xref: /titanic_51/usr/src/uts/common/fs/smbsrv/smb_server.c (revision fa517adbe8e043d0cdff8c3b22591c6fdec89934)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
23  * Copyright 2013 Nexenta Systems, Inc.  All rights reserved.
24  */
25 
26 /*
27  * General Structures Layout
28  * -------------------------
29  *
30  * This is a simplified diagram showing the relationship between most of the
31  * main structures.
32  *
33  * +-------------------+
34  * |     SMB_SERVER    |
35  * +-------------------+
36  *          |
37  *          |
38  *          v
39  * +-------------------+       +-------------------+      +-------------------+
40  * |     SESSION       |<----->|     SESSION       |......|      SESSION      |
41  * +-------------------+       +-------------------+      +-------------------+
42  *          |
43  *          |
44  *          v
45  * +-------------------+       +-------------------+      +-------------------+
46  * |       USER        |<----->|       USER        |......|       USER        |
47  * +-------------------+       +-------------------+      +-------------------+
48  *          |
49  *          |
50  *          v
51  * +-------------------+       +-------------------+      +-------------------+
52  * |       TREE        |<----->|       TREE        |......|       TREE        |
53  * +-------------------+       +-------------------+      +-------------------+
54  *      |         |
55  *      |         |
56  *      |         v
57  *      |     +-------+       +-------+      +-------+
58  *      |     | OFILE |<----->| OFILE |......| OFILE |
59  *      |     +-------+       +-------+      +-------+
60  *      |
61  *      |
62  *      v
63  *  +-------+       +------+      +------+
64  *  | ODIR  |<----->| ODIR |......| ODIR |
65  *  +-------+       +------+      +------+
66  *
67  *
68  * Module Interface Overview
69  * -------------------------
70  *
71  *
72  *	    +===================================+
73  *	    |		 smbd daemon		|
74  *	    +===================================+
75  *	      |		     |		      ^
76  *	      |		     |		      |
77  * User	      |		     |		      |
78  * -----------|--------------|----------------|--------------------------------
79  * Kernel     |		     |		      |
80  *            |		     |		      |
81  *	      |		     |		      |
82  *  +=========|==============|================|=================+
83  *  |	      v		     v		      |			|
84  *  | +-----------+ +--------------------+ +------------------+ |
85  *  | |     IO    | | Kernel Door Server | | User Door Servers|	|
86  *  | | Interface | |     Interface      | |   Interface      | |
87  *  | +-----------+ +--------------------+ +------------------+ |
88  *  |		|	     |		      ^		^	|
89  *  |		v	     v		      |		|	|    +=========+
90  *  |	     +-----------------------------------+	|	|    |	       |
91  *  |	     + SMB Server Management (this file) |<------------------|	 ZFS   |
92  *  |	     +-----------------------------------+	|	|    |	       |
93  *  |							|	|    |  Module |
94  *  |	     +-----------------------------------+	|	|    |	       |
95  *  |	     +     SMB Server Internal Layers    |------+	|    +=========+
96  *  |	     +-----------------------------------+		|
97  *  |								|
98  *  |								|
99  *  +===========================================================+
100  *
101  *
102  * Server State Machine
103  * --------------------
104  *                                  |
105  *                                  | T0
106  *                                  |
107  *                                  v
108  *                    +-----------------------------+
109  *		      |   SMB_SERVER_STATE_CREATED  |
110  *		      +-----------------------------+
111  *				    |
112  *				    | T1
113  *				    |
114  *				    v
115  *		      +-----------------------------+
116  *		      | SMB_SERVER_STATE_CONFIGURED |
117  *		      +-----------------------------+
118  *				    |
119  *				    | T2
120  *				    |
121  *				    v
122  *		      +-----------------------------+
123  *		      |  SMB_SERVER_STATE_RUNNING / |
124  *		      |  SMB_SERVER_STATE_STOPPING  |
125  *		      +-----------------------------+
126  *				    |
127  *				    | T3
128  *				    |
129  *				    v
130  *		      +-----------------------------+
131  *		      |  SMB_SERVER_STATE_DELETING  |
132  *                    +-----------------------------+
133  *				    |
134  *				    |
135  *				    |
136  *				    v
137  *
138  * States
139  * ------
140  *
141  * SMB_SERVER_STATE_CREATED
142  *
143  *    This is the state of the server just after creation.
144  *
145  * SMB_SERVER_STATE_CONFIGURED
146  *
147  *    The server has been configured.
148  *
149  * SMB_SERVER_STATE_RUNNING
150  *
151  *    The server has been started. While in this state the threads listening on
152  *    the sockets are started.
153  *
154  *    When a client establishes a connection the thread listening dispatches
155  *    a task with the new session as an argument. If the dispatch fails the new
156  *    session context is destroyed.
157  *
158  * SMB_SERVER_STATE_STOPPING
159  *
160  *    The threads listening on the NBT and TCP sockets are being terminated.
161  *
162  *
163  * Transitions
164  * -----------
165  *
166  * Transition T0
167  *
168  *    The daemon smbd triggers its creation by opening the smbsrv device. If
169  *    the zone where the daemon lives doesn't have an smb server yet it is
170  *    created.
171  *
172  *		smb_drv_open() --> smb_server_create()
173  *
174  * Transition T1
175  *
176  *    This transition occurs in smb_server_configure(). It is triggered by the
177  *    daemon through an Ioctl.
178  *
179  *	smb_drv_ioctl(SMB_IOC_CONFIG) --> smb_server_configure()
180  *
181  * Transition T2
182  *
183  *    This transition occurs in smb_server_start(). It is triggered by the
184  *    daemon through an Ioctl.
185  *
186  *	smb_drv_ioctl(SMB_IOC_START) --> smb_server_start()
187  *
188  * Transition T3
189  *
190  *    This transition occurs in smb_server_delete(). It is triggered by the
191  *    daemon when closing the smbsrv device
192  *
193  *		smb_drv_close() --> smb_server_delete()
194  *
195  * Comments
196  * --------
197  *
198  * This files assumes that there will one SMB server per zone. For now the
199  * smb server works only in global zone. There's nothing in this file preventing
200  * an smb server from being created in a non global zone. That limitation is
201  * enforced in user space.
202  */
203 
204 #include <sys/cmn_err.h>
205 #include <sys/priv.h>
206 #include <sys/zone.h>
207 #include <netinet/in.h>
208 #include <netinet/in_systm.h>
209 #include <netinet/ip.h>
210 #include <netinet/ip_icmp.h>
211 #include <netinet/ip_var.h>
212 #include <netinet/tcp.h>
213 #include <smbsrv/smb_kproto.h>
214 #include <smbsrv/string.h>
215 #include <smbsrv/netbios.h>
216 #include <smbsrv/smb_fsops.h>
217 #include <smbsrv/smb_share.h>
218 #include <smbsrv/smb_door.h>
219 #include <smbsrv/smb_kstat.h>
220 
221 extern void smb_reply_notify_change_request(smb_request_t *);
222 
223 typedef struct {
224 	smb_listener_daemon_t	*ra_listener;
225 	smb_session_t		*ra_session;
226 } smb_receiver_arg_t;
227 
228 static void smb_server_kstat_init(smb_server_t *);
229 static void smb_server_kstat_fini(smb_server_t *);
230 static void smb_server_timers(smb_thread_t *, void *);
231 static void smb_server_store_cfg(smb_server_t *, smb_ioc_cfg_t *);
232 static void smb_server_shutdown(smb_server_t *);
233 static int smb_server_fsop_start(smb_server_t *);
234 static void smb_server_fsop_stop(smb_server_t *);
235 static void smb_event_cancel(smb_server_t *, uint32_t);
236 static uint32_t smb_event_alloc_txid(void);
237 
238 static void smb_server_disconnect_share(smb_llist_t *, const char *);
239 static void smb_server_enum_users(smb_llist_t *, smb_svcenum_t *);
240 static void smb_server_enum_trees(smb_llist_t *, smb_svcenum_t *);
241 static int smb_server_session_disconnect(smb_llist_t *, const char *,
242     const char *);
243 static int smb_server_fclose(smb_llist_t *, uint32_t);
244 static int smb_server_kstat_update(kstat_t *, int);
245 static int smb_server_legacy_kstat_update(kstat_t *, int);
246 static void smb_server_listener_init(smb_server_t *, smb_listener_daemon_t *,
247     char *, in_port_t, int);
248 static void smb_server_listener_destroy(smb_listener_daemon_t *);
249 static int smb_server_listener_start(smb_listener_daemon_t *);
250 static void smb_server_listener_stop(smb_listener_daemon_t *);
251 static void smb_server_listener(smb_thread_t *, void *);
252 static void smb_server_receiver(void *);
253 static void smb_server_create_session(smb_listener_daemon_t *, ksocket_t);
254 static void smb_server_destroy_session(smb_listener_daemon_t *,
255     smb_session_t *);
256 static uint16_t smb_spool_get_fid(smb_server_t *);
257 static boolean_t smb_spool_lookup_doc_byfid(smb_server_t *, uint16_t,
258     smb_kspooldoc_t *);
259 
260 int smb_event_debug = 0;
261 
262 static smb_llist_t	smb_servers;
263 
264 kmem_cache_t		*smb_cache_request;
265 kmem_cache_t		*smb_cache_session;
266 kmem_cache_t		*smb_cache_user;
267 kmem_cache_t		*smb_cache_tree;
268 kmem_cache_t		*smb_cache_ofile;
269 kmem_cache_t		*smb_cache_odir;
270 kmem_cache_t		*smb_cache_opipe;
271 kmem_cache_t		*smb_cache_event;
272 
273 /*
274  * *****************************************************************************
275  * **************** Functions called from the device interface *****************
276  * *****************************************************************************
277  *
278  * These functions typically have to determine the relevant smb server
279  * to which the call applies.
280  */
281 
282 /*
283  * smb_server_g_init
284  *
285  * This function must be called from smb_drv_attach().
