Deleted Added
sdiff udiff text old ( 170804 ) new ( 206361 )
full compact
smb_smb.c (170804) smb_smb.c (206361)
1/*-
2 * Copyright (c) 2000-2001 Boris Popov
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
1/*-
2 * Copyright (c) 2000-2001 Boris Popov
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by Boris Popov.
16 * 4. Neither the name of the author nor the names of any co-contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33/*
34 * various SMB requests. Most of the routines merely packs data into mbufs.
35 */
36
37#include <sys/cdefs.h>
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 */
26
27/*
28 * various SMB requests. Most of the routines merely packs data into mbufs.
29 */
30
31#include <sys/cdefs.h>
38__FBSDID("$FreeBSD: head/sys/netsmb/smb_smb.c 170804 2007-06-15 23:49:54Z mjacob $");
32__FBSDID("$FreeBSD: head/sys/netsmb/smb_smb.c 206361 2010-04-07 16:50:38Z joel $");
39
40#include <sys/param.h>
41#include <sys/systm.h>
42#include <sys/kernel.h>
43#include <sys/malloc.h>
44#include <sys/proc.h>
45#include <sys/lock.h>
46#include <sys/sysctl.h>
47#include <sys/socket.h>
48#include <sys/uio.h>
49
50#include <sys/iconv.h>
51
52#include <netsmb/smb.h>
53#include <netsmb/smb_subr.h>
54#include <netsmb/smb_rq.h>
55#include <netsmb/smb_conn.h>
56#include <netsmb/smb_tran.h>
57
58#include "opt_netsmb.h"
59
60struct smb_dialect {
61 int d_id;
62 const char * d_name;
63};
64
65static struct smb_dialect smb_dialects[] = {
66 {SMB_DIALECT_CORE, "PC NETWORK PROGRAM 1.0"},
67 {SMB_DIALECT_COREPLUS, "MICROSOFT NETWORKS 1.03"},
68 {SMB_DIALECT_LANMAN1_0, "MICROSOFT NETWORKS 3.0"},
69 {SMB_DIALECT_LANMAN1_0, "LANMAN1.0"},
70 {SMB_DIALECT_LANMAN2_0, "LM1.2X002"},
71 {SMB_DIALECT_LANMAN2_0, "Samba"},
72 {SMB_DIALECT_NTLM0_12, "NT LANMAN 1.0"},
73 {SMB_DIALECT_NTLM0_12, "NT LM 0.12"},
74 {-1, NULL}
75};
76
77#define SMB_DIALECT_MAX (sizeof(smb_dialects) / sizeof(struct smb_dialect) - 2)
78
79static u_int32_t
80smb_vc_maxread(struct smb_vc *vcp)
81{
82 /*
83 * Specs say up to 64k data bytes, but Windows traffic
84 * uses 60k... no doubt for some good reason.
85 *
86 * Don't exceed the server's buffer size if signatures
87 * are enabled otherwise Windows 2003 chokes. Allow space
88 * for the SMB header & a little bit extra.
89 */
90 if ((vcp->vc_sopt.sv_caps & SMB_CAP_LARGE_READX) &&
91 (vcp->vc_hflags2 & SMB_FLAGS2_SECURITY_SIGNATURE) == 0)
92 return (60*1024);
93 else
94 return (vcp->vc_sopt.sv_maxtx - SMB_HDRLEN - 64);
95}
96
97static u_int32_t
98smb_vc_maxwrite(struct smb_vc *vcp)
99{
100 /*
101 * See comment above.
102 */
103 if ((vcp->vc_sopt.sv_caps & SMB_CAP_LARGE_WRITEX) &&
104 (vcp->vc_hflags2 & SMB_FLAGS2_SECURITY_SIGNATURE) == 0)
105 return (60*1024);
106 else
107 return (vcp->vc_sopt.sv_maxtx - SMB_HDRLEN - 64);
108}
109
110static int
111smb_smb_nomux(struct smb_vc *vcp, struct smb_cred *scred, const char *name)
112{
113 if (scred->scr_td->td_proc == vcp->vc_iod->iod_p)
114 return 0;
115 SMBERROR("wrong function called(%s)\n", name);
116 return EINVAL;
117}
118
119int
120smb_smb_negotiate(struct smb_vc *vcp, struct smb_cred *scred)
121{
122 struct smb_dialect *dp;
123 struct smb_sopt *sp = NULL;
124 struct smb_rq *rqp;
125 struct mbchain *mbp;
126 struct mdchain *mdp;
127 u_int8_t wc, stime[8], sblen;
128 u_int16_t dindex, tw, tw1, swlen, bc;
129 int error, maxqsz;
130
131 if (smb_smb_nomux(vcp, scred, __func__) != 0)
132 return EINVAL;
133 vcp->vc_hflags = 0;
134 vcp->vc_hflags2 = 0;
135 vcp->obj.co_flags &= ~(SMBV_ENCRYPT);
136 sp = &vcp->vc_sopt;
137 bzero(sp, sizeof(struct smb_sopt));
138 error = smb_rq_alloc(VCTOCP(vcp), SMB_COM_NEGOTIATE, scred, &rqp);
139 if (error)
140 return error;
141 smb_rq_getrequest(rqp, &mbp);
142 smb_rq_wstart(rqp);
143 smb_rq_wend(rqp);
144 smb_rq_bstart(rqp);
145 for(dp = smb_dialects; dp->d_id != -1; dp++) {
146 mb_put_uint8(mbp, SMB_DT_DIALECT);
147 smb_put_dstring(mbp, vcp, dp->d_name, SMB_CS_NONE);
148 }
149 smb_rq_bend(rqp);
150 error = smb_rq_simple(rqp);
151 SMBSDEBUG("%d\n", error);
152 if (error)
153 goto bad;
154 smb_rq_getreply(rqp, &mdp);
155 do {
156 error = md_get_uint8(mdp, &wc);
157 if (error)
158 break;
159 error = md_get_uint16le(mdp, &dindex);
160 if (error)
161 break;
162 if (dindex > 7) {
163 SMBERROR("Don't know how to talk with server %s (%d)\n", "xxx", dindex);
164 error = EBADRPC;
165 break;
166 }
167 dp = smb_dialects + dindex;
168 sp->sv_proto = dp->d_id;
169 SMBSDEBUG("Dialect %s (%d, %d)\n", dp->d_name, dindex, wc);
170 error = EBADRPC;
171 if (dp->d_id >= SMB_DIALECT_NTLM0_12) {
172 if (wc != 17)
173 break;
174 md_get_uint8(mdp, &sp->sv_sm);
175 md_get_uint16le(mdp, &sp->sv_maxmux);
176 md_get_uint16le(mdp, &sp->sv_maxvcs);
177 md_get_uint32le(mdp, &sp->sv_maxtx);
178 md_get_uint32le(mdp, &sp->sv_maxraw);
179 md_get_uint32le(mdp, &sp->sv_skey);
180 md_get_uint32le(mdp, &sp->sv_caps);
181 md_get_mem(mdp, stime, 8, MB_MSYSTEM);
182 md_get_uint16le(mdp, (u_int16_t*)&sp->sv_tz);
183 md_get_uint8(mdp, &sblen);
184 if (sblen && (sp->sv_sm & SMB_SM_ENCRYPT)) {
185 if (sblen != SMB_MAXCHALLENGELEN) {
186 SMBERROR("Unexpected length of security blob (%d)\n", sblen);
187 break;
188 }
189 error = md_get_uint16(mdp, &bc);
190 if (error)
191 break;
192 if (sp->sv_caps & SMB_CAP_EXT_SECURITY)
193 md_get_mem(mdp, NULL, 16, MB_MSYSTEM);
194 error = md_get_mem(mdp, vcp->vc_ch, sblen, MB_MSYSTEM);
195 if (error)
196 break;
197 vcp->vc_chlen = sblen;
198 vcp->obj.co_flags |= SMBV_ENCRYPT;
199 }
200 if (sp->sv_sm & SMB_SM_SIGS_REQUIRE)
201 vcp->vc_hflags2 |= SMB_FLAGS2_SECURITY_SIGNATURE;
