1da6c28aaSamw /*
2da6c28aaSamw * CDDL HEADER START
3da6c28aaSamw *
4da6c28aaSamw * The contents of this file are subject to the terms of the
5da6c28aaSamw * Common Development and Distribution License (the "License").
6da6c28aaSamw * You may not use this file except in compliance with the License.
7da6c28aaSamw *
8da6c28aaSamw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9da6c28aaSamw * or http://www.opensolaris.org/os/licensing.
10da6c28aaSamw * See the License for the specific language governing permissions
11da6c28aaSamw * and limitations under the License.
12da6c28aaSamw *
13da6c28aaSamw * When distributing Covered Code, include this CDDL HEADER in each
14da6c28aaSamw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15da6c28aaSamw * If applicable, add the following below this CDDL HEADER, with the
16da6c28aaSamw * fields enclosed by brackets "[]" replaced with your own identifying
17da6c28aaSamw * information: Portions Copyright [yyyy] [name of copyright owner]
18da6c28aaSamw *
19da6c28aaSamw * CDDL HEADER END
20da6c28aaSamw */
21da6c28aaSamw /*
22148c5f43SAlan Wright * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
2386184067SGordon Ross * Copyright 2011-2021 Tintri by DDN, Inc. All rights reserved.
2486184067SGordon Ross * Copyright 2021-2023 RackTop Systems, Inc.
25da6c28aaSamw */
26b819cea2SGordon Ross
27da6c28aaSamw #include <sys/atomic.h>
28da6c28aaSamw #include <sys/synch.h>
29da6c28aaSamw #include <sys/types.h>
30da6c28aaSamw #include <sys/sdt.h>
31f9bc6dadSDmitry.Savitsky@nexenta.com #include <sys/random.h>
32da6c28aaSamw #include <smbsrv/netbios.h>
33a90cf9f2SGordon Ross #include <smbsrv/smb2_kproto.h>
34bbf6f00cSJordan Brown #include <smbsrv/string.h>
35b819cea2SGordon Ross #include <netinet/tcp.h>
36b819cea2SGordon Ross
37b819cea2SGordon Ross #define SMB_NEW_KID() atomic_inc_64_nv(&smb_kids)
38da6c28aaSamw
39faa1795aSjb static volatile uint64_t smb_kids;
40da6c28aaSamw
41b819cea2SGordon Ross /*
42b819cea2SGordon Ross * We track the keepalive in minutes, but this constant
43b819cea2SGordon Ross * specifies it in seconds, so convert to minutes.
44b819cea2SGordon Ross */
45b819cea2SGordon Ross uint32_t smb_keep_alive = SMB_PI_KEEP_ALIVE_MIN / 60;
46da6c28aaSamw
47817fa55fSGordon Ross /*
48817fa55fSGordon Ross * This is the maximum time we'll allow a "session" to exist with no
49817fa55fSGordon Ross * authenticated smb_user_t objects on it. This allows a client to
50817fa55fSGordon Ross * logoff their "one and only" user session and then logon as some
51817fa55fSGordon Ross * different user. (There are some tests that do that.) The same
52817fa55fSGordon Ross * timeout mechanism also reduces the impact of clients that might
53817fa55fSGordon Ross * open TCP connections but never authenticate.
54817fa55fSGordon Ross */
55817fa55fSGordon Ross int smb_session_auth_tmo = 30; /* sec. */
56817fa55fSGordon Ross
570897f7fbSGordon Ross /*
580897f7fbSGordon Ross * There are many smbtorture test cases that send
590897f7fbSGordon Ross * racing requests, and where the tests fail if we
600897f7fbSGordon Ross * don't execute them in exactly the order sent.
610897f7fbSGordon Ross * These are test bugs. The protocol makes no
620897f7fbSGordon Ross * guarantees about execution order of requests
630897f7fbSGordon Ross * that are concurrently active.
640897f7fbSGordon Ross *
650897f7fbSGordon Ross * Nonetheless, smbtorture has many useful tests,
660897f7fbSGordon Ross * so we have this work-around we can enable to
670897f7fbSGordon Ross * basically force sequential execution. When
680897f7fbSGordon Ross * enabled, insert a delay after each request is
690897f7fbSGordon Ross * issued a taskq job. Enable this with mdb by
700897f7fbSGordon Ross * setting smb_reader_delay to 10. Don't make it
710897f7fbSGordon Ross * more than 500 or so or the server will appear
720897f7fbSGordon Ross * to be so slow that tests may time out.
730897f7fbSGordon Ross */
740897f7fbSGordon Ross int smb_reader_delay = 0; /* mSec. */
750897f7fbSGordon Ross
76a90cf9f2SGordon Ross static int smbsr_newrq_initial(smb_request_t *);
77a90cf9f2SGordon Ross
782c2961f8Sjose borrego static void smb_session_cancel(smb_session_t *);
79a90cf9f2SGordon Ross static int smb_session_reader(smb_session_t *);
80a90cf9f2SGordon Ross static int smb_session_xprt_puthdr(smb_session_t *,
81a90cf9f2SGordon Ross uint8_t msg_type, uint32_t msg_len,
82a90cf9f2SGordon Ross uint8_t *dst, size_t dstlen);
83811599a4SMatt Barden static void smb_session_disconnect_trees(smb_session_t *);
84f9bc6dadSDmitry.Savitsky@nexenta.com static void smb_session_genkey(smb_session_t *);
85da6c28aaSamw
86811599a4SMatt Barden /*
87811599a4SMatt Barden * This (legacy) code is in support of an "idle timeout" feature,
88811599a4SMatt Barden * which is apparently incomplete. To complete it, we should:
89811599a4SMatt Barden * when the keep_alive timer expires, check whether the client
90811599a4SMatt Barden * has any open files, and if not then kill their session.
91811599a4SMatt Barden * Right now the timers are there, but nothing happens when
92811599a4SMatt Barden * a timer expires.
93811599a4SMatt Barden *
94811599a4SMatt Barden * Todo: complete logic to kill idle sessions.
95811599a4SMatt Barden *
96811599a4SMatt Barden * Only called when sv_cfg.skc_keepalive != 0
97811599a4SMatt Barden */
98da6c28aaSamw void
smb_session_timers(smb_server_t * sv)99811599a4SMatt Barden smb_session_timers(smb_server_t *sv)
100da6c28aaSamw {
101faa1795aSjb smb_session_t *session;
102811599a4SMatt Barden smb_llist_t *ll;
103da6c28aaSamw
104811599a4SMatt Barden ll = &sv->sv_session_list;
1054163af6aSjose borrego smb_llist_enter(ll, RW_READER);
1064163af6aSjose borrego session = smb_llist_head(ll);
1074163af6aSjose borrego while (session != NULL) {
108da6c28aaSamw /*
109da6c28aaSamw * Walk through the table and decrement each keep_alive
110da6c28aaSamw * timer that has not timed out yet. (keepalive > 0)
111da6c28aaSamw */
1124163af6aSjose borrego SMB_SESSION_VALID(session);
113faa1795aSjb if (session->keep_alive &&
114faa1795aSjb (session->keep_alive != (uint32_t)-1))
115faa1795aSjb session->keep_alive--;
116faa1795aSjb
117811599a4SMatt Barden session = smb_llist_next(ll, session);
118faa1795aSjb }
1194163af6aSjose borrego smb_llist_exit(ll);
120da6c28aaSamw }
121da6c28aaSamw
122da6c28aaSamw /*
123da6c28aaSamw * Send a session message - supports SMB-over-NBT and SMB-over-TCP.
124a90cf9f2SGordon Ross * If an mbuf chain is provided (optional), it will be freed and
125a90cf9f2SGordon Ross * set to NULL -- unconditionally! (error or not)
126da6c28aaSamw *
127897907ceSGordon Ross * Prepends the 4-byte NBT header before sending.
128da6c28aaSamw */
129da6c28aaSamw int
smb_session_send(smb_session_t * session,uint8_t nbt_type,mbuf_chain_t * mbc)130a90cf9f2SGordon Ross smb_session_send(smb_session_t *session, uint8_t nbt_type, mbuf_chain_t *mbc)
131da6c28aaSamw {
132897907ceSGordon Ross mbuf_t *m = NULL;
133a90cf9f2SGordon Ross uint32_t nbt_len;
1345cdbe942Sjb int rc;
135da6c28aaSamw
136da6c28aaSamw switch (session->s_state) {
137da6c28aaSamw case SMB_SESSION_STATE_DISCONNECTED:
138da6c28aaSamw case SMB_SESSION_STATE_TERMINATED:
139a90cf9f2SGordon Ross rc = ENOTCONN;
140a90cf9f2SGordon Ross goto out;
141da6c28aaSamw default:
142da6c28aaSamw break;
143da6c28aaSamw }
144da6c28aaSamw
145a90cf9f2SGordon Ross /*
146897907ceSGordon Ross * Prepend the NBT header (NetBIOS or SMB/TCP)
147897907ceSGordon Ross * and fill it in.
148897907ceSGordon Ross *
149897907ceSGordon Ross * After this, we "own" the mbuf chain (m) and must
150897907ceSGordon Ross * either consume it (via send) or free it.
151a90cf9f2SGordon Ross */
152897907ceSGordon Ross if (mbc != NULL && (m = mbc->chain) != NULL) {
153897907ceSGordon Ross nbt_len = MBC_LENGTH(mbc);
154897907ceSGordon Ross m = m_prepend(mbc->chain, NETBIOS_HDR_SZ, M_WAIT);
155897907ceSGordon Ross mbc->chain = NULL;
156a90cf9f2SGordon Ross } else {
157897907ceSGordon Ross nbt_len = 0;
158897907ceSGordon Ross MGET(m, M_WAIT, MT_DATA);
159897907ceSGordon Ross m->m_len = NETBIOS_HDR_SZ;
160a90cf9f2SGordon Ross }
161897907ceSGordon Ross ASSERT(m->m_len >= NETBIOS_HDR_SZ);
162a90cf9f2SGordon Ross rc = smb_session_xprt_puthdr(session, nbt_type, nbt_len,
163897907ceSGordon Ross mtod(m, uint8_t *), NETBIOS_HDR_SZ);
164a90cf9f2SGordon Ross if (rc != 0)
165a90cf9f2SGordon Ross goto out;
166a90cf9f2SGordon Ross
167897907ceSGordon Ross /* Send "consumes" m unconditionally */
168897907ceSGordon Ross rc = smb_net_send_mbufs(session, m);
169897907ceSGordon Ross if (rc == 0) {
170897907ceSGordon Ross smb_server_add_txb(session->s_server,
171897907ceSGordon Ross nbt_len + NETBIOS_HDR_SZ);
172897907ceSGordon Ross }
173897907ceSGordon Ross m = NULL; // consumed
174a90cf9f2SGordon Ross
175a90cf9f2SGordon Ross out:
176897907ceSGordon Ross if (m != NULL)
177897907ceSGordon Ross m_freem(m);
178897907ceSGordon Ross if (mbc != NULL && mbc->chain != NULL) {
179a90cf9f2SGordon Ross m_freem(mbc->chain);
180a90cf9f2SGordon Ross mbc->chain = NULL;
181da6c28aaSamw }
182897907ceSGordon Ross
183a90cf9f2SGordon Ross return (rc);
184da6c28aaSamw }
185da6c28aaSamw
186da6c28aaSamw /*
187da6c28aaSamw * Read, process and respond to a NetBIOS session request.
