int
smbfs_smb_statfs(struct smb_share *ssp, struct statfs *sbp,
struct smb_cred *scred)
{
struct smb_rq rq, *rqp = &rq;
struct mdchain *mdp;
u_int16_t units, bpu, bsize, funits;
int error;
error = smb_rq_init(rqp, SSTOCP(ssp), SMB_COM_QUERY_INFORMATION_DISK, scred);
if (error)
return error;
smb_rq_wstart(rqp);
smb_rq_wend(rqp);
smb_rq_bstart(rqp);
smb_rq_bend(rqp);
error = smb_rq_simple(rqp);
if (error) {
smb_rq_done(rqp);
return error;
}
smb_rq_getreply(rqp, &mdp);
md_get_uint16le(mdp, &units);
md_get_uint16le(mdp, &bpu);
md_get_uint16le(mdp, &bsize);
md_get_uint16le(mdp, &funits);
sbp->f_bsize = bpu * bsize; /* fundamental file system block size */
sbp->f_blocks= units; /* total data blocks in file system */
sbp->f_bfree = funits; /* free blocks in fs */
sbp->f_bavail= funits; /* free blocks avail to non-superuser */
sbp->f_files = 0xffff; /* total file nodes in file system */
sbp->f_ffree = 0xffff; /* free file nodes in fs */
smb_rq_done(rqp);
return 0;
}
static inline int
smb_smb_read(struct smb_share *ssp, u_int16_t fid,
size_t *len, size_t *rresid, struct uio *uio, struct smb_cred *scred)
{
struct smb_rq *rqp;
struct mbchain *mbp;
struct mdchain *mdp;
u_int16_t resid, bc;
u_int8_t wc;
int error, rlen, blksz;
/* Cannot read at/beyond 4G */
if (uio->uio_offset >= (1LL << 32))
return (EFBIG);
error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_READ, scred, &rqp);
if (error)
return error;
blksz = SSTOVC(ssp)->vc_txmax - SMB_HDRLEN - 16;
rlen = *len = min(blksz, *len);
smb_rq_getrequest(rqp, &mbp);
smb_rq_wstart(rqp);
mb_put_mem(mbp, (void *)&fid, sizeof(fid), MB_MSYSTEM);
mb_put_uint16le(mbp, rlen);
mb_put_uint32le(mbp, uio->uio_offset);
mb_put_uint16le(mbp, min(uio->uio_resid, 0xffff));
smb_rq_wend(rqp);
smb_rq_bstart(rqp);
smb_rq_bend(rqp);
do {
error = smb_rq_simple(rqp);
if (error)
break;
smb_rq_getreply(rqp, &mdp);
md_get_uint8(mdp, &wc);
if (wc != 5) {
error = EBADRPC;
break;
}
md_get_uint16le(mdp, &resid);
md_get_mem(mdp, NULL, 4 * 2, MB_MSYSTEM);
md_get_uint16le(mdp, &bc);
md_get_uint8(mdp, NULL); /* ignore buffer type */
md_get_uint16le(mdp, &resid);
if (resid == 0) {
*rresid = resid;
break;
}
error = md_get_uio(mdp, uio, resid);
if (error)
break;
*rresid = resid;
} while(0);
smb_rq_done(rqp);
return error;
}
static __inline int
smb_smb_writex(struct smb_share *ssp, u_int16_t fid, int *len, int *rresid,
struct uio *uio, struct smb_cred *scred)
{
struct smb_rq *rqp;
struct mbchain *mbp;
struct mdchain *mdp;
int error;
u_int8_t wc;
u_int16_t resid;
error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_WRITE_ANDX, scred, &rqp);
if (error)
return (error);
smb_rq_getrequest(rqp, &mbp);
smb_rq_wstart(rqp);
mb_put_uint8(mbp, 0xff); /* no secondary command */
mb_put_uint8(mbp, 0); /* MBZ */
mb_put_uint16le(mbp, 0); /* offset to secondary */
mb_put_mem(mbp, (caddr_t)&fid, sizeof(fid), MB_MSYSTEM);
mb_put_uint32le(mbp, uio->uio_offset);
mb_put_uint32le(mbp, 0); /* MBZ (timeout) */
mb_put_uint16le(mbp, 0); /* !write-thru */
mb_put_uint16le(mbp, 0);
*len = min(SSTOVC(ssp)->vc_wxmax, *len);
mb_put_uint16le(mbp, (unsigned)*len >> 16);
mb_put_uint16le(mbp, *len);
mb_put_uint16le(mbp, 64); /* data offset from header start */
mb_put_uint32le(mbp, uio->uio_offset >> 32); /* OffsetHigh */
smb_rq_wend(rqp);
smb_rq_bstart(rqp);
do {
mb_put_uint8(mbp, 0xee); /* mimic xp pad byte! */
error = mb_put_uio(mbp, uio, *len);
if (error)
break;
smb_rq_bend(rqp);
error = smb_rq_simple(rqp);
if (error)
break;
smb_rq_getreply(rqp, &mdp);
md_get_uint8(mdp, &wc);
if (wc != 6) {
error = EBADRPC;
break;
}
md_get_uint8(mdp, NULL);
md_get_uint8(mdp, NULL);
md_get_uint16le(mdp, NULL);
md_get_uint16le(mdp, &resid);
*rresid = resid;
} while(0);
smb_rq_done(rqp);
return (error);
}
int
smbfs_smb_open(struct smbnode *np, int accmode, struct smb_cred *scred)
{
struct smb_rq *rqp;
struct smb_share *ssp = np->n_mount->sm_share;
struct mbchain *mbp;
struct mdchain *mdp;
u_int8_t wc;
u_int16_t fid, wattr, grantedmode;
int error;
rqp = malloc(sizeof(struct smb_rq), M_SMBFSDATA, M_WAITOK);
error = smb_rq_init(rqp, SSTOCP(ssp), SMB_COM_OPEN, scred);
if (error) {
free(rqp, M_SMBFSDATA);
return error;
}
smb_rq_getrequest(rqp, &mbp);
smb_rq_wstart(rqp);
mb_put_uint16le(mbp, accmode);
mb_put_uint16le(mbp, SMB_FA_SYSTEM | SMB_FA_HIDDEN);
smb_rq_wend(rqp);
smb_rq_bstart(rqp);
mb_put_uint8(mbp, SMB_DT_ASCII);
do {
error = smbfs_fullpath(mbp, SSTOVC(ssp), np, NULL, 0);
if (error)
break;
smb_rq_bend(rqp);
error = smb_rq_simple(rqp);
if (error)
break;
smb_rq_getreply(rqp, &mdp);
if (md_get_uint8(mdp, &wc) != 0 || wc != 7) {
error = EBADRPC;
break;
}
md_get_uint16(mdp, &fid);
md_get_uint16le(mdp, &wattr);
md_get_uint32(mdp, NULL); /* mtime */
md_get_uint32(mdp, NULL); /* fsize */
md_get_uint16le(mdp, &grantedmode);
/*
* TODO: refresh attributes from this reply
*/
} while(0);
smb_rq_done(rqp);
free(rqp, M_SMBFSDATA);
if (error)
return error;
np->n_fid = fid;
np->n_rwstate = grantedmode;
return 0;
}
static int
smb_smb_write(struct smb_share *ssp, uint16_t fid, uint32_t *lenp,
uio_t *uiop, smb_cred_t *scred, int timo)
{
struct smb_rq *rqp;
struct mbchain *mbp;
struct mdchain *mdp;
int error;
uint32_t off32;
uint16_t cnt, rcnt, todo;
uint8_t wc;
ASSERT(uiop->uio_loffset <= UINT32_MAX);
off32 = (uint32_t)uiop->uio_loffset;
ASSERT(*lenp <= UINT16_MAX);
cnt = (uint16_t)*lenp;
/* This next is an "estimate" of planned writes. */
todo = (uint16_t)min(uiop->uio_resid, UINT16_MAX);
error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_WRITE, scred, &rqp);
if (error)
return (error);
smb_rq_getrequest(rqp, &mbp);
smb_rq_wstart(rqp);
mb_put_uint16le(mbp, fid);
mb_put_uint16le(mbp, cnt);
mb_put_uint32le(mbp, off32);
mb_put_uint16le(mbp, todo);
smb_rq_wend(rqp);
smb_rq_bstart(rqp);
mb_put_uint8(mbp, SMB_DT_DATA);
mb_put_uint16le(mbp, cnt);
error = mb_put_uio(mbp, uiop, *lenp);
if (error)
goto out;
smb_rq_bend(rqp);
if (timo == 0)
timo = smb_timo_write;
error = smb_rq_simple_timed(rqp, timo);
if (error)
goto out;
smb_rq_getreply(rqp, &mdp);
error = md_get_uint8(mdp, &wc);
if (error)
goto out;
if (wc != 1) {
error = EBADRPC;
goto out;
}
error = md_get_uint16le(mdp, &rcnt);
if (error)
goto out;
*lenp = rcnt;
out:
smb_rq_done(rqp);
return (error);
}
static int
md_get_ace(mdchain_t *mdp, i_ntace_t **acep)
{
mdchain_t tmp_md;
i_ntace_hdr_t ace_hdr;
i_ntace_t *ace = NULL;
uint16_t alloc_size;
int error;
/*
* The ACE is realy variable length,
* with format determined by the type.
*
* There may also be padding after it, so
* decode it using a copy of the mdchain,
* and then consume the specified length.
