1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright 2019 Nexenta by DDN, Inc. All rights reserved.
24 */
25
26/*
27 * Structures and type definitions for the SMB module.
28 */
29
30#ifndef _SMBSRV_SMB_KTYPES_H
31#define	_SMBSRV_SMB_KTYPES_H
32
33#ifdef	__cplusplus
34extern "C" {
35#endif
36
37#include <sys/note.h>
38#include <sys/systm.h>
39#include <sys/param.h>
40#include <sys/types.h>
41#include <sys/synch.h>
42#include <sys/taskq.h>
43#include <sys/socket.h>
44#include <sys/acl.h>
45#include <sys/sdt.h>
46#include <sys/stat.h>
47#include <sys/vnode.h>
48#include <sys/cred.h>
49#include <netinet/in.h>
50#include <sys/ksocket.h>
51#include <sys/fem.h>
52#include <smbsrv/smb.h>
53#include <smbsrv/smb2.h>
54#include <smbsrv/smbinfo.h>
55#include <smbsrv/mbuf.h>
56#include <smbsrv/smb_sid.h>
57#include <smbsrv/smb_xdr.h>
58#include <smbsrv/netbios.h>
59#include <smbsrv/smb_vops.h>
60#include <smbsrv/smb_kstat.h>
61
62struct __door_handle;	/* <sys/door.h> */
63struct edirent;		/* <sys/extdirent.h> */
64struct nvlist;
65
66struct smb_disp_entry;
67struct smb_request;
68struct smb_server;
69struct smb_event;
70struct smb_export;
71
72/*
73 * Accumulated time and queue length statistics.
74 *
75 * Accumulated time statistics are kept as a running sum of "active" time.
76 * Queue length statistics are kept as a running sum of the product of queue
77 * length and elapsed time at that length -- i.e., a Riemann sum for queue
78 * length integrated against time.  (You can also think of the active time as a
79 * Riemann sum, for the boolean function (queue_length > 0) integrated against
80 * time, or you can think of it as the Lebesgue measure of the set on which
81 * queue_length > 0.)
82 *
83 *		^
84 *		|			_________
85 *		8			| i4	|
86 *		|			|	|
87 *	Queue	6			|	|
88 *	Length	|	_________	|	|
89 *		4	| i2	|_______|	|
90 *		|	|	    i3		|
91 *		2_______|			|
92 *		|    i1				|
93 *		|_______________________________|
94 *		Time->	t1	t2	t3	t4
95 *
96 * At each change of state (entry or exit from the queue), we add the elapsed
97 * time (since the previous state change) to the active time if the queue length
98 * was non-zero during that interval; and we add the product of the elapsed time
99 * times the queue length to the running length*time sum.
100 *
101 * This method is generalizable to measuring residency in any defined system:
102 * instead of queue lengths, think of "outstanding RPC calls to server X".
103 *
104 * A large number of I/O subsystems have at least two basic "lists" of
105 * transactions they manage: one for transactions that have been accepted for
106 * processing but for which processing has yet to begin, and one for
107 * transactions which are actively being processed (but not done). For this
108 * reason, two cumulative time statistics are defined here: wait (pre-service)
109 * time, and run (service) time.
110 *
111 * All times are 64-bit nanoseconds (hrtime_t), as returned by gethrtime().
112 *
113 * The units of cumulative busy time are accumulated nanoseconds. The units of
114 * cumulative length*time products are elapsed time times queue length.
115 *
116 * Updates to the fields below are performed implicitly by calls to
117 * these functions:
118 *
119 *	smb_srqueue_init()
120 *	smb_srqueue_destroy()
121 *	smb_srqueue_waitq_enter()
122 *	smb_srqueue_runq_exit()
123 *	smb_srqueue_waitq_to_runq()
124 *	smb_srqueue_update()
125 *
126 * These fields should never be updated by any other means.
127 */
128typedef struct smb_srqueue {
129	kmutex_t	srq_mutex;
130	hrtime_t	srq_wlastupdate;
131	hrtime_t	srq_wtime;
132	hrtime_t	srq_wlentime;
133	hrtime_t	srq_rlastupdate;
134	hrtime_t	srq_rtime;
135	hrtime_t	srq_rlentime;
136	uint32_t	srq_wcnt;
137	uint32_t	srq_rcnt;
138} smb_srqueue_t;
139
140/*
141 * The fields with the prefix 'ly_a' contain the statistics collected since the
142 * server was last started ('a' for 'aggregated'). The fields with the prefix
143 * 'ly_d' contain the statistics collected since the last snapshot ('d' for
144 * 'delta').
145 */
146typedef struct smb_latency {
147	kmutex_t	ly_mutex;
148	uint64_t	ly_a_nreq;
149	hrtime_t	ly_a_sum;
150	hrtime_t	ly_a_mean;
151	hrtime_t	ly_a_stddev;
152	uint64_t	ly_d_nreq;
153	hrtime_t	ly_d_sum;
154	hrtime_t	ly_d_mean;
155	hrtime_t	ly_d_stddev;
156} smb_latency_t;
157
158typedef struct smb_disp_stats {
159	volatile uint64_t sdt_txb;
160	volatile uint64_t sdt_rxb;
161	smb_latency_t	sdt_lat;
162} smb_disp_stats_t;
163
164int smb_noop(void *, size_t, int);
165
166#define	SMB_AUDIT_STACK_DEPTH	16
167#define	SMB_AUDIT_BUF_MAX_REC	16
168#define	SMB_AUDIT_NODE		0x00000001
169
170/*
171 * Maximum number of records returned in SMBsearch, SMBfind
172 * and SMBfindunique response. Value set to 10 for compatibility
173 * with Windows.
174 */
175#define	SMB_MAX_SEARCH		10
176
177#define	SMB_SEARCH_ATTRIBUTES    \
178	(FILE_ATTRIBUTE_HIDDEN | \
179	FILE_ATTRIBUTE_SYSTEM |  \
180	FILE_ATTRIBUTE_DIRECTORY)
181
182#define	SMB_SEARCH_HIDDEN(sattr) ((sattr) & FILE_ATTRIBUTE_HIDDEN)
183#define	SMB_SEARCH_SYSTEM(sattr) ((sattr) & FILE_ATTRIBUTE_SYSTEM)
184#define	SMB_SEARCH_DIRECTORY(sattr) ((sattr) & FILE_ATTRIBUTE_DIRECTORY)
185#define	SMB_SEARCH_ALL(sattr) ((sattr) & SMB_SEARCH_ATTRIBUTES)
186
187typedef struct {
188	uint32_t		anr_refcnt;
189	int			anr_depth;
190	pc_t			anr_stack[SMB_AUDIT_STACK_DEPTH];
191} smb_audit_record_node_t;
192
193typedef struct {
194	int			anb_index;
195	int			anb_max_index;
196	smb_audit_record_node_t	anb_records[SMB_AUDIT_BUF_MAX_REC];
197} smb_audit_buf_node_t;
198
199/*
200 * Thread State Machine
201 * --------------------
202 *
203 *			    T5			   T0
204 * smb_thread_destroy()	<-------+		+------- smb_thread_init()
205 *                              |		|
206 *				|		v
207 *			+-----------------------------+
208 *			|   SMB_THREAD_STATE_EXITED   |<---+
209 *			+-----------------------------+	   |
210 *				      | T1		   |
211 *				      v			   |
212 *			+-----------------------------+	   |
213 *			|  SMB_THREAD_STATE_STARTING  |	   |
214 *			+-----------------------------+	   |
215 *				     | T2		   | T4
216 *				     v			   |
217 *			+-----------------------------+	   |
218 *			|  SMB_THREAD_STATE_RUNNING   |	   |
219 *			+-----------------------------+	   |
220 *				     | T3		   |
221 *				     v			   |
222 *			+-----------------------------+	   |
223 *			|  SMB_THREAD_STATE_EXITING   |----+
224 *			+-----------------------------+
225 *
226 * Transition T0
227 *
228 *    This transition is executed in smb_thread_init().
229 *
230 * Transition T1
231 *
232 *    This transition is executed in smb_thread_start().
233 *
234 * Transition T2
235 *
236 *    This transition is executed by the thread itself when it starts running.
237 *
238 * Transition T3
239 *
240 *    This transition is executed by the thread itself in
241 *    smb_thread_entry_point() just before calling thread_exit().
242 *
243 *
244 * Transition T4
245 *
246 *    This transition is executed in smb_thread_stop().
247 *
248 * Transition T5
249 *
250 *    This transition is executed in smb_thread_destroy().
251 */
252typedef enum smb_thread_state {
253	SMB_THREAD_STATE_STARTING = 0,
254	SMB_THREAD_STATE_RUNNING,
255	SMB_THREAD_STATE_EXITING,
256	SMB_THREAD_STATE_EXITED,
257	SMB_THREAD_STATE_FAILED
258} smb_thread_state_t;
259
260struct _smb_thread;
261
262typedef void (*smb_thread_ep_t)(struct _smb_thread *, void *ep_arg);
263
264#define	SMB_THREAD_MAGIC	0x534D4254	/* SMBT */
265
266typedef struct _smb_thread {
267	uint32_t		sth_magic;
268	char			sth_name[32];
269	smb_thread_state_t	sth_state;
270	kthread_t		*sth_th;
271	kt_did_t		sth_did;
272	smb_thread_ep_t		sth_ep;
273	void			*sth_ep_arg;
274	pri_t			sth_pri;
275	boolean_t		sth_kill;
276	kmutex_t		sth_mtx;
277	kcondvar_t		sth_cv;
278} smb_thread_t;
279
280/*
281 * Pool of IDs
282 * -----------
283 *
284 *    A pool of IDs is a pool of 16 bit numbers. It is implemented as a bitmap.
285 *    A bit set to '1' indicates that that particular value has been allocated.
286 *    The allocation process is done shifting a bit through the whole bitmap.
287 *    The current position of that index bit is kept in the smb_idpool_t
288 *    structure and represented by a byte index (0 to buffer size minus 1) and
289 *    a bit index (0 to 7).
290 *
291 *    The pools start with a size of 8 bytes or 64 IDs. Each time the pool runs
292 *    out of IDs its current size is doubled until it reaches its maximum size
293 *    (8192 bytes or 65536 IDs). The IDs 0 and 65535 are never given out which
294 *    means that a pool can have a maximum number of 65534 IDs available.
295 */
296#define	SMB_IDPOOL_MAGIC	0x4944504C	/* IDPL */
297#define	SMB_IDPOOL_MIN_SIZE	64	/* Number of IDs to begin with */
298#define	SMB_IDPOOL_MAX_SIZE	64 * 1024
299
300typedef struct smb_idpool {
301	uint32_t	id_magic;
302	kmutex_t	id_mutex;
303	uint8_t		*id_pool;
304	uint32_t	id_size;
305	uint32_t	id_maxsize;
306	uint8_t		id_bit;
307	uint8_t		id_bit_idx;
308	uint32_t	id_idx;
309	uint32_t	id_idx_msk;
310	uint32_t	id_free_counter;
311	uint32_t	id_max_free_counter;
312} smb_idpool_t;
313
314/*
315 * Maximum size of a Transport Data Unit when CAP_LARGE_READX and
316 * CAP_LARGE_WRITEX are not set.  CAP_LARGE_READX/CAP_LARGE_WRITEX
317 * allow the payload to exceed the negotiated buffer size.
318 *     4 --> NBT/TCP Transport Header.