286  */
287 int
288 smb_server_g_init(void)
289 {
290 	int rc;
291 
292 	if ((rc = smb_vop_init()) != 0)
293 		goto errout;
294 	if ((rc = smb_fem_init()) != 0)
295 		goto errout;
296 	if ((rc = smb_oplock_init()) != 0)
297 		goto errout;
298 
299 	smb_kshare_g_init();
300 	smb_codepage_init();
301 	smb_mbc_init();		/* smb_mbc_cache */
302 	smb_net_init();		/* smb_txr_cache */
303 	smb_node_init();	/* smb_node_cache, lists */
304 
305 	smb_cache_request = kmem_cache_create("smb_request_cache",
306 	    sizeof (smb_request_t), 8, NULL, NULL, NULL, NULL, NULL, 0);
307 	smb_cache_session = kmem_cache_create("smb_session_cache",
308 	    sizeof (smb_session_t), 8, NULL, NULL, NULL, NULL, NULL, 0);
309 	smb_cache_user = kmem_cache_create("smb_user_cache",
310 	    sizeof (smb_user_t), 8, NULL, NULL, NULL, NULL, NULL, 0);
311 	smb_cache_tree = kmem_cache_create("smb_tree_cache",
312 	    sizeof (smb_tree_t), 8, NULL, NULL, NULL, NULL, NULL, 0);
313 	smb_cache_ofile = kmem_cache_create("smb_ofile_cache",
314 	    sizeof (smb_ofile_t), 8, NULL, NULL, NULL, NULL, NULL, 0);
315 	smb_cache_odir = kmem_cache_create("smb_odir_cache",
316 	    sizeof (smb_odir_t), 8, NULL, NULL, NULL, NULL, NULL, 0);
317 	smb_cache_opipe = kmem_cache_create("smb_opipe_cache",
318 	    sizeof (smb_opipe_t), 8, NULL, NULL, NULL, NULL, NULL, 0);
319 	smb_cache_event = kmem_cache_create("smb_event_cache",
320 	    sizeof (smb_event_t), 8, NULL, NULL, NULL, NULL, NULL, 0);
321 
322 	smb_llist_init();
323 	smb_llist_constructor(&smb_servers, sizeof (smb_server_t),
324 	    offsetof(smb_server_t, sv_lnd));
325 
326 	return (0);
327 
328 errout:
329 	smb_fem_fini();
330 	smb_vop_fini();
331 	return (rc);
332 }
333 
334 /*
335  * smb_server_g_fini
336  *
337  * This function must called from smb_drv_detach(). It will fail if servers
338  * still exist.
339  */
340 int
341 smb_server_g_fini(void)
342 {
343 
344 	if (smb_llist_get_count(&smb_servers) != 0)
345 		return (EBUSY);
346 	smb_llist_fini();
347 
348 	kmem_cache_destroy(smb_cache_request);
349 	kmem_cache_destroy(smb_cache_session);
350 	kmem_cache_destroy(smb_cache_user);
351 	kmem_cache_destroy(smb_cache_tree);
352 	kmem_cache_destroy(smb_cache_ofile);
353 	kmem_cache_destroy(smb_cache_odir);
354 	kmem_cache_destroy(smb_cache_opipe);
355 	kmem_cache_destroy(smb_cache_event);
356 
357 	smb_node_fini();
358 	smb_net_fini();
359 	smb_mbc_fini();
360 	smb_kshare_g_fini();
361 
362 	smb_oplock_fini();
363 	smb_fem_fini();
364 	smb_vop_fini();
365 
366 	smb_llist_destructor(&smb_servers);
367 
368 	return (0);
369 }
370 
371 /*
372  * smb_server_create
373  *
374  * This function will fail if there's already a server associated with the
375  * caller's zone.
376  */
377 int
378 smb_server_create(void)
379 {
380 	zoneid_t	zid;
381 	smb_server_t	*sv;
382 
383 	zid = getzoneid();
384 
385 	smb_llist_enter(&smb_servers, RW_WRITER);
386 	sv = smb_llist_head(&smb_servers);
387 	while (sv) {
388 		SMB_SERVER_VALID(sv);
389 		if (sv->sv_zid == zid) {
390 			smb_llist_exit(&smb_servers);
391 			return (EPERM);
392 		}
393 		sv = smb_llist_next(&smb_servers, sv);
394 	}
395 
396 	sv = kmem_zalloc(sizeof (smb_server_t), KM_SLEEP);
397 
398 	sv->sv_magic = SMB_SERVER_MAGIC;
399 	sv->sv_state = SMB_SERVER_STATE_CREATED;
400 	sv->sv_zid = zid;
401 	sv->sv_pid = ddi_get_pid();
402 
403 	mutex_init(&sv->sv_mutex, NULL, MUTEX_DEFAULT, NULL);
404 	cv_init(&sv->sv_cv, NULL, CV_DEFAULT, NULL);
405 	cv_init(&sv->sp_info.sp_cv, NULL, CV_DEFAULT, NULL);
406 
407 	smb_llist_constructor(&sv->sv_opipe_list, sizeof (smb_opipe_t),
408 	    offsetof(smb_opipe_t, p_lnd));
409 
410 	smb_llist_constructor(&sv->sv_event_list, sizeof (smb_event_t),
411 	    offsetof(smb_event_t, se_lnd));
412 
413 	smb_llist_constructor(&sv->sp_info.sp_list, sizeof (smb_kspooldoc_t),
414 	    offsetof(smb_kspooldoc_t, sd_lnd));
415 
416 	smb_llist_constructor(&sv->sp_info.sp_fidlist,
417 	    sizeof (smb_spoolfid_t), offsetof(smb_spoolfid_t, sf_lnd));
418 
419 	sv->sv_disp_stats = kmem_zalloc(SMB_COM_NUM *
420 	    sizeof (smb_disp_stats_t), KM_SLEEP);
421 
422 	smb_thread_init(&sv->si_thread_timers, "smb_timers",
423 	    smb_server_timers, sv, smbsrv_timer_pri);
424 
425 	smb_srqueue_init(&sv->sv_srqueue);
426 
427 	smb_kdoor_init(sv);
428 	smb_kshare_init(sv);
429 	smb_opipe_door_init(sv);
430 	smb_server_kstat_init(sv);
431 
432 	smb_threshold_init(&sv->sv_ssetup_ct, SMB_SSETUP_CMD,
433 	    smb_ssetup_threshold, smb_ssetup_timeout);
434 	smb_threshold_init(&sv->sv_tcon_ct, SMB_TCON_CMD,
435 	    smb_tcon_threshold, smb_tcon_timeout);
436 	smb_threshold_init(&sv->sv_opipe_ct, SMB_OPIPE_CMD,
437 	    smb_opipe_threshold, smb_opipe_timeout);
438 
439 	smb_llist_insert_tail(&smb_servers, sv);
440 	smb_llist_exit(&smb_servers);
441 
442 	return (0);
443 }
444 
445 /*
446  * smb_server_delete
447  *
448  * This function will delete the server passed in. It will make sure that all
449  * activity associated that server has ceased before destroying it.
450  */
451 int
452 smb_server_delete(void)
453 {
454 	smb_server_t	*sv;
455 	int		rc;
456 
457 	rc = smb_server_lookup(&sv);
458 	if (rc != 0)
459 		return (rc);
460 
461 	mutex_enter(&sv->sv_mutex);
462 	switch (sv->sv_state) {
463 	case SMB_SERVER_STATE_RUNNING:
464 		sv->sv_state = SMB_SERVER_STATE_STOPPING;
465 		mutex_exit(&sv->sv_mutex);
466 		smb_server_shutdown(sv);
467 		mutex_enter(&sv->sv_mutex);
468 		cv_broadcast(&sv->sp_info.sp_cv);
469 		sv->sv_state = SMB_SERVER_STATE_DELETING;
470 		break;
471 	case SMB_SERVER_STATE_STOPPING:
472 		sv->sv_state = SMB_SERVER_STATE_DELETING;
473 		break;
474 	case SMB_SERVER_STATE_CONFIGURED:
475 	case SMB_SERVER_STATE_CREATED:
476 		sv->sv_state = SMB_SERVER_STATE_DELETING;
477 		break;
478 	default:
479 		SMB_SERVER_STATE_VALID(sv->sv_state);
480 		mutex_exit(&sv->sv_mutex);
481 		smb_server_release(sv);
482 		return (ENOTTY);
483 	}
484 
485 	ASSERT(sv->sv_state == SMB_SERVER_STATE_DELETING);
486 
487 	sv->sv_refcnt--;
488 	while (sv->sv_refcnt)
489 		cv_wait(&sv->sv_cv, &sv->sv_mutex);
490 
491 	mutex_exit(&sv->sv_mutex);
492 
493 	smb_llist_enter(&smb_servers, RW_WRITER);
494 	smb_llist_remove(&smb_servers, sv);
495 	smb_llist_exit(&smb_servers);
496 
497 	smb_threshold_fini(&sv->sv_ssetup_ct);
498 	smb_threshold_fini(&sv->sv_tcon_ct);
499 	smb_threshold_fini(&sv->sv_opipe_ct);
500 
501 	smb_server_listener_destroy(&sv->sv_nbt_daemon);
502 	smb_server_listener_destroy(&sv->sv_tcp_daemon);
503 	rw_destroy(&sv->sv_cfg_lock);
504 	smb_server_kstat_fini(sv);
505 	smb_opipe_door_fini(sv);
506 	smb_kshare_fini(sv);
507 	smb_kdoor_fini(sv);
508 	smb_llist_destructor(&sv->sv_opipe_list);
509 	smb_llist_destructor(&sv->sv_event_list);
510 
511 	kmem_free(sv->sv_disp_stats,
512 	    SMB_COM_NUM * sizeof (smb_disp_stats_t));
513 
514 	smb_srqueue_destroy(&sv->sv_srqueue);
515 	smb_thread_destroy(&sv->si_thread_timers);
516 
517 	mutex_destroy(&sv->sv_mutex);
518 	cv_destroy(&sv->sv_cv);
519 	sv->sv_magic = 0;
520 	kmem_free(sv, sizeof (smb_server_t));
521 
522 	return (0);
523 }
524 
525 /*
526  * smb_server_configure
527  */
528 int
529 smb_server_configure(smb_ioc_cfg_t *ioc)
530 {
531 	int		rc = 0;
532 	smb_server_t	*sv;
533 
534 	rc = smb_server_lookup(&sv);
535 	if (rc)
536 		return (rc);
537 
538 	mutex_enter(&sv->sv_mutex);
539 	switch (sv->sv_state) {
540 	case SMB_SERVER_STATE_CREATED:
541 		smb_server_store_cfg(sv, ioc);
542 		sv->sv_state = SMB_SERVER_STATE_CONFIGURED;
543 		break;
544 
545 	case SMB_SERVER_STATE_CONFIGURED:
546 		smb_server_store_cfg(sv, ioc);
547 		break;
548 
549 	case SMB_SERVER_STATE_RUNNING:
550 	case SMB_SERVER_STATE_STOPPING:
551 		rw_enter(&sv->sv_cfg_lock, RW_WRITER);
552 		smb_server_store_cfg(sv, ioc);
553 		rw_exit(&sv->sv_cfg_lock);
554 		break;
555 
556 	default:
557 		SMB_SERVER_STATE_VALID(sv->sv_state);
558 		rc = EFAULT;
559 		break;
560 	}
561 	mutex_exit(&sv->sv_mutex);
562 
563 	smb_server_release(sv);
564 
565 	return (rc);
566 }
567 
568 /*
569  * smb_server_start
570  */
571 int
572 smb_server_start(smb_ioc_start_t *ioc)
573 {
574 	int		rc = 0;
575 	int		family;
576 	smb_server_t	*sv;
577 
578 	rc = smb_server_lookup(&sv);
579 	if (rc)
580 		return (rc);
581 
582 	mutex_enter(&sv->sv_mutex);
583 	switch (sv->sv_state) {
584 	case SMB_SERVER_STATE_CONFIGURED:
585 
586 		if ((rc = smb_server_fsop_start(sv)) != 0)
587 			break;
588 
589 		if ((rc = smb_kshare_start(sv)) != 0)
590 			break;
591 
592 		/*
593 		 * NB: the proc passed here has to be a "system" one.
