1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. 24 * Copyright 2017 Nexenta Systems, Inc. All rights reserved. 25 */ 26 27 /* 28 * This module provides the common open functionality to the various 29 * open and create SMB interface functions. 30 */ 31 32 #include <sys/types.h> 33 #include <sys/cmn_err.h> 34 #include <sys/fcntl.h> 35 #include <sys/nbmlock.h> 36 #include <smbsrv/string.h> 37 #include <smbsrv/smb_kproto.h> 38 #include <smbsrv/smb_fsops.h> 39 #include <smbsrv/smbinfo.h> 40 41 int smb_session_ofile_max = 32768; 42 43 static volatile uint32_t smb_fids = 0; 44 #define SMB_UNIQ_FID() atomic_inc_32_nv(&smb_fids) 45 46 static uint32_t smb_open_subr(smb_request_t *); 47 extern uint32_t smb_is_executable(char *); 48 static void smb_delete_new_object(smb_request_t *); 49 static int smb_set_open_attributes(smb_request_t *, smb_ofile_t *); 50 static void smb_open_oplock_break(smb_request_t *, smb_node_t *); 51 static boolean_t smb_open_attr_only(smb_arg_open_t *); 52 static boolean_t smb_open_overwrite(smb_arg_open_t *); 53 54 /* 55 * smb_access_generic_to_file 56 * 57 * Search MSDN for IoCreateFile to see following mapping. 58 * 59 * GENERIC_READ STANDARD_RIGHTS_READ, FILE_READ_DATA, 60 * FILE_READ_ATTRIBUTES and FILE_READ_EA 61 * 62 * GENERIC_WRITE STANDARD_RIGHTS_WRITE, FILE_WRITE_DATA, 63 * FILE_WRITE_ATTRIBUTES, FILE_WRITE_EA, and FILE_APPEND_DATA 64 * 65 * GENERIC_EXECUTE STANDARD_RIGHTS_EXECUTE, SYNCHRONIZE, and FILE_EXECUTE. 66 */ 67 static uint32_t 68 smb_access_generic_to_file(uint32_t desired_access) 69 { 70 uint32_t access = 0; 71 72 if (desired_access & GENERIC_ALL) 73 return (FILE_ALL_ACCESS & ~SYNCHRONIZE); 74 75 if (desired_access & GENERIC_EXECUTE) { 76 desired_access &= ~GENERIC_EXECUTE; 77 access |= (STANDARD_RIGHTS_EXECUTE | 78 SYNCHRONIZE | FILE_EXECUTE); 79 } 80 81 if (desired_access & GENERIC_WRITE) { 82 desired_access &= ~GENERIC_WRITE; 83 access |= (FILE_GENERIC_WRITE & ~SYNCHRONIZE); 84 } 85 86 if (desired_access & GENERIC_READ) { 87 desired_access &= ~GENERIC_READ; 88 access |= FILE_GENERIC_READ; 89 } 90 91 return (access | desired_access); 92 } 93 94 /* 95 * smb_omode_to_amask 96 * 97 * This function converts open modes used by Open and Open AndX 98 * commands to desired access bits used by NT Create AndX command. 99 */ 100 uint32_t 101 smb_omode_to_amask(uint32_t desired_access) 102 { 103 switch (desired_access & SMB_DA_ACCESS_MASK) { 104 case SMB_DA_ACCESS_READ: 105 return (FILE_GENERIC_READ); 106 107 case SMB_DA_ACCESS_WRITE: 108 return (FILE_GENERIC_WRITE); 109 110 case SMB_DA_ACCESS_READ_WRITE: 111 return (FILE_GENERIC_READ | FILE_GENERIC_WRITE); 112 113 case SMB_DA_ACCESS_EXECUTE: 114 return (FILE_GENERIC_READ | FILE_GENERIC_EXECUTE); 115 116 default: 117 return (FILE_GENERIC_ALL); 118 } 119 } 120 121 /* 122 * smb_denymode_to_sharemode 123 * 124 * This function converts deny modes used by Open and Open AndX 125 * commands to share access bits used by NT Create AndX command. 126 */ 127 uint32_t 128 smb_denymode_to_sharemode(uint32_t desired_access, char *fname) 129 { 130 switch (desired_access & SMB_DA_SHARE_MASK) { 131 case SMB_DA_SHARE_COMPATIBILITY: 132 if (smb_is_executable(fname)) 133 return (FILE_SHARE_READ | FILE_SHARE_WRITE); 134 135 return (FILE_SHARE_ALL); 136 137 case SMB_DA_SHARE_EXCLUSIVE: 138 return (FILE_SHARE_NONE); 139 140 case SMB_DA_SHARE_DENY_WRITE: 141 return (FILE_SHARE_READ); 142 143 case SMB_DA_SHARE_DENY_READ: 144 return (FILE_SHARE_WRITE); 145 146 case SMB_DA_SHARE_DENY_NONE: 147 default: 148 return (FILE_SHARE_READ | FILE_SHARE_WRITE); 149 } 150 } 151 152 /* 153 * smb_ofun_to_crdisposition 154 * 155 * This function converts open function values used by Open and Open AndX 156 * commands to create disposition values used by NT Create AndX command. 