1da6c28aaSamw /*
2da6c28aaSamw  * CDDL HEADER START
3da6c28aaSamw  *
4da6c28aaSamw  * The contents of this file are subject to the terms of the
5da6c28aaSamw  * Common Development and Distribution License (the "License").
6da6c28aaSamw  * You may not use this file except in compliance with the License.
7da6c28aaSamw  *
8da6c28aaSamw  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9da6c28aaSamw  * or http://www.opensolaris.org/os/licensing.
10da6c28aaSamw  * See the License for the specific language governing permissions
11da6c28aaSamw  * and limitations under the License.
12da6c28aaSamw  *
13da6c28aaSamw  * When distributing Covered Code, include this CDDL HEADER in each
14da6c28aaSamw  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15da6c28aaSamw  * If applicable, add the following below this CDDL HEADER, with the
16da6c28aaSamw  * fields enclosed by brackets "[]" replaced with your own identifying
17da6c28aaSamw  * information: Portions Copyright [yyyy] [name of copyright owner]
18da6c28aaSamw  *
19da6c28aaSamw  * CDDL HEADER END
20da6c28aaSamw  */
21da6c28aaSamw /*
222c2961f8Sjose borrego  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23da6c28aaSamw  * Use is subject to license terms.
24da6c28aaSamw  */
25da6c28aaSamw 
26*bbf6f00cSJordan Brown #include <smbsrv/smb_kproto.h>
27da6c28aaSamw #include <smbsrv/smb_fsops.h>
28da6c28aaSamw 
29da6c28aaSamw 
302c2961f8Sjose borrego /*
312c2961f8Sjose borrego  * The maximum number of bytes to return from SMB Core
322c2961f8Sjose borrego  * SmbRead or SmbLockAndRead.
332c2961f8Sjose borrego  */
342c2961f8Sjose borrego #define	SMB_CORE_READ_MAX	4432
352c2961f8Sjose borrego 
362c2961f8Sjose borrego /*
372c2961f8Sjose borrego  * The limit in bytes for SmbReadX.
382c2961f8Sjose borrego  */
392c2961f8Sjose borrego #define	SMB_READX_MAX		0x10000
40da6c28aaSamw 
412c2961f8Sjose borrego int smb_common_read(smb_request_t *, smb_rw_param_t *);
42da6c28aaSamw 
43da6c28aaSamw /*
44da6c28aaSamw  * Read bytes from a file or named pipe (SMB Core).
45da6c28aaSamw  *
46da6c28aaSamw  * The requested count specifies the number of bytes desired.  Offset
47da6c28aaSamw  * is limited to 32 bits, so this client request is inappropriate for
48da6c28aaSamw  * files with 64 bit offsets.
49da6c28aaSamw  *
50da6c28aaSamw  * On return, count is the number of bytes actually being returned, which
51da6c28aaSamw  * may be less than the count requested only if a read specifies bytes
52da6c28aaSamw  * beyond the current file size.  In this case only the bytes that exist
53da6c28aaSamw  * are returned.  A read completely beyond the end of file results in a
54da6c28aaSamw  * response of length zero.  This is the only circumstance when a zero
55da6c28aaSamw  * length response is generated.  A count returned which is less than the
56da6c28aaSamw  * count requested is the end of file indicator.
57da6c28aaSamw  */
587b59d02dSjb smb_sdrc_t
59faa1795aSjb smb_pre_read(smb_request_t *sr)
60da6c28aaSamw {
61faa1795aSjb 	smb_rw_param_t *param;
62da6c28aaSamw 	uint32_t off_low;
632c2961f8Sjose borrego 	uint16_t count;
64da6c28aaSamw 	uint16_t remcnt;
65da6c28aaSamw 	int rc;
66da6c28aaSamw 
67faa1795aSjb 	param = kmem_zalloc(sizeof (smb_rw_param_t), KM_SLEEP);
68faa1795aSjb 	sr->arg.rw = param;
69faa1795aSjb 
70da6c28aaSamw 	rc = smbsr_decode_vwv(sr, "wwlw", &sr->smb_fid,
712c2961f8Sjose borrego 	    &count, &off_low, &remcnt);
72faa1795aSjb 
