a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * This file and its contents are supplied under the terms of the
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Common Development and Distribution License ("CDDL"), version 1.0.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * You may only use this file in accordance with the terms of version
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * 1.0 of the CDDL.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * A full copy of the text of the CDDL should have accompanied this
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * source. A copy of the CDDL is also available via the Internet at
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Copyright 2015 Nexenta Systems, Inc. All rights reserved.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Saved state for a command that "goes async". When a compound request
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * contains a command that may block indefinitely, the compound reply is
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * composed with an "interim response" for that command, and information
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * needed to actually dispatch that command is saved on a list of "async"
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * commands for this compound request. After the compound reply is sent,
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * the list of async commands is processed, and those may block as long
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * as they need to without affecting the initial compound request.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Now interestingly, this "async" mechanism is not used with the full
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * range of asynchrony that one might imagine. The design of async
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * request processing can be drastically simplified if we can assume
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * that there's no need to run more than one async command at a time.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * With that simplifying assumption, we can continue using the current
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * "one worker thread per request message" model, which has very simple
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * locking rules etc. The same worker thread that handles the initial
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * compound request can handle the list of async requests.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * As it turns out, SMB2 clients do not try to use more than one "async"
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * command in a compound. If they were to do so, the [MS-SMB2] spec.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * allows us to decline additional async requests with an error.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * smb_async_req_t is the struct used to save an "async" request on
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * the list of requests that had an interim reply in the initial
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * compound reply. This includes everything needed to restart
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * processing at the async command.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * SMB2 header fields.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Rossstatic void smb2_tq_work(void *);
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Rossstatic const smb_disp_entry_t const
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross /* text-name, pre, func, post, cmd-code, dialect, flags */
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Note: Cancel gets the "invalid command" handler because
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * that's always handled directly in the reader. We should
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * never get to the function using this table, but note:
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * We CAN get here if a nasty client adds cancel to some
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * compound message, which is a protocol violation.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * This is the SMB2 handler for new smb requests, called from
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * smb_session_reader after SMB negotiate is done. For most SMB2
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * requests, we just enqueue them for the smb_session_worker to
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * execute via the task queue, so they can block for resources
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * without stopping the reader thread. A few protocol messages
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * are special cases and are handled directly here in the reader
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * thread so they don't wait for taskq scheduling.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * This function must either enqueue the new request for
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * execution via the task queue, or execute it directly
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * and then free it. If this returns non-zero, the caller
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * will drop the session.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross /* will drop the connection */
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Execute Cancel requests immediately, (here in the
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * reader thread) so they won't wait for any other
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * commands we might already have in the task queue.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Cancel also skips signature verification and
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * does not consume a sequence number.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * [MS-SMB2] 3.2.4.24 Cancellation...
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross command = LE_IN16((uint8_t *)sr->sr_request_buf + 12);
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Submit the request to the task queue, which calls
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * smb2_tq_work when the workload permits.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross smb_srqueue_waitq_enter(sr->session->s_srqueue);
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross (void) taskq_dispatch(sr->sr_server->sv_worker_pool,
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * In contrast with SMB1, SMB2 must _always_ dispatch to
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * the handler function, because cancelled requests need
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * an error reply (NT_STATUS_CANCELLED).
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * smb2sr_work
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * This function processes each SMB command in the current request
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * (which may be a compound request) building a reply containing
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * SMB reply messages, one-to-one with the SMB commands. Some SMB
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * commands (change notify, blocking locks) may require both an
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * "interim response" and a later "async response" at completion.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * In such cases, we'll encode the interim response in the reply
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * compound we're building, and put the (now async) command on a
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * list of commands that need further processing. After we've
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * finished processing the commands in this compound and building
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * the compound reply, we'll send the compound reply, and finally
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * process the list of async commands.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * As we work our way through the compound request and reply,
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * we need to keep track of the bounds of the current request
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * and reply. For the request, this uses an MBC_SHADOW_CHAIN
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * that begins at smb2_cmd_hdr. The reply is appended to the
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * sr->reply chain starting at smb2_reply_hdr.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * This function must always free the smb request.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross /* temporary until we identify a user */
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross /* FALLTHROUGH */
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Decode the request header
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Most problems with decoding will result in the error
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * STATUS_INVALID_PARAMETER. If the decoding problem
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * prevents continuing, we'll close the connection.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * [MS-SMB2] 3.3.5.2.6 Handling Incorrectly Formatted...