188da6c28aaSamw *
189da6c28aaSamw * A NetBIOS session must be established for SMB-over-NetBIOS. Validate
190da6c28aaSamw * the calling and called name format and save the client NetBIOS name,
191da6c28aaSamw * which is used when a NetBIOS session is established to check for and
192da6c28aaSamw * cleanup leftover state from a previous session.
193da6c28aaSamw *
194da6c28aaSamw * Session requests are not valid for SMB-over-TCP, which is unfortunate
195da6c28aaSamw * because without the client name leftover state cannot be cleaned up
196da6c28aaSamw * if the client is behind a NAT server.
197da6c28aaSamw */
198da6c28aaSamw static int
smb_netbios_session_request(struct smb_session * session)199a90cf9f2SGordon Ross smb_netbios_session_request(struct smb_session *session)
200da6c28aaSamw {
201da6c28aaSamw int rc;
202da6c28aaSamw char *calling_name;
203da6c28aaSamw char *called_name;
204811599a4SMatt Barden char client_name[NETBIOS_NAME_SZ];
205811599a4SMatt Barden struct mbuf_chain mbc;
206811599a4SMatt Barden char *names = NULL;
207bbf6f00cSJordan Brown smb_wchar_t *wbuf = NULL;
208da6c28aaSamw smb_xprt_t hdr;
209da6c28aaSamw char *p;
210da6c28aaSamw int rc1, rc2;
211da6c28aaSamw
212da6c28aaSamw session->keep_alive = smb_keep_alive;
213da6c28aaSamw
214faa1795aSjb if ((rc = smb_session_xprt_gethdr(session, &hdr)) != 0)
215faa1795aSjb return (rc);
216da6c28aaSamw
217da6c28aaSamw DTRACE_PROBE2(receive__session__req__xprthdr, struct session *, session,
218da6c28aaSamw smb_xprt_t *, &hdr);
219da6c28aaSamw
220da6c28aaSamw if ((hdr.xh_type != SESSION_REQUEST) ||
221da6c28aaSamw (hdr.xh_length != NETBIOS_SESSION_REQUEST_DATA_LENGTH)) {
222da6c28aaSamw DTRACE_PROBE1(receive__session__req__failed,
223da6c28aaSamw struct session *, session);
224da6c28aaSamw return (EINVAL);
225da6c28aaSamw }
226da6c28aaSamw
227da6c28aaSamw names = kmem_alloc(hdr.xh_length, KM_SLEEP);
228da6c28aaSamw
229da6c28aaSamw if ((rc = smb_sorecv(session->sock, names, hdr.xh_length)) != 0) {
230da6c28aaSamw kmem_free(names, hdr.xh_length);
231da6c28aaSamw DTRACE_PROBE1(receive__session__req__failed,
232da6c28aaSamw struct session *, session);
233da6c28aaSamw return (rc);
234da6c28aaSamw }
235da6c28aaSamw
236da6c28aaSamw DTRACE_PROBE3(receive__session__req__data, struct session *, session,
237da6c28aaSamw char *, names, uint32_t, hdr.xh_length);
238da6c28aaSamw
239da6c28aaSamw called_name = &names[0];
240da6c28aaSamw calling_name = &names[NETBIOS_ENCODED_NAME_SZ + 2];
241da6c28aaSamw
242da6c28aaSamw rc1 = netbios_name_isvalid(called_name, 0);
243da6c28aaSamw rc2 = netbios_name_isvalid(calling_name, client_name);
244da6c28aaSamw
245da6c28aaSamw if (rc1 == 0 || rc2 == 0) {
246da6c28aaSamw
247da6c28aaSamw DTRACE_PROBE3(receive__invalid__session__req,
248da6c28aaSamw struct session *, session, char *, names,
249da6c28aaSamw uint32_t, hdr.xh_length);
250da6c28aaSamw
251da6c28aaSamw kmem_free(names, hdr.xh_length);
252da6c28aaSamw MBC_INIT(&mbc, MAX_DATAGRAM_LENGTH);
2533db3f65cSamw (void) smb_mbc_encodef(&mbc, "b",
254da6c28aaSamw DATAGRAM_INVALID_SOURCE_NAME_FORMAT);
255da6c28aaSamw (void) smb_session_send(session, NEGATIVE_SESSION_RESPONSE,
256da6c28aaSamw &mbc);
257da6c28aaSamw return (EINVAL);
258da6c28aaSamw }
259da6c28aaSamw
260da6c28aaSamw DTRACE_PROBE3(receive__session__req__calling__decoded,
261da6c28aaSamw struct session *, session,
262da6c28aaSamw char *, calling_name, char *, client_name);
263da6c28aaSamw
264da6c28aaSamw /*
265da6c28aaSamw * The client NetBIOS name is in oem codepage format.
266da6c28aaSamw * We need to convert it to unicode and store it in
267da6c28aaSamw * multi-byte format. We also need to strip off any
268da6c28aaSamw * spaces added as part of the NetBIOS name encoding.
269da6c28aaSamw */
270bbf6f00cSJordan Brown wbuf = kmem_alloc((SMB_PI_MAX_HOST * sizeof (smb_wchar_t)), KM_SLEEP);
271bbf6f00cSJordan Brown (void) oemtoucs(wbuf, client_name, SMB_PI_MAX_HOST, OEM_CPG_850);
272bbf6f00cSJordan Brown (void) smb_wcstombs(session->workstation, wbuf, SMB_PI_MAX_HOST);
273bbf6f00cSJordan Brown kmem_free(wbuf, (SMB_PI_MAX_HOST * sizeof (smb_wchar_t)));
274da6c28aaSamw
275da6c28aaSamw if ((p = strchr(session->workstation, ' ')) != 0)
276da6c28aaSamw *p = '\0';
277da6c28aaSamw
278da6c28aaSamw kmem_free(names, hdr.xh_length);
279da6c28aaSamw return (smb_session_send(session, POSITIVE_SESSION_RESPONSE, NULL));
280da6c28aaSamw }
281da6c28aaSamw
282da6c28aaSamw /*
283da6c28aaSamw * Read 4-byte header from the session socket and build an in-memory
284da6c28aaSamw * session transport header. See smb_xprt_t definition for header
285da6c28aaSamw * format information.
286da6c28aaSamw *
287da6c28aaSamw * Direct hosted NetBIOS-less SMB (SMB-over-TCP) uses port 445. The
288da6c28aaSamw * first byte of the four-byte header must be 0 and the next three
289da6c28aaSamw * bytes contain the length of the remaining data.
290da6c28aaSamw */
291da6c28aaSamw int
smb_session_xprt_gethdr(smb_session_t * session,smb_xprt_t * ret_hdr)292da6c28aaSamw smb_session_xprt_gethdr(smb_session_t *session, smb_xprt_t *ret_hdr)
293da6c28aaSamw {
294faa1795aSjb int rc;
295faa1795aSjb unsigned char buf[NETBIOS_HDR_SZ];
296da6c28aaSamw
297faa1795aSjb if ((rc = smb_sorecv(session->sock, buf, NETBIOS_HDR_SZ)) != 0)
298faa1795aSjb return (rc);
299da6c28aaSamw
300da6c28aaSamw switch (session->s_local_port) {
301a0aa776eSAlan Wright case IPPORT_NETBIOS_SSN:
302da6c28aaSamw ret_hdr->xh_type = buf[0];
303da6c28aaSamw ret_hdr->xh_length = (((uint32_t)buf[1] & 1) << 16) |
304da6c28aaSamw ((uint32_t)buf[2] << 8) |
305da6c28aaSamw ((uint32_t)buf[3]);
306da6c28aaSamw break;
307da6c28aaSamw
308a0aa776eSAlan Wright case IPPORT_SMB:
309da6c28aaSamw ret_hdr->xh_type = buf[0];
310da6c28aaSamw
311da6c28aaSamw if (ret_hdr->xh_type != 0) {
31249b5df1eSGordon Ross cmn_err(CE_WARN, "invalid NBT type (%u) from %s",
31349b5df1eSGordon Ross ret_hdr->xh_type, session->ip_addr_str);
314faa1795aSjb return (EPROTO);
315da6c28aaSamw }
316da6c28aaSamw
317da6c28aaSamw ret_hdr->xh_length = ((uint32_t)buf[1] << 16) |
318da6c28aaSamw ((uint32_t)buf[2] << 8) |
319da6c28aaSamw ((uint32_t)buf[3]);
320da6c28aaSamw break;
321da6c28aaSamw
322da6c28aaSamw default:
3237f667e74Sjose borrego cmn_err(CE_WARN, "invalid port %u", session->s_local_port);
324faa1795aSjb return (EPROTO);
325da6c28aaSamw }
326da6c28aaSamw
327da6c28aaSamw return (0);
328da6c28aaSamw }
329da6c28aaSamw
330da6c28aaSamw /*
331da6c28aaSamw * Encode a transport session packet header into a 4-byte buffer.
332da6c28aaSamw */
333da6c28aaSamw static int
smb_session_xprt_puthdr(smb_session_t * session,uint8_t msg_type,uint32_t msg_length,uint8_t * buf,size_t buflen)334a90cf9f2SGordon Ross smb_session_xprt_puthdr(smb_session_t *session,
335a90cf9f2SGordon Ross uint8_t msg_type, uint32_t msg_length,
336da6c28aaSamw uint8_t *buf, size_t buflen)
337da6c28aaSamw {
338a90cf9f2SGordon Ross if (buf == NULL || buflen < NETBIOS_HDR_SZ) {
339da6c28aaSamw return (-1);
340da6c28aaSamw }
341da6c28aaSamw
342da6c28aaSamw switch (session->s_local_port) {
343a0aa776eSAlan Wright case IPPORT_NETBIOS_SSN:
344a90cf9f2SGordon Ross /* Per RFC 1001, 1002: msg. len < 128KB */
345a90cf9f2SGordon Ross if (msg_length >= (1 << 17))
346a90cf9f2SGordon Ross return (-1);
347a90cf9f2SGordon Ross buf[0] = msg_type;
348a90cf9f2SGordon Ross buf[1] = ((msg_length >> 16) & 1);
349a90cf9f2SGordon Ross buf[2] = (msg_length >> 8) & 0xff;
350a90cf9f2SGordon Ross buf[3] = msg_length & 0xff;
351da6c28aaSamw break;
352da6c28aaSamw
353a0aa776eSAlan Wright case IPPORT_SMB:
354a90cf9f2SGordon Ross /*
355a90cf9f2SGordon Ross * SMB over TCP is like NetBIOS but the one byte
356a90cf9f2SGordon Ross * message type is always zero, and the length
357a90cf9f2SGordon Ross * part is three bytes. It could actually use
358a90cf9f2SGordon Ross * longer messages, but this is conservative.
