1*a90cf9f2SGordon Ross /*
2*a90cf9f2SGordon Ross * This file and its contents are supplied under the terms of the
3*a90cf9f2SGordon Ross * Common Development and Distribution License ("CDDL"), version 1.0.
4*a90cf9f2SGordon Ross * You may only use this file in accordance with the terms of version
5*a90cf9f2SGordon Ross * 1.0 of the CDDL.
6*a90cf9f2SGordon Ross *
7*a90cf9f2SGordon Ross * A full copy of the text of the CDDL should have accompanied this
8*a90cf9f2SGordon Ross * source. A copy of the CDDL is also available via the Internet at
9*a90cf9f2SGordon Ross * http://www.illumos.org/license/CDDL.
10*a90cf9f2SGordon Ross */
11*a90cf9f2SGordon Ross
12*a90cf9f2SGordon Ross /*
13*a90cf9f2SGordon Ross * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
14*a90cf9f2SGordon Ross */
15*a90cf9f2SGordon Ross
16*a90cf9f2SGordon Ross
17*a90cf9f2SGordon Ross #include <smbsrv/smb2_kproto.h>
18*a90cf9f2SGordon Ross #include <smbsrv/smb_kstat.h>
19*a90cf9f2SGordon Ross #include <smbsrv/smb2.h>
20*a90cf9f2SGordon Ross
21*a90cf9f2SGordon Ross /*
22*a90cf9f2SGordon Ross * Saved state for a command that "goes async". When a compound request
23*a90cf9f2SGordon Ross * contains a command that may block indefinitely, the compound reply is
24*a90cf9f2SGordon Ross * composed with an "interim response" for that command, and information
25*a90cf9f2SGordon Ross * needed to actually dispatch that command is saved on a list of "async"
26*a90cf9f2SGordon Ross * commands for this compound request. After the compound reply is sent,
27*a90cf9f2SGordon Ross * the list of async commands is processed, and those may block as long
28*a90cf9f2SGordon Ross * as they need to without affecting the initial compound request.
29*a90cf9f2SGordon Ross *
30*a90cf9f2SGordon Ross * Now interestingly, this "async" mechanism is not used with the full
31*a90cf9f2SGordon Ross * range of asynchrony that one might imagine. The design of async
32*a90cf9f2SGordon Ross * request processing can be drastically simplified if we can assume
33*a90cf9f2SGordon Ross * that there's no need to run more than one async command at a time.
34*a90cf9f2SGordon Ross * With that simplifying assumption, we can continue using the current
35*a90cf9f2SGordon Ross * "one worker thread per request message" model, which has very simple
36*a90cf9f2SGordon Ross * locking rules etc. The same worker thread that handles the initial
37*a90cf9f2SGordon Ross * compound request can handle the list of async requests.
38*a90cf9f2SGordon Ross *
39*a90cf9f2SGordon Ross * As it turns out, SMB2 clients do not try to use more than one "async"
40*a90cf9f2SGordon Ross * command in a compound. If they were to do so, the [MS-SMB2] spec.
41*a90cf9f2SGordon Ross * allows us to decline additional async requests with an error.
42*a90cf9f2SGordon Ross *
43*a90cf9f2SGordon Ross * smb_async_req_t is the struct used to save an "async" request on
44*a90cf9f2SGordon Ross * the list of requests that had an interim reply in the initial
45*a90cf9f2SGordon Ross * compound reply. This includes everything needed to restart
46*a90cf9f2SGordon Ross * processing at the async command.
47*a90cf9f2SGordon Ross */
48*a90cf9f2SGordon Ross
49*a90cf9f2SGordon Ross typedef struct smb2_async_req {
50*a90cf9f2SGordon Ross
51*a90cf9f2SGordon Ross smb_sdrc_t (*ar_func)(smb_request_t *);
52*a90cf9f2SGordon Ross
53*a90cf9f2SGordon Ross int ar_cmd_hdr; /* smb2_cmd_hdr offset */
54*a90cf9f2SGordon Ross int ar_cmd_len; /* length from hdr */
55*a90cf9f2SGordon Ross
56*a90cf9f2SGordon Ross /*
57*a90cf9f2SGordon Ross * SMB2 header fields.
58*a90cf9f2SGordon Ross */
59*a90cf9f2SGordon Ross uint16_t ar_cmd_code;
60*a90cf9f2SGordon Ross uint16_t ar_uid;
61*a90cf9f2SGordon Ross uint16_t ar_tid;
62*a90cf9f2SGordon Ross uint32_t ar_pid;
63*a90cf9f2SGordon Ross uint32_t ar_hdr_flags;
64*a90cf9f2SGordon Ross uint64_t ar_messageid;
65*a90cf9f2SGordon Ross } smb2_async_req_t;
66*a90cf9f2SGordon Ross
67*a90cf9f2SGordon Ross void smb2sr_do_async(smb_request_t *);
68*a90cf9f2SGordon Ross smb_sdrc_t smb2_invalid_cmd(smb_request_t *);
69*a90cf9f2SGordon Ross static void smb2_tq_work(void *);
70*a90cf9f2SGordon Ross
71*a90cf9f2SGordon Ross static const smb_disp_entry_t const
72*a90cf9f2SGordon Ross smb2_disp_table[SMB2__NCMDS] = {
73*a90cf9f2SGordon Ross
74*a90cf9f2SGordon Ross /* text-name, pre, func, post, cmd-code, dialect, flags */
75*a90cf9f2SGordon Ross
76*a90cf9f2SGordon Ross { "smb2_negotiate", NULL,
77*a90cf9f2SGordon Ross smb2_negotiate, NULL, 0, 0,
78*a90cf9f2SGordon Ross SDDF_SUPPRESS_TID | SDDF_SUPPRESS_UID },
79*a90cf9f2SGordon Ross
80*a90cf9f2SGordon Ross { "smb2_session_setup", NULL,
81*a90cf9f2SGordon Ross smb2_session_setup, NULL, 0, 0,
82*a90cf9f2SGordon Ross SDDF_SUPPRESS_TID | SDDF_SUPPRESS_UID },
83*a90cf9f2SGordon Ross
84*a90cf9f2SGordon Ross { "smb2_logoff", NULL,
85*a90cf9f2SGordon Ross smb2_logoff, NULL, 0, 0,
86*a90cf9f2SGordon Ross SDDF_SUPPRESS_TID },
87*a90cf9f2SGordon Ross
88*a90cf9f2SGordon Ross { "smb2_tree_connect", NULL,
89*a90cf9f2SGordon Ross smb2_tree_connect, NULL, 0, 0,
90*a90cf9f2SGordon Ross SDDF_SUPPRESS_TID },
91*a90cf9f2SGordon Ross
92*a90cf9f2SGordon Ross { "smb2_tree_disconn", NULL,
93*a90cf9f2SGordon Ross smb2_tree_disconn, NULL, 0, 0 },
94*a90cf9f2SGordon Ross
95*a90cf9f2SGordon Ross { "smb2_create", NULL,
96*a90cf9f2SGordon Ross smb2_create, NULL, 0, 0 },
97*a90cf9f2SGordon Ross
98*a90cf9f2SGordon Ross { "smb2_close", NULL,
99*a90cf9f2SGordon Ross smb2_close, NULL, 0, 0 },
100*a90cf9f2SGordon Ross
101*a90cf9f2SGordon Ross { "smb2_flush", NULL,
102*a90cf9f2SGordon Ross smb2_flush, NULL, 0, 0 },
103*a90cf9f2SGordon Ross
104*a90cf9f2SGordon Ross { "smb2_read", NULL,
105*a90cf9f2SGordon Ross smb2_read, NULL, 0, 0 },
106*a90cf9f2SGordon Ross
107*a90cf9f2SGordon Ross { "smb2_write", NULL,
108*a90cf9f2SGordon Ross smb2_write, NULL, 0, 0 },
109*a90cf9f2SGordon Ross
110*a90cf9f2SGordon Ross { "smb2_lock", NULL,
111*a90cf9f2SGordon Ross smb2_lock, NULL, 0, 0 },
112*a90cf9f2SGordon Ross
113*a90cf9f2SGordon Ross { "smb2_ioctl", NULL,
114*a90cf9f2SGordon Ross smb2_ioctl, NULL, 0, 0 },
115*a90cf9f2SGordon Ross
116*a90cf9f2SGordon Ross /*
117*a90cf9f2SGordon Ross * Note: Cancel gets the "invalid command" handler because
118*a90cf9f2SGordon Ross * that's always handled directly in the reader. We should
119*a90cf9f2SGordon Ross * never get to the function using this table, but note:
120*a90cf9f2SGordon Ross * We CAN get here if a nasty client adds cancel to some
121*a90cf9f2SGordon Ross * compound message, which is a protocol violation.
122*a90cf9f2SGordon Ross */
123*a90cf9f2SGordon Ross { "smb2_cancel", NULL,
124*a90cf9f2SGordon Ross smb2_invalid_cmd, NULL, 0, 0 },
125*a90cf9f2SGordon Ross
126*a90cf9f2SGordon Ross { "smb2_echo", NULL,
127*a90cf9f2SGordon Ross smb2_echo, NULL, 0, 0,
128*a90cf9f2SGordon Ross SDDF_SUPPRESS_UID | SDDF_SUPPRESS_TID },
129*a90cf9f2SGordon Ross
130*a90cf9f2SGordon Ross { "smb2_query_dir", NULL,
131*a90cf9f2SGordon Ross smb2_query_dir, NULL, 0, 0 },
132*a90cf9f2SGordon Ross
133*a90cf9f2SGordon Ross { "smb2_change_notify", NULL,
134*a90cf9f2SGordon Ross smb2_change_notify, NULL, 0, 0 },
135*a90cf9f2SGordon Ross
136*a90cf9f2SGordon Ross { "smb2_query_info", NULL,
137*a90cf9f2SGordon Ross smb2_query_info, NULL, 0, 0 },
138*a90cf9f2SGordon Ross
139*a90cf9f2SGordon Ross { "smb2_set_info", NULL,
140*a90cf9f2SGordon Ross smb2_set_info, NULL, 0, 0 },
141*a90cf9f2SGordon Ross
142*a90cf9f2SGordon Ross { "smb2_oplock_break_ack", NULL,
143*a90cf9f2SGordon Ross smb2_oplock_break_ack, NULL, 0, 0 },
144*a90cf9f2SGordon Ross
145*a90cf9f2SGordon Ross { "smb2_invalid_cmd", NULL,
146*a90cf9f2SGordon Ross smb2_invalid_cmd, NULL, 0, 0,
147*a90cf9f2SGordon Ross SDDF_SUPPRESS_UID | SDDF_SUPPRESS_TID },
148*a90cf9f2SGordon Ross };
149*a90cf9f2SGordon Ross
150*a90cf9f2SGordon Ross smb_sdrc_t
smb2_invalid_cmd(smb_request_t * sr)151*a90cf9f2SGordon Ross smb2_invalid_cmd(smb_request_t *sr)
152*a90cf9f2SGordon Ross {
153*a90cf9f2SGordon Ross #ifdef DEBUG
154*a90cf9f2SGordon Ross cmn_err(CE_NOTE, "clnt %s bad SMB2 cmd code",
155*a90cf9f2SGordon Ross sr->session->ip_addr_str);
156*a90cf9f2SGordon Ross #endif
157*a90cf9f2SGordon Ross sr->smb2_status = NT_STATUS_INVALID_PARAMETER;
158*a90cf9f2SGordon Ross return (SDRC_DROP_VC);
159*a90cf9f2SGordon Ross }
160*a90cf9f2SGordon Ross
161*a90cf9f2SGordon Ross /*
162*a90cf9f2SGordon Ross * This is the SMB2 handler for new smb requests, called from
163*a90cf9f2SGordon Ross * smb_session_reader after SMB negotiate is done. For most SMB2
164*a90cf9f2SGordon Ross * requests, we just enqueue them for the smb_session_worker to
165*a90cf9f2SGordon Ross * execute via the task queue, so they can block for resources
166*a90cf9f2SGordon Ross * without stopping the reader thread. A few protocol messages
167*a90cf9f2SGordon Ross * are special cases and are handled directly here in the reader
168*a90cf9f2SGordon Ross * thread so they don't wait for taskq scheduling.
