xref: /titanic_51/usr/src/lib/libsmbfs/smb/rq.c (revision 430b4c467020edf2445feb0c21db01c88b86243a)

/*
 * Copyright 2011 Nexenta Systems, Inc.  All rights reserved.
 * Copyright (c) 2000, Boris Popov
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    This product includes software developed by Boris Popov.
 * 4. Neither the name of the author nor the names of any co-contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * $Id: rq.c,v 1.4 2004/12/13 00:25:23 lindak Exp $
 */

#include <sys/types.h>
#include <sys/param.h>
#include <sys/ioctl.h>
#include <sys/errno.h>
#include <sys/stat.h>

#include <ctype.h>
#include <errno.h>
#include <stdio.h>
#include <unistd.h>
#include <strings.h>
#include <stdlib.h>
#include <sysexits.h>
#include <libintl.h>

#include <netsmb/smb.h>
#include <netsmb/smb_lib.h>
#include "private.h"

#define	MIN_REPLY_SIZE 4096

static uint32_t smb_map_doserr(uint8_t, uint16_t);

/*
 * Create and initialize a request structure, for either an
 * "internal" request (one that does not use the driver) or
 * a regular "driver" request, that uses driver ioctls.
 *
 * The two kinds are built a little differently:
 * Driver requests are composed starting with the
 * first word of the "variable word vector" section.
 * The driver prepends the SMB header and word count.
 * The driver also needs an output buffer to receive
 * the response, filled in via copyout in the ioctl.
 *
 * Internal requests are composed entirely in this library.
 * Space for the SMB header is reserved here, and later
 * filled in by smb_rq_internal before the send/receive.
 */
int
smb_rq_init(struct smb_ctx *ctx, uchar_t cmd, struct smb_rq **rqpp)
{
	struct smb_rq *rqp;

	rqp = malloc(sizeof (*rqp));
	if (rqp == NULL)
		goto errout;
	bzero(rqp, sizeof (*rqp));
	rqp->rq_cmd = cmd;
	rqp->rq_ctx = ctx;

	/*
	 * Setup the request buffer.
	 * Do the reply buffer later.
	 */
	if (mb_init(&rqp->rq_rq))
		goto errout;

	/* Space for the SMB header. (filled in later) */
	mb_put_mem(&rqp->rq_rq, NULL, SMB_HDRLEN, MB_MSYSTEM);

	/*
	 * Copy the ctx flags here, so the caller can
	 * update the req flags before the OTW call.
	 */
	rqp->rq_hflags = ctx->ct_hflags;
	rqp->rq_hflags2 = ctx->ct_hflags2;

	*rqpp = rqp;
	return (0);

errout:
	if (rqp) {
		smb_rq_done(rqp);
		free(rqp);
	}
	return (ENOMEM);
}

void
smb_rq_done(struct smb_rq *rqp)
{
	mb_done(&rqp->rq_rp);
	mb_done(&rqp->rq_rq);
	free(rqp);
}

/*
 * Reserve space for the word count, which is filled in later by
 * smb_rq_wend().  Also initialize the counter that it uses
 * to figure out what value to fill in.
 *
 * Note that the word count happens to be 8-bits,
 * which can lead to confusion.
 */
void
smb_rq_wstart(struct smb_rq *rqp)
{
	struct mbdata *mbp = &rqp->rq_rq;

	(void) mb_fit(mbp, 1, &rqp->rq_wcntp);
	rqp->rq_wcbase = mbp->mb_count;
}

/*
 * Fill in the word count, in the space reserved by
 * smb_rq_wstart().
 */
void
smb_rq_wend(struct smb_rq *rqp)
{
	struct mbdata *mbp = &rqp->rq_rq;
	int wcnt;

	if (rqp->rq_wcntp == NULL) {
		DPRINT("no wcount ptr\n");
		return;
	}
	wcnt = mbp->mb_count - rqp->rq_wcbase;
	if (wcnt > 0x1ff)
		DPRINT("word count too large (%d)\n", wcnt);
	if (wcnt & 1)
		DPRINT("odd word count\n");
	wcnt >>= 1;

	/*
	 * Fill in the word count (8-bits).
	 * Also store it in the rq, in case
	 * we're using the ioctl path.
	 */
	*rqp->rq_wcntp = (char)wcnt;
}

/*
 * Reserve space for the byte count, which is filled in later by
 * smb_rq_bend().  Also initialize the counter that it uses
 * to figure out what value to fill in.
 *
 * Note that the byte count happens to be 16-bits,
 * which can lead to confusion.
 */
void
smb_rq_bstart(struct smb_rq *rqp)
{
	struct mbdata *mbp = &rqp->rq_rq;

