/* * This file and its contents are supplied under the terms of the * Common Development and Distribution License ("CDDL"), version 1.0. * You may only use this file in accordance with the terms of version * 1.0 of the CDDL. * * A full copy of the text of the CDDL should have accompanied this * source. A copy of the CDDL is also available via the Internet at * http://www.illumos.org/license/CDDL. */ /* * Copyright 2017-2022 Tintri by DDN, Inc. All rights reserved. * Copyright 2021-2024 RackTop Systems, Inc. */ /* * SMB2 Durable Handle support */ #include #include #include #include #include #include #include #include #include #include /* Windows default values from [MS-SMB2] */ /* * (times in seconds) * resilient: * MaxTimeout = 300 (win7+) * if timeout > MaxTimeout, ERROR * if timeout != 0, timeout = req.timeout * if timeout == 0, timeout = (infinity) (Win7/w2k8r2) * if timeout == 0, timeout = 120 (Win8+) * v2: * if timeout != 0, timeout = MIN(timeout, 300) (spec) * if timeout != 0, timeout = timeout (win8/2k12) * if timeout == 0, timeout = Share.CATimeout. \ * if Share.CATimeout == 0, timeout = 60 (win8/w2k12) * if timeout == 0, timeout = 180 (win8.1/w2k12r2) * open.timeout = 60 (win8/w2k12r2) (i.e. we ignore the request) * v1: * open.timeout = 16 minutes */ uint32_t smb2_dh_def_timeout = 60 * MILLISEC; /* mSec. */ uint32_t smb2_dh_max_timeout = 300 * MILLISEC; /* mSec. */ uint32_t smb2_res_def_timeout = 120 * MILLISEC; /* mSec. */ uint32_t smb2_res_max_timeout = 300 * MILLISEC; /* mSec. */ uint32_t smb2_persist_timeout = 300 * MILLISEC; /* mSec. */ /* * Escape hatch in case persistent handles on directories cause problems. * We don't have directory leases, so there's not really much point in * persistence for directory handles, but Hyper-V wants them. */ int smb2_dh_allow_dir = 1; /* * Max. size of the file used to store a CA handle. * Don't adjust this while the server is running. */ static uint32_t smb2_dh_max_cah_size = 64 * 1024; static uint32_t smb2_ca_info_version = 1; /* * Want this to have invariant layout on disk, where the * last two uint32_t values are stored as a uint64_t */ struct nvlk { uint64_t lk_start; uint64_t lk_len; /* (lk_pid << 32) | lk_type */ #ifdef _BIG_ENDIAN uint32_t lk_pid, lk_type; #else uint32_t lk_type, lk_pid; #endif }; static void smb2_dh_import_share(void *); static smb_ofile_t *smb2_dh_import_handle(smb_request_t *, smb_node_t *, char *, uint64_t); static int smb2_dh_read_nvlist(smb_request_t *, smb_node_t *, char *, struct nvlist **); static int smb2_dh_import_cred(smb_ofile_t *, char *); #define DH_SN_SIZE 24 /* size of DH stream name buffers */ /* * Build the stream name used to store a CA handle. * i.e. ":0123456789abcdef:$CA" * Note: smb_fsop_create adds the SUNWsmb prefix, * so we compose the name without the prefix. */ static inline void smb2_dh_make_stream_name(char *buf, size_t buflen, uint64_t id) { ASSERT(buflen >= DH_SN_SIZE); (void) snprintf(buf, buflen, ":%016" PRIx64 ":$CA", id); } /* * smb_dh_create_allowed * * Helper for smb2_create to decide whether the open/create call should * allow this handle to become durable. * * For files: * 1. op_oplock_level == SMB2_OPLOCK_LEVEL_BATCH * 2. A lease is requested with handle caching * - for v1, the lease must not be on a directory * 3. For v2, flags has "persistent" (tree is CA) * (when tree not CA, turned off persist earlier) * * For directories, we don't do leases, but allow persistent. */ boolean_t smb_dh_create_allowed(smb_request_t *sr, smb_ofile_t *of) { smb_arg_open_t *op = &sr->arg.open; if (smb2_dh_allow_dir && smb_node_is_dir(of->f_node) && (op->dh_v2_flags & SMB2_DHANDLE_FLAG_PERSISTENT) != 0) return (B_TRUE); if (smb_node_is_file(of->f_node) && ((op->dh_v2_flags & SMB2_DHANDLE_FLAG_PERSISTENT) != 0 || (op->op_oplock_level == SMB2_OPLOCK_LEVEL_BATCH) || (op->op_oplock_level == SMB2_OPLOCK_LEVEL_LEASE && (op->lease_state & OPLOCK_LEVEL_CACHE_HANDLE) != 0))) return (B_TRUE); return (B_FALSE); } /* * smb_dh_should_save * * During session tear-down, decide whether to keep a durable handle. * * There are two cases where we save durable handles: * 1. An SMB2 LOGOFF request was received * 2. An unexpected disconnect from the client * Note: Specifying a PrevSessionID in session setup * is considered a disconnect (we just haven't learned about it yet) * In every other case, we close durable handles. * * [MS-SMB2] 3.3.5.6 SMB2_LOGOFF * [MS-SMB2] 3.3.7.1 Handling Loss of a Connection * * If any of the following are true, preserve for reconnect: * * - Open.IsResilient is TRUE. * * - Open.OplockLevel == SMB2_OPLOCK_LEVEL_BATCH and * Open.OplockState == Held, and Open.IsDurable is TRUE. * * - Open.OplockLevel == SMB2_OPLOCK_LEVEL_LEASE, * Lease.LeaseState SMB2_LEASE_HANDLE_CACHING, * Open.OplockState == Held, and Open.IsDurable is TRUE. * * - Open.IsPersistent is TRUE. * * We also deal with some special cases for shutdown of the * server, session, user, tree (in that order). Other than * the cases above, shutdown (or forced termination) should * destroy durable handles. */ boolean_t smb_dh_should_save(smb_ofile_t *of) { ASSERT(MUTEX_HELD(&of->f_mutex)); ASSERT(of->dh_vers != SMB2_NOT_DURABLE); /* SMB service shutting down, destroy DH */ if (of->f_server->sv_state == SMB_SERVER_STATE_STOPPING) return (B_FALSE); /* * SMB Session (connection) going away (server up). * If server initiated disconnect, destroy DH * If