157 */ 158 uint32_t 159 smb_ofun_to_crdisposition(uint16_t ofun) 160 { 161 static int ofun_cr_map[3][2] = 162 { 163 { -1, FILE_CREATE }, 164 { FILE_OPEN, FILE_OPEN_IF }, 165 { FILE_OVERWRITE, FILE_OVERWRITE_IF } 166 }; 167 168 int row = ofun & SMB_OFUN_OPEN_MASK; 169 int col = (ofun & SMB_OFUN_CREATE_MASK) >> 4; 170 171 if (row == 3) 172 return (FILE_MAXIMUM_DISPOSITION + 1); 173 174 return (ofun_cr_map[row][col]); 175 } 176 177 /* 178 * Retry opens to avoid spurious sharing violations, due to timing 179 * issues between closes and opens. The client that already has the 180 * file open may be in the process of closing it. 181 */ 182 uint32_t 183 smb_common_open(smb_request_t *sr) 184 { 185 smb_arg_open_t *parg; 186 uint32_t status = NT_STATUS_SUCCESS; 187 int count; 188 189 parg = kmem_alloc(sizeof (*parg), KM_SLEEP); 190 bcopy(&sr->arg.open, parg, sizeof (*parg)); 191 192 for (count = 0; count <= 4; count++) { 193 if (count != 0) 194 delay(MSEC_TO_TICK(400)); 195 196 status = smb_open_subr(sr); 197 if (status != NT_STATUS_SHARING_VIOLATION) 198 break; 199 200 bcopy(parg, &sr->arg.open, sizeof (*parg)); 201 } 202 203 if (status == NT_STATUS_NO_SUCH_FILE) 204 status = NT_STATUS_OBJECT_NAME_NOT_FOUND; 205 206 kmem_free(parg, sizeof (*parg)); 207 return (status); 208 } 209 210 /* 211 * smb_open_subr 212 * 213 * Notes on write-through behaviour. It looks like pre-LM0.12 versions 214 * of the protocol specify the write-through mode when a file is opened, 215 * (SmbOpen, SmbOpenAndX) so the write calls (SmbWrite, SmbWriteAndClose, 216 * SmbWriteAndUnlock) don't need to contain a write-through flag. 217 * 218 * With LM0.12, the open calls (SmbCreateAndX, SmbNtTransactCreate) 219 * don't indicate which write-through mode to use. Instead the write 220 * calls (SmbWriteAndX, SmbWriteRaw) specify the mode on a per call 221 * basis. 222 * 223 * We don't care which open call was used to get us here, we just need 224 * to ensure that the write-through mode flag is copied from the open 225 * parameters to the node. We test the omode write-through flag in all 226 * write functions. 227 * 228 * This function returns NT status codes. 229 * 230 * The following rules apply when processing a file open request: 231 * 232 * - Oplocks must be broken prior to share checking as the break may 233 * cause other clients to close the file, which would affect sharing 234 * checks. 235 * 236 * - Share checks must take place prior to access checks for correct 237 * Windows semantics and to prevent unnecessary NFS delegation recalls. 238 * 239 * - Oplocks must be acquired after open to ensure the correct 240 * synchronization with NFS delegation and FEM installation. 241 * 242 * DOS readonly bit rules 243 * 244 * 1. The creator of a readonly file can write to/modify the size of the file 245 * using the original create fid, even though the file will appear as readonly 246 * to all other fids and via a CIFS getattr call. 247 * The readonly bit therefore cannot be set in the filesystem until the file 248 * is closed (smb_ofile_close). It is accounted for via ofile and node flags. 249 * 250 * 2. A setinfo operation (using either an open fid or a path) to set/unset 251 * readonly will be successful regardless of whether a creator of a readonly 252 * file has an open fid (and has the special privilege mentioned in #1, 253 * above). I.e., the creator of a readonly fid holding that fid will no longer 254 * have a special privilege. 255 * 256 * 3. The DOS readonly bit affects only data and some metadata. 257 * The following metadata can be changed regardless of the readonly bit: 258 * - security descriptors 259 * - DOS attributes 260 * - timestamps 261 * 262 * In the current implementation, the file size cannot be changed (except for 263 * the exceptions in #1 and #2, above). 264 * 265 * 266 * DOS attribute rules 267 * 268 * These rules are specific to creating / opening files and directories. 269 * How the attribute value (specifically ZERO or FILE_ATTRIBUTE_NORMAL) 270 * should be interpreted may differ in other requests. 