xref: /titanic_44/usr/src/uts/common/fs/smbsrv/smb_fsops.c (revision b819cea2f73f98c5662230cc9affc8cc84f77fcf)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23  * Copyright 2013 Nexenta Systems, Inc.  All rights reserved.
24  */
25 
26 #include <sys/sid.h>
27 #include <sys/nbmlock.h>
28 #include <smbsrv/smb_fsops.h>
29 #include <smbsrv/smb_kproto.h>
30 #include <acl/acl_common.h>
31 #include <sys/fcntl.h>
32 #include <sys/flock.h>
33 #include <fs/fs_subr.h>
34 
35 extern caller_context_t smb_ct;
36 
37 static int smb_fsop_create_stream(smb_request_t *, cred_t *, smb_node_t *,
38     char *, char *, int, smb_attr_t *, smb_node_t **);
39 
40 static int smb_fsop_create_file(smb_request_t *, cred_t *, smb_node_t *,
41     char *, int, smb_attr_t *, smb_node_t **);
42 
43 #ifdef	_KERNEL
44 static int smb_fsop_create_with_sd(smb_request_t *, cred_t *, smb_node_t *,
45     char *, smb_attr_t *, smb_node_t **, smb_fssd_t *);
46 static int smb_fsop_sdinherit(smb_request_t *, smb_node_t *, smb_fssd_t *);
47 #endif	/* _KERNEL */
48 
49 /*
50  * The smb_fsop_* functions have knowledge of CIFS semantics.
51  *
52  * The smb_vop_* functions have minimal knowledge of CIFS semantics and
53  * serve as an interface to the VFS layer.
54  *
55  * Hence, smb_request_t and smb_node_t structures should not be passed
56  * from the smb_fsop_* layer to the smb_vop_* layer.
57  *
58  * In general, CIFS service code should only ever call smb_fsop_*
59  * functions directly, and never smb_vop_* functions directly.
60  *
61  * smb_fsop_* functions should call smb_vop_* functions where possible, instead
62  * of their smb_fsop_* counterparts.  However, there are times when
63  * this cannot be avoided.
64  */
65 
66 /*
67  * Note: Stream names cannot be mangled.
68  */
69 
70 /*
71  * smb_fsop_amask_to_omode
72  *
73  * Convert the access mask to the open mode (for use
74  * with the VOP_OPEN call).
75  *
76  * Note that opening a file for attribute only access
77  * will also translate into an FREAD or FWRITE open mode
78  * (i.e., it's not just for data).
79  *
80  * This is needed so that opens are tracked appropriately
81  * for oplock processing.
82  */
83 
84 int
smb_fsop_amask_to_omode(uint32_t access)85 smb_fsop_amask_to_omode(uint32_t access)
86 {
87 	int mode = 0;
88 
89 	if (access & (FILE_READ_DATA | FILE_EXECUTE |
90 	    FILE_READ_ATTRIBUTES | FILE_READ_EA))
91 		mode |= FREAD;
92 
93 	if (access & (FILE_WRITE_DATA | FILE_APPEND_DATA |
94 	    FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA))
95 		mode |= FWRITE;
96 
97 	if (access & FILE_APPEND_DATA)
98 		mode |= FAPPEND;
99 
100 	return (mode);
101 }
102 
103 int
smb_fsop_open(smb_node_t * node,int mode,cred_t * cred)104 smb_fsop_open(smb_node_t *node, int mode, cred_t *cred)
105 {
106 	/*
107 	 * Assuming that the same vnode is returned as we had before.
108 	 * (I.e., with certain types of files or file systems, a
109 	 * different vnode might be returned by VOP_OPEN)
110 	 */
111 	return (smb_vop_open(&node->vp, mode, cred));
112 }
113 
114 void
smb_fsop_close(smb_node_t * node,int mode,cred_t * cred)115 smb_fsop_close(smb_node_t *node, int mode, cred_t *cred)
116 {
117 	smb_vop_close(node->vp, mode, cred);
118 }
119 
120 #ifdef	_KERNEL
121 static int
smb_fsop_create_with_sd(smb_request_t * sr,cred_t * cr,smb_node_t * dnode,char * name,smb_attr_t * attr,smb_node_t ** ret_snode,smb_fssd_t * fs_sd)122 smb_fsop_create_with_sd(smb_request_t *sr, cred_t *cr,
123     smb_node_t *dnode, char *name,
124     smb_attr_t *attr, smb_node_t **ret_snode, smb_fssd_t *fs_sd)
125 {
126 	vsecattr_t *vsap;
127 	vsecattr_t vsecattr;
128 	smb_attr_t set_attr;
129 	acl_t *acl, *dacl, *sacl;
130 	vnode_t *vp;
131 	cred_t *kcr = zone_kcred();
132 	int aclbsize = 0;	/* size of acl list in bytes */
133 	int flags = 0;
134 	int rc;
135 	boolean_t is_dir;
136 
137 	ASSERT(fs_sd);
138 
139 	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
140 		flags = SMB_IGNORE_CASE;
141 	if (SMB_TREE_SUPPORTS_CATIA(sr))
142 		flags |= SMB_CATIA;
143 
144 	ASSERT(cr);
145 
146 	is_dir = ((fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR) != 0);
147 
148 	if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACLONCREATE)) {
149 		if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) {
150 			dacl = fs_sd->sd_zdacl;
151 			sacl = fs_sd->sd_zsacl;
152 			ASSERT(dacl || sacl);
153 			if (dacl && sacl) {
154 				acl = smb_fsacl_merge(dacl, sacl);
155 			} else if (dacl) {
156 				acl = dacl;
157 			} else {
158 				acl = sacl;
159 			}
160 
161 			rc = smb_fsacl_to_vsa(acl, &vsecattr, &aclbsize);
162 
163 			if (dacl && sacl)
164 				acl_free(acl);
165 
166 			if (rc != 0)
167 				return (rc);
168 
169 			vsap = &vsecattr;
170 		} else {
171 			vsap = NULL;
172 		}
173 
174 		/* The tree ACEs may prevent a create */
175 		rc = EACCES;
176 		if (is_dir) {
177 			if (SMB_TREE_HAS_ACCESS(sr, ACE_ADD_SUBDIRECTORY) != 0)
178 				rc = smb_vop_mkdir(dnode->vp, name, attr,
179 				    &vp, flags, cr, vsap);
180 		} else {
181 			if (SMB_TREE_HAS_ACCESS(sr, ACE_ADD_FILE) != 0)
182 				rc = smb_vop_create(dnode->vp, name, attr,
183 				    &vp, flags, cr, vsap);
184 		}
185 
186 		if (vsap != NULL)
187 			kmem_free(vsap->vsa_aclentp, aclbsize);
188 
189 		if (rc != 0)
190 			return (rc);
191 
192 		set_attr.sa_mask = 0;
193 
194 		/*
195 		 * Ideally we should be able to specify the owner and owning
196 		 * group at create time along with the ACL. Since we cannot
197 		 * do that right now, kcred is passed to smb_vop_setattr so it
198 		 * doesn't fail due to lack of permission.
199 		 */
200 		if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) {
201 			set_attr.sa_vattr.va_uid = fs_sd->sd_uid;
202 			set_attr.sa_mask |= SMB_AT_UID;
203 		}
204 
205 		if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) {
206 			set_attr.sa_vattr.va_gid = fs_sd->sd_gid;
207 			set_attr.sa_mask |= SMB_AT_GID;
208 		}
209 
210 		if (set_attr.sa_mask)
211 			rc = smb_vop_setattr(vp, NULL, &set_attr, 0, kcr);
212 
213 		if (rc == 0) {
214 			*ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp,
215 			    name, dnode, NULL);
216 
217 			if (*ret_snode == NULL)
218 				rc = ENOMEM;
219 
220 			VN_RELE(vp);
221 		}
222 	} else {
223 		/*
224 		 * For filesystems that don't support ACL-on-create, try
225 		 * to set the specified SD after create, which could actually
226 		 * fail because of conflicts between inherited security
227 		 * attributes upon creation and the specified SD.
228 		 *
229 		 * Passing kcred to smb_fsop_sdwrite() to overcome this issue.
230 		 */
231 
232 		if (is_dir) {
233 			rc = smb_vop_mkdir(dnode->vp, name, attr, &vp,
234 			    flags, cr, NULL);
235 		} else {
236 			rc = smb_vop_create(dnode->vp, name, attr, &vp,
237 			    flags, cr, NULL);
238 		}
239 
240 		if (rc != 0)
241 			return (rc);
242 
243 		*ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp,
244 		    name, dnode, NULL);
245 
246 		if (*ret_snode != NULL) {
247 			if (!smb_tree_has_feature(sr->tid_tree,
248 			    SMB_TREE_NFS_MOUNTED))
249 				rc = smb_fsop_sdwrite(sr, kcr, *ret_snode,
250 				    fs_sd, 1);
251 		} else {
252 			rc = ENOMEM;
253 		}
254 
255 		VN_RELE(vp);
256 	}
257 
258 	if (rc != 0) {
259 		if (is_dir)
260 			(void) smb_vop_rmdir(dnode->vp, name, flags, cr);
261 		else
262 			(void) smb_vop_remove(dnode->vp, name, flags, cr);
263 	}
264 
265 	return (rc);
266 }
267 #endif	/* _KERNEL */
268 
269 /*
270  * smb_fsop_create
271  *
272  * All SMB functions should use this wrapper to ensure that
273  * all the smb_vop_creates are performed with the appropriate credentials.
274  * Please document any direct calls to explain the reason for avoiding
275  * this wrapper.
276  *
277  * *ret_snode is returned with a reference upon success.  No reference is
278  * taken if an error is returned.
279  */
280 int
smb_fsop_create(smb_request_t * sr,cred_t * cr,smb_node_t * dnode,char * name,smb_attr_t * attr,smb_node_t ** ret_snode)281 smb_fsop_create(smb_request_t *sr, cred_t *cr, smb_node_t *dnode,
282     char *name, smb_attr_t *attr, smb_node_t **ret_snode)
283 {
284 	int	rc = 0;
285 	int	flags = 0;
286 	char	*fname, *sname;
287 	char	*longname = NULL;
288 
289 	ASSERT(cr);
290 	ASSERT(dnode);
291 	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
292 	ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING);
293 
294 	ASSERT(ret_snode);
295 	*ret_snode = 0;
296 
297 	ASSERT(name);
298 	if (*name == 0)
299 		return (EINVAL);
300 
301 	ASSERT(sr);
302 	ASSERT(sr->tid_tree);
303 
304 	if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0)
305 		return (EACCES);
306 
307 	if (SMB_TREE_IS_READONLY(sr))
308 		return (EROFS);
309 
310 	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
311 		flags = SMB_IGNORE_CASE;
312 	if (SMB_TREE_SUPPORTS_CATIA(sr))
313 		flags |= SMB_CATIA;
314 	if (SMB_TREE_SUPPORTS_ABE(sr))
315 		flags |= SMB_ABE;
316 
317 	if (smb_is_stream_name(name)) {
318 		fname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
319 		sname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
320 		smb_stream_parse_name(name, fname, sname);
321 
322 		rc = smb_fsop_create_stream(sr, cr, dnode,
323 		    fname, sname, flags, attr, ret_snode);
324 
325 		kmem_free(fname, MAXNAMELEN);
326 		kmem_free(sname, MAXNAMELEN);
327 		return (rc);
328 	}
329 
330 	/* Not a named stream */
331 
332 	if (SMB_TREE_SUPPORTS_SHORTNAMES(sr) && smb_maybe_mangled(name)) {
333 		longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
334 		rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags);
335 		kmem_free(longname, MAXNAMELEN);
336 
337 		if (rc == 0)
338 			rc = EEXIST;
339 		if (rc != ENOENT)
340 			return (rc);
341 	}
342 
343 	rc = smb_fsop_create_file(sr, cr, dnode, name, flags,
344 	    attr, ret_snode);
345 	return (rc);
346 
347 }
348 
349 
350 /*
351  * smb_fsop_create_stream
352  *
353  * Create NTFS named stream file (sname) on unnamed stream
354  * file (fname), creating the unnamed stream file if it
355  * doesn't exist.
356  * If we created the unnamed stream file and then creation
357  * of the named stream file fails, we delete the unnamed stream.
358  * Since we use the real file name for the smb_vop_remove we
359  * clear the SMB_IGNORE_CASE flag to ensure a case sensitive
360  * match.
361  *
362  * The second parameter of smb_vop_setattr() is set to
363  * NULL, even though an unnamed stream exists.  This is
364  * because we want to set the UID and GID on the named
365  * stream in this case for consistency with the (unnamed
366  * stream) file (see comments for smb_vop_setattr()).