594 		 * Normally that's p0, or the NGZ eqivalent.
595 		 */
596 		sv->sv_worker_pool = taskq_create_proc("smb_workers",
597 		    sv->sv_cfg.skc_maxworkers, smbsrv_worker_pri,
598 		    sv->sv_cfg.skc_maxworkers, INT_MAX,
599 		    curzone->zone_zsched, TASKQ_DYNAMIC);
600 
601 		sv->sv_receiver_pool = taskq_create_proc("smb_receivers",
602 		    sv->sv_cfg.skc_maxconnections, smbsrv_receive_pri,
603 		    sv->sv_cfg.skc_maxconnections, INT_MAX,
604 		    curzone->zone_zsched, TASKQ_DYNAMIC);
605 
606 		sv->sv_session = smb_session_create(NULL, 0, sv, 0);
607 
608 		if (sv->sv_worker_pool == NULL || sv->sv_session == NULL) {
609 			rc = ENOMEM;
610 			break;
611 		}
612 
613 #ifdef	_KERNEL
614 		ASSERT(sv->sv_lmshrd == NULL);
615 		sv->sv_lmshrd = smb_kshare_door_init(ioc->lmshrd);
616 		if (sv->sv_lmshrd == NULL)
617 			break;
618 		if (rc = smb_kdoor_open(sv, ioc->udoor)) {
619 			cmn_err(CE_WARN, "Cannot open smbd door");
620 			break;
621 		}
622 		if (rc = smb_opipe_door_open(sv, ioc->opipe)) {
623 			cmn_err(CE_WARN, "Cannot open opipe door");
624 			break;
625 		}
626 #else	/* _KERNEL */
627 		/* Fake kernel does not use the kshare_door */
628 		fksmb_kdoor_open(sv, ioc->udoor_func);
629 		fksmb_opipe_door_open(sv, ioc->opipe_func);
630 #endif	/* _KERNEL */
631 
632 		if (rc = smb_thread_start(&sv->si_thread_timers))
633 			break;
634 
635 		family = AF_INET;
636 		smb_server_listener_init(sv, &sv->sv_nbt_daemon,
637 		    "smb_nbt_listener", IPPORT_NETBIOS_SSN, family);
638 		if (sv->sv_cfg.skc_ipv6_enable)
639 			family = AF_INET6;
640 		smb_server_listener_init(sv, &sv->sv_tcp_daemon,
641 		    "smb_tcp_listener", IPPORT_SMB, family);
642 		rc = smb_server_listener_start(&sv->sv_tcp_daemon);
643 		if (rc != 0)
644 			break;
645 		if (sv->sv_cfg.skc_netbios_enable)
646 			(void) smb_server_listener_start(&sv->sv_nbt_daemon);
647 
648 		sv->sv_state = SMB_SERVER_STATE_RUNNING;
649 		sv->sv_start_time = gethrtime();
650 		mutex_exit(&sv->sv_mutex);
651 		smb_server_release(sv);
652 		smb_export_start(sv);
653 		return (0);
654 	default:
655 		SMB_SERVER_STATE_VALID(sv->sv_state);
656 		mutex_exit(&sv->sv_mutex);
657 		smb_server_release(sv);
658 		return (ENOTTY);
659 	}
660 
661 	mutex_exit(&sv->sv_mutex);
662 	smb_server_shutdown(sv);
663 	smb_server_release(sv);
664 	return (rc);
665 }
666 
667 /*
668  * An smbd is shutting down.
669  */
670 int
671 smb_server_stop(void)
672 {
673 	smb_server_t	*sv;
674 	int		rc;
675 
676 	if ((rc = smb_server_lookup(&sv)) != 0)
677 		return (rc);
678 
679 	mutex_enter(&sv->sv_mutex);
680 	switch (sv->sv_state) {
681 	case SMB_SERVER_STATE_RUNNING:
682 		sv->sv_state = SMB_SERVER_STATE_STOPPING;
683 		mutex_exit(&sv->sv_mutex);
684 		smb_server_shutdown(sv);
685 		mutex_enter(&sv->sv_mutex);
686 		cv_broadcast(&sv->sp_info.sp_cv);
687 		break;
688 	default:
689 		SMB_SERVER_STATE_VALID(sv->sv_state);
690 		break;
691 	}
692 	mutex_exit(&sv->sv_mutex);
693 
694 	smb_server_release(sv);
695 	return (0);
696 }
697 
698 boolean_t
699 smb_server_is_stopping(smb_server_t *sv)
700 {
701 	boolean_t	status;
702 
703 	SMB_SERVER_VALID(sv);
704 
705 	mutex_enter(&sv->sv_mutex);
706 
707 	switch (sv->sv_state) {
708 	case SMB_SERVER_STATE_STOPPING:
709 	case SMB_SERVER_STATE_DELETING:
710 		status = B_TRUE;
711 		break;
712 	default:
713 		status = B_FALSE;
714 		break;
715 	}
716 
717 	mutex_exit(&sv->sv_mutex);
718 	return (status);
719 }
720 
721 void
722 smb_server_cancel_event(smb_server_t *sv, uint32_t txid)
723 {
724 	smb_event_cancel(sv, txid);
725 }
726 
727 int
728 smb_server_notify_event(smb_ioc_event_t *ioc)
729 {
730 	smb_server_t	*sv;
731 	int		rc;
732 
733 	if ((rc = smb_server_lookup(&sv)) == 0) {
734 		smb_event_notify(sv, ioc->txid);
735 		smb_server_release(sv);
736 	}
737 
738 	return (rc);
739 }
740 
741 /*
742  * smb_server_spooldoc
743  *
744  * Waits for print file close broadcast.
745  * Gets the head of the fid list,
746  * then searches the spooldoc list and returns
747  * this info via the ioctl to user land.
748  *
749  * rc - 0 success
750  */
751 
752 int
753 smb_server_spooldoc(smb_ioc_spooldoc_t *ioc)
754 {
755 	smb_server_t	*sv;
756 	int		rc;
757 	smb_kspooldoc_t *spdoc;
758 	uint16_t	fid;
759 
760 	if ((rc = smb_server_lookup(&sv)) != 0)
761 		return (rc);
762 
763 	if (sv->sv_cfg.skc_print_enable == 0) {
764 		rc = ENOTTY;
765 		goto out;
766 	}
767 
768 	mutex_enter(&sv->sv_mutex);
769 	for (;;) {
770 		if (sv->sv_state != SMB_SERVER_STATE_RUNNING) {
771 			rc = ECANCELED;
772 			break;
773 		}
774 		if ((fid = smb_spool_get_fid(sv)) != 0) {
775 			rc = 0;
776 			break;
777 		}
778 		if (cv_wait_sig(&sv->sp_info.sp_cv, &sv->sv_mutex) == 0) {
779 			rc = EINTR;
780 			break;
781 		}
782 	}
783 	mutex_exit(&sv->sv_mutex);
784 	if (rc != 0)
785 		goto out;
786 
787 	spdoc = kmem_zalloc(sizeof (*spdoc), KM_SLEEP);
788 	if (smb_spool_lookup_doc_byfid(sv, fid, spdoc)) {
789 		ioc->spool_num = spdoc->sd_spool_num;
790 		ioc->ipaddr = spdoc->sd_ipaddr;
791 		(void) strlcpy(ioc->path, spdoc->sd_path,
792 		    MAXPATHLEN);
793 		(void) strlcpy(ioc->username,
794 		    spdoc->sd_username, MAXNAMELEN);
795 	} else {
796 		/* Did not find that print job. */
797 		rc = EAGAIN;
798 	}
799 	kmem_free(spdoc, sizeof (*spdoc));
800 
801 out:
802 	smb_server_release(sv);
803 	return (rc);
804 }
805 
806 int
807 smb_server_set_gmtoff(smb_ioc_gmt_t *ioc)
808 {
809 	int		rc;
810 	smb_server_t	*sv;
811 
812 	if ((rc = smb_server_lookup(&sv)) == 0) {
813 		sv->si_gmtoff = ioc->offset;
814 		smb_server_release(sv);
815 	}
816 
817 	return (rc);
818 }
819 
820 int
821 smb_server_numopen(smb_ioc_opennum_t *ioc)
822 {
823 	smb_server_t	*sv;
824 	int		rc;
825 
826 	if ((rc = smb_server_lookup(&sv)) == 0) {
827 		ioc->open_users = sv->sv_users;
828 		ioc->open_trees = sv->sv_trees;
829 		ioc->open_files = sv->sv_files + sv->sv_pipes;
830 		smb_server_release(sv);
831 	}
832 	return (rc);
833 }
834 
835 /*
836  * Enumerate objects within the server.  The svcenum provides the
837  * enumeration context, i.e. what the caller want to get back.
838  */
839 int
840 smb_server_enum(smb_ioc_svcenum_t *ioc)
841 {
842 	smb_svcenum_t	*svcenum = &ioc->svcenum;
843 	smb_server_t	*sv;
844 	int		rc;
845 
846 	if ((rc = smb_server_lookup(&sv)) != 0)
847 		return (rc);
848 
849 	svcenum->se_bavail = svcenum->se_buflen;
850 	svcenum->se_bused = 0;
851 	svcenum->se_nitems = 0;
852 
853 	switch (svcenum->se_type) {
854 	case SMB_SVCENUM_TYPE_USER:
855 		smb_server_enum_users(&sv->sv_nbt_daemon.ld_session_list,
856 		    svcenum);
857 		smb_server_enum_users(&sv->sv_tcp_daemon.ld_session_list,
858 		    svcenum);
859 		break;
860 	case SMB_SVCENUM_TYPE_TREE:
861 	case SMB_SVCENUM_TYPE_FILE:
862 		smb_server_enum_trees(&sv->sv_nbt_daemon.ld_session_list,
863 		    svcenum);
864 		smb_server_enum_trees(&sv->sv_tcp_daemon.ld_session_list,
865 		    svcenum);
866 		break;
867 	default:
868 		rc = EINVAL;
869 	}
870 
871 	smb_server_release(sv);
872 	return (rc);
873 }
874 
875 /*
876  * Look for sessions to disconnect by client and user name.
