Index: head/sys/netsmb/smb_conn.c =================================================================== --- head/sys/netsmb/smb_conn.c (revision 124086) +++ head/sys/netsmb/smb_conn.c (revision 124087) @@ -1,889 +1,894 @@ /* * Copyright (c) 2000-2001 Boris Popov * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Boris Popov. * 4. Neither the name of the author nor the names of any co-contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Connection engine. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include static struct smb_connobj smb_vclist; static int smb_vcnext = 1; /* next unique id for VC */ SYSCTL_NODE(_net, OID_AUTO, smb, CTLFLAG_RW, NULL, "SMB protocol"); MALLOC_DEFINE(M_SMBCONN, "SMB conn", "SMB connection"); static void smb_co_init(struct smb_connobj *cp, int level, char *objname, struct thread *td); static void smb_co_done(struct smb_connobj *cp); static int smb_co_lockstatus(struct smb_connobj *cp, struct thread *td); static int smb_vc_disconnect(struct smb_vc *vcp); static void smb_vc_free(struct smb_connobj *cp); static void smb_vc_gone(struct smb_connobj *cp, struct smb_cred *scred); static smb_co_free_t smb_share_free; static smb_co_gone_t smb_share_gone; static int smb_sysctl_treedump(SYSCTL_HANDLER_ARGS); SYSCTL_PROC(_net_smb, OID_AUTO, treedump, CTLFLAG_RD | CTLTYPE_OPAQUE, NULL, 0, smb_sysctl_treedump, "S,treedump", "Requester tree"); int smb_sm_init(void) { smb_co_init(&smb_vclist, SMBL_SM, "smbsm", curthread); smb_co_unlock(&smb_vclist, 0, curthread); return 0; } int smb_sm_done(void) { /* XXX: hold the mutex */ if (smb_vclist.co_usecount > 1) { SMBERROR("%d connections still active\n", smb_vclist.co_usecount - 1); return EBUSY; } smb_co_done(&smb_vclist); return 0; } static int smb_sm_lockvclist(int flags, struct thread *td) { return smb_co_lock(&smb_vclist, flags | LK_CANRECURSE, td); } static void smb_sm_unlockvclist(struct thread *td) { smb_co_unlock(&smb_vclist, LK_RELEASE, td); } static int smb_sm_lookupint(struct smb_vcspec *vcspec, struct smb_sharespec *shspec, struct smb_cred *scred, struct smb_vc **vcpp) { struct thread *td = scred->scr_td; struct smb_vc *vcp; int exact = 1; int error; vcspec->shspec = shspec; error = ENOENT; SMBCO_FOREACH((struct smb_connobj*)vcp, &smb_vclist) { error = smb_vc_lock(vcp, LK_EXCLUSIVE, td); if (error) continue; if ((vcp->obj.co_flags & SMBV_PRIVATE) || !CONNADDREQ(vcp->vc_paddr, vcspec->sap) || strcmp(vcp->vc_username, vcspec->username) != 0) goto err1; if (vcspec->owner != SMBM_ANY_OWNER) { if (vcp->vc_uid != vcspec->owner) goto err1; } else exact = 0; if (vcspec->group != SMBM_ANY_GROUP) { if (vcp->vc_grp != vcspec->group) goto err1; } else exact = 0; if (vcspec->mode & SMBM_EXACT) { if (!exact || (vcspec->mode & SMBM_MASK) != vcp->vc_mode) goto err1; } if (smb_vc_access(vcp, scred, vcspec->mode) != 0) goto err1; vcspec->ssp = NULL; if (shspec) { error = (int)smb_vc_lookupshare(vcp, shspec, scred, &vcspec->ssp); if (error) goto fail; } error = 0; break; err1: error = 1; fail: smb_vc_unlock(vcp, 0, td); } if (vcp) { smb_vc_ref(vcp); *vcpp = vcp; } return (error); } int smb_sm_lookup(struct smb_vcspec *vcspec, struct smb_sharespec *shspec, struct smb_cred *scred, struct smb_vc **vcpp) { struct thread *td = scred->scr_td; struct smb_vc *vcp; struct smb_share *ssp = NULL; int error; *vcpp = vcp = NULL; error = smb_sm_lockvclist(LK_EXCLUSIVE, td); if (error) return error; error = smb_sm_lookupint(vcspec, shspec, scred, vcpp); if (error == 0 || (vcspec->flags & SMBV_CREATE) == 0) { smb_sm_unlockvclist(td); return error; } error = smb_sm_lookupint(vcspec, NULL, scred, &vcp); if (error) { error = smb_vc_create(vcspec, scred, &vcp); if (error) goto out; error = smb_vc_connect(vcp, scred); if (error) goto out; } if (shspec == NULL) goto out; error = smb_share_create(vcp, shspec, scred, &ssp); if (error) goto out; error = smb_smb_treeconnect(ssp, scred); if (error == 0) vcspec->ssp = ssp; else smb_share_put(ssp, scred); out: smb_sm_unlockvclist(td); if (error == 0) *vcpp = vcp; else if (vcp) smb_vc_put(vcp, scred); return error; } /* * Common code for connection object */ static void smb_co_init(struct smb_connobj *cp, int level, char *objname, struct thread *td) { SLIST_INIT(&cp->co_children); smb_sl_init(&cp->co_interlock, objname); lockinit(&cp->co_lock, PZERO, objname, 0, 0); cp->co_level = level; cp->co_usecount = 1; KASSERT(smb_co_lock(cp, LK_EXCLUSIVE, td) == 0, ("smb_co_init: lock failed")); } static void smb_co_done(struct smb_connobj *cp) { smb_sl_destroy(&cp->co_interlock); lockdestroy(&cp->co_lock); } static void smb_co_gone(struct smb_connobj *cp, struct smb_cred *scred) { struct smb_connobj *parent; if (cp->co_gone) cp->co_gone(cp, scred); parent = cp->co_parent; if (parent) { smb_co_lock(parent, LK_EXCLUSIVE, scred->scr_td); SLIST_REMOVE(&parent->co_children, cp, smb_connobj, co_next); smb_co_put(parent, scred); } if (cp->co_free) cp->co_free(cp); } void smb_co_ref(struct smb_connobj *cp) { SMB_CO_LOCK(cp); cp->co_usecount++; SMB_CO_UNLOCK(cp); } void smb_co_rele(struct smb_connobj *cp, struct smb_cred *scred) { struct thread *td = scred->scr_td; SMB_CO_LOCK(cp); if (cp->co_usecount > 1) { cp->co_usecount--; SMB_CO_UNLOCK(cp); return; } if (cp->co_usecount == 0) { SMBERROR("negative use_count for object %d", cp->co_level); SMB_CO_UNLOCK(cp); return; } cp->co_usecount--; cp->co_flags |= SMBO_GONE; lockmgr(&cp->co_lock, LK_DRAIN | LK_INTERLOCK, &cp->co_interlock, td); smb_co_gone(cp, scred); } int smb_co_get(struct smb_connobj *cp, int flags, struct smb_cred *scred) { int error; if ((flags & LK_INTERLOCK) == 0) SMB_CO_LOCK(cp); cp->co_usecount++; error = smb_co_lock(cp, flags | LK_INTERLOCK, scred->scr_td); if (error) { SMB_CO_LOCK(cp); cp->co_usecount--; SMB_CO_UNLOCK(cp); return error; } return 0; } void smb_co_put(struct smb_connobj *cp, struct smb_cred *scred) { struct thread *td = scred->scr_td; int flags; flags = LK_RELEASE; SMB_CO_LOCK(cp); if (cp->co_usecount > 1) { cp->co_usecount--; } else if (cp->co_usecount == 1) { cp->co_usecount--; cp->co_flags |= SMBO_GONE; flags = LK_DRAIN; } else { SMBERROR("negative usecount"); } lockmgr(&cp->co_lock, LK_RELEASE | LK_INTERLOCK, &cp->co_interlock, td); if ((cp->co_flags & SMBO_GONE) == 0) return; lockmgr(&cp->co_lock, LK_DRAIN, NULL, td); smb_co_gone(cp, scred); } int smb_co_lockstatus(struct smb_connobj *cp, struct thread *td) { return lockstatus(&cp->co_lock, td); } int smb_co_lock(struct smb_connobj *cp, int flags, struct thread *td) { if (cp->co_flags & SMBO_GONE) return EINVAL; if ((flags & LK_TYPE_MASK) == 0) flags |= LK_EXCLUSIVE; if (smb_co_lockstatus(cp, td) == LK_EXCLUSIVE && (flags & LK_CANRECURSE) == 0) { SMBERROR("recursive lock for object %d\n", cp->co_level); return 0; } return lockmgr(&cp->co_lock, flags, &cp->co_interlock, td); } void smb_co_unlock(struct smb_connobj *cp, int flags, struct thread *td) { (void)lockmgr(&cp->co_lock, flags | LK_RELEASE, &cp->co_interlock, td); } static void smb_co_addchild(struct smb_connobj *parent, struct smb_connobj *child) { KASSERT(smb_co_lockstatus(parent, curthread) == LK_EXCLUSIVE, ("smb_co_addchild: parent not locked")); KASSERT(smb_co_lockstatus(child, curthread) == LK_EXCLUSIVE, ("smb_co_addchild: child not locked")); smb_co_ref(parent); SLIST_INSERT_HEAD(&parent->co_children, child, co_next); child->co_parent = parent; } /* * Session implementation */ int smb_vc_create(struct smb_vcspec *vcspec, struct smb_cred *scred, struct smb_vc **vcpp) { struct smb_vc *vcp; struct thread *td = scred->scr_td; struct ucred *cred = scred->scr_cred; uid_t uid = vcspec->owner; gid_t gid = vcspec->group; uid_t realuid = cred->cr_uid; char *domain = vcspec->domain; int error, isroot; isroot = smb_suser(cred) == 0; /* * Only superuser can create VCs with different uid and gid */ if (uid != SMBM_ANY_OWNER && uid != realuid && !isroot) return EPERM; if (gid != SMBM_ANY_GROUP && !groupmember(gid, cred) && !isroot) return EPERM; vcp = smb_zmalloc(sizeof(*vcp), M_SMBCONN, M_WAITOK); smb_co_init(VCTOCP(vcp), SMBL_VC, "smb_vc", td); vcp->obj.co_free = smb_vc_free; vcp->obj.co_gone = smb_vc_gone; vcp->vc_number = smb_vcnext++; vcp->vc_timo = SMB_DEFRQTIMO; vcp->vc_smbuid = SMB_UID_UNKNOWN; vcp->vc_mode = vcspec->rights & SMBM_MASK; vcp->obj.co_flags = vcspec->flags & (SMBV_PRIVATE | SMBV_SINGLESHARE); vcp->vc_tdesc = &smb_tran_nbtcp_desc; + vcp->vc_seqno = 0; + vcp->vc_mackey = NULL; + vcp->vc_mackeylen = 0; if (uid == SMBM_ANY_OWNER) uid = realuid; if (gid == SMBM_ANY_GROUP) gid = cred->cr_groups[0]; vcp->vc_uid = uid; vcp->vc_grp = gid; smb_sl_init(&vcp->vc_stlock, "vcstlock"); error = ENOMEM; vcp->vc_paddr = dup_sockaddr(vcspec->sap, 1); if (vcp->vc_paddr == NULL) goto fail; vcp->vc_laddr = dup_sockaddr(vcspec->lap, 1); if (vcp->vc_laddr == NULL) goto fail; vcp->vc_pass = smb_strdup(vcspec->pass); if (vcp->vc_pass == NULL) goto fail; vcp->vc_domain = smb_strdup((domain && domain[0]) ? domain : "NODOMAIN"); if (vcp->vc_domain == NULL) goto fail; vcp->vc_srvname = smb_strdup(vcspec->srvname); if (vcp->vc_srvname == NULL) goto fail; vcp->vc_username = smb_strdup(vcspec->username); if (vcp->vc_username == NULL) goto fail; error = (int)iconv_open("tolower", vcspec->localcs, &vcp->vc_tolower); if (error) goto fail; error = (int)iconv_open("toupper", vcspec->localcs, &vcp->vc_toupper); if (error) goto fail; if (vcspec->servercs[0]) { error = (int)iconv_open(vcspec->servercs, vcspec->localcs, &vcp->vc_toserver); if (error) goto fail; error = (int)iconv_open(vcspec->localcs, vcspec->servercs, &vcp->vc_tolocal); if (error) goto fail; } error = (int)smb_iod_create(vcp); if (error) goto fail; *vcpp = vcp; smb_co_addchild(&smb_vclist, VCTOCP(vcp)); return (0); fail: smb_vc_put(vcp, scred); return (error); } static void smb_vc_free(struct smb_connobj *cp) { struct smb_vc *vcp = CPTOVC(cp); if (vcp->vc_iod) smb_iod_destroy(vcp->vc_iod); SMB_STRFREE(vcp->vc_username); SMB_STRFREE(vcp->vc_srvname); SMB_STRFREE(vcp->vc_pass); SMB_STRFREE(vcp->vc_domain); + if (vcp->vc_mackey) + free(vcp->vc_mackey, M_SMBTEMP); if (vcp->vc_paddr) free(vcp->vc_paddr, M_SONAME); if (vcp->vc_laddr) free(vcp->vc_laddr, M_SONAME); if (vcp->vc_tolower) iconv_close(vcp->vc_tolower); if (vcp->vc_toupper) iconv_close(vcp->vc_toupper); if (vcp->vc_tolocal) iconv_close(vcp->vc_tolocal); if (vcp->vc_toserver) iconv_close(vcp->vc_toserver); smb_co_done(VCTOCP(vcp)); smb_sl_destroy(&vcp->vc_stlock); free(vcp, M_SMBCONN); } /* * Called when use count of VC dropped to zero. * VC should be locked on enter with LK_DRAIN. */ static void smb_vc_gone(struct smb_connobj *cp, struct smb_cred *scred) { struct smb_vc *vcp = CPTOVC(cp); smb_vc_disconnect(vcp); } void smb_vc_ref(struct smb_vc *vcp) { smb_co_ref(VCTOCP(vcp)); } void smb_vc_rele(struct smb_vc *vcp, struct smb_cred *scred) { smb_co_rele(VCTOCP(vcp), scred); } int smb_vc_get(struct smb_vc *vcp, int flags, struct smb_cred *scred) { return smb_co_get(VCTOCP(vcp), flags, scred); } void smb_vc_put(struct smb_vc *vcp, struct smb_cred *scred) { smb_co_put(VCTOCP(vcp), scred); } int smb_vc_lock(struct smb_vc *vcp, int flags, struct thread *td) { return smb_co_lock(VCTOCP(vcp), flags, td); } void smb_vc_unlock(struct smb_vc *vcp, int flags, struct thread *td) { smb_co_unlock(VCTOCP(vcp), flags, td); } int smb_vc_access(struct smb_vc *vcp, struct smb_cred *scred, mode_t mode) { struct ucred *cred = scred->scr_cred; if (smb_suser(cred) == 0 || cred->cr_uid == vcp->vc_uid) return 0; mode >>= 3; if (!groupmember(vcp->vc_grp, cred)) mode >>= 3; return (vcp->vc_mode & mode) == mode ? 0 : EACCES; } static int smb_vc_cmpshare(struct smb_share *ssp, struct smb_sharespec *dp) { int exact = 1; if (strcmp(ssp->ss_name, dp->name) != 0) return 1; if (dp->owner != SMBM_ANY_OWNER) { if (ssp->ss_uid != dp->owner) return 1; } else exact = 0; if (dp->group != SMBM_ANY_GROUP) { if (ssp->ss_grp != dp->group) return 1; } else exact = 0; if (dp->mode & SMBM_EXACT) { if (!exact) return 1; return (dp->mode & SMBM_MASK) == ssp->ss_mode ? 