73faa1795aSjb 	param->rw_offset = (uint64_t)off_low;
742c2961f8Sjose borrego 	param->rw_count = (uint32_t)count;
75faa1795aSjb 	param->rw_mincnt = 0;
76faa1795aSjb 
77faa1795aSjb 	DTRACE_SMB_2(op__Read__start, smb_request_t *, sr,
78faa1795aSjb 	    smb_rw_param_t *, param);
79faa1795aSjb 
80faa1795aSjb 	return ((rc == 0) ? SDRC_SUCCESS : SDRC_ERROR);
81faa1795aSjb }
82faa1795aSjb 
83faa1795aSjb void
84faa1795aSjb smb_post_read(smb_request_t *sr)
85faa1795aSjb {
86faa1795aSjb 	DTRACE_SMB_2(op__Read__done, smb_request_t *, sr,
87faa1795aSjb 	    smb_rw_param_t *, sr->arg.rw);
88da6c28aaSamw 
89faa1795aSjb 	kmem_free(sr->arg.rw, sizeof (smb_rw_param_t));
90faa1795aSjb }
91faa1795aSjb 
92faa1795aSjb smb_sdrc_t
93faa1795aSjb smb_com_read(smb_request_t *sr)
94faa1795aSjb {
95faa1795aSjb 	smb_rw_param_t *param = sr->arg.rw;
962c2961f8Sjose borrego 	uint16_t count;
97faa1795aSjb 	int rc;
98da6c28aaSamw 
992c2961f8Sjose borrego 	smbsr_lookup_file(sr);
100da6c28aaSamw 	if (sr->fid_ofile == NULL) {
101dc20a302Sas 		smbsr_error(sr, NT_STATUS_INVALID_HANDLE, ERRDOS, ERRbadfid);
102faa1795aSjb 		return (SDRC_ERROR);
103da6c28aaSamw 	}
104da6c28aaSamw 
105b89a8333Snatalie li - Sun Microsystems - Irvine United States 	sr->user_cr = smb_ofile_getcred(sr->fid_ofile);
106b89a8333Snatalie li - Sun Microsystems - Irvine United States 
1072c2961f8Sjose borrego 	if (param->rw_count > SMB_CORE_READ_MAX)
1082c2961f8Sjose borrego 		param->rw_count = SMB_CORE_READ_MAX;
1092c2961f8Sjose borrego 
110faa1795aSjb 	if ((rc = smb_common_read(sr, param)) != 0) {
111dc20a302Sas 		smbsr_errno(sr, rc);
112faa1795aSjb 		return (SDRC_ERROR);
113da6c28aaSamw 	}
114da6c28aaSamw 
1152c2961f8Sjose borrego 	count = (uint16_t)param->rw_count;
1167b59d02dSjb 	rc = smbsr_encode_result(sr, 5, VAR_BCC, "bw8.wbwC",
1172c2961f8Sjose borrego 	    5, count, VAR_BCC, 0x01, count, &sr->raw_data);
118da6c28aaSamw 
119faa1795aSjb 	return ((rc == 0) ? SDRC_SUCCESS : SDRC_ERROR);
120da6c28aaSamw }
121da6c28aaSamw 
122da6c28aaSamw /*
123da6c28aaSamw  * Lock and read bytes from a file (SMB Core Plus).  The SmbLockAndRead/
124da6c28aaSamw  * SmbLockAndWrite sub-dialect is only valid on disk files: reject any
125da6c28aaSamw  * attempt to use it on non-disk shares.
126da6c28aaSamw  *
127da6c28aaSamw  * The requested count specifies the number of bytes desired.  Offset
128da6c28aaSamw  * specifies the offset in the file of the first byte to be locked then
129da6c28aaSamw  * read. Note that offset is limited to 32 bits, so this client request
130da6c28aaSamw  * is inappropriate for files with 64 bit offsets.
131da6c28aaSamw  *
132da6c28aaSamw  * As with SMB_LOCK_BYTE_RANGE request, if the lock cannot be granted
133da6c28aaSamw  * immediately an error should be returned to the client.  If an error
134da6c28aaSamw  * occurs on the lock, the bytes should not be read.
135da6c28aaSamw  *
136da6c28aaSamw  * On return, count is the number of bytes actually being returned, which
137da6c28aaSamw  * may be less than the count requested only if a read specifies bytes
138da6c28aaSamw  * beyond the current file size.  In this case only the bytes that exist
139da6c28aaSamw  * are returned.  A read completely beyond the end of file results in a
140da6c28aaSamw  * response of length zero.  This is the only circumstance when a zero
141da6c28aaSamw  * length response is generated.  A count returned which is less than the
142da6c28aaSamw  * count requested is the end of file indicator.
