1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 /* 27 * Structures and type definitions for the SMB module. 28 */ 29 30 #ifndef _SMBSRV_SMBVAR_H 31 #define _SMBSRV_SMBVAR_H 32 33 #pragma ident "@(#)smbvar.h 1.3 08/01/04 SMI" 34 35 #ifdef __cplusplus 36 extern "C" { 37 #endif 38 39 #include <sys/systm.h> 40 #include <sys/param.h> 41 #include <sys/types.h> 42 #include <sys/synch.h> 43 #include <sys/taskq.h> 44 #include <sys/acl.h> 45 #include <sys/sdt.h> 46 #include <sys/vnode.h> 47 #include <sys/cred.h> 48 #include <smbsrv/smb.h> 49 #include <smbsrv/lmshare.h> 50 #include <smbsrv/smbinfo.h> 51 #include <smbsrv/mbuf.h> 52 53 #include <smbsrv/smb_vops.h> 54 #include <smbsrv/smb_fsd.h> 55 #include <smbsrv/mlsvc.h> 56 57 typedef struct smb_session smb_session_t; 58 typedef struct smb_request smb_request_t; 59 typedef struct smb_sd smb_sd_t; 60 61 #include <smbsrv/smb_svc_sm.h> 62 63 int smb_noop(void *, size_t, int); 64 65 #define SMB_AUDIT_STACK_DEPTH 16 66 #define SMB_AUDIT_BUF_MAX_REC 16 67 #define SMB_AUDIT_NODE 0x00000001 68 69 extern uint32_t smb_audit_flags; 70 71 typedef struct { 72 uint32_t anr_refcnt; 73 int anr_depth; 74 pc_t anr_stack[SMB_AUDIT_STACK_DEPTH]; 75 } smb_audit_record_node_t; 76 77 typedef struct { 78 int anb_index; 79 int anb_max_index; 80 smb_audit_record_node_t anb_records[SMB_AUDIT_BUF_MAX_REC]; 81 } smb_audit_buf_node_t; 82 83 #define SMB_WORKER_PRIORITY 99 84 /* 85 * Thread State Machine 86 * -------------------- 87 * 88 * T5 T0 89 * smb_thread_destroy() <-------+ +------- smb_thread_init() 90 * | | 91 * | v 92 * +-----------------------------+ 93 * | SMB_THREAD_STATE_EXITED |<---+ 94 * +-----------------------------+ | 95 * | T1 | 96 * v | 97 * +-----------------------------+ | 98 * | SMB_THREAD_STATE_STARTING | | 99 * +-----------------------------+ | 100 * | T2 | T4 101 * v | 102 * +-----------------------------+ | 103 * | SMB_THREAD_STATE_RUNNING | | 104 * +-----------------------------+ | 105 * | T3 | 106 * v | 107 * +-----------------------------+ | 108 * | SMB_THREAD_STATE_EXITING |----+ 109 * +-----------------------------+ 110 * 111 * Transition T0 112 * 113 * This transition is executed in smb_thread_init(). 114 * 115 * Transition T1 116 * 117 * This transition is executed in smb_thread_start(). 118 * 119 * Transition T2 120 * 121 * This transition is executed by the thread itself when it starts running. 122 * 123 * Transition T3 124 * 125 * This transition is executed by the thread itself in 126 * smb_thread_entry_point() just before calling thread_exit(). 127 * 128 * 129 * Transition T4 130 * 131 * This transition is executed in smb_thread_stop(). 132 * 133 * Transition T5 134 * 135 * This transition is executed in smb_thread_destroy(). 136 * 137 * Comments 138 * -------- 139 * 140 * The field smb_thread_aw_t contains a function pointer that knows how to 141 * awake the thread. It is a temporary solution to work around the fact that 142 * kernel threads (not part of a userspace process) cannot be signaled. 143 */ 144 typedef enum smb_thread_state { 145 SMB_THREAD_STATE_STARTING = 0, 146 SMB_THREAD_STATE_RUNNING, 147 SMB_THREAD_STATE_EXITING, 148 SMB_THREAD_STATE_EXITED 149 } smb_thread_state_t; 150 151 struct _smb_thread; 152 153 typedef void (*smb_thread_ep_t)(struct _smb_thread *, void *ep_arg); 154 typedef void (*smb_thread_aw_t)(struct _smb_thread *, void *aw_arg); 155 156 #define SMB_THREAD_MAGIC 0x534D4254 /* SMBT */ 157 158 typedef struct _smb_thread { 159 uint32_t sth_magic; 160 char sth_name[16]; 161 smb_thread_state_t sth_state; 162 kthread_t *sth_th; 163 kt_did_t sth_did; 164 smb_thread_ep_t sth_ep; 165 void *sth_ep_arg; 166 smb_thread_aw_t sth_aw; 167 void *sth_aw_arg; 168 boolean_t sth_kill; 169 kmutex_t sth_mtx; 170 kcondvar_t sth_cv; 171 } smb_thread_t; 172 173 /* 174 * Pool of IDs 175 * ----------- 176 * 177 * A pool of IDs is a pool of 16 bit numbers. It is implemented as a bitmap. 178 * A bit set to '1' indicates that that particular value has been allocated. 179 * The allocation process is done shifting a bit through the whole bitmap. 180 * The current position of that index bit is kept in the smb_idpool_t 181 * structure and represented by a byte index (0 to buffer size minus 1) and 182 * a bit index (0 to 7). 