1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright 2019 Nexenta by DDN, Inc. All rights reserved.
24 * Copyright 2020 RackTop Systems, Inc.
25 */
26
27/*
28 * Structures and type definitions for the SMB module.
29 */
30
31#ifndef _SMBSRV_SMB_KTYPES_H
32#define	_SMBSRV_SMB_KTYPES_H
33
34#ifdef	__cplusplus
35extern "C" {
36#endif
37
38#include <sys/note.h>
39#include <sys/systm.h>
40#include <sys/param.h>
41#include <sys/types.h>
42#include <sys/synch.h>
43#include <sys/taskq.h>
44#include <sys/socket.h>
45#include <sys/acl.h>
46#include <sys/sdt.h>
47#include <sys/stat.h>
48#include <sys/vnode.h>
49#include <sys/cred.h>
50#include <netinet/in.h>
51#include <sys/ksocket.h>
52#include <sys/fem.h>
53#include <smbsrv/smb.h>
54#include <smbsrv/smb2.h>
55#include <smbsrv/smbinfo.h>
56#include <smbsrv/mbuf.h>
57#include <smbsrv/smb_sid.h>
58#include <smbsrv/smb_xdr.h>
59#include <smbsrv/netbios.h>
60#include <smbsrv/smb_vops.h>
61#include <smbsrv/smb_kstat.h>
62
63struct __door_handle;	/* <sys/door.h> */
64struct edirent;		/* <sys/extdirent.h> */
65struct nvlist;
66
67struct smb_disp_entry;
68struct smb_request;
69struct smb_server;
70struct smb_event;
71struct smb_export;
72
73/*
74 * Accumulated time and queue length statistics.
75 *
76 * Accumulated time statistics are kept as a running sum of "active" time.
77 * Queue length statistics are kept as a running sum of the product of queue
78 * length and elapsed time at that length -- i.e., a Riemann sum for queue
79 * length integrated against time.  (You can also think of the active time as a
80 * Riemann sum, for the boolean function (queue_length > 0) integrated against
81 * time, or you can think of it as the Lebesgue measure of the set on which
82 * queue_length > 0.)
83 *
84 *		^
85 *		|			_________
86 *		8			| i4	|
87 *		|			|	|
88 *	Queue	6			|	|
89 *	Length	|	_________	|	|
90 *		4	| i2	|_______|	|
91 *		|	|	    i3		|
92 *		2_______|			|
93 *		|    i1				|
94 *		|_______________________________|
95 *		Time->	t1	t2	t3	t4
96 *
97 * At each change of state (entry or exit from the queue), we add the elapsed
98 * time (since the previous state change) to the active time if the queue length
99 * was non-zero during that interval; and we add the product of the elapsed time
100 * times the queue length to the running length*time sum.
101 *
102 * This method is generalizable to measuring residency in any defined system:
103 * instead of queue lengths, think of "outstanding RPC calls to server X".
104 *
105 * A large number of I/O subsystems have at least two basic "lists" of
106 * transactions they manage: one for transactions that have been accepted for
107 * processing but for which processing has yet to begin, and one for
108 * transactions which are actively being processed (but not done). For this
109 * reason, two cumulative time statistics are defined here: wait (pre-service)
110 * time, and run (service) time.
111 *
112 * All times are 64-bit nanoseconds (hrtime_t), as returned by gethrtime().
113 *
114 * The units of cumulative busy time are accumulated nanoseconds. The units of
115 * cumulative length*time products are elapsed time times queue length.
116 *
117 * Updates to the fields below are performed implicitly by calls to
118 * these functions:
119 *
120 *	smb_srqueue_init()
121 *	smb_srqueue_destroy()
122 *	smb_srqueue_waitq_enter()
123 *	smb_srqueue_runq_exit()
124 *	smb_srqueue_waitq_to_runq()
125 *	smb_srqueue_update()
126 *
127 * These fields should never be updated by any other means.
128 */
129typedef struct smb_srqueue {
130	kmutex_t	srq_mutex;
131	hrtime_t	srq_wlastupdate;
132	hrtime_t	srq_wtime;
133	hrtime_t	srq_wlentime;
134	hrtime_t	srq_rlastupdate;
135	hrtime_t	srq_rtime;
136	hrtime_t	srq_rlentime;
137	uint32_t	srq_wcnt;
138	uint32_t	srq_rcnt;
139} smb_srqueue_t;
140
141/*
142 * The fields with the prefix 'ly_a' contain the statistics collected since the
143 * server was last started ('a' for 'aggregated'). The fields with the prefix
144 * 'ly_d' contain the statistics collected since the last snapshot ('d' for
145 * 'delta').
146 */
147typedef struct smb_latency {
148	kmutex_t	ly_mutex;
149	uint64_t	ly_a_nreq;
150	hrtime_t	ly_a_sum;
151	hrtime_t	ly_a_mean;
152	hrtime_t	ly_a_stddev;
153	uint64_t	ly_d_nreq;
154	hrtime_t	ly_d_sum;
155	hrtime_t	ly_d_mean;
156	hrtime_t	ly_d_stddev;
157} smb_latency_t;
158
159typedef struct smb_disp_stats {
160	volatile uint64_t sdt_txb;
161	volatile uint64_t sdt_rxb;
162	smb_latency_t	sdt_lat;
163} smb_disp_stats_t;
164
165int smb_noop(void *, size_t, int);
166
167#define	SMB_AUDIT_STACK_DEPTH	16
168#define	SMB_AUDIT_BUF_MAX_REC	16
169#define	SMB_AUDIT_NODE		0x00000001
170
171/*
172 * Maximum number of records returned in SMBsearch, SMBfind
173 * and SMBfindunique response. Value set to 10 for compatibility
174 * with Windows.
175 */
176#define	SMB_MAX_SEARCH		10
177
178#define	SMB_SEARCH_ATTRIBUTES    \
179	(FILE_ATTRIBUTE_HIDDEN | \
180	FILE_ATTRIBUTE_SYSTEM |  \
181	FILE_ATTRIBUTE_DIRECTORY)
182
183#define	SMB_SEARCH_HIDDEN(sattr) ((sattr) & FILE_ATTRIBUTE_HIDDEN)
184#define	SMB_SEARCH_SYSTEM(sattr) ((sattr) & FILE_ATTRIBUTE_SYSTEM)
185#define	SMB_SEARCH_DIRECTORY(sattr) ((sattr) & FILE_ATTRIBUTE_DIRECTORY)
186#define	SMB_SEARCH_ALL(sattr) ((sattr) & SMB_SEARCH_ATTRIBUTES)
187
188typedef struct {
189	uint32_t		anr_refcnt;
190	int			anr_depth;
191	pc_t			anr_stack[SMB_AUDIT_STACK_DEPTH];
192} smb_audit_record_node_t;
193
194typedef struct {
195	int			anb_index;
196	int			anb_max_index;
197	smb_audit_record_node_t	anb_records[SMB_AUDIT_BUF_MAX_REC];
198} smb_audit_buf_node_t;
199
200/*
201 * Thread State Machine
202 * --------------------
203 *
204 *			    T5			   T0
205 * smb_thread_destroy()	<-------+		+------- smb_thread_init()
206 *                              |		|
207 *				|		v
208 *			+-----------------------------+
209 *			|   SMB_THREAD_STATE_EXITED   |<---+
210 *			+-----------------------------+	   |
211 *				      | T1		   |
212 *				      v			   |
213 *			+-----------------------------+	   |
214 *			|  SMB_THREAD_STATE_STARTING  |	   |
215 *			+-----------------------------+	   |
216 *				     | T2		   | T4
217 *				     v			   |
218 *			+-----------------------------+	   |
219 *			|  SMB_THREAD_STATE_RUNNING   |	   |
220 *			+-----------------------------+	   |
221 *				     | T3		   |
222 *				     v			   |
223 *			+-----------------------------+	   |
224 *			|  SMB_THREAD_STATE_EXITING   |----+
225 *			+-----------------------------+
226 *
227 * Transition T0
228 *
229 *    This transition is executed in smb_thread_init().
230 *
231 * Transition T1
232 *
233 *    This transition is executed in smb_thread_start().
234 *
235 * Transition T2
236 *
237 *    This transition is executed by the thread itself when it starts running.
238 *
239 * Transition T3
240 *
241 *    This transition is executed by the thread itself in
242 *    smb_thread_entry_point() just before calling thread_exit().
243 *
244 *
245 * Transition T4
246 *
247 *    This transition is executed in smb_thread_stop().
248 *
249 * Transition T5
250 *
251 *    This transition is executed in smb_thread_destroy().
252 */
253typedef enum smb_thread_state {
254	SMB_THREAD_STATE_STARTING = 0,
255	SMB_THREAD_STATE_RUNNING,
256	SMB_THREAD_STATE_EXITING,
257	SMB_THREAD_STATE_EXITED,
258	SMB_THREAD_STATE_FAILED
259} smb_thread_state_t;
260
261struct _smb_thread;
262
263typedef void (*smb_thread_ep_t)(struct _smb_thread *, void *ep_arg);
264
265#define	SMB_THREAD_MAGIC	0x534D4254	/* SMBT */
266
267typedef struct _smb_thread {
268	uint32_t		sth_magic;
269	char			sth_name[32];
270	smb_thread_state_t	sth_state;
271	kthread_t		*sth_th;
272	kt_did_t		sth_did;
273	smb_thread_ep_t		sth_ep;
274	void			*sth_ep_arg;
275	pri_t			sth_pri;
276	boolean_t		sth_kill;
277	kmutex_t		sth_mtx;
278	kcondvar_t		sth_cv;
279} smb_thread_t;
280
281/*
282 * Pool of IDs
283 * -----------
284 *
285 *    A pool of IDs is a pool of 16 bit numbers. It is implemented as a bitmap.
286 *    A bit set to '1' indicates that that particular value has been allocated.
287 *    The allocation process is done shifting a bit through the whole bitmap.
288 *    The current position of that index bit is kept in the smb_idpool_t
289 *    structure and represented by a byte index (0 to buffer size minus 1) and
290 *    a bit index (0 to 7).
291 *
292 *    The pools start with a size of 8 bytes or 64 IDs. Each time the pool runs
293 *    out of IDs its current size is doubled until it reaches its maximum size
294 *    (8192 bytes or 65536 IDs). The IDs 0 and 65535 are never given out which
295 *    means that a pool can have a maximum number of 65534 IDs available.
296 */
297#define	SMB_IDPOOL_MAGIC	0x4944504C	/* IDPL */
298#define	SMB_IDPOOL_MIN_SIZE	64	/* Number of IDs to begin with */
299#define	SMB_IDPOOL_MAX_SIZE	64 * 1024
300
301typedef struct smb_idpool {
302	uint32_t	id_magic;
303	kmutex_t	id_mutex;
304	uint8_t		*id_pool;
305	uint32_t	id_size;
306	uint32_t	id_maxsize;
307	uint8_t		id_bit;
308	uint8_t		id_bit_idx;
309	uint32_t	id_idx;
310	uint32_t	id_idx_msk;
311	uint32_t	id_free_counter;
312	uint32_t	id_max_free_counter;
313} smb_idpool_t;
314
315/*
316 * Maximum size of a Transport Data Unit when CAP_LARGE_READX and
317 * CAP_LARGE_WRITEX are not set.  CAP_LARGE_READX/CAP_LARGE_WRITEX
318 * allow the payload to exceed the negotiated buffer size.
319 *     4 --> NBT/TCP Transport Header.