271 * 272 * - An attribute value equal to ZERO or FILE_ATTRIBUTE_NORMAL means that the 273 * file's attributes should be cleared. 274 * - If FILE_ATTRIBUTE_NORMAL is specified with any other attributes, 275 * FILE_ATTRIBUTE_NORMAL is ignored. 276 * 277 * 1. Creating a new file 278 * - The request attributes + FILE_ATTRIBUTE_ARCHIVE are applied to the file. 279 * 280 * 2. Creating a new directory 281 * - The request attributes + FILE_ATTRIBUTE_DIRECTORY are applied to the file. 282 * - FILE_ATTRIBUTE_ARCHIVE does not get set. 283 * 284 * 3. Overwriting an existing file 285 * - the request attributes are used as search attributes. If the existing 286 * file does not meet the search criteria access is denied. 287 * - otherwise, applies attributes + FILE_ATTRIBUTE_ARCHIVE. 288 * 289 * 4. Opening an existing file or directory 290 * The request attributes are ignored. 291 */ 292 static uint32_t 293 smb_open_subr(smb_request_t *sr) 294 { 295 boolean_t created = B_FALSE; 296 boolean_t last_comp_found = B_FALSE; 297 smb_node_t *node = NULL; 298 smb_node_t *dnode = NULL; 299 smb_node_t *cur_node = NULL; 300 smb_arg_open_t *op = &sr->sr_open; 301 int rc; 302 smb_ofile_t *of; 303 smb_attr_t new_attr; 304 int max_requested = 0; 305 uint32_t max_allowed; 306 uint32_t status = NT_STATUS_SUCCESS; 307 int is_dir; 308 smb_error_t err; 309 boolean_t is_stream = B_FALSE; 310 int lookup_flags = SMB_FOLLOW_LINKS; 311 uint32_t uniq_fid; 312 smb_pathname_t *pn = &op->fqi.fq_path; 313 smb_server_t *sv = sr->sr_server; 314 315 /* Get out now if we've been cancelled. */ 316 mutex_enter(&sr->sr_mutex); 317 if (sr->sr_state != SMB_REQ_STATE_ACTIVE) { 318 mutex_exit(&sr->sr_mutex); 319 return (NT_STATUS_CANCELLED); 320 } 321 mutex_exit(&sr->sr_mutex); 322 323 is_dir = (op->create_options & FILE_DIRECTORY_FILE) ? 1 : 0; 324 325 /* 326 * If the object being created or opened is a directory 327 * the Disposition parameter must be one of FILE_CREATE, 328 * FILE_OPEN, or FILE_OPEN_IF 329 */ 330 if (is_dir) { 331 if ((op->create_disposition != FILE_CREATE) && 332 (op->create_disposition != FILE_OPEN_IF) && 333 (op->create_disposition != FILE_OPEN)) { 334 return (NT_STATUS_INVALID_PARAMETER); 335 } 336 } 337 338 if (op->desired_access & MAXIMUM_ALLOWED) { 339 max_requested = 1; 340 op->desired_access &= ~MAXIMUM_ALLOWED; 341 } 342 op->desired_access = smb_access_generic_to_file(op->desired_access); 343 344 if (sr->session->s_file_cnt >= smb_session_ofile_max) { 345 ASSERT(sr->uid_user); 346 cmn_err(CE_NOTE, "smbsrv[%s\\%s]: TOO_MANY_OPENED_FILES", 347 sr->uid_user->u_domain, sr->uid_user->u_name); 348 return (NT_STATUS_TOO_MANY_OPENED_FILES); 349 } 350 351 /* This must be NULL at this point */ 352 sr->fid_ofile = NULL; 353 354 op->devstate = 0; 355 356 switch (sr->tid_tree->t_res_type & STYPE_MASK) { 357 case STYPE_DISKTREE: 358 case STYPE_PRINTQ: 359 break; 360 361 case STYPE_IPC: 362 /* 363 * Security descriptors for pipes are not implemented, 364 * so just setup a reasonable access mask. 365 */ 366 op->desired_access = (READ_CONTROL | SYNCHRONIZE | 367 FILE_READ_DATA | FILE_READ_ATTRIBUTES | 368 FILE_WRITE_DATA | FILE_APPEND_DATA); 369 370 /* 371 * Limit the number of open pipe instances. 372 */ 373 if ((rc = smb_threshold_enter(&sv->sv_opipe_ct)) != 0) { 374 status = RPC_NT_SERVER_TOO_BUSY; 375 return (status); 376 } 377 378 /* 379 * No further processing for IPC, we need to either 380 * raise an exception or return success here. 381 */ 382 uniq_fid = SMB_UNIQ_FID(); 383 status = smb_opipe_open(sr, uniq_fid); 384 smb_threshold_exit(&sv->sv_opipe_ct); 385 return (status); 386 387 default: 388 return (NT_STATUS_BAD_DEVICE_TYPE); 389 } 390 391 smb_pathname_init(sr, pn, pn->pn_path); 392 if (!smb_pathname_validate(sr, pn)) 393 return (sr->smb_error.status); 394 395 if (strlen(pn->pn_path) >= SMB_MAXPATHLEN) { 396 return (NT_STATUS_OBJECT_PATH_INVALID); 397 } 398 399 if (is_dir) { 400 if (!smb_validate_dirname(sr, pn)) 401 return (sr->smb_error.status); 402 } else { 403 if (!smb_validate_object_name(sr, pn)) 404 return (sr->smb_error.status); 405 } 406 407 cur_node = op->fqi.fq_dnode ? 