183 * 184 * The pools start with a size of 8 bytes or 64 IDs. Each time the pool runs 185 * out of IDs its current size is doubled until it reaches its maximum size 186 * (8192 bytes or 65536 IDs). The IDs 0 and 65535 are never given out which 187 * means that a pool can have a maximum number of 65534 IDs available. 188 */ 189 #define SMB_IDPOOL_MAGIC 0x4944504C /* IDPL */ 190 #define SMB_IDPOOL_MIN_SIZE 64 /* Number of IDs to begin with */ 191 #define SMB_IDPOOL_MAX_SIZE 64 * 1024 192 193 typedef struct smb_idpool { 194 uint32_t id_magic; 195 kmutex_t id_mutex; 196 uint8_t *id_pool; 197 uint32_t id_size; 198 uint8_t id_bit; 199 uint8_t id_bit_idx; 200 uint32_t id_idx; 201 uint32_t id_idx_msk; 202 uint32_t id_free_counter; 203 uint32_t id_max_free_counter; 204 } smb_idpool_t; 205 206 /* 207 * Maximum size of a Netbios Request. 208 * 0x1FFFF -> Maximum size of the data 209 * 4 -> Size of the Netbios header 210 */ 211 #define NETBIOS_REQ_MAX_SIZE (0x1FFFF + 0x4) 212 213 /* 214 * IR104720 Experiments with Windows 2000 indicate that we achieve better 215 * SmbWriteX performance with a buffer size of 64KB instead of the 37KB 216 * used with Windows NT4.0. Previous experiments with NT4.0 resulted in 217 * directory listing problems so this buffer size is configurable based 218 * on the end-user environment. When in doubt use 37KB. 219 * 220 * smb_maxbufsize (smb_negotiate.c) is setup from SMB_NT_MAXBUF during 221 * initialization. 222 */ 223 #define NBMAXBUF 8 224 #define SMB_NT_MAXBUF(S) (((S) * 1024) - NBMAXBUF) 225 extern int smb_maxbufsize; 226 227 #define OUTBUFSIZE (65 * 1024) 228 #define SMBHEADERSIZE 32 229 #define SMBND_HASH_MASK (0xFF) 230 #define MAX_IOVEC 512 231 #define MAX_READREF (8 * 1024) 232 233 #define SMB_WORKER_MIN 4 234 #define SMB_WORKER_DEFAULT 64 235 #define SMB_WORKER_MAX 1024 236 237 /* 238 * Fix align a pointer or offset appropriately so that fields will not 239 * cross word boundaries. 240 */ 241 #define PTRALIGN(x) \ 242 (((uintptr_t)(x) + (uintptr_t)(_POINTER_ALIGNMENT) - 1l) & \ 243 ~((uintptr_t)(_POINTER_ALIGNMENT) - 1l)) 244 245 /* 246 * native os types are defined in win32/smbinfo.h 247 */ 248 249 /* 250 * All 4 different time / date formats that will bee seen in SMB 251 */ 252 typedef struct { 253 uint16_t Day : 5; 254 uint16_t Month : 4; 255 uint16_t Year : 7; 256 } SMB_DATE; 257 258 typedef struct { 259 uint16_t TwoSeconds : 5; 260 uint16_t Minutes : 6; 261 uint16_t Hours : 5; 262 } SMB_TIME; 263 264 265 typedef uint32_t UTIME; /* seconds since Jan 1 1970 */ 266 267 typedef struct smb_malloc_list { 268 struct smb_malloc_list *forw; 269 struct smb_malloc_list *back; 270 } smb_malloc_list; 271 272 typedef struct smb_llist { 273 krwlock_t ll_lock; 274 list_t ll_list; 275 uint32_t ll_count; 276 uint64_t ll_wrop; 277 } smb_llist_t; 278 279 typedef struct smb_slist { 280 kmutex_t sl_mutex; 281 kcondvar_t sl_cv; 282 list_t sl_list; 283 uint32_t sl_count; 284 boolean_t sl_waiting; 285 } smb_slist_t; 286 287 typedef struct { 288 kcondvar_t rwx_cv; 289 kmutex_t rwx_mutex; 290 krwlock_t rwx_lock; 291 boolean_t rwx_waiting; 292 } smb_rwx_t; 293 294 /* NOTIFY CHANGE */ 295 296 typedef struct smb_notify_change_req { 297 list_node_t nc_lnd; 298 struct smb_node *nc_node; 299 uint32_t nc_reply_type; 300 uint32_t nc_flags; 301 } smb_notify_change_req_t; 302 303 /* 304 * SMB operates over a NetBIOS-over-TCP transport (NBT) or directly 305 * over TCP, which is also known as direct hosted NetBIOS-less SMB 306 * or SMB-over-TCP. 307 * 308 * NBT messages have a 4-byte header that defines the message type 309 * (8-bits), a 7-bit flags field and a 17-bit length. 310 * 311 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 312 * | TYPE | FLAGS |E| LENGTH | 313 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 314 * 315 * 8-bit type Defined in RFC 1002 316 * 7-bit flags Bits 0-6 reserved (must be 0) 317 * Bit 7: Length extension bit (E) 318 * 17-bit length Includes bit 7 of the flags byte 319 * 320 * 321 * SMB-over-TCP is defined to use a modified version of the NBT header 322 * containing an 8-bit message type and 24-bit message length. 