202 vcp->vc_hflags2 |= SMB_FLAGS2_KNOWS_LONG_NAMES;
203 if (dp->d_id == SMB_DIALECT_NTLM0_12 &&
204 sp->sv_maxtx < 4096 &&
205 (sp->sv_caps & SMB_CAP_NT_SMBS) == 0) {
206 vcp->obj.co_flags |= SMBV_WIN95;
207 SMBSDEBUG("Win95 detected\n");
208 }
209 } else if (dp->d_id > SMB_DIALECT_CORE) {
210 md_get_uint16le(mdp, &tw);
211 sp->sv_sm = tw;
212 md_get_uint16le(mdp, &tw);
213 sp->sv_maxtx = tw;
214 md_get_uint16le(mdp, &sp->sv_maxmux);
215 md_get_uint16le(mdp, &sp->sv_maxvcs);
216 md_get_uint16le(mdp, &tw); /* rawmode */
217 md_get_uint32le(mdp, &sp->sv_skey);
218 if (wc == 13) { /* >= LANMAN1 */
219 md_get_uint16(mdp, &tw); /* time */
220 md_get_uint16(mdp, &tw1); /* date */
221 md_get_uint16le(mdp, (u_int16_t*)&sp->sv_tz);
222 md_get_uint16le(mdp, &swlen);
223 if (swlen > SMB_MAXCHALLENGELEN)
224 break;
225 md_get_uint16(mdp, NULL); /* mbz */
226 if (md_get_uint16(mdp, &bc) != 0)
227 break;
228 if (bc < swlen)
229 break;
230 if (swlen && (sp->sv_sm & SMB_SM_ENCRYPT)) {
231 error = md_get_mem(mdp, vcp->vc_ch, swlen, MB_MSYSTEM);
232 if (error)
233 break;
234 vcp->vc_chlen = swlen;
235 vcp->obj.co_flags |= SMBV_ENCRYPT;
236 }
237 }
238 vcp->vc_hflags2 |= SMB_FLAGS2_KNOWS_LONG_NAMES;
239 } else { /* an old CORE protocol */
240 sp->sv_maxmux = 1;
241 }
242 error = 0;
243 } while (0);
244 if (error == 0) {
245 vcp->vc_maxvcs = sp->sv_maxvcs;
246 if (vcp->vc_maxvcs <= 1) {
247 if (vcp->vc_maxvcs == 0)
248 vcp->vc_maxvcs = 1;
249 }
250 if (sp->sv_maxtx <= 0 || sp->sv_maxtx > 0xffff)
251 sp->sv_maxtx = 1024;
252 else
253 sp->sv_maxtx = min(sp->sv_maxtx,
254 63*1024 + SMB_HDRLEN + 16);
255 SMB_TRAN_GETPARAM(vcp, SMBTP_RCVSZ, &maxqsz);
256 vcp->vc_rxmax = min(smb_vc_maxread(vcp), maxqsz - 1024);
257 SMB_TRAN_GETPARAM(vcp, SMBTP_SNDSZ, &maxqsz);
258 vcp->vc_wxmax = min(smb_vc_maxwrite(vcp), maxqsz - 1024);
259 vcp->vc_txmax = min(sp->sv_maxtx, maxqsz);
260 SMBSDEBUG("TZ = %d\n", sp->sv_tz);
261 SMBSDEBUG("CAPS = %x\n", sp->sv_caps);
262 SMBSDEBUG("MAXMUX = %d\n", sp->sv_maxmux);
263 SMBSDEBUG("MAXVCS = %d\n", sp->sv_maxvcs);
264 SMBSDEBUG("MAXRAW = %d\n", sp->sv_maxraw);
265 SMBSDEBUG("MAXTX = %d\n", sp->sv_maxtx);
266 }
267bad:
268 smb_rq_done(rqp);
269 return error;
270}
271
272int
273smb_smb_ssnsetup(struct smb_vc *vcp, struct smb_cred *scred)
274{
275 struct smb_rq *rqp;
276 struct mbchain *mbp;
277/* u_int8_t wc;
278 u_int16_t tw, tw1;*/
279 smb_uniptr unipp, ntencpass = NULL;
280 char *pp, *up, *pbuf, *encpass;
281 int error, plen, uniplen, ulen, upper;
282
283 upper = 0;
284
285again:
286
287 vcp->vc_smbuid = SMB_UID_UNKNOWN;
288
289 if (smb_smb_nomux(vcp, scred, __func__) != 0)
290 return EINVAL;
291
292 error = smb_rq_alloc(VCTOCP(vcp), SMB_COM_SESSION_SETUP_ANDX, scred, &rqp);
293 if (error)
294 return error;
295 pbuf = malloc(SMB_MAXPASSWORDLEN + 1, M_SMBTEMP, M_WAITOK);
296 encpass = malloc(24, M_SMBTEMP, M_WAITOK);
297 if (vcp->vc_sopt.sv_sm & SMB_SM_USER) {
298 /*
299 * We try w/o uppercasing first so Samba mixed case
300 * passwords work. If that fails we come back and try
301 * uppercasing to satisfy OS/2 and Windows for Workgroups.
302 */
303 if (upper++) {
304 iconv_convstr(vcp->vc_toupper, pbuf,
305 smb_vc_getpass(vcp)/*, SMB_MAXPASSWORDLEN*/);
306 } else {
307 strncpy(pbuf, smb_vc_getpass(vcp), SMB_MAXPASSWORDLEN);
308 pbuf[SMB_MAXPASSWORDLEN] = '\0';
309 }
310 if (!SMB_UNICODE_STRINGS(vcp))
311 iconv_convstr(vcp->vc_toserver, pbuf, pbuf/*,
312 SMB_MAXPASSWORDLEN*/);
313
314 if (vcp->vc_sopt.sv_sm & SMB_SM_ENCRYPT) {
315 uniplen = plen = 24;
316 smb_encrypt(pbuf, vcp->vc_ch, encpass);
317 ntencpass = malloc(uniplen, M_SMBTEMP, M_WAITOK);
318 if (SMB_UNICODE_STRINGS(vcp)) {
319 strncpy(pbuf, smb_vc_getpass(vcp),
320 SMB_MAXPASSWORDLEN);
321 pbuf[SMB_MAXPASSWORDLEN] = '\0';
322 } else
323 iconv_convstr(vcp->vc_toserver, pbuf,
324 smb_vc_getpass(vcp)/*,
325 SMB_MAXPASSWORDLEN*/);
326 smb_ntencrypt(pbuf, vcp->vc_ch, (u_char*)ntencpass);
327 pp = encpass;
328 unipp = ntencpass;
329 } else {
330 plen = strlen(pbuf) + 1;
331 pp = pbuf;
332 uniplen = plen * 2;
333 ntencpass = malloc(uniplen, M_SMBTEMP, M_WAITOK);
334 smb_strtouni(ntencpass, smb_vc_getpass(vcp));
335 plen--;
336
337 /*
338 * The uniplen is zeroed because Samba cannot deal
339 * with this 2nd cleartext password. This Samba
340 * "bug" is actually a workaround for problems in
341 * Microsoft clients.
342 */
343 uniplen = 0/*-= 2*/;
344 unipp = ntencpass;
345 }
346 } else {
347 /*
348 * In the share security mode password will be used
349 * only in the tree authentication
350 */
351 pp = "";
352 plen = 1;
353 unipp = &smb_unieol;
354 uniplen = 0 /* sizeof(smb_unieol) */;
355 }
356 smb_rq_wstart(rqp);
357 mbp = &rqp->sr_rq;
358 up = vcp->vc_username;
359 ulen = strlen(up) + 1;
360 /*
361 * If userid is null we are attempting anonymous browse login
362 * so passwords must be zero length.
363 */
364 if (ulen == 1)
365 plen = uniplen = 0;
366 mb_put_uint8(mbp, 0xff);
367 mb_put_uint8(mbp, 0);
368 mb_put_uint16le(mbp, 0);
369 mb_put_uint16le(mbp, vcp->vc_sopt.sv_maxtx);
370 mb_put_uint16le(mbp, vcp->vc_sopt.sv_maxmux);
371 mb_put_uint16le(mbp, vcp->vc_number);
372 mb_put_uint32le(mbp, vcp->vc_sopt.sv_skey);
373 mb_put_uint16le(mbp, plen);
374 if (SMB_DIALECT(vcp) < SMB_DIALECT_NTLM0_12) {
375 mb_put_uint32le(mbp, 0);
376 smb_rq_wend(rqp);
377 smb_rq_bstart(rqp);
378 mb_put_mem(mbp, pp, plen, MB_MSYSTEM);
379 smb_put_dstring(mbp, vcp, up, SMB_CS_NONE);
380 } else {
381 mb_put_uint16le(mbp, uniplen);
382 mb_put_uint32le(mbp, 0); /* reserved */
383 mb_put_uint32le(mbp, vcp->obj.co_flags & SMBV_UNICODE ?