367  */
368 static int
smb_fsop_create_stream(smb_request_t * sr,cred_t * cr,smb_node_t * dnode,char * fname,char * sname,int flags,smb_attr_t * attr,smb_node_t ** ret_snode)369 smb_fsop_create_stream(smb_request_t *sr, cred_t *cr,
370     smb_node_t *dnode, char *fname, char *sname, int flags,
371     smb_attr_t *attr, smb_node_t **ret_snode)
372 {
373 	smb_attr_t	fattr;
374 	smb_node_t	*fnode;
375 	vnode_t		*xattrdvp;
376 	vnode_t		*vp;
377 	cred_t		*kcr = zone_kcred();
378 	int		rc = 0;
379 	boolean_t	fcreate = B_FALSE;
380 
381 	/* Look up / create the unnamed stream, fname */
382 	rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS,
383 	    sr->tid_tree->t_snode, dnode, fname, &fnode);
384 	if (rc == ENOENT) {
385 		fcreate = B_TRUE;
386 		rc = smb_fsop_create_file(sr, cr, dnode, fname, flags,
387 		    attr, &fnode);
388 	}
389 	if (rc != 0)
390 		return (rc);
391 
392 	fattr.sa_mask = SMB_AT_UID | SMB_AT_GID;
393 	rc = smb_vop_getattr(fnode->vp, NULL, &fattr, 0, kcr);
394 
395 	if (rc == 0) {
396 		/* create the named stream, sname */
397 		rc = smb_vop_stream_create(fnode->vp, sname, attr,
398 		    &vp, &xattrdvp, flags, cr);
399 	}
400 	if (rc != 0) {
401 		if (fcreate) {
402 			flags &= ~SMB_IGNORE_CASE;
403 			(void) smb_vop_remove(dnode->vp,
404 			    fnode->od_name, flags, cr);
405 		}
406 		smb_node_release(fnode);
407 		return (rc);
408 	}
409 
410 	attr->sa_vattr.va_uid = fattr.sa_vattr.va_uid;
411 	attr->sa_vattr.va_gid = fattr.sa_vattr.va_gid;
412 	attr->sa_mask = SMB_AT_UID | SMB_AT_GID;
413 
414 	rc = smb_vop_setattr(vp, NULL, attr, 0, kcr);
415 	if (rc != 0) {
416 		smb_node_release(fnode);
417 		return (rc);
418 	}
419 
420 	*ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdvp,
421 	    vp, sname);
422 
423 	smb_node_release(fnode);
424 	VN_RELE(xattrdvp);
425 	VN_RELE(vp);
426 
427 	if (*ret_snode == NULL)
428 		rc = ENOMEM;
429 
430 	/* notify change to the unnamed stream */
431 	if (rc == 0)
432 		smb_node_notify_change(dnode,
433 		    FILE_ACTION_ADDED_STREAM, fname);
434 
435 	return (rc);
436 }
437 
438 /*
439  * smb_fsop_create_file
440  */
441 static int
smb_fsop_create_file(smb_request_t * sr,cred_t * cr,smb_node_t * dnode,char * name,int flags,smb_attr_t * attr,smb_node_t ** ret_snode)442 smb_fsop_create_file(smb_request_t *sr, cred_t *cr,
443     smb_node_t *dnode, char *name, int flags,
444     smb_attr_t *attr, smb_node_t **ret_snode)
445 {
446 	smb_arg_open_t	*op = &sr->sr_open;
447 	vnode_t		*vp;
448 	int		rc;
449 
450 #ifdef	_KERNEL
451 	smb_fssd_t	fs_sd;
452 	uint32_t	secinfo;
453 	uint32_t	status;
454 
455 	if (op->sd) {
456 		/*
457 		 * SD sent by client in Windows format. Needs to be
458 		 * converted to FS format. No inheritance.
459 		 */
460 		secinfo = smb_sd_get_secinfo(op->sd);
461 		smb_fssd_init(&fs_sd, secinfo, 0);
462 
463 		status = smb_sd_tofs(op->sd, &fs_sd);
464 		if (status == NT_STATUS_SUCCESS) {
465 			rc = smb_fsop_create_with_sd(sr, cr, dnode,
466 			    name, attr, ret_snode, &fs_sd);
467 		} else {
468 			rc = EINVAL;
469 		}
470 		smb_fssd_term(&fs_sd);
471 	} else if (sr->tid_tree->t_acltype == ACE_T) {
472 		/*
473 		 * No incoming SD and filesystem is ZFS
474 		 * Server applies Windows inheritance rules,
475 		 * see smb_fsop_sdinherit() comments as to why.
476 		 */
477 		smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, 0);
478 		rc = smb_fsop_sdinherit(sr, dnode, &fs_sd);
479 		if (rc == 0) {
480 			rc = smb_fsop_create_with_sd(sr, cr, dnode,
481 			    name, attr, ret_snode, &fs_sd);
482 		}
483 
484 		smb_fssd_term(&fs_sd);
485 	} else
486 #endif	/* _KERNEL */
487 	{
488 		/*
489 		 * No incoming SD and filesystem is not ZFS
490 		 * let the filesystem handles the inheritance.
491 		 */
492 		rc = smb_vop_create(dnode->vp, name, attr, &vp,
493 		    flags, cr, NULL);
494 
495 		if (rc == 0) {
496 			*ret_snode = smb_node_lookup(sr, op, cr, vp,
497 			    name, dnode, NULL);
498 
499 			if (*ret_snode == NULL)
500 				rc = ENOMEM;
501 
502 			VN_RELE(vp);
503 		}
504 
505 	}
506 
507 	if (rc == 0)
508 		smb_node_notify_change(dnode, FILE_ACTION_ADDED, name);
509 
510 	return (rc);
511 }
512 
513 /*
514  * smb_fsop_mkdir
515  *
516  * All SMB functions should use this wrapper to ensure that
517  * the the calls are performed with the appropriate credentials.
518  * Please document any direct call to explain the reason
519  * for avoiding this wrapper.
520  *
521  * It is assumed that a reference exists on snode coming into this routine.
522  *
523  * *ret_snode is returned with a reference upon success.  No reference is
524  * taken if an error is returned.
525  */
526 int
smb_fsop_mkdir(smb_request_t * sr,cred_t * cr,smb_node_t * dnode,char * name,smb_attr_t * attr,smb_node_t ** ret_snode)527 smb_fsop_mkdir(
528     smb_request_t *sr,
529     cred_t *cr,
530     smb_node_t *dnode,
531     char *name,
532     smb_attr_t *attr,
533     smb_node_t **ret_snode)
534 {
535 	struct open_param *op = &sr->arg.open;
536 	char *longname;
537 	vnode_t *vp;
538 	int flags = 0;
539 	int rc;
540 
541 #ifdef	_KERNEL
542 	smb_fssd_t fs_sd;
543 	uint32_t secinfo;
544 	uint32_t status;
545 #endif	/* _KERNEL */
546 
547 	ASSERT(cr);
548 	ASSERT(dnode);
549 	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
550 	ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING);
551 
552 	ASSERT(ret_snode);
553 	*ret_snode = 0;
554 
555 	ASSERT(name);
556 	if (*name == 0)
557 		return (EINVAL);
558 
559 	ASSERT(sr);
560 	ASSERT(sr->tid_tree);
561 
562 	if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0)
563 		return (EACCES);
564 
565 	if (SMB_TREE_IS_READONLY(sr))
566 		return (EROFS);
567 	if (SMB_TREE_SUPPORTS_CATIA(sr))
568 		flags |= SMB_CATIA;
569 	if (SMB_TREE_SUPPORTS_ABE(sr))
570 		flags |= SMB_ABE;
571 
572 	if (SMB_TREE_SUPPORTS_SHORTNAMES(sr) && smb_maybe_mangled(name)) {
573 		longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
574 		rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags);
575 		kmem_free(longname, MAXNAMELEN);
576 
577 		/*
578 		 * If the name passed in by the client has an unmangled
579 		 * equivalent that is found in the specified directory,
580 		 * then the mkdir cannot succeed.  Return EEXIST.
581 		 *
582 		 * Only if ENOENT is returned will a mkdir be attempted.
583 		 */
584 
585 		if (rc == 0)
586 			rc = EEXIST;
587 
588 		if (rc != ENOENT)
589 			return (rc);
590 	}
591 
592 	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
593 		flags = SMB_IGNORE_CASE;
594 
595 #ifdef	_KERNEL
596 	if (op->sd) {
597 		/*
598 		 * SD sent by client in Windows format. Needs to be
599 		 * converted to FS format. No inheritance.
600 		 */
601 		secinfo = smb_sd_get_secinfo(op->sd);
602 		smb_fssd_init(&fs_sd, secinfo, SMB_FSSD_FLAGS_DIR);
603 
604 		status = smb_sd_tofs(op->sd, &fs_sd);
605 		if (status == NT_STATUS_SUCCESS) {
606 			rc = smb_fsop_create_with_sd(sr, cr, dnode,
607 			    name, attr, ret_snode, &fs_sd);
608 		}
609 		else
610 			rc = EINVAL;
611 		smb_fssd_term(&fs_sd);
612 	} else if (sr->tid_tree->t_acltype == ACE_T) {
613 		/*
614 		 * No incoming SD and filesystem is ZFS
615 		 * Server applies Windows inheritance rules,
616 		 * see smb_fsop_sdinherit() comments as to why.
617 		 */
618 		smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, SMB_FSSD_FLAGS_DIR);
619 		rc = smb_fsop_sdinherit(sr, dnode, &fs_sd);
620 		if (rc == 0) {
621 			rc = smb_fsop_create_with_sd(sr, cr, dnode,
622 			    name, attr, ret_snode, &fs_sd);
623 		}
624 
625 		smb_fssd_term(&fs_sd);
626 
627 	} else
628 #endif	/* _KERNEL */
629 	{
630 		rc = smb_vop_mkdir(dnode->vp, name, attr, &vp, flags, cr,
631 		    NULL);
632 
633 		if (rc == 0) {
634 			*ret_snode = smb_node_lookup(sr, op, cr, vp, name,
635 			    dnode, NULL);
636 
637 			if (*ret_snode == NULL)
638 				rc = ENOMEM;
639 
640 			VN_RELE(vp);
641 		}
642 	}
643 
644 	if (rc == 0)
645 		smb_node_notify_change(dnode, FILE_ACTION_ADDED, name);
646 
647 	return (rc);
648 }
649 
650 /*
651  * smb_fsop_remove
652  *
653  * All SMB functions should use this wrapper to ensure that
654  * the the calls are performed with the appropriate credentials.
655  * Please document any direct call to explain the reason
656  * for avoiding this wrapper.
657  *
658  * It is assumed that a reference exists on snode coming into this routine.
659  *
660  * A null smb_request might be passed to this function.
661  */
662 int
smb_fsop_remove(smb_request_t * sr,cred_t * cr,smb_node_t * dnode,char * name,uint32_t flags)663 smb_fsop_remove(
664     smb_request_t	*sr,
665     cred_t		*cr,
666     smb_node_t		*dnode,
667     char		*name,
668     uint32_t		flags)
669 {
670 	smb_node_t	*fnode;
671 	char		*longname;
672 	char		*fname;
673 	char		*sname;
674 	int		rc;
675 
676 	ASSERT(cr);
677 	/*
678 	 * The state of the node could be SMB_NODE_STATE_DESTROYING if this
679 	 * function is called during the deletion of the node (because of
680 	 * DELETE_ON_CLOSE).
681 	 */
682 	ASSERT(dnode);
683 	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
684 
685 	if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0 ||
686 	    SMB_TREE_HAS_ACCESS(sr, ACE_DELETE) == 0)
687 		return (EACCES);
688 
689 	if (SMB_TREE_IS_READONLY(sr))
690 		return (EROFS);
691 
692 	fname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
693 	sname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
694 
695 	if (dnode->flags & NODE_XATTR_DIR) {
696 		fnode = dnode->n_dnode;
697 		rc = smb_vop_stream_remove(fnode->vp, name, flags, cr);
698 
699 		/* notify change to the unnamed stream */
700 		if ((rc == 0) && fnode->n_dnode) {
701 			smb_node_notify_change(fnode->n_dnode,
702 			    FILE_ACTION_REMOVED_STREAM, fnode->od_name);
703 		}
704 	} else if (smb_is_stream_name(name)) {
705 		smb_stream_parse_name(name, fname, sname);
706 
707 		/*
708 		 * Look up the unnamed stream (i.e. fname).