323 * 324 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 325 * | TYPE | LENGTH | 326 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 327 * 328 * 8-bit type Must be 0 329 * 24-bit length 330 * 331 * The following structure is used to represent a generic, in-memory 332 * SMB transport header; it is not intended to map directly to either 333 * of the over-the-wire formats. 334 */ 335 typedef struct { 336 uint8_t xh_type; 337 uint32_t xh_length; 338 } smb_xprt_t; 339 340 struct mbuf_chain { 341 volatile uint32_t flags; /* Various flags */ 342 struct mbuf_chain *shadow_of; /* I'm shadowing someone */ 343 struct mbuf *chain; /* Start of chain */ 344 int32_t max_bytes; /* max # of bytes for chain */ 345 int32_t chain_offset; /* Current offset into chain */ 346 }; 347 348 int MBC_LENGTH(struct mbuf_chain *MBC); 349 void MBC_SETUP(struct mbuf_chain *MBC, uint32_t max_bytes); 350 void MBC_INIT(struct mbuf_chain *MBC, uint32_t max_bytes); 351 void MBC_FLUSH(struct mbuf_chain *MBC); 352 void MBC_ATTACH_MBUF(struct mbuf_chain *MBC, struct mbuf *MBUF); 353 void MBC_APPEND_MBUF(struct mbuf_chain *MBC, struct mbuf *MBUF); 354 void MBC_ATTACH_BUF(struct mbuf_chain *MBC, unsigned char *BUF, int LEN); 355 int MBC_SHADOW_CHAIN(struct mbuf_chain *SUBMBC, struct mbuf_chain *MBC, 356 int OFF, int LEN); 357 358 #define MBC_ROOM_FOR(b, n) (((b)->chain_offset + (n)) <= (b)->max_bytes) 359 360 typedef struct smb_oplock { 361 struct smb_ofile *op_ofile; 362 uint32_t op_flags; 363 } smb_oplock_t; 364 365 #define OPLOCK_FLAG_BREAKING 1 366 367 #define OPLOCK_RELEASE_LOCK_RELEASED 0 368 #define OPLOCK_RELEASE_FILE_CLOSED 1 369 370 #define DOS_ATTR_VALID 0x80000000 371 372 #define SMB_VFS_MAGIC 0x534D4256 /* 'SMBV' */ 373 374 typedef struct smb_vfs { 375 uint32_t sv_magic; 376 list_node_t sv_lnd; 377 uint32_t sv_refcnt; 378 vfs_t *sv_vfsp; 379 vnode_t *sv_rootvp; 380 } smb_vfs_t; 381 382 #define SMB_NODE_MAGIC 0x4E4F4445 /* 'NODE' */ 383 384 typedef enum { 385 SMB_NODE_STATE_AVAILABLE = 0, 386 SMB_NODE_STATE_DESTROYING 387 } smb_node_state_t; 388 389 typedef struct smb_node { 390 uint32_t n_magic; 391 smb_rwx_t n_lock; 392 krwlock_t n_share_lock; 393 list_node_t n_lnd; 394 smb_node_state_t n_state; 395 uint32_t n_refcnt; 396 uint32_t n_hashkey; 397 smb_llist_t *n_hash_bucket; 398 uint64_t n_orig_session_id; 399 uint32_t n_orig_uid; 400 smb_llist_t n_ofile_list; 401 smb_llist_t n_lock_list; 402 volatile int flags; /* FILE_NOTIFY_CHANGE_* */ 403 volatile int waiting_event; /* # of clients requesting FCN */ 404 smb_attr_t attr; 405 unsigned int what; 406 u_offset_t n_size; 407 smb_oplock_t n_oplock; 408 struct smb_node *dir_snode; /* Directory of node */ 409 struct smb_node *unnamed_stream_node; /* set in stream nodes */ 410 /* Credentials for delayed delete */ 411 cred_t *delete_on_close_cred; 412 char od_name[MAXNAMELEN]; 413 timestruc_t set_mtime; 414 fs_desc_t tree_fsd; 415 vnode_t *vp; 416 smb_audit_buf_node_t *n_audit_buf; 417 418 } smb_node_t; 419 420 #define NODE_FLAGS_NOTIFY_CHANGE 0x10000fff 421 #define NODE_OPLOCKS_IN_FORCE 0x0000f000 422 #define NODE_OPLOCK_NONE 0x00000000 423 #define NODE_EXCLUSIVE_OPLOCK 0x00001000 424 #define NODE_BATCH_OPLOCK 0x00002000 425 #define NODE_LEVEL_II_OPLOCK 0x00003000 426 #define NODE_CAP_LEVEL_II 0x00010000 427 #define NODE_PROTOCOL_LOCK 0x00020000 428 #define NODE_READ_ONLY 0x00040000 429 #define NODE_CREATED_READONLY 0x00080000 430 #define NODE_FLAGS_WRITE_THROUGH 0x00100000 431 #define NODE_FLAGS_SYNCATIME 0x00200000 432 #define NODE_FLAGS_LOCKED 0x00400000 433 #define NODE_FLAGS_ATTR_VALID 0x00800000 434 #define NODE_FLAGS_CREATED 0x04000000 435 #define NODE_FLAGS_CHANGED 0x08000000 436 #define NODE_FLAGS_WATCH_TREE 0x10000000 437 #define NODE_FLAGS_SET_SIZE 0x20000000 438 #define NODE_FLAGS_DELETE_ON_CLOSE 0x40000000 439 #define NODE_FLAGS_EXECUTABLE 0x80000000 440 441 #define NODE_IS_READONLY(node) \ 442 ((node->attr.sa_dosattr & FILE_ATTRIBUTE_READONLY) || \ 443 (node->flags & NODE_READ_ONLY) || \ 444 (node->flags & NODE_CREATED_READONLY)) 445 446 #define OPLOCK_TYPE(n) ((n)->flags & NODE_OPLOCKS_IN_FORCE) 447 #define OPLOCKS_IN_FORCE(n) (OPLOCK_TYPE(n) != NODE_OPLOCK_NONE) 448 #define EXCLUSIVE_OPLOCK_IN_FORCE(n) \ 449 (OPLOCK_TYPE(n) == NODE_EXCLUSIVE_OPLOCK) 450 #define BATCH_OPLOCK_IN_FORCE(n) (OPLOCK_TYPE(n) == NODE_BATCH_OPLOCK) 451 #define LEVEL_II_OPLOCK_IN_FORCE(n) (OPLOCK_TYPE(n) == NODE_LEVEL_II_OPLOCK) 452 453 /* 454 * Based on section 2.6.1.2 (Connection Management) of the June 13, 455 * 1996 CIFS spec, a server may terminate the transport connection 456 * due to inactivity. The client software is expected to be able to 457 * automatically reconnect to the server if this happens. Like much 458 * of the useful background information, this section appears to 459 * have been dropped from later revisions of the document. 