143da6c28aaSamw  */
1447b59d02dSjb smb_sdrc_t
145faa1795aSjb smb_pre_lock_and_read(smb_request_t *sr)
146da6c28aaSamw {
147faa1795aSjb 	smb_rw_param_t *param;
148da6c28aaSamw 	uint32_t off_low;
1492c2961f8Sjose borrego 	uint16_t count;
1502c2961f8Sjose borrego 	uint16_t remcnt;
151da6c28aaSamw 	int rc;
152da6c28aaSamw 
153faa1795aSjb 	param = kmem_zalloc(sizeof (smb_rw_param_t), KM_SLEEP);
154faa1795aSjb 	sr->arg.rw = param;
155da6c28aaSamw 
156da6c28aaSamw 	rc = smbsr_decode_vwv(sr, "wwlw", &sr->smb_fid,
1572c2961f8Sjose borrego 	    &count, &off_low, &remcnt);
158faa1795aSjb 
159faa1795aSjb 	param->rw_offset = (uint64_t)off_low;
1602c2961f8Sjose borrego 	param->rw_count = (uint32_t)count;
161faa1795aSjb 	param->rw_mincnt = 0;
162faa1795aSjb 
163faa1795aSjb 	DTRACE_SMB_2(op__LockAndRead__start, smb_request_t *, sr,
164faa1795aSjb 	    smb_rw_param_t *, param);
165faa1795aSjb 
166faa1795aSjb 	return ((rc == 0) ? SDRC_SUCCESS : SDRC_ERROR);
167faa1795aSjb }
168faa1795aSjb 
169faa1795aSjb void
170faa1795aSjb smb_post_lock_and_read(smb_request_t *sr)
171faa1795aSjb {
172faa1795aSjb 	DTRACE_SMB_2(op__LockAndRead__done, smb_request_t *, sr,
173faa1795aSjb 	    smb_rw_param_t *, sr->arg.rw);
174faa1795aSjb 
175faa1795aSjb 	kmem_free(sr->arg.rw, sizeof (smb_rw_param_t));
176faa1795aSjb }
177da6c28aaSamw 
178faa1795aSjb smb_sdrc_t
179faa1795aSjb smb_com_lock_and_read(smb_request_t *sr)
180faa1795aSjb {
181faa1795aSjb 	smb_rw_param_t *param = sr->arg.rw;
182faa1795aSjb 	DWORD status;
1832c2961f8Sjose borrego 	uint16_t count;
184faa1795aSjb 	int rc;
185faa1795aSjb 
186faa1795aSjb 	if (STYPE_ISDSK(sr->tid_tree->t_res_type) == 0) {
187faa1795aSjb 		smbsr_error(sr, NT_STATUS_ACCESS_DENIED, ERRDOS, ERRnoaccess);
188faa1795aSjb 		return (SDRC_ERROR);
189faa1795aSjb 	}
190da6c28aaSamw 
1912c2961f8Sjose borrego 	smbsr_lookup_file(sr);
192da6c28aaSamw 	if (sr->fid_ofile == NULL) {
193dc20a302Sas 		smbsr_error(sr, NT_STATUS_INVALID_HANDLE, ERRDOS, ERRbadfid);
194faa1795aSjb 		return (SDRC_ERROR);
195da6c28aaSamw 	}
196da6c28aaSamw 
197b89a8333Snatalie li - Sun Microsystems - Irvine United States 	sr->user_cr = smb_ofile_getcred(sr->fid_ofile);
198b89a8333Snatalie li - Sun Microsystems - Irvine United States 
1996537f381Sas 	status = smb_lock_range(sr, param->rw_offset, (uint64_t)param->rw_count,
2002c2961f8Sjose borrego 	    0, SMB_LOCK_TYPE_READWRITE);
2012c2961f8Sjose borrego 
202faa1795aSjb 	if (status != NT_STATUS_SUCCESS) {
203faa1795aSjb 		smb_lock_range_error(sr, status);
204faa1795aSjb 		return (SDRC_ERROR);
205da6c28aaSamw 	}
206da6c28aaSamw 
2072c2961f8Sjose borrego 	if (param->rw_count > SMB_CORE_READ_MAX)
2082c2961f8Sjose borrego 		param->rw_count = SMB_CORE_READ_MAX;
2092c2961f8Sjose borrego 
210faa1795aSjb 	if ((rc = smb_common_read(sr, param)) != 0) {
211dc20a302Sas 		smbsr_errno(sr, rc);
212faa1795aSjb 		return (SDRC_ERROR);
213da6c28aaSamw 	}
214da6c28aaSamw 
2152c2961f8Sjose borrego 	count = (uint16_t)param->rw_count;
2167b59d02dSjb 	rc = smbsr_encode_result(sr, 5, VAR_BCC, "bw8.wbwC",
2172c2961f8Sjose borrego 	    5, count, VAR_BCC, 0x1, count, &sr->raw_data);
218da6c28aaSamw 
219faa1795aSjb 	return ((rc == 0) ? SDRC_SUCCESS : SDRC_ERROR);
220da6c28aaSamw }
221da6c28aaSamw 
222da6c28aaSamw /*
223da6c28aaSamw  * The SMB_COM_READ_RAW protocol is a negotiated option introduced in
224da6c28aaSamw  * SMB Core Plus to maximize performance when reading a large block
225da6c28aaSamw  * of data from a server.  This request was extended in LM 0.12 to
226da6c28aaSamw  * support 64-bit offsets; the server can indicate support by setting
227da6c28aaSamw  * CAP_LARGE_FILES in the negotiated capabilities.