709 		 * Unmangle processing will be done on fname
710 		 * as well as any link target.
711 		 */
712 
713 		rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS,
714 		    sr->tid_tree->t_snode, dnode, fname, &fnode);
715 
716 		if (rc != 0) {
717 			kmem_free(fname, MAXNAMELEN);
718 			kmem_free(sname, MAXNAMELEN);
719 			return (rc);
720 		}
721 
722 		/*
723 		 * XXX
724 		 * Need to find out what permission is required by NTFS
725 		 * to remove a stream.
726 		 */
727 		rc = smb_vop_stream_remove(fnode->vp, sname, flags, cr);
728 
729 		smb_node_release(fnode);
730 
731 		/* notify change to the unnamed stream */
732 		if (rc == 0) {
733 			smb_node_notify_change(dnode,
734 			    FILE_ACTION_REMOVED_STREAM, fname);
735 		}
736 	} else {
737 		rc = smb_vop_remove(dnode->vp, name, flags, cr);
738 
739 		if (rc == ENOENT) {
740 			if (!SMB_TREE_SUPPORTS_SHORTNAMES(sr) ||
741 			    !smb_maybe_mangled(name)) {
742 				kmem_free(fname, MAXNAMELEN);
743 				kmem_free(sname, MAXNAMELEN);
744 				return (rc);
745 			}
746 			longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
747 
748 			if (SMB_TREE_SUPPORTS_ABE(sr))
749 				flags |= SMB_ABE;
750 
751 			rc = smb_unmangle(dnode, name, longname, MAXNAMELEN,
752 			    flags);
753 
754 			if (rc == 0) {
755 				/*
756 				 * longname is the real (case-sensitive)
757 				 * on-disk name.
758 				 * We make sure we do a remove on this exact
759 				 * name, as the name was mangled and denotes
760 				 * a unique file.
761 				 */
762 				flags &= ~SMB_IGNORE_CASE;
763 				rc = smb_vop_remove(dnode->vp, longname,
764 				    flags, cr);
765 			}
766 			kmem_free(longname, MAXNAMELEN);
767 		}
768 		if (rc == 0) {
769 			smb_node_notify_change(dnode,
770 			    FILE_ACTION_REMOVED, name);
771 		}
772 	}
773 
774 	kmem_free(fname, MAXNAMELEN);
775 	kmem_free(sname, MAXNAMELEN);
776 
777 	return (rc);
778 }
779 
780 /*
781  * smb_fsop_remove_streams
782  *
783  * This function removes a file's streams without removing the
784  * file itself.
785  *
786  * It is assumed that fnode is not a link.
787  */
788 int
smb_fsop_remove_streams(smb_request_t * sr,cred_t * cr,smb_node_t * fnode)789 smb_fsop_remove_streams(smb_request_t *sr, cred_t *cr, smb_node_t *fnode)
790 {
791 	int rc, flags = 0;
792 	uint16_t odid;
793 	smb_odir_t *od;
794 	smb_odirent_t *odirent;
795 	boolean_t eos;
796 
797 	ASSERT(sr);
798 	ASSERT(cr);
799 	ASSERT(fnode);
800 	ASSERT(fnode->n_magic == SMB_NODE_MAGIC);
801 	ASSERT(fnode->n_state != SMB_NODE_STATE_DESTROYING);
802 
803 	if (SMB_TREE_CONTAINS_NODE(sr, fnode) == 0) {
804 		smbsr_errno(sr, EACCES);
805 		return (-1);
806 	}
807 
808 	if (SMB_TREE_IS_READONLY(sr)) {
809 		smbsr_errno(sr, EROFS);
810 		return (-1);
811 	}
812 
813 	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
814 		flags = SMB_IGNORE_CASE;
815 
816 	if (SMB_TREE_SUPPORTS_CATIA(sr))
817 		flags |= SMB_CATIA;
818 
819 	if ((odid = smb_odir_openat(sr, fnode)) == 0) {
820 		smbsr_errno(sr, ENOENT);
821 		return (-1);
822 	}
823 
824 	if ((od = smb_tree_lookup_odir(sr, odid)) == NULL) {
825 		smbsr_errno(sr, ENOENT);
826 		return (-1);
827 	}
828 
829 	odirent = kmem_alloc(sizeof (smb_odirent_t), KM_SLEEP);
830 	for (;;) {
831 		rc = smb_odir_read(sr, od, odirent, &eos);
832 		if ((rc != 0) || (eos))
833 			break;
834 		(void) smb_vop_remove(od->d_dnode->vp, odirent->od_name,
835 		    flags, cr);
836 	}
837 	kmem_free(odirent, sizeof (smb_odirent_t));
838 
839 	smb_odir_close(od);
840 	smb_odir_release(od);
841 	return (rc);
842 }
843 
844 /*
845  * smb_fsop_rmdir
846  *
847  * All SMB functions should use this wrapper to ensure that
848  * the the calls are performed with the appropriate credentials.
849  * Please document any direct call to explain the reason
850  * for avoiding this wrapper.
851  *
852  * It is assumed that a reference exists on snode coming into this routine.
853  */
854 int
smb_fsop_rmdir(smb_request_t * sr,cred_t * cr,smb_node_t * dnode,char * name,uint32_t flags)855 smb_fsop_rmdir(
856     smb_request_t	*sr,
857     cred_t		*cr,
858     smb_node_t		*dnode,
859     char		*name,
860     uint32_t		flags)
861 {
862 	int		rc;
863 	char		*longname;
864 
865 	ASSERT(cr);
866 	/*
867 	 * The state of the node could be SMB_NODE_STATE_DESTROYING if this
868 	 * function is called during the deletion of the node (because of
869 	 * DELETE_ON_CLOSE).
870 	 */
871 	ASSERT(dnode);
872 	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
873 
874 	if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0 ||
875 	    SMB_TREE_HAS_ACCESS(sr, ACE_DELETE_CHILD) == 0)
876 		return (EACCES);
877 
878 	if (SMB_TREE_IS_READONLY(sr))
879 		return (EROFS);
880 
881 	rc = smb_vop_rmdir(dnode->vp, name, flags, cr);
882 
883 	if (rc == ENOENT) {
884 		if (!SMB_TREE_SUPPORTS_SHORTNAMES(sr) ||
885 		    !smb_maybe_mangled(name)) {
886 			return (rc);
887 		}
888 
889 		longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
890 
891 		if (SMB_TREE_SUPPORTS_ABE(sr))
892 			flags |= SMB_ABE;
893 		rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags);
894 
895 		if (rc == 0) {
896 			/*
897 			 * longname is the real (case-sensitive)
898 			 * on-disk name.
899 			 * We make sure we do a rmdir on this exact
900 			 * name, as the name was mangled and denotes
901 			 * a unique directory.
902 			 */
903 			flags &= ~SMB_IGNORE_CASE;
904 			rc = smb_vop_rmdir(dnode->vp, longname, flags, cr);
905 		}
906 
907 		kmem_free(longname, MAXNAMELEN);
908 	}
909 
910 	if (rc == 0)
911 		smb_node_notify_change(dnode, FILE_ACTION_REMOVED, name);
912 
913 	return (rc);
914 }
915 
916 /*
917  * smb_fsop_getattr
918  *
919  * All SMB functions should use this wrapper to ensure that
920  * the the calls are performed with the appropriate credentials.
921  * Please document any direct call to explain the reason
922  * for avoiding this wrapper.
923  *
924  * It is assumed that a reference exists on snode coming into this routine.
925  */
926 int
smb_fsop_getattr(smb_request_t * sr,cred_t * cr,smb_node_t * snode,smb_attr_t * attr)927 smb_fsop_getattr(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
928     smb_attr_t *attr)
929 {
930 	smb_node_t *unnamed_node;
931 	vnode_t *unnamed_vp = NULL;
932 	uint32_t status;
933 	uint32_t access = 0;
934 	int flags = 0;
935 	int rc;
936 
937 	ASSERT(cr);
938 	ASSERT(snode);
939 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
940 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
941 
942 	if (SMB_TREE_CONTAINS_NODE(sr, snode) == 0 ||
943 	    SMB_TREE_HAS_ACCESS(sr, ACE_READ_ATTRIBUTES) == 0)
944 		return (EACCES);
945 
946 	/* sr could be NULL in some cases */
947 	if (sr && sr->fid_ofile) {
948 		/* if uid and/or gid is requested */
949 		if (attr->sa_mask & (SMB_AT_UID|SMB_AT_GID))
950 			access |= READ_CONTROL;
951 
952 		/* if anything else is also requested */
953 		if (attr->sa_mask & ~(SMB_AT_UID|SMB_AT_GID))
954 			access |= FILE_READ_ATTRIBUTES;
955 
956 		status = smb_ofile_access(sr->fid_ofile, cr, access);
957 		if (status != NT_STATUS_SUCCESS)
958 			return (EACCES);
959 
960 		if (smb_tree_has_feature(sr->tid_tree,
961 		    SMB_TREE_ACEMASKONACCESS))
962 			flags = ATTR_NOACLCHECK;
963 	}
964 
965 	unnamed_node = SMB_IS_STREAM(snode);
966 
967 	if (unnamed_node) {
968 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
969 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
970 		unnamed_vp = unnamed_node->vp;
971 	}
972 
973 	rc = smb_vop_getattr(snode->vp, unnamed_vp, attr, flags, cr);
974 
975 	if ((rc == 0) && smb_node_is_dfslink(snode)) {
976 		/* a DFS link should be treated as a directory */
977 		attr->sa_dosattr |= FILE_ATTRIBUTE_DIRECTORY;
978 	}
979 
980 	return (rc);
981 }
982 
983 /*
984  * smb_fsop_link
985  *
986  * All SMB functions should use this smb_vop_link wrapper to ensure that
987  * the smb_vop_link is performed with the appropriate credentials.
988  * Please document any direct call to smb_vop_link to explain the reason
989  * for avoiding this wrapper.
990  *
991  * It is assumed that references exist on from_dnode and to_dnode coming
992  * into this routine.
993  */
994 int
smb_fsop_link(smb_request_t * sr,cred_t * cr,smb_node_t * from_fnode,smb_node_t * to_dnode,char * to_name)995 smb_fsop_link(smb_request_t *sr, cred_t *cr, smb_node_t *from_fnode,
996     smb_node_t *to_dnode, char *to_name)
997 {
998 	char	*longname = NULL;
999 	int	flags = 0;
1000 	int	rc;
1001 
1002 	ASSERT(sr);
1003 	ASSERT(sr->tid_tree);
1004 	ASSERT(cr);
1005 	ASSERT(to_dnode);
1006 	ASSERT(to_dnode->n_magic == SMB_NODE_MAGIC);
1007 	ASSERT(to_dnode->n_state != SMB_NODE_STATE_DESTROYING);
1008 	ASSERT(from_fnode);
1009 	ASSERT(from_fnode->n_magic == SMB_NODE_MAGIC);
1010 	ASSERT(from_fnode->n_state != SMB_NODE_STATE_DESTROYING);
1011 
1012 	if (SMB_TREE_CONTAINS_NODE(sr, from_fnode) == 0)
1013 		return (EACCES);
1014 
1015 	if (SMB_TREE_CONTAINS_NODE(sr, to_dnode) == 0)
1016 		return (EACCES);
1017 
1018 	if (SMB_TREE_IS_READONLY(sr))
1019 		return (EROFS);
1020 
1021 	if (SMB_TREE_IS_CASEINSENSITIVE(sr))
1022 		flags = SMB_IGNORE_CASE;
1023 	if (SMB_TREE_SUPPORTS_CATIA(sr))
1024 		flags |= SMB_CATIA;
1025 	if (SMB_TREE_SUPPORTS_ABE(sr))
1026 		flags |= SMB_ABE;
1027 
1028 	if (SMB_TREE_SUPPORTS_SHORTNAMES(sr) && smb_maybe_mangled(to_name)) {
1029 		longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1030 		rc = smb_unmangle(to_dnode, to_name, longname,
1031 		    MAXNAMELEN, flags);
1032 		kmem_free(longname, MAXNAMELEN);
1033 
1034 		if (rc == 0)
1035 			rc = EEXIST;
1036 		if (rc != ENOENT)
1037 			return (rc);
1038 	}
1039 
1040 	rc = smb_vop_link(to_dnode->vp, from_fnode->vp, to_name, flags, cr);
1041 
1042 	if (rc == 0)
1043 		smb_node_notify_change(to_dnode, FILE_ACTION_ADDED, to_name);
1044 
1045 	return (rc);
1046 }
1047 
1048 /*
1049  * smb_fsop_rename
1050  *
1051  * All SMB functions should use this smb_vop_rename wrapper to ensure that
1052  * the smb_vop_rename is performed with the appropriate credentials.
