1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. 23 * Copyright 2016 Nexenta Systems, Inc. All rights reserved. 24 */ 25 26 #include <smbsrv/smb_kproto.h> 27 #include <smbsrv/smb_share.h> 28 29 static void 30 smb_tcon_puterror(smb_request_t *sr, uint32_t status) 31 { 32 33 switch (status) { 34 35 case NT_STATUS_BAD_NETWORK_NAME: 36 /* Intentional status=0 */ 37 smbsr_error(sr, 0, ERRSRV, ERRinvnetname); 38 break; 39 40 case NT_STATUS_ACCESS_DENIED: 41 smbsr_error(sr, status, ERRSRV, ERRaccess); 42 break; 43 44 case NT_STATUS_BAD_DEVICE_TYPE: 45 smbsr_error(sr, status, ERRDOS, ERROR_BAD_DEV_TYPE); 46 break; 47 48 default: 49 case NT_STATUS_INTERNAL_ERROR: 50 /* Intentional status=0 */ 51 smbsr_error(sr, 0, ERRSRV, ERRsrverror); 52 break; 53 } 54 } 55 56 /* 57 * SmbTreeConnect: Map a share to a tree and obtain a tree-id (TID). 58 * 59 * Client Request Description 60 * ================================== ================================= 61 * 62 * UCHAR WordCount; Count of parameter words = 0 63 * USHORT ByteCount; Count of data bytes; min = 4 64 * UCHAR BufferFormat1; 0x04 65 * STRING Path[]; Server name and share name 66 * UCHAR BufferFormat2; 0x04 67 * STRING Password[]; Password 68 * UCHAR BufferFormat3; 0x04 69 * STRING Service[]; Service name 70 * 71 * The CIFS server responds with: 72 * 73 * Server Response Description 74 * ================================ ================================= 75 * 76 * UCHAR WordCount; Count of parameter words = 2 77 * USHORT MaxBufferSize; Max size message the server handles 78 * USHORT Tid; Tree ID 79 * USHORT ByteCount; Count of data bytes = 0 80 * 81 * If the negotiated dialect is MICROSOFT NETWORKS 1.03 or earlier, 82 * MaxBufferSize in the response message indicates the maximum size 83 * message that the server can handle. The client should not generate 84 * messages, nor expect to receive responses, larger than this. This 85 * must be constant for a given server. For newer dialects, this field 86 * is ignored. 87 */ 88 smb_sdrc_t 89 smb_pre_tree_connect(smb_request_t *sr) 90 { 91 smb_arg_tcon_t *tcon = &sr->sr_tcon; 92 int rc; 93 94 /* 95 * Perhaps this should be "%A.sA" now that unicode is enabled. 96 */ 97 rc = smbsr_decode_data(sr, "%AAA", sr, &tcon->path, 98 &tcon->password, &tcon->service); 99 100 tcon->flags = 0; 101 tcon->optional_support = 0; 102 103 DTRACE_SMB_1(op__TreeConnect__start, smb_request_t *, sr); 104 105 return ((rc == 0) ? SDRC_SUCCESS : SDRC_ERROR); 106 } 107 108 void 109 smb_post_tree_connect(smb_request_t *sr) 110 { 111 DTRACE_SMB_1(op__TreeConnect__done, smb_request_t *, sr); 112 } 113 114 smb_sdrc_t 115 smb_com_tree_connect(smb_request_t *sr) 116 { 117 uint32_t status; 118 int rc; 119 120 status = smb_tree_connect(sr); 121 if (status) { 122 smb_tcon_puterror(sr, status); 123 return (SDRC_ERROR); 124 } 125 126 rc = smbsr_encode_result(sr, 2, 0, "bwww", 127 2, /* wct */ 128 (WORD)smb_maxbufsize, /* MaxBufferSize */ 129 sr->smb_tid, /* TID */ 130 0); /* bcc */ 131 132 return ((rc == 0) ? SDRC_SUCCESS : SDRC_ERROR); 133 } 134 135 /* 136 * SmbTreeConnectX: Map a share to a tree and obtain a tree-id (TID). 137 * 138 * Client Request Description 139 * ================================= ================================= 140 * 141 * UCHAR WordCount; Count of parameter words = 4 142 * UCHAR AndXCommand; Secondary (X) command; 0xFF = none 143 * UCHAR AndXReserved; Reserved (must be 0) 144 * USHORT AndXOffset; Offset to next command WordCount 145 * USHORT Flags; Additional information 146 * bit 0 set = disconnect Tid 147 * USHORT PasswordLength; Length of Password[] 148 * USHORT ByteCount; Count of data bytes; min = 3 149 * UCHAR Password[]; Password 150 * STRING Path[]; Server name and share name 151 * STRING Service[]; Service name 152 * 153 * If the negotiated dialect is LANMAN1.0 or later, then it is a protocol 154 * violation for the client to send this message prior to a successful 155 * SMB_COM_SESSION_SETUP_ANDX, and the server ignores Password. 