1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 #include <sys/sid.h> 29 #include <sys/nbmlock.h> 30 #include <smbsrv/smb_fsops.h> 31 #include <smbsrv/smb_kproto.h> 32 #include <smbsrv/smbvar.h> 33 #include <smbsrv/ntstatus.h> 34 #include <smbsrv/ntaccess.h> 35 #include <smbsrv/smb_incl.h> 36 #include <acl/acl_common.h> 37 #include <sys/fcntl.h> 38 #include <sys/flock.h> 39 #include <fs/fs_subr.h> 40 41 static int smb_fsop_amask_to_omode(uint32_t granted_access); 42 static int smb_fsop_sdinherit(smb_request_t *sr, smb_node_t *dnode, 43 smb_fssd_t *fs_sd); 44 45 static callb_cpr_t *smb_fsop_frlock_callback(flk_cb_when_t when, void *error); 46 47 /* 48 * The smb_fsop_* functions have knowledge of CIFS semantics. 49 * 50 * The smb_vop_* functions have minimal knowledge of CIFS semantics and 51 * serve as an interface to the VFS layer. 52 * 53 * Hence, smb_request_t and smb_node_t structures should not be passed 54 * from the smb_fsop_* layer to the smb_vop_* layer. 55 * 56 * In general, CIFS service code should only ever call smb_fsop_* 57 * functions directly, and never smb_vop_* functions directly. 58 * 59 * smb_fsop_* functions should call smb_vop_* functions where possible, instead 60 * of their smb_fsop_* counterparts. However, there are times when 61 * this cannot be avoided. 62 */ 63 64 /* 65 * Note: Stream names cannot be mangled. 66 */ 67 68 int 69 smb_fsop_start() 70 { 71 int error; 72 73 smb_vop_start(); 74 75 error = smb_node_root_init(); 76 77 if (error == 0) 78 error = smb_fem_init(); 79 80 return (error); 81 } 82 83 void 84 smb_fsop_stop() 85 { 86 smb_fem_shutdown(); 87 smb_vfs_rele_all(); 88 smb_node_root_fini(); 89 } 90 91 int 92 smb_fsop_open(smb_ofile_t *of) 93 { 94 int mode; 95 96 mode = smb_fsop_amask_to_omode(of->f_granted_access); 97 98 /* 99 * Assuming that same vnode is returned as we had before 100 * (i.e. no special vnodes) 101 */ 102 103 return (smb_vop_open(&of->f_node->vp, mode, of->f_cr)); 104 } 105 106 int 107 smb_fsop_close(smb_ofile_t *of) 108 { 109 int mode; 110 111 mode = smb_fsop_amask_to_omode(of->f_granted_access); 112 113 return (smb_vop_close(of->f_node->vp, mode, of->f_cr)); 114 } 115 116 static int 117 smb_fsop_amask_to_omode(uint32_t granted_access) 118 { 119 int mode = 0; 120 121 if (granted_access & (ACE_READ_DATA | ACE_EXECUTE)) 122 mode |= FREAD; 123 124 if (granted_access & (ACE_WRITE_DATA | ACE_APPEND_DATA)) 125 mode |= FWRITE; 126 127 if (granted_access & ACE_APPEND_DATA) 128 mode |= FAPPEND; 129 130 return (mode); 131 } 132 133 static int 134 smb_fsop_create_with_sd( 135 struct smb_request *sr, 136 cred_t *cr, 137 smb_node_t *snode, 138 char *name, 139 smb_attr_t *attr, 140 smb_node_t **ret_snode, 141 smb_attr_t *ret_attr, 142 smb_fssd_t *fs_sd) 143 { 144 vsecattr_t *vsap; 145 vsecattr_t vsecattr; 146 acl_t *acl, *dacl, *sacl; 147 smb_attr_t set_attr; 148 vnode_t *vp; 149 int aclbsize = 0; /* size of acl list in bytes */ 150 int flags = 0; 151 int is_dir; 152 int rc; 153 boolean_t no_xvattr = B_FALSE; 154 155 ASSERT(fs_sd); 156 157 if (SMB_TREE_CASE_INSENSITIVE(sr)) 158 flags = SMB_IGNORE_CASE; 159 160 ASSERT(cr); 161 162 is_dir = ((fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR) != 0); 163 164 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACLONCREATE) { 165 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 166 dacl = fs_sd->sd_zdacl; 167 sacl = fs_sd->sd_zsacl; 168 ASSERT(dacl || sacl); 169 if (dacl && sacl) { 170 acl = smb_fsacl_merge(dacl, sacl); 171 } else if (dacl) { 172 acl = dacl; 173 } else { 174 acl = sacl; 175 } 176 177 rc = smb_fsacl_to_vsa(acl, &vsecattr, &aclbsize); 178 179 if (dacl && sacl) 180 acl_free(acl); 181 182 if (rc) 183 return (rc); 184 185 vsap = &vsecattr; 186 } 187 else 188 vsap = NULL; 189 190 if (is_dir) { 191 rc = smb_vop_mkdir(snode->vp, name, attr, &vp, flags, 192 cr, vsap); 193 } else { 194 rc = smb_vop_create(snode->vp, name, attr, &vp, flags, 195 cr, vsap); 196 } 197 198 if (vsap != NULL) 199 kmem_free(vsap->vsa_aclentp, aclbsize); 200 201 if (rc != 0) 202 return (rc); 203 204 set_attr.sa_mask = 0; 205 206 /* 207 * Ideally we should be able to specify the owner and owning 208 * group at create time along with the ACL. Since we cannot 209 * do that right now, kcred is passed to smb_vop_setattr so it 210 * doesn't fail due to lack of permission. 211 */ 212 if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) { 213 set_attr.sa_vattr.va_uid = fs_sd->sd_uid; 214 set_attr.sa_mask |= SMB_AT_UID; 215 } 216 217 if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) { 218 set_attr.sa_vattr.va_gid = fs_sd->sd_gid; 219 set_attr.sa_mask |= SMB_AT_GID; 220 } 221 222 if (set_attr.sa_mask) { 223 if (sr && sr->tid_tree) 224 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_UFS) 225 no_xvattr = B_TRUE; 226 rc = smb_vop_setattr(snode->vp, NULL, &set_attr, 227 0, kcred, no_xvattr); 228 } 229 230 } else { 231 /* 232 * For filesystems that don't support ACL-on-create, try 233 * to set the specified SD after create, which could actually 234 * fail because of conflicts between inherited security 235 * attributes upon creation and the specified SD. 236 * 237 * Passing kcred to smb_fsop_sdwrite() to overcome this issue. 238 */ 239 240 if (is_dir) { 241 rc = smb_vop_mkdir(snode->vp, name, attr, &vp, flags, 242 cr, NULL); 243 } else { 244 rc = smb_vop_create(snode->vp, name, attr, &vp, flags, 245 cr, NULL); 246 } 247 248 if (rc != 0) 249 return (rc); 250 251 if ((sr->tid_tree->t_flags & SMB_TREE_FLAG_NFS_MOUNTED) == 0) 252 rc = smb_fsop_sdwrite(sr, kcred, snode, fs_sd, 1); 253 } 254 255 if (rc == 0) { 256 *ret_snode = smb_node_lookup(sr, &sr->arg.open, cr, vp, name, 257 snode, NULL, ret_attr); 258 259 if (*ret_snode == NULL) { 260 VN_RELE(vp); 261 rc = ENOMEM; 262 } 263 } 264 265 if (rc != 0) { 266 if (is_dir) { 267 (void) smb_vop_rmdir(snode->vp, name, flags, cr); 268 } else { 269 (void) smb_vop_remove(snode->vp, name, flags, cr); 270 } 271 } 272 273 return (rc); 274 } 275 276 277 /* 278 * smb_fsop_create 279 * 280 * All SMB functions should use this wrapper to ensure that 281 * all the smb_vop_creates are performed with the appropriate credentials. 282 * Please document any direct calls to explain the reason 283 * for avoiding this wrapper. 284 * 285 * It is assumed that a reference exists on snode coming into this routine. 286 * 287 * *ret_snode is returned with a reference upon success. No reference is 288 * taken if an error is returned. 289 */ 290 291 int 292 smb_fsop_create( 293 struct smb_request *sr, 294 cred_t *cr, 295 smb_node_t *dir_snode, 296 char *name, 297 smb_attr_t *attr, 298 smb_node_t **ret_snode, 299 smb_attr_t *ret_attr) 300 { 301 struct open_param *op = &sr->arg.open; 302 smb_node_t *fnode; 303 smb_attr_t file_attr; 304 vnode_t *xattrdirvp; 305 vnode_t *vp; 306 char *longname = NULL; 307 char *namep; 308 char *fname; 309 char *sname; 310 int is_stream; 311 int flags = 0; 312 int rc = 0; 313 smb_fssd_t fs_sd; 314 uint32_t secinfo; 315 uint32_t status; 316 317 ASSERT(cr); 318 ASSERT(dir_snode); 319 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 320 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 321 322 ASSERT(ret_snode); 323 *ret_snode = 0; 324 325 ASSERT(name); 326 if (*name == 0) 327 return (EINVAL); 328 329 if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 330 return (EACCES); 331 332 ASSERT(sr); 333 ASSERT(sr->tid_tree); 334 if (SMB_TREE_IS_READ_ONLY(sr)) 335 return (EROFS); 336 337 if (SMB_TREE_CASE_INSENSITIVE(sr)) 338 flags = SMB_IGNORE_CASE; 339 340 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 341 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 342 343 is_stream = smb_stream_parse_name(name, fname, sname); 344 345 if (is_stream) 346 namep = fname; 347 else 348 namep = name; 349 350 if (smb_maybe_mangled_name(namep)) { 351 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 352 353 rc = smb_unmangle_name(sr, cr, dir_snode, namep, longname, 354 MAXNAMELEN, NULL, NULL, 1); 355 356 if ((is_stream == 0) && (rc == 0)) 357 rc = EEXIST; 358 359 if ((is_stream && rc) || 360 ((is_stream == 0) && (rc != ENOENT))) { 361 kmem_free(longname, MAXNAMELEN); 362 kmem_free(fname, MAXNAMELEN); 363 kmem_free(sname, MAXNAMELEN); 364 return (rc); 365 } 366 367 if (is_stream) 368 namep = longname; 369 else 370 kmem_free(longname, MAXNAMELEN); 371 } 372 373 if (is_stream) { 374 /* 375 * Look up the unnamed stream. 376 * 377 * Mangle processing in smb_fsop_lookup() for the unnamed 378 * stream won't be needed (as it was done above), but 379 * it may be needed on any link target (which 380 * smb_fsop_lookup() will provide). 