228da6c28aaSamw  *
229da6c28aaSamw  * The client must guarantee that there is (and will be) no other request
230da6c28aaSamw  * to the server for the duration of the SMB_COM_READ_RAW, since the
231da6c28aaSamw  * server response has no header or trailer. To help ensure that there
232da6c28aaSamw  * are no interruptions, we block all I/O for the session during read raw.
233da6c28aaSamw  *
234da6c28aaSamw  * If this is the first SMB request received since we sent an oplock break
235da6c28aaSamw  * to this client, we don't know if it's safe to send the raw data because
236da6c28aaSamw  * the requests may have crossed on the wire and the client may have
237da6c28aaSamw  * interpreted the oplock break as part of the raw data. To avoid problems,
238da6c28aaSamw  * we send a zero length session packet, which will force the client to
239da6c28aaSamw  * retry the read.
240da6c28aaSamw  *
2412c2961f8Sjose borrego  * Do not return errors from SmbReadRaw.
242da6c28aaSamw  * Read errors are handled by sending a zero length response.
243da6c28aaSamw  */
2447b59d02dSjb smb_sdrc_t
245faa1795aSjb smb_pre_read_raw(smb_request_t *sr)
246da6c28aaSamw {
247faa1795aSjb 	smb_rw_param_t *param;
248faa1795aSjb 	uint32_t off_low;
249faa1795aSjb 	uint32_t off_high;
250faa1795aSjb 	uint32_t timeout;
2512c2961f8Sjose borrego 	uint16_t count;
252faa1795aSjb 	int rc;
253da6c28aaSamw 
254faa1795aSjb 	param = kmem_zalloc(sizeof (smb_rw_param_t), KM_SLEEP);
255faa1795aSjb 	sr->arg.rw = param;
256da6c28aaSamw 
257faa1795aSjb 	if (sr->smb_wct == 8) {
258faa1795aSjb 		rc = smbsr_decode_vwv(sr, "wlwwl2.", &sr->smb_fid,
2592c2961f8Sjose borrego 		    &off_low, &count, &param->rw_mincnt, &timeout);
2602c2961f8Sjose borrego 		if (rc == 0) {
2612c2961f8Sjose borrego 			param->rw_offset = (uint64_t)off_low;
2622c2961f8Sjose borrego 			param->rw_count = (uint32_t)count;
2632c2961f8Sjose borrego 		}
264faa1795aSjb 	} else {
265faa1795aSjb 		rc = smbsr_decode_vwv(sr, "wlwwl2.l", &sr->smb_fid,
2662c2961f8Sjose borrego 		    &off_low, &count, &param->rw_mincnt, &timeout, &off_high);
2672c2961f8Sjose borrego 		if (rc == 0) {
2682c2961f8Sjose borrego 			param->rw_offset = ((uint64_t)off_high << 32) | off_low;
2692c2961f8Sjose borrego 			param->rw_count = (uint32_t)count;
2702c2961f8Sjose borrego 		}
271faa1795aSjb 	}
272da6c28aaSamw 
273faa1795aSjb 	DTRACE_SMB_2(op__ReadRaw__start, smb_request_t *, sr,
274faa1795aSjb 	    smb_rw_param_t *, param);
275da6c28aaSamw 
276eb1d736bSafshin salek ardakani - Sun Microsystems - Irvine United States 	smb_rwx_rwenter(&sr->session->s_lock, RW_WRITER);
2772c2961f8Sjose borrego 	return (SDRC_SUCCESS);
278faa1795aSjb }
279da6c28aaSamw 
280faa1795aSjb void
281faa1795aSjb smb_post_read_raw(smb_request_t *sr)
282faa1795aSjb {
2832c2961f8Sjose borrego 	mbuf_chain_t	*mbc;
2842c2961f8Sjose borrego 
2852c2961f8Sjose borrego 	if (sr->session->s_state == SMB_SESSION_STATE_READ_RAW_ACTIVE) {
2862c2961f8Sjose borrego 		sr->session->s_state = SMB_SESSION_STATE_NEGOTIATED;
2872c2961f8Sjose borrego 
2882c2961f8Sjose borrego 		while ((mbc = list_head(&sr->session->s_oplock_brkreqs)) !=
2892c2961f8Sjose borrego 		    NULL) {
2902c2961f8Sjose borrego 			SMB_MBC_VALID(mbc);
2912c2961f8Sjose borrego 			list_remove(&sr->session->s_oplock_brkreqs, mbc);
2922c2961f8Sjose borrego 			(void) smb_session_send(sr->session, 0, mbc);