460 * 461 * Each session has an activity timestamp that's updated whenever a 462 * request is dispatched. If the session is idle, i.e. receives no 463 * requests, for SMB_SESSION_INACTIVITY_TIMEOUT minutes it will be 464 * closed. 465 * 466 * Each session has an I/O semaphore to serialize communication with 467 * the client. For example, after receiving a raw-read request, the 468 * server is not allowed to send an oplock break to the client until 469 * after it has sent the raw-read data. 470 */ 471 #define SMB_SESSION_INACTIVITY_TIMEOUT (15 * 60) 472 473 #define SMB_SESSION_OFILE_MAX (16 * 1024) 474 475 /* 476 * When a connection is set up we need to remember both the client 477 * (peer) IP address and the local IP address used to establish the 478 * connection. When a client connects with a vc number of zero, we 479 * are supposed to abort any existing connections with that client 480 * (see notes in smb_negotiate.c and smb_session_setup_andx.c). For 481 * servers with multiple network interfaces or IP aliases, however, 482 * each interface has to be managed independently since the client 483 * is not aware of the server configuration. We have to allow the 484 * client to establish a connection on each interface with a vc 485 * number of zero without aborting the other connections. 486 * 487 * ipaddr: the client (peer) IP address for the session. 488 * local_ipaddr: the local IP address used to connect to the server. 489 */ 490 491 #define SMB_MAC_KEYSZ 512 492 493 struct smb_sign { 494 unsigned int seqnum; 495 unsigned int mackey_len; 496 unsigned int flags; 497 unsigned char mackey[SMB_MAC_KEYSZ]; 498 }; 499 500 #define SMB_SIGNING_ENABLED 1 501 #define SMB_SIGNING_CHECK 2 502 503 /* 504 * Session State Machine 505 * --------------------- 506 * 507 * +-----------------------------+ +------------------------------+ 508 * | SMB_SESSION_STATE_CONNECTED | | SMB_SESSION_STATE_TERMINATED | 509 * +-----------------------------+ +------------------------------+ 510 * T0| ^ 511 * +--------------------+ |T13 512 * v |T14 | 513 * +-------------------------------+ | +--------------------------------+ 514 * | SMB_SESSION_STATE_ESTABLISHED |---+--->| SMB_SESSION_STATE_DISCONNECTED | 515 * +-------------------------------+ +--------------------------------+ 516 * T1| ^ ^ ^ ^ 517 * +----------+ |T9 | | | 518 * v | | | | 519 * +------------------------------+ | | | 520 * | SMB_SESSION_STATE_NEGOTIATED | | | | 521 * +------------------------------+ | | | 522 * ^| ^| | ^ | | | 523 * +----------------+| || | | | | | 524 * |+----------------+ || T7| |T8 | | | 525 * || || | | | | | 526 * || +----------------+| | | | | | 527 * || |+----------------+ | | | | | 528 * || || v | | | | 529 * || || +-----------------------------------+ T10| | | 530 * || || | SMB_SESSION_STATE_OPLOCK_BREAKING |----+ | | 531 * || || +-----------------------------------+ | | 532 * || ||T5 | | 533 * || |+-->+-----------------------------------+ T11| | 534 * || |T6 | SMB_SESSION_STATE_READ_RAW_ACTIVE |------+ | 535 * || +----+-----------------------------------+ | 536 * ||T3 | 537 * |+------->+------------------------------------+ T12| 538 * |T4 | SMB_SESSION_STATE_WRITE_RAW_ACTIVE |-------+ 539 * +---------+------------------------------------+ 540 * 541 * Transition T0 542 * 543 * 544 * 545 * Transition T1 546 * 547 * 548 * 549 * Transition T2 550 * 551 * 552 * 553 * Transition T3 554 * 555 * 556 * 557 * Transition T4 558 * 559 * 560 * 561 * Transition T5 562 * 563 * 564 * 565 * Transition T6 566 * 567 * 568 * 569 * Transition T7 570 * 571 * 572 * 573 * Transition T8 574 * 575 * 576 * 577 * Transition T9 578 * 579 * 580 * 581 * Transition T10 582 * 583 * 584 * 585 * Transition T11 586 * 587 * 588 * 589 * Transition T12 590 * 591 * 592 * 593 * Transition T13 594 * 595 * 596 * 597 * Transition T14 598 * 599 * 600 * 601 */ 602 #define SMB_SESSION_MAGIC 0x53455353 /* 'SESS' */ 603 604 typedef enum { 605 SMB_SESSION_STATE_DISCONNECTED = 0, 606 SMB_SESSION_STATE_CONNECTED, 607 SMB_SESSION_STATE_ESTABLISHED, 608 SMB_SESSION_STATE_NEGOTIATED, 609 SMB_SESSION_STATE_OPLOCK_BREAKING, 610 SMB_SESSION_STATE_WRITE_RAW_ACTIVE, 611 SMB_SESSION_STATE_TERMINATED 612 } smb_session_state_t; 613 614 struct smb_session { 615 uint32_t s_magic; 616 smb_rwx_t s_lock; 617 list_node_t s_lnd; 618 uint64_t s_kid; 619 smb_session_state_t s_state; 620 uint32_t s_flags; 621 int s_write_raw_status; 622 smb_thread_t s_thread; 623 uint32_t keep_alive; 624 uint64_t opentime; 625 uint16_t vcnumber; 626 uint16_t s_local_port; 627 uint32_t ipaddr; 628 uint32_t local_ipaddr; 629 char workstation[SMB_PI_MAX_HOST]; 630 int dialect; 631 int native_os; 632 uint32_t capabilities; 633 struct smb_sign signing; 634 635 struct sonode *sock; 636 637 smb_slist_t s_req_list; 638 smb_llist_t s_xa_list; 639 smb_llist_t s_user_list; 640 smb_idpool_t s_uid_pool; 641 642 volatile uint32_t s_tree_cnt; 643 volatile uint32_t s_file_cnt; 644 volatile uint32_t s_dir_cnt; 645 646 uint16_t secmode; 647 uint32_t sesskey; 648 uint32_t challenge_len; 649 unsigned char challenge_key[8]; 650 unsigned char MAC_key[44]; 651 int64_t activity_timestamp; 652 /* 653 * Maximum negotiated buffer size between SMB client and server 654 * in SMB_SESSION_SETUP_ANDX 655 */ 656 uint16_t smb_msg_size; 657 uchar_t *outpipe_data; 658 int outpipe_datalen; 659 int outpipe_cookie; 660 }; 661 662 #define SMB_USER_MAGIC 0x55534552 /* 'USER' */ 663 664 #define SMB_USER_FLAG_GUEST SMB_ATF_GUEST 665 #define SMB_USER_FLAG_IPC SMB_ATF_ANON 666 #define SMB_USER_FLAG_ADMIN SMB_ATF_ADMIN 667 #define SMB_USER_FLAG_POWER_USER SMB_ATF_POWERUSER 668 #define SMB_USER_FLAG_BACKUP_OPERATOR SMB_ATF_BACKUPOP 669 670 #define SMB_USER_PRIV_TAKE_OWNERSHIP 0x00000001 671 #define SMB_USER_PRIV_BACKUP 0x00000002 672 #define SMB_USER_PRIV_RESTORE 0x00000004 673 #define SMB_USER_PRIV_SECURITY 0x00000008 674 675 676 typedef enum { 677 SMB_USER_STATE_LOGGED_IN = 0, 678 SMB_USER_STATE_LOGGING_OFF, 679 SMB_USER_STATE_LOGGED_OFF 680 } smb_user_state_t; 681 682 typedef struct smb_user { 683 uint32_t u_magic; 684 list_node_t u_lnd; 685 kmutex_t u_mutex; 686 smb_user_state_t u_state; 687 688 smb_session_t *u_session; 689 uint16_t u_name_len; 690 char *u_name; 691 uint16_t u_domain_len; 692 char *u_domain; 693 time_t u_logon_time; 694 cred_t *u_cred; 695 696 smb_llist_t u_tree_list; 697 smb_idpool_t u_tid_pool; 698 699 uint32_t u_refcnt; 700 uint32_t u_flags; 701 uint32_t u_privileges; 702 uint16_t u_uid; 703 uint32_t u_audit_sid; 704 } smb_user_t; 705 706 #define SMB_TREE_MAGIC 0x54524545 /* 'TREE' */ 707 #define SMB_TREE_TYPENAME_SZ 8 708 709 typedef enum { 710 SMB_TREE_STATE_CONNECTED = 0, 711 SMB_TREE_STATE_DISCONNECTING, 712 SMB_TREE_STATE_DISCONNECTED 713 } smb_tree_state_t; 714 715 typedef struct smb_tree { 716 uint32_t t_magic; 717 kmutex_t t_mutex; 718 list_node_t t_lnd; 719 smb_tree_state_t t_state; 720 721 smb_session_t *t_session; 722 smb_user_t *t_user; 723 smb_node_t *t_snode; 724 725 smb_llist_t t_ofile_list; 726 smb_idpool_t t_fid_pool; 727 728 smb_llist_t t_odir_list; 729 smb_idpool_t t_sid_pool; 730 731 uint32_t t_refcnt; 732 uint32_t t_flags; 733 int32_t t_res_type; 734 uint16_t t_tid; 735 uint16_t t_access; 736 uint16_t t_umask; 737 char t_sharename[MAXNAMELEN]; 738 char t_resource[MAXPATHLEN]; 739 char t_typename[SMB_TREE_TYPENAME_SZ]; 740 fs_desc_t t_fsd; 741 acl_type_t t_acltype; 742 } smb_tree_t; 743 744 /* Tree access bits */ 745 #define SMB_TREE_NO_ACCESS 0x0000 746 #define SMB_TREE_READ_ONLY 0x0001 747 #define SMB_TREE_READ_WRITE 0x0002 748 749 /* 750 * Tree flags 751 * 752 * SMB_TREE_FLAG_ACLONCREATE Underlying FS supports ACL on create. 