*/
tmp_md = *mdp;
/* Fixed-size ACE header */
ERRCHK(md_get_uint8(&tmp_md, &ace_hdr.ace_type));
ERRCHK(md_get_uint8(&tmp_md, &ace_hdr.ace_flags));
ERRCHK(md_get_uint16le(&tmp_md, &ace_hdr.ace_size));
switch (ace_hdr.ace_type) {
case ACCESS_ALLOWED_ACE_TYPE:
case ACCESS_DENIED_ACE_TYPE:
case SYSTEM_AUDIT_ACE_TYPE:
case SYSTEM_ALARM_ACE_TYPE:
alloc_size = sizeof (i_ntace_v2_t);
if ((ace = MALLOC(alloc_size)) == NULL)
return (ENOMEM);
bzero(ace, alloc_size);
/* ACE header */
ace->ace_hdr.ace_type = ace_hdr.ace_type;
ace->ace_hdr.ace_flags = ace_hdr.ace_flags;
ace->ace_hdr.ace_size = alloc_size;
/* Type-specific data. */
ERRCHK(md_get_uint32le(&tmp_md, &ace->ace_v2.ace_rights));
ERRCHK(md_get_sid(&tmp_md, &ace->ace_v2.ace_sid));
break;
/* other types todo */
default:
error = EIO;
goto errout;
}
/* Now actually consume ace_hdr.ace_size */
ERRCHK(md_get_mem(mdp, NULL, ace_hdr.ace_size, MB_MSYSTEM));
/* Success! */
*acep = ace;
return (0);
errout:
ifree_ace(ace);
return (error);
}
static int
md_get_acl(mdchain_t *mdp, i_ntacl_t **aclp)
{
i_ntacl_t *acl = NULL;
i_ntace_t **acep;
uint8_t revision;
uint16_t acl_len, acecount;
size_t aclsz;
int i, error;
if ((error = md_get_uint8(mdp, &revision)) != 0)
return (error);
if ((error = md_get_uint8(mdp, NULL)) != 0) /* pad1 */
return (error);
if ((error = md_get_uint16le(mdp, &acl_len)) != 0)
return (error);
if ((error = md_get_uint16le(mdp, &acecount)) != 0)
return (error);
if ((error = md_get_uint16le(mdp, NULL)) != 0) /* pad2 */
return (error);
aclsz = I_ACL_SIZE(acecount);
if ((acl = MALLOC(aclsz)) == NULL)
return (ENOMEM);
bzero(acl, aclsz);
acl->acl_revision = revision;
acl->acl_acecount = acecount;
acep = &acl->acl_acevec[0];
for (i = 0; i < acl->acl_acecount; i++) {
ERRCHK(md_get_ace(mdp, acep));
acep++;
}
/*
* There may be more data here, but
* the caller takes care of that.
*/
/* Success! */
*aclp = acl;
return (0);
errout:
ifree_acl(acl);
return (error);
}
int
smbfs_smb_query_info(struct smbnode *np, const char *name, int len,
struct smbfattr *fap, struct smb_cred *scred)
{
struct smb_rq *rqp;
struct smb_share *ssp = np->n_mount->sm_share;
struct mbchain *mbp;
struct mdchain *mdp;
u_int8_t wc;
int error;
u_int16_t wattr;
u_int32_t lint;
rqp = malloc(sizeof(struct smb_rq), M_SMBFSDATA, M_WAITOK);
error = smb_rq_init(rqp, SSTOCP(ssp), SMB_COM_QUERY_INFORMATION, scred);
if (error) {
free(rqp, M_SMBFSDATA);
return error;
}
smb_rq_getrequest(rqp, &mbp);
smb_rq_wstart(rqp);
smb_rq_wend(rqp);
smb_rq_bstart(rqp);
mb_put_uint8(mbp, SMB_DT_ASCII);
do {
error = smbfs_fullpath(mbp, SSTOVC(ssp), np, name, len);
if (error)
break;
smb_rq_bend(rqp);
error = smb_rq_simple(rqp);
if (error)
break;
smb_rq_getreply(rqp, &mdp);
if (md_get_uint8(mdp, &wc) != 0 || wc != 10) {
error = EBADRPC;
break;
}
md_get_uint16le(mdp, &wattr);
fap->fa_attr = wattr;
/*
* Be careful using the time returned here, as
* with FAT on NT4SP6, at least, the time returned is low
* 32 bits of 100s of nanoseconds (since 1601) so it rolls
* over about every seven minutes!
*/
md_get_uint32le(mdp, &lint); /* specs: secs since 1970 */
if (lint) /* avoid bogus zero returns */
smb_time_server2local(lint, SSTOVC(ssp)->vc_sopt.sv_tz,
&fap->fa_mtime);
md_get_uint32le(mdp, &lint);
fap->fa_size = lint;
} while(0);
smb_rq_done(rqp);
free(rqp, M_SMBFSDATA);
return error;
}
static int
smbfs_findnextLM1(struct smbfs_fctx *ctx, int limit)
{
struct mdchain *mbp;
struct smb_rq *rqp;
char *cp;
u_int8_t battr;
u_int16_t xdate, xtime;
u_int32_t size;
int error;
if (ctx->f_ecnt == 0) {
if (ctx->f_flags & SMBFS_RDD_EOF)
return ENOENT;
ctx->f_left = ctx->f_limit = limit;
error = smbfs_smb_search(ctx);
if (error)
return error;
}
rqp = ctx->f_rq;
smb_rq_getreply(rqp, &mbp);
md_get_mem(mbp, ctx->f_skey, SMB_SKEYLEN, MB_MSYSTEM);
md_get_uint8(mbp, &battr);
md_get_uint16le(mbp, &xtime);
md_get_uint16le(mbp, &xdate);
md_get_uint32le(mbp, &size);
KASSERT(ctx->f_name == ctx->f_fname);
cp = ctx->f_name;
md_get_mem(mbp, cp, sizeof(ctx->f_fname), MB_MSYSTEM);
cp[sizeof(ctx->f_fname) - 1] = '\0';
cp += strlen(cp) - 1;
while(*cp == ' ' && cp > ctx->f_name)
*cp-- = '\0';
ctx->f_attr.fa_attr = battr;
smb_dos2unixtime(xdate, xtime, 0, rqp->sr_vc->vc_sopt.sv_tz,
&ctx->f_attr.fa_mtime);
ctx->f_attr.fa_size = size;
ctx->f_nmlen = strlen(ctx->f_name);
ctx->f_ecnt--;
ctx->f_left--;
return 0;
}
static inline int
smb_smb_write(struct smb_share *ssp, u_int16_t fid, size_t *len, size_t *rresid,
struct uio *uio, struct smb_cred *scred)
{
struct smb_rq *rqp;
struct mbchain *mbp;
struct mdchain *mdp;
u_int16_t resid;
u_int8_t wc;
int error, blksz;
/* Cannot write at/beyond 4G */
if (uio->uio_offset >= (1LL << 32))
return (EFBIG);
blksz = SSTOVC(ssp)->vc_txmax - SMB_HDRLEN - 16;
if (blksz > 0xffff)
blksz = 0xffff;
resid = *len = min(blksz, *len);
error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_WRITE, scred, &rqp);
if (error)
return error;
smb_rq_getrequest(rqp, &mbp);
smb_rq_wstart(rqp);
mb_put_mem(mbp, (void *)&fid, sizeof(fid), MB_MSYSTEM);
mb_put_uint16le(mbp, resid);
mb_put_uint32le(mbp, uio->uio_offset);
mb_put_uint16le(mbp, min(uio->uio_resid, 0xffff));
smb_rq_wend(rqp);
smb_rq_bstart(rqp);
mb_put_uint8(mbp, SMB_DT_DATA);
mb_put_uint16le(mbp, resid);
do {
error = mb_put_uio(mbp, uio, resid);
if (error)
break;
smb_rq_bend(rqp);
error = smb_rq_simple(rqp);
if (error)
break;
smb_rq_getreply(rqp, &mdp);
md_get_uint8(mdp, &wc);
if (wc != 1) {
error = EBADRPC;
break;
}
md_get_uint16le(mdp, &resid);
*rresid = resid;
} while(0);
smb_rq_done(rqp);
return error;
}
static __inline int
smb_smb_write(struct smb_share *ssp, u_int16_t fid, int *len, int *rresid,
struct uio *uio, struct smb_cred *scred)
{
struct smb_rq *rqp;
struct mbchain *mbp;
struct mdchain *mdp;
u_int16_t resid;
u_int8_t wc;
int error, blksz;
/* write data must be real */
KKASSERT(uio->uio_segflg != UIO_NOCOPY);
blksz = SSTOVC(ssp)->vc_txmax - SMB_HDRLEN - 16;
if (blksz > 0xffff)
blksz = 0xffff;
resid = *len = min(blksz, *len);
error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_WRITE, scred, &rqp);
if (error)
return error;
smb_rq_getrequest(rqp, &mbp);
smb_rq_wstart(rqp);
mb_put_mem(mbp, (caddr_t)&fid, sizeof(fid), MB_MSYSTEM);
mb_put_uint16le(mbp, resid);
mb_put_uint32le(mbp, uio->uio_offset);
mb_put_uint16le(mbp, (unsigned short)szmin(uio->uio_resid, 0xffff));
smb_rq_wend(rqp);
smb_rq_bstart(rqp);
mb_put_uint8(mbp, SMB_DT_DATA);
mb_put_uint16le(mbp, resid);
do {
error = mb_put_uio(mbp, uio, resid);
if (error)
break;
smb_rq_bend(rqp);
error = smb_rq_simple(rqp);
if (error)
break;
smb_rq_getreply(rqp, &mdp);
md_get_uint8(mdp, &wc);
if (wc != 1) {
error = EBADRPC;
break;
}
md_get_uint16le(mdp, &resid);
*rresid = resid;
} while(0);
smb_rq_done(rqp);
return error;
}
int
smbfs_smb_statfs2(struct smb_share *ssp, struct statfs *sbp,
struct smb_cred *scred)
{
struct smb_t2rq *t2p;
struct mbchain *mbp;
struct mdchain *mdp;
u_int16_t bsize;
u_int32_t units, bpu, funits;
int error;
error = smb_t2_alloc(SSTOCP(ssp), SMB_TRANS2_QUERY_FS_INFORMATION,