169*a90cf9f2SGordon Ross *
170*a90cf9f2SGordon Ross * This function must either enqueue the new request for
171*a90cf9f2SGordon Ross * execution via the task queue, or execute it directly
172*a90cf9f2SGordon Ross * and then free it. If this returns non-zero, the caller
173*a90cf9f2SGordon Ross * will drop the session.
174*a90cf9f2SGordon Ross */
175*a90cf9f2SGordon Ross int
smb2sr_newrq(smb_request_t * sr)176*a90cf9f2SGordon Ross smb2sr_newrq(smb_request_t *sr)
177*a90cf9f2SGordon Ross {
178*a90cf9f2SGordon Ross uint32_t magic;
179*a90cf9f2SGordon Ross uint16_t command;
180*a90cf9f2SGordon Ross int rc;
181*a90cf9f2SGordon Ross
182*a90cf9f2SGordon Ross magic = LE_IN32(sr->sr_request_buf);
183*a90cf9f2SGordon Ross if (magic != SMB2_PROTOCOL_MAGIC) {
184*a90cf9f2SGordon Ross smb_request_free(sr);
185*a90cf9f2SGordon Ross /* will drop the connection */
186*a90cf9f2SGordon Ross return (EPROTO);
187*a90cf9f2SGordon Ross }
188*a90cf9f2SGordon Ross
189*a90cf9f2SGordon Ross /*
190*a90cf9f2SGordon Ross * Execute Cancel requests immediately, (here in the
191*a90cf9f2SGordon Ross * reader thread) so they won't wait for any other
192*a90cf9f2SGordon Ross * commands we might already have in the task queue.
193*a90cf9f2SGordon Ross * Cancel also skips signature verification and
194*a90cf9f2SGordon Ross * does not consume a sequence number.
195*a90cf9f2SGordon Ross * [MS-SMB2] 3.2.4.24 Cancellation...
196*a90cf9f2SGordon Ross */
197*a90cf9f2SGordon Ross command = LE_IN16((uint8_t *)sr->sr_request_buf + 12);
198*a90cf9f2SGordon Ross if (command == SMB2_CANCEL) {
199*a90cf9f2SGordon Ross rc = smb2sr_newrq_cancel(sr);
200*a90cf9f2SGordon Ross smb_request_free(sr);
201*a90cf9f2SGordon Ross return (rc);
202*a90cf9f2SGordon Ross }
203*a90cf9f2SGordon Ross
204*a90cf9f2SGordon Ross /*
205*a90cf9f2SGordon Ross * Submit the request to the task queue, which calls
206*a90cf9f2SGordon Ross * smb2_tq_work when the workload permits.
207*a90cf9f2SGordon Ross */
208*a90cf9f2SGordon Ross sr->sr_time_submitted = gethrtime();
209*a90cf9f2SGordon Ross sr->sr_state = SMB_REQ_STATE_SUBMITTED;
210*a90cf9f2SGordon Ross smb_srqueue_waitq_enter(sr->session->s_srqueue);
211*a90cf9f2SGordon Ross (void) taskq_dispatch(sr->sr_server->sv_worker_pool,
212*a90cf9f2SGordon Ross smb2_tq_work, sr, TQ_SLEEP);
213*a90cf9f2SGordon Ross
214*a90cf9f2SGordon Ross return (0);
215*a90cf9f2SGordon Ross }
216*a90cf9f2SGordon Ross
217*a90cf9f2SGordon Ross static void
smb2_tq_work(void * arg)218*a90cf9f2SGordon Ross smb2_tq_work(void *arg)
219*a90cf9f2SGordon Ross {
220*a90cf9f2SGordon Ross smb_request_t *sr;
221*a90cf9f2SGordon Ross smb_srqueue_t *srq;
222*a90cf9f2SGordon Ross
223*a90cf9f2SGordon Ross sr = (smb_request_t *)arg;
224*a90cf9f2SGordon Ross SMB_REQ_VALID(sr);
225*a90cf9f2SGordon Ross
226*a90cf9f2SGordon Ross srq = sr->session->s_srqueue;
227*a90cf9f2SGordon Ross smb_srqueue_waitq_to_runq(srq);
228*a90cf9f2SGordon Ross sr->sr_worker = curthread;
229*a90cf9f2SGordon Ross sr->sr_time_active = gethrtime();
230*a90cf9f2SGordon Ross
231*a90cf9f2SGordon Ross /*
232*a90cf9f2SGordon Ross * In contrast with SMB1, SMB2 must _always_ dispatch to
233*a90cf9f2SGordon Ross * the handler function, because cancelled requests need
234*a90cf9f2SGordon Ross * an error reply (NT_STATUS_CANCELLED).
235*a90cf9f2SGordon Ross */
236*a90cf9f2SGordon Ross smb2sr_work(sr);
237*a90cf9f2SGordon Ross
238*a90cf9f2SGordon Ross smb_srqueue_runq_exit(srq);
239*a90cf9f2SGordon Ross }
240*a90cf9f2SGordon Ross
241*a90cf9f2SGordon Ross /*
242*a90cf9f2SGordon Ross * smb2sr_work
243*a90cf9f2SGordon Ross *
244*a90cf9f2SGordon Ross * This function processes each SMB command in the current request
245*a90cf9f2SGordon Ross * (which may be a compound request) building a reply containing
246*a90cf9f2SGordon Ross * SMB reply messages, one-to-one with the SMB commands. Some SMB
247*a90cf9f2SGordon Ross * commands (change notify, blocking locks) may require both an
248*a90cf9f2SGordon Ross * "interim response" and a later "async response" at completion.
249*a90cf9f2SGordon Ross * In such cases, we'll encode the interim response in the reply
250*a90cf9f2SGordon Ross * compound we're building, and put the (now async) command on a
251*a90cf9f2SGordon Ross * list of commands that need further processing. After we've
252*a90cf9f2SGordon Ross * finished processing the commands in this compound and building
253*a90cf9f2SGordon Ross * the compound reply, we'll send the compound reply, and finally
254*a90cf9f2SGordon Ross * process the list of async commands.
255*a90cf9f2SGordon Ross *
256*a90cf9f2SGordon Ross * As we work our way through the compound request and reply,
257*a90cf9f2SGordon Ross * we need to keep track of the bounds of the current request
258*a90cf9f2SGordon Ross * and reply. For the request, this uses an MBC_SHADOW_CHAIN
259*a90cf9f2SGordon Ross * that begins at smb2_cmd_hdr. The reply is appended to the
260*a90cf9f2SGordon Ross * sr->reply chain starting at smb2_reply_hdr.
261*a90cf9f2SGordon Ross *
262*a90cf9f2SGordon Ross * This function must always free the smb request.
263*a90cf9f2SGordon Ross */
264*a90cf9f2SGordon Ross void
smb2sr_work(struct smb_request * sr)265*a90cf9f2SGordon Ross smb2sr_work(struct smb_request *sr)
266*a90cf9f2SGordon Ross {
267*a90cf9f2SGordon Ross const smb_disp_entry_t *sdd;
268*a90cf9f2SGordon Ross smb_disp_stats_t *sds;
269*a90cf9f2SGordon Ross smb_session_t *session;
270*a90cf9f2SGordon Ross uint32_t msg_len;
271*a90cf9f2SGordon Ross uint16_t cmd_idx;
272*a90cf9f2SGordon Ross int rc = 0;
273*a90cf9f2SGordon Ross boolean_t disconnect = B_FALSE;
274*a90cf9f2SGordon Ross boolean_t related;
275*a90cf9f2SGordon Ross
276*a90cf9f2SGordon Ross session = sr->session;
277*a90cf9f2SGordon Ross
278*a90cf9f2SGordon Ross ASSERT(sr->tid_tree == 0);
279*a90cf9f2SGordon Ross ASSERT(sr->uid_user == 0);
280*a90cf9f2SGordon Ross ASSERT(sr->fid_ofile == 0);
281*a90cf9f2SGordon Ross sr->smb_fid = (uint16_t)-1;
282*a90cf9f2SGordon Ross sr->smb2_status = 0;
283*a90cf9f2SGordon Ross
284*a90cf9f2SGordon Ross /* temporary until we identify a user */
285*a90cf9f2SGordon Ross sr->user_cr = zone_kcred();
286*a90cf9f2SGordon Ross
287*a90cf9f2SGordon Ross mutex_enter(&sr->sr_mutex);
288*a90cf9f2SGordon Ross switch (sr->sr_state) {
289*a90cf9f2SGordon Ross case SMB_REQ_STATE_SUBMITTED:
290*a90cf9f2SGordon Ross case SMB_REQ_STATE_CLEANED_UP:
291*a90cf9f2SGordon Ross sr->sr_state = SMB_REQ_STATE_ACTIVE;
292*a90cf9f2SGordon Ross break;
293*a90cf9f2SGordon Ross default:
294*a90cf9f2SGordon Ross ASSERT(0);
295*a90cf9f2SGordon Ross /* FALLTHROUGH */
296*a90cf9f2SGordon Ross case SMB_REQ_STATE_CANCELED:
297*a90cf9f2SGordon Ross sr->smb2_status = NT_STATUS_CANCELLED;
298*a90cf9f2SGordon Ross break;
299*a90cf9f2SGordon Ross }
300*a90cf9f2SGordon Ross mutex_exit(&sr->sr_mutex);
301*a90cf9f2SGordon Ross
302*a90cf9f2SGordon Ross cmd_start:
303*a90cf9f2SGordon Ross /*
304*a90cf9f2SGordon Ross * Decode the request header
305*a90cf9f2SGordon Ross *
306*a90cf9f2SGordon Ross * Most problems with decoding will result in the error
307*a90cf9f2SGordon Ross * STATUS_INVALID_PARAMETER. If the decoding problem
308*a90cf9f2SGordon Ross * prevents continuing, we'll close the connection.
309*a90cf9f2SGordon Ross * [MS-SMB2] 3.3.5.2.6 Handling Incorrectly Formatted...
310*a90cf9f2SGordon Ross *
311*a90cf9f2SGordon Ross * We treat some status codes as if "sticky", meaning
312*a90cf9f2SGordon Ross * once they're set after some command handler returns,
313*a90cf9f2SGordon Ross * all remaining commands get this status without even
314*a90cf9f2SGordon Ross * calling the command-specific handler. The cancelled
315*a90cf9f2SGordon Ross * status is used above, and insufficient_resources is
316*a90cf9f2SGordon Ross * used when smb2sr_go_async declines to "go async".
317*a90cf9f2SGordon Ross * Otherwise initialize to zero (success).