320 *    32 --> SMB Header
321 *     1 --> Word Count byte
322 *   510 --> Maximum Number of bytes of the Word Table (2 * 255)
323 *     2 --> Byte count of the data
324 * 65535 --> Maximum size of the data
325 * -----
326 * 66084
327 */
328#define	SMB_REQ_MAX_SIZE	66560		/* 65KB */
329#define	SMB_XPRT_MAX_SIZE	(SMB_REQ_MAX_SIZE + NETBIOS_HDR_SZ)
330
331#define	SMB_TXREQ_MAGIC		0X54524251	/* 'TREQ' */
332typedef struct {
333	list_node_t	tr_lnd;
334	uint32_t	tr_magic;
335	int		tr_len;
336	uint8_t		tr_buf[SMB_XPRT_MAX_SIZE];
337} smb_txreq_t;
338
339#define	SMB_TXLST_MAGIC		0X544C5354	/* 'TLST' */
340typedef struct {
341	uint32_t	tl_magic;
342	kmutex_t	tl_mutex;
343	kcondvar_t	tl_wait_cv;
344	boolean_t	tl_active;
345} smb_txlst_t;
346
347/*
348 * Maximum buffer size for NT is 37KB.  If all clients are Windows 2000, this
349 * can be changed to 64KB.  37KB must be used with a mix of NT/Windows 2000
350 * clients because NT loses directory entries when values greater than 37KB are
351 * used.
352 *
353 * Note: NBT_MAXBUF will be subtracted from the specified max buffer size to
354 * account for the NBT header.
355 */
356#define	NBT_MAXBUF		8
357#define	SMB_NT_MAXBUF		(37 * 1024)
358
359#define	OUTBUFSIZE		(65 * 1024)
360#define	SMBHEADERSIZE		32
361#define	SMBND_HASH_MASK		(0xFF)
362#define	MAX_IOVEC		512
363#define	MAX_READREF		(8 * 1024)
364
365#define	SMB_WORKER_MIN		4
366#define	SMB_WORKER_DEFAULT	64
367#define	SMB_WORKER_MAX		1024
368
369/*
370 * Destructor object used in the locked-list delete queue.
371 */
372#define	SMB_DTOR_MAGIC		0x44544F52	/* DTOR */
373#define	SMB_DTOR_VALID(d)	\
374    ASSERT(((d) != NULL) && ((d)->dt_magic == SMB_DTOR_MAGIC))
375
376typedef void (*smb_dtorproc_t)(void *);
377
378typedef struct smb_dtor {
379	list_node_t	dt_lnd;
380	uint32_t	dt_magic;
381	void		*dt_object;
382	smb_dtorproc_t	dt_proc;
383} smb_dtor_t;
384
385typedef struct smb_llist {
386	krwlock_t	ll_lock;
387	list_t		ll_list;
388	uint32_t	ll_count;
389	uint64_t	ll_wrop;
390	kmutex_t	ll_mutex;
391	list_t		ll_deleteq;
392	uint32_t	ll_deleteq_count;
393	boolean_t	ll_flushing;
394} smb_llist_t;
395
396typedef struct smb_bucket {
397	smb_llist_t	b_list;
398	uint32_t	b_max_seen;
399} smb_bucket_t;
400
401typedef struct smb_hash {
402	uint32_t	rshift;
403	uint32_t	num_buckets;
404	smb_bucket_t	*buckets;
405} smb_hash_t;
406
407typedef struct smb_slist {
408	kmutex_t	sl_mutex;
409	kcondvar_t	sl_cv;
410	list_t		sl_list;
411	uint32_t	sl_count;
412	boolean_t	sl_waiting;
413} smb_slist_t;
414
415/*
416 * smb_avl_t State Machine
417 * --------------------
418 *
419 *                      +-----------------------------+
420 *                      |     SMB_AVL_STATE_START     |
421 *                      +-----------------------------+
422 *                                    | T0
423 *                                    v
424 *                      +-----------------------------+
425 *                      |     SMB_AVL_STATE_READY     |
426 *                      +-----------------------------+
427 *                                    | T1
428 *                                    v
429 *                      +-----------------------------+
430 *                      |  SMB_AVL_STATE_DESTROYING   |
431 *                      +-----------------------------+
432 *
433 * Transition T0
434 *
435 *    This transition is executed in smb_avl_create().
436 *
437 * Transition T1
438 *
439 *    This transition is executed in smb_avl_destroy().
440 *
441 */
442typedef enum {
443	SMB_AVL_STATE_START = 0,
444	SMB_AVL_STATE_READY,
445	SMB_AVL_STATE_DESTROYING
446} smb_avl_state_t;
447
448typedef struct smb_avl_nops {
449	int		(*avln_cmp) (const void *, const void *);
450	void		(*avln_hold)(const void *);
451	boolean_t	(*avln_rele)(const void *);
452	void		(*avln_destroy)(void *);
453} smb_avl_nops_t;
454
455typedef struct smb_avl_cursor {
456	void		*avlc_next;
457	uint32_t	avlc_sequence;
458} smb_avl_cursor_t;
459
460typedef struct smb_avl {
461	krwlock_t	avl_lock;
462	avl_tree_t	avl_tree;
463	kmutex_t	avl_mutex;
464	kcondvar_t	avl_cv;
465	smb_avl_state_t	avl_state;
466	uint32_t	avl_refcnt;
467	uint32_t	avl_sequence;
468	const smb_avl_nops_t	*avl_nops;
469} smb_avl_t;
470
471typedef struct {
472	kcondvar_t	rwx_cv;
473	kmutex_t	rwx_mutex;
474	krwlock_t	rwx_lock;
475	boolean_t	rwx_waiting;
476} smb_rwx_t;
477
478typedef struct smb_export {
479	kmutex_t	e_mutex;
480	boolean_t	e_ready;
481	smb_avl_t	e_share_avl;
482	smb_slist_t	e_unexport_list;
483	smb_thread_t	e_unexport_thread;
484} smb_export_t;
485
486/*
487 * NOTIFY CHANGE, a.k.a. File Change Notification (FCN)
488 */
489
490/*
491 * These FCN filter mask values are not from MS-FSCC, but
492 * must not overlap with any FILE_NOTIFY_VALID_MASK values.
493 */
494#define	FILE_NOTIFY_CHANGE_EV_SUBDIR	0x00010000
495#define	FILE_NOTIFY_CHANGE_EV_DELETE	0x00020000
496#define	FILE_NOTIFY_CHANGE_EV_CLOSED	0x00040000
497#define	FILE_NOTIFY_CHANGE_EV_OVERFLOW	0x00080000
498
499/*
500 * Note: These FCN action values are not from MS-FSCC, but must
501 * follow in sequence from FILE_ACTION_MODIFIED_STREAM.
502 *
503 * FILE_ACTION_SUBDIR_CHANGED is used internally for
504 * "watch tree" support, posted to all parents of a
505 * directory that had one of the changes above.
506 *
507 * FILE_ACTION_DELETE_PENDING is used internally to tell
508 * notify change requests when the "delete-on-close" flag
509 * has been set on the directory being watched.
510 *
511 * FILE_ACTION_HANDLE_CLOSED is used to wakeup notify change
512 * requests when the watched directory handle is closed.
513 */
514#define	FILE_ACTION_SUBDIR_CHANGED	0x00000009
515#define	FILE_ACTION_DELETE_PENDING	0x0000000a
516#define	FILE_ACTION_HANDLE_CLOSED	0x0000000b
517
518/*
519 * Sub-struct within smb_ofile_t
520 */
521typedef struct smb_notify {
522	list_t			nc_waiters; /* Waiting SRs */
523	mbuf_chain_t		nc_buffer;
524	uint32_t		nc_filter;
525	uint32_t		nc_events;
526	int			nc_last_off;
527	boolean_t		nc_subscribed;
528} smb_notify_t;
529
530/*
531 * SMB operates over a NetBIOS-over-TCP transport (NBT) or directly
532 * over TCP, which is also known as direct hosted NetBIOS-less SMB
533 * or SMB-over-TCP.
534 *
535 * NBT messages have a 4-byte header that defines the message type
536 * (8-bits), a 7-bit flags field and a 17-bit length.
537 *
538 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
539 * |      TYPE     |     FLAGS   |E|            LENGTH             |
540 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
541 *
542 * 8-bit type      Defined in RFC 1002
543 * 7-bit flags     Bits 0-6 reserved (must be 0)
544 *                 Bit 7: Length extension bit (E)
545 * 17-bit length   Includes bit 7 of the flags byte
546 *
547 *
548 * SMB-over-TCP is defined to use a modified version of the NBT header
549 * containing an 8-bit message type and 24-bit message length.
550 *
551 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
552 * |      TYPE     |                  LENGTH                       |
553 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
554 *
555 * 8-bit type      Must be 0
556 * 24-bit length
557 *
558 * The following structure is used to represent a generic, in-memory
559 * SMB transport header; it is not intended to map directly to either
560 * of the over-the-wire formats.
561 */
562typedef struct {
563	uint8_t		xh_type;
564	uint32_t	xh_length;
565} smb_xprt_t;
566
567int MBC_LENGTH(struct mbuf_chain *);
568int MBC_MAXBYTES(struct mbuf_chain *);
569void MBC_SETUP(struct mbuf_chain *, uint32_t);
570void MBC_INIT(struct mbuf_chain *, uint32_t);
571void MBC_FLUSH(struct mbuf_chain *);
572void MBC_ATTACH_MBUF(struct mbuf_chain *, struct mbuf *);
573void MBC_APPEND_MBUF(struct mbuf_chain *, struct mbuf *);
574void MBC_ATTACH_BUF(struct mbuf_chain *MBC, unsigned char *BUF, int LEN);
575int MBC_SHADOW_CHAIN(struct mbuf_chain *SUBMBC, struct mbuf_chain *MBC,
576    int OFF, int LEN);
577
578#define	MBC_ROOM_FOR(b, n) (((b)->chain_offset + (n)) <= (b)->max_bytes)
579
580/*
581 * Per smb_node oplock state
582 */
583typedef struct smb_oplock {
584	kmutex_t		ol_mutex;
585	boolean_t		ol_fem;		/* fem monitor installed? */
586	struct smb_ofile	*excl_open;
587	uint32_t		ol_state;
588	int32_t			cnt_II;
589	int32_t			cnt_R;
590	int32_t			cnt_RH;
591	int32_t			cnt_RHBQ;
592	int32_t			waiters;
593	kcondvar_t		WaitingOpenCV;
594} smb_oplock_t;
595
596/*
597 * Per smb_ofile oplock state
598 */
599typedef struct smb_oplock_grant {
600	/* smb protocol-level state */
601	uint32_t		og_state;	/* latest sent to client */
602	uint32_t		og_breaking;	/* BREAK_TO... flags */
603	uint16_t		og_dialect;	/* how to send breaks */
604	/* File-system level state */
605	uint8_t			onlist_II;
606	uint8_t			onlist_R;
607	uint8_t			onlist_RH;
608	uint8_t			onlist_RHBQ;
609	uint8_t			BreakingToRead;
610} smb_oplock_grant_t;
611
612#define	SMB_LEASE_KEY_SZ	16
613
614typedef struct smb_lease {
615	list_node_t		ls_lnd;		/* sv_lease_ht */
616	kmutex_t		ls_mutex;
617	smb_llist_t		*ls_bucket;
618	struct smb_node		*ls_node;
619	/*
620	 * With a lease, just one ofile has the oplock.
621	 * This (used only for comparison) identifies which.
