xref: /titanic_52/usr/src/uts/common/fs/smbsrv/smb_session.c (revision f6e214c7418f43af38bd8c3a557e3d0a1d311cfa)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23  */
24 #include <sys/atomic.h>
25 #include <sys/strsubr.h>
26 #include <sys/synch.h>
27 #include <sys/types.h>
28 #include <sys/socketvar.h>
29 #include <sys/sdt.h>
30 #include <smbsrv/netbios.h>
31 #include <smbsrv/smb_kproto.h>
32 #include <smbsrv/string.h>
33 #include <inet/tcp.h>
34 
35 static volatile uint64_t smb_kids;
36 
37 uint32_t smb_keep_alive = SSN_KEEP_ALIVE_TIMEOUT;
38 
39 static void smb_session_cancel(smb_session_t *);
40 static int smb_session_message(smb_session_t *);
41 static int smb_session_xprt_puthdr(smb_session_t *, smb_xprt_t *,
42     uint8_t *, size_t);
43 static smb_user_t *smb_session_lookup_user(smb_session_t *, char *, char *);
44 static void smb_session_logoff(smb_session_t *);
45 static void smb_request_init_command_mbuf(smb_request_t *sr);
46 void dump_smb_inaddr(smb_inaddr_t *ipaddr);
47 
48 void
49 smb_session_timers(smb_session_list_t *se)
50 {
51 	smb_session_t	*session;
52 
53 	rw_enter(&se->se_lock, RW_READER);
54 	session = list_head(&se->se_act.lst);
55 	while (session) {
56 		/*
57 		 * Walk through the table and decrement each keep_alive
58 		 * timer that has not timed out yet. (keepalive > 0)
59 		 */
60 		ASSERT(session->s_magic == SMB_SESSION_MAGIC);
61 		if (session->keep_alive &&
62 		    (session->keep_alive != (uint32_t)-1))
63 			session->keep_alive--;
64 		session = list_next(&se->se_act.lst, session);
65 	}
66 	rw_exit(&se->se_lock);
67 }
68 
69 void
70 smb_session_correct_keep_alive_values(
71     smb_session_list_t	*se,
72     uint32_t		new_keep_alive)
73 {
74 	smb_session_t		*sn;
75 
76 	if (new_keep_alive == smb_keep_alive)
77 		return;
78 	/*
79 	 * keep alive == 0 means do not drop connection if it's idle
80 	 */
81 	smb_keep_alive = (new_keep_alive) ? new_keep_alive : -1;
82 
83 	/*
84 	 * Walk through the table and set each session to the new keep_alive
85 	 * value if they have not already timed out.  Block clock interrupts.
86 	 */
87 	rw_enter(&se->se_lock, RW_READER);
88 	sn = list_head(&se->se_rdy.lst);
89 	while (sn) {
90 		ASSERT(sn->s_magic == SMB_SESSION_MAGIC);
91 		sn->keep_alive = new_keep_alive;
92 		sn = list_next(&se->se_rdy.lst, sn);
93 	}
94 	sn = list_head(&se->se_act.lst);
95 	while (sn) {
96 		ASSERT(sn->s_magic == SMB_SESSION_MAGIC);
97 		if (sn->keep_alive)
98 			sn->keep_alive = new_keep_alive;
99 		sn = list_next(&se->se_act.lst, sn);
100 	}
101 	rw_exit(&se->se_lock);
102 }
103 
104 /*
105  * smb_reconnection_check
106  *
107  * This function is called when a client indicates its current connection
108  * should be the only one it has with the server, as indicated by VC=0 in
109  * a SessionSetupX request. We go through the session list and destroy any
110  * stale connections for that client.
111  *
112  * Clients don't associate IP addresses and servers. So a client may make
113  * independent connections (i.e. with VC=0) to a server with multiple
114  * IP addresses. So, when checking for a reconnection, we need to include
115  * the local IP address, to which the client is connecting, when checking
116  * for stale sessions.
117  *
118  * Also check the server's NetBIOS name to support simultaneous access by
119  * multiple clients behind a NAT server.  This will only work for SMB over
120  * NetBIOS on TCP port 139, it will not work SMB over TCP port 445 because
121  * there is no NetBIOS name.  See also Knowledge Base article Q301673.
122  */
123 void
124 smb_session_reconnection_check(smb_session_list_t *se, smb_session_t *sess)
125 {
126 	smb_session_t	*sn;
127 
128 	rw_enter(&se->se_lock, RW_READER);
129 	sn = list_head(&se->se_act.lst);
130 	while (sn) {
131 		ASSERT(sn->s_magic == SMB_SESSION_MAGIC);
132 		if ((sn != sess) &&
133 		    smb_inet_equal(&sn->ipaddr, &sess->ipaddr) &&
134 		    smb_inet_equal(&sn->local_ipaddr, &sess->local_ipaddr) &&
135 		    (strcasecmp(sn->workstation, sess->workstation) == 0) &&
136 		    (sn->opentime <= sess->opentime) &&
137 		    (sn->s_kid < sess->s_kid)) {
138 			tsignal(sn->s_thread, SIGUSR1);
139 		}
140 		sn = list_next(&se->se_act.lst, sn);
141 	}
142 	rw_exit(&se->se_lock);
143 }
144 
145 /*
146  * Send a session message - supports SMB-over-NBT and SMB-over-TCP.
147  *
148  * The mbuf chain is copied into a contiguous buffer so that the whole
149  * message is submitted to smb_sosend as a single request.  This should
150  * help Ethereal/Wireshark delineate the packets correctly even though
151  * TCP_NODELAY has been set on the socket.
152  *
153  * If an mbuf chain is provided, it will be freed and set to NULL here.
154  */
155 int
156 smb_session_send(smb_session_t *session, uint8_t type, mbuf_chain_t *mbc)
157 {
158 	smb_txreq_t	*txr;
159 	smb_xprt_t	hdr;
160 	int		rc;
161 
162 	switch (session->s_state) {
163 	case SMB_SESSION_STATE_DISCONNECTED:
164 	case SMB_SESSION_STATE_TERMINATED:
165 		if ((mbc != NULL) && (mbc->chain != NULL)) {
166 			m_freem(mbc->chain);
167 			mbc->chain = NULL;
168 			mbc->flags = 0;
169 		}
170 		return (ENOTCONN);
171 	default:
172 		break;
173 	}
174 
175 	txr = smb_net_txr_alloc();
176 
177 	if ((mbc != NULL) && (mbc->chain != NULL)) {
178 		rc = mbc_moveout(mbc, (caddr_t)&txr->tr_buf[NETBIOS_HDR_SZ],
179 		    sizeof (txr->tr_buf) - NETBIOS_HDR_SZ, &txr->tr_len);
180 		if (rc != 0) {
181 			smb_net_txr_free(txr);
182 			return (rc);
183 		}
184 	}
185 
186 	hdr.xh_type = type;
187 	hdr.xh_length = (uint32_t)txr->tr_len;
188 
189 	rc = smb_session_xprt_puthdr(session, &hdr, txr->tr_buf,
190 	    NETBIOS_HDR_SZ);
191 
192 	if (rc != 0) {
193 		smb_net_txr_free(txr);
194 		return (rc);
195 	}
196 	txr->tr_len += NETBIOS_HDR_SZ;
197 	smb_server_add_txb(session->s_server, (int64_t)txr->tr_len);
198 	return (smb_net_txr_send(session->sock, &session->s_txlst, txr));
199 }
200 
201 /*
202  * Read, process and respond to a NetBIOS session request.
