session request to establish a session 475 * on which to send session messages. 476 * 477 * Session requests are not valid on SMB-over-TCP. We don't need to do 478 * anything here as session requests will be treated as an error when 479 * handling session messages. 480 */ 481 int 482 smb_session_daemon(smb_session_list_t *se) 483 { 484 int rc = 0; 485 smb_session_t *session; 486 487 session = smb_session_list_activate_head(se); 488 if (session == NULL) 489 return (EINVAL); 490 491 if (session->s_local_port == SSN_SRVC_TCP_PORT) { 492 rc = smb_session_request(session); 493 if (rc) { 494 smb_rwx_rwenter(&session->s_lock, RW_WRITER); 495 session->s_state = SMB_SESSION_STATE_DISCONNECTED; 496 smb_rwx_rwexit(&session->s_lock); 497 smb_session_list_terminate(se, session); 498 return (rc); 499 } 500 } 501 502 smb_rwx_rwenter(&session->s_lock, RW_WRITER); 503 session->s_state = SMB_SESSION_STATE_ESTABLISHED; 504 smb_rwx_rwexit(&session->s_lock); 505 506 rc = smb_session_message(session); 507 508 smb_rwx_rwenter(&session->s_lock, RW_WRITER); 509 session->s_state = SMB_SESSION_STATE_DISCONNECTED; 510 smb_rwx_rwexit(&session->s_lock); 511 512 smb_soshutdown(session->sock); 513 514 DTRACE_PROBE2(session__drop, struct session *, session, int, rc); 515 516 smb_session_cancel(session); 517 518 /* 519 * At this point everything related to the session should have been 520 * cleaned up and we expect that nothing will attempt to use the 521 * socket. 522 */ 523 smb_session_list_terminate(se, session); 524 525 return (rc); 526 } 527 528 /* 529 * Read and process SMB requests. 530 * 531 * Returns: 532 * 0 Success 533 * 1 Unable to read transport header 534 * 2 Invalid transport header type 535 * 3 Invalid SMB length (too small) 536 * 4 Unable to read SMB header 537 * 5 Invalid SMB header (bad magic number) 538 * 6 Unable to read SMB data 539 * 2x Write raw failed 540 */ 541 static int 542 smb_session_message(smb_session_t *session) 543 { 544 smb_request_t *sr = NULL; 545 smb_xprt_t hdr; 546 uint8_t *req_buf; 547 uint32_t resid; 548 int rc; 549 550 for (;;) { 551 552 rc = smb_session_xprt_gethdr(session, &hdr); 553 if (rc) 554 return (rc); 555 556 DTRACE_PROBE2(session__receive__xprthdr, session_t *, session, 557 smb_xprt_t *, &hdr); 558 559 if (hdr.xh_type != SESSION_MESSAGE) { 560 /* 561 * Anything other than SESSION_MESSAGE or 562 * SESSION_KEEP_ALIVE is an error. A SESSION_REQUEST 563 * may indicate a new session request but we need to 564 * close this session and we can treat it as an error 565 * here. 566 */ 567 if (hdr.xh_type == SESSION_KEEP_ALIVE) { 568 session->keep_alive = smb_keep_alive; 569 continue; 570 } 571 return (EPROTO); 572 } 573 574 if (hdr.xh_length < SMB_HEADER_LEN) 575 return (EPROTO); 576 577 session->keep_alive = smb_keep_alive; 578 579 /* 580 * Allocate a request context, read the SMB header and validate 581 * it. The sr includes a buffer large enough to hold the SMB 582 * request payload. If the header looks valid, read any 583 * remaining data. 584 */ 585 sr = smb_request_alloc(session, hdr.xh_length); 