622	 */
623	void			*ls_oplock_ofile;
624	uint32_t		ls_refcnt;
625	uint32_t		ls_state;
626	uint32_t		ls_breaking;	/* BREAK_TO... flags */
627	uint16_t		ls_epoch;
628	uint16_t		ls_version;
629	uint8_t			ls_key[SMB_LEASE_KEY_SZ];
630	uint8_t			ls_clnt[SMB_LEASE_KEY_SZ];
631} smb_lease_t;
632
633#define	SMB_NODE_MAGIC		0x4E4F4445	/* 'NODE' */
634#define	SMB_NODE_VALID(p)	ASSERT((p)->n_magic == SMB_NODE_MAGIC)
635
636typedef enum {
637	SMB_NODE_STATE_AVAILABLE = 0,
638	SMB_NODE_STATE_DESTROYING
639} smb_node_state_t;
640
641/*
642 * waiting_event        # of clients requesting FCN
643 * n_timestamps         cached timestamps
644 * n_allocsz            cached file allocation size
645 * n_dnode              directory node
646 * n_unode              unnamed stream node
647 * delete_on_close_cred credentials for delayed delete
648 */
649typedef struct smb_node {
650	list_node_t		n_lnd;
651	uint32_t		n_magic;
652	krwlock_t		n_lock;
653	kmutex_t		n_mutex;
654	smb_node_state_t	n_state;
655	uint32_t		n_refcnt;
656	uint32_t		n_hashkey;
657	smb_llist_t		*n_hash_bucket;
658	uint32_t		n_open_count;
659	uint32_t		n_opening_count;
660	smb_llist_t		n_ofile_list;
661	/* If entering both, go in order n_lock_list, n_wlock_list */
662	smb_llist_t		n_lock_list;	/* active locks */
663	smb_llist_t		n_wlock_list;	/* waiting locks */
664	volatile int		flags;
665	u_offset_t		n_allocsz;
666	uint32_t		n_fcn_count;
667	smb_oplock_t		n_oplock;
668	struct smb_node		*n_dnode;
669	struct smb_node		*n_unode;
670	cred_t			*delete_on_close_cred;
671	uint32_t		n_delete_on_close_flags;
672	char			od_name[MAXNAMELEN];
673	vnode_t			*vp;
674	smb_audit_buf_node_t	*n_audit_buf;
675} smb_node_t;
676
677#define	NODE_FLAGS_REPARSE		0x00001000
678#define	NODE_FLAGS_DFSLINK		0x00002000
679#define	NODE_FLAGS_VFSROOT		0x00004000
680#define	NODE_FLAGS_SYSTEM		0x00008000
681#define	NODE_FLAGS_WRITE_THROUGH	0x00100000
682#define	NODE_XATTR_DIR			0x01000000
683#define	NODE_FLAGS_DELETE_COMMITTED	0x20000000
684#define	NODE_FLAGS_DELETE_ON_CLOSE	0x40000000
685#define	NODE_FLAGS_EXECUTABLE		0x80000000
686
687#define	SMB_NODE_VFS(node)	((node)->vp->v_vfsp)
688#define	SMB_NODE_FSID(node)	((node)->vp->v_vfsp->vfs_fsid)
689
690/* Maximum buffer size for encryption key */
691#define	SMB_ENCRYPT_KEY_MAXLEN		32
692
693#define	SMB_SHARE_MAGIC		0x4B534852	/* KSHR */
694
695typedef struct smb_kshare {
696	uint32_t	shr_magic;
697	avl_node_t	shr_link;
698	kmutex_t	shr_mutex;
699	kcondvar_t	shr_cv;
700	char		*shr_name;
701	char		*shr_path;
702	char		*shr_cmnt;
703	char		*shr_container;
704	char		*shr_oemname;
705	uint32_t	shr_flags;
706	uint32_t	shr_type;
707	uint32_t	shr_refcnt;
708	uint32_t	shr_autocnt;
709	uid_t		shr_uid;
710	gid_t		shr_gid;
711	char		*shr_access_none;
712	char		*shr_access_ro;
713	char		*shr_access_rw;
714	smb_node_t	*shr_root_node;
715	smb_node_t	*shr_ca_dir;
716	void		*shr_import_busy;
717	smb_cfg_val_t	shr_encrypt; /* Share.EncryptData */
718} smb_kshare_t;
719
720
721typedef struct smb_arg_negotiate {
722	char		*ni_name;
723	int		ni_dialect;
724	int		ni_index;
725	uint32_t	ni_capabilities;
726	uint16_t	ni_maxmpxcount;
727	int16_t		ni_tzcorrection;
728	uint8_t		ni_keylen;
729	uint8_t		ni_key[SMB_ENCRYPT_KEY_MAXLEN];
730	timestruc_t	ni_servertime;
731} smb_arg_negotiate_t;
732
733typedef struct smb2_arg_negotiate {
734	struct smb2_neg_ctxs	*neg_in_ctxs;
735	struct smb2_neg_ctxs	*neg_out_ctxs;
736} smb2_arg_negotiate_t;
737
738typedef enum {
739	SMB_SSNSETUP_PRE_NTLM012 = 1,
740	SMB_SSNSETUP_NTLM012_NOEXT,
741	SMB_SSNSETUP_NTLM012_EXTSEC
742} smb_ssnsetup_type_t;
743
744typedef struct smb_arg_sessionsetup {
745	smb_ssnsetup_type_t ssi_type;
746	char		*ssi_user;
747	char		*ssi_domain;
748	/* LM password hash, f.k.a. case-insensitive p/w */
749	uint16_t	ssi_lmpwlen;
750	uint8_t		*ssi_lmpwd;
751	/* NT password hash, f.k.a. case-sensitive p/w */
752	uint16_t	ssi_ntpwlen;
753	uint8_t		*ssi_ntpwd;
754	/* Incoming security blob */
755	uint16_t	ssi_iseclen;
756	uint8_t		*ssi_isecblob;
757	/* Incoming security blob */
758	uint16_t	ssi_oseclen;
759	uint8_t		*ssi_osecblob;
760	/* parameters */
761	uint16_t	ssi_maxbufsize;
762	uint16_t	ssi_maxmpxcount;
763	uint32_t	ssi_capabilities;
764	int		ssi_native_os;
765	int		ssi_native_lm;
766} smb_arg_sessionsetup_t;
767
768typedef struct tcon {
769	char		*name;
770	char		*path;
771	char		*service;
772	int		pwdlen;
773	char		*password;
774	uint16_t	flags;
775	uint16_t	optional_support;
776	smb_kshare_t	*si;
777} smb_arg_tcon_t;
778
779/*
780 * Based on section 2.6.1.2 (Connection Management) of the June 13,
781 * 1996 CIFS spec, a server may terminate the transport connection
782 * due to inactivity. The client software is expected to be able to
783 * automatically reconnect to the server if this happens. Like much
784 * of the useful background information, this section appears to
785 * have been dropped from later revisions of the document.
786 *
787 * Each session has an activity timestamp that's updated whenever a
788 * request is dispatched. If the session is idle, i.e. receives no
789 * requests, for SMB_SESSION_INACTIVITY_TIMEOUT minutes it will be
790 * closed.
791 *
792 * Each session has an I/O semaphore to serialize communication with
793 * the client. For example, after receiving a raw-read request, the
794 * server is not allowed to send an oplock break to the client until
795 * after it has sent the raw-read data.
796 */
797#define	SMB_SESSION_INACTIVITY_TIMEOUT		(15 * 60)
798
799/* SMB1 signing */
800struct smb_sign {
801	unsigned int flags;
802	uint32_t seqnum;
803	uint_t mackey_len;
804	uint8_t *mackey;
805};
806
807/*
808 * SMB2 signing
809 */
810struct smb_key {
811	uint_t len;
812	uint8_t key[SMB2_SESSION_KEY_LEN];
813};
814
815#define	SMB_SIGNING_ENABLED	1
816#define	SMB_SIGNING_CHECK	2
817
818/*
819 * Locking notes:
820 * If you hold the mutex/lock on an object, don't flush the deleteq
821 * of the objects directly below it in the logical hierarchy
822 * (i.e. via smb_llist_exit()). I.e. don't drop s_tree_list when
823 * you hold u_mutex, because deleted trees need u_mutex to
824 * lower the refcnt.
825 *
826 * Note that this also applies to u_mutex and t_ofile_list.
827 */
828
829/*
830 * The "session" object.
831 *
832 * Note that the smb_session_t object here corresponds to what MS-SMB2
833 * calls a "connection".  Adding to the confusion, what MS calls a
834 * "session" corresponds to our smb_user_t (below).
835 */
836
837/*
838 * Session State Machine
839 * ---------------------
840 *
841 *
842 * +-----------------------------+	    +----------------------------+
843 * | SMB_SESSION_STATE_CONNECTED |	    | SMB_SESSION_STATE_SHUTDOWN |
844 * +-----------------------------+	    +----------------------------+
845 *		  |					     ^
846 *		  |					     |T6
847 *		  |			    +------------------------------+
848 *		  |			    | SMB_SESSION_STATE_TERMINATED |
849 *		T0|			    +------------------------------+
850 *		  +--------------------+		     ^
851 *		  v		       |T4                   |T5
852 * +-------------------------------+   |    +--------------------------------+
853 * | SMB_SESSION_STATE_ESTABLISHED |---+--->| SMB_SESSION_STATE_DISCONNECTED |
854 * +-------------------------------+        +--------------------------------+
855 *		T1|				^
856 *		  +----------+			|T3
857 *                           v			|
858 *                  +------------------------------+
859 *                  | SMB_SESSION_STATE_NEGOTIATED |
860 *                  +------------------------------+
861 *
862 *
863 * Transition T0
864 *
865 *
866 *
867 * Transition T1
868 *
869 *
870 *
871 * Transition T2
872 *
873 *
874 *
875 * Transition T3
876 *
877 *
878 *
879 * Transition T4
880 *
881 *
882 *
883 * Transition T5
884 *
885 *
886 *
887 * Transition T6
888 *
889 *
890 *
891 */
892#define	SMB_SESSION_MAGIC	0x53455353	/* 'SESS' */
893#define	SMB_SESSION_VALID(p)	\
894    ASSERT(((p) != NULL) && ((p)->s_magic == SMB_SESSION_MAGIC))
895
896#define	SMB_CHALLENGE_SZ	8
897#define	SMB3_PREAUTH_HASHVAL_SZ	64
898
899typedef enum {
900	SMB_SESSION_STATE_INITIALIZED = 0,
901	SMB_SESSION_STATE_DISCONNECTED,
902	SMB_SESSION_STATE_CONNECTED,
903	SMB_SESSION_STATE_ESTABLISHED,
904	SMB_SESSION_STATE_NEGOTIATED,
905	SMB_SESSION_STATE_TERMINATED,
906	SMB_SESSION_STATE_SHUTDOWN,
907	SMB_SESSION_STATE_SENTINEL
908} smb_session_state_t;
909
910/* Bits in s_flags below */
911#define	SMB_SSN_AAPL_CCEXT	1	/* Saw "AAPL" create ctx. ext. */
912#define	SMB_SSN_AAPL_READDIR	2	/* Wants MacOS ext. readdir */
913
914#define	SMB2_NEGOTIATE_MAX_DIALECTS	64
915
916typedef struct smb_session {
917	list_node_t		s_lnd;
918	uint32_t		s_magic;
919	smb_rwx_t		s_lock;
920	uint64_t		s_kid;
921	smb_session_state_t	s_state;
922	uint32_t		s_flags;
923	taskqid_t		s_receiver_tqid;
924	kthread_t		*s_thread;
925	kt_did_t		s_ktdid;
926	int	(*newrq_func)(struct smb_request *);
927	struct smb_server	*s_server;
928	smb_kmod_cfg_t		s_cfg;
929	int32_t			s_gmtoff;
930	uint32_t		keep_alive;
931	uint64_t		opentime;
932	uint16_t		s_local_port;
933	uint16_t		s_remote_port;
934	smb_inaddr_t		ipaddr;
935	smb_inaddr_t		local_ipaddr;
936	int			dialect;
937	int			native_os;
938	int			native_lm;
939
940	kmutex_t		s_credits_mutex;
941	uint16_t		s_cur_credits;
942	uint16_t		s_max_credits;
943
944	uint32_t		capabilities;
945	uint32_t		srv_cap;
946
947	struct smb_sign		signing;	/* SMB1 */
948	void			*sign_mech;	/* mechanism info */
949	void			*enc_mech;
950	void			*preauth_mech;
951
952	/* SMB2/SMB3 signing support */
953	int			(*sign_calc)(struct smb_request *,
954					struct mbuf_chain *, uint8_t *);
955	void			(*sign_fini)(struct smb_session *);
956
957	ksocket_t		sock;
958
959	smb_slist_t		s_req_list;
960	smb_llist_t		s_xa_list;
961	smb_llist_t		s_user_list;
962	smb_llist_t		s_tree_list;
963	smb_idpool_t		s_uid_pool;
964	smb_idpool_t		s_tid_pool;
965	smb_txlst_t		s_txlst;
966
967	volatile uint32_t	s_tree_cnt;
968	volatile uint32_t	s_file_cnt;
969	volatile uint32_t	s_dir_cnt;
970
971	uint16_t		cli_secmode;
972	uint16_t		srv_secmode;
973	uint32_t		sesskey;
974	uint32_t		challenge_len;
975	unsigned char		challenge_key[SMB_CHALLENGE_SZ];
976	int64_t			activity_timestamp;
977	timeout_id_t		s_auth_tmo;
978
979	/*
980	 * Client dialects
981	 */
982	uint16_t		cli_dialect_cnt;
983	uint16_t		cli_dialects[SMB2_NEGOTIATE_MAX_DIALECTS];
984	/*
985	 * Maximum negotiated buffer sizes between SMB client and server
986	 * in SMB_SESSION_SETUP_ANDX
987	 */
988	int			cmd_max_bytes;
989	int			reply_max_bytes;
990	uint16_t		smb_msg_size;
991	uint16_t		smb_max_mpx;
992	smb_srqueue_t		*s_srqueue;
993	uint64_t		start_time;
994
995	uint16_t		smb31_enc_cipherid;
996	uint16_t		smb31_preauth_hashid;
997	uint8_t			smb31_preauth_hashval[SMB3_PREAUTH_HASHVAL_SZ];
998
999	unsigned char		MAC_key[44];
1000	char			ip_addr_str[INET6_ADDRSTRLEN];
1001	uint8_t			clnt_uuid[16];
1002	char			workstation[SMB_PI_MAX_HOST];
1003} smb_session_t;
1004
1005/*
1006 * The "user" object.