0 : 1; } if (smb_share_access(ssp, dp->scred, dp->mode) != 0) return 1; return 0; } /* * Lookup share in the given VC. Share referenced and locked on return. * VC expected to be locked on entry and will be left locked on exit. */ int smb_vc_lookupshare(struct smb_vc *vcp, struct smb_sharespec *dp, struct smb_cred *scred, struct smb_share **sspp) { struct thread *td = scred->scr_td; struct smb_share *ssp = NULL; int error; *sspp = NULL; dp->scred = scred; SMBCO_FOREACH((struct smb_connobj*)ssp, VCTOCP(vcp)) { error = smb_share_lock(ssp, LK_EXCLUSIVE, td); if (error) continue; if (smb_vc_cmpshare(ssp, dp) == 0) break; smb_share_unlock(ssp, 0, td); } if (ssp) { smb_share_ref(ssp); *sspp = ssp; error = 0; } else error = ENOENT; return error; } int smb_vc_connect(struct smb_vc *vcp, struct smb_cred *scred) { return smb_iod_request(vcp->vc_iod, SMBIOD_EV_CONNECT | SMBIOD_EV_SYNC, NULL); } /* * Destroy VC to server, invalidate shares linked with it. * Transport should be locked on entry. */ int smb_vc_disconnect(struct smb_vc *vcp) { smb_iod_request(vcp->vc_iod, SMBIOD_EV_DISCONNECT | SMBIOD_EV_SYNC, NULL); return 0; } static char smb_emptypass[] = ""; const char * smb_vc_getpass(struct smb_vc *vcp) { if (vcp->vc_pass) return vcp->vc_pass; return smb_emptypass; } static int smb_vc_getinfo(struct smb_vc *vcp, struct smb_vc_info *vip) { bzero(vip, sizeof(struct smb_vc_info)); vip->itype = SMB_INFO_VC; vip->usecount = vcp->obj.co_usecount; vip->uid = vcp->vc_uid; vip->gid = vcp->vc_grp; vip->mode = vcp->vc_mode; vip->flags = vcp->obj.co_flags; vip->sopt = vcp->vc_sopt; vip->iodstate = vcp->vc_iod->iod_state; bzero(&vip->sopt.sv_skey, sizeof(vip->sopt.sv_skey)); snprintf(vip->srvname, sizeof(vip->srvname), "%s", vcp->vc_srvname); snprintf(vip->vcname, sizeof(vip->vcname), "%s", vcp->vc_username); return 0; } u_short smb_vc_nextmid(struct smb_vc *vcp) { u_short r; SMB_CO_LOCK(&vcp->obj); r = vcp->vc_mid++; SMB_CO_UNLOCK(&vcp->obj); return r; } /* * Share implementation */ /* * Allocate share structure and attach it to the given VC * Connection expected to be locked on entry. Share will be returned * in locked state. */ int smb_share_create(struct smb_vc *vcp, struct smb_sharespec *shspec, struct smb_cred *scred, struct smb_share **sspp) { struct smb_share *ssp; struct thread *td = scred->scr_td; struct ucred *cred = scred->scr_cred; uid_t realuid = cred->cr_uid; uid_t uid = shspec->owner; gid_t gid = shspec->group; int error, isroot; isroot = smb_suser(cred) == 0; /* * Only superuser can create shares with different uid and gid */ if (uid != SMBM_ANY_OWNER && uid != realuid && !isroot) return EPERM; if (gid != SMBM_ANY_GROUP && !groupmember(gid, cred) && !isroot) return EPERM; error = smb_vc_lookupshare(vcp, shspec, scred, &ssp); if (!error) { smb_share_put(ssp, scred); return EEXIST; } if (uid == SMBM_ANY_OWNER) uid = realuid; if (gid == SMBM_ANY_GROUP) gid = cred->cr_groups[0]; ssp = smb_zmalloc(sizeof(*ssp), M_SMBCONN, M_WAITOK); smb_co_init(SSTOCP(ssp), SMBL_SHARE, "smbss", td); ssp->obj.co_free = smb_share_free; ssp->obj.co_gone = smb_share_gone; smb_sl_init(&ssp->ss_stlock, "ssstlock"); ssp->ss_name = smb_strdup(shspec->name); if (shspec->pass && shspec->pass[0]) ssp->ss_pass = smb_strdup(shspec->pass); ssp->ss_type = shspec->stype; ssp->ss_tid = SMB_TID_UNKNOWN; ssp->ss_uid = uid; ssp->ss_grp = gid; ssp->ss_mode = shspec->rights & SMBM_MASK; smb_co_addchild(VCTOCP(vcp), SSTOCP(ssp)); *sspp = ssp; return 0; } static void smb_share_free(struct smb_connobj *cp) { struct smb_share *ssp = CPTOSS(cp); SMB_STRFREE(ssp->ss_name); SMB_STRFREE(ssp->ss_pass); smb_sl_destroy(&ssp->ss_stlock); smb_co_done(SSTOCP(ssp)); free(ssp, M_SMBCONN); } static void smb_share_gone(struct smb_connobj *cp, struct smb_cred *scred) { struct smb_share *ssp = CPTOSS(cp); smb_smb_treedisconnect(ssp, scred); } void smb_share_ref(struct smb_share *ssp) { smb_co_ref(SSTOCP(ssp)); } void smb_share_rele(struct smb_share *ssp, struct smb_cred *scred) { smb_co_rele(SSTOCP(ssp), scred); } int smb_share_get(struct smb_share *ssp, int flags, struct smb_cred *scred) { return smb_co_get(SSTOCP(ssp), flags, scred); } void smb_share_put(struct smb_share *ssp, struct smb_cred *scred) { smb_co_put(SSTOCP(ssp), scred); } int smb_share_lock(struct smb_share *ssp, int flags, struct thread *td) { return smb_co_lock(SSTOCP(ssp), flags, td); } void smb_share_unlock(struct smb_share *ssp, int flags, struct thread *td) { smb_co_unlock(SSTOCP(ssp), flags, td); } int smb_share_access(struct smb_share *ssp, struct smb_cred *scred, mode_t mode) { struct ucred *cred = scred->scr_cred; if (smb_suser(cred) == 0 || cred->cr_uid == ssp->ss_uid) return 0; mode >>= 3; if (!groupmember(ssp->ss_grp, cred)) mode >>= 3; return (ssp->ss_mode & mode) == mode ? 0 : EACCES; } void smb_share_invalidate(struct smb_share *ssp) { ssp->ss_tid = SMB_TID_UNKNOWN; } int smb_share_valid(struct smb_share *ssp) { return ssp->ss_tid != SMB_TID_UNKNOWN && ssp->ss_vcgenid == SSTOVC(ssp)->vc_genid; } const char* smb_share_getpass(struct smb_share *ssp) { struct smb_vc *vcp; if (ssp->ss_pass) return ssp->ss_pass; vcp = SSTOVC(ssp); if (vcp->vc_pass) return vcp->vc_pass; return smb_emptypass; } static int smb_share_getinfo(struct smb_share *ssp, struct smb_share_info *sip) { bzero(sip, sizeof(struct smb_share_info)); sip->itype = SMB_INFO_SHARE; sip->usecount = ssp->obj.co_usecount; sip->tid = ssp->ss_tid; sip->type= ssp->ss_type; sip->uid = ssp->ss_uid; sip->gid = ssp->ss_grp; sip->mode= ssp->ss_mode; sip->flags = ssp->obj.co_flags; snprintf(sip->sname, sizeof(sip->sname), "%s", ssp->ss_name); return 0; } /* * Dump an entire tree into sysctl call */ static int smb_sysctl_treedump(SYSCTL_HANDLER_ARGS) { struct thread *td = req->td; struct smb_cred scred; struct smb_vc *vcp; struct smb_share *ssp; struct smb_vc_info vci; struct smb_share_info ssi; int error, itype; smb_makescred(&scred, td, td->td_ucred); sysctl_wire_old_buffer(req, 0); error = smb_sm_lockvclist(LK_SHARED, td); if (error) return error; SMBCO_FOREACH((struct smb_connobj*)vcp, &smb_vclist) { error = smb_vc_lock(vcp, LK_SHARED, td); if (error) continue; smb_vc_getinfo(vcp, &vci); error = SYSCTL_OUT(req, &vci, sizeof(struct smb_vc_info)); if (error) { smb_vc_unlock(vcp, 0, td); break; } SMBCO_FOREACH((struct smb_connobj*)ssp, VCTOCP(vcp)) { error = smb_share_lock(ssp, LK_SHARED, td); if (error) { error = 0; continue; } smb_share_getinfo(ssp, &ssi); smb_share_unlock(ssp, 0, td); error = SYSCTL_OUT(req, &ssi, sizeof(struct smb_share_info)); if (error) break; } smb_vc_unlock(vcp, 0, td); if (error) break; } if (!error) { itype = SMB_INFO_NONE; error = SYSCTL_OUT(req, &itype, sizeof(itype)); } smb_sm_unlockvclist(td); return error; } Index: head/sys/netsmb/smb_conn.h =================================================================== --- head/sys/netsmb/smb_conn.h (revision 124086) +++ head/sys/netsmb/smb_conn.h (revision 124087) @@ -1,464 +1,467 @@ /* * Copyright (c) 2000-2001 Boris Popov * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Boris Popov. * 4. Neither the name of the author nor the names of any co-contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ /* * Two levels of connection hierarchy */ #define SMBL_SM 0 #define SMBL_VC 1 #define SMBL_SHARE 2 #define SMBL_NUM 3 #define SMBL_NONE (-1) #define SMB_CS_NONE 0x0000 #define SMB_CS_UPPER 0x0001 /* convert passed string to upper case */ #define SMB_CS_LOWER 0x0002 /* convert passed string to lower case */ /* * Common object flags */ #define SMBO_GONE 0x1000000 /* * access modes */ #define SMBM_READ 0400 /* read conn attrs.(like list shares) */ #define SMBM_WRITE 0200 /* modify conn attrs */ #define SMBM_EXEC 0100 /* can send SMB requests */ #define SMBM_READGRP 0040 #define SMBM_WRITEGRP 0020 #define SMBM_EXECGRP 0010 #define SMBM_READOTH 0004 #define SMBM_WRITEOTH 0002 #define SMBM_EXECOTH 0001 #define SMBM_MASK 0777 #define SMBM_EXACT 010000 /* check for specified mode exactly */ #define SMBM_ALL (SMBM_READ | SMBM_WRITE | SMBM_EXEC) #define SMBM_DEFAULT (SMBM_READ | SMBM_WRITE | SMBM_EXEC) #define SMBM_ANY_OWNER ((uid_t)-1) #define SMBM_ANY_GROUP ((gid_t)-1) /* * VC flags */ #define SMBV_PERMANENT 0x0002 #define SMBV_LONGNAMES 0x0004 /* connection is configured to use long names */ #define SMBV_ENCRYPT 0x0008 /* server asked for encrypted password */ #define SMBV_WIN95 0x0010 /* used to apply bugfixes for this OS */ #define SMBV_PRIVATE 0x0020 /* connection can be used only by creator */ #define SMBV_RECONNECTING 0x0040 /* conn is in the process of reconnection */ #define SMBV_SINGLESHARE 0x0080 /* only one share connecting should be allowed */ #define SMBV_CREATE 0x0100 /* lookup for create operation */ /*#define SMBV_FAILED 0x0200*/ /* last reconnect attempt has failed */ #define SMBV_UNICODE 0x0400 /* connection is configured to use Unicode */ /* * smb_share flags */ #define SMBS_PERMANENT 0x0001 #define SMBS_RECONNECTING 0x0002 #define SMBS_CONNECTED 0x0004 /* * share types */ #define SMB_ST_DISK 0x0 /* A: */ #define SMB_ST_PRINTER 0x1 /* LPT: */ #define SMB_ST_PIPE 0x2 /* IPC */ #define SMB_ST_COMM 0x3 /* COMM */ #define SMB_ST_ANY 0x4 #define SMB_ST_MAX 0x4 #define SMB_ST_NONE 0xff /* not a part of protocol */ /* * Negotiated protocol parameters */ struct smb_sopt { int sv_proto; int16_t sv_tz; /* offset in min relative to UTC */ u_int32_t sv_maxtx; /* maximum transmit buf size */ u_char sv_sm; /* security mode */ u_int16_t sv_maxmux; /* max number of outstanding rq's */ u_int16_t sv_maxvcs; /* max number of VCs */ u_int16_t sv_rawmode; u_int32_t sv_maxraw; /* maximum raw-buffer size */ u_int32_t sv_skey; /* session key */ u_int32_t sv_caps; /* capabilities SMB_CAP_ */ }; /* * network IO daemon states */ enum smbiod_state { SMBIOD_ST_NOTCONN, /* no connect request was made */ SMBIOD_ST_RECONNECT, /* a [re]connect attempt is in progress */ SMBIOD_ST_TRANACTIVE, /* transport level is up */ SMBIOD_ST_VCACTIVE, /* session established */ SMBIOD_ST_DEAD /* connection broken, transport is down */ }; /* * Info structures */ #define SMB_INFO_NONE 0 #define SMB_INFO_VC 2 #define SMB_INFO_SHARE 3 struct smb_vc_info { int itype; int usecount; uid_t uid; /* user id of connection */ gid_t gid; /* group of connection */ mode_t mode; /* access mode */ int flags; enum smbiod_state iodstate; struct smb_sopt sopt; char srvname[SMB_MAXSRVNAMELEN + 1]; char vcname[128]; }; struct smb_share_info { int itype; int usecount; u_short tid; /* TID */ int type; /* share type */ uid_t uid; /* user id of connection */ gid_t gid; /* group of connection */ mode_t mode; /* access mode */ int flags; char sname[128]; }; #ifdef _KERNEL #include #include #define CONNADDREQ(a1,a2) ((a1)->sa_len == (a2)->sa_len && \ bcmp(a1, a2, (a1)->sa_len) == 0) struct smb_vc; struct smb_share; struct smb_cred; struct smb_rq; struct mbdata; struct smbioc_oshare; struct smbioc_ossn; struct uio; TAILQ_HEAD(smb_rqhead, smb_rq); #define SMB_DEFRQTIMO 5 #define SMB_DIALECT(vcp) ((vcp)->vc_sopt.sv_proto) struct smb_tran_desc; /* * Connection object */ struct smb_connobj; typedef void smb_co_gone_t (struct smb_connobj *cp, struct smb_cred *scred); typedef void smb_co_free_t (struct smb_connobj *cp); #define SMB_CO_LOCK(cp) smb_sl_lock(&(cp)->co_interlock) #define SMB_CO_UNLOCK(cp) smb_sl_unlock(&(cp)->co_interlock) struct smb_connobj { int co_level; /* SMBL_ */ int co_flags; struct lock co_lock; struct smb_slock co_interlock; int co_usecount; struct smb_connobj * co_parent; SLIST_HEAD(,smb_connobj)co_children; SLIST_ENTRY(smb_connobj)co_next; smb_co_gone_t * co_gone; smb_co_free_t * co_free; }; #define SMBCO_FOREACH(var, cp) SLIST_FOREACH((var), &(cp)->co_children, co_next) /* * Virtual Circuit (session) to a server. * This is the most (over)complicated part of SMB protocol. * For the user security level (usl), each session with different remote * user name has its own VC. * It is unclear however, should share security level (ssl) allow additional * VCs, because user name is not used and can be the same. On other hand, * multiple VCs allows us to create separate sessions to server on a per * user basis. */ /* * This lock protects vc_flags */ #define SMBC_ST_LOCK(vcp) smb_sl_lock(&(vcp)->vc_stlock) #define SMBC_ST_UNLOCK(vcp) smb_sl_unlock(&(vcp)->vc_stlock) struct smb_vc { struct smb_connobj obj; char * vc_srvname; struct sockaddr*vc_paddr; /* server addr */ struct sockaddr*vc_laddr; /* local addr, if any */ char * vc_username; char * vc_pass; /* password for usl case */ char * vc_domain; /* workgroup/primary domain */ u_int vc_timo; /* default request timeout */ int vc_maxvcs; /* maximum number of VC per connection */ void * vc_tolower; /* local charset */ void * vc_toupper; /* local charset */ void * vc_toserver; /* local charset to server one */ void * vc_tolocal; /* server charset to local one */ int vc_number; /* number of this VC from