2932c2961f8Sjose borrego 			smb_mbc_free(mbc);
2942c2961f8Sjose borrego 		}
2952c2961f8Sjose borrego 	}
2962c2961f8Sjose borrego 
297faa1795aSjb 	DTRACE_SMB_2(op__ReadRaw__done, smb_request_t *, sr,
298faa1795aSjb 	    smb_rw_param_t *, sr->arg.rw);
299faa1795aSjb 
300eb1d736bSafshin salek ardakani - Sun Microsystems - Irvine United States 	smb_rwx_rwexit(&sr->session->s_lock);
301faa1795aSjb 	kmem_free(sr->arg.rw, sizeof (smb_rw_param_t));
302faa1795aSjb }
303faa1795aSjb 
304faa1795aSjb smb_sdrc_t
305faa1795aSjb smb_com_read_raw(smb_request_t *sr)
306faa1795aSjb {
307faa1795aSjb 	smb_rw_param_t *param = sr->arg.rw;
308faa1795aSjb 
309faa1795aSjb 	switch (sr->session->s_state) {
310faa1795aSjb 	case SMB_SESSION_STATE_NEGOTIATED:
3112c2961f8Sjose borrego 		sr->session->s_state = SMB_SESSION_STATE_READ_RAW_ACTIVE;
312faa1795aSjb 		break;
313da6c28aaSamw 
314da6c28aaSamw 	case SMB_SESSION_STATE_OPLOCK_BREAKING:
315da6c28aaSamw 		(void) smb_session_send(sr->session, 0, NULL);
316da6c28aaSamw 		return (SDRC_NO_REPLY);
317da6c28aaSamw 
318da6c28aaSamw 	case SMB_SESSION_STATE_TERMINATED:
319da6c28aaSamw 	case SMB_SESSION_STATE_DISCONNECTED:
320da6c28aaSamw 		return (SDRC_NO_REPLY);
321da6c28aaSamw 
3222c2961f8Sjose borrego 	case SMB_SESSION_STATE_READ_RAW_ACTIVE:
3232c2961f8Sjose borrego 		sr->session->s_state = SMB_SESSION_STATE_NEGOTIATED;
3242c2961f8Sjose borrego 		return (SDRC_DROP_VC);
3252c2961f8Sjose borrego 
326faa1795aSjb 	case SMB_SESSION_STATE_WRITE_RAW_ACTIVE:
327da6c28aaSamw 	case SMB_SESSION_STATE_CONNECTED:
328da6c28aaSamw 	case SMB_SESSION_STATE_ESTABLISHED:
329da6c28aaSamw 	default:
330da6c28aaSamw 		return (SDRC_DROP_VC);
331da6c28aaSamw 	}
332faa1795aSjb 
3332c2961f8Sjose borrego 	smbsr_lookup_file(sr);
334faa1795aSjb 	if (sr->fid_ofile == NULL) {
3352c2961f8Sjose borrego 		(void) smb_session_send(sr->session, 0, NULL);
3362c2961f8Sjose borrego 		return (SDRC_NO_REPLY);
337faa1795aSjb 	}
338faa1795aSjb 
339b89a8333Snatalie li - Sun Microsystems - Irvine United States 	sr->user_cr = smb_ofile_getcred(sr->fid_ofile);
340b89a8333Snatalie li - Sun Microsystems - Irvine United States 
3412c2961f8Sjose borrego 	if (param->rw_mincnt > param->rw_count)
3422c2961f8Sjose borrego 		param->rw_mincnt = 0;
343faa1795aSjb 
3442c2961f8Sjose borrego 	if (smb_common_read(sr, param) != 0) {
345faa1795aSjb 		(void) smb_session_send(sr->session, 0, NULL);
346faa1795aSjb 		m_freem(sr->raw_data.chain);
3472c2961f8Sjose borrego 		sr->raw_data.chain = NULL;
348faa1795aSjb 	} else {
349faa1795aSjb 		(void) smb_session_send(sr->session, 0, &sr->raw_data);
350faa1795aSjb 	}
351faa1795aSjb 
352faa1795aSjb 	return (SDRC_NO_REPLY);
353da6c28aaSamw }
354da6c28aaSamw 
355da6c28aaSamw /*
356da6c28aaSamw  * Read bytes from a file (SMB Core).  This request was extended in
357da6c28aaSamw  * LM 0.12 to support 64-bit offsets, indicated by sending a wct of
358da6c28aaSamw  * 12 and including additional offset information.
3592c2961f8Sjose borrego  *
3602c2961f8Sjose borrego  * MS-SMB 3.3.5.7 update to LM 0.12 4.2.4:
3612c2961f8Sjose borrego  * If wct is 12 and CAP_LARGE_READX is set, the count may be larger
3622c2961f8Sjose borrego  * than the negotiated buffer size.  If maxcnt_high is 0xFF, it must
3632c2961f8Sjose borrego  * be ignored.  Otherwise, maxcnt_high represents the upper 16 bits
3642c2961f8Sjose borrego  * of rw_count.