318*a90cf9f2SGordon Ross */
319*a90cf9f2SGordon Ross if (sr->smb2_status != NT_STATUS_CANCELLED &&
320*a90cf9f2SGordon Ross sr->smb2_status != NT_STATUS_INSUFFICIENT_RESOURCES)
321*a90cf9f2SGordon Ross sr->smb2_status = 0;
322*a90cf9f2SGordon Ross
323*a90cf9f2SGordon Ross sr->smb2_cmd_hdr = sr->command.chain_offset;
324*a90cf9f2SGordon Ross if ((rc = smb2_decode_header(sr)) != 0) {
325*a90cf9f2SGordon Ross cmn_err(CE_WARN, "clnt %s bad SMB2 header",
326*a90cf9f2SGordon Ross session->ip_addr_str);
327*a90cf9f2SGordon Ross disconnect = B_TRUE;
328*a90cf9f2SGordon Ross goto cleanup;
329*a90cf9f2SGordon Ross }
330*a90cf9f2SGordon Ross
331*a90cf9f2SGordon Ross /*
332*a90cf9f2SGordon Ross * The SMB2_FLAGS_SERVER_TO_REDIR should only appear
333*a90cf9f2SGordon Ross * in messages from the server back to the client.
334*a90cf9f2SGordon Ross */
335*a90cf9f2SGordon Ross if ((sr->smb2_hdr_flags & SMB2_FLAGS_SERVER_TO_REDIR) != 0) {
336*a90cf9f2SGordon Ross cmn_err(CE_WARN, "clnt %s bad SMB2 flags",
337*a90cf9f2SGordon Ross session->ip_addr_str);
338*a90cf9f2SGordon Ross disconnect = B_TRUE;
339*a90cf9f2SGordon Ross goto cleanup;
340*a90cf9f2SGordon Ross }
341*a90cf9f2SGordon Ross related = (sr->smb2_hdr_flags & SMB2_FLAGS_RELATED_OPERATIONS);
342*a90cf9f2SGordon Ross
343*a90cf9f2SGordon Ross /*
344*a90cf9f2SGordon Ross * In case we bail out with an error before we get to the
345*a90cf9f2SGordon Ross * section that computes the credit grant, initialize the
346*a90cf9f2SGordon Ross * response header fields so that credits won't change.
347*a90cf9f2SGordon Ross * Note: SMB 2.02 clients may send credit charge zero.
348*a90cf9f2SGordon Ross */
349*a90cf9f2SGordon Ross if (sr->smb2_credit_charge == 0)
350*a90cf9f2SGordon Ross sr->smb2_credit_charge = 1;
351*a90cf9f2SGordon Ross sr->smb2_credit_response = sr->smb2_credit_charge;
352*a90cf9f2SGordon Ross
353*a90cf9f2SGordon Ross /*
354*a90cf9f2SGordon Ross * Reserve space for the reply header, and save the offset.
355*a90cf9f2SGordon Ross * The reply header will be overwritten later. If we have
356*a90cf9f2SGordon Ross * already exhausted the output space, then this client is
357*a90cf9f2SGordon Ross * trying something funny. Log it and kill 'em.
358*a90cf9f2SGordon Ross */
359*a90cf9f2SGordon Ross sr->smb2_reply_hdr = sr->reply.chain_offset;
360*a90cf9f2SGordon Ross if ((rc = smb2_encode_header(sr, B_FALSE)) != 0) {
361*a90cf9f2SGordon Ross cmn_err(CE_WARN, "clnt %s excessive reply",
362*a90cf9f2SGordon Ross session->ip_addr_str);
363*a90cf9f2SGordon Ross disconnect = B_TRUE;
364*a90cf9f2SGordon Ross goto cleanup;
365*a90cf9f2SGordon Ross }
366*a90cf9f2SGordon Ross
367*a90cf9f2SGordon Ross /*
368*a90cf9f2SGordon Ross * Figure out the length of data following the SMB2 header.
369*a90cf9f2SGordon Ross * It ends at either the next SMB2 header if there is one
370*a90cf9f2SGordon Ross * (smb2_next_command != 0) or at the end of the message.
371*a90cf9f2SGordon Ross */
372*a90cf9f2SGordon Ross if (sr->smb2_next_command != 0) {
373*a90cf9f2SGordon Ross /* [MS-SMB2] says this is 8-byte aligned */
374*a90cf9f2SGordon Ross msg_len = sr->smb2_next_command;
375*a90cf9f2SGordon Ross if ((msg_len & 7) != 0 || (msg_len < SMB2_HDR_SIZE) ||
376*a90cf9f2SGordon Ross ((sr->smb2_cmd_hdr + msg_len) > sr->command.max_bytes)) {
377*a90cf9f2SGordon Ross cmn_err(CE_WARN, "clnt %s bad SMB2 next cmd",
378*a90cf9f2SGordon Ross session->ip_addr_str);
379*a90cf9f2SGordon Ross disconnect = B_TRUE;
380*a90cf9f2SGordon Ross goto cleanup;
381*a90cf9f2SGordon Ross }
382*a90cf9f2SGordon Ross } else {
383*a90cf9f2SGordon Ross msg_len = sr->command.max_bytes - sr->smb2_cmd_hdr;
384*a90cf9f2SGordon Ross }
385*a90cf9f2SGordon Ross
386*a90cf9f2SGordon Ross /*
387*a90cf9f2SGordon Ross * Setup a shadow chain for this SMB2 command, starting
388*a90cf9f2SGordon Ross * with the header and ending at either the next command
389*a90cf9f2SGordon Ross * or the end of the message. The signing check below
390*a90cf9f2SGordon Ross * needs the entire SMB2 command. After that's done, we
391*a90cf9f2SGordon Ross * advance chain_offset to the end of the header where
392*a90cf9f2SGordon Ross * the command specific handlers continue decoding.
393*a90cf9f2SGordon Ross */
394*a90cf9f2SGordon Ross (void) MBC_SHADOW_CHAIN(&sr->smb_data, &sr->command,
395*a90cf9f2SGordon Ross sr->smb2_cmd_hdr, msg_len);
396*a90cf9f2SGordon Ross
397*a90cf9f2SGordon Ross /*
398*a90cf9f2SGordon Ross * Validate the commmand code, get dispatch table entries.
399*a90cf9f2SGordon Ross * [MS-SMB2] 3.3.5.2.6 Handling Incorrectly Formatted...
400*a90cf9f2SGordon Ross *
401*a90cf9f2SGordon Ross * The last slot in the dispatch table is used to handle
402*a90cf9f2SGordon Ross * invalid commands. Same for statistics.
403*a90cf9f2SGordon Ross */
404*a90cf9f2SGordon Ross if (sr->smb2_cmd_code < SMB2_INVALID_CMD)
405*a90cf9f2SGordon Ross cmd_idx = sr->smb2_cmd_code;
406*a90cf9f2SGordon Ross else
407*a90cf9f2SGordon Ross cmd_idx = SMB2_INVALID_CMD;
408*a90cf9f2SGordon Ross sdd = &smb2_disp_table[cmd_idx];
409*a90cf9f2SGordon Ross sds = &session->s_server->sv_disp_stats2[cmd_idx];
410*a90cf9f2SGordon Ross
411*a90cf9f2SGordon Ross /*
412*a90cf9f2SGordon Ross * If this command is NOT "related" to the previous,
413*a90cf9f2SGordon Ross * clear out the UID, TID, FID state that might be
414*a90cf9f2SGordon Ross * left over from the previous command.
415*a90cf9f2SGordon Ross *
416*a90cf9f2SGordon Ross * If the command IS related, any new IDs are ignored,
417*a90cf9f2SGordon Ross * and we simply continue with the previous user, tree,
418*a90cf9f2SGordon Ross * and open file.
419*a90cf9f2SGordon Ross */
420*a90cf9f2SGordon Ross if (!related) {
421*a90cf9f2SGordon Ross /*
422*a90cf9f2SGordon Ross * Drop user, tree, file; carefully ordered to
423*a90cf9f2SGordon Ross * avoid dangling references: file, tree, user
424*a90cf9f2SGordon Ross */
425*a90cf9f2SGordon Ross if (sr->fid_ofile != NULL) {
426*a90cf9f2SGordon Ross smb_ofile_request_complete(sr->fid_ofile);
427*a90cf9f2SGordon Ross smb_ofile_release(sr->fid_ofile);
428*a90cf9f2SGordon Ross sr->fid_ofile = NULL;
429*a90cf9f2SGordon Ross }
430*a90cf9f2SGordon Ross if (sr->tid_tree != NULL) {
431*a90cf9f2SGordon Ross smb_tree_release(sr->tid_tree);
432*a90cf9f2SGordon Ross sr->tid_tree = NULL;
433*a90cf9f2SGordon Ross }
434*a90cf9f2SGordon Ross if (sr->uid_user != NULL) {
435*a90cf9f2SGordon Ross smb_user_release(sr->uid_user);
436*a90cf9f2SGordon Ross sr->uid_user = NULL;
437*a90cf9f2SGordon Ross sr->user_cr = zone_kcred();
438*a90cf9f2SGordon Ross }
439*a90cf9f2SGordon Ross }
440*a90cf9f2SGordon Ross
441*a90cf9f2SGordon Ross /*
442*a90cf9f2SGordon Ross * Make sure we have a user and tree as needed
443*a90cf9f2SGordon Ross * according to the flags for the this command.
444*a90cf9f2SGordon Ross * Note that we may have inherited these.
445*a90cf9f2SGordon Ross */
446*a90cf9f2SGordon Ross if ((sdd->sdt_flags & SDDF_SUPPRESS_UID) == 0) {
447*a90cf9f2SGordon Ross /*
448*a90cf9f2SGordon Ross * This command requires a user session.
449*a90cf9f2SGordon Ross */
450*a90cf9f2SGordon Ross if (related) {
451*a90cf9f2SGordon Ross /*
452*a90cf9f2SGordon Ross * Previous command should have given us a user.
453*a90cf9f2SGordon Ross * [MS-SMB2] 3.3.5.2 Handling Related Requests
454*a90cf9f2SGordon Ross */
455*a90cf9f2SGordon Ross if (sr->uid_user == NULL) {
456*a90cf9f2SGordon Ross smb2sr_put_error(sr,
457*a90cf9f2SGordon Ross NT_STATUS_INVALID_PARAMETER);
458*a90cf9f2SGordon Ross goto cmd_done;
459*a90cf9f2SGordon Ross }
460*a90cf9f2SGordon Ross sr->smb_uid = sr->uid_user->u_uid;
461*a90cf9f2SGordon Ross } else {
462*a90cf9f2SGordon Ross /*
463*a90cf9f2SGordon Ross * Lookup the UID
464*a90cf9f2SGordon Ross * [MS-SMB2] 3.3.5.2 Verifying the Session
465*a90cf9f2SGordon Ross */
466*a90cf9f2SGordon Ross ASSERT(sr->uid_user == NULL);
467*a90cf9f2SGordon Ross sr->uid_user = smb_session_lookup_uid(session,
468*a90cf9f2SGordon Ross sr->smb_uid);
469*a90cf9f2SGordon Ross if (sr->uid_user == NULL) {
470*a90cf9f2SGordon Ross smb2sr_put_error(sr,
471*a90cf9f2SGordon Ross NT_STATUS_USER_SESSION_DELETED);
472*a90cf9f2SGordon Ross goto cmd_done;
473*a90cf9f2SGordon Ross }
474*a90cf9f2SGordon Ross sr->user_cr = smb_user_getcred(sr->uid_user);
475*a90cf9f2SGordon Ross }
476*a90cf9f2SGordon Ross ASSERT(sr->uid_user != NULL);
477*a90cf9f2SGordon Ross }
478*a90cf9f2SGordon Ross
479*a90cf9f2SGordon Ross if ((sdd->sdt_flags & SDDF_SUPPRESS_TID) == 0) {
480*a90cf9f2SGordon Ross /*
481*a90cf9f2SGordon Ross * This command requires a tree connection.
482*a90cf9f2SGordon Ross */
483*a90cf9f2SGordon Ross if (related) {
484*a90cf9f2SGordon Ross /*
485*a90cf9f2SGordon Ross * Previous command should have given us a tree.