203  *
204  * A NetBIOS session must be established for SMB-over-NetBIOS.  Validate
205  * the calling and called name format and save the client NetBIOS name,
206  * which is used when a NetBIOS session is established to check for and
207  * cleanup leftover state from a previous session.
208  *
209  * Session requests are not valid for SMB-over-TCP, which is unfortunate
210  * because without the client name leftover state cannot be cleaned up
211  * if the client is behind a NAT server.
212  */
213 static int
214 smb_session_request(struct smb_session *session)
215 {
216 	int			rc;
217 	char			*calling_name;
218 	char			*called_name;
219 	char 			client_name[NETBIOS_NAME_SZ];
220 	struct mbuf_chain 	mbc;
221 	char 			*names = NULL;
222 	smb_wchar_t		*wbuf = NULL;
223 	smb_xprt_t		hdr;
224 	char *p;
225 	int rc1, rc2;
226 
227 	session->keep_alive = smb_keep_alive;
228 
229 	if ((rc = smb_session_xprt_gethdr(session, &hdr)) != 0)
230 		return (rc);
231 
232 	DTRACE_PROBE2(receive__session__req__xprthdr, struct session *, session,
233 	    smb_xprt_t *, &hdr);
234 
235 	if ((hdr.xh_type != SESSION_REQUEST) ||
236 	    (hdr.xh_length != NETBIOS_SESSION_REQUEST_DATA_LENGTH)) {
237 		DTRACE_PROBE1(receive__session__req__failed,
238 		    struct session *, session);
239 		return (EINVAL);
240 	}
241 
242 	names = kmem_alloc(hdr.xh_length, KM_SLEEP);
243 
244 	if ((rc = smb_sorecv(session->sock, names, hdr.xh_length)) != 0) {
245 		kmem_free(names, hdr.xh_length);
246 		DTRACE_PROBE1(receive__session__req__failed,
247 		    struct session *, session);
248 		return (rc);
249 	}
250 
251 	DTRACE_PROBE3(receive__session__req__data, struct session *, session,
252 	    char *, names, uint32_t, hdr.xh_length);
253 
254 	called_name = &names[0];
255 	calling_name = &names[NETBIOS_ENCODED_NAME_SZ + 2];
256 
257 	rc1 = netbios_name_isvalid(called_name, 0);
258 	rc2 = netbios_name_isvalid(calling_name, client_name);
259 
260 	if (rc1 == 0 || rc2 == 0) {
261 
262 		DTRACE_PROBE3(receive__invalid__session__req,
263 		    struct session *, session, char *, names,
264 		    uint32_t, hdr.xh_length);
265 
266 		kmem_free(names, hdr.xh_length);
267 		MBC_INIT(&mbc, MAX_DATAGRAM_LENGTH);
268 		(void) smb_mbc_encodef(&mbc, "b",
269 		    DATAGRAM_INVALID_SOURCE_NAME_FORMAT);
270 		(void) smb_session_send(session, NEGATIVE_SESSION_RESPONSE,
271 		    &mbc);
272 		return (EINVAL);
273 	}
274 
275 	DTRACE_PROBE3(receive__session__req__calling__decoded,
276 	    struct session *, session,
277 	    char *, calling_name, char *, client_name);
278 
279 	/*
280 	 * The client NetBIOS name is in oem codepage format.
281 	 * We need to convert it to unicode and store it in
282 	 * multi-byte format.  We also need to strip off any
283 	 * spaces added as part of the NetBIOS name encoding.
284 	 */
285 	wbuf = kmem_alloc((SMB_PI_MAX_HOST * sizeof (smb_wchar_t)), KM_SLEEP);
286 	(void) oemtoucs(wbuf, client_name, SMB_PI_MAX_HOST, OEM_CPG_850);
287 	(void) smb_wcstombs(session->workstation, wbuf, SMB_PI_MAX_HOST);
288 	kmem_free(wbuf, (SMB_PI_MAX_HOST * sizeof (smb_wchar_t)));
289 
290 	if ((p = strchr(session->workstation, ' ')) != 0)
291 		*p = '\0';
292 
293 	kmem_free(names, hdr.xh_length);
294 	return (smb_session_send(session, POSITIVE_SESSION_RESPONSE, NULL));
295 }
296 
297 /*
298  * Read 4-byte header from the session socket and build an in-memory
299  * session transport header.  See smb_xprt_t definition for header
300  * format information.
301  *
302  * Direct hosted NetBIOS-less SMB (SMB-over-TCP) uses port 445.  The
303  * first byte of the four-byte header must be 0 and the next three
304  * bytes contain the length of the remaining data.
305  */
306 int
307 smb_session_xprt_gethdr(smb_session_t *session, smb_xprt_t *ret_hdr)
308 {
309 	int		rc;
310 	unsigned char	buf[NETBIOS_HDR_SZ];
311 
312 	if ((rc = smb_sorecv(session->sock, buf, NETBIOS_HDR_SZ)) != 0)
313 		return (rc);
314 
315 	switch (session->s_local_port) {
316 	case IPPORT_NETBIOS_SSN:
317 		ret_hdr->xh_type = buf[0];
318 		ret_hdr->xh_length = (((uint32_t)buf[1] & 1) << 16) |
319 		    ((uint32_t)buf[2] << 8) |
320 		    ((uint32_t)buf[3]);
321 		break;
322 
323 	case IPPORT_SMB:
324 		ret_hdr->xh_type = buf[0];
325 
326 		if (ret_hdr->xh_type != 0) {
327 			cmn_err(CE_WARN, "invalid type (%u)", ret_hdr->xh_type);
328 			dump_smb_inaddr(&session->ipaddr);
329 			return (EPROTO);
330 		}
331 
332 		ret_hdr->xh_length = ((uint32_t)buf[1] << 16) |
333 		    ((uint32_t)buf[2] << 8) |
334 		    ((uint32_t)buf[3]);
335 		break;
336 
337 	default:
338 		cmn_err(CE_WARN, "invalid port %u", session->s_local_port);
339 		dump_smb_inaddr(&session->ipaddr);
340 		return (EPROTO);
341 	}
342 
343 	return (0);
344 }
345 
346 /*
347  * Encode a transport session packet header into a 4-byte buffer.
