search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
kernel - Fix races created by a comedy of circumstansces (3)
[dragonfly.git] / sys / netproto / smb / smb_rq.c
blob57f60054d52547226f99ef97725be64bead9321a
1 /*
2 * Copyright (c) 2000-2001, Boris Popov
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by Boris Popov.
16 * 4. Neither the name of the author nor the names of any co-contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 *
32 * $FreeBSD: src/sys/netsmb/smb_rq.c,v 1.1.2.2 2002/04/23 03:45:01 bp Exp $
33 */
34 #include <sys/param.h>
35 #include <sys/systm.h>
36 #include <sys/kernel.h>
37 #include <sys/malloc.h>
38 #include <sys/proc.h>
39 #include <sys/lock.h>
40 #include <sys/sysctl.h>
41 #include <sys/socket.h>
42 #include <sys/socketvar.h>
43 #include <sys/mbuf.h>
44
45 #include "smb.h"
46 #include "smb_conn.h"
47 #include "smb_rq.h"
48 #include "smb_subr.h"
49 #include "smb_tran.h"
50
51 MALLOC_DEFINE(M_SMBRQ, "SMBRQ", "SMB request");
52
53 MODULE_DEPEND(netsmb, libmchain, 1, 1, 1);
54
55 static int smb_rq_reply(struct smb_rq *rqp);
56 static int smb_rq_enqueue(struct smb_rq *rqp);
57 static int smb_rq_getenv(struct smb_connobj *layer,
58 struct smb_vc **vcpp, struct smb_share **sspp);
59 static int smb_rq_new(struct smb_rq *rqp, u_char cmd);
60 static int smb_t2_reply(struct smb_t2rq *t2p);
61
62 int
63 smb_rq_alloc(struct smb_connobj *layer, u_char cmd, struct smb_cred *scred,
64 struct smb_rq **rqpp)
65 {
66 struct smb_rq *rqp;
67 int error;
68
69 rqp = kmalloc(sizeof(*rqp), M_SMBRQ, M_WAITOK);
70 error = smb_rq_init(rqp, layer, cmd, scred);
71 rqp->sr_flags |= SMBR_ALLOCED;
72 if (error) {
73 smb_rq_done(rqp);
74 return error;
75 }
76 *rqpp = rqp;
77 return 0;
78 }
79
80 static char tzero[12];
81
82 int
83 smb_rq_init(struct smb_rq *rqp, struct smb_connobj *layer, u_char cmd,
84 struct smb_cred *scred)
85 {
86 int error;
87
88 bzero(rqp, sizeof(*rqp));
89 smb_sl_init(&rqp->sr_slock, "srslock");
90 error = smb_rq_getenv(layer, &rqp->sr_vc, &rqp->sr_share);
91 if (error)
92 return error;
93 error = smb_vc_access(rqp->sr_vc, scred, SMBM_EXEC);
94 if (error)
95 return error;
96 if (rqp->sr_share) {
97 error = smb_share_access(rqp->sr_share, scred, SMBM_EXEC);
98 if (error)
99 return error;
100 }
101 rqp->sr_cred = scred;
102 rqp->sr_mid = smb_vc_nextmid(rqp->sr_vc);
103 return smb_rq_new(rqp, cmd);
104 }
105
106 static int
107 smb_rq_new(struct smb_rq *rqp, u_char cmd)
108 {
109 struct smb_vc *vcp = rqp->sr_vc;
110 struct mbchain *mbp = &rqp->sr_rq;
111 int error;
112 u_int16_t flags2;
113
114 rqp->sr_sendcnt = 0;
115 mb_done(mbp);
116 md_done(&rqp->sr_rp);
117 error = mb_init(mbp);
118 if (error)
119 return error;
120 mb_put_mem(mbp, SMB_SIGNATURE, SMB_SIGLEN, MB_MSYSTEM);
121 mb_put_uint8(mbp, cmd);
122 mb_put_uint32le(mbp, 0); /* DosError */
123 mb_put_uint8(mbp, vcp->vc_hflags);