384 SMB_CAP_UNICODE : 0);
385 smb_rq_wend(rqp);
386 smb_rq_bstart(rqp);
387 mb_put_mem(mbp, pp, plen, MB_MSYSTEM);
388 mb_put_mem(mbp, (caddr_t)unipp, uniplen, MB_MSYSTEM);
389 smb_put_dstring(mbp, vcp, up, SMB_CS_NONE); /* AccountName */
390 smb_put_dstring(mbp, vcp, vcp->vc_domain, SMB_CS_NONE); /* PrimaryDomain */
391 smb_put_dstring(mbp, vcp, "FreeBSD", SMB_CS_NONE); /* Client's OS */
392 smb_put_dstring(mbp, vcp, "NETSMB", SMB_CS_NONE); /* Client name */
393 }
394 smb_rq_bend(rqp);
395 if (ntencpass)
396 free(ntencpass, M_SMBTEMP);
397 if (vcp->vc_hflags2 & SMB_FLAGS2_SECURITY_SIGNATURE)
398 smb_calcmackey(vcp);
399 error = smb_rq_simple(rqp);
400 SMBSDEBUG("%d\n", error);
401 if (error) {
402 if (rqp->sr_errclass == ERRDOS && rqp->sr_serror == ERRnoaccess)
403 error = EAUTH;
404 goto bad;
405 }
406 vcp->vc_smbuid = rqp->sr_rpuid;
407bad:
408 free(encpass, M_SMBTEMP);
409 free(pbuf, M_SMBTEMP);
410 smb_rq_done(rqp);
411 if (error && upper == 1 && vcp->vc_sopt.sv_sm & SMB_SM_USER)
412 goto again;
413 return error;
414}
415
416int
417smb_smb_ssnclose(struct smb_vc *vcp, struct smb_cred *scred)
418{
419 struct smb_rq *rqp;
420 struct mbchain *mbp;
421 int error;
422
423 if (vcp->vc_smbuid == SMB_UID_UNKNOWN)
424 return 0;
425
426 if (smb_smb_nomux(vcp, scred, __func__) != 0)
427 return EINVAL;
428
429 error = smb_rq_alloc(VCTOCP(vcp), SMB_COM_LOGOFF_ANDX, scred, &rqp);
430 if (error)
431 return error;
432 mbp = &rqp->sr_rq;
433 smb_rq_wstart(rqp);
434 mb_put_uint8(mbp, 0xff);
435 mb_put_uint8(mbp, 0);
436 mb_put_uint16le(mbp, 0);
437 smb_rq_wend(rqp);
438 smb_rq_bstart(rqp);
439 smb_rq_bend(rqp);
440 error = smb_rq_simple(rqp);
441 SMBSDEBUG("%d\n", error);
442 smb_rq_done(rqp);
443 return error;
444}
445
446static char smb_any_share[] = "?????";
447
448static char *
449smb_share_typename(int stype)
450{
451 char *pp;
452
453 switch (stype) {
454 case SMB_ST_DISK:
455 pp = "A:";
456 break;
457 case SMB_ST_PRINTER:
458 pp = smb_any_share; /* can't use LPT: here... */
459 break;
460 case SMB_ST_PIPE:
461 pp = "IPC";
462 break;
463 case SMB_ST_COMM:
464 pp = "COMM";
465 break;
466 case SMB_ST_ANY:
467 default:
468 pp = smb_any_share;
469 break;
470 }
471 return pp;
472}
473
474int
475smb_smb_treeconnect(struct smb_share *ssp, struct smb_cred *scred)
476{
477 struct smb_vc *vcp;
478 struct smb_rq rq, *rqp = &rq;
479 struct mbchain *mbp;
480 char *pp, *pbuf, *encpass;
481 int error, plen, caseopt, upper;
482
483 upper = 0;
484
485again:
486
487#if 0
488 /* Disable Unicode for SMB_COM_TREE_CONNECT_ANDX requests */
489 if (SSTOVC(ssp)->vc_hflags2 & SMB_FLAGS2_UNICODE) {
490 vcp = SSTOVC(ssp);
491 if (vcp->vc_toserver) {
492 iconv_close(vcp->vc_toserver);
493 /* Use NULL until UTF-8 -> ASCII works */
494 vcp->vc_toserver = NULL;
495 }
496 if (vcp->vc_tolocal) {
497 iconv_close(vcp->vc_tolocal);
498 /* Use NULL until ASCII -> UTF-8 works*/
499 vcp->vc_tolocal = NULL;
500 }
501 vcp->vc_hflags2 &= ~SMB_FLAGS2_UNICODE;
502 }
503#endif
504
505 ssp->ss_tid = SMB_TID_UNKNOWN;
506 error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_TREE_CONNECT_ANDX, scred, &rqp);
507 if (error)
508 return error;
509 vcp = rqp->sr_vc;
510 caseopt = SMB_CS_NONE;
511 if (vcp->vc_sopt.sv_sm & SMB_SM_USER) {
512 plen = 1;
513 pp = "";
514 pbuf = NULL;
515 encpass = NULL;
516 } else {
517 pbuf = malloc(SMB_MAXPASSWORDLEN + 1, M_SMBTEMP, M_WAITOK);
518 encpass = malloc(24, M_SMBTEMP, M_WAITOK);
519 /*
520 * We try w/o uppercasing first so Samba mixed case
521 * passwords work. If that fails we come back and try
522 * uppercasing to satisfy OS/2 and Windows for Workgroups.
523 */
524 if (upper++) {
525 iconv_convstr(vcp->vc_toupper, pbuf,
526 smb_share_getpass(ssp)/*,
527 SMB_MAXPASSWORDLEN*/);
528 } else {
529 strncpy(pbuf, smb_share_getpass(ssp),
530 SMB_MAXPASSWORDLEN);
531 pbuf[SMB_MAXPASSWORDLEN] = '\0';
532 }
533 if (vcp->vc_sopt.sv_sm & SMB_SM_ENCRYPT) {
534 plen = 24;
535 smb_encrypt(pbuf, vcp->vc_ch, encpass);
536 pp = encpass;
537 } else {
538 plen = strlen(pbuf) + 1;
539 pp = pbuf;
540 }
541 }
542 mbp = &rqp->sr_rq;
543 smb_rq_wstart(rqp);
544 mb_put_uint8(mbp, 0xff);
545 mb_put_uint8(mbp, 0);
546 mb_put_uint16le(mbp, 0);
547 mb_put_uint16le(mbp, 0); /* Flags */
548 mb_put_uint16le(mbp, plen);
549 smb_rq_wend(rqp);
550 smb_rq_bstart(rqp);
551 mb_put_mem(mbp, pp, plen, MB_MSYSTEM);
552 smb_put_dmem(mbp, vcp, "\\\\", 2, caseopt);
553 pp = vcp->vc_srvname;
554 smb_put_dmem(mbp, vcp, pp, strlen(pp), caseopt);
555 smb_put_dmem(mbp, vcp, "\\", 1, caseopt);
556 pp = ssp->ss_name;
557 smb_put_dstring(mbp, vcp, pp, caseopt);
558 pp = smb_share_typename(ssp->ss_type);
559 smb_put_dstring(mbp, vcp, pp, caseopt);
560 smb_rq_bend(rqp);
561 error = smb_rq_simple(rqp);
562 SMBSDEBUG("%d\n", error);
563 if (error)
564 goto bad;
565 ssp->ss_tid = rqp->sr_rptid;
566 ssp->ss_vcgenid = vcp->vc_genid;
567 ssp->ss_flags |= SMBS_CONNECTED;
568bad:
569 if (encpass)
570 free(encpass, M_SMBTEMP);
571 if (pbuf)
572 free(pbuf, M_SMBTEMP);
573 smb_rq_done(rqp);
574 if (error && upper == 1)
575 goto again;
576 return error;
577}
578
579int
580smb_smb_treedisconnect(struct smb_share *ssp, struct smb_cred *scred)
581{
582 struct smb_rq *rqp;
583 struct mbchain *mbp;
584 int error;
585
586 if (ssp->ss_tid == SMB_TID_UNKNOWN)
587 return 0;
588 error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_TREE_DISCONNECT, scred, &rqp);
589 if (error)
590 return error;
591 mbp = &rqp->sr_rq;
592 smb_rq_wstart(rqp);
593 smb_rq_wend(rqp);
594 smb_rq_bstart(rqp);
595 smb_rq_bend(rqp);
596 error = smb_rq_simple(rqp);
597 SMBSDEBUG("%d\n", error);
598 smb_rq_done(rqp);
599 ssp->ss_tid = SMB_TID_UNKNOWN;
600 return error;
601}
602
603static __inline int
604smb_smb_readx(struct smb_share *ssp, u_int16_t fid, int *len, int *rresid,
605 struct uio *uio, struct smb_cred *scred)
606{
607 struct smb_rq *rqp;
608 struct mbchain *mbp;
609 struct mdchain *mdp;
610 u_int8_t wc;
611 int error;
612 u_int16_t residhi, residlo, off, doff;
613 u_int32_t resid;
614
615 error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_READ_ANDX, scred, &rqp);
616 if (error)
617 return error;
618 smb_rq_getrequest(rqp, &mbp);
619 smb_rq_wstart(rqp);
620 mb_put_uint8(mbp, 0xff); /* no secondary command */
621 mb_put_uint8(mbp, 0); /* MBZ */
622 mb_put_uint16le(mbp, 0); /* offset to secondary */
623 mb_put_mem(mbp, (caddr_t)&fid, sizeof(fid), MB_MSYSTEM);
624 mb_put_uint32le(mbp, uio->uio_offset);
625 *len = min(SSTOVC(ssp)->vc_rxmax, *len);
626 mb_put_uint16le(mbp, *len); /* MaxCount */
627 mb_put_uint16le(mbp, *len); /* MinCount (only indicates blocking) */
628 mb_put_uint32le(mbp, (unsigned)*len >> 16); /* MaxCountHigh */
629 mb_put_uint16le(mbp, *len); /* Remaining ("obsolete") */
630 mb_put_uint32le(mbp, uio->uio_offset >> 32); /* OffsetHigh */
631 smb_rq_wend(rqp);
632 smb_rq_bstart(rqp);
633 smb_rq_bend(rqp);
634 do {
635 error = smb_rq_simple(rqp);
636 if (error)
637 break;