the client side */ int vc_genid; uid_t vc_uid; /* user id of connection */ gid_t vc_grp; /* group of connection */ mode_t vc_mode; /* access mode */ struct tnode * vc_tnode; /* backing object */ u_short vc_smbuid; /* unique vc id assigned by server */ u_char vc_hflags; /* or'ed with flags in the smb header */ u_short vc_hflags2; /* or'ed with flags in the smb header */ void * vc_tdata; /* transport control block */ struct smb_tran_desc *vc_tdesc; int vc_chlen; /* actual challenge length */ u_char vc_ch[SMB_MAXCHALLENGELEN]; u_short vc_mid; /* multiplex id */ struct smb_sopt vc_sopt; /* server options */ int vc_txmax; /* max tx/rx packet size */ int vc_rxmax; /* max readx data size */ int vc_wxmax; /* max writex data size */ struct smbiod * vc_iod; struct smb_slock vc_stlock; + u_int32_t vc_seqno; /* my next sequence number */ + u_int8_t *vc_mackey; /* MAC key */ + int vc_mackeylen; /* length of MAC key */ }; #define vc_maxmux vc_sopt.sv_maxmux #define vc_flags obj.co_flags #define SMB_UNICODE_STRINGS(vcp) ((vcp)->vc_hflags2 & SMB_FLAGS2_UNICODE) /* * smb_share structure describes connection to the given SMB share (tree). * Connection to share is always built on top of the VC. */ /* * This lock protects ss_flags */ #define SMBS_ST_LOCK(ssp) smb_sl_lock(&(ssp)->ss_stlock) #define SMBS_ST_LOCKPTR(ssp) (&(ssp)->ss_stlock) #define SMBS_ST_UNLOCK(ssp) smb_sl_unlock(&(ssp)->ss_stlock) struct smb_share { struct smb_connobj obj; char * ss_name; u_short ss_tid; /* TID */ int ss_type; /* share type */ uid_t ss_uid; /* user id of connection */ gid_t ss_grp; /* group of connection */ mode_t ss_mode; /* access mode */ int ss_vcgenid; char * ss_pass; /* password to a share, can be null */ struct smb_slock ss_stlock; }; #define ss_flags obj.co_flags #define CPTOVC(cp) ((struct smb_vc*)(cp)) #define VCTOCP(vcp) (&(vcp)->obj) #define CPTOSS(cp) ((struct smb_share*)(cp)) #define SSTOVC(ssp) CPTOVC(((ssp)->obj.co_parent)) #define SSTOCP(ssp) (&(ssp)->obj) struct smb_vcspec { char * srvname; struct sockaddr*sap; struct sockaddr*lap; int flags; char * username; char * pass; char * domain; mode_t mode; mode_t rights; uid_t owner; gid_t group; char * localcs; char * servercs; struct smb_sharespec *shspec; struct smb_share *ssp; /* returned */ /* * The rest is an internal data */ struct smb_cred *scred; }; struct smb_sharespec { char * name; char * pass; mode_t mode; mode_t rights; uid_t owner; gid_t group; int stype; /* * The rest is an internal data */ struct smb_cred *scred; }; /* * Session level functions */ int smb_sm_init(void); int smb_sm_done(void); int smb_sm_lookup(struct smb_vcspec *vcspec, struct smb_sharespec *shspec, struct smb_cred *scred, struct smb_vc **vcpp); /* * Connection object */ void smb_co_ref(struct smb_connobj *cp); void smb_co_rele(struct smb_connobj *cp, struct smb_cred *scred); int smb_co_get(struct smb_connobj *cp, int flags, struct smb_cred *scred); void smb_co_put(struct smb_connobj *cp, struct smb_cred *scred); int smb_co_lock(struct smb_connobj *cp, int flags, struct thread *td); void smb_co_unlock(struct smb_connobj *cp, int flags, struct thread *td); /* * session level functions */ int smb_vc_create(struct smb_vcspec *vcspec, struct smb_cred *scred, struct smb_vc **vcpp); int smb_vc_connect(struct smb_vc *vcp, struct smb_cred *scred); int smb_vc_access(struct smb_vc *vcp, struct smb_cred *scred, mode_t mode); int smb_vc_get(struct smb_vc *vcp, int flags, struct smb_cred *scred); void smb_vc_put(struct smb_vc *vcp, struct smb_cred *scred); void smb_vc_ref(struct smb_vc *vcp); void smb_vc_rele(struct smb_vc *vcp, struct smb_cred *scred); int smb_vc_lock(struct smb_vc *vcp, int flags, struct thread *td); void smb_vc_unlock(struct smb_vc *vcp, int flags, struct thread *td); int smb_vc_lookupshare(struct smb_vc *vcp, struct smb_sharespec *shspec, struct smb_cred *scred, struct smb_share **sspp); const char * smb_vc_getpass(struct smb_vc *vcp); u_short smb_vc_nextmid(struct smb_vc *vcp); /* * share level functions */ int smb_share_create(struct smb_vc *vcp, struct smb_sharespec *shspec, struct smb_cred *scred, struct smb_share **sspp); int smb_share_access(struct smb_share *ssp, struct smb_cred *scred, mode_t mode); void smb_share_ref(struct smb_share *ssp); void smb_share_rele(struct smb_share *ssp, struct smb_cred *scred); int smb_share_get(struct smb_share *ssp, int flags, struct smb_cred *scred); void smb_share_put(struct smb_share *ssp, struct smb_cred *scred); int smb_share_lock(struct smb_share *ssp, int flags, struct thread *td); void smb_share_unlock(struct smb_share *ssp, int flags, struct thread *td); void smb_share_invalidate(struct smb_share *ssp); int smb_share_valid(struct smb_share *ssp); const char * smb_share_getpass(struct smb_share *ssp); /* * SMB protocol level functions */ int smb_smb_negotiate(struct smb_vc *vcp, struct smb_cred *scred); int smb_smb_ssnsetup(struct smb_vc *vcp, struct smb_cred *scred); int smb_smb_ssnclose(struct smb_vc *vcp, struct smb_cred *scred); int smb_smb_treeconnect(struct smb_share *ssp, struct smb_cred *scred); int smb_smb_treedisconnect(struct smb_share *ssp, struct smb_cred *scred); int smb_read(struct smb_share *ssp, u_int16_t fid, struct uio *uio, struct smb_cred *scred); int smb_write(struct smb_share *ssp, u_int16_t fid, struct uio *uio, struct smb_cred *scred); int smb_smb_echo(struct smb_vc *vcp, struct smb_cred *scred); /* * smbiod thread */ #define SMBIOD_EV_NEWRQ 0x0001 #define SMBIOD_EV_SHUTDOWN 0x0002 #define SMBIOD_EV_CONNECT 0x0003 #define SMBIOD_EV_DISCONNECT 0x0004 #define SMBIOD_EV_TREECONNECT 0x0005 #define SMBIOD_EV_MASK 0x00ff #define SMBIOD_EV_SYNC 0x0100 #define SMBIOD_EV_PROCESSING 0x0200 struct smbiod_event { int ev_type; int ev_error; void * ev_ident; STAILQ_ENTRY(smbiod_event) ev_link; }; #define SMBIOD_SHUTDOWN 0x0001 struct smbiod { int iod_id; int iod_flags; enum smbiod_state iod_state; int iod_muxcnt; /* number of active outstanding requests */ int iod_sleeptimo; struct smb_vc * iod_vc; struct smb_slock iod_rqlock; /* iod_rqlist, iod_muxwant */ struct smb_rqhead iod_rqlist; /* list of outstanding requests */ int iod_muxwant; struct proc * iod_p; struct thread * iod_td; struct smb_cred iod_scred; struct smb_slock iod_evlock; /* iod_evlist */ STAILQ_HEAD(,smbiod_event) iod_evlist; struct timespec iod_lastrqsent; struct timespec iod_pingtimo; }; int smb_iod_init(void); int smb_iod_done(void); int smb_iod_create(struct smb_vc *vcp); int smb_iod_destroy(struct smbiod *iod); int smb_iod_request(struct smbiod *iod, int event, void *ident); int smb_iod_addrq(struct smb_rq *rqp); int smb_iod_waitrq(struct smb_rq *rqp); int smb_iod_removerq(struct smb_rq *rqp); #endif /* _KERNEL */ Index: head/sys/netsmb/smb_crypt.c =================================================================== --- head/sys/netsmb/smb_crypt.c (revision 124086) +++ head/sys/netsmb/smb_crypt.c (revision 124087) @@ -1,148 +1,339 @@ /* * Copyright (c) 2000-2001, Boris Popov * All rights reserved. * + * Copyright (c) 2003, 2004 Tim J. Robbins. + * All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Boris Popov. * 4. Neither the name of the author nor the names of any co-contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include - +#include +#include +#include #include +#include #include #include #include #include +#include #include #include "opt_netsmb.h" #ifdef NETSMBCRYPTO #include static u_char N8[] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25}; static void smb_E(const u_char *key, u_char *data, u_char *dest) { des_key_schedule *ksp; u_char kk[8]; kk[0] = key[0] & 0xfe; kk[1] = key[0] << 7 | (key[1] >> 1 & 0xfe); kk[2] = key[1] << 6 | (key[2] >> 2 & 0xfe); kk[3] = key[2] << 5 | (key[3] >> 3 & 0xfe); kk[4] = key[3] << 4 | (key[4] >> 4 & 0xfe); kk[5] = key[4] << 3 | (key[5] >> 5 & 0xfe); kk[6] = key[5] << 2 | (key[6] >> 6 & 0xfe); kk[7] = key[6] << 1; ksp = malloc(sizeof(des_key_schedule), M_SMBTEMP, M_WAITOK); des_set_key((des_cblock *)kk, *ksp); des_ecb_encrypt((des_cblock *)data, (des_cblock *)dest, *ksp, 1); free(ksp, M_SMBTEMP); } #endif int smb_encrypt(const u_char *apwd, u_char *C8, u_char *RN) { #ifdef NETSMBCRYPTO u_char *p, *P14, *S21; p = malloc(14 + 21, M_SMBTEMP, M_WAITOK); bzero(p, 14 + 21); P14 = p; S21 = p + 14; bcopy(apwd, P14, min(14, strlen(apwd))); /* * S21 = concat(Ex(P14, N8), zeros(5)); */ smb_E(P14, N8, S21); smb_E(P14 + 7, N8, S21 + 8); smb_E(S21, C8, RN); smb_E(S21 + 7, C8, RN + 8); smb_E(S21 + 14, C8, RN + 16); free(p, M_SMBTEMP); return 0; #else SMBERROR("password encryption is not available\n"); bzero(RN, 24); return EAUTH; #endif } int smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN) { #ifdef NETSMBCRYPTO u_char S21[21]; u_int16_t *unipwd; MD4_CTX *ctxp; int len; len = strlen(apwd); unipwd = malloc((len + 1) * sizeof(u_int16_t), M_SMBTEMP, M_WAITOK); /* * S21 = concat(MD4(U(apwd)), zeros(5)); */ smb_strtouni(unipwd, apwd); ctxp = malloc(sizeof(MD4_CTX), M_SMBTEMP, M_WAITOK); MD4Init(ctxp); MD4Update(ctxp, (u_char*)unipwd, len * sizeof(u_int16_t)); free(unipwd, M_SMBTEMP); bzero(S21, 21); MD4Final(S21, ctxp); free(ctxp, M_SMBTEMP); smb_E(S21, C8, RN); smb_E(S21 + 7, C8, RN + 8); smb_E(S21 + 14, C8, RN + 16); return 0; #else SMBERROR("password encryption is not available\n"); bzero(RN, 24); return EAUTH; #endif } +/* + * Calculate message authentication code (MAC) key for virtual circuit. + */ +int +smb_calcmackey(struct smb_vc *vcp) +{ +#ifdef NETSMBCRYPTO + const char *pwd; + u_int16_t *unipwd; + int len; + MD4_CTX md4; + u_char S16[16], S21[21]; + + KASSERT(vcp->vc_hflags2 & SMB_FLAGS2_SECURITY_SIGNATURE, + ("signatures not enabled")); + + if (vcp->vc_mackey != NULL) { + free(vcp->vc_mackey, M_SMBTEMP); + vcp->vc_mackey = NULL; + vcp->vc_mackeylen = 0; + vcp->vc_seqno = 0; + } + + /* + * The partial MAC key is the concatenation of the 16 byte session + * key and the 24 byte challenge response. + */ + vcp->vc_mackeylen = 16 + 24; + vcp->vc_mackey = malloc(vcp->vc_mackeylen, M_SMBTEMP, M_WAITOK); + + /* + * Calculate session key: + * MD4(MD4(U(PN))) + */ + pwd = smb_vc_getpass(vcp); + len = strlen(pwd); + unipwd = malloc((len + 1) * sizeof(u_int16_t), M_SMBTEMP, M_WAITOK); + smb_strtouni(unipwd, pwd); + MD4Init(&md4); + MD4Update(&md4, (u_char *)unipwd, len * sizeof(u_int16_t)); + MD4Final(S16, &md4); + MD4Init(&md4); + MD4Update(&md4, S16, 16); + MD4Final(vcp->vc_mackey, &md4); + free(unipwd, M_SMBTEMP); + + /* + * Calculate response to challenge: + * Ex(concat(MD4(U(pass)), zeros(5)), C8) + */ + bzero(S21, 21); + bcopy(S16, S21, 16); + smb_E(S21, vcp->vc_ch, vcp->vc_mackey + 16); + smb_E(S21 + 7, vcp->vc_ch, vcp->vc_mackey + 24); + smb_E(S21 + 14, vcp->vc_ch, vcp->vc_mackey + 32); + + return (0); +#else + panic("smb_calcmackey: encryption not available"); + return (0); +#endif /* NETSMBCRYPTO */ +} + +/* + * Sign request with MAC. + */ +int +smb_rq_sign(struct smb_rq *rqp) +{ +#ifdef NETSMBCRYPTO + struct smb_vc *vcp = rqp->sr_vc; + struct mbchain *mbp; + struct mbuf *mb; + MD5_CTX md5; + u_char digest[16]; + + KASSERT(vcp->vc_hflags2 & SMB_FLAGS2_SECURITY_SIGNATURE, + ("signatures not enabled")); + + if (vcp->vc_mackey == NULL) + /* XXX Should assert that cmd == SMB_COM_NEGOTIATE. */ + return (0); + + /* + * This is a bit of a kludge. If the request is non-TRANSACTION, + * or it is the first request of a transaction, give it the next + * sequence number, and expect the reply to have the sequence number + * following that one. Otherwise, it is a secondary request in + * a transaction, and it gets the same sequence numbers as the + * primary request. + */ + if (rqp->sr_t2 == NULL || + (rqp->sr_t2->t2_flags & SMBT2_SECONDARY) == 0) { + rqp->sr_seqno = vcp->vc_seqno++; + rqp->sr_rseqno = vcp->vc_seqno++; + } else { + /* + * Sequence numbers are already in the struct because + * smb_t2_request_int() uses the same one for all the + * requests in the transaction. + * (At least we hope so.) + */ + KASSERT(rqp->sr_t2 == NULL || + (rqp->sr_t2->t2_flags & SMBT2_SECONDARY) == 0 || + rqp->sr_t2->t2_rq == rqp, + ("sec t2 rq not using same smb_rq")); + } + + /* Initialize sec. signature field to sequence number + zeros. */ + *(u_int32_t *)rqp->sr_rqsig = htole32(rqp->sr_seqno); + *(u_int32_t *)(rqp->sr_rqsig + 4) = 0; + + /* + * Compute HMAC-MD5 of packet data, keyed by MAC key. + * Store the first 8 bytes in the sec. signature field. + */ + smb_rq_getrequest(rqp, &mbp); + MD5Init(&md5); + MD5Update(&md5, vcp->vc_mackey, vcp->vc_mackeylen); + for (mb = mbp->mb_top; mb != NULL; mb = mb->m_next) + MD5Update(&md5, mtod(mb, void *), mb->m_len); + MD5Final(digest, &md5); + bcopy(digest, rqp->sr_rqsig, 8); + + return (0); +#else + panic("smb_rq_sign: encryption not available"); + return (0); +#endif /* NETSMBCRYPTO */ +} + +/* + * Verify reply signature. + */ +int +smb_rq_verify(struct smb_rq *rqp) +{ +#ifdef NETSMBCRYPTO + struct smb_vc *vcp = rqp->sr_vc; + struct mdchain *mdp; + u_char sigbuf[8]; + MD5_CTX md5; + u_char digest[16]; + struct mbuf *mb; + + KASSERT(vcp->vc_hflags2 & SMB_FLAGS2_SECURITY_SIGNATURE, + ("signatures not enabled")); + + if (vcp->vc_mackey == NULL) + /* XXX Should check that this is a SMB_COM_NEGOTIATE reply. */ + return (0); + + /* + * Compute HMAC-MD5 of packet data, keyed by MAC key. + * We play games to pretend the security signature field + * contains their sequence number, to avoid modifying + * the packet itself. + */ + smb_rq_getreply(rqp, &mdp); + mb = mdp->md_top; + KASSERT(mb->m_len >= SMB_HDRLEN, ("forgot to m_pullup")); + MD5Init(&md5); + MD5Update(&md5, vcp->vc_mackey, vcp->vc_mackeylen); + MD5Update(&md5, mtod(mb, void *), 14); + *(u_int32_t *)sigbuf = htole32(rqp->sr_rseqno); + *(u_int32_t *)(sigbuf + 4) = 0; + MD5Update(&md5, sigbuf, 8); + MD5Update(&md5, mtod(mb, u_char *) + 22, mb->m_len - 22); + for (mb = mb->m_next; mb != NULL; mb = mb->m_next) + MD5Update(&md5, mtod(mb, void *), mb->m_len); + MD5Final(digest, &md5); + + /* + * Now verify the signature. + */ + if (bcmp(mtod(mdp->md_top, u_char *) + 14, digest, 8) != 0) + return (EAUTH); + + return (0); +#else + panic("smb_rq_verify: encryption not available"); + return (0); +#endif /* NETSMBCRYPTO */ +} Index: head/sys/netsmb/smb_iod.c =================================================================== --- head/sys/netsmb/smb_iod.c (revision 124086) +++ head/sys/netsmb/smb_iod.c (revision 124087) @@ -1,721 +1,723 @@ /* * Copyright (c) 2000-2001 Boris Popov * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Boris Popov. * 4. Neither the name of the author nor the names of any co-contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define SMBIOD_SLEEP_TIMO 2 #define SMBIOD_PING_TIMO 60 /* seconds */ #define SMB_IOD_EVLOCKPTR(iod) (&((iod)->iod_evlock)) #define SMB_IOD_EVLOCK(iod) smb_sl_lock(&((iod)->iod_evlock)) #define SMB_IOD_EVUNLOCK(iod) smb_sl_unlock(&((iod)->iod_evlock)) #define SMB_IOD_RQLOCKPTR(iod) (&((iod)->iod_rqlock)) #define SMB_IOD_RQLOCK(iod) smb_sl_lock(&((iod)->iod_rqlock)) #define SMB_IOD_RQUNLOCK(iod) smb_sl_unlock(&((iod)->iod_rqlock)) #define smb_iod_wakeup(iod) wakeup(&(iod)->iod_flags) static MALLOC_DEFINE(M_SMBIOD, "SMBIOD", "SMB network io daemon"); static int smb_iod_next; static int smb_iod_sendall(struct smbiod *iod); static int smb_iod_disconnect(struct smbiod *iod); static void smb_iod_thread(void *); static __inline void smb_iod_rqprocessed(struct smb_rq *rqp, int error) { SMBRQ_SLOCK(rqp); rqp->sr_lerror = error; rqp->sr_rpgen++; rqp->sr_state = SMBRQ_NOTIFIED; wakeup(&rqp->sr_state); SMBRQ_SUNLOCK(rqp); } static void smb_iod_invrq(struct smbiod *iod) { struct smb_rq *rqp; /* * Invalidate all outstanding requests for this connection */ SMB_IOD_RQLOCK(iod); TAILQ_FOREACH(rqp, &iod->iod_rqlist, sr_link) { if (rqp->sr_flags & SMBR_INTERNAL) SMBRQ_SUNLOCK(rqp); rqp->sr_flags |= SMBR_RESTART; smb_iod_rqprocessed(rqp, ENOTCONN); } SMB_IOD_RQUNLOCK(iod); } static void smb_iod_closetran(struct smbiod *iod) { struct smb_vc *vcp = iod->iod_vc; struct thread *td = iod->iod_td; if (vcp->vc_tdata == NULL) return; SMB_TRAN_DISCONNECT(vcp, td); SMB_TRAN_DONE(vcp, td); vcp->vc_tdata = NULL; } static void smb_iod_dead(struct smbiod *iod) { iod->iod_state = SMBIOD_ST_DEAD; smb_iod_closetran(iod); smb_iod_invrq(iod); } static int smb_iod_connect(struct smbiod *iod) { struct smb_vc *vcp = iod->iod_vc; struct thread *td = iod->iod_td; int error; SMBIODEBUG("%d\n", iod->iod_state); switch(iod->iod_state) { case SMBIOD_ST_VCACTIVE: SMBERROR("called for already opened connection\n"); return EISCONN; case SMBIOD_ST_DEAD: return ENOTCONN; /* XXX: last error code ? */ default: break; } vcp->vc_genid++; error = 0; error = (int)SMB_TRAN_CREATE(vcp, td); if (error) goto fail; SMBIODEBUG("tcreate\n"); if (vcp->vc_laddr) { error = (int)SMB_TRAN_BIND(vcp, vcp->vc_laddr, td); if (error) goto fail; } SMBIODEBUG("tbind\n"); error = (int)SMB_TRAN_CONNECT(vcp, vcp->vc_paddr, td); if (error) goto fail; SMB_TRAN_SETPARAM(vcp, SMBTP_SELECTID, &iod->iod_flags); iod->iod_state = SMBIOD_ST_TRANACTIVE; SMBIODEBUG("tconnect\n"); /* vcp->vc_mid = 0;*/ error = (int)smb_smb_negotiate(vcp, &iod->iod_scred); if (error) goto fail; SMBIODEBUG("snegotiate\n"); error = (int)smb_smb_ssnsetup(vcp, &iod->iod_scred); if (error) goto fail; iod->iod_state = SMBIOD_ST_VCACTIVE; SMBIODEBUG("completed\n"); smb_iod_invrq(iod); return (0); fail: smb_iod_dead(iod); return (error); } static int smb_iod_disconnect(struct smbiod *iod) { struct smb_vc *vcp = iod->iod_vc; SMBIODEBUG("\n"); if (iod->iod_state == SMBIOD_ST_VCACTIVE) { smb_smb_ssnclose(vcp, &iod->iod_scred); iod->iod_state = SMBIOD_ST_TRANACTIVE; } vcp->vc_smbuid = SMB_UID_UNKNOWN; smb_iod_closetran(iod); iod->iod_state = SMBIOD_ST_NOTCONN; return 0; } static int smb_iod_treeconnect(struct smbiod *iod, struct smb_share *ssp) { int error; if (iod->iod_state != SMBIOD_ST_VCACTIVE) { if (iod->iod_state != SMBIOD_ST_DEAD) return ENOTCONN; iod->iod_state = SMBIOD_ST_RECONNECT; error = smb_iod_connect(iod); if (error) return error; } SMBIODEBUG("tree reconnect\n"); SMBS_ST_LOCK(ssp); ssp->ss_flags |= SMBS_RECONNECTING; SMBS_ST_UNLOCK(ssp); error = smb_smb_treeconnect(ssp, &iod->iod_scred); SMBS_ST_LOCK(ssp); ssp->ss_flags &= ~SMBS_RECONNECTING; SMBS_ST_UNLOCK(ssp); wakeup(&ssp->ss_vcgenid); return error; } static int smb_iod_sendrq(struct smbiod *iod, struct smb_rq *rqp) { struct thread *td = iod->iod_td; struct smb_vc *vcp = iod->iod_vc; struct smb_share *ssp = rqp->sr_share; struct mbuf *m; int error; SMBIODEBUG("iod_state = %d\n", iod->iod_state); switch (iod->iod_state) { case SMBIOD_ST_NOTCONN: smb_iod_rqprocessed(rqp, ENOTCONN); return 0; case SMBIOD_ST_DEAD: iod->iod_state = SMBIOD_ST_RECONNECT; return 0; case SMBIOD_ST_RECONNECT: return 0; default: break; } if (rqp->sr_sendcnt == 0) { #ifdef movedtoanotherplace if (vcp->vc_maxmux != 0 && iod->iod_muxcnt >= vcp->vc_maxmux) return 0; #endif *rqp->sr_rqtid = htole16(ssp ? ssp->ss_tid : SMB_TID_UNKNOWN); *rqp->sr_rquid = htole16(vcp ? vcp->vc_smbuid : 0); mb_fixhdr(&rqp->sr_rq); + if (vcp->vc_hflags2 & SMB_FLAGS2_SECURITY_SIGNATURE) + smb_rq_sign(rqp); } if (rqp->sr_sendcnt++ > 5) { rqp->sr_flags |= SMBR_RESTART; smb_iod_rqprocessed(rqp, rqp->sr_lerror); /* * If all attempts to send a request failed, then * something is seriously hosed. */ return ENOTCONN; } SMBSDEBUG("M:%04x, P:%04x, U:%04x, T:%04x\n", rqp->sr_mid, 0, 0, 0); m_dumpm(rqp->sr_rq.mb_top); m = m_copym(rqp->sr_rq.mb_top, 0, M_COPYALL, M_TRYWAIT); error = rqp->sr_lerror = m ? SMB_TRAN_SEND(vcp, m, td) : ENOBUFS; if (error == 0) { getnanotime(&rqp->sr_timesent); iod->iod_lastrqsent = rqp->sr_timesent; rqp->sr_flags |= SMBR_SENT; rqp->sr_state = SMBRQ_SENT; return 0; } /* * Check for fatal errors */ if (SMB_TRAN_FATAL(vcp, error)) { /* * No further attempts should be made */ return ENOTCONN; } if (smb_rq_intr(rqp)) smb_iod_rqprocessed(rqp, EINTR); return 0; } /* * Process incoming packets */ static int smb_iod_recvall(struct smbiod *iod) { struct smb_vc *vcp = iod->iod_vc; struct thread *td = iod->iod_td; struct smb_rq *rqp; struct mbuf *m; u_char *hp; u_short mid; int error; switch (iod->iod_state) { case SMBIOD_ST_NOTCONN: case SMBIOD_ST_DEAD: case SMBIOD_ST_RECONNECT: return 0; default: break; } for (;;) { m = NULL; error = SMB_TRAN_RECV(vcp, &m, td); if (error == EWOULDBLOCK) break; if (SMB_TRAN_FATAL(vcp, error)) { smb_iod_dead(iod); break; } if (error) break; if (m == NULL) { SMBERROR("tran return NULL without error\n"); error = EPIPE; continue; } m = m_pullup(m, SMB_HDRLEN); if (m == NULL) continue; /* wait for a good packet */ /* * Now we got an entire and possibly invalid SMB packet. * Be careful while parsing it. */ m_dumpm(m); hp = mtod(m, u_char*); if (bcmp(hp, SMB_SIGNATURE, SMB_SIGLEN) != 0) { m_freem(m); continue; } mid = SMB_HDRMID(hp); SMBSDEBUG("mid %04x\n", (u_int)mid); SMB_IOD_RQLOCK(iod); TAILQ_FOREACH(rqp, &iod->iod_rqlist, sr_link) { if (rqp->sr_mid != mid) continue; SMBRQ_SLOCK(rqp); if (rqp->sr_rp.md_top == NULL) { md_initm(&rqp->sr_rp, m); } else { if (rqp->sr_flags & SMBR_MULTIPACKET) { md_append_record(&rqp->sr_rp, m); } else { SMBRQ_SUNLOCK(rqp); SMBERROR("duplicate response %d (ignored)\n", mid); break; } } SMBRQ_SUNLOCK(rqp); smb_iod_rqprocessed(rqp, 0); break; } SMB_IOD_RQUNLOCK(iod); if (rqp == NULL) { SMBERROR("drop resp with mid %d\n", (u_int)mid); /* smb_printrqlist(vcp);*/ m_freem(m); } } /* * check for interrupts */ SMB_IOD_RQLOCK(iod); TAILQ_FOREACH(rqp, &iod->iod_rqlist, sr_link) { if (smb_td_intr(rqp->sr_cred->scr_td)) { smb_iod_rqprocessed(rqp, EINTR); } } SMB_IOD_RQUNLOCK(iod); return 0; } int smb_iod_request(struct smbiod *iod, int event, void *ident) { struct smbiod_event *evp; int error; SMBIODEBUG("\n"); evp = smb_zmalloc(sizeof(*evp), M_SMBIOD, M_WAITOK); evp->ev_type = event; evp->ev_ident = ident; SMB_IOD_EVLOCK(iod); STAILQ_INSERT_TAIL(&iod->iod_evlist, evp, ev_link); if ((event & SMBIOD_EV_SYNC) == 0) { SMB_IOD_EVUNLOCK(iod); smb_iod_wakeup(iod); return 0; } smb_iod_wakeup(iod); msleep(evp, SMB_IOD_EVLOCKPTR(iod), PWAIT | PDROP, "90evw", 0); error = evp->ev_error; free(evp, M_SMBIOD); return error; } /* * Place request in the queue. * Request from smbiod have a high priority. */ int smb_iod_addrq(struct smb_rq *rqp) { struct smb_vc *vcp = rqp->sr_vc; struct smbiod *iod = vcp->vc_iod; int error; SMBIODEBUG("\n"); if (rqp->sr_cred->scr_td != NULL && rqp->sr_cred->scr_td->td_proc == iod->iod_p) { rqp->sr_flags |= SMBR_INTERNAL; SMB_IOD_RQLOCK(iod); TAILQ_INSERT_HEAD(&iod->iod_rqlist, rqp, sr_link); SMB_IOD_RQUNLOCK(iod); for (;;) { if (smb_iod_sendrq(iod, rqp) != 0) { smb_iod_dead(iod); break; } /* * we don't need to lock state field here */ if (rqp->sr_state != SMBRQ_NOTSENT) break; tsleep(&iod->iod_flags, PWAIT, "90sndw", hz); } if (rqp->sr_lerror) smb_iod_removerq(rqp); return rqp->sr_lerror; } switch (iod->iod_state) { case SMBIOD_ST_NOTCONN: return ENOTCONN; case SMBIOD_ST_DEAD: error = smb_iod_request(vcp->vc_iod, SMBIOD_EV_CONNECT | SMBIOD_EV_SYNC, NULL); if (error) return error; return EXDEV; default: break; } SMB_IOD_RQLOCK(iod); for (;;) { if (vcp->vc_maxmux == 0) { SMBERROR("maxmux == 0\n"); break; } if (iod->iod_muxcnt < vcp->vc_maxmux) break; iod->iod_muxwant++; msleep(&iod->iod_muxwant, SMB_IOD_RQLOCKPTR(iod), PWAIT, "90mux", 0); } iod->iod_muxcnt++; TAILQ_INSERT_TAIL(&iod->iod_rqlist, rqp, sr_link); SMB_IOD_RQUNLOCK(iod); smb_iod_wakeup(iod); return 0; } int smb_iod_removerq(struct smb_rq *rqp) { struct smb_vc *vcp = rqp->sr_vc; struct smbiod *iod = vcp->vc_iod; SMBIODEBUG("\n"); if (rqp->sr_flags & SMBR_INTERNAL) { SMB_IOD_RQLOCK(iod); TAILQ_REMOVE(&iod->iod_rqlist, rqp, sr_link); SMB_IOD_RQUNLOCK(iod); return 0; } SMB_IOD_RQLOCK(iod); while (rqp->sr_flags & SMBR_XLOCK) { rqp->sr_flags |= SMBR_XLOCKWANT; msleep(rqp, SMB_IOD_RQLOCKPTR(iod), PWAIT, "90xrm", 0); } TAILQ_REMOVE(&iod->iod_rqlist, rqp, sr_link); iod->iod_muxcnt--; if (iod->iod_muxwant) { iod->iod_muxwant--; wakeup(&iod->iod_muxwant); } SMB_IOD_RQUNLOCK(iod); return 0; } int smb_iod_waitrq(struct smb_rq *rqp) { struct smbiod *iod = rqp->sr_vc->vc_iod; int error; SMBIODEBUG("\n"); if (rqp->sr_flags & SMBR_INTERNAL) { for (;;) { smb_iod_sendall(iod); smb_iod_recvall(iod); if (rqp->sr_rpgen != rqp->sr_rplast) break; tsleep(&iod->iod_flags, PWAIT, "90irq", hz); } smb_iod_removerq(rqp); return rqp->sr_lerror; } SMBRQ_SLOCK(rqp); if (rqp->sr_rpgen == rqp->sr_rplast) msleep(&rqp->sr_state, SMBRQ_SLOCKPTR(rqp), PWAIT, "90wrq", 0); rqp->sr_rplast++; SMBRQ_SUNLOCK(rqp); error = rqp->sr_lerror; if (rqp->sr_flags & SMBR_MULTIPACKET) { /* * If request should stay in the list, then reinsert it * at the end of queue so other waiters have chance to concur */ SMB_IOD_RQLOCK(iod); TAILQ_REMOVE(&iod->iod_rqlist, rqp, sr_link); TAILQ_INSERT_TAIL(&iod->iod_rqlist, rqp, sr_link); SMB_IOD_RQUNLOCK(iod); } else smb_iod_removerq(rqp); return error; } static int