348  * See smb_xprt_t definition for header format information.
349  */
350 static int
351 smb_session_xprt_puthdr(smb_session_t *session, smb_xprt_t *hdr,
352     uint8_t *buf, size_t buflen)
353 {
354 	if (session == NULL || hdr == NULL ||
355 	    buf == NULL || buflen < NETBIOS_HDR_SZ) {
356 		return (-1);
357 	}
358 
359 	switch (session->s_local_port) {
360 	case IPPORT_NETBIOS_SSN:
361 		buf[0] = hdr->xh_type;
362 		buf[1] = ((hdr->xh_length >> 16) & 1);
363 		buf[2] = (hdr->xh_length >> 8) & 0xff;
364 		buf[3] = hdr->xh_length & 0xff;
365 		break;
366 
367 	case IPPORT_SMB:
368 		buf[0] = hdr->xh_type;
369 		buf[1] = (hdr->xh_length >> 16) & 0xff;
370 		buf[2] = (hdr->xh_length >> 8) & 0xff;
371 		buf[3] = hdr->xh_length & 0xff;
372 		break;
373 
374 	default:
375 		cmn_err(CE_WARN, "invalid port %u", session->s_local_port);
376 		dump_smb_inaddr(&session->ipaddr);
377 		return (-1);
378 	}
379 
380 	return (0);
381 }
382 
383 static void
384 smb_request_init_command_mbuf(smb_request_t *sr)
385 {
386 	MGET(sr->command.chain, 0, MT_DATA);
387 
388 	/*
389 	 * Setup mbuf, mimic MCLGET but use the complete packet buffer.
390 	 */
391 	sr->command.chain->m_ext.ext_buf = sr->sr_request_buf;
392 	sr->command.chain->m_data = sr->command.chain->m_ext.ext_buf;
393 	sr->command.chain->m_len = sr->sr_req_length;
394 	sr->command.chain->m_flags |= M_EXT;
395 	sr->command.chain->m_ext.ext_size = sr->sr_req_length;
396 	sr->command.chain->m_ext.ext_ref = &mclrefnoop;
397 
398 	/*
399 	 * Initialize the rest of the mbuf_chain fields
400 	 */
401 	sr->command.flags = 0;
402 	sr->command.shadow_of = 0;
403 	sr->command.max_bytes = sr->sr_req_length;
404 	sr->command.chain_offset = 0;
405 }
406 
407 /*
408  * smb_request_cancel
409  *
410  * Handle a cancel for a request properly depending on the current request
411  * state.
412  */
413 void
414 smb_request_cancel(smb_request_t *sr)
415 {
416 	mutex_enter(&sr->sr_mutex);
417 	switch (sr->sr_state) {
418 
419 	case SMB_REQ_STATE_SUBMITTED:
420 	case SMB_REQ_STATE_ACTIVE:
421 	case SMB_REQ_STATE_CLEANED_UP:
422 		sr->sr_state = SMB_REQ_STATE_CANCELED;
423 		break;
424 
425 	case SMB_REQ_STATE_WAITING_LOCK:
426 		/*
427 		 * This request is waiting on a lock.  Wakeup everything
428 		 * waiting on the lock so that the relevant thread regains
429 		 * control and notices that is has been canceled.  The
430 		 * other lock request threads waiting on this lock will go
431 		 * back to sleep when they discover they are still blocked.
432 		 */
433 		sr->sr_state = SMB_REQ_STATE_CANCELED;
434 
435 		ASSERT(sr->sr_awaiting != NULL);
436 		mutex_enter(&sr->sr_awaiting->l_mutex);
437 		cv_broadcast(&sr->sr_awaiting->l_cv);
438 		mutex_exit(&sr->sr_awaiting->l_mutex);
439 		break;
440 
441 	case SMB_REQ_STATE_WAITING_EVENT:
442 	case SMB_REQ_STATE_EVENT_OCCURRED:
443 		/*
444 		 * Cancellations for these states are handled by the
445 		 * notify-change code
446 		 */
447 		break;
448 
449 	case SMB_REQ_STATE_COMPLETED:
450 	case SMB_REQ_STATE_CANCELED:
451 		/*
452 		 * No action required for these states since the request
453 		 * is completing.
454 		 */
455 		break;
456 	/*
457 	 * Cases included:
458 	 *	SMB_REQ_STATE_FREE:
459 	 *	SMB_REQ_STATE_INITIALIZING:
460 	 */
461 	default:
462 		SMB_PANIC();
463 	}
464 	mutex_exit(&sr->sr_mutex);
465 }
466 
467 /*
468  * This is the entry point for processing SMB messages over NetBIOS or
469  * SMB-over-TCP.
470  *
471  * NetBIOS connections require a session request to establish a session
472  * on which to send session messages.
473  *
474  * Session requests are not valid on SMB-over-TCP.  We don't need to do
475  * anything here as session requests will be treated as an error when
476  * handling session messages.
477  */
478 int
479 smb_session_daemon(smb_session_list_t *se)
480 {
481 	int		rc = 0;
482 	smb_session_t	*session;
483 
484 	session = smb_session_list_activate_head(se);
485 	if (session == NULL)
486 		return (EINVAL);
487 
488 	if (session->s_local_port == IPPORT_NETBIOS_SSN) {
489 		rc = smb_session_request(session);
490 		if (rc) {
491 			smb_rwx_rwenter(&session->s_lock, RW_WRITER);
492 			session->s_state = SMB_SESSION_STATE_DISCONNECTED;
493 			smb_rwx_rwexit(&session->s_lock);
494 			smb_session_list_terminate(se, session);
495 			return (rc);
496 		}
497 	}
498 
499 	smb_rwx_rwenter(&session->s_lock, RW_WRITER);
500 	session->s_state = SMB_SESSION_STATE_ESTABLISHED;
501 	smb_rwx_rwexit(&session->s_lock);
502 
503 	rc = smb_session_message(session);
504 
505 	smb_rwx_rwenter(&session->s_lock, RW_WRITER);
506 	session->s_state = SMB_SESSION_STATE_DISCONNECTED;
507 	smb_rwx_rwexit(&session->s_lock);
508 
509 	smb_soshutdown(session->sock);
510 
511 	DTRACE_PROBE2(session__drop, struct session *, session, int, rc);
512 
513 	smb_session_cancel(session);
514 
515 	/*
516 	 * At this point everything related to the session should have been
517 	 * cleaned up and we expect that nothing will attempt to use the
518 	 * socket.