scred, &t2p);
if (error)
return error;
mbp = &t2p->t2_tparam;
mb_init(mbp);
mb_put_uint16le(mbp, SMB_INFO_ALLOCATION);
t2p->t2_maxpcount = 4;
t2p->t2_maxdcount = 4 * 4 + 2;
error = smb_t2_request(t2p);
if (error) {
smb_t2_done(t2p);
return error;
}
mdp = &t2p->t2_rdata;
md_get_uint32(mdp, NULL); /* fs id */
md_get_uint32le(mdp, &bpu);
md_get_uint32le(mdp, &units);
md_get_uint32le(mdp, &funits);
md_get_uint16le(mdp, &bsize);
sbp->f_bsize = bpu * bsize; /* fundamental filesystem block size */
sbp->f_blocks= units; /* total data blocks in filesystem */
sbp->f_bfree = funits; /* free blocks in fs */
sbp->f_bavail= funits; /* free blocks avail to non-superuser */
sbp->f_files = 0xffff; /* total file nodes in filesystem */
sbp->f_ffree = 0xffff; /* free file nodes in fs */
smb_t2_done(t2p);
return 0;
}
/*
* Wait for reply on the request
*/
static int
smb_rq_reply(struct smb_rq *rqp)
{
struct mdchain *mdp = &rqp->sr_rp;
u_int32_t tdw;
u_int8_t tb;
int error, rperror = 0;
error = smb_iod_waitrq(rqp);
if (error)
return error;
error = md_get_uint32(mdp, &tdw);
if (error)
return error;
error = md_get_uint8(mdp, &tb);
if (rqp->sr_vc->vc_hflags2 & SMB_FLAGS2_ERR_STATUS) {
error = md_get_uint32le(mdp, &rqp->sr_error);
} else {
error = md_get_uint8(mdp, &rqp->sr_errclass);
error = md_get_uint8(mdp, &tb);
error = md_get_uint16le(mdp, &rqp->sr_serror);
if (!error)
rperror = smb_maperror(rqp->sr_errclass, rqp->sr_serror);
}
error = md_get_uint8(mdp, &rqp->sr_rpflags);
error = md_get_uint16le(mdp, &rqp->sr_rpflags2);
error = md_get_uint32(mdp, &tdw);
error = md_get_uint32(mdp, &tdw);
error = md_get_uint32(mdp, &tdw);
error = md_get_uint16le(mdp, &rqp->sr_rptid);
error = md_get_uint16le(mdp, &rqp->sr_rppid);
error = md_get_uint16le(mdp, &rqp->sr_rpuid);
error = md_get_uint16le(mdp, &rqp->sr_rpmid);
if (error == 0 &&
(rqp->sr_vc->vc_hflags2 & SMB_FLAGS2_SECURITY_SIGNATURE))
error = smb_rq_verify(rqp);
SMBSDEBUG("M:%04x, P:%04x, U:%04x, T:%04x, E: %d:%d\n",
rqp->sr_rpmid, rqp->sr_rppid, rqp->sr_rpuid, rqp->sr_rptid,
rqp->sr_errclass, rqp->sr_serror);
return error ? error : rperror;
}
static int
smbfs_findnextLM2(struct smbfs_fctx *ctx, int limit)
{
struct mdchain *mbp;
struct smb_t2rq *t2p;
char *cp;
u_int8_t tb;
u_int16_t date, time, wattr;
u_int32_t size, next, dattr;
int64_t lint;
int error, svtz, cnt, fxsz, nmlen, recsz;
if (ctx->f_ecnt == 0) {
if (ctx->f_flags & SMBFS_RDD_EOF)
return ENOENT;
ctx->f_left = ctx->f_limit = limit;
error = smbfs_smb_trans2find2(ctx);
if (error)
return error;
}
t2p = ctx->f_t2;
mbp = &t2p->t2_rdata;
svtz = SSTOVC(ctx->f_ssp)->vc_sopt.sv_tz;
switch (ctx->f_infolevel) {
case SMB_INFO_STANDARD:
next = 0;
fxsz = 0;
md_get_uint16le(mbp, &date);
md_get_uint16le(mbp, &time); /* creation time */
md_get_uint16le(mbp, &date);
md_get_uint16le(mbp, &time); /* access time */
smb_dos2unixtime(date, time, 0, svtz, &ctx->f_attr.fa_atime);
md_get_uint16le(mbp, &date);
md_get_uint16le(mbp, &time); /* access time */
smb_dos2unixtime(date, time, 0, svtz, &ctx->f_attr.fa_mtime);
md_get_uint32le(mbp, &size);
ctx->f_attr.fa_size = size;
md_get_uint32(mbp, NULL); /* allocation size */
md_get_uint16le(mbp, &wattr);
ctx->f_attr.fa_attr = wattr;
md_get_uint8(mbp, &tb);
size = nmlen = tb;
fxsz = 23;
recsz = next = 24 + nmlen; /* docs misses zero byte at end */
break;
case SMB_FIND_FILE_DIRECTORY_INFO:
md_get_uint32le(mbp, &next);
md_get_uint32(mbp, NULL); /* file index */
md_get_int64(mbp, NULL); /* creation time */
md_get_int64le(mbp, &lint);
smb_time_NT2local(lint, svtz, &ctx->f_attr.fa_atime);
md_get_int64le(mbp, &lint);
smb_time_NT2local(lint, svtz, &ctx->f_attr.fa_mtime);
md_get_int64le(mbp, &lint);
smb_time_NT2local(lint, svtz, &ctx->f_attr.fa_ctime);
md_get_int64le(mbp, &lint); /* file size */
ctx->f_attr.fa_size = lint;
md_get_int64(mbp, NULL); /* real size (should use) */
md_get_uint32le(mbp, &dattr); /* EA */
ctx->f_attr.fa_attr = dattr;
md_get_uint32le(mbp, &size); /* name len */
fxsz = 64;
recsz = next ? next : fxsz + size;
break;
default:
SMBERROR("unexpected info level %d\n", ctx->f_infolevel);
return EINVAL;
}
if (SMB_UNICODE_STRINGS(SSTOVC(ctx->f_ssp))) {
nmlen = min(size, SMB_MAXFNAMELEN * 2);
} else
nmlen = min(size, SMB_MAXFNAMELEN);
cp = ctx->f_name;
error = md_get_mem(mbp, cp, nmlen, MB_MSYSTEM);
if (error)
return error;
if (next) {
cnt = next - nmlen - fxsz;
if (cnt > 0)
md_get_mem(mbp, NULL, cnt, MB_MSYSTEM);
else if (cnt < 0) {
SMBERROR("out of sync\n");
return EBADRPC;
}
}
if (SMB_UNICODE_STRINGS(SSTOVC(ctx->f_ssp))) {
if (nmlen > 1 && cp[nmlen - 1] == 0 && cp[nmlen - 2] == 0)
nmlen -= 2;
} else
if (nmlen && cp[nmlen - 1] == 0)
nmlen--;
if (nmlen == 0)
return EBADRPC;
next = ctx->f_eofs + recsz;
if (ctx->f_rnameofs && (ctx->f_flags & SMBFS_RDD_GOTRNAME) == 0 &&
(ctx->f_rnameofs >= ctx->f_eofs && ctx->f_rnameofs < next)) {
/*
* Server needs a resume filename.
*/
if (ctx->f_rnamelen <= nmlen) {
if (ctx->f_rname)
free(ctx->f_rname, M_SMBFSDATA);
ctx->f_rname = malloc(nmlen + 1, M_SMBFSDATA, M_WAITOK);
ctx->f_rnamelen = nmlen;
}
bcopy(ctx->f_name, ctx->f_rname, nmlen);
ctx->f_rname[nmlen] = 0;
ctx->f_flags |= SMBFS_RDD_GOTRNAME;
}
ctx->f_nmlen = nmlen;
ctx->f_eofs = next;
ctx->f_ecnt--;
ctx->f_left--;
return 0;
}
/*
* TRANS2_FIND_FIRST2/NEXT2, used for NT LM12 dialect
*/
static int
smbfs_smb_trans2find2(struct smbfs_fctx *ctx)
{
struct smb_t2rq *t2p;
struct smb_vc *vcp = SSTOVC(ctx->f_ssp);
struct mbchain *mbp;
struct mdchain *mdp;
u_int16_t tw, flags;
int error;
if (ctx->f_t2) {
smb_t2_done(ctx->f_t2);
ctx->f_t2 = NULL;
}
ctx->f_flags &= ~SMBFS_RDD_GOTRNAME;
flags = 8 | 2; /* <resume> | <close if EOS> */
if (ctx->f_flags & SMBFS_RDD_FINDSINGLE) {
flags |= 1; /* close search after this request */
ctx->f_flags |= SMBFS_RDD_NOCLOSE;
}
if (ctx->f_flags & SMBFS_RDD_FINDFIRST) {
error = smb_t2_alloc(SSTOCP(ctx->f_ssp), SMB_TRANS2_FIND_FIRST2,
ctx->f_scred, &t2p);
if (error)
return error;
ctx->f_t2 = t2p;
mbp = &t2p->t2_tparam;
mb_init(mbp);
mb_put_uint16le(mbp, ctx->f_attrmask);
mb_put_uint16le(mbp, ctx->f_limit);
mb_put_uint16le(mbp, flags);
mb_put_uint16le(mbp, ctx->f_infolevel);
mb_put_uint32le(mbp, 0);
error = smbfs_fullpath(mbp, vcp, ctx->f_dnp, ctx->f_wildcard, ctx->f_wclen);
if (error)
return error;
} else {
error = smb_t2_alloc(SSTOCP(ctx->f_ssp), SMB_TRANS2_FIND_NEXT2,
ctx->f_scred, &t2p);
if (error)
return error;
ctx->f_t2 = t2p;
mbp = &t2p->t2_tparam;
mb_init(mbp);
mb_put_mem(mbp, (caddr_t)&ctx->f_Sid, 2, MB_MSYSTEM);
mb_put_uint16le(mbp, ctx->f_limit);
mb_put_uint16le(mbp, ctx->f_infolevel);
mb_put_uint32le(mbp, 0); /* resume key */
mb_put_uint16le(mbp, flags);
if (ctx->f_rname)
mb_put_mem(mbp, ctx->f_rname, ctx->f_rnamelen + 1, MB_MSYSTEM);
else
mb_put_uint8(mbp, 0); /* resume file name */
#if 0
struct timeval tv;
tv.tv_sec = 0;
tv.tv_usec = 200 * 1000; /* 200ms */
if (vcp->vc_flags & SMBC_WIN95) {
/*
* some implementations suggests to sleep here
* for 200ms, due to the bug in the Win95.
* I've didn't notice any problem, but put code
* for it.