486*a90cf9f2SGordon Ross * [MS-SMB2] 3.3.5.2 Handling Related Requests
487*a90cf9f2SGordon Ross */
488*a90cf9f2SGordon Ross if (sr->tid_tree == NULL) {
489*a90cf9f2SGordon Ross smb2sr_put_error(sr,
490*a90cf9f2SGordon Ross NT_STATUS_INVALID_PARAMETER);
491*a90cf9f2SGordon Ross goto cmd_done;
492*a90cf9f2SGordon Ross }
493*a90cf9f2SGordon Ross sr->smb_tid = sr->tid_tree->t_tid;
494*a90cf9f2SGordon Ross } else {
495*a90cf9f2SGordon Ross /*
496*a90cf9f2SGordon Ross * Lookup the TID
497*a90cf9f2SGordon Ross * [MS-SMB2] 3.3.5.2 Verifying the Tree Connect
498*a90cf9f2SGordon Ross */
499*a90cf9f2SGordon Ross ASSERT(sr->tid_tree == NULL);
500*a90cf9f2SGordon Ross sr->tid_tree = smb_session_lookup_tree(session,
501*a90cf9f2SGordon Ross sr->smb_tid);
502*a90cf9f2SGordon Ross if (sr->tid_tree == NULL) {
503*a90cf9f2SGordon Ross smb2sr_put_error(sr,
504*a90cf9f2SGordon Ross NT_STATUS_NETWORK_NAME_DELETED);
505*a90cf9f2SGordon Ross goto cmd_done;
506*a90cf9f2SGordon Ross }
507*a90cf9f2SGordon Ross }
508*a90cf9f2SGordon Ross ASSERT(sr->tid_tree != NULL);
509*a90cf9f2SGordon Ross }
510*a90cf9f2SGordon Ross
511*a90cf9f2SGordon Ross /*
512*a90cf9f2SGordon Ross * SMB2 signature verification, two parts:
513*a90cf9f2SGordon Ross * (a) Require SMB2_FLAGS_SIGNED (for most request types)
514*a90cf9f2SGordon Ross * (b) If SMB2_FLAGS_SIGNED is set, check the signature.
515*a90cf9f2SGordon Ross * [MS-SMB2] 3.3.5.2.4 Verifying the Signature
516*a90cf9f2SGordon Ross */
517*a90cf9f2SGordon Ross
518*a90cf9f2SGordon Ross /*
519*a90cf9f2SGordon Ross * No user session means no signature check. That's OK,
520*a90cf9f2SGordon Ross * i.e. for commands marked SDDF_SUPPRESS_UID above.
521*a90cf9f2SGordon Ross * Note, this also means we won't sign the reply.
522*a90cf9f2SGordon Ross */
523*a90cf9f2SGordon Ross if (sr->uid_user == NULL)
524*a90cf9f2SGordon Ross sr->smb2_hdr_flags &= ~SMB2_FLAGS_SIGNED;
525*a90cf9f2SGordon Ross
526*a90cf9f2SGordon Ross /*
527*a90cf9f2SGordon Ross * The SDDF_SUPPRESS_UID dispatch is set for requests that
528*a90cf9f2SGordon Ross * don't need a UID (user). These also don't require a
529*a90cf9f2SGordon Ross * signature check here.
530*a90cf9f2SGordon Ross */
531*a90cf9f2SGordon Ross if ((sdd->sdt_flags & SDDF_SUPPRESS_UID) == 0 &&
532*a90cf9f2SGordon Ross sr->uid_user != NULL &&
533*a90cf9f2SGordon Ross (sr->uid_user->u_sign_flags & SMB_SIGNING_CHECK) != 0) {
534*a90cf9f2SGordon Ross /*
535*a90cf9f2SGordon Ross * This request type should be signed, and
536*a90cf9f2SGordon Ross * we're configured to require signatures.
537*a90cf9f2SGordon Ross */
538*a90cf9f2SGordon Ross if ((sr->smb2_hdr_flags & SMB2_FLAGS_SIGNED) == 0) {
539*a90cf9f2SGordon Ross smb2sr_put_error(sr, NT_STATUS_ACCESS_DENIED);
540*a90cf9f2SGordon Ross goto cmd_done;
541*a90cf9f2SGordon Ross }
542*a90cf9f2SGordon Ross rc = smb2_sign_check_request(sr);
543*a90cf9f2SGordon Ross if (rc != 0) {
544*a90cf9f2SGordon Ross DTRACE_PROBE1(smb2__sign__check, smb_request_t, sr);
545*a90cf9f2SGordon Ross smb2sr_put_error(sr, NT_STATUS_ACCESS_DENIED);
546*a90cf9f2SGordon Ross goto cmd_done;
547*a90cf9f2SGordon Ross }
548*a90cf9f2SGordon Ross }
549*a90cf9f2SGordon Ross
550*a90cf9f2SGordon Ross /*
551*a90cf9f2SGordon Ross * Now that the signing check is done with smb_data,
552*a90cf9f2SGordon Ross * advance past the SMB2 header we decoded earlier.
553*a90cf9f2SGordon Ross * This leaves sr->smb_data correctly positioned
554*a90cf9f2SGordon Ross * for command-specific decoding in the dispatch
555*a90cf9f2SGordon Ross * function called next.
556*a90cf9f2SGordon Ross */
557*a90cf9f2SGordon Ross sr->smb_data.chain_offset = sr->smb2_cmd_hdr + SMB2_HDR_SIZE;
558*a90cf9f2SGordon Ross
559*a90cf9f2SGordon Ross /*
560*a90cf9f2SGordon Ross * SMB2 credits determine how many simultaneous commands the
561*a90cf9f2SGordon Ross * client may issue, and bounds the range of message IDs those
562*a90cf9f2SGordon Ross * commands may use. With multi-credit support, commands may
563*a90cf9f2SGordon Ross * use ranges of message IDs, where the credits used by each
564*a90cf9f2SGordon Ross * command are proportional to their data transfer size.
565*a90cf9f2SGordon Ross *
566*a90cf9f2SGordon Ross * Every command may request an increase or decrease of
567*a90cf9f2SGordon Ross * the currently granted credits, based on the difference
568*a90cf9f2SGordon Ross * between the credit request and the credit charge.
569*a90cf9f2SGordon Ross * [MS-SMB2] 3.3.1.2 Algorithm for the Granting of Credits
570*a90cf9f2SGordon Ross *
571*a90cf9f2SGordon Ross * Most commands have credit_request=1, credit_charge=1,
572*a90cf9f2SGordon Ross * which keeps the credit grant unchanged.
573*a90cf9f2SGordon Ross *
574*a90cf9f2SGordon Ross * All we're really doing here (for now) is reducing the
575*a90cf9f2SGordon Ross * credit_response if the client requests a credit increase
576*a90cf9f2SGordon Ross * that would take their credit over the maximum, and
577*a90cf9f2SGordon Ross * limiting the decrease so they don't run out of credits.
578*a90cf9f2SGordon Ross *
579*a90cf9f2SGordon Ross * Later, this could do something dynamic based on load.
580*a90cf9f2SGordon Ross *
581*a90cf9f2SGordon Ross * One other non-obvious bit about credits: We keep the
582*a90cf9f2SGordon Ross * session s_max_credits low until the 1st authentication,
583*a90cf9f2SGordon Ross * at which point we'll set the normal maximum_credits.
584*a90cf9f2SGordon Ross * Some clients ask for more credits with session setup,
585*a90cf9f2SGordon Ross * and we need to handle that requested increase _after_
586*a90cf9f2SGordon Ross * the command-specific handler returns so it won't be
587*a90cf9f2SGordon Ross * restricted to the lower (pre-auth) limit.
588*a90cf9f2SGordon Ross */
589*a90cf9f2SGordon Ross sr->smb2_credit_response = sr->smb2_credit_request;
590*a90cf9f2SGordon Ross if (sr->smb2_credit_request < sr->smb2_credit_charge) {
591*a90cf9f2SGordon Ross uint16_t cur, d;
592*a90cf9f2SGordon Ross
593*a90cf9f2SGordon Ross mutex_enter(&session->s_credits_mutex);
594*a90cf9f2SGordon Ross cur = session->s_cur_credits;
595*a90cf9f2SGordon Ross
596*a90cf9f2SGordon Ross /* Handle credit decrease. */
597*a90cf9f2SGordon Ross d = sr->smb2_credit_charge - sr->smb2_credit_request;
598*a90cf9f2SGordon Ross cur -= d;
599*a90cf9f2SGordon Ross if (cur & 0x8000) {
600*a90cf9f2SGordon Ross /*
601*a90cf9f2SGordon Ross * underflow (bad credit charge or request)
602*a90cf9f2SGordon Ross * leave credits unchanged (response=charge)
603*a90cf9f2SGordon Ross */
604*a90cf9f2SGordon Ross cur = session->s_cur_credits;
605*a90cf9f2SGordon Ross sr->smb2_credit_response = sr->smb2_credit_charge;
606*a90cf9f2SGordon Ross DTRACE_PROBE1(smb2__credit__neg, smb_request_t, sr);
607*a90cf9f2SGordon Ross }
608*a90cf9f2SGordon Ross
609*a90cf9f2SGordon Ross /*
610*a90cf9f2SGordon Ross * The server MUST ensure that the number of credits
611*a90cf9f2SGordon Ross * held by the client is never reduced to zero.
612*a90cf9f2SGordon Ross * [MS-SMB2] 3.3.1.2
613*a90cf9f2SGordon Ross */
614*a90cf9f2SGordon Ross if (cur == 0) {
615*a90cf9f2SGordon Ross cur = 1;
616*a90cf9f2SGordon Ross sr->smb2_credit_response += 1;
617*a90cf9f2SGordon Ross DTRACE_PROBE1(smb2__credit__min, smb_request_t, sr);
618*a90cf9f2SGordon Ross }
619*a90cf9f2SGordon Ross
620*a90cf9f2SGordon Ross DTRACE_PROBE3(smb2__credit__decrease,
621*a90cf9f2SGordon Ross smb_request_t, sr, int, (int)cur,
622*a90cf9f2SGordon Ross int, (int)session->s_cur_credits);
623*a90cf9f2SGordon Ross
624*a90cf9f2SGordon Ross session->s_cur_credits = cur;
625*a90cf9f2SGordon Ross mutex_exit(&session->s_credits_mutex);
626*a90cf9f2SGordon Ross }
627*a90cf9f2SGordon Ross
628*a90cf9f2SGordon Ross /*
629*a90cf9f2SGordon Ross * The real work: call the SMB2 command handler
630*a90cf9f2SGordon Ross * (except for "sticky" smb2_status - see above)
631*a90cf9f2SGordon Ross */
632*a90cf9f2SGordon Ross sr->sr_time_start = gethrtime();
633*a90cf9f2SGordon Ross rc = SDRC_SUCCESS;
634*a90cf9f2SGordon Ross if (sr->smb2_status == 0) {
635*a90cf9f2SGordon Ross /* NB: not using pre_op */
636*a90cf9f2SGordon Ross rc = (*sdd->sdt_function)(sr);
637*a90cf9f2SGordon Ross /* NB: not using post_op */
638*a90cf9f2SGordon Ross }
639*a90cf9f2SGordon Ross
640*a90cf9f2SGordon Ross MBC_FLUSH(&sr->raw_data);
641*a90cf9f2SGordon Ross
642*a90cf9f2SGordon Ross /*
643*a90cf9f2SGordon Ross * Second half of SMB2 credit handling (increases)
644*a90cf9f2SGordon Ross */
645*a90cf9f2SGordon Ross if (sr->smb2_credit_request > sr->smb2_credit_charge) {
646*a90cf9f2SGordon Ross uint16_t cur, d;
647*a90cf9f2SGordon Ross
648*a90cf9f2SGordon Ross mutex_enter(&session->s_credits_mutex);
649*a90cf9f2SGordon Ross cur = session->s_cur_credits;
650*a90cf9f2SGordon Ross
651*a90cf9f2SGordon Ross /* Handle credit increase. */
652*a90cf9f2SGordon Ross d = sr->smb2_credit_request - sr->smb2_credit_charge;
653*a90cf9f2SGordon Ross cur += d;
654*a90cf9f2SGordon Ross
655*a90cf9f2SGordon Ross /*
656*a90cf9f2SGordon Ross * If new credits would be above max,
657*a90cf9f2SGordon Ross * reduce the credit grant.