359a90cf9f2SGordon Ross */
360a90cf9f2SGordon Ross if (msg_length >= (1 << 24))
361a90cf9f2SGordon Ross return (-1);
362a90cf9f2SGordon Ross buf[0] = msg_type;
363a90cf9f2SGordon Ross buf[1] = (msg_length >> 16) & 0xff;
364a90cf9f2SGordon Ross buf[2] = (msg_length >> 8) & 0xff;
365a90cf9f2SGordon Ross buf[3] = msg_length & 0xff;
366da6c28aaSamw break;
367da6c28aaSamw
368da6c28aaSamw default:
3697f667e74Sjose borrego cmn_err(CE_WARN, "invalid port %u", session->s_local_port);
370da6c28aaSamw return (-1);
371da6c28aaSamw }
372da6c28aaSamw
373da6c28aaSamw return (0);
374da6c28aaSamw }
375da6c28aaSamw
376897907ceSGordon Ross static int
smb_request_recv(smb_request_t * sr,uint32_t len)377897907ceSGordon Ross smb_request_recv(smb_request_t *sr, uint32_t len)
378da6c28aaSamw {
379897907ceSGordon Ross mbuf_t *mhead = NULL;
380897907ceSGordon Ross int rc;
381897907ceSGordon Ross
382897907ceSGordon Ross rc = smb_net_recv_mbufs(sr->session, &mhead, len);
383897907ceSGordon Ross if (rc != 0)
384897907ceSGordon Ross return (rc);
385da6c28aaSamw
386da6c28aaSamw /*
387897907ceSGordon Ross * Setup command mbuf chain received.
388da6c28aaSamw */
389897907ceSGordon Ross MBC_ATTACH_MBUF(&sr->command, mhead);
390897907ceSGordon Ross sr->command.max_bytes = len;
391da6c28aaSamw
392897907ceSGordon Ross return (0);
393da6c28aaSamw }
394da6c28aaSamw
395da6c28aaSamw /*
396da6c28aaSamw * smb_request_cancel
397da6c28aaSamw *
398da6c28aaSamw * Handle a cancel for a request properly depending on the current request
399da6c28aaSamw * state.
400da6c28aaSamw */
401da6c28aaSamw void
smb_request_cancel(smb_request_t * sr)402da6c28aaSamw smb_request_cancel(smb_request_t *sr)
403da6c28aaSamw {
4045677e049SGordon Ross void (*cancel_method)(smb_request_t *) = NULL;
4055677e049SGordon Ross
406da6c28aaSamw mutex_enter(&sr->sr_mutex);
407da6c28aaSamw switch (sr->sr_state) {
408da6c28aaSamw
409584e0fceSGordon Ross case SMB_REQ_STATE_INITIALIZING:
410da6c28aaSamw case SMB_REQ_STATE_SUBMITTED:
411da6c28aaSamw case SMB_REQ_STATE_ACTIVE:
412da6c28aaSamw case SMB_REQ_STATE_CLEANED_UP:
4135677e049SGordon Ross sr->sr_state = SMB_REQ_STATE_CANCELLED;
414da6c28aaSamw break;
415da6c28aaSamw
416b210fedeSGordon Ross case SMB_REQ_STATE_WAITING_AUTH:
417bfe5e737SGordon Ross case SMB_REQ_STATE_WAITING_FCN1:
418bfe5e737SGordon Ross case SMB_REQ_STATE_WAITING_LOCK:
419b210fedeSGordon Ross case SMB_REQ_STATE_WAITING_PIPE:
420525641e8SGordon Ross case SMB_REQ_STATE_WAITING_OLBRK:
421da6c28aaSamw /*
4225677e049SGordon Ross * These are states that have a cancel_method.
4235677e049SGordon Ross * Make the state change now, to ensure that
424*66b505f1SGordon Ross * we call cancel_method exactly once.
425*66b505f1SGordon Ross *
426*66b505f1SGordon Ross * Do the method call with sr_mutex not held.
4275677e049SGordon Ross * When the cancelled request thread resumes,
428*66b505f1SGordon Ross * it should re-take sr_mutex and wait for
429*66b505f1SGordon Ross * sr_state != CANCEL_PENDING, ensuring that
430*66b505f1SGordon Ross * the cancel method has completed.
431da6c28aaSamw */
4325677e049SGordon Ross sr->sr_state = SMB_REQ_STATE_CANCEL_PENDING;
4335677e049SGordon Ross cancel_method = sr->cancel_method;
4345677e049SGordon Ross VERIFY(cancel_method != NULL);
435*66b505f1SGordon Ross mutex_exit(&sr->sr_mutex);
436*66b505f1SGordon Ross cancel_method(sr);
437*66b505f1SGordon Ross mutex_enter(&sr->sr_mutex);
438*66b505f1SGordon Ross if (sr->sr_state == SMB_REQ_STATE_CANCEL_PENDING)
439*66b505f1SGordon Ross sr->sr_state = SMB_REQ_STATE_CANCELLED;
440*66b505f1SGordon Ross cv_broadcast(&sr->sr_st_cv);
441da6c28aaSamw break;
442da6c28aaSamw
443bfe5e737SGordon Ross case SMB_REQ_STATE_WAITING_FCN2:
444da6c28aaSamw case SMB_REQ_STATE_COMPLETED:
445bfe5e737SGordon Ross case SMB_REQ_STATE_CANCEL_PENDING:
4465677e049SGordon Ross case SMB_REQ_STATE_CANCELLED:
447da6c28aaSamw /*
448da6c28aaSamw * No action required for these states since the request
449da6c28aaSamw * is completing.
450da6c28aaSamw */
451da6c28aaSamw break;
452584e0fceSGordon Ross
453584e0fceSGordon Ross case SMB_REQ_STATE_FREE:
454da6c28aaSamw default:
4552c2961f8Sjose borrego SMB_PANIC();
456da6c28aaSamw }
457da6c28aaSamw mutex_exit(&sr->sr_mutex);
458da6c28aaSamw }
459da6c28aaSamw
460da6c28aaSamw /*
4614163af6aSjose borrego * smb_session_receiver
462da6c28aaSamw *
4634163af6aSjose borrego * Receives request from the network and dispatches them to a worker.
464811599a4SMatt Barden *
465811599a4SMatt Barden * When we receive a disconnect here, it _could_ be due to the server
466811599a4SMatt Barden * having initiated disconnect, in which case the session state will be
467811599a4SMatt Barden * SMB_SESSION_STATE_TERMINATED and we want to keep that state so later
468811599a4SMatt Barden * tear-down logic will know which side initiated.
469da6c28aaSamw */
4704163af6aSjose borrego void
smb_session_receiver(smb_session_t * session)4714163af6aSjose borrego smb_session_receiver(smb_session_t *session)
472da6c28aaSamw {
473b819cea2SGordon Ross int rc = 0;
474817fa55fSGordon Ross timeout_id_t tmo = NULL;
475da6c28aaSamw
4764163af6aSjose borrego SMB_SESSION_VALID(session);
4774163af6aSjose borrego
4784163af6aSjose borrego session->s_thread = curthread;
479da6c28aaSamw
480a0aa776eSAlan Wright if (session->s_local_port == IPPORT_NETBIOS_SSN) {
481a90cf9f2SGordon Ross rc = smb_netbios_session_request(session);
4824163af6aSjose borrego if (rc != 0) {
483faa1795aSjb smb_rwx_rwenter(&session->s_lock, RW_WRITER);
484811599a4SMatt Barden if (session->s_state != SMB_SESSION_STATE_TERMINATED)
485811599a4SMatt Barden session->s_state =
486811599a4SMatt Barden SMB_SESSION_STATE_DISCONNECTED;
487faa1795aSjb smb_rwx_rwexit(&session->s_lock);
4884163af6aSjose borrego return;
489faa1795aSjb }
490faa1795aSjb }
491da6c28aaSamw
492da6c28aaSamw smb_rwx_rwenter(&session->s_lock, RW_WRITER);
493faa1795aSjb session->s_state = SMB_SESSION_STATE_ESTABLISHED;
494817fa55fSGordon Ross session->s_auth_tmo = timeout((tmo_func_t)smb_session_disconnect,
495817fa55fSGordon Ross session, SEC_TO_TICK(smb_session_auth_tmo));
496faa1795aSjb smb_rwx_rwexit(&session->s_lock);
497da6c28aaSamw
498a90cf9f2SGordon Ross (void) smb_session_reader(session);
499da6c28aaSamw
500faa1795aSjb smb_rwx_rwenter(&session->s_lock, RW_WRITER);
501811599a4SMatt Barden if (session->s_state != SMB_SESSION_STATE_TERMINATED)
502811599a4SMatt Barden session->s_state = SMB_SESSION_STATE_DISCONNECTED;
503817fa55fSGordon Ross tmo = session->s_auth_tmo;
504817fa55fSGordon Ross session->s_auth_tmo = NULL;
505da6c28aaSamw smb_rwx_rwexit(&session->s_lock);
506da6c28aaSamw
507817fa55fSGordon Ross /* Timeout callback takes s_lock. See untimeout(9f) */
508817fa55fSGordon Ross if (tmo != NULL)
509817fa55fSGordon Ross (void) untimeout(tmo);
510817fa55fSGordon Ross
511faa1795aSjb smb_soshutdown(session->sock);
512faa1795aSjb
513da6c28aaSamw DTRACE_PROBE2(session__drop, struct session *, session, int, rc);
514da6c28aaSamw
515da6c28aaSamw smb_session_cancel(session);
516da6c28aaSamw /*
517da6c28aaSamw * At this point everything related to the session should have been
518da6c28aaSamw * cleaned up and we expect that nothing will attempt to use the
519da6c28aaSamw * socket.
520da6c28aaSamw */
5214163af6aSjose borrego }
522da6c28aaSamw
5234163af6aSjose borrego /*
5244163af6aSjose borrego * smb_session_disconnect
5254163af6aSjose borrego *
526811599a4SMatt Barden * Server-initiated disconnect (i.e. server shutdown)
5274163af6aSjose borrego */
5284163af6aSjose borrego void
smb_session_disconnect(smb_session_t * session)5294163af6aSjose borrego smb_session_disconnect(smb_session_t *session)
5304163af6aSjose borrego {
5314163af6aSjose borrego SMB_SESSION_VALID(session);
5324163af6aSjose borrego
5334163af6aSjose borrego smb_rwx_rwenter(&session->s_lock, RW_WRITER);
5344163af6aSjose borrego switch (session->s_state) {
5354163af6aSjose borrego case SMB_SESSION_STATE_INITIALIZED:
5364163af6aSjose borrego case SMB_SESSION_STATE_CONNECTED:
5374163af6aSjose borrego case SMB_SESSION_STATE_ESTABLISHED:
5384163af6aSjose borrego case SMB_SESSION_STATE_NEGOTIATED:
5394163af6aSjose borrego smb_soshutdown(session->sock);
540811599a4SMatt Barden session->s_state = SMB_SESSION_STATE_TERMINATED;
541811599a4SMatt Barden break;
5424163af6aSjose borrego case SMB_SESSION_STATE_DISCONNECTED:
5434163af6aSjose borrego case SMB_SESSION_STATE_TERMINATED:
5444163af6aSjose borrego break;
5454163af6aSjose borrego }
5464163af6aSjose borrego smb_rwx_rwexit(&session->s_lock);
547da6c28aaSamw }
548da6c28aaSamw
549da6c28aaSamw /*
550da6c28aaSamw * Read and process SMB requests.