*/
pause("fix95", tvtohz(&tv));
}
#endif
}
t2p->t2_maxpcount = 5 * 2;
t2p->t2_maxdcount = vcp->vc_txmax;
error = smb_t2_request(t2p);
if (error)
return error;
mdp = &t2p->t2_rparam;
if (ctx->f_flags & SMBFS_RDD_FINDFIRST) {
if ((error = md_get_uint16(mdp, &ctx->f_Sid)) != 0)
return error;
ctx->f_flags &= ~SMBFS_RDD_FINDFIRST;
}
if ((error = md_get_uint16le(mdp, &tw)) != 0)
return error;
ctx->f_ecnt = tw;
if ((error = md_get_uint16le(mdp, &tw)) != 0)
return error;
if (tw)
ctx->f_flags |= SMBFS_RDD_EOF | SMBFS_RDD_NOCLOSE;
if ((error = md_get_uint16le(mdp, &tw)) != 0)
return error;
if ((error = md_get_uint16le(mdp, &tw)) != 0)
return error;
if (ctx->f_ecnt == 0) {
ctx->f_flags |= SMBFS_RDD_EOF | SMBFS_RDD_NOCLOSE;
return ENOENT;
}
ctx->f_rnameofs = tw;
mdp = &t2p->t2_rdata;
if (mdp->md_top == NULL) {
printf("bug: ecnt = %d, but data is NULL (please report)\n", ctx->f_ecnt);
return ENOENT;
}
if (mdp->md_top->m_len == 0) {
printf("bug: ecnt = %d, but m_len = 0 and m_next = %p (please report)\n", ctx->f_ecnt,mbp->mb_top->m_next);
return ENOENT;
}
ctx->f_eofs = 0;
return 0;
}
int
smb_usr_simplerequest(struct smb_share *ssp, struct smbioc_rq *dp,
struct smb_cred *scred)
{
struct smb_rq rq, *rqp = &rq;
struct mbchain *mbp;
struct mdchain *mdp;
u_int8_t wc;
u_int16_t bc;
int error;
switch (dp->ioc_cmd) {
case SMB_COM_TRANSACTION2:
case SMB_COM_TRANSACTION2_SECONDARY:
case SMB_COM_CLOSE_AND_TREE_DISC:
case SMB_COM_TREE_CONNECT:
case SMB_COM_TREE_DISCONNECT:
case SMB_COM_NEGOTIATE:
case SMB_COM_SESSION_SETUP_ANDX:
case SMB_COM_LOGOFF_ANDX:
case SMB_COM_TREE_CONNECT_ANDX:
return EPERM;
}
error = smb_rq_init(rqp, SSTOCP(ssp), dp->ioc_cmd, scred);
if (error)
return error;
mbp = &rqp->sr_rq;
smb_rq_wstart(rqp);
error = mb_put_mem(mbp, dp->ioc_twords, dp->ioc_twc * 2, MB_MUSER);
if (error)
goto bad;
smb_rq_wend(rqp);
smb_rq_bstart(rqp);
error = mb_put_mem(mbp, dp->ioc_tbytes, dp->ioc_tbc, MB_MUSER);
if (error)
goto bad;
smb_rq_bend(rqp);
error = smb_rq_simple(rqp);
if (error)
goto bad;
mdp = &rqp->sr_rp;
md_get_uint8(mdp, &wc);
dp->ioc_rwc = wc;
wc *= 2;
if (wc > dp->ioc_rpbufsz) {
error = EBADRPC;
goto bad;
}
error = md_get_mem(mdp, dp->ioc_rpbuf, wc, MB_MUSER);
if (error)
goto bad;
md_get_uint16le(mdp, &bc);
if ((wc + bc) > dp->ioc_rpbufsz) {
error = EBADRPC;
goto bad;
}
dp->ioc_rbc = bc;
error = md_get_mem(mdp, dp->ioc_rpbuf + wc, bc, MB_MUSER);
bad:
dp->ioc_errclass = rqp->sr_errclass;
dp->ioc_serror = rqp->sr_serror;
dp->ioc_error = rqp->sr_error;
smb_rq_done(rqp);
return error;
}
static int
smb_t2_reply(struct smb_t2rq *t2p)
{
struct mdchain *mdp;
struct smb_rq *rqp = t2p->t2_rq;
int error, totpgot, totdgot;
u_int16_t totpcount, totdcount, pcount, poff, doff, pdisp, ddisp;
u_int16_t tmp, bc, dcount;
u_int8_t wc;
error = smb_rq_reply(rqp);
if (error)
return error;
if ((t2p->t2_flags & SMBT2_ALLSENT) == 0) {
/*
* this is an interim response, ignore it.
*/
SMBRQ_SLOCK(rqp);
md_next_record(&rqp->sr_rp);
SMBRQ_SUNLOCK(rqp);
return 0;
}
/*
* Now we have to get all subsequent responses. The CIFS specification
* says that they can be disordered which is weird.
* TODO: timo
*/
totpgot = totdgot = 0;
totpcount = totdcount = 0xffff;
mdp = &rqp->sr_rp;
for (;;) {
m_dumpm(mdp->md_top);
if ((error = md_get_uint8(mdp, &wc)) != 0)
break;
if (wc < 10) {
error = ENOENT;
break;
}
if ((error = md_get_uint16le(mdp, &tmp)) != 0)
break;
if (totpcount > tmp)
totpcount = tmp;
md_get_uint16le(mdp, &tmp);
if (totdcount > tmp)
totdcount = tmp;
if ((error = md_get_uint16le(mdp, &tmp)) != 0 || /* reserved */
(error = md_get_uint16le(mdp, &pcount)) != 0 ||
(error = md_get_uint16le(mdp, &poff)) != 0 ||
(error = md_get_uint16le(mdp, &pdisp)) != 0)
break;
if (pcount != 0 && pdisp != totpgot) {
SMBERROR("Can't handle disordered parameters %d:%d\n",
pdisp, totpgot);
error = EINVAL;
break;
}
if ((error = md_get_uint16le(mdp, &dcount)) != 0 ||
(error = md_get_uint16le(mdp, &doff)) != 0 ||
(error = md_get_uint16le(mdp, &ddisp)) != 0)
break;
if (dcount != 0 && ddisp != totdgot) {
SMBERROR("Can't handle disordered data\n");
error = EINVAL;
break;
}
md_get_uint8(mdp, &wc);
md_get_uint8(mdp, NULL);
tmp = wc;
while (tmp--)
md_get_uint16(mdp, NULL);
if ((error = md_get_uint16le(mdp, &bc)) != 0)
break;
/* tmp = SMB_HDRLEN + 1 + 10 * 2 + 2 * wc + 2;*/
if (dcount) {
error = smb_t2_placedata(mdp->md_top, doff, dcount,
&t2p->t2_rdata);
if (error)
break;
}
if (pcount) {
error = smb_t2_placedata(mdp->md_top, poff, pcount,
&t2p->t2_rparam);
if (error)
break;
}
totpgot += pcount;
totdgot += dcount;
if (totpgot >= totpcount && totdgot >= totdcount) {
error = 0;
t2p->t2_flags |= SMBT2_ALLRECV;
break;
}
/*
* We're done with this reply, look for the next one.
*/
SMBRQ_SLOCK(rqp);
md_next_record(&rqp->sr_rp);
SMBRQ_SUNLOCK(rqp);
error = smb_rq_reply(rqp);
if (error)
break;
}
return error;
}
static int
smb_nt_reply(struct smb_ntrq *ntp)
{
struct mdchain *mdp;
struct smb_rq *rqp = ntp->nt_rq;
int error, error2;
u_int32_t totpcount, totdcount, pcount, poff, doff, pdisp, ddisp;
u_int32_t tmp, dcount, totpgot, totdgot;
u_int16_t bc;
u_int8_t wc;
ntp->nt_flags &= ~SMBT2_MOREDATA;
error = smb_rq_reply(rqp);
if (rqp->sr_flags & SMBR_MOREDATA)
ntp->nt_flags |= SMBT2_MOREDATA;
ntp->nt_sr_error = rqp->sr_error;
ntp->nt_sr_rpflags2 = rqp->sr_rpflags2;
if (error && !(rqp->sr_flags & SMBR_MOREDATA))
return (error);
/*
* Now we have to get all subseqent responses. The CIFS specification
* says that they can be misordered which is weird.
* TODO: timo
*/
totpgot = totdgot = 0;
totpcount = totdcount = 0xffffffff;
mdp = &rqp->sr_rp;
for (;;) {
DTRACE_PROBE2(smb_trans_reply,
(smb_rq_t *), rqp, (mblk_t *), mdp->md_top);
m_dumpm(mdp->md_top);
if ((error2 = md_get_uint8(mdp, &wc)) != 0)
break;
if (wc < 18) {
error2 = ENOENT;
break;
}
md_get_mem(mdp, NULL, 3, MB_MSYSTEM); /* reserved */
if ((error2 = md_get_uint32le(mdp, &tmp)) != 0)
break;
if (totpcount > tmp)
totpcount = tmp;
if ((error2 = md_get_uint32le(mdp, &tmp)) != 0)
break;
if (totdcount > tmp)
totdcount = tmp;
if ((error2 = md_get_uint32le(mdp, &pcount)) != 0 ||
(error2 = md_get_uint32le(mdp, &poff)) != 0 ||
(error2 = md_get_uint32le(mdp, &pdisp)) != 0)
break;
if (pcount != 0 && pdisp != totpgot) {
SMBSDEBUG("Can't handle misordered parameters %d:%d\n",
pdisp, totpgot);
error2 = EINVAL;
break;
}
if ((error2 = md_get_uint32le(mdp, &dcount)) != 0 ||
(error2 = md_get_uint32le(mdp, &doff)) != 0 ||
(error2 = md_get_uint32le(mdp, &ddisp)) != 0)
break;
if (dcount != 0 && ddisp != totdgot) {
SMBSDEBUG("Can't handle misordered data: dcount %d\n",
dcount);
error2 = EINVAL;
break;
}
/* XXX: Skip setup words? We don't save them? */
md_get_uint8(mdp, &wc); /* SetupCount */
tmp = wc;
while (tmp--)
md_get_uint16le(mdp, NULL);
if ((error2 = md_get_uint16le(mdp, &bc)) != 0)
break;
/*
* There are pad bytes here, and the poff value
* indicates where the next data are found.
* No need to guess at the padding size.
*/
if (pcount) {
error2 = smb_t2_placedata(mdp->md_top, poff, pcount,
&ntp->nt_rparam);
if (error2)
break;
}
totpgot += pcount;
if (dcount) {
error2 = smb_t2_placedata(mdp->md_top, doff, dcount,
&ntp->nt_rdata);
if (error2)
break;
}
totdgot += dcount;
if (totpgot >= totpcount && totdgot >= totdcount) {
error2 = 0;
ntp->nt_flags |= SMBT2_ALLRECV;
break;
}
/*
* We're done with this reply, look for the next one.
