1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright 2019 Nexenta Systems, Inc. All rights reserved.
24 * Copyright 2020 RackTop Systems, Inc.
25 */
26
27 #include <sys/atomic.h>
28 #include <sys/synch.h>
29 #include <sys/types.h>
30 #include <sys/sdt.h>
31 #include <sys/random.h>
32 #include <smbsrv/netbios.h>
33 #include <smbsrv/smb2_kproto.h>
34 #include <smbsrv/string.h>
35 #include <netinet/tcp.h>
36
37 /* How many iovec we'll handle as a local array (no allocation) */
38 #define SMB_LOCAL_IOV_MAX 16
39
40 #define SMB_NEW_KID() atomic_inc_64_nv(&smb_kids)
41
42 static volatile uint64_t smb_kids;
43
44 /*
45 * We track the keepalive in minutes, but this constant
46 * specifies it in seconds, so convert to minutes.
47 */
48 uint32_t smb_keep_alive = SMB_PI_KEEP_ALIVE_MIN / 60;
49
50 /*
51 * This is the maximum time we'll allow a "session" to exist with no
52 * authenticated smb_user_t objects on it. This allows a client to
53 * logoff their "one and only" user session and then logon as some
54 * different user. (There are some tests that do that.) The same
55 * timeout mechanism also reduces the impact of clients that might
56 * open TCP connections but never authenticate.
57 */
58 int smb_session_auth_tmo = 30; /* sec. */
59
60 /*
61 * There are many smbtorture test cases that send
62 * racing requests, and where the tests fail if we
63 * don't execute them in exactly the order sent.
64 * These are test bugs. The protocol makes no
65 * guarantees about execution order of requests
66 * that are concurrently active.
67 *
68 * Nonetheless, smbtorture has many useful tests,
69 * so we have this work-around we can enable to
70 * basically force sequential execution. When
71 * enabled, insert a delay after each request is
72 * issued a taskq job. Enable this with mdb by
73 * setting smb_reader_delay to 10. Don't make it
74 * more than 500 or so or the server will appear
75 * to be so slow that tests may time out.
76 */
77 int smb_reader_delay = 0; /* mSec. */
78
79 static int smbsr_newrq_initial(smb_request_t *);
80
81 static void smb_session_cancel(smb_session_t *);
82 static int smb_session_reader(smb_session_t *);
83 static int smb_session_xprt_puthdr(smb_session_t *,
84 uint8_t msg_type, uint32_t msg_len,
85 uint8_t *dst, size_t dstlen);
86 static void smb_session_disconnect_trees(smb_session_t *);
87 static void smb_request_init_command_mbuf(smb_request_t *sr);
88 static void smb_session_genkey(smb_session_t *);
89
90 /*
91 * This (legacy) code is in support of an "idle timeout" feature,
92 * which is apparently incomplete. To complete it, we should:
93 * when the keep_alive timer expires, check whether the client
94 * has any open files, and if not then kill their session.
95 * Right now the timers are there, but nothing happens when
96 * a timer expires.
97 *
98 * Todo: complete logic to kill idle sessions.
99 *
100 * Only called when sv_cfg.skc_keepalive != 0
101 */
102 void
103 smb_session_timers(smb_server_t *sv)
104 {
105 smb_session_t *session;
106 smb_llist_t *ll;
107
108 ll = &sv->sv_session_list;
109 smb_llist_enter(ll, RW_READER);
110 session = smb_llist_head(ll);
111 while (session != NULL) {
112 /*
113 * Walk through the table and decrement each keep_alive
114 * timer that has not timed out yet. (keepalive > 0)
115 */
116 SMB_SESSION_VALID(session);
117 if (session->keep_alive &&
118 (session->keep_alive != (uint32_t)-1))
119 session->keep_alive--;
120
121 session = smb_llist_next(ll, session);
122 }
123 smb_llist_exit(ll);
124 }
125
126 /*
127 * Send a session message - supports SMB-over-NBT and SMB-over-TCP.
128 * If an mbuf chain is provided (optional), it will be freed and
129 * set to NULL -- unconditionally! (error or not)
130 *
131 * Builds a I/O vector (uio/iov) to do the send from mbufs, plus one
132 * segment for the 4-byte NBT header.
133 */
134 int
135 smb_session_send(smb_session_t *session, uint8_t nbt_type, mbuf_chain_t *mbc)
136 {
137 uio_t uio;
138 iovec_t local_iov[SMB_LOCAL_IOV_MAX];
139 iovec_t *alloc_iov = NULL;
140 int alloc_sz = 0;
141 mbuf_t *m;
142 uint8_t nbt_hdr[NETBIOS_HDR_SZ];
143 uint32_t nbt_len;
144 int i, nseg;
145 int rc;
146
147 switch (session->s_state) {
148 case SMB_SESSION_STATE_DISCONNECTED:
149 case SMB_SESSION_STATE_TERMINATED:
150 rc = ENOTCONN;
151 goto out;
152 default:
153 break;
154 }
155
156 /*
157 * Setup the IOV. First, count the number of IOV segments
158 * (plus one for the NBT header) and decide whether we
159 * need to allocate an iovec or can use local_iov;
160 */
161 bzero(&uio, sizeof (uio));
162 nseg = 1;
163 m = (mbc != NULL) ? mbc->chain : NULL;
164 while (m != NULL) {
165 nseg++;
166 m = m->m_next;
167 }
168 if (nseg <= SMB_LOCAL_IOV_MAX) {
169 uio.uio_iov = local_iov;
170 } else {
171 alloc_sz = nseg * sizeof (iovec_t);
172 alloc_iov = kmem_alloc(alloc_sz, KM_SLEEP);
173 uio.uio_iov = alloc_iov;
174 }
175 uio.uio_iovcnt = nseg;
176 uio.uio_segflg = UIO_SYSSPACE;
177 uio.uio_extflg = UIO_COPY_DEFAULT;
178
179 /*
180 * Build the iov list, meanwhile computing the length of
181 * the SMB payload (to put in the NBT header).
