Print this page
NEX-4856 SMB2 kstats don't correctly count compound requests
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-19944 SMB2 server should require signed Validate Negotiate requests
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-17589 Get "too high" smbd error when copy big file to cifs share (redo)
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-16943 network outages with thread stuck in smb2_scoreboard_cancel
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-9808 SMB3 persistent handles
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-15578 SMB2 durable handle redesign
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-5665 SMB2 oplock leases
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
NEX-15069 smtorture smb2.create.blob is failed
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-15555 SMB2 async redesign
NEX-15061 smtorture smb2.lock.cancel.cancel is failed
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
Also follow-up change to:
NEX-1643 dtrace provider for smbsrv (remove "done2" probes,
which don't make sense with the new async design)
NEX-9808 SMB3 persistent handles
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-15578 SMB2 durable handle redesign
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-5665 SMB2 oplock leases
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
NEX-15069 smtorture smb2.create.blob is failed
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-15555 SMB2 async redesign
NEX-15061 smtorture smb2.lock.cancel.cancel is failed
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
Also follow-up change to:
NEX-1643 dtrace provider for smbsrv (remove "done2" probes,
which don't make sense with the new async design)
NEX-1643 dtrace provider for smbsrv
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
NEX-9864 Some SMB cancel races remain after NEX-5845 (smb3 nit)
NEX-9864 Some SMB cancel races remain after NEX-5845
Revert (part of) "NEX-5845 rework SMB immediate cancel"
reverts (part of) commit 7a5da69f6d42b17ebcc95ca3d02925d07a01343e.
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-5273 SMB 3 Encryption
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
NEX-5844 want SMB2 ioctl FSCTL_SRV_COPYCHUNK
NEX-6124 smb_fsop_read/write should allow file != sr->fid_ofile
NEX-6125 smbtorture invalid response with smb2.ioctl
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
NEX-5845 rework SMB immediate cancel
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
NEX-5586 SMB2 ofiles need real Persistent IDs
NEX-5313 SMB2 oplock break notification should use TID=0
Reviewed by: Gordon Ross <gwr@nexenta.com>
NEX-5560 smb2 should use 64-bit server-global uids
Reviewed by: Gordon Ross <gwr@nexenta.com>
NEX-3906 Prefer that SMB change notify not tie up a worker thread
NEX-5278 SMB notify should buffer per file handle
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
Reviewed by: Matt Barden <Matt.Barden@nexenta.com>
NEX-5152 immediate SMB cancel may fail
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
Reviewed by: Matt Barden <Matt.Barden@nexenta.com>
NEX-5175 want SMB statistics separately for reads, writes, other
Reviewed by: Gordon Ross <gwr@nexenta.com>
Reviewed by: Matt Barden <Matt.Barden@nexenta.com>
NEX-5198 smb2 kernel kstats incorrect for received data
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
NEX-5133 Deleting directory over CIFS SMB2 fails after visiting in explorer
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
Reviewed by: Matt Barden <Matt.Barden@nexenta.com>
NEX-4313 want iops, bandwidth, and latency kstats for smb
Portions contributed by: Gordon Ross <gwr@nexenta.com>
Reviewed by: Matt Barden <Matt.Barden@nexenta.com>
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
NEX-4598 SMB2 credit shortage with Mac client
Reviewed by: Bayard Bell <bayard.bell@nexenta.com>
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
Reviewed by: Matt Barden <Matt.Barden@nexenta.com>
NEX-4391 improve smb cancel support
Reviewed by: Matt Barden <Matt.Barden@nexenta.com>
NEX-4147 Cancelled SMB2 requests sometimes have no response (missed things)
NEX-4147 Cancelled SMB2 requests sometimes have no response
NEX-4157 Improve SMB2 compound request handler
Reviewed by: Matt Barden <Matt.Barden@nexenta.com>
NEX-1999 SMB2 panic - missing tree connection
NEX-3377 Want reply header set earlier
Reviewed by: Dan Fields <dan.fields@nexenta.com>
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
Reviewed by: Matt Barden <Matt.Barden@nexenta.com>
NEX-3310 smbstat misreports change notify
Reviewed by: Alek Pinchuk <alek.pinchuk@nexenta.com>
Reviewed by: Dan Fields <dan.fields@nexenta.com>
NEX-3080 SMB1 signing problem with Kerberos auth.
Reviewed by: Bayard Bell <bayard.bell@nexenta.com>
Reviewed by: Dan Fields <dan.fields@nexenta.com>
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
Reviewed by: Matt Barden <Matt.Barden@nexenta.com>
NEX-2869 SMB2 signing fails for multi-user clients like Citrix RDS
NEX-2975 SMB2 Cancel may fail
Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
Reviewed by: Tony Nguyen <tony.nguyen@nexenta.com>
NEX-2781 SMB2 credit handling needs work
NEX-2353 Codenomicon: SMB2 TC # 448950 - PANIC in SMB2.Compounded-commands...
NEX-2344 Codenomicon: SMB2 TC: 458439 Panic in SMB2.Compounded-commands
SMB-55 SMB2 signing
SMB-122 smbd core dumps in smbd_dc_update / smb_log
SMB-117 Win7 fails to open security properties
SMB-110 panic mapping a share from Nexentastor to the windows 2012 R2 client
SMB-109 Codenomicon: SMB TC: 409480 - Panic with SMB2_FIND request
SMB-79 Codenomicon: SMB2 TC: 4978 - Panic in smb_latency_add_sample
SMB-11 SMB2 message parse & dispatch
SMB-12 SMB2 Negotiate Protocol
SMB-13 SMB2 Session Setup
SMB-14 SMB2 Logoff
SMB-15 SMB2 Tree Connect
SMB-16 SMB2 Tree Disconnect
SMB-17 SMB2 Create
SMB-18 SMB2 Close
SMB-19 SMB2 Flush
SMB-20 SMB2 Read
SMB-21 SMB2 Write
SMB-22 SMB2 Lock/Unlock
SMB-23 SMB2 Ioctl
SMB-24 SMB2 Cancel
SMB-25 SMB2 Echo
SMB-26 SMB2 Query Dir
SMB-27 SMB2 Change Notify
SMB-28 SMB2 Query Info
SMB-29 SMB2 Set Info
SMB-30 SMB2 Oplocks
SMB-53 SMB2 Create Context options
(SMB2 code review cleanup 1, 2, 3)
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/fs/smbsrv/smb2_dispatch.c
+++ new/usr/src/uts/common/fs/smbsrv/smb2_dispatch.c
1 1 /*
2 2 * This file and its contents are supplied under the terms of the
|
↓ open down ↓ |
2 lines elided |
↑ open up ↑ |
3 3 * Common Development and Distribution License ("CDDL"), version 1.0.
4 4 * You may only use this file in accordance with the terms of version
5 5 * 1.0 of the CDDL.
6 6 *
7 7 * A full copy of the text of the CDDL should have accompanied this
8 8 * source. A copy of the CDDL is also available via the Internet at
9 9 * http://www.illumos.org/license/CDDL.
10 10 */
11 11
12 12 /*
13 - * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
13 + * Copyright 2019 Nexenta Systems, Inc. All rights reserved.
14 14 */
15 15
16 16
17 17 #include <smbsrv/smb2_kproto.h>
18 18 #include <smbsrv/smb_kstat.h>
19 19 #include <smbsrv/smb2.h>
20 20
21 -/*
22 - * Saved state for a command that "goes async". When a compound request
23 - * contains a command that may block indefinitely, the compound reply is
24 - * composed with an "interim response" for that command, and information
25 - * needed to actually dispatch that command is saved on a list of "async"
26 - * commands for this compound request. After the compound reply is sent,
27 - * the list of async commands is processed, and those may block as long
28 - * as they need to without affecting the initial compound request.
29 - *
30 - * Now interestingly, this "async" mechanism is not used with the full
31 - * range of asynchrony that one might imagine. The design of async
32 - * request processing can be drastically simplified if we can assume
33 - * that there's no need to run more than one async command at a time.
34 - * With that simplifying assumption, we can continue using the current
35 - * "one worker thread per request message" model, which has very simple
36 - * locking rules etc. The same worker thread that handles the initial
37 - * compound request can handle the list of async requests.
38 - *
39 - * As it turns out, SMB2 clients do not try to use more than one "async"
40 - * command in a compound. If they were to do so, the [MS-SMB2] spec.
41 - * allows us to decline additional async requests with an error.
42 - *
43 - * smb_async_req_t is the struct used to save an "async" request on
44 - * the list of requests that had an interim reply in the initial
45 - * compound reply. This includes everything needed to restart
46 - * processing at the async command.
47 - */
21 +#define SMB2_ASYNCID(sr) (sr->smb2_messageid ^ (1ULL << 62))
48 22
49 -typedef struct smb2_async_req {
50 -
51 - smb_sdrc_t (*ar_func)(smb_request_t *);
52 -
53 - int ar_cmd_hdr; /* smb2_cmd_hdr offset */
54 - int ar_cmd_len; /* length from hdr */
55 -
56 - /*
57 - * SMB2 header fields.
58 - */
59 - uint16_t ar_cmd_code;
60 - uint16_t ar_uid;
61 - uint16_t ar_tid;
62 - uint32_t ar_pid;
63 - uint32_t ar_hdr_flags;
64 - uint64_t ar_messageid;
65 -} smb2_async_req_t;
66 -
67 -void smb2sr_do_async(smb_request_t *);
68 23 smb_sdrc_t smb2_invalid_cmd(smb_request_t *);
69 24 static void smb2_tq_work(void *);
25 +static void smb2sr_run_postwork(smb_request_t *);
26 +static int smb3_decrypt_msg(smb_request_t *);
70 27
71 28 static const smb_disp_entry_t const
72 29 smb2_disp_table[SMB2__NCMDS] = {
73 30
74 31 /* text-name, pre, func, post, cmd-code, dialect, flags */
75 32
76 33 { "smb2_negotiate", NULL,
77 34 smb2_negotiate, NULL, 0, 0,
78 35 SDDF_SUPPRESS_TID | SDDF_SUPPRESS_UID },
79 36
80 37 { "smb2_session_setup", NULL,
81 38 smb2_session_setup, NULL, 0, 0,
82 39 SDDF_SUPPRESS_TID | SDDF_SUPPRESS_UID },
83 40
84 41 { "smb2_logoff", NULL,
85 42 smb2_logoff, NULL, 0, 0,
86 43 SDDF_SUPPRESS_TID },
87 44
88 45 { "smb2_tree_connect", NULL,
89 46 smb2_tree_connect, NULL, 0, 0,
90 47 SDDF_SUPPRESS_TID },
91 48
92 49 { "smb2_tree_disconn", NULL,
93 50 smb2_tree_disconn, NULL, 0, 0 },
94 51
95 52 { "smb2_create", NULL,
96 53 smb2_create, NULL, 0, 0 },
97 54
98 55 { "smb2_close", NULL,
99 56 smb2_close, NULL, 0, 0 },
100 57
101 58 { "smb2_flush", NULL,
102 59 smb2_flush, NULL, 0, 0 },
103 60
104 61 { "smb2_read", NULL,
105 62 smb2_read, NULL, 0, 0 },
|
↓ open down ↓ |
26 lines elided |
↑ open up ↑ |
106 63
107 64 { "smb2_write", NULL,
108 65 smb2_write, NULL, 0, 0 },
109 66
110 67 { "smb2_lock", NULL,
111 68 smb2_lock, NULL, 0, 0 },
112 69
113 70 { "smb2_ioctl", NULL,
114 71 smb2_ioctl, NULL, 0, 0 },
115 72
116 - /*
117 - * Note: Cancel gets the "invalid command" handler because
118 - * that's always handled directly in the reader. We should
119 - * never get to the function using this table, but note:
120 - * We CAN get here if a nasty client adds cancel to some
121 - * compound message, which is a protocol violation.
