2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2000-2001 Boris Popov
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 #include <sys/cdefs.h>
30 __FBSDID("$FreeBSD$");
32 #include <sys/param.h>
33 #include <sys/systm.h>
34 #include <sys/endian.h>
35 #include <sys/kernel.h>
36 #include <sys/malloc.h>
37 #include <sys/module.h>
40 #include <sys/sysctl.h>
41 #include <sys/socket.h>
42 #include <sys/socketvar.h>
45 #include <netsmb/smb.h>
46 #include <netsmb/smb_conn.h>
47 #include <netsmb/smb_rq.h>
48 #include <netsmb/smb_subr.h>
49 #include <netsmb/smb_tran.h>
51 static MALLOC_DEFINE(M_SMBRQ, "SMBRQ", "SMB request");
53 MODULE_DEPEND(netsmb, libmchain, 1, 1, 1);
55 static int smb_rq_reply(struct smb_rq *rqp);
56 static int smb_rq_enqueue(struct smb_rq *rqp);
57 static int smb_rq_getenv(struct smb_connobj *layer,
58 struct smb_vc **vcpp, struct smb_share **sspp);
59 static int smb_rq_new(struct smb_rq *rqp, u_char cmd);
60 static int smb_t2_reply(struct smb_t2rq *t2p);
63 smb_rq_alloc(struct smb_connobj *layer, u_char cmd, struct smb_cred *scred,
69 rqp = malloc(sizeof(*rqp), M_SMBRQ, M_WAITOK);
72 error = smb_rq_init(rqp, layer, cmd, scred);
73 rqp->sr_flags |= SMBR_ALLOCED;
82 static char tzero[12];
85 smb_rq_init(struct smb_rq *rqp, struct smb_connobj *layer, u_char cmd,
86 struct smb_cred *scred)
90 bzero(rqp, sizeof(*rqp));
91 smb_sl_init(&rqp->sr_slock, "srslock");
92 error = smb_rq_getenv(layer, &rqp->sr_vc, &rqp->sr_share);
95 error = smb_vc_access(rqp->sr_vc, scred, SMBM_EXEC);
99 error = smb_share_access(rqp->sr_share, scred, SMBM_EXEC);
103 rqp->sr_cred = scred;
104 rqp->sr_mid = smb_vc_nextmid(rqp->sr_vc);
105 return smb_rq_new(rqp, cmd);
109 smb_rq_new(struct smb_rq *rqp, u_char cmd)
111 struct smb_vc *vcp = rqp->sr_vc;
112 struct mbchain *mbp = &rqp->sr_rq;
118 md_done(&rqp->sr_rp);
119 error = mb_init(mbp);
122 mb_put_mem(mbp, SMB_SIGNATURE, SMB_SIGLEN, MB_MSYSTEM);
123 mb_put_uint8(mbp, cmd);
124 mb_put_uint32le(mbp, 0); /* DosError */
125 mb_put_uint8(mbp, vcp->vc_hflags);
126 flags2 = vcp->vc_hflags2;
127 if (cmd == SMB_COM_TRANSACTION || cmd == SMB_COM_TRANSACTION_SECONDARY)
128 flags2 &= ~SMB_FLAGS2_UNICODE;
129 if (cmd == SMB_COM_NEGOTIATE)
130 flags2 &= ~SMB_FLAGS2_SECURITY_SIGNATURE;
131 mb_put_uint16le(mbp, flags2);
132 if ((flags2 & SMB_FLAGS2_SECURITY_SIGNATURE) == 0) {
133 mb_put_mem(mbp, tzero, 12, MB_MSYSTEM);
134 rqp->sr_rqsig = NULL;
136 mb_put_uint16le(mbp, 0 /*scred->sc_p->p_pid >> 16*/);
137 rqp->sr_rqsig = (u_int8_t *)mb_reserve(mbp, 8);
138 mb_put_uint16le(mbp, 0);
140 rqp->sr_rqtid = mb_reserve(mbp, sizeof(u_int16_t));
141 mb_put_uint16le(mbp, 1 /*scred->sc_p->p_pid & 0xffff*/);
142 rqp->sr_rquid = mb_reserve(mbp, sizeof(u_int16_t));
143 mb_put_uint16le(mbp, rqp->sr_mid);
