1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. 24 * Copyright 2013 Nexenta Systems, Inc. All rights reserved. 25 */ 26 27 /* 28 * This module provides the common open functionality to the various 29 * open and create SMB interface functions. 30 */ 31 32 #include <sys/types.h> 33 #include <sys/cmn_err.h> 34 #include <sys/fcntl.h> 35 #include <sys/nbmlock.h> 36 #include <smbsrv/string.h> 37 #include <smbsrv/smb_kproto.h> 38 #include <smbsrv/smb_fsops.h> 39 #include <smbsrv/smbinfo.h> 40 41 volatile uint32_t smb_fids = 0; 42 43 static uint32_t smb_open_subr(smb_request_t *); 44 extern uint32_t smb_is_executable(char *); 45 static void smb_delete_new_object(smb_request_t *); 46 static int smb_set_open_attributes(smb_request_t *, smb_ofile_t *); 47 static void smb_open_oplock_break(smb_request_t *, smb_node_t *); 48 static boolean_t smb_open_attr_only(smb_arg_open_t *); 49 static boolean_t smb_open_overwrite(smb_arg_open_t *); 50 51 /* 52 * smb_access_generic_to_file 53 * 54 * Search MSDN for IoCreateFile to see following mapping. 55 * 56 * GENERIC_READ STANDARD_RIGHTS_READ, FILE_READ_DATA, 57 * FILE_READ_ATTRIBUTES and FILE_READ_EA 58 * 59 * GENERIC_WRITE STANDARD_RIGHTS_WRITE, FILE_WRITE_DATA, 60 * FILE_WRITE_ATTRIBUTES, FILE_WRITE_EA, and FILE_APPEND_DATA 61 * 62 * GENERIC_EXECUTE STANDARD_RIGHTS_EXECUTE, SYNCHRONIZE, and FILE_EXECUTE. 63 * 64 * Careful, we have to emulate some Windows behavior here. 65 * When requested access == zero, you get READ_CONTROL. 66 * MacOS 10.7 depends on this. 67 */ 68 uint32_t 69 smb_access_generic_to_file(uint32_t desired_access) 70 { 71 uint32_t access = READ_CONTROL; 72 73 if (desired_access & GENERIC_ALL) 74 return (FILE_ALL_ACCESS & ~SYNCHRONIZE); 75 76 if (desired_access & GENERIC_EXECUTE) { 77 desired_access &= ~GENERIC_EXECUTE; 78 access |= (STANDARD_RIGHTS_EXECUTE | 79 SYNCHRONIZE | FILE_EXECUTE); 80 } 81 82 if (desired_access & GENERIC_WRITE) { 83 desired_access &= ~GENERIC_WRITE; 84 access |= (FILE_GENERIC_WRITE & ~SYNCHRONIZE); 85 } 86 87 if (desired_access & GENERIC_READ) { 88 desired_access &= ~GENERIC_READ; 89 access |= FILE_GENERIC_READ; 90 } 91 92 return (access | desired_access); 93 } 94 95 /* 96 * smb_omode_to_amask 97 * 98 * This function converts open modes used by Open and Open AndX 99 * commands to desired access bits used by NT Create AndX command. 100 */ 101 uint32_t 102 smb_omode_to_amask(uint32_t desired_access) 103 { 104 switch (desired_access & SMB_DA_ACCESS_MASK) { 105 case SMB_DA_ACCESS_READ: 106 return (FILE_GENERIC_READ); 107 108 case SMB_DA_ACCESS_WRITE: 109 return (FILE_GENERIC_WRITE); 110 111 case SMB_DA_ACCESS_READ_WRITE: 112 return (FILE_GENERIC_READ | FILE_GENERIC_WRITE); 113 114 case SMB_DA_ACCESS_EXECUTE: 115 return (FILE_GENERIC_EXECUTE); 116 117 default: 118 return (FILE_GENERIC_ALL); 119 } 120 } 121 122 /* 123 * smb_denymode_to_sharemode 124 * 125 * This function converts deny modes used by Open and Open AndX 126 * commands to share access bits used by NT Create AndX command. 127 */ 128 uint32_t 129 smb_denymode_to_sharemode(uint32_t desired_access, char *fname) 130 { 131 switch (desired_access & SMB_DA_SHARE_MASK) { 132 case SMB_DA_SHARE_COMPATIBILITY: 133 if (smb_is_executable(fname)) 134 return (FILE_SHARE_READ | FILE_SHARE_WRITE); 135 136 return (FILE_SHARE_ALL); 137 138 case SMB_DA_SHARE_EXCLUSIVE: 139 return (FILE_SHARE_NONE); 140 141 case SMB_DA_SHARE_DENY_WRITE: 142 return (FILE_SHARE_READ); 143 144 case SMB_DA_SHARE_DENY_READ: 145 return (FILE_SHARE_WRITE); 146 147 case SMB_DA_SHARE_DENY_NONE: 148 default: 149 return (FILE_SHARE_READ | FILE_SHARE_WRITE); 150 } 151 } 152 153 /* 154 * smb_ofun_to_crdisposition 155 * 156 * This function converts open function values used by Open and Open AndX 157 * commands to create disposition values used by NT Create AndX command. 