1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. 23 * Copyright 2018 Nexenta Systems, Inc. All rights reserved. 24 */ 25 26 #include <sys/sid.h> 27 #include <sys/nbmlock.h> 28 #include <smbsrv/smb_fsops.h> 29 #include <smbsrv/smb_kproto.h> 30 #include <acl/acl_common.h> 31 #include <sys/fcntl.h> 32 #include <sys/filio.h> 33 #include <sys/flock.h> 34 #include <fs/fs_subr.h> 35 36 extern caller_context_t smb_ct; 37 38 static int smb_fsop_create_stream(smb_request_t *, cred_t *, smb_node_t *, 39 char *, char *, int, smb_attr_t *, smb_node_t **); 40 41 static int smb_fsop_create_file(smb_request_t *, cred_t *, smb_node_t *, 42 char *, int, smb_attr_t *, smb_node_t **); 43 44 #ifdef _KERNEL 45 static int smb_fsop_create_with_sd(smb_request_t *, cred_t *, smb_node_t *, 46 char *, smb_attr_t *, smb_node_t **, smb_fssd_t *); 47 static int smb_fsop_sdinherit(smb_request_t *, smb_node_t *, smb_fssd_t *); 48 #endif /* _KERNEL */ 49 50 /* 51 * The smb_fsop_* functions have knowledge of CIFS semantics. 52 * 53 * The smb_vop_* functions have minimal knowledge of CIFS semantics and 54 * serve as an interface to the VFS layer. 55 * 56 * Hence, smb_request_t and smb_node_t structures should not be passed 57 * from the smb_fsop_* layer to the smb_vop_* layer. 58 * 59 * In general, CIFS service code should only ever call smb_fsop_* 60 * functions directly, and never smb_vop_* functions directly. 61 * 62 * smb_fsop_* functions should call smb_vop_* functions where possible, instead 63 * of their smb_fsop_* counterparts. However, there are times when 64 * this cannot be avoided. 65 */ 66 67 /* 68 * Note: Stream names cannot be mangled. 69 */ 70 71 /* 72 * smb_fsop_amask_to_omode 73 * 74 * Convert the access mask to the open mode (for use 75 * with the VOP_OPEN call). 76 * 77 * Note that opening a file for attribute only access 78 * will also translate into an FREAD or FWRITE open mode 79 * (i.e., it's not just for data). 80 * 81 * This is needed so that opens are tracked appropriately 82 * for oplock processing. 83 */ 84 85 int 86 smb_fsop_amask_to_omode(uint32_t access) 87 { 88 int mode = 0; 89 90 if (access & (FILE_READ_DATA | FILE_EXECUTE | 91 FILE_READ_ATTRIBUTES | FILE_READ_EA)) 92 mode |= FREAD; 93 94 if (access & (FILE_WRITE_DATA | FILE_APPEND_DATA | 95 FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA)) 96 mode |= FWRITE; 97 98 if (access & FILE_APPEND_DATA) 99 mode |= FAPPEND; 100 101 return (mode); 102 } 103 104 int 105 smb_fsop_open(smb_node_t *node, int mode, cred_t *cred) 106 { 107 /* 108 * Assuming that the same vnode is returned as we had before. 109 * (I.e., with certain types of files or file systems, a 110 * different vnode might be returned by VOP_OPEN) 111 */ 112 return (smb_vop_open(&node->vp, mode, cred)); 113 } 114 115 void 116 smb_fsop_close(smb_node_t *node, int mode, cred_t *cred) 117 { 118 smb_vop_close(node->vp, mode, cred); 119 } 120 121 #ifdef _KERNEL 122 static int 123 smb_fsop_create_with_sd(smb_request_t *sr, cred_t *cr, 124 smb_node_t *dnode, char *name, 125 smb_attr_t *attr, smb_node_t **ret_snode, smb_fssd_t *fs_sd) 126 { 127 vsecattr_t *vsap; 128 vsecattr_t vsecattr; 129 smb_attr_t set_attr; 130 acl_t *acl, *dacl, *sacl; 131 vnode_t *vp; 132 cred_t *kcr = zone_kcred(); 133 int aclbsize = 0; /* size of acl list in bytes */ 134 int flags = 0; 135 int rc; 136 boolean_t is_dir; 137 138 ASSERT(fs_sd); 139 140 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 141 flags = SMB_IGNORE_CASE; 142 if (SMB_TREE_SUPPORTS_CATIA(sr)) 143 flags |= SMB_CATIA; 144 145 ASSERT(cr); 146 147 is_dir = ((fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR) != 0); 148 149 if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACLONCREATE)) { 150 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 151 dacl = fs_sd->sd_zdacl; 152 sacl = fs_sd->sd_zsacl; 153 ASSERT(dacl || sacl); 154 if (dacl && sacl) { 155 acl = smb_fsacl_merge(dacl, sacl); 156 } else if (dacl) { 157 acl = dacl; 158 } else { 159 acl = sacl; 160 } 161 162 rc = smb_fsacl_to_vsa(acl, &vsecattr, &aclbsize); 163 164 if (dacl && sacl) 165 acl_free(acl); 166 167 if (rc != 0) 168 return (rc); 169 170 vsap = &vsecattr; 171 } else { 172 vsap = NULL; 173 } 174 175 /* The tree ACEs may prevent a create */ 176 rc = EACCES; 177 if (is_dir) { 178 if (SMB_TREE_HAS_ACCESS(sr, ACE_ADD_SUBDIRECTORY) != 0) 179 rc = smb_vop_mkdir(dnode->vp, name, attr, 180 &vp, flags, cr, vsap); 181 } else { 182 if (SMB_TREE_HAS_ACCESS(sr, ACE_ADD_FILE) != 0) 183 rc = smb_vop_create(dnode->vp, name, attr, 184 &vp, flags, cr, vsap); 185 } 186 187 if (vsap != NULL) 188 kmem_free(vsap->vsa_aclentp, aclbsize); 189 190 if (rc != 0) 191 return (rc); 192 193 set_attr.sa_mask = 0; 194 195 /* 196 * Ideally we should be able to specify the owner and owning 197 * group at create time along with the ACL. Since we cannot 198 * do that right now, kcred is passed to smb_vop_setattr so it 199 * doesn't fail due to lack of permission. 200 */ 201 if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) { 202 set_attr.sa_vattr.va_uid = fs_sd->sd_uid; 203 set_attr.sa_mask |= SMB_AT_UID; 204 } 205 206 if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) { 207 set_attr.sa_vattr.va_gid = fs_sd->sd_gid; 208 set_attr.sa_mask |= SMB_AT_GID; 209 } 210 211 if (set_attr.sa_mask) 212 rc = smb_vop_setattr(vp, NULL, &set_attr, 0, kcr); 213 214 if (rc == 0) { 215 *ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp, 216 name, dnode, NULL); 217 218 if (*ret_snode == NULL) 219 rc = ENOMEM; 220 221 VN_RELE(vp); 222 } 223 } else { 224 /* 225 * For filesystems that don't support ACL-on-create, try 226 * to set the specified SD after create, which could actually 227 * fail because of conflicts between inherited security 228 * attributes upon creation and the specified SD. 229 * 230 * Passing kcred to smb_fsop_sdwrite() to overcome this issue. 231 */ 232 233 if (is_dir) { 234 rc = smb_vop_mkdir(dnode->vp, name, attr, &vp, 235 flags, cr, NULL); 236 } else { 237 rc = smb_vop_create(dnode->vp, name, attr, &vp, 238 flags, cr, NULL); 239 } 240 241 if (rc != 0) 242 return (rc); 243 244 *ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp, 245 name, dnode, NULL); 246 247 if (*ret_snode != NULL) { 248 if (!smb_tree_has_feature(sr->tid_tree, 249 SMB_TREE_NFS_MOUNTED)) 250 rc = smb_fsop_sdwrite(sr, kcr, *ret_snode, 251 fs_sd, 1); 252 } else { 253 rc = ENOMEM; 254 } 255 256 VN_RELE(vp); 257 } 258 259 if (rc != 0) { 260 if (is_dir) 261 (void) smb_vop_rmdir(dnode->vp, name, flags, cr); 262 else 263 (void) smb_vop_remove(dnode->vp, name, flags, cr); 264 } 265 266 return (rc); 267 } 268 #endif /* _KERNEL */ 269 270 /* 271 * smb_fsop_create 272 * 273 * All SMB functions should use this wrapper to ensure that 274 * all the smb_vop_creates are performed with the appropriate credentials. 275 * Please document any direct calls to explain the reason for avoiding 276 * this wrapper. 277 * 278 * *ret_snode is returned with a reference upon success. No reference is 279 * taken if an error is returned. 280 */ 281 int 282 smb_fsop_create(smb_request_t *sr, cred_t *cr, smb_node_t *dnode, 283 char *name, smb_attr_t *attr, smb_node_t **ret_snode) 284 { 285 int rc = 0; 286 int flags = 0; 287 char *fname, *sname; 288 char *longname = NULL; 289 290 ASSERT(cr); 291 ASSERT(dnode); 292 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 293 ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING); 294 295 ASSERT(ret_snode); 296 *ret_snode = 0; 297 298 ASSERT(name); 299 if (*name == 0) 300 return (EINVAL); 301 302 ASSERT(sr); 303 ASSERT(sr->tid_tree); 304 305 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0) 306 return (EACCES); 307 308 if (SMB_TREE_IS_READONLY(sr)) 309 return (EROFS); 310 311 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 312 flags = SMB_IGNORE_CASE; 313 if (SMB_TREE_SUPPORTS_CATIA(sr)) 314 flags |= SMB_CATIA; 315 if (SMB_TREE_SUPPORTS_ABE(sr)) 316 flags |= SMB_ABE; 317 318 if (smb_is_stream_name(name)) { 319 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 320 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 321 smb_stream_parse_name(name, fname, sname); 322 323 rc = smb_fsop_create_stream(sr, cr, dnode, 324 fname, sname, flags, attr, ret_snode); 325 326 kmem_free(fname, MAXNAMELEN); 327 kmem_free(sname, MAXNAMELEN); 328 return (rc); 329 } 330 331 /* Not a named stream */ 332 333 if (SMB_TREE_SUPPORTS_SHORTNAMES(sr) && smb_maybe_mangled(name)) { 334 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 335 rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags); 336 kmem_free(longname, MAXNAMELEN); 337 338 if (rc == 0) 339 rc = EEXIST; 340 if (rc != ENOENT) 341 return (rc); 342 } 343 344 rc = smb_fsop_create_file(sr, cr, dnode, name, flags, 345 attr, ret_snode); 346 return (rc); 347 348 } 349 350 351 /* 352 * smb_fsop_create_stream 353 * 354 * Create NTFS named stream file (sname) on unnamed stream 355 * file (fname), creating the unnamed stream file if it 356 * doesn't exist. 357 * If we created the unnamed stream file and then creation 358 * of the named stream file fails, we delete the unnamed stream. 359 * Since we use the real file name for the smb_vop_remove we 360 * clear the SMB_IGNORE_CASE flag to ensure a case sensitive 361 * match. 362 * 363 * The second parameter of smb_vop_setattr() is set to 364 * NULL, even though an unnamed stream exists. This is 365 * because we want to set the UID and GID on the named 366 * stream in this case for consistency with the (unnamed 367 * stream) file (see comments for smb_vop_setattr()). 368 * 369 * Note that some stream "types" are "restricted" and only 370 * internal callers (cr == kcred) can create those. 371 */ 372 static int 373 smb_fsop_create_stream(smb_request_t *sr, cred_t *cr, 374 smb_node_t *dnode, char *fname, char *sname, int flags, 375 smb_attr_t *attr, smb_node_t **ret_snode) 376 { 377 smb_attr_t fattr; 378 smb_node_t *fnode; 379 vnode_t *xattrdvp; 380 vnode_t *vp; 381 cred_t *kcr = zone_kcred(); 382 int rc = 0; 383 boolean_t fcreate = B_FALSE; 384 385 if (cr != kcr && smb_strname_restricted(sname)) 386 return (EACCES); 387 388 /* Look up / create the unnamed stream, fname */ 389 rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS, 390 sr->tid_tree->t_snode, dnode, fname, &fnode); 391 if (rc == 0) { 392 if (smb_fsop_access(sr, sr->user_cr, fnode, 393 sr->sr_open.desired_access) != 0) 394 rc = EACCES; 395 } else if (rc == ENOENT) { 396 fcreate = B_TRUE; 397 rc = smb_fsop_create_file(sr, cr, dnode, fname, flags, 398 attr, &fnode); 399 } 400 if (rc != 0) 401 return (rc); 402 403 fattr.sa_mask = SMB_AT_UID | SMB_AT_GID; 404 rc = smb_vop_getattr(fnode->vp, NULL, &fattr, 0, kcr); 405 406 if (rc == 0) { 407 /* create the named stream, sname */ 408 rc = smb_vop_stream_create(fnode->vp, sname, attr, 409 &vp, &xattrdvp, flags, cr); 410 } 411 if (rc != 0) { 412 if (fcreate) { 413 flags &= ~SMB_IGNORE_CASE; 414 (void) smb_vop_remove(dnode->vp, 415 fnode->od_name, flags, cr); 416 } 417 smb_node_release(fnode); 418 return (rc); 419 } 420 421 attr->sa_vattr.va_uid = fattr.sa_vattr.va_uid; 422 attr->sa_vattr.va_gid = fattr.sa_vattr.va_gid; 423 attr->sa_mask = SMB_AT_UID | SMB_AT_GID; 424 425 rc = smb_vop_setattr(vp, NULL, attr, 0, kcr); 426 if (rc != 0) { 427 smb_node_release(fnode); 428 return (rc); 429 } 430 431 *ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdvp, 432 vp, sname); 433 434 smb_node_release(fnode); 435 VN_RELE(xattrdvp); 436 VN_RELE(vp); 437 438 if (*ret_snode == NULL) 439 rc = ENOMEM; 440 441 /* notify change to the unnamed stream */ 442 if (rc == 0) 443 smb_node_notify_change(dnode, 444 FILE_ACTION_ADDED_STREAM, fname); 445 446 return (rc); 447 } 448 449 /* 450 * smb_fsop_create_file 451 */ 452 static int 453 smb_fsop_create_file(smb_request_t *sr, cred_t *cr, 454 smb_node_t *dnode, char *name, int flags, 455 smb_attr_t *attr, smb_node_t **ret_snode) 456 { 457 smb_arg_open_t *op = &sr->sr_open; 458 vnode_t *vp; 459 int rc; 460 461 #ifdef _KERNEL 462 smb_fssd_t fs_sd; 463 uint32_t secinfo; 464 uint32_t status; 465 466 if (op->sd) { 467 /* 468 * SD sent by client in Windows format. Needs to be 469 * converted to FS format. No inheritance. 470 */ 471 secinfo = smb_sd_get_secinfo(op->sd); 472 smb_fssd_init(&fs_sd, secinfo, 0); 473 474 status = smb_sd_tofs(op->sd, &fs_sd); 475 if (status == NT_STATUS_SUCCESS) { 476 rc = smb_fsop_create_with_sd(sr, cr, dnode, 477 name, attr, ret_snode, &fs_sd); 478 } else { 479 rc = EINVAL; 480 } 481 smb_fssd_term(&fs_sd); 482 } else if (sr->tid_tree->t_acltype == ACE_T) { 483 /* 484 * No incoming SD and filesystem is ZFS 485 * Server applies Windows inheritance rules, 486 * see smb_fsop_sdinherit() comments as to why. 487 */ 488 smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, 0); 489 rc = smb_fsop_sdinherit(sr, dnode, &fs_sd); 490 if (rc == 0) { 491 rc = smb_fsop_create_with_sd(sr, cr, dnode, 492 name, attr, ret_snode, &fs_sd); 493 } 494 495 smb_fssd_term(&fs_sd); 496 } else 497 #endif /* _KERNEL */ 498 { 499 /* 500 * No incoming SD and filesystem is not ZFS 501 * let the filesystem handles the inheritance. 502 */ 503 rc = smb_vop_create(dnode->vp, name, attr, &vp, 504 flags, cr, NULL); 505 506 if (rc == 0) { 507 *ret_snode = smb_node_lookup(sr, op, cr, vp, 508 name, dnode, NULL); 509 510 if (*ret_snode == NULL) 511 rc = ENOMEM; 512 513 VN_RELE(vp); 514 } 515 516 } 517 518 if (rc == 0) 519 smb_node_notify_change(dnode, FILE_ACTION_ADDED, name); 520 521 return (rc); 522 } 523 524 /* 525 * smb_fsop_mkdir 526 * 527 * All SMB functions should use this wrapper to ensure that 528 * the the calls are performed with the appropriate credentials. 529 * Please document any direct call to explain the reason 530 * for avoiding this wrapper. 531 * 532 * It is assumed that a reference exists on snode coming into this routine. 533 * 534 * *ret_snode is returned with a reference upon success. No reference is 535 * taken if an error is returned. 536 */ 537 int 538 smb_fsop_mkdir( 539 smb_request_t *sr, 540 cred_t *cr, 541 smb_node_t *dnode, 542 char *name, 543 smb_attr_t *attr, 544 smb_node_t **ret_snode) 545 { 546 struct open_param *op = &sr->arg.open; 547 char *longname; 548 vnode_t *vp; 549 int flags = 0; 550 int rc; 551 552 #ifdef _KERNEL 553 smb_fssd_t fs_sd; 554 uint32_t secinfo; 555 uint32_t status; 556 #endif /* _KERNEL */ 557 558 ASSERT(cr); 559 ASSERT(dnode); 560 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 561 ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING); 562 563 ASSERT(ret_snode); 564 *ret_snode = 0; 565 566 ASSERT(name); 567 if (*name == 0) 568 return (EINVAL); 569 570 ASSERT(sr); 571 ASSERT(sr->tid_tree); 572 573 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0) 574 return (EACCES); 575 576 if (SMB_TREE_IS_READONLY(sr)) 577 return (EROFS); 578 if (SMB_TREE_SUPPORTS_CATIA(sr)) 579 flags |= SMB_CATIA; 580 if (SMB_TREE_SUPPORTS_ABE(sr)) 581 flags |= SMB_ABE; 582 583 if (SMB_TREE_SUPPORTS_SHORTNAMES(sr) && smb_maybe_mangled(name)) { 584 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 585 rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags); 586 kmem_free(longname, MAXNAMELEN); 587 588 /* 589 * If the name passed in by the client has an unmangled 590 * equivalent that is found in the specified directory, 591 * then the mkdir cannot succeed. Return EEXIST. 592 * 593 * Only if ENOENT is returned will a mkdir be attempted. 594 */ 595 596 if (rc == 0) 597 rc = EEXIST; 598 599 if (rc != ENOENT) 600 return (rc); 601 } 602 603 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 604 flags = SMB_IGNORE_CASE; 605 606 #ifdef _KERNEL 607 if (op->sd) { 608 /* 609 * SD sent by client in Windows format. Needs to be 610 * converted to FS format. No inheritance. 611 */ 612 secinfo = smb_sd_get_secinfo(op->sd); 613 smb_fssd_init(&fs_sd, secinfo, SMB_FSSD_FLAGS_DIR); 614 615 status = smb_sd_tofs(op->sd, &fs_sd); 616 if (status == NT_STATUS_SUCCESS) { 617 rc = smb_fsop_create_with_sd(sr, cr, dnode, 618 name, attr, ret_snode, &fs_sd); 619 } 620 else 621 rc = EINVAL; 622 smb_fssd_term(&fs_sd); 623 } else if (sr->tid_tree->t_acltype == ACE_T) { 624 /* 625 * No incoming SD and filesystem is ZFS 626 * Server applies Windows inheritance rules, 627 * see smb_fsop_sdinherit() comments as to why. 628 */ 629 smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, SMB_FSSD_FLAGS_DIR); 630 rc = smb_fsop_sdinherit(sr, dnode, &fs_sd); 631 if (rc == 0) { 632 rc = smb_fsop_create_with_sd(sr, cr, dnode, 633 name, attr, ret_snode, &fs_sd); 634 } 635 636 smb_fssd_term(&fs_sd); 637 638 } else 639 #endif /* _KERNEL */ 640 { 641 rc = smb_vop_mkdir(dnode->vp, name, attr, &vp, flags, cr, 642 NULL); 643 644 if (rc == 0) { 645 *ret_snode = smb_node_lookup(sr, op, cr, vp, name, 646 dnode, NULL); 647 648 if (*ret_snode == NULL) 649 rc = ENOMEM; 650 651 VN_RELE(vp); 652 } 653 } 654 655 if (rc == 0) 656 smb_node_notify_change(dnode, FILE_ACTION_ADDED, name); 657 658 return (rc); 659 } 660 661 /* 662 * smb_fsop_remove 663 * 664 * All SMB functions should use this wrapper to ensure that 665 * the the calls are performed with the appropriate credentials. 666 * Please document any direct call to explain the reason 667 * for avoiding this wrapper. 668 * 669 * It is assumed that a reference exists on snode coming into this routine. 670 * 671 * A null smb_request might be passed to this function. 672 * 673 * Note that some stream "types" are "restricted" and only 674 * internal callers (cr == kcred) can remove those. 675 */ 676 int 677 smb_fsop_remove( 678 smb_request_t *sr, 679 cred_t *cr, 680 smb_node_t *dnode, 681 char *name, 682 uint32_t flags) 683 { 684 smb_node_t *fnode; 685 char *longname; 686 char *fname; 687 char *sname; 688 int rc; 689 690 ASSERT(cr); 691 /* 692 * The state of the node could be SMB_NODE_STATE_DESTROYING if this 693 * function is called during the deletion of the node (because of 694 * DELETE_ON_CLOSE). 695 */ 696 ASSERT(dnode); 697 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 698 699 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0 || 700 SMB_TREE_HAS_ACCESS(sr, ACE_DELETE) == 0) 701 return (EACCES); 702 703 if (SMB_TREE_IS_READONLY(sr)) 704 return (EROFS); 705 706 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 707 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 708 709 if (dnode->flags & NODE_XATTR_DIR) { 710 if (cr != zone_kcred() && smb_strname_restricted(name)) { 711 rc = EACCES; 712 goto out; 713 } 714 715 fnode = dnode->n_dnode; 716 rc = smb_vop_stream_remove(fnode->vp, name, flags, cr); 717 718 /* notify change to the unnamed stream */ 719 if ((rc == 0) && fnode->n_dnode) { 720 smb_node_notify_change(fnode->n_dnode, 721 FILE_ACTION_REMOVED_STREAM, fnode->od_name); 722 } 723 } else if (smb_is_stream_name(name)) { 724 smb_stream_parse_name(name, fname, sname); 725 726 if (cr != zone_kcred() && smb_strname_restricted(sname)) { 727 rc = EACCES; 728 goto out; 729 } 730 731 /* 732 * Look up the unnamed stream (i.e. fname). 733 * Unmangle processing will be done on fname 734 * as well as any link target. 735 */ 736 737 rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS, 738 sr->tid_tree->t_snode, dnode, fname, &fnode); 739 740 if (rc != 0) { 741 goto out; 742 } 743 744 /* 745 * XXX 746 * Need to find out what permission is required by NTFS 747 * to remove a stream. 748 */ 749 rc = smb_vop_stream_remove(fnode->vp, sname, flags, cr); 750 751 smb_node_release(fnode); 752 753 /* notify change to the unnamed stream */ 754 if (rc == 0) { 755 smb_node_notify_change(dnode, 756 FILE_ACTION_REMOVED_STREAM, fname); 757 } 758 } else { 759 rc = smb_vop_remove(dnode->vp, name, flags, cr); 760 761 if (rc == ENOENT) { 762 if (!SMB_TREE_SUPPORTS_SHORTNAMES(sr) || 763 !smb_maybe_mangled(name)) { 764 goto out; 765 } 766 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 767 768 if (SMB_TREE_SUPPORTS_ABE(sr)) 769 flags |= SMB_ABE; 770 771 rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, 772 flags); 773 774 if (rc == 0) { 775 /* 776 * longname is the real (case-sensitive) 777 * on-disk name. 778 * We make sure we do a remove on this exact 779 * name, as the name was mangled and denotes 780 * a unique file. 781 */ 782 flags &= ~SMB_IGNORE_CASE; 783 rc = smb_vop_remove(dnode->vp, longname, 784 flags, cr); 785 } 786 kmem_free(longname, MAXNAMELEN); 787 } 788 if (rc == 0) { 789 smb_node_notify_change(dnode, 790 FILE_ACTION_REMOVED, name); 791 } 792 } 793 794 out: 795 kmem_free(fname, MAXNAMELEN); 796 kmem_free(sname, MAXNAMELEN); 797 798 return (rc); 799 } 800 801 /* 802 * smb_fsop_remove_streams 803 * 804 * This function removes a file's streams without removing the 805 * file itself. 806 * 807 * It is assumed that fnode is not a link. 808 */ 809 uint32_t 810 smb_fsop_remove_streams(smb_request_t *sr, cred_t *cr, smb_node_t *fnode) 811 { 812 int rc, flags = 0; 813 smb_odir_t *od; 814 smb_odirent_t *odirent; 815 uint32_t status; 816 boolean_t eos; 817 818 ASSERT(sr); 819 ASSERT(cr); 820 ASSERT(fnode); 821 ASSERT(fnode->n_magic == SMB_NODE_MAGIC); 822 ASSERT(fnode->n_state != SMB_NODE_STATE_DESTROYING); 823 824 if (SMB_TREE_CONTAINS_NODE(sr, fnode) == 0) 825 return (NT_STATUS_ACCESS_DENIED); 826 827 if (SMB_TREE_IS_READONLY(sr)) 828 return (NT_STATUS_ACCESS_DENIED); 829 830 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 831 flags = SMB_IGNORE_CASE; 832 833 if (SMB_TREE_SUPPORTS_CATIA(sr)) 834 flags |= SMB_CATIA; 835 836 status = smb_odir_openat(sr, fnode, &od); 837 switch (status) { 838 case 0: 839 break; 840 case NT_STATUS_OBJECT_NAME_NOT_FOUND: 841 case NT_STATUS_NO_SUCH_FILE: 842 case NT_STATUS_NOT_SUPPORTED: 843 /* No streams to remove. */ 844 return (0); 845 default: 846 return (status); 847 } 848 849 odirent = kmem_alloc(sizeof (smb_odirent_t), KM_SLEEP); 850 for (;;) { 851 rc = smb_odir_read(sr, od, odirent, &eos); 852 if ((rc != 0) || (eos)) 853 break; 854 (void) smb_vop_remove(od->d_dnode->vp, odirent->od_name, 855 flags, cr); 856 } 857 kmem_free(odirent, sizeof (smb_odirent_t)); 858 if (eos && rc == ENOENT) 859 rc = 0; 860 861 smb_odir_close(od); 862 smb_odir_release(od); 863 if (rc) 864 status = smb_errno2status(rc); 865 return (status); 866 } 867 868 /* 869 * smb_fsop_rmdir 870 * 871 * All SMB functions should use this wrapper to ensure that 872 * the the calls are performed with the appropriate credentials. 873 * Please document any direct call to explain the reason 874 * for avoiding this wrapper. 875 * 876 * It is assumed that a reference exists on snode coming into this routine. 877 */ 878 int 879 smb_fsop_rmdir( 880 smb_request_t *sr, 881 cred_t *cr, 882 smb_node_t *dnode, 883 char *name, 884 uint32_t flags) 885 { 886 int rc; 887 char *longname; 888 889 ASSERT(cr); 890 /* 891 * The state of the node could be SMB_NODE_STATE_DESTROYING if this 892 * function is called during the deletion of the node (because of 893 * DELETE_ON_CLOSE). 894 */ 895 ASSERT(dnode); 896 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 897 898 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0 || 899 SMB_TREE_HAS_ACCESS(sr, ACE_DELETE_CHILD) == 0) 900 return (EACCES); 901 902 if (SMB_TREE_IS_READONLY(sr)) 903 return (EROFS); 904 905 rc = smb_vop_rmdir(dnode->vp, name, flags, cr); 906 907 if (rc == ENOENT) { 908 if (!SMB_TREE_SUPPORTS_SHORTNAMES(sr) || 909 !smb_maybe_mangled(name)) { 910 return (rc); 911 } 912 913 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 914 915 if (SMB_TREE_SUPPORTS_ABE(sr)) 916 flags |= SMB_ABE; 917 rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags); 918 919 if (rc == 0) { 920 /* 921 * longname is the real (case-sensitive) 922 * on-disk name. 923 * We make sure we do a rmdir on this exact 924 * name, as the name was mangled and denotes 925 * a unique directory. 926 */ 927 flags &= ~SMB_IGNORE_CASE; 928 rc = smb_vop_rmdir(dnode->vp, longname, flags, cr); 929 } 930 931 kmem_free(longname, MAXNAMELEN); 932 } 933 934 if (rc == 0) 935 smb_node_notify_change(dnode, FILE_ACTION_REMOVED, name); 936 937 return (rc); 938 } 939 940 /* 941 * smb_fsop_getattr 942 * 943 * All SMB functions should use this wrapper to ensure that 944 * the the calls are performed with the appropriate credentials. 945 * Please document any direct call to explain the reason 946 * for avoiding this wrapper. 947 * 948 * It is assumed that a reference exists on snode coming into this routine. 949 */ 950 int 951 smb_fsop_getattr(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 952 smb_attr_t *attr) 953 { 954 smb_node_t *unnamed_node; 955 vnode_t *unnamed_vp = NULL; 956 uint32_t status; 957 uint32_t access = 0; 958 int flags = 0; 959 int rc; 960 961 ASSERT(cr); 962 ASSERT(snode); 963 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 964 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 965 966 if (SMB_TREE_CONTAINS_NODE(sr, snode) == 0 || 967 SMB_TREE_HAS_ACCESS(sr, ACE_READ_ATTRIBUTES) == 0) 968 return (EACCES); 969 970 /* sr could be NULL in some cases */ 971 if (sr && sr->fid_ofile) { 972 /* if uid and/or gid is requested */ 973 if (attr->sa_mask & (SMB_AT_UID|SMB_AT_GID)) 974 access |= READ_CONTROL; 975 976 /* if anything else is also requested */ 977 if (attr->sa_mask & ~(SMB_AT_UID|SMB_AT_GID)) 978 access |= FILE_READ_ATTRIBUTES; 979 980 status = smb_ofile_access(sr->fid_ofile, cr, access); 981 if (status != NT_STATUS_SUCCESS) 982 return (EACCES); 983 984 if (smb_tree_has_feature(sr->tid_tree, 985 SMB_TREE_ACEMASKONACCESS)) 986 flags = ATTR_NOACLCHECK; 987 } 988 989 unnamed_node = SMB_IS_STREAM(snode); 990 991 if (unnamed_node) { 992 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 993 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 994 unnamed_vp = unnamed_node->vp; 995 } 996 997 rc = smb_vop_getattr(snode->vp, unnamed_vp, attr, flags, cr); 998 999 if ((rc == 0) && smb_node_is_dfslink(snode)) { 1000 /* a DFS link should be treated as a directory */ 1001 attr->sa_dosattr |= FILE_ATTRIBUTE_DIRECTORY; 1002 } 1003 1004 return (rc); 1005 } 1006 1007 /* 1008 * smb_fsop_link 1009 * 1010 * All SMB functions should use this smb_vop_link wrapper to ensure that 1011 * the smb_vop_link is performed with the appropriate credentials. 1012 * Please document any direct call to smb_vop_link to explain the reason 1013 * for avoiding this wrapper. 1014 * 1015 * It is assumed that references exist on from_dnode and to_dnode coming 1016 * into this routine. 1017 */ 1018 int 1019 smb_fsop_link(smb_request_t *sr, cred_t *cr, smb_node_t *from_fnode, 1020 smb_node_t *to_dnode, char *to_name) 1021 { 1022 char *longname = NULL; 1023 int flags = 0; 1024 int rc; 1025 1026 ASSERT(sr); 1027 ASSERT(sr->tid_tree); 1028 ASSERT(cr); 1029 ASSERT(to_dnode); 1030 ASSERT(to_dnode->n_magic == SMB_NODE_MAGIC); 1031 ASSERT(to_dnode->n_state != SMB_NODE_STATE_DESTROYING); 1032 ASSERT(from_fnode); 1033 ASSERT(from_fnode->n_magic == SMB_NODE_MAGIC); 1034 ASSERT(from_fnode->n_state != SMB_NODE_STATE_DESTROYING); 1035 1036 if (SMB_TREE_CONTAINS_NODE(sr, from_fnode) == 0) 1037 return (EACCES); 1038 1039 if (SMB_TREE_CONTAINS_NODE(sr, to_dnode) == 0) 1040 return (EACCES); 1041 1042 if (SMB_TREE_IS_READONLY(sr)) 1043 return (EROFS); 1044 1045 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 1046 flags = SMB_IGNORE_CASE; 1047 if (SMB_TREE_SUPPORTS_CATIA(sr)) 1048 flags |= SMB_CATIA; 1049 if (SMB_TREE_SUPPORTS_ABE(sr)) 1050 flags |= SMB_ABE; 1051 1052 if (SMB_TREE_SUPPORTS_SHORTNAMES(sr) && smb_maybe_mangled(to_name)) { 1053 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1054 rc = smb_unmangle(to_dnode, to_name, longname, 1055 MAXNAMELEN, flags); 1056 kmem_free(longname, MAXNAMELEN); 1057 1058 if (rc == 0) 1059 rc = EEXIST; 1060 if (rc != ENOENT) 1061 return (rc); 1062 } 1063 1064 rc = smb_vop_link(to_dnode->vp, from_fnode->vp, to_name, flags, cr); 1065 1066 if (rc == 0) 1067 smb_node_notify_change(to_dnode, FILE_ACTION_ADDED, to_name); 1068 1069 return (rc); 1070 } 1071 1072 /* 1073 * smb_fsop_rename 1074 * 1075 * All SMB functions should use this smb_vop_rename wrapper to ensure that 1076 * the smb_vop_rename is performed with the appropriate credentials. 1077 * Please document any direct call to smb_vop_rename to explain the reason 1078 * for avoiding this wrapper. 1079 * 1080 * It is assumed that references exist on from_dnode and to_dnode coming 1081 * into this routine. 1082 */ 1083 int 1084 smb_fsop_rename( 1085 smb_request_t *sr, 1086 cred_t *cr, 1087 smb_node_t *from_dnode, 1088 char *from_name, 1089 smb_node_t *to_dnode, 1090 char *to_name) 1091 { 1092 smb_node_t *from_snode; 1093 smb_attr_t from_attr; 1094 vnode_t *from_vp; 1095 int flags = 0, ret_flags; 1096 int rc; 1097 boolean_t isdir; 1098 1099 ASSERT(cr); 1100 ASSERT(from_dnode); 1101 ASSERT(from_dnode->n_magic == SMB_NODE_MAGIC); 1102 ASSERT(from_dnode->n_state != SMB_NODE_STATE_DESTROYING); 1103 1104 ASSERT(to_dnode); 1105 ASSERT(to_dnode->n_magic == SMB_NODE_MAGIC); 1106 ASSERT(to_dnode->n_state != SMB_NODE_STATE_DESTROYING); 1107 1108 if (SMB_TREE_CONTAINS_NODE(sr, from_dnode) == 0) 1109 return (EACCES); 1110 1111 if (SMB_TREE_CONTAINS_NODE(sr, to_dnode) == 0) 1112 return (EACCES); 1113 1114 ASSERT(sr); 1115 ASSERT(sr->tid_tree); 1116 if (SMB_TREE_IS_READONLY(sr)) 1117 return (EROFS); 1118 1119 /* 1120 * Note: There is no need to check SMB_TREE_IS_CASEINSENSITIVE 1121 * here. 1122 * 1123 * A case-sensitive rename is always done in this routine 1124 * because we are using the on-disk name from an earlier lookup. 1125 * If a mangled name was passed in by the caller (denoting a 1126 * deterministic lookup), then the exact file must be renamed 1127 * (i.e. SMB_IGNORE_CASE must not be passed to VOP_RENAME, or 1128 * else the underlying file system might return a "first-match" 1129 * on this on-disk name, possibly resulting in the wrong file). 1130 */ 1131 1132 if (SMB_TREE_SUPPORTS_CATIA(sr)) 1133 flags |= SMB_CATIA; 1134 1135 /* 1136 * XXX: Lock required through smb_node_release() below? 1137 */ 1138 1139 rc = smb_vop_lookup(from_dnode->vp, from_name, &from_vp, NULL, 1140 flags, &ret_flags, NULL, &from_attr, cr); 1141 1142 if (rc != 0) 1143 return (rc); 1144 1145 if (from_attr.sa_dosattr & FILE_ATTRIBUTE_REPARSE_POINT) { 1146 VN_RELE(from_vp); 1147 return (EACCES); 1148 } 1149 1150 isdir = ((from_attr.sa_dosattr & FILE_ATTRIBUTE_DIRECTORY) != 0); 1151 1152 if ((isdir && SMB_TREE_HAS_ACCESS(sr, 1153 ACE_DELETE_CHILD | ACE_ADD_SUBDIRECTORY) != 1154 (ACE_DELETE_CHILD | ACE_ADD_SUBDIRECTORY)) || 1155 (!isdir && SMB_TREE_HAS_ACCESS(sr, ACE_DELETE | ACE_ADD_FILE) != 1156 (ACE_DELETE | ACE_ADD_FILE))) { 1157 VN_RELE(from_vp); 1158 return (EACCES); 1159 } 1160 1161 /* 1162 * SMB checks access on open and retains an access granted 1163 * mask for use while the file is open. ACL changes should 1164 * not affect access to an open file. 1165 * 1166 * If the rename is being performed on an ofile: 1167 * - Check the ofile's access granted mask to see if the 1168 * rename is permitted - requires DELETE access. 1169 * - If the file system does access checking, set the 1170 * ATTR_NOACLCHECK flag to ensure that the file system 1171 * does not check permissions on subsequent calls. 1172 */ 1173 if (sr && sr->fid_ofile) { 1174 rc = smb_ofile_access(sr->fid_ofile, cr, DELETE); 1175 if (rc != NT_STATUS_SUCCESS) { 1176 VN_RELE(from_vp); 1177 return (EACCES); 1178 } 1179 1180 if (smb_tree_has_feature(sr->tid_tree, 1181 SMB_TREE_ACEMASKONACCESS)) 1182 flags = ATTR_NOACLCHECK; 1183 } 1184 1185 rc = smb_vop_rename(from_dnode->vp, from_name, to_dnode->vp, 1186 to_name, flags, cr); 1187 1188 if (rc == 0) { 1189 from_snode = smb_node_lookup(sr, NULL, cr, from_vp, from_name, 1190 from_dnode, NULL); 1191 1192 if (from_snode == NULL) { 1193 rc = ENOMEM; 1194 } else { 1195 smb_node_rename(from_dnode, from_snode, 1196 to_dnode, to_name); 1197 smb_node_release(from_snode); 1198 } 1199 } 1200 VN_RELE(from_vp); 1201 1202 if (rc == 0) { 1203 if (from_dnode == to_dnode) { 1204 smb_node_notify_change(from_dnode, 1205 FILE_ACTION_RENAMED_OLD_NAME, from_name); 1206 smb_node_notify_change(to_dnode, 1207 FILE_ACTION_RENAMED_NEW_NAME, to_name); 1208 } else { 1209 smb_node_notify_change(from_dnode, 1210 FILE_ACTION_REMOVED, from_name); 1211 smb_node_notify_change(to_dnode, 1212 FILE_ACTION_ADDED, to_name); 1213 } 1214 } 1215 1216 /* XXX: unlock */ 1217 1218 return (rc); 1219 } 1220 1221 /* 1222 * smb_fsop_setattr 1223 * 1224 * All SMB functions should use this wrapper to ensure that 1225 * the the calls are performed with the appropriate credentials. 1226 * Please document any direct call to explain the reason 1227 * for avoiding this wrapper. 1228 * 1229 * It is assumed that a reference exists on snode coming into 1230 * this function. 1231 * A null smb_request might be passed to this function. 1232 */ 1233 int 1234 smb_fsop_setattr( 1235 smb_request_t *sr, 1236 cred_t *cr, 1237 smb_node_t *snode, 1238 smb_attr_t *set_attr) 1239 { 1240 smb_node_t *unnamed_node; 1241 vnode_t *unnamed_vp = NULL; 1242 uint32_t status; 1243 uint32_t access; 1244 int rc = 0; 1245 int flags = 0; 1246 uint_t sa_mask; 1247 1248 ASSERT(cr); 1249 ASSERT(snode); 1250 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1251 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1252 1253 if (SMB_TREE_CONTAINS_NODE(sr, snode) == 0) 1254 return (EACCES); 1255 1256 if (SMB_TREE_IS_READONLY(sr)) 1257 return (EROFS); 1258 1259 if (SMB_TREE_HAS_ACCESS(sr, 1260 ACE_WRITE_ATTRIBUTES | ACE_WRITE_NAMED_ATTRS) == 0) 1261 return (EACCES); 1262 1263 /* 1264 * SMB checks access on open and retains an access granted 1265 * mask for use while the file is open. ACL changes should 1266 * not affect access to an open file. 1267 * 1268 * If the setattr is being performed on an ofile: 1269 * - Check the ofile's access granted mask to see if the 1270 * setattr is permitted. 1271 * UID, GID - require WRITE_OWNER 1272 * SIZE, ALLOCSZ - require FILE_WRITE_DATA 1273 * all other attributes require FILE_WRITE_ATTRIBUTES 1274 * 1275 * - If the file system does access checking, set the 1276 * ATTR_NOACLCHECK flag to ensure that the file system 1277 * does not check permissions on subsequent calls. 1278 */ 1279 if (sr && sr->fid_ofile) { 1280 sa_mask = set_attr->sa_mask; 1281 access = 0; 1282 1283 if (sa_mask & (SMB_AT_SIZE | SMB_AT_ALLOCSZ)) { 1284 access |= FILE_WRITE_DATA; 1285 sa_mask &= ~(SMB_AT_SIZE | SMB_AT_ALLOCSZ); 1286 } 1287 1288 if (sa_mask & (SMB_AT_UID|SMB_AT_GID)) { 1289 access |= WRITE_OWNER; 1290 sa_mask &= ~(SMB_AT_UID|SMB_AT_GID); 1291 } 1292 1293 if (sa_mask) 1294 access |= FILE_WRITE_ATTRIBUTES; 1295 1296 status = smb_ofile_access(sr->fid_ofile, cr, access); 1297 if (status != NT_STATUS_SUCCESS) 1298 return (EACCES); 1299 1300 if (smb_tree_has_feature(sr->tid_tree, 1301 SMB_TREE_ACEMASKONACCESS)) 1302 flags = ATTR_NOACLCHECK; 1303 } 1304 1305 unnamed_node = SMB_IS_STREAM(snode); 1306 1307 if (unnamed_node) { 1308 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1309 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1310 unnamed_vp = unnamed_node->vp; 1311 } 1312 1313 rc = smb_vop_setattr(snode->vp, unnamed_vp, set_attr, flags, cr); 1314 return (rc); 1315 } 1316 1317 /* 1318 * Support for SMB2 setinfo FileValidDataLengthInformation. 1319 * Free (zero out) data in the range off, off+len 1320 */ 1321 int 1322 smb_fsop_freesp( 1323 smb_request_t *sr, 1324 cred_t *cr, 1325 smb_ofile_t *ofile, 1326 off64_t off, 1327 off64_t len) 1328 { 1329 flock64_t flk; 1330 smb_node_t *node = ofile->f_node; 1331 uint32_t status; 1332 uint32_t access = FILE_WRITE_DATA; 1333 int rc; 1334 1335 ASSERT(cr); 1336 ASSERT(node); 1337 ASSERT(node->n_magic == SMB_NODE_MAGIC); 1338 ASSERT(node->n_state != SMB_NODE_STATE_DESTROYING); 1339 1340 if (SMB_TREE_CONTAINS_NODE(sr, node) == 0) 1341 return (EACCES); 1342 1343 if (SMB_TREE_IS_READONLY(sr)) 1344 return (EROFS); 1345 1346 if (SMB_TREE_HAS_ACCESS(sr, access) == 0) 1347 return (EACCES); 1348 1349 /* 1350 * SMB checks access on open and retains an access granted 1351 * mask for use while the file is open. ACL changes should 1352 * not affect access to an open file. 1353 * 1354 * If the setattr is being performed on an ofile: 1355 * - Check the ofile's access granted mask to see if this 1356 * modification should be permitted (FILE_WRITE_DATA) 1357 */ 1358 status = smb_ofile_access(sr->fid_ofile, cr, access); 1359 if (status != NT_STATUS_SUCCESS) 1360 return (EACCES); 1361 1362 bzero(&flk, sizeof (flk)); 1363 flk.l_start = off; 1364 flk.l_len = len; 1365 1366 rc = smb_vop_space(node->vp, F_FREESP, &flk, FWRITE, 0LL, cr); 1367 return (rc); 1368 } 1369 1370 /* 1371 * smb_fsop_read 1372 * 1373 * All SMB functions should use this wrapper to ensure that 1374 * the the calls are performed with the appropriate credentials. 1375 * Please document any direct call to explain the reason 1376 * for avoiding this wrapper. 1377 * 1378 * It is assumed that a reference exists on snode coming into this routine. 1379 * Note that ofile may be different from sr->fid_ofile, or may be NULL. 1380 */ 1381 int 1382 smb_fsop_read(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 1383 smb_ofile_t *ofile, uio_t *uio, int ioflag) 1384 { 1385 caller_context_t ct; 1386 cred_t *kcr = zone_kcred(); 1387 uint32_t amask; 1388 int svmand; 1389 int rc; 1390 1391 ASSERT(cr); 1392 ASSERT(snode); 1393 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1394 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1395 1396 ASSERT(sr); 1397 1398 if (ofile != NULL) { 1399 /* 1400 * Check tree access. Not SMB_TREE_HAS_ACCESS 1401 * because we need to use ofile->f_tree 1402 */ 1403 if ((ofile->f_tree->t_access & ACE_READ_DATA) == 0) 1404 return (EACCES); 1405 1406 /* 1407 * Check ofile access. Use in-line smb_ofile_access 1408 * so we can check both amask bits at the same time. 1409 * If any bit in amask is granted, allow this read. 1410 */ 1411 amask = FILE_READ_DATA; 1412 if (sr->smb_flg2 & SMB_FLAGS2_READ_IF_EXECUTE) 1413 amask |= FILE_EXECUTE; 1414 if (cr != kcr && (ofile->f_granted_access & amask) == 0) 1415 return (EACCES); 1416 } 1417 1418 /* 1419 * Streams permission are checked against the unnamed stream, 1420 * but in FS level they have their own permissions. To avoid 1421 * rejection by FS due to lack of permission on the actual 1422 * extended attr kcred is passed for streams. 1423 */ 1424 if (SMB_IS_STREAM(snode)) 1425 cr = kcr; 1426 1427 smb_node_start_crit(snode, RW_READER); 1428 rc = nbl_svmand(snode->vp, kcr, &svmand); 1429 if (rc) { 1430 smb_node_end_crit(snode); 1431 return (rc); 1432 } 1433 1434 /* 1435 * Note: SMB allows a zero-byte read, which should not 1436 * conflict with any locks. However nbl_lock_conflict 1437 * takes a zero-byte length as lock to EOF, so we must 1438 * special case that here. 1439 */ 1440 if (uio->uio_resid > 0) { 1441 ct = smb_ct; 1442 if (ofile != NULL) 1443 ct.cc_pid = ofile->f_uniqid; 1444 rc = nbl_lock_conflict(snode->vp, NBL_READ, uio->uio_loffset, 1445 uio->uio_resid, svmand, &ct); 1446 if (rc != 0) { 1447 smb_node_end_crit(snode); 1448 return (ERANGE); 1449 } 1450 } 1451 1452 rc = smb_vop_read(snode->vp, uio, ioflag, cr); 1453 smb_node_end_crit(snode); 1454 1455 return (rc); 1456 } 1457 1458 /* 1459 * smb_fsop_write 1460 * 1461 * It is assumed that a reference exists on snode coming into this routine. 1462 * Note that ofile may be different from sr->fid_ofile, or may be NULL. 1463 */ 1464 int 1465 smb_fsop_write( 1466 smb_request_t *sr, 1467 cred_t *cr, 1468 smb_node_t *snode, 1469 smb_ofile_t *ofile, 1470 uio_t *uio, 1471 uint32_t *lcount, 1472 int ioflag) 1473 { 1474 caller_context_t ct; 1475 smb_attr_t attr; 1476 cred_t *kcr = zone_kcred(); 1477 smb_node_t *u_node; 1478 vnode_t *u_vp = NULL; 1479 vnode_t *vp; 1480 uint32_t amask; 1481 int svmand; 1482 int rc; 1483 1484 ASSERT(cr); 1485 ASSERT(snode); 1486 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1487 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1488 1489 ASSERT(sr); 1490 vp = snode->vp; 1491 1492 if (ofile != NULL) { 1493 amask = FILE_WRITE_DATA | FILE_APPEND_DATA; 1494 1495 /* Check tree access. */ 1496 if ((ofile->f_tree->t_access & amask) == 0) 1497 return (EROFS); 1498 1499 /* 1500 * Check ofile access. Use in-line smb_ofile_access 1501 * so we can check both amask bits at the same time. 1502 * If any bit in amask is granted, allow this write. 1503 */ 1504 if (cr != kcr && (ofile->f_granted_access & amask) == 0) 1505 return (EACCES); 1506 } 1507 1508 /* 1509 * Streams permission are checked against the unnamed stream, 1510 * but in FS level they have their own permissions. To avoid 1511 * rejection by FS due to lack of permission on the actual 1512 * extended attr kcred is passed for streams. 1513 */ 1514 u_node = SMB_IS_STREAM(snode); 1515 if (u_node != NULL) { 1516 ASSERT(u_node->n_magic == SMB_NODE_MAGIC); 1517 ASSERT(u_node->n_state != SMB_NODE_STATE_DESTROYING); 1518 u_vp = u_node->vp; 1519 cr = kcr; 1520 } 1521 1522 smb_node_start_crit(snode, RW_WRITER); 1523 rc = nbl_svmand(vp, kcr, &svmand); 1524 if (rc) { 1525 smb_node_end_crit(snode); 1526 return (rc); 1527 } 1528 1529 /* 1530 * Note: SMB allows a zero-byte write, which should not 1531 * conflict with any locks. However nbl_lock_conflict 1532 * takes a zero-byte length as lock to EOF, so we must 1533 * special case that here. 1534 */ 1535 if (uio->uio_resid > 0) { 1536 ct = smb_ct; 1537 if (ofile != NULL) 1538 ct.cc_pid = ofile->f_uniqid; 1539 rc = nbl_lock_conflict(vp, NBL_WRITE, uio->uio_loffset, 1540 uio->uio_resid, svmand, &ct); 1541 if (rc != 0) { 1542 smb_node_end_crit(snode); 1543 return (ERANGE); 1544 } 1545 } 1546 1547 rc = smb_vop_write(vp, uio, ioflag, lcount, cr); 1548 1549 /* 1550 * Once the mtime has been set via this ofile, the 1551 * automatic mtime changes from writes via this ofile 1552 * should cease, preserving the mtime that was set. 1553 * See: [MS-FSA] 2.1.5.14 and smb_node_setattr. 1554 * 1555 * The VFS interface does not offer a way to ask it to 1556 * skip the mtime updates, so we simulate the desired 1557 * behavior by re-setting the mtime after writes on a 1558 * handle where the mtime has been set. 1559 */ 1560 if (ofile != NULL && 1561 (ofile->f_pending_attr.sa_mask & SMB_AT_MTIME) != 0) { 1562 bcopy(&ofile->f_pending_attr, &attr, sizeof (attr)); 1563 attr.sa_mask = SMB_AT_MTIME; 1564 (void) smb_vop_setattr(vp, u_vp, &attr, 0, kcr); 1565 } 1566 1567 smb_node_end_crit(snode); 1568 1569 return (rc); 1570 } 1571 1572 /* 1573 * Find the next allocated range starting at or after 1574 * the offset (*datap), returning the start/end of 1575 * that range in (*datap, *holep) 1576 */ 1577 int 1578 smb_fsop_next_alloc_range( 1579 cred_t *cr, 1580 smb_node_t *node, 1581 off64_t *datap, 1582 off64_t *holep) 1583 { 1584 int err; 1585 1586 err = smb_vop_ioctl(node->vp, _FIO_SEEK_DATA, datap, cr); 1587 if (err != 0) 1588 return (err); 1589 1590 *holep = *datap; 1591 err = smb_vop_ioctl(node->vp, _FIO_SEEK_HOLE, holep, cr); 1592 1593 return (err); 1594 } 1595 1596 /* 1597 * smb_fsop_statfs 1598 * 1599 * This is a wrapper function used for stat operations. 1600 */ 1601 int 1602 smb_fsop_statfs( 1603 cred_t *cr, 1604 smb_node_t *snode, 1605 struct statvfs64 *statp) 1606 { 1607 ASSERT(cr); 1608 ASSERT(snode); 1609 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1610 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1611 1612 return (smb_vop_statfs(snode->vp, statp, cr)); 1613 } 1614 1615 /* 1616 * smb_fsop_access 1617 * 1618 * Named streams do not have separate permissions from the associated 1619 * unnamed stream. Thus, if node is a named stream, the permissions 1620 * check will be performed on the associated unnamed stream. 1621 * 1622 * However, our named streams do have their own quarantine attribute, 1623 * separate from that on the unnamed stream. If READ or EXECUTE 1624 * access has been requested on a named stream, an additional access 1625 * check is performed on the named stream in case it has been 1626 * quarantined. kcred is used to avoid issues with the permissions 1627 * set on the extended attribute file representing the named stream. 1628 * 1629 * Note that some stream "types" are "restricted" and only 1630 * internal callers (cr == kcred) can access those. 1631 */ 1632 int 1633 smb_fsop_access(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 1634 uint32_t faccess) 1635 { 1636 int access = 0; 1637 int error; 1638 vnode_t *dir_vp; 1639 boolean_t acl_check = B_TRUE; 1640 smb_node_t *unnamed_node; 1641 1642 ASSERT(sr); 1643 ASSERT(cr); 1644 ASSERT(snode); 1645 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1646 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1647 1648 if (SMB_TREE_IS_READONLY(sr)) { 1649 if (faccess & (FILE_WRITE_DATA|FILE_APPEND_DATA| 1650 FILE_WRITE_EA|FILE_DELETE_CHILD|FILE_WRITE_ATTRIBUTES| 1651 DELETE|WRITE_DAC|WRITE_OWNER)) { 1652 return (NT_STATUS_ACCESS_DENIED); 1653 } 1654 } 1655 1656 if (smb_node_is_reparse(snode) && (faccess & DELETE)) 1657 return (NT_STATUS_ACCESS_DENIED); 1658 1659 unnamed_node = SMB_IS_STREAM(snode); 1660 if (unnamed_node) { 1661 cred_t *kcr = zone_kcred(); 1662 1663 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1664 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1665 1666 if (cr != kcr && smb_strname_restricted(snode->od_name)) 1667 return (NT_STATUS_ACCESS_DENIED); 1668 1669 /* 1670 * Perform VREAD access check on the named stream in case it 1671 * is quarantined. kcred is passed to smb_vop_access so it 1672 * doesn't fail due to lack of permission. 1673 */ 1674 if (faccess & (FILE_READ_DATA | FILE_EXECUTE)) { 1675 error = smb_vop_access(snode->vp, VREAD, 1676 0, NULL, kcr); 1677 if (error) 1678 return (NT_STATUS_ACCESS_DENIED); 1679 } 1680 1681 /* 1682 * Streams authorization should be performed against the 1683 * unnamed stream. 1684 */ 1685 snode = unnamed_node; 1686 } 1687 1688 if (faccess & ACCESS_SYSTEM_SECURITY) { 1689 /* 1690 * This permission is required for reading/writing SACL and 1691 * it's not part of DACL. It's only granted via proper 1692 * privileges. 1693 */ 1694 if ((sr->uid_user->u_privileges & 1695 (SMB_USER_PRIV_BACKUP | 1696 SMB_USER_PRIV_RESTORE | 1697 SMB_USER_PRIV_SECURITY)) == 0) 1698 return (NT_STATUS_PRIVILEGE_NOT_HELD); 1699 1700 faccess &= ~ACCESS_SYSTEM_SECURITY; 1701 } 1702 1703 /* Links don't have ACL */ 1704 if ((!smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) || 1705 smb_node_is_symlink(snode)) 1706 acl_check = B_FALSE; 1707 1708 /* Deny access based on the share access mask */ 1709 1710 if ((faccess & ~sr->tid_tree->t_access) != 0) 1711 return (NT_STATUS_ACCESS_DENIED); 1712 1713 if (acl_check) { 1714 dir_vp = (snode->n_dnode) ? snode->n_dnode->vp : NULL; 1715 error = smb_vop_access(snode->vp, faccess, V_ACE_MASK, dir_vp, 1716 cr); 1717 } else { 1718 /* 1719 * FS doesn't understand 32-bit mask, need to map 1720 */ 1721 if (faccess & (FILE_WRITE_DATA | FILE_APPEND_DATA)) 1722 access |= VWRITE; 1723 1724 if (faccess & FILE_READ_DATA) 1725 access |= VREAD; 1726 1727 if (faccess & FILE_EXECUTE) 1728 access |= VEXEC; 1729 1730 error = smb_vop_access(snode->vp, access, 0, NULL, cr); 1731 } 1732 1733 return ((error) ? NT_STATUS_ACCESS_DENIED : NT_STATUS_SUCCESS); 1734 } 1735 1736 /* 1737 * smb_fsop_lookup_name() 1738 * 1739 * If name indicates that the file is a stream file, perform 1740 * stream specific lookup, otherwise call smb_fsop_lookup. 1741 * 1742 * Return an error if the looked-up file is in outside the tree. 1743 * (Required when invoked from open path.) 1744 * 1745 * Case sensitivity flags (SMB_IGNORE_CASE, SMB_CASE_SENSITIVE): 1746 * if SMB_CASE_SENSITIVE is set, the SMB_IGNORE_CASE flag will NOT be set 1747 * based on the tree's case sensitivity. However, if the SMB_IGNORE_CASE 1748 * flag is set in the flags value passed as a parameter, a case insensitive 1749 * lookup WILL be done (regardless of whether SMB_CASE_SENSITIVE is set 1750 * or not). 1751 */ 1752 1753 int 1754 smb_fsop_lookup_name( 1755 smb_request_t *sr, 1756 cred_t *cr, 1757 int flags, 1758 smb_node_t *root_node, 1759 smb_node_t *dnode, 1760 char *name, 1761 smb_node_t **ret_snode) 1762 { 1763 smb_node_t *fnode; 1764 vnode_t *xattrdirvp; 1765 vnode_t *vp; 1766 char *od_name; 1767 char *fname; 1768 char *sname; 1769 int rc; 1770 1771 ASSERT(cr); 1772 ASSERT(dnode); 1773 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 1774 ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING); 1775 1776 /* 1777 * The following check is required for streams processing, below 1778 */ 1779 1780 if (!(flags & SMB_CASE_SENSITIVE)) { 1781 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 1782 flags |= SMB_IGNORE_CASE; 1783 } 1784 1785 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1786 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1787 1788 if (smb_is_stream_name(name)) { 1789 smb_stream_parse_name(name, fname, sname); 1790 1791 /* 1792 * Look up the unnamed stream (i.e. fname). 1793 * Unmangle processing will be done on fname 1794 * as well as any link target. 1795 */ 1796 rc = smb_fsop_lookup(sr, cr, flags, root_node, dnode, 1797 fname, &fnode); 1798 1799 if (rc != 0) { 1800 kmem_free(fname, MAXNAMELEN); 1801 kmem_free(sname, MAXNAMELEN); 1802 return (rc); 1803 } 1804 1805 od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1806 1807 /* 1808 * od_name is the on-disk name of the stream, except 1809 * without the prepended stream prefix (SMB_STREAM_PREFIX) 1810 */ 1811 1812 /* 1813 * XXX 1814 * What permissions NTFS requires for stream lookup if any? 1815 */ 1816 rc = smb_vop_stream_lookup(fnode->vp, sname, &vp, od_name, 1817 &xattrdirvp, flags, root_node->vp, cr); 1818 1819 if (rc != 0) { 1820 smb_node_release(fnode); 1821 kmem_free(fname, MAXNAMELEN); 1822 kmem_free(sname, MAXNAMELEN); 1823 kmem_free(od_name, MAXNAMELEN); 1824 return (rc); 1825 } 1826 1827 *ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, 1828 vp, od_name); 1829 1830 kmem_free(od_name, MAXNAMELEN); 1831 smb_node_release(fnode); 1832 VN_RELE(xattrdirvp); 1833 VN_RELE(vp); 1834 1835 if (*ret_snode == NULL) { 1836 kmem_free(fname, MAXNAMELEN); 1837 kmem_free(sname, MAXNAMELEN); 1838 return (ENOMEM); 1839 } 1840 } else { 1841 rc = smb_fsop_lookup(sr, cr, flags, root_node, dnode, name, 1842 ret_snode); 1843 } 1844 1845 if (rc == 0) { 1846 ASSERT(ret_snode); 1847 if (SMB_TREE_CONTAINS_NODE(sr, *ret_snode) == 0) { 1848 smb_node_release(*ret_snode); 1849 *ret_snode = NULL; 1850 rc = EACCES; 1851 } 1852 } 1853 1854 kmem_free(fname, MAXNAMELEN); 1855 kmem_free(sname, MAXNAMELEN); 1856 1857 return (rc); 1858 } 1859 1860 /* 1861 * smb_fsop_lookup 1862 * 1863 * All SMB functions should use this smb_vop_lookup wrapper to ensure that 1864 * the smb_vop_lookup is performed with the appropriate credentials and using 1865 * case insensitive compares. Please document any direct call to smb_vop_lookup 1866 * to explain the reason for avoiding this wrapper. 1867 * 1868 * It is assumed that a reference exists on dnode coming into this routine 1869 * (and that it is safe from deallocation). 1870 * 1871 * Same with the root_node. 1872 * 1873 * *ret_snode is returned with a reference upon success. No reference is 1874 * taken if an error is returned. 1875 * 1876 * Note: The returned ret_snode may be in a child mount. This is ok for 1877 * readdir. 1878 * 1879 * Other smb_fsop_* routines will call SMB_TREE_CONTAINS_NODE() to prevent 1880 * operations on files not in the parent mount. 1881 * 1882 * Case sensitivity flags (SMB_IGNORE_CASE, SMB_CASE_SENSITIVE): 1883 * if SMB_CASE_SENSITIVE is set, the SMB_IGNORE_CASE flag will NOT be set 1884 * based on the tree's case sensitivity. However, if the SMB_IGNORE_CASE 1885 * flag is set in the flags value passed as a parameter, a case insensitive 1886 * lookup WILL be done (regardless of whether SMB_CASE_SENSITIVE is set 1887 * or not). 1888 */ 1889 int 1890 smb_fsop_lookup( 1891 smb_request_t *sr, 1892 cred_t *cr, 1893 int flags, 1894 smb_node_t *root_node, 1895 smb_node_t *dnode, 1896 char *name, 1897 smb_node_t **ret_snode) 1898 { 1899 smb_node_t *lnk_target_node; 1900 smb_node_t *lnk_dnode; 1901 char *longname; 1902 char *od_name; 1903 vnode_t *vp; 1904 int rc; 1905 int ret_flags; 1906 smb_attr_t attr; 1907 1908 ASSERT(cr); 1909 ASSERT(dnode); 1910 ASSERT(dnode->n_magic == SMB_NODE_MAGIC); 1911 ASSERT(dnode->n_state != SMB_NODE_STATE_DESTROYING); 1912 1913 if (name == NULL) 1914 return (EINVAL); 1915 1916 if (SMB_TREE_CONTAINS_NODE(sr, dnode) == 0) 1917 return (EACCES); 1918 1919 if (!(flags & SMB_CASE_SENSITIVE)) { 1920 if (SMB_TREE_IS_CASEINSENSITIVE(sr)) 1921 flags |= SMB_IGNORE_CASE; 1922 } 1923 if (SMB_TREE_SUPPORTS_CATIA(sr)) 1924 flags |= SMB_CATIA; 1925 if (SMB_TREE_SUPPORTS_ABE(sr)) 1926 flags |= SMB_ABE; 1927 1928 /* 1929 * Can have "" or "." when opening named streams on a directory. 1930 */ 1931 if (name[0] == '\0' || (name[0] == '.' && name[1] == '\0')) { 1932 smb_node_ref(dnode); 1933 *ret_snode = dnode; 1934 return (0); 1935 } 1936 1937 od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1938 1939 rc = smb_vop_lookup(dnode->vp, name, &vp, od_name, flags, 1940 &ret_flags, root_node ? root_node->vp : NULL, &attr, cr); 1941 1942 if (rc != 0) { 1943 if (!SMB_TREE_SUPPORTS_SHORTNAMES(sr) || 1944 !smb_maybe_mangled(name)) { 1945 kmem_free(od_name, MAXNAMELEN); 1946 return (rc); 1947 } 1948 1949 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1950 rc = smb_unmangle(dnode, name, longname, MAXNAMELEN, flags); 1951 if (rc != 0) { 1952 kmem_free(od_name, MAXNAMELEN); 1953 kmem_free(longname, MAXNAMELEN); 1954 return (rc); 1955 } 1956 1957 /* 1958 * longname is the real (case-sensitive) 1959 * on-disk name. 1960 * We make sure we do a lookup on this exact 1961 * name, as the name was mangled and denotes 1962 * a unique file. 1963 */ 1964 1965 if (flags & SMB_IGNORE_CASE) 1966 flags &= ~SMB_IGNORE_CASE; 1967 1968 rc = smb_vop_lookup(dnode->vp, longname, &vp, od_name, 1969 flags, &ret_flags, root_node ? root_node->vp : NULL, &attr, 1970 cr); 1971 1972 kmem_free(longname, MAXNAMELEN); 1973 1974 if (rc != 0) { 1975 kmem_free(od_name, MAXNAMELEN); 1976 return (rc); 1977 } 1978 } 1979 1980 if ((flags & SMB_FOLLOW_LINKS) && (vp->v_type == VLNK) && 1981 ((attr.sa_dosattr & FILE_ATTRIBUTE_REPARSE_POINT) == 0)) { 1982 rc = smb_pathname(sr, od_name, FOLLOW, root_node, dnode, 1983 &lnk_dnode, &lnk_target_node, cr, NULL); 1984 1985 if (rc != 0) { 1986 /* 1987 * The link is assumed to be for the last component 1988 * of a path. Hence any ENOTDIR error will be returned 1989 * as ENOENT. 1990 */ 1991 if (rc == ENOTDIR) 1992 rc = ENOENT; 1993 1994 VN_RELE(vp); 1995 kmem_free(od_name, MAXNAMELEN); 1996 return (rc); 1997 } 1998 1999 /* 2000 * Release the original VLNK vnode 2001 */ 2002 2003 VN_RELE(vp); 2004 vp = lnk_target_node->vp; 2005 2006 rc = smb_vop_traverse_check(&vp); 2007 2008 if (rc != 0) { 2009 smb_node_release(lnk_dnode); 2010 smb_node_release(lnk_target_node); 2011 kmem_free(od_name, MAXNAMELEN); 2012 return (rc); 2013 } 2014 2015 /* 2016 * smb_vop_traverse_check() may have returned a different vnode 2017 */ 2018 2019 if (lnk_target_node->vp == vp) { 2020 *ret_snode = lnk_target_node; 2021 } else { 2022 *ret_snode = smb_node_lookup(sr, NULL, cr, vp, 2023 lnk_target_node->od_name, lnk_dnode, NULL); 2024 VN_RELE(vp); 2025 2026 if (*ret_snode == NULL) 2027 rc = ENOMEM; 2028 smb_node_release(lnk_target_node); 2029 } 2030 2031 smb_node_release(lnk_dnode); 2032 2033 } else { 2034 2035 rc = smb_vop_traverse_check(&vp); 2036 if (rc) { 2037 VN_RELE(vp); 2038 kmem_free(od_name, MAXNAMELEN); 2039 return (rc); 2040 } 2041 2042 *ret_snode = smb_node_lookup(sr, NULL, cr, vp, od_name, 2043 dnode, NULL); 2044 VN_RELE(vp); 2045 2046 if (*ret_snode == NULL) 2047 rc = ENOMEM; 2048 } 2049 2050 kmem_free(od_name, MAXNAMELEN); 2051 return (rc); 2052 } 2053 2054 int /*ARGSUSED*/ 2055 smb_fsop_commit(smb_request_t *sr, cred_t *cr, smb_node_t *snode) 2056 { 2057 ASSERT(cr); 2058 ASSERT(snode); 2059 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 2060 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 2061 2062 ASSERT(sr); 2063 ASSERT(sr->tid_tree); 2064 if (SMB_TREE_IS_READONLY(sr)) 2065 return (EROFS); 2066 2067 return (smb_vop_commit(snode->vp, cr)); 2068 } 2069 2070 /* 2071 * smb_fsop_aclread 2072 * 2073 * Retrieve filesystem ACL. Depends on requested ACLs in 2074 * fs_sd->sd_secinfo, it'll set DACL and SACL pointers in 2075 * fs_sd. Note that requesting a DACL/SACL doesn't mean that 2076 * the corresponding field in fs_sd should be non-NULL upon 2077 * return, since the target ACL might not contain that type of 2078 * entries. 2079 * 2080 * Returned ACL is always in ACE_T (aka ZFS) format. 2081 * If successful the allocated memory for the ACL should be freed 2082 * using smb_fsacl_free() or smb_fssd_term() 2083 */ 2084 int 2085 smb_fsop_aclread(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2086 smb_fssd_t *fs_sd) 2087 { 2088 int error = 0; 2089 int flags = 0; 2090 int access = 0; 2091 acl_t *acl; 2092 2093 ASSERT(cr); 2094 2095 /* Can't query security on named streams */ 2096 if (SMB_IS_STREAM(snode) != NULL) 2097 return (EINVAL); 2098 2099 if (SMB_TREE_HAS_ACCESS(sr, ACE_READ_ACL) == 0) 2100 return (EACCES); 2101 2102 if (sr->fid_ofile) { 2103 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 2104 access = READ_CONTROL; 2105 2106 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 2107 access |= ACCESS_SYSTEM_SECURITY; 2108 2109 error = smb_ofile_access(sr->fid_ofile, cr, access); 2110 if (error != NT_STATUS_SUCCESS) { 2111 return (EACCES); 2112 } 2113 } 2114 2115 2116 if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) 2117 flags = ATTR_NOACLCHECK; 2118 2119 error = smb_vop_acl_read(snode->vp, &acl, flags, 2120 sr->tid_tree->t_acltype, cr); 2121 if (error != 0) { 2122 return (error); 2123 } 2124 2125 error = acl_translate(acl, _ACL_ACE_ENABLED, 2126 smb_node_is_dir(snode), fs_sd->sd_uid, fs_sd->sd_gid); 2127 2128 if (error == 0) { 2129 smb_fsacl_split(acl, &fs_sd->sd_zdacl, &fs_sd->sd_zsacl, 2130 fs_sd->sd_secinfo); 2131 } 2132 2133 acl_free(acl); 2134 return (error); 2135 } 2136 2137 /* 2138 * smb_fsop_aclwrite 2139 * 2140 * Stores the filesystem ACL provided in fs_sd->sd_acl. 2141 */ 2142 int 2143 smb_fsop_aclwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2144 smb_fssd_t *fs_sd) 2145 { 2146 int target_flavor; 2147 int error = 0; 2148 int flags = 0; 2149 int access = 0; 2150 acl_t *acl, *dacl, *sacl; 2151 2152 ASSERT(cr); 2153 2154 ASSERT(sr); 2155 ASSERT(sr->tid_tree); 2156 if (SMB_TREE_IS_READONLY(sr)) 2157 return (EROFS); 2158 2159 /* Can't set security on named streams */ 2160 if (SMB_IS_STREAM(snode) != NULL) 2161 return (EINVAL); 2162 2163 if (SMB_TREE_HAS_ACCESS(sr, ACE_WRITE_ACL) == 0) 2164 return (EACCES); 2165 2166 if (sr->fid_ofile) { 2167 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 2168 access = WRITE_DAC; 2169 2170 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 2171 access |= ACCESS_SYSTEM_SECURITY; 2172 2173 error = smb_ofile_access(sr->fid_ofile, cr, access); 2174 if (error != NT_STATUS_SUCCESS) 2175 return (EACCES); 2176 } 2177 2178 switch (sr->tid_tree->t_acltype) { 2179 case ACLENT_T: 2180 target_flavor = _ACL_ACLENT_ENABLED; 2181 break; 2182 2183 case ACE_T: 2184 target_flavor = _ACL_ACE_ENABLED; 2185 break; 2186 default: 2187 return (EINVAL); 2188 } 2189 2190 dacl = fs_sd->sd_zdacl; 2191 sacl = fs_sd->sd_zsacl; 2192 2193 ASSERT(dacl || sacl); 2194 if ((dacl == NULL) && (sacl == NULL)) 2195 return (EINVAL); 2196 2197 if (dacl && sacl) 2198 acl = smb_fsacl_merge(dacl, sacl); 2199 else if (dacl) 2200 acl = dacl; 2201 else 2202 acl = sacl; 2203 2204 error = acl_translate(acl, target_flavor, smb_node_is_dir(snode), 2205 fs_sd->sd_uid, fs_sd->sd_gid); 2206 if (error == 0) { 2207 if (smb_tree_has_feature(sr->tid_tree, 2208 SMB_TREE_ACEMASKONACCESS)) 2209 flags = ATTR_NOACLCHECK; 2210 2211 error = smb_vop_acl_write(snode->vp, acl, flags, cr); 2212 } 2213 2214 if (dacl && sacl) 2215 acl_free(acl); 2216 2217 return (error); 2218 } 2219 2220 acl_type_t 2221 smb_fsop_acltype(smb_node_t *snode) 2222 { 2223 return (smb_vop_acl_type(snode->vp)); 2224 } 2225 2226 /* 2227 * smb_fsop_sdread 2228 * 2229 * Read the requested security descriptor items from filesystem. 2230 * The items are specified in fs_sd->sd_secinfo. 2231 */ 2232 int 2233 smb_fsop_sdread(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2234 smb_fssd_t *fs_sd) 2235 { 2236 int error = 0; 2237 int getowner = 0; 2238 cred_t *ga_cred; 2239 smb_attr_t attr; 2240 2241 ASSERT(cr); 2242 ASSERT(fs_sd); 2243 2244 /* Can't query security on named streams */ 2245 if (SMB_IS_STREAM(snode) != NULL) 2246 return (EINVAL); 2247 2248 /* 2249 * File's uid/gid is fetched in two cases: 2250 * 2251 * 1. it's explicitly requested 2252 * 2253 * 2. target ACL is ACE_T (ZFS ACL). They're needed for 2254 * owner@/group@ entries. In this case kcred should be used 2255 * because uid/gid are fetched on behalf of smb server. 2256 */ 2257 if (fs_sd->sd_secinfo & (SMB_OWNER_SECINFO | SMB_GROUP_SECINFO)) { 2258 getowner = 1; 2259 ga_cred = cr; 2260 } else if (sr->tid_tree->t_acltype == ACE_T) { 2261 getowner = 1; 2262 ga_cred = zone_kcred(); 2263 } 2264 2265 if (getowner) { 2266 /* 2267 * Windows require READ_CONTROL to read owner/group SID since 2268 * they're part of Security Descriptor. 2269 * ZFS only requires read_attribute. Need to have a explicit 2270 * access check here. 2271 */ 2272 if (sr->fid_ofile == NULL) { 2273 error = smb_fsop_access(sr, ga_cred, snode, 2274 READ_CONTROL); 2275 if (error) 2276 return (EACCES); 2277 } 2278 2279 attr.sa_mask = SMB_AT_UID | SMB_AT_GID; 2280 error = smb_fsop_getattr(sr, ga_cred, snode, &attr); 2281 if (error == 0) { 2282 fs_sd->sd_uid = attr.sa_vattr.va_uid; 2283 fs_sd->sd_gid = attr.sa_vattr.va_gid; 2284 } else { 2285 return (error); 2286 } 2287 } 2288 2289 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 2290 error = smb_fsop_aclread(sr, cr, snode, fs_sd); 2291 } 2292 2293 return (error); 2294 } 2295 2296 /* 2297 * smb_fsop_sdmerge 2298 * 2299 * From SMB point of view DACL and SACL are two separate list 2300 * which can be manipulated independently without one affecting 2301 * the other, but entries for both DACL and SACL will end up 2302 * in the same ACL if target filesystem supports ACE_T ACLs. 2303 * 2304 * So, if either DACL or SACL is present in the client set request 2305 * the entries corresponding to the non-present ACL shouldn't 2306 * be touched in the FS ACL. 2307 * 2308 * fs_sd parameter contains DACL and SACL specified by SMB 2309 * client to be set on a file/directory. The client could 2310 * specify both or one of these ACLs (if none is specified 2311 * we don't get this far). When both DACL and SACL are given 2312 * by client the existing ACL should be overwritten. If only 2313 * one of them is specified the entries corresponding to the other 2314 * ACL should not be touched. For example, if only DACL 2315 * is specified in input fs_sd, the function reads audit entries 2316 * of the existing ACL of the file and point fs_sd->sd_zsdacl 2317 * pointer to the fetched SACL, this way when smb_fsop_sdwrite() 2318 * function is called the passed fs_sd would point to the specified 2319 * DACL by client and fetched SACL from filesystem, so the file 2320 * will end up with correct ACL. 2321 */ 2322 static int 2323 smb_fsop_sdmerge(smb_request_t *sr, smb_node_t *snode, smb_fssd_t *fs_sd) 2324 { 2325 smb_fssd_t cur_sd; 2326 cred_t *kcr = zone_kcred(); 2327 int error = 0; 2328 2329 if (sr->tid_tree->t_acltype != ACE_T) 2330 /* Don't bother if target FS doesn't support ACE_T */ 2331 return (0); 2332 2333 if ((fs_sd->sd_secinfo & SMB_ACL_SECINFO) != SMB_ACL_SECINFO) { 2334 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) { 2335 /* 2336 * Don't overwrite existing audit entries 2337 */ 2338 smb_fssd_init(&cur_sd, SMB_SACL_SECINFO, 2339 fs_sd->sd_flags); 2340 2341 error = smb_fsop_sdread(sr, kcr, snode, &cur_sd); 2342 if (error == 0) { 2343 ASSERT(fs_sd->sd_zsacl == NULL); 2344 fs_sd->sd_zsacl = cur_sd.sd_zsacl; 2345 if (fs_sd->sd_zsacl && fs_sd->sd_zdacl) 2346 fs_sd->sd_zsacl->acl_flags = 2347 fs_sd->sd_zdacl->acl_flags; 2348 } 2349 } else { 2350 /* 2351 * Don't overwrite existing access entries 2352 */ 2353 smb_fssd_init(&cur_sd, SMB_DACL_SECINFO, 2354 fs_sd->sd_flags); 2355 2356 error = smb_fsop_sdread(sr, kcr, snode, &cur_sd); 2357 if (error == 0) { 2358 ASSERT(fs_sd->sd_zdacl == NULL); 2359 fs_sd->sd_zdacl = cur_sd.sd_zdacl; 2360 if (fs_sd->sd_zdacl && fs_sd->sd_zsacl) 2361 fs_sd->sd_zdacl->acl_flags = 2362 fs_sd->sd_zsacl->acl_flags; 2363 } 2364 } 2365 2366 if (error) 2367 smb_fssd_term(&cur_sd); 2368 } 2369 2370 return (error); 2371 } 2372 2373 /* 2374 * smb_fsop_sdwrite 2375 * 2376 * Stores the given uid, gid and acl in filesystem. 2377 * Provided items in fs_sd are specified by fs_sd->sd_secinfo. 2378 * 2379 * A SMB security descriptor could contain owner, primary group, 2380 * DACL and SACL. Setting an SD should be atomic but here it has to 2381 * be done via two separate FS operations: VOP_SETATTR and 2382 * VOP_SETSECATTR. Therefore, this function has to simulate the 2383 * atomicity as well as it can. 2384 * 2385 * Get the current uid, gid before setting the new uid/gid 2386 * so if smb_fsop_aclwrite fails they can be restored. root cred is 2387 * used to get currend uid/gid since this operation is performed on 2388 * behalf of the server not the user. 2389 * 2390 * If setting uid/gid fails with EPERM it means that and invalid 2391 * owner has been specified. Callers should translate this to 2392 * STATUS_INVALID_OWNER which is not the normal mapping for EPERM 2393 * in upper layers, so EPERM is mapped to EBADE. 2394 */ 2395 int 2396 smb_fsop_sdwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2397 smb_fssd_t *fs_sd, int overwrite) 2398 { 2399 smb_attr_t set_attr; 2400 smb_attr_t orig_attr; 2401 cred_t *kcr = zone_kcred(); 2402 int error = 0; 2403 int access = 0; 2404 2405 ASSERT(cr); 2406 ASSERT(fs_sd); 2407 2408 ASSERT(sr); 2409 ASSERT(sr->tid_tree); 2410 if (SMB_TREE_IS_READONLY(sr)) 2411 return (EROFS); 2412 2413 /* Can't set security on named streams */ 2414 if (SMB_IS_STREAM(snode) != NULL) 2415 return (EINVAL); 2416 2417 bzero(&set_attr, sizeof (smb_attr_t)); 2418 2419 if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) { 2420 set_attr.sa_vattr.va_uid = fs_sd->sd_uid; 2421 set_attr.sa_mask |= SMB_AT_UID; 2422 access |= WRITE_OWNER; 2423 } 2424 2425 if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) { 2426 set_attr.sa_vattr.va_gid = fs_sd->sd_gid; 2427 set_attr.sa_mask |= SMB_AT_GID; 2428 access |= WRITE_OWNER; 2429 } 2430 2431 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 2432 access |= WRITE_DAC; 2433 2434 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 2435 access |= ACCESS_SYSTEM_SECURITY; 2436 2437 if (sr->fid_ofile) 2438 error = smb_ofile_access(sr->fid_ofile, cr, access); 2439 else 2440 error = smb_fsop_access(sr, cr, snode, access); 2441 2442 if (error) 2443 return (EACCES); 2444 2445 if (set_attr.sa_mask) { 2446 orig_attr.sa_mask = SMB_AT_UID | SMB_AT_GID; 2447 error = smb_fsop_getattr(sr, kcr, snode, &orig_attr); 2448 if (error == 0) { 2449 error = smb_fsop_setattr(sr, cr, snode, &set_attr); 2450 if (error == EPERM) 2451 error = EBADE; 2452 } 2453 2454 if (error) 2455 return (error); 2456 } 2457 2458 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 2459 if (overwrite == 0) { 2460 error = smb_fsop_sdmerge(sr, snode, fs_sd); 2461 if (error) 2462 return (error); 2463 } 2464 2465 error = smb_fsop_aclwrite(sr, cr, snode, fs_sd); 2466 if (error) { 2467 /* 2468 * Revert uid/gid changes if required. 2469 */ 2470 if (set_attr.sa_mask) { 2471 orig_attr.sa_mask = set_attr.sa_mask; 2472 (void) smb_fsop_setattr(sr, kcr, snode, 2473 &orig_attr); 2474 } 2475 } 2476 } 2477 2478 return (error); 2479 } 2480 2481 #ifdef _KERNEL 2482 /* 2483 * smb_fsop_sdinherit 2484 * 2485 * Inherit the security descriptor from the parent container. 2486 * This function is called after FS has created the file/folder 2487 * so if this doesn't do anything it means FS inheritance is 2488 * in place. 2489 * 2490 * Do inheritance for ZFS internally. 2491 * 2492 * If we want to let ZFS does the inheritance the 2493 * following setting should be true: 2494 * 2495 * - aclinherit = passthrough 2496 * - aclmode = passthrough 2497 * - smbd umask = 0777 2498 * 2499 * This will result in right effective permissions but 2500 * ZFS will always add 6 ACEs for owner, owning group 2501 * and others to be POSIX compliant. This is not what 2502 * Windows clients/users expect, so we decided that CIFS 2503 * implements Windows rules and overwrite whatever ZFS 2504 * comes up with. This way we also don't have to care 2505 * about ZFS aclinherit and aclmode settings. 2506 */ 2507 static int 2508 smb_fsop_sdinherit(smb_request_t *sr, smb_node_t *dnode, smb_fssd_t *fs_sd) 2509 { 2510 acl_t *dacl = NULL; 2511 acl_t *sacl = NULL; 2512 int is_dir; 2513 int error; 2514 2515 ASSERT(fs_sd); 2516 2517 if (sr->tid_tree->t_acltype != ACE_T) { 2518 /* 2519 * No forced inheritance for non-ZFS filesystems. 2520 */ 2521 fs_sd->sd_secinfo = 0; 2522 return (0); 2523 } 2524 2525 2526 /* Fetch parent directory's ACL */ 2527 error = smb_fsop_sdread(sr, zone_kcred(), dnode, fs_sd); 2528 if (error) { 2529 return (error); 2530 } 2531 2532 is_dir = (fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR); 2533 dacl = smb_fsacl_inherit(fs_sd->sd_zdacl, is_dir, SMB_DACL_SECINFO, 2534 sr->user_cr); 2535 sacl = smb_fsacl_inherit(fs_sd->sd_zsacl, is_dir, SMB_SACL_SECINFO, 2536 sr->user_cr); 2537 2538 if (sacl == NULL) 2539 fs_sd->sd_secinfo &= ~SMB_SACL_SECINFO; 2540 2541 smb_fsacl_free(fs_sd->sd_zdacl); 2542 smb_fsacl_free(fs_sd->sd_zsacl); 2543 2544 fs_sd->sd_zdacl = dacl; 2545 fs_sd->sd_zsacl = sacl; 2546 2547 return (0); 2548 } 2549 #endif /* _KERNEL */ 2550 2551 /* 2552 * smb_fsop_eaccess 2553 * 2554 * Returns the effective permission of the given credential for the 2555 * specified object. 2556 * 2557 * This is just a workaround. We need VFS/FS support for this. 2558 */ 2559 void 2560 smb_fsop_eaccess(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2561 uint32_t *eaccess) 2562 { 2563 int access = 0; 2564 vnode_t *dir_vp; 2565 smb_node_t *unnamed_node; 2566 2567 ASSERT(cr); 2568 ASSERT(snode); 2569 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 2570 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 2571 2572 unnamed_node = SMB_IS_STREAM(snode); 2573 if (unnamed_node) { 2574 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 2575 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 2576 /* 2577 * Streams authorization should be performed against the 2578 * unnamed stream. 2579 */ 2580 snode = unnamed_node; 2581 } 2582 2583 if (smb_tree_has_feature(sr->tid_tree, SMB_TREE_ACEMASKONACCESS)) { 2584 dir_vp = (snode->n_dnode) ? snode->n_dnode->vp : NULL; 2585 smb_vop_eaccess(snode->vp, (int *)eaccess, V_ACE_MASK, dir_vp, 2586 cr); 2587 return; 2588 } 2589 2590 /* 2591 * FS doesn't understand 32-bit mask 2592 */ 2593 smb_vop_eaccess(snode->vp, &access, 0, NULL, cr); 2594 access &= sr->tid_tree->t_access; 2595 2596 *eaccess = READ_CONTROL | FILE_READ_EA | FILE_READ_ATTRIBUTES; 2597 2598 if (access & VREAD) 2599 *eaccess |= FILE_READ_DATA; 2600 2601 if (access & VEXEC) 2602 *eaccess |= FILE_EXECUTE; 2603 2604 if (access & VWRITE) 2605 *eaccess |= FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | 2606 FILE_WRITE_EA | FILE_APPEND_DATA | FILE_DELETE_CHILD; 2607 2608 if (access & (VREAD | VWRITE)) 2609 *eaccess |= SYNCHRONIZE; 2610 2611 #ifdef _FAKE_KERNEL 2612 /* Should be: if (we are the owner)... */ 2613 if (access & VWRITE) 2614 *eaccess |= DELETE | WRITE_DAC | WRITE_OWNER; 2615 #endif 2616 } 2617 2618 /* 2619 * smb_fsop_shrlock 2620 * 2621 * For the current open request, check file sharing rules 2622 * against existing opens. 2623 * 2624 * Returns NT_STATUS_SHARING_VIOLATION if there is any 2625 * sharing conflict. Returns NT_STATUS_SUCCESS otherwise. 2626 * 2627 * Full system-wide share reservation synchronization is available 2628 * when the nbmand (non-blocking mandatory) mount option is set 2629 * (i.e. nbl_need_crit() is true) and nbmand critical regions are used. 2630 * This provides synchronization with NFS and local processes. The 2631 * critical regions are entered in VOP_SHRLOCK()/fs_shrlock() (called 2632 * from smb_open_subr()/smb_fsop_shrlock()/smb_vop_shrlock()) as well 2633 * as the CIFS rename and delete paths. 2634 * 2635 * The CIFS server will also enter the nbl critical region in the open, 2636 * rename, and delete paths when nbmand is not set. There is limited 2637 * coordination with local and VFS share reservations in this case. 2638 * Note that when the nbmand mount option is not set, the VFS layer 2639 * only processes advisory reservations and the delete mode is not checked. 2640 * 2641 * Whether or not the nbmand mount option is set, intra-CIFS share 2642 * checking is done in the open, delete, and rename paths using a CIFS 2643 * critical region (node->n_share_lock). 2644 */ 2645 uint32_t 2646 smb_fsop_shrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid, 2647 uint32_t desired_access, uint32_t share_access) 2648 { 2649 int rc; 2650 2651 /* Allow access if the request is just for meta data */ 2652 if ((desired_access & FILE_DATA_ALL) == 0) 2653 return (NT_STATUS_SUCCESS); 2654 2655 rc = smb_node_open_check(node, desired_access, share_access); 2656 if (rc) 2657 return (NT_STATUS_SHARING_VIOLATION); 2658 2659 rc = smb_vop_shrlock(node->vp, uniq_fid, desired_access, share_access, 2660 cr); 2661 if (rc) 2662 return (NT_STATUS_SHARING_VIOLATION); 2663 2664 return (NT_STATUS_SUCCESS); 2665 } 2666 2667 void 2668 smb_fsop_unshrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid) 2669 { 2670 (void) smb_vop_unshrlock(node->vp, uniq_fid, cr); 2671 } 2672 2673 int 2674 smb_fsop_frlock(smb_node_t *node, smb_lock_t *lock, boolean_t unlock, 2675 cred_t *cr) 2676 { 2677 flock64_t bf; 2678 int flag = F_REMOTELOCK; 2679 2680 /* 2681 * VOP_FRLOCK() will not be called if: 2682 * 2683 * 1) The lock has a range of zero bytes. The semantics of Windows and 2684 * POSIX are different. In the case of POSIX it asks for the locking 2685 * of all the bytes from the offset provided until the end of the 2686 * file. In the case of Windows a range of zero locks nothing and 2687 * doesn't conflict with any other lock. 2688 * 2689 * 2) The lock rolls over (start + lenght < start). Solaris will assert 2690 * if such a request is submitted. This will not create 2691 * incompatibilities between POSIX and Windows. In the Windows world, 2692 * if a client submits such a lock, the server will not lock any 2693 * bytes. Interestingly if the same lock (same offset and length) is 2694 * resubmitted Windows will consider that there is an overlap and 2695 * the granting rules will then apply. 2696 * 2697 * 3) The SMB-level process IDs (smb_pid) are not passed down to the 2698 * POSIX level in l_pid because (a) the rules about lock PIDs are 2699 * different in SMB, and (b) we're putting our ofile f_uniqid in 2700 * the POSIX l_pid field to segregate locks per SMB ofile. 2701 * (We're also using a "remote" system ID in l_sysid.) 2702 * All SMB locking PIDs are handled at the SMB level and 2703 * not exposed in POSIX locking. 2704 */ 2705 if ((lock->l_length == 0) || 2706 ((lock->l_start + lock->l_length - 1) < lock->l_start)) 2707 return (0); 2708 2709 bzero(&bf, sizeof (bf)); 2710 2711 if (unlock) { 2712 bf.l_type = F_UNLCK; 2713 } else if (lock->l_type == SMB_LOCK_TYPE_READONLY) { 2714 bf.l_type = F_RDLCK; 2715 flag |= FREAD; 2716 } else if (lock->l_type == SMB_LOCK_TYPE_READWRITE) { 2717 bf.l_type = F_WRLCK; 2718 flag |= FWRITE; 2719 } 2720 2721 bf.l_start = lock->l_start; 2722 bf.l_len = lock->l_length; 2723 bf.l_pid = lock->l_file->f_uniqid; 2724 bf.l_sysid = smb_ct.cc_sysid; 2725 2726 return (smb_vop_frlock(node->vp, cr, flag, &bf)); 2727 } 2728