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * We treat some status codes as if "sticky", meaning
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * once they're set after some command handler returns,
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * all remaining commands get this status without even
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * calling the command-specific handler. The cancelled
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * status is used above, and insufficient_resources is
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * used when smb2sr_go_async declines to "go async".
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Otherwise initialize to zero (success).
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross sr->smb2_status != NT_STATUS_INSUFFICIENT_RESOURCES)
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * The SMB2_FLAGS_SERVER_TO_REDIR should only appear
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * in messages from the server back to the client.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross if ((sr->smb2_hdr_flags & SMB2_FLAGS_SERVER_TO_REDIR) != 0) {
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross related = (sr->smb2_hdr_flags & SMB2_FLAGS_RELATED_OPERATIONS);
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * In case we bail out with an error before we get to the
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * section that computes the credit grant, initialize the
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * response header fields so that credits won't change.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Note: SMB 2.02 clients may send credit charge zero.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross sr->smb2_credit_response = sr->smb2_credit_charge;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Reserve space for the reply header, and save the offset.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * The reply header will be overwritten later. If we have
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * already exhausted the output space, then this client is
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * trying something funny. Log it and kill 'em.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross if ((rc = smb2_encode_header(sr, B_FALSE)) != 0) {
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Figure out the length of data following the SMB2 header.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * It ends at either the next SMB2 header if there is one
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * (smb2_next_command != 0) or at the end of the message.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross /* [MS-SMB2] says this is 8-byte aligned */
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross if ((msg_len & 7) != 0 || (msg_len < SMB2_HDR_SIZE) ||
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross ((sr->smb2_cmd_hdr + msg_len) > sr->command.max_bytes)) {
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross msg_len = sr->command.max_bytes - sr->smb2_cmd_hdr;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Setup a shadow chain for this SMB2 command, starting
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * with the header and ending at either the next command
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * or the end of the message. The signing check below
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * needs the entire SMB2 command. After that's done, we
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * advance chain_offset to the end of the header where
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * the command specific handlers continue decoding.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross (void) MBC_SHADOW_CHAIN(&sr->smb_data, &sr->command,
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Validate the commmand code, get dispatch table entries.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * [MS-SMB2] 3.3.5.2.6 Handling Incorrectly Formatted...
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * The last slot in the dispatch table is used to handle
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * invalid commands. Same for statistics.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross sds = &session->s_server->sv_disp_stats2[cmd_idx];
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * If this command is NOT "related" to the previous,
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * clear out the UID, TID, FID state that might be
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * left over from the previous command.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * If the command IS related, any new IDs are ignored,
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * and we simply continue with the previous user, tree,
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * and open file.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Drop user, tree, file; carefully ordered to
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * avoid dangling references: file, tree, user
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Make sure we have a user and tree as needed
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * according to the flags for the this command.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Note that we may have inherited these.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross if ((sdd->sdt_flags & SDDF_SUPPRESS_UID) == 0) {
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * This command requires a user session.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Previous command should have given us a user.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * [MS-SMB2] 3.3.5.2 Handling Related Requests
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Lookup the UID
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * [MS-SMB2] 3.3.5.2 Verifying the Session
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross if ((sdd->sdt_flags & SDDF_SUPPRESS_TID) == 0) {
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * This command requires a tree connection.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Previous command should have given us a tree.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * [MS-SMB2] 3.3.5.2 Handling Related Requests
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Lookup the TID
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * [MS-SMB2] 3.3.5.2 Verifying the Tree Connect
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * SMB2 signature verification, two parts:
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * (a) Require SMB2_FLAGS_SIGNED (for most request types)
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * (b) If SMB2_FLAGS_SIGNED is set, check the signature.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * [MS-SMB2] 3.3.5.2.4 Verifying the Signature
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * No user session means no signature check. That's OK,
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * i.e. for commands marked SDDF_SUPPRESS_UID above.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Note, this also means we won't sign the reply.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * The SDDF_SUPPRESS_UID dispatch is set for requests that
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * don't need a UID (user). These also don't require a
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * signature check here.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross if ((sdd->sdt_flags & SDDF_SUPPRESS_UID) == 0 &&
