1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. 24 * Copyright 2017 Nexenta Systems, Inc. All rights reserved. 25 */ 26 27 /* 28 * This module provides the common open functionality to the various 29 * open and create SMB interface functions. 30 */ 31 32 #include <sys/types.h> 33 #include <sys/cmn_err.h> 34 #include <sys/fcntl.h> 35 #include <sys/nbmlock.h> 36 #include <smbsrv/string.h> 37 #include <smbsrv/smb2_kproto.h> 38 #include <smbsrv/smb_fsops.h> 39 #include <smbsrv/smbinfo.h> 40 41 int smb_session_ofile_max = 32768; 42 43 extern uint32_t smb_is_executable(char *); 44 static void smb_delete_new_object(smb_request_t *); 45 static int smb_set_open_attributes(smb_request_t *, smb_ofile_t *); 46 47 /* 48 * smb_access_generic_to_file 49 * 50 * Search MSDN for IoCreateFile to see following mapping. 51 * 52 * GENERIC_READ STANDARD_RIGHTS_READ, FILE_READ_DATA, 53 * FILE_READ_ATTRIBUTES and FILE_READ_EA 54 * 55 * GENERIC_WRITE STANDARD_RIGHTS_WRITE, FILE_WRITE_DATA, 56 * FILE_WRITE_ATTRIBUTES, FILE_WRITE_EA, and FILE_APPEND_DATA 57 * 58 * GENERIC_EXECUTE STANDARD_RIGHTS_EXECUTE, SYNCHRONIZE, and FILE_EXECUTE. 59 */ 60 static uint32_t 61 smb_access_generic_to_file(uint32_t desired_access) 62 { 63 uint32_t access = 0; 64 65 if (desired_access & GENERIC_ALL) 66 return (FILE_ALL_ACCESS & ~SYNCHRONIZE); 67 68 if (desired_access & GENERIC_EXECUTE) { 69 desired_access &= ~GENERIC_EXECUTE; 70 access |= (STANDARD_RIGHTS_EXECUTE | 71 SYNCHRONIZE | FILE_EXECUTE); 72 } 73 74 if (desired_access & GENERIC_WRITE) { 75 desired_access &= ~GENERIC_WRITE; 76 access |= (FILE_GENERIC_WRITE & ~SYNCHRONIZE); 77 } 78 79 if (desired_access & GENERIC_READ) { 80 desired_access &= ~GENERIC_READ; 81 access |= FILE_GENERIC_READ; 82 } 83 84 return (access | desired_access); 85 } 86 87 /* 88 * smb_omode_to_amask 89 * 90 * This function converts open modes used by Open and Open AndX 91 * commands to desired access bits used by NT Create AndX command. 92 */ 93 uint32_t 94 smb_omode_to_amask(uint32_t desired_access) 95 { 96 switch (desired_access & SMB_DA_ACCESS_MASK) { 97 case SMB_DA_ACCESS_READ: 98 return (FILE_GENERIC_READ); 99 100 case SMB_DA_ACCESS_WRITE: 101 return (FILE_GENERIC_WRITE); 102 103 case SMB_DA_ACCESS_READ_WRITE: 104 return (FILE_GENERIC_READ | FILE_GENERIC_WRITE); 105 106 case SMB_DA_ACCESS_EXECUTE: 107 return (FILE_GENERIC_READ | FILE_GENERIC_EXECUTE); 108 109 default: 110 return (FILE_GENERIC_ALL); 111 } 112 } 113 114 /* 115 * smb_denymode_to_sharemode 116 * 117 * This function converts deny modes used by Open and Open AndX 118 * commands to share access bits used by NT Create AndX command. 119 */ 120 uint32_t 121 smb_denymode_to_sharemode(uint32_t desired_access, char *fname) 122 { 123 switch (desired_access & SMB_DA_SHARE_MASK) { 124 case SMB_DA_SHARE_COMPATIBILITY: 125 if (smb_is_executable(fname)) 126 return (FILE_SHARE_READ | FILE_SHARE_WRITE); 127 128 return (FILE_SHARE_ALL); 129 130 case SMB_DA_SHARE_EXCLUSIVE: 131 return (FILE_SHARE_NONE); 132 133 case SMB_DA_SHARE_DENY_WRITE: 134 return (FILE_SHARE_READ); 135 136 case SMB_DA_SHARE_DENY_READ: 137 return (FILE_SHARE_WRITE); 138 139 case SMB_DA_SHARE_DENY_NONE: 140 default: 141 return (FILE_SHARE_READ | FILE_SHARE_WRITE); 142 } 143 } 144 145 /* 146 * smb_ofun_to_crdisposition 147 * 148 * This function converts open function values used by Open and Open AndX 149 * commands to create disposition values used by NT Create AndX command. 150 */ 151 uint32_t 152 smb_ofun_to_crdisposition(uint16_t ofun) 153 { 154 static int ofun_cr_map[3][2] = 155 { 156 { -1, FILE_CREATE }, 157 { FILE_OPEN, FILE_OPEN_IF }, 158 { FILE_OVERWRITE, FILE_OVERWRITE_IF } 159 }; 160 161 int row = ofun & SMB_OFUN_OPEN_MASK; 162 int col = (ofun & SMB_OFUN_CREATE_MASK) >> 4; 163 164 if (row == 3) 165 return (FILE_MAXIMUM_DISPOSITION + 1); 166 167 return (ofun_cr_map[row][col]); 168 } 169 170 /* 171 * smb_common_open 172 * 173 * Notes on write-through behaviour. It looks like pre-LM0.12 versions 174 * of the protocol specify the write-through mode when a file is opened, 175 * (SmbOpen, SmbOpenAndX) so the write calls (SmbWrite, SmbWriteAndClose, 176 * SmbWriteAndUnlock) don't need to contain a write-through flag. 177 * 178 * With LM0.12, the open calls (SmbCreateAndX, SmbNtTransactCreate) 179 * don't indicate which write-through mode to use. Instead the write 180 * calls (SmbWriteAndX, SmbWriteRaw) specify the mode on a per call 181 * basis. 