182 */
183 uio.uio_iov[0].iov_base = (void *)nbt_hdr;
184 uio.uio_iov[0].iov_len = sizeof (nbt_hdr);
185 i = 1;
186 nbt_len = 0;
187 m = (mbc != NULL) ? mbc->chain : NULL;
188 while (m != NULL) {
189 uio.uio_iov[i].iov_base = m->m_data;
190 uio.uio_iov[i++].iov_len = m->m_len;
191 nbt_len += m->m_len;
192 m = m->m_next;
193 }
194 ASSERT3S(i, ==, nseg);
195
196 /*
197 * Set the NBT header, set uio_resid
198 */
199 uio.uio_resid = nbt_len + NETBIOS_HDR_SZ;
200 rc = smb_session_xprt_puthdr(session, nbt_type, nbt_len,
201 nbt_hdr, NETBIOS_HDR_SZ);
202 if (rc != 0)
203 goto out;
204
205 smb_server_add_txb(session->s_server, (int64_t)uio.uio_resid);
206 rc = smb_net_send_uio(session, &uio);
207
208 out:
209 if (alloc_iov != NULL)
210 kmem_free(alloc_iov, alloc_sz);
211 if ((mbc != NULL) && (mbc->chain != NULL)) {
212 m_freem(mbc->chain);
213 mbc->chain = NULL;
214 mbc->flags = 0;
215 }
216 return (rc);
217 }
218
219 /*
220 * Read, process and respond to a NetBIOS session request.
221 *
222 * A NetBIOS session must be established for SMB-over-NetBIOS. Validate
223 * the calling and called name format and save the client NetBIOS name,
224 * which is used when a NetBIOS session is established to check for and
225 * cleanup leftover state from a previous session.
226 *
227 * Session requests are not valid for SMB-over-TCP, which is unfortunate
228 * because without the client name leftover state cannot be cleaned up
229 * if the client is behind a NAT server.
230 */
231 static int
232 smb_netbios_session_request(struct smb_session *session)
233 {
234 int rc;
235 char *calling_name;
236 char *called_name;
237 char client_name[NETBIOS_NAME_SZ];
238 struct mbuf_chain mbc;
239 char *names = NULL;
240 smb_wchar_t *wbuf = NULL;
241 smb_xprt_t hdr;
242 char *p;
243 int rc1, rc2;
244
245 session->keep_alive = smb_keep_alive;
246
247 if ((rc = smb_session_xprt_gethdr(session, &hdr)) != 0)
248 return (rc);
249
250 DTRACE_PROBE2(receive__session__req__xprthdr, struct session *, session,
251 smb_xprt_t *, &hdr);
252
253 if ((hdr.xh_type != SESSION_REQUEST) ||
254 (hdr.xh_length != NETBIOS_SESSION_REQUEST_DATA_LENGTH)) {
255 DTRACE_PROBE1(receive__session__req__failed,
256 struct session *, session);
257 return (EINVAL);
258 }
259
260 names = kmem_alloc(hdr.xh_length, KM_SLEEP);
261
262 if ((rc = smb_sorecv(session->sock, names, hdr.xh_length)) != 0) {
263 kmem_free(names, hdr.xh_length);
264 DTRACE_PROBE1(receive__session__req__failed,
265 struct session *, session);
266 return (rc);
267 }
268
269 DTRACE_PROBE3(receive__session__req__data, struct session *, session,
270 char *, names, uint32_t, hdr.xh_length);
271
272 called_name = &names[0];
273 calling_name = &names[NETBIOS_ENCODED_NAME_SZ + 2];
274
275 rc1 = netbios_name_isvalid(called_name, 0);
276 rc2 = netbios_name_isvalid(calling_name, client_name);
277
278 if (rc1 == 0 || rc2 == 0) {
279
280 DTRACE_PROBE3(receive__invalid__session__req,
281 struct session *, session, char *, names,
282 uint32_t, hdr.xh_length);
283
284 kmem_free(names, hdr.xh_length);
285 MBC_INIT(&mbc, MAX_DATAGRAM_LENGTH);
286 (void) smb_mbc_encodef(&mbc, "b",
287 DATAGRAM_INVALID_SOURCE_NAME_FORMAT);
288 (void) smb_session_send(session, NEGATIVE_SESSION_RESPONSE,
289 &mbc);
290 return (EINVAL);
291 }
292
293 DTRACE_PROBE3(receive__session__req__calling__decoded,
294 struct session *, session,
295 char *, calling_name, char *, client_name);
296
297 /*
298 * The client NetBIOS name is in oem codepage format.
299 * We need to convert it to unicode and store it in
300 * multi-byte format. We also need to strip off any
301 * spaces added as part of the NetBIOS name encoding.
302 */
303 wbuf = kmem_alloc((SMB_PI_MAX_HOST * sizeof (smb_wchar_t)), KM_SLEEP);
304 (void) oemtoucs(wbuf, client_name, SMB_PI_MAX_HOST, OEM_CPG_850);
305 (void) smb_wcstombs(session->workstation, wbuf, SMB_PI_MAX_HOST);
306 kmem_free(wbuf, (SMB_PI_MAX_HOST * sizeof (smb_wchar_t)));
307
308 if ((p = strchr(session->workstation, ' ')) != 0)
309 *p = '\0';
310
311 kmem_free(names, hdr.xh_length);
312 return (smb_session_send(session, POSITIVE_SESSION_RESPONSE, NULL));
313 }
314
315 /*
316 * Read 4-byte header from the session socket and build an in-memory
317 * session transport header. See smb_xprt_t definition for header
318 * format information.
319 *
320 * Direct hosted NetBIOS-less SMB (SMB-over-TCP) uses port 445. The
321 * first byte of the four-byte header must be 0 and the next three
322 * bytes contain the length of the remaining data.
323 */
324 int
325 smb_session_xprt_gethdr(smb_session_t *session, smb_xprt_t *ret_hdr)
326 {
327 int rc;
328 unsigned char buf[NETBIOS_HDR_SZ];
329
330 if ((rc = smb_sorecv(session->sock, buf, NETBIOS_HDR_SZ)) != 0)
331 return (rc);
332
333 switch (session->s_local_port) {
334 case IPPORT_NETBIOS_SSN:
335 ret_hdr->xh_type = buf[0];
336 ret_hdr->xh_length = (((uint32_t)buf[1] & 1) << 16) |
337 ((uint32_t)buf[2] << 8) |
338 ((uint32_t)buf[3]);
339 break;
340
341 case IPPORT_SMB:
342 ret_hdr->xh_type = buf[0];
343
344 if (ret_hdr->xh_type != 0) {
345 cmn_err(CE_WARN, "invalid NBT type (%u) from %s",
346 ret_hdr->xh_type, session->ip_addr_str);
347 return (EPROTO);
348 }
349
350 ret_hdr->xh_length = ((uint32_t)buf[1] << 16) |
351 ((uint32_t)buf[2] << 8) |
352 ((uint32_t)buf[3]);
353 break;
354
355 default:
356 cmn_err(CE_WARN, "invalid port %u", session->s_local_port);
357 return (EPROTO);
358 }
359
360 return (0);
361 }
362
363 /*
364 * Encode a transport session packet header into a 4-byte buffer.
