1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 #include <sys/sid.h> 29 #include <sys/nbmlock.h> 30 #include <smbsrv/smb_fsops.h> 31 #include <smbsrv/smb_kproto.h> 32 #include <smbsrv/ntstatus.h> 33 #include <smbsrv/ntaccess.h> 34 #include <smbsrv/smb_incl.h> 35 #include <acl/acl_common.h> 36 #include <sys/fcntl.h> 37 #include <sys/flock.h> 38 #include <fs/fs_subr.h> 39 40 extern caller_context_t smb_ct; 41 42 extern int smb_fem_oplock_install(smb_node_t *); 43 extern void smb_fem_oplock_uninstall(smb_node_t *); 44 45 extern int smb_vop_other_opens(vnode_t *, int); 46 47 static int smb_fsop_sdinherit(smb_request_t *sr, smb_node_t *dnode, 48 smb_fssd_t *fs_sd); 49 50 /* 51 * The smb_fsop_* functions have knowledge of CIFS semantics. 52 * 53 * The smb_vop_* functions have minimal knowledge of CIFS semantics and 54 * serve as an interface to the VFS layer. 55 * 56 * Hence, smb_request_t and smb_node_t structures should not be passed 57 * from the smb_fsop_* layer to the smb_vop_* layer. 58 * 59 * In general, CIFS service code should only ever call smb_fsop_* 60 * functions directly, and never smb_vop_* functions directly. 61 * 62 * smb_fsop_* functions should call smb_vop_* functions where possible, instead 63 * of their smb_fsop_* counterparts. However, there are times when 64 * this cannot be avoided. 65 */ 66 67 /* 68 * Note: Stream names cannot be mangled. 69 */ 70 71 /* 72 * smb_fsop_amask_to_omode 73 * 74 * Convert the access mask to the open mode (for use 75 * with the VOP_OPEN call). 76 * 77 * Note that opening a file for attribute only access 78 * will also translate into an FREAD or FWRITE open mode 79 * (i.e., it's not just for data). 80 * 81 * This is needed so that opens are tracked appropriately 82 * for oplock processing. 83 */ 84 85 int 86 smb_fsop_amask_to_omode(uint32_t access) 87 { 88 int mode = 0; 89 90 if (access & (FILE_READ_DATA | FILE_EXECUTE | 91 FILE_READ_ATTRIBUTES | FILE_READ_EA)) 92 mode |= FREAD; 93 94 if (access & (FILE_WRITE_DATA | FILE_APPEND_DATA | 95 FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA)) 96 mode |= FWRITE; 97 98 if (access & FILE_APPEND_DATA) 99 mode |= FAPPEND; 100 101 return (mode); 102 } 103 104 int 105 smb_fsop_open(smb_node_t *node, int mode, cred_t *cred) 106 { 107 /* 108 * Assuming that the same vnode is returned as we had before. 109 * (I.e., with certain types of files or file systems, a 110 * different vnode might be returned by VOP_OPEN) 111 */ 112 return (smb_vop_open(&node->vp, mode, cred)); 113 } 114 115 int 116 smb_fsop_close(smb_node_t *node, int mode, cred_t *cred) 117 { 118 return (smb_vop_close(node->vp, mode, cred)); 119 } 120 121 int 122 smb_fsop_oplock_install(smb_node_t *node, int mode) 123 { 124 int rc; 125 126 if (smb_vop_other_opens(node->vp, mode)) 127 return (EMFILE); 128 129 if ((rc = smb_fem_oplock_install(node))) 130 return (rc); 131 132 if (smb_vop_other_opens(node->vp, mode)) { 133 (void) smb_fem_oplock_uninstall(node); 134 return (EMFILE); 135 } 136 137 return (0); 138 } 139 140 void 141 smb_fsop_oplock_uninstall(smb_node_t *node) 142 { 143 smb_fem_oplock_uninstall(node); 144 } 145 146 static int 147 smb_fsop_create_with_sd( 148 smb_request_t *sr, 149 cred_t *cr, 150 smb_node_t *snode, 151 char *name, 152 smb_attr_t *attr, 153 smb_node_t **ret_snode, 154 smb_attr_t *ret_attr, 155 smb_fssd_t *fs_sd) 156 { 157 vsecattr_t *vsap; 158 vsecattr_t vsecattr; 159 acl_t *acl, *dacl, *sacl; 160 smb_attr_t set_attr; 161 vnode_t *vp; 162 int aclbsize = 0; /* size of acl list in bytes */ 163 int flags = 0; 164 int is_dir; 165 int rc; 166 boolean_t no_xvattr = B_FALSE; 167 168 ASSERT(fs_sd); 169 170 if (SMB_TREE_CASE_INSENSITIVE(sr)) 171 flags = SMB_IGNORE_CASE; 172 173 ASSERT(cr); 174 175 is_dir = ((fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR) != 0); 176 177 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACLONCREATE) { 178 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 179 dacl = fs_sd->sd_zdacl; 180 sacl = fs_sd->sd_zsacl; 181 ASSERT(dacl || sacl); 182 if (dacl && sacl) { 183 acl = smb_fsacl_merge(dacl, sacl); 184 } else if (dacl) { 185 acl = dacl; 186 } else { 187 acl = sacl; 188 } 189 190 rc = smb_fsacl_to_vsa(acl, &vsecattr, &aclbsize); 191 192 if (dacl && sacl) 193 acl_free(acl); 194 195 if (rc) 196 return (rc); 197 198 vsap = &vsecattr; 199 } 200 else 201 vsap = NULL; 202 203 if (is_dir) { 204 rc = smb_vop_mkdir(snode->vp, name, attr, &vp, flags, 205 cr, vsap); 206 } else { 207 rc = smb_vop_create(snode->vp, name, attr, &vp, flags, 208 cr, vsap); 209 } 210 211 if (vsap != NULL) 212 kmem_free(vsap->vsa_aclentp, aclbsize); 213 214 if (rc != 0) 215 return (rc); 216 217 set_attr.sa_mask = 0; 218 219 /* 220 * Ideally we should be able to specify the owner and owning 221 * group at create time along with the ACL. Since we cannot 222 * do that right now, kcred is passed to smb_vop_setattr so it 223 * doesn't fail due to lack of permission. 224 */ 225 if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) { 226 set_attr.sa_vattr.va_uid = fs_sd->sd_uid; 227 set_attr.sa_mask |= SMB_AT_UID; 228 } 229 230 if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) { 231 set_attr.sa_vattr.va_gid = fs_sd->sd_gid; 232 set_attr.sa_mask |= SMB_AT_GID; 233 } 234 235 if (set_attr.sa_mask) { 236 if (sr && sr->tid_tree) 237 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_UFS) 238 no_xvattr = B_TRUE; 239 rc = smb_vop_setattr(snode->vp, NULL, &set_attr, 240 0, kcred, no_xvattr); 241 } 242 243 } else { 244 /* 245 * For filesystems that don't support ACL-on-create, try 246 * to set the specified SD after create, which could actually 247 * fail because of conflicts between inherited security 248 * attributes upon creation and the specified SD. 249 * 250 * Passing kcred to smb_fsop_sdwrite() to overcome this issue. 251 */ 252 253 if (is_dir) { 254 rc = smb_vop_mkdir(snode->vp, name, attr, &vp, flags, 255 cr, NULL); 256 } else { 257 rc = smb_vop_create(snode->vp, name, attr, &vp, flags, 258 cr, NULL); 259 } 260 261 if (rc != 0) 262 return (rc); 263 264 if ((sr->tid_tree->t_flags & SMB_TREE_FLAG_NFS_MOUNTED) == 0) 265 rc = smb_fsop_sdwrite(sr, kcred, snode, fs_sd, 1); 266 } 267 268 if (rc == 0) { 269 *ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp, name, 270 snode, NULL, ret_attr); 271 272 if (*ret_snode == NULL) { 273 VN_RELE(vp); 274 rc = ENOMEM; 275 } 276 } 277 278 if (rc != 0) { 279 if (is_dir) { 280 (void) smb_vop_rmdir(snode->vp, name, flags, cr); 281 } else { 282 (void) smb_vop_remove(snode->vp, name, flags, cr); 283 } 284 } 285 286 return (rc); 287 } 288 289 /* 290 * smb_fsop_create 291 * 292 * All SMB functions should use this wrapper to ensure that 293 * all the smb_vop_creates are performed with the appropriate credentials. 294 * Please document any direct calls to explain the reason 295 * for avoiding this wrapper. 296 * 297 * It is assumed that a reference exists on snode coming into this routine. 298 * 299 * *ret_snode is returned with a reference upon success. No reference is 300 * taken if an error is returned. 301 */ 302 303 int 304 smb_fsop_create( 305 smb_request_t *sr, 306 cred_t *cr, 307 smb_node_t *dir_snode, 308 char *name, 309 smb_attr_t *attr, 310 smb_node_t **ret_snode, 311 smb_attr_t *ret_attr) 312 { 313 struct open_param *op = &sr->arg.open; 314 boolean_t no_xvattr = B_FALSE; 315 smb_node_t *fnode; 316 smb_attr_t file_attr; 317 vnode_t *xattrdirvp; 318 vnode_t *vp; 319 char *longname = NULL; 320 char *namep; 321 char *fname; 322 char *sname; 323 int is_stream; 324 int flags = 0; 325 int rc = 0; 326 smb_fssd_t fs_sd; 327 uint32_t secinfo; 328 uint32_t status; 329 330 ASSERT(cr); 331 ASSERT(dir_snode); 332 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 333 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 334 335 ASSERT(ret_snode); 336 *ret_snode = 0; 337 338 ASSERT(name); 339 if (*name == 0) 340 return (EINVAL); 341 342 if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 343 return (EACCES); 344 345 ASSERT(sr); 346 ASSERT(sr->tid_tree); 347 if (SMB_TREE_IS_READ_ONLY(sr)) 348 return (EROFS); 349 350 if (SMB_TREE_CASE_INSENSITIVE(sr)) 351 flags = SMB_IGNORE_CASE; 352 353 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 354 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 355 356 is_stream = smb_stream_parse_name(name, fname, sname); 357 358 if (is_stream) 359 namep = fname; 360 else 361 namep = name; 362 363 if (smb_maybe_mangled_name(namep)) { 364 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 365 366 rc = smb_unmangle_name(sr, cr, dir_snode, namep, longname, 367 MAXNAMELEN, NULL, NULL, 1); 368 369 if ((is_stream == 0) && (rc == 0)) 370 rc = EEXIST; 371 372 if ((is_stream && rc) || 373 ((is_stream == 0) && (rc != ENOENT))) { 374 kmem_free(longname, MAXNAMELEN); 375 kmem_free(fname, MAXNAMELEN); 376 kmem_free(sname, MAXNAMELEN); 377 return (rc); 378 } 379 380 if (is_stream) 381 namep = longname; 382 else 383 kmem_free(longname, MAXNAMELEN); 384 } 385 386 if (is_stream) { 387 /* 388 * Look up the unnamed stream. 