122 - */
123 73 { "smb2_cancel", NULL,
124 - smb2_invalid_cmd, NULL, 0, 0 },
74 + smb2_cancel, NULL, 0, 0,
75 + SDDF_SUPPRESS_UID | SDDF_SUPPRESS_TID },
125 76
126 77 { "smb2_echo", NULL,
127 78 smb2_echo, NULL, 0, 0,
128 79 SDDF_SUPPRESS_UID | SDDF_SUPPRESS_TID },
129 80
130 81 { "smb2_query_dir", NULL,
131 82 smb2_query_dir, NULL, 0, 0 },
132 83
133 84 { "smb2_change_notify", NULL,
134 85 smb2_change_notify, NULL, 0, 0 },
135 86
136 87 { "smb2_query_info", NULL,
137 88 smb2_query_info, NULL, 0, 0 },
138 89
139 90 { "smb2_set_info", NULL,
140 91 smb2_set_info, NULL, 0, 0 },
141 92
142 93 { "smb2_oplock_break_ack", NULL,
143 94 smb2_oplock_break_ack, NULL, 0, 0 },
144 95
145 96 { "smb2_invalid_cmd", NULL,
146 97 smb2_invalid_cmd, NULL, 0, 0,
147 98 SDDF_SUPPRESS_UID | SDDF_SUPPRESS_TID },
148 99 };
149 100
150 101 smb_sdrc_t
151 102 smb2_invalid_cmd(smb_request_t *sr)
152 103 {
153 104 #ifdef DEBUG
154 105 cmn_err(CE_NOTE, "clnt %s bad SMB2 cmd code",
155 106 sr->session->ip_addr_str);
156 107 #endif
157 108 sr->smb2_status = NT_STATUS_INVALID_PARAMETER;
158 109 return (SDRC_DROP_VC);
159 110 }
160 111
161 112 /*
162 113 * This is the SMB2 handler for new smb requests, called from
163 114 * smb_session_reader after SMB negotiate is done. For most SMB2
164 115 * requests, we just enqueue them for the smb_session_worker to
165 116 * execute via the task queue, so they can block for resources
166 117 * without stopping the reader thread. A few protocol messages
167 118 * are special cases and are handled directly here in the reader
|
↓ open down ↓ |
33 lines elided |
↑ open up ↑ |
168 119 * thread so they don't wait for taskq scheduling.
169 120 *
170 121 * This function must either enqueue the new request for
171 122 * execution via the task queue, or execute it directly
172 123 * and then free it. If this returns non-zero, the caller
173 124 * will drop the session.
174 125 */
175 126 int
176 127 smb2sr_newrq(smb_request_t *sr)
177 128 {
129 + struct mbuf_chain *mbc = &sr->command;
178 130 uint32_t magic;
179 - uint16_t command;
180 - int rc;
131 + int rc, skip;
181 132
182 - magic = LE_IN32(sr->sr_request_buf);
183 - if (magic != SMB2_PROTOCOL_MAGIC) {
184 - smb_request_free(sr);
185 - /* will drop the connection */
186 - return (EPROTO);
133 + if (smb_mbc_peek(mbc, 0, "l", &magic) != 0)
134 + goto drop;
135 +
136 + /* 0xFD S M B */
137 + if (magic == SMB3_ENCRYPTED_MAGIC) {
138 + if (smb3_decrypt_msg(sr) != 0)
139 + goto drop;
140 + /*
141 + * Should now be looking at an un-encrypted
142 + * SMB2 message header.
143 + */
144 + if (smb_mbc_peek(mbc, 0, "l", &magic) != 0)
145 + goto drop;
187 146 }
188 147
148 + if (magic != SMB2_PROTOCOL_MAGIC)
149 + goto drop;
150 +
189 151 /*
190 - * Execute Cancel requests immediately, (here in the
191 - * reader thread) so they won't wait for any other
192 - * commands we might already have in the task queue.
193 - * Cancel also skips signature verification and
194 - * does not consume a sequence number.
195 - * [MS-SMB2] 3.2.4.24 Cancellation...
152 + * Walk the SMB2 commands in this compound message and
153 + * keep track of the range of message IDs it uses.
196 154 */
197 - command = LE_IN16((uint8_t *)sr->sr_request_buf + 12);
198 - if (command == SMB2_CANCEL) {
199 - rc = smb2sr_newrq_cancel(sr);
200 - smb_request_free(sr);
201 - return (rc);
155 + for (;;) {
156 + if (smb2_decode_header(sr) != 0)
157 + goto drop;
158 +
159 + /*
160 + * Cancel requests are special: They refer to
161 + * an earlier message ID (or an async. ID),
162 + * never a new ID, and are never compounded.
163 + * This is intentionally not "goto drop"
164 + * because rc may be zero (success).
165 + */
166 + if (sr->smb2_cmd_code == SMB2_CANCEL) {
167 + rc = smb2_newrq_cancel(sr);
168 + smb_request_free(sr);
169 + return (rc);
170 + }
171 +
172 + /*
173 + * Keep track of the total credits in this compound
174 + * and the first (real) message ID (not: 0, -1)
175 + * While we're looking, verify that all (real) IDs
176 + * are (first <= ID < (first + msg_credits))
177 + */
178 + if (sr->smb2_credit_charge == 0)
179 + sr->smb2_credit_charge = 1;
180 + sr->smb2_total_credits += sr->smb2_credit_charge;
181 +
182 + if (sr->smb2_messageid != 0 &&
183 + sr->smb2_messageid != UINT64_MAX) {
184 +
185 + if (sr->smb2_first_msgid == 0)
186 + sr->smb2_first_msgid = sr->smb2_messageid;
187 +
188 + if (sr->smb2_messageid < sr->smb2_first_msgid ||
189 + sr->smb2_messageid >= (sr->smb2_first_msgid +
190 + sr->smb2_total_credits)) {
191 + long long id = (long long) sr->smb2_messageid;
192 + cmn_err(CE_WARN, "clnt %s msg ID 0x%llx "
193 + "out of sequence in compound",
194 + sr->session->ip_addr_str, id);
195 + }
196 + }
197 +
198 + /* Normal loop exit on next == zero */
199 + if (sr->smb2_next_command == 0)
200 + break;
201 +
202 + /* Abundance of caution... */
203 + if (sr->smb2_next_command < SMB2_HDR_SIZE)
204 + goto drop;
205 +
206 + /* Advance to the next header. */
207 + skip = sr->smb2_next_command - SMB2_HDR_SIZE;
208 + if (MBC_ROOM_FOR(mbc, skip) == 0)
209 + goto drop;
210 + mbc->chain_offset += skip;
202 211 }
212 + /* Rewind back to the top. */
213 + mbc->chain_offset = 0;
203 214
204 215 /*
205 216 * Submit the request to the task queue, which calls
206 217 * smb2_tq_work when the workload permits.
207 218 */
208 219 sr->sr_time_submitted = gethrtime();
209 220 sr->sr_state = SMB_REQ_STATE_SUBMITTED;
210 221 smb_srqueue_waitq_enter(sr->session->s_srqueue);
211 222 (void) taskq_dispatch(sr->sr_server->sv_worker_pool,
212 223 smb2_tq_work, sr, TQ_SLEEP);
213 -
214 224 return (0);
225 +
226 +drop:
227 + smb_request_free(sr);
228 + return (-1);
215 229 }
216 230
217 231 static void
218 232 smb2_tq_work(void *arg)
219 233 {
220 234 smb_request_t *sr;
221 235 smb_srqueue_t *srq;
222 236
223 237 sr = (smb_request_t *)arg;
224 238 SMB_REQ_VALID(sr);
225 239
226 240 srq = sr->session->s_srqueue;
227 241 smb_srqueue_waitq_to_runq(srq);
228 242 sr->sr_worker = curthread;
229 243 sr->sr_time_active = gethrtime();
230 244
231 245 /*
232 - * In contrast with SMB1, SMB2 must _always_ dispatch to
233 - * the handler function, because cancelled requests need
234 - * an error reply (NT_STATUS_CANCELLED).
246 + * Always dispatch to the work function, because cancelled
247 + * requests need an error reply (NT_STATUS_CANCELLED).
235 248 */
249 + mutex_enter(&sr->sr_mutex);
250 + if (sr->sr_state == SMB_REQ_STATE_SUBMITTED)
251 + sr->sr_state = SMB_REQ_STATE_ACTIVE;
252 + mutex_exit(&sr->sr_mutex);
253 +
236 254 smb2sr_work(sr);
237 255
238 256 smb_srqueue_runq_exit(srq);
239 257 }
240 258
259 +static int
260 +smb3_decrypt_msg(smb_request_t *sr)
261 +{
262 + int save_offset;
263 +
264 + if (sr->session->dialect < SMB_VERS_3_0) {
265 + cmn_err(CE_WARN, "encrypted message in SMB 2.x");
266 + return (-1);
267 + }
268 +
269 + sr->encrypted = B_TRUE;
270 + save_offset = sr->command.chain_offset;
271 + if (smb3_decode_tform_header(sr) != 0) {
272 + cmn_err(CE_WARN, "bad transform header");
273 + return (-1);
274 + }
275 + sr->command.chain_offset = save_offset;
276 +
277 + sr->tform_ssn = smb_session_lookup_ssnid(sr->session,
278 + sr->smb3_tform_ssnid);
279 + if (sr->tform_ssn == NULL) {
280 + cmn_err(CE_WARN, "transform header: session not found");
281 + return (-1);
282 + }
283 +
284 + if (smb3_decrypt_sr(sr) != 0) {
285 + cmn_err(CE_WARN, "smb3 decryption failed");
286 + return (-1);
287 + }
288 +
289 + return (0);
290 +}
291 +
241 292 /*
293 + * SMB2 credits determine how many simultaneous commands the
294 + * client may issue, and bounds the range of message IDs those
295 + * commands may use. With multi-credit support, commands may
296 + * use ranges of message IDs, where the credits used by each
297 + * command are proportional to their data transfer size.
298 + *
299 + * Every command may request an increase or decrease of
300 + * the currently granted credits, based on the difference
301 + * between the credit request and the credit charge.
302 + * [MS-SMB2] 3.3.1.2 Algorithm for the Granting of Credits
303 + *
304 + * Most commands have credit_request=1, credit_charge=1,
305 + * which keeps the credit grant unchanged.
306 + *
307 + * All we're really doing here (for now) is reducing the
308 + * credit_response if the client requests a credit increase
309 + * that would take their credit over the maximum, and
310 + * limiting the decrease so they don't run out of credits.
311 + *
312 + * Later, this could do something dynamic based on load.
313 + *
314 + * One other non-obvious bit about credits: We keep the
315 + * session s_max_credits low until the 1st authentication,
316 + * at which point we'll set the normal maximum_credits.
317 + * Some clients ask for more credits with session setup,
318 + * and we need to handle that requested increase _after_
319 + * the command-specific handler returns so it won't be
320 + * restricted to the lower (pre-auth) limit.
321 + */
322 +static inline void
323 +smb2_credit_decrease(smb_request_t *sr)
324 +{
325 + smb_session_t *session = sr->session;
326 + uint16_t cur, d;
327 +
328 + mutex_enter(&session->s_credits_mutex);
329 + cur = session->s_cur_credits;
330 +
331 + /* Handle credit decrease. */
332 + d = sr->smb2_credit_charge - sr->smb2_credit_request;
333 + cur -= d;
334 + if (cur & 0x8000) {
335 + /*
336 + * underflow (bad credit charge or request)
337 + * leave credits unchanged (response=charge)
338 + */
339 + cur = session->s_cur_credits;
340 + sr->smb2_credit_response = sr->smb2_credit_charge;
341 + DTRACE_PROBE1(smb2__credit__neg, smb_request_t *, sr);
342 + }
343 +
344 + /*
345 + * The server MUST ensure that the number of credits
346 + * held by the client is never reduced to zero.
347 + * [MS-SMB2] 3.3.1.2
348 + */
349 + if (cur == 0) {
350 + cur = 1;
351 + sr->smb2_credit_response += 1;
352 + DTRACE_PROBE1(smb2__credit__min, smb_request_t *, sr);
353 + }
354 +
355 + DTRACE_PROBE3(smb2__credit__decrease,
356 + smb_request_t *, sr, int, (int)cur,
357 + int, (int)session->s_cur_credits);
358 +
359 + session->s_cur_credits = cur;
360 + mutex_exit(&session->s_credits_mutex);
361 +}
362 +
363 +/*
364 + * Second half of SMB2 credit handling (increases)
365 + */
366 +static inline void
367 +smb2_credit_increase(smb_request_t *sr)
368 +{
369 + smb_session_t *session = sr->session;
370 + uint16_t cur, d;
371 +
372 + mutex_enter(&session->s_credits_mutex);
373 + cur = session->s_cur_credits;
374 +
375 + /* Handle credit increase. */
376 + d = sr->smb2_credit_request - sr->smb2_credit_charge;
377 + cur += d;
378 +
379 + /*
380 + * If new credits would be above max,
381 + * reduce the credit grant.
382 + */
383 + if (cur > session->s_max_credits) {
384 + d = cur - session->s_max_credits;
385 + cur = session->s_max_credits;
386 + sr->smb2_credit_response -= d;
387 + DTRACE_PROBE1(smb2__credit__max, smb_request_t, sr);
388 + }
389 +
390 + DTRACE_PROBE3(smb2__credit__increase,
391 + smb_request_t *, sr, int, (int)cur,
392 + int, (int)session->s_cur_credits);
393 +
394 + session->s_cur_credits = cur;
395 + mutex_exit(&session->s_credits_mutex);
396 +}
397 +
398 +/*
399 + * Record some statistics: latency, rx bytes, tx bytes
400 + * per: server, session & kshare.