1053  * Please document any direct call to smb_vop_rename to explain the reason
1054  * for avoiding this wrapper.
1055  *
1056  * It is assumed that references exist on from_dnode and to_dnode coming
1057  * into this routine.
1058  */
1059 int
smb_fsop_rename(smb_request_t * sr,cred_t * cr,smb_node_t * from_dnode,char * from_name,smb_node_t * to_dnode,char * to_name)1060 smb_fsop_rename(
1061     smb_request_t *sr,
1062     cred_t *cr,
1063     smb_node_t *from_dnode,
1064     char *from_name,
1065     smb_node_t *to_dnode,
1066     char *to_name)
1067 {
1068 	smb_node_t *from_snode;
1069 	smb_attr_t from_attr;
1070 	vnode_t *from_vp;
1071 	int flags = 0, ret_flags;
1072 	int rc;
1073 	boolean_t isdir;
1074 
1075 	ASSERT(cr);
1076 	ASSERT(from_dnode);
1077 	ASSERT(from_dnode->n_magic == SMB_NODE_MAGIC);
1078 	ASSERT(from_dnode->n_state != SMB_NODE_STATE_DESTROYING);
1079 
1080 	ASSERT(to_dnode);
1081 	ASSERT(to_dnode->n_magic == SMB_NODE_MAGIC);
1082 	ASSERT(to_dnode->n_state != SMB_NODE_STATE_DESTROYING);
1083 
1084 	if (SMB_TREE_CONTAINS_NODE(sr, from_dnode) == 0)
1085 		return (EACCES);
1086 
1087 	if (SMB_TREE_CONTAINS_NODE(sr, to_dnode) == 0)
1088 		return (EACCES);
1089 
1090 	ASSERT(sr);
1091 	ASSERT(sr->tid_tree);
1092 	if (SMB_TREE_IS_READONLY(sr))
1093 		return (EROFS);
1094 
1095 	/*
1096 	 * Note: There is no need to check SMB_TREE_IS_CASEINSENSITIVE
1097 	 * here.
1098 	 *
1099 	 * A case-sensitive rename is always done in this routine
1100 	 * because we are using the on-disk name from an earlier lookup.
1101 	 * If a mangled name was passed in by the caller (denoting a
1102 	 * deterministic lookup), then the exact file must be renamed
1103 	 * (i.e. SMB_IGNORE_CASE must not be passed to VOP_RENAME, or
1104 	 * else the underlying file system might return a "first-match"
1105 	 * on this on-disk name, possibly resulting in the wrong file).
1106 	 */
1107 
1108 	if (SMB_TREE_SUPPORTS_CATIA(sr))
1109 		flags |= SMB_CATIA;
1110 
1111 	/*
1112 	 * XXX: Lock required through smb_node_release() below?
1113 	 */
1114 
1115 	rc = smb_vop_lookup(from_dnode->vp, from_name, &from_vp, NULL,
1116 	    flags, &ret_flags, NULL, &from_attr, cr);
1117 
1118 	if (rc != 0)
1119 		return (rc);
1120 
1121 	if (from_attr.sa_dosattr & FILE_ATTRIBUTE_REPARSE_POINT) {
1122 		VN_RELE(from_vp);
1123 		return (EACCES);
1124 	}
1125 
1126 	isdir = ((from_attr.sa_dosattr & FILE_ATTRIBUTE_DIRECTORY) != 0);
1127 
1128 	if ((isdir && SMB_TREE_HAS_ACCESS(sr,
1129 	    ACE_DELETE_CHILD | ACE_ADD_SUBDIRECTORY) !=
1130 	    (ACE_DELETE_CHILD | ACE_ADD_SUBDIRECTORY)) ||
1131 	    (!isdir && SMB_TREE_HAS_ACCESS(sr, ACE_DELETE | ACE_ADD_FILE) !=
1132 	    (ACE_DELETE | ACE_ADD_FILE))) {
1133 		VN_RELE(from_vp);
1134 		return (EACCES);
1135 	}
1136 
1137 	/*
1138 	 * SMB checks access on open and retains an access granted
1139 	 * mask for use while the file is open.  ACL changes should
1140 	 * not affect access to an open file.
1141 	 *
1142 	 * If the rename is being performed on an ofile:
1143 	 * - Check the ofile's access granted mask to see if the
1144 	 *   rename is permitted - requires DELETE access.
1145 	 * - If the file system does access checking, set the
1146 	 *   ATTR_NOACLCHECK flag to ensure that the file system
1147 	 *   does not check permissions on subsequent calls.
1148 	 */
1149 	if (sr && sr->fid_ofile) {
1150 		rc = smb_ofile_access(sr->fid_ofile, cr, DELETE);
1151 		if (rc != NT_STATUS_SUCCESS) {
1152 			VN_RELE(from_vp);
1153 			return (EACCES);
1154 		}
1155 
1156 		if (smb_tree_has_feature(sr->tid_tree,
1157 		    SMB_TREE_ACEMASKONACCESS))
1158 			flags = ATTR_NOACLCHECK;
1159 	}
1160 
1161 	rc = smb_vop_rename(from_dnode->vp, from_name, to_dnode->vp,
1162 	    to_name, flags, cr);
1163 
1164 	if (rc == 0) {
1165 		from_snode = smb_node_lookup(sr, NULL, cr, from_vp, from_name,
1166 		    from_dnode, NULL);
1167 
1168 		if (from_snode == NULL) {
1169 			rc = ENOMEM;
1170 		} else {
1171 			smb_node_rename(from_dnode, from_snode,
1172 			    to_dnode, to_name);
1173 			smb_node_release(from_snode);
1174 		}
1175 	}
1176 	VN_RELE(from_vp);
1177 
1178 	if (rc == 0) {
1179 		if (from_dnode == to_dnode) {
1180 			smb_node_notify_change(from_dnode,
1181 			    FILE_ACTION_RENAMED_OLD_NAME, from_name);
1182 			smb_node_notify_change(to_dnode,
1183 			    FILE_ACTION_RENAMED_NEW_NAME, to_name);
1184 		} else {
1185 			smb_node_notify_change(from_dnode,
1186 			    FILE_ACTION_REMOVED, from_name);
1187 			smb_node_notify_change(to_dnode,
1188 			    FILE_ACTION_ADDED, to_name);
1189 		}
1190 	}
1191 
1192 	/* XXX: unlock */
1193 
1194 	return (rc);
1195 }
1196 
1197 /*
1198  * smb_fsop_setattr
1199  *
1200  * All SMB functions should use this wrapper to ensure that
1201  * the the calls are performed with the appropriate credentials.
1202  * Please document any direct call to explain the reason
1203  * for avoiding this wrapper.
1204  *
1205  * It is assumed that a reference exists on snode coming into
1206  * this function.
1207  * A null smb_request might be passed to this function.
1208  */
1209 int
smb_fsop_setattr(smb_request_t * sr,cred_t * cr,smb_node_t * snode,smb_attr_t * set_attr)1210 smb_fsop_setattr(
1211     smb_request_t	*sr,
1212     cred_t		*cr,
1213     smb_node_t		*snode,
1214     smb_attr_t		*set_attr)
1215 {
1216 	smb_node_t *unnamed_node;
1217 	vnode_t *unnamed_vp = NULL;
1218 	uint32_t status;
1219 	uint32_t access;
1220 	int rc = 0;
1221 	int flags = 0;
1222 	uint_t sa_mask;
1223 
1224 	ASSERT(cr);
1225 	ASSERT(snode);
1226 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1227 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1228 
1229 	if (SMB_TREE_CONTAINS_NODE(sr, snode) == 0)
1230 		return (EACCES);
1231 
1232 	if (SMB_TREE_IS_READONLY(sr))
1233 		return (EROFS);
1234 
1235 	if (SMB_TREE_HAS_ACCESS(sr,
1236 	    ACE_WRITE_ATTRIBUTES | ACE_WRITE_NAMED_ATTRS) == 0)
1237 		return (EACCES);
1238 
1239 	/*
1240 	 * The file system cannot detect pending READDONLY
1241 	 * (i.e. if the file has been opened readonly but
1242 	 * not yet closed) so we need to test READONLY here.
1243 	 *
1244 	 * Note that file handle that were opened before the
1245 	 * READONLY flag was set in the node (or the FS) are
1246 	 * immune to that change, and remain writable.
1247 	 */
1248 	if (sr && (set_attr->sa_mask & SMB_AT_SIZE)) {
1249 		if (sr->fid_ofile) {
1250 			if (SMB_OFILE_IS_READONLY(sr->fid_ofile))
1251 				return (EACCES);
1252 		} else {
1253 			if (SMB_PATHFILE_IS_READONLY(sr, snode))
1254 				return (EACCES);
1255 		}
1256 	}
1257 
1258 	/*
1259 	 * SMB checks access on open and retains an access granted
1260 	 * mask for use while the file is open.  ACL changes should
1261 	 * not affect access to an open file.
1262 	 *
1263 	 * If the setattr is being performed on an ofile:
1264 	 * - Check the ofile's access granted mask to see if the
1265 	 *   setattr is permitted.
1266 	 *   UID, GID - require WRITE_OWNER
1267 	 *   SIZE, ALLOCSZ - require FILE_WRITE_DATA
1268 	 *   all other attributes require FILE_WRITE_ATTRIBUTES
1269 	 *
1270 	 * - If the file system does access checking, set the
1271 	 *   ATTR_NOACLCHECK flag to ensure that the file system
1272 	 *   does not check permissions on subsequent calls.
1273 	 */
1274 	if (sr && sr->fid_ofile) {
1275 		sa_mask = set_attr->sa_mask;
1276 		access = 0;
1277 
1278 		if (sa_mask & (SMB_AT_SIZE | SMB_AT_ALLOCSZ)) {
1279 			access |= FILE_WRITE_DATA;
1280 			sa_mask &= ~(SMB_AT_SIZE | SMB_AT_ALLOCSZ);
1281 		}
1282 
1283 		if (sa_mask & (SMB_AT_UID|SMB_AT_GID)) {
1284 			access |= WRITE_OWNER;
1285 			sa_mask &= ~(SMB_AT_UID|SMB_AT_GID);
1286 		}
1287 
1288 		if (sa_mask)
1289 			access |= FILE_WRITE_ATTRIBUTES;
1290 
1291 		status = smb_ofile_access(sr->fid_ofile, cr, access);
1292 		if (status != NT_STATUS_SUCCESS)
1293 			return (EACCES);
1294 
1295 		if (smb_tree_has_feature(sr->tid_tree,
1296 		    SMB_TREE_ACEMASKONACCESS))
1297 			flags = ATTR_NOACLCHECK;
1298 	}
1299 
1300 	unnamed_node = SMB_IS_STREAM(snode);
1301 
1302 	if (unnamed_node) {
1303 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
1304 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
1305 		unnamed_vp = unnamed_node->vp;
1306 	}
1307 
1308 	rc = smb_vop_setattr(snode->vp, unnamed_vp, set_attr, flags, cr);
1309 	return (rc);
1310 }
1311 
1312 /*
1313  * smb_fsop_read
1314  *
1315  * All SMB functions should use this wrapper to ensure that
1316  * the the calls are performed with the appropriate credentials.
1317  * Please document any direct call to explain the reason
1318  * for avoiding this wrapper.
1319  *
1320  * It is assumed that a reference exists on snode coming into this routine.
1321  */
1322 int
smb_fsop_read(smb_request_t * sr,cred_t * cr,smb_node_t * snode,uio_t * uio)1323 smb_fsop_read(smb_request_t *sr, cred_t *cr, smb_node_t *snode, uio_t *uio)
1324 {
1325 	caller_context_t ct;
1326 	cred_t *kcr = zone_kcred();
1327 	int svmand;
1328 	int rc;
1329 
1330 	ASSERT(cr);
1331 	ASSERT(snode);
1332 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1333 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1334 
1335 	ASSERT(sr);
1336 	ASSERT(sr->fid_ofile);
1337 
1338 	if (SMB_TREE_HAS_ACCESS(sr, ACE_READ_DATA) == 0)
1339 		return (EACCES);
1340 
1341 	rc = smb_ofile_access(sr->fid_ofile, cr, FILE_READ_DATA);
1342 	if ((rc != NT_STATUS_SUCCESS) &&
1343 	    (sr->smb_flg2 & SMB_FLAGS2_READ_IF_EXECUTE))
1344 		rc = smb_ofile_access(sr->fid_ofile, cr, FILE_EXECUTE);
1345 
1346 	if (rc != NT_STATUS_SUCCESS)
1347 		return (EACCES);
1348 
1349 	/*
1350 	 * Streams permission are checked against the unnamed stream,
1351 	 * but in FS level they have their own permissions. To avoid
1352 	 * rejection by FS due to lack of permission on the actual
1353 	 * extended attr kcred is passed for streams.