551da6c28aaSamw *
552da6c28aaSamw * Returns:
553da6c28aaSamw * 0 Success
554da6c28aaSamw * 1 Unable to read transport header
555da6c28aaSamw * 2 Invalid transport header type
556da6c28aaSamw * 3 Invalid SMB length (too small)
557da6c28aaSamw * 4 Unable to read SMB header
558da6c28aaSamw * 5 Invalid SMB header (bad magic number)
559da6c28aaSamw * 6 Unable to read SMB data
560da6c28aaSamw */
561da6c28aaSamw static int
smb_session_reader(smb_session_t * session)562a90cf9f2SGordon Ross smb_session_reader(smb_session_t *session)
563da6c28aaSamw {
564148c5f43SAlan Wright smb_server_t *sv;
565faa1795aSjb smb_request_t *sr = NULL;
566faa1795aSjb smb_xprt_t hdr;
567faa1795aSjb int rc;
568da6c28aaSamw
569148c5f43SAlan Wright sv = session->s_server;
570148c5f43SAlan Wright
571faa1795aSjb for (;;) {
572faa1795aSjb
573faa1795aSjb rc = smb_session_xprt_gethdr(session, &hdr);
574faa1795aSjb if (rc)
575faa1795aSjb return (rc);
576faa1795aSjb
577faa1795aSjb DTRACE_PROBE2(session__receive__xprthdr, session_t *, session,
578faa1795aSjb smb_xprt_t *, &hdr);
579faa1795aSjb
580faa1795aSjb if (hdr.xh_type != SESSION_MESSAGE) {
581faa1795aSjb /*
582faa1795aSjb * Anything other than SESSION_MESSAGE or
583faa1795aSjb * SESSION_KEEP_ALIVE is an error. A SESSION_REQUEST
584faa1795aSjb * may indicate a new session request but we need to
585faa1795aSjb * close this session and we can treat it as an error
586faa1795aSjb * here.
587faa1795aSjb */
588faa1795aSjb if (hdr.xh_type == SESSION_KEEP_ALIVE) {
589faa1795aSjb session->keep_alive = smb_keep_alive;
590da6c28aaSamw continue;
591da6c28aaSamw }
592faa1795aSjb return (EPROTO);
593da6c28aaSamw }
594da6c28aaSamw
595a90cf9f2SGordon Ross if (hdr.xh_length == 0) {
596a90cf9f2SGordon Ross /* zero length is another form of keep alive */
597a90cf9f2SGordon Ross session->keep_alive = smb_keep_alive;
598a90cf9f2SGordon Ross continue;
599a90cf9f2SGordon Ross }
600a90cf9f2SGordon Ross
601faa1795aSjb if (hdr.xh_length < SMB_HEADER_LEN)
602faa1795aSjb return (EPROTO);
603a90cf9f2SGordon Ross if (hdr.xh_length > session->cmd_max_bytes)
604a90cf9f2SGordon Ross return (EPROTO);
605da6c28aaSamw
606faa1795aSjb session->keep_alive = smb_keep_alive;
607a90cf9f2SGordon Ross
608da6c28aaSamw /*
609a90cf9f2SGordon Ross * Allocate a request context, read the whole message.
610811599a4SMatt Barden * If the request alloc fails, we've disconnected
611811599a4SMatt Barden * and won't be able to send the reply anyway, so bail now.
612da6c28aaSamw */
6139c856e86SMatt Barden if ((sr = smb_request_alloc(session, hdr.xh_length)) == NULL)
6149c856e86SMatt Barden break;
615897907ceSGordon Ross if ((rc = smb_request_recv(sr, hdr.xh_length)) != 0) {
616faa1795aSjb smb_request_free(sr);
617a90cf9f2SGordon Ross break;
618faa1795aSjb }
619da6c28aaSamw
620ac2bf314SMatt Barden /* accounting: received bytes */
621148c5f43SAlan Wright smb_server_add_rxb(sv,
622148c5f43SAlan Wright (int64_t)(hdr.xh_length + NETBIOS_HDR_SZ));
623a90cf9f2SGordon Ross
624faa1795aSjb DTRACE_PROBE1(session__receive__smb, smb_request_t *, sr);
625da6c28aaSamw
626a90cf9f2SGordon Ross rc = session->newrq_func(sr);
627a90cf9f2SGordon Ross sr = NULL; /* enqueued or freed */
628a90cf9f2SGordon Ross if (rc != 0)
629a90cf9f2SGordon Ross break;
6300897f7fbSGordon Ross
6310897f7fbSGordon Ross /* See notes where this is defined (above). */
6320897f7fbSGordon Ross if (smb_reader_delay) {
6330897f7fbSGordon Ross delay(MSEC_TO_TICK(smb_reader_delay));
6340897f7fbSGordon Ross }
635da6c28aaSamw }
636a90cf9f2SGordon Ross return (rc);
637a90cf9f2SGordon Ross }
638a90cf9f2SGordon Ross
639a90cf9f2SGordon Ross /*
640a90cf9f2SGordon Ross * This is the initial handler for new smb requests, called from
641a90cf9f2SGordon Ross * from smb_session_reader when we have not yet seen any requests.
642a90cf9f2SGordon Ross * The first SMB request must be "negotiate", which determines
643a90cf9f2SGordon Ross * which protocol and dialect we'll be using. That's the ONLY
644a90cf9f2SGordon Ross * request type handled here, because with all later requests,
645a90cf9f2SGordon Ross * we know the protocol and handle those with either the SMB1 or
646a90cf9f2SGordon Ross * SMB2 handlers: smb1sr_post() or smb2sr_post().
647a90cf9f2SGordon Ross * Those do NOT allow SMB negotiate, because that's only allowed
648a90cf9f2SGordon Ross * as the first request on new session.
649a90cf9f2SGordon Ross *
650a90cf9f2SGordon Ross * This and other "post a request" handlers must either enqueue
651a90cf9f2SGordon Ross * the new request for the session taskq, or smb_request_free it
652a90cf9f2SGordon Ross * (in case we've decided to drop this connection). In this
653a90cf9f2SGordon Ross * (special) new request handler, we always free the request.
65493bc28dbSGordon Ross *
65593bc28dbSGordon Ross * Return value is 0 for success, and anything else will
65693bc28dbSGordon Ross * terminate the reader thread (drop the connection).
657a90cf9f2SGordon Ross */
658a90cf9f2SGordon Ross static int
smbsr_newrq_initial(smb_request_t * sr)659a90cf9f2SGordon Ross smbsr_newrq_initial(smb_request_t *sr)
660a90cf9f2SGordon Ross {
661a90cf9f2SGordon Ross uint32_t magic;
662897907ceSGordon Ross int rc;
663a90cf9f2SGordon Ross
664a90cf9f2SGordon Ross mutex_enter(&sr->sr_mutex);
665a90cf9f2SGordon Ross sr->sr_state = SMB_REQ_STATE_ACTIVE;
666a90cf9f2SGordon Ross mutex_exit(&sr->sr_mutex);
667a90cf9f2SGordon Ross
668897907ceSGordon Ross if ((rc = smb_mbc_peek(&sr->command, 0, "l", &magic)) != 0)
669897907ceSGordon Ross goto done;
670897907ceSGordon Ross
671897907ceSGordon Ross switch (magic) {
672897907ceSGordon Ross case SMB_PROTOCOL_MAGIC:
673a90cf9f2SGordon Ross rc = smb1_newrq_negotiate(sr);
674897907ceSGordon Ross break;
675897907ceSGordon Ross case SMB2_PROTOCOL_MAGIC:
676a90cf9f2SGordon Ross rc = smb2_newrq_negotiate(sr);
677897907ceSGordon Ross break;
678897907ceSGordon Ross default:
679897907ceSGordon Ross rc = EPROTO;
680897907ceSGordon Ross }
681a90cf9f2SGordon Ross
682897907ceSGordon Ross done:
683a90cf9f2SGordon Ross mutex_enter(&sr->sr_mutex);
684a90cf9f2SGordon Ross sr->sr_state = SMB_REQ_STATE_COMPLETED;
685a90cf9f2SGordon Ross mutex_exit(&sr->sr_mutex);
686a90cf9f2SGordon Ross
687a90cf9f2SGordon Ross smb_request_free(sr);
688a90cf9f2SGordon Ross return (rc);
689da6c28aaSamw }
690da6c28aaSamw
691da6c28aaSamw /*
692a0aa776eSAlan Wright * Port will be IPPORT_NETBIOS_SSN or IPPORT_SMB.
693da6c28aaSamw */
694da6c28aaSamw smb_session_t *
smb_session_create(ksocket_t new_so,uint16_t port,smb_server_t * sv,int family)6957f667e74Sjose borrego smb_session_create(ksocket_t new_so, uint16_t port, smb_server_t *sv,
6967f667e74Sjose borrego int family)
697da6c28aaSamw {
698da6c28aaSamw struct sockaddr_in sin;
6990f1702c5SYu Xiangning socklen_t slen;
7007f667e74Sjose borrego struct sockaddr_in6 sin6;
701da6c28aaSamw smb_session_t *session;
702d3d50737SRafael Vanoni int64_t now;
703a90cf9f2SGordon Ross uint16_t rport;
704da6c28aaSamw
7058622ec45SGordon Ross session = kmem_cache_alloc(smb_cache_session, KM_SLEEP);
706da6c28aaSamw bzero(session, sizeof (smb_session_t));
707da6c28aaSamw
708da6c28aaSamw if (smb_idpool_constructor(&session->s_uid_pool)) {
7098622ec45SGordon Ross kmem_cache_free(smb_cache_session, session);
710da6c28aaSamw return (NULL);
711da6c28aaSamw }
7123b13a1efSThomas Keiser if (smb_idpool_constructor(&session->s_tid_pool)) {
7133b13a1efSThomas Keiser smb_idpool_destructor(&session->s_uid_pool);
7148622ec45SGordon Ross kmem_cache_free(smb_cache_session, session);
7153b13a1efSThomas Keiser return (NULL);
7163b13a1efSThomas Keiser }
717da6c28aaSamw
718d3d50737SRafael Vanoni now = ddi_get_lbolt64();
719d3d50737SRafael Vanoni
720811599a4SMatt Barden session->s_server = sv;
721da6c28aaSamw session->s_kid = SMB_NEW_KID();
722faa1795aSjb session->s_state = SMB_SESSION_STATE_INITIALIZED;
723da6c28aaSamw session->native_os = NATIVE_OS_UNKNOWN;
724d3d50737SRafael Vanoni session->opentime = now;
725da6c28aaSamw session->keep_alive = smb_keep_alive;
726d3d50737SRafael Vanoni session->activity_timestamp = now;
727f9bc6dadSDmitry.Savitsky@nexenta.com smb_session_genkey(session);
728f9bc6dadSDmitry.Savitsky@nexenta.com
729a90cf9f2SGordon Ross mutex_init(&session->s_credits_mutex, NULL, MUTEX_DEFAULT, NULL);
730a90cf9f2SGordon Ross
731da6c28aaSamw smb_slist_constructor(&session->s_req_list, sizeof (smb_request_t),
732da6c28aaSamw offsetof(smb_request_t, sr_session_lnd));
733da6c28aaSamw
734da6c28aaSamw smb_llist_constructor(&session->s_user_list, sizeof (smb_user_t),
735da6c28aaSamw offsetof(smb_user_t, u_lnd));
736da6c28aaSamw
7373b13a1efSThomas Keiser smb_llist_constructor(&session->s_tree_list, sizeof (smb_tree_t),
7383b13a1efSThomas Keiser offsetof(smb_tree_t, t_lnd));
7393b13a1efSThomas Keiser
740da6c28aaSamw smb_llist_constructor(&session->s_xa_list, sizeof (smb_xa_t),
741da6c28aaSamw offsetof(smb_xa_t, xa_lnd));
742da6c28aaSamw
7435cdbe942Sjb smb_net_txl_constructor(&session->s_txlst);
7445cdbe942Sjb
745da6c28aaSamw smb_rwx_init(&session->s_lock);
746da6c28aaSamw
7478d94f651SGordon Ross session->s_srqueue = &sv->sv_srqueue;
7488d94f651SGordon Ross smb_server_get_cfg(sv, &session->s_cfg);
7498d94f651SGordon Ross
7508d94f651SGordon Ross if (new_so == NULL) {
7518d94f651SGordon Ross /*
7528d94f651SGordon Ross * This call is creating the special "server" session,
7538d94f651SGordon Ross * used for kshare export, oplock breaks, CA import.