401 + */
402 +static inline void
403 +smb2_record_stats(smb_request_t *sr, smb_disp_stats_t *sds, boolean_t tx_only)
404 +{
405 + hrtime_t dt;
406 + int64_t rxb;
407 + int64_t txb;
408 + smb_disp_stats_t *client_sds;
409 + smb_disp_stats_t *share_sds;
410 + int cmd_type;
411 + smb_session_t *session = sr->session;
412 +
413 + if (sr->smb2_cmd_code == SMB2_READ) {
414 + cmd_type = SMBSRV_CLSH_READ;
415 + } else if (sr->smb2_cmd_code == SMB2_WRITE) {
416 + cmd_type = SMBSRV_CLSH_WRITE;
417 + } else {
418 + cmd_type = SMBSRV_CLSH_OTHER;
419 + }
420 +
421 + dt = gethrtime() - sr->sr_time_start;
422 + rxb = (int64_t)(sr->command.chain_offset - sr->smb2_cmd_hdr);
423 + txb = (int64_t)(sr->reply.chain_offset - sr->smb2_reply_hdr);
424 +
425 + if (!tx_only) {
426 + smb_server_inc_req(sr->sr_server);
427 + smb_latency_add_sample(&sds->sdt_lat, dt);
428 + atomic_add_64(&sds->sdt_rxb, rxb);
429 + }
430 + atomic_add_64(&sds->sdt_txb, txb);
431 +
432 + client_sds = &session->s_stats[cmd_type];
433 + if (!tx_only) {
434 + smb_latency_add_sample(&client_sds->sdt_lat, dt);
435 + atomic_add_64(&client_sds->sdt_rxb, rxb);
436 + }
437 + atomic_add_64(&client_sds->sdt_txb, txb);
438 +
439 + if ((sr->tid_tree != NULL) &&
440 + (sr->tid_tree->t_kshare != NULL)) {
441 + share_sds =
442 + &sr->tid_tree->t_kshare->shr_stats[cmd_type];
443 + if (!tx_only) {
444 + smb_latency_add_sample(&share_sds->sdt_lat, dt);
445 + atomic_add_64(&share_sds->sdt_rxb, rxb);
446 + }
447 + atomic_add_64(&share_sds->sdt_txb, txb);
448 + }
449 +}
450 +
451 +/*
242 452 * smb2sr_work
243 453 *
244 454 * This function processes each SMB command in the current request
245 455 * (which may be a compound request) building a reply containing
246 456 * SMB reply messages, one-to-one with the SMB commands. Some SMB
247 457 * commands (change notify, blocking locks) may require both an
248 458 * "interim response" and a later "async response" at completion.
249 459 * In such cases, we'll encode the interim response in the reply
250 460 * compound we're building, and put the (now async) command on a
251 461 * list of commands that need further processing. After we've
252 462 * finished processing the commands in this compound and building
253 463 * the compound reply, we'll send the compound reply, and finally
254 464 * process the list of async commands.
255 465 *
256 466 * As we work our way through the compound request and reply,
257 467 * we need to keep track of the bounds of the current request
258 468 * and reply. For the request, this uses an MBC_SHADOW_CHAIN
259 469 * that begins at smb2_cmd_hdr. The reply is appended to the
260 470 * sr->reply chain starting at smb2_reply_hdr.
261 471 *
262 - * This function must always free the smb request.
472 + * This function must always free the smb request, or arrange
473 + * for it to be completed and free'd later (if SDRC_SR_KEPT).
263 474 */
264 475 void
265 476 smb2sr_work(struct smb_request *sr)
266 477 {
267 478 const smb_disp_entry_t *sdd;
268 479 smb_disp_stats_t *sds;
269 480 smb_session_t *session;
270 481 uint32_t msg_len;
271 482 uint16_t cmd_idx;
272 483 int rc = 0;
273 484 boolean_t disconnect = B_FALSE;
274 485 boolean_t related;
275 486
276 487 session = sr->session;
277 488
489 + ASSERT(sr->smb2_async == B_FALSE);
278 490 ASSERT(sr->tid_tree == 0);
279 491 ASSERT(sr->uid_user == 0);
280 492 ASSERT(sr->fid_ofile == 0);
281 493 sr->smb_fid = (uint16_t)-1;
282 494 sr->smb2_status = 0;
283 495
284 496 /* temporary until we identify a user */
285 497 sr->user_cr = zone_kcred();
286 498
287 - mutex_enter(&sr->sr_mutex);
288 - switch (sr->sr_state) {
289 - case SMB_REQ_STATE_SUBMITTED:
290 - case SMB_REQ_STATE_CLEANED_UP:
291 - sr->sr_state = SMB_REQ_STATE_ACTIVE;
292 - break;
293 - default:
294 - ASSERT(0);
295 - /* FALLTHROUGH */
296 - case SMB_REQ_STATE_CANCELED:
297 - sr->smb2_status = NT_STATUS_CANCELLED;
298 - break;
299 - }
300 - mutex_exit(&sr->sr_mutex);
301 -
302 499 cmd_start:
303 500 /*
304 - * Decode the request header
501 + * Note that we don't check sr_state here and abort the
502 + * compound if cancelled (etc.) because some SMB2 command
503 + * handlers need to do work even when cancelled.
305 504 *
306 - * Most problems with decoding will result in the error
307 - * STATUS_INVALID_PARAMETER. If the decoding problem
308 - * prevents continuing, we'll close the connection.
309 - * [MS-SMB2] 3.3.5.2.6 Handling Incorrectly Formatted...
310 - *
311 505 * We treat some status codes as if "sticky", meaning
312 506 * once they're set after some command handler returns,
313 507 * all remaining commands get this status without even
314 - * calling the command-specific handler. The cancelled
315 - * status is used above, and insufficient_resources is
316 - * used when smb2sr_go_async declines to "go async".
317 - * Otherwise initialize to zero (success).
508 + * calling the command-specific handler.
318 509 */
319 510 if (sr->smb2_status != NT_STATUS_CANCELLED &&
320 511 sr->smb2_status != NT_STATUS_INSUFFICIENT_RESOURCES)
321 512 sr->smb2_status = 0;
322 513
514 + /*
515 + * Decode the request header
516 + *
517 + * Most problems with decoding will result in the error
518 + * STATUS_INVALID_PARAMETER. If the decoding problem
519 + * prevents continuing, we'll close the connection.
520 + * [MS-SMB2] 3.3.5.2.6 Handling Incorrectly Formatted...
521 + */
323 522 sr->smb2_cmd_hdr = sr->command.chain_offset;
324 523 if ((rc = smb2_decode_header(sr)) != 0) {
325 524 cmn_err(CE_WARN, "clnt %s bad SMB2 header",
326 525 session->ip_addr_str);
327 526 disconnect = B_TRUE;
328 527 goto cleanup;
329 528 }
330 529
331 530 /*
332 531 * The SMB2_FLAGS_SERVER_TO_REDIR should only appear
333 532 * in messages from the server back to the client.
334 533 */
335 534 if ((sr->smb2_hdr_flags & SMB2_FLAGS_SERVER_TO_REDIR) != 0) {
336 535 cmn_err(CE_WARN, "clnt %s bad SMB2 flags",
337 536 session->ip_addr_str);
338 537 disconnect = B_TRUE;
339 538 goto cleanup;
340 539 }
341 540 related = (sr->smb2_hdr_flags & SMB2_FLAGS_RELATED_OPERATIONS);
541 + sr->smb2_hdr_flags |= SMB2_FLAGS_SERVER_TO_REDIR;
542 + if (sr->smb2_hdr_flags & SMB2_FLAGS_ASYNC_COMMAND) {
543 + /* Probably an async cancel. */
544 + DTRACE_PROBE1(smb2__dispatch__async, smb_request_t *, sr);
545 + } else if (sr->smb2_async) {
546 + /* Previous command in compound went async. */
547 + sr->smb2_hdr_flags |= SMB2_FLAGS_ASYNC_COMMAND;
548 + sr->smb2_async_id = SMB2_ASYNCID(sr);
549 + }
342 550
343 551 /*
344 552 * In case we bail out with an error before we get to the
345 553 * section that computes the credit grant, initialize the
346 554 * response header fields so that credits won't change.
347 555 * Note: SMB 2.02 clients may send credit charge zero.
348 556 */
349 557 if (sr->smb2_credit_charge == 0)
350 558 sr->smb2_credit_charge = 1;
351 559 sr->smb2_credit_response = sr->smb2_credit_charge;
352 560
353 561 /*
354 - * Reserve space for the reply header, and save the offset.
355 - * The reply header will be overwritten later. If we have
356 - * already exhausted the output space, then this client is
357 - * trying something funny. Log it and kill 'em.
562 + * Write a tentative reply header.
563 + *
564 + * We could just leave this blank, but if we're using the
565 + * mdb module feature that extracts packets, it's useful
566 + * to have the header mostly correct here.
567 + *
568 + * If we have already exhausted the output space, then the
569 + * client is trying something funny. Log it and kill 'em.
358 570 */
571 + sr->smb2_next_reply = 0;
572 + ASSERT((sr->reply.chain_offset & 7) == 0);
359 573 sr->smb2_reply_hdr = sr->reply.chain_offset;
360 574 if ((rc = smb2_encode_header(sr, B_FALSE)) != 0) {
361 575 cmn_err(CE_WARN, "clnt %s excessive reply",
362 576 session->ip_addr_str);
363 577 disconnect = B_TRUE;
364 578 goto cleanup;
365 579 }
366 580
367 581 /*
368 582 * Figure out the length of data following the SMB2 header.
369 583 * It ends at either the next SMB2 header if there is one
370 584 * (smb2_next_command != 0) or at the end of the message.
371 585 */
372 586 if (sr->smb2_next_command != 0) {
373 587 /* [MS-SMB2] says this is 8-byte aligned */
374 588 msg_len = sr->smb2_next_command;
375 589 if ((msg_len & 7) != 0 || (msg_len < SMB2_HDR_SIZE) ||
376 590 ((sr->smb2_cmd_hdr + msg_len) > sr->command.max_bytes)) {
377 591 cmn_err(CE_WARN, "clnt %s bad SMB2 next cmd",
378 592 session->ip_addr_str);
379 593 disconnect = B_TRUE;
380 594 goto cleanup;
381 595 }
382 596 } else {
383 597 msg_len = sr->command.max_bytes - sr->smb2_cmd_hdr;
384 598 }
385 599
386 600 /*
387 601 * Setup a shadow chain for this SMB2 command, starting
|
↓ open down ↓ |
19 lines elided |
↑ open up ↑ |
388 602 * with the header and ending at either the next command
389 603 * or the end of the message. The signing check below
390 604 * needs the entire SMB2 command. After that's done, we
391 605 * advance chain_offset to the end of the header where
392 606 * the command specific handlers continue decoding.
393 607 */
394 608 (void) MBC_SHADOW_CHAIN(&sr->smb_data, &sr->command,
395 609 sr->smb2_cmd_hdr, msg_len);
396 610
397 611 /*
612 + * We will consume the data for this request from smb_data.
613 + * That effectively consumes msg_len bytes from sr->command
614 + * but doesn't update its chain_offset, so we need to update
615 + * that here to make later received bytes accounting work.
616 + */
617 + sr->command.chain_offset = sr->smb2_cmd_hdr + msg_len;
618 + ASSERT(sr->command.chain_offset <= sr->command.max_bytes);
619 +
620 + /*
398 621 * Validate the commmand code, get dispatch table entries.
399 622 * [MS-SMB2] 3.3.5.2.6 Handling Incorrectly Formatted...
400 623 *
401 624 * The last slot in the dispatch table is used to handle
402 625 * invalid commands. Same for statistics.
403 626 */
404 627 if (sr->smb2_cmd_code < SMB2_INVALID_CMD)
405 628 cmd_idx = sr->smb2_cmd_code;
406 629 else
407 630 cmd_idx = SMB2_INVALID_CMD;
408 631 sdd = &smb2_disp_table[cmd_idx];
409 632 sds = &session->s_server->sv_disp_stats2[cmd_idx];
410 633
411 634 /*
412 635 * If this command is NOT "related" to the previous,
413 636 * clear out the UID, TID, FID state that might be
414 637 * left over from the previous command.
415 638 *
|
↓ open down ↓ |
8 lines elided |
↑ open up ↑ |
416 639 * If the command IS related, any new IDs are ignored,
417 640 * and we simply continue with the previous user, tree,
418 641 * and open file.
419 642 */
420 643 if (!related) {
421 644 /*
422 645 * Drop user, tree, file; carefully ordered to
423 646 * avoid dangling references: file, tree, user
424 647 */
425 648 if (sr->fid_ofile != NULL) {
426 - smb_ofile_request_complete(sr->fid_ofile);
427 649 smb_ofile_release(sr->fid_ofile);
428 650 sr->fid_ofile = NULL;
429 651 }
430 652 if (sr->tid_tree != NULL) {
431 653 smb_tree_release(sr->tid_tree);
432 654 sr->tid_tree = NULL;
433 655 }
434 656 if (sr->uid_user != NULL) {
435 657 smb_user_release(sr->uid_user);
436 658 sr->uid_user = NULL;
437 659 sr->user_cr = zone_kcred();
438 660 }
439 661 }
440 662
441 663 /*
442 664 * Make sure we have a user and tree as needed
443 665 * according to the flags for the this command.