638 smb_rq_getreply(rqp, &mdp);
639 off = SMB_HDRLEN;
640 md_get_uint8(mdp, &wc);
641 off++;
642 if (wc != 12) {
643 error = EBADRPC;
644 break;
645 }
646 md_get_uint8(mdp, NULL);
647 off++;
648 md_get_uint8(mdp, NULL);
649 off++;
650 md_get_uint16le(mdp, NULL);
651 off += 2;
652 md_get_uint16le(mdp, NULL);
653 off += 2;
654 md_get_uint16le(mdp, NULL); /* data compaction mode */
655 off += 2;
656 md_get_uint16le(mdp, NULL);
657 off += 2;
658 md_get_uint16le(mdp, &residlo);
659 off += 2;
660 md_get_uint16le(mdp, &doff); /* data offset */
661 off += 2;
662 md_get_uint16le(mdp, &residhi);
663 off += 2;
664 resid = (residhi << 16) | residlo;
665 md_get_mem(mdp, NULL, 4 * 2, MB_MSYSTEM);
666 off += 4*2;
667 md_get_uint16le(mdp, NULL); /* ByteCount */
668 off += 2;
669 if (doff > off) /* pad byte(s)? */
670 md_get_mem(mdp, NULL, doff - off, MB_MSYSTEM);
671 if (resid == 0) {
672 *rresid = resid;
673 break;
674 }
675 error = md_get_uio(mdp, uio, resid);
676 if (error)
677 break;
678 *rresid = resid;
679 } while(0);
680 smb_rq_done(rqp);
681 return (error);
682}
683
684static __inline int
685smb_smb_writex(struct smb_share *ssp, u_int16_t fid, int *len, int *rresid,
686 struct uio *uio, struct smb_cred *scred)
687{
688 struct smb_rq *rqp;
689 struct mbchain *mbp;
690 struct mdchain *mdp;
691 int error;
692 u_int8_t wc;
693 u_int16_t resid;
694
695 error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_WRITE_ANDX, scred, &rqp);
696 if (error)
697 return (error);
698 smb_rq_getrequest(rqp, &mbp);
699 smb_rq_wstart(rqp);
700 mb_put_uint8(mbp, 0xff); /* no secondary command */
701 mb_put_uint8(mbp, 0); /* MBZ */
702 mb_put_uint16le(mbp, 0); /* offset to secondary */
703 mb_put_mem(mbp, (caddr_t)&fid, sizeof(fid), MB_MSYSTEM);
704 mb_put_uint32le(mbp, uio->uio_offset);
705 mb_put_uint32le(mbp, 0); /* MBZ (timeout) */
706 mb_put_uint16le(mbp, 0); /* !write-thru */
707 mb_put_uint16le(mbp, 0);
708 *len = min(SSTOVC(ssp)->vc_wxmax, *len);
709 mb_put_uint16le(mbp, (unsigned)*len >> 16);
710 mb_put_uint16le(mbp, *len);
711 mb_put_uint16le(mbp, 64); /* data offset from header start */
712 mb_put_uint32le(mbp, uio->uio_offset >> 32); /* OffsetHigh */
713 smb_rq_wend(rqp);
714 smb_rq_bstart(rqp);
715 do {
716 mb_put_uint8(mbp, 0xee); /* mimic xp pad byte! */
717 error = mb_put_uio(mbp, uio, *len);
718 if (error)
719 break;
720 smb_rq_bend(rqp);
721 error = smb_rq_simple(rqp);
722 if (error)
723 break;
724 smb_rq_getreply(rqp, &mdp);
725 md_get_uint8(mdp, &wc);
726 if (wc != 6) {
727 error = EBADRPC;
728 break;
729 }
730 md_get_uint8(mdp, NULL);
731 md_get_uint8(mdp, NULL);
732 md_get_uint16le(mdp, NULL);
733 md_get_uint16le(mdp, &resid);
734 *rresid = resid;
735 } while(0);
736
737 smb_rq_done(rqp);
738 return (error);
739}
740
741static __inline int
742smb_smb_read(struct smb_share *ssp, u_int16_t fid,
743 int *len, int *rresid, struct uio *uio, struct smb_cred *scred)
744{
745 struct smb_rq *rqp;
746 struct mbchain *mbp;
747 struct mdchain *mdp;
748 u_int16_t resid, bc;
749 u_int8_t wc;
750 int error, rlen, blksz;
751
752 if (SSTOVC(ssp)->vc_sopt.sv_caps & SMB_CAP_LARGE_READX)
753 return (smb_smb_readx(ssp, fid, len, rresid, uio, scred));
754
755 error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_READ, scred, &rqp);
756 if (error)
757 return error;
758
759 blksz = SSTOVC(ssp)->vc_txmax - SMB_HDRLEN - 16;
760 rlen = *len = min(blksz, *len);
761
762 smb_rq_getrequest(rqp, &mbp);
763 smb_rq_wstart(rqp);
764 mb_put_mem(mbp, (caddr_t)&fid, sizeof(fid), MB_MSYSTEM);
765 mb_put_uint16le(mbp, rlen);
766 mb_put_uint32le(mbp, uio->uio_offset);
767 mb_put_uint16le(mbp, min(uio->uio_resid, 0xffff));
768 smb_rq_wend(rqp);
769 smb_rq_bstart(rqp);
770 smb_rq_bend(rqp);
771 do {
772 error = smb_rq_simple(rqp);
773 if (error)
774 break;
775 smb_rq_getreply(rqp, &mdp);
776 md_get_uint8(mdp, &wc);
777 if (wc != 5) {
778 error = EBADRPC;
779 break;
780 }
781 md_get_uint16le(mdp, &resid);
782 md_get_mem(mdp, NULL, 4 * 2, MB_MSYSTEM);
783 md_get_uint16le(mdp, &bc);
784 md_get_uint8(mdp, NULL); /* ignore buffer type */
785 md_get_uint16le(mdp, &resid);
786 if (resid == 0) {
787 *rresid = resid;
788 break;
789 }
790 error = md_get_uio(mdp, uio, resid);
791 if (error)
792 break;
793 *rresid = resid;
794 } while(0);
795 smb_rq_done(rqp);
796 return error;
797}
798
799int
800smb_read(struct smb_share *ssp, u_int16_t fid, struct uio *uio,
801 struct smb_cred *scred)
802{
803 int tsize, len, resid;
804 int error = 0;
805
806 tsize = uio->uio_resid;
807 while (tsize > 0) {
808 resid = 0;
809 len = tsize;
810 error = smb_smb_read(ssp, fid, &len, &resid, uio, scred);
811 if (error)
812 break;
813 tsize -= resid;
814 if (resid < len)
815 break;
816 }
817 return error;
818}
819
820static __inline int
821smb_smb_write(struct smb_share *ssp, u_int16_t fid, int *len, int *rresid,
822 struct uio *uio, struct smb_cred *scred)
823{
824 struct smb_rq *rqp;
825 struct mbchain *mbp;
826 struct mdchain *mdp;
827 u_int16_t resid;
828 u_int8_t wc;
829 int error, blksz;
830
831 if (*len && SSTOVC(ssp)->vc_sopt.sv_caps & SMB_CAP_LARGE_WRITEX)
832 return (smb_smb_writex(ssp, fid, len, rresid, uio, scred));
833
834 blksz = SSTOVC(ssp)->vc_txmax - SMB_HDRLEN - 16;
835 if (blksz > 0xffff)
836 blksz = 0xffff;
837
838 resid = *len = min(blksz, *len);
839
840 error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_WRITE, scred, &rqp);
841 if (error)
842 return error;
843 smb_rq_getrequest(rqp, &mbp);
844 smb_rq_wstart(rqp);
845 mb_put_mem(mbp, (caddr_t)&fid, sizeof(fid), MB_MSYSTEM);
846 mb_put_uint16le(mbp, resid);
847 mb_put_uint32le(mbp, uio->uio_offset);
848 mb_put_uint16le(mbp, min(uio->uio_resid, 0xffff));
849 smb_rq_wend(rqp);
850 smb_rq_bstart(rqp);
851 mb_put_uint8(mbp, SMB_DT_DATA);
852 mb_put_uint16le(mbp, resid);
853 do {
854 error = mb_put_uio(mbp, uio, resid);
855 if (error)
856 break;
857 smb_rq_bend(rqp);
858 error = smb_rq_simple(rqp);
859 if (error)
860 break;
861 smb_rq_getreply(rqp, &mdp);
862 md_get_uint8(mdp, &wc);
863 if (wc != 1) {
864 error = EBADRPC;
865 break;
866 }
867 md_get_uint16le(mdp, &resid);
868 *rresid = resid;
869 } while(0);
870 smb_rq_done(rqp);
871 return error;
872}
873
874int
875smb_write(struct smb_share *ssp, u_int16_t fid, struct uio *uio,
876 struct smb_cred *scred)
877{
878 int error = 0, len, tsize, resid;
879 struct uio olduio;
880
881 tsize = uio->uio_resid;
882 olduio = *uio;
883 while (tsize > 0) {
884 resid = 0;
885 len = tsize;
886 error = smb_smb_write(ssp, fid, &len, &resid, uio, scred);
887 if (error)
888 break;
889 if (resid < len) {
890 error = EIO;
891 break;
892 }
893 tsize -= resid;
894 }
895 if (error) {
896 /*
897 * Errors can happen on the copyin, the rpc, etc. So they
898 * imply resid is unreliable. The only safe thing is
899 * to pretend zero bytes made it. We needn't restore the
900 * iovs because callers don't depend on them in error
901 * paths - uio_resid and uio_offset are what matter.