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross (sr->uid_user->u_sign_flags & SMB_SIGNING_CHECK) != 0) {
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * This request type should be signed, and
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * we're configured to require signatures.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross if ((sr->smb2_hdr_flags & SMB2_FLAGS_SIGNED) == 0) {
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross DTRACE_PROBE1(smb2__sign__check, smb_request_t, sr);
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Now that the signing check is done with smb_data,
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * advance past the SMB2 header we decoded earlier.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * This leaves sr->smb_data correctly positioned
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * for command-specific decoding in the dispatch
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * function called next.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross sr->smb_data.chain_offset = sr->smb2_cmd_hdr + SMB2_HDR_SIZE;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * SMB2 credits determine how many simultaneous commands the
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * client may issue, and bounds the range of message IDs those
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * commands may use. With multi-credit support, commands may
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * use ranges of message IDs, where the credits used by each
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * command are proportional to their data transfer size.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Every command may request an increase or decrease of
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * the currently granted credits, based on the difference
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * between the credit request and the credit charge.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * [MS-SMB2] 3.3.1.2 Algorithm for the Granting of Credits
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Most commands have credit_request=1, credit_charge=1,
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * which keeps the credit grant unchanged.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * All we're really doing here (for now) is reducing the
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * credit_response if the client requests a credit increase
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * that would take their credit over the maximum, and
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * limiting the decrease so they don't run out of credits.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Later, this could do something dynamic based on load.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * One other non-obvious bit about credits: We keep the
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * session s_max_credits low until the 1st authentication,
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * at which point we'll set the normal maximum_credits.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Some clients ask for more credits with session setup,
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * and we need to handle that requested increase _after_
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * the command-specific handler returns so it won't be
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * restricted to the lower (pre-auth) limit.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross sr->smb2_credit_response = sr->smb2_credit_request;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross if (sr->smb2_credit_request < sr->smb2_credit_charge) {
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross /* Handle credit decrease. */
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross d = sr->smb2_credit_charge - sr->smb2_credit_request;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * underflow (bad credit charge or request)
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * leave credits unchanged (response=charge)
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross sr->smb2_credit_response = sr->smb2_credit_charge;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross DTRACE_PROBE1(smb2__credit__neg, smb_request_t, sr);
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * The server MUST ensure that the number of credits
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * held by the client is never reduced to zero.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * [MS-SMB2] 3.3.1.2
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross DTRACE_PROBE1(smb2__credit__min, smb_request_t, sr);
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * The real work: call the SMB2 command handler
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * (except for "sticky" smb2_status - see above)
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross /* NB: not using pre_op */
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross /* NB: not using post_op */
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Second half of SMB2 credit handling (increases)
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross if (sr->smb2_credit_request > sr->smb2_credit_charge) {
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross /* Handle credit increase. */
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross d = sr->smb2_credit_request - sr->smb2_credit_charge;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * If new credits would be above max,
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * reduce the credit grant.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross DTRACE_PROBE1(smb2__credit__max, smb_request_t, sr);
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Pad the reply to align(8) if necessary.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross (void) smb_mbc_encodef(&sr->reply, "#.", padsz);
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Record some statistics: latency, rx bytes, tx bytes.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross (int64_t)(sr->command.chain_offset - sr->smb2_cmd_hdr));
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross (int64_t)(sr->reply.chain_offset - sr->smb2_reply_hdr));
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * SMB2 does not use the other dispatch return codes.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * If we see something else, log an event so we'll
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * know something is returning bogus status codes.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * If you see these in the log, use dtrace to find
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * the code returning something else.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross cmn_err(CE_NOTE, "handler for %u returned 0x%x",
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross /* FALLTHROUGH */
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * If there's a next command, figure out where it starts,
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * and fill in the next command offset for the reply.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Note: We sanity checked smb2_next_command above
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * (the offset to the next command). Similarly set
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * smb2_next_reply as the offset to the next reply.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Overwrite the SMB2 header for the response of
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * this command (possibly part of a compound).
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * encode_header adds: SMB2_FLAGS_SERVER_TO_REDIR
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * We've done all the commands in this compound.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Send it out.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * If any of the requests "went async", process those now.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * The async. function "keeps" this sr, changing its state
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * to completed and calling smb_request_free().
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross session->s_state = SMB_SESSION_STATE_DISCONNECTED;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Dispatch an async request using saved information.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * See smb2sr_save_async and [MS-SMB2] 3.3.4.2
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * This is sort of a "lite" version of smb2sr_work. Initialize the
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * command and reply areas as they were when the command-speicific
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * handler started (in case it needs to decode anything again).
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Call the async function, which builds the command-specific part
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * of the response. Finally, send the response and free the sr.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Restore what smb2_decode_header found.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * (In lieu of decoding it again.)
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Async requests don't grant credits, because any credits
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * should have gone out with the interim reply.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * An async reply goes alone (no next reply).
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Setup input mbuf_chain
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross (void) MBC_SHADOW_CHAIN(&sr->smb_data, &sr->command,
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Setup output mbuf_chain
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross VERIFY3U(sr->smb2_cmd_code, <, SMB2_INVALID_CMD);
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Keep the UID, TID, ofile we have.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross if ((sdd->sdt_flags & SDDF_SUPPRESS_UID) == 0 &&
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross smb2sr_put_error(sr, NT_STATUS_USER_SESSION_DELETED);
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross if ((sdd->sdt_flags & SDDF_SUPPRESS_TID) == 0 &&
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross smb2sr_put_error(sr, NT_STATUS_NETWORK_NAME_DELETED);
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Signature already verified
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Credits handled...
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Just call the async handler function.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Pad the reply to align(8) if necessary.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross (void) smb_mbc_encodef(&sr->reply, "#.", padsz);
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Record some statistics: (just tx bytes here)
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross (int64_t)(sr->reply.chain_offset - sr->smb2_reply_hdr));
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Overwrite the SMB2 header for the response of
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * this command (possibly part of a compound).
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * The call adds: SMB2_FLAGS_SERVER_TO_REDIR
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Done. Unlink and free.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * In preparation for sending an "interim response", save
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * all the state we'll need to run an async command later,
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * and assign an "async id" for this (now async) command.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * See [MS-SMB2] 3.3.4.2
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * If more than one request in a compound request tries to
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * "go async", we can "say no". See [MS-SMB2] 3.3.4.2
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * If an operation would require asynchronous processing
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * but resources are constrained, the server MAY choose to
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * fail that operation with STATUS_INSUFFICIENT_RESOURCES.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * For simplicity, we further restrict the cases where we're
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * willing to "go async", and only allow the last command in a
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * compound to "go async". It happens that this is the only
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * case where we're actually asked to go async anyway. This
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * simplification also means there can be at most one command
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * in a compound that "goes async" (the last one).
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * If we agree to "go async", this should return STATUS_PENDING.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Otherwise return STATUS_INSUFFICIENT_RESOURCES for this and
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * all requests following this request. (See the comments re.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * "sticky" smb2_status values in smb2sr_work).