658*a90cf9f2SGordon Ross */
659*a90cf9f2SGordon Ross if (cur > session->s_max_credits) {
660*a90cf9f2SGordon Ross d = cur - session->s_max_credits;
661*a90cf9f2SGordon Ross cur = session->s_max_credits;
662*a90cf9f2SGordon Ross sr->smb2_credit_response -= d;
663*a90cf9f2SGordon Ross DTRACE_PROBE1(smb2__credit__max, smb_request_t, sr);
664*a90cf9f2SGordon Ross }
665*a90cf9f2SGordon Ross
666*a90cf9f2SGordon Ross DTRACE_PROBE3(smb2__credit__increase,
667*a90cf9f2SGordon Ross smb_request_t, sr, int, (int)cur,
668*a90cf9f2SGordon Ross int, (int)session->s_cur_credits);
669*a90cf9f2SGordon Ross
670*a90cf9f2SGordon Ross session->s_cur_credits = cur;
671*a90cf9f2SGordon Ross mutex_exit(&session->s_credits_mutex);
672*a90cf9f2SGordon Ross }
673*a90cf9f2SGordon Ross
674*a90cf9f2SGordon Ross cmd_done:
675*a90cf9f2SGordon Ross /*
676*a90cf9f2SGordon Ross * Pad the reply to align(8) if necessary.
677*a90cf9f2SGordon Ross */
678*a90cf9f2SGordon Ross if (sr->reply.chain_offset & 7) {
679*a90cf9f2SGordon Ross int padsz = 8 - (sr->reply.chain_offset & 7);
680*a90cf9f2SGordon Ross (void) smb_mbc_encodef(&sr->reply, "#.", padsz);
681*a90cf9f2SGordon Ross }
682*a90cf9f2SGordon Ross ASSERT((sr->reply.chain_offset & 7) == 0);
683*a90cf9f2SGordon Ross
684*a90cf9f2SGordon Ross /*
685*a90cf9f2SGordon Ross * Record some statistics: latency, rx bytes, tx bytes.
686*a90cf9f2SGordon Ross */
687*a90cf9f2SGordon Ross smb_latency_add_sample(&sds->sdt_lat,
688*a90cf9f2SGordon Ross gethrtime() - sr->sr_time_start);
689*a90cf9f2SGordon Ross atomic_add_64(&sds->sdt_rxb,
690*a90cf9f2SGordon Ross (int64_t)(sr->command.chain_offset - sr->smb2_cmd_hdr));
691*a90cf9f2SGordon Ross atomic_add_64(&sds->sdt_txb,
692*a90cf9f2SGordon Ross (int64_t)(sr->reply.chain_offset - sr->smb2_reply_hdr));
693*a90cf9f2SGordon Ross
694*a90cf9f2SGordon Ross switch (rc) {
695*a90cf9f2SGordon Ross case SDRC_SUCCESS:
696*a90cf9f2SGordon Ross break;
697*a90cf9f2SGordon Ross default:
698*a90cf9f2SGordon Ross /*
699*a90cf9f2SGordon Ross * SMB2 does not use the other dispatch return codes.
700*a90cf9f2SGordon Ross * If we see something else, log an event so we'll
701*a90cf9f2SGordon Ross * know something is returning bogus status codes.
702*a90cf9f2SGordon Ross * If you see these in the log, use dtrace to find
703*a90cf9f2SGordon Ross * the code returning something else.
704*a90cf9f2SGordon Ross */
705*a90cf9f2SGordon Ross #ifdef DEBUG
706*a90cf9f2SGordon Ross cmn_err(CE_NOTE, "handler for %u returned 0x%x",
707*a90cf9f2SGordon Ross sr->smb2_cmd_code, rc);
708*a90cf9f2SGordon Ross #endif
709*a90cf9f2SGordon Ross /* FALLTHROUGH */
710*a90cf9f2SGordon Ross case SDRC_ERROR:
711*a90cf9f2SGordon Ross if (sr->smb2_status == 0)
712*a90cf9f2SGordon Ross sr->smb2_status = NT_STATUS_INTERNAL_ERROR;
713*a90cf9f2SGordon Ross break;
714*a90cf9f2SGordon Ross case SDRC_DROP_VC:
715*a90cf9f2SGordon Ross disconnect = B_TRUE;
716*a90cf9f2SGordon Ross goto cleanup;
717*a90cf9f2SGordon Ross }
718*a90cf9f2SGordon Ross
719*a90cf9f2SGordon Ross /*
720*a90cf9f2SGordon Ross * If there's a next command, figure out where it starts,
721*a90cf9f2SGordon Ross * and fill in the next command offset for the reply.
722*a90cf9f2SGordon Ross * Note: We sanity checked smb2_next_command above
723*a90cf9f2SGordon Ross * (the offset to the next command). Similarly set
724*a90cf9f2SGordon Ross * smb2_next_reply as the offset to the next reply.
725*a90cf9f2SGordon Ross */
726*a90cf9f2SGordon Ross if (sr->smb2_next_command != 0) {
727*a90cf9f2SGordon Ross sr->command.chain_offset =
728*a90cf9f2SGordon Ross sr->smb2_cmd_hdr + sr->smb2_next_command;
729*a90cf9f2SGordon Ross sr->smb2_next_reply =
730*a90cf9f2SGordon Ross sr->reply.chain_offset - sr->smb2_reply_hdr;
731*a90cf9f2SGordon Ross } else {
732*a90cf9f2SGordon Ross sr->smb2_next_reply = 0;
733*a90cf9f2SGordon Ross }
734*a90cf9f2SGordon Ross
735*a90cf9f2SGordon Ross /*
736*a90cf9f2SGordon Ross * Overwrite the SMB2 header for the response of
737*a90cf9f2SGordon Ross * this command (possibly part of a compound).
738*a90cf9f2SGordon Ross * encode_header adds: SMB2_FLAGS_SERVER_TO_REDIR
739*a90cf9f2SGordon Ross */
740*a90cf9f2SGordon Ross (void) smb2_encode_header(sr, B_TRUE);
741*a90cf9f2SGordon Ross
742*a90cf9f2SGordon Ross if (sr->smb2_hdr_flags & SMB2_FLAGS_SIGNED)
743*a90cf9f2SGordon Ross smb2_sign_reply(sr);
744*a90cf9f2SGordon Ross
745*a90cf9f2SGordon Ross if (sr->smb2_next_command != 0)
746*a90cf9f2SGordon Ross goto cmd_start;
747*a90cf9f2SGordon Ross
748*a90cf9f2SGordon Ross /*
749*a90cf9f2SGordon Ross * We've done all the commands in this compound.
750*a90cf9f2SGordon Ross * Send it out.
751*a90cf9f2SGordon Ross */
752*a90cf9f2SGordon Ross smb2_send_reply(sr);
753*a90cf9f2SGordon Ross
754*a90cf9f2SGordon Ross /*
755*a90cf9f2SGordon Ross * If any of the requests "went async", process those now.
756*a90cf9f2SGordon Ross * The async. function "keeps" this sr, changing its state
757*a90cf9f2SGordon Ross * to completed and calling smb_request_free().
758*a90cf9f2SGordon Ross */
759*a90cf9f2SGordon Ross if (sr->sr_async_req != NULL) {
760*a90cf9f2SGordon Ross smb2sr_do_async(sr);
761*a90cf9f2SGordon Ross return;
762*a90cf9f2SGordon Ross }
763*a90cf9f2SGordon Ross
764*a90cf9f2SGordon Ross cleanup:
765*a90cf9f2SGordon Ross if (disconnect) {
766*a90cf9f2SGordon Ross smb_rwx_rwenter(&session->s_lock, RW_WRITER);
767*a90cf9f2SGordon Ross switch (session->s_state) {
768*a90cf9f2SGordon Ross case SMB_SESSION_STATE_DISCONNECTED:
769*a90cf9f2SGordon Ross case SMB_SESSION_STATE_TERMINATED:
770*a90cf9f2SGordon Ross break;
771*a90cf9f2SGordon Ross default:
772*a90cf9f2SGordon Ross smb_soshutdown(session->sock);
773*a90cf9f2SGordon Ross session->s_state = SMB_SESSION_STATE_DISCONNECTED;
774*a90cf9f2SGordon Ross break;
775*a90cf9f2SGordon Ross }
776*a90cf9f2SGordon Ross smb_rwx_rwexit(&session->s_lock);
777*a90cf9f2SGordon Ross }
778*a90cf9f2SGordon Ross
779*a90cf9f2SGordon Ross mutex_enter(&sr->sr_mutex);
780*a90cf9f2SGordon Ross sr->sr_state = SMB_REQ_STATE_COMPLETED;
781*a90cf9f2SGordon Ross mutex_exit(&sr->sr_mutex);
782*a90cf9f2SGordon Ross
783*a90cf9f2SGordon Ross smb_request_free(sr);
784*a90cf9f2SGordon Ross }
785*a90cf9f2SGordon Ross
786*a90cf9f2SGordon Ross /*
787*a90cf9f2SGordon Ross * Dispatch an async request using saved information.
788*a90cf9f2SGordon Ross * See smb2sr_save_async and [MS-SMB2] 3.3.4.2
789*a90cf9f2SGordon Ross *
790*a90cf9f2SGordon Ross * This is sort of a "lite" version of smb2sr_work. Initialize the
791*a90cf9f2SGordon Ross * command and reply areas as they were when the command-speicific
792*a90cf9f2SGordon Ross * handler started (in case it needs to decode anything again).
793*a90cf9f2SGordon Ross * Call the async function, which builds the command-specific part
794*a90cf9f2SGordon Ross * of the response. Finally, send the response and free the sr.
795*a90cf9f2SGordon Ross */
796*a90cf9f2SGordon Ross void
smb2sr_do_async(smb_request_t * sr)797*a90cf9f2SGordon Ross smb2sr_do_async(smb_request_t *sr)
798*a90cf9f2SGordon Ross {
799*a90cf9f2SGordon Ross const smb_disp_entry_t *sdd;
800*a90cf9f2SGordon Ross smb_disp_stats_t *sds;
801*a90cf9f2SGordon Ross smb2_async_req_t *ar;
802*a90cf9f2SGordon Ross int rc = 0;
803*a90cf9f2SGordon Ross
804*a90cf9f2SGordon Ross /*
805*a90cf9f2SGordon Ross * Restore what smb2_decode_header found.
806*a90cf9f2SGordon Ross * (In lieu of decoding it again.)