381 */ 382 rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS, 383 sr->tid_tree->t_snode, dir_snode, namep, &fnode, &file_attr, 384 0, 0); 385 386 if (longname) { 387 kmem_free(longname, MAXNAMELEN); 388 namep = NULL; 389 } 390 391 if (rc != 0) { 392 kmem_free(fname, MAXNAMELEN); 393 kmem_free(sname, MAXNAMELEN); 394 return (rc); 395 } 396 397 rc = smb_vop_stream_create(fnode->vp, sname, attr, &vp, 398 &xattrdirvp, flags, cr); 399 400 if (rc != 0) { 401 smb_node_release(fnode); 402 kmem_free(fname, MAXNAMELEN); 403 kmem_free(sname, MAXNAMELEN); 404 return (rc); 405 } 406 407 *ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, 408 vp, sname, ret_attr); 409 410 smb_node_release(fnode); 411 412 if (*ret_snode == NULL) { 413 VN_RELE(xattrdirvp); 414 VN_RELE(vp); 415 kmem_free(fname, MAXNAMELEN); 416 kmem_free(sname, MAXNAMELEN); 417 return (ENOMEM); 418 } 419 } else { 420 if (op->sd) { 421 /* 422 * SD sent by client in Windows format. Needs to be 423 * converted to FS format. No inheritance. 424 */ 425 secinfo = smb_sd_get_secinfo(op->sd); 426 smb_fssd_init(&fs_sd, secinfo, 0); 427 428 status = smb_sd_tofs(op->sd, &fs_sd); 429 if (status == NT_STATUS_SUCCESS) { 430 rc = smb_fsop_create_with_sd(sr, cr, dir_snode, 431 name, attr, ret_snode, ret_attr, &fs_sd); 432 } 433 else 434 rc = EINVAL; 435 smb_fssd_term(&fs_sd); 436 } else if (sr->tid_tree->t_acltype == ACE_T) { 437 /* 438 * No incoming SD and filesystem is ZFS 439 * Server applies Windows inheritance rules, 440 * see smb_fsop_sdinherit() comments as to why. 441 */ 442 smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, 0); 443 rc = smb_fsop_sdinherit(sr, dir_snode, &fs_sd); 444 if (rc == 0) { 445 rc = smb_fsop_create_with_sd(sr, cr, dir_snode, 446 name, attr, ret_snode, ret_attr, &fs_sd); 447 } 448 449 smb_fssd_term(&fs_sd); 450 } else { 451 /* 452 * No incoming SD and filesystem is not ZFS 453 * let the filesystem handles the inheritance. 454 */ 455 rc = smb_vop_create(dir_snode->vp, name, attr, &vp, 456 flags, cr, NULL); 457 458 if (rc == 0) { 459 *ret_snode = smb_node_lookup(sr, op, cr, vp, 460 name, dir_snode, NULL, ret_attr); 461 462 if (*ret_snode == NULL) { 463 VN_RELE(vp); 464 rc = ENOMEM; 465 } 466 } 467 468 } 469 } 470 471 kmem_free(fname, MAXNAMELEN); 472 kmem_free(sname, MAXNAMELEN); 473 return (rc); 474 } 475 476 /* 477 * smb_fsop_mkdir 478 * 479 * All SMB functions should use this wrapper to ensure that 480 * the the calls are performed with the appropriate credentials. 481 * Please document any direct call to explain the reason 482 * for avoiding this wrapper. 483 * 484 * It is assumed that a reference exists on snode coming into this routine. 485 * 486 * *ret_snode is returned with a reference upon success. No reference is 487 * taken if an error is returned. 488 */ 489 int 490 smb_fsop_mkdir( 491 struct smb_request *sr, 492 cred_t *cr, 493 smb_node_t *dir_snode, 494 char *name, 495 smb_attr_t *attr, 496 smb_node_t **ret_snode, 497 smb_attr_t *ret_attr) 498 { 499 struct open_param *op = &sr->arg.open; 500 char *longname; 501 vnode_t *vp; 502 int flags = 0; 503 smb_fssd_t fs_sd; 504 uint32_t secinfo; 505 uint32_t status; 506 int rc; 507 ASSERT(cr); 508 ASSERT(dir_snode); 509 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 510 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 511 512 ASSERT(ret_snode); 513 *ret_snode = 0; 514 515 ASSERT(name); 516 if (*name == 0) 517 return (EINVAL); 518 519 if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 520 return (EACCES); 521 522 ASSERT(sr); 523 ASSERT(sr->tid_tree); 524 if (SMB_TREE_IS_READ_ONLY(sr)) 525 return (EROFS); 526 527 if (smb_maybe_mangled_name(name)) { 528 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 529 rc = smb_unmangle_name(sr, cr, dir_snode, name, longname, 530 MAXNAMELEN, NULL, NULL, 1); 531 532 kmem_free(longname, MAXNAMELEN); 533 534 /* 535 * If the name passed in by the client has an unmangled 536 * equivalent that is found in the specified directory, 537 * then the mkdir cannot succeed. Return EEXIST. 538 * 539 * Only if ENOENT is returned will a mkdir be attempted. 540 */ 541 542 if (rc == 0) 543 rc = EEXIST; 544 545 if (rc != ENOENT) 546 return (rc); 547 } 548 549 if (SMB_TREE_CASE_INSENSITIVE(sr)) 550 flags = SMB_IGNORE_CASE; 551 552 if (op->sd) { 553 /* 554 * SD sent by client in Windows format. Needs to be 555 * converted to FS format. No inheritance. 556 */ 557 secinfo = smb_sd_get_secinfo(op->sd); 558 smb_fssd_init(&fs_sd, secinfo, SMB_FSSD_FLAGS_DIR); 559 560 status = smb_sd_tofs(op->sd, &fs_sd); 561 if (status == NT_STATUS_SUCCESS) { 562 rc = smb_fsop_create_with_sd(sr, cr, dir_snode, 563 name, attr, ret_snode, ret_attr, &fs_sd); 564 } 565 else 566 rc = EINVAL; 567 smb_fssd_term(&fs_sd); 568 } else if (sr->tid_tree->t_acltype == ACE_T) { 569 /* 570 * No incoming SD and filesystem is ZFS 571 * Server applies Windows inheritance rules, 572 * see smb_fsop_sdinherit() comments as to why. 573 */ 574 smb_fssd_init(&fs_sd, SMB_ACL_SECINFO, SMB_FSSD_FLAGS_DIR); 575 rc = smb_fsop_sdinherit(sr, dir_snode, &fs_sd); 576 if (rc == 0) { 577 rc = smb_fsop_create_with_sd(sr, cr, dir_snode, 578 name, attr, ret_snode, ret_attr, &fs_sd); 579 } 580 581 smb_fssd_term(&fs_sd); 582 583 } else { 584 rc = smb_vop_mkdir(dir_snode->vp, name, attr, &vp, flags, cr, 585 NULL); 586 587 if (rc == 0) { 588 *ret_snode = smb_node_lookup(sr, op, cr, vp, name, 589 dir_snode, NULL, ret_attr); 590 591 if (*ret_snode == NULL) { 592 VN_RELE(vp); 593 rc = ENOMEM; 594 } 595 } 596 } 597 598 return (rc); 599 } 600 601 /* 602 * smb_fsop_remove 603 * 604 * All SMB functions should use this wrapper to ensure that 605 * the the calls are performed with the appropriate credentials. 606 * Please document any direct call to explain the reason 607 * for avoiding this wrapper. 608 * 609 * It is assumed that a reference exists on snode coming into this routine. 610 * 611 * od: This means that the name passed in is an on-disk name. 612 * A null smb_request might be passed to this function. 613 */ 614 615 int 616 smb_fsop_remove( 617 struct smb_request *sr, 618 cred_t *cr, 619 smb_node_t *dir_snode, 620 char *name, 621 int od) 622 { 623 smb_node_t *fnode; 624 smb_attr_t file_attr; 625 char *longname; 626 char *fname; 627 char *sname; 628 int flags = 0; 629 int rc; 630 631 ASSERT(cr); 632 /* 633 * The state of the node could be SMB_NODE_STATE_DESTROYING if this 634 * function is called during the deletion of the node (because of 635 * DELETE_ON_CLOSE). 636 */ 637 ASSERT(dir_snode); 638 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 639 640 if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 641 return (EACCES); 642 643 if (SMB_TREE_IS_READ_ONLY(sr)) 644 return (EROFS); 645 646 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 647 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 648 649 /* 650 * If the passed-in name is an on-disk name, 651 * then we need to do a case-sensitive remove. 652 * This is important if the on-disk name 653 * corresponds to a mangled name passed in by 654 * the client. We want to make sure to remove 655 * the exact file specified by the client, 656 * instead of letting the underlying file system 657 * do a remove on the "first match." 658 */ 659 660 if ((od == 0) && SMB_TREE_CASE_INSENSITIVE(sr)) 661 flags = SMB_IGNORE_CASE; 662 663 if (dir_snode->flags & NODE_XATTR_DIR) { 664 rc = smb_vop_stream_remove(dir_snode->dir_snode->vp, 665 name, flags, cr); 666 } else if (smb_stream_parse_name(name, fname, sname)) { 667 /* 668 * It is assumed that "name" corresponds to the path 669 * passed in by the client, and no need of suppressing 670 * case-insensitive lookups is needed. 671 */ 672 673 ASSERT(od == 0); 674 675 /* 676 * Look up the unnamed stream (i.e. fname). 677 * Unmangle processing will be done on fname 678 * as well as any link target. 679 */ 680 681 rc = smb_fsop_lookup(sr, cr, flags | SMB_FOLLOW_LINKS, 682 sr->tid_tree->t_snode, dir_snode, fname, &fnode, &file_attr, 683 0, 0); 684 685 if (rc != 0) { 686 kmem_free(fname, MAXNAMELEN); 687 kmem_free(sname, MAXNAMELEN); 688 return (rc); 689 } 690 691 /* 692 * XXX 693 * Need to find out what permission is required by NTFS 694 * to remove a stream. 