1354 	 */
1355 	if (SMB_IS_STREAM(snode))
1356 		cr = kcr;
1357 
1358 	smb_node_start_crit(snode, RW_READER);
1359 	rc = nbl_svmand(snode->vp, kcr, &svmand);
1360 	if (rc) {
1361 		smb_node_end_crit(snode);
1362 		return (rc);
1363 	}
1364 
1365 	ct = smb_ct;
1366 	ct.cc_pid = sr->fid_ofile->f_uniqid;
1367 	rc = nbl_lock_conflict(snode->vp, NBL_READ, uio->uio_loffset,
1368 	    uio->uio_iov->iov_len, svmand, &ct);
1369 
1370 	if (rc) {
1371 		smb_node_end_crit(snode);
1372 		return (ERANGE);
1373 	}
1374 
1375 	rc = smb_vop_read(snode->vp, uio, cr);
1376 	smb_node_end_crit(snode);
1377 
1378 	return (rc);
1379 }
1380 
1381 /*
1382  * smb_fsop_write
1383  *
1384  * This is a wrapper function used for smb_write and smb_write_raw operations.
1385  *
1386  * It is assumed that a reference exists on snode coming into this routine.
1387  */
1388 int
smb_fsop_write(smb_request_t * sr,cred_t * cr,smb_node_t * snode,uio_t * uio,uint32_t * lcount,int ioflag)1389 smb_fsop_write(
1390     smb_request_t *sr,
1391     cred_t *cr,
1392     smb_node_t *snode,
1393     uio_t *uio,
1394     uint32_t *lcount,
1395     int ioflag)
1396 {
1397 	caller_context_t ct;
1398 	smb_attr_t attr;
1399 	smb_node_t *u_node;
1400 	vnode_t *u_vp = NULL;
1401 	smb_ofile_t *of;
1402 	vnode_t *vp;
1403 	cred_t *kcr = zone_kcred();
1404 	int svmand;
1405 	int rc;
1406 
1407 	ASSERT(cr);
1408 	ASSERT(snode);
1409 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1410 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1411 
1412 	ASSERT(sr);
1413 	ASSERT(sr->tid_tree);
1414 	of = sr->fid_ofile;
1415 	vp = snode->vp;
1416 
1417 	if (SMB_TREE_IS_READONLY(sr))
1418 		return (EROFS);
1419 
1420 	if (SMB_OFILE_IS_READONLY(of) ||
1421 	    SMB_TREE_HAS_ACCESS(sr, ACE_WRITE_DATA | ACE_APPEND_DATA) == 0)
1422 		return (EACCES);
1423 
1424 	rc = smb_ofile_access(of, cr, FILE_WRITE_DATA);
1425 	if (rc != NT_STATUS_SUCCESS) {
1426 		rc = smb_ofile_access(of, cr, FILE_APPEND_DATA);
1427 		if (rc != NT_STATUS_SUCCESS)
1428 			return (EACCES);
1429 	}
1430 
1431 	/*
1432 	 * Streams permission are checked against the unnamed stream,
1433 	 * but in FS level they have their own permissions. To avoid
1434 	 * rejection by FS due to lack of permission on the actual
1435 	 * extended attr kcred is passed for streams.
1436 	 */
1437 	u_node = SMB_IS_STREAM(snode);
1438 	if (u_node != NULL) {
1439 		ASSERT(u_node->n_magic == SMB_NODE_MAGIC);
1440 		ASSERT(u_node->n_state != SMB_NODE_STATE_DESTROYING);
1441 		u_vp = u_node->vp;
1442 		cr = kcr;
1443 	}
1444 
1445 	smb_node_start_crit(snode, RW_WRITER);
1446 	rc = nbl_svmand(vp, kcr, &svmand);
1447 	if (rc) {
1448 		smb_node_end_crit(snode);
1449 		return (rc);
1450 	}
1451 
1452 	ct = smb_ct;
1453 	ct.cc_pid = of->f_uniqid;
1454 	rc = nbl_lock_conflict(vp, NBL_WRITE, uio->uio_loffset,
1455 	    uio->uio_iov->iov_len, svmand, &ct);
1456 
1457 	if (rc) {
1458 		smb_node_end_crit(snode);
1459 		return (ERANGE);
1460 	}
1461 
1462 	rc = smb_vop_write(vp, uio, ioflag, lcount, cr);
1463 
1464 	/*
1465 	 * Once the mtime has been set via this ofile, the
1466 	 * automatic mtime changes from writes via this ofile
1467 	 * should cease, preserving the mtime that was set.
1468 	 * See: [MS-FSA] 2.1.5.14 and smb_node_setattr.
1469 	 *
1470 	 * The VFS interface does not offer a way to ask it to
1471 	 * skip the mtime updates, so we simulate the desired
1472 	 * behavior by re-setting the mtime after writes on a
1473 	 * handle where the mtime has been set.
1474 	 */
1475 	if (of->f_pending_attr.sa_mask & SMB_AT_MTIME) {
1476 		bcopy(&of->f_pending_attr, &attr, sizeof (attr));
1477 		attr.sa_mask = SMB_AT_MTIME;
1478 		(void) smb_vop_setattr(vp, u_vp, &attr, 0, kcr);
1479 	}
1480 
1481 	smb_node_end_crit(snode);
1482 
1483 	return (rc);
1484 }
1485 
1486 /*
1487  * smb_fsop_statfs
1488  *
1489  * This is a wrapper function used for stat operations.
1490  */
1491 int
smb_fsop_statfs(cred_t * cr,smb_node_t * snode,struct statvfs64 * statp)1492 smb_fsop_statfs(
1493     cred_t *cr,
1494     smb_node_t *snode,
1495     struct statvfs64 *statp)
1496 {
1497 	ASSERT(cr);
1498 	ASSERT(snode);
1499 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1500 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1501 
1502 	return (smb_vop_statfs(snode->vp, statp, cr));
1503 }
1504 
1505 /*
1506  * smb_fsop_access
1507  *
1508  * Named streams do not have separate permissions from the associated
1509  * unnamed stream.  Thus, if node is a named stream, the permissions
1510  * check will be performed on the associated unnamed stream.
1511  *
1512  * However, our named streams do have their own quarantine attribute,
1513  * separate from that on the unnamed stream. If READ or EXECUTE
1514  * access has been requested on a named stream, an additional access
1515  * check is performed on the named stream in case it has been
1516  * quarantined.  kcred is used to avoid issues with the permissions
1517  * set on the extended attribute file representing the named stream.
1518  */
1519 int
smb_fsop_access(smb_request_t * sr,cred_t * cr,smb_node_t * snode,uint32_t faccess)1520 smb_fsop_access(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
1521     uint32_t faccess)
1522 {
1523 	int access = 0;
1524 	int error;
1525 	vnode_t *dir_vp;
1526 	boolean_t acl_check = B_TRUE;
1527 	smb_node_t *unnamed_node;
1528 
1529 	ASSERT(sr);
1530 	ASSERT(cr);
1531 	ASSERT(snode);
1532 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1533 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1534 
1535 	/* Requests for no access should be denied. */
1536 	if (faccess == 0)
1537 		return (NT_STATUS_ACCESS_DENIED);
1538 
1539 	if (SMB_TREE_IS_READONLY(sr)) {
1540 		if (faccess & (FILE_WRITE_DATA|FILE_APPEND_DATA|
1541 		    FILE_WRITE_EA|FILE_DELETE_CHILD|FILE_WRITE_ATTRIBUTES|
1542 		    DELETE|WRITE_DAC|WRITE_OWNER)) {
1543 			return (NT_STATUS_ACCESS_DENIED);
1544 		}
1545 	}
1546 
1547 	if (smb_node_is_reparse(snode) && (faccess & DELETE))
1548 		return (NT_STATUS_ACCESS_DENIED);
1549 
1550 	unnamed_node = SMB_IS_STREAM(snode);
1551 	if (unnamed_node) {
1552 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
1553 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
1554 
1555 		/*
1556 		 * Perform VREAD access check on the named stream in case it
1557 		 * is quarantined. kcred is passed to smb_vop_access so it
1558 		 * doesn't fail due to lack of permission.
1559 		 */
1560 		if (faccess & (FILE_READ_DATA | FILE_EXECUTE)) {
1561 			error = smb_vop_access(snode->vp, VREAD,
1562 			    0, NULL, zone_kcred());
1563 			if (error)
1564 				return (NT_STATUS_ACCESS_DENIED);
1565 		}
1566 
1567 		/*
1568 		 * Streams authorization should be performed against the
1569 		 * unnamed stream.
1570 		 */
1571 		snode = unnamed_node;
1572 	}
1573 
1574 	if (faccess & ACCESS_SYSTEM_SECURITY) {
1575 		/*
1576 		 * This permission is required for reading/writing SACL and
1577 		 * it's not part of DACL. It's only granted via proper
1578 		 * privileges.
1579 		 */
1580 		if ((sr->uid_user->u_privileges &
1581 		    (SMB_USER_PRIV_BACKUP |
1582 		    SMB_USER_PRIV_RESTORE |
1583 		    SMB_USER_PRIV_SECURITY)) == 0)
1584 			return (NT_STATUS_PRIVILEGE_NOT_HELD);
1585 
1586 		faccess &= ~ACCESS_SYSTEM_SECURITY;
1587 	}
1588 
1589 	/* Links don't have ACL */
1590 	if ((!smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) ||
1591 	    smb_node_is_symlink(snode))
1592 		acl_check = B_FALSE;
1593 
1594 	/* Deny access based on the share access mask */
1595 
1596 	if ((faccess & ~sr->tid_tree->t_access) != 0)
1597 		return (NT_STATUS_ACCESS_DENIED);
1598 
1599 	if (acl_check) {
1600 		dir_vp = (snode->n_dnode) ? snode->n_dnode->vp : NULL;
1601 		error = smb_vop_access(snode->vp, faccess, V_ACE_MASK, dir_vp,
1602 		    cr);
1603 	} else {
1604 		/*
1605 		 * FS doesn't understand 32-bit mask, need to map
1606 		 */
1607 		if (faccess & (FILE_WRITE_DATA | FILE_APPEND_DATA))
1608 			access |= VWRITE;
1609 
1610 		if (faccess & FILE_READ_DATA)
1611 			access |= VREAD;
1612 
1613 		if (faccess & FILE_EXECUTE)
1614 			access |= VEXEC;
1615 
1616 		error = smb_vop_access(snode->vp, access, 0, NULL, cr);
1617 	}
1618 
1619 	return ((error) ? NT_STATUS_ACCESS_DENIED : NT_STATUS_SUCCESS);
1620 }
1621 
1622 /*
1623  * smb_fsop_lookup_name()
1624  *
1625  * If name indicates that the file is a stream file, perform
1626  * stream specific lookup, otherwise call smb_fsop_lookup.
1627  *
1628  * Return an error if the looked-up file is in outside the tree.
1629  * (Required when invoked from open path.)
1630  *
1631  * Case sensitivity flags (SMB_IGNORE_CASE, SMB_CASE_SENSITIVE):
1632  * if SMB_CASE_SENSITIVE is set, the SMB_IGNORE_CASE flag will NOT be set
1633  * based on the tree's case sensitivity. However, if the SMB_IGNORE_CASE
1634  * flag is set in the flags value passed as a parameter, a case insensitive
1635  * lookup WILL be done (regardless of whether SMB_CASE_SENSITIVE is set
1636  * or not).