319 *    32 --> SMB Header
320 *     1 --> Word Count byte
321 *   510 --> Maximum Number of bytes of the Word Table (2 * 255)
322 *     2 --> Byte count of the data
323 * 65535 --> Maximum size of the data
324 * -----
325 * 66084
326 */
327#define	SMB_REQ_MAX_SIZE	66560		/* 65KB */
328#define	SMB_XPRT_MAX_SIZE	(SMB_REQ_MAX_SIZE + NETBIOS_HDR_SZ)
329
330#define	SMB_TXREQ_MAGIC		0X54524251	/* 'TREQ' */
331typedef struct {
332	list_node_t	tr_lnd;
333	uint32_t	tr_magic;
334	int		tr_len;
335	uint8_t		tr_buf[SMB_XPRT_MAX_SIZE];
336} smb_txreq_t;
337
338#define	SMB_TXLST_MAGIC		0X544C5354	/* 'TLST' */
339typedef struct {
340	uint32_t	tl_magic;
341	kmutex_t	tl_mutex;
342	kcondvar_t	tl_wait_cv;
343	boolean_t	tl_active;
344} smb_txlst_t;
345
346/*
347 * Maximum buffer size for NT is 37KB.  If all clients are Windows 2000, this
348 * can be changed to 64KB.  37KB must be used with a mix of NT/Windows 2000
349 * clients because NT loses directory entries when values greater than 37KB are
350 * used.
351 *
352 * Note: NBT_MAXBUF will be subtracted from the specified max buffer size to
353 * account for the NBT header.
354 */
355#define	NBT_MAXBUF		8
356#define	SMB_NT_MAXBUF		(37 * 1024)
357
358#define	OUTBUFSIZE		(65 * 1024)
359#define	SMBHEADERSIZE		32
360#define	SMBND_HASH_MASK		(0xFF)
361#define	MAX_IOVEC		512
362#define	MAX_READREF		(8 * 1024)
363
364#define	SMB_WORKER_MIN		4
365#define	SMB_WORKER_DEFAULT	64
366#define	SMB_WORKER_MAX		1024
367
368/*
369 * Destructor object used in the locked-list delete queue.
370 */
371#define	SMB_DTOR_MAGIC		0x44544F52	/* DTOR */
372#define	SMB_DTOR_VALID(d)	\
373    ASSERT(((d) != NULL) && ((d)->dt_magic == SMB_DTOR_MAGIC))
374
375typedef void (*smb_dtorproc_t)(void *);
376
377typedef struct smb_dtor {
378	list_node_t	dt_lnd;
379	uint32_t	dt_magic;
380	void		*dt_object;
381	smb_dtorproc_t	dt_proc;
382} smb_dtor_t;
383
384typedef struct smb_llist {
385	krwlock_t	ll_lock;
386	list_t		ll_list;
387	uint32_t	ll_count;
388	uint64_t	ll_wrop;
389	kmutex_t	ll_mutex;
390	list_t		ll_deleteq;
391	uint32_t	ll_deleteq_count;
392	boolean_t	ll_flushing;
393} smb_llist_t;
394
395typedef struct smb_bucket {
396	smb_llist_t	b_list;
397	uint32_t	b_max_seen;
398} smb_bucket_t;
399
400typedef struct smb_hash {
401	uint32_t	rshift;
402	uint32_t	num_buckets;
403	smb_bucket_t	*buckets;
404} smb_hash_t;
405
406typedef struct smb_slist {
407	kmutex_t	sl_mutex;
408	kcondvar_t	sl_cv;
409	list_t		sl_list;
410	uint32_t	sl_count;
411	boolean_t	sl_waiting;
412} smb_slist_t;
413
414/*
415 * smb_avl_t State Machine
416 * --------------------
417 *
418 *                      +-----------------------------+
419 *                      |     SMB_AVL_STATE_START     |
420 *                      +-----------------------------+
421 *                                    | T0
422 *                                    v
423 *                      +-----------------------------+
424 *                      |     SMB_AVL_STATE_READY     |
425 *                      +-----------------------------+
426 *                                    | T1
427 *                                    v
428 *                      +-----------------------------+
429 *                      |  SMB_AVL_STATE_DESTROYING   |
430 *                      +-----------------------------+
431 *
432 * Transition T0
433 *
434 *    This transition is executed in smb_avl_create().
435 *
436 * Transition T1
437 *
438 *    This transition is executed in smb_avl_destroy().
439 *
440 */
441typedef enum {
442	SMB_AVL_STATE_START = 0,
443	SMB_AVL_STATE_READY,
444	SMB_AVL_STATE_DESTROYING
445} smb_avl_state_t;
446
447typedef struct smb_avl_nops {
448	int		(*avln_cmp) (const void *, const void *);
449	void		(*avln_hold)(const void *);
450	boolean_t	(*avln_rele)(const void *);
451	void		(*avln_destroy)(void *);
452} smb_avl_nops_t;
453
454typedef struct smb_avl_cursor {
455	void		*avlc_next;
456	uint32_t	avlc_sequence;
457} smb_avl_cursor_t;
458
459typedef struct smb_avl {
460	krwlock_t	avl_lock;
461	avl_tree_t	avl_tree;
462	kmutex_t	avl_mutex;
463	kcondvar_t	avl_cv;
464	smb_avl_state_t	avl_state;
465	uint32_t	avl_refcnt;
466	uint32_t	avl_sequence;
467	const smb_avl_nops_t	*avl_nops;
468} smb_avl_t;
469
470typedef struct {
471	kcondvar_t	rwx_cv;
472	kmutex_t	rwx_mutex;
473	krwlock_t	rwx_lock;
474	boolean_t	rwx_waiting;
475} smb_rwx_t;
476
477typedef struct smb_export {
478	kmutex_t	e_mutex;
479	boolean_t	e_ready;
480	smb_avl_t	e_share_avl;
481	smb_slist_t	e_unexport_list;
482	smb_thread_t	e_unexport_thread;
483} smb_export_t;
484
485/*
486 * NOTIFY CHANGE, a.k.a. File Change Notification (FCN)
487 */
488
489/*
490 * These FCN filter mask values are not from MS-FSCC, but
491 * must not overlap with any FILE_NOTIFY_VALID_MASK values.
492 */
493#define	FILE_NOTIFY_CHANGE_EV_SUBDIR	0x00010000
494#define	FILE_NOTIFY_CHANGE_EV_DELETE	0x00020000
495#define	FILE_NOTIFY_CHANGE_EV_CLOSED	0x00040000
496#define	FILE_NOTIFY_CHANGE_EV_OVERFLOW	0x00080000
497
498/*
499 * Note: These FCN action values are not from MS-FSCC, but must
500 * follow in sequence from FILE_ACTION_MODIFIED_STREAM.
501 *
502 * FILE_ACTION_SUBDIR_CHANGED is used internally for
503 * "watch tree" support, posted to all parents of a
504 * directory that had one of the changes above.
505 *
506 * FILE_ACTION_DELETE_PENDING is used internally to tell
507 * notify change requests when the "delete-on-close" flag
508 * has been set on the directory being watched.
509 *
510 * FILE_ACTION_HANDLE_CLOSED is used to wakeup notify change
511 * requests when the watched directory handle is closed.
512 */
513#define	FILE_ACTION_SUBDIR_CHANGED	0x00000009
514#define	FILE_ACTION_DELETE_PENDING	0x0000000a
515#define	FILE_ACTION_HANDLE_CLOSED	0x0000000b
516
517/*
518 * Sub-struct within smb_ofile_t
519 */
520typedef struct smb_notify {
521	list_t			nc_waiters; /* Waiting SRs */
522	mbuf_chain_t		nc_buffer;
523	uint32_t		nc_filter;
524	uint32_t		nc_events;
525	int			nc_last_off;
526	boolean_t		nc_subscribed;
527} smb_notify_t;
528
529/*
530 * SMB operates over a NetBIOS-over-TCP transport (NBT) or directly
531 * over TCP, which is also known as direct hosted NetBIOS-less SMB
532 * or SMB-over-TCP.
533 *
534 * NBT messages have a 4-byte header that defines the message type
535 * (8-bits), a 7-bit flags field and a 17-bit length.
536 *
537 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
538 * |      TYPE     |     FLAGS   |E|            LENGTH             |
539 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
540 *
541 * 8-bit type      Defined in RFC 1002
542 * 7-bit flags     Bits 0-6 reserved (must be 0)
543 *                 Bit 7: Length extension bit (E)
544 * 17-bit length   Includes bit 7 of the flags byte
545 *
546 *
547 * SMB-over-TCP is defined to use a modified version of the NBT header
548 * containing an 8-bit message type and 24-bit message length.
549 *
550 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
551 * |      TYPE     |                  LENGTH                       |
552 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
553 *
554 * 8-bit type      Must be 0
555 * 24-bit length
556 *
557 * The following structure is used to represent a generic, in-memory
558 * SMB transport header; it is not intended to map directly to either
559 * of the over-the-wire formats.
560 */
561typedef struct {
562	uint8_t		xh_type;
563	uint32_t	xh_length;
564} smb_xprt_t;
565
566int MBC_LENGTH(struct mbuf_chain *);
567int MBC_MAXBYTES(struct mbuf_chain *);
568void MBC_SETUP(struct mbuf_chain *, uint32_t);
569void MBC_INIT(struct mbuf_chain *, uint32_t);
570void MBC_FLUSH(struct mbuf_chain *);
571void MBC_ATTACH_MBUF(struct mbuf_chain *, struct mbuf *);
572void MBC_APPEND_MBUF(struct mbuf_chain *, struct mbuf *);
573void MBC_ATTACH_BUF(struct mbuf_chain *MBC, unsigned char *BUF, int LEN);
574int MBC_SHADOW_CHAIN(struct mbuf_chain *SUBMBC, struct mbuf_chain *MBC,
575    int OFF, int LEN);
576
577#define	MBC_ROOM_FOR(b, n) (((b)->chain_offset + (n)) <= (b)->max_bytes)
578
579/*
580 * Per smb_node oplock state
581 */
582typedef struct smb_oplock {
583	kmutex_t		ol_mutex;
584	boolean_t		ol_fem;		/* fem monitor installed? */
585	struct smb_ofile	*excl_open;
586	uint32_t		ol_state;
587	int32_t			cnt_II;
588	int32_t			cnt_R;
589	int32_t			cnt_RH;
590	int32_t			cnt_RHBQ;
591	int32_t			waiters;
592	kcondvar_t		WaitingOpenCV;
593} smb_oplock_t;
594
595/*
596 * Per smb_ofile oplock state
597 */
598typedef struct smb_oplock_grant {
599	/* smb protocol-level state */
600	uint32_t		og_state;	/* latest sent to client */
601	uint32_t		og_breaking;	/* BREAK_TO... flags */
602	uint16_t		og_dialect;	/* how to send breaks */
603	/* File-system level state */
604	uint8_t			onlist_II;
605	uint8_t			onlist_R;
606	uint8_t			onlist_RH;
607	uint8_t			onlist_RHBQ;
608	uint8_t			BreakingToRead;
609} smb_oplock_grant_t;
610
611#define	SMB_LEASE_KEY_SZ	16
612
613typedef struct smb_lease {
614	list_node_t		ls_lnd;		/* sv_lease_ht */
615	kmutex_t		ls_mutex;
616	smb_llist_t		*ls_bucket;
617	struct smb_node		*ls_node;
618	/*
619	 * With a lease, just one ofile has the oplock.
620	 * This (used only for comparison) identifies which.