158 */ 159 uint32_t 160 smb_ofun_to_crdisposition(uint16_t ofun) 161 { 162 static int ofun_cr_map[3][2] = 163 { 164 { -1, FILE_CREATE }, 165 { FILE_OPEN, FILE_OPEN_IF }, 166 { FILE_OVERWRITE, FILE_OVERWRITE_IF } 167 }; 168 169 int row = ofun & SMB_OFUN_OPEN_MASK; 170 int col = (ofun & SMB_OFUN_CREATE_MASK) >> 4; 171 172 if (row == 3) 173 return (FILE_MAXIMUM_DISPOSITION + 1); 174 175 return (ofun_cr_map[row][col]); 176 } 177 178 /* 179 * Retry opens to avoid spurious sharing violations, due to timing 180 * issues between closes and opens. The client that already has the 181 * file open may be in the process of closing it. 182 */ 183 uint32_t 184 smb_common_open(smb_request_t *sr) 185 { 186 smb_arg_open_t *parg; 187 uint32_t status = NT_STATUS_SUCCESS; 188 int count; 189 190 parg = kmem_alloc(sizeof (*parg), KM_SLEEP); 191 bcopy(&sr->arg.open, parg, sizeof (*parg)); 192 193 for (count = 0; count <= 4; count++) { 194 if (count != 0) 195 delay(MSEC_TO_TICK(400)); 196 197 status = smb_open_subr(sr); 198 if (status != NT_STATUS_SHARING_VIOLATION) 199 break; 200 201 bcopy(parg, &sr->arg.open, sizeof (*parg)); 202 } 203 204 if (status == NT_STATUS_SHARING_VIOLATION) { 205 smbsr_error(sr, NT_STATUS_SHARING_VIOLATION, 206 ERRDOS, ERROR_SHARING_VIOLATION); 207 } 208 209 if (status == NT_STATUS_NO_SUCH_FILE) { 210 smbsr_error(sr, NT_STATUS_OBJECT_NAME_NOT_FOUND, 211 ERRDOS, ERROR_FILE_NOT_FOUND); 212 } 213 214 kmem_free(parg, sizeof (*parg)); 215 return (status); 216 } 217 218 /* 219 * smb_open_subr 220 * 221 * Notes on write-through behaviour. It looks like pre-LM0.12 versions 222 * of the protocol specify the write-through mode when a file is opened, 223 * (SmbOpen, SmbOpenAndX) so the write calls (SmbWrite, SmbWriteAndClose, 224 * SmbWriteAndUnlock) don't need to contain a write-through flag. 225 * 226 * With LM0.12, the open calls (SmbCreateAndX, SmbNtTransactCreate) 227 * don't indicate which write-through mode to use. Instead the write 228 * calls (SmbWriteAndX, SmbWriteRaw) specify the mode on a per call 229 * basis. 230 * 231 * We don't care which open call was used to get us here, we just need 232 * to ensure that the write-through mode flag is copied from the open 233 * parameters to the node. We test the omode write-through flag in all 234 * write functions. 235 * 236 * This function will return NT status codes but it also raises errors, 237 * in which case it won't return to the caller. Be careful how you 238 * handle things in here. 239 * 240 * The following rules apply when processing a file open request: 241 * 242 * - Oplocks must be broken prior to share checking as the break may 243 * cause other clients to close the file, which would affect sharing 244 * checks. 245 * 246 * - Share checks must take place prior to access checks for correct 247 * Windows semantics and to prevent unnecessary NFS delegation recalls. 248 * 249 * - Oplocks must be acquired after open to ensure the correct 250 * synchronization with NFS delegation and FEM installation. 251 * 252 * DOS readonly bit rules 253 * 254 * 1. The creator of a readonly file can write to/modify the size of the file 255 * using the original create fid, even though the file will appear as readonly 256 * to all other fids and via a CIFS getattr call. 257 * The readonly bit therefore cannot be set in the filesystem until the file 258 * is closed (smb_ofile_close). It is accounted for via ofile and node flags. 259 * 260 * 2. A setinfo operation (using either an open fid or a path) to set/unset 261 * readonly will be successful regardless of whether a creator of a readonly 262 * file has an open fid (and has the special privilege mentioned in #1, 263 * above). I.e., the creator of a readonly fid holding that fid will no longer 264 * have a special privilege. 265 * 266 * 3. The DOS readonly bit affects only data and some metadata. 267 * The following metadata can be changed regardless of the readonly bit: 268 * - security descriptors 269 * - DOS attributes 270 * - timestamps 271 * 272 * In the current implementation, the file size cannot be changed (except for 273 * the exceptions in #1 and #2, above). 274 * 275 * 276 * DOS attribute rules 277 * 278 * These rules are specific to creating / opening files and directories. 279 * How the attribute value (specifically ZERO or FILE_ATTRIBUTE_NORMAL) 280 * should be interpreted may differ in other requests. 281 * 282 * - An attribute value equal to ZERO or FILE_ATTRIBUTE_NORMAL means that the 283 * file's attributes should be cleared. 284 * - If FILE_ATTRIBUTE_NORMAL is specified with any other attributes, 285 * FILE_ATTRIBUTE_NORMAL is ignored. 286 * 287 * 1. Creating a new file 288 * - The request attributes + FILE_ATTRIBUTE_ARCHIVE are applied to the file. 289 * 290 * 2. Creating a new directory 291 * - The request attributes + FILE_ATTRIBUTE_DIRECTORY are applied to the file. 292 * - FILE_ATTRIBUTE_ARCHIVE does not get set. 293 * 294 * 3. Overwriting an existing file 295 * - the request attributes are used as search attributes. If the existing 296 * file does not meet the search criteria access is denied. 297 * - otherwise, applies attributes + FILE_ATTRIBUTE_ARCHIVE. 298 * 299 * 4. Opening an existing file or directory 300 * The request attributes are ignored. 301 */ 302 static uint32_t 303 smb_open_subr(smb_request_t *sr) 304 { 305 boolean_t created = B_FALSE; 306 boolean_t last_comp_found = B_FALSE; 307 smb_node_t *node = NULL; 308 smb_node_t *dnode = NULL; 309 smb_node_t *cur_node = NULL; 310 smb_arg_open_t *op = &sr->sr_open; 311 int rc; 312 smb_ofile_t *of; 313 smb_attr_t new_attr; 314 int max_requested = 0; 315 uint32_t max_allowed; 316 uint32_t status = NT_STATUS_SUCCESS; 317 int is_dir; 318 smb_error_t err; 319 boolean_t is_stream = B_FALSE; 320 int lookup_flags = SMB_FOLLOW_LINKS; 321 uint32_t uniq_fid; 322 smb_pathname_t *pn = &op->fqi.fq_path; 323 smb_server_t *sv = sr->sr_server; 324 325 is_dir = (op->create_options & FILE_DIRECTORY_FILE) ? 1 : 0; 326 327 /* 328 * If the object being created or opened is a directory 329 * the Disposition parameter must be one of FILE_CREATE, 330 * FILE_OPEN, or FILE_OPEN_IF 331 */ 332 if (is_dir) { 333 if ((op->create_disposition != FILE_CREATE) && 334 (op->create_disposition != FILE_OPEN_IF) && 335 (op->create_disposition != FILE_OPEN)) { 336 smbsr_error(sr, NT_STATUS_INVALID_PARAMETER, 337 ERRDOS, ERROR_INVALID_ACCESS); 338 return (NT_STATUS_INVALID_PARAMETER); 339 } 340 } 341 342 if (op->desired_access & MAXIMUM_ALLOWED) { 343 max_requested = 1; 344 op->desired_access &= ~MAXIMUM_ALLOWED; 345 } 346 op->desired_access = smb_access_generic_to_file(op->desired_access); 347 348 if (sr->session->s_file_cnt >= SMB_SESSION_OFILE_MAX) { 349 ASSERT(sr->uid_user); 350 cmn_err(CE_NOTE, "smbsrv[%s\\%s]: TOO_MANY_OPENED_FILES", 351 sr->uid_user->u_domain, sr->uid_user->u_name); 352 353 smbsr_error(sr, NT_STATUS_TOO_MANY_OPENED_FILES, 354 ERRDOS, ERROR_TOO_MANY_OPEN_FILES); 355 return (NT_STATUS_TOO_MANY_OPENED_FILES); 356 } 357 358 /* This must be NULL at this point */ 359 sr->fid_ofile = NULL; 360 361 op->devstate = 0; 362 363 switch (sr->tid_tree->t_res_type & STYPE_MASK) { 364 case STYPE_DISKTREE: 365 case STYPE_PRINTQ: 366 break; 367 368 case STYPE_IPC: 369 370 if ((rc = smb_threshold_enter(&sv->sv_opipe_ct)) != 0) { 371 status = RPC_NT_SERVER_TOO_BUSY; 372 smbsr_error(sr, status, 0, 0); 373 return (status); 374 } 375 376 /* 377 * No further processing for IPC, we need to either 378 * raise an exception or return success here. 379 */ 380 if ((status = smb_opipe_open(sr)) != NT_STATUS_SUCCESS) 381 smbsr_error(sr, status, 0, 0); 382 383 smb_threshold_exit(&sv->sv_opipe_ct, sv); 384 return (status); 385 386 default: 387 smbsr_error(sr, NT_STATUS_BAD_DEVICE_TYPE, 388 ERRDOS, ERROR_BAD_DEV_TYPE); 389 return (NT_STATUS_BAD_DEVICE_TYPE); 390 } 391 392 smb_pathname_init(sr, pn, pn->pn_path); 393 if (!smb_pathname_validate(sr, pn)) 394 return (sr->smb_error.status); 395 396 if (strlen(pn->pn_path) >= MAXPATHLEN) { 397 smbsr_error(sr, 0, ERRSRV, ERRfilespecs); 398 return (NT_STATUS_NAME_TOO_LONG); 399 } 400 401 if (is_dir) { 402 if (!smb_validate_dirname(sr, pn)) 403 return (sr->smb_error.status); 404 } else { 405 if (!smb_validate_object_name(sr, pn)) 406 return (sr->smb_error.status); 407 } 408 409 cur_node = op->fqi.fq_dnode ? 410 op->fqi.fq_dnode : sr->tid_tree->t_snode; 411 412 /* 413 * if no path or filename are specified the stream should be 414 * created on cur_node 415 */ 416 if (!is_dir && !pn->pn_pname && !pn->pn_fname && pn->pn_sname) { 417 /* 418 * Can't currently handle a stream on the tree root. 419 * If a stream is being opened return "not found", otherwise 420 * return "access denied". 421 */ 422 if (cur_node == sr->tid_tree->t_snode) { 423 if (op->create_disposition == FILE_OPEN) { 424 smbsr_error(sr, NT_STATUS_OBJECT_NAME_NOT_FOUND, 425 ERRDOS, ERROR_FILE_NOT_FOUND); 426 return (NT_STATUS_OBJECT_NAME_NOT_FOUND); 427 } 428 smbsr_error(sr, NT_STATUS_ACCESS_DENIED, ERRDOS, 429 ERROR_ACCESS_DENIED); 430 return (NT_STATUS_ACCESS_DENIED); 431 } 432 433 (void) snprintf(op->fqi.fq_last_comp, 434 sizeof (op->fqi.fq_last_comp), 435 "%s%s", cur_node->od_name, pn->pn_sname); 436 437 op->fqi.fq_dnode = cur_node->n_dnode; 438 smb_node_ref(op->fqi.fq_dnode); 439 } else { 440 if (rc = smb_pathname_reduce(sr, sr->user_cr, pn->pn_path, 441 sr->tid_tree->t_snode, cur_node, &op->fqi.fq_dnode, 442 op->fqi.fq_last_comp)) { 443 smbsr_errno(sr, rc); 444 return (sr->smb_error.status); 445 } 446 } 447 448 /* 449 * If the access mask has only DELETE set (ignore 450 * FILE_READ_ATTRIBUTES), then assume that this 451 * is a request to delete the link (if a link) 452 * and do not follow links. Otherwise, follow 453 * the link to the target. 454 */ 455 if ((op->desired_access & ~FILE_READ_ATTRIBUTES) == DELETE) 456 lookup_flags &= ~SMB_FOLLOW_LINKS; 457 458 rc = smb_fsop_lookup_name(sr, kcred, lookup_flags, 459 sr->tid_tree->t_snode, op->fqi.fq_dnode, op->fqi.fq_last_comp, 460 &op->fqi.fq_fnode); 461 462 if (rc == 0) { 463 last_comp_found = B_TRUE; 464 /* 465 * Need the DOS attributes below, where we 466 * check the search attributes (sattr). 467 */ 468 op->fqi.fq_fattr.sa_mask = SMB_AT_DOSATTR; 469 rc = smb_node_getattr(sr, op->fqi.fq_fnode, kcred, 470 NULL, &op->fqi.fq_fattr); 471 if (rc != 0) { 472 smb_node_release(op->fqi.fq_fnode); 473 smb_node_release(op->fqi.fq_dnode); 474 smbsr_error(sr, NT_STATUS_INTERNAL_ERROR, 475 ERRDOS, ERROR_INTERNAL_ERROR); 476 return (sr->smb_error.status); 477 } 478 } else if (rc == ENOENT) { 479 last_comp_found = B_FALSE; 480 op->fqi.fq_fnode = NULL; 481 rc = 0; 482 } else { 483 smb_node_release(op->fqi.fq_dnode); 484 smbsr_errno(sr, rc); 485 return (sr->smb_error.status); 486 } 487 488 489 /* 490 * The uniq_fid is a CIFS-server-wide unique identifier for an ofile 491 * which is used to uniquely identify open instances for the 492 * VFS share reservation and POSIX locks. 493 */ 494 495 uniq_fid = SMB_UNIQ_FID(); 496 497 if (last_comp_found) { 498 499 node = op->fqi.fq_fnode; 500 dnode = op->fqi.fq_dnode; 501 502 if (!smb_node_is_file(node) && !smb_node_is_dir(node) && 503 !smb_node_is_symlink(node)) { 504 smb_node_release(node); 505 smb_node_release(dnode); 506 smbsr_error(sr, NT_STATUS_ACCESS_DENIED, ERRDOS, 507 ERRnoaccess); 508 return (NT_STATUS_ACCESS_DENIED); 509 } 510 511 /* 512 * Reject this request if either: 513 * - the target IS a directory and the client requires that 514 * it must NOT be (required by Lotus Notes) 515 * - the target is NOT a directory and client requires that 516 * it MUST be. 517 */ 518 if (smb_node_is_dir(node)) { 519 if (op->create_options & FILE_NON_DIRECTORY_FILE) { 520 smb_node_release(node); 521 smb_node_release(dnode); 522 smbsr_error(sr, NT_STATUS_FILE_IS_A_DIRECTORY, 523 ERRDOS, ERROR_ACCESS_DENIED); 524 return (NT_STATUS_FILE_IS_A_DIRECTORY); 525 } 526 } else { 527 if ((op->create_options & FILE_DIRECTORY_FILE) || 528 (op->nt_flags & NT_CREATE_FLAG_OPEN_TARGET_DIR)) { 529 smb_node_release(node); 530 smb_node_release(dnode); 531 smbsr_error(sr, NT_STATUS_NOT_A_DIRECTORY, 532 ERRDOS, ERROR_DIRECTORY); 533 return (NT_STATUS_NOT_A_DIRECTORY); 534 } 535 } 536 537 /* 538 * No more open should be accepted when "Delete on close" 539 * flag is set. 540 */ 541 if (node->flags & NODE_FLAGS_DELETE_ON_CLOSE) { 542 smb_node_release(node); 543 smb_node_release(dnode); 544 smbsr_error(sr, NT_STATUS_DELETE_PENDING, 545 ERRDOS, ERROR_ACCESS_DENIED); 546 return (NT_STATUS_DELETE_PENDING); 547 } 548 549 /* 550 * Specified file already exists so the operation should fail. 551 */ 552 if (op->create_disposition == FILE_CREATE) { 553 smb_node_release(node); 554 smb_node_release(dnode); 555 smbsr_error(sr, NT_STATUS_OBJECT_NAME_COLLISION, 556 ERRDOS, ERROR_FILE_EXISTS); 557 return (NT_STATUS_OBJECT_NAME_COLLISION); 558 } 559 560 /* 561 * Windows seems to check read-only access before file 562 * sharing check. 563 * 564 * Check to see if the file is currently readonly (irrespective 565 * of whether this open will make it readonly). 566 */ 567 if (SMB_PATHFILE_IS_READONLY(sr, node)) { 568 /* Files data only */ 569 if (!smb_node_is_dir(node)) { 570 if (op->desired_access & (FILE_WRITE_DATA | 571 FILE_APPEND_DATA)) { 572 smb_node_release(node); 573 smb_node_release(dnode); 574 smbsr_error(sr, NT_STATUS_ACCESS_DENIED, 575 ERRDOS, ERRnoaccess); 576 return (NT_STATUS_ACCESS_DENIED); 577 } 578 } 579 } 580 581 /* 582 * Oplock break is done prior to sharing checks as the break 583 * may cause other clients to close the file which would 584 * affect the sharing checks. 585 */ 586 smb_node_inc_opening_count(node); 587 smb_open_oplock_break(sr, node); 588 589 smb_node_wrlock(node); 590 591 if ((op->create_disposition == FILE_SUPERSEDE) || 592 (op->create_disposition == FILE_OVERWRITE_IF) || 593 (op->create_disposition == FILE_OVERWRITE)) { 594 595 if ((!(op->desired_access & 596 (FILE_WRITE_DATA | FILE_APPEND_DATA | 597 FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA))) || 598 (!smb_sattr_check(op->fqi.fq_fattr.sa_dosattr, 599 op->dattr))) { 600 smb_node_unlock(node); 601 smb_node_dec_opening_count(node); 602 smb_node_release(node); 603 smb_node_release(dnode); 604 smbsr_error(sr, NT_STATUS_ACCESS_DENIED, 605 ERRDOS, ERRnoaccess); 606 return (NT_STATUS_ACCESS_DENIED); 607 } 608 } 609 610 status = smb_fsop_shrlock(sr->user_cr, node, uniq_fid, 611 op->desired_access, op->share_access); 612 613 if (status == NT_STATUS_SHARING_VIOLATION) { 614 smb_node_unlock(node); 615 smb_node_dec_opening_count(node); 616 smb_node_release(node); 617 smb_node_release(dnode); 618 return (status); 619 } 620 621 status = smb_fsop_access(sr, sr->user_cr, node, 622 op->desired_access); 623 624 if (status != NT_STATUS_SUCCESS) { 625 smb_fsop_unshrlock(sr->user_cr, node, uniq_fid); 626 627 smb_node_unlock(node); 628 smb_node_dec_opening_count(node); 629 smb_node_release(node); 630 smb_node_release(dnode); 631 632 if (status == NT_STATUS_PRIVILEGE_NOT_HELD) { 633 smbsr_error(sr, status, 634 ERRDOS, ERROR_PRIVILEGE_NOT_HELD); 635 return (status); 636 } else { 637 smbsr_error(sr, NT_STATUS_ACCESS_DENIED, 638 ERRDOS, ERROR_ACCESS_DENIED); 639 return (NT_STATUS_ACCESS_DENIED); 640 } 641 } 642 643 switch (op->create_disposition) { 644 case FILE_SUPERSEDE: 645 case FILE_OVERWRITE_IF: 646 case FILE_OVERWRITE: 647 if (smb_node_is_dir(node)) { 648 smb_fsop_unshrlock(sr->user_cr, node, uniq_fid); 649 smb_node_unlock(node); 650 smb_node_dec_opening_count(node); 651 smb_node_release(node); 652 smb_node_release(dnode); 653 smbsr_error(sr, NT_STATUS_ACCESS_DENIED, 654 ERRDOS, ERROR_ACCESS_DENIED); 655 return (NT_STATUS_ACCESS_DENIED); 656 } 657 658 op->dattr |= FILE_ATTRIBUTE_ARCHIVE; 659 /* Don't apply readonly bit until smb_ofile_close */ 660 if (op->dattr & FILE_ATTRIBUTE_READONLY) { 661 op->created_readonly = B_TRUE; 662 op->dattr &= ~FILE_ATTRIBUTE_READONLY; 663 } 664 665 bzero(&new_attr, sizeof (new_attr)); 666 new_attr.sa_dosattr = op->dattr; 667 new_attr.sa_vattr.va_size = op->dsize; 668 new_attr.sa_mask = SMB_AT_DOSATTR | SMB_AT_SIZE; 669 rc = smb_fsop_setattr(sr, sr->user_cr, node, &new_attr); 670 if (rc != 0) { 671 smb_fsop_unshrlock(sr->user_cr, node, uniq_fid); 672 smb_node_unlock(node); 673 smb_node_dec_opening_count(node); 674 smb_node_release(node); 675 smb_node_release(dnode); 676 smbsr_errno(sr, rc); 677 return (sr->smb_error.status); 678 } 679 680 /* 681 * If file is being replaced, remove existing streams 682 */ 683 if (SMB_IS_STREAM(node) == 0) { 684 rc = smb_fsop_remove_streams(sr, sr->user_cr, 685 node); 686 if (rc != 0) { 687 smb_fsop_unshrlock(sr->user_cr, node, 688 uniq_fid); 689 smb_node_unlock(node); 690 smb_node_dec_opening_count(node); 691 smb_node_release(node); 692 smb_node_release(dnode); 693 return (sr->smb_error.status); 694 } 695 } 696 697 op->action_taken = SMB_OACT_TRUNCATED; 698 break; 699 700 default: 701 /* 702 * FILE_OPEN or FILE_OPEN_IF. 703 */ 704 op->action_taken = SMB_OACT_OPENED; 705 break; 706 } 707 } else { 708 /* Last component was not found. */ 709 dnode = op->fqi.fq_dnode; 710 711 if (is_dir == 0) 712 is_stream = smb_is_stream_name(pn->pn_path); 713 714 if ((op->create_disposition == FILE_OPEN) || 715 (op->create_disposition == FILE_OVERWRITE)) { 716 smb_node_release(dnode); 717 smbsr_error(sr, NT_STATUS_OBJECT_NAME_NOT_FOUND, 718 ERRDOS, ERROR_FILE_NOT_FOUND); 719 return (NT_STATUS_OBJECT_NAME_NOT_FOUND); 720 } 721 722 if (pn->pn_fname && smb_is_invalid_filename(pn->pn_fname)) { 723 smb_node_release(dnode); 724 smbsr_error(sr, NT_STATUS_OBJECT_NAME_INVALID, 725 ERRDOS, ERROR_INVALID_NAME); 726 return (NT_STATUS_OBJECT_NAME_INVALID); 727 } 728 729 /* 730 * lock the parent dir node in case another create 731 * request to the same parent directory comes in. 732 */ 733 smb_node_wrlock(dnode); 734 735 /* Don't apply readonly bit until smb_ofile_close */ 736 if (op->dattr & FILE_ATTRIBUTE_READONLY) { 737 op->dattr &= ~FILE_ATTRIBUTE_READONLY; 738 op->created_readonly = B_TRUE; 739 } 740 741 bzero(&new_attr, sizeof (new_attr)); 742 if ((op->crtime.tv_sec != 0) && 743 (op->crtime.tv_sec != UINT_MAX)) { 744 745 new_attr.sa_mask |= SMB_AT_CRTIME; 746 new_attr.sa_crtime = op->crtime; 747 } 748 749 if (is_dir == 0) { 750 op->dattr |= FILE_ATTRIBUTE_ARCHIVE; 751 new_attr.sa_dosattr = op->dattr; 752 new_attr.sa_vattr.va_type = VREG; 753 new_attr.sa_vattr.va_mode = is_stream ? S_IRUSR : 754 S_IRUSR | S_IRGRP | S_IROTH | 755 S_IWUSR | S_IWGRP | S_IWOTH; 756 new_attr.sa_mask |= 757 SMB_AT_DOSATTR | SMB_AT_TYPE | SMB_AT_MODE; 758 759 if (op->dsize) { 760 new_attr.sa_vattr.va_size = op->dsize; 761 new_attr.sa_mask |= SMB_AT_SIZE; 762 } 763 764 rc = smb_fsop_create(sr, sr->user_cr, dnode, 765 op->fqi.fq_last_comp, &new_attr, &op->fqi.fq_fnode); 766 767 if (rc != 0) { 768 smb_node_unlock(dnode); 769 smb_node_release(dnode); 770 smbsr_errno(sr, rc); 771 return (sr->smb_error.status); 772 } 773 774 node = op->fqi.fq_fnode; 775 smb_node_inc_opening_count(node); 776 smb_node_wrlock(node); 777 778 status = smb_fsop_shrlock(sr->user_cr, node, uniq_fid, 779 op->desired_access, op->share_access); 780 781 if (status == NT_STATUS_SHARING_VIOLATION) { 782 smb_node_unlock(node); 783 smb_node_dec_opening_count(node); 784 smb_delete_new_object(sr); 785 smb_node_release(node); 786 smb_node_unlock(dnode); 787 smb_node_release(dnode); 788 return (status); 789 } 790 } else { 791 op->dattr |= FILE_ATTRIBUTE_DIRECTORY; 792 new_attr.sa_dosattr = op->dattr; 793 new_attr.sa_vattr.va_type = VDIR; 794 new_attr.sa_vattr.va_mode = 0777; 795 new_attr.sa_mask |= 796 SMB_AT_DOSATTR | SMB_AT_TYPE | SMB_AT_MODE; 797 798 rc = smb_fsop_mkdir(sr, sr->user_cr, dnode, 799 op->fqi.fq_last_comp, &new_attr, &op->fqi.fq_fnode); 800 if (rc != 0) { 801 smb_node_unlock(dnode); 802 smb_node_release(dnode); 803 smbsr_errno(sr, rc); 804 return (sr->smb_error.status); 805 } 806 807 node = op->fqi.fq_fnode; 808 smb_node_inc_opening_count(node); 809 smb_node_wrlock(node); 810 } 811 812 created = B_TRUE; 813 op->action_taken = SMB_OACT_CREATED; 814 } 815 816 if (max_requested) { 817 smb_fsop_eaccess(sr, sr->user_cr, node, &max_allowed); 818 op->desired_access |= max_allowed; 819 } 820 821 status = NT_STATUS_SUCCESS; 822 823 of = smb_ofile_open(sr->tid_tree, node, sr->smb_pid, op, SMB_FTYPE_DISK, 824 uniq_fid, &err); 825 if (of == NULL) { 826 smbsr_error(sr, err.status, err.errcls, err.errcode); 827 status = err.status; 828 } 829 830 if (status == NT_STATUS_SUCCESS) { 831 if (!smb_tree_is_connected(sr->tid_tree)) { 832 smbsr_error(sr, 0, ERRSRV, ERRinvnid); 833 status = NT_STATUS_UNSUCCESSFUL; 834 } 835 } 836 837 /* 838 * This MUST be done after ofile creation, so that explicitly 839 * set timestamps can be remembered on the ofile, and the 840 * readonly flag will be stored "pending" on the node. 841 */ 842 if (status == NT_STATUS_SUCCESS) { 843 if ((rc = smb_set_open_attributes(sr, of)) != 0) { 844 smbsr_errno(sr, rc); 845 status = sr->smb_error.status; 846 } 847 } 848 849 if (status == NT_STATUS_SUCCESS) { 850 /* 851 * We've already done access checks above, 852 * and want this call to succeed even when 853 * !(desired_access & FILE_READ_ATTRIBUTES), 854 * so pass kcred here. 855 */ 856 op->fqi.fq_fattr.sa_mask = SMB_AT_ALL; 857 rc = smb_node_getattr(sr, node, kcred, of, 858 &op->fqi.fq_fattr); 859 if (rc != 0) { 860 smbsr_error(sr, NT_STATUS_INTERNAL_ERROR, 861 ERRDOS, ERROR_INTERNAL_ERROR); 862 status = NT_STATUS_INTERNAL_ERROR; 863 } 864 } 865 866 /* 867 * smb_fsop_unshrlock is a no-op if node is a directory 868 * smb_fsop_unshrlock is done in smb_ofile_close 869 */ 870 if (status != NT_STATUS_SUCCESS) { 871 if (of == NULL) { 872 smb_fsop_unshrlock(sr->user_cr, node, uniq_fid); 873 } else { 874 smb_ofile_close(of, 0); 875 smb_ofile_release(of); 876 } 877 if (created) 878 smb_delete_new_object(sr); 879 smb_node_unlock(node); 880 smb_node_dec_opening_count(node); 881 smb_node_release(node); 882 if (created) 883 smb_node_unlock(dnode); 884 smb_node_release(dnode); 885 return (status); 886 } 887 888 /* 889 * Propagate the write-through mode from the open params 890 * to the node: see the notes in the function header. 891 */ 892 if (sr->sr_cfg->skc_sync_enable || 893 (op->create_options & FILE_WRITE_THROUGH)) 894 node->flags |= NODE_FLAGS_WRITE_THROUGH; 895 896 /* 897 * Set up the fileid and dosattr in open_param for response 898 */ 899 op->fileid = op->fqi.fq_fattr.sa_vattr.va_nodeid; 900 op->dattr = op->fqi.fq_fattr.sa_dosattr; 901 902 /* 903 * Set up the file type in open_param for the response 904 */ 905 op->ftype = SMB_FTYPE_DISK; 906 sr->smb_fid = of->f_fid; 907 sr->fid_ofile = of; 908 909 if (smb_node_is_file(node)) { 910 smb_oplock_acquire(sr, node, of); 911 op->dsize = op->fqi.fq_fattr.sa_vattr.va_size; 912 } else { 913 /* directory or symlink */ 914 op->op_oplock_level = SMB_OPLOCK_NONE; 915 op->dsize = 0; 916 } 917 918 smb_node_dec_opening_count(node); 919 920 smb_node_unlock(node); 921 if (created) 922 smb_node_unlock(dnode); 923 924 smb_node_release(node); 925 smb_node_release(dnode); 926 927 return (NT_STATUS_SUCCESS); 928 } 929 930 /* 931 * smb_open_oplock_break 932 * 933 * If the node has an ofile opened with share access none, 934 * (smb_node_share_check = FALSE) only break BATCH oplock. 935 * Otherwise: 936 * If overwriting, break to SMB_OPLOCK_NONE, else 937 * If opening for anything other than attribute access, 938 * break oplock to LEVEL_II. 939 */ 940 static void 941 smb_open_oplock_break(smb_request_t *sr, smb_node_t *node) 942 { 943 smb_arg_open_t *op = &sr->sr_open; 944 uint32_t flags = 0; 945 946 if (!smb_node_share_check(node)) 947 flags |= SMB_OPLOCK_BREAK_BATCH; 948 949 if (smb_open_overwrite(op)) { 950 flags |= SMB_OPLOCK_BREAK_TO_NONE; 951 (void) smb_oplock_break(sr, node, flags); 952 } else if (!smb_open_attr_only(op)) { 953 flags |= SMB_OPLOCK_BREAK_TO_LEVEL_II; 954 (void) smb_oplock_break(sr, node, flags); 955 } 956 } 957 958 /* 959 * smb_open_attr_only 960 * 961 * Determine if file is being opened for attribute access only. 962 * This is used to determine whether it is necessary to break 963 * existing oplocks on the file. 964 */ 965 static boolean_t 966 smb_open_attr_only(smb_arg_open_t *op) 967 { 968 if (((op->desired_access & ~(FILE_READ_ATTRIBUTES | 969 FILE_WRITE_ATTRIBUTES | SYNCHRONIZE)) == 0) && 970 (op->create_disposition != FILE_SUPERSEDE) && 971 (op->create_disposition != FILE_OVERWRITE)) { 972 return (B_TRUE); 973 } 974 return (B_FALSE); 975 } 976 977 static boolean_t 978 smb_open_overwrite(smb_arg_open_t *op) 979 { 980 if ((op->create_disposition == FILE_SUPERSEDE) || 981 (op->create_disposition == FILE_OVERWRITE_IF) || 982 (op->create_disposition == FILE_OVERWRITE)) { 983 return (B_TRUE); 984 } 985 return (B_FALSE); 986 } 987 988 /* 989 * smb_set_open_attributes 990 * 991 * Last write time: 992 * - If the last_write time specified in the open params is not 0 or -1, 993 * use it as file's mtime. This will be considered an explicitly set 994 * timestamps, not reset by subsequent writes. 995 * 996 * DOS attributes 997 * - If we created_readonly, we now store the real DOS attributes 998 * (including the readonly bit) so subsequent opens will see it. 999 * 1000 * Both are stored "pending" rather than in the file system. 1001 * 1002 * Returns: errno 1003 */ 1004 static int 1005 smb_set_open_attributes(smb_request_t *sr, smb_ofile_t *of) 1006 { 1007 smb_attr_t attr; 1008 smb_arg_open_t *op = &sr->sr_open; 1009 smb_node_t *node = of->f_node; 1010 int rc = 0; 1011 1012 bzero(&attr, sizeof (smb_attr_t)); 1013 1014 if (op->created_readonly) { 1015 attr.sa_dosattr = op->dattr | FILE_ATTRIBUTE_READONLY; 1016 attr.sa_mask |= SMB_AT_DOSATTR; 1017 } 1018 1019 if ((op->mtime.tv_sec != 0) && (op->mtime.tv_sec != UINT_MAX)) { 1020 attr.sa_vattr.va_mtime = op->mtime; 1021 attr.sa_mask |= SMB_AT_MTIME; 1022 } 1023 1024 /* 1025 * Used to have code here to set mtime, ctime, atime 1026 * when the open op->create_disposition is any of: 1027 * FILE_SUPERSEDE, FILE_OVERWRITE_IF, FILE_OVERWRITE. 1028 * We know that in those cases we will have set the 1029 * file size, in which case the file system will 1030 * update those times, so we don't have to. 1031 * 1032 * However, keep track of the fact that we modified 1033 * the file via this handle, so we can do the evil, 1034 * gratuitious mtime update on close that Windows 1035 * clients appear to expect. 1036 */ 1037 if (op->action_taken == SMB_OACT_TRUNCATED) 1038 of->f_written = B_TRUE; 1039 1040 if (attr.sa_mask != 0) 1041 rc = smb_node_setattr(sr, node, of->f_cr, of, &attr); 1042 1043 return (rc); 1044 } 1045 1046 /* 1047 * This function is used to delete a newly created object (file or 1048 * directory) if an error occurs after creation of the object. 1049 */ 1050 static void 1051 smb_delete_new_object(smb_request_t *sr) 1052 { 1053 smb_arg_open_t *op = &sr->sr_open; 1054 smb_fqi_t *fqi = &(op->fqi); 1055 uint32_t flags = 0; 1056 1057 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 1058 flags |= SMB_IGNORE_CASE; 1059 if (SMB_TREE_SUPPORTS_CATIA(sr)) 1060 flags |= SMB_CATIA; 1061 1062 if (op->create_options & FILE_DIRECTORY_FILE) 1063 (void) smb_fsop_rmdir(sr, sr->user_cr, fqi->fq_dnode, 1064 fqi->fq_last_comp, flags); 1065 else 1066 (void) smb_fsop_remove(sr, sr->user_cr, fqi->fq_dnode, 1067 fqi->fq_last_comp, flags); 1068 } 1069