smb_iod_sendall(struct smbiod *iod) { struct smb_vc *vcp = iod->iod_vc; struct smb_rq *rqp; struct timespec ts, tstimeout; int herror; herror = 0; /* * Loop through the list of requests and send them if possible */ SMB_IOD_RQLOCK(iod); TAILQ_FOREACH(rqp, &iod->iod_rqlist, sr_link) { switch (rqp->sr_state) { case SMBRQ_NOTSENT: rqp->sr_flags |= SMBR_XLOCK; SMB_IOD_RQUNLOCK(iod); herror = smb_iod_sendrq(iod, rqp); SMB_IOD_RQLOCK(iod); rqp->sr_flags &= ~SMBR_XLOCK; if (rqp->sr_flags & SMBR_XLOCKWANT) { rqp->sr_flags &= ~SMBR_XLOCKWANT; wakeup(rqp); } break; case SMBRQ_SENT: SMB_TRAN_GETPARAM(vcp, SMBTP_TIMEOUT, &tstimeout); timespecadd(&tstimeout, &tstimeout); getnanotime(&ts); timespecsub(&ts, &tstimeout); if (timespeccmp(&ts, &rqp->sr_timesent, >)) { smb_iod_rqprocessed(rqp, ETIMEDOUT); } break; default: break; } if (herror) break; } SMB_IOD_RQUNLOCK(iod); if (herror == ENOTCONN) smb_iod_dead(iod); return 0; } /* * "main" function for smbiod daemon */ static __inline void smb_iod_main(struct smbiod *iod) { /* struct smb_vc *vcp = iod->iod_vc;*/ struct smbiod_event *evp; /* struct timespec tsnow;*/ int error; SMBIODEBUG("\n"); error = 0; /* * Check all interesting events */ for (;;) { SMB_IOD_EVLOCK(iod); evp = STAILQ_FIRST(&iod->iod_evlist); if (evp == NULL) { SMB_IOD_EVUNLOCK(iod); break; } STAILQ_REMOVE_HEAD(&iod->iod_evlist, ev_link); evp->ev_type |= SMBIOD_EV_PROCESSING; SMB_IOD_EVUNLOCK(iod); switch (evp->ev_type & SMBIOD_EV_MASK) { case SMBIOD_EV_CONNECT: iod->iod_state = SMBIOD_ST_RECONNECT; evp->ev_error = smb_iod_connect(iod); break; case SMBIOD_EV_DISCONNECT: evp->ev_error = smb_iod_disconnect(iod); break; case SMBIOD_EV_TREECONNECT: evp->ev_error = smb_iod_treeconnect(iod, evp->ev_ident); break; case SMBIOD_EV_SHUTDOWN: iod->iod_flags |= SMBIOD_SHUTDOWN; break; case SMBIOD_EV_NEWRQ: break; } if (evp->ev_type & SMBIOD_EV_SYNC) { SMB_IOD_EVLOCK(iod); wakeup(evp); SMB_IOD_EVUNLOCK(iod); } else free(evp, M_SMBIOD); } #if 0 if (iod->iod_state == SMBIOD_ST_VCACTIVE) { getnanotime(&tsnow); timespecsub(&tsnow, &iod->iod_pingtimo); if (timespeccmp(&tsnow, &iod->iod_lastrqsent, >)) { smb_smb_echo(vcp, &iod->iod_scred); } } #endif smb_iod_sendall(iod); smb_iod_recvall(iod); return; } void smb_iod_thread(void *arg) { struct smbiod *iod = arg; mtx_lock(&Giant); /* * Here we assume that the thread structure will be the same * for an entire kthread (kproc, to be more precise) life. */ iod->iod_td = curthread; smb_makescred(&iod->iod_scred, iod->iod_td, NULL); while ((iod->iod_flags & SMBIOD_SHUTDOWN) == 0) { smb_iod_main(iod); SMBIODEBUG("going to sleep for %d ticks\n", iod->iod_sleeptimo); /* mtx_unlock(&Giant, MTX_DEF);*/ if (iod->iod_flags & SMBIOD_SHUTDOWN) break; tsleep(&iod->iod_flags, PWAIT, "90idle", iod->iod_sleeptimo); } /* mtx_lock(&Giant, MTX_DEF);*/ kthread_exit(0); } int smb_iod_create(struct smb_vc *vcp) { struct smbiod *iod; int error; iod = smb_zmalloc(sizeof(*iod), M_SMBIOD, M_WAITOK); iod->iod_id = smb_iod_next++; iod->iod_state = SMBIOD_ST_NOTCONN; iod->iod_vc = vcp; iod->iod_sleeptimo = hz * SMBIOD_SLEEP_TIMO; iod->iod_pingtimo.tv_sec = SMBIOD_PING_TIMO; getnanotime(&iod->iod_lastrqsent); vcp->vc_iod = iod; smb_sl_init(&iod->iod_rqlock, "90rql"); TAILQ_INIT(&iod->iod_rqlist); smb_sl_init(&iod->iod_evlock, "90evl"); STAILQ_INIT(&iod->iod_evlist); error = kthread_create(smb_iod_thread, iod, &iod->iod_p, RFNOWAIT, 0, "smbiod%d", iod->iod_id); if (error) { SMBERROR("can't start smbiod: %d", error); free(iod, M_SMBIOD); return error; } return 0; } int smb_iod_destroy(struct smbiod *iod) { smb_iod_request(iod, SMBIOD_EV_SHUTDOWN | SMBIOD_EV_SYNC, NULL); smb_sl_destroy(&iod->iod_rqlock); smb_sl_destroy(&iod->iod_evlock); free(iod, M_SMBIOD); return 0; } int smb_iod_init(void) { return 0; } int smb_iod_done(void) { return 0; } Index: head/sys/netsmb/smb_rq.c =================================================================== --- head/sys/netsmb/smb_rq.c (revision 124086) +++ head/sys/netsmb/smb_rq.c (revision 124087) @@ -1,754 +1,770 @@ /* * Copyright (c) 2000-2001, Boris Popov * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Boris Popov. * 4. Neither the name of the author nor the names of any co-contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include MALLOC_DEFINE(M_SMBRQ, "SMBRQ", "SMB request"); MODULE_DEPEND(netsmb, libmchain, 1, 1, 1); static int smb_rq_reply(struct smb_rq *rqp); static int smb_rq_enqueue(struct smb_rq *rqp); static int smb_rq_getenv(struct smb_connobj *layer, struct smb_vc **vcpp, struct smb_share **sspp); static int smb_rq_new(struct smb_rq *rqp, u_char cmd); static int smb_t2_reply(struct smb_t2rq *t2p); int smb_rq_alloc(struct smb_connobj *layer, u_char cmd, struct smb_cred *scred, struct smb_rq **rqpp) { struct smb_rq *rqp; int error; MALLOC(rqp, struct smb_rq *, sizeof(*rqp), M_SMBRQ, M_WAITOK); if (rqp == NULL) return ENOMEM; error = smb_rq_init(rqp, layer, cmd, scred); rqp->sr_flags |= SMBR_ALLOCED; if (error) { smb_rq_done(rqp); return error; } *rqpp = rqp; return 0; } static char tzero[12]; int smb_rq_init(struct smb_rq *rqp, struct smb_connobj *layer, u_char cmd, struct smb_cred *scred) { int error; bzero(rqp, sizeof(*rqp)); smb_sl_init(&rqp->sr_slock, "srslock"); error = smb_rq_getenv(layer, &rqp->sr_vc, &rqp->sr_share); if (error) return error; error = smb_vc_access(rqp->sr_vc, scred, SMBM_EXEC); if (error) return error; if (rqp->sr_share) { error = smb_share_access(rqp->sr_share, scred, SMBM_EXEC); if (error) return error; } rqp->sr_cred = scred; rqp->sr_mid = smb_vc_nextmid(rqp->sr_vc); return smb_rq_new(rqp, cmd); } static int smb_rq_new(struct smb_rq *rqp, u_char cmd) { struct smb_vc *vcp = rqp->sr_vc; struct mbchain *mbp = &rqp->sr_rq; int error; + u_int16_t flags2; rqp->sr_sendcnt = 0; mb_done(mbp); md_done(&rqp->sr_rp); error = mb_init(mbp); if (error) return error; mb_put_mem(mbp, SMB_SIGNATURE, SMB_SIGLEN, MB_MSYSTEM); mb_put_uint8(mbp, cmd); mb_put_uint32le(mbp, 0); /* DosError */ mb_put_uint8(mbp, vcp->vc_hflags); + flags2 = vcp->vc_hflags2; if (cmd == SMB_COM_TRANSACTION || cmd == SMB_COM_TRANSACTION_SECONDARY) - mb_put_uint16le(mbp, (vcp->vc_hflags2 & ~SMB_FLAGS2_UNICODE)); - else - mb_put_uint16le(mbp, vcp->vc_hflags2); - mb_put_mem(mbp, tzero, 12, MB_MSYSTEM); + flags2 &= ~SMB_FLAGS2_UNICODE; + if (cmd == SMB_COM_NEGOTIATE) + flags2 &= ~SMB_FLAGS2_SECURITY_SIGNATURE; + mb_put_uint16le(mbp, flags2); + if ((flags2 & SMB_FLAGS2_SECURITY_SIGNATURE) == 0) { + mb_put_mem(mbp, tzero, 12, MB_MSYSTEM); + rqp->sr_rqsig = NULL; + } else { + mb_put_uint16le(mbp, 0 /*scred->sc_p->p_pid >> 16*/); + rqp->sr_rqsig = (u_int8_t *)mb_reserve(mbp, 8); + mb_put_uint16le(mbp, 0); + } rqp->sr_rqtid = (u_int16_t*)mb_reserve(mbp, sizeof(u_int16_t)); mb_put_uint16le(mbp, 1 /*scred->sc_p->p_pid & 0xffff*/); rqp->sr_rquid = (u_int16_t*)mb_reserve(mbp, sizeof(u_int16_t)); mb_put_uint16le(mbp, rqp->sr_mid); return 0; } void smb_rq_done(struct smb_rq *rqp) { mb_done(&rqp->sr_rq); md_done(&rqp->sr_rp); smb_sl_destroy(&rqp->sr_slock); if (rqp->sr_flags & SMBR_ALLOCED) free(rqp, M_SMBRQ); } /* * Simple request-reply exchange */ int smb_rq_simple(struct smb_rq *rqp) { struct smb_vc *vcp = rqp->sr_vc; int error = EINVAL, i; for (i = 0; i < SMB_MAXRCN; i++) { rqp->sr_flags &= ~SMBR_RESTART; rqp->sr_timo = vcp->vc_timo; rqp->sr_state = SMBRQ_NOTSENT; error = smb_rq_enqueue(rqp); if (error) return error; error = smb_rq_reply(rqp); if (error == 0) break; if ((rqp->sr_flags & (SMBR_RESTART | SMBR_NORESTART)) != SMBR_RESTART) break; } return error; } static int smb_rq_enqueue(struct smb_rq *rqp) { struct smb_share *ssp = rqp->sr_share; int error; if (ssp == NULL || rqp->sr_cred == &rqp->sr_vc->vc_iod->iod_scred) { return smb_iod_addrq(rqp); } for (;;) { SMBS_ST_LOCK(ssp); if (ssp->ss_flags & SMBS_RECONNECTING) { msleep(&ssp->ss_vcgenid, SMBS_ST_LOCKPTR(ssp), PWAIT | PDROP, "90trcn", hz); if (smb_td_intr(rqp->sr_cred->scr_td)) return EINTR; continue; } if (smb_share_valid(ssp) || (ssp->ss_flags & SMBS_CONNECTED) == 0) { SMBS_ST_UNLOCK(ssp); } else { SMBS_ST_UNLOCK(ssp); error = smb_iod_request(rqp->sr_vc->vc_iod, SMBIOD_EV_TREECONNECT | SMBIOD_EV_SYNC, ssp); if (error) return error; } error = smb_iod_addrq(rqp); if (error != EXDEV) break; } return error; } void smb_rq_wstart(struct smb_rq *rqp) { rqp->sr_wcount = mb_reserve(&rqp->sr_rq, sizeof(u_int8_t)); rqp->sr_rq.mb_count = 0; } void smb_rq_wend(struct smb_rq *rqp) { if (rqp->sr_wcount == NULL) { SMBERROR("no wcount\n"); /* actually panic */ return; } if (rqp->sr_rq.mb_count & 1) SMBERROR("odd word count\n"); *rqp->sr_wcount = rqp->sr_rq.mb_count / 2; } void smb_rq_bstart(struct smb_rq *rqp) { rqp->sr_bcount = (u_short*)mb_reserve(&rqp->sr_rq, sizeof(u_short)); rqp->sr_rq.mb_count = 0; } void smb_rq_bend(struct smb_rq *rqp) { int bcnt; if (rqp->sr_bcount == NULL) { SMBERROR("no bcount\n"); /* actually panic */ return; } bcnt = rqp->sr_rq.mb_count; if (bcnt > 0xffff) SMBERROR("byte count too large (%d)\n", bcnt); *rqp->sr_bcount = htole16(bcnt); } int smb_rq_intr(struct smb_rq *rqp) { if (rqp->sr_flags & SMBR_INTR) return EINTR; return smb_td_intr(rqp->sr_cred->scr_td); } int smb_rq_getrequest(struct smb_rq *rqp, struct mbchain **mbpp) { *mbpp = &rqp->sr_rq; return 0; } int smb_rq_getreply(struct smb_rq *rqp, struct mdchain **mbpp) { *mbpp = &rqp->sr_rp; return 0; } static int smb_rq_getenv(struct smb_connobj *layer, struct smb_vc **vcpp, struct smb_share **sspp) { struct smb_vc *vcp = NULL; struct smb_share *ssp = NULL; struct smb_connobj *cp; int error = 0; switch (layer->co_level) { case SMBL_VC: vcp = CPTOVC(layer); if (layer->co_parent == NULL) { SMBERROR("zombie VC %s\n", vcp->vc_srvname); error = EINVAL; break; } break; case SMBL_SHARE: ssp = CPTOSS(layer); cp = layer->co_parent; if (cp == NULL) { SMBERROR("zombie share %s\n", ssp->ss_name); error = EINVAL; break; } error = smb_rq_getenv(cp, &vcp, NULL); if (error) break; break; default: SMBERROR("invalid layer %d passed\n", layer->co_level); error = EINVAL; } if (vcpp) *vcpp = vcp; if (sspp) *sspp = ssp; return error; } /* * Wait for reply on the request */ static int smb_rq_reply(struct smb_rq *rqp) { struct mdchain *mdp = &rqp->sr_rp; u_int32_t tdw; u_int8_t tb; int error, rperror = 0; error = smb_iod_waitrq(rqp); if (error) return error; error = md_get_uint32(mdp, &tdw); if (error) return error; error = md_get_uint8(mdp, &tb); if (rqp->sr_vc->vc_hflags2 & SMB_FLAGS2_ERR_STATUS) { error = md_get_uint32le(mdp, &rqp->sr_error); } else { error = md_get_uint8(mdp, &rqp->sr_errclass); error = md_get_uint8(mdp, &tb); error = md_get_uint16le(mdp, &rqp->sr_serror); if (!error) rperror = smb_maperror(rqp->sr_errclass, rqp->sr_serror); } error = md_get_uint8(mdp, &rqp->sr_rpflags); error = md_get_uint16le(mdp, &rqp->sr_rpflags2); error = md_get_uint32(mdp, &tdw); error = md_get_uint32(mdp, &tdw); error = md_get_uint32(mdp, &tdw); error = md_get_uint16le(mdp, &rqp->sr_rptid); error = md_get_uint16le(mdp, &rqp->sr_rppid); error = md_get_uint16le(mdp, &rqp->sr_rpuid); error = md_get_uint16le(mdp, &rqp->sr_rpmid); + if (error == 0 && + (rqp->sr_vc->vc_hflags2 & SMB_FLAGS2_SECURITY_SIGNATURE)) + error = smb_rq_verify(rqp); + SMBSDEBUG("M:%04x, P:%04x, U:%04x, T:%04x, E: %d:%d\n", rqp->sr_rpmid, rqp->sr_rppid, rqp->sr_rpuid, rqp->sr_rptid, rqp->sr_errclass, rqp->sr_serror); return error ? error : rperror; } #define ALIGN4(a) (((a) + 3) & ~3) /* * TRANS2 request implementation */ int smb_t2_alloc(struct smb_connobj *layer, u_short setup, struct smb_cred *scred, struct smb_t2rq **t2pp) { struct smb_t2rq *t2p; int error; MALLOC(t2p, struct smb_t2rq *, sizeof(*t2p), M_SMBRQ, M_WAITOK); if (t2p == NULL) return ENOMEM; error = smb_t2_init(t2p, layer, setup, scred); t2p->t2_flags |= SMBT2_ALLOCED; if (error) { smb_t2_done(t2p); return error; } *t2pp = t2p; return 0; } int smb_t2_init(struct smb_t2rq *t2p, struct smb_connobj *source, u_short setup, struct smb_cred *scred) { int error; bzero(t2p, sizeof(*t2p)); t2p->t2_source = source; t2p->t2_setupcount = 1; t2p->t2_setupdata = t2p->t2_setup; t2p->t2_setup[0] = setup; t2p->t2_fid = 0xffff; t2p->t2_cred = scred; error = smb_rq_getenv(source, &t2p->t2_vc, NULL); if (error) return error; return 0; } void smb_t2_done(struct smb_t2rq *t2p) { mb_done(&t2p->t2_tparam); mb_done(&t2p->t2_tdata); md_done(&t2p->t2_rparam); md_done(&t2p->t2_rdata); if (t2p->t2_flags & SMBT2_ALLOCED) free(t2p, M_SMBRQ); } static int smb_t2_placedata(struct mbuf *mtop, u_int16_t offset, u_int16_t count, struct mdchain *mdp) { struct mbuf *m, *m0; int len; m0 = m_split(mtop, offset, M_TRYWAIT); if (m0 == NULL) return EBADRPC; len = m_length(m0, &m); m->m_len -= len - count; if (mdp->md_top == NULL) { md_initm(mdp, m0); } else m_cat(mdp->md_top, m0); return 0; } static int smb_t2_reply(struct smb_t2rq *t2p) { struct mdchain *mdp; struct smb_rq *rqp = t2p->t2_rq; int error, totpgot, totdgot; u_int16_t totpcount, totdcount, pcount, poff, doff, pdisp, ddisp; u_int16_t tmp, bc, dcount; u_int8_t wc; error = smb_rq_reply(rqp); if (error) return error; if ((t2p->t2_flags & SMBT2_ALLSENT) == 0) { /* * this is an interim response, ignore it. */ SMBRQ_SLOCK(rqp); md_next_record(&rqp->sr_rp); SMBRQ_SUNLOCK(rqp); return 0; } /* * Now we have to get all subsequent responses. The CIFS specification * says that they can be disordered which is weird. * TODO: timo */ totpgot = totdgot = 0; totpcount = totdcount = 0xffff; mdp = &rqp->sr_rp; for (;;) { m_dumpm(mdp->md_top); if ((error = md_get_uint8(mdp, &wc)) != 0) break; if (wc < 10) { error = ENOENT; break; } if ((error = md_get_uint16le(mdp, &tmp)) != 0) break; if (totpcount > tmp) totpcount = tmp; md_get_uint16le(mdp, &tmp); if (totdcount > tmp) totdcount = tmp; if ((error = md_get_uint16le(mdp, &tmp)) != 0 || /* reserved */ (error = md_get_uint16le(mdp, &pcount)) != 0 || (error = md_get_uint16le(mdp, &poff)) != 0 || (error = md_get_uint16le(mdp, &pdisp)) != 0) break; if (pcount != 0 && pdisp != totpgot) { SMBERROR("Can't handle disordered parameters %d:%d\n", pdisp, totpgot); error = EINVAL; break; } if ((error = md_get_uint16le(mdp, &dcount)) != 0 || (error = md_get_uint16le(mdp, &doff)) != 0 || (error = md_get_uint16le(mdp, &ddisp)) != 0) break; if (dcount != 0 && ddisp != totdgot) { SMBERROR("Can't handle disordered data\n"); error = EINVAL; break; } md_get_uint8(mdp, &wc); md_get_uint8(mdp, NULL); tmp = wc; while (tmp--) md_get_uint16(mdp, NULL); if ((error = md_get_uint16le(mdp, &bc)) != 0) break; /* tmp = SMB_HDRLEN + 1 + 10 * 2 + 2 * wc + 2;*/ if (dcount) { error = smb_t2_placedata(mdp->md_top, doff, dcount, &t2p->t2_rdata); if (error) break; } if (pcount) { error = smb_t2_placedata(mdp->md_top, poff, pcount, &t2p->t2_rparam); if (error) break; } totpgot += pcount; totdgot += dcount; if (totpgot >= totpcount && totdgot >= totdcount) { error = 0; t2p->t2_flags |= SMBT2_ALLRECV; break; } /* * We're done with this reply, look for the next one. */ SMBRQ_SLOCK(rqp); md_next_record(&rqp->sr_rp); SMBRQ_SUNLOCK(rqp); error = smb_rq_reply(rqp); if (error) break; } return error; } /* * Perform a full round of TRANS2 request */ static int smb_t2_request_int(struct smb_t2rq *t2p) { struct smb_vc *vcp = t2p->t2_vc; struct smb_cred *scred = t2p->t2_cred; struct mbchain *mbp; struct mdchain *mdp, mbparam, mbdata; struct mbuf *m; struct smb_rq *rqp; int totpcount, leftpcount, totdcount, leftdcount, len, txmax, i; int error, doff, poff, txdcount, txpcount, nmlen; m = t2p->t2_tparam.mb_top; if (m) { md_initm(&mbparam, m); /* do not free it! */ totpcount = m_fixhdr(m); if (totpcount > 0xffff) /* maxvalue for u_short */ return EINVAL; } else totpcount = 0; m = t2p->t2_tdata.mb_top; if (m) { md_initm(&mbdata, m); /* do not free it! */ totdcount = m_fixhdr(m); if (totdcount > 0xffff) return EINVAL; } else totdcount = 0; leftdcount = totdcount; leftpcount = totpcount; txmax = vcp->vc_txmax; error = smb_rq_alloc(t2p->t2_source, t2p->t_name ? SMB_COM_TRANSACTION : SMB_COM_TRANSACTION2, scred, &rqp); if (error) return error; rqp->sr_flags |= SMBR_MULTIPACKET; t2p->t2_rq = rqp; + rqp->sr_t2 = t2p; mbp = &rqp->sr_rq; smb_rq_wstart(rqp); mb_put_uint16le(mbp, totpcount); mb_put_uint16le(mbp, totdcount); mb_put_uint16le(mbp, t2p->t2_maxpcount); mb_put_uint16le(mbp, t2p->t2_maxdcount); mb_put_uint8(mbp, t2p->t2_maxscount); mb_put_uint8(mbp, 0); /* reserved */ mb_put_uint16le(mbp, 0); /* flags */ mb_put_uint32le(mbp, 0); /* Timeout */ mb_put_uint16le(mbp, 0); /* reserved 2 */ len = mb_fixhdr(mbp); /* * now we have known packet size as * ALIGN4(len + 5 * 2 + setupcount * 2 + 2 + strlen(name) + 1), * and need to decide which parts should go into the first request */ nmlen = t2p->t_name ? strlen(t2p->t_name) : 0; len = ALIGN4(len + 5 * 2 + t2p->t2_setupcount * 2 + 2 + nmlen + 1); if (len + leftpcount > txmax) { txpcount = min(leftpcount, txmax - len); poff = len; txdcount = 0; doff = 0; } else { txpcount = leftpcount; poff = txpcount ? len : 0; len = ALIGN4(len + txpcount); txdcount = min(leftdcount, txmax - len); doff = txdcount ? len : 0; } leftpcount -= txpcount; leftdcount -= txdcount; mb_put_uint16le(mbp, txpcount); mb_put_uint16le(mbp, poff); mb_put_uint16le(mbp, txdcount); mb_put_uint16le(mbp, doff); mb_put_uint8(mbp, t2p->t2_setupcount); mb_put_uint8(mbp, 0); for (i = 0; i < t2p->t2_setupcount; i++) mb_put_uint16le(mbp, t2p->t2_setupdata[i]); smb_rq_wend(rqp); smb_rq_bstart(rqp); /* TDUNICODE */ if (t2p->t_name) mb_put_mem(mbp, t2p->t_name, nmlen, MB_MSYSTEM); mb_put_uint8(mbp, 0); /* terminating zero */ len = mb_fixhdr(mbp); if (txpcount) { mb_put_mem(mbp, NULL, ALIGN4(len) - len, MB_MZERO); error = md_get_mbuf(&mbparam, txpcount, &m); SMBSDEBUG("%d:%d:%d\n", error, txpcount, txmax); if (error) goto freerq; mb_put_mbuf(mbp, m); } len = mb_fixhdr(mbp); if (txdcount) { mb_put_mem(mbp, NULL, ALIGN4(len) - len, MB_MZERO); error = md_get_mbuf(&mbdata, txdcount, &m); if (error) goto freerq; mb_put_mbuf(mbp, m); } smb_rq_bend(rqp); /* incredible, but thats it... */ error = smb_rq_enqueue(rqp); if (error) goto freerq; if (leftpcount == 0 && leftdcount == 0) t2p->t2_flags |= SMBT2_ALLSENT; error = smb_t2_reply(t2p); if (error) goto bad; while (leftpcount || leftdcount) { + t2p->t2_flags |= SMBT2_SECONDARY; error = smb_rq_new(rqp, t2p->t_name ? SMB_COM_TRANSACTION_SECONDARY : SMB_COM_TRANSACTION2_SECONDARY); if (error) goto bad; mbp = &rqp->sr_rq; smb_rq_wstart(rqp); mb_put_uint16le(mbp, totpcount); mb_put_uint16le(mbp, totdcount); len = mb_fixhdr(mbp); /* * now we have known packet size as * ALIGN4(len + 7 * 2 + 2) for T2 request, and -2 for T one, * and need to decide which parts should go into request */ len = ALIGN4(len + 6 * 2 + 2); if (t2p->t_name == NULL) len += 2; if (len + leftpcount > txmax) { txpcount = min(leftpcount, txmax - len); poff = len; txdcount = 0; doff = 0; } else { txpcount = leftpcount; poff = txpcount ? len : 0; len = ALIGN4(len + txpcount); txdcount = min(leftdcount, txmax - len); doff = txdcount ? len : 0; } mb_put_uint16le(mbp, txpcount); mb_put_uint16le(mbp, poff); mb_put_uint16le(mbp, totpcount - leftpcount); mb_put_uint16le(mbp, txdcount); mb_put_uint16le(mbp, doff); mb_put_uint16le(mbp, totdcount - leftdcount); leftpcount -= txpcount; leftdcount -= txdcount; if (t2p->t_name == NULL) mb_put_uint16le(mbp, t2p->t2_fid); smb_rq_wend(rqp); smb_rq_bstart(rqp); mb_put_uint8(mbp, 0); /* name */ len = mb_fixhdr(mbp); if (txpcount) { mb_put_mem(mbp, NULL, ALIGN4(len) - len, MB_MZERO); error = md_get_mbuf(&mbparam, txpcount, &m); if (error) goto bad; mb_put_mbuf(mbp, m); } len = mb_fixhdr(mbp); if (txdcount) { mb_put_mem(mbp, NULL, ALIGN4(len) - len, MB_MZERO); error = md_get_mbuf(&mbdata, txdcount, &m); if (error) goto bad; mb_put_mbuf(mbp, m); } smb_rq_bend(rqp); rqp->sr_state = SMBRQ_NOTSENT; error = smb_iod_request(vcp->vc_iod, SMBIOD_EV_NEWRQ, NULL); if (error) goto bad; } /* while left params or data */ t2p->t2_flags |= SMBT2_ALLSENT; mdp = &t2p->t2_rdata; if (mdp->md_top) { m_fixhdr(mdp->md_top); md_initm(mdp, mdp->md_top); } mdp = &t2p->t2_rparam; if (mdp->md_top) { m_fixhdr(mdp->md_top); md_initm(mdp, mdp->md_top); } bad: smb_iod_removerq(rqp); freerq: smb_rq_done(rqp); if (error) { if (rqp->sr_flags & SMBR_RESTART) t2p->t2_flags |= SMBT2_RESTART; md_done(&t2p->t2_rparam); md_done(&t2p->t2_rdata); } return error; } int smb_t2_request(struct smb_t2rq *t2p) { int error = EINVAL, i; for (i = 0; i < SMB_MAXRCN; i++) { t2p->t2_flags &= ~SMBR_RESTART; error = smb_t2_request_int(t2p); if (error == 0) break; if ((t2p->t2_flags & (SMBT2_RESTART | SMBT2_NORESTART)) != SMBT2_RESTART) break; } return error; } Index: head/sys/netsmb/smb_rq.h =================================================================== --- head/sys/netsmb/smb_rq.h (revision 124086) +++ head/sys/netsmb/smb_rq.h (revision 124087) @@ -1,151 +1,155 @@ /* * Copyright (c) 2000-2001, Boris Popov * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Boris Popov. * 4. Neither the name of the author nor the names of any co-contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef _NETSMB_SMB_RQ_H_ #define _NETSMB_SMB_RQ_H_ #ifndef MB_MSYSTEM #include #endif #define SMBR_ALLOCED 0x0001 /* structure was malloced */ #define SMBR_SENT 0x0002 /* request successfully transmitted */ #define SMBR_REXMIT 0x0004 /* request should be retransmitted */ #define SMBR_INTR 0x0008 /* request interrupted */ #define SMBR_RESTART 0x0010 /* request should be repeated if possible */ #define SMBR_NORESTART 0x0020 /* request is not restartable */ #define SMBR_MULTIPACKET 0x0040 /* multiple packets can be sent and received */ #define SMBR_INTERNAL 0x0080 /* request is internal to smbrqd */ #define SMBR_XLOCK 0x0100 /* request locked and can't be moved */ #define SMBR_XLOCKWANT 0x0200 /* waiter on XLOCK */ #define SMBT2_ALLSENT 0x0001 /* all data and params are sent */ #define SMBT2_ALLRECV 0x0002 /* all data and params are received */ #define SMBT2_ALLOCED 0x0004 #define SMBT2_RESTART 0x0008 #define SMBT2_NORESTART 0x0010 +#define SMBT2_SECONDARY 0x0020 /* secondary request */ #define SMBRQ_SLOCK(rqp) smb_sl_lock(&(rqp)->sr_slock) #define SMBRQ_SUNLOCK(rqp) smb_sl_unlock(&(rqp)->sr_slock) #define SMBRQ_SLOCKPTR(rqp) (&(rqp)->sr_slock) enum smbrq_state { SMBRQ_NOTSENT, /* rq have data to send */ SMBRQ_SENT, /* send procedure completed */ SMBRQ_REPLYRECEIVED, SMBRQ_NOTIFIED /* owner notified about completion */ }; struct smb_vc; struct smb_t2rq; struct smb_rq { enum smbrq_state sr_state; struct smb_vc * sr_vc; struct smb_share* sr_share; u_short sr_mid; + u_int32_t sr_seqno; + u_int32_t sr_rseqno; struct mbchain sr_rq; u_int8_t sr_rqflags; u_int16_t sr_rqflags2; u_char * sr_wcount; u_short * sr_bcount; struct mdchain sr_rp; int sr_rpgen; int sr_rplast; int sr_flags; /* SMBR_* */ int sr_rpsize; struct smb_cred * sr_cred; int sr_timo; int sr_rexmit; int sr_sendcnt; struct timespec sr_timesent; int sr_lerror; + u_int8_t * sr_rqsig; u_int16_t * sr_rqtid; u_int16_t * sr_rquid; u_int8_t sr_errclass; u_int16_t sr_serror; u_int32_t sr_error; u_int8_t sr_rpflags; u_int16_t sr_rpflags2; u_int16_t sr_rptid; u_int16_t sr_rppid; u_int16_t sr_rpuid; u_int16_t sr_rpmid; struct smb_slock sr_slock; /* short term locks */ -/* struct smb_t2rq*sr_t2;*/ + struct smb_t2rq * sr_t2; TAILQ_ENTRY(smb_rq) sr_link; }; struct smb_t2rq { u_int16_t t2_setupcount; u_int16_t * t2_setupdata; u_int16_t t2_setup[2]; /* most of rqs has setupcount of 1 */ u_int8_t t2_maxscount; /* max setup words to return */ u_int16_t t2_maxpcount; /* max param bytes to return */ u_int16_t t2_maxdcount; /* max data bytes to return */ u_int16_t t2_fid; /* for T2 request */ char * t_name; /* for T request, should be zero for T2 */ int t2_flags; /* SMBT2_ */ struct mbchain t2_tparam; /* parameters to transmit */ struct mbchain t2_tdata; /* data to transmit */ struct mdchain t2_rparam; /* received parameters */ struct mdchain t2_rdata; /* received data */ struct smb_cred*t2_cred; struct smb_connobj *t2_source; struct smb_rq * t2_rq; struct smb_vc * t2_vc; }; int smb_rq_alloc(struct smb_connobj *layer, u_char cmd, struct smb_cred *scred, struct smb_rq **rqpp); int smb_rq_init(struct smb_rq *rqp, struct smb_connobj *layer, u_char cmd, struct smb_cred *scred); void smb_rq_done(struct smb_rq *rqp); int smb_rq_getrequest(struct smb_rq *rqp, struct mbchain **mbpp); int smb_rq_getreply(struct smb_rq *rqp, struct mdchain **mbpp); void smb_rq_wstart(struct smb_rq *rqp); void smb_rq_wend(struct smb_rq *rqp); void smb_rq_bstart(struct smb_rq *rqp); void smb_rq_bend(struct smb_rq *rqp); int smb_rq_intr(struct smb_rq *rqp); int smb_rq_simple(struct smb_rq *rqp); int smb_t2_alloc(struct smb_connobj *layer, u_short setup, struct smb_cred *scred, struct smb_t2rq **rqpp); int smb_t2_init(struct smb_t2rq *rqp, struct smb_connobj *layer, u_short setup, struct smb_cred *scred); void smb_t2_done(struct smb_t2rq *t2p); int smb_t2_request(struct smb_t2rq *t2p); #endif /* !