1007 *
1008 * Note that smb_user_t object here corresponds to what MS-SMB2 calls
1009 * a "session".  (Our smb_session_t is something else -- see above).
1010 */
1011
1012#define	SMB_USER_MAGIC 0x55534552	/* 'USER' */
1013#define	SMB_USER_VALID(u)	\
1014    ASSERT(((u) != NULL) && ((u)->u_magic == SMB_USER_MAGIC))
1015
1016/* These flags are all <= 0x00000010 */
1017#define	SMB_USER_FLAG_GUEST			SMB_ATF_GUEST
1018#define	SMB_USER_FLAG_ANON			SMB_ATF_ANON
1019#define	SMB_USER_FLAG_ADMIN			SMB_ATF_ADMIN
1020#define	SMB_USER_FLAG_POWER_USER		SMB_ATF_POWERUSER
1021#define	SMB_USER_FLAG_BACKUP_OPERATOR		SMB_ATF_BACKUPOP
1022
1023#define	SMB_USER_IS_ADMIN(U)	(((U)->u_flags & SMB_USER_FLAG_ADMIN) != 0)
1024#define	SMB_USER_IS_GUEST(U)	(((U)->u_flags & SMB_USER_FLAG_GUEST) != 0)
1025
1026/*
1027 * Internal privilege flags derived from smb_privilege.h numbers
1028 * Would rather not include that in this file.
1029 */
1030#define	SMB_USER_PRIV_SECURITY		(1<<8)	/* SE_SECURITY_LUID */
1031#define	SMB_USER_PRIV_TAKE_OWNERSHIP	(1<<9)	/* SE_TAKE_OWNERSHIP_LUID */
1032#define	SMB_USER_PRIV_BACKUP		(1<<17)	/* SE_BACKUP_LUID */
1033#define	SMB_USER_PRIV_RESTORE		(1<<18)	/* SE_RESTORE_LUID */
1034#define	SMB_USER_PRIV_CHANGE_NOTIFY	(1<<23)	/* SE_CHANGE_NOTIFY_LUID */
1035#define	SMB_USER_PRIV_READ_FILE		(1<<25)	/* SE_READ_FILE_LUID */
1036#define	SMB_USER_PRIV_WRITE_FILE	(1<<26)	/* SE_WRITE_FILE_LUID */
1037
1038/*
1039 * See the long "User State Machine" comment in smb_user.c
1040 */
1041typedef enum {
1042	SMB_USER_STATE_LOGGING_ON = 0,
1043	SMB_USER_STATE_LOGGED_ON,
1044	SMB_USER_STATE_LOGGING_OFF,
1045	SMB_USER_STATE_LOGGED_OFF,
1046	SMB_USER_STATE_SENTINEL
1047} smb_user_state_t;
1048
1049typedef enum {
1050	SMB2_DH_PRESERVE_NONE = 0,
1051	SMB2_DH_PRESERVE_SOME,
1052	SMB2_DH_PRESERVE_ALL
1053} smb_preserve_type_t;
1054
1055typedef struct smb_user {
1056	list_node_t		u_lnd;
1057	uint32_t		u_magic;
1058	kmutex_t		u_mutex;
1059	smb_user_state_t	u_state;
1060
1061	struct smb_server	*u_server;
1062	smb_session_t		*u_session;
1063	ksocket_t		u_authsock;
1064	timeout_id_t		u_auth_tmo;
1065	uint16_t		u_name_len;
1066	char			*u_name;
1067	uint16_t		u_domain_len;
1068	char			*u_domain;
1069	time_t			u_logon_time;
1070	cred_t			*u_cred;
1071	cred_t			*u_privcred;
1072
1073	uint64_t		u_ssnid;	/* unique server-wide */
1074	uint32_t		u_refcnt;
1075	uint32_t		u_flags;
1076	smb_preserve_type_t	preserve_opens;
1077	uint32_t		u_privileges;
1078	uint16_t		u_uid;		/* unique per-session */
1079	uint32_t		u_audit_sid;
1080
1081	uint32_t		u_sign_flags;
1082	struct smb_key		u_sign_key;	/* SMB2 signing */
1083
1084	struct smb_key		u_enc_key;
1085	struct smb_key		u_dec_key;
1086	volatile uint64_t	u_nonce_cnt;
1087	uint8_t			u_nonce_fixed[4];
1088	uint64_t		u_salt;
1089	smb_cfg_val_t		u_encrypt;
1090
1091	/* SMB 3.1.1 preauth session hashval */
1092	uint8_t			u_preauth_hashval[SMB3_PREAUTH_HASHVAL_SZ];
1093} smb_user_t;
1094
1095#define	SMB_TREE_MAGIC			0x54524545	/* 'TREE' */
1096#define	SMB_TREE_VALID(p)	\
1097    ASSERT((p != NULL) && ((p)->t_magic == SMB_TREE_MAGIC))
1098
1099#define	SMB_TYPENAMELEN			_ST_FSTYPSZ
1100#define	SMB_VOLNAMELEN			32
1101
1102#define	SMB_TREE_READONLY		0x00000001
1103#define	SMB_TREE_SUPPORTS_ACLS		0x00000002
1104#define	SMB_TREE_STREAMS		0x00000004
1105#define	SMB_TREE_CASEINSENSITIVE	0x00000008
1106#define	SMB_TREE_NO_CASESENSITIVE	0x00000010
1107#define	SMB_TREE_NO_EXPORT		0x00000020
1108#define	SMB_TREE_OPLOCKS		0x00000040
1109#define	SMB_TREE_SHORTNAMES		0x00000080
1110#define	SMB_TREE_XVATTR			0x00000100
1111#define	SMB_TREE_DIRENTFLAGS		0x00000200
1112#define	SMB_TREE_ACLONCREATE		0x00000400
1113#define	SMB_TREE_ACEMASKONACCESS	0x00000800
1114#define	SMB_TREE_NFS_MOUNTED		0x00001000
1115#define	SMB_TREE_UNICODE_ON_DISK	0x00002000
1116#define	SMB_TREE_CATIA			0x00004000
1117#define	SMB_TREE_ABE			0x00008000
1118#define	SMB_TREE_QUOTA			0x00010000
1119#define	SMB_TREE_DFSROOT		0x00020000
1120#define	SMB_TREE_SPARSE			0x00040000
1121#define	SMB_TREE_TRAVERSE_MOUNTS	0x00080000
1122#define	SMB_TREE_FORCE_L2_OPLOCK	0x00100000
1123#define	SMB_TREE_CA			0x00200000
1124/* Note: SMB_TREE_... in the mdb module too. */
1125
1126/*
1127 * See the long "Tree State Machine" comment in smb_tree.c
1128 */
1129typedef enum {
1130	SMB_TREE_STATE_CONNECTED = 0,
1131	SMB_TREE_STATE_DISCONNECTING,
1132	SMB_TREE_STATE_DISCONNECTED,
1133	SMB_TREE_STATE_SENTINEL
1134} smb_tree_state_t;
1135
1136typedef struct smb_tree {
1137	list_node_t		t_lnd;
1138	uint32_t		t_magic;
1139	kmutex_t		t_mutex;
1140	smb_tree_state_t	t_state;
1141
1142	struct smb_server	*t_server;
1143	smb_session_t		*t_session;
1144	/*
1145	 * user whose uid was in the tree connect message
1146	 * ("owner" in MS-CIFS parlance, see section 2.2.1.6 definition of FID)
1147	 */
1148	smb_user_t		*t_owner;
1149	smb_node_t		*t_snode;
1150
1151	smb_llist_t		t_ofile_list;
1152	smb_idpool_t		t_fid_pool;
1153
1154	smb_llist_t		t_odir_list;
1155	smb_idpool_t		t_odid_pool;
1156
1157	uint32_t		t_refcnt;
1158	uint32_t		t_flags;
1159	int32_t			t_res_type;
1160	uint16_t		t_tid;
1161	uint16_t		t_umask;
1162	char			t_sharename[MAXNAMELEN];
1163	char			t_resource[MAXPATHLEN];
1164	char			t_typename[SMB_TYPENAMELEN];
1165	char			t_volume[SMB_VOLNAMELEN];
1166	acl_type_t		t_acltype;
1167	uint32_t		t_access;
1168	uint32_t		t_execflags;
1169	time_t			t_connect_time;
1170	volatile uint32_t	t_open_files;
1171	smb_cfg_val_t		t_encrypt; /* Share.EncryptData */
1172} smb_tree_t;
1173
1174#define	SMB_TREE_VFS(tree)	((tree)->t_snode->vp->v_vfsp)
1175#define	SMB_TREE_FSID(tree)	((tree)->t_snode->vp->v_vfsp->vfs_fsid)
1176
1177#define	SMB_TREE_IS_READONLY(sr)					\
1178	((sr) != NULL && (sr)->tid_tree != NULL &&			\
1179	!((sr)->tid_tree->t_access & ACE_ALL_WRITE_PERMS))
1180
1181#define	SMB_TREE_IS_CASEINSENSITIVE(sr)                                 \
1182	(((sr) && (sr)->tid_tree) ?                                     \
1183	smb_tree_has_feature((sr)->tid_tree, SMB_TREE_CASEINSENSITIVE) : 0)
1184
1185#define	SMB_TREE_HAS_ACCESS(sr, acemask)				\
1186	((sr) == NULL ? ACE_ALL_PERMS : (				\
1187	(((sr) && (sr)->tid_tree) ?					\
1188	(((sr)->tid_tree->t_access) & (acemask)) : 0)))
1189
1190#define	SMB_TREE_SUPPORTS_CATIA(sr)					\
1191	(((sr) && (sr)->tid_tree) ?                                     \
1192	smb_tree_has_feature((sr)->tid_tree, SMB_TREE_CATIA) : 0)
1193
1194#define	SMB_TREE_SUPPORTS_ABE(sr)					\
1195	(((sr) && (sr)->tid_tree) ?                                     \
1196	smb_tree_has_feature((sr)->tid_tree, SMB_TREE_ABE) : 0)
1197
1198#define	SMB_TREE_IS_DFSROOT(sr)						\
1199	(((sr) && (sr)->tid_tree) ?                                     \
1200	smb_tree_has_feature((sr)->tid_tree, SMB_TREE_DFSROOT) : 0)
1201
1202#define	SMB_TREE_SUPPORTS_SHORTNAMES(sr)				\
1203	(((sr) && (sr)->tid_tree) ?					\
1204	smb_tree_has_feature((sr)->tid_tree, SMB_TREE_SHORTNAMES) : 0)
1205
1206/*
1207 * SMB_TREE_CONTAINS_NODE is used to check if a node is on the same
1208 * file system as the tree's root filesystem, or if mount point traversal
1209 * should be allowed.  Note that this is also called in some cases with
1210 * sr=NULL, where it is expected to evaluate to TRUE.