695 */ 696 rc = smb_vop_stream_remove(fnode->vp, sname, flags, cr); 697 698 smb_node_release(fnode); 699 } else { 700 rc = smb_vop_remove(dir_snode->vp, name, flags, cr); 701 702 if (rc == ENOENT) { 703 if (smb_maybe_mangled_name(name) == 0) { 704 kmem_free(fname, MAXNAMELEN); 705 kmem_free(sname, MAXNAMELEN); 706 return (rc); 707 } 708 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 709 710 rc = smb_unmangle_name(sr, cr, dir_snode, name, 711 longname, MAXNAMELEN, NULL, NULL, 1); 712 713 if (rc == 0) { 714 /* 715 * We passed "1" as the "od" parameter 716 * to smb_unmangle_name(), such that longname 717 * is the real (case-sensitive) on-disk name. 718 * We make sure we do a remove on this exact 719 * name, as the name was mangled and denotes 720 * a unique file. 721 */ 722 flags &= ~SMB_IGNORE_CASE; 723 rc = smb_vop_remove(dir_snode->vp, longname, 724 flags, cr); 725 } 726 727 kmem_free(longname, MAXNAMELEN); 728 } 729 } 730 731 kmem_free(fname, MAXNAMELEN); 732 kmem_free(sname, MAXNAMELEN); 733 return (rc); 734 } 735 736 /* 737 * smb_fsop_remove_streams 738 * 739 * This function removes a file's streams without removing the 740 * file itself. 741 * 742 * It is assumed that snode is not a link. 743 */ 744 int 745 smb_fsop_remove_streams(struct smb_request *sr, cred_t *cr, 746 smb_node_t *fnode) 747 { 748 struct fs_stream_info stream_info; 749 uint32_t cookie = 0; 750 int flags = 0; 751 int rc; 752 753 ASSERT(cr); 754 ASSERT(fnode); 755 ASSERT(fnode->n_magic == SMB_NODE_MAGIC); 756 ASSERT(fnode->n_state != SMB_NODE_STATE_DESTROYING); 757 758 if (SMB_TREE_ROOT_FS(sr, fnode) == 0) 759 return (EACCES); 760 761 if (SMB_TREE_IS_READ_ONLY(sr)) 762 return (EROFS); 763 764 if (SMB_TREE_CASE_INSENSITIVE(sr)) 765 flags = SMB_IGNORE_CASE; 766 767 for (;;) { 768 rc = smb_vop_stream_readdir(fnode->vp, &cookie, &stream_info, 769 NULL, NULL, flags, cr); 770 771 if ((rc != 0) || (cookie == SMB_EOF)) 772 break; 773 774 (void) smb_vop_stream_remove(fnode->vp, stream_info.name, flags, 775 cr); 776 } 777 return (rc); 778 } 779 780 /* 781 * smb_fsop_rmdir 782 * 783 * All SMB functions should use this wrapper to ensure that 784 * the the calls are performed with the appropriate credentials. 785 * Please document any direct call to explain the reason 786 * for avoiding this wrapper. 787 * 788 * It is assumed that a reference exists on snode coming into this routine. 789 * 790 * od: This means that the name passed in is an on-disk name. 791 */ 792 793 int 794 smb_fsop_rmdir( 795 struct smb_request *sr, 796 cred_t *cr, 797 smb_node_t *dir_snode, 798 char *name, 799 int od) 800 { 801 int rc; 802 int flags = 0; 803 char *longname; 804 805 ASSERT(cr); 806 /* 807 * The state of the node could be SMB_NODE_STATE_DESTROYING if this 808 * function is called during the deletion of the node (because of 809 * DELETE_ON_CLOSE). 810 */ 811 ASSERT(dir_snode); 812 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 813 814 if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 815 return (EACCES); 816 817 if (SMB_TREE_IS_READ_ONLY(sr)) 818 return (EROFS); 819 820 /* 821 * If the passed-in name is an on-disk name, 822 * then we need to do a case-sensitive rmdir. 823 * This is important if the on-disk name 824 * corresponds to a mangled name passed in by 825 * the client. We want to make sure to remove 826 * the exact directory specified by the client, 827 * instead of letting the underlying file system 828 * do a rmdir on the "first match." 829 */ 830 831 if ((od == 0) && SMB_TREE_CASE_INSENSITIVE(sr)) 832 flags = SMB_IGNORE_CASE; 833 834 rc = smb_vop_rmdir(dir_snode->vp, name, flags, cr); 835 836 if (rc == ENOENT) { 837 if (smb_maybe_mangled_name(name) == 0) 838 return (rc); 839 840 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 841 842 rc = smb_unmangle_name(sr, cr, dir_snode, 843 name, longname, MAXNAMELEN, NULL, 844 NULL, 1); 845 846 if (rc == 0) { 847 /* 848 * We passed "1" as the "od" parameter 849 * to smb_unmangle_name(), such that longname 850 * is the real (case-sensitive) on-disk name. 851 * We make sure we do a rmdir on this exact 852 * name, as the name was mangled and denotes 853 * a unique directory. 854 */ 855 flags &= ~SMB_IGNORE_CASE; 856 rc = smb_vop_rmdir(dir_snode->vp, longname, flags, cr); 857 } 858 859 kmem_free(longname, MAXNAMELEN); 860 } 861 862 return (rc); 863 } 864 865 /* 866 * smb_fsop_getattr 867 * 868 * All SMB functions should use this wrapper to ensure that 869 * the the calls are performed with the appropriate credentials. 870 * Please document any direct call to explain the reason 871 * for avoiding this wrapper. 872 * 873 * It is assumed that a reference exists on snode coming into this routine. 874 */ 875 int 876 smb_fsop_getattr(struct smb_request *sr, cred_t *cr, smb_node_t *snode, 877 smb_attr_t *attr) 878 { 879 smb_node_t *unnamed_node; 880 vnode_t *unnamed_vp = NULL; 881 uint32_t status; 882 uint32_t access = 0; 883 int flags = 0; 884 int rc; 885 886 ASSERT(cr); 887 ASSERT(snode); 888 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 889 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 890 891 if (SMB_TREE_ROOT_FS(sr, snode) == 0) 892 return (EACCES); 893 894 if (sr->fid_ofile) { 895 /* if uid and/or gid is requested */ 896 if (attr->sa_mask & (SMB_AT_UID|SMB_AT_GID)) 897 access |= READ_CONTROL; 898 899 /* if anything else is also requested */ 900 if (attr->sa_mask & ~(SMB_AT_UID|SMB_AT_GID)) 901 access |= FILE_READ_ATTRIBUTES; 902 903 status = smb_ofile_access(sr->fid_ofile, cr, access); 904 if (status != NT_STATUS_SUCCESS) 905 return (EACCES); 906 907 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) 908 flags = ATTR_NOACLCHECK; 909 } 910 911 unnamed_node = SMB_IS_STREAM(snode); 912 913 if (unnamed_node) { 914 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 915 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 916 unnamed_vp = unnamed_node->vp; 917 } 918 919 rc = smb_vop_getattr(snode->vp, unnamed_vp, attr, flags, cr); 920 if (rc == 0) 921 snode->attr = *attr; 922 923 return (rc); 924 } 925 926 /* 927 * smb_fsop_readdir 928 * 929 * All SMB functions should use this smb_fsop_readdir wrapper to ensure that 930 * the smb_vop_readdir is performed with the appropriate credentials. 931 * Please document any direct call to smb_vop_readdir to explain the reason 932 * for avoiding this wrapper. 933 * 934 * It is assumed that a reference exists on snode coming into this routine. 935 */ 936 int 937 smb_fsop_readdir( 938 struct smb_request *sr, 939 cred_t *cr, 940 smb_node_t *dir_snode, 941 uint32_t *cookie, 942 char *name, 943 int *namelen, 944 ino64_t *fileid, 945 struct fs_stream_info *stream_info, 946 smb_node_t **ret_snode, 947 smb_attr_t *ret_attr) 948 { 949 smb_node_t *ret_snodep; 950 smb_node_t *fnode; 951 smb_attr_t tmp_attr; 952 vnode_t *xattrdirvp; 953 vnode_t *fvp; 954 vnode_t *vp = NULL; 955 char *od_name; 956 int rc; 957 int flags = 0; 958 959 ASSERT(cr); 960 ASSERT(dir_snode); 961 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 962 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 963 964 if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 965 return (EACCES); 966 967 if (*cookie == SMB_EOF) { 968 *namelen = 0; 969 return (0); 970 } 971 972 if (SMB_TREE_CASE_INSENSITIVE(sr)) 973 flags = SMB_IGNORE_CASE; 974 975 od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP); 976 977 if (stream_info) { 978 rc = smb_vop_lookup(dir_snode->vp, name, &fvp, od_name, 979 SMB_FOLLOW_LINKS, sr->tid_tree->t_snode->vp, cr); 980 981 if (rc != 0) { 982 kmem_free(od_name, MAXNAMELEN); 983 return (rc); 984 } 985 986 fnode = smb_node_lookup(sr, NULL, cr, fvp, od_name, dir_snode, 987 NULL, ret_attr); 988 989 kmem_free(od_name, MAXNAMELEN); 990 991 if (fnode == NULL) { 992 VN_RELE(fvp); 993 return (ENOMEM); 994 } 995 996 /* 997 * XXX 998 * Need to find out what permission(s) NTFS requires for getting 999 * a file's streams list. 1000 * 1001 * Might have to use kcred. 1002 */ 1003 rc = smb_vop_stream_readdir(fvp, cookie, stream_info, &vp, 1004 &xattrdirvp, flags, cr); 1005 1006 if ((rc != 0) || (*cookie == SMB_EOF)) { 1007 smb_node_release(fnode); 1008 return (rc); 1009 } 1010 1011 ret_snodep = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, 1012 vp, stream_info->name, &tmp_attr); 1013 1014 smb_node_release(fnode); 1015 1016 if (ret_snodep == NULL) { 1017 VN_RELE(xattrdirvp); 1018 VN_RELE(vp); 1019 return (ENOMEM); 1020 } 1021 1022 stream_info->size = tmp_attr.sa_vattr.va_size; 1023 1024 if (ret_attr) 1025 *ret_attr = tmp_attr; 1026 1027 if (ret_snode) 1028 *ret_snode = ret_snodep; 1029 else 1030 smb_node_release(ret_snodep); 1031 1032 } else { 1033 rc = smb_vop_readdir(dir_snode->vp, cookie, name, namelen, 1034 fileid, &vp, od_name, flags, cr); 1035 1036 if (rc != 0) { 1037 kmem_free(od_name, MAXNAMELEN); 1038 return (rc); 1039 } 1040 1041 if (*namelen) { 1042 ASSERT(vp); 1043 if (ret_attr || ret_snode) { 1044 ret_snodep = smb_node_lookup(sr, NULL, cr, vp, 1045 od_name, dir_snode, NULL, &tmp_attr); 1046 1047 if (ret_snodep == NULL) { 1048 kmem_free(od_name, MAXNAMELEN); 1049 VN_RELE(vp); 1050 return (ENOMEM); 1051 } 1052 1053 if (ret_attr) 1054 *ret_attr = tmp_attr; 1055 1056 if (ret_snode) 1057 *ret_snode = ret_snodep; 1058 else 1059 smb_node_release(ret_snodep); 1060 } 1061 } 1062 1063 kmem_free(od_name, MAXNAMELEN); 1064 } 1065 1066 return (rc); 1067 } 1068 1069 /* 1070 * smb_fsop_getdents 1071 * 1072 * All SMB functions should use this smb_vop_getdents wrapper to ensure that 1073 * the smb_vop_getdents is performed with the appropriate credentials. 