519 	 */
520 	smb_session_list_terminate(se, session);
521 
522 	return (rc);
523 }
524 
525 /*
526  * Read and process SMB requests.
527  *
528  * Returns:
529  *	0	Success
530  *	1	Unable to read transport header
531  *	2	Invalid transport header type
532  *	3	Invalid SMB length (too small)
533  *	4	Unable to read SMB header
534  *	5	Invalid SMB header (bad magic number)
535  *	6	Unable to read SMB data
536  *	2x	Write raw failed
537  */
538 static int
539 smb_session_message(smb_session_t *session)
540 {
541 	smb_server_t	*sv;
542 	smb_request_t	*sr = NULL;
543 	smb_xprt_t	hdr;
544 	uint8_t		*req_buf;
545 	uint32_t	resid;
546 	int		rc;
547 
548 	sv = session->s_server;
549 
550 	for (;;) {
551 
552 		rc = smb_session_xprt_gethdr(session, &hdr);
553 		if (rc)
554 			return (rc);
555 
556 		DTRACE_PROBE2(session__receive__xprthdr, session_t *, session,
557 		    smb_xprt_t *, &hdr);
558 
559 		if (hdr.xh_type != SESSION_MESSAGE) {
560 			/*
561 			 * Anything other than SESSION_MESSAGE or
562 			 * SESSION_KEEP_ALIVE is an error.  A SESSION_REQUEST
563 			 * may indicate a new session request but we need to
564 			 * close this session and we can treat it as an error
565 			 * here.
566 			 */
567 			if (hdr.xh_type == SESSION_KEEP_ALIVE) {
568 				session->keep_alive = smb_keep_alive;
569 				continue;
570 			}
571 			return (EPROTO);
572 		}
573 
574 		if (hdr.xh_length < SMB_HEADER_LEN)
575 			return (EPROTO);
576 
577 		session->keep_alive = smb_keep_alive;
578 		/*
579 		 * Allocate a request context, read the SMB header and validate
580 		 * it. The sr includes a buffer large enough to hold the SMB
581 		 * request payload.  If the header looks valid, read any
582 		 * remaining data.
583 		 */
584 		sr = smb_request_alloc(session, hdr.xh_length);
585 
586 		req_buf = (uint8_t *)sr->sr_request_buf;
587 		resid = hdr.xh_length;
588 
589 		rc = smb_sorecv(session->sock, req_buf, SMB_HEADER_LEN);
590 		if (rc) {
591 			smb_request_free(sr);
592 			return (rc);
593 		}
594 
595 		if (SMB_PROTOCOL_MAGIC_INVALID(sr)) {
596 			smb_request_free(sr);
597 			return (EPROTO);
598 		}
599 
600 		if (resid > SMB_HEADER_LEN) {
601 			req_buf += SMB_HEADER_LEN;
602 			resid -= SMB_HEADER_LEN;
603 
604 			rc = smb_sorecv(session->sock, req_buf, resid);
605 			if (rc) {
606 				smb_request_free(sr);
607 				return (rc);
608 			}
609 		}
610 		smb_server_add_rxb(sv,
611 		    (int64_t)(hdr.xh_length + NETBIOS_HDR_SZ));
612 		/*
613 		 * Initialize command MBC to represent the received data.
614 		 */
615 		smb_request_init_command_mbuf(sr);
616 
617 		DTRACE_PROBE1(session__receive__smb, smb_request_t *, sr);
618 
619 		/*
620 		 * If this is a raw write, hand off the request.  The handler
621 		 * will retrieve the remaining raw data and process the request.
622 		 */
623 		if (SMB_IS_WRITERAW(sr)) {
624 			rc = smb_handle_write_raw(session, sr);
625 			if (rc == 0)
626 				continue;
627 			return (rc);
628 		}
629 		if (sr->session->signing.flags & SMB_SIGNING_ENABLED) {
630 			if (SMB_IS_NT_CANCEL(sr)) {
631 				sr->session->signing.seqnum++;
632 				sr->sr_seqnum = sr->session->signing.seqnum + 1;
633 				sr->reply_seqnum = 0;
634 			} else {
635 				sr->session->signing.seqnum += 2;
636 				sr->sr_seqnum = sr->session->signing.seqnum;
637 				sr->reply_seqnum = sr->sr_seqnum + 1;
638 			}
639 		}
640 		sr->sr_time_submitted = gethrtime();
641 		sr->sr_state = SMB_REQ_STATE_SUBMITTED;
642 		smb_srqueue_waitq_enter(session->s_srqueue);
643 		(void) taskq_dispatch(session->s_server->sv_thread_pool,
644 		    smb_session_worker, sr, TQ_SLEEP);
645 	}
646 }
647 
648 /*
649  * Port will be IPPORT_NETBIOS_SSN or IPPORT_SMB.