444 666 * Note that we may have inherited these.
445 667 */
446 668 if ((sdd->sdt_flags & SDDF_SUPPRESS_UID) == 0) {
447 669 /*
448 670 * This command requires a user session.
449 671 */
|
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
450 672 if (related) {
451 673 /*
452 674 * Previous command should have given us a user.
453 675 * [MS-SMB2] 3.3.5.2 Handling Related Requests
454 676 */
455 677 if (sr->uid_user == NULL) {
456 678 smb2sr_put_error(sr,
457 679 NT_STATUS_INVALID_PARAMETER);
458 680 goto cmd_done;
459 681 }
460 - sr->smb_uid = sr->uid_user->u_uid;
682 + sr->smb2_ssnid = sr->uid_user->u_ssnid;
461 683 } else {
462 684 /*
463 685 * Lookup the UID
464 686 * [MS-SMB2] 3.3.5.2 Verifying the Session
465 687 */
466 688 ASSERT(sr->uid_user == NULL);
467 - sr->uid_user = smb_session_lookup_uid(session,
468 - sr->smb_uid);
689 + /*
690 + * [MS-SMB2] 3.3.5.2.7 Handling Compounded Requests
691 + *
692 + * If this is an encrypted compound request,
693 + * ensure that the ssnid in the request
694 + * is the same as the tform ssnid if this
695 + * message is not related.
696 + *
697 + * The reasons this is done seem to apply equally
698 + * to uncompounded requests, so we apply it to all.
699 + */
700 +
701 + if (sr->encrypted &&
702 + sr->smb2_ssnid != sr->smb3_tform_ssnid) {
703 + disconnect = B_TRUE;
704 + goto cleanup; /* just do this for now */
705 + }
706 +
707 + sr->uid_user = smb_session_lookup_ssnid(session,
708 + sr->smb2_ssnid);
469 709 if (sr->uid_user == NULL) {
470 710 smb2sr_put_error(sr,
471 711 NT_STATUS_USER_SESSION_DELETED);
472 712 goto cmd_done;
473 713 }
714 +
715 + /*
716 + * [MS-SMB2] 3.3.5.2.9 Verifying the Session
717 + *
718 + * If we're talking 3.x,
719 + * RejectUnencryptedAccess is TRUE,
720 + * Session.EncryptData is TRUE,
721 + * and the message wasn't encrypted,
722 + * return ACCESS_DENIED.
723 + *
724 + * Note that Session.EncryptData can only be TRUE when
725 + * we're talking 3.x.
726 + */
727 +
728 + if (sr->uid_user->u_encrypt ==
729 + SMB_CONFIG_REQUIRED &&
730 + !sr->encrypted) {
731 + smb2sr_put_error(sr,
732 + NT_STATUS_ACCESS_DENIED);
733 + goto cmd_done;
734 + }
735 +
474 736 sr->user_cr = smb_user_getcred(sr->uid_user);
475 737 }
476 738 ASSERT(sr->uid_user != NULL);
739 +
740 + /*
741 + * Encrypt if:
742 + * - The cmd is not SESSION_SETUP or NEGOTIATE; AND
743 + * - Session.EncryptData is TRUE
744 + *
745 + * Those commands suppress UID, so they can't be the cmd here.
746 + */
747 + if (sr->uid_user->u_encrypt != SMB_CONFIG_DISABLED &&
748 + sr->tform_ssn == NULL) {
749 + smb_user_hold_internal(sr->uid_user);
750 + sr->tform_ssn = sr->uid_user;
751 + sr->smb3_tform_ssnid = sr->smb2_ssnid;
752 + }
477 753 }
478 754
479 755 if ((sdd->sdt_flags & SDDF_SUPPRESS_TID) == 0) {
480 756 /*
481 757 * This command requires a tree connection.
482 758 */
483 759 if (related) {
484 760 /*
485 761 * Previous command should have given us a tree.
486 762 * [MS-SMB2] 3.3.5.2 Handling Related Requests
487 763 */
488 764 if (sr->tid_tree == NULL) {
489 765 smb2sr_put_error(sr,
490 766 NT_STATUS_INVALID_PARAMETER);
491 767 goto cmd_done;
492 768 }
493 769 sr->smb_tid = sr->tid_tree->t_tid;
494 770 } else {
495 771 /*
496 772 * Lookup the TID
|
↓ open down ↓ |
10 lines elided |
↑ open up ↑ |
497 773 * [MS-SMB2] 3.3.5.2 Verifying the Tree Connect
498 774 */
499 775 ASSERT(sr->tid_tree == NULL);
500 776 sr->tid_tree = smb_session_lookup_tree(session,
501 777 sr->smb_tid);
502 778 if (sr->tid_tree == NULL) {
503 779 smb2sr_put_error(sr,
504 780 NT_STATUS_NETWORK_NAME_DELETED);
505 781 goto cmd_done;
506 782 }
783 +
784 + /*
785 + * [MS-SMB2] 3.3.5.2.11 Verifying the Tree Connect
786 + *
787 + * If we support 3.x, RejectUnencryptedAccess is TRUE,
788 + * if Tcon.EncryptData is TRUE or
789 + * global EncryptData is TRUE and
790 + * the message wasn't encrypted, or
791 + * if Tcon.EncryptData is TRUE or
792 + * global EncryptData is TRUE or
793 + * the request was encrypted and
794 + * the connection doesn't support encryption,
795 + * return ACCESS_DENIED.
796 + *
797 + * If RejectUnencryptedAccess is TRUE, we force
798 + * max_protocol to at least 3.0. Additionally,
799 + * if the tree requires encryption, we don't care
800 + * what we support, we still enforce encryption.
801 + */
802 + if (sr->tid_tree->t_encrypt == SMB_CONFIG_REQUIRED &&
803 + (!sr->encrypted ||
804 + (session->srv_cap & SMB2_CAP_ENCRYPTION) == 0)) {
805 + smb2sr_put_error(sr,
806 + NT_STATUS_ACCESS_DENIED);
807 + goto cmd_done;
808 + }
507 809 }
508 810 ASSERT(sr->tid_tree != NULL);
811 +
812 + /*
813 + * Encrypt if:
814 + * - The cmd is not TREE_CONNECT; AND
815 + * - Tree.EncryptData is TRUE
816 + *
817 + * TREE_CONNECT suppresses TID, so that can't be the cmd here.
818 + * NOTE: assumes we can't have a tree without a user
819 + */
820 + if (sr->tid_tree->t_encrypt != SMB_CONFIG_DISABLED &&
821 + sr->tform_ssn == NULL) {
822 + smb_user_hold_internal(sr->uid_user);
823 + sr->tform_ssn = sr->uid_user;
824 + sr->smb3_tform_ssnid = sr->smb2_ssnid;
825 + }
509 826 }
510 827
511 828 /*
512 829 * SMB2 signature verification, two parts:
513 830 * (a) Require SMB2_FLAGS_SIGNED (for most request types)
514 831 * (b) If SMB2_FLAGS_SIGNED is set, check the signature.
515 832 * [MS-SMB2] 3.3.5.2.4 Verifying the Signature
516 833 */
517 834
518 835 /*
519 836 * No user session means no signature check. That's OK,
|
↓ open down ↓ |
1 lines elided |
↑ open up ↑ |
520 837 * i.e. for commands marked SDDF_SUPPRESS_UID above.
521 838 * Note, this also means we won't sign the reply.
522 839 */
523 840 if (sr->uid_user == NULL)
524 841 sr->smb2_hdr_flags &= ~SMB2_FLAGS_SIGNED;
525 842
526 843 /*
527 844 * The SDDF_SUPPRESS_UID dispatch is set for requests that
528 845 * don't need a UID (user). These also don't require a
529 846 * signature check here.
847 + *
848 + * [MS-SMB2] 3.3.5.2.4 Verifying the Signature
849 + *
850 + * If the packet was successfully decrypted, the message
851 + * signature has already been verified, so we can skip this.
530 852 */
531 853 if ((sdd->sdt_flags & SDDF_SUPPRESS_UID) == 0 &&
532 - sr->uid_user != NULL &&
533 - (sr->uid_user->u_sign_flags & SMB_SIGNING_CHECK) != 0) {
854 + !sr->encrypted && sr->uid_user != NULL &&
855 + (sr->uid_user->u_sign_flags & SMB_SIGNING_ENABLED) != 0) {
534 856 /*
535 - * This request type should be signed, and
536 - * we're configured to require signatures.
857 + * If the request is signed, check the signature.
858 + * Otherwise, if signing is required, deny access.
537 859 */
538 - if ((sr->smb2_hdr_flags & SMB2_FLAGS_SIGNED) == 0) {
860 + if ((sr->smb2_hdr_flags & SMB2_FLAGS_SIGNED) != 0) {
861 + rc = smb2_sign_check_request(sr);
862 + if (rc != 0) {
863 + DTRACE_PROBE1(smb2__sign__check,
864 + smb_request_t *, sr);
865 + smb2sr_put_error(sr, NT_STATUS_ACCESS_DENIED);
866 + goto cmd_done;
867 + }
868 + } else if (
869 + (sr->uid_user->u_sign_flags & SMB_SIGNING_CHECK) != 0) {
539 870 smb2sr_put_error(sr, NT_STATUS_ACCESS_DENIED);
540 871 goto cmd_done;
541 872 }
542 - rc = smb2_sign_check_request(sr);
543 - if (rc != 0) {
544 - DTRACE_PROBE1(smb2__sign__check, smb_request_t, sr);
545 - smb2sr_put_error(sr, NT_STATUS_ACCESS_DENIED);
546 - goto cmd_done;
547 - }
548 873 }
549 874
550 875 /*
551 876 * Now that the signing check is done with smb_data,
552 877 * advance past the SMB2 header we decoded earlier.
553 878 * This leaves sr->smb_data correctly positioned
554 879 * for command-specific decoding in the dispatch
555 880 * function called next.
556 881 */
557 882 sr->smb_data.chain_offset = sr->smb2_cmd_hdr + SMB2_HDR_SIZE;
558 883
559 884 /*
560 - * SMB2 credits determine how many simultaneous commands the
561 - * client may issue, and bounds the range of message IDs those
562 - * commands may use. With multi-credit support, commands may
563 - * use ranges of message IDs, where the credits used by each
564 - * command are proportional to their data transfer size.
885 + * Credit adjustments (decrease)
565 886 *
566 - * Every command may request an increase or decrease of
567 - * the currently granted credits, based on the difference
568 - * between the credit request and the credit charge.
569 - * [MS-SMB2] 3.3.1.2 Algorithm for the Granting of Credits
570 - *
571 - * Most commands have credit_request=1, credit_charge=1,
572 - * which keeps the credit grant unchanged.
573 - *
574 - * All we're really doing here (for now) is reducing the
575 - * credit_response if the client requests a credit increase
576 - * that would take their credit over the maximum, and
577 - * limiting the decrease so they don't run out of credits.
578 - *
579 - * Later, this could do something dynamic based on load.
580 - *
581 - * One other non-obvious bit about credits: We keep the
582 - * session s_max_credits low until the 1st authentication,
583 - * at which point we'll set the normal maximum_credits.
584 - * Some clients ask for more credits with session setup,
585 - * and we need to handle that requested increase _after_
586 - * the command-specific handler returns so it won't be
587 - * restricted to the lower (pre-auth) limit.
887 + * If we've gone async, credit adjustments were done
888 + * when we sent the interim reply.
588 889 */
589 - sr->smb2_credit_response = sr->smb2_credit_request;
590 - if (sr->smb2_credit_request < sr->smb2_credit_charge) {
591 - uint16_t cur, d;
592 -
593 - mutex_enter(&session->s_credits_mutex);
594 - cur = session->s_cur_credits;
595 -
596 - /* Handle credit decrease. */
597 - d = sr->smb2_credit_charge - sr->smb2_credit_request;
598 - cur -= d;
599 - if (cur & 0x8000) {
600 - /*
601 - * underflow (bad credit charge or request)
602 - * leave credits unchanged (response=charge)
603 - */
604 - cur = session->s_cur_credits;
605 - sr->smb2_credit_response = sr->smb2_credit_charge;
606 - DTRACE_PROBE1(smb2__credit__neg, smb_request_t, sr);
890 + if (!sr->smb2_async) {
891 + sr->smb2_credit_response = sr->smb2_credit_request;
892 + if (sr->smb2_credit_request < sr->smb2_credit_charge) {
893 + smb2_credit_decrease(sr);
607 894 }
608 -
609 - /*
610 - * The server MUST ensure that the number of credits
611 - * held by the client is never reduced to zero.