389 * 390 * Mangle processing in smb_fsop_lookup() for the unnamed 391 * stream won't be needed (as it was done above), but 392 * it may be needed on any link target (which 393 * smb_fsop_lookup() will provide). 394 */ 395 rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS, 396 sr->tid_tree->t_snode, dir_snode, namep, &fnode, &file_attr, 397 0, 0); 398 399 if (longname) { 400 kmem_free(longname, MAXNAMELEN); 401 namep = NULL; 402 } 403 404 if (rc != 0) { 405 kmem_free(fname, MAXNAMELEN); 406 kmem_free(sname, MAXNAMELEN); 407 return (rc); 408 } 409 410 rc = smb_vop_stream_create(fnode->vp, sname, attr, &vp, 411 &xattrdirvp, flags, cr); 412 413 if (rc != 0) { 414 smb_node_release(fnode); 415 kmem_free(fname, MAXNAMELEN); 416 kmem_free(sname, MAXNAMELEN); 417 return (rc); 418 } 419 420 if (sr && sr->tid_tree) 421 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_UFS) 422 no_xvattr = B_TRUE; 423 424 attr->sa_vattr.va_uid = file_attr.sa_vattr.va_uid; 425 attr->sa_vattr.va_gid = file_attr.sa_vattr.va_gid; 426 attr->sa_mask = SMB_AT_UID | SMB_AT_GID; 427 428 /* 429 * The second parameter of smb_vop_setattr() is set to 430 * NULL, even though an unnamed stream exists. This is 431 * because we want to set the UID and GID on the named 432 * stream in this case for consistency with the (unnamed 433 * stream) file (see comments for smb_vop_setattr()). 434 */ 435 436 rc = smb_vop_setattr(vp, NULL, attr, 0, kcred, no_xvattr); 437 438 if (rc != 0) { 439 smb_node_release(fnode); 440 kmem_free(fname, MAXNAMELEN); 441 kmem_free(sname, MAXNAMELEN); 442 return (rc); 443 } 444 445 *ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, 446 vp, sname, ret_attr); 447 448 smb_node_release(fnode); 449 450 if (*ret_snode == NULL) { 451 VN_RELE(xattrdirvp); 452 VN_RELE(vp); 453 kmem_free(fname, MAXNAMELEN); 454 kmem_free(sname, MAXNAMELEN); 455 return (ENOMEM); 456 } 457 } else { 458 if (op->sd) { 459 /* 460 * SD sent by client in Windows format. Needs to be 461 * converted to FS format. No inheritance. 462 */ 463 secinfo = smb_sd_get_secinfo(op->sd); 464 smb_fssd_init(&fs_sd, secinfo, 0); 465 466 status = smb_sd_tofs(op->sd, &fs_sd); 467 if (status == NT_STATUS_SUCCESS) { 468 rc = smb_fsop_create_with_sd(sr, cr, dir_snode, 469 name, attr, ret_snode, ret_attr, &fs_sd); 470 } 471 else 472 rc = EINVAL; 473 smb_fssd_term(&fs_sd); 474 } else if (sr->tid_tree->t_acltype == ACE_T) { 475 /* 476 * No incoming SD and filesystem is ZFS 477 * Server applies Windows inheritance rules, 478 * see smb_fsop_sdinherit() comments as to why. 479 */ 480 smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, 0); 481 rc = smb_fsop_sdinherit(sr, dir_snode, &fs_sd); 482 if (rc == 0) { 483 rc = smb_fsop_create_with_sd(sr, cr, dir_snode, 484 name, attr, ret_snode, ret_attr, &fs_sd); 485 } 486 487 smb_fssd_term(&fs_sd); 488 } else { 489 /* 490 * No incoming SD and filesystem is not ZFS 491 * let the filesystem handles the inheritance. 492 */ 493 rc = smb_vop_create(dir_snode->vp, name, attr, &vp, 494 flags, cr, NULL); 495 496 if (rc == 0) { 497 *ret_snode = smb_node_lookup(sr, op, cr, vp, 498 name, dir_snode, NULL, ret_attr); 499 500 if (*ret_snode == NULL) { 501 VN_RELE(vp); 502 rc = ENOMEM; 503 } 504 } 505 506 } 507 } 508 509 kmem_free(fname, MAXNAMELEN); 510 kmem_free(sname, MAXNAMELEN); 511 return (rc); 512 } 513 514 /* 515 * smb_fsop_mkdir 516 * 517 * All SMB functions should use this wrapper to ensure that 518 * the the calls are performed with the appropriate credentials. 519 * Please document any direct call to explain the reason 520 * for avoiding this wrapper. 521 * 522 * It is assumed that a reference exists on snode coming into this routine. 523 * 524 * *ret_snode is returned with a reference upon success. No reference is 525 * taken if an error is returned. 526 */ 527 int 528 smb_fsop_mkdir( 529 smb_request_t *sr, 530 cred_t *cr, 531 smb_node_t *dir_snode, 532 char *name, 533 smb_attr_t *attr, 534 smb_node_t **ret_snode, 535 smb_attr_t *ret_attr) 536 { 537 struct open_param *op = &sr->arg.open; 538 char *longname; 539 vnode_t *vp; 540 int flags = 0; 541 smb_fssd_t fs_sd; 542 uint32_t secinfo; 543 uint32_t status; 544 int rc; 545 ASSERT(cr); 546 ASSERT(dir_snode); 547 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 548 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 549 550 ASSERT(ret_snode); 551 *ret_snode = 0; 552 553 ASSERT(name); 554 if (*name == 0) 555 return (EINVAL); 556 557 if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 558 return (EACCES); 559 560 ASSERT(sr); 561 ASSERT(sr->tid_tree); 562 if (SMB_TREE_IS_READ_ONLY(sr)) 563 return (EROFS); 564 565 if (smb_maybe_mangled_name(name)) { 566 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 567 rc = smb_unmangle_name(sr, cr, dir_snode, name, longname, 568 MAXNAMELEN, NULL, NULL, 1); 569 570 kmem_free(longname, MAXNAMELEN); 571 572 /* 573 * If the name passed in by the client has an unmangled 574 * equivalent that is found in the specified directory, 575 * then the mkdir cannot succeed. Return EEXIST. 576 * 577 * Only if ENOENT is returned will a mkdir be attempted. 578 */ 579 580 if (rc == 0) 581 rc = EEXIST; 582 583 if (rc != ENOENT) 584 return (rc); 585 } 586 587 if (SMB_TREE_CASE_INSENSITIVE(sr)) 588 flags = SMB_IGNORE_CASE; 589 590 if (op->sd) { 591 /* 592 * SD sent by client in Windows format. Needs to be 593 * converted to FS format. No inheritance. 594 */ 595 secinfo = smb_sd_get_secinfo(op->sd); 596 smb_fssd_init(&fs_sd, secinfo, SMB_FSSD_FLAGS_DIR); 597 598 status = smb_sd_tofs(op->sd, &fs_sd); 599 if (status == NT_STATUS_SUCCESS) { 600 rc = smb_fsop_create_with_sd(sr, cr, dir_snode, 601 name, attr, ret_snode, ret_attr, &fs_sd); 602 } 603 else 604 rc = EINVAL; 605 smb_fssd_term(&fs_sd); 606 } else if (sr->tid_tree->t_acltype == ACE_T) { 607 /* 608 * No incoming SD and filesystem is ZFS 609 * Server applies Windows inheritance rules, 610 * see smb_fsop_sdinherit() comments as to why. 611 */ 612 smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, SMB_FSSD_FLAGS_DIR); 613 rc = smb_fsop_sdinherit(sr, dir_snode, &fs_sd); 614 if (rc == 0) { 615 rc = smb_fsop_create_with_sd(sr, cr, dir_snode, 616 name, attr, ret_snode, ret_attr, &fs_sd); 617 } 618 619 smb_fssd_term(&fs_sd); 620 621 } else { 622 rc = smb_vop_mkdir(dir_snode->vp, name, attr, &vp, flags, cr, 623 NULL); 624 625 if (rc == 0) { 626 *ret_snode = smb_node_lookup(sr, op, cr, vp, name, 627 dir_snode, NULL, ret_attr); 628 629 if (*ret_snode == NULL) { 630 VN_RELE(vp); 631 rc = ENOMEM; 632 } 633 } 634 } 635 636 return (rc); 637 } 638 639 /* 640 * smb_fsop_remove 641 * 642 * All SMB functions should use this wrapper to ensure that 643 * the the calls are performed with the appropriate credentials. 644 * Please document any direct call to explain the reason 645 * for avoiding this wrapper. 646 * 647 * It is assumed that a reference exists on snode coming into this routine. 648 * 649 * od: This means that the name passed in is an on-disk name. 650 * A null smb_request might be passed to this function. 651 */ 652 653 int 654 smb_fsop_remove( 655 smb_request_t *sr, 656 cred_t *cr, 657 smb_node_t *dir_snode, 658 char *name, 659 int od) 660 { 661 smb_node_t *fnode; 662 smb_attr_t file_attr; 663 char *longname; 664 char *fname; 665 char *sname; 666 int flags = 0; 667 int rc; 668 669 ASSERT(cr); 670 /* 671 * The state of the node could be SMB_NODE_STATE_DESTROYING if this 672 * function is called during the deletion of the node (because of 673 * DELETE_ON_CLOSE). 674 */ 675 ASSERT(dir_snode); 676 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 677 678 if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 679 return (EACCES); 680 681 if (SMB_TREE_IS_READ_ONLY(sr)) 682 return (EROFS); 683 684 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 685 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 686 687 /* 688 * If the passed-in name is an on-disk name, 689 * then we need to do a case-sensitive remove. 690 * This is important if the on-disk name 691 * corresponds to a mangled name passed in by 692 * the client. We want to make sure to remove 693 * the exact file specified by the client, 694 * instead of letting the underlying file system 695 * do a remove on the "first match." 696 */ 697 698 if ((od == 0) && SMB_TREE_CASE_INSENSITIVE(sr)) 699 flags = SMB_IGNORE_CASE; 700 701 if (dir_snode->flags & NODE_XATTR_DIR) { 702 rc = smb_vop_stream_remove(dir_snode->dir_snode->vp, 703 name, flags, cr); 704 } else if (smb_stream_parse_name(name, fname, sname)) { 705 /* 706 * It is assumed that "name" corresponds to the path 707 * passed in by the client, and no need of suppressing 708 * case-insensitive lookups is needed. 709 */ 710 711 ASSERT(od == 0); 712 713 /* 714 * Look up the unnamed stream (i.e. fname). 