807*a90cf9f2SGordon Ross */
808*a90cf9f2SGordon Ross ar = sr->sr_async_req;
809*a90cf9f2SGordon Ross sr->smb2_cmd_hdr = ar->ar_cmd_hdr;
810*a90cf9f2SGordon Ross sr->smb2_cmd_code = ar->ar_cmd_code;
811*a90cf9f2SGordon Ross sr->smb2_hdr_flags = ar->ar_hdr_flags;
812*a90cf9f2SGordon Ross sr->smb2_async_id = (uintptr_t)ar;
813*a90cf9f2SGordon Ross sr->smb2_messageid = ar->ar_messageid;
814*a90cf9f2SGordon Ross sr->smb_pid = ar->ar_pid;
815*a90cf9f2SGordon Ross sr->smb_tid = ar->ar_tid;
816*a90cf9f2SGordon Ross sr->smb_uid = ar->ar_uid;
817*a90cf9f2SGordon Ross sr->smb2_status = 0;
818*a90cf9f2SGordon Ross
819*a90cf9f2SGordon Ross /*
820*a90cf9f2SGordon Ross * Async requests don't grant credits, because any credits
821*a90cf9f2SGordon Ross * should have gone out with the interim reply.
822*a90cf9f2SGordon Ross * An async reply goes alone (no next reply).
823*a90cf9f2SGordon Ross */
824*a90cf9f2SGordon Ross sr->smb2_credit_response = 0;
825*a90cf9f2SGordon Ross sr->smb2_next_reply = 0;
826*a90cf9f2SGordon Ross
827*a90cf9f2SGordon Ross /*
828*a90cf9f2SGordon Ross * Setup input mbuf_chain
829*a90cf9f2SGordon Ross */
830*a90cf9f2SGordon Ross ASSERT(ar->ar_cmd_len >= SMB2_HDR_SIZE);
831*a90cf9f2SGordon Ross (void) MBC_SHADOW_CHAIN(&sr->smb_data, &sr->command,
832*a90cf9f2SGordon Ross sr->smb2_cmd_hdr + SMB2_HDR_SIZE,
833*a90cf9f2SGordon Ross ar->ar_cmd_len - SMB2_HDR_SIZE);
834*a90cf9f2SGordon Ross
835*a90cf9f2SGordon Ross /*
836*a90cf9f2SGordon Ross * Setup output mbuf_chain
837*a90cf9f2SGordon Ross */
838*a90cf9f2SGordon Ross MBC_FLUSH(&sr->reply);
839*a90cf9f2SGordon Ross sr->smb2_reply_hdr = sr->reply.chain_offset;
840*a90cf9f2SGordon Ross (void) smb2_encode_header(sr, B_FALSE);
841*a90cf9f2SGordon Ross
842*a90cf9f2SGordon Ross VERIFY3U(sr->smb2_cmd_code, <, SMB2_INVALID_CMD);
843*a90cf9f2SGordon Ross sdd = &smb2_disp_table[sr->smb2_cmd_code];
844*a90cf9f2SGordon Ross sds = sr->session->s_server->sv_disp_stats2;
845*a90cf9f2SGordon Ross sds = &sds[sr->smb2_cmd_code];
846*a90cf9f2SGordon Ross
847*a90cf9f2SGordon Ross /*
848*a90cf9f2SGordon Ross * Keep the UID, TID, ofile we have.
849*a90cf9f2SGordon Ross */
850*a90cf9f2SGordon Ross if ((sdd->sdt_flags & SDDF_SUPPRESS_UID) == 0 &&
851*a90cf9f2SGordon Ross sr->uid_user == NULL) {
852*a90cf9f2SGordon Ross smb2sr_put_error(sr, NT_STATUS_USER_SESSION_DELETED);
853*a90cf9f2SGordon Ross goto cmd_done;
854*a90cf9f2SGordon Ross }
855*a90cf9f2SGordon Ross if ((sdd->sdt_flags & SDDF_SUPPRESS_TID) == 0 &&
856*a90cf9f2SGordon Ross sr->tid_tree == NULL) {
857*a90cf9f2SGordon Ross smb2sr_put_error(sr, NT_STATUS_NETWORK_NAME_DELETED);
858*a90cf9f2SGordon Ross goto cmd_done;
859*a90cf9f2SGordon Ross }
860*a90cf9f2SGordon Ross
861*a90cf9f2SGordon Ross /*
862*a90cf9f2SGordon Ross * Signature already verified
863*a90cf9f2SGordon Ross * Credits handled...
864*a90cf9f2SGordon Ross *
865*a90cf9f2SGordon Ross * Just call the async handler function.
866*a90cf9f2SGordon Ross */
867*a90cf9f2SGordon Ross rc = ar->ar_func(sr);
868*a90cf9f2SGordon Ross if (rc != 0 && sr->smb2_status == 0)
869*a90cf9f2SGordon Ross sr->smb2_status = NT_STATUS_INTERNAL_ERROR;
870*a90cf9f2SGordon Ross
871*a90cf9f2SGordon Ross cmd_done:
872*a90cf9f2SGordon Ross /*
873*a90cf9f2SGordon Ross * Pad the reply to align(8) if necessary.
874*a90cf9f2SGordon Ross */
875*a90cf9f2SGordon Ross if (sr->reply.chain_offset & 7) {
876*a90cf9f2SGordon Ross int padsz = 8 - (sr->reply.chain_offset & 7);
877*a90cf9f2SGordon Ross (void) smb_mbc_encodef(&sr->reply, "#.", padsz);
878*a90cf9f2SGordon Ross }
879*a90cf9f2SGordon Ross ASSERT((sr->reply.chain_offset & 7) == 0);
880*a90cf9f2SGordon Ross
881*a90cf9f2SGordon Ross /*
882*a90cf9f2SGordon Ross * Record some statistics: (just tx bytes here)
883*a90cf9f2SGordon Ross */
884*a90cf9f2SGordon Ross atomic_add_64(&sds->sdt_txb,
885*a90cf9f2SGordon Ross (int64_t)(sr->reply.chain_offset - sr->smb2_reply_hdr));
886*a90cf9f2SGordon Ross
887*a90cf9f2SGordon Ross /*
888*a90cf9f2SGordon Ross * Overwrite the SMB2 header for the response of
889*a90cf9f2SGordon Ross * this command (possibly part of a compound).
890*a90cf9f2SGordon Ross * The call adds: SMB2_FLAGS_SERVER_TO_REDIR
891*a90cf9f2SGordon Ross */
892*a90cf9f2SGordon Ross (void) smb2_encode_header(sr, B_TRUE);
893*a90cf9f2SGordon Ross
894*a90cf9f2SGordon Ross if (sr->smb2_hdr_flags & SMB2_FLAGS_SIGNED)
895*a90cf9f2SGordon Ross smb2_sign_reply(sr);
896*a90cf9f2SGordon Ross
897*a90cf9f2SGordon Ross smb2_send_reply(sr);
898*a90cf9f2SGordon Ross
899*a90cf9f2SGordon Ross /*
900*a90cf9f2SGordon Ross * Done. Unlink and free.
901*a90cf9f2SGordon Ross */
902*a90cf9f2SGordon Ross sr->sr_async_req = NULL;
903*a90cf9f2SGordon Ross kmem_free(ar, sizeof (*ar));
904*a90cf9f2SGordon Ross
905*a90cf9f2SGordon Ross mutex_enter(&sr->sr_mutex);
906*a90cf9f2SGordon Ross sr->sr_state = SMB_REQ_STATE_COMPLETED;
907*a90cf9f2SGordon Ross mutex_exit(&sr->sr_mutex);
908*a90cf9f2SGordon Ross
909*a90cf9f2SGordon Ross smb_request_free(sr);
910*a90cf9f2SGordon Ross }
911*a90cf9f2SGordon Ross
912*a90cf9f2SGordon Ross /*
913*a90cf9f2SGordon Ross * In preparation for sending an "interim response", save
914*a90cf9f2SGordon Ross * all the state we'll need to run an async command later,
915*a90cf9f2SGordon Ross * and assign an "async id" for this (now async) command.
916*a90cf9f2SGordon Ross * See [MS-SMB2] 3.3.4.2
917*a90cf9f2SGordon Ross *
918*a90cf9f2SGordon Ross * If more than one request in a compound request tries to
919*a90cf9f2SGordon Ross * "go async", we can "say no". See [MS-SMB2] 3.3.4.2
920*a90cf9f2SGordon Ross * If an operation would require asynchronous processing
921*a90cf9f2SGordon Ross * but resources are constrained, the server MAY choose to
922*a90cf9f2SGordon Ross * fail that operation with STATUS_INSUFFICIENT_RESOURCES.
923*a90cf9f2SGordon Ross *
924*a90cf9f2SGordon Ross * For simplicity, we further restrict the cases where we're
925*a90cf9f2SGordon Ross * willing to "go async", and only allow the last command in a
926*a90cf9f2SGordon Ross * compound to "go async". It happens that this is the only
927*a90cf9f2SGordon Ross * case where we're actually asked to go async anyway. This
928*a90cf9f2SGordon Ross * simplification also means there can be at most one command
929*a90cf9f2SGordon Ross * in a compound that "goes async" (the last one).
930*a90cf9f2SGordon Ross *
931*a90cf9f2SGordon Ross * If we agree to "go async", this should return STATUS_PENDING.
932*a90cf9f2SGordon Ross * Otherwise return STATUS_INSUFFICIENT_RESOURCES for this and
933*a90cf9f2SGordon Ross * all requests following this request. (See the comments re.
934*a90cf9f2SGordon Ross * "sticky" smb2_status values in smb2sr_work).
935*a90cf9f2SGordon Ross *
936*a90cf9f2SGordon Ross * Note: the Async ID we assign here is arbitrary, and need only
937*a90cf9f2SGordon Ross * be unique among pending async responses on this connection, so
938*a90cf9f2SGordon Ross * this just uses an object address as the Async ID.
939*a90cf9f2SGordon Ross *
940*a90cf9f2SGordon Ross * Also, the assigned worker is the ONLY thread using this
941*a90cf9f2SGordon Ross * async request object (sr_async_req) so no locking.
942*a90cf9f2SGordon Ross */
943*a90cf9f2SGordon Ross uint32_t
smb2sr_go_async(smb_request_t * sr,smb_sdrc_t (* async_func)(smb_request_t *))944*a90cf9f2SGordon Ross smb2sr_go_async(smb_request_t *sr,
945*a90cf9f2SGordon Ross smb_sdrc_t (*async_func)(smb_request_t *))
946*a90cf9f2SGordon Ross {
947*a90cf9f2SGordon Ross smb2_async_req_t *ar;
948*a90cf9f2SGordon Ross
949*a90cf9f2SGordon Ross if (sr->smb2_next_command != 0)
950*a90cf9f2SGordon Ross return (NT_STATUS_INSUFFICIENT_RESOURCES);
951*a90cf9f2SGordon Ross
952*a90cf9f2SGordon Ross ASSERT(sr->sr_async_req == NULL);
953*a90cf9f2SGordon Ross ar = kmem_zalloc(sizeof (*ar), KM_SLEEP);
954*a90cf9f2SGordon Ross
955*a90cf9f2SGordon Ross /*
956*a90cf9f2SGordon Ross * Place an interim response in the compound reply.
957*a90cf9f2SGordon Ross *
958*a90cf9f2SGordon Ross * Turn on the "async" flag for both the (synchronous)
959*a90cf9f2SGordon Ross * interim response and the (later) async response,
960*a90cf9f2SGordon Ross * by storing that in flags before coping into ar.
961*a90cf9f2SGordon Ross *
962*a90cf9f2SGordon Ross * The "related" flag should always be off for the
963*a90cf9f2SGordon Ross * async part because we're no longer operating on a
964*a90cf9f2SGordon Ross * sequence of commands when we execute that.