408 op->fqi.fq_dnode : sr->tid_tree->t_snode; 409 410 rc = smb_pathname_reduce(sr, sr->user_cr, pn->pn_path, 411 sr->tid_tree->t_snode, cur_node, &op->fqi.fq_dnode, 412 op->fqi.fq_last_comp); 413 if (rc != 0) { 414 return (smb_errno2status(rc)); 415 } 416 417 /* 418 * If the access mask has only DELETE set (ignore 419 * FILE_READ_ATTRIBUTES), then assume that this 420 * is a request to delete the link (if a link) 421 * and do not follow links. Otherwise, follow 422 * the link to the target. 423 */ 424 if ((op->desired_access & ~FILE_READ_ATTRIBUTES) == DELETE) 425 lookup_flags &= ~SMB_FOLLOW_LINKS; 426 427 rc = smb_fsop_lookup_name(sr, zone_kcred(), lookup_flags, 428 sr->tid_tree->t_snode, op->fqi.fq_dnode, op->fqi.fq_last_comp, 429 &op->fqi.fq_fnode); 430 431 if (rc == 0) { 432 last_comp_found = B_TRUE; 433 /* 434 * Need the DOS attributes below, where we 435 * check the search attributes (sattr). 436 */ 437 op->fqi.fq_fattr.sa_mask = SMB_AT_DOSATTR; 438 rc = smb_node_getattr(sr, op->fqi.fq_fnode, zone_kcred(), 439 NULL, &op->fqi.fq_fattr); 440 if (rc != 0) { 441 smb_node_release(op->fqi.fq_fnode); 442 smb_node_release(op->fqi.fq_dnode); 443 return (NT_STATUS_INTERNAL_ERROR); 444 } 445 } else if (rc == ENOENT) { 446 last_comp_found = B_FALSE; 447 op->fqi.fq_fnode = NULL; 448 rc = 0; 449 } else { 450 smb_node_release(op->fqi.fq_dnode); 451 return (smb_errno2status(rc)); 452 } 453 454 455 /* 456 * The uniq_fid is a CIFS-server-wide unique identifier for an ofile 457 * which is used to uniquely identify open instances for the 458 * VFS share reservation and POSIX locks. 459 */ 460 461 uniq_fid = SMB_UNIQ_FID(); 462 463 if (last_comp_found) { 464 465 node = op->fqi.fq_fnode; 466 dnode = op->fqi.fq_dnode; 467 468 if (!smb_node_is_file(node) && !smb_node_is_dir(node) && 469 !smb_node_is_symlink(node)) { 470 smb_node_release(node); 471 smb_node_release(dnode); 472 return (NT_STATUS_ACCESS_DENIED); 473 } 474 475 /* 476 * Reject this request if either: 477 * - the target IS a directory and the client requires that 478 * it must NOT be (required by Lotus Notes) 479 * - the target is NOT a directory and client requires that 480 * it MUST be. 481 */ 482 if (smb_node_is_dir(node)) { 483 if (op->create_options & FILE_NON_DIRECTORY_FILE) { 484 smb_node_release(node); 485 smb_node_release(dnode); 486 return (NT_STATUS_FILE_IS_A_DIRECTORY); 487 } 488 } else { 489 if ((op->create_options & FILE_DIRECTORY_FILE) || 490 (op->nt_flags & NT_CREATE_FLAG_OPEN_TARGET_DIR)) { 491 smb_node_release(node); 492 smb_node_release(dnode); 493 return (NT_STATUS_NOT_A_DIRECTORY); 494 } 495 } 496 497 /* 498 * No more open should be accepted when "Delete on close" 499 * flag is set. 500 */ 501 if (node->flags & NODE_FLAGS_DELETE_ON_CLOSE) { 502 smb_node_release(node); 503 smb_node_release(dnode); 504 return (NT_STATUS_DELETE_PENDING); 505 } 506 507 /* 508 * Specified file already exists so the operation should fail. 509 */ 510 if (op->create_disposition == FILE_CREATE) { 511 smb_node_release(node); 512 smb_node_release(dnode); 513 return (NT_STATUS_OBJECT_NAME_COLLISION); 514 } 515 516 /* 517 * Windows seems to check read-only access before file 518 * sharing check. 519 * 520 * Check to see if the file is currently readonly (irrespective 521 * of whether this open will make it readonly). 