650  */
651 smb_session_t *
652 smb_session_create(ksocket_t new_so, uint16_t port, smb_server_t *sv,
653     int family)
654 {
655 	struct sockaddr_in	sin;
656 	socklen_t		slen;
657 	struct sockaddr_in6	sin6;
658 	smb_session_t		*session;
659 	int64_t			now;
660 
661 	session = kmem_cache_alloc(sv->si_cache_session, KM_SLEEP);
662 	bzero(session, sizeof (smb_session_t));
663 
664 	if (smb_idpool_constructor(&session->s_uid_pool)) {
665 		kmem_cache_free(sv->si_cache_session, session);
666 		return (NULL);
667 	}
668 
669 	now = ddi_get_lbolt64();
670 
671 	session->s_kid = SMB_NEW_KID();
672 	session->s_state = SMB_SESSION_STATE_INITIALIZED;
673 	session->native_os = NATIVE_OS_UNKNOWN;
674 	session->opentime = now;
675 	session->keep_alive = smb_keep_alive;
676 	session->activity_timestamp = now;
677 
678 	smb_slist_constructor(&session->s_req_list, sizeof (smb_request_t),
679 	    offsetof(smb_request_t, sr_session_lnd));
680 
681 	smb_llist_constructor(&session->s_user_list, sizeof (smb_user_t),
682 	    offsetof(smb_user_t, u_lnd));
683 
684 	smb_llist_constructor(&session->s_xa_list, sizeof (smb_xa_t),
685 	    offsetof(smb_xa_t, xa_lnd));
686 
687 	list_create(&session->s_oplock_brkreqs, sizeof (mbuf_chain_t),
688 	    offsetof(mbuf_chain_t, mbc_lnd));
689 
690 	smb_net_txl_constructor(&session->s_txlst);
691 
692 	smb_rwx_init(&session->s_lock);
693 
694 	if (new_so != NULL) {
695 		if (family == AF_INET) {
696 			slen = sizeof (sin);
697 			(void) ksocket_getsockname(new_so,
698 			    (struct sockaddr *)&sin, &slen, CRED());
699 			bcopy(&sin.sin_addr,
700 			    &session->local_ipaddr.au_addr.au_ipv4,
701 			    sizeof (in_addr_t));
702 			slen = sizeof (sin);
703 			(void) ksocket_getpeername(new_so,
704 			    (struct sockaddr *)&sin, &slen, CRED());
705 			bcopy(&sin.sin_addr,
706 			    &session->ipaddr.au_addr.au_ipv4,
707 			    sizeof (in_addr_t));
708 		} else {
709 			slen = sizeof (sin6);
710 			(void) ksocket_getsockname(new_so,
711 			    (struct sockaddr *)&sin6, &slen, CRED());
712 			bcopy(&sin6.sin6_addr,
713 			    &session->local_ipaddr.au_addr.au_ipv6,
714 			    sizeof (in6_addr_t));
715 			slen = sizeof (sin6);
716 			(void) ksocket_getpeername(new_so,
717 			    (struct sockaddr *)&sin6, &slen, CRED());
718 			bcopy(&sin6.sin6_addr,
719 			    &session->ipaddr.au_addr.au_ipv6,
720 			    sizeof (in6_addr_t));
721 		}
722 		session->ipaddr.a_family = family;
723 		session->local_ipaddr.a_family = family;
724 		session->s_local_port = port;
725 		session->sock = new_so;
726 		if (port == IPPORT_NETBIOS_SSN)
727 			smb_server_inc_nbt_sess(sv);
728 		else
729 			smb_server_inc_tcp_sess(sv);
730 	}
731 	session->s_server = sv;
732 	smb_server_get_cfg(sv, &session->s_cfg);
733 	session->s_srqueue = &sv->sv_srqueue;
734 
735 	session->s_cache_request = sv->si_cache_request;
736 	session->s_cache = sv->si_cache_session;
737 	session->s_magic = SMB_SESSION_MAGIC;
738 	return (session);
739 }
740 
741 void
742 smb_session_delete(smb_session_t *session)
743 {
744 	mbuf_chain_t	*mbc;
745 
746 	ASSERT(session->s_magic == SMB_SESSION_MAGIC);
747 
748 	session->s_magic = 0;
749 
750 	if (session->s_local_port == IPPORT_NETBIOS_SSN)
751 		smb_server_dec_nbt_sess(session->s_server);
752 	else
753 		smb_server_dec_tcp_sess(session->s_server);
754 
755 	smb_rwx_destroy(&session->s_lock);
756 	smb_net_txl_destructor(&session->s_txlst);
757 
758 	while ((mbc = list_head(&session->s_oplock_brkreqs)) != NULL) {
759 		SMB_MBC_VALID(mbc);
760 		list_remove(&session->s_oplock_brkreqs, mbc);
761 		smb_mbc_free(mbc);
762 	}
763 	list_destroy(&session->s_oplock_brkreqs);
764 
765 	smb_slist_destructor(&session->s_req_list);
766 	smb_llist_destructor(&session->s_user_list);
767 	smb_llist_destructor(&session->s_xa_list);
768 
769 	ASSERT(session->s_tree_cnt == 0);
770 	ASSERT(session->s_file_cnt == 0);
771 	ASSERT(session->s_dir_cnt == 0);
772 
773 	smb_idpool_destructor(&session->s_uid_pool);
774 	kmem_cache_free(session->s_cache, session);
775 }
776 
777 static void
778 smb_session_cancel(smb_session_t *session)
779 {
780 	smb_xa_t	*xa, *nextxa;
781 
782 	/* All the request currently being treated must be canceled. */
783 	smb_session_cancel_requests(session, NULL, NULL);
784 
785 	/*
786 	 * We wait for the completion of all the requests associated with
787 	 * this session.
788 	 */
789 	smb_slist_wait_for_empty(&session->s_req_list);
790 
791 	/*
792 	 * At this point the reference count of the users, trees, files,
793 	 * directories should be zero. It should be possible to destroy them
794 	 * without any problem.
795 	 */
796 	xa = smb_llist_head(&session->s_xa_list);
797 	while (xa) {
798 		nextxa = smb_llist_next(&session->s_xa_list, xa);
799 		smb_xa_close(xa);
800 		xa = nextxa;
801 	}
802 
803 	smb_session_logoff(session);
804 }
805 
806 /*
807  * Cancel requests.  If a non-null tree is specified, only requests specific
808  * to that tree will be cancelled.  If a non-null sr is specified, that sr
809  * will be not be cancelled - this would typically be the caller's sr.
810  */
811 void
812 smb_session_cancel_requests(
813     smb_session_t	*session,
814     smb_tree_t		*tree,
815     smb_request_t	*exclude_sr)
816 {
817 	smb_request_t	*sr;
818 
819 	smb_process_session_notify_change_queue(session, tree);
820 
821 	smb_slist_enter(&session->s_req_list);
822 	sr = smb_slist_head(&session->s_req_list);
823 
824 	while (sr) {
825 		ASSERT(sr->sr_magic == SMB_REQ_MAGIC);
826 		if ((sr != exclude_sr) &&
827 		    (tree == NULL || sr->tid_tree == tree))
828 			smb_request_cancel(sr);
829 
830 		sr = smb_slist_next(&session->s_req_list, sr);
831 	}
832 
833 	smb_slist_exit(&session->s_req_list);
834 }
835 
836 void
837 smb_session_worker(void	*arg)
838 {
839 	smb_request_t	*sr;
840 	smb_srqueue_t	*srq;
841 
842 	sr = (smb_request_t *)arg;
843 	SMB_REQ_VALID(sr);
844 
845 	srq = sr->session->s_srqueue;
846 	smb_srqueue_waitq_to_runq(srq);
847 	sr->sr_worker = curthread;