7548d94f651SGordon Ross * CA import creates temporary trees on this session
7558d94f651SGordon Ross * and those should never get map/unmap up-calls, so
7568d94f651SGordon Ross * force the map/unmap flags zero on this session.
7578d94f651SGordon Ross * Set a "modern" dialect for CA import too, so
7588d94f651SGordon Ross * pathname parse doesn't do OS/2 stuff, etc.
7598d94f651SGordon Ross */
7608d94f651SGordon Ross session->s_cfg.skc_execflags = 0;
7618d94f651SGordon Ross session->dialect = session->s_cfg.skc_max_protocol;
7628d94f651SGordon Ross } else {
7637f667e74Sjose borrego if (family == AF_INET) {
7647f667e74Sjose borrego slen = sizeof (sin);
7657f667e74Sjose borrego (void) ksocket_getsockname(new_so,
7667f667e74Sjose borrego (struct sockaddr *)&sin, &slen, CRED());
767fc724630SAlan Wright bcopy(&sin.sin_addr,
768fc724630SAlan Wright &session->local_ipaddr.au_addr.au_ipv4,
769fc724630SAlan Wright sizeof (in_addr_t));
770fc724630SAlan Wright slen = sizeof (sin);
7717f667e74Sjose borrego (void) ksocket_getpeername(new_so,
7727f667e74Sjose borrego (struct sockaddr *)&sin, &slen, CRED());
773fc724630SAlan Wright bcopy(&sin.sin_addr,
774fc724630SAlan Wright &session->ipaddr.au_addr.au_ipv4,
775fc724630SAlan Wright sizeof (in_addr_t));
776a90cf9f2SGordon Ross rport = sin.sin_port;
7777f667e74Sjose borrego } else {
7787f667e74Sjose borrego slen = sizeof (sin6);
7797f667e74Sjose borrego (void) ksocket_getsockname(new_so,
7807f667e74Sjose borrego (struct sockaddr *)&sin6, &slen, CRED());
781fc724630SAlan Wright bcopy(&sin6.sin6_addr,
782fc724630SAlan Wright &session->local_ipaddr.au_addr.au_ipv6,
783fc724630SAlan Wright sizeof (in6_addr_t));
784fc724630SAlan Wright slen = sizeof (sin6);
7857f667e74Sjose borrego (void) ksocket_getpeername(new_so,
7867f667e74Sjose borrego (struct sockaddr *)&sin6, &slen, CRED());
787fc724630SAlan Wright bcopy(&sin6.sin6_addr,
788fc724630SAlan Wright &session->ipaddr.au_addr.au_ipv6,
789fc724630SAlan Wright sizeof (in6_addr_t));
790a90cf9f2SGordon Ross rport = sin6.sin6_port;
7917f667e74Sjose borrego }
7927f667e74Sjose borrego session->ipaddr.a_family = family;
7937f667e74Sjose borrego session->local_ipaddr.a_family = family;
794faa1795aSjb session->s_local_port = port;
795a90cf9f2SGordon Ross session->s_remote_port = ntohs(rport);
796faa1795aSjb session->sock = new_so;
79749b5df1eSGordon Ross (void) smb_inet_ntop(&session->ipaddr,
79849b5df1eSGordon Ross session->ip_addr_str, INET6_ADDRSTRLEN);
799148c5f43SAlan Wright if (port == IPPORT_NETBIOS_SSN)
800148c5f43SAlan Wright smb_server_inc_nbt_sess(sv);
801148c5f43SAlan Wright else
802148c5f43SAlan Wright smb_server_inc_tcp_sess(sv);
803faa1795aSjb }
804148c5f43SAlan Wright
805a90cf9f2SGordon Ross /*
806a90cf9f2SGordon Ross * The initial new request handler is special,
807a90cf9f2SGordon Ross * and only accepts negotiation requests.
808a90cf9f2SGordon Ross */
809a90cf9f2SGordon Ross session->newrq_func = smbsr_newrq_initial;
810a90cf9f2SGordon Ross
811a90cf9f2SGordon Ross /* These may increase in SMB2 negotiate. */
812a90cf9f2SGordon Ross session->cmd_max_bytes = SMB_REQ_MAX_SIZE;
813a90cf9f2SGordon Ross session->reply_max_bytes = SMB_REQ_MAX_SIZE;
814a90cf9f2SGordon Ross
815da6c28aaSamw session->s_magic = SMB_SESSION_MAGIC;
816da6c28aaSamw return (session);
817da6c28aaSamw }
818da6c28aaSamw
819da6c28aaSamw void
smb_session_delete(smb_session_t * session)820da6c28aaSamw smb_session_delete(smb_session_t *session)
821da6c28aaSamw {
8222c2961f8Sjose borrego
823da6c28aaSamw ASSERT(session->s_magic == SMB_SESSION_MAGIC);
824da6c28aaSamw
8251160dcf7SMatt Barden if (session->enc_mech != NULL)
8264f0ce1daSGordon Ross smb3_encrypt_ssn_fini(session);
8271160dcf7SMatt Barden
828b819cea2SGordon Ross if (session->sign_fini != NULL)
829b819cea2SGordon Ross session->sign_fini(session);
830b819cea2SGordon Ross
83112b65585SGordon Ross if (session->signing.mackey != NULL) {
83212b65585SGordon Ross kmem_free(session->signing.mackey,
83312b65585SGordon Ross session->signing.mackey_len);
83412b65585SGordon Ross }
83512b65585SGordon Ross
8364e065a9fSAlexander Stetsenko if (session->preauth_mech != NULL)
8374e065a9fSAlexander Stetsenko smb31_preauth_fini(session);
8384e065a9fSAlexander Stetsenko
83912b65585SGordon Ross session->s_magic = 0;
84012b65585SGordon Ross
841da6c28aaSamw smb_rwx_destroy(&session->s_lock);
8425cdbe942Sjb smb_net_txl_destructor(&session->s_txlst);
8432c2961f8Sjose borrego
844a90cf9f2SGordon Ross mutex_destroy(&session->s_credits_mutex);
845a90cf9f2SGordon Ross
846da6c28aaSamw smb_slist_destructor(&session->s_req_list);
8473b13a1efSThomas Keiser smb_llist_destructor(&session->s_tree_list);
848da6c28aaSamw smb_llist_destructor(&session->s_user_list);
849da6c28aaSamw smb_llist_destructor(&session->s_xa_list);
850da6c28aaSamw
851da6c28aaSamw ASSERT(session->s_tree_cnt == 0);
852da6c28aaSamw ASSERT(session->s_file_cnt == 0);
853da6c28aaSamw ASSERT(session->s_dir_cnt == 0);
854da6c28aaSamw
8553b13a1efSThomas Keiser smb_idpool_destructor(&session->s_tid_pool);
856da6c28aaSamw smb_idpool_destructor(&session->s_uid_pool);
8574163af6aSjose borrego if (session->sock != NULL) {
8584163af6aSjose borrego if (session->s_local_port == IPPORT_NETBIOS_SSN)
8594163af6aSjose borrego smb_server_dec_nbt_sess(session->s_server);
8604163af6aSjose borrego else
8614163af6aSjose borrego smb_server_dec_tcp_sess(session->s_server);
8624163af6aSjose borrego smb_sodestroy(session->sock);
8634163af6aSjose borrego }
8648622ec45SGordon Ross kmem_cache_free(smb_cache_session, session);
865da6c28aaSamw }
866da6c28aaSamw
8672c2961f8Sjose borrego static void
smb_session_cancel(smb_session_t * session)868da6c28aaSamw smb_session_cancel(smb_session_t *session)
869da6c28aaSamw {
870da6c28aaSamw smb_xa_t *xa, *nextxa;
871da6c28aaSamw
872da6c28aaSamw /* All the request currently being treated must be canceled. */
873c8ec8eeaSjose borrego smb_session_cancel_requests(session, NULL, NULL);
874da6c28aaSamw
875da6c28aaSamw /*
876da6c28aaSamw * We wait for the completion of all the requests associated with
877da6c28aaSamw * this session.
878da6c28aaSamw */
879da6c28aaSamw smb_slist_wait_for_empty(&session->s_req_list);
880da6c28aaSamw
881da6c28aaSamw /*
882817fa55fSGordon Ross * Cleanup transact state objects
883da6c28aaSamw */
884da6c28aaSamw xa = smb_llist_head(&session->s_xa_list);
885da6c28aaSamw while (xa) {
886da6c28aaSamw nextxa = smb_llist_next(&session->s_xa_list, xa);
887da6c28aaSamw smb_xa_close(xa);
888da6c28aaSamw xa = nextxa;
889da6c28aaSamw }
8909fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
891817fa55fSGordon Ross /*
892817fa55fSGordon Ross * At this point the reference count of the files and directories
893817fa55fSGordon Ross * should be zero. It should be possible to destroy them without
894817fa55fSGordon Ross * any problem, which should trigger the destruction of other objects.
895817fa55fSGordon Ross */
8969fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_session_logoff(session);
897da6c28aaSamw }
898da6c28aaSamw
899c8ec8eeaSjose borrego /*
900c8ec8eeaSjose borrego * Cancel requests. If a non-null tree is specified, only requests specific
901c8ec8eeaSjose borrego * to that tree will be cancelled. If a non-null sr is specified, that sr
902c8ec8eeaSjose borrego * will be not be cancelled - this would typically be the caller's sr.
903c8ec8eeaSjose borrego */
904da6c28aaSamw void
smb_session_cancel_requests(smb_session_t * session,smb_tree_t * tree,smb_request_t * exclude_sr)905da6c28aaSamw smb_session_cancel_requests(
906c8ec8eeaSjose borrego smb_session_t *session,
907c8ec8eeaSjose borrego smb_tree_t *tree,
908c8ec8eeaSjose borrego smb_request_t *exclude_sr)
909da6c28aaSamw {
910da6c28aaSamw smb_request_t *sr;
911da6c28aaSamw
912da6c28aaSamw smb_slist_enter(&session->s_req_list);
913da6c28aaSamw sr = smb_slist_head(&session->s_req_list);
914c8ec8eeaSjose borrego
915da6c28aaSamw while (sr) {
916da6c28aaSamw ASSERT(sr->sr_magic == SMB_REQ_MAGIC);
917c8ec8eeaSjose borrego if ((sr != exclude_sr) &&
918c8ec8eeaSjose borrego (tree == NULL || sr->tid_tree == tree))
919c8ec8eeaSjose borrego smb_request_cancel(sr);
920da6c28aaSamw
921c8ec8eeaSjose borrego sr = smb_slist_next(&session->s_req_list, sr);
922da6c28aaSamw }
923c8ec8eeaSjose borrego
924da6c28aaSamw smb_slist_exit(&session->s_req_list);
925da6c28aaSamw }
926da6c28aaSamw
927b89a8333Snatalie li - Sun Microsystems - Irvine United States /*
92812b65585SGordon Ross * Find a user on the specified session by SMB UID.