client initiated disconnect, save all DH. */ if (of->f_session->s_state == SMB_SESSION_STATE_TERMINATED) return (B_FALSE); if (of->f_session->s_state == SMB_SESSION_STATE_DISCONNECTED) return (B_TRUE); /* * SMB User logoff, session still "up". * Action depends on why/how this logoff happened, * determined based on user->preserve_opens */ if (of->f_user->u_state == SMB_USER_STATE_LOGGING_OFF) { switch (of->f_user->preserve_opens) { case SMB2_DH_PRESERVE_NONE: /* Server-initiated */ return (B_FALSE); case SMB2_DH_PRESERVE_SOME: /* Previous session logoff. */ goto preserve_some; case SMB2_DH_PRESERVE_ALL: /* Protocol logoff request */ return (B_TRUE); } } /* * SMB tree disconnecting (user still logged on) * i.e. when kshare export forces disconnection. */ if (of->f_tree->t_state == SMB_TREE_STATE_DISCONNECTING) return (B_FALSE); preserve_some: /* preserve_opens == SMB2_DH_PRESERVE_SOME */ switch (of->dh_vers) { uint32_t ol_state; case SMB2_RESILIENT: return (B_TRUE); case SMB2_DURABLE_V2: if (of->dh_persist) return (B_TRUE); /* FALLTHROUGH */ case SMB2_DURABLE_V1: /* IS durable (v1 or v2) */ if (of->f_lease != NULL) ol_state = of->f_lease->ls_state; else ol_state = of->f_oplock.og_state; if ((ol_state & (OPLOCK_LEVEL_BATCH | OPLOCK_LEVEL_CACHE_HANDLE)) != 0) return (B_TRUE); /* FALLTHROUGH */ case SMB2_NOT_DURABLE: default: break; } return (B_FALSE); } /* * Is this stream name a CA handle? i.e. * ":0123456789abcdef:$CA" */ static boolean_t smb2_dh_match_ca_name(const char *name, uint64_t *idp) { static const char suffix[] = ":$CA"; u_longlong_t ull; const char *p = name; char *p2 = NULL; int len, rc; if (*p++ != ':') return (B_FALSE); rc = ddi_strtoull(p, &p2, 16, &ull); if (rc != 0 || p2 != (p + 16)) return (B_FALSE); p += 16; len = sizeof (suffix) - 1; if (strncmp(p, suffix, len) != 0) return (B_FALSE); p += len; if (*p != '\0') return (B_FALSE); *idp = (uint64_t)ull; return (B_TRUE); } /* * smb2_dh_new_ca_share * * Called when a new share has ca=true. Find or create the CA dir, * and start a thread to import persistent handles. */ int smb2_dh_new_ca_share(smb_server_t *sv, smb_kshare_t *shr) { smb_kshare_t *shr2; smb_request_t *sr; taskqid_t tqid; ASSERT(STYPE_ISDSK(shr->shr_type)); /* * Need to lookup the kshare again, to get a hold. * Add a function to just get the hold? */ shr2 = smb_kshare_lookup(sv, shr->shr_name); if (shr2 != shr) return (EINVAL); sr = smb_request_alloc(sv->sv_session, 0); if (sr == NULL) { /* shutting down? */ smb_kshare_release(sv, shr); return (EINTR); } sr->sr_state = SMB_REQ_STATE_SUBMITTED; /* * Mark this share as "busy importing persistent handles" * so we can hold off tree connect until that's done. * Will clear and wakeup below. */ mutex_enter(&shr->shr_mutex); shr->shr_import_busy = sr; mutex_exit(&shr->shr_mutex); /* * Start a taskq job to import any CA handles. * The hold on the kshare is given to this job, * which releases it when it's done. */ sr->arg.tcon.si = shr; /* hold from above */ tqid = taskq_dispatch(sv->sv_worker_pool, smb2_dh_import_share, sr, TQ_SLEEP); VERIFY(tqid != TASKQID_INVALID); return (0); } int smb2_dh_import_delay = 0; static void smb2_dh_import_share(void *arg) { smb_request_t *sr = arg; smb_kshare_t *shr = sr->arg.tcon.si; smb_node_t *snode; cred_t *kcr = zone_kcred(); smb_streaminfo_t *str_info = NULL; char *nvl_buf = NULL; uint64_t id; smb_node_t *str_node; smb_odir_t *od = NULL; smb_ofile_t *of; int rc; boolean_t eof; sr->sr_state = SMB_REQ_STATE_ACTIVE; if (smb2_dh_import_delay > 0) delay(SEC_TO_TICK(smb2_dh_import_delay)); /* * Borrow the server's "root" user. * * This takes the place of smb_session_lookup_ssnid() * that would happen in smb2_dispatch for a normal SR. * As usual, this hold is released in smb_request_free. */ sr->uid_user = sr->sr_server->sv_rootuser; smb_user_hold_internal(sr->uid_user); sr->user_cr = sr->uid_user->u_cred; /* * Create a temporary tree connect */ sr->tid_tree = smb_tree_alloc(sr, shr, shr->shr_root_node, ACE_ALL_PERMS, 0); if (sr->tid_tree == NULL) { cmn_err(CE_NOTE, "smb2_dh_import_share: " "failed connect share <%s>", shr->shr_name); goto out; } snode = sr->tid_tree->t_snode; /* * Get the buffers we'll use to read CA handle data. * Also get a buffer for the stream name info. */ nvl_buf = kmem_alloc(smb2_dh_max_cah_size, KM_SLEEP); str_info = kmem_alloc(sizeof (smb_streaminfo_t), KM_SLEEP); /* * Open the ext. attr dir under the share root and * import CA handles for this share. */ if (smb_odir_openat(sr, snode, &od, B_FALSE) != 0) { cmn_err(CE_NOTE, "!Share [%s] CA import, no xattr dir?", shr->shr_name); goto out; } eof = B_FALSE; do { /* * If the kshare gets unshared before we finish, * bail out so we don't hold things up. */ if (shr->shr_flags & SMB_SHRF_REMOVED) break; /* * If the server's stopping, no point importing. */ if (smb_server_is_stopping(sr->sr_server)) break; /* * Read a stream name and info */ rc = smb_odir_read_streaminfo(sr, od, str_info, &eof); if ((rc != 0) || (eof)) break; /* * Skip anything not a CA handle. */ if (!smb2_dh_match_ca_name(str_info->si_name, &id)) { continue; } /* * Lookup stream node and import */ str_node = NULL; rc = smb_fsop_lookup_name(sr, kcr, SMB_CASE_SENSITIVE, snode, snode, str_info->si_name, &str_node); if (rc != 0) { cmn_err(CE_NOTE, "Share [%s] CA import, " "lookup <%s> failed rc=%d", shr->shr_name, str_info->si_name, rc); continue; } of = smb2_dh_import_handle(sr, str_node, nvl_buf, id); smb_node_release(str_node); if (of != NULL) { smb_ofile_release(of); of = NULL; } sr->fid_ofile = NULL; smb_lavl_flush(&sr->tid_tree->t_ofile_list); } while (!eof); out: if (od != NULL) { smb_odir_close(od); smb_odir_release(od); } if (str_info != NULL) kmem_free(str_info, sizeof (smb_streaminfo_t)); if (nvl_buf != NULL) kmem_free(nvl_buf, smb2_dh_max_cah_size); /* * We did a (temporary, internal) tree connect above, * which we need to undo before we return. Note that * smb_request_free will do the final release of * sr->tid_tree, sr->uid_user */ if (sr->tid_tree != NULL) smb_tree_disconnect(sr->tid_tree, B_FALSE); /* * Wake up any waiting tree connect(s). * See smb_tree_connect_disk(). */ mutex_enter(&shr->shr_mutex); shr->shr_import_busy = NULL; cv_broadcast(&shr->shr_cv); mutex_exit(&shr->shr_mutex); smb_kshare_release(sr->sr_server, shr); smb_request_free(sr); } /* * This returns the new ofile mostly for dtrace. */ static smb_ofile_t * smb2_dh_import_handle(smb_request_t *sr, smb_node_t *str_node, char *nvl_buf, uint64_t persist_id) { uint8_t client_uuid[UUID_LEN]; smb_tree_t *tree = sr->tid_tree; smb_arg_open_t *op = &sr->arg.open; smb_pathname_t *pn = &op->fqi.fq_path; cred_t *kcr = zone_kcred(); struct nvlist *nvl = NULL; char *sidstr = NULL; smb_ofile_t *of = NULL; smb_attr_t *pa; boolean_t did_open = B_FALSE; boolean_t have_lease = B_FALSE; hrtime_t hrt; uint64_t *u64p; uint64_t u64; uint32_t u32; uint32_t status; char *s; uint8_t *u8p; uint_t alen; int rc; /* * While we're called with arg.tcon, we now want to use * smb_arg_open for the rest of import, so clear it. */ bzero(op, sizeof (*op)); op->create_disposition = FILE_OPEN; /* * Read and unpack the NVL */ rc = smb2_dh_read_nvlist(sr, str_node, nvl_buf, &nvl); if (rc != 0) return (NULL); /* * Known CA info version? */ u32 = 0; rc = nvlist_lookup_uint32(nvl, "info_version", &u32); if (rc != 0 || u32 != smb2_ca_info_version) { cmn_err(CE_NOTE, "CA import (%s/%s) bad vers=%d", tree->t_resource, str_node->od_name, u32); goto errout; } /* * The persist ID in the nvlist should match the one * encoded in the file name. (not enforced) */ u64 = 0; rc = nvlist_lookup_uint64(nvl, "file_persistid", &u64); if (rc != 0 || u64 != persist_id) { cmn_err(CE_WARN, "CA import (%s/%s) bad id=%016" PRIx64, tree->t_resource, str_node->od_name, u64); /* goto errout? (allow) */ } /* * Does it belong in the share being imported? */ s = NULL; rc = nvlist_lookup_string(nvl, "share_name", &s); if (rc != 0) { cmn_err(CE_NOTE, "CA import (%s/%s) no share_name", tree->t_resource, str_node->od_name); goto errout; } if (smb_strcasecmp(s, tree->t_sharename, 0) != 0) { /* Normal (not an error) */ #ifdef DEBUG cmn_err(CE_NOTE, "CA import (%s/%s) other share", tree->t_resource, str_node->od_name); #endif goto errout; } /* * Get the path name (for lookup) */ rc = nvlist_lookup_string(nvl, "path_name", &pn->pn_path); if (rc != 0) { cmn_err(CE_NOTE, "CA import (%s/%s) no path_name", tree->t_resource, str_node->od_name); goto errout; } /* * owner sid */ rc = nvlist_lookup_string(nvl, "owner_sid", &sidstr); if (rc != 0) { cmn_err(CE_NOTE, "CA import (%s/%s) no owner_sid", tree->t_resource, str_node->od_name); goto errout; } /* * granted access */ rc = nvlist_lookup_uint32(nvl, "granted_access", &op->desired_access); if (rc != 0) { cmn_err(CE_NOTE, "CA import (%s/%s) no granted_access", tree->t_resource, str_node->od_name); goto errout; } /* * share access */ rc = nvlist_lookup_uint32(nvl, "share_access", &op->share_access); if (rc != 0) { cmn_err(CE_NOTE, "CA import (%s/%s) no share_access", tree->t_resource, str_node->od_name); goto errout; } /* * create options */ rc = nvlist_lookup_uint32(nvl, "create_options", &op->create_options); if (rc != 0) { cmn_err(CE_NOTE, "CA import (%s/%s) no create_options", tree->t_resource, str_node->od_name); goto errout; } /* * create guid (client-assigned) */ alen = UUID_LEN; u8p = NULL; rc = nvlist_lookup_uint8_array(nvl, "file_guid", &u8p, &alen); if (rc != 0 || alen != UUID_LEN) { cmn_err(CE_NOTE, "CA import (%s/%s) bad file_guid", tree->t_resource, str_node->od_name); goto errout; } bcopy(u8p, op->create_guid, UUID_LEN); /* * client uuid (identifies the client) */ alen = UUID_LEN; u8p = NULL; rc = nvlist_lookup_uint8_array(nvl, "client_uuid", &u8p, &alen); if (rc != 0 || alen != UUID_LEN) { cmn_err(CE_NOTE, "CA import (%s/%s) no client_uuid", tree->t_resource, str_node->od_name); goto errout; } bcopy(u8p, client_uuid, UUID_LEN); /* * Lease key (optional) */ alen = SMB_LEASE_KEY_SZ; u8p = NULL; rc = nvlist_lookup_uint8_array(nvl, "lease_uuid", &u8p, &alen); if (rc == 0) { bcopy(u8p, op->lease_key, UUID_LEN); (void) nvlist_lookup_uint32(nvl, "lease_state", &op->lease_state); (void) nvlist_lookup_uint16(nvl, "lease_epoch", &op->lease_epoch); (void) nvlist_lookup_uint16(nvl, "lease_version", &op->lease_version); have_lease = B_TRUE; } else { (void) nvlist_lookup_uint32(nvl, "oplock_state", &op->op_oplock_state); } /* * Done getting what we need from the NV list. * (re)open the file */ status = smb_common_open(sr); if (status != 0) { cmn_err(CE_NOTE, "CA import (%s/%s) open failed 0x%x", tree->t_resource, str_node->od_name, status); (void) smb_node_set_delete_on_close(str_node, kcr, 0); goto errout; } of = sr->fid_ofile; did_open = B_TRUE; /* * Now restore the rest of the SMB2 level state. * See smb2_create after