612 - * [MS-SMB2] 3.3.1.2
613 - */
614 - if (cur == 0) {
615 - cur = 1;
616 - sr->smb2_credit_response += 1;
617 - DTRACE_PROBE1(smb2__credit__min, smb_request_t, sr);
618 - }
619 -
620 - DTRACE_PROBE3(smb2__credit__decrease,
621 - smb_request_t, sr, int, (int)cur,
622 - int, (int)session->s_cur_credits);
623 -
624 - session->s_cur_credits = cur;
625 - mutex_exit(&session->s_credits_mutex);
626 895 }
627 896
628 897 /*
629 898 * The real work: call the SMB2 command handler
630 899 * (except for "sticky" smb2_status - see above)
631 900 */
632 901 sr->sr_time_start = gethrtime();
633 902 rc = SDRC_SUCCESS;
634 903 if (sr->smb2_status == 0) {
635 904 /* NB: not using pre_op */
636 905 rc = (*sdd->sdt_function)(sr);
637 906 /* NB: not using post_op */
907 + } else {
908 + smb2sr_put_error(sr, sr->smb2_status);
638 909 }
639 910
640 - MBC_FLUSH(&sr->raw_data);
641 -
642 911 /*
643 - * Second half of SMB2 credit handling (increases)
912 + * When the sdt_function returns SDRC_SR_KEPT, it means
913 + * this SR may have been passed to another thread so we
914 + * MUST NOT touch it anymore.
644 915 */
645 - if (sr->smb2_credit_request > sr->smb2_credit_charge) {
646 - uint16_t cur, d;
916 + if (rc == SDRC_SR_KEPT)
917 + return;
647 918
648 - mutex_enter(&session->s_credits_mutex);
649 - cur = session->s_cur_credits;
919 + MBC_FLUSH(&sr->raw_data);
650 920
651 - /* Handle credit increase. */
652 - d = sr->smb2_credit_request - sr->smb2_credit_charge;
653 - cur += d;
654 -
655 - /*
656 - * If new credits would be above max,
657 - * reduce the credit grant.
658 - */
659 - if (cur > session->s_max_credits) {
660 - d = cur - session->s_max_credits;
661 - cur = session->s_max_credits;
662 - sr->smb2_credit_response -= d;
663 - DTRACE_PROBE1(smb2__credit__max, smb_request_t, sr);
664 - }
665 -
666 - DTRACE_PROBE3(smb2__credit__increase,
667 - smb_request_t, sr, int, (int)cur,
668 - int, (int)session->s_cur_credits);
669 -
670 - session->s_cur_credits = cur;
671 - mutex_exit(&session->s_credits_mutex);
672 - }
673 -
674 -cmd_done:
675 921 /*
676 - * Pad the reply to align(8) if necessary.
922 + * Credit adjustments (increase)
677 923 */
678 - if (sr->reply.chain_offset & 7) {
679 - int padsz = 8 - (sr->reply.chain_offset & 7);
680 - (void) smb_mbc_encodef(&sr->reply, "#.", padsz);
924 + if (!sr->smb2_async) {
925 + if (sr->smb2_credit_request > sr->smb2_credit_charge) {
926 + smb2_credit_increase(sr);
927 + }
681 928 }
682 - ASSERT((sr->reply.chain_offset & 7) == 0);
683 929
684 - /*
685 - * Record some statistics: latency, rx bytes, tx bytes.
686 - */
687 - smb_latency_add_sample(&sds->sdt_lat,
688 - gethrtime() - sr->sr_time_start);
689 - atomic_add_64(&sds->sdt_rxb,
690 - (int64_t)(sr->command.chain_offset - sr->smb2_cmd_hdr));
691 - atomic_add_64(&sds->sdt_txb,
692 - (int64_t)(sr->reply.chain_offset - sr->smb2_reply_hdr));
693 -
930 +cmd_done:
694 931 switch (rc) {
695 932 case SDRC_SUCCESS:
696 933 break;
697 934 default:
698 935 /*
699 936 * SMB2 does not use the other dispatch return codes.
700 937 * If we see something else, log an event so we'll
701 938 * know something is returning bogus status codes.
702 939 * If you see these in the log, use dtrace to find
703 940 * the code returning something else.
704 941 */
705 942 #ifdef DEBUG
706 943 cmn_err(CE_NOTE, "handler for %u returned 0x%x",
707 944 sr->smb2_cmd_code, rc);
708 945 #endif
709 - /* FALLTHROUGH */
946 + sr->smb2_status = NT_STATUS_INTERNAL_ERROR;
947 + break;
710 948 case SDRC_ERROR:
949 + /*
950 + * Many command handlers return SDRC_ERROR for any
951 + * problems decoding the request, and don't bother
952 + * setting smb2_status. For those cases, the best
953 + * status return would be "invalid parameter".
954 + */
711 955 if (sr->smb2_status == 0)
712 - sr->smb2_status = NT_STATUS_INTERNAL_ERROR;
956 + sr->smb2_status = NT_STATUS_INVALID_PARAMETER;
713 957 break;
714 958 case SDRC_DROP_VC:
715 959 disconnect = B_TRUE;
716 960 goto cleanup;
961 +
962 + case SDRC_NO_REPLY:
963 + /* will free sr */
964 + goto cleanup;
717 965 }
718 966
719 967 /*
968 + * Pad the reply to align(8) if there will be another.
969 + * (We don't compound async replies.)
970 + */
971 + if (!sr->smb2_async && sr->smb2_next_command != 0)
972 + (void) smb_mbc_put_align(&sr->reply, 8);
973 +
974 + /*
975 + * Record some statistics. Uses:
976 + * rxb = command.chain_offset - smb2_cmd_hdr;
977 + * txb = reply.chain_offset - smb2_reply_hdr;
978 + * which at this point represent the current cmd/reply.
979 + *
980 + * Note: If async, this does txb only, and
981 + * skips the smb_latency_add_sample() calls.
982 + */
983 + smb2_record_stats(sr, sds, sr->smb2_async);
984 +
985 + /*
720 986 * If there's a next command, figure out where it starts,
721 - * and fill in the next command offset for the reply.
722 - * Note: We sanity checked smb2_next_command above
723 - * (the offset to the next command). Similarly set
724 - * smb2_next_reply as the offset to the next reply.
987 + * and fill in the next header offset for the reply.
988 + * Note: We sanity checked smb2_next_command above.
725 989 */
726 990 if (sr->smb2_next_command != 0) {
727 991 sr->command.chain_offset =
728 992 sr->smb2_cmd_hdr + sr->smb2_next_command;
729 993 sr->smb2_next_reply =
730 994 sr->reply.chain_offset - sr->smb2_reply_hdr;
731 995 } else {
732 - sr->smb2_next_reply = 0;
996 + ASSERT(sr->smb2_next_reply == 0);
733 997 }
734 998
735 999 /*
736 - * Overwrite the SMB2 header for the response of
737 - * this command (possibly part of a compound).
738 - * encode_header adds: SMB2_FLAGS_SERVER_TO_REDIR
1000 + * Overwrite the (now final) SMB2 header for this response.
739 1001 */
740 1002 (void) smb2_encode_header(sr, B_TRUE);
741 1003
742 - if (sr->smb2_hdr_flags & SMB2_FLAGS_SIGNED)
1004 + /* Don't sign if we're going to encrypt */
1005 + if (sr->tform_ssn == NULL &&
1006 + (sr->smb2_hdr_flags & SMB2_FLAGS_SIGNED) != 0)
743 1007 smb2_sign_reply(sr);
744 1008
745 - if (sr->smb2_next_command != 0)
746 - goto cmd_start;
747 -
748 1009 /*
749 - * We've done all the commands in this compound.
750 - * Send it out.
1010 + * Non-async runs the whole compound before send.
1011 + * When we've gone async, send each individually.
751 1012 */
1013 + if (!sr->smb2_async && sr->smb2_next_command != 0)
1014 + goto cmd_start;
752 1015 smb2_send_reply(sr);
1016 + if (sr->smb2_async && sr->smb2_next_command != 0) {
1017 + MBC_FLUSH(&sr->reply); /* New reply buffer. */
1018 + ASSERT(sr->reply.max_bytes == sr->session->reply_max_bytes);
1019 + goto cmd_start;
1020 + }
753 1021
1022 +cleanup:
1023 + if (disconnect)
1024 + smb_session_disconnect(session);
1025 +
754 1026 /*
755 - * If any of the requests "went async", process those now.
756 - * The async. function "keeps" this sr, changing its state
757 - * to completed and calling smb_request_free().
1027 + * If we have a durable handle, and this operation
1028 + * updated the nvlist, write it out.
758 1029 */
759 - if (sr->sr_async_req != NULL) {
760 - smb2sr_do_async(sr);
761 - return;
1030 + if (sr->dh_nvl_dirty) {
1031 + sr->dh_nvl_dirty = B_FALSE;
1032 + smb2_dh_update_nvfile(sr);
762 1033 }
763 1034
764 -cleanup:
765 - if (disconnect) {
766 - smb_rwx_rwenter(&session->s_lock, RW_WRITER);
767 - switch (session->s_state) {
768 - case SMB_SESSION_STATE_DISCONNECTED:
769 - case SMB_SESSION_STATE_TERMINATED:
770 - break;
771 - default:
772 - smb_soshutdown(session->sock);
773 - session->s_state = SMB_SESSION_STATE_DISCONNECTED;
774 - break;
775 - }
776 - smb_rwx_rwexit(&session->s_lock);
777 - }
1035 + /*
1036 + * Do "postwork" for oplock (and maybe other things)
1037 + */
1038 + if (sr->sr_postwork != NULL)
1039 + smb2sr_run_postwork(sr);
778 1040
779 1041 mutex_enter(&sr->sr_mutex);
780 1042 sr->sr_state = SMB_REQ_STATE_COMPLETED;
781 1043 mutex_exit(&sr->sr_mutex);
782 1044
783 1045 smb_request_free(sr);
784 1046 }
785 1047
786 1048 /*
787 - * Dispatch an async request using saved information.
788 - * See smb2sr_save_async and [MS-SMB2] 3.3.4.2
1049 + * Build interim responses for the current and all following
1050 + * requests in this compound, then send the compound response,
1051 + * leaving the SR state so that smb2sr_work() can continue its
1052 + * processing of this compound in "async mode".
789 1053 *
790 - * This is sort of a "lite" version of smb2sr_work. Initialize the
791 - * command and reply areas as they were when the command-speicific
792 - * handler started (in case it needs to decode anything again).
793 - * Call the async function, which builds the command-specific part
794 - * of the response. Finally, send the response and free the sr.
1054 + * If we agree to "go async", this should return STATUS_SUCCESS.
1055 + * Otherwise return STATUS_INSUFFICIENT_RESOURCES for this and
1056 + * all requests following this request. (See the comments re.
1057 + * "sticky" smb2_status values in smb2sr_work).
1058 + *
1059 + * Note: the Async ID we assign here is arbitrary, and need only
1060 + * be unique among pending async responses on this connection, so
1061 + * this just uses a modified messageID, which is already unique.
1062 + *
1063 + * Credits: All credit changes should happen via the interim
1064 + * responses, so we have to manage credits here. After this
1065 + * returns to smb2sr_work, the final replies for all these
1066 + * commands will have smb2_credit_response = smb2_credit_charge
1067 + * (meaning no further changes to the clients' credits).
795 1068 */
796 -void
797 -smb2sr_do_async(smb_request_t *sr)
1069 +uint32_t
1070 +smb2sr_go_async(smb_request_t *sr)
798 1071 {
799 - const smb_disp_entry_t *sdd;
800 - smb_disp_stats_t *sds;
801 - smb2_async_req_t *ar;
802 - int rc = 0;
1072 + smb_session_t *session;
1073 + smb_disp_stats_t *sds;
1074 + uint16_t cmd_idx;
1075 + int32_t saved_com_offset;
1076 + uint32_t saved_cmd_hdr;
1077 + uint16_t saved_cred_resp;
1078 + uint32_t saved_hdr_flags;
1079 + uint32_t saved_reply_hdr;
1080 + uint32_t msg_len;
1081 + boolean_t disconnect = B_FALSE;
803 1082
1083 + if (sr->smb2_async) {
1084 + /* already went async in some previous cmd. */
1085 + return (NT_STATUS_SUCCESS);
1086 + }
1087 + sr->smb2_async = B_TRUE;
1088 +
1089 + /* The "server" session always runs async. */
1090 + session = sr->session;
1091 + if (session->sock == NULL)
1092 + return (NT_STATUS_SUCCESS);
1093 +
1094 + sds = NULL;
1095 + saved_com_offset = sr->command.chain_offset;
1096 + saved_cmd_hdr = sr->smb2_cmd_hdr;
1097 + saved_cred_resp = sr->smb2_credit_response;
1098 + saved_hdr_flags = sr->smb2_hdr_flags;
1099 + saved_reply_hdr = sr->smb2_reply_hdr;
1100 +
804 1101 /*
805 - * Restore what smb2_decode_header found.