621	 */
622	void			*ls_oplock_ofile;
623	uint32_t		ls_refcnt;
624	uint32_t		ls_state;
625	uint32_t		ls_breaking;	/* BREAK_TO... flags */
626	uint16_t		ls_epoch;
627	uint16_t		ls_version;
628	uint8_t			ls_key[SMB_LEASE_KEY_SZ];
629	uint8_t			ls_clnt[SMB_LEASE_KEY_SZ];
630} smb_lease_t;
631
632#define	SMB_NODE_MAGIC		0x4E4F4445	/* 'NODE' */
633#define	SMB_NODE_VALID(p)	ASSERT((p)->n_magic == SMB_NODE_MAGIC)
634
635typedef enum {
636	SMB_NODE_STATE_AVAILABLE = 0,
637	SMB_NODE_STATE_DESTROYING
638} smb_node_state_t;
639
640/*
641 * waiting_event        # of clients requesting FCN
642 * n_timestamps         cached timestamps
643 * n_allocsz            cached file allocation size
644 * n_dnode              directory node
645 * n_unode              unnamed stream node
646 * delete_on_close_cred credentials for delayed delete
647 */
648typedef struct smb_node {
649	list_node_t		n_lnd;
650	uint32_t		n_magic;
651	krwlock_t		n_lock;
652	kmutex_t		n_mutex;
653	smb_node_state_t	n_state;
654	uint32_t		n_refcnt;
655	uint32_t		n_hashkey;
656	smb_llist_t		*n_hash_bucket;
657	uint32_t		n_open_count;
658	uint32_t		n_opening_count;
659	smb_llist_t		n_ofile_list;
660	/* If entering both, go in order n_lock_list, n_wlock_list */
661	smb_llist_t		n_lock_list;	/* active locks */
662	smb_llist_t		n_wlock_list;	/* waiting locks */
663	volatile int		flags;
664	u_offset_t		n_allocsz;
665	uint32_t		n_fcn_count;
666	smb_oplock_t		n_oplock;
667	struct smb_node		*n_dnode;
668	struct smb_node		*n_unode;
669	cred_t			*delete_on_close_cred;
670	uint32_t		n_delete_on_close_flags;
671	char			od_name[MAXNAMELEN];
672	vnode_t			*vp;
673	smb_audit_buf_node_t	*n_audit_buf;
674} smb_node_t;
675
676#define	NODE_FLAGS_REPARSE		0x00001000
677#define	NODE_FLAGS_DFSLINK		0x00002000
678#define	NODE_FLAGS_VFSROOT		0x00004000
679#define	NODE_FLAGS_SYSTEM		0x00008000
680#define	NODE_FLAGS_WRITE_THROUGH	0x00100000
681#define	NODE_XATTR_DIR			0x01000000
682#define	NODE_FLAGS_DELETE_COMMITTED	0x20000000
683#define	NODE_FLAGS_DELETE_ON_CLOSE	0x40000000
684#define	NODE_FLAGS_EXECUTABLE		0x80000000
685
686#define	SMB_NODE_VFS(node)	((node)->vp->v_vfsp)
687#define	SMB_NODE_FSID(node)	((node)->vp->v_vfsp->vfs_fsid)
688
689/* Maximum buffer size for encryption key */
690#define	SMB_ENCRYPT_KEY_MAXLEN		32
691
692#define	SMB_SHARE_MAGIC		0x4B534852	/* KSHR */
693
694typedef struct smb_kshare {
695	uint32_t	shr_magic;
696	avl_node_t	shr_link;
697	kmutex_t	shr_mutex;
698	kcondvar_t	shr_cv;
699	char		*shr_name;
700	char		*shr_path;
701	char		*shr_cmnt;
702	char		*shr_container;
703	char		*shr_oemname;
704	uint32_t	shr_flags;
705	uint32_t	shr_type;
706	uint32_t	shr_refcnt;
707	uint32_t	shr_autocnt;
708	uid_t		shr_uid;
709	gid_t		shr_gid;
710	char		*shr_access_none;
711	char		*shr_access_ro;
712	char		*shr_access_rw;
713	smb_node_t	*shr_root_node;
714	smb_node_t	*shr_ca_dir;
715	void		*shr_import_busy;
716	smb_cfg_val_t	shr_encrypt; /* Share.EncryptData */
717} smb_kshare_t;
718
719
720typedef struct smb_arg_negotiate {
721	char		*ni_name;
722	int		ni_dialect;
723	int		ni_index;
724	uint32_t	ni_capabilities;
725	uint16_t	ni_maxmpxcount;
726	int16_t		ni_tzcorrection;
727	uint8_t		ni_keylen;
728	uint8_t		ni_key[SMB_ENCRYPT_KEY_MAXLEN];
729	timestruc_t	ni_servertime;
730} smb_arg_negotiate_t;
731
732typedef enum {
733	SMB_SSNSETUP_PRE_NTLM012 = 1,
734	SMB_SSNSETUP_NTLM012_NOEXT,
735	SMB_SSNSETUP_NTLM012_EXTSEC
736} smb_ssnsetup_type_t;
737
738typedef struct smb_arg_sessionsetup {
739	smb_ssnsetup_type_t ssi_type;
740	char		*ssi_user;
741	char		*ssi_domain;
742	/* LM password hash, f.k.a. case-insensitive p/w */
743	uint16_t	ssi_lmpwlen;
744	uint8_t		*ssi_lmpwd;
745	/* NT password hash, f.k.a. case-sensitive p/w */
746	uint16_t	ssi_ntpwlen;
747	uint8_t		*ssi_ntpwd;
748	/* Incoming security blob */
749	uint16_t	ssi_iseclen;
750	uint8_t		*ssi_isecblob;
751	/* Incoming security blob */
752	uint16_t	ssi_oseclen;
753	uint8_t		*ssi_osecblob;
754	/* parameters */
755	uint16_t	ssi_maxbufsize;
756	uint16_t	ssi_maxmpxcount;
757	uint32_t	ssi_capabilities;
758	int		ssi_native_os;
759	int		ssi_native_lm;
760} smb_arg_sessionsetup_t;
761
762typedef struct tcon {
763	char		*name;
764	char		*path;
765	char		*service;
766	int		pwdlen;
767	char		*password;
768	uint16_t	flags;
769	uint16_t	optional_support;
770	smb_kshare_t	*si;
771} smb_arg_tcon_t;
772
773/*
774 * Based on section 2.6.1.2 (Connection Management) of the June 13,
775 * 1996 CIFS spec, a server may terminate the transport connection
776 * due to inactivity. The client software is expected to be able to
777 * automatically reconnect to the server if this happens. Like much
778 * of the useful background information, this section appears to
779 * have been dropped from later revisions of the document.
780 *
781 * Each session has an activity timestamp that's updated whenever a
782 * request is dispatched. If the session is idle, i.e. receives no
783 * requests, for SMB_SESSION_INACTIVITY_TIMEOUT minutes it will be
784 * closed.
785 *
786 * Each session has an I/O semaphore to serialize communication with
787 * the client. For example, after receiving a raw-read request, the
788 * server is not allowed to send an oplock break to the client until
789 * after it has sent the raw-read data.
790 */
791#define	SMB_SESSION_INACTIVITY_TIMEOUT		(15 * 60)
792
793/* SMB1 signing */
794struct smb_sign {
795	unsigned int flags;
796	uint32_t seqnum;
797	uint_t mackey_len;
798	uint8_t *mackey;
799};
800
801/*
802 * SMB2 signing
803 */
804struct smb_key {
805	uint_t len;
806	uint8_t key[SMB2_SESSION_KEY_LEN];
807};
808
809#define	SMB_SIGNING_ENABLED	1
810#define	SMB_SIGNING_CHECK	2
811
812/*
813 * Locking notes:
814 * If you hold the mutex/lock on an object, don't flush the deleteq
815 * of the objects directly below it in the logical hierarchy
816 * (i.e. via smb_llist_exit()). I.e. don't drop s_tree_list when
817 * you hold u_mutex, because deleted trees need u_mutex to
818 * lower the refcnt.
819 *
820 * Note that this also applies to u_mutex and t_ofile_list.
821 */
822
823/*
824 * The "session" object.
825 *
826 * Note that the smb_session_t object here corresponds to what MS-SMB2
827 * calls a "connection".  Adding to the confusion, what MS calls a
828 * "session" corresponds to our smb_user_t (below).
829 */
830
831/*
832 * Session State Machine
833 * ---------------------
834 *
835 *
836 * +-----------------------------+	    +----------------------------+
837 * | SMB_SESSION_STATE_CONNECTED |	    | SMB_SESSION_STATE_SHUTDOWN |
838 * +-----------------------------+	    +----------------------------+
839 *		  |					     ^
840 *		  |					     |T6
841 *		  |			    +------------------------------+
842 *		  |			    | SMB_SESSION_STATE_TERMINATED |
843 *		T0|			    +------------------------------+
844 *		  +--------------------+		     ^
845 *		  v		       |T4                   |T5
846 * +-------------------------------+   |    +--------------------------------+
847 * | SMB_SESSION_STATE_ESTABLISHED |---+--->| SMB_SESSION_STATE_DISCONNECTED |
848 * +-------------------------------+        +--------------------------------+
849 *		T1|				^
850 *		  +----------+			|T3
851 *                           v			|
852 *                  +------------------------------+
853 *                  | SMB_SESSION_STATE_NEGOTIATED |
854 *                  +------------------------------+
855 *
856 *
857 * Transition T0
858 *
859 *
860 *
861 * Transition T1
862 *
863 *
864 *
865 * Transition T2
866 *
867 *
868 *
869 * Transition T3
870 *
871 *
872 *
873 * Transition T4
874 *
875 *
876 *
877 * Transition T5
878 *
879 *
880 *
881 * Transition T6
882 *
883 *
884 *
885 */
886#define	SMB_SESSION_MAGIC	0x53455353	/* 'SESS' */
887#define	SMB_SESSION_VALID(p)	\
888    ASSERT(((p) != NULL) && ((p)->s_magic == SMB_SESSION_MAGIC))
889
890#define	SMB_CHALLENGE_SZ	8
891
892typedef enum {
893	SMB_SESSION_STATE_INITIALIZED = 0,
894	SMB_SESSION_STATE_DISCONNECTED,
895	SMB_SESSION_STATE_CONNECTED,
896	SMB_SESSION_STATE_ESTABLISHED,
897	SMB_SESSION_STATE_NEGOTIATED,
898	SMB_SESSION_STATE_TERMINATED,
899	SMB_SESSION_STATE_SHUTDOWN,
900	SMB_SESSION_STATE_SENTINEL
901} smb_session_state_t;
902
903/* Bits in s_flags below */
904#define	SMB_SSN_AAPL_CCEXT	1	/* Saw "AAPL" create ctx. ext. */
905#define	SMB_SSN_AAPL_READDIR	2	/* Wants MacOS ext. readdir */
906
907typedef struct smb_session {
908	list_node_t		s_lnd;
909	uint32_t		s_magic;
910	smb_rwx_t		s_lock;
911	uint64_t		s_kid;
912	smb_session_state_t	s_state;
913	uint32_t		s_flags;
914	taskqid_t		s_receiver_tqid;
915	kthread_t		*s_thread;
916	kt_did_t		s_ktdid;
917	int	(*newrq_func)(struct smb_request *);
918	struct smb_server	*s_server;
919	smb_kmod_cfg_t		s_cfg;
920	int32_t			s_gmtoff;
921	uint32_t		keep_alive;
922	uint64_t		opentime;
923	uint16_t		s_local_port;
924	uint16_t		s_remote_port;
925	smb_inaddr_t		ipaddr;
926	smb_inaddr_t		local_ipaddr;
927	int			dialect;
928	int			native_os;
929	int			native_lm;
930
931	kmutex_t		s_credits_mutex;
932	uint16_t		s_cur_credits;
933	uint16_t		s_max_credits;
934
935	uint32_t		capabilities;
936	uint32_t		srv_cap;
937
938	struct smb_sign		signing;	/* SMB1 */
939	void			*sign_mech;	/* mechanism info */
940	void			*enc_mech;
941
942	/* SMB2/SMB3 signing support */
943	int			(*sign_calc)(struct smb_request *,
944					struct mbuf_chain *, uint8_t *);
945	void			(*sign_fini)(struct smb_session *);
946
947	ksocket_t		sock;
948
949	smb_slist_t		s_req_list;
950	smb_llist_t		s_xa_list;
951	smb_llist_t		s_user_list;
952	smb_llist_t		s_tree_list;
953	smb_idpool_t		s_uid_pool;
954	smb_idpool_t		s_tid_pool;
955	smb_txlst_t		s_txlst;
956
957	volatile uint32_t	s_tree_cnt;
958	volatile uint32_t	s_file_cnt;
959	volatile uint32_t	s_dir_cnt;
960
961	uint16_t		cli_secmode;
962	uint16_t		srv_secmode;
963	uint32_t		sesskey;
964	uint32_t		challenge_len;
965	unsigned char		challenge_key[SMB_CHALLENGE_SZ];
966	int64_t			activity_timestamp;
967	timeout_id_t		s_auth_tmo;
968
969	/*
970	 * Maximum negotiated buffer sizes between SMB client and server
971	 * in SMB_SESSION_SETUP_ANDX
972	 */
973	int			cmd_max_bytes;
974	int			reply_max_bytes;
975	uint16_t		smb_msg_size;
976	uint16_t		smb_max_mpx;
977	smb_srqueue_t		*s_srqueue;
978	uint64_t		start_time;
979	unsigned char		MAC_key[44];
980	char			ip_addr_str[INET6_ADDRSTRLEN];
981	uint8_t			clnt_uuid[16];
982	char			workstation[SMB_PI_MAX_HOST];
983} smb_session_t;
984
985/*
986 * The "user" object.