1637  */
1638 
1639 int
smb_fsop_lookup_name(smb_request_t * sr,cred_t * cr,int flags,smb_node_t * root_node,smb_node_t * dnode,char * name,smb_node_t ** ret_snode)1640 smb_fsop_lookup_name(
1641     smb_request_t *sr,
1642     cred_t	*cr,
1643     int		flags,
1644     smb_node_t	*root_node,
1645     smb_node_t	*dnode,
1646     char	*name,
1647     smb_node_t	**ret_snode)
1648 {
1649 	smb_node_t	*fnode;
1650 	vnode_t		*xattrdirvp;
1651 	vnode_t		*vp;
1652 	char		*od_name;
1653 	char		*fname;
1654 	char		*sname;
1655 	int		rc;
1656 
1657 	ASSERT(cr);
1658 	ASSERT(dnode);
1659 	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
1660 	ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING);
1661 
1662 	/*
1663 	 * The following check is required for streams processing, below
1664 	 */
1665 
1666 	if (!(flags & SMB_CASE_SENSITIVE)) {
1667 		if (SMB_TREE_IS_CASEINSENSITIVE(sr))
1668 			flags |= SMB_IGNORE_CASE;
1669 	}
1670 
1671 	fname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1672 	sname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1673 
1674 	if (smb_is_stream_name(name)) {
1675 		smb_stream_parse_name(name, fname, sname);
1676 
1677 		/*
1678 		 * Look up the unnamed stream (i.e. fname).
1679 		 * Unmangle processing will be done on fname
1680 		 * as well as any link target.
1681 		 */
1682 		rc = smb_fsop_lookup(sr, cr, flags, root_node, dnode,
1683 		    fname, &fnode);
1684 
1685 		if (rc != 0) {
1686 			kmem_free(fname, MAXNAMELEN);
1687 			kmem_free(sname, MAXNAMELEN);
1688 			return (rc);
1689 		}
1690 
1691 		od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1692 
1693 		/*
1694 		 * od_name is the on-disk name of the stream, except
1695 		 * without the prepended stream prefix (SMB_STREAM_PREFIX)
1696 		 */
1697 
1698 		/*
1699 		 * XXX
1700 		 * What permissions NTFS requires for stream lookup if any?
1701 		 */
1702 		rc = smb_vop_stream_lookup(fnode->vp, sname, &vp, od_name,
1703 		    &xattrdirvp, flags, root_node->vp, cr);
1704 
1705 		if (rc != 0) {
1706 			smb_node_release(fnode);
1707 			kmem_free(fname, MAXNAMELEN);
1708 			kmem_free(sname, MAXNAMELEN);
1709 			kmem_free(od_name, MAXNAMELEN);
1710 			return (rc);
1711 		}
1712 
1713 		*ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp,
1714 		    vp, od_name);
1715 
1716 		kmem_free(od_name, MAXNAMELEN);
1717 		smb_node_release(fnode);
1718 		VN_RELE(xattrdirvp);
1719 		VN_RELE(vp);
1720 
1721 		if (*ret_snode == NULL) {
1722 			kmem_free(fname, MAXNAMELEN);
1723 			kmem_free(sname, MAXNAMELEN);
1724 			return (ENOMEM);
1725 		}
1726 	} else {
1727 		rc = smb_fsop_lookup(sr, cr, flags, root_node, dnode, name,
1728 		    ret_snode);
1729 	}
1730 
1731 	if (rc == 0) {
1732 		ASSERT(ret_snode);
1733 		if (SMB_TREE_CONTAINS_NODE(sr, *ret_snode) == 0) {
1734 			smb_node_release(*ret_snode);
1735 			*ret_snode = NULL;
1736 			rc = EACCES;
1737 		}
1738 	}
1739 
1740 	kmem_free(fname, MAXNAMELEN);
1741 	kmem_free(sname, MAXNAMELEN);
1742 
1743 	return (rc);
1744 }
1745 
1746 /*
1747  * smb_fsop_lookup
1748  *
1749  * All SMB functions should use this smb_vop_lookup wrapper to ensure that
1750  * the smb_vop_lookup is performed with the appropriate credentials and using
1751  * case insensitive compares. Please document any direct call to smb_vop_lookup
1752  * to explain the reason for avoiding this wrapper.
1753  *
1754  * It is assumed that a reference exists on dnode coming into this routine
1755  * (and that it is safe from deallocation).
1756  *
1757  * Same with the root_node.
1758  *
1759  * *ret_snode is returned with a reference upon success.  No reference is
1760  * taken if an error is returned.
1761  *
1762  * Note: The returned ret_snode may be in a child mount.  This is ok for
1763  * readdir.
1764  *
1765  * Other smb_fsop_* routines will call SMB_TREE_CONTAINS_NODE() to prevent
1766  * operations on files not in the parent mount.
1767  *
1768  * Case sensitivity flags (SMB_IGNORE_CASE, SMB_CASE_SENSITIVE):
1769  * if SMB_CASE_SENSITIVE is set, the SMB_IGNORE_CASE flag will NOT be set
1770  * based on the tree's case sensitivity. However, if the SMB_IGNORE_CASE
1771  * flag is set in the flags value passed as a parameter, a case insensitive
1772  * lookup WILL be done (regardless of whether SMB_CASE_SENSITIVE is set
1773  * or not).
1774  */
1775 int
smb_fsop_lookup(smb_request_t * sr,cred_t * cr,int flags,smb_node_t * root_node,smb_node_t * dnode,char * name,smb_node_t ** ret_snode)1776 smb_fsop_lookup(
1777     smb_request_t *sr,
1778     cred_t	*cr,
1779     int		flags,
1780     smb_node_t	*root_node,
1781     smb_node_t	*dnode,
1782     char	*name,
1783     smb_node_t	**ret_snode)
1784 {
1785 	smb_node_t *lnk_target_node;
1786 	smb_node_t *lnk_dnode;
1787 	char *longname;
1788 	char *od_name;
1789 	vnode_t *vp;
1790 	int rc;
1791 	int ret_flags;
1792 	smb_attr_t attr;
1793 
1794 	ASSERT(cr);
1795 	ASSERT(dnode);
1796 	ASSERT(dnode->n_magic == SMB_NODE_MAGIC);
1797 	ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING);
1798 
1799 	if (name == NULL)
1800 		return (EINVAL);
1801 
1802 	if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0)
1803 		return (EACCES);
1804 
1805 	if (!(flags & SMB_CASE_SENSITIVE)) {
1806 		if (SMB_TREE_IS_CASEINSENSITIVE(sr))
1807 			flags |= SMB_IGNORE_CASE;
1808 	}
1809 	if (SMB_TREE_SUPPORTS_CATIA(sr))
1810 		flags |= SMB_CATIA;
1811 	if (SMB_TREE_SUPPORTS_ABE(sr))
1812 		flags |= SMB_ABE;
1813 
1814 	od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1815 
1816 	rc = smb_vop_lookup(dnode->vp, name, &vp, od_name, flags,
1817 	    &ret_flags, root_node ? root_node->vp : NULL, &attr, cr);
1818 
1819 	if (rc != 0) {
1820 		if (!SMB_TREE_SUPPORTS_SHORTNAMES(sr) ||
1821 		    !smb_maybe_mangled(name)) {
1822 			kmem_free(od_name, MAXNAMELEN);
1823 			return (rc);
1824 		}
1825 
1826 		longname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1827 		rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags);
1828 		if (rc != 0) {
1829 			kmem_free(od_name, MAXNAMELEN);
1830 			kmem_free(longname, MAXNAMELEN);
1831 			return (rc);
1832 		}
1833 
1834 		/*
1835 		 * longname is the real (case-sensitive)
1836 		 * on-disk name.
1837 		 * We make sure we do a lookup on this exact
1838 		 * name, as the name was mangled and denotes
1839 		 * a unique file.
1840 		 */
1841 
1842 		if (flags & SMB_IGNORE_CASE)
1843 			flags &= ~SMB_IGNORE_CASE;
1844 
1845 		rc = smb_vop_lookup(dnode->vp, longname, &vp, od_name,
1846 		    flags, &ret_flags, root_node ? root_node->vp : NULL, &attr,
1847 		    cr);
1848 
1849 		kmem_free(longname, MAXNAMELEN);
1850 
1851 		if (rc != 0) {
1852 			kmem_free(od_name, MAXNAMELEN);
1853 			return (rc);
1854 		}
1855 	}
1856 
1857 	if ((flags & SMB_FOLLOW_LINKS) && (vp->v_type == VLNK) &&
1858 	    ((attr.sa_dosattr & FILE_ATTRIBUTE_REPARSE_POINT) == 0)) {
1859 		rc = smb_pathname(sr, od_name, FOLLOW, root_node, dnode,
1860 		    &lnk_dnode, &lnk_target_node, cr);
1861 
1862 		if (rc != 0) {
1863 			/*
1864 			 * The link is assumed to be for the last component
1865 			 * of a path.  Hence any ENOTDIR error will be returned
1866 			 * as ENOENT.
1867 			 */
1868 			if (rc == ENOTDIR)
1869 				rc = ENOENT;
1870 
1871 			VN_RELE(vp);
1872 			kmem_free(od_name, MAXNAMELEN);
1873 			return (rc);
1874 		}
1875 
1876 		/*
1877 		 * Release the original VLNK vnode
1878 		 */
1879 
1880 		VN_RELE(vp);
1881 		vp = lnk_target_node->vp;
1882 
1883 		rc = smb_vop_traverse_check(&vp);
1884 
1885 		if (rc != 0) {
1886 			smb_node_release(lnk_dnode);
1887 			smb_node_release(lnk_target_node);
1888 			kmem_free(od_name, MAXNAMELEN);
1889 			return (rc);
1890 		}
1891 
1892 		/*
1893 		 * smb_vop_traverse_check() may have returned a different vnode
1894 		 */
1895 
1896 		if (lnk_target_node->vp == vp) {
1897 			*ret_snode = lnk_target_node;
1898 		} else {
1899 			*ret_snode = smb_node_lookup(sr, NULL, cr, vp,
1900 			    lnk_target_node->od_name, lnk_dnode, NULL);
1901 			VN_RELE(vp);
1902 
1903 			if (*ret_snode == NULL)
1904 				rc = ENOMEM;
1905 			smb_node_release(lnk_target_node);
1906 		}
1907 
1908 		smb_node_release(lnk_dnode);
1909 
1910 	} else {
1911 
1912 		rc = smb_vop_traverse_check(&vp);
1913 		if (rc) {
1914 			VN_RELE(vp);
1915 			kmem_free(od_name, MAXNAMELEN);
1916 			return (rc);
1917 		}
1918 
1919 		*ret_snode = smb_node_lookup(sr, NULL, cr, vp, od_name,
1920 		    dnode, NULL);
1921 		VN_RELE(vp);
1922 
1923 		if (*ret_snode == NULL)
1924 			rc = ENOMEM;
1925 	}
1926 
1927 	kmem_free(od_name, MAXNAMELEN);
1928 	return (rc);
1929 }
1930 
1931 int /*ARGSUSED*/
smb_fsop_commit(smb_request_t * sr,cred_t * cr,smb_node_t * snode)1932 smb_fsop_commit(smb_request_t *sr, cred_t *cr, smb_node_t *snode)
1933 {
1934 	ASSERT(cr);
1935 	ASSERT(snode);
1936 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
1937 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
1938 
1939 	ASSERT(sr);
1940 	ASSERT(sr->tid_tree);
1941 	if (SMB_TREE_IS_READONLY(sr))
1942 		return (EROFS);
1943 
1944 	return (smb_vop_commit(snode->vp, cr));
1945 }
1946 
1947 /*
1948  * smb_fsop_aclread
1949  *
1950  * Retrieve filesystem ACL. Depends on requested ACLs in
1951  * fs_sd->sd_secinfo, it'll set DACL and SACL pointers in
1952  * fs_sd. Note that requesting a DACL/SACL doesn't mean that
1953  * the corresponding field in fs_sd should be non-NULL upon
1954  * return, since the target ACL might not contain that type of
1955  * entries.
1956  *
1957  * Returned ACL is always in ACE_T (aka ZFS) format.
1958  * If successful the allocated memory for the ACL should be freed
1959  * using smb_fsacl_free() or smb_fssd_term()
1960  */
1961 int
smb_fsop_aclread(smb_request_t * sr,cred_t * cr,smb_node_t * snode,smb_fssd_t * fs_sd)1962 smb_fsop_aclread(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
1963     smb_fssd_t *fs_sd)
1964 {
1965 	int error = 0;
1966 	int flags = 0;
1967 	int access = 0;
1968 	acl_t *acl;
1969 	smb_node_t *unnamed_node;
1970 
1971 	ASSERT(cr);
1972 
1973 	if (SMB_TREE_HAS_ACCESS(sr, ACE_READ_ACL) == 0)
1974 		return (EACCES);
1975 
1976 	if (sr->fid_ofile) {
1977 		if (fs_sd->sd_secinfo & SMB_DACL_SECINFO)
1978 			access = READ_CONTROL;
1979 
1980 		if (fs_sd->sd_secinfo & SMB_SACL_SECINFO)
1981 			access |= ACCESS_SYSTEM_SECURITY;
1982 
1983 		error = smb_ofile_access(sr->fid_ofile, cr, access);
1984 		if (error != NT_STATUS_SUCCESS) {
1985 			return (EACCES);
1986 		}
1987 	}
1988 
1989 	unnamed_node = SMB_IS_STREAM(snode);
1990 	if (unnamed_node) {
1991 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
1992 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
1993 		/*
1994 		 * Streams don't have ACL, any read ACL attempt on a stream
1995 		 * should be performed on the unnamed stream.