586 587 req_buf = (uint8_t *)sr->sr_request_buf; 588 resid = hdr.xh_length; 589 590 rc = smb_sorecv(session->sock, req_buf, SMB_HEADER_LEN); 591 if (rc) { 592 smb_request_free(sr); 593 return (rc); 594 } 595 596 if (SMB_PROTOCOL_MAGIC_INVALID(sr)) { 597 smb_request_free(sr); 598 return (EPROTO); 599 } 600 601 if (resid > SMB_HEADER_LEN) { 602 req_buf += SMB_HEADER_LEN; 603 resid -= SMB_HEADER_LEN; 604 605 rc = smb_sorecv(session->sock, req_buf, resid); 606 if (rc) { 607 smb_request_free(sr); 608 return (rc); 609 } 610 } 611 612 /* 613 * Initialize command MBC to represent the received data. 614 */ 615 smb_request_init_command_mbuf(sr); 616 617 DTRACE_PROBE1(session__receive__smb, smb_request_t *, sr); 618 619 /* 620 * If this is a raw write, hand off the request. The handler 621 * will retrieve the remaining raw data and process the request. 622 */ 623 if (SMB_IS_WRITERAW(sr)) { 624 rc = smb_handle_write_raw(session, sr); 625 /* XXX smb_request_free(sr); ??? */ 626 return (rc); 627 } 628 629 sr->sr_state = SMB_REQ_STATE_SUBMITTED; 630 (void) taskq_dispatch(session->s_server->sv_thread_pool, 631 smb_session_worker, sr, TQ_SLEEP); 632 } 633 } 634 635 /* 636 * Port will be SSN_SRVC_TCP_PORT or SMB_SRVC_TCP_PORT. 637 */ 638 smb_session_t * 639 smb_session_create(struct sonode *new_so, uint16_t port, smb_server_t *sv) 640 { 641 uint32_t ipaddr; 642 uint32_t local_ipaddr; 643 struct sockaddr_in sin; 644 smb_session_t *session; 645 646 session = kmem_cache_alloc(sv->si_cache_session, KM_SLEEP); 647 bzero(session, sizeof (smb_session_t)); 648 649 if (smb_idpool_constructor(&session->s_uid_pool)) { 650 kmem_cache_free(sv->si_cache_session, session); 651 return (NULL); 652 } 653 654 session->s_kid = SMB_NEW_KID(); 655 session->s_state = SMB_SESSION_STATE_INITIALIZED; 656 session->native_os = NATIVE_OS_UNKNOWN; 657 session->opentime = lbolt64; 658 session->keep_alive = smb_keep_alive; 659 session->activity_timestamp = lbolt64; 660 661 smb_slist_constructor(&session->s_req_list, sizeof (smb_request_t), 662 offsetof(smb_request_t, sr_session_lnd)); 663 664 smb_llist_constructor(&session->s_user_list, sizeof (smb_user_t), 665 offsetof(smb_user_t, u_lnd)); 666 667 smb_llist_constructor(&session->s_xa_list, sizeof (smb_xa_t), 668 offsetof(smb_xa_t, xa_lnd)); 669 670 smb_net_txl_constructor(&session->s_txlst); 671 672 smb_rwx_init(&session->s_lock); 673 674 if (new_so) { 675 bcopy(new_so->so_faddr_sa, &sin, new_so->so_faddr_len); 676 ipaddr = sin.sin_addr.s_addr; 677 bcopy(new_so->so_laddr_sa, &sin, new_so->so_faddr_len); 678 local_ipaddr = sin.sin_addr.s_addr; 679 session->s_local_port = port; 680 session->ipaddr = ipaddr; 681 session->local_ipaddr = local_ipaddr; 682 session->sock = new_so; 683 } 684 685 session->s_server = sv; 686 smb_server_get_cfg(sv, &session->s_cfg); 687 session->s_cache_request = sv->si_cache_request; 688 session->s_cache = sv->si_cache_session; 689 session->s_magic = SMB_SESSION_MAGIC; 690 return (session); 691 } 692 693 void 694 smb_session_delete(smb_session_t *session) 