1211 */
1212
1213#define	SMB_TREE_CONTAINS_NODE(sr, node)                                \
1214	((sr) == NULL || (sr)->tid_tree == NULL ||                      \
1215	SMB_TREE_VFS((sr)->tid_tree) == SMB_NODE_VFS(node) ||           \
1216	smb_tree_has_feature((sr)->tid_tree, SMB_TREE_TRAVERSE_MOUNTS))
1217
1218/*
1219 * SMB_PATHFILE_IS_READONLY indicates whether or not a file is
1220 * readonly when the caller has a path rather than an ofile.
1221 */
1222#define	SMB_PATHFILE_IS_READONLY(sr, node)			\
1223	(SMB_TREE_IS_READONLY((sr)) ||				\
1224	smb_node_file_is_readonly((node)))
1225
1226#define	SMB_ODIR_MAGIC		0x4F444952	/* 'ODIR' */
1227#define	SMB_ODIR_VALID(p)	\
1228    ASSERT((p != NULL) && ((p)->d_magic == SMB_ODIR_MAGIC))
1229
1230#define	SMB_ODIR_BUFSIZE	(8 * 1024)
1231
1232#define	SMB_ODIR_FLAG_WILDCARDS		0x0001
1233#define	SMB_ODIR_FLAG_IGNORE_CASE	0x0002
1234#define	SMB_ODIR_FLAG_XATTR		0x0004
1235#define	SMB_ODIR_FLAG_EDIRENT		0x0008
1236#define	SMB_ODIR_FLAG_CATIA		0x0010
1237#define	SMB_ODIR_FLAG_ABE		0x0020
1238#define	SMB_ODIR_FLAG_SHORTNAMES	0x0040
1239
1240typedef enum {
1241	SMB_ODIR_STATE_OPEN = 0,
1242	SMB_ODIR_STATE_IN_USE,
1243	SMB_ODIR_STATE_CLOSING,
1244	SMB_ODIR_STATE_CLOSED,
1245	SMB_ODIR_STATE_SENTINEL
1246} smb_odir_state_t;
1247
1248typedef enum {
1249	SMB_ODIR_RESUME_CONT,
1250	SMB_ODIR_RESUME_IDX,
1251	SMB_ODIR_RESUME_COOKIE,
1252	SMB_ODIR_RESUME_FNAME
1253} smb_odir_resume_type_t;
1254
1255typedef struct smb_odir_resume {
1256	smb_odir_resume_type_t	or_type;
1257	int			or_idx;
1258	uint32_t		or_cookie;
1259	char			*or_fname;
1260} smb_odir_resume_t;
1261
1262/*
1263 * Flags used when opening an odir
1264 */
1265#define	SMB_ODIR_OPENF_BACKUP_INTENT	0x01
1266
1267typedef struct smb_odir {
1268	list_node_t		d_lnd;
1269	uint32_t		d_magic;
1270	kmutex_t		d_mutex;
1271	smb_odir_state_t	d_state;
1272	smb_session_t		*d_session;
1273	smb_user_t		*d_user;
1274	smb_tree_t		*d_tree;
1275	smb_node_t		*d_dnode;
1276	cred_t			*d_cred;
1277	uint32_t		d_opened_by_pid;
1278	uint16_t		d_odid;
1279	uint16_t		d_sattr;
1280	uint32_t		d_refcnt;
1281	uint32_t		d_flags;
1282	boolean_t		d_eof;
1283	int			d_bufsize;
1284	uint64_t		d_offset;
1285	union {
1286		char		*u_bufptr;
1287		struct edirent	*u_edp;
1288		struct dirent64	*u_dp;
1289	} d_u;
1290	uint32_t		d_last_cookie;
1291	uint32_t		d_cookies[SMB_MAX_SEARCH];
1292	char			d_pattern[MAXNAMELEN];
1293	char			d_buf[SMB_ODIR_BUFSIZE];
1294	char			d_last_name[MAXNAMELEN];
1295} smb_odir_t;
1296#define	d_bufptr	d_u.u_bufptr
1297#define	d_edp		d_u.u_edp
1298#define	d_dp		d_u.u_dp
1299
1300typedef struct smb_odirent {
1301	char		od_name[MAXNAMELEN];	/* on disk name */
1302	ino64_t		od_ino;
1303	uint32_t	od_eflags;
1304} smb_odirent_t;
1305
1306#define	SMB_OPIPE_MAGIC		0x50495045	/* 'PIPE' */
1307#define	SMB_OPIPE_VALID(p)	\
1308    ASSERT(((p) != NULL) && (p)->p_magic == SMB_OPIPE_MAGIC)
1309#define	SMB_OPIPE_MAXNAME	32
1310
1311/*
1312 * Data structure for SMB_FTYPE_MESG_PIPE ofiles, which is used
1313 * at the interface between SMB and NDR RPC.
1314 */
1315typedef struct smb_opipe {
1316	uint32_t		p_magic;
1317	kmutex_t		p_mutex;
1318	kcondvar_t		p_cv;
1319	struct smb_ofile	*p_ofile;
1320	struct smb_server	*p_server;
1321	uint32_t		p_refcnt;
1322	ksocket_t		p_socket;
1323	/* This is the "flat" name, without path prefix */
1324	char			p_name[SMB_OPIPE_MAXNAME];
1325} smb_opipe_t;
1326
1327/*
1328 * The of_ftype	of an open file should contain the SMB_FTYPE value
1329 * returned when the file/pipe was opened. The following
1330 * assumptions are currently made:
1331 *
1332 * File Type	    Node       PipeInfo
1333 * ---------	    --------   --------
1334 * SMB_FTYPE_DISK       Valid      Null
1335 * SMB_FTYPE_BYTE_PIPE  Undefined  Undefined
1336 * SMB_FTYPE_MESG_PIPE  Null       Valid
1337 * SMB_FTYPE_PRINTER    Undefined  Undefined
1338 * SMB_FTYPE_UNKNOWN    Undefined  Undefined
1339 */
1340
1341/*
1342 * Some flags for ofile structure
1343 *
1344 *	SMB_OFLAGS_SET_DELETE_ON_CLOSE
1345 *   Set this flag when the corresponding open operation whose
1346 *   DELETE_ON_CLOSE bit of the CreateOptions is set. If any
1347 *   open file instance has this bit set, the NODE_FLAGS_DELETE_ON_CLOSE
1348 *   will be set for the file node upon close.
1349 */
1350
1351/*	SMB_OFLAGS_READONLY		0x0001 (obsolete) */
1352#define	SMB_OFLAGS_EXECONLY		0x0002
1353#define	SMB_OFLAGS_SET_DELETE_ON_CLOSE	0x0004
1354#define	SMB_OFLAGS_LLF_POS_VALID	0x0008
1355
1356#define	SMB_OFILE_MAGIC		0x4F464C45	/* 'OFLE' */
1357#define	SMB_OFILE_VALID(p)	\
1358    ASSERT((p != NULL) && ((p)->f_magic == SMB_OFILE_MAGIC))
1359
1360/*
1361 * This is the size of the per-handle "Lock Sequence" array.
1362 * See LockSequenceIndex in [MS-SMB2] 2.2.26, and smb2_lock.c
1363 */
1364#define	SMB_OFILE_LSEQ_MAX		64
1365
1366/* {arg_open,ofile}->dh_vers values */
1367typedef enum {
1368	SMB2_NOT_DURABLE = 0,
1369	SMB2_DURABLE_V1,
1370	SMB2_DURABLE_V2,
1371	SMB2_RESILIENT,
1372} smb_dh_vers_t;
1373
1374/*
1375 * See the long "Ofile State Machine" comment in smb_ofile.c
1376 */
1377typedef enum {
1378	SMB_OFILE_STATE_ALLOC = 0,
1379	SMB_OFILE_STATE_OPEN,
1380	SMB_OFILE_STATE_SAVE_DH,
1381	SMB_OFILE_STATE_SAVING,
1382	SMB_OFILE_STATE_CLOSING,
1383	SMB_OFILE_STATE_CLOSED,
1384	SMB_OFILE_STATE_ORPHANED,
1385	SMB_OFILE_STATE_RECONNECT,
1386	SMB_OFILE_STATE_EXPIRED,
1387	SMB_OFILE_STATE_SENTINEL
1388} smb_ofile_state_t;
1389
1390typedef struct smb_ofile {
1391	list_node_t		f_tree_lnd;	/* t_ofile_list */
1392	list_node_t		f_node_lnd;	/* n_ofile_list */
1393	list_node_t		f_dh_lnd;	/* sv_persistid_ht */
1394	uint32_t		f_magic;
1395	kmutex_t		f_mutex;
1396	smb_ofile_state_t	f_state;
1397
1398	struct smb_server	*f_server;
1399	smb_session_t		*f_session;
1400	smb_user_t		*f_user;
1401	smb_tree_t		*f_tree;
1402	smb_node_t		*f_node;
1403	smb_odir_t		*f_odir;
1404	smb_opipe_t		*f_pipe;
1405
1406	kcondvar_t		f_cv;
1407	/*
1408	 * Note: f_persistid == 0 means this ofile has no persistid
1409	 * (same interpretation at the protocol level).  IFF non-zero,
1410	 * this ofile is linked in the sv_persistid_ht hash table.