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Note: the Async ID we assign here is arbitrary, and need only
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * be unique among pending async responses on this connection, so
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * this just uses an object address as the Async ID.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Also, the assigned worker is the ONLY thread using this
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * async request object (sr_async_req) so no locking.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Place an interim response in the compound reply.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Turn on the "async" flag for both the (synchronous)
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * interim response and the (later) async response,
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * by storing that in flags before coping into ar.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * The "related" flag should always be off for the
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * async part because we're no longer operating on a
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * sequence of commands when we execute that.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross ar->ar_cmd_len = sr->smb_data.max_bytes - sr->smb2_cmd_hdr;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross /* Interim responses are NOT signed. */
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross /* reserved .. */
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross return (-1);
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross sr->smb_uid = (uint16_t)ssnid; /* XXX wide UIDs */
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross if (sr->smb2_hdr_flags & SMB2_FLAGS_ASYNC_COMMAND) {
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross sr->smb_tid = (uint16_t)tid; /* XXX wide TIDs */
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Rosssmb2_encode_header(smb_request_t *sr, boolean_t overwrite)
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross uint64_t pid_tid_aid; /* pid+tid, or async id */
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross if (sr->smb2_hdr_flags & SMB2_FLAGS_ASYNC_COMMAND) {
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross reply_hdr_flags = sr->smb2_hdr_flags | SMB2_FLAGS_SERVER_TO_REDIR;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross "Nwwlwwllqqq16c",
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross "Nwwlwwllqqq16c",
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross if (smb_session_send(sr->session, 0, &sr->reply) == 0)
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * This wrapper function exists to help catch calls to smbsr_status()
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * (which is SMB1-specific) in common code. See smbsr_status().
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * If the log message below is seen, put a dtrace probe on this
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * function with a stack() action to see who is calling the SMB1
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * "put error" from common code, and fix it.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Rosssmbsr_status_smb2(smb_request_t *sr, DWORD status)
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross name = smb2_disp_table[sr->smb2_cmd_code].sdt_name;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross cmn_err(CE_NOTE, "smbsr_status called for %s", name);
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Rosssmb2sr_put_errno(struct smb_request *sr, int errnum)
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Rosssmb2sr_put_error(smb_request_t *sr, uint32_t status)
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Build an SMB2 error response. [MS-SMB2] 2.2.2
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Rosssmb2sr_put_error_data(smb_request_t *sr, uint32_t status, mbuf_chain_t *mbc)
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * The common dispatch code writes this when it
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * updates the SMB2 header before sending.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross /* Rewind to the end of the SMB header. */
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross sr->reply.chain_offset = sr->smb2_reply_hdr + SMB2_HDR_SIZE;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * NB: Must provide at least one byte of error data,
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * per [MS-SMB2] 2.2.2
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross if (mbc != NULL && (len = MBC_LENGTH(mbc)) != 0) {
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross 0); /* l. */
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * smb2sr_lookup_fid
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Setup sr->fid_ofile, either inherited from a related command,
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * or obtained via FID lookup. Similar inheritance logic as in
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * smb2sr_work.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Rosssmb2sr_lookup_fid(smb_request_t *sr, smb2fid_t *fid)
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * If we could be sure this is called only once per cmd,
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * we could simply ASSERT(sr->fid_ofile == NULL) here.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * However, there are cases where it can be called again
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * handling the same command, so let's tolerate that.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross sr->fid_ofile = smb_ofile_lookup_by_fid(sr, sr->smb_fid);
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * smb2_dispatch_stats_init
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Initializes dispatch statistics for SMB2.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * See also smb_dispatch_stats_init(), which fills in
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * the lower part of the statistics array, from zero
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * through SMB_COM_NUM;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross ksr = ((smbsrv_kstats_t *)sv->sv_ksp->ks_data)->ks_reqs2;
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross (void) strlcpy(ksr->kr_name, smb2_disp_table[i].sdt_name,
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * smb2_dispatch_stats_fini
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross * Frees and destroyes the resources used for statistics.
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross for (i = 0; i < SMB2__NCMDS; i++)
a90cf9f29973990687fa61de9f1f6ea22e924e40Gordon Ross if ((first < SMB2__NCMDS) && (last < SMB2__NCMDS)) {