695 { 696 ASSERT(session->s_magic == SMB_SESSION_MAGIC); 697 698 session->s_magic = (uint32_t)~SMB_SESSION_MAGIC; 699 700 smb_rwx_destroy(&session->s_lock); 701 smb_net_txl_destructor(&session->s_txlst); 702 smb_slist_destructor(&session->s_req_list); 703 smb_llist_destructor(&session->s_user_list); 704 smb_llist_destructor(&session->s_xa_list); 705 706 ASSERT(session->s_tree_cnt == 0); 707 ASSERT(session->s_file_cnt == 0); 708 ASSERT(session->s_dir_cnt == 0); 709 710 smb_idpool_destructor(&session->s_uid_pool); 711 kmem_cache_free(session->s_cache, session); 712 } 713 714 void 715 smb_session_cancel(smb_session_t *session) 716 { 717 smb_xa_t *xa, *nextxa; 718 719 /* All the request currently being treated must be canceled. */ 720 smb_session_cancel_requests(session, NULL, NULL); 721 722 /* 723 * We wait for the completion of all the requests associated with 724 * this session. 725 */ 726 smb_slist_wait_for_empty(&session->s_req_list); 727 728 /* 729 * At this point the reference count of the users, trees, files, 730 * directories should be zero. It should be possible to destroy them 731 * without any problem. 732 */ 733 xa = smb_llist_head(&session->s_xa_list); 734 while (xa) { 735 nextxa = smb_llist_next(&session->s_xa_list, xa); 736 smb_xa_close(xa); 737 xa = nextxa; 738 } 739 smb_user_logoff_all(session); 740 } 741 742 /* 743 * Cancel requests. If a non-null tree is specified, only requests specific 744 * to that tree will be cancelled. If a non-null sr is specified, that sr 745 * will be not be cancelled - this would typically be the caller's sr. 746 */ 747 void 748 smb_session_cancel_requests( 749 smb_session_t *session, 750 smb_tree_t *tree, 751 smb_request_t *exclude_sr) 752 { 753 smb_request_t *sr; 754 755 smb_process_session_notify_change_queue(session, tree); 756 757 smb_slist_enter(&session->s_req_list); 758 sr = smb_slist_head(&session->s_req_list); 759 760 while (sr) { 761 ASSERT(sr->sr_magic == SMB_REQ_MAGIC); 762 if ((sr != exclude_sr) && 763 (tree == NULL || sr->tid_tree == tree)) 764 smb_request_cancel(sr); 765 766 sr = smb_slist_next(&session->s_req_list, sr); 767 } 768 769 smb_slist_exit(&session->s_req_list); 770 } 771 772 void 773 smb_session_worker( 774 void *arg) 775 { 776 smb_request_t *sr; 777 778 sr = (smb_request_t *)arg; 779 780 ASSERT(sr->sr_magic == SMB_REQ_MAGIC); 781 782 783 mutex_enter(&sr->sr_mutex); 784 switch (sr->sr_state) { 785 case SMB_REQ_STATE_SUBMITTED: 786 mutex_exit(&sr->sr_mutex); 787 smb_dispatch_request(sr); 788 mutex_enter(&sr->sr_mutex); 789 if (!sr->sr_keep) { 790 sr->sr_state = SMB_REQ_STATE_COMPLETED; 791 mutex_exit(&sr->sr_mutex); 792 smb_request_free(sr); 793 break; 794 } 795 mutex_exit(&sr->sr_mutex); 796 break; 797 798 default: 799 ASSERT(sr->sr_state == SMB_REQ_STATE_CANCELED); 800 sr->sr_state = SMB_REQ_STATE_COMPLETED; 801 mutex_exit(&sr->sr_mutex); 802 smb_request_free(sr); 803 break; 804 } 805 } 806 807 /* 808 * smb_session_disconnect_share 809 * 810 * Disconnects the specified share. This function should be called after the 811 * share passed in has been made unavailable by the "share manager". 