365 */
366 static int
367 smb_session_xprt_puthdr(smb_session_t *session,
368 uint8_t msg_type, uint32_t msg_length,
369 uint8_t *buf, size_t buflen)
370 {
371 if (buf == NULL || buflen < NETBIOS_HDR_SZ) {
372 return (-1);
373 }
374
375 switch (session->s_local_port) {
376 case IPPORT_NETBIOS_SSN:
377 /* Per RFC 1001, 1002: msg. len < 128KB */
378 if (msg_length >= (1 << 17))
379 return (-1);
380 buf[0] = msg_type;
381 buf[1] = ((msg_length >> 16) & 1);
382 buf[2] = (msg_length >> 8) & 0xff;
383 buf[3] = msg_length & 0xff;
384 break;
385
386 case IPPORT_SMB:
387 /*
388 * SMB over TCP is like NetBIOS but the one byte
389 * message type is always zero, and the length
390 * part is three bytes. It could actually use
391 * longer messages, but this is conservative.
392 */
393 if (msg_length >= (1 << 24))
394 return (-1);
395 buf[0] = msg_type;
396 buf[1] = (msg_length >> 16) & 0xff;
397 buf[2] = (msg_length >> 8) & 0xff;
398 buf[3] = msg_length & 0xff;
399 break;
400
401 default:
402 cmn_err(CE_WARN, "invalid port %u", session->s_local_port);
403 return (-1);
404 }
405
406 return (0);
407 }
408
409 static void
410 smb_request_init_command_mbuf(smb_request_t *sr)
411 {
412
413 /*
414 * Setup mbuf using the buffer we allocated.
415 */
416 MBC_ATTACH_BUF(&sr->command, sr->sr_request_buf, sr->sr_req_length);
417
418 sr->command.flags = 0;
419 sr->command.shadow_of = NULL;
420 }
421
422 /*
423 * smb_request_cancel
424 *
425 * Handle a cancel for a request properly depending on the current request
426 * state.
427 */
428 void
429 smb_request_cancel(smb_request_t *sr)
430 {
431 void (*cancel_method)(smb_request_t *) = NULL;
432
433 mutex_enter(&sr->sr_mutex);
434 switch (sr->sr_state) {
435
436 case SMB_REQ_STATE_INITIALIZING:
437 case SMB_REQ_STATE_SUBMITTED:
438 case SMB_REQ_STATE_ACTIVE:
439 case SMB_REQ_STATE_CLEANED_UP:
440 sr->sr_state = SMB_REQ_STATE_CANCELLED;
441 break;
442
443 case SMB_REQ_STATE_WAITING_AUTH:
444 case SMB_REQ_STATE_WAITING_FCN1:
445 case SMB_REQ_STATE_WAITING_LOCK:
446 case SMB_REQ_STATE_WAITING_PIPE:
447 /*
448 * These are states that have a cancel_method.
449 * Make the state change now, to ensure that
450 * we call cancel_method exactly once. Do the
451 * method call below, after we drop sr_mutex.
452 * When the cancelled request thread resumes,
453 * it should re-take sr_mutex and set sr_state
454 * to CANCELLED, then return STATUS_CANCELLED.
455 */
456 sr->sr_state = SMB_REQ_STATE_CANCEL_PENDING;
457 cancel_method = sr->cancel_method;
458 VERIFY(cancel_method != NULL);
459 break;
460
461 case SMB_REQ_STATE_WAITING_FCN2:
462 case SMB_REQ_STATE_COMPLETED:
463 case SMB_REQ_STATE_CANCEL_PENDING:
464 case SMB_REQ_STATE_CANCELLED:
465 /*
466 * No action required for these states since the request
467 * is completing.
468 */
469 break;
470
471 case SMB_REQ_STATE_FREE:
472 default:
473 SMB_PANIC();
474 }
475 mutex_exit(&sr->sr_mutex);
476
477 if (cancel_method != NULL) {
478 cancel_method(sr);
479 }
480 }
481
482 /*
483 * smb_session_receiver
484 *
485 * Receives request from the network and dispatches them to a worker.
486 *
487 * When we receive a disconnect here, it _could_ be due to the server
488 * having initiated disconnect, in which case the session state will be
489 * SMB_SESSION_STATE_TERMINATED and we want to keep that state so later
490 * tear-down logic will know which side initiated.
491 */
492 void
493 smb_session_receiver(smb_session_t *session)
494 {
495 int rc = 0;
496 timeout_id_t tmo = NULL;
497
498 SMB_SESSION_VALID(session);
499
500 session->s_thread = curthread;
501
502 if (session->s_local_port == IPPORT_NETBIOS_SSN) {
503 rc = smb_netbios_session_request(session);
504 if (rc != 0) {
505 smb_rwx_rwenter(&session->s_lock, RW_WRITER);
506 if (session->s_state != SMB_SESSION_STATE_TERMINATED)
507 session->s_state =
508 SMB_SESSION_STATE_DISCONNECTED;
509 smb_rwx_rwexit(&session->s_lock);
510 return;
511 }
512 }
513
514 smb_rwx_rwenter(&session->s_lock, RW_WRITER);
515 session->s_state = SMB_SESSION_STATE_ESTABLISHED;
516 session->s_auth_tmo = timeout((tmo_func_t)smb_session_disconnect,
517 session, SEC_TO_TICK(smb_session_auth_tmo));
518 smb_rwx_rwexit(&session->s_lock);
519
520 (void) smb_session_reader(session);
521
522 smb_rwx_rwenter(&session->s_lock, RW_WRITER);
523 if (session->s_state != SMB_SESSION_STATE_TERMINATED)
524 session->s_state = SMB_SESSION_STATE_DISCONNECTED;
525 tmo = session->s_auth_tmo;
526 session->s_auth_tmo = NULL;
527 smb_rwx_rwexit(&session->s_lock);
528
529 /* Timeout callback takes s_lock. See untimeout(9f) */
530 if (tmo != NULL)
531 (void) untimeout(tmo);
532
533 smb_soshutdown(session->sock);
534
535 DTRACE_PROBE2(session__drop, struct session *, session, int, rc);
536
537 smb_session_cancel(session);
538 /*
539 * At this point everything related to the session should have been
540 * cleaned up and we expect that nothing will attempt to use the
541 * socket.