148 smb_rq_done(struct smb_rq *rqp)
150 mb_done(&rqp->sr_rq);
151 md_done(&rqp->sr_rp);
152 smb_sl_destroy(&rqp->sr_slock);
153 if (rqp->sr_flags & SMBR_ALLOCED)
158 * Simple request-reply exchange
161 smb_rq_simple(struct smb_rq *rqp)
163 struct smb_vc *vcp = rqp->sr_vc;
164 int error = EINVAL, i;
166 for (i = 0; i < SMB_MAXRCN; i++) {
167 rqp->sr_flags &= ~SMBR_RESTART;
168 rqp->sr_timo = vcp->vc_timo;
169 rqp->sr_state = SMBRQ_NOTSENT;
170 error = smb_rq_enqueue(rqp);
173 error = smb_rq_reply(rqp);
176 if ((rqp->sr_flags & (SMBR_RESTART | SMBR_NORESTART)) != SMBR_RESTART)
183 smb_rq_enqueue(struct smb_rq *rqp)
185 struct smb_share *ssp = rqp->sr_share;
188 if (ssp == NULL || rqp->sr_cred == &rqp->sr_vc->vc_iod->iod_scred) {
189 return smb_iod_addrq(rqp);
193 if (ssp->ss_flags & SMBS_RECONNECTING) {
194 msleep(&ssp->ss_vcgenid, SMBS_ST_LOCKPTR(ssp),
195 PWAIT | PDROP, "90trcn", hz);
196 if (smb_td_intr(rqp->sr_cred->scr_td))
200 if (smb_share_valid(ssp) || (ssp->ss_flags & SMBS_CONNECTED) == 0) {
204 error = smb_iod_request(rqp->sr_vc->vc_iod,
205 SMBIOD_EV_TREECONNECT | SMBIOD_EV_SYNC, ssp);
209 error = smb_iod_addrq(rqp);
217 smb_rq_wstart(struct smb_rq *rqp)
219 rqp->sr_wcount = mb_reserve(&rqp->sr_rq, sizeof(u_int8_t));
220 rqp->sr_rq.mb_count = 0;
224 smb_rq_wend(struct smb_rq *rqp)
226 if (rqp->sr_wcount == NULL) {
227 SMBERROR("no wcount\n"); /* actually panic */
230 if (rqp->sr_rq.mb_count & 1)
231 SMBERROR("odd word count\n");
232 *rqp->sr_wcount = rqp->sr_rq.mb_count / 2;
236 smb_rq_bstart(struct smb_rq *rqp)
238 rqp->sr_bcount = mb_reserve(&rqp->sr_rq, sizeof(u_short));
239 rqp->sr_rq.mb_count = 0;
243 smb_rq_bend(struct smb_rq *rqp)
247 if (rqp->sr_bcount == NULL) {
248 SMBERROR("no bcount\n"); /* actually panic */
251 bcnt = rqp->sr_rq.mb_count;
253 SMBERROR("byte count too large (%d)\n", bcnt);
254 le16enc(rqp->sr_bcount, bcnt);
258 smb_rq_intr(struct smb_rq *rqp)
260 if (rqp->sr_flags & SMBR_INTR)
262 return smb_td_intr(rqp->sr_cred->scr_td);
266 smb_rq_getrequest(struct smb_rq *rqp, struct mbchain **mbpp)
273 smb_rq_getreply(struct smb_rq *rqp, struct mdchain **mbpp)
280 smb_rq_getenv(struct smb_connobj *layer,
281 struct smb_vc **vcpp, struct smb_share **sspp)
283 struct smb_vc *vcp = NULL;
284 struct smb_share *ssp = NULL;
285 struct smb_connobj *cp;
288 switch (layer->co_level) {
291 if (layer->co_parent == NULL) {
292 SMBERROR("zombie VC %s\n", vcp->vc_srvname);
299 cp = layer->co_parent;
301 SMBERROR("zombie share %s\n", ssp->ss_name);
305 error = smb_rq_getenv(cp, &vcp, NULL);
310 SMBERROR("invalid layer %d passed\n", layer->co_level);
321 * Wait for reply on the request
324 smb_rq_reply(struct smb_rq *rqp)
326 struct mdchain *mdp = &rqp->sr_rp;
329 int error, rperror = 0;