806 - * (In lieu of decoding it again.)
1102 + * The command-specific handler should not yet have put any
1103 + * data in the reply except for the (place holder) header.
807 1104 */
808 - ar = sr->sr_async_req;
809 - sr->smb2_cmd_hdr = ar->ar_cmd_hdr;
810 - sr->smb2_cmd_code = ar->ar_cmd_code;
811 - sr->smb2_hdr_flags = ar->ar_hdr_flags;
812 - sr->smb2_async_id = (uintptr_t)ar;
813 - sr->smb2_messageid = ar->ar_messageid;
814 - sr->smb_pid = ar->ar_pid;
815 - sr->smb_tid = ar->ar_tid;
816 - sr->smb_uid = ar->ar_uid;
817 - sr->smb2_status = 0;
1105 + if (sr->reply.chain_offset != sr->smb2_reply_hdr + SMB2_HDR_SIZE) {
1106 + ASSERT3U(sr->reply.chain_offset, ==,
1107 + sr->smb2_reply_hdr + SMB2_HDR_SIZE);
1108 + return (NT_STATUS_INTERNAL_ERROR);
1109 + }
818 1110
819 1111 /*
820 - * Async requests don't grant credits, because any credits
821 - * should have gone out with the interim reply.
822 - * An async reply goes alone (no next reply).
1112 + * Rewind to the start of the current header in both the
1113 + * command and reply bufers, so the loop below can just
1114 + * decode/encode just in every pass. This means the
1115 + * current command header is decoded again, but that
1116 + * avoids having to special-case the first loop pass.
823 1117 */
824 - sr->smb2_credit_response = 0;
825 - sr->smb2_next_reply = 0;
1118 + sr->command.chain_offset = sr->smb2_cmd_hdr;
1119 + sr->reply.chain_offset = sr->smb2_reply_hdr;
826 1120
827 1121 /*
828 - * Setup input mbuf_chain
1122 + * This command processing loop is a simplified version of
1123 + * smb2sr_work() that just puts an "interim response" for
1124 + * every command in the compound (NT_STATUS_PENDING).
829 1125 */
830 - ASSERT(ar->ar_cmd_len >= SMB2_HDR_SIZE);
831 - (void) MBC_SHADOW_CHAIN(&sr->smb_data, &sr->command,
832 - sr->smb2_cmd_hdr + SMB2_HDR_SIZE,
833 - ar->ar_cmd_len - SMB2_HDR_SIZE);
1126 +cmd_start:
1127 + sr->smb2_status = NT_STATUS_PENDING;
834 1128
835 1129 /*
836 - * Setup output mbuf_chain
1130 + * Decode the request header
837 1131 */
838 - MBC_FLUSH(&sr->reply);
839 - sr->smb2_reply_hdr = sr->reply.chain_offset;
840 - (void) smb2_encode_header(sr, B_FALSE);
1132 + sr->smb2_cmd_hdr = sr->command.chain_offset;
1133 + if ((smb2_decode_header(sr)) != 0) {
1134 + cmn_err(CE_WARN, "clnt %s bad SMB2 header",
1135 + session->ip_addr_str);
1136 + disconnect = B_TRUE;
1137 + goto cleanup;
1138 + }
1139 + sr->smb2_hdr_flags |= (SMB2_FLAGS_SERVER_TO_REDIR |
1140 + SMB2_FLAGS_ASYNC_COMMAND);
1141 + sr->smb2_async_id = SMB2_ASYNCID(sr);
841 1142
842 - VERIFY3U(sr->smb2_cmd_code, <, SMB2_INVALID_CMD);
843 - sdd = &smb2_disp_table[sr->smb2_cmd_code];
844 - sds = sr->session->s_server->sv_disp_stats2;
845 - sds = &sds[sr->smb2_cmd_code];
1143 + /*
1144 + * In case we bail out...
1145 + */
1146 + if (sr->smb2_credit_charge == 0)
1147 + sr->smb2_credit_charge = 1;
1148 + sr->smb2_credit_response = sr->smb2_credit_charge;
846 1149
847 1150 /*
848 - * Keep the UID, TID, ofile we have.
1151 + * Write a tentative reply header.
849 1152 */
850 - if ((sdd->sdt_flags & SDDF_SUPPRESS_UID) == 0 &&
851 - sr->uid_user == NULL) {
852 - smb2sr_put_error(sr, NT_STATUS_USER_SESSION_DELETED);
853 - goto cmd_done;
1153 + sr->smb2_next_reply = 0;
1154 + ASSERT((sr->reply.chain_offset & 7) == 0);
1155 + sr->smb2_reply_hdr = sr->reply.chain_offset;
1156 + if ((smb2_encode_header(sr, B_FALSE)) != 0) {
1157 + cmn_err(CE_WARN, "clnt %s excessive reply",
1158 + session->ip_addr_str);
1159 + disconnect = B_TRUE;
1160 + goto cleanup;
854 1161 }
855 - if ((sdd->sdt_flags & SDDF_SUPPRESS_TID) == 0 &&
856 - sr->tid_tree == NULL) {
857 - smb2sr_put_error(sr, NT_STATUS_NETWORK_NAME_DELETED);
858 - goto cmd_done;
1162 +
1163 + /*
1164 + * Figure out the length of data...
1165 + */
1166 + if (sr->smb2_next_command != 0) {
1167 + /* [MS-SMB2] says this is 8-byte aligned */
1168 + msg_len = sr->smb2_next_command;
1169 + if ((msg_len & 7) != 0 || (msg_len < SMB2_HDR_SIZE) ||
1170 + ((sr->smb2_cmd_hdr + msg_len) > sr->command.max_bytes)) {
1171 + cmn_err(CE_WARN, "clnt %s bad SMB2 next cmd",
1172 + session->ip_addr_str);
1173 + disconnect = B_TRUE;
1174 + goto cleanup;
1175 + }
1176 + } else {
1177 + msg_len = sr->command.max_bytes - sr->smb2_cmd_hdr;
859 1178 }
860 1179
861 1180 /*
862 - * Signature already verified
863 - * Credits handled...
1181 + * We just skip any data, so no shadow chain etc.
1182 + */
1183 + sr->command.chain_offset = sr->smb2_cmd_hdr + msg_len;
1184 + ASSERT(sr->command.chain_offset <= sr->command.max_bytes);
1185 +
1186 + /*
1187 + * Validate the commmand code...
1188 + */
1189 + if (sr->smb2_cmd_code < SMB2_INVALID_CMD)
1190 + cmd_idx = sr->smb2_cmd_code;
1191 + else
1192 + cmd_idx = SMB2_INVALID_CMD;
1193 + sds = &session->s_server->sv_disp_stats2[cmd_idx];
1194 +
1195 + /*
1196 + * Don't change (user, tree, file) because we want them
1197 + * exactly as they were when we entered. That also means
1198 + * we may not have the right user in sr->uid_user for
1199 + * signature checks, so leave that until smb2sr_work
1200 + * runs these commands "for real". Therefore, here
1201 + * we behave as if: (sr->uid_user == NULL)
1202 + */
1203 + sr->smb2_hdr_flags &= ~SMB2_FLAGS_SIGNED;
1204 +
1205 + /*
1206 + * Credit adjustments (decrease)
864 1207 *
865 - * Just call the async handler function.
1208 + * NOTE: interim responses are not signed.
1209 + * Any attacker can modify the credit grant
1210 + * in the response. Because of this property,
1211 + * it is no worse to assume the credit charge and grant
1212 + * are sane without verifying the signature,
1213 + * and that saves us a whole lot of work.
1214 + * If the credits WERE modified, we'll find out
1215 + * when we verify the signature later,
1216 + * which nullifies any changes caused here.
1217 + *
1218 + * Skip this on the first command, because the
1219 + * credit decrease was done by the caller.
866 1220 */
867 - rc = ar->ar_func(sr);
868 - if (rc != 0 && sr->smb2_status == 0)
869 - sr->smb2_status = NT_STATUS_INTERNAL_ERROR;
1221 + if (sr->smb2_cmd_hdr != saved_cmd_hdr) {
1222 + sr->smb2_credit_response = sr->smb2_credit_request;
1223 + if (sr->smb2_credit_request < sr->smb2_credit_charge) {
1224 + smb2_credit_decrease(sr);
1225 + }
1226 + }
870 1227
871 -cmd_done:
872 1228 /*
873 - * Pad the reply to align(8) if necessary.
1229 + * The real work: ... (would be here)
874 1230 */
875 - if (sr->reply.chain_offset & 7) {
876 - int padsz = 8 - (sr->reply.chain_offset & 7);
877 - (void) smb_mbc_encodef(&sr->reply, "#.", padsz);
1231 + smb2sr_put_error(sr, sr->smb2_status);
1232 +
1233 + /*
1234 + * Credit adjustments (increase)
1235 + */
1236 + if (sr->smb2_credit_request > sr->smb2_credit_charge) {
1237 + smb2_credit_increase(sr);
878 1238 }
879 - ASSERT((sr->reply.chain_offset & 7) == 0);
880 1239
1240 + /* cmd_done: label */
1241 +
881 1242 /*
882 - * Record some statistics: (just tx bytes here)
1243 + * Pad the reply to align(8) if there will be another.
1244 + * This (interim) reply uses compounding.
883 1245 */
884 - atomic_add_64(&sds->sdt_txb,
885 - (int64_t)(sr->reply.chain_offset - sr->smb2_reply_hdr));
1246 + if (sr->smb2_next_command != 0)
1247 + (void) smb_mbc_put_align(&sr->reply, 8);
886 1248
887 1249 /*
888 - * Overwrite the SMB2 header for the response of
889 - * this command (possibly part of a compound).
890 - * The call adds: SMB2_FLAGS_SERVER_TO_REDIR
1250 + * Record some statistics. Uses:
1251 + * rxb = command.chain_offset - smb2_cmd_hdr;
1252 + * txb = reply.chain_offset - smb2_reply_hdr;
1253 + * which at this point represent the current cmd/reply.
1254 + *
1255 + * Note: We're doing smb_latency_add_sample() for all
1256 + * remaining commands NOW, which means we won't include
1257 + * the async part of their work in latency statistics.
1258 + * That's intentional, as the async part of a command
1259 + * would otherwise skew our latency statistics.
891 1260 */
892 - (void) smb2_encode_header(sr, B_TRUE);
1261 + smb2_record_stats(sr, sds, B_FALSE);
893 1262
894 - if (sr->smb2_hdr_flags & SMB2_FLAGS_SIGNED)
895 - smb2_sign_reply(sr);
1263 + /*
1264 + * If there's a next command, figure out where it starts,
1265 + * and fill in the next header offset for the reply.
1266 + * Note: We sanity checked smb2_next_command above.
1267 + */
1268 + if (sr->smb2_next_command != 0) {
1269 + sr->command.chain_offset =
1270 + sr->smb2_cmd_hdr + sr->smb2_next_command;
1271 + sr->smb2_next_reply =
1272 + sr->reply.chain_offset - sr->smb2_reply_hdr;
1273 + } else {
1274 + ASSERT(sr->smb2_next_reply == 0);
1275 + }
896 1276
1277 + /*
1278 + * Overwrite the (now final) SMB2 header for this response.
1279 + */
1280 + (void) smb2_encode_header(sr, B_TRUE);
1281 +
1282 + /*
1283 + * Process whole compound before sending.
1284 + */
1285 + if (sr->smb2_next_command != 0)
1286 + goto cmd_start;
897 1287 smb2_send_reply(sr);
898 1288
1289 + ASSERT(!disconnect);
1290 +
1291 +cleanup:
899 1292 /*
900 - * Done. Unlink and free.
1293 + * Restore caller's command processing state.
901 1294 */
902 - sr->sr_async_req = NULL;
903 - kmem_free(ar, sizeof (*ar));
1295 + sr->smb2_cmd_hdr = saved_cmd_hdr;
1296 + sr->command.chain_offset = saved_cmd_hdr;
1297 + (void) smb2_decode_header(sr);
1298 + sr->command.chain_offset = saved_com_offset;
904 1299
905 - mutex_enter(&sr->sr_mutex);
906 - sr->sr_state = SMB_REQ_STATE_COMPLETED;
907 - mutex_exit(&sr->sr_mutex);
1300 + sr->smb2_credit_response = saved_cred_resp;
1301 + sr->smb2_hdr_flags = saved_hdr_flags;
1302 + sr->smb2_status = NT_STATUS_SUCCESS;
908 1303
909 - smb_request_free(sr);
1304 + /*
1305 + * In here, the "disconnect" flag just means we had an
1306 + * error decoding or encoding something. Rather than
1307 + * actually disconnect here, let's assume whatever
1308 + * problem we encountered will be seen by the caller
1309 + * as they continue processing the compound, and just
1310 + * restore everything and return an error.