542 */
543 }
544
545 /*
546 * smb_session_disconnect
547 *
548 * Server-initiated disconnect (i.e. server shutdown)
549 */
550 void
551 smb_session_disconnect(smb_session_t *session)
552 {
553 SMB_SESSION_VALID(session);
554
555 smb_rwx_rwenter(&session->s_lock, RW_WRITER);
556 switch (session->s_state) {
557 case SMB_SESSION_STATE_INITIALIZED:
558 case SMB_SESSION_STATE_CONNECTED:
559 case SMB_SESSION_STATE_ESTABLISHED:
560 case SMB_SESSION_STATE_NEGOTIATED:
561 smb_soshutdown(session->sock);
562 session->s_state = SMB_SESSION_STATE_TERMINATED;
563 break;
564 case SMB_SESSION_STATE_DISCONNECTED:
565 case SMB_SESSION_STATE_TERMINATED:
566 break;
567 }
568 smb_rwx_rwexit(&session->s_lock);
569 }
570
571 /*
572 * Read and process SMB requests.
573 *
574 * Returns:
575 * 0 Success
576 * 1 Unable to read transport header
577 * 2 Invalid transport header type
578 * 3 Invalid SMB length (too small)
579 * 4 Unable to read SMB header
580 * 5 Invalid SMB header (bad magic number)
581 * 6 Unable to read SMB data
582 */
583 static int
584 smb_session_reader(smb_session_t *session)
585 {
586 smb_server_t *sv;
587 smb_request_t *sr = NULL;
588 smb_xprt_t hdr;
589 uint8_t *req_buf;
590 uint32_t resid;
591 int rc;
592
593 sv = session->s_server;
594
595 for (;;) {
596
597 rc = smb_session_xprt_gethdr(session, &hdr);
598 if (rc)
599 return (rc);
600
601 DTRACE_PROBE2(session__receive__xprthdr, session_t *, session,
602 smb_xprt_t *, &hdr);
603
604 if (hdr.xh_type != SESSION_MESSAGE) {
605 /*
606 * Anything other than SESSION_MESSAGE or
607 * SESSION_KEEP_ALIVE is an error. A SESSION_REQUEST
608 * may indicate a new session request but we need to
609 * close this session and we can treat it as an error
610 * here.
611 */
612 if (hdr.xh_type == SESSION_KEEP_ALIVE) {
613 session->keep_alive = smb_keep_alive;
614 continue;
615 }
616 return (EPROTO);
617 }
618
619 if (hdr.xh_length == 0) {
620 /* zero length is another form of keep alive */
621 session->keep_alive = smb_keep_alive;
622 continue;
623 }
624
625 if (hdr.xh_length < SMB_HEADER_LEN)
626 return (EPROTO);
627 if (hdr.xh_length > session->cmd_max_bytes)
628 return (EPROTO);
629
630 session->keep_alive = smb_keep_alive;
631
632 /*
633 * Allocate a request context, read the whole message.
634 * If the request alloc fails, we've disconnected
635 * and won't be able to send the reply anyway, so bail now.
636 */
637 if ((sr = smb_request_alloc(session, hdr.xh_length)) == NULL)
638 break;
639
640 req_buf = (uint8_t *)sr->sr_request_buf;
641 resid = hdr.xh_length;
642
643 rc = smb_sorecv(session->sock, req_buf, resid);
644 if (rc) {
645 smb_request_free(sr);
646 break;
647 }
648
649 /* accounting: received bytes */
650 smb_server_add_rxb(sv,
651 (int64_t)(hdr.xh_length + NETBIOS_HDR_SZ));
652
653 /*
654 * Initialize command MBC to represent the received data.
655 */
656 smb_request_init_command_mbuf(sr);
657
658 DTRACE_PROBE1(session__receive__smb, smb_request_t *, sr);
659
660 rc = session->newrq_func(sr);
661 sr = NULL; /* enqueued or freed */
662 if (rc != 0)
663 break;
664
665 /* See notes where this is defined (above). */
666 if (smb_reader_delay) {
667 delay(MSEC_TO_TICK(smb_reader_delay));
668 }
669 }
670 return (rc);
671 }
672
673 /*
674 * This is the initial handler for new smb requests, called from
675 * from smb_session_reader when we have not yet seen any requests.
676 * The first SMB request must be "negotiate", which determines
677 * which protocol and dialect we'll be using. That's the ONLY
678 * request type handled here, because with all later requests,
679 * we know the protocol and handle those with either the SMB1 or
680 * SMB2 handlers: smb1sr_post() or smb2sr_post().
681 * Those do NOT allow SMB negotiate, because that's only allowed
682 * as the first request on new session.
683 *
684 * This and other "post a request" handlers must either enqueue
685 * the new request for the session taskq, or smb_request_free it
686 * (in case we've decided to drop this connection). In this
687 * (special) new request handler, we always free the request.
688 *
689 * Return value is 0 for success, and anything else will
690 * terminate the reader thread (drop the connection).
691 */
692 static int
693 smbsr_newrq_initial(smb_request_t *sr)
694 {
695 uint32_t magic;
696 int rc = EPROTO;
697
698 mutex_enter(&sr->sr_mutex);
699 sr->sr_state = SMB_REQ_STATE_ACTIVE;
700 mutex_exit(&sr->sr_mutex);
701
702 magic = SMB_READ_PROTOCOL(sr->sr_request_buf);
703 if (magic == SMB_PROTOCOL_MAGIC)
704 rc = smb1_newrq_negotiate(sr);
705 if (magic == SMB2_PROTOCOL_MAGIC)
706 rc = smb2_newrq_negotiate(sr);
707
708 mutex_enter(&sr->sr_mutex);
709 sr->sr_state = SMB_REQ_STATE_COMPLETED;
710 mutex_exit(&sr->sr_mutex);
711
712 smb_request_free(sr);
713 return (rc);
714 }
715
716 /*
717 * Port will be IPPORT_NETBIOS_SSN or IPPORT_SMB.
718 */
719 smb_session_t *
720 smb_session_create(ksocket_t new_so, uint16_t port, smb_server_t *sv,
721 int family)
722 {
723 struct sockaddr_in sin;
724 socklen_t slen;
725 struct sockaddr_in6 sin6;
726 smb_session_t *session;
727 int64_t now;
728 uint16_t rport;
729
730 session = kmem_cache_alloc(smb_cache_session, KM_SLEEP);
731 bzero(session, sizeof (smb_session_t));
732
733 if (smb_idpool_constructor(&session->s_uid_pool)) {
734 kmem_cache_free(smb_cache_session, session);
735 return (NULL);
736 }
737 if (smb_idpool_constructor(&session->s_tid_pool)) {
738 smb_idpool_destructor(&session->s_uid_pool);
739 kmem_cache_free(smb_cache_session, session);
740 return (NULL);
741 }
742
743 now = ddi_get_lbolt64();
744
745 session->s_server = sv;
746 session->s_kid = SMB_NEW_KID();
747 session->s_state = SMB_SESSION_STATE_INITIALIZED;
748 session->native_os = NATIVE_OS_UNKNOWN;
749 session->opentime = now;
750 session->keep_alive = smb_keep_alive;
751 session->activity_timestamp = now;
752 smb_session_genkey(session);
753
754 mutex_init(&session->s_credits_mutex, NULL, MUTEX_DEFAULT, NULL);
755
756 smb_slist_constructor(&session->s_req_list, sizeof (smb_request_t),
757 offsetof(smb_request_t, sr_session_lnd));
758
759 smb_llist_constructor(&session->s_user_list, sizeof (smb_user_t),
760 offsetof(smb_user_t, u_lnd));
761
762 smb_llist_constructor(&session->s_tree_list, sizeof (smb_tree_t),
763 offsetof(smb_tree_t, t_lnd));
764
765 smb_llist_constructor(&session->s_xa_list, sizeof (smb_xa_t),
766 offsetof(smb_xa_t, xa_lnd));
767
768 smb_net_txl_constructor(&session->s_txlst);
769
770 smb_rwx_init(&session->s_lock);
771
772 session->s_srqueue = &sv->sv_srqueue;
773 smb_server_get_cfg(sv, &session->s_cfg);
774
775 if (new_so == NULL) {
776 /*
777 * This call is creating the special "server" session,
778 * used for kshare export, oplock breaks, CA import.