877  */
878 int
879 smb_server_session_close(smb_ioc_session_t *ioc)
880 {
881 	smb_llist_t	*ll;
882 	smb_server_t	*sv;
883 	int		nbt_cnt;
884 	int		tcp_cnt;
885 	int		rc;
886 
887 	if ((rc = smb_server_lookup(&sv)) != 0)
888 		return (rc);
889 
890 	ll = &sv->sv_nbt_daemon.ld_session_list;
891 	nbt_cnt = smb_server_session_disconnect(ll, ioc->client, ioc->username);
892 
893 	ll = &sv->sv_tcp_daemon.ld_session_list;
894 	tcp_cnt = smb_server_session_disconnect(ll, ioc->client, ioc->username);
895 
896 	smb_server_release(sv);
897 
898 	if ((nbt_cnt == 0) && (tcp_cnt == 0))
899 		return (ENOENT);
900 	return (0);
901 }
902 
903 /*
904  * Close a file by uniqid.
905  */
906 int
907 smb_server_file_close(smb_ioc_fileid_t *ioc)
908 {
909 	uint32_t	uniqid = ioc->uniqid;
910 	smb_llist_t	*ll;
911 	smb_server_t	*sv;
912 	int		rc;
913 
914 	if ((rc = smb_server_lookup(&sv)) != 0)
915 		return (rc);
916 
917 	ll = &sv->sv_nbt_daemon.ld_session_list;
918 	rc = smb_server_fclose(ll, uniqid);
919 
920 	if (rc == ENOENT) {
921 		ll = &sv->sv_tcp_daemon.ld_session_list;
922 		rc = smb_server_fclose(ll, uniqid);
923 	}
924 
925 	smb_server_release(sv);
926 	return (rc);
927 }
928 
929 /*
930  * These functions determine the relevant smb server to which the call apply.
931  */
932 
933 uint32_t
934 smb_server_get_session_count(smb_server_t *sv)
935 {
936 	uint32_t	counter = 0;
937 
938 	counter = smb_llist_get_count(&sv->sv_nbt_daemon.ld_session_list);
939 	counter += smb_llist_get_count(&sv->sv_tcp_daemon.ld_session_list);
940 
941 	return (counter);
942 }
943 
944 /*
945  * Gets the vnode of the specified share path.
946  *
947  * A hold on the returned vnode pointer is taken so the caller
948  * must call VN_RELE.
949  */
950 int
951 smb_server_sharevp(smb_server_t *sv, const char *shr_path, vnode_t **vp)
952 {
953 	smb_request_t	*sr;
954 	smb_node_t	*fnode = NULL;
955 	smb_node_t	*dnode;
956 	char		last_comp[MAXNAMELEN];
957 	int		rc = 0;
958 
959 	ASSERT(shr_path);
960 
961 	mutex_enter(&sv->sv_mutex);
962 	switch (sv->sv_state) {
963 	case SMB_SERVER_STATE_RUNNING:
964 		break;
965 	default:
966 		mutex_exit(&sv->sv_mutex);
967 		return (ENOTACTIVE);
968 	}
969 	mutex_exit(&sv->sv_mutex);
970 
971 	if ((sr = smb_request_alloc(sv->sv_session, 0)) == NULL) {
972 		return (ENOMEM);
973 	}
974 	sr->user_cr = zone_kcred();
975 
976 	rc = smb_pathname_reduce(sr, sr->user_cr, shr_path,
977 	    NULL, NULL, &dnode, last_comp);
978 
979 	if (rc == 0) {
980 		rc = smb_fsop_lookup(sr, sr->user_cr, SMB_FOLLOW_LINKS,
981 		    sv->si_root_smb_node, dnode, last_comp, &fnode);
982 		smb_node_release(dnode);
983 	}
984 
985 	smb_request_free(sr);
986 
987 	if (rc != 0)
988 		return (rc);
989 
990 	ASSERT(fnode->vp && fnode->vp->v_vfsp);
991 
992 	VN_HOLD(fnode->vp);
993 	*vp = fnode->vp;
994 
995 	smb_node_release(fnode);
996 
997 	return (0);
998 }
999 
1000 #ifdef	_KERNEL
1001 /*
1002  * This is a special interface that will be utilized by ZFS to cause a share to
1003  * be added/removed.
1004  *
1005  * arg is either a lmshare_info_t or share_name from userspace.
1006  * It will need to be copied into the kernel.   It is lmshare_info_t
1007  * for add operations and share_name for delete operations.
1008  */
1009 int
1010 smb_server_share(void *arg, boolean_t add_share)
1011 {
1012 	smb_server_t	*sv;
1013 	int		rc;
1014 
1015 	if ((rc = smb_server_lookup(&sv)) == 0) {
1016 		mutex_enter(&sv->sv_mutex);
1017 		switch (sv->sv_state) {
1018 		case SMB_SERVER_STATE_RUNNING:
1019 			mutex_exit(&sv->sv_mutex);
1020 			(void) smb_kshare_upcall(sv->sv_lmshrd, arg, add_share);
1021 			break;
1022 		default:
1023 			mutex_exit(&sv->sv_mutex);
1024 			break;
1025 		}
1026 		smb_server_release(sv);
1027 	}
1028 
1029 	return (rc);
1030 }
1031 #endif	/* _KERNEL */
1032 
1033 int
1034 smb_server_unshare(const char *sharename)
1035 {
1036 	smb_server_t	*sv;
1037 	smb_llist_t	*ll;
1038 	int		rc;
1039 
1040 	if ((rc = smb_server_lookup(&sv)))
1041 		return (rc);
1042 
1043 	mutex_enter(&sv->sv_mutex);
1044 	switch (sv->sv_state) {
1045 	case SMB_SERVER_STATE_RUNNING:
1046 	case SMB_SERVER_STATE_STOPPING:
1047 		break;
1048 	default:
1049 		mutex_exit(&sv->sv_mutex);
1050 		smb_server_release(sv);
1051 		return (ENOTACTIVE);
1052 	}
1053 	mutex_exit(&sv->sv_mutex);
1054 
1055 	ll = &sv->sv_nbt_daemon.ld_session_list;
1056 	smb_server_disconnect_share(ll, sharename);
1057 
1058 	ll = &sv->sv_tcp_daemon.ld_session_list;
1059 	smb_server_disconnect_share(ll, sharename);
1060 
1061 	smb_server_release(sv);
1062 	return (0);
1063 }
1064 
1065 /*
1066  * Disconnect the specified share.
1067  * Typically called when a share has been removed.
1068  */
1069 static void
1070 smb_server_disconnect_share(smb_llist_t *ll, const char *sharename)
1071 {
1072 	smb_session_t	*session;
1073 
1074 	smb_llist_enter(ll, RW_READER);
1075 
1076 	session = smb_llist_head(ll);
1077 	while (session) {
1078 		SMB_SESSION_VALID(session);
1079 		smb_rwx_rwenter(&session->s_lock, RW_READER);
1080 		switch (session->s_state) {
1081 		case SMB_SESSION_STATE_NEGOTIATED:
1082 		case SMB_SESSION_STATE_OPLOCK_BREAKING:
1083 			smb_session_disconnect_share(session, sharename);
1084 			break;
1085 		default:
1086 			break;
1087 		}
1088 		smb_rwx_rwexit(&session->s_lock);
1089 		session = smb_llist_next(ll, session);
1090 	}
1091 
1092 	smb_llist_exit(ll);
1093 }
1094 
1095 /*
1096  * *****************************************************************************
1097  * **************** Functions called from the internal layers ******************
1098  * *****************************************************************************
1099  *
1100  * These functions are provided the relevant smb server by the caller.
1101  */
1102 
1103 void
1104 smb_server_get_cfg(smb_server_t *sv, smb_kmod_cfg_t *cfg)
1105 {
1106 	rw_enter(&sv->sv_cfg_lock, RW_READER);
1107 	bcopy(&sv->sv_cfg, cfg, sizeof (*cfg));
1108 	rw_exit(&sv->sv_cfg_lock);
1109 }
1110 
1111 /*
1112  *
1113  */
1114 void
1115 smb_server_inc_nbt_sess(smb_server_t *sv)
1116 {
1117 	SMB_SERVER_VALID(sv);
1118 	atomic_inc_32(&sv->sv_nbt_sess);
1119 }
1120 
1121 void
1122 smb_server_dec_nbt_sess(smb_server_t *sv)
1123 {
1124 	SMB_SERVER_VALID(sv);
1125 	atomic_dec_32(&sv->sv_nbt_sess);
1126 }
1127 
1128 void
1129 smb_server_inc_tcp_sess(smb_server_t *sv)
1130 {
1131 	SMB_SERVER_VALID(sv);
1132 	atomic_inc_32(&sv->sv_tcp_sess);
1133 }
1134 
1135 void
1136 smb_server_dec_tcp_sess(smb_server_t *sv)
1137 {
1138 	SMB_SERVER_VALID(sv);
1139 	atomic_dec_32(&sv->sv_tcp_sess);
1140 }
1141 
1142 void
1143 smb_server_inc_users(smb_server_t *sv)
1144 {
1145 	SMB_SERVER_VALID(sv);
1146 	atomic_inc_32(&sv->sv_users);
1147 }
1148 
1149 void
1150 smb_server_dec_users(smb_server_t *sv)
1151 {
1152 	SMB_SERVER_VALID(sv);
1153 	atomic_dec_32(&sv->sv_users);
1154 }
1155 
1156 void
1157 smb_server_inc_trees(smb_server_t *sv)
1158 {
1159 	SMB_SERVER_VALID(sv);
1160 	atomic_inc_32(&sv->sv_trees);
1161 }
1162 
1163 void
1164 smb_server_dec_trees(smb_server_t *sv)
1165 {
1166 	SMB_SERVER_VALID(sv);
1167 	atomic_dec_32(&sv->sv_trees);
1168 }
1169 
1170 void
1171 smb_server_inc_files(smb_server_t *sv)
1172 {
1173 	SMB_SERVER_VALID(sv);
1174 	atomic_inc_32(&sv->sv_files);
1175 }
1176 
1177 void
1178 smb_server_dec_files(smb_server_t *sv)
1179 {
1180 	SMB_SERVER_VALID(sv);
1181 	atomic_dec_32(&sv->sv_files);
1182 }
1183 
1184 void
1185 smb_server_inc_pipes(smb_server_t *sv)
1186 {
1187 	SMB_SERVER_VALID(sv);
1188 	atomic_inc_32(&sv->sv_pipes);
1189 }
1190 
1191 void
1192 smb_server_dec_pipes(smb_server_t *sv)
1193 {
1194 	SMB_SERVER_VALID(sv);
1195 	atomic_dec_32(&sv->sv_pipes);
1196 }
1197 
1198 void
1199 smb_server_add_rxb(smb_server_t *sv, int64_t value)
1200 {
1201 	SMB_SERVER_VALID(sv);
1202 	atomic_add_64(&sv->sv_rxb, value);
1203 }
1204 
1205 void
1206 smb_server_add_txb(smb_server_t *sv, int64_t value)
1207 {
1208 	SMB_SERVER_VALID(sv);
1209 	atomic_add_64(&sv->sv_txb, value);
1210 }
1211 
1212 void
1213 smb_server_inc_req(smb_server_t *sv)
1214 {
1215 	SMB_SERVER_VALID(sv);
1216 	atomic_inc_64(&sv->sv_nreq);
1217 }
1218 
1219 /*
1220  * *****************************************************************************
1221  * *************************** Static Functions ********************************
1222  * *****************************************************************************
1223  */
1224 
1225 static void
1226 smb_server_timers(smb_thread_t *thread, void *arg)
1227 {
1228 	smb_server_t	*sv = (smb_server_t *)arg;
1229 
1230 	ASSERT(sv != NULL);
1231 
1232 	/*
1233 	 * This just kills old inactive sessions.  No urgency.