715 * Unmangle processing will be done on fname 716 * as well as any link target. 717 */ 718 719 rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS, 720 sr->tid_tree->t_snode, dir_snode, fname, &fnode, &file_attr, 721 0, 0); 722 723 if (rc != 0) { 724 kmem_free(fname, MAXNAMELEN); 725 kmem_free(sname, MAXNAMELEN); 726 return (rc); 727 } 728 729 /* 730 * XXX 731 * Need to find out what permission is required by NTFS 732 * to remove a stream. 733 */ 734 rc = smb_vop_stream_remove(fnode->vp, sname, flags, cr); 735 736 smb_node_release(fnode); 737 } else { 738 rc = smb_vop_remove(dir_snode->vp, name, flags, cr); 739 740 if (rc == ENOENT) { 741 if (smb_maybe_mangled_name(name) == 0) { 742 kmem_free(fname, MAXNAMELEN); 743 kmem_free(sname, MAXNAMELEN); 744 return (rc); 745 } 746 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 747 748 rc = smb_unmangle_name(sr, cr, dir_snode, name, 749 longname, MAXNAMELEN, NULL, NULL, 1); 750 751 if (rc == 0) { 752 /* 753 * We passed "1" as the "od" parameter 754 * to smb_unmangle_name(), such that longname 755 * is the real (case-sensitive) on-disk name. 756 * We make sure we do a remove on this exact 757 * name, as the name was mangled and denotes 758 * a unique file. 759 */ 760 flags &= ~SMB_IGNORE_CASE; 761 rc = smb_vop_remove(dir_snode->vp, longname, 762 flags, cr); 763 } 764 765 kmem_free(longname, MAXNAMELEN); 766 } 767 } 768 769 kmem_free(fname, MAXNAMELEN); 770 kmem_free(sname, MAXNAMELEN); 771 return (rc); 772 } 773 774 /* 775 * smb_fsop_remove_streams 776 * 777 * This function removes a file's streams without removing the 778 * file itself. 779 * 780 * It is assumed that snode is not a link. 781 */ 782 int 783 smb_fsop_remove_streams(smb_request_t *sr, cred_t *cr, smb_node_t *fnode) 784 { 785 struct fs_stream_info stream_info; 786 uint32_t cookie = 0; 787 int flags = 0; 788 int rc; 789 790 ASSERT(cr); 791 ASSERT(fnode); 792 ASSERT(fnode->n_magic == SMB_NODE_MAGIC); 793 ASSERT(fnode->n_state != SMB_NODE_STATE_DESTROYING); 794 795 if (SMB_TREE_ROOT_FS(sr, fnode) == 0) 796 return (EACCES); 797 798 if (SMB_TREE_IS_READ_ONLY(sr)) 799 return (EROFS); 800 801 if (SMB_TREE_CASE_INSENSITIVE(sr)) 802 flags = SMB_IGNORE_CASE; 803 804 for (;;) { 805 rc = smb_vop_stream_readdir(fnode->vp, &cookie, &stream_info, 806 NULL, NULL, flags, cr); 807 808 if ((rc != 0) || (cookie == SMB_EOF)) 809 break; 810 811 (void) smb_vop_stream_remove(fnode->vp, stream_info.name, flags, 812 cr); 813 } 814 return (rc); 815 } 816 817 /* 818 * smb_fsop_rmdir 819 * 820 * All SMB functions should use this wrapper to ensure that 821 * the the calls are performed with the appropriate credentials. 822 * Please document any direct call to explain the reason 823 * for avoiding this wrapper. 824 * 825 * It is assumed that a reference exists on snode coming into this routine. 826 * 827 * od: This means that the name passed in is an on-disk name. 828 */ 829 830 int 831 smb_fsop_rmdir( 832 smb_request_t *sr, 833 cred_t *cr, 834 smb_node_t *dir_snode, 835 char *name, 836 int od) 837 { 838 int rc; 839 int flags = 0; 840 char *longname; 841 842 ASSERT(cr); 843 /* 844 * The state of the node could be SMB_NODE_STATE_DESTROYING if this 845 * function is called during the deletion of the node (because of 846 * DELETE_ON_CLOSE). 847 */ 848 ASSERT(dir_snode); 849 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 850 851 if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 852 return (EACCES); 853 854 if (SMB_TREE_IS_READ_ONLY(sr)) 855 return (EROFS); 856 857 /* 858 * If the passed-in name is an on-disk name, 859 * then we need to do a case-sensitive rmdir. 860 * This is important if the on-disk name 861 * corresponds to a mangled name passed in by 862 * the client. We want to make sure to remove 863 * the exact directory specified by the client, 864 * instead of letting the underlying file system 865 * do a rmdir on the "first match." 866 */ 867 868 if ((od == 0) && SMB_TREE_CASE_INSENSITIVE(sr)) 869 flags = SMB_IGNORE_CASE; 870 871 rc = smb_vop_rmdir(dir_snode->vp, name, flags, cr); 872 873 if (rc == ENOENT) { 874 if (smb_maybe_mangled_name(name) == 0) 875 return (rc); 876 877 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 878 879 rc = smb_unmangle_name(sr, cr, dir_snode, 880 name, longname, MAXNAMELEN, NULL, 881 NULL, 1); 882 883 if (rc == 0) { 884 /* 885 * We passed "1" as the "od" parameter 886 * to smb_unmangle_name(), such that longname 887 * is the real (case-sensitive) on-disk name. 888 * We make sure we do a rmdir on this exact 889 * name, as the name was mangled and denotes 890 * a unique directory. 891 */ 892 flags &= ~SMB_IGNORE_CASE; 893 rc = smb_vop_rmdir(dir_snode->vp, longname, flags, cr); 894 } 895 896 kmem_free(longname, MAXNAMELEN); 897 } 898 899 return (rc); 900 } 901 902 /* 903 * smb_fsop_getattr 904 * 905 * All SMB functions should use this wrapper to ensure that 906 * the the calls are performed with the appropriate credentials. 907 * Please document any direct call to explain the reason 908 * for avoiding this wrapper. 909 * 910 * It is assumed that a reference exists on snode coming into this routine. 911 */ 912 int 913 smb_fsop_getattr(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 914 smb_attr_t *attr) 915 { 916 smb_node_t *unnamed_node; 917 vnode_t *unnamed_vp = NULL; 918 uint32_t status; 919 uint32_t access = 0; 920 int flags = 0; 921 int rc; 922 923 ASSERT(cr); 924 ASSERT(snode); 925 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 926 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 927 928 if (SMB_TREE_ROOT_FS(sr, snode) == 0) 929 return (EACCES); 930 931 if (sr->fid_ofile) { 932 /* if uid and/or gid is requested */ 933 if (attr->sa_mask & (SMB_AT_UID|SMB_AT_GID)) 934 access |= READ_CONTROL; 935 936 /* if anything else is also requested */ 937 if (attr->sa_mask & ~(SMB_AT_UID|SMB_AT_GID)) 938 access |= FILE_READ_ATTRIBUTES; 939 940 status = smb_ofile_access(sr->fid_ofile, cr, access); 941 if (status != NT_STATUS_SUCCESS) 942 return (EACCES); 943 944 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) 945 flags = ATTR_NOACLCHECK; 946 } 947 948 unnamed_node = SMB_IS_STREAM(snode); 949 950 if (unnamed_node) { 951 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 952 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 953 unnamed_vp = unnamed_node->vp; 954 } 955 956 rc = smb_vop_getattr(snode->vp, unnamed_vp, attr, flags, cr); 957 if (rc == 0) 958 snode->attr = *attr; 959 960 return (rc); 961 } 962 963 /* 964 * smb_fsop_readdir 965 * 966 * All SMB functions should use this smb_fsop_readdir wrapper to ensure that 967 * the smb_vop_readdir is performed with the appropriate credentials. 968 * Please document any direct call to smb_vop_readdir to explain the reason 969 * for avoiding this wrapper. 970 * 971 * It is assumed that a reference exists on snode coming into this routine. 972 */ 973 int 974 smb_fsop_readdir( 975 smb_request_t *sr, 976 cred_t *cr, 977 smb_node_t *dir_snode, 978 uint32_t *cookie, 979 char *name, 980 int *namelen, 981 ino64_t *fileid, 982 struct fs_stream_info *stream_info, 983 smb_node_t **ret_snode, 984 smb_attr_t *ret_attr) 985 { 986 smb_node_t *ret_snodep; 987 smb_node_t *fnode; 988 smb_attr_t tmp_attr; 989 vnode_t *xattrdirvp; 990 vnode_t *fvp; 991 vnode_t *vp = NULL; 992 char *od_name; 993 int rc; 994 int flags = 0; 995 996 ASSERT(cr); 997 ASSERT(dir_snode); 998 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 999 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 1000 1001 if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 1002 return (EACCES); 1003 1004 if (*cookie == SMB_EOF) { 1005 *namelen = 0; 1006 return (0); 1007 } 1008 1009 if (SMB_TREE_CASE_INSENSITIVE(sr)) 1010 flags = SMB_IGNORE_CASE; 1011 1012 od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1013 1014 if (stream_info) { 1015 rc = smb_vop_lookup(dir_snode->vp, name, &fvp, od_name, 1016 SMB_FOLLOW_LINKS, sr->tid_tree->t_snode->vp, cr); 1017 1018 if (rc != 0) { 1019 kmem_free(od_name, MAXNAMELEN); 1020 return (rc); 1021 } 1022 1023 fnode = smb_node_lookup(sr, NULL, cr, fvp, od_name, dir_snode, 1024 NULL, ret_attr); 1025 1026 kmem_free(od_name, MAXNAMELEN); 1027 1028 if (fnode == NULL) { 1029 VN_RELE(fvp); 1030 return (ENOMEM); 1031 } 1032 1033 /* 1034 * XXX 1035 * Need to find out what permission(s) NTFS requires for getting 1036 * a file's streams list. 1037 * 1038 * Might have to use kcred. 