1996 		 */
1997 		snode = unnamed_node;
1998 	}
1999 
2000 	if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS))
2001 		flags = ATTR_NOACLCHECK;
2002 
2003 	error = smb_vop_acl_read(snode->vp, &acl, flags,
2004 	    sr->tid_tree->t_acltype, cr);
2005 	if (error != 0) {
2006 		return (error);
2007 	}
2008 
2009 	error = acl_translate(acl, _ACL_ACE_ENABLED,
2010 	    smb_node_is_dir(snode), fs_sd->sd_uid, fs_sd->sd_gid);
2011 
2012 	if (error == 0) {
2013 		smb_fsacl_split(acl, &fs_sd->sd_zdacl, &fs_sd->sd_zsacl,
2014 		    fs_sd->sd_secinfo);
2015 	}
2016 
2017 	acl_free(acl);
2018 	return (error);
2019 }
2020 
2021 /*
2022  * smb_fsop_aclwrite
2023  *
2024  * Stores the filesystem ACL provided in fs_sd->sd_acl.
2025  */
2026 int
smb_fsop_aclwrite(smb_request_t * sr,cred_t * cr,smb_node_t * snode,smb_fssd_t * fs_sd)2027 smb_fsop_aclwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2028     smb_fssd_t *fs_sd)
2029 {
2030 	int target_flavor;
2031 	int error = 0;
2032 	int flags = 0;
2033 	int access = 0;
2034 	acl_t *acl, *dacl, *sacl;
2035 	smb_node_t *unnamed_node;
2036 
2037 	ASSERT(cr);
2038 
2039 	ASSERT(sr);
2040 	ASSERT(sr->tid_tree);
2041 	if (SMB_TREE_IS_READONLY(sr))
2042 		return (EROFS);
2043 
2044 	if (SMB_TREE_HAS_ACCESS(sr, ACE_WRITE_ACL) == 0)
2045 		return (EACCES);
2046 
2047 	if (sr->fid_ofile) {
2048 		if (fs_sd->sd_secinfo & SMB_DACL_SECINFO)
2049 			access = WRITE_DAC;
2050 
2051 		if (fs_sd->sd_secinfo & SMB_SACL_SECINFO)
2052 			access |= ACCESS_SYSTEM_SECURITY;
2053 
2054 		error = smb_ofile_access(sr->fid_ofile, cr, access);
2055 		if (error != NT_STATUS_SUCCESS)
2056 			return (EACCES);
2057 	}
2058 
2059 	switch (sr->tid_tree->t_acltype) {
2060 	case ACLENT_T:
2061 		target_flavor = _ACL_ACLENT_ENABLED;
2062 		break;
2063 
2064 	case ACE_T:
2065 		target_flavor = _ACL_ACE_ENABLED;
2066 		break;
2067 	default:
2068 		return (EINVAL);
2069 	}
2070 
2071 	unnamed_node = SMB_IS_STREAM(snode);
2072 	if (unnamed_node) {
2073 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
2074 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
2075 		/*
2076 		 * Streams don't have ACL, any write ACL attempt on a stream
2077 		 * should be performed on the unnamed stream.
2078 		 */
2079 		snode = unnamed_node;
2080 	}
2081 
2082 	dacl = fs_sd->sd_zdacl;
2083 	sacl = fs_sd->sd_zsacl;
2084 
2085 	ASSERT(dacl || sacl);
2086 	if ((dacl == NULL) && (sacl == NULL))
2087 		return (EINVAL);
2088 
2089 	if (dacl && sacl)
2090 		acl = smb_fsacl_merge(dacl, sacl);
2091 	else if (dacl)
2092 		acl = dacl;
2093 	else
2094 		acl = sacl;
2095 
2096 	error = acl_translate(acl, target_flavor, smb_node_is_dir(snode),
2097 	    fs_sd->sd_uid, fs_sd->sd_gid);
2098 	if (error == 0) {
2099 		if (smb_tree_has_feature(sr->tid_tree,
2100 		    SMB_TREE_ACEMASKONACCESS))
2101 			flags = ATTR_NOACLCHECK;
2102 
2103 		error = smb_vop_acl_write(snode->vp, acl, flags, cr);
2104 	}
2105 
2106 	if (dacl && sacl)
2107 		acl_free(acl);
2108 
2109 	return (error);
2110 }
2111 
2112 acl_type_t
smb_fsop_acltype(smb_node_t * snode)2113 smb_fsop_acltype(smb_node_t *snode)
2114 {
2115 	return (smb_vop_acl_type(snode->vp));
2116 }
2117 
2118 /*
2119  * smb_fsop_sdread
2120  *
2121  * Read the requested security descriptor items from filesystem.
2122  * The items are specified in fs_sd->sd_secinfo.
2123  */
2124 int
smb_fsop_sdread(smb_request_t * sr,cred_t * cr,smb_node_t * snode,smb_fssd_t * fs_sd)2125 smb_fsop_sdread(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2126     smb_fssd_t *fs_sd)
2127 {
2128 	int error = 0;
2129 	int getowner = 0;
2130 	cred_t *ga_cred;
2131 	smb_attr_t attr;
2132 
2133 	ASSERT(cr);
2134 	ASSERT(fs_sd);
2135 
2136 	/*
2137 	 * File's uid/gid is fetched in two cases:
2138 	 *
2139 	 * 1. it's explicitly requested
2140 	 *
2141 	 * 2. target ACL is ACE_T (ZFS ACL). They're needed for
2142 	 *    owner@/group@ entries. In this case kcred should be used
2143 	 *    because uid/gid are fetched on behalf of smb server.
2144 	 */
2145 	if (fs_sd->sd_secinfo & (SMB_OWNER_SECINFO | SMB_GROUP_SECINFO)) {
2146 		getowner = 1;
2147 		ga_cred = cr;
2148 	} else if (sr->tid_tree->t_acltype == ACE_T) {
2149 		getowner = 1;
2150 		ga_cred = zone_kcred();
2151 	}
2152 
2153 	if (getowner) {
2154 		/*
2155 		 * Windows require READ_CONTROL to read owner/group SID since
2156 		 * they're part of Security Descriptor.
2157 		 * ZFS only requires read_attribute. Need to have a explicit
2158 		 * access check here.
2159 		 */
2160 		if (sr->fid_ofile == NULL) {
2161 			error = smb_fsop_access(sr, ga_cred, snode,
2162 			    READ_CONTROL);
2163 			if (error)
2164 				return (EACCES);
2165 		}
2166 
2167 		attr.sa_mask = SMB_AT_UID | SMB_AT_GID;
2168 		error = smb_fsop_getattr(sr, ga_cred, snode, &attr);
2169 		if (error == 0) {
2170 			fs_sd->sd_uid = attr.sa_vattr.va_uid;
2171 			fs_sd->sd_gid = attr.sa_vattr.va_gid;
2172 		} else {
2173 			return (error);
2174 		}
2175 	}
2176 
2177 	if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) {
2178 		error = smb_fsop_aclread(sr, cr, snode, fs_sd);
2179 	}
2180 
2181 	return (error);
2182 }
2183 
2184 /*
2185  * smb_fsop_sdmerge
2186  *
2187  * From SMB point of view DACL and SACL are two separate list
2188  * which can be manipulated independently without one affecting
2189  * the other, but entries for both DACL and SACL will end up
2190  * in the same ACL if target filesystem supports ACE_T ACLs.
2191  *
2192  * So, if either DACL or SACL is present in the client set request
2193  * the entries corresponding to the non-present ACL shouldn't
2194  * be touched in the FS ACL.
2195  *
2196  * fs_sd parameter contains DACL and SACL specified by SMB
2197  * client to be set on a file/directory. The client could
2198  * specify both or one of these ACLs (if none is specified
2199  * we don't get this far). When both DACL and SACL are given
2200  * by client the existing ACL should be overwritten. If only
2201  * one of them is specified the entries corresponding to the other
2202  * ACL should not be touched. For example, if only DACL
2203  * is specified in input fs_sd, the function reads audit entries
2204  * of the existing ACL of the file and point fs_sd->sd_zsdacl
2205  * pointer to the fetched SACL, this way when smb_fsop_sdwrite()
2206  * function is called the passed fs_sd would point to the specified
2207  * DACL by client and fetched SACL from filesystem, so the file
2208  * will end up with correct ACL.
2209  */
2210 static int
smb_fsop_sdmerge(smb_request_t * sr,smb_node_t * snode,smb_fssd_t * fs_sd)2211 smb_fsop_sdmerge(smb_request_t *sr, smb_node_t *snode, smb_fssd_t *fs_sd)
2212 {
2213 	smb_fssd_t cur_sd;
2214 	cred_t *kcr = zone_kcred();
2215 	int error = 0;
2216 
2217 	if (sr->tid_tree->t_acltype != ACE_T)
2218 		/* Don't bother if target FS doesn't support ACE_T */
2219 		return (0);
2220 
2221 	if ((fs_sd->sd_secinfo & SMB_ACL_SECINFO) != SMB_ACL_SECINFO) {
2222 		if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) {
2223 			/*
2224 			 * Don't overwrite existing audit entries
2225 			 */
2226 			smb_fssd_init(&cur_sd, SMB_SACL_SECINFO,
2227 			    fs_sd->sd_flags);
2228 
2229 			error = smb_fsop_sdread(sr, kcr, snode, &cur_sd);
2230 			if (error == 0) {
2231 				ASSERT(fs_sd->sd_zsacl == NULL);
2232 				fs_sd->sd_zsacl = cur_sd.sd_zsacl;
2233 				if (fs_sd->sd_zsacl && fs_sd->sd_zdacl)
2234 					fs_sd->sd_zsacl->acl_flags =
2235 					    fs_sd->sd_zdacl->acl_flags;
2236 			}
2237 		} else {
2238 			/*
2239 			 * Don't overwrite existing access entries
2240 			 */
2241 			smb_fssd_init(&cur_sd, SMB_DACL_SECINFO,
2242 			    fs_sd->sd_flags);
2243 
2244 			error = smb_fsop_sdread(sr, kcr, snode, &cur_sd);
2245 			if (error == 0) {
2246 				ASSERT(fs_sd->sd_zdacl == NULL);
2247 				fs_sd->sd_zdacl = cur_sd.sd_zdacl;
2248 				if (fs_sd->sd_zdacl && fs_sd->sd_zsacl)
2249 					fs_sd->sd_zdacl->acl_flags =
2250 					    fs_sd->sd_zsacl->acl_flags;
2251 			}
2252 		}
2253 
2254 		if (error)
2255 			smb_fssd_term(&cur_sd);
2256 	}
2257 
2258 	return (error);
2259 }
2260 
2261 /*
2262  * smb_fsop_sdwrite
2263  *
2264  * Stores the given uid, gid and acl in filesystem.
2265  * Provided items in fs_sd are specified by fs_sd->sd_secinfo.
2266  *
2267  * A SMB security descriptor could contain owner, primary group,
2268  * DACL and SACL. Setting an SD should be atomic but here it has to
2269  * be done via two separate FS operations: VOP_SETATTR and
2270  * VOP_SETSECATTR. Therefore, this function has to simulate the
2271  * atomicity as well as it can.
2272  *
2273  * Get the current uid, gid before setting the new uid/gid
2274  * so if smb_fsop_aclwrite fails they can be restored. root cred is
2275  * used to get currend uid/gid since this operation is performed on
2276  * behalf of the server not the user.
2277  *
2278  * If setting uid/gid fails with EPERM it means that and invalid
2279  * owner has been specified. Callers should translate this to
2280  * STATUS_INVALID_OWNER which is not the normal mapping for EPERM
2281  * in upper layers, so EPERM is mapped to EBADE.