1411	 */
1412	uint64_t		f_persistid;
1413	uint32_t		f_uniqid;
1414	uint32_t		f_refcnt;
1415	uint64_t		f_seek_pos;
1416	uint32_t		f_flags;
1417	uint32_t		f_granted_access;
1418	uint32_t		f_share_access;
1419	uint32_t		f_create_options;
1420	uint32_t		f_opened_by_pid;
1421	uint16_t		f_fid;
1422	uint16_t		f_ftype;
1423	uint64_t		f_llf_pos;
1424	int			f_mode;
1425	cred_t			*f_cr;
1426	pid_t			f_pid;
1427	smb_attr_t		f_pending_attr;
1428	boolean_t		f_written;
1429	smb_oplock_grant_t	f_oplock;
1430	uint8_t			TargetOplockKey[SMB_LEASE_KEY_SZ];
1431	uint8_t			ParentOplockKey[SMB_LEASE_KEY_SZ];
1432	struct smb_lease	*f_lease;
1433
1434	smb_notify_t		f_notify;
1435
1436	smb_dh_vers_t		dh_vers;
1437	hrtime_t		dh_timeout_offset; /* time offset for timeout */
1438	hrtime_t		dh_expire_time; /* time the handle expires */
1439	boolean_t		dh_persist;
1440	kmutex_t		dh_nvlock;
1441	struct nvlist		*dh_nvlist;
1442	smb_node_t		*dh_nvfile;
1443
1444	uint8_t			dh_create_guid[16];
1445	char			f_quota_resume[SMB_SID_STRSZ];
1446	uint8_t			f_lock_seq[SMB_OFILE_LSEQ_MAX];
1447} smb_ofile_t;
1448
1449typedef struct smb_fileinfo {
1450	char		fi_name[MAXNAMELEN];
1451	char		fi_shortname[SMB_SHORTNAMELEN];
1452	uint32_t	fi_cookie;	/* Dir offset (of next entry) */
1453	uint32_t	fi_dosattr;	/* DOS attributes */
1454	uint64_t	fi_nodeid;	/* file system node id */
1455	uint64_t	fi_size;	/* file size in bytes */
1456	uint64_t	fi_alloc_size;	/* allocation size in bytes */
1457	timestruc_t	fi_atime;	/* last access */
1458	timestruc_t	fi_mtime;	/* last modification */
1459	timestruc_t	fi_ctime;	/* last status change */
1460	timestruc_t	fi_crtime;	/* file creation */
1461} smb_fileinfo_t;
1462
1463typedef struct smb_streaminfo {
1464	uint64_t	si_size;
1465	uint64_t	si_alloc_size;
1466	char		si_name[MAXPATHLEN];
1467} smb_streaminfo_t;
1468
1469#define	SMB_LOCK_MAGIC	0x4C4F434B	/* 'LOCK' */
1470
1471typedef struct smb_lock {
1472	list_node_t		l_lnd;
1473	uint32_t		l_magic;
1474	kmutex_t		l_mutex;
1475	kcondvar_t		l_cv;
1476
1477	smb_ofile_t		*l_file;
1478
1479	struct smb_lock		*l_blocked_by; /* Debug info only */
1480
1481	uint32_t		l_conflicts;
1482	uint32_t		l_flags;
1483	uint32_t		l_pid;
1484	uint32_t		l_type;
1485	uint64_t		l_start;
1486	uint64_t		l_length;
1487	clock_t			l_end_time;
1488} smb_lock_t;
1489
1490#define	SMB_LOCK_FLAG_INDEFINITE	0x0004
1491#define	SMB_LOCK_FLAG_CLOSED		0x0008
1492#define	SMB_LOCK_FLAG_CANCELLED		0x0010
1493
1494#define	SMB_LOCK_TYPE_READWRITE		101
1495#define	SMB_LOCK_TYPE_READONLY		102
1496
1497typedef struct vardata_block {
1498	uint8_t			vdb_tag;
1499	uint32_t		vdb_len;
1500	struct uio		vdb_uio;
1501	struct iovec		vdb_iovec[MAX_IOVEC];
1502} smb_vdb_t;
1503
1504#define	SMB_WRMODE_WRITE_THRU	0x0001
1505#define	SMB_WRMODE_IS_STABLE(M)	((M) & SMB_WRMODE_WRITE_THRU)
1506
1507#define	SMB_RW_MAGIC		0x52445257	/* 'RDRW' */
1508
1509typedef struct smb_rw_param {
1510	uint32_t rw_magic;
1511	smb_vdb_t rw_vdb;
1512	uint64_t rw_offset;
1513	uint32_t rw_last_write;
1514	uint16_t rw_mode;
1515	uint32_t rw_count;		/* bytes in this request */
1516	uint16_t rw_mincnt;
1517	uint32_t rw_total;		/* total bytes (write-raw) */
1518	uint16_t rw_dsoff;		/* SMB data offset */
1519	uint8_t rw_andx;		/* SMB secondary andx command */
1520} smb_rw_param_t;
1521
1522typedef struct smb_pathname {
1523	char	*pn_path;
1524	char	*pn_pname;
1525	char	*pn_fname;
1526	char	*pn_sname;
1527	char	*pn_stype;
1528} smb_pathname_t;
1529
1530/*
1531 * fs_query_info
1532 */
1533typedef struct smb_fqi {
1534	smb_pathname_t	fq_path;
1535	uint16_t	fq_sattr;
1536	smb_node_t	*fq_dnode;
1537	smb_node_t	*fq_fnode;
1538	smb_attr_t	fq_fattr;
1539	char		fq_last_comp[MAXNAMELEN];
1540} smb_fqi_t;
1541
1542typedef struct dirop {
1543	smb_fqi_t	fqi;
1544	smb_fqi_t	dst_fqi;
1545	uint16_t	info_level;
1546	uint16_t	flags;
1547} smb_arg_dirop_t;
1548
1549typedef struct smb_queryinfo {
1550	smb_node_t	*qi_node;	/* NULL for pipes */
1551	uint8_t qi_InfoType;
1552	uint8_t qi_InfoClass;
1553	uint8_t	qi_delete_on_close;
1554	uint8_t qi_isdir;
1555	uint32_t qi_AddlInfo;
1556	uint32_t qi_Flags;
1557	mbuf_chain_t in_data;
1558	smb_attr_t	qi_attr;
1559	uint32_t	qi_namelen;
1560	char		qi_shortname[SMB_SHORTNAMELEN];
1561	char		qi_name[MAXPATHLEN];
1562} smb_queryinfo_t;
1563
1564typedef struct smb_setinfo {
1565	smb_node_t *si_node;
1566	mbuf_chain_t si_data;
1567	smb_attr_t si_attr;
1568} smb_setinfo_t;
1569
1570/*
1571 * smb_fssize_t
1572 * volume_units and volume avail are the total allocated and
1573 * available units on the volume.
1574 * caller_units and caller_avail are the allocated and available
1575 * units on the volume for the user associated with the calling
1576 * thread.
1577 */
1578typedef struct smb_fssize {
1579	uint64_t	fs_volume_units;
1580	uint64_t	fs_volume_avail;
1581	uint64_t	fs_caller_units;
1582	uint64_t	fs_caller_avail;
1583	uint32_t	fs_sectors_per_unit;
1584	uint32_t	fs_bytes_per_sector;
1585} smb_fssize_t;
1586
1587/*
1588 * SMB FsCtl operations (SMB2 Ioctl, and some SMB1 trans calls)
1589 */
1590typedef struct {
1591	uint32_t CtlCode;
1592	uint32_t InputCount;
1593	uint32_t OutputCount;
1594	uint32_t MaxOutputResp;
1595	mbuf_chain_t *in_mbc;
1596	mbuf_chain_t *out_mbc;
1597} smb_fsctl_t;
1598
1599typedef struct {
1600	uint64_t	persistent;
1601	uint64_t	temporal;
1602} smb2fid_t;
1603
1604typedef struct {
1605	uint32_t status;
1606	uint16_t errcls;
1607	uint16_t errcode;
1608} smb_error_t;
1609
1610typedef struct open_param {
1611	smb_fqi_t	fqi;
1612	uint16_t	omode;
1613	uint16_t	ofun;
1614	uint32_t	nt_flags;
1615	uint32_t	timeo;
1616	uint32_t	dattr;
1617	timestruc_t	crtime;
1618	timestruc_t	mtime;
1619	timestruc_t	timewarp;
1620	/*
1621	 * Careful: dsize is the desired (allocation) size before the
1622	 * common open function, and the actual size afterwards.
1623	 */
1624	uint64_t	dsize;	/* alloc size, actual size */
1625	uint32_t	desired_access;
1626	uint32_t	maximum_access;
1627	uint32_t	share_access;
1628	uint32_t	create_options;
1629	uint32_t	create_disposition;
1630	boolean_t	create_timewarp;
1631	boolean_t	created_readonly;
1632	uint32_t	ftype;
1633	uint32_t	devstate;
1634	uint32_t	action_taken;
1635	uint64_t	fileid;
1636	uint32_t	rootdirfid;
1637	fsid_t		op_fsid;
1638	smb_ofile_t	*dir;
1639	smb_opipe_t	*pipe;	/* for smb_opipe_open */
1640	struct smb_sd	*sd;	/* for NTTransactCreate */
1641	void		*create_ctx;
1642
1643	uint8_t		op_oplock_level;	/* requested/granted level */
1644	uint32_t	op_oplock_state;	/* internal type+level */
1645	uint32_t	lease_state;		/* SMB2_LEASE_... */
1646	uint32_t	lease_flags;
1647	uint16_t	lease_epoch;
1648	uint16_t	lease_version;		/* 1 or 2 */
1649	uint8_t		lease_key[SMB_LEASE_KEY_SZ];	/* from client */
1650	uint8_t		parent_lease_key[SMB_LEASE_KEY_SZ]; /* for V2 */
1651
1652	smb_dh_vers_t	dh_vers;
1653	smb2fid_t	dh_fileid;		/* for durable reconnect */
1654	uint8_t		create_guid[16];
1655	uint32_t	dh_v2_flags;
1656	uint32_t	dh_timeout;
1657} smb_arg_open_t;
1658
1659typedef struct smb_arg_lock {
1660	void		*lvec;
1661	uint32_t	lcnt;
1662	uint32_t	lseq;
1663} smb_arg_lock_t;
1664
1665typedef struct smb_arg_olbrk {
1666	uint32_t	NewLevel;
1667	boolean_t	AckRequired;
1668} smb_arg_olbrk_t;
1669
1670/*
1671 * SMB Request State Machine
1672 * -------------------------
1673 *
1674 *                  T4               +------+		T0
1675 *      +--------------------------->| FREE |---------------------------+
1676 *      |                            +------+                           |
1677 * +-----------+                                                        |
1678 * | COMPLETED |                                                        |
1679 * +-----------+
1680 *      ^                                                               |
1681 *      | T15                      +-----------+                        v
1682 * +------------+        T6        |           |                +--------------+
1683 * | CLEANED_UP |<-----------------| CANCELLED |                | INITIALIZING |
1684 * +------------+                  |           |                +--------------+
1685 *      |    ^                     +-----------+                        |
1686 *      |    |                        ^  ^ ^ ^                          |
1687 *      |    |          +-------------+  | | |                          |
1688 *      |    |    T3    |                | | |               T13        | T1
1689 *      |    +-------------------------+ | | +----------------------+   |
1690 *      +----------------------------+ | | |                        |   |
1691 *         T16          |            | | | +-----------+            |   |
1692 *                      |           \/ | | T5          |            |   v
1693 * +-----------------+  |   T12     +--------+         |     T2    +-----------+
1694 * | EVENT_OCCURRED  |------------->| ACTIVE |<--------------------| SUBMITTED |
1695 * +-----------------+  |           +--------+         |           +-----------+
1696 *        ^             |              | ^ |           |
1697 *        |             |           T8 | | |  T7       |
1698 *        | T10      T9 |   +----------+ | +-------+   |  T11
1699 *        |             |   |            +-------+ |   |
1700 *        |             |   |               T14  | |   |
1701 *        |             |   v                    | v   |
1702 *      +----------------------+                +--------------+
1703 *	|     WAITING_EVENT    |                | WAITING_LOCK |
1704 *      +----------------------+                +--------------+
1705 *
1706 *
1707 *
1708 *
1709 *
1710 * Transition T0
1711 *
1712 * This transition occurs when the request is allocated and is still under the
1713 * control of the session thread.
