1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. 24 * Copyright 2017 Nexenta Systems, Inc. All rights reserved. 25 */ 26 27 /* 28 * This module provides the common open functionality to the various 29 * open and create SMB interface functions. 30 */ 31 32 #include <sys/types.h> 33 #include <sys/cmn_err.h> 34 #include <sys/fcntl.h> 35 #include <sys/nbmlock.h> 36 #include <smbsrv/string.h> 37 #include <smbsrv/smb2_kproto.h> 38 #include <smbsrv/smb_fsops.h> 39 #include <smbsrv/smbinfo.h> 40 41 int smb_session_ofile_max = 32768; 42 43 static volatile uint32_t smb_fids = 0; 44 #define SMB_UNIQ_FID() atomic_inc_32_nv(&smb_fids) 45 46 extern uint32_t smb_is_executable(char *); 47 static void smb_delete_new_object(smb_request_t *); 48 static int smb_set_open_attributes(smb_request_t *, smb_ofile_t *); 49 50 /* 51 * smb_access_generic_to_file 52 * 53 * Search MSDN for IoCreateFile to see following mapping. 54 * 55 * GENERIC_READ STANDARD_RIGHTS_READ, FILE_READ_DATA, 56 * FILE_READ_ATTRIBUTES and FILE_READ_EA 57 * 58 * GENERIC_WRITE STANDARD_RIGHTS_WRITE, FILE_WRITE_DATA, 59 * FILE_WRITE_ATTRIBUTES, FILE_WRITE_EA, and FILE_APPEND_DATA 60 * 61 * GENERIC_EXECUTE STANDARD_RIGHTS_EXECUTE, SYNCHRONIZE, and FILE_EXECUTE. 62 */ 63 static uint32_t 64 smb_access_generic_to_file(uint32_t desired_access) 65 { 66 uint32_t access = 0; 67 68 if (desired_access & GENERIC_ALL) 69 return (FILE_ALL_ACCESS & ~SYNCHRONIZE); 70 71 if (desired_access & GENERIC_EXECUTE) { 72 desired_access &= ~GENERIC_EXECUTE; 73 access |= (STANDARD_RIGHTS_EXECUTE | 74 SYNCHRONIZE | FILE_EXECUTE); 75 } 76 77 if (desired_access & GENERIC_WRITE) { 78 desired_access &= ~GENERIC_WRITE; 79 access |= (FILE_GENERIC_WRITE & ~SYNCHRONIZE); 80 } 81 82 if (desired_access & GENERIC_READ) { 83 desired_access &= ~GENERIC_READ; 84 access |= FILE_GENERIC_READ; 85 } 86 87 return (access | desired_access); 88 } 89 90 /* 91 * smb_omode_to_amask 92 * 93 * This function converts open modes used by Open and Open AndX 94 * commands to desired access bits used by NT Create AndX command. 95 */ 96 uint32_t 97 smb_omode_to_amask(uint32_t desired_access) 98 { 99 switch (desired_access & SMB_DA_ACCESS_MASK) { 100 case SMB_DA_ACCESS_READ: 101 return (FILE_GENERIC_READ); 102 103 case SMB_DA_ACCESS_WRITE: 104 return (FILE_GENERIC_WRITE); 105 106 case SMB_DA_ACCESS_READ_WRITE: 107 return (FILE_GENERIC_READ | FILE_GENERIC_WRITE); 108 109 case SMB_DA_ACCESS_EXECUTE: 110 return (FILE_GENERIC_READ | FILE_GENERIC_EXECUTE); 111 112 default: 113 return (FILE_GENERIC_ALL); 114 } 115 } 116 117 /* 118 * smb_denymode_to_sharemode 119 * 120 * This function converts deny modes used by Open and Open AndX 121 * commands to share access bits used by NT Create AndX command. 122 */ 123 uint32_t 124 smb_denymode_to_sharemode(uint32_t desired_access, char *fname) 125 { 126 switch (desired_access & SMB_DA_SHARE_MASK) { 127 case SMB_DA_SHARE_COMPATIBILITY: 128 if (smb_is_executable(fname)) 129 return (FILE_SHARE_READ | FILE_SHARE_WRITE); 130 131 return (FILE_SHARE_ALL); 132 133 case SMB_DA_SHARE_EXCLUSIVE: 134 return (FILE_SHARE_NONE); 135 136 case SMB_DA_SHARE_DENY_WRITE: 137 return (FILE_SHARE_READ); 138 139 case SMB_DA_SHARE_DENY_READ: 140 return (FILE_SHARE_WRITE); 141 142 case SMB_DA_SHARE_DENY_NONE: 143 default: 144 return (FILE_SHARE_READ | FILE_SHARE_WRITE); 145 } 146 } 147 148 /* 149 * smb_ofun_to_crdisposition 150 * 151 * This function converts open function values used by Open and Open AndX 152 * commands to create disposition values used by NT Create AndX command. 153 */ 154 uint32_t 155 smb_ofun_to_crdisposition(uint16_t ofun) 156 { 157 static int ofun_cr_map[3][2] = 158 { 159 { -1, FILE_CREATE }, 160 { FILE_OPEN, FILE_OPEN_IF }, 161 { FILE_OVERWRITE, FILE_OVERWRITE_IF } 162 }; 163 164 int row = ofun & SMB_OFUN_OPEN_MASK; 165 int col = (ofun & SMB_OFUN_CREATE_MASK) >> 4; 166 167 if (row == 3) 168 return (FILE_MAXIMUM_DISPOSITION + 1); 169 170 return (ofun_cr_map[row][col]); 171 } 172 173 /* 174 * smb_common_open 175 * 176 * Notes on write-through behaviour. It looks like pre-LM0.12 versions 177 * of the protocol specify the write-through mode when a file is opened, 178 * (SmbOpen, SmbOpenAndX) so the write calls (SmbWrite, SmbWriteAndClose, 179 * SmbWriteAndUnlock) don't need to contain a write-through flag. 180 * 181 * With LM0.12, the open calls (SmbCreateAndX, SmbNtTransactCreate) 182 * don't indicate which write-through mode to use. Instead the write 183 * calls (SmbWriteAndX, SmbWriteRaw) specify the mode on a per call 184 * basis. 