522 */ 523 if (SMB_PATHFILE_IS_READONLY(sr, node)) { 524 /* Files data only */ 525 if (!smb_node_is_dir(node)) { 526 if (op->desired_access & (FILE_WRITE_DATA | 527 FILE_APPEND_DATA)) { 528 smb_node_release(node); 529 smb_node_release(dnode); 530 return (NT_STATUS_ACCESS_DENIED); 531 } 532 if (op->create_options & FILE_DELETE_ON_CLOSE) { 533 smb_node_release(node); 534 smb_node_release(dnode); 535 return (NT_STATUS_CANNOT_DELETE); 536 } 537 } 538 } 539 540 if ((op->create_disposition == FILE_SUPERSEDE) || 541 (op->create_disposition == FILE_OVERWRITE_IF) || 542 (op->create_disposition == FILE_OVERWRITE)) { 543 544 if (!smb_sattr_check(op->fqi.fq_fattr.sa_dosattr, 545 op->dattr)) { 546 smb_node_release(node); 547 smb_node_release(dnode); 548 return (NT_STATUS_ACCESS_DENIED); 549 } 550 551 if (smb_node_is_dir(node)) { 552 smb_node_release(node); 553 smb_node_release(dnode); 554 return (NT_STATUS_ACCESS_DENIED); 555 } 556 } 557 558 /* MS-FSA 2.1.5.1.2 */ 559 if (op->create_disposition == FILE_SUPERSEDE) 560 op->desired_access |= DELETE; 561 if ((op->create_disposition == FILE_OVERWRITE_IF) || 562 (op->create_disposition == FILE_OVERWRITE)) 563 op->desired_access |= FILE_WRITE_DATA; 564 565 status = smb_fsop_access(sr, sr->user_cr, node, 566 op->desired_access); 567 if (status != NT_STATUS_SUCCESS) { 568 smb_node_release(node); 569 smb_node_release(dnode); 570 571 /* SMB1 specific? NT_STATUS_PRIVILEGE_NOT_HELD */ 572 if (status == NT_STATUS_PRIVILEGE_NOT_HELD) { 573 return (status); 574 } else { 575 return (NT_STATUS_ACCESS_DENIED); 576 } 577 } 578 579 if (max_requested) { 580 smb_fsop_eaccess(sr, sr->user_cr, node, &max_allowed); 581 op->desired_access |= max_allowed; 582 } 583 /* 584 * According to MS "dochelp" mail in Mar 2015, any handle 585 * on which read or write access is granted implicitly 586 * gets "read attributes", even if it was not requested. 587 * This avoids unexpected access failures later that 588 * would happen if these were not granted. 589 */ 590 if ((op->desired_access & FILE_DATA_ALL) != 0) { 591 op->desired_access |= (READ_CONTROL | 592 FILE_READ_ATTRIBUTES); 593 } 594 595 /* 596 * Oplock break is done prior to sharing checks as the break 597 * may cause other clients to close the file which would 598 * affect the sharing checks, and may delete the file due to 599 * DELETE_ON_CLOSE. This may block, so set the file opening 600 * count before oplock stuff. 601 */ 602 smb_node_inc_opening_count(node); 603 smb_open_oplock_break(sr, node); 604 605 if ((node->flags & NODE_FLAGS_DELETE_COMMITTED) != 0) { 606 /* 607 * Breaking the oplock caused the file to be deleted, 608 * so let's bail and pretend the file wasn't found 609 */ 610 smb_node_dec_opening_count(node); 611 smb_node_release(node); 612 last_comp_found = B_FALSE; 613 goto create; 614 } 615 616 smb_node_wrlock(node); 617 618 /* 619 * Check for sharing violations 620 */ 621 status = smb_fsop_shrlock(sr->user_cr, node, uniq_fid, 622 op->desired_access, op->share_access); 623 if (status == NT_STATUS_SHARING_VIOLATION) { 624 smb_node_unlock(node); 625 smb_node_dec_opening_count(node); 626 smb_node_release(node); 627 smb_node_release(dnode); 628 return (status); 629 } 630 631 /* 632 * Go ahead with modifications as necessary. 633 */ 634 switch (op->create_disposition) { 635 case FILE_SUPERSEDE: 636 case FILE_OVERWRITE_IF: 637 case FILE_OVERWRITE: 638 op->dattr |= FILE_ATTRIBUTE_ARCHIVE; 639 /* Don't apply readonly bit until smb_ofile_close */ 640 if (op->dattr & FILE_ATTRIBUTE_READONLY) { 641 op->created_readonly = B_TRUE; 642 op->dattr &= ~FILE_ATTRIBUTE_READONLY; 643 } 644 645 /* 646 * Truncate the file data here. 647 * We set alloc_size = op->dsize later, 648 * after we have an ofile. See: 649 * smb_set_open_attributes 650 */ 651 bzero(&new_attr, sizeof (new_attr)); 652 new_attr.sa_dosattr = op->dattr; 653 new_attr.sa_vattr.va_size = 0; 654 new_attr.sa_mask = SMB_AT_DOSATTR | SMB_AT_SIZE; 655 rc = smb_fsop_setattr(sr, sr->user_cr, node, &new_attr); 656 if (rc != 0) { 657 smb_fsop_unshrlock(sr->user_cr, node, uniq_fid); 658 smb_node_unlock(node); 659 smb_node_dec_opening_count(node); 660 smb_node_release(node); 661 smb_node_release(dnode); 662 return (smb_errno2status(rc)); 663 } 664 665 /* 666 * If file is being replaced, remove existing streams 