779 * CA import creates temporary trees on this session
780 * and those should never get map/unmap up-calls, so
781 * force the map/unmap flags zero on this session.
782 * Set a "modern" dialect for CA import too, so
783 * pathname parse doesn't do OS/2 stuff, etc.
784 */
785 session->s_cfg.skc_execflags = 0;
786 session->dialect = session->s_cfg.skc_max_protocol;
787 } else {
788 if (family == AF_INET) {
789 slen = sizeof (sin);
790 (void) ksocket_getsockname(new_so,
791 (struct sockaddr *)&sin, &slen, CRED());
792 bcopy(&sin.sin_addr,
793 &session->local_ipaddr.au_addr.au_ipv4,
794 sizeof (in_addr_t));
795 slen = sizeof (sin);
796 (void) ksocket_getpeername(new_so,
797 (struct sockaddr *)&sin, &slen, CRED());
798 bcopy(&sin.sin_addr,
799 &session->ipaddr.au_addr.au_ipv4,
800 sizeof (in_addr_t));
801 rport = sin.sin_port;
802 } else {
803 slen = sizeof (sin6);
804 (void) ksocket_getsockname(new_so,
805 (struct sockaddr *)&sin6, &slen, CRED());
806 bcopy(&sin6.sin6_addr,
807 &session->local_ipaddr.au_addr.au_ipv6,
808 sizeof (in6_addr_t));
809 slen = sizeof (sin6);
810 (void) ksocket_getpeername(new_so,
811 (struct sockaddr *)&sin6, &slen, CRED());
812 bcopy(&sin6.sin6_addr,
813 &session->ipaddr.au_addr.au_ipv6,
814 sizeof (in6_addr_t));
815 rport = sin6.sin6_port;
816 }
817 session->ipaddr.a_family = family;
818 session->local_ipaddr.a_family = family;
819 session->s_local_port = port;
820 session->s_remote_port = ntohs(rport);
821 session->sock = new_so;
822 (void) smb_inet_ntop(&session->ipaddr,
823 session->ip_addr_str, INET6_ADDRSTRLEN);
824 if (port == IPPORT_NETBIOS_SSN)
825 smb_server_inc_nbt_sess(sv);
826 else
827 smb_server_inc_tcp_sess(sv);
828 }
829
830 /*
831 * The initial new request handler is special,
832 * and only accepts negotiation requests.
833 */
834 session->newrq_func = smbsr_newrq_initial;
835
836 /* These may increase in SMB2 negotiate. */
837 session->cmd_max_bytes = SMB_REQ_MAX_SIZE;
838 session->reply_max_bytes = SMB_REQ_MAX_SIZE;
839
840 session->s_magic = SMB_SESSION_MAGIC;
841 return (session);
842 }
843
844 void
845 smb_session_delete(smb_session_t *session)
846 {
847
848 ASSERT(session->s_magic == SMB_SESSION_MAGIC);
849
850 if (session->enc_mech != NULL)
851 smb3_encrypt_fini(session);
852
853 if (session->sign_fini != NULL)
854 session->sign_fini(session);
855
856 if (session->signing.mackey != NULL) {
857 kmem_free(session->signing.mackey,
858 session->signing.mackey_len);
859 }
860
861 if (session->preauth_mech != NULL)
862 smb31_preauth_fini(session);
863
864 session->s_magic = 0;
865
866 smb_rwx_destroy(&session->s_lock);
867 smb_net_txl_destructor(&session->s_txlst);
868
869 mutex_destroy(&session->s_credits_mutex);
870
871 smb_slist_destructor(&session->s_req_list);
872 smb_llist_destructor(&session->s_tree_list);
873 smb_llist_destructor(&session->s_user_list);
874 smb_llist_destructor(&session->s_xa_list);
875
876 ASSERT(session->s_tree_cnt == 0);
877 ASSERT(session->s_file_cnt == 0);
878 ASSERT(session->s_dir_cnt == 0);
879
880 smb_idpool_destructor(&session->s_tid_pool);
881 smb_idpool_destructor(&session->s_uid_pool);
882 if (session->sock != NULL) {
883 if (session->s_local_port == IPPORT_NETBIOS_SSN)
884 smb_server_dec_nbt_sess(session->s_server);
885 else
886 smb_server_dec_tcp_sess(session->s_server);
887 smb_sodestroy(session->sock);
888 }
889 kmem_cache_free(smb_cache_session, session);
890 }
891
892 static void
893 smb_session_cancel(smb_session_t *session)
894 {
895 smb_xa_t *xa, *nextxa;
896
897 /* All the request currently being treated must be canceled. */
898 smb_session_cancel_requests(session, NULL, NULL);
899
900 /*
901 * We wait for the completion of all the requests associated with
902 * this session.
903 */
904 smb_slist_wait_for_empty(&session->s_req_list);
905
906 /*
907 * Cleanup transact state objects
908 */
909 xa = smb_llist_head(&session->s_xa_list);
910 while (xa) {
911 nextxa = smb_llist_next(&session->s_xa_list, xa);
912 smb_xa_close(xa);
913 xa = nextxa;
914 }
915
916 /*
917 * At this point the reference count of the files and directories
918 * should be zero. It should be possible to destroy them without
919 * any problem, which should trigger the destruction of other objects.
920 */
921 smb_session_logoff(session);
922 }
923
924 /*
925 * Cancel requests. If a non-null tree is specified, only requests specific
926 * to that tree will be cancelled. If a non-null sr is specified, that sr
927 * will be not be cancelled - this would typically be the caller's sr.