1074 * Please document any direct call to smb_vop_getdents to explain the reason 1075 * for avoiding this wrapper. 1076 * 1077 * It is assumed that a reference exists on snode coming into this routine. 1078 */ 1079 /*ARGSUSED*/ 1080 int 1081 smb_fsop_getdents( 1082 struct smb_request *sr, 1083 cred_t *cr, 1084 smb_node_t *dir_snode, 1085 uint32_t *cookie, 1086 uint64_t *verifierp, 1087 int32_t *maxcnt, 1088 char *args, 1089 char *pattern) 1090 { 1091 int flags = 0; 1092 1093 ASSERT(cr); 1094 ASSERT(dir_snode); 1095 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 1096 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 1097 1098 if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 1099 return (EACCES); 1100 1101 if (SMB_TREE_CASE_INSENSITIVE(sr)) 1102 flags = SMB_IGNORE_CASE; 1103 1104 return (smb_vop_getdents(dir_snode, cookie, 0, maxcnt, args, pattern, 1105 flags, sr, cr)); 1106 } 1107 1108 /* 1109 * smb_fsop_rename 1110 * 1111 * All SMB functions should use this smb_vop_rename wrapper to ensure that 1112 * the smb_vop_rename is performed with the appropriate credentials. 1113 * Please document any direct call to smb_vop_rename to explain the reason 1114 * for avoiding this wrapper. 1115 * 1116 * It is assumed that references exist on from_dir_snode and to_dir_snode coming 1117 * into this routine. 1118 */ 1119 int 1120 smb_fsop_rename( 1121 struct smb_request *sr, 1122 cred_t *cr, 1123 smb_node_t *from_dir_snode, 1124 char *from_name, 1125 smb_node_t *to_dir_snode, 1126 char *to_name) 1127 { 1128 smb_node_t *from_snode; 1129 smb_attr_t tmp_attr; 1130 vnode_t *from_vp; 1131 int flags = 0; 1132 int rc; 1133 1134 ASSERT(cr); 1135 ASSERT(from_dir_snode); 1136 ASSERT(from_dir_snode->n_magic == SMB_NODE_MAGIC); 1137 ASSERT(from_dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 1138 1139 ASSERT(to_dir_snode); 1140 ASSERT(to_dir_snode->n_magic == SMB_NODE_MAGIC); 1141 ASSERT(to_dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 1142 1143 if (SMB_TREE_ROOT_FS(sr, from_dir_snode) == 0) 1144 return (EACCES); 1145 1146 if (SMB_TREE_ROOT_FS(sr, to_dir_snode) == 0) 1147 return (EACCES); 1148 1149 ASSERT(sr); 1150 ASSERT(sr->tid_tree); 1151 if (SMB_TREE_IS_READ_ONLY(sr)) 1152 return (EROFS); 1153 1154 /* 1155 * Note: There is no need to check SMB_TREE_CASE_INSENSITIVE(sr) 1156 * here. 1157 * 1158 * A case-sensitive rename is always done in this routine 1159 * because we are using the on-disk name from an earlier lookup. 1160 * If a mangled name was passed in by the caller (denoting a 1161 * deterministic lookup), then the exact file must be renamed 1162 * (i.e. SMB_IGNORE_CASE must not be passed to VOP_RENAME, or 1163 * else the underlying file system might return a "first-match" 1164 * on this on-disk name, possibly resulting in the wrong file). 1165 */ 1166 1167 /* 1168 * XXX: Lock required through smb_node_release() below? 1169 */ 1170 1171 rc = smb_vop_lookup(from_dir_snode->vp, from_name, &from_vp, NULL, 0, 1172 NULL, cr); 1173 1174 if (rc != 0) 1175 return (rc); 1176 1177 rc = smb_vop_rename(from_dir_snode->vp, from_name, to_dir_snode->vp, 1178 to_name, flags, cr); 1179 1180 if (rc == 0) { 1181 from_snode = smb_node_lookup(sr, NULL, cr, from_vp, from_name, 1182 from_dir_snode, NULL, &tmp_attr); 1183 1184 if (from_snode == NULL) { 1185 VN_RELE(from_vp); 1186 return (ENOMEM); 1187 } 1188 1189 (void) smb_node_rename(from_dir_snode, from_snode, to_dir_snode, 1190 to_name); 1191 1192 smb_node_release(from_snode); 1193 } else { 1194 VN_RELE(from_vp); 1195 } 1196 1197 /* XXX: unlock */ 1198 1199 return (rc); 1200 } 1201 1202 /* 1203 * smb_fsop_setattr 1204 * 1205 * All SMB functions should use this wrapper to ensure that 1206 * the the calls are performed with the appropriate credentials. 1207 * Please document any direct call to explain the reason 1208 * for avoiding this wrapper. 1209 * 1210 * It is assumed that a reference exists on snode coming into this routine. 1211 * A null smb_request might be passed to this function. 1212 */ 1213 int 1214 smb_fsop_setattr( 1215 smb_request_t *sr, 1216 cred_t *cr, 1217 smb_node_t *snode, 1218 smb_attr_t *set_attr, 1219 smb_attr_t *ret_attr) 1220 { 1221 smb_node_t *unnamed_node; 1222 vnode_t *unnamed_vp = NULL; 1223 uint32_t status; 1224 uint32_t access = 0; 1225 int rc = 0; 1226 int flags = 0; 1227 boolean_t no_xvattr = B_FALSE; 1228 1229 ASSERT(cr); 1230 ASSERT(snode); 1231 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1232 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1233 1234 if (SMB_TREE_ROOT_FS(sr, snode) == 0) 1235 return (EACCES); 1236 1237 if (SMB_TREE_IS_READ_ONLY(sr)) 1238 return (EROFS); 1239 1240 /* sr could be NULL in some cases */ 1241 if (sr && sr->fid_ofile) { 1242 /* if uid and/or gid is requested */ 1243 if (set_attr->sa_mask & (SMB_AT_UID|SMB_AT_GID)) 1244 access |= WRITE_OWNER; 1245 1246 /* if anything else is also requested */ 1247 if (set_attr->sa_mask & ~(SMB_AT_UID|SMB_AT_GID)) 1248 access |= FILE_WRITE_ATTRIBUTES; 1249 1250 status = smb_ofile_access(sr->fid_ofile, cr, access); 1251 if (status != NT_STATUS_SUCCESS) 1252 return (EACCES); 1253 1254 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) 1255 flags = ATTR_NOACLCHECK; 1256 } 1257 1258 unnamed_node = SMB_IS_STREAM(snode); 1259 1260 if (unnamed_node) { 1261 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1262 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1263 unnamed_vp = unnamed_node->vp; 1264 } 1265 if (sr && sr->tid_tree) 1266 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_UFS) 1267 no_xvattr = B_TRUE; 1268 1269 rc = smb_vop_setattr(snode->vp, unnamed_vp, set_attr, flags, cr, 1270 no_xvattr); 1271 1272 if ((rc == 0) && ret_attr) { 1273 /* 1274 * Use kcred to update the node attr because this 1275 * call is not being made on behalf of the user. 1276 */ 1277 ret_attr->sa_mask = SMB_AT_ALL; 1278 rc = smb_vop_getattr(snode->vp, unnamed_vp, ret_attr, 0, kcred); 1279 if (rc == 0) 1280 snode->attr = *ret_attr; 1281 } 1282 1283 return (rc); 1284 } 1285 1286 /* 1287 * smb_fsop_read 1288 * 1289 * All SMB functions should use this wrapper to ensure that 1290 * the the calls are performed with the appropriate credentials. 1291 * Please document any direct call to explain the reason 1292 * for avoiding this wrapper. 1293 * 1294 * It is assumed that a reference exists on snode coming into this routine. 1295 */ 1296 int 1297 smb_fsop_read( 1298 struct smb_request *sr, 1299 cred_t *cr, 1300 smb_node_t *snode, 1301 uio_t *uio, 1302 smb_attr_t *ret_attr) 1303 { 1304 smb_node_t *unnamed_node; 1305 vnode_t *unnamed_vp = NULL; 1306 int svmand; 1307 int rc; 1308 1309 ASSERT(cr); 1310 ASSERT(snode); 1311 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1312 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1313 1314 ASSERT(sr); 1315 ASSERT(sr->fid_ofile); 1316 1317 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_READ_DATA); 1318 if (rc != NT_STATUS_SUCCESS) { 1319 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_EXECUTE); 1320 if (rc != NT_STATUS_SUCCESS) 1321 return (EACCES); 1322 } 1323 1324 unnamed_node = SMB_IS_STREAM(snode); 1325 if (unnamed_node) { 1326 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1327 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1328 unnamed_vp = unnamed_node->vp; 1329 /* 1330 * Streams permission are checked against the unnamed stream, 1331 * but in FS level they have their own permissions. To avoid 1332 * rejection by FS due to lack of permission on the actual 1333 * extended attr kcred is passed for streams. 