929b89a8333Snatalie li - Sun Microsystems - Irvine United States */
930b89a8333Snatalie li - Sun Microsystems - Irvine United States smb_user_t *
smb_session_lookup_uid(smb_session_t * session,uint16_t uid)93112b65585SGordon Ross smb_session_lookup_uid(smb_session_t *session, uint16_t uid)
932b89a8333Snatalie li - Sun Microsystems - Irvine United States {
933811599a4SMatt Barden return (smb_session_lookup_uid_st(session, 0, uid,
934811599a4SMatt Barden SMB_USER_STATE_LOGGED_ON));
935811599a4SMatt Barden }
936811599a4SMatt Barden
937811599a4SMatt Barden /*
938811599a4SMatt Barden * Find a user on the specified session by SMB2 SSNID.
939811599a4SMatt Barden */
940811599a4SMatt Barden smb_user_t *
smb_session_lookup_ssnid(smb_session_t * session,uint64_t ssnid)941811599a4SMatt Barden smb_session_lookup_ssnid(smb_session_t *session, uint64_t ssnid)
942811599a4SMatt Barden {
943811599a4SMatt Barden return (smb_session_lookup_uid_st(session, ssnid, 0,
94412b65585SGordon Ross SMB_USER_STATE_LOGGED_ON));
945b89a8333Snatalie li - Sun Microsystems - Irvine United States }
946b89a8333Snatalie li - Sun Microsystems - Irvine United States
9479fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_user_t *
smb_session_lookup_uid_st(smb_session_t * session,uint64_t ssnid,uint16_t uid,smb_user_state_t st)948811599a4SMatt Barden smb_session_lookup_uid_st(smb_session_t *session, uint64_t ssnid,
949811599a4SMatt Barden uint16_t uid, smb_user_state_t st)
9509fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States {
9519fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_user_t *user;
9529fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_llist_t *user_list;
9539fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
9549fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States SMB_SESSION_VALID(session);
9559fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
9569fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States user_list = &session->s_user_list;
9579fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_llist_enter(user_list, RW_READER);
9589fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
959811599a4SMatt Barden for (user = smb_llist_head(user_list);
960811599a4SMatt Barden user != NULL;
961811599a4SMatt Barden user = smb_llist_next(user_list, user)) {
962811599a4SMatt Barden
9639fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States SMB_USER_VALID(user);
9649fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States ASSERT(user->u_session == session);
9659fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
966811599a4SMatt Barden if (user->u_ssnid != ssnid && user->u_uid != uid)
967811599a4SMatt Barden continue;
968811599a4SMatt Barden
969811599a4SMatt Barden mutex_enter(&user->u_mutex);
970811599a4SMatt Barden if (user->u_state == st) {
971811599a4SMatt Barden // smb_user_hold_internal(user);
972811599a4SMatt Barden user->u_refcnt++;
973811599a4SMatt Barden mutex_exit(&user->u_mutex);
97412b65585SGordon Ross break;
9759fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States }
976811599a4SMatt Barden mutex_exit(&user->u_mutex);
9779fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States }
9789fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
9799fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_llist_exit(user_list);
98012b65585SGordon Ross return (user);
9819fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States }
9829fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
9839fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States /*
9843b13a1efSThomas Keiser * Find a tree by tree-id.
9859fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States */
9863b13a1efSThomas Keiser smb_tree_t *
smb_session_lookup_tree(smb_session_t * session,uint16_t tid)9873b13a1efSThomas Keiser smb_session_lookup_tree(
9883b13a1efSThomas Keiser smb_session_t *session,
9893b13a1efSThomas Keiser uint16_t tid)
9909fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States {
9913b13a1efSThomas Keiser smb_tree_t *tree;
9929fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
9939fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States SMB_SESSION_VALID(session);
9949fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
9953b13a1efSThomas Keiser smb_llist_enter(&session->s_tree_list, RW_READER);
9963b13a1efSThomas Keiser tree = smb_llist_head(&session->s_tree_list);
9979fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
9983b13a1efSThomas Keiser while (tree) {
9993b13a1efSThomas Keiser ASSERT3U(tree->t_magic, ==, SMB_TREE_MAGIC);
10003b13a1efSThomas Keiser ASSERT(tree->t_session == session);
10019fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
10023b13a1efSThomas Keiser if (tree->t_tid == tid) {
10033b13a1efSThomas Keiser if (smb_tree_hold(tree)) {
10043b13a1efSThomas Keiser smb_llist_exit(&session->s_tree_list);
10053b13a1efSThomas Keiser return (tree);
10063b13a1efSThomas Keiser } else {
10073b13a1efSThomas Keiser smb_llist_exit(&session->s_tree_list);
10083b13a1efSThomas Keiser return (NULL);
10093b13a1efSThomas Keiser }
10109fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States }
10119fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
10123b13a1efSThomas Keiser tree = smb_llist_next(&session->s_tree_list, tree);
10139fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States }
10149fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
10153b13a1efSThomas Keiser smb_llist_exit(&session->s_tree_list);
10163b13a1efSThomas Keiser return (NULL);
10173b13a1efSThomas Keiser }
10183b13a1efSThomas Keiser
10193b13a1efSThomas Keiser /*
10203b13a1efSThomas Keiser * Disconnect all trees that match the specified client process-id.
10218d94f651SGordon Ross * Used by the SMB1 "process exit" request.
10223b13a1efSThomas Keiser */
10233b13a1efSThomas Keiser void
smb_session_close_pid(smb_session_t * session,uint32_t pid)10243b13a1efSThomas Keiser smb_session_close_pid(
10253b13a1efSThomas Keiser smb_session_t *session,
1026a90cf9f2SGordon Ross uint32_t pid)
10273b13a1efSThomas Keiser {
10288d94f651SGordon Ross smb_llist_t *tree_list = &session->s_tree_list;
10293b13a1efSThomas Keiser smb_tree_t *tree;
10303b13a1efSThomas Keiser
10318d94f651SGordon Ross smb_llist_enter(tree_list, RW_READER);
10323b13a1efSThomas Keiser
10338d94f651SGordon Ross tree = smb_llist_head(tree_list);
10343b13a1efSThomas Keiser while (tree) {
10358d94f651SGordon Ross if (smb_tree_hold(tree)) {
10368d94f651SGordon Ross smb_tree_close_pid(tree, pid);
10378d94f651SGordon Ross smb_tree_release(tree);
10388d94f651SGordon Ross }
10398d94f651SGordon Ross tree = smb_llist_next(tree_list, tree);
10403b13a1efSThomas Keiser }
10418d94f651SGordon Ross
10428d94f651SGordon Ross smb_llist_exit(tree_list);
10433b13a1efSThomas Keiser }
10443b13a1efSThomas Keiser
10453b13a1efSThomas Keiser static void
smb_session_tree_dtor(void * arg)10468d94f651SGordon Ross smb_session_tree_dtor(void *arg)
10473b13a1efSThomas Keiser {
10488d94f651SGordon Ross smb_tree_t *tree = arg;
10493b13a1efSThomas Keiser
10503b13a1efSThomas Keiser smb_tree_disconnect(tree, B_TRUE);
10513b13a1efSThomas Keiser /* release the ref acquired during the traversal loop */
10523b13a1efSThomas Keiser smb_tree_release(tree);
10539fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States }
10549fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
10553b13a1efSThomas Keiser
10569fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States /*
10573b13a1efSThomas Keiser * Disconnect all trees that this user has connected.
10589fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States */
10599fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States void
smb_session_disconnect_owned_trees(smb_session_t * session,smb_user_t * owner)10603b13a1efSThomas Keiser smb_session_disconnect_owned_trees(
10613b13a1efSThomas Keiser smb_session_t *session,
10623b13a1efSThomas Keiser smb_user_t *owner)
10633b13a1efSThomas Keiser {
10643b13a1efSThomas Keiser smb_tree_t *tree;
10653b13a1efSThomas Keiser smb_llist_t *tree_list = &session->s_tree_list;
10663b13a1efSThomas Keiser
10673b13a1efSThomas Keiser SMB_SESSION_VALID(session);
10683b13a1efSThomas Keiser SMB_USER_VALID(owner);
10693b13a1efSThomas Keiser
10703b13a1efSThomas Keiser smb_llist_enter(tree_list, RW_READER);
10713b13a1efSThomas Keiser
10723b13a1efSThomas Keiser tree = smb_llist_head(tree_list);
10733b13a1efSThomas Keiser while (tree) {
10743b13a1efSThomas Keiser if ((tree->t_owner == owner) &&
10753b13a1efSThomas Keiser smb_tree_hold(tree)) {
10763b13a1efSThomas Keiser /*
10773b13a1efSThomas Keiser * smb_tree_hold() succeeded, hence we are in state
10783b13a1efSThomas Keiser * SMB_TREE_STATE_CONNECTED; schedule this tree
1079811599a4SMatt Barden * for disconnect after smb_llist_exit because
1080811599a4SMatt Barden * the "unmap exec" up-call can block, and we'd
1081811599a4SMatt Barden * rather not block with the tree list locked.
10823b13a1efSThomas Keiser */
10833b13a1efSThomas Keiser smb_llist_post(tree_list, tree, smb_session_tree_dtor);
10843b13a1efSThomas Keiser }
10853b13a1efSThomas Keiser tree = smb_llist_next(tree_list, tree);
10863b13a1efSThomas Keiser }
10873b13a1efSThomas Keiser
10883b13a1efSThomas Keiser /* drop the lock and flush the dtor queue */
10893b13a1efSThomas Keiser smb_llist_exit(tree_list);
10903b13a1efSThomas Keiser }
10913b13a1efSThomas Keiser
10923b13a1efSThomas Keiser /*
10933b13a1efSThomas Keiser * Disconnect all trees that this user has connected.
10943b13a1efSThomas Keiser */
1095811599a4SMatt Barden static void
smb_session_disconnect_trees(smb_session_t * session)10963b13a1efSThomas Keiser smb_session_disconnect_trees(
10973b13a1efSThomas Keiser smb_session_t *session)
10983b13a1efSThomas Keiser {
10998d94f651SGordon Ross smb_llist_t *tree_list = &session->s_tree_list;
11008d94f651SGordon Ross smb_tree_t *tree;
11013b13a1efSThomas Keiser
11028d94f651SGordon Ross smb_llist_enter(tree_list, RW_READER);
11033b13a1efSThomas Keiser
11048d94f651SGordon Ross tree = smb_llist_head(tree_list);
11053b13a1efSThomas Keiser while (tree) {
11068d94f651SGordon Ross if (smb_tree_hold(tree)) {
11078d94f651SGordon Ross smb_llist_post(tree_list, tree,
11088d94f651SGordon Ross smb_session_tree_dtor);
11098d94f651SGordon Ross }
11108d94f651SGordon Ross tree = smb_llist_next(tree_list, tree);
11113b13a1efSThomas Keiser }
11128d94f651SGordon Ross
11138d94f651SGordon Ross /* drop the lock and flush the dtor queue */
11148d94f651SGordon Ross smb_llist_exit(tree_list);
11153b13a1efSThomas Keiser }
11163b13a1efSThomas Keiser
11173b13a1efSThomas Keiser /*
11188d94f651SGordon Ross * Variant of smb_session_tree_dtor that also
11198d94f651SGordon Ross * cancels requests using this tree.