*/
SMBRQ_LOCK(rqp);
md_next_record(&rqp->sr_rp);
SMBRQ_UNLOCK(rqp);
error2 = smb_rq_reply(rqp);
if (rqp->sr_flags & SMBR_MOREDATA)
ntp->nt_flags |= SMBT2_MOREDATA;
if (!error2)
continue;
ntp->nt_sr_error = rqp->sr_error;
ntp->nt_sr_rpflags2 = rqp->sr_rpflags2;
error = error2;
if (!(rqp->sr_flags & SMBR_MOREDATA))
break;
}
return (error ? error : error2);
}
static int
smb_smb_writex(struct smb_share *ssp, uint16_t fid, uint32_t *lenp,
uio_t *uiop, smb_cred_t *scred, int timo)
{
struct smb_rq *rqp;
struct mbchain *mbp;
struct mdchain *mdp;
int error;
uint32_t offlo, offhi, rlen;
uint16_t lenhi, lenlo;
uint8_t wc;
lenhi = (uint16_t)(*lenp >> 16);
lenlo = (uint16_t)*lenp;
offhi = (uint32_t)(uiop->uio_loffset >> 32);
offlo = (uint32_t)uiop->uio_loffset;
error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_WRITE_ANDX, scred, &rqp);
if (error)
return (error);
smb_rq_getrequest(rqp, &mbp);
smb_rq_wstart(rqp);
mb_put_uint8(mbp, 0xff); /* no secondary command */
mb_put_uint8(mbp, 0); /* MBZ */
mb_put_uint16le(mbp, 0); /* offset to secondary */
mb_put_uint16le(mbp, fid);
mb_put_uint32le(mbp, offlo); /* offset (low part) */
mb_put_uint32le(mbp, 0); /* MBZ (timeout) */
mb_put_uint16le(mbp, 0); /* !write-thru */
mb_put_uint16le(mbp, 0);
mb_put_uint16le(mbp, lenhi);
mb_put_uint16le(mbp, lenlo);
mb_put_uint16le(mbp, 64); /* data offset from header start */
mb_put_uint32le(mbp, offhi); /* offset (high part) */
smb_rq_wend(rqp);
smb_rq_bstart(rqp);
mb_put_uint8(mbp, 0); /* pad byte */
error = mb_put_uio(mbp, uiop, *lenp);
if (error)
goto out;
smb_rq_bend(rqp);
if (timo == 0)
timo = smb_timo_write;
error = smb_rq_simple_timed(rqp, timo);
if (error)
goto out;
smb_rq_getreply(rqp, &mdp);
error = md_get_uint8(mdp, &wc);
if (error)
goto out;
if (wc != 6) {
error = EBADRPC;
goto out;
}
md_get_uint8(mdp, NULL); /* andx cmd */
md_get_uint8(mdp, NULL); /* reserved */
md_get_uint16le(mdp, NULL); /* andx offset */
md_get_uint16le(mdp, &lenlo); /* data len ret. */
md_get_uint16le(mdp, NULL); /* remaining */
error = md_get_uint16le(mdp, &lenhi);
if (error)
goto out;
/* Success */
rlen = (lenhi << 16) | lenlo;
*lenp = rlen;
out:
smb_rq_done(rqp);
return (error);
}
static int
smbfs_smb_search(struct smbfs_fctx *ctx)
{
struct smb_vc *vcp = SSTOVC(ctx->f_ssp);
struct smb_rq *rqp;
struct mbchain *mbp;
struct mdchain *mdp;
u_int8_t wc, bt;
u_int16_t ec, dlen, bc;
int maxent, error, iseof = 0;
maxent = min(ctx->f_left, (vcp->vc_txmax - SMB_HDRLEN - 3) / SMB_DENTRYLEN);
if (ctx->f_rq) {
smb_rq_done(ctx->f_rq);
ctx->f_rq = NULL;
}
error = smb_rq_alloc(SSTOCP(ctx->f_ssp), SMB_COM_SEARCH, ctx->f_scred, &rqp);
if (error)
return error;
ctx->f_rq = rqp;
smb_rq_getrequest(rqp, &mbp);
smb_rq_wstart(rqp);
mb_put_uint16le(mbp, maxent); /* max entries to return */
mb_put_uint16le(mbp, ctx->f_attrmask);
smb_rq_wend(rqp);
smb_rq_bstart(rqp);
mb_put_uint8(mbp, SMB_DT_ASCII); /* buffer format */
if (ctx->f_flags & SMBFS_RDD_FINDFIRST) {
error = smbfs_fullpath(mbp, vcp, ctx->f_dnp, ctx->f_wildcard, ctx->f_wclen);
if (error)
return error;
mb_put_uint8(mbp, SMB_DT_VARIABLE);
mb_put_uint16le(mbp, 0); /* context length */
ctx->f_flags &= ~SMBFS_RDD_FINDFIRST;
} else {
if (SMB_UNICODE_STRINGS(vcp)) {
mb_put_padbyte(mbp);
mb_put_uint8(mbp, 0);
}
mb_put_uint8(mbp, 0); /* file name length */
mb_put_uint8(mbp, SMB_DT_VARIABLE);
mb_put_uint16le(mbp, SMB_SKEYLEN);
mb_put_mem(mbp, ctx->f_skey, SMB_SKEYLEN, MB_MSYSTEM);
}
smb_rq_bend(rqp);
error = smb_rq_simple(rqp);
if (error) {
if (rqp->sr_errclass == ERRDOS && rqp->sr_serror == ERRnofiles) {
error = 0;
iseof = 1;
ctx->f_flags |= SMBFS_RDD_EOF;
} else
return error;
}
smb_rq_getreply(rqp, &mdp);
md_get_uint8(mdp, &wc);
if (wc != 1)
return iseof ? ENOENT : EBADRPC;
md_get_uint16le(mdp, &ec);
if (ec == 0)
return ENOENT;
ctx->f_ecnt = ec;
md_get_uint16le(mdp, &bc);
if (bc < 3)
return EBADRPC;
bc -= 3;
md_get_uint8(mdp, &bt);
if (bt != SMB_DT_VARIABLE)
return EBADRPC;
md_get_uint16le(mdp, &dlen);
if (dlen != bc || dlen % SMB_DENTRYLEN != 0)
return EBADRPC;
return 0;
}
/*
* Wait for reply on the request
*/
static int
smb_rq_reply(struct smb_rq *rqp)
{
struct mdchain *mdp = &rqp->sr_rp;
u_int8_t tb;
int error, rperror = 0;
if (rqp->sr_timo == SMBNOREPLYWAIT)
return (smb_iod_removerq(rqp));
error = smb_iod_waitrq(rqp);
if (error)
return (error);
/*
* If the request was signed, validate the
* signature on the response.
*/
if (rqp->sr_rqflags2 & SMB_FLAGS2_SECURITY_SIGNATURE) {
error = smb_rq_verify(rqp);
if (error)
return (error);
}
/*
* Parse the SMB header
*/
error = md_get_uint32le(mdp, NULL);
if (error)
return (error);
error = md_get_uint8(mdp, &tb);
error = md_get_uint32le(mdp, &rqp->sr_error);
error = md_get_uint8(mdp, &rqp->sr_rpflags);
error = md_get_uint16le(mdp, &rqp->sr_rpflags2);
if (rqp->sr_rpflags2 & SMB_FLAGS2_ERR_STATUS) {
/*
* Do a special check for STATUS_BUFFER_OVERFLOW;
* it's not an error.
*/
if (rqp->sr_error == NT_STATUS_BUFFER_OVERFLOW) {
/*
* Don't report it as an error to our caller;
* they can look at rqp->sr_error if they
* need to know whether we got a
* STATUS_BUFFER_OVERFLOW.
* XXX - should we do that for all errors
* where (error & 0xC0000000) is 0x80000000,
* i.e. all warnings?
*/
rperror = 0;
} else
rperror = smb_maperr32(rqp->sr_error);
} else {
rqp->sr_errclass = rqp->sr_error & 0xff;
rqp->sr_serror = rqp->sr_error >> 16;
rperror = smb_maperror(rqp->sr_errclass, rqp->sr_serror);
}
if (rperror == EMOREDATA) {
rperror = E2BIG;
rqp->sr_flags |= SMBR_MOREDATA;
} else
rqp->sr_flags &= ~SMBR_MOREDATA;
error = md_get_uint32le(mdp, NULL);
error = md_get_uint32le(mdp, NULL);
error = md_get_uint32le(mdp, NULL);
error = md_get_uint16le(mdp, &rqp->sr_rptid);
error = md_get_uint16le(mdp, &rqp->sr_rppid);
error = md_get_uint16le(mdp, &rqp->sr_rpuid);
error = md_get_uint16le(mdp, &rqp->sr_rpmid);
SMBSDEBUG("M:%04x, P:%04x, U:%04x, T:%04x, E: %d:%d\n",
rqp->sr_rpmid, rqp->sr_rppid, rqp->sr_rpuid, rqp->sr_rptid,
rqp->sr_errclass, rqp->sr_serror);
return ((error) ? error : rperror);
}
static inline int
smb_smb_readx(struct smb_share *ssp, u_int16_t fid, size_t *len, size_t *rresid,
struct uio *uio, struct smb_cred *scred)
{
struct smb_rq *rqp;
struct mbchain *mbp;
struct mdchain *mdp;
u_int8_t wc;
int error;
u_int16_t residhi, residlo, off, doff;
u_int32_t resid;
error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_READ_ANDX, scred, &rqp);
if (error)
return error;
smb_rq_getrequest(rqp, &mbp);
smb_rq_wstart(rqp);
mb_put_uint8(mbp, 0xff); /* no secondary command */
mb_put_uint8(mbp, 0); /* MBZ */
mb_put_uint16le(mbp, 0); /* offset to secondary */
mb_put_mem(mbp, (void *)&fid, sizeof(fid), MB_MSYSTEM);
mb_put_uint32le(mbp, uio->uio_offset);
*len = min(SSTOVC(ssp)->vc_rxmax, *len);
mb_put_uint16le(mbp, *len); /* MaxCount */
mb_put_uint16le(mbp, *len); /* MinCount (only indicates blocking) */
mb_put_uint32le(mbp, *len >> 16); /* MaxCountHigh */
mb_put_uint16le(mbp, *len); /* Remaining ("obsolete") */
mb_put_uint32le(mbp, uio->uio_offset >> 32); /* OffsetHigh */
smb_rq_wend(rqp);
smb_rq_bstart(rqp);
smb_rq_bend(rqp);
do {
error = smb_rq_simple(rqp);
if (error)
break;
smb_rq_getreply(rqp, &mdp);
off = SMB_HDRLEN;
md_get_uint8(mdp, &wc);
off++;
if (wc != 12) {
error = EBADRPC;
break;
}
md_get_uint8(mdp, NULL);
off++;
md_get_uint8(mdp, NULL);
off++;
md_get_uint16(mdp, NULL);
off += 2;
md_get_uint16(mdp, NULL);
off += 2;
md_get_uint16(mdp, NULL); /* data compaction mode */
off += 2;
md_get_uint16(mdp, NULL);
off += 2;
md_get_uint16le(mdp, &residlo);
off += 2;
md_get_uint16le(mdp, &doff); /* data offset */
off += 2;
md_get_uint16le(mdp, &residhi);
off += 2;
resid = (residhi << 16) | residlo;
md_get_mem(mdp, NULL, 4 * 2, MB_MSYSTEM);
off += 4*2;
md_get_uint16(mdp, NULL); /* ByteCount */