1311 + */
1312 + if (disconnect) {
1313 + sr->smb2_async = B_FALSE;
1314 + sr->smb2_reply_hdr = saved_reply_hdr;
1315 + sr->reply.chain_offset = sr->smb2_reply_hdr;
1316 + (void) smb2_encode_header(sr, B_FALSE);
1317 + return (NT_STATUS_INVALID_PARAMETER);
1318 + }
1319 +
1320 + /*
1321 + * The compound reply buffer we sent is now gone.
1322 + * Setup a new reply buffer for the caller.
1323 + */
1324 + sr->smb2_hdr_flags |= SMB2_FLAGS_ASYNC_COMMAND;
1325 + sr->smb2_async_id = SMB2_ASYNCID(sr);
1326 + sr->smb2_next_reply = 0;
1327 + MBC_FLUSH(&sr->reply);
1328 + ASSERT(sr->reply.max_bytes == sr->session->reply_max_bytes);
1329 + ASSERT(sr->reply.chain_offset == 0);
1330 + sr->smb2_reply_hdr = 0;
1331 + (void) smb2_encode_header(sr, B_FALSE);
1332 +
1333 + return (NT_STATUS_SUCCESS);
910 1334 }
911 1335
912 -/*
913 - * In preparation for sending an "interim response", save
914 - * all the state we'll need to run an async command later,
915 - * and assign an "async id" for this (now async) command.
916 - * See [MS-SMB2] 3.3.4.2
917 - *
918 - * If more than one request in a compound request tries to
919 - * "go async", we can "say no". See [MS-SMB2] 3.3.4.2
920 - * If an operation would require asynchronous processing
921 - * but resources are constrained, the server MAY choose to
922 - * fail that operation with STATUS_INSUFFICIENT_RESOURCES.
923 - *
924 - * For simplicity, we further restrict the cases where we're
925 - * willing to "go async", and only allow the last command in a
926 - * compound to "go async". It happens that this is the only
927 - * case where we're actually asked to go async anyway. This
928 - * simplification also means there can be at most one command
929 - * in a compound that "goes async" (the last one).
930 - *
931 - * If we agree to "go async", this should return STATUS_PENDING.
932 - * Otherwise return STATUS_INSUFFICIENT_RESOURCES for this and
933 - * all requests following this request. (See the comments re.
934 - * "sticky" smb2_status values in smb2sr_work).
935 - *
936 - * Note: the Async ID we assign here is arbitrary, and need only
937 - * be unique among pending async responses on this connection, so
938 - * this just uses an object address as the Async ID.
939 - *
940 - * Also, the assigned worker is the ONLY thread using this
941 - * async request object (sr_async_req) so no locking.
942 - */
943 -uint32_t
944 -smb2sr_go_async(smb_request_t *sr,
945 - smb_sdrc_t (*async_func)(smb_request_t *))
1336 +int
1337 +smb3_decode_tform_header(smb_request_t *sr)
946 1338 {
947 - smb2_async_req_t *ar;
1339 + uint16_t flags;
1340 + int rc;
1341 + uint32_t protocolid;
948 1342
949 - if (sr->smb2_next_command != 0)
950 - return (NT_STATUS_INSUFFICIENT_RESOURCES);
1343 + rc = smb_mbc_decodef(
1344 + &sr->command, "l16c16cl..wq",
1345 + &protocolid, /* l */
1346 + sr->smb2_sig, /* 16c */
1347 + sr->nonce, /* 16c */
1348 + &sr->msgsize, /* l */
1349 + /* reserved .. */
1350 + &flags, /* w */
1351 + &sr->smb3_tform_ssnid); /* q */
1352 + if (rc)
1353 + return (rc);
951 1354
952 - ASSERT(sr->sr_async_req == NULL);
953 - ar = kmem_zalloc(sizeof (*ar), KM_SLEEP);
1355 + ASSERT3U(protocolid, ==, SMB3_ENCRYPTED_MAGIC);
954 1356
1357 + if (flags != 1) {
1358 +#ifdef DEBUG
1359 + cmn_err(CE_NOTE, "flags field not 1: %x", flags);
1360 +#endif
1361 + return (-1);
1362 + }
1363 +
955 1364 /*
956 - * Place an interim response in the compound reply.
957 - *
958 - * Turn on the "async" flag for both the (synchronous)
959 - * interim response and the (later) async response,
960 - * by storing that in flags before coping into ar.
961 - *
962 - * The "related" flag should always be off for the
963 - * async part because we're no longer operating on a
964 - * sequence of commands when we execute that.
1365 + * MsgSize is the amount of data the client tell us to decrypt.
1366 + * Make sure this value is not too big and not too small.
965 1367 */
966 - sr->smb2_hdr_flags |= SMB2_FLAGS_ASYNC_COMMAND;
967 - sr->smb2_async_id = (uintptr_t)ar;
1368 + if (sr->msgsize < SMB2_HDR_SIZE ||
1369 + sr->msgsize > sr->session->cmd_max_bytes ||
1370 + sr->msgsize > sr->command.max_bytes - SMB3_TFORM_HDR_SIZE)
1371 + return (-1);
968 1372
969 - ar->ar_func = async_func;
970 - ar->ar_cmd_hdr = sr->smb2_cmd_hdr;
971 - ar->ar_cmd_len = sr->smb_data.max_bytes - sr->smb2_cmd_hdr;
1373 + return (rc);
1374 +}
972 1375
973 - ar->ar_cmd_code = sr->smb2_cmd_code;
974 - ar->ar_hdr_flags = sr->smb2_hdr_flags &
975 - ~SMB2_FLAGS_RELATED_OPERATIONS;
976 - ar->ar_messageid = sr->smb2_messageid;
977 - ar->ar_pid = sr->smb_pid;
978 - ar->ar_tid = sr->smb_tid;
979 - ar->ar_uid = sr->smb_uid;
1376 +int
1377 +smb3_encode_tform_header(smb_request_t *sr, struct mbuf_chain *mbc)
1378 +{
1379 + int rc;
980 1380
981 - sr->sr_async_req = ar;
1381 + /* Signature and Nonce are added in smb3_encrypt_sr */
1382 + rc = smb_mbc_encodef(
1383 + mbc, "l32.lwwq",
1384 + SMB3_ENCRYPTED_MAGIC, /* l */
1385 + /* signature(16), nonce(16) 32. */
1386 + sr->msgsize, /* l */
1387 + 0, /* reserved w */
1388 + 1, /* flags w */
1389 + sr->smb3_tform_ssnid); /* q */
982 1390
983 - /* Interim responses are NOT signed. */
984 - sr->smb2_hdr_flags &= ~SMB2_FLAGS_SIGNED;
985 -
986 - return (NT_STATUS_PENDING);
1391 + return (rc);
987 1392 }
988 1393
989 1394 int
990 1395 smb2_decode_header(smb_request_t *sr)
991 1396 {
992 - uint64_t ssnid;
993 1397 uint32_t pid, tid;
994 1398 uint16_t hdr_len;
995 1399 int rc;
996 1400
997 1401 rc = smb_mbc_decodef(
998 1402 &sr->command, "Nwww..wwllqllq16c",
999 1403 &hdr_len, /* w */
1000 1404 &sr->smb2_credit_charge, /* w */
1001 1405 &sr->smb2_chan_seq, /* w */
1002 1406 /* reserved .. */
1003 1407 &sr->smb2_cmd_code, /* w */
1004 1408 &sr->smb2_credit_request, /* w */
1005 1409 &sr->smb2_hdr_flags, /* l */
1006 1410 &sr->smb2_next_command, /* l */
1007 1411 &sr->smb2_messageid, /* q */
1008 1412 &pid, /* l */
1009 1413 &tid, /* l */
1010 - &ssnid, /* q */
1414 + &sr->smb2_ssnid, /* q */
1011 1415 sr->smb2_sig); /* 16c */
1012 1416 if (rc)
1013 1417 return (rc);
1014 1418
1015 1419 if (hdr_len != SMB2_HDR_SIZE)
1016 1420 return (-1);
1017 1421
1018 - sr->smb_uid = (uint16_t)ssnid; /* XXX wide UIDs */
1019 -
1020 1422 if (sr->smb2_hdr_flags & SMB2_FLAGS_ASYNC_COMMAND) {
1021 1423 sr->smb2_async_id = pid |
1022 1424 ((uint64_t)tid) << 32;
1425 + sr->smb_pid = 0;
1426 + sr->smb_tid = 0;
1023 1427 } else {
1428 + sr->smb2_async_id = 0;
1024 1429 sr->smb_pid = pid;
1025 1430 sr->smb_tid = (uint16_t)tid; /* XXX wide TIDs */
1026 1431 }
1027 1432
1028 1433 return (rc);
1029 1434 }
1030 1435
1031 1436 int
1032 1437 smb2_encode_header(smb_request_t *sr, boolean_t overwrite)
1033 1438 {
1034 - uint64_t ssnid = sr->smb_uid;
1035 1439 uint64_t pid_tid_aid; /* pid+tid, or async id */
1036 - uint32_t reply_hdr_flags;
1037 1440 int rc;
1038 1441
1039 1442 if (sr->smb2_hdr_flags & SMB2_FLAGS_ASYNC_COMMAND) {
1040 1443 pid_tid_aid = sr->smb2_async_id;
1041 1444 } else {
1042 1445 pid_tid_aid = sr->smb_pid |
1043 1446 ((uint64_t)sr->smb_tid) << 32;
1044 1447 }
1045 - reply_hdr_flags = sr->smb2_hdr_flags | SMB2_FLAGS_SERVER_TO_REDIR;
1046 1448
1047 1449 if (overwrite) {
1048 1450 rc = smb_mbc_poke(&sr->reply,
1049 1451 sr->smb2_reply_hdr,
1050 1452 "Nwwlwwllqqq16c",
1051 1453 SMB2_HDR_SIZE, /* w */
1052 1454 sr->smb2_credit_charge, /* w */
1053 1455 sr->smb2_status, /* l */
1054 1456 sr->smb2_cmd_code, /* w */
1055 1457 sr->smb2_credit_response, /* w */
1056 - reply_hdr_flags, /* l */
1458 + sr->smb2_hdr_flags, /* l */
1057 1459 sr->smb2_next_reply, /* l */
1058 1460 sr->smb2_messageid, /* q */
1059 1461 pid_tid_aid, /* q */
1060 - ssnid, /* q */
1462 + sr->smb2_ssnid, /* q */
1061 1463 sr->smb2_sig); /* 16c */
1062 1464 } else {
1063 1465 rc = smb_mbc_encodef(&sr->reply,
1064 1466 "Nwwlwwllqqq16c",
1065 1467 SMB2_HDR_SIZE, /* w */
1066 1468 sr->smb2_credit_charge, /* w */
1067 1469 sr->smb2_status, /* l */
1068 1470 sr->smb2_cmd_code, /* w */
1069 1471 sr->smb2_credit_response, /* w */
1070 - reply_hdr_flags, /* l */
1472 + sr->smb2_hdr_flags, /* l */
1071 1473 sr->smb2_next_reply, /* l */
1072 1474 sr->smb2_messageid, /* q */
1073 1475 pid_tid_aid, /* q */
1074 - ssnid, /* q */
1476 + sr->smb2_ssnid, /* q */
1075 1477 sr->smb2_sig); /* 16c */
1076 1478 }
1077 1479
1078 1480 return (rc);
1079 1481 }
1080 1482
1081 1483 void
1082 1484 smb2_send_reply(smb_request_t *sr)
1083 1485 {
1486 + struct mbuf_chain enc_reply;
1487 + smb_session_t *session = sr->session;
1488 + void *tmpbuf;
1489 + size_t buflen;
1490 + struct mbuf_chain tmp;
1084 1491
1085 - if (smb_session_send(sr->session, 0, &sr->reply) == 0)
1086 - sr->reply.chain = 0;
1492 + /*
1493 + * [MS-SMB2] 3.3.4.1.4 Encrypting the Message
1494 + *
1495 + * When the connection supports encryption and the dialect
1496 + * is 3.x, encrypt if:
1497 + * - The request was encrypted OR
1498 + * - The cmd is not SESSION_SETUP or NEGOTIATE AND
1499 + * -- Session.EncryptData is TRUE OR
1500 + * -- The cmd is not TREE_CONNECT AND
1501 + * --- Tree.EncryptData is TRUE
1502 + *
1503 + * This boils down to sr->tform_ssn != NULL, and the rest
1504 + * is enforced when tform_ssn is set.