1039 */ 1040 rc = smb_vop_stream_readdir(fvp, cookie, stream_info, &vp, 1041 &xattrdirvp, flags, cr); 1042 1043 if ((rc != 0) || (*cookie == SMB_EOF)) { 1044 smb_node_release(fnode); 1045 return (rc); 1046 } 1047 1048 ret_snodep = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, 1049 vp, stream_info->name, &tmp_attr); 1050 1051 smb_node_release(fnode); 1052 1053 if (ret_snodep == NULL) { 1054 VN_RELE(xattrdirvp); 1055 VN_RELE(vp); 1056 return (ENOMEM); 1057 } 1058 1059 stream_info->size = tmp_attr.sa_vattr.va_size; 1060 1061 if (ret_attr) 1062 *ret_attr = tmp_attr; 1063 1064 if (ret_snode) 1065 *ret_snode = ret_snodep; 1066 else 1067 smb_node_release(ret_snodep); 1068 1069 } else { 1070 rc = smb_vop_readdir(dir_snode->vp, cookie, name, namelen, 1071 fileid, &vp, od_name, flags, cr); 1072 1073 if (rc != 0) { 1074 kmem_free(od_name, MAXNAMELEN); 1075 return (rc); 1076 } 1077 1078 if (*namelen) { 1079 ASSERT(vp); 1080 if (ret_attr || ret_snode) { 1081 ret_snodep = smb_node_lookup(sr, NULL, cr, vp, 1082 od_name, dir_snode, NULL, &tmp_attr); 1083 1084 if (ret_snodep == NULL) { 1085 kmem_free(od_name, MAXNAMELEN); 1086 VN_RELE(vp); 1087 return (ENOMEM); 1088 } 1089 1090 if (ret_attr) 1091 *ret_attr = tmp_attr; 1092 1093 if (ret_snode) 1094 *ret_snode = ret_snodep; 1095 else 1096 smb_node_release(ret_snodep); 1097 } 1098 } 1099 1100 kmem_free(od_name, MAXNAMELEN); 1101 } 1102 1103 return (rc); 1104 } 1105 1106 /* 1107 * smb_fsop_getdents 1108 * 1109 * All SMB functions should use this smb_vop_getdents wrapper to ensure that 1110 * the smb_vop_getdents is performed with the appropriate credentials. 1111 * Please document any direct call to smb_vop_getdents to explain the reason 1112 * for avoiding this wrapper. 1113 * 1114 * It is assumed that a reference exists on snode coming into this routine. 1115 */ 1116 /*ARGSUSED*/ 1117 int 1118 smb_fsop_getdents( 1119 struct smb_request *sr, 1120 cred_t *cr, 1121 smb_node_t *dir_snode, 1122 uint32_t *cookie, 1123 uint64_t *verifierp, 1124 int32_t *maxcnt, 1125 char *args, 1126 char *pattern) 1127 { 1128 int flags = 0; 1129 1130 ASSERT(cr); 1131 ASSERT(dir_snode); 1132 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 1133 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 1134 1135 if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 1136 return (EACCES); 1137 1138 if (SMB_TREE_CASE_INSENSITIVE(sr)) 1139 flags = SMB_IGNORE_CASE; 1140 1141 return (smb_vop_getdents(dir_snode, cookie, 0, maxcnt, args, pattern, 1142 flags, sr, cr)); 1143 } 1144 1145 /* 1146 * smb_fsop_rename 1147 * 1148 * All SMB functions should use this smb_vop_rename wrapper to ensure that 1149 * the smb_vop_rename is performed with the appropriate credentials. 1150 * Please document any direct call to smb_vop_rename to explain the reason 1151 * for avoiding this wrapper. 1152 * 1153 * It is assumed that references exist on from_dir_snode and to_dir_snode coming 1154 * into this routine. 1155 */ 1156 int 1157 smb_fsop_rename( 1158 smb_request_t *sr, 1159 cred_t *cr, 1160 smb_node_t *from_dir_snode, 1161 char *from_name, 1162 smb_node_t *to_dir_snode, 1163 char *to_name) 1164 { 1165 smb_node_t *from_snode; 1166 smb_attr_t tmp_attr; 1167 vnode_t *from_vp; 1168 int flags = 0; 1169 int rc; 1170 1171 ASSERT(cr); 1172 ASSERT(from_dir_snode); 1173 ASSERT(from_dir_snode->n_magic == SMB_NODE_MAGIC); 1174 ASSERT(from_dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 1175 1176 ASSERT(to_dir_snode); 1177 ASSERT(to_dir_snode->n_magic == SMB_NODE_MAGIC); 1178 ASSERT(to_dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 1179 1180 if (SMB_TREE_ROOT_FS(sr, from_dir_snode) == 0) 1181 return (EACCES); 1182 1183 if (SMB_TREE_ROOT_FS(sr, to_dir_snode) == 0) 1184 return (EACCES); 1185 1186 ASSERT(sr); 1187 ASSERT(sr->tid_tree); 1188 if (SMB_TREE_IS_READ_ONLY(sr)) 1189 return (EROFS); 1190 1191 /* 1192 * Note: There is no need to check SMB_TREE_CASE_INSENSITIVE(sr) 1193 * here. 1194 * 1195 * A case-sensitive rename is always done in this routine 1196 * because we are using the on-disk name from an earlier lookup. 1197 * If a mangled name was passed in by the caller (denoting a 1198 * deterministic lookup), then the exact file must be renamed 1199 * (i.e. SMB_IGNORE_CASE must not be passed to VOP_RENAME, or 1200 * else the underlying file system might return a "first-match" 1201 * on this on-disk name, possibly resulting in the wrong file). 1202 */ 1203 1204 /* 1205 * XXX: Lock required through smb_node_release() below? 1206 */ 1207 1208 rc = smb_vop_lookup(from_dir_snode->vp, from_name, &from_vp, NULL, 0, 1209 NULL, cr); 1210 1211 if (rc != 0) 1212 return (rc); 1213 1214 rc = smb_vop_rename(from_dir_snode->vp, from_name, to_dir_snode->vp, 1215 to_name, flags, cr); 1216 1217 if (rc == 0) { 1218 from_snode = smb_node_lookup(sr, NULL, cr, from_vp, from_name, 1219 from_dir_snode, NULL, &tmp_attr); 1220 1221 if (from_snode == NULL) { 1222 VN_RELE(from_vp); 1223 return (ENOMEM); 1224 } 1225 1226 (void) smb_node_rename(from_dir_snode, from_snode, to_dir_snode, 1227 to_name); 1228 1229 smb_node_release(from_snode); 1230 } else { 1231 VN_RELE(from_vp); 1232 } 1233 1234 /* XXX: unlock */ 1235 1236 return (rc); 1237 } 1238 1239 /* 1240 * smb_fsop_setattr 1241 * 1242 * All SMB functions should use this wrapper to ensure that 1243 * the the calls are performed with the appropriate credentials. 1244 * Please document any direct call to explain the reason 1245 * for avoiding this wrapper. 1246 * 1247 * It is assumed that a reference exists on snode coming into this routine. 1248 * A null smb_request might be passed to this function. 1249 */ 1250 int 1251 smb_fsop_setattr( 1252 smb_request_t *sr, 1253 cred_t *cr, 1254 smb_node_t *snode, 1255 smb_attr_t *set_attr, 1256 smb_attr_t *ret_attr) 1257 { 1258 smb_node_t *unnamed_node; 1259 vnode_t *unnamed_vp = NULL; 1260 uint32_t status; 1261 uint32_t access = 0; 1262 int rc = 0; 1263 int flags = 0; 1264 boolean_t no_xvattr = B_FALSE; 1265 1266 ASSERT(cr); 1267 ASSERT(snode); 1268 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1269 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1270 1271 if (SMB_TREE_ROOT_FS(sr, snode) == 0) 1272 return (EACCES); 1273 1274 if (SMB_TREE_IS_READ_ONLY(sr)) 1275 return (EROFS); 1276 1277 /* sr could be NULL in some cases */ 1278 if (sr && sr->fid_ofile) { 1279 /* if uid and/or gid is requested */ 1280 if (set_attr->sa_mask & (SMB_AT_UID|SMB_AT_GID)) 1281 access |= WRITE_OWNER; 1282 1283 /* if anything else is also requested */ 1284 if (set_attr->sa_mask & ~(SMB_AT_UID|SMB_AT_GID)) 1285 access |= FILE_WRITE_ATTRIBUTES; 1286 1287 status = smb_ofile_access(sr->fid_ofile, cr, access); 1288 if (status != NT_STATUS_SUCCESS) 1289 return (EACCES); 1290 1291 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) 1292 flags = ATTR_NOACLCHECK; 1293 } 1294 1295 unnamed_node = SMB_IS_STREAM(snode); 1296 1297 if (unnamed_node) { 1298 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1299 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1300 unnamed_vp = unnamed_node->vp; 1301 } 1302 if (sr && sr->tid_tree) 1303 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_UFS) 1304 no_xvattr = B_TRUE; 1305 1306 rc = smb_vop_setattr(snode->vp, unnamed_vp, set_attr, flags, cr, 1307 no_xvattr); 1308 1309 if ((rc == 0) && ret_attr) { 1310 /* 1311 * Use kcred to update the node attr because this 1312 * call is not being made on behalf of the user. 1313 */ 1314 ret_attr->sa_mask = SMB_AT_ALL; 1315 rc = smb_vop_getattr(snode->vp, unnamed_vp, ret_attr, 0, kcred); 1316 if (rc == 0) 1317 snode->attr = *ret_attr; 1318 } 1319 1320 return (rc); 1321 } 1322 1323 /* 1324 * smb_fsop_read 1325 * 1326 * All SMB functions should use this wrapper to ensure that 1327 * the the calls are performed with the appropriate credentials. 1328 * Please document any direct call to explain the reason 1329 * for avoiding this wrapper. 1330 * 1331 * It is assumed that a reference exists on snode coming into this routine. 1332 */ 1333 int 1334 smb_fsop_read( 1335 struct smb_request *sr, 1336 cred_t *cr, 1337 smb_node_t *snode, 1338 uio_t *uio, 1339 smb_attr_t *ret_attr) 1340 { 1341 smb_node_t *unnamed_node; 1342 vnode_t *unnamed_vp = NULL; 1343 int svmand; 1344 int rc; 1345 1346 ASSERT(cr); 1347 ASSERT(snode); 1348 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1349 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1350 1351 ASSERT(sr); 1352 ASSERT(sr->fid_ofile); 1353 1354 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_READ_DATA); 1355 if (rc != NT_STATUS_SUCCESS) { 1356 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_EXECUTE); 1357 if (rc != NT_STATUS_SUCCESS) 1358 return (EACCES); 1359 } 1360 1361 unnamed_node = SMB_IS_STREAM(snode); 1362 if (unnamed_node) { 1363 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1364 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1365 unnamed_vp = unnamed_node->vp; 1366 /* 1367 * Streams permission are checked against the unnamed stream, 1368 * but in FS level they have their own permissions. To avoid 1369 * rejection by FS due to lack of permission on the actual 1370 * extended attr kcred is passed for streams. 