928 */
929 void
930 smb_session_cancel_requests(
931 smb_session_t *session,
932 smb_tree_t *tree,
933 smb_request_t *exclude_sr)
934 {
935 smb_request_t *sr;
936
937 smb_slist_enter(&session->s_req_list);
938 sr = smb_slist_head(&session->s_req_list);
939
940 while (sr) {
941 ASSERT(sr->sr_magic == SMB_REQ_MAGIC);
942 if ((sr != exclude_sr) &&
943 (tree == NULL || sr->tid_tree == tree))
944 smb_request_cancel(sr);
945
946 sr = smb_slist_next(&session->s_req_list, sr);
947 }
948
949 smb_slist_exit(&session->s_req_list);
950 }
951
952 /*
953 * Find a user on the specified session by SMB UID.
954 */
955 smb_user_t *
956 smb_session_lookup_uid(smb_session_t *session, uint16_t uid)
957 {
958 return (smb_session_lookup_uid_st(session, 0, uid,
959 SMB_USER_STATE_LOGGED_ON));
960 }
961
962 /*
963 * Find a user on the specified session by SMB2 SSNID.
964 */
965 smb_user_t *
966 smb_session_lookup_ssnid(smb_session_t *session, uint64_t ssnid)
967 {
968 return (smb_session_lookup_uid_st(session, ssnid, 0,
969 SMB_USER_STATE_LOGGED_ON));
970 }
971
972 smb_user_t *
973 smb_session_lookup_uid_st(smb_session_t *session, uint64_t ssnid,
974 uint16_t uid, smb_user_state_t st)
975 {
976 smb_user_t *user;
977 smb_llist_t *user_list;
978
979 SMB_SESSION_VALID(session);
980
981 user_list = &session->s_user_list;
982 smb_llist_enter(user_list, RW_READER);
983
984 for (user = smb_llist_head(user_list);
985 user != NULL;
986 user = smb_llist_next(user_list, user)) {
987
988 SMB_USER_VALID(user);
989 ASSERT(user->u_session == session);
990
991 if (user->u_ssnid != ssnid && user->u_uid != uid)
992 continue;
993
994 mutex_enter(&user->u_mutex);
995 if (user->u_state == st) {
996 // smb_user_hold_internal(user);
997 user->u_refcnt++;
998 mutex_exit(&user->u_mutex);
999 break;
1000 }
1001 mutex_exit(&user->u_mutex);
1002 }
1003
1004 smb_llist_exit(user_list);
1005 return (user);
1006 }
1007
1008 /*
1009 * Find a tree by tree-id.
1010 */
1011 smb_tree_t *
1012 smb_session_lookup_tree(
1013 smb_session_t *session,
1014 uint16_t tid)
1015 {
1016 smb_tree_t *tree;
1017
1018 SMB_SESSION_VALID(session);
1019
1020 smb_llist_enter(&session->s_tree_list, RW_READER);
1021 tree = smb_llist_head(&session->s_tree_list);
1022
1023 while (tree) {
1024 ASSERT3U(tree->t_magic, ==, SMB_TREE_MAGIC);
1025 ASSERT(tree->t_session == session);
1026
1027 if (tree->t_tid == tid) {
1028 if (smb_tree_hold(tree)) {
1029 smb_llist_exit(&session->s_tree_list);
1030 return (tree);
1031 } else {
1032 smb_llist_exit(&session->s_tree_list);
1033 return (NULL);
1034 }
1035 }
1036
1037 tree = smb_llist_next(&session->s_tree_list, tree);
1038 }
1039
1040 smb_llist_exit(&session->s_tree_list);
1041 return (NULL);
1042 }
1043
1044 /*
1045 * Disconnect all trees that match the specified client process-id.
1046 * Used by the SMB1 "process exit" request.
1047 */
1048 void
1049 smb_session_close_pid(
1050 smb_session_t *session,
1051 uint32_t pid)
1052 {
1053 smb_llist_t *tree_list = &session->s_tree_list;
1054 smb_tree_t *tree;
1055
1056 smb_llist_enter(tree_list, RW_READER);
1057
1058 tree = smb_llist_head(tree_list);
1059 while (tree) {
1060 if (smb_tree_hold(tree)) {
1061 smb_tree_close_pid(tree, pid);
1062 smb_tree_release(tree);
1063 }
1064 tree = smb_llist_next(tree_list, tree);
1065 }
1066
1067 smb_llist_exit(tree_list);
1068 }
1069
1070 static void
1071 smb_session_tree_dtor(void *arg)
1072 {
1073 smb_tree_t *tree = arg;
1074
1075 smb_tree_disconnect(tree, B_TRUE);
1076 /* release the ref acquired during the traversal loop */
1077 smb_tree_release(tree);
1078 }
1079
1080
1081 /*
1082 * Disconnect all trees that this user has connected.
1083 */
1084 void
1085 smb_session_disconnect_owned_trees(
1086 smb_session_t *session,
1087 smb_user_t *owner)
1088 {
1089 smb_tree_t *tree;
1090 smb_llist_t *tree_list = &session->s_tree_list;
1091
1092 SMB_SESSION_VALID(session);
1093 SMB_USER_VALID(owner);
1094
1095 smb_llist_enter(tree_list, RW_READER);
1096
1097 tree = smb_llist_head(tree_list);
1098 while (tree) {
1099 if ((tree->t_owner == owner) &&
1100 smb_tree_hold(tree)) {
1101 /*
1102 * smb_tree_hold() succeeded, hence we are in state
1103 * SMB_TREE_STATE_CONNECTED; schedule this tree
1104 * for disconnect after smb_llist_exit because
1105 * the "unmap exec" up-call can block, and we'd
1106 * rather not block with the tree list locked.
1107 */
1108 smb_llist_post(tree_list, tree, smb_session_tree_dtor);
1109 }
1110 tree = smb_llist_next(tree_list, tree);
1111 }
1112
1113 /* drop the lock and flush the dtor queue */
1114 smb_llist_exit(tree_list);
1115 }
1116
1117 /*
1118 * Disconnect all trees that this user has connected.
1119 */
1120 static void
1121 smb_session_disconnect_trees(
1122 smb_session_t *session)
1123 {
1124 smb_llist_t *tree_list = &session->s_tree_list;
1125 smb_tree_t *tree;
1126
1127 smb_llist_enter(tree_list, RW_READER);
1128
1129 tree = smb_llist_head(tree_list);
1130 while (tree) {
1131 if (smb_tree_hold(tree)) {
1132 smb_llist_post(tree_list, tree,
1133 smb_session_tree_dtor);
1134 }
1135 tree = smb_llist_next(tree_list, tree);
1136 }
1137
1138 /* drop the lock and flush the dtor queue */
1139 smb_llist_exit(tree_list);
1140 }
1141
1142 /*
1143 * Variant of smb_session_tree_dtor that also
1144 * cancels requests using this tree.