987 *
988 * Note that smb_user_t object here corresponds to what MS-SMB2 calls
989 * a "session".  (Our smb_session_t is something else -- see above).
990 */
991
992#define	SMB_USER_MAGIC 0x55534552	/* 'USER' */
993#define	SMB_USER_VALID(u)	\
994    ASSERT(((u) != NULL) && ((u)->u_magic == SMB_USER_MAGIC))
995
996/* These flags are all <= 0x00000010 */
997#define	SMB_USER_FLAG_GUEST			SMB_ATF_GUEST
998#define	SMB_USER_FLAG_ANON			SMB_ATF_ANON
999#define	SMB_USER_FLAG_ADMIN			SMB_ATF_ADMIN
1000#define	SMB_USER_FLAG_POWER_USER		SMB_ATF_POWERUSER
1001#define	SMB_USER_FLAG_BACKUP_OPERATOR		SMB_ATF_BACKUPOP
1002
1003#define	SMB_USER_IS_ADMIN(U)	(((U)->u_flags & SMB_USER_FLAG_ADMIN) != 0)
1004#define	SMB_USER_IS_GUEST(U)	(((U)->u_flags & SMB_USER_FLAG_GUEST) != 0)
1005
1006/*
1007 * Internal privilege flags derived from smb_privilege.h numbers
1008 * Would rather not include that in this file.
1009 */
1010#define	SMB_USER_PRIV_SECURITY		(1<<8)	/* SE_SECURITY_LUID */
1011#define	SMB_USER_PRIV_TAKE_OWNERSHIP	(1<<9)	/* SE_TAKE_OWNERSHIP_LUID */
1012#define	SMB_USER_PRIV_BACKUP		(1<<17)	/* SE_BACKUP_LUID */
1013#define	SMB_USER_PRIV_RESTORE		(1<<18)	/* SE_RESTORE_LUID */
1014#define	SMB_USER_PRIV_CHANGE_NOTIFY	(1<<23)	/* SE_CHANGE_NOTIFY_LUID */
1015#define	SMB_USER_PRIV_READ_FILE		(1<<25)	/* SE_READ_FILE_LUID */
1016#define	SMB_USER_PRIV_WRITE_FILE	(1<<26)	/* SE_WRITE_FILE_LUID */
1017
1018/*
1019 * See the long "User State Machine" comment in smb_user.c
1020 */
1021typedef enum {
1022	SMB_USER_STATE_LOGGING_ON = 0,
1023	SMB_USER_STATE_LOGGED_ON,
1024	SMB_USER_STATE_LOGGING_OFF,
1025	SMB_USER_STATE_LOGGED_OFF,
1026	SMB_USER_STATE_SENTINEL
1027} smb_user_state_t;
1028
1029typedef enum {
1030	SMB2_DH_PRESERVE_NONE = 0,
1031	SMB2_DH_PRESERVE_SOME,
1032	SMB2_DH_PRESERVE_ALL
1033} smb_preserve_type_t;
1034
1035typedef struct smb_user {
1036	list_node_t		u_lnd;
1037	uint32_t		u_magic;
1038	kmutex_t		u_mutex;
1039	smb_user_state_t	u_state;
1040
1041	struct smb_server	*u_server;
1042	smb_session_t		*u_session;
1043	ksocket_t		u_authsock;
1044	timeout_id_t		u_auth_tmo;
1045	uint16_t		u_name_len;
1046	char			*u_name;
1047	uint16_t		u_domain_len;
1048	char			*u_domain;
1049	time_t			u_logon_time;
1050	cred_t			*u_cred;
1051	cred_t			*u_privcred;
1052
1053	uint64_t		u_ssnid;	/* unique server-wide */
1054	uint32_t		u_refcnt;
1055	uint32_t		u_flags;
1056	smb_preserve_type_t	preserve_opens;
1057	uint32_t		u_privileges;
1058	uint16_t		u_uid;		/* unique per-session */
1059	uint32_t		u_audit_sid;
1060
1061	uint32_t		u_sign_flags;
1062	struct smb_key		u_sign_key;	/* SMB2 signing */
1063
1064	struct smb_key		u_enc_key;
1065	struct smb_key		u_dec_key;
1066	volatile uint64_t	u_nonce_cnt;
1067	uint8_t			u_nonce_fixed[4];
1068	uint64_t		u_salt;
1069	smb_cfg_val_t		u_encrypt;
1070} smb_user_t;
1071
1072#define	SMB_TREE_MAGIC			0x54524545	/* 'TREE' */
1073#define	SMB_TREE_VALID(p)	\
1074    ASSERT((p != NULL) && ((p)->t_magic == SMB_TREE_MAGIC))
1075
1076#define	SMB_TYPENAMELEN			_ST_FSTYPSZ
1077#define	SMB_VOLNAMELEN			32
1078
1079#define	SMB_TREE_READONLY		0x00000001
1080#define	SMB_TREE_SUPPORTS_ACLS		0x00000002
1081#define	SMB_TREE_STREAMS		0x00000004
1082#define	SMB_TREE_CASEINSENSITIVE	0x00000008
1083#define	SMB_TREE_NO_CASESENSITIVE	0x00000010
1084#define	SMB_TREE_NO_EXPORT		0x00000020
1085#define	SMB_TREE_OPLOCKS		0x00000040
1086#define	SMB_TREE_SHORTNAMES		0x00000080
1087#define	SMB_TREE_XVATTR			0x00000100
1088#define	SMB_TREE_DIRENTFLAGS		0x00000200
1089#define	SMB_TREE_ACLONCREATE		0x00000400
1090#define	SMB_TREE_ACEMASKONACCESS	0x00000800
1091#define	SMB_TREE_NFS_MOUNTED		0x00001000
1092#define	SMB_TREE_UNICODE_ON_DISK	0x00002000
1093#define	SMB_TREE_CATIA			0x00004000
1094#define	SMB_TREE_ABE			0x00008000
1095#define	SMB_TREE_QUOTA			0x00010000
1096#define	SMB_TREE_DFSROOT		0x00020000
1097#define	SMB_TREE_SPARSE			0x00040000
1098#define	SMB_TREE_TRAVERSE_MOUNTS	0x00080000
1099#define	SMB_TREE_FORCE_L2_OPLOCK	0x00100000
1100#define	SMB_TREE_CA			0x00200000
1101/* Note: SMB_TREE_... in the mdb module too. */
1102
1103/*
1104 * See the long "Tree State Machine" comment in smb_tree.c
1105 */
1106typedef enum {
1107	SMB_TREE_STATE_CONNECTED = 0,
1108	SMB_TREE_STATE_DISCONNECTING,
1109	SMB_TREE_STATE_DISCONNECTED,
1110	SMB_TREE_STATE_SENTINEL
1111} smb_tree_state_t;
1112
1113typedef struct smb_tree {
1114	list_node_t		t_lnd;
1115	uint32_t		t_magic;
1116	kmutex_t		t_mutex;
1117	smb_tree_state_t	t_state;
1118
1119	struct smb_server	*t_server;
1120	smb_session_t		*t_session;
1121	/*
1122	 * user whose uid was in the tree connect message
1123	 * ("owner" in MS-CIFS parlance, see section 2.2.1.6 definition of FID)
1124	 */
1125	smb_user_t		*t_owner;
1126	smb_node_t		*t_snode;
1127
1128	smb_llist_t		t_ofile_list;
1129	smb_idpool_t		t_fid_pool;
1130
1131	smb_llist_t		t_odir_list;
1132	smb_idpool_t		t_odid_pool;
1133
1134	uint32_t		t_refcnt;
1135	uint32_t		t_flags;
1136	int32_t			t_res_type;
1137	uint16_t		t_tid;
1138	uint16_t		t_umask;
1139	char			t_sharename[MAXNAMELEN];
1140	char			t_resource[MAXPATHLEN];
1141	char			t_typename[SMB_TYPENAMELEN];
1142	char			t_volume[SMB_VOLNAMELEN];
1143	acl_type_t		t_acltype;
1144	uint32_t		t_access;
1145	uint32_t		t_execflags;
1146	time_t			t_connect_time;
1147	volatile uint32_t	t_open_files;
1148	smb_cfg_val_t		t_encrypt; /* Share.EncryptData */
1149} smb_tree_t;
1150
1151#define	SMB_TREE_VFS(tree)	((tree)->t_snode->vp->v_vfsp)
1152#define	SMB_TREE_FSID(tree)	((tree)->t_snode->vp->v_vfsp->vfs_fsid)
1153
1154#define	SMB_TREE_IS_READONLY(sr)					\
1155	((sr) != NULL && (sr)->tid_tree != NULL &&			\
1156	!((sr)->tid_tree->t_access & ACE_ALL_WRITE_PERMS))
1157
1158#define	SMB_TREE_IS_CASEINSENSITIVE(sr)                                 \
1159	(((sr) && (sr)->tid_tree) ?                                     \
1160	smb_tree_has_feature((sr)->tid_tree, SMB_TREE_CASEINSENSITIVE) : 0)
1161
1162#define	SMB_TREE_HAS_ACCESS(sr, acemask)				\
1163	((sr) == NULL ? ACE_ALL_PERMS : (				\
1164	(((sr) && (sr)->tid_tree) ?					\
1165	(((sr)->tid_tree->t_access) & (acemask)) : 0)))
1166
1167#define	SMB_TREE_SUPPORTS_CATIA(sr)					\
1168	(((sr) && (sr)->tid_tree) ?                                     \
1169	smb_tree_has_feature((sr)->tid_tree, SMB_TREE_CATIA) : 0)
1170
1171#define	SMB_TREE_SUPPORTS_ABE(sr)					\
1172	(((sr) && (sr)->tid_tree) ?                                     \
1173	smb_tree_has_feature((sr)->tid_tree, SMB_TREE_ABE) : 0)
1174
1175#define	SMB_TREE_IS_DFSROOT(sr)						\
1176	(((sr) && (sr)->tid_tree) ?                                     \
1177	smb_tree_has_feature((sr)->tid_tree, SMB_TREE_DFSROOT) : 0)
1178
1179#define	SMB_TREE_SUPPORTS_SHORTNAMES(sr)				\
1180	(((sr) && (sr)->tid_tree) ?					\
1181	smb_tree_has_feature((sr)->tid_tree, SMB_TREE_SHORTNAMES) : 0)
1182
1183/*
1184 * SMB_TREE_CONTAINS_NODE is used to check if a node is on the same
1185 * file system as the tree's root filesystem, or if mount point traversal
1186 * should be allowed.  Note that this is also called in some cases with
1187 * sr=NULL, where it is expected to evaluate to TRUE.