848 	mutex_enter(&sr->sr_mutex);
849 	sr->sr_time_active = gethrtime();
850 	switch (sr->sr_state) {
851 	case SMB_REQ_STATE_SUBMITTED:
852 		mutex_exit(&sr->sr_mutex);
853 		if (smb_dispatch_request(sr)) {
854 			mutex_enter(&sr->sr_mutex);
855 			sr->sr_state = SMB_REQ_STATE_COMPLETED;
856 			mutex_exit(&sr->sr_mutex);
857 			smb_request_free(sr);
858 		}
859 		break;
860 
861 	default:
862 		ASSERT(sr->sr_state == SMB_REQ_STATE_CANCELED);
863 		sr->sr_state = SMB_REQ_STATE_COMPLETED;
864 		mutex_exit(&sr->sr_mutex);
865 		smb_request_free(sr);
866 		break;
867 	}
868 	smb_srqueue_runq_exit(srq);
869 }
870 
871 void
872 smb_session_list_constructor(smb_session_list_t *se)
873 {
874 	bzero(se, sizeof (*se));
875 	rw_init(&se->se_lock, NULL, RW_DEFAULT, NULL);
876 	list_create(&se->se_rdy.lst, sizeof (smb_session_t),
877 	    offsetof(smb_session_t, s_lnd));
878 	list_create(&se->se_act.lst, sizeof (smb_session_t),
879 	    offsetof(smb_session_t, s_lnd));
880 }
881 
882 void
883 smb_session_list_destructor(smb_session_list_t *se)
884 {
885 	list_destroy(&se->se_rdy.lst);
886 	list_destroy(&se->se_act.lst);
887 	rw_destroy(&se->se_lock);
888 }
889 
890 void
891 smb_session_list_append(smb_session_list_t *se, smb_session_t *session)
892 {
893 	ASSERT(session->s_magic == SMB_SESSION_MAGIC);
894 	ASSERT(session->s_state == SMB_SESSION_STATE_INITIALIZED);
895 
896 	rw_enter(&se->se_lock, RW_WRITER);
897 	list_insert_tail(&se->se_rdy.lst, session);
898 	se->se_rdy.count++;
899 	se->se_wrop++;
900 	rw_exit(&se->se_lock);
901 }
902 
903 void
904 smb_session_list_delete_tail(smb_session_list_t *se)
905 {
906 	smb_session_t	*session;
907 
908 	rw_enter(&se->se_lock, RW_WRITER);
909 	session = list_tail(&se->se_rdy.lst);
910 	if (session) {
911 		ASSERT(session->s_magic == SMB_SESSION_MAGIC);
912 		ASSERT(session->s_state == SMB_SESSION_STATE_INITIALIZED);
913 		list_remove(&se->se_rdy.lst, session);
914 		ASSERT(se->se_rdy.count);
915 		se->se_rdy.count--;
916 		rw_exit(&se->se_lock);
917 		smb_session_delete(session);
918 		return;
919 	}
920 	rw_exit(&se->se_lock);
921 }
922 
923 smb_session_t *
924 smb_session_list_activate_head(smb_session_list_t *se)
925 {
926 	smb_session_t	*session;
927 
928 	rw_enter(&se->se_lock, RW_WRITER);
929 	session = list_head(&se->se_rdy.lst);
930 	if (session) {
931 		ASSERT(session->s_magic == SMB_SESSION_MAGIC);
932 		smb_rwx_rwenter(&session->s_lock, RW_WRITER);
933 		ASSERT(session->s_state == SMB_SESSION_STATE_INITIALIZED);
934 		session->s_thread = curthread;
935 		session->s_ktdid = session->s_thread->t_did;
936 		smb_rwx_rwexit(&session->s_lock);
937 		list_remove(&se->se_rdy.lst, session);
938 		se->se_rdy.count--;
939 		list_insert_tail(&se->se_act.lst, session);
940 		se->se_act.count++;
941 		se->se_wrop++;
942 	}
943 	rw_exit(&se->se_lock);
944 	return (session);
945 }
946 
947 void
948 smb_session_list_terminate(smb_session_list_t *se, smb_session_t *session)
949 {
950 	ASSERT(session->s_magic == SMB_SESSION_MAGIC);
951 
952 	rw_enter(&se->se_lock, RW_WRITER);
953 
954 	smb_rwx_rwenter(&session->s_lock, RW_WRITER);
955 	ASSERT(session->s_state == SMB_SESSION_STATE_DISCONNECTED);
956 	session->s_state = SMB_SESSION_STATE_TERMINATED;
957 	smb_sodestroy(session->sock);
958 	session->sock = NULL;
959 	smb_rwx_rwexit(&session->s_lock);
960 
961 	list_remove(&se->se_act.lst, session);
962 	se->se_act.count--;
963 	se->se_wrop++;
964 
965 	ASSERT(session->s_thread == curthread);
966 
967 	rw_exit(&se->se_lock);
968 
969 	smb_session_delete(session);
970 }
971 
972 /*
973  * smb_session_list_signal
974  *
975  * This function signals all the session threads. The intent is to terminate
976  * them. The sessions still in the SMB_SESSION_STATE_INITIALIZED are delete
977  * immediately.
978  *
979  * This function must only be called by the threads listening and accepting
980  * connections. They must pass in their respective session list.
981  */
982 void
983 smb_session_list_signal(smb_session_list_t *se)
984 {
985 	smb_session_t	*session;
986 
987 	rw_enter(&se->se_lock, RW_WRITER);
988 	while (session = list_head(&se->se_rdy.lst)) {
989 
990 		ASSERT(session->s_magic == SMB_SESSION_MAGIC);
991 
992 		smb_rwx_rwenter(&session->s_lock, RW_WRITER);
993 		ASSERT(session->s_state == SMB_SESSION_STATE_INITIALIZED);
994 		session->s_state = SMB_SESSION_STATE_TERMINATED;
995 		smb_sodestroy(session->sock);
996 		session->sock = NULL;
997 		smb_rwx_rwexit(&session->s_lock);
998 
999 		list_remove(&se->se_rdy.lst, session);
1000 		se->se_rdy.count--;
1001 		se->se_wrop++;
1002 
1003 		rw_exit(&se->se_lock);
1004 		smb_session_delete(session);
1005 		rw_enter(&se->se_lock, RW_WRITER);
1006 	}
1007 	rw_downgrade(&se->se_lock);
1008 
1009 	session = list_head(&se->se_act.lst);
1010 	while (session) {
1011 
1012 		ASSERT(session->s_magic == SMB_SESSION_MAGIC);
1013 		tsignal(session->s_thread, SIGUSR1);
1014 		session = list_next(&se->se_act.lst, session);
1015 	}
1016 	rw_exit(&se->se_lock);
1017 }
1018 
1019 /*
1020  * smb_session_lookup_user
1021  */
1022 static smb_user_t *
1023 smb_session_lookup_user(smb_session_t *session, char *domain, char *name)
1024 {
1025 	smb_user_t	*user;
1026 	smb_llist_t	*ulist;
1027 
1028 	ulist = &session->s_user_list;
1029 	smb_llist_enter(ulist, RW_READER);
1030 	user = smb_llist_head(ulist);
1031 	while (user) {
1032 		ASSERT(user->u_magic == SMB_USER_MAGIC);
1033 		if (!smb_strcasecmp(user->u_name, name, 0) &&
1034 		    !smb_strcasecmp(user->u_domain, domain, 0)) {
1035 			if (smb_user_hold(user))
1036 				break;
1037 		}
1038 		user = smb_llist_next(ulist, user);
1039 	}
1040 	smb_llist_exit(ulist);
1041 
1042 	return (user);
1043 }
1044 
1045 /*
1046  * If a user attempts to log in subsequently from the specified session,
1047  * duplicates the existing SMB user instance such that all SMB user
1048  * instances that corresponds to the same user on the given session
1049  * reference the same user's cred.