	(void) mb_fit(mbp, 2, &rqp->rq_bcntp);
	rqp->rq_bcbase = mbp->mb_count;
}

/*
 * Fill in the byte count, in the space reserved by
 * smb_rq_bstart().
 */
void
smb_rq_bend(struct smb_rq *rqp)
{
	struct mbdata *mbp = &rqp->rq_rq;
	int bcnt;

	if (rqp->rq_bcntp == NULL) {
		DPRINT("no bcount ptr\n");
		return;
	}
	bcnt = mbp->mb_count - rqp->rq_bcbase;
	if (bcnt > 0xffff)
		DPRINT("byte count too large (%d)\n", bcnt);
	/*
	 * Fill in the byte count (16-bits).
	 * Also store it in the rq, in case
	 * we're using the ioctl path.
	 *
	 * The pointer is char * type due to
	 * typical off-by-one alignment.
	 */
	rqp->rq_bcntp[0] = bcnt & 0xFF;
	rqp->rq_bcntp[1] = (bcnt >> 8);
}

int
smb_rq_simple(struct smb_rq *rqp)
{
	struct smbioc_rq krq;
	struct mbdata *mbp;
	mbuf_t *m;
	char *data;
	uint32_t len;
	size_t rpbufsz;
	int error;

	bzero(&krq, sizeof (krq));
	krq.ioc_cmd = rqp->rq_cmd;

	/*
	 * Make the SMB request body contiguous,
	 * and fill in the ioctl request.
	 */
	mbp = smb_rq_getrequest(rqp);
	error = m_lineup(mbp->mb_top, &mbp->mb_top);
	if (error)
		return (error);

	data = mtod(mbp->mb_top, char *);
	len = m_totlen(mbp->mb_top);

	/*
	 * _rq_init left space for the SMB header,
	 * which makes mb_count the offset from
	 * the beginning of the header (useful).
	 * However, in this code path the driver
	 * prepends the header, so we skip it.
	 */
	krq.ioc_tbufsz = len - SMB_HDRLEN;
	krq.ioc_tbuf  = data + SMB_HDRLEN;

	/*
	 * Setup a buffer to hold the reply,
	 * at least MIN_REPLY_SIZE, or larger
	 * if the caller increased rq_rpbufsz.
	 */
	mbp = smb_rq_getreply(rqp);
	rpbufsz = rqp->rq_rpbufsz;
	if (rpbufsz < MIN_REPLY_SIZE)
		rpbufsz = MIN_REPLY_SIZE;
	if ((error = m_get(rpbufsz, &m)) != 0)
		return (error);
	mb_initm(mbp, m);
	krq.ioc_rbufsz = rpbufsz;
	krq.ioc_rbuf = mtod(m, char *);

	/*
	 * Call the driver
	 */
	if (ioctl(rqp->rq_ctx->ct_dev_fd, SMBIOC_REQUEST, &krq) == -1)
		return (errno);

	/*
	 * Initialize returned mbdata.
	 * SMB header already parsed.
	 */
	m->m_len = krq.ioc_rbufsz;

	return (0);
}


int
smb_t2_request(int dev_fd, int setupcount, uint16_t *setup,
	const char *name,
	int tparamcnt, void *tparam,
	int tdatacnt, void *tdata,
	int *rparamcnt, void *rparam,
	int *rdatacnt, void *rdata,
	int *buffer_oflow)
{
	smbioc_t2rq_t *krq;
	int i;

	krq = (smbioc_t2rq_t *)malloc(sizeof (smbioc_t2rq_t));
	bzero(krq, sizeof (*krq));

	if (setupcount < 0 || setupcount >= SMBIOC_T2RQ_MAXSETUP) {
		/* Bogus setup count, or too many setup words */
		return (EINVAL);
	}
	for (i = 0; i < setupcount; i++)
		krq->ioc_setup[i] = setup[i];
	krq->ioc_setupcnt = setupcount;
	strcpy(krq->ioc_name, name);
	krq->ioc_tparamcnt = tparamcnt;
	krq->ioc_tparam = tparam;
	krq->ioc_tdatacnt = tdatacnt;
	krq->ioc_tdata = tdata;

	krq->ioc_rparamcnt = *rparamcnt;
	krq->ioc_rdatacnt = *rdatacnt;
	krq->ioc_rparam = rparam;
	krq->ioc_rdata  = rdata;

	if (ioctl(dev_fd, SMBIOC_T2RQ, krq) == -1) {
		return (errno);
	}

	*rparamcnt = krq->ioc_rparamcnt;
	*rdatacnt = krq->ioc_rdatacnt;
	*buffer_oflow = (krq->ioc_rpflags2 & SMB_FLAGS2_ERR_STATUS) &&
	    (krq->ioc_error == NT_STATUS_BUFFER_OVERFLOW);
	free(krq);

	return (0);
}


/*
 * Do an over-the-wire call without using the nsmb driver.
 * This is all "internal" to this library, and used only
 * for connection setup (negotiate protocol, etc.)
 */
int
smb_rq_internal(struct smb_ctx *ctx, struct smb_rq *rqp)
{
	static const uint8_t ffsmb[4] = SMB_SIGNATURE;
	struct smb_iods *is = &ctx->ct_iods;
	uint32_t sigbuf[2];
	struct mbdata mbtmp, *mbp;
	int err, save_mlen;
	uint8_t ctmp;

	rqp->rq_uid = is->is_smbuid;
	rqp->rq_tid = SMB_TID_UNKNOWN;
	rqp->rq_mid = is->is_next_mid++;