1334 */ 1335 cr = kcred; 1336 } 1337 1338 smb_node_start_crit(snode, RW_READER); 1339 rc = nbl_svmand(snode->vp, cr, &svmand); 1340 if (rc) { 1341 smb_node_end_crit(snode); 1342 return (rc); 1343 } 1344 1345 rc = nbl_lock_conflict(snode->vp, NBL_READ, uio->uio_loffset, 1346 uio->uio_iov->iov_len, svmand, &smb_ct); 1347 1348 if (rc) { 1349 smb_node_end_crit(snode); 1350 return (rc); 1351 } 1352 rc = smb_vop_read(snode->vp, uio, cr); 1353 1354 if (rc == 0 && ret_attr) { 1355 /* 1356 * Use kcred to update the node attr because this 1357 * call is not being made on behalf of the user. 1358 */ 1359 ret_attr->sa_mask = SMB_AT_ALL; 1360 if (smb_vop_getattr(snode->vp, unnamed_vp, ret_attr, 0, 1361 kcred) == 0) { 1362 snode->attr = *ret_attr; 1363 } 1364 } 1365 1366 smb_node_end_crit(snode); 1367 1368 return (rc); 1369 } 1370 1371 /* 1372 * smb_fsop_write 1373 * 1374 * This is a wrapper function used for smb_write and smb_write_raw operations. 1375 * 1376 * It is assumed that a reference exists on snode coming into this routine. 1377 */ 1378 int 1379 smb_fsop_write( 1380 struct smb_request *sr, 1381 cred_t *cr, 1382 smb_node_t *snode, 1383 uio_t *uio, 1384 uint32_t *lcount, 1385 smb_attr_t *ret_attr, 1386 uint32_t *flag) 1387 { 1388 smb_node_t *unnamed_node; 1389 vnode_t *unnamed_vp = NULL; 1390 int svmand; 1391 int rc; 1392 1393 ASSERT(cr); 1394 ASSERT(snode); 1395 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1396 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1397 1398 ASSERT(sr); 1399 ASSERT(sr->tid_tree); 1400 ASSERT(sr->fid_ofile); 1401 1402 if (SMB_TREE_IS_READ_ONLY(sr)) 1403 return (EROFS); 1404 1405 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_WRITE_DATA); 1406 if (rc != NT_STATUS_SUCCESS) { 1407 rc = smb_ofile_access(sr->fid_ofile, cr, FILE_APPEND_DATA); 1408 if (rc != NT_STATUS_SUCCESS) 1409 return (EACCES); 1410 } 1411 1412 unnamed_node = SMB_IS_STREAM(snode); 1413 1414 if (unnamed_node) { 1415 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1416 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1417 unnamed_vp = unnamed_node->vp; 1418 /* 1419 * Streams permission are checked against the unnamed stream, 1420 * but in FS level they have their own permissions. To avoid 1421 * rejection by FS due to lack of permission on the actual 1422 * extended attr kcred is passed for streams. 1423 */ 1424 cr = kcred; 1425 } 1426 1427 smb_node_start_crit(snode, RW_READER); 1428 rc = nbl_svmand(snode->vp, cr, &svmand); 1429 if (rc) { 1430 smb_node_end_crit(snode); 1431 return (rc); 1432 } 1433 rc = nbl_lock_conflict(snode->vp, NBL_WRITE, uio->uio_loffset, 1434 uio->uio_iov->iov_len, svmand, &smb_ct); 1435 1436 if (rc) { 1437 smb_node_end_crit(snode); 1438 return (rc); 1439 } 1440 rc = smb_vop_write(snode->vp, uio, flag, lcount, cr); 1441 1442 if (rc == 0 && ret_attr) { 1443 /* 1444 * Use kcred to update the node attr because this 1445 * call is not being made on behalf of the user. 1446 */ 1447 ret_attr->sa_mask = SMB_AT_ALL; 1448 if (smb_vop_getattr(snode->vp, unnamed_vp, ret_attr, 0, 1449 kcred) == 0) { 1450 snode->attr = *ret_attr; 1451 } 1452 } 1453 1454 smb_node_end_crit(snode); 1455 1456 return (rc); 1457 } 1458 1459 /* 1460 * smb_fsop_statfs 1461 * 1462 * This is a wrapper function used for stat operations. 1463 */ 1464 int 1465 smb_fsop_statfs( 1466 cred_t *cr, 1467 smb_node_t *snode, 1468 struct statvfs64 *statp) 1469 { 1470 ASSERT(cr); 1471 ASSERT(snode); 1472 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1473 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1474 1475 return (smb_vop_statfs(snode->vp, statp, cr)); 1476 } 1477 1478 /* 1479 * smb_fsop_access 1480 */ 1481 int 1482 smb_fsop_access(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 1483 uint32_t faccess) 1484 { 1485 int access = 0; 1486 int error; 1487 vnode_t *dir_vp; 1488 boolean_t acl_check = B_TRUE; 1489 smb_node_t *unnamed_node; 1490 1491 ASSERT(cr); 1492 ASSERT(snode); 1493 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1494 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1495 1496 if (faccess == 0) 1497 return (NT_STATUS_SUCCESS); 1498 1499 if (SMB_TREE_IS_READ_ONLY(sr)) { 1500 if (faccess & (FILE_WRITE_DATA|FILE_APPEND_DATA| 1501 FILE_WRITE_EA|FILE_DELETE_CHILD|FILE_WRITE_ATTRIBUTES| 1502 DELETE|WRITE_DAC|WRITE_OWNER)) { 1503 return (NT_STATUS_ACCESS_DENIED); 1504 } 1505 } 1506 1507 unnamed_node = SMB_IS_STREAM(snode); 1508 if (unnamed_node) { 1509 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1510 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1511 /* 1512 * Streams authorization should be performed against the 1513 * unnamed stream. 1514 */ 1515 snode = unnamed_node; 1516 } 1517 1518 if (faccess & ACCESS_SYSTEM_SECURITY) { 1519 /* 1520 * This permission is required for reading/writing SACL and 1521 * it's not part of DACL. It's only granted via proper 1522 * privileges. 1523 */ 1524 if ((sr->uid_user->u_privileges & 1525 (SMB_USER_PRIV_BACKUP | 1526 SMB_USER_PRIV_RESTORE | 1527 SMB_USER_PRIV_SECURITY)) == 0) 1528 return (NT_STATUS_PRIVILEGE_NOT_HELD); 1529 1530 faccess &= ~ACCESS_SYSTEM_SECURITY; 1531 } 1532 1533 /* Links don't have ACL */ 1534 if (((sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) == 0) || 1535 (snode->attr.sa_vattr.va_type == VLNK)) 1536 acl_check = B_FALSE; 1537 1538 if (acl_check) { 1539 dir_vp = (snode->dir_snode) ? snode->dir_snode->vp : NULL; 1540 error = smb_vop_access(snode->vp, faccess, V_ACE_MASK, dir_vp, 1541 cr); 1542 } else { 1543 /* 1544 * FS doesn't understand 32-bit mask, need to map 1545 */ 1546 if (faccess & (FILE_WRITE_DATA | FILE_APPEND_DATA)) 1547 access |= VWRITE; 1548 1549 if (faccess & FILE_READ_DATA) 1550 access |= VREAD; 1551 1552 if (faccess & FILE_EXECUTE) 1553 access |= VEXEC; 1554 1555 error = smb_vop_access(snode->vp, access, 0, NULL, cr); 1556 } 1557 1558 return ((error) ? NT_STATUS_ACCESS_DENIED : NT_STATUS_SUCCESS); 1559 } 1560 1561 /* 1562 * smb_fsop_lookup_name() 1563 * 1564 * Sanity checks on dir_snode done in smb_fsop_lookup(). 1565 * 1566 * Note: This function is called only from the open path. 1567 * It will check if the file is a stream. 1568 * It will also return an error if the looked-up file is in 1569 * a child mount. 1570 */ 1571 1572 int 1573 smb_fsop_lookup_name( 1574 struct smb_request *sr, 1575 cred_t *cr, 1576 int flags, 1577 smb_node_t *root_node, 1578 smb_node_t *dir_snode, 1579 char *name, 1580 smb_node_t **ret_snode, 1581 smb_attr_t *ret_attr) 1582 { 1583 smb_node_t *fnode; 1584 smb_attr_t file_attr; 1585 vnode_t *xattrdirvp; 1586 vnode_t *vp; 1587 char *od_name; 1588 char *fname; 1589 char *sname; 1590 int rc; 1591 1592 ASSERT(cr); 1593 ASSERT(dir_snode); 1594 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 1595 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 1596 1597 /* 1598 * The following check is required for streams processing, below 1599 */ 1600 1601 if (SMB_TREE_CASE_INSENSITIVE(sr)) 1602 flags |= SMB_IGNORE_CASE; 1603 1604 fname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1605 sname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1606 1607 if (smb_stream_parse_name(name, fname, sname)) { 1608 /* 1609 * Look up the unnamed stream (i.e. fname). 1610 * Unmangle processing will be done on fname 1611 * as well as any link target. 1612 */ 1613 rc = smb_fsop_lookup(sr, cr, flags, root_node, dir_snode, fname, 1614 &fnode, &file_attr, NULL, NULL); 1615 1616 if (rc != 0) { 1617 kmem_free(fname, MAXNAMELEN); 1618 kmem_free(sname, MAXNAMELEN); 1619 return (rc); 1620 } 1621 1622 od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1623 1624 /* 1625 * od_name is the on-disk name of the stream, except 1626 * without the prepended stream prefix (SMB_STREAM_PREFIX) 1627 */ 1628 1629 /* 1630 * XXX 1631 * What permissions NTFS requires for stream lookup if any? 1632 */ 1633 rc = smb_vop_stream_lookup(fnode->vp, sname, &vp, od_name, 1634 &xattrdirvp, flags, root_node->vp, cr); 1635 1636 if (rc != 0) { 1637 smb_node_release(fnode); 1638 kmem_free(fname, MAXNAMELEN); 1639 kmem_free(sname, MAXNAMELEN); 1640 kmem_free(od_name, MAXNAMELEN); 1641 return (rc); 1642 } 1643 1644 *ret_snode = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, 1645 vp, od_name, ret_attr); 1646 1647 kmem_free(od_name, MAXNAMELEN); 1648 smb_node_release(fnode); 1649 1650 if (*ret_snode == NULL) { 1651 VN_RELE(xattrdirvp); 1652 VN_RELE(vp); 1653 kmem_free(fname, MAXNAMELEN); 1654 kmem_free(sname, MAXNAMELEN); 1655 return (ENOMEM); 1656 } 1657 } else { 1658 rc = smb_fsop_lookup(sr, cr, flags, root_node, dir_snode, name, 1659 ret_snode, ret_attr, NULL, NULL); 1660 } 1661 1662 if (rc == 0) { 1663 ASSERT(ret_snode); 1664 if (SMB_TREE_ROOT_FS(sr, *ret_snode) == 0) { 1665 smb_node_release(*ret_snode); 1666 *ret_snode = NULL; 1667 rc = EACCES; 1668 } 1669 } 1670 1671 kmem_free(fname, MAXNAMELEN); 1672 kmem_free(sname, MAXNAMELEN); 1673 1674 return (rc); 1675 } 1676 1677 /* 1678 * smb_fsop_lookup 1679 * 1680 * All SMB functions should use this smb_vop_lookup wrapper to ensure that 1681 * the smb_vop_lookup is performed with the appropriate credentials and using 1682 * case insensitive compares. Please document any direct call to smb_vop_lookup 1683 * to explain the reason for avoiding this wrapper. 