902 */
903 *uio = olduio;
904 }
905 return error;
906}
907
908int
909smb_smb_echo(struct smb_vc *vcp, struct smb_cred *scred)
910{
911 struct smb_rq *rqp;
912 struct mbchain *mbp;
913 int error;
914
915 error = smb_rq_alloc(VCTOCP(vcp), SMB_COM_ECHO, scred, &rqp);
916 if (error)
917 return error;
918 mbp = &rqp->sr_rq;
919 smb_rq_wstart(rqp);
920 mb_put_uint16le(mbp, 1);
921 smb_rq_wend(rqp);
922 smb_rq_bstart(rqp);
923 mb_put_uint32le(mbp, 0);
924 smb_rq_bend(rqp);
925 error = smb_rq_simple(rqp);
926 SMBSDEBUG("%d\n", error);
927 smb_rq_done(rqp);
928 return error;
929}
33
34#include <sys/param.h>
35#include <sys/systm.h>
36#include <sys/kernel.h>
37#include <sys/malloc.h>
38#include <sys/proc.h>
39#include <sys/lock.h>
40#include <sys/sysctl.h>
41#include <sys/socket.h>
42#include <sys/uio.h>
43
44#include <sys/iconv.h>
45
46#include <netsmb/smb.h>
47#include <netsmb/smb_subr.h>
48#include <netsmb/smb_rq.h>
49#include <netsmb/smb_conn.h>
50#include <netsmb/smb_tran.h>
51
52#include "opt_netsmb.h"
53
54struct smb_dialect {
55 int d_id;
56 const char * d_name;
57};
58
59static struct smb_dialect smb_dialects[] = {
60 {SMB_DIALECT_CORE, "PC NETWORK PROGRAM 1.0"},
61 {SMB_DIALECT_COREPLUS, "MICROSOFT NETWORKS 1.03"},
62 {SMB_DIALECT_LANMAN1_0, "MICROSOFT NETWORKS 3.0"},
63 {SMB_DIALECT_LANMAN1_0, "LANMAN1.0"},
64 {SMB_DIALECT_LANMAN2_0, "LM1.2X002"},
65 {SMB_DIALECT_LANMAN2_0, "Samba"},
66 {SMB_DIALECT_NTLM0_12, "NT LANMAN 1.0"},
67 {SMB_DIALECT_NTLM0_12, "NT LM 0.12"},
68 {-1, NULL}
69};
70
71#define SMB_DIALECT_MAX (sizeof(smb_dialects) / sizeof(struct smb_dialect) - 2)
72
73static u_int32_t
74smb_vc_maxread(struct smb_vc *vcp)
75{
76 /*
77 * Specs say up to 64k data bytes, but Windows traffic
78 * uses 60k... no doubt for some good reason.
79 *
80 * Don't exceed the server's buffer size if signatures
81 * are enabled otherwise Windows 2003 chokes. Allow space
82 * for the SMB header & a little bit extra.
83 */
84 if ((vcp->vc_sopt.sv_caps & SMB_CAP_LARGE_READX) &&
85 (vcp->vc_hflags2 & SMB_FLAGS2_SECURITY_SIGNATURE) == 0)
86 return (60*1024);
87 else
88 return (vcp->vc_sopt.sv_maxtx - SMB_HDRLEN - 64);
89}
90
91static u_int32_t
92smb_vc_maxwrite(struct smb_vc *vcp)
93{
94 /*
95 * See comment above.
96 */
97 if ((vcp->vc_sopt.sv_caps & SMB_CAP_LARGE_WRITEX) &&
98 (vcp->vc_hflags2 & SMB_FLAGS2_SECURITY_SIGNATURE) == 0)
99 return (60*1024);
100 else
101 return (vcp->vc_sopt.sv_maxtx - SMB_HDRLEN - 64);
102}
103
104static int
105smb_smb_nomux(struct smb_vc *vcp, struct smb_cred *scred, const char *name)
106{
107 if (scred->scr_td->td_proc == vcp->vc_iod->iod_p)
108 return 0;
109 SMBERROR("wrong function called(%s)\n", name);
110 return EINVAL;
111}
112
113int
114smb_smb_negotiate(struct smb_vc *vcp, struct smb_cred *scred)
115{
116 struct smb_dialect *dp;
117 struct smb_sopt *sp = NULL;
118 struct smb_rq *rqp;
119 struct mbchain *mbp;
120 struct mdchain *mdp;
121 u_int8_t wc, stime[8], sblen;
122 u_int16_t dindex, tw, tw1, swlen, bc;
123 int error, maxqsz;
124
125 if (smb_smb_nomux(vcp, scred, __func__) != 0)
126 return EINVAL;
127 vcp->vc_hflags = 0;
128 vcp->vc_hflags2 = 0;
129 vcp->obj.co_flags &= ~(SMBV_ENCRYPT);
130 sp = &vcp->vc_sopt;
131 bzero(sp, sizeof(struct smb_sopt));
132 error = smb_rq_alloc(VCTOCP(vcp), SMB_COM_NEGOTIATE, scred, &rqp);
133 if (error)
134 return error;
135 smb_rq_getrequest(rqp, &mbp);
136 smb_rq_wstart(rqp);
137 smb_rq_wend(rqp);
138 smb_rq_bstart(rqp);
139 for(dp = smb_dialects; dp->d_id != -1; dp++) {
140 mb_put_uint8(mbp, SMB_DT_DIALECT);
141 smb_put_dstring(mbp, vcp, dp->d_name, SMB_CS_NONE);
142 }
143 smb_rq_bend(rqp);
144 error = smb_rq_simple(rqp);
145 SMBSDEBUG("%d\n", error);
146 if (error)
147 goto bad;
148 smb_rq_getreply(rqp, &mdp);
149 do {
150 error = md_get_uint8(mdp, &wc);
151 if (error)
152 break;
153 error = md_get_uint16le(mdp, &dindex);
154 if (error)
155 break;
156 if (dindex > 7) {
157 SMBERROR("Don't know how to talk with server %s (%d)\n", "xxx", dindex);
158 error = EBADRPC;
159 break;
160 }
161 dp = smb_dialects + dindex;
162 sp->sv_proto = dp->d_id;
163 SMBSDEBUG("Dialect %s (%d, %d)\n", dp->d_name, dindex, wc);
164 error = EBADRPC;
165 if (dp->d_id >= SMB_DIALECT_NTLM0_12) {
166 if (wc != 17)
167 break;
168 md_get_uint8(mdp, &sp->sv_sm);
169 md_get_uint16le(mdp, &sp->sv_maxmux);
170 md_get_uint16le(mdp, &sp->sv_maxvcs);
171 md_get_uint32le(mdp, &sp->sv_maxtx);
172 md_get_uint32le(mdp, &sp->sv_maxraw);
173 md_get_uint32le(mdp, &sp->sv_skey);
174 md_get_uint32le(mdp, &sp->sv_caps);
175 md_get_mem(mdp, stime, 8, MB_MSYSTEM);
176 md_get_uint16le(mdp, (u_int16_t*)&sp->sv_tz);
177 md_get_uint8(mdp, &sblen);
178 if (sblen && (sp->sv_sm & SMB_SM_ENCRYPT)) {
179 if (sblen != SMB_MAXCHALLENGELEN) {
180 SMBERROR("Unexpected length of security blob (%d)\n", sblen);
181 break;
182 }
183 error = md_get_uint16(mdp, &bc);
184 if (error)
185 break;
186 if (sp->sv_caps & SMB_CAP_EXT_SECURITY)
187 md_get_mem(mdp, NULL, 16, MB_MSYSTEM);
188 error = md_get_mem(mdp, vcp->vc_ch, sblen, MB_MSYSTEM);
189 if (error)
190 break;
191 vcp->vc_chlen = sblen;
192 vcp->obj.co_flags |= SMBV_ENCRYPT;
193 }
194 if (sp->sv_sm & SMB_SM_SIGS_REQUIRE)
195 vcp->vc_hflags2 |= SMB_FLAGS2_SECURITY_SIGNATURE;
196 vcp->vc_hflags2 |= SMB_FLAGS2_KNOWS_LONG_NAMES;
197 if (dp->d_id == SMB_DIALECT_NTLM0_12 &&
198 sp->sv_maxtx < 4096 &&
199 (sp->sv_caps & SMB_CAP_NT_SMBS) == 0) {