124 flags2 = vcp->vc_hflags2;
125 if (cmd == SMB_COM_TRANSACTION || cmd == SMB_COM_TRANSACTION_SECONDARY)
126 flags2 &= ~SMB_FLAGS2_UNICODE;
127 if (cmd == SMB_COM_NEGOTIATE)
128 flags2 &= ~SMB_FLAGS2_SECURITY_SIGNATURE;
129 mb_put_uint16le(mbp, flags2);
130 if ((flags2 & SMB_FLAGS2_SECURITY_SIGNATURE) == 0) {
131 mb_put_mem(mbp, tzero, 12, MB_MSYSTEM);
132 rqp->sr_rqsig = NULL;
133 } else {
134 mb_put_uint16le(mbp, 0 /*scred->sc_p->p_pid >> 16*/);
135 rqp->sr_rqsig = (u_int8_t *)mb_reserve(mbp, 8);
136 mb_put_uint16le(mbp, 0);
137 }
138 rqp->sr_rqtid = (u_int16_t*)mb_reserve(mbp, sizeof(u_int16_t));
139 mb_put_uint16le(mbp, 1 /*scred->sc_p->p_pid & 0xffff*/);
140 rqp->sr_rquid = (u_int16_t*)mb_reserve(mbp, sizeof(u_int16_t));
141 mb_put_uint16le(mbp, rqp->sr_mid);
142 return 0;
143 }
144
145 void
146 smb_rq_done(struct smb_rq *rqp)
147 {
148 mb_done(&rqp->sr_rq);
149 md_done(&rqp->sr_rp);
150 smb_sl_destroy(&rqp->sr_slock);
151 if (rqp->sr_flags & SMBR_ALLOCED)
152 kfree(rqp, M_SMBRQ);
153 }
154
155 /*
156 * Simple request-reply exchange
157 */
158 int
159 smb_rq_simple(struct smb_rq *rqp)
160 {
161 struct smb_vc *vcp = rqp->sr_vc;
162 int error = EINVAL, i;
163
164 for (i = 0; i < SMB_MAXRCN; i++) {
165 rqp->sr_flags &= ~SMBR_RESTART;
166 rqp->sr_timo = vcp->vc_timo;
167 rqp->sr_state = SMBRQ_NOTSENT;
168 error = smb_rq_enqueue(rqp);
169 if (error)
170 return error;
171 error = smb_rq_reply(rqp);
172 if (error == 0)
173 break;
174 if ((rqp->sr_flags & (SMBR_RESTART | SMBR_NORESTART)) != SMBR_RESTART)
175 break;
176 }
177 return error;
178 }
179
180 static int
181 smb_rq_enqueue(struct smb_rq *rqp)
182 {
183 struct smb_share *ssp = rqp->sr_share;
184 int error;
185
186 if (ssp == NULL || rqp->sr_cred == &rqp->sr_vc->vc_iod->iod_scred) {
187 return smb_iod_addrq(rqp);
188 }
189 for (;;) {
190 SMBS_ST_LOCK(ssp);
191 if (ssp->ss_flags & SMBS_RECONNECTING) {
192 smb_sleep(&ssp->ss_vcgenid, SMBS_ST_INTERLOCK(ssp),
193 PDROP, "90trcn", hz);
194 if (smb_proc_intr(rqp->sr_cred->scr_td))
195 return EINTR;
196 continue;
197 }
198 if (smb_share_valid(ssp) || (ssp->ss_flags & SMBS_CONNECTED) == 0) {
199 SMBS_ST_UNLOCK(ssp);
200 } else {
201 SMBS_ST_UNLOCK(ssp);
202 error = smb_iod_request(rqp->sr_vc->vc_iod,
203 SMBIOD_EV_TREECONNECT | SMBIOD_EV_SYNC, ssp);
204 if (error)
205 return error;
206 }
207 error = smb_iod_addrq(rqp);
208 if (error != EXDEV)
209 break;
210 }
211 return error;
212 }
213
214 void
215 smb_rq_wstart(struct smb_rq *rqp)
216 {
217 rqp->sr_wcount = mb_reserve(&rqp->sr_rq, sizeof(u_int8_t));
218 rqp->sr_rq.mb_count = 0;
219 }
220
221 void
222 smb_rq_wend(struct smb_rq *rqp)
223 {
224 if (rqp->sr_wcount == NULL) {
225 SMBERROR("no wcount\n"); /* actually panic */
226 return;
227 }
228 if (rqp->sr_rq.mb_count & 1)
229 SMBERROR("odd word count\n");
230 *rqp->sr_wcount = rqp->sr_rq.mb_count / 2;