1684 * 1685 * It is assumed that a reference exists on dir_snode coming into this routine 1686 * (and that it is safe from deallocation). 1687 * 1688 * Same with the root_node. 1689 * 1690 * *ret_snode is returned with a reference upon success. No reference is 1691 * taken if an error is returned. 1692 * 1693 * Note: The returned ret_snode may be in a child mount. This is ok for 1694 * readdir and getdents. 1695 * 1696 * Other smb_fsop_* routines will call SMB_TREE_ROOT_FS() to prevent 1697 * operations on files not in the parent mount. 1698 */ 1699 int 1700 smb_fsop_lookup( 1701 struct smb_request *sr, 1702 cred_t *cr, 1703 int flags, 1704 smb_node_t *root_node, 1705 smb_node_t *dir_snode, 1706 char *name, 1707 smb_node_t **ret_snode, 1708 smb_attr_t *ret_attr, 1709 char *ret_shortname, /* Must be at least MANGLE_NAMELEN chars */ 1710 char *ret_name83) /* Must be at least MANGLE_NAMELEN chars */ 1711 { 1712 smb_node_t *lnk_target_node; 1713 smb_node_t *lnk_dnode; 1714 char *longname; 1715 char *od_name; 1716 vnode_t *vp; 1717 int rc; 1718 1719 ASSERT(cr); 1720 ASSERT(dir_snode); 1721 ASSERT(dir_snode->n_magic == SMB_NODE_MAGIC); 1722 ASSERT(dir_snode->n_state != SMB_NODE_STATE_DESTROYING); 1723 1724 if (name == NULL) 1725 return (EINVAL); 1726 1727 if (SMB_TREE_ROOT_FS(sr, dir_snode) == 0) 1728 return (EACCES); 1729 1730 if (SMB_TREE_CASE_INSENSITIVE(sr)) 1731 flags |= SMB_IGNORE_CASE; 1732 1733 od_name = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1734 1735 rc = smb_vop_lookup(dir_snode->vp, name, &vp, od_name, flags, 1736 root_node ? root_node->vp : NULL, cr); 1737 1738 if (rc != 0) { 1739 if (smb_maybe_mangled_name(name) == 0) { 1740 kmem_free(od_name, MAXNAMELEN); 1741 return (rc); 1742 } 1743 1744 longname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1745 1746 rc = smb_unmangle_name(sr, cr, dir_snode, name, longname, 1747 MAXNAMELEN, ret_shortname, ret_name83, 1); 1748 1749 if (rc != 0) { 1750 kmem_free(od_name, MAXNAMELEN); 1751 kmem_free(longname, MAXNAMELEN); 1752 return (rc); 1753 } 1754 1755 /* 1756 * We passed "1" as the "od" parameter 1757 * to smb_unmangle_name(), such that longname 1758 * is the real (case-sensitive) on-disk name. 1759 * We make sure we do a lookup on this exact 1760 * name, as the name was mangled and denotes 1761 * a unique file. 1762 */ 1763 1764 if (flags & SMB_IGNORE_CASE) 1765 flags &= ~SMB_IGNORE_CASE; 1766 1767 rc = smb_vop_lookup(dir_snode->vp, longname, &vp, od_name, 1768 flags, root_node ? root_node->vp : NULL, cr); 1769 1770 kmem_free(longname, MAXNAMELEN); 1771 1772 if (rc != 0) { 1773 kmem_free(od_name, MAXNAMELEN); 1774 return (rc); 1775 } 1776 } 1777 1778 if ((flags & SMB_FOLLOW_LINKS) && (vp->v_type == VLNK)) { 1779 1780 rc = smb_pathname(sr, od_name, FOLLOW, root_node, dir_snode, 1781 &lnk_dnode, &lnk_target_node, cr); 1782 1783 if (rc != 0) { 1784 /* 1785 * The link is assumed to be for the last component 1786 * of a path. Hence any ENOTDIR error will be returned 1787 * as ENOENT. 1788 */ 1789 if (rc == ENOTDIR) 1790 rc = ENOENT; 1791 1792 VN_RELE(vp); 1793 kmem_free(od_name, MAXNAMELEN); 1794 return (rc); 1795 } 1796 1797 /* 1798 * Release the original VLNK vnode 1799 */ 1800 1801 VN_RELE(vp); 1802 vp = lnk_target_node->vp; 1803 1804 rc = smb_vop_traverse_check(&vp); 1805 1806 if (rc != 0) { 1807 smb_node_release(lnk_dnode); 1808 smb_node_release(lnk_target_node); 1809 kmem_free(od_name, MAXNAMELEN); 1810 return (rc); 1811 } 1812 1813 /* 1814 * smb_vop_traverse_check() may have returned a different vnode 1815 */ 1816 1817 if (lnk_target_node->vp == vp) { 1818 *ret_snode = lnk_target_node; 1819 *ret_attr = (*ret_snode)->attr; 1820 } else { 1821 *ret_snode = smb_node_lookup(sr, NULL, cr, vp, 1822 lnk_target_node->od_name, lnk_dnode, NULL, 1823 ret_attr); 1824 1825 if (*ret_snode == NULL) { 1826 VN_RELE(vp); 1827 rc = ENOMEM; 1828 } 1829 smb_node_release(lnk_target_node); 1830 } 1831 1832 smb_node_release(lnk_dnode); 1833 1834 } else { 1835 1836 rc = smb_vop_traverse_check(&vp); 1837 if (rc) { 1838 VN_RELE(vp); 1839 kmem_free(od_name, MAXNAMELEN); 1840 return (rc); 1841 } 1842 1843 *ret_snode = smb_node_lookup(sr, NULL, cr, vp, od_name, 1844 dir_snode, NULL, ret_attr); 1845 1846 if (*ret_snode == NULL) { 1847 VN_RELE(vp); 1848 rc = ENOMEM; 1849 } 1850 } 1851 1852 kmem_free(od_name, MAXNAMELEN); 1853 return (rc); 1854 } 1855 1856 /* 1857 * smb_fsop_stream_readdir() 1858 * 1859 * ret_snode and ret_attr are optional parameters (i.e. NULL may be passed in) 1860 * 1861 * This routine will return only NTFS streams. If an NTFS stream is not 1862 * found at the offset specified, the directory will be read until an NTFS 1863 * stream is found or until EOF. 1864 * 1865 * Note: Sanity checks done in caller 1866 * (smb_fsop_readdir(), smb_fsop_remove_streams()) 1867 */ 1868 1869 int 1870 smb_fsop_stream_readdir(struct smb_request *sr, cred_t *cr, smb_node_t *fnode, 1871 uint32_t *cookiep, struct fs_stream_info *stream_info, 1872 smb_node_t **ret_snode, smb_attr_t *ret_attr) 1873 { 1874 smb_node_t *ret_snodep = NULL; 1875 smb_attr_t tmp_attr; 1876 vnode_t *xattrdirvp; 1877 vnode_t *vp; 1878 int rc = 0; 1879 int flags = 0; 1880 1881 /* 1882 * XXX NTFS permission requirements if any? 1883 */ 1884 ASSERT(cr); 1885 ASSERT(fnode); 1886 ASSERT(fnode->n_magic == SMB_NODE_MAGIC); 1887 ASSERT(fnode->n_state != SMB_NODE_STATE_DESTROYING); 1888 1889 if (SMB_TREE_CASE_INSENSITIVE(sr)) 1890 flags = SMB_IGNORE_CASE; 1891 1892 rc = smb_vop_stream_readdir(fnode->vp, cookiep, stream_info, &vp, 1893 &xattrdirvp, flags, cr); 1894 1895 if ((rc != 0) || *cookiep == SMB_EOF) 1896 return (rc); 1897 1898 ret_snodep = smb_stream_node_lookup(sr, cr, fnode, xattrdirvp, vp, 1899 stream_info->name, &tmp_attr); 1900 1901 if (ret_snodep == NULL) { 1902 VN_RELE(xattrdirvp); 1903 VN_RELE(vp); 1904 return (ENOMEM); 1905 } 1906 1907 stream_info->size = tmp_attr.sa_vattr.va_size; 1908 1909 if (ret_attr) 1910 *ret_attr = tmp_attr; 1911 1912 if (ret_snode) 1913 *ret_snode = ret_snodep; 1914 else 1915 smb_node_release(ret_snodep); 1916 1917 return (rc); 1918 } 1919 1920 int /*ARGSUSED*/ 1921 smb_fsop_commit(smb_request_t *sr, cred_t *cr, smb_node_t *snode) 1922 { 1923 ASSERT(cr); 1924 ASSERT(snode); 1925 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 1926 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 1927 1928 ASSERT(sr); 1929 ASSERT(sr->tid_tree); 1930 if (SMB_TREE_IS_READ_ONLY(sr)) 1931 return (EROFS); 1932 1933 return (smb_vop_commit(snode->vp, cr)); 1934 } 1935 1936 /* 1937 * smb_fsop_aclread 1938 * 1939 * Retrieve filesystem ACL. Depends on requested ACLs in 1940 * fs_sd->sd_secinfo, it'll set DACL and SACL pointers in 1941 * fs_sd. Note that requesting a DACL/SACL doesn't mean that 1942 * the corresponding field in fs_sd should be non-NULL upon 1943 * return, since the target ACL might not contain that type of 1944 * entries. 1945 * 1946 * Returned ACL is always in ACE_T (aka ZFS) format. 1947 * If successful the allocated memory for the ACL should be freed 1948 * using smb_fsacl_free() or smb_fssd_term() 1949 */ 1950 int 1951 smb_fsop_aclread(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 1952 smb_fssd_t *fs_sd) 1953 { 1954 int error = 0; 1955 int flags = 0; 1956 int access = 0; 1957 acl_t *acl; 1958 smb_node_t *unnamed_node; 1959 1960 ASSERT(cr); 1961 1962 if (sr->fid_ofile) { 1963 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 1964 access = READ_CONTROL; 1965 1966 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 1967 access |= ACCESS_SYSTEM_SECURITY; 1968 1969 error = smb_ofile_access(sr->fid_ofile, cr, access); 1970 if (error != NT_STATUS_SUCCESS) { 1971 return (EACCES); 1972 } 1973 } 1974 1975 unnamed_node = SMB_IS_STREAM(snode); 1976 if (unnamed_node) { 1977 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 1978 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 1979 /* 1980 * Streams don't have ACL, any read ACL attempt on a stream 1981 * should be performed on the unnamed stream. 