753 * 754 * SMB_TREE_FLAG_ACEMASKONACCESS Underlying FS understands 32-bit access mask 755 */ 756 #define SMB_TREE_FLAG_OPEN 0x0001 757 #define SMB_TREE_FLAG_CLOSE 0x0002 758 #define SMB_TREE_FLAG_ACLONCREATE 0x0004 759 #define SMB_TREE_FLAG_ACEMASKONACCESS 0x0008 760 #define SMB_TREE_FLAG_IGNORE_CASE 0x0010 761 #define SMB_TREE_FLAG_NFS_MOUNTED 0x0020 762 #define SMB_TREE_FLAG_UFS 0x0040 763 #define SMB_TREE_CLOSED(tree) ((tree)->t_flags & SMB_TREE_FLAG_CLOSE) 764 765 /* 766 * SMB_TREE_CASE_INSENSITIVE returns whether operations on a given tree 767 * will be case-insensitive or not. SMB_TREE_FLAG_IGNORE_CASE is set at 768 * share set up time based on file system capability and client preference. 769 */ 770 771 #define SMB_TREE_CASE_INSENSITIVE(sr) \ 772 (((sr) && (sr)->tid_tree) ? \ 773 ((sr)->tid_tree->t_flags & SMB_TREE_FLAG_IGNORE_CASE) : 0) 774 775 /* 776 * SMB_TREE_ROOT_FS is called by certain smb_fsop_* functions to make sure 777 * that a given vnode is in the same file system as the share root. 778 */ 779 780 #define SMB_TREE_ROOT_FS(sr, node) \ 781 (((sr) && (sr)->tid_tree) ? \ 782 ((sr)->tid_tree->t_snode->vp->v_vfsp == (node)->vp->v_vfsp) : 1) 783 784 #define SMB_TREE_IS_READ_ONLY(sr) \ 785 ((sr) && ((sr)->tid_tree->t_access == SMB_TREE_READ_ONLY)) 786 787 788 #define PIPE_STATE_AUTH_VERIFY 0x00000001 789 790 /* 791 * The of_ftype of an open file should contain the SMB_FTYPE value 792 * (cifs.h) returned when the file/pipe was opened. The following 793 * assumptions are currently made: 794 * 795 * File Type Node PipeInfo 796 * --------- -------- -------- 797 * SMB_FTYPE_DISK Valid Null 798 * SMB_FTYPE_BYTE_PIPE Undefined Undefined 799 * SMB_FTYPE_MESG_PIPE Null Valid 800 * SMB_FTYPE_PRINTER Undefined Undefined 801 * SMB_FTYPE_UNKNOWN Undefined Undefined 802 */ 803 804 /* 805 * Some flags for ofile structure 806 * 807 * SMB_OFLAGS_SET_DELETE_ON_CLOSE 808 * Set this flag when the corresponding open operation whose 809 * DELETE_ON_CLOSE bit of the CreateOptions is set. If any 810 * open file instance has this bit set, the NODE_FLAGS_DELETE_ON_CLOSE 811 * will be set for the file node upon close. 812 */ 813 814 #define SMB_OFLAGS_SET_DELETE_ON_CLOSE 0x0004 815 #define SMB_OFLAGS_LLF_POS_VALID 0x0008 816 817 #define SMB_OFILE_MAGIC 0x4F464C45 /* 'OFLE' */ 818 819 typedef enum { 820 SMB_OFILE_STATE_OPEN = 0, 821 SMB_OFILE_STATE_CLOSING, 822 SMB_OFILE_STATE_CLOSED 823 } smb_ofile_state_t; 824 825 typedef struct smb_ofile { 826 uint32_t f_magic; 827 kmutex_t f_mutex; 828 list_node_t f_lnd; 829 list_node_t f_nnd; 830 smb_ofile_state_t f_state; 831 832 smb_session_t *f_session; 833 smb_user_t *f_user; 834 smb_tree_t *f_tree; 835 smb_node_t *f_node; 836 837 mlsvc_pipe_t *f_pipe_info; 838 839 uint32_t f_uniqid; 840 uint32_t f_refcnt; 841 uint64_t f_seek_pos; 842 uint32_t f_flags; 843 uint32_t f_granted_access; 844 uint32_t f_share_access; 845 uint32_t f_create_options; 846 uint16_t f_fid; 847 uint16_t f_opened_by_pid; 848 uint16_t f_ftype; 849 uint64_t f_llf_pos; 850 cred_t *f_cr; 851 } smb_ofile_t; 852 853 /* odir flags bits */ 854 #define SMB_DIR_FLAG_OPEN 0x0001 855 #define SMB_DIR_FLAG_CLOSE 0x0002 856 #define SMB_DIR_CLOSED(dir) ((dir)->d_flags & SMB_DIR_FLAG_CLOSE) 857 858 #define SMB_ODIR_MAGIC 0x4F444952 /* 'ODIR' */ 859 860 typedef enum { 861 SMB_ODIR_STATE_OPEN = 0, 862 SMB_ODIR_STATE_CLOSING, 863 SMB_ODIR_STATE_CLOSED 864 } smb_odir_state_t; 865 866 typedef struct smb_odir { 867 uint32_t d_magic; 868 kmutex_t d_mutex; 869 list_node_t d_lnd; 870 smb_odir_state_t d_state; 871 872 smb_session_t *d_session; 873 smb_user_t *d_user; 874 smb_tree_t *d_tree; 875 876 uint32_t d_refcnt; 877 uint32_t d_cookie; 878 uint16_t d_sid; 879 uint16_t d_opened_by_pid; 880 uint16_t d_sattr; 881 char d_pattern[MAXNAMELEN]; 882 struct smb_node *d_dir_snode; 883 unsigned int d_wildcards; 884 } smb_odir_t; 885 886 typedef struct smb_odir_context { 887 uint32_t dc_cookie; 888 uint16_t dc_dattr; 889 char dc_name[MAXNAMELEN]; /* Real 'Xxxx.yyy.xx' */ 890 char dc_name83[14]; /* w/ dot 'XXXX .XX ' */ 891 char dc_shortname[14]; /* w/ dot 'XXXX.XX' */ 892 smb_attr_t dc_attr; 893 } smb_odir_context_t; 894 895 #define SMB_LOCK_MAGIC 0x4C4F434B /* 'LOCK' */ 896 897 typedef struct smb_lock { 898 uint32_t l_magic; 899 kmutex_t l_mutex; 900 list_node_t l_lnd; 901 kcondvar_t l_cv; 902 903 list_node_t l_conflict_lnd; 904 smb_slist_t l_conflict_list; 905 906 smb_session_t *l_session; 907 smb_ofile_t *l_file; 908 smb_request_t *l_sr; 909 910 uint32_t l_flags; 911 uint64_t l_session_kid; 912 struct smb_lock *l_blocked_by; /* Debug info only */ 913 914 uint16_t l_pid; 915 uint16_t l_uid; 916 uint32_t l_type; 917 uint64_t l_start; 918 uint64_t l_length; 919 clock_t l_end_time; 920 } smb_lock_t; 921 922 #define SMB_LOCK_FLAG_INDEFINITE 0x0004 923 #define SMB_LOCK_INDEFINITE_WAIT(lock) \ 924 ((lock)->l_flags & SMB_LOCK_FLAG_INDEFINITE) 925 926 #define SMB_LOCK_TYPE_READWRITE 101 927 #define SMB_LOCK_TYPE_READONLY 102 928 929 930 struct smb_fqi { /* fs_query_info */ 931 char *path; 932 uint16_t srch_attr; 933 struct smb_node *dir_snode; 934 smb_attr_t dir_attr; 935 char last_comp[MAXNAMELEN]; 936 int last_comp_was_found; 937 char last_comp_od[MAXNAMELEN]; 938 struct smb_node *last_snode; 939 smb_attr_t last_attr; 940 }; 941 942 #define SMB_NULL_FQI_NODES(fqi) \ 943 (fqi).last_snode = NULL; \ 944 (fqi).dir_snode = NULL; 945 946 #define FQM_DIR_MUST_EXIST 1 947 #define FQM_PATH_MUST_EXIST 2 948 #define FQM_PATH_MUST_NOT_EXIST 3 949 950 #define MYF_OPLOCK_MASK 0x000000F0 951 #define MYF_OPLOCK_NONE 0x00000000 952 #define MYF_EXCLUSIVE_OPLOCK 0x00000010 953 #define MYF_BATCH_OPLOCK 0x00000020 954 #define MYF_LEVEL_II_OPLOCK 0x00000030 955 #define MYF_MUST_BE_DIRECTORY 0x00000100 956 957 #define MYF_OPLOCK_TYPE(o) ((o) & MYF_OPLOCK_MASK) 958 #define MYF_OPLOCKS_REQUEST(o) (MYF_OPLOCK_TYPE(o) != MYF_OPLOCK_NONE) 959 #define MYF_IS_EXCLUSIVE_OPLOCK(o) (MYF_OPLOCK_TYPE(o) == MYF_EXCLUSIVE_OPLOCK) 960 #define MYF_IS_BATCH_OPLOCK(o) (MYF_OPLOCK_TYPE(o) == MYF_BATCH_OPLOCK) 961 #define MYF_IS_LEVEL_II_OPLOCK(o) (MYF_OPLOCK_TYPE(o) == MYF_LEVEL_II_OPLOCK) 962 963 #define OPLOCK_MIN_TIMEOUT (5 * 1000) 964 #define OPLOCK_STD_TIMEOUT (15 * 1000) 965 966 967 /* 968 * SMB Request State Machine 969 * ------------------------- 970 * 971 * T4 +------+ T0 972 * +--------------------------->| FREE |---------------------------+ 973 * | +------+ | 974 * +-----------+ | 975 * | COMPLETED | | 976 * +-----------+ 977 * ^ | 978 * | T15 +----------+ v 979 * +------------+ T6 | | +--------------+ 980 * | CLEANED_UP |<-----------------| CANCELED | | INITIALIZING | 981 * +------------+ | | +--------------+ 982 * | ^ +----------+ | 983 * | | ^ ^ ^ ^ | 984 * | | +-------------+ | | | | 985 * | | T3 | | | | T13 | T1 986 * | +-------------------------+ | | +----------------------+ | 987 * +----------------------------+ | | | | | 988 * T16 | | | | +-----------+ | | 989 * | \/ | | T5 | | v 990 * +-----------------+ | T12 +--------+ | T2 +-----------+ 991 * | EVENT_OCCURRED |------------->| ACTIVE |<--------------------| SUBMITTED | 992 * +-----------------+ | +--------+ | +-----------+ 993 * ^ | | ^ | | 994 * | | T8 | | | T7 | 995 * | T10 T9 | +----------+ | +-------+ | T11 996 * | | | +-------+ | | 997 * | | | T14 | | | 998 * | | v | v | 999 * +----------------------+ +--------------+ 1000 * | WAITING_EVENT | | WAITING_LOCK | 1001 * +----------------------+ +--------------+ 1002 * 1003 * 1004 * 1005 * 1006 * 1007 * Transition T0 1008 * 1009 * This transition occurs when the request is allocated and is still under the 1010 * control of the session thread. 1011 * 1012 * Transition T1 1013 * 1014 * This transition occurs when the session thread dispatches a task to treat the 1015 * request. 1016 * 1017 * Transition T2 1018 * 1019 * 1020 * 1021 * Transition T3 1022 * 1023 * A request completes and smbsr_cleanup is called to release resources 1024 * associated with the request (but not the smb_request_t itself). This 1025 * includes references on smb_ofile_t, smb_node_t, and other structures. 1026 * CLEANED_UP state exists to detect if we attempt to cleanup a request 1027 * multiple times and to allow us to detect that we are accessing a 1028 * request that has already been cleaned up. 1029 * 1030 * Transition T4 1031 * 1032 * 1033 * 1034 * Transition T5 1035 * 1036 * 1037 * 1038 * Transition T6 1039 * 1040 * 1041 * 1042 * Transition T7 1043 * 1044 * 1045 * 1046 * Transition T8 1047 * 1048 * 1049 * 1050 * Transition T9 1051 * 1052 * 1053 * 1054 * Transition T10 1055 * 1056 * 1057 * 1058 * Transition T11 1059 * 1060 * 1061 * 1062 * Transition T12 1063 * 1064 * 1065 * 1066 * Transition T13 1067 * 1068 * 1069 * 1070 * Transition T14 1071 * 1072 * 1073 * 1074 * Transition T15 1075 * 1076 * Request processing is completed (control returns from smb_dispatch) 1077 * 1078 * Transition T16 1079 * 1080 * Multipart (andx) request was cleaned up with smbsr_cleanup but more "andx" 1081 * sections remain to be processed. 