182 * 183 * We don't care which open call was used to get us here, we just need 184 * to ensure that the write-through mode flag is copied from the open 185 * parameters to the node. We test the omode write-through flag in all 186 * write functions. 187 * 188 * This function returns NT status codes. 189 * 190 * The following rules apply when processing a file open request: 191 * 192 * - Oplocks must be broken prior to share checking as the break may 193 * cause other clients to close the file, which would affect sharing 194 * checks. 195 * 196 * - Share checks must take place prior to access checks for correct 197 * Windows semantics and to prevent unnecessary NFS delegation recalls. 198 * 199 * - Oplocks must be acquired after open to ensure the correct 200 * synchronization with NFS delegation and FEM installation. 201 * 202 * DOS readonly bit rules 203 * 204 * 1. The creator of a readonly file can write to/modify the size of the file 205 * using the original create fid, even though the file will appear as readonly 206 * to all other fids and via a CIFS getattr call. 207 * 208 * 2. A setinfo operation (using either an open fid or a path) to set/unset 209 * readonly will be successful regardless of whether a creator of a readonly 210 * file has an open fid. 211 * 212 * 3. The DOS readonly bit affects only data and some metadata. 213 * The following metadata can be changed regardless of the readonly bit: 214 * - security descriptors 215 * - DOS attributes 216 * - timestamps 217 * 218 * In the current implementation, the file size cannot be changed (except for 219 * the exceptions in #1 and #2, above). 220 * 221 * 222 * DOS attribute rules 223 * 224 * These rules are specific to creating / opening files and directories. 225 * How the attribute value (specifically ZERO or FILE_ATTRIBUTE_NORMAL) 226 * should be interpreted may differ in other requests. 227 * 228 * - An attribute value equal to ZERO or FILE_ATTRIBUTE_NORMAL means that the 229 * file's attributes should be cleared. 230 * - If FILE_ATTRIBUTE_NORMAL is specified with any other attributes, 231 * FILE_ATTRIBUTE_NORMAL is ignored. 232 * 233 * 1. Creating a new file 234 * - The request attributes + FILE_ATTRIBUTE_ARCHIVE are applied to the file. 235 * 236 * 2. Creating a new directory 237 * - The request attributes + FILE_ATTRIBUTE_DIRECTORY are applied to the file. 238 * - FILE_ATTRIBUTE_ARCHIVE does not get set. 239 * 240 * 3. Overwriting an existing file 241 * - the request attributes are used as search attributes. If the existing 242 * file does not meet the search criteria access is denied. 243 * - otherwise, applies attributes + FILE_ATTRIBUTE_ARCHIVE. 244 * 245 * 4. Opening an existing file or directory 246 * The request attributes are ignored. 247 */ 248 uint32_t 249 smb_common_open(smb_request_t *sr) 250 { 251 smb_server_t *sv = sr->sr_server; 252 smb_tree_t *tree = sr->tid_tree; 253 smb_node_t *fnode = NULL; 254 smb_node_t *dnode = NULL; 255 smb_node_t *cur_node = NULL; 256 smb_arg_open_t *op = &sr->sr_open; 257 smb_pathname_t *pn = &op->fqi.fq_path; 258 smb_ofile_t *of = NULL; 259 smb_attr_t new_attr; 260 hrtime_t shrlock_t0; 261 int max_requested = 0; 262 uint32_t max_allowed; 263 uint32_t status = NT_STATUS_SUCCESS; 264 int is_dir; 265 int rc; 266 boolean_t is_stream = B_FALSE; 267 int lookup_flags = SMB_FOLLOW_LINKS; 268 uint32_t uniq_fid = 0; 269 uint16_t tree_fid = 0; 270 boolean_t created = B_FALSE; 271 boolean_t last_comp_found = B_FALSE; 272 boolean_t opening_incr = B_FALSE; 273 boolean_t dnode_held = B_FALSE; 274 boolean_t dnode_wlock = B_FALSE; 275 boolean_t fnode_held = B_FALSE; 276 boolean_t fnode_wlock = B_FALSE; 277 boolean_t fnode_shrlk = B_FALSE; 278 boolean_t did_open = B_FALSE; 279 boolean_t did_break_handle = B_FALSE; 280 boolean_t did_cleanup_orphans = B_FALSE; 281 282 /* Get out now if we've been cancelled. */ 283 mutex_enter(&sr->sr_mutex); 284 if (sr->sr_state != SMB_REQ_STATE_ACTIVE) { 285 mutex_exit(&sr->sr_mutex); 286 return (NT_STATUS_CANCELLED); 287 } 288 mutex_exit(&sr->sr_mutex); 289 290 is_dir = (op->create_options & FILE_DIRECTORY_FILE) ? 1 : 0; 291 292 /* 293 * If the object being created or opened is a directory 294 * the Disposition parameter must be one of FILE_CREATE, 295 * FILE_OPEN, or FILE_OPEN_IF 296 */ 297 if (is_dir) { 298 if ((op->create_disposition != FILE_CREATE) && 299 (op->create_disposition != FILE_OPEN_IF) && 300 (op->create_disposition != FILE_OPEN)) { 301 return (NT_STATUS_INVALID_PARAMETER); 302 } 303 } 304 305 if (op->desired_access & MAXIMUM_ALLOWED) { 306 max_requested = 1; 307 op->desired_access &= ~MAXIMUM_ALLOWED; 308 } 309 op->desired_access = smb_access_generic_to_file(op->desired_access); 310 311 if (sr->session->s_file_cnt >= smb_session_ofile_max) { 312 ASSERT(sr->uid_user); 313 cmn_err(CE_NOTE, "smbsrv[%s\\%s]: TOO_MANY_OPENED_FILES", 314 sr->uid_user->u_domain, sr->uid_user->u_name); 315 return (NT_STATUS_TOO_MANY_OPENED_FILES); 316 } 317 318 if (smb_idpool_alloc(&tree->t_fid_pool, &tree_fid)) 319 return (NT_STATUS_TOO_MANY_OPENED_FILES); 320 321 /* This must be NULL at this point */ 322 sr->fid_ofile = NULL; 323 324 op->devstate = 0; 325 326 switch (sr->tid_tree->t_res_type & STYPE_MASK) { 327 case STYPE_DISKTREE: 328 case STYPE_PRINTQ: 329 break; 330 331 case STYPE_IPC: 332 /* 333 * Security descriptors for pipes are not implemented, 334 * so just setup a reasonable access mask. 335 */ 336 op->desired_access = (READ_CONTROL | SYNCHRONIZE | 337 FILE_READ_DATA | FILE_READ_ATTRIBUTES | 338 FILE_WRITE_DATA | FILE_APPEND_DATA); 339 340 /* 341 * Limit the number of open pipe instances. 342 */ 343 if ((rc = smb_threshold_enter(&sv->sv_opipe_ct)) != 0) { 344 status = RPC_NT_SERVER_TOO_BUSY; 345 goto errout; 346 } 347 348 /* 349 * Most of IPC open is handled in smb_opipe_open() 350 */ 351 op->create_options = 0; 352 of = smb_ofile_alloc(sr, op, NULL, SMB_FTYPE_MESG_PIPE, 353 tree_fid); 354 tree_fid = 0; // given to the ofile 355 status = smb_opipe_open(sr, of); 356 smb_threshold_exit(&sv->sv_opipe_ct); 357 if (status != NT_STATUS_SUCCESS) 358 goto errout; 359 return (NT_STATUS_SUCCESS); 360 361 default: 362 status = NT_STATUS_BAD_DEVICE_TYPE; 363 goto errout; 364 } 365 366 smb_pathname_init(sr, pn, pn->pn_path); 367 if (!smb_pathname_validate(sr, pn)) { 368 status = sr->smb_error.status; 369 goto errout; 370 } 371 372 if (strlen(pn->pn_path) >= SMB_MAXPATHLEN) { 373 status = NT_STATUS_OBJECT_PATH_INVALID; 374 goto errout; 375 } 376 377 if (is_dir) { 378 if (!smb_validate_dirname(sr, pn)) { 379 status = sr->smb_error.status; 380 goto errout; 381 } 382 } else { 383 if (!smb_validate_object_name(sr, pn)) { 384 status = sr->smb_error.status; 385 goto errout; 386 } 387 } 388 389 cur_node = op->fqi.fq_dnode ? 390 op->fqi.fq_dnode : sr->tid_tree->t_snode; 391 392 rc = smb_pathname_reduce(sr, sr->user_cr, pn->pn_path, 393 sr->tid_tree->t_snode, cur_node, &op->fqi.fq_dnode, 394 op->fqi.fq_last_comp); 395 if (rc != 0) { 396 status = smb_errno2status(rc); 397 goto errout; 398 } 399 dnode = op->fqi.fq_dnode; 400 dnode_held = B_TRUE; 401 402 /* 403 * Lock the parent dir node in case another create 404 * request to the same parent directory comes in. 405 * Drop this once either lookup succeeds, or we've 406 * created the object in this directory. 407 */ 408 smb_node_wrlock(dnode); 409 dnode_wlock = B_TRUE; 410 411 /* 412 * If the access mask has only DELETE set (ignore 413 * FILE_READ_ATTRIBUTES), then assume that this 414 * is a request to delete the link (if a link) 415 * and do not follow links. Otherwise, follow 416 * the link to the target. 417 */ 418 if ((op->desired_access & ~FILE_READ_ATTRIBUTES) == DELETE) 419 lookup_flags &= ~SMB_FOLLOW_LINKS; 420 421 rc = smb_fsop_lookup_name(sr, zone_kcred(), lookup_flags, 422 sr->tid_tree->t_snode, op->fqi.fq_dnode, op->fqi.fq_last_comp, 423 &op->fqi.fq_fnode); 424 425 if (rc == 0) { 426 last_comp_found = B_TRUE; 427 fnode_held = B_TRUE; 428 429 /* 430 * Need the DOS attributes below, where we 431 * check the search attributes (sattr). 432 * Also UID, for owner check below. 433 */ 434 op->fqi.fq_fattr.sa_mask = SMB_AT_DOSATTR | SMB_AT_UID; 435 rc = smb_node_getattr(sr, op->fqi.fq_fnode, zone_kcred(), 436 NULL, &op->fqi.fq_fattr); 437 if (rc != 0) { 438 status = NT_STATUS_INTERNAL_ERROR; 439 goto errout; 440 } 441 } else if (rc == ENOENT) { 442 last_comp_found = B_FALSE; 443 op->fqi.fq_fnode = NULL; 444 rc = 0; 445 } else { 446 status = smb_errno2status(rc); 447 goto errout; 448 } 449 450 if (last_comp_found) { 451 452 smb_node_unlock(dnode); 453 dnode_wlock = B_FALSE; 454 455 fnode = op->fqi.fq_fnode; 456 dnode = op->fqi.fq_dnode; 457 458 if (!smb_node_is_file(fnode) && 459 !smb_node_is_dir(fnode) && 460 !smb_node_is_symlink(fnode)) { 461 status = NT_STATUS_ACCESS_DENIED; 462 goto errout; 463 } 464 465 /* 466 * Reject this request if either: 467 * - the target IS a directory and the client requires that 468 * it must NOT be (required by Lotus Notes) 469 * - the target is NOT a directory and client requires that 470 * it MUST be. 471 */ 472 if (smb_node_is_dir(fnode)) { 473 if (op->create_options & FILE_NON_DIRECTORY_FILE) { 474 status = NT_STATUS_FILE_IS_A_DIRECTORY; 475 goto errout; 476 } 477 } else { 478 if ((op->create_options & FILE_DIRECTORY_FILE) || 479 (op->nt_flags & NT_CREATE_FLAG_OPEN_TARGET_DIR)) { 480 status = NT_STATUS_NOT_A_DIRECTORY; 481 goto errout; 482 } 483 } 484 485 /* 486 * No more open should be accepted when "Delete on close" 487 * flag is set. 488 */ 489 if (fnode->flags & NODE_FLAGS_DELETE_ON_CLOSE) { 490 status = NT_STATUS_DELETE_PENDING; 491 goto errout; 492 } 493 494 /* 495 * Specified file already exists so the operation should fail. 496 */ 497 if (op->create_disposition == FILE_CREATE) { 498 status = NT_STATUS_OBJECT_NAME_COLLISION; 499 goto errout; 500 } 501 502 /* 503 * Windows seems to check read-only access before file 504 * sharing check. 505 * 506 * Check to see if the file is currently readonly (regardless 507 * of whether this open will make it readonly). 508 * Readonly is ignored on directories. 509 */ 510 if (SMB_PATHFILE_IS_READONLY(sr, fnode) && 511 !smb_node_is_dir(fnode)) { 512 if (op->desired_access & 513 (FILE_WRITE_DATA | FILE_APPEND_DATA)) { 514 status = NT_STATUS_ACCESS_DENIED; 515 goto errout; 516 } 517 if (op->create_options & FILE_DELETE_ON_CLOSE) { 518 status = NT_STATUS_CANNOT_DELETE; 519 goto errout; 520 } 521 } 522 523 if ((op->create_disposition == FILE_SUPERSEDE) || 524 (op->create_disposition == FILE_OVERWRITE_IF) || 525 (op->create_disposition == FILE_OVERWRITE)) { 526 527 if (!smb_sattr_check(op->fqi.fq_fattr.sa_dosattr, 528 op->dattr)) { 529 status = NT_STATUS_ACCESS_DENIED; 530 goto errout; 531 } 532 533 if (smb_node_is_dir(fnode)) { 534 status = NT_STATUS_ACCESS_DENIED; 535 goto errout; 536 } 537 } 538 539 /* MS-FSA 2.1.5.1.2 */ 540 if (op->create_disposition == FILE_SUPERSEDE) 541 op->desired_access |= DELETE; 542 if ((op->create_disposition == FILE_OVERWRITE_IF) || 543 (op->create_disposition == FILE_OVERWRITE)) 544 op->desired_access |= FILE_WRITE_DATA; 545 546 /* Dataset roots can't be deleted, so don't set DOC */ 547 if ((op->create_options & FILE_DELETE_ON_CLOSE) != 0 && 548 (fnode->flags & NODE_FLAGS_VFSROOT) != 0) { 549 status = NT_STATUS_CANNOT_DELETE; 550 goto errout; 551 } 552 553 status = smb_fsop_access(sr, sr->user_cr, fnode, 554 op->desired_access); 555 if (status != NT_STATUS_SUCCESS) 556 goto errout; 557 558 if (max_requested) { 559 smb_fsop_eaccess(sr, sr->user_cr, fnode, &max_allowed); 560 op->desired_access |= max_allowed; 561 } 562 563 /* 564 * File owner should always get read control + read attr. 565 */ 566 if (crgetuid(sr->user_cr) == op->fqi.fq_fattr.sa_vattr.va_uid) 567 op->desired_access |= 568 (READ_CONTROL | FILE_READ_ATTRIBUTES); 569 570 /* 571 * According to MS "dochelp" mail in Mar 2015, any handle 572 * on which read or write access is granted implicitly 573 * gets "read attributes", even if it was not requested. 574 */ 575 if ((op->desired_access & FILE_DATA_ALL) != 0) 576 op->desired_access |= FILE_READ_ATTRIBUTES; 577 578 /* 579 * Oplock break is done prior to sharing checks as the break 580 * may cause other clients to close the file which would 581 * affect the sharing checks, and may delete the file due to 582 * DELETE_ON_CLOSE. This may block, so set the file opening 583 * count before oplock stuff. 584 * 585 * Need the "proposed" ofile (and its TargetOplockKey) for 586 * correct oplock break semantics. 587 */ 588 of = smb_ofile_alloc(sr, op, fnode, SMB_FTYPE_DISK, 589 tree_fid); 590 tree_fid = 0; // given to the ofile 591 uniq_fid = of->f_uniqid; 592 593 smb_node_inc_opening_count(fnode); 594 opening_incr = B_TRUE; 595 596 /* 597 * XXX Supposed to do share access checks next. 598 * [MS-FSA] describes that as part of access check: 599 * 2.1.5.1.2.1 Alg... Check Access to an Existing File 600 * 601 * If CreateDisposition is FILE_OPEN or FILE_OPEN_IF: 602 * If Open.Stream.Oplock is not empty and 603 * Open.Stream.Oplock.State contains BATCH_OPLOCK, 604 * the object store MUST check for an oplock 605 * break according to the algorithm in section 2.1.4.12, 606 * with input values as follows: 607 * Open equal to this operation's Open 608 * Oplock equal to Open.Stream.Oplock 609 * Operation equal to "OPEN" 610 * OpParams containing two members: 611 * DesiredAccess, CreateDisposition 612 * 613 * It's not clear how Windows would ask the FS layer if 614 * the file has a BATCH oplock. We'll use a call to the 615 * common oplock code, which calls smb_oplock_break_OPEN 616 * only if the oplock state contains BATCH_OPLOCK. 617 * See: smb_oplock_break_BATCH() 618 * 619 * Also note: There's a nearly identical section in the 620 * spec. at the start of the "else" part of the above 621 * "if (disposition is overwrite, overwrite_if)" so this 622 * section (oplock break, the share mode check, and the 623 * next oplock_break_HANDLE) are all factored out to be 624 * in all cases above that if/else from the spec. 625 */ 626 status = smb_oplock_break_BATCH(fnode, of, 627 op->desired_access, op->create_disposition); 628 if (status == NT_STATUS_OPLOCK_BREAK_IN_PROGRESS) { 629 if (sr->session->dialect >= SMB_VERS_2_BASE) 630 (void) smb2sr_go_async(sr); 631 (void) smb_oplock_wait_break(fnode, 0); 632 status = 0; 633 } 634 if (status != NT_STATUS_SUCCESS) 635 goto errout; 636 637 /* 638 * Check for sharing violations, and if any, 639 * do oplock break of handle caching. 640 * 641 * Need node_wrlock during shrlock checks, 642 * and not locked during oplock breaks etc. 643 */ 644 shrlock_t0 = gethrtime(); 645 shrlock_again: 646 smb_node_wrlock(fnode); 647 fnode_wlock = B_TRUE; 648 status = smb_fsop_shrlock(sr->user_cr, fnode, uniq_fid, 649 op->desired_access, op->share_access); 650 smb_node_unlock(fnode); 651 fnode_wlock = B_FALSE; 652 653 /* 654 * [MS-FSA] "OPEN_BREAK_H" 655 * If the (proposed) new open would violate sharing rules, 656 * indicate an oplock break with OPEN_BREAK_H (to break 657 * handle level caching rights) then try again. 658 */ 659 if (status == NT_STATUS_SHARING_VIOLATION && 660 did_break_handle == B_FALSE) { 661 did_break_handle = B_TRUE; 662 663 status = smb_oplock_break_HANDLE(fnode, of); 664 if (status == NT_STATUS_OPLOCK_BREAK_IN_PROGRESS) { 665 if (sr->session->dialect >= SMB_VERS_2_BASE) 666 (void) smb2sr_go_async(sr); 667 (void) smb_oplock_wait_break(fnode, 0); 668 status = 0; 669 } else { 670 /* 671 * Even when the oplock layer does NOT 672 * give us the special status indicating 673 * we should wait, it may have scheduled 674 * taskq jobs that may close handles. 675 * Give those a chance to run before we 676 * check again for sharing violations. 677 */ 678 delay(MSEC_TO_TICK(10)); 679 } 680 if (status != NT_STATUS_SUCCESS) 681 goto errout; 682 683 goto shrlock_again; 684 } 685 686 /* 687 * If we still have orphaned durable handles on this file, 688 * let's assume the client has lost interest in those and 689 * close them so they don't cause sharing violations. 690 * See longer comment at smb2_dh_close_my_orphans(). 691 */ 692 if (status == NT_STATUS_SHARING_VIOLATION && 693 sr->session->dialect >= SMB_VERS_2_BASE && 694 did_cleanup_orphans == B_FALSE) { 695 696 did_cleanup_orphans = B_TRUE; 697 smb2_dh_close_my_orphans(sr, of); 698 699 goto shrlock_again; 700 } 701 702 /* 703 * SMB1 expects a 1 sec. delay before returning a 704 * sharing violation error. If breaking oplocks 705 * above took less than a sec, wait some more. 706 * See: smbtorture base.defer_open 707 */ 708 if (status == NT_STATUS_SHARING_VIOLATION && 709 sr->session->dialect < SMB_VERS_2_BASE) { 710 hrtime_t t1 = shrlock_t0 + NANOSEC; 711 hrtime_t now = gethrtime(); 712 if (now < t1) { 713 delay(NSEC_TO_TICK_ROUNDUP(t1 - now)); 714 } 715 } 716 717 if (status != NT_STATUS_SUCCESS) 718 goto errout; 719 fnode_shrlk = B_TRUE; 720 721 /* 722 * The [MS-FSA] spec. describes this oplock break as 723 * part of the sharing access checks. See: 724 * 2.1.5.1.2.2 Algorithm to Check Sharing Access... 725 * At the end of the share mode tests described there, 726 * if it has not returned "sharing violation", it 727 * specifies a call to the alg. in sec. 2.1.4.12, 728 * that boils down to: smb_oplock_break_OPEN() 729 */ 730 status = smb_oplock_break_OPEN(fnode, of, 731 op->desired_access, 732 op->create_disposition); 733 if (status == NT_STATUS_OPLOCK_BREAK_IN_PROGRESS) { 734 if (sr->session->dialect >= SMB_VERS_2_BASE) 735 (void) smb2sr_go_async(sr); 736 (void) smb_oplock_wait_break(fnode, 0); 737 status = 0; 738 } 739 if (status != NT_STATUS_SUCCESS) 740 goto errout; 741 742 if ((fnode->flags & NODE_FLAGS_DELETE_COMMITTED) != 0) { 743 /* 744 * Breaking the oplock caused the file to be deleted, 745 * so let's bail and pretend the file wasn't found. 746 * Have to duplicate much of the logic found a the 747 * "errout" label here. 748 * 749 * This code path is exercised by smbtorture 750 * smb2.durable-open.delete_on_close1 751 */ 752 DTRACE_PROBE1(node_deleted, smb_node_t, fnode); 753 smb_ofile_free(of); 754 of = NULL; 755 last_comp_found = B_FALSE; 756 757 /* 758 * Get all the holds and locks into the state 759 * they would have if lookup had failed. 760 */ 761 fnode_shrlk = B_FALSE; 762 smb_fsop_unshrlock(sr->user_cr, fnode, uniq_fid); 763 764 opening_incr = B_FALSE; 765 smb_node_dec_opening_count(fnode); 766 767 fnode_held = B_FALSE; 768 smb_node_release(fnode); 769 770 dnode_wlock = B_TRUE; 771 smb_node_wrlock(dnode); 772 773 goto create; 774 } 775 776 /* 777 * Go ahead with modifications as necessary. 778 */ 779 switch (op->create_disposition) { 780 case FILE_SUPERSEDE: 781 case FILE_OVERWRITE_IF: 782 case FILE_OVERWRITE: 783 op->dattr |= FILE_ATTRIBUTE_ARCHIVE; 784 /* Don't apply readonly until smb_set_open_attributes */ 785 if (op->dattr & FILE_ATTRIBUTE_READONLY) { 786 op->dattr &= ~FILE_ATTRIBUTE_READONLY; 787 op->created_readonly = B_TRUE; 788 } 789 790 /* 791 * Truncate the file data here. 792 * We set alloc_size = op->dsize later, 793 * after we have an ofile. See: 794 * smb_set_open_attributes 795 */ 796 bzero(&new_attr, sizeof (new_attr)); 797 new_attr.sa_dosattr = op->dattr; 798 new_attr.sa_vattr.va_size = 0; 799 new_attr.sa_mask = SMB_AT_DOSATTR | SMB_AT_SIZE; 800 rc = smb_fsop_setattr(sr, sr->user_cr, fnode, 801 &new_attr); 802 if (rc != 0) { 803 status = smb_errno2status(rc); 804 goto errout; 805 } 806 807 /* 808 * If file is being replaced, remove existing streams 809 */ 810 if (SMB_IS_STREAM(fnode) == 0) { 811 status = smb_fsop_remove_streams(sr, 812 sr->user_cr, fnode); 813 if (status != 0) 814 goto errout; 815 } 816 817 op->action_taken = SMB_OACT_TRUNCATED; 818 break; 819 820 default: 821 /* 822 * FILE_OPEN or FILE_OPEN_IF. 823 */ 824 /* 825 * Ignore any user-specified alloc_size for 826 * existing files, to avoid truncation in 827 * smb_set_open_attributes 828 */ 829 op->dsize = 0L; 830 op->action_taken = SMB_OACT_OPENED; 831 break; 832 } 833 } else { 834 create: 835 /* Last component was not found. */ 836 dnode = op->fqi.fq_dnode; 837 838 if (is_dir == 0) 839 is_stream = smb_is_stream_name(pn->pn_path); 840 841 if ((op->create_disposition == FILE_OPEN) || 842 (op->create_disposition == FILE_OVERWRITE)) { 843 status = NT_STATUS_OBJECT_NAME_NOT_FOUND; 844 goto errout; 845 } 846 847 if (pn->pn_fname && smb_is_invalid_filename(pn->pn_fname)) { 848 status = NT_STATUS_OBJECT_NAME_INVALID; 849 goto errout; 850 } 851 852 /* 853 * Don't create in directories marked "Delete on close". 854 */ 855 if (dnode->flags & NODE_FLAGS_DELETE_ON_CLOSE) { 856 status = NT_STATUS_DELETE_PENDING; 857 goto errout; 858 } 859 860 /* 861 * Create always sets the DOS attributes, type, and mode 862 * in the if/else below (different for file vs directory). 863 * Don't set the readonly bit until smb_set_open_attributes 864 * or that would prevent this open. Note that op->dattr 865 * needs to be what smb_set_open_attributes will use, 866 * except for the readonly bit. 867 */ 868 bzero(&new_attr, sizeof (new_attr)); 869 new_attr.sa_mask = SMB_AT_DOSATTR | SMB_AT_TYPE | SMB_AT_MODE; 870 if (op->dattr & FILE_ATTRIBUTE_READONLY) { 871 op->dattr &= ~FILE_ATTRIBUTE_READONLY; 872 op->created_readonly = B_TRUE; 873 } 874 875 /* 876 * SMB create can specify the create time. 877 */ 878 if ((op->crtime.tv_sec != 0) && 879 (op->crtime.tv_sec != UINT_MAX)) { 880 new_attr.sa_mask |= SMB_AT_CRTIME; 881 new_attr.sa_crtime = op->crtime; 882 } 883 884 if (is_dir == 0) { 885 op->dattr |= FILE_ATTRIBUTE_ARCHIVE; 886 new_attr.sa_dosattr = op->dattr; 887 new_attr.sa_vattr.va_type = VREG; 888 if (is_stream) 889 new_attr.sa_vattr.va_mode = S_IRUSR | S_IWUSR; 890 else 891 new_attr.sa_vattr.va_mode = 892 S_IRUSR | S_IRGRP | S_IROTH | 893 S_IWUSR | S_IWGRP | S_IWOTH; 894 895 /* 896 * We set alloc_size = op->dsize later, 897 * (in smb_set_open_attributes) after we 898 * have an ofile on which to save that. 899 * 900 * Legacy Open&X sets size to alloc_size 901 * when creating a new file. 902 */ 903 if (sr->smb_com == SMB_COM_OPEN_ANDX) { 904 new_attr.sa_vattr.va_size = op->dsize; 905 new_attr.sa_mask |= SMB_AT_SIZE; 906 } 907 908 rc = smb_fsop_create(sr, sr->user_cr, dnode, 909 op->fqi.fq_last_comp, &new_attr, &op->fqi.fq_fnode); 910 } else { 911 op->dattr |= FILE_ATTRIBUTE_DIRECTORY; 912 new_attr.sa_dosattr = op->dattr; 913 new_attr.sa_vattr.va_type = VDIR; 914 new_attr.sa_vattr.va_mode = 0777; 915 916 rc = smb_fsop_mkdir(sr, sr->user_cr, dnode, 917 op->fqi.fq_last_comp, &new_attr, &op->fqi.fq_fnode); 918 } 919 if (rc != 0) { 920 status = smb_errno2status(rc); 921 goto errout; 922 } 923 924 /* Create done. */ 925 smb_node_unlock(dnode); 926 dnode_wlock = B_FALSE; 927 928 created = B_TRUE; 929 op->action_taken = SMB_OACT_CREATED; 930 931 /* Note: hold from create */ 932 fnode = op->fqi.fq_fnode; 933 fnode_held = B_TRUE; 934 935 if (max_requested) { 936 smb_fsop_eaccess(sr, sr->user_cr, fnode, &max_allowed); 937 op->desired_access |= max_allowed; 938 } 939 /* 940 * We created this object (we own it) so grant 941 * read_control + read_attributes on this handle, 942 * even if that was not requested. This avoids 943 * unexpected access failures later. 944 */ 945 op->desired_access |= (READ_CONTROL | FILE_READ_ATTRIBUTES); 946 947 /* Allocate the ofile and fill in most of it. */ 948 of = smb_ofile_alloc(sr, op, fnode, SMB_FTYPE_DISK, 949 tree_fid); 950 tree_fid = 0; // given to the ofile 951 uniq_fid = of->f_uniqid; 952 953 smb_node_inc_opening_count(fnode); 954 opening_incr = B_TRUE; 955 956 /* 957 * Share access checks... 958 */ 959 smb_node_wrlock(fnode); 960 fnode_wlock = B_TRUE; 961 962 status = smb_fsop_shrlock(sr->user_cr, fnode, uniq_fid, 963 op->desired_access, op->share_access); 964 if (status != 0) 965 goto errout; 966 fnode_shrlk = B_TRUE; 967 968 /* 969 * MS-FSA 2.1.5.1.1 970 * If the Oplock member of the DirectoryStream in 971 * Link.ParentFile.StreamList (ParentOplock) is 972 * not empty ... oplock break on the parent... 973 * (dnode is the parent directory) 974 * 975 * This compares of->ParentOplockKey with each 976 * oplock of->TargetOplockKey and breaks... 977 * so it's OK that we're passing an OF that's 978 * NOT a member of dnode->n_ofile_list 979 * 980 * The break never blocks, so ignore the return. 981 */ 982 (void) smb_oplock_break_PARENT(dnode, of); 983 } 984 985 /* 986 * We might have blocked in smb_oplock_break_OPEN long enough 987 * so a tree disconnect might have happened. In that case, 988 * we would be adding an ofile to a tree that's disconnecting, 989 * which would interfere with tear-down. If so, error out. 990 */ 991 if (!smb_tree_is_connected(sr->tid_tree)) { 992 status = NT_STATUS_INVALID_PARAMETER; 993 goto errout; 994 } 995 996 /* 997 * Moved this up from smb_ofile_open() 998 */ 999 if ((rc = smb_fsop_open(fnode, of->f_mode, of->f_cr)) != 0) { 1000 status = smb_errno2status(rc); 1001 goto errout; 1002 } 1003 1004 /* 1005 * Complete this open (add to ofile lists) 1006 */ 1007 smb_ofile_open(sr, op, of); 1008 did_open = B_TRUE; 1009 1010 /* 1011 * This MUST be done after ofile creation, so that explicitly 1012 * set timestamps can be remembered on the ofile, and setting 1013 * the readonly flag won't affect access via this open. 1014 */ 1015 if ((rc = smb_set_open_attributes(sr, of)) != 0) { 1016 status = smb_errno2status(rc); 1017 goto errout; 1018 } 1019 1020 /* 1021 * We've already done access checks above, 1022 * and want this call to succeed even when 1023 * !(desired_access & FILE_READ_ATTRIBUTES), 1024 * so pass kcred here. 1025 */ 1026 op->fqi.fq_fattr.sa_mask = SMB_AT_ALL; 1027 (void) smb_node_getattr(sr, fnode, zone_kcred(), of, 1028 &op->fqi.fq_fattr); 1029 1030 /* 1031 * Propagate the write-through mode from the open params 1032 * to the node: see the notes in the function header. 1033 * XXX: write_through should be a flag on the ofile. 1034 */ 1035 if (sr->sr_cfg->skc_sync_enable || 1036 (op->create_options & FILE_WRITE_THROUGH)) 1037 fnode->flags |= NODE_FLAGS_WRITE_THROUGH; 1038 1039 /* 1040 * Set up the fileid and dosattr in open_param for response 1041 */ 1042 op->fileid = op->fqi.fq_fattr.sa_vattr.va_nodeid; 1043 op->dattr = op->fqi.fq_fattr.sa_dosattr; 1044 1045 /* 1046 * Set up the file type in open_param for the response 1047 */ 1048 op->ftype = SMB_FTYPE_DISK; 1049 sr->smb_fid = of->f_fid; 1050 sr->fid_ofile = of; 1051 1052 if (smb_node_is_file(fnode)) { 1053 op->dsize = op->fqi.fq_fattr.sa_vattr.va_size; 1054 } else { 1055 /* directory or symlink */ 1056 op->dsize = 0; 1057 } 1058 1059 /* 1060 * Note: oplock_acquire happens in callers, because 1061 * how that happens is protocol-specific. 1062 */ 1063 1064 if (fnode_wlock) 1065 smb_node_unlock(fnode); 1066 if (opening_incr) 1067 smb_node_dec_opening_count(fnode); 1068 if (fnode_held) 1069 smb_node_release(fnode); 1070 if (dnode_wlock) 1071 smb_node_unlock(dnode); 1072 if (dnode_held) 1073 smb_node_release(dnode); 1074 1075 return (NT_STATUS_SUCCESS); 1076 1077 errout: 1078 if (did_open) { 1079 smb_ofile_close(of, 0); 1080 /* rele via sr->fid_ofile */ 1081 } else if (of != NULL) { 1082 /* No other refs possible */ 1083 smb_ofile_free(of); 1084 } 1085 1086 if (fnode_shrlk) 1087 smb_fsop_unshrlock(sr->user_cr, fnode, uniq_fid); 1088 1089 if (created) { 1090 /* Try to roll-back create. */ 1091 smb_delete_new_object(sr); 1092 } 1093 1094 if (fnode_wlock) 1095 smb_node_unlock(fnode); 1096 if (opening_incr) 1097 smb_node_dec_opening_count(fnode); 1098 if (fnode_held) 1099 smb_node_release(fnode); 1100 if (dnode_wlock) 1101 smb_node_unlock(dnode); 1102 if (dnode_held) 1103 smb_node_release(dnode); 1104 1105 if (tree_fid != 0) 1106 smb_idpool_free(&tree->t_fid_pool, tree_fid); 1107 1108 return (status); 1109 } 1110 1111 /* 1112 * smb_set_open_attributes 1113 * 1114 * Last write time: 1115 * - If the last_write time specified in the open params is not 0 or -1, 1116 * use it as file's mtime. This will be considered an explicitly set 1117 * timestamps, not reset by subsequent writes. 1118 * 1119 * DOS attributes 1120 * - If we created_readonly, we now store the real DOS attributes 1121 * (including the readonly bit) so subsequent opens will see it. 1122 * 1123 * Returns: errno 1124 */ 1125 static int 1126 smb_set_open_attributes(smb_request_t *sr, smb_ofile_t *of) 1127 { 1128 smb_attr_t attr; 1129 smb_arg_open_t *op = &sr->sr_open; 1130 smb_node_t *node = of->f_node; 1131 int rc = 0; 1132 1133 bzero(&attr, sizeof (smb_attr_t)); 1134 1135 if (op->created_readonly) { 1136 attr.sa_dosattr = op->dattr | FILE_ATTRIBUTE_READONLY; 1137 attr.sa_mask |= SMB_AT_DOSATTR; 1138 } 1139 1140 if (op->dsize != 0) { 1141 attr.sa_allocsz = op->dsize; 1142 attr.sa_mask |= SMB_AT_ALLOCSZ; 1143 } 1144 1145 if ((op->mtime.tv_sec != 0) && (op->mtime.tv_sec != UINT_MAX)) { 1146 attr.sa_vattr.va_mtime = op->mtime; 1147 attr.sa_mask |= SMB_AT_MTIME; 1148 } 1149 1150 /* 1151 * Used to have code here to set mtime, ctime, atime 1152 * when the open op->create_disposition is any of: 1153 * FILE_SUPERSEDE, FILE_OVERWRITE_IF, FILE_OVERWRITE. 1154 * We know that in those cases we will have set the 1155 * file size, in which case the file system will 1156 * update those times, so we don't have to. 1157 * 1158 * However, keep track of the fact that we modified 1159 * the file via this handle, so we can do the evil, 1160 * gratuitious mtime update on close that Windows 1161 * clients expect. 1162 */ 1163 if (op->action_taken == SMB_OACT_TRUNCATED) 1164 of->f_written = B_TRUE; 1165 1166 if (attr.sa_mask != 0) 1167 rc = smb_node_setattr(sr, node, of->f_cr, of, &attr); 1168 1169 return (rc); 1170 } 1171 1172 /* 1173 * This function is used to delete a newly created object (file or 1174 * directory) if an error occurs after creation of the object. 1175 */ 1176 static void 1177 smb_delete_new_object(smb_request_t *sr) 1178 { 1179 smb_arg_open_t *op = &sr->sr_open; 1180 smb_fqi_t *fqi = &(op->fqi); 1181 uint32_t flags = 0; 1182 1183 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 1184 flags |= SMB_IGNORE_CASE; 1185 if (SMB_TREE_SUPPORTS_CATIA(sr)) 1186 flags |= SMB_CATIA; 1187 1188 if (op->create_options & FILE_DIRECTORY_FILE) 1189 (void) smb_fsop_rmdir(sr, sr->user_cr, fqi->fq_dnode, 1190 fqi->fq_last_comp, flags); 1191 else 1192 (void) smb_fsop_remove(sr, sr->user_cr, fqi->fq_dnode, 1193 fqi->fq_last_comp, flags); 1194 } 1195