231 }
232
233 void
234 smb_rq_bstart(struct smb_rq *rqp)
235 {
236 rqp->sr_bcount = (u_short*)mb_reserve(&rqp->sr_rq, sizeof(u_short));
237 rqp->sr_rq.mb_count = 0;
238 }
239
240 void
241 smb_rq_bend(struct smb_rq *rqp)
242 {
243 int bcnt;
244
245 if (rqp->sr_bcount == NULL) {
246 SMBERROR("no bcount\n"); /* actually panic */
247 return;
248 }
249 bcnt = rqp->sr_rq.mb_count;
250 if (bcnt > 0xffff)
251 SMBERROR("byte count too large (%d)\n", bcnt);
252 *rqp->sr_bcount = bcnt;
253 }
254
255 int
256 smb_rq_intr(struct smb_rq *rqp)
257 {
258 struct thread *td = rqp->sr_cred->scr_td;
259
260 if (rqp->sr_flags & SMBR_INTR)
261 return EINTR;
262 return smb_proc_intr(td);
263 }
264
265 int
266 smb_rq_getrequest(struct smb_rq *rqp, struct mbchain **mbpp)
267 {
268 *mbpp = &rqp->sr_rq;
269 return 0;
270 }
271
272 int
273 smb_rq_getreply(struct smb_rq *rqp, struct mdchain **mbpp)
274 {
275 *mbpp = &rqp->sr_rp;
276 return 0;
277 }
278
279 static int
280 smb_rq_getenv(struct smb_connobj *layer,
281 struct smb_vc **vcpp, struct smb_share **sspp)
282 {
283 struct smb_vc *vcp = NULL;
284 struct smb_share *ssp = NULL;
285 struct smb_connobj *cp;
286 int error = 0;
287
288 switch (layer->co_level) {
289 case SMBL_VC:
290 vcp = CPTOVC(layer);
291 if (layer->co_parent == NULL) {
292 SMBERROR("zombie VC %s\n", vcp->vc_srvname);
293 error = EINVAL;
294 break;
295 }
296 break;
297 case SMBL_SHARE:
298 ssp = CPTOSS(layer);
299 cp = layer->co_parent;
300 if (cp == NULL) {
301 SMBERROR("zombie share %s\n", ssp->ss_name);
302 error = EINVAL;
303 break;
304 }
305 error = smb_rq_getenv(cp, &vcp, NULL);
306 if (error)
307 break;
308 break;
309 default:
310 SMBERROR("invalid layer %d passed\n", layer->co_level);
311 error = EINVAL;
312 }
313 if (vcpp)
314 *vcpp = vcp;
315 if (sspp)
316 *sspp = ssp;
317 return error;
318 }
319
320 /*
321 * Wait for reply on the request
322 */
323 static int
324 smb_rq_reply(struct smb_rq *rqp)
325 {
326 struct mdchain *mdp = &rqp->sr_rp;
327 u_int32_t tdw;
328 u_int8_t tb;
329 int error, rperror = 0;
330
331 error = smb_iod_waitrq(rqp);
332 if (error)
333 return error;
334 error = md_get_uint32(mdp, &tdw);
335 if (error)
336 return error;
337 error = md_get_uint8(mdp, &tb);
338 if (rqp->sr_vc->vc_hflags2 & SMB_FLAGS2_ERR_STATUS) {
339 error = md_get_uint32le(mdp, &rqp->sr_error);
340 } else {
341 error = md_get_uint8(mdp, &rqp->sr_errclass);
342 error = md_get_uint8(mdp, &tb);
343 error = md_get_uint16le(mdp, &rqp->sr_serror);
344 if (!error)
345 rperror = smb_maperror(rqp->sr_errclass, rqp->sr_serror);
346 }
347 error = md_get_uint8(mdp, &rqp->sr_rpflags);
348 error = md_get_uint16le(mdp, &rqp->sr_rpflags2);
349
350 error = md_get_uint32(mdp, &tdw);
351 error = md_get_uint32(mdp, &tdw);
352 error = md_get_uint32(mdp, &tdw);
353
354 error = md_get_uint16le(mdp, &rqp->sr_rptid);