1082 * 1083 */ 1084 1085 #define SMB_REQ_MAGIC 0x534D4252 /* 'SMBR' */ 1086 1087 typedef enum smb_req_state { 1088 SMB_REQ_STATE_FREE = 0, 1089 SMB_REQ_STATE_INITIALIZING, 1090 SMB_REQ_STATE_SUBMITTED, 1091 SMB_REQ_STATE_ACTIVE, 1092 SMB_REQ_STATE_WAITING_EVENT, 1093 SMB_REQ_STATE_EVENT_OCCURRED, 1094 SMB_REQ_STATE_WAITING_LOCK, 1095 SMB_REQ_STATE_COMPLETED, 1096 SMB_REQ_STATE_CANCELED, 1097 SMB_REQ_STATE_CLEANED_UP 1098 } smb_req_state_t; 1099 1100 struct smb_request { 1101 uint32_t sr_magic; 1102 kmutex_t sr_mutex; 1103 list_node_t sr_session_lnd; 1104 smb_req_state_t sr_state; 1105 boolean_t sr_keep; 1106 1107 struct smb_session *session; 1108 1109 smb_notify_change_req_t sr_ncr; 1110 1111 /* Info from session service header */ 1112 uint32_t sr_req_length; /* Excluding NBT header */ 1113 1114 /* Request buffer excluding NBT header */ 1115 void *sr_request_buf; 1116 1117 /* Fields for raw writes */ 1118 uint32_t sr_raw_data_length; 1119 void *sr_raw_data_buf; 1120 1121 smb_lock_t *sr_awaiting; 1122 struct mbuf_chain command; 1123 struct mbuf_chain reply; 1124 struct mbuf_chain raw_data; 1125 smb_malloc_list request_storage; 1126 struct smb_xa *r_xa; 1127 int andx_prev_wct; 1128 int cur_reply_offset; 1129 int orig_request_hdr; 1130 unsigned int reply_seqnum; /* reply sequence number */ 1131 unsigned char first_smb_com; /* command code */ 1132 unsigned char smb_com; /* command code */ 1133 unsigned char smb_rcls; /* error code class */ 1134 unsigned char smb_reh; /* rsvd (AH DOS INT-24 ERR) */ 1135 uint16_t smb_err; /* error code */ 1136 uint8_t smb_flg; /* flags */ 1137 uint16_t smb_flg2; /* flags */ 1138 uint16_t smb_pid_high; /* high part of pid */ 1139 unsigned char smb_sig[8]; /* signiture */ 1140 uint16_t smb_tid; /* tree id # */ 1141 uint16_t smb_pid; /* caller's process id # */ 1142 uint16_t smb_uid; /* user id # */ 1143 uint16_t smb_mid; /* mutiplex id # */ 1144 unsigned char smb_wct; /* count of parameter words */ 1145 uint16_t smb_bcc; /* data byte count */ 1146 1147 /* Parameters */ 1148 struct mbuf_chain smb_vwv; /* variable width value */ 1149 1150 /* Data */ 1151 struct mbuf_chain smb_data; 1152 1153 uint16_t smb_fid; /* not in hdr, but common */ 1154 uint16_t smb_sid; /* not in hdr, but common */ 1155 1156 unsigned char andx_com; 1157 uint16_t andx_off; 1158 1159 struct smb_tree *tid_tree; 1160 struct smb_ofile *fid_ofile; 1161 struct smb_odir *sid_odir; 1162 smb_user_t *uid_user; 1163 1164 union { 1165 struct { 1166 char *path; 1167 char *service; 1168 int pwdlen; 1169 char *password; 1170 uint16_t flags; 1171 } tcon; 1172 1173 struct open_param { 1174 struct smb_fqi fqi; 1175 uint16_t omode; 1176 uint16_t oflags; 1177 uint16_t ofun; 1178 uint32_t my_flags; 1179 uint32_t timeo; 1180 uint32_t dattr; 1181 timestruc_t utime; 1182 uint64_t dsize; 1183 uint32_t desired_access; 1184 uint32_t share_access; 1185 uint32_t create_options; 1186 uint32_t create_disposition; 1187 uint32_t ftype, devstate; 1188 uint32_t action_taken; 1189 uint64_t fileid; 1190 /* This is only set by NTTransactCreate */ 1191 smb_sd_t *sd; 1192 } open; 1193 1194 struct { 1195 struct smb_fqi fqi; 1196 struct smb_fqi dst_fqi; 1197 } dirop; 1198 1199 } arg; 1200 1201 label_t exjb; 1202 cred_t *user_cr; 1203 }; 1204 1205 #define SMB_READ_PROTOCOL(smb_nh_ptr) \ 1206 LE_IN32(((smb_nethdr_t *)(smb_nh_ptr))->sh_protocol) 1207 1208 #define SMB_PROTOCOL_MAGIC_INVALID(rd_sr) \ 1209 (SMB_READ_PROTOCOL((rd_sr)->sr_request_buf) != SMB_PROTOCOL_MAGIC) 1210 1211 #define SMB_READ_COMMAND(smb_nh_ptr) \ 1212 (((smb_nethdr_t *)(smb_nh_ptr))->sh_command) 1213 1214 #define SMB_IS_WRITERAW(rd_sr) \ 1215 (SMB_READ_COMMAND((rd_sr)->sr_request_buf) == SMB_COM_WRITE_RAW) 1216 1217 1218 #define SR_FLG_OFFSET 9 1219 1220 #define MAX_TRANS_NAME 64 1221 1222 #define SMB_XA_FLAG_OPEN 0x0001 1223 #define SMB_XA_FLAG_CLOSE 0x0002 1224 #define SMB_XA_FLAG_COMPLETE 0x0004 1225 #define SMB_XA_CLOSED(xa) (!((xa)->xa_flags & SMB_XA_FLAG_OPEN)) 1226 1227 #define SMB_XA_MAGIC 0x534D4258 /* 'SMBX' */ 1228 1229 typedef struct smb_xa { 1230 uint32_t xa_magic; 1231