156 * 157 * If the negotiated dialect is prior to LANMAN1.0 and the client has not 158 * sent a successful SMB_COM_SESSION_SETUP_ANDX request when the tree 159 * connect arrives, a user level security mode server must nevertheless 160 * validate the client's credentials. 161 * 162 * Flags (prefix with TREE_CONNECT_ANDX_): 163 * ========================== ======================================== 164 * 0x0001 DISCONECT_TID The tree specified by TID in the SMB header 165 * should be disconnected - disconnect errors 166 * should be ignored. 167 * 168 * 0x0004 EXTENDED_SIGNATURES Client request for signing key protection. 169 * 170 * 0x0008 EXTENDED_RESPONSE Client request for extended information. 171 * 172 * Path follows UNC style syntax (\\server\share) and indicates the name 173 * of the resource to which the client wishes to connect. 174 * 175 * Because Password may be an authentication response, it is a variable 176 * length field with the length specified by PasswordLength. If 177 * authentication is not being used, Password should be a null terminated 178 * ASCII string with PasswordLength set to the string size including the 179 * terminating null. 180 * 181 * The server can enforce whatever policy it desires to govern share 182 * access. Administrative privilege is required for administrative 183 * shares (C$, etc.). 184 * 185 * The Service component indicates the type of resource the client 186 * intends to access. Valid values are: 187 * 188 * Service Description Earliest Dialect Allowed 189 * ======== ======================== ================================ 190 * 191 * A: disk share PC NETWORK PROGRAM 1.0 192 * LPT1: printer PC NETWORK PROGRAM 1.0 193 * IPC named pipe MICROSOFT NETWORKS 3.0 194 * COMM communications device MICROSOFT NETWORKS 3.0 195 * ????? any type of device MICROSOFT NETWORKS 3.0 196 * 197 * If the negotiated dialect is earlier than DOS LANMAN2.1, the response to 198 * this SMB is: 199 * 200 * Server Response Description 201 * ================================ =================================== 202 * 203 * UCHAR WordCount; Count of parameter words = 2 204 * UCHAR AndXCommand; Secondary (X) command; 0xFF = none 205 * UCHAR AndXReserved; Reserved (must be 0) 206 * USHORT AndXOffset; Offset to next command WordCount 207 * USHORT ByteCount; Count of data bytes; min = 3 208 * 209 * If the negotiated is DOS LANMAN2.1 or later, the response to this SMB 210 * is: 211 * 212 * Server Response Description 213 * ================================ =================================== 214 * 215 * UCHAR WordCount; Count of parameter words = 3 216 * UCHAR AndXCommand; Secondary (X) command; 0xFF = none 217 * UCHAR AndXReserved; Reserved (must be 0) 218 * USHORT AndXOffset; Offset to next command WordCount 219 * USHORT OptionalSupport; Optional support bits 220 * USHORT ByteCount; Count of data bytes; min = 3 221 * UCHAR Service[]; Service type connected to. Always 222 * ANSII. 223 * STRING NativeFileSystem[]; Native file system for this tree 224 * 225 * NativeFileSystem is the name of the filesystem; values to be expected 226 * include FAT, NTFS, etc. 227 * 228 * OptionalSupport: 229 * ============================== ========================== 230 * 0x0001 SMB_SUPPORT_SEARCH_BITS The server supports the use of Search 231 * Attributes in client requests. 