1714 *
1715 * Transition T1
1716 *
1717 * This transition occurs when the session thread dispatches a task to treat the
1718 * request.
1719 *
1720 * Transition T2
1721 *
1722 *
1723 *
1724 * Transition T3
1725 *
1726 * A request completes and smbsr_cleanup is called to release resources
1727 * associated with the request (but not the smb_request_t itself).  This
1728 * includes references on smb_ofile_t, smb_node_t, and other structures.
1729 * CLEANED_UP state exists to detect if we attempt to cleanup a request
1730 * multiple times and to allow us to detect that we are accessing a
1731 * request that has already been cleaned up.
1732 *
1733 * Transition T4
1734 *
1735 *
1736 *
1737 * Transition T5
1738 *
1739 *
1740 *
1741 * Transition T6
1742 *
1743 *
1744 *
1745 * Transition T7
1746 *
1747 *
1748 *
1749 * Transition T8
1750 *
1751 *
1752 *
1753 * Transition T9
1754 *
1755 *
1756 *
1757 * Transition T10
1758 *
1759 *
1760 *
1761 * Transition T11
1762 *
1763 *
1764 *
1765 * Transition T12
1766 *
1767 *
1768 *
1769 * Transition T13
1770 *
1771 *
1772 *
1773 * Transition T14
1774 *
1775 *
1776 *
1777 * Transition T15
1778 *
1779 * Request processing is completed (control returns from smb_dispatch)
1780 *
1781 * Transition T16
1782 *
1783 * Multipart (andx) request was cleaned up with smbsr_cleanup but more "andx"
1784 * sections remain to be processed.
1785 *
1786 */
1787
1788#define	SMB_REQ_MAGIC		0x534D4252	/* 'SMBR' */
1789#define	SMB_REQ_VALID(p)	ASSERT((p)->sr_magic == SMB_REQ_MAGIC)
1790
1791typedef enum smb_req_state {
1792	SMB_REQ_STATE_FREE = 0,
1793	SMB_REQ_STATE_INITIALIZING,
1794	SMB_REQ_STATE_SUBMITTED,
1795	SMB_REQ_STATE_ACTIVE,
1796	SMB_REQ_STATE_WAITING_AUTH,
1797	SMB_REQ_STATE_WAITING_FCN1,
1798	SMB_REQ_STATE_WAITING_FCN2,
1799	SMB_REQ_STATE_WAITING_LOCK,
1800	SMB_REQ_STATE_WAITING_PIPE,
1801	SMB_REQ_STATE_COMPLETED,
1802	SMB_REQ_STATE_CANCEL_PENDING,
1803	SMB_REQ_STATE_CANCELLED,
1804	SMB_REQ_STATE_CLEANED_UP,
1805	SMB_REQ_STATE_SENTINEL
1806} smb_req_state_t;
1807
1808typedef struct smb_request {
1809	list_node_t		sr_session_lnd;
1810	uint32_t		sr_magic;
1811	kmutex_t		sr_mutex;
1812	smb_req_state_t		sr_state;
1813	struct smb_server	*sr_server;
1814	pid_t			*sr_pid;
1815	int32_t			sr_gmtoff;
1816	smb_session_t		*session;
1817	smb_kmod_cfg_t		*sr_cfg;
1818	void			(*cancel_method)(struct smb_request *);
1819	void			*cancel_arg2;
1820
1821	/* Queue used by smb_request_append_postwork. */
1822	struct smb_request	*sr_postwork;
1823
1824	list_node_t		sr_waiters;	/* smb_notify.c */
1825
1826	/* Info from session service header */
1827	uint32_t		sr_req_length; /* Excluding NBT header */
1828
1829	/* Request buffer excluding NBT header */
1830	void			*sr_request_buf;
1831
1832	struct mbuf_chain	command;
1833	struct mbuf_chain	reply;
1834	struct mbuf_chain	raw_data;
1835	list_t			sr_storage;
1836	struct smb_xa		*r_xa;
1837	int			andx_prev_wct;
1838	int			cur_reply_offset;
1839	int			orig_request_hdr;
1840	unsigned int		reply_seqnum;	/* reply sequence number */
1841	unsigned char		first_smb_com;	/* command code */
1842	unsigned char		smb_com;	/* command code */
1843
1844	uint8_t			smb_rcls;	/* error code class */
1845	uint8_t			smb_reh;	/* rsvd (AH DOS INT-24 ERR) */
1846	uint16_t		smb_err;	/* error code */
1847	smb_error_t		smb_error;
1848
1849	uint8_t			smb_flg;	/* flags */
1850	uint16_t		smb_flg2;	/* flags */
1851	unsigned char		smb_sig[8];	/* signiture */
1852	uint16_t		smb_tid;	/* tree id #  */
1853	uint32_t		smb_pid;	/* caller's process id # */
1854	uint16_t		smb_uid;	/* local (smb1) user id # */
1855	uint16_t		smb_mid;	/* mutiplex id #  */
1856	unsigned char		smb_wct;	/* count of parameter words */
1857	uint16_t		smb_bcc;	/* data byte count */
1858
1859	/*
1860	 * Beginning offsets (in the mbuf chain) for the
1861	 * command and reply headers, and the next reply.
1862	 */
1863	uint32_t		smb2_cmd_hdr;
1864	uint32_t		smb2_reply_hdr;
1865	uint32_t		smb2_next_reply;
1866
1867	/*
1868	 * SMB2 header fields.  [MS-SMB2 2.2.1.2]
1869	 * XXX: Later do a union w smb1 members
1870	 */
1871	uint16_t		smb2_credit_charge;
1872	uint16_t		smb2_chan_seq;	/* cmd only */
1873	uint32_t		smb2_status;
1874	uint16_t		smb2_cmd_code;
1875	uint16_t		smb2_credit_request;
1876	uint16_t		smb2_credit_response;
1877	uint16_t		smb2_total_credits; /* in compound */
1878	uint32_t		smb2_hdr_flags;
1879	uint32_t		smb2_next_command;
1880	uint64_t		smb2_messageid;
1881	uint64_t		smb2_first_msgid;
1882	/* uint32_t		smb2_pid; use smb_pid */
1883	/* uint32_t		smb2_tid; use smb_tid */
1884	uint64_t		smb2_ssnid;	/* See u_ssnid */
1885	uint8_t			smb2_sig[16];	/* signature */
1886
1887	/*
1888	 * SMB3 transform header fields. [MS-SMB2 2.2.41]
1889	 */
1890	uint64_t		smb3_tform_ssnid;
1891	smb_user_t		*tform_ssn;
1892	uint32_t		msgsize;
1893	uint8_t			nonce[16];
1894
1895	boolean_t		encrypted;
1896	boolean_t		dh_nvl_dirty;
1897
1898	boolean_t		smb2_async;
1899	uint64_t		smb2_async_id;
1900	/* Parameters */
1901	struct mbuf_chain	smb_vwv;	/* variable width value */
1902
1903	/* Data */
1904	struct mbuf_chain	smb_data;
1905
1906	uint16_t		smb_fid;	/* not in hdr, but common */
1907
1908	unsigned char		andx_com;
1909	uint16_t		andx_off;
1910
1911	struct smb_tree		*tid_tree;
1912	struct smb_ofile	*fid_ofile;
1913	smb_user_t		*uid_user;
1914
1915	cred_t			*user_cr;
1916	kthread_t		*sr_worker;
1917	hrtime_t		sr_time_submitted;
1918	hrtime_t		sr_time_active;
1919	hrtime_t		sr_time_start;
1920	int32_t			sr_txb;
1921	uint32_t		sr_seqnum;
1922
1923	union {
1924		smb2_arg_negotiate_t	nego2;
1925		smb_arg_negotiate_t	*negprot;
1926		smb_arg_sessionsetup_t	*ssetup;
1927		smb_arg_tcon_t		tcon;
1928		smb_arg_dirop_t		dirop;
1929		smb_arg_open_t		open;
1930		smb_arg_lock_t		lock;
1931		smb_arg_olbrk_t		olbrk;	/* for async oplock break */
1932		smb_rw_param_t		*rw;
1933		int32_t			timestamp;
1934		void			*other;
1935	} arg;
1936} smb_request_t;
1937
1938#define	sr_ssetup	arg.ssetup
1939#define	sr_negprot	arg.negprot
1940#define	sr_nego2	arg.nego2
1941#define	sr_tcon		arg.tcon
1942#define	sr_dirop	arg.dirop
1943#define	sr_open		arg.open
1944#define	sr_rw		arg.rw
1945#define	sr_timestamp	arg.timestamp
1946
1947#define	SMB_READ_PROTOCOL(hdr) \
1948	LE_IN32(((smb_hdr_t *)(hdr))->protocol)
1949
1950#define	SMB_PROTOCOL_MAGIC_INVALID(rd_sr) \
1951	(SMB_READ_PROTOCOL((rd_sr)->sr_request_buf) != SMB_PROTOCOL_MAGIC)
1952
1953#define	SMB_READ_COMMAND(hdr) \
1954	(((smb_hdr_t *)(hdr))->command)
1955
1956#define	SMB_IS_NT_CANCEL(rd_sr) \
1957	(SMB_READ_COMMAND((rd_sr)->sr_request_buf) == SMB_COM_NT_CANCEL)
1958
1959#define	SMB_IS_SESSION_SETUP_ANDX(rd_sr) \
1960	(SMB_READ_COMMAND((rd_sr)->sr_request_buf) == \
1961	    SMB_COM_SESSION_SETUP_ANDX)
1962
1963#define	SMB_IS_NT_NEGOTIATE(rd_sr) \
1964	(SMB_READ_COMMAND((rd_sr)->sr_request_buf) == SMB_COM_NEGOTIATE)
1965
1966#define	SMB_IS_TREE_CONNECT_ANDX(rd_sr) \
1967	(SMB_READ_COMMAND((rd_sr)->sr_request_buf) == SMB_COM_TREE_CONNECT_ANDX)
1968
1969#define	SMB_XA_FLAG_OPEN	0x0001
1970#define	SMB_XA_FLAG_CLOSE	0x0002
1971#define	SMB_XA_FLAG_COMPLETE	0x0004
1972#define	SMB_XA_CLOSED(xa) (!((xa)->xa_flags & SMB_XA_FLAG_OPEN))
1973
1974#define	SMB_XA_MAGIC		0x534D4258	/* 'SMBX' */
1975
1976typedef struct smb_xa {
1977	list_node_t		xa_lnd;
1978	uint32_t		xa_magic;
1979	kmutex_t		xa_mutex;
1980
1981	uint32_t		xa_refcnt;
1982	uint32_t		xa_flags;
1983
1984	struct smb_session	*xa_session;
1985
1986	unsigned char		smb_com;	/* which TRANS type */
1987	unsigned char		smb_flg;	/* flags */
1988	uint16_t		smb_flg2;	/* flags */
1989	uint16_t		smb_tid;	/* tree id number */
1990	uint32_t		smb_pid;	/* caller's process id */
1991	uint16_t		smb_uid;	/* user id number */
1992	uint32_t		smb_func;	/* NT_TRANS function */
1993
1994	uint16_t		xa_smb_mid;	/* mutiplex id number */
1995	uint16_t		xa_smb_fid;	/* TRANS2 secondary */
1996
1997	unsigned int		reply_seqnum;	/* reply sequence number */
1998
1999	uint32_t	smb_tpscnt;	/* total parameter bytes being sent */
2000	uint32_t	smb_tdscnt;	/* total data bytes being sent */
2001	uint32_t	smb_mprcnt;	/* max parameter bytes to return */
2002	uint32_t	smb_mdrcnt;	/* max data bytes to return */
2003	uint32_t	smb_msrcnt;	/* max setup words to return */
2004	uint32_t	smb_flags;	/* additional information: */
2005				/*  bit 0 - if set, disconnect TID in smb_tid */
2006				/*  bit 1 - if set, transaction is one way */
2007				/*  (no final response) */
2008	int32_t	smb_timeout;	/* number of milliseconds to await completion */
2009	uint32_t	smb_suwcnt;	/* set up word count */
2010
2011	char			*xa_pipe_name;
2012
2013	/*
2014	 * These are the param and data count received so far,
2015	 * used to decide if the whole trans is here yet.