965*a90cf9f2SGordon Ross */
966*a90cf9f2SGordon Ross sr->smb2_hdr_flags |= SMB2_FLAGS_ASYNC_COMMAND;
967*a90cf9f2SGordon Ross sr->smb2_async_id = (uintptr_t)ar;
968*a90cf9f2SGordon Ross
969*a90cf9f2SGordon Ross ar->ar_func = async_func;
970*a90cf9f2SGordon Ross ar->ar_cmd_hdr = sr->smb2_cmd_hdr;
971*a90cf9f2SGordon Ross ar->ar_cmd_len = sr->smb_data.max_bytes - sr->smb2_cmd_hdr;
972*a90cf9f2SGordon Ross
973*a90cf9f2SGordon Ross ar->ar_cmd_code = sr->smb2_cmd_code;
974*a90cf9f2SGordon Ross ar->ar_hdr_flags = sr->smb2_hdr_flags &
975*a90cf9f2SGordon Ross ~SMB2_FLAGS_RELATED_OPERATIONS;
976*a90cf9f2SGordon Ross ar->ar_messageid = sr->smb2_messageid;
977*a90cf9f2SGordon Ross ar->ar_pid = sr->smb_pid;
978*a90cf9f2SGordon Ross ar->ar_tid = sr->smb_tid;
979*a90cf9f2SGordon Ross ar->ar_uid = sr->smb_uid;
980*a90cf9f2SGordon Ross
981*a90cf9f2SGordon Ross sr->sr_async_req = ar;
982*a90cf9f2SGordon Ross
983*a90cf9f2SGordon Ross /* Interim responses are NOT signed. */
984*a90cf9f2SGordon Ross sr->smb2_hdr_flags &= ~SMB2_FLAGS_SIGNED;
985*a90cf9f2SGordon Ross
986*a90cf9f2SGordon Ross return (NT_STATUS_PENDING);
987*a90cf9f2SGordon Ross }
988*a90cf9f2SGordon Ross
989*a90cf9f2SGordon Ross int
smb2_decode_header(smb_request_t * sr)990*a90cf9f2SGordon Ross smb2_decode_header(smb_request_t *sr)
991*a90cf9f2SGordon Ross {
992*a90cf9f2SGordon Ross uint64_t ssnid;
993*a90cf9f2SGordon Ross uint32_t pid, tid;
994*a90cf9f2SGordon Ross uint16_t hdr_len;
995*a90cf9f2SGordon Ross int rc;
996*a90cf9f2SGordon Ross
997*a90cf9f2SGordon Ross rc = smb_mbc_decodef(
998*a90cf9f2SGordon Ross &sr->command, "Nwww..wwllqllq16c",
999*a90cf9f2SGordon Ross &hdr_len, /* w */
1000*a90cf9f2SGordon Ross &sr->smb2_credit_charge, /* w */
1001*a90cf9f2SGordon Ross &sr->smb2_chan_seq, /* w */
1002*a90cf9f2SGordon Ross /* reserved .. */
1003*a90cf9f2SGordon Ross &sr->smb2_cmd_code, /* w */
1004*a90cf9f2SGordon Ross &sr->smb2_credit_request, /* w */
1005*a90cf9f2SGordon Ross &sr->smb2_hdr_flags, /* l */
1006*a90cf9f2SGordon Ross &sr->smb2_next_command, /* l */
1007*a90cf9f2SGordon Ross &sr->smb2_messageid, /* q */
1008*a90cf9f2SGordon Ross &pid, /* l */
1009*a90cf9f2SGordon Ross &tid, /* l */
1010*a90cf9f2SGordon Ross &ssnid, /* q */
1011*a90cf9f2SGordon Ross sr->smb2_sig); /* 16c */
1012*a90cf9f2SGordon Ross if (rc)
1013*a90cf9f2SGordon Ross return (rc);
1014*a90cf9f2SGordon Ross
1015*a90cf9f2SGordon Ross if (hdr_len != SMB2_HDR_SIZE)
1016*a90cf9f2SGordon Ross return (-1);
1017*a90cf9f2SGordon Ross
1018*a90cf9f2SGordon Ross sr->smb_uid = (uint16_t)ssnid; /* XXX wide UIDs */
1019*a90cf9f2SGordon Ross
1020*a90cf9f2SGordon Ross if (sr->smb2_hdr_flags & SMB2_FLAGS_ASYNC_COMMAND) {
1021*a90cf9f2SGordon Ross sr->smb2_async_id = pid |
1022*a90cf9f2SGordon Ross ((uint64_t)tid) << 32;
1023*a90cf9f2SGordon Ross } else {
1024*a90cf9f2SGordon Ross sr->smb_pid = pid;
1025*a90cf9f2SGordon Ross sr->smb_tid = (uint16_t)tid; /* XXX wide TIDs */
1026*a90cf9f2SGordon Ross }
1027*a90cf9f2SGordon Ross
1028*a90cf9f2SGordon Ross return (rc);
1029*a90cf9f2SGordon Ross }
1030*a90cf9f2SGordon Ross
1031*a90cf9f2SGordon Ross int
smb2_encode_header(smb_request_t * sr,boolean_t overwrite)1032*a90cf9f2SGordon Ross smb2_encode_header(smb_request_t *sr, boolean_t overwrite)
1033*a90cf9f2SGordon Ross {
1034*a90cf9f2SGordon Ross uint64_t ssnid = sr->smb_uid;
1035*a90cf9f2SGordon Ross uint64_t pid_tid_aid; /* pid+tid, or async id */
1036*a90cf9f2SGordon Ross uint32_t reply_hdr_flags;
1037*a90cf9f2SGordon Ross int rc;
1038*a90cf9f2SGordon Ross
1039*a90cf9f2SGordon Ross if (sr->smb2_hdr_flags & SMB2_FLAGS_ASYNC_COMMAND) {
1040*a90cf9f2SGordon Ross pid_tid_aid = sr->smb2_async_id;
1041*a90cf9f2SGordon Ross } else {
1042*a90cf9f2SGordon Ross pid_tid_aid = sr->smb_pid |
1043*a90cf9f2SGordon Ross ((uint64_t)sr->smb_tid) << 32;
1044*a90cf9f2SGordon Ross }
1045*a90cf9f2SGordon Ross reply_hdr_flags = sr->smb2_hdr_flags | SMB2_FLAGS_SERVER_TO_REDIR;
1046*a90cf9f2SGordon Ross
1047*a90cf9f2SGordon Ross if (overwrite) {
1048*a90cf9f2SGordon Ross rc = smb_mbc_poke(&sr->reply,
1049*a90cf9f2SGordon Ross sr->smb2_reply_hdr,
1050*a90cf9f2SGordon Ross "Nwwlwwllqqq16c",
1051*a90cf9f2SGordon Ross SMB2_HDR_SIZE, /* w */
1052*a90cf9f2SGordon Ross sr->smb2_credit_charge, /* w */
1053*a90cf9f2SGordon Ross sr->smb2_status, /* l */
1054*a90cf9f2SGordon Ross sr->smb2_cmd_code, /* w */
1055*a90cf9f2SGordon Ross sr->smb2_credit_response, /* w */
1056*a90cf9f2SGordon Ross reply_hdr_flags, /* l */
1057*a90cf9f2SGordon Ross sr->smb2_next_reply, /* l */
1058*a90cf9f2SGordon Ross sr->smb2_messageid, /* q */
1059*a90cf9f2SGordon Ross pid_tid_aid, /* q */
1060*a90cf9f2SGordon Ross ssnid, /* q */
1061*a90cf9f2SGordon Ross sr->smb2_sig); /* 16c */
1062*a90cf9f2SGordon Ross } else {
1063*a90cf9f2SGordon Ross rc = smb_mbc_encodef(&sr->reply,
1064*a90cf9f2SGordon Ross "Nwwlwwllqqq16c",
1065*a90cf9f2SGordon Ross SMB2_HDR_SIZE, /* w */
1066*a90cf9f2SGordon Ross sr->smb2_credit_charge, /* w */
1067*a90cf9f2SGordon Ross sr->smb2_status, /* l */
1068*a90cf9f2SGordon Ross sr->smb2_cmd_code, /* w */
1069*a90cf9f2SGordon Ross sr->smb2_credit_response, /* w */
1070*a90cf9f2SGordon Ross reply_hdr_flags, /* l */
1071*a90cf9f2SGordon Ross sr->smb2_next_reply, /* l */
1072*a90cf9f2SGordon Ross sr->smb2_messageid, /* q */
1073*a90cf9f2SGordon Ross pid_tid_aid, /* q */
1074*a90cf9f2SGordon Ross ssnid, /* q */
1075*a90cf9f2SGordon Ross sr->smb2_sig); /* 16c */
1076*a90cf9f2SGordon Ross }
1077*a90cf9f2SGordon Ross
1078*a90cf9f2SGordon Ross return (rc);
1079*a90cf9f2SGordon Ross }
1080*a90cf9f2SGordon Ross
1081*a90cf9f2SGordon Ross void
smb2_send_reply(smb_request_t * sr)1082*a90cf9f2SGordon Ross smb2_send_reply(smb_request_t *sr)
1083*a90cf9f2SGordon Ross {
1084*a90cf9f2SGordon Ross
1085*a90cf9f2SGordon Ross if (smb_session_send(sr->session, 0, &sr->reply) == 0)
1086*a90cf9f2SGordon Ross sr->reply.chain = 0;
1087*a90cf9f2SGordon Ross }
1088*a90cf9f2SGordon Ross
1089*a90cf9f2SGordon Ross /*
1090*a90cf9f2SGordon Ross * This wrapper function exists to help catch calls to smbsr_status()
1091*a90cf9f2SGordon Ross * (which is SMB1-specific) in common code. See smbsr_status().
1092*a90cf9f2SGordon Ross * If the log message below is seen, put a dtrace probe on this
1093*a90cf9f2SGordon Ross * function with a stack() action to see who is calling the SMB1
1094*a90cf9f2SGordon Ross * "put error" from common code, and fix it.
1095*a90cf9f2SGordon Ross */
1096*a90cf9f2SGordon Ross void
smbsr_status_smb2(smb_request_t * sr,DWORD status)1097*a90cf9f2SGordon Ross smbsr_status_smb2(smb_request_t *sr, DWORD status)
1098*a90cf9f2SGordon Ross {
1099*a90cf9f2SGordon Ross const char *name;
1100*a90cf9f2SGordon Ross
1101*a90cf9f2SGordon Ross if (sr->smb2_cmd_code < SMB2__NCMDS)
1102*a90cf9f2SGordon Ross name = smb2_disp_table[sr->smb2_cmd_code].sdt_name;
1103*a90cf9f2SGordon Ross else
1104*a90cf9f2SGordon Ross name = "<unknown>";
1105*a90cf9f2SGordon Ross #ifdef DEBUG
1106*a90cf9f2SGordon Ross cmn_err(CE_NOTE, "smbsr_status called for %s", name);
1107*a90cf9f2SGordon Ross #endif
1108*a90cf9f2SGordon Ross
1109*a90cf9f2SGordon Ross smb2sr_put_error_data(sr, status, NULL);
1110*a90cf9f2SGordon Ross }
1111*a90cf9f2SGordon Ross
1112*a90cf9f2SGordon Ross void
smb2sr_put_errno(struct smb_request * sr,int errnum)1113*a90cf9f2SGordon Ross smb2sr_put_errno(struct smb_request *sr, int errnum)
1114*a90cf9f2SGordon Ross {
1115*a90cf9f2SGordon Ross uint32_t status = smb_errno2status(errnum);
1116*a90cf9f2SGordon Ross smb2sr_put_error_data(sr, status, NULL);
1117*a90cf9f2SGordon Ross }
1118*a90cf9f2SGordon Ross
1119*a90cf9f2SGordon Ross void
smb2sr_put_error(smb_request_t * sr,uint32_t status)1120*a90cf9f2SGordon Ross smb2sr_put_error(smb_request_t *sr, uint32_t status)
1121*a90cf9f2SGordon Ross {
1122*a90cf9f2SGordon Ross smb2sr_put_error_data(sr, status, NULL);
1123*a90cf9f2SGordon Ross }
1124*a90cf9f2SGordon Ross
1125*a90cf9f2SGordon Ross /*
1126*a90cf9f2SGordon Ross * Build an SMB2 error response. [MS-SMB2] 2.2.2
1127*a90cf9f2SGordon Ross */
1128*a90cf9f2SGordon Ross void
smb2sr_put_error_data(smb_request_t * sr,uint32_t status,mbuf_chain_t * mbc)1129*a90cf9f2SGordon Ross smb2sr_put_error_data(smb_request_t *sr, uint32_t status, mbuf_chain_t *mbc)
1130*a90cf9f2SGordon Ross {
1131*a90cf9f2SGordon Ross DWORD len;
1132*a90cf9f2SGordon Ross
1133*a90cf9f2SGordon Ross /*
1134*a90cf9f2SGordon Ross * The common dispatch code writes this when it
1135*a90cf9f2SGordon Ross * updates the SMB2 header before sending.