1188 */
1189
1190#define	SMB_TREE_CONTAINS_NODE(sr, node)                                \
1191	((sr) == NULL || (sr)->tid_tree == NULL ||                      \
1192	SMB_TREE_VFS((sr)->tid_tree) == SMB_NODE_VFS(node) ||           \
1193	smb_tree_has_feature((sr)->tid_tree, SMB_TREE_TRAVERSE_MOUNTS))
1194
1195/*
1196 * SMB_PATHFILE_IS_READONLY indicates whether or not a file is
1197 * readonly when the caller has a path rather than an ofile.
1198 */
1199#define	SMB_PATHFILE_IS_READONLY(sr, node)			\
1200	(SMB_TREE_IS_READONLY((sr)) ||				\
1201	smb_node_file_is_readonly((node)))
1202
1203#define	SMB_ODIR_MAGIC		0x4F444952	/* 'ODIR' */
1204#define	SMB_ODIR_VALID(p)	\
1205    ASSERT((p != NULL) && ((p)->d_magic == SMB_ODIR_MAGIC))
1206
1207#define	SMB_ODIR_BUFSIZE	(8 * 1024)
1208
1209#define	SMB_ODIR_FLAG_WILDCARDS		0x0001
1210#define	SMB_ODIR_FLAG_IGNORE_CASE	0x0002
1211#define	SMB_ODIR_FLAG_XATTR		0x0004
1212#define	SMB_ODIR_FLAG_EDIRENT		0x0008
1213#define	SMB_ODIR_FLAG_CATIA		0x0010
1214#define	SMB_ODIR_FLAG_ABE		0x0020
1215#define	SMB_ODIR_FLAG_SHORTNAMES	0x0040
1216
1217typedef enum {
1218	SMB_ODIR_STATE_OPEN = 0,
1219	SMB_ODIR_STATE_IN_USE,
1220	SMB_ODIR_STATE_CLOSING,
1221	SMB_ODIR_STATE_CLOSED,
1222	SMB_ODIR_STATE_SENTINEL
1223} smb_odir_state_t;
1224
1225typedef enum {
1226	SMB_ODIR_RESUME_CONT,
1227	SMB_ODIR_RESUME_IDX,
1228	SMB_ODIR_RESUME_COOKIE,
1229	SMB_ODIR_RESUME_FNAME
1230} smb_odir_resume_type_t;
1231
1232typedef struct smb_odir_resume {
1233	smb_odir_resume_type_t	or_type;
1234	int			or_idx;
1235	uint32_t		or_cookie;
1236	char			*or_fname;
1237} smb_odir_resume_t;
1238
1239/*
1240 * Flags used when opening an odir
1241 */
1242#define	SMB_ODIR_OPENF_BACKUP_INTENT	0x01
1243
1244typedef struct smb_odir {
1245	list_node_t		d_lnd;
1246	uint32_t		d_magic;
1247	kmutex_t		d_mutex;
1248	smb_odir_state_t	d_state;
1249	smb_session_t		*d_session;
1250	smb_user_t		*d_user;
1251	smb_tree_t		*d_tree;
1252	smb_node_t		*d_dnode;
1253	cred_t			*d_cred;
1254	uint32_t		d_opened_by_pid;
1255	uint16_t		d_odid;
1256	uint16_t		d_sattr;
1257	uint32_t		d_refcnt;
1258	uint32_t		d_flags;
1259	boolean_t		d_eof;
1260	int			d_bufsize;
1261	uint64_t		d_offset;
1262	union {
1263		char		*u_bufptr;
1264		struct edirent	*u_edp;
1265		struct dirent64	*u_dp;
1266	} d_u;
1267	uint32_t		d_last_cookie;
1268	uint32_t		d_cookies[SMB_MAX_SEARCH];
1269	char			d_pattern[MAXNAMELEN];
1270	char			d_buf[SMB_ODIR_BUFSIZE];
1271	char			d_last_name[MAXNAMELEN];
1272} smb_odir_t;
1273#define	d_bufptr	d_u.u_bufptr
1274#define	d_edp		d_u.u_edp
1275#define	d_dp		d_u.u_dp
1276
1277typedef struct smb_odirent {
1278	char		od_name[MAXNAMELEN];	/* on disk name */
1279	ino64_t		od_ino;
1280	uint32_t	od_eflags;
1281} smb_odirent_t;
1282
1283#define	SMB_OPIPE_MAGIC		0x50495045	/* 'PIPE' */
1284#define	SMB_OPIPE_VALID(p)	\
1285    ASSERT(((p) != NULL) && (p)->p_magic == SMB_OPIPE_MAGIC)
1286#define	SMB_OPIPE_MAXNAME	32
1287
1288/*
1289 * Data structure for SMB_FTYPE_MESG_PIPE ofiles, which is used
1290 * at the interface between SMB and NDR RPC.
1291 */
1292typedef struct smb_opipe {
1293	uint32_t		p_magic;
1294	kmutex_t		p_mutex;
1295	kcondvar_t		p_cv;
1296	struct smb_ofile	*p_ofile;
1297	struct smb_server	*p_server;
1298	uint32_t		p_refcnt;
1299	ksocket_t		p_socket;
1300	/* This is the "flat" name, without path prefix */
1301	char			p_name[SMB_OPIPE_MAXNAME];
1302} smb_opipe_t;
1303
1304/*
1305 * The of_ftype	of an open file should contain the SMB_FTYPE value
1306 * returned when the file/pipe was opened. The following
1307 * assumptions are currently made:
1308 *
1309 * File Type	    Node       PipeInfo
1310 * ---------	    --------   --------
1311 * SMB_FTYPE_DISK       Valid      Null
1312 * SMB_FTYPE_BYTE_PIPE  Undefined  Undefined
1313 * SMB_FTYPE_MESG_PIPE  Null       Valid
1314 * SMB_FTYPE_PRINTER    Undefined  Undefined
1315 * SMB_FTYPE_UNKNOWN    Undefined  Undefined
1316 */
1317
1318/*
1319 * Some flags for ofile structure
1320 *
1321 *	SMB_OFLAGS_SET_DELETE_ON_CLOSE
1322 *   Set this flag when the corresponding open operation whose
1323 *   DELETE_ON_CLOSE bit of the CreateOptions is set. If any
1324 *   open file instance has this bit set, the NODE_FLAGS_DELETE_ON_CLOSE
1325 *   will be set for the file node upon close.
1326 */
1327
1328/*	SMB_OFLAGS_READONLY		0x0001 (obsolete) */
1329#define	SMB_OFLAGS_EXECONLY		0x0002
1330#define	SMB_OFLAGS_SET_DELETE_ON_CLOSE	0x0004
1331#define	SMB_OFLAGS_LLF_POS_VALID	0x0008
1332
1333#define	SMB_OFILE_MAGIC		0x4F464C45	/* 'OFLE' */
1334#define	SMB_OFILE_VALID(p)	\
1335    ASSERT((p != NULL) && ((p)->f_magic == SMB_OFILE_MAGIC))
1336
1337/*
1338 * This is the size of the per-handle "Lock Sequence" array.
1339 * See LockSequenceIndex in [MS-SMB2] 2.2.26, and smb2_lock.c
1340 */
1341#define	SMB_OFILE_LSEQ_MAX		64
1342
1343/* {arg_open,ofile}->dh_vers values */
1344typedef enum {
1345	SMB2_NOT_DURABLE = 0,
1346	SMB2_DURABLE_V1,
1347	SMB2_DURABLE_V2,
1348	SMB2_RESILIENT,
1349} smb_dh_vers_t;
1350
1351/*
1352 * See the long "Ofile State Machine" comment in smb_ofile.c
1353 */
1354typedef enum {
1355	SMB_OFILE_STATE_ALLOC = 0,
1356	SMB_OFILE_STATE_OPEN,
1357	SMB_OFILE_STATE_SAVE_DH,
1358	SMB_OFILE_STATE_SAVING,
1359	SMB_OFILE_STATE_CLOSING,
1360	SMB_OFILE_STATE_CLOSED,
1361	SMB_OFILE_STATE_ORPHANED,
1362	SMB_OFILE_STATE_RECONNECT,
1363	SMB_OFILE_STATE_EXPIRED,
1364	SMB_OFILE_STATE_SENTINEL
1365} smb_ofile_state_t;
1366
1367typedef struct smb_ofile {
1368	list_node_t		f_tree_lnd;	/* t_ofile_list */
1369	list_node_t		f_node_lnd;	/* n_ofile_list */
1370	list_node_t		f_dh_lnd;	/* sv_persistid_ht */
1371	uint32_t		f_magic;
1372	kmutex_t		f_mutex;
1373	smb_ofile_state_t	f_state;
1374
1375	struct smb_server	*f_server;
1376	smb_session_t		*f_session;
1377	smb_user_t		*f_user;
1378	smb_tree_t		*f_tree;
1379	smb_node_t		*f_node;
1380	smb_odir_t		*f_odir;
1381	smb_opipe_t		*f_pipe;
1382
1383	kcondvar_t		f_cv;
1384	/*
1385	 * Note: f_persistid == 0 means this ofile has no persistid
1386	 * (same interpretation at the protocol level).  IFF non-zero,
1387	 * this ofile is linked in the sv_persistid_ht hash table.