1234 	 * The session code expects one call per minute.
1235 	 */
1236 	while (smb_thread_continue_timedwait(thread, 60 /* Seconds */)) {
1237 		smb_session_timers(&sv->sv_nbt_daemon.ld_session_list);
1238 		smb_session_timers(&sv->sv_tcp_daemon.ld_session_list);
1239 	}
1240 }
1241 
1242 /*
1243  * smb_server_kstat_init
1244  */
1245 static void
1246 smb_server_kstat_init(smb_server_t *sv)
1247 {
1248 
1249 	sv->sv_ksp = kstat_create_zone(SMBSRV_KSTAT_MODULE, 0,
1250 	    SMBSRV_KSTAT_STATISTICS, SMBSRV_KSTAT_CLASS, KSTAT_TYPE_RAW,
1251 	    sizeof (smbsrv_kstats_t), 0, sv->sv_zid);
1252 
1253 	if (sv->sv_ksp != NULL) {
1254 		sv->sv_ksp->ks_update = smb_server_kstat_update;
1255 		sv->sv_ksp->ks_private = sv;
1256 		((smbsrv_kstats_t *)sv->sv_ksp->ks_data)->ks_start_time =
1257 		    sv->sv_start_time;
1258 		smb_dispatch_stats_init(sv);
1259 		kstat_install(sv->sv_ksp);
1260 	} else {
1261 		cmn_err(CE_WARN, "SMB Server: Statistics unavailable");
1262 	}
1263 
1264 	sv->sv_legacy_ksp = kstat_create_zone(SMBSRV_KSTAT_MODULE, 0,
1265 	    SMBSRV_KSTAT_NAME, SMBSRV_KSTAT_CLASS, KSTAT_TYPE_NAMED,
1266 	    sizeof (smb_server_legacy_kstat_t) / sizeof (kstat_named_t),
1267 	    0, sv->sv_zid);
1268 
1269 	if (sv->sv_legacy_ksp != NULL) {
1270 		smb_server_legacy_kstat_t *ksd;
1271 
1272 		ksd = sv->sv_legacy_ksp->ks_data;
1273 
1274 		(void) strlcpy(ksd->ls_files.name, "open_files",
1275 		    sizeof (ksd->ls_files.name));
1276 		ksd->ls_files.data_type = KSTAT_DATA_UINT32;
1277 
1278 		(void) strlcpy(ksd->ls_trees.name, "connections",
1279 		    sizeof (ksd->ls_trees.name));
1280 		ksd->ls_trees.data_type = KSTAT_DATA_UINT32;
1281 
1282 		(void) strlcpy(ksd->ls_users.name, "connections",
1283 		    sizeof (ksd->ls_users.name));
1284 		ksd->ls_users.data_type = KSTAT_DATA_UINT32;
1285 
1286 		mutex_init(&sv->sv_legacy_ksmtx, NULL, MUTEX_DEFAULT, NULL);
1287 		sv->sv_legacy_ksp->ks_lock = &sv->sv_legacy_ksmtx;
1288 		sv->sv_legacy_ksp->ks_update = smb_server_legacy_kstat_update;
1289 		kstat_install(sv->sv_legacy_ksp);
1290 	}
1291 }
1292 
1293 /*
1294  * smb_server_kstat_fini
1295  */
1296 static void
1297 smb_server_kstat_fini(smb_server_t *sv)
1298 {
1299 	if (sv->sv_legacy_ksp != NULL) {
1300 		kstat_delete(sv->sv_legacy_ksp);
1301 		mutex_destroy(&sv->sv_legacy_ksmtx);
1302 		sv->sv_legacy_ksp = NULL;
1303 	}
1304 
1305 	if (sv->sv_ksp != NULL) {
1306 		kstat_delete(sv->sv_ksp);
1307 		sv->sv_ksp = NULL;
1308 		smb_dispatch_stats_fini(sv);
1309 	}
1310 }
1311 
1312 /*
1313  * smb_server_kstat_update
1314  */
1315 static int
1316 smb_server_kstat_update(kstat_t *ksp, int rw)
1317 {
1318 	smb_server_t	*sv;
1319 	smbsrv_kstats_t	*ksd;
1320 
1321 	if (rw == KSTAT_READ) {
1322 		sv = ksp->ks_private;
1323 		SMB_SERVER_VALID(sv);
1324 		ksd = (smbsrv_kstats_t *)ksp->ks_data;
1325 		/*
1326 		 * Counters
1327 		 */
1328 		ksd->ks_nbt_sess = sv->sv_nbt_sess;
1329 		ksd->ks_tcp_sess = sv->sv_tcp_sess;
1330 		ksd->ks_users = sv->sv_users;
1331 		ksd->ks_trees = sv->sv_trees;
1332 		ksd->ks_files = sv->sv_files;
1333 		ksd->ks_pipes = sv->sv_pipes;
1334 		/*
1335 		 * Throughput
1336 		 */
1337 		ksd->ks_txb = sv->sv_txb;
1338 		ksd->ks_rxb = sv->sv_rxb;
1339 		ksd->ks_nreq = sv->sv_nreq;
1340 		/*
1341 		 * Busyness
1342 		 */
1343 		ksd->ks_maxreqs = sv->sv_cfg.skc_maxworkers;
1344 		smb_srqueue_update(&sv->sv_srqueue,
1345 		    &ksd->ks_utilization);
1346 		/*
1347 		 * Latency & Throughput of the requests
1348 		 */
1349 		smb_dispatch_stats_update(sv, ksd->ks_reqs, 0, SMB_COM_NUM);
1350 		return (0);
1351 	}
1352 	if (rw == KSTAT_WRITE)
1353 		return (EACCES);
1354 
1355 	return (EIO);
1356 }
1357 
1358 static int
1359 smb_server_legacy_kstat_update(kstat_t *ksp, int rw)
1360 {
1361 	smb_server_t			*sv;
1362 	smb_server_legacy_kstat_t	*ksd;
1363 	int				rc;
1364 
1365 	switch (rw) {
1366 	case KSTAT_WRITE:
1367 		rc = EACCES;
1368 		break;
1369 	case KSTAT_READ:
1370 		if (!smb_server_lookup(&sv)) {
1371 			ASSERT(MUTEX_HELD(ksp->ks_lock));
1372 			ASSERT(sv->sv_legacy_ksp == ksp);
1373 			ksd = (smb_server_legacy_kstat_t *)ksp->ks_data;
1374 			ksd->ls_files.value.ui32 = sv->sv_files + sv->sv_pipes;
1375 			ksd->ls_trees.value.ui32 = sv->sv_trees;
1376 			ksd->ls_users.value.ui32 = sv->sv_users;
1377 			smb_server_release(sv);
1378 			rc = 0;
1379 			break;
1380 		}
1381 		_NOTE(FALLTHRU)
1382 	default:
1383 		rc = EIO;
1384 		break;
1385 	}
1386 	return (rc);
1387 
1388 }
1389 
1390 /*
1391  * smb_server_shutdown
1392  */
1393 static void
1394 smb_server_shutdown(smb_server_t *sv)
1395 {
1396 	SMB_SERVER_VALID(sv);
1397 
1398 	/*
1399 	 * Stop the listeners first, so we don't get any more
1400 	 * new work while we're trying to shut down.
1401 	 */
1402 	smb_server_listener_stop(&sv->sv_nbt_daemon);
1403 	smb_server_listener_stop(&sv->sv_tcp_daemon);
1404 	smb_thread_stop(&sv->si_thread_timers);
1405 
1406 	/*
1407 	 * Wake up any threads we might have blocked.
1408 	 * Must precede kdoor_close etc. because those will
1409 	 * wait for such threads to get out.
1410 	 */
1411 	smb_event_cancel(sv, 0);
1412 	smb_threshold_wake_all(&sv->sv_ssetup_ct);
1413 	smb_threshold_wake_all(&sv->sv_tcon_ct);
1414 	smb_threshold_wake_all(&sv->sv_opipe_ct);
1415 
1416 	smb_opipe_door_close(sv);
1417 	smb_kdoor_close(sv);
1418 #ifdef	_KERNEL
1419 	smb_kshare_door_fini(sv->sv_lmshrd);
1420 #endif	/* _KERNEL */
1421 	sv->sv_lmshrd = NULL;
1422 
1423 	smb_export_stop(sv);
1424 
1425 	if (sv->sv_session != NULL) {
1426 		/*
1427 		 * smb_kshare_export may have a request on here.
1428 		 * Normal sessions do this in smb_session_cancel()
1429 		 * but this is a "fake" session used only for the
1430 		 * requests used by the kshare thread(s).
1431 		 */
1432 		smb_slist_wait_for_empty(&sv->sv_session->s_req_list);
1433 
1434 		smb_session_delete(sv->sv_session);
1435 		sv->sv_session = NULL;
1436 	}
1437 
1438 	if (sv->sv_receiver_pool != NULL) {
1439 		taskq_destroy(sv->sv_receiver_pool);
1440 		sv->sv_receiver_pool = NULL;
1441 	}
1442 
1443 	if (sv->sv_worker_pool != NULL) {
1444 		taskq_destroy(sv->sv_worker_pool);
1445 		sv->sv_worker_pool = NULL;
1446 	}
1447 
1448 	smb_kshare_stop(sv);
1449 	smb_server_fsop_stop(sv);
1450 }
1451 
1452 /*
1453  * smb_server_listener_init
1454  *
1455  * Initializes listener contexts.