200 vcp->obj.co_flags |= SMBV_WIN95;
201 SMBSDEBUG("Win95 detected\n");
202 }
203 } else if (dp->d_id > SMB_DIALECT_CORE) {
204 md_get_uint16le(mdp, &tw);
205 sp->sv_sm = tw;
206 md_get_uint16le(mdp, &tw);
207 sp->sv_maxtx = tw;
208 md_get_uint16le(mdp, &sp->sv_maxmux);
209 md_get_uint16le(mdp, &sp->sv_maxvcs);
210 md_get_uint16le(mdp, &tw); /* rawmode */
211 md_get_uint32le(mdp, &sp->sv_skey);
212 if (wc == 13) { /* >= LANMAN1 */
213 md_get_uint16(mdp, &tw); /* time */
214 md_get_uint16(mdp, &tw1); /* date */
215 md_get_uint16le(mdp, (u_int16_t*)&sp->sv_tz);
216 md_get_uint16le(mdp, &swlen);
217 if (swlen > SMB_MAXCHALLENGELEN)
218 break;
219 md_get_uint16(mdp, NULL); /* mbz */
220 if (md_get_uint16(mdp, &bc) != 0)
221 break;
222 if (bc < swlen)
223 break;
224 if (swlen && (sp->sv_sm & SMB_SM_ENCRYPT)) {
225 error = md_get_mem(mdp, vcp->vc_ch, swlen, MB_MSYSTEM);
226 if (error)
227 break;
228 vcp->vc_chlen = swlen;
229 vcp->obj.co_flags |= SMBV_ENCRYPT;
230 }
231 }
232 vcp->vc_hflags2 |= SMB_FLAGS2_KNOWS_LONG_NAMES;
233 } else { /* an old CORE protocol */
234 sp->sv_maxmux = 1;
235 }
236 error = 0;
237 } while (0);
238 if (error == 0) {
239 vcp->vc_maxvcs = sp->sv_maxvcs;
240 if (vcp->vc_maxvcs <= 1) {
241 if (vcp->vc_maxvcs == 0)
242 vcp->vc_maxvcs = 1;
243 }
244 if (sp->sv_maxtx <= 0 || sp->sv_maxtx > 0xffff)
245 sp->sv_maxtx = 1024;
246 else
247 sp->sv_maxtx = min(sp->sv_maxtx,
248 63*1024 + SMB_HDRLEN + 16);
249 SMB_TRAN_GETPARAM(vcp, SMBTP_RCVSZ, &maxqsz);
250 vcp->vc_rxmax = min(smb_vc_maxread(vcp), maxqsz - 1024);
251 SMB_TRAN_GETPARAM(vcp, SMBTP_SNDSZ, &maxqsz);
252 vcp->vc_wxmax = min(smb_vc_maxwrite(vcp), maxqsz - 1024);
253 vcp->vc_txmax = min(sp->sv_maxtx, maxqsz);
254 SMBSDEBUG("TZ = %d\n", sp->sv_tz);
255 SMBSDEBUG("CAPS = %x\n", sp->sv_caps);
256 SMBSDEBUG("MAXMUX = %d\n", sp->sv_maxmux);
257 SMBSDEBUG("MAXVCS = %d\n", sp->sv_maxvcs);
258 SMBSDEBUG("MAXRAW = %d\n", sp->sv_maxraw);
259 SMBSDEBUG("MAXTX = %d\n", sp->sv_maxtx);
260 }
261bad:
262 smb_rq_done(rqp);
263 return error;
264}
265
266int
267smb_smb_ssnsetup(struct smb_vc *vcp, struct smb_cred *scred)
268{
269 struct smb_rq *rqp;
270 struct mbchain *mbp;
271/* u_int8_t wc;
272 u_int16_t tw, tw1;*/
273 smb_uniptr unipp, ntencpass = NULL;
274 char *pp, *up, *pbuf, *encpass;
275 int error, plen, uniplen, ulen, upper;
276
277 upper = 0;
278
279again:
280
281 vcp->vc_smbuid = SMB_UID_UNKNOWN;
282
283 if (smb_smb_nomux(vcp, scred, __func__) != 0)
284 return EINVAL;
285
286 error = smb_rq_alloc(VCTOCP(vcp), SMB_COM_SESSION_SETUP_ANDX, scred, &rqp);
287 if (error)
288 return error;
289 pbuf = malloc(SMB_MAXPASSWORDLEN + 1, M_SMBTEMP, M_WAITOK);
290 encpass = malloc(24, M_SMBTEMP, M_WAITOK);
291 if (vcp->vc_sopt.sv_sm & SMB_SM_USER) {
292 /*
293 * We try w/o uppercasing first so Samba mixed case
294 * passwords work. If that fails we come back and try
295 * uppercasing to satisfy OS/2 and Windows for Workgroups.
296 */
297 if (upper++) {
298 iconv_convstr(vcp->vc_toupper, pbuf,
299 smb_vc_getpass(vcp)/*, SMB_MAXPASSWORDLEN*/);
300 } else {
301 strncpy(pbuf, smb_vc_getpass(vcp), SMB_MAXPASSWORDLEN);
302 pbuf[SMB_MAXPASSWORDLEN] = '\0';
303 }
304 if (!SMB_UNICODE_STRINGS(vcp))
305 iconv_convstr(vcp->vc_toserver, pbuf, pbuf/*,
306 SMB_MAXPASSWORDLEN*/);
307
308 if (vcp->vc_sopt.sv_sm & SMB_SM_ENCRYPT) {
309 uniplen = plen = 24;
310 smb_encrypt(pbuf, vcp->vc_ch, encpass);
311 ntencpass = malloc(uniplen, M_SMBTEMP, M_WAITOK);
312 if (SMB_UNICODE_STRINGS(vcp)) {
313 strncpy(pbuf, smb_vc_getpass(vcp),
314 SMB_MAXPASSWORDLEN);
315 pbuf[SMB_MAXPASSWORDLEN] = '\0';
316 } else
317 iconv_convstr(vcp->vc_toserver, pbuf,
318 smb_vc_getpass(vcp)/*,
319 SMB_MAXPASSWORDLEN*/);
320 smb_ntencrypt(pbuf, vcp->vc_ch, (u_char*)ntencpass);
321 pp = encpass;
322 unipp = ntencpass;
323 } else {
324 plen = strlen(pbuf) + 1;
325 pp = pbuf;
326 uniplen = plen * 2;
327 ntencpass = malloc(uniplen, M_SMBTEMP, M_WAITOK);
328 smb_strtouni(ntencpass, smb_vc_getpass(vcp));
329 plen--;
330
331 /*
332 * The uniplen is zeroed because Samba cannot deal
333 * with this 2nd cleartext password. This Samba
334 * "bug" is actually a workaround for problems in
335 * Microsoft clients.
336 */
337 uniplen = 0/*-= 2*/;
338 unipp = ntencpass;
339 }
340 } else {
341 /*
342 * In the share security mode password will be used
343 * only in the tree authentication
344 */
345 pp = "";
346 plen = 1;
347 unipp = &smb_unieol;
348 uniplen = 0 /* sizeof(smb_unieol) */;
349 }
350 smb_rq_wstart(rqp);
351 mbp = &rqp->sr_rq;
352 up = vcp->vc_username;
353 ulen = strlen(up) + 1;
354 /*
355 * If userid is null we are attempting anonymous browse login
356 * so passwords must be zero length.
357 */
358 if (ulen == 1)
359 plen = uniplen = 0;
360 mb_put_uint8(mbp, 0xff);
361 mb_put_uint8(mbp, 0);
362 mb_put_uint16le(mbp, 0);
363 mb_put_uint16le(mbp, vcp->vc_sopt.sv_maxtx);
364 mb_put_uint16le(mbp, vcp->vc_sopt.sv_maxmux);
365 mb_put_uint16le(mbp, vcp->vc_number);
366 mb_put_uint32le(mbp, vcp->vc_sopt.sv_skey);
367 mb_put_uint16le(mbp, plen);
368 if (SMB_DIALECT(vcp) < SMB_DIALECT_NTLM0_12) {
369 mb_put_uint32le(mbp, 0);
370 smb_rq_wend(rqp);
371 smb_rq_bstart(rqp);
372 mb_put_mem(mbp, pp, plen, MB_MSYSTEM);
373 smb_put_dstring(mbp, vcp, up, SMB_CS_NONE);
374 } else {
375 mb_put_uint16le(mbp, uniplen);
376 mb_put_uint32le(mbp, 0); /* reserved */
377 mb_put_uint32le(mbp, vcp->obj.co_flags & SMBV_UNICODE ?