355 error = md_get_uint16le(mdp, &rqp->sr_rppid);
356 error = md_get_uint16le(mdp, &rqp->sr_rpuid);
357 error = md_get_uint16le(mdp, &rqp->sr_rpmid);
358
359 if (error == 0 &&
360 (rqp->sr_vc->vc_hflags2 & SMB_FLAGS2_SECURITY_SIGNATURE))
361 error = smb_rq_verify(rqp);
362
363 SMBSDEBUG("M:%04x, P:%04x, U:%04x, T:%04x, E: %d:%d\n",
364 rqp->sr_rpmid, rqp->sr_rppid, rqp->sr_rpuid, rqp->sr_rptid,
365 rqp->sr_errclass, rqp->sr_serror);
366 return error ? error : rperror;
367 }
368
369
370 #define ALIGN4(a) (((a) + 3) & ~3)
371
372 /*
373 * TRANS2 request implementation
374 */
375 int
376 smb_t2_alloc(struct smb_connobj *layer, u_short setup, struct smb_cred *scred,
377 struct smb_t2rq **t2pp)
378 {
379 struct smb_t2rq *t2p;
380 int error;
381
382 t2p = kmalloc(sizeof(*t2p), M_SMBRQ, M_WAITOK);
383 error = smb_t2_init(t2p, layer, setup, scred);
384 t2p->t2_flags |= SMBT2_ALLOCED;
385 if (error) {
386 smb_t2_done(t2p);
387 return error;
388 }
389 *t2pp = t2p;
390 return 0;
391 }
392
393 int
394 smb_t2_init(struct smb_t2rq *t2p, struct smb_connobj *source, u_short setup,
395 struct smb_cred *scred)
396 {
397 int error;
398
399 bzero(t2p, sizeof(*t2p));
400 t2p->t2_source = source;
401 t2p->t2_setupcount = 1;
402 t2p->t2_setupdata = t2p->t2_setup;
403 t2p->t2_setup[0] = setup;
404 t2p->t2_fid = 0xffff;
405 t2p->t2_cred = scred;
406 error = smb_rq_getenv(source, &t2p->t2_vc, NULL);
407 if (error)
408 return error;
409 return 0;
410 }
411
412 void
413 smb_t2_done(struct smb_t2rq *t2p)
414 {
415 mb_done(&t2p->t2_tparam);
416 mb_done(&t2p->t2_tdata);
417 md_done(&t2p->t2_rparam);
418 md_done(&t2p->t2_rdata);
419 if (t2p->t2_flags & SMBT2_ALLOCED)
420 kfree(t2p, M_SMBRQ);
421 }
422
423 static int
424 smb_t2_placedata(struct mbuf *mtop, u_int16_t offset, u_int16_t count,
425 struct mdchain *mdp)
426 {
427 struct mbuf *m, *m0;
428 int len;
429
430 m0 = m_split(mtop, offset, M_WAITOK);
431 if (m0 == NULL)
432 return EBADRPC;
433 for(len = 0, m = m0; m->m_next; m = m->m_next)
434 len += m->m_len;
435 len += m->m_len;
436 m->m_len -= len - count;
437 if (mdp->md_top == NULL) {
438 md_initm(mdp, m0);
439 } else
440 m_cat(mdp->md_top, m0);
441 return 0;
442 }
443
444 static int
445 smb_t2_reply(struct smb_t2rq *t2p)
446 {
447 struct mdchain *mdp;
448 struct smb_rq *rqp = t2p->t2_rq;
449 int error, totpgot, totdgot;
450 u_int16_t totpcount, totdcount, pcount, poff, doff, pdisp, ddisp;
451 u_int16_t tmp, bc, dcount;
452 u_int8_t wc;
453
454 error = smb_rq_reply(rqp);
455 if (error)
456 return error;
457 if ((t2p->t2_flags & SMBT2_ALLSENT) == 0) {
458 /*
459 * this is an interim response, ignore it.
460 */
461 SMBRQ_SLOCK(rqp);
462 md_next_record(&rqp->sr_rp);
463 SMBRQ_SUNLOCK(rqp);
464 return 0;
465 }
466 /*
467 * Now we have to get all subsequent responses. The CIFS specification
468 * says that they can be disordered which is weird.