185 * 186 * We don't care which open call was used to get us here, we just need 187 * to ensure that the write-through mode flag is copied from the open 188 * parameters to the node. We test the omode write-through flag in all 189 * write functions. 190 * 191 * This function returns NT status codes. 192 * 193 * The following rules apply when processing a file open request: 194 * 195 * - Oplocks must be broken prior to share checking as the break may 196 * cause other clients to close the file, which would affect sharing 197 * checks. 198 * 199 * - Share checks must take place prior to access checks for correct 200 * Windows semantics and to prevent unnecessary NFS delegation recalls. 201 * 202 * - Oplocks must be acquired after open to ensure the correct 203 * synchronization with NFS delegation and FEM installation. 204 * 205 * DOS readonly bit rules 206 * 207 * 1. The creator of a readonly file can write to/modify the size of the file 208 * using the original create fid, even though the file will appear as readonly 209 * to all other fids and via a CIFS getattr call. 210 * 211 * 2. A setinfo operation (using either an open fid or a path) to set/unset 212 * readonly will be successful regardless of whether a creator of a readonly 213 * file has an open fid. 214 * 215 * 3. The DOS readonly bit affects only data and some metadata. 216 * The following metadata can be changed regardless of the readonly bit: 217 * - security descriptors 218 * - DOS attributes 219 * - timestamps 220 * 221 * In the current implementation, the file size cannot be changed (except for 222 * the exceptions in #1 and #2, above). 223 * 224 * 225 * DOS attribute rules 226 * 227 * These rules are specific to creating / opening files and directories. 228 * How the attribute value (specifically ZERO or FILE_ATTRIBUTE_NORMAL) 229 * should be interpreted may differ in other requests. 230 * 231 * - An attribute value equal to ZERO or FILE_ATTRIBUTE_NORMAL means that the 232 * file's attributes should be cleared. 233 * - If FILE_ATTRIBUTE_NORMAL is specified with any other attributes, 234 * FILE_ATTRIBUTE_NORMAL is ignored. 235 * 236 * 1. Creating a new file 237 * - The request attributes + FILE_ATTRIBUTE_ARCHIVE are applied to the file. 238 * 239 * 2. Creating a new directory 240 * - The request attributes + FILE_ATTRIBUTE_DIRECTORY are applied to the file. 241 * - FILE_ATTRIBUTE_ARCHIVE does not get set. 242 * 243 * 3. Overwriting an existing file 244 * - the request attributes are used as search attributes. If the existing 245 * file does not meet the search criteria access is denied. 246 * - otherwise, applies attributes + FILE_ATTRIBUTE_ARCHIVE. 247 * 248 * 4. Opening an existing file or directory 249 * The request attributes are ignored. 250 */ 251 uint32_t 252 smb_common_open(smb_request_t *sr) 253 { 254 smb_server_t *sv = sr->sr_server; 255 smb_tree_t *tree = sr->tid_tree; 256 smb_node_t *fnode = NULL; 257 smb_node_t *dnode = NULL; 258 smb_node_t *cur_node = NULL; 259 smb_arg_open_t *op = &sr->sr_open; 260 smb_pathname_t *pn = &op->fqi.fq_path; 261 smb_ofile_t *of = NULL; 262 smb_attr_t new_attr; 263 hrtime_t shrlock_t0; 264 int max_requested = 0; 265 uint32_t max_allowed; 266 uint32_t status = NT_STATUS_SUCCESS; 267 int is_dir; 268 int rc; 269 boolean_t is_stream = B_FALSE; 270 int lookup_flags = SMB_FOLLOW_LINKS; 271 uint32_t uniq_fid = 0; 272 uint16_t tree_fid = 0; 273 boolean_t created = B_FALSE; 274 boolean_t last_comp_found = B_FALSE; 275 boolean_t opening_incr = B_FALSE; 276 boolean_t dnode_held = B_FALSE; 277 boolean_t dnode_wlock = B_FALSE; 278 boolean_t fnode_held = B_FALSE; 279 boolean_t fnode_wlock = B_FALSE; 280 boolean_t fnode_shrlk = B_FALSE; 281 boolean_t did_open = B_FALSE; 282 boolean_t did_break_handle = B_FALSE; 283 284 /* Get out now if we've been cancelled. */ 285 mutex_enter(&sr->sr_mutex); 286 if (sr->sr_state != SMB_REQ_STATE_ACTIVE) { 287 mutex_exit(&sr->sr_mutex); 288 return (NT_STATUS_CANCELLED); 289 } 290 mutex_exit(&sr->sr_mutex); 291 292 is_dir = (op->create_options & FILE_DIRECTORY_FILE) ? 1 : 0; 293 294 /* 295 * If the object being created or opened is a directory 296 * the Disposition parameter must be one of FILE_CREATE, 297 * FILE_OPEN, or FILE_OPEN_IF 298 */ 299 if (is_dir) { 300 if ((op->create_disposition != FILE_CREATE) && 301 (op->create_disposition != FILE_OPEN_IF) && 302 (op->create_disposition != FILE_OPEN)) { 303 return (NT_STATUS_INVALID_PARAMETER); 304 } 305 } 306 307 if (op->desired_access & MAXIMUM_ALLOWED) { 308 max_requested = 1; 309 op->desired_access &= ~MAXIMUM_ALLOWED; 310 } 311 op->desired_access = smb_access_generic_to_file(op->desired_access); 312 313 if (sr->session->s_file_cnt >= smb_session_ofile_max) { 314 ASSERT(sr->uid_user); 315 cmn_err(CE_NOTE, "smbsrv[%s\\%s]: TOO_MANY_OPENED_FILES", 316 sr->uid_user->u_domain, sr->uid_user->u_name); 317 return (NT_STATUS_TOO_MANY_OPENED_FILES); 318 } 319 320 if (smb_idpool_alloc(&tree->t_fid_pool, &tree_fid)) 321 return (NT_STATUS_TOO_MANY_OPENED_FILES); 322 323 /* This must be NULL at this point */ 324 sr->fid_ofile = NULL; 325 326 op->devstate = 0; 327 328 switch (sr->tid_tree->t_res_type & STYPE_MASK) { 329 case STYPE_DISKTREE: 330 case STYPE_PRINTQ: 331 break; 332 333 case STYPE_IPC: 334 /* 335 * Security descriptors for pipes are not implemented, 336 * so just setup a reasonable access mask. 337 */ 338 op->desired_access = (READ_CONTROL | SYNCHRONIZE | 339 FILE_READ_DATA | FILE_READ_ATTRIBUTES | 340 FILE_WRITE_DATA | FILE_APPEND_DATA); 341 342 /* 343 * Limit the number of open pipe instances. 344 */ 345 if ((rc = smb_threshold_enter(&sv->sv_opipe_ct)) != 0) { 346 status = RPC_NT_SERVER_TOO_BUSY; 347 goto errout; 348 } 349 350 /* 351 * Most of IPC open is handled in smb_opipe_open() 352 */ 353 uniq_fid = SMB_UNIQ_FID(); 354 op->create_options = 0; 355 of = smb_ofile_alloc(sr, op, NULL, SMB_FTYPE_MESG_PIPE, 356 tree_fid, uniq_fid); 357 tree_fid = 0; // given to the ofile 358 status = smb_opipe_open(sr, of); 359 smb_threshold_exit(&sv->sv_opipe_ct); 360 if (status != NT_STATUS_SUCCESS) 361 goto errout; 362 return (NT_STATUS_SUCCESS); 363 364 default: 365 status = NT_STATUS_BAD_DEVICE_TYPE; 366 goto errout; 367 } 368 369 smb_pathname_init(sr, pn, pn->pn_path); 370 if (!smb_pathname_validate(sr, pn)) { 371 status = sr->smb_error.status; 372 goto errout; 373 } 374 375 if (strlen(pn->pn_path) >= SMB_MAXPATHLEN) { 376 status = NT_STATUS_OBJECT_PATH_INVALID; 377 goto errout; 378 } 379 380 if (is_dir) { 381 if (!smb_validate_dirname(sr, pn)) { 382 status = sr->smb_error.status; 383 goto errout; 384 } 385 } else { 386 if (!smb_validate_object_name(sr, pn)) { 387 status = sr->smb_error.status; 388 goto errout; 389 } 390 } 391 392 cur_node = op->fqi.fq_dnode ? 393 op->fqi.fq_dnode : sr->tid_tree->t_snode; 394 395 rc = smb_pathname_reduce(sr, sr->user_cr, pn->pn_path, 396 sr->tid_tree->t_snode, cur_node, &op->fqi.fq_dnode, 397 op->fqi.fq_last_comp); 398 if (rc != 0) { 399 status = smb_errno2status(rc); 400 goto errout; 401 } 402 dnode = op->fqi.fq_dnode; 403 dnode_held = B_TRUE; 404 405 /* 406 * Lock the parent dir node in case another create 407 * request to the same parent directory comes in. 408 * Drop this once either lookup succeeds, or we've 409 * created the object in this directory. 410 */ 411 smb_node_wrlock(dnode); 412 dnode_wlock = B_TRUE; 413 414 /* 415 * If the access mask has only DELETE set (ignore 416 * FILE_READ_ATTRIBUTES), then assume that this 417 * is a request to delete the link (if a link) 418 * and do not follow links. Otherwise, follow 419 * the link to the target. 420 */ 421 if ((op->desired_access & ~FILE_READ_ATTRIBUTES) == DELETE) 422 lookup_flags &= ~SMB_FOLLOW_LINKS; 423 424 rc = smb_fsop_lookup_name(sr, zone_kcred(), lookup_flags, 425 sr->tid_tree->t_snode, op->fqi.fq_dnode, op->fqi.fq_last_comp, 426 &op->fqi.fq_fnode); 427 428 if (rc == 0) { 429 last_comp_found = B_TRUE; 430 fnode_held = B_TRUE; 431 432 /* 433 * Need the DOS attributes below, where we 434 * check the search attributes (sattr). 435 * Also UID, for owner check below. 436 */ 437 op->fqi.fq_fattr.sa_mask = SMB_AT_DOSATTR | SMB_AT_UID; 438 rc = smb_node_getattr(sr, op->fqi.fq_fnode, zone_kcred(), 439 NULL, &op->fqi.fq_fattr); 440 if (rc != 0) { 441 status = NT_STATUS_INTERNAL_ERROR; 442 goto errout; 443 } 444 } else if (rc == ENOENT) { 445 last_comp_found = B_FALSE; 446 op->fqi.fq_fnode = NULL; 447 rc = 0; 448 } else { 449 status = smb_errno2status(rc); 450 goto errout; 451 } 452 453 /* 454 * The uniq_fid is a CIFS-server-wide unique identifier for an ofile 455 * which is used to uniquely identify open instances for the 456 * VFS share reservation and POSIX locks. 457 */ 458 uniq_fid = SMB_UNIQ_FID(); 459 460 if (last_comp_found) { 461 462 smb_node_unlock(dnode); 463 dnode_wlock = B_FALSE; 464 465 fnode = op->fqi.fq_fnode; 466 dnode = op->fqi.fq_dnode; 467 468 if (!smb_node_is_file(fnode) && 469 !smb_node_is_dir(fnode) && 470 !smb_node_is_symlink(fnode)) { 471 status = NT_STATUS_ACCESS_DENIED; 472 goto errout; 473 } 474 475 /* 476 * Reject this request if either: 477 * - the target IS a directory and the client requires that 478 * it must NOT be (required by Lotus Notes) 479 * - the target is NOT a directory and client requires that 480 * it MUST be. 481 */ 482 if (smb_node_is_dir(fnode)) { 483 if (op->create_options & FILE_NON_DIRECTORY_FILE) { 484 status = NT_STATUS_FILE_IS_A_DIRECTORY; 485 goto errout; 486 } 487 } else { 488 if ((op->create_options & FILE_DIRECTORY_FILE) || 489 (op->nt_flags & NT_CREATE_FLAG_OPEN_TARGET_DIR)) { 490 status = NT_STATUS_NOT_A_DIRECTORY; 491 goto errout; 492 } 493 } 494 495 /* 496 * No more open should be accepted when "Delete on close" 497 * flag is set. 498 */ 499 if (fnode->flags & NODE_FLAGS_DELETE_ON_CLOSE) { 500 status = NT_STATUS_DELETE_PENDING; 501 goto errout; 502 } 503 504 /* 505 * Specified file already exists so the operation should fail. 506 */ 507 if (op->create_disposition == FILE_CREATE) { 508 status = NT_STATUS_OBJECT_NAME_COLLISION; 509 goto errout; 510 } 511 512 /* 513 * Windows seems to check read-only access before file 514 * sharing check. 515 * 516 * Check to see if the file is currently readonly (regardless 517 * of whether this open will make it readonly). 518 * Readonly is ignored on directories. 519 */ 520 if (SMB_PATHFILE_IS_READONLY(sr, fnode) && 521 !smb_node_is_dir(fnode)) { 522 if (op->desired_access & 523 (FILE_WRITE_DATA | FILE_APPEND_DATA)) { 524 status = NT_STATUS_ACCESS_DENIED; 525 goto errout; 526 } 527 if (op->create_options & FILE_DELETE_ON_CLOSE) { 528 status = NT_STATUS_CANNOT_DELETE; 529 goto errout; 530 } 531 } 532 533 if ((op->create_disposition == FILE_SUPERSEDE) || 534 (op->create_disposition == FILE_OVERWRITE_IF) || 535 (op->create_disposition == FILE_OVERWRITE)) { 536 537 if (!smb_sattr_check(op->fqi.fq_fattr.sa_dosattr, 538 op->dattr)) { 539 status = NT_STATUS_ACCESS_DENIED; 540 goto errout; 541 } 542 543 if (smb_node_is_dir(fnode)) { 544 status = NT_STATUS_ACCESS_DENIED; 545 goto errout; 546 } 547 } 548 549 /* MS-FSA 2.1.5.1.2 */ 550 if (op->create_disposition == FILE_SUPERSEDE) 551 op->desired_access |= DELETE; 552 if ((op->create_disposition == FILE_OVERWRITE_IF) || 553 (op->create_disposition == FILE_OVERWRITE)) 554 op->desired_access |= FILE_WRITE_DATA; 555 556 status = smb_fsop_access(sr, sr->user_cr, fnode, 557 op->desired_access); 558 if (status != NT_STATUS_SUCCESS) 559 goto errout; 560 561 if (max_requested) { 562 smb_fsop_eaccess(sr, sr->user_cr, fnode, &max_allowed); 563 op->desired_access |= max_allowed; 564 } 565 566 /* 567 * File owner should always get read control + read attr. 568 */ 569 if (crgetuid(sr->user_cr) == op->fqi.fq_fattr.sa_vattr.va_uid) 570 op->desired_access |= 571 (READ_CONTROL | FILE_READ_ATTRIBUTES); 572 573 /* 574 * According to MS "dochelp" mail in Mar 2015, any handle 575 * on which read or write access is granted implicitly 576 * gets "read attributes", even if it was not requested. 577 */ 578 if ((op->desired_access & FILE_DATA_ALL) != 0) 579 op->desired_access |= FILE_READ_ATTRIBUTES; 580 581 /* 582 * Oplock break is done prior to sharing checks as the break 583 * may cause other clients to close the file which would 584 * affect the sharing checks, and may delete the file due to 585 * DELETE_ON_CLOSE. This may block, so set the file opening 586 * count before oplock stuff. 587 */ 588 of = smb_ofile_alloc(sr, op, fnode, SMB_FTYPE_DISK, 589 tree_fid, uniq_fid); 590 tree_fid = 0; // given to the ofile 591 592 smb_node_inc_opening_count(fnode); 593 opening_incr = B_TRUE; 594 595 /* 596 * XXX Supposed to do share access checks next. 597 * [MS-FSA] describes that as part of access check: 598 * 2.1.5.1.2.1 Alg... Check Access to an Existing File 599 * 600 * If CreateDisposition is FILE_OPEN or FILE_OPEN_IF: 601 * If Open.Stream.Oplock is not empty and 602 * Open.Stream.Oplock.State contains BATCH_OPLOCK, 603 * the object store MUST check for an oplock 604 * break according to the algorithm in section 2.1.4.12, 605 * with input values as follows: 606 * Open equal to this operation's Open 607 * Oplock equal to Open.Stream.Oplock 608 * Operation equal to "OPEN" 609 * OpParams containing two members: 610 * DesiredAccess, CreateDisposition 611 * 612 * It's not clear how Windows would ask the FS layer if 613 * the file has a BATCH oplock. We'll use a call to the 614 * common oplock code, which calls smb_oplock_break_OPEN 615 * only if the oplock state contains BATCH_OPLOCK. 616 * See: smb_oplock_break_BATCH() 617 * 618 * Also note: There's a nearly identical section in the 619 * spec. at the start of the "else" part of the above 620 * "if (disposition is overwrite, overwrite_if)" so this 621 * section (oplock break, the share mode check, and the 622 * next oplock_break_HANDLE) are all factored out to be 623 * in all cases above that if/else from the spec. 624 */ 625 status = smb_oplock_break_BATCH(fnode, of, 626 op->desired_access, op->create_disposition); 627 if (status == NT_STATUS_OPLOCK_BREAK_IN_PROGRESS) { 628 if (sr->session->dialect >= SMB_VERS_2_BASE) 629 (void) smb2sr_go_async(sr); 630 (void) smb_oplock_wait_break(fnode, 0); 631 status = 0; 632 } 633 if (status != NT_STATUS_SUCCESS) 634 goto errout; 635 636 /* 637 * Check for sharing violations, and if any, 638 * do oplock break of handle caching. 639 * 640 * Need node_wrlock during shrlock checks, 641 * and not locked during oplock breaks etc. 642 */ 643 shrlock_t0 = gethrtime(); 644 shrlock_again: 645 smb_node_wrlock(fnode); 646 fnode_wlock = B_TRUE; 647 status = smb_fsop_shrlock(sr->user_cr, fnode, uniq_fid, 648 op->desired_access, op->share_access); 649 smb_node_unlock(fnode); 650 fnode_wlock = B_FALSE; 651 652 /* 653 * [MS-FSA] "OPEN_BREAK_H" 654 * If the (proposed) new open would violate sharing rules, 655 * indicate an oplock break with OPEN_BREAK_H (to break 656 * handle level caching rights) then try again. 657 */ 658 if (status == NT_STATUS_SHARING_VIOLATION && 659 did_break_handle == B_FALSE) { 660 did_break_handle = B_TRUE; 661 662 status = smb_oplock_break_HANDLE(fnode, of); 663 if (status == NT_STATUS_OPLOCK_BREAK_IN_PROGRESS) { 664 if (sr->session->dialect >= SMB_VERS_2_BASE) 665 (void) smb2sr_go_async(sr); 666 (void) smb_oplock_wait_break(fnode, 0); 667 status = 0; 668 } else { 669 /* 670 * Even when the oplock layer does NOT 671 * give us the special status indicating 672 * we should wait, it may have scheduled 673 * taskq jobs that may close handles. 674 * Give those a chance to run before we 675 * check again for sharing violations. 676 */ 677 delay(MSEC_TO_TICK(10)); 678 } 679 if (status != NT_STATUS_SUCCESS) 680 goto errout; 681 682 goto shrlock_again; 683 } 684 685 /* 686 * SMB1 expects a 1 sec. delay before returning a 687 * sharing violation error. If breaking oplocks 688 * above took less than a sec, wait some more. 689 * See: smbtorture base.defer_open 690 */ 691 if (status == NT_STATUS_SHARING_VIOLATION && 692 sr->session->dialect < SMB_VERS_2_BASE) { 693 hrtime_t t1 = shrlock_t0 + NANOSEC; 694 hrtime_t now = gethrtime(); 695 if (now < t1) { 696 delay(NSEC_TO_TICK_ROUNDUP(t1 - now)); 697 } 698 } 699 700 if (status != NT_STATUS_SUCCESS) 701 goto errout; 702 fnode_shrlk = B_TRUE; 703 704 /* 705 * The [MS-FSA] spec. describes this oplock break as 706 * part of the sharing access checks. See: 707 * 2.1.5.1.2.2 Algorithm to Check Sharing Access... 708 * At the end of the share mode tests described there, 709 * if it has not returned "sharing violation", it 710 * specifies a call to the alg. in sec. 2.1.4.12, 711 * that boils down to: smb_oplock_break_OPEN() 712 */ 713 status = smb_oplock_break_OPEN(fnode, of, 714 op->desired_access, 715 op->create_disposition); 716 if (status == NT_STATUS_OPLOCK_BREAK_IN_PROGRESS) { 717 if (sr->session->dialect >= SMB_VERS_2_BASE) 718 (void) smb2sr_go_async(sr); 719 (void) smb_oplock_wait_break(fnode, 0); 720 status = 0; 721 } 722 if (status != NT_STATUS_SUCCESS) 723 goto errout; 724 725 if ((fnode->flags & NODE_FLAGS_DELETE_COMMITTED) != 0) { 726 /* 727 * Breaking the oplock caused the file to be deleted, 728 * so let's bail and pretend the file wasn't found. 729 * Have to duplicate much of the logic found a the 730 * "errout" label here. 731 * 732 * This code path is exercised by smbtorture 733 * smb2.durable-open.delete_on_close1 734 */ 735 DTRACE_PROBE1(node_deleted, smb_node_t, fnode); 736 smb_ofile_free(of); 737 of = NULL; 738 last_comp_found = B_FALSE; 739 740 /* 741 * Get all the holds and locks into the state 742 * they would have if lookup had failed. 743 */ 744 fnode_shrlk = B_FALSE; 745 smb_fsop_unshrlock(sr->user_cr, fnode, uniq_fid); 746 747 opening_incr = B_FALSE; 748 smb_node_dec_opening_count(fnode); 749 750 fnode_held = B_FALSE; 751 smb_node_release(fnode); 752 753 dnode_wlock = B_TRUE; 754 smb_node_wrlock(dnode); 755 756 goto create; 757 } 758 759 /* 760 * Go ahead with modifications as necessary. 761 */ 762 switch (op->create_disposition) { 763 case FILE_SUPERSEDE: 764 case FILE_OVERWRITE_IF: 765 case FILE_OVERWRITE: 766 op->dattr |= FILE_ATTRIBUTE_ARCHIVE; 767 /* Don't apply readonly until smb_set_open_attributes */ 768 if (op->dattr & FILE_ATTRIBUTE_READONLY) { 769 op->dattr &= ~FILE_ATTRIBUTE_READONLY; 770 op->created_readonly = B_TRUE; 771 } 772 773 /* 774 * Truncate the file data here. 775 * We set alloc_size = op->dsize later, 776 * after we have an ofile. See: 777 * smb_set_open_attributes 778 */ 779 bzero(&new_attr, sizeof (new_attr)); 780 new_attr.sa_dosattr = op->dattr; 781 new_attr.sa_vattr.va_size = 0; 782 new_attr.sa_mask = SMB_AT_DOSATTR | SMB_AT_SIZE; 783 rc = smb_fsop_setattr(sr, sr->user_cr, fnode, 784 &new_attr); 785 if (rc != 0) { 786 status = smb_errno2status(rc); 787 goto errout; 788 } 789 790 /* 791 * If file is being replaced, remove existing streams 792 */ 793 if (SMB_IS_STREAM(fnode) == 0) { 794 status = smb_fsop_remove_streams(sr, 795 sr->user_cr, fnode); 796 if (status != 0) 797 goto errout; 798 } 799 800 op->action_taken = SMB_OACT_TRUNCATED; 801 break; 802 803 default: 804 /* 805 * FILE_OPEN or FILE_OPEN_IF. 806 */ 807 /* 808 * Ignore any user-specified alloc_size for 809 * existing files, to avoid truncation in 810 * smb_set_open_attributes 811 */ 812 op->dsize = 0L; 813 op->action_taken = SMB_OACT_OPENED; 814 break; 815 } 816 } else { 817 create: 818 /* Last component was not found. */ 819 dnode = op->fqi.fq_dnode; 820 821 if (is_dir == 0) 822 is_stream = smb_is_stream_name(pn->pn_path); 823 824 if ((op->create_disposition == FILE_OPEN) || 825 (op->create_disposition == FILE_OVERWRITE)) { 826 status = NT_STATUS_OBJECT_NAME_NOT_FOUND; 827 goto errout; 828 } 829 830 if (pn->pn_fname && smb_is_invalid_filename(pn->pn_fname)) { 831 status = NT_STATUS_OBJECT_NAME_INVALID; 832 goto errout; 833 } 834 835 /* 836 * Don't create in directories marked "Delete on close". 837 */ 838 if (dnode->flags & NODE_FLAGS_DELETE_ON_CLOSE) { 839 status = NT_STATUS_DELETE_PENDING; 840 goto errout; 841 } 842 843 /* 844 * Create always sets the DOS attributes, type, and mode 845 * in the if/else below (different for file vs directory). 846 * Don't set the readonly bit until smb_set_open_attributes 847 * or that would prevent this open. Note that op->dattr 848 * needs to be what smb_set_open_attributes will use, 849 * except for the readonly bit. 850 */ 851 bzero(&new_attr, sizeof (new_attr)); 852 new_attr.sa_mask = SMB_AT_DOSATTR | SMB_AT_TYPE | SMB_AT_MODE; 853 if (op->dattr & FILE_ATTRIBUTE_READONLY) { 854 op->dattr &= ~FILE_ATTRIBUTE_READONLY; 855 op->created_readonly = B_TRUE; 856 } 857 858 /* 859 * SMB create can specify the create time. 860 */ 861 if ((op->crtime.tv_sec != 0) && 862 (op->crtime.tv_sec != UINT_MAX)) { 863 new_attr.sa_mask |= SMB_AT_CRTIME; 864 new_attr.sa_crtime = op->crtime; 865 } 866 867 if (is_dir == 0) { 868 op->dattr |= FILE_ATTRIBUTE_ARCHIVE; 869 new_attr.sa_dosattr = op->dattr; 870 new_attr.sa_vattr.va_type = VREG; 871 if (is_stream) 872 new_attr.sa_vattr.va_mode = S_IRUSR | S_IWUSR; 873 else 874 new_attr.sa_vattr.va_mode = 875 S_IRUSR | S_IRGRP | S_IROTH | 876 S_IWUSR | S_IWGRP | S_IWOTH; 877 878 /* 879 * We set alloc_size = op->dsize later, 880 * (in smb_set_open_attributes) after we 881 * have an ofile on which to save that. 882 * 883 * Legacy Open&X sets size to alloc_size 884 * when creating a new file. 885 */ 886 if (sr->smb_com == SMB_COM_OPEN_ANDX) { 887 new_attr.sa_vattr.va_size = op->dsize; 888 new_attr.sa_mask |= SMB_AT_SIZE; 889 } 890 891 rc = smb_fsop_create(sr, sr->user_cr, dnode, 892 op->fqi.fq_last_comp, &new_attr, &op->fqi.fq_fnode); 893 } else { 894 op->dattr |= FILE_ATTRIBUTE_DIRECTORY; 895 new_attr.sa_dosattr = op->dattr; 896 new_attr.sa_vattr.va_type = VDIR; 897 new_attr.sa_vattr.va_mode = 0777; 898 899 rc = smb_fsop_mkdir(sr, sr->user_cr, dnode, 900 op->fqi.fq_last_comp, &new_attr, &op->fqi.fq_fnode); 901 } 902 if (rc != 0) { 903 status = smb_errno2status(rc); 904 goto errout; 905 } 906 907 smb_node_unlock(dnode); 908 dnode_wlock = B_FALSE; 909 910 created = B_TRUE; 911 op->action_taken = SMB_OACT_CREATED; 912 913 fnode = op->fqi.fq_fnode; 914 fnode_held = B_TRUE; 915 916 smb_node_inc_opening_count(fnode); 917 opening_incr = B_TRUE; 918 919 smb_node_wrlock(fnode); 920 fnode_wlock = B_TRUE; 921 922 status = smb_fsop_shrlock(sr->user_cr, fnode, uniq_fid, 923 op->desired_access, op->share_access); 924 if (status != 0) 925 goto errout; 926 fnode_shrlk = B_TRUE; 927 928 if (max_requested) { 929 smb_fsop_eaccess(sr, sr->user_cr, fnode, &max_allowed); 930 op->desired_access |= max_allowed; 931 } 932 /* 933 * We created this object (we own it) so grant 934 * read_control + read_attributes on this handle, 935 * even if that was not requested. This avoids 936 * unexpected access failures later. 937 */ 938 op->desired_access |= (READ_CONTROL | FILE_READ_ATTRIBUTES); 939 940 /* 941 * MS-FSA 2.1.5.1.1 942 * If the Oplock member of the DirectoryStream in 943 * Link.ParentFile.StreamList (ParentOplock) is 944 * not empty ... oplock break on the parent... 945 * (dnode is the parent directory) 946 * 947 * This compares of->ParentOplockKey with each 948 * oplock of->TargetOplockKey and breaks... 949 * so it's OK that we're passing an OF that's 950 * NOT a member of dnode->n_ofile_list 951 * 952 * The break never blocks, so ignore the return. 953 */ 954 of = smb_ofile_alloc(sr, op, fnode, SMB_FTYPE_DISK, 955 tree_fid, uniq_fid); 956 tree_fid = 0; // given to the ofile 957 (void) smb_oplock_break_PARENT(dnode, of); 958 } 959 960 /* 961 * We might have blocked in smb_oplock_break_OPEN long enough 962 * so a tree disconnect might have happened. In that case, 963 * we would be adding an ofile to a tree that's disconnecting, 964 * which would interfere with tear-down. If so, error out. 965 */ 966 if (!smb_tree_is_connected(sr->tid_tree)) { 967 status = NT_STATUS_INVALID_PARAMETER; 968 goto errout; 969 } 970 971 /* 972 * Moved this up from smb_ofile_open() 973 */ 974 if ((rc = smb_fsop_open(fnode, of->f_mode, of->f_cr)) != 0) { 975 status = smb_errno2status(rc); 976 goto errout; 977 } 978 979 /* 980 * Complete this open (add to ofile lists) 981 */ 982 smb_ofile_open(sr, op, of); 983 did_open = B_TRUE; 984 985 /* 986 * This MUST be done after ofile creation, so that explicitly 987 * set timestamps can be remembered on the ofile, and setting 988 * the readonly flag won't affect access via this open. 989 */ 990 if ((rc = smb_set_open_attributes(sr, of)) != 0) { 991 status = smb_errno2status(rc); 992 goto errout; 993 } 994 995 /* 996 * We've already done access checks above, 997 * and want this call to succeed even when 998 * !(desired_access & FILE_READ_ATTRIBUTES), 999 * so pass kcred here. 1000 */ 1001 op->fqi.fq_fattr.sa_mask = SMB_AT_ALL; 1002 (void) smb_node_getattr(sr, fnode, zone_kcred(), of, 1003 &op->fqi.fq_fattr); 1004 1005 /* 1006 * Propagate the write-through mode from the open params 1007 * to the node: see the notes in the function header. 1008 * XXX: write_through should be a flag on the ofile. 1009 */ 1010 if (sr->sr_cfg->skc_sync_enable || 1011 (op->create_options & FILE_WRITE_THROUGH)) 1012 fnode->flags |= NODE_FLAGS_WRITE_THROUGH; 1013 1014 /* 1015 * Set up the fileid and dosattr in open_param for response 1016 */ 1017 op->fileid = op->fqi.fq_fattr.sa_vattr.va_nodeid; 1018 op->dattr = op->fqi.fq_fattr.sa_dosattr; 1019 1020 /* 1021 * Set up the file type in open_param for the response 1022 */ 1023 op->ftype = SMB_FTYPE_DISK; 1024 sr->smb_fid = of->f_fid; 1025 sr->fid_ofile = of; 1026 1027 if (smb_node_is_file(fnode)) { 1028 op->dsize = op->fqi.fq_fattr.sa_vattr.va_size; 1029 } else { 1030 /* directory or symlink */ 1031 op->dsize = 0; 1032 } 1033 1034 /* 1035 * Note: oplock_acquire happens in callers, because 1036 * how that happens is protocol-specific. 1037 */ 1038 1039 if (fnode_wlock) 1040 smb_node_unlock(fnode); 1041 if (opening_incr) 1042 smb_node_dec_opening_count(fnode); 1043 if (fnode_held) 1044 smb_node_release(fnode); 1045 if (dnode_wlock) 1046 smb_node_unlock(dnode); 1047 if (dnode_held) 1048 smb_node_release(dnode); 1049 1050 return (NT_STATUS_SUCCESS); 1051 1052 errout: 1053 if (did_open) { 1054 smb_ofile_close(of, 0); 1055 /* Don't also ofile_free */ 1056 } else if (of != NULL) { 1057 smb_ofile_free(of); 1058 } 1059 1060 if (fnode_shrlk) 1061 smb_fsop_unshrlock(sr->user_cr, fnode, uniq_fid); 1062 1063 if (created) { 1064 /* Try to roll-back create. */ 1065 smb_delete_new_object(sr); 1066 } 1067 1068 if (fnode_wlock) 1069 smb_node_unlock(fnode); 1070 if (opening_incr) 1071 smb_node_dec_opening_count(fnode); 1072 if (fnode_held) 1073 smb_node_release(fnode); 1074 if (dnode_wlock) 1075 smb_node_unlock(dnode); 1076 if (dnode_held) 1077 smb_node_release(dnode); 1078 1079 if (tree_fid != 0) 1080 smb_idpool_free(&tree->t_fid_pool, tree_fid); 1081 1082 return (status); 1083 } 1084 1085 /* 1086 * smb_set_open_attributes 1087 * 1088 * Last write time: 1089 * - If the last_write time specified in the open params is not 0 or -1, 1090 * use it as file's mtime. This will be considered an explicitly set 1091 * timestamps, not reset by subsequent writes. 1092 * 1093 * DOS attributes 1094 * - If we created_readonly, we now store the real DOS attributes 1095 * (including the readonly bit) so subsequent opens will see it. 1096 * 1097 * Returns: errno 1098 */ 1099 static int 1100 smb_set_open_attributes(smb_request_t *sr, smb_ofile_t *of) 1101 { 1102 smb_attr_t attr; 1103 smb_arg_open_t *op = &sr->sr_open; 1104 smb_node_t *node = of->f_node; 1105 int rc = 0; 1106 1107 bzero(&attr, sizeof (smb_attr_t)); 1108 1109 if (op->created_readonly) { 1110 attr.sa_dosattr = op->dattr | FILE_ATTRIBUTE_READONLY; 1111 attr.sa_mask |= SMB_AT_DOSATTR; 1112 } 1113 1114 if (op->dsize != 0) { 1115 attr.sa_allocsz = op->dsize; 1116 attr.sa_mask |= SMB_AT_ALLOCSZ; 1117 } 1118 1119 if ((op->mtime.tv_sec != 0) && (op->mtime.tv_sec != UINT_MAX)) { 1120 attr.sa_vattr.va_mtime = op->mtime; 1121 attr.sa_mask |= SMB_AT_MTIME; 1122 } 1123 1124 /* 1125 * Used to have code here to set mtime, ctime, atime 1126 * when the open op->create_disposition is any of: 1127 * FILE_SUPERSEDE, FILE_OVERWRITE_IF, FILE_OVERWRITE. 1128 * We know that in those cases we will have set the 1129 * file size, in which case the file system will 1130 * update those times, so we don't have to. 1131 * 1132 * However, keep track of the fact that we modified 1133 * the file via this handle, so we can do the evil, 1134 * gratuitious mtime update on close that Windows 1135 * clients expect. 1136 */ 1137 if (op->action_taken == SMB_OACT_TRUNCATED) 1138 of->f_written = B_TRUE; 1139 1140 if (attr.sa_mask != 0) 1141 rc = smb_node_setattr(sr, node, of->f_cr, of, &attr); 1142 1143 return (rc); 1144 } 1145 1146 /* 1147 * This function is used to delete a newly created object (file or 1148 * directory) if an error occurs after creation of the object. 1149 */ 1150 static void 1151 smb_delete_new_object(smb_request_t *sr) 1152 { 1153 smb_arg_open_t *op = &sr->sr_open; 1154 smb_fqi_t *fqi = &(op->fqi); 1155 uint32_t flags = 0; 1156 1157 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 1158 flags |= SMB_IGNORE_CASE; 1159 if (SMB_TREE_SUPPORTS_CATIA(sr)) 1160 flags |= SMB_CATIA; 1161 1162 if (op->create_options & FILE_DIRECTORY_FILE) 1163 (void) smb_fsop_rmdir(sr, sr->user_cr, fqi->fq_dnode, 1164 fqi->fq_last_comp, flags); 1165 else 1166 (void) smb_fsop_remove(sr, sr->user_cr, fqi->fq_dnode, 1167 fqi->fq_last_comp, flags); 1168 } 1169