_NETSMB_SMB_RQ_H_ */ Index: head/sys/netsmb/smb_smb.c =================================================================== --- head/sys/netsmb/smb_smb.c (revision 124086) +++ head/sys/netsmb/smb_smb.c (revision 124087) @@ -1,916 +1,929 @@ /* * Copyright (c) 2000-2001 Boris Popov * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Boris Popov. * 4. Neither the name of the author nor the names of any co-contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * various SMB requests. Most of the routines merely packs data into mbufs. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include +#include "opt_netsmb.h" + struct smb_dialect { int d_id; const char * d_name; }; static struct smb_dialect smb_dialects[] = { {SMB_DIALECT_CORE, "PC NETWORK PROGRAM 1.0"}, {SMB_DIALECT_COREPLUS, "MICROSOFT NETWORKS 1.03"}, {SMB_DIALECT_LANMAN1_0, "MICROSOFT NETWORKS 3.0"}, {SMB_DIALECT_LANMAN1_0, "LANMAN1.0"}, {SMB_DIALECT_LANMAN2_0, "LM1.2X002"}, {SMB_DIALECT_LANMAN2_0, "Samba"}, {SMB_DIALECT_NTLM0_12, "NT LANMAN 1.0"}, {SMB_DIALECT_NTLM0_12, "NT LM 0.12"}, {-1, NULL} }; #define SMB_DIALECT_MAX (sizeof(smb_dialects) / sizeof(struct smb_dialect) - 2) static u_int32_t smb_vc_maxread(struct smb_vc *vcp) { /* * Specs say up to 64k data bytes, but Windows traffic * uses 60k... no doubt for some good reason. + * + * Don't exceed the server's buffer size if signatures + * are enabled otherwise Windows 2003 chokes. Allow space + * for the SMB header & a little bit extra. */ - if (vcp->vc_sopt.sv_caps & SMB_CAP_LARGE_READX) + if ((vcp->vc_sopt.sv_caps & SMB_CAP_LARGE_READX) && + (vcp->vc_hflags2 & SMB_FLAGS2_SECURITY_SIGNATURE) == 0) return (60*1024); else - return (vcp->vc_sopt.sv_maxtx); + return (vcp->vc_sopt.sv_maxtx - SMB_HDRLEN - 64); } static u_int32_t smb_vc_maxwrite(struct smb_vc *vcp) { /* - * Specs say up to 64k data bytes, but Windows traffic - * uses 60k... probably for some good reason. + * See comment above. */ - if (vcp->vc_sopt.sv_caps & SMB_CAP_LARGE_WRITEX) + if ((vcp->vc_sopt.sv_caps & SMB_CAP_LARGE_WRITEX) && + (vcp->vc_hflags2 & SMB_FLAGS2_SECURITY_SIGNATURE) == 0) return (60*1024); else - return (vcp->vc_sopt.sv_maxtx); + return (vcp->vc_sopt.sv_maxtx - SMB_HDRLEN - 64); } static int smb_smb_nomux(struct smb_vc *vcp, struct smb_cred *scred, const char *name) { if (scred->scr_td->td_proc == vcp->vc_iod->iod_p) return 0; SMBERROR("wrong function called(%s)\n", name); return EINVAL; } int smb_smb_negotiate(struct smb_vc *vcp, struct smb_cred *scred) { struct smb_dialect *dp; struct smb_sopt *sp = NULL; struct smb_rq *rqp; struct mbchain *mbp; struct mdchain *mdp; u_int8_t wc, stime[8], sblen; u_int16_t dindex, tw, tw1, swlen, bc; int error, maxqsz; if (smb_smb_nomux(vcp, scred, __func__) != 0) return EINVAL; vcp->vc_hflags = 0; vcp->vc_hflags2 = 0; vcp->obj.co_flags &= ~(SMBV_ENCRYPT); sp = &vcp->vc_sopt; bzero(sp, sizeof(struct smb_sopt)); error = smb_rq_alloc(VCTOCP(vcp), SMB_COM_NEGOTIATE, scred, &rqp); if (error) return error; smb_rq_getrequest(rqp, &mbp); smb_rq_wstart(rqp); smb_rq_wend(rqp); smb_rq_bstart(rqp); for(dp = smb_dialects; dp->d_id != -1; dp++) { mb_put_uint8(mbp, SMB_DT_DIALECT); smb_put_dstring(mbp, vcp, dp->d_name, SMB_CS_NONE); } smb_rq_bend(rqp); error = smb_rq_simple(rqp); SMBSDEBUG("%d\n", error); if (error) goto bad; smb_rq_getreply(rqp, &mdp); do { error = md_get_uint8(mdp, &wc); if (error) break; error = md_get_uint16le(mdp, &dindex); if (error) break; if (dindex > 7) { SMBERROR("Don't know how to talk with server %s (%d)\n", "xxx", dindex); error = EBADRPC; break; } dp = smb_dialects + dindex; sp->sv_proto = dp->d_id; SMBSDEBUG("Dialect %s (%d, %d)\n", dp->d_name, dindex, wc); error = EBADRPC; if (dp->d_id >= SMB_DIALECT_NTLM0_12) { if (wc != 17) break; md_get_uint8(mdp, &sp->sv_sm); md_get_uint16le(mdp, &sp->sv_maxmux); md_get_uint16le(mdp, &sp->sv_maxvcs); md_get_uint32le(mdp, &sp->sv_maxtx); md_get_uint32le(mdp, &sp->sv_maxraw); md_get_uint32le(mdp, &sp->sv_skey); md_get_uint32le(mdp, &sp->sv_caps); md_get_mem(mdp, stime, 8, MB_MSYSTEM); md_get_uint16le(mdp, (u_int16_t*)&sp->sv_tz); md_get_uint8(mdp, &sblen); if (sblen && (sp->sv_sm & SMB_SM_ENCRYPT)) { if (sblen != SMB_MAXCHALLENGELEN) { SMBERROR("Unexpected length of security blob (%d)\n", sblen); break; } error = md_get_uint16(mdp, &bc); if (error) break; if (sp->sv_caps & SMB_CAP_EXT_SECURITY) md_get_mem(mdp, NULL, 16, MB_MSYSTEM); error = md_get_mem(mdp, vcp->vc_ch, sblen, MB_MSYSTEM); if (error) break; vcp->vc_chlen = sblen; vcp->obj.co_flags |= SMBV_ENCRYPT; } +#ifdef NETSMBCRYPTO + if (sp->sv_sm & SMB_SM_SIGS_REQUIRE) + vcp->vc_hflags2 |= SMB_FLAGS2_SECURITY_SIGNATURE; +#endif vcp->vc_hflags2 |= SMB_FLAGS2_KNOWS_LONG_NAMES; if (dp->d_id == SMB_DIALECT_NTLM0_12 && sp->sv_maxtx < 4096 && (sp->sv_caps & SMB_CAP_NT_SMBS) == 0) { vcp->obj.co_flags |= SMBV_WIN95; SMBSDEBUG("Win95 detected\n"); } } else if (dp->d_id > SMB_DIALECT_CORE) { md_get_uint16le(mdp, &tw); sp->sv_sm = tw; md_get_uint16le(mdp, &tw); sp->sv_maxtx = tw; md_get_uint16le(mdp, &sp->sv_maxmux); md_get_uint16le(mdp, &sp->sv_maxvcs); md_get_uint16le(mdp, &tw); /* rawmode */ md_get_uint32le(mdp, &sp->sv_skey); if (wc == 13) { /* >= LANMAN1 */ md_get_uint16(mdp, &tw); /* time */ md_get_uint16(mdp, &tw1); /* date */ md_get_uint16le(mdp, (u_int16_t*)&sp->sv_tz); md_get_uint16le(mdp, &swlen); if (swlen > SMB_MAXCHALLENGELEN) break; md_get_uint16(mdp, NULL); /* mbz */ if (md_get_uint16(mdp, &bc) != 0) break; if (bc < swlen) break; if (swlen && (sp->sv_sm & SMB_SM_ENCRYPT)) { error = md_get_mem(mdp, vcp->vc_ch, swlen, MB_MSYSTEM); if (error) break; vcp->vc_chlen = swlen; vcp->obj.co_flags |= SMBV_ENCRYPT; } } vcp->vc_hflags2 |= SMB_FLAGS2_KNOWS_LONG_NAMES; } else { /* an old CORE protocol */ sp->sv_maxmux = 1; } error = 0; } while (0); if (error == 0) { vcp->vc_maxvcs = sp->sv_maxvcs; if (vcp->vc_maxvcs <= 1) { if (vcp->vc_maxvcs == 0) vcp->vc_maxvcs = 1; } if (sp->sv_maxtx <= 0 || sp->sv_maxtx > 0xffff) sp->sv_maxtx = 1024; else sp->sv_maxtx = min(sp->sv_maxtx, 63*1024 + SMB_HDRLEN + 16); SMB_TRAN_GETPARAM(vcp, SMBTP_RCVSZ, &maxqsz); vcp->vc_rxmax = min(smb_vc_maxread(vcp), maxqsz - 1024); SMB_TRAN_GETPARAM(vcp, SMBTP_SNDSZ, &maxqsz); vcp->vc_wxmax = min(smb_vc_maxwrite(vcp), maxqsz - 1024); vcp->vc_txmax = min(sp->sv_maxtx, maxqsz); SMBSDEBUG("TZ = %d\n", sp->sv_tz); SMBSDEBUG("CAPS = %x\n", sp->sv_caps); SMBSDEBUG("MAXMUX = %d\n", sp->sv_maxmux); SMBSDEBUG("MAXVCS = %d\n", sp->sv_maxvcs); SMBSDEBUG("MAXRAW = %d\n", sp->sv_maxraw); SMBSDEBUG("MAXTX = %d\n", sp->sv_maxtx); } bad: smb_rq_done(rqp); return error; } int smb_smb_ssnsetup(struct smb_vc *vcp, struct smb_cred *scred) { struct smb_rq *rqp; struct mbchain *mbp; /* u_int8_t wc; u_int16_t tw, tw1;*/ smb_uniptr unipp, ntencpass = NULL; char *pp, *up, *pbuf, *encpass; int error, plen, uniplen, ulen, upper; upper = 0; again: vcp->vc_smbuid = SMB_UID_UNKNOWN; if (smb_smb_nomux(vcp, scred, __func__) != 0) return EINVAL; error = smb_rq_alloc(VCTOCP(vcp), SMB_COM_SESSION_SETUP_ANDX, scred, &rqp); if (error) return error; pbuf = malloc(SMB_MAXPASSWORDLEN + 1, M_SMBTEMP, M_WAITOK); encpass = malloc(24, M_SMBTEMP, M_WAITOK); if (vcp->vc_sopt.sv_sm & SMB_SM_USER) { /* * We try w/o uppercasing first so Samba mixed case * passwords work. If that fails we come back and try * uppercasing to satisfy OS/2 and Windows for Workgroups. */ if (upper++) { iconv_convstr(vcp->vc_toupper, pbuf, smb_vc_getpass(vcp)/*, SMB_MAXPASSWORDLEN*/); } else { strncpy(pbuf, smb_vc_getpass(vcp), SMB_MAXPASSWORDLEN); pbuf[SMB_MAXPASSWORDLEN] = '\0'; } if (!SMB_UNICODE_STRINGS(vcp)) iconv_convstr(vcp->vc_toserver, pbuf, pbuf/*, SMB_MAXPASSWORDLEN*/); if (vcp->vc_sopt.sv_sm & SMB_SM_ENCRYPT) { uniplen = plen = 24; smb_encrypt(pbuf, vcp->vc_ch, encpass); ntencpass = malloc(uniplen, M_SMBTEMP, M_WAITOK); if (SMB_UNICODE_STRINGS(vcp)) { strncpy(pbuf, smb_vc_getpass(vcp), SMB_MAXPASSWORDLEN); pbuf[SMB_MAXPASSWORDLEN] = '\0'; } else iconv_convstr(vcp->vc_toserver, pbuf, smb_vc_getpass(vcp)/*, SMB_MAXPASSWORDLEN*/); smb_ntencrypt(pbuf, vcp->vc_ch, (u_char*)ntencpass); pp = encpass; unipp = ntencpass; } else { plen = strlen(pbuf) + 1; pp = pbuf; uniplen = plen * 2; ntencpass = malloc(uniplen, M_SMBTEMP, M_WAITOK); smb_strtouni(ntencpass, smb_vc_getpass(vcp)); plen--; /* * The uniplen is zeroed because Samba cannot deal * with this 2nd cleartext password. This Samba * "bug" is actually a workaround for problems in * Microsoft clients. */ uniplen = 0/*-= 2*/; unipp = ntencpass; } } else { /* * In the share security mode password will be used * only in the tree authentication */ pp = ""; plen = 1; unipp = &smb_unieol; uniplen = 0 /* sizeof(smb_unieol) */; } smb_rq_wstart(rqp); mbp = &rqp->sr_rq; up = vcp->vc_username; ulen = strlen(up) + 1; /* * If userid is null we are attempting anonymous browse login * so passwords must be zero length. */ if (ulen == 1) plen = uniplen = 0; mb_put_uint8(mbp, 0xff); mb_put_uint8(mbp, 0); mb_put_uint16le(mbp, 0); mb_put_uint16le(mbp, vcp->vc_sopt.sv_maxtx); mb_put_uint16le(mbp, vcp->vc_sopt.sv_maxmux); mb_put_uint16le(mbp, vcp->vc_number); mb_put_uint32le(mbp, vcp->vc_sopt.sv_skey); mb_put_uint16le(mbp, plen); if (SMB_DIALECT(vcp) < SMB_DIALECT_NTLM0_12) { mb_put_uint32le(mbp, 0); smb_rq_wend(rqp); smb_rq_bstart(rqp); mb_put_mem(mbp, pp, plen, MB_MSYSTEM); smb_put_dstring(mbp, vcp, up, SMB_CS_NONE); } else { mb_put_uint16le(mbp, uniplen); mb_put_uint32le(mbp, 0); /* reserved */ mb_put_uint32le(mbp, vcp->obj.co_flags & SMBV_UNICODE ? SMB_CAP_UNICODE : 0); smb_rq_wend(rqp); smb_rq_bstart(rqp); mb_put_mem(mbp, pp, plen, MB_MSYSTEM); mb_put_mem(mbp, (caddr_t)unipp, uniplen, MB_MSYSTEM); smb_put_dstring(mbp, vcp, up, SMB_CS_NONE); /* AccountName */ smb_put_dstring(mbp, vcp, vcp->vc_domain, SMB_CS_NONE); /* PrimaryDomain */ smb_put_dstring(mbp, vcp, "FreeBSD", SMB_CS_NONE); /* Client's OS */ smb_put_dstring(mbp, vcp, "NETSMB", SMB_CS_NONE); /* Client name */ } smb_rq_bend(rqp); if (ntencpass) free(ntencpass, M_SMBTEMP); + if (vcp->vc_hflags2 & SMB_FLAGS2_SECURITY_SIGNATURE) + smb_calcmackey(vcp); error = smb_rq_simple(rqp); SMBSDEBUG("%d\n", error); if (error) { if (rqp->sr_errclass == ERRDOS && rqp->sr_serror == ERRnoaccess) error = EAUTH; goto bad; } vcp->vc_smbuid = rqp->sr_rpuid; bad: free(encpass, M_SMBTEMP); free(pbuf, M_SMBTEMP); smb_rq_done(rqp); if (error && upper == 1 && vcp->vc_sopt.sv_sm & SMB_SM_USER) goto again; return error; } int smb_smb_ssnclose(struct smb_vc *vcp, struct smb_cred *scred) { struct smb_rq *rqp; struct mbchain *mbp; int error; if (vcp->vc_smbuid == SMB_UID_UNKNOWN) return 0; if (smb_smb_nomux(vcp, scred, __func__) != 0) return EINVAL; error = smb_rq_alloc(VCTOCP(vcp), SMB_COM_LOGOFF_ANDX, scred, &rqp); if (error) return error; mbp = &rqp->sr_rq; smb_rq_wstart(rqp); mb_put_uint8(mbp, 0xff); mb_put_uint8(mbp, 0); mb_put_uint16le(mbp, 0); smb_rq_wend(rqp); smb_rq_bstart(rqp); smb_rq_bend(rqp); error = smb_rq_simple(rqp); SMBSDEBUG("%d\n", error); smb_rq_done(rqp); return error; } static char smb_any_share[] = "?????"; static char * smb_share_typename(int stype) { char *pp; switch (stype) { case SMB_ST_DISK: pp = "A:"; break; case SMB_ST_PRINTER: pp = smb_any_share; /* can't use LPT: here... */ break; case SMB_ST_PIPE: pp = "IPC"; break; case SMB_ST_COMM: pp = "COMM"; break; case SMB_ST_ANY: default: pp = smb_any_share; break; } return pp; } int smb_smb_treeconnect(struct smb_share *ssp, struct smb_cred *scred) { struct smb_vc *vcp; struct smb_rq rq, *rqp = &rq; struct mbchain *mbp; char *pp, *pbuf, *encpass; int error, plen, caseopt, upper; upper = 0; again: #if 0 /* Disable Unicode for SMB_COM_TREE_CONNECT_ANDX requests */ if (SSTOVC(ssp)->vc_hflags2 & SMB_FLAGS2_UNICODE) { vcp = SSTOVC(ssp); if (vcp->vc_toserver) { iconv_close(vcp->vc_toserver); /* Use NULL until UTF-8 -> ASCII works */ vcp->vc_toserver = NULL; } if (vcp->vc_tolocal) { iconv_close(vcp->vc_tolocal); /* Use NULL until ASCII -> UTF-8 works*/ vcp->vc_tolocal = NULL; } vcp->vc_hflags2 &= ~SMB_FLAGS2_UNICODE; } #endif ssp->ss_tid = SMB_TID_UNKNOWN; error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_TREE_CONNECT_ANDX, scred, &rqp); if (error) return error; vcp = rqp->sr_vc; caseopt = SMB_CS_NONE; if (vcp->vc_sopt.sv_sm & SMB_SM_USER) { plen = 1; pp = ""; pbuf = NULL; encpass = NULL; } else { pbuf = malloc(SMB_MAXPASSWORDLEN + 1, M_SMBTEMP, M_WAITOK); encpass = malloc(24, M_SMBTEMP, M_WAITOK); /* * We try w/o uppercasing