1145 */
1146 static void
1147 smb_session_tree_kill(void *arg)
1148 {
1149 smb_tree_t *tree = arg;
1150
1151 SMB_TREE_VALID(tree);
1152
1153 smb_tree_disconnect(tree, B_TRUE);
1154 smb_session_cancel_requests(tree->t_session, tree, NULL);
1155
1156 /* release the ref acquired during the traversal loop */
1157 smb_tree_release(tree);
1158 }
1159
1160 /*
1161 * Disconnect all trees that match the specified share name,
1162 * and kill requests using those trees.
1163 */
1164 void
1165 smb_session_disconnect_share(
1166 smb_session_t *session,
1167 const char *sharename)
1168 {
1169 smb_llist_t *ll;
1170 smb_tree_t *tree;
1171
1172 SMB_SESSION_VALID(session);
1173
1174 ll = &session->s_tree_list;
1175 smb_llist_enter(ll, RW_READER);
1176
1177 for (tree = smb_llist_head(ll);
1178 tree != NULL;
1179 tree = smb_llist_next(ll, tree)) {
1180
1181 SMB_TREE_VALID(tree);
1182 ASSERT(tree->t_session == session);
1183
1184 if (smb_strcasecmp(tree->t_sharename, sharename, 0) != 0)
1185 continue;
1186
1187 if (smb_tree_hold(tree)) {
1188 smb_llist_post(ll, tree,
1189 smb_session_tree_kill);
1190 }
1191 }
1192
1193 smb_llist_exit(ll);
1194 }
1195
1196 /*
1197 * Logoff all users associated with the specified session.
1198 *
1199 * This is called for both server-initiated disconnect
1200 * (SMB_SESSION_STATE_TERMINATED) and client-initiated
1201 * disconnect (SMB_SESSION_STATE_DISCONNECTED).
1202 * If client-initiated, save durable handles.
1203 */
1204 void
1205 smb_session_logoff(smb_session_t *session)
1206 {
1207 smb_llist_t *ulist;
1208 smb_user_t *user;
1209
1210 SMB_SESSION_VALID(session);
1211
1212 top:
1213 ulist = &session->s_user_list;
1214 smb_llist_enter(ulist, RW_READER);
1215
1216 user = smb_llist_head(ulist);
1217 while (user) {
1218 SMB_USER_VALID(user);
1219 ASSERT(user->u_session == session);
1220
1221 mutex_enter(&user->u_mutex);
1222 switch (user->u_state) {
1223 case SMB_USER_STATE_LOGGING_ON:
1224 case SMB_USER_STATE_LOGGED_ON:
1225 // smb_user_hold_internal(user);
1226 user->u_refcnt++;
1227 mutex_exit(&user->u_mutex);
1228 smb_user_logoff(user);
1229 smb_user_release(user);
1230 break;
1231
1232 case SMB_USER_STATE_LOGGED_OFF:
1233 case SMB_USER_STATE_LOGGING_OFF:
1234 mutex_exit(&user->u_mutex);
1235 break;
1236
1237 default:
1238 mutex_exit(&user->u_mutex);
1239 ASSERT(0);
1240 break;
1241 }
1242
1243 user = smb_llist_next(ulist, user);
1244 }
1245
1246 /* Needed below (Was the list empty?) */
1247 user = smb_llist_head(ulist);
1248
1249 smb_llist_exit(ulist);
1250
1251 /*
1252 * It's possible for user objects to remain due to references
1253 * obtained via smb_server_lookup_ssnid(), when an SMB2
1254 * session setup is destroying a previous session.
1255 *
1256 * Wait for user objects to clear out (last refs. go away,
1257 * then smb_user_delete takes them out of the list). When
1258 * the last user object is removed, the session state is
1259 * set to SHUTDOWN and s_lock is signaled.
1260 *
1261 * Not all places that call smb_user_release necessarily
1262 * flush the delete queue, so after we wait for the list
1263 * to empty out, go back to the top and recheck the list
1264 * delete queue to make sure smb_user_delete happens.
1265 */
1266 if (user == NULL) {
1267 /* User list is empty. */
1268 smb_rwx_rwenter(&session->s_lock, RW_WRITER);
1269 session->s_state = SMB_SESSION_STATE_SHUTDOWN;
1270 smb_rwx_rwexit(&session->s_lock);
1271 } else {
1272 smb_rwx_rwenter(&session->s_lock, RW_READER);
1273 if (session->s_state != SMB_SESSION_STATE_SHUTDOWN) {
1274 (void) smb_rwx_cvwait(&session->s_lock,
1275 MSEC_TO_TICK(200));
1276 smb_rwx_rwexit(&session->s_lock);
1277 goto top;
1278 }
1279 smb_rwx_rwexit(&session->s_lock);
1280 }
1281 ASSERT(session->s_state == SMB_SESSION_STATE_SHUTDOWN);
1282
1283 /*
1284 * User list should be empty now.
1285 */
1286 #ifdef DEBUG
1287 if (ulist->ll_count != 0) {
1288 cmn_err(CE_WARN, "user list not empty?");
1289 debug_enter("s_user_list");
1290 }
1291 #endif
1292
1293 /*
1294 * User logoff happens first so we'll set preserve_opens
1295 * for client-initiated disconnect. When that's done
1296 * there should be no trees left, but check anyway.
1297 */
1298 smb_session_disconnect_trees(session);
1299 }
1300
1301 /*
1302 * Copy the session workstation/client name to buf. If the workstation
1303 * is an empty string (which it will be on TCP connections), use the
1304 * client IP address.
1305 */
1306 void
1307 smb_session_getclient(smb_session_t *sn, char *buf, size_t buflen)
1308 {
1309
1310 *buf = '\0';
1311
1312 if (sn->workstation[0] != '\0') {
1313 (void) strlcpy(buf, sn->workstation, buflen);
1314 return;
1315 }
1316
1317 (void) strlcpy(buf, sn->ip_addr_str, buflen);
1318 }
1319
1320 /*
1321 * Check whether or not the specified client name is the client of this
1322 * session. The name may be in UNC format (\\CLIENT).
1323 *
1324 * A workstation/client name is setup on NBT connections as part of the
1325 * NetBIOS session request but that isn't available on TCP connections.
1326 * If the session doesn't have a client name we typically return the
1327 * client IP address as the workstation name on MSRPC requests. So we
1328 * check for the IP address here in addition to the workstation name.