11203b13a1efSThomas Keiser */
11218d94f651SGordon Ross static void
smb_session_tree_kill(void * arg)11228d94f651SGordon Ross smb_session_tree_kill(void *arg)
11233b13a1efSThomas Keiser {
11248d94f651SGordon Ross smb_tree_t *tree = arg;
11253b13a1efSThomas Keiser
11268d94f651SGordon Ross SMB_TREE_VALID(tree);
11273b13a1efSThomas Keiser
11288d94f651SGordon Ross smb_tree_disconnect(tree, B_TRUE);
11298d94f651SGordon Ross smb_session_cancel_requests(tree->t_session, tree, NULL);
11308d94f651SGordon Ross
11318d94f651SGordon Ross /* release the ref acquired during the traversal loop */
11328d94f651SGordon Ross smb_tree_release(tree);
11333b13a1efSThomas Keiser }
11343b13a1efSThomas Keiser
11353b13a1efSThomas Keiser /*
11368d94f651SGordon Ross * Disconnect all trees that match the specified share name,
11378d94f651SGordon Ross * and kill requests using those trees.
11383b13a1efSThomas Keiser */
11398d94f651SGordon Ross void
smb_session_disconnect_share(smb_session_t * session,const char * sharename)11408d94f651SGordon Ross smb_session_disconnect_share(
11413b13a1efSThomas Keiser smb_session_t *session,
11428d94f651SGordon Ross const char *sharename)
11433b13a1efSThomas Keiser {
11448d94f651SGordon Ross smb_llist_t *ll;
11458d94f651SGordon Ross smb_tree_t *tree;
11463b13a1efSThomas Keiser
11473b13a1efSThomas Keiser SMB_SESSION_VALID(session);
11483b13a1efSThomas Keiser
11498d94f651SGordon Ross ll = &session->s_tree_list;
11508d94f651SGordon Ross smb_llist_enter(ll, RW_READER);
11513b13a1efSThomas Keiser
11528d94f651SGordon Ross for (tree = smb_llist_head(ll);
11538d94f651SGordon Ross tree != NULL;
11548d94f651SGordon Ross tree = smb_llist_next(ll, tree)) {
11553b13a1efSThomas Keiser
11568d94f651SGordon Ross SMB_TREE_VALID(tree);
11578d94f651SGordon Ross ASSERT(tree->t_session == session);
11583b13a1efSThomas Keiser
11598d94f651SGordon Ross if (smb_strcasecmp(tree->t_sharename, sharename, 0) != 0)
11608d94f651SGordon Ross continue;
11618d94f651SGordon Ross
11628d94f651SGordon Ross if (smb_tree_hold(tree)) {
11638d94f651SGordon Ross smb_llist_post(ll, tree,
11648d94f651SGordon Ross smb_session_tree_kill);
11658d94f651SGordon Ross }
11663b13a1efSThomas Keiser }
11673b13a1efSThomas Keiser
11688d94f651SGordon Ross smb_llist_exit(ll);
11693b13a1efSThomas Keiser }
11703b13a1efSThomas Keiser
117186184067SGordon Ross int smb_session_logoff_maxwait = 5; /* seconds */
11727f5d80fdSGordon Ross
11733b13a1efSThomas Keiser /*
11743b13a1efSThomas Keiser * Logoff all users associated with the specified session.
1175811599a4SMatt Barden *
1176811599a4SMatt Barden * This is called for both server-initiated disconnect
1177811599a4SMatt Barden * (SMB_SESSION_STATE_TERMINATED) and client-initiated
1178811599a4SMatt Barden * disconnect (SMB_SESSION_STATE_DISCONNECTED).
1179811599a4SMatt Barden * If client-initiated, save durable handles.
118086184067SGordon Ross * All requests on this session have finished.
11813b13a1efSThomas Keiser */
11828d94f651SGordon Ross void
smb_session_logoff(smb_session_t * session)11833b13a1efSThomas Keiser smb_session_logoff(smb_session_t *session)
11849fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States {
1185811599a4SMatt Barden smb_llist_t *ulist;
11869fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_user_t *user;
11877f5d80fdSGordon Ross int count;
118886184067SGordon Ross int timeleft = SEC_TO_TICK(smb_session_logoff_maxwait);
11899fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
11909fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States SMB_SESSION_VALID(session);
11919fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
1192811599a4SMatt Barden top:
1193811599a4SMatt Barden ulist = &session->s_user_list;
1194811599a4SMatt Barden smb_llist_enter(ulist, RW_READER);
11959fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
1196811599a4SMatt Barden user = smb_llist_head(ulist);
11979fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States while (user) {
11989fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States SMB_USER_VALID(user);
11999fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States ASSERT(user->u_session == session);
12009fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
1201811599a4SMatt Barden mutex_enter(&user->u_mutex);
120212b65585SGordon Ross switch (user->u_state) {
120312b65585SGordon Ross case SMB_USER_STATE_LOGGING_ON:
120412b65585SGordon Ross case SMB_USER_STATE_LOGGED_ON:
1205811599a4SMatt Barden // smb_user_hold_internal(user);
1206811599a4SMatt Barden user->u_refcnt++;
1207811599a4SMatt Barden mutex_exit(&user->u_mutex);
12083b13a1efSThomas Keiser smb_user_logoff(user);
12099fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States smb_user_release(user);
121012b65585SGordon Ross break;
121112b65585SGordon Ross
121212b65585SGordon Ross case SMB_USER_STATE_LOGGED_OFF:
121312b65585SGordon Ross case SMB_USER_STATE_LOGGING_OFF:
1214811599a4SMatt Barden mutex_exit(&user->u_mutex);
121512b65585SGordon Ross break;
121612b65585SGordon Ross
121712b65585SGordon Ross default:
1218811599a4SMatt Barden mutex_exit(&user->u_mutex);
1219817fa55fSGordon Ross ASSERT(0);
122012b65585SGordon Ross break;
12219fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States }
12229fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
1223811599a4SMatt Barden user = smb_llist_next(ulist, user);
1224811599a4SMatt Barden }
1225811599a4SMatt Barden
12267f5d80fdSGordon Ross count = smb_llist_get_count(ulist);
1227811599a4SMatt Barden
12287f5d80fdSGordon Ross /* drop the lock and flush the dtor queue */
1229811599a4SMatt Barden smb_llist_exit(ulist);
1230811599a4SMatt Barden
1231811599a4SMatt Barden /*
12327f5d80fdSGordon Ross * Wait (briefly) for user objects to go away.
12337f5d80fdSGordon Ross * They might linger, eg. if some ofile ref has been
12347f5d80fdSGordon Ross * forgotten, which holds, a tree and a user.
12357f5d80fdSGordon Ross * See smb_session_destroy.
1236811599a4SMatt Barden */
12377f5d80fdSGordon Ross if (count == 0) {
1238811599a4SMatt Barden /* User list is empty. */
1239811599a4SMatt Barden smb_rwx_rwenter(&session->s_lock, RW_WRITER);
1240811599a4SMatt Barden session->s_state = SMB_SESSION_STATE_SHUTDOWN;
1241811599a4SMatt Barden smb_rwx_rwexit(&session->s_lock);
1242811599a4SMatt Barden } else {
1243811599a4SMatt Barden smb_rwx_rwenter(&session->s_lock, RW_READER);
12447f5d80fdSGordon Ross if (session->s_state != SMB_SESSION_STATE_SHUTDOWN &&
12457f5d80fdSGordon Ross timeleft > 0) {
12467f5d80fdSGordon Ross /* May be signaled in smb_user_delete */
1247811599a4SMatt Barden (void) smb_rwx_cvwait(&session->s_lock,
1248811599a4SMatt Barden MSEC_TO_TICK(200));
12497f5d80fdSGordon Ross timeleft -= 200;
1250811599a4SMatt Barden smb_rwx_rwexit(&session->s_lock);
1251811599a4SMatt Barden goto top;
1252811599a4SMatt Barden }
1253811599a4SMatt Barden smb_rwx_rwexit(&session->s_lock);
1254811599a4SMatt Barden
125586184067SGordon Ross cmn_err(CE_NOTE, "!session logoff waited %d seconds"
125686184067SGordon Ross " with %d logons remaining",
125786184067SGordon Ross smb_session_logoff_maxwait, count);
125886184067SGordon Ross DTRACE_PROBE1(max__wait, smb_session_t *, session);
125986184067SGordon Ross }
12609fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
1261811599a4SMatt Barden /*
126286184067SGordon Ross * User list should be empty now, but might not be if we
126386184067SGordon Ross * timed out waiting for smb_user objects to go away.
126486184067SGordon Ross * Checked in smb_server_destroy_session
126586184067SGordon Ross *
1266811599a4SMatt Barden * User logoff happens first so we'll set preserve_opens
1267811599a4SMatt Barden * for client-initiated disconnect. When that's done
1268811599a4SMatt Barden * there should be no trees left, but check anyway.
1269811599a4SMatt Barden */
1270811599a4SMatt Barden smb_session_disconnect_trees(session);
12719fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States }
12729fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
12731fcced4cSJordan Brown /*
12741fcced4cSJordan Brown * Copy the session workstation/client name to buf. If the workstation
12751fcced4cSJordan Brown * is an empty string (which it will be on TCP connections), use the
12761fcced4cSJordan Brown * client IP address.
12771fcced4cSJordan Brown */
12781fcced4cSJordan Brown void
smb_session_getclient(smb_session_t * sn,char * buf,size_t buflen)12791fcced4cSJordan Brown smb_session_getclient(smb_session_t *sn, char *buf, size_t buflen)
12801fcced4cSJordan Brown {
12811fcced4cSJordan Brown
12821fcced4cSJordan Brown *buf = '\0';
12831fcced4cSJordan Brown
12841fcced4cSJordan Brown if (sn->workstation[0] != '\0') {
12851fcced4cSJordan Brown (void) strlcpy(buf, sn->workstation, buflen);
12861fcced4cSJordan Brown return;
12871fcced4cSJordan Brown }
12881fcced4cSJordan Brown
128949b5df1eSGordon Ross (void) strlcpy(buf, sn->ip_addr_str, buflen);
12901fcced4cSJordan Brown }
12911fcced4cSJordan Brown
12921fcced4cSJordan Brown /*
12931fcced4cSJordan Brown * Check whether or not the specified client name is the client of this
12941fcced4cSJordan Brown * session. The name may be in UNC format (\\CLIENT).
12951fcced4cSJordan Brown *
12961fcced4cSJordan Brown * A workstation/client name is setup on NBT connections as part of the
12971fcced4cSJordan Brown * NetBIOS session request but that isn't available on TCP connections.