1456  */
1457 static void
1458 smb_server_listener_init(
1459     smb_server_t		*sv,
1460     smb_listener_daemon_t	*ld,
1461     char			*name,
1462     in_port_t			port,
1463     int				family)
1464 {
1465 	ASSERT(ld->ld_magic != SMB_LISTENER_MAGIC);
1466 
1467 	bzero(ld, sizeof (*ld));
1468 
1469 	ld->ld_sv = sv;
1470 	ld->ld_family = family;
1471 	ld->ld_port = port;
1472 
1473 	if (family == AF_INET) {
1474 		ld->ld_sin.sin_family = (uint32_t)family;
1475 		ld->ld_sin.sin_port = htons(port);
1476 		ld->ld_sin.sin_addr.s_addr = htonl(INADDR_ANY);
1477 	} else {
1478 		ld->ld_sin6.sin6_family = (uint32_t)family;
1479 		ld->ld_sin6.sin6_port = htons(port);
1480 		(void) memset(&ld->ld_sin6.sin6_addr.s6_addr, 0,
1481 		    sizeof (ld->ld_sin6.sin6_addr.s6_addr));
1482 	}
1483 
1484 	smb_llist_constructor(&ld->ld_session_list, sizeof (smb_session_t),
1485 	    offsetof(smb_session_t, s_lnd));
1486 	smb_thread_init(&ld->ld_thread, name, smb_server_listener, ld,
1487 	    smbsrv_listen_pri);
1488 	ld->ld_magic = SMB_LISTENER_MAGIC;
1489 }
1490 
1491 /*
1492  * smb_server_listener_destroy
1493  *
1494  * Destroyes listener contexts.
1495  */
1496 static void
1497 smb_server_listener_destroy(smb_listener_daemon_t *ld)
1498 {
1499 	/*
1500 	 * Note that if startup fails early, we can legitimately
1501 	 * get here with an all-zeros object.
1502 	 */
1503 	if (ld->ld_magic == 0)
1504 		return;
1505 
1506 	SMB_LISTENER_VALID(ld);
1507 	ASSERT(ld->ld_so == NULL);
1508 	smb_thread_destroy(&ld->ld_thread);
1509 	smb_llist_destructor(&ld->ld_session_list);
1510 	ld->ld_magic = 0;
1511 }
1512 
1513 /*
1514  * smb_server_listener_start
1515  *
1516  * Starts the listener associated with the context passed in.
1517  *
1518  * Return:	0	Success
1519  *		not 0	Failure
1520  */
1521 static int
1522 smb_server_listener_start(smb_listener_daemon_t *ld)
1523 {
1524 	int		rc;
1525 	uint32_t	on;
1526 	uint32_t	off;
1527 
1528 	SMB_LISTENER_VALID(ld);
1529 
1530 	if (ld->ld_so != NULL)
1531 		return (EINVAL);
1532 
1533 	ld->ld_so = smb_socreate(ld->ld_family, SOCK_STREAM, 0);
1534 	if (ld->ld_so == NULL) {
1535 		cmn_err(CE_WARN, "port %d: socket create failed", ld->ld_port);
1536 		return (ENOMEM);
1537 	}
1538 
1539 	off = 0;
1540 	(void) ksocket_setsockopt(ld->ld_so, SOL_SOCKET,
1541 	    SO_MAC_EXEMPT, &off, sizeof (off), CRED());
1542 
1543 	on = 1;
1544 	(void) ksocket_setsockopt(ld->ld_so, SOL_SOCKET,
1545 	    SO_REUSEADDR, &on, sizeof (on), CRED());
1546 
1547 	if (ld->ld_family == AF_INET) {
1548 		rc = ksocket_bind(ld->ld_so,
1549 		    (struct sockaddr *)&ld->ld_sin,
1550 		    sizeof (ld->ld_sin), CRED());
1551 	} else {
1552 		rc = ksocket_bind(ld->ld_so,
1553 		    (struct sockaddr *)&ld->ld_sin6,
1554 		    sizeof (ld->ld_sin6), CRED());
1555 	}
1556 
1557 	if (rc != 0) {
1558 		cmn_err(CE_WARN, "port %d: bind failed", ld->ld_port);
1559 		return (rc);
1560 	}
1561 
1562 	rc =  ksocket_listen(ld->ld_so, 20, CRED());
1563 	if (rc < 0) {
1564 		cmn_err(CE_WARN, "port %d: listen failed", ld->ld_port);
1565 		return (rc);
1566 	}
1567 
1568 	ksocket_hold(ld->ld_so);
1569 	rc = smb_thread_start(&ld->ld_thread);
1570 	if (rc != 0) {
1571 		ksocket_rele(ld->ld_so);
1572 		cmn_err(CE_WARN, "port %d: listener failed to start",
1573 		    ld->ld_port);
1574 		return (rc);
1575 	}
1576 	return (0);
1577 }
1578 
1579 /*
1580  * smb_server_listener_stop
1581  *
1582  * Stops the listener associated with the context passed in.
1583  */
1584 static void
1585 smb_server_listener_stop(smb_listener_daemon_t *ld)
1586 {
1587 	SMB_LISTENER_VALID(ld);
1588 
1589 	if (ld->ld_so != NULL) {
1590 		smb_soshutdown(ld->ld_so);
1591 		smb_sodestroy(ld->ld_so);
1592 		smb_thread_stop(&ld->ld_thread);
1593 		ld->ld_so = NULL;
1594 	}
1595 }
1596 
1597 /*
1598  * smb_server_listener
1599  *
1600  * Entry point of the listeners.
1601  */
1602 static void
1603 smb_server_listener(smb_thread_t *thread, void *arg)
1604 {
1605 	_NOTE(ARGUNUSED(thread))
1606 	smb_listener_daemon_t	*ld;
1607 	smb_session_t		*session;
1608 	ksocket_t		s_so;
1609 	int			on;
1610 	int			txbuf_size;
1611 
1612 	ld = (smb_listener_daemon_t *)arg;
1613 
1614 	SMB_LISTENER_VALID(ld);
1615 
1616 	DTRACE_PROBE1(so__wait__accept, struct sonode *, ld->ld_so);
1617 
1618 	while (ksocket_accept(ld->ld_so, NULL, NULL, &s_so, CRED())
1619 	    == 0) {
1620 		DTRACE_PROBE1(so__accept, struct sonode *, s_so);
1621 
1622 		on = 1;
1623 		(void) ksocket_setsockopt(s_so, IPPROTO_TCP, TCP_NODELAY,
1624 		    &on, sizeof (on), CRED());
1625 
1626 		on = 1;
1627 		(void) ksocket_setsockopt(s_so, SOL_SOCKET, SO_KEEPALIVE,
1628 		    &on, sizeof (on), CRED());
1629 
1630 		txbuf_size = 128*1024;
1631 		(void) ksocket_setsockopt(s_so, SOL_SOCKET, SO_SNDBUF,
1632 		    (const void *)&txbuf_size, sizeof (txbuf_size), CRED());
1633 
1634 		/*
1635 		 * Create a session for this connection.
1636 		 */
1637 		smb_server_create_session(ld, s_so);
1638 	}
1639 	/* Disconnect all the sessions this listener created. */
1640 	smb_llist_enter(&ld->ld_session_list, RW_READER);
1641 	session = smb_llist_head(&ld->ld_session_list);
1642 	while (session != NULL) {
1643 		smb_session_disconnect(session);
1644 		session = smb_llist_next(&ld->ld_session_list, session);
1645 	}
1646 	smb_llist_exit(&ld->ld_session_list);
1647 	ksocket_rele(ld->ld_so);
1648 }
1649 
1650 /*
1651  * smb_server_receiver
1652  *
1653  * Entry point of the receiver threads.
1654  */
1655 static void
1656 smb_server_receiver(void *arg)
1657 {
1658 	smb_listener_daemon_t	*ld;
1659 	smb_session_t		*session;
1660 
1661 	ld = ((smb_receiver_arg_t *)arg)->ra_listener;
1662 	session = ((smb_receiver_arg_t *)arg)->ra_session;
1663 	smb_mem_free(arg);
1664 	smb_session_receiver(session);
1665 	smb_server_destroy_session(ld, session);
1666 }
1667 
1668 /*
1669  * smb_server_lookup
1670  *
1671  * This function finds the server associated with the zone of the
1672  * caller.  Note: requires a fix in the dynamic taskq code:
1673  * 1501 taskq_create_proc ... TQ_DYNAMIC puts tasks in p0
1674  */
1675 int
1676 smb_server_lookup(smb_server_t **psv)
1677 {
1678 	zoneid_t	zid;
1679 	smb_server_t	*sv;
1680 
1681 	zid = getzoneid();
1682 
1683 	smb_llist_enter(&smb_servers, RW_READER);
1684 	sv = smb_llist_head(&smb_servers);
1685 	while (sv) {
1686 		SMB_SERVER_VALID(sv);
1687 		if (sv->sv_zid == zid) {
1688 			mutex_enter(&sv->sv_mutex);
1689 			if (sv->sv_state != SMB_SERVER_STATE_DELETING) {
1690 				sv->sv_refcnt++;
1691 				mutex_exit(&sv->sv_mutex);
1692 				smb_llist_exit(&smb_servers);
1693 				*psv = sv;
1694 				return (0);
1695 			}
1696 			mutex_exit(&sv->sv_mutex);
1697 			break;
1698 		}
1699 		sv = smb_llist_next(&smb_servers, sv);
1700 	}
1701 	smb_llist_exit(&smb_servers);
1702 	return (EPERM);
1703 }
1704 
1705 /*
1706  * smb_server_release
1707  *
1708  * This function decrements the reference count of the server and signals its
1709  * condition variable if the state of the server is SMB_SERVER_STATE_DELETING.
1710  */
1711 void
1712 smb_server_release(smb_server_t *sv)
1713 {
1714 	SMB_SERVER_VALID(sv);
1715 
1716 	mutex_enter(&sv->sv_mutex);
1717 	ASSERT(sv->sv_refcnt);
1718 	sv->sv_refcnt--;
1719 	if ((sv->sv_refcnt == 0) && (sv->sv_state == SMB_SERVER_STATE_DELETING))
1720 		cv_signal(&sv->sv_cv);
1721 	mutex_exit(&sv->sv_mutex);
1722 }
1723 
1724 /*
1725  * Enumerate the users associated with a session list.
1726  */
1727 static void
1728 smb_server_enum_users(smb_llist_t *ll, smb_svcenum_t *svcenum)
1729 {
1730 	smb_session_t	*sn;
1731 	smb_llist_t	*ulist;
1732 	smb_user_t	*user;
1733 	int		rc = 0;
1734 
1735 	smb_llist_enter(ll, RW_READER);
1736 	sn = smb_llist_head(ll);
1737 
1738 	while (sn != NULL) {
1739 		SMB_SESSION_VALID(sn);
1740 		ulist = &sn->s_user_list;
1741 		smb_llist_enter(ulist, RW_READER);
1742 		user = smb_llist_head(ulist);
1743 
1744 		while (user != NULL) {
1745 			if (smb_user_hold(user)) {
1746 				rc = smb_user_enum(user, svcenum);
1747 				smb_user_release(user);
1748 				if (rc != 0)
1749 					break;
1750 			}
1751 
1752 			user = smb_llist_next(ulist, user);
1753 		}
1754 
1755 		smb_llist_exit(ulist);
1756 
1757 		if (rc != 0)
1758 			break;
1759 
1760 		sn = smb_llist_next(ll, sn);
1761 	}
1762 
1763 	smb_llist_exit(ll);
1764 }
1765 
1766 /*
1767  * Enumerate the trees/files associated with a session list.