off += 2;
if (doff > off) /* pad byte(s)? */
md_get_mem(mdp, NULL, doff - off, MB_MSYSTEM);
if (resid == 0) {
*rresid = resid;
break;
}
error = md_get_uio(mdp, uio, resid);
if (error)
break;
*rresid = resid;
} while(0);
smb_rq_done(rqp);
return (error);
}
int
smb_smb_negotiate(struct smb_vc *vcp, struct smb_cred *scred)
{
struct smb_dialect *dp;
struct smb_sopt *sp = NULL;
struct smb_rq *rqp;
struct mbchain *mbp;
struct mdchain *mdp;
u_int8_t wc, stime[8], sblen;
u_int16_t dindex, tw, tw1, swlen, bc;
int error, maxqsz;
if (smb_smb_nomux(vcp, scred, __func__) != 0)
return EINVAL;
vcp->vc_hflags = 0;
vcp->vc_hflags2 = 0;
vcp->obj.co_flags &= ~(SMBV_ENCRYPT);
sp = &vcp->vc_sopt;
bzero(sp, sizeof(struct smb_sopt));
error = smb_rq_alloc(VCTOCP(vcp), SMB_COM_NEGOTIATE, scred, &rqp);
if (error)
return error;
smb_rq_getrequest(rqp, &mbp);
smb_rq_wstart(rqp);
smb_rq_wend(rqp);
smb_rq_bstart(rqp);
for(dp = smb_dialects; dp->d_id != -1; dp++) {
mb_put_uint8(mbp, SMB_DT_DIALECT);
smb_put_dstring(mbp, vcp, dp->d_name, SMB_CS_NONE);
}
smb_rq_bend(rqp);
error = smb_rq_simple(rqp);
SMBSDEBUG("%d\n", error);
if (error)
goto bad;
smb_rq_getreply(rqp, &mdp);
do {
error = md_get_uint8(mdp, &wc);
if (error)
break;
error = md_get_uint16le(mdp, &dindex);
if (error)
break;
if (dindex > 7) {
SMBERROR("Don't know how to talk with server %s (%d)\n", "xxx", dindex);
error = EBADRPC;
break;
}
dp = smb_dialects + dindex;
sp->sv_proto = dp->d_id;
SMBSDEBUG("Dialect %s (%d, %d)\n", dp->d_name, dindex, wc);
error = EBADRPC;
if (dp->d_id >= SMB_DIALECT_NTLM0_12) {
if (wc != 17)
break;
md_get_uint8(mdp, &sp->sv_sm);
md_get_uint16le(mdp, &sp->sv_maxmux);
md_get_uint16le(mdp, &sp->sv_maxvcs);
md_get_uint32le(mdp, &sp->sv_maxtx);
md_get_uint32le(mdp, &sp->sv_maxraw);
md_get_uint32le(mdp, &sp->sv_skey);
md_get_uint32le(mdp, &sp->sv_caps);
md_get_mem(mdp, stime, 8, MB_MSYSTEM);
md_get_uint16le(mdp, (u_int16_t*)&sp->sv_tz);
md_get_uint8(mdp, &sblen);
if (sblen && (sp->sv_sm & SMB_SM_ENCRYPT)) {
if (sblen != SMB_MAXCHALLENGELEN) {
SMBERROR("Unexpected length of security blob (%d)\n", sblen);
break;
}
error = md_get_uint16(mdp, &bc);
if (error)
break;
if (sp->sv_caps & SMB_CAP_EXT_SECURITY)
md_get_mem(mdp, NULL, 16, MB_MSYSTEM);
error = md_get_mem(mdp, vcp->vc_ch, sblen, MB_MSYSTEM);
if (error)
break;
vcp->vc_chlen = sblen;
vcp->obj.co_flags |= SMBV_ENCRYPT;
}
vcp->vc_hflags2 |= SMB_FLAGS2_KNOWS_LONG_NAMES;
if (dp->d_id == SMB_DIALECT_NTLM0_12 &&
sp->sv_maxtx < 4096 &&
(sp->sv_caps & SMB_CAP_NT_SMBS) == 0) {
vcp->obj.co_flags |= SMBV_WIN95;
SMBSDEBUG("Win95 detected\n");
}
} else if (dp->d_id > SMB_DIALECT_CORE) {
md_get_uint16le(mdp, &tw);
sp->sv_sm = tw;
md_get_uint16le(mdp, &tw);
sp->sv_maxtx = tw;
md_get_uint16le(mdp, &sp->sv_maxmux);
md_get_uint16le(mdp, &sp->sv_maxvcs);
md_get_uint16le(mdp, &tw); /* rawmode */
md_get_uint32le(mdp, &sp->sv_skey);
if (wc == 13) { /* >= LANMAN1 */
md_get_uint16(mdp, &tw); /* time */
md_get_uint16(mdp, &tw1); /* date */
md_get_uint16le(mdp, (u_int16_t*)&sp->sv_tz);
md_get_uint16le(mdp, &swlen);
if (swlen > SMB_MAXCHALLENGELEN)
break;
md_get_uint16(mdp, NULL); /* mbz */
if (md_get_uint16(mdp, &bc) != 0)
break;
if (bc < swlen)
break;
if (swlen && (sp->sv_sm & SMB_SM_ENCRYPT)) {
error = md_get_mem(mdp, vcp->vc_ch, swlen, MB_MSYSTEM);
if (error)
break;
vcp->vc_chlen = swlen;
vcp->obj.co_flags |= SMBV_ENCRYPT;
}
}
vcp->vc_hflags2 |= SMB_FLAGS2_KNOWS_LONG_NAMES;
} else { /* an old CORE protocol */
sp->sv_maxmux = 1;
}
error = 0;
} while (0);
if (error == 0) {
vcp->vc_maxvcs = sp->sv_maxvcs;
if (vcp->vc_maxvcs <= 1) {
if (vcp->vc_maxvcs == 0)
vcp->vc_maxvcs = 1;
}
if (sp->sv_maxtx <= 0 || sp->sv_maxtx > 0xffff)
sp->sv_maxtx = 1024;
SMB_TRAN_GETPARAM(vcp, SMBTP_SNDSZ, &maxqsz);
vcp->vc_txmax = min(sp->sv_maxtx, maxqsz);
SMBSDEBUG("TZ = %d\n", sp->sv_tz);
SMBSDEBUG("CAPS = %x\n", sp->sv_caps);
SMBSDEBUG("MAXMUX = %d\n", sp->sv_maxmux);
SMBSDEBUG("MAXVCS = %d\n", sp->sv_maxvcs);
SMBSDEBUG("MAXRAW = %d\n", sp->sv_maxraw);
SMBSDEBUG("MAXTX = %d\n", sp->sv_maxtx);
}
bad:
smb_rq_done(rqp);
return error;
}
/*
* Import a raw SD (mb chain) into "internal" form.
* (like "absolute" form per. NT docs)
* Returns allocated data in sdp
*
* Note: does NOT consume all the mdp data, so the
* caller has to take care of that if necessary.
*/
int
md_get_ntsd(mdchain_t *mdp, i_ntsd_t **sdp)
{
i_ntsd_t *sd = NULL;
mdchain_t top_md, tmp_md;
uint32_t owneroff, groupoff, sacloff, dacloff;
int error;
if ((sd = MALLOC(sizeof (*sd))) == NULL)
return (ENOMEM);
bzero(sd, sizeof (*sd));
/*
* Offsets below are relative to this point,
* so save the mdp state for use below.
*/
top_md = *mdp;
ERRCHK(md_get_uint8(mdp, &sd->sd_revision));
ERRCHK(md_get_uint8(mdp, &sd->sd_rmctl));
ERRCHK(md_get_uint16le(mdp, &sd->sd_flags));
ERRCHK(md_get_uint32le(mdp, &owneroff));
ERRCHK(md_get_uint32le(mdp, &groupoff));
ERRCHK(md_get_uint32le(mdp, &sacloff));
ERRCHK(md_get_uint32le(mdp, &dacloff));
/*
* The SD is "self-relative" on the wire,
* but not after this decodes it.
*/
sd->sd_flags &= ~SD_SELF_RELATIVE;
/*
* For each section make a temporary copy of the
* top_md state, advance to the given offset, and
* pass that to the lower md_get_xxx functions.
* These could be marshalled in any order, but
* are normally found in the order shown here.
*/
if (sacloff) {
tmp_md = top_md;
md_get_mem(&tmp_md, NULL, sacloff, MB_MSYSTEM);
ERRCHK(md_get_acl(&tmp_md, &sd->sd_sacl));
}
if (dacloff) {
tmp_md = top_md;
md_get_mem(&tmp_md, NULL, dacloff, MB_MSYSTEM);
ERRCHK(md_get_acl(&tmp_md, &sd->sd_dacl));
}
if (owneroff) {
tmp_md = top_md;
md_get_mem(&tmp_md, NULL, owneroff, MB_MSYSTEM);
ERRCHK(md_get_sid(&tmp_md, &sd->sd_owner));
}
if (groupoff) {
tmp_md = top_md;
md_get_mem(&tmp_md, NULL, groupoff, MB_MSYSTEM);
ERRCHK(md_get_sid(&tmp_md, &sd->sd_group));
}
/* Success! */
*sdp = sd;
return (0);
errout:
smbfs_acl_free_sd(sd);
return (error);
}
static int
smb_smb_readx(struct smb_share *ssp, uint16_t fid, uint32_t *lenp,
uio_t *uiop, smb_cred_t *scred, int timo)
{
struct smb_rq *rqp;
struct mbchain *mbp;
struct mdchain *mdp;
int error;
uint32_t offlo, offhi, rlen;
uint16_t lenhi, lenlo, off, doff;
uint8_t wc;
lenhi = (uint16_t)(*lenp >> 16);
lenlo = (uint16_t)*lenp;
offhi = (uint32_t)(uiop->uio_loffset >> 32);
offlo = (uint32_t)uiop->uio_loffset;
error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_READ_ANDX, scred, &rqp);
if (error)
return (error);
smb_rq_getrequest(rqp, &mbp);
smb_rq_wstart(rqp);
mb_put_uint8(mbp, 0xff); /* no secondary command */
mb_put_uint8(mbp, 0); /* MBZ */
mb_put_uint16le(mbp, 0); /* offset to secondary */
mb_put_uint16le(mbp, fid);
mb_put_uint32le(mbp, offlo); /* offset (low part) */
mb_put_uint16le(mbp, lenlo); /* MaxCount */
mb_put_uint16le(mbp, 1); /* MinCount */
/* (only indicates blocking) */
mb_put_uint32le(mbp, lenhi); /* MaxCountHigh */
mb_put_uint16le(mbp, lenlo); /* Remaining ("obsolete") */
mb_put_uint32le(mbp, offhi); /* offset (high part) */
smb_rq_wend(rqp);
smb_rq_bstart(rqp);
smb_rq_bend(rqp);
if (timo == 0)
timo = smb_timo_read;
error = smb_rq_simple_timed(rqp, timo);
if (error)
goto out;
smb_rq_getreply(rqp, &mdp);
error = md_get_uint8(mdp, &wc);
if (error)
goto out;
if (wc != 12) {
error = EBADRPC;
goto out;
}
md_get_uint8(mdp, NULL);
md_get_uint8(mdp, NULL);
md_get_uint16le(mdp, NULL);
md_get_uint16le(mdp, NULL);
md_get_uint16le(mdp, NULL); /* data compaction mode */
md_get_uint16le(mdp, NULL);
md_get_uint16le(mdp, &lenlo); /* data len ret. */
md_get_uint16le(mdp, &doff); /* data offset */
md_get_uint16le(mdp, &lenhi);
rlen = (lenhi << 16) | lenlo;
md_get_mem(mdp, NULL, 4 * 2, MB_MSYSTEM);
error = md_get_uint16le(mdp, NULL); /* ByteCount */
if (error)
goto out;
/*
* Does the data offset indicate padding?