1388	 */
1389	uint64_t		f_persistid;
1390	uint32_t		f_uniqid;
1391	uint32_t		f_refcnt;
1392	uint64_t		f_seek_pos;
1393	uint32_t		f_flags;
1394	uint32_t		f_granted_access;
1395	uint32_t		f_share_access;
1396	uint32_t		f_create_options;
1397	uint32_t		f_opened_by_pid;
1398	uint16_t		f_fid;
1399	uint16_t		f_ftype;
1400	uint64_t		f_llf_pos;
1401	int			f_mode;
1402	cred_t			*f_cr;
1403	pid_t			f_pid;
1404	smb_attr_t		f_pending_attr;
1405	boolean_t		f_written;
1406	smb_oplock_grant_t	f_oplock;
1407	uint8_t			TargetOplockKey[SMB_LEASE_KEY_SZ];
1408	uint8_t			ParentOplockKey[SMB_LEASE_KEY_SZ];
1409	struct smb_lease	*f_lease;
1410
1411	smb_notify_t		f_notify;
1412
1413	smb_dh_vers_t		dh_vers;
1414	hrtime_t		dh_timeout_offset; /* time offset for timeout */
1415	hrtime_t		dh_expire_time; /* time the handle expires */
1416	boolean_t		dh_persist;
1417	kmutex_t		dh_nvlock;
1418	struct nvlist		*dh_nvlist;
1419	smb_node_t		*dh_nvfile;
1420
1421	uint8_t			dh_create_guid[16];
1422	char			f_quota_resume[SMB_SID_STRSZ];
1423	uint8_t			f_lock_seq[SMB_OFILE_LSEQ_MAX];
1424} smb_ofile_t;
1425
1426typedef struct smb_fileinfo {
1427	char		fi_name[MAXNAMELEN];
1428	char		fi_shortname[SMB_SHORTNAMELEN];
1429	uint32_t	fi_cookie;	/* Dir offset (of next entry) */
1430	uint32_t	fi_dosattr;	/* DOS attributes */
1431	uint64_t	fi_nodeid;	/* file system node id */
1432	uint64_t	fi_size;	/* file size in bytes */
1433	uint64_t	fi_alloc_size;	/* allocation size in bytes */
1434	timestruc_t	fi_atime;	/* last access */
1435	timestruc_t	fi_mtime;	/* last modification */
1436	timestruc_t	fi_ctime;	/* last status change */
1437	timestruc_t	fi_crtime;	/* file creation */
1438} smb_fileinfo_t;
1439
1440typedef struct smb_streaminfo {
1441	uint64_t	si_size;
1442	uint64_t	si_alloc_size;
1443	char		si_name[MAXPATHLEN];
1444} smb_streaminfo_t;
1445
1446#define	SMB_LOCK_MAGIC	0x4C4F434B	/* 'LOCK' */
1447
1448typedef struct smb_lock {
1449	list_node_t		l_lnd;
1450	uint32_t		l_magic;
1451	kmutex_t		l_mutex;
1452	kcondvar_t		l_cv;
1453
1454	smb_ofile_t		*l_file;
1455
1456	struct smb_lock		*l_blocked_by; /* Debug info only */
1457
1458	uint32_t		l_conflicts;
1459	uint32_t		l_flags;
1460	uint32_t		l_pid;
1461	uint32_t		l_type;
1462	uint64_t		l_start;
1463	uint64_t		l_length;
1464	clock_t			l_end_time;
1465} smb_lock_t;
1466
1467#define	SMB_LOCK_FLAG_INDEFINITE	0x0004
1468#define	SMB_LOCK_FLAG_CLOSED		0x0008
1469#define	SMB_LOCK_FLAG_CANCELLED		0x0010
1470
1471#define	SMB_LOCK_TYPE_READWRITE		101
1472#define	SMB_LOCK_TYPE_READONLY		102
1473
1474typedef struct vardata_block {
1475	uint8_t			vdb_tag;
1476	uint32_t		vdb_len;
1477	struct uio		vdb_uio;
1478	struct iovec		vdb_iovec[MAX_IOVEC];
1479} smb_vdb_t;
1480
1481#define	SMB_WRMODE_WRITE_THRU	0x0001
1482#define	SMB_WRMODE_IS_STABLE(M)	((M) & SMB_WRMODE_WRITE_THRU)
1483
1484#define	SMB_RW_MAGIC		0x52445257	/* 'RDRW' */
1485
1486typedef struct smb_rw_param {
1487	uint32_t rw_magic;
1488	smb_vdb_t rw_vdb;
1489	uint64_t rw_offset;
1490	uint32_t rw_last_write;
1491	uint16_t rw_mode;
1492	uint32_t rw_count;		/* bytes in this request */
1493	uint16_t rw_mincnt;
1494	uint32_t rw_total;		/* total bytes (write-raw) */
1495	uint16_t rw_dsoff;		/* SMB data offset */
1496	uint8_t rw_andx;		/* SMB secondary andx command */
1497} smb_rw_param_t;
1498
1499typedef struct smb_pathname {
1500	char	*pn_path;
1501	char	*pn_pname;
1502	char	*pn_fname;
1503	char	*pn_sname;
1504	char	*pn_stype;
1505} smb_pathname_t;
1506
1507/*
1508 * fs_query_info
1509 */
1510typedef struct smb_fqi {
1511	smb_pathname_t	fq_path;
1512	uint16_t	fq_sattr;
1513	smb_node_t	*fq_dnode;
1514	smb_node_t	*fq_fnode;
1515	smb_attr_t	fq_fattr;
1516	char		fq_last_comp[MAXNAMELEN];
1517} smb_fqi_t;
1518
1519typedef struct dirop {
1520	smb_fqi_t	fqi;
1521	smb_fqi_t	dst_fqi;
1522	uint16_t	info_level;
1523	uint16_t	flags;
1524} smb_arg_dirop_t;
1525
1526typedef struct smb_queryinfo {
1527	smb_node_t	*qi_node;	/* NULL for pipes */
1528	uint8_t qi_InfoType;
1529	uint8_t qi_InfoClass;
1530	uint8_t	qi_delete_on_close;
1531	uint8_t qi_isdir;
1532	uint32_t qi_AddlInfo;
1533	uint32_t qi_Flags;
1534	mbuf_chain_t in_data;
1535	smb_attr_t	qi_attr;
1536	uint32_t	qi_namelen;
1537	char		qi_shortname[SMB_SHORTNAMELEN];
1538	char		qi_name[MAXPATHLEN];
1539} smb_queryinfo_t;
1540
1541typedef struct smb_setinfo {
1542	smb_node_t *si_node;
1543	mbuf_chain_t si_data;
1544	smb_attr_t si_attr;
1545} smb_setinfo_t;
1546
1547/*
1548 * smb_fssize_t
1549 * volume_units and volume avail are the total allocated and
1550 * available units on the volume.
1551 * caller_units and caller_avail are the allocated and available
1552 * units on the volume for the user associated with the calling
1553 * thread.
1554 */
1555typedef struct smb_fssize {
1556	uint64_t	fs_volume_units;
1557	uint64_t	fs_volume_avail;
1558	uint64_t	fs_caller_units;
1559	uint64_t	fs_caller_avail;
1560	uint32_t	fs_sectors_per_unit;
1561	uint32_t	fs_bytes_per_sector;
1562} smb_fssize_t;
1563
1564/*
1565 * SMB FsCtl operations (SMB2 Ioctl, and some SMB1 trans calls)
1566 */
1567typedef struct {
1568	uint32_t CtlCode;
1569	uint32_t InputCount;
1570	uint32_t OutputCount;
1571	uint32_t MaxOutputResp;
1572	mbuf_chain_t *in_mbc;
1573	mbuf_chain_t *out_mbc;
1574} smb_fsctl_t;
1575
1576typedef struct {
1577	uint64_t	persistent;
1578	uint64_t	temporal;
1579} smb2fid_t;
1580
1581typedef struct {
1582	uint32_t status;
1583	uint16_t errcls;
1584	uint16_t errcode;
1585} smb_error_t;
1586
1587typedef struct open_param {
1588	smb_fqi_t	fqi;
1589	uint16_t	omode;
1590	uint16_t	ofun;
1591	uint32_t	nt_flags;
1592	uint32_t	timeo;
1593	uint32_t	dattr;
1594	timestruc_t	crtime;
1595	timestruc_t	mtime;
1596	timestruc_t	timewarp;
1597	/*
1598	 * Careful: dsize is the desired (allocation) size before the
1599	 * common open function, and the actual size afterwards.
1600	 */
1601	uint64_t	dsize;	/* alloc size, actual size */
1602	uint32_t	desired_access;
1603	uint32_t	maximum_access;
1604	uint32_t	share_access;
1605	uint32_t	create_options;
1606	uint32_t	create_disposition;
1607	boolean_t	create_timewarp;
1608	boolean_t	created_readonly;
1609	uint32_t	ftype;
1610	uint32_t	devstate;
1611	uint32_t	action_taken;
1612	uint64_t	fileid;
1613	uint32_t	rootdirfid;
1614	fsid_t		op_fsid;
1615	smb_ofile_t	*dir;
1616	smb_opipe_t	*pipe;	/* for smb_opipe_open */
1617	struct smb_sd	*sd;	/* for NTTransactCreate */
1618	void		*create_ctx;
1619
1620	uint8_t		op_oplock_level;	/* requested/granted level */
1621	uint32_t	op_oplock_state;	/* internal type+level */
1622	uint32_t	lease_state;		/* SMB2_LEASE_... */
1623	uint32_t	lease_flags;
1624	uint16_t	lease_epoch;
1625	uint16_t	lease_version;		/* 1 or 2 */
1626	uint8_t		lease_key[SMB_LEASE_KEY_SZ];	/* from client */
1627	uint8_t		parent_lease_key[SMB_LEASE_KEY_SZ]; /* for V2 */
1628
1629	smb_dh_vers_t	dh_vers;
1630	smb2fid_t	dh_fileid;		/* for durable reconnect */
1631	uint8_t		create_guid[16];
1632	uint32_t	dh_v2_flags;
1633	uint32_t	dh_timeout;
1634} smb_arg_open_t;
1635
1636typedef struct smb_arg_lock {
1637	void		*lvec;
1638	uint32_t	lcnt;
1639	uint32_t	lseq;
1640} smb_arg_lock_t;
1641
1642typedef struct smb_arg_olbrk {
1643	uint32_t	NewLevel;
1644	boolean_t	AckRequired;
1645} smb_arg_olbrk_t;
1646
1647/*
1648 * SMB Request State Machine
1649 * -------------------------
1650 *
1651 *                  T4               +------+		T0
1652 *      +--------------------------->| FREE |---------------------------+
1653 *      |                            +------+                           |
1654 * +-----------+                                                        |
1655 * | COMPLETED |                                                        |
1656 * +-----------+
1657 *      ^                                                               |
1658 *      | T15                      +-----------+                        v
1659 * +------------+        T6        |           |                +--------------+
1660 * | CLEANED_UP |<-----------------| CANCELLED |                | INITIALIZING |
1661 * +------------+                  |           |                +--------------+
1662 *      |    ^                     +-----------+                        |
1663 *      |    |                        ^  ^ ^ ^                          |
1664 *      |    |          +-------------+  | | |                          |
1665 *      |    |    T3    |                | | |               T13        | T1
1666 *      |    +-------------------------+ | | +----------------------+   |
1667 *      +----------------------------+ | | |                        |   |
1668 *         T16          |            | | | +-----------+            |   |
1669 *                      |           \/ | | T5          |            |   v
1670 * +-----------------+  |   T12     +--------+         |     T2    +-----------+
1671 * | EVENT_OCCURRED  |------------->| ACTIVE |<--------------------| SUBMITTED |
1672 * +-----------------+  |           +--------+         |           +-----------+
1673 *        ^             |              | ^ |           |
1674 *        |             |           T8 | | |  T7       |
1675 *        | T10      T9 |   +----------+ | +-------+   |  T11
1676 *        |             |   |            +-------+ |   |
1677 *        |             |   |               T14  | |   |
1678 *        |             |   v                    | v   |
1679 *      +----------------------+                +--------------+
1680 *	|     WAITING_EVENT    |                | WAITING_LOCK |
1681 *      +----------------------+                +--------------+
1682 *
1683 *
1684 *
1685 *
1686 *
1687 * Transition T0
1688 *
1689 * This transition occurs when the request is allocated and is still under the
1690 * control of the session thread.