469 * TODO: timo
470 */
471 totpgot = totdgot = 0;
472 totpcount = totdcount = 0xffff;
473 mdp = &rqp->sr_rp;
474 for (;;) {
475 m_dumpm(mdp->md_top);
476 if ((error = md_get_uint8(mdp, &wc)) != 0)
477 break;
478 if (wc < 10) {
479 error = ENOENT;
480 break;
481 }
482 if ((error = md_get_uint16le(mdp, &tmp)) != 0)
483 break;
484 if (totpcount > tmp)
485 totpcount = tmp;
486 md_get_uint16le(mdp, &tmp);
487 if (totdcount > tmp)
488 totdcount = tmp;
489 if ((error = md_get_uint16le(mdp, &tmp)) != 0 || /* reserved */
490 (error = md_get_uint16le(mdp, &pcount)) != 0 ||
491 (error = md_get_uint16le(mdp, &poff)) != 0 ||
492 (error = md_get_uint16le(mdp, &pdisp)) != 0)
493 break;
494 if (pcount != 0 && pdisp != totpgot) {
495 SMBERROR("Can't handle disordered parameters %d:%d\n",
496 pdisp, totpgot);
497 error = EINVAL;
498 break;
499 }
500 if ((error = md_get_uint16le(mdp, &dcount)) != 0 ||
501 (error = md_get_uint16le(mdp, &doff)) != 0 ||
502 (error = md_get_uint16le(mdp, &ddisp)) != 0)
503 break;
504 if (dcount != 0 && ddisp != totdgot) {
505 SMBERROR("Can't handle disordered data\n");
506 error = EINVAL;
507 break;
508 }
509 md_get_uint8(mdp, &wc);
510 md_get_uint8(mdp, NULL);
511 tmp = wc;
512 while (tmp--)
513 md_get_uint16(mdp, NULL);
514 if ((error = md_get_uint16le(mdp, &bc)) != 0)
515 break;
516 /* tmp = SMB_HDRLEN + 1 + 10 * 2 + 2 * wc + 2;*/
517 if (dcount) {
518 error = smb_t2_placedata(mdp->md_top, doff, dcount,
519 &t2p->t2_rdata);
520 if (error)
521 break;
522 }
523 if (pcount) {
524 error = smb_t2_placedata(mdp->md_top, poff, pcount,
525 &t2p->t2_rparam);
526 if (error)
527 break;
528 }
529 totpgot += pcount;
530 totdgot += dcount;
531 if (totpgot >= totpcount && totdgot >= totdcount) {
532 error = 0;
533 t2p->t2_flags |= SMBT2_ALLRECV;
534 break;
535 }
536 /*
537 * We're done with this reply, look for the next one.
538 */
539 SMBRQ_SLOCK(rqp);
540 md_next_record(&rqp->sr_rp);
541 SMBRQ_SUNLOCK(rqp);
542 error = smb_rq_reply(rqp);
543 if (error)
544 break;
545 }
546 return error;
547 }
548
549 /*
550 * Perform a full round of TRANS2 request
551 */
552 static int
553 smb_t2_request_int(struct smb_t2rq *t2p)
554 {
555 struct smb_vc *vcp = t2p->t2_vc;
556 struct smb_cred *scred = t2p->t2_cred;
557 struct mbchain *mbp;
558 struct mdchain *mdp, mbparam, mbdata;
559 struct mbuf *m;
560 struct smb_rq *rqp;
561 int totpcount, leftpcount, totdcount, leftdcount, len, txmax, i;
562 int error, doff, poff, txdcount, txpcount, nmlen;
563
564 m = t2p->t2_tparam.mb_top;
565 if (m) {
566 md_initm(&mbparam, m); /* do not free it! */
567 totpcount = m_fixhdr(m);
568 if (totpcount > 0xffff) /* maxvalue for u_short */
569 return EINVAL;
570 } else
571 totpcount = 0;
572 m = t2p->t2_tdata.mb_top;
573 if (m) {
574 md_initm(&mbdata, m); /* do not free it! */
575 totdcount = m_fixhdr(m);
576 if (totdcount > 0xffff)
577 return EINVAL;
578 } else
579 totdcount = 0;
580 leftdcount = totdcount;
581 leftpcount = totpcount;
582 txmax = vcp->vc_txmax;
583 error = smb_rq_alloc(t2p->t2_source, t2p->t_name ?