378 SMB_CAP_UNICODE : 0);
379 smb_rq_wend(rqp);
380 smb_rq_bstart(rqp);
381 mb_put_mem(mbp, pp, plen, MB_MSYSTEM);
382 mb_put_mem(mbp, (caddr_t)unipp, uniplen, MB_MSYSTEM);
383 smb_put_dstring(mbp, vcp, up, SMB_CS_NONE); /* AccountName */
384 smb_put_dstring(mbp, vcp, vcp->vc_domain, SMB_CS_NONE); /* PrimaryDomain */
385 smb_put_dstring(mbp, vcp, "FreeBSD", SMB_CS_NONE); /* Client's OS */
386 smb_put_dstring(mbp, vcp, "NETSMB", SMB_CS_NONE); /* Client name */
387 }
388 smb_rq_bend(rqp);
389 if (ntencpass)
390 free(ntencpass, M_SMBTEMP);
391 if (vcp->vc_hflags2 & SMB_FLAGS2_SECURITY_SIGNATURE)
392 smb_calcmackey(vcp);
393 error = smb_rq_simple(rqp);
394 SMBSDEBUG("%d\n", error);
395 if (error) {
396 if (rqp->sr_errclass == ERRDOS && rqp->sr_serror == ERRnoaccess)
397 error = EAUTH;
398 goto bad;
399 }
400 vcp->vc_smbuid = rqp->sr_rpuid;
401bad:
402 free(encpass, M_SMBTEMP);
403 free(pbuf, M_SMBTEMP);
404 smb_rq_done(rqp);
405 if (error && upper == 1 && vcp->vc_sopt.sv_sm & SMB_SM_USER)
406 goto again;
407 return error;
408}
409
410int
411smb_smb_ssnclose(struct smb_vc *vcp, struct smb_cred *scred)
412{
413 struct smb_rq *rqp;
414 struct mbchain *mbp;
415 int error;
416
417 if (vcp->vc_smbuid == SMB_UID_UNKNOWN)
418 return 0;
419
420 if (smb_smb_nomux(vcp, scred, __func__) != 0)
421 return EINVAL;
422
423 error = smb_rq_alloc(VCTOCP(vcp), SMB_COM_LOGOFF_ANDX, scred, &rqp);
424 if (error)
425 return error;
426 mbp = &rqp->sr_rq;
427 smb_rq_wstart(rqp);
428 mb_put_uint8(mbp, 0xff);
429 mb_put_uint8(mbp, 0);
430 mb_put_uint16le(mbp, 0);
431 smb_rq_wend(rqp);
432 smb_rq_bstart(rqp);
433 smb_rq_bend(rqp);
434 error = smb_rq_simple(rqp);
435 SMBSDEBUG("%d\n", error);
436 smb_rq_done(rqp);
437 return error;
438}
439
440static char smb_any_share[] = "?????";
441
442static char *
443smb_share_typename(int stype)
444{
445 char *pp;
446
447 switch (stype) {
448 case SMB_ST_DISK:
449 pp = "A:";
450 break;
451 case SMB_ST_PRINTER:
452 pp = smb_any_share; /* can't use LPT: here... */
453 break;
454 case SMB_ST_PIPE:
455 pp = "IPC";
456 break;
457 case SMB_ST_COMM:
458 pp = "COMM";
459 break;
460 case SMB_ST_ANY:
461 default:
462 pp = smb_any_share;
463 break;
464 }
465 return pp;
466}
467
468int
469smb_smb_treeconnect(struct smb_share *ssp, struct smb_cred *scred)
470{
471 struct smb_vc *vcp;
472 struct smb_rq rq, *rqp = &rq;
473 struct mbchain *mbp;
474 char *pp, *pbuf, *encpass;
475 int error, plen, caseopt, upper;
476
477 upper = 0;
478
479again:
480
481#if 0
482 /* Disable Unicode for SMB_COM_TREE_CONNECT_ANDX requests */
483 if (SSTOVC(ssp)->vc_hflags2 & SMB_FLAGS2_UNICODE) {
484 vcp = SSTOVC(ssp);
485 if (vcp->vc_toserver) {
486 iconv_close(vcp->vc_toserver);
487 /* Use NULL until UTF-8 -> ASCII works */
488 vcp->vc_toserver = NULL;
489 }
490 if (vcp->vc_tolocal) {
491 iconv_close(vcp->vc_tolocal);
492 /* Use NULL until ASCII -> UTF-8 works*/
493 vcp->vc_tolocal = NULL;
494 }
495 vcp->vc_hflags2 &= ~SMB_FLAGS2_UNICODE;
496 }
497#endif
498
499 ssp->ss_tid = SMB_TID_UNKNOWN;
500 error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_TREE_CONNECT_ANDX, scred, &rqp);
501 if (error)
502 return error;
503 vcp = rqp->sr_vc;
504 caseopt = SMB_CS_NONE;
505 if (vcp->vc_sopt.sv_sm & SMB_SM_USER) {
506 plen = 1;
507 pp = "";
508 pbuf = NULL;
509 encpass = NULL;
510 } else {
511 pbuf = malloc(SMB_MAXPASSWORDLEN + 1, M_SMBTEMP, M_WAITOK);
512 encpass = malloc(24, M_SMBTEMP, M_WAITOK);
513 /*
514 * We try w/o uppercasing first so Samba mixed case
515 * passwords work. If that fails we come back and try
516 * uppercasing to satisfy OS/2 and Windows for Workgroups.
517 */
518 if (upper++) {
519 iconv_convstr(vcp->vc_toupper, pbuf,
520 smb_share_getpass(ssp)/*,
521 SMB_MAXPASSWORDLEN*/);
522 } else {
523 strncpy(pbuf, smb_share_getpass(ssp),
524 SMB_MAXPASSWORDLEN);
525 pbuf[SMB_MAXPASSWORDLEN] = '\0';
526 }
527 if (vcp->vc_sopt.sv_sm & SMB_SM_ENCRYPT) {
528 plen = 24;
529 smb_encrypt(pbuf, vcp->vc_ch, encpass);
530 pp = encpass;
531 } else {
532 plen = strlen(pbuf) + 1;
533 pp = pbuf;
534 }
535 }
536 mbp = &rqp->sr_rq;
537 smb_rq_wstart(rqp);
538 mb_put_uint8(mbp, 0xff);
539 mb_put_uint8(mbp, 0);
540 mb_put_uint16le(mbp, 0);
541 mb_put_uint16le(mbp, 0); /* Flags */
542 mb_put_uint16le(mbp, plen);
543 smb_rq_wend(rqp);
544 smb_rq_bstart(rqp);
545 mb_put_mem(mbp, pp, plen, MB_MSYSTEM);
546 smb_put_dmem(mbp, vcp, "\\\\", 2, caseopt);
547 pp = vcp->vc_srvname;
548 smb_put_dmem(mbp, vcp, pp, strlen(pp), caseopt);
549 smb_put_dmem(mbp, vcp, "\\", 1, caseopt);
550 pp = ssp->ss_name;
551 smb_put_dstring(mbp, vcp, pp, caseopt);
552 pp = smb_share_typename(ssp->ss_type);
553 smb_put_dstring(mbp, vcp, pp, caseopt);
554 smb_rq_bend(rqp);
555 error = smb_rq_simple(rqp);
556 SMBSDEBUG("%d\n", error);
557 if (error)
558 goto bad;
559 ssp->ss_tid = rqp->sr_rptid;
560 ssp->ss_vcgenid = vcp->vc_genid;
561 ssp->ss_flags |= SMBS_CONNECTED;
562bad:
563 if (encpass)
564 free(encpass, M_SMBTEMP);
565 if (pbuf)
566 free(pbuf, M_SMBTEMP);
567 smb_rq_done(rqp);
568 if (error && upper == 1)
569 goto again;
570 return error;
571}
572
573int
574smb_smb_treedisconnect(struct smb_share *ssp, struct smb_cred *scred)
575{
576 struct smb_rq *rqp;
577 struct mbchain *mbp;
578 int error;
579
580 if (ssp->ss_tid == SMB_TID_UNKNOWN)
581 return 0;
582 error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_TREE_DISCONNECT, scred, &rqp);
583 if (error)
584 return error;
585 mbp = &rqp->sr_rq;
586 smb_rq_wstart(rqp);
587 smb_rq_wend(rqp);
588 smb_rq_bstart(rqp);
589 smb_rq_bend(rqp);
590 error = smb_rq_simple(rqp);
591 SMBSDEBUG("%d\n", error);
592 smb_rq_done(rqp);
593 ssp->ss_tid = SMB_TID_UNKNOWN;
594 return error;
595}
596
597static __inline int
598smb_smb_readx(struct smb_share *ssp, u_int16_t fid, int *len, int *rresid,
599 struct uio *uio, struct smb_cred *scred)
600{
601 struct smb_rq *rqp;
602 struct mbchain *mbp;
603 struct mdchain *mdp;
604 u_int8_t wc;
605 int error;
606 u_int16_t residhi, residlo, off, doff;
607 u_int32_t resid;
608
609 error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_READ_ANDX, scred, &rqp);
610 if (error)
611 return error;
612 smb_rq_getrequest(rqp, &mbp);
613 smb_rq_wstart(rqp);
614 mb_put_uint8(mbp, 0xff); /* no secondary command */
615 mb_put_uint8(mbp, 0); /* MBZ */
616 mb_put_uint16le(mbp, 0); /* offset to secondary */
617 mb_put_mem(mbp, (caddr_t)&fid, sizeof(fid), MB_MSYSTEM);
618 mb_put_uint32le(mbp, uio->uio_offset);
619 *len = min(SSTOVC(ssp)->vc_rxmax, *len);
620 mb_put_uint16le(mbp, *len); /* MaxCount */
621 mb_put_uint16le(mbp, *len); /* MinCount (only indicates blocking) */
622 mb_put_uint32le(mbp, (unsigned)*len >> 16); /* MaxCountHigh */
623 mb_put_uint16le(mbp, *len); /* Remaining ("obsolete") */
624 mb_put_uint32le(mbp, uio->uio_offset >> 32); /* OffsetHigh */
625 smb_rq_wend(rqp);
626 smb_rq_bstart(rqp);
627 smb_rq_bend(rqp);
628 do {
629 error = smb_rq_simple(rqp);
630 if (error)
631 break;
632 smb_rq_getreply(rqp, &mdp);
633 off = SMB_HDRLEN;
634 md_get_uint8(mdp, &wc);
635 off++;
636 if (wc != 12) {
637 error = EBADRPC;
638 break;
639 }
640 md_get_uint8(mdp, NULL);
641 off++;
642 md_get_uint8(mdp, NULL);
643 off++;
644 md_get_uint16le(mdp, NULL);
645 off += 2;