first so Samba mixed case * passwords work. If that fails we come back and try * uppercasing to satisfy OS/2 and Windows for Workgroups. */ if (upper++) { iconv_convstr(vcp->vc_toupper, pbuf, smb_share_getpass(ssp)/*, SMB_MAXPASSWORDLEN*/); } else { strncpy(pbuf, smb_share_getpass(ssp), SMB_MAXPASSWORDLEN); pbuf[SMB_MAXPASSWORDLEN] = '\0'; } if (vcp->vc_sopt.sv_sm & SMB_SM_ENCRYPT) { plen = 24; smb_encrypt(pbuf, vcp->vc_ch, encpass); pp = encpass; } else { plen = strlen(pbuf) + 1; pp = pbuf; } } mbp = &rqp->sr_rq; smb_rq_wstart(rqp); mb_put_uint8(mbp, 0xff); mb_put_uint8(mbp, 0); mb_put_uint16le(mbp, 0); mb_put_uint16le(mbp, 0); /* Flags */ mb_put_uint16le(mbp, plen); smb_rq_wend(rqp); smb_rq_bstart(rqp); mb_put_mem(mbp, pp, plen, MB_MSYSTEM); smb_put_dmem(mbp, vcp, "\\\\", 2, caseopt); pp = vcp->vc_srvname; smb_put_dmem(mbp, vcp, pp, strlen(pp), caseopt); smb_put_dmem(mbp, vcp, "\\", 1, caseopt); pp = ssp->ss_name; smb_put_dstring(mbp, vcp, pp, caseopt); pp = smb_share_typename(ssp->ss_type); smb_put_dstring(mbp, vcp, pp, caseopt); smb_rq_bend(rqp); error = smb_rq_simple(rqp); SMBSDEBUG("%d\n", error); if (error) goto bad; ssp->ss_tid = rqp->sr_rptid; ssp->ss_vcgenid = vcp->vc_genid; ssp->ss_flags |= SMBS_CONNECTED; bad: if (encpass) free(encpass, M_SMBTEMP); if (pbuf) free(pbuf, M_SMBTEMP); smb_rq_done(rqp); if (error && upper == 1) goto again; return error; } int smb_smb_treedisconnect(struct smb_share *ssp, struct smb_cred *scred) { struct smb_rq *rqp; struct mbchain *mbp; int error; if (ssp->ss_tid == SMB_TID_UNKNOWN) return 0; error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_TREE_DISCONNECT, scred, &rqp); if (error) return error; mbp = &rqp->sr_rq; smb_rq_wstart(rqp); smb_rq_wend(rqp); smb_rq_bstart(rqp); smb_rq_bend(rqp); error = smb_rq_simple(rqp); SMBSDEBUG("%d\n", error); smb_rq_done(rqp); ssp->ss_tid = SMB_TID_UNKNOWN; return error; } static __inline int smb_smb_readx(struct smb_share *ssp, u_int16_t fid, int *len, int *rresid, struct uio *uio, struct smb_cred *scred) { struct smb_rq *rqp; struct mbchain *mbp; struct mdchain *mdp; u_int8_t wc; int error; u_int16_t residhi, residlo, off, doff; u_int32_t resid; error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_READ_ANDX, scred, &rqp); if (error) return error; smb_rq_getrequest(rqp, &mbp); smb_rq_wstart(rqp); mb_put_uint8(mbp, 0xff); /* no secondary command */ mb_put_uint8(mbp, 0); /* MBZ */ mb_put_uint16le(mbp, 0); /* offset to secondary */ mb_put_mem(mbp, (caddr_t)&fid, sizeof(fid), MB_MSYSTEM); mb_put_uint32le(mbp, uio->uio_offset); *len = min(SSTOVC(ssp)->vc_rxmax, *len); mb_put_uint16le(mbp, *len); /* MaxCount */ mb_put_uint16le(mbp, *len); /* MinCount (only indicates blocking) */ mb_put_uint32le(mbp, (unsigned)*len >> 16); /* MaxCountHigh */ mb_put_uint16le(mbp, *len); /* Remaining ("obsolete") */ mb_put_uint32le(mbp, uio->uio_offset >> 32); /* OffsetHigh */ smb_rq_wend(rqp); smb_rq_bstart(rqp); smb_rq_bend(rqp); do { error = smb_rq_simple(rqp); if (error) break; smb_rq_getreply(rqp, &mdp); off = SMB_HDRLEN; md_get_uint8(mdp, &wc); off++; if (wc != 12) { error = EBADRPC; break; } md_get_uint8(mdp, NULL); off++; md_get_uint8(mdp, NULL); off++; md_get_uint16le(mdp, NULL); off += 2; md_get_uint16le(mdp, NULL); off += 2; md_get_uint16le(mdp, NULL); /* data compaction mode */ off += 2; md_get_uint16le(mdp, NULL); off += 2; md_get_uint16le(mdp, &residlo); off += 2; md_get_uint16le(mdp, &doff); /* data offset */ off += 2; md_get_uint16le(mdp, &residhi); off += 2; resid = (residhi << 16) | residlo; md_get_mem(mdp, NULL, 4 * 2, MB_MSYSTEM); off += 4*2; md_get_uint16le(mdp, NULL); /* ByteCount */ off += 2; if (doff > off) /* pad byte(s)? */ md_get_mem(mdp, NULL, doff - off, MB_MSYSTEM); if (resid == 0) { *rresid = resid; break; } error = md_get_uio(mdp, uio, resid); if (error) break; *rresid = resid; } while(0); smb_rq_done(rqp); return (error); } static __inline int smb_smb_writex(struct smb_share *ssp, u_int16_t fid, int *len, int *rresid, struct uio *uio, struct smb_cred *scred) { struct smb_rq *rqp; struct mbchain *mbp; struct mdchain *mdp; int error; u_int8_t wc; u_int16_t resid; error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_WRITE_ANDX, scred, &rqp); if (error) return (error); smb_rq_getrequest(rqp, &mbp); smb_rq_wstart(rqp); mb_put_uint8(mbp, 0xff); /* no secondary command */ mb_put_uint8(mbp, 0); /* MBZ */ mb_put_uint16le(mbp, 0); /* offset to secondary */ mb_put_mem(mbp, (caddr_t)&fid, sizeof(fid), MB_MSYSTEM); mb_put_uint32le(mbp, uio->uio_offset); mb_put_uint32le(mbp, 0); /* MBZ (timeout) */ mb_put_uint16le(mbp, 0); /* !write-thru */ mb_put_uint16le(mbp, 0); *len = min(SSTOVC(ssp)->vc_wxmax, *len); mb_put_uint16le(mbp, (unsigned)*len >> 16); mb_put_uint16le(mbp, *len); mb_put_uint16le(mbp, 64); /* data offset from header start */ mb_put_uint32le(mbp, uio->uio_offset >> 32); /* OffsetHigh */ smb_rq_wend(rqp); smb_rq_bstart(rqp); do { mb_put_uint8(mbp, 0xee); /* mimic xp pad byte! */ error = mb_put_uio(mbp, uio, *len); if (error) break; smb_rq_bend(rqp); error = smb_rq_simple(rqp); if (error) break; smb_rq_getreply(rqp, &mdp); md_get_uint8(mdp, &wc); if (wc != 6) { error = EBADRPC; break; } md_get_uint8(mdp, NULL); md_get_uint8(mdp, NULL); md_get_uint16le(mdp, NULL); md_get_uint16le(mdp, &resid); *rresid = resid; } while(0); smb_rq_done(rqp); return (error); } static __inline int smb_smb_read(struct smb_share *ssp, u_int16_t fid, int *len, int *rresid, struct uio *uio, struct smb_cred *scred) { struct smb_rq *rqp; struct mbchain *mbp; struct mdchain *mdp; u_int16_t resid, bc; u_int8_t wc; int error, rlen, blksz; if (SSTOVC(ssp)->vc_sopt.sv_caps & SMB_CAP_LARGE_READX) return (smb_smb_readx(ssp, fid, len, rresid, uio, scred)); error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_READ, scred, &rqp); if (error) return error; blksz = SSTOVC(ssp)->vc_txmax - SMB_HDRLEN - 16; rlen = *len = min(blksz, *len); smb_rq_getrequest(rqp, &mbp); smb_rq_wstart(rqp); mb_put_mem(mbp, (caddr_t)&fid, sizeof(fid), MB_MSYSTEM); mb_put_uint16le(mbp, rlen); mb_put_uint32le(mbp, uio->uio_offset); mb_put_uint16le(mbp, min(uio->uio_resid, 0xffff)); smb_rq_wend(rqp); smb_rq_bstart(rqp); smb_rq_bend(rqp); do { error = smb_rq_simple(rqp); if (error) break; smb_rq_getreply(rqp, &mdp); md_get_uint8(mdp, &wc); if (wc != 5) { error = EBADRPC; break; } md_get_uint16le(mdp, &resid); md_get_mem(mdp, NULL, 4 * 2, MB_MSYSTEM); md_get_uint16le(mdp, &bc); md_get_uint8(mdp, NULL); /* ignore buffer type */ md_get_uint16le(mdp, &resid); if (resid == 0) { *rresid = resid; break; } error = md_get_uio(mdp, uio, resid); if (error) break; *rresid = resid; } while(0); smb_rq_done(rqp); return error; } int smb_read(struct smb_share *ssp, u_int16_t fid, struct uio *uio, struct smb_cred *scred) { int tsize, len, resid; int error = 0; tsize = uio->uio_resid; while (tsize > 0) { len = tsize; error = smb_smb_read(ssp, fid, &len, &resid, uio, scred); if (error) break; tsize -= resid; if (resid < len) break; } return error; } static __inline int smb_smb_write(struct smb_share *ssp, u_int16_t fid, int *len, int *rresid, struct uio *uio, struct smb_cred *scred) { struct smb_rq *rqp; struct mbchain *mbp; struct mdchain *mdp; u_int16_t resid; u_int8_t wc; int error, blksz; if (*len && SSTOVC(ssp)->vc_sopt.sv_caps & SMB_CAP_LARGE_WRITEX) return (smb_smb_writex(ssp, fid, len, rresid, uio, scred)); blksz = SSTOVC(ssp)->vc_txmax - SMB_HDRLEN - 16; if (blksz > 0xffff) blksz = 0xffff; resid = *len = min(blksz, *len); error = smb_rq_alloc(SSTOCP(ssp), SMB_COM_WRITE, scred, &rqp); if (error) return error; smb_rq_getrequest(rqp, &mbp); smb_rq_wstart(rqp); mb_put_mem(mbp, (caddr_t)&fid, sizeof(fid), MB_MSYSTEM); mb_put_uint16le(mbp, resid); mb_put_uint32le(mbp, uio->uio_offset); mb_put_uint16le(mbp, min(uio->uio_resid, 0xffff)); smb_rq_wend(rqp); smb_rq_bstart(rqp); mb_put_uint8(mbp, SMB_DT_DATA); mb_put_uint16le(mbp, resid); do { error = mb_put_uio(mbp, uio, resid); if (error) break; smb_rq_bend(rqp); error = smb_rq_simple(rqp); if (error) break; smb_rq_getreply(rqp, &mdp); md_get_uint8(mdp, &wc); if (wc != 1) { error = EBADRPC; break; } md_get_uint16le(mdp, &resid); *rresid = resid; } while(0); smb_rq_done(rqp); return error; } int smb_write(struct smb_share *ssp, u_int16_t fid, struct uio *uio, struct smb_cred *scred) { int error = 0, len, tsize, resid; struct uio olduio; tsize = uio->uio_resid; olduio = *uio; while (tsize > 0) { len = tsize; error = smb_smb_write(ssp, fid, &len, &resid, uio, scred); if (error) break; if (resid < len) { error = EIO; break; } tsize -= resid; } if (error) { /* * Errors can happen on the copyin, the rpc, etc. So they * imply resid is unreliable. The only safe thing is * to pretend zero bytes made it. We needn't restore the * iovs because callers don't depend on them in error * paths - uio_resid and uio_offset are what matter. */ *uio = olduio; } return error; } int smb_smb_echo(struct smb_vc *vcp, struct smb_cred *scred) { struct smb_rq *rqp; struct mbchain *mbp; int error; error = smb_rq_alloc(VCTOCP(vcp), SMB_COM_ECHO, scred, &rqp); if (error) return error; mbp = &rqp->sr_rq; smb_rq_wstart(rqp); mb_put_uint16le(mbp, 1); smb_rq_wend(rqp); smb_rq_bstart(rqp); mb_put_uint32le(mbp, 0); smb_rq_bend(rqp); error = smb_rq_simple(rqp); SMBSDEBUG("%d\n", error); smb_rq_done(rqp); return error; } Index: head/sys/netsmb/smb_subr.h =================================================================== --- head/sys/netsmb/smb_subr.h (revision 124086) +++ head/sys/netsmb/smb_subr.h (revision 124087) @@ -1,127 +1,130 @@ /* * Copyright (c) 2000-2001, Boris Popov * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Boris Popov. * 4. Neither the name of the author nor the names of any co-contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef _NETSMB_SMB_SUBR_H_ #define _NETSMB_SMB_SUBR_H_ #ifndef _KERNEL #error "This file shouldn't be included from userland programs" #endif #ifdef MALLOC_DECLARE MALLOC_DECLARE(M_SMBTEMP); #endif #define SMBERROR(format, args...) printf("%s: "format, __func__ ,## args) #define SMBPANIC(format, args...) printf("%s: "format, __func__ ,## args) #ifdef SMB_SOCKET_DEBUG #define SMBSDEBUG(format, args...) printf("%s: "format, __func__ ,## args) #else #define SMBSDEBUG(format, args...) #endif #ifdef SMB_IOD_DEBUG #define SMBIODEBUG(format, args...) printf("%s: "format, __func__ ,## args) #else #define SMBIODEBUG(format, args...) #endif #ifdef SMB_SOCKETDATA_DEBUG void m_dumpm(struct mbuf *m); #else #define m_dumpm(m) #endif #define SMB_SIGMASK(set) \ (SIGISMEMBER(set, SIGINT) || SIGISMEMBER(set, SIGTERM) || \ SIGISMEMBER(set, SIGHUP) || SIGISMEMBER(set, SIGKILL) || \ SIGISMEMBER(set, SIGQUIT)) #define smb_suser(cred) suser_cred(cred, 0) /* * Compatibility wrappers for simple locks */ #include #include #define smb_slock mtx #define smb_sl_init(mtx, desc) mtx_init(mtx, desc, NULL, MTX_DEF) #define smb_sl_destroy(mtx) mtx_destroy(mtx) #define smb_sl_lock(mtx) mtx_lock(mtx) #define smb_sl_unlock(mtx) mtx_unlock(mtx) #define SMB_STRFREE(p) do { if (p) smb_strfree(p); } while(0) typedef u_int16_t smb_unichar; typedef smb_unichar *smb_uniptr; /* * Crediantials of user/process being processing in the connection procedures */ struct smb_cred { struct thread * scr_td; struct ucred * scr_cred; }; extern smb_unichar smb_unieol; struct mbchain; struct smb_vc; struct smb_rq; void smb_makescred(struct smb_cred *scred, struct thread *td, struct ucred *cred); int smb_td_intr(struct thread *); char *smb_strdup(const char *s); void *smb_memdup(const void *umem, int len); char *smb_strdupin(char *s, int maxlen); void *smb_memdupin(void *umem, int len); void smb_strtouni(u_int16_t *dst, const char *src); void smb_strfree(char *s); void smb_memfree(void *s); void *smb_zmalloc(unsigned long size, struct malloc_type *type, int flags); +int smb_calcmackey(struct smb_vc *vcp); int smb_encrypt(const u_char *apwd, u_char *C8, u_char *RN); int smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN); int smb_maperror(int eclass, int eno); int smb_put_dmem(struct mbchain *mbp, struct smb_vc *vcp, const char *src, int len, int caseopt); int smb_put_dstring(struct mbchain *mbp, struct smb_vc *vcp, const char *src, int caseopt); int smb_put_string(struct smb_rq *rqp, const char *src); int smb_put_asunistring(struct smb_rq *rqp, const char *src); +int smb_rq_sign(struct smb_rq *rqp); +int smb_rq_verify(struct smb_rq *rqp); #endif /* !_NETSMB_SMB_SUBR_H_ */