1050  *
1051  * Returns NULL if the given user hasn't yet logged in from this
1052  * specified session.  Otherwise, returns a user instance that corresponds
1053  * to this subsequent login.
1054  */
1055 smb_user_t *
1056 smb_session_dup_user(smb_session_t *session, char *domain, char *account_name)
1057 {
1058 	smb_user_t *orig_user = NULL;
1059 	smb_user_t *user = NULL;
1060 
1061 	orig_user = smb_session_lookup_user(session, domain,
1062 	    account_name);
1063 
1064 	if (orig_user) {
1065 		user = smb_user_dup(orig_user);
1066 		smb_user_release(orig_user);
1067 	}
1068 
1069 	return (user);
1070 }
1071 
1072 /*
1073  * Find a user on the specified session by SMB UID.
1074  */
1075 smb_user_t *
1076 smb_session_lookup_uid(smb_session_t *session, uint16_t uid)
1077 {
1078 	smb_user_t	*user;
1079 	smb_llist_t	*user_list;
1080 
1081 	SMB_SESSION_VALID(session);
1082 
1083 	user_list = &session->s_user_list;
1084 	smb_llist_enter(user_list, RW_READER);
1085 
1086 	user = smb_llist_head(user_list);
1087 	while (user) {
1088 		SMB_USER_VALID(user);
1089 		ASSERT(user->u_session == session);
1090 
1091 		if (user->u_uid == uid) {
1092 			if (!smb_user_hold(user))
1093 				break;
1094 
1095 			smb_llist_exit(user_list);
1096 			return (user);
1097 		}
1098 
1099 		user = smb_llist_next(user_list, user);
1100 	}
1101 
1102 	smb_llist_exit(user_list);
1103 	return (NULL);
1104 }
1105 
1106 void
1107 smb_session_post_user(smb_session_t *session, smb_user_t *user)
1108 {
1109 	SMB_USER_VALID(user);
1110 	ASSERT(user->u_refcnt == 0);
1111 	ASSERT(user->u_state == SMB_USER_STATE_LOGGED_OFF);
1112 	ASSERT(user->u_session == session);
1113 
1114 	smb_llist_post(&session->s_user_list, user, smb_user_delete);
1115 }
1116 
1117 /*
1118  * Logoff all users associated with the specified session.
1119  */
1120 static void
1121 smb_session_logoff(smb_session_t *session)
1122 {
1123 	smb_user_t	*user;
1124 
1125 	SMB_SESSION_VALID(session);
1126 
1127 	smb_llist_enter(&session->s_user_list, RW_READER);
1128 
1129 	user = smb_llist_head(&session->s_user_list);
1130 	while (user) {
1131 		SMB_USER_VALID(user);
1132 		ASSERT(user->u_session == session);
1133 
1134 		if (smb_user_hold(user)) {
1135 			smb_user_logoff(user);
1136 			smb_user_release(user);
1137 		}
1138 
1139 		user = smb_llist_next(&session->s_user_list, user);
1140 	}
1141 
1142 	smb_llist_exit(&session->s_user_list);
1143 }
1144 
1145 /*
1146  * Disconnect any trees associated with the specified share.
1147  * Iterate through the users on this session and tell each user
1148  * to disconnect from the share.
1149  */
1150 void
1151 smb_session_disconnect_share(smb_session_t *session, const char *sharename)
1152 {
1153 	smb_user_t	*user;
1154 
1155 	SMB_SESSION_VALID(session);
1156 
1157 	smb_llist_enter(&session->s_user_list, RW_READER);
1158 
1159 	user = smb_llist_head(&session->s_user_list);
1160 	while (user) {
1161 		SMB_USER_VALID(user);
1162 		ASSERT(user->u_session == session);
1163 
1164 		if (smb_user_hold(user)) {
1165 			smb_user_disconnect_share(user, sharename);
1166 			smb_user_release(user);
1167 		}
1168 
1169 		user = smb_llist_next(&session->s_user_list, user);
1170 	}
1171 
1172 	smb_llist_exit(&session->s_user_list);
1173 }
1174 
1175 /*
1176  * Copy the session workstation/client name to buf.  If the workstation
1177  * is an empty string (which it will be on TCP connections), use the
1178  * client IP address.
1179  */
1180 void
1181 smb_session_getclient(smb_session_t *sn, char *buf, size_t buflen)
1182 {
1183 	char		ipbuf[INET6_ADDRSTRLEN];
1184 	smb_inaddr_t	*ipaddr;
1185 
1186 	ASSERT(sn);
1187 	ASSERT(buf);
1188 	ASSERT(buflen);
1189 
1190 	*buf = '\0';
1191 
1192 	if (sn->workstation[0] != '\0') {
1193 		(void) strlcpy(buf, sn->workstation, buflen);
1194 		return;
1195 	}
1196 
1197 	ipaddr = &sn->ipaddr;
1198 	if (smb_inet_ntop(ipaddr, ipbuf, SMB_IPSTRLEN(ipaddr->a_family)))
1199 		(void) strlcpy(buf, ipbuf, buflen);
1200 }
1201 
1202 /*
1203  * Check whether or not the specified client name is the client of this
1204  * session.  The name may be in UNC format (\\CLIENT).
1205  *
1206  * A workstation/client name is setup on NBT connections as part of the
1207  * NetBIOS session request but that isn't available on TCP connections.
1208  * If the session doesn't have a client name we typically return the
1209  * client IP address as the workstation name on MSRPC requests.  So we
1210  * check for the IP address here in addition to the workstation name.
1211  */
1212 boolean_t
1213 smb_session_isclient(smb_session_t *sn, const char *client)
1214 {
1215 	char		buf[INET6_ADDRSTRLEN];
1216 	smb_inaddr_t	*ipaddr;
1217 
1218 	client += strspn(client, "\\");
1219 
1220 	if (smb_strcasecmp(client, sn->workstation, 0) == 0)
1221 		return (B_TRUE);
1222 
1223 	ipaddr = &sn->ipaddr;
1224 	if (smb_inet_ntop(ipaddr, buf, SMB_IPSTRLEN(ipaddr->a_family)) == NULL)
1225 		return (B_FALSE);
1226 
1227 	if (smb_strcasecmp(client, buf, 0) == 0)
1228 		return (B_TRUE);
1229 
1230 	return (B_FALSE);
1231 }
1232 
1233 /*
1234  * smb_request_alloc
1235  *
1236  * Allocate an smb_request_t structure from the kmem_cache.  Partially
1237  * initialize the found/new request.