232 * 0x0002 SMB_SHARE_IS_IN_DFS The share is managed by DFS. 233 * 0x000C SMB_CSC_MASK Offline-caching mask - see CSC flags. 234 * 0x0010 SMB_UNIQUE_FILE_NAME The server uses long names and does not 235 * support short names. Indicator for 236 * clients directory/name-space caching. 237 * 0x0020 SMB_EXTENDED_SIGNATURES The server will use signing key protection. 238 * 239 * Client-side caching (offline files): 240 * ============================== ========================== 241 * 0x0000 SMB_CSC_CACHE_MANUAL_REINT Clients may cache files for offline use 242 * but automatic file-by-file reintegration 243 * is not allowed. 244 * 0x0004 SMB_CSC_CACHE_AUTO_REINT Automatic file-by-file reintegration is 245 * allowed. 246 * 0x0008 SMB_CSC_CACHE_VDO File opens do not need to be flowed. 247 * 0x000C SMB_CSC_CACHE_NONE CSC is disabled for this share. 248 * 249 * Some servers negotiate "DOS LANMAN2.1" dialect or later and still send 250 * the "downlevel" (i.e. wordcount==2) response. Valid AndX following 251 * commands are 252 * 253 * SMB_COM_OPEN SMB_COM_OPEN_ANDX SMB_COM_CREATE 254 * SMB_COM_CREATE_NEW SMB_COM_CREATE_DIRECTORY SMB_COM_DELETE 255 * SMB_COM_DELETE_DIRECTORY SMB_COM_FIND SMB_COM_COPY 256 * SMB_COM_FIND_UNIQUE SMB_COM_RENAME 257 * SMB_COM_CHECK_DIRECTORY SMB_COM_QUERY_INFORMATION 258 * SMB_COM_GET_PRINT_QUEUE SMB_COM_OPEN_PRINT_FILE 259 * SMB_COM_TRANSACTION SMB_COM_NO_ANDX_CMD 260 * SMB_COM_SET_INFORMATION SMB_COM_NT_RENAME 261 * 262 * Errors: 263 * ERRDOS/ERRnomem 264 * ERRDOS/ERRbadpath 265 * ERRDOS/ERRinvdevice 266 * ERRSRV/ERRaccess 267 * ERRSRV/ERRbadpw 268 * ERRSRV/ERRinvnetname 269 */ 270 smb_sdrc_t 271 smb_pre_tree_connect_andx(smb_request_t *sr) 272 { 273 smb_arg_tcon_t *tcon = &sr->sr_tcon; 274 uint8_t *pwbuf = NULL; 275 uint16_t pwlen = 0; 276 int rc; 277 278 rc = smbsr_decode_vwv(sr, "b.www", &sr->andx_com, &sr->andx_off, 279 &tcon->flags, &pwlen); 280 if (rc == 0) { 281 if (pwlen != 0) 282 pwbuf = smb_srm_zalloc(sr, pwlen); 283 284 rc = smbsr_decode_data(sr, "%#cus", sr, pwlen, pwbuf, 285 &tcon->path, &tcon->service); 286 287 tcon->pwdlen = pwlen; 288 tcon->password = (char *)pwbuf; 289 } 290 291 tcon->optional_support = 0; 292 293 DTRACE_SMB_1(op__TreeConnectX__start, smb_request_t *, sr); 294 295 return ((rc == 0) ? SDRC_SUCCESS : SDRC_ERROR); 296 } 297 298 void 299 smb_post_tree_connect_andx(smb_request_t *sr) 300 { 301 DTRACE_SMB_1(op__TreeConnectX__done, smb_request_t *, sr); 302 } 303 304 smb_sdrc_t 305 smb_com_tree_connect_andx(smb_request_t *sr) 306 { 307 smb_arg_tcon_t *tcon = &sr->sr_tcon; 308 smb_tree_t *tree; 309 char *service; 310 uint32_t status; 311 int rc; 312 313 if (tcon->flags & SMB_TCONX_DISCONECT_TID) { 314 tree = smb_session_lookup_tree(sr->session, sr->smb_tid); 315 if (tree != NULL) { 316 smb_tree_disconnect(tree, B_TRUE); 317 smb_session_cancel_requests(sr->session, tree, sr); 318 } 319 } 320 321 status = smb_tree_connect(sr); 322 if (status) { 323 smb_tcon_puterror(sr, status); 324 return (SDRC_ERROR); 325 } 326 tree = sr->tid_tree; 327 328 switch (tree->t_res_type & STYPE_MASK) { 329 case STYPE_IPC: 330 service = "IPC"; 331 break; 332 case STYPE_PRINTQ: 333 service = "LPT1:"; 334 break; 335 case STYPE_DISKTREE: 336 default: 337 service = "A:"; 338 } 339 340 if (sr->session->dialect < NT_LM_0_12) { 341 rc = smbsr_encode_result(sr, 2, VAR_BCC, "bb.wwss", 342 (char)2, /* wct */ 343 sr->andx_com, 344 VAR_BCC, 345 VAR_BCC, 346 service, 347 tree->t_typename); 348 } else if ((tcon->flags & SMB_TCONX_EXTENDED_RESPONSE) == 0) { 349 rc = smbsr_encode_result(sr, 3, VAR_BCC, "bb.wwws%u", 350 (char)3, /* wct */ 351 sr->andx_com, 352 (short)64, 353 tcon->optional_support, 354 VAR_BCC, 355 service, 356 sr, 357 tree->t_typename); 358 359 } else { 360 rc = smbsr_encode_result(sr, 7, VAR_BCC, "bb.wwllws%u", 361 (char)7, /* wct (b) */ 362 sr->andx_com, /* AndXcmd (b) */ 363 (short)72, /* AndXoff (w) */ 364 tcon->optional_support, /* (w) */ 365 tree->t_access, /* (l) */ 366 0, /* guest_access (l) */ 367 VAR_BCC, /* (w) */ 368 service, /* (s) */ 369 sr, /* (%) */ 370 tree->t_typename); /* (u) */ 371 } 372 373 return ((rc == 0) ? SDRC_SUCCESS : SDRC_ERROR); 374 } 375 376 /* 377 * SmbTreeDisconnect: Disconnect a tree. 378 * 379 * Note: SDDF_SUPPRESS_UID is set for this operation, which means the sr 380 * uid_user field will not be valid on entry to these functions. Do not 381 * use it until it is set up in smb_com_tree_disconnect() or the system 382 * will panic. 383 * 384 * Note: there are scenarios in which the client does not send a tree 385 * disconnect request, for example, when ERRbaduid is returned from 386 * SmbReadX after a user has logged off. Any open files will remain 387 * around until the session is destroyed. 388 * 389 * Client Request Description 390 * ================================== ================================= 391 * 392 * UCHAR WordCount; Count of parameter words = 0 393 * USHORT ByteCount; Count of data bytes = 0 394 * 395 * The resource sharing connection identified by Tid in the SMB header is 396 * logically disconnected from the server. Tid is invalidated; it will not 397 * be recognized if used by the client for subsequent requests. All locks, 398 * open files, etc. created on behalf of Tid are released. 399 * 400 * Server Response Description 401 * ================================== ================================= 402 * 403 * UCHAR WordCount; Count of parameter words = 0 404 * USHORT ByteCount; Count of data bytes = 0 405 * 406 * Errors: 407 * ERRSRV/ERRinvnid 408 * ERRSRV/ERRbaduid 409 */ 410 smb_sdrc_t 411 smb_pre_tree_disconnect(smb_request_t *sr) 412 { 413 sr->uid_user = smb_session_lookup_uid(sr->session, sr->smb_uid); 414 sr->tid_tree = smb_session_lookup_tree(sr->session, sr->smb_tid); 415 416 DTRACE_SMB_1(op__TreeDisconnect__start, smb_request_t *, sr); 417 return (SDRC_SUCCESS); 418 } 419 420 void 421 smb_post_tree_disconnect(smb_request_t *sr) 422 { 423 DTRACE_SMB_1(op__TreeDisconnect__done, smb_request_t *, sr); 424 } 425 426 /* 427 * SmbTreeDisconnect requires a valid UID as well as a valid TID. Some 428 * clients logoff a user and then try to disconnect the trees connected 429 * by the user who has just been logged off, which would normally fail 430 * in the dispatch code with ERRbaduid but, unfortunately, ERRbaduid 431 * causes a problem for some of those clients. Windows returns ERRinvnid. 432 * 433 * To prevent ERRbaduid being returned, the UID and TID are looked up here 434 * rather than prior to dispatching SmbTreeDisconnect requests. If either 435 * the UID or the TID is invalid, ERRinvnid is returned. 436 */ 437 smb_sdrc_t 438 smb_com_tree_disconnect(smb_request_t *sr) 439 { 440 if (sr->uid_user == NULL || sr->tid_tree == NULL) { 441 smbsr_error(sr, NT_STATUS_INVALID_HANDLE, ERRDOS, ERRinvnid); 442 return (SDRC_ERROR); 443 } 444 445 sr->user_cr = smb_user_getcred(sr->uid_user); 446 447 smb_tree_disconnect(sr->tid_tree, B_TRUE); 448 smb_session_cancel_requests(sr->session, sr->tid_tree, sr); 449 450 if (smbsr_encode_empty_result(sr)) 451 return (SDRC_ERROR); 452 453 return (SDRC_SUCCESS); 454 }