646 md_get_uint16le(mdp, NULL);
647 off += 2;
648 md_get_uint16le(mdp, NULL); /* data compaction mode */
649 off += 2;
650 md_get_uint16le(mdp, NULL);
651 off += 2;
652 md_get_uint16le(mdp, &residlo);
653 off += 2;
654 md_get_uint16le(mdp, &doff); /* data offset */
655 off += 2;
656 md_get_uint16le(mdp, &residhi);
657 off += 2;
658 resid = (residhi << 16) | residlo;
659 md_get_mem(mdp, NULL, 4 * 2, MB_MSYSTEM);
660 off += 4*2;
661 md_get_uint16le(mdp, NULL); /* ByteCount */
662 off += 2;
663 if (doff > off) /* pad byte(s)? */
664 md_get_mem(mdp, NULL, doff - off, MB_MSYSTEM);
665 if (resid == 0) {
666 *rresid = resid;
667 break;
668 }
669 error = md_get_uio(mdp, uio, resid);
670 if (error)
671 break;
672 *rresid = resid;
673 } while(0);
674 smb_rq_done(rqp);
675 return (error);
676}
677
678static __inline int
679smb_smb_writex(struct smb_share *ssp, u_int16_t fid, int *len, int *rresid,
680 struct uio *uio, struct smb_cred *scred)
681{
682 struct smb_rq *rqp;
683 struct mbchain *mbp;
684 struct mdchain *mdp;
685 int error;
686 u_int8_t wc;
687 u_int16_t resid;
688
689 error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_WRITE_ANDX, scred, &rqp);
690 if (error)
691 return (error);
692 smb_rq_getrequest(rqp, &mbp);
693 smb_rq_wstart(rqp);
694 mb_put_uint8(mbp, 0xff); /* no secondary command */
695 mb_put_uint8(mbp, 0); /* MBZ */
696 mb_put_uint16le(mbp, 0); /* offset to secondary */
697 mb_put_mem(mbp, (caddr_t)&fid, sizeof(fid), MB_MSYSTEM);
698 mb_put_uint32le(mbp, uio->uio_offset);
699 mb_put_uint32le(mbp, 0); /* MBZ (timeout) */
700 mb_put_uint16le(mbp, 0); /* !write-thru */
701 mb_put_uint16le(mbp, 0);
702 *len = min(SSTOVC(ssp)->vc_wxmax, *len);
703 mb_put_uint16le(mbp, (unsigned)*len >> 16);
704 mb_put_uint16le(mbp, *len);
705 mb_put_uint16le(mbp, 64); /* data offset from header start */
706 mb_put_uint32le(mbp, uio->uio_offset >> 32); /* OffsetHigh */
707 smb_rq_wend(rqp);
708 smb_rq_bstart(rqp);
709 do {
710 mb_put_uint8(mbp, 0xee); /* mimic xp pad byte! */
711 error = mb_put_uio(mbp, uio, *len);
712 if (error)
713 break;
714 smb_rq_bend(rqp);
715 error = smb_rq_simple(rqp);
716 if (error)
717 break;
718 smb_rq_getreply(rqp, &mdp);
719 md_get_uint8(mdp, &wc);
720 if (wc != 6) {
721 error = EBADRPC;
722 break;
723 }
724 md_get_uint8(mdp, NULL);
725 md_get_uint8(mdp, NULL);
726 md_get_uint16le(mdp, NULL);
727 md_get_uint16le(mdp, &resid);
728 *rresid = resid;
729 } while(0);
730
731 smb_rq_done(rqp);
732 return (error);
733}
734
735static __inline int
736smb_smb_read(struct smb_share *ssp, u_int16_t fid,
737 int *len, int *rresid, struct uio *uio, struct smb_cred *scred)
738{
739 struct smb_rq *rqp;
740 struct mbchain *mbp;
741 struct mdchain *mdp;
742 u_int16_t resid, bc;
743 u_int8_t wc;
744 int error, rlen, blksz;
745
746 if (SSTOVC(ssp)->vc_sopt.sv_caps & SMB_CAP_LARGE_READX)
747 return (smb_smb_readx(ssp, fid, len, rresid, uio, scred));
748
749 error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_READ, scred, &rqp);
750 if (error)
751 return error;
752
753 blksz = SSTOVC(ssp)->vc_txmax - SMB_HDRLEN - 16;
754 rlen = *len = min(blksz, *len);
755
756 smb_rq_getrequest(rqp, &mbp);
757 smb_rq_wstart(rqp);
758 mb_put_mem(mbp, (caddr_t)&fid, sizeof(fid), MB_MSYSTEM);
759 mb_put_uint16le(mbp, rlen);
760 mb_put_uint32le(mbp, uio->uio_offset);
761 mb_put_uint16le(mbp, min(uio->uio_resid, 0xffff));
762 smb_rq_wend(rqp);
763 smb_rq_bstart(rqp);
764 smb_rq_bend(rqp);
765 do {
766 error = smb_rq_simple(rqp);
767 if (error)
768 break;
769 smb_rq_getreply(rqp, &mdp);
770 md_get_uint8(mdp, &wc);
771 if (wc != 5) {
772 error = EBADRPC;
773 break;
774 }
775 md_get_uint16le(mdp, &resid);
776 md_get_mem(mdp, NULL, 4 * 2, MB_MSYSTEM);
777 md_get_uint16le(mdp, &bc);
778 md_get_uint8(mdp, NULL); /* ignore buffer type */
779 md_get_uint16le(mdp, &resid);
780 if (resid == 0) {
781 *rresid = resid;
782 break;
783 }
784 error = md_get_uio(mdp, uio, resid);
785 if (error)
786 break;
787 *rresid = resid;
788 } while(0);
789 smb_rq_done(rqp);
790 return error;
791}
792
793int
794smb_read(struct smb_share *ssp, u_int16_t fid, struct uio *uio,
795 struct smb_cred *scred)
796{
797 int tsize, len, resid;
798 int error = 0;
799
800 tsize = uio->uio_resid;
801 while (tsize > 0) {
802 resid = 0;
803 len = tsize;
804 error = smb_smb_read(ssp, fid, &len, &resid, uio, scred);
805 if (error)
806 break;
807 tsize -= resid;
808 if (resid < len)
809 break;
810 }
811 return error;
812}
813
814static __inline int
815smb_smb_write(struct smb_share *ssp, u_int16_t fid, int *len, int *rresid,
816 struct uio *uio, struct smb_cred *scred)
817{
818 struct smb_rq *rqp;
819 struct mbchain *mbp;
820 struct mdchain *mdp;
821 u_int16_t resid;
822 u_int8_t wc;
823 int error, blksz;
824
825 if (*len && SSTOVC(ssp)->vc_sopt.sv_caps & SMB_CAP_LARGE_WRITEX)
826 return (smb_smb_writex(ssp, fid, len, rresid, uio, scred));
827
828 blksz = SSTOVC(ssp)->vc_txmax - SMB_HDRLEN - 16;
829 if (blksz > 0xffff)
830 blksz = 0xffff;
831
832 resid = *len = min(blksz, *len);
833
834 error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_WRITE, scred, &rqp);
835 if (error)
836 return error;
837 smb_rq_getrequest(rqp, &mbp);
838 smb_rq_wstart(rqp);
839 mb_put_mem(mbp, (caddr_t)&fid, sizeof(fid), MB_MSYSTEM);
840 mb_put_uint16le(mbp, resid);
841 mb_put_uint32le(mbp, uio->uio_offset);
842 mb_put_uint16le(mbp, min(uio->uio_resid, 0xffff));
843 smb_rq_wend(rqp);
844 smb_rq_bstart(rqp);
845 mb_put_uint8(mbp, SMB_DT_DATA);
846 mb_put_uint16le(mbp, resid);
847 do {
848 error = mb_put_uio(mbp, uio, resid);
849 if (error)
850 break;
851 smb_rq_bend(rqp);
852 error = smb_rq_simple(rqp);
853 if (error)
854 break;
855 smb_rq_getreply(rqp, &mdp);
856 md_get_uint8(mdp, &wc);
857 if (wc != 1) {
858 error = EBADRPC;
859 break;
860 }
861 md_get_uint16le(mdp, &resid);
862 *rresid = resid;
863 } while(0);
864 smb_rq_done(rqp);
865 return error;
866}
867
868int
869smb_write(struct smb_share *ssp, u_int16_t fid, struct uio *uio,
870 struct smb_cred *scred)
871{
872 int error = 0, len, tsize, resid;
873 struct uio olduio;
874
875 tsize = uio->uio_resid;
876 olduio = *uio;
877 while (tsize > 0) {
878 resid = 0;
879 len = tsize;
880 error = smb_smb_write(ssp, fid, &len, &resid, uio, scred);
881 if (error)
882 break;
883 if (resid < len) {
884 error = EIO;
885 break;
886 }
887 tsize -= resid;
888 }
889 if (error) {
890 /*
891 * Errors can happen on the copyin, the rpc, etc. So they
892 * imply resid is unreliable. The only safe thing is
893 * to pretend zero bytes made it. We needn't restore the
894 * iovs because callers don't depend on them in error
895 * paths - uio_resid and uio_offset are what matter.
896 */
897 *uio = olduio;
898 }
899 return error;
900}
901
902int
903smb_smb_echo(struct smb_vc *vcp, struct smb_cred *scred)
904{
905 struct smb_rq *rqp;
906 struct mbchain *mbp;
907 int error;
908
909 error = smb_rq_alloc(VCTOCP(vcp), SMB_COM_ECHO, scred, &rqp);
910 if (error)
911 return error;
912 mbp = &rqp->sr_rq;
913 smb_rq_wstart(rqp);
914 mb_put_uint16le(mbp, 1);
915 smb_rq_wend(rqp);
916 smb_rq_bstart(rqp);
917 mb_put_uint32le(mbp, 0);
918 smb_rq_bend(rqp);
919 error = smb_rq_simple(rqp);
920 SMBSDEBUG("%d\n", error);
921 smb_rq_done(rqp);
922 return error;
923}