1371 */ 1372 cr = kcred; 1373 } 1374 1375 smb_node_start_crit(snode, RW_READER); 1376 rc = nbl_svmand(snode->vp, cr, &svmand); 1377 if (rc) { 1378 smb_node_end_crit(snode); 1379 return (rc); 1380 } 1381 1382 rc = nbl_lock_conflict(snode->vp, NBL_READ, uio->uio_loffset, 1383 uio->uio_iov->iov_len, svmand, &smb_ct); 1384 1385 if (rc) { 1386 smb_node_end_crit(snode); 1387 return (ERANGE); 1388 } 1389 rc = smb_vop_read(snode->vp, uio, cr); 1390 1391 if (rc == 0 && ret_attr) { 1392 /* 1393 * Use kcred to update the node attr because this 1394 * call is not being made on behalf of the user. 1395 */ 1396 ret_attr->sa_mask = SMB_AT_ALL; 1397 if (smb_vop_getattr(snode->vp, unnamed_vp, ret_attr, 0, 1398 kcred) == 0) { 1399 snode->attr = *ret_attr; 1400 } 1401 } 1402 1403 smb_node_end_crit(snode); 1404 1405 return (rc); 1406 } 1407 1408 /* 1409 * smb_fsop_write 1410 * 1411 * This is a wrapper function used for smb_write and smb_write_raw operations. 1412 * 1413 * It is assumed that a reference exists on snode coming into this routine. 1414 */ 1415 int 1416 smb_fsop_write( 1417 smb_request_t *sr, 1418 cred_t *cr, 1419 smb_node_t *snode, 1420 uio_t *uio, 1421 uint32_t *lcount, 1422 smb_attr_t *ret_attr, 1423 int ioflag) 1424 { 1425 smb_node_t *unnamed_node; 1426 vnode_t *unnamed_vp = NULL; 1427 int svmand; 1428 int rc; 1429 1430 ASSERT(cr); 1431 ASSERT(snode); 1432 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1433 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1434 1435 ASSERT(sr); 1436 ASSERT(sr->tid_tree); 1437 ASSERT(sr->fid_ofile); 1438 1439 if (SMB_TREE_IS_READ_ONLY(sr)) 1440 return (EROFS); 1441 1442 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_WRITE_DATA); 1443 if (rc != NT_STATUS_SUCCESS) { 1444 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_APPEND_DATA); 1445 if (rc != NT_STATUS_SUCCESS) 1446 return (EACCES); 1447 } 1448 1449 unnamed_node = SMB_IS_STREAM(snode); 1450 1451 if (unnamed_node) { 1452 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1453 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1454 unnamed_vp = unnamed_node->vp; 1455 /* 1456 * Streams permission are checked against the unnamed stream, 1457 * but in FS level they have their own permissions. To avoid 1458 * rejection by FS due to lack of permission on the actual 1459 * extended attr kcred is passed for streams. 1460 */ 1461 cr = kcred; 1462 } 1463 1464 smb_node_start_crit(snode, RW_READER); 1465 rc = nbl_svmand(snode->vp, cr, &svmand); 1466 if (rc) { 1467 smb_node_end_crit(snode); 1468 return (rc); 1469 } 1470 rc = nbl_lock_conflict(snode->vp, NBL_WRITE, uio->uio_loffset, 1471 uio->uio_iov->iov_len, svmand, &smb_ct); 1472 1473 if (rc) { 1474 smb_node_end_crit(snode); 1475 return (ERANGE); 1476 } 1477 rc = smb_vop_write(snode->vp, uio, ioflag, lcount, cr); 1478 1479 if (rc == 0 && ret_attr) { 1480 /* 1481 * Use kcred to update the node attr because this 1482 * call is not being made on behalf of the user. 1483 */ 1484 ret_attr->sa_mask = SMB_AT_ALL; 1485 if (smb_vop_getattr(snode->vp, unnamed_vp, ret_attr, 0, 1486 kcred) == 0) { 1487 snode->attr = *ret_attr; 1488 } 1489 } 1490 1491 smb_node_end_crit(snode); 1492 1493 return (rc); 1494 } 1495 1496 /* 1497 * smb_fsop_statfs 1498 * 1499 * This is a wrapper function used for stat operations. 1500 */ 1501 int 1502 smb_fsop_statfs( 1503 cred_t *cr, 1504 smb_node_t *snode, 1505 struct statvfs64 *statp) 1506 { 1507 ASSERT(cr); 1508 ASSERT(snode); 1509 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1510 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1511 1512 return (smb_vop_statfs(snode->vp, statp, cr)); 1513 } 1514 1515 /* 1516 * smb_fsop_access 1517 * 1518 * Named streams do not have separate permissions from the associated 1519 * unnamed stream. Thus, if node is a named stream, the permissions 1520 * check will be performed on the associated unnamed stream. 1521 * 1522 * However, our named streams do have their own quarantine attribute, 1523 * separate from that on the unnamed stream. If READ or EXECUTE 1524 * access has been requested on a named stream, an additional access 1525 * check is performed on the named stream in case it has been 1526 * quarantined. kcred is used to avoid issues with the permissions 1527 * set on the extended attribute file representing the named stream. 1528 */ 1529 int 1530 smb_fsop_access(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 1531 uint32_t faccess) 1532 { 1533 int access = 0; 1534 int error; 1535 vnode_t *dir_vp; 1536 boolean_t acl_check = B_TRUE; 1537 smb_node_t *unnamed_node; 1538 1539 ASSERT(cr); 1540 ASSERT(snode); 1541 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1542 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1543 1544 if (faccess == 0) 1545 return (NT_STATUS_SUCCESS); 1546 1547 if (SMB_TREE_IS_READ_ONLY(sr)) { 1548 if (faccess & (FILE_WRITE_DATA|FILE_APPEND_DATA| 1549 FILE_WRITE_EA|FILE_DELETE_CHILD|FILE_WRITE_ATTRIBUTES| 1550 DELETE|WRITE_DAC|WRITE_OWNER)) { 1551 return (NT_STATUS_ACCESS_DENIED); 1552 } 1553 } 1554 1555 unnamed_node = SMB_IS_STREAM(snode); 1556 if (unnamed_node) { 1557 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1558 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1559 1560 /* 1561 * Perform VREAD access check on the named stream in case it 1562 * is quarantined. kcred is passed to smb_vop_access so it 1563 * doesn't fail due to lack of permission. 1564 */ 1565 if (faccess & (FILE_READ_DATA | FILE_EXECUTE)) { 1566 error = smb_vop_access(snode->vp, VREAD, 1567 0, NULL, kcred); 1568 if (error) 1569 return (NT_STATUS_ACCESS_DENIED); 1570 } 1571 1572 /* 1573 * Streams authorization should be performed against the 1574 * unnamed stream. 1575 */ 1576 snode = unnamed_node; 1577 } 1578 1579 if (faccess & ACCESS_SYSTEM_SECURITY) { 1580 /* 1581 * This permission is required for reading/writing SACL and 1582 * it's not part of DACL. It's only granted via proper 1583 * privileges. 1584 */ 1585 if ((sr->uid_user->u_privileges & 1586 (SMB_USER_PRIV_BACKUP | 1587 SMB_USER_PRIV_RESTORE | 1588 SMB_USER_PRIV_SECURITY)) == 0) 1589 return (NT_STATUS_PRIVILEGE_NOT_HELD); 1590 1591 faccess &= ~ACCESS_SYSTEM_SECURITY; 1592 } 1593 1594 /* Links don't have ACL */ 1595 if (((sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) == 0) || 1596 (snode->attr.sa_vattr.va_type == VLNK)) 1597 acl_check = B_FALSE; 1598 1599 if (acl_check) { 1600 dir_vp = (snode->dir_snode) ? snode->dir_snode->vp : NULL; 1601 error = smb_vop_access(snode->vp, faccess, V_ACE_MASK, dir_vp, 1602 cr); 1603 } else { 1604 /* 1605 * FS doesn't understand 32-bit mask, need to map 1606 */ 1607 if (faccess & (FILE_WRITE_DATA | FILE_APPEND_DATA)) 1608 access |= VWRITE; 1609 1610 if (faccess & FILE_READ_DATA) 1611 access |= VREAD; 1612 1613 if (faccess & FILE_EXECUTE) 1614 access |= VEXEC; 1615 1616 error = smb_vop_access(snode->vp, access, 0, NULL, cr); 1617 } 1618 1619 return ((error) ? NT_STATUS_ACCESS_DENIED : NT_STATUS_SUCCESS); 1620 } 1621 1622 /* 1623 * smb_fsop_lookup_name() 1624 * 1625 * Sanity checks on dir_snode done in smb_fsop_lookup(). 1626 * 1627 * Note: This function is called only from the open path. 1628 * It will check if the file is a stream. 1629 * It will also return an error if the looked-up file is in 1630 * a child mount. 1631 */ 1632 1633 int 1634 smb_fsop_lookup_name( 1635 smb_request_t *sr, 1636 cred_t *cr, 1637 int flags, 1638 smb_node_t *root_node, 1639 smb_node_t *dir_snode, 1640 char *name, 1641 smb_node_t **ret_snode, 1642 smb_attr_t *ret_attr) 1643 { 1644 smb_node_t *fnode; 1645 smb_attr_t file_attr; 1646 vnode_t *xattrdirvp; 1647 vnode_t *vp; 1648 char *od_name; 1649 char *fname; 1650 char *sname; 1651 int rc; 1652 1653 ASSERT(cr); 1654 ASSERT(dir_snode); 1655 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 1656 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 1657 1658 /* 1659 * The following check is required for streams processing, below 1660 */ 1661 1662 if (SMB_TREE_CASE_INSENSITIVE(sr)) 1663 flags |= SMB_IGNORE_CASE; 1664 1665 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1666 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1667 1668 if (smb_stream_parse_name(name, fname, sname)) { 1669 /* 1670 * Look up the unnamed stream (i.e. fname). 1671 * Unmangle processing will be done on fname 1672 * as well as any link target. 1673 */ 1674 rc = smb_fsop_lookup(sr, cr, flags, root_node, dir_snode, fname, 1675 &fnode, &file_attr, NULL, NULL); 1676 1677 if (rc != 0) { 1678 kmem_free(fname, MAXNAMELEN); 1679 kmem_free(sname, MAXNAMELEN); 1680 return (rc); 1681 } 1682 1683 od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1684 1685 /* 1686 * od_name is the on-disk name of the stream, except 1687 * without the prepended stream prefix (SMB_STREAM_PREFIX) 1688 */ 1689 1690 /* 1691 * XXX 1692 * What permissions NTFS requires for stream lookup if any? 1693 */ 1694 rc = smb_vop_stream_lookup(fnode->vp, sname, &vp, od_name, 1695 &xattrdirvp, flags, root_node->vp, cr); 1696 1697 if (rc != 0) { 1698 smb_node_release(fnode); 1699 kmem_free(fname, MAXNAMELEN); 1700 kmem_free(sname, MAXNAMELEN); 1701 kmem_free(od_name, MAXNAMELEN); 1702 return (rc); 1703 } 1704 1705 *ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, 1706 vp, od_name, ret_attr); 1707 1708 kmem_free(od_name, MAXNAMELEN); 1709 smb_node_release(fnode); 1710 1711 if (*ret_snode == NULL) { 1712 VN_RELE(xattrdirvp); 1713 VN_RELE(vp); 1714 kmem_free(fname, MAXNAMELEN); 1715 kmem_free(sname, MAXNAMELEN); 1716 return (ENOMEM); 1717 } 1718 } else { 1719 rc = smb_fsop_lookup(sr, cr, flags, root_node, dir_snode, name, 1720 ret_snode, ret_attr, NULL, NULL); 1721 } 1722 1723 if (rc == 0) { 1724 ASSERT(ret_snode); 1725 if (SMB_TREE_ROOT_FS(sr, *ret_snode) == 0) { 1726 smb_node_release(*ret_snode); 1727 *ret_snode = NULL; 1728 rc = EACCES; 1729 } 1730 } 1731 1732 kmem_free(fname, MAXNAMELEN); 1733 kmem_free(sname, MAXNAMELEN); 1734 1735 return (rc); 1736 } 1737 1738 /* 1739 * smb_fsop_lookup 1740 * 1741 * All SMB functions should use this smb_vop_lookup wrapper to ensure that 1742 * the smb_vop_lookup is performed with the appropriate credentials and using 1743 * case insensitive compares. Please document any direct call to smb_vop_lookup 1744 * to explain the reason for avoiding this wrapper. 1745 * 1746 * It is assumed that a reference exists on dir_snode coming into this routine 1747 * (and that it is safe from deallocation). 1748 * 1749 * Same with the root_node. 1750 * 1751 * *ret_snode is returned with a reference upon success. No reference is 1752 * taken if an error is returned. 1753 * 1754 * Note: The returned ret_snode may be in a child mount. This is ok for 1755 * readdir and getdents. 1756 * 1757 * Other smb_fsop_* routines will call SMB_TREE_ROOT_FS() to prevent 1758 * operations on files not in the parent mount. 1759 */ 1760 int 1761 smb_fsop_lookup( 1762 smb_request_t *sr, 1763 cred_t *cr, 1764 int flags, 1765 smb_node_t *root_node, 1766 smb_node_t *dir_snode, 1767 char *name, 1768 smb_node_t **ret_snode, 1769 smb_attr_t *ret_attr, 1770 char *ret_shortname, /* Must be at least MANGLE_NAMELEN chars */ 1771 char *ret_name83) /* Must be at least MANGLE_NAMELEN chars */ 1772 { 1773 smb_node_t *lnk_target_node; 1774 smb_node_t *lnk_dnode; 1775 char *longname; 1776 char *od_name; 1777 vnode_t *vp; 1778 int rc; 1779 1780 ASSERT(cr); 1781 ASSERT(dir_snode); 1782 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 1783 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 1784 1785 if (name == NULL) 1786 return (EINVAL); 1787 1788 if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 1789 return (EACCES); 1790 1791 if (SMB_TREE_CASE_INSENSITIVE(sr)) 1792 flags |= SMB_IGNORE_CASE; 1793 1794 od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1795 1796 rc = smb_vop_lookup(dir_snode->vp, name, &vp, od_name, flags, 1797 root_node ? root_node->vp : NULL, cr); 1798 1799 if (rc != 0) { 1800 if (smb_maybe_mangled_name(name) == 0) { 1801 kmem_free(od_name, MAXNAMELEN); 1802 return (rc); 1803 } 1804 1805 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1806 1807 rc = smb_unmangle_name(sr, cr, dir_snode, name, longname, 1808 MAXNAMELEN, ret_shortname, ret_name83, 1); 1809 1810 if (rc != 0) { 1811 kmem_free(od_name, MAXNAMELEN); 1812 kmem_free(longname, MAXNAMELEN); 1813 return (rc); 1814 } 1815 1816 /* 1817 * We passed "1" as the "od" parameter 1818 * to smb_unmangle_name(), such that longname 1819 * is the real (case-sensitive) on-disk name. 1820 * We make sure we do a lookup on this exact 1821 * name, as the name was mangled and denotes 1822 * a unique file. 1823 */ 1824 1825 if (flags & SMB_IGNORE_CASE) 1826 flags &= ~SMB_IGNORE_CASE; 1827 1828 rc = smb_vop_lookup(dir_snode->vp, longname, &vp, od_name, 1829 flags, root_node ? root_node->vp : NULL, cr); 1830 1831 kmem_free(longname, MAXNAMELEN); 1832 1833 if (rc != 0) { 1834 kmem_free(od_name, MAXNAMELEN); 1835 return (rc); 1836 } 1837 } 1838 1839 if ((flags & SMB_FOLLOW_LINKS) && (vp->v_type == VLNK)) { 1840 1841 rc = smb_pathname(sr, od_name, FOLLOW, root_node, dir_snode, 1842 &lnk_dnode, &lnk_target_node, cr); 1843 1844 if (rc != 0) { 1845 /* 1846 * The link is assumed to be for the last component 1847 * of a path. Hence any ENOTDIR error will be returned 1848 * as ENOENT. 1849 */ 1850 if (rc == ENOTDIR) 1851 rc = ENOENT; 1852 1853 VN_RELE(vp); 1854 kmem_free(od_name, MAXNAMELEN); 1855 return (rc); 1856 } 1857 1858 /* 1859 * Release the original VLNK vnode 1860 */ 1861 1862 VN_RELE(vp); 1863 vp = lnk_target_node->vp; 1864 1865 rc = smb_vop_traverse_check(&vp); 1866 1867 if (rc != 0) { 1868 smb_node_release(lnk_dnode); 1869 smb_node_release(lnk_target_node); 1870 kmem_free(od_name, MAXNAMELEN); 1871 return (rc); 1872 } 1873 1874 /* 1875 * smb_vop_traverse_check() may have returned a different vnode 1876 */ 1877 1878 if (lnk_target_node->vp == vp) { 1879 *ret_snode = lnk_target_node; 1880 *ret_attr = (*ret_snode)->attr; 1881 } else { 1882 *ret_snode = smb_node_lookup(sr, NULL, cr, vp, 1883 lnk_target_node->od_name, lnk_dnode, NULL, 1884 ret_attr); 1885 1886 if (*ret_snode == NULL) { 1887 VN_RELE(vp); 1888 rc = ENOMEM; 1889 } 1890 smb_node_release(lnk_target_node); 1891 } 1892 1893 smb_node_release(lnk_dnode); 1894 1895 } else { 1896 1897 rc = smb_vop_traverse_check(&vp); 1898 if (rc) { 1899 VN_RELE(vp); 1900 kmem_free(od_name, MAXNAMELEN); 1901 return (rc); 1902 } 1903 1904 *ret_snode = smb_node_lookup(sr, NULL, cr, vp, od_name, 1905 dir_snode, NULL, ret_attr); 1906 1907 if (*ret_snode == NULL) { 1908 VN_RELE(vp); 1909 rc = ENOMEM; 1910 } 1911 } 1912 1913 kmem_free(od_name, MAXNAMELEN); 1914 return (rc); 1915 } 1916 1917 /* 1918 * smb_fsop_stream_readdir() 1919 * 1920 * ret_snode and ret_attr are optional parameters (i.e. NULL may be passed in) 1921 * 1922 * This routine will return only NTFS streams. If an NTFS stream is not 1923 * found at the offset specified, the directory will be read until an NTFS 1924 * stream is found or until EOF. 1925 * 1926 * Note: Sanity checks done in caller 1927 * (smb_fsop_readdir(), smb_fsop_remove_streams()) 1928 */ 1929 1930 int 1931 smb_fsop_stream_readdir(smb_request_t *sr, cred_t *cr, smb_node_t *fnode, 1932 uint32_t *cookiep, struct fs_stream_info *stream_info, 1933 smb_node_t **ret_snode, smb_attr_t *ret_attr) 1934 { 1935 smb_node_t *ret_snodep = NULL; 1936 smb_attr_t tmp_attr; 1937 vnode_t *xattrdirvp; 1938 vnode_t *vp; 1939 int rc = 0; 1940 int flags = 0; 1941 1942 /* 1943 * XXX NTFS permission requirements if any? 1944 */ 1945 ASSERT(cr); 1946 ASSERT(fnode); 1947 ASSERT(fnode->n_magic == SMB_NODE_MAGIC); 1948 ASSERT(fnode->n_state != SMB_NODE_STATE_DESTROYING); 1949 1950 if (SMB_TREE_CASE_INSENSITIVE(sr)) 1951 flags = SMB_IGNORE_CASE; 1952 1953 rc = smb_vop_stream_readdir(fnode->vp, cookiep, stream_info, &vp, 1954 &xattrdirvp, flags, cr); 1955 1956 if ((rc != 0) || *cookiep == SMB_EOF) 1957 return (rc); 1958 1959 ret_snodep = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, vp, 1960 stream_info->name, &tmp_attr); 1961 1962 if (ret_snodep == NULL) { 1963 VN_RELE(xattrdirvp); 1964 VN_RELE(vp); 1965 return (ENOMEM); 1966 } 1967 1968 stream_info->size = tmp_attr.sa_vattr.va_size; 1969 1970 if (ret_attr) 1971 *ret_attr = tmp_attr; 1972 1973 if (ret_snode) 1974 *ret_snode = ret_snodep; 1975 else 1976 smb_node_release(ret_snodep); 1977 1978 return (rc); 1979 } 1980 1981 int /*ARGSUSED*/ 1982 smb_fsop_commit(smb_request_t *sr, cred_t *cr, smb_node_t *snode) 1983 { 1984 ASSERT(cr); 1985 ASSERT(snode); 1986 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1987 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1988 1989 ASSERT(sr); 1990 ASSERT(sr->tid_tree); 1991 if (SMB_TREE_IS_READ_ONLY(sr)) 1992 return (EROFS); 1993 1994 return (smb_vop_commit(snode->vp, cr)); 1995 } 1996 1997 /* 1998 * smb_fsop_aclread 1999 * 2000 * Retrieve filesystem ACL. Depends on requested ACLs in 2001 * fs_sd->sd_secinfo, it'll set DACL and SACL pointers in 2002 * fs_sd. Note that requesting a DACL/SACL doesn't mean that 2003 * the corresponding field in fs_sd should be non-NULL upon 2004 * return, since the target ACL might not contain that type of 2005 * entries. 2006 * 2007 * Returned ACL is always in ACE_T (aka ZFS) format. 2008 * If successful the allocated memory for the ACL should be freed 2009 * using smb_fsacl_free() or smb_fssd_term() 2010 */ 2011 int 2012 smb_fsop_aclread(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2013 smb_fssd_t *fs_sd) 2014 { 2015 int error = 0; 2016 int flags = 0; 2017 int access = 0; 2018 acl_t *acl; 2019 smb_node_t *unnamed_node; 2020 2021 ASSERT(cr); 2022 2023 if (sr->fid_ofile) { 2024 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 2025 access = READ_CONTROL; 2026 2027 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 2028 access |= ACCESS_SYSTEM_SECURITY; 2029 2030 error = smb_ofile_access(sr->fid_ofile, cr, access); 2031 if (error != NT_STATUS_SUCCESS) { 2032 return (EACCES); 2033 } 2034 } 2035 2036 unnamed_node = SMB_IS_STREAM(snode); 2037 if (unnamed_node) { 2038 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 2039 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 2040 /* 2041 * Streams don't have ACL, any read ACL attempt on a stream 2042 * should be performed on the unnamed stream. 2043 */ 2044 snode = unnamed_node; 2045 } 2046 2047 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) 2048 flags = ATTR_NOACLCHECK; 2049 2050 error = smb_vop_acl_read(snode->vp, &acl, flags, 2051 sr->tid_tree->t_acltype, cr); 2052 if (error != 0) { 2053 return (error); 2054 } 2055 2056 error = acl_translate(acl, _ACL_ACE_ENABLED, 2057 (snode->vp->v_type == VDIR), fs_sd->sd_uid, fs_sd->sd_gid); 2058 2059 if (error == 0) { 2060 smb_fsacl_split(acl, &fs_sd->sd_zdacl, &fs_sd->sd_zsacl, 2061 fs_sd->sd_secinfo); 2062 } 2063 2064 acl_free(acl); 2065 return (error); 2066 } 2067 2068 /* 2069 * smb_fsop_aclwrite 2070 * 2071 * Stores the filesystem ACL provided in fs_sd->sd_acl. 2072 */ 2073 int 2074 smb_fsop_aclwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2075 smb_fssd_t *fs_sd) 2076 { 2077 int target_flavor; 2078 int error = 0; 2079 int flags = 0; 2080 int access = 0; 2081 acl_t *acl, *dacl, *sacl; 2082 smb_node_t *unnamed_node; 2083 2084 ASSERT(cr); 2085 2086 ASSERT(sr); 2087 ASSERT(sr->tid_tree); 2088 if (SMB_TREE_IS_READ_ONLY(sr)) 2089 return (EROFS); 2090 2091 if (sr->fid_ofile) { 2092 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 2093 access = WRITE_DAC; 2094 2095 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 2096 access |= ACCESS_SYSTEM_SECURITY; 2097 2098 error = smb_ofile_access(sr->fid_ofile, cr, access); 2099 if (error != NT_STATUS_SUCCESS) 2100 return (EACCES); 2101 } 2102 2103 switch (sr->tid_tree->t_acltype) { 2104 case ACLENT_T: 2105 target_flavor = _ACL_ACLENT_ENABLED; 2106 break; 2107 2108 case ACE_T: 2109 target_flavor = _ACL_ACE_ENABLED; 2110 break; 2111 default: 2112 return (EINVAL); 2113 } 2114 2115 unnamed_node = SMB_IS_STREAM(snode); 2116 if (unnamed_node) { 2117 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 2118 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 2119 /* 2120 * Streams don't have ACL, any write ACL attempt on a stream 2121 * should be performed on the unnamed stream. 2122 */ 2123 snode = unnamed_node; 2124 } 2125 2126 dacl = fs_sd->sd_zdacl; 2127 sacl = fs_sd->sd_zsacl; 2128 2129 ASSERT(dacl || sacl); 2130 if ((dacl == NULL) && (sacl == NULL)) 2131 return (EINVAL); 2132 2133 if (dacl && sacl) 2134 acl = smb_fsacl_merge(dacl, sacl); 2135 else if (dacl) 2136 acl = dacl; 2137 else 2138 acl = sacl; 2139 2140 error = acl_translate(acl, target_flavor, (snode->vp->v_type == VDIR), 2141 fs_sd->sd_uid, fs_sd->sd_gid); 2142 if (error == 0) { 2143 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) 2144 flags = ATTR_NOACLCHECK; 2145 2146 error = smb_vop_acl_write(snode->vp, acl, flags, cr); 2147 } 2148 2149 if (dacl && sacl) 2150 acl_free(acl); 2151 2152 return (error); 2153 } 2154 2155 acl_type_t 2156 smb_fsop_acltype(smb_node_t *snode) 2157 { 2158 return (smb_vop_acl_type(snode->vp)); 2159 } 2160 2161 /* 2162 * smb_fsop_sdread 2163 * 2164 * Read the requested security descriptor items from filesystem. 2165 * The items are specified in fs_sd->sd_secinfo. 2166 */ 2167 int 2168 smb_fsop_sdread(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2169 smb_fssd_t *fs_sd) 2170 { 2171 int error = 0; 2172 int getowner = 0; 2173 cred_t *ga_cred; 2174 smb_attr_t attr; 2175 2176 ASSERT(cr); 2177 ASSERT(fs_sd); 2178 2179 /* 2180 * File's uid/gid is fetched in two cases: 2181 * 2182 * 1. it's explicitly requested 2183 * 2184 * 2. target ACL is ACE_T (ZFS ACL). They're needed for 2185 * owner@/group@ entries. In this case kcred should be used 2186 * because uid/gid are fetched on behalf of smb server. 2187 */ 2188 if (fs_sd->sd_secinfo & (SMB_OWNER_SECINFO | SMB_GROUP_SECINFO)) { 2189 getowner = 1; 2190 ga_cred = cr; 2191 } else if (sr->tid_tree->t_acltype == ACE_T) { 2192 getowner = 1; 2193 ga_cred = kcred; 2194 } 2195 2196 if (getowner) { 2197 /* 2198 * Windows require READ_CONTROL to read owner/group SID since 2199 * they're part of Security Descriptor. 2200 * ZFS only requires read_attribute. Need to have a explicit 2201 * access check here. 2202 */ 2203 if (sr->fid_ofile == NULL) { 2204 error = smb_fsop_access(sr, ga_cred, snode, 2205 READ_CONTROL); 2206 if (error) 2207 return (error); 2208 } 2209 2210 attr.sa_mask = SMB_AT_UID | SMB_AT_GID; 2211 error = smb_fsop_getattr(sr, ga_cred, snode, &attr); 2212 if (error == 0) { 2213 fs_sd->sd_uid = attr.sa_vattr.va_uid; 2214 fs_sd->sd_gid = attr.sa_vattr.va_gid; 2215 } else { 2216 return (error); 2217 } 2218 } 2219 2220 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 2221 error = smb_fsop_aclread(sr, cr, snode, fs_sd); 2222 } 2223 2224 return (error); 2225 } 2226 2227 /* 2228 * smb_fsop_sdmerge 2229 * 2230 * From SMB point of view DACL and SACL are two separate list 2231 * which can be manipulated independently without one affecting 2232 * the other, but entries for both DACL and SACL will end up 2233 * in the same ACL if target filesystem supports ACE_T ACLs. 2234 * 2235 * So, if either DACL or SACL is present in the client set request 2236 * the entries corresponding to the non-present ACL shouldn't 2237 * be touched in the FS ACL. 2238 * 2239 * fs_sd parameter contains DACL and SACL specified by SMB 2240 * client to be set on a file/directory. The client could 2241 * specify both or one of these ACLs (if none is specified 2242 * we don't get this far). When both DACL and SACL are given 2243 * by client the existing ACL should be overwritten. If only 2244 * one of them is specified the entries corresponding to the other 2245 * ACL should not be touched. For example, if only DACL 2246 * is specified in input fs_sd, the function reads audit entries 2247 * of the existing ACL of the file and point fs_sd->sd_zsdacl 2248 * pointer to the fetched SACL, this way when smb_fsop_sdwrite() 2249 * function is called the passed fs_sd would point to the specified 2250 * DACL by client and fetched SACL from filesystem, so the file 2251 * will end up with correct ACL. 2252 */ 2253 static int 2254 smb_fsop_sdmerge(smb_request_t *sr, smb_node_t *snode, smb_fssd_t *fs_sd) 2255 { 2256 smb_fssd_t cur_sd; 2257 int error = 0; 2258 2259 if (sr->tid_tree->t_acltype != ACE_T) 2260 /* Don't bother if target FS doesn't support ACE_T */ 2261 return (0); 2262 2263 if ((fs_sd->sd_secinfo & SMB_ACL_SECINFO) != SMB_ACL_SECINFO) { 2264 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) { 2265 /* 2266 * Don't overwrite existing audit entries 2267 */ 2268 smb_fssd_init(&cur_sd, SMB_SACL_SECINFO, 2269 fs_sd->sd_flags); 2270 2271 error = smb_fsop_sdread(sr, kcred, snode, &cur_sd); 2272 if (error == 0) { 2273 ASSERT(fs_sd->sd_zsacl == NULL); 2274 fs_sd->sd_zsacl = cur_sd.sd_zsacl; 2275 if (fs_sd->sd_zsacl && fs_sd->sd_zdacl) 2276 fs_sd->sd_zsacl->acl_flags = 2277 fs_sd->sd_zdacl->acl_flags; 2278 } 2279 } else { 2280 /* 2281 * Don't overwrite existing access entries 2282 */ 2283 smb_fssd_init(&cur_sd, SMB_DACL_SECINFO, 2284 fs_sd->sd_flags); 2285 2286 error = smb_fsop_sdread(sr, kcred, snode, &cur_sd); 2287 if (error == 0) { 2288 ASSERT(fs_sd->sd_zdacl == NULL); 2289 fs_sd->sd_zdacl = cur_sd.sd_zdacl; 2290 if (fs_sd->sd_zdacl && fs_sd->sd_zsacl) 2291 fs_sd->sd_zdacl->acl_flags = 2292 fs_sd->sd_zsacl->acl_flags; 2293 } 2294 } 2295 2296 if (error) 2297 smb_fssd_term(&cur_sd); 2298 } 2299 2300 return (error); 2301 } 2302 2303 /* 2304 * smb_fsop_sdwrite 2305 * 2306 * Stores the given uid, gid and acl in filesystem. 2307 * Provided items in fs_sd are specified by fs_sd->sd_secinfo. 2308 * 2309 * A SMB security descriptor could contain owner, primary group, 2310 * DACL and SACL. Setting an SD should be atomic but here it has to 2311 * be done via two separate FS operations: VOP_SETATTR and 2312 * VOP_SETSECATTR. Therefore, this function has to simulate the 2313 * atomicity as well as it can. 2314 */ 2315 int 2316 smb_fsop_sdwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2317 smb_fssd_t *fs_sd, int overwrite) 2318 { 2319 int error = 0; 2320 int access = 0; 2321 smb_attr_t set_attr; 2322 smb_attr_t orig_attr; 2323 2324 ASSERT(cr); 2325 ASSERT(fs_sd); 2326 2327 ASSERT(sr); 2328 ASSERT(sr->tid_tree); 2329 if (SMB_TREE_IS_READ_ONLY(sr)) 2330 return (EROFS); 2331 2332 bzero(&set_attr, sizeof (smb_attr_t)); 2333 2334 if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) { 2335 set_attr.sa_vattr.va_uid = fs_sd->sd_uid; 2336 set_attr.sa_mask |= SMB_AT_UID; 2337 } 2338 2339 if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) { 2340 set_attr.sa_vattr.va_gid = fs_sd->sd_gid; 2341 set_attr.sa_mask |= SMB_AT_GID; 2342 } 2343 2344 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 2345 access |= WRITE_DAC; 2346 2347 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 2348 access |= ACCESS_SYSTEM_SECURITY; 2349 2350 if (sr->fid_ofile) 2351 error = smb_ofile_access(sr->fid_ofile, cr, access); 2352 else 2353 error = smb_fsop_access(sr, cr, snode, access); 2354 2355 if (error) 2356 return (EACCES); 2357 2358 if (set_attr.sa_mask) { 2359 /* 2360 * Get the current uid, gid so if smb_fsop_aclwrite fails 2361 * we can revert uid, gid changes. 2362 * 2363 * We use root cred here so the operation doesn't fail 2364 * due to lack of permission for the user to read the attrs 2365 */ 2366 2367 orig_attr.sa_mask = SMB_AT_UID | SMB_AT_GID; 2368 error = smb_fsop_getattr(sr, kcred, snode, &orig_attr); 2369 if (error == 0) 2370 error = smb_fsop_setattr(sr, cr, snode, &set_attr, 2371 NULL); 2372 2373 if (error) 2374 return (error); 2375 } 2376 2377 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 2378 if (overwrite == 0) { 2379 error = smb_fsop_sdmerge(sr, snode, fs_sd); 2380 if (error) 2381 return (error); 2382 } 2383 2384 error = smb_fsop_aclwrite(sr, cr, snode, fs_sd); 2385 if (error) { 2386 /* 2387 * Revert uid/gid changes if required. 2388 */ 2389 if (set_attr.sa_mask) { 2390 orig_attr.sa_mask = set_attr.sa_mask; 2391 (void) smb_fsop_setattr(sr, kcred, snode, 2392 &orig_attr, NULL); 2393 } 2394 } 2395 } 2396 2397 return (error); 2398 } 2399 2400 /* 2401 * smb_fsop_sdinherit 2402 * 2403 * Inherit the security descriptor from the parent container. 2404 * This function is called after FS has created the file/folder 2405 * so if this doesn't do anything it means FS inheritance is 2406 * in place. 2407 * 2408 * Do inheritance for ZFS internally. 2409 * 2410 * If we want to let ZFS does the inheritance the 2411 * following setting should be true: 2412 * 2413 * - aclinherit = passthrough 2414 * - aclmode = passthrough 2415 * - smbd umask = 0777 2416 * 2417 * This will result in right effective permissions but 2418 * ZFS will always add 6 ACEs for owner, owning group 2419 * and others to be POSIX compliant. This is not what 2420 * Windows clients/users expect, so we decided that CIFS 2421 * implements Windows rules and overwrite whatever ZFS 2422 * comes up with. This way we also don't have to care 2423 * about ZFS aclinherit and aclmode settings. 2424 */ 2425 static int 2426 smb_fsop_sdinherit(smb_request_t *sr, smb_node_t *dnode, smb_fssd_t *fs_sd) 2427 { 2428 int is_dir; 2429 acl_t *dacl = NULL; 2430 acl_t *sacl = NULL; 2431 ksid_t *owner_sid; 2432 int error; 2433 2434 ASSERT(fs_sd); 2435 2436 if (sr->tid_tree->t_acltype != ACE_T) { 2437 /* 2438 * No forced inheritance for non-ZFS filesystems. 2439 */ 2440 fs_sd->sd_secinfo = 0; 2441 return (0); 2442 } 2443 2444 2445 /* Fetch parent directory's ACL */ 2446 error = smb_fsop_sdread(sr, kcred, dnode, fs_sd); 2447 if (error) { 2448 return (error); 2449 } 2450 2451 is_dir = (fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR); 2452 owner_sid = crgetsid(sr->user_cr, KSID_OWNER); 2453 ASSERT(owner_sid); 2454 dacl = smb_fsacl_inherit(fs_sd->sd_zdacl, is_dir, SMB_DACL_SECINFO, 2455 owner_sid->ks_id); 2456 sacl = smb_fsacl_inherit(fs_sd->sd_zsacl, is_dir, SMB_SACL_SECINFO, 2457 (uid_t)-1); 2458 2459 if (sacl == NULL) 2460 fs_sd->sd_secinfo &= ~SMB_SACL_SECINFO; 2461 2462 smb_fsacl_free(fs_sd->sd_zdacl); 2463 smb_fsacl_free(fs_sd->sd_zsacl); 2464 2465 fs_sd->sd_zdacl = dacl; 2466 fs_sd->sd_zsacl = sacl; 2467 2468 return (0); 2469 } 2470 2471 /* 2472 * smb_fsop_eaccess 2473 * 2474 * Returns the effective permission of the given credential for the 2475 * specified object. 2476 * 2477 * This is just a workaround. We need VFS/FS support for this. 2478 */ 2479 void 2480 smb_fsop_eaccess(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2481 uint32_t *eaccess) 2482 { 2483 int access = 0; 2484 vnode_t *dir_vp; 2485 smb_node_t *unnamed_node; 2486 2487 ASSERT(cr); 2488 ASSERT(snode); 2489 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 2490 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 2491 2492 unnamed_node = SMB_IS_STREAM(snode); 2493 if (unnamed_node) { 2494 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 2495 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 2496 /* 2497 * Streams authorization should be performed against the 2498 * unnamed stream. 2499 */ 2500 snode = unnamed_node; 2501 } 2502 2503 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) { 2504 dir_vp = (snode->dir_snode) ? snode->dir_snode->vp : NULL; 2505 smb_vop_eaccess(snode->vp, (int *)eaccess, V_ACE_MASK, dir_vp, 2506 cr); 2507 return; 2508 } 2509 2510 /* 2511 * FS doesn't understand 32-bit mask 2512 */ 2513 smb_vop_eaccess(snode->vp, &access, 0, NULL, cr); 2514 2515 *eaccess = READ_CONTROL | FILE_READ_EA | FILE_READ_ATTRIBUTES; 2516 2517 if (access & VREAD) 2518 *eaccess |= FILE_READ_DATA; 2519 2520 if (access & VEXEC) 2521 *eaccess |= FILE_EXECUTE; 2522 2523 if (access & VWRITE) 2524 *eaccess |= FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | 2525 FILE_WRITE_EA | FILE_APPEND_DATA | FILE_DELETE_CHILD; 2526 } 2527 2528 /* 2529 * smb_fsop_shrlock 2530 * 2531 * For the current open request, check file sharing rules 2532 * against existing opens. 2533 * 2534 * Returns NT_STATUS_SHARING_VIOLATION if there is any 2535 * sharing conflict. Returns NT_STATUS_SUCCESS otherwise. 2536 * 2537 * Full system-wide share reservation synchronization is available 2538 * when the nbmand (non-blocking mandatory) mount option is set 2539 * (i.e. nbl_need_crit() is true) and nbmand critical regions are used. 2540 * This provides synchronization with NFS and local processes. The 2541 * critical regions are entered in VOP_SHRLOCK()/fs_shrlock() (called 2542 * from smb_open_subr()/smb_fsop_shrlock()/smb_vop_shrlock()) as well 2543 * as the CIFS rename and delete paths. 2544 * 2545 * The CIFS server will also enter the nbl critical region in the open, 2546 * rename, and delete paths when nbmand is not set. There is limited 2547 * coordination with local and VFS share reservations in this case. 2548 * Note that when the nbmand mount option is not set, the VFS layer 2549 * only processes advisory reservations and the delete mode is not checked. 2550 * 2551 * Whether or not the nbmand mount option is set, intra-CIFS share 2552 * checking is done in the open, delete, and rename paths using a CIFS 2553 * critical region (node->n_share_lock). 2554 */ 2555 2556 uint32_t 2557 smb_fsop_shrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid, 2558 uint32_t desired_access, uint32_t share_access) 2559 { 2560 int rc; 2561 2562 if (node->attr.sa_vattr.va_type == VDIR) 2563 return (NT_STATUS_SUCCESS); 2564 2565 /* Allow access if the request is just for meta data */ 2566 if ((desired_access & FILE_DATA_ALL) == 0) 2567 return (NT_STATUS_SUCCESS); 2568 2569 rc = smb_node_open_check(node, cr, desired_access, share_access); 2570 if (rc) 2571 return (NT_STATUS_SHARING_VIOLATION); 2572 2573 rc = smb_vop_shrlock(node->vp, uniq_fid, desired_access, share_access, 2574 cr); 2575 if (rc) 2576 return (NT_STATUS_SHARING_VIOLATION); 2577 2578 return (NT_STATUS_SUCCESS); 2579 } 2580 2581 void 2582 smb_fsop_unshrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid) 2583 { 2584 if (node->attr.sa_vattr.va_type == VDIR) 2585 return; 2586 2587 (void) smb_vop_unshrlock(node->vp, uniq_fid, cr); 2588 } 2589 2590 int 2591 smb_fsop_frlock(smb_node_t *node, smb_lock_t *lock, boolean_t unlock, 2592 cred_t *cr) 2593 { 2594 flock64_t bf; 2595 int flag = F_REMOTELOCK; 2596 2597 /* 2598 * VOP_FRLOCK() will not be called if: 2599 * 2600 * 1) The lock has a range of zero bytes. The semantics of Windows and 2601 * POSIX are different. In the case of POSIX it asks for the locking 2602 * of all the bytes from the offset provided until the end of the 2603 * file. In the case of Windows a range of zero locks nothing and 2604 * doesn't conflict with any other lock. 2605 * 2606 * 2) The lock rolls over (start + lenght < start). Solaris will assert 2607 * if such a request is submitted. This will not create 2608 * incompatibilities between POSIX and Windows. In the Windows world, 2609 * if a client submits such a lock, the server will not lock any 2610 * bytes. Interestingly if the same lock (same offset and length) is 2611 * resubmitted Windows will consider that there is an overlap and 2612 * the granting rules will then apply. 2613 */ 2614 if ((lock->l_length == 0) || 2615 ((lock->l_start + lock->l_length - 1) < lock->l_start)) 2616 return (0); 2617 2618 bzero(&bf, sizeof (bf)); 2619 2620 if (unlock) { 2621 bf.l_type = F_UNLCK; 2622 } else if (lock->l_type == SMB_LOCK_TYPE_READONLY) { 2623 bf.l_type = F_RDLCK; 2624 flag |= FREAD; 2625 } else if (lock->l_type == SMB_LOCK_TYPE_READWRITE) { 2626 bf.l_type = F_WRLCK; 2627 flag |= FWRITE; 2628 } 2629 2630 bf.l_start = lock->l_start; 2631 bf.l_len = lock->l_length; 2632 bf.l_pid = IGN_PID; 2633 bf.l_sysid = smb_ct.cc_sysid; 2634 2635 return (smb_vop_frlock(node->vp, cr, flag, &bf)); 2636 } 2637