1768  */
1769 static void
1770 smb_server_enum_trees(smb_llist_t *ll, smb_svcenum_t *svcenum)
1771 {
1772 	smb_session_t	*sn;
1773 	smb_llist_t	*tlist;
1774 	smb_tree_t	*tree;
1775 	int		rc = 0;
1776 
1777 	smb_llist_enter(ll, RW_READER);
1778 	sn = smb_llist_head(ll);
1779 
1780 	while (sn != NULL) {
1781 		SMB_SESSION_VALID(sn);
1782 		tlist = &sn->s_tree_list;
1783 		smb_llist_enter(tlist, RW_READER);
1784 		tree = smb_llist_head(tlist);
1785 
1786 		while (tree != NULL) {
1787 			if (smb_tree_hold(tree)) {
1788 				rc = smb_tree_enum(tree, svcenum);
1789 				smb_tree_release(tree);
1790 				if (rc != 0)
1791 					break;
1792 			}
1793 
1794 			tree = smb_llist_next(tlist, tree);
1795 		}
1796 
1797 		smb_llist_exit(tlist);
1798 
1799 		if (rc != 0)
1800 			break;
1801 
1802 		sn = smb_llist_next(ll, sn);
1803 	}
1804 
1805 	smb_llist_exit(ll);
1806 }
1807 
1808 /*
1809  * Disconnect sessions associated with the specified client and username.
1810  * Empty strings are treated as wildcards.
1811  */
1812 static int
1813 smb_server_session_disconnect(smb_llist_t *ll,
1814     const char *client, const char *name)
1815 {
1816 	smb_session_t	*sn;
1817 	smb_llist_t	*ulist;
1818 	smb_user_t	*user;
1819 	boolean_t	match;
1820 	int		count = 0;
1821 
1822 	smb_llist_enter(ll, RW_READER);
1823 	sn = smb_llist_head(ll);
1824 
1825 	while (sn != NULL) {
1826 		SMB_SESSION_VALID(sn);
1827 
1828 		if ((*client != '\0') && (!smb_session_isclient(sn, client))) {
1829 			sn = smb_llist_next(ll, sn);
1830 			continue;
1831 		}
1832 
1833 		ulist = &sn->s_user_list;
1834 		smb_llist_enter(ulist, RW_READER);
1835 		user = smb_llist_head(ulist);
1836 
1837 		while (user != NULL) {
1838 			if (smb_user_hold(user)) {
1839 				match = (*name == '\0');
1840 				if (!match)
1841 					match = smb_user_namecmp(user, name);
1842 
1843 				if (match) {
1844 					smb_llist_exit(ulist);
1845 					smb_user_logoff(user);
1846 					++count;
1847 					smb_user_release(user);
1848 					smb_llist_enter(ulist, RW_READER);
1849 					user = smb_llist_head(ulist);
1850 					continue;
1851 				}
1852 
1853 				smb_user_release(user);
1854 			}
1855 
1856 			user = smb_llist_next(ulist, user);
1857 		}
1858 
1859 		smb_llist_exit(ulist);
1860 		sn = smb_llist_next(ll, sn);
1861 	}
1862 
1863 	smb_llist_exit(ll);
1864 	return (count);
1865 }
1866 
1867 /*
1868  * Close a file by its unique id.
1869  */
1870 static int
1871 smb_server_fclose(smb_llist_t *ll, uint32_t uniqid)
1872 {
1873 	smb_session_t	*sn;
1874 	smb_llist_t	*tlist;
1875 	smb_tree_t	*tree;
1876 	int		rc = ENOENT;
1877 
1878 	smb_llist_enter(ll, RW_READER);
1879 	sn = smb_llist_head(ll);
1880 
1881 	while ((sn != NULL) && (rc == ENOENT)) {
1882 		SMB_SESSION_VALID(sn);
1883 		tlist = &sn->s_tree_list;
1884 		smb_llist_enter(tlist, RW_READER);
1885 		tree = smb_llist_head(tlist);
1886 
1887 		while ((tree != NULL) && (rc == ENOENT)) {
1888 			if (smb_tree_hold(tree)) {
1889 				rc = smb_tree_fclose(tree, uniqid);
1890 				smb_tree_release(tree);
1891 			}
1892 
1893 			tree = smb_llist_next(tlist, tree);
1894 		}
1895 
1896 		smb_llist_exit(tlist);
1897 		sn = smb_llist_next(ll, sn);
1898 	}
1899 
1900 	smb_llist_exit(ll);
1901 	return (rc);
1902 }
1903 
1904 static void
1905 smb_server_store_cfg(smb_server_t *sv, smb_ioc_cfg_t *ioc)
1906 {
1907 	if (ioc->maxconnections == 0)
1908 		ioc->maxconnections = 0xFFFFFFFF;
1909 
1910 	smb_session_correct_keep_alive_values(
1911 	    &sv->sv_nbt_daemon.ld_session_list, ioc->keepalive);
1912 	smb_session_correct_keep_alive_values(
1913 	    &sv->sv_tcp_daemon.ld_session_list, ioc->keepalive);
1914 
1915 	sv->sv_cfg.skc_maxworkers = ioc->maxworkers;
1916 	sv->sv_cfg.skc_maxconnections = ioc->maxconnections;
1917 	sv->sv_cfg.skc_keepalive = ioc->keepalive;
1918 	sv->sv_cfg.skc_restrict_anon = ioc->restrict_anon;
1919 	sv->sv_cfg.skc_signing_enable = ioc->signing_enable;
1920 	sv->sv_cfg.skc_signing_required = ioc->signing_required;
1921 	sv->sv_cfg.skc_oplock_enable = ioc->oplock_enable;
1922 	sv->sv_cfg.skc_sync_enable = ioc->sync_enable;
1923 	sv->sv_cfg.skc_secmode = ioc->secmode;
1924 	sv->sv_cfg.skc_ipv6_enable = ioc->ipv6_enable;
1925 	sv->sv_cfg.skc_print_enable = ioc->print_enable;
1926 	sv->sv_cfg.skc_traverse_mounts = ioc->traverse_mounts;
1927 	sv->sv_cfg.skc_netbios_enable = ioc->netbios_enable;
1928 	sv->sv_cfg.skc_execflags = ioc->exec_flags;
1929 	sv->sv_cfg.skc_version = ioc->version;
1930 	(void) strlcpy(sv->sv_cfg.skc_nbdomain, ioc->nbdomain,
1931 	    sizeof (sv->sv_cfg.skc_nbdomain));
1932 	(void) strlcpy(sv->sv_cfg.skc_fqdn, ioc->fqdn,
1933 	    sizeof (sv->sv_cfg.skc_fqdn));
1934 	(void) strlcpy(sv->sv_cfg.skc_hostname, ioc->hostname,
1935 	    sizeof (sv->sv_cfg.skc_hostname));
1936 	(void) strlcpy(sv->sv_cfg.skc_system_comment, ioc->system_comment,
1937 	    sizeof (sv->sv_cfg.skc_system_comment));
1938 }
1939 
1940 static int
1941 smb_server_fsop_start(smb_server_t *sv)
1942 {
1943 	int	error;
1944 
1945 	error = smb_node_root_init(sv, &sv->si_root_smb_node);
1946 	if (error != 0)
1947 		sv->si_root_smb_node = NULL;
1948 
1949 	return (error);
1950 }
1951 
1952 static void
1953 smb_server_fsop_stop(smb_server_t *sv)
1954 {
1955 	if (sv->si_root_smb_node != NULL) {
1956 		smb_node_release(sv->si_root_smb_node);
1957 		sv->si_root_smb_node = NULL;
1958 	}
1959 }
1960 
1961 smb_event_t *
1962 smb_event_create(smb_server_t *sv, int timeout)
1963 {
1964 	smb_event_t	*event;
1965 
1966 	if (smb_server_is_stopping(sv))
1967 		return (NULL);
1968 
1969 	event = kmem_cache_alloc(smb_cache_event, KM_SLEEP);
1970 
1971 	bzero(event, sizeof (smb_event_t));
1972 	mutex_init(&event->se_mutex, NULL, MUTEX_DEFAULT, NULL);
1973 	cv_init(&event->se_cv, NULL, CV_DEFAULT, NULL);
1974 	event->se_magic = SMB_EVENT_MAGIC;
1975 	event->se_txid = smb_event_alloc_txid();
1976 	event->se_server = sv;
1977 	event->se_timeout = timeout;
1978 
1979 	smb_llist_enter(&sv->sv_event_list, RW_WRITER);
1980 	smb_llist_insert_tail(&sv->sv_event_list, event);
1981 	smb_llist_exit(&sv->sv_event_list);
1982 
1983 	return (event);
1984 }
1985 
1986 void
1987 smb_event_destroy(smb_event_t *event)
1988 {
1989 	smb_server_t	*sv;
1990 
1991 	if (event == NULL)
1992 		return;
1993 
1994 	SMB_EVENT_VALID(event);
1995 	ASSERT(event->se_waittime == 0);
1996 	sv = event->se_server;
1997 	SMB_SERVER_VALID(sv);
1998 
1999 	smb_llist_enter(&sv->sv_event_list, RW_WRITER);
2000 	smb_llist_remove(&sv->sv_event_list, event);
2001 	smb_llist_exit(&sv->sv_event_list);
2002 
2003 	event->se_magic = (uint32_t)~SMB_EVENT_MAGIC;
2004 	cv_destroy(&event->se_cv);
2005 	mutex_destroy(&event->se_mutex);
2006 
2007 	kmem_cache_free(smb_cache_event, event);
2008 }
2009 
2010 /*
2011  * Get the txid for the specified event.
2012  */
2013 uint32_t
2014 smb_event_txid(smb_event_t *event)
2015 {
2016 	if (event != NULL) {
2017 		SMB_EVENT_VALID(event);
2018 		return (event->se_txid);
2019 	}
2020 
2021 	cmn_err(CE_NOTE, "smb_event_txid failed");
2022 	return ((uint32_t)-1);
2023 }
2024 
2025 /*
2026  * Wait for event notification.