* The current offset is a constant, found
* by counting the md_get_ calls above.
*/
off = SMB_HDRLEN + 3 + (12 * 2); /* =59 */
if (doff > off) /* pad byte(s)? */
md_get_mem(mdp, NULL, doff - off, MB_MSYSTEM);
if (rlen == 0) {
*lenp = rlen;
goto out;
}
/* paranoid */
if (rlen > *lenp) {
SMBSDEBUG("bad server! rlen %d, len %d\n",
rlen, *lenp);
rlen = *lenp;
}
error = md_get_uio(mdp, uiop, rlen);
if (error)
goto out;
/* Success */
*lenp = rlen;
out:
smb_rq_done(rqp);
return (error);
}
static int
smbfs_smb_qpathinfo(struct smbnode *np, struct smbfattr *fap,
struct smb_cred *scred, short infolevel)
{
struct smb_share *ssp = np->n_mount->sm_share;
struct smb_vc *vcp = SSTOVC(ssp);
struct smb_t2rq *t2p;
int error, svtz, timesok = 1;
struct mbchain *mbp;
struct mdchain *mdp;
u_int16_t date, time, wattr;
int64_t lint;
u_int32_t size, dattr;
error = smb_t2_alloc(SSTOCP(ssp), SMB_TRANS2_QUERY_PATH_INFORMATION,
scred, &t2p);
if (error)
return error;
mbp = &t2p->t2_tparam;
mb_init(mbp);
if (!infolevel) {
if (SMB_DIALECT(vcp) < SMB_DIALECT_NTLM0_12)
infolevel = SMB_QUERY_FILE_STANDARD;
else
infolevel = SMB_QUERY_FILE_BASIC_INFO;
}
mb_put_uint16le(mbp, infolevel);
mb_put_uint32le(mbp, 0);
/* mb_put_uint8(mbp, SMB_DT_ASCII); specs are wrong */
error = smbfs_fullpath(mbp, vcp, np, NULL, 0);
if (error) {
smb_t2_done(t2p);
return error;
}
t2p->t2_maxpcount = 2;
t2p->t2_maxdcount = vcp->vc_txmax;
error = smb_t2_request(t2p);
if (error) {
smb_t2_done(t2p);
if (infolevel == SMB_QUERY_FILE_STANDARD || error != EINVAL)
return error;
return smbfs_smb_qpathinfo(np, fap, scred,
SMB_QUERY_FILE_STANDARD);
}
mdp = &t2p->t2_rdata;
svtz = vcp->vc_sopt.sv_tz;
switch (infolevel) {
case SMB_QUERY_FILE_STANDARD:
timesok = 0;
md_get_uint16le(mdp, NULL);
md_get_uint16le(mdp, NULL); /* creation time */
md_get_uint16le(mdp, &date);
md_get_uint16le(mdp, &time); /* access time */
if (date || time) {
timesok++;
smb_dos2unixtime(date, time, 0, svtz, &fap->fa_atime);
}
md_get_uint16le(mdp, &date);
md_get_uint16le(mdp, &time); /* modify time */
if (date || time) {
timesok++;
smb_dos2unixtime(date, time, 0, svtz, &fap->fa_mtime);
}
md_get_uint32le(mdp, &size);
fap->fa_size = size;
md_get_uint32(mdp, NULL); /* allocation size */
md_get_uint16le(mdp, &wattr);
fap->fa_attr = wattr;
break;
case SMB_QUERY_FILE_BASIC_INFO:
timesok = 0;
md_get_int64(mdp, NULL); /* creation time */
md_get_int64le(mdp, &lint);
if (lint) {
timesok++;
smb_time_NT2local(lint, svtz, &fap->fa_atime);
}
md_get_int64le(mdp, &lint);
if (lint) {
timesok++;
smb_time_NT2local(lint, svtz, &fap->fa_mtime);
}
md_get_int64le(mdp, &lint);
if (lint) {
timesok++;
smb_time_NT2local(lint, svtz, &fap->fa_ctime);
}
md_get_uint32le(mdp, &dattr);
fap->fa_attr = dattr;
md_get_uint32(mdp, NULL);
/* XXX could use ALL_INFO to get size */
break;
default:
SMBERROR("unexpected info level %d\n", infolevel);
error = EINVAL;
}
smb_t2_done(t2p);
/*
* if all times are zero (observed with FAT on NT4SP6)
* then fall back to older info level
*/
if (!timesok) {
if (infolevel != SMB_QUERY_FILE_STANDARD)
return smbfs_smb_qpathinfo(np, fap, scred,
SMB_QUERY_FILE_STANDARD);
error = EINVAL;
}
return error;
}
static int
smb_smb_read(struct smb_share *ssp, uint16_t fid, uint32_t *lenp,
uio_t *uiop, smb_cred_t *scred, int timo)
{
struct smb_rq *rqp;
struct mbchain *mbp;
struct mdchain *mdp;
int error;
uint32_t off32;
uint16_t bc, cnt, dlen, rcnt, todo;
uint8_t wc;
ASSERT(uiop->uio_loffset <= UINT32_MAX);
off32 = (uint32_t)uiop->uio_loffset;
ASSERT(*lenp <= UINT16_MAX);
cnt = (uint16_t)*lenp;
/* This next is an "estimate" of planned reads. */
todo = (uint16_t)min(uiop->uio_resid, UINT16_MAX);
error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_READ, scred, &rqp);
if (error)
return (error);
smb_rq_getrequest(rqp, &mbp);
smb_rq_wstart(rqp);
mb_put_uint16le(mbp, fid);
mb_put_uint16le(mbp, cnt);
mb_put_uint32le(mbp, off32);
mb_put_uint16le(mbp, todo);
smb_rq_wend(rqp);
smb_rq_bstart(rqp);
smb_rq_bend(rqp);
if (timo == 0)
timo = smb_timo_read;
error = smb_rq_simple_timed(rqp, timo);
if (error)
goto out;
smb_rq_getreply(rqp, &mdp);
error = md_get_uint8(mdp, &wc);
if (error)
goto out;
if (wc != 5) {
error = EBADRPC;
goto out;
}
md_get_uint16le(mdp, &rcnt); /* ret. count */
md_get_mem(mdp, NULL, 4 * 2, MB_MSYSTEM); /* res. */
md_get_uint16le(mdp, &bc); /* byte count */
md_get_uint8(mdp, NULL); /* buffer format */
error = md_get_uint16le(mdp, &dlen); /* data len */
if (error)
goto out;
if (dlen < rcnt) {
SMBSDEBUG("oops: dlen=%d rcnt=%d\n",
(int)dlen, (int)rcnt);
rcnt = dlen;
}
if (rcnt == 0) {
*lenp = 0;
goto out;
}
/* paranoid */
if (rcnt > cnt) {
SMBSDEBUG("bad server! rcnt %d, cnt %d\n",
(int)rcnt, (int)cnt);
rcnt = cnt;
}
error = md_get_uio(mdp, uiop, (int)rcnt);
if (error)
goto out;
/* success */
*lenp = (int)rcnt;
out:
smb_rq_done(rqp);
return (error);
}
/*
* Generic routine that handles open/creates.
*/
int
smbio_ntcreatex(void *smbctx, const char *path, const char *streamName,
struct open_inparms *inparms, struct open_outparm *outparms,
int *fid)
{
uint16_t *namelenp;
struct smb_usr_rq *rqp;
mbchain_t mbp;
mdchain_t mdp;
uint8_t wc;
size_t nmlen;
int error;
u_int16_t fid16;
/*
* Since the reply will fit in one mbuf, pass zero which will cause a normal
* mbuf to get created.
*/
error = smb_usr_rq_init(smbctx, SMB_COM_NT_CREATE_ANDX, 0, &rqp);
if (error != 0) {
return error;
}
mbp = smb_usr_rq_getrequest(rqp);
smb_usr_rq_wstart(rqp);
mb_put_uint8(mbp, 0xff); /* secondary command */
mb_put_uint8(mbp, 0); /* MBZ */
mb_put_uint16le(mbp, 0); /* offset to next command (none) */
mb_put_uint8(mbp, 0); /* MBZ */
namelenp = (uint16_t *)mb_reserve(mbp, sizeof(uint16_t));
/*
* XP to W2K Server never sets the NTCREATEX_FLAGS_OPEN_DIRECTORY
* for creating nor for opening a directory. Samba ignores the bit.
*
* Request the extended reply to get maximal access
*/
mb_put_uint32le(mbp, NTCREATEX_FLAGS_EXTENDED); /* NTCREATEX_FLAGS_* */
mb_put_uint32le(mbp, 0); /* FID - basis for path if not root */
mb_put_uint32le(mbp, inparms->rights);
mb_put_uint64le(mbp, inparms->allocSize); /* "initial allocation size" */
mb_put_uint32le(mbp, inparms->attrs); /* attributes */
mb_put_uint32le(mbp, inparms->shareMode);
mb_put_uint32le(mbp, inparms->disp);
mb_put_uint32le(mbp, inparms->createOptions);
mb_put_uint32le(mbp, NTCREATEX_IMPERSONATION_IMPERSONATION); /* (?) */
mb_put_uint8(mbp, 0); /* security flags (?) */
smb_usr_rq_wend(rqp);
smb_usr_rq_bstart(rqp);
nmlen = 0;
if (streamName) {
size_t snmlen = 0;
error = smb_usr_put_dmem(smbctx, mbp, path, strlen(path),
SMB_UTF_SFM_CONVERSIONS | SMB_FULLPATH_CONVERSIONS,
&nmlen);
if (!error) {
/* Make sure the stream name starts with a colon */
if (*streamName != ':') {
mb_put_uint16le(mbp, ':');
nmlen += 2;
}
error = smb_usr_rq_put_dstring(smbctx, mbp, streamName, strlen(streamName),
NO_SFM_CONVERSIONS, &snmlen);
}
nmlen += snmlen;
} else {
error = smb_usr_rq_put_dstring(smbctx, mbp, path, strlen(path),
SMB_UTF_SFM_CONVERSIONS |
SMB_FULLPATH_CONVERSIONS,
&nmlen);
}
if (error) {
smb_log_info("%s: smb_usr_rq_put_dstring failed syserr = %s",
ASL_LEVEL_DEBUG, __FUNCTION__, strerror(error));
goto done;
}
/* Now the network name length into the reserved location */
*namelenp = htoles((uint16_t)nmlen);
smb_usr_rq_bend(rqp);
error = smb_usr_rq_simple(rqp);
if (error != 0) {
smb_log_info("%s: smb_usr_rq_simple failed, syserr = %s",
ASL_LEVEL_DEBUG, __FUNCTION__, strerror(error));
goto done;
}
mdp = smb_usr_rq_getreply(rqp);
/*
* Spec say 26 for word count, but 34 words are defined and observed from
* all servers.