1691 *
1692 * Transition T1
1693 *
1694 * This transition occurs when the session thread dispatches a task to treat the
1695 * request.
1696 *
1697 * Transition T2
1698 *
1699 *
1700 *
1701 * Transition T3
1702 *
1703 * A request completes and smbsr_cleanup is called to release resources
1704 * associated with the request (but not the smb_request_t itself).  This
1705 * includes references on smb_ofile_t, smb_node_t, and other structures.
1706 * CLEANED_UP state exists to detect if we attempt to cleanup a request
1707 * multiple times and to allow us to detect that we are accessing a
1708 * request that has already been cleaned up.
1709 *
1710 * Transition T4
1711 *
1712 *
1713 *
1714 * Transition T5
1715 *
1716 *
1717 *
1718 * Transition T6
1719 *
1720 *
1721 *
1722 * Transition T7
1723 *
1724 *
1725 *
1726 * Transition T8
1727 *
1728 *
1729 *
1730 * Transition T9
1731 *
1732 *
1733 *
1734 * Transition T10
1735 *
1736 *
1737 *
1738 * Transition T11
1739 *
1740 *
1741 *
1742 * Transition T12
1743 *
1744 *
1745 *
1746 * Transition T13
1747 *
1748 *
1749 *
1750 * Transition T14
1751 *
1752 *
1753 *
1754 * Transition T15
1755 *
1756 * Request processing is completed (control returns from smb_dispatch)
1757 *
1758 * Transition T16
1759 *
1760 * Multipart (andx) request was cleaned up with smbsr_cleanup but more "andx"
1761 * sections remain to be processed.
1762 *
1763 */
1764
1765#define	SMB_REQ_MAGIC		0x534D4252	/* 'SMBR' */
1766#define	SMB_REQ_VALID(p)	ASSERT((p)->sr_magic == SMB_REQ_MAGIC)
1767
1768typedef enum smb_req_state {
1769	SMB_REQ_STATE_FREE = 0,
1770	SMB_REQ_STATE_INITIALIZING,
1771	SMB_REQ_STATE_SUBMITTED,
1772	SMB_REQ_STATE_ACTIVE,
1773	SMB_REQ_STATE_WAITING_AUTH,
1774	SMB_REQ_STATE_WAITING_FCN1,
1775	SMB_REQ_STATE_WAITING_FCN2,
1776	SMB_REQ_STATE_WAITING_LOCK,
1777	SMB_REQ_STATE_WAITING_PIPE,
1778	SMB_REQ_STATE_COMPLETED,
1779	SMB_REQ_STATE_CANCEL_PENDING,
1780	SMB_REQ_STATE_CANCELLED,
1781	SMB_REQ_STATE_CLEANED_UP,
1782	SMB_REQ_STATE_SENTINEL
1783} smb_req_state_t;
1784
1785typedef struct smb_request {
1786	list_node_t		sr_session_lnd;
1787	uint32_t		sr_magic;
1788	kmutex_t		sr_mutex;
1789	smb_req_state_t		sr_state;
1790	struct smb_server	*sr_server;
1791	pid_t			*sr_pid;
1792	int32_t			sr_gmtoff;
1793	smb_session_t		*session;
1794	smb_kmod_cfg_t		*sr_cfg;
1795	void			(*cancel_method)(struct smb_request *);
1796	void			*cancel_arg2;
1797
1798	/* Queue used by smb_request_append_postwork. */
1799	struct smb_request	*sr_postwork;
1800
1801	list_node_t		sr_waiters;	/* smb_notify.c */
1802
1803	/* Info from session service header */
1804	uint32_t		sr_req_length; /* Excluding NBT header */
1805
1806	/* Request buffer excluding NBT header */
1807	void			*sr_request_buf;
1808
1809	struct mbuf_chain	command;
1810	struct mbuf_chain	reply;
1811	struct mbuf_chain	raw_data;
1812	list_t			sr_storage;
1813	struct smb_xa		*r_xa;
1814	int			andx_prev_wct;
1815	int			cur_reply_offset;
1816	int			orig_request_hdr;
1817	unsigned int		reply_seqnum;	/* reply sequence number */
1818	unsigned char		first_smb_com;	/* command code */
1819	unsigned char		smb_com;	/* command code */
1820
1821	uint8_t			smb_rcls;	/* error code class */
1822	uint8_t			smb_reh;	/* rsvd (AH DOS INT-24 ERR) */
1823	uint16_t		smb_err;	/* error code */
1824	smb_error_t		smb_error;
1825
1826	uint8_t			smb_flg;	/* flags */
1827	uint16_t		smb_flg2;	/* flags */
1828	unsigned char		smb_sig[8];	/* signiture */
1829	uint16_t		smb_tid;	/* tree id #  */
1830	uint32_t		smb_pid;	/* caller's process id # */
1831	uint16_t		smb_uid;	/* local (smb1) user id # */
1832	uint16_t		smb_mid;	/* mutiplex id #  */
1833	unsigned char		smb_wct;	/* count of parameter words */
1834	uint16_t		smb_bcc;	/* data byte count */
1835
1836	/*
1837	 * Beginning offsets (in the mbuf chain) for the
1838	 * command and reply headers, and the next reply.
1839	 */
1840	uint32_t		smb2_cmd_hdr;
1841	uint32_t		smb2_reply_hdr;
1842	uint32_t		smb2_next_reply;
1843
1844	/*
1845	 * SMB2 header fields.  [MS-SMB2 2.2.1.2]
1846	 * XXX: Later do a union w smb1 members
1847	 */
1848	uint16_t		smb2_credit_charge;
1849	uint16_t		smb2_chan_seq;	/* cmd only */
1850	uint32_t		smb2_status;
1851	uint16_t		smb2_cmd_code;
1852	uint16_t		smb2_credit_request;
1853	uint16_t		smb2_credit_response;
1854	uint16_t		smb2_total_credits; /* in compound */
1855	uint32_t		smb2_hdr_flags;
1856	uint32_t		smb2_next_command;
1857	uint64_t		smb2_messageid;
1858	uint64_t		smb2_first_msgid;
1859	/* uint32_t		smb2_pid; use smb_pid */
1860	/* uint32_t		smb2_tid; use smb_tid */
1861	uint64_t		smb2_ssnid;	/* See u_ssnid */
1862	uint8_t			smb2_sig[16];	/* signature */
1863
1864	/*
1865	 * SMB3 transform header fields. [MS-SMB2 2.2.41]
1866	 */
1867	uint64_t		smb3_tform_ssnid;
1868	smb_user_t		*tform_ssn;
1869	uint32_t		msgsize;
1870	uint8_t			nonce[16];
1871
1872	boolean_t		encrypted;
1873	boolean_t		dh_nvl_dirty;
1874
1875	boolean_t		smb2_async;
1876	uint64_t		smb2_async_id;
1877	/* Parameters */
1878	struct mbuf_chain	smb_vwv;	/* variable width value */
1879
1880	/* Data */
1881	struct mbuf_chain	smb_data;
1882
1883	uint16_t		smb_fid;	/* not in hdr, but common */
1884
1885	unsigned char		andx_com;
1886	uint16_t		andx_off;
1887
1888	struct smb_tree		*tid_tree;
1889	struct smb_ofile	*fid_ofile;
1890	smb_user_t		*uid_user;
1891
1892	cred_t			*user_cr;
1893	kthread_t		*sr_worker;
1894	hrtime_t		sr_time_submitted;
1895	hrtime_t		sr_time_active;
1896	hrtime_t		sr_time_start;
1897	int32_t			sr_txb;
1898	uint32_t		sr_seqnum;
1899
1900	union {
1901		smb_arg_negotiate_t	*negprot;
1902		smb_arg_sessionsetup_t	*ssetup;
1903		smb_arg_tcon_t		tcon;
1904		smb_arg_dirop_t		dirop;
1905		smb_arg_open_t		open;
1906		smb_arg_lock_t		lock;
1907		smb_arg_olbrk_t		olbrk;	/* for async oplock break */
1908		smb_rw_param_t		*rw;
1909		int32_t			timestamp;
1910		void			*other;
1911	} arg;
1912} smb_request_t;
1913
1914#define	sr_ssetup	arg.ssetup
1915#define	sr_negprot	arg.negprot
1916#define	sr_tcon		arg.tcon
1917#define	sr_dirop	arg.dirop
1918#define	sr_open		arg.open
1919#define	sr_rw		arg.rw
1920#define	sr_timestamp	arg.timestamp
1921
1922#define	SMB_READ_PROTOCOL(hdr) \
1923	LE_IN32(((smb_hdr_t *)(hdr))->protocol)
1924
1925#define	SMB_PROTOCOL_MAGIC_INVALID(rd_sr) \
1926	(SMB_READ_PROTOCOL((rd_sr)->sr_request_buf) != SMB_PROTOCOL_MAGIC)
1927
1928#define	SMB_READ_COMMAND(hdr) \
1929	(((smb_hdr_t *)(hdr))->command)
1930
1931#define	SMB_IS_NT_CANCEL(rd_sr) \
1932	(SMB_READ_COMMAND((rd_sr)->sr_request_buf) == SMB_COM_NT_CANCEL)
1933
1934#define	SMB_IS_SESSION_SETUP_ANDX(rd_sr) \
1935	(SMB_READ_COMMAND((rd_sr)->sr_request_buf) == \
1936	    SMB_COM_SESSION_SETUP_ANDX)
1937
1938#define	SMB_IS_NT_NEGOTIATE(rd_sr) \
1939	(SMB_READ_COMMAND((rd_sr)->sr_request_buf) == SMB_COM_NEGOTIATE)
1940
1941#define	SMB_IS_TREE_CONNECT_ANDX(rd_sr) \
1942	(SMB_READ_COMMAND((rd_sr)->sr_request_buf) == SMB_COM_TREE_CONNECT_ANDX)
1943
1944#define	SMB_XA_FLAG_OPEN	0x0001
1945#define	SMB_XA_FLAG_CLOSE	0x0002
1946#define	SMB_XA_FLAG_COMPLETE	0x0004
1947#define	SMB_XA_CLOSED(xa) (!((xa)->xa_flags & SMB_XA_FLAG_OPEN))
1948
1949#define	SMB_XA_MAGIC		0x534D4258	/* 'SMBX' */
1950
1951typedef struct smb_xa {
1952	list_node_t		xa_lnd;
1953	uint32_t		xa_magic;
1954	kmutex_t		xa_mutex;
1955
1956	uint32_t		xa_refcnt;
1957	uint32_t		xa_flags;
1958
1959	struct smb_session	*xa_session;
1960
1961	unsigned char		smb_com;	/* which TRANS type */
1962	unsigned char		smb_flg;	/* flags */
1963	uint16_t		smb_flg2;	/* flags */
1964	uint16_t		smb_tid;	/* tree id number */
1965	uint32_t		smb_pid;	/* caller's process id */
1966	uint16_t		smb_uid;	/* user id number */
1967	uint32_t		smb_func;	/* NT_TRANS function */
1968
1969	uint16_t		xa_smb_mid;	/* mutiplex id number */
1970	uint16_t		xa_smb_fid;	/* TRANS2 secondary */
1971
1972	unsigned int		reply_seqnum;	/* reply sequence number */
1973
1974	uint32_t	smb_tpscnt;	/* total parameter bytes being sent */
1975	uint32_t	smb_tdscnt;	/* total data bytes being sent */
1976	uint32_t	smb_mprcnt;	/* max parameter bytes to return */
1977	uint32_t	smb_mdrcnt;	/* max data bytes to return */
1978	uint32_t	smb_msrcnt;	/* max setup words to return */
1979	uint32_t	smb_flags;	/* additional information: */
1980				/*  bit 0 - if set, disconnect TID in smb_tid */
1981				/*  bit 1 - if set, transaction is one way */
1982				/*  (no final response) */
1983	int32_t	smb_timeout;	/* number of milliseconds to await completion */
1984	uint32_t	smb_suwcnt;	/* set up word count */
1985
1986	char			*xa_pipe_name;
1987
1988	/*
1989	 * These are the param and data count received so far,
1990	 * used to decide if the whole trans is here yet.