2282  */
2283 int
smb_fsop_sdwrite(smb_request_t * sr,cred_t * cr,smb_node_t * snode,smb_fssd_t * fs_sd,int overwrite)2284 smb_fsop_sdwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2285     smb_fssd_t *fs_sd, int overwrite)
2286 {
2287 	smb_attr_t set_attr;
2288 	smb_attr_t orig_attr;
2289 	cred_t *kcr = zone_kcred();
2290 	int error = 0;
2291 	int access = 0;
2292 
2293 	ASSERT(cr);
2294 	ASSERT(fs_sd);
2295 
2296 	ASSERT(sr);
2297 	ASSERT(sr->tid_tree);
2298 	if (SMB_TREE_IS_READONLY(sr))
2299 		return (EROFS);
2300 
2301 	bzero(&set_attr, sizeof (smb_attr_t));
2302 
2303 	if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) {
2304 		set_attr.sa_vattr.va_uid = fs_sd->sd_uid;
2305 		set_attr.sa_mask |= SMB_AT_UID;
2306 		access |= WRITE_OWNER;
2307 	}
2308 
2309 	if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) {
2310 		set_attr.sa_vattr.va_gid = fs_sd->sd_gid;
2311 		set_attr.sa_mask |= SMB_AT_GID;
2312 		access |= WRITE_OWNER;
2313 	}
2314 
2315 	if (fs_sd->sd_secinfo & SMB_DACL_SECINFO)
2316 		access |= WRITE_DAC;
2317 
2318 	if (fs_sd->sd_secinfo & SMB_SACL_SECINFO)
2319 		access |= ACCESS_SYSTEM_SECURITY;
2320 
2321 	if (sr->fid_ofile)
2322 		error = smb_ofile_access(sr->fid_ofile, cr, access);
2323 	else
2324 		error = smb_fsop_access(sr, cr, snode, access);
2325 
2326 	if (error)
2327 		return (EACCES);
2328 
2329 	if (set_attr.sa_mask) {
2330 		orig_attr.sa_mask = SMB_AT_UID | SMB_AT_GID;
2331 		error = smb_fsop_getattr(sr, kcr, snode, &orig_attr);
2332 		if (error == 0) {
2333 			error = smb_fsop_setattr(sr, cr, snode, &set_attr);
2334 			if (error == EPERM)
2335 				error = EBADE;
2336 		}
2337 
2338 		if (error)
2339 			return (error);
2340 	}
2341 
2342 	if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) {
2343 		if (overwrite == 0) {
2344 			error = smb_fsop_sdmerge(sr, snode, fs_sd);
2345 			if (error)
2346 				return (error);
2347 		}
2348 
2349 		error = smb_fsop_aclwrite(sr, cr, snode, fs_sd);
2350 		if (error) {
2351 			/*
2352 			 * Revert uid/gid changes if required.
2353 			 */
2354 			if (set_attr.sa_mask) {
2355 				orig_attr.sa_mask = set_attr.sa_mask;
2356 				(void) smb_fsop_setattr(sr, kcr, snode,
2357 				    &orig_attr);
2358 			}
2359 		}
2360 	}
2361 
2362 	return (error);
2363 }
2364 
2365 #ifdef	_KERNEL
2366 /*
2367  * smb_fsop_sdinherit
2368  *
2369  * Inherit the security descriptor from the parent container.
2370  * This function is called after FS has created the file/folder
2371  * so if this doesn't do anything it means FS inheritance is
2372  * in place.
2373  *
2374  * Do inheritance for ZFS internally.
2375  *
2376  * If we want to let ZFS does the inheritance the
2377  * following setting should be true:
2378  *
2379  *  - aclinherit = passthrough
2380  *  - aclmode = passthrough
2381  *  - smbd umask = 0777
2382  *
2383  * This will result in right effective permissions but
2384  * ZFS will always add 6 ACEs for owner, owning group
2385  * and others to be POSIX compliant. This is not what
2386  * Windows clients/users expect, so we decided that CIFS
2387  * implements Windows rules and overwrite whatever ZFS
2388  * comes up with. This way we also don't have to care
2389  * about ZFS aclinherit and aclmode settings.
2390  */
2391 static int
smb_fsop_sdinherit(smb_request_t * sr,smb_node_t * dnode,smb_fssd_t * fs_sd)2392 smb_fsop_sdinherit(smb_request_t *sr, smb_node_t *dnode, smb_fssd_t *fs_sd)
2393 {
2394 	acl_t *dacl = NULL;
2395 	acl_t *sacl = NULL;
2396 	int is_dir;
2397 	int error;
2398 
2399 	ASSERT(fs_sd);
2400 
2401 	if (sr->tid_tree->t_acltype != ACE_T) {
2402 		/*
2403 		 * No forced inheritance for non-ZFS filesystems.
2404 		 */
2405 		fs_sd->sd_secinfo = 0;
2406 		return (0);
2407 	}
2408 
2409 
2410 	/* Fetch parent directory's ACL */
2411 	error = smb_fsop_sdread(sr, zone_kcred(), dnode, fs_sd);
2412 	if (error) {
2413 		return (error);
2414 	}
2415 
2416 	is_dir = (fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR);
2417 	dacl = smb_fsacl_inherit(fs_sd->sd_zdacl, is_dir, SMB_DACL_SECINFO,
2418 	    sr->user_cr);
2419 	sacl = smb_fsacl_inherit(fs_sd->sd_zsacl, is_dir, SMB_SACL_SECINFO,
2420 	    sr->user_cr);
2421 
2422 	if (sacl == NULL)
2423 		fs_sd->sd_secinfo &= ~SMB_SACL_SECINFO;
2424 
2425 	smb_fsacl_free(fs_sd->sd_zdacl);
2426 	smb_fsacl_free(fs_sd->sd_zsacl);
2427 
2428 	fs_sd->sd_zdacl = dacl;
2429 	fs_sd->sd_zsacl = sacl;
2430 
2431 	return (0);
2432 }
2433 #endif	/* _KERNEL */
2434 
2435 /*
2436  * smb_fsop_eaccess
2437  *
2438  * Returns the effective permission of the given credential for the
2439  * specified object.
2440  *
2441  * This is just a workaround. We need VFS/FS support for this.
2442  */
2443 void
smb_fsop_eaccess(smb_request_t * sr,cred_t * cr,smb_node_t * snode,uint32_t * eaccess)2444 smb_fsop_eaccess(smb_request_t *sr, cred_t *cr, smb_node_t *snode,
2445     uint32_t *eaccess)
2446 {
2447 	int access = 0;
2448 	vnode_t *dir_vp;
2449 	smb_node_t *unnamed_node;
2450 
2451 	ASSERT(cr);
2452 	ASSERT(snode);
2453 	ASSERT(snode->n_magic == SMB_NODE_MAGIC);
2454 	ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING);
2455 
2456 	unnamed_node = SMB_IS_STREAM(snode);
2457 	if (unnamed_node) {
2458 		ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC);
2459 		ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING);
2460 		/*
2461 		 * Streams authorization should be performed against the
2462 		 * unnamed stream.
2463 		 */
2464 		snode = unnamed_node;
2465 	}
2466 
2467 	if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) {
2468 		dir_vp = (snode->n_dnode) ? snode->n_dnode->vp : NULL;
2469 		smb_vop_eaccess(snode->vp, (int *)eaccess, V_ACE_MASK, dir_vp,
2470 		    cr);
2471 		return;
2472 	}
2473 
2474 	/*
2475 	 * FS doesn't understand 32-bit mask
2476 	 */
2477 	smb_vop_eaccess(snode->vp, &access, 0, NULL, cr);
2478 	access &= sr->tid_tree->t_access;
2479 
2480 	*eaccess = READ_CONTROL | FILE_READ_EA | FILE_READ_ATTRIBUTES;
2481 
2482 	if (access & VREAD)
2483 		*eaccess |= FILE_READ_DATA;
2484 
2485 	if (access & VEXEC)
2486 		*eaccess |= FILE_EXECUTE;
2487 
2488 	if (access & VWRITE)
2489 		*eaccess |= FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES |
2490 		    FILE_WRITE_EA | FILE_APPEND_DATA | FILE_DELETE_CHILD;
2491 }
2492 
2493 /*
2494  * smb_fsop_shrlock
2495  *
2496  * For the current open request, check file sharing rules
2497  * against existing opens.
2498  *
2499  * Returns NT_STATUS_SHARING_VIOLATION if there is any
2500  * sharing conflict.  Returns NT_STATUS_SUCCESS otherwise.
2501  *
2502  * Full system-wide share reservation synchronization is available
2503  * when the nbmand (non-blocking mandatory) mount option is set
2504  * (i.e. nbl_need_crit() is true) and nbmand critical regions are used.
2505  * This provides synchronization with NFS and local processes.  The
2506  * critical regions are entered in VOP_SHRLOCK()/fs_shrlock() (called
2507  * from smb_open_subr()/smb_fsop_shrlock()/smb_vop_shrlock()) as well
2508  * as the CIFS rename and delete paths.
2509  *
2510  * The CIFS server will also enter the nbl critical region in the open,
2511  * rename, and delete paths when nbmand is not set.  There is limited
2512  * coordination with local and VFS share reservations in this case.
2513  * Note that when the nbmand mount option is not set, the VFS layer
2514  * only processes advisory reservations and the delete mode is not checked.
2515  *
2516  * Whether or not the nbmand mount option is set, intra-CIFS share
2517  * checking is done in the open, delete, and rename paths using a CIFS
2518  * critical region (node->n_share_lock).
2519  */
2520 uint32_t
smb_fsop_shrlock(cred_t * cr,smb_node_t * node,uint32_t uniq_fid,uint32_t desired_access,uint32_t share_access)2521 smb_fsop_shrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid,
2522     uint32_t desired_access, uint32_t share_access)
2523 {
2524 	int rc;
2525 
2526 	/* Allow access if the request is just for meta data */
2527 	if ((desired_access & FILE_DATA_ALL) == 0)
2528 		return (NT_STATUS_SUCCESS);
2529 
2530 	rc = smb_node_open_check(node, desired_access, share_access);
2531 	if (rc)
2532 		return (NT_STATUS_SHARING_VIOLATION);
2533 
2534 	rc = smb_vop_shrlock(node->vp, uniq_fid, desired_access, share_access,
2535 	    cr);
2536 	if (rc)
2537 		return (NT_STATUS_SHARING_VIOLATION);
2538 
2539 	return (NT_STATUS_SUCCESS);
2540 }
2541 
2542 void
smb_fsop_unshrlock(cred_t * cr,smb_node_t * node,uint32_t uniq_fid)2543 smb_fsop_unshrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid)
2544 {
2545 	(void) smb_vop_unshrlock(node->vp, uniq_fid, cr);
2546 }
2547 
2548 int
smb_fsop_frlock(smb_node_t * node,smb_lock_t * lock,boolean_t unlock,cred_t * cr)2549 smb_fsop_frlock(smb_node_t *node, smb_lock_t *lock, boolean_t unlock,
2550     cred_t *cr)
2551 {
2552 	flock64_t bf;
2553 	int flag = F_REMOTELOCK;
2554 
2555 	/*
2556 	 * VOP_FRLOCK() will not be called if:
2557 	 *
2558 	 * 1) The lock has a range of zero bytes. The semantics of Windows and
2559 	 *    POSIX are different. In the case of POSIX it asks for the locking
2560 	 *    of all the bytes from the offset provided until the end of the
2561 	 *    file. In the case of Windows a range of zero locks nothing and
2562 	 *    doesn't conflict with any other lock.
2563 	 *
2564 	 * 2) The lock rolls over (start + lenght < start). Solaris will assert
2565 	 *    if such a request is submitted. This will not create
2566 	 *    incompatibilities between POSIX and Windows. In the Windows world,
2567 	 *    if a client submits such a lock, the server will not lock any
2568 	 *    bytes. Interestingly if the same lock (same offset and length) is
2569 	 *    resubmitted Windows will consider that there is an overlap and
2570 	 *    the granting rules will then apply.
2571 	 */
2572 	if ((lock->l_length == 0) ||
2573 	    ((lock->l_start + lock->l_length - 1) < lock->l_start))
2574 		return (0);
2575 
2576 	bzero(&bf, sizeof (bf));
2577 
2578 	if (unlock) {
2579 		bf.l_type = F_UNLCK;
2580 	} else if (lock->l_type == SMB_LOCK_TYPE_READONLY) {
2581 		bf.l_type = F_RDLCK;
2582 		flag |= FREAD;
2583 	} else if (lock->l_type == SMB_LOCK_TYPE_READWRITE) {
2584 		bf.l_type = F_WRLCK;
2585 		flag |= FWRITE;
2586 	}
2587 
2588 	bf.l_start = lock->l_start;
2589 	bf.l_len = lock->l_length;
2590 	bf.l_pid = lock->l_file->f_uniqid;
2591 	bf.l_sysid = smb_ct.cc_sysid;
2592 
2593 	return (smb_vop_frlock(node->vp, cr, flag, &bf));
2594 }
2595