smb_common_open */ /* * Setup of->f_cr with owner SID */ rc = smb2_dh_import_cred(of, sidstr); if (rc != 0) { cmn_err(CE_NOTE, "CA import (%s/%s) import cred failed", tree->t_resource, str_node->od_name); goto errout; } /* * Use the persist ID we previously assigned. * Like smb_ofile_set_persistid_ph() */ rc = smb_ofile_insert_persistid(of, persist_id); if (rc != 0) { cmn_err(CE_NOTE, "CA import (%s/%s) " "insert_persistid rc=%d", tree->t_resource, str_node->od_name, rc); goto errout; } /* * Like smb2_lease_create() * * Lease state is stored in each persistent handle, but * only one handle has the state we want. As we import * each handle, "upgrade" the lease if the handle we're * importing has a "better" lease state (higher epoch or * more cache rights). After all handles are imported, * that will get the lease to the right state. */ if (have_lease) { smb_lease_t *ls; status = smb2_lease_create(sr, client_uuid); if (status != 0) { cmn_err(CE_NOTE, "CA import (%s/%s) get lease 0x%x", tree->t_resource, str_node->od_name, status); goto errout; } ls = of->f_lease; /* Use most current "epoch". */ mutex_enter(&ls->ls_mutex); if (ls->ls_epoch < op->lease_epoch) ls->ls_epoch = op->lease_epoch; mutex_exit(&ls->ls_mutex); /* * Get the lease (and oplock) * uses op->lease_state */ op->op_oplock_level = SMB2_OPLOCK_LEVEL_LEASE; smb2_lease_acquire(sr); } else { /* * No lease; maybe get an oplock * uses: op->op_oplock_level */ if (op->op_oplock_state & OPLOCK_LEVEL_BATCH) { op->op_oplock_level = SMB2_OPLOCK_LEVEL_BATCH; } else if (op->op_oplock_state & OPLOCK_LEVEL_ONE) { op->op_oplock_level = SMB2_OPLOCK_LEVEL_EXCLUSIVE; } else if (op->op_oplock_state & OPLOCK_LEVEL_TWO) { op->op_oplock_level = SMB2_OPLOCK_LEVEL_II; } else { op->op_oplock_level = SMB2_OPLOCK_LEVEL_NONE; } smb2_oplock_acquire(sr); } /* * Byte range locks */ alen = 0; u64p = NULL; if (nvlist_lookup_uint64_array(nvl, "locks", &u64p, &alen) == 0) { uint_t i; uint_t nlocks = alen / 3; struct nvlk *nlp; nlp = (struct nvlk *)u64p; for (i = 0; i < nlocks; i++) { status = smb_lock_range( sr, nlp->lk_start, nlp->lk_len, nlp->lk_pid, nlp->lk_type, 0); if (status != 0) { cmn_err(CE_NOTE, "CA import (%s/%s) " "get lock %d failed 0x%x", tree->t_resource, str_node->od_name, i, status); } nlp++; } } alen = SMB_OFILE_LSEQ_MAX; u8p = NULL; if (nvlist_lookup_uint8_array(nvl, "lockseq", &u8p, &alen) == 0) { if (alen != SMB_OFILE_LSEQ_MAX) { cmn_err(CE_NOTE, "CA import (%s/%s) " "get lockseq bad len=%d", tree->t_resource, str_node->od_name, alen); } else { mutex_enter(&of->f_mutex); bcopy(u8p, of->f_lock_seq, alen); mutex_exit(&of->f_mutex); } } /* * Optional "sticky" times (set pending attributes) */ mutex_enter(&of->f_mutex); pa = &of->f_pending_attr; if (nvlist_lookup_hrtime(nvl, "atime", &hrt) == 0) { hrt2ts(hrt, &pa->sa_vattr.va_atime); pa->sa_mask |= SMB_AT_ATIME; } if (nvlist_lookup_hrtime(nvl, "mtime", &hrt) == 0) { hrt2ts(hrt, &pa->sa_vattr.va_mtime); pa->sa_mask |= SMB_AT_MTIME; } if (nvlist_lookup_hrtime(nvl, "ctime", &hrt) == 0) { hrt2ts(hrt, &pa->sa_vattr.va_ctime); pa->sa_mask |= SMB_AT_CTIME; } mutex_exit(&of->f_mutex); /* * Make durable and persistent. * See smb2_dh_make_persistent() */ of->dh_vers = SMB2_DURABLE_V2; bcopy(op->create_guid, of->dh_create_guid, UUID_LEN); of->dh_persist = B_TRUE; of->dh_nvfile = str_node; smb_node_ref(str_node); of->dh_nvlist = nvl; nvl = NULL; /* * Now make it state orphaned... * See smb_ofile_drop(), then * smb_ofile_save_dh() */ mutex_enter(&of->f_mutex); of->f_state = SMB_OFILE_STATE_SAVE_DH; of->dh_timeout_offset = MSEC2NSEC(smb2_persist_timeout); mutex_exit(&of->f_mutex); /* * Finished! */ return (of); errout: if (did_open) { smb_ofile_close(of, 0); smb_ofile_release(of); } else { ASSERT(of == NULL); } if (nvl != NULL) nvlist_free(nvl); return (NULL); } static int smb2_dh_read_nvlist(smb_request_t *sr, smb_node_t *node, char *fbuf, struct nvlist **nvlpp) { smb_attr_t attr; iovec_t iov; uio_t uio; smb_tree_t *tree = sr->tid_tree; cred_t *kcr = zone_kcred(); size_t flen; int rc; bzero(&attr, sizeof (attr)); attr.sa_mask = SMB_AT_SIZE; rc = smb_node_getattr(NULL, node, kcr, NULL, &attr); if (rc != 0) { cmn_err(CE_NOTE, "CA import (%s/%s) getattr rc=%d", tree->t_resource, node->od_name, rc); return (rc); } if (attr.sa_vattr.va_size < 4 || attr.sa_vattr.va_size > smb2_dh_max_cah_size) { cmn_err(CE_NOTE, "CA import (%s/%s) bad size=%" PRIu64, tree->t_resource, node->od_name, (uint64_t)attr.sa_vattr.va_size); return (EINVAL); } flen = (size_t)attr.sa_vattr.va_size; bzero(&uio, sizeof (uio)); iov.iov_base = fbuf; iov.iov_len = flen; uio.uio_iov = &iov; uio.uio_iovcnt = 1; uio.uio_resid = flen; uio.uio_segflg = UIO_SYSSPACE; uio.uio_extflg = UIO_COPY_DEFAULT; rc = smb_fsop_read(sr, kcr, node, NULL, &uio, 0); if (rc != 0) { cmn_err(CE_NOTE, "CA import (%s/%s) read, rc=%d", tree->t_resource, node->od_name, rc); return (rc); } if (uio.uio_resid != 0) { cmn_err(CE_NOTE, "CA import (%s/%s) short read", tree->t_resource, node->od_name); return (EIO); } rc = nvlist_unpack(fbuf, flen, nvlpp, KM_SLEEP); if (rc != 0) { cmn_err(CE_NOTE, "CA import (%s/%s) unpack, rc=%d", tree->t_resource, node->od_name, rc); return (rc); } return (0); } /* * Setup a vestigial credential in of->f_cr just good enough for * smb_is_same_user to determine if the caller owned this ofile. * At reconnect, of->f_cr will be replaced with the caller's. */ static int smb2_dh_import_cred(smb_ofile_t *of, char *sidstr) { #ifdef _FAKE_KERNEL _NOTE(ARGUNUSED(sidstr)) /* fksmbd doesn't have real credentials. */ of->f_cr = CRED(); crhold(of->f_cr); #else char tmpstr[SMB_SID_STRSZ]; ksid_t ksid; cred_t *cr, *oldcr; int rc; (void) strlcpy(tmpstr, sidstr, sizeof (tmpstr)); bzero(&ksid, sizeof (ksid)); rc = smb_sid_splitstr(tmpstr, &ksid.ks_rid); if (rc != 0) return (rc); cr = crget(); ksid.ks_domain = ksid_lookupdomain(tmpstr); crsetsid(cr, &ksid, KSID_USER); ksiddomain_hold(ksid.ks_domain); crsetsid(cr, &ksid, KSID_OWNER); /* * Just to avoid leaving the KSID_GROUP slot NULL, * put the "everyone" SID there (S-1-1-0). */ ksid.ks_domain = ksid_lookupdomain("S-1-1"); ksid.ks_rid = 0; crsetsid(cr, &ksid, KSID_GROUP); oldcr = of->f_cr; of->f_cr = cr; if (oldcr != NULL) crfree(oldcr); #endif return (0); } /* * Set Delete-on-Close (DoC) on the persistent state file so it will be * removed when the last ref. goes away (in smb2_dh_close_persistent). * * This is called in just two places: * (1) SMB2_close request -- client tells us to destroy the handle. * (2) smb2_dh_expire -- client has forgotten about this handle. * All other (server-initiated) close calls should leave these * persistent state files in the file system. */ void smb2_dh_setdoc_persistent(smb_ofile_t *of) { smb_node_t *strnode; uint32_t status; mutex_enter(&of->dh_nvlock); if ((strnode = of->dh_nvfile) != NULL) smb_node_ref(strnode); mutex_exit(&of->dh_nvlock); if (strnode != NULL) { status = smb_node_set_delete_on_close(strnode, zone_kcred(), SMB_CASE_SENSITIVE); if (status != 0) { cmn_err(CE_WARN, "Can't set DoC on CA file: %s", strnode->od_name); DTRACE_PROBE1(rm__ca__err, smb_ofile_t *, of); } smb_node_release(strnode); } } /* * During ofile close, free the persistent handle state nvlist and * drop our reference to the state file node (which may unlink it * if smb2_dh_setdoc_persistent was called). */ void smb2_dh_close_persistent(smb_ofile_t *of) { smb_node_t *strnode; struct nvlist *nvl; /* * Clear out nvlist and stream linkage */ mutex_enter(&of->dh_nvlock); strnode = of->dh_nvfile; of->dh_nvfile = NULL; nvl = of->dh_nvlist; of->dh_nvlist = NULL; mutex_exit(&of->dh_nvlock); if (nvl != NULL) nvlist_free(nvl); if (strnode != NULL) smb_node_release(strnode); } /* * Make this durable handle persistent. * If we succeed, set of->dh_persist = TRUE. */ int smb2_dh_make_persistent(smb_request_t *sr, smb_ofile_t *of) { char fname[DH_SN_SIZE]; char sidstr[SMB_SID_STRSZ]; smb_attr_t attr; smb_arg_open_t *op = &sr->arg.open; cred_t *kcr = zone_kcred(); smb_node_t *dnode = of->f_tree->t_snode; smb_node_t *fnode = NULL; ksid_t *ksid; int rc; ASSERT(of->dh_nvfile == NULL); /* * Create the persistent handle nvlist file. * It's a named stream in the share root. */ smb2_dh_make_stream_name(fname, sizeof (fname), of->f_persistid); bzero(&attr, sizeof (attr)); attr.sa_mask = SMB_AT_TYPE | SMB_AT_MODE | SMB_AT_SIZE; attr.sa_vattr.va_type = VREG; attr.sa_vattr.va_mode = 0640; attr.sa_vattr.va_size = 4; rc = smb_fsop_create(sr, kcr, dnode, fname, &attr, &fnode); if (rc != 0) return (rc); mutex_enter(&of->dh_nvlock); /* fnode is held. rele in smb2_dh_close_persistent */ of->dh_nvfile = fnode; (void) nvlist_alloc(&of->dh_nvlist, NV_UNIQUE_NAME, KM_SLEEP); /* * Want the ksid as a string */ ksid = crgetsid(of->f_user->u_cred, KSID_USER); (void) snprintf(sidstr, sizeof (sidstr), "%s-%u", ksid->ks_domain->kd_name, ksid->ks_rid); /* * Fill in the fixed parts of the nvlist */ (void) nvlist_add_uint32(of->dh_nvlist, "info_version", smb2_ca_info_version); (void) nvlist_add_string(of->dh_nvlist, "owner_sid", sidstr); (void) nvlist_add_string(of->dh_nvlist, "share_name", of->f_tree->t_sharename); (void) nvlist_add_uint64(of->dh_nvlist, "file_persistid", of->f_persistid); (void) nvlist_add_uint8_array(of->dh_nvlist, "file_guid", of->dh_create_guid, UUID_LEN); (void) nvlist_add_string(of->dh_nvlist, "client_ipaddr", sr->session->ip_addr_str); (void) nvlist_add_uint8_array(of->dh_nvlist, "client_uuid", sr->session->clnt_uuid, UUID_LEN); (void) nvlist_add_string(of->dh_nvlist, "path_name", op->fqi.fq_path.pn_path); (void) nvlist_add_uint32(of->dh_nvlist, "granted_access", of->f_granted_access); (void) nvlist_add_uint32(of->dh_nvlist, "share_access", of->f_share_access); (void) nvlist_add_uint32(of->dh_nvlist, "create_options", of->f_create_options); if (of->f_lease != NULL) { smb_lease_t *ls = of->f_lease; (void) nvlist_add_uint8_array(of->dh_nvlist, "lease_uuid", ls->ls_key, 16); (void) nvlist_add_uint32(of->dh_nvlist, "lease_state", ls->ls_state); (void) nvlist_add_uint16(of->dh_nvlist, "lease_epoch", ls->ls_epoch); (void) nvlist_add_uint16(of->dh_nvlist, "lease_version", ls->ls_version); } else { (void) nvlist_add_uint32(of->dh_nvlist, "oplock_state", of->f_oplock.og_state); } mutex_exit(&of->dh_nvlock); smb2_dh_update_locks(sr, of); /* Tell sr update nvlist file */ sr->dh_nvl_dirty = B_TRUE; return (0); } void smb2_dh_update_nvfile(smb_request_t *sr) { smb_attr_t attr; iovec_t iov; uio_t uio; smb_ofile_t *of = sr->fid_ofile; cred_t *kcr = zone_kcred(); char *buf = NULL; size_t buflen = 0; uint32_t wcnt; int rc; if (of == NULL || of->dh_persist == B_FALSE) return; mutex_enter(&of->dh_nvlock); if (of->dh_nvlist == NULL || of->dh_nvfile == NULL) { mutex_exit(&of->dh_nvlock); return; } rc = nvlist_size(of->dh_nvlist, &buflen, NV_ENCODE_XDR); if (rc != 0) goto out; buf = kmem_zalloc(buflen, KM_SLEEP); rc = nvlist_pack(of->dh_nvlist, &buf, &buflen, NV_ENCODE_XDR, KM_SLEEP); if (rc != 0) goto out; bzero(&attr, sizeof (attr)); attr.sa_mask = SMB_AT_SIZE; attr.sa_vattr.va_size = buflen; rc = smb_node_setattr(sr, of->dh_nvfile, kcr, NULL, &attr); if (rc != 0) goto out; bzero(&uio, sizeof (uio)); iov.iov_base = (void *) buf; iov.iov_len = buflen; uio.uio_iov = &iov; uio.uio_iovcnt = 1; uio.uio_resid = buflen; uio.uio_segflg = UIO_SYSSPACE; uio.uio_extflg = UIO_COPY_DEFAULT; rc = smb_fsop_write(sr, kcr, of->dh_nvfile, NULL, &uio, &wcnt, 0); if (rc == 0 && wcnt != buflen) rc = EIO; out: mutex_exit(&of->dh_nvlock); if (rc != 0) { cmn_err(CE_WARN, "clnt(%s) failed to update persistent handle, rc=%d", sr->session->ip_addr_str, rc); } if (buf != NULL) { kmem_free(buf, buflen); } } /* * Called after f_oplock (and lease) changes * If lease, update: lease_state, lease_epoch * else (oplock) update: oplock_state */ void smb2_dh_update_oplock(smb_request_t *sr, smb_ofile_t *of) { smb_lease_t *ls; mutex_enter(&of->dh_nvlock); if (of->dh_nvlist == NULL) { mutex_exit(&of->dh_nvlock); return; } if (of->f_lease != NULL) { ls = of->f_lease; (void) nvlist_add_uint32(of->dh_nvlist, "lease_state", ls->ls_state); (void) nvlist_add_uint16(of->dh_nvlist, "lease_epoch", ls->ls_epoch); } else { (void) nvlist_add_uint32(of->dh_nvlist, "oplock_state", of->f_oplock.og_state); } mutex_exit(&of->dh_nvlock); sr->dh_nvl_dirty = B_TRUE; } /* * Save locks from this ofile as an array of uint64_t, where the * elements are triplets: (start, length, (pid << 32) | type) * Note pid should always be zero for SMB2, so we could use * that 32-bit spot for something else if needed. */ void smb2_dh_update_locks(smb_request_t *sr, smb_ofile_t *of) { uint8_t lseq[SMB_OFILE_LSEQ_MAX]; smb_node_t *node = of->f_node; smb_llist_t *llist = &node->n_lock_list; size_t vec_sz; // storage size uint_t my_cnt = 0; uint64_t *vec = NULL; struct nvlk *nlp; smb_lock_t *lock; smb_llist_enter(llist, RW_READER); vec_sz = (llist->ll_count + 1) * sizeof (struct nvlk); vec = kmem_alloc(vec_sz, KM_SLEEP); nlp = (struct nvlk *)vec; for (lock = smb_llist_head(llist); lock != NULL; lock = smb_llist_next(llist, lock)) { if (lock->l_file != of) continue; nlp->lk_start = lock->l_start; nlp->lk_len = lock->l_length; nlp->lk_pid = lock->l_pid; nlp->lk_type = lock->l_type; nlp++; my_cnt++; } smb_llist_exit(llist); mutex_enter(&of->f_mutex); bcopy(of->f_lock_seq, lseq, sizeof (lseq)); mutex_exit(&of->f_mutex); mutex_enter(&of->dh_nvlock); if (of->dh_nvlist != NULL) { (void) nvlist_add_uint64_array(of->dh_nvlist, "locks", vec, my_cnt * 3); (void) nvlist_add_uint8_array(of->dh_nvlist, "lockseq", lseq, sizeof (lseq)); } mutex_exit(&of->dh_nvlock); kmem_free(vec, vec_sz); sr->dh_nvl_dirty = B_TRUE; } /* * Save "sticky" times. */ void smb2_dh_update_times(smb_request_t *sr, smb_ofile_t *of, smb_attr_t *attr) { hrtime_t t; mutex_enter(&of->dh_nvlock); if (of->dh_nvlist == NULL) { mutex_exit(&of->dh_nvlock); return; } if (attr->sa_mask & SMB_AT_ATIME) { t = ts2hrt(&attr->sa_vattr.va_atime); (void) nvlist_add_hrtime(of->dh_nvlist, "atime", t); } else { (void) nvlist_remove_all(of->dh_nvlist, "atime"); } if (attr->sa_mask & SMB_AT_MTIME) { t = ts2hrt(&attr->sa_vattr.va_mtime); (void) nvlist_add_hrtime(of->dh_nvlist, "mtime", t); } else { (void) nvlist_remove_all(of->dh_nvlist, "mtime"); } if (attr->sa_mask & SMB_AT_CTIME) { t = ts2hrt(&attr->sa_vattr.va_ctime); (void) nvlist_add_hrtime(of->dh_nvlist, "ctime", t); } else { (void) nvlist_remove_all(of->dh_nvlist, "ctime"); } mutex_exit(&of->dh_nvlock); sr->dh_nvl_dirty = B_TRUE; } /* * Requirements for ofile found during reconnect (MS-SMB2 3.3.5.9.7): * - security descriptor must match provided descriptor * * If file is leased: * - lease must be requested * - client guid must match session guid * - file name must match given name * - lease key must match provided lease key * If file is not leased: * - Lease must not be requested * * dh_v2 only: * - SMB2_DHANDLE_FLAG_PERSISTENT must be set if dh_persist is true * - SMB2_DHANDLE_FLAG_PERSISTENT must not be set if dh_persist is false * - desired access, share access, and create_options must be ignored * - createguid must match */ static uint32_t smb2_dh_reconnect_checks(smb_request_t *sr, smb_ofile_t *of) { smb_arg_open_t *op = &sr->sr_open; char *fname; if (of->f_lease != NULL) { if (bcmp(sr->session->clnt_uuid, of->f_lease->ls_clnt, 16) != 0) return (NT_STATUS_OBJECT_NAME_NOT_FOUND); if (op->op_oplock_level != SMB2_OPLOCK_LEVEL_LEASE) return (NT_STATUS_OBJECT_NAME_NOT_FOUND); if (bcmp(op->lease_key, of->f_lease->ls_key, SMB_LEASE_KEY_SZ) != 0) return (NT_STATUS_OBJECT_NAME_NOT_FOUND); /* * We're supposed to check the name is the same. * Not really necessary to do this, so just do * minimal effort (check last component) */ fname = strrchr(op->fqi.fq_path.pn_path, '\\'); if (fname != NULL) fname++; else fname = op->fqi.fq_path.pn_path; if (smb_strcasecmp(fname, of->f_node->od_name, 0) != 0) { #ifdef DEBUG cmn_err(CE_NOTE, "reconnect name <%s> of name <%s>", fname, of->f_node->od_name); #endif return (NT_STATUS_INVALID_PARAMETER); } } else { if (op->op_oplock_level == SMB2_OPLOCK_LEVEL_LEASE) return (NT_STATUS_OBJECT_NAME_NOT_FOUND); } if (op->dh_vers == SMB2_DURABLE_V2) { boolean_t op_persist = ((op->dh_v2_flags & SMB2_DHANDLE_FLAG_PERSISTENT) != 0); if (of->dh_persist != op_persist) return (NT_STATUS_OBJECT_NAME_NOT_FOUND); if (memcmp(op->create_guid, of->dh_create_guid, UUID_LEN)) return (NT_STATUS_OBJECT_NAME_NOT_FOUND); } if (!smb_is_same_user(sr->user_cr, of->f_cr)) return (NT_STATUS_ACCESS_DENIED); return (NT_STATUS_SUCCESS); } /* * [MS-SMB2] 3.3.5.9.7 and 3.3.5.9.12 (durable reconnect v1/v2) * * Looks up an ofile on the server's sv_dh_list by the persistid. * If found, it validates the request. * (see smb2_dh_reconnect_checks() for details) * If the checks are passed, add it onto the new tree's list. * * Note that the oplock break code path can get to an ofile via the node * ofile list. It starts with a ref taken in smb_ofile_hold_olbrk, which * waits if the ofile is found in state RECONNECT. That wait happens with * the node ofile list lock held as reader, and the oplock mutex held. * Implications of that are: While we're in state RECONNECT, we shoud NOT * block (at least, not for long) and must not try to enter any of the * node ofile list lock or oplock mutex. Thankfully, we don't need to * enter those while reclaiming an orphaned ofile. */ uint32_t smb2_dh_reconnect(smb_request_t *sr) { smb_arg_open_t *op = &sr->sr_open; smb_tree_t *tree = sr->tid_tree; smb_ofile_t *of; cred_t *old_cr; uint32_t status = NT_STATUS_OBJECT_NAME_NOT_FOUND; uint16_t fid = 0; if (smb_idpool_alloc(&tree->t_fid_pool, &fid)) return (NT_STATUS_TOO_MANY_OPENED_FILES); /* Find orphaned handle. */ of = smb_ofile_lookup_by_persistid(sr, op->dh_fileid.persistent); if (of == NULL) goto errout; mutex_enter(&of->f_mutex); if (of->f_state != SMB_OFILE_STATE_ORPHANED) { mutex_exit(&of->f_mutex); goto errout; } status = smb2_dh_reconnect_checks(sr, of); if (status != NT_STATUS_SUCCESS) { mutex_exit(&of->f_mutex); goto errout; } /* * Note: cv_broadcast(&of->f_cv) when we're * done messing around in this state. * See: smb_ofile_hold_olbrk() */ of->f_state = SMB_OFILE_STATE_RECONNECT; mutex_exit(&of->f_mutex); /* * At this point, we should be the only thread with a ref on the * ofile, and the RECONNECT state should prevent new refs from * being granted, or other durable threads from observing or * reclaiming it. Put this ofile in the new tree, similar to * the last part of smb_ofile_open. */ old_cr = of->f_cr; of->f_cr = sr->user_cr; crhold(of->f_cr); crfree(old_cr); of->f_session = sr->session; /* hold is via user and tree */ smb_user_hold_internal(sr->uid_user); of->f_user = sr->uid_user; smb_tree_hold_internal(tree); of->f_tree = tree; of->f_fid = fid; smb_lavl_enter(&tree->t_ofile_list, RW_WRITER); smb_lavl_insert(&tree->t_ofile_list, of); smb_lavl_exit(&tree->t_ofile_list); atomic_inc_32(&tree->t_open_files); atomic_inc_32(&sr->session->s_file_cnt); /* * The ofile is now in the caller's session & tree. * * In case smb_ofile_hold or smb_oplock_send_break() are * waiting for state RECONNECT to complete, wakeup. */ mutex_enter(&of->f_mutex); of->dh_expire_time = 0; of->f_state = SMB_OFILE_STATE_OPEN; cv_broadcast(&of->f_cv); mutex_exit(&of->f_mutex); /* * The ofile is now visible in the new session. * From here, this is similar to the last part of * smb_common_open(). */ op->fqi.fq_fattr.sa_mask = SMB_AT_ALL; (void) smb_node_getattr(sr, of->f_node, zone_kcred(), of, &op->fqi.fq_fattr); /* * Set up the fileid and dosattr in open_param for response */ op->fileid = op->fqi.fq_fattr.sa_vattr.va_nodeid; op->dattr = op->fqi.fq_fattr.sa_dosattr; /* * Set up the file type in open_param for the response * The ref. from ofile lookup is "given" to fid_ofile. */ op->ftype = SMB_FTYPE_DISK; sr->smb_fid = of->f_fid; sr->fid_ofile = of; if (smb_node_is_file(of->f_node)) { op->dsize = op->fqi.fq_fattr.sa_vattr.va_size; } else { /* directory or symlink */ op->dsize = 0; } op->create_options = 0; /* no more modifications wanted */ op->action_taken = SMB_OACT_OPENED; return (NT_STATUS_SUCCESS); errout: if (of != NULL) smb_ofile_release(of); if (fid != 0) smb_idpool_free(&tree->t_fid_pool, fid); return (status); } /* * Durable handle expiration * ofile state is _EXPIRED */ static void smb2_dh_expire(void *arg) { smb_ofile_t *of = (smb_ofile_t *)arg; if (of->dh_persist) smb2_dh_setdoc_persistent(of); smb_ofile_close(of, 0); smb_ofile_release(of); } /* * Called once a minute to do expiration of durable handles. * * Normally expired durable handles should be in state "orphaned", * having transitioned from state SAVE_DH through SAVING to state * ORPHANED after all ofile references go away. If an ofile has * leaked references and the client disconnects, it will be found * here still in state SAVE_DH and past it's expiration time. * Call smb2_dh_expire for these as well, which will move them * from state SAVE_DH to state CLOSING, so they can no longer * cause sharing violations for new opens. */ void smb2_durable_timers(smb_server_t *sv) { smb_hash_t *hash; smb_llist_t *bucket; smb_ofile_t *of; hrtime_t now; int i; hash = sv->sv_persistid_ht; now = gethrtime(); for (i = 0; i < hash->num_buckets; i++) { bucket = &hash->buckets[i].b_list; smb_llist_enter(bucket, RW_READER); for (of = smb_llist_head(bucket); of != NULL; of = smb_llist_next(bucket, of)) { SMB_OFILE_VALID(of); /* * Check outside the mutex first to avoid some * mutex_enter work in this loop. If the state * changes under foot, the worst that happens * is we either enter the mutex when we might * not have needed to, or we miss some DH in * this pass and get it on the next. */ if (of->f_state != SMB_OFILE_STATE_ORPHANED && of->f_state != SMB_OFILE_STATE_SAVE_DH) continue; mutex_enter(&of->f_mutex); if ((of->f_state == SMB_OFILE_STATE_ORPHANED || of->f_state == SMB_OFILE_STATE_SAVE_DH) && of->dh_expire_time != 0 && of->dh_expire_time <= now) { of->f_state = SMB_OFILE_STATE_EXPIRED; /* inline smb_ofile_hold_internal() */ of->f_refcnt++; smb_llist_post(bucket, of, smb2_dh_expire); } mutex_exit(&of->f_mutex); } smb_llist_exit(bucket); } } /* * This is called when we're about to add a new open to some node. * If we still have orphaned durable handles on this node, let's * assume the client has lost interest in those and close them, * otherwise we might conflict with our own orphaned handles. * * We need this because we import persistent handles "speculatively" * during share import (before the client ever asks for reconnect). * That allows us to avoid any need for a "create blackout" (or * "grace period") because the imported handles prevent unwanted * conflicting opens from other clients. However, if some client * "forgets" about a persistent handle (*cough* Hyper-V) and tries * a new (conflicting) open instead of a reconnect, that might * fail unless we expire our orphaned durables handle first. * * Logic similar to smb_node_open_check() */ void smb2_dh_close_my_orphans(smb_request_t *sr, smb_ofile_t *new_of) { smb_node_t *node = new_of->f_node; smb_ofile_t *of; SMB_NODE_VALID(node); smb_llist_enter(&node->n_ofile_list, RW_READER); for (of = smb_llist_head(&node->n_ofile_list); of != NULL; of = smb_llist_next(&node->n_ofile_list, of)) { /* Same client? */ if (of->f_lease != NULL && bcmp(sr->session->clnt_uuid, of->f_lease->ls_clnt, 16) != 0) continue; if (!smb_is_same_user(sr->user_cr, of->f_cr)) continue; mutex_enter(&of->f_mutex); if (of->f_state == SMB_OFILE_STATE_ORPHANED || of->f_state == SMB_OFILE_STATE_SAVE_DH) { of->f_state = SMB_OFILE_STATE_EXPIRED; /* inline smb_ofile_hold_internal() */ of->f_refcnt++; smb_llist_post(&node->n_ofile_list, of, smb2_dh_expire); } mutex_exit(&of->f_mutex); } smb_llist_exit(&node->n_ofile_list); } /* * Called for each orphaned DH during shutdown. * Clean out any in-memory state, but leave any * on-disk persistent handle state in place. */ static void smb2_dh_cleanup(void *arg) { smb_ofile_t *of = (smb_ofile_t *)arg; smb_node_t *strnode; struct nvlist *nvl; /* * Intentionally skip smb2_dh_close_persistent by * clearing dh_nvfile before smb_ofile_close(). */ mutex_enter(&of->dh_nvlock); strnode = of->dh_nvfile; of->dh_nvfile = NULL; nvl = of->dh_nvlist; of->dh_nvlist = NULL; mutex_exit(&of->dh_nvlock); if (nvl != NULL) nvlist_free(nvl); if (strnode != NULL) smb_node_release(strnode); smb_ofile_close(of, 0); smb_ofile_release(of); } /* * Clean out durable handles during shutdown. * * Like, smb2_durable_timers but cleanup only in-memory state, * and leave any persistent state there for later reconnect. */ void smb2_dh_shutdown(smb_server_t *sv) { static const smb_oplock_grant_t og0 = { 0 }; smb_hash_t *hash; smb_llist_t *bucket; smb_ofile_t *of; int i; hash = sv->sv_persistid_ht; for (i = 0; i < hash->num_buckets; i++) { bucket = &hash->buckets[i].b_list; smb_llist_enter(bucket, RW_READER); of = smb_llist_head(bucket); while (of != NULL) { SMB_OFILE_VALID(of); mutex_enter(&of->f_mutex); switch (of->f_state) { case SMB_OFILE_STATE_ORPHANED: case SMB_OFILE_STATE_SAVE_DH: of->f_state = SMB_OFILE_STATE_EXPIRED; /* inline smb_ofile_hold_internal() */ of->f_refcnt++; smb_llist_post(bucket, of, smb2_dh_cleanup); break; default: /* * Should not be possible, but try to * make this zombie ofile harmless. */ cmn_err(CE_NOTE, "!dh_shutdown found " "of = %p with invalid state = %d", (void *)of, of->f_state); DTRACE_PROBE1(bad_ofile, smb_ofile_t *, of); ASSERT(0); of->f_oplock = og0; break; } mutex_exit(&of->f_mutex); of = smb_llist_next(bucket, of); } smb_llist_exit(bucket); } #ifdef DEBUG for (i = 0; i < hash->num_buckets; i++) { bucket = &hash->buckets[i].b_list; smb_llist_enter(bucket, RW_READER); of = smb_llist_head(bucket); while (of != NULL) { SMB_OFILE_VALID(of); cmn_err(CE_NOTE, "dh_shutdown leaked of=%p", (void *)of); of = smb_llist_next(bucket, of); } smb_llist_exit(bucket); } #endif // DEBUG } uint32_t smb2_fsctl_set_resilient(smb_request_t *sr, smb_fsctl_t *fsctl) { uint32_t timeout; smb_ofile_t *of = sr->fid_ofile; /* * Note: The spec does not explicitly prohibit resilient directories * the same way it prohibits durable directories. We prohibit them * anyway as a simplifying assumption, as there doesn't seem to be * much use for it. (HYPER-V only seems to use it on files anyway) */ if (fsctl->InputCount < 8 || !smb_node_is_file(of->f_node)) return (NT_STATUS_INVALID_PARAMETER); (void) smb_mbc_decodef(fsctl->in_mbc, "l4.", &timeout); /* milliseconds */ if (smb2_enable_dh == 0) return (NT_STATUS_NOT_SUPPORTED); /* * The spec wants us to return INVALID_PARAMETER if the timeout * is too large, but we have no way of informing the client * what an appropriate timeout is, so just set the timeout to * our max and return SUCCESS. */ if (timeout == 0) timeout = smb2_res_def_timeout; if (timeout > smb2_res_max_timeout) timeout = smb2_res_max_timeout; mutex_enter(&of->f_mutex); of->dh_vers = SMB2_RESILIENT; of->dh_timeout_offset = MSEC2NSEC(timeout); mutex_exit(&of->f_mutex); return (NT_STATUS_SUCCESS); }