1991	 */
1992	int			req_disp_param;
1993	int			req_disp_data;
1994
1995	struct mbuf_chain	req_setup_mb;
1996	struct mbuf_chain	req_param_mb;
1997	struct mbuf_chain	req_data_mb;
1998
1999	struct mbuf_chain	rep_setup_mb;
2000	struct mbuf_chain	rep_param_mb;
2001	struct mbuf_chain	rep_data_mb;
2002} smb_xa_t;
2003
2004
2005#define	SDDF_NO_FLAGS			0
2006#define	SDDF_SUPPRESS_TID		0x0001
2007#define	SDDF_SUPPRESS_UID		0x0002
2008
2009/*
2010 * SMB dispatch return codes.
2011 */
2012typedef enum {
2013	SDRC_SUCCESS = 0,
2014	SDRC_ERROR,
2015	SDRC_DROP_VC,
2016	SDRC_NO_REPLY,
2017	SDRC_SR_KEPT,
2018	SDRC_NOT_IMPLEMENTED
2019} smb_sdrc_t;
2020
2021#define	VAR_BCC		((short)-1)
2022
2023#define	SMB_SERVER_MAGIC	0x53534552	/* 'SSER' */
2024#define	SMB_SERVER_VALID(s)	\
2025    ASSERT(((s) != NULL) && ((s)->sv_magic == SMB_SERVER_MAGIC))
2026
2027#define	SMB_LISTENER_MAGIC	0x4C53544E	/* 'LSTN' */
2028#define	SMB_LISTENER_VALID(ld)	\
2029    ASSERT(((ld) != NULL) && ((ld)->ld_magic == SMB_LISTENER_MAGIC))
2030
2031typedef struct {
2032	uint32_t		ld_magic;
2033	struct smb_server	*ld_sv;
2034	smb_thread_t		ld_thread;
2035	ksocket_t		ld_so;
2036	in_port_t		ld_port;
2037	int			ld_family;
2038	struct sockaddr_in	ld_sin;
2039	struct sockaddr_in6	ld_sin6;
2040} smb_listener_daemon_t;
2041
2042#define	SMB_SSETUP_CMD			"authentication"
2043#define	SMB_TCON_CMD			"share mapping"
2044#define	SMB_OPIPE_CMD			"pipe open"
2045#define	SMB_THRESHOLD_REPORT_THROTTLE	50
2046typedef struct smb_cmd_threshold {
2047	char			*ct_cmd;
2048	kmutex_t		ct_mutex;
2049	volatile uint32_t	ct_active_cnt;
2050	volatile uint32_t	ct_blocked_cnt;
2051	uint32_t		ct_threshold;
2052	uint32_t		ct_timeout; /* milliseconds */
2053	kcondvar_t		ct_cond;
2054} smb_cmd_threshold_t;
2055
2056typedef struct {
2057	kstat_named_t		ls_files;
2058	kstat_named_t		ls_trees;
2059	kstat_named_t		ls_users;
2060} smb_server_legacy_kstat_t;
2061
2062typedef enum smb_server_state {
2063	SMB_SERVER_STATE_CREATED = 0,
2064	SMB_SERVER_STATE_CONFIGURED,
2065	SMB_SERVER_STATE_RUNNING,
2066	SMB_SERVER_STATE_STOPPING,
2067	SMB_SERVER_STATE_DELETING,
2068	SMB_SERVER_STATE_SENTINEL
2069} smb_server_state_t;
2070
2071typedef struct {
2072	/* protected by sv_mutex */
2073	kcondvar_t		sp_cv;
2074	uint32_t		sp_cnt;
2075	smb_llist_t		sp_list;
2076	smb_llist_t		sp_fidlist;
2077} smb_spool_t;
2078
2079#define	SMB_SERVER_STATE_VALID(S)               \
2080    ASSERT(((S) == SMB_SERVER_STATE_CREATED) || \
2081	    ((S) == SMB_SERVER_STATE_CONFIGURED) || \
2082	    ((S) == SMB_SERVER_STATE_RUNNING) ||    \
2083	    ((S) == SMB_SERVER_STATE_STOPPING) ||   \
2084	    ((S) == SMB_SERVER_STATE_DELETING))
2085
2086typedef struct smb_server {
2087	list_node_t		sv_lnd;
2088	uint32_t		sv_magic;
2089	kcondvar_t		sv_cv;
2090	kmutex_t		sv_mutex;
2091	smb_server_state_t	sv_state;
2092	uint32_t		sv_refcnt;
2093	pid_t			sv_pid;
2094	zoneid_t		sv_zid;
2095	smb_listener_daemon_t	sv_nbt_daemon;
2096	smb_listener_daemon_t	sv_tcp_daemon;
2097	krwlock_t		sv_cfg_lock;
2098	smb_kmod_cfg_t		sv_cfg;
2099	smb_session_t		*sv_session;
2100	smb_user_t		*sv_rootuser;
2101	smb_llist_t		sv_session_list;
2102	smb_hash_t		*sv_persistid_ht;
2103	smb_hash_t		*sv_lease_ht;
2104
2105	smb_export_t		sv_export;
2106	struct __door_handle	*sv_lmshrd;
2107
2108	/* Internal door for up-calls to smbd */
2109	struct __door_handle	*sv_kdoor_hd;
2110	int			sv_kdoor_id; /* init -1 */
2111	uint64_t		sv_kdoor_ncall;
2112	kmutex_t		sv_kdoor_mutex;
2113	kcondvar_t		sv_kdoor_cv;
2114
2115	int32_t			si_gmtoff;
2116
2117	smb_thread_t		si_thread_timers;
2118
2119	taskq_t			*sv_worker_pool;
2120	taskq_t			*sv_receiver_pool;
2121
2122	smb_node_t		*si_root_smb_node;
2123	smb_llist_t		sv_opipe_list;
2124	smb_llist_t		sv_event_list;
2125
2126	/* Statistics */
2127	hrtime_t		sv_start_time;
2128	kstat_t			*sv_ksp;
2129	volatile uint32_t	sv_nbt_sess;
2130	volatile uint32_t	sv_tcp_sess;
2131	volatile uint32_t	sv_users;
2132	volatile uint32_t	sv_trees;
2133	volatile uint32_t	sv_files;
2134	volatile uint32_t	sv_pipes;
2135	volatile uint64_t	sv_txb;
2136	volatile uint64_t	sv_rxb;
2137	volatile uint64_t	sv_nreq;
2138	smb_srqueue_t		sv_srqueue;
2139	smb_spool_t		sp_info;
2140	smb_cmd_threshold_t	sv_ssetup_ct;
2141	smb_cmd_threshold_t	sv_tcon_ct;
2142	smb_cmd_threshold_t	sv_opipe_ct;
2143	kstat_t			*sv_legacy_ksp;
2144	kmutex_t		sv_legacy_ksmtx;
2145	smb_disp_stats_t	*sv_disp_stats1;
2146	smb_disp_stats_t	*sv_disp_stats2;
2147} smb_server_t;
2148
2149#define	SMB_EVENT_MAGIC		0x45564E54	/* EVNT */
2150#define	SMB_EVENT_TIMEOUT	45		/* seconds */
2151#define	SMB_EVENT_VALID(e)	\
2152    ASSERT(((e) != NULL) && ((e)->se_magic == SMB_EVENT_MAGIC))
2153typedef struct smb_event {
2154	list_node_t		se_lnd;
2155	uint32_t		se_magic;
2156	kmutex_t		se_mutex;
2157	kcondvar_t		se_cv;
2158	smb_server_t		*se_server;
2159	uint32_t		se_txid;
2160	boolean_t		se_notified;
2161	int			se_waittime;
2162	int			se_timeout;
2163	int			se_errno;
2164} smb_event_t;
2165
2166typedef struct smb_kspooldoc {
2167	list_node_t	sd_lnd;
2168	uint32_t	sd_magic;
2169	smb_inaddr_t	sd_ipaddr;
2170	uint32_t	sd_spool_num;
2171	uint16_t	sd_fid;
2172	char		sd_username[MAXNAMELEN];
2173	char		sd_path[MAXPATHLEN];
2174} smb_kspooldoc_t;
2175
2176typedef struct smb_spoolfid {
2177	list_node_t	sf_lnd;
2178	uint32_t	sf_magic;
2179	uint16_t	sf_fid;
2180} smb_spoolfid_t;
2181
2182#define	SMB_INFO_NETBIOS_SESSION_SVC_RUNNING	0x0001
2183#define	SMB_INFO_NETBIOS_SESSION_SVC_FAILED	0x0002
2184#define	SMB_INFO_USER_LEVEL_SECURITY		0x40000000
2185#define	SMB_INFO_ENCRYPT_PASSWORDS		0x80000000
2186
2187#define	SMB_IS_STREAM(node) ((node)->n_unode)
2188
2189typedef struct smb_tsd {
2190	void (*proc)();
2191	void *arg;
2192	char name[100];
2193} smb_tsd_t;
2194
2195typedef struct smb_disp_entry {
2196	char		sdt_name[KSTAT_STRLEN];
2197	smb_sdrc_t	(*sdt_pre_op)(smb_request_t *);
2198	smb_sdrc_t	(*sdt_function)(smb_request_t *);
2199	void		(*sdt_post_op)(smb_request_t *);
2200	uint8_t		sdt_com;
2201	char		sdt_dialect;
2202	uint8_t		sdt_flags;
2203} smb_disp_entry_t;
2204
2205typedef struct smb_xlate {
2206	int	code;
2207	char	*str;
2208} smb_xlate_t;
2209
2210/*
2211 * This structure is a helper for building RAP NetShareEnum response
2212 *
2213 * es_posix_uid UID of the user requesting the shares list which
2214 *              is used to detect if the user has any autohome
2215 * es_bufsize   size of the response buffer
2216 * es_buf       pointer to the response buffer
2217 * es_ntotal    total number of shares exported by server which
2218 *              their OEM names is less then 13 chars
2219 * es_nsent     number of shares that can fit in the specified buffer
2220 * es_datasize  actual data size (share's data) which was encoded
2221 *              in the response buffer
2222 */
2223typedef struct smb_enumshare_info {
2224	uid_t		es_posix_uid;
2225	uint16_t	es_bufsize;
2226	char		*es_buf;
2227	uint16_t	es_ntotal;
2228	uint16_t	es_nsent;
2229	uint16_t	es_datasize;
2230} smb_enumshare_info_t;
2231
2232#ifdef	__cplusplus
2233}
2234#endif
2235
2236#endif /* _SMBSRV_SMB_KTYPES_H */
2237