2027  */
2028 int
2029 smb_event_wait(smb_event_t *event)
2030 {
2031 	int	seconds = 1;
2032 	int	ticks;
2033 	int	err;
2034 
2035 	if (event == NULL)
2036 		return (EINVAL);
2037 
2038 	SMB_EVENT_VALID(event);
2039 
2040 	mutex_enter(&event->se_mutex);
2041 	event->se_waittime = 1;
2042 	event->se_errno = 0;
2043 
2044 	while (!(event->se_notified)) {
2045 		if (smb_event_debug && ((event->se_waittime % 30) == 0))
2046 			cmn_err(CE_NOTE, "smb_event_wait[%d] (%d sec)",
2047 			    event->se_txid, event->se_waittime);
2048 
2049 		if (event->se_errno != 0)
2050 			break;
2051 
2052 		if (event->se_waittime > event->se_timeout) {
2053 			event->se_errno = ETIME;
2054 			break;
2055 		}
2056 
2057 		ticks = SEC_TO_TICK(seconds);
2058 		(void) cv_reltimedwait(&event->se_cv,
2059 		    &event->se_mutex, (clock_t)ticks, TR_CLOCK_TICK);
2060 		++event->se_waittime;
2061 	}
2062 
2063 	err = event->se_errno;
2064 	event->se_waittime = 0;
2065 	event->se_notified = B_FALSE;
2066 	cv_signal(&event->se_cv);
2067 	mutex_exit(&event->se_mutex);
2068 	return (err);
2069 }
2070 
2071 /*
2072  * If txid is non-zero, cancel the specified event.
2073  * Otherwise, cancel all events.
2074  */
2075 static void
2076 smb_event_cancel(smb_server_t *sv, uint32_t txid)
2077 {
2078 	smb_event_t	*event;
2079 	smb_llist_t	*event_list;
2080 
2081 	SMB_SERVER_VALID(sv);
2082 
2083 	event_list = &sv->sv_event_list;
2084 	smb_llist_enter(event_list, RW_WRITER);
2085 
2086 	event = smb_llist_head(event_list);
2087 	while (event) {
2088 		SMB_EVENT_VALID(event);
2089 
2090 		if (txid == 0 || event->se_txid == txid) {
2091 			mutex_enter(&event->se_mutex);
2092 			event->se_errno = ECANCELED;
2093 			event->se_notified = B_TRUE;
2094 			cv_signal(&event->se_cv);
2095 			mutex_exit(&event->se_mutex);
2096 
2097 			if (txid != 0)
2098 				break;
2099 		}
2100 
2101 		event = smb_llist_next(event_list, event);
2102 	}
2103 
2104 	smb_llist_exit(event_list);
2105 }
2106 
2107 /*
2108  * If txid is non-zero, notify the specified event.
2109  * Otherwise, notify all events.
2110  */
2111 void
2112 smb_event_notify(smb_server_t *sv, uint32_t txid)
2113 {
2114 	smb_event_t	*event;
2115 	smb_llist_t	*event_list;
2116 
2117 	SMB_SERVER_VALID(sv);
2118 
2119 	event_list = &sv->sv_event_list;
2120 	smb_llist_enter(event_list, RW_READER);
2121 
2122 	event = smb_llist_head(event_list);
2123 	while (event) {
2124 		SMB_EVENT_VALID(event);
2125 
2126 		if (txid == 0 || event->se_txid == txid) {
2127 			mutex_enter(&event->se_mutex);
2128 			event->se_notified = B_TRUE;
2129 			cv_signal(&event->se_cv);
2130 			mutex_exit(&event->se_mutex);
2131 
2132 			if (txid != 0)
2133 				break;
2134 		}
2135 
2136 		event = smb_llist_next(event_list, event);
2137 	}
2138 
2139 	smb_llist_exit(event_list);
2140 }
2141 
2142 /*
2143  * Allocate a new transaction id (txid).
2144  *
2145  * 0 or -1 are not assigned because they are used to detect invalid
2146  * conditions or to indicate all open id's.
2147  */
2148 static uint32_t
2149 smb_event_alloc_txid(void)
2150 {
2151 	static kmutex_t	txmutex;
2152 	static uint32_t	txid;
2153 	uint32_t	txid_ret;
2154 
2155 	mutex_enter(&txmutex);
2156 
2157 	if (txid == 0)
2158 		txid = ddi_get_lbolt() << 11;
2159 
2160 	do {
2161 		++txid;
2162 	} while (txid == 0 || txid == (uint32_t)-1);
2163 
2164 	txid_ret = txid;
2165 	mutex_exit(&txmutex);
2166 
2167 	return (txid_ret);
2168 }
2169 
2170 /*
2171  * Called by the ioctl to find the corresponding
2172  * spooldoc node.  removes node on success
2173  *
2174  * Return values
2175  * rc
2176  * B_FALSE - not found
2177  * B_TRUE  - found
2178  *
2179  */
2180 
2181 static boolean_t
2182 smb_spool_lookup_doc_byfid(smb_server_t *sv, uint16_t fid,
2183     smb_kspooldoc_t *spdoc)
2184 {
2185 	smb_kspooldoc_t *sp;
2186 	smb_llist_t	*splist;
2187 
2188 	splist = &sv->sp_info.sp_list;
2189 	smb_llist_enter(splist, RW_WRITER);
2190 	sp = smb_llist_head(splist);
2191 	while (sp != NULL) {
2192 		/*
2193 		 * check for a matching fid
2194 		 */
2195 		if (sp->sd_fid == fid) {
2196 			*spdoc = *sp;
2197 			smb_llist_remove(splist, sp);
2198 			smb_llist_exit(splist);
2199 			kmem_free(sp, sizeof (smb_kspooldoc_t));
2200 			return (B_TRUE);
2201 		}
2202 		sp = smb_llist_next(splist, sp);
2203 	}
2204 	cmn_err(CE_WARN, "smb_spool_lookup_user_byfid: no fid:%d", fid);
2205 	smb_llist_exit(splist);
2206 	return (B_FALSE);
2207 }
2208 
2209 /*
2210  * Adds the spool fid to a linked list to be used
2211  * as a search key in the spooldoc queue
2212  *
2213  * Return values
2214  *      rc non-zero error
2215  *	rc zero success
2216  *
2217  */
2218 
2219 void
2220 smb_spool_add_fid(smb_server_t *sv, uint16_t fid)
2221 {
2222 	smb_llist_t	*fidlist;
2223 	smb_spoolfid_t  *sf;
2224 
2225 	if (sv->sv_cfg.skc_print_enable == 0)
2226 		return;
2227 
2228 	sf = kmem_zalloc(sizeof (smb_spoolfid_t), KM_SLEEP);
2229 	fidlist = &sv->sp_info.sp_fidlist;
2230 	smb_llist_enter(fidlist, RW_WRITER);
2231 	sf->sf_fid = fid;
2232 	smb_llist_insert_tail(fidlist, sf);
2233 	smb_llist_exit(fidlist);
2234 	cv_broadcast(&sv->sp_info.sp_cv);
2235 }
2236 
2237 /*
2238  * Called by the ioctl to get and remove the head of the fid list
2239  *
2240  * Return values
2241  * int fd
2242  * greater than 0 success
2243  * 0 - error
2244  *
2245  */
2246 
2247 static uint16_t
2248 smb_spool_get_fid(smb_server_t *sv)
2249 {
2250 	smb_spoolfid_t	*spfid;
2251 	smb_llist_t	*splist;
2252 	uint16_t	fid;
2253 
2254 	splist = &sv->sp_info.sp_fidlist;
2255 	smb_llist_enter(splist, RW_WRITER);
2256 	spfid = smb_llist_head(splist);
2257 	if (spfid != NULL) {
2258 		fid = spfid->sf_fid;
2259 		smb_llist_remove(&sv->sp_info.sp_fidlist, spfid);
2260 		kmem_free(spfid, sizeof (smb_spoolfid_t));
2261 	} else {
2262 		fid = 0;
2263 	}
2264 	smb_llist_exit(splist);
2265 	return (fid);
2266 }
2267 
2268 /*
2269  * Adds the spooldoc to the tail of the spooldoc list
2270  *
2271  * Return values
2272  *      rc non-zero error
2273  *	rc zero success
2274  */
2275 int
2276 smb_spool_add_doc(smb_tree_t *tree, smb_kspooldoc_t *sp)
2277 {
2278 	smb_llist_t	*splist;
2279 	smb_server_t	*sv = tree->t_server;
2280 	int rc = 0;
2281 
2282 	splist = &sv->sp_info.sp_list;
2283 	smb_llist_enter(splist, RW_WRITER);
2284 	sp->sd_spool_num = atomic_inc_32_nv(&sv->sp_info.sp_cnt);
2285 	smb_llist_insert_tail(splist, sp);
2286 	smb_llist_exit(splist);
2287 
2288 	return (rc);
2289 }
2290 
2291 /*
2292  * smb_server_create_session
2293  */
2294 static void
2295 smb_server_create_session(smb_listener_daemon_t *ld, ksocket_t s_so)
2296 {
2297 	smb_session_t		*session;
2298 	smb_receiver_arg_t	*rarg;
2299 	taskqid_t		tqid;
2300 
2301 	session = smb_session_create(s_so, ld->ld_port, ld->ld_sv,
2302 	    ld->ld_family);
2303 
2304 	if (session == NULL) {
2305 		smb_soshutdown(s_so);
2306 		smb_sodestroy(s_so);
2307 		cmn_err(CE_WARN, "SMB Session: alloc failed");
2308 		return;
2309 	}
2310 
2311 	smb_llist_enter(&ld->ld_session_list, RW_WRITER);
2312 	smb_llist_insert_tail(&ld->ld_session_list, session);
2313 	smb_llist_exit(&ld->ld_session_list);
2314 
2315 	rarg = (smb_receiver_arg_t *)smb_mem_alloc(
2316 	    sizeof (smb_receiver_arg_t));
2317 	rarg->ra_listener = ld;
2318 	rarg->ra_session = session;
2319 
2320 	/*
2321 	 * These taskq entries must run independently of one another,
2322 	 * so TQ_NOQUEUE.  TQ_SLEEP (==0) just for clarity.
2323 	 */
2324 	tqid = taskq_dispatch(ld->ld_sv->sv_receiver_pool,
2325 	    smb_server_receiver, rarg, TQ_NOQUEUE | TQ_SLEEP);
2326 	if (tqid == 0) {
2327 		smb_mem_free(rarg);
2328 		smb_session_disconnect(session);
2329 		smb_server_destroy_session(ld, session);
2330 		cmn_err(CE_WARN, "SMB Session: taskq_dispatch failed");
2331 		return;
2332 	}
2333 	/* handy for debugging */
2334 	session->s_receiver_tqid = tqid;
2335 }
2336 
2337 static void
2338 smb_server_destroy_session(smb_listener_daemon_t *ld, smb_session_t *session)
2339 {
2340 	smb_llist_enter(&ld->ld_session_list, RW_WRITER);
2341 	smb_llist_remove(&ld->ld_session_list, session);
2342 	smb_llist_exit(&ld->ld_session_list);
2343 	smb_session_delete(session);
2344 }
2345