	/*
	 * Fill in the NBT and SMB headers
	 * Using mbtmp so we can rewind without
	 * affecting the passed request mbdata.
	 */
	bcopy(&rqp->rq_rq, &mbtmp, sizeof (mbtmp));
	mbp = &mbtmp;
	mbp->mb_cur = mbp->mb_top;
	mbp->mb_pos = mbp->mb_cur->m_data;
	mbp->mb_count = 0;
	/* Have to save and restore m_len */
	save_mlen = mbp->mb_cur->m_len;
	mbp->mb_cur->m_len = 0;

	/*
	 * rewind done; fill it in
	 */
	mb_put_mem(mbp, ffsmb, SMB_SIGLEN, MB_MSYSTEM);
	mb_put_uint8(mbp, rqp->rq_cmd);
	mb_put_uint32le(mbp, 0);	/* status */
	mb_put_uint8(mbp, rqp->rq_hflags);
	mb_put_uint16le(mbp, rqp->rq_hflags2);
	/* pid_hi(2), signature(8), reserved(2) */
	mb_put_mem(mbp, NULL, 12, MB_MZERO);
	mb_put_uint16le(mbp, rqp->rq_tid);
	mb_put_uint16le(mbp, 0);	/* pid_lo */
	mb_put_uint16le(mbp, rqp->rq_uid);
	mb_put_uint16le(mbp, rqp->rq_mid);

	/* Restore original m_len */
	mbp->mb_cur->m_len = save_mlen;

	/*
	 * Sign the message, if flags2 indicates.
	 */
	if (rqp->rq_hflags2 & SMB_FLAGS2_SECURITY_SIGNATURE) {
		smb_rq_sign(rqp);
	}

	/*
	 * Send it, wait for the reply.
	 */
	if ((err = smb_ssn_send(ctx, &rqp->rq_rq)) != 0)
		return (err);

	if ((err = smb_ssn_recv(ctx, &rqp->rq_rp)) != 0)
		return (err);

	/*
	 * Should have an SMB header, at least.
	 */
	mbp = &rqp->rq_rp;
	if (mbp->mb_cur->m_len < SMB_HDRLEN) {
		DPRINT("len < 32");
		return (EBADRPC);
	}

	/*
	 * If the request was signed, validate the
	 * signature on the response.
	 */
	if (rqp->rq_hflags2 & SMB_FLAGS2_SECURITY_SIGNATURE) {
		err = smb_rq_verify(rqp);
		if (err) {
			DPRINT("bad signature");
			return (err);
		}
	}

	/*
	 * Decode the SMB header.
	 */
	md_get_mem(mbp, (char *)sigbuf, 4, MB_MSYSTEM);
	if (0 != bcmp(sigbuf, ffsmb, 4)) {
		DPRINT("not SMB");
		return (EBADRPC);
	}
	md_get_uint8(mbp, &ctmp);	/* SMB cmd */
	md_get_uint32le(mbp, &rqp->rq_status);
	md_get_uint8(mbp, &rqp->rq_hflags);
	md_get_uint16le(mbp, &rqp->rq_hflags2);
	/* pid_hi(2), signature(8), reserved(2) */
	md_get_mem(mbp, NULL, 12, MB_MSYSTEM);
	md_get_uint16le(mbp, &rqp->rq_tid);
	md_get_uint16le(mbp, NULL);	/* pid_lo */
	md_get_uint16le(mbp, &rqp->rq_uid);
	md_get_uint16le(mbp, &rqp->rq_mid);

	/*
	 * Figure out the status return.
	 * Caller looks at rq_status.
	 */
	if ((rqp->rq_hflags2 & SMB_FLAGS2_ERR_STATUS) == 0) {
		uint16_t	serr;
		uint8_t		class;

		class = rqp->rq_status & 0xff;
		serr  = rqp->rq_status >> 16;
		rqp->rq_status = smb_map_doserr(class, serr);
	}

	return (0);
}

/*
 * Map old DOS errors (etc.) to NT status codes.
 * We probably don't need this anymore, since
 * the oldest server we talk to is NT.  But if
 * later find we do need this, add support here
 * for the DOS errors we care about.
 */
static uint32_t
smb_map_doserr(uint8_t class, uint16_t serr)
{
	if (class == 0 && serr == 0)
		return (0);

	DPRINT("class 0x%x serr 0x%x", (int)class, (int)serr);
	return (NT_STATUS_UNSUCCESSFUL);
}