812 */ 813 void 814 smb_session_disconnect_share(smb_session_list_t *se, char *sharename) 815 { 816 smb_session_t *session; 817 818 rw_enter(&se->se_lock, RW_READER); 819 session = list_head(&se->se_act.lst); 820 while (session) { 821 ASSERT(session->s_magic == SMB_SESSION_MAGIC); 822 smb_rwx_rwenter(&session->s_lock, RW_READER); 823 switch (session->s_state) { 824 case SMB_SESSION_STATE_NEGOTIATED: 825 case SMB_SESSION_STATE_OPLOCK_BREAKING: 826 case SMB_SESSION_STATE_WRITE_RAW_ACTIVE: { 827 smb_user_t *user; 828 smb_user_t *next; 829 830 user = smb_user_lookup_by_state(session, NULL); 831 while (user) { 832 smb_user_disconnect_share(user, sharename); 833 next = smb_user_lookup_by_state(session, user); 834 smb_user_release(user); 835 user = next; 836 } 837 break; 838 839 } 840 default: 841 break; 842 } 843 smb_rwx_rwexit(&session->s_lock); 844 session = list_next(&se->se_act.lst, session); 845 } 846 rw_exit(&se->se_lock); 847 } 848 849 /* 850 * smb_session_disconnect_volume 851 * 852 * This function is called when a volume is deleted. We need to ensure 853 * all trees with a reference to the volume are destroyed before we 854 * discard the fs_online. Before destroying each tree, we notify any 855 * in-progress requests and give them a chance to complete. 856 * 857 * NOTE: 858 * We shouldn't be accepting any new connection on this volume while 859 * we are in this function. 860 */ 861 void 862 smb_session_disconnect_volume(smb_session_list_t *se, const char *volname) 863 { 864 smb_session_t *session; 865 866 rw_enter(&se->se_lock, RW_READER); 867 session = list_head(&se->se_act.lst); 868 while (session) { 869 870 ASSERT(session->s_magic == SMB_SESSION_MAGIC); 871 smb_rwx_rwenter(&session->s_lock, RW_READER); 872 switch (session->s_state) { 873 case SMB_SESSION_STATE_NEGOTIATED: 874 case SMB_SESSION_STATE_OPLOCK_BREAKING: 875 case SMB_SESSION_STATE_WRITE_RAW_ACTIVE: { 876 smb_user_t *user; 877 smb_user_t *next; 878 879 user = smb_user_lookup_by_state(session, NULL); 880 while (user) { 881 smb_user_disconnect_volume(user, volname); 882 next = smb_user_lookup_by_state(session, user); 883 smb_user_release(user); 884 user = next; 885 } 886 break; 887 888 } 889 default: 890 break; 891 } 892 smb_rwx_rwexit(&session->s_lock); 893 session = list_next(&se->se_act.lst, session); 894 } 895 rw_exit(&se->se_lock); 896 } 897 898 void 899 smb_session_list_constructor(smb_session_list_t *se) 900 { 901 bzero(se, sizeof (*se)); 902 rw_init(&se->se_lock, NULL, RW_DEFAULT, NULL); 903 list_create(&se->se_rdy.lst, sizeof (smb_session_t), 904 offsetof(smb_session_t, s_lnd)); 905 list_create(&se->se_act.lst, sizeof (smb_session_t), 906 offsetof(smb_session_t, s_lnd)); 907 } 908 909 void 910 smb_session_list_destructor(smb_session_list_t *se) 911 { 912 list_destroy(&se->se_rdy.lst); 913 list_destroy(&se->se_act.lst); 914 rw_destroy(&se->se_lock); 915 } 916 917 void 918 smb_session_list_append(smb_session_list_t *se, smb_session_t *session) 919 { 920 