2016	 */
2017	int			req_disp_param;
2018	int			req_disp_data;
2019
2020	struct mbuf_chain	req_setup_mb;
2021	struct mbuf_chain	req_param_mb;
2022	struct mbuf_chain	req_data_mb;
2023
2024	struct mbuf_chain	rep_setup_mb;
2025	struct mbuf_chain	rep_param_mb;
2026	struct mbuf_chain	rep_data_mb;
2027} smb_xa_t;
2028
2029
2030#define	SDDF_NO_FLAGS			0
2031#define	SDDF_SUPPRESS_TID		0x0001
2032#define	SDDF_SUPPRESS_UID		0x0002
2033
2034/*
2035 * SMB dispatch return codes.
2036 */
2037typedef enum {
2038	SDRC_SUCCESS = 0,
2039	SDRC_ERROR,
2040	SDRC_DROP_VC,
2041	SDRC_NO_REPLY,
2042	SDRC_SR_KEPT,
2043	SDRC_NOT_IMPLEMENTED
2044} smb_sdrc_t;
2045
2046#define	VAR_BCC		((short)-1)
2047
2048#define	SMB_SERVER_MAGIC	0x53534552	/* 'SSER' */
2049#define	SMB_SERVER_VALID(s)	\
2050    ASSERT(((s) != NULL) && ((s)->sv_magic == SMB_SERVER_MAGIC))
2051
2052#define	SMB_LISTENER_MAGIC	0x4C53544E	/* 'LSTN' */
2053#define	SMB_LISTENER_VALID(ld)	\
2054    ASSERT(((ld) != NULL) && ((ld)->ld_magic == SMB_LISTENER_MAGIC))
2055
2056typedef struct {
2057	uint32_t		ld_magic;
2058	struct smb_server	*ld_sv;
2059	smb_thread_t		ld_thread;
2060	ksocket_t		ld_so;
2061	in_port_t		ld_port;
2062	int			ld_family;
2063	struct sockaddr_in	ld_sin;
2064	struct sockaddr_in6	ld_sin6;
2065} smb_listener_daemon_t;
2066
2067#define	SMB_SSETUP_CMD			"authentication"
2068#define	SMB_TCON_CMD			"share mapping"
2069#define	SMB_OPIPE_CMD			"pipe open"
2070#define	SMB_THRESHOLD_REPORT_THROTTLE	50
2071typedef struct smb_cmd_threshold {
2072	char			*ct_cmd;
2073	kmutex_t		ct_mutex;
2074	volatile uint32_t	ct_active_cnt;
2075	volatile uint32_t	ct_blocked_cnt;
2076	uint32_t		ct_threshold;
2077	uint32_t		ct_timeout; /* milliseconds */
2078	kcondvar_t		ct_cond;
2079} smb_cmd_threshold_t;
2080
2081typedef struct {
2082	kstat_named_t		ls_files;
2083	kstat_named_t		ls_trees;
2084	kstat_named_t		ls_users;
2085} smb_server_legacy_kstat_t;
2086
2087typedef enum smb_server_state {
2088	SMB_SERVER_STATE_CREATED = 0,
2089	SMB_SERVER_STATE_CONFIGURED,
2090	SMB_SERVER_STATE_RUNNING,
2091	SMB_SERVER_STATE_STOPPING,
2092	SMB_SERVER_STATE_DELETING,
2093	SMB_SERVER_STATE_SENTINEL
2094} smb_server_state_t;
2095
2096typedef struct {
2097	/* protected by sv_mutex */
2098	kcondvar_t		sp_cv;
2099	uint32_t		sp_cnt;
2100	smb_llist_t		sp_list;
2101	smb_llist_t		sp_fidlist;
2102} smb_spool_t;
2103
2104#define	SMB_SERVER_STATE_VALID(S)               \
2105    ASSERT(((S) == SMB_SERVER_STATE_CREATED) || \
2106	    ((S) == SMB_SERVER_STATE_CONFIGURED) || \
2107	    ((S) == SMB_SERVER_STATE_RUNNING) ||    \
2108	    ((S) == SMB_SERVER_STATE_STOPPING) ||   \
2109	    ((S) == SMB_SERVER_STATE_DELETING))
2110
2111typedef struct smb_server {
2112	list_node_t		sv_lnd;
2113	uint32_t		sv_magic;
2114	kcondvar_t		sv_cv;
2115	kmutex_t		sv_mutex;
2116	smb_server_state_t	sv_state;
2117	uint32_t		sv_refcnt;
2118	pid_t			sv_pid;
2119	zoneid_t		sv_zid;
2120	smb_listener_daemon_t	sv_nbt_daemon;
2121	smb_listener_daemon_t	sv_tcp_daemon;
2122	krwlock_t		sv_cfg_lock;
2123	smb_kmod_cfg_t		sv_cfg;
2124	smb_session_t		*sv_session;
2125	smb_user_t		*sv_rootuser;
2126	smb_llist_t		sv_session_list;
2127	smb_hash_t		*sv_persistid_ht;
2128	smb_hash_t		*sv_lease_ht;
2129
2130	smb_export_t		sv_export;
2131	struct __door_handle	*sv_lmshrd;
2132
2133	/* Internal door for up-calls to smbd */
2134	struct __door_handle	*sv_kdoor_hd;
2135	int			sv_kdoor_id; /* init -1 */
2136	uint64_t		sv_kdoor_ncall;
2137	kmutex_t		sv_kdoor_mutex;
2138	kcondvar_t		sv_kdoor_cv;
2139
2140	int32_t			si_gmtoff;
2141
2142	smb_thread_t		si_thread_timers;
2143
2144	taskq_t			*sv_worker_pool;
2145	taskq_t			*sv_receiver_pool;
2146
2147	smb_node_t		*si_root_smb_node;
2148	smb_llist_t		sv_opipe_list;
2149	smb_llist_t		sv_event_list;
2150
2151	/* Statistics */
2152	hrtime_t		sv_start_time;
2153	kstat_t			*sv_ksp;
2154	volatile uint32_t	sv_nbt_sess;
2155	volatile uint32_t	sv_tcp_sess;
2156	volatile uint32_t	sv_users;
2157	volatile uint32_t	sv_trees;
2158	volatile uint32_t	sv_files;
2159	volatile uint32_t	sv_pipes;
2160	volatile uint64_t	sv_txb;
2161	volatile uint64_t	sv_rxb;
2162	volatile uint64_t	sv_nreq;
2163	smb_srqueue_t		sv_srqueue;
2164	smb_spool_t		sp_info;
2165	smb_cmd_threshold_t	sv_ssetup_ct;
2166	smb_cmd_threshold_t	sv_tcon_ct;
2167	smb_cmd_threshold_t	sv_opipe_ct;
2168	kstat_t			*sv_legacy_ksp;
2169	kmutex_t		sv_legacy_ksmtx;
2170	smb_disp_stats_t	*sv_disp_stats1;
2171	smb_disp_stats_t	*sv_disp_stats2;
2172} smb_server_t;
2173
2174#define	SMB_EVENT_MAGIC		0x45564E54	/* EVNT */
2175#define	SMB_EVENT_TIMEOUT	45		/* seconds */
2176#define	SMB_EVENT_VALID(e)	\
2177    ASSERT(((e) != NULL) && ((e)->se_magic == SMB_EVENT_MAGIC))
2178typedef struct smb_event {
2179	list_node_t		se_lnd;
2180	uint32_t		se_magic;
2181	kmutex_t		se_mutex;
2182	kcondvar_t		se_cv;
2183	smb_server_t		*se_server;
2184	uint32_t		se_txid;
2185	boolean_t		se_notified;
2186	int			se_waittime;
2187	int			se_timeout;
2188	int			se_errno;
2189} smb_event_t;
2190
2191typedef struct smb_kspooldoc {
2192	list_node_t	sd_lnd;
2193	uint32_t	sd_magic;
2194	smb_inaddr_t	sd_ipaddr;
2195	uint32_t	sd_spool_num;
2196	uint16_t	sd_fid;
2197	char		sd_username[MAXNAMELEN];
2198	char		sd_path[MAXPATHLEN];
2199} smb_kspooldoc_t;
2200
2201typedef struct smb_spoolfid {
2202	list_node_t	sf_lnd;
2203	uint32_t	sf_magic;
2204	uint16_t	sf_fid;
2205} smb_spoolfid_t;
2206
2207#define	SMB_INFO_NETBIOS_SESSION_SVC_RUNNING	0x0001
2208#define	SMB_INFO_NETBIOS_SESSION_SVC_FAILED	0x0002
2209#define	SMB_INFO_USER_LEVEL_SECURITY		0x40000000
2210#define	SMB_INFO_ENCRYPT_PASSWORDS		0x80000000
2211
2212#define	SMB_IS_STREAM(node) ((node)->n_unode)
2213
2214typedef struct smb_tsd {
2215	void (*proc)();
2216	void *arg;
2217	char name[100];
2218} smb_tsd_t;
2219
2220typedef struct smb_disp_entry {
2221	char		sdt_name[KSTAT_STRLEN];
2222	smb_sdrc_t	(*sdt_pre_op)(smb_request_t *);
2223	smb_sdrc_t	(*sdt_function)(smb_request_t *);
2224	void		(*sdt_post_op)(smb_request_t *);
2225	uint8_t		sdt_com;
2226	char		sdt_dialect;
2227	uint8_t		sdt_flags;
2228} smb_disp_entry_t;
2229
2230typedef struct smb_xlate {
2231	int	code;
2232	char	*str;
2233} smb_xlate_t;
2234
2235/*
2236 * This structure is a helper for building RAP NetShareEnum response
2237 *
2238 * es_posix_uid UID of the user requesting the shares list which
2239 *              is used to detect if the user has any autohome
2240 * es_bufsize   size of the response buffer
2241 * es_buf       pointer to the response buffer
2242 * es_ntotal    total number of shares exported by server which
2243 *              their OEM names is less then 13 chars
2244 * es_nsent     number of shares that can fit in the specified buffer
2245 * es_datasize  actual data size (share's data) which was encoded
2246 *              in the response buffer
2247 */
2248typedef struct smb_enumshare_info {
2249	uid_t		es_posix_uid;
2250	uint16_t	es_bufsize;
2251	char		*es_buf;
2252	uint16_t	es_ntotal;
2253	uint16_t	es_nsent;
2254	uint16_t	es_datasize;
2255} smb_enumshare_info_t;
2256
2257/*
2258 * SMB 3.1.1 error id for error ctxs
2259 */
2260enum smb2_error_id {
2261	SMB2_ERROR_ID_DEFAULT		= 0,
2262	SMB2_ERROR_ID_SHARE_REDIRECT	= 0x72645253	/* not used */
2263};
2264
2265#ifdef	__cplusplus
2266}
2267#endif
2268
2269#endif /* _SMBSRV_SMB_KTYPES_H */
2270