1238  *
1239  * Returns pointer to a request
1240  */
1241 smb_request_t *
1242 smb_request_alloc(smb_session_t *session, int req_length)
1243 {
1244 	smb_request_t	*sr;
1245 
1246 	ASSERT(session->s_magic == SMB_SESSION_MAGIC);
1247 
1248 	sr = kmem_cache_alloc(session->s_cache_request, KM_SLEEP);
1249 
1250 	/*
1251 	 * Future:  Use constructor to pre-initialize some fields.  For now
1252 	 * there are so many fields that it is easiest just to zero the
1253 	 * whole thing and start over.
1254 	 */
1255 	bzero(sr, sizeof (smb_request_t));
1256 
1257 	mutex_init(&sr->sr_mutex, NULL, MUTEX_DEFAULT, NULL);
1258 	smb_srm_init(sr);
1259 	sr->session = session;
1260 	sr->sr_server = session->s_server;
1261 	sr->sr_gmtoff = session->s_server->si_gmtoff;
1262 	sr->sr_cache = session->s_server->si_cache_request;
1263 	sr->sr_cfg = &session->s_cfg;
1264 	sr->command.max_bytes = req_length;
1265 	sr->reply.max_bytes = smb_maxbufsize;
1266 	sr->sr_req_length = req_length;
1267 	if (req_length)
1268 		sr->sr_request_buf = kmem_alloc(req_length, KM_SLEEP);
1269 	sr->sr_magic = SMB_REQ_MAGIC;
1270 	sr->sr_state = SMB_REQ_STATE_INITIALIZING;
1271 	smb_slist_insert_tail(&session->s_req_list, sr);
1272 	return (sr);
1273 }
1274 
1275 /*
1276  * smb_request_free
1277  *
1278  * release the memories which have been allocated for a smb request.
1279  */
1280 void
1281 smb_request_free(smb_request_t *sr)
1282 {
1283 	ASSERT(sr->sr_magic == SMB_REQ_MAGIC);
1284 	ASSERT(sr->session);
1285 	ASSERT(sr->r_xa == NULL);
1286 
1287 	if (sr->fid_ofile != NULL) {
1288 		smb_ofile_request_complete(sr->fid_ofile);
1289 		smb_ofile_release(sr->fid_ofile);
1290 	}
1291 
1292 	if (sr->tid_tree != NULL)
1293 		smb_tree_release(sr->tid_tree);
1294 
1295 	if (sr->uid_user != NULL)
1296 		smb_user_release(sr->uid_user);
1297 
1298 	smb_slist_remove(&sr->session->s_req_list, sr);
1299 
1300 	sr->session = NULL;
1301 
1302 	smb_srm_fini(sr);
1303 
1304 	if (sr->sr_request_buf)
1305 		kmem_free(sr->sr_request_buf, sr->sr_req_length);
1306 	if (sr->command.chain)
1307 		m_freem(sr->command.chain);
1308 	if (sr->reply.chain)
1309 		m_freem(sr->reply.chain);
1310 	if (sr->raw_data.chain)
1311 		m_freem(sr->raw_data.chain);
1312 
1313 	sr->sr_magic = 0;
1314 	mutex_destroy(&sr->sr_mutex);
1315 	kmem_cache_free(sr->sr_cache, sr);
1316 }
1317 
1318 void
1319 dump_smb_inaddr(smb_inaddr_t *ipaddr)
1320 {
1321 	char ipstr[INET6_ADDRSTRLEN];
1322 
1323 	if (smb_inet_ntop(ipaddr, ipstr, SMB_IPSTRLEN(ipaddr->a_family)))
1324 		cmn_err(CE_WARN, "error ipstr=%s", ipstr);
1325 	else
1326 		cmn_err(CE_WARN, "error converting ip address");
1327 }
1328 
1329 boolean_t
1330 smb_session_oplocks_enable(smb_session_t *session)
1331 {
1332 	SMB_SESSION_VALID(session);
1333 	if (session->s_cfg.skc_oplock_enable == 0)
1334 		return (B_FALSE);
1335 	else
1336 		return (B_TRUE);
1337 }
1338 
1339 boolean_t
1340 smb_session_levelII_oplocks(smb_session_t *session)
1341 {
1342 	SMB_SESSION_VALID(session);
1343 	return (session->capabilities & CAP_LEVEL_II_OPLOCKS);
1344 }
1345 
1346 /*
1347  * smb_session_oplock_break
1348  *
1349  * The session lock must NOT be held by the caller of this thread;
1350  * as this would cause a deadlock.
1351  */
1352 void
1353 smb_session_oplock_break(smb_session_t *session,
1354     uint16_t tid, uint16_t fid, uint8_t brk)
1355 {
1356 	mbuf_chain_t	*mbc;
1357 
1358 	SMB_SESSION_VALID(session);
1359 
1360 	mbc = smb_mbc_alloc(MLEN);
1361 
1362 	(void) smb_mbc_encodef(mbc, "Mb19.wwwwbb3.wbb10.",
1363 	    SMB_COM_LOCKING_ANDX,
1364 	    tid,
1365 	    0xFFFF, 0, 0xFFFF, 8, 0xFF,
1366 	    fid,
1367 	    LOCKING_ANDX_OPLOCK_RELEASE,
1368 	    (brk == SMB_OPLOCK_BREAK_TO_LEVEL_II) ? 1 : 0);
1369 
1370 	smb_rwx_rwenter(&session->s_lock, RW_WRITER);
1371 	switch (session->s_state) {
1372 	case SMB_SESSION_STATE_NEGOTIATED:
1373 	case SMB_SESSION_STATE_OPLOCK_BREAKING:
1374 	case SMB_SESSION_STATE_WRITE_RAW_ACTIVE:
1375 		session->s_state = SMB_SESSION_STATE_OPLOCK_BREAKING;
1376 		(void) smb_session_send(session, 0, mbc);
1377 		smb_mbc_free(mbc);
1378 		break;
1379 
1380 	case SMB_SESSION_STATE_READ_RAW_ACTIVE:
1381 		list_insert_tail(&session->s_oplock_brkreqs, mbc);
1382 		break;
1383 
1384 	case SMB_SESSION_STATE_DISCONNECTED:
1385 	case SMB_SESSION_STATE_TERMINATED:
1386 		smb_mbc_free(mbc);
1387 		break;
1388 
1389 	default:
1390 		SMB_PANIC();
1391 	}
1392 	smb_rwx_rwexit(&session->s_lock);
1393 }
1394