1982 */ 1983 snode = unnamed_node; 1984 } 1985 1986 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) 1987 flags = ATTR_NOACLCHECK; 1988 1989 error = smb_vop_acl_read(snode->vp, &acl, flags, 1990 sr->tid_tree->t_acltype, cr); 1991 if (error != 0) { 1992 return (error); 1993 } 1994 1995 error = acl_translate(acl, _ACL_ACE_ENABLED, 1996 (snode->vp->v_type == VDIR), fs_sd->sd_uid, fs_sd->sd_gid); 1997 1998 if (error == 0) { 1999 smb_fsacl_split(acl, &fs_sd->sd_zdacl, &fs_sd->sd_zsacl, 2000 fs_sd->sd_secinfo); 2001 } 2002 2003 acl_free(acl); 2004 return (error); 2005 } 2006 2007 /* 2008 * smb_fsop_aclwrite 2009 * 2010 * Stores the filesystem ACL provided in fs_sd->sd_acl. 2011 */ 2012 int 2013 smb_fsop_aclwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2014 smb_fssd_t *fs_sd) 2015 { 2016 int target_flavor; 2017 int error = 0; 2018 int flags = 0; 2019 int access = 0; 2020 acl_t *acl, *dacl, *sacl; 2021 smb_node_t *unnamed_node; 2022 2023 ASSERT(cr); 2024 2025 ASSERT(sr); 2026 ASSERT(sr->tid_tree); 2027 if (SMB_TREE_IS_READ_ONLY(sr)) 2028 return (EROFS); 2029 2030 if (sr->fid_ofile) { 2031 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 2032 access = WRITE_DAC; 2033 2034 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 2035 access |= ACCESS_SYSTEM_SECURITY; 2036 2037 error = smb_ofile_access(sr->fid_ofile, cr, access); 2038 if (error != NT_STATUS_SUCCESS) 2039 return (EACCES); 2040 } 2041 2042 switch (sr->tid_tree->t_acltype) { 2043 case ACLENT_T: 2044 target_flavor = _ACL_ACLENT_ENABLED; 2045 break; 2046 2047 case ACE_T: 2048 target_flavor = _ACL_ACE_ENABLED; 2049 break; 2050 default: 2051 return (EINVAL); 2052 } 2053 2054 unnamed_node = SMB_IS_STREAM(snode); 2055 if (unnamed_node) { 2056 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 2057 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 2058 /* 2059 * Streams don't have ACL, any write ACL attempt on a stream 2060 * should be performed on the unnamed stream. 2061 */ 2062 snode = unnamed_node; 2063 } 2064 2065 dacl = fs_sd->sd_zdacl; 2066 sacl = fs_sd->sd_zsacl; 2067 2068 ASSERT(dacl || sacl); 2069 if ((dacl == NULL) && (sacl == NULL)) 2070 return (EINVAL); 2071 2072 if (dacl && sacl) 2073 acl = smb_fsacl_merge(dacl, sacl); 2074 else if (dacl) 2075 acl = dacl; 2076 else 2077 acl = sacl; 2078 2079 error = acl_translate(acl, target_flavor, (snode->vp->v_type == VDIR), 2080 fs_sd->sd_uid, fs_sd->sd_gid); 2081 if (error == 0) { 2082 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) 2083 flags = ATTR_NOACLCHECK; 2084 2085 error = smb_vop_acl_write(snode->vp, acl, flags, cr); 2086 } 2087 2088 if (dacl && sacl) 2089 acl_free(acl); 2090 2091 return (error); 2092 } 2093 2094 acl_type_t 2095 smb_fsop_acltype(smb_node_t *snode) 2096 { 2097 return (smb_vop_acl_type(snode->vp)); 2098 } 2099 2100 /* 2101 * smb_fsop_sdread 2102 * 2103 * Read the requested security descriptor items from filesystem. 2104 * The items are specified in fs_sd->sd_secinfo. 2105 */ 2106 int 2107 smb_fsop_sdread(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2108 smb_fssd_t *fs_sd) 2109 { 2110 int error = 0; 2111 int getowner = 0; 2112 cred_t *ga_cred; 2113 smb_attr_t attr; 2114 2115 ASSERT(cr); 2116 ASSERT(fs_sd); 2117 2118 /* 2119 * File's uid/gid is fetched in two cases: 2120 * 2121 * 1. it's explicitly requested 2122 * 2123 * 2. target ACL is ACE_T (ZFS ACL). They're needed for 2124 * owner@/group@ entries. In this case kcred should be used 2125 * because uid/gid are fetched on behalf of smb server. 2126 */ 2127 if (fs_sd->sd_secinfo & (SMB_OWNER_SECINFO | SMB_GROUP_SECINFO)) { 2128 getowner = 1; 2129 ga_cred = cr; 2130 } else if (sr->tid_tree->t_acltype == ACE_T) { 2131 getowner = 1; 2132 ga_cred = kcred; 2133 } 2134 2135 if (getowner) { 2136 /* 2137 * Windows require READ_CONTROL to read owner/group SID since 2138 * they're part of Security Descriptor. 2139 * ZFS only requires read_attribute. Need to have a explicit 2140 * access check here. 2141 */ 2142 if (sr->fid_ofile == NULL) { 2143 error = smb_fsop_access(sr, ga_cred, snode, 2144 READ_CONTROL); 2145 if (error) 2146 return (error); 2147 } 2148 2149 attr.sa_mask = SMB_AT_UID | SMB_AT_GID; 2150 error = smb_fsop_getattr(sr, ga_cred, snode, &attr); 2151 if (error == 0) { 2152 fs_sd->sd_uid = attr.sa_vattr.va_uid; 2153 fs_sd->sd_gid = attr.sa_vattr.va_gid; 2154 } else { 2155 return (error); 2156 } 2157 } 2158 2159 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 2160 error = smb_fsop_aclread(sr, cr, snode, fs_sd); 2161 } 2162 2163 return (error); 2164 } 2165 2166 /* 2167 * smb_fsop_sdmerge 2168 * 2169 * From SMB point of view DACL and SACL are two separate list 2170 * which can be manipulated independently without one affecting 2171 * the other, but entries for both DACL and SACL will end up 2172 * in the same ACL if target filesystem supports ACE_T ACLs. 2173 * 2174 * So, if either DACL or SACL is present in the client set request 2175 * the entries corresponding to the non-present ACL shouldn't 2176 * be touched in the FS ACL. 2177 * 2178 * fs_sd parameter contains DACL and SACL specified by SMB 2179 * client to be set on a file/directory. The client could 2180 * specify both or one of these ACLs (if none is specified 2181 * we don't get this far). When both DACL and SACL are given 2182 * by client the existing ACL should be overwritten. If only 2183 * one of them is specified the entries corresponding to the other 2184 * ACL should not be touched. For example, if only DACL 2185 * is specified in input fs_sd, the function reads audit entries 2186 * of the existing ACL of the file and point fs_sd->sd_zsdacl 2187 * pointer to the fetched SACL, this way when smb_fsop_sdwrite() 2188 * function is called the passed fs_sd would point to the specified 2189 * DACL by client and fetched SACL from filesystem, so the file 2190 * will end up with correct ACL. 2191 */ 2192 static int 2193 smb_fsop_sdmerge(smb_request_t *sr, smb_node_t *snode, smb_fssd_t *fs_sd) 2194 { 2195 smb_fssd_t cur_sd; 2196 int error = 0; 2197 2198 if (sr->tid_tree->t_acltype != ACE_T) 2199 /* Don't bother if target FS doesn't support ACE_T */ 2200 return (0); 2201 2202 if ((fs_sd->sd_secinfo & SMB_ACL_SECINFO) != SMB_ACL_SECINFO) { 2203 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) { 2204 /* 2205 * Don't overwrite existing audit entries 2206 */ 2207 smb_fssd_init(&cur_sd, SMB_SACL_SECINFO, 2208 fs_sd->sd_flags); 2209 2210 error = smb_fsop_sdread(sr, kcred, snode, &cur_sd); 2211 if (error == 0) { 2212 ASSERT(fs_sd->sd_zsacl == NULL); 2213 fs_sd->sd_zsacl = cur_sd.sd_zsacl; 2214 if (fs_sd->sd_zsacl && fs_sd->sd_zdacl) 2215 fs_sd->sd_zsacl->acl_flags = 2216 fs_sd->sd_zdacl->acl_flags; 2217 } 2218 } else { 2219 /* 2220 * Don't overwrite existing access entries 2221 */ 2222 smb_fssd_init(&cur_sd, SMB_DACL_SECINFO, 2223 fs_sd->sd_flags); 2224 2225 error = smb_fsop_sdread(sr, kcred, snode, &cur_sd); 2226 if (error == 0) { 2227 ASSERT(fs_sd->sd_zdacl == NULL); 2228 fs_sd->sd_zdacl = cur_sd.sd_zdacl; 2229 if (fs_sd->sd_zdacl && fs_sd->sd_zsacl) 2230 fs_sd->sd_zdacl->acl_flags = 2231 fs_sd->sd_zsacl->acl_flags; 2232 } 2233 } 2234 2235 if (error) 2236 smb_fssd_term(&cur_sd); 2237 } 2238 2239 return (error); 2240 } 2241 2242 /* 2243 * smb_fsop_sdwrite 2244 * 2245 * Stores the given uid, gid and acl in filesystem. 2246 * Provided items in fs_sd are specified by fs_sd->sd_secinfo. 2247 * 2248 * A SMB security descriptor could contain owner, primary group, 2249 * DACL and SACL. Setting an SD should be atomic but here it has to 2250 * be done via two separate FS operations: VOP_SETATTR and 2251 * VOP_SETSECATTR. Therefore, this function has to simulate the 2252 * atomicity as well as it can. 2253 */ 2254 int 2255 smb_fsop_sdwrite(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2256 smb_fssd_t *fs_sd, int overwrite) 2257 { 2258 int error = 0; 2259 int access = 0; 2260 smb_attr_t set_attr; 2261 smb_attr_t orig_attr; 2262 2263 ASSERT(cr); 2264 ASSERT(fs_sd); 2265 2266 ASSERT(sr); 2267 ASSERT(sr->tid_tree); 2268 if (SMB_TREE_IS_READ_ONLY(sr)) 2269 return (EROFS); 2270 2271 bzero(&set_attr, sizeof (smb_attr_t)); 2272 2273 if (fs_sd->sd_secinfo & SMB_OWNER_SECINFO) { 2274 set_attr.sa_vattr.va_uid = fs_sd->sd_uid; 2275 set_attr.sa_mask |= SMB_AT_UID; 2276 } 2277 2278 if (fs_sd->sd_secinfo & SMB_GROUP_SECINFO) { 2279 set_attr.sa_vattr.va_gid = fs_sd->sd_gid; 2280 set_attr.sa_mask |= SMB_AT_GID; 2281 } 2282 2283 if (fs_sd->sd_secinfo & SMB_DACL_SECINFO) 2284 access |= WRITE_DAC; 2285 2286 if (fs_sd->sd_secinfo & SMB_SACL_SECINFO) 2287 access |= ACCESS_SYSTEM_SECURITY; 2288 2289 if (sr->fid_ofile) 2290 error = smb_ofile_access(sr->fid_ofile, cr, access); 2291 else 2292 error = smb_fsop_access(sr, cr, snode, access); 2293 2294 if (error) 2295 return (EACCES); 2296 2297 if (set_attr.sa_mask) { 2298 /* 2299 * Get the current uid, gid so if smb_fsop_aclwrite fails 2300 * we can revert uid, gid changes. 