667 */ 668 if (SMB_IS_STREAM(node) == 0) { 669 status = smb_fsop_remove_streams(sr, 670 sr->user_cr, node); 671 if (status != 0) { 672 smb_fsop_unshrlock(sr->user_cr, node, 673 uniq_fid); 674 smb_node_unlock(node); 675 smb_node_dec_opening_count(node); 676 smb_node_release(node); 677 smb_node_release(dnode); 678 return (status); 679 } 680 } 681 682 op->action_taken = SMB_OACT_TRUNCATED; 683 break; 684 685 default: 686 /* 687 * FILE_OPEN or FILE_OPEN_IF. 688 */ 689 /* 690 * Ignore any user-specified alloc_size for 691 * existing files, to avoid truncation in 692 * smb_set_open_attributes 693 */ 694 op->dsize = 0L; 695 op->action_taken = SMB_OACT_OPENED; 696 break; 697 } 698 } else { 699 create: 700 /* Last component was not found. */ 701 dnode = op->fqi.fq_dnode; 702 703 if (is_dir == 0) 704 is_stream = smb_is_stream_name(pn->pn_path); 705 706 if ((op->create_disposition == FILE_OPEN) || 707 (op->create_disposition == FILE_OVERWRITE)) { 708 smb_node_release(dnode); 709 return (NT_STATUS_OBJECT_NAME_NOT_FOUND); 710 } 711 712 if (pn->pn_fname && smb_is_invalid_filename(pn->pn_fname)) { 713 smb_node_release(dnode); 714 return (NT_STATUS_OBJECT_NAME_INVALID); 715 } 716 717 /* 718 * Don't create in directories marked "Delete on close". 719 */ 720 if (dnode->flags & NODE_FLAGS_DELETE_ON_CLOSE) { 721 smb_node_release(dnode); 722 return (NT_STATUS_DELETE_PENDING); 723 } 724 725 /* 726 * lock the parent dir node in case another create 727 * request to the same parent directory comes in. 728 */ 729 smb_node_wrlock(dnode); 730 731 /* Don't apply readonly bit until smb_ofile_close */ 732 if (op->dattr & FILE_ATTRIBUTE_READONLY) { 733 op->dattr &= ~FILE_ATTRIBUTE_READONLY; 734 op->created_readonly = B_TRUE; 735 } 736 737 bzero(&new_attr, sizeof (new_attr)); 738 if ((op->crtime.tv_sec != 0) && 739 (op->crtime.tv_sec != UINT_MAX)) { 740 741 new_attr.sa_mask |= SMB_AT_CRTIME; 742 new_attr.sa_crtime = op->crtime; 743 } 744 745 if (is_dir == 0) { 746 op->dattr |= FILE_ATTRIBUTE_ARCHIVE; 747 new_attr.sa_dosattr = op->dattr; 748 new_attr.sa_vattr.va_type = VREG; 749 new_attr.sa_vattr.va_mode = is_stream ? S_IRUSR : 750 S_IRUSR | S_IRGRP | S_IROTH | 751 S_IWUSR | S_IWGRP | S_IWOTH; 752 new_attr.sa_mask |= 753 SMB_AT_DOSATTR | SMB_AT_TYPE | SMB_AT_MODE; 754 755 /* 756 * We set alloc_size = op->dsize later, 757 * (in smb_set_open_attributes) after we 758 * have an ofile on which to save that. 759 * 760 * Legacy Open&X sets size to alloc_size 761 * when creating a new file. 762 */ 763 if (sr->smb_com == SMB_COM_OPEN_ANDX) { 764 new_attr.sa_vattr.va_size = op->dsize; 765 new_attr.sa_mask |= SMB_AT_SIZE; 766 } 767 768 rc = smb_fsop_create(sr, sr->user_cr, dnode, 769 op->fqi.fq_last_comp, &new_attr, &op->fqi.fq_fnode); 770 771 if (rc != 0) { 772 smb_node_unlock(dnode); 773 smb_node_release(dnode); 774 return (smb_errno2status(rc)); 775 } 776 777 node = op->fqi.fq_fnode; 778 smb_node_inc_opening_count(node); 779 smb_node_wrlock(node); 780 781 status = smb_fsop_shrlock(sr->user_cr, node, uniq_fid, 782 op->desired_access, op->share_access); 783 784 if (status == NT_STATUS_SHARING_VIOLATION) { 785 smb_node_unlock(node); 786 smb_node_dec_opening_count(node); 787 smb_delete_new_object(sr); 788 smb_node_release(node); 789 smb_node_unlock(dnode); 790 smb_node_release(dnode); 791 return (status); 792 } 793 } else { 794 op->dattr |= FILE_ATTRIBUTE_DIRECTORY; 795 new_attr.sa_dosattr = op->dattr; 796 new_attr.sa_vattr.va_type = VDIR; 797 new_attr.sa_vattr.va_mode = 0777; 798 new_attr.sa_mask |= 799 SMB_AT_DOSATTR | SMB_AT_TYPE | SMB_AT_MODE; 800 801 rc = smb_fsop_mkdir(sr, sr->user_cr, dnode, 802 op->fqi.fq_last_comp, &new_attr, &op->fqi.fq_fnode); 803 if (rc != 0) { 804 smb_node_unlock(dnode); 805 smb_node_release(dnode); 806 return (smb_errno2status(rc)); 807 } 808 809 node = op->fqi.fq_fnode; 810 smb_node_inc_opening_count(node); 811 smb_node_wrlock(node); 812 } 813 814 created = B_TRUE; 815 op->action_taken = SMB_OACT_CREATED; 816 817 if (max_requested) { 818 smb_fsop_eaccess(sr, sr->user_cr, node, &max_allowed); 819 op->desired_access |= max_allowed; 820 } 821 /* 822 * We created this object (we own it) so grant 823 * read_control + read_attributes on this handle, 824 * even if that was not requested. This avoids 825 * unexpected access failures later. 826 */ 827 op->desired_access |= (READ_CONTROL | FILE_READ_ATTRIBUTES); 828 } 829 830 status = NT_STATUS_SUCCESS; 831 832 of = smb_ofile_open(sr, node, op, SMB_FTYPE_DISK, uniq_fid, 833 &err); 834 if (of == NULL) { 835 status = err.status; 836 } 837 838 /* 839 * We might have blocked in smb_ofile_open long enough so a 840 * tree disconnect might have happened. In that case, we've 841 * just added an ofile to a tree that's disconnecting, and 842 * need to undo that to avoid interfering with tear-down of 843 * the tree connection. 844 */ 845 if (status == NT_STATUS_SUCCESS && 846 !smb_tree_is_connected(sr->tid_tree)) { 847 status = NT_STATUS_INVALID_PARAMETER; 848 } 849 850 /* 851 * This MUST be done after ofile creation, so that explicitly 852 * set timestamps can be remembered on the ofile, and the 853 * readonly flag will be stored "pending" on the node. 854 */ 855 if (status == NT_STATUS_SUCCESS) { 856 if ((rc = smb_set_open_attributes(sr, of)) != 0) { 857 status = smb_errno2status(rc); 858 } 859 } 860 861 if (status == NT_STATUS_SUCCESS) { 862 /* 863 * We've already done access checks above, 864 * and want this call to succeed even when 865 * !(desired_access & FILE_READ_ATTRIBUTES), 866 * so pass kcred here. 867 */ 868 op->fqi.fq_fattr.sa_mask = SMB_AT_ALL; 869 rc = smb_node_getattr(sr, node, zone_kcred(), of, 870 &op->fqi.fq_fattr); 871 if (rc != 0) { 872 status = NT_STATUS_INTERNAL_ERROR; 873 } 874 } 875 876 /* 877 * smb_fsop_unshrlock is a no-op if node is a directory 878 * smb_fsop_unshrlock is done in smb_ofile_close 879 */ 880 if (status != NT_STATUS_SUCCESS) { 881 if (of == NULL) { 882 smb_fsop_unshrlock(sr->user_cr, node, uniq_fid); 883 } else { 884 smb_ofile_close(of, 0); 885 smb_ofile_release(of); 886 } 887 if (created) 888 smb_delete_new_object(sr); 889 smb_node_unlock(node); 890 smb_node_dec_opening_count(node); 891 smb_node_release(node); 892 if (created) 893 smb_node_unlock(dnode); 894 smb_node_release(dnode); 895 return (status); 896 } 897 898 /* 899 * Propagate the write-through mode from the open params 900 * to the node: see the notes in the function header. 901 */ 902 if (sr->sr_cfg->skc_sync_enable || 903 (op->create_options & FILE_WRITE_THROUGH)) 904 node->flags |= NODE_FLAGS_WRITE_THROUGH; 905 906 /* 907 * Set up the fileid and dosattr in open_param for response 908 */ 909 op->fileid = op->fqi.fq_fattr.sa_vattr.va_nodeid; 910 op->dattr = op->fqi.fq_fattr.sa_dosattr; 911 912 /* 913 * Set up the file type in open_param for the response 914 */ 915 op->ftype = SMB_FTYPE_DISK; 916 sr->smb_fid = of->f_fid; 917 sr->fid_ofile = of; 918 919 if (smb_node_is_file(node)) { 920 smb_oplock_acquire(sr, node, of); 921 op->dsize = op->fqi.fq_fattr.sa_vattr.va_size; 922 } else { 923 /* directory or symlink */ 924 op->op_oplock_level = SMB_OPLOCK_NONE; 925 op->dsize = 0; 926 } 927 928 smb_node_dec_opening_count(node); 929 930 smb_node_unlock(node); 931 if (created) 932 smb_node_unlock(dnode); 933 934 smb_node_release(node); 935 smb_node_release(dnode); 936 937 return (NT_STATUS_SUCCESS); 938 } 939 940 /* 941 * smb_open_oplock_break 942 * 943 * If the node has an ofile opened with share access none, 944 * (smb_node_share_check = FALSE) only break BATCH oplock. 