331 error = smb_iod_waitrq(rqp);
334 error = md_get_uint32(mdp, &tdw);
337 error = md_get_uint8(mdp, &tb);
338 if (rqp->sr_vc->vc_hflags2 & SMB_FLAGS2_ERR_STATUS) {
339 error = md_get_uint32le(mdp, &rqp->sr_error);
341 error = md_get_uint8(mdp, &rqp->sr_errclass);
342 error = md_get_uint8(mdp, &tb);
343 error = md_get_uint16le(mdp, &rqp->sr_serror);
345 rperror = smb_maperror(rqp->sr_errclass, rqp->sr_serror);
347 error = md_get_uint8(mdp, &rqp->sr_rpflags);
348 error = md_get_uint16le(mdp, &rqp->sr_rpflags2);
350 error = md_get_uint32(mdp, &tdw);
351 error = md_get_uint32(mdp, &tdw);
352 error = md_get_uint32(mdp, &tdw);
354 error = md_get_uint16le(mdp, &rqp->sr_rptid);
355 error = md_get_uint16le(mdp, &rqp->sr_rppid);
356 error = md_get_uint16le(mdp, &rqp->sr_rpuid);
357 error = md_get_uint16le(mdp, &rqp->sr_rpmid);
360 (rqp->sr_vc->vc_hflags2 & SMB_FLAGS2_SECURITY_SIGNATURE))
361 error = smb_rq_verify(rqp);
363 SMBSDEBUG("M:%04x, P:%04x, U:%04x, T:%04x, E: %d:%d\n",
364 rqp->sr_rpmid, rqp->sr_rppid, rqp->sr_rpuid, rqp->sr_rptid,
365 rqp->sr_errclass, rqp->sr_serror);
366 return error ? error : rperror;
369 #define ALIGN4(a) (((a) + 3) & ~3)
372 * TRANS2 request implementation
375 smb_t2_alloc(struct smb_connobj *layer, u_short setup, struct smb_cred *scred,
376 struct smb_t2rq **t2pp)
378 struct smb_t2rq *t2p;
381 t2p = malloc(sizeof(*t2p), M_SMBRQ, M_WAITOK);
384 error = smb_t2_init(t2p, layer, setup, scred);
385 t2p->t2_flags |= SMBT2_ALLOCED;
395 smb_t2_init(struct smb_t2rq *t2p, struct smb_connobj *source, u_short setup,
396 struct smb_cred *scred)
400 bzero(t2p, sizeof(*t2p));
401 t2p->t2_source = source;
402 t2p->t2_setupcount = 1;
403 t2p->t2_setupdata = t2p->t2_setup;
404 t2p->t2_setup[0] = setup;
405 t2p->t2_fid = 0xffff;
406 t2p->t2_cred = scred;
407 error = smb_rq_getenv(source, &t2p->t2_vc, NULL);
414 smb_t2_done(struct smb_t2rq *t2p)
416 mb_done(&t2p->t2_tparam);
417 mb_done(&t2p->t2_tdata);
418 md_done(&t2p->t2_rparam);
419 md_done(&t2p->t2_rdata);
420 if (t2p->t2_flags & SMBT2_ALLOCED)
425 smb_t2_placedata(struct mbuf *mtop, u_int16_t offset, u_int16_t count,
431 m0 = m_split(mtop, offset, M_WAITOK);
432 len = m_length(m0, &m);
433 m->m_len -= len - count;
434 if (mdp->md_top == NULL) {
437 m_cat(mdp->md_top, m0);
442 smb_t2_reply(struct smb_t2rq *t2p)
445 struct smb_rq *rqp = t2p->t2_rq;
446 int error, totpgot, totdgot;
447 u_int16_t totpcount, totdcount, pcount, poff, doff, pdisp, ddisp;
448 u_int16_t tmp, bc, dcount;
451 error = smb_rq_reply(rqp);
454 if ((t2p->t2_flags & SMBT2_ALLSENT) == 0) {
456 * this is an interim response, ignore it.
459 md_next_record(&rqp->sr_rp);
464 * Now we have to get all subsequent responses. The CIFS specification
465 * says that they can be disordered which is weird.