*
* The spec is wrong and word count should always be 34 unless we request
* the extended reply. Now some server will always return 42 even it the
* NTCREATEX_FLAGS_EXTENDED flag is not set.
*
* From the MS-SMB document concern the extend response:
*
* The word count for this response MUST be 0x2A (42). WordCount in this
* case is not used as the count of parameter words but is just a number.
*/
if (md_get_uint8(mdp, &wc) != 0 ||
((wc != NTCREATEX_NORMAL_WDCNT) && (wc != NTCREATEX_EXTENDED_WDCNT))) {
error = EIO;
smb_log_info("%s: bad word count, syserr = %s",
ASL_LEVEL_DEBUG, __FUNCTION__, strerror(error));
goto done;
}
md_get_uint8(mdp, NULL); /* secondary cmd */
md_get_uint8(mdp, NULL); /* mbz */
md_get_uint16le(mdp, NULL); /* andxoffset */
md_get_uint8(mdp, NULL); /* oplock lvl granted */
md_get_uint16le(mdp, &fid16); /* FID */
*fid = fid16;
error = md_get_uint32le(mdp, NULL); /* create_action */
/* Only get the rest of the parameter values if they want request them */
if (outparms) {
/* Should we convert the time, current we don't */
md_get_uint64le(mdp, &outparms->createTime);
md_get_uint64le(mdp, &outparms->accessTime);
md_get_uint64le(mdp, &outparms->writeTime);
md_get_uint64le(mdp, &outparms->changeTime);
md_get_uint32le(mdp, &outparms->attributes);
md_get_uint64le(mdp, &outparms->allocationSize);
md_get_uint64le(mdp, &outparms->fileSize);
md_get_uint16le(mdp, NULL); /* file type */
md_get_uint16le(mdp, NULL); /* device state */
error = md_get_uint8(mdp, NULL); /* directory (boolean) */
/* Supports extended word count, so lets get them */
if (wc == NTCREATEX_EXTENDED_WDCNT) {
md_get_mem(mdp, (caddr_t)outparms->volumeGID, sizeof(outparms->volumeGID), MB_MSYSTEM);
md_get_uint64le(mdp, &outparms->fileInode);
md_get_uint32le(mdp, &outparms->maxAccessRights);
error = md_get_uint32le(mdp, &outparms->maxGuessAccessRights);
}
}
done:
smb_usr_rq_done(rqp);
return error;
}
int
smb_smb_treeconnect(struct smb_share *ssp, struct smb_cred *scred)
{
struct smb_vc *vcp;
struct smb_rq *rqp = NULL;
struct mbchain *mbp;
struct mdchain *mdp;
char *pbuf, *unc_name = NULL;
int error, tlen, plen, unc_len;
uint16_t bcnt, options;
uint8_t wc;
vcp = SSTOVC(ssp);
/*
* Make this a "VC-level" request, so it will have
* rqp->sr_share == NULL, and smb_iod_sendrq()
* will send it with TID = SMB_TID_UNKNOWN
*
* This also serves to bypass the wait for
* share state changes, which this call is
* trying to carry out.
*/
error = smb_rq_alloc(VCTOCP(vcp), SMB_COM_TREE_CONNECT_ANDX,
scred, &rqp);
if (error)
return (error);
/*
* Build the UNC name, i.e. "//server/share"
* but with backslashes of course.
* size math: three slashes, one null.
*/
unc_len = 4 + strlen(vcp->vc_srvname) + strlen(ssp->ss_name);
unc_name = kmem_alloc(unc_len, KM_SLEEP);
(void) snprintf(unc_name, unc_len, "\\\\%s\\%s",
vcp->vc_srvname, ssp->ss_name);
SMBSDEBUG("unc_name: \"%s\"", unc_name);
/*
* The password is now pre-computed in the
* user-space helper process.
*/
plen = ssp->ss_pwlen;
pbuf = ssp->ss_pass;
/*
* Build the request.
*/
mbp = &rqp->sr_rq;
smb_rq_wstart(rqp);
mb_put_uint8(mbp, 0xff);
mb_put_uint8(mbp, 0);
mb_put_uint16le(mbp, 0);
mb_put_uint16le(mbp, 0); /* Flags */
mb_put_uint16le(mbp, plen);
smb_rq_wend(rqp);
smb_rq_bstart(rqp);
/* Tree connect password, if any */
error = mb_put_mem(mbp, pbuf, plen, MB_MSYSTEM);
if (error)
goto out;
/* UNC resource name */
error = smb_put_dstring(mbp, vcp, unc_name, SMB_CS_NONE);
if (error)
goto out;
/*
* Put the type string (always ASCII),
* including the null.
*/
tlen = strlen(ssp->ss_type_req) + 1;
error = mb_put_mem(mbp, ssp->ss_type_req, tlen, MB_MSYSTEM);
if (error)
goto out;
smb_rq_bend(rqp);
/*
* Run the request.
*
* Using NOINTR_RECV because we don't want to risk
* missing a successful tree connect response,
* which would "leak" Tree IDs.
*/
rqp->sr_flags |= SMBR_NOINTR_RECV;
error = smb_rq_simple(rqp);
SMBSDEBUG("%d\n", error);
if (error) {
/*
* If we get the server name wrong, i.e. due to
* mis-configured name services, this will be
* NT_STATUS_DUPLICATE_NAME. Log this error.
*/
SMBERROR("(%s) failed, status=0x%x",
unc_name, rqp->sr_error);
goto out;
}
/*
* Parse the TCON response
*/
smb_rq_getreply(rqp, &mdp);
md_get_uint8(mdp, &wc);
if (wc != 3 && wc != 7) {
error = EBADRPC;
goto out;
}
md_get_uint16le(mdp, NULL); /* AndX cmd */
md_get_uint16le(mdp, NULL); /* AndX off */
md_get_uint16le(mdp, &options); /* option bits (DFS, search) */
if (wc == 7) {
md_get_uint32le(mdp, NULL); /* MaximalShareAccessRights */
md_get_uint32le(mdp, NULL); /* GuestMaximalShareAcc... */
}
error = md_get_uint16le(mdp, &bcnt); /* byte count */
if (error)
goto out;
/*
* Get the returned share type string,
* i.e. "IPC" or whatever. Don't care
* if we get an error reading the type.
*/
tlen = sizeof (ssp->ss_type_ret);
bzero(ssp->ss_type_ret, tlen--);
if (tlen > bcnt)
tlen = bcnt;
md_get_mem(mdp, ssp->ss_type_ret, tlen, MB_MSYSTEM);
/* Success! */
SMB_SS_LOCK(ssp);
ssp->ss_tid = rqp->sr_rptid;
ssp->ss_vcgenid = vcp->vc_genid;
ssp->ss_options = options;
ssp->ss_flags |= SMBS_CONNECTED;
SMB_SS_UNLOCK(ssp);
out:
if (unc_name)
kmem_free(unc_name, unc_len);
smb_rq_done(rqp);
return (error);
}
int
smbfs_smb_statvfs(struct smb_share *ssp, struct statvfs *sbp,
struct smb_cred *scred)
{
unsigned long bsize; /* Block (allocation unit) size */
unsigned long bavail, bfree;
/*
* The SMB request work with notion of sector size and
* allocation units. Allocation unit is what 'block'
* means in Unix context, sector size might be HW sector size.
*/
if (SMB_DIALECT(SSTOVC(ssp)) >= SMB_DIALECT_LANMAN2_0) {
struct smb_t2rq *t2p;
struct mbchain *mbp;
struct mdchain *mdp;
u_int16_t secsz;
u_int32_t units, bpu, funits;
int error;
error = smb_t2_alloc(SSTOCP(ssp),
SMB_TRANS2_QUERY_FS_INFORMATION, scred, &t2p);
if (error)
return error;
mbp = &t2p->t2_tparam;
mb_init(mbp);
mb_put_uint16le(mbp, SMB_INFO_ALLOCATION);
t2p->t2_maxpcount = 4;
t2p->t2_maxdcount = 4 * 4 + 2;
error = smb_t2_request(t2p);
if (error) {
smb_t2_done(t2p);
return error;
}
mdp = &t2p->t2_rdata;
md_get_uint32(mdp, NULL); /* fs id */
md_get_uint32le(mdp, &bpu); /* Number of sectors per unit */
md_get_uint32le(mdp, &units); /* Total number of units */
md_get_uint32le(mdp, &funits); /* Number of available units */
md_get_uint16le(mdp, &secsz); /* Number of bytes per sector */
smb_t2_done(t2p);
bsize = bpu * secsz;
bavail = units;
bfree = funits;
} else {
struct smb_rq *rqp;
struct mdchain *mdp;
u_int16_t units, bpu, secsz, funits;
int error;
error = smb_rq_alloc(SSTOCP(ssp),
SMB_COM_QUERY_INFORMATION_DISK, scred, &rqp);
if (error)
return error;
smb_rq_wstart(rqp);
smb_rq_wend(rqp);
smb_rq_bstart(rqp);
smb_rq_bend(rqp);
error = smb_rq_simple(rqp);
if (error) {
smb_rq_done(rqp);
return error;
}
smb_rq_getreply(rqp, &mdp);
md_get_uint16le(mdp, &units); /* Total units per server */
md_get_uint16le(mdp, &bpu); /* Blocks per allocation unit */
md_get_uint16le(mdp, &secsz); /* Block size (in bytes) */
md_get_uint16le(mdp, &funits); /* Number of free units */
smb_rq_done(rqp);
bsize = bpu * secsz;
bavail = units;
bfree = funits;
}
sbp->f_bsize = bsize; /* fundamental file system block size */
sbp->f_frsize = bsize; /* fundamental file system frag size */
sbp->f_iosize = bsize; /* optimal I/O size */
sbp->f_blocks = bavail; /* total data blocks in file system */
sbp->f_bfree = bfree; /* free blocks in fs */
sbp->f_bresvd = 0; /* reserved blocks in fs */
sbp->f_bavail= bfree; /* free blocks avail to non-superuser */
sbp->f_files = 0xffff; /* total file nodes in file system */
sbp->f_ffree = 0xffff; /* free file nodes to non-superuser */
sbp->f_favail = 0xffff; /* free file nodes in fs */
sbp->f_fresvd = 0; /* reserved file nodes in fs */
return 0;
}