2301 * 2302 * We use root cred here so the operation doesn't fail 2303 * due to lack of permission for the user to read the attrs 2304 */ 2305 2306 orig_attr.sa_mask = SMB_AT_UID | SMB_AT_GID; 2307 error = smb_fsop_getattr(sr, kcred, snode, &orig_attr); 2308 if (error == 0) 2309 error = smb_fsop_setattr(sr, cr, snode, &set_attr, 2310 NULL); 2311 2312 if (error) 2313 return (error); 2314 } 2315 2316 if (fs_sd->sd_secinfo & SMB_ACL_SECINFO) { 2317 if (overwrite == 0) { 2318 error = smb_fsop_sdmerge(sr, snode, fs_sd); 2319 if (error) 2320 return (error); 2321 } 2322 2323 error = smb_fsop_aclwrite(sr, cr, snode, fs_sd); 2324 if (error) { 2325 /* 2326 * Revert uid/gid changes if required. 2327 */ 2328 if (set_attr.sa_mask) { 2329 orig_attr.sa_mask = set_attr.sa_mask; 2330 (void) smb_fsop_setattr(sr, kcred, snode, 2331 &orig_attr, NULL); 2332 } 2333 } 2334 } 2335 2336 return (error); 2337 } 2338 2339 /* 2340 * smb_fsop_sdinherit 2341 * 2342 * Inherit the security descriptor from the parent container. 2343 * This function is called after FS has created the file/folder 2344 * so if this doesn't do anything it means FS inheritance is 2345 * in place. 2346 * 2347 * Do inheritance for ZFS internally. 2348 * 2349 * If we want to let ZFS does the inheritance the 2350 * following setting should be true: 2351 * 2352 * - aclinherit = passthrough 2353 * - aclmode = passthrough 2354 * - smbd umask = 0777 2355 * 2356 * This will result in right effective permissions but 2357 * ZFS will always add 6 ACEs for owner, owning group 2358 * and others to be POSIX compliant. This is not what 2359 * Windows clients/users expect, so we decided that CIFS 2360 * implements Windows rules and overwrite whatever ZFS 2361 * comes up with. This way we also don't have to care 2362 * about ZFS aclinherit and aclmode settings. 2363 */ 2364 static int 2365 smb_fsop_sdinherit(smb_request_t *sr, smb_node_t *dnode, smb_fssd_t *fs_sd) 2366 { 2367 int is_dir; 2368 acl_t *dacl = NULL; 2369 acl_t *sacl = NULL; 2370 ksid_t *owner_sid; 2371 int error; 2372 2373 ASSERT(fs_sd); 2374 2375 if (sr->tid_tree->t_acltype != ACE_T) { 2376 /* 2377 * No forced inheritance for non-ZFS filesystems. 2378 */ 2379 fs_sd->sd_secinfo = 0; 2380 return (0); 2381 } 2382 2383 2384 /* Fetch parent directory's ACL */ 2385 error = smb_fsop_sdread(sr, kcred, dnode, fs_sd); 2386 if (error) { 2387 return (error); 2388 } 2389 2390 is_dir = (fs_sd->sd_flags & SMB_FSSD_FLAGS_DIR); 2391 owner_sid = crgetsid(sr->user_cr, KSID_OWNER); 2392 ASSERT(owner_sid); 2393 dacl = smb_fsacl_inherit(fs_sd->sd_zdacl, is_dir, SMB_DACL_SECINFO, 2394 owner_sid->ks_id); 2395 sacl = smb_fsacl_inherit(fs_sd->sd_zsacl, is_dir, SMB_SACL_SECINFO, 2396 (uid_t)-1); 2397 2398 if (sacl == NULL) 2399 fs_sd->sd_secinfo &= ~SMB_SACL_SECINFO; 2400 2401 smb_fsacl_free(fs_sd->sd_zdacl); 2402 smb_fsacl_free(fs_sd->sd_zsacl); 2403 2404 fs_sd->sd_zdacl = dacl; 2405 fs_sd->sd_zsacl = sacl; 2406 2407 return (0); 2408 } 2409 2410 /* 2411 * smb_fsop_eaccess 2412 * 2413 * Returns the effective permission of the given credential for the 2414 * specified object. 2415 * 2416 * This is just a workaround. We need VFS/FS support for this. 2417 */ 2418 void 2419 smb_fsop_eaccess(smb_request_t *sr, cred_t *cr, smb_node_t *snode, 2420 uint32_t *eaccess) 2421 { 2422 int access = 0; 2423 vnode_t *dir_vp; 2424 smb_node_t *unnamed_node; 2425 2426 ASSERT(cr); 2427 ASSERT(snode); 2428 ASSERT(snode->n_magic == SMB_NODE_MAGIC); 2429 ASSERT(snode->n_state != SMB_NODE_STATE_DESTROYING); 2430 2431 unnamed_node = SMB_IS_STREAM(snode); 2432 if (unnamed_node) { 2433 ASSERT(unnamed_node->n_magic == SMB_NODE_MAGIC); 2434 ASSERT(unnamed_node->n_state != SMB_NODE_STATE_DESTROYING); 2435 /* 2436 * Streams authorization should be performed against the 2437 * unnamed stream. 2438 */ 2439 snode = unnamed_node; 2440 } 2441 2442 if (sr->tid_tree->t_flags & SMB_TREE_FLAG_ACEMASKONACCESS) { 2443 dir_vp = (snode->dir_snode) ? snode->dir_snode->vp : NULL; 2444 smb_vop_eaccess(snode->vp, (int *)eaccess, V_ACE_MASK, dir_vp, 2445 cr); 2446 return; 2447 } 2448 2449 /* 2450 * FS doesn't understand 32-bit mask 2451 */ 2452 smb_vop_eaccess(snode->vp, &access, 0, NULL, cr); 2453 2454 *eaccess = READ_CONTROL | FILE_READ_EA | FILE_READ_ATTRIBUTES; 2455 2456 if (access & VREAD) 2457 *eaccess |= FILE_READ_DATA; 2458 2459 if (access & VEXEC) 2460 *eaccess |= FILE_EXECUTE; 2461 2462 if (access & VWRITE) 2463 *eaccess |= FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | 2464 FILE_WRITE_EA | FILE_APPEND_DATA | FILE_DELETE_CHILD; 2465 } 2466 2467 /* 2468 * smb_fsop_shrlock 2469 * 2470 * For the current open request, check file sharing rules 2471 * against existing opens. 2472 * 2473 * Returns NT_STATUS_SHARING_VIOLATION if there is any 2474 * sharing conflict. Returns NT_STATUS_SUCCESS otherwise. 2475 * 2476 * Full system-wide share reservation synchronization is available 2477 * when the nbmand (non-blocking mandatory) mount option is set 2478 * (i.e. nbl_need_crit() is true) and nbmand critical regions are used. 2479 * This provides synchronization with NFS and local processes. The 2480 * critical regions are entered in VOP_SHRLOCK()/fs_shrlock() (called 2481 * from smb_open_subr()/smb_fsop_shrlock()/smb_vop_shrlock()) as well 2482 * as the CIFS rename and delete paths. 2483 * 2484 * The CIFS server will also enter the nbl critical region in the open, 2485 * rename, and delete paths when nbmand is not set. There is limited 2486 * coordination with local and VFS share reservations in this case. 2487 * Note that when the nbmand mount option is not set, the VFS layer 2488 * only processes advisory reservations and the delete mode is not checked. 2489 * 2490 * Whether or not the nbmand mount option is set, intra-CIFS share 2491 * checking is done in the open, delete, and rename paths using a CIFS 2492 * critical region (node->n_share_lock). 2493 */ 2494 2495 uint32_t 2496 smb_fsop_shrlock(cred_t *cr, struct smb_node *node, uint32_t uniq_fid, 2497 uint32_t desired_access, uint32_t share_access) 2498 { 2499 int rc; 2500 2501 if (node->attr.sa_vattr.va_type == VDIR) 2502 return (NT_STATUS_SUCCESS); 2503 2504 /* Allow access if the request is just for meta data */ 2505 if ((desired_access & FILE_DATA_ALL) == 0) 2506 return (NT_STATUS_SUCCESS); 2507 2508 rc = smb_node_open_check(node, cr, desired_access, share_access); 2509 if (rc) 2510 return (NT_STATUS_SHARING_VIOLATION); 2511 2512 rc = smb_vop_shrlock(node->vp, uniq_fid, desired_access, share_access, 2513 cr); 2514 if (rc) 2515 return (NT_STATUS_SHARING_VIOLATION); 2516 2517 return (NT_STATUS_SUCCESS); 2518 } 2519 2520 void 2521 smb_fsop_unshrlock(cred_t *cr, smb_node_t *node, uint32_t uniq_fid) 2522 { 2523 if (node->attr.sa_vattr.va_type == VDIR) 2524 return; 2525 2526 (void) smb_vop_unshrlock(node->vp, uniq_fid, cr); 2527 } 2528 2529 /* 2530 * smb_fsop_frlock_callback 2531 * 2532 * smb wrapper function for fs_frlock 2533 * this should never happen, as we are not attempting 2534 * to set Mandatory Locks, cmd = F_SETLK_NBMAND 2535 * 2536 */ 2537 2538 static callb_cpr_t * 2539 /* ARGSUSED */ 2540 smb_fsop_frlock_callback(flk_cb_when_t when, void *error) 2541 { 2542 return (0); 2543 } 2544 2545 /* 2546 * smb_fs_frlock 2547 * 2548 * smb wrapper function for fs_frlock 2549 */ 2550 2551 int 2552 smb_fsop_frlock(smb_request_t *sr, smb_node_t *node, smb_lock_t *lock, 2553 boolean_t unlock) 2554 { 2555 vnode_t *vp; 2556 flock64_t bf; 2557 cred_t *cr; 2558 caller_context_t *ct; 2559 int cmd; 2560 flk_callback_t flk_cb; 2561 offset_t offset = 0; 2562 int flag; 2563 int error; 2564 int i; 2565 2566 flk_init_callback(&flk_cb, smb_fsop_frlock_callback, &error); 2567 cr = sr->user_cr; 2568 ct = &smb_ct; 2569 vp = node->vp; 2570 cmd = F_SETLK; 2571 2572 if (unlock == B_TRUE) { 2573 bf.l_type = F_UNLCK; 2574 flag = 0; 2575 } else if (lock->l_type == SMB_LOCK_TYPE_READONLY) { 2576 bf.l_type = F_RDLCK; 2577 flag = FREAD; 2578 } else if (lock->l_type == SMB_LOCK_TYPE_READWRITE) { 2579 bf.l_type = F_WRLCK; 2580 flag = FWRITE; 2581 } 2582 2583 bf.l_start = lock->l_start; 2584 bf.l_len = lock->l_length; 2585 bf.l_whence = 0; /* SEEK_SET */ 2586 bf.l_pid = lock->l_pid; 2587 bf.l_sysid = 0; 2588 2589 for (i = 0; i < 4; i++) 2590 bf.l_pad[i] = 0; 2591 2592 error = fs_frlock(vp, cmd, &bf, flag, offset, &flk_cb, cr, ct); 2593 return (error); 2594 } 2595