1136*a90cf9f2SGordon Ross */
1137*a90cf9f2SGordon Ross sr->smb2_status = status;
1138*a90cf9f2SGordon Ross
1139*a90cf9f2SGordon Ross /* Rewind to the end of the SMB header. */
1140*a90cf9f2SGordon Ross sr->reply.chain_offset = sr->smb2_reply_hdr + SMB2_HDR_SIZE;
1141*a90cf9f2SGordon Ross
1142*a90cf9f2SGordon Ross /*
1143*a90cf9f2SGordon Ross * NB: Must provide at least one byte of error data,
1144*a90cf9f2SGordon Ross * per [MS-SMB2] 2.2.2
1145*a90cf9f2SGordon Ross */
1146*a90cf9f2SGordon Ross if (mbc != NULL && (len = MBC_LENGTH(mbc)) != 0) {
1147*a90cf9f2SGordon Ross (void) smb_mbc_encodef(
1148*a90cf9f2SGordon Ross &sr->reply,
1149*a90cf9f2SGordon Ross "wwlC",
1150*a90cf9f2SGordon Ross 9, /* StructSize */ /* w */
1151*a90cf9f2SGordon Ross 0, /* reserved */ /* w */
1152*a90cf9f2SGordon Ross len, /* l */
1153*a90cf9f2SGordon Ross mbc); /* C */
1154*a90cf9f2SGordon Ross } else {
1155*a90cf9f2SGordon Ross (void) smb_mbc_encodef(
1156*a90cf9f2SGordon Ross &sr->reply,
1157*a90cf9f2SGordon Ross "wwl.",
1158*a90cf9f2SGordon Ross 9, /* StructSize */ /* w */
1159*a90cf9f2SGordon Ross 0, /* reserved */ /* w */
1160*a90cf9f2SGordon Ross 0); /* l. */
1161*a90cf9f2SGordon Ross }
1162*a90cf9f2SGordon Ross }
1163*a90cf9f2SGordon Ross
1164*a90cf9f2SGordon Ross /*
1165*a90cf9f2SGordon Ross * smb2sr_lookup_fid
1166*a90cf9f2SGordon Ross *
1167*a90cf9f2SGordon Ross * Setup sr->fid_ofile, either inherited from a related command,
1168*a90cf9f2SGordon Ross * or obtained via FID lookup. Similar inheritance logic as in
1169*a90cf9f2SGordon Ross * smb2sr_work.
1170*a90cf9f2SGordon Ross */
1171*a90cf9f2SGordon Ross uint32_t
smb2sr_lookup_fid(smb_request_t * sr,smb2fid_t * fid)1172*a90cf9f2SGordon Ross smb2sr_lookup_fid(smb_request_t *sr, smb2fid_t *fid)
1173*a90cf9f2SGordon Ross {
1174*a90cf9f2SGordon Ross boolean_t related = sr->smb2_hdr_flags &
1175*a90cf9f2SGordon Ross SMB2_FLAGS_RELATED_OPERATIONS;
1176*a90cf9f2SGordon Ross
1177*a90cf9f2SGordon Ross if (related) {
1178*a90cf9f2SGordon Ross if (sr->fid_ofile == NULL)
1179*a90cf9f2SGordon Ross return (NT_STATUS_INVALID_PARAMETER);
1180*a90cf9f2SGordon Ross sr->smb_fid = sr->fid_ofile->f_fid;
1181*a90cf9f2SGordon Ross return (0);
1182*a90cf9f2SGordon Ross }
1183*a90cf9f2SGordon Ross
1184*a90cf9f2SGordon Ross /*
1185*a90cf9f2SGordon Ross * If we could be sure this is called only once per cmd,
1186*a90cf9f2SGordon Ross * we could simply ASSERT(sr->fid_ofile == NULL) here.
1187*a90cf9f2SGordon Ross * However, there are cases where it can be called again
1188*a90cf9f2SGordon Ross * handling the same command, so let's tolerate that.
1189*a90cf9f2SGordon Ross */
1190*a90cf9f2SGordon Ross if (sr->fid_ofile == NULL) {
1191*a90cf9f2SGordon Ross sr->smb_fid = (uint16_t)fid->temporal;
1192*a90cf9f2SGordon Ross sr->fid_ofile = smb_ofile_lookup_by_fid(sr, sr->smb_fid);
1193*a90cf9f2SGordon Ross }
1194*a90cf9f2SGordon Ross if (sr->fid_ofile == NULL)
1195*a90cf9f2SGordon Ross return (NT_STATUS_FILE_CLOSED);
1196*a90cf9f2SGordon Ross
1197*a90cf9f2SGordon Ross return (0);
1198*a90cf9f2SGordon Ross }
1199*a90cf9f2SGordon Ross
1200*a90cf9f2SGordon Ross /*
1201*a90cf9f2SGordon Ross * smb2_dispatch_stats_init
1202*a90cf9f2SGordon Ross *
1203*a90cf9f2SGordon Ross * Initializes dispatch statistics for SMB2.
1204*a90cf9f2SGordon Ross * See also smb_dispatch_stats_init(), which fills in
1205*a90cf9f2SGordon Ross * the lower part of the statistics array, from zero
1206*a90cf9f2SGordon Ross * through SMB_COM_NUM;
1207*a90cf9f2SGordon Ross */
1208*a90cf9f2SGordon Ross void
smb2_dispatch_stats_init(smb_server_t * sv)1209*a90cf9f2SGordon Ross smb2_dispatch_stats_init(smb_server_t *sv)
1210*a90cf9f2SGordon Ross {
1211*a90cf9f2SGordon Ross smb_disp_stats_t *sds = sv->sv_disp_stats2;
1212*a90cf9f2SGordon Ross smb_kstat_req_t *ksr;
1213*a90cf9f2SGordon Ross int i;
1214*a90cf9f2SGordon Ross
1215*a90cf9f2SGordon Ross ksr = ((smbsrv_kstats_t *)sv->sv_ksp->ks_data)->ks_reqs2;
1216*a90cf9f2SGordon Ross
1217*a90cf9f2SGordon Ross for (i = 0; i < SMB2__NCMDS; i++, ksr++) {
1218*a90cf9f2SGordon Ross smb_latency_init(&sds[i].sdt_lat);
1219*a90cf9f2SGordon Ross (void) strlcpy(ksr->kr_name, smb2_disp_table[i].sdt_name,
1220*a90cf9f2SGordon Ross sizeof (ksr->kr_name));
1221*a90cf9f2SGordon Ross }
1222*a90cf9f2SGordon Ross }
1223*a90cf9f2SGordon Ross
1224*a90cf9f2SGordon Ross /*
1225*a90cf9f2SGordon Ross * smb2_dispatch_stats_fini
1226*a90cf9f2SGordon Ross *
1227*a90cf9f2SGordon Ross * Frees and destroyes the resources used for statistics.
1228*a90cf9f2SGordon Ross */
1229*a90cf9f2SGordon Ross void
smb2_dispatch_stats_fini(smb_server_t * sv)1230*a90cf9f2SGordon Ross smb2_dispatch_stats_fini(smb_server_t *sv)
1231*a90cf9f2SGordon Ross {
1232*a90cf9f2SGordon Ross smb_disp_stats_t *sds = sv->sv_disp_stats2;
1233*a90cf9f2SGordon Ross int i;
1234*a90cf9f2SGordon Ross
1235*a90cf9f2SGordon Ross for (i = 0; i < SMB2__NCMDS; i++)
1236*a90cf9f2SGordon Ross smb_latency_destroy(&sds[i].sdt_lat);
1237*a90cf9f2SGordon Ross }
1238*a90cf9f2SGordon Ross
1239*a90cf9f2SGordon Ross void
smb2_dispatch_stats_update(smb_server_t * sv,smb_kstat_req_t * ksr,int first,int nreq)1240*a90cf9f2SGordon Ross smb2_dispatch_stats_update(smb_server_t *sv,
1241*a90cf9f2SGordon Ross smb_kstat_req_t *ksr, int first, int nreq)
1242*a90cf9f2SGordon Ross {
1243*a90cf9f2SGordon Ross smb_disp_stats_t *sds = sv->sv_disp_stats2;
1244*a90cf9f2SGordon Ross int i;
1245*a90cf9f2SGordon Ross int last;
1246*a90cf9f2SGordon Ross
1247*a90cf9f2SGordon Ross last = first + nreq - 1;
1248*a90cf9f2SGordon Ross
1249*a90cf9f2SGordon Ross if ((first < SMB2__NCMDS) && (last < SMB2__NCMDS)) {
1250*a90cf9f2SGordon Ross for (i = first; i <= last; i++, ksr++) {
1251*a90cf9f2SGordon Ross ksr->kr_rxb = sds[i].sdt_rxb;
1252*a90cf9f2SGordon Ross ksr->kr_txb = sds[i].sdt_txb;
1253*a90cf9f2SGordon Ross mutex_enter(&sds[i].sdt_lat.ly_mutex);
1254*a90cf9f2SGordon Ross ksr->kr_nreq = sds[i].sdt_lat.ly_a_nreq;
1255*a90cf9f2SGordon Ross ksr->kr_sum = sds[i].sdt_lat.ly_a_sum;
1256*a90cf9f2SGordon Ross ksr->kr_a_mean = sds[i].sdt_lat.ly_a_mean;
1257*a90cf9f2SGordon Ross ksr->kr_a_stddev =
1258*a90cf9f2SGordon Ross sds[i].sdt_lat.ly_a_stddev;
1259*a90cf9f2SGordon Ross ksr->kr_d_mean = sds[i].sdt_lat.ly_d_mean;
1260*a90cf9f2SGordon Ross ksr->kr_d_stddev =
1261*a90cf9f2SGordon Ross sds[i].sdt_lat.ly_d_stddev;
1262*a90cf9f2SGordon Ross sds[i].sdt_lat.ly_d_mean = 0;
1263*a90cf9f2SGordon Ross sds[i].sdt_lat.ly_d_nreq = 0;
1264*a90cf9f2SGordon Ross sds[i].sdt_lat.ly_d_stddev = 0;
1265*a90cf9f2SGordon Ross sds[i].sdt_lat.ly_d_sum = 0;
1266*a90cf9f2SGordon Ross mutex_exit(&sds[i].sdt_lat.ly_mutex);
1267*a90cf9f2SGordon Ross }
1268*a90cf9f2SGordon Ross }
1269*a90cf9f2SGordon Ross }
1270