365da6c28aaSamw  */
3667b59d02dSjb smb_sdrc_t
367faa1795aSjb smb_pre_read_andx(smb_request_t *sr)
368da6c28aaSamw {
369faa1795aSjb 	smb_rw_param_t *param;
370da6c28aaSamw 	uint32_t off_low;
371da6c28aaSamw 	uint32_t off_high;
3722c2961f8Sjose borrego 	uint32_t maxcnt_high;
3732c2961f8Sjose borrego 	uint16_t maxcnt_low;
3742c2961f8Sjose borrego 	uint16_t mincnt;
375da6c28aaSamw 	uint16_t remcnt;
376da6c28aaSamw 	int rc;
377da6c28aaSamw 
378faa1795aSjb 	param = kmem_zalloc(sizeof (smb_rw_param_t), KM_SLEEP);
379faa1795aSjb 	sr->arg.rw = param;
380faa1795aSjb 
381da6c28aaSamw 	if (sr->smb_wct == 12) {
3822c2961f8Sjose borrego 		rc = smbsr_decode_vwv(sr, "b3.wlwwlwl", &param->rw_andx,
3832c2961f8Sjose borrego 		    &sr->smb_fid, &off_low, &maxcnt_low, &mincnt, &maxcnt_high,
3842c2961f8Sjose borrego 		    &remcnt, &off_high);
3852c2961f8Sjose borrego 
3862c2961f8Sjose borrego 		param->rw_offset = ((uint64_t)off_high << 32) |
3872c2961f8Sjose borrego 		    (uint64_t)off_low;
388da6c28aaSamw 
3892c2961f8Sjose borrego 		param->rw_count = (uint32_t)maxcnt_low;
3903a6c5f83SAlan Wright 
3913a6c5f83SAlan Wright 		if ((sr->session->capabilities & CAP_LARGE_READX) &&
3923a6c5f83SAlan Wright 		    (maxcnt_high < 0xFF))
3932c2961f8Sjose borrego 			param->rw_count |= maxcnt_high << 16;
394da6c28aaSamw 	} else {
3952c2961f8Sjose borrego 		rc = smbsr_decode_vwv(sr, "b3.wlwwlw", &param->rw_andx,
3962c2961f8Sjose borrego 		    &sr->smb_fid, &off_low, &maxcnt_low, &mincnt, &maxcnt_high,
3972c2961f8Sjose borrego 		    &remcnt);
398da6c28aaSamw 
399faa1795aSjb 		param->rw_offset = (uint64_t)off_low;
4002c2961f8Sjose borrego 		param->rw_count = (uint32_t)maxcnt_low;
401da6c28aaSamw 	}
402da6c28aaSamw 
403faa1795aSjb 	param->rw_mincnt = 0;
404faa1795aSjb 
405faa1795aSjb 	DTRACE_SMB_2(op__ReadX__start, smb_request_t *, sr,
406faa1795aSjb 	    smb_rw_param_t *, param);
407faa1795aSjb 
408faa1795aSjb 	return ((rc == 0) ? SDRC_SUCCESS : SDRC_ERROR);
409faa1795aSjb }
410da6c28aaSamw 
411faa1795aSjb void
412faa1795aSjb smb_post_read_andx(smb_request_t *sr)
413faa1795aSjb {
414faa1795aSjb 	DTRACE_SMB_2(op__ReadX__done, smb_request_t *, sr,
415faa1795aSjb 	    smb_rw_param_t *, sr->arg.rw);
416faa1795aSjb 
417faa1795aSjb 	kmem_free(sr->arg.rw, sizeof (smb_rw_param_t));
418faa1795aSjb }
419faa1795aSjb 
420faa1795aSjb smb_sdrc_t
421faa1795aSjb smb_com_read_andx(smb_request_t *sr)
422faa1795aSjb {
423faa1795aSjb 	smb_rw_param_t *param = sr->arg.rw;
4242c2961f8Sjose borrego 	uint16_t datalen_high;
4252c2961f8Sjose borrego 	uint16_t datalen_low;
4262c2961f8Sjose borrego 	uint16_t data_offset;
427faa1795aSjb 	uint16_t offset2;
428faa1795aSjb 	int rc;
429da6c28aaSamw 
4302c2961f8Sjose borrego 	smbsr_lookup_file(sr);
431da6c28aaSamw 	if (sr->fid_ofile == NULL) {
432dc20a302Sas 		smbsr_error(sr, NT_STATUS_INVALID_HANDLE, ERRDOS, ERRbadfid);
433faa1795aSjb 		return (SDRC_ERROR);
434da6c28aaSamw 	}
435da6c28aaSamw 
436b89a8333Snatalie li - Sun Microsystems - Irvine United States 	sr->user_cr = smb_ofile_getcred(sr->fid_ofile);
437b89a8333Snatalie li - Sun Microsystems - Irvine United States 
4382c2961f8Sjose borrego 	if (param->rw_count >= SMB_READX_MAX)
4392c2961f8Sjose borrego 		param->rw_count = 0;
4402c2961f8Sjose borrego 
441faa1795aSjb 	if ((rc = smb_common_read(sr, param)) != 0) {
442dc20a302Sas 		smbsr_errno(sr, rc);
443faa1795aSjb 		return (SDRC_ERROR);
444da6c28aaSamw 	}
445da6c28aaSamw 
4462c2961f8Sjose borrego 	datalen_low = param->rw_count & 0xFFFF;
4472c2961f8Sjose borrego 	datalen_high = (param->rw_count >> 16) & 0xFF;
448da6c28aaSamw 
449da6c28aaSamw 	/*
4502c2961f8Sjose borrego 	 * If this is a secondary command, the data offset
4512c2961f8Sjose borrego 	 * includes the previous wct + sizeof(wct).