584 SMB_COM_TRANSACTION : SMB_COM_TRANSACTION2, scred, &rqp);
585 if (error)
586 return error;
587 rqp->sr_flags |= SMBR_MULTIPACKET;
588 t2p->t2_rq = rqp;
589 rqp->sr_t2 = t2p;
590 mbp = &rqp->sr_rq;
591 smb_rq_wstart(rqp);
592 mb_put_uint16le(mbp, totpcount);
593 mb_put_uint16le(mbp, totdcount);
594 mb_put_uint16le(mbp, t2p->t2_maxpcount);
595 mb_put_uint16le(mbp, t2p->t2_maxdcount);
596 mb_put_uint8(mbp, t2p->t2_maxscount);
597 mb_put_uint8(mbp, 0); /* reserved */
598 mb_put_uint16le(mbp, 0); /* flags */
599 mb_put_uint32le(mbp, 0); /* Timeout */
600 mb_put_uint16le(mbp, 0); /* reserved 2 */
601 len = mb_fixhdr(mbp);
602 /*
603 * now we have known packet size as
604 * ALIGN4(len + 5 * 2 + setupcount * 2 + 2 + strlen(name) + 1),
605 * and need to decide which parts should go into the first request
606 */
607 nmlen = t2p->t_name ? strlen(t2p->t_name) : 0;
608 len = ALIGN4(len + 5 * 2 + t2p->t2_setupcount * 2 + 2 + nmlen + 1);
609 if (len + leftpcount > txmax) {
610 txpcount = min(leftpcount, txmax - len);
611 poff = len;
612 txdcount = 0;
613 doff = 0;
614 } else {
615 txpcount = leftpcount;
616 poff = txpcount ? len : 0;
617 len = ALIGN4(len + txpcount);
618 txdcount = min(leftdcount, txmax - len);
619 doff = txdcount ? len : 0;
620 }
621 leftpcount -= txpcount;
622 leftdcount -= txdcount;
623 mb_put_uint16le(mbp, txpcount);
624 mb_put_uint16le(mbp, poff);
625 mb_put_uint16le(mbp, txdcount);
626 mb_put_uint16le(mbp, doff);
627 mb_put_uint8(mbp, t2p->t2_setupcount);
628 mb_put_uint8(mbp, 0);
629 for (i = 0; i < t2p->t2_setupcount; i++)
630 mb_put_uint16le(mbp, t2p->t2_setupdata[i]);
631 smb_rq_wend(rqp);
632 smb_rq_bstart(rqp);
633 /* TDUNICODE */
634 if (t2p->t_name)
635 mb_put_mem(mbp, t2p->t_name, nmlen, MB_MSYSTEM);
636 mb_put_uint8(mbp, 0); /* terminating zero */
637 len = mb_fixhdr(mbp);
638 if (txpcount) {
639 mb_put_mem(mbp, NULL, ALIGN4(len) - len, MB_MZERO);
640 error = md_get_mbuf(&mbparam, txpcount, &m);
641 SMBSDEBUG("%d:%d:%d\n", error, txpcount, txmax);
642 if (error)
643 goto freerq;
644 mb_put_mbuf(mbp, m);
645 }
646 len = mb_fixhdr(mbp);
647 if (txdcount) {
648 mb_put_mem(mbp, NULL, ALIGN4(len) - len, MB_MZERO);
649 error = md_get_mbuf(&mbdata, txdcount, &m);
650 if (error)
651 goto freerq;
652 mb_put_mbuf(mbp, m);
653 }
654 smb_rq_bend(rqp); /* incredible, but thats it... */
655 error = smb_rq_enqueue(rqp);
656 if (error)
657 goto freerq;
658 if (leftpcount == 0 && leftdcount == 0)
659 t2p->t2_flags |= SMBT2_ALLSENT;
660 error = smb_t2_reply(t2p);
661 if (error)
662 goto bad;
663 while (leftpcount || leftdcount) {
664 t2p->t2_flags |= SMBT2_SECONDARY;
665 error = smb_rq_new(rqp, t2p->t_name ?