1505 + */
1506 +
1507 + if ((session->capabilities & SMB2_CAP_ENCRYPTION) == 0 ||
1508 + sr->tform_ssn == NULL) {
1509 + if (smb_session_send(sr->session, 0, &sr->reply) == 0)
1510 + sr->reply.chain = 0;
1511 + return;
1512 + }
1513 +
1514 + sr->msgsize = sr->reply.chain_offset;
1515 + (void) MBC_SHADOW_CHAIN(&tmp, &sr->reply,
1516 + 0, sr->msgsize);
1517 +
1518 + buflen = SMB3_TFORM_HDR_SIZE + sr->msgsize;
1519 +
1520 + /* taken from smb_request_init_command_mbuf */
1521 + tmpbuf = kmem_alloc(buflen, KM_SLEEP);
1522 + MBC_ATTACH_BUF(&enc_reply, tmpbuf, buflen);
1523 + enc_reply.flags = 0;
1524 + enc_reply.shadow_of = NULL;
1525 +
1526 + if (smb3_encode_tform_header(sr, &enc_reply) != 0) {
1527 + cmn_err(CE_WARN, "couldn't encode transform header");
1528 + goto errout;
1529 + }
1530 + if (smb3_encrypt_sr(sr, &tmp, &enc_reply) != 0) {
1531 + cmn_err(CE_WARN, "smb3 encryption failed");
1532 + goto errout;
1533 + }
1534 +
1535 + if (smb_session_send(sr->session, 0, &enc_reply) == 0)
1536 + enc_reply.chain = 0;
1537 + return;
1538 +
1539 +errout:
1540 + kmem_free(tmpbuf, buflen);
1541 + smb_session_disconnect(sr->session);
1087 1542 }
1088 1543
1089 1544 /*
1090 1545 * This wrapper function exists to help catch calls to smbsr_status()
1091 1546 * (which is SMB1-specific) in common code. See smbsr_status().
1092 1547 * If the log message below is seen, put a dtrace probe on this
1093 1548 * function with a stack() action to see who is calling the SMB1
1094 1549 * "put error" from common code, and fix it.
1095 1550 */
1096 1551 void
1097 1552 smbsr_status_smb2(smb_request_t *sr, DWORD status)
1098 1553 {
1099 1554 const char *name;
1100 1555
1101 1556 if (sr->smb2_cmd_code < SMB2__NCMDS)
1102 1557 name = smb2_disp_table[sr->smb2_cmd_code].sdt_name;
1103 1558 else
1104 1559 name = "<unknown>";
1105 1560 #ifdef DEBUG
1106 1561 cmn_err(CE_NOTE, "smbsr_status called for %s", name);
1107 1562 #endif
1108 1563
1109 1564 smb2sr_put_error_data(sr, status, NULL);
1110 1565 }
1111 1566
1112 1567 void
1113 1568 smb2sr_put_errno(struct smb_request *sr, int errnum)
1114 1569 {
1115 1570 uint32_t status = smb_errno2status(errnum);
1116 1571 smb2sr_put_error_data(sr, status, NULL);
1117 1572 }
1118 1573
1119 1574 void
1120 1575 smb2sr_put_error(smb_request_t *sr, uint32_t status)
1121 1576 {
1122 1577 smb2sr_put_error_data(sr, status, NULL);
1123 1578 }
1124 1579
1125 1580 /*
1126 1581 * Build an SMB2 error response. [MS-SMB2] 2.2.2
1127 1582 */
1128 1583 void
1129 1584 smb2sr_put_error_data(smb_request_t *sr, uint32_t status, mbuf_chain_t *mbc)
1130 1585 {
1131 1586 DWORD len;
1132 1587
1133 1588 /*
1134 1589 * The common dispatch code writes this when it
1135 1590 * updates the SMB2 header before sending.
1136 1591 */
1137 1592 sr->smb2_status = status;
1138 1593
1139 1594 /* Rewind to the end of the SMB header. */
1140 1595 sr->reply.chain_offset = sr->smb2_reply_hdr + SMB2_HDR_SIZE;
1141 1596
1142 1597 /*
1143 1598 * NB: Must provide at least one byte of error data,
1144 1599 * per [MS-SMB2] 2.2.2
1145 1600 */
1146 1601 if (mbc != NULL && (len = MBC_LENGTH(mbc)) != 0) {
1147 1602 (void) smb_mbc_encodef(
1148 1603 &sr->reply,
1149 1604 "wwlC",
1150 1605 9, /* StructSize */ /* w */
1151 1606 0, /* reserved */ /* w */
1152 1607 len, /* l */
1153 1608 mbc); /* C */
1154 1609 } else {
1155 1610 (void) smb_mbc_encodef(
1156 1611 &sr->reply,
1157 1612 "wwl.",
1158 1613 9, /* StructSize */ /* w */
1159 1614 0, /* reserved */ /* w */
1160 1615 0); /* l. */
1161 1616 }
1162 1617 }
1163 1618
1164 1619 /*
1165 1620 * smb2sr_lookup_fid
1166 1621 *
1167 1622 * Setup sr->fid_ofile, either inherited from a related command,
1168 1623 * or obtained via FID lookup. Similar inheritance logic as in
1169 1624 * smb2sr_work.
1170 1625 */
1171 1626 uint32_t
1172 1627 smb2sr_lookup_fid(smb_request_t *sr, smb2fid_t *fid)
1173 1628 {
1174 1629 boolean_t related = sr->smb2_hdr_flags &
1175 1630 SMB2_FLAGS_RELATED_OPERATIONS;
1176 1631
1177 1632 if (related) {
1178 1633 if (sr->fid_ofile == NULL)
1179 1634 return (NT_STATUS_INVALID_PARAMETER);
1180 1635 sr->smb_fid = sr->fid_ofile->f_fid;
1181 1636 return (0);
1182 1637 }
1183 1638
|
↓ open down ↓ |
87 lines elided |
↑ open up ↑ |
1184 1639 /*
1185 1640 * If we could be sure this is called only once per cmd,
1186 1641 * we could simply ASSERT(sr->fid_ofile == NULL) here.
1187 1642 * However, there are cases where it can be called again
1188 1643 * handling the same command, so let's tolerate that.
1189 1644 */
1190 1645 if (sr->fid_ofile == NULL) {
1191 1646 sr->smb_fid = (uint16_t)fid->temporal;
1192 1647 sr->fid_ofile = smb_ofile_lookup_by_fid(sr, sr->smb_fid);
1193 1648 }
1194 - if (sr->fid_ofile == NULL)
1649 + if (sr->fid_ofile == NULL ||
1650 + sr->fid_ofile->f_persistid != fid->persistent)
1195 1651 return (NT_STATUS_FILE_CLOSED);
1196 1652
1197 1653 return (0);
1198 1654 }
1199 1655
1200 1656 /*
1201 1657 * smb2_dispatch_stats_init
1202 1658 *
1203 1659 * Initializes dispatch statistics for SMB2.
1204 1660 * See also smb_dispatch_stats_init(), which fills in
1205 1661 * the lower part of the statistics array, from zero
1206 1662 * through SMB_COM_NUM;
1207 1663 */
1208 1664 void
1209 1665 smb2_dispatch_stats_init(smb_server_t *sv)
1210 1666 {
1211 1667 smb_disp_stats_t *sds = sv->sv_disp_stats2;
1212 1668 smb_kstat_req_t *ksr;
1213 1669 int i;
1214 1670
1215 1671 ksr = ((smbsrv_kstats_t *)sv->sv_ksp->ks_data)->ks_reqs2;
1216 1672
1217 1673 for (i = 0; i < SMB2__NCMDS; i++, ksr++) {
1218 1674 smb_latency_init(&sds[i].sdt_lat);
1219 1675 (void) strlcpy(ksr->kr_name, smb2_disp_table[i].sdt_name,
1220 1676 sizeof (ksr->kr_name));
1221 1677 }
1222 1678 }
1223 1679
1224 1680 /*
1225 1681 * smb2_dispatch_stats_fini
1226 1682 *
1227 1683 * Frees and destroyes the resources used for statistics.
1228 1684 */
1229 1685 void
1230 1686 smb2_dispatch_stats_fini(smb_server_t *sv)
1231 1687 {
1232 1688 smb_disp_stats_t *sds = sv->sv_disp_stats2;
1233 1689 int i;
1234 1690
1235 1691 for (i = 0; i < SMB2__NCMDS; i++)
1236 1692 smb_latency_destroy(&sds[i].sdt_lat);
1237 1693 }
1238 1694
1239 1695 void
1240 1696 smb2_dispatch_stats_update(smb_server_t *sv,
1241 1697 smb_kstat_req_t *ksr, int first, int nreq)
1242 1698 {
1243 1699 smb_disp_stats_t *sds = sv->sv_disp_stats2;
1244 1700 int i;
1245 1701 int last;
1246 1702
1247 1703 last = first + nreq - 1;
1248 1704
1249 1705 if ((first < SMB2__NCMDS) && (last < SMB2__NCMDS)) {
1250 1706 for (i = first; i <= last; i++, ksr++) {
1251 1707 ksr->kr_rxb = sds[i].sdt_rxb;
1252 1708 ksr->kr_txb = sds[i].sdt_txb;
1253 1709 mutex_enter(&sds[i].sdt_lat.ly_mutex);
1254 1710 ksr->kr_nreq = sds[i].sdt_lat.ly_a_nreq;
1255 1711 ksr->kr_sum = sds[i].sdt_lat.ly_a_sum;
1256 1712 ksr->kr_a_mean = sds[i].sdt_lat.ly_a_mean;
1257 1713 ksr->kr_a_stddev =
1258 1714 sds[i].sdt_lat.ly_a_stddev;
1259 1715 ksr->kr_d_mean = sds[i].sdt_lat.ly_d_mean;
|
↓ open down ↓ |
55 lines elided |
↑ open up ↑ |
1260 1716 ksr->kr_d_stddev =
1261 1717 sds[i].sdt_lat.ly_d_stddev;
1262 1718 sds[i].sdt_lat.ly_d_mean = 0;
1263 1719 sds[i].sdt_lat.ly_d_nreq = 0;
1264 1720 sds[i].sdt_lat.ly_d_stddev = 0;
1265 1721 sds[i].sdt_lat.ly_d_sum = 0;
1266 1722 mutex_exit(&sds[i].sdt_lat.ly_mutex);
1267 1723 }
1268 1724 }
1269 1725 }
1726 +
1727 +/*
1728 + * Append new_sr to the postwork queue. sr->smb2_cmd_code encodes
1729 + * the action that should be run by this sr.
1730 + *
1731 + * This queue is rarely used (and normally empty) so we're OK
1732 + * using a simple "walk to tail and insert" here.
1733 + */
1734 +void
1735 +smb2sr_append_postwork(smb_request_t *top_sr, smb_request_t *new_sr)
1736 +{
1737 + smb_request_t *last_sr;
1738 +
1739 + ASSERT(top_sr->session->dialect >= SMB_VERS_2_BASE);
1740 +
1741 + last_sr = top_sr;
1742 + while (last_sr->sr_postwork != NULL)
1743 + last_sr = last_sr->sr_postwork;
1744 +
1745 + last_sr->sr_postwork = new_sr;
1746 +}
1747 +
1748 +/*
1749 + * Run any "post work" that was appended to the main SR while it
1750 + * was running. This is called after the request has been sent
1751 + * for the main SR, and used in cases i.e. the oplock code, where
1752 + * we need to send something to the client only _after_ the main
1753 + * sr request has gone out.
1754 + */
1755 +static void
1756 +smb2sr_run_postwork(smb_request_t *top_sr)
1757 +{
1758 + smb_request_t *post_sr; /* the one we're running */
1759 + smb_request_t *next_sr;
1760 +
1761 + while ((post_sr = top_sr->sr_postwork) != NULL) {
1762 + next_sr = post_sr->sr_postwork;
1763 + top_sr->sr_postwork = next_sr;
1764 + post_sr->sr_postwork = NULL;
1765 +
1766 + post_sr->sr_worker = top_sr->sr_worker;
1767 + post_sr->sr_state = SMB_REQ_STATE_ACTIVE;
1768 +
1769 + switch (post_sr->smb2_cmd_code) {
1770 + case SMB2_OPLOCK_BREAK:
1771 + smb_oplock_send_brk(post_sr);
1772 + break;
1773 + default:
1774 + ASSERT(0);
1775 + }
1776 +
1777 + /*
1778 + * If we have a durable handle, and this operation
1779 + * updated the nvlist, write it out.
1780 + */
1781 + if (post_sr->dh_nvl_dirty) {
1782 + post_sr->dh_nvl_dirty = B_FALSE;
1783 + smb2_dh_update_nvfile(post_sr);
1784 + }
1785 +
1786 + post_sr->sr_state = SMB_REQ_STATE_COMPLETED;
1787 + smb_request_free(post_sr);
1788 + }
1789 +}
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX