1 /*
2 * This file and its contents are supplied under the terms of the
3 * Common Development and Distribution License ("CDDL"), version 1.0.
4 * You may only use this file in accordance with the terms of version
5 * 1.0 of the CDDL.
6 *
7 * A full copy of the text of the CDDL should have accompanied this
8 * source. A copy of the CDDL is also available via the Internet at
9 * http://www.illumos.org/license/CDDL.
10 */
11
12 /*
13 * Copyright 2018 Nexenta Systems, Inc. All rights reserved.
14 */
15
16 /*
17 * SMB2 Durable Handle support
18 */
19
20 #include <sys/types.h>
21 #include <sys/cmn_err.h>
22 #include <sys/fcntl.h>
23 #include <sys/nbmlock.h>
24 #include <sys/sid.h>
25 #include <smbsrv/string.h>
26 #include <smbsrv/smb_kproto.h>
27 #include <smbsrv/smb_fsops.h>
28 #include <smbsrv/smbinfo.h>
29 #include <smbsrv/smb2_kproto.h>
30
31 /* Windows default values from [MS-SMB2] */
32 /*
33 * (times in seconds)
34 * resilient:
35 * MaxTimeout = 300 (win7+)
36 * if timeout > MaxTimeout, ERROR
37 * if timeout != 0, timeout = req.timeout
38 * if timeout == 0, timeout = (infinity) (Win7/w2k8r2)
39 * if timeout == 0, timeout = 120 (Win8+)
40 * v2:
41 * if timeout != 0, timeout = MIN(timeout, 300) (spec)
42 * if timeout != 0, timeout = timeout (win8/2k12)
43 * if timeout == 0, timeout = Share.CATimeout. \
44 * if Share.CATimeout == 0, timeout = 60 (win8/w2k12)
45 * if timeout == 0, timeout = 180 (win8.1/w2k12r2)
46 * open.timeout = 60 (win8/w2k12r2) (i.e. we ignore the request)
47 * v1:
48 * open.timeout = 16 minutes
49 */
50
51 uint32_t smb2_dh_def_timeout = 60 * MILLISEC; /* mSec. */
52 uint32_t smb2_dh_max_timeout = 300 * MILLISEC; /* mSec. */
53
54 uint32_t smb2_res_def_timeout = 120 * MILLISEC; /* mSec. */
55 uint32_t smb2_res_max_timeout = 300 * MILLISEC; /* mSec. */
56
57 uint32_t smb2_persist_timeout = 300 * MILLISEC; /* mSec. */
58
59 /* Max. size of the file used to store a CA handle. */
60 static uint32_t smb2_dh_max_cah_size = 64 * 1024;
61 static uint32_t smb2_ca_info_version = 1;
62
63 /*
64 * Want this to have invariant layout on disk, where the
65 * last two uint32_t values are stored as a uint64_t
66 */
67 struct nvlk {
68 uint64_t lk_start;
69 uint64_t lk_len;
70 /* (lk_pid << 32) | lk_type */
71 #ifdef _BIG_ENDIAN
72 uint32_t lk_pid, lk_type;
73 #else
74 uint32_t lk_type, lk_pid;
75 #endif
76 };
77
78 static void smb2_dh_import_share(void *);
79 static smb_ofile_t *smb2_dh_import_handle(smb_request_t *, smb_node_t *,
80 uint64_t);
81 static int smb2_dh_read_nvlist(smb_request_t *, smb_node_t *, struct nvlist **);
82 static int smb2_dh_import_cred(smb_ofile_t *, char *);
83
84 #define DH_SN_SIZE 24 /* size of DH stream name buffers */
85 /*
86 * Build the stream name used to store a CA handle.
87 * i.e. ":0123456789abcdef:$CA"
88 * Note: smb_fsop_create adds the SUNWsmb prefix,
89 * so we compose the name without the prefix.
90 */
91 static inline void
92 smb2_dh_make_stream_name(char *buf, size_t buflen, uint64_t id)
93 {
94 ASSERT(buflen >= DH_SN_SIZE);
95 (void) snprintf(buf, buflen,
96 ":%016" PRIx64 ":$CA", id);
97 }
98
99 /*
100 * smb_dh_should_save
101 *
102 * During session tear-down, decide whether to keep a durable handle.
103 *
104 * There are two cases where we save durable handles:
105 * 1. An SMB2 LOGOFF request was received
106 * 2. An unexpected disconnect from the client
107 * Note: Specifying a PrevSessionID in session setup
108 * is considered a disconnect (we just haven't learned about it yet)
109 * In every other case, we close durable handles.
110 *
111 * [MS-SMB2] 3.3.5.6 SMB2_LOGOFF
112 * [MS-SMB2] 3.3.7.1 Handling Loss of a Connection
113 *
114 * If any of the following are true, preserve for reconnect:
115 *
116 * - Open.IsResilient is TRUE.
117 *
118 * - Open.OplockLevel == SMB2_OPLOCK_LEVEL_BATCH and
119 * Open.OplockState == Held, and Open.IsDurable is TRUE.
120 *
121 * - Open.OplockLevel == SMB2_OPLOCK_LEVEL_LEASE,
122 * Lease.LeaseState SMB2_LEASE_HANDLE_CACHING,
123 * Open.OplockState == Held, and Open.IsDurable is TRUE.
124 *
125 * - Open.IsPersistent is TRUE.
126 *
127 * We also deal with some special cases for shutdown of the
128 * server, session, user, tree (in that order). Other than
129 * the cases above, shutdown (or forced termination) should
130 * destroy durable handles.
131 */
132 boolean_t
133 smb_dh_should_save(smb_ofile_t *of)
134 {
135 ASSERT(MUTEX_HELD(&of->f_mutex));
136 ASSERT(of->dh_vers != SMB2_NOT_DURABLE);
137
138 /* SMB service shutting down, destroy DH */
139 if (of->f_server->sv_state == SMB_SERVER_STATE_STOPPING)
140 return (B_FALSE);
141
142 /*
143 * SMB Session (connection) going away (server up).
144 * If server initiated disconnect, destroy DH
145 * If client initiated disconnect, save all DH.
146 */
147 if (of->f_session->s_state == SMB_SESSION_STATE_TERMINATED)
148 return (B_FALSE);
149 if (of->f_session->s_state == SMB_SESSION_STATE_DISCONNECTED)
150 return (B_TRUE);
151
152 /*
153 * SMB User logoff, session still "up".
154 * Action depends on why/how this logoff happened,
155 * determined based on user->preserve_opens
156 */
157 if (of->f_user->u_state == SMB_USER_STATE_LOGGING_OFF) {
158 switch (of->f_user->preserve_opens) {
159 case SMB2_DH_PRESERVE_NONE:
160 /* Server-initiated */
161 return (B_FALSE);
162 case SMB2_DH_PRESERVE_SOME:
163 /* Previous session logoff. */
164 goto preserve_some;
165 case SMB2_DH_PRESERVE_ALL:
166 /* Protocol logoff request */
167 return (B_TRUE);
168 }
169 }
170
171 /*
172 * SMB tree disconnecting (user still logged on)
173 * i.e. when kshare export forces disconnection.
174 */
175 if (of->f_tree->t_state == SMB_TREE_STATE_DISCONNECTING)
176 return (B_FALSE);
177
178 preserve_some:
179 /* preserve_opens == SMB2_DH_PRESERVE_SOME */
180
181 switch (of->dh_vers) {
182 case SMB2_RESILIENT:
183 return (B_TRUE);
184
185 case SMB2_DURABLE_V2:
186 if (of->dh_persist)
187 return (B_TRUE);
188 /* FALLTHROUGH */
189 case SMB2_DURABLE_V1:
190 /* IS durable (v1 or v2) */
191 if ((of->f_oplock.og_state & (OPLOCK_LEVEL_BATCH |
192 OPLOCK_LEVEL_CACHE_HANDLE)) != 0)
193 return (B_TRUE);
194 /* FALLTHROUGH */
195 case SMB2_NOT_DURABLE:
196 default:
197 break;
198 }
199
200 return (B_FALSE);
201 }
202
203 /*
204 * Is this stream name a CA handle? i.e.
205 * ":0123456789abcdef:$CA"
206 */
207 static boolean_t
208 smb2_dh_match_ca_name(const char *name, uint64_t *idp)
209 {
210 static const char suffix[] = ":$CA";
211 u_longlong_t ull;
212 const char *p = name;
213 char *p2 = NULL;
214 int len, rc;
215
216 if (*p++ != ':')
217 return (B_FALSE);
218
219 rc = ddi_strtoull(p, &p2, 16, &ull);
220 if (rc != 0 || p2 != (p + 16))
221 return (B_FALSE);
222 p += 16;
223
224 len = sizeof (suffix) - 1;
225 if (strncmp(p, suffix, len) != 0)
226 return (B_FALSE);
227 p += len;
228
229 if (*p != '\0')
230 return (B_FALSE);
231
232 *idp = (uint64_t)ull;
233 return (B_TRUE);
234 }
235
236 /*
237 * smb2_dh_new_ca_share
238 *
239 * Called when a new share has ca=true. Find or create the CA dir,
240 * and start a thread to import persistent handles.
241 */
242 int
243 smb2_dh_new_ca_share(smb_server_t *sv, smb_kshare_t *shr)
244 {
245 smb_kshare_t *shr2;
246 smb_request_t *sr;
247
248 ASSERT(STYPE_ISDSK(shr->shr_type));
249
250 /*
251 * Need to lookup the kshare again, to get a hold.
252 * Add a function to just get the hold?
253 */
254 shr2 = smb_kshare_lookup(sv, shr->shr_name);
255 if (shr2 != shr)
256 return (EINVAL);
257
258 sr = smb_request_alloc(sv->sv_session, 0);
259 if (sr == NULL) {
260 /* shutting down? */
261 smb_kshare_release(sv, shr);
262 return (EINTR);
263 }
264 sr->sr_state = SMB_REQ_STATE_SUBMITTED;
265
266 /*
267 * Mark this share as "busy importing persistent handles"
268 * so we can hold off tree connect until that's done.
269 * Will clear and wakeup below.
270 */
271 mutex_enter(&shr->shr_mutex);
272 shr->shr_import_busy = sr;
273 mutex_exit(&shr->shr_mutex);
274
275 /*
276 * Start a taskq job to import any CA handles.
277 * The hold on the kshare is given to this job,
278 * which releases it when it's done.
279 */
280 sr->arg.tcon.si = shr; /* hold from above */
281 (void) taskq_dispatch(
282 sv->sv_worker_pool,
283 smb2_dh_import_share, sr, TQ_SLEEP);
284
285 return (0);
286 }
287
288 int smb2_dh_import_delay = 0;
289
290 static void
291 smb2_dh_import_share(void *arg)
292 {
293 smb_request_t *sr = arg;
294 smb_kshare_t *shr = sr->arg.tcon.si;
295 smb_node_t *snode;
296 cred_t *kcr = zone_kcred();
297 smb_streaminfo_t *str_info = NULL;
298 uint64_t id;
299 smb_node_t *str_node;
300 smb_odir_t *od = NULL;
301 smb_ofile_t *of;
302 int rc;
303 boolean_t eof;
304
305 sr->sr_state = SMB_REQ_STATE_ACTIVE;
306
307 if (smb2_dh_import_delay > 0)
308 delay(SEC_TO_TICK(smb2_dh_import_delay));
309
310 /*
311 * Borrow the server's "root" user.
312 *
313 * This takes the place of smb_session_lookup_ssnid()
314 * that would happen in smb2_dispatch for a normal SR.
315 * As usual, this hold is released in smb_request_free.
316 */
317 sr->uid_user = sr->sr_server->sv_rootuser;
318 smb_user_hold_internal(sr->uid_user);
319 sr->user_cr = sr->uid_user->u_cred;
320
321 /*
322 * Create a temporary tree connect
323 */
324 sr->arg.tcon.path = shr->shr_name;
325 sr->tid_tree = smb_tree_alloc(sr, shr, shr->shr_root_node,
326 ACE_ALL_PERMS, 0);
327 if (sr->tid_tree == NULL) {
328 cmn_err(CE_NOTE, "smb2_dh_import_share: "
329 "failed connect share <%s>", shr->shr_name);
330 goto out;
331 }
332 snode = sr->tid_tree->t_snode;
333
334 /*
335 * Get the buffers we'll use to read CA handle data.
336 * Stash in sr_request_buf for smb2_dh_import_handle().
337 * Also a buffer for the stream name info.
338 */
339 sr->sr_req_length = smb2_dh_max_cah_size;
340 sr->sr_request_buf = kmem_alloc(sr->sr_req_length, KM_SLEEP);
341 str_info = kmem_alloc(sizeof (smb_streaminfo_t), KM_SLEEP);
342
343 /*
344 * Open the ext. attr dir under the share root and
345 * import CA handles for this share.
346 */
347 if (smb_odir_openat(sr, snode, &od) != 0) {
348 cmn_err(CE_NOTE, "Share [%s] CA import, no xattr dir?",
349 shr->shr_name);
350 goto out;
351 }
352
353 eof = B_FALSE;
354 do {
355 /*
356 * If the kshare gets unshared before we finish,
357 * bail out so we don't hold things up.
358 */
359 if (shr->shr_flags & SMB_SHRF_REMOVED)
360 break;
361
362 /*
363 * Read a stream name and info
364 */
365 rc = smb_odir_read_streaminfo(sr, od, str_info, &eof);
366 if ((rc != 0) || (eof))
367 break;
368
369 /*
370 * Skip anything not a CA handle.
371 */
372 if (!smb2_dh_match_ca_name(str_info->si_name, &id)) {
373 continue;
374 }
375
376 /*
377 * Lookup stream node and import
378 */
379 str_node = NULL;
380 rc = smb_fsop_lookup_name(sr, kcr, SMB_CASE_SENSITIVE,
381 snode, snode, str_info->si_name, &str_node);
382 if (rc != 0) {
383 cmn_err(CE_NOTE, "Share [%s] CA import, "
384 "lookup <%s> failed rc=%d",
385 shr->shr_name, str_info->si_name, rc);
386 continue;
387 }
388 of = smb2_dh_import_handle(sr, str_node, id);
389 smb_node_release(str_node);
390 if (of != NULL) {
391 smb_ofile_release(of);
392 of = NULL;
393 }
394 sr->fid_ofile = NULL;
395
396 } while (!eof);
397
398 out:
399 if (od) {
400 smb_odir_close(od);
401 smb_odir_release(od);
402 }
403
404 if (str_info != NULL)
405 kmem_free(str_info, sizeof (smb_streaminfo_t));
406 /* Let smb_request_free clean up sr->sr_request_buf */
407
408 /*
409 * We did a (temporary, internal) tree connect above,
410 * which we need to undo before we return. Note that
411 * smb_request_free will do the final release of
412 * sr->tid_tree, sr->uid_user
413 */
414 if (sr->tid_tree != NULL)
415 smb_tree_disconnect(sr->tid_tree, B_FALSE);
416
417 /*
418 * Wake up any waiting tree connect(s).
419 * See smb_tree_connect_disk().
420 */
421 mutex_enter(&shr->shr_mutex);
422 shr->shr_import_busy = NULL;
423 cv_broadcast(&shr->shr_cv);
424 mutex_exit(&shr->shr_mutex);
425
426 smb_kshare_release(sr->sr_server, shr);
427 smb_request_free(sr);
428 }
429
430 /*
431 * This returns the new ofile mostly for dtrace.
432 */
433 static smb_ofile_t *
434 smb2_dh_import_handle(smb_request_t *sr, smb_node_t *str_node,
435 uint64_t persist_id)
436 {
437 uint8_t client_uuid[UUID_LEN];
438 smb_tree_t *tree = sr->tid_tree;
439 smb_arg_open_t *op = &sr->arg.open;
440 smb_pathname_t *pn = &op->fqi.fq_path;
441 cred_t *kcr = zone_kcred();
442 struct nvlist *nvl = NULL;
443 char *sidstr = NULL;
444 smb_ofile_t *of = NULL;
445 smb_attr_t *pa;
446 boolean_t did_open = B_FALSE;
447 boolean_t have_lease = B_FALSE;
448 hrtime_t hrt;
449 uint64_t *u64p;
450 uint64_t u64;
451 uint32_t u32;
452 uint32_t status;
453 char *s;
454 uint8_t *u8p;
455 uint_t alen;
456 int rc;
457
458 /*
459 * While we're called with arg.tcon, we now want to use
460 * smb_arg_open for the rest of import, so clear it.
461 */
462 bzero(op, sizeof (*op));
463 op->create_disposition = FILE_OPEN;
464
465 /*
466 * Read and unpack the NVL
467 */
468 rc = smb2_dh_read_nvlist(sr, str_node, &nvl);
469 if (rc != 0)
470 return (NULL);
471
472 /*
473 * Known CA info version?
474 */
475 u32 = 0;
476 rc = nvlist_lookup_uint32(nvl, "info_version", &u32);
477 if (rc != 0 || u32 != smb2_ca_info_version) {
478 cmn_err(CE_NOTE, "CA import (%s/%s) bad vers=%d",
479 tree->t_resource, str_node->od_name, u32);
480 goto errout;
481 }
482
483 /*
484 * The persist ID in the nvlist should match the one
485 * encoded in the file name. (not enforced)
486 */
487 u64 = 0;
488 rc = nvlist_lookup_uint64(nvl, "file_persistid", &u64);
489 if (rc != 0 || u64 != persist_id) {
490 cmn_err(CE_WARN, "CA import (%s/%s) bad id=%016" PRIx64,
491 tree->t_resource, str_node->od_name, u64);
492 /* goto errout? (allow) */
493 }
494
495 /*
496 * Does it belong in the share being imported?
497 */
498 s = NULL;
499 rc = nvlist_lookup_string(nvl, "share_name", &s);
500 if (rc != 0) {
501 cmn_err(CE_NOTE, "CA import (%s/%s) no share_name",
502 tree->t_resource, str_node->od_name);
503 goto errout;
504 }
505 if (smb_strcasecmp(s, tree->t_sharename, 0) != 0) {
506 /* Normal (not an error) */
507 #ifdef DEBUG
508 cmn_err(CE_NOTE, "CA import (%s/%s) other share",
509 tree->t_resource, str_node->od_name);
510 #endif
511 goto errout;
512 }
513
514 /*
515 * Get the path name (for lookup)
516 */
517 rc = nvlist_lookup_string(nvl, "path_name", &pn->pn_path);
518 if (rc != 0) {
519 cmn_err(CE_NOTE, "CA import (%s/%s) no path_name",
520 tree->t_resource, str_node->od_name);
521 goto errout;
522 }
523
524 /*
525 * owner sid
526 */
527 rc = nvlist_lookup_string(nvl, "owner_sid", &sidstr);
528 if (rc != 0) {
529 cmn_err(CE_NOTE, "CA import (%s/%s) no owner_sid",
530 tree->t_resource, str_node->od_name);
531 goto errout;
532 }
533
534 /*
535 * granted access
536 */
537 rc = nvlist_lookup_uint32(nvl,
538 "granted_access", &op->desired_access);
539 if (rc != 0) {
540 cmn_err(CE_NOTE, "CA import (%s/%s) no granted_access",
541 tree->t_resource, str_node->od_name);
542 goto errout;
543 }
544
545 /*
546 * share access
547 */
548 rc = nvlist_lookup_uint32(nvl,
549 "share_access", &op->share_access);
550 if (rc != 0) {
551 cmn_err(CE_NOTE, "CA import (%s/%s) no share_access",
552 tree->t_resource, str_node->od_name);
553 goto errout;
554 }
555
556 /*
557 * create options
558 */
559 rc = nvlist_lookup_uint32(nvl,
560 "create_options", &op->create_options);
561 if (rc != 0) {
562 cmn_err(CE_NOTE, "CA import (%s/%s) no create_options",
563 tree->t_resource, str_node->od_name);
564 goto errout;
565 }
566
567 /*
568 * create guid (client-assigned)
569 */
570 alen = UUID_LEN;
571 u8p = NULL;
572 rc = nvlist_lookup_uint8_array(nvl, "file_guid", &u8p, &alen);
573 if (rc != 0 || alen != UUID_LEN) {
574 cmn_err(CE_NOTE, "CA import (%s/%s) bad file_guid",
575 tree->t_resource, str_node->od_name);
576 goto errout;
577 }
578 bcopy(u8p, op->create_guid, UUID_LEN);
579
580 /*
581 * client uuid (identifies the client)
582 */
583 alen = UUID_LEN;
584 u8p = NULL;
585 rc = nvlist_lookup_uint8_array(nvl, "client_uuid", &u8p, &alen);
586 if (rc != 0 || alen != UUID_LEN) {
587 cmn_err(CE_NOTE, "CA import (%s/%s) no client_uuid",
588 tree->t_resource, str_node->od_name);
589 goto errout;
590 }
591 bcopy(u8p, client_uuid, UUID_LEN);
592
593 /*
594 * Lease key (optional)
595 */
596 alen = SMB_LEASE_KEY_SZ;
597 u8p = NULL;
598 rc = nvlist_lookup_uint8_array(nvl, "lease_uuid", &u8p, &alen);
599 if (rc == 0) {
600 bcopy(u8p, op->lease_key, UUID_LEN);
601 (void) nvlist_lookup_uint32(nvl,
602 "lease_state", &op->lease_state);
603 (void) nvlist_lookup_uint16(nvl,
604 "lease_epoch", &op->lease_epoch);
605 (void) nvlist_lookup_uint16(nvl,
606 "lease_version", &op->lease_version);
607 have_lease = B_TRUE;
608 } else {
609 (void) nvlist_lookup_uint32(nvl,
610 "oplock_state", &op->op_oplock_state);
611 }
612
613 /*
614 * Done getting what we need from the NV list.
615 * (re)open the file
616 */
617 status = smb_common_open(sr);
618 if (status != 0) {
619 cmn_err(CE_NOTE, "CA import (%s/%s) open failed 0x%x",
620 tree->t_resource, str_node->od_name, status);
621 (void) smb_node_set_delete_on_close(str_node, kcr, 0);
622 goto errout;
623 }
624 of = sr->fid_ofile;
625 did_open = B_TRUE;
626
627 /*
628 * Now restore the rest of the SMB2 level state.
629 * See smb2_create after smb_common_open
630 */
631
632 /*
633 * Setup of->f_cr with owner SID
634 */
635 rc = smb2_dh_import_cred(of, sidstr);
636 if (rc != 0) {
637 cmn_err(CE_NOTE, "CA import (%s/%s) import cred failed",
638 tree->t_resource, str_node->od_name);
639 goto errout;
640 }
641
642 /*
643 * Use the persist ID we previously assigned.
644 * Like smb_ofile_set_persistid_ph()
645 */
646 rc = smb_ofile_insert_persistid(of, persist_id);
647 if (rc != 0) {
648 cmn_err(CE_NOTE, "CA import (%s/%s) "
649 "insert_persistid rc=%d",
650 tree->t_resource, str_node->od_name, rc);
651 goto errout;
652 }
653
654 /*
655 * Like smb2_lease_create()
656 *
657 * Lease state is stored in each persistent handle, but
658 * only one handle has the state we want. As we import
659 * each handle, "upgrade" the lease if the handle we're
660 * importing has a "better" lease state (higher epoch or
661 * more cache rights). After all handles are imported,
662 * that will get the lease to the right state.
663 */
664 if (have_lease) {
665 smb_lease_t *ls;
666 status = smb2_lease_create(sr, client_uuid);
667 if (status != 0) {
668 cmn_err(CE_NOTE, "CA import (%s/%s) get lease 0x%x",
669 tree->t_resource, str_node->od_name, status);
670 goto errout;
671 }
672 ls = of->f_lease;
673
674 /* Use most current "epoch". */
675 mutex_enter(&ls->ls_mutex);
676 if (ls->ls_epoch < op->lease_epoch)
677 ls->ls_epoch = op->lease_epoch;
678 mutex_exit(&ls->ls_mutex);
679
680 /*
681 * Get the lease (and oplock)
682 * uses op->lease_state
683 */
684 op->op_oplock_level = SMB2_OPLOCK_LEVEL_LEASE;
685 smb2_lease_acquire(sr);
686
687 } else {
688 /*
689 * No lease; maybe get an oplock
690 * uses: op->op_oplock_level
691 */
692 if (op->op_oplock_state & OPLOCK_LEVEL_BATCH) {
693 op->op_oplock_level = SMB2_OPLOCK_LEVEL_BATCH;
694 } else if (op->op_oplock_state & OPLOCK_LEVEL_ONE) {
695 op->op_oplock_level = SMB2_OPLOCK_LEVEL_EXCLUSIVE;
696 } else if (op->op_oplock_state & OPLOCK_LEVEL_TWO) {
697 op->op_oplock_level = SMB2_OPLOCK_LEVEL_II;
698 } else {
699 op->op_oplock_level = SMB2_OPLOCK_LEVEL_NONE;
700 }
701 smb2_oplock_acquire(sr);
702 }
703
704 /*
705 * Byte range locks
706 */
707 alen = 0;
708 u64p = NULL;
709 if (nvlist_lookup_uint64_array(nvl, "locks", &u64p, &alen) == 0) {
710 uint_t i;
711 uint_t nlocks = alen / 3;
712 struct nvlk *nlp;
713
714 nlp = (struct nvlk *)u64p;
715 for (i = 0; i < nlocks; i++) {
716 status = smb_lock_range(
717 sr,
718 nlp->lk_start,
719 nlp->lk_len,
720 nlp->lk_pid,
721 nlp->lk_type,
722 0);
723 if (status != 0) {
724 cmn_err(CE_NOTE, "CA import (%s/%s) "
725 "get lock %d failed 0x%x",
726 tree->t_resource,
727 str_node->od_name,
728 i, status);
729 }
730 nlp++;
731 }
732 }
733 alen = SMB_OFILE_LSEQ_MAX;
734 u8p = NULL;
735 if (nvlist_lookup_uint8_array(nvl, "lockseq", &u8p, &alen) == 0) {
736 if (alen != SMB_OFILE_LSEQ_MAX) {
737 cmn_err(CE_NOTE, "CA import (%s/%s) "
738 "get lockseq bad len=%d",
739 tree->t_resource,
740 str_node->od_name,
741 alen);
742 } else {
743 mutex_enter(&of->f_mutex);
744 bcopy(u8p, of->f_lock_seq, alen);
745 mutex_exit(&of->f_mutex);
746 }
747 }
748
749 /*
750 * Optional "sticky" times (set pending attributes)
751 */
752 mutex_enter(&of->f_mutex);
753 pa = &of->f_pending_attr;
754 if (nvlist_lookup_hrtime(nvl, "atime", &hrt) == 0) {
755 hrt2ts(hrt, &pa->sa_vattr.va_atime);
756 pa->sa_mask |= SMB_AT_ATIME;
757 }
758 if (nvlist_lookup_hrtime(nvl, "mtime", &hrt) == 0) {
759 hrt2ts(hrt, &pa->sa_vattr.va_mtime);
760 pa->sa_mask |= SMB_AT_MTIME;
761 }
762 if (nvlist_lookup_hrtime(nvl, "ctime", &hrt) == 0) {
763 hrt2ts(hrt, &pa->sa_vattr.va_ctime);
764 pa->sa_mask |= SMB_AT_CTIME;
765 }
766 mutex_exit(&of->f_mutex);
767
768 /*
769 * Make durable and persistent.
770 * See smb2_dh_make_persistent()
771 */
772 of->dh_vers = SMB2_DURABLE_V2;
773 bcopy(op->create_guid, of->dh_create_guid, UUID_LEN);
774 of->dh_persist = B_TRUE;
775 of->dh_nvfile = str_node;
776 smb_node_ref(str_node);
777 of->dh_nvlist = nvl;
778 nvl = NULL;
779
780 /*
781 * Now make it state orphaned...
782 * See smb_ofile_drop(), then
783 * smb_ofile_save_dh()
784 */
785 mutex_enter(&of->f_mutex);
786 of->f_state = SMB_OFILE_STATE_SAVE_DH;
787 of->dh_timeout_offset = MSEC2NSEC(smb2_persist_timeout);
788 mutex_exit(&of->f_mutex);
789
790 /*
791 * Finished!
792 */
793 return (of);
794
795 errout:
796 if (did_open) {
797 smb_ofile_close(of, 0);
798 smb_ofile_release(of);
799 } else {
800 ASSERT(of == NULL);
801 }
802
803 if (nvl != NULL)
804 nvlist_free(nvl);
805
806 return (NULL);
807 }
808
809 static int
810 smb2_dh_read_nvlist(smb_request_t *sr, smb_node_t *node,
811 struct nvlist **nvlpp)
812 {
813 smb_attr_t attr;
814 iovec_t iov;
815 uio_t uio;
816 smb_kshare_t *shr = sr->arg.tcon.si;
817 cred_t *kcr = zone_kcred();
818 size_t flen;
819 int rc;
820
821 bzero(&attr, sizeof (attr));
822 attr.sa_mask = SMB_AT_SIZE;
823 rc = smb_node_getattr(NULL, node, kcr, NULL, &attr);
824 if (rc != 0) {
825 cmn_err(CE_NOTE, "CA import (%s/%s) getattr rc=%d",
826 shr->shr_path, node->od_name, rc);
827 return (rc);
828 }
829
830 if (attr.sa_vattr.va_size < 4 ||
831 attr.sa_vattr.va_size > sr->sr_req_length) {
832 cmn_err(CE_NOTE, "CA import (%s/%s) bad size=%" PRIu64,
833 shr->shr_path, node->od_name,
834 (uint64_t)attr.sa_vattr.va_size);
835 return (EINVAL);
836 }
837 flen = (size_t)attr.sa_vattr.va_size;
838
839 bzero(&uio, sizeof (uio));
840 iov.iov_base = sr->sr_request_buf;
841 iov.iov_len = flen;
842 uio.uio_iov = &iov;
843 uio.uio_iovcnt = 1;
844 uio.uio_resid = flen;
845 uio.uio_segflg = UIO_SYSSPACE;
846 uio.uio_extflg = UIO_COPY_DEFAULT;
847 rc = smb_fsop_read(sr, kcr, node, NULL, &uio, 0);
848 if (rc != 0) {
849 cmn_err(CE_NOTE, "CA import (%s/%s) read, rc=%d",
850 shr->shr_path, node->od_name, rc);
851 return (rc);
852 }
853 if (uio.uio_resid != 0) {
854 cmn_err(CE_NOTE, "CA import (%s/%s) short read",
855 shr->shr_path, node->od_name);
856 return (EIO);
857 }
858
859 rc = nvlist_unpack(sr->sr_request_buf, flen, nvlpp, KM_SLEEP);
860 if (rc != 0) {
861 cmn_err(CE_NOTE, "CA import (%s/%s) unpack, rc=%d",
862 shr->shr_path, node->od_name, rc);
863 return (rc);
864 }
865
866 return (0);
867 }
868
869 /*
870 * Setup a vestigal credential in of->f_cr just good enough for
871 * smb_is_same_user to determine if the caller owned this ofile.
872 * At reconnect, of->f_cr will be replaced with the caller's.
873 */
874 static int
875 smb2_dh_import_cred(smb_ofile_t *of, char *sidstr)
876 {
877 #ifdef _FAKE_KERNEL
878 _NOTE(ARGUNUSED(sidstr))
879 /* fksmbd doesn't have real credentials. */
880 of->f_cr = CRED();
881 crhold(of->f_cr);
882 #else
883 char tmpstr[SMB_SID_STRSZ];
884 ksid_t ksid;
885 cred_t *cr, *oldcr;
886 int rc;
887
888 (void) strlcpy(tmpstr, sidstr, sizeof (tmpstr));
889 bzero(&ksid, sizeof (ksid));
890
891 rc = smb_sid_splitstr(tmpstr, &ksid.ks_rid);
892 if (rc != 0)
893 return (rc);
894 cr = crget();
895
896 ksid.ks_domain = ksid_lookupdomain(tmpstr);
897 crsetsid(cr, &ksid, KSID_USER);
898 ksiddomain_hold(ksid.ks_domain);
899 crsetsid(cr, &ksid, KSID_OWNER);
900
901 /*
902 * Just to avoid leaving the KSID_GROUP slot NULL,
903 * put the "everyone" SID there (S-1-1-0).
904 */
905 ksid.ks_domain = ksid_lookupdomain("S-1-1");
906 ksid.ks_rid = 0;
907 crsetsid(cr, &ksid, KSID_GROUP);
908
909 oldcr = of->f_cr;
910 of->f_cr = cr;
911 if (oldcr != NULL)
912 crfree(oldcr);
913 #endif
914
915 return (0);
916 }
917
918 /*
919 * Set Delete-on-Close (DoC) on the persistent state file so it will be
920 * removed when the last ref. goes away (in smb2_dh_close_persistent).
921 *
922 * This is called in just two places:
923 * (1) SMB2_close request -- client tells us to destroy the handle.
924 * (2) smb2_dh_expire -- client has forgotten about this handle.
925 * All other (server-initiated) close calls should leave these
926 * persistent state files in the file system.
927 */
928 void
929 smb2_dh_setdoc_persistent(smb_ofile_t *of)
930 {
931 smb_node_t *strnode;
932 uint32_t status;
933
934 mutex_enter(&of->dh_nvlock);
935 if ((strnode = of->dh_nvfile) != NULL)
936 smb_node_ref(strnode);
937 mutex_exit(&of->dh_nvlock);
938
939 if (strnode != NULL) {
940 status = smb_node_set_delete_on_close(strnode,
941 zone_kcred(), SMB_CASE_SENSITIVE);
942 if (status != 0) {
943 cmn_err(CE_WARN, "Can't set DoC on CA file: %s",
944 strnode->od_name);
945 DTRACE_PROBE1(rm__ca__err, smb_ofile_t *, of);
946 }
947 smb_node_release(strnode);
948 }
949 }
950
951 /*
952 * During ofile close, free the persistent handle state nvlist and
953 * drop our reference to the state file node (which may unlink it
954 * if smb2_dh_setdoc_persistent was called).
955 */
956 void
957 smb2_dh_close_persistent(smb_ofile_t *of)
958 {
959 smb_node_t *strnode;
960 struct nvlist *nvl;
961
962 /*
963 * Clear out nvlist and stream linkage
964 */
965 mutex_enter(&of->dh_nvlock);
966 strnode = of->dh_nvfile;
967 of->dh_nvfile = NULL;
968 nvl = of->dh_nvlist;
969 of->dh_nvlist = NULL;
970 mutex_exit(&of->dh_nvlock);
971
972 if (nvl != NULL)
973 nvlist_free(nvl);
974
975 if (strnode != NULL)
976 smb_node_release(strnode);
977 }
978
979 /*
980 * Make this durable handle persistent.
981 * If we succeed, set of->dh_persist = TRUE.
982 */
983 int
984 smb2_dh_make_persistent(smb_request_t *sr, smb_ofile_t *of)
985 {
986 char fname[DH_SN_SIZE];
987 char sidstr[SMB_SID_STRSZ];
988 smb_attr_t attr;
989 smb_arg_open_t *op = &sr->arg.open;
990 cred_t *kcr = zone_kcred();
991 smb_node_t *dnode = of->f_tree->t_snode;
992 smb_node_t *fnode = NULL;
993 ksid_t *ksid;
994 int rc;
995
996 ASSERT(of->dh_nvfile == NULL);
997
998 /*
999 * Create the persistent handle nvlist file.
1000 * It's a named stream in the share root,
1001 */
1002 smb2_dh_make_stream_name(fname, sizeof (fname), of->f_persistid);
1003
1004 bzero(&attr, sizeof (attr));
1005 attr.sa_mask = SMB_AT_TYPE | SMB_AT_MODE | SMB_AT_SIZE;
1006 attr.sa_vattr.va_type = VREG;
1007 attr.sa_vattr.va_mode = 0640;
1008 attr.sa_vattr.va_size = 4;
1009 rc = smb_fsop_create(sr, kcr, dnode, fname, &attr, &fnode);
1010 if (rc != 0)
1011 return (rc);
1012
1013 mutex_enter(&of->dh_nvlock);
1014
1015 /* fnode is held. rele in smb2_dh_close_persistent */
1016 of->dh_nvfile = fnode;
1017 (void) nvlist_alloc(&of->dh_nvlist, NV_UNIQUE_NAME, KM_SLEEP);
1018
1019 /*
1020 * Want the ksid as a string
1021 */
1022 ksid = crgetsid(of->f_user->u_cred, KSID_USER);
1023 (void) snprintf(sidstr, sizeof (sidstr), "%s-%u",
1024 ksid->ks_domain->kd_name, ksid->ks_rid);
1025
1026 /*
1027 * Fill in the fixed parts of the nvlist
1028 */
1029 (void) nvlist_add_uint32(of->dh_nvlist,
1030 "info_version", smb2_ca_info_version);
1031 (void) nvlist_add_string(of->dh_nvlist,
1032 "owner_sid", sidstr);
1033 (void) nvlist_add_string(of->dh_nvlist,
1034 "share_name", of->f_tree->t_sharename);
1035 (void) nvlist_add_uint64(of->dh_nvlist,
1036 "file_persistid", of->f_persistid);
1037 (void) nvlist_add_uint8_array(of->dh_nvlist,
1038 "file_guid", of->dh_create_guid, UUID_LEN);
1039 (void) nvlist_add_string(of->dh_nvlist,
1040 "client_ipaddr", sr->session->ip_addr_str);
1041 (void) nvlist_add_uint8_array(of->dh_nvlist,
1042 "client_uuid", sr->session->clnt_uuid, UUID_LEN);
1043 (void) nvlist_add_string(of->dh_nvlist,
1044 "path_name", op->fqi.fq_path.pn_path);
1045 (void) nvlist_add_uint32(of->dh_nvlist,
1046 "granted_access", of->f_granted_access);
1047 (void) nvlist_add_uint32(of->dh_nvlist,
1048 "share_access", of->f_share_access);
1049 (void) nvlist_add_uint32(of->dh_nvlist,
1050 "create_options", of->f_create_options);
1051 if (of->f_lease != NULL) {
1052 smb_lease_t *ls = of->f_lease;
1053 (void) nvlist_add_uint8_array(of->dh_nvlist,
1054 "lease_uuid", ls->ls_key, 16);
1055 (void) nvlist_add_uint32(of->dh_nvlist,
1056 "lease_state", ls->ls_state);
1057 (void) nvlist_add_uint16(of->dh_nvlist,
1058 "lease_epoch", ls->ls_epoch);
1059 (void) nvlist_add_uint16(of->dh_nvlist,
1060 "lease_version", ls->ls_version);
1061 } else {
1062 (void) nvlist_add_uint32(of->dh_nvlist,
1063 "oplock_state", of->f_oplock.og_state);
1064 }
1065 mutex_exit(&of->dh_nvlock);
1066
1067 smb2_dh_update_locks(sr, of);
1068
1069 /* Tell sr update nvlist file */
1070 sr->dh_nvl_dirty = B_TRUE;
1071
1072 return (0);
1073 }
1074
1075 void
1076 smb2_dh_update_nvfile(smb_request_t *sr)
1077 {
1078 smb_attr_t attr;
1079 iovec_t iov;
1080 uio_t uio;
1081 smb_ofile_t *of = sr->fid_ofile;
1082 cred_t *kcr = zone_kcred();
1083 char *buf = NULL;
1084 size_t buflen = 0;
1085 uint32_t wcnt;
1086 int rc;
1087
1088 if (of == NULL || of->dh_persist == B_FALSE)
1089 return;
1090
1091 mutex_enter(&of->dh_nvlock);
1092 if (of->dh_nvlist == NULL || of->dh_nvfile == NULL) {
1093 mutex_exit(&of->dh_nvlock);
1094 return;
1095 }
1096
1097 rc = nvlist_size(of->dh_nvlist, &buflen, NV_ENCODE_XDR);
1098 if (rc != 0)
1099 goto out;
1100 buf = kmem_zalloc(buflen, KM_SLEEP);
1101
1102 rc = nvlist_pack(of->dh_nvlist, &buf, &buflen,
1103 NV_ENCODE_XDR, KM_SLEEP);
1104 if (rc != 0)
1105 goto out;
1106
1107 bzero(&attr, sizeof (attr));
1108 attr.sa_mask = SMB_AT_SIZE;
1109 attr.sa_vattr.va_size = buflen;
1110 rc = smb_node_setattr(sr, of->dh_nvfile, kcr, NULL, &attr);
1111 if (rc != 0)
1112 goto out;
1113
1114 bzero(&uio, sizeof (uio));
1115 iov.iov_base = (void *) buf;
1116 iov.iov_len = buflen;
1117 uio.uio_iov = &iov;
1118 uio.uio_iovcnt = 1;
1119 uio.uio_resid = buflen;
1120 uio.uio_segflg = UIO_SYSSPACE;
1121 uio.uio_extflg = UIO_COPY_DEFAULT;
1122 rc = smb_fsop_write(sr, kcr, of->dh_nvfile,
1123 NULL, &uio, &wcnt, 0);
1124 if (rc == 0 && wcnt != buflen)
1125 rc = EIO;
1126
1127 out:
1128 mutex_exit(&of->dh_nvlock);
1129
1130 if (rc != 0) {
1131 cmn_err(CE_WARN,
1132 "clnt(%s) failed to update persistent handle, rc=%d",
1133 sr->session->ip_addr_str, rc);
1134 }
1135
1136 if (buf != NULL) {
1137 kmem_free(buf, buflen);
1138 }
1139 }
1140
1141 /*
1142 * Called after f_oplock (and lease) changes
1143 * If lease, update: lease_state, lease_epoch
1144 * else (oplock) update: oplock_state
1145 */
1146 void
1147 smb2_dh_update_oplock(smb_request_t *sr, smb_ofile_t *of)
1148 {
1149 smb_lease_t *ls;
1150
1151 mutex_enter(&of->dh_nvlock);
1152 if (of->dh_nvlist == NULL) {
1153 mutex_exit(&of->dh_nvlock);
1154 return;
1155 }
1156
1157 if (of->f_lease != NULL) {
1158 ls = of->f_lease;
1159 (void) nvlist_add_uint32(of->dh_nvlist,
1160 "lease_state", ls->ls_state);
1161 (void) nvlist_add_uint16(of->dh_nvlist,
1162 "lease_epoch", ls->ls_epoch);
1163 } else {
1164 (void) nvlist_add_uint32(of->dh_nvlist,
1165 "oplock_state", of->f_oplock.og_state);
1166 }
1167 mutex_exit(&of->dh_nvlock);
1168
1169 sr->dh_nvl_dirty = B_TRUE;
1170 }
1171
1172 /*
1173 * Save locks from this ofile as an array of uint64_t, where the
1174 * elements are triplets: (start, length, (pid << 32) | type)
1175 * Note pid should always be zero for SMB2, so we could use
1176 * that 32-bit spot for something else if needed.
1177 */
1178 void
1179 smb2_dh_update_locks(smb_request_t *sr, smb_ofile_t *of)
1180 {
1181 uint8_t lseq[SMB_OFILE_LSEQ_MAX];
1182 smb_node_t *node = of->f_node;
1183 smb_llist_t *llist = &node->n_lock_list;
1184 size_t vec_sz; // storage size
1185 uint_t my_cnt = 0;
1186 uint64_t *vec = NULL;
1187 struct nvlk *nlp;
1188 smb_lock_t *lock;
1189
1190 smb_llist_enter(llist, RW_READER);
1191 vec_sz = (llist->ll_count + 1) * sizeof (struct nvlk);
1192 vec = kmem_alloc(vec_sz, KM_SLEEP);
1193 nlp = (struct nvlk *)vec;
1194 for (lock = smb_llist_head(llist);
1195 lock != NULL;
1196 lock = smb_llist_next(llist, lock)) {
1197 if (lock->l_file != of)
1198 continue;
1199 nlp->lk_start = lock->l_start;
1200 nlp->lk_len = lock->l_length;
1201 nlp->lk_pid = lock->l_pid;
1202 nlp->lk_type = lock->l_type;
1203 nlp++;
1204 my_cnt++;
1205 }
1206 smb_llist_exit(llist);
1207
1208 mutex_enter(&of->f_mutex);
1209 bcopy(of->f_lock_seq, lseq, sizeof (lseq));
1210 mutex_exit(&of->f_mutex);
1211
1212 mutex_enter(&of->dh_nvlock);
1213 if (of->dh_nvlist != NULL) {
1214
1215 (void) nvlist_add_uint64_array(of->dh_nvlist,
1216 "locks", vec, my_cnt * 3);
1217
1218 (void) nvlist_add_uint8_array(of->dh_nvlist,
1219 "lockseq", lseq, sizeof (lseq));
1220 }
1221 mutex_exit(&of->dh_nvlock);
1222
1223 kmem_free(vec, vec_sz);
1224
1225 sr->dh_nvl_dirty = B_TRUE;
1226 }
1227
1228 /*
1229 * Save "sticky" times
1230 */
1231 void
1232 smb2_dh_update_times(smb_request_t *sr, smb_ofile_t *of, smb_attr_t *attr)
1233 {
1234 hrtime_t t;
1235
1236 mutex_enter(&of->dh_nvlock);
1237 if (of->dh_nvlist == NULL) {
1238 mutex_exit(&of->dh_nvlock);
1239 return;
1240 }
1241
1242 if (attr->sa_mask & SMB_AT_ATIME) {
1243 t = ts2hrt(&attr->sa_vattr.va_atime);
1244 (void) nvlist_add_hrtime(of->dh_nvlist, "atime", t);
1245 }
1246 if (attr->sa_mask & SMB_AT_MTIME) {
1247 t = ts2hrt(&attr->sa_vattr.va_mtime);
1248 (void) nvlist_add_hrtime(of->dh_nvlist, "mtime", t);
1249 }
1250 if (attr->sa_mask & SMB_AT_CTIME) {
1251 t = ts2hrt(&attr->sa_vattr.va_ctime);
1252 (void) nvlist_add_hrtime(of->dh_nvlist, "ctime", t);
1253 }
1254 mutex_exit(&of->dh_nvlock);
1255
1256 sr->dh_nvl_dirty = B_TRUE;
1257 }
1258
1259
1260 /*
1261 * Requirements for ofile found during reconnect (MS-SMB2 3.3.5.9.7):
1262 * - security descriptor must match provided descriptor
1263 *
1264 * If file is leased:
1265 * - lease must be requested
1266 * - client guid must match session guid
1267 * - file name must match given name
1268 * - lease key must match provided lease key
1269 * If file is not leased:
1270 * - Lease must not be requested
1271 *
1272 * dh_v2 only:
1273 * - SMB2_DHANDLE_FLAG_PERSISTENT must be set if dh_persist is true
1274 * - SMB2_DHANDLE_FLAG_PERSISTENT must not be set if dh_persist is false
1275 * - desired access, share access, and create_options must be ignored
1276 * - createguid must match
1277 */
1278 static uint32_t
1279 smb2_dh_reconnect_checks(smb_request_t *sr, smb_ofile_t *of)
1280 {
1281 smb_arg_open_t *op = &sr->sr_open;
1282 char *fname;
1283
1284 if (of->f_lease != NULL) {
1285 if (bcmp(sr->session->clnt_uuid,
1286 of->f_lease->ls_clnt, 16) != 0)
1287 return (NT_STATUS_OBJECT_NAME_NOT_FOUND);
1288
1289 if (op->op_oplock_level != SMB2_OPLOCK_LEVEL_LEASE)
1290 return (NT_STATUS_OBJECT_NAME_NOT_FOUND);
1291 if (bcmp(op->lease_key, of->f_lease->ls_key,
1292 SMB_LEASE_KEY_SZ) != 0)
1293 return (NT_STATUS_OBJECT_NAME_NOT_FOUND);
1294
1295 /*
1296 * We're supposed to check the name is the same.
1297 * Not really necessary to do this, so just do
1298 * minimal effort (check last component)
1299 */
1300 fname = strrchr(op->fqi.fq_path.pn_path, '\\');
1301 if (fname != NULL)
1302 fname++;
1303 else
1304 fname = op->fqi.fq_path.pn_path;
1305 if (smb_strcasecmp(fname, of->f_node->od_name, 0) != 0) {
1306 #ifdef DEBUG
1307 cmn_err(CE_NOTE, "reconnect name <%s> of name <%s>",
1308 fname, of->f_node->od_name);
1309 #endif
1310 return (NT_STATUS_INVALID_PARAMETER);
1311 }
1312 } else {
1313 if (op->op_oplock_level == SMB2_OPLOCK_LEVEL_LEASE)
1314 return (NT_STATUS_OBJECT_NAME_NOT_FOUND);
1315 }
1316
1317 if (op->dh_vers == SMB2_DURABLE_V2) {
1318 boolean_t op_persist =
1319 ((op->dh_v2_flags & SMB2_DHANDLE_FLAG_PERSISTENT) != 0);
1320 if (of->dh_persist != op_persist)
1321 return (NT_STATUS_OBJECT_NAME_NOT_FOUND);
1322 if (memcmp(op->create_guid, of->dh_create_guid, UUID_LEN))
1323 return (NT_STATUS_OBJECT_NAME_NOT_FOUND);
1324 }
1325
1326 if (!smb_is_same_user(sr->user_cr, of->f_cr))
1327 return (NT_STATUS_ACCESS_DENIED);
1328
1329 return (NT_STATUS_SUCCESS);
1330 }
1331
1332 /*
1333 * [MS-SMB2] 3.3.5.9.7 and 3.3.5.9.12 (durable reconnect v1/v2)
1334 *
1335 * Looks up an ofile on the server's sv_dh_list by the persistid.
1336 * If found, it validates the request.
1337 * (see smb2_dh_reconnect_checks() for details)
1338 * If the checks are passed, add it onto the new tree's list.
1339 *
1340 * Note that the oplock break code path can get to an ofile via the node
1341 * ofile list. It starts with a ref taken in smb_ofile_hold_olbrk, which
1342 * waits if the ofile is found in state RECONNECT. That wait happens with
1343 * the node ofile list lock held as reader, and the oplock mutex held.
1344 * Implications of that are: While we're in state RECONNECT, we shoud NOT
1345 * block (at least, not for long) and must not try to enter any of the
1346 * node ofile list lock or oplock mutex. Thankfully, we don't need to
1347 * enter those while reclaiming an orphaned ofile.
1348 */
1349 uint32_t
1350 smb2_dh_reconnect(smb_request_t *sr)
1351 {
1352 smb_arg_open_t *op = &sr->sr_open;
1353 smb_tree_t *tree = sr->tid_tree;
1354 smb_ofile_t *of;
1355 cred_t *old_cr;
1356 uint32_t status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
1357 uint16_t fid = 0;
1358
1359 if (smb_idpool_alloc(&tree->t_fid_pool, &fid))
1360 return (NT_STATUS_TOO_MANY_OPENED_FILES);
1361
1362 /* Find orphaned handle. */
1363 of = smb_ofile_lookup_by_persistid(sr, op->dh_fileid.persistent);
1364 if (of == NULL)
1365 goto errout;
1366
1367 mutex_enter(&of->f_mutex);
1368 if (of->f_state != SMB_OFILE_STATE_ORPHANED) {
1369 mutex_exit(&of->f_mutex);
1370 goto errout;
1371 }
1372
1373 status = smb2_dh_reconnect_checks(sr, of);
1374 if (status != NT_STATUS_SUCCESS) {
1375 mutex_exit(&of->f_mutex);
1376 goto errout;
1377 }
1378
1379 /*
1380 * Note: cv_broadcast(&of->f_cv) when we're
1381 * done messing around in this state.
1382 * See: smb_ofile_hold_olbrk()
1383 */
1384 of->f_state = SMB_OFILE_STATE_RECONNECT;
1385 mutex_exit(&of->f_mutex);
1386
1387 /*
1388 * At this point, we should be the only thread with a ref on the
1389 * ofile, and the RECONNECT state should prevent new refs from
1390 * being granted, or other durable threads from observing or
1391 * reclaiming it. Put this ofile in the new tree, similar to
1392 * the last part of smb_ofile_open.
1393 */
1394
1395 old_cr = of->f_cr;
1396 of->f_cr = sr->user_cr;
1397 crhold(of->f_cr);
1398 crfree(old_cr);
1399
1400 of->f_session = sr->session; /* hold is via user and tree */
1401 smb_user_hold_internal(sr->uid_user);
1402 of->f_user = sr->uid_user;
1403 smb_tree_hold_internal(tree);
1404 of->f_tree = tree;
1405 of->f_fid = fid;
1406
1407 smb_llist_enter(&tree->t_ofile_list, RW_WRITER);
1408 smb_llist_insert_tail(&tree->t_ofile_list, of);
1409 smb_llist_exit(&tree->t_ofile_list);
1410 atomic_inc_32(&tree->t_open_files);
1411 atomic_inc_32(&sr->session->s_file_cnt);
1412
1413 /*
1414 * The ofile is now in the caller's session & tree.
1415 *
1416 * In case smb_ofile_hold or smb_oplock_send_brk() are
1417 * waiting for state RECONNECT to complete, wakeup.
1418 */
1419 mutex_enter(&of->f_mutex);
1420 of->dh_expire_time = 0;
1421 of->f_state = SMB_OFILE_STATE_OPEN;
1422 cv_broadcast(&of->f_cv);
1423 mutex_exit(&of->f_mutex);
1424
1425 /*
1426 * The ofile is now visible in the new session.
1427 * From here, this is similar to the last part of
1428 * smb_common_open().
1429 */
1430 op->fqi.fq_fattr.sa_mask = SMB_AT_ALL;
1431 (void) smb_node_getattr(sr, of->f_node, zone_kcred(), of,
1432 &op->fqi.fq_fattr);
1433
1434 /*
1435 * Set up the fileid and dosattr in open_param for response
1436 */
1437 op->fileid = op->fqi.fq_fattr.sa_vattr.va_nodeid;
1438 op->dattr = op->fqi.fq_fattr.sa_dosattr;
1439
1440 /*
1441 * Set up the file type in open_param for the response
1442 * The ref. from ofile lookup is "given" to fid_ofile.
1443 */
1444 op->ftype = SMB_FTYPE_DISK;
1445 sr->smb_fid = of->f_fid;
1446 sr->fid_ofile = of;
1447
1448 if (smb_node_is_file(of->f_node)) {
1449 op->dsize = op->fqi.fq_fattr.sa_vattr.va_size;
1450 } else {
1451 /* directory or symlink */
1452 op->dsize = 0;
1453 }
1454
1455 op->create_options = 0; /* no more modifications wanted */
1456 op->action_taken = SMB_OACT_OPENED;
1457 return (NT_STATUS_SUCCESS);
1458
1459 errout:
1460 if (of != NULL)
1461 smb_ofile_release(of);
1462 if (fid != 0)
1463 smb_idpool_free(&tree->t_fid_pool, fid);
1464
1465 return (status);
1466 }
1467
1468 /*
1469 * Durable handle expiration
1470 * ofile state is _EXPIRED
1471 */
1472 static void
1473 smb2_dh_expire(void *arg)
1474 {
1475 smb_ofile_t *of = (smb_ofile_t *)arg;
1476
1477 if (of->dh_persist)
1478 smb2_dh_setdoc_persistent(of);
1479 smb_ofile_close(of, 0);
1480 smb_ofile_release(of);
1481 }
1482
1483 void
1484 smb2_durable_timers(smb_server_t *sv)
1485 {
1486 smb_hash_t *hash;
1487 smb_llist_t *bucket;
1488 smb_ofile_t *of;
1489 hrtime_t now;
1490 int i;
1491
1492 hash = sv->sv_persistid_ht;
1493 now = gethrtime();
1494
1495 for (i = 0; i < hash->num_buckets; i++) {
1496 bucket = &hash->buckets[i].b_list;
1497 smb_llist_enter(bucket, RW_READER);
1498 for (of = smb_llist_head(bucket);
1499 of != NULL;
1500 of = smb_llist_next(bucket, of)) {
1501 SMB_OFILE_VALID(of);
1502
1503 /*
1504 * Check outside the mutex first to avoid some
1505 * mutex_enter work in this loop. If the state
1506 * changes under foot, the worst that happens
1507 * is we either enter the mutex when we might
1508 * not have needed to, or we miss some DH in
1509 * this pass and get it on the next.
1510 */
1511 if (of->f_state != SMB_OFILE_STATE_ORPHANED)
1512 continue;
1513
1514 mutex_enter(&of->f_mutex);
1515 /* STATE_ORPHANED implies dh_expire_time != 0 */
1516 if (of->f_state == SMB_OFILE_STATE_ORPHANED &&
1517 of->dh_expire_time <= now) {
1518 of->f_state = SMB_OFILE_STATE_EXPIRED;
1519 /* inline smb_ofile_hold_internal() */
1520 of->f_refcnt++;
1521 smb_llist_post(bucket, of, smb2_dh_expire);
1522 }
1523 mutex_exit(&of->f_mutex);
1524 }
1525 smb_llist_exit(bucket);
1526 }
1527 }
1528
1529 /*
1530 * This is called when we're about to add a new open to some node.
1531 * If we still have orphaned durable handles on this node, let's
1532 * assume the client has lost interest in those and close them,
1533 * otherwise we might conflict with our own orphaned handles.
1534 *
1535 * We need this because we import persistent handles "speculatively"
1536 * during share import (before the client ever asks for reconnect).
1537 * That allows us to avoid any need for a "create blackout" (or
1538 * "grace period") because the imported handles prevent unwanted
1539 * conflicting opens from other clients. However, if some client
1540 * "forgets" about a persistent handle (*cough* Hyper-V) and tries
1541 * a new (conflicting) open instead of a reconnect, that might
1542 * fail unless we expire our orphaned durables handle first.
1543 *
1544 * Logic similar to smb_node_open_check()
1545 */
1546 void
1547 smb2_dh_close_my_orphans(smb_request_t *sr, smb_ofile_t *new_of)
1548 {
1549 smb_node_t *node = new_of->f_node;
1550 smb_ofile_t *of;
1551
1552 SMB_NODE_VALID(node);
1553
1554 smb_llist_enter(&node->n_ofile_list, RW_READER);
1555 for (of = smb_llist_head(&node->n_ofile_list);
1556 of != NULL;
1557 of = smb_llist_next(&node->n_ofile_list, of)) {
1558
1559 /* Same client? */
1560 if (of->f_lease != NULL &&
1561 bcmp(sr->session->clnt_uuid,
1562 of->f_lease->ls_clnt, 16) != 0)
1563 continue;
1564
1565 if (!smb_is_same_user(sr->user_cr, of->f_cr))
1566 continue;
1567
1568 mutex_enter(&of->f_mutex);
1569 if (of->f_state == SMB_OFILE_STATE_ORPHANED) {
1570 of->f_state = SMB_OFILE_STATE_EXPIRED;
1571 /* inline smb_ofile_hold_internal() */
1572 of->f_refcnt++;
1573 smb_llist_post(&node->n_ofile_list,
1574 of, smb2_dh_expire);
1575 }
1576 mutex_exit(&of->f_mutex);
1577 }
1578
1579 smb_llist_exit(&node->n_ofile_list);
1580 }
1581
1582 /*
1583 * Called for each orphaned DH during shutdown.
1584 * Clean out any in-memory state, but leave any
1585 * on-disk persistent handle state in place.
1586 */
1587 static void
1588 smb2_dh_cleanup(void *arg)
1589 {
1590 smb_ofile_t *of = (smb_ofile_t *)arg;
1591 smb_node_t *strnode;
1592 struct nvlist *nvl;
1593
1594 /*
1595 * Intentionally skip smb2_dh_close_persistent by
1596 * clearing dh_nvfile before smb_ofile_close().
1597 */
1598 mutex_enter(&of->dh_nvlock);
1599 strnode = of->dh_nvfile;
1600 of->dh_nvfile = NULL;
1601 nvl = of->dh_nvlist;
1602 of->dh_nvlist = NULL;
1603 mutex_exit(&of->dh_nvlock);
1604
1605 if (nvl != NULL)
1606 nvlist_free(nvl);
1607
1608 if (strnode != NULL)
1609 smb_node_release(strnode);
1610
1611 smb_ofile_close(of, 0);
1612 smb_ofile_release(of);
1613 }
1614
1615 /*
1616 * Clean out durable handles during shutdown.
1617 *
1618 * Like, smb2_durable_timers but cleanup only in-memory state,
1619 * and leave any persistent state there for later reconnect.
1620 */
1621 void
1622 smb2_dh_shutdown(smb_server_t *sv)
1623 {
1624 smb_hash_t *hash;
1625 smb_llist_t *bucket;
1626 smb_ofile_t *of;
1627 int i;
1628
1629 hash = sv->sv_persistid_ht;
1630
1631 for (i = 0; i < hash->num_buckets; i++) {
1632 bucket = &hash->buckets[i].b_list;
1633 smb_llist_enter(bucket, RW_READER);
1634 of = smb_llist_head(bucket);
1635 while (of != NULL) {
1636 SMB_OFILE_VALID(of);
1637 mutex_enter(&of->f_mutex);
1638
1639 switch (of->f_state) {
1640 case SMB_OFILE_STATE_ORPHANED:
1641 of->f_state = SMB_OFILE_STATE_EXPIRED;
1642 /* inline smb_ofile_hold_internal() */
1643 of->f_refcnt++;
1644 smb_llist_post(bucket, of, smb2_dh_cleanup);
1645 break;
1646 default:
1647 break;
1648 }
1649 mutex_exit(&of->f_mutex);
1650 of = smb_llist_next(bucket, of);
1651 }
1652 smb_llist_exit(bucket);
1653 }
1654
1655 #ifdef DEBUG
1656 for (i = 0; i < hash->num_buckets; i++) {
1657 bucket = &hash->buckets[i].b_list;
1658 smb_llist_enter(bucket, RW_READER);
1659 of = smb_llist_head(bucket);
1660 while (of != NULL) {
1661 SMB_OFILE_VALID(of);
1662 cmn_err(CE_NOTE, "dh_shutdown leaked of=%p",
1663 (void *)of);
1664 of = smb_llist_next(bucket, of);
1665 }
1666 smb_llist_exit(bucket);
1667 }
1668 #endif // DEBUG
1669 }
1670
1671 uint32_t
1672 smb2_fsctl_set_resilient(smb_request_t *sr, smb_fsctl_t *fsctl)
1673 {
1674 uint32_t timeout;
1675 smb_ofile_t *of = sr->fid_ofile;
1676
1677 /*
1678 * Note: The spec does not explicitly prohibit resilient directories
1679 * the same way it prohibits durable directories. We prohibit them
1680 * anyway as a simplifying assumption, as there doesn't seem to be
1681 * much use for it. (HYPER-V only seems to use it on files anyway)
1682 */
1683 if (fsctl->InputCount < 8 || !smb_node_is_file(of->f_node))
1684 return (NT_STATUS_INVALID_PARAMETER);
1685
1686 (void) smb_mbc_decodef(fsctl->in_mbc, "l4.",
1687 &timeout); /* milliseconds */
1688
1689 if (smb2_enable_dh == 0)
1690 return (NT_STATUS_NOT_SUPPORTED);
1691
1692 /*
1693 * The spec wants us to return INVALID_PARAMETER if the timeout
1694 * is too large, but we have no way of informing the client
1695 * what an appropriate timeout is, so just set the timeout to
1696 * our max and return SUCCESS.
1697 */
1698 if (timeout == 0)
1699 timeout = smb2_res_def_timeout;
1700 if (timeout > smb2_res_max_timeout)
1701 timeout = smb2_res_max_timeout;
1702
1703 mutex_enter(&of->f_mutex);
1704 of->dh_vers = SMB2_RESILIENT;
1705 of->dh_timeout_offset = MSEC2NSEC(timeout);
1706 mutex_exit(&of->f_mutex);
1707
1708 return (NT_STATUS_SUCCESS);
1709 }