468 totpgot = totdgot = 0;
469 totpcount = totdcount = 0xffff;
472 m_dumpm(mdp->md_top);
473 if ((error = md_get_uint8(mdp, &wc)) != 0)
479 if ((error = md_get_uint16le(mdp, &tmp)) != 0)
483 md_get_uint16le(mdp, &tmp);
486 if ((error = md_get_uint16le(mdp, &tmp)) != 0 || /* reserved */
487 (error = md_get_uint16le(mdp, &pcount)) != 0 ||
488 (error = md_get_uint16le(mdp, &poff)) != 0 ||
489 (error = md_get_uint16le(mdp, &pdisp)) != 0)
491 if (pcount != 0 && pdisp != totpgot) {
492 SMBERROR("Can't handle disordered parameters %d:%d\n",
497 if ((error = md_get_uint16le(mdp, &dcount)) != 0 ||
498 (error = md_get_uint16le(mdp, &doff)) != 0 ||
499 (error = md_get_uint16le(mdp, &ddisp)) != 0)
501 if (dcount != 0 && ddisp != totdgot) {
502 SMBERROR("Can't handle disordered data\n");
506 md_get_uint8(mdp, &wc);
507 md_get_uint8(mdp, NULL);
510 md_get_uint16(mdp, NULL);
511 if ((error = md_get_uint16le(mdp, &bc)) != 0)
513 /* tmp = SMB_HDRLEN + 1 + 10 * 2 + 2 * wc + 2;*/
515 error = smb_t2_placedata(mdp->md_top, doff, dcount,
521 error = smb_t2_placedata(mdp->md_top, poff, pcount,
528 if (totpgot >= totpcount && totdgot >= totdcount) {
530 t2p->t2_flags |= SMBT2_ALLRECV;
534 * We're done with this reply, look for the next one.
537 md_next_record(&rqp->sr_rp);
539 error = smb_rq_reply(rqp);
547 * Perform a full round of TRANS2 request
550 smb_t2_request_int(struct smb_t2rq *t2p)
552 struct smb_vc *vcp = t2p->t2_vc;
553 struct smb_cred *scred = t2p->t2_cred;
555 struct mdchain *mdp, mbparam, mbdata;
558 int totpcount, leftpcount, totdcount, leftdcount, len, txmax, i;
559 int error, doff, poff, txdcount, txpcount, nmlen;
561 m = t2p->t2_tparam.mb_top;
563 md_initm(&mbparam, m); /* do not free it! */
564 totpcount = m_fixhdr(m);
565 if (totpcount > 0xffff) /* maxvalue for u_short */
569 m = t2p->t2_tdata.mb_top;
571 md_initm(&mbdata, m); /* do not free it! */
572 totdcount = m_fixhdr(m);
573 if (totdcount > 0xffff)
577 leftdcount = totdcount;
578 leftpcount = totpcount;
579 txmax = vcp->vc_txmax;
580 error = smb_rq_alloc(t2p->t2_source, t2p->t_name ?
581 SMB_COM_TRANSACTION : SMB_COM_TRANSACTION2, scred, &rqp);
584 rqp->sr_flags |= SMBR_MULTIPACKET;
589 mb_put_uint16le(mbp, totpcount);
590 mb_put_uint16le(mbp, totdcount);
591 mb_put_uint16le(mbp, t2p->t2_maxpcount);
592 mb_put_uint16le(mbp, t2p->t2_maxdcount);
593 mb_put_uint8(mbp, t2p->t2_maxscount);
594 mb_put_uint8(mbp, 0); /* reserved */
595 mb_put_uint16le(mbp, 0); /* flags */
596 mb_put_uint32le(mbp, 0); /* Timeout */
597 mb_put_uint16le(mbp, 0); /* reserved 2 */
598 len = mb_fixhdr(mbp);
600 * now we have known packet size as
601 * ALIGN4(len + 5 * 2 + setupcount * 2 + 2 + strlen(name) + 1),
602 * and need to decide which parts should go into the first request
604 nmlen = t2p->t_name ? strlen(t2p->t_name) : 0;
605 len = ALIGN4(len + 5 * 2 + t2p->t2_setupcount * 2 + 2 + nmlen + 1);
606 if (len + leftpcount > txmax) {
607 txpcount = min(leftpcount, txmax - len);
612 txpcount = leftpcount;
613 poff = txpcount ? len : 0;
614 len = ALIGN4(len + txpcount);
615 txdcount = min(leftdcount, txmax - len);
616 doff = txdcount ? len : 0;
618 leftpcount -= txpcount;
619 leftdcount -= txdcount;
620 mb_put_uint16le(mbp, txpcount);
621 mb_put_uint16le(mbp, poff);
622 mb_put_uint16le(mbp, txdcount);
623 mb_put_uint16le(mbp, doff);
624 mb_put_uint8(mbp, t2p->t2_setupcount);
625 mb_put_uint8(mbp, 0);
626 for (i = 0; i < t2p->t2_setupcount; i++)
627 mb_put_uint16le(mbp, t2p->t2_setupdata[i]);
632 mb_put_mem(mbp, t2p->t_name, nmlen, MB_MSYSTEM);
633 mb_put_uint8(mbp, 0); /* terminating zero */
634 len = mb_fixhdr(mbp);
636 mb_put_mem(mbp, NULL, ALIGN4(len) - len, MB_MZERO);
637 error = md_get_mbuf(&mbparam, txpcount, &m);
638 SMBSDEBUG("%d:%d:%d\n", error, txpcount, txmax);
643 len = mb_fixhdr(mbp);
645 mb_put_mem(mbp, NULL, ALIGN4(len) - len, MB_MZERO);
646 error = md_get_mbuf(&mbdata, txdcount, &m);
651 smb_rq_bend(rqp); /* incredible, but thats it... */
652 error = smb_rq_enqueue(rqp);
655 if (leftpcount == 0 && leftdcount == 0)
656 t2p->t2_flags |= SMBT2_ALLSENT;
657 error = smb_t2_reply(t2p);
660 while (leftpcount || leftdcount) {
661 t2p->t2_flags |= SMBT2_SECONDARY;
662 error = smb_rq_new(rqp, t2p->t_name ?