452da6c28aaSamw 	 */
4532c2961f8Sjose borrego 	data_offset = (sr->andx_prev_wct == 0) ? 0 : sr->andx_prev_wct + 1;
4542c2961f8Sjose borrego 
455da6c28aaSamw 	if (STYPE_ISIPC(sr->tid_tree->t_res_type)) {
4562c2961f8Sjose borrego 		data_offset += 60;
4572c2961f8Sjose borrego 		offset2 = (param->rw_andx == 0xFF) ? 0 : param->rw_count + 60;
4582c2961f8Sjose borrego 
4592c2961f8Sjose borrego 		rc = smbsr_encode_result(sr, 12, VAR_BCC, "bb1.ww4.www8.wbC",
460da6c28aaSamw 		    12,			/* wct */
4612c2961f8Sjose borrego 		    param->rw_andx,	/* secondary andx command */
4622c2961f8Sjose borrego 		    offset2,		/* offset to next command */
4632c2961f8Sjose borrego 		    0,			/* set to 0 for named pipes */
4642c2961f8Sjose borrego 		    datalen_low,	/* data byte count */
4652c2961f8Sjose borrego 		    data_offset,	/* offset from start to data */
4662c2961f8Sjose borrego 		    datalen_high,	/* data byte count */
467da6c28aaSamw 		    VAR_BCC,		/* BCC marker */
4682c2961f8Sjose borrego 		    0x00,		/* padding */
469da6c28aaSamw 		    &sr->raw_data);
470da6c28aaSamw 	} else {
4712c2961f8Sjose borrego 		data_offset += 59;
4722c2961f8Sjose borrego 		offset2 = (param->rw_andx == 0xFF) ? 0 : param->rw_count + 59;
4732c2961f8Sjose borrego 
4742c2961f8Sjose borrego 		rc = smbsr_encode_result(sr, 12, VAR_BCC, "bb1.ww4.www8.wC",
475da6c28aaSamw 		    12,			/* wct */
4762c2961f8Sjose borrego 		    param->rw_andx,	/* secondary andx command */
4772c2961f8Sjose borrego 		    offset2,		/* offset to next command */
4782c2961f8Sjose borrego 		    -1,			/* must be -1 for regular files */
4792c2961f8Sjose borrego 		    datalen_low,	/* data byte count */
4802c2961f8Sjose borrego 		    data_offset,	/* offset from start to data */
4812c2961f8Sjose borrego 		    datalen_high,	/* data byte count */
482da6c28aaSamw 		    VAR_BCC,		/* BCC marker */
483da6c28aaSamw 		    &sr->raw_data);
484da6c28aaSamw 	}
485da6c28aaSamw 
486faa1795aSjb 	return ((rc == 0) ? SDRC_SUCCESS : SDRC_ERROR);
487da6c28aaSamw }
488da6c28aaSamw 
489da6c28aaSamw /*
490da6c28aaSamw  * Common function for reading files or IPC/MSRPC named pipes.  All
491da6c28aaSamw  * protocol read functions should lookup the fid before calling this
492da6c28aaSamw  * function.  We can't move the fid lookup here because lock-and-read
493da6c28aaSamw  * requires the fid to do locking before attempting the read.
494da6c28aaSamw  *
495da6c28aaSamw  * Returns errno values.
496da6c28aaSamw  */
497da6c28aaSamw int
498faa1795aSjb smb_common_read(smb_request_t *sr, smb_rw_param_t *param)
499da6c28aaSamw {
500da6c28aaSamw 	smb_ofile_t *ofile = sr->fid_ofile;
501da6c28aaSamw 	smb_node_t *node;
502faa1795aSjb 	smb_vdb_t *vdb = &param->rw_vdb;
503da6c28aaSamw 	struct mbuf *top;
504da6c28aaSamw 	int rc;
505da6c28aaSamw 
5062c2961f8Sjose borrego 	vdb->vdb_tag = 0;
5072c2961f8Sjose borrego 	vdb->vdb_uio.uio_iov = &vdb->vdb_iovec[0];
5082c2961f8Sjose borrego 	vdb->vdb_uio.uio_iovcnt = MAX_IOVEC;
5092c2961f8Sjose borrego 	vdb->vdb_uio.uio_resid = param->rw_count;
5102c2961f8Sjose borrego 	vdb->vdb_uio.uio_loffset = (offset_t)param->rw_offset;
5112c2961f8Sjose borrego 	vdb->vdb_uio.uio_segflg = UIO_SYSSPACE;
512da6c28aaSamw 
513da6c28aaSamw 	switch (sr->tid_tree->t_res_type & STYPE_MASK) {
514da6c28aaSamw 	case STYPE_DISKTREE:
515da6c28aaSamw 		node = ofile->f_node;
516da6c28aaSamw 
517037cac00Sjoyce mcintosh 		if (!smb_node_is_dir(node)) {
518faa1795aSjb 			rc = smb_lock_range_access(sr, node, param->rw_offset,
519faa1795aSjb 			    param->rw_count, B_FALSE);
520da6c28aaSamw 			if (rc != NT_STATUS_SUCCESS) {
521da6c28aaSamw 				rc = ERANGE;
522da6c28aaSamw 				break;
523da6c28aaSamw 			}
524da6c28aaSamw 		}
525da6c28aaSamw 
5262c2961f8Sjose borrego 		if ((ofile->f_flags & SMB_OFLAGS_EXECONLY) &&
5272c2961f8Sjose borrego 		    !(sr->smb_flg2 & SMB_FLAGS2_PAGING_IO)) {
5282c2961f8Sjose borrego 			/*
5292c2961f8Sjose borrego 			 * SMB_FLAGS2_PAGING_IO: permit execute-only reads.
5302c2961f8Sjose borrego 			 *
5312c2961f8Sjose borrego 			 * Reject request if the file has been opened
5322c2961f8Sjose borrego 			 * execute-only and SMB_FLAGS2_PAGING_IO is not set.
5332c2961f8Sjose borrego 			 */
5342c2961f8Sjose borrego 			rc = EACCES;
5352c2961f8Sjose borrego 			break;
5362c2961f8Sjose borrego 		}
5372c2961f8Sjose borrego 
5382c2961f8Sjose borrego 		sr->raw_data.max_bytes = vdb->vdb_uio.uio_resid;
5392c2961f8Sjose borrego 		top = smb_mbuf_allocate(&vdb->vdb_uio);
540da6c28aaSamw 
541037cac00Sjoyce mcintosh 		rc = smb_fsop_read(sr, sr->user_cr, node, &vdb->vdb_uio);
542da6c28aaSamw 
5432c2961f8Sjose borrego 		sr->raw_data.max_bytes -= vdb->vdb_uio.uio_resid;
544da6c28aaSamw 		smb_mbuf_trim(top, sr->raw_data.max_bytes);
545da6c28aaSamw 		MBC_ATTACH_MBUF(&sr->raw_data, top);
546da6c28aaSamw 		break;
547da6c28aaSamw 
548da6c28aaSamw 	case STYPE_IPC:
5492c2961f8Sjose borrego 		rc = smb_opipe_read(sr, &vdb->vdb_uio);
550da6c28aaSamw 		break;
551da6c28aaSamw 
552da6c28aaSamw 	default:
553da6c28aaSamw 		rc = EACCES;
554da6c28aaSamw 		break;
555da6c28aaSamw 	}
556da6c28aaSamw 
5572c2961f8Sjose borrego 	param->rw_count -= vdb->vdb_uio.uio_resid;
558da6c28aaSamw 
559da6c28aaSamw 	if (rc != 0)
560da6c28aaSamw 		return (rc);
561da6c28aaSamw 
562faa1795aSjb 	if (param->rw_mincnt != 0 && param->rw_count < param->rw_mincnt) {
563da6c28aaSamw 		/*
564da6c28aaSamw 		 * mincnt is only used by read-raw and is typically
565da6c28aaSamw 		 * zero.  If mincnt is greater than zero and the
566da6c28aaSamw 		 * number of bytes read is less than mincnt, tell
567da6c28aaSamw 		 * the client that we read nothing.
568da6c28aaSamw 		 */
569faa1795aSjb 		param->rw_count = 0;
570da6c28aaSamw 	}
571da6c28aaSamw 
572faa1795aSjb 	param->rw_offset += param->rw_count;
573da6c28aaSamw 	mutex_enter(&sr->fid_ofile->f_mutex);
574faa1795aSjb 	ofile->f_seek_pos = param->rw_offset;
575da6c28aaSamw 	mutex_exit(&sr->fid_ofile->f_mutex);
576da6c28aaSamw 	return (rc);
577da6c28aaSamw }
578