12981fcced4cSJordan Brown * If the session doesn't have a client name we typically return the
12991fcced4cSJordan Brown * client IP address as the workstation name on MSRPC requests. So we
13001fcced4cSJordan Brown * check for the IP address here in addition to the workstation name.
13011fcced4cSJordan Brown */
13021fcced4cSJordan Brown boolean_t
smb_session_isclient(smb_session_t * sn,const char * client)13031fcced4cSJordan Brown smb_session_isclient(smb_session_t *sn, const char *client)
13041fcced4cSJordan Brown {
13051fcced4cSJordan Brown
13061fcced4cSJordan Brown client += strspn(client, "\\");
13071fcced4cSJordan Brown
1308bbf6f00cSJordan Brown if (smb_strcasecmp(client, sn->workstation, 0) == 0)
13091fcced4cSJordan Brown return (B_TRUE);
13101fcced4cSJordan Brown
131149b5df1eSGordon Ross if (smb_strcasecmp(client, sn->ip_addr_str, 0) == 0)
13121fcced4cSJordan Brown return (B_TRUE);
13131fcced4cSJordan Brown
13141fcced4cSJordan Brown return (B_FALSE);
13151fcced4cSJordan Brown }
13161fcced4cSJordan Brown
1317faa1795aSjb /*
1318faa1795aSjb * smb_request_alloc
1319faa1795aSjb *
1320faa1795aSjb * Allocate an smb_request_t structure from the kmem_cache. Partially
1321faa1795aSjb * initialize the found/new request.
1322faa1795aSjb *
13239c856e86SMatt Barden * Returns pointer to a request, or NULL if the session state is
13249c856e86SMatt Barden * one in which new requests are no longer allowed.
1325faa1795aSjb */
1326faa1795aSjb smb_request_t *
smb_request_alloc(smb_session_t * session,int req_length)1327faa1795aSjb smb_request_alloc(smb_session_t *session, int req_length)
1328faa1795aSjb {
1329faa1795aSjb smb_request_t *sr;
1330faa1795aSjb
1331faa1795aSjb ASSERT(session->s_magic == SMB_SESSION_MAGIC);
1332a90cf9f2SGordon Ross ASSERT(req_length <= session->cmd_max_bytes);
1333faa1795aSjb
13348622ec45SGordon Ross sr = kmem_cache_alloc(smb_cache_request, KM_SLEEP);
1335faa1795aSjb
1336faa1795aSjb /*
1337faa1795aSjb * Future: Use constructor to pre-initialize some fields. For now
1338faa1795aSjb * there are so many fields that it is easiest just to zero the
1339faa1795aSjb * whole thing and start over.
1340faa1795aSjb */
1341faa1795aSjb bzero(sr, sizeof (smb_request_t));
1342faa1795aSjb
1343faa1795aSjb mutex_init(&sr->sr_mutex, NULL, MUTEX_DEFAULT, NULL);
1344*66b505f1SGordon Ross cv_init(&sr->sr_st_cv, NULL, CV_DEFAULT, NULL);
1345bbf6f00cSJordan Brown smb_srm_init(sr);
1346faa1795aSjb sr->session = session;
1347faa1795aSjb sr->sr_server = session->s_server;
1348faa1795aSjb sr->sr_gmtoff = session->s_server->si_gmtoff;
1349faa1795aSjb sr->sr_cfg = &session->s_cfg;
1350a90cf9f2SGordon Ross sr->reply.max_bytes = session->reply_max_bytes;
1351897907ceSGordon Ross
1352faa1795aSjb sr->sr_magic = SMB_REQ_MAGIC;
1353faa1795aSjb sr->sr_state = SMB_REQ_STATE_INITIALIZING;
13549c856e86SMatt Barden
13559c856e86SMatt Barden /*
13569c856e86SMatt Barden * Only allow new SMB requests in some states.
13579c856e86SMatt Barden */
13589c856e86SMatt Barden smb_rwx_rwenter(&session->s_lock, RW_WRITER);
13599c856e86SMatt Barden switch (session->s_state) {
13609c856e86SMatt Barden case SMB_SESSION_STATE_CONNECTED:
13619c856e86SMatt Barden case SMB_SESSION_STATE_INITIALIZED:
13629c856e86SMatt Barden case SMB_SESSION_STATE_ESTABLISHED:
13639c856e86SMatt Barden case SMB_SESSION_STATE_NEGOTIATED:
13649c856e86SMatt Barden smb_slist_insert_tail(&session->s_req_list, sr);
13659c856e86SMatt Barden break;
13669c856e86SMatt Barden
13679c856e86SMatt Barden default:
13689c856e86SMatt Barden ASSERT(0);
13699c856e86SMatt Barden /* FALLTHROUGH */
13709c856e86SMatt Barden case SMB_SESSION_STATE_DISCONNECTED:
1371811599a4SMatt Barden case SMB_SESSION_STATE_SHUTDOWN:
13729c856e86SMatt Barden case SMB_SESSION_STATE_TERMINATED:
13739c856e86SMatt Barden /* Disallow new requests in these states. */
13749c856e86SMatt Barden sr->session = NULL;
13759c856e86SMatt Barden sr->sr_magic = 0;
1376*66b505f1SGordon Ross cv_destroy(&sr->sr_st_cv);
13779c856e86SMatt Barden mutex_destroy(&sr->sr_mutex);
13789c856e86SMatt Barden kmem_cache_free(smb_cache_request, sr);
13799c856e86SMatt Barden sr = NULL;
13809c856e86SMatt Barden break;
13819c856e86SMatt Barden }
13829c856e86SMatt Barden smb_rwx_rwexit(&session->s_lock);
13839c856e86SMatt Barden
1384faa1795aSjb return (sr);
1385faa1795aSjb }
1386faa1795aSjb
1387faa1795aSjb /*
1388faa1795aSjb * smb_request_free
1389faa1795aSjb *
1390faa1795aSjb * release the memories which have been allocated for a smb request.
1391faa1795aSjb */
1392faa1795aSjb void
smb_request_free(smb_request_t * sr)1393faa1795aSjb smb_request_free(smb_request_t *sr)
1394faa1795aSjb {
1395faa1795aSjb ASSERT(sr->sr_magic == SMB_REQ_MAGIC);
1396faa1795aSjb ASSERT(sr->session);
1397faa1795aSjb ASSERT(sr->r_xa == NULL);
1398faa1795aSjb
1399cb174861Sjoyce mcintosh if (sr->fid_ofile != NULL) {
14002c2961f8Sjose borrego smb_ofile_release(sr->fid_ofile);
1401cb174861Sjoyce mcintosh }
14022c2961f8Sjose borrego
14032c2961f8Sjose borrego if (sr->tid_tree != NULL)
1404faa1795aSjb smb_tree_release(sr->tid_tree);
1405faa1795aSjb
14062c2961f8Sjose borrego if (sr->uid_user != NULL)
1407faa1795aSjb smb_user_release(sr->uid_user);
1408faa1795aSjb
14094f0ce1daSGordon Ross if (sr->th_sid_user != NULL)
14104f0ce1daSGordon Ross smb_user_release(sr->th_sid_user);
14111160dcf7SMatt Barden
14128f70e16bSGordon Ross /*
14138f70e16bSGordon Ross * The above may have left work on the delete queues
14148f70e16bSGordon Ross */
14158f70e16bSGordon Ross smb_llist_flush(&sr->session->s_tree_list);
14168f70e16bSGordon Ross smb_llist_flush(&sr->session->s_user_list);
14178f70e16bSGordon Ross
1418faa1795aSjb smb_slist_remove(&sr->session->s_req_list, sr);
1419faa1795aSjb
1420faa1795aSjb sr->session = NULL;
1421faa1795aSjb
1422bbf6f00cSJordan Brown smb_srm_fini(sr);
1423faa1795aSjb
1424faa1795aSjb if (sr->command.chain)
1425faa1795aSjb m_freem(sr->command.chain);
1426faa1795aSjb if (sr->reply.chain)
1427faa1795aSjb m_freem(sr->reply.chain);
1428faa1795aSjb if (sr->raw_data.chain)
1429faa1795aSjb m_freem(sr->raw_data.chain);
1430faa1795aSjb
1431faa1795aSjb sr->sr_magic = 0;
1432faa1795aSjb mutex_destroy(&sr->sr_mutex);
14338622ec45SGordon Ross kmem_cache_free(smb_cache_request, sr);
1434da6c28aaSamw }
14357f667e74Sjose borrego
14362c2961f8Sjose borrego boolean_t
smb_session_oplocks_enable(smb_session_t * session)14372c2961f8Sjose borrego smb_session_oplocks_enable(smb_session_t *session)
14382c2961f8Sjose borrego {
14392c2961f8Sjose borrego SMB_SESSION_VALID(session);
14402c2961f8Sjose borrego if (session->s_cfg.skc_oplock_enable == 0)
14412c2961f8Sjose borrego return (B_FALSE);
14422c2961f8Sjose borrego else
14432c2961f8Sjose borrego return (B_TRUE);
14442c2961f8Sjose borrego }
14452c2961f8Sjose borrego
1446cb174861Sjoyce mcintosh boolean_t
smb_session_levelII_oplocks(smb_session_t * session)1447cb174861Sjoyce mcintosh smb_session_levelII_oplocks(smb_session_t *session)
1448cb174861Sjoyce mcintosh {
1449cb174861Sjoyce mcintosh SMB_SESSION_VALID(session);
1450a90cf9f2SGordon Ross
1451a90cf9f2SGordon Ross /* Older clients only do Level II oplocks if negotiated. */
1452a90cf9f2SGordon Ross if ((session->capabilities & CAP_LEVEL_II_OPLOCKS) != 0)
1453a90cf9f2SGordon Ross return (B_TRUE);
1454a90cf9f2SGordon Ross
1455a90cf9f2SGordon Ross return (B_FALSE);
1456cb174861Sjoyce mcintosh }
1457cb174861Sjoyce mcintosh
1458f9bc6dadSDmitry.Savitsky@nexenta.com static void
smb_session_genkey(smb_session_t * session)1459f9bc6dadSDmitry.Savitsky@nexenta.com smb_session_genkey(smb_session_t *session)
1460f9bc6dadSDmitry.Savitsky@nexenta.com {
1461f9bc6dadSDmitry.Savitsky@nexenta.com uint8_t tmp_key[SMB_CHALLENGE_SZ];
1462f9bc6dadSDmitry.Savitsky@nexenta.com
1463f9bc6dadSDmitry.Savitsky@nexenta.com (void) random_get_pseudo_bytes(tmp_key, SMB_CHALLENGE_SZ);
1464f9bc6dadSDmitry.Savitsky@nexenta.com bcopy(tmp_key, &session->challenge_key, SMB_CHALLENGE_SZ);
1465f9bc6dadSDmitry.Savitsky@nexenta.com session->challenge_len = SMB_CHALLENGE_SZ;
1466f9bc6dadSDmitry.Savitsky@nexenta.com
1467f9bc6dadSDmitry.Savitsky@nexenta.com (void) random_get_pseudo_bytes(tmp_key, 4);
1468f9bc6dadSDmitry.Savitsky@nexenta.com session->sesskey = tmp_key[0] | tmp_key[1] << 8 |
1469f9bc6dadSDmitry.Savitsky@nexenta.com tmp_key[2] << 16 | tmp_key[3] << 24;
1470f9bc6dadSDmitry.Savitsky@nexenta.com }
1471