ASSERT(session->s_magic == SMB_SESSION_MAGIC); 921 ASSERT(session->s_state == SMB_SESSION_STATE_INITIALIZED); 922 923 rw_enter(&se->se_lock, RW_WRITER); 924 list_insert_tail(&se->se_rdy.lst, session); 925 se->se_rdy.count++; 926 se->se_wrop++; 927 rw_exit(&se->se_lock); 928 } 929 930 void 931 smb_session_list_delete_tail(smb_session_list_t *se) 932 { 933 smb_session_t *session; 934 935 rw_enter(&se->se_lock, RW_WRITER); 936 session = list_tail(&se->se_rdy.lst); 937 if (session) { 938 ASSERT(session->s_magic == SMB_SESSION_MAGIC); 939 ASSERT(session->s_state == SMB_SESSION_STATE_INITIALIZED); 940 list_remove(&se->se_rdy.lst, session); 941 ASSERT(se->se_rdy.count); 942 se->se_rdy.count--; 943 rw_exit(&se->se_lock); 944 smb_session_delete(session); 945 return; 946 } 947 rw_exit(&se->se_lock); 948 } 949 950 smb_session_t * 951 smb_session_list_activate_head(smb_session_list_t *se) 952 { 953 smb_session_t *session; 954 955 rw_enter(&se->se_lock, RW_WRITER); 956 session = list_head(&se->se_rdy.lst); 957 if (session) { 958 ASSERT(session->s_magic == SMB_SESSION_MAGIC); 959 smb_rwx_rwenter(&session->s_lock, RW_WRITER); 960 ASSERT(session->s_state == SMB_SESSION_STATE_INITIALIZED); 961 session->s_thread = curthread; 962 session->s_ktdid = session->s_thread->t_did; 963 smb_rwx_rwexit(&session->s_lock); 964 list_remove(&se->se_rdy.lst, session); 965 se->se_rdy.count--; 966 list_insert_tail(&se->se_act.lst, session); 967 se->se_act.count++; 968 se->se_wrop++; 969 } 970 rw_exit(&se->se_lock); 971 return (session); 972 } 973 974 void 975 smb_session_list_terminate(smb_session_list_t *se, smb_session_t *session) 976 { 977 ASSERT(session->s_magic == SMB_SESSION_MAGIC); 978 979 rw_enter(&se->se_lock, RW_WRITER); 980 981 smb_rwx_rwenter(&session->s_lock, RW_WRITER); 982 ASSERT(session->s_state == SMB_SESSION_STATE_DISCONNECTED); 983 session->s_state = SMB_SESSION_STATE_TERMINATED; 984 smb_sodestroy(session->sock); 985 session->sock = NULL; 986 smb_rwx_rwexit(&session->s_lock); 987 988 list_remove(&se->se_act.lst, session); 989 se->se_act.count--; 990 se->se_wrop++; 991 992 ASSERT(session->s_thread == curthread); 993 994 rw_exit(&se->se_lock); 995 996 smb_session_delete(session); 997 } 998 999 /* 1000 * smb_session_list_signal 1001 * 1002 * This function signals all the session threads. The intent is to terminate 1003 * them. The sessions still in the SMB_SESSION_STATE_INITIALIZED are delete 1004 * immediately. 1005 * 1006 * This function must only be called by the threads listening and accepting 1007 * connections. They must pass in their respective session list. 1008 */ 1009 void 1010 smb_session_list_signal(smb_session_list_t *se) 1011 { 1012 smb_session_t *session; 1013 1014 rw_enter(&se->se_lock, RW_WRITER); 1015 while (session = list_head(&se->se_rdy.lst)) { 1016 1017 ASSERT(session->s_magic == SMB_SESSION_MAGIC); 1018 1019 smb_rwx_rwenter(&session->s_lock, RW_WRITER); 1020 ASSERT(session->s_state == SMB_SESSION_STATE_INITIALIZED); 1021 session->s_state = SMB_SESSION_STATE_TERMINATED; 1022 smb_sodestroy(session->sock); 