666 SMB_COM_TRANSACTION_SECONDARY : SMB_COM_TRANSACTION2_SECONDARY);
667 if (error)
668 goto bad;
669 mbp = &rqp->sr_rq;
670 smb_rq_wstart(rqp);
671 mb_put_uint16le(mbp, totpcount);
672 mb_put_uint16le(mbp, totdcount);
673 len = mb_fixhdr(mbp);
674 /*
675 * now we have known packet size as
676 * ALIGN4(len + 7 * 2 + 2) for T2 request, and -2 for T one,
677 * and need to decide which parts should go into request
678 */
679 len = ALIGN4(len + 6 * 2 + 2);
680 if (t2p->t_name == NULL)
681 len += 2;
682 if (len + leftpcount > txmax) {
683 txpcount = min(leftpcount, txmax - len);
684 poff = len;
685 txdcount = 0;
686 doff = 0;
687 } else {
688 txpcount = leftpcount;
689 poff = txpcount ? len : 0;
690 len = ALIGN4(len + txpcount);
691 txdcount = min(leftdcount, txmax - len);
692 doff = txdcount ? len : 0;
693 }
694 mb_put_uint16le(mbp, txpcount);
695 mb_put_uint16le(mbp, poff);
696 mb_put_uint16le(mbp, totpcount - leftpcount);
697 mb_put_uint16le(mbp, txdcount);
698 mb_put_uint16le(mbp, doff);
699 mb_put_uint16le(mbp, totdcount - leftdcount);
700 leftpcount -= txpcount;
701 leftdcount -= txdcount;
702 if (t2p->t_name == NULL)
703 mb_put_uint16le(mbp, t2p->t2_fid);
704 smb_rq_wend(rqp);
705 smb_rq_bstart(rqp);
706 mb_put_uint8(mbp, 0); /* name */
707 len = mb_fixhdr(mbp);
708 if (txpcount) {
709 mb_put_mem(mbp, NULL, ALIGN4(len) - len, MB_MZERO);
710 error = md_get_mbuf(&mbparam, txpcount, &m);
711 if (error)
712 goto bad;
713 mb_put_mbuf(mbp, m);
714 }
715 len = mb_fixhdr(mbp);
716 if (txdcount) {
717 mb_put_mem(mbp, NULL, ALIGN4(len) - len, MB_MZERO);
718 error = md_get_mbuf(&mbdata, txdcount, &m);
719 if (error)
720 goto bad;
721 mb_put_mbuf(mbp, m);
722 }
723 smb_rq_bend(rqp);
724 rqp->sr_state = SMBRQ_NOTSENT;
725 error = smb_iod_request(vcp->vc_iod, SMBIOD_EV_NEWRQ, NULL);
726 if (error)
727 goto bad;
728 } /* while left params or data */
729 t2p->t2_flags |= SMBT2_ALLSENT;
730 mdp = &t2p->t2_rdata;
731 if (mdp->md_top) {
732 m_fixhdr(mdp->md_top);
733 md_initm(mdp, mdp->md_top);
734 }
735 mdp = &t2p->t2_rparam;
736 if (mdp->md_top) {
737 m_fixhdr(mdp->md_top);
738 md_initm(mdp, mdp->md_top);
739 }
740 bad:
741 smb_iod_removerq(rqp);
742 freerq:
743 smb_rq_done(rqp);
744 if (error) {
745 if (rqp->sr_flags & SMBR_RESTART)
746 t2p->t2_flags |= SMBT2_RESTART;
747 md_done(&t2p->t2_rparam);
748 md_done(&t2p->t2_rdata);
749 }
750 return error;
751 }
752
753 int
754 smb_t2_request(struct smb_t2rq *t2p)
755 {
756 int error = EINVAL, i;
757
758 for (i = 0; i < SMB_MAXRCN; i++) {
759 t2p->t2_flags &= ~SMBR_RESTART;
760 error = smb_t2_request_int(t2p);
761 if (error == 0)
762 break;
763 if ((t2p->t2_flags & (SMBT2_RESTART | SMBT2_NORESTART)) != SMBT2_RESTART)
764 break;
765 }
766 return error;
767 }
DragonFly BSD