945 * Otherwise: 946 * If overwriting, break to SMB_OPLOCK_NONE, else 947 * If opening for anything other than attribute access, 948 * break oplock to LEVEL_II. 949 */ 950 static void 951 smb_open_oplock_break(smb_request_t *sr, smb_node_t *node) 952 { 953 smb_arg_open_t *op = &sr->sr_open; 954 uint32_t flags = 0; 955 956 if (!smb_node_share_check(node)) 957 flags |= SMB_OPLOCK_BREAK_BATCH; 958 959 if (smb_open_overwrite(op)) { 960 flags |= SMB_OPLOCK_BREAK_TO_NONE; 961 (void) smb_oplock_break(sr, node, flags); 962 } else if (!smb_open_attr_only(op)) { 963 flags |= SMB_OPLOCK_BREAK_TO_LEVEL_II; 964 (void) smb_oplock_break(sr, node, flags); 965 } 966 } 967 968 /* 969 * smb_open_attr_only 970 * 971 * Determine if file is being opened for attribute access only. 972 * This is used to determine whether it is necessary to break 973 * existing oplocks on the file. 974 */ 975 static boolean_t 976 smb_open_attr_only(smb_arg_open_t *op) 977 { 978 if (((op->desired_access & ~(FILE_READ_ATTRIBUTES | 979 FILE_WRITE_ATTRIBUTES | SYNCHRONIZE | READ_CONTROL)) == 0) && 980 (op->create_disposition != FILE_SUPERSEDE) && 981 (op->create_disposition != FILE_OVERWRITE)) { 982 return (B_TRUE); 983 } 984 return (B_FALSE); 985 } 986 987 static boolean_t 988 smb_open_overwrite(smb_arg_open_t *op) 989 { 990 if ((op->create_disposition == FILE_SUPERSEDE) || 991 (op->create_disposition == FILE_OVERWRITE_IF) || 992 (op->create_disposition == FILE_OVERWRITE)) { 993 return (B_TRUE); 994 } 995 return (B_FALSE); 996 } 997 998 /* 999 * smb_set_open_attributes 1000 * 1001 * Last write time: 1002 * - If the last_write time specified in the open params is not 0 or -1, 1003 * use it as file's mtime. This will be considered an explicitly set 1004 * timestamps, not reset by subsequent writes. 1005 * 1006 * DOS attributes 1007 * - If we created_readonly, we now store the real DOS attributes 1008 * (including the readonly bit) so subsequent opens will see it. 1009 * 1010 * Both are stored "pending" rather than in the file system. 1011 * 1012 * Returns: errno 1013 */ 1014 static int 1015 smb_set_open_attributes(smb_request_t *sr, smb_ofile_t *of) 1016 { 1017 smb_attr_t attr; 1018 smb_arg_open_t *op = &sr->sr_open; 1019 smb_node_t *node = of->f_node; 1020 int rc = 0; 1021 1022 bzero(&attr, sizeof (smb_attr_t)); 1023 1024 if (op->created_readonly) { 1025 attr.sa_dosattr = op->dattr | FILE_ATTRIBUTE_READONLY; 1026 attr.sa_mask |= SMB_AT_DOSATTR; 1027 } 1028 1029 if (op->dsize != 0) { 1030 attr.sa_allocsz = op->dsize; 1031 attr.sa_mask |= SMB_AT_ALLOCSZ; 1032 } 1033 1034 if ((op->mtime.tv_sec != 0) && (op->mtime.tv_sec != UINT_MAX)) { 1035 attr.sa_vattr.va_mtime = op->mtime; 1036 attr.sa_mask |= SMB_AT_MTIME; 1037 } 1038 1039 /* 1040 * Used to have code here to set mtime, ctime, atime 1041 * when the open op->create_disposition is any of: 1042 * FILE_SUPERSEDE, FILE_OVERWRITE_IF, FILE_OVERWRITE. 1043 * We know that in those cases we will have set the 1044 * file size, in which case the file system will 1045 * update those times, so we don't have to. 1046 * 1047 * However, keep track of the fact that we modified 1048 * the file via this handle, so we can do the evil, 1049 * gratuitious mtime update on close that Windows 1050 * clients appear to expect. 1051 */ 1052 if (op->action_taken == SMB_OACT_TRUNCATED) 1053 of->f_written = B_TRUE; 1054 1055 if (attr.sa_mask != 0) 1056 rc = smb_node_setattr(sr, node, of->f_cr, of, &attr); 1057 1058 return (rc); 1059 } 1060 1061 /* 1062 * This function is used to delete a newly created object (file or 1063 * directory) if an error occurs after creation of the object. 1064 */ 1065 static void 1066 smb_delete_new_object(smb_request_t *sr) 1067 { 1068 smb_arg_open_t *op = &sr->sr_open; 1069 smb_fqi_t *fqi = &(op->fqi); 1070 uint32_t flags = 0; 1071 1072 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 1073 flags |= SMB_IGNORE_CASE; 1074 if (SMB_TREE_SUPPORTS_CATIA(sr)) 1075 flags |= SMB_CATIA; 1076 1077 if (op->create_options & FILE_DIRECTORY_FILE) 1078 (void) smb_fsop_rmdir(sr, sr->user_cr, fqi->fq_dnode, 1079 fqi->fq_last_comp, flags); 1080 else 1081 (void) smb_fsop_remove(sr, sr->user_cr, fqi->fq_dnode, 1082 fqi->fq_last_comp, flags); 1083 } 1084