1023 session->sock = NULL; 1024 smb_rwx_rwexit(&session->s_lock); 1025 1026 list_remove(&se->se_rdy.lst, session); 1027 se->se_rdy.count--; 1028 se->se_wrop++; 1029 1030 rw_exit(&se->se_lock); 1031 smb_session_delete(session); 1032 rw_enter(&se->se_lock, RW_WRITER); 1033 } 1034 rw_downgrade(&se->se_lock); 1035 1036 session = list_head(&se->se_act.lst); 1037 while (session) { 1038 1039 ASSERT(session->s_magic == SMB_SESSION_MAGIC); 1040 tsignal(session->s_thread, SIGINT); 1041 session = list_next(&se->se_act.lst, session); 1042 } 1043 rw_exit(&se->se_lock); 1044 } 1045 1046 /* 1047 * smb_request_alloc 1048 * 1049 * Allocate an smb_request_t structure from the kmem_cache. Partially 1050 * initialize the found/new request. 1051 * 1052 * Returns pointer to a request 1053 */ 1054 smb_request_t * 1055 smb_request_alloc(smb_session_t *session, int req_length) 1056 { 1057 smb_request_t *sr; 1058 1059 ASSERT(session->s_magic == SMB_SESSION_MAGIC); 1060 1061 sr = kmem_cache_alloc(session->s_cache_request, KM_SLEEP); 1062 1063 /* 1064 * Future: Use constructor to pre-initialize some fields. For now 1065 * there are so many fields that it is easiest just to zero the 1066 * whole thing and start over. 1067 */ 1068 bzero(sr, sizeof (smb_request_t)); 1069 1070 mutex_init(&sr->sr_mutex, NULL, MUTEX_DEFAULT, NULL); 1071 sr->session = session; 1072 sr->sr_server = session->s_server; 1073 sr->sr_gmtoff = session->s_server->si_gmtoff; 1074 sr->sr_cache = session->s_server->si_cache_request; 1075 sr->sr_cfg = &session->s_cfg; 1076 sr->request_storage.forw = &sr->request_storage; 1077 sr->request_storage.back = &sr->request_storage; 1078 sr->command.max_bytes = req_length; 1079 sr->reply.max_bytes = smb_maxbufsize; 1080 sr->sr_req_length = req_length; 1081 if (req_length) 1082 sr->sr_request_buf = kmem_alloc(req_length, KM_SLEEP); 1083 sr->sr_magic = SMB_REQ_MAGIC; 1084 sr->sr_state = SMB_REQ_STATE_INITIALIZING; 1085 smb_slist_insert_tail(&session->s_req_list, sr); 1086 return (sr); 1087 } 1088 1089 /* 1090 * smb_request_free 1091 * 1092 * release the memories which have been allocated for a smb request. 1093 */ 1094 void 1095 smb_request_free(smb_request_t *sr) 1096 { 1097 ASSERT(sr->sr_magic == SMB_REQ_MAGIC); 1098 ASSERT(sr->session); 1099 ASSERT(sr->fid_ofile == NULL); 1100 ASSERT(sr->sid_odir == NULL); 1101 ASSERT(sr->r_xa == NULL); 1102 1103 if (sr->tid_tree) 1104 smb_tree_release(sr->tid_tree); 1105 1106 if (sr->uid_user) 1107 smb_user_release(sr->uid_user); 1108 1109 smb_slist_remove(&sr->session->s_req_list, sr); 1110 1111 sr->session = NULL; 1112 1113 /* Release any temp storage */ 1114 smbsr_free_malloc_list(&sr->request_storage); 1115 1116 if (sr->sr_request_buf) 1117 kmem_free(sr->sr_request_buf, sr->sr_req_length); 1118 if (sr->command.chain) 1119 m_freem(sr->command.chain); 1120 if (sr->reply.chain) 1121 m_freem(sr->reply.chain); 1122 if (sr->raw_data.chain) 1123 m_freem(sr->raw_data.chain); 1124 1125 sr->sr_magic = 0; 1126 mutex_destroy(&sr->sr_mutex); 1127 kmem_cache_free(sr->sr_cache, sr); 1128 } 1129