1329 */
1330 boolean_t
1331 smb_session_isclient(smb_session_t *sn, const char *client)
1332 {
1333
1334 client += strspn(client, "\\");
1335
1336 if (smb_strcasecmp(client, sn->workstation, 0) == 0)
1337 return (B_TRUE);
1338
1339 if (smb_strcasecmp(client, sn->ip_addr_str, 0) == 0)
1340 return (B_TRUE);
1341
1342 return (B_FALSE);
1343 }
1344
1345 /*
1346 * smb_request_alloc
1347 *
1348 * Allocate an smb_request_t structure from the kmem_cache. Partially
1349 * initialize the found/new request.
1350 *
1351 * Returns pointer to a request, or NULL if the session state is
1352 * one in which new requests are no longer allowed.
1353 */
1354 smb_request_t *
1355 smb_request_alloc(smb_session_t *session, int req_length)
1356 {
1357 smb_request_t *sr;
1358
1359 ASSERT(session->s_magic == SMB_SESSION_MAGIC);
1360 ASSERT(req_length <= session->cmd_max_bytes);
1361
1362 sr = kmem_cache_alloc(smb_cache_request, KM_SLEEP);
1363
1364 /*
1365 * Future: Use constructor to pre-initialize some fields. For now
1366 * there are so many fields that it is easiest just to zero the
1367 * whole thing and start over.
1368 */
1369 bzero(sr, sizeof (smb_request_t));
1370
1371 mutex_init(&sr->sr_mutex, NULL, MUTEX_DEFAULT, NULL);
1372 smb_srm_init(sr);
1373 sr->session = session;
1374 sr->sr_server = session->s_server;
1375 sr->sr_gmtoff = session->s_server->si_gmtoff;
1376 sr->sr_cfg = &session->s_cfg;
1377 sr->command.max_bytes = req_length;
1378 sr->reply.max_bytes = session->reply_max_bytes;
1379 sr->sr_req_length = req_length;
1380 if (req_length)
1381 sr->sr_request_buf = kmem_alloc(req_length, KM_SLEEP);
1382 sr->sr_magic = SMB_REQ_MAGIC;
1383 sr->sr_state = SMB_REQ_STATE_INITIALIZING;
1384
1385 /*
1386 * Only allow new SMB requests in some states.
1387 */
1388 smb_rwx_rwenter(&session->s_lock, RW_WRITER);
1389 switch (session->s_state) {
1390 case SMB_SESSION_STATE_CONNECTED:
1391 case SMB_SESSION_STATE_INITIALIZED:
1392 case SMB_SESSION_STATE_ESTABLISHED:
1393 case SMB_SESSION_STATE_NEGOTIATED:
1394 smb_slist_insert_tail(&session->s_req_list, sr);
1395 break;
1396
1397 default:
1398 ASSERT(0);
1399 /* FALLTHROUGH */
1400 case SMB_SESSION_STATE_DISCONNECTED:
1401 case SMB_SESSION_STATE_SHUTDOWN:
1402 case SMB_SESSION_STATE_TERMINATED:
1403 /* Disallow new requests in these states. */
1404 if (sr->sr_request_buf)
1405 kmem_free(sr->sr_request_buf, sr->sr_req_length);
1406 sr->session = NULL;
1407 sr->sr_magic = 0;
1408 mutex_destroy(&sr->sr_mutex);
1409 kmem_cache_free(smb_cache_request, sr);
1410 sr = NULL;
1411 break;
1412 }
1413 smb_rwx_rwexit(&session->s_lock);
1414
1415 return (sr);
1416 }
1417
1418 /*
1419 * smb_request_free
1420 *
1421 * release the memories which have been allocated for a smb request.
1422 */
1423 void
1424 smb_request_free(smb_request_t *sr)
1425 {
1426 ASSERT(sr->sr_magic == SMB_REQ_MAGIC);
1427 ASSERT(sr->session);
1428 ASSERT(sr->r_xa == NULL);
1429
1430 if (sr->fid_ofile != NULL) {
1431 smb_ofile_release(sr->fid_ofile);
1432 }
1433
1434 if (sr->tid_tree != NULL)
1435 smb_tree_release(sr->tid_tree);
1436
1437 if (sr->uid_user != NULL)
1438 smb_user_release(sr->uid_user);
1439
1440 if (sr->tform_ssn != NULL)
1441 smb_user_release(sr->tform_ssn);
1442
1443 /*
1444 * The above may have left work on the delete queues
1445 */
1446 smb_llist_flush(&sr->session->s_tree_list);
1447 smb_llist_flush(&sr->session->s_user_list);
1448
1449 smb_slist_remove(&sr->session->s_req_list, sr);
1450
1451 sr->session = NULL;
1452
1453 smb_srm_fini(sr);
1454
1455 if (sr->sr_request_buf)
1456 kmem_free(sr->sr_request_buf, sr->sr_req_length);
1457 if (sr->command.chain)
1458 m_freem(sr->command.chain);
1459 if (sr->reply.chain)
1460 m_freem(sr->reply.chain);
1461 if (sr->raw_data.chain)
1462 m_freem(sr->raw_data.chain);
1463
1464 sr->sr_magic = 0;
1465 mutex_destroy(&sr->sr_mutex);
1466 kmem_cache_free(smb_cache_request, sr);
1467 }
1468
1469 boolean_t
1470 smb_session_oplocks_enable(smb_session_t *session)
1471 {
1472 SMB_SESSION_VALID(session);
1473 if (session->s_cfg.skc_oplock_enable == 0)
1474 return (B_FALSE);
1475 else
1476 return (B_TRUE);
1477 }
1478
1479 boolean_t
1480 smb_session_levelII_oplocks(smb_session_t *session)
1481 {
1482 SMB_SESSION_VALID(session);
1483
1484 /* Older clients only do Level II oplocks if negotiated. */
1485 if ((session->capabilities & CAP_LEVEL_II_OPLOCKS) != 0)
1486 return (B_TRUE);
1487
1488 return (B_FALSE);
1489 }
1490
1491 static void
1492 smb_session_genkey(smb_session_t *session)
1493 {
1494 uint8_t tmp_key[SMB_CHALLENGE_SZ];
1495
1496 (void) random_get_pseudo_bytes(tmp_key, SMB_CHALLENGE_SZ);
1497 bcopy(tmp_key, &session->challenge_key, SMB_CHALLENGE_SZ);
1498 session->challenge_len = SMB_CHALLENGE_SZ;
1499
1500 (void) random_get_pseudo_bytes(tmp_key, 4);
1501 session->sesskey = tmp_key[0] | tmp_key[1] << 8 |
1502 tmp_key[2] << 16 | tmp_key[3] << 24;
1503 }