663 SMB_COM_TRANSACTION_SECONDARY : SMB_COM_TRANSACTION2_SECONDARY);
668 mb_put_uint16le(mbp, totpcount);
669 mb_put_uint16le(mbp, totdcount);
670 len = mb_fixhdr(mbp);
672 * now we have known packet size as
673 * ALIGN4(len + 7 * 2 + 2) for T2 request, and -2 for T one,
674 * and need to decide which parts should go into request
676 len = ALIGN4(len + 6 * 2 + 2);
677 if (t2p->t_name == NULL)
679 if (len + leftpcount > txmax) {
680 txpcount = min(leftpcount, txmax - len);
685 txpcount = leftpcount;
686 poff = txpcount ? len : 0;
687 len = ALIGN4(len + txpcount);
688 txdcount = min(leftdcount, txmax - len);
689 doff = txdcount ? len : 0;
691 mb_put_uint16le(mbp, txpcount);
692 mb_put_uint16le(mbp, poff);
693 mb_put_uint16le(mbp, totpcount - leftpcount);
694 mb_put_uint16le(mbp, txdcount);
695 mb_put_uint16le(mbp, doff);
696 mb_put_uint16le(mbp, totdcount - leftdcount);
697 leftpcount -= txpcount;
698 leftdcount -= txdcount;
699 if (t2p->t_name == NULL)
700 mb_put_uint16le(mbp, t2p->t2_fid);
703 mb_put_uint8(mbp, 0); /* name */
704 len = mb_fixhdr(mbp);
706 mb_put_mem(mbp, NULL, ALIGN4(len) - len, MB_MZERO);
707 error = md_get_mbuf(&mbparam, txpcount, &m);
712 len = mb_fixhdr(mbp);
714 mb_put_mem(mbp, NULL, ALIGN4(len) - len, MB_MZERO);
715 error = md_get_mbuf(&mbdata, txdcount, &m);
721 rqp->sr_state = SMBRQ_NOTSENT;
722 error = smb_iod_request(vcp->vc_iod, SMBIOD_EV_NEWRQ, NULL);
725 } /* while left params or data */
726 t2p->t2_flags |= SMBT2_ALLSENT;
727 mdp = &t2p->t2_rdata;
729 m_fixhdr(mdp->md_top);
730 md_initm(mdp, mdp->md_top);
732 mdp = &t2p->t2_rparam;
734 m_fixhdr(mdp->md_top);
735 md_initm(mdp, mdp->md_top);
738 smb_iod_removerq(rqp);
742 if (rqp->sr_flags & SMBR_RESTART)
743 t2p->t2_flags |= SMBT2_RESTART;
744 md_done(&t2p->t2_rparam);
745 md_done(&t2p->t2_rdata);
751 smb_t2_request(struct smb_t2rq *t2p)
753 int error = EINVAL, i;
755 for (i = 0; i < SMB_MAXRCN; i++) {
756 t2p->t2_flags &= ~SMBR_RESTART;
757 error = smb_t2_request_int(t2p);
760 if ((t2p->t2_flags & (SMBT2_RESTART | SMBT2_NORESTART)) != SMBT2_RESTART)
projects / FreeBSD / FreeBSD.git / blob